On Tue, 2012-10-02 at 14:37 +0200, Moritz Muehlenhoff wrote: > Please see the thread starting at > http://www.openwall.com/lists/oss-security/2012/09/07/2 > for details. I've had a quick look at this bug to see if it can be fixed in Debian. There are four patches referenced in the thread (I haven't verified if there are more patches required): - http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki;a=commitdiff;h=b7fcb3eb0319183348f1f4fb90ede4edd6487c30 32 files changed, 182 insertions(+), 1166 deletions(-) This change is huge and mainly seems to be quivalent to setting SPINXPL as defined and ensuring SYSVSEM isn't. There are however a few other changes in there which may be due to the removal of the compatibility code. This patch doesn't apply cleanly to 2.3.1 in Debian but I've managed to manually fix it (attached is a version if anyone is interested). - http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki;a=commitdiff;h=58345488c9351d9be9a4be27c8b407c2706a33a9 31 files changed, 2975 insertions(+), 280 deletions(-) Lots of changes in the tests but it also seems to contain some cleanups related to the previous change, a change from lock_shm() to XProcLock(), some moving of locks to /var/lock and a few other changes. - http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki;a=commitdiff;h=8a63b3b17d34718d0f8c7525f93b5eb3c623076a 23 files changed, 449 insertions(+), 99 deletions(-) Includes a FAQ typo fix and the introduction of a lot of new code. - http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki;a=commitdiff;h=5667edb52cd27b7e512f48f823b4bcc6b872ab15 1 files changed, 3 insertions(+), 3 deletions(-) Very small change in the Makfile which creates the lock directory. Should not be relevant for Debian because subdirectories of /var/lock should be created on the fly. The changes are huge and can probably not be easily backported to Debian's 2.3.1. A few other options come to mind: - see if upstream can provide patches for 2.3.1 - see if the necessary fixes can be made some other way - upgrade to upstream 2.4.2 - remove from wheezy (the only reverse dependency for opencryptoki seems to be tpm-tools) Anyway, I don't think I can do much more for this bug because I'm afraid it will take a little more time than I have available at the moment. I was having a look and I though I would just add my notes to the bug log. Good luck with this bug! ;) -- -- arthur - adejong@debian.org - http://people.debian.org/~adejong --
diff -Nauwir opencryptoki-2.3.1+dfsg.orig/usr/include/pkcs11/slotmgr.h opencryptoki-2.3.1+dfsg/usr/include/pkcs11/slotmgr.h --- opencryptoki-2.3.1+dfsg.orig/usr/include/pkcs11/slotmgr.h 2012-10-21 22:43:30.000000000 +0200 +++ opencryptoki-2.3.1+dfsg/usr/include/pkcs11/slotmgr.h 2012-10-21 20:53:09.000000000 +0200 @@ -324,10 +324,7 @@ #define TOK_PATH SBIN_PATH "/pkcsslotd" #endif /* DEV */ -#if (SPINXPL) #define XPL_FILE "/tmp/.pkapi_xpk" -#endif - #define PID_FILE_PATH CONFIG_PATH "/.slotpid" diff -Nauwir opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/api/Makefile.am opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/api/Makefile.am --- opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/api/Makefile.am 2010-01-26 19:22:29.000000000 +0100 +++ opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/api/Makefile.am 2012-10-21 21:03:44.000000000 +0200 @@ -9,7 +9,7 @@ $(SO_CURRENT):$(SO_REVISION):$(SO_AGE) # Not all versions of automake observe libname_CFLAGS -opencryptoki_libopencryptoki_la_CFLAGS = -DSPINXPL -DAPI -DDEV -D_THREAD_SAFE \ +opencryptoki_libopencryptoki_la_CFLAGS = -DAPI -DDEV -D_THREAD_SAFE \ -fPIC -I../. -I../../../include/pkcs11 # Not all versions of automake observe libname_CFLAGS diff -Nauwir opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/api/apiproto.h opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/api/apiproto.h --- opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/api/apiproto.h 2010-01-26 19:22:29.000000000 +0100 +++ opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/api/apiproto.h 2012-10-21 20:53:09.000000000 +0200 @@ -317,8 +317,8 @@ int DL_Load_and_Init(API_Slot_t *,CK_SLOT_ID); -int XProcLock(void *); -int XProcUnLock(void *); +int XProcLock(void); +int XProcUnLock(void); void _init(void); void loginit(); diff -Nauwir opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/api/apiutil.c opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/api/apiutil.c --- opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/api/apiutil.c 2010-01-26 19:22:29.000000000 +0100 +++ opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/api/apiutil.c 2012-10-21 20:53:09.000000000 +0200 @@ -321,13 +321,11 @@ #include <apictl.h> #include <apiproto.h> -#if SPINXPL #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> #include <sys/file.h> static int xplfd=-1; -#endif #include <libgen.h> @@ -414,62 +412,21 @@ } -#if SYSVSEM -#include <sys/sem.h> -int Shm_Sem=-1; // system 5 shared memory semaphore... -pthread_mutex_t semmtx = PTHREAD_MUTEX_INITIALIZER; // local mutex for semaphore functions... -static struct sembuf xlock_lock[2]={ - 0,0,0, - 0,1,SEM_UNDO -}; - -static struct sembuf xlock_unlock[1] = { - 0,-1,(IPC_NOWAIT | SEM_UNDO) -}; - - -#endif - - int -XProcLock(void *x) +XProcLock(void) { -#if PTHREADXPL - return pthread_mutex_lock(x); -#elif POSIXSEM -#error "posix semaphores need to be defined" -#elif SYSVSEM -#error "LINUX Code for sysvsem xproc lock needs to be done" -#elif NOXPROCLOCK - return CKR_OK; -#elif SPINXPL if (xplfd == -1 ) { xplfd = open(XPL_FILE,O_CREAT|O_RDWR,S_IRWXU|S_IRWXG|S_IRWXO); } flock(xplfd,LOCK_EX); return CKR_OK; -#else -#error "XProcess locking needs to be defined" -#endif } int -XProcUnLock(void *x) +XProcUnLock(void) { -#if PTHREADXPL - return pthread_mutex_unlock(x); -#elif POSIXSEM -#error "posix semaphores need to be defined" -#elif SYSVSEM -#error "LINUX Code for sysvsem xproc lock needs to be done" -#elif NOXPROCLOCK - return CKR_OK; -#elif SPINXPL flock(xplfd,LOCK_UN); return CKR_OK; -#else -#error "XProcess locking needs to be definec" -#endif } @@ -642,7 +599,7 @@ // Get the slot mutex shm = Anchor->SharedMemP; - XProcLock(&(shm->slt_mutex)); + XProcLock(); sinfp = &(shm->slot_info[slotID]); sinfp->global_sessions++; @@ -650,7 +607,7 @@ procp = &shm->proc_table[Anchor->MgrProcIndex]; procp->slot_session_count[slotID]++; - XProcUnLock(&(shm->slt_mutex)); + XProcUnLock(); } @@ -671,7 +628,7 @@ // Get the slot mutex shm = Anchor->SharedMemP; - XProcLock(&(shm->slt_mutex)); + XProcLock(); sinfp = &(shm->slot_info[slotID]); if (sinfp->global_sessions > 0){ @@ -683,7 +640,7 @@ procp->slot_session_count[slotID]++; } - XProcUnLock(&(shm->slt_mutex)); + XProcUnLock(); } @@ -711,22 +668,22 @@ shm = Anchor->SharedMemP; #ifdef PKCS64 - XProcLock(&(shm->slt_mutex)); + XProcLock(); sinfp = &(shm->slot_info[slotID]); if (sinfp->global_sessions == 0) { - XProcUnLock(&(shm->slt_mutex)); + XProcUnLock(); return FALSE; } - XProcUnLock(&(shm->slt_mutex)); + XProcUnLock(); #else - XProcLock(&(shm->slt_mutex)); + XProcLock(); sinfp = &(shm->slot_info[slotID]); if (sinfp->global_sessions == 0) { - XProcUnLock(&(shm->slt_mutex)); + XProcUnLock(); return FALSE; } - XProcUnLock(&(shm->slt_mutex)); + XProcUnLock(); #endif return TRUE; @@ -735,22 +692,16 @@ void unlock_shm() { - Slot_Mgr_Shr_t *shm; - shm = Anchor->SharedMemP; - - XProcUnLock(&(shm->slt_mutex)); + XProcUnLock(); } void lock_shm() { - Slot_Mgr_Shr_t *shm; - shm = Anchor->SharedMemP; - XProcLock(&(shm->slt_mutex)); + XProcLock(); } - // Terminates all sessions associated with a given process // this cleans up any lingering sessions with the process // and does not @@ -802,14 +753,14 @@ uint16 indx; - // Grab the Shared Memory MUTEX to prevent other updates to the + // Grab the Shared Memory lock to prevent other updates to the // SHM Process // The registration is done to allow for future handling of // the Slot Event List. Which is maintained by the Slotd. shm = Anchor->SharedMemP; - XProcLock(&(shm->slt_mutex)); + XProcLock(); procp = shm->proc_table; for (indx=0;indx< NUMBER_PROCESSES_ALLOWED; indx++,procp++){ @@ -820,7 +771,7 @@ // un-registering, and restarting with exactly the same PID // before the slot manager garbage collection can performed. // To eliminate the race condition between garbage collection - // the shm-slt_mutex will protect us. + // the lock should protect us. // This should be a VERY rare (if ever) occurance, given the // way AIX deals with re-allocation of PID;s, however if this // ever gets ported over to another platform we want to deal @@ -841,7 +792,7 @@ // If we did not find a free entry then