pkcs11_kernel/common/kernelDigest.c

2N/A/*
2N/A * CDDL HEADER START
2N/A *
2N/A * The contents of this file are subject to the terms of the
2N/A * Common Development and Distribution License (the "License").
2N/A * You may not use this file except in compliance with the License.
2N/A *
2N/A * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
2N/A * or http://www.opensolaris.org/os/licensing.
2N/A * See the License for the specific language governing permissions
2N/A * and limitations under the License.
2N/A *
2N/A * When distributing Covered Code, include this CDDL HEADER in each
2N/A * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
2N/A * If applicable, add the following below this CDDL HEADER, with the
2N/A * fields enclosed by brackets "[]" replaced with your own identifying
2N/A * information: Portions Copyright [yyyy] [name of copyright owner]
2N/A *
2N/A * CDDL HEADER END
2N/A */
2N/A
2N/A/*
2N/A * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
2N/A */
2N/A
2N/A#include <pthread.h>
2N/A#include <errno.h>
2N/A#include <sys/crypto/ioctl.h>
2N/A#include <security/cryptoki.h>
2N/A#include "kernelGlobal.h"
2N/A#include "kernelSession.h"
2N/A#include "kernelEmulate.h"
2N/A
2N/Astatic CK_RV
2N/Acommon_digest_init(CK_SESSION_HANDLE hSession,
2N/A    CK_MECHANISM_PTR pMechanism, boolean_t is_external_caller)
2N/A{
2N/A    CK_RV rv;
2N/A    kernel_session_t *session_p;
2N/A    boolean_t ses_lock_held = B_FALSE;
2N/A    crypto_digest_init_t digest_init;
2N/A    crypto_mech_type_t k_mech_type;
2N/A    int r;
2N/A
2N/A    if (!kernel_initialized)
2N/A        return (CKR_CRYPTOKI_NOT_INITIALIZED);
2N/A
2N/A    if (pMechanism == NULL)
2N/A        return (CKR_ARGUMENTS_BAD);
2N/A
2N/A    /*
2N/A     * Get the kernel's internal mechanism number.
2N/A     */
2N/A    rv = kernel_mech(pMechanism->mechanism, &k_mech_type);
2N/A    if (rv != CKR_OK)
2N/A        return (rv);
2N/A
2N/A    /*
2N/A     * Obtain the session pointer. Also, increment the session
2N/A     * reference count.
2N/A     */
2N/A    rv = handle2session(hSession, &session_p);
2N/A    if (rv != CKR_OK)
2N/A        return (rv);
2N/A
2N/A    /* Acquire the session lock */
2N/A    (void) pthread_mutex_lock(&session_p->session_mutex);
2N/A    ses_lock_held = B_TRUE;
2N/A
2N/A    /*
2N/A     * This active flag will remain ON until application calls either
2N/A     * C_Digest or C_DigestFinal to actually obtain the value of
2N/A     * the message digest.
2N/A     */
2N/A    session_p->digest.flags |= CRYPTO_OPERATION_ACTIVE;
2N/A
2N/A    if (is_external_caller) {
2N/A        session_p->digest.mech.mechanism = pMechanism->mechanism;
2N/A        session_p->digest.mech.pParameter = NULL;
2N/A        session_p->digest.mech.ulParameterLen = 0;
2N/A        session_p->digest.flags |= CRYPTO_EMULATE;
2N/A        rv = emulate_buf_init(session_p, EDIGEST_LENGTH, OP_DIGEST);
2N/A        REFRELE(session_p, ses_lock_held);
2N/A        return (rv);
2N/A    }
2N/A
2N/A    digest_init.di_session = session_p->k_session;
2N/A    (void) pthread_mutex_unlock(&session_p->session_mutex);
2N/A    ses_lock_held = B_FALSE;
2N/A    digest_init.di_mech.cm_type = k_mech_type;
2N/A    digest_init.di_mech.cm_param = pMechanism->pParameter;
2N/A
2N/A    /*
2N/A     * If pParameter is NULL, set cm_param_len to be 0, so that ioctl call
2N/A     * will have a clean input data.
