From df75c2c4bc0905bd17961d158c758fc82239774a Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Wed, 9 Nov 2022 04:14:27 +0000 Subject: [PATCH] import opencryptoki-3.19.0-1.el8 --- .gitignore | 2 +- .opencryptoki.metadata | 2 +- .../opencryptoki-3.18.0-fix-json-output.patch | 47 ----------------- ....18.0-returning_CKR_BUFFER_TOO_SMALL.patch | 32 ------------ .../opencryptoki-3.19.0-fix-memory-leak.patch | 51 +++++++++++++++++++ SPECS/opencryptoki.spec | 16 ++++-- 6 files changed, 65 insertions(+), 85 deletions(-) delete mode 100644 SOURCES/opencryptoki-3.18.0-fix-json-output.patch delete mode 100644 SOURCES/opencryptoki-3.18.0-returning_CKR_BUFFER_TOO_SMALL.patch create mode 100644 SOURCES/opencryptoki-3.19.0-fix-memory-leak.patch diff --git a/.gitignore b/.gitignore index e06708c..cda75d0 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/opencryptoki-3.18.0.tar.gz +SOURCES/opencryptoki-3.19.0.tar.gz diff --git a/.opencryptoki.metadata b/.opencryptoki.metadata index 7ff8bfe..3db97e4 100644 --- a/.opencryptoki.metadata +++ b/.opencryptoki.metadata @@ -1 +1 @@ -257eb4d5458c52bf7c1634fea155bf217d561bd4 SOURCES/opencryptoki-3.18.0.tar.gz +39acf63d03978b2827340394fe6f732a6f0c0526 SOURCES/opencryptoki-3.19.0.tar.gz diff --git a/SOURCES/opencryptoki-3.18.0-fix-json-output.patch b/SOURCES/opencryptoki-3.18.0-fix-json-output.patch deleted file mode 100644 index baa6ff7..0000000 --- a/SOURCES/opencryptoki-3.18.0-fix-json-output.patch +++ /dev/null @@ -1,47 +0,0 @@ -commit 1600eebb422ae2a733de3a0bd47464620e39ab0d -Author: Ingo Franzki -Date: Tue Jun 7 08:58:16 2022 +0200 - - pkcsstats: Fix JSON output in case of errors - - Produce correct JSON output, even if an error occurs during obtaining - of the statistics for a user. - - Signed-off-by: Ingo Franzki - -diff --git a/usr/sbin/pkcsstats/pkcsstats.c b/usr/sbin/pkcsstats/pkcsstats.c -index 8eb049dd..65d4833f 100644 ---- a/usr/sbin/pkcsstats/pkcsstats.c -+++ b/usr/sbin/pkcsstats/pkcsstats.c -@@ -789,7 +789,7 @@ int main(int argc, char **argv) - bool reset = false, reset_all = false; - bool delete = false, delete_all = false; - bool slot_id_specified = false; -- bool json = false; -+ bool json = false, json_started = false; - CK_SLOT_ID slot_id = 0; - void *dll = NULL; - CK_FUNCTION_LIST *func_list = NULL; -@@ -949,8 +949,11 @@ int main(int argc, char **argv) - goto done; - } - -- if (json && print_json_start() != 0) -- goto done; -+ if (json) { -+ if (print_json_start() != 0) -+ goto done; -+ json_started = true; -+ } - - dd.func_list = func_list; - dd.num_slots = num_slots; -@@ -972,7 +975,7 @@ int main(int argc, char **argv) - } - - done: -- if (rc == 0 && json) -+ if (json && json_started) - printf("\n\t]\n}\n"); - - if (slots != NULL) diff --git a/SOURCES/opencryptoki-3.18.0-returning_CKR_BUFFER_TOO_SMALL.patch b/SOURCES/opencryptoki-3.18.0-returning_CKR_BUFFER_TOO_SMALL.patch deleted file mode 100644 index 9dbbb74..0000000 --- a/SOURCES/opencryptoki-3.18.0-returning_CKR_BUFFER_TOO_SMALL.patch +++ /dev/null @@ -1,32 +0,0 @@ -commit b545050b338e46c29936a2748aab7200e69a5c91 -Author: Ingo Franzki -Date: Tue Jul 26 15:11:06 2022 +0200 - - EP11: Fix C_GetMechanismList returning CKR_BUFFER_TOO_SMALL - - For mixed card levels, the size query call and the call to obtain the - list may run on different cards. When the size query call runs on a - card with less mechanisms than the second call, will fail, but it - returns the larger larger number of mechanisms. - - The code already re-allocates the buffer for retrieving the mechanism - list, but does not return the larger number in pulCount. This will - lead to a CKR_BUFFER_TOO_SMALL when the application calls C_GetMechanismList - again to obtain the list of mechanisms, because the applications buffer - is too small. - - Signed-off-by: Ingo Franzki - -diff --git a/usr/lib/ep11_stdll/ep11_specific.c b/usr/lib/ep11_stdll/ep11_specific.c -index 8d796452..1629e664 100644 ---- a/usr/lib/ep11_stdll/ep11_specific.c -+++ b/usr/lib/ep11_stdll/ep11_specific.c -@@ -8977,6 +8977,8 @@ CK_RV ep11tok_get_mechanism_list(STDLL_TokData_t * tokdata, - if (rc != CKR_BUFFER_TOO_SMALL) - goto out; - } -+ /* counter was updated in case of CKR_BUFFER_TOO_SMALL */ -+ *pulCount = counter; - } while (rc == CKR_BUFFER_TOO_SMALL); - - for (i = 0; i < counter; i++) { diff --git a/SOURCES/opencryptoki-3.19.0-fix-memory-leak.patch b/SOURCES/opencryptoki-3.19.0-fix-memory-leak.patch new file mode 100644 index 0000000..89da088 --- /dev/null +++ b/SOURCES/opencryptoki-3.19.0-fix-memory-leak.patch @@ -0,0 +1,51 @@ +commit cb4d7b125c7166602cb9094497a201b2f5a56985 +Author: Ingo Franzki +Date: Tue Oct 4 13:21:32 2022 +0200 + + pkcsicsf: Fix memory leak + + Use confignode_deepfree() to also free appended config nodes. + + Signed-off-by: Ingo Franzki + +diff --git a/usr/sbin/pkcsicsf/pkcsicsf.c b/usr/sbin/pkcsicsf/pkcsicsf.c +index 44f5ef34..b02d1fe5 100644 +--- a/usr/sbin/pkcsicsf/pkcsicsf.c ++++ b/usr/sbin/pkcsicsf/pkcsicsf.c +@@ -129,7 +129,8 @@ static void add_token_config_entry(struct ConfigIdxStructNode *s, char *key, cha + return; + + v = confignode_allocstringvaldumpable(key, value, 0, NULL); +- confignode_append(s->value, &v->base); ++ if (v != NULL) ++ confignode_append(s->value, &v->base); + } + + static int add_token_config(const char *configname, +@@ -150,7 +151,7 @@ static int add_token_config(const char *configname, + confignode_freeeoc(eoc1); + confignode_freeeoc(eoc2); + } +- confignode_freeidxstruct(s); ++ confignode_deepfree(&s->base); + fprintf(stderr, "Failed to add an entry for %s token\n", token.name); + return -1; + } +@@ -179,7 +180,7 @@ static int add_token_config(const char *configname, + if (tfp == NULL) { + fprintf(stderr, "fopen failed, line %d: %s\n", + __LINE__, strerror(errno)); +- confignode_freeidxstruct(s); ++ confignode_deepfree(&s->base); + return -1; + } + +@@ -188,7 +189,7 @@ static int add_token_config(const char *configname, + confignode_dump(tfp, &s->base, NULL, 2); + + fclose(tfp); +- confignode_freeidxstruct(s); ++ confignode_deepfree(&s->base); + + return 0; + } diff --git a/SPECS/opencryptoki.spec b/SPECS/opencryptoki.spec index 42d72c7..7f015d5 100644 --- a/SPECS/opencryptoki.spec +++ b/SPECS/opencryptoki.spec @@ -1,7 +1,7 @@ Name: opencryptoki Summary: Implementation of the PKCS#11 (Cryptoki) specification v3.0 -Version: 3.18.0 -Release: 3%{?dist} +Version: 3.19.0 +Release: 1%{?dist} License: CPL Group: System Environment/Base URL: https://github.com/opencryptoki/opencryptoki @@ -13,8 +13,7 @@ Patch1: opencryptoki-3.11.0-lockdir.patch # add missing p11sak_defined_attrs.conf Patch2: opencryptoki-3.18.0-p11sak.patch # upstream patches -Patch100: opencryptoki-3.18.0-fix-json-output.patch -Patch102: opencryptoki-3.18.0-returning_CKR_BUFFER_TOO_SMALL.patch +Patch100: opencryptoki-3.19.0-fix-memory-leak.patch Requires(pre): coreutils diffutils Requires: (selinux-policy >= 3.14.3-70 if selinux-policy-targeted) @@ -312,6 +311,7 @@ fi %files devel %{_includedir}/%{name}/ +%{_libdir}/pkgconfig/%{name}.pc %files swtok %{_libdir}/opencryptoki/stdll/libpkcs11_sw.* @@ -342,6 +342,7 @@ fi %files ccatok %doc doc/README.cca_stdll +%config(noreplace) %{_sysconfdir}/%{name}/ccatok.conf %{_sbindir}/pkcscca %{_mandir}/man1/pkcscca.1* %{_libdir}/opencryptoki/stdll/libpkcs11_cca.* @@ -365,6 +366,13 @@ fi %changelog +* Tue Nov 01 2022 Than Ngo - 3.19.0-1 +- Resolves: #2126612, opencryptoki fails after generating > 500 RSA keys +- Resolves: #2110315, rebase to 3.19.0 +- Resolves: #2110990, openCryptoki key generation with expected MKVP only on CCA and EP11 tokens +- Resolves: #2110477, openCryptoki ep11 token: master key consistency +- Resolves: #1984871, openCryptoki ep11 token: vendor specific key derivation + * Mon Aug 01 2022 Than Ngo - 3.18.0-3 - Related: #2043854, do not touch opencryptoki.conf if it is in place already and even if it is unchanged - Resolves: #2112785, EP11: Fix C_GetMechanismList returning CKR_BUFFER_TOO_SMALL