fix resource leaks in while registering PKCS#11 mechanisms
introduces a free_mech_data for sc_pkcs11_mechanism_type_t to clear the mechanisms private memory
This commit is contained in:
parent
2c32575e89
commit
e84951a5bf
|
@ -4509,7 +4509,7 @@ register_gost_mechanisms(struct sc_pkcs11_card *p11card, int flags)
|
||||||
|
|
||||||
if (flags & SC_ALGORITHM_GOSTR3410_HASH_NONE) {
|
if (flags & SC_ALGORITHM_GOSTR3410_HASH_NONE) {
|
||||||
mt = sc_pkcs11_new_fw_mechanism(CKM_GOSTR3410,
|
mt = sc_pkcs11_new_fw_mechanism(CKM_GOSTR3410,
|
||||||
&mech_info, CKK_GOSTR3410, NULL);
|
&mech_info, CKK_GOSTR3410, NULL, NULL);
|
||||||
if (!mt)
|
if (!mt)
|
||||||
return CKR_HOST_MEMORY;
|
return CKR_HOST_MEMORY;
|
||||||
rc = sc_pkcs11_register_mechanism(p11card, mt);
|
rc = sc_pkcs11_register_mechanism(p11card, mt);
|
||||||
|
@ -4518,7 +4518,7 @@ register_gost_mechanisms(struct sc_pkcs11_card *p11card, int flags)
|
||||||
}
|
}
|
||||||
if (flags & SC_ALGORITHM_GOSTR3410_HASH_GOSTR3411) {
|
if (flags & SC_ALGORITHM_GOSTR3410_HASH_GOSTR3411) {
|
||||||
mt = sc_pkcs11_new_fw_mechanism(CKM_GOSTR3410_WITH_GOSTR3411,
|
mt = sc_pkcs11_new_fw_mechanism(CKM_GOSTR3410_WITH_GOSTR3411,
|
||||||
&mech_info, CKK_GOSTR3410, NULL);
|
&mech_info, CKK_GOSTR3410, NULL, NULL);
|
||||||
if (!mt)
|
if (!mt)
|
||||||
return CKR_HOST_MEMORY;
|
return CKR_HOST_MEMORY;
|
||||||
rc = sc_pkcs11_register_mechanism(p11card, mt);
|
rc = sc_pkcs11_register_mechanism(p11card, mt);
|
||||||
|
@ -4528,7 +4528,7 @@ register_gost_mechanisms(struct sc_pkcs11_card *p11card, int flags)
|
||||||
if (flags & SC_ALGORITHM_ONBOARD_KEY_GEN) {
|
if (flags & SC_ALGORITHM_ONBOARD_KEY_GEN) {
|
||||||
mech_info.flags = CKF_HW | CKF_GENERATE_KEY_PAIR;
|
mech_info.flags = CKF_HW | CKF_GENERATE_KEY_PAIR;
|
||||||
mt = sc_pkcs11_new_fw_mechanism(CKM_GOSTR3410_KEY_PAIR_GEN,
|
mt = sc_pkcs11_new_fw_mechanism(CKM_GOSTR3410_KEY_PAIR_GEN,
|
||||||
&mech_info, CKK_GOSTR3410, NULL);
|
&mech_info, CKK_GOSTR3410, NULL, NULL);
|
||||||
if (!mt)
|
if (!mt)
|
||||||
return CKR_HOST_MEMORY;
|
return CKR_HOST_MEMORY;
|
||||||
rc = sc_pkcs11_register_mechanism(p11card, mt);
|
rc = sc_pkcs11_register_mechanism(p11card, mt);
|
||||||
|
@ -4566,7 +4566,7 @@ static int register_ec_mechanisms(struct sc_pkcs11_card *p11card, int flags,
|
||||||
mech_info.ulMinKeySize = min_key_size;
|
mech_info.ulMinKeySize = min_key_size;
|
||||||
mech_info.ulMaxKeySize = max_key_size;
|
mech_info.ulMaxKeySize = max_key_size;
|
||||||
|
|
||||||
mt = sc_pkcs11_new_fw_mechanism(CKM_ECDSA, &mech_info, CKK_EC, NULL);
|
mt = sc_pkcs11_new_fw_mechanism(CKM_ECDSA, &mech_info, CKK_EC, NULL, NULL);
|
||||||
if (!mt)
|
if (!mt)
|
||||||
