Debian Patches

Status for softhsm2/2.6.1-2.2

Patch Description Author Forwarded Bugs Origin Last update
0001-Issue-548-Don-t-clean-up-engines-after-OpenSSL-has-a.patch Issue #548: Don't clean up engines after OpenSSL has already shut down

As of 1.1.0, OpenSSL registers its own atexit() handler to call
OPENSSL_cleanup(). If our own code subsequently tries to, for example,
unreference an ENGINE, then it'll crash or deadlock with a use after
free.

Fix it by registering a callback with OPENSSL_atexit() to be called when
OPENSSL_cleanup() is called. It sets a flag which prevents any further
touching of OpenSSL objects which would otherwise happen fairly much
immediately thereafter when our own OSSLCryptoFactory destructor gets
called by the C++ runtime's own atexit() handler.
David Woodhouse <dwmw2@infradead.org> no 2020-05-04
0002-Fix-OPENSSL_cleanup-detection-without-using-our-own-.patch Fix OPENSSL_cleanup() detection without using our own atexit() handler

We can't register our own atexit() or OPENSSL_atexit() handler because
there's no way to unregister it when the SoftHSM DSO is unloaded. This
causes the crash reported at https://bugzilla.redhat.com/1831086#c8

Instead of using that method to set a flag showing that OPENSSL_cleanup()
has occurred, instead test directly by calling OPENSSL_init_crypto() for
something that *would* do nothing, but will fail if OPENSSL_cleanup()
has indeed been run already.

has already shut down"
David Woodhouse <dwmw2@infradead.org> no 2020-05-13
0003-fix-ftbfs-with-opensslv3.patch [PATCH 1/4] openssl 3.0: Run DES tests only if OpenSSL allows it
OpenSSL 3.0 moves DES into a legacy provider which has to be loaded
explicitly. By default, it will not be loaded and DES methods in tests
will fail. Nest test blocks under successful initialization.
Alexander Bokovoy <abokovoy@redhat.com> no 2021-05-26

All known versions for source package 'softhsm2'

Links