[pkg-opensc-commit] [libp11] 51/67: Gracefully handle missing dynlock callbacks
Eric Dorland
eric at moszumanska.debian.org
Sat Jan 30 05:34:16 UTC 2016
This is an automated email from the git hooks/post-receive script.
eric pushed a commit to branch master
in repository libp11.
commit c2199651d7c54f9dd5e21ae79d3fcea90d6915d8
Author: Michał Trojnara <Michal.Trojnara at stunnel.org>
Date: Fri Jan 15 12:24:48 2016 +0100
Gracefully handle missing dynlock callbacks
---
src/libp11-int.h | 12 ++++++++++++
src/p11_key.c | 4 ++--
src/p11_load.c | 5 ++---
src/p11_misc.c | 31 +++++++++++++++++++++++++++----
src/p11_ops.c | 12 ++++++------
src/p11_slot.c | 5 ++---
6 files changed, 51 insertions(+), 18 deletions(-)
diff --git a/src/libp11-int.h b/src/libp11-int.h
index 0de018b..3ae052b 100644
--- a/src/libp11-int.h
+++ b/src/libp11-int.h
@@ -146,6 +146,18 @@ typedef struct pkcs11_cert_private {
#define PKCS11_DUP(s) \
pkcs11_strdup((char *) s, sizeof(s))
+int pkcs11_get_new_dynlockid();
+void pkcs11_destroy_dynlockid(int);
+
+#define pkcs11_w_lock(type) \
+ if(type) CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
+#define pkcs11_w_unlock(type) \
+ if(type) CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
+#define pkcs11_r_lock(type) \
+ if(type) CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
+#define pkcs11_r_unlock(type) \
+ if(type) CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
+
extern int pkcs11_enumerate_slots(PKCS11_CTX *, PKCS11_SLOT **, unsigned int *);
extern void pkcs11_release_slot(PKCS11_CTX *, PKCS11_SLOT *slot);
diff --git a/src/p11_key.c b/src/p11_key.c
index c9224e3..57ccd21 100644
--- a/src/p11_key.c
+++ b/src/p11_key.c
@@ -331,9 +331,9 @@ static int pkcs11_enumerate_keys(PKCS11_TOKEN * token, unsigned int type,
int rv;
if (keys->num < 0) { /* No cache was built for the specified type */
- CRYPTO_w_lock(cpriv->lockid);
+ pkcs11_w_lock(cpriv->lockid);
rv = pkcs11_find_keys(token, type);
- CRYPTO_w_unlock(cpriv->lockid);
+ pkcs11_w_unlock(cpriv->lockid);
if (rv < 0) {
pkcs11_destroy_keys(token, type);
return -1;
diff --git a/src/p11_load.c b/src/p11_load.c
index 60c3981..4eeb4e7 100644
--- a/src/p11_load.c
+++ b/src/p11_load.c
@@ -43,8 +43,7 @@ PKCS11_CTX *PKCS11_CTX_new(void)
memset(ctx, 0, sizeof(PKCS11_CTX));
ctx->_private = priv;
priv->forkid = _P11_get_forkid();
- priv->lockid = CRYPTO_get_new_dynlockid();
- ERR_clear_error(); /* Dynamic locks are optional */
+ priv->lockid = pkcs11_get_new_dynlockid();
return ctx;
fail:
@@ -168,7 +167,7 @@ void PKCS11_CTX_free(PKCS11_CTX * ctx)
if (priv->init_args) {
OPENSSL_free(priv->init_args);
}
- CRYPTO_destroy_dynlockid(priv->lockid);
+ pkcs11_destroy_dynlockid(priv->lockid);
OPENSSL_free(ctx->manufacturer);
OPENSSL_free(ctx->description);
OPENSSL_free(ctx->_private);
diff --git a/src/p11_misc.c b/src/p11_misc.c
index 0d0d9e0..eab3de3 100644
--- a/src/p11_misc.c
+++ b/src/p11_misc.c
@@ -129,9 +129,9 @@ int check_fork(PKCS11_CTX *ctx)
PKCS11_CTX_private *priv = PRIVCTX(ctx);
int rv;
- CRYPTO_w_lock(priv->lockid);
+ pkcs11_w_lock(priv->lockid);
rv = check_fork_int(ctx);
- CRYPTO_w_unlock(priv->lockid);
+ pkcs11_w_unlock(priv->lockid);
return rv;
}
@@ -144,9 +144,9 @@ int check_slot_fork(PKCS11_SLOT *slot)
PKCS11_CTX_private *priv = PRIVCTX(ctx);
int rv;
- CRYPTO_w_lock(priv->lockid);
+ pkcs11_w_lock(priv->lockid);
rv = check_slot_fork_int(slot);
- CRYPTO_w_unlock(priv->lockid);
+ pkcs11_w_unlock(priv->lockid);
return rv;
}
