Skip to end of metadata
Go to start of metadata

Audit findings

Briefly, will add detail later:

  • libhsm abstracts away complexity from PKCS #11, and it combines modules, but it also removes a lot of the useful semantics of PKCS #11 – which is a real problem.
  • return values should always be checked, no matter how mundane (malloc returns of NULL, specifically)
  • translation between UTF-8 and ASCII should not be implicit
  • the NULL context led to problems and has been removed
  • multiple-stage operations tend to store state in the session object, and must be protected with locks
  • programming assumptions should not be dynamically checked, but with a (debug-time) assertion
  • consistent use of braces and some more zeal with brackets is useful to convey the meaning of code (sometimes a matter of taste)
  • No labels