[Opencryptoki-tech] [PATCH 1/3] Clean-up digest context inside digest_mgr functions
Brought to you by:
ebarretto
Menu
▾
▴
[Opencryptoki-tech] [PATCH 1/3] Clean-up digest context inside digest_mgr functions
|
From: Klaus H. K. <kl...@li...> - 2010-12-18 20:02:43
|
For most C_Digest* functions (exception is C_DigestKey), the spec
specified the scenarios in which a digest operation should
terminate (either due to error or normal finalization).
This patch brings the digest_mgr_cleanup() function to be called
from *inside* the digest_mgr_* functions, so we can better manage
resources from a single place.
This patch is for the `common` part, and also fix at least one
memory leak in the software-fallback SHA1 code (where
ckm_sha1_init could continuously allocate contexts without
being properly cleaned-up)
Signed-off-by: Klaus Heinrich Kiwi <kl...@li...>
---
usr/lib/pkcs11/common/dig_mgr.c | 139 ++++++++++++++++-------
usr/lib/pkcs11/common/mech_md2.c | 2 -
usr/lib/pkcs11/common/mech_md5.c | 13 --
usr/lib/pkcs11/common/mech_rsa.c | 40 ++-----
usr/lib/pkcs11/common/mech_sha.c | 56 +---------
usr/lib/pkcs11/common/mech_ssl3.c | 229 +++++++++++++++++--------------------
usr/lib/pkcs11/common/new_host.c | 12 --
7 files changed, 219 insertions(+), 272 deletions(-)
diff --git a/usr/lib/pkcs11/common/dig_mgr.c b/usr/lib/pkcs11/common/dig_mgr.c
index 9561e2f..867435b 100755
--- a/usr/lib/pkcs11/common/dig_mgr.c
+++ b/usr/lib/pkcs11/common/dig_mgr.c
@@ -328,15 +328,16 @@ digest_mgr_init( SESSION *sess,
case CKM_SHA_1:
{
if (mech->ulParameterLen != 0){
- st_err_log(29, __FILE__, __LINE__);
+ st_err_log(29, __FILE__, __LINE__);
return CKR_MECHANISM_PARAM_INVALID;
}
-
+
ctx->context = NULL;
ckm_sha1_init( ctx );
-
+
if (!ctx->context) {
- st_err_log(1, __FILE__, __LINE__);
+ digest_mgr_cleanup(ctx); // to de-initialize context above
+ st_err_log(1, __FILE__, __LINE__);
return CKR_HOST_MEMORY;
}
}
@@ -353,6 +354,7 @@ digest_mgr_init( SESSION *sess,
ckm_sha2_init( ctx );
if (!ctx->context) {
+ digest_mgr_cleanup(ctx); // to de-initialize context above
st_err_log(1, __FILE__, __LINE__);
return CKR_HOST_MEMORY;
}
@@ -370,6 +372,7 @@ digest_mgr_init( SESSION *sess,
ckm_sha3_init( ctx );
if (!ctx->context) {
+ digest_mgr_cleanup(ctx); // to de-initialize context above
st_err_log(1, __FILE__, __LINE__);
return CKR_HOST_MEMORY;
}
@@ -387,6 +390,7 @@ digest_mgr_init( SESSION *sess,
ckm_sha5_init( ctx );
if (!ctx->context) {
+ digest_mgr_cleanup(ctx); // to de-initialize context above
st_err_log(1, __FILE__, __LINE__);
return CKR_HOST_MEMORY;
}
@@ -402,6 +406,7 @@ digest_mgr_init( SESSION *sess,
ctx->context_len = sizeof(MD2_CONTEXT);
ctx->context = (CK_BYTE *)malloc(sizeof(MD2_CONTEXT));
if (!ctx->context){
+ digest_mgr_cleanup(ctx); // to de-initialize context above
st_err_log(1, __FILE__, __LINE__);
return CKR_HOST_MEMORY;
}
@@ -418,6 +423,7 @@ digest_mgr_init( SESSION *sess,
ctx->context_len = sizeof(MD5_CONTEXT);
ctx->context = (CK_BYTE *)malloc(sizeof(MD5_CONTEXT));
if (!ctx->context){
+ digest_mgr_cleanup(ctx); // to de-initialize context above
st_err_log(1, __FILE__, __LINE__);
return CKR_HOST_MEMORY;
}
@@ -433,6 +439,7 @@ digest_mgr_init( SESSION *sess,
if (mech->ulParameterLen > 0) {
ptr = (CK_BYTE *)malloc(mech->ulParameterLen);
if (!ptr){
+ digest_mgr_cleanup(ctx); // to de-initialize context above
st_err_log(1, __FILE__, __LINE__);
return CKR_HOST_MEMORY;
}
@@ -489,6 +496,7 @@ digest_mgr_digest( SESSION *sess,
CK_BYTE *out_data,
CK_ULONG *out_data_len )
{
+ CK_RV rc;
if (!sess || !ctx){
st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
@@ -504,53 +512,70 @@ digest_mgr_digest( SESSION *sess,
//
if ((length_only == FALSE) && (!in_data || !out_data)){
st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
- return CKR_FUNCTION_FAILED;
+ rc = CKR_FUNCTION_FAILED;
+ goto out;
}
if (ctx->multi == TRUE){
st_err_log(31, __FILE__, __LINE__);
- return CKR_OPERATION_ACTIVE;
+ rc = CKR_FUNCTION_FAILED;
+ goto out;
}
switch (ctx->mech.mechanism) {
case CKM_SHA_1:
- return sha1_hash( sess, length_only, ctx,
+ rc = sha1_hash( sess, length_only, ctx,
in_data, in_data_len,
out_data, out_data_len );
+ break;
case CKM_SHA256:
- return sha2_hash( sess, length_only, ctx,
+ rc = sha2_hash( sess, length_only, ctx,
in_data, in_data_len,
out_data, out_data_len );
+ break;
case CKM_SHA384:
- return sha3_hash( sess, length_only, ctx,
+ rc = sha3_hash( sess, length_only, ctx,
in_data, in_data_len,
out_data, out_data_len );
+ break;
case CKM_SHA512:
- return sha5_hash( sess, length_only, ctx,
+ rc = sha5_hash( sess, length_only, ctx,
in_data, in_data_len,
out_data, out_data_len );
+ break;
#if !(NOMD2 )
case CKM_MD2:
- return md2_hash( sess, length_only, ctx,
+ rc = md2_hash( sess, length_only, ctx,
in_data, in_data_len,
out_data, out_data_len );
+ break;
#endif
case CKM_MD5:
- return md5_hash( sess, length_only, ctx,
+ rc = md5_hash( sess, length_only, ctx,
in_data, in_data_len,
out_data, out_data_len );
+ break;
default:
st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
- return CKR_FUNCTION_FAILED; // shouldn't happen
+ rc = CKR_FUNCTION_FAILED; // shouldn't happen
}
- st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
- return CKR_FUNCTION_FAILED;
+out:
+ if ( !((rc == CKR_BUFFER_TOO_SMALL) ||
+ (rc == CKR_OK && length_only == TRUE)) ) {
+ // "A call to C_Digest always terminates the active digest operation unless it
+ // returns CKR_BUFFER_TOO_SMALL or is a successful call (i.e., one which returns CKR_OK)
+ // to determine the length of the buffer needed to hold the message digest."
