opencryptoki/opencryptoki-3.16.0-1fdd0e4497b0078e73e0004e3492db647c7c458b.patch
2021-05-17 17:23:09 +02:00

2305 lines
93 KiB
Diff

commit 1fdd0e4497b0078e73e0004e3492db647c7c458b
Author: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Wed Feb 24 15:47:05 2021 +0100
EP11: Handle APQN events to update APQN version, CP infos and target
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
diff --git a/usr/lib/ep11_stdll/ep11_specific.c b/usr/lib/ep11_stdll/ep11_specific.c
index 52f95d7a..728fedd5 100644
--- a/usr/lib/ep11_stdll/ep11_specific.c
+++ b/usr/lib/ep11_stdll/ep11_specific.c
@@ -38,6 +38,7 @@
#include "ock_syslog.h"
#include "ec_defs.h"
#include "p11util.h"
+#include "events.h"
#include <sys/types.h>
#include <sys/stat.h>
@@ -197,19 +198,27 @@ typedef struct {
#define MAX_RETRY_COUNT 100
-#define RETRY_START do { \
+#define RETRY_START(rc, tokdata) \
+ do { \
int retry_count; \
+ ep11_target_info_t* target_info = \
+ get_target_info((tokdata)); \
+ if (target_info == NULL) \
+ (rc) = CKR_FUNCTION_FAILED; \
for(retry_count = 0; \
+ target_info != NULL && \
retry_count < MAX_RETRY_COUNT; \
retry_count ++) {
#define RETRY_END(rc, tokdata, session) if ((rc) != CKR_SESSION_CLOSED) \
break; \
(rc) = ep11tok_relogin_session( \
- tokdata, session); \
+ (tokdata), (session)); \
if ((rc) != CKR_OK) \
break; \
} \
+ put_target_info((tokdata), \
+ target_info); \
} while (0);
#define CKF_EP11_HELPER_SESSION 0x80000000
@@ -248,7 +257,6 @@ typedef struct ep11_card_version {
} ep11_card_version_t;
static CK_RV ep11tok_get_ep11_library_version(CK_VERSION *lib_version);
-static CK_RV ep11tok_get_ep11_version(STDLL_TokData_t *tokdata);
static void free_card_versions(ep11_card_version_t *card_version);
static int check_card_version(STDLL_TokData_t *tokdata, CK_ULONG card_type,
const CK_VERSION *ep11_lib_version,
@@ -476,16 +484,23 @@ static CK_RV handle_all_ep11_cards(ep11_target_t * ep11_targets,
#define PKEY_MODE_ENABLE4NONEXTR 2
typedef struct {
+ volatile unsigned long ref_count;
target_t target;
+ ep11_card_version_t *card_versions;
+ CK_ULONG used_firmware_API_version;
+ unsigned char control_points[XCP_CP_BYTES];
+ size_t control_points_len;
+ size_t max_control_point_index;
+ CK_CHAR serialNumber[16];
+} ep11_target_info_t;
+
+typedef struct {
ep11_target_t target_list;
CK_BYTE raw2key_wrap_blob[MAX_BLOBSIZE];
size_t raw2key_wrap_blob_l;
int cka_sensitive_default_true;
char cp_filter_config_filename[PATH_MAX];
cp_config_t *cp_config;
- unsigned char control_points[XCP_CP_BYTES];
- size_t control_points_len;
- size_t max_control_point_index;
int strict_mode;
int vhsm_mode;
int optimize_single_ops;
@@ -497,12 +512,14 @@ typedef struct {
char digest_libica_path[PATH_MAX];
libica_t libica;
CK_VERSION ep11_lib_version;
- ep11_card_version_t *card_versions;
- CK_ULONG used_firmware_API_version;
- CK_CHAR serialNumber[16];
+ volatile ep11_target_info_t *target_info;
+ pthread_rwlock_t target_rwlock;
} ep11_private_data_t;
-static CK_RV ep11tok_setup_target(STDLL_TokData_t *tokdata);
+static ep11_target_info_t *get_target_info(STDLL_TokData_t *tokdata);
+static void put_target_info(STDLL_TokData_t *tokdata,
+ ep11_target_info_t *target_info);
+static CK_RV refresh_target_info(STDLL_TokData_t *tokdata);
static CK_RV get_ep11_target_for_apqn(uint_32 adapter, uint_32 domain,
target_t *target, uint64_t flags);
@@ -704,8 +721,13 @@ static CK_RV ep11tok_pkey_get_firmware_mk_vp(STDLL_TokData_t *tokdata)
CK_BYTE blob[MAX_BLOBSIZE];
size_t blobsize = sizeof(blob);
CK_ATTRIBUTE *pkey_attr = NULL, *blob_attr=NULL;
+ ep11_target_info_t* target_info;
CK_RV ret;
+ target_info = get_target_info(tokdata);
+ if (target_info == NULL)
+ return CKR_FUNCTION_FAILED;
+
/* Check if CPACF_WRAP mech supported */
if (ep11tok_is_mechanism_supported(tokdata, CKM_IBM_CPACF_WRAP) != CKR_OK) {
TRACE_INFO("CKM_IBM_CPACF_WRAP not supported on this system.\n");
@@ -717,7 +739,7 @@ static CK_RV ep11tok_pkey_get_firmware_mk_vp(STDLL_TokData_t *tokdata)
/* Create an AES testkey with CKA_IBM_PROTKEY_EXTRACTABLE */
ret = dll_m_GenerateKey(&mech, tmpl, tmpl_len, NULL, 0,
- blob, &blobsize, csum, &csum_l, ep11_data->target);
+ blob, &blobsize, csum, &csum_l, target_info->target);
if (ret != CKR_OK) {
TRACE_ERROR("dll_m_GenerateKey failed with rc=0x%lx\n",ret);
goto done;
@@ -749,6 +771,8 @@ done:
if (blob_attr)
free(blob_attr);
+ put_target_info(tokdata, target_info);
+
return ret;
}
@@ -1337,7 +1361,7 @@ static CK_RV ab_unwrap_update_template(STDLL_TokData_t * tokdata,
OBJECT *obj,
CK_KEY_TYPE keytype)
{
- ep11_private_data_t *ep11_data = tokdata->private_data;
+ ep11_target_info_t* target_info;
CK_RV rc;
CK_BBOOL trusted, encrypt, decrypt, wrap, unwrap, sign, sign_recover,
verify, verify_recover, derive, extractable, local,
@@ -1367,9 +1391,16 @@ static CK_RV ab_unwrap_update_template(STDLL_TokData_t * tokdata,
CK_ATTRIBUTE *attr;
CK_BBOOL cktrue = TRUE;
+ target_info = get_target_info(tokdata);
+ if (target_info == NULL)
+ return CKR_FUNCTION_FAILED;
+
rc = dll_m_GetAttributeValue(blob, blob_len, attrs,
sizeof(attrs) / sizeof(CK_ATTRIBUTE),
- ep11_data->target);
+ target_info->target);
+
+ put_target_info(tokdata, target_info);
+
if (rc != CKR_OK) {
TRACE_ERROR("Retrieving attributes from AB unwrapped key failed, rc=0x%lx\n",
rc);
@@ -2117,10 +2148,10 @@ static CK_RV rawkey_2_blob(STDLL_TokData_t * tokdata, SESSION * sess,
* calls the ep11 lib (which in turns sends the request to the card),
* all m_ function are ep11 functions
*/
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_EncryptSingle(ep11_data->raw2key_wrap_blob,
ep11_data->raw2key_wrap_blob_l, &mech, key,
- ksize, cipher, &clen, ep11_data->target);
+ ksize, cipher, &clen, target_info->target);
RETRY_END(rc, tokdata, sess)
if (rc != CKR_OK) {
@@ -2146,12 +2177,12 @@ static CK_RV rawkey_2_blob(STDLL_TokData_t * tokdata, SESSION * sess,
/* the encrypted key is decrypted and a blob is build,
* card accepts only blobs as keys
*/
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_UnwrapKey(cipher, clen, ep11_data->raw2key_wrap_blob,
ep11_data->raw2key_wrap_blob_l, NULL, ~0,
ep11_pin_blob, ep11_pin_blob_len, &mech,
new_p_attrs, new_attrs_len, blob, blen, csum,
- &cslen, ep11_data->target);
+ &cslen, target_info->target);
RETRY_END(rc, tokdata, sess)
if (rc != CKR_OK) {
@@ -2194,14 +2225,20 @@ rawkey_2_blob_end:
CK_RV token_specific_rng(STDLL_TokData_t * tokdata, CK_BYTE * output,
CK_ULONG bytes)
{
- ep11_private_data_t *ep11_data = tokdata->private_data;
+ ep11_target_info_t* target_info;
+
+ target_info = get_target_info(tokdata);
+ if (target_info == NULL)
+ return CKR_FUNCTION_FAILED;
- CK_RV rc = dll_m_GenerateRandom(output, bytes, ep11_data->target);
+ CK_RV rc = dll_m_GenerateRandom(output, bytes, target_info->target);
if (rc != CKR_OK) {
rc = ep11_error_to_pkcs11_error(rc, NULL);
TRACE_ERROR("%s output=%p bytes=%lu rc=0x%lx\n",
__func__, (void *)output, bytes, rc);
}
+
+ put_target_info(tokdata, target_info);
return rc;
}
@@ -2215,6 +2252,7 @@ static CK_RV make_wrapblob(STDLL_TokData_t * tokdata, CK_ATTRIBUTE * tmpl_in,
{
ep11_private_data_t *ep11_data = tokdata->private_data;
CK_MECHANISM mech = { CKM_AES_KEY_GEN, NULL_PTR, 0 };
+ ep11_target_info_t* target_info;
CK_BYTE csum[MAX_CSUMSIZE];
size_t csum_l = sizeof(csum);
CK_RV rc;
@@ -2225,11 +2263,15 @@ static CK_RV make_wrapblob(STDLL_TokData_t * tokdata, CK_ATTRIBUTE * tmpl_in,
return CKR_OK;
}
+ target_info = get_target_info(tokdata);
+ if (target_info == NULL)
+ return CKR_FUNCTION_FAILED;
+
ep11_data->raw2key_wrap_blob_l = sizeof(ep11_data->raw2key_wrap_blob);
rc = dll_m_GenerateKey(&mech, tmpl_in, tmpl_len, NULL, 0,
ep11_data->raw2key_wrap_blob,
&ep11_data->raw2key_wrap_blob_l, csum, &csum_l,
- ep11_data->target);
+ target_info->target);
if (rc != CKR_OK) {
@@ -2240,6 +2282,7 @@ static CK_RV make_wrapblob(STDLL_TokData_t * tokdata, CK_ATTRIBUTE * tmpl_in,
__func__, ep11_data->raw2key_wrap_blob_l, rc);
}
+ put_target_info(tokdata, target_info);
return rc;
}
@@ -2479,6 +2522,14 @@ CK_RV ep11tok_init(STDLL_TokData_t * tokdata, CK_SLOT_ID SlotNumber,
if (ep11_data == NULL)
return CKR_HOST_MEMORY;
