|
 |
18bcd8b |
From 4efe979d6b781e064fe1afa946753ead9e3bbb9d Mon Sep 17 00:00:00 2001
|
|
|
18bcd8b |
From: Peter Jones <pjones@redhat.com>
|
|
|
18bcd8b |
Date: Wed, 17 Oct 2012 17:49:17 -0400
|
|
|
11a11c6 |
Subject: [PATCH 26/42] Rework setup_digests() and teardown_digests()
|
|
|
18bcd8b |
|
|
|
18bcd8b |
This fixes the problem I was seeing with empty content_info digests, and
|
|
|
18bcd8b |
makes the code a /little/ bit cleaner in some ways.
|
|
|
18bcd8b |
|
|
|
18bcd8b |
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
|
18bcd8b |
---
|
|
|
18bcd8b |
src/cms_common.c | 92 +++++++++++++++++++++++++++++++++-----------------------
|
|
|
18bcd8b |
src/cms_common.h | 1 -
|
|
|
18bcd8b |
src/daemon.c | 28 +----------------
|
|
|
18bcd8b |
src/pesign.c | 7 -----
|
|
|
18bcd8b |
4 files changed, 55 insertions(+), 73 deletions(-)
|
|
|
18bcd8b |
|
|
|
18bcd8b |
diff --git a/src/cms_common.c b/src/cms_common.c
|
|
|
18bcd8b |
index ab5a066..6b3f5ec 100644
|
|
|
18bcd8b |
--- a/src/cms_common.c
|
|
|
18bcd8b |
+++ b/src/cms_common.c
|
|
|
18bcd8b |
@@ -96,43 +96,6 @@ digest_get_digest_size(cms_context *cms)
|
|
|
18bcd8b |
return digest_params[i].size;
|
|
|
18bcd8b |
}
|
|
|
18bcd8b |
|
|
|
18bcd8b |
-
|
|
|
18bcd8b |
-int
|
|
|
18bcd8b |
-setup_digests(cms_context *cms)
|
|
|
18bcd8b |
-{
|
|
|
18bcd8b |
- struct digest *digests = NULL;
|
|
|
18bcd8b |
-
|
|
|
18bcd8b |
- digests = calloc(n_digest_params, sizeof (*digests));
|
|
|
18bcd8b |
- if (!digests) {
|
|
|
18bcd8b |
- cms->log(cms, LOG_ERR, "cannot allocate memory: %m");
|
|
|
18bcd8b |
- return -1;
|
|
|
18bcd8b |
- }
|
|
|
18bcd8b |
-
|
|
|
18bcd8b |
- for (int i = 0; i < n_digest_params; i++) {
|
|
|
18bcd8b |
- digests[i].pk11ctx = PK11_CreateDigestContext(
|
|
|
18bcd8b |
- digest_params[i].digest_tag);
|
|
|
18bcd8b |
- if (!digests[i].pk11ctx) {
|
|
|
18bcd8b |
- cms->log(cms, LOG_ERR, "could not create digest "
|
|
|
18bcd8b |
- "context: %s",
|
|
|
18bcd8b |
- PORT_ErrorToString(PORT_GetError()));
|
|
|
18bcd8b |
- goto err;
|
|
|
18bcd8b |
- }
|
|
|
18bcd8b |
-
|
|
|
18bcd8b |
- PK11_DigestBegin(digests[i].pk11ctx);
|
|
|
18bcd8b |
- }
|
|
|
18bcd8b |
-
|
|
|
18bcd8b |
- cms->digests = digests;
|
|
|
18bcd8b |
- return 0;
|
|
|
18bcd8b |
-err:
|
|
|
18bcd8b |
- for (int i = 0; i < n_digest_params; i++) {
|
|
|
18bcd8b |
- if (digests[i].pk11ctx)
|
|
|
18bcd8b |
- PK11_DestroyContext(digests[i].pk11ctx, PR_TRUE);
