/* * Copyright (C) 2017 Red Hat, Inc. * * Author: Nikos Mavrogiannopoulos * * This file is part of GnuTLS. * * GnuTLS is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * GnuTLS is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public License * along with GnuTLS; if not, write to the Free Software Foundation, * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H #include <config.h> #endif #include <stdio.h> #include <stdlib.h> #include <stdint.h> #include <string.h> #include <errno.h> #include <gnutls/gnutls.h> #include <gnutls/abstract.h> #include <gnutls/crypto.h> #include <signal.h> #include <unistd.h> #include <assert.h> #ifndef _WIN32 # include <netinet/in.h> # include <sys/types.h> # include <sys/socket.h> # include <sys/wait.h> # include <pthread.h> #endif #include "utils.h" #if !defined(HAVE___REGISTER_ATFORK) void doit(void) { exit(77); } #else #ifdef _WIN32 # define P11LIB "libpkcs11mock1.dll" #else # include <dlfcn.h> # define P11LIB "libpkcs11mock1.so" #endif /* Tests whether we can use gnutls_privkey_sign() under mutliple threads * with the same key when PKCS#11 is in use. */ #include "../cert-common.h" #define PIN "1234" static const gnutls_datum_t testdata = {(void*)"test test", 9}; static void tls_log_func(int level, const char *str) { fprintf(stderr, "|<%d>| %s", level, str); } static int pin_func(void* userdata, int attempt, const char* url, const char *label, unsigned flags, char *pin, size_t pin_max) { if (attempt == 0) { strcpy(pin, PIN); return 0; } return -1; } typedef struct thread_data_st { gnutls_privkey_t pkey; pthread_t id; } thread_data_st; static void *start_thread(void *arg) { thread_data_st *data = arg; int ret; gnutls_datum_t sig; ret = gnutls_privkey_sign_data(data->pkey, GNUTLS_DIG_SHA256, 0, &testdata, &sig); if (ret < 0) pthread_exit((void*)-2); gnutls_free(sig.data); pthread_exit(0); } #define MAX_THREADS 48 static void do_thread_stuff(gnutls_privkey_t pkey) { int ret; thread_data_st *data; unsigned i; void *retval; data = calloc(1, sizeof(thread_data_st)*MAX_THREADS); if (data == NULL) abort(); for (i=0;i<MAX_THREADS;i++) { data[i].pkey = pkey; ret = pthread_create(&data[i].id, NULL, start_thread, &data[i]); if (ret != 0) { fail("Error creating thread\n"); } } for (i=0;i<MAX_THREADS;i++) { ret = pthread_join(data[i].id, &retval); if (ret != 0 || retval != NULL) { fail("Error in %d: %p\n", (int)data[i].id, retval); } } free(data); } void doit(void) { int ret, status; const char *lib; gnutls_privkey_t pkey; pid_t pid; signal(SIGPIPE, SIG_IGN); gnutls_pkcs11_set_pin_function(pin_func, NULL); gnutls_global_set_log_function(tls_log_func); if (debug) gnutls_global_set_log_level(4711); lib = getenv("P11MOCKLIB1"); if (lib == NULL) lib = P11LIB; ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL); if (ret != 0) { fail("%d: %s\n", ret, gnutls_strerror(ret)); exit(1); } ret = gnutls_pkcs11_add_provider(lib, NULL); if (ret != 0) { fail("%d: %s\n", ret, gnutls_strerror(ret)); exit(1); } assert(gnutls_privkey_init(&pkey) == 0); ret = gnutls_privkey_import_url(pkey, "pkcs11:object=test", GNUTLS_PKCS11_OBJ_FLAG_LOGIN); if (ret < 0) { fprintf(stderr, "error in %d: %s\n", __LINE__, gnutls_strerror(ret)); exit(1); } /* fork to force PKCS#11 reinitialization */ pid = fork(); if (pid == -1) { exit(1); } else if (pid) { waitpid(pid, &status, 0); check_wait_status(status); goto cleanup; } do_thread_stuff(pkey); cleanup: gnutls_privkey_deinit(pkey); } #endif