+ if (pthread_rwlock_init(&ep11_data->target_rwlock, NULL) != 0) {
+ TRACE_DEVEL("Target Lock init failed.\n");
+ OCK_SYSLOG(LOG_ERR, "%s: Failed to initialize the target lock\n",
+ __func__);
+ rc = CKR_CANT_LOCK;
+ goto error;
+ }
+
tokdata->private_data = ep11_data;
/* read ep11 specific config file with user specified
@@ -2513,13 +2564,28 @@ CK_RV ep11tok_init(STDLL_TokData_t * tokdata, CK_SLOT_ID SlotNumber,
}
#endif
- rc = ep11tok_get_ep11_version(tokdata);
- if (rc != CKR_OK)
+ rc = ep11tok_get_ep11_library_version(&ep11_data->ep11_lib_version);
+ if (rc != CKR_OK) {
+ TRACE_ERROR("%s Failed to get the Ep11 library version "
+ "(ep11tok_get_ep11_library_version rc=0x%lx)\n", __func__,
+ rc);
+ OCK_SYSLOG(LOG_ERR, "%s: Failed to get the EP11 library version "
+ "rc=0x%lx\n", __func__, rc);
goto error;
+ }
- rc = ep11tok_setup_target(tokdata);
- if (rc != CKR_OK)
+ TRACE_INFO("%s Host library version: %d.%d\n", __func__,
+ ep11_data->ep11_lib_version.major,
+ ep11_data->ep11_lib_version.minor);
+
+ rc = refresh_target_info(tokdata);
+ if (rc != CKR_OK) {
+ TRACE_ERROR("%s Failed to get the target info (refresh_target_info "
+ "rc=0x%lx)\n", __func__, rc);
+ OCK_SYSLOG(LOG_ERR, "%s: Failed to get the target info rc=0x%lx\n",
+ __func__, rc);
goto error;
+ }
if (ep11_data->digest_libica) {
rc = ep11tok_load_libica(tokdata);
@@ -2530,18 +2596,6 @@ CK_RV ep11tok_init(STDLL_TokData_t * tokdata, CK_SLOT_ID SlotNumber,
ep11_data->msa_level = get_msa_level();
TRACE_INFO("MSA level = %i\n", ep11_data->msa_level);
- ep11_data->control_points_len = sizeof(ep11_data->control_points);
- rc = get_control_points(tokdata, ep11_data->control_points,
- &ep11_data->control_points_len,
- &ep11_data->max_control_point_index);
- if (rc != CKR_OK) {
- TRACE_ERROR("%s Failed to get the control points (get_control_points "
- "rc=0x%lx)\n", __func__, rc);
- OCK_SYSLOG(LOG_ERR, "%s: Failed to get the control points rc=0x%lx\n",
- __func__, rc);
- goto error;
- }
-
/* create an AES key needed for importing keys
* (encrypt by wrap_key and m_UnwrapKey by wrap key)
*/
@@ -2600,10 +2654,14 @@ CK_RV ep11tok_final(STDLL_TokData_t * tokdata)
TRACE_INFO("ep11 %s running\n", __func__);
if (ep11_data != NULL) {
- if (dll_m_rm_module != NULL)
- dll_m_rm_module(NULL, ep11_data->target);
+ if (ep11_data->target_info != NULL) {
+ if (dll_m_rm_module != NULL)
+ dll_m_rm_module(NULL, ep11_data->target_info->target);
+ free_card_versions(ep11_data->target_info->card_versions);
+ free((void* )ep11_data->target_info);
+ }
+ pthread_rwlock_destroy(&ep11_data->target_rwlock);
free_cp_config(ep11_data->cp_config);
- free_card_versions(ep11_data->card_versions);
free(ep11_data);
tokdata->private_data = NULL;
}
@@ -2619,7 +2677,6 @@ static CK_RV make_maced_spki(STDLL_TokData_t *tokdata, SESSION * sess,
CK_BYTE *spki, CK_ULONG spki_len,
CK_BYTE *maced_spki, CK_ULONG *maced_spki_len)
{
- ep11_private_data_t *ep11_data = tokdata->private_data;
unsigned char *ep11_pin_blob = NULL;
CK_ULONG ep11_pin_blob_len = 0;
ep11_session_t *ep11_session = (ep11_session_t *) sess->private_data;
@@ -2712,11 +2769,11 @@ static CK_RV make_maced_spki(STDLL_TokData_t *tokdata, SESSION * sess,
ep11_get_pin_blob(ep11_session, object_is_session_object(pub_key_obj),
&ep11_pin_blob, &ep11_pin_blob_len);
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_UnwrapKey(spki, spki_len, NULL, 0, NULL, 0,
ep11_pin_blob, ep11_pin_blob_len, &mech,
p_attrs, attrs_len, maced_spki, maced_spki_len,
- csum, &cslen, ep11_data->target);
+ csum, &cslen, target_info->target);
RETRY_END(rc, tokdata, sess)
if (rc != CKR_OK) {
@@ -2870,11 +2927,11 @@ static CK_RV import_RSA_key(STDLL_TokData_t * tokdata, SESSION * sess,
}
/* encrypt */
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_EncryptSingle(ep11_data->raw2key_wrap_blob,
ep11_data->raw2key_wrap_blob_l, &mech_w,
data, data_len, cipher, &cipher_l,
- ep11_data->target);
+ target_info->target);
RETRY_END(rc, tokdata, sess)
TRACE_INFO("%s wrapping wrap key rc=0x%lx cipher_l=0x%lx\n",
@@ -2901,12 +2958,12 @@ static CK_RV import_RSA_key(STDLL_TokData_t * tokdata, SESSION * sess,
/* calls the card, it decrypts the private RSA key,
* reads its BER format and builds a blob.
*/
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_UnwrapKey(cipher, cipher_l, ep11_data->raw2key_wrap_blob,
ep11_data->raw2key_wrap_blob_l, NULL, ~0,
ep11_pin_blob, ep11_pin_blob_len, &mech_w,
new_p_attrs, new_attrs_len, blob, blob_size,
- csum, &cslen, ep11_data->target);
+ csum, &cslen, target_info->target);
RETRY_END(rc, tokdata, sess)
if (rc != CKR_OK) {
@@ -3101,11 +3158,11 @@ static CK_RV import_EC_key(STDLL_TokData_t * tokdata, SESSION * sess,
}
/* encrypt */
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_EncryptSingle(ep11_data->raw2key_wrap_blob,
ep11_data->raw2key_wrap_blob_l,
&mech_w, data, data_len,
- cipher, &cipher_l, ep11_data->target);
+ cipher, &cipher_l, target_info->target);
RETRY_END(rc, tokdata, sess)
TRACE_INFO("%s wrapping wrap key rc=0x%lx cipher_l=0x%lx\n",
@@ -3133,14 +3190,14 @@ static CK_RV import_EC_key(STDLL_TokData_t * tokdata, SESSION * sess,
/* calls the card, it decrypts the private EC key,
* reads its BER format and builds a blob.
*/
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_UnwrapKey(cipher, cipher_l,
ep11_data->raw2key_wrap_blob,
ep11_data->raw2key_wrap_blob_l, NULL, ~0,
ep11_pin_blob,
ep11_pin_blob_len, &mech_w,
new_p_attrs, new_attrs_len, blob,
- blob_size, csum, &cslen, ep11_data->target);
+ blob_size, csum, &cslen, target_info->target);
RETRY_END(rc, tokdata, sess)
if (rc != CKR_OK) {
@@ -3295,11 +3352,11 @@ static CK_RV import_DSA_key(STDLL_TokData_t * tokdata, SESSION * sess,
}
/* encrypt */
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_EncryptSingle(ep11_data->raw2key_wrap_blob,
ep11_data->raw2key_wrap_blob_l,
&mech_w, data, data_len,
- cipher, &cipher_l, ep11_data->target);
+ cipher, &cipher_l, target_info->target);
RETRY_END(rc, tokdata, sess)
@@ -3327,14 +3384,14 @@ static CK_RV import_DSA_key(STDLL_TokData_t * tokdata, SESSION * sess,
/* calls the card, it decrypts the private EC key,
* reads its BER format and builds a blob.
*/
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_UnwrapKey(cipher, cipher_l,
ep11_data->raw2key_wrap_blob,
ep11_data->raw2key_wrap_blob_l, NULL, ~0,
ep11_pin_blob,
ep11_pin_blob_len, &mech_w,
new_p_attrs, new_attrs_len, blob,
- blob_size, csum, &cslen, ep11_data->target);
+ blob_size, csum, &cslen, target_info->target);
RETRY_END(rc, tokdata, sess)
if (rc != CKR_OK) {
@@ -3478,11 +3535,11 @@ static CK_RV import_DH_key(STDLL_TokData_t * tokdata, SESSION * sess,
}
/* encrypt */
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_EncryptSingle(ep11_data->raw2key_wrap_blob,
ep11_data->raw2key_wrap_blob_l,
&mech_w, data, data_len,
- cipher, &cipher_l, ep11_data->target);
+ cipher, &cipher_l, target_info->target);
RETRY_END(rc, tokdata, sess)
TRACE_INFO("%s wrapping wrap key rc=0x%lx cipher_l=0x%lx\n",
@@ -3509,14 +3566,14 @@ static CK_RV import_DH_key(STDLL_TokData_t * tokdata, SESSION * sess,
/* calls the card, it decrypts the private EC key,
* reads its BER format and builds a blob.
*/
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_UnwrapKey(cipher, cipher_l,
ep11_data->raw2key_wrap_blob,
ep11_data->raw2key_wrap_blob_l, NULL, ~0,
ep11_pin_blob,
ep11_pin_blob_len, &mech_w,
new_p_attrs, new_attrs_len, blob,
- blob_size, csum, &cslen, ep11_data->target);
+ blob_size, csum, &cslen, target_info->target);
RETRY_END(rc, tokdata, sess)
if (rc != CKR_OK) {
@@ -3666,11 +3723,11 @@ static CK_RV import_IBM_Dilithium_key(STDLL_TokData_t * tokdata, SESSION * sess,
}
/* encrypt */
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_EncryptSingle(ep11_data->raw2key_wrap_blob,
ep11_data->raw2key_wrap_blob_l,
&mech_w, data, data_len,
- cipher, &cipher_l, ep11_data->target);
+ cipher, &cipher_l, target_info->target);
RETRY_END(rc, tokdata, sess)
TRACE_INFO("%s wrapping wrap key rc=0x%lx cipher_l=0x%lx\n",
@@ -3699,14 +3756,14 @@ static CK_RV import_IBM_Dilithium_key(STDLL_TokData_t * tokdata, SESSION * sess,
/* calls the card, it decrypts the private Dilithium key,
* reads its BER format and builds a blob.