|
|
|
18bcd8b |
- }
|
|
|
18bcd8b |
-
|
|
|
18bcd8b |
- free(digests);
|
|
|
18bcd8b |
- return -1;
|
|
|
18bcd8b |
-}
|
|
|
18bcd8b |
-
|
|
|
18bcd8b |
void
|
|
|
18bcd8b |
teardown_digests(cms_context *ctx)
|
|
|
18bcd8b |
{
|
|
|
18bcd8b |
@@ -733,6 +696,46 @@ check_pointer_and_size(Pe *pe, void *ptr, size_t size)
|
|
|
18bcd8b |
return 1;
|
|
|
18bcd8b |
}
|
|
|
18bcd8b |
|
|
|
18bcd8b |
+int
|
|
|
18bcd8b |
+generate_digest_begin(cms_context *cms)
|
|
|
18bcd8b |
+{
|
|
|
18bcd8b |
+ struct digest *digests = NULL;
|
|
|
18bcd8b |
+
|
|
|
18bcd8b |
+ if (cms->digests) {
|
|
|
18bcd8b |
+ digests = cms->digests;
|
|
|
18bcd8b |
+ } else {
|
|
|
18bcd8b |
+ digests = calloc(n_digest_params, sizeof (*digests));
|
|
|
18bcd8b |
+ if (!digests) {
|
|
|
18bcd8b |
+ cms->log(cms, LOG_ERR, "cannot allocate memory: %m");
|
|
|
18bcd8b |
+ return -1;
|
|
|
18bcd8b |
+ }
|
|
|
18bcd8b |
+ }
|
|
|
18bcd8b |
+
|
|
|
18bcd8b |
+ for (int i = 0; i < n_digest_params; i++) {
|
|
|
18bcd8b |
+ digests[i].pk11ctx = PK11_CreateDigestContext(
|
|
|
18bcd8b |
+ digest_params[i].digest_tag);
|
|
|
18bcd8b |
+ if (!digests[i].pk11ctx) {
|
|
|
18bcd8b |
+ cms->log(cms, LOG_ERR, "could not create digest "
|
|
|
18bcd8b |
+ "context: %s",
|
|
|
18bcd8b |
+ PORT_ErrorToString(PORT_GetError()));
|
|
|
18bcd8b |
+ goto err;
|
|
|
18bcd8b |
+ }
|
|
|
18bcd8b |
+
|
|
|
18bcd8b |
+ PK11_DigestBegin(digests[i].pk11ctx);
|
|
|
18bcd8b |
+ }
|
|
|
18bcd8b |
+
|
|
|
18bcd8b |
+ cms->digests = digests;
|
|
|
18bcd8b |
+ return 0;
|
|
|
18bcd8b |
+err:
|
|
|
18bcd8b |
+ for (int i = 0; i < n_digest_params; i++) {
|
|
|
18bcd8b |
+ if (digests[i].pk11ctx)
|
|
|
18bcd8b |
+ PK11_DestroyContext(digests[i].pk11ctx, PR_TRUE);
|
|
|
18bcd8b |
+ }
|
|
|
18bcd8b |
+
|
|
|
18bcd8b |
+ free(digests);
|
|
|
18bcd8b |
+ return -1;
|
|
|
18bcd8b |
+}
|
|
|
18bcd8b |
+
|
|
|
18bcd8b |
void
|
|
|
18bcd8b |
generate_digest_step(cms_context *cms, void *data, size_t len)
|
|
|
18bcd8b |
{
|
|
|
18bcd8b |
@@ -762,6 +765,12 @@ generate_digest_finish(cms_context *cms)
|
|
|
18bcd8b |
|
|
|
18bcd8b |
PK11_DigestFinal(cms->digests[i].pk11ctx,
|
|
|
18bcd8b |
digest->data, &digest->len, digest_params[i].size);
|
|
|
18bcd8b |
+ PK11_Finalize(cms->digests[i].pk11ctx);
|
|
|
18bcd8b |
+ PK11_DestroyContext(cms->digests[i].pk11ctx, PR_TRUE);
|
|
|
18bcd8b |
+ cms->digests[i].pk11ctx = NULL;
|
|