2N/A     */
2N/A    if (pMechanism->pParameter != NULL)
2N/A        digest_init.di_mech.cm_param_len = pMechanism->ulParameterLen;
2N/A    else
2N/A        digest_init.di_mech.cm_param_len = 0;
2N/A
2N/A    while ((r = ioctl(kernel_fd, CRYPTO_DIGEST_INIT, &digest_init)) < 0) {
2N/A        if (errno != EINTR)
2N/A            break;
2N/A    }
2N/A    if (r < 0) {
2N/A        rv = CKR_FUNCTION_FAILED;
2N/A    } else {
2N/A        rv = crypto2pkcs11_error_number(digest_init.di_return_value);
2N/A    }
2N/A
2N/A    if (rv != CKR_OK) {
2N/A        (void) pthread_mutex_lock(&session_p->session_mutex);
2N/A        ses_lock_held = B_TRUE;
2N/A        session_p->digest.flags &= ~CRYPTO_OPERATION_ACTIVE;
2N/A        /*
2N/A         * Decrement the session reference count.
2N/A         * We hold the session lock, and REFRELE()
2N/A         * will release the session lock for us.
2N/A         */
2N/A        REFRELE(session_p, ses_lock_held);
2N/A        return (rv);
2N/A    }
2N/A
2N/A    /*
2N/A     * Decrement the session reference count.
2N/A     * We do not hold the session lock.
2N/A     */
2N/A    REFRELE(session_p, ses_lock_held);
2N/A    return (rv);
2N/A}
2N/A
2N/ACK_RV
2N/AC_DigestInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism)
2N/A{
2N/A    return (common_digest_init(hSession, pMechanism, B_TRUE));
2N/A}
2N/A
2N/ACK_RV
2N/AC_Digest(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen,
2N/A    CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen)
2N/A{
2N/A    CK_RV rv;
2N/A    kernel_session_t *session_p;
2N/A    boolean_t ses_lock_held = B_FALSE;
2N/A    crypto_digest_t digest;
2N/A    int r;
2N/A
2N/A    if (!kernel_initialized)
2N/A        return (CKR_CRYPTOKI_NOT_INITIALIZED);
2N/A
2N/A    /*
2N/A     * Obtain the session pointer. Also, increment the session
2N/A     * reference count.
2N/A     */
2N/A    rv = handle2session(hSession, &session_p);
2N/A    if (rv != CKR_OK)
2N/A        return (rv);
2N/A
2N/A    if (pData == NULL || pulDigestLen == NULL) {
2N/A        rv = CKR_ARGUMENTS_BAD;
2N/A        goto clean_exit;
2N/A    }
2N/A
2N/A    /* Acquire the session lock */
2N/A    (void) pthread_mutex_lock(&session_p->session_mutex);
2N/A    ses_lock_held = B_TRUE;
2N/A
2N/A    /* Application must call C_DigestInit before calling C_Digest */
2N/A    if (!(session_p->digest.flags & CRYPTO_OPERATION_ACTIVE)) {
2N/A        /*
2N/A         * Decrement the session reference count.
2N/A         * We hold the session lock, and REFRELE()
2N/A         * will release the session lock for us.
2N/A         */
2N/A        REFRELE(session_p, ses_lock_held);
2N/A        return (CKR_OPERATION_NOT_INITIALIZED);
2N/A    }
2N/A
2N/A    /*
2N/A     * C_Digest must be called without intervening C_DigestUpdate
2N/A     * calls.
2N/A     */
2N/A    if (session_p->digest.flags & CRYPTO_OPERATION_UPDATE) {
2N/A        /*
2N/A         * C_Digest can not be used to terminate a multi-part
2N/A         * operation, so we'll leave the active digest operation
2N/A         * flag on and let the application continue with the
2N/A         * digest update operation.
2N/A         *
2N/A         * Decrement the session reference count.
2N/A         * We hold the session lock, and REFRELE()
2N/A         * will release the session lock for us.
