Same function as previous patch, but the TPM-specific part.
Signed-off-by: Klaus Heinrich Kiwi <[email protected]>
---
usr/lib/pkcs11/tpm_stdll/dig_mgr.c | 92 ++++++++++++++++++++++++-----------
usr/lib/pkcs11/tpm_stdll/mech_rsa.c | 36 +++++---------
usr/lib/pkcs11/tpm_stdll/mech_sha.c | 14 -----
usr/lib/pkcs11/tpm_stdll/new_host.c | 12 -----
4 files changed, 76 insertions(+), 78 deletions(-)
diff --git a/usr/lib/pkcs11/tpm_stdll/dig_mgr.c
b/usr/lib/pkcs11/tpm_stdll/dig_mgr.c
index fa20f91..d0f1ea1 100644
--- a/usr/lib/pkcs11/tpm_stdll/dig_mgr.c
+++ b/usr/lib/pkcs11/tpm_stdll/dig_mgr.c
@@ -321,7 +321,7 @@ digest_mgr_init( SESSION *sess,
return CKR_FUNCTION_FAILED;
}
if (ctx->active != FALSE){
- st_err_log(31, __FILE__, __LINE__);
+ st_err_log(31, __FILE__, __LINE__);
return CKR_OPERATION_ACTIVE;
}
@@ -331,15 +331,16 @@ digest_mgr_init( SESSION *sess,
case CKM_SHA_1:
{
if (mech->ulParameterLen != 0){
- st_err_log(29, __FILE__, __LINE__);
+ st_err_log(29, __FILE__, __LINE__);
return CKR_MECHANISM_PARAM_INVALID;
}
-
+
ctx->context = NULL;
ckm_sha1_init( ctx );
-
+
if (!ctx->context) {
- st_err_log(1, __FILE__, __LINE__);
+ digest_mgr_cleanup(ctx); // to de-initialize context above
+ st_err_log(1, __FILE__, __LINE__);
return CKR_HOST_MEMORY;
}
}
@@ -348,13 +349,14 @@ digest_mgr_init( SESSION *sess,
case CKM_MD2:
{
if (mech->ulParameterLen != 0){
- st_err_log(29, __FILE__, __LINE__);
+ st_err_log(29, __FILE__, __LINE__);
return CKR_MECHANISM_PARAM_INVALID;
}
ctx->context_len = sizeof(MD2_CONTEXT);
ctx->context = (CK_BYTE *)malloc(sizeof(MD2_CONTEXT));
if (!ctx->context){
- st_err_log(1, __FILE__, __LINE__);
+ digest_mgr_cleanup(ctx); // to de-initialize context above
+ st_err_log(1, __FILE__, __LINE__);
return CKR_HOST_MEMORY;
}
memset( ctx->context, 0x0, sizeof(MD2_CONTEXT) );
@@ -364,13 +366,14 @@ digest_mgr_init( SESSION *sess,
case CKM_MD5:
{
if (mech->ulParameterLen != 0){
- st_err_log(29, __FILE__, __LINE__);
+ st_err_log(29, __FILE__, __LINE__);
return CKR_MECHANISM_PARAM_INVALID;
}
ctx->context_len = sizeof(MD5_CONTEXT);
ctx->context = (CK_BYTE *)malloc(sizeof(MD5_CONTEXT));
if (!ctx->context){
- st_err_log(1, __FILE__, __LINE__);
+ digest_mgr_cleanup(ctx); // to de-initialize context above
+ st_err_log(1, __FILE__, __LINE__);
return CKR_HOST_MEMORY;
}
ckm_md5_init( (MD5_CONTEXT *)ctx->context );
@@ -386,6 +389,7 @@ digest_mgr_init( SESSION *sess,
if (mech->ulParameterLen > 0) {
ptr = (CK_BYTE *)malloc(mech->ulParameterLen);
if (!ptr){
+ digest_mgr_cleanup(ctx); // to de-initialize context above
st_err_log(1, __FILE__, __LINE__);
return CKR_HOST_MEMORY;
}
@@ -443,6 +447,7 @@ digest_mgr_digest( SESSION *sess,
CK_BYTE *out_data,
CK_ULONG *out_data_len )
{
