diff options
| author | Jack Lloyd <[email protected]> | 2017-10-02 22:20:13 -0400 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2017-10-02 22:45:20 -0400 |
| commit | d543843c8da753c0b7fa60f378c7c16294aaf982 (patch) | |
| tree | b2f47a4d0b26d097c6b9e78f42aeb25905fa9ba4 | |
| parent | 114754ec4cca71e3dce6d39ea2e3c94e0fec70cb (diff) | |
Remove protected m_handle data from PKCS11::Object
| -rw-r--r-- | src/lib/prov/pkcs11/p11_ecc_key.cpp | 8 | ||||
| -rw-r--r-- | src/lib/prov/pkcs11/p11_object.h | 8 | ||||
| -rw-r--r-- | src/lib/prov/pkcs11/p11_rsa.cpp | 8 |
3 files changed, 18 insertions, 6 deletions
diff --git a/src/lib/prov/pkcs11/p11_ecc_key.cpp b/src/lib/prov/pkcs11/p11_ecc_key.cpp index 9366594a6..df55b9ffb 100644 --- a/src/lib/prov/pkcs11/p11_ecc_key.cpp +++ b/src/lib/prov/pkcs11/p11_ecc_key.cpp @@ -90,12 +90,14 @@ PKCS11_EC_PrivateKey::PKCS11_EC_PrivateKey(Session& session, const std::vector<u pub_key_props.set_private(false); pub_key_props.set_token(false); // don't create a persistent public key object - ObjectHandle pub_key_handle = 0; - m_handle = 0; + ObjectHandle pub_key_handle = CK_INVALID_HANDLE; + ObjectHandle priv_key_handle = CK_INVALID_HANDLE; Mechanism mechanism = { CKM_EC_KEY_PAIR_GEN, nullptr, 0 }; session.module()->C_GenerateKeyPair(session.handle(), &mechanism, pub_key_props.data(), pub_key_props.count(), props.data(), props.count(), - &pub_key_handle, &m_handle); + &pub_key_handle, &priv_key_handle); + + this->reset_handle(priv_key_handle); Object public_key(session, pub_key_handle); m_public_key = decode_public_point(public_key.get_attribute_value(AttributeType::EcPoint), m_domain_params.get_curve()); diff --git a/src/lib/prov/pkcs11/p11_object.h b/src/lib/prov/pkcs11/p11_object.h index b49f8e473..e6e3200bc 100644 --- a/src/lib/prov/pkcs11/p11_object.h +++ b/src/lib/prov/pkcs11/p11_object.h @@ -717,6 +717,14 @@ class BOTAN_PUBLIC_API(2,0) Object : m_session(session) {} + void reset_handle(ObjectHandle handle) + { + if(m_handle != CK_INVALID_HANDLE) + throw Invalid_Argument("Cannot reset handle on already valid PKCS11 object"); + m_handle = handle; + } + + private: const std::reference_wrapper<Session> m_session; ObjectHandle m_handle = CK_INVALID_HANDLE; }; diff --git a/src/lib/prov/pkcs11/p11_rsa.cpp b/src/lib/prov/pkcs11/p11_rsa.cpp index e81bda568..4962982b0 100644 --- a/src/lib/prov/pkcs11/p11_rsa.cpp +++ b/src/lib/prov/pkcs11/p11_rsa.cpp @@ -76,12 +76,14 @@ PKCS11_RSA_PrivateKey::PKCS11_RSA_PrivateKey(Session& session, uint32_t bits, pub_key_props.set_verify(true); pub_key_props.set_token(false); // don't create a persistent public key object - ObjectHandle pub_key_handle = 0; - m_handle = 0; + ObjectHandle pub_key_handle = CK_INVALID_HANDLE; + ObjectHandle priv_key_handle = CK_INVALID_HANDLE; Mechanism mechanism = { static_cast< CK_MECHANISM_TYPE >(MechanismType::RsaPkcsKeyPairGen), nullptr, 0 }; session.module()->C_GenerateKeyPair(session.handle(), &mechanism, pub_key_props.data(), pub_key_props.count(), priv_key_props.data(), priv_key_props.count(), - &pub_key_handle, &m_handle); + &pub_key_handle, &priv_key_handle); + + this->reset_handle(priv_key_handle); m_n = BigInt::decode(get_attribute_value(AttributeType::Modulus)); m_e = BigInt::decode(get_attribute_value(AttributeType::PublicExponent)); |