From 45d6529dbe1b69f3a838d01a83f0688e91696377 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20Trojnara?= <Michal.Trojnara@stunnel.org>
Date: Wed, 29 Aug 2018 21:35:48 +0200
Subject: [PATCH 07/23] Expose check_fork internal API

---
 src/Makefile.am  |   2 +-
 src/atfork.c     |  93 -------------------
 src/libp11-int.h |   7 ++
 src/p11_atfork.c | 231 +++++++++++++++++++++++++++++++++++++++++++++++
 src/p11_front.c  | 138 ----------------------------
 5 files changed, 239 insertions(+), 232 deletions(-)
 delete mode 100644 src/atfork.c
 create mode 100644 src/p11_atfork.c

diff --git a/src/Makefile.am b/src/Makefile.am
index 3cdbce1..2ca250e 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -14,7 +14,7 @@ SHARED_EXT=@SHARED_EXT@
 
 libp11_la_SOURCES = libpkcs11.c p11_attr.c p11_cert.c p11_err.c p11_ckr.c \
 	p11_key.c p11_load.c p11_misc.c p11_rsa.c p11_ec.c p11_pkey.c \
-	p11_slot.c p11_front.c atfork.c libp11.exports
+	p11_slot.c p11_front.c p11_atfork.c libp11.exports
 if WIN32
 libp11_la_SOURCES += libp11.rc
 else
diff --git a/src/atfork.c b/src/atfork.c
deleted file mode 100644
index 04691fb..0000000
--- a/src/atfork.c
+++ /dev/null
@@ -1,93 +0,0 @@
-/*
- * Copyright (C) 2010-2012 Free Software Foundation, Inc.
- * Copyright (C) 2014 Red Hat
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-#include "libp11-int.h"
-#if defined(_WIN32) && !defined(__CYGWIN__)
-#include <winsock2.h>
-#else
-#include <sys/socket.h>
-#endif
-#include <errno.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <unistd.h>
-#include <atfork.h>
-
-#ifdef __sun
-# pragma fini(lib_deinit)
-# pragma init(lib_init)
-# define _CONSTRUCTOR
-# define _DESTRUCTOR
-#else
-# define _CONSTRUCTOR __attribute__((constructor))
-# define _DESTRUCTOR __attribute__((destructor))
-#endif
-
-unsigned int P11_forkid = 0;
-
-#ifndef _WIN32
-
-# ifdef HAVE_ATFORK
-static void fork_handler(void)
-{
-	P11_forkid++;
-}
-# endif
-
-# if defined(HAVE___REGISTER_ATFORK)
-extern int __register_atfork(void (*)(void), void(*)(void), void (*)(void), void *);
-extern void *__dso_handle;
-
-_CONSTRUCTOR
-int _P11_register_fork_handler(void)
-{
-	if (__register_atfork(0, 0, fork_handler, __dso_handle) != 0)
-		return -1;
-	return 0;
-}
-
-# else
-
-unsigned int _P11_get_forkid(void)
-{
-	return getpid();
-}
-
-int _P11_detect_fork(unsigned int forkid)
-{
-	if (getpid() == forkid)
-		return 0;
-	return 1;
-}
-
-/* we have to detect fork manually */
-_CONSTRUCTOR
-int _P11_register_fork_handler(void)
-{
-	P11_forkid = getpid();
-	return 0;
-}
-
-# endif
-
-#endif /* !_WIN32 */
-
-/* vim: set noexpandtab: */
diff --git a/src/libp11-int.h b/src/libp11-int.h
index b62a13e..411f2b0 100644
--- a/src/libp11-int.h
+++ b/src/libp11-int.h
@@ -323,6 +323,13 @@ extern int pkcs11_store_certificate(PKCS11_TOKEN * token, X509 * x509,
 extern int pkcs11_seed_random(PKCS11_SLOT *, const unsigned char *s, unsigned int s_len);
 extern int pkcs11_generate_random(PKCS11_SLOT *, unsigned char *r, unsigned int r_len);
 