+ CK_RV rc;
if (!sess || !ctx){
st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
@@ -458,38 +463,50 @@ digest_mgr_digest( SESSION *sess,
//
if ((length_only == FALSE) && (!in_data || !out_data)){
st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
- return CKR_FUNCTION_FAILED;
+ rc = CKR_FUNCTION_FAILED;
+ goto out;
}
if (ctx->multi == TRUE){
st_err_log(31, __FILE__, __LINE__);
- return CKR_OPERATION_ACTIVE;
+ rc = CKR_FUNCTION_FAILED;
+ goto out;
}
switch (ctx->mech.mechanism) {
case CKM_SHA_1:
- return sha1_hash( sess, length_only, ctx,
+ rc = sha1_hash( sess, length_only, ctx,
in_data, in_data_len,
out_data, out_data_len );
+ break;
#if !(NOMD2 )
case CKM_MD2:
- return md2_hash( sess, length_only, ctx,
+ rc = md2_hash( sess, length_only, ctx,
in_data, in_data_len,
out_data, out_data_len );
+ break;
#endif
case CKM_MD5:
- return md5_hash( sess, length_only, ctx,
+ rc = md5_hash( sess, length_only, ctx,
in_data, in_data_len,
out_data, out_data_len );
+ break;
default:
st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
- return CKR_FUNCTION_FAILED; // shouldn't happen
+ rc = CKR_FUNCTION_FAILED; // shouldn't happen
+ }
+out:
+ if ( !((rc == CKR_BUFFER_TOO_SMALL) ||
+ (rc == CKR_OK && length_only == TRUE)) ) {
+ // "A call to C_Digest always terminates the active digest operation
unless it
+ // returns CKR_BUFFER_TOO_SMALL or is a successful call (i.e., one which
returns CKR_OK)
+ // to determine the length of the buffer needed to hold the message
digest."
+ digest_mgr_cleanup(ctx);
}
- st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
- return CKR_FUNCTION_FAILED;
+ return rc;
}
@@ -501,6 +518,8 @@ digest_mgr_digest_update( SESSION *sess,
CK_BYTE *data,
CK_ULONG data_len )
{
+ CK_RV rc;
+
if (!sess || !ctx){
st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
return CKR_FUNCTION_FAILED;
@@ -514,23 +533,31 @@ digest_mgr_digest_update( SESSION *sess,
switch (ctx->mech.mechanism) {
case CKM_SHA_1:
- return sha1_hash_update( sess, ctx, data, data_len );
+ rc = sha1_hash_update( sess, ctx, data, data_len );
+ break;
#if !(NOMD2)
case CKM_MD2:
- return md2_hash_update( sess, ctx, data, data_len );
+ rc = md2_hash_update( sess, ctx, data, data_len );
+ break;
#endif
case CKM_MD5:
- return md5_hash_update( sess, ctx, data, data_len );
+ rc = md5_hash_update( sess, ctx, data, data_len );
+ break;
default:
st_err_log(28, __FILE__, __LINE__);
- return CKR_MECHANISM_INVALID;
+ rc = CKR_MECHANISM_INVALID;
}
- st_err_log(28, __FILE__, __LINE__);
- return CKR_MECHANISM_INVALID; // shouldn't happen!
+ if (rc != CKR_OK) {
+ digest_mgr_cleanup(ctx); // "A call to C_DigestUpdate which results in
an error
+ // terminates the current digest operation."