return CKR_HOST_MEMORY;
|
return CKR_HOST_MEMORY;
|
||||||
rc = sc_pkcs11_register_mechanism(p11card, mt);
|
rc = sc_pkcs11_register_mechanism(p11card, mt);
|
||||||
|
@ -4575,7 +4575,7 @@ static int register_ec_mechanisms(struct sc_pkcs11_card *p11card, int flags,
|
||||||
|
|
||||||
#if ENABLE_OPENSSL
|
#if ENABLE_OPENSSL
|
||||||
mt = sc_pkcs11_new_fw_mechanism(CKM_ECDSA_SHA1,
|
mt = sc_pkcs11_new_fw_mechanism(CKM_ECDSA_SHA1,
|
||||||
&mech_info, CKK_EC, NULL);
|
&mech_info, CKK_EC, NULL, NULL);
|
||||||
if (!mt)
|
if (!mt)
|
||||||
return CKR_HOST_MEMORY;
|
return CKR_HOST_MEMORY;
|
||||||
rc = sc_pkcs11_register_mechanism(p11card, mt);
|
rc = sc_pkcs11_register_mechanism(p11card, mt);
|
||||||
|
@ -4588,14 +4588,14 @@ static int register_ec_mechanisms(struct sc_pkcs11_card *p11card, int flags,
|
||||||
mech_info.flags &= ~CKF_SIGN;
|
mech_info.flags &= ~CKF_SIGN;
|
||||||
mech_info.flags |= CKF_DERIVE;
|
mech_info.flags |= CKF_DERIVE;
|
||||||
|
|
||||||
mt = sc_pkcs11_new_fw_mechanism(CKM_ECDH1_COFACTOR_DERIVE, &mech_info, CKK_EC, NULL);
|
mt = sc_pkcs11_new_fw_mechanism(CKM_ECDH1_COFACTOR_DERIVE, &mech_info, CKK_EC, NULL, NULL);
|
||||||
if (!mt)
|
if (!mt)
|
||||||
return CKR_HOST_MEMORY;
|
return CKR_HOST_MEMORY;
|
||||||
rc = sc_pkcs11_register_mechanism(p11card, mt);
|
rc = sc_pkcs11_register_mechanism(p11card, mt);
|
||||||
if (rc != CKR_OK)
|
if (rc != CKR_OK)
|
||||||
return rc;
|
return rc;
|
||||||
|
|
||||||
mt = sc_pkcs11_new_fw_mechanism(CKM_ECDH1_DERIVE, &mech_info, CKK_EC, NULL);
|
mt = sc_pkcs11_new_fw_mechanism(CKM_ECDH1_DERIVE, &mech_info, CKK_EC, NULL, NULL);
|
||||||
if (!mt)
|
if (!mt)
|
||||||
return CKR_HOST_MEMORY;
|
return CKR_HOST_MEMORY;
|
||||||
rc = sc_pkcs11_register_mechanism(p11card, mt);
|
rc = sc_pkcs11_register_mechanism(p11card, mt);
|
||||||
|
@ -4605,7 +4605,7 @@ static int register_ec_mechanisms(struct sc_pkcs11_card *p11card, int flags,
|
||||||
if (flags & SC_ALGORITHM_ONBOARD_KEY_GEN) {
|
if (flags & SC_ALGORITHM_ONBOARD_KEY_GEN) {
|
||||||
mech_info.flags = CKF_HW | CKF_GENERATE_KEY_PAIR;
|
mech_info.flags = CKF_HW | CKF_GENERATE_KEY_PAIR;
|
||||||
mech_info.flags |= ec_flags;
|
mech_info.flags |= ec_flags;
|
||||||
mt = sc_pkcs11_new_fw_mechanism(CKM_EC_KEY_PAIR_GEN, &mech_info, CKK_EC, NULL);
|
mt = sc_pkcs11_new_fw_mechanism(CKM_EC_KEY_PAIR_GEN, &mech_info, CKK_EC, NULL, NULL);
|
||||||
if (!mt)
|
if (!mt)
|
||||||
return CKR_HOST_MEMORY;
|
return CKR_HOST_MEMORY;
|
||||||
rc = sc_pkcs11_register_mechanism(p11card, mt);
|
rc = sc_pkcs11_register_mechanism(p11card, mt);
|
||||||
|
@ -4701,7 +4701,7 @@ register_mechanisms(struct sc_pkcs11_card *p11card)
|
||||||
|
|
||||||
/* Check if we support raw RSA */
