opencryptoki-3.4-1

This commit is contained in:
Jakub Jelen 2015-11-18 09:36:42 +01:00
parent 7c2a3dca39
commit 7c890fb2e4
5 changed files with 12 additions and 734 deletions

1
.gitignore vendored
View File

@ -10,3 +10,4 @@ opencryptoki-2.3.1.tar.gz
/opencryptoki-v3.1.tgz /opencryptoki-v3.1.tgz
/opencryptoki-v3.2.tgz /opencryptoki-v3.2.tgz
/opencryptoki-v3.3.tgz /opencryptoki-v3.3.tgz
/opencryptoki-v3.4.tgz

View File

@ -1,390 +0,0 @@
diff -up opencryptoki/configure.in.source opencryptoki/configure.in
--- opencryptoki/configure.in.source 2015-07-15 17:19:40.000000000 +0200
+++ opencryptoki/configure.in 2015-08-27 13:46:22.554043041 +0200
@@ -4,7 +4,7 @@ AC_INIT([openCryptoki],[3.3],[opencrypto
dnl Needed for $target!
AC_CANONICAL_SYSTEM
-AM_INIT_AUTOMAKE([foreign 1.6])
+AM_INIT_AUTOMAKE([foreign 1.6 subdir-objects])
dnl Checks for header files.
AC_DISABLE_STATIC
diff -up opencryptoki/usr/lib/pkcs11/cca_stdll/cca_specific.c.source opencryptoki/usr/lib/pkcs11/cca_stdll/cca_specific.c
--- opencryptoki/usr/lib/pkcs11/cca_stdll/cca_specific.c.source 2015-07-15 17:19:40.000000000 +0200
+++ opencryptoki/usr/lib/pkcs11/cca_stdll/cca_specific.c 2015-08-27 13:46:22.554043041 +0200
@@ -2336,40 +2336,3 @@ token_specific_object_add(OBJECT *object
return CKR_OK;
}
-
-CK_RV
-get_ecsiglen(OBJECT *key_obj, CK_ULONG *size)
-{
- CK_BBOOL flag;
- CK_ATTRIBUTE *attr = NULL;
- int i;
-
- flag = template_attribute_find( key_obj->template,
- CKA_ECDSA_PARAMS, &attr );
- if (flag == FALSE) {
- TRACE_ERROR("Could not find CKA_ECDSA_PARAMS for the key.\n");
- return CKR_FUNCTION_FAILED;
- }
-
- /* loop thru supported curves to find the size.
- * both pkcs#11v2.20 and CCA expect the signature length to be
- * twice the length of p.
- * (See EC Signatures in pkcs#11v2.20 and docs for CSNDDSG.)
- */
- for (i = 0; i < NUMEC; i++) {
- if ((memcmp(attr->pValue, der_ec_supported[i].data,
- attr->ulValueLen) == 0)) {
- *size = der_ec_supported[i].len_bits;
- /* round up if necessary */
- if ((*size % 8) == 0)
- *size = (*size / 8) * 2;
- else
- *size = ((*size / 8) + 1) * 2;
- TRACE_DEVEL("getlen, curve = %d, size = %d\n", der_ec_supported[i].len_bits, *size);
- return CKR_OK;
- }
- }
-
- TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));
- return CKR_MECHANISM_PARAM_INVALID;
-}
diff -up opencryptoki/usr/lib/pkcs11/common/btree.c.source opencryptoki/usr/lib/pkcs11/common/btree.c
--- opencryptoki/usr/lib/pkcs11/common/btree.c.source 2015-07-15 17:19:40.000000000 +0200
+++ opencryptoki/usr/lib/pkcs11/common/btree.c 2015-08-27 13:46:22.554043041 +0200
@@ -231,7 +231,7 @@ bt_node_free(struct btree *t, unsigned l
*
* return 0 if binary tree has at least 1 node in use, !0 otherwise
*/
-inline int
+extern inline int
bt_is_empty(struct btree *t)
{
return (t->free_nodes == t->size);
diff -up opencryptoki/usr/lib/pkcs11/common/ec_defs.h.source opencryptoki/usr/lib/pkcs11/common/ec_defs.h
--- opencryptoki/usr/lib/pkcs11/common/ec_defs.h.source 2015-07-15 17:19:40.000000000 +0200
+++ opencryptoki/usr/lib/pkcs11/common/ec_defs.h 2015-08-27 13:46:22.555043039 +0200
@@ -30,18 +30,18 @@
/* Supported Elliptic Curves */
#define NUMEC 12 /* number of supported curves */
-CK_BYTE brainpoolP160r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x01 };
-CK_BYTE brainpoolP192r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x03 };
-CK_BYTE brainpoolP224r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x05 };
-CK_BYTE brainpoolP256r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x07 };
-CK_BYTE brainpoolP320r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x09 };
-CK_BYTE brainpoolP384r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0B };
-CK_BYTE brainpoolP512r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0D };
-CK_BYTE prime192[] = { 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x01 };
-CK_BYTE secp224[] = { 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x21 };
-CK_BYTE prime256[] = { 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07 };
-CK_BYTE secp384[] = { 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22 };
-CK_BYTE secp521[] = { 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23 };
