diff --git a/.github/workflows/unit-test.yml b/.github/workflows/unit-test.yml index 1400247c..df6ccaee 100644 --- a/.github/workflows/unit-test.yml +++ b/.github/workflows/unit-test.yml @@ -115,6 +115,16 @@ jobs: with: config: --enable-debug + # Build the library, examples and tests as C++ to catch regressions in + # C++ compatibility (e.g. missing void* casts, enum-from-int conversions, + # use of the "template" keyword, C99 compound literals). -Werror=narrowing + # promotes the int->CK_ULONG narrowing warning to an error so it is caught + # under GCC as well (clang already treats it as an error). + cpp_build: + uses: ./.github/workflows/build-workflow.yml + with: + config: CC=g++ C_EXTRA_FLAGS="-Werror=narrowing" + wolfssl_v5_6_6: uses: ./.github/workflows/wolfssl-v5.6.6-build-workflow.yml diff --git a/CMakeLists.txt b/CMakeLists.txt index 029f230d..2d5fa4ae 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -32,7 +32,7 @@ if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_BINARY_DIR}") You must delete them, or cmake will refuse to work.") endif() -project(wolfpkcs11 VERSION 2.0.0 LANGUAGES C) +project(wolfpkcs11 VERSION 2.1.0 LANGUAGES C) # shared library versioning # increment if interfaces have been removed or changed diff --git a/Makefile.am b/Makefile.am index cc3f53d3..f14f2ecb 100644 --- a/Makefile.am +++ b/Makefile.am @@ -51,6 +51,13 @@ EXTRA_DIST+= cmake/wolfpkcs11ConfigVersion.cmake.in TEST_EXTENSIONS=.test TESTS += $(check_PROGRAMS) +# Tests set WOLFPKCS11_TOKEN_PATH to a two-level relative path (./store/) +# and the storage layer only creates a single directory level. Ensure the +# parent "store" directory exists in the build tree before any test runs, so +# tests pass from a fresh build dir (e.g. under "make distcheck"). Also export +# srcdir so scripts can find distributed data files in VPATH builds. +AM_TESTS_ENVIRONMENT = mkdir -p store; srcdir='$(srcdir)'; export srcdir; + check_SCRIPTS+= $(dist_noinst_SCRIPTS) TESTS += $(check_SCRIPTS) diff --git a/README.md b/README.md index db47d1f0..89a23027 100644 --- a/README.md +++ b/README.md @@ -297,6 +297,77 @@ Set to any value to stop storage of token data. ## Release Notes +### wolfPKCS11 Release 2.1 (TBD, 2026) + +**Summary** + +This release adds post-quantum cryptography support (ML-DSA and ML-KEM), CMake +build support, and Doxygen API documentation. It also closes a large number of +PKCS#11 specification compliance gaps and bugs found through static and +negative analysis, and improves CI and interoperability testing. + +**Compatibility with 2.0 behavior** + +Several PKCS#11 attribute defaults were corrected to match the specification. +These changes can affect applications and stored tokens created with 2.0. The +following build defines restore the pre-2.1 (2.0) behavior if needed: + +* `WOLFPKCS11_LEGACY_COPYABLE_FALSE_DEFAULT` - restore the old behavior where an + unset `CKA_COPYABLE` reads back as `CK_FALSE` (the PKCS#11 default is + `CK_TRUE`). +* `WOLFPKCS11_LEGACY_PRIVATE_FALSE_DEFAULT` - restore the old behavior where an + unset `CKA_PRIVATE` reads back as `CK_FALSE` for `CKO_PRIVATE_KEY` / + `CKO_SECRET_KEY` (the PKCS#11 default is `CK_TRUE`). Also disables the + matching login-state check on object creation. +* `WOLFPKCS11_LEGACY_WRAP_TRUE_DEFAULT` - restore the old behavior where an + unset `CKA_WRAP` / `CKA_UNWRAP` defaults to `CK_TRUE` (the PKCS#11 default is + `CK_FALSE`). + +See the "Behavior changes for PKCS#11 spec compliance" section above for the +related `C_DeriveKey`, `C_CopyObject`, `C_DestroyObject`, encapsulation and +`C_Login` enforcement changes. + +**Detail** + +* Added ML-DSA (Dilithium) support, including `CKA_SEED` private key import. + (PR #161) +* Added ML-KEM support. (PR #175) +* Added preparation work for post-quantum cryptography support. (PR #157) +* Renamed ML-DSA mechanisms/identifiers to the final naming. (PR #188) +* Added CMake build support. (PR #156) +* Added PKCS#11 Doxygen API documentation. (PR #144) +* Added support for `CKR_OPERATION_ACTIVE`. (PR #176) +* Use the DHUK to wrap/unwrap the seed value used for the token. (PR #159) +* Added file storage safety to wolfPKCS11. (PR #150) +* Fixed empty PIN handling for FIPS. (PR #143) +* Fixed loading a token with an empty PIN. (PR #158) +* Fixed SHA-512 truncated forms (SHA-512/224 and SHA-512/256). (PR #147) +* Fixed `C_WrapKey` not checking `CKA_EXTRACTABLE` on the key being wrapped. + (PR #165) +* Fixed `falseVal` initialized to `CK_TRUE` instead of `CK_FALSE`. (PR #162) +* Fixed a read-only lock not being released on an early return. (PR #163) +* Added a missing NULL check. (PR #166) +* Fixed a typo in an `#ifndef` macro. (PR #167) +* Fixed a typo in `configure.ac`. (PR #164) +* Fixed resource leaks and ensured secure buffer erasing. (PR #172) +* Fixed numerous PKCS#11 compliance and static analysis findings from Fenrir. + (PR #168, PR #169, PR #171, PR #173, PR #178, PR #185, PR #186, PR #187, + PR #189) +* Added negative testing and validation for wolfPKCS11. (PR #179) +* Added Fenrir findings fixes and test additions. (PR #177) +* Added a multi-call HMAC regression test. (PR #181) +* Added a `C_VerifyRecover` test and fixed test attributes. (PR #184) +* Fixed ML-KEM templates in tests. (PR #183) +* Fixed a couple of failing tests. (PR #145) +* Added an