|
18bcd8b |
+ if (cms->digests[i].pe_digest)
|
|
|
18bcd8b |
+ free_poison(cms->digests[i].pe_digest->data,
|
|
|
18bcd8b |
+ cms->digests[i].pe_digest->len);
|
|
|
18bcd8b |
cms->digests[i].pe_digest = digest;
|
|
|
18bcd8b |
}
|
|
|
18bcd8b |
|
|
|
18bcd8b |
@@ -791,7 +800,14 @@ generate_digest(cms_context *cms, Pe *pe)
|
|
|
18bcd8b |
|
|
|
18bcd8b |
if (!pe) {
|
|
|
18bcd8b |
cms->log(cms, LOG_ERR, "no output pe ready");
|
|
|
18bcd8b |
- exit(1);
|
|
|
18bcd8b |
+ return -1;
|
|
|
18bcd8b |
+ }
|
|
|
18bcd8b |
+
|
|
|
18bcd8b |
+ rc = generate_digest_begin(cms);
|
|
|
18bcd8b |
+ if (rc < 0) {
|
|
|
18bcd8b |
+ cms->log(cms, LOG_ERR, "could not initialize digests: %s",
|
|
|
18bcd8b |
+ PORT_ErrorToString(PORT_GetError()));
|
|
|
18bcd8b |
+ return rc;
|
|
|
18bcd8b |
}
|
|
|
18bcd8b |
|
|
|
18bcd8b |
struct pe_hdr pehdr;
|
|
|
18bcd8b |
diff --git a/src/cms_common.h b/src/cms_common.h
|
|
|
18bcd8b |
index 830427e..5cbda62 100644
|
|
|
18bcd8b |
--- a/src/cms_common.h
|
|
|
18bcd8b |
+++ b/src/cms_common.h
|
|
|
18bcd8b |
@@ -86,7 +86,6 @@ extern int cms_context_alloc(cms_context **ctxp);
|
|
|
18bcd8b |
extern int cms_context_init(cms_context *ctx);
|
|
|
18bcd8b |
extern void cms_context_fini(cms_context *ctx);
|
|
|
18bcd8b |
|
|
|
18bcd8b |
-extern int setup_digests(cms_context *cms);
|
|
|
18bcd8b |
extern void teardown_digests(cms_context *ctx);
|
|
|
18bcd8b |
|
|
|
18bcd8b |
extern int generate_octet_string(cms_context *ctx, SECItem *encoded,
|
|
|
18bcd8b |
diff --git a/src/daemon.c b/src/daemon.c
|
|
|
18bcd8b |
index 534fb23..df20763 100644
|
|
|
18bcd8b |
--- a/src/daemon.c
|
|
|
18bcd8b |
+++ b/src/daemon.c
|
|
|
18bcd8b |
@@ -142,15 +142,6 @@ handle_unlock_token(context *ctx, struct pollfd *pollfd, socklen_t size)
|
|
|
18bcd8b |
return;
|
|
|
18bcd8b |
}
|
|
|
18bcd8b |
|
|
|
18bcd8b |
- rc = setup_digests(ctx->cms);
|
|
|
18bcd8b |
- if (rc < 0) {
|
|
|
18bcd8b |
- ctx->backup_cms->log(ctx->backup_cms, ctx->priority|LOG_NOTICE,
|
|
|
18bcd8b |
- "Could not initialize digests: %s\n",
|
|
|
18bcd8b |
- PORT_ErrorToString(PORT_GetError()));
|
|
|
18bcd8b |
- send_response(ctx, ctx->backup_cms, pollfd, rc);
|
|
|
18bcd8b |
- return;
|
|
|
18bcd8b |
- }
|
|
|
18bcd8b |
-
|
|
|
18bcd8b |
steal_from_cms(ctx->backup_cms, ctx->cms);
|
|
|
18bcd8b |
|
|
|
18bcd8b |
if (!buffer) {
|
|
|
18bcd8b |
@@ -491,6 +482,7 @@ finish:
|
|
|
18bcd8b |
close(outfd);