+ }
+
+ return rc;
+
}
@@ -555,21 +582,24 @@ digest_mgr_digest_key( SESSION * sess,
rc = object_mgr_find_in_map1( key_handle, &key_obj );
if (rc != CKR_OK){
st_err_log(18, __FILE__, __LINE__);
- return CKR_KEY_HANDLE_INVALID;
+ rc = CKR_KEY_HANDLE_INVALID;
+ goto out;
}
// only allow digesting of CKO_SECRET keys
//
rc = template_attribute_find( key_obj->template, CKA_CLASS, &attr );
if (rc == FALSE) {
st_err_log(24, __FILE__, __LINE__);
- return CKR_KEY_INDIGESTIBLE;
+ rc = CKR_KEY_INDIGESTIBLE;
+ goto out;
}
else
class = *(CK_OBJECT_CLASS *)attr->pValue;
if (class != CKO_SECRET_KEY){
st_err_log(24, __FILE__, __LINE__);
- return CKR_KEY_INDIGESTIBLE;
+ rc = CKR_KEY_INDIGESTIBLE;
+ goto out;
}
// every secret key has a CKA_VALUE attribute
@@ -577,7 +607,8 @@ digest_mgr_digest_key( SESSION * sess,
rc = template_attribute_find( key_obj->template, CKA_VALUE, &attr );
if (!rc){
st_err_log(24, __FILE__, __LINE__);
- return CKR_KEY_INDIGESTIBLE;
+ rc = CKR_KEY_INDIGESTIBLE;
+ goto out;
}
rc = digest_mgr_digest_update( sess,
ctx,
@@ -585,7 +616,12 @@ digest_mgr_digest_key( SESSION * sess,
attr->ulValueLen );
if (rc != CKR_OK){
st_err_log(24, __FILE__, __LINE__);
- }
+ }
+
+out:
+ if (rc != CKR_OK) {
+ digest_mgr_cleanup(ctx);
+ }
return rc;
}
diff --git a/usr/lib/pkcs11/tpm_stdll/mech_rsa.c
b/usr/lib/pkcs11/tpm_stdll/mech_rsa.c
index c89bf4d..5c479c3 100644
--- a/usr/lib/pkcs11/tpm_stdll/mech_rsa.c
+++ b/usr/lib/pkcs11/tpm_stdll/mech_rsa.c
@@ -557,13 +557,13 @@ rsa_hash_pkcs_sign( SESSION * sess,
rc = digest_mgr_init( sess, &digest_ctx, &digest_mech );
if (rc != CKR_OK){
st_err_log(123, __FILE__, __LINE__);
- goto error;
+ return rc;
}
hash_len = sizeof(hash);
rc = digest_mgr_digest( sess, length_only, &digest_ctx, in_data,
in_data_len, hash, &hash_len );
if (rc != CKR_OK){
st_err_log(124, __FILE__, __LINE__);
- goto error;
+ return rc;
}
// build the BER-encodings
@@ -601,7 +601,6 @@ rsa_hash_pkcs_sign( SESSION * sess,
error:
if (octet_str) free( octet_str );
if (ber_data) free( ber_data );
- digest_mgr_cleanup( &digest_ctx );
sign_mgr_cleanup( &sign_ctx );
return rc;
}
@@ -639,7 +638,7 @@ rsa_hash_pkcs_sign_update( SESSION * sess,
rc = digest_mgr_init( sess, &context->hash_context, &digest_mech );
if (rc != CKR_OK){
st_err_log(123, __FILE__, __LINE__);
- goto error;
+ return rc;
}
context->flag = TRUE;
}
@@ -647,13 +646,10 @@ rsa_hash_pkcs_sign_update( SESSION * sess,
rc = digest_mgr_digest_update( sess, &context->hash_context, in_data,
in_data_len );
if (rc != CKR_OK){
st_err_log(123, __FILE__, __LINE__);
- goto error;
+ return rc;
}
- return CKR_OK;
-error:
- digest_mgr_cleanup( &context->hash_context );
- return rc;
+ return CKR_OK;
}
@@ -711,13 +707,13 @@ rsa_hash_pkcs_verify( SESSION * sess,
rc = digest_mgr_init( sess, &digest_ctx, &digest_mech );
if (rc != CKR_OK){
st_err_log(123, __FILE__, __LINE__);
- goto done;
+ return rc;
}
hash_len = sizeof(hash);
rc = digest_mgr_digest( sess, FALSE, &digest_ctx, in_data, in_data_len,
hash, &hash_len );
if (rc != CKR_OK){
st_err_log(124, __FILE__, __LINE__);
- goto done;
+ return rc;
}
// Build the BER encoding
