rpms/opencryptoki
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:c8
Branches Tags
rpms:c8
rpms:c9s
rpms:c9s-private-than
rpms:c10s
rpms:c10s-private-than
rpms:c9
rpms:c10
rpms:c9-beta
rpms:c8s
rpms:c8s-private-than
rpms:a8
rpms:c8-beta
rpms:a9
rpms:imports/c10s/opencryptoki-3.26.0-1.el10
rpms:imports/c9/opencryptoki-3.25.0-4.el9
rpms:imports/c10/opencryptoki-3.24.0-6.el10_0
rpms:imports/c9/opencryptoki-3.24.0-5.el9_6
rpms:imports/c9-beta/opencryptoki-3.25.0-4.el9
rpms:importsc/c8/opencryptoki-3.22.0-3.el8_10.1
rpms:imports/c10s/opencryptoki-3.25.0-5.el10
rpms:imports/c10s/opencryptoki-3.25.0-4.el10
rpms:imports/c10s/opencryptoki-3.25.0-2.el10
rpms:imports/c10s/opencryptoki-3.25.0-1.el10
rpms:imports/c10s/opencryptoki-3.24.0-8.el10
rpms:imports/c10s/opencryptoki-3.24.0-7.el10
rpms:imports/c9-beta/opencryptoki-3.24.0-3.el9
rpms:imports/c10s/opencryptoki-3.24.0-6.el10
rpms:imports/c10s/opencryptoki-3.24.0-5.el10
rpms:imports/c10s/opencryptoki-3.24.0-4.el10
rpms:imports/c10s/opencryptoki-3.24.0-3.el10
rpms:imports/c10s/opencryptoki-3.24.0-2.el10
rpms:imports/c10s/opencryptoki-3.24.0-1.el10
rpms:imports/c9-beta/opencryptoki-3.23.0-1.el9
rpms:imports/c10s/opencryptoki-3.23.0-5.el10
rpms:imports/c8/opencryptoki-3.22.0-3.el8
rpms:imports/c9/opencryptoki-3.22.0-3.el9
rpms:changed/a8/opencryptoki-3.21.0-10.el8_9.alma.1
rpms:imports/c8/opencryptoki-3.21.0-9.el8
rpms:changed/a9/opencryptoki-3.21.0-9.el9_3.alma.1
rpms:imports/c8-beta/opencryptoki-3.21.0-9.el8
rpms:imports/c9-beta/opencryptoki-3.21.0-8.el9
rpms:imports/c8/opencryptoki-3.19.0-2.el8
rpms:imports/c9/opencryptoki-3.19.0-2.el9
rpms:imports/c9-beta/opencryptoki-3.19.0-2.el9
rpms:imports/c8-beta/opencryptoki-3.19.0-2.el8
rpms:imports/c8s/opencryptoki-3.19.0-2.el8
rpms:imports/c9/opencryptoki-3.18.0-5.el9_1
rpms:imports/c8/opencryptoki-3.18.0-5.el8_7
rpms:imports/c9/opencryptoki-3.18.0-4.el9
rpms:imports/c8s/opencryptoki-3.19.0-1.el8
rpms:imports/c8/opencryptoki-3.18.0-3.el8
rpms:imports/c9/opencryptoki-3.17.0-8.el9_0
rpms:imports/c9-beta/opencryptoki-3.18.0-4.el9
rpms:imports/c8-beta/opencryptoki-3.18.0-3.el8
rpms:imports/c9/opencryptoki-3.17.0-7.el9_0
rpms:imports/c8/opencryptoki-3.17.0-5.el8_6
rpms:imports/c8s/opencryptoki-3.18.0-3.el8
rpms:imports/c8/opencryptoki-3.17.0-4.el8_6
rpms:imports/c9/opencryptoki-3.17.0-6.el9_0
rpms:imports/c8s/opencryptoki-3.18.0-2.el8
rpms:imports/c8s/opencryptoki-3.18.0-1.el8
rpms:imports/c9/opencryptoki-3.17.0-5.el9_0
rpms:imports/c8s/opencryptoki-3.17.0-4.el8_6
