Mercurial Mercurial > upstream > oracle > userland-gate / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
19789902 pkcs11 engine dumps core when the softtoken is disabled
authorIvo Raisr <ivo.raisr@oracle.com>
Sat, 25 Oct 2014 10:54:16 -0700
changeset 2180 bc1340c26305
parent 2179 54b689a4315b
child 2181 e4bedf346edf
19789902 pkcs11 engine dumps core when the softtoken is disabled
components/openssl/README file | annotate | diff | comparison | revisions
components/openssl/openssl-1.0.1-fips-140/engines/pkcs11/e_pk11.c file | annotate | diff | comparison | revisions
components/openssl/openssl-1.0.1/engines/pkcs11/e_pk11.c file | annotate | diff | comparison | revisions 
--- a/components/openssl/README	Mon Oct 27 13:21:58 2014 -0700
+++ b/components/openssl/README	Sat Oct 25 10:54:16 2014 -0700
@@ -30,7 +30,7 @@
 fips-140, and once for 1.0.1 FIPS-140 canister (in the openssl-fips component)
 needed to build 1.0.1 FIPS-140 certified libraries. All builds apart from 
 static libraries for wanboot are done for 32 and 64 bits. So, in total, OpenSSL
-is built seven times. OpenSSL for wanboot is only build on sparc.
+is built seven times. OpenSSL for wanboot is only built on sparc.
 
 See also comments in all the Makefiles for more information.
 
@@ -238,14 +238,14 @@
 address before execution. This address is defined in 
 $ON/usr/src/psm/stand/boot/sparc/common/mapfile:
 
-     27 LOAD_SEGMENT text {
-     28 	FLAGS = READ EXECUTE;
-     29 	VADDR = 0x130000;
-     30 	ASSIGN_SECTION {
-     31 		TYPE = PROGBITS;
-     32 		FLAGS = ALLOC !WRITE;
-     33 	};
-     34 };
+	LOAD_SEGMENT text {
+		FLAGS = READ EXECUTE;
+		VADDR = 0x130000;
+		ASSIGN_SECTION {
+			TYPE = PROGBITS;
+			FLAGS = ALLOC !WRITE;
+		};
+	};
 
 This address (VADDR) NEEDS TO BE GREATER THEN 
     size of wanboot binary + 0x4000
--- a/components/openssl/openssl-1.0.1-fips-140/engines/pkcs11/e_pk11.c	Mon Oct 27 13:21:58 2014 -0700
+++ b/components/openssl/openssl-1.0.1-fips-140/engines/pkcs11/e_pk11.c	Sat Oct 25 10:54:16 2014 -0700
@@ -1157,8 +1157,22 @@
 			}
 		}
 
-
-	/* Attempt to load PKCS#11 library */
+	/*
+	 * If initialization of the locks fails pk11_init_all_locks()
+	 * will do the cleanup.
+	 */
+	if (!pk11_init_all_locks())
+		goto err;
+	for (i = 0; i < OP_MAX; i++)
+		session_cache[i].head = NULL;
+	/*
+	 * Initialize active lists. We only use active lists
+	 * for asymmetric ciphers.
+	 */
+	for (i = 0; i < OP_MAX; i++)
+		active_list[i] = NULL;
+
+	/* Attempt to load PKCS#11 library. */
 	if (!pk11_dso)
 		{
 		pk11_dso = DSO_load(NULL, get_PK11_LIBNAME(), NULL, 0);
@@ -1245,20 +1259,6 @@
 
 	pk11_library_initialized = CK_TRUE;
 	pk11_pid = getpid();
-	/*
-	 * if initialization of the locks fails pk11_init_all_locks()
-	 * will do the cleanup.
-	 */
-	if (!pk11_init_all_locks())
-		goto err;
-	for (i = 0; i < OP_MAX; i++)
-		session_cache[i].head = NULL;
-	/*
-	 * initialize active lists. We only use active lists
-	 * for asymmetric ciphers.
-	 */
-	for (i = 0; i < OP_MAX; i++)
-		active_list[i] = NULL;
 
 	if (!pk11_atfork_initialized)
 		{
@@ -1324,8 +1324,12 @@
 	for (i = 0; i < OP_MAX; i++)
 		pk11_free_active_list(i);
 
-	pFuncList->C_CloseSession(global_session);
-	global_session = CK_INVALID_HANDLE;
+	/* Global session is not present when there are no slots. */
+	if (global_session != CK_INVALID_HANDLE)
+		{
+		pFuncList->C_CloseSession(global_session);
+		global_session = CK_INVALID_HANDLE;
+		}
 
 	/*
 	 * Since we are part of a library (libcrypto.so), calling this function
--- a/components/openssl/openssl-1.0.1/engines/pkcs11/e_pk11.c	Mon Oct 27 13:21:58 2014 -0700
+++ b/components/openssl/openssl-1.0.1/engines/pkcs11/e_pk11.c	Sat Oct 25 10:54:16 2014 -0700
@@ -1163,7 +1163,22 @@
 		}
 
 
-	/* Attempt to load PKCS#11 library */
+	/*
+	 * If initialization of the locks fails pk11_init_all_locks()
+	 * will do the cleanup.
+	 */
+	if (!pk11_init_all_locks())
+		goto err;
+	for (i = 0; i < OP_MAX; i++)
+		session_cache[i].head = NULL;
+	/*
+	 * Initialize active lists. We only use active lists
+	 * for asymmetric ciphers.
+	 */
+	for (i = 0; i < OP_MAX; i++)
+		active_list[i] = NULL;
+
+	/* Attempt to load PKCS#11 library. */
 	if (!pk11_dso)
 		{
 		pk11_dso = DSO_load(NULL, get_PK11_LIBNAME(), NULL, 0);
@@ -1250,20 +1265,6 @@
 
 	pk11_library_initialized = CK_TRUE;
 	pk11_pid = getpid();
-	/*
-	 * if initialization of the locks fails pk11_init_all_locks()
-	 * will do the cleanup.
-	 */
-	if (!pk11_init_all_locks())
-		goto err;
-	for (i = 0; i < OP_MAX; i++)
-		session_cache[i].head = NULL;
-	/*
-	 * initialize active lists. We only use active lists
-	 * for asymmetric ciphers.
-	 */
-	for (i = 0; i < OP_MAX; i++)
-		active_list[i] = NULL;
 
 	if (!pk11_atfork_initialized)
 		{
@@ -1329,8 +1330,12 @@
 	for (i = 0; i < OP_MAX; i++)
 		pk11_free_active_list(i);
 
-	pFuncList->C_CloseSession(global_session);
-	global_session = CK_INVALID_HANDLE;
+	/* Global session is not present when there are no slots. */
+	if (global_session != CK_INVALID_HANDLE)
+		{
+		pFuncList->C_CloseSession(global_session);
+		global_session = CK_INVALID_HANDLE;
+		}
 
 	/*
 	 * Since we are part of a library (libcrypto.so), calling this function
upstream/oracle/userland-gate