*/
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_UnwrapKey(cipher, cipher_l,
ep11_data->raw2key_wrap_blob,
ep11_data->raw2key_wrap_blob_l, NULL, ~0,
ep11_pin_blob,
ep11_pin_blob_len, &mech_w,
new_p_attrs, new_attrs_len, blob,
- blob_size, csum, &cslen, ep11_data->target);
+ blob_size, csum, &cslen, target_info->target);
RETRY_END(rc, tokdata, sess)
if (rc != CKR_OK) {
@@ -3884,7 +3941,6 @@ CK_RV ep11tok_generate_key(STDLL_TokData_t * tokdata, SESSION * session,
CK_MECHANISM_PTR mech, CK_ATTRIBUTE_PTR attrs,
CK_ULONG attrs_len, CK_OBJECT_HANDLE_PTR handle)
{
- ep11_private_data_t *ep11_data = tokdata->private_data;
CK_BYTE blob[MAX_BLOBSIZE];
size_t blobsize = sizeof(blob);
CK_BYTE csum[MAX_CSUMSIZE];
@@ -3936,10 +3992,10 @@ CK_RV ep11tok_generate_key(STDLL_TokData_t * tokdata, SESSION * session,
ep11_get_pin_blob(ep11_session, ep11_is_session_object(attrs, attrs_len),
&ep11_pin_blob, &ep11_pin_blob_len);
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_GenerateKey(mech, new_attrs2, new_attrs2_len, ep11_pin_blob,
ep11_pin_blob_len, blob, &blobsize,
- csum, &csum_len, ep11_data->target);
+ csum, &csum_len, target_info->target);
RETRY_END(rc, tokdata, session)
if (rc != CKR_OK) {
rc = ep11_error_to_pkcs11_error(rc, session);
@@ -4354,6 +4410,7 @@ CK_RV token_specific_sha_init(STDLL_TokData_t * tokdata, DIGEST_CONTEXT * c,
size_t state_len = MAX(MAX_DIGEST_STATE_BYTES, sizeof(libica_sha_context_t));
CK_BYTE *state;
libica_sha_context_t *libica_ctx;
+ ep11_target_info_t* target_info;
state = calloc(state_len, 1); /* freed by dig_mgr.c */
if (!state) {
@@ -4361,15 +4418,21 @@ CK_RV token_specific_sha_init(STDLL_TokData_t * tokdata, DIGEST_CONTEXT * c,
return CKR_HOST_MEMORY;
}
+ target_info = get_target_info(tokdata);
+ if (target_info == NULL)
+ return CKR_FUNCTION_FAILED;
+
if (ep11tok_libica_digest_available(ep11_data, mech->mechanism)) {
libica_ctx = (libica_sha_context_t *)state;
state_len = sizeof(libica_sha_context_t);
libica_ctx->first = CK_TRUE;
rc = get_sha_block_size(mech->mechanism, &libica_ctx->block_size);
} else {
- rc = dll_m_DigestInit(state, &state_len, mech, ep11_data->target);
+ rc = dll_m_DigestInit(state, &state_len, mech, target_info->target);
}
+ put_target_info(tokdata, target_info);
+
if (rc != CKR_OK) {
rc = ep11_error_to_pkcs11_error(rc, NULL);
TRACE_ERROR("%s rc=0x%lx\n", __func__, rc);
@@ -4399,6 +4462,11 @@ CK_RV token_specific_sha(STDLL_TokData_t * tokdata, DIGEST_CONTEXT * c,
{
ep11_private_data_t *ep11_data = tokdata->private_data;
CK_RV rc;
+ ep11_target_info_t* target_info;
+
+ target_info = get_target_info(tokdata);
+ if (target_info == NULL)
+ return CKR_FUNCTION_FAILED;
if (ep11tok_libica_digest_available(ep11_data, c->mech.mechanism)) {
rc = ep11tok_libica_digest(ep11_data, c->mech.mechanism,
@@ -4408,7 +4476,7 @@ CK_RV token_specific_sha(STDLL_TokData_t * tokdata, DIGEST_CONTEXT * c,
SHA_MSG_PART_ONLY);
} else {
rc = dll_m_Digest(c->context, c->context_len, in_data, in_data_len,
- out_data, out_data_len, ep11_data->target);
+ out_data, out_data_len, target_info->target);
}
if (rc != CKR_OK) {
@@ -4417,6 +4485,8 @@ CK_RV token_specific_sha(STDLL_TokData_t * tokdata, DIGEST_CONTEXT * c,
} else {
TRACE_INFO("%s rc=0x%lx\n", __func__, rc);
}
+
+ put_target_info(tokdata, target_info);
return rc;
}
@@ -4430,6 +4500,11 @@ CK_RV token_specific_sha_update(STDLL_TokData_t * tokdata, DIGEST_CONTEXT * c,
CK_ULONG out_len = sizeof(temp_out);
CK_ULONG len;
CK_RV rc = CKR_OK;
+ ep11_target_info_t* target_info;
+
+ target_info = get_target_info(tokdata);
+ if (target_info == NULL)
+ return CKR_FUNCTION_FAILED;
if (ep11tok_libica_digest_available(ep11_data, c->mech.mechanism)) {
if (libica_ctx->offset > 0 || in_data_len < libica_ctx->block_size) {
@@ -4479,7 +4554,7 @@ CK_RV token_specific_sha_update(STDLL_TokData_t * tokdata, DIGEST_CONTEXT * c,
}
} else {
rc = dll_m_DigestUpdate(c->context, c->context_len,
- in_data, in_data_len, ep11_data->target);
+ in_data, in_data_len, target_info->target);
}
out:
@@ -4489,6 +4564,8 @@ out:
} else {
TRACE_INFO("%s rc=0x%lx\n", __func__, rc);
}
+
+ put_target_info(tokdata, target_info);
return rc;
}
@@ -4499,6 +4576,11 @@ CK_RV token_specific_sha_final(STDLL_TokData_t * tokdata, DIGEST_CONTEXT * c,
ep11_private_data_t *ep11_data = tokdata->private_data;
libica_sha_context_t *libica_ctx = (libica_sha_context_t *)c->context;
CK_RV rc;
+ ep11_target_info_t* target_info;
+
+ target_info = get_target_info(tokdata);
+ if (target_info == NULL)
+ return CKR_FUNCTION_FAILED;
if (ep11tok_libica_digest_available(ep11_data, c->mech.mechanism)) {
rc = ep11tok_libica_digest(ep11_data, c->mech.mechanism,
@@ -4510,7 +4592,7 @@ CK_RV token_specific_sha_final(STDLL_TokData_t * tokdata, DIGEST_CONTEXT * c,
SHA_MSG_PART_FINAL);
} else {
rc = dll_m_DigestFinal(c->context, c->context_len,
- out_data, out_data_len, ep11_data->target);
+ out_data, out_data_len, target_info->target);
}
if (rc != CKR_OK) {
@@ -4520,6 +4602,7 @@ CK_RV token_specific_sha_final(STDLL_TokData_t * tokdata, DIGEST_CONTEXT * c,
TRACE_INFO("%s rc=0x%lx\n", __func__, rc);
}
+ put_target_info(tokdata, target_info);
return rc;
}
@@ -4528,7 +4611,6 @@ CK_RV token_specific_rsa_sign(STDLL_TokData_t *tokdata, SESSION *session,
CK_BYTE *out_data, CK_ULONG *out_data_len,
OBJECT *key_obj)
{
- ep11_private_data_t *ep11_data = tokdata->private_data;
CK_RV rc;
size_t keyblobsize = 0;
CK_BYTE *keyblob;
@@ -4544,9 +4626,9 @@ CK_RV token_specific_rsa_sign(STDLL_TokData_t *tokdata, SESSION *session,
mech.pParameter = NULL;
mech.ulParameterLen = 0;
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_SignSingle(keyblob, keyblobsize, &mech, in_data, in_data_len,
- out_data, out_data_len, ep11_data->target);
+ out_data, out_data_len, target_info->target);
RETRY_END(rc, tokdata, session)
if (rc != CKR_OK) {
rc = ep11_error_to_pkcs11_error(rc, session);
@@ -4563,7 +4645,6 @@ CK_RV token_specific_rsa_verify(STDLL_TokData_t *tokdata, SESSION *session,
CK_BYTE *signature, CK_ULONG sig_len,
OBJECT *key_obj)
{
- ep11_private_data_t *ep11_data = tokdata->private_data;
CK_RV rc;
CK_BYTE *spki;
size_t spki_len = 0;
@@ -4579,9 +4660,9 @@ CK_RV token_specific_rsa_verify(STDLL_TokData_t *tokdata, SESSION *session,
mech.pParameter = NULL;
mech.ulParameterLen = 0;
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_VerifySingle(spki, spki_len, &mech, in_data, in_data_len,
- signature, sig_len, ep11_data->target);
+ signature, sig_len, target_info->target);
RETRY_END(rc, tokdata, session)
if (rc != CKR_OK) {
rc = ep11_error_to_pkcs11_error(rc, session);
@@ -4598,7 +4679,6 @@ CK_RV token_specific_rsa_pss_sign(STDLL_TokData_t *tokdata, SESSION *session,
CK_BYTE *in_data, CK_ULONG in_data_len,
CK_BYTE *sig, CK_ULONG *sig_len)
{
- ep11_private_data_t *ep11_data = tokdata->private_data;
CK_RV rc;
size_t keyblobsize = 0;
CK_BYTE *keyblob;
@@ -4616,9 +4696,9 @@ CK_RV token_specific_rsa_pss_sign(STDLL_TokData_t *tokdata, SESSION *session,
mech.ulParameterLen = ctx->mech.ulParameterLen;
mech.pParameter = ctx->mech.pParameter;
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_SignSingle(keyblob, keyblobsize, &mech, in_data, in_data_len,
- sig, sig_len, ep11_data->target);
+ sig, sig_len, target_info->target);
RETRY_END(rc, tokdata, session)
if (rc != CKR_OK) {
rc = ep11_error_to_pkcs11_error(rc, session);
@@ -4638,7 +4718,6 @@ CK_RV token_specific_rsa_pss_verify(STDLL_TokData_t *tokdata, SESSION *session,
CK_BYTE *in_data, CK_ULONG in_data_len,
CK_BYTE *signature, CK_ULONG sig_len)
{
- ep11_private_data_t *ep11_data = tokdata->private_data;
CK_RV rc;
CK_BYTE *spki;
size_t spki_len = 0;
@@ -4656,9 +4735,9 @@ CK_RV token_specific_rsa_pss_verify(STDLL_TokData_t *tokdata, SESSION *session,
mech.ulParameterLen = ctx->mech.ulParameterLen;
mech.pParameter = ctx->mech.pParameter;
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_VerifySingle(spki, spki_len, &mech, in_data, in_data_len,
- signature, sig_len, ep11_data->target);
+ signature, sig_len, target_info->target);
RETRY_END(rc, tokdata, session)
if (rc != CKR_OK) {
rc = ep11_error_to_pkcs11_error(rc, session);
@@ -4678,7 +4757,6 @@ CK_RV token_specific_ec_sign(STDLL_TokData_t *tokdata, SESSION *session,
CK_BYTE *out_data, CK_ULONG *out_data_len,
OBJECT *key_obj )
{
- ep11_private_data_t *ep11_data = tokdata->private_data;
SIGN_VERIFY_CONTEXT *ctx = &(session->sign_ctx);
CK_RV rc;
size_t keyblobsize = 0;
@@ -4707,9 +4785,9 @@ CK_RV token_specific_ec_sign(STDLL_TokData_t *tokdata, SESSION *session,
mech.pParameter = NULL;
mech.ulParameterLen = 0;
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_SignSingle(keyblob, keyblobsize, &mech, in_data, in_data_len,
- out_data, out_data_len, ep11_data->target);
+ out_data, out_data_len, target_info->target);
RETRY_END(rc, tokdata, session)
if (rc != CKR_OK) {
rc = ep11_error_to_pkcs11_error(rc, session);
@@ -4728,7 +4806,6 @@ CK_RV token_specific_ec_verify(STDLL_TokData_t *tokdata, SESSION *session,
CK_BYTE *out_data, CK_ULONG out_data_len,
OBJECT *key_obj )
{
- ep11_private_data_t *ep11_data = tokdata->private_data;
SIGN_VERIFY_CONTEXT *ctx = &(session->verify_ctx);
CK_RV rc;
CK_BYTE *spki;
@@ -4757,9 +4834,9 @@ CK_RV token_specific_ec_verify(STDLL_TokData_t *tokdata, SESSION *session,
mech.pParameter = NULL;
mech.ulParameterLen = 0;
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_VerifySingle(spki, spki_len, &mech, in_data, in_data_len,
- out_data, out_data_len, ep11_data->target);
+ out_data, out_data_len, target_info->target);
RETRY_END(rc, tokdata, session)
if (rc != CKR_OK) {
rc = ep11_error_to_pkcs11_error(rc, session);
@@ -4784,7 +4861,6 @@ CK_RV token_specific_reencrypt_single(STDLL_TokData_t *tokdata,
CK_BYTE *in_data, CK_ULONG in_data_len,
CK_BYTE *out_data, CK_ULONG *out_data_len)
{
- ep11_private_data_t *ep11_data = tokdata->private_data;
CK_RV rc;
CK_BYTE *decr_key, *encr_key;
size_t decr_key_len = 0, encr_key_len = 0;
@@ -4813,10 +4889,10 @@ CK_RV token_specific_reencrypt_single(STDLL_TokData_t *tokdata,
return rc;
}
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_ReencryptSingle(decr_key, decr_key_len, encr_key, encr_key_len,
decr_mech, encr_mech, in_data, in_data_len,
- out_data, out_data_len, ep11_data->target);
+ out_data, out_data_len, target_info->target);
RETRY_END(rc, tokdata, session)
if (rc != CKR_OK) {
rc = ep11_error_to_pkcs11_error(rc, session);
@@ -4892,7 +4968,6 @@ CK_RV ep11tok_derive_key(STDLL_TokData_t * tokdata, SESSION * session,
CK_OBJECT_HANDLE_PTR handle, CK_ATTRIBUTE_PTR attrs,
CK_ULONG attrs_len)
{
- ep11_private_data_t *ep11_data = tokdata->private_data;
CK_RV rc;
CK_BYTE *keyblob;
size_t keyblobsize;
@@ -4920,6 +4995,8 @@ CK_RV ep11tok_derive_key(STDLL_TokData_t * tokdata, SESSION * session,
CK_ULONG privlen;
int curve_type;
CK_BBOOL allocated = FALSE;
+ ep11_target_info_t* target_info;
+ CK_ULONG used_firmware_API_version;
memset(newblob, 0, sizeof(newblob));
@@ -5009,7 +5086,15 @@ CK_RV ep11tok_derive_key(STDLL_TokData_t * tokdata, SESSION * session,
* then we can pass the mechanism parameters as-is, otherwise we still
* need to use the old way.