rpms:imports/c8/opencryptoki-3.17.0-3.el8
rpms:imports/c9-beta/opencryptoki-3.17.0-5.el9_0
rpms:imports/c8-beta/opencryptoki-3.17.0-3.el8
rpms:imports/c9-beta/opencryptoki-3.17.0-4.el9
rpms:imports/c8s/opencryptoki-3.17.0-3.el8
rpms:imports/c9-beta/opencryptoki-3.17.0-3.el9
rpms:imports/c8/opencryptoki-3.16.0-7.el8_5
rpms:imports/c9-beta/opencryptoki-3.16.0-12.el9
rpms:imports/c8s/opencryptoki-3.17.0-2.el8
rpms:imports/c8s/opencryptoki-3.16.0-7.el8_5
rpms:imports/c8/opencryptoki-3.16.0-5.el8
rpms:imports/c8-beta/opencryptoki-3.16.0-5.el8
rpms:imports/c8-beta/opencryptoki-3.15.1-5.el8
rpms:imports/c8-beta/opencryptoki-3.14.0-3.el8
rpms:imports/c8-beta/opencryptoki-3.12.1-2.el8
rpms:imports/c8-beta/opencryptoki-3.11.1-1.el8
rpms:imports/c8/opencryptoki-3.15.1-7.el8_4
rpms:imports/c8s/opencryptoki-3.16.0-5.el8
rpms:imports/c8s/opencryptoki-3.16.0-4.el8
rpms:imports/c8s/opencryptoki-3.16.0-3.el8
rpms:imports/c8s/opencryptoki-3.15.1-5.el8
rpms:imports/c8s/opencryptoki-3.15.1-3.el8
rpms:imports/c8/opencryptoki-3.15.1-6.el8_4
rpms:imports/c8/opencryptoki-3.15.1-5.el8
rpms:imports/c8/opencryptoki-3.14.0-5.el8
rpms:imports/c8/opencryptoki-3.12.1-2.el8
rpms:imports/c8/opencryptoki-3.11.1-3.el8_1
...
pull from: rpms:c9-beta
Branches Tags
rpms:c9s
rpms:c9s-private-than
rpms:c10s
rpms:c10s-private-than
rpms:c9
rpms:c10
rpms:c9-beta
rpms:c8
rpms:c8s
rpms:c8s-private-than
rpms:a8
rpms:c8-beta
rpms:a9
rpms:imports/c10s/opencryptoki-3.26.0-1.el10
rpms:imports/c9/opencryptoki-3.25.0-4.el9
rpms:imports/c10/opencryptoki-3.24.0-6.el10_0
rpms:imports/c9/opencryptoki-3.24.0-5.el9_6
rpms:imports/c9-beta/opencryptoki-3.25.0-4.el9
rpms:importsc/c8/opencryptoki-3.22.0-3.el8_10.1
rpms:imports/c10s/opencryptoki-3.25.0-5.el10
rpms:imports/c10s/opencryptoki-3.25.0-4.el10
rpms:imports/c10s/opencryptoki-3.25.0-2.el10
rpms:imports/c10s/opencryptoki-3.25.0-1.el10
rpms:imports/c10s/opencryptoki-3.24.0-8.el10
rpms:imports/c10s/opencryptoki-3.24.0-7.el10
rpms:imports/c9-beta/opencryptoki-3.24.0-3.el9
rpms:imports/c10s/opencryptoki-3.24.0-6.el10
rpms:imports/c10s/opencryptoki-3.24.0-5.el10
rpms:imports/c10s/opencryptoki-3.24.0-4.el10
rpms:imports/c10s/opencryptoki-3.24.0-3.el10
rpms:imports/c10s/opencryptoki-3.24.0-2.el10
rpms:imports/c10s/opencryptoki-3.24.0-1.el10
rpms:imports/c9-beta/opencryptoki-3.23.0-1.el9
rpms:imports/c10s/opencryptoki-3.23.0-5.el10
rpms:imports/c8/opencryptoki-3.22.0-3.el8
rpms:imports/c9/opencryptoki-3.22.0-3.el9
