commit 9d445b0294b588a834797e4f8c3d6ea3c1b3da2b
Author: Joy Latten <jmlatten@linux.vnet.ibm.com>
Date:   Wed Feb 12 12:09:14 2014 -0600

    ep11's h_opaque_2_blob needs to catch the return code from
    object_mgr_find_in_map1 and return it.
    
    Signed-off-by: Joy Latten <jmlatten@linux.vnet.ibm.com>

diff --git a/usr/lib/pkcs11/ep11_stdll/ep11_specific.c b/usr/lib/pkcs11/ep11_stdll/ep11_specific.c
index 1a43ccb..90d3df1 100644
--- a/usr/lib/pkcs11/ep11_stdll/ep11_specific.c
+++ b/usr/lib/pkcs11/ep11_stdll/ep11_specific.c
@@ -1814,12 +1814,12 @@ CK_RV token_specific_derive_key(SESSION *session, CK_MECHANISM_PTR mech,
 	memset(&secret_op, 0, sizeof(secret_op));
 	secret_op.blob_size = blobsize;
 
-	if (h_opaque_2_blob(hBaseKey, &blob, &blob_len) != CKR_OK) {
+	rc = h_opaque_2_blob(hBaseKey, &blob, &blob_len);
+	if (rc != CKR_OK) {
 		EP11TOK_ELOG(1,"FAIL hBaseKey=0x%lx",hBaseKey);
-		return CKR_CANCEL;
+		return rc;
 	}
 
-
 	/* Get the keytype to use when creating the key object */
 	rc = ep11_get_keytype(attrs, attrs_len, mech, &ktype, &class);
 	if (rc != CKR_OK) {
@@ -2732,36 +2732,19 @@ CK_RV token_specific_generate_key_pair(SESSION * sess,
 			private_key_obj->name, public_key_obj, private_key_obj);
 	}
 
-	/* Keys should be fully constructed,
-	 * assign object handles and store keys.
-	 */
-	rc = object_mgr_create_final(sess, public_key_obj, phPublicKey);
-	if (rc != CKR_OK) {
-		OCK_LOG_ERR(ERR_OBJMGR_CREATE_FINAL);
-		goto error;
-	}
-
-	rc = object_mgr_create_final(sess, private_key_obj, phPrivateKey);
-	if (rc != CKR_OK) {
-		OCK_LOG_ERR(ERR_OBJMGR_CREATE_FINAL);
-		object_mgr_destroy_object(sess, *phPublicKey);
-		public_key_obj = NULL;
-		goto error;
-	}
-
 	/* copy CKA_CLASS, CKA_KEY_TYPE to private template */
 	if (template_attribute_find(public_key_obj->template, CKA_CLASS, &attr)) {
 		rc = build_attribute(attr->type, attr->pValue,
 					attr->ulValueLen, &n_attr);
 		if (rc != CKR_OK) {
 			EP11TOK_ELOG(1,"build_attribute failed with rc=0x%lx",rc);
-			return rc;
+			goto error;
 		}
 
 		rc = template_update_attribute(private_key_obj->template, n_attr);
 		if (rc != CKR_OK) {
 			EP11TOK_ELOG(1,"template_update_attribute failed with rc=0x%lx",rc);
-			return rc;
+			goto error;
 		}
 	}
 
@@ -2770,17 +2753,34 @@ CK_RV token_specific_generate_key_pair(SESSION * sess,
 					attr->ulValueLen, &n_attr);
 		if (rc != CKR_OK) {
 			EP11TOK_ELOG(1,"build_attribute failed with rc=0x%lx",rc);
-			return rc;
+			goto error;
 		}
 
 		rc = template_update_attribute(private_key_obj->template, n_attr);
 		if (rc != CKR_OK) {
 			EP11TOK_ELOG(1,"template_update_attribute failed with rc=0x%lx",rc);
-			return rc;
+			goto error;
 		}
 	}
 
+	/* Keys should be fully constructed,
+	 * assign object handles and store keys.
+	 */
+	rc = object_mgr_create_final(sess, public_key_obj, phPublicKey);
+	if (rc != CKR_OK) {
+		OCK_LOG_ERR(ERR_OBJMGR_CREATE_FINAL);
+		goto error;
+	}
+
+	rc = object_mgr_create_final(sess, private_key_obj, phPrivateKey);
+	if (rc != CKR_OK) {
+		OCK_LOG_ERR(ERR_OBJMGR_CREATE_FINAL);
+		object_mgr_destroy_object(sess, *phPublicKey);
+		public_key_obj = NULL;
+		goto error;
+	}
 	return rc;
+
 error:
 	if (public_key_obj) object_free(public_key_obj);
 	if (private_key_obj) object_free(private_key_obj);
@@ -2801,11 +2801,13 @@ static CK_RV h_opaque_2_blob(CK_OBJECT_HANDLE handle,
 	OBJECT *key_obj;
 	CK_ATTRIBUTE *attr = NULL;
 	ep11_opaque *op;
+	CK_RV rc;
 
 	/* find the key obj by the key handle */
-	if (object_mgr_find_in_map1(handle,&key_obj) != CKR_OK) {
+	rc = object_mgr_find_in_map1(handle,&key_obj);
+	if (rc != CKR_OK) {
 		EP11TOK_ELOG(1,"key 0x%lx not mapped", handle);
-		return CKR_FUNCTION_FAILED;
+		return rc;
 	}
     
 	/* blob already exists */
@@ -2844,30 +2846,31 @@ CK_RV token_specific_sign_init(SESSION *session, CK_MECHANISM *mech,
 		return CKR_HOST_MEMORY;
 	}
 