*/
- if (ep11_data->used_firmware_API_version <= 2) {
+ target_info = get_target_info(tokdata);
+ if (target_info == NULL)
+ return CKR_FUNCTION_FAILED;
+
+ used_firmware_API_version = target_info->used_firmware_API_version;
+
+ put_target_info(tokdata, target_info);
+
+ if (used_firmware_API_version <= 2) {
if (ecdh1_parms->kdf != CKD_NULL) {
TRACE_ERROR("%s KDF for CKM_ECDH1_DERIVE not supported: %lu\n",
__func__, ecdh1_parms->kdf);
@@ -5133,11 +5218,11 @@ CK_RV ep11tok_derive_key(STDLL_TokData_t * tokdata, SESSION * session,
ep11_get_pin_blob(ep11_session, ep11_is_session_object(attrs, attrs_len),
&ep11_pin_blob, &ep11_pin_blob_len);
- RETRY_START
+ RETRY_START(rc, tokdata)
rc =
dll_m_DeriveKey(mech, new_attrs2, new_attrs2_len, keyblob, keyblobsize,
NULL, 0, ep11_pin_blob, ep11_pin_blob_len, newblob,
- &newblobsize, csum, &cslen, ep11_data->target);
+ &newblobsize, csum, &cslen, target_info->target);
RETRY_END(rc, tokdata, session)
if (rc != CKR_OK) {
@@ -5231,7 +5316,6 @@ static CK_RV dh_generate_keypair(STDLL_TokData_t * tokdata,
CK_ULONG ulPrivateKeyAttributeCount,
CK_SESSION_HANDLE h)
{
- ep11_private_data_t *ep11_data = tokdata->private_data;
CK_RV rc;
CK_BYTE publblob[MAX_BLOBSIZE];
size_t publblobsize = sizeof(publblob);
@@ -5418,13 +5502,13 @@ static CK_RV dh_generate_keypair(STDLL_TokData_t * tokdata,
ulPrivateKeyAttributeCount)),
&ep11_pin_blob, &ep11_pin_blob_len);
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_GenerateKeyPair(pMechanism,
new_publ_attrs, new_publ_attrs_len,
new_priv_attrs, new_priv_attrs_len,
ep11_pin_blob, ep11_pin_blob_len,
privblob, &privblobsize,
- publblob, &publblobsize, ep11_data->target);
+ publblob, &publblobsize, target_info->target);
RETRY_END(rc, tokdata, sess)
if (rc != CKR_OK) {
@@ -5543,7 +5627,6 @@ static CK_RV dsa_generate_keypair(STDLL_TokData_t * tokdata,
CK_ULONG ulPrivateKeyAttributeCount,
CK_SESSION_HANDLE h)
{
- ep11_private_data_t *ep11_data = tokdata->private_data;
CK_RV rc;
CK_BYTE publblob[MAX_BLOBSIZE];
size_t publblobsize = sizeof(publblob);
@@ -5752,13 +5835,13 @@ static CK_RV dsa_generate_keypair(STDLL_TokData_t * tokdata,
ulPrivateKeyAttributeCount)),
&ep11_pin_blob, &ep11_pin_blob_len);
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_GenerateKeyPair(pMechanism,
new_publ_attrs2, new_publ_attrs2_len,
new_priv_attrs2, new_priv_attrs2_len,
ep11_pin_blob, ep11_pin_blob_len, privblob,
&privblobsize, publblob, &publblobsize,
- ep11_data->target);
+ target_info->target);
RETRY_END(rc, tokdata, sess)
if (rc != CKR_OK) {
@@ -5866,7 +5949,6 @@ static CK_RV rsa_ec_generate_keypair(STDLL_TokData_t * tokdata,
CK_ULONG ulPrivateKeyAttributeCount,
CK_SESSION_HANDLE h)
{
- ep11_private_data_t *ep11_data = tokdata->private_data;
CK_RV rc;
CK_ATTRIBUTE *attr = NULL;
CK_ATTRIBUTE *n_attr = NULL;
@@ -5967,13 +6049,13 @@ static CK_RV rsa_ec_generate_keypair(STDLL_TokData_t * tokdata,
ulPrivateKeyAttributeCount)),
&ep11_pin_blob, &ep11_pin_blob_len);
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_GenerateKeyPair(pMechanism,
new_publ_attrs2, new_publ_attrs2_len,
new_priv_attrs2, new_priv_attrs2_len,
ep11_pin_blob, ep11_pin_blob_len,
privkey_blob, &privkey_blob_len, spki,
- &spki_len, ep11_data->target);
+ &spki_len, target_info->target);
RETRY_END(rc, tokdata, sess)
if (rc != CKR_OK) {
rc = ep11_error_to_pkcs11_error(rc, sess);
@@ -6225,7 +6307,6 @@ static CK_RV ibm_dilithium_generate_keypair(STDLL_TokData_t * tokdata,
CK_ULONG ulPrivateKeyAttributeCount,
CK_SESSION_HANDLE h)
{
- ep11_private_data_t *ep11_data = tokdata->private_data;
CK_RV rc;
CK_ATTRIBUTE *attr = NULL;
CK_BYTE privkey_blob[MAX_BLOBSIZE];
@@ -6308,13 +6389,13 @@ static CK_RV ibm_dilithium_generate_keypair(STDLL_TokData_t * tokdata,
ulPrivateKeyAttributeCount)),
&ep11_pin_blob, &ep11_pin_blob_len);
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_GenerateKeyPair(pMechanism,
new_publ_attrs2, new_publ_attrs2_len,
new_priv_attrs2, new_priv_attrs2_len,
ep11_pin_blob, ep11_pin_blob_len,
privkey_blob, &privkey_blob_len, spki,
- &spki_len, ep11_data->target);
+ &spki_len, target_info->target);
RETRY_END(rc, tokdata, sess)
if (rc != CKR_OK) {
rc = ep11_error_to_pkcs11_error(rc, sess);
@@ -6914,7 +6995,6 @@ CK_RV ep11tok_sign_init(STDLL_TokData_t * tokdata, SESSION * session,
CK_MECHANISM * mech, CK_BBOOL recover_mode,
CK_OBJECT_HANDLE key)
{
- ep11_private_data_t *ep11_data = tokdata->private_data;
CK_RV rc;
size_t keyblobsize = 0;
CK_BYTE *keyblob;
@@ -6980,9 +7060,9 @@ CK_RV ep11tok_sign_init(STDLL_TokData_t * tokdata, SESSION * session,
goto done;
}
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_SignInit(ep11_sign_state, &ep11_sign_state_l,
- mech, keyblob, keyblobsize, ep11_data->target);
+ mech, keyblob, keyblobsize, target_info->target);
RETRY_END(rc, tokdata, session)
if (rc != CKR_OK) {
@@ -7017,7 +7097,6 @@ CK_RV ep11tok_sign(STDLL_TokData_t * tokdata, SESSION * session,
CK_ULONG in_data_len, CK_BYTE * signature,
CK_ULONG * sig_len)
{
- ep11_private_data_t *ep11_data = tokdata->private_data;
CK_RV rc;
SIGN_VERIFY_CONTEXT *ctx = &session->sign_ctx;
size_t keyblobsize = 0;
@@ -7049,9 +7128,9 @@ CK_RV ep11tok_sign(STDLL_TokData_t * tokdata, SESSION * session,
goto done; /* no ep11 fallback possible */
}
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_Sign(ctx->context, ctx->context_len, in_data, in_data_len,
- signature, sig_len, ep11_data->target);
+ signature, sig_len, target_info->target);
RETRY_END(rc, tokdata, session)
if (rc != CKR_OK) {
@@ -7073,7 +7152,6 @@ done:
CK_RV ep11tok_sign_update(STDLL_TokData_t * tokdata, SESSION * session,
CK_BYTE * in_data, CK_ULONG in_data_len)
{
- ep11_private_data_t *ep11_data = tokdata->private_data;
CK_RV rc;
SIGN_VERIFY_CONTEXT *ctx = &session->sign_ctx;
size_t keyblobsize = 0;
@@ -7095,9 +7173,9 @@ CK_RV ep11tok_sign_update(STDLL_TokData_t * tokdata, SESSION * session,
return rc;
}
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_SignUpdate(ctx->context, ctx->context_len, in_data,
- in_data_len, ep11_data->target);
+ in_data_len, target_info->target);
RETRY_END(rc, tokdata, session)
if (rc != CKR_OK) {
@@ -7120,7 +7198,6 @@ CK_RV ep11tok_sign_final(STDLL_TokData_t * tokdata, SESSION * session,
CK_BBOOL length_only, CK_BYTE * signature,
CK_ULONG * sig_len)
{
- ep11_private_data_t *ep11_data = tokdata->private_data;
CK_RV rc;
SIGN_VERIFY_CONTEXT *ctx = &session->sign_ctx;
size_t keyblobsize = 0;
@@ -7139,9 +7216,9 @@ CK_RV ep11tok_sign_final(STDLL_TokData_t * tokdata, SESSION * session,
return rc;
}
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_SignFinal(ctx->context, ctx->context_len, signature, sig_len,
- ep11_data->target);
+ target_info->target);
RETRY_END(rc, tokdata, session)
if (rc != CKR_OK) {
@@ -7169,7 +7246,6 @@ CK_RV ep11tok_sign_single(STDLL_TokData_t *tokdata, SESSION *session,
size_t keyblobsize = 0;
CK_BYTE *keyblob;
OBJECT *key_obj = NULL;
- ep11_private_data_t *ep11_data = tokdata->private_data;
UNUSED(length_only);
@@ -7186,9 +7262,9 @@ CK_RV ep11tok_sign_single(STDLL_TokData_t *tokdata, SESSION *session,
goto done;
}
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_SignSingle(keyblob, keyblobsize, mech, in_data, in_data_len,
- signature, sig_len, ep11_data->target);
+ signature, sig_len, target_info->target);
RETRY_END(rc, tokdata, session)
if (rc != CKR_OK) {
rc = ep11_error_to_pkcs11_error(rc, session);
@@ -7209,7 +7285,6 @@ CK_RV ep11tok_verify_init(STDLL_TokData_t * tokdata, SESSION * session,
CK_MECHANISM * mech, CK_BBOOL recover_mode,
CK_OBJECT_HANDLE key)
{
- ep11_private_data_t *ep11_data = tokdata->private_data;
CK_RV rc;
CK_BYTE *spki;
size_t spki_len = 0;
@@ -7285,9 +7360,9 @@ CK_RV ep11tok_verify_init(STDLL_TokData_t * tokdata, SESSION * session,
goto done;
}
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_VerifyInit(ep11_sign_state, &ep11_sign_state_l, mech,
- spki, spki_len, ep11_data->target);
+ spki, spki_len, target_info->target);
RETRY_END(rc, tokdata, session)
if (rc != CKR_OK) {
@@ -7320,7 +7395,6 @@ CK_RV ep11tok_verify(STDLL_TokData_t * tokdata, SESSION * session,
CK_BYTE * in_data, CK_ULONG in_data_len,
CK_BYTE * signature, CK_ULONG sig_len)
{
- ep11_private_data_t *ep11_data = tokdata->private_data;
CK_RV rc;
SIGN_VERIFY_CONTEXT *ctx = &session->verify_ctx;
size_t keyblobsize = 0;
@@ -7353,9 +7427,9 @@ CK_RV ep11tok_verify(STDLL_TokData_t * tokdata, SESSION * session,
goto done; /* no ep11 fallback possible */
}
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_Verify(ctx->context, ctx->context_len, in_data, in_data_len,
- signature, sig_len, ep11_data->target);
+ signature, sig_len, target_info->target);
RETRY_END(rc, tokdata, session)
if (rc != CKR_OK) {
@@ -7377,7 +7451,6 @@ done:
CK_RV ep11tok_verify_update(STDLL_TokData_t * tokdata, SESSION * session,
CK_BYTE * in_data, CK_ULONG in_data_len)
{
- ep11_private_data_t *ep11_data = tokdata->private_data;