2N/A         */
2N/A        REFRELE(session_p, ses_lock_held);
2N/A        return (CKR_FUNCTION_FAILED);
2N/A    }
2N/A
2N/A    if (session_p->digest.flags & CRYPTO_EMULATE) {
2N/A        crypto_active_op_t *opp;
2N/A        CK_MECHANISM_PTR pMechanism;
2N/A
2N/A        opp = &(session_p->digest);
2N/A        if (opp->context == NULL) {
2N/A            REFRELE(session_p, ses_lock_held);
2N/A            return (CKR_ARGUMENTS_BAD);
2N/A        }
2N/A        pMechanism = &(opp->mech);
2N/A
2N/A        if ((ulDataLen < SLOT_THRESHOLD(session_p)) ||
2N/A            (ulDataLen > SLOT_HASH_MAX_INDATA_LEN(session_p))) {
2N/A            session_p->digest.flags |= CRYPTO_EMULATE_USING_SW;
2N/A            (void) pthread_mutex_unlock(&session_p->session_mutex);
2N/A            ses_lock_held = B_FALSE;
2N/A
2N/A            rv = do_soft_digest(get_spp(opp), pMechanism,
2N/A                pData, ulDataLen, pDigest, pulDigestLen,
2N/A                OP_INIT | OP_SINGLE);
2N/A            goto done;
2N/A        } else if (!(session_p->digest.flags &
2N/A            CRYPTO_EMULATE_INIT_DONE)) {
2N/A            session_p->digest.flags |= CRYPTO_EMULATE_INIT_DONE;
2N/A            (void) pthread_mutex_unlock(&session_p->session_mutex);
2N/A            ses_lock_held = B_FALSE;
2N/A
2N/A            rv = common_digest_init(hSession, pMechanism, B_FALSE);
2N/A            if (rv != CKR_OK)
2N/A                goto clean_exit;
2N/A            (void) pthread_mutex_lock(&session_p->session_mutex);
2N/A            ses_lock_held = B_TRUE;
2N/A        }
2N/A    }
2N/A
2N/A    digest.cd_session = session_p->k_session;
2N/A    (void) pthread_mutex_unlock(&session_p->session_mutex);
2N/A    ses_lock_held = B_FALSE;
2N/A    digest.cd_datalen =  ulDataLen;
2N/A    digest.cd_databuf = (char *)pData;
2N/A    digest.cd_digestbuf = (char *)pDigest;
2N/A    digest.cd_digestlen = *pulDigestLen;
2N/A
2N/A    while ((r = ioctl(kernel_fd, CRYPTO_DIGEST, &digest)) < 0) {
2N/A        if (errno != EINTR)
2N/A            break;
2N/A    }
2N/A    if (r < 0) {
2N/A        rv = CKR_FUNCTION_FAILED;
2N/A    } else {
2N/A        rv = crypto2pkcs11_error_number(digest.cd_return_value);
2N/A    }
2N/A
2N/A    if ((rv == CKR_OK) || (rv == CKR_BUFFER_TOO_SMALL))
2N/A        *pulDigestLen = digest.cd_digestlen;
2N/A
2N/Adone:
2N/A    if ((rv == CKR_BUFFER_TOO_SMALL) ||
2N/A        (rv == CKR_OK && pDigest == NULL)) {
2N/A        /*
2N/A         * We will not terminate the active digest operation flag,
2N/A         * when the application-supplied buffer is too small, or
2N/A         * the application asks for the length of buffer to hold
2N/A         * the message digest.
2N/A         *
2N/A         * Decrement the session reference count.
2N/A         * We do not hold the session lock.
2N/A         */
2N/A        REFRELE(session_p, ses_lock_held);
2N/A        return (rv);
2N/A    }
2N/A
2N/Aclean_exit:
2N/A    /*
2N/A     * Terminates the active digest operation.
2N/A     * Application needs to call C_DigestInit again for next
2N/A     * digest operation.
2N/A     */
2N/A    (void) pthread_mutex_lock(&session_p->session_mutex);
2N/A    ses_lock_held = B_TRUE;
2N/A
2N/A    REINIT_OPBUF(&session_p->digest);
2N/A    session_p->digest.flags = 0;
2N/A
2N/A    /*
2N/A     * Decrement the session reference count.
2N/A     * We hold the session lock, and REFRELE()
2N/A     * will release the session lock for us.
2N/A     */
2N/A    REFRELE(session_p, ses_lock_held);
2N/A
2N/A    return (rv);
2N/A}
2N/A
2N/ACK_RV
2N/AC_DigestUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
2N/A    CK_ULONG ulPartLen)
2N/A{
2N/A
2N/A    CK_RV rv;
2N/A    kernel_session_t *session_p;
2N/A    boolean_t ses_lock_held = B_FALSE;
2N/A    crypto_digest_update_t digest_update;
2N/A    int r;
2N/A
2N/A    if (!kernel_initialized)
2N/A        return (CKR_CRYPTOKI_NOT_INITIALIZED);
2N/A
2N/A    /*
2N/A     * Obtain the session pointer. Also, increment the session
2N/A     * reference count.
