nhyatt/osslsigncode
1
0
Fork 0
mirror of https://github.com/mtrojnar/osslsigncode.git synced 2025-04-05 01:00:11 -05:00
Code Issues Projects Releases Wiki Activity

Finalize pkcs11 engine

Browse Source 
In order to properly finalize the pkcs11 module, we need to call
ENGINE_finish on the pkcs11 `ENGINE*` object.
This commit is contained in:
Matt Hauck 2020-06-02 10:27:56 -07:00 committed by Michał Trojnara
parent cf331d0064
commit 1670a07089
1 changed files with 28 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
osslsigncode.c
View File

@ -257,6 +257,8 @@ typedef struct {
X509 *cert;
STACK_OF(X509) *certs;
STACK_OF(X509) *xcerts;
ENGINE *dynamic;
ENGINE *pkcs11;
} CRYPTO_PARAMS;
#ifdef WITH_GSF
@ -4320,7 +4322,6 @@ static int read_crypto_params(GLOBAL_OPTIONS *options, CRYPTO_PARAMS *cparams)
PKCS7 *p7 = NULL, *p7x = NULL;
BIO *btmp;
const int CMD_MANDATORY = 0;
ENGINE *dyn, *pkcs11;
int ret = 1;
/* reset crypto */
@ -4358,48 +4359,48 @@ static int read_crypto_params(GLOBAL_OPTIONS *options, CRYPTO_PARAMS *cparams)
} else if (options->p11module != NULL) {
if (options->p11engine != NULL) {
ENGINE_load_dynamic();
dyn = ENGINE_by_id("dynamic");
if (!dyn) {
cparams->dynamic = ENGINE_by_id("dynamic");
if (!cparams->dynamic) {
fprintf(stderr, "Failed to load 'dynamic' engine\n");
ret = 0; /* FAILED */
}
if (1 != ENGINE_ctrl_cmd_string(dyn, "SO_PATH", options->p11engine, CMD_MANDATORY)) {
if (1 != ENGINE_ctrl_cmd_string(cparams->dynamic, "SO_PATH", options->p11engine, CMD_MANDATORY)) {
fprintf(stderr, "Failed to set dyn SO_PATH to '%s'\n", options->p11engine);
ret = 0; /* FAILED */
}
if (1 != ENGINE_ctrl_cmd_string(dyn, "ID", "pkcs11", CMD_MANDATORY)) {
if (1 != ENGINE_ctrl_cmd_string(cparams->dynamic, "ID", "pkcs11", CMD_MANDATORY)) {
fprintf(stderr, "Failed to set dyn ID to 'pkcs11'\n");
ret = 0; /* FAILED */
}
if (1 != ENGINE_ctrl_cmd(dyn, "LIST_ADD", 1, NULL, NULL, CMD_MANDATORY)) {
if (1 != ENGINE_ctrl_cmd(cparams->dynamic, "LIST_ADD", 1, NULL, NULL, CMD_MANDATORY)) {
fprintf(stderr, "Failed to set dyn LIST_ADD to '1'\n");
ret = 0; /* FAILED */
}
if (1 != ENGINE_ctrl_cmd(dyn, "LOAD", 1, NULL, NULL, CMD_MANDATORY)) {
if (1 != ENGINE_ctrl_cmd(cparams->dynamic, "LOAD", 1, NULL, NULL, CMD_MANDATORY)) {
fprintf(stderr, "Failed to set dyn LOAD to '1'\n");
ret = 0; /* FAILED */
}
} else
ENGINE_load_builtin_engines();
pkcs11 = ENGINE_by_id("pkcs11");
if (!pkcs11) {
cparams->pkcs11 = ENGINE_by_id("pkcs11");
if (!cparams->pkcs11) {
fprintf(stderr, "Failed to find and load pkcs11 engine\n");
ret = 0; /* FAILED */
}
if (1 != ENGINE_ctrl_cmd_string(pkcs11, "MODULE_PATH", options->p11module, CMD_MANDATORY)) {
if (1 != ENGINE_ctrl_cmd_string(cparams->pkcs11, "MODULE_PATH", options->p11module, CMD_MANDATORY)) {
fprintf(stderr, "Failed to set pkcs11 engine MODULE_PATH to '%s'\n", options->p11module);
ret = 0; /* FAILED */
}
if (options->pass != NULL &&
1 != ENGINE_ctrl_cmd_string(pkcs11, "PIN", options->pass, CMD_MANDATORY)) {
1 != ENGINE_ctrl_cmd_string(cparams->pkcs11, "PIN", options->pass, CMD_MANDATORY)) {
fprintf(stderr, "Failed to set pkcs11 PIN\n");
ret = 0; /* FAILED */
}
if (1 != ENGINE_init(pkcs11)) {
if (1 != ENGINE_init(cparams->pkcs11)) {
fprintf(stderr, "Failed to initialized pkcs11 engine\n");
ret = 0; /* FAILED */
}
cparams->pkey = ENGINE_load_private_key(pkcs11, options->keyfile, NULL, NULL);
cparams->pkey = ENGINE_load_private_key(cparams->pkcs11, options->keyfile, NULL, NULL);
if (cparams->pkey == NULL) {
fprintf(stderr, "Failed to load private key %s\n", options->keyfile);
ret = 0; /* FAILED */
@ -4470,6 +4471,20 @@ static void free_crypto_params(CRYPTO_PARAMS *cparams, GLOBAL_OPTIONS *options)
sk_X509_pop_free(cparams->xcerts, X509_free);
cparams->xcerts = NULL;
}
if (cparams->pkcs11) {
/* Free the functional reference from ENGINE_init. */
ENGINE_finish(cparams->pkcs11);
/* Free the structural reference from ENGINE_by_id. */
ENGINE_free(cparams->pkcs11);
}
if (cparams->dynamic) {
/*
* Free the structural reference from ENGINE_by_id.
* Note: We do not ENGINE_init the dynamic engine, so we are not responsible to ENGINE_finish it.
*/
ENGINE_free(cparams->dynamic);
}
}
static void free_options(GLOBAL_OPTIONS *options)