+ digest_mgr_cleanup(ctx);
+ }
+
+ return rc;
+
}
@@ -562,6 +587,8 @@ digest_mgr_digest_update( SESSION *sess,
CK_BYTE *data,
CK_ULONG data_len )
{
+ CK_RV rc;
+
if (!sess || !ctx){
st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
return CKR_FUNCTION_FAILED;
@@ -575,32 +602,42 @@ digest_mgr_digest_update( SESSION *sess,
switch (ctx->mech.mechanism) {
case CKM_SHA_1:
- return sha1_hash_update( sess, ctx, data, data_len );
+ rc = sha1_hash_update( sess, ctx, data, data_len );
+ break;
case CKM_SHA256:
- return sha2_hash_update( sess, ctx, data, data_len );
+ rc = sha2_hash_update( sess, ctx, data, data_len );
+ break;
case CKM_SHA384:
- return sha3_hash_update( sess, ctx, data, data_len );
+ rc = sha3_hash_update( sess, ctx, data, data_len );
+ break;
case CKM_SHA512:
- return sha5_hash_update( sess, ctx, data, data_len );
+ rc = sha5_hash_update( sess, ctx, data, data_len );
+ break;
#if !(NOMD2)
case CKM_MD2:
- return md2_hash_update( sess, ctx, data, data_len );
+ rc = md2_hash_update( sess, ctx, data, data_len );
+ break;
#endif
case CKM_MD5:
- return md5_hash_update( sess, ctx, data, data_len );
+ rc = md5_hash_update( sess, ctx, data, data_len );
+ break;
default:
st_err_log(28, __FILE__, __LINE__);
- return CKR_MECHANISM_INVALID;
+ rc = CKR_MECHANISM_INVALID;
+ }
+
+ if (rc != CKR_OK) {
+ digest_mgr_cleanup(ctx); // "A call to C_DigestUpdate which results in an error
+ // terminates the current digest operation."
}
- st_err_log(28, __FILE__, __LINE__);
- return CKR_MECHANISM_INVALID; // shouldn't happen!
+ return rc;
}
@@ -625,21 +662,24 @@ digest_mgr_digest_key( SESSION * sess,
rc = object_mgr_find_in_map1( key_handle, &key_obj );
if (rc != CKR_OK){
st_err_log(18, __FILE__, __LINE__);
- return CKR_KEY_HANDLE_INVALID;
+ rc = CKR_KEY_HANDLE_INVALID;
+ goto out;
}
// only allow digesting of CKO_SECRET keys
//
rc = template_attribute_find( key_obj->template, CKA_CLASS, &attr );
if (rc == FALSE) {
st_err_log(24, __FILE__, __LINE__);
- return CKR_KEY_INDIGESTIBLE;
+ rc = CKR_KEY_INDIGESTIBLE;
+ goto out;
}
else
class = *(CK_OBJECT_CLASS *)attr->pValue;
if (class != CKO_SECRET_KEY){
st_err_log(24, __FILE__, __LINE__);
- return CKR_KEY_INDIGESTIBLE;
+ rc = CKR_KEY_INDIGESTIBLE;
+ goto out;
}
// every secret key has a CKA_VALUE attribute
@@ -647,7 +687,8 @@ digest_mgr_digest_key( SESSION * sess,
rc = template_attribute_find( key_obj->template, CKA_VALUE, &attr );
if (!rc){
st_err_log(24, __FILE__, __LINE__);
- return CKR_KEY_INDIGESTIBLE;
+ rc = CKR_KEY_INDIGESTIBLE;
+ goto out;
}
rc = digest_mgr_digest_update( sess,
ctx,
@@ -655,7 +696,12 @@ digest_mgr_digest_key( SESSION * sess,
attr->ulValueLen );
if (rc != CKR_OK){
st_err_log(24, __FILE__, __LINE__);
- }
+ }
+
+out:
+ if (rc != CKR_OK) {
+ digest_mgr_cleanup(ctx);
+ }
return rc;
}
@@ -669,6 +715,8 @@ digest_mgr_digest_final( SESSION *sess,
CK_BYTE *hash,
CK_ULONG *hash_len )
{
+ CK_RV rc;
+
if (!sess || !ctx){
st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
return CKR_FUNCTION_FAILED;
@@ -682,45 +730,58 @@ digest_mgr_digest_final( SESSION *sess,
* is the final part of a multi part operation.
*/
ctx->multi = FALSE;
-
+
switch (ctx->mech.mechanism) {
case CKM_SHA_1:
- return sha1_hash_final( sess, length_only,
+ rc = sha1_hash_final( sess, length_only,
ctx,
hash, hash_len );
+ break;
case CKM_SHA256:
- return sha2_hash_final( sess, length_only,
+ rc = sha2_hash_final( sess, length_only,
ctx,
hash, hash_len );
+ break;
case CKM_SHA384:
- return sha3_hash_final( sess, length_only,
+ rc = sha3_hash_final( sess, length_only,
ctx,
hash, hash_len );
+ break;
case CKM_SHA512:
- return sha5_hash_final( sess, length_only,
+ rc = sha5_hash_final( sess, length_only,
ctx,
hash, hash_len );
+ break;
#if !(NOMD2)
case CKM_MD2:
- return md2_hash_final( sess, length_only,
+ rc = md2_hash_final( sess, length_only,
ctx,
hash, hash_len );
+ break;
#endif
case CKM_MD5:
- return md5_hash_final( sess, length_only,
+ rc = md5_hash_final( sess, length_only,
ctx,
hash, hash_len );
+ break;
default:
st_err_log(28, __FILE__, __LINE__);
- return CKR_MECHANISM_INVALID; // shouldn't happen
+ rc = CKR_MECHANISM_INVALID; // shouldn't happen
}
- st_err_log(28, __FILE__, __LINE__);
- return CKR_MECHANISM_INVALID;
+ if ( !((rc == CKR_BUFFER_TOO_SMALL) ||
+ (rc == CKR_OK && length_only == TRUE)) ) {
+ // "A call to C_DigestFinal always terminates the active digest operation unless it
+ // returns CKR_BUFFER_TOO_SMALL or is a successful call (i.e., one which returns CKR_OK)
+ // to determine the length of the buffer needed to hold the message digest."
