import OL opencryptoki-3.22.0-3.el8_10.1

.opencryptoki.metadata

@@ -0,0 +1 @@
+4618b82afde56a8177e888c26d336c6f521bed8a SOURCES/opencryptoki-3.22.0.tar.gz

SOURCES/3.22-CCA-Adjust-CCA-host-library-version-detection-for-ne.patch

@@ -0,0 +1,55 @@
+From 742463a3c5a25313ab7ceb578d81b9998db65f67 Mon Sep 17 00:00:00 2001
+From: Ingo Franzki <ifranzki@linux.ibm.com>
+Date: Wed, 2 Apr 2025 16:36:45 +0200
+Subject: [PATCH] CCA: Adjust CCA host library version detection for newer CCA
+ versions
+
+Newer CCA versions might report the version string with CSUACFV or CSUACFQ
+with keyword STATCCA using a different indicator character after the version
+information. Ignore the indication character and the remaining data entirely.
+Only the version information as such is of interest.
+
+Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
+---
+ usr/lib/cca_stdll/cca_specific.c | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/usr/lib/cca_stdll/cca_specific.c b/usr/lib/cca_stdll/cca_specific.c
+index 80369248..08e794d0 100644
+--- a/usr/lib/cca_stdll/cca_specific.c
++++ b/usr/lib/cca_stdll/cca_specific.c
+@@ -751,7 +751,6 @@ static CK_RV cca_get_version(STDLL_TokData_t *tokdata)
+     long return_code, reason_code;
+     long version_data_length;
+     long exit_data_len = 0;
+-    char date[20];
+ 
+     /* Get CCA host library version */
+     version_data_length = sizeof(version_data);
+@@ -767,10 +766,10 @@ static CK_RV cca_get_version(STDLL_TokData_t *tokdata)
+     version_data[sizeof(version_data) - 1] = '\0';
+     TRACE_DEVEL("CCA Version string: %s\n", version_data);
+ 
+-    if (sscanf((char *)version_data, "%u.%u.%uz%s",
++    if (sscanf((char *)version_data, "%u.%u.%u",
+                &cca_private->cca_lib_version.ver,
+                &cca_private->cca_lib_version.rel,
+-               &cca_private->cca_lib_version.mod, date) != 4) {
++               &cca_private->cca_lib_version.mod) != 3) {
+         TRACE_ERROR("CCA library version is invalid: %s\n", version_data);
+         return CKR_FUNCTION_FAILED;
+     }
+@@ -3431,8 +3430,8 @@ static CK_RV cca_get_adapter_version(cca_min_card_version_t *data)
+     memcpy(ccaversion, &rule_array[CCA_STATCCA_CCA_VERSION_OFFSET],
+            CCA_STATCCA_CCA_VERSION_LENGTH);
+ 
+-    if (sscanf(ccaversion, "%d.%d.%02d*", (int *)&adapter_version.ver,
+-               (int *)&adapter_version.rel, (int *)&adapter_version.mod) != 3) {
++    if (sscanf(ccaversion, "%u.%u.%u", &adapter_version.ver,
++               &adapter_version.rel, &adapter_version.mod) != 3) {
+         TRACE_ERROR("sscanf of string %s failed, cannot determine CCA card version\n",
+                     ccaversion);
+         return CKR_FUNCTION_FAILED;
+-- 
+2.16.2.windows.1
+

SPECS/opencryptoki.spec

@@ -1,7 +1,7 @@
 Name: opencryptoki
 Summary: Implementation of the PKCS#11 (Cryptoki) specification v3.0
 Version: 3.22.0
-Release: 3%{?dist}
+Release: 3%{?dist}.1
 License: CPL
 Group: System Environment/Base
 URL: https://github.com/opencryptoki/opencryptoki
@@ -21,6 +21,8 @@ Patch21: opencryptoki-CVE-2024-0914-part2.patch
 Patch22: opencryptoki-CVE-2024-0914-part3.patch
 Patch23: opencryptoki-CVE-2024-0914-part4.patch
 Patch24: opencryptoki-CVE-2024-0914-part5.patch
+# supporting CCA 8.4
+Patch25: 3.22-CCA-Adjust-CCA-host-library-version-detection-for-ne.patch
 
 Requires(pre): coreutils diffutils
 Requires: (selinux-policy >= 3.14.3-121 if selinux-policy-targeted)
@@ -381,6 +383,9 @@ fi
 
 
 %changelog
+* Mon Aug 11 2025 Than Ngo <than@redhat.com> - 3.22.0-3.1
+- Resolves: RHEL-105918, fix for supporting CCA 8.4
+
 * Fri Feb 16 2024 Than Ngo <than@redhat.com> - 3.22.0-3
 - Fix implicit rejection with RSA keys with empty CKA_PRIVATE_EXPONENT
 Related: RHEL-22791