interoperability test against wolfSSL master. (PR #148) +* Added a wolfBoot integration test to intercept regressions. (PR #170) +* Reduced the wolfBoot integration test flow (unstable emulator). (PR #174) +* Removed `--enable-cryptocb` usage. (PR #149) +* Fixed CI failures from upstream dependency drift. (PR #180) +* Fixed CI issues. (PR #182) +* Fixed the Firefox Dockerfile. (PR #160) +* Fixed Debian rules for the documentation. (PR #153) + ### wolfPKCS11 Release 2.0 (August 26, 2025) **Summary** diff --git a/configure.ac b/configure.ac index 79d0517b..e623c09a 100644 --- a/configure.ac +++ b/configure.ac @@ -7,7 +7,7 @@ # AC_COPYRIGHT([Copyright (C) 2014-2023 wolfSSL Inc.]) AC_PREREQ([2.63]) -AC_INIT([wolfpkcs11],[2.0.0],[https://github.com/wolfssl/wolfpkcs11/issues],[wolfpkcs11],[http://www.wolfssl.com]) +AC_INIT([wolfpkcs11],[2.1.0],[https://github.com/wolfssl/wolfpkcs11/issues],[wolfpkcs11],[http://www.wolfssl.com]) AC_CONFIG_AUX_DIR([build-aux]) # The following sets CFLAGS to empty if unset on command line. diff --git a/doc/formats/html/Doxyfile b/doc/formats/html/Doxyfile index f337aa46..0ca22b9a 100644 --- a/doc/formats/html/Doxyfile +++ b/doc/formats/html/Doxyfile @@ -1,7 +1,7 @@ # Doxyfile for wolfPKCS11 HTML docs PROJECT_NAME = "wolfPKCS11" -PROJECT_NUMBER = "2.0.0" +PROJECT_NUMBER = "2.1.0" OUTPUT_DIRECTORY = . GENERATE_HTML = YES diff --git a/doc/formats/pdf/Doxyfile b/doc/formats/pdf/Doxyfile index 3e61bc46..22d75ce4 100644 --- a/doc/formats/pdf/Doxyfile +++ b/doc/formats/pdf/Doxyfile @@ -1,7 +1,7 @@ # Doxyfile for wolfPKCS11 PDF/LaTeX docs PROJECT_NAME = "wolfPKCS11" -PROJECT_NUMBER = "2.0.0" +PROJECT_NUMBER = "2.1.0" OUTPUT_DIRECTORY = . GENERATE_HTML = NO diff --git a/doc/include.am b/doc/include.am index e85e20b9..d7a5a467 100644 --- a/doc/include.am +++ b/doc/include.am @@ -18,3 +18,12 @@ clean-local: -rm -rf doc/html/ -rm -f doc/refman.pdf -rm -f doc/doxygen_warnings +# Test runs create token storage under the build-dir "store/" directory (see +# AM_TESTS_ENVIRONMENT and the WOLFPKCS11_TOKEN_PATH values in the tests). +# Remove these artifacts on clean so the tree is left pristine, in particular +# for "make distcheck"'s distcleancheck step. The tracked store/.dummy +# placeholder in the source tree is preserved. These live in the single +# clean-local rule (automake permits only one) alongside the doc cleanup above. + -rm -rf store/*/ + -rm -f store/wp11_* + -rmdir store 2>/dev/null || true diff --git a/examples/examples.test b/examples/examples.test index da05b0ec..4795a2a7 100755 --- a/examples/examples.test +++ b/examples/examples.test @@ -53,13 +53,17 @@ RESULT=$? RESULT=$? [ $RESULT -ne 0 ] && echo "\n\nAdding an RSA key to the token failed" && exit 1 +# Locate the RSA DER file. It is a distributed source file, so for VPATH +# builds (e.g. "make distcheck") it lives in $srcdir, not the build tree. +RSA_DER="${srcdir:-.}/examples/rsa-2048.der" + # Add an RSA key from file to the session -./examples/add_rsa_key_file -rsa ./examples/rsa-2048.der +./examples/add_rsa_key_file -rsa "$RSA_DER" RESULT=$? [ $RESULT -ne 0 ] && echo "\n\nAdding an RSA key from file failed" && exit 1 # Add an RSA key to the token -./examples/add_rsa_key_file -privId "rsa-2048.der" -rsa ./examples/rsa-2048.der +./examples/add_rsa_key_file -privId "rsa-2048.der" -rsa "$RSA_DER" RESULT=$? [ $RESULT -ne 0 ] && echo "\n\nAdding an RSA key from file to the token failed" && exit 1 diff --git a/examples/mech_info.c b/examples/mech_info.c index e27d58bd..7613b812 100644 --- a/examples/mech_info.c +++ b/examples/mech_info.c @@ -303,7 +303,7 @@ static CK_RV pkcs11_mechs_info(CK_SLOT_ID slotId) CHECK_CKR(ret, "Get Mechanism List count"); if (ret == CKR_OK) { - mechTypes = malloc(cnt * sizeof(CK_MECHANISM_TYPE)); + mechTypes = (CK_MECHANISM_TYPE*)malloc(cnt * sizeof(CK_MECHANISM_TYPE)); if (mechTypes == NULL) { ret = 1; } diff --git a/examples/obj_list.c b/examples/obj_list.c index 7599cf67..24260b21 100644 --- a/examples/obj_list.c +++ b/examples/obj_list.c @@ -150,8 +150,9 @@ static void pkcs11_final(CK_SESSION_HANDLE session) } -static void pkcs11_print_class(CK_ULONG* objClass) +static void pkcs11_print_class(CK_VOID_PTR pValue) { + CK_ULONG* objClass = (CK_ULONG*)pValue; const char* name = "Unknown"; switch (*objClass) { @@ -175,8 +176,9 @@ static void pkcs11_print_class(CK_ULONG* objClass) printf(" Class: %s\n", name); } -static void pkcs11_print_key_type(CK_ULONG* keyType) +static void pkcs11_print_key_type(CK_VOID_PTR pValue) { + CK_ULONG* keyType = (CK_ULONG*)pValue; const char* name = "Unknown"; switch (*keyType) { @@ -200,26 +202,31 @@ static void pkcs11_print_key_type(CK_ULONG* keyType) printf(" Key Type: %s\n", name); } -static void pkcs11_print_num(const char* label, CK_ULONG* val) +static void pkcs11_print_num(const char* label, CK_VOID_PTR pValue) { - printf("%10s: %ld\n", label, *val); + CK_ULONG* val = (CK_ULONG*)pValue; + printf("%10s: %lu\n", label, *val); } -static void pkcs11_print_boolean(const char* label, CK_BBOOL* val) +static void pkcs11_print_boolean(const char* label, CK_VOID_PTR pValue) { + CK_BBOOL* val = (CK_BBOOL*)pValue; printf("%10s: %s\n", label, (*val == CK_TRUE) ? "TRUE" : "FALSE"); } static void pkcs11_print_boolean_on_true(const char* label, const char* name, - CK_BBOOL* val) + CK_VOID_PTR pValue) { + CK_BBOOL* val = (CK_BBOOL*)pValue; if (*val == CK_TRUE) { printf("%10s: %s\n", label, name); } } -static void pkcs11_print_data(const char* label, byte* val, CK_ULONG len) +static void pkcs11_print_data(const char* label, CK_VOID_PTR pValue, + CK_ULONG len) { + byte* val = (byte*)pValue; CK_ULONG i; printf("%10s: ", label); @@ -229,8 +236,10 @@ static void pkcs11_print_data(const char* label, byte* val, CK_ULONG len) printf("\n"); } -static void pkcs11_print_string(const char* label, byte* val, CK_ULONG len) +static void pkcs11_print_string(const char* label, CK_VOID_PTR pValue, + CK_ULONG len) { + char* val = (char*)pValue; printf("%10s: %.