+ digest_mgr_cleanup(ctx);
+ }
+
+ return rc;
}
diff --git a/usr/lib/pkcs11/common/mech_md2.c b/usr/lib/pkcs11/common/mech_md2.c
index 9cbe101..34cf2b0 100755
--- a/usr/lib/pkcs11/common/mech_md2.c
+++ b/usr/lib/pkcs11/common/mech_md2.c
@@ -519,7 +519,6 @@ md2_hmac_sign( SESSION * sess,
st_err_log(124, __FILE__, __LINE__);
return rc;
}
- digest_mgr_cleanup( &digest_ctx );
memset( &digest_ctx, 0x0, sizeof(DIGEST_CONTEXT) );
for (i = 0; i < hash_len; i++)
@@ -573,7 +572,6 @@ md2_hmac_sign( SESSION * sess,
st_err_log(126, __FILE__, __LINE__);
return rc;
}
- digest_mgr_cleanup( &digest_ctx );
memset( &digest_ctx, 0x0, sizeof(DIGEST_CONTEXT) );
diff --git a/usr/lib/pkcs11/common/mech_md5.c b/usr/lib/pkcs11/common/mech_md5.c
index 18ec2fc..993de11 100755
--- a/usr/lib/pkcs11/common/mech_md5.c
+++ b/usr/lib/pkcs11/common/mech_md5.c
@@ -475,7 +475,6 @@ md5_hmac_sign( SESSION * sess,
rc = digest_mgr_init( sess, &digest_ctx, &digest_mech );
if (rc != CKR_OK)
{
- digest_mgr_cleanup( &digest_ctx );
return rc;
}
@@ -484,11 +483,9 @@ md5_hmac_sign( SESSION * sess,
attr->pValue, attr->ulValueLen,
hash, &hash_len );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
return rc;
}
- digest_mgr_cleanup( &digest_ctx );
memset( &digest_ctx, 0x0, sizeof(DIGEST_CONTEXT) );
for (i=0; i < hash_len; i++) {
@@ -522,7 +519,6 @@ md5_hmac_sign( SESSION * sess,
if (rc != CKR_OK)
{
st_err_log(123, __FILE__, __LINE__);
- digest_mgr_cleanup( &digest_ctx );
return rc;
}
@@ -530,7 +526,6 @@ md5_hmac_sign( SESSION * sess,
if (rc != CKR_OK)
{
st_err_log(123, __FILE__, __LINE__);
- digest_mgr_cleanup( &digest_ctx );
return rc;
}
@@ -538,7 +533,6 @@ md5_hmac_sign( SESSION * sess,
if (rc != CKR_OK)
{
st_err_log(123, __FILE__, __LINE__);
- digest_mgr_cleanup( &digest_ctx );
return rc;
}
@@ -547,11 +541,9 @@ md5_hmac_sign( SESSION * sess,
if (rc != CKR_OK)
{
st_err_log(126, __FILE__, __LINE__);
- digest_mgr_cleanup( &digest_ctx );
return rc;
}
- digest_mgr_cleanup( &digest_ctx );
memset( &digest_ctx, 0x0, sizeof(DIGEST_CONTEXT) );
@@ -561,7 +553,6 @@ md5_hmac_sign( SESSION * sess,
if (rc != CKR_OK)
{
st_err_log(123, __FILE__, __LINE__);
- digest_mgr_cleanup( &digest_ctx );
return rc;
}
@@ -569,7 +560,6 @@ md5_hmac_sign( SESSION * sess,
if (rc != CKR_OK)
{
st_err_log(123, __FILE__, __LINE__);
- digest_mgr_cleanup( &digest_ctx );
return rc;
}
@@ -577,7 +567,6 @@ md5_hmac_sign( SESSION * sess,
if (rc != CKR_OK)
{
st_err_log(123, __FILE__, __LINE__);
- digest_mgr_cleanup( &digest_ctx );
return rc;
}
@@ -586,14 +575,12 @@ md5_hmac_sign( SESSION * sess,
if (rc != CKR_OK)
{
st_err_log(126, __FILE__, __LINE__);
- digest_mgr_cleanup( &digest_ctx );
return rc;
}
memcpy( out_data, hash, hmac_len );
*out_data_len = hmac_len;
- digest_mgr_cleanup( &digest_ctx );
return CKR_OK;
}
diff --git a/usr/lib/pkcs11/common/mech_rsa.c b/usr/lib/pkcs11/common/mech_rsa.c
index f3f1cac..ec44fcf 100755
--- a/usr/lib/pkcs11/common/mech_rsa.c
+++ b/usr/lib/pkcs11/common/mech_rsa.c
@@ -1345,16 +1345,16 @@ rsa_hash_pkcs_sign( SESSION * sess,
rc = digest_mgr_init( sess, &digest_ctx, &digest_mech );
if (rc != CKR_OK){
st_err_log(123, __FILE__, __LINE__);
- goto error;
+ return rc;
}
hash_len = sizeof(hash);
rc = digest_mgr_digest( sess, length_only, &digest_ctx, in_data, in_data_len, hash, &hash_len );
if (rc != CKR_OK){
st_err_log(124, __FILE__, __LINE__);
- goto error;
+ return rc;
}
// build the BER-encodings
-
+
rc = ber_encode_OCTET_STRING( FALSE, &octet_str, &octet_str_len, hash, hash_len );
if (rc != CKR_OK){
st_err_log(77, __FILE__, __LINE__);
@@ -1363,7 +1363,7 @@ rsa_hash_pkcs_sign( SESSION * sess,
tmp = (CK_BYTE *)buf1;
memcpy( tmp, oid, oid_len );
memcpy( tmp + oid_len, octet_str, octet_str_len);
-
+
rc = ber_encode_SEQUENCE( FALSE, &ber_data, &ber_data_len, tmp, (oid_len + octet_str_len) );
if (rc != CKR_OK){
st_err_log(78, __FILE__, __LINE__);
@@ -1389,7 +1389,6 @@ rsa_hash_pkcs_sign( SESSION * sess,
error:
if (octet_str) free( octet_str );
if (ber_data) free( ber_data );
- digest_mgr_cleanup( &digest_ctx );
sign_mgr_cleanup( &sign_ctx );
return rc;
}
@@ -1427,7 +1426,7 @@ rsa_hash_pkcs_sign_update( SESSION * sess,
rc = digest_mgr_init( sess, &context->hash_context, &digest_mech );
if (rc != CKR_OK){
st_err_log(123, __FILE__, __LINE__);
- goto error;
+ return rc;
}
context->flag = TRUE;
}
@@ -1435,13 +1434,9 @@ rsa_hash_pkcs_sign_update( SESSION * sess,
rc = digest_mgr_digest_update( sess, &context->hash_context, in_data, in_data_len );
if (rc != CKR_OK){
st_err_log(123, __FILE__, __LINE__);
- goto error;
+ return rc;
}
return CKR_OK;
-
-error:
- digest_mgr_cleanup( &context->hash_context );
- return rc;
}
@@ -1499,13 +1494,13 @@ rsa_hash_pkcs_verify( SESSION * sess,
rc = digest_mgr_init( sess, &digest_ctx, &digest_mech );
if (rc != CKR_OK){
st_err_log(123, __FILE__, __LINE__);
- goto done;
+ return rc;
}
hash_len = sizeof(hash);
rc = digest_mgr_digest( sess, FALSE, &digest_ctx, in_data, in_data_len, hash, &hash_len );
if (rc != CKR_OK){
st_err_log(124, __FILE__, __LINE__);
- goto done;
+ return rc;
}
// Build the BER encoding
@@ -1542,8 +1537,6 @@ rsa_hash_pkcs_verify( SESSION * sess,
done:
if (octet_str) free( octet_str );
if (ber_data) free( ber_data );
-
- digest_mgr_cleanup( &digest_ctx );
sign_mgr_cleanup( &verify_ctx );
return rc;
}
@@ -1580,7 +1573,7 @@ rsa_hash_pkcs_verify_update( SESSION * sess,
rc = digest_mgr_init( sess, &context->hash_context, &digest_mech );
if (rc != CKR_OK){
st_err_log(123, __FILE__, __LINE__);
- goto error;
+ return rc;
}
context->flag = TRUE;
}
@@ -1588,13 +1581,9 @@ rsa_hash_pkcs_verify_update( SESSION * sess,
rc = digest_mgr_digest_update( sess, &context->hash_context, in_data, in_data_len );
if (rc != CKR_OK){
st_err_log(123, __FILE__, __LINE__);
- goto error;
+ return rc;
}
return CKR_OK;
-
-error:
- digest_mgr_cleanup( &context->hash_context );
