tests: pkcs11-mock lib: check object session sanity prior to using it

This avoids crashes when the object is used after a fork but prior
to the session being re-established.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

1 files changed, 33 insertions, 34 deletions

diff --git a/tests/pkcs11/pkcs11-mock.c b/tests/pkcs11/pkcs11-mock.c
index bdf803fb6d..5882f857cd 100644
--- a/tests/pkcs11/pkcs11-mock.c
+++ b/tests/pkcs11/pkcs11-mock.c
@@ -242,7 +242,6 @@ CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(CK_VOID_PTR pInitArgs)
 		return CKR_CRYPTOKI_ALREADY_INITIALIZED;
 
 	IGNORE(pInitArgs);
-
 #if defined(HAVE___REGISTER_ATFORK)
 	if (registered_fork_handler == 0) {
 		__register_atfork(NULL, NULL, fork_handler, __dso_handle);
@@ -1533,14 +1532,14 @@ CK_DEFINE_FUNCTION(CK_RV, C_DecryptInit)(CK_SESSION_HANDLE hSession, CK_MECHANIS
 	if (CK_FALSE == pkcs11_mock_initialized)
 		return CKR_CRYPTOKI_NOT_INITIALIZED;
 
+	if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+		return CKR_SESSION_HANDLE_INVALID;
+
 	if ((PKCS11_MOCK_CK_OPERATION_NONE != mock_session->find_op.active_operation) &&
 		(PKCS11_MOCK_CK_OPERATION_DIGEST != mock_session->find_op.active_operation) && 
 		(PKCS11_MOCK_CK_OPERATION_VERIFY != mock_session->find_op.active_operation))
 		return CKR_OPERATION_ACTIVE;
 
-	if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
-		return CKR_SESSION_HANDLE_INVALID;
-
 	if (pkcs11_mock_flags & MOCK_FLAG_ALWAYS_AUTH) {
 		if (!pkcs11_mock_session_reauth) {
 			return CKR_USER_NOT_LOGGED_IN;
@@ -1624,12 +1623,12 @@ CK_DEFINE_FUNCTION(CK_RV, C_Decrypt)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEn
 	if (CK_FALSE == pkcs11_mock_initialized)
 		return CKR_CRYPTOKI_NOT_INITIALIZED;
 
-	if (PKCS11_MOCK_CK_OPERATION_DECRYPT != mock_session->find_op.active_operation)
-		return CKR_OPERATION_NOT_INITIALIZED;
-
 	if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
 		return CKR_SESSION_HANDLE_INVALID;
 
+	if (PKCS11_MOCK_CK_OPERATION_DECRYPT != mock_session->find_op.active_operation)
+		return CKR_OPERATION_NOT_INITIALIZED;
+
 	if (NULL == pEncryptedData)
 		return CKR_ARGUMENTS_BAD;
 
@@ -1667,12 +1666,12 @@ CK_DEFINE_FUNCTION(CK_RV, C_DecryptUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_P
 	if (CK_FALSE == pkcs11_mock_initialized)
 		return CKR_CRYPTOKI_NOT_INITIALIZED;
 
-	if (PKCS11_MOCK_CK_OPERATION_DECRYPT != mock_session->find_op.active_operation)
-		return CKR_OPERATION_NOT_INITIALIZED;
-
 	if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
 		return CKR_SESSION_HANDLE_INVALID;
 
+	if (PKCS11_MOCK_CK_OPERATION_DECRYPT != mock_session->find_op.active_operation)
+		return CKR_OPERATION_NOT_INITIALIZED;
+
 	if (NULL == pEncryptedPart)
 		return CKR_ARGUMENTS_BAD;
 
@@ -1706,14 +1705,14 @@ CK_DEFINE_FUNCTION(CK_RV, C_DecryptFinal)(CK_SESSION_HANDLE hSession, CK_BYTE_PT
 	if (CK_FALSE == pkcs11_mock_initialized)
 		return CKR_CRYPTOKI_NOT_INITIALIZED;
 
+	if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+		return CKR_SESSION_HANDLE_INVALID;
+
 	if ((PKCS11_MOCK_CK_OPERATION_DECRYPT != mock_session->find_op.active_operation) &&
 		(PKCS11_MOCK_CK_OPERATION_DECRYPT_DIGEST != mock_session->find_op.active_operation) &&
 		(PKCS11_MOCK_CK_OPERATION_DECRYPT_VERIFY != mock_session->find_op.active_operation))
 		return CKR_OPERATION_NOT_INITIALIZED;
 
-	if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
-		return CKR_SESSION_HANDLE_INVALID;
-
 	if (NULL == pulLastPartLen)
 		return CKR_ARGUMENTS_BAD;
 
@@ -1918,13 +1917,13 @@ CK_DEFINE_FUNCTION(CK_RV, C_SignInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_P
 	if (CK_FALSE == pkcs11_mock_initialized)
 		return CKR_CRYPTOKI_NOT_INITIALIZED;
 
+	if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+		return CKR_SESSION_HANDLE_INVALID;
+
 	if ((PKCS11_MOCK_CK_OPERATION_NONE != mock_session->find_op.active_operation) &&
 		(PKCS11_MOCK_CK_OPERATION_ENCRYPT != mock_session->find_op.active_operation))
 		return CKR_OPERATION_ACTIVE;
 
