diff options
| -rw-r--r-- | NEWS | 5 | ||||
| -rw-r--r-- | trust/module.c | 30 | ||||
| -rw-r--r-- | trust/tests/frob-multi-init.c | 69 | ||||
| -rw-r--r-- | trust/tests/test-module.c | 67 |
4 files changed, 166 insertions, 5 deletions
@@ -9,6 +9,11 @@ * Mark p11_kit_message() as a stable function * Use our own unit testing framework +0.18.3 (stable) + * Fix reinitialization of trust module [#65401] + * Fix crash in trust module C_Initialize + * Mac OS fixes [#57714] + 0.18.2 (stable) * Build fixes [#64378 ...] diff --git a/trust/module.c b/trust/module.c index 109ff5c..abfabae 100644 --- a/trust/module.c +++ b/trust/module.c @@ -66,10 +66,11 @@ #define BASE_SLOT_ID 18UL static struct _Shared { + int initialized; p11_dict *sessions; p11_array *tokens; char *paths; -} gl = { NULL, NULL }; +} gl = { 0, NULL, NULL, NULL }; /* Used during FindObjects */ typedef struct _FindObjects { @@ -284,10 +285,13 @@ sys_C_Finalize (CK_VOID_PTR reserved) } else { p11_lock (); - if (!gl.sessions) { + if (gl.initialized == 0) { + p11_debug ("trust module is not initialized"); rv = CKR_CRYPTOKI_NOT_INITIALIZED; - } else { + } else if (gl.initialized == 1) { + p11_debug ("doing finalization"); + free (gl.paths); gl.paths = NULL; @@ -298,6 +302,11 @@ sys_C_Finalize (CK_VOID_PTR reserved) gl.tokens = NULL; rv = CKR_OK; + gl.initialized = 0; + + } else { + gl.initialized--; + p11_debug ("trust module still initialized %d times", gl.initialized); } p11_unlock (); @@ -310,6 +319,8 @@ sys_C_Finalize (CK_VOID_PTR reserved) static CK_RV sys_C_Initialize (CK_VOID_PTR init_args) { + static CK_C_INITIALIZE_ARGS def_args = + { NULL, NULL, NULL, NULL, CKF_OS_LOCKING_OK, NULL, }; CK_C_INITIALIZE_ARGS *args = NULL; int supplied_ok; CK_RV rv; @@ -324,8 +335,9 @@ sys_C_Initialize (CK_VOID_PTR init_args) rv = CKR_OK; - /* pReserved must be NULL */ args = init_args; + if (args == NULL) + args = &def_args; /* ALL supplied function pointers need to have the value either NULL or non-NULL. */ supplied_ok = (args->CreateMutex == NULL && args->DestroyMutex == NULL && @@ -346,11 +358,17 @@ sys_C_Initialize (CK_VOID_PTR init_args) rv = CKR_CANT_LOCK; } + if (rv == CKR_OK && gl.initialized != 0) { + p11_debug ("trust module already initialized %d times", + gl.initialized); + /* * We support setting the socket path and other arguments from from the * pReserved pointer, similar to how NSS PKCS#11 components are initialized. */ - if (rv == CKR_OK) { + } else if (rv == CKR_OK) { + p11_debug ("doing initialization"); + if (args->pReserved) p11_argv_parse ((const char*)args->pReserved, parse_argument, NULL); @@ -368,6 +386,8 @@ sys_C_Initialize (CK_VOID_PTR init_args) } } + gl.initialized++; + p11_unlock (); if (rv != CKR_OK) diff --git a/trust/tests/frob-multi-init.c b/trust/tests/frob-multi-init.c new file mode 100644 index 0000000..d966540 --- /dev/null +++ b/trust/tests/frob-multi-init.c @@ -0,0 +1,69 @@ +/* + * gcc -Wall -o frob-multi-init $(pkg-config p11-kit-1 --cflags --libs) -ldl frob-multi-init.c + */ + +#include <assert.h> +#include <dlfcn.h> +#include <stdio.h> + +#include <p11-kit/p11-kit.h> + +#define TRUST_SO "/usr/lib64/pkcs11/p11-kit-trust.so" + +int +main (void) +{ + CK_C_INITIALIZE_ARGS args = + { NULL, NULL, NULL, NULL, CKF_OS_LOCKING_OK, NULL, }; + CK_C_GetFunctionList C_GetFunctionList; + CK_SESSION_HANDLE session; + CK_FUNCTION_LIST *module; + CK_SLOT_ID