[pkg-opensc-commit] [libp11] 31/86: Fixed deadlocks in keys and certificates listing

[Eric Dorland]

This is an automated email from the git hooks/post-receive script.

eric pushed a commit to branch master
in repository libp11.

commit c730ba61cefd943f40493475391f7253eae28b66
Author: Michał Trojnara <Michal.Trojnara at stunnel.org>
Date:   Tue Feb 2 11:01:48 2016 +0100

    Fixed deadlocks in keys and certificates listing
---
 NEWS           |  1 +
 src/p11_cert.c | 22 +++++++++++-----------
 src/p11_key.c  | 19 ++++++++++---------
 3 files changed, 22 insertions(+), 20 deletions(-)

diff --git a/NEWS b/NEWS
index f631dca..1b5e9ef 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,7 @@
 NEWS for Libp11 -- History of user visible changes
 
 New in 0.4.0; unreleased;
+* Fixed deadlocks in keys and certificates listing (Brian Hinz)
 * Use PKCS11_MODULE_PATH environment variable (Doug Engert)
 * Added support for building against OpenSSL 1.1.0-dev (Doug Engert)
 * Added support for ECDH key derivation (Doug Engert)
diff --git a/src/p11_cert.c b/src/p11_cert.c
index e53cad5..5a49cf2 100644
--- a/src/p11_cert.c
+++ b/src/p11_cert.c
@@ -37,12 +37,17 @@ int
 PKCS11_enumerate_certs(PKCS11_TOKEN * token,
 		PKCS11_CERT ** certp, unsigned int *countp)
 {
-	PKCS11_TOKEN_private *tpriv = PRIVTOKEN(token);
+	PKCS11_SLOT *slot = TOKEN2SLOT(token);
 	PKCS11_CTX *ctx = TOKEN2CTX(token);
+	PKCS11_TOKEN_private *tpriv = PRIVTOKEN(token);
+	PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
 	PKCS11_CTX_private *cpriv = PRIVCTX(ctx);
 	int rv;
 
 	if (tpriv->ncerts < 0) {
+		/* Make sure we have a session */
+		if (!spriv->haveSession && PKCS11_open_session(slot, 0))
+			return -1;
 		pkcs11_w_lock(cpriv->lockid);
 		rv = pkcs11_find_certs(token);
 		pkcs11_w_unlock(cpriv->lockid);
@@ -85,32 +90,27 @@ PKCS11_CERT *PKCS11_find_certificate(PKCS11_KEY * key)
  */
 static int pkcs11_find_certs(PKCS11_TOKEN * token)
 {
-	PKCS11_TOKEN_private *tpriv = PRIVTOKEN(token);
 	PKCS11_SLOT *slot = TOKEN2SLOT(token);
 	PKCS11_CTX *ctx = TOKEN2CTX(token);
-	CK_SESSION_HANDLE session;
+	PKCS11_TOKEN_private *tpriv = PRIVTOKEN(token);
+	PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
 	CK_OBJECT_CLASS cert_search_class;
 	CK_ATTRIBUTE cert_search_attrs[] = {
 		{CKA_CLASS, &cert_search_class, sizeof(cert_search_class)},
 	};
 	int rv, res = -1;
 
-	/* Make sure we have a session */
-	if (!PRIVSLOT(slot)->haveSession && PKCS11_open_session(slot, 0))
-		return -1;
-	session = PRIVSLOT(slot)->session;
-
 	/* Tell the PKCS11 lib to enumerate all matching objects */
 	cert_search_class = CKO_CERTIFICATE;
-	rv = CRYPTOKI_call(ctx, C_FindObjectsInit(session, cert_search_attrs, 1));
+	rv = CRYPTOKI_call(ctx, C_FindObjectsInit(spriv->session, cert_search_attrs, 1));
 	CRYPTOKI_checkerr(PKCS11_F_PKCS11_ENUM_CERTS, rv);
 
 	tpriv->ncerts = 0;
 	do {
-		res = pkcs11_next_cert(ctx, token, session);
+		res = pkcs11_next_cert(ctx, token, spriv->session);
 	} while (res == 0);
 
-	CRYPTOKI_call(ctx, C_FindObjectsFinal(session));
+	CRYPTOKI_call(ctx, C_FindObjectsFinal(spriv->session));
 
 	return (res < 0) ? -1 : 0;
 }
diff --git a/src/p11_key.c b/src/p11_key.c
index c7523a5..d42664c 100644
--- a/src/p11_key.c
+++ b/src/p11_key.c
@@ -353,13 +353,18 @@ EVP_PKEY *PKCS11_get_public_key(PKCS11_KEY * key)
 static int pkcs11_enumerate_keys(PKCS11_TOKEN * token, unsigned int type,
 		PKCS11_KEY ** keyp, unsigned int * countp)
 {
-	PKCS11_TOKEN_private *tpriv = PRIVTOKEN(token);
-	PKCS11_keys *keys = (type == CKO_PRIVATE_KEY) ? &tpriv->prv : &tpriv->pub;
+	PKCS11_SLOT *slot = TOKEN2SLOT(token);
 	PKCS11_CTX *ctx = TOKEN2CTX(token);
+	PKCS11_TOKEN_private *tpriv = PRIVTOKEN(token);
+	PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
 	PKCS11_CTX_private *cpriv = PRIVCTX(ctx);
+	PKCS11_keys *keys = (type == CKO_PRIVATE_KEY) ? &tpriv->prv : &tpriv->pub;
 	int rv;
 
 	if (keys->num < 0) { /* No cache was built for the specified type */
+		/* Make sure we have a session */
+		if (!spriv->haveSession && PKCS11_open_session(slot, 0))
+			return -1;
 		pkcs11_w_lock(cpriv->lockid);
 		rv = pkcs11_find_keys(token, type);
 		pkcs11_w_unlock(cpriv->lockid);
@@ -380,21 +385,17 @@ static int pkcs11_enumerate_keys(PKCS11_TOKEN * token, unsigned int type,
  */
 static int pkcs11_find_keys(PKCS11_TOKEN * token, unsigned int type)
 {
-	PKCS11_TOKEN_private *tpriv = PRIVTOKEN(token);
-	PKCS11_keys *keys = (type == CKO_PRIVATE_KEY) ? &tpriv->prv : &tpriv->pub;
 	PKCS11_SLOT *slot = TOKEN2SLOT(token);
-	PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
 	PKCS11_CTX *ctx = TOKEN2CTX(token);
+	PKCS11_TOKEN_private *tpriv = PRIVTOKEN(token);
+	PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
+	PKCS11_keys *keys = (type == CKO_PRIVATE_KEY) ? &tpriv->prv : &tpriv->pub;
 	CK_OBJECT_CLASS key_search_class;
 	CK_ATTRIBUTE key_search_attrs[1] = {
 		{CKA_CLASS, &key_search_class, sizeof(key_search_class)},
 	};
 	int rv, res = -1;
 
-	/* Make sure we have a session */
-	if (!PRIVSLOT(slot)->haveSession && PKCS11_open_session(slot, 0))
-		return -1;
-
 	/* Tell the PKCS11 lib to enumerate all matching objects */
 	key_search_class = type;
 	rv = CRYPTOKI_call(ctx,

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/libp11.git