[pkg-opensc-commit] [libp11] 27/67: Locking for multithreaded operations
Eric Dorland
eric at moszumanska.debian.org
Sat Jan 30 05:34:14 UTC 2016
This is an automated email from the git hooks/post-receive script.
eric pushed a commit to branch master
in repository libp11.
commit 1ea84bfe1bc506bd13aecca41a37e0777a1b3b13
Author: Michał Trojnara <Michal.Trojnara at mirt.net>
Date: Tue Dec 22 16:42:30 2015 +0100
Locking for multithreaded operations
---
README.md | 12 +++++++++---
src/libp11-int.h | 3 +++
src/p11_ops.c | 6 ++++++
src/p11_slot.c | 2 ++
4 files changed, 20 insertions(+), 3 deletions(-)
diff --git a/README.md b/README.md
index 42d5a17..090606e 100644
--- a/README.md
+++ b/README.md
@@ -7,9 +7,15 @@ Build state
libp11 README -- Information for developers
===========================================
-This is a higher than PKCS #11 library to access PKCS #11 objects.
-It is designed to integrate with applications that use openssl. Note, however,
-that the libp11 library is not thread safe.
+This library provides a higher-level (compared to the PKCS#11 library)
+interface to access PKCS#11 objects. It is designed to integrate with
+applications that use OpenSSL.
+
+Thread-safety requires dynamic callbacks to be registered by the calling
+application with the following OpenSSL functions:
+* CRYPTO_set_dynlock_create_callback
+* CRYPTO_set_dynlock_destroy_callback
+* CRYPTO_set_dynlock_lock_callback
The wiki page for this project is at https://github.com/OpenSC/libp11/wiki
and includes a bug tracker and source browser.
diff --git a/src/libp11-int.h b/src/libp11-int.h
index b2b1263..494daec 100644
--- a/src/libp11-int.h
+++ b/src/libp11-int.h
@@ -62,6 +62,9 @@ typedef struct pkcs11_slot_private {
/* options used in last PKCS11_login */
char *prev_pin;
int prev_so;
+
+ /* per-slot lock */
+ int lockid;
} PKCS11_SLOT_private;
#define PRIVSLOT(slot) ((PKCS11_SLOT_private *) (slot->_private))
#define SLOT2CTX(slot) (PRIVSLOT(slot)->parent)
diff --git a/src/p11_ops.c b/src/p11_ops.c
index aa5af81..82b96ac 100644
--- a/src/p11_ops.c
+++ b/src/p11_ops.c
@@ -51,12 +51,14 @@ PKCS11_ecdsa_sign(const unsigned char *m, unsigned int m_len,
memset(&mechanism, 0, sizeof(mechanism));
mechanism.mechanism = CKM_ECDSA;
+ CRYPTO_w_lock(PRIVSLOT(slot)->lockid);
if((rv = CRYPTOKI_call(ctx, C_SignInit
(session, &mechanism, priv->object))) == 0) {
rv = CRYPTOKI_call(ctx, C_Sign
(session, (CK_BYTE *) m, m_len,
sigret, &ck_sigsize));
}
+ CRYPTO_w_unlock(PRIVSLOT(slot)->lockid);
if (rv) {
PKCS11err(PKCS11_F_PKCS11_EC_KEY_SIGN, pkcs11_map_err(rv));
@@ -174,6 +176,7 @@ PKCS11_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
session = PRIVSLOT(slot)->session;
+ CRYPTO_w_lock(PRIVSLOT(slot)->lockid);
/* API is somewhat fishy here. *siglen is 0 on entry (cleared
* by OpenSSL). The library assumes that the memory passed
* by the caller is always big enough */
@@ -183,6 +186,7 @@ PKCS11_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
(session, (CK_BYTE *) from, flen,
to, &ck_sigsize));
}
+ CRYPTO_w_unlock(PRIVSLOT(slot)->lockid);
if (rv) {
PKCS11err(PKCS11_F_PKCS11_RSA_SIGN, pkcs11_map_err(rv));
@@ -226,11 +230,13 @@ PKCS11_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
mechanism.mechanism = CKM_RSA_PKCS;
+ CRYPTO_w_lock(PRIVSLOT(slot)->lockid);
if( (rv = CRYPTOKI_call(ctx, C_DecryptInit(session, &mechanism, priv->object))) == 0) {
rv = CRYPTOKI_call(ctx, C_Decrypt
(session, (CK_BYTE *) from, (CK_ULONG)flen,
(CK_BYTE_PTR)to, &size));
}
+ CRYPTO_w_unlock(PRIVSLOT(slot)->lockid);
if (rv) {
PKCS11err(PKCS11_F_PKCS11_RSA_DECRYPT, pkcs11_map_err(rv));
diff --git a/src/p11_slot.c b/src/p11_slot.c
index 40a7972..2b85eb6 100644
--- a/src/p11_slot.c
+++ b/src/p11_slot.c
@@ -436,6 +436,7 @@ static int pkcs11_init_slot(PKCS11_CTX * ctx, PKCS11_SLOT * slot, CK_SLOT_ID id)
priv->prev_rw = 0;
priv->prev_pin = NULL;
priv->prev_so = 0;
+ priv->lockid = CRYPTO_get_new_dynlockid();
slot->description = PKCS11_DUP(info.slotDescription);
slot->manufacturer = PKCS11_DUP(info.manufacturerID);
@@ -466,6 +467,7 @@ void pkcs11_release_slot(PKCS11_CTX * ctx, PKCS11_SLOT * slot)
OPENSSL_cleanse(priv->prev_pin, strlen(priv->prev_pin));
OPENSSL_free(priv->prev_pin);
}
+ CRYPTO_destroy_dynlockid(priv->lockid);
CRYPTOKI_call(ctx, C_CloseAllSessions(priv->id));
}
OPENSSL_free(slot->_private);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/libp11.git
More information about the pkg-opensc-commit
mailing list