C_DigestFinal

Finishes a multiple-part digesting operation.

CK_DECLARE_FUNCTION( CK_RV, C_DigestFinal )( CK_SESSION_HANDLE hSession,
                                             CK_BYTE_PTR pDigest,
                                             CK_ULONG_PTR pulDigestLen )
{
    P11Session_t * pxSession = prvSessionPointerFromHandle( hSession );
    CK_RV xResult = prvCheckValidSessionAndModule( pxSession );
    int32_t lMbedTLSResult = 0;
 
 
    if( pulDigestLen == NULL )
    {
        LogError( ( "Failed to finish digest operation. Digest Length pointer "
                    "was NULL." ) );
        xResult = CKR_ARGUMENTS_BAD;
    }
 
    if( xResult == CKR_OK )
    {
        if( pxSession->xOperationDigestMechanism != CKM_SHA256 )
        {
            LogError( ( "Failed to finish digest operation. Digest operation "
                        "was not initialized." ) );
            xResult = CKR_OPERATION_NOT_INITIALIZED;
            pxSession->xOperationDigestMechanism = pkcs11NO_OPERATION;
        }
    }
 
    if( xResult == CKR_OK )
    {
        if( pDigest == NULL )
        {
            /* Supply the required buffer size. */
            *pulDigestLen = ( CK_ULONG ) pkcs11SHA256_DIGEST_LENGTH;
        }
        else
        {
            if( *pulDigestLen == ( CK_ULONG ) pkcs11SHA256_DIGEST_LENGTH )
            {
                lMbedTLSResult = mbedtls_sha256_finish_ret( &pxSession->xSHA256Context, pDigest );
 
                if( 0 != lMbedTLSResult )
                {
                    LogError( ( "Failed to finish digest operation. "
                                "mbedtls_sha256_finish_ret failed: mbed TLS "
                                "error = %s : %s.",
                                mbedtlsHighLevelCodeOrDefault( lMbedTLSResult ),
                                mbedtlsLowLevelCodeOrDefault( lMbedTLSResult ) ) );
                    xResult = CKR_FUNCTION_FAILED;
                }
 
                pxSession->xOperationDigestMechanism = pkcs11NO_OPERATION;
            }
            else
            {
                LogError( ( "Failed to finish digest operation. Received a "
                            "buffer that was an unexpected size. Expected %lu and "
                            "received %lu.",
                            ( unsigned long int ) pkcs11SHA256_DIGEST_LENGTH,
                            ( unsigned long int ) *pulDigestLen ) );
                xResult = CKR_BUFFER_TOO_SMALL;
            }
        }
    }
 
    if( ( xResult != CKR_OK ) && ( xResult != CKR_BUFFER_TOO_SMALL ) &&
        ( xResult != CKR_SESSION_HANDLE_INVALID ) &&
        ( xResult != CKR_OPERATION_NOT_INITIALIZED ) )
    {
        LogDebug( ( "Error occurred, tearing down digest operation." ) );
        pxSession->xOperationDigestMechanism = pkcs11NO_OPERATION;
        mbedtls_sha256_free( &pxSession->xSHA256Context );
    }
 
    return xResult;
}

See also

C_DigestInit(), C_DigestUpdate()

Note

Digest parameters are shared by a session. Calling C_DigestInit(), C_DigestUpdate(), and C_DigestFinal() with the same session across different tasks may lead to unexpected results.

Parameters

[in]	hSession	Handle of a valid PKCS #11 session.
[out]	pDigest	Pointer to the location that receives the message digest. Memory must be allocated by the caller. Caller is responsible for allocating memory. Providing NULL for this input will cause pulDigestLen to be updated for length of buffer required.
[in,out]	pulDigestLen	Points to the location that holds the length of the message digest. If pDigest is NULL, this value is updated to contain the length of the buffer needed to hold the digest. Else it is updated to contain the actual length of the digest placed in pDigest.

Returns

CKR_OK if successful.