- return rc;
}
@@ -1647,14 +1636,14 @@ rsa_hash_pkcs_sign_final( SESSION * sess,
rc = digest_mgr_digest_final( sess, length_only, &context->hash_context, hash, &hash_len );
if (rc != CKR_OK){
st_err_log(126, __FILE__, __LINE__);
- goto done;
+ return rc;
}
// Build the BER Encoded Data block
//
rc = ber_encode_OCTET_STRING( FALSE, &octet_str, &octet_str_len, hash, hash_len );
if (rc != CKR_OK){
st_err_log(77, __FILE__, __LINE__);
- goto done;
+ return rc;
}
tmp = (CK_BYTE *)buf1;
memcpy( tmp, oid, oid_len );
@@ -1690,8 +1679,6 @@ rsa_hash_pkcs_sign_final( SESSION * sess,
done:
if (octet_str) free( octet_str );
if (ber_data) free( ber_data );
-
- digest_mgr_cleanup( &context->hash_context );
sign_mgr_cleanup( &sign_ctx );
return rc;
}
@@ -1743,7 +1730,7 @@ rsa_hash_pkcs_verify_final( SESSION * sess,
rc = digest_mgr_digest_final( sess, FALSE, &context->hash_context, hash, &hash_len );
if (rc != CKR_OK){
st_err_log(126, __FILE__, __LINE__);
- goto done;
+ return rc;
}
// Build the BER encoding
//
@@ -1780,7 +1767,6 @@ rsa_hash_pkcs_verify_final( SESSION * sess,
done:
if (octet_str) free( octet_str );
if (ber_data) free( ber_data );
- digest_mgr_cleanup( &context->hash_context );
verify_mgr_cleanup( &verify_ctx );
return rc;
}
diff --git a/usr/lib/pkcs11/common/mech_sha.c b/usr/lib/pkcs11/common/mech_sha.c
index 06655cf..ef262fa 100755
--- a/usr/lib/pkcs11/common/mech_sha.c
+++ b/usr/lib/pkcs11/common/mech_sha.c
@@ -711,7 +711,6 @@ sha1_hmac_sign( SESSION * sess,
rc = digest_mgr_init( sess, &digest_ctx, &digest_mech );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(123, __FILE__, __LINE__);
return rc;
}
@@ -722,12 +721,10 @@ sha1_hmac_sign( SESSION * sess,
attr->ulValueLen,
hash, &hash_len );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(124, __FILE__, __LINE__);
return rc;
}
- digest_mgr_cleanup( &digest_ctx );
memset( &digest_ctx, 0x0, sizeof(DIGEST_CONTEXT) );
for (i=0; i < hash_len; i++) {
@@ -758,21 +755,18 @@ sha1_hmac_sign( SESSION * sess,
//
rc = digest_mgr_init( sess, &digest_ctx, &digest_mech );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(123, __FILE__, __LINE__);
return rc;
}
rc = digest_mgr_digest_update( sess, &digest_ctx, k_ipad, SHA1_BLOCK_SIZE );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(123, __FILE__, __LINE__);
return rc;
}
rc = digest_mgr_digest_update( sess, &digest_ctx, in_data, in_data_len );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(123, __FILE__, __LINE__);
return rc;
}
@@ -780,12 +774,10 @@ sha1_hmac_sign( SESSION * sess,
hash_len = sizeof(hash);
rc = digest_mgr_digest_final( sess, FALSE, &digest_ctx, hash, &hash_len );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(126, __FILE__, __LINE__);
return rc;
}
- digest_mgr_cleanup( &digest_ctx );
memset( &digest_ctx, 0x0, sizeof(DIGEST_CONTEXT) );
@@ -793,21 +785,18 @@ sha1_hmac_sign( SESSION * sess,
//
rc = digest_mgr_init( sess, &digest_ctx, &digest_mech );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(123, __FILE__, __LINE__);
return rc;
}
rc = digest_mgr_digest_update( sess, &digest_ctx, k_opad, SHA1_BLOCK_SIZE );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(123, __FILE__, __LINE__);
return rc;
}
rc = digest_mgr_digest_update( sess, &digest_ctx, hash, hash_len );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(123, __FILE__, __LINE__);
return rc;
}
@@ -815,7 +804,6 @@ sha1_hmac_sign( SESSION * sess,
hash_len = sizeof(hash);
rc = digest_mgr_digest_final( sess, FALSE, &digest_ctx, hash, &hash_len );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(126, __FILE__, __LINE__);
return rc;
}
@@ -823,7 +811,6 @@ sha1_hmac_sign( SESSION * sess,
memcpy( out_data, hash, hmac_len );
*out_data_len = hmac_len;
- digest_mgr_cleanup( &digest_ctx );
return CKR_OK;
}
@@ -900,7 +887,6 @@ sha2_hmac_sign( SESSION * sess,
rc = digest_mgr_init( sess, &digest_ctx, &digest_mech );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(123, __FILE__, __LINE__);
return rc;
}
@@ -911,12 +897,10 @@ sha2_hmac_sign( SESSION * sess,
attr->ulValueLen,
hash, &hash_len );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(124, __FILE__, __LINE__);
return rc;
}
- digest_mgr_cleanup( &digest_ctx );
memset( &digest_ctx, 0x0, sizeof(DIGEST_CONTEXT) );
for (i=0; i < hash_len; i++) {
@@ -947,21 +931,18 @@ sha2_hmac_sign( SESSION * sess,
//
rc = digest_mgr_init( sess, &digest_ctx, &digest_mech );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(123, __FILE__, __LINE__);
return rc;
}
rc = digest_mgr_digest_update( sess, &digest_ctx, k_ipad, SHA2_BLOCK_SIZE );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(123, __FILE__, __LINE__);
return rc;
}
rc = digest_mgr_digest_update( sess, &digest_ctx, in_data, in_data_len );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(123, __FILE__, __LINE__);
return rc;
}
@@ -969,12 +950,10 @@ sha2_hmac_sign( SESSION * sess,
hash_len = sizeof(hash);
rc = digest_mgr_digest_final( sess, FALSE, &digest_ctx, hash, &hash_len );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(126, __FILE__, __LINE__);
return rc;
}
- digest_mgr_cleanup( &digest_ctx );
memset( &digest_ctx, 0x0, sizeof(DIGEST_CONTEXT) );
@@ -982,21 +961,18 @@ sha2_hmac_sign( SESSION * sess,
//
rc = digest_mgr_init( sess, &digest_ctx, &digest_mech );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(123, __FILE__, __LINE__);
return rc;
}
rc = digest_mgr_digest_update( sess, &digest_ctx, k_opad, SHA2_BLOCK_SIZE );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(123, __FILE__, __LINE__);
return rc;
}
rc = digest_mgr_digest_update( sess, &digest_ctx, hash, hash_len );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(123, __FILE__, __LINE__);
return rc;
}
@@ -1004,7 +980,6 @@ sha2_hmac_sign( SESSION * sess,
hash_len = sizeof(hash);
