Menu
▾
▴
[Opensc-commits] [OpenSC/libp11] 82667a: Use struct PKCS11_*_private in internal APIs
|
From: Timo T. <no...@gi...> - 2022-04-22 04:44:06
|
Branch: refs/heads/master Home: https://github.com/OpenSC/libp11 Commit: 82667a665ea016aedacb70d5fd9cb010549599d4 https://github.com/OpenSC/libp11/commit/82667a665ea016aedacb70d5fd9cb010549599d4 Author: Timo Teräs <tim...@ik...> Date: 2022-04-22 (Fri, 22 Apr 2022) Changed paths: M src/libp11-int.h M src/libp11.h M src/p11_atfork.c M src/p11_attr.c M src/p11_cert.c M src/p11_ec.c M src/p11_front.c M src/p11_key.c M src/p11_load.c M src/p11_pkey.c M src/p11_rsa.c M src/p11_slot.c Log Message: ----------- Use struct PKCS11_*_private in internal APIs This is the first step to implement thread safety for the openssl engine per #410. Things to note: - The public key and cert struct label/id now point to data owned by the private struct. This is also helpful in future to allow multiple public structs refer to same private struct. - The update_ex_data() hook is no longer needed because the private structs never move. Thus it is removed. - "evp_key" is removed from the public PKCS11_KEY. Users of it should be calling PKCS11_get_private_key() and PKCS11_get_public_key() anyway. - PKCS11_TOKEN no longer has private data pointer. Instead it contains parent pointer to PKCS11_SLOT which will be used to resolve the the PKCS11_TOKEN_private via PCKS11_SLOT_private. This is needed to make sure there's one single PKCS11_TOKEN_private even if we have multiple PKCS11_TOKEN copies. Commit: 250821460201b481e97ca3c54dc74b678373c14a https://github.com/OpenSC/libp11/commit/250821460201b481e97ca3c54dc74b678373c14a Author: Timo Teräs <tim...@ik...> Date: 2022-04-22 (Fri, 22 Apr 2022) Changed paths: M src/libp11-int.h M src/p11_atfork.c M src/p11_cert.c M src/p11_ec.c M src/p11_front.c M src/p11_key.c M src/p11_pkey.c M src/p11_rsa.c M src/p11_slot.c Log Message: ----------- Merge PKCS11_TOKEN_private to PKCS11_SLOT_private There is one to one mapping with PKCS#11 token and slot. It is simpler to just keep all the token specific members in the slot structure: less pointer chasing, less memory objects allocated, more unified API and less code/errors. Commit: 77d638f49e2ffc6f6aeca3860bcb61e8fd935190 https://github.com/OpenSC/libp11/commit/77d638f49e2ffc6f6aeca3860bcb61e8fd935190 Author: Timo Teräs <tim...@ik...> Date: 2022-04-22 (Fri, 22 Apr 2022) Changed paths: M src/libp11-int.h M src/p11_ec.c M src/p11_key.c Log Message: ----------- Make PKCS11_KEY_ops definitions consistent This simplifies the code a bit, as pkcs11_ec_ops is now defined directly without the pointer indirection. The sole place of use now uses OPENSSL_NO_EC instead. Commit: d6e2a12902aacdf72d8fce8d923adfaa75d45e5d https://github.com/OpenSC/libp11/commit/d6e2a12902aacdf72d8fce8d923adfaa75d45e5d Author: Timo Teräs <tim...@ik...> Date: 2022-04-22 (Fri, 22 Apr 2022) Changed paths: M src/libp11-int.h M src/p11_atfork.c M src/p11_cert.c M src/p11_ec.c M src/p11_front.c M src/p11_key.c M src/p11_pkey.c M src/p11_rsa.c Log Message: ----------- Merge PKCS11_{KEY,CERT}_private to PKCS11_OBJECT_private Also updates the following: - rename the PKCS11_KEY_ops to PKCS11_OBJECT_ops - replace is_private with object_class to reflect object type This is in preparation to remove redundant code. Commit: 1bf599987c23f93ea98879ffdcecedf6e1ed87a4 https://github.com/OpenSC/libp11/commit/1bf599987c23f93ea98879ffdcecedf6e1ed87a4 Author: Timo Teräs <tim...@ik...> Date: 2022-04-22 (Fri, 22 Apr 2022) Changed paths: M src/libp11-int.h M src/p11_atfork.c M src/p11_cert.c M src/p11_ec.c M src/p11_front.c M src/p11_key.c M src/p11_pkey.c M src/p11_rsa.c Log Message: ----------- Merge and remove redundant functions after object/key merge Commit: 639a4b6463278c0119a2ec60b261da3e5330fb33 https://github.com/OpenSC/libp11/commit/639a4b6463278c0119a2ec60b261da3e5330fb33 Author: Timo Teräs <tim...@ik...> Date: 2022-04-22 (Fri, 22 Apr 2022) Changed paths: M src/libp11-int.h M src/p11_attr.c M src/p11_cert.c M src/p11_key.c Log Message: ----------- Make pkcs11_addattr_* interface use PKCS11_TEMPLATE Keep track of allocated memory in separate structure member and avoid unnecessary memory allocation and copying. Commit: 1b796177478827ab8f6d4e3f16ea13e1939d99d1 https://github.com/OpenSC/libp11/commit/1b796177478827ab8f6d4e3f16ea13e1939d99d1 Author: Timo Teräs <tim...