rpms:changed/a8/opencryptoki-3.21.0-10.el8_9.alma.1
rpms:imports/c8/opencryptoki-3.21.0-9.el8
rpms:changed/a9/opencryptoki-3.21.0-9.el9_3.alma.1
rpms:imports/c8-beta/opencryptoki-3.21.0-9.el8
rpms:imports/c9-beta/opencryptoki-3.21.0-8.el9
rpms:imports/c8/opencryptoki-3.19.0-2.el8
rpms:imports/c9/opencryptoki-3.19.0-2.el9
rpms:imports/c9-beta/opencryptoki-3.19.0-2.el9
rpms:imports/c8-beta/opencryptoki-3.19.0-2.el8
rpms:imports/c8s/opencryptoki-3.19.0-2.el8
rpms:imports/c9/opencryptoki-3.18.0-5.el9_1
rpms:imports/c8/opencryptoki-3.18.0-5.el8_7
rpms:imports/c9/opencryptoki-3.18.0-4.el9
rpms:imports/c8s/opencryptoki-3.19.0-1.el8
rpms:imports/c8/opencryptoki-3.18.0-3.el8
rpms:imports/c9/opencryptoki-3.17.0-8.el9_0
rpms:imports/c9-beta/opencryptoki-3.18.0-4.el9
rpms:imports/c8-beta/opencryptoki-3.18.0-3.el8
rpms:imports/c9/opencryptoki-3.17.0-7.el9_0
rpms:imports/c8/opencryptoki-3.17.0-5.el8_6
rpms:imports/c8s/opencryptoki-3.18.0-3.el8
rpms:imports/c8/opencryptoki-3.17.0-4.el8_6
rpms:imports/c9/opencryptoki-3.17.0-6.el9_0
rpms:imports/c8s/opencryptoki-3.18.0-2.el8
rpms:imports/c8s/opencryptoki-3.18.0-1.el8
rpms:imports/c9/opencryptoki-3.17.0-5.el9_0
rpms:imports/c8s/opencryptoki-3.17.0-4.el8_6
rpms:imports/c8/opencryptoki-3.17.0-3.el8
rpms:imports/c9-beta/opencryptoki-3.17.0-5.el9_0
rpms:imports/c8-beta/opencryptoki-3.17.0-3.el8
rpms:imports/c9-beta/opencryptoki-3.17.0-4.el9
rpms:imports/c8s/opencryptoki-3.17.0-3.el8
rpms:imports/c9-beta/opencryptoki-3.17.0-3.el9
rpms:imports/c8/opencryptoki-3.16.0-7.el8_5
rpms:imports/c9-beta/opencryptoki-3.16.0-12.el9
rpms:imports/c8s/opencryptoki-3.17.0-2.el8
rpms:imports/c8s/opencryptoki-3.16.0-7.el8_5
rpms:imports/c8/opencryptoki-3.16.0-5.el8
rpms:imports/c8-beta/opencryptoki-3.16.0-5.el8
rpms:imports/c8-beta/opencryptoki-3.15.1-5.el8
rpms:imports/c8-beta/opencryptoki-3.14.0-3.el8
rpms:imports/c8-beta/opencryptoki-3.12.1-2.el8
rpms:imports/c8-beta/opencryptoki-3.11.1-1.el8
rpms:imports/c8/opencryptoki-3.15.1-7.el8_4
rpms:imports/c8s/opencryptoki-3.16.0-5.el8
rpms:imports/c8s/opencryptoki-3.16.0-4.el8
rpms:imports/c8s/opencryptoki-3.16.0-3.el8
rpms:imports/c8s/opencryptoki-3.15.1-5.el8
rpms:imports/c8s/opencryptoki-3.15.1-3.el8
rpms:imports/c8/opencryptoki-3.15.1-6.el8_4
rpms:imports/c8/opencryptoki-3.15.1-5.el8
rpms:imports/c8/opencryptoki-3.14.0-5.el8
rpms:imports/c8/opencryptoki-3.12.1-2.el8
rpms:imports/c8/opencryptoki-3.11.1-3.el8_1

No commits in common. "c8" and "c9-beta" have entirely different histories.