rc = digest_mgr_digest_final( sess, FALSE, &digest_ctx, hash, &hash_len );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(126, __FILE__, __LINE__);
return rc;
}
@@ -1012,7 +987,6 @@ sha2_hmac_sign( SESSION * sess,
memcpy( out_data, hash, hmac_len );
*out_data_len = hmac_len;
- digest_mgr_cleanup( &digest_ctx );
return CKR_OK;
}
@@ -1089,7 +1063,6 @@ sha3_hmac_sign( SESSION * sess,
rc = digest_mgr_init( sess, &digest_ctx, &digest_mech );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(123, __FILE__, __LINE__);
return rc;
}
@@ -1100,12 +1073,10 @@ sha3_hmac_sign( SESSION * sess,
attr->ulValueLen,
hash, &hash_len );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(124, __FILE__, __LINE__);
return rc;
}
- digest_mgr_cleanup( &digest_ctx );
memset( &digest_ctx, 0x0, sizeof(DIGEST_CONTEXT) );
for (i=0; i < hash_len; i++) {
@@ -1136,21 +1107,18 @@ sha3_hmac_sign( SESSION * sess,
//
rc = digest_mgr_init( sess, &digest_ctx, &digest_mech );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(123, __FILE__, __LINE__);
return rc;
}
rc = digest_mgr_digest_update( sess, &digest_ctx, k_ipad, SHA3_BLOCK_SIZE );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(123, __FILE__, __LINE__);
return rc;
}
rc = digest_mgr_digest_update( sess, &digest_ctx, in_data, in_data_len );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(123, __FILE__, __LINE__);
return rc;
}
@@ -1158,12 +1126,10 @@ sha3_hmac_sign( SESSION * sess,
hash_len = sizeof(hash);
rc = digest_mgr_digest_final( sess, FALSE, &digest_ctx, hash, &hash_len );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(126, __FILE__, __LINE__);
return rc;
}
- digest_mgr_cleanup( &digest_ctx );
memset( &digest_ctx, 0x0, sizeof(DIGEST_CONTEXT) );
@@ -1171,21 +1137,18 @@ sha3_hmac_sign( SESSION * sess,
//
rc = digest_mgr_init( sess, &digest_ctx, &digest_mech );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(123, __FILE__, __LINE__);
return rc;
}
rc = digest_mgr_digest_update( sess, &digest_ctx, k_opad, SHA3_BLOCK_SIZE );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(123, __FILE__, __LINE__);
return rc;
}
rc = digest_mgr_digest_update( sess, &digest_ctx, hash, hash_len );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(123, __FILE__, __LINE__);
return rc;
}
@@ -1193,7 +1156,6 @@ sha3_hmac_sign( SESSION * sess,
hash_len = sizeof(hash);
rc = digest_mgr_digest_final( sess, FALSE, &digest_ctx, hash, &hash_len );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(126, __FILE__, __LINE__);
return rc;
}
@@ -1201,7 +1163,6 @@ sha3_hmac_sign( SESSION * sess,
memcpy( out_data, hash, hmac_len );
*out_data_len = hmac_len;
- digest_mgr_cleanup( &digest_ctx );
return CKR_OK;
}
@@ -1278,7 +1239,6 @@ sha5_hmac_sign( SESSION * sess,
rc = digest_mgr_init( sess, &digest_ctx, &digest_mech );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(123, __FILE__, __LINE__);
return rc;
}
@@ -1289,12 +1249,10 @@ sha5_hmac_sign( SESSION * sess,
attr->ulValueLen,
hash, &hash_len );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(124, __FILE__, __LINE__);
return rc;
}
- digest_mgr_cleanup( &digest_ctx );
memset( &digest_ctx, 0x0, sizeof(DIGEST_CONTEXT) );
for (i=0; i < hash_len; i++) {
@@ -1325,21 +1283,18 @@ sha5_hmac_sign( SESSION * sess,
//
rc = digest_mgr_init( sess, &digest_ctx, &digest_mech );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(123, __FILE__, __LINE__);
return rc;
}
rc = digest_mgr_digest_update( sess, &digest_ctx, k_ipad, SHA5_BLOCK_SIZE );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(123, __FILE__, __LINE__);
return rc;
}
rc = digest_mgr_digest_update( sess, &digest_ctx, in_data, in_data_len );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(123, __FILE__, __LINE__);
return rc;
}
@@ -1347,12 +1302,10 @@ sha5_hmac_sign( SESSION * sess,
hash_len = sizeof(hash);
rc = digest_mgr_digest_final( sess, FALSE, &digest_ctx, hash, &hash_len );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(126, __FILE__, __LINE__);
return rc;
}
- digest_mgr_cleanup( &digest_ctx );
memset( &digest_ctx, 0x0, sizeof(DIGEST_CONTEXT) );
@@ -1360,21 +1313,18 @@ sha5_hmac_sign( SESSION * sess,
//
rc = digest_mgr_init( sess, &digest_ctx, &digest_mech );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(123, __FILE__, __LINE__);
return rc;
}
rc = digest_mgr_digest_update( sess, &digest_ctx, k_opad, SHA5_BLOCK_SIZE );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(123, __FILE__, __LINE__);
return rc;
}
rc = digest_mgr_digest_update( sess, &digest_ctx, hash, hash_len );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(123, __FILE__, __LINE__);
return rc;
}
@@ -1382,7 +1332,6 @@ sha5_hmac_sign( SESSION * sess,
hash_len = sizeof(hash);
rc = digest_mgr_digest_final( sess, FALSE, &digest_ctx, hash, &hash_len );
if (rc != CKR_OK) {
- digest_mgr_cleanup( &digest_ctx );
st_err_log(126, __FILE__, __LINE__);
return rc;
}
@@ -1390,7 +1339,6 @@ sha5_hmac_sign( SESSION * sess,
memcpy( out_data, hash, hmac_len );
*out_data_len = hmac_len;
- digest_mgr_cleanup( &digest_ctx );
return CKR_OK;
}
@@ -1687,8 +1635,8 @@ ckm_sha1_final( DIGEST_CONTEXT * ctx,
*out_data_len = SHA1_HASH_SIZE;
return CKR_OK;
- }
-
+ }
+
return token_specific.t_sha_final(ctx, out_data, out_data_len);
}
diff --git a/usr/lib/pkcs11/common/mech_ssl3.c b/usr/lib/pkcs11/common/mech_ssl3.c
index 5f53851..5cc71af 100755
--- a/usr/lib/pkcs11/common/mech_ssl3.c
+++ b/usr/lib/pkcs11/common/mech_ssl3.c
@@ -407,13 +407,13 @@ ssl3_mac_sign( SESSION * sess,
//
rc = digest_mgr_init( sess, &digest_ctx, &digest_mech );
if (rc != CKR_OK){
- st_err_log(123, __FILE__, __LINE__);
- goto error;
+ st_err_log(123, __FILE__, __LINE__);
+ return rc;
}
rc = digest_mgr_digest_update( sess, &digest_ctx, key_data, key_bytes );
if (rc != CKR_OK){
- st_err_log(123, __FILE__, __LINE__);
- goto error;
+ st_err_log(123, __FILE__, __LINE__);
+ return rc;
}