+extern CK_BYTE brainpoolP160r1[];
+extern CK_BYTE brainpoolP192r1[];
+extern CK_BYTE brainpoolP224r1[];
+extern CK_BYTE brainpoolP256r1[];
+extern CK_BYTE brainpoolP320r1[];
+extern CK_BYTE brainpoolP384r1[];
+extern CK_BYTE brainpoolP512r1[];
+extern CK_BYTE prime192[];
+extern CK_BYTE secp224[];
+extern CK_BYTE prime256[];
+extern CK_BYTE secp384[];
+extern CK_BYTE secp521[];
// structure of supported Elliptic Curves
@@ -52,19 +52,5 @@ struct _ec {
CK_VOID_PTR data;
}__attribute__ ((__packed__));
-struct _ec der_ec_supported[NUMEC] = {
- {BRAINPOOL_CURVE, CURVE160, sizeof(brainpoolP160r1), &brainpoolP160r1},
- {BRAINPOOL_CURVE, CURVE192, sizeof(brainpoolP192r1), &brainpoolP192r1},
- {BRAINPOOL_CURVE, CURVE224, sizeof(brainpoolP224r1), &brainpoolP224r1},
- {BRAINPOOL_CURVE, CURVE256, sizeof(brainpoolP256r1), &brainpoolP256r1},
- {BRAINPOOL_CURVE, CURVE320, sizeof(brainpoolP320r1), &brainpoolP320r1},
- {BRAINPOOL_CURVE, CURVE384, sizeof(brainpoolP384r1), &brainpoolP384r1},
- {BRAINPOOL_CURVE, CURVE512, sizeof(brainpoolP512r1), &brainpoolP512r1},
- {PRIME_CURVE, CURVE192, sizeof(prime192), &prime192},
- {PRIME_CURVE, CURVE224, sizeof(secp224), &secp224},
- {PRIME_CURVE, CURVE256, sizeof(prime256), &prime256},
- {PRIME_CURVE, CURVE384, sizeof(secp384), &secp384},
- {PRIME_CURVE, CURVE521, sizeof(secp521), &secp521},
-};
-
+extern struct _ec der_ec_supported[NUMEC];
#endif
diff -up opencryptoki/usr/lib/pkcs11/common/mech_ec.c.source opencryptoki/usr/lib/pkcs11/common/mech_ec.c
--- opencryptoki/usr/lib/pkcs11/common/mech_ec.c.source 2015-07-15 17:19:40.000000000 +0200
+++ opencryptoki/usr/lib/pkcs11/common/mech_ec.c 2015-08-27 13:47:18.703913315 +0200
@@ -20,6 +20,36 @@
#include "h_extern.h"
#include "tok_spec_struct.h"
#include "trace.h"
+#include <stdint.h>
+#include "ec_defs.h"
+
+CK_BYTE brainpoolP160r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x01 };
+CK_BYTE brainpoolP192r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x03 };
+CK_BYTE brainpoolP224r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x05 };
+CK_BYTE brainpoolP256r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x07 };
+CK_BYTE brainpoolP320r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x09 };
+CK_BYTE brainpoolP384r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0B };
+CK_BYTE brainpoolP512r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0D };
+CK_BYTE prime192[] = { 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x01 };
+CK_BYTE secp224[] = { 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x21 };
+CK_BYTE prime256[] = { 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07 };
+CK_BYTE secp384[] = { 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22 };
+CK_BYTE secp521[] = { 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23 };
+
+struct _ec der_ec_supported[NUMEC] = {
+ {BRAINPOOL_CURVE, CURVE160, sizeof(brainpoolP160r1), &brainpoolP160r1},
+ {BRAINPOOL_CURVE, CURVE192, sizeof(brainpoolP192r1), &brainpoolP192r1},
+ {BRAINPOOL_CURVE, CURVE224, sizeof(brainpoolP224r1), &brainpoolP224r1},
+ {BRAINPOOL_CURVE, CURVE256, sizeof(brainpoolP256r1), &brainpoolP256r1},
+ {BRAINPOOL_CURVE, CURVE320, sizeof(brainpoolP320r1), &brainpoolP320r1},
+ {BRAINPOOL_CURVE, CURVE384, sizeof(brainpoolP384r1), &brainpoolP384r1},
+ {BRAINPOOL_CURVE, CURVE512, sizeof(brainpoolP512r1), &brainpoolP512r1},
+ {PRIME_CURVE, CURVE192, sizeof(prime192), &prime192},
+ {PRIME_CURVE, CURVE224, sizeof(secp224), &secp224},
+ {PRIME_CURVE, CURVE256, sizeof(prime256), &prime256},
+ {PRIME_CURVE, CURVE384, sizeof(secp384), &secp384},
+ {PRIME_CURVE, CURVE521, sizeof(secp521), &secp521},
+};
CK_RV
ckm_ec_key_pair_gen( TEMPLATE * publ_tmpl,
@@ -66,6 +96,43 @@ ckm_ec_sign( CK_BYTE *in_data,
}
CK_RV
+get_ecsiglen(OBJECT *key_obj, CK_ULONG *size)
+{
+ CK_BBOOL flag;
+ CK_ATTRIBUTE *attr = NULL;
+ int i;
+
+ flag = template_attribute_find( key_obj->template,
+ CKA_ECDSA_PARAMS, &attr );
+ if (flag == FALSE) {
+ TRACE_ERROR("Could not find CKA_ECDSA_PARAMS for the key.\n");
+ return CKR_FUNCTION_FAILED;
+ }
+
+ /* loop thru supported curves to find the size.