CK_RV rc;
SIGN_VERIFY_CONTEXT *ctx = &session->verify_ctx;
size_t keyblobsize = 0;
@@ -7399,9 +7472,9 @@ CK_RV ep11tok_verify_update(STDLL_TokData_t * tokdata, SESSION * session,
return rc;
}
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_VerifyUpdate(ctx->context, ctx->context_len, in_data,
- in_data_len, ep11_data->target);
+ in_data_len, target_info->target);
RETRY_END(rc, tokdata, session)
if (rc != CKR_OK) {
@@ -7423,7 +7496,6 @@ done:
CK_RV ep11tok_verify_final(STDLL_TokData_t * tokdata, SESSION * session,
CK_BYTE * signature, CK_ULONG sig_len)
{
- ep11_private_data_t *ep11_data = tokdata->private_data;
CK_RV rc;
SIGN_VERIFY_CONTEXT *ctx = &session->verify_ctx;
size_t keyblobsize = 0;
@@ -7442,9 +7514,9 @@ CK_RV ep11tok_verify_final(STDLL_TokData_t * tokdata, SESSION * session,
return rc;
}
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_VerifyFinal(ctx->context, ctx->context_len, signature,
- sig_len, ep11_data->target);
+ sig_len, target_info->target);
RETRY_END(rc, tokdata, session)
if (rc != CKR_OK) {
@@ -7471,7 +7543,6 @@ CK_RV ep11tok_verify_single(STDLL_TokData_t *tokdata, SESSION *session,
CK_BYTE *spki;
size_t spki_len = 0;
OBJECT *key_obj = NULL;
- ep11_private_data_t *ep11_data = tokdata->private_data;
rc = h_opaque_2_blob(tokdata, key, &spki, &spki_len, &key_obj, READ_LOCK);
if (rc != CKR_OK) {
@@ -7495,9 +7566,9 @@ CK_RV ep11tok_verify_single(STDLL_TokData_t *tokdata, SESSION *session,
goto done;
}
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_VerifySingle(spki, spki_len, mech, in_data, in_data_len,
- signature, sig_len, ep11_data->target);
+ signature, sig_len, target_info->target);
RETRY_END(rc, tokdata, session)
if (rc != CKR_OK) {
rc = ep11_error_to_pkcs11_error(rc, session);
@@ -7517,7 +7588,6 @@ CK_RV ep11tok_decrypt_final(STDLL_TokData_t * tokdata, SESSION * session,
CK_BYTE_PTR output_part,
CK_ULONG_PTR p_output_part_len)
{
- ep11_private_data_t *ep11_data = tokdata->private_data;
CK_RV rc = CKR_OK;
ENCR_DECR_CONTEXT *ctx = &session->decr_ctx;
CK_BBOOL length_only = (output_part == NULL ? CK_TRUE : CK_FALSE);
@@ -7538,10 +7608,10 @@ CK_RV ep11tok_decrypt_final(STDLL_TokData_t * tokdata, SESSION * session,
return rc;
}
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_DecryptFinal(ctx->context, ctx->context_len,
output_part, p_output_part_len,
- ep11_data->target);
+ target_info->target);
RETRY_END(rc, tokdata, session)
if (rc != CKR_OK) {
@@ -7564,7 +7634,6 @@ CK_RV ep11tok_decrypt(STDLL_TokData_t * tokdata, SESSION * session,
CK_BYTE_PTR input_data, CK_ULONG input_data_len,
CK_BYTE_PTR output_data, CK_ULONG_PTR p_output_data_len)
{
- ep11_private_data_t *ep11_data = tokdata->private_data;
CK_RV rc = CKR_OK;
ENCR_DECR_CONTEXT *ctx = &session->decr_ctx;
CK_BBOOL length_only = (output_data == NULL ? CK_TRUE : CK_FALSE);
@@ -7586,10 +7655,10 @@ CK_RV ep11tok_decrypt(STDLL_TokData_t * tokdata, SESSION * session,
return rc;
}
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_Decrypt(ctx->context, ctx->context_len, input_data,
input_data_len, output_data, p_output_data_len,
- ep11_data->target);
+ target_info->target);
RETRY_END(rc, tokdata, session)
if (rc != CKR_OK) {
@@ -7613,7 +7682,6 @@ CK_RV ep11tok_decrypt_update(STDLL_TokData_t * tokdata, SESSION * session,
CK_BYTE_PTR output_part,
CK_ULONG_PTR p_output_part_len)
{
- ep11_private_data_t *ep11_data = tokdata->private_data;
CK_RV rc = CKR_OK;
ENCR_DECR_CONTEXT *ctx = &session->decr_ctx;
CK_BBOOL length_only = (output_part == NULL ? CK_TRUE : CK_FALSE);
@@ -7640,10 +7708,10 @@ CK_RV ep11tok_decrypt_update(STDLL_TokData_t * tokdata, SESSION * session,
return rc;
}
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_DecryptUpdate(ctx->context, ctx->context_len,
input_part, input_part_len, output_part,
- p_output_part_len, ep11_data->target);
+ p_output_part_len, target_info->target);
RETRY_END(rc, tokdata, session)
if (rc != CKR_OK) {
@@ -7671,7 +7739,6 @@ CK_RV ep11tok_decrypt_single(STDLL_TokData_t *tokdata, SESSION *session,
size_t keyblobsize = 0;
CK_BYTE *keyblob;
OBJECT *key_obj = NULL;
- ep11_private_data_t *ep11_data = tokdata->private_data;
UNUSED(length_only);
@@ -7688,10 +7755,10 @@ CK_RV ep11tok_decrypt_single(STDLL_TokData_t *tokdata, SESSION *session,
goto done;
}
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_DecryptSingle(keyblob, keyblobsize, mech, input_data,
input_data_len, output_data, p_output_data_len,
- ep11_data->target);
+ target_info->target);
RETRY_END(rc, tokdata, session)
if (rc != CKR_OK) {
rc = ep11_error_to_pkcs11_error(rc, session);
@@ -7711,7 +7778,6 @@ CK_RV ep11tok_encrypt_final(STDLL_TokData_t * tokdata, SESSION * session,
CK_BYTE_PTR output_part,
CK_ULONG_PTR p_output_part_len)
{
- ep11_private_data_t *ep11_data = tokdata->private_data;
CK_RV rc = CKR_OK;
ENCR_DECR_CONTEXT *ctx = &session->encr_ctx;
CK_BBOOL length_only = (output_part == NULL ? CK_TRUE : CK_FALSE);
@@ -7732,10 +7798,10 @@ CK_RV ep11tok_encrypt_final(STDLL_TokData_t * tokdata, SESSION * session,
return rc;
}
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_EncryptFinal(ctx->context, ctx->context_len,
output_part, p_output_part_len,
- ep11_data->target);
+ target_info->target);
RETRY_END(rc, tokdata, session)
if (rc != CKR_OK) {
@@ -7758,7 +7824,6 @@ CK_RV ep11tok_encrypt(STDLL_TokData_t * tokdata, SESSION * session,
CK_BYTE_PTR input_data, CK_ULONG input_data_len,
CK_BYTE_PTR output_data, CK_ULONG_PTR p_output_data_len)
{
- ep11_private_data_t *ep11_data = tokdata->private_data;
CK_RV rc = CKR_OK;
ENCR_DECR_CONTEXT *ctx = &session->encr_ctx;
CK_BBOOL length_only = (output_data == NULL ? CK_TRUE : CK_FALSE);
@@ -7780,10 +7845,10 @@ CK_RV ep11tok_encrypt(STDLL_TokData_t * tokdata, SESSION * session,
return rc;
}
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_Encrypt(ctx->context, ctx->context_len, input_data,
input_data_len, output_data, p_output_data_len,
- ep11_data->target);
+ target_info->target);
RETRY_END(rc, tokdata, session)
if (rc != CKR_OK) {
@@ -7807,7 +7872,6 @@ CK_RV ep11tok_encrypt_update(STDLL_TokData_t * tokdata, SESSION * session,
CK_BYTE_PTR output_part,
CK_ULONG_PTR p_output_part_len)
{
- ep11_private_data_t *ep11_data = tokdata->private_data;
CK_RV rc = CKR_OK;
ENCR_DECR_CONTEXT *ctx = &session->encr_ctx;
CK_BBOOL length_only = (output_part == NULL ? CK_TRUE : CK_FALSE);
@@ -7834,10 +7898,10 @@ CK_RV ep11tok_encrypt_update(STDLL_TokData_t * tokdata, SESSION * session,
return rc;
}
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_EncryptUpdate(ctx->context, ctx->context_len,
input_part, input_part_len, output_part,
- p_output_part_len, ep11_data->target);
+ p_output_part_len, target_info->target);
RETRY_END(rc, tokdata, session)
if (rc != CKR_OK) {
@@ -7865,7 +7929,6 @@ CK_RV ep11tok_encrypt_single(STDLL_TokData_t *tokdata, SESSION *session,
size_t keyblobsize = 0;
CK_BYTE *keyblob;
OBJECT *key_obj = NULL;
- ep11_private_data_t *ep11_data = tokdata->private_data;
UNUSED(length_only);
@@ -7893,10 +7956,10 @@ CK_RV ep11tok_encrypt_single(STDLL_TokData_t *tokdata, SESSION *session,
goto done;
}
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_EncryptSingle(keyblob, keyblobsize, mech, input_data,
input_data_len, output_data, p_output_data_len,
- ep11_data->target);
+ target_info->target);
RETRY_END(rc, tokdata, session)
if (rc != CKR_OK) {
rc = ep11_error_to_pkcs11_error(rc, session);
@@ -7916,7 +7979,6 @@ static CK_RV ep11_ende_crypt_init(STDLL_TokData_t * tokdata, SESSION * session,
CK_MECHANISM_PTR mech, CK_OBJECT_HANDLE key,
int op)
{
- ep11_private_data_t *ep11_data = tokdata->private_data;
CK_RV rc = CKR_OK;
CK_BYTE *blob;
size_t blob_len = 0;
@@ -7979,9 +8041,9 @@ static CK_RV ep11_ende_crypt_init(STDLL_TokData_t * tokdata, SESSION * session,
if (op == DECRYPT) {
ENCR_DECR_CONTEXT *ctx = &session->decr_ctx;
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_DecryptInit(ep11_state, &ep11_state_l, mech, blob,
- blob_len, ep11_data->target);
+ blob_len, target_info->target);
RETRY_END(rc, tokdata, session)
ctx->key = key;
ctx->active = TRUE;
@@ -8012,9 +8074,9 @@ static CK_RV ep11_ende_crypt_init(STDLL_TokData_t * tokdata, SESSION * session,
goto error;
}
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_EncryptInit(ep11_state, &ep11_state_l, mech, blob,
- blob_len, ep11_data->target);
+ blob_len, target_info->target);
RETRY_END(rc, tokdata, session)
ctx->key = key;
ctx->active = TRUE;
@@ -8092,7 +8154,6 @@ CK_RV ep11tok_wrap_key(STDLL_TokData_t * tokdata, SESSION * session,
CK_OBJECT_HANDLE key, CK_BYTE_PTR wrapped_key,
CK_ULONG_PTR p_wrapped_key_len)
{
- ep11_private_data_t *ep11_data = tokdata->private_data;
CK_RV rc;
CK_BYTE *wrapping_blob;
size_t wrapping_blob_len;
@@ -8192,11 +8253,11 @@ CK_RV ep11tok_wrap_key(STDLL_TokData_t * tokdata, SESSION * session,
* (wrapping blob). The wrapped key can be processed by any PKCS11
* implementation.