+/* Reinitialize the module afer fork if needed */
+extern int check_fork(PKCS11_CTX *ctx);
+extern int check_slot_fork(PKCS11_SLOT *slot);
+extern int check_token_fork(PKCS11_TOKEN *token);
+extern int check_key_fork(PKCS11_KEY *key);
+extern int check_cert_fork(PKCS11_CERT *cert);
+
 /* Internal implementation of deprecated features */
 
 /* Generate and store a private key on the token */
diff --git a/src/p11_atfork.c b/src/p11_atfork.c
new file mode 100644
index 0000000..fce87c6
--- /dev/null
+++ b/src/p11_atfork.c
@@ -0,0 +1,231 @@
+/*
+ * Copyright (C) 2010-2012 Free Software Foundation, Inc.
+ * Copyright (C) 2014 Red Hat
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+#include "libp11-int.h"
+#if defined(_WIN32) && !defined(__CYGWIN__)
+#include <winsock2.h>
+#else
+#include <sys/socket.h>
+#endif
+#include <errno.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+#include <atfork.h>
+
+#ifdef __sun
+# pragma fini(lib_deinit)
+# pragma init(lib_init)
+# define _CONSTRUCTOR
+# define _DESTRUCTOR
+#else
+# define _CONSTRUCTOR __attribute__((constructor))
+# define _DESTRUCTOR __attribute__((destructor))
+#endif
+
+unsigned int P11_forkid = 0;
+
+#ifndef _WIN32
+
+# ifdef HAVE_ATFORK
+static void fork_handler(void)
+{
+	P11_forkid++;
+}
+# endif
+
+# if defined(HAVE___REGISTER_ATFORK)
+extern int __register_atfork(void (*)(void), void(*)(void), void (*)(void), void *);
+extern void *__dso_handle;
+
+_CONSTRUCTOR
+int _P11_register_fork_handler(void)
+{
+	if (__register_atfork(0, 0, fork_handler, __dso_handle) != 0)
+		return -1;
+	return 0;
+}
+
+# else
+
+unsigned int _P11_get_forkid(void)
+{
+	return getpid();
+}
+
+int _P11_detect_fork(unsigned int forkid)
+{
+	if (getpid() == forkid)
+		return 0;
+	return 1;
+}
+
+/* we have to detect fork manually */
+_CONSTRUCTOR
+int _P11_register_fork_handler(void)
+{
+	P11_forkid = getpid();
+	return 0;
+}
+
+# endif
+
+#endif /* !_WIN32 */
+
+/*
+ * PKCS#11 reinitialization after fork
+ * It wipes out the internal state of the PKCS#11 library
+ * Any libp11 references to this state are no longer valid
+ */
+static int check_fork_int(PKCS11_CTX *ctx)
+{
+	PKCS11_CTX_private *cpriv = PRIVCTX(ctx);
+
+	if (_P11_detect_fork(cpriv->forkid)) {
+		if (pkcs11_CTX_reload(ctx) < 0)
+			return -1;
+		cpriv->forkid = _P11_get_forkid();
+	}
+	return 0;
+}
+
+/*
+ * PKCS#11 reinitialization after fork
+ * Also relogins and reopens the session if needed
+ */
+static int check_slot_fork_int(PKCS11_SLOT *slot)
+{
+	PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
