From 66ebbaac74a1f6f1960ea1049eb8e75ebbdf9782 Mon Sep 17 00:00:00 2001 From: Michal Trojnara Date: Fri, 28 Feb 2020 05:42:47 +0100 Subject: [PATCH] Revert "fix use-after-free on PKCS11_pkey_meths." This reverts commit e64496a198d4d2eb0310a22dc21be8b81367d319. Upstream-Status: Backport [https://github.com/OpenSC/libp11/commit/66ebbaac74a1f6f1960ea1049eb8e75ebbdf9782] --- src/p11_pkey.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/p11_pkey.c b/src/p11_pkey.c index 8df45abd..4ed98f65 100644 --- a/src/p11_pkey.c +++ b/src/p11_pkey.c @@ -673,8 +673,8 @@ int PKCS11_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth, EVP_PKEY_EC, 0 }; - EVP_PKEY_METHOD *pkey_method_rsa = NULL; - EVP_PKEY_METHOD *pkey_method_ec = NULL; + static EVP_PKEY_METHOD *pkey_method_rsa = NULL; + static EVP_PKEY_METHOD *pkey_method_ec = NULL; (void)e; /* squash the unused parameter warning */ /* all PKCS#11 engines currently share the same pkey_meths */ @@ -687,14 +687,16 @@ int PKCS11_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth, /* get the EVP_PKEY_METHOD */ switch (nid) { case EVP_PKEY_RSA: - pkey_method_rsa = pkcs11_pkey_method_rsa(); + if (!pkey_method_rsa) + pkey_method_rsa = pkcs11_pkey_method_rsa(); if (pkey_method_rsa == NULL) return 0; *pmeth = pkey_method_rsa; return 1; /* success */ #ifndef OPENSSL_NO_EC case EVP_PKEY_EC: - pkey_method_ec = pkcs11_pkey_method_ec(); + if (!pkey_method_ec) + pkey_method_ec = pkcs11_pkey_method_ec(); if (pkey_method_ec == NULL) return 0; *pmeth = pkey_method_ec; From 5aa56b4ac45655aab20bd49bb918e649875b0f4d Mon Sep 17 00:00:00 2001 From: Michal Trojnara Date: Fri, 28 Feb 2020 07:09:42 +0100 Subject: [PATCH] Disable EVP_PKEY_FLAG_DYNAMIC Fixes #328 Upstream-Status: Backport [https://github.com/OpenSC/libp11/commit/5aa56b4ac45655aab20bd49bb918e649875b0f4d] --- src/p11_pkey.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/src/p11_pkey.c b/src/p11_pkey.c index 4ed98f65..4e0956bf 100644 --- a/src/p11_pkey.c +++ b/src/p11_pkey.c @@ -36,7 +36,6 @@ static int (*orig_pkey_ec_sign) (EVP_PKEY_CTX *ctx, const unsigned char *tbs, size_t tbslen); #endif /* OPENSSL_NO_EC */ -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) struct evp_pkey_method_st { int pkey_id; int flags; @@ -75,6 +74,9 @@ struct evp_pkey_method_st { int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2); int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value); } /* EVP_PKEY_METHOD */ ; + +#if OPENSSL_VERSION_NUMBER >= 0x10000000L +#define EVP_PKEY_FLAG_DYNAMIC 1 #endif #if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER) @@ -516,6 +518,11 @@ static EVP_PKEY_METHOD *pkcs11_pkey_method_rsa() new_meth = EVP_PKEY_meth_new(EVP_PKEY_RSA, EVP_PKEY_FLAG_AUTOARGLEN); +#ifdef EVP_PKEY_FLAG_DYNAMIC + /* do not allow OpenSSL to free this object */ + new_meth->flags &= ~EVP_PKEY_FLAG_DYNAMIC; +#endif + EVP_PKEY_meth_copy(new_meth, orig_meth); EVP_PKEY_meth_set_sign(new_meth, @@ -655,6 +662,11 @@ static EVP_PKEY_METHOD *pkcs11_pkey_method_ec() new_meth = EVP_PKEY_meth_new(EVP_PKEY_EC, EVP_PKEY_FLAG_AUTOARGLEN); +#ifdef EVP_PKEY_FLAG_DYNAMIC + /* do not allow OpenSSL to free this object */ + new_meth->flags &= ~EVP_PKEY_FLAG_DYNAMIC; +#endif + EVP_PKEY_meth_copy(new_meth, orig_meth); EVP_PKEY_meth_set_sign(new_meth,