@@ -754,8 +750,6 @@ rsa_hash_pkcs_verify( SESSION * sess,
done:
if (octet_str) free( octet_str );
if (ber_data) free( ber_data );
-
- digest_mgr_cleanup( &digest_ctx );
sign_mgr_cleanup( &verify_ctx );
return rc;
}
@@ -792,7 +786,7 @@ rsa_hash_pkcs_verify_update( SESSION * sess,
rc = digest_mgr_init( sess, &context->hash_context, &digest_mech );
if (rc != CKR_OK){
st_err_log(123, __FILE__, __LINE__);
- goto error;
+ return rc;
}
context->flag = TRUE;
}
@@ -800,13 +794,10 @@ rsa_hash_pkcs_verify_update( SESSION * sess,
rc = digest_mgr_digest_update( sess, &context->hash_context, in_data,
in_data_len );
if (rc != CKR_OK){
st_err_log(123, __FILE__, __LINE__);
- goto error;
+ return rc;
}
- return CKR_OK;
-error:
- digest_mgr_cleanup( &context->hash_context );
- return rc;
+ return CKR_OK;
}
@@ -859,7 +850,7 @@ rsa_hash_pkcs_sign_final( SESSION * sess,
rc = digest_mgr_digest_final( sess, length_only, &context->hash_context,
hash, &hash_len );
if (rc != CKR_OK){
st_err_log(126, __FILE__, __LINE__);
- goto done;
+ return rc;
}
// Build the BER Encoded Data block
//
@@ -902,8 +893,6 @@ rsa_hash_pkcs_sign_final( SESSION * sess,
done:
if (octet_str) free( octet_str );
if (ber_data) free( ber_data );
-
- digest_mgr_cleanup( &context->hash_context );
sign_mgr_cleanup( &sign_ctx );
return rc;
}
@@ -955,7 +944,7 @@ rsa_hash_pkcs_verify_final( SESSION * sess,
rc = digest_mgr_digest_final( sess, FALSE, &context->hash_context, hash,
&hash_len );
if (rc != CKR_OK){
st_err_log(126, __FILE__, __LINE__);
- goto done;
+ return rc;
}
// Build the BER encoding
//
@@ -992,7 +981,6 @@ rsa_hash_pkcs_verify_final( SESSION * sess,
done:
if (octet_str) free( octet_str );
if (ber_data) free( ber_data );
- digest_mgr_cleanup( &context->hash_context );
verify_mgr_cleanup( &verify_ctx );
return rc;
}
diff --git a/usr/lib/pkcs11/tpm_stdll/mech_sha.c
b/usr/lib/pkcs11/tpm_stdll/mech_sha.c
index 176cb73..533fd89 100644
--- a/usr/lib/pkcs11/tpm_stdll/mech_sha.c
+++ b/usr/lib/pkcs11/tpm_stdll/mech_sha.c
@@ -268,7 +268,6 @@ sha1_hmac_sign( SESSION * sess,
rc = digest_mgr_init( sess, &digest_ctx, &digest_mech );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(123, __FILE__, __LINE__);
return rc;
}
@@ -279,12 +278,10 @@ sha1_hmac_sign( SESSION * sess,
attr->ulValueLen,
hash, &hash_len );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(124, __FILE__, __LINE__);
return rc;
}
- digest_mgr_cleanup( &digest_ctx );
memset( &digest_ctx, 0x0, sizeof(DIGEST_CONTEXT) );
for (i=0; i < hash_len; i++) {
@@ -315,21 +312,18 @@ sha1_hmac_sign( SESSION * sess,
//
rc = digest_mgr_init( sess, &digest_ctx, &digest_mech );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(123, __FILE__, __LINE__);
return rc;
}
rc = digest_mgr_digest_update( sess, &digest_ctx, k_ipad, SHA1_BLOCK_SIZE );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(123, __FILE__, __LINE__);
return rc;
}
rc = digest_mgr_digest_update( sess, &digest_ctx, in_data, in_data_len );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(123, __FILE__, __LINE__);
return rc;
}
@@ -337,12 +331,10 @@ sha1_hmac_sign( SESSION * sess,
hash_len = sizeof(hash);
