diff options
| author | Miloslav Trmač <mitr@redhat.com> | 2010-11-26 00:42:41 +0100 |
|---|---|---|
| committer | Miloslav Trmač <mitr@redhat.com> | 2010-11-26 00:42:41 +0100 |
| commit | 5ad8bc2eff7da90d5f9d3d7475b7c9be06fe10ce (patch) | |
| tree | 180d57d7bb55c260cc893710bea57816451cdfdf | |
| parent | 6185079fd24c308530a4cebc66acc86dd7b40375 (diff) | |
| download | ncrypto-5ad8bc2eff7da90d5f9d3d7475b7c9be06fe10ce.tar.gz ncrypto-5ad8bc2eff7da90d5f9d3d7475b7c9be06fe10ce.tar.xz ncrypto-5ad8bc2eff7da90d5f9d3d7475b7c9be06fe10ce.zip | |
Both allocate and free arena in public_key_export callers
| -rw-r--r-- | lib/ncrypto_nss.c | 71 |
1 files changed, 33 insertions, 38 deletions
diff --git a/lib/ncrypto_nss.c b/lib/ncrypto_nss.c index a925c48..0c57b0f 100644 --- a/lib/ncrypto_nss.c +++ b/lib/ncrypto_nss.c @@ -170,11 +170,10 @@ public_key_create (struct ncr_public_key **key, CK_KEY_TYPE type, return CKR_OK; } -/* The caller is responsible for freeing the arena and der_spki. */ +/* The caller is responsible for freeing der_spki. */ static CK_RV -public_key_export (struct ncr_public_key *key, void **der_key, - size_t *der_key_size, PRArenaPool **arena_ptr, - SECItem **der_spki_ptr) +public_key_export (struct ncr_public_key *key, PRArenaPool *arena, + void **der_key, size_t *der_key_size, SECItem **der_spki_ptr) { struct subject_pub_key_info { @@ -197,9 +196,7 @@ public_key_export (struct ncr_public_key *key, void **der_key, }; struct subject_pub_key_info der_output; - PRArenaPool *arena; SECItem *der_spki; - CK_RV res; g_return_val_if_fail (key != NULL, CKR_ARGUMENTS_BAD); @@ -207,20 +204,11 @@ public_key_export (struct ncr_public_key *key, void **der_key, if (der_spki == NULL) return CKR_GENERAL_ERROR; - /* Ugly... the PLArenaPool type is from NSPR, but NSS implementation accesses - memory only initialized through NSS's PORT_* */ - arena = PORT_NewArena (SEC_ASN1_DEFAULT_ARENA_SIZE); - if (arena == NULL) - { - res = CKR_HOST_MEMORY; - goto err_der_spki; - } - if (SEC_QuickDERDecodeItem (arena, &der_output, asn1_template, der_spki) != SECSuccess) { - res = CKR_GENERAL_ERROR; - goto err_arena; + SECITEM_FreeItem (der_spki, PR_TRUE); + return CKR_GENERAL_ERROR; } *der_key = der_output.pub_key.data; @@ -228,15 +216,8 @@ public_key_export (struct ncr_public_key *key, void **der_key, _bits_. */ *der_key_size = (der_output.pub_key.len / 8 + (der_output.pub_key.len % 8 != 0)); - *arena_ptr = arena; *der_spki_ptr = der_spki; return CKR_OK; - - err_arena: - PORT_FreeArena (arena, PR_FALSE); - err_der_spki: - SECITEM_FreeItem (der_spki, PR_TRUE); - return res; } CK_RV @@ -274,30 +255,37 @@ ncr_public_key_export (struct ncr_public_key *key, void *dest, g_return_val_if_fail (dest_size_ptr != NULL, CKR_ARGUMENTS_BAD); - res = public_key_export (key, &der_key, &der_key_size, &arena, &der_spki); + /* Ugly... the PLArenaPool type is from NSPR, but NSS implementation accesses + memory only initialized through NSS's PORT_* */ + arena = PORT_NewArena (SEC_ASN1_DEFAULT_ARENA_SIZE); + if (arena == NULL) + return CKR_HOST_MEMORY; + + res = public_key_export (key, arena, &der_key, &der_key_size, &der_spki); if (res != CKR_OK) - return res; + goto end_arena; if (dest == NULL) { *dest_size_ptr = der_key_size; res = CKR_OK; - goto end; + goto end_der_spki; } if (*dest_size_ptr < der_key_size) { *dest_size_ptr = der_key_size; res = CKR_BUFFER_TOO_SMALL; - goto end; + goto end_der_spki; } *dest_size_ptr = der_key_size; memcpy (dest, der_key, der_key_size); res = CKR_OK; - end: - PORT_FreeArena (arena, PR_FALSE); + end_der_spki: SECITEM_FreeItem (der_spki, PR_TRUE); + end_arena: + PORT_FreeArena (arena, PR_FALSE); return res; } @@ -765,16 +753,22 @@ ncr_public_key_export_rsa (struct ncr_public_key *key, void *modulus, g_return_val_if_fail (modulus_size_ptr != NULL, CKR_ARGUMENTS_BAD); g_return_val_if_fail (public_exponent_size_ptr != NULL, CKR_ARGUMENTS_BAD); - res = public_key_export (key, &der_key, &der_key_size, &arena, &der_spki); + /* Ugly... the PLArenaPool type is from NSPR, but NSS implementation accesses + memory only initialized through NSS's PORT_* */ + arena = PORT_NewArena (SEC_ASN1_DEFAULT_ARENA_SIZE); + if (arena == NULL) + return CKR_HOST_MEMORY; + + res = public_key_export (key, arena, &der_key, &der_key_size, &der_spki); if (res != CKR_OK) - return res; + goto end_arena; der_key_item.data = der_key; der_key_item.len = der_key_size; if (der_key_item.len != der_key_size) { res = CKR_GENERAL_ERROR; - goto end; + goto end_der_spki; } /* Setting type to siUnsignedInteger requests removal of leading zeroes. */ der_output.modulus.type = siUnsignedInteger; @@ -783,7 +777,7 @@ ncr_public_key_export_rsa (struct ncr_public_key *key, void *modulus, &der_key_item) != SECSuccess) { res = CKR_GENERAL_ERROR; - goto end; + goto end_der_spki; } if (modulus == NULL || public_exponent == NULL) @@ -791,7 +785,7 @@ ncr_public_key_export_rsa (struct ncr_public_key *key, void *modulus, *modulus_size_ptr = der_output.modulus.len; *public_exponent_size_ptr = der_output.public_exponent.len; res = CKR_OK; - goto end; + goto end_der_spki; } res = CKR_OK; if (*modulus_size_ptr < der_output.modulus.len) @@ -801,15 +795,16 @@ ncr_public_key_export_rsa (struct ncr_public_key *key, void *modulus, res = CKR_BUFFER_TOO_SMALL; *public_exponent_size_ptr = der_output.public_exponent.len; if (res != CKR_OK) - goto end; + goto end_der_spki; memcpy (modulus, der_output.modulus.data, der_output.modulus.len); memcpy (public_exponent, der_output.public_exponent.data, der_output.public_exponent.len); - end: - PORT_FreeArena (arena, PR_FALSE); + end_der_spki: SECITEM_FreeItem (der_spki, PR_TRUE); + end_arena: + PORT_FreeArena (arena, PR_FALSE); return res; } |