@ik...> Date: 2022-04-22 (Fri, 22 Apr 2022) Changed paths: M src/libp11-int.h M src/p11_cert.c M src/p11_key.c Log Message: ----------- Introduce and use create/free functions for PKCS11_OBJECT_private Make one constructor for PKCS11_OBJECT_private objects. This serves as basis for further helper functions that allow operation without the PKCS11_KEY/PKCS11_CERT objects. All object type specific functionality is now in one place, but can be split out via PKCS11_OBJECT_ops later if needed. Commit: 6a8d3ee2d65f4f3ce7ead116ee864211c95b23d2 https://github.com/OpenSC/libp11/commit/6a8d3ee2d65f4f3ce7ead116ee864211c95b23d2 Author: Timo Teräs <tim...@ik...> Date: 2022-04-22 (Fri, 22 Apr 2022) Changed paths: M src/libp11-int.h M src/p11_key.c Log Message: ----------- Add and use template based instantiation of PKCS11_OBJECT_private This will be the function used to find other PKCS#11 objects when needed internally, in order to get rid of the PKCS11_KEY/CERT dependency from internal code completely. Commit: fa4d1039a17ea9922d2f85c138e7f884fb2eabdc https://github.com/OpenSC/libp11/commit/fa4d1039a17ea9922d2f85c138e7f884fb2eabdc Author: Timo Teräs <tim...@ik...> Date: 2022-04-22 (Fri, 22 Apr 2022) Changed paths: M src/libp11-int.h M src/p11_ec.c M src/p11_key.c Log Message: ----------- Get rid of PKCS11_KEY/CERT usage in EC code Commit: 4289bdfa8a4c04237c4f150e481f7fa478b2e4cc https://github.com/OpenSC/libp11/commit/4289bdfa8a4c04237c4f150e481f7fa478b2e4cc Author: Timo Teräs <tim...@ik...> Date: 2022-04-22 (Fri, 22 Apr 2022) Changed paths: M src/libp11-int.h M src/p11_ec.c M src/p11_key.c M src/p11_rsa.c Log Message: ----------- Keep a PKCS11_OBJECT_private alive while the evp_pkey is alive This adds primitive reference tracking, and makes sure PKCS11_OBJECT_private is not freed as long as the EVP_PKEY exist. Commit: cac9f760583757140dcb71694f85302df17c9493 https://github.com/OpenSC/libp11/commit/cac9f760583757140dcb71694f85302df17c9493 Author: Timo Teräs <tim...@ik...> Date: 2022-04-22 (Fri, 22 Apr 2022) Changed paths: M src/p11_rsa.c Log Message: ----------- Get rid of PKCS11_KEY usage in RSA code Commit: 4ea2135e62992d7aa4499a4c1a4d76b34f9e2dfd https://github.com/OpenSC/libp11/commit/4ea2135e62992d7aa4499a4c1a4d76b34f9e2dfd Author: Timo Teräs <tim...@ik...> Date: 2022-04-22 (Fri, 22 Apr 2022) Changed paths: M src/libp11-int.h M src/p11_front.c M src/p11_key.c M src/p11_misc.c M src/p11_slot.c Log Message: ----------- Make PKCS11_SLOT_private reference counted Keep reference to it in the PKCS11_OBJECT_private objects. This fixes an issues when slot is deleted/removed, but there's still object handles held for it. Commit: 2bb7ba18fe113d76773d688baae337211d457c84 https://github.com/OpenSC/libp11/commit/2bb7ba18fe113d76773d688baae337211d457c84 Author: Timo Teräs <tim...@ik...> Date: 2022-04-22 (Fri, 22 Apr 2022) Changed paths: M src/eng_back.c M src/libp11.exports M src/libp11.h M src/p11_front.c M src/p11_slot.c Log Message: ----------- Implement and use PKCS11_update_slots() The difference to PKCS11_enumerate_slots() is that this will expect as input previous slot list (or zero initialized count and null pointer) for the list. Update slots then reuses the slots found from the previous list to avoid unexpected slot and key object destructon. Commit: 206af152fbcb48d4149097ed140e4840febd72d8 https://github.com/OpenSC/libp11/commit/206af152fbcb48d4149097ed140e4840febd72d8 Author: Timo Teräs <tim...@ik...> Date: 2022-04-22 (Fri, 22 Apr 2022) Changed paths: M src/eng_back.c M src/libp11.exports M src/libp11.h M src/p11_front.c Log Message: ----------- Add and use PKCS11_get_{key,x509}_from_template This adds new public functions to get the EVP/X509 object directly based on object template: - speeds up object searches if token has lot of objects as no enumeration is needed - the implementation does not need the public PKCS11_KEY/CERT structures and bypasses object caching completely - final step to add thread safety to pkcs#11 engine Compare: https://github.com/OpenSC/libp11/compare/5316c33e7b48...206af152fbcb |