|
/* Check if we support raw RSA */
|
||||||
if (flags & SC_ALGORITHM_RSA_RAW) {
|
if (flags & SC_ALGORITHM_RSA_RAW) {
|
||||||
mt = sc_pkcs11_new_fw_mechanism(CKM_RSA_X_509, &mech_info, CKK_RSA, NULL);
|
mt = sc_pkcs11_new_fw_mechanism(CKM_RSA_X_509, &mech_info, CKK_RSA, NULL, NULL);
|
||||||
rc = sc_pkcs11_register_mechanism(p11card, mt);
|
rc = sc_pkcs11_register_mechanism(p11card, mt);
|
||||||
if (rc != CKR_OK)
|
if (rc != CKR_OK)
|
||||||
return rc;
|
return rc;
|
||||||
|
@ -4729,7 +4729,7 @@ register_mechanisms(struct sc_pkcs11_card *p11card)
|
||||||
|
|
||||||
/* No need to Check for PKCS1 We support it in software and turned it on above so always added it */
|
/* No need to Check for PKCS1 We support it in software and turned it on above so always added it */
|
||||||
if (flags & SC_ALGORITHM_RSA_PAD_PKCS1) {
|
if (flags & SC_ALGORITHM_RSA_PAD_PKCS1) {
|
||||||
mt = sc_pkcs11_new_fw_mechanism(CKM_RSA_PKCS, &mech_info, CKK_RSA, NULL);
|
mt = sc_pkcs11_new_fw_mechanism(CKM_RSA_PKCS, &mech_info, CKK_RSA, NULL, NULL);
|
||||||
rc = sc_pkcs11_register_mechanism(p11card, mt);
|
rc = sc_pkcs11_register_mechanism(p11card, mt);
|
||||||
if (rc != CKR_OK)
|
if (rc != CKR_OK)
|
||||||
return rc;
|
return rc;
|
||||||
|
@ -4776,7 +4776,7 @@ register_mechanisms(struct sc_pkcs11_card *p11card)
|
||||||
|
|
||||||
if (flags & SC_ALGORITHM_ONBOARD_KEY_GEN) {
|
if (flags & SC_ALGORITHM_ONBOARD_KEY_GEN) {
|
||||||
mech_info.flags = CKF_GENERATE_KEY_PAIR;
|
mech_info.flags = CKF_GENERATE_KEY_PAIR;
|
||||||
mt = sc_pkcs11_new_fw_mechanism(CKM_RSA_PKCS_KEY_PAIR_GEN, &mech_info, CKK_RSA, NULL);
|
mt = sc_pkcs11_new_fw_mechanism(CKM_RSA_PKCS_KEY_PAIR_GEN, &mech_info, CKK_RSA, NULL, NULL);
|
||||||
if (!mt)
|
if (!mt)
|
||||||
return CKR_HOST_MEMORY;
|
return CKR_HOST_MEMORY;
|
||||||
rc = sc_pkcs11_register_mechanism(p11card, mt);
|
rc = sc_pkcs11_register_mechanism(p11card, mt);
|
||||||
|
|
|
@ -942,7 +942,8 @@ sc_pkcs11_mechanism_type_t *
|
||||||
sc_pkcs11_new_fw_mechanism(CK_MECHANISM_TYPE mech,
|
sc_pkcs11_new_fw_mechanism(CK_MECHANISM_TYPE mech,
|
||||||
CK_MECHANISM_INFO_PTR pInfo,
|
CK_MECHANISM_INFO_PTR pInfo,
|
||||||
CK_KEY_TYPE key_type,
|
CK_KEY_TYPE key_type,
|
||||||
void *priv_data)
|
const void *priv_data,
|
||||||
|
void (*free_priv_data)(const void *priv_data))
|
||||||
{
|
{
|
||||||
sc_pkcs11_mechanism_type_t *mt;
|
sc_pkcs11_mechanism_type_t *mt;
|
||||||
|
|
||||||
|
@ -953,6 +954,7 @@ sc_pkcs11_new_fw_mechanism(CK_MECHANISM_TYPE mech,
|
||||||
mt->mech_info = *pInfo;
|
mt->mech_info = *pInfo;
|
||||||
mt->key_type = key_type;
|
mt->key_type = key_type;
|
||||||
mt->mech_data = priv_data;
|
mt->mech_data = priv_data;
|
||||||
|
mt->free_mech_data = free_priv_data;
|
||||||
mt->obj_size = sizeof(sc_pkcs11_operation_t);
|
mt->obj_size = sizeof(sc_pkcs11_operation_t);
|
||||||
|
|
||||||
mt->release = sc_pkcs11_signature_release;
|
mt->release = sc_pkcs11_signature_release;
|
||||||
|
@ -994,6 +996,11 @@ sc_pkcs11_register_generic_mechanisms(struct sc_pkcs11_card *p11card)
|
||||||
return CKR_OK;
|
return CKR_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void free_info(const void *info)
|
||||||
|
{
|
||||||
|
free((void *) info);
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Register a sign+hash algorithm derived from an algorithm supported
|
* Register a sign+hash algorithm derived from an algorithm supported
|
||||||
* by the token + a software hash mechanism
|
* by the token + a software hash mechanism
|
||||||
|
@ -1024,7 +1031,7 @@ sc_pkcs11_register_sign_and_hash_mechanism(struct sc_pkcs11_card *p11card,
|
||||||
info->sign_mech = sign_type->mech;
|
info->sign_mech = sign_type->mech;
|
||||||
info->hash_mech = hash_mech;
|
info->hash_mech = hash_mech;
|
||||||
|
|
||||||
new_type = sc_pkcs11_new_fw_mechanism(mech, &mech_info, sign_type->key_type, info);
|
new_type = sc_pkcs11_new_fw_mechanism(mech, &mech_info, sign_type->key_type, info, free_info);
|
||||||
|
|
||||||
if (!new_type)
|
if (!new_type)
|
||||||
return CKR_HOST_MEMORY;
|
return CKR_HOST_MEMORY;
|
||||||
|
|
|
@ -48,7 +48,8 @@ static sc_pkcs11_mechanism_type_t openssl_sha1_mech = {
|
||||||
NULL, NULL, NULL, /* verif_* */
|
NULL, NULL, NULL, /* verif_* */
|
||||||
NULL, NULL, /* decrypt_* */
|
NULL, NULL, /* decrypt_* */
|
||||||
NULL, /* derive */
|
NULL, /* derive */
|
||||||
NULL /* mech_data */
|
NULL, /* mech_data */
|
||||||
|
NULL, /* free_mech_data */
|
||||||
};
|
};
|
||||||
|
|
||||||
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
|
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
|
||||||
|
@ -65,7 +66,8 @@ static sc_pkcs11_mechanism_type_t openssl_sha256_mech = {
|
||||||
NULL, NULL, NULL, /* verif_* */
|
NULL, NULL, NULL, /* verif_* */
|
||||||
NULL, NULL, /* decrypt_* */
|
NULL, NULL, /* decrypt_* */
|
||||||
NULL, /* derive */
|
NULL, /* derive */
|
||||||
NULL /* mech_data */
|
NULL, /* mech_data */
|
||||||
|
NULL, /* free_mech_data */
|
||||||
};
|
};
|
||||||
|
|
||||||
static sc_pkcs11_mechanism_type_t openssl_sha384_mech = {
|
static sc_pkcs11_mechanism_type_t openssl_sha384_mech = {
|
||||||
|
@ -81,7 +83,8 @@ static sc_pkcs11_mechanism_type_t openssl_sha384_mech = {
|
||||||
NULL, NULL, NULL, /* verif_* */
|
NULL, NULL, NULL, /* verif_* */
|
||||||
NULL, NULL, /* decrypt_* */
|
NULL, NULL, /* decrypt_* */
|
||||||
NULL, /* derive */
|
NULL, /* derive */
|
||||||
NULL /* mech_data */
|
NULL, /* mech_data */
|
||||||
|
NULL, /* free_mech_data */
|
||||||
};
|
};
|
||||||
|
|
||||||
static sc_pkcs11_mechanism_type_t openssl_sha512_mech = {
|
static sc_pkcs11_mechanism_type_t openssl_sha512_mech = {
|
||||||
|
@ -97,7 +100,8 @@ static sc_pkcs11_mechanism_type_t openssl_sha512_mech = {
|
||||||
NULL, NULL, NULL, /* verif_* */
|
NULL, NULL, NULL, /* verif_* */
|
||||||
NULL, NULL, /* decrypt_* */
|
NULL, NULL, /* decrypt_* */
|
||||||
NULL, /* derive */
|
NULL, /* derive */
|
||||||
NULL /* mech_data */
|
NULL, /* mech_data */
|
||||||
|
NULL, /* free_mech_data */
|
||||||
};
|
};
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -115,7 +119,8 @@ static sc_pkcs11_mechanism_type_t openssl_gostr3411_mech = {
|
||||||
NULL, NULL, NULL, /* verif_* */
|
NULL, NULL, NULL, /* verif_* */
|
||||||
NULL, NULL, /* decrypt_* */
|
NULL, NULL, /* decrypt_* */
|
||||||
NULL, /* derive */
|
NULL, /* derive */
|
||||||
NULL /* mech_data */
|
NULL, /* mech_data */
|
||||||
|
NULL, /* free_mech_data */
|
||||||
};
|
};
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -132,7 +137,8 @@ static sc_pkcs11_mechanism_type_t openssl_md5_mech = {
|
||||||
NULL, NULL, NULL, /* verif_* */
|
NULL, NULL, NULL, /* verif_* */
|
||||||
NULL, NULL, /* decrypt_* */
|
NULL, NULL, /* decrypt_* */
|
||||||
NULL, /* derive */
|
NULL, /* derive */
|
||||||
NULL /* mech_data */
|
NULL, /* mech_data */
|
||||||
|
NULL, /* free_mech_data */
|
||||||
};
|
};
|
||||||
|
|
||||||
static sc_pkcs11_mechanism_type_t openssl_ripemd160_mech = {
|
static sc_pkcs11_mechanism_type_t openssl_ripemd160_mech = {
|
||||||
|
@ -148,7 +154,8 @@ static sc_pkcs11_mechanism_type_t openssl_ripemd160_mech = {
|
||||||
NULL, NULL, NULL, /* verif_* */
|
NULL, NULL, NULL, /* verif_* */
|
||||||
NULL, NULL, /* decrypt_* */
|
NULL, NULL, /* decrypt_* */
|
||||||
NULL, /* derive */
|
NULL, /* derive */
|
||||||
NULL /* mech_data */
|
NULL, /* mech_data */
|
||||||
|
NULL, /* free_mech_data */
|
||||||
};
|
};
|
||||||
|
|
||||||
void
|
void
|
||||||
|
|
|
@ -47,7 +47,8 @@ static sc_pkcs11_mechanism_type_t find_mechanism = {
|
||||||
NULL, /* decrypt_init */
|
NULL, /* decrypt_init */
|
||||||
NULL, /* decrypt */
|
NULL, /* decrypt */
|
||||||
NULL, /* derive */
|
NULL, /* derive */
|
||||||
NULL /* mech_data */
|
NULL, /* mech_data */
|
||||||
|
NULL, /* free_mech_data */
|
||||||
};
|
};
|
||||||
|
|
||||||
static void
|
static void
|
||||||
|
|
|
@ -275,7 +275,9 @@ struct sc_pkcs11_mechanism_type {
|
||||||
CK_BYTE_PTR, CK_ULONG,
|
CK_BYTE_PTR, CK_ULONG,
|
||||||
CK_BYTE_PTR, CK_ULONG_PTR);
|
CK_BYTE_PTR, CK_ULONG_PTR);
|
||||||
