diff options
| author | mcpowers <none@none> | 2008-08-01 15:04:18 -0700 |
|---|---|---|
| committer | mcpowers <none@none> | 2008-08-01 15:04:18 -0700 |
| commit | c64d15a587b6038b85a928885fc997da7315fbfe (patch) | |
| tree | ed2d23e1acf136fef934b121b57930d5f010b38c /usr/src | |
| parent | ab073b324433ebc8947d28ade932d29d0e809795 (diff) | |
| download | illumos-gate-c64d15a587b6038b85a928885fc997da7315fbfe.tar.gz | |
6727960 C_Sign fails when using sensitive ECC private key
6731694 CCM unnecessarily allocates output buffers for uio data
6731818 sparc/kcf/Makefile has commented out linkage dependency
Diffstat (limited to 'usr/src')
7 files changed, 63 insertions, 48 deletions
diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softAttributeUtil.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softAttributeUtil.c index ae24570f81..dec3ddd6e0 100644 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softAttributeUtil.c +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softAttributeUtil.c @@ -5095,7 +5095,7 @@ soft_set_attribute(soft_object_t *object_p, CK_ATTRIBUTE_PTR template, } CK_RV -soft_get_public_attr(soft_object_t *key, CK_ATTRIBUTE_TYPE type, +soft_get_public_value(soft_object_t *key, CK_ATTRIBUTE_TYPE type, uchar_t *value, uint32_t *value_len) { uint32_t len = 0; @@ -5309,7 +5309,7 @@ soft_get_public_attr(soft_object_t *key, CK_ATTRIBUTE_TYPE type, CK_RV -soft_get_private_attr(soft_object_t *key, CK_ATTRIBUTE_TYPE type, +soft_get_private_value(soft_object_t *key, CK_ATTRIBUTE_TYPE type, uchar_t *value, uint32_t *value_len) { @@ -5607,7 +5607,7 @@ soft_get_private_attr(soft_object_t *key, CK_ATTRIBUTE_TYPE type, case CKA_VALUE: - if (key->key_type == CKK_DSA) + if (key->key_type == CKK_DSA) { #ifdef __sparcv9 len = /* LINTED */ @@ -5619,7 +5619,7 @@ soft_get_private_attr(soft_object_t *key, CK_ATTRIBUTE_TYPE type, ((biginteger_t *)OBJ_PRI_DSA_VALUE(key))-> big_value_len; #endif /* __sparcv9 */ - else + } else if (key->key_type == CKK_DH) { #ifdef __sparcv9 len = /* LINTED */ @@ -5631,6 +5631,19 @@ soft_get_private_attr(soft_object_t *key, CK_ATTRIBUTE_TYPE type, ((biginteger_t *)OBJ_PRI_DH_VALUE(key))-> big_value_len; #endif /* __sparcv9 */ + } else { +#ifdef __sparcv9 + len = + /* LINTED */ + (uint32_t) + ((biginteger_t *)OBJ_PRI_EC_VALUE(key))-> + big_value_len; +#else /* !__sparcv9 */ + len = + ((biginteger_t *)OBJ_PRI_EC_VALUE(key))-> + big_value_len; +#endif /* __sparcv9 */ + } /* This attribute MUST BE set */ if (len == 0 || len > *value_len) { @@ -5638,14 +5651,19 @@ soft_get_private_attr(soft_object_t *key, CK_ATTRIBUTE_TYPE type, } *value_len = len; - if (key->key_type == CKK_DSA) + if (key->key_type == CKK_DSA) { (void) memcpy(value, ((biginteger_t *)OBJ_PRI_DSA_VALUE(key))->big_value, *value_len); - else + } else if (key->key_type == CKK_DH) { (void) memcpy(value, ((biginteger_t *)OBJ_PRI_DH_VALUE(key))->big_value, *value_len); + } else { + (void) memcpy(value, + ((biginteger_t *)OBJ_PRI_EC_VALUE(key))->big_value, + *value_len); + } break; } diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDH.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDH.c index 57c085ec56..7991f7c267 100644 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDH.c +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDH.c @@ -140,7 +140,7 @@ soft_dh_genkey_pair(soft_object_t *pubkey, soft_object_t *prikey) * The input to the first phase shall be the Diffie-Hellman * parameters, which include prime, base, and private-value length. */ - rv = soft_get_public_attr(pubkey, CKA_PRIME, prime, &prime_len); + rv = soft_get_public_value(pubkey, CKA_PRIME, prime, &prime_len); if (rv != CKR_OK) { return (rv); @@ -161,7 +161,7 @@ soft_dh_genkey_pair(soft_object_t *pubkey, soft_object_t *prikey) /* Convert the prime octet string to big integer format. */ bytestring2bignum(&bnprime, prime, prime_len); - rv = soft_get_public_attr(pubkey, CKA_BASE, base, &base_len); + rv = soft_get_public_value(pubkey, CKA_BASE, base, &base_len); if (rv != CKR_OK) { goto ret1; @@ -315,13 +315,13 @@ soft_dh_key_derive(soft_object_t *basekey, soft_object_t *secretkey, BIGNUM bnprivate; BIGNUM bnsecret; - rv = soft_get_private_attr(basekey, CKA_VALUE, privatevalue, + rv = soft_get_private_value(basekey, CKA_VALUE, privatevalue, &privatevaluelen); if (rv != CKR_OK) { return (rv); } - rv = soft_get_private_attr(basekey, CKA_PRIME, privateprime, + rv = soft_get_private_value(basekey, CKA_PRIME, privateprime, &privateprimelen); if (rv != CKR_OK) { goto ret0; diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDSA.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDSA.c index 2c652e820e..37c9c611f4 100644 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDSA.c +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDSA.c @@ -199,7 +199,7 @@ dsa_sign(soft_object_t *key, CK_BYTE_PTR in, CK_ULONG inlen, CK_BYTE_PTR out) BIG_ERR_CODE err; CK_RV rv; - rv = soft_get_private_attr(key, CKA_SUBPRIME, q, &qlen); + rv = soft_get_private_value(key, CKA_SUBPRIME, q, &qlen); if (rv != CKR_OK) { goto clean1; } @@ -209,12 +209,12 @@ dsa_sign(soft_object_t *key, CK_BYTE_PTR in, CK_ULONG inlen, CK_BYTE_PTR out) goto clean1; } - rv = soft_get_private_attr(key, CKA_PRIME, p, &plen); + rv = soft_get_private_value(key, CKA_PRIME, p, &plen); if (rv != CKR_OK) { goto clean1; } - rv = soft_get_private_attr(key, CKA_BASE, g, &glen); + rv = soft_get_private_value(key, CKA_BASE, g, &glen); if (rv != CKR_OK) { goto clean1; } @@ -224,7 +224,7 @@ dsa_sign(soft_object_t *key, CK_BYTE_PTR in, CK_ULONG inlen, CK_BYTE_PTR out) goto clean1; } - rv = soft_get_private_attr(key, CKA_VALUE, x, &xlen); + rv = soft_get_private_value(key, CKA_VALUE, x, &xlen); if (rv != CKR_OK) { goto clean1; } @@ -337,7 +337,7 @@ dsa_verify(soft_object_t *key, CK_BYTE_PTR data, CK_BYTE_PTR sig) BIGNUM msg, tmp1, tmp2, tmp3; CK_RV rv; - rv = soft_get_public_attr(key, CKA_SUBPRIME, q, &qlen); + rv = soft_get_public_value(key, CKA_SUBPRIME, q, &qlen); if (rv != CKR_OK) { goto clean1; } @@ -347,12 +347,12 @@ dsa_verify(soft_object_t *key, CK_BYTE_PTR data, CK_BYTE_PTR sig) goto clean1; } - rv = soft_get_public_attr(key, CKA_PRIME, p, &plen); + rv = soft_get_public_value(key, CKA_PRIME, p, &plen); if (rv != CKR_OK) { goto clean1; } - rv = soft_get_public_attr(key, CKA_BASE, g, &glen); + rv = soft_get_public_value(key, CKA_BASE, g, &glen); if (rv != CKR_OK) { goto clean1; } @@ -362,7 +362,7 @@ dsa_verify(soft_object_t *key, CK_BYTE_PTR data, CK_BYTE_PTR sig) goto clean1; } - rv = soft_get_public_attr(key, CKA_VALUE, y, &ylen); + rv = soft_get_public_value(key, CKA_VALUE, y, &ylen); if (rv != CKR_OK) { goto clean1; } @@ -744,7 +744,7 @@ soft_dsa_genkey_pair(soft_object_t *pubkey, soft_object_t *prikey) } /* lookup prime, subprime and base */ - rv = soft_get_public_attr(pubkey, CKA_PRIME, prime, &prime_len); + rv = soft_get_public_value(pubkey, CKA_PRIME, prime, &prime_len); if (rv != CKR_OK) { rv = CKR_TEMPLATE_INCOMPLETE; goto cleanexit; @@ -756,7 +756,7 @@ soft_dsa_genkey_pair(soft_object_t *pubkey, soft_object_t *prikey) goto cleanexit; } - rv = soft_get_public_attr(pubkey, CKA_SUBPRIME, subprime, + rv = soft_get_public_value(pubkey, CKA_SUBPRIME, subprime, &subprime_len); if (rv != CKR_OK) { rv = CKR_TEMPLATE_INCOMPLETE; @@ -768,7 +768,7 @@ soft_dsa_genkey_pair(soft_object_t *pubkey, soft_object_t *prikey) goto cleanexit; } - rv = soft_get_public_attr(pubkey, CKA_BASE, base, &base_len); + rv = soft_get_public_value(pubkey, CKA_BASE, base, &base_len); if (rv != CKR_OK) { rv = CKR_TEMPLATE_INCOMPLETE; goto cleanexit; diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softEC.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softEC.c index e57fb014dd..27d18b290b 100644 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softEC.c +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softEC.c @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2007 Sun Microsystems, Inc. All rights reserved. + * Copyright 2008 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -472,10 +472,10 @@ soft_ecc_sign(soft_session_t *session_p, CK_BYTE_PTR pData, soft_ecc_ctx_t *ecc_ctx = session_p->sign.context; soft_object_t *key = ecc_ctx->key; uchar_t value[EC_MAX_VALUE_LEN]; - CK_ATTRIBUTE template; ECPrivateKey ECkey; SECItem signature_item; SECItem digest_item; + uint_t value_len; if ((key->class != CKO_PRIVATE_KEY) || (key->key_type != CKK_EC)) { rv = CKR_KEY_TYPE_INCONSISTENT; @@ -490,16 +490,14 @@ soft_ecc_sign(soft_session_t *session_p, CK_BYTE_PTR pData, /* structure assignment */ ECkey.ecParams = ecc_ctx->ecparams; - template.type = CKA_VALUE; - template.pValue = value; - template.ulValueLen = sizeof (value); - rv = soft_get_private_key_attribute(key, &template); + value_len = EC_MAX_VALUE_LEN; + rv = soft_get_private_value(key, CKA_VALUE, value, &value_len); if (rv != CKR_OK) { goto clean_exit; } ECkey.privateValue.data = value; - ECkey.privateValue.len = template.ulValueLen; + ECkey.privateValue.len = value_len; signature_item.data = pSigned; signature_item.len = *pulSignedLen; diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softObject.h b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softObject.h index 5cd118cb94..2d15d61818 100644 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softObject.h +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softObject.h @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2007 Sun Microsystems, Inc. All