+	PKCS11_CTX *ctx = SLOT2CTX(slot);
+	PKCS11_CTX_private *cpriv = PRIVCTX(ctx);
+
+	if (check_fork_int(SLOT2CTX(slot)) < 0)
+		return -1;
+	if (spriv->forkid != cpriv->forkid) {
+		if (spriv->loggedIn) {
+			int saved = spriv->haveSession;
+			spriv->haveSession = 0;
+			spriv->loggedIn = 0;
+			if (pkcs11_relogin(slot) < 0)
+				return -1;
+			spriv->haveSession = saved;
+		}
+		if (spriv->haveSession) {
+			spriv->haveSession = 0;
+			if (pkcs11_reopen_session(slot) < 0)
+				return -1;
+		}
+		spriv->forkid = cpriv->forkid;
+	}
+	return 0;
+}
+
+/*
+ * PKCS#11 reinitialization after fork
+ * Also reloads the key
+ */
+static int check_key_fork_int(PKCS11_KEY *key)
+{
+	PKCS11_SLOT *slot = KEY2SLOT(key);
+	PKCS11_KEY_private *kpriv = PRIVKEY(key);
+	PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
+
+	if (check_slot_fork_int(slot) < 0)
+		return -1;
+	if (spriv->forkid != kpriv->forkid) {
+		pkcs11_reload_key(key);
+		kpriv->forkid = spriv->forkid;
+	}
+	return 0;
+}
+
+/*
+ * Locking interface to check_fork_int()
+ */
+int check_fork(PKCS11_CTX *ctx)
+{
+	PKCS11_CTX_private *cpriv;
+	int rv;
+
+	if (ctx == NULL)
+		return -1;
+	cpriv = PRIVCTX(ctx);
+	CRYPTO_THREAD_write_lock(cpriv->rwlock);
+	rv = check_fork_int(ctx);
+	CRYPTO_THREAD_unlock(cpriv->rwlock);
+	return rv;
+}
+
+/*
+ * Locking interface to check_slot_fork_int()
+ */
+int check_slot_fork(PKCS11_SLOT *slot)
+{
+	PKCS11_CTX_private *cpriv;
+	int rv;
+
+	if (slot == NULL)
+		return -1;
+	cpriv = PRIVCTX(SLOT2CTX(slot));
+	CRYPTO_THREAD_write_lock(cpriv->rwlock);
+	rv = check_slot_fork_int(slot);
+	CRYPTO_THREAD_unlock(cpriv->rwlock);
+	return rv;
+}
+
+/*
+ * Reinitialize token (just its slot)
+ */
+int check_token_fork(PKCS11_TOKEN *token)
+{
+	if (token == NULL)
+		return -1;
+	return check_slot_fork(TOKEN2SLOT(token));
+}
+
+/*
+ * Locking interface to check_key_fork_int()
+ */
+int check_key_fork(PKCS11_KEY *key)
+{
+	PKCS11_CTX_private *cpriv;
+	int rv;
+
+	if (key == NULL)
+		return -1;
+	cpriv = PRIVCTX(KEY2CTX(key));
+	CRYPTO_THREAD_write_lock(cpriv->rwlock);
+	rv = check_key_fork_int(key);
+	CRYPTO_THREAD_unlock(cpriv->rwlock);
+	return rv;
+}
+
+/*
+ * Reinitialize cert (just its token)
+ */
+int check_cert_fork(PKCS11_CERT *cert)
+{
+	if (cert == NULL)
+		return -1;
+	return check_token_fork(CERT2TOKEN(cert));
+}
+
+/* vim: set noexpandtab: */
diff --git a/src/p11_front.c b/src/p11_front.c
index 167a778..efdd4c0 100644
--- a/src/p11_front.c
+++ b/src/p11_front.c
@@ -25,144 +25,6 @@
  * PKCS11_get_ec_key_method
  */
 