we fail the routine if ( (reuse == -1) && (free == -1 ) ){ - XProcUnLock(&(shm->slt_mutex)); + XProcUnLock(); return FALSE; } @@ -876,7 +827,7 @@ //Does initializing them in the slotd allow for them to not be //initialized in the application. - XProcUnLock(&(shm->slt_mutex)); + XProcUnLock(); return TRUE; } @@ -898,14 +849,14 @@ Slot_Mgr_Proc_t *procp; #endif - // Grab the Shared Memory MUTEX to prevent other updates to the + // Grab the Shared Memory lock to prevent other updates to the // SHM Process // The registration is done to allow for future handling of // the Slot Event List. Which is maintained by the Slotd. shm = Anchor->SharedMemP; - XProcLock(&(shm->slt_mutex)); + XProcLock(); procp = &(shm->proc_table[Anchor->MgrProcIndex]); @@ -921,7 +872,7 @@ //Does initializing them in the slotd allow for them to not be //initialized in the application. - XProcUnLock(&(shm->slt_mutex)); + XProcUnLock(); } diff -Nauwir opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/cca_stdll/Makefile.am opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/cca_stdll/Makefile.am --- opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/cca_stdll/Makefile.am 2010-01-26 19:22:29.000000000 +0100 +++ opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/cca_stdll/Makefile.am 2012-10-21 20:53:09.000000000 +0200 @@ -7,7 +7,7 @@ nobase_lib_LTLIBRARIES=opencryptoki/stdll/libpkcs11_cca.la # Not all versions of automake observe libname_CFLAGS -opencryptoki_stdll_libpkcs11_cca_la_CFLAGS = -DLINUX -DSPINXPL -DNOCDMF \ +opencryptoki_stdll_libpkcs11_cca_la_CFLAGS = -DLINUX -DNOCDMF \ -DNODSA -DNODH -DNOECB \ -I. -I../../../include -I../../../include/pkcs11 -I../common \ -DSTDLL_NAME=\"ccatok\" diff -Nauwir opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/cca_stdll/globals.c opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/cca_stdll/globals.c --- opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/cca_stdll/globals.c 2010-01-26 19:22:29.000000000 +0100 +++ opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/cca_stdll/globals.c 2012-10-21 21:04:56.000000000 +0200 @@ -41,12 +41,6 @@ pthread_mutex_t native_mutex ; MUTEX pkcs_mutex, obj_list_mutex, sess_list_mutex, login_mutex; -#if SYSVSEM -int xprocsemid = -1; -#endif - -void *xproclock; - DL_NODE *sess_list = NULL; DL_NODE *sess_obj_list = NULL; DL_NODE *publ_token_obj_list = NULL; @@ -273,5 +267,3 @@ CK_BYTE user_pin_md5[MD5_HASH_SIZE]; CK_BYTE so_pin_md5[MD5_HASH_SIZE]; CK_BYTE master_key[MASTER_KEY_SIZE]; - - diff -Nauwir opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/cca_stdll/h_extern.h opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/cca_stdll/h_extern.h --- opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/cca_stdll/h_extern.h 2010-01-26 19:22:29.000000000 +0100 +++ opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/cca_stdll/h_extern.h 2012-10-21 20:53:09.000000000 +0200 @@ -44,12 +44,6 @@ extern CK_ULONG mech_list_len; extern pthread_mutex_t native_mutex; -#if SYSVSEM -extern int xprocsemid; -#endif - - -extern void *xproclock; extern MUTEX pkcs_mutex, obj_list_mutex, sess_list_mutex, login_mutex; diff -Nauwir opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/cca_stdll/host_defs.h opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/cca_stdll/host_defs.h --- opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/cca_stdll/host_defs.h 2010-01-26 19:22:29.000000000 +0100 +++ opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/cca_stdll/host_defs.h 2012-10-21 20:53:09.000000000 +0200 @@ -14,7 +14,6 @@ #ifndef _HOST_DEFS_H #define _HOST_DEFS_H -#include <semaphore.h> #include <pthread.h> #include <endian.h> @@ -225,14 +224,6 @@ // linux typedef pthread_mutex_t MUTEX; -// This is actualy wrong... XPROC will be with spinlocks -#if (SPINXPL) -#define XPROCLOCK unsigned int -#else -#define XPROCLOCK MUTEX -#endif - - typedef struct _TEMPLATE { DL_NODE *attribute_list; @@ -369,11 +360,6 @@ typedef struct _LW_SHM_TYPE { - XPROCLOCK mutex; -#if SYSVSEM - key_t semtok; -#endif - TOKEN_DATA nv_token_data; CK_ULONG_32 num_priv_tok_obj; CK_ULONG_32 num_publ_tok_obj; @@ -389,9 +375,4 @@ #define MY_LockMutex(x) _LockMutex((MUTEX *)(x)) #define MY_UnlockMutex(x) _UnlockMutex((MUTEX *)(x)) -#define MY_CreateMsem(x) CreateXProcLock((void *)(x)) -#define MY_DestroyMsem(x) DestroyXProcLock((void *)(x)) -#define MY_LockMsem(x) XProcLock((void *)(x)) -#define MY_UnlockMsem(x) XProcUnLock((void *)(x)) - #endif diff -Nauwir opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/cca_stdll/loadsave.c opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/cca_stdll/loadsave.c --- opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/cca_stdll/loadsave.c 2010-01-26 19:22:29.000000000 +0100 +++ opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/cca_stdll/loadsave.c 2012-10-21 20:53:09.000000000 +0200 @@ -70,7 +70,7 @@ sprintf((char *)fname,"%s/%s",(char *)pk_dir, PK_LITE_NV); - rc = XProcLock( xproclock ); + rc = XProcLock(); if (rc != CKR_OK){ st_err_log(150, __FILE__, __LINE__); goto out_nolock; @@ -82,9 +82,9 @@ if (errno == ENOENT) { /* init_token_data may call save_token_data, which graps the * xproclock, so we must release it around this call */ - XProcUnLock( xproclock ); + XProcUnLock(); init_token_data(); - rc = XProcLock( xproclock ); + rc = XProcLock(); if (rc != CKR_OK){ st_err_log(150, __FILE__, __LINE__); goto out_nolock; @@ -120,7 +120,7 @@ rc = CKR_OK; out_unlock: - XProcUnLock( xproclock ); + XProcUnLock(); out_nolock: return rc; @@ -140,7 +140,7 @@ sprintf((char *)fname,"%s/%s",pk_dir, PK_LITE_NV); - rc = XProcLock( xproclock ); + rc = XProcLock(); if (rc != CKR_OK){ st_err_log(150, __FILE__, __LINE__); goto out_nolock; @@ -165,7 +165,7 @@ rc = CKR_OK; done: - XProcUnLock( xproclock ); + XProcUnLock(); out_nolock: return rc; diff -Nauwir opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/cca_stdll/new_host.c opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/cca_stdll/new_host.c --- opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/cca_stdll/new_host.c 2010-01-26 19:22:29.000000000 +0100 +++ opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/cca_stdll/new_host.c 2012-10-21 21:30:25.000000000 +0200 @@ -110,10 +110,8 @@ return TRUE; } -#ifdef SPINXPL extern int spinxplfd; extern int spin_created; -#endif void Fork_Initializer(void) @@ -122,10 +120,8 @@ stloginit(); // Initialize Logging so we can capture // EVERYTHING -#ifdef SPINXPL spinxplfd = -1; spin_created = 0; -#endif // Force logout. This cleans out the private session and list // and cleans out the private object map @@ -387,10 +383,6 @@ // Handle global initialization issues first if we have not // been initialized. if (st_Initialized() == FALSE){ -#if SYSVSEM - xproclock = (void *)&xprocsemid; - CreateXProcLock(xproclock); -#endif if ( (rc = attach_shm()) != CKR_OK) { st_err_log(144, __FILE__, __LINE__); goto done; @@ -424,9 +416,9 @@ load_public_token_objects(); - XProcLock( xproclock ); + XProcLock(); global_shm->publ_loaded = TRUE; - XProcUnLock( xproclock ); + XProcUnLock(); init_slotInfo(); @@ -889,7 +881,7 @@ st_err_log(148, __FILE__, __LINE__); goto done; } - rc = XProcLock( xproclock ); + rc = XProcLock(); if (rc != CKR_OK){ st_err_log(150, __FILE__, __LINE__); goto done; @@ -898,7 +890,7 @@ nv_token_data->token_info.flags |= CKF_USER_PIN_INITIALIZED; nv_token_data->token_info.flags &= ~(CKF_USER_PIN_TO_BE_CHANGED); nv_token_data->token_info.flags &= ~(CKF_USER_PIN_LOCKED); - XProcUnLock(xproclock); + XProcUnLock(); memcpy( user_pin_md5, hash_md5, MD5_HASH_SIZE ); rc = save_token_data(); if (rc != CKR_OK){ @@ -987,7 +979,7 @@ rc = CKR_PIN_INVALID; goto done; } - rc = XProcLock( xproclock ); + rc = XProcLock(); if (rc != CKR_OK){ st_err_log(150, __FILE__, __LINE__); goto done; @@ -997,7 +989,7 @@ memcpy(user_pin_md5, hash_md5, MD5_HASH_SIZE); nv_token_data->token_info.flags &= ~(CKF_USER_PIN_TO_BE_CHANGED); - XProcUnLock( xproclock ); + XProcUnLock(); rc = save_token_data(); if (rc != CKR_OK){ st_err_log(104, __FILE__, __LINE__); @@ -1026,7 +1018,7 @@ rc = CKR_PIN_INVALID; goto done; } - rc = XProcLock( xproclock ); + rc = XProcLock(); if (rc != CKR_OK){ st_err_log(150, __FILE__, __LINE__); goto done; @@ -1034,7 +1026,7 @@ memcpy(nv_token_data->so_pin_sha, new_hash_sha, SHA1_HASH_SIZE); memcpy( so_pin_md5, hash_md5, MD5_HASH_SIZE ); nv_token_data->token_info.flags &= ~(CKF_SO_PIN_TO_BE_CHANGED); - XProcUnLock( xproclock ); + XProcUnLock(); rc = save_token_data(); if (rc != CKR_OK){ st_err_log(104, __FILE__, __LINE__); @@ -1426,9 +1418,9 @@ } rc = load_private_token_objects(); - XProcLock( xproclock ); + XProcLock(); global_shm->priv_loaded = TRUE; - XProcUnLock( xproclock ); + XProcUnLock(); } else { diff -Nauwir opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/cca_stdll/utility.c opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/cca_stdll/utility.c --- opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/cca_stdll/utility.c 2010-01-26 19:22:29.000000000 +0100 +++ opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/cca_stdll/utility.c 2012-10-21 21:35:23.000000000 +0200 @@ -31,9 +31,7 @@ #include "tok_spec_struct.h" #include "pkcs32.h" -#if (SPINXPL) #include <sys/file.h> -#endif @@ -290,18 +288,6 @@ } CK_RV -_CreateMsem( sem_t *msem ) -{ - if (!sem_init( msem,0, 1)) // parm 2 non-0 means pshared 1 is unlocked 0 is locked - //if (!sem_init( msem,1, 1)) // parm 2 non-0 means pshared 1 is unlocked 0 is locked - return CKR_OK; - else{ - st_err_log(4, __FILE__, __LINE__, __FUNCTION__); - return CKR_FUNCTION_FAILED; - } -} - -CK_RV _DestroyMutex( MUTEX *mutex ) { // no-op in AIX @@ -311,18 +297,6 @@ } CK_RV -_DestroyMsem( sem_t *msem ) -{ - if (!sem_destroy(msem)) - return CKR_OK; - else{ - st_err_log(4, __FILE__, __LINE__, __FUNCTION__); - return CKR_FUNCTION_FAILED; - } -} - - -CK_RV _LockMutex( MUTEX *mutex ) { pthread_mutex_lock( mutex); @@ -331,21 +305,6 @@ } CK_RV -_LockMsem( sem_t *msem ) -{ - if (!msem){ - st_err_log(4, __FILE__, __LINE__, __FUNCTION__); - return CKR_FUNCTION_FAILED; - } - if(!sem_wait(msem)) // block until the semaphore is free - return CKR_OK; - else{ - st_err_log(4, __FILE__, __LINE__, __FUNCTION__); - return CKR_FUNCTION_FAILED; - } -} - -CK_RV _UnlockMutex( MUTEX *mutex ) { pthread_mutex_unlock(mutex); @@ -353,49 +312,14 @@ } -CK_RV -_UnlockMsem( sem_t *msem ) -{ - if (!msem){ - st_err_log(4, __FILE__, __LINE__, __FUNCTION__); - return CKR_FUNCTION_FAILED; - } - if (!sem_post(msem)) - return CKR_OK; - else{ - st_err_log(4, __FILE__, __LINE__, __FUNCTION__); - return CKR_FUNCTION_FAILED; - } -} - -#if SYSVSEM -#include <sys/sem.h> -// These structures are needed to effect a lock -// using SYS V semaphores... -static struct sembuf xlock_lock[2]={ - 0,0,0, - 0,1,SEM_UNDO -}; - -static struct sembuf xlock_unlock[1] = { - 0,-1,(IPC_NOWAIT | SEM_UNDO) -}; - -static pthread_mutex_t semmtx = PTHREAD_MUTEX_INITIALIZER; - -#endif - - int spinxplfd=-1; int spin_created=0; extern void set_perm(int); CK_RV -CreateXProcLock(void *xproc) +CreateXProcLock(void) { - -#if (SPINXPL) // open the file that we will do the locking on... spinxplfd = open("/tmp/.pkcs11spinloc",O_CREAT|O_APPEND|O_RDWR, S_IRWXU|S_IRWXG|S_IRWXO); @@ -408,86 +332,16 @@ perror("XPROC CREATE file :"); } return CKR_OK; -#elif SYSVSEM - int semid; - int *psem; - key_t tok; - - tok = ftok( pk_dir, 'c' ); - -//printf("creating semaphore %x \n",tok); - - psem = (int *)xproc; -if ( *psem < 0 ) { - if ( (semid = semget(tok,1,IPC_CREAT | 0666)) < 0 ){ - if (errno == EEXIST) { - if ( (semid = semget(tok,0,0)) < 0) { - pthread_mutex_unlock(&semmtx); - st_err_log(4, __FILE__, __LINE__, __FUNCTION__); - return CKR_FUNCTION_FAILED; - } - } else { - pthread_mutex_unlock(&semmtx); - st_err_log(4, __FILE__, __LINE__, __FUNCTION__); - return CKR_FUNCTION_FAILED; - } - } -} - psem = (int *)xproc; - *psem = semid; -//pthread_mutex_unlock(&semmtx); - return CKR_OK; - - // we know that semaphores are created unlocked -#elif POSIXSEM - return _CreateMsem((sem_t *)xproc); -#elif PTHREADXPL - pthread_mutex_attr_t mtxattr; - - pthread_mutexattr_init(&mtxattr); - pthread_mutexattr_setpshared(&mtxattr,PTHREAD_PROCESS_SHARED); - pthread_mutex_init((pthread_mutex_t *)xproc,&mtxattr); - -#elif NOXPROCLOCK - return CKR_OK; -#else -#error "Define XPROC LOCKS" - -#endif } CK_RV -DestroyXProcLock(void *xproc) +DestroyXProcLock(void) { -#if SPINXPL - return CKR_OK; -#elif SYSVSEM - int semid,*psem; - -//printf("Destroying semaphore %x \n",xproc); - -pthread_mutex_lock(&semmtx); - psem = (int *)xproc; - semid = *psem; - - semctl(semid,1,IPC_RMID,0); -pthread_mutex_unlock(&semmtx); - return CKR_OK; -#elif POSIXSEM - return _DestroyMsem((sem_t *)xproc); -#elif PTHREADXPL - return pthread_mutex_destroy((pthread_mutex_t *)xproc); -#elif NOXPROCLOCK - return CKR_OK; -#else -#error "Define XPROC LOCKS" -#endif } CK_RV -XProcLock(void *xproc) +XProcLock(void) { -#if SPINXPL if (!spin_created) { spinxplfd = open("/tmp/.pkcs11spinloc",O_CREAT|O_APPEND|O_RDWR, S_IRWXU|S_IRWXG|S_IRWXO); @@ -498,33 +352,11 @@ flock(spinxplfd,LOCK_EX); } return CKR_OK; -#elif SYSVSEM - int semid,*psem; - pthread_mutex_lock(&semmtx); - return CKR_OK; - - pthread_mutex_lock(&semmtx); - psem = (int *)xproc; - semid = *psem; - semop(semid,&xlock_lock[0],2); - pthread_mutex_unlock(&semmtx); - return CKR_OK; - -#elif POSIXSEM - return _LockMsem((sem_t *)xproc); -#elif PTHREADXPL - return _LockMutex((MUTEX *)xproc); -#elif NOXPROCLOCK - return CKR_OK; -#else -#error "Define XPROC LOCKS" - -#endif } + CK_RV -XProcUnLock(void *xproc) +XProcUnLock(void) { -#if SPINXPL if (!spin_created) { spinxplfd = open("/tmp/.pkcs11spinloc",O_CREAT|O_APPEND|O_RDWR, S_IRWXU|S_IRWXG|S_IRWXO); @@ -535,26 +367,6 @@ flock(spinxplfd,LOCK_UN); } return CKR_OK; -#elif SYSVSEM - int semid,*psem; - pthread_mutex_unlock(&semmtx); - return CKR_OK; - - pthread_mutex_lock(&semmtx); - psem = (int *)xproc; - semid = *psem; - semop(semid,&xlock_unlock[0],1); - pthread_mutex_unlock(&semmtx); - return CKR_OK; -#elif POSIXSEM - return _UnlockMsem((sem_t *)xproc); -#elif PTHREADXPL - return _UnlockMutex((MUTEX *)xproc); -#elif NOXPROCLOCK - return CKR_OK; -#else -#error "Define XPROC LOCKS" -#endif } @@ -1023,23 +835,13 @@ return CKR_FUNCTION_FAILED; } if (created == TRUE) { -#if !(SYSVSEM) -// SYSV sem's are a global that is handled in the -// Initialize routine... all others are stored in the -// shared memory segment so we have to do -// this here after the segment is created -// to prevent a core dump - CreateXProcLock( &global_shm->mutex ); - xproclock = (void *)&global_shm->mutex; // need to do this here -#endif - XProcLock( xproclock ); + CreateXProcLock(); + XProcLock(); global_shm->num_publ_tok_obj = 0; global_shm->num_priv_tok_obj = 0; memset( &global_shm->publ_tok_objs, 0x0, 2048 * sizeof(TOK_OBJ_ENTRY) ); memset( &global_shm->priv_tok_objs, 0x0, 2048 * sizeof(TOK_OBJ_ENTRY) ); - XProcUnLock( xproclock ); - } else { - xproclock = (void *)&global_shm->mutex; + XProcUnLock(); } #elif MMAP { @@ -1088,14 +890,12 @@ global_shm = (LW_SHM_TYPE *)mmap(NULL,sizeof(LW_SHM_TYPE),PROT_READ|PROT_WRITE,MAP_SHARED,fd,0); if (created == TRUE) { - XProcLock( xproclock ); + XProcLock(); global_shm->num_publ_tok_obj = 0; global_shm->num_priv_tok_obj = 0; memset( &global_shm->publ_tok_objs, 0x0, 2048 * sizeof(TOK_OBJ_ENTRY) ); memset( &global_shm->priv_tok_objs, 0x0, 2048 * sizeof(TOK_OBJ_ENTRY) ); - XProcUnLock( xproclock ); - } else { - xproclock = (void *)&global_shm->mutex; + XProcUnLock(); } rc = CKR_OK; @@ -1169,5 +969,3 @@ return CKR_OK; } - - diff -Nauwir opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/common/globals.c opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/common/globals.c --- opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/common/globals.c 2010-01-26 19:22:29.000000000 +0100 +++ opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/common/globals.c 2012-10-21 21:35:58.000000000 +0200 @@ -317,12 +317,6 @@ pthread_mutex_t native_mutex ; MUTEX pkcs_mutex, obj_list_mutex, sess_list_mutex, login_mutex; -#if SYSVSEM -int xprocsemid = -1; -#endif - -void *xproclock; - DL_NODE *sess_list = NULL; DL_NODE *sess_obj_list = NULL; DL_NODE *publ_token_obj_list = NULL; @@ -549,5 +543,3 @@ CK_BYTE user_pin_md5[MD5_HASH_SIZE]; CK_BYTE so_pin_md5[MD5_HASH_SIZE]; CK_BYTE master_key[3 * DES_KEY_SIZE]; - - diff -Nauwir opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/common/h_extern.h opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/common/h_extern.h --- opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/common/h_extern.h 2010-01-26 19:22:29.000000000 +0100 +++ opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/common/h_extern.h 2012-10-21 20:53:10.000000000 +0200 @@ -328,12 +328,6 @@ extern CK_ULONG mech_list_len; extern pthread_mutex_t native_mutex; -#if SYSVSEM -extern int xprocsemid; -#endif - - -extern void *xproclock; extern MUTEX pkcs_mutex, obj_list_mutex, sess_list_mutex, login_mutex; diff -Nauwir opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/common/host_defs.h opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/common/host_defs.h --- opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/common/host_defs.h 2010-01-26 19:22:29.000000000 +0100 +++ opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/common/host_defs.h 2012-10-21 20:53:10.000000000 +0200 @@ -298,7 +298,6 @@ #ifndef _HOST_DEFS_H #define _HOST_DEFS_H -#include <semaphore.h> #include <pthread.h> #include <endian.h> @@ -510,12 +509,6 @@ typedef pthread_mutex_t MUTEX; // This is actualy wrong... XPROC will be with spinlocks -#if (SPINXPL) -#define XPROCLOCK unsigned int -#else -#define XPROCLOCK MUTEX -#endif - typedef struct _TEMPLATE { @@ -653,11 +646,6 @@ typedef struct _LW_SHM_TYPE { - XPROCLOCK mutex; -#if SYSVSEM - key_t semtok; -#endif - TOKEN_DATA nv_token_data; CK_ULONG_32 num_priv_tok_obj; CK_ULONG_32 num_publ_tok_obj; @@ -673,9 +661,4 @@ #define MY_LockMutex(x) _LockMutex((MUTEX *)(x)) #define MY_UnlockMutex(x) _UnlockMutex((MUTEX *)(x)) -#define MY_CreateMsem(x) CreateXProcLock((void *)(x)) -#define MY_DestroyMsem(x) DestroyXProcLock((void *)(x)) -#define MY_LockMsem(x) XProcLock((void *)(x)) -#define MY_UnlockMsem(x) XProcUnLock((void *)(x)) - #endif diff -Nauwir opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/common/loadsave.c opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/common/loadsave.c --- opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/common/loadsave.c 2010-01-26 19:22:29.000000000 +0100 +++ opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/common/loadsave.c 2012-10-21 20:53:10.000000000 +0200 @@ -347,7 +347,7 @@ sprintf((char *)fname,"%s/%s",(char *)pk_dir, PK_LITE_NV); - rc = XProcLock( xproclock ); + rc = XProcLock(); if (rc != CKR_OK){ st_err_log(150, __FILE__, __LINE__); goto out_nolock; @@ -358,10 +358,10 @@ /* Better error checking added */ if (errno == ENOENT) { /* init_token_data may call save_token_data, which graps the - * xproclock, so we must release it around this call */ - XProcUnLock( xproclock ); + * lock, so we must release it around this call */ + XProcUnLock(); init_token_data(); - rc = XProcLock( xproclock ); + rc = XProcLock(); if (rc != CKR_OK){ st_err_log(150, __FILE__, __LINE__); goto out_nolock; @@ -397,7 +397,7 @@ rc = CKR_OK; out_unlock: - XProcUnLock( xproclock ); + XProcUnLock(); out_nolock: return rc; @@ -417,7 +417,7 @@ sprintf((char *)fname,"%s/%s",pk_dir, PK_LITE_NV); - rc = XProcLock( xproclock ); + rc = XProcLock(); if (rc != CKR_OK){ st_err_log(150, __FILE__, __LINE__); goto out_nolock; @@ -442,7 +442,7 @@ rc = CKR_OK; done: - XProcUnLock( xproclock ); + XProcUnLock(); out_nolock: return rc; diff -Nauwir opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/common/new_host.c opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/common/new_host.c --- opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/common/new_host.c 2010-01-26 19:22:29.000000000 +0100 +++ opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/common/new_host.c 2012-10-21 21:36:55.000000000 +0200 @@ -665,10 +665,6 @@ // Handle global initialization issues first if we have not // been initialized. if (st_Initialized() == FALSE){ -#if SYSVSEM - xproclock = (void *)&xprocsemid; - CreateXProcLock(xproclock); -#endif if ( (rc = attach_shm()) != CKR_OK) { st_err_log(144, __FILE__, __LINE__); goto done; @@ -702,9 +698,9 @@ load_public_token_objects(); - XProcLock( xproclock ); + XProcLock(); global_shm->publ_loaded = TRUE; - XProcUnLock( xproclock ); + XProcUnLock(); init_slotInfo(); @@ -1167,7 +1163,7 @@ st_err_log(148, __FILE__, __LINE__); goto done; } - rc = XProcLock( xproclock ); + rc = XProcLock(); if (rc != CKR_OK){ st_err_log(150, __FILE__, __LINE__); goto done; @@ -1176,7 +1172,7 @@ nv_token_data->token_info.flags |= CKF_USER_PIN_INITIALIZED; nv_token_data->token_info.flags &= ~(CKF_USER_PIN_TO_BE_CHANGED); nv_token_data->token_info.flags &= ~(CKF_USER_PIN_LOCKED); - XProcUnLock(xproclock); + XProcUnLock(); memcpy( user_pin_md5, hash_md5, MD5_HASH_SIZE ); rc = save_token_data(); if (rc != CKR_OK){ @@ -1265,7 +1261,7 @@ rc = CKR_PIN_INVALID; goto done; } - rc = XProcLock( xproclock ); + rc = XProcLock(); if (rc != CKR_OK){ st_err_log(150, __FILE__, __LINE__); goto done; @@ -1275,7 +1271,7 @@ memcpy(user_pin_md5, hash_md5, MD5_HASH_SIZE); nv_token_data->token_info.flags &= ~(CKF_USER_PIN_TO_BE_CHANGED); - XProcUnLock( xproclock ); + XProcUnLock(); rc = save_token_data(); if (rc != CKR_OK){ st_err_log(104, __FILE__, __LINE__); @@ -1304,7 +1300,7 @@ rc = CKR_PIN_INVALID; goto done; } - rc = XProcLock( xproclock ); + rc = XProcLock(); if (rc != CKR_OK){ st_err_log(150, __FILE__, __LINE__); goto done; @@ -1312,7 +1308,7 @@ memcpy(nv_token_data->so_pin_sha, new_hash_sha, SHA1_HASH_SIZE); memcpy( so_pin_md5, hash_md5, MD5_HASH_SIZE ); nv_token_data->token_info.flags &= ~(CKF_SO_PIN_TO_BE_CHANGED); - XProcUnLock( xproclock ); + XProcUnLock(); rc = save_token_data(); if (rc != CKR_OK){ st_err_log(104, __FILE__, __LINE__); @@ -1704,9 +1700,9 @@ } rc = load_private_token_objects(); - XProcLock( xproclock ); + XProcLock(); global_shm->priv_loaded = TRUE; - XProcUnLock( xproclock ); + XProcUnLock(); } else { diff -Nauwir opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/common/obj_mgr.c opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/common/obj_mgr.c --- opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/common/obj_mgr.c 2010-01-26 19:22:29.000000000 +0100 +++ opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/common/obj_mgr.c 2012-10-21 21:38:19.000000000 +0200 @@ -406,7 +406,7 @@ // we'll be modifying nv_token_data so we should protect this part with // the 'pkcs_mutex' // - rc = XProcLock( xproclock ); + rc = XProcLock(); if (rc != CKR_OK){ st_err_log(150, __FILE__, __LINE__); goto done; @@ -419,7 +419,7 @@ if (global_shm->num_priv_tok_obj >= MAX_TOK_OBJS) { rc = CKR_HOST_MEMORY; st_err_log(1, __FILE__, __LINE__); - XProcUnLock(xproclock); + XProcUnLock(); goto done; } } @@ -427,7 +427,7 @@ if (global_shm->num_publ_tok_obj >= MAX_TOK_OBJS) { rc = CKR_HOST_MEMORY; st_err_log(1, __FILE__, __LINE__); - XProcUnLock(xproclock); + XProcUnLock(); goto done; } } @@ -446,7 +446,7 @@ // object_mgr_add_to_shm( o ); - XProcUnLock( xproclock ); + XProcUnLock(); // save_token_data has to lock the mutex itself because it's used elsewhere // @@ -490,14 +490,14 @@ publ_token_obj_list = dlist_remove_node( publ_token_obj_list, node ); } - rc = XProcLock( xproclock ); + rc = XProcLock(); if (rc != CKR_OK){ st_err_log(150, __FILE__, __LINE__); goto done; } object_mgr_del_from_shm( o ); - XProcUnLock( xproclock ); + XProcUnLock(); } } @@ -671,7 +671,7 @@ // we'll be modifying nv_token_data so we should protect this part // with 'pkcs_mutex' // - rc = XProcLock( xproclock ); + rc = XProcLock(); if (rc != CKR_OK){ st_err_log(150, __FILE__, __LINE__); goto done; @@ -682,7 +682,7 @@ // if (priv_obj) { if (global_shm->num_priv_tok_obj >= MAX_TOK_OBJS) { - XProcUnLock(xproclock); + XProcUnLock(); st_err_log(1, __FILE__, __LINE__); rc = CKR_HOST_MEMORY; goto done; @@ -690,7 +690,7 @@ } else { if (global_shm->num_publ_tok_obj >= MAX_TOK_OBJS) { - XProcUnLock(xproclock); + XProcUnLock(); st_err_log(1, __FILE__, __LINE__); rc = CKR_HOST_MEMORY; goto done; @@ -710,7 +710,7 @@ // object_mgr_add_to_shm( new_obj ); - XProcUnLock( xproclock ); + XProcUnLock(); save_token_data(); } @@ -753,14 +753,14 @@ publ_token_obj_list = dlist_remove_node( publ_token_obj_list, node ); } - rc = XProcLock( xproclock ); + rc = XProcLock(); if (rc != CKR_OK){ st_err_log(150, __FILE__, __LINE__); goto done; } object_mgr_del_from_shm( new_obj ); - XProcUnLock( xproclock ); + XProcUnLock(); } } @@ -896,7 +896,7 @@ // we'll be modifying nv_token_data so we should protect this part // with 'pkcs_mutex' // - rc = XProcLock( xproclock ); + rc = XProcLock(); if (rc != CKR_OK){ st_err_log(150, __FILE__, __LINE__); goto done; @@ -907,7 +907,7 @@ // if (priv_obj) { if (global_shm->num_priv_tok_obj >= MAX_TOK_OBJS) { - XProcUnLock(xproclock); + XProcUnLock(); st_err_log(1, __FILE__, __LINE__); rc = CKR_HOST_MEMORY; goto done; @@ -915,7 +915,7 @@ } else { if (global_shm->num_publ_tok_obj >= MAX_TOK_OBJS) { - XProcUnLock(xproclock); + XProcUnLock(); st_err_log(1, __FILE__, __LINE__); rc = CKR_HOST_MEMORY; goto done; @@ -935,7 +935,7 @@ // object_mgr_add_to_shm( obj ); - XProcUnLock( xproclock ); + XProcUnLock(); save_token_data(); } @@ -977,14 +977,14 @@ publ_token_obj_list = dlist_remove_node( publ_token_obj_list, node ); } - rc = XProcLock( xproclock ); + rc = XProcLock(); if (rc != CKR_OK){ st_err_log(150, __FILE__, __LINE__); goto done; } object_mgr_del_from_shm( obj ); - XProcUnLock( xproclock ); + XProcUnLock(); } } @@ -1053,14 +1053,14 @@ node = dlist_find( publ_token_obj_list, obj ); if (node) { - rc = XProcLock( xproclock ); + rc = XProcLock(); if (rc != CKR_OK){ st_err_log(150, __FILE__, __LINE__); goto done; } object_mgr_del_from_shm( obj ); - XProcUnLock( xproclock ); + XProcUnLock(); object_mgr_remove_from_map( handle ); @@ -1146,7 +1146,7 @@ // now we want to purge the token object list in shared memory // - rc = XProcLock( xproclock ); + rc = XProcLock(); if (rc == CKR_OK) { locked2 = TRUE; @@ -1161,7 +1161,7 @@ done: if (locked1 == TRUE) MY_UnlockMutex( &obj_list_mutex ); - if (locked2 == TRUE) XProcUnLock( xproclock ); + if (locked2 == TRUE) XProcUnLock(); return rc; } @@ -1960,7 +1960,7 @@ else publ_token_obj_list = dlist_add_as_last( publ_token_obj_list, obj ); - XProcLock( xproclock ); + XProcLock(); if (priv) { if (global_shm->priv_loaded == FALSE){ @@ -1982,7 +1982,7 @@ } } - XProcUnLock( xproclock ); + XProcUnLock(); } else { st_err_log(160, __FILE__, __LINE__); } @@ -2098,7 +2098,7 @@ save_token_object( obj ); - rc = XProcLock( xproclock ); + rc = XProcLock(); if (rc != CKR_OK){ st_err_log(150, __FILE__, __LINE__); return rc; @@ -2110,7 +2110,7 @@ if (rc != CKR_OK) { st_err_log(162, __FILE__, __LINE__); - XProcUnLock(xproclock); + XProcUnLock(); return rc; } @@ -2122,7 +2122,7 @@ obj, &index ); if (rc != CKR_OK) { st_err_log(162, __FILE__, __LINE__); - XProcUnLock(xproclock); + XProcUnLock(); return rc; } @@ -2132,7 +2132,7 @@ entry->count_lo = obj->count_lo; entry->count_hi = obj->count_hi; - XProcUnLock( xproclock ); + XProcUnLock(); } return rc; @@ -2755,4 +2755,3 @@ return TRUE; } - diff -Nauwir opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/common/utility.c opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/common/utility.c --- opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/common/utility.c 2010-01-26 19:22:29.000000000 +0100 +++ opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/common/utility.c 2012-10-21 21:44:51.000000000 +0200 @@ -569,18 +569,6 @@ } CK_RV -_CreateMsem( sem_t *msem ) -{ - if (!sem_init( msem,0, 1)) // parm 2 non-0 means pshared 1 is unlocked 0 is locked - //if (!sem_init( msem,1, 1)) // parm 2 non-0 means pshared 1 is unlocked 0 is locked - return CKR_OK; - else{ - st_err_log(4, __FILE__, __LINE__, __FUNCTION__); - return CKR_FUNCTION_FAILED; - } -} - -CK_RV _DestroyMutex( MUTEX *mutex ) { // no-op in AIX @@ -590,18 +578,6 @@ } CK_RV -_DestroyMsem( sem_t *msem ) -{ - if (!sem_destroy(msem)) - return CKR_OK; - else{ - st_err_log(4, __FILE__, __LINE__, __FUNCTION__); - return CKR_FUNCTION_FAILED; - } -} - - -CK_RV _LockMutex( MUTEX *mutex ) { pthread_mutex_lock( mutex); @@ -610,21 +586,6 @@ } CK_RV -_LockMsem( sem_t *msem ) -{ - if (!msem){ - st_err_log(4, __FILE__, __LINE__, __FUNCTION__); - return CKR_FUNCTION_FAILED; - } - if(!sem_wait(msem)) // block until the semaphore is free - return CKR_OK; - else{ - st_err_log(4, __FILE__, __LINE__, __FUNCTION__); - return CKR_FUNCTION_FAILED; - } -} - -CK_RV _UnlockMutex( MUTEX *mutex ) { pthread_mutex_unlock(mutex); @@ -632,49 +593,14 @@ } -CK_RV -_UnlockMsem( sem_t *msem ) -{ - if (!msem){ - st_err_log(4, __FILE__, __LINE__, __FUNCTION__); - return CKR_FUNCTION_FAILED; - } - if (!sem_post(msem)) - return CKR_OK; - else{ - st_err_log(4, __FILE__, __LINE__, __FUNCTION__); - return CKR_FUNCTION_FAILED; - } -} - -#if SYSVSEM -#include <sys/sem.h> -// These structures are needed to effect a lock -// using SYS V semaphores... -static struct sembuf xlock_lock[2]={ - 0,0,0, - 0,1,SEM_UNDO -}; - -static struct sembuf xlock_unlock[1] = { - 0,-1,(IPC_NOWAIT | SEM_UNDO) -}; - -static pthread_mutex_t semmtx = PTHREAD_MUTEX_INITIALIZER; - -#endif - - int spinxplfd=-1; int spin_created=0; extern void set_perm(int); CK_RV -CreateXProcLock(void *xproc) +CreateXProcLock(void) { - -#if (SPINXPL) // open the file that we will do the locking on... spinxplfd = open("/tmp/.pkcs11spinloc",O_CREAT|O_APPEND|O_RDWR, S_IRWXU|S_IRWXG|S_IRWXO); @@ -687,86 +613,17 @@ perror("XPROC CREATE file :"); } return CKR_OK; -#elif SYSVSEM - int semid; - int *psem; - key_t tok; - - tok = ftok( pk_dir, 'c' ); - -//printf("creating semaphore %x \n",tok); - - psem = (int *)xproc; -if ( *psem < 0 ) { - if ( (semid = semget(tok,1,IPC_CREAT | 0666)) < 0 ){ - if (errno == EEXIST) { - if ( (semid = semget(tok,0,0)) < 0) { - pthread_mutex_unlock(&semmtx); - st_err_log(4, __FILE__, __LINE__, __FUNCTION__); - return CKR_FUNCTION_FAILED; - } - } else { - pthread_mutex_unlock(&semmtx); - st_err_log(4, __FILE__, __LINE__, __FUNCTION__); - return CKR_FUNCTION_FAILED; } - } -} - psem = (int *)xproc; - *psem = semid; -//pthread_mutex_unlock(&semmtx); - return CKR_OK; - // we know that semaphores are created unlocked -#elif POSIXSEM - return _CreateMsem((sem_t *)xproc); -#elif PTHREADXPL - pthread_mutex_attr_t mtxattr; - - pthread_mutexattr_init(&mtxattr); - pthread_mutexattr_setpshared(&mtxattr,PTHREAD_PROCESS_SHARED); - pthread_mutex_init((pthread_mutex_t *)xproc,&mtxattr); - -#elif NOXPROCLOCK - return CKR_OK; -#else -#error "Define XPROC LOCKS" - -#endif -} CK_RV -DestroyXProcLock(void *xproc) +DestroyXProcLock(void) { -#if SPINXPL - return CKR_OK; -#elif SYSVSEM - int semid,*psem; - -//printf("Destroying semaphore %x \n",xproc); - -pthread_mutex_lock(&semmtx); - psem = (int *)xproc; - semid = *psem; - - semctl(semid,1,IPC_RMID,0); -pthread_mutex_unlock(&semmtx); - return CKR_OK; -#elif POSIXSEM - return _DestroyMsem((sem_t *)xproc); -#elif PTHREADXPL - return pthread_mutex_destroy((pthread_mutex_t *)xproc); -#elif NOXPROCLOCK - return CKR_OK; -#else -#error "Define XPROC LOCKS" -#endif } CK_RV -XProcLock(void *xproc) +XProcLock(void) { -#if SPINXPL if (!spin_created) { spinxplfd = open("/tmp/.pkcs11spinloc",O_CREAT|O_APPEND|O_RDWR, S_IRWXU|S_IRWXG|S_IRWXO); @@ -777,33 +634,11 @@ flock(spinxplfd,LOCK_EX); } return CKR_OK; -#elif SYSVSEM - int semid,*psem; - pthread_mutex_lock(&semmtx); - return CKR_OK; - - pthread_mutex_lock(&semmtx); - psem = (int *)xproc; - semid = *psem; - semop(semid,&xlock_lock[0],2); - pthread_mutex_unlock(&semmtx); - return CKR_OK; - -#elif POSIXSEM - return _LockMsem((sem_t *)xproc); -#elif PTHREADXPL - return _LockMutex((MUTEX *)xproc); -#elif NOXPROCLOCK - return CKR_OK; -#else -#error "Define XPROC LOCKS" - -#endif } + CK_RV -XProcUnLock(void *xproc) +XProcUnLock(void) { -#if SPINXPL if (!spin_created) { spinxplfd = open("/tmp/.pkcs11spinloc",O_CREAT|O_APPEND|O_RDWR, S_IRWXU|S_IRWXG|S_IRWXO); @@ -814,26 +649,6 @@ flock(spinxplfd,LOCK_UN); } return CKR_OK; -#elif SYSVSEM - int semid,*psem; - pthread_mutex_unlock(&semmtx); - return CKR_OK; - - pthread_mutex_lock(&semmtx); - psem = (int *)xproc; - semid = *psem; - semop(semid,&xlock_unlock[0],1); - pthread_mutex_unlock(&semmtx); - return CKR_OK; -#elif POSIXSEM - return _UnlockMsem((sem_t *)xproc); -#elif PTHREADXPL - return _UnlockMutex((MUTEX *)xproc); -#elif NOXPROCLOCK - return CKR_OK; -#else -#error "Define XPROC LOCKS" -#endif } @@ -1302,23 +1117,13 @@ return CKR_FUNCTION_FAILED; } if (created == TRUE) { -#if !(SYSVSEM) -// SYSV sem's are a global that is handled in the -// Initialize routine... all others are stored in the -// shared memory segment so we have to do -// this here after the segment is created -// to prevent a core dump - CreateXProcLock( &global_shm->mutex ); - xproclock = (void *)&global_shm->mutex; // need to do this here -#endif - XProcLock( xproclock ); + CreateXProcLock(); + XProcLock(); global_shm->num_publ_tok_obj = 0; global_shm->num_priv_tok_obj = 0; memset( &global_shm->publ_tok_objs, 0x0, 2048 * sizeof(TOK_OBJ_ENTRY) ); memset( &global_shm->priv_tok_objs, 0x0, 2048 * sizeof(TOK_OBJ_ENTRY) ); - XProcUnLock( xproclock ); - } else { - xproclock = (void *)&global_shm->mutex; + XProcUnLock(); } #elif MMAP { @@ -1367,14 +1172,12 @@ global_shm = (LW_SHM_TYPE *)mmap(NULL,sizeof(LW_SHM_TYPE),PROT_READ|PROT_WRITE,MAP_SHARED,fd,0); if (created == TRUE) { - XProcLock( xproclock ); + XProcLock(); global_shm->num_publ_tok_obj = 0; global_shm->num_priv_tok_obj = 0; memset( &global_shm->publ_tok_objs, 0x0, 2048 * sizeof(TOK_OBJ_ENTRY) ); memset( &global_shm->priv_tok_objs, 0x0, 2048 * sizeof(TOK_OBJ_ENTRY) ); - XProcUnLock( xproclock ); - } else { - xproclock = (void *)&global_shm->mutex; + XProcUnLock(); } rc = CKR_OK; @@ -1448,5 +1251,3 @@ return CKR_OK; } - - diff -Nauwir opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/ica_s390_stdll/Makefile.am opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/ica_s390_stdll/Makefile.am --- opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/ica_s390_stdll/Makefile.am 2010-01-26 19:22:29.000000000 +0100 +++ opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/ica_s390_stdll/Makefile.am 2012-10-21 20:54:08.000000000 +0200 @@ -5,7 +5,7 @@ -Wl,-Bsymbolic -lc -lpthread -lica -ldl -lcrypto # Not all versions of automake observe libname_CFLAGS -opencryptoki_stdll_libpkcs11_ica_la_CFLAGS = -DSPINXPL -DDEV \ +opencryptoki_stdll_libpkcs11_ica_la_CFLAGS = -DDEV \ -D_THREAD_SAFE -fPIC -DSHALLOW=0 -DSWTOK=0 -DLITE=1 -DNODH \ -DNOCDMF -DNOMD2 -DNODSA -DSTDLL_NAME=\"icatok\" diff -Nauwir opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/tpm_stdll/Makefile.am opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/tpm_stdll/Makefile.am --- opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/tpm_stdll/Makefile.am 2010-01-26 19:22:29.000000000 +0100 +++ opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/tpm_stdll/Makefile.am 2012-10-21 20:54:08.000000000 +0200 @@ -9,7 +9,7 @@ # TODO: -DLINUX and -DSPINXPL should be controlled via configure.in # Not all versions of automake observe libname_CFLAGS -opencryptoki_stdll_libpkcs11_tpm_la_CFLAGS = -DLINUX -DSPINXPL -DNOCDMF \ +opencryptoki_stdll_libpkcs11_tpm_la_CFLAGS = -DLINUX -DNOCDMF \ -DNODSA -DNODH \ -I. -I../../../include \ -I../../../include/pkcs11 \ diff -Nauwir opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/tpm_stdll/globals.c opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/tpm_stdll/globals.c --- opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/tpm_stdll/globals.c 2010-01-26 19:22:29.000000000 +0100 +++ opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/tpm_stdll/globals.c 2012-10-21 21:45:15.000000000 +0200 @@ -28,12 +28,6 @@ pthread_mutex_t native_mutex ; MUTEX pkcs_mutex, obj_list_mutex, sess_list_mutex, login_mutex; -#if SYSVSEM -int xprocsemid = -1; -#endif - -void *xproclock; - DL_NODE *sess_list = NULL; DL_NODE *sess_obj_list = NULL; DL_NODE *publ_token_obj_list = NULL; diff -Nauwir opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/tpm_stdll/h_extern.h opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/tpm_stdll/h_extern.h --- opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/tpm_stdll/h_extern.h 2010-01-26 19:22:29.000000000 +0100 +++ opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/tpm_stdll/h_extern.h 2012-10-21 20:54:08.000000000 +0200 @@ -53,12 +53,6 @@ extern CK_ULONG mech_list_len; extern pthread_mutex_t native_mutex; -#if SYSVSEM -extern int xprocsemid; -#endif - - -extern void *xproclock; extern MUTEX pkcs_mutex, obj_list_mutex, sess_list_mutex, login_mutex; diff -Nauwir opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/tpm_stdll/host_defs.h opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/tpm_stdll/host_defs.h --- opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/tpm_stdll/host_defs.h 2010-01-26 19:22:29.000000000 +0100 +++ opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/tpm_stdll/host_defs.h 2012-10-21 20:54:08.000000000 +0200 @@ -6,7 +6,6 @@ #ifndef _HOST_DEFS_H #define _HOST_DEFS_H -#include <semaphore.h> #include <pthread.h> #include <endian.h> @@ -215,14 +214,6 @@ // linux typedef pthread_mutex_t MUTEX; -// This is actualy wrong... XPROC will be with spinlocks -#if (SPINXPL) -#define XPROCLOCK unsigned int -#else -#define XPROCLOCK MUTEX -#endif - - typedef struct _TEMPLATE { DL_NODE *attribute_list; @@ -337,11 +328,6 @@ typedef struct _LW_SHM_TYPE { - XPROCLOCK mutex; -#if SYSVSEM - key_t semtok; -#endif - TOKEN_DATA nv_token_data; CK_ULONG_32 num_priv_tok_obj; CK_ULONG_32 num_publ_tok_obj; @@ -357,9 +343,4 @@ #define MY_LockMutex(x) _LockMutex((MUTEX *)(x)) #define MY_UnlockMutex(x) _UnlockMutex((MUTEX *)(x)) -#define MY_CreateMsem(x) CreateXProcLock((void *)(x)) -#define MY_DestroyMsem(x) DestroyXProcLock((void *)(x)) -#define MY_LockMsem(x) XProcLock((void *)(x)) -#define MY_UnlockMsem(x) XProcUnLock((void *)(x)) - #endif diff -Nauwir opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/tpm_stdll/loadsave.c opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/tpm_stdll/loadsave.c --- opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/tpm_stdll/loadsave.c 2010-01-26 19:22:29.000000000 +0100 +++ opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/tpm_stdll/loadsave.c 2012-10-21 20:54:08.000000000 +0200 @@ -367,7 +367,7 @@ sprintf((char *)fname,"%s/%s/%s",(char *)pk_dir, pw->pw_name, PK_LITE_NV); - rc = XProcLock( xproclock ); + rc = XProcLock(); if (rc != CKR_OK){ st_err_log(150, __FILE__, __LINE__); goto out_nolock; @@ -381,10 +381,10 @@ /* Better error checking added */ if (errno == ENOENT) { /* init_token_data may call save_token_data, which graps the - * xproclock, so we must release it around this call */ - XProcUnLock( xproclock ); + * lock, so we must release it around this call */ + XProcUnLock(); init_token_data(); - rc = XProcLock( xproclock ); + rc = XProcLock(); if (rc != CKR_OK){ st_err_log(150, __FILE__, __LINE__); goto out_nolock; @@ -438,7 +438,7 @@ rc = CKR_OK; out_unlock: - XProcUnLock( xproclock ); + XProcUnLock(); out_nolock: return rc; @@ -466,7 +466,7 @@ sprintf((char *)fname,"%s/%s/%s",(char *)pk_dir, pw->pw_name, PK_LITE_NV); - rc = XProcLock( xproclock ); + rc = XProcLock(); if (rc != CKR_OK){ st_err_log(150, __FILE__, __LINE__); goto out_nolock; @@ -511,7 +511,7 @@ rc = CKR_OK; done: - XProcUnLock( xproclock ); + XProcUnLock(); out_nolock: return rc; diff -Nauwir opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/tpm_stdll/new_host.c opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/tpm_stdll/new_host.c --- opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/tpm_stdll/new_host.c 2010-01-26 19:22:29.000000000 +0100 +++ opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/tpm_stdll/new_host.c 2012-10-21 21:46:16.000000000 +0200 @@ -137,10 +137,8 @@ } -#ifdef SPINXPL extern int spinxplfd; extern int spin_created; -#endif // ----------- SAB XXX XXX // @@ -151,10 +149,8 @@ stlogterm(); stloginit(); // Initialize Logging so we can capture EVERYTHING -#ifdef SPINXPL spinxplfd = -1; spin_created = 0; -#endif // Force logout. This cleans out the private session and list @@ -458,10 +454,6 @@ // Handle global initialization issues first if we have not // been initialized. if (st_Initialized() == FALSE){ -#if SYSVSEM - xproclock = (void *)&xprocsemid; - CreateXProcLock(xproclock); -#endif if ( (rc = attach_shm()) != CKR_OK) { st_err_log(144, __FILE__, __LINE__); goto done; @@ -494,9 +486,9 @@ load_public_token_objects(); - XProcLock( xproclock ); + XProcLock(); global_shm->publ_loaded = TRUE; - XProcUnLock( xproclock ); + XProcUnLock(); init_slotInfo(); @@ -1034,14 +1026,14 @@ st_err_log(148, __FILE__, __LINE__); goto done; } - rc = XProcLock( xproclock ); + rc = XProcLock(); if (rc != CKR_OK){ st_err_log(150, __FILE__, __LINE__); goto done; } memcpy( nv_token_data->user_pin_sha, hash_sha, SHA1_HASH_SIZE ); nv_token_data->token_info.flags |= CKF_USER_PIN_INITIALIZED; - XProcUnLock( xproclock ); + XProcUnLock(); memcpy( user_pin_md5, hash_md5, MD5_HASH_SIZE ); @@ -1143,7 +1135,7 @@ goto done; } - rc = XProcLock( xproclock ); + rc = XProcLock(); if (rc != CKR_OK){ st_err_log(150, __FILE__, __LINE__); goto done; @@ -1154,7 +1146,7 @@ // New in v2.11 - XXX KEY sess->session_info.flags &= ~(CKF_USER_PIN_TO_BE_CHANGED); - XProcUnLock( xproclock ); + XProcUnLock(); rc = save_token_data(); if (rc != CKR_OK){ @@ -1186,7 +1178,7 @@ goto done; } - rc = XProcLock( xproclock ); + rc = XProcLock(); if (rc != CKR_OK){ st_err_log(150, __FILE__, __LINE__); goto done; @@ -1197,7 +1189,7 @@ // New in v2.11 - XXX KEY sess->session_info.flags &= ~(CKF_SO_PIN_TO_BE_CHANGED); - XProcUnLock( xproclock ); + XProcUnLock(); rc = save_token_data(); if (rc != CKR_OK){ diff -Nauwir opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/tpm_stdll/tpm_specific.c opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/tpm_stdll/tpm_specific.c --- opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/tpm_stdll/tpm_specific.c 2012-10-21 22:43:30.000000000 +0200 +++ opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/tpm_stdll/tpm_specific.c 2012-10-21 20:54:08.000000000 +0200 @@ -1615,9 +1615,9 @@ rc = load_private_token_objects(); - XProcLock( xproclock ); + XProcLock(); global_shm->priv_loaded = TRUE; - XProcUnLock( xproclock ); + XProcUnLock(); } else { /* SO path -- */ diff -Nauwir opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/tpm_stdll/utility.c opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/tpm_stdll/utility.c --- opencryptoki-2.3.1+dfsg.orig/usr/lib/pkcs11/tpm_stdll/utility.c 2010-01-26 19:22:29.000000000 +0100 +++ opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/tpm_stdll/utility.c 2012-10-21 22:26:23.000000000 +0200 @@ -44,9 +44,7 @@ #include "tok_spec_struct.h" #include "pkcs32.h" -#if (SPINXPL) #include <sys/file.h> -#endif @@ -305,18 +303,6 @@ } CK_RV -_CreateMsem( sem_t *msem ) -{ - if (!sem_init( msem,0, 1)) // parm 2 non-0 means pshared 1 is unlocked 0 is locked - //if (!sem_init( msem,1, 1)) // parm 2 non-0 means pshared 1 is unlocked 0 is locked - return CKR_OK; - else{ - st_err_log(4, __FILE__, __LINE__, __FUNCTION__); - return CKR_FUNCTION_FAILED; - } -} - -CK_RV _DestroyMutex( MUTEX *mutex ) { CK_RV rc; @@ -328,18 +314,6 @@ } CK_RV -_DestroyMsem( sem_t *msem ) -{ - if (!sem_destroy(msem)) - return CKR_OK; - else{ - st_err_log(4, __FILE__, __LINE__, __FUNCTION__); - return CKR_FUNCTION_FAILED; - } -} - - -CK_RV _LockMutex( MUTEX *mutex ) { pthread_mutex_lock( mutex); @@ -348,21 +322,6 @@ } CK_RV -_LockMsem( sem_t *msem ) -{ - if (!msem){ - st_err_log(4, __FILE__, __LINE__, __FUNCTION__); - return CKR_FUNCTION_FAILED; - } - if(!sem_wait(msem)) // block until the semaphore is free - return CKR_OK; - else{ - st_err_log(4, __FILE__, __LINE__, __FUNCTION__); - return CKR_FUNCTION_FAILED; - } -} - -CK_RV _UnlockMutex( MUTEX *mutex ) { pthread_mutex_unlock(mutex); @@ -370,49 +329,14 @@ } -CK_RV -_UnlockMsem( sem_t *msem ) -{ - if (!msem){ - st_err_log(4, __FILE__, __LINE__, __FUNCTION__); - return CKR_FUNCTION_FAILED; - } - if (!sem_post(msem)) - return CKR_OK; - else{ - st_err_log(4, __FILE__, __LINE__, __FUNCTION__); - return CKR_FUNCTION_FAILED; - } -} - -#if SYSVSEM -#include <sys/sem.h> -// These structures are needed to effect a lock -// using SYS V semaphores... -static struct sembuf xlock_lock[2]={ - 0,0,0, - 0,1,SEM_UNDO -}; - -static struct sembuf xlock_unlock[1] = { - 0,-1,(IPC_NOWAIT | SEM_UNDO) -}; - -static pthread_mutex_t semmtx = PTHREAD_MUTEX_INITIALIZER; - -#endif - - int spinxplfd=-1; int spin_created=0; extern void set_perm(int); CK_RV -CreateXProcLock(void *xproc) +CreateXProcLock(void) { - -#if (SPINXPL) // open the file that we will do the locking on... spinxplfd = open("/tmp/.pkcs11spinloc",O_CREAT|O_APPEND|O_RDWR, S_IRWXU|S_IRWXG|S_IRWXO); @@ -425,84 +349,16 @@ perror("XPROC CREATE file :"); } return CKR_OK; -#elif SYSVSEM - int semid; - int *psem; - key_t tok; - - tok = ftok( pk_dir, 'c' ); - - //printf("creating semaphore %x \n",tok); - - psem = (int *)xproc; - if ( *psem < 0 ) { - if ( (semid = semget(tok,1,IPC_CREAT | 0666)) < 0 ){ - if (errno == EEXIST) { - if ( (semid = semget(tok,0,0)) < 0) { - pthread_mutex_unlock(&semmtx); - st_err_log(4, __FILE__, __LINE__, __FUNCTION__); - return CKR_FUNCTION_FAILED; - } - } else { - pthread_mutex_unlock(&semmtx); - st_err_log(4, __FILE__, __LINE__, __FUNCTION__); - return CKR_FUNCTION_FAILED; - } } - } - psem = (int *)xproc; - *psem = semid; - //pthread_mutex_unlock(&semmtx); - return CKR_OK; - - // we know that semaphores are created unlocked -#elif POSIXSEM - return _CreateMsem((sem_t *)xproc); -#elif PTHREADXPL - pthread_mutex_attr_t mtxattr; - - pthread_mutexattr_init(&mtxattr); - pthread_mutexattr_setpshared(&mtxattr,PTHREAD_PROCESS_SHARED); - pthread_mutex_init((pthread_mutex_t *)xproc,&mtxattr); -#elif NOXPROCLOCK - return CKR_OK; -#else -#error "Define XPROC LOCKS" - -#endif -} CK_RV -DestroyXProcLock(void *xproc) +DestroyXProcLock(void) { -#if SPINXPL - return CKR_OK; -#elif SYSVSEM - int semid,*psem; - - //printf("Destroying semaphore %x \n",xproc); - - pthread_mutex_lock(&semmtx); - psem = (int *)xproc; - semid = *psem; - - semctl(semid,1,IPC_RMID,0); - pthread_mutex_unlock(&semmtx); - - return CKR_OK; -#elif POSIXSEM - return _DestroyMsem((sem_t *)xproc); -#elif PTHREADXPL - return pthread_mutex_destroy((pthread_mutex_t *)xproc); -#elif NOXPROCLOCK return CKR_OK; -#else -#error "Define XPROC LOCKS" -#endif } CK_RV -XProcLock(void *xproc) +XProcLock(void) { #if SPINXPL if (!spin_created) { @@ -515,33 +371,11 @@ flock(spinxplfd,LOCK_EX); } return CKR_OK; -#elif SYSVSEM - int semid,*psem; - pthread_mutex_lock(&semmtx); - return CKR_OK; - - pthread_mutex_lock(&semmtx); - psem = (int *)xproc; - semid = *psem; - semop(semid,&xlock_lock[0],2); - pthread_mutex_unlock(&semmtx); - return CKR_OK; - -#elif POSIXSEM - return _LockMsem((sem_t *)xproc); -#elif PTHREADXPL - return _LockMutex((MUTEX *)xproc); -#elif NOXPROCLOCK - return CKR_OK; -#else -#error "Define XPROC LOCKS" - -#endif } + CK_RV -XProcUnLock(void *xproc) +XProcUnLock(void) { -#if SPINXPL if (!spin_created) { spinxplfd = open("/tmp/.pkcs11spinloc",O_CREAT|O_APPEND|O_RDWR, S_IRWXU|S_IRWXG|S_IRWXO); @@ -552,26 +386,6 @@ flock(spinxplfd,LOCK_UN); } return CKR_OK; -#elif SYSVSEM - int semid,*psem; - pthread_mutex_unlock(&semmtx); - return CKR_OK; - - pthread_mutex_lock(&semmtx); - psem = (int *)xproc; - semid = *psem; - semop(semid,&xlock_unlock[0],1); - pthread_mutex_unlock(&semmtx); - return CKR_OK; -#elif POSIXSEM - return _UnlockMsem((sem_t *)xproc); -#elif PTHREADXPL - return _UnlockMutex((MUTEX *)xproc); -#elif NOXPROCLOCK - return CKR_OK; -#else -#error "Define XPROC LOCKS" -#endif } @@ -1044,23 +858,18 @@ return CKR_FUNCTION_FAILED; } if (created == TRUE) { -#if !(SYSVSEM) // SYSV sem's are a global that is handled in the // Initialize routine... all others are stored in the // shared memory segment so we have to do // this here after the segment is created // to prevent a core dump - CreateXProcLock( &global_shm->mutex ); - xproclock = (void *)&global_shm->mutex; // need to do this here -#endif - XProcLock( xproclock ); + CreateXProcLock(); + XProcLock(); global_shm->num_publ_tok_obj = 0; global_shm->num_priv_tok_obj = 0; memset( &global_shm->publ_tok_objs, 0x0, 2048 * sizeof(TOK_OBJ_ENTRY) ); memset( &global_shm->priv_tok_objs, 0x0, 2048 * sizeof(TOK_OBJ_ENTRY) ); - XProcUnLock( xproclock ); - } else { - xproclock = (void *)&global_shm->mutex; + XProcUnLock(); } #elif MMAP { @@ -1176,14 +985,12 @@ global_shm = (LW_SHM_TYPE *)mmap(NULL,sizeof(LW_SHM_TYPE),PROT_READ|PROT_WRITE,MAP_SHARED,fd,0); if (created == TRUE) { - XProcLock( xproclock ); + XProcLock(); global_shm->num_publ_tok_obj = 0; global_shm->num_priv_tok_obj = 0; memset( &global_shm->publ_tok_objs, 0x0, 2048 * sizeof(TOK_OBJ_ENTRY) ); memset( &global_shm->priv_tok_objs, 0x0, 2048 * sizeof(TOK_OBJ_ENTRY) ); - XProcUnLock( xproclock ); - } else { - xproclock = (void *)&global_shm->mutex; + XProcUnLock(); } rc = CKR_OK; @@ -1257,5 +1064,3 @@ return CKR_OK; } - - diff -Nauwir opencryptoki-2.3.1+dfsg.orig/usr/sbin/pkcsslotd/Makefile.am opencryptoki-2.3.1+dfsg/usr/sbin/pkcsslotd/Makefile.am --- opencryptoki-2.3.1+dfsg.orig/usr/sbin/pkcsslotd/Makefile.am 2010-01-26 19:22:29.000000000 +0100 +++ opencryptoki-2.3.1+dfsg/usr/sbin/pkcsslotd/Makefile.am 2012-10-21 20:54:08.000000000 +0200 @@ -3,11 +3,11 @@ pkcsslotd_LDFLAGS = -lpthread # Not all versions of automake observe sbinname_CFLAGS -pkcsslotd_CFLAGS = -DSPINXPL -DPROGRAM_NAME=\"$(@)\" -DNOODM -DNODAE \ +pkcsslotd_CFLAGS = -DPROGRAM_NAME=\"$(@)\" -DNOODM -DNODAE \ -I../. -I../../include/pkcs11 -I../../include/pkcs11/stdll # Not all versions of automake observe sbinname_CFLAGS -AM_CFLAGS = -DSPINXPL -DPROGRAM_NAME=\"$(@)\" -DNOODM -DNODAE \ +AM_CFLAGS = -DPROGRAM_NAME=\"$(@)\" -DNOODM -DNODAE \ -I../. -I../../include/pkcs11 -I../../include/pkcs11/stdll pkcsslotd_SOURCES = slotmgr.c shmem.c signal.c mutex.c err.c log.c daemon.c \ diff -Nauwir opencryptoki-2.3.1+dfsg.orig/usr/sbin/pkcsslotd/garbage_linux.c opencryptoki-2.3.1+dfsg/usr/sbin/pkcsslotd/garbage_linux.c --- opencryptoki-2.3.1+dfsg.orig/usr/sbin/pkcsslotd/garbage_linux.c 2010-01-26 19:22:29.000000000 +0100 +++ opencryptoki-2.3.1+dfsg/usr/sbin/pkcsslotd/garbage_linux.c 2012-10-21 20:54:08.000000000 +0200 @@ -550,24 +550,11 @@ /* Grab the global Shared mem mutex since we might modify global_session_count */ -#if 1 - Err = XProcLock(&(MemPtr->slt_mutex)); + Err = XProcLock(); if ( Err != TRUE ) { DbgLog (DL0, "Garbage collection: Locking attempt for global shmem mutex returned %s", SysConst(Err) ); return FALSE; } -#else -#ifdef PKCS64 - Err = msem_lock(&(MemPtr->slt_mutex),0); -#else - Err = pthread_mutex_lock ( &(MemPtr->slt_mutex) ); -#endif - - if ( Err != 0 ) { - DbgLog (DL0, "Garbage collection: Locking attempt for global shmem mutex returned %s", SysConst(Err) ); - return FALSE; - } -#endif #ifdef DEV DbgLog ( DL5, "Garbage collection: Got global shared memory lock"); @@ -690,16 +677,7 @@ } /* end for ProcIndex */ -#if 1 - XProcUnLock(&(MemPtr->slt_mutex)); -#else -#ifdef PKCS64 - msem_unlock(&(MemPtr->slt_mutex),0); -#else - pthread_mutex_unlock ( &(MemPtr->slt_mutex) ); -#endif -#endif - + XProcUnLock(); DbgLog ( DL5, "Garbage collection: Released global shared memory lock"); return TRUE; diff -Nauwir opencryptoki-2.3.1+dfsg.orig/usr/sbin/pkcsslotd/mutex.c