import opencryptoki-3.15.1-6.el8_4

2021-08-10 07:57:53 -04:00 · 2021-08-10 07:57:53 -04:00 · c18ba52ac6
parent 01d210de16
commit c18ba52ac6
2 changed files with 52 additions and 2 deletions
--- a/SOURCES/opencryptoki-3.15.1-soft_token_does_not_check_if_an_EC_key_is_valid.patch
+++ b/SOURCES/opencryptoki-3.15.1-soft_token_does_not_check_if_an_EC_key_is_valid.patch
@ -0,0 +1,47 @@
+diff -up opencryptoki-3.15.1/usr/lib/soft_stdll/soft_specific.c.me opencryptoki-3.15.1/usr/lib/soft_stdll/soft_specific.c
+--- opencryptoki-3.15.1/usr/lib/soft_stdll/soft_specific.c.me	2021-07-08 10:54:36.755203485 +0200
+++ opencryptoki-3.15.1/usr/lib/soft_stdll/soft_specific.c	2021-07-08 10:57:53.243067358 +0200
+@@ -4207,6 +4207,12 @@ static CK_RV fill_ec_key_from_pubkey(EC_
+         goto out;
+     }
+ 
+    if (!EC_KEY_check_key(ec_key)) {
+        TRACE_ERROR("EC_KEY_check_key failed\n");
+        rc = CKR_PUBLIC_KEY_INVALID;
+        goto out;
+    }
+
+ out:
+     if (temp != NULL)
+         free(temp);
+@@ -4245,6 +4251,12 @@ static CK_RV fill_ec_key_from_privkey(EC
+         rc = CKR_FUNCTION_FAILED;
+         goto out;
+     }
+
+    if (!EC_KEY_check_key(ec_key)) {
+        TRACE_ERROR("EC_KEY_check_key failed\n");
+        rc = CKR_FUNCTION_FAILED;
+        goto out;
+    }
+ 
+ out:
+     if (point != NULL)
+diff -up opencryptoki-3.15.1/usr/include/pkcs11types.h.me opencryptoki-3.15.1/usr/include/pkcs11types.h
+--- opencryptoki-3.15.1/usr/include/pkcs11types.h.me	2021-07-08 11:23:47.147107638 +0200
+++ opencryptoki-3.15.1/usr/include/pkcs11types.h	2021-07-08 11:25:19.829674408 +0200
+@@ -1092,6 +1092,14 @@ typedef CK_ULONG CK_RV;
+ #define CKR_MUTEX_BAD                         0x000001A0
+ #define CKR_MUTEX_NOT_LOCKED                  0x000001A1
+ 
+#define CKR_NEW_PIN_MODE                      0x000001B0
+#define CKR_NEXT_OTP                          0x000001B1
+#define CKR_EXCEEDED_MAX_ITERATIONS           0x000001B5
+#define CKR_FIPS_SELF_TEST_FAILED             0x000001B6
+#define CKR_LIBRARY_LOAD_FAILED               0x000001B7
+#define CKR_PIN_TOO_WEAK                      0x000001B8
+#define CKR_PUBLIC_KEY_INVALID                0x000001B9
+
+ /* CKR_FUNCTION_REJECTED is new for v2.20 */
+ #define CKR_FUNCTION_REJECTED                 0x00000200
+ 
--- a/SPECS/opencryptoki.spec
+++ b/SPECS/opencryptoki.spec
@ -1,7 +1,7 @@
 Name:			opencryptoki
 Summary:		Implementation of the PKCS#11 (Cryptoki) specification v2.11
 Version:		3.15.1
-Release:		5%{?dist}
+Release:		6%{?dist}
 License:		CPL
 Group:			System Environment/Base
 URL:			https://github.com/opencryptoki/opencryptoki
@ -20,7 +20,7 @@ Patch3:			opencryptoki-3.15.1-fix_compiling_with_c++.patch
 Patch4:			opencryptoki-3.15.1-f1f176cbb4183bcb8a0f7b4d7f649d84a731dd43.patch
 # https://github.com/opencryptoki/opencryptoki/commit/1e98001ff63cd7e75d95b4ea0d3d2a69965d8890
 Patch5:			opencryptoki-3.15.1-1e98001ff63cd7e75d95b4ea0d3d2a69965d8890.patch
-
+Patch6:			opencryptoki-3.15.1-soft_token_does_not_check_if_an_EC_key_is_valid.patch
 Requires(pre):		coreutils
 BuildRequires:		gcc
 BuildRequires:		openssl-devel
@ -346,6 +346,9 @@ fi


 %changelog
+* Thu Jul 08 2021 Than Ngo <than@redhat.com> - 3.15.1-6
+- Resolves: #1979173, Soft token does not check if an EC key is valid
+
 * Fri Feb 12 2021 Than Ngo <than@redhat.com> - 3.15.1-5
 - Resolves: #1928120, Fix problem with C_Get/SetOperationState and digest contexts