|
|
|
18bcd8b |
|
|
|
18bcd8b |
send_response(ctx, ctx->cms, pollfd, rc);
|
|
|
18bcd8b |
+ teardown_digests(ctx->cms);
|
|
|
18bcd8b |
}
|
|
|
18bcd8b |
|
|
|
18bcd8b |
static void
|
|
|
18bcd8b |
@@ -500,15 +492,6 @@ handle_sign_attached(context *ctx, struct pollfd *pollfd, socklen_t size)
|
|
|
18bcd8b |
if (rc < 0)
|
|
|
18bcd8b |
return;
|
|
|
18bcd8b |
|
|
|
18bcd8b |
- rc = setup_digests(ctx->cms);
|
|
|
18bcd8b |
- if (rc < 0) {
|
|
|
18bcd8b |
- ctx->backup_cms->log(ctx->backup_cms, ctx->priority|LOG_NOTICE,
|
|
|
18bcd8b |
- "Could not initialize digests: %s\n",
|
|
|
18bcd8b |
- PORT_ErrorToString(PORT_GetError()));
|
|
|
18bcd8b |
- send_response(ctx, ctx->backup_cms, pollfd, rc);
|
|
|
18bcd8b |
- return;
|
|
|
18bcd8b |
- }
|
|
|
18bcd8b |
-
|
|
|
18bcd8b |
steal_from_cms(ctx->backup_cms, ctx->cms);
|
|
|
18bcd8b |
|
|
|
18bcd8b |
handle_signing(ctx, pollfd, size, 1);
|
|
|
18bcd8b |
@@ -524,15 +507,6 @@ handle_sign_detached(context *ctx, struct pollfd *pollfd, socklen_t size)
|
|
|
18bcd8b |
if (rc < 0)
|
|
|
18bcd8b |
return;
|
|
|
18bcd8b |
|
|
|
18bcd8b |
- rc = setup_digests(ctx->cms);
|
|
|
18bcd8b |
- if (rc < 0) {
|
|
|
18bcd8b |
- ctx->backup_cms->log(ctx->backup_cms, ctx->priority|LOG_NOTICE,
|
|
|
18bcd8b |
- "Could not initialize digests: %s\n",
|
|
|
18bcd8b |
- PORT_ErrorToString(PORT_GetError()));
|
|
|
18bcd8b |
- send_response(ctx, ctx->backup_cms, pollfd, rc);
|
|
|
18bcd8b |
- return;
|
|
|
18bcd8b |
- }
|
|
|
18bcd8b |
-
|
|
|
18bcd8b |
steal_from_cms(ctx->backup_cms, ctx->cms);
|
|
|
18bcd8b |
|
|
|
18bcd8b |
handle_signing(ctx, pollfd, size, 0);
|
|
|
18bcd8b |
diff --git a/src/pesign.c b/src/pesign.c
|
|
|
18bcd8b |
index 6c10b6d..2c98600 100644
|
|
|
18bcd8b |
--- a/src/pesign.c
|
|
|
18bcd8b |
+++ b/src/pesign.c
|
|
|
18bcd8b |
@@ -548,13 +548,6 @@ main(int argc, char *argv[])
|
|
|
18bcd8b |
fprintf(stderr, "Could not register OIDs\n");
|
|
|
18bcd8b |
exit(1);
|
|
|
18bcd8b |
}
|
|
|
18bcd8b |
-
|
|
|
18bcd8b |
- rc = setup_digests(ctxp->cms_ctx);
|
|
|
18bcd8b |
- if (rc < 0) {
|
|
|
18bcd8b |
- fprintf(stderr, "Could not initialize digests: %s\n",
|
|
|
18bcd8b |
- PORT_ErrorToString(PORT_GetError()));
|
|
|
18bcd8b |
- exit(1);
|
|
|
18bcd8b |
- }
|
|
|
18bcd8b |
}
|
|
|
18bcd8b |
|
|
|
18bcd8b |
rc = set_digest_parameters(ctxp->cms_ctx, digest_name);
|
|
|
18bcd8b |
--
|
|
|
18bcd8b |
1.7.12.1
|
|
|
18bcd8b |
|