Skip to content

Commit

Permalink
Fix casting error (#459)
Browse files Browse the repository at this point in the history 
Fix casting error
  • Loading branch information
@aveenismail
aveenismail authored Dec 7, 2023
1 parent de1e9c2 commit 6d83a96
Show file tree
Hide file tree
Showing 5 changed files with 35 additions and 25 deletions.
39 changes: 23 additions & 16 deletions lib/util.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1386,7 +1386,7 @@ uint32_t ykpiv_util_slot_object(uint8_t slot) {
return (uint32_t)object_id;
}

ykpiv_rc ykpiv_util_get_certdata(uint8_t *buf, size_t buf_len, uint8_t* certdata, unsigned long *certdata_len) {
ykpiv_rc ykpiv_util_get_certdata(uint8_t *buf, size_t buf_len, uint8_t* certdata, size_t *certdata_len) {
uint8_t compress_info = YKPIV_CERTINFO_UNCOMPRESSED;
uint8_t *certptr = 0;
size_t cert_len = 0;
Expand Down Expand Up @@ -1486,10 +1486,22 @@ uint32_t ykpiv_util_slot_object(uint8_t slot) {
return YKPIV_OK;
}

void ykpiv_util_write_certdata(uint8_t *rawdata, size_t rawdata_len, uint8_t compress_info, uint8_t* certdata, unsigned long *certdata_len) {
ykpiv_rc ykpiv_util_write_certdata(uint8_t *rawdata, size_t rawdata_len, uint8_t compress_info, uint8_t* certdata, size_t *certdata_len) {
size_t offset = 0;
size_t buf_len = 0;

unsigned long len_bytes = get_length_size(rawdata_len);

// calculate the required length of the encoded object
buf_len = 1 /* cert tag */ + 3 /* compression tag + data*/ + 2 /* lrc */;
buf_len += len_bytes + rawdata_len;

if (buf_len > *certdata_len) {
DBG("Buffer too small");
*certdata_len = 0;
return YKPIV_SIZE_ERROR;
}

memmove(certdata + len_bytes + 1, rawdata, rawdata_len);

certdata[offset++] = TAG_CERT;
Expand All @@ -1501,6 +1513,7 @@ void ykpiv_util_write_certdata(uint8_t *rawdata, size_t rawdata_len, uint8_t com
certdata[offset++] = TAG_CERT_LRC;
certdata[offset++] = 0;
*certdata_len = offset;
return YKPIV_OK;
}

static ykpiv_rc _read_certificate(ykpiv_state *state, uint8_t slot, uint8_t *buf, size_t *buf_len) {
Expand All @@ -1513,7 +1526,7 @@ void ykpiv_util_write_certdata(uint8_t *rawdata, size_t rawdata_len, uint8_t com
unsigned long data_len = sizeof (data);

if (YKPIV_OK == (res = _ykpiv_fetch_object(state, object_id, data, &data_len))) {
if ((res = ykpiv_util_get_certdata(data, data_len, buf, (unsigned long *) buf_len)) != YKPIV_OK) {
if ((res = ykpiv_util_get_certdata(data, data_len, buf, buf_len)) != YKPIV_OK) {
DBG("Failed to get certificate data");
return res;
}
Expand All @@ -1526,9 +1539,9 @@ void ykpiv_util_write_certdata(uint8_t *rawdata, size_t rawdata_len, uint8_t com

static ykpiv_rc _write_certificate(ykpiv_state *state, uint8_t slot, uint8_t *data, size_t data_len, uint8_t certinfo) {
uint8_t buf[CB_OBJ_MAX] = {0};
size_t buf_len = sizeof(buf);
int object_id = (int)ykpiv_util_slot_object(slot);
size_t offset = 0;
size_t req_len = 0;


if (-1 == object_id) return YKPIV_INVALID_OBJECT;

Expand All @@ -1545,19 +1558,13 @@ static ykpiv_rc _write_certificate(ykpiv_state *state, uint8_t slot, uint8_t *da
}

// encode certificate data for storage

// calculate the required length of the encoded object
req_len = 1 /* cert tag */ + 3 /* compression tag + data*/ + 2 /* lrc */;
req_len += _ykpiv_set_length(buf, data_len);
req_len += data_len;

if (req_len < data_len) return YKPIV_SIZE_ERROR; /* detect overflow of unsigned size_t */
if (req_len > _obj_size_max(state)) return YKPIV_SIZE_ERROR; /* obj_size_max includes limits for TLV encoding */

ykpiv_util_write_certdata(data, data_len, certinfo, buf, (unsigned long *) &offset);
ykpiv_rc res = YKPIV_OK;
if ( (res=ykpiv_util_write_certdata(data, data_len, certinfo, buf, &buf_len)) != YKPIV_OK) {
return res;
}