+ * both pkcs#11v2.20 and CCA expect the signature length to be
+ * twice the length of p.
+ * (See EC Signatures in pkcs#11v2.20 and docs for CSNDDSG.)
+ */
+ for (i = 0; i < NUMEC; i++) {
+ if ((memcmp(attr->pValue, der_ec_supported[i].data,
+ attr->ulValueLen) == 0)) {
+ *size = der_ec_supported[i].len_bits;
+ /* round up if necessary */
+ if ((*size % 8) == 0)
+ *size = (*size / 8) * 2;
+ else
+ *size = ((*size / 8) + 1) * 2;
+ TRACE_DEVEL("getlen, curve = %d, size = %d\n", der_ec_supported[i].len_bits, *size);
+ return CKR_OK;
+ }
+ }
+
+ TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));
+ return CKR_MECHANISM_PARAM_INVALID;
+}
+
+CK_RV
ec_sign( SESSION *sess,
CK_BBOOL length_only,
SIGN_VERIFY_CONTEXT *ctx,
diff -up opencryptoki/usr/lib/pkcs11/common/mech_rng.c.source opencryptoki/usr/lib/pkcs11/common/mech_rng.c
--- opencryptoki/usr/lib/pkcs11/common/mech_rng.c.source 2015-07-15 17:19:40.000000000 +0200
+++ opencryptoki/usr/lib/pkcs11/common/mech_rng.c 2015-08-27 13:46:22.555043039 +0200
@@ -301,6 +301,7 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
+#include <unistd.h>
#include "pkcs11types.h"
#include "defs.h"
diff -up opencryptoki/usr/lib/pkcs11/ica_s390_stdll/Makefile.am.source opencryptoki/usr/lib/pkcs11/ica_s390_stdll/Makefile.am
--- opencryptoki/usr/lib/pkcs11/ica_s390_stdll/Makefile.am.source 2015-07-15 17:19:40.000000000 +0200
+++ opencryptoki/usr/lib/pkcs11/ica_s390_stdll/Makefile.am 2015-08-27 13:46:22.555043039 +0200
@@ -28,12 +28,14 @@ opencryptoki_stdll_libpkcs11_ica_la_SOUR
../common/dig_mgr.c \
../common/encr_mgr.c \
../common/globals.c \
+ ../common/sw_crypt.c \
../common/loadsave.c \
../common/key.c \
../common/key_mgr.c \
../common/mech_des.c \
../common/mech_des3.c \
../common/mech_aes.c \
+ ../common/mech_ec.c \
../common/mech_md5.c \
../common/mech_md2.c \
../common/mech_rng.c \
diff -up opencryptoki/usr/lib/pkcs11/icsf_stdll/icsf.c.source opencryptoki/usr/lib/pkcs11/icsf_stdll/icsf.c
--- opencryptoki/usr/lib/pkcs11/icsf_stdll/icsf.c.source 2015-07-15 17:19:40.000000000 +0200
+++ opencryptoki/usr/lib/pkcs11/icsf_stdll/icsf.c 2015-08-27 13:46:22.556043037 +0200
@@ -15,6 +15,7 @@
#include <string.h>
#include <ctype.h>
#include "icsf.h"
+#include <lber.h>
/* For logging functions: */
#include "defs.h"
diff -up opencryptoki/usr/lib/pkcs11/icsf_stdll/Makefile.am.source opencryptoki/usr/lib/pkcs11/icsf_stdll/Makefile.am
--- opencryptoki/usr/lib/pkcs11/icsf_stdll/Makefile.am.source 2015-07-15 17:19:40.000000000 +0200
+++ opencryptoki/usr/lib/pkcs11/icsf_stdll/Makefile.am 2015-08-27 13:46:22.556043037 +0200
@@ -24,7 +24,8 @@ opencryptoki_stdll_libpkcs11_icsf_la_LDF
-lcrypto \
-lldap \
-lpthread \
- -lrt
+ -lrt \
+ -llber
opencryptoki_stdll_libpkcs11_icsf_la_SOURCES = ../common/asn1.c \
../common/btree.c \
@@ -40,6 +41,7 @@ opencryptoki_stdll_libpkcs11_icsf_la_SOU
../common/dp_obj.c \
../common/mech_aes.c \
../common/mech_rsa.c \
+ ../common/mech_ec.c \
../common/obj_mgr.c \
../common/template.c \
../common/p11util.c \
@@ -51,6 +53,7 @@ opencryptoki_stdll_libpkcs11_icsf_la_SOU
../common/object.c \
../common/decr_mgr.c \
../common/globals.c \
+ ../common/sw_crypt.c \
../common/loadsave.c \
../common/utility.c \
../common/mech_des.c \
diff -up opencryptoki/usr/lib/pkcs11/soft_stdll/Makefile.am.source opencryptoki/usr/lib/pkcs11/soft_stdll/Makefile.am
--- opencryptoki/usr/lib/pkcs11/soft_stdll/Makefile.am.source 2015-07-15 17:19:40.000000000 +0200
