fix regression, segfault in C_SetPin

opencryptoki-3.14.0-crash-in-c_setpin.patch

@@ -0,0 +1,63 @@
+diff -up opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_openssl.c.me opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_openssl.c
+--- opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_openssl.c.me	2020-05-26 08:51:32.714189399 -0400
++++ opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_openssl.c	2020-05-26 08:52:16.429412060 -0400
+@@ -57,7 +57,7 @@ void openssl_print_errors()
+ }
+ #endif
+ 
+-RSA *openssl_gen_key()
++RSA *openssl_gen_key(STDLL_TokData_t *tokdata)
+ {
+     RSA *rsa;
+     int rc, counter = 0;
+@@ -66,7 +66,7 @@ RSA *openssl_gen_key()
+     BIGNUM *bne;
+ #endif
+ 
+-    token_specific_rng(NULL, (CK_BYTE *) buf, 32);
++    token_specific_rng(tokdata, (CK_BYTE *) buf, 32);
+     RAND_seed(buf, 32);
+ 
+ regen_rsa_key:
+diff -up opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_specific.c.me opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_specific.c
+--- opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_specific.c.me	2020-05-26 08:52:26.351235628 -0400
++++ opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_specific.c	2020-05-26 08:53:15.928354051 -0400
+@@ -159,8 +159,6 @@ CK_RV token_specific_rng(STDLL_TokData_t
+     TSS_HTPM hTPM;
+     BYTE *random_bytes = NULL;
+ 
+-    UNUSED(tokdata);
+-
+     rc = Tspi_Context_GetTpmObject(tpm_data->tspContext, &hTPM);
+     if (rc) {
+         TRACE_ERROR("Tspi_Context_GetTpmObject: %x\n", rc);
+@@ -1389,7 +1387,7 @@ CK_RV token_create_private_tree(STDLL_To
+     unsigned char n[256], p[256];
+ 
+     /* all sw generated keys are 2048 bits */
+-    if ((rsa = openssl_gen_key()) == NULL)
++    if ((rsa = openssl_gen_key(tokdata)) == NULL)
+         return CKR_HOST_MEMORY;
+ 
+     if (openssl_get_modulus_and_prime(rsa, &size_n, n, &size_p, p) != 0) {
+@@ -1467,7 +1465,7 @@ CK_RV token_create_public_tree(STDLL_Tok
+     unsigned char n[256], p[256];
+ 
+     /* all sw generated keys are 2048 bits */
+-    if ((rsa = openssl_gen_key()) == NULL)
++    if ((rsa = openssl_gen_key(tokdata)) == NULL)
+         return CKR_HOST_MEMORY;
+ 
+     if (openssl_get_modulus_and_prime(rsa, &size_n, n, &size_p, p) != 0) {
+diff -up opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_specific.h.me opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_specific.h
+--- opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_specific.h.me	2020-05-26 08:53:20.281276648 -0400
++++ opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_specific.h	2020-05-26 08:54:08.356421779 -0400
+@@ -56,7 +56,7 @@
+ /* retry count for generating software RSA keys */
+ #define KEYGEN_RETRY    5
+ 
+-RSA *openssl_gen_key();
++RSA *openssl_gen_key(STDLL_TokData_t *);
+ int openssl_write_key(STDLL_TokData_t *, RSA *, char *, CK_BYTE *);
+ CK_RV openssl_read_key(STDLL_TokData_t *, char *, CK_BYTE *, RSA **);
+ int openssl_get_modulus_and_prime(RSA *, unsigned int *, unsigned char *,

opencryptoki.spec

@@ -1,7 +1,7 @@
 Name:			opencryptoki
 Summary:		Implementation of the PKCS#11 (Cryptoki) specification v2.11
 Version:		3.14.0
-Release:		1%{?dist}
+Release:		2%{?dist}
 License:		CPL
 URL:			https://github.com/opencryptoki/opencryptoki
 Source0:		https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
@@ -12,6 +12,9 @@ Patch0:			opencryptoki-3.11.0-group.patch
 # bz#1373833, change tmpfiles snippets from /var/lock/* to /run/lock/*
 Patch1:			opencryptoki-3.11.0-lockdir.patch
 
+# upstream fix, regression - segfault in C_SetPin
+Patch2:			opencryptoki-3.14.0-crash-in-c_setpin.patch
+
 # Use --no-undefined to debug missing symbols
 #Patch100:			%%{name}-3.2-no-undefined.patch
 
@@ -307,6 +310,9 @@ fi
 
 
 %changelog
+* Wed May 27 2020 Than Ngo <than@redhat.com> - 3.14.0-2
+- fix regression, segfault in C_SetPin
+
 * Fri May 15 2020 Dan Horák <dan[at]danny.cz> - 3.14.0-1
 - Rebase to 3.14.0