*s\n", label, (int)len, val); } diff --git a/examples/slot_info.c b/examples/slot_info.c index 14084fda..f079c3ac 100644 --- a/examples/slot_info.c +++ b/examples/slot_info.c @@ -179,7 +179,7 @@ static CK_RV pkcs11_slots_info(void) CHECK_CKR(ret, "Get Slot List count"); if (ret == CKR_OK) { - slots = malloc(cnt * sizeof(CK_SLOT_ID)); + slots = (CK_SLOT_ID*)malloc(cnt * sizeof(CK_SLOT_ID)); if (slots == NULL) { ret = 1; } diff --git a/m4/hexversion.m4 b/m4/hexversion.m4 index 8d26155e..2ece6af5 100644 --- a/m4/hexversion.m4 +++ b/m4/hexversion.m4 @@ -1,6 +1,10 @@ AC_DEFUN([CREATE_HEX_VERSION],[ + # Emit a byte-packed hex version (0xMMmmpp00) so the major/minor extraction + # in internal.h (>> 24, (>> 16) & 0xff) yields the correct components. The + # previous decimal field widths (%0.2d%0.3d%0.3d) misaligned the bytes, e.g. + # 2.1.0 produced 0x02001000 which reads back as v2.0. HEX_VERSION=`echo $VERSION | sed 's|[\-a-z0-9]*$||' | \ - awk -F. '{printf "0x%0.2d%0.3d%0.3d", $[]1, $[]2, $[]3}'` + awk -F. '{printf "0x%02x%02x%02x00", $[]1, $[]2, $[]3}'` AC_SUBST([HEX_VERSION]) ]) diff --git a/src/internal.c b/src/internal.c index adf97d32..b27c56be 100644 --- a/src/internal.c +++ b/src/internal.c @@ -9873,7 +9873,7 @@ int WP11_Object_DataObject(WP11_Object* object, unsigned char** data, if (data[0] != NULL && len[0] > 0) { XFREE(object->data.genericData.data, NULL, DYNAMIC_TYPE_CERT); object->data.genericData.data = - XMALLOC(len[0], NULL, DYNAMIC_TYPE_CERT); + (byte*)XMALLOC(len[0], NULL, DYNAMIC_TYPE_CERT); if (object->data.genericData.data == NULL) { ret = MEMORY_E; } @@ -9892,7 +9892,7 @@ int WP11_Object_DataObject(WP11_Object* object, unsigned char** data, if (ret == 0 && data[1] != NULL && len[1] > 0) { XFREE(object->data.genericData.application, NULL, DYNAMIC_TYPE_CERT); object->data.genericData.application = - XMALLOC(len[1], NULL, DYNAMIC_TYPE_CERT); + (byte*)XMALLOC(len[1], NULL, DYNAMIC_TYPE_CERT); if (object->data.genericData.application == NULL) { ret = MEMORY_E; } @@ -9911,7 +9911,7 @@ int WP11_Object_DataObject(WP11_Object* object, unsigned char** data, if (ret == 0 && data[2] != NULL && len[2] > 0) { XFREE(object->data.genericData.objectId, NULL, DYNAMIC_TYPE_CERT); object->data.genericData.objectId = - XMALLOC(len[2], NULL, DYNAMIC_TYPE_CERT); + (byte*)XMALLOC(len[2], NULL, DYNAMIC_TYPE_CERT); if (object->data.genericData.objectId == NULL) { ret = MEMORY_E; } @@ -15543,8 +15543,8 @@ int WP11_Digest_Init(CK_MECHANISM_TYPE mechanism, WP11_Session* session) ret = wp11_digest_hash_type(mechanism, &hashType); if (ret == 0) { - digest->hashType = hashType; - ret = wc_HashInit(&digest->hash, hashType); + digest->hashType = (enum wc_HashType)hashType; + ret = wc_HashInit(&digest->hash, (enum wc_HashType)hashType); } return ret; @@ -16230,8 +16230,9 @@ int WP11_SetOperationState(WP11_Session* session, unsigned char* stateData, if (ret != CKR_OK) return ret; - session->params.digest.hashType = hashType; - ret = wc_HashInit(&session->params.digest.hash, hashType); + session->params.digest.hashType = (enum wc_HashType)hashType; + ret = wc_HashInit(&session->params.digest.hash, + (enum wc_HashType)hashType); if (ret != CKR_OK) return ret; diff --git a/tests/object_id_uniqueness_test.c b/tests/object_id_uniqueness_test.c index 3321cb16..623460ee 100644 --- a/tests/object_id_uniqueness_test.c +++ b/tests/object_id_uniqueness_test.c @@ -312,7 +312,7 @@ static CK_RV create_token_cert_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE* objHandle) { CK_RV ret; - CK_ATTRIBUTE template[] = { + CK_ATTRIBUTE tmpl[] = { { CKA_CLASS, &certClass, sizeof(certClass) }, { CKA_CERTIFICATE_TYPE, &certType, sizeof(certType) }, { CKA_TOKEN, &ckTrue, sizeof(ckTrue) }, @@ -321,9 +321,9 @@ static CK_RV create_token_cert_object(CK_SESSION_HANDLE session, { CKA_LABEL, (char*)label, strlen(label) }, { CKA_VALUE, (char*)certData, certLen } }; - CK_ULONG templateCount = sizeof(template) / sizeof(template[0]); + CK_ULONG templateCount = sizeof(tmpl) / sizeof(tmpl[0]); - ret = funcList->C_CreateObject(session, template, templateCount, objHandle); + ret = funcList->C_CreateObject(session, tmpl, templateCount, objHandle); CHECK_CKR(ret, "Create Token Certificate Object"); return ret; diff --git a/tests/pkcs11mtt.c b/tests/pkcs11mtt.c index 54d62153..6ab2808c 100644 --- a/tests/pkcs11mtt.c +++ b/tests/pkcs11mtt.c @@ -507,7 +507,7 @@ static CK_RV test_attribute(void* args) { CKA_TOKEN, &ckTrue, 0 } }; CK_ATTRIBUTE badAttrType[] = { - { -1, &ckTrue, sizeof(ckTrue) } + { (CK_ATTRIBUTE_TYPE)-1, &ckTrue, sizeof(ckTrue) } }; CK_ATTRIBUTE badAttrLen[] = { { CKA_VALUE, retKeyData, 0 } @@ -1003,7 +1003,7 @@ static CK_RV get_aes_128_key(CK_SESSION_HANDLE