For most C_Digest* functions (exception is C_DigestKey), the spec specified the scenarios in which a digest operation should terminate (either due to error or normal finalization).
This patch brings the digest_mgr_cleanup() function to be called from *inside* the digest_mgr_* functions, so we can better manage resources from a single place. This patch is for the `common` part, and also fix at least one memory leak in the software-fallback SHA1 code (where ckm_sha1_init could continuously allocate contexts without being properly cleaned-up) Signed-off-by: Klaus Heinrich Kiwi <[email protected]> --- usr/lib/pkcs11/common/dig_mgr.c | 139 ++++++++++++++++------- usr/lib/pkcs11/common/mech_md2.c | 2 - usr/lib/pkcs11/common/mech_md5.c | 13 -- usr/lib/pkcs11/common/mech_rsa.c | 40 ++----- usr/lib/pkcs11/common/mech_sha.c | 56 +--------- usr/lib/pkcs11/common/mech_ssl3.c | 229 +++++++++++++++++-------------------- usr/lib/pkcs11/common/new_host.c | 12 -- 7 files changed, 219 insertions(+), 272 deletions(-) diff --git a/usr/lib/pkcs11/common/dig_mgr.c b/usr/lib/pkcs11/common/dig_mgr.c index 9561e2f..867435b 100755 --- a/usr/lib/pkcs11/common/dig_mgr.c +++ b/usr/lib/pkcs11/common/dig_mgr.c @@ -328,15 +328,16 @@ digest_mgr_init( SESSION *sess, case CKM_SHA_1: { if (mech->ulParameterLen != 0){ - st_err_log(29, __FILE__, __LINE__); + st_err_log(29, __FILE__, __LINE__); return CKR_MECHANISM_PARAM_INVALID; } - + ctx->context = NULL; ckm_sha1_init( ctx ); - + if (!ctx->context) { - st_err_log(1, __FILE__, __LINE__); + digest_mgr_cleanup(ctx); // to de-initialize context above + st_err_log(1, __FILE__, __LINE__); return CKR_HOST_MEMORY; } } @@ -353,6 +354,7 @@ digest_mgr_init( SESSION *sess, ckm_sha2_init( ctx ); if (!ctx->context) { + digest_mgr_cleanup(ctx); // to de-initialize context above st_err_log(1, __FILE__, __LINE__); return CKR_HOST_MEMORY; } @@ -370,6 +372,7 @@ digest_mgr_init( SESSION *sess, ckm_sha3_init( ctx ); if (!ctx->context) { + digest_mgr_cleanup(ctx); // to de-initialize context above st_err_log(1, __FILE__, __LINE__); return CKR_HOST_MEMORY; } @@ -387,6 +390,7 @@ digest_mgr_init( SESSION *sess, ckm_sha5_init( ctx ); if (!ctx->context) { + digest_mgr_cleanup(ctx); // to de-initialize context above st_err_log(1, __FILE__, __LINE__); return CKR_HOST_MEMORY; } @@ -402,6 +406,7 @@ digest_mgr_init( SESSION *sess, ctx->context_len = sizeof(MD2_CONTEXT); ctx->context = (CK_BYTE *)malloc(sizeof(MD2_CONTEXT)); if (!ctx->context){ + digest_mgr_cleanup(ctx); // to de-initialize context above st_err_log(1, __FILE__, __LINE__); return CKR_HOST_MEMORY; } @@ -418,6 +423,7 @@ digest_mgr_init( SESSION *sess, ctx->context_len = sizeof(MD5_CONTEXT); ctx->context = (CK_BYTE *)malloc(sizeof(MD5_CONTEXT)); if (!ctx->context){ + digest_mgr_cleanup(ctx); // to de-initialize context above st_err_log(1, __FILE__, __LINE__); return CKR_HOST_MEMORY; } @@ -433,6 +439,7 @@ digest_mgr_init( SESSION *sess, if (mech->ulParameterLen > 0) { ptr = (CK_BYTE *)malloc(mech->ulParameterLen); if (!ptr){ + digest_mgr_cleanup(ctx); // to de-initialize context above st_err_log(1, __FILE__, __LINE__); return CKR_HOST_MEMORY; } @@ -489,6 +496,7 @@ digest_mgr_digest( SESSION *sess, CK_BYTE *out_data, CK_ULONG *out_data_len ) { + CK_RV rc; if (!sess || !ctx){ st_err_log(4, __FILE__, __LINE__, __FUNCTION__); @@ -504,53 +512,70 @@ digest_mgr_digest( SESSION *sess, // if ((length_only == FALSE) && (!in_data || !out_data)){ st_err_log(4, __FILE__, __LINE__, __FUNCTION__); - return CKR_FUNCTION_FAILED; + rc = CKR_FUNCTION_FAILED; + goto out; } if (ctx->multi == TRUE){ st_err_log(31, __FILE__, __LINE__); - return CKR_OPERATION_ACTIVE; + rc = CKR_FUNCTION_FAILED; + goto out; } switch (ctx->mech.mechanism) { case CKM_SHA_1: - return sha1_hash( sess, length_only, ctx, + rc = sha1_hash( sess, length_only, ctx, in_data, in_data_len, out_data, out_data_len ); + break; case CKM_SHA256: - return sha2_hash( sess, length_only, ctx, + rc = sha2_hash( sess, length_only, ctx, in_data, in_data_len, out_data, out_data_len ); + break; case CKM_SHA384: - return sha3_hash( sess, length_only, ctx, + rc = sha3_hash( sess, length_only, ctx, in_data, in_data_len, out_data, out_data_len ); + break; case CKM_SHA512: - return sha5_hash( sess, length_only, ctx, + rc = sha5_hash( sess, length_only, ctx, in_data, in_data_len, out_data, out_data_len ); + break; #if !(NOMD2 ) case CKM_MD2: - return md2_hash( sess, length_only, ctx, + rc = md2_hash( sess, length_only, ctx, in_data, in_data_len, out_data, out_data_len ); + break; #endif case CKM_MD5: - return md5_hash( sess, length_only, ctx, + rc = md5_hash( sess, length_only, ctx, in_data, in_data_len, out_data, out_data_len ); + break; default: st_err_log(4, __FILE__, __LINE__, __FUNCTION__); - return CKR_FUNCTION_FAILED; // shouldn't happen + rc = CKR_FUNCTION_FAILED; // shouldn't happen } - st_err_log(4, __FILE__, __LINE__, __FUNCTION__); - return CKR_FUNCTION_FAILED; +out: + if ( !