Mercurial > illumos > illumos-gate
changeset 2940:9c02516c8e86
6464106 contexts and key schedules might not be cleared all the time
6480958 "Keystore version failure" warning message should be moved to LOG_DEBUG
author | izick |
---|---|
date | Tue, 17 Oct 2006 14:57:56 -0700 |
parents | fac46b1b7c81 |
children | c9db5d0a909b |
files | usr/src/lib/pkcs11/pkcs11_softtoken/common/softBlowfishCrypt.c usr/src/lib/pkcs11/pkcs11_softtoken/common/softDecrypt.c usr/src/lib/pkcs11/pkcs11_softtoken/common/softEncrypt.c usr/src/lib/pkcs11/pkcs11_softtoken/common/softEncryptUtil.c usr/src/lib/pkcs11/pkcs11_softtoken/common/softKeys.c usr/src/lib/pkcs11/pkcs11_softtoken/common/softKeystoreUtil.c usr/src/lib/pkcs11/pkcs11_softtoken/common/softSign.c usr/src/lib/pkcs11/pkcs11_softtoken/common/softSignUtil.c usr/src/lib/pkcs11/pkcs11_softtoken/common/softVerify.c |
diffstat | 9 files changed, 111 insertions(+), 130 deletions(-) [+] |
line wrap: on
line diff
--- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softBlowfishCrypt.c Tue Oct 17 12:33:42 2006 -0700 +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softBlowfishCrypt.c Tue Oct 17 14:57:56 2006 -0700 @@ -1,5 +1,25 @@ /* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * CDDL HEADER START + * + * The contents of this file are subject to the terms of the + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. + * + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE + * or http://www.opensolaris.org/os/licensing. + * See the License for the specific language governing permissions + * and limitations under the License. + * + * When distributing Covered Code, include this CDDL HEADER in each + * file and include the License file at usr/src/OPENSOLARIS.LICENSE. + * If applicable, add the following below this CDDL HEADER, with the + * fields enclosed by brackets "[]" replaced with your own identifying + * information: Portions Copyright [yyyy] [name of copyright owner] + * + * CDDL HEADER END + */ +/* + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -264,14 +284,14 @@ (ulDataLen - remain), remain); soft_blowfish_ctx->remain_len = remain; + return (CKR_OK); } - return (CKR_OK); + } else { + *pulEncryptedLen = 0; + rv = CKR_FUNCTION_FAILED; } - *pulEncryptedLen = 0; - rv = CKR_FUNCTION_FAILED; - cleanup: (void) pthread_mutex_lock(&session_p->session_mutex); blowfish_ctx = (blowfish_ctx_t *)soft_blowfish_ctx->blowfish_cbc; @@ -321,7 +341,7 @@ } /* - * If application asks for the length of the putput buffer + * If application asks for the length of the output buffer * to hold the plaintext? */ if (pData == NULL) {
--- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDecrypt.c Tue Oct 17 12:33:42 2006 -0700 +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDecrypt.c Tue Oct 17 14:57:56 2006 -0700 @@ -181,20 +181,9 @@ return (rv); } - /* - * Normal exit. - * Terminates the active encrypt operation. - * Application needs to call C_EncryptInit again for next - * encrypt operation. - */ - (void) pthread_mutex_lock(&session_p->session_mutex); - session_p->decrypt.flags = 0; - lock_held = B_TRUE; - SES_REFRELE(session_p, lock_held); - return (rv); - clean_exit: - soft_crypt_cleanup(session_p, B_FALSE, lock_held); + /* Clear context, free key, and release session counter */ + soft_crypt_cleanup(session_p, B_FALSE, B_FALSE); return (rv); }
--- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softEncrypt.c Tue Oct 17 12:33:42 2006 -0700 +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softEncrypt.c Tue Oct 17 14:57:56 2006 -0700 @@ -183,21 +183,9 @@ return (rv); } - /* - * Normal exit. - * Terminates the active encrypt operation. - * Application needs to call C_EncryptInit again for next - * encrypt operation. - */ - (void) pthread_mutex_lock(&session_p->session_mutex); - session_p->encrypt.flags = 0; - lock_held = B_TRUE; - SES_REFRELE(session_p, lock_held); - return (rv); - clean_exit: - soft_crypt_cleanup(session_p, B_TRUE, lock_held); - + /* Clear context, free key, and release session counter */ + soft_crypt_cleanup(session_p, B_TRUE, B_FALSE); return (rv); }
--- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softEncryptUtil.c Tue Oct 17 12:33:42 2006 -0700 +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softEncryptUtil.c Tue Oct 17 14:57:56 2006 -0700 @@ -868,7 +868,18 @@ case CKM_RSA_X_509: case CKM_RSA_PKCS: + { + soft_rsa_ctx_t *rsa_ctx = + (soft_rsa_ctx_t *)active_op->context; + + if (rsa_ctx != NULL) + if (rsa_ctx->key != NULL) { + soft_cleanup_object(rsa_ctx->key); + free(rsa_ctx->key); + } + break; + } } /* switch */
--- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softKeys.c Tue Oct 17 12:33:42 2006 -0700 +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softKeys.c Tue Oct 17 14:57:56 2006 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -201,8 +200,13 @@ hkey_p, pWrappedKey, pulWrappedKeyLen); (void) pthread_mutex_lock(&session_p->session_mutex); + + lock_held = B_TRUE; session_p->encrypt.flags = 0; - lock_held = B_TRUE; + + if ((rv == CKR_OK && pWrappedKey == NULL) || + rv == CKR_BUFFER_TOO_SMALL) + soft_crypt_cleanup(session_p, B_TRUE, lock_held); clean_exit2: OBJ_REFRELE(hkey_p); @@ -297,6 +301,11 @@ phKey); (void) pthread_mutex_lock(&session_p->session_mutex); + + if ((rv == CKR_OK && pWrappedKey == NULL) || + rv == CKR_BUFFER_TOO_SMALL) + soft_crypt_cleanup(session_p, B_TRUE, lock_held); + session_p->decrypt.flags = 0; lock_held = B_TRUE;
--- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softKeystoreUtil.c Tue Oct 17 12:33:42 2006 -0700 +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softKeystoreUtil.c Tue Oct 17 14:57:56 2006 -0700 @@ -3030,7 +3030,7 @@ else { soft_slot.keystore_load_status = KEYSTORE_UNAVAILABLE; - cryptoerror(LOG_ERR, + cryptoerror(LOG_DEBUG, "pkcs11_softtoken: " "Cannot create keystore."); break; @@ -3044,8 +3044,8 @@ if (soft_keystore_get_version(&soft_slot.ks_version, B_FALSE) != 0) { soft_slot.keystore_load_status = KEYSTORE_UNAVAILABLE; - cryptoerror(LOG_ERR, - "pkcs11_softtoken: Keystore version failure."); + cryptoerror(LOG_DEBUG, + "pkcs11_softtoken: Keystore access failed."); break; } @@ -3060,7 +3060,7 @@ != CKR_OK) { (void) soft_destroy_token_session(); soft_slot.keystore_load_status = KEYSTORE_UNAVAILABLE; - cryptoerror(LOG_ERR, + cryptoerror(LOG_DEBUG, "pkcs11_softtoken: Cannot initialize keystore."); break; }
--- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSign.c Tue Oct 17 12:33:42 2006 -0700 +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSign.c Tue Oct 17 14:57:56 2006 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -167,18 +166,8 @@ return (rv); } - /* - * Terminates the active sign operation. - * Application needs to call C_SignInit again for next - * sign operation. - */ - (void) pthread_mutex_lock(&session_p->session_mutex); - session_p->sign.flags = 0; - lock_held = B_TRUE; - SES_REFRELE(session_p, lock_held); - return (rv); - clean_exit: + /* Clear contexts, free key, and release session counter */ soft_sign_verify_cleanup(session_p, B_TRUE, B_FALSE); return (rv); } @@ -236,10 +225,7 @@ } clean_exit: - /* - * After an error occurred, terminate the current sign - * operation by resetting the active and update flags. - */ + /* After error, clear context, free key, & release session counter */ soft_sign_verify_cleanup(session_p, B_TRUE, B_FALSE); return (rv); @@ -296,14 +282,9 @@ SES_REFRELE(session_p, lock_held); return (rv); } - /* Terminates the active sign operation */ - (void) pthread_mutex_lock(&session_p->session_mutex); - session_p->sign.flags = 0; - lock_held = B_TRUE; - SES_REFRELE(session_p, lock_held); - return (rv); clean_exit: + /* Clear contexts, free key, and release session counter */ soft_sign_verify_cleanup(session_p, B_TRUE, B_FALSE); return (rv); } @@ -428,20 +409,7 @@ } clean_exit: - (void) pthread_mutex_lock(&session_p->session_mutex); - lock_held = B_TRUE; - session_p->sign.flags = 0; - /* - * Free the active context right here. We don't need to call - * soft_sign_verify_cleanup() because this function is only - * applicable to CKM_RSA_PKCS and CKM_RSA_X_509 that only has - * one active context. - */ - if (session_p->sign.context != NULL) { - free(session_p->sign.context); - session_p->sign.context = NULL; - } - SES_REFRELE(session_p, lock_held); - + /* Clear contexts, free key, and release session counter */ + soft_sign_verify_cleanup(session_p, B_TRUE, B_FALSE); return (rv); }
--- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSignUtil.c Tue Oct 17 12:33:42 2006 -0700 +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSignUtil.c Tue Oct 17 14:57:56 2006 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -437,19 +436,46 @@ case CKM_SHA256_RSA_PKCS: case CKM_SHA384_RSA_PKCS: case CKM_SHA512_RSA_PKCS: + if (session_p->digest.context != NULL) { + free(session_p->digest.context); + session_p->digest.context = NULL; + session_p->digest.flags = 0; + } + /* FALLTHRU */ + + case CKM_RSA_PKCS: + case CKM_RSA_X_509: + { + soft_rsa_ctx_t *rsa_ctx = + (soft_rsa_ctx_t *)active_op->context; + + if (rsa_ctx != NULL && rsa_ctx->key != NULL) { + soft_cleanup_object(rsa_ctx->key); + free(rsa_ctx->key); + } + break; + + } case CKM_DSA_SHA1: if (session_p->digest.context != NULL) { free(session_p->digest.context); session_p->digest.context = NULL; session_p->digest.flags = 0; } + + /* FALLTHRU */ + case CKM_DSA: + { + soft_dsa_ctx_t *dsa_ctx = + (soft_dsa_ctx_t *)active_op->context; + + if (dsa_ctx != NULL && dsa_ctx->key != NULL) { + soft_cleanup_object(dsa_ctx->key); + free(dsa_ctx->key); + } break; - case CKM_RSA_PKCS: - case CKM_RSA_X_509: - case CKM_DSA: - break; - + } case CKM_SSL3_MD5_MAC: case CKM_SSL3_SHA1_MAC: case CKM_MD5_HMAC_GENERAL:
--- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softVerify.c Tue Oct 17 12:33:42 2006 -0700 +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softVerify.c Tue Oct 17 14:57:56 2006 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -154,18 +153,9 @@ rv = soft_verify(session_p, pData, ulDataLen, pSignature, ulSignatureLen); - /* - * Always terminate the active verify operation. - * Application needs to call C_VerifyInit again for next - * verify operation. - */ - (void) pthread_mutex_lock(&session_p->session_mutex); - session_p->verify.flags = 0; - lock_held = B_TRUE; - SES_REFRELE(session_p, lock_held); - return (rv); clean_exit: + /* Clear context, free key, and release session counter */ soft_sign_verify_cleanup(session_p, B_FALSE, B_FALSE); return (rv); } @@ -223,10 +213,7 @@ } clean_exit: - /* - * After an error occurred, terminate the current verify - * operation by resetting the active and update flags. - */ + /* After error, clear context, free key, & release session counter */ soft_sign_verify_cleanup(session_p, B_FALSE, B_FALSE); return (rv); @@ -268,12 +255,8 @@ rv = soft_verify_final(session_p, pSignature, ulSignatureLen); clean_exit: - /* Always terminate the active verify operation */ - (void) pthread_mutex_lock(&session_p->session_mutex); - session_p->verify.flags = 0; - lock_held = B_TRUE; - SES_REFRELE(session_p, lock_held); - + /* Clear contexts, free key, and release session counter */ + soft_sign_verify_cleanup(session_p, B_FALSE, B_FALSE); return (rv); } @@ -396,20 +379,7 @@ } clean_exit: - (void) pthread_mutex_lock(&session_p->session_mutex); - lock_held = B_TRUE; - session_p->verify.flags = 0; - /* - * Free the active context right here. We don't need to call - * soft_sign_verify_cleanup() because this function is only - * applicable to CKM_RSA_PKCS and CKM_RSA_X_509 that only has - * one active context. - */ - if (session_p->verify.context != NULL) { - free(session_p->verify.context); - session_p->verify.context = NULL; - } - SES_REFRELE(session_p, lock_held); - + /* Clear context, free key, and release session counter */ + soft_sign_verify_cleanup(session_p, B_FALSE, B_FALSE); return (rv); }