2N/A     */
2N/A    rv = handle2session(hSession, &session_p);
2N/A    if (rv != CKR_OK)
2N/A        return (rv);
2N/A
2N/A    if (pPart == NULL) {
2N/A        rv = CKR_ARGUMENTS_BAD;
2N/A        goto clean_exit;
2N/A    }
2N/A
2N/A    /* Acquire the session lock */
2N/A    (void) pthread_mutex_lock(&session_p->session_mutex);
2N/A    ses_lock_held = B_TRUE;
2N/A
2N/A    /*
2N/A     * Application must call C_DigestInit before calling
2N/A     * C_DigestUpdate.
2N/A     */
2N/A    if (!(session_p->digest.flags & CRYPTO_OPERATION_ACTIVE)) {
2N/A        /*
2N/A         * Decrement the session reference count.
2N/A         * We hold the session lock, and REFRELE()
2N/A         * will release the session lock for us.
2N/A         */
2N/A        REFRELE(session_p, ses_lock_held);
2N/A        return (CKR_OPERATION_NOT_INITIALIZED);
2N/A    }
2N/A
2N/A    /* Set update flag to protect C_Digest */
2N/A    session_p->digest.flags |= CRYPTO_OPERATION_UPDATE;
2N/A
2N/A    if (session_p->digest.flags & CRYPTO_EMULATE) {
2N/A        (void) pthread_mutex_unlock(&session_p->session_mutex);
2N/A        ses_lock_held = B_FALSE;
2N/A        rv = emulate_update(session_p, pPart, ulPartLen, OP_DIGEST);
2N/A        goto done;
2N/A    }
2N/A
2N/A    digest_update.du_session = session_p->k_session;
2N/A    (void) pthread_mutex_unlock(&session_p->session_mutex);
2N/A    ses_lock_held = B_FALSE;
2N/A    digest_update.du_datalen =  ulPartLen;
2N/A    digest_update.du_databuf = (char *)pPart;
2N/A
2N/A    while ((r = ioctl(kernel_fd, CRYPTO_DIGEST_UPDATE,
2N/A        &digest_update)) < 0) {
2N/A        if (errno != EINTR)
2N/A            break;
2N/A    }
2N/A    if (r < 0) {
2N/A        rv = CKR_FUNCTION_FAILED;
2N/A    } else {
2N/A        rv = crypto2pkcs11_error_number(digest_update.du_return_value);
2N/A    }
2N/A
2N/Adone:
2N/A    if (rv == CKR_OK) {
2N/A        /*
2N/A         * Decrement the session reference count.
2N/A         * We do not hold the session lock.
2N/A         */
2N/A        REFRELE(session_p, ses_lock_held);
2N/A        return (CKR_OK);
2N/A    }
2N/A
2N/Aclean_exit:
2N/A    /*
2N/A     * After an error occurred, terminate the current digest
2N/A     * operation by resetting the active and update flags.
2N/A     */
2N/A    (void) pthread_mutex_lock(&session_p->session_mutex);
2N/A    ses_lock_held = B_TRUE;
2N/A    REINIT_OPBUF(&session_p->digest);
2N/A    session_p->digest.flags = 0;
2N/A
2N/A    /*
2N/A     * Decrement the session reference count.
2N/A     * We hold the session lock, and REFRELE()
2N/A     * will release the session lock for us.
2N/A     */
2N/A    REFRELE(session_p, ses_lock_held);
2N/A
2N/A    return (rv);
2N/A}
2N/A
2N/A
2N/ACK_RV
2N/AC_DigestKey(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey)
2N/A{
2N/A
2N/A    CK_RV       rv;
2N/A    kernel_session_t    *session_p;
2N/A    kernel_object_t *key_p;
2N/A    boolean_t ses_lock_held = B_FALSE;
2N/A    CK_BYTE_PTR pPart;
2N/A    CK_ULONG    ulPartLen;
2N/A    crypto_digest_key_t digest_key;
2N/A    crypto_digest_update_t digest_update;
2N/A    int r;
2N/A
2N/A    if (!kernel_initialized)
2N/A        return (CKR_CRYPTOKI_NOT_INITIALIZED);
2N/A
2N/A    /*
2N/A     * Obtain the session pointer. Also, increment the session
2N/A     * reference count.
