[rt-commit] r119 - in /redwax-tool/trunk: ChangeLog redwax_p11kit.c

rt-commit at redwax.eu rt-commit at redwax.eu
Tue Dec 7 14:54:12 CET 2021 

Author: minfrin at redwax.eu
Date: Tue Dec  7 14:54:10 2021
New Revision: 119

Log:
The opencryptoki-swtok tokens can be used when uninitialised.
Add a sanity check to ignore uninitialised tokens.

Modified:
    redwax-tool/trunk/ChangeLog
    redwax-tool/trunk/redwax_p11kit.c

Modified: redwax-tool/trunk/ChangeLog
==============================================================================
--- redwax-tool/trunk/ChangeLog	(original)
+++ redwax-tool/trunk/ChangeLog	Tue Dec  7 14:54:10 2021
@@ -1,5 +1,9 @@
 
 Changes with v0.9.1
+
+ *) The opencryptoki-swtok tokens can be used when uninitialised.
+    Add a sanity check to ignore uninitialised tokens. [Graham
+    Leggett]
 
  *) Some tokens refuse to accept a computed SubjectPublicKeyInfo.
     Retry the key import without one when CKR_ATTRIBUTE_TYPE_INVALID

Modified: redwax-tool/trunk/redwax_p11kit.c
==============================================================================
--- redwax-tool/trunk/redwax_p11kit.c	(original)
+++ redwax-tool/trunk/redwax_p11kit.c	Tue Dec  7 14:54:10 2021
@@ -2145,10 +2145,24 @@
 
             ret = modules[i]->C_GetTokenInfo(pSlotList[j], &tokenInfo);
             if (ret == CKR_TOKEN_NOT_PRESENT) {
+
+                redwax_print_debug(r,
+                        "pkcs11-in: token in slot '%lu' not present, skipping.\n",
+                        pSlotList[j]);
+
                 continue;
             }
             else if (ret != CKR_OK) {
                 return APR_EGENERAL;
+            }
+
+            if (!(tokenInfo.flags & CKF_TOKEN_INITIALIZED)) {
+
+                redwax_print_error(r,
+                        "pkcs11-in: token in slot '%lu' not yet initialised, skipping.\n",
+                        pSlotList[j]);
+
+                continue;
             }
 
             if (!p11_kit_uri_match_token_info(parsed, &tokenInfo)) {
@@ -2350,6 +2364,11 @@
 
             ret = modules[i]->C_GetTokenInfo(pSlotList[j], &tokenInfo);
             if (ret == CKR_TOKEN_NOT_PRESENT) {
+
+                redwax_print_debug(r,
+                        "pkcs11-out: token in slot '%lu' not present, skipping.\n",
+                        pSlotList[j]);
+
                 continue;
             }
             else if (ret != CKR_OK) {
@@ -2360,6 +2379,14 @@
                 continue;
             }
 
+            if (!(tokenInfo.flags & CKF_TOKEN_INITIALIZED)) {
+
+                redwax_print_error(r,
+                        "pkcs11-out: token in slot '%lu' not yet initialised, skipping.\n",
+                        pSlotList[j]);
+
+                continue;
+            }
 
             /* handle the slot */
             status = redwax_p11kit_handle_slot(r, parsed,

More information about the rt-commit mailing list