Print this page
5031131 perf: pkcs11_kernel can benefit from a more efficient pkcs11_mech2str()
*** 17,35 ****
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
! * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
! #pragma ident "@(#)kernelUtil.c 1.16 07/09/11 SMI"
#include <stdlib.h>
#include <string.h>
#include <strings.h>
#include <cryptoutil.h>
#include <errno.h>
#include <security/cryptoki.h>
#include <sys/crypto/common.h>
#include <sys/crypto/ioctl.h>
--- 17,36 ----
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
! * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
! #pragma ident "@(#)kernelUtil.c 1.17 08/06/30 SMI"
#include <stdlib.h>
#include <string.h>
#include <strings.h>
+ #include <stdio.h>
#include <cryptoutil.h>
#include <errno.h>
#include <security/cryptoki.h>
#include <sys/crypto/common.h>
#include <sys/crypto/ioctl.h>
*** 190,204 ****
CK_RV
kernel_mech(CK_MECHANISM_TYPE type, crypto_mech_type_t *k_number)
{
crypto_get_mechanism_number_t get_number;
! char *string;
CK_RV rv;
int r;
kmh_elem_t *elem;
uint_t h;
/*
* Search for an existing entry. No need to lock since we are
* just a reader and we never free the entries in the hash table.
*/
--- 191,206 ----
CK_RV
kernel_mech(CK_MECHANISM_TYPE type, crypto_mech_type_t *k_number)
{
crypto_get_mechanism_number_t get_number;
! const char *string;
CK_RV rv;
int r;
kmh_elem_t *elem;
uint_t h;
+ char buf[11]; /* Num chars for representing ulong in ASCII */
/*
* Search for an existing entry. No need to lock since we are
* just a reader and we never free the entries in the hash table.
*/
*** 208,222 ****
*k_number = elem->kmech;
return (CKR_OK);
}
}
string = pkcs11_mech2str(type);
if (string == NULL)
return (CKR_MECHANISM_INVALID);
! get_number.pn_mechanism_string = string;
get_number.pn_mechanism_len = strlen(string) + 1;
while ((r = ioctl(kernel_fd, CRYPTO_GET_MECHANISM_NUMBER,
&get_number)) < 0) {
if (errno != EINTR)
--- 210,230 ----
*k_number = elem->kmech;
return (CKR_OK);
}
}
+ if (type > CKM_VENDOR_DEFINED) {
+ (void) snprintf(buf, sizeof (buf), "%#lx", type);
+ string = buf;
+ } else {
string = pkcs11_mech2str(type);
+ }
+
if (string == NULL)
return (CKR_MECHANISM_INVALID);
! get_number.pn_mechanism_string = (char *)string;
get_number.pn_mechanism_len = strlen(string) + 1;
while ((r = ioctl(kernel_fd, CRYPTO_GET_MECHANISM_NUMBER,
&get_number)) < 0) {
if (errno != EINTR)
*** 237,247 ****
*k_number = get_number.pn_internal_number;
/* Add this to the hash table */
(void) kmech_hash_insert(type, *k_number);
}
- free(string);
return (rv);
}
/*
--- 245,254 ----
*** 1172,1182 ****
/*
* Get the value of the CKA_PRIVATE attribute for the object just returned
* from the HW provider. This function will be called by any function
* that creates a new object, because the CKA_PRIVATE value of an object is
! * token sepecific. The CKA_PRIVATE attribute value of the new object will be
* stored in the object structure in the library, which will be used later at
* C_Logout to clean up all private objects.
*/
CK_RV
get_cka_private_value(kernel_session_t *sp, crypto_object_id_t oid,
--- 1179,1189 ----
/*
* Get the value of the CKA_PRIVATE attribute for the object just returned
* from the HW provider. This function will be called by any function
* that creates a new object, because the CKA_PRIVATE value of an object is
! * token specific. The CKA_PRIVATE attribute value of the new object will be
* stored in the object structure in the library, which will be used later at
* C_Logout to clean up all private objects.
*/
CK_RV
get_cka_private_value(kernel_session_t *sp, crypto_object_id_t oid,
*** 1219,1234 ****
CK_RV
get_mechanism_info(kernel_slot_t *pslot, CK_MECHANISM_TYPE type,
CK_MECHANISM_INFO_PTR pInfo, uint32_t *k_mi_flags)
{
crypto_get_provider_mechanism_info_t mechanism_info;
! char *string;
CK_FLAGS flags, mi_flags;
CK_RV rv;
int r;
string = pkcs11_mech2str(type);
if (string == NULL)
return (CKR_MECHANISM_INVALID);
(void) strcpy(mechanism_info.mi_mechanism_name, string);
mechanism_info.mi_provider_id = pslot->sl_provider_id;
--- 1226,1249 ----
CK_RV
get_mechanism_info(kernel_slot_t *pslot, CK_MECHANISM_TYPE type,
CK_MECHANISM_INFO_PTR pInfo, uint32_t *k_mi_flags)
{
crypto_get_provider_mechanism_info_t mechanism_info;
! const char *string;
CK_FLAGS flags, mi_flags;
CK_RV rv;
int r;
+ char buf[11]; /* Num chars for representing ulong in ASCII */
+ if (type > CKM_VENDOR_DEFINED) {
+ /* allocate/build a string containing the mechanism number */
+ (void) snprintf(buf, sizeof (buf), "%#lx", type);
+ string = buf;
+ } else {
string = pkcs11_mech2str(type);
+ }
+
if (string == NULL)
return (CKR_MECHANISM_INVALID);
(void) strcpy(mechanism_info.mi_mechanism_name, string);
mechanism_info.mi_provider_id = pslot->sl_provider_id;
*** 1244,1254 ****
rv = crypto2pkcs11_error_number(
mechanism_info.mi_return_value);
}
if (rv != CKR_OK) {
! goto out;
}
/*
* Atomic flags are not part of PKCS#11 so we filter
* them out here.
--- 1259,1269 ----
rv = crypto2pkcs11_error_number(
mechanism_info.mi_return_value);
}
if (rv != CKR_OK) {
! return (rv);
}
/*
* Atomic flags are not part of PKCS#11 so we filter
* them out here.
*** 1261,1272 ****
CRYPTO_FG_VERIFY_RECOVER_ATOMIC |
CRYPTO_FG_ENCRYPT_MAC_ATOMIC |
CRYPTO_FG_MAC_DECRYPT_ATOMIC);
if (mi_flags == 0) {
! rv = CKR_MECHANISM_INVALID;
! goto out;
}
if (rv == CKR_OK) {
/* set the value of k_mi_flags first */
*k_mi_flags = mi_flags;
--- 1276,1286 ----
CRYPTO_FG_VERIFY_RECOVER_ATOMIC |
CRYPTO_FG_ENCRYPT_MAC_ATOMIC |
CRYPTO_FG_MAC_DECRYPT_ATOMIC);
if (mi_flags == 0) {
! return (CKR_MECHANISM_INVALID);
}
if (rv == CKR_OK) {
/* set the value of k_mi_flags first */
*k_mi_flags = mi_flags;
*** 1308,1316 ****
pInfo->ulMaxKeySize = mechanism_info.mi_max_key_size;
pInfo->flags = flags;
}
- out:
- free(string);
return (rv);
}
--- 1322,1328 ----