Menu
▾
▴
[Opensc-devel] [PATCH 1/9] Unify PIN freeing
|
From: Petr P. <pet...@at...> - 2013-08-30 14:45:58
|
---
src/engine_pkcs11.c | 45 +++++++++++++++++----------------------------
1 file changed, 17 insertions(+), 28 deletions(-)
diff --git a/src/engine_pkcs11.c b/src/engine_pkcs11.c
index c1b8fbb..6e248e4 100644
--- a/src/engine_pkcs11.c
+++ b/src/engine_pkcs11.c
@@ -66,6 +66,18 @@ int set_module(const char *modulename)
return 1;
}
+
+/* Free PIN storage in secure way. */
+static void free_pin(void)
+{
+ if (pin != NULL) {
+ OPENSSL_cleanse(pin, pin_length);
+ free(pin);
+ pin = NULL;
+ pin_length = 0;
+ }
+}
+
/**
* Set the PIN used for login. A copy of the PIN shall be made.
*
@@ -158,12 +170,7 @@ int pkcs11_finish(ENGINE * engine)
PKCS11_CTX_free(ctx);
ctx = NULL;
}
- if (pin != NULL) {
- OPENSSL_cleanse(pin, pin_length);
- free(pin);
- pin = NULL;
- pin_length = 0;
- }
+ free_pin();
return 1;
}
@@ -183,12 +190,7 @@ int pkcs11_init(ENGINE * engine)
int pkcs11_rsa_finish(RSA * rsa)
{
- if (pin) {
- OPENSSL_cleanse(pin, pin_length);
- free(pin);
- pin = NULL;
- pin_length = 0;
- }
+ free_pin();
if (module) {
free(module);
module = NULL;
@@ -691,12 +693,7 @@ static EVP_PKEY *pkcs11_load_key(ENGINE * e, const char *s_slot_key_id,
if (tok->secureLogin) {
/* Free the PIN if it has already been
assigned (i.e, cached by get_pin) */
- if (pin != NULL) {
- OPENSSL_cleanse(pin, pin_length);
- free(pin);
- pin = NULL;
- pin_length = 0;
- }
+ free_pin();
} else if (pin == NULL) {
pin = (char *)calloc(MAX_PIN_LENGTH, sizeof(char));
pin_length = MAX_PIN_LENGTH;
@@ -704,10 +701,7 @@ static EVP_PKEY *pkcs11_load_key(ENGINE * e, const char *s_slot_key_id,
fail("Could not allocate memory for PIN");
}
if (!get_pin(ui_method, callback_data) ) {
- OPENSSL_cleanse(pin, pin_length);
- free(pin);
- pin = NULL;
- pin_length = 0;
+ free_pin();
fail("No pin code was entered");
}
}
@@ -715,12 +709,7 @@ static EVP_PKEY *pkcs11_load_key(ENGINE * e, const char *s_slot_key_id,
/* Now login in with the (possibly NULL) pin */
if (PKCS11_login(slot, 0, pin)) {
/* Login failed, so free the PIN if present */
- if (pin != NULL) {
- OPENSSL_cleanse(pin, pin_length);
- free(pin);
- pin = NULL;
- pin_length = 0;
- }
+ free_pin();
fail("Login failed\n");
}
/* Login successful, PIN retained in case further logins are
--
1.8.1.5
|