*/
- RETRY_START
+ RETRY_START(rc, tokdata)
rc =
dll_m_WrapKey(wrap_target_blob, wrap_target_blob_len, wrapping_blob,
wrapping_blob_len, sign_blob, sign_blob_len, mech,
- wrapped_key, p_wrapped_key_len, ep11_data->target);
+ wrapped_key, p_wrapped_key_len, target_info->target);
RETRY_END(rc, tokdata, session)
if (rc != CKR_OK) {
@@ -8228,7 +8289,6 @@ CK_RV ep11tok_unwrap_key(STDLL_TokData_t * tokdata, SESSION * session,
CK_OBJECT_HANDLE wrapping_key,
CK_OBJECT_HANDLE_PTR p_key)
{
- ep11_private_data_t *ep11_data = tokdata->private_data;
CK_RV rc;
CK_BYTE *wrapping_blob, *temp;
size_t wrapping_blob_len;
@@ -8388,13 +8448,13 @@ CK_RV ep11tok_unwrap_key(STDLL_TokData_t * tokdata, SESSION * session,
/* we need a blob for the new key created by unwrapping,
* the wrapped key comes in BER
*/
- RETRY_START
+ RETRY_START(rc, tokdata)
rc = dll_m_UnwrapKey(wrapped_key, wrapped_key_len, wrapping_blob,
wrapping_blob_len, verifyblob, verifyblobsize,
ep11_pin_blob,
ep11_pin_blob_len, mech, new_attrs2, new_attrs2_len,
keyblob, &keyblobsize, csum, &cslen,
- ep11_data->target);
+ target_info->target);
RETRY_END(rc, tokdata, session)
if (rc != CKR_OK) {
@@ -8657,21 +8717,25 @@ CK_RV ep11tok_get_mechanism_list(STDLL_TokData_t * tokdata,
CK_MECHANISM_TYPE_PTR pMechanismList,
CK_ULONG_PTR pulCount)
{
- ep11_private_data_t *ep11_data = tokdata->private_data;
CK_RV rc = 0;
CK_ULONG counter = 0, size = 0;
CK_MECHANISM_TYPE_PTR mlist = NULL;
CK_ULONG i;
+ ep11_target_info_t* target_info;
+
+ target_info = get_target_info(tokdata);
+ if (target_info == NULL)
+ return CKR_FUNCTION_FAILED;
/* size querry */
if (pMechanismList == NULL) {
rc = dll_m_GetMechanismList(0, pMechanismList, pulCount,
- ep11_data->target);
+ target_info->target);
if (rc != CKR_OK) {
rc = ep11_error_to_pkcs11_error(rc, NULL);
TRACE_ERROR("%s bad rc=0x%lx from m_GetMechanismList() #1\n",
__func__, rc);
- return rc;
+ goto out;
}
/* adjust the size according to the ban list,
@@ -8693,16 +8757,16 @@ CK_RV ep11tok_get_mechanism_list(STDLL_TokData_t * tokdata,
sizeof(CK_MECHANISM_TYPE) * counter);
if (!mlist) {
TRACE_ERROR("%s Memory allocation failed\n", __func__);
- return CKR_HOST_MEMORY;
+ rc = CKR_HOST_MEMORY;
+ goto out;
}
- rc = dll_m_GetMechanismList(0, mlist, &counter, ep11_data->target);
+ rc = dll_m_GetMechanismList(0, mlist, &counter, target_info->target);
if (rc != CKR_OK) {
rc = ep11_error_to_pkcs11_error(rc, NULL);
TRACE_ERROR("%s bad rc=0x%lx from m_GetMechanismList() #2\n",
__func__, rc);
- free(mlist);
if (rc != CKR_BUFFER_TOO_SMALL)
- return rc;
+ goto out;
}
} while (rc == CKR_BUFFER_TOO_SMALL);
@@ -8722,12 +8786,12 @@ CK_RV ep11tok_get_mechanism_list(STDLL_TokData_t * tokdata,
* that comes as parameter, this is a 'reduced size',
* ep11 would complain about insufficient list size
*/
- rc = dll_m_GetMechanismList(0, mlist, &counter, ep11_data->target);
+ rc = dll_m_GetMechanismList(0, mlist, &counter, target_info->target);
if (rc != CKR_OK) {
rc = ep11_error_to_pkcs11_error(rc, NULL);
TRACE_ERROR("%s bad rc=0x%lx from m_GetMechanismList() #3\n",
__func__, rc);
- return rc;
+ goto out;
}
/*
@@ -8744,17 +8808,17 @@ CK_RV ep11tok_get_mechanism_list(STDLL_TokData_t * tokdata,
sizeof(CK_MECHANISM_TYPE) * counter);
if (!mlist) {
TRACE_ERROR("%s Memory allocation failed\n", __func__);
- return CKR_HOST_MEMORY;
+ rc = CKR_HOST_MEMORY;
+ goto out;
}
/* all the card has */
- rc = dll_m_GetMechanismList(0, mlist, &counter, ep11_data->target);
+ rc = dll_m_GetMechanismList(0, mlist, &counter, target_info->target);
if (rc != CKR_OK) {
rc = ep11_error_to_pkcs11_error(rc, NULL);
TRACE_ERROR("%s bad rc=0x%lx from m_GetMechanismList() #4\n",
__func__, rc);
- free(mlist);
if (rc != CKR_BUFFER_TOO_SMALL)
- return rc;
+ goto out;
}
} while (rc == CKR_BUFFER_TOO_SMALL);
@@ -8775,8 +8839,10 @@ CK_RV ep11tok_get_mechanism_list(STDLL_TokData_t * tokdata,
rc = CKR_BUFFER_TOO_SMALL;
}
+out:
if (mlist)
free(mlist);
+ put_target_info(tokdata, target_info);
return rc;
}
@@ -8790,6 +8856,8 @@ CK_RV ep11tok_is_mechanism_supported(STDLL_TokData_t *tokdata,
CK_BBOOL found = FALSE;
CK_ULONG i;
int status;
+ CK_RV rc = CKR_OK;
+ ep11_target_info_t* target_info;
for (i = 0; i < supported_mech_list_len; i++) {
if (type == ep11_supported_mech_list[i]) {
@@ -8804,13 +8872,18 @@ CK_RV ep11tok_is_mechanism_supported(STDLL_TokData_t *tokdata,
return CKR_MECHANISM_INVALID;
}
+ target_info = get_target_info(tokdata);
+ if (target_info == NULL)
+ return CKR_FUNCTION_FAILED;
+
if (check_cps_for_mechanism(ep11_data->cp_config,
- type, ep11_data->control_points,
- ep11_data->control_points_len,
- ep11_data->max_control_point_index) != CKR_OK) {
+ type, target_info->control_points,
+ target_info->control_points_len,
+ target_info->max_control_point_index) != CKR_OK) {
TRACE_INFO("%s Mech '%s' banned due to control point\n",
__func__, ep11_get_ckm(type));
- return CKR_MECHANISM_INVALID;
+ rc = CKR_MECHANISM_INVALID;
+ goto out;
}
switch(type) {
@@ -8840,14 +8913,17 @@ CK_RV ep11tok_is_mechanism_supported(STDLL_TokData_t *tokdata,
if (status == -1) {
TRACE_INFO("%s Mech '%s' banned due to mixed firmware versions\n",
__func__, ep11_get_ckm(type));
- return CKR_MECHANISM_INVALID;
+ rc = CKR_MECHANISM_INVALID;
+ goto out;
}
break;
case CKM_RSA_PKCS_OAEP:
/* CKM_RSA_PKCS_OAEP is not supported with EP11 host library <= 1.3 */
- if (compare_ck_version(&ep11_data->ep11_lib_version, &ver1_3) <= 0)
- return CKR_MECHANISM_INVALID;
+ if (compare_ck_version(&ep11_data->ep11_lib_version, &ver1_3) <= 0) {
+ rc = CKR_MECHANISM_INVALID;
+ goto out;
+ }
break;
case CKM_IBM_SHA3_224:
@@ -8863,7 +8939,8 @@ CK_RV ep11tok_is_mechanism_supported(STDLL_TokData_t *tokdata,
if (status != 1) {
TRACE_INFO("%s Mech '%s' banned due to mixed firmware versions\n",
__func__, ep11_get_ckm(type));
- return CKR_MECHANISM_INVALID;
+ rc = CKR_MECHANISM_INVALID;
+ goto out;
}
break;
@@ -8876,7 +8953,8 @@ CK_RV ep11tok_is_mechanism_supported(STDLL_TokData_t *tokdata,
if (status != 1) {
TRACE_INFO("%s Mech '%s' banned due to mixed firmware versions\n",
__func__, ep11_get_ckm(type));
- return CKR_MECHANISM_INVALID;
+ rc = CKR_MECHANISM_INVALID;
+ goto out;
}
break;
@@ -8887,7 +8965,8 @@ CK_RV ep11tok_is_mechanism_supported(STDLL_TokData_t *tokdata,
if (compare_ck_version(&ep11_data->ep11_lib_version, &ver3) < 0) {
TRACE_INFO("%s Mech '%s' banned due to host library version\n",
__func__, ep11_get_ckm(type));
- return CKR_MECHANISM_INVALID;
+ rc = CKR_MECHANISM_INVALID;
+ goto out;
}
status = check_required_versions(tokdata, edwards_req_versions,
@@ -8895,7 +8974,8 @@ CK_RV ep11tok_is_mechanism_supported(STDLL_TokData_t *tokdata,
if (status != 1) {
TRACE_INFO("%s Mech '%s' banned due to mixed firmware versions\n",
__func__, ep11_get_ckm(type));
- return CKR_MECHANISM_INVALID;
+ rc = CKR_MECHANISM_INVALID;
+ goto out;
}
break;
@@ -8903,14 +8983,16 @@ CK_RV ep11tok_is_mechanism_supported(STDLL_TokData_t *tokdata,
if (compare_ck_version(&ep11_data->ep11_lib_version, &ver3) <= 0) {
TRACE_INFO("%s Mech '%s' banned due to host library version\n",
__func__, ep11_get_ckm(type));
- return CKR_MECHANISM_INVALID;
+ rc = CKR_MECHANISM_INVALID;
+ goto out;
}
status = check_required_versions(tokdata, ibm_dilithium_req_versions,
NUM_DILITHIUM_REQ);
if (status != 1) {
TRACE_INFO("%s Mech '%s' banned due to mixed firmware versions\n",
__func__, ep11_get_ckm(type));
- return CKR_MECHANISM_INVALID;
+ rc = CKR_MECHANISM_INVALID;
+ goto out;
}
break;
@@ -8919,19 +9001,23 @@ CK_RV ep11tok_is_mechanism_supported(STDLL_TokData_t *tokdata,
TRACE_INFO("%s Mech '%s' banned due to host library version\n",
__func__, ep11_get_ckm(type));
- return CKR_MECHANISM_INVALID;
+ rc = CKR_MECHANISM_INVALID;
+ goto out;
}
status = check_required_versions(tokdata, ibm_cpacf_wrap_req_versions,
NUM_CPACF_WRAP_REQ);
if (status != 1) {
TRACE_INFO("%s Mech '%s' banned due to mixed firmware versions\n",
__func__, ep11_get_ckm(type));
- return CKR_MECHANISM_INVALID;
+ rc = CKR_MECHANISM_INVALID;
+ goto out;
}
break;
}
- return CKR_OK;
+out:
+ put_target_info(tokdata, target_info);
+ return rc;
}
CK_RV ep11tok_is_mechanism_supported_ex(STDLL_TokData_t *tokdata,
@@ -8976,9 +9062,9 @@ CK_RV ep11tok_get_mechanism_info(STDLL_TokData_t * tokdata,
CK_MECHANISM_TYPE type,
CK_MECHANISM_INFO_PTR pInfo)
{
- ep11_private_data_t *ep11_data = tokdata->private_data;
CK_RV rc;
int status;
+ ep11_target_info_t* target_info;
rc = ep11tok_is_mechanism_supported(tokdata, type);
if (rc != CKR_OK) {
@@ -8987,7 +9073,14 @@ CK_RV ep11tok_get_mechanism_info(STDLL_TokData_t * tokdata,
return rc;
}
- rc = dll_m_GetMechanismInfo(0, type, pInfo, ep11_data->target);
+ target_info = get_target_info(tokdata);
+ if (target_info == NULL)
+ return CKR_FUNCTION_FAILED;
+
+ rc = dll_m_GetMechanismInfo(0, type, pInfo, target_info->target);
+
+ put_target_info(tokdata, target_info);
+
if (rc != CKR_OK) {
rc = ep11_error_to_pkcs11_error(rc, NULL);
TRACE_ERROR("%s m_GetMechanismInfo(0x%lx) failed with rc=0x%lx\n",
@@ -10265,6 +10358,11 @@ static CK_RV generate_ep11_session_id(STDLL_TokData_t * tokdata,
CK_MECHANISM mech;
CK_ULONG len;
libica_sha_context_t ctx;
+ ep11_target_info_t* target_info;
+
+ target_info = get_target_info(tokdata);
+ if (target_info == NULL)
+ return CKR_FUNCTION_FAILED;
session_id_data.handle = session->handle;
gettimeofday(&session_id_data.timeofday, NULL);
@@ -10286,7 +10384,9 @@ static CK_RV generate_ep11_session_id(STDLL_TokData_t * tokdata,
rc = dll_m_DigestSingle(&mech, (CK_BYTE_PTR)&session_id_data,
sizeof(session_id_data),
ep11_session->session_id, &len,
- ep11_data->target);
+ target_info->target);
+
+ put_target_info(tokdata, target_info);
if (rc != CKR_OK) {
rc = ep11_error_to_pkcs11_error(rc, session);
@@ -10964,7 +11064,7 @@ static CK_RV get_card_type(uint_32 adapter, CK_ULONG *type)
typedef struct query_version
{
- ep11_private_data_t *ep11_data;
+ ep11_target_info_t *target_info;
CK_CHAR serialNumber[16];
CK_BBOOL first;
CK_BBOOL error;
@@ -11005,7 +11105,7 @@ static CK_RV version_query_handler(uint_32 adapter, uint_32 domain,
}
/* Try to find existing version info for this card type */
- card_version = qv->ep11_data->card_versions;
+ card_version = qv->target_info->card_versions;
while (card_version != NULL) {
if (card_version->card_type == card_type)
break;
@@ -11050,8 +11150,8 @@ static CK_RV version_query_handler(uint_32 adapter, uint_32 domain,
card_version->firmware_version = xcp_info.firmwareVersion;
#endif
- card_version->next = qv->ep11_data->card_versions;
- qv->ep11_data->card_versions = card_version;
+ card_version->next = qv->target_info->card_versions;
