release 2.4.1 - ignoring wrongly-formatted templates

CHANGELOG.md

@@ -5,6 +5,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 =======
+# [2.4.1]
+### Fixed
+ - template content is no more wrapped/dipsplayed if length is not a multiple of CK_ATTRIBUTE structure,
+   to ignore templates incorrectly reported by some tokens
+
 # [2.4.0]
 ### Added
  - support for template attributes on most commands
@@ -109,6 +114,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 - Initial public release
 
+[2.4.1]: https://github.com/Mastercard/pkcs11-tools/tree/v2.4.1
+[2.4.0]: https://github.com/Mastercard/pkcs11-tools/tree/v2.4.0
 [2.3.1]: https://github.com/Mastercard/pkcs11-tools/tree/v2.3.1
 [2.3.0]: https://github.com/Mastercard/pkcs11-tools/tree/v2.3.0
 [2.2.0]: https://github.com/Mastercard/pkcs11-tools/tree/v2.2.0

configure.ac

@@ -14,7 +14,7 @@ dnl limitations under the License.
 
 
 AC_PREREQ([2.64])
-AC_INIT([pkcs11-tools], [2.4.0], [https://github.com/Mastercard/pkcs11-tools/issues], [pkcs11-tools], [https://github.com/Mastercard/pkcs11-tools])
+AC_INIT([pkcs11-tools], [2.4.1], [https://github.com/Mastercard/pkcs11-tools/issues], [pkcs11-tools], [https://github.com/Mastercard/pkcs11-tools])
 AC_CONFIG_MACRO_DIR([m4])
 
 dnl adding AM_MAINTAINER_MODE to address autotools issues with git

lib/pkcs11_ls.c

@@ -69,7 +69,10 @@ static char* value_for_template( pkcs11AttrList *attrlist,
     attr = pkcs11_get_attr_in_attrlist ( attrlist, attrtype );
 
     if(attr==NULL) return ck_false;
-    else if(attr!=NULL_PTR && attr->pValue!=NULL_PTR && attr->ulValueLen>0) return ck_true;
+    else if( attr!=NULL_PTR &&
+	     attr->pValue!=NULL_PTR &&
+	     attr->ulValueLen>0 &&
+	     attr->ulValueLen % sizeof(CK_ATTRIBUTE) == 0) return ck_true;
     else return ck_false;
 }
 

lib/pkcs11_od.c

@@ -184,7 +184,13 @@ static void hexdump (attrib_repr *item, void *addr, unsigned long len, bool temp
     unsigned char *pc = (unsigned char*)addr;
     char *info;
 
-    // Output description
+    /* spot early invalid template condition */
+    /* some HSM vendor are messing up with the CKA_XXX_TEMPLATE attributes,  */
+    /* we will detect when it happens and skip them.  */
+    if ( item && item->cast==as_template && ( len==0 || (len % sizeof(CK_ATTRIBUTE) != 0) ) ) {
+	return;			/* bad template, return early, skip any printing */
+    }
+
     printf (" %s%s:\n", template ? "| " : "" , item->name);
 
     switch(item->cast) {
@@ -589,12 +595,12 @@ static void hexdump (attrib_repr *item, void *addr, unsigned long len, bool temp
 
 	    CK_ATTRIBUTE_PTR item = pkcs11_get_attr_in_array(addr, len, list[i].attr );
 
-	    if(item && item->ulValueLen) {
+	    /* if the template does not have a compliant length, do not show it. */
+	    if(item && item->pValue && item->ulValueLen) {
 		hexdump( &list[i], item->pValue, item->ulValueLen, true);
 	    }
 	}	
 	break;
-
     }
 }
 

lib/pkcs11_wrap.c

@@ -982,6 +982,13 @@ static func_rc _output_wrapped_key_attributes(wrappedKeyCtx *wctx, FILE *fp)
 		fprintf(fp, "CKA_TOKEN: true\n");
 	    } else if (o_attr->ulValueLen == 0) {
 		fprintf(fp, "# %s attribute is empty\n", alist[i].name);
+	    } else if ( ( o_attr->type==CKA_UNWRAP_TEMPLATE ||
+			  o_attr->type==CKA_DERIVE_TEMPLATE ||
+			  o_attr->type==CKA_WRAP_TEMPLATE) &&
+			o_attr->ulValueLen % sizeof(CK_ATTRIBUTE) != 0 ) {
+		/* on Safenet Luna, private keys have, by default, templates that are 1 byte long */
+		/* which is not a valid content for templates */
+		fprintf(fp, "# %s attribute invalid on the source token\n", alist[i].name);
 	    } else {
 		alist[i].func_ptr(fp, alist[i].name, o_attr, alist[i].commented );
 	    }