// write onto device
return _ykpiv_save_object(state, object_id, buf, offset);
return _ykpiv_save_object(state, object_id, buf, buf_len);
}

/*
Expand Down
6 changes: 4 additions & 2 deletions lib/ykpiv.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -351,7 +351,7 @@ extern "C"
*
* @return Error code
*/
ykpiv_rc ykpiv_util_get_certdata(uint8_t *buf, size_t buf_len, uint8_t* certdata, unsigned long *certdata_len);
ykpiv_rc ykpiv_util_get_certdata(uint8_t *buf, size_t buf_len, uint8_t* certdata, size_t *certdata_len);

/**
* Construct cert data to store
Expand All @@ -361,8 +361,10 @@ extern "C"
* @param compress_info Certificate compression state
* @param certdata Constructed certificate data
* @param certdata_len Length of constructed certificate data
*
* @return Error code
*/
void ykpiv_util_write_certdata(uint8_t *data, size_t data_len, uint8_t compress_info, uint8_t* certdata, unsigned long *certdata_len);
ykpiv_rc ykpiv_util_write_certdata(uint8_t *data, size_t data_len, uint8_t compress_info, uint8_t* certdata, size_t *certdata_len);

/**
* Write a certificate to a given slot
Expand Down
2 changes: 1 addition & 1 deletion tool/yubico-piv-tool.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1561,7 +1561,7 @@ static void print_cert_info(ykpiv_state *state, enum enum_slot slot, const EVP_M
fprintf(output, "Slot %x:\t", slot_name);

unsigned char certdata[YKPIV_OBJ_MAX_SIZE * 10] = {0};
unsigned long certdata_len = sizeof(certdata);
size_t certdata_len = sizeof(certdata);
if(ykpiv_util_get_certdata(data, len, certdata, &certdata_len) != YKPIV_OK) {
fprintf(output, "Failed to get certificate data\n");
return;
Expand Down
2 changes: 1 addition & 1 deletion ykcs11/openssl_utils.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,7 @@ CK_RV do_rsa_encrypt(ykcs11_pkey_t *key, int padding, const ykcs11_md_t* oaep_md
CK_RV do_store_cert(CK_BYTE_PTR data, CK_ULONG len, ykcs11_x509_t **cert) {

unsigned char certdata[YKPIV_OBJ_MAX_SIZE * 10] = {0};
unsigned long certdata_len = sizeof (certdata);
size_t certdata_len = sizeof (certdata);

if(ykpiv_util_get_certdata(data, len, certdata, &certdata_len) != YKPIV_OK) {
DBG("Failed to get certificate data");
Expand Down
11 changes: 6 additions & 5 deletions ykcs11/token.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -463,7 +463,9 @@ CK_RV token_generate_key(ykpiv_state *state, gen_info_t *gen, CK_BYTE key, CK_BY
if(rv != CKR_OK)
return rv;

ykpiv_util_write_certdata(data, recv_len, YKPIV_CERTINFO_UNCOMPRESSED, certdata, (unsigned long *) &certdata_len);
if ((res = ykpiv_util_write_certdata(data, recv_len, YKPIV_CERTINFO_UNCOMPRESSED, certdata, &certdata_len)) != YKPIV_OK) {
return yrc_to_rv(res);
}

if(*cert_len < (CK_ULONG)certdata_len) {
DBG("Certificate buffer too small.");
Expand Down Expand Up @@ -494,10 +496,9 @@ CK_RV token_import_cert(ykpiv_state *state, CK_ULONG cert_id, CK_BYTE_PTR in, CK
return rv;
}

if (cert_len > YKPIV_OBJ_MAX_SIZE)
return CKR_FUNCTION_FAILED;

ykpiv_util_write_certdata(in, cert_len, YKPIV_CERTINFO_UNCOMPRESSED, certdata, (unsigned long *) &certdata_len);
if ((res = ykpiv_util_write_certdata(in, cert_len, YKPIV_CERTINFO_UNCOMPRESSED, certdata, &certdata_len)) != YKPIV_OK) {
return yrc_to_rv(res);
}

// Store the certificate into the token
if ((res = ykpiv_save_object(state, cert_id, certdata, certdata_len)) != YKPIV_OK)
Expand Down

0 comments on commit 6d83a96

Please sign in to comment.