if (ctx->mech.mechanism == CKM_SSL3_MD5_MAC){
rc = digest_mgr_digest_update( sess, &digest_ctx, inner, 48 );
@@ -422,21 +422,20 @@ ssl3_mac_sign( SESSION * sess,
rc = digest_mgr_digest_update( sess, &digest_ctx, inner, 40 );
}
if (rc != CKR_OK){
- st_err_log(123, __FILE__, __LINE__);
- goto error;
+ st_err_log(123, __FILE__, __LINE__);
+ return rc;
}
rc = digest_mgr_digest_update( sess, &digest_ctx, in_data, in_data_len );
if (rc != CKR_OK){
- st_err_log(123, __FILE__, __LINE__);
- goto error;
+ st_err_log(123, __FILE__, __LINE__);
+ return rc;
}
hash_len = sizeof(hash);
rc = digest_mgr_digest_final( sess, FALSE, &digest_ctx, hash, &hash_len );
if (rc != CKR_OK){
- st_err_log(126, __FILE__, __LINE__);
- goto error;
+ st_err_log(126, __FILE__, __LINE__);
+ return rc;
}
- digest_mgr_cleanup( &digest_ctx );
memset( &digest_ctx, 0x0, sizeof(DIGEST_CONTEXT) );
@@ -444,38 +443,36 @@ ssl3_mac_sign( SESSION * sess,
//
rc = digest_mgr_init( sess, &digest_ctx, &digest_mech );
if (rc != CKR_OK){
- st_err_log(123, __FILE__, __LINE__);
- goto error;
+ st_err_log(123, __FILE__, __LINE__);
+ return rc;
}
rc = digest_mgr_digest_update( sess, &digest_ctx, key_data, key_bytes );
if (rc != CKR_OK){
- st_err_log(123, __FILE__, __LINE__);
- goto error;
+ st_err_log(123, __FILE__, __LINE__);
+ return rc;
}
if (ctx->mech.mechanism == CKM_SSL3_MD5_MAC)
rc = digest_mgr_digest_update( sess, &digest_ctx, outer, 48 );
else
rc = digest_mgr_digest_update( sess, &digest_ctx, outer, 40 );
if (rc != CKR_OK){
- st_err_log(123, __FILE__, __LINE__);
- goto error;
+ st_err_log(123, __FILE__, __LINE__);
+ return rc;
}
rc = digest_mgr_digest_update( sess, &digest_ctx, hash, hash_len );
if (rc != CKR_OK){
- st_err_log(123, __FILE__, __LINE__);
- goto error;
+ st_err_log(123, __FILE__, __LINE__);
+ return rc;
}
hash_len = sizeof(hash);
rc = digest_mgr_digest_final( sess, FALSE, &digest_ctx, hash, &hash_len );
if (rc != CKR_OK){
- st_err_log(126, __FILE__, __LINE__);
- goto error;
+ st_err_log(126, __FILE__, __LINE__);
+ return rc;
}
memcpy( out_data, hash, mac_len );
*out_data_len = mac_len;
-error:
- digest_mgr_cleanup( &digest_ctx );
return rc;
}
@@ -509,13 +506,12 @@ ssl3_mac_sign_update( SESSION * sess,
rc = object_mgr_find_in_map1( ctx->key, &key_obj );
if (rc != CKR_OK){
st_err_log(110, __FILE__, __LINE__);
- goto error;
+ return rc;
}
rc = template_attribute_find( key_obj->template, CKA_VALUE, &attr );
if (rc == FALSE) {
st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
- rc = CKR_FUNCTION_FAILED;
- goto error;
+ return CKR_FUNCTION_FAILED;
}
else {
key_bytes = attr->ulValueLen;
@@ -539,21 +535,21 @@ ssl3_mac_sign_update( SESSION * sess,
//
rc = digest_mgr_init( sess, &context->hash_context, &digest_mech );
if (rc != CKR_OK){
- st_err_log(123, __FILE__, __LINE__);
- goto error;
+ st_err_log(123, __FILE__, __LINE__);
+ return rc;
}
rc = digest_mgr_digest_update( sess, &context->hash_context, key_data, key_bytes );
if (rc != CKR_OK){
- st_err_log(123, __FILE__, __LINE__);
- goto error;
+ st_err_log(123, __FILE__, __LINE__);
+ return rc;
}
if (ctx->mech.mechanism == CKM_SSL3_MD5_MAC)
rc = digest_mgr_digest_update( sess, &context->hash_context, inner, 48 );
else
rc = digest_mgr_digest_update( sess, &context->hash_context, inner, 40 );
if (rc != CKR_OK){
- st_err_log(123, __FILE__, __LINE__);
- goto error;
+ st_err_log(123, __FILE__, __LINE__);
+ return rc;
}
context->flag = TRUE;
}
@@ -561,14 +557,11 @@ ssl3_mac_sign_update( SESSION * sess,
rc = digest_mgr_digest_update( sess, &context->hash_context, in_data, in_data_len );
if (rc != CKR_OK){
- st_err_log(123, __FILE__, __LINE__);
- goto error;
+ st_err_log(123, __FILE__, __LINE__);
+ return rc;
}
- return CKR_OK;
-error:
- digest_mgr_cleanup( &context->hash_context );
- return rc;
+ return CKR_OK;
}
@@ -615,13 +608,12 @@ ssl3_mac_sign_final( SESSION * sess,
rc = object_mgr_find_in_map1( ctx->key, &key_obj );
if (rc != CKR_OK){
st_err_log(110, __FILE__, __LINE__);
- goto error;
+ return rc;
}
rc = template_attribute_find( key_obj->template, CKA_VALUE, &attr );
if (rc == FALSE) {
st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
- rc = CKR_FUNCTION_FAILED;
- goto error;
+ return CKR_FUNCTION_FAILED;
}
else {
key_bytes = attr->ulValueLen;
@@ -633,12 +625,11 @@ ssl3_mac_sign_final( SESSION * sess,
hash_len = sizeof(hash);
rc = digest_mgr_digest_final( sess, FALSE, &context->hash_context, hash, &hash_len );
if (rc != CKR_OK){
- st_err_log(126, __FILE__, __LINE__);
- goto error;
+ st_err_log(126, __FILE__, __LINE__);
+ return rc;
}
// now, do the outer hash
//
- digest_mgr_cleanup( &context->hash_context );
memset( &context->hash_context, 0x0, sizeof(SSL3_MAC_CONTEXT) );
memset( outer, 0x5C, 48 );
@@ -653,13 +644,13 @@ ssl3_mac_sign_final( SESSION * sess,
rc = digest_mgr_init( sess, &context->hash_context, &digest_mech );
if (rc != CKR_OK){
- st_err_log(123, __FILE__, __LINE__);
- goto error;
+ st_err_log(123, __FILE__, __LINE__);
+ return rc;
}
rc = digest_mgr_digest_update( sess, &context->hash_context, key_data, key_bytes );
if (rc != CKR_OK){
- st_err_log(123, __FILE__, __LINE__);
- goto error;
+ st_err_log(123, __FILE__, __LINE__);
+ return rc;
}
if (ctx->mech.mechanism == CKM_SSL3_MD5_MAC)
rc = digest_mgr_digest_update( sess, &context->hash_context, outer, 48 );
@@ -667,25 +658,23 @@ ssl3_mac_sign_final( SESSION * sess,
rc = digest_mgr_digest_update( sess, &context->hash_context, outer, 40 );
if (rc != CKR_OK){
- st_err_log(123, __FILE__, __LINE__);
- goto error;
+ st_err_log(123, __FILE__, __LINE__);
+ return rc;
}
rc = digest_mgr_digest_update( sess, &context->hash_context, hash, hash_len );
if (rc != CKR_OK){
- st_err_log(123, __FILE__, __LINE__);
- goto error;
+ st_err_log(123, __FILE__, __LINE__);
+ return rc;
}
hash_len = sizeof(hash);
