diff --git a/SOURCES/softhsm-2.6.1-rh1834909-exit.patch b/SOURCES/softhsm-2.6.1-rh1834909-exit.patch new file mode 100644 index 0000000..9ce241c --- /dev/null +++ b/SOURCES/softhsm-2.6.1-rh1834909-exit.patch @@ -0,0 +1,72 @@ +diff --git a/src/lib/crypto/OSSLCryptoFactory.cpp b/src/lib/crypto/OSSLCryptoFactory.cpp +index 32daca2..ace4bcb 100644 +--- a/src/lib/crypto/OSSLCryptoFactory.cpp ++++ b/src/lib/crypto/OSSLCryptoFactory.cpp +@@ -226,31 +226,49 @@ err: + // Destructor + OSSLCryptoFactory::~OSSLCryptoFactory() + { +-#ifdef WITH_GOST +- // Finish the GOST engine +- if (eg != NULL) ++ bool ossl_shutdown = false; ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) ++ // OpenSSL 1.1.0+ will register an atexit() handler to run ++ // OPENSSL_cleanup(). If that has already happened we must ++ // not attempt to free any ENGINEs because they'll already ++ // have been destroyed and the use-after-free would cause ++ // a deadlock or crash. ++ // ++ // Detect that situation because reinitialisation will fail ++ // after OPENSSL_cleanup() has run. ++ (void)ERR_set_mark(); ++ ossl_shutdown = !OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_RDRAND, NULL); ++ (void)ERR_pop_to_mark(); ++#endif ++ if (!ossl_shutdown) + { +- ENGINE_finish(eg); +- ENGINE_free(eg); +- eg = NULL; +- } ++#ifdef WITH_GOST ++ // Finish the GOST engine ++ if (eg != NULL) ++ { ++ ENGINE_finish(eg); ++ ENGINE_free(eg); ++ eg = NULL; ++ } + #endif + +- // Finish the rd_rand engine +- ENGINE_finish(rdrand_engine); +- ENGINE_free(rdrand_engine); +- rdrand_engine = NULL; ++ // Finish the rd_rand engine ++ ENGINE_finish(rdrand_engine); ++ ENGINE_free(rdrand_engine); ++ rdrand_engine = NULL; + ++ // Recycle locks ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ++ if (setLockingCallback) ++ { ++ CRYPTO_set_locking_callback(NULL); ++ } ++#endif ++ } + // Destroy the one-and-only RNG + delete rng; + +- // Recycle locks +-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) +- if (setLockingCallback) +- { +- CRYPTO_set_locking_callback(NULL); +- } +-#endif + for (unsigned i = 0; i < nlocks; i++) + { + MutexFactory::i()->recycleMutex(locks[i]); diff --git a/SPECS/softhsm.spec b/SPECS/softhsm.spec index eca257d..4994c92 100644 --- a/SPECS/softhsm.spec +++ b/SPECS/softhsm.spec @@ -3,12 +3,14 @@ Summary: Software version of a PKCS#11 Hardware Security Module Name: softhsm Version: 2.6.0 -Release: %{?prever:0.}1%{?prever:.%{prever}}%{?dist} +Release: %{?prever:0.}3%{?prever:.%{prever}}%{?dist} License: BSD Url: http://www.opendnssec.org/ Source: http://dist.opendnssec.org/source/%{?prever:testing/}%{name}-%{version}.tar.gz Source1: http://dist.opendnssec.org/source/%{?prever:testing/}%{name}-%{version}.tar.gz.sig +Patch1: softhsm-2.6.1-rh1834909-exit.patch + Group: Applications/System BuildRequires: openssl-devel >= 1.0.1k-6, sqlite-devel >= 3.4.2, cppunit-devel BuildRequires: gcc-c++, pkgconfig, p11-kit-devel, nss-devel @@ -40,6 +42,7 @@ The devel package contains the libsofthsm include files %prep %setup -q -n %{name}-%{version}%{?prever} +%patch1 -p1 # remove softhsm/ subdir auto-added to --libdir sed -i "s:full_libdir/softhsm:full_libdir:g" configure @@ -118,6 +121,13 @@ if [ -f /var/softhsm/slot0.db ]; then fi %changelog +* Thu Jun 04 2020 Alexander Bokovoy - 2.6.0-3 +- Fixes: rhbz#1834909 - softhsm use-after-free on process exit +- Synchronize the final fix with Fedora + +* Thu May 14 2020 Paul Wouters - 2.6.0-2 +- Fixes: rhbz#1834909 - softhsm use-after-free on process exit + * Wed Apr 01 2020 Alexander Bokovoy - 2.6.0-1 - Fixes: rhbz#1818877 - rebase to softhsm 2.6.0+ - Fixes: rhbz#1701233 - support setting supported signature methods on the token