added locking to sc_pkcs15_decipher and sc_pkcs15_compute_signature
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@902 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
8160bf64a1
commit
a2b9838bb1
|
@ -152,12 +152,22 @@ int sc_pkcs15_decipher(struct sc_pkcs15_card *p15card,
|
||||||
senv.flags = SC_SEC_ENV_KEY_REF_PRESENT;
|
senv.flags = SC_SEC_ENV_KEY_REF_PRESENT;
|
||||||
senv.flags |= SC_SEC_ENV_ALG_PRESENT;
|
senv.flags |= SC_SEC_ENV_ALG_PRESENT;
|
||||||
|
|
||||||
|
r = sc_lock(p15card->card);
|
||||||
|
SC_TEST_RET(ctx, r, "sc_lock() failed");
|
||||||
|
|
||||||
r = select_key_file(p15card, prkey, &senv);
|
r = select_key_file(p15card, prkey, &senv);
|
||||||
SC_TEST_RET(ctx, r, "Unable to select private key file");
|
if (r < 0) {
|
||||||
|
sc_unlock(p15card->card);
|
||||||
|
SC_TEST_RET(ctx, r, "Unable to select private key file");
|
||||||
|
}
|
||||||
|
|
||||||
r = sc_set_security_env(p15card->card, &senv, 0);
|
r = sc_set_security_env(p15card->card, &senv, 0);
|
||||||
SC_TEST_RET(ctx, r, "sc_set_security_env() failed");
|
if (r < 0) {
|
||||||
|
sc_unlock(p15card->card);
|
||||||
|
SC_TEST_RET(ctx, r, "sc_set_security_env() failed");
|
||||||
|
}
|
||||||
r = sc_decipher(p15card->card, in, inlen, out, outlen);
|
r = sc_decipher(p15card->card, in, inlen, out, outlen);
|
||||||
|
sc_unlock(p15card->card);
|
||||||
SC_TEST_RET(ctx, r, "sc_decipher() failed");
|
SC_TEST_RET(ctx, r, "sc_decipher() failed");
|
||||||
|
|
||||||
/* Strip any padding */
|
/* Strip any padding */
|
||||||
|
@ -349,11 +359,20 @@ int sc_pkcs15_compute_signature(struct sc_pkcs15_card *p15card,
|
||||||
senv.flags = SC_SEC_ENV_KEY_REF_PRESENT;
|
senv.flags = SC_SEC_ENV_KEY_REF_PRESENT;
|
||||||
senv.flags |= SC_SEC_ENV_ALG_PRESENT;
|
senv.flags |= SC_SEC_ENV_ALG_PRESENT;
|
||||||
|
|
||||||
|
r = sc_lock(p15card->card);
|
||||||
|
SC_TEST_RET(ctx, r, "sc_lock() failed");
|
||||||
|
|
||||||
r = select_key_file(p15card, prkey, &senv);
|
r = select_key_file(p15card, prkey, &senv);
|
||||||
SC_TEST_RET(ctx, r, "Unable to select private key file");
|
if (r < 0) {
|
||||||
|
sc_unlock(p15card->card);
|
||||||
|
SC_TEST_RET(ctx, r, "Unable to select private key file");
|
||||||
|
}
|
||||||
|
|
||||||
r = sc_set_security_env(p15card->card, &senv, 0);
|
r = sc_set_security_env(p15card->card, &senv, 0);
|
||||||
SC_TEST_RET(ctx, r, "sc_set_security_env() failed");
|
if (r < 0) {
|
||||||
|
sc_unlock(p15card->card);
|
||||||
|
SC_TEST_RET(ctx, r, "sc_set_security_env() failed");
|
||||||
|
}
|
||||||
|
|
||||||
/* XXX: Should we adjust outlen to match the size of
|
/* XXX: Should we adjust outlen to match the size of
|
||||||
* the signature we expect? CardOS for instance will
|
* the signature we expect? CardOS for instance will
|
||||||
|
@ -366,6 +385,7 @@ int sc_pkcs15_compute_signature(struct sc_pkcs15_card *p15card,
|
||||||
r = sc_compute_signature(p15card->card, in, inlen, out, outlen);
|
r = sc_compute_signature(p15card->card, in, inlen, out, outlen);
|
||||||
if (pad_flags)
|
if (pad_flags)
|
||||||
memset(buf, 0, inlen);
|
memset(buf, 0, inlen);
|
||||||
|
sc_unlock(p15card->card);
|
||||||
SC_TEST_RET(ctx, r, "sc_compute_signature() failed");
|
SC_TEST_RET(ctx, r, "sc_compute_signature() failed");
|
||||||
|
|
||||||
return r;
|
return r;
|
||||||
|
|
Loading…
Reference in New Issue