((rc == CKR_BUFFER_TOO_SMALL) || + (rc == CKR_OK && length_only == TRUE)) ) { + // "A call to C_Digest always terminates the active digest operation unless it + // returns CKR_BUFFER_TOO_SMALL or is a successful call (i.e., one which returns CKR_OK) + // to determine the length of the buffer needed to hold the message digest." + digest_mgr_cleanup(ctx); + } + + return rc; + } @@ -562,6 +587,8 @@ digest_mgr_digest_update( SESSION *sess, CK_BYTE *data, CK_ULONG data_len ) { + CK_RV rc; + if (!sess || !ctx){ st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; @@ -575,32 +602,42 @@ digest_mgr_digest_update( SESSION *sess, switch (ctx->mech.mechanism) { case CKM_SHA_1: - return sha1_hash_update( sess, ctx, data, data_len ); + rc = sha1_hash_update( sess, ctx, data, data_len ); + break; case CKM_SHA256: - return sha2_hash_update( sess, ctx, data, data_len ); + rc = sha2_hash_update( sess, ctx, data, data_len ); + break; case CKM_SHA384: - return sha3_hash_update( sess, ctx, data, data_len ); + rc = sha3_hash_update( sess, ctx, data, data_len ); + break; case CKM_SHA512: - return sha5_hash_update( sess, ctx, data, data_len ); + rc = sha5_hash_update( sess, ctx, data, data_len ); + break; #if !(NOMD2) case CKM_MD2: - return md2_hash_update( sess, ctx, data, data_len ); + rc = md2_hash_update( sess, ctx, data, data_len ); + break; #endif case CKM_MD5: - return md5_hash_update( sess, ctx, data, data_len ); + rc = md5_hash_update( sess, ctx, data, data_len ); + break; default: st_err_log(28, __FILE__, __LINE__); - return CKR_MECHANISM_INVALID; + rc = CKR_MECHANISM_INVALID; + } + + if (rc != CKR_OK) { + digest_mgr_cleanup(ctx); // "A call to C_DigestUpdate which results in an error + // terminates the current digest operation." } - st_err_log(28, __FILE__, __LINE__); - return CKR_MECHANISM_INVALID; // shouldn't happen! + return rc; } @@ -625,21 +662,24 @@ digest_mgr_digest_key( SESSION * sess, rc = object_mgr_find_in_map1( key_handle, &key_obj ); if (rc != CKR_OK){ st_err_log(18, __FILE__, __LINE__); - return CKR_KEY_HANDLE_INVALID; + rc = CKR_KEY_HANDLE_INVALID; + goto out; } // only allow digesting of CKO_SECRET keys // rc = template_attribute_find( key_obj->template, CKA_CLASS, &attr ); if (rc == FALSE) { st_err_log(24, __FILE__, __LINE__); - return CKR_KEY_INDIGESTIBLE; + rc = CKR_KEY_INDIGESTIBLE; + goto out; } else class = *(CK_OBJECT_CLASS *)attr->pValue; if (class != CKO_SECRET_KEY){ st_err_log(24, __FILE__, __LINE__); - return CKR_KEY_INDIGESTIBLE; + rc = CKR_KEY_INDIGESTIBLE; + goto out; } // every secret key has a CKA_VALUE attribute @@ -647,7 +687,8 @@ digest_mgr_digest_key( SESSION * sess, rc = template_attribute_find( key_obj->template, CKA_VALUE, &attr ); if (!rc){ st_err_log(24, __FILE__, __LINE__); - return CKR_KEY_INDIGESTIBLE; + rc = CKR_KEY_INDIGESTIBLE; + goto out; } rc = digest_mgr_digest_update( sess, ctx, @@ -655,7 +696,12 @@ digest_mgr_digest_key( SESSION * sess, attr->ulValueLen ); if (rc != CKR_OK){ st_err_log(24, __FILE__, __LINE__); - } + } + +out: + if (rc != CKR_OK) { + digest_mgr_cleanup(ctx); + } return rc; } @@ -669,6 +715,8 @@ digest_mgr_digest_final( SESSION *sess, CK_BYTE *hash, CK_ULONG *hash_len ) { + CK_RV rc; + if (!sess || !ctx){ st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; @@ -682,45 +730,58 @@ digest_mgr_digest_final( SESSION *sess, * is the final part of a multi part operation. */ ctx->multi = FALSE; - + switch (ctx->mech.mechanism) { case CKM_SHA_1: - return sha1_hash_final( sess, length_only, + rc = sha1_hash_final( sess, length_only, ctx, hash, hash_len ); + break; case CKM_SHA256: - return sha2_hash_final( sess, length_only, + rc = sha2_hash_final( sess, length_only, ctx, hash, hash_len ); + break; case CKM_SHA384: - return sha3_hash_final( sess, length_only, + rc = sha3_hash_final( sess, length_only, ctx, hash, hash_len ); + break; case CKM_SHA512: - return sha5_hash_final( sess, length_only, + rc = sha5_hash_final( sess, length_only, ctx, hash, hash_len ); + break; #if !(NOMD2) case CKM_MD2: - return md2_hash_final( sess, length_only, + rc = md2_hash_final( sess, length_only, ctx, hash, hash_len ); + break; #endif case CKM_MD5: - return md5_hash_final( sess, length_only, + rc = md5_hash_final( sess, length_only, ctx, hash, hash_len ); + break; default: st_err_log(28, __FILE__, __LINE__); - return CKR_MECHANISM_INVALID; // shouldn't happen + rc = CKR_MECHANISM_INVALID; // shouldn't happen } - st_err_log(28, __FILE__, __LINE__); - return CKR_MECHANISM_INVALID; + if ( !((rc == CKR_BUFFER_TOO_SMALL) || + (rc == CKR_OK && length_only == TRUE)) ) { + // "A call to C_DigestFinal always terminates the active digest operation unless it + // returns CKR_BUFFER_TOO_SMALL or is a successful call (i.e., one which returns CKR_OK) + // to determine the length of the buffer needed to hold the message digest." + digest_mgr_cleanup(ctx); + } + + return rc; } diff --git a/usr/lib/pkcs11/common/mech_md2.c b/usr/lib/pkcs11/common/mech_md2.c index 9cbe101..34cf2b0 100755 --- a/usr/lib/pkcs11/common/mech_md2.c +++ b/usr/lib/pkcs11/common/mech_md2.c @@ -519,7 +519,6 @@ md2_hmac_sign( SESSION * sess, st_err_log(124, __FILE__, __LINE__); return rc; } - digest_mgr_cleanup( &digest_ctx ); memset( &digest_ctx, 0x0, sizeof(DIGEST_CONTEXT) ); for (i = 0; i < hash_len; i++) @@ -573,7 +572,6 @@ md2_hmac_sign( SESSION * sess, st_err_log(126, __FILE__, __LINE__); return rc; } - digest_mgr_cleanup( &digest_ctx ); memset( &digest_ctx, 0x0, sizeof(DIGEST_CONTEXT) ); diff --git a/usr/lib/pkcs11/common/mech_md5.c b/usr/lib/pkcs11/common/mech_md5.c index 18ec2fc..993de11 100755 --- a/usr/lib/pkcs11/common/mech_md5.c +++ b/usr/lib/pkcs11/common/mech_md5.c @@ -475,7 +475,6 @@ md5_hmac_sign( SESSION * sess, rc = digest_mgr_init( sess, &digest_ctx, &digest_mech ); if (rc != CKR_OK) { - digest_mgr_cleanup( &digest_ctx ); return rc; } @@ -484,11 +483,9 @@ md5_hmac_sign( SESSION * sess, attr->pValue, attr->ulValueLen, hash, &hash_len ); if (rc != CKR_OK) { - digest_mgr_cleanup( &digest_ctx ); return rc; } - digest_mgr_cleanup( &digest_ctx ); memset( &digest_ctx, 0x0, sizeof(DIGEST_CONTEXT) ); for (i=0; i < hash_len; i++) { @@ -522,7 +519,6 @@ md5_hmac_sign( SESSION * sess, if (rc != CKR_OK) { st_err_log(123, __FILE__, __LINE__); - digest_mgr_cleanup( &digest_ctx ); return rc; } @@ -530,7 +526,6 @@ md5_hmac_sign( SESSION * sess, if (rc != CKR_OK) { st_err_log(123, __FILE__, __LINE__); - digest_mgr_cleanup( &digest_ctx ); return rc; } @@ -538,7 +533,6 @@ md5_hmac_sign( SESSION * sess, if (rc != CKR_OK) { st_err_log(123, __FILE__, __LINE__); - digest_mgr_cleanup( &digest_ctx ); return rc; } @@ -547,11 +541,9 @@ md5_hmac_sign( SESSION * sess, if (rc != CKR_OK) { st_err_log(126, __FILE__, __LINE__); - digest_mgr_cleanup( &digest_ctx ); return rc; } - digest_mgr_cleanup( &digest_ctx ); memset( &digest_ctx, 0x0, sizeof(DIGEST_CONTEXT) ); @@ -561,7 +553,6 @@ md5_hmac_sign( SESSION * sess, if (rc != CKR_OK) { st_err_log(123, __FILE__, __LINE__); - digest_mgr_cleanup( &digest_ctx ); return rc; } @@ -569,7 +560,6 @@ md5_hmac_sign( SESSION * sess, if (rc != CKR_OK) { st_err_log(123, __FILE__, __LINE__); - digest_mgr_cleanup( &digest_ctx ); return rc; } @@ -577,7 +567,6 @@ md5_hmac_sign( SESSION * sess, if (rc != CKR_OK) { st_err_log(123, __FILE__, __LINE__); - digest_mgr_cleanup( &digest_ctx ); return rc; } @@ -586,14 +575,12 @@ md5_hmac_sign( SESSION * sess, if (rc != CKR_OK) { st_err_log(126, __FILE__, __LINE__); - digest_mgr_cleanup( &digest_ctx ); return rc; } memcpy( out_data, hash, hmac_len ); *out_data_len = hmac_len; - digest_mgr_cleanup( &digest_ctx ); return CKR_OK; } diff --git a/usr/lib/pkcs11/common/mech_rsa.c b/usr/lib/pkcs11/common/mech_rsa.c index f3f1cac..ec44fcf 100755 --- a/usr/lib/pkcs11/common/mech_rsa.c +++ b/usr/lib/pkcs11/common/mech_rsa.c @@ -1345,16 +1345,16 @@ rsa_hash_pkcs_sign( SESSION * sess, rc = digest_mgr_init( sess, &digest_ctx, &digest_mech ); if (rc != CKR_OK){ st_err_log(123, __FILE__, __LINE__); - goto error; + return rc; } hash_len = sizeof(hash); rc = digest_mgr_digest( sess, length_only, &digest_ctx, in_data, in_data_len, hash, &hash_len ); if (rc != CKR_OK){ st_err_log(124, __FILE__, __LINE__); - goto error; + return rc; } // build the BER-encodings - + rc = ber_encode_OCTET_STRING( FALSE, &octet_str, &octet_str_len, hash, hash_len ); if (rc != CKR_OK){ st_err_log(77, __FILE__, __LINE__); @@ -1363,7 +1363,7 @@ rsa_hash_pkcs_sign( SESSION * sess, tmp = (CK_BYTE *)buf1; memcpy( tmp, oid, oid_len ); memcpy( tmp + oid_len, octet_str, octet_str_len); - + rc = ber_encode_SEQUENCE( FALSE, &ber_data, &ber_data_len, tmp, (oid_len + octet_str_len) ); if (rc != CKR_OK){ st_err_log(78, __FILE__, __LINE__); @@ -1389,7 +1389,6 @@ rsa_hash_pkcs_sign( SESSION * sess, error: if (octet_str) free( octet_str ); if (ber_data) free( ber_data ); - digest_mgr_cleanup( &digest_ctx ); sign_mgr_cleanup( &sign_ctx ); return rc; } @@ -1427,7 +1426,7 @@ rsa_hash_pkcs_sign_update( SESSION * sess, rc = digest_mgr_init( sess, &context->hash_context, &digest_mech ); if (rc != CKR_OK){ st_err_log(123, __FILE__, __LINE__); - goto error; + return rc; } context->flag = TRUE; } @@ -1435,13 +1434,9 @@ rsa_hash_pkcs_sign_update( SESSION * sess, rc = digest_mgr_digest_update( sess, &context->hash_context, in_data, in_data_len ); if (rc != CKR_OK){ st_err_log(123, __FILE__, __LINE__); - goto error; + return rc; } return CKR_OK; - -error: - digest_mgr_cleanup( &context->hash_context ); - return rc; } @@ -1499,13 +1494,13 @@ rsa_hash_pkcs_verify( SESSION * sess, rc = digest_mgr_init( sess, &digest_ctx, &digest_mech ); if (rc != CKR_OK){ st_err_log(123, __FILE__, __LINE__); - goto done; + return rc; } hash_len = sizeof(hash); rc = digest_mgr_digest( sess, FALSE, &digest_ctx, in_data, in_data_len, hash, &hash_len ); if (rc != CKR_OK){ st_err_log(124, __FILE__, __LINE__); - goto done; + return rc; } // Build the BER encoding @@ -1542,8 +1537,6 @@ rsa_hash_pkcs_verify( SESSION * sess, done: if (octet_str) free( octet_str ); if (ber_data) free( ber_data ); - - digest_mgr_cleanup( &digest_ctx ); sign_mgr_cleanup( &verify_ctx ); return rc; } @@ -1580,7 +1573,7 @@ rsa_hash_pkcs_verify_update( SESSION * sess, rc = digest_mgr_init( sess, &context->hash_context, &digest_mech ); if (rc != CKR_OK){ st_err_log(123, __FILE__, __LINE__); - goto error; + return rc; } context->flag = TRUE; } @@ -1588,13 +1581,9 @@ rsa_hash_pkcs_verify_update( SESSION * sess, rc = digest_mgr_digest_update( sess, &context->hash_context, in_data, in_data_len ); if (rc != CKR_OK){ st_err_log(123, __FILE__, __LINE__); - goto error; + return rc; } return CKR_OK; - -error: - digest_mgr_cleanup( &context->hash_context ); - return rc; } @@ -1647,14 +1636,14 @@ rsa_hash_pkcs_sign_final( SESSION * sess, rc = digest_mgr_digest_final( sess, length_only, &context->hash_context, hash, &hash_len ); if (rc != CKR_OK){ st_err_log(126, __FILE__, __LINE__); - goto done; + return rc; } // Build the BER Encoded Data block // rc = ber_encode_OCTET_STRING( FALSE, &octet_str, &octet_str_len, hash, hash_len ); if (rc != CKR_OK){ st_err_log(77, __FILE__, __LINE__); - goto done; + return rc; } tmp = (CK_BYTE *)buf1; memcpy( tmp, oid, oid_len ); @@ -1690,8 +1679,6 @@ rsa_hash_pkcs_sign_final( SESSION * sess, done: if (octet_str) free( octet_str ); if (ber_data) free( ber_data ); - - digest_mgr_cleanup( &context->hash_context ); sign_mgr_cleanup( &sign_ctx ); return rc; } @@ -1743,7 +1730,7 @@ rsa_hash_pkcs_verify_final( SESSION * sess, rc = digest_mgr_digest_final( sess, FALSE, &context->hash_context, hash, &hash_len ); if (rc != CKR_OK){ st_err_log(126, __FILE__, __LINE__); - goto done; + return rc; } // Build the BER encoding // @@ -1780,7 +1767,6 @@ rsa_hash_pkcs_verify_final( SESSION * sess, done: if (octet_str) free( octet_str ); if (ber_data) free( ber_data ); - digest_mgr_cleanup( &context->hash_context ); verify_mgr_cleanup( &verify_ctx ); return rc; } diff --git a/usr/lib/pkcs11/common/mech_sha.c b/usr/lib/pkcs11/common/mech_sha.c index 06655cf..ef262fa 100755 --- a/usr/lib/pkcs11/common/mech_sha.c +++ b/usr/lib/pkcs11/common/mech_sha.c @@ -711,7 +711,6 @@ sha1_hmac_sign( SESSION * sess, rc = digest_mgr_init( sess, &digest_ctx, &digest_mech ); if (rc != CKR_OK) { - digest_mgr_cleanup( &digest_ctx ); st_err_log(123, __FILE__, __LINE__); return rc; } @@ -722,12 +721,10 @@ sha1_hmac_sign( SESSION * sess, attr->ulValueLen, hash, &hash_len ); if (rc != CKR_OK) { - digest_mgr_cleanup( &digest_ctx ); st_err_log(124, __FILE__, __LINE__); return rc; } - digest_mgr_cleanup( &digest_ctx ); memset( &digest_ctx, 0x0, sizeof(DIGEST_CONTEXT) ); for (i=0; i < hash_len; i++) { @@ -758,21 +755,18 @@ sha1_hmac_sign( SESSION * sess, // rc = digest_mgr_init( sess, &digest_ctx, &digest_mech ); if (rc != CKR_OK) { - digest_mgr_cleanup( &digest_ctx ); st_err_log(123, __FILE__, __LINE__); return rc; } rc = digest_mgr_digest_update( sess, &digest_ctx, k_ipad, SHA1_BLOCK_SIZE ); if (rc != CKR_OK) { - digest_mgr_cleanup( &digest_ctx ); st_err_log(123, __FILE__, __LINE__); return rc; } rc = digest_mgr_digest_update( sess, &digest_ctx, in_data, in_data_len ); if (rc != CKR_OK) { - digest_mgr_cleanup( &digest_ctx ); st_err_log(123, __FILE__, __LINE__); return rc; } @@ -780,12 +774,10 @@ sha1_hmac_sign( SESSION * sess, hash_len = sizeof(hash); rc = digest_mgr_digest_final( sess, FALSE, &digest_ctx, hash, &hash_len ); if (rc != CKR_OK) { - digest_mgr_cleanup( &digest_ctx ); st_err_log(126, __FILE__, __LINE__); return rc; } - digest_mgr_cleanup( &digest_ctx ); memset( &digest_ctx, 0x0, sizeof(DIGEST_CONTEXT) ); @@ -793,21 +785,18 @@ sha1_hmac_sign( SESSION * sess, // rc = digest_mgr_init( sess, &digest_ctx, &digest_mech ); if (rc != CKR_OK) { - digest_mgr_cleanup( &digest_ctx ); st_err_log(123, __FILE__, __LINE__); return rc; } rc = digest_mgr_digest_update( sess, &digest_ctx, k_opad, SHA1_BLOCK_SIZE ); if (rc != CKR_OK) { - digest_mgr_cleanup( &digest_ctx ); st_err_log(123, __FILE__, __LINE__); return rc; } rc = digest_mgr_digest_update( sess, &digest_ctx, hash, hash_len ); if (rc != CKR_OK) { - digest_mgr_cleanup( &digest_ctx ); st_err_log(123, __FILE__, __LINE__); return rc; } @@ -815,7 +804,6 @@ sha1_hmac_sign( SESSION * sess, hash_len = sizeof(hash); rc = digest_mgr_digest_final( sess, FALSE, &digest_ctx, hash, &hash_len ); if (rc != CKR_OK) { - digest_mgr_cleanup( &digest_ctx ); st_err_log(126, __FILE__, __LINE__); return rc; } @@ -823,7 +811,6 @@ sha1_hmac_sign( SESSION * sess, memcpy( out_data, hash, hmac_len ); *out_data_len = hmac_len; - digest_mgr_cleanup( &digest_ctx ); return CKR_OK; } @@ -900,7 +887,6 @@ sha2_hmac_sign( SESSION * sess, rc = digest_mgr_init( sess, &digest_ctx, &digest_mech ); if (rc != CKR_OK) { - digest_mgr_cleanup( &digest_ctx ); st_err_log(123, __FILE__, __LINE__); return rc; } @@ -911,12 +897,10 @@ sha2_hmac_sign( SESSION * sess, attr->ulValueLen, hash, &hash_len ); if (rc != CKR_OK) { - digest_mgr_cleanup( &digest_ctx ); st_err_log(124, __FILE__, __LINE__); return rc; } - digest_mgr_cleanup( &digest_ctx ); memset( &digest_ctx, 0x0, sizeof(DIGEST_CONTEXT) ); for (i=0; i < hash_len; i++) { @@ -947,21 +931,18 @@ sha2_hmac_sign( SESSION * sess, // rc = digest_mgr_init( sess, &digest_ctx, &digest_mech ); if (rc != CKR_OK) { - digest_mgr_cleanup( &digest_ctx ); st_err_log(123, __FILE__, __LINE__); return rc; } rc = digest_mgr_digest_update( sess, &digest_ctx, k_ipad, SHA2_BLOCK_SIZE ); if (rc != CKR_OK) { - digest_mgr_cleanup( &digest_ctx ); st_err_log(123, __FILE__, __LINE__); return rc; } rc = digest_mgr_digest_update( sess, &digest_ctx, in_data, in_data_len ); if (rc != CKR_OK) { - digest_mgr_cleanup( &digest_ctx ); st_err_log(123, __FILE__, __LINE__); return rc; } @@ -969,12 +950,10 @@ sha2_hmac_sign( SESSION * sess, hash_len = sizeof(hash); rc = digest_mgr_digest_final( sess, FALSE, &digest_ctx, hash, &hash_len ); if (rc != CKR_OK) { - digest_mgr_cleanup( &digest_ctx ); st_err_log(126, __FILE__, __LINE__); return rc; } - digest_mgr_cleanup( &digest_ctx ); memset( &digest_ctx, 0x0, sizeof(DIGEST_CONTEXT) ); @@ -982,21 +961,18 @@ sha2_hmac_sign( SESSION * sess, // rc = digest_mgr_init( sess, &digest_ctx, &digest_mech ); if (rc != CKR_OK) { - digest_mgr_cleanup( &digest_ctx ); st_err_log(123, __FILE__, __LINE__); return rc; } rc = digest_mgr_digest_update( sess, &digest_ctx, k_opad, SHA2_BLOCK_SIZE ); if (rc != CKR_OK) { - digest_mgr_cleanup( &digest_ctx ); st_err_log(123, __FILE__, __LINE__); return rc; } rc = digest_mgr_digest_update( sess, &digest_ctx, hash, hash_len ); if (rc != CKR_OK) { - digest_mgr_cleanup( &digest_ctx ); st_err_log(123, __FILE__, __LINE__); return rc; } @@ -1004,7 +980,6 @@ sha2_hmac_sign( SESSION * sess, hash_len = sizeof(hash); rc = digest_mgr_digest_final( sess, FALSE, &digest_ctx, hash, &hash_len ); if (rc != CKR_OK) { - digest_mgr_cleanup( &digest_ctx ); st_err_log(126, __FILE__, __LINE__); return rc; } @@ -1012,7 +987,6 @@ sha2_hmac_sign( SESSION * sess, memcpy( out_data, hash, hmac_len ); *out_data_len = hmac_len; - digest_mgr_cleanup( &digest_ctx ); return CKR_OK; } @@ -1089,7 +1063,6 @@ sha3_hmac_sign( SESSION * sess, rc = digest_mgr_init( sess, &digest_ctx, &digest_mech ); if (rc != CKR_OK) { - digest_mgr_cleanup( &digest_ctx ); st_err_log(123, __FILE__, __LINE__); return rc; } @@ -1100,12 +1073,10 @@ sha3_hmac_sign( SESSION * sess, attr->ulValueLen, hash, &hash_len ); if (rc != CKR_OK) { - digest_mgr_cleanup( &digest_ctx ); st_err_log(124, __FILE__, __LINE__); return rc; } - digest_mgr_cleanup( &digest_ctx ); memset( &digest_ctx, 0x0, sizeof(DIGEST_CONTEXT) ); for (i=0; i < hash_len; i++) { @@ -1136,21 +1107,18 @@ sha3_hmac_sign( SESSION * sess, // rc = digest_mgr_init( sess, &digest_ctx, &digest_mech ); if (rc != CKR_OK) { - digest_mgr_cleanup( &digest_ctx ); st_err_log(123, __FILE__, __LINE__); return rc; } rc = digest_mgr_digest_update( sess, &digest_ctx, k_ipad, SHA3_BLOCK_SIZE ); if (rc != CKR_OK) { - digest_mgr_cleanup( &digest_ctx ); st_err_log(123, __FILE__, __LINE__); return rc; } rc = digest_mgr_digest_update( sess, &digest_ctx, in_data, in_data_len ); if (rc != CKR_OK) { - digest_mgr_cleanup( &digest_ctx ); st_err_log(123, __FILE__, __LINE__); return rc; } @@ -1158,12 +1126,10 @@ sha3_hmac_sign( SESSION * sess, hash_len = sizeof(hash); rc = digest_mgr_digest_final( sess, FALSE, &digest_ctx, hash, &hash_len ); if (rc != CKR_OK) { - digest_mgr_cleanup( &digest_ctx ); st_err_log(126, __FILE__, __LINE__); return rc; } - digest_mgr_cleanup( &digest_ctx ); memset( &digest_ctx, 0x0, sizeof(DIGEST_CONTEXT) ); @@ -1171,21 +1137,18 @@ sha3_hmac_sign( SESSION * sess, // rc = digest_mgr_init( sess, &digest_ctx, &digest_mech ); if (rc != CKR_OK) { - digest_mgr_cleanup( &digest_ctx ); st_err_log(123, __FILE__, __LINE__); return rc; } rc = digest_mgr_digest_update( sess, &digest_ctx, k_opad, SHA3_BLOCK_SIZE ); if (rc != CKR_OK) { - digest_mgr_cleanup( &digest_ctx ); st_err_log(123, __FILE__, __LINE__); return rc; } rc = digest_mgr_digest_update( sess, &digest_ctx, hash, hash_len ); if (rc != CKR_OK) { - digest_mgr_cleanup( &digest_ctx ); st_err_log(123, __FILE__, __LINE__); return rc; } @@ -1193,7 +1156,6 @@ sha3_hmac_sign( SESSION * sess, hash_len = sizeof(hash); rc = digest_mgr_digest_final( sess, FALSE, &digest_ctx, hash, &hash_len ); if (rc != CKR_OK) { - digest_mgr_cleanup( &digest_ctx ); st_err_log(126, __FILE__, __LINE__); return rc; } @@ -1201,7 +1163,6 @@ sha3_hmac_sign( SESSION * sess, memcpy( out_data, hash, hmac_len ); *out_data_len = hmac_len; - digest_mgr_cleanup( &digest_ctx ); return CKR_OK; } @@ -1278,7 +1239,6 @@ sha5_hmac_sign( SESSION * sess, rc = digest_mgr_init( sess, &digest_ctx, &digest_mech ); if (rc != CKR_OK) { - digest_mgr_cleanup( &digest_ctx ); st_err_log(123, __FILE__, __LINE__); return rc; } @@ -1289,12 +1249,10 @@ sha5_hmac_sign( SESSION * sess, attr->ulValueLen, hash, &hash_len ); if (rc != CKR_OK) { - digest_mgr_cleanup( &digest_ctx ); st_err_log(124, __FILE__, __LINE__); return rc; } - digest_mgr_cleanup( &digest_ctx ); memset( &digest_ctx, 0x0, sizeof(DIGEST_CONTEXT) ); for (i=0; i < hash_len; i++) { @@ -1325,21 +1283,18 @@ sha5_hmac_sign( SESSION * sess, // rc = digest_mgr_init( sess, &digest_ctx, &digest_mech ); if (rc != CKR_OK) { - digest_mgr_cleanup( &digest_ctx ); st_err_log(123, __FILE__, __LINE__); return rc; } rc = digest_mgr_digest_update( sess, &digest_ctx, k_ipad, SHA5_BLOCK_SIZE ); if (rc != CKR_OK) { - digest_mgr_cleanup( &digest_ctx ); st_err_log(123, __FILE__, __LINE__); return rc; } rc = digest_mgr_digest_update( sess, &digest_ctx, in_data, in_data_len ); if (rc != CKR_OK) { - digest_mgr_cleanup( &digest_ctx ); st_err_log(123, __FILE__, __LINE__); return rc; } @@ -1347,12 +1302,10 @@ sha5_hmac_sign( SESSION * sess, hash_len = sizeof(hash); rc = digest_mgr_digest_final( sess, FALSE, &digest_ctx, hash, &hash_len ); if (rc != CKR_OK) { - digest_mgr_cleanup( &digest_ctx ); st_err_log(126, __FILE__, __LINE__); return rc; } - digest_mgr_cleanup( &digest_ctx ); memset( &digest_ctx, 0x0, sizeof(DIGEST_CONTEXT) ); @@ -1360,21 +1313,18 @@ sha5_hmac_sign( SESSION * sess, // rc = digest_mgr_init( sess, &digest_ctx, &digest_mech ); if (rc != CKR_OK) { - digest_mgr_cleanup( &digest_ctx ); st_err_log(123, __FILE__, __LINE__); return rc; } rc = digest_mgr_digest_update( sess, &digest_ctx, k_opad, SHA5_BLOCK_SIZE ); if (rc != CKR_OK) { - digest_mgr_cleanup( &digest_ctx ); st_err_log(123, __FILE__, __LINE__); return rc; } rc = digest_mgr_digest_update( sess, &digest_ctx, hash, hash_len ); if (rc != CKR_OK) { - digest_mgr_cleanup( &digest_ctx ); st_err_log(123, __FILE__, __LINE__); return rc; } @@ -1382,7 +1332,6 @@ sha5_hmac_sign( SESSION * sess, hash_len = sizeof(hash); rc = digest_mgr_digest_final( sess, FALSE, &digest_ctx, hash, &hash_len ); if (rc != CKR_OK) { - digest_mgr_cleanup( &digest_ctx ); st_err_log(126, __FILE__, __LINE__); return rc; } @@ -1390,7 +1339,6 @@ sha5_hmac_sign( SESSION * sess, memcpy( out_data, hash, hmac_len ); *out_data_len = hmac_len; - digest_mgr_cleanup( &digest_ctx ); return CKR_OK; } @@ -1687,8 +1635,8 @@ ckm_sha1_final( DIGEST_CONTEXT * ctx, *out_data_len = SHA1_HASH_SIZE; return CKR_OK; - } - + } + return token_specific.t_sha_final(ctx, out_data, out_data_len); } diff --git a/usr/lib/pkcs11/common/mech_ssl3.c b/usr/lib/pkcs11/common/mech_ssl3.c index 5f53851..5cc71af 100755 --- a/usr/lib/pkcs11/common/mech_ssl3.c +++ b/usr/lib/pkcs11/common/mech_ssl3.c @@ -407,13 +407,13 @@ ssl3_mac_sign( SESSION * sess, // rc = digest_mgr_init( sess, &digest_ctx, &digest_mech ); if (rc != CKR_OK){ - st_err_log(123, __FILE__, __LINE__); - goto error; + st_err_log(123, __FILE__, __LINE__); + return rc; } rc = digest_mgr_digest_update( sess, &digest_ctx, key_data, key_bytes ); if (rc != CKR_OK){ - st_err_log(123, __FILE__, __LINE__); - goto error; + st_err_log(123, __FILE__, __LINE__); + return rc; } if (ctx->mech.mechanism == CKM_SSL3_MD5_MAC){ rc = digest_mgr_digest_update( sess, &digest_ctx, inner, 48 ); @@ -422,21 +422,20 @@ ssl3_mac_sign( SESSION * sess, rc = digest_mgr_digest_update( sess, &digest_ctx, inner, 40 ); } if (rc != CKR_OK){ - st_err_log(123, __FILE__, __LINE__); - goto error; + st_err_log(123, __FILE__, __LINE__); + return rc; } rc = digest_mgr_digest_update( sess, &digest_ctx, in_data, in_data_len ); if (rc != CKR_OK){ - st_err_log(123, __FILE__, __LINE__); - goto error; + st_err_log(123, __FILE__, __LINE__); + return rc; } hash_len = sizeof(hash); rc = digest_mgr_digest_final( sess, FALSE, &digest_ctx, hash, &hash_len ); if (rc != CKR_OK){ - st_err_log(126, __FILE__, __LINE__); - goto error; + st_err_log(126, __FILE__, __LINE__); + return rc; } - digest_mgr_cleanup( &digest_ctx ); memset( &digest_ctx, 0x0, sizeof(DIGEST_CONTEXT) ); @@ -444,38 +443,36 @@ ssl3_mac_sign( SESSION * sess, // rc = digest_mgr_init( sess, &digest_ctx, &digest_mech ); if (rc != CKR_OK){ - st_err_log(123, __FILE__, __LINE__); - goto error; + st_err_log(123, __FILE__, __LINE__); + return rc; } rc = digest_mgr_digest_update( sess, &digest_ctx, key_data, key_bytes ); if (rc != CKR_OK){ - st_err_log(123, __FILE__, __LINE__); - goto error; + st_err_log(123, __FILE__, __LINE__); + return rc; } if (ctx->mech.mechanism == CKM_SSL3_MD5_MAC) rc = digest_mgr_digest_update( sess, &digest_ctx, outer, 48 ); else rc = digest_mgr_digest_update( sess, &digest_ctx, outer, 40 ); if (rc != CKR_OK){ - st_err_log(123, __FILE__, __LINE__); - goto error; + st_err_log(123, __FILE__, __LINE__); + return rc; } rc = digest_mgr_digest_update( sess, &digest_ctx, hash, hash_len ); if (rc != CKR_OK){ - st_err_log(123, __FILE__, __LINE__); - goto error; + st_err_log(123, __FILE__, __LINE__); + return rc; } hash_len = sizeof(hash); rc = digest_mgr_digest_final( sess, FALSE, &digest_ctx, hash, &hash_len ); if (rc != CKR_OK){ - st_err_log(126, __FILE__, __LINE__); - goto error; + st_err_log(126, __FILE__, __LINE__); + return rc; } memcpy( out_data, hash, mac_len ); *out_data_len = mac_len; -error: - digest_mgr_cleanup( &digest_ctx ); return rc; } @@ -509,13 +506,12 @@ ssl3_mac_sign_update( SESSION * sess, rc = object_mgr_find_in_map1( ctx->key, &key_obj ); if (rc != CKR_OK){ st_err_log(110, __FILE__, __LINE__); - goto error; + return rc; } rc = template_attribute_find( key_obj->template, CKA_VALUE, &attr ); if (rc == FALSE) { st_err_log(4, __FILE__, __LINE__, __FUNCTION__); - rc = CKR_FUNCTION_FAILED; - goto error; + return CKR_FUNCTION_FAILED; } else { key_bytes = attr->ulValueLen; @@ -539,21 +535,21 @@ ssl3_mac_sign_update( SESSION * sess, // rc = digest_mgr_init( sess, &context->hash_context, &digest_mech ); if (rc != CKR_OK){ - st_err_log(123, __FILE__, __LINE__); - goto error; + st_err_log(123, __FILE__, __LINE__); + return rc; } rc = digest_mgr_digest_update( sess, &context->hash_context, key_data, key_bytes ); if (rc != CKR_OK){ - st_err_log(123, __FILE__, __LINE__); - goto error; + st_err_log(123, __FILE__, __LINE__); + return rc; } if (ctx->mech.mechanism == CKM_SSL3_MD5_MAC) rc = digest_mgr_digest_update( sess, &context->hash_context, inner, 48 ); else rc = digest_mgr_digest_update( sess, &context->hash_context, inner, 40 ); if (rc != CKR_OK){ - st_err_log(123, __FILE__, __LINE__); - goto error; + st_err_log(123, __FILE__, __LINE__); + return rc; } context->flag = TRUE; } @@ -561,14 +557,11 @@ ssl3_mac_sign_update( SESSION * sess, rc = digest_mgr_digest_update( sess, &context->hash_context, in_data, in_data_len ); if (rc != CKR_OK){ - st_err_log(123, __FILE__, __LINE__); - goto error; + st_err_log(123, __FILE__, __LINE__); + return rc; } - return CKR_OK; -error: - digest_mgr_cleanup( &context->hash_context ); - return rc; + return CKR_OK; } @@ -615,13 +608,12 @@ ssl3_mac_sign_final( SESSION * sess, rc = object_mgr_find_in_map1( ctx->key, &key_obj ); if (rc != CKR_OK){ st_err_log(110, __FILE__, __LINE__); - goto error; + return rc; } rc = template_attribute_find( key_obj->template, CKA_VALUE, &attr ); if (rc == FALSE) { st_err_log(4, __FILE__, __LINE__, __FUNCTION__); - rc = CKR_FUNCTION_FAILED; - goto error; + return CKR_FUNCTION_FAILED; } else { key_bytes = attr->ulValueLen; @@ -633,12 +625,11 @@ ssl3_mac_sign_final( SESSION * sess, hash_len = sizeof(hash); rc = digest_mgr_digest_final( sess, FALSE, &context->hash_context, hash, &hash_len ); if (rc != CKR_OK){ - st_err_log(126, __FILE__, __LINE__); - goto error; + st_err_log(126, __FILE__, __LINE__); + return rc; } // now, do the outer hash // - digest_mgr_cleanup( &context->hash_context ); memset( &context->hash_context, 0x0, sizeof(SSL3_MAC_CONTEXT) ); memset( outer, 0x5C, 48 ); @@ -653,13 +644,13 @@ ssl3_mac_sign_final( SESSION * sess, rc = digest_mgr_init( sess, &context->hash_context, &digest_mech ); if (rc != CKR_OK){ - st_err_log(123, __FILE__, __LINE__); - goto error; + st_err_log(123, __FILE__, __LINE__); + return rc; } rc = digest_mgr_digest_update( sess, &context->hash_context, key_data, key_bytes ); if (rc != CKR_OK){ - st_err_log(123, __FILE__, __LINE__); - goto error; + st_err_log(123, __FILE__, __LINE__); + return rc; } if (ctx->mech.mechanism == CKM_SSL3_MD5_MAC) rc = digest_mgr_digest_update( sess, &context->hash_context, outer, 48 ); @@ -667,25 +658,23 @@ ssl3_mac_sign_final( SESSION * sess, rc = digest_mgr_digest_update( sess, &context->hash_context, outer, 40 ); if (rc != CKR_OK){ - st_err_log(123, __FILE__, __LINE__); - goto error; + st_err_log(123, __FILE__, __LINE__); + return rc; } rc = digest_mgr_digest_update( sess, &context->hash_context, hash, hash_len ); if (rc != CKR_OK){ - st_err_log(123, __FILE__, __LINE__); - goto error; + st_err_log(123, __FILE__, __LINE__); + return rc; } hash_len = sizeof(hash); rc = digest_mgr_digest_final( sess, FALSE, &context->hash_context, hash, &hash_len ); if (rc != CKR_OK){ - st_err_log(126, __FILE__, __LINE__); - goto error; + st_err_log(126, __FILE__, __LINE__); + return rc; } memcpy( out_data, hash, mac_len ); *out_data_len = mac_len; -error: - digest_mgr_cleanup( &context->hash_context ); return rc; } @@ -772,13 +761,12 @@ ssl3_mac_verify_update( SESSION * sess, rc = object_mgr_find_in_map1( ctx->key, &key_obj ); if (rc != CKR_OK){ st_err_log(110, __FILE__, __LINE__); - goto error; + return rc; } rc = template_attribute_find( key_obj->template, CKA_VALUE, &attr ); if (rc == FALSE) { st_err_log(4, __FILE__, __LINE__, __FUNCTION__); - rc = CKR_FUNCTION_FAILED; - goto error; + return CKR_FUNCTION_FAILED; } else { key_bytes = attr->ulValueLen; @@ -802,35 +790,32 @@ ssl3_mac_verify_update( SESSION * sess, // rc = digest_mgr_init( sess, &context->hash_context, &digest_mech ); if (rc != CKR_OK){ - st_err_log(123, __FILE__, __LINE__); - goto error; + st_err_log(123, __FILE__, __LINE__); + return rc; } rc = digest_mgr_digest_update( sess, &context->hash_context, key_data, key_bytes ); if (rc != CKR_OK){ - st_err_log(123, __FILE__, __LINE__); - goto error; + st_err_log(123, __FILE__, __LINE__); + return rc; } if (ctx->mech.mechanism == CKM_SSL3_MD5_MAC) rc = digest_mgr_digest_update( sess, &context->hash_context, inner, 48 ); else rc = digest_mgr_digest_update( sess, &context->hash_context, inner, 40 ); if (rc != CKR_OK){ - st_err_log(123, __FILE__, __LINE__); - goto error; + st_err_log(123, __FILE__, __LINE__); + return rc; } context->flag = TRUE; } rc = digest_mgr_digest_update( sess, &context->hash_context, in_data, in_data_len ); if (rc != CKR_OK){ - st_err_log(123, __FILE__, __LINE__); - goto error; + st_err_log(123, __FILE__, __LINE__); + return rc; } - return CKR_OK; -error: - digest_mgr_cleanup( &context->hash_context ); - return rc; + return CKR_OK; } @@ -865,13 +850,12 @@ ssl3_mac_verify_final( SESSION * sess, rc = object_mgr_find_in_map1( ctx->key, &key_obj ); if (rc != CKR_OK){ st_err_log(110, __FILE__, __LINE__); - goto error; + return rc; } rc = template_attribute_find( key_obj->template, CKA_VALUE, &attr ); if (rc == FALSE) { st_err_log(4, __FILE__, __LINE__, __FUNCTION__); - rc = CKR_FUNCTION_FAILED; - goto error; + return CKR_FUNCTION_FAILED; } else { key_bytes = attr->ulValueLen; @@ -883,12 +867,11 @@ ssl3_mac_verify_final( SESSION * sess, hash_len = sizeof(hash); rc = digest_mgr_digest_final( sess, FALSE, &context->hash_context, hash, &hash_len ); if (rc != CKR_OK){ - st_err_log(126, __FILE__, __LINE__); - goto error; + st_err_log(126, __FILE__, __LINE__); + return rc; } // now, do the outer hash // - digest_mgr_cleanup( &context->hash_context ); memset( &context->hash_context, 0x0, sizeof(SSL3_MAC_CONTEXT) ); memset( outer, 0x5C, 48 ); @@ -903,13 +886,13 @@ ssl3_mac_verify_final( SESSION * sess, rc = digest_mgr_init( sess, &context->hash_context, &digest_mech ); if (rc != CKR_OK){ - st_err_log(123, __FILE__, __LINE__); - goto error; + st_err_log(123, __FILE__, __LINE__); + return rc; } rc = digest_mgr_digest_update( sess, &context->hash_context, key_data, key_bytes ); if (rc != CKR_OK){ - st_err_log(123, __FILE__, __LINE__); - goto error; + st_err_log(123, __FILE__, __LINE__); + return rc; } if (ctx->mech.mechanism == CKM_SSL3_MD5_MAC) rc = digest_mgr_digest_update( sess, &context->hash_context, outer, 48 ); @@ -917,30 +900,29 @@ ssl3_mac_verify_final( SESSION * sess, rc = digest_mgr_digest_update( sess, &context->hash_context, outer, 40 ); if (rc != CKR_OK){ - st_err_log(123, __FILE__, __LINE__); - goto error; + st_err_log(123, __FILE__, __LINE__); + return rc; } rc = digest_mgr_digest_update( sess, &context->hash_context, hash, hash_len ); if (rc != CKR_OK){ - st_err_log(123, __FILE__, __LINE__); - goto error; + st_err_log(123, __FILE__, __LINE__); + return rc; } hash_len = sizeof(hash); rc = digest_mgr_digest_final( sess, FALSE, &context->hash_context, hash, &hash_len ); if (rc != CKR_OK){ - st_err_log(126, __FILE__, __LINE__); - goto error; + st_err_log(126, __FILE__, __LINE__); + return rc; } if ((mac_len != sig_len) || (mac_len > hash_len)){ - st_err_log(47, __FILE__, __LINE__); + st_err_log(47, __FILE__, __LINE__); rc = CKR_SIGNATURE_INVALID; } else if (memcmp(signature, hash, sig_len) != 0){ rc = CKR_SIGNATURE_INVALID; - st_err_log(47, __FILE__, __LINE__); + st_err_log(47, __FILE__, __LINE__); } -error: - digest_mgr_cleanup( &context->hash_context ); + return rc; } @@ -1060,45 +1042,44 @@ ssl3_sha_then_md5( SESSION * sess, rc = digest_mgr_init( sess, &digest_ctx, &digest_mech ); if (rc != CKR_OK){ - st_err_log(123, __FILE__, __LINE__); - goto error; + st_err_log(123, __FILE__, __LINE__); + return rc; } rc = digest_mgr_digest_update( sess, &digest_ctx, variableData, variableDataLen ); if (rc != CKR_OK){ - st_err_log(123, __FILE__, __LINE__); - goto error; + st_err_log(123, __FILE__, __LINE__); + return rc; } rc = digest_mgr_digest_update( sess, &digest_ctx, secret, 48 ); if (rc != CKR_OK){ - st_err_log(123, __FILE__, __LINE__); - goto error; + st_err_log(123, __FILE__, __LINE__); + return rc; } rc = digest_mgr_digest_update( sess, &digest_ctx, firstRandom, firstRandomLen ); if (rc != CKR_OK){ - st_err_log(123, __FILE__, __LINE__); - goto error; + st_err_log(123, __FILE__, __LINE__); + return rc; } rc = digest_mgr_digest_update( sess, &digest_ctx, secondRandom, secondRandomLen ); if (rc != CKR_OK){ - st_err_log(123, __FILE__, __LINE__); - goto error; + st_err_log(123, __FILE__, __LINE__); + return rc; } len = sizeof(hash); rc = digest_mgr_digest_final( sess, FALSE, &digest_ctx, hash, &len ); if (rc != CKR_OK){ - st_err_log(126, __FILE__, __LINE__); - goto error; + st_err_log(126, __FILE__, __LINE__); + return rc; } - digest_mgr_cleanup( &digest_ctx ); // MD5(secret + SHA(...)) // @@ -1109,18 +1090,18 @@ ssl3_sha_then_md5( SESSION * sess, rc = digest_mgr_init( sess, &digest_ctx, &digest_mech ); if (rc != CKR_OK){ - st_err_log(123, __FILE__, __LINE__); - goto error; + st_err_log(123, __FILE__, __LINE__); + return rc; } rc = digest_mgr_digest_update( sess, &digest_ctx, secret, 48 ); if (rc != CKR_OK){ - st_err_log(123, __FILE__, __LINE__); - goto error; + st_err_log(123, __FILE__, __LINE__); + return rc; } rc = digest_mgr_digest_update( sess, &digest_ctx, hash, len ); if (rc != CKR_OK){ - st_err_log(123, __FILE__, __LINE__); - goto error; + st_err_log(123, __FILE__, __LINE__); + return rc; } len = sizeof(hash); rc = digest_mgr_digest_final( sess, FALSE, &digest_ctx, hash, &len ); @@ -1129,9 +1110,8 @@ ssl3_sha_then_md5( SESSION * sess, memcpy( outBuff, hash, len ); } else - st_err_log(126, __FILE__, __LINE__); -error: - digest_mgr_cleanup( &digest_ctx ); + st_err_log(126, __FILE__, __LINE__); + return rc; } @@ -1168,8 +1148,8 @@ ssl3_md5_only( SESSION * sess, rc = digest_mgr_init( sess, &digest_ctx, &digest_mech ); if (rc != CKR_OK){ - st_err_log(123, __FILE__, __LINE__); - goto error; + st_err_log(123, __FILE__, __LINE__); + return rc; } if (firstString != NULL) { rc = digest_mgr_digest_update( sess, @@ -1177,8 +1157,8 @@ ssl3_md5_only( SESSION * sess, firstString, firstStringLen ); if (rc != CKR_OK){ - st_err_log(123, __FILE__, __LINE__); - goto error; + st_err_log(123, __FILE__, __LINE__); + return rc; } } @@ -1187,26 +1167,25 @@ ssl3_md5_only( SESSION * sess, secondString, secondStringLen ); if (rc != CKR_OK){ - st_err_log(123, __FILE__, __LINE__); - goto error; - } + st_err_log(123, __FILE__, __LINE__); + return rc; + } rc = digest_mgr_digest_update( sess, &digest_ctx, thirdString, thirdStringLen ); if (rc != CKR_OK){ - st_err_log(123, __FILE__, __LINE__); - goto error; + st_err_log(123, __FILE__, __LINE__); + return rc; } len = sizeof(hash); rc = digest_mgr_digest_final( sess, FALSE, &digest_ctx, hash, &len ); if (rc == CKR_OK){ - st_err_log(126, __FILE__, __LINE__); + st_err_log(126, __FILE__, __LINE__); memcpy( outBuff, hash, len ); } -error: - digest_mgr_cleanup( &digest_ctx ); + return rc; } diff --git a/usr/lib/pkcs11/common/new_host.c b/usr/lib/pkcs11/common/new_host.c index b6003e4..803e986 100755 --- a/usr/lib/pkcs11/common/new_host.c +++ b/usr/lib/pkcs11/common/new_host.c @@ -2919,9 +2919,6 @@ CK_RV SC_Digest( ST_SESSION_HANDLE sSession, } done: - if (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE)) - digest_mgr_cleanup( &sess->digest_ctx ); - LLOCK; if (debugfile) { stlogit2(debugfile, "%-25s: rc = %08x, sess = %d, datalen = %d\n", "C_Digest", rc, (sess == NULL)?-1:(CK_LONG)sess->handle, ulDataLen ); @@ -2977,9 +2974,6 @@ CK_RV SC_DigestUpdate( ST_SESSION_HANDLE sSession, } } done: - if (rc != CKR_OK) - digest_mgr_cleanup( &sess->digest_ctx ); - LLOCK; if (debugfile) { stlogit2(debugfile, "%-25s: rc = %08x, sess = %d, datalen = %d\n", "C_DigestUpdate", rc, (sess == NULL)?-1:(CK_LONG)sess->handle, ulPartLen ); @@ -3024,9 +3018,6 @@ CK_RV SC_DigestKey( ST_SESSION_HANDLE sSession, } done: - if (rc != CKR_OK) - digest_mgr_cleanup( &sess->digest_ctx ); - LLOCK; if (debugfile) { stlogit2(debugfile, "%-25s: rc = %08x, sess = %d, key = %d\n", "C_DigestKey", rc, (sess == NULL)?-1:(CK_LONG)sess->handle, hKey ); @@ -3085,9 +3076,6 @@ CK_RV SC_DigestFinal( ST_SESSION_HANDLE sSession, } done: - if (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE)) - digest_mgr_cleanup( &sess->digest_ctx ); - LLOCK; if (debugfile) { stlogit2(debugfile, "%-25s: rc = %08x, sess = %d\n", "C_DigestFinal", rc, (sess == NULL)?-1:(CK_LONG)sess->handle ); -- 1.7.2.3 ------------------------------------------------------------------------------ Lotusphere 2011 Register now for Lotusphere 2011 and learn how to connect the dots, take your collaborative environment to the next level, and enter the era of Social Business. http://p.sf.net/sfu/lotusphere-d2d _______________________________________________ Opencryptoki-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/opencryptoki-tech
