Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
framework-pkcs15: Duplicate public key related to private key rather than referencing the framework object #282
Referencing the related public key is required to return PKCS#11 attributes for a private key only available in the public key object (i.e. CKA_MODULUS). This patch adds a copy of the public key to the private key object rather than referencing the public key object in the framework. This prevents SEGV when the public key framework object is deleted with C_DestroyObject, but the reference from the public key remains intact.
The bug leads to all kind of stability problems when keys are created and deleted in the same session.
The patch is in particular important if OpenSC is used with EJBCA or any other application using the SUN PKCS#11 provider: When generating key pairs, then the public key object is eventually garbage collected which removes the related object in the PKCS#11 module. Because there is no fixed time for this operation, corruption occurs at random.
In a next step, the remaining related_xxx fields in sc_pkcs11_object should be revised and possibly removed.