packages/openssl-pkcs11
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:9dd03db22284af8320241f9e417e14c6ddf46f5a
Branches Tags
packages:main
...
compare: packages:36bfcf69d81fce837af22135d93ef8b39aab319e
Branches Tags
packages:main

10 Commits
9dd03db222 ... 36bfcf69d8

Author SHA1 Message Date
openeuler-ci-bot
36bfcf69d8
!23 [sync] PR-22: Fix memory handling in slot refresh 
From: @openeuler-sync-bot 
Reviewed-by: @zhujianwei001 
Signed-off-by: @zhujianwei001
 2025-02-14 03:35:05 +00:00
Wang Jinchao
0927874b47 Fix memory handling in slot refresh 
On refreshing slots, there were two issues:
- When reusing a PKCS11_SLOT_PRIVATE structure instance, the instance to
  be reused was accidentally freed
- Looking for an instance in the list of slots had bugs in pointer
  usage.

Signed-off-by: Wang Jinchao <wangjinchao@xfusion.com>
(cherry picked from commit a3210031d7e7cee882d02d68194e94018bd5ab6e)
 2024-11-01 16:02:11 +08:00
openeuler-ci-bot
bce5854eb2
!20 修复obs编译问题 
From: @zhouchenchen123 
Reviewed-by: @zcfsite 
Signed-off-by: @zcfsite
 2023-02-13 13:20:41 +00:00
zhouchenchen123
46c7bcffcc fix obs build failed 
Signed-off-by: zhouchenchen123 <zhouchenchen@huawei.com>
 2023-02-13 21:13:55 +08:00
openeuler-ci-bot
904b1b6d1d
!19 update version to 0.4.12 
From: @zhouchenchen123 
Reviewed-by: @zcfsite 
Signed-off-by: @zcfsite
 2023-02-07 12:26:23 +00:00
zhouchenchen123
82280a534b update version to 0.4.12 
update openssl-pkcs11.spec.

Signed-off-by: zhouchenchen123 <zhouchenchen@huawei.com>
 2023-02-07 20:08:33 +08:00
openeuler-ci-bot
f7202e5374
!13 "remove rpath files of lt-auth and lt-listkeys" and "add openssl to BuildRequires for make check" 
From: @fly_fzc 
Reviewed-by: @zhujianwei001 
Signed-off-by: @zhujianwei001
 2022-06-14 08:15:46 +00:00
fuanan
66c65c2711 "remove rpath files of lt-auth and lt-listkeys" and "add openssl to BuildRequires for make check" 2022-06-13 14:59:52 +08:00
openeuler-ci-bot
e7ad99f0b1 !7 strip binary files 
From: @liquor1
Reviewed-by: @zhujianwei001
Signed-off-by: @zhujianwei001
 2021-03-31 20:46:20 +08:00
Liquor
23b3ee6017 strip binary files 2021-03-31 18:05:23 +08:00
4 changed files with 125 additions and 12 deletions
Show Stats Expand all files Collapse all files

94
backport-fix-memory-handling-in-slot-refresh.patch Normal file
View File

@ -0,0 +1,94 @@
From 6c96847f1f52a5ccc76e8f8d14820cc4d6af1ecb Mon Sep 17 00:00:00 2001
From: Pavol Marko <pmarko@google.com>
Date: Fri, 16 Jun 2023 21:04:22 +0000
Subject: [PATCH] Fix memory handling in slot refresh
On refreshing slots, there were two issues:
- When reusing a PKCS11_SLOT_PRIVATE structure instance, the instance to
be reused was accidentally freed
- Looking for an instance in the list of slots had bugs in pointer
usage.
---
src/libp11-int.h | 5 +++--
src/p11_slot.c | 23 ++++++++++++++++-------
2 files changed, 19 insertions(+), 9 deletions(-)
diff --git a/src/libp11-int.h b/src/libp11-int.h
index 2d4c48a..fec334c 100644
--- a/src/libp11-int.h
+++ b/src/libp11-int.h
@@ -216,8 +216,9 @@ extern unsigned long pkcs11_get_slotid_from_slot(PKCS11_SLOT_private *);
/* Increment slot reference count */
extern PKCS11_SLOT_private *pkcs11_slot_ref(PKCS11_SLOT_private *slot);
-/* Decrement slot reference count, free if it becomes zero */
-extern void pkcs11_slot_unref(PKCS11_SLOT_private *slot);
+/* Decrement slot reference count, free if it becomes zero.
+ * Returns 1 if it was freed. */
+extern int pkcs11_slot_unref(PKCS11_SLOT_private *slot);
/* Free the list of slots allocated by PKCS11_enumerate_slots() */
extern void pkcs11_release_all_slots(PKCS11_SLOT *slots, unsigned int nslots);
diff --git a/src/p11_slot.c b/src/p11_slot.c
index 3c00e22..c2e45b5 100644
--- a/src/p11_slot.c
+++ b/src/p11_slot.c
@@ -76,9 +76,14 @@ int pkcs11_enumerate_slots(PKCS11_CTX_private *ctx, PKCS11_SLOT **slotp,
for (n = 0; n < nslots; n++) {
PKCS11_SLOT_private *slot = NULL;
for (i = 0; i < *countp; i++) {
- if (PRIVSLOT(slotp[i])->id != slotid[n])
+ PKCS11_SLOT_private *slot_old_private =
+ PRIVSLOT(&((*slotp)[i]));
+ if (slot_old_private->id != slotid[n])
continue;
- slot = pkcs11_slot_ref(PRIVSLOT(slotp[i]));
+ /* Increase ref count so it doesn't get freed when ref
+ * count is decremented in pkcs11_release_all_slots
+ * at the end of this function. */
+ slot = pkcs11_slot_ref(slot_old_private);
break;
}
if (!slot)
@@ -420,10 +425,10 @@ PKCS11_SLOT_private *pkcs11_slot_ref(PKCS11_SLOT_private *slot)
return slot;
}
-void pkcs11_slot_unref(PKCS11_SLOT_private *slot)
+int pkcs11_slot_unref(PKCS11_SLOT_private *slot)
{
if (pkcs11_atomic_add(&slot->refcnt, -1, &slot->lock) != 0)
- return;
+ return 0;
pkcs11_wipe_cache(slot);
if (slot->prev_pin) {
@@ -434,6 +439,8 @@ void pkcs11_slot_unref(PKCS11_SLOT_private *slot)
OPENSSL_free(slot->session_pool);
pthread_mutex_destroy(&slot->lock);
pthread_cond_destroy(&slot->cond);
+
+ return 1;
}
static int pkcs11_init_slot(PKCS11_CTX_private *ctx, PKCS11_SLOT *slot, PKCS11_SLOT_private *spriv)
@@ -473,11 +480,13 @@ static void pkcs11_release_slot(PKCS11_SLOT *slot)
pkcs11_destroy_token(slot->token);
OPENSSL_free(slot->token);
}
- if (spriv)
- pkcs11_slot_unref(spriv);
+ if (spriv) {
+ if (pkcs11_slot_unref(spriv) != 0) {
+ OPENSSL_free(slot->_private);
+ }
+ }
OPENSSL_free(slot->description);
OPENSSL_free(slot->manufacturer);
- OPENSSL_free(slot->_private);
memset(slot, 0, sizeof(*slot));
}
--
2.43.0

