Related: #2044179, do not touch opencryptoki.conf if it is in place already and even if it is unchanged

This commit is contained in:
Than Ngo 2022-08-01 14:53:46 +02:00
parent fa1dd0625f
commit a7bba15de6
2 changed files with 54 additions and 2 deletions

View File

@ -0,0 +1,32 @@
commit b545050b338e46c29936a2748aab7200e69a5c91
Author: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Tue Jul 26 15:11:06 2022 +0200
EP11: Fix C_GetMechanismList returning CKR_BUFFER_TOO_SMALL
For mixed card levels, the size query call and the call to obtain the
list may run on different cards. When the size query call runs on a
card with less mechanisms than the second call, will fail, but it
returns the larger larger number of mechanisms.
The code already re-allocates the buffer for retrieving the mechanism
list, but does not return the larger number in pulCount. This will
lead to a CKR_BUFFER_TOO_SMALL when the application calls C_GetMechanismList
again to obtain the list of mechanisms, because the applications buffer
is too small.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
diff --git a/usr/lib/ep11_stdll/ep11_specific.c b/usr/lib/ep11_stdll/ep11_specific.c
index 8d796452..1629e664 100644
--- a/usr/lib/ep11_stdll/ep11_specific.c
+++ b/usr/lib/ep11_stdll/ep11_specific.c
@@ -8977,6 +8977,8 @@ CK_RV ep11tok_get_mechanism_list(STDLL_TokData_t * tokdata,
if (rc != CKR_BUFFER_TOO_SMALL)
goto out;
}
+ /* counter was updated in case of CKR_BUFFER_TOO_SMALL */
+ *pulCount = counter;
} while (rc == CKR_BUFFER_TOO_SMALL);
for (i = 0; i < counter; i++) {

View File

@ -1,7 +1,7 @@
Name: opencryptoki
Summary: Implementation of the PKCS#11 (Cryptoki) specification v3.0
Version: 3.18.0
Release: 3%{?dist}
Release: 4%{?dist}
License: CPL
URL: https://github.com/opencryptoki/opencryptoki
Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
@ -13,8 +13,9 @@ Patch1: opencryptoki-3.11.0-lockdir.patch
Patch2: opencryptoki-3.18.0-p11sak.patch
# upstream patches
Patch100: opencryptoki-3.18.0-fix-json-output.patch
Patch101: opencryptoki-3.18.0-returning_CKR_BUFFER_TOO_SMALL.patch
Requires(pre): coreutils
Requires(pre): coreutils diffutils
Requires: (selinux-policy >= 34.1.8-1 if selinux-policy-targeted)
BuildRequires: gcc
BuildRequires: gcc-c++
@ -200,12 +201,28 @@ configured with Enterprise PKCS#11 (EP11) firmware.
%install
%make_install CHGRP=/bin/true
%pre
# don't touch opencryptoki.conf even if it is unchanged due to new tokversion
# backup config file
%global cfile /etc/opencryptoki/opencryptoki.conf
%global csuffix .rpmsave.XyoP
if test $1 -gt 1 && test -f %{cfile} ; then
cp -p %{cfile} %{cfile}%{csuffix}
fi
%pre libs
getent group pkcs11 >/dev/null || groupadd -r pkcs11
exit 0
%post
# restore the config file from %pre
if test $1 -gt 1 && test -f %{cfile} ; then
if ( ! cmp -s %{cfile} %{cfile}%{csuffix} ) ; then
cp -p %{cfile} %{cfile}.rpmnew
fi
cp -p %{cfile}%{csuffix} %{cfile} && rm -f %{cfile}%{csuffix}
fi
%systemd_post pkcsslotd.service
if test $1 -eq 1; then
%tmpfiles_create %{name}.conf
@ -323,6 +340,9 @@ fi
%changelog
* Fri Jul 29 2022 Than Ngo <than@redhat.com> - 3.18.0-4
- Related: #2044179, do not touch opencryptoki.conf if it is in place already and even if it is unchanged
* Tue Jun 07 2022 Than Ngo <than@redhat.com> - 3.18.0-3
- Related: #2044179, fix json output