Print this page
9642 PKCS#11 softtoken should use explicit_bzero
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Alex Wilson <alex.wilson@joyent.com>


   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.

  23  */
  24 
  25 
  26 #include <stdlib.h>
  27 #include <string.h>
  28 #include <strings.h>
  29 #include <errno.h>
  30 #include <fcntl.h>
  31 #include <sys/types.h>
  32 #include <sys/stat.h>
  33 #include "metaGlobal.h"
  34 
  35 /* Size of the template for creating key used for wrap/unwrap */
  36 #define WRAP_KEY_TEMPLATE_SIZE  7
  37 
  38 /*
  39  * Information necessary to create keys for C_WrapKey/C_UnwrapKey
  40  */
  41 typedef struct _wrap_info {
  42         CK_OBJECT_CLASS         class; /* class of the key for wrap/unwrap */


 579                                         save_rv = rv;
 580                                 }
 581                         }
 582 
 583                 }
 584 
 585                 meta_slot_object_deactivate(clone);
 586                 meta_slot_object_dealloc(clone);
 587 
 588                 object->clones[slotnum] = NULL;
 589         }
 590 
 591         /* Now erase and delete any attributes in the metaobject. */
 592         dealloc_attributes(object->attributes, object->num_attributes);
 593 
 594         free(object->clones);
 595         free(object->tried_create_clone);
 596 
 597         if (object->clone_template) {
 598                 for (i = 0; i < object->clone_template_size; i++) {
 599                         free(((object->clone_template)[i]).pValue);

 600                 }
 601                 free(object->clone_template);
 602         }
 603 
 604         /* Cleanup remaining object fields. */
 605         (void) pthread_rwlock_destroy(&object->object_lock);
 606         (void) pthread_rwlock_destroy(&object->attribute_lock);
 607         (void) pthread_mutex_destroy(&object->isClosingObject_lock);
 608         (void) pthread_mutex_destroy(&object->clone_create_lock);
 609 
 610         meta_object_delay_free(object);
 611 
 612         return (save_rv);
 613 }
 614 
 615 
 616 /*
 617  * meta_slot_object_alloc
 618  */
 619 CK_RV


 842         }
 843 
 844 finish:
 845         (void) pthread_rwlock_unlock(&object->attribute_lock);
 846 
 847         if (session)
 848                 meta_release_slot_session(session);
 849 
 850         if (attrs) {
 851                 for (i = 0; i < num_attrs; i++) {
 852                         if (attrs[i].pValue != NULL) {
 853                                 free(attrs[i].pValue);
 854                         }
 855                 }
 856                 free(attrs);
 857         }
 858 
 859         if (attrs_with_val) {
 860                 for (i = 0; i < num_attrs; i++) {
 861                         if (attrs_with_val[i].pValue != NULL) {
 862                                 free(attrs_with_val[i].pValue);

 863                         }
 864                 }
 865                 free(attrs_with_val);
 866         }
 867         return (rv);
 868 }
 869 
 870 /*
 871  * Create an object to be used for wrapping and unwrapping.
 872  * The same template will be used for all wrapping/unwrapping keys all
 873  * the time
 874  */
 875 
 876 static CK_RV
 877 create_wrap_unwrap_key(slot_session_t *slot_session, CK_OBJECT_HANDLE *hObject,
 878     wrap_info_t *wrap_info, char *key_data, CK_ULONG key_len)
 879 {
 880 
 881         CK_OBJECT_CLASS objclass;
 882         CK_KEY_TYPE keytype;


1474 
1475         if (wrappingKey) {
1476                 (void) FUNCLIST(src_slot_session->fw_st_id)->C_DestroyObject(
1477                     src_slot_session->hSession, wrappingKey);
1478         }
1479 
1480         if (tmp_slot_obj) {
1481                 (void) meta_slot_object_dealloc(tmp_slot_obj);
1482         }
1483 
1484         if (tmp_meta_obj) {
1485                 (void) meta_object_dealloc(tmp_meta_session, tmp_meta_obj,
1486                     B_TRUE);
1487         }
1488 
1489         if (tmp_meta_session) {
1490                 (void) meta_session_dealloc(tmp_meta_session);
1491         }
1492 
1493         if (wrappedKey) {
1494                 free(wrappedKey);
1495         }
1496 
1497         if (src_slot_session) {
1498                 meta_release_slot_session(src_slot_session);
1499         }
1500 
1501         return (rv);
1502 
1503 }
1504 
1505 
1506 /*
1507  * meta_object_get_clone
1508  *
1509  * Creates a "clone" of a metaobject on the specified slot. A clone is a
1510  * copy of the object.
1511  *
1512  * Clones are cached, so that they can be reused with subsequent operations.
1513  */
1514 CK_RV




