Fix crash caused by initial patch for rhbz#1831086

2020-05-13 19:46:16 +01:00 · 2020-05-13 19:46:16 +01:00 · 1e209fc79d
commit 1e209fc79d
parent c2ee7fde90
2 changed files with 22 additions and 49 deletions
--- a/softhsm-2.6.1-rh1831086-exit.patch
+++ b/softhsm-2.6.1-rh1831086-exit.patch
@ -1,60 +1,29 @@
 diff --git a/src/lib/crypto/OSSLCryptoFactory.cpp b/src/lib/crypto/OSSLCryptoFactory.cpp
-index 32daca2f..81d080a5 100644
+index 32daca2..ace4bcb 100644
 --- a/src/lib/crypto/OSSLCryptoFactory.cpp
 +++ b/src/lib/crypto/OSSLCryptoFactory.cpp
-@@ -77,6 +77,7 @@ bool OSSLCryptoFactory::FipsSelfTestStatus = false;
+@@ -226,31 +226,49 @@ err:
 static unsigned nlocks;
 static Mutex** locks;
 +static bool ossl_shutdown;
 // Mutex callback
 void lock_callback(int mode, int n, const char* file, int line)
@@ -101,6 +102,26 @@ void lock_callback(int mode, int n, const char* file, int line)
 	}
 }
 +#if OPENSSL_VERSION_NUMBER >= 0x10100000L
 +void ossl_factory_shutdown(void)
 +{
 +	/*
 +	 * As of 1.1.0, OpenSSL registers its own atexit() handler
 +	 * to call OPENSSL_cleanup(). If our own atexit() handler
 +	 * subsequently tries to, for example, unreference an
 +	 * ENGINE, then it'll crash or deadlock with a use-after-free.
 +	 *
 +	 * This hook into the OpenSSL_atexit() handlers will get called
 +	 * when OPENSSL_cleanup() is called, and sets a flag which
 +	 * prevents any further touching of OpenSSL objects — which
 +	 * would otherwise happen fairly much immediately thereafter
 +	 * when our own OSSLCryptoFactory destructor gets called by
 +	 * the C++ runtime's own atexit() handler.
 +	 */
 +	ossl_shutdown = true;
 +}
 +#endif
 +
 // Constructor
 OSSLCryptoFactory::OSSLCryptoFactory()
 {
@@ -119,6 +140,9 @@ OSSLCryptoFactory::OSSLCryptoFactory()
 		CRYPTO_set_locking_callback(lock_callback);
 		setLockingCallback = true;
 	}
 +#else
 +	// Mustn't dereference engines after OpenSSL itself has shut down
 +	OPENSSL_atexit(ossl_factory_shutdown);
 #endif
 #ifdef WITH_FIPS
@@ -226,31 +250,35 @@ OSSLCryptoFactory::OSSLCryptoFactory()
 // Destructor
 OSSLCryptoFactory::~OSSLCryptoFactory()
 {
 -#ifdef WITH_GOST
 -	// Finish the GOST engine
 -	if (eg != NULL)
-+	// Don't do this if OPENSSL_cleanup() has already happened
+	bool ossl_shutdown = false;
 +
 +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 +	// OpenSSL 1.1.0+ will register an atexit() handler to run
 +	// OPENSSL_cleanup(). If that has already happened we must
 +	// not attempt to free any ENGINEs because they'll already
 +	// have been destroyed and the use-after-free would cause
 +	// a deadlock or crash.
 +	//
 +	// Detect that situation because reinitialisation will fail
 +	// after OPENSSL_cleanup() has run.
 +	(void)ERR_set_mark();
 +	ossl_shutdown = !OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_RDRAND, NULL);
 +	(void)ERR_pop_to_mark();
 +#endif
 +	if (!ossl_shutdown)
 	{
 -		ENGINE_finish(eg);
--- a/softhsm.spec
+++ b/softhsm.spec
@ -4,7 +4,7 @@
 Summary: Software version of a PKCS#11 Hardware Security Module
 Name: softhsm
 Version: 2.6.1
-Release: %{?prever:0.}2%{?prever:.%{prever}}%{?dist}
+Release: %{?prever:0.}3%{?prever:.%{prever}}%{?dist}
 License: BSD
 Url: http://www.opendnssec.org/
 Source: http://dist.opendnssec.org/source/%{?prever:testing/}%{name}-%{version}.tar.gz
@ -111,6 +111,10 @@ if [ -f /var/softhsm/slot0.db ]; then
 fi
 %changelog
 * Wed May 13 2020 David Woodhouse <dwmw2@infradead.org> - 2.6.1-3
 - Resolves: rhbz#1831086 softhsm use-after-free on process exit
  Fix crash introduced by initial patch
 * Tue May 12 2020 Paul Wouters <pwouters@redhat.com> - 2.6.1-2
 - Resolves: rhbz#1831086 softhsm use-after-free on process exit