Mercurial Mercurial > upstream > oracle > userland-gate / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
21492687 PIN caching policy "mlocked-memory" does not work in the PKCS#11 engine
authorIvo Raisr <ivo.raisr@oracle.com>
Wed, 29 Jul 2015 14:06:05 -0700
changeset 4720 1ccedfc24ebb
parent 4711 c2328acb8517
child 4721 0cedda14cdba
21492687 PIN caching policy "mlocked-memory" does not work in the PKCS#11 engine
components/openssl/openssl-1.0.1-fips-140/engines/pkcs11/e_pk11.c file | annotate | diff | comparison | revisions
components/openssl/openssl-1.0.1-fips-140/engines/pkcs11/e_pk11_uri.c file | annotate | diff | comparison | revisions
components/openssl/openssl-1.0.1/engines/pkcs11/e_pk11.c file | annotate | diff | comparison | revisions
components/openssl/openssl-1.0.1/engines/pkcs11/e_pk11_uri.c file | annotate | diff | comparison | revisions 
--- a/components/openssl/openssl-1.0.1-fips-140/engines/pkcs11/e_pk11.c	Thu Jun 04 22:34:13 2015 -0700
+++ b/components/openssl/openssl-1.0.1-fips-140/engines/pkcs11/e_pk11.c	Wed Jul 29 14:06:05 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2015, Oracle and/or its affiliates. All rights reserved.
  */
 
 /* crypto/engine/e_pk11.c */
@@ -2168,7 +2168,6 @@
 			continue;
 			}
 		}
-err:
 	if (session == NULL)
 		(void) pthread_mutex_unlock(session_cache[OP_DH].lock);
 
--- a/components/openssl/openssl-1.0.1-fips-140/engines/pkcs11/e_pk11_uri.c	Thu Jun 04 22:34:13 2015 -0700
+++ b/components/openssl/openssl-1.0.1-fips-140/engines/pkcs11/e_pk11_uri.c	Wed Jul 29 14:06:05 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2015, Oracle and/or its affiliates. All rights reserved.
  *
  */
 
@@ -248,6 +248,7 @@
 		 * attributes.
 		 */
 		if (strcmp(name, PK11_TOKEN) == 0)
+			{
 			if (uri_struct->token == NULL)
 				{
 				if ((uri_struct->token = strdup(l2)) == NULL)
@@ -255,7 +256,9 @@
 				}
 			else
 				goto bad_uri;
+			}
 		else if (strcmp(name, PK11_MANUF) == 0)
+			{
 			if (uri_struct->manuf == NULL)
 				{
 				if ((uri_struct->manuf = strdup(l2)) == NULL)
@@ -263,7 +266,9 @@
 				}
 			else
 				goto bad_uri;
+			}
 		else if (strcmp(name, PK11_SERIAL) == 0)
+			{
 			if (uri_struct->serial == NULL)
 				{
 				if ((uri_struct->serial = strdup(l2)) == NULL)
@@ -271,7 +276,9 @@
 				}
 			else
 				goto bad_uri;
+			}
 		else if (strcmp(name, PK11_MODEL) == 0)
+			{
 			if (uri_struct->model == NULL)
 				{
 				if ((uri_struct->model = strdup(l2)) == NULL)
@@ -279,7 +286,9 @@
 				}
 			else
 				goto bad_uri;
+			}
 		else if (strcmp(name, PK11_OBJECT) == 0)
+			{
 			if (uri_struct->object == NULL)
 				{
 				if ((uri_struct->object = strdup(l2)) == NULL)
@@ -287,7 +296,9 @@
 				}
 			else
 				goto bad_uri;
+			}
 		else if (strcmp(name, PK11_OBJECTTYPE) == 0)
+			{
 			if (uri_struct->objecttype == NULL)
 				{
 				uri_struct->objecttype = strdup(l2);
@@ -296,7 +307,9 @@
 				}
 			else
 				goto bad_uri;
+			}
 		else if (strcmp(name, PK11_ASKPASS) == 0)
+			{
 			if (uri_struct->askpass == NULL)
 				{
 				if ((uri_struct->askpass = strdup(l2)) == NULL)
@@ -304,6 +317,7 @@
 				}
 			else
 				goto bad_uri;
+			}
 		else
 			goto bad_uri;
 		}
@@ -494,17 +508,21 @@
 		goto ok;
 
