6531818 libkmf has too many dependencies on libpkcs11

6534811 KMF openssl verify routine should test for NULL hash method.
6534827 KMF_ReadInputFile should not require a handle

3 files changed, 15 insertions, 7 deletions

diff --git a/usr/src/lib/libkmf/plugins/kmf_openssl/common/openssl_spi.c b/usr/src/lib/libkmf/plugins/kmf_openssl/common/openssl_spi.c
index 7edbcc58dd..01ee7d7909 100644
--- a/usr/src/lib/libkmf/plugins/kmf_openssl/common/openssl_spi.c
+++ b/usr/src/lib/libkmf/plugins/kmf_openssl/common/openssl_spi.c
@@ -4379,6 +4379,7 @@ OpenSSL_CreateSymKey(KMF_HANDLE_T handle, KMF_CREATESYMKEY_PARAMS *params,
 		rkey->keydata.val = (uchar_t *)des3key;
 		rkey->keydata.len = DES3_KEY_SIZE;
 		symkey->keyalg = KMF_DES3;
+
 	} else if (params->keytype == KMF_AES || params->keytype == KMF_RC4 ||
 	    params->keytype == KMF_GENERIC_SECRET) {
 		int bytes;
@@ -4845,7 +4846,8 @@ OpenSSL_VerifyDataWithCert(KMF_HANDLE_T handle,
 			goto cleanup;
 		}
 	}
-	switch (EVP_MD_type(md)) {
+	if (md != NULL) {
+		switch (EVP_MD_type(md)) {
 		case NID_md2:
 		case NID_md2WithRSAEncryption:
 			pfxlen = ASN1_MD2_OID_PREFIX_LEN;
@@ -4865,6 +4867,7 @@ OpenSSL_VerifyDataWithCert(KMF_HANDLE_T handle,
 			pfxlen = 0;
 			pfx = NULL;
 			break;
+		}
 	}
 
 	/* RSA with no hash is a special case */
diff --git a/usr/src/lib/libkmf/plugins/kmf_pkcs11/Makefile.com b/usr/src/lib/libkmf/plugins/kmf_pkcs11/Makefile.com
index f2a715de92..fd46f0e5f8 100644
--- a/usr/src/lib/libkmf/plugins/kmf_pkcs11/Makefile.com
+++ b/usr/src/lib/libkmf/plugins/kmf_pkcs11/Makefile.com
@@ -19,7 +19,7 @@
 # CDDL HEADER END
 #
 #
-# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
 # ident	"%Z%%M%	%I%	%E% SMI"
@@ -36,7 +36,7 @@ include	$(SRC)/lib/Makefile.lib
 LIBLINKS=	$(DYNLIB:.so.1=.so)
 KMFINC=		-I../../../include -I../../../ber_der/inc
 
-PKCS11LIBS=	-lkmf -lkmfberder -lpkcs11 -lcryptoutil -lc
+PKCS11LIBS=	-lkmf -lkmfberder -lmd -lpkcs11 -lcryptoutil -lc
 
 SRCDIR=		../common
 INCDIR=		../../include
diff --git a/usr/src/lib/libkmf/plugins/kmf_pkcs11/common/pkcs11_spi.c b/usr/src/lib/libkmf/plugins/kmf_pkcs11/common/pkcs11_spi.c
index 902a45cd4e..f000c5eadd 100644
--- a/usr/src/lib/libkmf/plugins/kmf_pkcs11/common/pkcs11_spi.c
+++ b/usr/src/lib/libkmf/plugins/kmf_pkcs11/common/pkcs11_spi.c
@@ -30,11 +30,12 @@
 #include <stdio.h> /* debugging only */
 #include <errno.h>
 #include <values.h>
-#include <fcntl.h>
 
 #include <kmfapiP.h>
 #include <ber_der.h>
 #include <algorithm.h>
+#include <fcntl.h>
+#include <sha1.h>
 
 #include <cryptoutil.h>
 #include <security/cryptoki.h>
@@ -1379,6 +1380,7 @@ KMFPK11_CreateKeypair(KMF_HANDLE_T handle, KMF_CREATEKEYPAIR_PARAMS *params,
 	CK_ATTRIBUTE idattr[1];
 	char IDHashData[SHA1_HASH_LENGTH];
 	KMF_DATA IDInput, IDOutput;
+	SHA1_CTX ctx;
 
 #define	NUMBER_DSA_PRI_TEMPLATES (sizeof (ckDsaPriKeyTemplate) / \
 					sizeof (CK_ATTRIBUTE))
@@ -1607,7 +1609,12 @@ KMFPK11_CreateKeypair(KMF_HANDLE_T handle, KMF_CREATEKEYPAIR_PARAMS *params,
 	IDOutput.Data = (uchar_t *)IDHashData;
 	IDOutput.Length = sizeof (IDHashData);
 
-	rv = DigestData(hSession, &IDInput, &IDOutput);
+	SHA1Init(&ctx);
+	SHA1Update(&ctx, IDInput.Data, IDInput.Length);
+	SHA1Final(IDOutput.Data, &ctx);
+
+	IDOutput.Length = SHA1_DIGEST_LENGTH;
+
 	free(IDInput.Data);
 
 	if (rv != CKR_OK) {
@@ -2488,7 +2495,6 @@ KMFPK11_FindKey(KMF_HANDLE_T handle, KMF_FINDKEY_PARAMS *parms,
 		/* "numkeys" indicates the number that were actually found */
 		*numkeys = n;
 	}
-
 	if (ckrv == KMF_OK && keys != NULL && (*numkeys) > 0) {
 		if (parms->format == KMF_FORMAT_RAWKEY) {
 			/* Convert keys to "rawkey" format */
@@ -2798,7 +2804,6 @@ KMFPK11_CreateSymKey(KMF_HANDLE_T handle, KMF_CREATESYMKEY_PARAMS *params,
 
 	if (params == NULL)
 		return (KMF_ERR_BAD_PARAMETER);
-
 	/*
 	 * For AES, RC4, DES and 3DES, call C_GenerateKey() to create a key.
 	 *