session, unsigned char* id, { CKA_UNWRAP, &ckTrue, sizeof(ckTrue) }, { CKA_VALUE, aes_128_key, sizeof(aes_128_key) }, { CKA_TOKEN, &ckTrue, sizeof(ckTrue) }, - { CKA_ID, id, idLen }, + { CKA_ID, id, (CK_ULONG)idLen }, }; int cnt = sizeof(aes_key)/sizeof(*aes_key); @@ -2099,7 +2099,7 @@ static CK_RV get_rsa_priv_key(CK_SESSION_HANDLE session, unsigned char* privId, { CKA_EXTRACTABLE, &extractable, sizeof(CK_BBOOL) }, { CKA_SENSITIVE, &sensitive, sizeof(CK_BBOOL) }, { CKA_TOKEN, &ckTrue, sizeof(ckTrue) }, - { CKA_ID, privId, privIdLen }, + { CKA_ID, privId, (CK_ULONG)privIdLen }, }; int cnt = sizeof(rsa_2048_priv_key)/sizeof(*rsa_2048_priv_key); @@ -2123,7 +2123,7 @@ static CK_RV get_rsa_pub_key(CK_SESSION_HANDLE session, unsigned char* pubId, { CKA_MODULUS, rsa_2048_modulus, sizeof(rsa_2048_modulus) }, { CKA_PUBLIC_EXPONENT, rsa_2048_pub_exp, sizeof(rsa_2048_pub_exp) }, { CKA_TOKEN, &ckTrue, sizeof(ckTrue) }, - { CKA_ID, pubId, pubIdLen }, + { CKA_ID, pubId, (CK_ULONG)pubIdLen }, }; int cnt = sizeof(rsa_2048_pub_key)/sizeof(*rsa_2048_pub_key); @@ -2154,7 +2154,7 @@ static CK_RV gen_rsa_key(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE* pubKey, CK_ATTRIBUTE privKeyTmpl[] = { {CKA_DECRYPT, &ckTrue, sizeof(ckTrue) }, {CKA_SIGN, &ckTrue, sizeof(ckTrue) }, - {CKA_ID, id, idLen } + {CKA_ID, id, (CK_ULONG)idLen } }; int privTmplCnt = 2; @@ -2200,7 +2200,7 @@ static CK_RV find_rsa_pub_key(CK_SESSION_HANDLE session, CK_ATTRIBUTE pubKeyTmpl[] = { { CKA_CLASS, &pubKeyClass, sizeof(pubKeyClass) }, { CKA_KEY_TYPE, &rsaKeyType, sizeof(rsaKeyType) }, - { CKA_ID, id, idLen } + { CKA_ID, id, (CK_ULONG)idLen } }; CK_ULONG pubKeyTmplCnt = sizeof(pubKeyTmpl) / sizeof(*pubKeyTmpl); CK_ULONG count; @@ -2231,7 +2231,7 @@ static CK_RV find_rsa_priv_key(CK_SESSION_HANDLE session, CK_ATTRIBUTE privKeyTmpl[] = { { CKA_CLASS, &privKeyClass, sizeof(privKeyClass) }, { CKA_KEY_TYPE, &rsaKeyType, sizeof(rsaKeyType) }, - { CKA_ID, id, idLen } + { CKA_ID, id, (CK_ULONG)idLen } }; CK_ULONG privKeyTmplCnt = sizeof(privKeyTmpl) / sizeof(*privKeyTmpl); CK_ULONG count; @@ -3503,17 +3503,17 @@ static CK_RV gen_ec_keys(CK_SESSION_HANDLE session, byte* params, int paramSz, CK_MECHANISM mech; CK_BBOOL token; CK_ATTRIBUTE pubKeyTmpl[] = { - { CKA_EC_PARAMS, params, paramSz }, + { CKA_EC_PARAMS, params, (CK_ULONG)paramSz }, { CKA_VERIFY, &ckTrue, sizeof(ckTrue) }, { CKA_TOKEN, &token, sizeof(token) }, - { CKA_ID, pubId, pubIdLen }, + { CKA_ID, pubId, (CK_ULONG)pubIdLen }, }; int pubTmplCnt = sizeof(pubKeyTmpl)/sizeof(*pubKeyTmpl); CK_ATTRIBUTE privKeyTmpl[] = { { CKA_SIGN, &ckTrue, sizeof(ckTrue) }, { CKA_DERIVE, &ckTrue, sizeof(ckTrue) }, { CKA_TOKEN, &token, sizeof(token) }, - { CKA_ID, privId, privIdLen }, + { CKA_ID, privId, (CK_ULONG)privIdLen }, }; int privTmplCnt = sizeof(privKeyTmpl)/sizeof(*privKeyTmpl); @@ -3564,7 +3564,7 @@ static CK_RV find_ecc_priv_key(CK_SESSION_HANDLE session, CK_ATTRIBUTE privKeyTmpl[] = { { CKA_CLASS, &privKeyClass, sizeof(privKeyClass) }, { CKA_KEY_TYPE, &eccKeyType, sizeof(eccKeyType) }, - { CKA_ID, id, idLen } + { CKA_ID, id, (CK_ULONG)idLen } }; CK_ULONG privKeyTmplCnt = sizeof(privKeyTmpl) / sizeof(*privKeyTmpl); CK_ULONG count; @@ -3595,7 +3595,7 @@ static CK_RV find_ecc_pub_key(CK_SESSION_HANDLE session, CK_ATTRIBUTE pubKeyTmpl[] = { { CKA_CLASS, &pubKeyClass, sizeof(pubKeyClass) }, { CKA_KEY_TYPE, &eccKeyType, sizeof(eccKeyType) }, - { CKA_ID, id, idLen } + { CKA_ID, id, (CK_ULONG)idLen } }; CK_ULONG pubKeyTmplCnt = sizeof(pubKeyTmpl) / sizeof(*pubKeyTmpl); CK_ULONG count; @@ -4307,16 +4307,16 @@ static CK_RV gen_dh_keys(CK_SESSION_HANDLE session, byte* prime, int primeSz, CK_MECHANISM mech; CK_BBOOL token; CK_ATTRIBUTE pubKeyTmpl[] = { - { CKA_PRIME, prime, primeSz }, - { CKA_BASE, generator, generatorSz }, + { CKA_PRIME, prime, (CK_ULONG)primeSz }, + { CKA_BASE, generator, (CK_ULONG)generatorSz }, { CKA_TOKEN, &token, sizeof(token) }, - { CKA_ID, pubId, pubIdLen }, + { CKA_ID, pubId, (CK_ULONG)pubIdLen }, }; int pubTmplCnt = sizeof(pubKeyTmpl)/sizeof(*pubKeyTmpl); CK_ATTRIBUTE privKeyTmpl[] = { { CKA_DERIVE, &ckTrue, sizeof(ckTrue) }, { CKA_TOKEN, &token, sizeof(token) }, - { CKA_ID, privId, privIdLen }, + { CKA_ID, privId, (CK_ULONG)privIdLen }, }; int privTmplCnt = sizeof(privKeyTmpl)/sizeof(*privKeyTmpl); @@ -4591,7 +4591,7 @@ static CK_RV gen_aes_key(CK_SESSION_HANDLE session, int len, unsigned char* id, CK_ATTRIBUTE keyTmpl[] = { { CKA_VALUE_LEN, &keyLen, sizeof(keyLen) }, { CKA_TOKEN, &token, sizeof(token) }, - { CKA_ID, id, idLen }, + { CKA_ID, id, (CK_ULONG)idLen }, }; int keyTmplCnt = sizeof(keyTmpl)/sizeof(*keyTmpl); @@ -4637,7 +4637,7 @@ static CK_RV find_aes_key(CK_SESSION_HANDLE session, unsigned char* id, CK_ATTRIBUTE keyTmpl[] = { { CKA_CLASS, &secretKeyClass, sizeof(secretKeyClass) }, { CKA_KEY_TYPE, &aesKeyType, sizeof(aesKeyType) }, - { CKA_ID, id, idLen } + { CKA_ID, id, (CK_ULONG)idLen } }; CK_ULONG keyTmplCnt = sizeof(keyTmpl) / sizeof(*keyTmpl); CK_ULONG count; @@ -6471,13 +6471,13 @@ static CK_RV gen_mldsa_keys(CK_SESSION_HANDLE session, { CKA_PARAMETER_SET, ¶mSet, sizeof(paramSet) }, { CKA_VERIFY, &ckTrue, sizeof(ckTrue) }, { CKA_TOKEN, &token, sizeof(token) }, - { CKA_ID, pubId, pubIdLen }, + { CKA_ID, pubId, (CK_ULONG)pubIdLen }, }; int pubTmplCnt = sizeof(pubKeyTmpl) / sizeof(*pubKeyTmpl); CK_ATTRIBUTE