2N/A     */
2N/A    rv = handle2session(hSession, &session_p);
2N/A    if (rv != CKR_OK)
2N/A        return (rv);
2N/A
2N/A    /* Obtain the object pointer. */
2N/A    HANDLE2OBJECT(hKey, key_p, rv);
2N/A    if (rv != CKR_OK) {
2N/A        (void) pthread_mutex_lock(&session_p->session_mutex);
2N/A        ses_lock_held = B_TRUE;
2N/A        REINIT_OPBUF(&session_p->digest);
2N/A        session_p->digest.flags = 0;
2N/A        REFRELE(session_p, ses_lock_held);
2N/A        return (rv);
2N/A    }
2N/A
2N/A    /* Check the key type */
2N/A    if (key_p->is_lib_obj && (key_p->class != CKO_SECRET_KEY)) {
2N/A        rv = CKR_KEY_INDIGESTIBLE;
2N/A        goto clean_exit;
2N/A    }
2N/A
2N/A    /*
2N/A     * Application must call C_DigestInit before calling
2N/A     * C_DigestKey.
2N/A     */
2N/A    (void) pthread_mutex_lock(&session_p->session_mutex);
2N/A    ses_lock_held = B_TRUE;
2N/A
2N/A    if (!(session_p->digest.flags & CRYPTO_OPERATION_ACTIVE)) {
2N/A        /*
2N/A         * Decrement the session reference count.
2N/A         * We hold the session lock, and REFRELE()
2N/A         * will release the session lock for us.
2N/A         */
2N/A        OBJ_REFRELE(key_p);
2N/A        REFRELE(session_p, ses_lock_held);
2N/A        return (CKR_OPERATION_NOT_INITIALIZED);
2N/A    }
2N/A    session_p->digest.flags |= CRYPTO_OPERATION_UPDATE;
2N/A
2N/A    /*
2N/A     * If the key object is from the HW provider, call CRYPTO_DIGEST_KEY
2N/A     * ioctl. Otherwise, call CRYPTO_DIGEST_UPDATE ioctl and pass the key
2N/A     * by value.
2N/A     */
2N/A    if (key_p->is_lib_obj) {
2N/A        digest_update.du_session = session_p->k_session;
2N/A    } else {
2N/A        digest_key.dk_session = session_p->k_session;
2N/A    }
2N/A    (void) pthread_mutex_unlock(&session_p->session_mutex);
2N/A    ses_lock_held = B_FALSE;
2N/A
2N/A    if (!key_p->is_lib_obj) {
2N/A        if (session_p->digest.flags & CRYPTO_EMULATE) {
2N/A            rv = CKR_FUNCTION_NOT_SUPPORTED;
2N/A            goto clean_exit;
2N/A        }
2N/A        digest_key.dk_key.ck_format = CRYPTO_KEY_REFERENCE;
2N/A        digest_key.dk_key.ck_obj_id = key_p->k_handle;
2N/A        while ((r = ioctl(kernel_fd, CRYPTO_DIGEST_KEY,
2N/A            &digest_key)) < 0) {
2N/A            if (errno != EINTR)
2N/A                break;
2N/A        }
2N/A        if (r < 0) {
2N/A            rv = CKR_FUNCTION_FAILED;
2N/A        } else {
2N/A            rv = crypto2pkcs11_error_number(
2N/A                digest_key.dk_return_value);
2N/A        }
2N/A    } else {
2N/A        ulPartLen = OBJ_SEC_VALUE_LEN(key_p);
2N/A        if (ulPartLen == 0) {
2N/A            rv = CKR_KEY_SIZE_RANGE;
2N/A            goto clean_exit;
2N/A        }
2N/A
2N/A        pPart = (CK_BYTE_PTR) OBJ_SEC_VALUE(key_p);
2N/A        if (pPart == NULL) {
2N/A            rv = CKR_KEY_HANDLE_INVALID;
2N/A            goto clean_exit;
2N/A        }
2N/A
2N/A        (void) pthread_mutex_lock(&session_p->session_mutex);
2N/A        ses_lock_held = B_TRUE;