-	if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
-		return CKR_SESSION_HANDLE_INVALID;
-
 	if (pkcs11_mock_flags & MOCK_FLAG_ALWAYS_AUTH) {
 		if (!pkcs11_mock_session_reauth) {
 			return CKR_USER_NOT_LOGGED_IN;
@@ -2064,12 +2063,12 @@ CK_DEFINE_FUNCTION(CK_RV, C_SignRecoverInit)(CK_SESSION_HANDLE hSession, CK_MECH
 	if (CK_FALSE == pkcs11_mock_initialized)
 		return CKR_CRYPTOKI_NOT_INITIALIZED;
 
-	if (PKCS11_MOCK_CK_OPERATION_NONE != mock_session->find_op.active_operation)
-		return CKR_OPERATION_ACTIVE;
-
 	if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
 		return CKR_SESSION_HANDLE_INVALID;
 
+	if (PKCS11_MOCK_CK_OPERATION_NONE != mock_session->find_op.active_operation)
+		return CKR_OPERATION_ACTIVE;
+
 	if (NULL == pMechanism)
 		return CKR_ARGUMENTS_BAD;
 
@@ -2140,13 +2139,13 @@ CK_DEFINE_FUNCTION(CK_RV, C_VerifyInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM
 	if (CK_FALSE == pkcs11_mock_initialized)
 		return CKR_CRYPTOKI_NOT_INITIALIZED;
 
+	if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+		return CKR_SESSION_HANDLE_INVALID;
+
 	if ((PKCS11_MOCK_CK_OPERATION_NONE != mock_session->find_op.active_operation) &&
 		(PKCS11_MOCK_CK_OPERATION_DECRYPT != mock_session->find_op.active_operation))
 		return CKR_OPERATION_ACTIVE;
 
-	if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
-		return CKR_SESSION_HANDLE_INVALID;
-
 	if (NULL == pMechanism)
 		return CKR_ARGUMENTS_BAD;
 
@@ -2270,12 +2269,12 @@ CK_DEFINE_FUNCTION(CK_RV, C_VerifyRecoverInit)(CK_SESSION_HANDLE hSession, CK_ME
 	if (CK_FALSE == pkcs11_mock_initialized)
 		return CKR_CRYPTOKI_NOT_INITIALIZED;
 
-	if (PKCS11_MOCK_CK_OPERATION_NONE != mock_session->find_op.active_operation)
-		return CKR_OPERATION_ACTIVE;
-
 	if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
 		return CKR_SESSION_HANDLE_INVALID;
 
+	if (PKCS11_MOCK_CK_OPERATION_NONE != mock_session->find_op.active_operation)
+		return CKR_OPERATION_ACTIVE;
+
 	if (NULL == pMechanism)
 		return CKR_ARGUMENTS_BAD;
 
@@ -2389,12 +2388,12 @@ CK_DEFINE_FUNCTION(CK_RV, C_DecryptDigestUpdate)(CK_SESSION_HANDLE hSession, CK_
 	if (CK_FALSE == pkcs11_mock_initialized)
 		return CKR_CRYPTOKI_NOT_INITIALIZED;
 
-	if (PKCS11_MOCK_CK_OPERATION_DECRYPT_DIGEST != mock_session->find_op.active_operation)
-		return CKR_OPERATION_NOT_INITIALIZED;
-
 	if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
 		return CKR_SESSION_HANDLE_INVALID;
 
+	if (PKCS11_MOCK_CK_OPERATION_DECRYPT_DIGEST != mock_session->find_op.active_operation)
+		return CKR_OPERATION_NOT_INITIALIZED;
+
 	if (NULL == pEncryptedPart)
 		return CKR_ARGUMENTS_BAD;
 
@@ -2430,12 +2429,12 @@ CK_DEFINE_FUNCTION(CK_RV, C_SignEncryptUpdate)(CK_SESSION_HANDLE hSession, CK_BY
 	if (CK_FALSE == pkcs11_mock_initialized)
 		return CKR_CRYPTOKI_NOT_INITIALIZED;
 
-	if (PKCS11_MOCK_CK_OPERATION_SIGN_ENCRYPT != mock_session->find_op.active_operation)
-		return CKR_OPERATION_NOT_INITIALIZED;
-
 	if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
 		return CKR_SESSION_HANDLE_INVALID;
 
+	if (PKCS11_MOCK_CK_OPERATION_SIGN_ENCRYPT != mock_session->find_op.active_operation)
+		return CKR_OPERATION_NOT_INITIALIZED;
+
 	if (NULL == pPart)
 		return CKR_ARGUMENTS_BAD;
 
@@ -2471,12 +2470,12 @@ CK_DEFINE_FUNCTION(CK_RV, C_DecryptVerifyUpdate)(CK_SESSION_HANDLE hSession, CK_
 	if (CK_FALSE == pkcs11_mock_initialized)
 		return CKR_CRYPTOKI_NOT_INITIALIZED;
 
-	if (PKCS11_MOCK_CK_OPERATION_DECRYPT_VERIFY != mock_session->find_op.active_operation)
-		return CKR_OPERATION_NOT_INITIALIZED;
-
 	if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
 		return CKR_SESSION_HANDLE_INVALID;
 
+	if (PKCS11_MOCK_CK_OPERATION_DECRYPT_VERIFY != mock_session->find_op.active_operation)
+		return CKR_OPERATION_NOT_INITIALIZED;
+
 	if (NULL == pEncryptedPart)
 		return CKR_ARGUMENTS_BAD;