From efce4defdf31ce74d905ae4dd47c6a36df532854 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Trojnara?= Date: Wed, 29 Aug 2018 23:05:05 +0200 Subject: [PATCH 09/23] Atfork checks for RSA and EC_KEY methods --- src/p11_ec.c | 9 +++------ src/p11_pkey.c | 9 ++++----- src/p11_rsa.c | 4 ++-- 3 files changed, 9 insertions(+), 13 deletions(-) diff --git a/src/p11_ec.c b/src/p11_ec.c index eb0cbb2..1b58c01 100644 --- a/src/p11_ec.c +++ b/src/p11_ec.c @@ -394,7 +394,7 @@ static ECDSA_SIG *pkcs11_ecdsa_sign_sig(const unsigned char *dgst, int dlen, (void)rp; /* Precomputed values are not used for PKCS#11 */ key = pkcs11_get_ex_data_ec(ec); - if (key == NULL) { + if (check_key_fork(key) < 0) { sign_sig_fn orig_sign_sig; #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) const EC_KEY_METHOD *meth = EC_KEY_OpenSSL(); @@ -406,7 +406,6 @@ static ECDSA_SIG *pkcs11_ecdsa_sign_sig(const unsigned char *dgst, int dlen, #endif return orig_sign_sig(dgst, dlen, kinv, rp, ec); } - /* TODO: Add an atfork check */ /* Truncate digest if its byte size is longer than needed */ order = BN_new(); @@ -580,9 +579,8 @@ static int pkcs11_ec_ckey(unsigned char **out, size_t *outlen, int rv; key = pkcs11_get_ex_data_ec(ecdh); - if (key == NULL) /* The private key is not handled by PKCS#11 */ + if (check_key_fork(key) < 0) return ossl_ecdh_compute_key(out, outlen, peer_point, ecdh); - /* TODO: Add an atfork check */ /* both peer and ecdh use same group parameters */ parms = pkcs11_ecdh_params_alloc(EC_KEY_get0_group(ecdh), peer_point); @@ -622,9 +620,8 @@ static int pkcs11_ec_ckey(void *out, size_t outlen, int rv; key = pkcs11_get_ex_data_ec(ecdh); - if (key == NULL) /* The private key is not handled by PKCS#11 */ + if (check_key_fork(key) < 0) return ossl_ecdh_compute_key(out, outlen, peer_point, ecdh, KDF); - /* TODO: Add an atfork check */ /* both peer and ecdh use same group parameters */ parms = pkcs11_ecdh_params_alloc(EC_KEY_get0_group(ecdh), peer_point); diff --git a/src/p11_pkey.c b/src/p11_pkey.c index 0efcaa4..2ba23d9 100644 --- a/src/p11_pkey.c +++ b/src/p11_pkey.c @@ -309,7 +309,7 @@ static int pkcs11_try_pkey_rsa_sign(EVP_PKEY_CTX *evp_pkey_ctx, if (rsa == NULL) return -1; key = pkcs11_get_ex_data_rsa(rsa); - if (key == NULL) + if (check_key_fork(key) < 0) return -1; slot = KEY2SLOT(key); ctx = KEY2CTX(key); @@ -413,11 +413,10 @@ static int pkcs11_try_pkey_rsa_decrypt(EVP_PKEY_CTX *evp_pkey_ctx, if (rsa == NULL) return -1; key = pkcs11_get_ex_data_rsa(rsa); - if (key == NULL) + if (check_key_fork(key) < 0) return -1; - - slot = KEY2SLOT(key); - ctx = KEY2CTX(key); + slot = KEY2SLOT(key); + ctx = KEY2CTX(key); kpriv = PRIVKEY(key); spriv = PRIVSLOT(slot); cpriv = PRIVCTX(ctx); diff --git a/src/p11_rsa.c b/src/p11_rsa.c index f69a8a6..6a519f9 100644 --- a/src/p11_rsa.c +++ b/src/p11_rsa.c @@ -355,7 +355,7 @@ static int pkcs11_rsa_priv_dec_method(int flen, const unsigned char *from, PKCS11_KEY *key = pkcs11_get_ex_data_rsa(rsa); int (*priv_dec) (int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding); - if (key == NULL) { + if (check_key_fork(key) < 0) { priv_dec = RSA_meth_get_priv_dec(RSA_get_default_method()); return priv_dec(flen, from, to, rsa, padding); } @@ -368,7 +368,7 @@ static int pkcs11_rsa_priv_enc_method(int flen, const unsigned char *from, PKCS11_KEY *key = pkcs11_get_ex_data_rsa(rsa); int (*priv_enc) (int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding); - if (key == NULL) { + if (check_key_fork(key) < 0) { priv_enc = RSA_meth_get_priv_enc(RSA_get_default_method()); return priv_enc(flen, from, to, rsa, padding); } -- 2.17.1