   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
  23  * Copyright (c) 2018, Joyent, Inc.
  24  */
  25 
  26 
  27 #include <stdlib.h>
  28 #include <string.h>
  29 #include <strings.h>
  30 #include <errno.h>
  31 #include <fcntl.h>
  32 #include <sys/types.h>
  33 #include <sys/stat.h>
  34 #include "metaGlobal.h"
  35 
  36 /* Size of the template for creating key used for wrap/unwrap */
  37 #define WRAP_KEY_TEMPLATE_SIZE  7
  38 
  39 /*
  40  * Information necessary to create keys for C_WrapKey/C_UnwrapKey
  41  */
  42 typedef struct _wrap_info {
  43         CK_OBJECT_CLASS         class; /* class of the key for wrap/unwrap */


 580                                         save_rv = rv;
 581                                 }
 582                         }
 583 
 584                 }
 585 
 586                 meta_slot_object_deactivate(clone);
 587                 meta_slot_object_dealloc(clone);
 588 
 589                 object->clones[slotnum] = NULL;
 590         }
 591 
 592         /* Now erase and delete any attributes in the metaobject. */
 593         dealloc_attributes(object->attributes, object->num_attributes);
 594 
 595         free(object->clones);
 596         free(object->tried_create_clone);
 597 
 598         if (object->clone_template) {
 599                 for (i = 0; i < object->clone_template_size; i++) {
 600                         freezero((object->clone_template)[i].pValue,
 601                             (object->clone_template)[i].ulValueLen);
 602                 }
 603                 free(object->clone_template);
 604         }
 605 
 606         /* Cleanup remaining object fields. */
 607         (void) pthread_rwlock_destroy(&object->object_lock);
 608         (void) pthread_rwlock_destroy(&object->attribute_lock);
 609         (void) pthread_mutex_destroy(&object->isClosingObject_lock);
 610         (void) pthread_mutex_destroy(&object->clone_create_lock);
 611 
 612         meta_object_delay_free(object);
 613 
 614         return (save_rv);
 615 }
 616 
 617 
 618 /*
 619  * meta_slot_object_alloc
 620  */
 621 CK_RV


 844         }
 845 
 846 finish:
 847         (void) pthread_rwlock_unlock(&object->attribute_lock);
 848 
 849         if (session)
 850                 meta_release_slot_session(session);
 851 
 852         if (attrs) {
 853                 for (i = 0; i < num_attrs; i++) {
 854                         if (attrs[i].pValue != NULL) {
 855                                 free(attrs[i].pValue);
 856                         }
 857                 }
 858                 free(attrs);
 859         }
 860 
 861         if (attrs_with_val) {
 862                 for (i = 0; i < num_attrs; i++) {
 863                         if (attrs_with_val[i].pValue != NULL) {
 864                                 freezero(attrs_with_val[i].pValue,
 865                                     attrs_with_val[i].ulValueLen);
 866                         }
 867                 }
 868                 free(attrs_with_val);
 869         }
 870         return (rv);
 871 }
 872 
 873 /*
 874  * Create an object to be used for wrapping and unwrapping.
 875  * The same template will be used for all wrapping/unwrapping keys all
 876  * the time
 877  */
 878 
 879 static CK_RV
 880 create_wrap_unwrap_key(slot_session_t *slot_session, CK_OBJECT_HANDLE *hObject,
 881     wrap_info_t *wrap_info, char *key_data, CK_ULONG key_len)
 882 {
 883 
 884         CK_OBJECT_CLASS objclass;
 885         CK_KEY_TYPE keytype;


1477 
1478         if (wrappingKey) {
1479                 (void) FUNCLIST(src_slot_session->fw_st_id)->C_DestroyObject(
1480                     src_slot_session->hSession, wrappingKey);
1481         }
1482 
1483         if (tmp_slot_obj) {
1484                 (void) meta_slot_object_dealloc(tmp_slot_obj);
1485         }
1486 
1487         if (tmp_meta_obj) {
1488                 (void) meta_object_dealloc(tmp_meta_session, tmp_meta_obj,
1489                     B_TRUE);
1490         }
1491 
1492         if (tmp_meta_session) {
1493                 (void) meta_session_dealloc(tmp_meta_session);
1494         }
1495 
1496         if (wrappedKey) {
1497                 freezero(wrappedKey, wrappedKeyLen);
1498         }
1499 
1500         if (src_slot_session) {
1501                 meta_release_slot_session(src_slot_session);
1502         }
1503 
1504         return (rv);
1505 
1506 }
1507 
1508 
1509 /*
1510  * meta_object_get_clone
1511  *
1512  * Creates a "clone" of a metaobject on the specified slot. A clone is a
1513  * copy of the object.
1514  *
1515  * Clones are cached, so that they can be reused with subsequent operations.
1516  */
1517 CK_RV