import opencryptoki-3.19.0-1.el8

This commit is contained in:
CentOS Sources 2022-11-09 04:14:27 +00:00 committed by Stepan Oksanichenko
parent ece263e5ac
commit df75c2c4bc
6 changed files with 65 additions and 85 deletions

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/opencryptoki-3.18.0.tar.gz
SOURCES/opencryptoki-3.19.0.tar.gz

View File

@ -1 +1 @@
257eb4d5458c52bf7c1634fea155bf217d561bd4 SOURCES/opencryptoki-3.18.0.tar.gz
39acf63d03978b2827340394fe6f732a6f0c0526 SOURCES/opencryptoki-3.19.0.tar.gz

View File

@ -1,47 +0,0 @@
commit 1600eebb422ae2a733de3a0bd47464620e39ab0d
Author: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Tue Jun 7 08:58:16 2022 +0200
pkcsstats: Fix JSON output in case of errors
Produce correct JSON output, even if an error occurs during obtaining
of the statistics for a user.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
diff --git a/usr/sbin/pkcsstats/pkcsstats.c b/usr/sbin/pkcsstats/pkcsstats.c
index 8eb049dd..65d4833f 100644
--- a/usr/sbin/pkcsstats/pkcsstats.c
+++ b/usr/sbin/pkcsstats/pkcsstats.c
@@ -789,7 +789,7 @@ int main(int argc, char **argv)
bool reset = false, reset_all = false;
bool delete = false, delete_all = false;
bool slot_id_specified = false;
- bool json = false;
+ bool json = false, json_started = false;
CK_SLOT_ID slot_id = 0;
void *dll = NULL;
CK_FUNCTION_LIST *func_list = NULL;
@@ -949,8 +949,11 @@ int main(int argc, char **argv)
goto done;
}
- if (json && print_json_start() != 0)
- goto done;
+ if (json) {
+ if (print_json_start() != 0)
+ goto done;
+ json_started = true;
+ }
dd.func_list = func_list;
dd.num_slots = num_slots;
@@ -972,7 +975,7 @@ int main(int argc, char **argv)
}
done:
- if (rc == 0 && json)
+ if (json && json_started)
printf("\n\t]\n}\n");
if (slots != NULL)

View File

@ -1,32 +0,0 @@
commit b545050b338e46c29936a2748aab7200e69a5c91
Author: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Tue Jul 26 15:11:06 2022 +0200
EP11: Fix C_GetMechanismList returning CKR_BUFFER_TOO_SMALL
For mixed card levels, the size query call and the call to obtain the
list may run on different cards. When the size query call runs on a
card with less mechanisms than the second call, will fail, but it
returns the larger larger number of mechanisms.
The code already re-allocates the buffer for retrieving the mechanism
list, but does not return the larger number in pulCount. This will
lead to a CKR_BUFFER_TOO_SMALL when the application calls C_GetMechanismList
again to obtain the list of mechanisms, because the applications buffer
is too small.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
diff --git a/usr/lib/ep11_stdll/ep11_specific.c b/usr/lib/ep11_stdll/ep11_specific.c
index 8d796452..1629e664 100644
--- a/usr/lib/ep11_stdll/ep11_specific.c
+++ b/usr/lib/ep11_stdll/ep11_specific.c
@@ -8977,6 +8977,8 @@ CK_RV ep11tok_get_mechanism_list(STDLL_TokData_t * tokdata,
if (rc != CKR_BUFFER_TOO_SMALL)
goto out;
}
+ /* counter was updated in case of CKR_BUFFER_TOO_SMALL */
+ *pulCount = counter;
} while (rc == CKR_BUFFER_TOO_SMALL);
for (i = 0; i < counter; i++) {

