[pkg-opensc-commit] [engine-pkcs11] 121/152: introduce zero_pin() to eliminate copied code

Mon Oct 19 03:11:24 UTC 2015

This is an automated email from the git hooks/post-receive script.

eric pushed a commit to branch master
in repository engine-pkcs11.

commit d99c01fb5ddfb40822a5d212c09dab081a00124f
Author: Nikos Mavrogiannopoulos <nmav at redhat.com>
Date:   Tue Aug 25 16:05:11 2015 +0200

    introduce zero_pin() to eliminate copied code
---
 src/engine_pkcs11.c | 50 ++++++++++++++++----------------------------------
 1 file changed, 16 insertions(+), 34 deletions(-)

diff --git a/src/engine_pkcs11.c b/src/engine_pkcs11.c
index dd3d76e..d4efe74 100644
--- a/src/engine_pkcs11.c
+++ b/src/engine_pkcs11.c
@@ -152,19 +152,24 @@ int set_init_args(const char *init_args_orig)
 	return 1;
 }
 
-int pkcs11_finish(ENGINE * engine)
+static void zero_pin(void)
 {
-	if (ctx) {
-		PKCS11_CTX_unload(ctx);
-		PKCS11_CTX_free(ctx);
-		ctx = NULL;
-	}
 	if (pin != NULL) {
 		OPENSSL_cleanse(pin, pin_length);
 		free(pin);
 		pin = NULL;
 		pin_length = 0;
 	}
+}
+
+int pkcs11_finish(ENGINE * engine)
+{
+	if (ctx) {
+		PKCS11_CTX_unload(ctx);
+		PKCS11_CTX_free(ctx);
+		ctx = NULL;
+	}
+	zero_pin();
 	return 1;
 }
 
@@ -190,12 +195,7 @@ int pkcs11_init(ENGINE * engine)
 
 int pkcs11_rsa_finish(RSA * rsa)
 {
-	if (pin) {
-		OPENSSL_cleanse(pin, pin_length);
-		free(pin);
-		pin = NULL;
-		pin_length = 0;
-	}
+	zero_pin();
 	if (module) {
 		free(module);
 		module = NULL;
@@ -668,12 +668,7 @@ static X509 *pkcs11_load_cert(ENGINE * e, const char *s_slot_cert_id)
 		/* Now login in with the (possibly NULL) pin */
 		if (PKCS11_login(slot, 0, pin)) {
 			/* Login failed, so free the PIN if present */
-			if (pin != NULL) {
-				OPENSSL_cleanse(pin, pin_length);
-				free(pin);
-				pin = NULL;
-				pin_length = 0;
-			}
+			zero_pin();
 			fail("Login failed\n");
 		}
 	}
@@ -925,12 +920,7 @@ static EVP_PKEY *pkcs11_load_key(ENGINE * e, const char *s_slot_key_id,
 		if (tok->secureLogin) {
 			/* Free the PIN if it has already been 
 			   assigned (i.e, cached by get_pin) */
-			if (pin != NULL) {
-				OPENSSL_cleanse(pin, pin_length);
-				free(pin);
-				pin = NULL;
-				pin_length = 0;
-			}
+			zero_pin();
 		} else if (pin == NULL) {
 			pin = (char *)calloc(MAX_PIN_LENGTH, sizeof(char));
 			pin_length = MAX_PIN_LENGTH;
@@ -938,10 +928,7 @@ static EVP_PKEY *pkcs11_load_key(ENGINE * e, const char *s_slot_key_id,
 				fail("Could not allocate memory for PIN");
 			}
 			if (!get_pin(ui_method, callback_data) ) {
-				OPENSSL_cleanse(pin, pin_length);
-				free(pin);
-				pin = NULL;
-				pin_length = 0;
+				zero_pin();
 				fail("No pin code was entered");
 			}
 		}
@@ -949,12 +936,7 @@ static EVP_PKEY *pkcs11_load_key(ENGINE * e, const char *s_slot_key_id,
 		/* Now login in with the (possibly NULL) pin */
 		if (PKCS11_login(slot, 0, pin)) {
 			/* Login failed, so free the PIN if present */
-			if (pin != NULL) {
-				OPENSSL_cleanse(pin, pin_length);
-				free(pin);
-				pin = NULL;
-				pin_length = 0;
-			}
+			zero_pin();
 			fail("Login failed\n");
 		}
 		/* Login successful, PIN retained in case further logins are 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/engine-pkcs11.git

