openCryptoki/ocki-3.1_04_ep11_opaque2blob_error_handl.patch

234 lines
7.3 KiB
Diff
Raw Normal View History

commit 9d445b0294b588a834797e4f8c3d6ea3c1b3da2b
Author: Joy Latten <jmlatten@linux.vnet.ibm.com>
Date: Wed Feb 12 12:09:14 2014 -0600
ep11's h_opaque_2_blob needs to catch the return code from
object_mgr_find_in_map1 and return it.
Signed-off-by: Joy Latten <jmlatten@linux.vnet.ibm.com>
diff --git a/usr/lib/pkcs11/ep11_stdll/ep11_specific.c b/usr/lib/pkcs11/ep11_stdll/ep11_specific.c
index 1a43ccb..90d3df1 100644
--- a/usr/lib/pkcs11/ep11_stdll/ep11_specific.c
+++ b/usr/lib/pkcs11/ep11_stdll/ep11_specific.c
@@ -1814,12 +1814,12 @@ CK_RV token_specific_derive_key(SESSION *session, CK_MECHANISM_PTR mech,
memset(&secret_op, 0, sizeof(secret_op));
secret_op.blob_size = blobsize;
- if (h_opaque_2_blob(hBaseKey, &blob, &blob_len) != CKR_OK) {
+ rc = h_opaque_2_blob(hBaseKey, &blob, &blob_len);
+ if (rc != CKR_OK) {
EP11TOK_ELOG(1,"FAIL hBaseKey=0x%lx",hBaseKey);
- return CKR_CANCEL;
+ return rc;
}
-
/* Get the keytype to use when creating the key object */
rc = ep11_get_keytype(attrs, attrs_len, mech, &ktype, &class);
if (rc != CKR_OK) {
@@ -2732,36 +2732,19 @@ CK_RV token_specific_generate_key_pair(SESSION * sess,
private_key_obj->name, public_key_obj, private_key_obj);
}
- /* Keys should be fully constructed,
- * assign object handles and store keys.
- */
- rc = object_mgr_create_final(sess, public_key_obj, phPublicKey);
- if (rc != CKR_OK) {
- OCK_LOG_ERR(ERR_OBJMGR_CREATE_FINAL);
- goto error;
- }
-
- rc = object_mgr_create_final(sess, private_key_obj, phPrivateKey);
- if (rc != CKR_OK) {
- OCK_LOG_ERR(ERR_OBJMGR_CREATE_FINAL);
- object_mgr_destroy_object(sess, *phPublicKey);
- public_key_obj = NULL;
- goto error;
- }
-
/* copy CKA_CLASS, CKA_KEY_TYPE to private template */
if (template_attribute_find(public_key_obj->template, CKA_CLASS, &attr)) {
rc = build_attribute(attr->type, attr->pValue,
attr->ulValueLen, &n_attr);
if (rc != CKR_OK) {
EP11TOK_ELOG(1,"build_attribute failed with rc=0x%lx",rc);
- return rc;
+ goto error;
}
rc = template_update_attribute(private_key_obj->template, n_attr);
if (rc != CKR_OK) {
EP11TOK_ELOG(1,"template_update_attribute failed with rc=0x%lx",rc);
- return rc;
+ goto error;
}
}
@@ -2770,17 +2753,34 @@ CK_RV token_specific_generate_key_pair(SESSION * sess,
attr->ulValueLen, &n_attr);
if (rc != CKR_OK) {
EP11TOK_ELOG(1,"build_attribute failed with rc=0x%lx",rc);
- return rc;
+ goto error;
}
rc = template_update_attribute(private_key_obj->template, n_attr);
if (rc != CKR_OK) {
EP11TOK_ELOG(1,"template_update_attribute failed with rc=0x%lx",rc);
- return rc;
+ goto error;
}
}
+ /* Keys should be fully constructed,
+ * assign object handles and store keys.