rc = digest_mgr_digest_final( sess, FALSE, &digest_ctx, hash, &hash_len );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(126, __FILE__, __LINE__);
return rc;
}
- digest_mgr_cleanup( &digest_ctx );
memset( &digest_ctx, 0x0, sizeof(DIGEST_CONTEXT) );
@@ -350,21 +342,18 @@ sha1_hmac_sign( SESSION * sess,
//
rc = digest_mgr_init( sess, &digest_ctx, &digest_mech );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(123, __FILE__, __LINE__);
return rc;
}
rc = digest_mgr_digest_update( sess, &digest_ctx, k_opad, SHA1_BLOCK_SIZE );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(123, __FILE__, __LINE__);
return rc;
}
rc = digest_mgr_digest_update( sess, &digest_ctx, hash, hash_len );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(123, __FILE__, __LINE__);
return rc;
}
@@ -372,7 +361,6 @@ sha1_hmac_sign( SESSION * sess,
hash_len = sizeof(hash);
rc = digest_mgr_digest_final( sess, FALSE, &digest_ctx, hash, &hash_len );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(126, __FILE__, __LINE__);
return rc;
}
@@ -380,8 +368,6 @@ sha1_hmac_sign( SESSION * sess,
memcpy( out_data, hash, hmac_len );
*out_data_len = hmac_len;
- digest_mgr_cleanup( &digest_ctx );
-
return CKR_OK;
}
diff --git a/usr/lib/pkcs11/tpm_stdll/new_host.c
b/usr/lib/pkcs11/tpm_stdll/new_host.c
index 770de3c..96ebf54 100644
--- a/usr/lib/pkcs11/tpm_stdll/new_host.c
+++ b/usr/lib/pkcs11/tpm_stdll/new_host.c
@@ -2821,9 +2821,6 @@ CK_RV SC_Digest( ST_SESSION_HANDLE sSession,
}
done:
- if (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE))
- digest_mgr_cleanup( &sess->digest_ctx );
-
LLOCK;
if (debugfile) {
stlogit2(debugfile, "%-25s: rc = %08x, sess = %d, datalen = %d\n",
"C_Digest", rc, (sess == NULL)?-1:(CK_LONG)sess->handle, ulDataLen );
@@ -2879,9 +2876,6 @@ CK_RV SC_DigestUpdate( ST_SESSION_HANDLE sSession,
}
}
done:
- if (rc != CKR_OK)
- digest_mgr_cleanup( &sess->digest_ctx );
-
LLOCK;
if (debugfile) {
stlogit2(debugfile, "%-25s: rc = %08x, sess = %d, datalen = %d\n",
"C_DigestUpdate", rc, (sess == NULL)?-1:(CK_LONG)sess->handle, ulPartLen );
@@ -2926,9 +2920,6 @@ CK_RV SC_DigestKey( ST_SESSION_HANDLE sSession,
}
done:
- if (rc != CKR_OK)
- digest_mgr_cleanup( &sess->digest_ctx );
-
LLOCK;
if (debugfile) {
stlogit2(debugfile, "%-25s: rc = %08x, sess = %d, key = %d\n",
"C_DigestKey", rc, (sess == NULL)?-1:(CK_LONG)sess->handle, hKey );
@@ -2987,9 +2978,6 @@ CK_RV SC_DigestFinal( ST_SESSION_HANDLE sSession,
}
done:
- if (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE))
- digest_mgr_cleanup( &sess->digest_ctx );
-
LLOCK;
if (debugfile) {
stlogit2(debugfile, "%-25s: rc = %08x, sess = %d\n", "C_DigestFinal",
rc, (sess == NULL)?-1:(CK_LONG)sess->handle );
--
1.7.2.3
------------------------------------------------------------------------------
Lotusphere 2011
Register now for Lotusphere 2011 and learn how
to connect the dots, take your collaborative environment
to the next level, and enter the era of Social Business.
http://p.sf.net/sfu/lotusphere-d2d
_______________________________________________
Opencryptoki-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opencryptoki-tech