-	if (h_opaque_2_blob(key,&privkey_blob,&blob_len) == CKR_OK) {
-		rc = m_SignInit(ep11_sign_state, &ep11_sign_state_l,
-				mech, privkey_blob, blob_len, ep11tok_target) ;
+	rc = h_opaque_2_blob(key, &privkey_blob, &blob_len);
+	if (rc != CKR_OK) {
+		EP11TOK_ELOG(1,"no blob rc=0x%lx",rc);
+		return rc;
+	}
 
-		/* SIGN_VERIFY_CONTEX holds all needed for continuing,
-		 * also by another adapter (stateless requests)
-		 */
-		ctx->key = key;
-		ctx->multi = FALSE;
-		ctx->active = TRUE;
-		ctx->context = ep11_sign_state;
-		ctx->context_len = ep11_sign_state_l;
+	rc = m_SignInit(ep11_sign_state, &ep11_sign_state_l,
+			mech, privkey_blob, blob_len, ep11tok_target) ;
 
-		if (rc != CKR_OK) {
-			EP11TOK_ELOG(1,"rc=0x%lx blob_len=0x%x key=0x%lx mech=0x%lx", rc, blob_len, key, mech->mechanism);
-		} else {
-			EP11TOK_LOG(2,"rc=0x%lx blob_len=0x%x key=0x%lx mech=0x%lx", rc, blob_len, key, mech->mechanism);
-		}
+	/* SIGN_VERIFY_CONTEX holds all needed for continuing,
+	 * also by another adapter (stateless requests)
+	 */
+	ctx->key = key;
+	ctx->multi = FALSE;
+	ctx->active = TRUE;
+	ctx->context = ep11_sign_state;
+	ctx->context_len = ep11_sign_state_l;
 
-		return rc;
+	if (rc != CKR_OK) {
+		EP11TOK_ELOG(1,"rc=0x%lx blob_len=0x%x key=0x%lx mech=0x%lx", rc, blob_len, key, mech->mechanism);
 	} else {
-		EP11TOK_ELOG(1,"no blob rc=0x%lx",rc);
-		return CKR_FUNCTION_FAILED;
+		EP11TOK_LOG(2,"rc=0x%lx blob_len=0x%x key=0x%lx mech=0x%lx", rc, blob_len, key, mech->mechanism);
 	}
+
+	return rc;
 }
 
 
@@ -2946,27 +2949,26 @@ CK_RV token_specific_verify_init(SESSION *session, CK_MECHANISM *mech,
 		return CKR_HOST_MEMORY;
 	}
 
-	if (h_opaque_2_blob(key,&spki,&spki_len) == CKR_OK) {
-		rc = m_VerifyInit(ep11_sign_state, &ep11_sign_state_l, mech,
-				  spki, spki_len, ep11tok_target);
-        
-		ctx->key = key;
-		ctx->multi = FALSE;
-		ctx->active = TRUE;
-		ctx->context = ep11_sign_state;
-		ctx->context_len = ep11_sign_state_l;
-
-		if (rc != CKR_OK) {
-			EP11TOK_ELOG(1,"rc=0x%lx spki_len=0x%x key=0x%lx ep11_sing_state_l=0x%x mech=0x%lx", rc, spki_len, key, ep11_sign_state_l, mech->mechanism);
-		} else {
-			EP11TOK_LOG(2,"rc=0x%lx spki_len=0x%x key=0x%lx ep11_sing_state_l=0x%x mech=0x%lx", rc, spki_len, key, ep11_sign_state_l, mech->mechanism);
-		}
-
+	rc = h_opaque_2_blob(key, &spki, &spki_len);
+	if (rc != CKR_OK) {
+		EP11TOK_ELOG(1,"no blob rc=0x%lx",rc);
 		return rc;
+	}
+
+	rc = m_VerifyInit(ep11_sign_state, &ep11_sign_state_l, mech,
+			  spki, spki_len, ep11tok_target);
+	ctx->key = key;
+	ctx->multi = FALSE;
+	ctx->active = TRUE;
+	ctx->context = ep11_sign_state;
+	ctx->context_len = ep11_sign_state_l;
+	if (rc != CKR_OK) {
+		EP11TOK_ELOG(1,"rc=0x%lx spki_len=0x%x key=0x%lx ep11_sing_state_l=0x%x mech=0x%lx", rc, spki_len, key, ep11_sign_state_l, mech->mechanism);
 	} else {
-		EP11TOK_ELOG(1,"no blob rc=0x%lx",rc);
-		return CKR_FUNCTION_FAILED;
+		EP11TOK_LOG(2,"rc=0x%lx spki_len=0x%x key=0x%lx ep11_sing_state_l=0x%x mech=0x%lx", rc, spki_len, key, ep11_sign_state_l, mech->mechanism);
 	}
+
+	return rc;
 }
 
 
@@ -3169,11 +3171,12 @@ static CK_RV ep11_ende_crypt_init(SESSION *session, CK_MECHANISM_PTR mech,
 		return CKR_HOST_MEMORY;
 	}
 
-	if (h_opaque_2_blob(key, &blob, &blob_len) != CKR_OK) {
+	rc = h_opaque_2_blob(key, &blob, &blob_len);
+	if (rc != CKR_OK) {
 		EP11TOK_ELOG(1,"no blob rc=0x%lx",rc);
-		return CKR_FUNCTION_FAILED;
+		return rc;
 	}
-    
+
 	if (op == DECRYPT) {
 		rc = m_DecryptInit(ep11_state, &ep11_state_l, mech, blob,
 				   blob_len, ep11tok_target);