slots[8]; + CK_SESSION_INFO info; + CK_ULONG count; + CK_RV rv; + void *dl; + + dl = dlopen (TRUST_SO, RTLD_LOCAL | RTLD_NOW); + if (dl == NULL) + fprintf (stderr, "%s\n", dlerror()); + assert (dl != NULL); + + C_GetFunctionList = dlsym (dl, "C_GetFunctionList"); + assert (C_GetFunctionList != NULL); + + rv = C_GetFunctionList (&module); + assert (rv == CKR_OK); + assert (module != NULL); + + rv = module->C_Initialize (&args); + assert (rv == CKR_OK); + + count = 8; + rv = module->C_GetSlotList (CK_TRUE, slots, &count); + assert (rv == CKR_OK); + assert (count > 1); + + rv = module->C_OpenSession (slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); + assert (rv == CKR_OK); + + rv = module->C_GetSessionInfo (session, &info); + assert (rv == CKR_OK); + + rv = p11_kit_initialize_registered (); + assert (rv == CKR_OK); + + rv = module->C_GetSessionInfo (session, &info); + if (rv == CKR_OK) { + printf ("no reinitialization bug\n"); + return 0; + + } else if (rv == CKR_SESSION_HANDLE_INVALID) { + printf ("reinitialization bug present\n"); + return 1; + + } else { + printf ("another error: %lu\n", rv); + return 1; + } +} diff --git a/trust/tests/test-module.c b/trust/tests/test-module.c index 45ec74d..bf28124 100644 --- a/trust/tests/test-module.c +++ b/trust/tests/test-module.c @@ -140,6 +140,71 @@ test_get_slot_list (void) } static void +test_null_initialize (void) +{ + CK_FUNCTION_LIST *module; + CK_RV rv; + + /* This is the entry point of the trust module, linked to this test */ + rv = C_GetFunctionList (&module); + assert_num_eq (rv, CKR_OK); + + rv = module->C_Initialize (NULL); + assert_num_eq (rv, CKR_OK); + + rv = module->C_Finalize (NULL); + assert_num_eq (CKR_OK, rv); +} + +static void +test_multi_initialize (void) +{ + static CK_C_INITIALIZE_ARGS args = + { NULL, NULL, NULL, NULL, CKF_OS_LOCKING_OK, NULL, }; + CK_FUNCTION_LIST *module; + CK_SESSION_HANDLE session; + CK_SLOT_ID slots[8]; + CK_SESSION_INFO info; + CK_ULONG count; + CK_RV rv; + + /* This is the entry point of the trust module, linked to this test */ + rv = C_GetFunctionList (&module); + assert_num_eq (rv, CKR_OK); + + rv = module->C_Initialize (&args); + assert_num_eq (rv, CKR_OK); + + count = 8; + rv = module->C_GetSlotList (CK_TRUE, slots, &count); + assert_num_eq (rv, CKR_OK); + assert_num_cmp (count, >, 0); + + rv = module->C_OpenSession (slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); + assert_num_eq (rv, CKR_OK); + + rv = module->C_GetSessionInfo (session, &info); + assert_num_eq (rv, CKR_OK); + assert_num_eq (info.slotID, slots[0]); + + rv = module->C_Initialize (&args); + assert_num_eq (rv, CKR_OK); + + rv = module->C_GetSessionInfo (session, &info); + assert_num_eq (rv, CKR_OK); + assert_num_eq (info.slotID, slots[0]); + + rv = module->C_Finalize (NULL); + assert_num_eq (CKR_OK, rv); + + rv = module->C_Finalize (NULL); + assert_num_eq (CKR_OK, rv); + + rv = module->C_Finalize (NULL); + assert_num_eq (CKR_CRYPTOKI_NOT_INITIALIZED, rv); +} + +static void test_get_slot_info (void) { CK_SLOT_ID slots[NUM_SLOTS]; @@ -933,6 +998,8 @@ main (int argc, p11_test (test_get_slot_info, "/module/get_slot_info"); p11_fixture (NULL, NULL); + p11_test (test_null_initialize, "/module/initialize-null"); + p11_test (test_multi_initialize, "/module/initialize-multi"); p11_test (test_get_token_info, "/module/get_token_info"); p11_fixture (setup, teardown); |