import opencryptoki-3.15.1-6.el8_4

This commit is contained in:
CentOS Sources 2021-08-10 07:57:53 -04:00 committed by Andrew Lukoshko
parent 01d210de16
commit c18ba52ac6
2 changed files with 52 additions and 2 deletions

View File

@ -0,0 +1,47 @@
diff -up opencryptoki-3.15.1/usr/lib/soft_stdll/soft_specific.c.me opencryptoki-3.15.1/usr/lib/soft_stdll/soft_specific.c
--- opencryptoki-3.15.1/usr/lib/soft_stdll/soft_specific.c.me 2021-07-08 10:54:36.755203485 +0200
+++ opencryptoki-3.15.1/usr/lib/soft_stdll/soft_specific.c 2021-07-08 10:57:53.243067358 +0200
@@ -4207,6 +4207,12 @@ static CK_RV fill_ec_key_from_pubkey(EC_
goto out;
}
+ if (!EC_KEY_check_key(ec_key)) {
+ TRACE_ERROR("EC_KEY_check_key failed\n");
+ rc = CKR_PUBLIC_KEY_INVALID;
+ goto out;
+ }
+
out:
if (temp != NULL)
free(temp);
@@ -4245,6 +4251,12 @@ static CK_RV fill_ec_key_from_privkey(EC
rc = CKR_FUNCTION_FAILED;
goto out;
}
+
+ if (!EC_KEY_check_key(ec_key)) {
+ TRACE_ERROR("EC_KEY_check_key failed\n");
+ rc = CKR_FUNCTION_FAILED;
+ goto out;
+ }
out:
if (point != NULL)
diff -up opencryptoki-3.15.1/usr/include/pkcs11types.h.me opencryptoki-3.15.1/usr/include/pkcs11types.h
--- opencryptoki-3.15.1/usr/include/pkcs11types.h.me 2021-07-08 11:23:47.147107638 +0200
+++ opencryptoki-3.15.1/usr/include/pkcs11types.h 2021-07-08 11:25:19.829674408 +0200
@@ -1092,6 +1092,14 @@ typedef CK_ULONG CK_RV;
#define CKR_MUTEX_BAD 0x000001A0
#define CKR_MUTEX_NOT_LOCKED 0x000001A1
+#define CKR_NEW_PIN_MODE 0x000001B0
+#define CKR_NEXT_OTP 0x000001B1
+#define CKR_EXCEEDED_MAX_ITERATIONS 0x000001B5
+#define CKR_FIPS_SELF_TEST_FAILED 0x000001B6
+#define CKR_LIBRARY_LOAD_FAILED 0x000001B7
+#define CKR_PIN_TOO_WEAK 0x000001B8
+#define CKR_PUBLIC_KEY_INVALID 0x000001B9
+
/* CKR_FUNCTION_REJECTED is new for v2.20 */
#define CKR_FUNCTION_REJECTED 0x00000200

View File

@ -1,7 +1,7 @@
Name: opencryptoki
Summary: Implementation of the PKCS#11 (Cryptoki) specification v2.11
Version: 3.15.1
Release: 5%{?dist}
Release: 6%{?dist}
License: CPL
Group: System Environment/Base
URL: https://github.com/opencryptoki/opencryptoki
@ -20,7 +20,7 @@ Patch3: opencryptoki-3.15.1-fix_compiling_with_c++.patch
Patch4: opencryptoki-3.15.1-f1f176cbb4183bcb8a0f7b4d7f649d84a731dd43.patch
# https://github.com/opencryptoki/opencryptoki/commit/1e98001ff63cd7e75d95b4ea0d3d2a69965d8890
Patch5: opencryptoki-3.15.1-1e98001ff63cd7e75d95b4ea0d3d2a69965d8890.patch
Patch6: opencryptoki-3.15.1-soft_token_does_not_check_if_an_EC_key_is_valid.patch
Requires(pre): coreutils
BuildRequires: gcc
BuildRequires: openssl-devel
@ -346,6 +346,9 @@ fi
%changelog
* Thu Jul 08 2021 Than Ngo <than@redhat.com> - 3.15.1-6
- Resolves: #1979173, Soft token does not check if an EC key is valid
* Fri Feb 12 2021 Than Ngo <than@redhat.com> - 3.15.1-5
- Resolves: #1928120, Fix problem with C_Get/SetOperationState and digest contexts