summaryrefslogtreecommitdiff
path: root/usr/src
diff options
context:
space:
mode:
Diffstat (limited to 'usr/src')
-rw-r--r--usr/src/lib/pkcs11/pkcs11_softtoken/common/softDecrypt.c33
-rw-r--r--usr/src/lib/pkcs11/pkcs11_softtoken/common/softDecryptUtil.c53
-rw-r--r--usr/src/lib/pkcs11/pkcs11_softtoken/common/softEncrypt.c29
-rw-r--r--usr/src/lib/pkcs11/pkcs11_softtoken/common/softEncryptUtil.c53
4 files changed, 99 insertions, 69 deletions
diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDecrypt.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDecrypt.c
index 0988996223..6738ad4b4e 100644
--- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDecrypt.c
+++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDecrypt.c
@@ -2,9 +2,8 @@
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License"). You may not use this file except in compliance
- * with the License.
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
@@ -20,7 +19,7 @@
* CDDL HEADER END
*/
/*
- * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -105,7 +104,7 @@ clean_exit:
CK_RV
C_Decrypt(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedData,
- CK_ULONG ulEncryptedData, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)
+ CK_ULONG ulEncryptedDataLen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)
{
CK_RV rv;
@@ -121,6 +120,17 @@ C_Decrypt(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedData,
return (rv);
/*
+ * Only check if input buffer is null. How to handle zero input
+ * length depents on the mechanism in use. For secret key mechanisms,
+ * unpadded ones yield zero length output, but padded ones always
+ * result in smaller than original, possibly zero, length output.
+ */
+ if (pEncryptedData == NULL) {
+ rv = CKR_ARGUMENTS_BAD;
+ goto clean_exit;
+ }
+
+ /*
* No need to check pData because application might
* just want to know the length of decrypted data.
*/
@@ -156,7 +166,7 @@ C_Decrypt(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedData,
(void) pthread_mutex_unlock(&session_p->session_mutex);
lock_held = B_FALSE;
- rv = soft_decrypt(session_p, pEncryptedData, ulEncryptedData,
+ rv = soft_decrypt(session_p, pEncryptedData, ulEncryptedDataLen,
pData, pulDataLen);
if ((rv == CKR_BUFFER_TOO_SMALL) ||
@@ -208,11 +218,12 @@ C_DecryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedPart,
if (rv != CKR_OK)
return (rv);
- if (ulEncryptedPartLen == 0) {
- SES_REFRELE(session_p, lock_held);
- return (CKR_OK);
- }
-
+ /*
+ * Only check if input buffer is null. How to handle zero input
+ * length depents on the mechanism in use. For secret key mechanisms,
+ * unpadded ones yeild zero length output, but padded ones always
+ * result in smaller than original, possibly zero, length output.
+ */
if (pEncryptedPart == NULL) {
rv = CKR_ARGUMENTS_BAD;
goto clean_exit;
diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDecryptUtil.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDecryptUtil.c
index c17cd339db..dc8317ee44 100644
--- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDecryptUtil.c
+++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDecryptUtil.c
@@ -2,9 +2,8 @@
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License"). You may not use this file except in compliance
- * with the License.
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
@@ -20,7 +19,7 @@
* CDDL HEADER END
*/
/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -329,9 +328,16 @@ soft_decrypt_common(soft_session_t *session_p, CK_BYTE_PTR pEncrypted,
case CKM_DES_ECB:
case CKM_DES_CBC:
- case CKM_DES_CBC_PAD:
case CKM_DES3_ECB:
case CKM_DES3_CBC:
+
+ if (ulEncryptedLen == 0) {
+ *pulDataLen = 0;
+ return (CKR_OK);
+ }
+ /* FALLTHROUGH */
+
+ case CKM_DES_CBC_PAD:
case CKM_DES3_CBC_PAD:
return (soft_des_decrypt_common(session_p, pEncrypted,
@@ -339,6 +345,13 @@ soft_decrypt_common(soft_session_t *session_p, CK_BYTE_PTR pEncrypted,
case CKM_AES_ECB:
case CKM_AES_CBC:
+
+ if (ulEncryptedLen == 0) {
+ *pulDataLen = 0;
+ return (CKR_OK);
+ }
+ /* FALLTHROUGH */
+
case CKM_AES_CBC_PAD:
return (soft_aes_decrypt_common(session_p, pEncrypted,
@@ -346,24 +359,24 @@ soft_decrypt_common(soft_session_t *session_p, CK_BYTE_PTR pEncrypted,
case CKM_BLOWFISH_CBC:
+ if (ulEncryptedLen == 0) {
+ *pulDataLen = 0;
+ return (CKR_OK);
+ }
+
return (soft_blowfish_decrypt_common(session_p, pEncrypted,
ulEncryptedLen, pData, pulDataLen, Update));
case CKM_RC4:
- {
- ARCFour_key *keystream = session_p->decrypt.context;
- CK_RV rv;
- rv = soft_arcfour_crypt(&(session_p->decrypt), pEncrypted,
- ulEncryptedLen, pData, pulDataLen);
-
- if ((rv == CKR_OK) && (pData != NULL)) {
- bzero(keystream, sizeof (*keystream));
- free(keystream);
- session_p->decrypt.context = NULL;
+ if (ulEncryptedLen == 0) {
+ *pulDataLen = 0;
+ return (CKR_OK);
}
- return (rv);
- }
+
+
+ return (soft_arcfour_crypt(&(session_p->decrypt), pEncrypted,
+ ulEncryptedLen, pData, pulDataLen));
case CKM_RSA_X_509:
case CKM_RSA_PKCS:
@@ -443,15 +456,11 @@ soft_decrypt_update(soft_session_t *session_p, CK_BYTE_PTR pEncryptedPart,
case CKM_AES_CBC:
case CKM_AES_CBC_PAD:
case CKM_BLOWFISH_CBC:
+ case CKM_RC4:
return (soft_decrypt_common(session_p, pEncryptedPart,
ulEncryptedPartLen, pPart, pulPartLen, B_TRUE));
- case CKM_RC4:
-
- return (soft_arcfour_crypt(&(session_p->decrypt),
- pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen));
-
default:
/* PKCS11: The mechanism only supports single-part operation. */
return (CKR_MECHANISM_INVALID);
diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softEncrypt.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softEncrypt.c
index 47c891936f..513196e69a 100644
--- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softEncrypt.c
+++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softEncrypt.c
@@ -2,9 +2,8 @@
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License"). You may not use this file except in compliance
- * with the License.
