mirror of
https://github.com/isc-projects/bind9.git
synced 2026-03-09 17:50:52 -04:00
Accept up to 256 byte PINs in native PKCS#11. [RT #37410]
This commit is contained in:
Francis Dupont
parent
052caa8ac5
commit
fc9ddebdf5
2 changed files with 17 additions and 7 deletions
3
CHANGES
3
CHANGES
|
|
@ -1,3 +1,6 @@
|
|||
3984. [func] Accept 256 byte long PINs in native PKCS#11
|
||||
crypto. [RT #37410]
|
||||
|
||||
3982. [doc] Include release notes in product documentation.
|
||||
[RT #37272]
|
||||
|
||||
|
|
|
|||
|
|
@ -130,7 +130,10 @@
|
|||
#include <pkcs11/cryptoki.h>
|
||||
#include <pkcs11/pkcs11.h>
|
||||
|
||||
#define PINLEN 32
|
||||
/* was 32 octets, Petr Spacek suggested 1024, SoftHSMv2 uses 256... */
|
||||
#ifndef PINLEN
|
||||
#define PINLEN 256
|
||||
#endif
|
||||
|
||||
#ifndef PK11_NO_LOGERR
|
||||
#define PK11_NO_LOGERR 1
|
||||
|
|
@ -163,7 +166,7 @@ struct pk11_token {
|
|||
char manuf[32];
|
||||
char model[16];
|
||||
char serial[16];
|
||||
char pin[PINLEN];
|
||||
char pin[PINLEN + 1];
|
||||
};
|
||||
static ISC_LIST(pk11_token_t) tokens;
|
||||
|
||||
|
|
@ -498,7 +501,9 @@ pk11_get_session(pk11_context_t *ctx, pk11_optype_t optype,
|
|||
|
||||
/* Override the token's PIN */
|
||||
if (logon && pin != NULL && *pin != '\0') {
|
||||
memset(token->pin, 0, PINLEN);
|
||||
if (strlen(pin) > PINLEN)
|
||||
return ISC_R_RANGE;
|
||||
memset(token->pin, 0, PINLEN + 1);
|
||||
strncpy(token->pin, pin, PINLEN);
|
||||
}
|
||||
|
||||
|
|
@ -1099,7 +1104,7 @@ pk11_parse_uri(pk11_object_t *obj, const char *label,
|
|||
char *uri, *p, *a, *na, *v;
|
||||
size_t len, l;
|
||||
FILE *stream = NULL;
|
||||
char pin[PINLEN];
|
||||
char pin[PINLEN + 1];
|
||||
isc_boolean_t gotpin = ISC_FALSE;
|
||||
isc_result_t ret;
|
||||
|
||||
|
|
@ -1207,10 +1212,12 @@ pk11_parse_uri(pk11_object_t *obj, const char *label,
|
|||
ret = isc_stdio_open(v, "r", &stream);
|
||||
if (ret != ISC_R_SUCCESS)
|
||||
goto err;
|
||||
memset(pin, 0, PINLEN);
|
||||
ret = isc_stdio_read(pin, 1, PINLEN - 1, stream, NULL);
|
||||
memset(pin, 0, PINLEN + 1);
|
||||
ret = isc_stdio_read(pin, 1, PINLEN + 1, stream, &l);
|
||||
if ((ret != ISC_R_SUCCESS) && (ret != ISC_R_EOF))
|
||||
goto err;
|
||||
if (l > PINLEN)
|
||||
DST_RET(ISC_R_RANGE);
|
||||
ret = isc_stdio_close(stream);
|
||||
stream = NULL;
|
||||
if (ret != ISC_R_SUCCESS)
|
||||
|
|
@ -1238,7 +1245,7 @@ pk11_parse_uri(pk11_object_t *obj, const char *label,
|
|||
DST_RET(ISC_R_NOTFOUND);
|
||||
obj->slot = token->slotid;
|
||||
if (gotpin) {
|
||||
memmove(token->pin, pin, PINLEN);
|
||||
memmove(token->pin, pin, PINLEN + 1);
|
||||
obj->reqlogon = ISC_TRUE;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue