pesign/0026-Rework-setup_digests-and-teardown_digests.patch

From 4efe979d6b781e064fe1afa946753ead9e3bbb9d Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 17 Oct 2012 17:49:17 -0400
Subject: [PATCH 26/41] Rework setup_digests() and teardown_digests()

This fixes the problem I was seeing with empty content_info digests, and
makes the code a /little/ bit cleaner in some ways.

Signed-off-by: Peter Jones <pjones@redhat.com>
---
 src/cms_common.c | 92 +++++++++++++++++++++++++++++++++-----------------------
 src/cms_common.h |  1 -
 src/daemon.c     | 28 +----------------
 src/pesign.c     |  7 -----
 4 files changed, 55 insertions(+), 73 deletions(-)

diff --git a/src/cms_common.c b/src/cms_common.c
index ab5a066..6b3f5ec 100644
--- a/src/cms_common.c
+++ b/src/cms_common.c
@@ -96,43 +96,6 @@ digest_get_digest_size(cms_context *cms)
 	return digest_params[i].size;
 }
 
-
-int
-setup_digests(cms_context *cms)
-{
-	struct digest *digests = NULL;
-
-	digests = calloc(n_digest_params, sizeof (*digests));
-	if (!digests) {
-		cms->log(cms, LOG_ERR, "cannot allocate memory: %m");
-		return -1;
-	}
-
-	for (int i = 0; i < n_digest_params; i++) {
-		digests[i].pk11ctx = PK11_CreateDigestContext(
-						digest_params[i].digest_tag);
-		if (!digests[i].pk11ctx) {
-			cms->log(cms, LOG_ERR, "could not create digest "
-				"context: %s",
-				PORT_ErrorToString(PORT_GetError()));
-			goto err;
-		}
-
-		PK11_DigestBegin(digests[i].pk11ctx);
-	}
-
-	cms->digests = digests;
-	return 0;
-err:
-	for (int i = 0; i < n_digest_params; i++) {
-		if (digests[i].pk11ctx)
-			PK11_DestroyContext(digests[i].pk11ctx, PR_TRUE);
-	}
-
-	free(digests);
-	return -1;
-}
-
 void
 teardown_digests(cms_context *ctx)
 {
@@ -733,6 +696,46 @@ check_pointer_and_size(Pe *pe, void *ptr, size_t size)
 	return 1;
 }
 
+int
+generate_digest_begin(cms_context *cms)
+{
+	struct digest *digests = NULL;
+
+	if (cms->digests) {
+		digests = cms->digests;
+	} else {
+		digests = calloc(n_digest_params, sizeof (*digests));
+		if (!digests) {
+			cms->log(cms, LOG_ERR, "cannot allocate memory: %m");
+			return -1;
+		}
+	}
+
+	for (int i = 0; i < n_digest_params; i++) {
+		digests[i].pk11ctx = PK11_CreateDigestContext(
+						digest_params[i].digest_tag);
+		if (!digests[i].pk11ctx) {
+			cms->log(cms, LOG_ERR, "could not create digest "
+				"context: %s",
+				PORT_ErrorToString(PORT_GetError()));
+			goto err;
+		}
+
+		PK11_DigestBegin(digests[i].pk11ctx);
+	}
+
+	cms->digests = digests;
+	return 0;
+err:
+	for (int i = 0; i < n_digest_params; i++) {
+		if (digests[i].pk11ctx)
+			PK11_DestroyContext(digests[i].pk11ctx, PR_TRUE);
+	}
+
+	free(digests);
+	return -1;
+}
+
 void
 generate_digest_step(cms_context *cms, void *data, size_t len)
 {
@@ -762,6 +765,12 @@ generate_digest_finish(cms_context *cms)
 
 		PK11_DigestFinal(cms->digests[i].pk11ctx,
 			digest->data, &digest->len, digest_params[i].size);
+		PK11_Finalize(cms->digests[i].pk11ctx);
+		PK11_DestroyContext(cms->digests[i].pk11ctx, PR_TRUE);
+		cms->digests[i].pk11ctx = NULL;
+		if (cms->digests[i].pe_digest)
+			free_poison(cms->digests[i].pe_digest->data,
+				    cms->digests[i].pe_digest->len);
 		cms->digests[i].pe_digest = digest;
 	}
 
@@ -791,7 +800,14 @@ generate_digest(cms_context *cms, Pe *pe)
 
 	if (!pe) {
 		cms->log(cms, LOG_ERR, "no output pe ready");
-		exit(1);
+		return -1;
+	}
+
+	rc = generate_digest_begin(cms);
+	if (rc < 0) {
+		cms->log(cms, LOG_ERR, "could not initialize digests: %s",
+			PORT_ErrorToString(PORT_GetError()));
+		return rc;
 	}
 
 	struct pe_hdr pehdr;
diff --git a/src/cms_common.h b/src/cms_common.h
index 830427e..5cbda62 100644
--- a/src/cms_common.h
+++ b/src/cms_common.h
@@ -86,7 +86,6 @@ extern int cms_context_alloc(cms_context **ctxp);
 extern int cms_context_init(cms_context *ctx);
 extern void cms_context_fini(cms_context *ctx);
 
-extern int setup_digests(cms_context *cms);
 extern void teardown_digests(cms_context *ctx);
 
 extern int generate_octet_string(cms_context *ctx, SECItem *encoded,
diff --git a/src/daemon.c b/src/daemon.c
index 534fb23..df20763 100644
--- a/src/daemon.c
+++ b/src/daemon.c
@@ -142,15 +142,6 @@ handle_unlock_token(context *ctx, struct pollfd *pollfd, socklen_t size)
 		return;
 	}
 
-	rc = setup_digests(ctx->cms);
-	if (rc < 0) {
-		ctx->backup_cms->log(ctx->backup_cms, ctx->priority|LOG_NOTICE,
-			"Could not initialize digests: %s\n",
-			PORT_ErrorToString(PORT_GetError()));
-		send_response(ctx, ctx->backup_cms, pollfd, rc);
-		return;
-	}
-
 	steal_from_cms(ctx->backup_cms, ctx->cms);
 
 	if (!buffer) {
@@ -491,6 +482,7 @@ finish:
 	close(outfd);
 
 	send_response(ctx, ctx->cms, pollfd, rc);
+	teardown_digests(ctx->cms);
 }
 
 static void
@@ -500,15 +492,6 @@ handle_sign_attached(context *ctx, struct pollfd *pollfd, socklen_t size)
 	if (rc < 0)
 		return;
 
-	rc = setup_digests(ctx->cms);
-	if (rc < 0) {
-		ctx->backup_cms->log(ctx->backup_cms, ctx->priority|LOG_NOTICE,
-			"Could not initialize digests: %s\n",
-			PORT_ErrorToString(PORT_GetError()));
-		send_response(ctx, ctx->backup_cms, pollfd, rc);
-		return;
-	}
-
 	steal_from_cms(ctx->backup_cms, ctx->cms);
 
 	handle_signing(ctx, pollfd, size, 1);
@@ -524,15 +507,6 @@ handle_sign_detached(context *ctx, struct pollfd *pollfd, socklen_t size)
 	if (rc < 0)
 		return;
 
-	rc = setup_digests(ctx->cms);
-	if (rc < 0) {
-		ctx->backup_cms->log(ctx->backup_cms, ctx->priority|LOG_NOTICE,
-			"Could not initialize digests: %s\n",
-			PORT_ErrorToString(PORT_GetError()));
-		send_response(ctx, ctx->backup_cms, pollfd, rc);
-		return;
-	}
-
 	steal_from_cms(ctx->backup_cms, ctx->cms);
 
 	handle_signing(ctx, pollfd, size, 0);
diff --git a/src/pesign.c b/src/pesign.c
index 6c10b6d..2c98600 100644
--- a/src/pesign.c
+++ b/src/pesign.c
@@ -548,13 +548,6 @@ main(int argc, char *argv[])
 			fprintf(stderr, "Could not register OIDs\n");
 			exit(1);
 		}
-
-		rc = setup_digests(ctxp->cms_ctx);
-		if (rc < 0) {
-			fprintf(stderr, "Could not initialize digests: %s\n",
-				PORT_ErrorToString(PORT_GetError()));
-			exit(1);
-		}
 	}
 
 	rc = set_digest_parameters(ctxp->cms_ctx, digest_name);
-- 
1.7.12.1
Fix some more bugs found by valgrind and coverity. - Don't build utils/ ; we're not using them and they're not ready anyway. 2012-10-18 15:38:53 +00:00			`From 4efe979d6b781e064fe1afa946753ead9e3bbb9d Mon Sep 17 00:00:00 2001`
			`From: Peter Jones <pjones@redhat.com>`
			`Date: Wed, 17 Oct 2012 17:49:17 -0400`
setfacl u:kojibuilder:rw /var/run/pesign/socket - Fix command line checking in client - Add client stdin pin reading. 2012-10-19 14:24:10 +00:00			`Subject: [PATCH 26/41] Rework setup_digests() and teardown_digests()`
Fix some more bugs found by valgrind and coverity. - Don't build utils/ ; we're not using them and they're not ready anyway. 2012-10-18 15:38:53 +00:00
			`This fixes the problem I was seeing with empty content_info digests, and`
			`makes the code a /little/ bit cleaner in some ways.`

			`Signed-off-by: Peter Jones <pjones@redhat.com>`
			`---`
			`src/cms_common.c \| 92 +++++++++++++++++++++++++++++++++-----------------------`
			`src/cms_common.h \| 1 -`
			`src/daemon.c \| 28 +----------------`
			`src/pesign.c \| 7 -----`
			`4 files changed, 55 insertions(+), 73 deletions(-)`

			`diff --git a/src/cms_common.c b/src/cms_common.c`
			`index ab5a066..6b3f5ec 100644`
			`--- a/src/cms_common.c`
			`+++ b/src/cms_common.c`
			`@@ -96,43 +96,6 @@ digest_get_digest_size(cms_context *cms)`
			`return digest_params[i].size;`
			`}`

			`-`
			`-int`
			`-setup_digests(cms_context *cms)`
			`-{`
			`- struct digest *digests = NULL;`
			`-`
			`- digests = calloc(n_digest_params, sizeof (*digests));`
			`- if (!digests) {`
			`- cms->log(cms, LOG_ERR, "cannot allocate memory: %m");`
			`- return -1;`
			`- }`
			`-`
			`- for (int i = 0; i < n_digest_params; i++) {`
			`- digests[i].pk11ctx = PK11_CreateDigestContext(`
			`- digest_params[i].digest_tag);`
			`- if (!digests[i].pk11ctx) {`
			`- cms->log(cms, LOG_ERR, "could not create digest "`
			`- "context: %s",`
			`- PORT_ErrorToString(PORT_GetError()));`
			`- goto err;`
			`- }`
			`-`
			`- PK11_DigestBegin(digests[i].pk11ctx);`
			`- }`
			`-`
			`- cms->digests = digests;`
			`- return 0;`
			`-err:`
			`- for (int i = 0; i < n_digest_params; i++) {`
			`- if (digests[i].pk11ctx)`
			`- PK11_DestroyContext(digests[i].pk11ctx, PR_TRUE);`
			`- }`
			`-`
			`- free(digests);`
			`- return -1;`
			`-}`
			`-`
			`void`
			`teardown_digests(cms_context *ctx)`
			`{`
			`@@ -733,6 +696,46 @@ check_pointer_and_size(Pe pe, void ptr, size_t size)`
			`return 1;`
			`}`

			`+int`
			`+generate_digest_begin(cms_context *cms)`
			`+{`
			`+ struct digest *digests = NULL;`
			`+`
			`+ if (cms->digests) {`
			`+ digests = cms->digests;`
			`+ } else {`
			`+ digests = calloc(n_digest_params, sizeof (*digests));`
			`+ if (!digests) {`
			`+ cms->log(cms, LOG_ERR, "cannot allocate memory: %m");`
			`+ return -1;`
			`+ }`
			`+ }`
			`+`
			`+ for (int i = 0; i < n_digest_params; i++) {`
			`+ digests[i].pk11ctx = PK11_CreateDigestContext(`
			`+ digest_params[i].digest_tag);`
			`+ if (!digests[i].pk11ctx) {`
			`+ cms->log(cms, LOG_ERR, "could not create digest "`
			`+ "context: %s",`
			`+ PORT_ErrorToString(PORT_GetError()));`
			`+ goto err;`
			`+ }`
			`+`
			`+ PK11_DigestBegin(digests[i].pk11ctx);`
			`+ }`
			`+`
			`+ cms->digests = digests;`
			`+ return 0;`
			`+err:`
			`+ for (int i = 0; i < n_digest_params; i++) {`
			`+ if (digests[i].pk11ctx)`
			`+ PK11_DestroyContext(digests[i].pk11ctx, PR_TRUE);`
			`+ }`
			`+`
			`+ free(digests);`
			`+ return -1;`
			`+}`
			`+`
			`void`
			`generate_digest_step(cms_context cms, void data, size_t len)`
			`{`
			`@@ -762,6 +765,12 @@ generate_digest_finish(cms_context *cms)`

			`PK11_DigestFinal(cms->digests[i].pk11ctx,`
			`digest->data, &digest->len, digest_params[i].size);`
			`+ PK11_Finalize(cms->digests[i].pk11ctx);`
			`+ PK11_DestroyContext(cms->digests[i].pk11ctx, PR_TRUE);`
			`+ cms->digests[i].pk11ctx = NULL;`
			`+ if (cms->digests[i].pe_digest)`
			`+ free_poison(cms->digests[i].pe_digest->data,`
			`+ cms->digests[i].pe_digest->len);`
			`cms->digests[i].pe_digest = digest;`
			`}`

			`@@ -791,7 +800,14 @@ generate_digest(cms_context cms, Pe pe)`

			`if (!pe) {`
			`cms->log(cms, LOG_ERR, "no output pe ready");`
			`- exit(1);`
			`+ return -1;`
			`+ }`
			`+`
			`+ rc = generate_digest_begin(cms);`
			`+ if (rc < 0) {`
			`+ cms->log(cms, LOG_ERR, "could not initialize digests: %s",`
			`+ PORT_ErrorToString(PORT_GetError()));`
			`+ return rc;`
			`}`

			`struct pe_hdr pehdr;`
			`diff --git a/src/cms_common.h b/src/cms_common.h`
			`index 830427e..5cbda62 100644`
			`--- a/src/cms_common.h`
			`+++ b/src/cms_common.h`
			`@@ -86,7 +86,6 @@ extern int cms_context_alloc(cms_context **ctxp);`
			`extern int cms_context_init(cms_context *ctx);`
			`extern void cms_context_fini(cms_context *ctx);`

			`-extern int setup_digests(cms_context *cms);`
			`extern void teardown_digests(cms_context *ctx);`

			`extern int generate_octet_string(cms_context ctx, SECItem encoded,`
			`diff --git a/src/daemon.c b/src/daemon.c`
			`index 534fb23..df20763 100644`
			`--- a/src/daemon.c`
			`+++ b/src/daemon.c`
			`@@ -142,15 +142,6 @@ handle_unlock_token(context ctx, struct pollfd pollfd, socklen_t size)`
			`return;`
			`}`

			`- rc = setup_digests(ctx->cms);`
			`- if (rc < 0) {`
			`- ctx->backup_cms->log(ctx->backup_cms, ctx->priority\|LOG_NOTICE,`
			`- "Could not initialize digests: %s\n",`
			`- PORT_ErrorToString(PORT_GetError()));`
			`- send_response(ctx, ctx->backup_cms, pollfd, rc);`
			`- return;`
			`- }`
			`-`
			`steal_from_cms(ctx->backup_cms, ctx->cms);`

			`if (!buffer) {`
			`@@ -491,6 +482,7 @@ finish:`
			`close(outfd);`

			`send_response(ctx, ctx->cms, pollfd, rc);`
			`+ teardown_digests(ctx->cms);`
			`}`

			`static void`
			`@@ -500,15 +492,6 @@ handle_sign_attached(context ctx, struct pollfd pollfd, socklen_t size)`
			`if (rc < 0)`
			`return;`

			`- rc = setup_digests(ctx->cms);`
			`- if (rc < 0) {`
			`- ctx->backup_cms->log(ctx->backup_cms, ctx->priority\|LOG_NOTICE,`
			`- "Could not initialize digests: %s\n",`
			`- PORT_ErrorToString(PORT_GetError()));`
			`- send_response(ctx, ctx->backup_cms, pollfd, rc);`
			`- return;`
			`- }`
			`-`
			`steal_from_cms(ctx->backup_cms, ctx->cms);`

			`handle_signing(ctx, pollfd, size, 1);`
			`@@ -524,15 +507,6 @@ handle_sign_detached(context ctx, struct pollfd pollfd, socklen_t size)`
			`if (rc < 0)`
			`return;`

			`- rc = setup_digests(ctx->cms);`
			`- if (rc < 0) {`
			`- ctx->backup_cms->log(ctx->backup_cms, ctx->priority\|LOG_NOTICE,`
			`- "Could not initialize digests: %s\n",`
			`- PORT_ErrorToString(PORT_GetError()));`
			`- send_response(ctx, ctx->backup_cms, pollfd, rc);`
			`- return;`
			`- }`
			`-`
			`steal_from_cms(ctx->backup_cms, ctx->cms);`

			`handle_signing(ctx, pollfd, size, 0);`
			`diff --git a/src/pesign.c b/src/pesign.c`
			`index 6c10b6d..2c98600 100644`
			`--- a/src/pesign.c`
			`+++ b/src/pesign.c`
			`@@ -548,13 +548,6 @@ main(int argc, char *argv[])`
			`fprintf(stderr, "Could not register OIDs\n");`
			`exit(1);`
			`}`
			`-`
			`- rc = setup_digests(ctxp->cms_ctx);`
			`- if (rc < 0) {`
			`- fprintf(stderr, "Could not initialize digests: %s\n",`
			`- PORT_ErrorToString(PORT_GetError()));`
			`- exit(1);`
			`- }`
			`}`

			`rc = set_digest_parameters(ctxp->cms_ctx, digest_name);`
			`--`
			`1.7.12.1`