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
@@ -20,7 +19,7 @@
* CDDL HEADER END
*/
/*
- * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -120,11 +119,12 @@ C_Encrypt(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen,
if (rv != CKR_OK)
return (rv);
- if (ulDataLen == 0) {
- SES_REFRELE(session_p, lock_held);
- return (CKR_OK);
- }
-
+ /*
+ * Only check if input buffer is null. How to handle zero input
+ * length depends on the mechanism in use. For secret key mechanisms,
+ * unpadded ones yield zero length output, but padded ones always
+ * result in greater than zero length output.
+ */
if (pData == NULL) {
rv = CKR_ARGUMENTS_BAD;
goto clean_exit;
@@ -220,11 +220,12 @@ C_EncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
if (rv != CKR_OK)
return (rv);
- if (ulPartLen == 0) {
- SES_REFRELE(session_p, lock_held);
- return (CKR_OK);
- }
-
+ /*
+ * Only check if input buffer is null. How to handle zero input
+ * length depends on the mechanism in use. For secret key mechanisms,
+ * unpadded ones yeild zero length output, but padded ones always
+ * result in greater than zero length output.
+ */
if (pPart == NULL) {
rv = CKR_ARGUMENTS_BAD;
goto clean_exit;
diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softEncryptUtil.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softEncryptUtil.c
index e5358ebcfc..6456ebfbde 100644
--- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softEncryptUtil.c
+++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softEncryptUtil.c
@@ -2,9 +2,8 @@
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License"). You may not use this file except in compliance
- * with the License.
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
@@ -20,7 +19,7 @@
* CDDL HEADER END
*/
/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -353,9 +352,16 @@ soft_encrypt_common(soft_session_t *session_p, CK_BYTE_PTR pData,
case CKM_DES_ECB:
case CKM_DES_CBC:
- case CKM_DES_CBC_PAD:
case CKM_DES3_ECB:
case CKM_DES3_CBC:
+
+ if (ulDataLen == 0) {
+ *pulEncryptedLen = 0;
+ return (CKR_OK);
+ }
+ /* FALLTHROUGH */
+
+ case CKM_DES_CBC_PAD:
case CKM_DES3_CBC_PAD:
return (soft_des_encrypt_common(session_p, pData,
@@ -363,6 +369,13 @@ soft_encrypt_common(soft_session_t *session_p, CK_BYTE_PTR pData,
case CKM_AES_ECB:
case CKM_AES_CBC:
+
+ if (ulDataLen == 0) {
+ *pulEncryptedLen = 0;
+ return (CKR_OK);
+ }
+ /* FALLTHROUGH */
+
case CKM_AES_CBC_PAD:
return (soft_aes_encrypt_common(session_p, pData,
@@ -370,23 +383,23 @@ soft_encrypt_common(soft_session_t *session_p, CK_BYTE_PTR pData,
case CKM_BLOWFISH_CBC:
+ if (ulDataLen == 0) {
+ *pulEncryptedLen = 0;
+ return (CKR_OK);
+ }
+
return (soft_blowfish_encrypt_common(session_p, pData,
ulDataLen, pEncrypted, pulEncryptedLen, update));
case CKM_RC4:
- {
- ARCFour_key *keystream = session_p->encrypt.context;
- CK_RV rv;
-
- rv = soft_arcfour_crypt(&(session_p->encrypt), pData,
- ulDataLen, pEncrypted, pulEncryptedLen);
- if ((rv == CKR_OK) && (pEncrypted != NULL)) {
- bzero(keystream, sizeof (*keystream));
- free(keystream);
- session_p->encrypt.context = NULL;
+
+ if (ulDataLen == 0) {
+ *pulEncryptedLen = 0;
+ return (CKR_OK);
}
- return (rv);
- }
+
+ return (soft_arcfour_crypt(&(session_p->encrypt), pData,
+ ulDataLen, pEncrypted, pulEncryptedLen));
case CKM_RSA_X_509:
case CKM_RSA_PKCS:
@@ -465,15 +478,11 @@ soft_encrypt_update(soft_session_t *session_p, CK_BYTE_PTR pPart,
case CKM_AES_CBC:
case CKM_AES_CBC_PAD:
case CKM_BLOWFISH_CBC:
+ case CKM_RC4:
return (soft_encrypt_common(session_p, pPart, ulPartLen,
pEncryptedPart, pulEncryptedPartLen, B_TRUE));
- case CKM_RC4:
-
- return (soft_arcfour_crypt(&(session_p->encrypt), pPart,
- ulPartLen, pEncryptedPart, pulEncryptedPartLen));
-
default:
/* PKCS11: The mechanism only supports single-part operation. */
return (CKR_MECHANISM_INVALID);
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-30 07:32:46 +0000