[pkg-opensc-commit] [libp11] 44/67: A private index is allocated for ex_data access
Eric Dorland
eric at moszumanska.debian.org
Sat Jan 30 05:34:15 UTC 2016
This is an automated email from the git hooks/post-receive script.
eric pushed a commit to branch master
in repository libp11.
commit bb6d30c6fb459b111e7c1beaee8534cd0d9db640
Author: Michał Trojnara <Michal.Trojnara at stunnel.org>
Date: Thu Jan 7 14:35:23 2016 +0100
A private index is allocated for ex_data access
---
NEWS | 2 ++
src/p11_ec.c | 30 +++++++++++++++++++++++++++---
src/p11_rsa.c | 40 ++++++++++++++++++++++++++++++++++++----
3 files changed, 65 insertions(+), 7 deletions(-)
diff --git a/NEWS b/NEWS
index ac0fa9d..4a862ae 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,8 @@
NEWS for Libp11 -- History of user visible changes
New in 0.3.1; unreleased;
+* A private index is allocated for ex_data access (RSA and ECDSA classes)
+ instead of using the reserved index zero (app_data) (Michał Trojnara)
* Improved searching for dlopen() (Christoph Moench-Tegeder)
* Fixed EVP_PKEY handling of public keys (Michał Trojnara)
* Added PKCS11_enumerate_public_keys to the API (Michał Trojnara)
diff --git a/src/p11_ec.c b/src/p11_ec.c
index fec25ba..0aa984c 100644
--- a/src/p11_ec.c
+++ b/src/p11_ec.c
@@ -85,6 +85,7 @@
#include "libp11-int.h"
static ECDSA_METHOD *ops = NULL;
+static int ecdsa_ex_index = 0;
/*
* Get EC key material and stash pointer in ex_data
@@ -188,7 +189,7 @@ static EVP_PKEY *pkcs11_get_evp_key_ec(PKCS11_KEY * key)
ECDSA_set_method(ec, PKCS11_get_ecdsa_method());
}
- ECDSA_set_ex_data(ec, 0, key);
+ ECDSA_set_ex_data(ec, ecdsa_ex_index, key);
EC_KEY_free(ec); /* drops our reference to it */
return pk;
}
@@ -217,7 +218,7 @@ static ECDSA_SIG * pkcs11_ecdsa_do_sign(const unsigned char *dgst, int dlen,
int nLen = 48; /* HACK */
int rv;
- key = (PKCS11_KEY *) ECDSA_get_ex_data(ec, 0);
+ key = (PKCS11_KEY *) ECDSA_get_ex_data(ec, ecdsa_ex_index);
if (key == NULL)
return NULL;
@@ -235,6 +236,26 @@ static ECDSA_SIG * pkcs11_ecdsa_do_sign(const unsigned char *dgst, int dlen,
return sig;
}
+static void alloc_ecdsa_ex_index() {
+ if (ecdsa_ex_index == 0) {
+ while (ecdsa_ex_index == 0) /* Workaround for OpenSSL RT3710 */
+ ecdsa_ex_index = ECDSA_get_ex_new_index(0, "libp11 ecdsa",
+ NULL, NULL, NULL);
+ if (ecdsa_ex_index < 0)
+ ecdsa_ex_index = 0; /* Fallback to app_data */
+ }
+}
+
+static void free_ecdsa_ex_index() {
+ /* CRYPTO_free_ex_index requires OpenSSL version >= 1.1.0-pre1 */
+#if OPENSSL_VERSION_NUMBER >= 0x10100001L
+ if (ecdsa_ex_index > 0) {
+ CRYPTO_free_ex_index(CRYPTO_EX_INDEX_ECDSA, ecdsa_ex_index);
+ ecdsa_ex_index = 0;
+ }
+#endif
+}
+
/*
* Overload the default OpenSSL methods for ECDSA
* If OpenSSL supports ECDSA_METHOD_new we will use it.