privKeyTmpl[] = { { CKA_SIGN, &ckTrue, sizeof(ckTrue) }, { CKA_TOKEN, &token, sizeof(token) }, - { CKA_ID, privId, privIdLen }, + { CKA_ID, privId, (CK_ULONG)privIdLen }, }; int privTmplCnt = sizeof(privKeyTmpl) / sizeof(*privKeyTmpl); @@ -6508,7 +6508,7 @@ static CK_RV find_mldsa_priv_key(CK_SESSION_HANDLE session, CK_ATTRIBUTE tmpl[] = { { CKA_CLASS, &privKeyClass, sizeof(privKeyClass) }, { CKA_KEY_TYPE, &mldsaKeyType, sizeof(mldsaKeyType) }, - { CKA_ID, id, idLen }, + { CKA_ID, id, (CK_ULONG)idLen }, }; CK_ULONG count; @@ -6624,13 +6624,13 @@ static CK_RV gen_mlkem_keys(CK_SESSION_HANDLE session, { CKA_PARAMETER_SET, ¶mSet, sizeof(paramSet) }, { CKA_ENCAPSULATE, &ckTrue, sizeof(ckTrue) }, { CKA_TOKEN, &token, sizeof(token) }, - { CKA_ID, pubId, pubIdLen }, + { CKA_ID, pubId, (CK_ULONG)pubIdLen }, }; int pubTmplCnt = sizeof(pubKeyTmpl) / sizeof(*pubKeyTmpl); CK_ATTRIBUTE privKeyTmpl[] = { { CKA_DECAPSULATE, &ckTrue, sizeof(ckTrue) }, { CKA_TOKEN, &token, sizeof(token) }, - { CKA_ID, privId, privIdLen }, + { CKA_ID, privId, (CK_ULONG)privIdLen }, }; int privTmplCnt = sizeof(privKeyTmpl) / sizeof(*privKeyTmpl); @@ -6661,7 +6661,7 @@ static CK_RV find_mlkem_priv_key(CK_SESSION_HANDLE session, CK_ATTRIBUTE tmpl[] = { { CKA_CLASS, &privKeyClass, sizeof(privKeyClass) }, { CKA_KEY_TYPE, &mlkemKeyType, sizeof(mlkemKeyType) }, - { CKA_ID, id, idLen }, + { CKA_ID, id, (CK_ULONG)idLen }, }; CK_ULONG count; diff --git a/tests/pkcs11str.c b/tests/pkcs11str.c index dc379d7c..8fe2de79 100644 --- a/tests/pkcs11str.c +++ b/tests/pkcs11str.c @@ -281,7 +281,7 @@ static CK_RV generate_rsa_keypair(CK_SESSION_HANDLE session, CK_ATTRIBUTE privKeyTmpl[] = { { CKA_DECRYPT, &ckTrue, sizeof(ckTrue) }, { CKA_SIGN, &ckTrue, sizeof(ckTrue) }, - { CKA_LABEL, label, labelLen }, + { CKA_LABEL, label, (CK_ULONG)labelLen }, { CKA_TOKEN, &ckTrue, sizeof(ckTrue) }, }; int privTmplCnt = sizeof(privKeyTmpl)/sizeof(*privKeyTmpl); @@ -341,7 +341,7 @@ static CK_RV find_rsa_priv_key_label(CK_SESSION_HANDLE session, CK_ATTRIBUTE privKeyTmpl[] = { { CKA_CLASS, &privKeyClass, sizeof(privKeyClass) }, { CKA_KEY_TYPE, &rsaKeyType, sizeof(rsaKeyType) }, - { CKA_LABEL, label, labelLen } + { CKA_LABEL, label, (CK_ULONG)labelLen } }; CK_ULONG privKeyTmplCnt = sizeof(privKeyTmpl) / sizeof(*privKeyTmpl); CK_ULONG count; @@ -391,7 +391,7 @@ static CK_RV create_rsa_priv_key(CK_SESSION_HANDLE session, { CKA_COEFFICIENT, rsa_2048_u, sizeof(rsa_2048_u) }, { CKA_PUBLIC_EXPONENT, rsa_2048_pub_exp, sizeof(rsa_2048_pub_exp) }, { CKA_TOKEN, &ckTrue, sizeof(ckTrue) }, - { CKA_ID, privId, privIdLen }, + { CKA_ID, privId, (CK_ULONG)privIdLen }, }; int cnt = sizeof(rsa_2048_priv_key)/sizeof(*rsa_2048_priv_key); @@ -415,7 +415,7 @@ static CK_RV create_rsa_pub_key(CK_SESSION_HANDLE session, unsigned char* pubId, { CKA_MODULUS, rsa_2048_modulus, sizeof(rsa_2048_modulus) }, { CKA_PUBLIC_EXPONENT, rsa_2048_pub_exp, sizeof(rsa_2048_pub_exp) }, { CKA_TOKEN, &ckTrue, sizeof(ckTrue) }, - { CKA_ID, pubId, pubIdLen }, + { CKA_ID, pubId, (CK_ULONG)pubIdLen }, }; int cnt = sizeof(rsa_2048_pub_key)/sizeof(*rsa_2048_pub_key); @@ -435,7 +435,7 @@ static CK_RV find_rsa_pub_key(CK_SESSION_HANDLE session, CK_ATTRIBUTE pubKeyTmpl[] = { { CKA_CLASS, &pubKeyClass, sizeof(pubKeyClass) }, { CKA_KEY_TYPE, &rsaKeyType, sizeof(rsaKeyType) }, - { CKA_ID, id, idLen } + { CKA_ID, id, (CK_ULONG)idLen } }; CK_ULONG pubKeyTmplCnt = sizeof(pubKeyTmpl) / sizeof(*pubKeyTmpl); CK_ULONG count; @@ -465,7 +465,7 @@ static CK_RV find_rsa_priv_key(CK_SESSION_HANDLE session, CK_ATTRIBUTE privKeyTmpl[] = { { CKA_CLASS, &privKeyClass, sizeof(privKeyClass) }, { CKA_KEY_TYPE, &rsaKeyType, sizeof(rsaKeyType) }, - { CKA_ID, id, idLen } + { CKA_ID, id, (CK_ULONG)idLen } }; CK_ULONG privKeyTmplCnt = sizeof(privKeyTmpl) / sizeof(*privKeyTmpl); CK_ULONG count; @@ -502,7 +502,7 @@ static CK_OBJECT_HANDLE create_ecc_priv_key(CK_SESSION_HANDLE session, { CKA_EC_PARAMS, ecc_p256_params, sizeof(ecc_p256_params) }, { CKA_VALUE, ecc_p256_priv, sizeof(ecc_p256_priv) }, { CKA_TOKEN, &ckTrue, sizeof(ckTrue) }, - { CKA_ID, privId, privIdLen }, + { CKA_ID, privId, (CK_ULONG)privIdLen }, }; int ecc_p256_priv_key_cnt = sizeof(ecc_p256_priv_key)/sizeof(*ecc_p256_priv_key); @@ -526,7 +526,7 @@ static CK_OBJECT_HANDLE create_ecc_pub_key(CK_SESSION_HANDLE session, { CKA_EC_PARAMS, ecc_p256_params, sizeof(ecc_p256_params) }, { CKA_EC_POINT, ecc_p256_pub, sizeof(ecc_p256_pub) }, { CKA_TOKEN, &ckTrue, sizeof(ckTrue) }, - { CKA_ID, pubId, pubIdLen }, + { CKA_ID, pubId, (CK_ULONG)pubIdLen }, }; static int ecc_p256_pub_key_cnt = sizeof(ecc_p256_pub_key)/sizeof(*ecc_p256_pub_key); @@ -545,7 +545,7 @@ static CK_RV find_ecc_priv_key(CK_SESSION_HANDLE session, CK_ATTRIBUTE privKeyTmpl[] = { { CKA_CLASS, &privKeyClass, sizeof(privKeyClass) }, { CKA_KEY_TYPE, &eccKeyType, sizeof(eccKeyType) }, - { CKA_ID, id, idLen } + { CKA_ID, id, (CK_ULONG)idLen } }; CK_ULONG privKeyTmplCnt = sizeof(privKeyTmpl) / sizeof(*privKeyTmpl); CK_ULONG count; @@ -575,7 +575,7 @@ static CK_RV find_ecc_pub_key(CK_SESSION_HANDLE session, CK_ATTRIBUTE pubKeyTmpl[] = { { CKA_CLASS, &pubKeyClass, sizeof(pubKeyClass) }, { CKA_KEY_TYPE, &eccKeyType, sizeof(eccKeyType) }, - { CKA_ID, id, idLen } + { CKA_ID, id, (CK_ULONG)idLen } }; CK_ULONG pubKeyTmplCnt = sizeof(pubKeyTmpl) / sizeof(*pubKeyTmpl); CK_ULONG