6897371 cryptoadm needs changes in order to support fips-140 mode in local zones

6897374 Memory leaking in kernel algorithm modules and softtoken dsa with fips enabled
author: Hai-May Chao <Hai-May.Chao@Sun.COM> 2009-11-05 21:57:36 -0800
committer: Hai-May Chao <Hai-May.Chao@Sun.COM> 2009-11-05 21:57:36 -0800
commit: d616ad8ecd9216bbe9e7c0d0b9fb3f00d4cd5505 (patch)
tree: 9ea9942579afc95cbfd26d94ad09feccc1903146 /usr/src/cmd/cmd-crypto/cryptoadm/adm_util.c
parent: 8a29b80e78549f0575b492f20643e203dffb61f8 (diff)
download: illumos-joyent-d616ad8ecd9216bbe9e7c0d0b9fb3f00d4cd5505.tar.gz
1 files changed, 23 insertions, 8 deletions
diff --git a/usr/src/cmd/cmd-crypto/cryptoadm/adm_util.c b/usr/src/cmd/cmd-crypto/cryptoadm/adm_util.c
index 84eb911d21..f816a02870 100644
--- a/usr/src/cmd/cmd-crypto/cryptoadm/adm_util.c
+++ b/usr/src/cmd/cmd-crypto/cryptoadm/adm_util.c
@@ -110,6 +110,7 @@ update_conf(char *conf_file, char *entry)
 {
 
 	boolean_t	found;
+	boolean_t	fips_entry = B_FALSE;
 	FILE	*pfile;
 	FILE	*pfile_tmp;
 	char	tmpfile_name[MAXPATHLEN];
@@ -179,6 +180,17 @@ update_conf(char *conf_file, char *entry)
 					found = B_TRUE;
 					found_count++;
 				}
+			} else {
+				(void) strlcpy(buffer2, buffer, BUFSIZ);
+				ptr = buffer2;
+				if ((name = strtok(ptr, SEP_COLON)) == NULL) {
+					rc = FAILURE;
+					break;
+				} else if (strcmp(FIPS_KEYWORD, name) == 0) {
+					found = B_TRUE;
+					found_count++;
+					fips_entry = B_TRUE;
+				}
 			}
 		} else { /* _PATH_KCF_CONF */
 			if (buffer[0] == '#') {
@@ -188,9 +200,6 @@ update_conf(char *conf_file, char *entry)
 				if ((name = strtok(ptr, SEP_COLON)) == NULL) {
 					rc = FAILURE;
 					break;
-				} else if (strcmp(FIPS_KEYWORD, name) == 0) {
-					found = B_TRUE;
-					found_count++;
 				}
 			} else {
 				(void) strlcpy(buffer2, buffer, BUFSIZ);
@@ -198,9 +207,6 @@ update_conf(char *conf_file, char *entry)
 				if ((name = strtok(ptr, SEP_COLON)) == NULL) {
 					rc = FAILURE;
 					break;
-				} else if (strcmp(FIPS_KEYWORD, name) == 0) {
-					found = B_TRUE;
-					found_count++;
 				}
 			}
 		}
@@ -212,8 +218,17 @@ update_conf(char *conf_file, char *entry)
 		} else {
 			if (found_count == 1) {
 				if (strcmp(conf_file, _PATH_PKCS11_CONF) == 0) {
-					if (fputs(ptr, pfile_tmp) == EOF) {
-						rc = FAILURE;
+					if (fips_entry == B_TRUE) {
+						if (fputs(entry, pfile_tmp) ==
+						    EOF) {
+							rc = FAILURE;
+						}
+						fips_entry = B_FALSE;
+					} else {
+						if (fputs(ptr, pfile_tmp) ==
+						    EOF) {
+							rc = FAILURE;
+						}
 					}
 				} else {
 					if (fputs(entry, pfile_tmp) == EOF) {
author	Hai-May Chao <Hai-May.Chao@Sun.COM>	2009-11-05 21:57:36 -0800
committer	Hai-May Chao <Hai-May.Chao@Sun.COM>	2009-11-05 21:57:36 -0800
commit	d616ad8ecd9216bbe9e7c0d0b9fb3f00d4cd5505 (patch)
tree	9ea9942579afc95cbfd26d94ad09feccc1903146 /usr/src/cmd/cmd-crypto/cryptoadm/adm_util.c
parent	8a29b80e78549f0575b492f20643e203dffb61f8 (diff)
download	illumos-joyent-d616ad8ecd9216bbe9e7c0d0b9fb3f00d4cd5505.tar.gz