@@ -245,7 +266,7 @@ static ECDSA_SIG * pkcs11_ecdsa_do_sign(const unsigned char *dgst, int dlen,
/* New way to allocate an ECDSA_METOD object */
ECDSA_METHOD *PKCS11_get_ecdsa_method(void)
{
-
+ alloc_ecdsa_ex_index();
if (ops == NULL) {
ops = ECDSA_METHOD_new((ECDSA_METHOD *)ECDSA_OpenSSL());
ECDSA_METHOD_set_sign(ops, pkcs11_ecdsa_do_sign);
@@ -260,6 +281,7 @@ void PKCS11_ecdsa_method_free(void)
ECDSA_METHOD_free(ops);
ops = NULL;
}
+ free_ecdsa_ex_index();
}
#else /* LIBP11_BUILD_WITH_ECS_LOCL_H */
@@ -269,6 +291,7 @@ ECDSA_METHOD *PKCS11_get_ecdsa_method(void)
{
static struct ecdsa_method sops;
+ alloc_ecdsa_ex_index();
if (!sops.ecdsa_do_sign) {
/* question if compiler is copying each member of struct or not */
sops = *ECDSA_get_default_method();
@@ -281,6 +304,7 @@ ECDSA_METHOD *PKCS11_get_ecdsa_method(void)
void PKCS11_ecdsa_method_free(void)
{
/* It is static in the old method */
+ free_ecdsa_ex_index();
}
#endif /* LIBP11_BUILD_WITH_ECS_LOCL_H */
diff --git a/src/p11_rsa.c b/src/p11_rsa.c
index 1b915a3..9afaaed 100644
--- a/src/p11_rsa.c
+++ b/src/p11_rsa.c
@@ -28,6 +28,8 @@
#include <openssl/rsa.h>
#include "libp11-int.h"
+static int rsa_ex_index = 0;
+
/*
* Get RSA key material
*/
@@ -100,7 +102,7 @@ static EVP_PKEY *pkcs11_get_evp_key_rsa(PKCS11_KEY * key)
}
rsa->flags |= RSA_FLAG_SIGN_VER;
- RSA_set_app_data(rsa, key);
+ RSA_set_ex_data(rsa, rsa_ex_index, key);
RSA_free(rsa); /* drops our reference to it */
return pk;
}
@@ -136,20 +138,23 @@ static int pkcs11_rsa_decrypt(int flen, const unsigned char *from,
unsigned char *to, RSA * rsa, int padding)
{
- return PKCS11_private_decrypt(flen, from, to, (PKCS11_KEY *) RSA_get_app_data(rsa), padding);
+ return PKCS11_private_decrypt(flen, from, to,
+ (PKCS11_KEY *) RSA_get_ex_data(rsa, rsa_ex_index), padding);
}
static int pkcs11_rsa_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA * rsa, int padding)
{
- return PKCS11_private_encrypt(flen, from, to, (PKCS11_KEY *) RSA_get_app_data(rsa), padding);
+ return PKCS11_private_encrypt(flen, from, to,
+ (PKCS11_KEY *) RSA_get_ex_data(rsa, rsa_ex_index), padding);
}
static int pkcs11_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
unsigned char *sigret, unsigned int *siglen, const RSA * rsa)
{
- return PKCS11_sign(type, m, m_len, sigret, siglen, (PKCS11_KEY *) RSA_get_app_data(rsa));
+ return PKCS11_sign(type, m, m_len, sigret, siglen,
+ (PKCS11_KEY *) RSA_get_ex_data(rsa, rsa_ex_index));
}
/* Lousy hack alert. If RSA_verify detects that the key has the
@@ -176,6 +181,26 @@ pkcs11_rsa_verify(int type, const unsigned char *m, unsigned int m_len,
return res;
}
+static void alloc_rsa_ex_index() {
+ if (rsa_ex_index == 0) {
+ while (rsa_ex_index == 0) /* Workaround for OpenSSL RT3710 */
+ rsa_ex_index = RSA_get_ex_new_index(0, "libp11 rsa",
+ NULL, NULL, NULL);
+ if (rsa_ex_index < 0)
+ rsa_ex_index = 0; /* Fallback to app_data */
+ }
+}
+
+static void free_rsa_ex_index() {
+ /* CRYPTO_free_ex_index requires OpenSSL version >= 1.1.0-pre1 */
+#if OPENSSL_VERSION_NUMBER >= 0x10100001L
+ if (rsa_ex_index > 0) {
+ CRYPTO_free_ex_index(CRYPTO_EX_INDEX_RSA, rsa_ex_index);
+ rsa_ex_index = 0;
+ }
+#endif
+}
+
/*
* Overload the default OpenSSL methods for RSA
*/
@@ -183,6 +208,7 @@ RSA_METHOD *PKCS11_get_rsa_method(void)
{
static RSA_METHOD ops;
+ alloc_rsa_ex_index();
if (!ops.rsa_priv_enc) {
ops = *RSA_get_default_method();
ops.rsa_priv_enc = pkcs11_rsa_encrypt;
@@ -193,6 +219,12 @@ RSA_METHOD *PKCS11_get_rsa_method(void)
return &ops;
}
+/* This function is *not* currently exported */
+void PKCS11_rsa_method_free(void)
+{
+ free_rsa_ex_index();
+}
+
PKCS11_KEY_ops pkcs11_rsa_ops = {
EVP_PKEY_RSA,
pkcs11_get_evp_key_rsa
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/libp11.git
More information about the pkg-opensc-commit
mailing list