Branch: refs/heads/master
Home: https://github.com/OpenSC/libp11
Commit: 3a93c89b089dfbde5ba3bc3364e3f5240ef4a3af
https://github.com/OpenSC/libp11/commit/3a93c89b089dfbde5ba3bc3364e3f5240ef4a3af
Author: Hazem Zaghloul <hza...@bl...>
Date: 2025-05-07 (Wed, 07 May 2025)
Changed paths:
M src/p11_key.c
Log Message:
-----------
Don't increment refcount of PKCS#11 objects in EC_KEY assignment
When an ECDSA private key is retrieved via the pkcs11_get_key function
with OpenSSL versions < 3, a new reference to the underlying EC_KEY
object is created and assigned to a new EVP_PKEY which is returned from
the function. However, the reference counter of the
PKCS11_OBJECT_private object attached to the EC_KEY is also incremented,
which means that a single EC_KEY object ends up holding two references
to the attached PKCS11_OBJECT_private, which leads to the reference
count of the PKCS11_OBJECT_private object never reaching zero even when
all the EVP_PKEY objects that reference them are freed. This doesn't
happen with OpenSSL versions >= 3.0 as it creates a duplicate EC_KEY
object instead of assigning the same object.
This commit changes the logic in the pkcs11_get_key function for EC keys
to stop incrementing the PKCS11_OBJECT_private reference count when
assigning the EC_KEY object, to ensure that a single EC_KEY object
always holds a single reference to the attached PKCS11_OBJECT_private.
This leads to the correct clean up of the PKCS11_OBJECT_private objects
and PKCS#11 slot objects.
Commit: 7fb0dc077f2220acc3360335a3d32302fca62094
https://github.com/OpenSC/libp11/commit/7fb0dc077f2220acc3360335a3d32302fca62094
Author: Hazem Zaghloul <hza...@bl...>
Date: 2025-05-07 (Wed, 07 May 2025)
Changed paths:
M src/p11_key.c
M src/p11_rsa.c
Log Message:
-----------
Improve handling of RSA keys and linked PKCS#11 objects
This commit refactors the pkcs11_rsa function, used in operations on RSA
EVP_PKEYs, to return a new reference to the underlying RSA object
instead of a pointer to an existing reference. This avoids having to
make assumptions about the reference count of the underlying RSA object
of an EVP_PKEY in pkcs11_rsa. To reflect the fact that the returned
reference must be freed after use, the function is renamed to
pkcs11_get1_rsa following the conventions of OpenSSL functions.
In addition, this commit ensures that the reference count of a
PKCS11_OBJECT_private object that is attached to an RSA object is
incremented only once for each RSA object. This assures that a
PKCS11_OBJECT_private object can be freed once all RSA objects that
reference it are freed.
Compare: https://github.com/OpenSC/libp11/compare/a61c216e2749...7fb0dc077f22
To unsubscribe from these emails, change your notification settings at https://github.com/OpenSC/libp11/settings/notifications
|
