rpms/opencryptoki
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import opencryptoki-3.14.0-3.el8

Browse Source
This commit is contained in:
CentOS Sources 2020-07-28 09:28:53 -04:00 committed by Stepan Oksanichenko
parent e18639b592
commit a92f62a7f6
7 changed files with 3687 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/opencryptoki-3.12.1.tar.gz
SOURCES/opencryptoki-3.14.0.tar.gz

2
.opencryptoki.metadata
View File

@ -1 +1 @@
8cb8804fe7bbd306d16ca714f62c54927fc3c3d8 SOURCES/opencryptoki-3.12.1.tar.gz
9ddd1bbe34992707b20b314645fd92d35cb298ef SOURCES/opencryptoki-3.14.0.tar.gz

3575
SOURCES/opencryptoki-3.14.0-cd40f4b7cb1b502ca754b9bfb307d934285709a9-PIN-conversion-tool.patch Normal file
View File

File diff suppressed because it is too large Load Diff

63
SOURCES/opencryptoki-3.14.0-crash-in-c_setpin.patch Normal file
View File

@ -0,0 +1,63 @@
diff -up opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_openssl.c.me opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_openssl.c
--- opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_openssl.c.me 2020-05-26 08:51:32.714189399 -0400
+++ opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_openssl.c 2020-05-26 08:52:16.429412060 -0400
@@ -57,7 +57,7 @@ void openssl_print_errors()
}
#endif
-RSA *openssl_gen_key()
+RSA *openssl_gen_key(STDLL_TokData_t *tokdata)
{
RSA *rsa;
int rc, counter = 0;
@@ -66,7 +66,7 @@ RSA *openssl_gen_key()
BIGNUM *bne;
#endif
- token_specific_rng(NULL, (CK_BYTE *) buf, 32);
+ token_specific_rng(tokdata, (CK_BYTE *) buf, 32);
RAND_seed(buf, 32);
regen_rsa_key:
diff -up opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_specific.c.me opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_specific.c
--- opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_specific.c.me 2020-05-26 08:52:26.351235628 -0400
+++ opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_specific.c 2020-05-26 08:53:15.928354051 -0400
@@ -159,8 +159,6 @@ CK_RV token_specific_rng(STDLL_TokData_t
TSS_HTPM hTPM;
BYTE *random_bytes = NULL;
- UNUSED(tokdata);
-
rc = Tspi_Context_GetTpmObject(tpm_data->tspContext, &hTPM);
if (rc) {
TRACE_ERROR("Tspi_Context_GetTpmObject: %x\n", rc);
@@ -1389,7 +1387,7 @@ CK_RV token_create_private_tree(STDLL_To
unsigned char n[256], p[256];
/* all sw generated keys are 2048 bits */
- if ((rsa = openssl_gen_key()) == NULL)
+ if ((rsa = openssl_gen_key(tokdata)) == NULL)
return CKR_HOST_MEMORY;
if (openssl_get_modulus_and_prime(rsa, &size_n, n, &size_p, p) != 0) {
@@ -1467,7 +1465,7 @@ CK_RV token_create_public_tree(STDLL_Tok
unsigned char n[256], p[256];
/* all sw generated keys are 2048 bits */
- if ((rsa = openssl_gen_key()) == NULL)
+ if ((rsa = openssl_gen_key(tokdata)) == NULL)
return CKR_HOST_MEMORY;
if (openssl_get_modulus_and_prime(rsa, &size_n, n, &size_p, p) != 0) {
diff -up opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_specific.h.me opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_specific.h
--- opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_specific.h.me 2020-05-26 08:53:20.281276648 -0400
+++ opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_specific.h 2020-05-26 08:54:08.356421779 -0400
@@ -56,7 +56,7 @@
/* retry count for generating software RSA keys */
#define KEYGEN_RETRY 5
-RSA *openssl_gen_key();
+RSA *openssl_gen_key(STDLL_TokData_t *);
int openssl_write_key(STDLL_TokData_t *, RSA *, char *, CK_BYTE *);
CK_RV openssl_read_key(STDLL_TokData_t *, char *, CK_BYTE *, RSA **);
int openssl_get_modulus_and_prime(RSA *, unsigned int *, unsigned char *,

22
SOURCES/opencryptoki-3.14.0-missing-p11sak-tool-a94436937b6364c53219fb3c7922439f403e8d5e.patch Normal file
View File

@ -0,0 +1,22 @@
commit a94436937b6364c53219fb3c7922439f403e8d5e
Author: Harald Freudenberger <freude@linux.ibm.com>
Date: Wed May 27 07:30:33 2020 +0200
Fix missing entries for p11sak tool in template spec file
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
diff --git a/rpm/opencryptoki.spec b/rpm/opencryptoki.spec
index fa4b9899..ae563406 100644
--- a/rpm/opencryptoki.spec
+++ b/rpm/opencryptoki.spec
@@ -238,7 +238,9 @@ exit 0
%{_unitdir}/pkcsslotd.service
%{_sbindir}/pkcsconf
%{_sbindir}/pkcsslotd
+%{_sbindir}/p11sak
%{_mandir}/man1/pkcsconf.1*
+%{_mandir}/man1/p11sak.1*
%{_mandir}/man5/%{name}.conf.5*
%{_mandir}/man7/%{name}.7*
%{_mandir}/man8/pkcsslotd.8*