-/*
- * PKCS#11 reinitialization after fork
- * It wipes out the internal state of the PKCS#11 library
- * Any libp11 references to this state are no longer valid
- */
-static int check_fork_int(PKCS11_CTX *ctx)
-{
-	PKCS11_CTX_private *cpriv = PRIVCTX(ctx);
-
-	if (_P11_detect_fork(cpriv->forkid)) {
-		if (pkcs11_CTX_reload(ctx) < 0)
-			return -1;
-		cpriv->forkid = _P11_get_forkid();
-	}
-	return 0;
-}
-
-/*
- * PKCS#11 reinitialization after fork
- * Also relogins and reopens the session if needed
- */
-static int check_slot_fork_int(PKCS11_SLOT *slot)
-{
-	PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
-	PKCS11_CTX *ctx = SLOT2CTX(slot);
-	PKCS11_CTX_private *cpriv = PRIVCTX(ctx);
-
-	if (check_fork_int(SLOT2CTX(slot)) < 0)
-		return -1;
-	if (spriv->forkid != cpriv->forkid) {
-		if (spriv->loggedIn) {
-			int saved = spriv->haveSession;
-			spriv->haveSession = 0;
-			spriv->loggedIn = 0;
-			if (pkcs11_relogin(slot) < 0)
-				return -1;
-			spriv->haveSession = saved;
-		}
-		if (spriv->haveSession) {
-			spriv->haveSession = 0;
-			if (pkcs11_reopen_session(slot) < 0)
-				return -1;
-		}
-		spriv->forkid = cpriv->forkid;
-	}
-	return 0;
-}
-
-/*
- * PKCS#11 reinitialization after fork
- * Also reloads the key
- */
-static int check_key_fork_int(PKCS11_KEY *key)
-{
-	PKCS11_SLOT *slot = KEY2SLOT(key);
-	PKCS11_KEY_private *kpriv = PRIVKEY(key);
-	PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
-
-	if (check_slot_fork_int(slot) < 0)
-		return -1;
-	if (spriv->forkid != kpriv->forkid) {
-		pkcs11_reload_key(key);
-		kpriv->forkid = spriv->forkid;
-	}
-	return 0;
-}
-
-/*
- * Locking interface to check_fork_int()
- */
-static int check_fork(PKCS11_CTX *ctx)
-{
-	PKCS11_CTX_private *cpriv;
-	int rv;
-
-	if (ctx == NULL)
-		return -1;
-	cpriv = PRIVCTX(ctx);
-	CRYPTO_THREAD_write_lock(cpriv->rwlock);
-	rv = check_fork_int(ctx);
-	CRYPTO_THREAD_unlock(cpriv->rwlock);
-	return rv;
-}
-
-/*
- * Locking interface to check_slot_fork_int()
- */
-static int check_slot_fork(PKCS11_SLOT *slot)
-{
-	PKCS11_CTX_private *cpriv;
-	int rv;
-
-	if (slot == NULL)
-		return -1;
-	cpriv = PRIVCTX(SLOT2CTX(slot));
-	CRYPTO_THREAD_write_lock(cpriv->rwlock);
-	rv = check_slot_fork_int(slot);
-	CRYPTO_THREAD_unlock(cpriv->rwlock);
-	return rv;
-}
-
-/*
- * Reinitialize token (just its slot)
- */
-static int check_token_fork(PKCS11_TOKEN *token)
-{
-	if (token == NULL)
-		return -1;
-	return check_slot_fork(TOKEN2SLOT(token));
-}
-
-/*
- * Locking interface to check_key_fork_int()
- */
-static int check_key_fork(PKCS11_KEY *key)
-{
-	PKCS11_CTX_private *cpriv;
-	int rv;
-
-	if (key == NULL)
-		return -1;
-	cpriv = PRIVCTX(KEY2CTX(key));
-	CRYPTO_THREAD_write_lock(cpriv->rwlock);
-	rv = check_key_fork_int(key);
-	CRYPTO_THREAD_unlock(cpriv->rwlock);
-	return rv;
-}
-
-/*
- * Reinitialize cert (just its token)
- */
-static int check_cert_fork(PKCS11_CERT *cert)
-{
-	if (cert == NULL)
-		return -1;
-	return check_token_fork(CERT2TOKEN(cert));
-}
-
 /* External interface to the libp11 features */
 
 PKCS11_CTX *PKCS11_CTX_new(void)
-- 
2.17.1