[pkg-opensc-commit] [libp11] 31/86: Fixed deadlocks in keys and certificates listing
Eric Dorland
eric at moszumanska.debian.org
Sun Jul 24 21:40:19 UTC 2016
This is an automated email from the git hooks/post-receive script.
eric pushed a commit to branch master
in repository libp11.
commit c730ba61cefd943f40493475391f7253eae28b66
Author: Michał Trojnara <Michal.Trojnara at stunnel.org>
Date: Tue Feb 2 11:01:48 2016 +0100
Fixed deadlocks in keys and certificates listing
---
NEWS | 1 +
src/p11_cert.c | 22 +++++++++++-----------
src/p11_key.c | 19 ++++++++++---------
3 files changed, 22 insertions(+), 20 deletions(-)
diff --git a/NEWS b/NEWS
index f631dca..1b5e9ef 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,7 @@
NEWS for Libp11 -- History of user visible changes
New in 0.4.0; unreleased;
+* Fixed deadlocks in keys and certificates listing (Brian Hinz)
* Use PKCS11_MODULE_PATH environment variable (Doug Engert)
* Added support for building against OpenSSL 1.1.0-dev (Doug Engert)
* Added support for ECDH key derivation (Doug Engert)
diff --git a/src/p11_cert.c b/src/p11_cert.c
index e53cad5..5a49cf2 100644
--- a/src/p11_cert.c
+++ b/src/p11_cert.c
@@ -37,12 +37,17 @@ int
PKCS11_enumerate_certs(PKCS11_TOKEN * token,
PKCS11_CERT ** certp, unsigned int *countp)
{
- PKCS11_TOKEN_private *tpriv = PRIVTOKEN(token);
+ PKCS11_SLOT *slot = TOKEN2SLOT(token);
PKCS11_CTX *ctx = TOKEN2CTX(token);
+ PKCS11_TOKEN_private *tpriv = PRIVTOKEN(token);
+ PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
PKCS11_CTX_private *cpriv = PRIVCTX(ctx);
int rv;
if (tpriv->ncerts < 0) {
+ /* Make sure we have a session */
+ if (!spriv->haveSession && PKCS11_open_session(slot, 0))
+ return -1;
pkcs11_w_lock(cpriv->lockid);
rv = pkcs11_find_certs(token);
pkcs11_w_unlock(cpriv->lockid);
@@ -85,32 +90,27 @@ PKCS11_CERT *PKCS11_find_certificate(PKCS11_KEY * key)
*/
static int pkcs11_find_certs(PKCS11_TOKEN * token)
{
- PKCS11_TOKEN_private *tpriv = PRIVTOKEN(token);
PKCS11_SLOT *slot = TOKEN2SLOT(token);
PKCS11_CTX *ctx = TOKEN2CTX(token);
- CK_SESSION_HANDLE session;
+ PKCS11_TOKEN_private *tpriv = PRIVTOKEN(token);
+ PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
CK_OBJECT_CLASS cert_search_class;
CK_ATTRIBUTE cert_search_attrs[] = {
{CKA_CLASS, &cert_search_class, sizeof(cert_search_class)},
};
int rv, res = -1;
- /* Make sure we have a session */
- if (!PRIVSLOT(slot)->haveSession && PKCS11_open_session(slot, 0))
- return -1;
- session = PRIVSLOT(slot)->session;
-
/* Tell the PKCS11 lib to enumerate all matching objects */
cert_search_class = CKO_CERTIFICATE;
- rv = CRYPTOKI_call(ctx, C_FindObjectsInit(session, cert_search_attrs, 1));
+ rv = CRYPTOKI_call(ctx, C_FindObjectsInit(spriv->session, cert_search_attrs, 1));
CRYPTOKI_checkerr(PKCS11_F_PKCS11_ENUM_CERTS, rv);
tpriv->ncerts = 0;
do {
- res = pkcs11_next_cert(ctx, token, session);
+ res = pkcs11_next_cert(ctx, token, spriv->session);
} while (res == 0);
- CRYPTOKI_call(ctx, C_FindObjectsFinal(session));
+ CRYPTOKI_call(ctx, C_FindObjectsFinal(spriv->session));
return (res < 0) ? -1 : 0;
}
diff --git a/src/p11_key.c b/src/p11_key.c
index c7523a5..d42664c 100644
--- a/src/p11_key.c
+++ b/src/p11_key.c
@@ -353,13 +353,18 @@ EVP_PKEY *PKCS11_get_public_key(PKCS11_KEY * key)
static int pkcs11_enumerate_keys(PKCS11_TOKEN * token, unsigned int type,
PKCS11_KEY ** keyp, unsigned int * countp)
{
- PKCS11_TOKEN_private *tpriv = PRIVTOKEN(token);
- PKCS11_keys *keys = (type == CKO_PRIVATE_KEY) ? &tpriv->prv : &tpriv->pub;
+ PKCS11_SLOT *slot = TOKEN2SLOT(token);
PKCS11_CTX *ctx = TOKEN2CTX(token);
+ PKCS11_TOKEN_private *tpriv = PRIVTOKEN(token);
+ PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
PKCS11_CTX_private *cpriv = PRIVCTX(ctx);
+ PKCS11_keys *keys = (type == CKO_PRIVATE_KEY) ? &tpriv->prv : &tpriv->pub;
int rv;
if (keys->num < 0) { /* No cache was built for the specified type */
+ /* Make sure we have a session */
+ if (!spriv->haveSession && PKCS11_open_session(slot, 0))
+ return -1;
pkcs11_w_lock(cpriv->lockid);
rv = pkcs11_find_keys(token, type);
pkcs11_w_unlock(cpriv->lockid);
@@ -380,21 +385,17 @@ static int pkcs11_enumerate_keys(PKCS11_TOKEN * token, unsigned int type,
*/
static int pkcs11_find_keys(PKCS11_TOKEN * token, unsigned int type)
{
- PKCS11_TOKEN_private *tpriv = PRIVTOKEN(token);
- PKCS11_keys *keys = (type == CKO_PRIVATE_KEY) ? &tpriv->prv : &tpriv->pub;
PKCS11_SLOT *slot = TOKEN2SLOT(token);
- PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
PKCS11_CTX *ctx = TOKEN2CTX(token);
+ PKCS11_TOKEN_private *tpriv = PRIVTOKEN(token);
+ PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
+ PKCS11_keys *keys = (type == CKO_PRIVATE_KEY) ? &tpriv->prv : &tpriv->pub;
CK_OBJECT_CLASS key_search_class;
CK_ATTRIBUTE key_search_attrs[1] = {
{CKA_CLASS, &key_search_class, sizeof(key_search_class)},
};
int rv, res = -1;
- /* Make sure we have a session */
- if (!PRIVSLOT(slot)->haveSession && PKCS11_open_session(slot, 0))
- return -1;
-
/* Tell the PKCS11 lib to enumerate all matching objects */
key_search_class = type;
rv = CRYPTOKI_call(ctx,
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/libp11.git
More information about the pkg-opensc-commit
mailing list