33
SOURCES/opencryptoki-50a8a8806059647a3e446fd129995af61ec54867.patch
View File

@ -1,33 +0,0 @@
commit 50a8a8806059647a3e446fd129995af61ec54867
Author: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Tue Dec 3 14:58:26 2019 +0100
EP11: Fix EC-uncompress buffer length
Function ec_uncompress_public_key() expects the size of the output
buffer in out_pubkey to be specified in the out_len parameter.
However, variable pubkey_len is uninitialized when calling
ec_uncompress_public_key(), so this may result in CKR_BUFFER_TOO_SMALL
dependent on the value of pubkey_len.
Fix this by setting pubkey_len to the size of the public key buffer
allocated above.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
diff --git a/usr/lib/ep11_stdll/ep11_specific.c b/usr/lib/ep11_stdll/ep11_specific.c
index 38b6708f..10dfe4e0 100644
--- a/usr/lib/ep11_stdll/ep11_specific.c
+++ b/usr/lib/ep11_stdll/ep11_specific.c
@@ -2034,9 +2034,10 @@ static CK_RV import_EC_key(STDLL_TokData_t * tokdata, SESSION * sess,
rc = get_ecsiglen(ec_key_obj, &privkey_len);
if (rc != CKR_OK)
goto import_EC_key_end;
- privkey_len /= 2; /* Public key is half the size of an EC signature */
+ privkey_len /= 2; /* private key is half the size of an EC signature */
- pubkey = (CK_BYTE *)malloc(1 + 2 * privkey_len);
+ pubkey_len = 1 + 2 * privkey_len;
+ pubkey = (CK_BYTE *)malloc(pubkey_len);
if (pubkey == NULL) {
rc = CKR_HOST_MEMORY;
goto import_EC_key_end;

28
SPECS/opencryptoki.spec
View File

@ -1,7 +1,7 @@
Name: opencryptoki
Summary: Implementation of the PKCS#11 (Cryptoki) specification v2.11
Version: 3.12.1
Release: 2%{?dist}
Version: 3.14.0
Release: 3%{?dist}
License: CPL
Group: System Environment/Base
URL: https://github.com/opencryptoki/opencryptoki
@ -10,7 +10,12 @@ Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{
Patch0: opencryptoki-3.11.0-group.patch
# bz#1373833, change tmpfiles snippets from /var/lock/* to /run/lock/*
Patch1: opencryptoki-3.11.0-lockdir.patch
Patch2: opencryptoki-50a8a8806059647a3e446fd129995af61ec54867.patch
# bz#1780293, fix regression, segfault in C_SetPin
Patch2: opencryptoki-3.14.0-crash-in-c_setpin.patch
# Fix missing entries for p11sak tool in template spec file
Patch3: opencryptoki-3.14.0-missing-p11sak-tool-a94436937b6364c53219fb3c7922439f403e8d5e.patch
# bz#1780294, PIN conversion tool
Patch4: opencryptoki-3.14.0-cd40f4b7cb1b502ca754b9bfb307d934285709a9-PIN-conversion-tool.patch
Requires(pre): coreutils
BuildRequires: gcc
BuildRequires: openssl-devel
@ -244,8 +249,12 @@ fi
%config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
%{_tmpfilesdir}/%{name}.conf
%{_unitdir}/pkcsslotd.service
%{_sbindir}/p11sak
%{_sbindir}/pkcstok_migrate
%{_sbindir}/pkcsconf
%{_sbindir}/pkcsslotd
%{_mandir}/man1/p11sak.1*
%{_mandir}/man1/pkcstok_migrate.1*
%{_mandir}/man1/pkcsconf.1*
%{_mandir}/man5/%{name}.conf.5*
%{_mandir}/man7/%{name}.7*
@ -327,6 +336,19 @@ fi
%changelog
* Mon Jun 15 2020 Than Ngo <than@redhat.com> - 3.14.0-3
- Resolves: #1780294, PIN conversion tool
* Tue May 26 2020 Than Ngo <than@redhat.com> - 3.14.0-2
- Related: #1780293, fix regression, segfault in C_SetPin
* Tue May 19 2020 Than Ngo <than@redhat.com> - 3.14.0-1
- Resolves: #1723863 - ep11 token: Enhanced Support
- Resolves: #1780285 - ep11 token: Support for new IBM Z hardware z15
- Resolves: #1780293 - rebase to 3.14.0
- Resolves: #1800549 - key management tool: list keys function
-Resolves: #1800555 - key management tool: random key generation function
* Fri Dec 13 2019 Than Ngo <than@redhat.com> - 3.12.1-2
- Resolves: #1782445, EP11: Fix EC-uncompress buffer length