[pkg-opensc-commit] [libp11] 186/239: ECDSA reference count issues caused engine_pkcs11 to not shutdown

[Eric Dorland]

This is an automated email from the git hooks/post-receive script.

eric pushed a commit to branch master
in repository libp11.

commit 9b266fddef6ebf3eef59d5cd71aa098f7c84a37c
Author: Doug Engert <deengert at gmail.com>
Date:   Wed May 27 14:17:51 2015 -0500

    ECDSA reference count issues caused engine_pkcs11 to not shutdown
    
    The engine_pkcs11 would not shutdown as expected, because
    handling of the EC_KEY passed back to engine_pkcs11 was not being
    created correctly. This would leave reference counts indicating the structure
    was still in use, and the engine would not shutdown.
    
    Now running valgrind has a chance of showing additional leaks.
    
    openssl req was used to test the engine with RSA and ECDSA.
---
 src/p11_ec.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/p11_ec.c b/src/p11_ec.c
index c5bad4e..87e619c 100644
--- a/src/p11_ec.c
+++ b/src/p11_ec.c
@@ -120,12 +120,13 @@ static int pkcs11_get_ec_private(PKCS11_KEY * key, EVP_PKEY * pk)
 		prkey = PKCS11_find_key_from_key(key);
 	}
 
-
-	if (!(ec = EVP_PKEY_get1_EC_KEY(pk))) {
-		ERR_clear_error();	/* the above flags an error */
+	if (pk->type == EVP_PKEY_EC) {
+		ec = EVP_PKEY_get1_EC_KEY(pk);
+	} else {
 		ec = EC_KEY_new();
 		EVP_PKEY_set1_EC_KEY(pk, ec);
 	}
+	/* After above ec has ref count incremented. */
 
 	if (prkey) {
 		if (key_getattr(prkey, CKA_SENSITIVE, &sensitive, sizeof(sensitive))
@@ -191,9 +192,12 @@ static int pkcs11_get_ec_private(PKCS11_KEY * key, EVP_PKEY * pk)
 
 	if (sensitive || !extractable) {
 		ECDSA_set_ex_data(ec, 0, key);
+		EC_KEY_free(ec); /* drops our reference to it. */
 		return 0;
 	}
 
+	if (ec)
+	    EC_KEY_free(ec);
 	return -1;
 }
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/libp11.git