[pkg-opensc-commit] [libp11] 08/86: More EVP_MD_CTX issues, Handle the CK_OBJECT_HANDLE secret key
Eric Dorland
eric at moszumanska.debian.org
Sun Jul 24 21:40:17 UTC 2016
This is an automated email from the git hooks/post-receive script.
eric pushed a commit to branch master
in repository libp11.
commit 5a8e648c1a31fb830fb1e46e7cb3bbbd7b9f3e7d
Author: Doug Engert <deengert at gmail.com>
Date: Tue Jan 19 16:11:12 2016 -0600
More EVP_MD_CTX issues, Handle the CK_OBJECT_HANDLE secret key
---
examples/rawrsasign.c | 33 +++++++++++++++++++++++----------
src/libp11.h | 2 +-
src/p11_ops.c | 7 ++++---
3 files changed, 28 insertions(+), 14 deletions(-)
diff --git a/examples/rawrsasign.c b/examples/rawrsasign.c
index f2285cd..54c1372 100644
--- a/examples/rawrsasign.c
+++ b/examples/rawrsasign.c
@@ -44,7 +44,7 @@ int main(int argc, char *argv[])
PKCS11_KEY *authkey = NULL;
PKCS11_CERT *authcert = NULL;
EVP_PKEY *pubkey = NULL;
- EVP_MD_CTX mctx;
+ EVP_MD_CTX *mctx = NULL;
EVP_PKEY_CTX *pkeyctx = NULL;
unsigned char *random = NULL, *signature = NULL;
@@ -195,19 +195,25 @@ loggedin:
}
/* Compute the SHA1 hash of the random bytes */
- EVP_MD_CTX_init(&mctx);
- if (EVP_DigestInit(&mctx, EVP_sha1()) != 1) {
+ mctx = EVP_MD_CTX_new();
+ if (mctx == NULL) {
+ fprintf(stderr, "fatal: EVP_MD_CTX_new failed\n");
+ END(1);
+ }
+ if (EVP_DigestInit(mctx, EVP_sha1()) != 1) {
fprintf(stderr, "fatal: EVP_DigestInit failed\n");
END(1);
}
- if (EVP_DigestUpdate(&mctx, random, RANDOM_SIZE) != 1) {
+ if (EVP_DigestUpdate(mctx, random, RANDOM_SIZE) != 1) {
fprintf(stderr, "fatal: EVP_DigestUpdate failed\n");
END(1);
}
- if (EVP_DigestFinal(&mctx, hash, &hlen) != 1) {
+ if (EVP_DigestFinal(mctx, hash, &hlen) != 1) {
fprintf(stderr, "fatal: EVP_DigestFinal failed\n");
END(1);
}
+ EVP_MD_CTX_free(mctx);
+ mctx = NULL;
/* Compute a PKCS #1 "block type 01" encryption-block */
sig.algor = &algorithm;
@@ -250,8 +256,12 @@ loggedin:
END(1);
}
- EVP_MD_CTX_init(&mctx);
- if (EVP_DigestVerifyInit(&mctx, &pkeyctx, EVP_sha1(), NULL, pubkey) != 1) {
+ mctx = EVP_MD_CTX_new();
+ if (mctx == NULL) {
+ fprintf(stderr, "fatal: EVP_MD_CTX_new failed\n");
+ END(1);
+ }
+ if (EVP_DigestVerifyInit(mctx, &pkeyctx, EVP_sha1(), NULL, pubkey) != 1) {
fprintf(stderr, "fatal: EVP_DigestVerifyInit failed\n");
END(1);
}
@@ -261,14 +271,16 @@ loggedin:
END(1);
}
- if (EVP_DigestVerifyUpdate(&mctx, (const void*)random, RANDOM_SIZE) <= 0) {
+ if (EVP_DigestVerifyUpdate(mctx, (const void*)random, RANDOM_SIZE) <= 0) {
fprintf(stderr, "fatal: EVP_DigestVerifyUpdate failed\n");
END(1);
}
- if ((rc = EVP_DigestVerifyFinal(&mctx, signature, siglen)) != 1) {
+ if ((rc = EVP_DigestVerifyFinal(mctx, signature, siglen)) != 1) {
fprintf(stderr, "fatal: EVP_DigestVerifyFinal failed : %d\n", rc);
END(1);
}
+ EVP_MD_CTX_free(mctx);
+ mctx = NULL;
printf("raw signing operation and signature verification successfull.\n");
ret = 0;
@@ -278,7 +290,8 @@ end:
ERR_print_errors_fp(stderr);
printf("raw signing operation failed.\n");
}
-
+ if (mctx)
+ EVP_MD_CTX_free(mctx);
if (pubkey != NULL)
EVP_PKEY_free(pubkey);
if (random != NULL)
diff --git a/src/libp11.h b/src/libp11.h
index c3c6a2c..07e6e63 100644
--- a/src/libp11.h
+++ b/src/libp11.h
@@ -400,7 +400,7 @@ extern int PKCS11_ecdsa_sign(const unsigned char *m, unsigned int m_len,
extern int PKCS11_ecdh_derive(unsigned char **out, size_t *out_len,
const unsigned long ecdh_mechanism,
const void * ec_params,
- CK_OBJECT_HANDLE * outnewkey,
+ void * outnewkey, /* CK_OBJECT_HANDLE */
PKCS11_KEY * key);
#endif /* OPENSSL_VERSION_NUMBER >= 0x10100002L */
diff --git a/src/p11_ops.c b/src/p11_ops.c
index d537170..7c893a9 100644
--- a/src/p11_ops.c
+++ b/src/p11_ops.c
@@ -33,7 +33,7 @@
extern int PKCS11_ecdh_derive(unsigned char **out, size_t *outlen,
const unsigned long ecdh_mechanism,
const void * ec_params,
- CK_OBJECT_HANDLE *outnewkey,
+ void *outnewkey, /* CK_OBJECT_HANDLE */
PKCS11_KEY * key)
{
int rv;
@@ -49,6 +49,7 @@ extern int PKCS11_ecdh_derive(unsigned char **out, size_t *outlen,
CK_OBJECT_HANDLE newkey;
CK_OBJECT_CLASS newkey_class= CKO_SECRET_KEY;
CK_KEY_TYPE newkey_type = CKK_GENERIC_SECRET;
+ CK_OBJECT_HANDLE * tmpnewkey = (CK_OBJECT_HANDLE *)outnewkey;
CK_ATTRIBUTE newkey_template[] = {
{CKA_TOKEN, &false, sizeof(false)}, /* session only object */
{CKA_CLASS, &newkey_class, sizeof(newkey_class)},
@@ -107,8 +108,8 @@ extern int PKCS11_ecdh_derive(unsigned char **out, size_t *outlen,
}
}
- if (outnewkey) {
- *outnewkey = newkey;
+ if (tmpnewkey) {
+ *tmpnewkey = newkey;
} /* TODO else free newkey */
return 1;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/libp11.git
More information about the pkg-opensc-commit
mailing list