rc = digest_mgr_digest_final( sess, FALSE, &context->hash_context, hash, &hash_len );
if (rc != CKR_OK){
- st_err_log(126, __FILE__, __LINE__);
- goto error;
+ st_err_log(126, __FILE__, __LINE__);
+ return rc;
}
memcpy( out_data, hash, mac_len );
*out_data_len = mac_len;
-error:
- digest_mgr_cleanup( &context->hash_context );
return rc;
}
@@ -772,13 +761,12 @@ ssl3_mac_verify_update( SESSION * sess,
rc = object_mgr_find_in_map1( ctx->key, &key_obj );
if (rc != CKR_OK){
st_err_log(110, __FILE__, __LINE__);
- goto error;
+ return rc;
}
rc = template_attribute_find( key_obj->template, CKA_VALUE, &attr );
if (rc == FALSE) {
st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
- rc = CKR_FUNCTION_FAILED;
- goto error;
+ return CKR_FUNCTION_FAILED;
}
else {
key_bytes = attr->ulValueLen;
@@ -802,35 +790,32 @@ ssl3_mac_verify_update( SESSION * sess,
//
rc = digest_mgr_init( sess, &context->hash_context, &digest_mech );
if (rc != CKR_OK){
- st_err_log(123, __FILE__, __LINE__);
- goto error;
+ st_err_log(123, __FILE__, __LINE__);
+ return rc;
}
rc = digest_mgr_digest_update( sess, &context->hash_context, key_data, key_bytes );
if (rc != CKR_OK){
- st_err_log(123, __FILE__, __LINE__);
- goto error;
+ st_err_log(123, __FILE__, __LINE__);
+ return rc;
}
if (ctx->mech.mechanism == CKM_SSL3_MD5_MAC)
rc = digest_mgr_digest_update( sess, &context->hash_context, inner, 48 );
else
rc = digest_mgr_digest_update( sess, &context->hash_context, inner, 40 );
if (rc != CKR_OK){
- st_err_log(123, __FILE__, __LINE__);
- goto error;
+ st_err_log(123, __FILE__, __LINE__);
+ return rc;
}
context->flag = TRUE;
}
rc = digest_mgr_digest_update( sess, &context->hash_context, in_data, in_data_len );
if (rc != CKR_OK){
- st_err_log(123, __FILE__, __LINE__);
- goto error;
+ st_err_log(123, __FILE__, __LINE__);
+ return rc;
}
- return CKR_OK;
-error:
- digest_mgr_cleanup( &context->hash_context );
- return rc;
+ return CKR_OK;
}
@@ -865,13 +850,12 @@ ssl3_mac_verify_final( SESSION * sess,
rc = object_mgr_find_in_map1( ctx->key, &key_obj );
if (rc != CKR_OK){
st_err_log(110, __FILE__, __LINE__);
- goto error;
+ return rc;
}
rc = template_attribute_find( key_obj->template, CKA_VALUE, &attr );
if (rc == FALSE) {
st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
- rc = CKR_FUNCTION_FAILED;
- goto error;
+ return CKR_FUNCTION_FAILED;
}
else {
key_bytes = attr->ulValueLen;
@@ -883,12 +867,11 @@ ssl3_mac_verify_final( SESSION * sess,
hash_len = sizeof(hash);
rc = digest_mgr_digest_final( sess, FALSE, &context->hash_context, hash, &hash_len );
if (rc != CKR_OK){
- st_err_log(126, __FILE__, __LINE__);
- goto error;
+ st_err_log(126, __FILE__, __LINE__);
+ return rc;
}
// now, do the outer hash
//
- digest_mgr_cleanup( &context->hash_context );
memset( &context->hash_context, 0x0, sizeof(SSL3_MAC_CONTEXT) );
memset( outer, 0x5C, 48 );
@@ -903,13 +886,13 @@ ssl3_mac_verify_final( SESSION * sess,
rc = digest_mgr_init( sess, &context->hash_context, &digest_mech );
if (rc != CKR_OK){
- st_err_log(123, __FILE__, __LINE__);
- goto error;
+ st_err_log(123, __FILE__, __LINE__);
+ return rc;
}
rc = digest_mgr_digest_update( sess, &context->hash_context, key_data, key_bytes );
if (rc != CKR_OK){
- st_err_log(123, __FILE__, __LINE__);
- goto error;
+ st_err_log(123, __FILE__, __LINE__);
+ return rc;
}
if (ctx->mech.mechanism == CKM_SSL3_MD5_MAC)
rc = digest_mgr_digest_update( sess, &context->hash_context, outer, 48 );
@@ -917,30 +900,29 @@ ssl3_mac_verify_final( SESSION * sess,
rc = digest_mgr_digest_update( sess, &context->hash_context, outer, 40 );
if (rc != CKR_OK){
- st_err_log(123, __FILE__, __LINE__);
- goto error;
+ st_err_log(123, __FILE__, __LINE__);
+ return rc;
}
rc = digest_mgr_digest_update( sess, &context->hash_context, hash, hash_len );
if (rc != CKR_OK){
- st_err_log(123, __FILE__, __LINE__);
- goto error;
+ st_err_log(123, __FILE__, __LINE__);
+ return rc;
}
hash_len = sizeof(hash);
rc = digest_mgr_digest_final( sess, FALSE, &context->hash_context, hash, &hash_len );
if (rc != CKR_OK){
- st_err_log(126, __FILE__, __LINE__);
- goto error;
+ st_err_log(126, __FILE__, __LINE__);
+ return rc;
}
if ((mac_len != sig_len) || (mac_len > hash_len)){
- st_err_log(47, __FILE__, __LINE__);
+ st_err_log(47, __FILE__, __LINE__);
rc = CKR_SIGNATURE_INVALID;
}
else if (memcmp(signature, hash, sig_len) != 0){
rc = CKR_SIGNATURE_INVALID;
- st_err_log(47, __FILE__, __LINE__);
+ st_err_log(47, __FILE__, __LINE__);
}
-error:
- digest_mgr_cleanup( &context->hash_context );
+
return rc;
}
@@ -1060,45 +1042,44 @@ ssl3_sha_then_md5( SESSION * sess,
rc = digest_mgr_init( sess, &digest_ctx, &digest_mech );
if (rc != CKR_OK){
- st_err_log(123, __FILE__, __LINE__);
- goto error;
+ st_err_log(123, __FILE__, __LINE__);
+ return rc;
}
rc = digest_mgr_digest_update( sess,
&digest_ctx,
variableData,
variableDataLen );
if (rc != CKR_OK){
- st_err_log(123, __FILE__, __LINE__);
- goto error;
+ st_err_log(123, __FILE__, __LINE__);
+ return rc;
}
rc = digest_mgr_digest_update( sess, &digest_ctx, secret, 48 );
if (rc != CKR_OK){
- st_err_log(123, __FILE__, __LINE__);
- goto error;
+ st_err_log(123, __FILE__, __LINE__);
+ return rc;
}
rc = digest_mgr_digest_update( sess,
&digest_ctx,
firstRandom,
firstRandomLen );
if (rc != CKR_OK){
- st_err_log(123, __FILE__, __LINE__);
- goto error;
+ st_err_log(123, __FILE__, __LINE__);
+ return rc;
}
rc = digest_mgr_digest_update( sess,
&digest_ctx,
secondRandom,
secondRandomLen );
if (rc != CKR_OK){
- st_err_log(123, __FILE__, __LINE__);
- goto error;
+ st_err_log(123, __FILE__, __LINE__);
+ return rc;
}
len = sizeof(hash);
rc = digest_mgr_digest_final( sess, FALSE, &digest_ctx, hash, &len );
if (rc != CKR_OK){
- st_err_log(126, __FILE__, __LINE__);
- goto error;
+ st_err_log(126, __FILE__, __LINE__);
+ return rc;
}
- digest_mgr_cleanup( &digest_ctx );
// MD5(secret + SHA(...))