View File

@ -0,0 +1,51 @@
commit cb4d7b125c7166602cb9094497a201b2f5a56985
Author: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Tue Oct 4 13:21:32 2022 +0200
pkcsicsf: Fix memory leak
Use confignode_deepfree() to also free appended config nodes.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
diff --git a/usr/sbin/pkcsicsf/pkcsicsf.c b/usr/sbin/pkcsicsf/pkcsicsf.c
index 44f5ef34..b02d1fe5 100644
--- a/usr/sbin/pkcsicsf/pkcsicsf.c
+++ b/usr/sbin/pkcsicsf/pkcsicsf.c
@@ -129,7 +129,8 @@ static void add_token_config_entry(struct ConfigIdxStructNode *s, char *key, cha
return;
v = confignode_allocstringvaldumpable(key, value, 0, NULL);
- confignode_append(s->value, &v->base);
+ if (v != NULL)
+ confignode_append(s->value, &v->base);
}
static int add_token_config(const char *configname,
@@ -150,7 +151,7 @@ static int add_token_config(const char *configname,
confignode_freeeoc(eoc1);
confignode_freeeoc(eoc2);
}
- confignode_freeidxstruct(s);
+ confignode_deepfree(&s->base);
fprintf(stderr, "Failed to add an entry for %s token\n", token.name);
return -1;
}
@@ -179,7 +180,7 @@ static int add_token_config(const char *configname,
if (tfp == NULL) {
fprintf(stderr, "fopen failed, line %d: %s\n",
__LINE__, strerror(errno));
- confignode_freeidxstruct(s);
+ confignode_deepfree(&s->base);
return -1;
}
@@ -188,7 +189,7 @@ static int add_token_config(const char *configname,
confignode_dump(tfp, &s->base, NULL, 2);
fclose(tfp);
- confignode_freeidxstruct(s);
+ confignode_deepfree(&s->base);
return 0;
}

View File

@ -1,7 +1,7 @@
Name: opencryptoki
Summary: Implementation of the PKCS#11 (Cryptoki) specification v3.0
Version: 3.18.0
Release: 3%{?dist}
Version: 3.19.0
Release: 1%{?dist}
License: CPL
Group: System Environment/Base
URL: https://github.com/opencryptoki/opencryptoki
@ -13,8 +13,7 @@ Patch1: opencryptoki-3.11.0-lockdir.patch
# add missing p11sak_defined_attrs.conf
Patch2: opencryptoki-3.18.0-p11sak.patch
# upstream patches
Patch100: opencryptoki-3.18.0-fix-json-output.patch
Patch102: opencryptoki-3.18.0-returning_CKR_BUFFER_TOO_SMALL.patch
Patch100: opencryptoki-3.19.0-fix-memory-leak.patch
Requires(pre): coreutils diffutils
Requires: (selinux-policy >= 3.14.3-70 if selinux-policy-targeted)
@ -312,6 +311,7 @@ fi
%files devel
%{_includedir}/%{name}/
%{_libdir}/pkgconfig/%{name}.pc
%files swtok
%{_libdir}/opencryptoki/stdll/libpkcs11_sw.*
@ -342,6 +342,7 @@ fi
%files ccatok
%doc doc/README.cca_stdll
%config(noreplace) %{_sysconfdir}/%{name}/ccatok.conf
%{_sbindir}/pkcscca
%{_mandir}/man1/pkcscca.1*
%{_libdir}/opencryptoki/stdll/libpkcs11_cca.*
@ -365,6 +366,13 @@ fi
%changelog
* Tue Nov 01 2022 Than Ngo <than@redhat.com> - 3.19.0-1
- Resolves: #2126612, opencryptoki fails after generating > 500 RSA keys
- Resolves: #2110315, rebase to 3.19.0
- Resolves: #2110990, openCryptoki key generation with expected MKVP only on CCA and EP11 tokens
- Resolves: #2110477, openCryptoki ep11 token: master key consistency
- Resolves: #1984871, openCryptoki ep11 token: vendor specific key derivation
* Mon Aug 01 2022 Than Ngo <than@redhat.com> - 3.18.0-3
- Related: #2043854, do not touch opencryptoki.conf if it is in place already and even if it is unchanged
- Resolves: #2112785, EP11: Fix C_GetMechanismList returning CKR_BUFFER_TOO_SMALL