 	if (pk11_get_pin_caching_policy() == POLICY_MEMORY)
+		{
 		if ((token_pin = strdup(pin)) == NULL)
 			{
 			PK11err(PK11_F_CACHE_PIN, PK11_R_MALLOC_FAILURE);
 			goto err;
 			}
+		}
 	else
+		{
 		if (pk11_get_pin_caching_policy() == POLICY_MLOCKED_MEMORY)
 			{
 			if (mlock_pin_in_memory(pin) == 0)
 				goto err;
 			}
+		}
 
 ok:
 	(void) pthread_mutex_unlock(uri_lock);
--- a/components/openssl/openssl-1.0.1/engines/pkcs11/e_pk11.c	Thu Jun 04 22:34:13 2015 -0700
+++ b/components/openssl/openssl-1.0.1/engines/pkcs11/e_pk11.c	Wed Jul 29 14:06:05 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2015, Oracle and/or its affiliates. All rights reserved.
  */
 
 /* crypto/engine/e_pk11.c */
@@ -2177,7 +2177,6 @@
 			continue;
 			}
 		}
-err:
 	if (session == NULL)
 		(void) pthread_mutex_unlock(session_cache[OP_DH].lock);
 
--- a/components/openssl/openssl-1.0.1/engines/pkcs11/e_pk11_uri.c	Thu Jun 04 22:34:13 2015 -0700
+++ b/components/openssl/openssl-1.0.1/engines/pkcs11/e_pk11_uri.c	Wed Jul 29 14:06:05 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
  */
 
 /*
@@ -247,6 +247,7 @@
 		 * attributes.
 		 */
 		if (strcmp(name, PK11_TOKEN) == 0)
+			{
 			if (uri_struct->token == NULL)
 				{
 				if ((uri_struct->token = strdup(l2)) == NULL)
@@ -254,7 +255,9 @@
 				}
 			else
 				goto bad_uri;
+			}
 		else if (strcmp(name, PK11_MANUF) == 0)
+			{
 			if (uri_struct->manuf == NULL)
 				{
 				if ((uri_struct->manuf = strdup(l2)) == NULL)
@@ -262,7 +265,9 @@
 				}
 			else
 				goto bad_uri;
+			}
 		else if (strcmp(name, PK11_SERIAL) == 0)
+			{
 			if (uri_struct->serial == NULL)
 				{
 				if ((uri_struct->serial = strdup(l2)) == NULL)
@@ -270,7 +275,9 @@
 				}
 			else
 				goto bad_uri;
+			}
 		else if (strcmp(name, PK11_MODEL) == 0)
+			{
 			if (uri_struct->model == NULL)
 				{
 				if ((uri_struct->model = strdup(l2)) == NULL)
@@ -278,7 +285,9 @@
 				}
 			else
 				goto bad_uri;
+			}
 		else if (strcmp(name, PK11_OBJECT) == 0)
+			{
 			if (uri_struct->object == NULL)
 				{
 				if ((uri_struct->object = strdup(l2)) == NULL)
@@ -286,7 +295,9 @@
 				}
 			else
 				goto bad_uri;
+			}
 		else if (strcmp(name, PK11_OBJECTTYPE) == 0)
+			{
 			if (uri_struct->objecttype == NULL)
 				{
 				uri_struct->objecttype = strdup(l2);
@@ -295,7 +306,9 @@
 				}
 			else
 				goto bad_uri;
+			}
 		else if (strcmp(name, PK11_ASKPASS) == 0)
+			{
 			if (uri_struct->askpass == NULL)
 				{
 				if ((uri_struct->askpass = strdup(l2)) == NULL)
@@ -303,6 +316,7 @@
 				}
 			else
 				goto bad_uri;
+			}
 		else
 			goto bad_uri;
 		}
@@ -493,17 +507,21 @@
 		goto ok;
 
 	if (pk11_get_pin_caching_policy() == POLICY_MEMORY)
+		{
 		if ((token_pin = strdup(pin)) == NULL)
 			{
 			PK11err(PK11_F_CACHE_PIN, PK11_R_MALLOC_FAILURE);
 			goto err;
 			}
+		}
 	else
+		{
 		if (pk11_get_pin_caching_policy() == POLICY_MLOCKED_MEMORY)
 			{
 			if (mlock_pin_in_memory(pin) == 0)
 				goto err;
 			}
+		}
 
 ok:
 	(void) pthread_mutex_unlock(uri_lock);
upstream/oracle/userland-gate