2N/A        if (session_p->digest.flags & CRYPTO_EMULATE) {
2N/A            (void) pthread_mutex_unlock(&session_p->session_mutex);
2N/A            ses_lock_held = B_FALSE;
2N/A            rv = emulate_update(session_p, pPart,
2N/A                ulPartLen, OP_DIGEST);
2N/A            goto done;
2N/A        }
2N/A        (void) pthread_mutex_unlock(&session_p->session_mutex);
2N/A        ses_lock_held = B_FALSE;
2N/A
2N/A        digest_update.du_datalen = ulPartLen;
2N/A        digest_update.du_databuf = (char *)pPart;
2N/A
2N/A        while ((r = ioctl(kernel_fd, CRYPTO_DIGEST_UPDATE,
2N/A            &digest_update)) < 0) {
2N/A            if (errno != EINTR)
2N/A                break;
2N/A        }
2N/A        if (r < 0) {
2N/A            rv = CKR_FUNCTION_FAILED;
2N/A        } else {
2N/A            rv = crypto2pkcs11_error_number(
2N/A                digest_update.du_return_value);
2N/A        }
2N/A    }
2N/A
2N/Adone:
2N/A    if (rv == CKR_OK) {
2N/A        /*
2N/A         * Decrement the session reference count.
2N/A         * We do not hold the session lock.
2N/A         */
2N/A        OBJ_REFRELE(key_p);
2N/A        REFRELE(session_p, ses_lock_held);
2N/A        return (CKR_OK);
2N/A    }
2N/A
2N/Aclean_exit:
2N/A    OBJ_REFRELE(key_p);
2N/A    /*
2N/A     * After an error occurred, terminate the current digest
2N/A     * operation by resetting the active and update flags.
2N/A     */
2N/A    (void) pthread_mutex_lock(&session_p->session_mutex);
2N/A    ses_lock_held = B_TRUE;
2N/A    REINIT_OPBUF(&session_p->digest);
2N/A    session_p->digest.flags = 0;
2N/A
2N/A    /*
2N/A     * Decrement the session reference count.
2N/A     * We hold the session lock, and REFRELE()
2N/A     * will release the session lock for us.
2N/A     */
2N/A    REFRELE(session_p, ses_lock_held);
2N/A    return (rv);
2N/A}
2N/A
2N/A
2N/ACK_RV
2N/AC_DigestFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pDigest,
2N/A    CK_ULONG_PTR pulDigestLen)
2N/A{
2N/A
2N/A    CK_RV rv;
2N/A    kernel_session_t *session_p;
2N/A    boolean_t ses_lock_held = B_FALSE;
2N/A    crypto_digest_final_t digest_final;
2N/A    int r;
2N/A
2N/A    if (!kernel_initialized)
2N/A        return (CKR_CRYPTOKI_NOT_INITIALIZED);
2N/A
2N/A    /*
2N/A     * Obtain the session pointer. Also, increment the session
2N/A     * reference count.
2N/A     */
2N/A    rv = handle2session(hSession, &session_p);
2N/A    if (rv != CKR_OK)
2N/A        return (rv);
2N/A
2N/A    if (pulDigestLen == NULL) {
2N/A        rv = CKR_ARGUMENTS_BAD;
2N/A        goto clean_exit;
2N/A    }
2N/A
2N/A    /* Acquire the session lock */
2N/A    (void) pthread_mutex_lock(&session_p->session_mutex);
2N/A    ses_lock_held = B_TRUE;
2N/A
2N/A    /*
2N/A     * Application must call C_DigestInit before calling
2N/A     * C_DigestFinal.
2N/A     */
2N/A    if (!(session_p->digest.flags & CRYPTO_OPERATION_ACTIVE)) {
2N/A        /*
2N/A         * Decrement the session reference count.
2N/A         * We hold the session lock, and REFRELE()
2N/A         * will release the session lock for us.
