From 4efe979d6b781e064fe1afa946753ead9e3bbb9d Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 17 Oct 2012 17:49:17 -0400 Subject: [PATCH 26/42] Rework setup_digests() and teardown_digests() This fixes the problem I was seeing with empty content_info digests, and makes the code a /little/ bit cleaner in some ways. Signed-off-by: Peter Jones --- src/cms_common.c | 92 +++++++++++++++++++++++++++++++++----------------------- src/cms_common.h | 1 - src/daemon.c | 28 +---------------- src/pesign.c | 7 ----- 4 files changed, 55 insertions(+), 73 deletions(-) diff --git a/src/cms_common.c b/src/cms_common.c index ab5a066..6b3f5ec 100644 --- a/src/cms_common.c +++ b/src/cms_common.c @@ -96,43 +96,6 @@ digest_get_digest_size(cms_context *cms) return digest_params[i].size; } - -int -setup_digests(cms_context *cms) -{ - struct digest *digests = NULL; - - digests = calloc(n_digest_params, sizeof (*digests)); - if (!digests) { - cms->log(cms, LOG_ERR, "cannot allocate memory: %m"); - return -1; - } - - for (int i = 0; i < n_digest_params; i++) { - digests[i].pk11ctx = PK11_CreateDigestContext( - digest_params[i].digest_tag); - if (!digests[i].pk11ctx) { - cms->log(cms, LOG_ERR, "could not create digest " - "context: %s", - PORT_ErrorToString(PORT_GetError())); - goto err; - } - - PK11_DigestBegin(digests[i].pk11ctx); - } - - cms->digests = digests; - return 0; -err: - for (int i = 0; i < n_digest_params; i++) { - if (digests[i].pk11ctx) - PK11_DestroyContext(digests[i].pk11ctx, PR_TRUE); - } - - free(digests); - return -1; -} - void teardown_digests(cms_context *ctx) { @@ -733,6 +696,46 @@ check_pointer_and_size(Pe *pe, void *ptr, size_t size) return 1; } +int +generate_digest_begin(cms_context *cms) +{ + struct digest *digests = NULL; + + if (cms->digests) { + digests = cms->digests; + } else { + digests = calloc(n_digest_params, sizeof (*digests)); + if (!digests) { + cms->log(cms, LOG_ERR, "cannot allocate memory: %m"); + return -1; + } + } + + for (int i = 0; i < n_digest_params; i++) { + digests[i].pk11ctx = PK11_CreateDigestContext( + digest_params[i].digest_tag); + if (!digests[i].pk11ctx) { + cms->log(cms, LOG_ERR, "could not create digest " + "context: %s", + PORT_ErrorToString(PORT_GetError())); + goto err; + } + + PK11_DigestBegin(digests[i].pk11ctx); + } + + cms->digests = digests; + return 0; +err: + for (int i = 0; i < n_digest_params; i++) { + if (digests[i].pk11ctx) + PK11_DestroyContext(digests[i].pk11ctx, PR_TRUE); + } + + free(digests); + return -1; +} + void generate_digest_step(cms_context *cms, void *data, size_t len) { @@ -762,6 +765,12 @@ generate_digest_finish(cms_context *cms) PK11_DigestFinal(cms->digests[i].pk11ctx, digest->data, &digest->len, digest_params[i].size); + PK11_Finalize(cms->digests[i].pk11ctx); + PK11_DestroyContext(cms->digests[i].pk11ctx, PR_TRUE); + cms->digests[i].pk11ctx = NULL; + if (cms->digests[i].pe_digest) + free_poison(cms->digests[i].pe_digest->data, + cms->digests[i].pe_digest->len); cms->digests[i].pe_digest = digest; } @@ -791,7 +800,14 @@ generate_digest(cms_context *cms, Pe *pe) if (!pe) { cms->log(cms, LOG_ERR, "no output pe ready"); - exit(1); + return -1; + } + + rc = generate_digest_begin(cms); + if (rc < 0) { + cms->log(cms, LOG_ERR, "could not initialize digests: %s", + PORT_ErrorToString(PORT_GetError())); + return rc; } struct pe_hdr pehdr; diff --git a/src/cms_common.h b/src/cms_common.h index 830427e..5cbda62 100644 --- a/src/cms_common.h +++ b/src/cms_common.h @@ -86,7 +86,6 @@ extern int cms_context_alloc(cms_context **ctxp); extern int cms_context_init(cms_context *ctx); extern void cms_context_fini(cms_context *ctx); -extern int setup_digests(cms_context *cms); extern void teardown_digests(cms_context *ctx); extern int generate_octet_string(cms_context *ctx, SECItem *encoded, diff --git a/src/daemon.c b/src/daemon.c index 534fb23..df20763 100644 --- a/src/daemon.c +++ b/src/daemon.c @@ -142,15 +142,6 @@ handle_unlock_token(context *ctx, struct pollfd *pollfd, socklen_t size) return; } - rc = setup_digests(ctx->cms); - if (rc < 0) { - ctx->backup_cms->log(ctx->backup_cms, ctx->priority|LOG_NOTICE, - "Could not initialize digests: %s\n", - PORT_ErrorToString(PORT_GetError())); - send_response(ctx, ctx->backup_cms, pollfd, rc); - return; - } - steal_from_cms(ctx->backup_cms, ctx->cms); if (!buffer) { @@ -491,6 +482,7 @@ finish: close(outfd); send_response(ctx, ctx->cms, pollfd, rc); + teardown_digests(ctx->cms); } static void @@ -500,15 +492,6 @@ handle_sign_attached(context *ctx, struct pollfd *pollfd, socklen_t size) if (rc < 0) return; - rc = setup_digests(ctx->cms); - if (rc < 0) { - ctx->backup_cms->log(ctx->backup_cms, ctx->priority|LOG_NOTICE, - "Could not initialize digests: %s\n", - PORT_ErrorToString(PORT_GetError())); - send_response(ctx, ctx->backup_cms, pollfd, rc); - return; - } - steal_from_cms(ctx->backup_cms, ctx->cms); handle_signing(ctx, pollfd, size, 1); @@ -524,15 +507,6 @@ handle_sign_detached(context *ctx, struct pollfd *pollfd, socklen_t size) if (rc < 0) return; - rc = setup_digests(ctx->cms); - if (rc < 0) { - ctx->backup_cms->log(ctx->backup_cms, ctx->priority|LOG_NOTICE, - "Could not initialize digests: %s\n", - PORT_ErrorToString(PORT_GetError())); - send_response(ctx, ctx->backup_cms, pollfd, rc); - return; - } - steal_from_cms(ctx->backup_cms, ctx->cms); handle_signing(ctx, pollfd, size, 0); diff --git a/src/pesign.c b/src/pesign.c index 6c10b6d..2c98600 100644 --- a/src/pesign.c +++ b/src/pesign.c @@ -548,13 +548,6 @@ main(int argc, char *argv[]) fprintf(stderr, "Could not register OIDs\n"); exit(1); } - - rc = setup_digests(ctxp->cms_ctx); - if (rc < 0) { - fprintf(stderr, "Could not initialize digests: %s\n", - PORT_ErrorToString(PORT_GetError())); - exit(1); - } } rc = set_digest_parameters(ctxp->cms_ctx, digest_name); -- 1.7.12.1