count; @@ -613,7 +613,7 @@ static CK_OBJECT_HANDLE create_dh_priv_key(CK_SESSION_HANDLE session, { CKA_BASE, dh_ffdhe2048_g, sizeof(dh_ffdhe2048_g) }, { CKA_VALUE, dh_2048_priv, sizeof(dh_2048_priv) }, { CKA_TOKEN, &ckTrue, sizeof(ckTrue) }, - { CKA_ID, id, idLen } + { CKA_ID, id, (CK_ULONG)idLen } }; int dh_2048_priv_key_cnt = sizeof(dh_2048_priv_key)/sizeof(*dh_2048_priv_key); @@ -638,7 +638,7 @@ static CK_OBJECT_HANDLE create_dh_pub_key(CK_SESSION_HANDLE session, { CKA_BASE, dh_ffdhe2048_g, sizeof(dh_ffdhe2048_g) }, { CKA_VALUE, dh_2048_pub, sizeof(dh_2048_pub) }, { CKA_TOKEN, &ckTrue, sizeof(ckTrue) }, - { CKA_ID, id, idLen } + { CKA_ID, id, (CK_ULONG)idLen } }; static int dh_2048_pub_key_cnt = sizeof(dh_2048_pub_key)/sizeof(*dh_2048_pub_key); @@ -657,7 +657,7 @@ static CK_RV find_dh_priv_key(CK_SESSION_HANDLE session, CK_ATTRIBUTE privKeyTmpl[] = { { CKA_CLASS, &privKeyClass, sizeof(privKeyClass) }, { CKA_KEY_TYPE, &dhKeyType, sizeof(dhKeyType) }, - { CKA_ID, id, idLen } + { CKA_ID, id, (CK_ULONG)idLen } }; CK_ULONG privKeyTmplCnt = sizeof(privKeyTmpl) / sizeof(*privKeyTmpl); CK_ULONG count; @@ -687,7 +687,7 @@ static CK_RV find_dh_pub_key(CK_SESSION_HANDLE session, CK_ATTRIBUTE pubKeyTmpl[] = { { CKA_CLASS, &pubKeyClass, sizeof(pubKeyClass) }, { CKA_KEY_TYPE, &dhKeyType, sizeof(dhKeyType) }, - { CKA_ID, id, idLen } + { CKA_ID, id, (CK_ULONG)idLen } }; CK_ULONG pubKeyTmplCnt = sizeof(pubKeyTmpl) / sizeof(*pubKeyTmpl); CK_ULONG count; @@ -727,7 +727,7 @@ static CK_RV create_aes_128_key(CK_SESSION_HANDLE session, unsigned char* id, { CKA_DECRYPT, &ckTrue, sizeof(ckTrue) }, { CKA_VALUE, aes_128_key, sizeof(aes_128_key) }, { CKA_TOKEN, &ckTrue, sizeof(ckTrue) }, - { CKA_ID, id, idLen }, + { CKA_ID, id, (CK_ULONG)idLen }, }; int cnt = sizeof(aes_key)/sizeof(*aes_key); @@ -747,7 +747,7 @@ static CK_RV find_aes_key(CK_SESSION_HANDLE session, unsigned char* id, CK_ATTRIBUTE keyTmpl[] = { { CKA_CLASS, &secretKeyClass, sizeof(secretKeyClass) }, { CKA_KEY_TYPE, &aesKeyType, sizeof(aesKeyType) }, - { CKA_ID, id, idLen } + { CKA_ID, id, (CK_ULONG)idLen } }; CK_ULONG keyTmplCnt = sizeof(keyTmpl) / sizeof(*keyTmpl); CK_ULONG count; @@ -784,13 +784,13 @@ static CK_RV generate_mldsa_keypair(CK_SESSION_HANDLE session, { CKA_PARAMETER_SET, ¶mSet, sizeof(paramSet) }, { CKA_VERIFY, &ckTrue, sizeof(ckTrue) }, { CKA_TOKEN, &ckTrue, sizeof(ckTrue) }, - { CKA_ID, pubId, pubIdLen }, + { CKA_ID, pubId, (CK_ULONG)pubIdLen }, }; int pubTmplCnt = sizeof(pubKeyTmpl)/sizeof(*pubKeyTmpl); CK_ATTRIBUTE privKeyTmpl[] = { { CKA_SIGN, &ckTrue, sizeof(ckTrue) }, { CKA_TOKEN, &ckTrue, sizeof(ckTrue) }, - { CKA_ID, privId, privIdLen }, + { CKA_ID, privId, (CK_ULONG)privIdLen }, }; int privTmplCnt = sizeof(privKeyTmpl)/sizeof(*privKeyTmpl); @@ -812,7 +812,7 @@ static CK_RV find_mldsa_priv_key(CK_SESSION_HANDLE session, CK_ATTRIBUTE tmpl[] = { { CKA_CLASS, &privKeyClass, sizeof(privKeyClass) }, { CKA_KEY_TYPE, &mldsaKeyType, sizeof(mldsaKeyType) }, - { CKA_ID, id, idLen }, + { CKA_ID, id, (CK_ULONG)idLen }, }; CK_ULONG tmplCnt = sizeof(tmpl) / sizeof(*tmpl); CK_ULONG count; @@ -842,7 +842,7 @@ static CK_RV find_mldsa_pub_key(CK_SESSION_HANDLE session, CK_ATTRIBUTE tmpl[] = { { CKA_CLASS, &pubKeyClass, sizeof(pubKeyClass) }, { CKA_KEY_TYPE, &mldsaKeyType, sizeof(mldsaKeyType) }, - { CKA_ID, id, idLen }, + { CKA_ID, id, (CK_ULONG)idLen }, }; CK_ULONG tmplCnt = sizeof(tmpl) / sizeof(*tmpl); CK_ULONG count; @@ -879,13 +879,13 @@ static CK_RV generate_mlkem_keypair(CK_SESSION_HANDLE session, { CKA_PARAMETER_SET, ¶mSet, sizeof(paramSet) }, { CKA_ENCAPSULATE, &ckTrue, sizeof(ckTrue) }, { CKA_TOKEN, &ckTrue, sizeof(ckTrue) }, - { CKA_ID, pubId, pubIdLen }, + { CKA_ID, pubId, (CK_ULONG)pubIdLen }, }; int pubTmplCnt = sizeof(pubKeyTmpl)/sizeof(*pubKeyTmpl); CK_ATTRIBUTE privKeyTmpl[] = { { CKA_DECAPSULATE, &ckTrue, sizeof(ckTrue) }, { CKA_TOKEN, &ckTrue, sizeof(ckTrue) }, - { CKA_ID, privId, privIdLen }, + { CKA_ID, privId, (CK_ULONG)privIdLen }, }; int privTmplCnt = sizeof(privKeyTmpl)/sizeof(*privKeyTmpl); @@ -907,7 +907,7 @@ static CK_RV find_mlkem_priv_key(CK_SESSION_HANDLE session, CK_ATTRIBUTE tmpl[] = { { CKA_CLASS, &privKeyClass, sizeof(privKeyClass) }, { CKA_KEY_TYPE, &mlkemKeyType, sizeof(mlkemKeyType) }, - { CKA_ID, id, idLen }, + { CKA_ID, id, (CK_ULONG)idLen }, }; CK_ULONG tmplCnt = sizeof(tmpl) / sizeof(*tmpl); CK_ULONG count; @@ -937,7 +937,7 @@ static CK_RV find_mlkem_pub_key(CK_SESSION_HANDLE session, CK_ATTRIBUTE tmpl[] = { { CKA_CLASS, &pubKeyClass, sizeof(pubKeyClass) }, { CKA_KEY_TYPE, &mlkemKeyType, sizeof(mlkemKeyType) }, - { CKA_ID, id, idLen }, + { CKA_ID, id, (CK_ULONG)idLen }, }; CK_ULONG tmplCnt = sizeof(tmpl) / sizeof(*tmpl); CK_ULONG count; diff --git a/tests/pkcs11test.c b/tests/pkcs11test.c index 06a7ed1c..d583177e 100644 --- a/tests/pkcs11test.c +++ b/tests/pkcs11test.c @@ -1169,7 +1169,7 @@ static CK_RV test_op_state_success(void* args) ret = CKR_OK; } if (ret == CKR_OK) { - data = XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER); + data = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER); ret = funcList->C_GetOperationState(session, data, &len); CHECK_CKR(ret, "Could not get operation state"); } @@ -1838,9 +1838,9 @@ static CK_RV test_pkcs5_pbkdf2_key_gen(void* args) if (ret == CKR_OK && key != CK_INVALID_HANDLE) { CK_KEY_TYPE