+ qv->target_info->card_versions = card_version;
} else {
/*
* Version info for this card type is already available, so check this
@@ -11134,23 +11234,16 @@ static CK_RV ep11tok_get_ep11_library_version(CK_VERSION *lib_version)
return CKR_OK;
}
-static CK_RV ep11tok_get_ep11_version(STDLL_TokData_t *tokdata)
+static CK_RV ep11tok_get_ep11_version(STDLL_TokData_t *tokdata,
+ ep11_target_info_t *target_info)
{
ep11_private_data_t *ep11_data = tokdata->private_data;
ep11_card_version_t *card_version;
query_version_t qv;
CK_RV rc;
- rc = ep11tok_get_ep11_library_version(&ep11_data->ep11_lib_version);
- if (rc != CKR_OK)
- return rc;
-
- TRACE_INFO("%s Host library version: %d.%d\n", __func__,
- ep11_data->ep11_lib_version.major,
- ep11_data->ep11_lib_version.minor);
-
memset(&qv, 0, sizeof(qv));
- qv.ep11_data = ep11_data;
+ qv.target_info = target_info;
qv.first = TRUE;
rc = handle_all_ep11_cards(&ep11_data->target_list, version_query_handler,
@@ -11169,18 +11262,18 @@ static CK_RV ep11tok_get_ep11_version(STDLL_TokData_t *tokdata)
return CKR_DEVICE_ERROR;
}
- memcpy(ep11_data->serialNumber, qv.serialNumber,
- sizeof(ep11_data->serialNumber));
+ memcpy(target_info->serialNumber, qv.serialNumber,
+ sizeof(target_info->serialNumber));
- TRACE_INFO("%s Serial number: %.16s\n", __func__, ep11_data->serialNumber);
+ TRACE_INFO("%s Serial number: %.16s\n", __func__, target_info->serialNumber);
/* EP11 host lib version <= 2 only support API version 2 */
if (ep11_data->ep11_lib_version.major <= 2)
- ep11_data->used_firmware_API_version = 2;
+ target_info->used_firmware_API_version = 2;
else
- ep11_data->used_firmware_API_version = 0;
+ target_info->used_firmware_API_version = 0;
- card_version = ep11_data->card_versions;
+ card_version = target_info->card_versions;
while (card_version != NULL) {
TRACE_INFO("%s Card type: CEX%luP\n", __func__,
card_version->card_type);
@@ -11190,19 +11283,19 @@ static CK_RV ep11tok_get_ep11_version(STDLL_TokData_t *tokdata)
card_version->firmware_version.major,
card_version->firmware_version.minor);
- if (ep11_data->used_firmware_API_version == 0)
- ep11_data->used_firmware_API_version =
+ if (target_info->used_firmware_API_version == 0)
+ target_info->used_firmware_API_version =
card_version->firmware_API_version;
else
- ep11_data->used_firmware_API_version =
- MIN(ep11_data->used_firmware_API_version,
+ target_info->used_firmware_API_version =
+ MIN(target_info->used_firmware_API_version,
card_version->firmware_API_version);
card_version = card_version->next;
}
TRACE_INFO("%s Used Firmware API: %lu\n", __func__,
- ep11_data->used_firmware_API_version);
+ target_info->used_firmware_API_version);
return CKR_OK;
}
@@ -11220,20 +11313,29 @@ static void free_card_versions(ep11_card_version_t *card_version)
}
}
-void ep11tok_copy_firmware_info(STDLL_TokData_t *tokdata,
+CK_RV ep11tok_copy_firmware_info(STDLL_TokData_t *tokdata,
CK_TOKEN_INFO_PTR pInfo)
{
ep11_private_data_t *ep11_data = tokdata->private_data;
+ ep11_target_info_t* target_info;
+
+ target_info = get_target_info(tokdata);
+ if (target_info == NULL)
+ return CKR_FUNCTION_FAILED;
/*
* report the EP11 firmware version as hardware version, and
* the EP11 host library version as firmware version
*/
- if (ep11_data->card_versions != NULL)
- pInfo->hardwareVersion = ep11_data->card_versions->firmware_version;
+ if (target_info->card_versions != NULL)
+ pInfo->hardwareVersion = target_info->card_versions->firmware_version;
pInfo->firmwareVersion = ep11_data->ep11_lib_version;
- memcpy(pInfo->serialNumber, ep11_data->serialNumber,
+ memcpy(pInfo->serialNumber, target_info->serialNumber,
sizeof(pInfo->serialNumber));
+
+ put_target_info(tokdata, target_info);
+
+ return CKR_OK;
}
/**
@@ -11247,13 +11349,17 @@ static int check_required_versions(STDLL_TokData_t *tokdata,
const version_req_t req[],
CK_ULONG num_req)
{
- ep11_private_data_t *ep11_data = tokdata->private_data;
CK_ULONG i, max_card_type = 0, min_card_type = 0xFFFFFFFF;
CK_BBOOL req_not_fullfilled = CK_FALSE;
CK_BBOOL req_fullfilled = CK_FALSE;
ep11_card_version_t *card_version;
+ ep11_target_info_t* target_info;
int status;
+ target_info = get_target_info(tokdata);
+ if (target_info == NULL)
+ return CKR_FUNCTION_FAILED;
+
for (i = 0; i < num_req; i++) {
status = check_card_version(tokdata, req[i].card_type,
req[i].min_lib_version,
@@ -11268,7 +11374,7 @@ static int check_required_versions(STDLL_TokData_t *tokdata,
}
/* Are card types < min_card_type present? */
- card_version = ep11_data->card_versions;
+ card_version = target_info->card_versions;
while (card_version != NULL) {
if (card_version->card_type < min_card_type)
req_not_fullfilled = CK_TRUE;
@@ -11276,7 +11382,7 @@ static int check_required_versions(STDLL_TokData_t *tokdata,
}
/* Are card types > max_card_type present? */
- card_version = ep11_data->card_versions;
+ card_version = target_info->card_versions;
while (card_version != NULL) {
if (card_version->card_type > max_card_type) {
/*
@@ -11285,9 +11391,10 @@ static int check_required_versions(STDLL_TokData_t *tokdata,
* So all others must also meet the version requirements or be
* not present.
*/
+ status = 1;
if (req_not_fullfilled == CK_TRUE)
- return -1;
- return 1;
+ status = -1;
+ goto out;
}
card_version = card_version->next;
}
@@ -11298,13 +11405,19 @@ static int check_required_versions(STDLL_TokData_t *tokdata,
* At least one don't meet the requirements, so all other must not
* fulfill the requirements, too, or are not present.
*/
+ status = 0;
if (req_fullfilled == CK_TRUE)
- return -1;
- return 0;
+ status = -1;
+ goto out;
} else {
/* All of the cards that are present fulfill the requirements */
- return 1;
+ status = 1;
+ goto out;
}
+
+out:
+ put_target_info(tokdata, target_info);
+ return status;
}
/**
@@ -11320,6 +11433,8 @@ static int check_card_version(STDLL_TokData_t *tokdata, CK_ULONG card_type,
{
ep11_private_data_t *ep11_data = tokdata->private_data;
ep11_card_version_t *card_version;
+ ep11_target_info_t* target_info;
+ int status = 1;
TRACE_DEBUG("%s checking versions for CEX%luP cards.\n", __func__, card_type);
@@ -11331,21 +11446,28 @@ static int check_card_version(STDLL_TokData_t *tokdata, CK_ULONG card_type,
}
}
- card_version = ep11_data->card_versions;
+ target_info = get_target_info(tokdata);
+ if (target_info == NULL)
+ return -1;
+
+ card_version = target_info->card_versions;
while (card_version != NULL) {
if (card_version->card_type == card_type)
break;
card_version = card_version->next;
}
- if (card_version == NULL)
- return -1;
+ if (card_version == NULL) {
+ status = -1;
+ goto out;
+ }
if (firmware_version != NULL) {
if (compare_ck_version(&card_version->firmware_version,
firmware_version) < 0) {
TRACE_DEBUG("%s firmware_version is less than required\n", __func__);
- return 0;
+ status = 0;
+ goto out;
}
}
@@ -11353,53 +11475,57 @@ static int check_card_version(STDLL_TokData_t *tokdata, CK_ULONG card_type,
if (card_version->firmware_API_version < *firmware_API_version) {
TRACE_DEBUG("%s firmware_API_version is less than required\n",
__func__);
- return 0;
+ status = 0;
+ goto out;
}
}
- return 1;
+ out:
+ put_target_info(tokdata, target_info);
+ return status;
}
-static CK_RV ep11tok_setup_target(STDLL_TokData_t *tokdata)
+static CK_RV ep11tok_setup_target(STDLL_TokData_t *tokdata,
+ ep11_target_info_t *target_info)
{
ep11_private_data_t *ep11_data = tokdata->private_data;
struct XCP_Module module;
- CK_RV rc;
+ CK_RV rc = CKR_OK;
short i;
if (dll_m_add_module == NULL) {
TRACE_WARNING("%s Function dll_m_add_module is not available, falling "
"back to old target handling\n", __func__);
- if (ep11_data->used_firmware_API_version > 2) {
+ if (target_info->used_firmware_API_version > 2) {
TRACE_ERROR("%s selecting an API version is not possible with old "
"target handling\n", __func__);
return CKR_FUNCTION_FAILED;
}
- ep11_data->target = (target_t)&ep11_data->target_list;
+ target_info->target = (target_t)&ep11_data->target_list;
return CKR_OK;
}
- if (ep11_data->used_firmware_API_version > 2 &&
+ if (target_info->used_firmware_API_version > 2 &&
ep11_data->ep11_lib_version.major < 3) {
TRACE_ERROR("%s selecting an API version is not possible with an EP11"
" host library version < 3.0\n", __func__);
return CKR_FUNCTION_FAILED;
}
- ep11_data->target = XCP_TGT_INIT;
+ target_info->target = XCP_TGT_INIT;
memset(&module, 0, sizeof(module));
module.version = ep11_data->ep11_lib_version.major >= 3 ? XCP_MOD_VERSION_2
: XCP_MOD_VERSION_1;
module.flags = XCP_MFL_VIRTUAL | XCP_MFL_MODULE;
- module.api = ep11_data->used_firmware_API_version;
+ module.api = target_info->used_firmware_API_version;
TRACE_DEVEL("%s XCP_MOD_VERSION: %u\n", __func__, module.version);
if (ep11_data->target_list.length == 0) {
/* APQN_ANY: Create an empty module group */
- rc = dll_m_add_module(&module, &ep11_data->target);
+ rc = dll_m_add_module(&module, &target_info->target);
if (rc != CKR_OK) {
TRACE_ERROR("%s dll_m_add_module (ANY) failed: rc=%ld\n",
__func__, rc);
@@ -11414,11 +11540,12 @@ static CK_RV ep11tok_setup_target(STDLL_TokData_t *tokdata)
XCPTGTMASK_SET_DOM(module.domainmask,
ep11_data->target_list.apqns[2 * i + 1]);
- rc = dll_m_add_module(&module, &ep11_data->target);
+ rc = dll_m_add_module(&module, &target_info->target);
if (rc != CKR_OK) {
TRACE_ERROR("%s dll_m_add_module (%02x.%04x) failed: rc=%ld\n",
__func__, ep11_data->target_list.apqns[2 * i],
ep11_data->target_list.apqns[2 * i + 1], rc);
+ dll_m_rm_module(NULL, target_info->target);
return CKR_FUNCTION_FAILED;
}
}
@@ -11494,6 +11621,7 @@ CK_RV token_specific_set_attribute_values(STDLL_TokData_t *tokdata, OBJECT *obj,
CK_ULONG num_attributes = 0;
CK_ATTRIBUTE *attr;
CK_RV rc;
+ ep11_target_info_t* target_info;
rc = template_attribute_get_ulong(obj->template, CKA_CLASS, &class);
if (rc != CKR_OK) {
@@ -11575,9 +11703,18 @@ CK_RV token_specific_set_attribute_values(STDLL_TokData_t *tokdata, OBJECT *obj,
goto out;
}
+ target_info = get_target_info(tokdata);
+ if (target_info == NULL) {
+ rc = CKR_FUNCTION_FAILED;
+ goto out;
+ }
+
rc = dll_m_SetAttributeValue(ibm_opaque_attr->pValue,
ibm_opaque_attr->ulValueLen, attributes,
- num_attributes, ep11_data->target);
+ num_attributes, target_info->target);
+
+ put_target_info(tokdata, target_info);
+
if (rc != CKR_OK) {
rc = ep11_error_to_pkcs11_error(rc, NULL);
TRACE_ERROR("%s m_SetAttributeValue failed rc=0x%lx\n",
@@ -11601,3 +11738,233 @@ out:
return rc;
}
+/*
+ * ATTENTION: This function is called in a separate thread. All actions
+ * performed by this function must be thread save and use locks to lock
+ * against concurrent access by other threads.
