[pkg-opensc-commit] [libp11] 75/86: Workaround for CRYPTO_LOCK_ENGINE used by OpenSC

[Eric Dorland]

This is an automated email from the git hooks/post-receive script.

eric pushed a commit to branch master
in repository libp11.

commit a0f133f2b31f838f4fe0baeb059fb18eb972f1be
Author: Michał Trojnara <Michal.Trojnara at stunnel.org>
Date:   Fri Mar 18 19:28:24 2016 +0100

    Workaround for CRYPTO_LOCK_ENGINE used by OpenSC
    
    HACK ALERT: This is an ugly workaround for a complex OpenSC bug.
    OpenSC implicitly locks CRYPTO_LOCK_ENGINE during C_GetSlotList().
    OpenSSL also locks CRYPTO_LOCK_ENGINE in ENGINE_init().
    The workaround is to temporarily unlock the non-recursive rwlock,
    so it does not crash or hang (depending on the implementation).
    FIXME: This workaround currently does not support OpenSSL 1.1.
---
 src/eng_back.c | 51 +++++++++++++++++++++++++++++++++++++--------------
 1 file changed, 37 insertions(+), 14 deletions(-)

diff --git a/src/eng_back.c b/src/eng_back.c
index 656b3fa..1ba79d0 100644
--- a/src/eng_back.c
+++ b/src/eng_back.c
@@ -141,25 +141,14 @@ int pkcs11_finish(ENGINE_CTX *ctx)
 	return 1;
 }
 
-int pkcs11_init(ENGINE_CTX *ctx)
+static int pkcs11_init_ctx(ENGINE_CTX *ctx, char *mod)
 {
-	char *mod = ctx->module;
-
-	if (mod == NULL)
-		mod = getenv("PKCS11_MODULE_PATH");
-#ifdef DEFAULT_PKCS11_MODULE
-	if (mod == NULL)
-		mod = DEFAULT_PKCS11_MODULE;
-#endif
-	if (ctx->verbose) {
-		fprintf(stderr, "Initializing engine\n");
-	}
-
-	PKCS11_CTX_init_args(ctx->pkcs11_ctx, ctx->init_args);
+	/* PKCS11_CTX_load() uses C_GetSlotList() via p11-kit */
 	if (PKCS11_CTX_load(ctx->pkcs11_ctx, mod) < 0) {
 		fprintf(stderr, "Unable to load module %s\n", mod);
 		return 0;
 	}
+	/* PKCS11_enumerate_slots() uses C_GetSlotList() via libp11 */
 	if (PKCS11_enumerate_slots(ctx->pkcs11_ctx,
 			&ctx->slot_list, &ctx->slot_count) < 0) {
 		fprintf(stderr, "Failed to enumerate slots\n");
@@ -172,6 +161,40 @@ int pkcs11_init(ENGINE_CTX *ctx)
 	return 1;
 }
 
+int pkcs11_init(ENGINE_CTX *ctx)
+{
+	char *mod = ctx->module;
+	int rv;
+
+	if (mod == NULL)
+		mod = getenv("PKCS11_MODULE_PATH");
+#ifdef DEFAULT_PKCS11_MODULE
+	if (mod == NULL)
+		mod = DEFAULT_PKCS11_MODULE;
+#endif
+	if (ctx->verbose) {
+		fprintf(stderr, "Initializing engine\n");
+	}
+
+	PKCS11_CTX_init_args(ctx->pkcs11_ctx, ctx->init_args);
+
+	/* HACK ALERT: This is an ugly workaround for a complex OpenSC bug */
+	/* OpenSC implicitly locks CRYPTO_LOCK_ENGINE during C_GetSlotList() */
+	/* OpenSSL also locks CRYPTO_LOCK_ENGINE in ENGINE_init() */
+	/* The workaround is to temporarily unlock the non-recursive rwlock,
+	   so it does not crash or hang (depending on the implementation) */
+	/* FIXME: This workaround currently does not support OpenSSL 1.1 */
+#if OPENSSL_VERSION_NUMBER < 0x10100004L
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+#endif
+	rv = pkcs11_init_ctx(ctx, mod);
+#if OPENSSL_VERSION_NUMBER < 0x10100004L
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+#endif
+
+	return rv;
+}
+
 /******************************************************************************/
 /* certificte handling                                                        */
 /******************************************************************************/

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/libp11.git