Bug ID: 6666625 pk11_destroy_{rsa,dsa,dh}_key_objects() should be more resilient to destroy failures

Bug ID	6666625
Synopsis	pk11_destroy_{rsa,dsa,dh}_key_objects() should be more resilient to destroy failures
State	10-Fix Delivered (Fix available in build)
Category:Subcategory	solaris-crypto:openssl
Keywords	rtiq_reviewed
Responsible Engineer	Vladimir Kotal
Reported Against
Duplicate Of
Introduced In	solaris_10
Commit to Fix	snv_93
Fixed In	snv_93
Release Fixed	solaris_nevada(snv_93) , solaris_10u7(s10u7_01) (Bug ID:2165117)
Related Bugs	6602801 , 6652362 , 6662112
Submit Date	22-February-2008
Last Update Date	3-July-2008
Description	OpenSSL PKCS#11 engine destroys underlying key material via $SRC/common/openssl/crypto/engine/hw_pk11.c:pk11_destroy_{rsa,dsa,dh}_key_objects(). These functions are called either to destroy data referenced by single PK11_SESSION object or to destroy data in all sessions in the free list (see Evaluation field in CR 6602801). The data are destroyed via call to pk11_destroy_object() which in turn calls C_DestroyObject() from libpkcs11. If pk11_destroy_object() fails, pk11_destroy_{rsa,dsa,dh}_key_objects() return immediately. If In the latter case (freelist) this leads to termination of the list traversal which could result in data not being destroyed.
Work Around	N/A
Comments	N/A

OpenSolaris