--- a/usr/src/lib/openssl/Patches/pkcs11-engine/hw_pk11.c Mon Feb 08 12:51:29 2010 +0200
+++ b/usr/src/lib/openssl/Patches/pkcs11-engine/hw_pk11.c Mon Feb 08 15:41:40 2010 +0200
@@ -1,9 +1,9 @@
/*
- * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
-#pragma ident "@(#)hw_pk11.c 1.2 09/11/10 SMI"
+#pragma ident "@(#)hw_pk11.c 1.3 10/02/01 SMI"
/* crypto/engine/hw_pk11.c */
/*
@@ -805,14 +805,14 @@
*/
static const char def_PK11_LIBNAME[] = PK11_LIB_LOCATION;
-static CK_BBOOL true = TRUE;
-static CK_BBOOL false = FALSE;
+static CK_BBOOL pk11_true = CK_TRUE;
+static CK_BBOOL pk11_false = CK_FALSE;
/* Needed in hw_pk11_pub.c as well so that's why it is not static. */
CK_SLOT_ID pubkey_SLOTID = 0;
static CK_SLOT_ID rand_SLOTID = 0;
static CK_SLOT_ID SLOTID = 0;
-static CK_BBOOL pk11_library_initialized = FALSE;
-static CK_BBOOL pk11_atfork_initialized = FALSE;
+static CK_BBOOL pk11_library_initialized = CK_FALSE;
+static CK_BBOOL pk11_atfork_initialized = CK_FALSE;
static int pk11_pid = 0;
static DSO *pk11_dso = NULL;
@@ -1296,7 +1296,7 @@
digest_count = 0;
}
- pk11_library_initialized = TRUE;
+ pk11_library_initialized = CK_TRUE;
pk11_pid = getpid();
/*
* if initialization of the locks fails pk11_init_all_locks()
@@ -1321,7 +1321,7 @@
PK11err(PK11_F_LIBRARY_INIT, PK11_R_ATFORK_FAILED);
goto err;
}
- pk11_atfork_initialized = TRUE;
+ pk11_atfork_initialized = CK_TRUE;
}
return (1);
@@ -1381,7 +1381,7 @@
}
pk11_dso = NULL;
pFuncList = NULL;
- pk11_library_initialized = FALSE;
+ pk11_library_initialized = CK_FALSE;
pk11_pid = 0;
/*
* There is no way how to unregister atfork handlers (other than
@@ -1682,7 +1682,7 @@
sp = NULL;
goto err;
}
- if (pk11_token_relogin(sp->session) == 0)
+ if (pk11_token_relogin(sp->session) == 0)
{
/*
* We will keep the session in the cache list and let
@@ -1877,7 +1877,7 @@
* We are probably a child process so force the
* reinitialize of the session
*/
- pk11_library_initialized = FALSE;
+ pk11_library_initialized = CK_FALSE;
if (!pk11_library_init(NULL))
return (0);
rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION,
@@ -1936,6 +1936,32 @@
}
#ifndef OPENSSL_NO_RSA
+/*
+ * Destroy all non-NULL RSA parameters. For the RSA keys by reference code,
+ * public components 'n'/'e' are the key components we use to check for the
+ * cache hit even for the private keys. So, no matter whether we are destroying
+ * a public or a private key, we always free what we can.
+ */
+static void
+destroy_all_rsa_params(PK11_SESSION *sp)
+ {
+ if (sp->opdata_rsa_n_num != NULL)
+ {
+ BN_free(sp->opdata_rsa_n_num);
+ sp->opdata_rsa_n_num = NULL;
+ }
+ if (sp->opdata_rsa_e_num != NULL)
+ {
+ BN_free(sp->opdata_rsa_e_num);
+ sp->opdata_rsa_e_num = NULL;
+ }
+ if (sp->opdata_rsa_d_num != NULL)
+ {
+ BN_free(sp->opdata_rsa_d_num);
+ sp->opdata_rsa_d_num = NULL;
+ }
+ }
+
/* Destroy RSA public key from single session. */
int
pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock)
@@ -1948,16 +1974,7 @@
ret, uselock, OP_RSA);
sp->opdata_rsa_pub_key = CK_INVALID_HANDLE;
sp->opdata_rsa_pub = NULL;
- if (sp->opdata_rsa_n_num != NULL)
- {
- BN_free(sp->opdata_rsa_n_num);
- sp->opdata_rsa_n_num = NULL;
- }
- if (sp->opdata_rsa_e_num != NULL)
- {
- BN_free(sp->opdata_rsa_e_num);
- sp->opdata_rsa_e_num = NULL;
- }
+ destroy_all_rsa_params(sp);
}
return (ret);
@@ -1975,27 +1992,7 @@
ret, uselock, OP_RSA);
sp->opdata_rsa_priv_key = CK_INVALID_HANDLE;
sp->opdata_rsa_priv = NULL;
- if (sp->opdata_rsa_d_num != NULL)
- {
- BN_free(sp->opdata_rsa_d_num);
- sp->opdata_rsa_d_num = NULL;
- }
-
- /*
- * For the RSA key by reference code, public components 'n'/'e'
- * are the key components we use to check for the cache hit. We
- * must free those as well.
- */
- if (sp->opdata_rsa_n_num != NULL)
- {
- BN_free(sp->opdata_rsa_n_num);
- sp->opdata_rsa_n_num = NULL;
- }
- if (sp->opdata_rsa_e_num != NULL)
- {
- BN_free(sp->opdata_rsa_e_num);
- sp->opdata_rsa_e_num = NULL;
- }
+ destroy_all_rsa_params(sp);
}
return (ret);
@@ -2011,7 +2008,7 @@
int ret = 1;
PK11_SESSION *sp = NULL;
PK11_SESSION *local_free_session;
- CK_BBOOL uselock = TRUE;
+ CK_BBOOL uselock = CK_TRUE;
if (session != NULL)
local_free_session = session;
@@ -2019,7 +2016,7 @@
{
(void) pthread_mutex_lock(session_cache[OP_RSA].lock);
local_free_session = session_cache[OP_RSA].head;
- uselock = FALSE;
+ uselock = CK_FALSE;
}
/*
@@ -2107,7 +2104,7 @@
int ret = 1;
PK11_SESSION *sp = NULL;
PK11_SESSION *local_free_session;
- CK_BBOOL uselock = TRUE;
+ CK_BBOOL uselock = CK_TRUE;
if (session != NULL)
local_free_session = session;
@@ -2115,7 +2112,7 @@
{
(void) pthread_mutex_lock(session_cache[OP_DSA].lock);
local_free_session = session_cache[OP_DSA].head;
- uselock = FALSE;
+ uselock = CK_FALSE;
}
/*
@@ -2183,7 +2180,7 @@
int ret = 1;
PK11_SESSION *sp = NULL;
PK11_SESSION *local_free_session;
- CK_BBOOL uselock = TRUE;
+ CK_BBOOL uselock = CK_TRUE;
if (session != NULL)
local_free_session = session;
@@ -2191,7 +2188,7 @@
{
(void) pthread_mutex_lock(session_cache[OP_DH].lock);
local_free_session = session_cache[OP_DH].head;
- uselock = FALSE;
+ uselock = CK_FALSE;
}
while ((sp = local_free_session) != NULL)
@@ -2710,9 +2707,9 @@
{
{CKA_CLASS, (void*) NULL, sizeof (CK_OBJECT_CLASS)},
{CKA_KEY_TYPE, (void*) NULL, sizeof (CK_KEY_TYPE)},
- {CKA_TOKEN, &false, sizeof (false)},
- {CKA_ENCRYPT, &true, sizeof (true)},
- {CKA_DECRYPT, &true, sizeof (true)},
+ {CKA_TOKEN, &pk11_false, sizeof (pk11_false)},
+ {CKA_ENCRYPT, &pk11_true, sizeof (pk11_true)},
+ {CKA_DECRYPT, &pk11_true, sizeof (pk11_true)},
{CKA_VALUE, (void*) NULL, 0},
};