Merge branch 'main' into version-bump-v3.6.0

FreeRTOS · May 17, 2024 · 96efb50 · 96efb50
2 parents 830eee4 + e32020b
commit 96efb50
Show file tree

Hide file tree

Showing 6 changed files with 519 additions and 113 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -85,7 +85,8 @@ jobs:
           echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}"
 
           sudo apt-get install -y lcov
-          CFLAGS="--coverage -Wall -Wextra -DNDEBUG"
+          # target_enable_gcov is added in each unit test already, --coverage option is not required
+          CFLAGS="-Wall -Wextra -DNDEBUG"
           cmake -S test -B build/ \
           -G "Unix Makefiles" \
           -DCMAKE_BUILD_TYPE=Debug \
@@ -128,8 +129,8 @@ jobs:
         if: steps.build-unit-tests.outcome == 'success'
         with:
           coverage-file: ./build/coverage.info
-          line-coverage-min: 99
-          branch-coverage-min: 90
+          line-coverage-min: 100
+          branch-coverage-min: 92
 
       - name: Archive Test Results
         if: steps.build-unit-tests.outcome == 'success'

diff --git a/docs/doxygen/include/size_table.md b/docs/doxygen/include/size_table.md
@@ -10,7 +10,7 @@
     <tr>
         <td>core_pkcs11.c</td>
         <td><center>0.8K</center></td>
-        <td><center>0.8K</center></td>
+        <td><center>0.7K</center></td>
     </tr>
     <tr>
         <td>core_pki_utils.c</td>
@@ -20,11 +20,11 @@
     <tr>
         <td>core_pkcs11_mbedtls.c</td>
         <td><center>9.0K</center></td>
-        <td><center>7.5K</center></td>
+        <td><center>7.4K</center></td>
     </tr>
     <tr>
         <td><b>Total estimates</b></td>
         <td><b><center>10.3K</center></b></td>
-        <td><b><center>8.6K</center></b></td>
+        <td><b><center>8.4K</center></b></td>
     </tr>
 </table>
diff --git a/source/core_pkcs11.c b/source/core_pkcs11.c
@@ -41,35 +41,6 @@
 
 /*-----------------------------------------------------------*/
 
-/** @brief Open a PKCS #11 Session.
- *
- *  \param[out] pxSession   Pointer to the session handle to be created.
- *  \param[out] xSlotId     Slot ID to be used for the session.
- *
- *  \return CKR_OK or PKCS #11 error code. (PKCS #11 error codes are positive).
- */
-static CK_RV prvOpenSession( CK_SESSION_HANDLE * pxSession,
-                             CK_SLOT_ID xSlotId )
-{
-    CK_RV xResult;
-    CK_FUNCTION_LIST_PTR pxFunctionList;
-
-    xResult = C_GetFunctionList( &pxFunctionList );
-
-    if( ( xResult == CKR_OK ) && ( pxFunctionList != NULL ) && ( pxFunctionList->C_OpenSession != NULL ) )
-    {
-        xResult = pxFunctionList->C_OpenSession( xSlotId,
-                                                 CKF_SERIAL_SESSION | CKF_RW_SESSION,
-                                                 NULL, /* Application defined pointer. */
-                                                 NULL, /* Callback function. */
-                                                 pxSession );
-    }
-
-    return xResult;
-}
-
-/*-----------------------------------------------------------*/
-
 CK_RV xGetSlotList( CK_SLOT_ID ** ppxSlotId,
                     CK_ULONG * pxSlotCount )
 {
@@ -193,26 +164,27 @@ CK_RV xInitializePkcs11Token( void )
     CK_FLAGS xTokenFlags = 0;
     CK_TOKEN_INFO_PTR pxTokenInfo = NULL;
 
-    xResult = C_GetFunctionList( &pxFunctionList );
+    xResult = xInitializePKCS11();
 
-    if( ( pxFunctionList == NULL ) || ( pxFunctionList->C_GetTokenInfo == NULL ) || ( pxFunctionList->C_InitToken == NULL ) )
+    if( ( xResult == CKR_OK ) || ( xResult == CKR_CRYPTOKI_ALREADY_INITIALIZED ) )
     {
-        xResult = CKR_FUNCTION_FAILED;
+        xResult = xGetSlotList( &pxSlotId, &xSlotCount );
     }
 
     if( xResult == CKR_OK )
     {
-        xResult = xInitializePKCS11();
-    }
+        xResult = C_GetFunctionList( &pxFunctionList );
 
-    if( ( xResult == CKR_OK ) || ( xResult == CKR_CRYPTOKI_ALREADY_INITIALIZED ) )
-    {
-        xResult = xGetSlotList( &pxSlotId, &xSlotCount );
+        if( xResult == CKR_OK )
+        {
+            if( ( pxFunctionList == NULL ) || ( pxFunctionList->C_GetTokenInfo == NULL ) || ( pxFunctionList->C_InitToken == NULL ) )
+            {
+                xResult = CKR_FUNCTION_FAILED;
+            }
+        }
     }
 