2N/A         */
2N/A        REFRELE(session_p, ses_lock_held);
2N/A        return (CKR_OPERATION_NOT_INITIALIZED);
2N/A    }
2N/A
2N/A    /* The order of checks is important here */
2N/A    if (session_p->digest.flags & CRYPTO_EMULATE_USING_SW) {
2N/A        if (session_p->digest.flags & CRYPTO_EMULATE_UPDATE_DONE) {
2N/A            (void) pthread_mutex_unlock(&session_p->session_mutex);
2N/A            ses_lock_held = B_FALSE;
2N/A            rv = do_soft_digest(get_spp(&session_p->digest),
2N/A                NULL, NULL, NULL, pDigest, pulDigestLen, OP_FINAL);
2N/A        } else {
2N/A            /*
2N/A             * We end up here if an earlier C_DigestFinal() call
2N/A             * took the C_Digest() path and it had returned
2N/A             * CKR_BUFFER_TOO_SMALL.
2N/A             */
2N/A            digest_buf_t *bufp = session_p->digest.context;
2N/A            (void) pthread_mutex_unlock(&session_p->session_mutex);
2N/A            ses_lock_held = B_FALSE;
2N/A            if (bufp == NULL || bufp->buf == NULL) {
2N/A                rv = CKR_ARGUMENTS_BAD;
2N/A                goto clean_exit;
2N/A            }
2N/A            rv = do_soft_digest(get_spp(&session_p->digest),
2N/A                NULL, bufp->buf, bufp->indata_len,
2N/A                pDigest, pulDigestLen, OP_SINGLE);
2N/A        }
2N/A        goto done;
2N/A    } else if (session_p->digest.flags & CRYPTO_EMULATE) {
2N/A        digest_buf_t *bufp = session_p->digest.context;
2N/A
2N/A        /*
2N/A         * We are emulating a single-part operation now.
2N/A         * So, clear the flag.
2N/A         */
2N/A        session_p->digest.flags &= ~CRYPTO_OPERATION_UPDATE;
2N/A        if (bufp == NULL || bufp->buf == NULL) {
2N/A            rv = CKR_ARGUMENTS_BAD;
2N/A            goto clean_exit;
2N/A        }
2N/A        REFRELE(session_p, ses_lock_held);
2N/A        rv = C_Digest(hSession, bufp->buf, bufp->indata_len,
2N/A            pDigest, pulDigestLen);
2N/A        return (rv);
2N/A    }
2N/A
2N/A    digest_final.df_session = session_p->k_session;
2N/A    (void) pthread_mutex_unlock(&session_p->session_mutex);
2N/A    ses_lock_held = B_FALSE;
2N/A    digest_final.df_digestlen = *pulDigestLen;
2N/A    digest_final.df_digestbuf = (char *)pDigest;
2N/A
2N/A    while ((r = ioctl(kernel_fd, CRYPTO_DIGEST_FINAL, &digest_final)) < 0) {
2N/A        if (errno != EINTR)
2N/A            break;
2N/A    }
2N/A    if (r < 0) {
2N/A        rv = CKR_FUNCTION_FAILED;
2N/A    } else {
2N/A        rv = crypto2pkcs11_error_number(digest_final.df_return_value);
2N/A    }
2N/A
2N/A    if ((rv == CKR_OK) || (rv == CKR_BUFFER_TOO_SMALL))
2N/A        *pulDigestLen = digest_final.df_digestlen;
2N/A
2N/Adone:
2N/A    if ((rv == CKR_BUFFER_TOO_SMALL) ||
2N/A        (rv == CKR_OK && pDigest == NULL)) {
2N/A        /*
2N/A         * We will not terminate the active digest operation flag,
2N/A         * when the application-supplied buffer is too small, or
2N/A         * the application asks for the length of buffer to hold
2N/A         * the message digest.
2N/A         *
2N/A         * Decrement the session reference count.
2N/A         * We do not hold the session lock.
2N/A         */
2N/A        REFRELE(session_p, ses_lock_held);
2N/A        return (rv);
2N/A    }
2N/A
2N/Aclean_exit:
2N/A    /* Terminates the active digest operation */
2N/A    (void) pthread_mutex_lock(&session_p->session_mutex);
2N/A    ses_lock_held = B_TRUE;
2N/A    REINIT_OPBUF(&session_p->digest);
2N/A    session_p->digest.flags = 0;
2N/A
2N/A    /*
2N/A     * Decrement the session reference count.
2N/A     * We hold the session lock, and REFRELE()
2N/A     * will release the session lock for us.
2N/A     */
2N/A    REFRELE(session_p, ses_lock_held);
2N/A
2N/A    return (rv);
2N/A}