[pkg-opensc-commit] [libp11] 75/86: Workaround for CRYPTO_LOCK_ENGINE used by OpenSC
Eric Dorland
eric at moszumanska.debian.org
Sun Jul 24 21:40:25 UTC 2016
This is an automated email from the git hooks/post-receive script.
eric pushed a commit to branch master
in repository libp11.
commit a0f133f2b31f838f4fe0baeb059fb18eb972f1be
Author: Michał Trojnara <Michal.Trojnara at stunnel.org>
Date: Fri Mar 18 19:28:24 2016 +0100
Workaround for CRYPTO_LOCK_ENGINE used by OpenSC
HACK ALERT: This is an ugly workaround for a complex OpenSC bug.
OpenSC implicitly locks CRYPTO_LOCK_ENGINE during C_GetSlotList().
OpenSSL also locks CRYPTO_LOCK_ENGINE in ENGINE_init().
The workaround is to temporarily unlock the non-recursive rwlock,
so it does not crash or hang (depending on the implementation).
FIXME: This workaround currently does not support OpenSSL 1.1.
---
src/eng_back.c | 51 +++++++++++++++++++++++++++++++++++++--------------
1 file changed, 37 insertions(+), 14 deletions(-)
diff --git a/src/eng_back.c b/src/eng_back.c
index 656b3fa..1ba79d0 100644
--- a/src/eng_back.c
+++ b/src/eng_back.c
@@ -141,25 +141,14 @@ int pkcs11_finish(ENGINE_CTX *ctx)
return 1;
}
-int pkcs11_init(ENGINE_CTX *ctx)
+static int pkcs11_init_ctx(ENGINE_CTX *ctx, char *mod)
{
- char *mod = ctx->module;
-
- if (mod == NULL)
- mod = getenv("PKCS11_MODULE_PATH");
-#ifdef DEFAULT_PKCS11_MODULE
- if (mod == NULL)
- mod = DEFAULT_PKCS11_MODULE;
-#endif
- if (ctx->verbose) {
- fprintf(stderr, "Initializing engine\n");
- }
-
- PKCS11_CTX_init_args(ctx->pkcs11_ctx, ctx->init_args);
+ /* PKCS11_CTX_load() uses C_GetSlotList() via p11-kit */
if (PKCS11_CTX_load(ctx->pkcs11_ctx, mod) < 0) {
fprintf(stderr, "Unable to load module %s\n", mod);
return 0;
}
+ /* PKCS11_enumerate_slots() uses C_GetSlotList() via libp11 */
if (PKCS11_enumerate_slots(ctx->pkcs11_ctx,
&ctx->slot_list, &ctx->slot_count) < 0) {
fprintf(stderr, "Failed to enumerate slots\n");
@@ -172,6 +161,40 @@ int pkcs11_init(ENGINE_CTX *ctx)
return 1;
}
+int pkcs11_init(ENGINE_CTX *ctx)
+{
+ char *mod = ctx->module;
+ int rv;
+
+ if (mod == NULL)
+ mod = getenv("PKCS11_MODULE_PATH");
+#ifdef DEFAULT_PKCS11_MODULE
+ if (mod == NULL)
+ mod = DEFAULT_PKCS11_MODULE;
+#endif
+ if (ctx->verbose) {
+ fprintf(stderr, "Initializing engine\n");
+ }
+
+ PKCS11_CTX_init_args(ctx->pkcs11_ctx, ctx->init_args);
+
+ /* HACK ALERT: This is an ugly workaround for a complex OpenSC bug */
+ /* OpenSC implicitly locks CRYPTO_LOCK_ENGINE during C_GetSlotList() */
+ /* OpenSSL also locks CRYPTO_LOCK_ENGINE in ENGINE_init() */
+ /* The workaround is to temporarily unlock the non-recursive rwlock,
+ so it does not crash or hang (depending on the implementation) */
+ /* FIXME: This workaround currently does not support OpenSSL 1.1 */
+#if OPENSSL_VERSION_NUMBER < 0x10100004L
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+#endif
+ rv = pkcs11_init_ctx(ctx, mod);
+#if OPENSSL_VERSION_NUMBER < 0x10100004L
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+#endif
+
+ return rv;
+}
+
/******************************************************************************/
/* certificte handling */
/******************************************************************************/
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/libp11.git
More information about the pkg-opensc-commit
mailing list