-    if( ( xResult == CKR_OK ) &&
-        ( NULL != pxFunctionList->C_GetTokenInfo ) &&
-        ( NULL != pxFunctionList->C_InitToken ) )
+    if( xResult == CKR_OK )
     {
         /* Check if the token requires further initialization. */
         /* MISRA Ref 11.5.1 [Void pointer assignment] */
@@ -270,13 +242,21 @@ CK_RV xInitializePkcs11Session( CK_SESSION_HANDLE * pxSession )
     CK_FUNCTION_LIST_PTR pxFunctionList = NULL;
     CK_ULONG xSlotCount = 0;
 
-    xResult = C_GetFunctionList( &pxFunctionList );
-
     if( pxSession == NULL )
     {
         xResult = CKR_ARGUMENTS_BAD;
     }
 
+    if( xResult == CKR_OK )
+    {
+        xResult = C_GetFunctionList( &pxFunctionList );
+
+        if( ( xResult == CKR_OK ) && ( pxFunctionList == NULL ) )
+        {
+            xResult = CKR_FUNCTION_FAILED;
+        }
+    }
+
     /* Initialize the module. */
     if( xResult == CKR_OK )
     {
@@ -295,19 +275,30 @@ CK_RV xInitializePkcs11Session( CK_SESSION_HANDLE * pxSession )
     }
 
     /* Open a PKCS #11 session. */
-    if( ( xResult == CKR_OK ) && ( pxSlotId != NULL ) && ( xSlotCount >= 1UL ) )
+    if( ( xResult == CKR_OK ) && ( xSlotCount >= 1UL ) )
     {
         /* We will take the first slot available.
          * If your application has multiple slots, insert logic
          * for selecting an appropriate slot here.
          */
-        xResult = prvOpenSession( pxSession, pxSlotId[ 0 ] );
+        if( pxFunctionList->C_OpenSession != NULL )
+        {
+            xResult = pxFunctionList->C_OpenSession( pxSlotId[ 0 ],
+                                                     CKF_SERIAL_SESSION | CKF_RW_SESSION,
+                                                     NULL, /* Application defined pointer. */
+                                                     NULL, /* Callback function. */
+                                                     pxSession );
+        }
+        else
+        {
+            xResult = CKR_FUNCTION_FAILED;
+        }
 
         /* Free the memory allocated by xGetSlotList. */
         pkcs11configPKCS11_FREE( pxSlotId );
     }
 
-    if( ( xResult == CKR_OK ) && ( pxFunctionList != NULL ) && ( pxFunctionList->C_Login != NULL ) )
+    if( ( xResult == CKR_OK ) && ( pxFunctionList->C_Login != NULL ) )
     {
         xResult = pxFunctionList->C_Login( *pxSession,
                                            CKU_USER,

diff --git a/source/portable/mbedtls/core_pkcs11_mbedtls.c b/source/portable/mbedtls/core_pkcs11_mbedtls.c
@@ -762,15 +762,9 @@ static CK_RV prvRsaContextParse( const CK_ATTRIBUTE * pxAttribute,
             lMbedTLSResult = mbedtls_mpi_read_binary( &pxRsaContext->DQ, pxAttribute->pValue, pxAttribute->ulValueLen );
             break;
 
-        case ( CKA_COEFFICIENT ):
-            lMbedTLSResult = mbedtls_mpi_read_binary( &pxRsaContext->QP, pxAttribute->pValue, pxAttribute->ulValueLen );
-            break;
-
         default:
-
-            /* This should never be reached, as the above types are what gets this function called.
-             * Nevertheless this is an error case, and MISRA requires a default statement. */
-            xResult = CKR_ATTRIBUTE_TYPE_INVALID;
+            /* This is the CKA_COEFFICIENT case. The type is checked in prvRsaKeyAttParse. */
+            lMbedTLSResult = mbedtls_mpi_read_binary( &pxRsaContext->QP, pxAttribute->pValue, pxAttribute->ulValueLen );
             break;
     }
 
@@ -3449,7 +3443,7 @@ CK_DECLARE_FUNCTION( CK_RV, C_FindObjectsInit )( CK_SESSION_HANDLE hSession,
         xResult = CKR_ARGUMENTS_BAD;
     }
 
-    if( ( ulCount != 1UL ) && ( ulCount != 2UL ) )
+    if( ( ulCount < 1UL ) || ( ulCount > 2UL ) )
     {
         xResult = CKR_ARGUMENTS_BAD;
         LogError( ( "Failed to initialize find object operation. Find objects "