On 2015-05-29, Stuart Henderson <[email protected]> wrote:
> On 2015-05-28, Peter Fraser <[email protected]> wrote:
>> Asterisk seems to run fine on 5.7 with one exception.
>> I normally have voice mail messages send as emails.
>> These emails are not being send.
>
> It's fixed in -current, for 5.7 try adding this to modules.conf and
> restarting asterisk:
>
> noload => res_xmpp.so
There is a chance that additional "noload" lines may be needed for anything
else that uses p11-kit.
> Alternatively I can put together a diff for p11-kit to work around it.
p11-kit diff here, I think this ought to do the trick, though running
-current may be easier ;)
Index: Makefile
===================================================================
RCS file: /cvs/ports/security/p11-kit/Makefile,v
retrieving revision 1.39
diff -u -p -r1.39 Makefile
--- Makefile 12 Oct 2014 06:16:19 -0000 1.39
+++ Makefile 29 May 2015 21:55:24 -0000
@@ -7,6 +7,7 @@ SHARED_ONLY= Yes
COMMENT= library for loading and enumurating of PKCS\#11 modules
DISTNAME= p11-kit-0.22.1
+REVISION= 0
CATEGORIES= security
Index: patches/patch-common_library_c
===================================================================
RCS file: patches/patch-common_library_c
diff -N patches/patch-common_library_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-common_library_c 29 May 2015 21:55:24 -0000
@@ -0,0 +1,35 @@
+$OpenBSD$
+--- common/library.c.orig Fri Oct 3 19:58:34 2014
++++ common/library.c Fri May 29 22:52:42 2015
+@@ -63,8 +63,6 @@ p11_mutex_t p11_library_mutex;
+ pthread_once_t p11_library_once = PTHREAD_ONCE_INIT;
+ #endif
+
+-unsigned int p11_forkid = 1;
+-
+ static char *
+ thread_local_message (void)
+ {
+@@ -105,13 +103,6 @@ _p11_library_get_thread_local (void)
+ return local;
+ }
+
+-static void
+-count_forks (void)
+-{
+- /* Thread safe, executed in child, one thread exists */
+- p11_forkid++;
+-}
+-
+ void
+ p11_library_init_impl (void)
+ {
+@@ -120,8 +111,6 @@ p11_library_init_impl (void)
+ p11_mutex_init (&p11_library_mutex);
+ pthread_key_create (&thread_local, free);
+ p11_message_storage = thread_local_message;
+-
+- pthread_atfork (NULL, NULL, count_forks);
+ }
+
+ void
Index: patches/patch-common_library_h
===================================================================
RCS file: patches/patch-common_library_h
diff -N patches/patch-common_library_h
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-common_library_h 29 May 2015 21:55:24 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- common/library.h.orig Fri Oct 3 19:58:34 2014
++++ common/library.h Fri May 29 22:52:42 2015
+@@ -44,8 +44,6 @@
+
+ extern p11_mutex_t p11_library_mutex;
+
+-extern unsigned int p11_forkid;
+-
+ #define p11_lock() p11_mutex_lock
(&p11_library_mutex);
+
+ #define p11_unlock() p11_mutex_unlock
(&p11_library_mutex);
Index: patches/patch-common_mock_c
===================================================================
RCS file: patches/patch-common_mock_c
diff -N patches/patch-common_mock_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-common_mock_c 29 May 2015 21:55:24 -0000
@@ -0,0 +1,11 @@
+$OpenBSD$
+--- common/mock.c.orig Mon Oct 6 06:29:32 2014
++++ common/mock.c Fri May 29 22:52:42 2015
+@@ -46,7 +46,6 @@
+ #include "debug.h"
+ #include "dict.h"
+ #include "array.h"
+-#include "library.h"
+
+ #include <assert.h>
+ #include <ctype.h>
Index: patches/patch-p11-kit_modules_c
===================================================================
RCS file: patches/patch-p11-kit_modules_c
diff -N patches/patch-p11-kit_modules_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-p11-kit_modules_c 29 May 2015 21:55:24 -0000
@@ -0,0 +1,152 @@
+$OpenBSD$
+--- p11-kit/modules.c.orig Mon Oct 6 06:29:32 2014
++++ p11-kit/modules.c Fri May 29 22:52:42 2015
+@@ -158,7 +158,7 @@ typedef struct _Module {
+
+ /* Initialization, mutex must be held */
+ p11_mutex_t initialize_mutex;
+- unsigned int initialize_called;
++ bool initialize_called;
+ p11_thread_id_t initialize_thread;
+ } Module;
+
+@@ -247,6 +247,7 @@ free_module_unlocked (void *data)
+ p11_debug_precond ("module unloaded without C_Finalize having
been "
+ "called for each C_Initialize");
+ } else {
++ assert (!mod->initialize_called);
+ assert (mod->initialize_thread == 0);
+ }
+
+@@ -632,7 +633,7 @@ initialize_module_inlock_reentrant (Module *mod)
+ p11_unlock ();
+ p11_mutex_lock (&mod->initialize_mutex);
+
+- if (mod->initialize_called != p11_forkid) {
++ if (!mod->initialize_called) {
+ p11_debug ("C_Initialize: calling");
+
+ rv = mod->virt.funcs.C_Initialize (&mod->virt.funcs,
+@@ -642,12 +643,10 @@ initialize_module_inlock_reentrant (Module *mod)
+
+ /* Module was initialized and C_Finalize should be called */
+ if (rv == CKR_OK)
+- mod->initialize_called = p11_forkid;
+- else
+- mod->initialize_called = 0;
++ mod->initialize_called = true;
+
+ /* Module was already initialized, we don't call C_Finalize */
+- if (rv == CKR_CRYPTOKI_ALREADY_INITIALIZED)
++ else if (rv == CKR_CRYPTOKI_ALREADY_INITIALIZED)
+ rv = CKR_OK;
+ }
+
+@@ -666,6 +665,31 @@ initialize_module_inlock_reentrant (Module *mod)
+ return rv;
+ }
+
++#ifdef OS_UNIX
++
++static void
++reinitialize_after_fork (void)
++{
++ p11_dictiter iter;
++ Module *mod;
++
++ p11_debug ("forked");
++
++ p11_lock ();
++
++ if (gl.modules) {
++ p11_dict_iterate (gl.modules, &iter);
++ while (p11_dict_next (&iter, (void **)&mod, NULL))
++ mod->initialize_called = false;
++ }
++
++ p11_unlock ();
++
++ p11_proxy_after_fork ();
++}
++
++#endif /* OS_UNIX */
++
+ static CK_RV
+ init_globals_unlocked (void)
+ {
+@@ -695,6 +719,9 @@ init_globals_unlocked (void)
+ if (once)
+ return CKR_OK;
+
++#ifdef OS_UNIX
++ pthread_atfork (NULL, NULL, reinitialize_after_fork);
++#endif
+ once = true;
+
+ return CKR_OK;
+@@ -750,9 +777,9 @@ finalize_module_inlock_reentrant (Module *mod)
+ p11_unlock ();
+ p11_mutex_lock (&mod->initialize_mutex);
+
+- if (mod->initialize_called == p11_forkid) {
++ if (mod->initialize_called) {
+ mod->virt.funcs.C_Finalize (&mod->virt.funcs, NULL);
+- mod->initialize_called = 0;
++ mod->initialize_called = false;
+ }
+
+ p11_mutex_unlock (&mod->initialize_mutex);
+@@ -1410,7 +1437,7 @@ cleanup:
+ typedef struct {
+ p11_virtual virt;
+ Module *mod;
+- unsigned int initialized;
++ pid_t initialized;
+ p11_dict *sessions;
+ } Managed;
+
+@@ -1420,12 +1447,14 @@ managed_C_Initialize (CK_X_FUNCTION_LIST *self,
+ {
+ Managed *managed = ((Managed *)self);
+ p11_dict *sessions;
++ pid_t pid;
+ CK_RV rv;
+
+ p11_debug ("in");
+ p11_lock ();
+
+- if (managed->initialized == p11_forkid) {
++ pid = getpid ();
++ if (managed->initialized == pid) {
+ rv = CKR_CRYPTOKI_ALREADY_INITIALIZED;
+
+ } else {
+@@ -1438,7 +1467,7 @@ managed_C_Initialize (CK_X_FUNCTION_LIST *self,
+ rv = initialize_module_inlock_reentrant (managed->mod);
+ if (rv == CKR_OK) {
+ managed->sessions = sessions;
+- managed->initialized = p11_forkid;
++ managed->initialized = pid;
+ } else {
+ p11_dict_free (sessions);
+ }
+@@ -1539,16 +1568,18 @@ managed_C_Finalize (CK_X_FUNCTION_LIST *self,
+ {
+ Managed *managed = ((Managed *)self);
+ CK_SESSION_HANDLE *sessions;
++ pid_t pid;
+ int count;
+ CK_RV rv;
+
+ p11_debug ("in");
+ p11_lock ();
+
++ pid = getpid ();
+ if (managed->initialized == 0) {
+ rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+
+- } else if (managed->initialized != p11_forkid) {
++ } else if (managed->initialized != pid) {
+ /*
+ * In theory we should be returning
CKR_CRYPTOKI_NOT_INITIALIZED here
+ * but enough callers are not completely aware of their forking.
Index: patches/patch-p11-kit_proxy_c
===================================================================
RCS file: patches/patch-p11-kit_proxy_c
diff -N patches/patch-p11-kit_proxy_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-p11-kit_proxy_c 29 May 2015 21:55:24 -0000
@@ -0,0 +1,152 @@
+$OpenBSD$
+--- p11-kit/proxy.c.orig Fri Oct 3 19:58:34 2014
++++ p11-kit/proxy.c Fri May 29 22:52:42 2015
+@@ -82,7 +82,6 @@ typedef struct {
+ unsigned int n_mappings;
+ p11_dict *sessions;
+ CK_FUNCTION_LIST **inited;
+- unsigned int forkid;
+ } Proxy;
+
+ typedef struct _State {
+@@ -97,8 +96,6 @@ static CK_FUNCTION_LIST **all_modules = NULL;
+ static State *all_instances = NULL;
+ static State global = { { { { -1, -1 }, NULL, }, }, NULL, NULL, FIRST_HANDLE,
NULL };
+
+-#define PROXY_VALID(px) ((px) && (px)->forkid == p11_forkid)
+-
+ #define MANUFACTURER_ID "PKCS#11 Kit "
+ #define LIBRARY_DESCRIPTION "PKCS#11 Kit Proxy Module "
+ #define LIBRARY_VERSION_MAJOR 1
+@@ -140,7 +137,7 @@ map_slot_to_real (Proxy *px,
+
+ p11_lock ();
+
+- if (!PROXY_VALID (px))
++ if (!px)
+ rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ else
+ rv = map_slot_unlocked (px, *slot, mapping);
+@@ -166,7 +163,7 @@ map_session_to_real (Proxy *px,
+
+ p11_lock ();
+
+- if (!PROXY_VALID (px)) {
++ if (!px) {
+ rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ } else {
+ assert (px->sessions);
+@@ -198,6 +195,40 @@ proxy_free (Proxy *py)
+ }
+ }
+
++void
++p11_proxy_after_fork (void)
++{
++ p11_array *array;
++ State *state;
++ unsigned int i;
++
++ /*
++ * After a fork the callers are supposed to call C_Initialize and all.
++ * In addition the underlying libraries may change their state so free
++ * up any mappings and all
++ */
++
++ array = p11_array_new (NULL);
++
++ p11_lock ();
++
++ if (global.px)
++ p11_array_push (array, global.px);
++ global.px = NULL;
++
++ for (state = all_instances; state != NULL; state = state->next)
{
++ if (state->px)
++ p11_array_push (array, state->px);
++ state->px = NULL;
++ }
++
++ p11_unlock ();
++
++ for (i = 0; i < array->num; i++)
++ proxy_free (array->elem[i]);
++ p11_array_free (array);
++}
++
+ static CK_RV
+ proxy_C_Finalize (CK_X_FUNCTION_LIST *self,
+ CK_VOID_PTR reserved)
+@@ -216,10 +247,8 @@ proxy_C_Finalize (CK_X_FUNCTION_LIST *self,
+ } else {
+ p11_lock ();
+
+- if (!PROXY_VALID (state->px)) {
++ if (!state->px) {
+ rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+- py = state->px;
+- state->px = NULL;
+ } else if (state->px->refs-- == 1) {
+ py = state->px;
+ state->px = NULL;
+@@ -258,8 +287,6 @@ proxy_create (Proxy **res)
+ py = calloc (1, sizeof (Proxy));
+ return_val_if_fail (py != NULL, CKR_HOST_MEMORY);
+
+- py->forkid = p11_forkid;
+-
+ py->inited = modules_dup (all_modules);
+ return_val_if_fail (py->inited != NULL, CKR_HOST_MEMORY);
+
+@@ -330,13 +357,10 @@ proxy_C_Initialize (CK_X_FUNCTION_LIST *self,
+
+ p11_lock ();
+
+- if (!PROXY_VALID (state->px)) {
++ if (state->px == NULL)
+ initialize = true;
+- proxy_free (state->px);
+- state->px = NULL;
+- } else {
++ else
+ state->px->refs++;
+- }
+
+ p11_unlock ();
+
+@@ -378,7 +402,7 @@ proxy_C_GetInfo (CK_X_FUNCTION_LIST *self,
+
+ p11_lock ();
+
+- if (!PROXY_VALID (state->px))
++ if (!state->px)
+ rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ p11_unlock ();
+@@ -414,7 +438,7 @@ proxy_C_GetSlotList (CK_X_FUNCTION_LIST *self,
+
+ p11_lock ();
+
+- if (!PROXY_VALID (state->px)) {
++ if (!state->px) {
+ rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ } else {
+ index = 0;
+@@ -562,7 +586,7 @@ proxy_C_OpenSession (CK_X_FUNCTION_LIST *self,
+ if (rv == CKR_OK) {
+ p11_lock ();
+
+- if (!PROXY_VALID (state->px)) {
++ if (!state->px) {
+ /*
+ * The underlying module should have returned
an error, so this
+ * code should never be reached with properly
behaving modules.
+@@ -626,7 +650,7 @@ proxy_C_CloseAllSessions (CK_X_FUNCTION_LIST *self,
+
+ p11_lock ();
+
+- if (!PROXY_VALID (state->px)) {
++ if (!state->px) {
+ rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ } else {
+ assert (state->px->sessions != NULL);
Index: patches/patch-p11-kit_proxy_h
===================================================================
RCS file: patches/patch-p11-kit_proxy_h
diff -N patches/patch-p11-kit_proxy_h
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-p11-kit_proxy_h 29 May 2015 21:55:24 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- p11-kit/proxy.h.orig Fri Oct 3 19:58:34 2014
++++ p11-kit/proxy.h Fri May 29 22:52:42 2015
+@@ -35,6 +35,8 @@
+ #ifndef __P11_PROXY_H__
+ #define __P11_PROXY_H__
+
++void p11_proxy_after_fork (void);
++
+ bool p11_proxy_module_check (CK_FUNCTION_LIST_PTR
module);
+
+ void p11_proxy_module_cleanup (void);
Index: patches/patch-p11-kit_rpc-client_c
===================================================================
RCS file: patches/patch-p11-kit_rpc-client_c
diff -N patches/patch-p11-kit_rpc-client_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-p11-kit_rpc-client_c 29 May 2015 21:55:24 -0000
@@ -0,0 +1,84 @@
+$OpenBSD$
+--- p11-kit/rpc-client.c.orig Mon Oct 6 06:29:32 2014
++++ p11-kit/rpc-client.c Fri May 29 22:52:42 2015
+@@ -56,7 +56,7 @@
+ typedef struct {
+ p11_mutex_t mutex;
+ p11_rpc_client_vtable *vtable;
+- unsigned int initialized_forkid;
++ pid_t initialized_pid;
+ bool initialize_done;
+ } rpc_client;
+
+@@ -80,7 +80,7 @@ call_prepare (rpc_client *module,
+ assert (module != NULL);
+ assert (msg != NULL);
+
+- if (module->initialized_forkid != p11_forkid)
++ if (module->initialized_pid == 0)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ if (!module->initialize_done)
+ return CKR_DEVICE_REMOVED;
+@@ -850,6 +850,7 @@ rpc_C_Initialize (CK_X_FUNCTION_LIST *self,
+ void *reserved = NULL;
+ CK_RV ret = CKR_OK;
+ p11_rpc_message msg;
++ pid_t pid;
+
+ assert (module != NULL);
+ p11_debug ("C_Initialize: enter");
+@@ -885,9 +886,10 @@ rpc_C_Initialize (CK_X_FUNCTION_LIST *self,
+
+ p11_mutex_lock (&module->mutex);
+
+- if (module->initialized_forkid != 0) {
++ pid = getpid ();
++ if (module->initialized_pid != 0) {
+ /* This process has called C_Initialize already */
+- if (p11_forkid == module->initialized_forkid) {
++ if (pid == module->initialized_pid) {
+ p11_message ("C_Initialize called twice for same
process");
+ ret = CKR_CRYPTOKI_ALREADY_INITIALIZED;
+ goto done;
+@@ -900,12 +902,12 @@ rpc_C_Initialize (CK_X_FUNCTION_LIST *self,
+
+ /* Successfully initialized */
+ if (ret == CKR_OK) {
+- module->initialized_forkid = p11_forkid;
++ module->initialized_pid = pid;
+ module->initialize_done = true;
+
+ /* Server doesn't exist, initialize but don't call */
+ } else if (ret == CKR_DEVICE_REMOVED) {
+- module->initialized_forkid = p11_forkid;
++ module->initialized_pid = pid;
+ module->initialize_done = false;
+ ret = CKR_OK;
+ goto done;
+@@ -926,7 +928,7 @@ rpc_C_Initialize (CK_X_FUNCTION_LIST *self,
+ done:
+ /* If failed then unmark initialized */
+ if (ret != CKR_OK && ret != CKR_CRYPTOKI_ALREADY_INITIALIZED)
+- module->initialized_forkid = 0;
++ module->initialized_pid = 0;
+
+ /* If we told our caller that we're initialized, but not really, then
finalize */
+ if (ret != CKR_OK && module->initialize_done) {
+@@ -950,7 +952,7 @@ rpc_C_Finalize (CK_X_FUNCTION_LIST *self,
+ p11_rpc_message msg;
+
+ p11_debug ("C_Finalize: enter");
+- return_val_if_fail (module->initialized_forkid == p11_forkid,
CKR_CRYPTOKI_NOT_INITIALIZED);
++ return_val_if_fail (module->initialized_pid != 0,
CKR_CRYPTOKI_NOT_INITIALIZED);
+ return_val_if_fail (!reserved, CKR_ARGUMENTS_BAD);
+
+ p11_mutex_lock (&module->mutex);
+@@ -968,7 +970,7 @@ rpc_C_Finalize (CK_X_FUNCTION_LIST *self,
+ (module->vtable->disconnect) (module->vtable, reserved);
+ }
+
+- module->initialized_forkid = 0;
++ module->initialized_pid = 0;
+
+ p11_mutex_unlock (&module->mutex);
+
Index: patches/patch-p11-kit_test-proxy_c
===================================================================
RCS file: patches/patch-p11-kit_test-proxy_c
diff -N patches/patch-p11-kit_test-proxy_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-p11-kit_test-proxy_c 29 May 2015 21:55:24 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- p11-kit/test-proxy.c.orig Mon Oct 6 06:29:32 2014
++++ p11-kit/test-proxy.c Fri May 29 22:52:42 2015
+@@ -76,7 +76,7 @@ test_initialize_finalize (void)
+ assert (rv == CKR_OK);
+
+ rv = proxy->C_Finalize (NULL);
+- assert_num_eq (rv, CKR_OK);
++ assert (rv == CKR_OK);
+
+ p11_proxy_module_cleanup ();
+ }
Index: patches/patch-p11-kit_test-rpc_c
===================================================================
RCS file: patches/patch-p11-kit_test-rpc_c
diff -N patches/patch-p11-kit_test-rpc_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-p11-kit_test-rpc_c 29 May 2015 21:55:24 -0000
@@ -0,0 +1,82 @@
+$OpenBSD$
+--- p11-kit/test-rpc.c.orig Mon Oct 6 06:29:32 2014
++++ p11-kit/test-rpc.c Fri May 29 22:52:42 2015
+@@ -353,15 +353,17 @@ test_byte_array_static (void)
+ }
+
+ static p11_virtual base;
+-static unsigned int rpc_initialized = 0;
++static pid_t rpc_initialized = 0;
+
+ static CK_RV
+ rpc_initialize (p11_rpc_client_vtable *vtable,
+ void *init_reserved)
+ {
++ pid_t pid = getpid ();
++
+ assert_str_eq (vtable->data, "vtable-data");
+- assert_num_cmp (p11_forkid, !=, rpc_initialized);
+- rpc_initialized = p11_forkid;
++ assert_num_cmp (pid, !=, rpc_initialized);
++ rpc_initialized = pid;
+
+ return CKR_OK;
+ }
+@@ -370,8 +372,10 @@ static CK_RV
+ rpc_initialize_fails (p11_rpc_client_vtable *vtable,
+ void *init_reserved)
+ {
++ pid_t pid = getpid ();
++
+ assert_str_eq (vtable->data, "vtable-data");
+- assert_num_cmp (p11_forkid, !=, rpc_initialized);
++ assert_num_cmp (pid, !=, rpc_initialized);
+ return CKR_FUNCTION_FAILED;
+ }
+
+@@ -379,8 +383,10 @@ static CK_RV
+ rpc_initialize_device_removed (p11_rpc_client_vtable *vtable,
+ void *init_reserved)
+ {
++ pid_t pid = getpid ();
++
+ assert_str_eq (vtable->data, "vtable-data");
+- assert_num_cmp (p11_forkid, !=, rpc_initialized);
++ assert_num_cmp (pid, !=, rpc_initialized);
+ return CKR_DEVICE_REMOVED;
+ }
+
+@@ -404,8 +410,10 @@ static void
+ rpc_finalize (p11_rpc_client_vtable *vtable,
+ void *fini_reserved)
+ {
++ pid_t pid = getpid ();
++
+ assert_str_eq (vtable->data, "vtable-data");
+- assert_num_cmp (p11_forkid, ==, rpc_initialized);
++ assert_num_cmp (pid, ==, rpc_initialized);
+ rpc_initialized = 0;
+ }
+
+@@ -413,6 +421,7 @@ static void
+ test_initialize (void)
+ {
+ p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize,
rpc_transport, rpc_finalize };
++ pid_t pid = getpid ();
+ p11_virtual mixin;
+ bool ret;
+ CK_RV rv;
+@@ -426,11 +435,11 @@ test_initialize (void)
+
+ rv = mixin.funcs.C_Initialize (&mixin.funcs, NULL);
+ assert (rv == CKR_OK);
+- assert_num_eq (p11_forkid, rpc_initialized);
++ assert_num_eq (pid, rpc_initialized);
+
+ rv = mixin.funcs.C_Finalize (&mixin.funcs, NULL);
+ assert (rv == CKR_OK);
+- assert_num_cmp (p11_forkid, !=, rpc_initialized);
++ assert_num_cmp (pid, !=, rpc_initialized);
+
+ p11_virtual_uninit (&mixin);
+ }