rights reserved. + * Copyright 2008 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -828,10 +828,10 @@ CK_RV soft_set_attribute(soft_object_t *object_p, CK_ATTRIBUTE_PTR template, CK_RV soft_set_common_storage_attribute(soft_object_t *object_p, CK_ATTRIBUTE_PTR template, boolean_t copy); -CK_RV soft_get_public_attr(soft_object_t *, CK_ATTRIBUTE_TYPE, uchar_t *, +CK_RV soft_get_public_value(soft_object_t *, CK_ATTRIBUTE_TYPE, uchar_t *, uint32_t *); -CK_RV soft_get_private_attr(soft_object_t *, CK_ATTRIBUTE_TYPE, uchar_t *, +CK_RV soft_get_private_value(soft_object_t *, CK_ATTRIBUTE_TYPE, uchar_t *, uint32_t *); CK_RV get_ulong_attr_from_object(CK_ULONG value, CK_ATTRIBUTE_PTR template); diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softRSA.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softRSA.c index 3568a99657..669c1bfda4 100644 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softRSA.c +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softRSA.c @@ -58,20 +58,20 @@ soft_rsa_encrypt(soft_object_t *key, CK_BYTE_PTR in, uint32_t in_len, RSAkey *rsakey; if (realpublic) { - rv = soft_get_public_attr(key, CKA_PUBLIC_EXPONENT, expo, + rv = soft_get_public_value(key, CKA_PUBLIC_EXPONENT, expo, &expo_len); if (rv != CKR_OK) { goto clean1; } } else { - rv = soft_get_private_attr(key, CKA_PRIVATE_EXPONENT, expo, + rv = soft_get_private_value(key, CKA_PRIVATE_EXPONENT, expo, &expo_len); if (rv != CKR_OK) { goto clean1; } } - rv = soft_get_public_attr(key, CKA_MODULUS, modulus, &modulus_len); + rv = soft_get_public_value(key, CKA_MODULUS, modulus, &modulus_len); if (rv != CKR_OK) { goto clean1; } @@ -160,12 +160,12 @@ soft_rsa_decrypt(soft_object_t *key, CK_BYTE_PTR in, uint32_t in_len, BIGNUM msg; RSAkey *rsakey; - rv = soft_get_private_attr(key, CKA_MODULUS, modulus, &modulus_len); + rv = soft_get_private_value(key, CKA_MODULUS, modulus, &modulus_len); if (rv != CKR_OK) { goto clean1; } - rv = soft_get_private_attr(key, CKA_PRIME_1, prime1, &prime1_len); + rv = soft_get_private_value(key, CKA_PRIME_1, prime1, &prime1_len); if ((prime1_len == 0) && (rv == CKR_OK)) { rv = soft_rsa_encrypt(key, in, in_len, out, 0); @@ -175,7 +175,7 @@ soft_rsa_decrypt(soft_object_t *key, CK_BYTE_PTR in, uint32_t in_len, goto clean1; } - rv = soft_get_private_attr(key, CKA_PRIME_2, prime2, &prime2_len); + rv = soft_get_private_value(key, CKA_PRIME_2, prime2, &prime2_len); if ((prime2_len == 0) && (rv == CKR_OK)) { rv = soft_rsa_encrypt(key, in, in_len, out, 0); @@ -185,7 +185,7 @@ soft_rsa_decrypt(soft_object_t *key, CK_BYTE_PTR in, uint32_t in_len, goto clean1; } - rv = soft_get_private_attr(key, CKA_EXPONENT_1, expo1, &expo1_len); + rv = soft_get_private_value(key, CKA_EXPONENT_1, expo1, &expo1_len); if ((expo1_len == 0) && (rv == CKR_OK)) { rv = soft_rsa_encrypt(key, in, in_len, out, 0); @@ -195,7 +195,7 @@ soft_rsa_decrypt(soft_object_t *key, CK_BYTE_PTR in, uint32_t in_len, goto clean1; } - rv = soft_get_private_attr(key, CKA_EXPONENT_2, expo2, &expo2_len); + rv = soft_get_private_value(key, CKA_EXPONENT_2, expo2, &expo2_len); if ((expo2_len == 0) && (rv == CKR_OK)) { rv = soft_rsa_encrypt(key, in, in_len, out, 0); @@ -205,7 +205,7 @@ soft_rsa_decrypt(soft_object_t *key, CK_BYTE_PTR in, uint32_t in_len, goto clean1; } - rv = soft_get_private_attr(key, CKA_COEFFICIENT, coef, &coef_len); + rv = soft_get_private_value(key, CKA_COEFFICIENT, coef, &coef_len); if ((coef_len == 0) && (rv == CKR_OK)) { rv = soft_rsa_encrypt(key, in, in_len, out, 0); @@ -351,7 +351,7 @@ soft_rsa_encrypt_common(soft_session_t *session_p, CK_BYTE_PTR pData, CK_BYTE cipher_data[MAX_RSA_KEYLENGTH_IN_BYTES]; CK_RV rv = CKR_OK; - rv = soft_get_public_attr(key, CKA_MODULUS, modulus, &modulus_len); + rv = soft_get_public_value(key, CKA_MODULUS, modulus, &modulus_len); if (rv != CKR_OK) { goto clean_exit; } @@ -440,7 +440,7 @@ soft_rsa_decrypt_common(soft_session_t *session_p, CK_BYTE_PTR pEncrypted, CK_BYTE plain_data[MAX_RSA_KEYLENGTH_IN_BYTES]; CK_RV rv = CKR_OK; - rv = soft_get_private_attr(key, CKA_MODULUS, modulus, &modulus_len); + rv = soft_get_private_value(key, CKA_MODULUS, modulus, &modulus_len); if (rv != CKR_OK) { goto clean_exit; } @@ -634,7 +634,7 @@ soft_rsa_sign_common(soft_session_t *session_p, CK_BYTE_PTR pData, CK_BYTE plain_data[MAX_RSA_KEYLENGTH_IN_BYTES]; CK_BYTE signed_data[MAX_RSA_KEYLENGTH_IN_BYTES]; - rv = soft_get_private_attr(key, CKA_MODULUS, modulus, &modulus_len); + rv = soft_get_private_value(key, CKA_MODULUS, modulus, &modulus_len); if (rv != CKR_OK) { goto clean_exit; } @@ -750,7 +750,7 @@ soft_rsa_verify_common(soft_session_t *session_p, CK_BYTE_PTR pData, uint32_t modulus_len = sizeof (modulus); CK_BYTE plain_data[MAX_RSA_KEYLENGTH_IN_BYTES]; - rv = soft_get_public_attr(key, CKA_MODULUS, modulus, &modulus_len); + rv = soft_get_public_value(key, CKA_MODULUS, modulus, &modulus_len); if (rv != CKR_OK) { goto clean_exit; } @@ -1171,7 +1171,7 @@ soft_rsa_genkey_pair(soft_object_t *pubkey, soft_object_t *prikey) goto clean0; } - rv = soft_get_public_attr(pubkey, CKA_PUBLIC_EXPONENT, pub_expo, + rv = soft_get_public_value(pubkey, CKA_PUBLIC_EXPONENT, pub_expo, &pub_expo_len); if (rv != CKR_OK) { goto clean0; @@ -1287,7 +1287,7 @@ soft_rsa_digest_sign_common(soft_session_t *session_p, CK_BYTE_PTR pData, CK_ULONG der_len; CK_BYTE_PTR der_prefix; - rv = soft_get_private_attr(key, CKA_MODULUS, modulus, &modulus_len); + rv = soft_get_private_value(key, CKA_MODULUS, modulus, &modulus_len); if (rv != CKR_OK) { (void) pthread_mutex_lock(&session_p->session_mutex); free(session_p->digest.context); @@ -1485,7 +1485,7 @@ soft_rsa_verify_recover(soft_session_t *session_p, CK_BYTE_PTR pSignature, uint32_t modulus_len = sizeof (modulus); CK_BYTE plain_data[MAX_RSA_KEYLENGTH_IN_BYTES]; - rv = soft_get_public_attr(key, CKA_MODULUS, modulus, &modulus_len); + rv = soft_get_public_value(key, CKA_MODULUS, modulus, &modulus_len); if (rv != CKR_OK) { goto clean_exit; } diff --git a/usr/src/uts/sparc/kcf/Makefile b/usr/src/uts/sparc/kcf/Makefile index fd88a5abab..5c5982fe51 100644 --- a/usr/src/uts/sparc/kcf/Makefile +++ b/usr/src/uts/sparc/kcf/Makefile @@ -59,7 +59,6 @@ INSTALL_TARGET = $(BINARY) $(ROOTMODULE) # # Linkage dependencies # -#LDFLAGS += -dy -Ncrypto/sha2 # # lint pass one enforcement |