+ */
+ rc = object_mgr_create_final(sess, public_key_obj, phPublicKey);
+ if (rc != CKR_OK) {
+ OCK_LOG_ERR(ERR_OBJMGR_CREATE_FINAL);
+ goto error;
+ }
+
+ rc = object_mgr_create_final(sess, private_key_obj, phPrivateKey);
+ if (rc != CKR_OK) {
+ OCK_LOG_ERR(ERR_OBJMGR_CREATE_FINAL);
+ object_mgr_destroy_object(sess, *phPublicKey);
+ public_key_obj = NULL;
+ goto error;
+ }
return rc;
+
error:
if (public_key_obj) object_free(public_key_obj);
if (private_key_obj) object_free(private_key_obj);
@@ -2801,11 +2801,13 @@ static CK_RV h_opaque_2_blob(CK_OBJECT_HANDLE handle,
OBJECT *key_obj;
CK_ATTRIBUTE *attr = NULL;
ep11_opaque *op;
+ CK_RV rc;
/* find the key obj by the key handle */
- if (object_mgr_find_in_map1(handle,&key_obj) != CKR_OK) {
+ rc = object_mgr_find_in_map1(handle,&key_obj);
+ if (rc != CKR_OK) {
EP11TOK_ELOG(1,"key 0x%lx not mapped", handle);
- return CKR_FUNCTION_FAILED;
+ return rc;
}
/* blob already exists */
@@ -2844,30 +2846,31 @@ CK_RV token_specific_sign_init(SESSION *session, CK_MECHANISM *mech,
return CKR_HOST_MEMORY;
}
- if (h_opaque_2_blob(key,&privkey_blob,&blob_len) == CKR_OK) {
- rc = m_SignInit(ep11_sign_state, &ep11_sign_state_l,
- mech, privkey_blob, blob_len, ep11tok_target) ;
+ rc = h_opaque_2_blob(key, &privkey_blob, &blob_len);
+ if (rc != CKR_OK) {
+ EP11TOK_ELOG(1,"no blob rc=0x%lx",rc);
+ return rc;
+ }
- /* SIGN_VERIFY_CONTEX holds all needed for continuing,
- * also by another adapter (stateless requests)
- */
- ctx->key = key;
- ctx->multi = FALSE;
- ctx->active = TRUE;
- ctx->context = ep11_sign_state;
- ctx->context_len = ep11_sign_state_l;
+ rc = m_SignInit(ep11_sign_state, &ep11_sign_state_l,
+ mech, privkey_blob, blob_len, ep11tok_target) ;
- if (rc != CKR_OK) {
- EP11TOK_ELOG(1,"rc=0x%lx blob_len=0x%x key=0x%lx mech=0x%lx", rc, blob_len, key, mech->mechanism);
- } else {
- EP11TOK_LOG(2,"rc=0x%lx blob_len=0x%x key=0x%lx mech=0x%lx", rc, blob_len, key, mech->mechanism);
- }
+ /* SIGN_VERIFY_CONTEX holds all needed for continuing,
+ * also by another adapter (stateless requests)
+ */
+ ctx->key = key;
+ ctx->multi = FALSE;
+ ctx->active = TRUE;
+ ctx->context = ep11_sign_state;
+ ctx->context_len = ep11_sign_state_l;
- return rc;
+ if (rc != CKR_OK) {
+ EP11TOK_ELOG(1,"rc=0x%lx blob_len=0x%x key=0x%lx mech=0x%lx", rc, blob_len, key, mech->mechanism);
} else {
- EP11TOK_ELOG(1,"no blob rc=0x%lx",rc);
- return CKR_FUNCTION_FAILED;
+ EP11TOK_LOG(2,"rc=0x%lx blob_len=0x%x key=0x%lx mech=0x%lx", rc, blob_len, key, mech->mechanism);
}
+
+ return rc;
}
@@ -2946,27 +2949,26 @@ CK_RV token_specific_verify_init(SESSION *session, CK_MECHANISM *mech,
return CKR_HOST_MEMORY;
}
- if (h_opaque_2_blob(key,&spki,&spki_len) == CKR_OK) {
- rc = m_VerifyInit(ep11_sign_state, &ep11_sign_state_l, mech,
- spki, spki_len, ep11tok_target);
-
- ctx->key = key;
- ctx->multi = FALSE;
- ctx->active = TRUE;
- ctx->context = ep11_sign_state;
- ctx->context_len = ep11_sign_state_l;
-
- if (rc != CKR_OK) {
- EP11TOK_ELOG(1,"rc=0x%lx spki_len=0x%x key=0x%lx ep11_sing_state_l=0x%x mech=0x%lx", rc, spki_len, key, ep11_sign_state_l, mech->mechanism);
- } else {
- EP11TOK_LOG(2,"rc=0x%lx spki_len=0x%x key=0x%lx ep11_sing_state_l=0x%x mech=0x%lx", rc, spki_len, key, ep11_sign_state_l, mech->mechanism);
- }
-
+ rc = h_opaque_2_blob(key, &spki, &spki_len);
+ if (rc != CKR_OK) {
+ EP11TOK_ELOG(1,"no blob rc=0x%lx",rc);
return rc;
+ }
+
+ rc = m_VerifyInit(ep11_sign_state, &ep11_sign_state_l, mech,
+ spki, spki_len, ep11tok_target);
+ ctx->key = key;
+ ctx->multi = FALSE;
+ ctx->active = TRUE;
+ ctx->context = ep11_sign_state;
+ ctx->context_len = ep11_sign_state_l;
+ if (rc != CKR_OK) {
+ EP11TOK_ELOG(1,"rc=0x%lx spki_len=0x%x key=0x%lx ep11_sing_state_l=0x%x mech=0x%lx", rc, spki_len, key, ep11_sign_state_l, mech->mechanism);
} else {
- EP11TOK_ELOG(1,"no blob rc=0x%lx",rc);
- return CKR_FUNCTION_FAILED;
+ EP11TOK_LOG(2,"rc=0x%lx spki_len=0x%x key=0x%lx ep11_sing_state_l=0x%x mech=0x%lx", rc, spki_len, key, ep11_sign_state_l, mech->mechanism);
}
+
+ return rc;
}
@@ -3169,11 +3171,12 @@ static CK_RV ep11_ende_crypt_init(SESSION *session, CK_MECHANISM_PTR mech,
return CKR_HOST_MEMORY;
}
- if (h_opaque_2_blob(key, &blob, &blob_len) != CKR_OK) {
+ rc = h_opaque_2_blob(key, &blob, &blob_len);
+ if (rc != CKR_OK) {
EP11TOK_ELOG(1,"no blob rc=0x%lx",rc);
- return CKR_FUNCTION_FAILED;
+ return rc;
}
-
+
if (op == DECRYPT) {
rc = m_DecryptInit(ep11_state, &ep11_state_l, mech, blob,
blob_len, ep11tok_target);