retrievedKeyType; CK_ULONG retrievedLen = sizeof(retrievedKeyType); - ret = funcList->C_GetAttributeValue(session, key, - &(CK_ATTRIBUTE){CKA_KEY_TYPE, &retrievedKeyType, retrievedLen}, - 1); + CK_ATTRIBUTE keyTypeTmpl = {CKA_KEY_TYPE, &retrievedKeyType, + retrievedLen}; + ret = funcList->C_GetAttributeValue(session, key, &keyTypeTmpl, 1); CHECK_CKR(ret, "Get attribute value"); if (ret == CKR_OK && retrievedKeyType != CKK_AES) { ret = CKR_GENERAL_ERROR; @@ -3230,7 +3230,7 @@ static CK_RV test_attribute(void* args) { CKA_TOKEN, &ckTrue, 0 } }; CK_ATTRIBUTE badAttrType[] = { - { -1, &ckTrue, sizeof(ckTrue) } + { (CK_ATTRIBUTE_TYPE)-1, &ckTrue, sizeof(ckTrue) } }; CK_ATTRIBUTE badAttrLen[] = { { CKA_VALUE, retKeyData, 0 } @@ -4659,7 +4659,7 @@ static CK_RV get_aes_128_key(CK_SESSION_HANDLE session, unsigned char* id, { CKA_VALUE, aes_128_key, sizeof(aes_128_key) }, #endif { CKA_TOKEN, &ckTrue, sizeof(ckTrue) }, - { CKA_ID, id, idLen }, + { CKA_ID, id, (CK_ULONG)idLen }, }; int cnt = sizeof(aes_key)/sizeof(*aes_key); @@ -6717,7 +6717,7 @@ static CK_RV get_rsa_priv_key(CK_SESSION_HANDLE session, unsigned char* privId, { CKA_SENSITIVE, &ckFalse, sizeof(ckFalse) }, { CKA_EXTRACTABLE, &extractable, sizeof(CK_BBOOL) }, { CKA_TOKEN, &ckTrue, sizeof(ckTrue) }, - { CKA_ID, privId, privIdLen }, + { CKA_ID, privId, (CK_ULONG)privIdLen }, }; int cnt = sizeof(rsa_2048_priv_key)/sizeof(*rsa_2048_priv_key); @@ -6744,7 +6744,7 @@ static CK_RV get_rsa_pub_key(CK_SESSION_HANDLE session, unsigned char* pubId, { CKA_MODULUS, rsa_2048_modulus, sizeof(rsa_2048_modulus) }, { CKA_PUBLIC_EXPONENT, rsa_2048_pub_exp, sizeof(rsa_2048_pub_exp) }, { CKA_TOKEN, &ckTrue, sizeof(ckTrue) }, - { CKA_ID, pubId, pubIdLen }, + { CKA_ID, pubId, (CK_ULONG)pubIdLen }, }; int cnt = sizeof(rsa_2048_pub_key)/sizeof(*rsa_2048_pub_key); @@ -6777,7 +6777,7 @@ static CK_RV gen_rsa_key(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE* pubKey, { CKA_DECRYPT, &ckTrue, sizeof(ckTrue) }, { CKA_SIGN, &ckTrue, sizeof(ckTrue) }, { CKA_LABEL, (unsigned char*)"priv_label", 10 }, - { CKA_ID, id, idLen } + { CKA_ID, id, (CK_ULONG)idLen } }; int privTmplCnt = 3; @@ -6823,7 +6823,7 @@ static CK_RV find_rsa_pub_key(CK_SESSION_HANDLE session, CK_ATTRIBUTE pubKeyTmpl[] = { { CKA_CLASS, &pubKeyClass, sizeof(pubKeyClass) }, { CKA_KEY_TYPE, &rsaKeyType, sizeof(rsaKeyType) }, - { CKA_ID, id, idLen } + { CKA_ID, id, (CK_ULONG)idLen } }; CK_ULONG pubKeyTmplCnt = sizeof(pubKeyTmpl) / sizeof(*pubKeyTmpl); CK_ULONG count; @@ -6854,7 +6854,7 @@ static CK_RV find_rsa_priv_key(CK_SESSION_HANDLE session, CK_ATTRIBUTE privKeyTmpl[] = { { CKA_CLASS, &privKeyClass, sizeof(privKeyClass) }, { CKA_KEY_TYPE, &rsaKeyType, sizeof(rsaKeyType) }, - { CKA_ID, id, idLen } + { CKA_ID, id, (CK_ULONG)idLen } }; CK_ULONG privKeyTmplCnt = sizeof(privKeyTmpl) / sizeof(*privKeyTmpl); CK_ULONG count; @@ -8884,17 +8884,17 @@ static CK_RV gen_ec_keys(CK_SESSION_HANDLE session, byte* params, int paramSz, CK_MECHANISM mech; CK_BBOOL token; CK_ATTRIBUTE pubKeyTmpl[] = { - { CKA_EC_PARAMS, params, paramSz }, + { CKA_EC_PARAMS, params, (CK_ULONG)paramSz }, { CKA_VERIFY, &ckTrue, sizeof(ckTrue) }, { CKA_TOKEN, &token, sizeof(token) }, - { CKA_ID, pubId, pubIdLen }, + { CKA_ID, pubId, (CK_ULONG)pubIdLen }, }; int pubTmplCnt = sizeof(pubKeyTmpl)/sizeof(*pubKeyTmpl); CK_ATTRIBUTE privKeyTmpl[] = { { CKA_SIGN, &ckTrue, sizeof(ckTrue) }, { CKA_DERIVE, &ckTrue, sizeof(ckTrue) }, { CKA_TOKEN, &token, sizeof(token) }, - { CKA_ID, privId, privIdLen }, + { CKA_ID, privId, (CK_ULONG)privIdLen }, }; int privTmplCnt = sizeof(privKeyTmpl)/sizeof(*privKeyTmpl); @@ -8945,7 +8945,7 @@ static CK_RV find_ecc_priv_key(CK_SESSION_HANDLE session, CK_ATTRIBUTE privKeyTmpl[] = { { CKA_CLASS, &privKeyClass, sizeof(privKeyClass) }, { CKA_KEY_TYPE, &eccKeyType, sizeof(eccKeyType) }, - { CKA_ID, id, idLen } + { CKA_ID, id, (CK_ULONG)idLen } }; CK_ULONG privKeyTmplCnt = sizeof(privKeyTmpl) / sizeof(*privKeyTmpl); CK_ULONG count; @@ -8976,7 +8976,7 @@ static CK_RV find_ecc_pub_key(CK_SESSION_HANDLE session, CK_ATTRIBUTE pubKeyTmpl[] = { { CKA_CLASS, &pubKeyClass, sizeof(pubKeyClass) }, { CKA_KEY_TYPE, &eccKeyType, sizeof(eccKeyType) }, - { CKA_ID, id, idLen } + { CKA_ID, id, (CK_ULONG)idLen } }; CK_ULONG pubKeyTmplCnt = sizeof(pubKeyTmpl) / sizeof(*pubKeyTmpl); CK_ULONG count; @@ -9990,16 +9990,16 @@ static CK_RV gen_dh_keys(CK_SESSION_HANDLE session, byte* prime, int primeSz, CK_MECHANISM mech; CK_BBOOL token; CK_ATTRIBUTE pubKeyTmpl[] = { - { CKA_PRIME, prime, primeSz }, - { CKA_BASE, generator, generatorSz }, + { CKA_PRIME, prime, (CK_ULONG)primeSz }, + { CKA_BASE, generator, (CK_ULONG)generatorSz }, { CKA_TOKEN, &token, sizeof(token) }, - { CKA_ID, pubId, pubIdLen }, + { CKA_ID, pubId, (CK_ULONG)pubIdLen }, }; int pubTmplCnt = sizeof(pubKeyTmpl)/sizeof(*pubKeyTmpl); CK_ATTRIBUTE privKeyTmpl[] = { { CKA_DERIVE, &ckTrue, sizeof(ckTrue) }, { CKA_TOKEN, &token, sizeof(token) }, - { CKA_ID, privId, privIdLen }, + { CKA_ID, privId, (CK_ULONG)privIdLen }, }; int privTmplCnt = sizeof(privKeyTmpl)/sizeof(*privKeyTmpl); @@ -10266,7 +10266,7 @@ static CK_RV gen_aes_key(CK_SESSION_HANDLE session, int len, unsigned char* id, { CKA_VALUE_LEN, &keyLen, sizeof(keyLen) }, { CKA_DERIVE, &ckTrue, sizeof(ckTrue) }, { CKA_TOKEN, &token, sizeof(token) }, - { CKA_ID, id, idLen }, + { CKA_ID, id, (CK_ULONG)idLen }, }; int keyTmplCnt = sizeof(keyTmpl)/sizeof(*keyTmpl); @@ -10312,7 +10312,7 @@ static CK_RV find_aes_key(CK_SESSION_HANDLE session, unsigned char* id, CK_ATTRIBUTE keyTmpl[] = { { CKA_CLASS, &secretKeyClass, sizeof(secretKeyClass) }, { CKA_KEY_TYPE, &aesKeyType, sizeof(aesKeyType) }, - { CKA_ID, id, idLen } + { CKA_ID, id, (CK_ULONG)idLen } }; CK_ULONG keyTmplCnt = sizeof(keyTmpl) / sizeof(*keyTmpl); CK_ULONG count; @@ -14907,7 +14907,7 @@ static CK_RV test_hkdf_derive_extract_then_expand_salt_data(void* args) /* Template for the derived key (PRK). CKA_DERIVE=CK_TRUE so the PRK can * itself serve as the base key for the subsequent Expand call. */ - CK_ATTRIBUTE template[] = { + CK_ATTRIBUTE tmpl[] = { {CKA_CLASS, &secretKeyClass, sizeof(secretKeyClass)}, {CKA_KEY_TYPE, &genericKeyType, sizeof(genericKeyType)}, {CKA_SENSITIVE, &ckFalse, sizeof(ckFalse)}, @@ -14915,7 +14915,7 @@ static CK_RV test_hkdf_derive_extract_then_expand_salt_data(void* args) {CKA_DERIVE, &ckTrue, sizeof(ckTrue)}, {CKA_VALUE_LEN, &derived_len, sizeof(derived_len)} }; - CK_ULONG template_count = sizeof(template) / sizeof(template[0]); + CK_ULONG template_count = sizeof(tmpl) / sizeof(tmpl[0]); CK_ATTRIBUTE templateExpand[] = { {CKA_CLASS, &secretKeyClass, sizeof(secretKeyClass)}, @@ -14961,7 +14961,7 @@ static CK_RV test_hkdf_derive_extract_then_expand_salt_data(void* args) CHECK_CKR(ret, "Create object failed"); if (ret == CKR_OK) { - ret = funcList->C_DeriveKey(session, &mechanism, hBaseKey1, template, + ret = funcList->C_DeriveKey(session, &mechanism, hBaseKey1, tmpl, template_count, &hDerivedKey); CHECK_CKR(ret, "C_DeriveKey failed"); } @@ -15097,14 +15097,14 @@ static CK_RV test_hkdf_derive_extract_with_expand_salt_data(void* args) CK_MECHANISM mechanism = { CKM_HKDF_DERIVE, ¶ms, sizeof(params) }; // Template for the derived key (OKM) - CK_ATTRIBUTE template[] = { + CK_ATTRIBUTE tmpl[] = { {CKA_CLASS, &secretKeyClass, sizeof(secretKeyClass)}, {CKA_KEY_TYPE, &genericKeyType, sizeof(genericKeyType)}, {CKA_SENSITIVE, &ckFalse, sizeof(ckFalse)}, {CKA_EXTRACTABLE, &ckTrue, sizeof(ckTrue)}, {CKA_VALUE_LEN, &derived_len, sizeof(derived_len)} // Expecting 42 bytes OKM }; - CK_ULONG template_count = sizeof(template) / sizeof(template[0]); + CK_ULONG template_count = sizeof(tmpl) / sizeof(tmpl[0]); CK_ATTRIBUTE templateSecret[] = { {CKA_CLASS, &secretKeyClass, sizeof(secretKeyClass)}, @@ -15128,7 +15128,7 @@ static CK_RV test_hkdf_derive_extract_with_expand_salt_data(void* args) CHECK_CKR(ret, "Create object failed"); if (ret == CKR_OK) { - ret = funcList->C_DeriveKey(session, &mechanism, hBaseKey1, template, + ret = funcList->C_DeriveKey(session, &mechanism, hBaseKey1, tmpl, template_count, &hDerivedKey); CHECK_CKR(ret, "Derive key"); } @@ -15212,14 +15212,14 @@ static CK_RV test_hkdf_derive_expand_with_extract_null_salt(void* args) CK_MECHANISM mechanism = { CKM_HKDF_DERIVE, ¶ms, sizeof(params) }; - CK_ATTRIBUTE template[] = { + CK_ATTRIBUTE tmpl[] = { {CKA_CLASS, &secretKeyClass, sizeof(secretKeyClass)}, {CKA_KEY_TYPE, &genericKeyType, sizeof(genericKeyType)}, {CKA_SENSITIVE, &ckFalse, sizeof(ckFalse)}, {CKA_EXTRACTABLE, &ckTrue, sizeof(ckTrue)}, {CKA_VALUE_LEN, &derived_len, sizeof(derived_len)} }; - CK_ULONG template_count = sizeof(template) / sizeof(template[0]); + CK_ULONG template_count = sizeof(tmpl) / sizeof(tmpl[0]); CK_ATTRIBUTE templateSecret[] = { {CKA_CLASS, &secretKeyClass, sizeof(secretKeyClass)}, @@ -15242,7 +15242,7 @@ static CK_RV test_hkdf_derive_expand_with_extract_null_salt(void* args) CHECK_CKR(ret, "Create object failed"); if (ret == CKR_OK) { - ret= funcList->C_DeriveKey(session, &mechanism, hBaseKey1, template, + ret= funcList->C_DeriveKey(session, &mechanism, hBaseKey1, tmpl, template_count, &hDerivedKey); CHECK_CKR(ret, "Derive key"); } @@ -15323,14 +15323,14 @@ static CK_RV test_hkdf_derive_extract_with_expand_salt_key(void* args) CK_ULONG derived_len = sizeof(derived_value); // Template for the derived key (OKM) - CK_ATTRIBUTE template[] = { + CK_ATTRIBUTE tmpl[] = { {CKA_CLASS, &secretKeyClass, sizeof(secretKeyClass)}, {CKA_KEY_TYPE, &genericKeyType, sizeof(genericKeyType)}, {CKA_SENSITIVE, &ckFalse, sizeof(ckFalse)}, {CKA_EXTRACTABLE, &ckTrue, sizeof(ckTrue)}, {CKA_VALUE_LEN, &derived_len, sizeof(derived_len)} // Expecting 42 bytes OKM }; - CK_ULONG template_count = sizeof(template) / sizeof(template[0]); + CK_ULONG template_count = sizeof(tmpl) / sizeof(tmpl[0]); CK_ATTRIBUTE templateSecret[] = { {CKA_CLASS, &secretKeyClass, sizeof(secretKeyClass)}, @@ -15387,7 +15387,7 @@ static CK_RV test_hkdf_derive_extract_with_expand_salt_key(void* args) }; CK_MECHANISM mechanism = { CKM_HKDF_DERIVE, ¶ms, sizeof(params) }; - ret = funcList->C_DeriveKey(session, &mechanism, hBaseKey1, template, + ret = funcList->C_DeriveKey(session, &mechanism, hBaseKey1, tmpl, template_count, &hDerivedKey); CHECK_CKR(ret, "Derive key"); } diff --git a/wolfpkcs11/version.h b/wolfpkcs11/version.h index 3196175d..06ef4e71 100644 --- a/wolfpkcs11/version.h +++ b/wolfpkcs11/version.h @@ -28,8 +28,8 @@ extern "C" { #endif -#define LIBWOLFPKCS11_VERSION_STRING "2.0.0" -#define LIBWOLFPKCS11_VERSION_HEX 0x02000000 +#define LIBWOLFPKCS11_VERSION_STRING "2.1.0" +#define LIBWOLFPKCS11_VERSION_HEX 0x02010000 #ifdef __cplusplus }