+++ opencryptoki/usr/lib/pkcs11/soft_stdll/Makefile.am 2015-08-27 13:46:22.556043037 +0200
@@ -23,6 +23,7 @@ opencryptoki_stdll_libpkcs11_sw_la_SOURC
../common/dig_mgr.c \
../common/encr_mgr.c \
../common/globals.c \
+ ../common/sw_crypt.c \
../common/loadsave.c \
../common/key.c \
../common/key_mgr.c \
@@ -36,6 +37,7 @@ opencryptoki_stdll_libpkcs11_sw_la_SOURC
../common/mech_rsa.c \
../common/mech_sha.c \
../common/mech_ssl3.c \
+ ../common/mech_ec.c \
../common/new_host.c \
../common/obj_mgr.c \
../common/object.c \
diff -up opencryptoki/usr/lib/pkcs11/tpm_stdll/Makefile.am.source opencryptoki/usr/lib/pkcs11/tpm_stdll/Makefile.am
--- opencryptoki/usr/lib/pkcs11/tpm_stdll/Makefile.am.source 2015-07-15 17:19:40.000000000 +0200
+++ opencryptoki/usr/lib/pkcs11/tpm_stdll/Makefile.am 2015-08-27 13:46:22.556043037 +0200
@@ -28,6 +28,7 @@ opencryptoki_stdll_libpkcs11_tpm_la_SOUR
../common/key.c \
../common/mech_dh.c \
../common/mech_rng.c \
+ ../common/mech_ec.c \
../common/new_host.c \
../common/sign_mgr.c \
../common/cert.c \
@@ -46,6 +47,7 @@ opencryptoki_stdll_libpkcs11_tpm_la_SOUR
../common/object.c \
../common/decr_mgr.c \
../common/globals.c \
+ ../common/sw_crypt.c \
../common/loadsave.c \
../common/utility.c \
../common/mech_des.c \
diff -up opencryptoki/usr/sbin/pkcsicsf/pkcsicsf.c.source opencryptoki/usr/sbin/pkcsicsf/pkcsicsf.c
--- opencryptoki/usr/sbin/pkcsicsf/pkcsicsf.c.source 2015-07-15 17:19:40.000000000 +0200
+++ opencryptoki/usr/sbin/pkcsicsf/pkcsicsf.c 2015-08-27 13:46:22.556043037 +0200
@@ -8,6 +8,7 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
+#include <strings.h>
#include "icsf.h"
#include "slotmgr.h"
diff -up opencryptoki/usr/sbin/pkcsslotd/garbage_linux.c.source opencryptoki/usr/sbin/pkcsslotd/garbage_linux.c
--- opencryptoki/usr/sbin/pkcsslotd/garbage_linux.c.source 2015-07-15 17:19:40.000000000 +0200
+++ opencryptoki/usr/sbin/pkcsslotd/garbage_linux.c 2015-08-27 13:46:22.556043037 +0200
@@ -294,6 +294,7 @@
#include <string.h>
#include <sys/types.h>
#include <fcntl.h>
+#include <unistd.h>
#include "log.h"
#include "slotmgr.h"
diff -up opencryptoki/usr/sbin/pkcsslotd/log.c.source opencryptoki/usr/sbin/pkcsslotd/log.c
--- opencryptoki/usr/sbin/pkcsslotd/log.c.source 2015-07-15 17:19:40.000000000 +0200
+++ opencryptoki/usr/sbin/pkcsslotd/log.c 2015-08-27 13:46:22.557043034 +0200
@@ -294,6 +294,8 @@
#include <syslog.h>
#include <stdarg.h>
#include <sys/types.h>
+#include <unistd.h>
+#include <stdlib.h>
#include "log.h"
#include "err.h"
diff -up opencryptoki/usr/sbin/pkcsslotd/mutex.c.source opencryptoki/usr/sbin/pkcsslotd/mutex.c
--- opencryptoki/usr/sbin/pkcsslotd/mutex.c.source 2015-07-15 17:19:40.000000000 +0200
+++ opencryptoki/usr/sbin/pkcsslotd/mutex.c 2015-08-27 13:46:22.557043034 +0200
@@ -292,6 +292,9 @@
#include <stdarg.h>
#include <sys/types.h>
#include <sys/file.h>
+#include <sys/stat.h>
+#include <string.h>
+#include <unistd.h>
#include <grp.h>
#include "log.h"
diff -up opencryptoki/usr/sbin/pkcsslotd/slotmgr.c.source opencryptoki/usr/sbin/pkcsslotd/slotmgr.c
--- opencryptoki/usr/sbin/pkcsslotd/slotmgr.c.source 2015-07-15 17:19:40.000000000 +0200
+++ opencryptoki/usr/sbin/pkcsslotd/slotmgr.c 2015-08-27 13:46:22.557043034 +0200
@@ -292,9 +292,12 @@
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
+#include <unistd.h>
#include "log.h"
#include "slotmgr.h"
+#include "pkcsslotd.h"
+#include "parser.h"
Slot_Mgr_Shr_t *shmp; // pointer to the shared memory region.
int shmid;
diff --git a/usr/lib/pkcs11/icsf_stdll/icsf_specific.c b/usr/lib/pkcs11/icsf_stdll/icsf_specific.c
index 74b07b7..1158eb5 100644
--- a/usr/lib/pkcs11/icsf_stdll/icsf_specific.c
+++ b/usr/lib/pkcs11/icsf_stdll/icsf_specific.c
@@ -929,7 +929,7 @@ static CK_RV close_session(struct session_state *session_state)
if ((rc = icsf_destroy_object(session_state->ld, &reason,
&mapping->icsf_object))) {
/* Log error */
- TRACE_EBUG("Failed to remove icsf object: %s/%lu/%c",
+ TRACE_DEBUG("Failed to remove icsf object: %s/%lu/%c",
mapping->icsf_object.token_name,
mapping->icsf_object.sequence,
mapping->icsf_object.id);

View File

@ -1,336 +0,0 @@
diff --git a/usr/lib/pkcs11/common/encr_mgr.c b/usr/lib/pkcs11/common/encr_mgr.c
index 50fa661..e12aec8 100755
--- a/usr/lib/pkcs11/common/encr_mgr.c
+++ b/usr/lib/pkcs11/common/encr_mgr.c
@@ -764,7 +764,6 @@ encr_mgr_init( SESSION * sess,
break;
case CKM_AES_CTR:
{
- CK_AES_CTR_PARAMS aesctr;
if (mech->ulParameterLen != sizeof(CK_AES_CTR_PARAMS)){
TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));
return CKR_MECHANISM_PARAM_INVALID;
diff --git a/usr/lib/pkcs11/common/mech_aes.c b/usr/lib/pkcs11/common/mech_aes.c
index 453253d..4eacad5 100644
--- a/usr/lib/pkcs11/common/mech_aes.c
+++ b/usr/lib/pkcs11/common/mech_aes.c
@@ -2671,7 +2671,6 @@ aes_mac_verify_update( SESSION * sess,
{
CK_ULONG rc;
OBJECT * key_obj = NULL;
- CK_ULONG mac_len;
AES_DATA_CONTEXT * context = NULL;
CK_BYTE * cipher = NULL;
CK_ULONG total, remain, out_len;
diff --git a/usr/lib/pkcs11/common/mech_ec.c b/usr/lib/pkcs11/common/mech_ec.c
index 88bb08e..4817b45 100644
--- a/usr/lib/pkcs11/common/mech_ec.c
+++ b/usr/lib/pkcs11/common/mech_ec.c
@@ -143,7 +143,6 @@ ec_sign( SESSION *sess,
{
OBJECT *key_obj = NULL;
CK_ULONG plen;
- CK_BBOOL flag;
CK_RV rc;
if (!sess || !ctx || !out_data_len){
@@ -225,7 +224,6 @@ ec_verify(SESSION *sess,
{
OBJECT *key_obj = NULL;
CK_ULONG plen;
- CK_BBOOL flag;
CK_RV rc;
diff --git a/usr/lib/pkcs11/common/mech_rsa.c b/usr/lib/pkcs11/common/mech_rsa.c
index 60cac63..0430863 100755
--- a/usr/lib/pkcs11/common/mech_rsa.c
+++ b/usr/lib/pkcs11/common/mech_rsa.c
@@ -776,7 +776,7 @@ CK_RV rsa_oaep_crypt(SESSION *sess, CK_BBOOL length_only,
CK_ULONG *out_data_len, CK_BBOOL encrypt)
{
OBJECT *key_obj = NULL;
- CK_ULONG hlen, modulus_bytes, mgf_mech;
+ CK_ULONG hlen, modulus_bytes;
CK_OBJECT_CLASS keyclass;
CK_BYTE hash[MAX_SHA_HASH_SIZE];
CK_RV rc;
@@ -1536,9 +1536,8 @@ CK_RV rsa_pss_verify(SESSION *sess, SIGN_VERIFY_CONTEXT *ctx, CK_BYTE *in_data,
{
CK_RV rc;
OBJECT *key_obj = NULL;
- CK_ULONG modulus_bytes, hlen;
+ CK_ULONG modulus_bytes;
CK_OBJECT_CLASS keyclass;
- CK_RSA_PKCS_PSS_PARAMS_PTR pssParms = NULL;
rc = object_mgr_find_in_map1(ctx->key, &key_obj);
if (rc != CKR_OK) {
diff --git a/usr/lib/pkcs11/common/obj_mgr.c b/usr/lib/pkcs11/common/obj_mgr.c
index c275225..80f5998 100755
--- a/usr/lib/pkcs11/common/obj_mgr.c
+++ b/usr/lib/pkcs11/common/obj_mgr.c
@@ -1247,7 +1247,6 @@ CK_RV
object_mgr_find_in_map_nocache( CK_OBJECT_HANDLE handle,
OBJECT ** ptr )
{
- DL_NODE * node = NULL;
OBJECT_MAP * map = NULL;
OBJECT * obj = NULL;
CK_RV rc = CKR_OK;
diff --git a/usr/lib/pkcs11/common/sess_mgr.c b/usr/lib/pkcs11/common/sess_mgr.c
index 31607df..32d1081 100755
--- a/usr/lib/pkcs11/common/sess_mgr.c
+++ b/usr/lib/pkcs11/common/sess_mgr.c
@@ -317,7 +317,6 @@
SESSION *
session_mgr_find( CK_SESSION_HANDLE handle )
{
- struct btnode *n;
SESSION * result = NULL;
CK_RV rc;
@@ -351,7 +350,6 @@ CK_RV
session_mgr_new( CK_ULONG flags, CK_SLOT_ID slot_id, CK_SESSION_HANDLE_PTR phSession )
{
SESSION * new_session = NULL;
- SESSION * s = NULL;
CK_BBOOL user_session = FALSE;
CK_BBOOL so_session = FALSE;
CK_BBOOL pkcs_locked = TRUE;
@@ -560,7 +558,6 @@ session_mgr_readonly_session_exists( void )
CK_RV
session_mgr_close_session( CK_SESSION_HANDLE handle )
{
- struct btnode *n;
SESSION *sess;
CK_RV rc = CKR_OK;
@@ -709,8 +706,6 @@ CK_RV
session_mgr_close_all_sessions( void )
{
CK_RV rc = CKR_OK;
- SESSION *sess;
- unsigned long i;
rc = MY_LockMutex( &sess_list_mutex );
if (rc != CKR_OK){
@@ -759,9 +754,6 @@ session_login(void *node_value, unsigned long node_idx, void *p3)
CK_RV
session_mgr_login_all( CK_USER_TYPE user_type )
{
- struct btnode *n;
- unsigned long i;
- SESSION *s;
CK_RV rc = CKR_OK;
rc = MY_LockMutex( &sess_list_mutex );
@@ -805,8 +797,6 @@ session_logout(void *node_value, unsigned long node_idx, void *p3)
CK_RV
session_mgr_logout_all( void )
{
- unsigned long i;
- SESSION * s = NULL;
CK_RV rc = CKR_OK;
rc = MY_LockMutex( &sess_list_mutex );
diff --git a/usr/lib/pkcs11/icsf_stdll/icsf.c b/usr/lib/pkcs11/icsf_stdll/icsf.c
index e7712e7..5ec344f 100644
--- a/usr/lib/pkcs11/icsf_stdll/icsf.c
+++ b/usr/lib/pkcs11/icsf_stdll/icsf.c
@@ -2615,7 +2615,6 @@ int icsf_hmac_verify(LDAP *ld, int *reason, struct icsf_object_record *key,
char rule_array[2 * ICSF_RULE_ITEM_LEN];
BerElement *msg = NULL;
BerElement *result = NULL;
- struct berval bvHmac = { 0UL, NULL };
struct berval bvChain = { 0UL, NULL };
const char *rule_alg;
@@ -3209,7 +3208,6 @@ icsf_derive_multple_keys(LDAP *ld, int *p_reason, CK_MECHANISM_PTR mech,
struct icsf_object_record *server_iv)
{
int rc = 0;
- int reason = 0;
const char *rule_alg;
char handle[ICSF_HANDLE_LEN];
char rule_array[ICSF_RULE_ITEM_LEN];
diff --git a/usr/lib/pkcs11/icsf_stdll/icsf_specific.c b/usr/lib/pkcs11/icsf_stdll/icsf_specific.c
index 1158eb5..5c92454 100644
--- a/usr/lib/pkcs11/icsf_stdll/icsf_specific.c
+++ b/usr/lib/pkcs11/icsf_stdll/icsf_specific.c
@@ -1045,7 +1045,6 @@ CK_RV icsftok_login(SESSION *sess, CK_USER_TYPE userType, CK_CHAR_PTR pPin,
char *ca_dir = NULL;
CK_SLOT_ID slot_id = sess->session_info.slotID;
struct session_state *session_state;
- int sessions_locked = 0;
LDAP *ld;
/* Check Slot ID */
diff --git a/usr/lib/pkcs11/icsf_stdll/new_host.c b/usr/lib/pkcs11/icsf_stdll/new_host.c
index dc9790a..bf492c8 100644
--- a/usr/lib/pkcs11/icsf_stdll/new_host.c
+++ b/usr/lib/pkcs11/icsf_stdll/new_host.c
@@ -378,7 +378,6 @@ CK_RV valid_mech(CK_MECHANISM_PTR m, CK_FLAGS f)
CK_RV ST_Initialize(void **FunctionList, CK_SLOT_ID SlotNumber, char *conf_name,
struct trace_handle_t t)
{
- int i;
CK_RV rc = CKR_OK;
if ((rc = check_user_and_group()) != CKR_OK)
@@ -1626,7 +1625,6 @@ CK_RV SC_EncryptUpdate(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pPart,
CK_ULONG_PTR pulEncryptedPartLen)
{
SESSION *sess = NULL;
- CK_BBOOL length_only = FALSE;
CK_RV rc = CKR_OK;
if (initialized == FALSE) {
@@ -1654,9 +1652,6 @@ CK_RV SC_EncryptUpdate(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pPart,
goto done;
}
- if (!pEncryptedPart)
- length_only = TRUE;
-
rc = icsftok_encrypt_update(sess, pPart, ulPartLen, pEncryptedPart,
pulEncryptedPartLen);
if (rc != CKR_OK)
@@ -1837,7 +1832,6 @@ CK_RV SC_DecryptUpdate(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pEncryptedPart,
CK_ULONG_PTR pulPartLen)
{
SESSION *sess = NULL;
- CK_BBOOL length_only = FALSE;
CK_RV rc = CKR_OK;
if (initialized == FALSE) {
@@ -1865,9 +1859,6 @@ CK_RV SC_DecryptUpdate(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pEncryptedPart,
goto done;
}
- if (!pPart)
- length_only = TRUE;
-
rc = icsftok_decrypt_update(sess, pEncryptedPart, ulEncryptedPartLen,
pPart, pulPartLen);
if (rc != CKR_OK)
@@ -2835,7 +2826,6 @@ CK_RV SC_WrapKey(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism,
CK_BYTE_PTR pWrappedKey, CK_ULONG_PTR pulWrappedKeyLen)
{
SESSION *sess = NULL;
- CK_BBOOL length_only = FALSE;
CK_RV rc = CKR_OK;
if (initialized == FALSE) {
@@ -2854,9 +2844,6 @@ CK_RV SC_WrapKey(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism,
if (rc != CKR_OK)
goto done;
- if (!pWrappedKey)
- length_only = TRUE;
-
sess = session_mgr_find(sSession->sessionh);
if (!sess) {
TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
diff --git a/usr/lib/pkcs11/icsf_stdll/pbkdf.c b/usr/lib/pkcs11/icsf_stdll/pbkdf.c
index 33d36c8..fbbcb39 100644
--- a/usr/lib/pkcs11/icsf_stdll/pbkdf.c
+++ b/usr/lib/pkcs11/icsf_stdll/pbkdf.c
@@ -545,7 +545,6 @@ pbkdf(CK_BYTE *password, CK_ULONG len, CK_BYTE *salt, CK_BYTE *dkey, CK_ULONG kl
unsigned char *result;
unsigned int r, num_of_blocks;
unsigned int count, hashlen;
- unsigned char *ret;
CK_ULONG rc = CKR_OK;
int i, j, k;
diff --git a/usr/sbin/pkcsicsf/pkcsicsf.c b/usr/sbin/pkcsicsf/pkcsicsf.c
index ec05edf..dd31bbe 100644
--- a/usr/sbin/pkcsicsf/pkcsicsf.c
+++ b/usr/sbin/pkcsicsf/pkcsicsf.c
@@ -476,7 +476,6 @@ main(int argc, char **argv)
{
char *racfpwd = NULL;
size_t racflen;
- unsigned char *ret;
char *tokenname = NULL;
int c;
int rc = 0;
@@ -488,7 +487,7 @@ main(int argc, char **argv)
flags |= CFG_ADD;
if ((tokenname = strdup(optarg)) == NULL) {
rc = -1;
- fprintf(stderr, "strdup failed: line %s\n",
+ fprintf(stderr, "strdup failed: line %d\n",
__LINE__);
goto cleanup;
}
@@ -500,34 +499,34 @@ main(int argc, char **argv)
flags |= CFG_BINDDN;
if ((binddn = strdup(optarg)) == NULL) {
rc = -1;
- fprintf(stderr, "strdup failed: line %s\n",
+ fprintf(stderr, "strdup failed: line %d\n",
__LINE__);
goto cleanup;
}
break;
case 'c':
- flags != CFG_CERT;
+ flags |= CFG_CERT;
if ((cert = strdup(optarg)) == NULL) {
rc = -1;
- fprintf(stderr, "strdup failed: line %s\n",
+ fprintf(stderr, "strdup failed: line %d\n",
__LINE__);
goto cleanup;
}
break;
case 'k':
- flags != CFG_PRIVKEY;
+ flags |= CFG_PRIVKEY;
if ((privkey = strdup(optarg)) == NULL) {
rc = -1;
- fprintf(stderr, "strdup failed: line %s\n",
+ fprintf(stderr, "strdup failed: line %d\n",
__LINE__);
goto cleanup;
}
break;
case 'C':
- flags != CFG_CACERT;
+ flags |= CFG_CACERT;
if ((cacert = strdup(optarg)) == NULL) {
rc = -1;
- fprintf(stderr, "strdup failed: line %s\n",
+ fprintf(stderr, "strdup failed: line %d\n",
__LINE__);
goto cleanup;
}
@@ -536,7 +535,7 @@ main(int argc, char **argv)
flags |= CFG_URI;
if ((uri = strdup(optarg)) == NULL) {
rc = -1;
- fprintf(stderr, "strdup failed: line %s\n",
+ fprintf(stderr, "strdup failed: line %d\n",
__LINE__);
goto cleanup;
}
@@ -545,7 +544,7 @@ main(int argc, char **argv)
flags |= CFG_MECH;
if ((mech = strdup(optarg)) == NULL) {
rc = -1;
- fprintf(stderr, "strdup failed: line %s\n",
+ fprintf(stderr, "strdup failed: line %d\n",
__LINE__);
goto cleanup;
}
@@ -686,7 +685,7 @@ cleanup:
if (uri)
free(uri);
if (mech)
- mech;
+ free(mech);
if (racfpwd)
free(racfpwd);
return rc;

View File

@ -2,8 +2,8 @@
Name: opencryptoki Name: opencryptoki
Summary: Implementation of the PKCS#11 (Cryptoki) specification v2.11 Summary: Implementation of the PKCS#11 (Cryptoki) specification v2.11
Version: 3.3 Version: 3.4
Release: 1%{?dist}.1 Release: 1%{?dist}
License: CPL License: CPL
Group: System Environment/Base Group: System Environment/Base
URL: http://sourceforge.net/projects/opencryptoki URL: http://sourceforge.net/projects/opencryptoki
@ -13,9 +13,9 @@ Source1: %{name}-tmpfiles.conf
Patch0: %{name}-2.4-group.patch Patch0: %{name}-2.4-group.patch
# do not install pkcsep11_migrate.1 and pkcscca.1 when it's not enabled # do not install pkcsep11_migrate.1 and pkcscca.1 when it's not enabled
Patch1: %{name}-3.2-conditional-manpages.patch Patch1: %{name}-3.2-conditional-manpages.patch
# Fix missing sources and libraries in makefiles causing undefined symbols (#1193560) # post-release compile warnings:
Patch2: %{name}-3.2-missing-sources-and-libraries.patch # http://sourceforge.net/p/opencryptoki/mailman/message/34625700/
Patch3: %{name}-3.3-unused.patch Patch2: %{name}-3.4-compile-warnings.patch
# Use --no-undefined to debug missing symbols # Use --no-undefined to debug missing symbols
#Patch100: %{name}-3.2-no-undefined.patch #Patch100: %{name}-3.2-no-undefined.patch
@ -185,8 +185,7 @@ configured with Enterprise PKCS#11 (EP11) firmware.
%setup -q -n %{name} %setup -q -n %{name}
%patch0 -p1 -b .group %patch0 -p1 -b .group
%patch1 -p1 -b .man %patch1 -p1 -b .man
%patch2 -p1 -b .source %patch2 -p1 -b .warnings
%patch3 -p1 -b .unused
#%patch100 -p1 -b .no-undefined #%patch100 -p1 -b .no-undefined
@ -353,6 +352,10 @@ exit 0
%changelog %changelog
* Wed Nov 18 2015 Jakub Jelen <jjelen@redhat.com> 3.4-1.1
- New upstream release
- Adding post-release patch fixing compile warnings
* Thu Aug 27 2015 Jakub Jelen <jjelen@redhat.com> 3.3-1.1 * Thu Aug 27 2015 Jakub Jelen <jjelen@redhat.com> 3.3-1.1
- New upstream release - New upstream release
- Correct dependencies for group creation - Correct dependencies for group creation

View File

@ -1 +1 @@
df6a738460ac6be657de72abf4fcf21c opencryptoki-v3.3.tgz c60ea121f529845d6c226fc095d0354d opencryptoki-v3.4.tgz