@@ -165,4 +165,27 @@ int check_key_fork(PKCS11_KEY *key)
return rv;
}
+/*
+ * CRYPTO dynlock wrappers: 0 is an invalid dynamic lock ID
+ */
+int pkcs11_get_new_dynlockid()
+{
+ int i;
+
+ if (CRYPTO_get_dynlock_create_callback() == NULL ||
+ CRYPTO_get_dynlock_lock_callback() == NULL ||
+ CRYPTO_get_dynlock_destroy_callback() == NULL)
+ return 0; /* Dynamic callbacks not set */
+ i = CRYPTO_get_new_dynlockid();
+ if (i == 0)
+ ERR_clear_error(); /* Dynamic locks are optional -> ignore */
+ return i;
+}
+
+void pkcs11_destroy_dynlockid(int i)
+{
+ if(i)
+ CRYPTO_destroy_dynlockid(i);
+}
+
/* vim: set noexpandtab: */
diff --git a/src/p11_ops.c b/src/p11_ops.c
index 3563f18..05c8971 100644
--- a/src/p11_ops.c
+++ b/src/p11_ops.c
@@ -51,11 +51,11 @@ PKCS11_ecdsa_sign(const unsigned char *m, unsigned int m_len,
memset(&mechanism, 0, sizeof(mechanism));
mechanism.mechanism = CKM_ECDSA;
- CRYPTO_w_lock(PRIVSLOT(slot)->lockid);
+ pkcs11_w_lock(PRIVSLOT(slot)->lockid);
rv = CRYPTOKI_call(ctx, C_SignInit(session, &mechanism, priv->object)) ||
CRYPTOKI_call(ctx,
C_Sign(session, (CK_BYTE *) m, m_len, sigret, &ck_sigsize));
- CRYPTO_w_unlock(PRIVSLOT(slot)->lockid);
+ pkcs11_w_unlock(PRIVSLOT(slot)->lockid);
if (rv) {
PKCS11err(PKCS11_F_PKCS11_EC_KEY_SIGN, pkcs11_map_err(rv));
@@ -173,14 +173,14 @@ PKCS11_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
session = PRIVSLOT(slot)->session;
- CRYPTO_w_lock(PRIVSLOT(slot)->lockid);
+ pkcs11_w_lock(PRIVSLOT(slot)->lockid);
/* API is somewhat fishy here. *siglen is 0 on entry (cleared
* by OpenSSL). The library assumes that the memory passed
* by the caller is always big enough */
rv = CRYPTOKI_call(ctx, C_SignInit(session, &mechanism, priv->object)) ||
CRYPTOKI_call(ctx,
C_Sign(session, (CK_BYTE *) from, flen, to, &ck_sigsize));
- CRYPTO_w_unlock(PRIVSLOT(slot)->lockid);
+ pkcs11_w_unlock(PRIVSLOT(slot)->lockid);
if (rv) {
PKCS11err(PKCS11_F_PKCS11_RSA_SIGN, pkcs11_map_err(rv));
@@ -224,12 +224,12 @@ PKCS11_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
mechanism.mechanism = CKM_RSA_PKCS;
- CRYPTO_w_lock(PRIVSLOT(slot)->lockid);
+ pkcs11_w_lock(PRIVSLOT(slot)->lockid);
rv = CRYPTOKI_call(ctx, C_DecryptInit(session, &mechanism, priv->object)) ||
CRYPTOKI_call(ctx,
C_Decrypt(session, (CK_BYTE *) from, (CK_ULONG)flen,
(CK_BYTE_PTR)to, &size));
- CRYPTO_w_unlock(PRIVSLOT(slot)->lockid);
+ pkcs11_w_unlock(PRIVSLOT(slot)->lockid);
if (rv) {
PKCS11err(PKCS11_F_PKCS11_RSA_DECRYPT, pkcs11_map_err(rv));
diff --git a/src/p11_slot.c b/src/p11_slot.c
index bba41e7..1ee6328 100644
--- a/src/p11_slot.c
+++ b/src/p11_slot.c
@@ -447,8 +447,7 @@ static int pkcs11_init_slot(PKCS11_CTX * ctx, PKCS11_SLOT * slot, CK_SLOT_ID id)
priv->prev_rw = 0;
priv->prev_pin = NULL;
priv->prev_so = 0;
- priv->lockid = CRYPTO_get_new_dynlockid();
- ERR_clear_error(); /* Dynamic locks are optional */
+ priv->lockid = pkcs11_get_new_dynlockid();
slot->description = PKCS11_DUP(info.slotDescription);
slot->manufacturer = PKCS11_DUP(info.manufacturerID);
@@ -479,7 +478,7 @@ void pkcs11_release_slot(PKCS11_CTX * ctx, PKCS11_SLOT * slot)
OPENSSL_cleanse(priv->prev_pin, strlen(priv->prev_pin));
OPENSSL_free(priv->prev_pin);
}
- CRYPTO_destroy_dynlockid(priv->lockid);
+ pkcs11_destroy_dynlockid(priv->lockid);
CRYPTOKI_call(ctx, C_CloseAllSessions(priv->id));
}
OPENSSL_free(slot->_private);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/libp11.git
More information about the pkg-opensc-commit
mailing list