+ */
+static CK_RV ep11tok_handle_apqn_event(STDLL_TokData_t *tokdata,
+ unsigned int event_type,
+ event_udev_apqn_data_t *apqn_data)
+{
+ ep11_private_data_t *ep11_data = tokdata->private_data;
+ CK_BBOOL found = FALSE;
+ CK_RV rc = CKR_OK;
+ char name[20];
+ int i;
+
+ /* Is it one of the configured APQNs ?*/
+ if (ep11_data->target_list.length > 0) {
+ /* APQN_WHITELIST is specified */
+ for (i = 0; i < ep11_data->target_list.length; i++) {
+ if (ep11_data->target_list.apqns[2 * i] == apqn_data->card &&
+ ep11_data->target_list.apqns[2 * i + 1] == apqn_data->domain) {
+ found = TRUE;
+ break;
+ }
+ }
+ } else {
+ /* APQN_ANY is specified */
+ found = TRUE;
+ if (event_type == EVENT_TYPE_APQN_ADD) {
+ snprintf(name, sizeof(name), "card%02x", apqn_data->card);
+ if (is_card_ep11_and_online(name) != CKR_OK)
+ found = FALSE; /* Not an EP11 APQN */
+ }
+ }
+ if (!found)
+ return CKR_OK;
+
+ TRACE_DEVEL("%s Refreshing target infos due to event for APQN %02x.%04x\n",
+ __func__, apqn_data->card, apqn_data->domain);
+
+ rc = refresh_target_info(tokdata);
+ if (rc != CKR_OK) {
+ TRACE_ERROR("%s Failed to get the target infos (refresh_target_info "
+ "rc=0x%lx)\n", __func__, rc);
+ OCK_SYSLOG(LOG_ERR, "%s: Failed to get the target info rc=0x%lx\n",
+ __func__, rc);
+ return rc;
+ }
+
+ return CKR_OK;
+}
+
+/*
+ * Called by the event thread, on receipt of an event.
+ *
+ * ATTENTION: This function is called in a separate thread. All actions
+ * performed by this function must be thread save and use locks to lock
+ * against concurrent access by other threads.
+ */
+CK_RV token_specific_handle_event(STDLL_TokData_t *tokdata,
+ unsigned int event_type,
+ unsigned int event_flags,
+ const char *payload,
+ unsigned int payload_len)
+{
+ UNUSED(event_flags);
+
+ switch (event_type) {
+ case EVENT_TYPE_APQN_ADD:
+ case EVENT_TYPE_APQN_REMOVE:
+ if (payload_len != sizeof(event_udev_apqn_data_t))
+ return CKR_FUNCTION_FAILED;
+ return ep11tok_handle_apqn_event(tokdata, event_type,
+ (event_udev_apqn_data_t *)payload);
+
+ default:
+ return CKR_FUNCTION_NOT_SUPPORTED;
+ }
+
+ return CKR_OK;
+}
+
+/*
+ * Refreshes the target info using the currently configured and available
+ * APQNs. Registers the newly allocated target info as the current one in a
+ * thread save way and gives back the previous one so that it is release when
+ * no longer used (i.e. by a concurrently running thread).
+ */
+static CK_RV refresh_target_info(STDLL_TokData_t *tokdata)
+{
+ ep11_private_data_t *ep11_data = tokdata->private_data;
+ volatile ep11_target_info_t *prev_info;
+ ep11_target_info_t *target_info;
+ CK_RV rc;
+
+ target_info = calloc(1, sizeof(ep11_target_info_t));
+ if (target_info == NULL) {
+ TRACE_ERROR("%s Memory allocation failed\n", __func__);
+ return CKR_HOST_MEMORY;
+ }
+
+ target_info->ref_count = 1;
+
+ /* Get the version info freshly with the current set of APQNs */
+ rc = ep11tok_get_ep11_version(tokdata, target_info);
+ if (rc != 0)
+ goto error;
+
+ /* Get the control points freshly with the current set of APQNs */
+ target_info->control_points_len = sizeof(target_info->control_points);
+ rc = get_control_points(tokdata, target_info->control_points,
+ &target_info->control_points_len,
+ &target_info->max_control_point_index);
+ if (rc != 0)
+ goto error;
+
+ /* Setup the group target freshly with the current set of APQNs */
+ rc = ep11tok_setup_target(tokdata, target_info);
+ if (rc != CKR_OK)
+ goto error;
+
+ /* Set the new one as the current one (locked against concurrent get's) */
+ if (pthread_rwlock_wrlock(&ep11_data->target_rwlock) != 0) {
+ TRACE_DEVEL("Target Write-Lock failed.\n");
+ rc = CKR_CANT_LOCK;
+ goto error;
+ }
+
+ prev_info = ep11_data->target_info;
+ ep11_data->target_info = target_info;
+
+ if (pthread_rwlock_unlock(&ep11_data->target_rwlock) != 0) {
+ TRACE_DEVEL("Target Unlock failed.\n");
+ return CKR_CANT_LOCK;
+ }
+
+ /* Release the previous one */
+ if (prev_info != NULL)
+ put_target_info(tokdata, (ep11_target_info_t *)prev_info);
+
+ return CKR_OK;
+
+error:
+ free_card_versions(target_info->card_versions);
+ free((void *)target_info);
+ return rc;
+}
+
+/*
+ * Get the current EP11 target info.
+ * Do NOT use the ep11_data->target_info directly, always get a copy using
+ * this function. This will increment the reference count of the target info,
+ * and return the current target info in a thread save way.
+ * When no longer needed, put it back using put_target_info().
+ */
+static ep11_target_info_t *get_target_info(STDLL_TokData_t *tokdata)
+{
+ ep11_private_data_t *ep11_data = tokdata->private_data;
+ volatile ep11_target_info_t *target_info;
+#ifdef DEBUG
+ unsigned long ref_count;
+#endif
+
+ /*
+ * Lock until we have obtained the current target info and have
+ * increased the reference counter
+ */
+ if (pthread_rwlock_rdlock(&ep11_data->target_rwlock) != 0) {
+ TRACE_DEVEL("Target Read-Lock failed.\n");
+ return NULL;
+ }
+
+ target_info = *((void * volatile *)&ep11_data->target_info);
+ if (target_info == NULL) {
+ TRACE_ERROR("%s: target_info is NULL\n", __func__);
+ return NULL;
+ }
+
+#ifdef DEBUG
+ ref_count = __sync_add_and_fetch(&target_info->ref_count, 1);
+
+ TRACE_DEBUG("%s: target_info: %p ref_count: %lu\n", __func__,
+ (void *)target_info, ref_count);
+#else
+ __sync_add_and_fetch(&target_info->ref_count, 1);
+#endif
+
+ if (pthread_rwlock_unlock(&ep11_data->target_rwlock) != 0) {
+ TRACE_DEVEL("Target Unlock failed.\n");
+ return NULL;
+ }
+
+ return (ep11_target_info_t *)target_info;
+}
+
+/*
+ * Give back an EP11 target info. This will decrement the reference count,
+ * and will free it if the reference count reaches zero.
+ */
+static void put_target_info(STDLL_TokData_t *tokdata,
+ ep11_target_info_t *target_info)
+{
+ ep11_private_data_t *ep11_data = tokdata->private_data;
+ unsigned long ref_count;
+
+ if (target_info == NULL)
+ return;
+
+ if (target_info->ref_count > 0) {
+ ref_count = __sync_sub_and_fetch(&target_info->ref_count, 1);
+
+ TRACE_DEBUG("%s: target_info: %p ref_count: %lu\n", __func__,
+ (void *)target_info, ref_count);
+ } else {
+ TRACE_WARNING("%s: target_info: %p ref_count already 0.\n", __func__,
+ (void *)target_info);
+ ref_count = 0;
+ }
+
+ if (ref_count == 0 && target_info != ep11_data->target_info) {
+ TRACE_DEBUG("%s: target_info: %p is freed\n", __func__,
+ (void *)target_info);
+
+ if (dll_m_rm_module != NULL)
+ dll_m_rm_module(NULL, target_info->target);
+ free_card_versions(target_info->card_versions);
+ free(target_info);
+ }
+}
+
diff --git a/usr/lib/ep11_stdll/ep11_specific.h b/usr/lib/ep11_stdll/ep11_specific.h
index 55fc023c..343f4b3d 100644
--- a/usr/lib/ep11_stdll/ep11_specific.h
+++ b/usr/lib/ep11_stdll/ep11_specific.h
@@ -161,7 +161,7 @@ CK_BBOOL ep11tok_libica_mech_available(STDLL_TokData_t *tokdata,
CK_MECHANISM_TYPE mech,
CK_OBJECT_HANDLE hKey);
-void ep11tok_copy_firmware_info(STDLL_TokData_t *tokdata,
+CK_RV ep11tok_copy_firmware_info(STDLL_TokData_t *tokdata,
CK_TOKEN_INFO_PTR pInfo);
CK_BBOOL ep11tok_pkey_usage_ok(STDLL_TokData_t *tokdata, SESSION *session,
diff --git a/usr/lib/ep11_stdll/new_host.c b/usr/lib/ep11_stdll/new_host.c
index 4e592363..cd12604e 100644
--- a/usr/lib/ep11_stdll/new_host.c
+++ b/usr/lib/ep11_stdll/new_host.c
@@ -298,7 +298,7 @@ CK_RV SC_GetTokenInfo(STDLL_TokData_t *tokdata, CK_SLOT_ID sid,
goto done;
}
copy_token_contents_sensibly(pInfo, tokdata->nv_token_data);
- ep11tok_copy_firmware_info(tokdata, pInfo);
+ rc = ep11tok_copy_firmware_info(tokdata, pInfo);
/* Set the time */
now = time((time_t *) NULL);
diff --git a/usr/lib/ep11_stdll/tok_struct.h b/usr/lib/ep11_stdll/tok_struct.h
index 2c0af9cf..01268c67 100644
--- a/usr/lib/ep11_stdll/tok_struct.h
+++ b/usr/lib/ep11_stdll/tok_struct.h
@@ -137,7 +137,7 @@ token_spec_t token_specific = {
&token_specific_reencrypt_single,
&token_specific_set_attribute_values,
&token_specific_set_attrs_for_new_object,
- NULL, // handle_event
+ &token_specific_handle_event,
};
#endif