opencryptoki-2.3.1+dfsg/usr/sbin/pkcsslotd/mutex.c --- opencryptoki-2.3.1+dfsg.orig/usr/sbin/pkcsslotd/mutex.c 2010-01-26 19:22:29.000000000 +0100 +++ opencryptoki-2.3.1+dfsg/usr/sbin/pkcsslotd/mutex.c 2012-10-21 20:54:08.000000000 +0200 @@ -293,182 +293,38 @@ #include "pkcsslotd.h" - -#if SYSVSEM -#error "Caveat Emptor... this does not work" -#include <sys/ipc.h> -#include <sys/sem.h> -int Shm_Sem=-1; // system 5 shared memory semaphore... -pthread_mutex_t semmtx = PTHREAD_MUTEX_INITIALIZER; // local mutex for semaphore functions... -static struct sembuf xlock_lock[2]={ - 0,0,0, - 0,1,SEM_UNDO -}; - -static struct sembuf xlock_unlock[1] = { - 0,-1,(IPC_NOWAIT | SEM_UNDO) -}; - -#endif - -#if SPINXPL #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> #include <sys/file.h> static int xplfd=-1; -#endif int -CreateXProcLock(void *xpl) +CreateXProcLock(void) { -#if (PTHREADXPL) - int err; - pthread_mutex_t *pmtx = (pthread_mutex_t *)xpl; - /* Initialize the attributes object */ - if ( (err = pthread_mutexattr_init(&mtxattr)) != 0 ) { - DbgLog(DL0,"InitializeMutexes: pthread_mutexattr_init() failed - returned %#x\n", err); - return FALSE; - } - - /* Set the attribute variable so that mutexes created with it can be shared across processes */ - if ( (err = pthread_mutexattr_setpshared( &mtxattr, PTHREAD_PROCESS_SHARED )) != 0 ) { - DbgLog(DL0,"InitializeMutexes: pthread_mutexattr_setpshared() failed - returned %#x\n", err); - return FALSE; - } - - /* Initialize the global shared memory mutex */ - if ( (err = pthread_mutex_init(pmtx,&mtxattr)) != 0 ) { - DbgLog(DL0,"InitializeMutexes: pthread_mutex_init() failed. returned %#x\n", err); - return FALSE; - } - -#elif (POSIXSEM) -#error "this won't work since these are really the AIX calls.." - -#elif (SPINXPL) xplfd = open (XPL_FILE,O_CREAT|O_RDWR,S_IRWXU|S_IRWXG|S_IRWXO); - -#elif (SYSVSEM) -#error "Caveat Emptor... this does not work" - -//#error "Define XPL fcns for SYSTEM V Semaphores" - key_t tok; - - // This really needs some work... since we need to differentiate between - // the various Xprocess locks which may exist... However at this time - // we know there is only one so we will just instantiate it as a global... - // The other calls will ingnore thei9r parameters for SysV sems - - tok = ftok(TOK_PATH ,'b'); -DbgLog(DL0,"creating semaphore %x \n",tok); - pthread_mutex_lock (&semmtx); - if ( (Shm_Sem = semget(tok,1,IPC_CREAT | 0666)) < 0 ) { - - DbgLog(DL0,"creating semaphore check for existing \n"); - if (errno == EEXIST) { - if ((Shm_Sem = semget(tok,0,0)) < 0) { - DbgLog(DL0,"Failed to get semaphore for Xprocess locking \n "); - pthread_mutex_unlock (&semmtx); - return FALSE; - } - } else { - DbgLog(DL0,"Failed to get semaphore for Xprocess locking error not eexist \n "); - pthread_mutex_unlock(&semmtx); - return FALSE; - } - } - pthread_mutex_unlock(&semmtx); - DbgLog(DL0,"Semid = %d \n",Shm_Sem); - return TRUE; - -#elif NOXPROCLOCK -return TRUE; -#else -#error "Define XPL fcns" -#endif - return TRUE; } int -DestroyXProcLock(void *xpl) +DestroyXProcLock(void) { -#if (PTHREADXPL) - /* Destroy the global shared memory mutex */ - pthread_mutex_destroy((xpl)); - - /* Destroy the attribute object used to create all the mutexes */ - pthread_mutexattr_destroy( &mtxattr ); - return TRUE; -#elif (POSIXSEM) -#error "this won't work since these are really the AIX calls.." -#elif SYSVSEM -#error "Caveat Emptor... this does not work" - -//error "Define XPL fcns" - pthread_mutex_lock(&semmtx); - semctl(Shm_Sem,1,IPC_RMID,0); - pthread_mutex_unlock(&semmtx); return TRUE; -#elif NOXPROCLOCK -return TRUE; -#elif SPINXPL -return TRUE; -#else -#error "Define XPL fcns" -#endif } int -XProcLock(void *xpl) +XProcLock(void) { -#if (PTHREADXPL) - return pthread_mutex_lock((xpl)); -#elif (POSIXSEM) -#error "this won't work since these are really the AIX calls.." -#elif SYSVSEM -#error "Caveat Emptor... this does not work" - -//#error "Define XPL fcns" - pthread_mutex_lock(&semmtx); - semop(Shm_Sem,&xlock_lock[0],2); - pthread_mutex_unlock(&semmtx); - return TRUE; -#elif NOXPROCLOCK -return TRUE; -#elif SPINXPL flock(xplfd,LOCK_EX); return TRUE; -#else -#error "Define XPL fcns" -#endif } int -XProcUnLock(void *xpl) +XProcUnLock(void) { -#if (PTHREADXPL) - return pthread_mutex_unlock((xpl)); -#elif (POSIXSEM) -#error "this won't work since these are really the AIX calls.." -#elif SYSVSEM -#error "Caveat Emptor... this does not work" - -//#error "Define XPL fcns" - pthread_mutex_lock(&semmtx); - semop(Shm_Sem,&xlock_unlock[0],1); - pthread_mutex_unlock(&semmtx); - return TRUE; -#elif NOXPROCLOCK -return TRUE; -#elif SPINXPL flock(xplfd,LOCK_UN); return TRUE; -#else -#error "Define XPL fcns" -#endif } /********************************************************************************* * @@ -483,34 +339,10 @@ int err; -#if 1 - if ( (err = CreateXProcLock(&(shmp->slt_mutex))) != TRUE){ + if ((err = CreateXProcLock()) != TRUE){ DbgLog(DL0,"InitializeMutexes: CreateXProcLock() failed - returned %#x\n", err); return FALSE; } -#else -#if !defined(PKCS64) - - /* Initialize the attributes object */ - if ( (err = pthread_mutexattr_init(&mtxattr)) != 0 ) { - DbgLog(DL0,"InitializeMutexes: pthread_mutexattr_init() failed - returned %#x\n", err); - return FALSE; - } - - /* Set the attribute variable so that mutexes created with it can be shared across processes */ - if ( (err = pthread_mutexattr_setpshared( &mtxattr, PTHREAD_PROCESS_SHARED )) != 0 ) { - DbgLog(DL0,"InitializeMutexes: pthread_mutexattr_setpshared() failed - returned %#x\n", err); - return FALSE; - } - - /* Initialize the global shared memory mutex */ - if ( (err = pthread_mutex_init(&(shmp->slt_mutex),&mtxattr)) != 0 ) { - DbgLog(DL0,"InitializeMutexes: pthread_mutex_init() failed. returned %#x\n", err); - return FALSE; - } - -#endif -#endif #if TEST_COND_VARS @@ -594,15 +426,7 @@ int DestroyMutexes ( void ) { /* Get the global shared memory mutex */ -#if 1 - XProcLock(&(shmp->slt_mutex)); -#else -#ifdef PKCS64 - msem_lock(&(shmp->slt_mutex), 0 ); -#else - pthread_mutex_lock(&(shmp->slt_mutex)); -#endif -#endif + XProcLock(); #if TEST_COND_VARS @@ -642,27 +466,8 @@ /* (we have to release it before we destroy it, otherwise the behavior's undefined) */ -#if 1 - XProcUnLock(&(shmp->slt_mutex)); - DestroyXProcLock(&(shmp->slt_mutex)); -#else -#ifdef PKCS64 - msem_unlock(&(shmp->slt_mutex),0); - - /* Destroy the global shared memory mutex */ - msem_remove(&(shmp->slt_mutex)); - -#else - pthread_mutex_unlock(&(shmp->slt_mutex)); - - /* Destroy the global shared memory mutex */ - pthread_mutex_destroy(&(shmp->slt_mutex)); - - /* Destroy the attribute object used to create all the mutexes */ - pthread_mutexattr_destroy( &mtxattr ); - -#endif -#endif + XProcUnLock(); + DestroyXProcLock(); return TRUE; diff -Nauwir opencryptoki-2.3.1+dfsg.orig/usr/sbin/pkcsslotd/pkcsslotd.h opencryptoki-2.3.1+dfsg/usr/sbin/pkcsslotd/pkcsslotd.h --- opencryptoki-2.3.1+dfsg.orig/usr/sbin/pkcsslotd/pkcsslotd.h 2012-10-21 22:43:30.000000000 +0200 +++ opencryptoki-2.3.1+dfsg/usr/sbin/pkcsslotd/pkcsslotd.h 2012-10-21 20:54:08.000000000 +0200 @@ -538,11 +538,11 @@ /* Cross Process locking */ -int XProcLock(void *); -int XProcUnLock(void *); +int XProcLock(void); +int XProcUnLock(void); -int CreateXProcLock(void *); -int DestroyXProcLock(void *); +int CreateXProcLock(void); +int DestroyXProcLock(void); #endif /* _SLOTMGR_H */ diff -Nauwir opencryptoki-2.3.1+dfsg.orig/usr/sbin/pkcsslotd/slotmgr.c opencryptoki-2.3.1+dfsg/usr/sbin/pkcsslotd/slotmgr.c --- opencryptoki-2.3.1+dfsg.orig/usr/sbin/pkcsslotd/slotmgr.c 2012-10-21 22:43:30.000000000 +0200 +++ opencryptoki-2.3.1+dfsg/usr/sbin/pkcsslotd/slotmgr.c 2012-10-21 20:54:08.000000000 +0200 @@ -443,28 +443,13 @@ /* Get the global shared memory mutex */ -#if 1 - XProcLock(&(shmp->slt_mutex)); -#else -#ifdef PKCS64 - msem_lock(&(shmp->slt_mutex),0); -#else - pthread_mutex_lock(&(shmp->slt_mutex)); -#endif -#endif + XProcLock(); /* Populate the Shared Memory Region */ if ( ! InitSharedMemory(shmp) ) { -#if 1 - XProcUnLock(&(shmp->slt_mutex)); -#else -#ifdef PKCS64 - msem_unlock(&(shmp->slt_mutex),0); -#else - pthread_mutex_unlock(&(shmp->slt_mutex)); -#endif -#endif + XProcUnLock(); + DetachFromSharedMemory(); DestroySharedMemory(); return 4; @@ -472,15 +457,7 @@ /* Release the global shared memory mutex */ -#if 1 - XProcUnLock(&(shmp->slt_mutex)); -#else -#ifdef PKCS64 - msem_unlock(&(shmp->slt_mutex),0); -#else - pthread_mutex_unlock(&(shmp->slt_mutex)); -#endif -#endif + XProcUnLock(); #if TEST_MUTEXES DumpSharedMemory();
Attachment:
signature.asc
Description: This is a digitally signed message part