On Tue, Oct 20, 2009 at 6:47 PM, Alon Bar-Lev <[email protected]> wrote: > Oh... I really don't know libp11... > But if one process called C_Initialize() and then another/same thread > called C_Initialize() again and calls C_Finalize, first thread will > not be able to continue working. >
That could be an acceptable failure scenario in the libp11 case because it doesn't seem like it's meant to be thread safe (it's supposed to be a simplification layer...) At any rate, the libp11 devs should fill us in how they want it to be handled. > On Tue, Oct 20, 2009 at 11:45 AM, David Smith > <[email protected]> wrote: >> On Tue, Oct 20, 2009 at 6:41 PM, Alon Bar-Lev <[email protected]> wrote: >>> For the C_Initialize() patch... If you got already initialize you >>> should not call C_Finalize. >> >> Can you explain more? How should the handling look like with libp11? >> >>> >>> >>> On Tue, Oct 20, 2009 at 11:23 AM, David Smith >>> <[email protected]> wrote: >>>> Hi OpenSC folks, >>>> >>>> While debugging some issues with pkcs#11 related handling in >>>> wpasupplicant, I found two small bugs that I'm sending patches for. >>>> Both are related to attempting to reuse pkcs#11 modules in one >>>> process, something that wpasupplicant does when switching to and from >>>> networks that one wants to authenticate to using smartcard >>>> credentials. >>>> >>>> The first is for a buffer overrun in engine_pkcs11's pin handling. The >>>> overrun occurs after the pin has been created with strdup() via >>>> set_pin(), when it is OPENSSL_cleanse() it always cleanses to >>>> MAX_PIN_LENGTH, which will cause free() to fail when the pin is short. >>>> The patch adds tracking of the pin length in a new static variable and >>>> uses it for all calls to OPENSSL_cleanse(). >>>> >>>> The second patch is to make libp11 swallow >>>> CKR_CRYPTOKI_ALREADY_INITIALIZED returns from C_Initialize(). It's an >>>> informational message and should not be bubbled up to the caller. >>>> >>>> Please take a look, >>>> - dds >>>> >>>> _______________________________________________ >>>> opensc-devel mailing list >>>> [email protected] >>>> http://www.opensc-project.org/mailman/listinfo/opensc-devel >>>> >>> >> > _______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