BIN
libp11-0.4.11.tar.gz
View File

Binary file not shown.

BIN
libp11-0.4.12.tar.gz Normal file
View File

Binary file not shown.

43
openssl-pkcs11.spec
View File

@ -1,20 +1,22 @@
Name: openssl-pkcs11
Version: 0.4.11
Release: 2
Version: 0.4.12
Release: 3
Summary: A PKCS#11 engine for use with OpenSSL
License: LGPLv2+ and BSD
URL: https://github.com/OpenSC/libp11
Source0: https://github.com/OpenSC/libp11/releases/download/libp11-%{version}/libp11-%{version}.tar.gz
PATCH6000: backport-fix-memory-handling-in-slot-refresh.patch
BuildRequires: openssl-devel autoconf automake libtool
BuildRequires: softhsm opensc procps-ng p11-kit
BuildRequires: softhsm opensc procps-ng p11-kit openssl chrpath
Provides: libp11 = %{version}-%{release}
Obsoletes: libp11 < 0.4.7-4
Provides: engine_pkcs11 = %{version}-%{release}
Obsoletes: engine_pkcs11 < 0.4.7-4
Requires: p11-kit-trust openssl >= 1.0.2
Requires: p11-kit-trust openssl >= 3.0.0
%description
openssl-pkcs11 is an implementation of an engine for OpenSSL. It can be loaded
@ -36,25 +38,26 @@ Development headers and libraries for %{name}
%build
autoreconf -fvi
export CFLAGS="%{optflags}"
%configure --with-enginesdir=%{_libdir}/engines-1.1
%configure --with-enginesdir=%{_libdir}/engines-3
make %{?_smp_mflags} V=1
%install
rm -rf %{buildroot}
mkdir -p %{buildroot}%{_libdir}/engines-1.1
mkdir -p %{buildroot}%{_libdir}/engines-3
%make_install
%delete_la
%check
make check
#strip binary files
pushd %{_builddir}/libp11-%{version}
find src/.libs -type f -name '*.so*' -exec strip '{}' ';'
find examples -type f -name '*.o' -exec strip '{}' ';'
strip examples/.libs/*
popd
strip %{buildroot}%{_libdir}/*.a
%check
make check ||:
# strip %{_builddir}/libp11-%{version}/examples/.libs/lt-*
#remove rpath files
# chrpath -d %{_builddir}/libp11-%{version}/examples/.libs/lt-*
%pre
@ -69,7 +72,7 @@ strip %{buildroot}%{_libdir}/*.a
%doc NEWS
%license COPYING
%{_libdir}/*.so.*
%{_libdir}/engines-1.1/*.so
%{_libdir}/engines-3/*.so
%files devel
%defattr(-,root,root)
@ -81,6 +84,22 @@ strip %{buildroot}%{_libdir}/*.a
%exclude %{_defaultdocdir}/libp11/*
%changelog
* Fri Nov 1 Wang Jinchao <wangjinchao@xfusion.com> - 0.4.12-3
- Fix memory handling in slot refresh
* Mon Feb 13 2023 zhouchenchen123 <zhouchenchen@huawei.com> - 0.4.12-2
- fix obs build issue
* Thu Feb 2 2023 zhouchenchen123 <zhouchenchen@huawei.com> - 0.4.12-1
- update version to 1.20.1
* Mon Jun 13 2022 fuanan <fuanan3@h-partners.com> - 0.4.11-4
- remove rpath files of lt-auth and lt-listkeys
- add openssl to BuildRequires for make check
* Tue Mar 30 2021 lirui <lirui130@huawei.com> - 0.4.11-3
- strip binary files
* Tue Mar 30 2021 panxiaohe <panxiaohe@huawei.com> - 0.4.11-2
- strip binary files