//
@@ -1109,18 +1090,18 @@ ssl3_sha_then_md5( SESSION * sess,
rc = digest_mgr_init( sess, &digest_ctx, &digest_mech );
if (rc != CKR_OK){
- st_err_log(123, __FILE__, __LINE__);
- goto error;
+ st_err_log(123, __FILE__, __LINE__);
+ return rc;
}
rc = digest_mgr_digest_update( sess, &digest_ctx, secret, 48 );
if (rc != CKR_OK){
- st_err_log(123, __FILE__, __LINE__);
- goto error;
+ st_err_log(123, __FILE__, __LINE__);
+ return rc;
}
rc = digest_mgr_digest_update( sess, &digest_ctx, hash, len );
if (rc != CKR_OK){
- st_err_log(123, __FILE__, __LINE__);
- goto error;
+ st_err_log(123, __FILE__, __LINE__);
+ return rc;
}
len = sizeof(hash);
rc = digest_mgr_digest_final( sess, FALSE, &digest_ctx, hash, &len );
@@ -1129,9 +1110,8 @@ ssl3_sha_then_md5( SESSION * sess,
memcpy( outBuff, hash, len );
}
else
- st_err_log(126, __FILE__, __LINE__);
-error:
- digest_mgr_cleanup( &digest_ctx );
+ st_err_log(126, __FILE__, __LINE__);
+
return rc;
}
@@ -1168,8 +1148,8 @@ ssl3_md5_only( SESSION * sess,
rc = digest_mgr_init( sess, &digest_ctx, &digest_mech );
if (rc != CKR_OK){
- st_err_log(123, __FILE__, __LINE__);
- goto error;
+ st_err_log(123, __FILE__, __LINE__);
+ return rc;
}
if (firstString != NULL) {
rc = digest_mgr_digest_update( sess,
@@ -1177,8 +1157,8 @@ ssl3_md5_only( SESSION * sess,
firstString,
firstStringLen );
if (rc != CKR_OK){
- st_err_log(123, __FILE__, __LINE__);
- goto error;
+ st_err_log(123, __FILE__, __LINE__);
+ return rc;
}
}
@@ -1187,26 +1167,25 @@ ssl3_md5_only( SESSION * sess,
secondString,
secondStringLen );
if (rc != CKR_OK){
- st_err_log(123, __FILE__, __LINE__);
- goto error;
- }
+ st_err_log(123, __FILE__, __LINE__);
+ return rc;
+ }
rc = digest_mgr_digest_update( sess,
&digest_ctx,
thirdString,
thirdStringLen );
if (rc != CKR_OK){
- st_err_log(123, __FILE__, __LINE__);
- goto error;
+ st_err_log(123, __FILE__, __LINE__);
+ return rc;
}
len = sizeof(hash);
rc = digest_mgr_digest_final( sess, FALSE, &digest_ctx, hash, &len );
if (rc == CKR_OK){
- st_err_log(126, __FILE__, __LINE__);
+ st_err_log(126, __FILE__, __LINE__);
memcpy( outBuff, hash, len );
}
-error:
- digest_mgr_cleanup( &digest_ctx );
+
return rc;
}
diff --git a/usr/lib/pkcs11/common/new_host.c b/usr/lib/pkcs11/common/new_host.c
index b6003e4..803e986 100755
--- a/usr/lib/pkcs11/common/new_host.c
+++ b/usr/lib/pkcs11/common/new_host.c
@@ -2919,9 +2919,6 @@ CK_RV SC_Digest( ST_SESSION_HANDLE sSession,
}
done:
- if (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE))
- digest_mgr_cleanup( &sess->digest_ctx );
-
LLOCK;
if (debugfile) {
stlogit2(debugfile, "%-25s: rc = %08x, sess = %d, datalen = %d\n", "C_Digest", rc, (sess == NULL)?-1:(CK_LONG)sess->handle, ulDataLen );
@@ -2977,9 +2974,6 @@ CK_RV SC_DigestUpdate( ST_SESSION_HANDLE sSession,
}
}
done:
- if (rc != CKR_OK)
- digest_mgr_cleanup( &sess->digest_ctx );
-
LLOCK;
if (debugfile) {
stlogit2(debugfile, "%-25s: rc = %08x, sess = %d, datalen = %d\n", "C_DigestUpdate", rc, (sess == NULL)?-1:(CK_LONG)sess->handle, ulPartLen );
@@ -3024,9 +3018,6 @@ CK_RV SC_DigestKey( ST_SESSION_HANDLE sSession,
}
done:
- if (rc != CKR_OK)
- digest_mgr_cleanup( &sess->digest_ctx );
-
LLOCK;
if (debugfile) {
stlogit2(debugfile, "%-25s: rc = %08x, sess = %d, key = %d\n", "C_DigestKey", rc, (sess == NULL)?-1:(CK_LONG)sess->handle, hKey );
@@ -3085,9 +3076,6 @@ CK_RV SC_DigestFinal( ST_SESSION_HANDLE sSession,
}
done:
- if (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE))
- digest_mgr_cleanup( &sess->digest_ctx );
-
LLOCK;
if (debugfile) {
stlogit2(debugfile, "%-25s: rc = %08x, sess = %d\n", "C_DigestFinal", rc, (sess == NULL)?-1:(CK_LONG)sess->handle );
--
1.7.2.3
|