/* mechanism specific data */
|
/* mechanism specific data */
|
||||||
const void * mech_data;
|
const void * mech_data;
|
||||||
|
/* free mechanism specific data */
|
||||||
|
void (*free_mech_data)(const void *mech_data);
|
||||||
};
|
};
|
||||||
typedef struct sc_pkcs11_mechanism_type sc_pkcs11_mechanism_type_t;
|
typedef struct sc_pkcs11_mechanism_type sc_pkcs11_mechanism_type_t;
|
||||||
|
|
||||||
|
@ -403,7 +405,7 @@ sc_pkcs11_mechanism_type_t *sc_pkcs11_find_mechanism(struct sc_pkcs11_card *,
|
||||||
CK_MECHANISM_TYPE, unsigned int);
|
CK_MECHANISM_TYPE, unsigned int);
|
||||||
sc_pkcs11_mechanism_type_t *sc_pkcs11_new_fw_mechanism(CK_MECHANISM_TYPE,
|
sc_pkcs11_mechanism_type_t *sc_pkcs11_new_fw_mechanism(CK_MECHANISM_TYPE,
|
||||||
CK_MECHANISM_INFO_PTR, CK_KEY_TYPE,
|
CK_MECHANISM_INFO_PTR, CK_KEY_TYPE,
|
||||||
void *);
|
const void *, void (*)(const void *));
|
||||||
sc_pkcs11_operation_t *sc_pkcs11_new_operation(sc_pkcs11_session_t *,
|
sc_pkcs11_operation_t *sc_pkcs11_new_operation(sc_pkcs11_session_t *,
|
||||||
sc_pkcs11_mechanism_type_t *);
|
sc_pkcs11_mechanism_type_t *);
|
||||||
void sc_pkcs11_release_operation(sc_pkcs11_operation_t **);
|
void sc_pkcs11_release_operation(sc_pkcs11_operation_t **);
|
||||||
|
|
|
@ -170,18 +170,12 @@ CK_RV card_removed(sc_reader_t * reader)
|
||||||
if (card) {
|
if (card) {
|
||||||
card->framework->unbind(card);
|
card->framework->unbind(card);
|
||||||
sc_disconnect_card(card->card);
|
sc_disconnect_card(card->card);
|
||||||
/* FIXME: free mechanisms
|
|
||||||
* spaces allocated by the
|
|
||||||
* sc_pkcs11_register_sign_and_hash_mechanism
|
|
||||||
* and sc_pkcs11_new_fw_mechanism.
|
|
||||||
* but see sc_pkcs11_register_generic_mechanisms
|
|
||||||
for (i=0; i < card->nmechanisms; ++i) {
|
for (i=0; i < card->nmechanisms; ++i) {
|
||||||
// if 'mech_data' is a pointer earlier returned by the ?alloc
|
if (card->mechanisms[i]->free_mech_data) {
|
||||||
free(card->mechanisms[i]->mech_data);
|
card->mechanisms[i]->free_mech_data(card->mechanisms[i]->mech_data);
|
||||||
// if 'mechanisms[i]' is a pointer earlier returned by the ?alloc
|
}
|
||||||
free(card->mechanisms[i]);
|
free(card->mechanisms[i]);
|
||||||
}
|
}
|
||||||
*/
|
|
||||||
free(card->mechanisms);
|
free(card->mechanisms);
|
||||||
free(card);
|
free(card);
|
||||||
}
|
}
|
||||||
|
|
|
@ -2425,9 +2425,8 @@ find_mechanism(CK_SLOT_ID slot, CK_FLAGS flags,
|
||||||
else {
|
else {
|
||||||
*result = mechs[0];
|
*result = mechs[0];
|
||||||
}
|
}
|
||||||
|
|
||||||
free(mechs);
|
|
||||||
}
|
}
|
||||||
|
free(mechs);
|
||||||
|
|
||||||
return count;
|
return count;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue