diff --git a/opencryptoki-3.14.0-crash-in-c_setpin.patch b/opencryptoki-3.14.0-crash-in-c_setpin.patch new file mode 100644 index 0000000..0ea8ccd --- /dev/null +++ b/opencryptoki-3.14.0-crash-in-c_setpin.patch @@ -0,0 +1,63 @@ +diff -up opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_openssl.c.me opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_openssl.c +--- opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_openssl.c.me 2020-05-26 08:51:32.714189399 -0400 ++++ opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_openssl.c 2020-05-26 08:52:16.429412060 -0400 +@@ -57,7 +57,7 @@ void openssl_print_errors() + } + #endif + +-RSA *openssl_gen_key() ++RSA *openssl_gen_key(STDLL_TokData_t *tokdata) + { + RSA *rsa; + int rc, counter = 0; +@@ -66,7 +66,7 @@ RSA *openssl_gen_key() + BIGNUM *bne; + #endif + +- token_specific_rng(NULL, (CK_BYTE *) buf, 32); ++ token_specific_rng(tokdata, (CK_BYTE *) buf, 32); + RAND_seed(buf, 32); + + regen_rsa_key: +diff -up opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_specific.c.me opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_specific.c +--- opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_specific.c.me 2020-05-26 08:52:26.351235628 -0400 ++++ opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_specific.c 2020-05-26 08:53:15.928354051 -0400 +@@ -159,8 +159,6 @@ CK_RV token_specific_rng(STDLL_TokData_t + TSS_HTPM hTPM; + BYTE *random_bytes = NULL; + +- UNUSED(tokdata); +- + rc = Tspi_Context_GetTpmObject(tpm_data->tspContext, &hTPM); + if (rc) { + TRACE_ERROR("Tspi_Context_GetTpmObject: %x\n", rc); +@@ -1389,7 +1387,7 @@ CK_RV token_create_private_tree(STDLL_To + unsigned char n[256], p[256]; + + /* all sw generated keys are 2048 bits */ +- if ((rsa = openssl_gen_key()) == NULL) ++ if ((rsa = openssl_gen_key(tokdata)) == NULL) + return CKR_HOST_MEMORY; + + if (openssl_get_modulus_and_prime(rsa, &size_n, n, &size_p, p) != 0) { +@@ -1467,7 +1465,7 @@ CK_RV token_create_public_tree(STDLL_Tok + unsigned char n[256], p[256]; + + /* all sw generated keys are 2048 bits */ +- if ((rsa = openssl_gen_key()) == NULL) ++ if ((rsa = openssl_gen_key(tokdata)) == NULL) + return CKR_HOST_MEMORY; + + if (openssl_get_modulus_and_prime(rsa, &size_n, n, &size_p, p) != 0) { +diff -up opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_specific.h.me opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_specific.h +--- opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_specific.h.me 2020-05-26 08:53:20.281276648 -0400 ++++ opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_specific.h 2020-05-26 08:54:08.356421779 -0400 +@@ -56,7 +56,7 @@ + /* retry count for generating software RSA keys */ + #define KEYGEN_RETRY 5 + +-RSA *openssl_gen_key(); ++RSA *openssl_gen_key(STDLL_TokData_t *); + int openssl_write_key(STDLL_TokData_t *, RSA *, char *, CK_BYTE *); + CK_RV openssl_read_key(STDLL_TokData_t *, char *, CK_BYTE *, RSA **); + int openssl_get_modulus_and_prime(RSA *, unsigned int *, unsigned char *, diff --git a/opencryptoki.spec b/opencryptoki.spec index 453c397..0f8f5ed 100644 --- a/opencryptoki.spec +++ b/opencryptoki.spec @@ -1,7 +1,7 @@ Name: opencryptoki Summary: Implementation of the PKCS#11 (Cryptoki) specification v2.11 Version: 3.14.0 -Release: 1%{?dist} +Release: 2%{?dist} License: CPL URL: https://github.com/opencryptoki/opencryptoki Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz @@ -12,6 +12,9 @@ Patch0: opencryptoki-3.11.0-group.patch # bz#1373833, change tmpfiles snippets from /var/lock/* to /run/lock/* Patch1: opencryptoki-3.11.0-lockdir.patch +# upstream fix, regression - segfault in C_SetPin +Patch2: opencryptoki-3.14.0-crash-in-c_setpin.patch + # Use --no-undefined to debug missing symbols #Patch100: %%{name}-3.2-no-undefined.patch @@ -307,6 +310,9 @@ fi %changelog +* Wed May 27 2020 Than Ngo - 3.14.0-2 +- fix regression, segfault in C_SetPin + * Fri May 15 2020 Dan HorĂ¡k - 3.14.0-1 - Rebase to 3.14.0