Menu
▾
▴
[Opensc-commits] [OpenSC/libp11] 3a93c8: Don't increment refcount of PKCS#11 objects in EC_...
|
From: Hazem Z. <no...@gi...> - 2025-05-07 17:28:30
|
Branch: refs/heads/master Home: https://github.com/OpenSC/libp11 Commit: 3a93c89b089dfbde5ba3bc3364e3f5240ef4a3af https://github.com/OpenSC/libp11/commit/3a93c89b089dfbde5ba3bc3364e3f5240ef4a3af Author: Hazem Zaghloul <hza...@bl...> Date: 2025-05-07 (Wed, 07 May 2025) Changed paths: M src/p11_key.c Log Message: ----------- Don't increment refcount of PKCS#11 objects in EC_KEY assignment When an ECDSA private key is retrieved via the pkcs11_get_key function with OpenSSL versions < 3, a new reference to the underlying EC_KEY object is created and assigned to a new EVP_PKEY which is returned from the function. However, the reference counter of the PKCS11_OBJECT_private object attached to the EC_KEY is also incremented, which means that a single EC_KEY object ends up holding two references to the attached PKCS11_OBJECT_private, which leads to the reference count of the PKCS11_OBJECT_private object never reaching zero even when all the EVP_PKEY objects that reference them are freed. This doesn't happen with OpenSSL versions >= 3.0 as it creates a duplicate EC_KEY object instead of assigning the same object. This commit changes the logic in the pkcs11_get_key function for EC keys to stop incrementing the PKCS11_OBJECT_private reference count when assigning the EC_KEY object, to ensure that a single EC_KEY object always holds a single reference to the attached PKCS11_OBJECT_private. This leads to the correct clean up of the PKCS11_OBJECT_private objects and PKCS#11 slot objects. Commit: 7fb0dc077f2220acc3360335a3d32302fca62094 https://github.com/OpenSC/libp11/commit/7fb0dc077f2220acc3360335a3d32302fca62094 Author: Hazem Zaghloul <hza...@bl...> Date: 2025-05-07 (Wed, 07 May 2025) Changed paths: M src/p11_key.c M src/p11_rsa.c Log Message: ----------- Improve handling of RSA keys and linked PKCS#11 objects This commit refactors the pkcs11_rsa function, used in operations on RSA EVP_PKEYs, to return a new reference to the underlying RSA object instead of a pointer to an existing reference. This avoids having to make assumptions about the reference count of the underlying RSA object of an EVP_PKEY in pkcs11_rsa. To reflect the fact that the returned reference must be freed after use, the function is renamed to pkcs11_get1_rsa following the conventions of OpenSSL functions. In addition, this commit ensures that the reference count of a PKCS11_OBJECT_private object that is attached to an RSA object is incremented only once for each RSA object. This assures that a PKCS11_OBJECT_private object can be freed once all RSA objects that reference it are freed. Compare: https://github.com/OpenSC/libp11/compare/a61c216e2749...7fb0dc077f22 To unsubscribe from these emails, change your notification settings at https://github.com/OpenSC/libp11/settings/notifications |