c8 ... c9-beta

18 changed files with 716 additions and 2704 deletions
Show Stats Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/opencryptoki-3.22.0.tar.gz SOURCES/opencryptoki-3.25.0.tar.gz

2
.opencryptoki.metadata
View File

@ -1 +1 @@
4618b82afde56a8177e888c26d336c6f521bed8a SOURCES/opencryptoki-3.22.0.tar.gz a52c4873734e8e68ae8d599e08d5a55c0b3459ad SOURCES/opencryptoki-3.25.0.tar.gz

55
SOURCES/3.22-CCA-Adjust-CCA-host-library-version-detection-for-ne.patch
View File

@ -1,55 +0,0 @@
From 742463a3c5a25313ab7ceb578d81b9998db65f67 Mon Sep 17 00:00:00 2001
From: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Wed, 2 Apr 2025 16:36:45 +0200
Subject: [PATCH] CCA: Adjust CCA host library version detection for newer CCA
versions
Newer CCA versions might report the version string with CSUACFV or CSUACFQ
with keyword STATCCA using a different indicator character after the version
information. Ignore the indication character and the remaining data entirely.
Only the version information as such is of interest.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
---
usr/lib/cca_stdll/cca_specific.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/usr/lib/cca_stdll/cca_specific.c b/usr/lib/cca_stdll/cca_specific.c
index 80369248..08e794d0 100644
--- a/usr/lib/cca_stdll/cca_specific.c
+++ b/usr/lib/cca_stdll/cca_specific.c
@@ -751,7 +751,6 @@ static CK_RV cca_get_version(STDLL_TokData_t *tokdata)
long return_code, reason_code;
long version_data_length;
long exit_data_len = 0;
- char date[20];
/* Get CCA host library version */
version_data_length = sizeof(version_data);
@@ -767,10 +766,10 @@ static CK_RV cca_get_version(STDLL_TokData_t *tokdata)
version_data[sizeof(version_data) - 1] = '\0';
TRACE_DEVEL("CCA Version string: %s\n", version_data);
- if (sscanf((char *)version_data, "%u.%u.%uz%s",
+ if (sscanf((char *)version_data, "%u.%u.%u",
&cca_private->cca_lib_version.ver,
&cca_private->cca_lib_version.rel,
- &cca_private->cca_lib_version.mod, date) != 4) {
+ &cca_private->cca_lib_version.mod) != 3) {
TRACE_ERROR("CCA library version is invalid: %s\n", version_data);
return CKR_FUNCTION_FAILED;
}
@@ -3431,8 +3430,8 @@ static CK_RV cca_get_adapter_version(cca_min_card_version_t *data)
memcpy(ccaversion, &rule_array[CCA_STATCCA_CCA_VERSION_OFFSET],
CCA_STATCCA_CCA_VERSION_LENGTH);
- if (sscanf(ccaversion, "%d.%d.%02d*", (int *)&adapter_version.ver,
- (int *)&adapter_version.rel, (int *)&adapter_version.mod) != 3) {
+ if (sscanf(ccaversion, "%u.%u.%u", &adapter_version.ver,
+ &adapter_version.rel, &adapter_version.mod) != 3) {
TRACE_ERROR("sscanf of string %s failed, cannot determine CCA card version\n",
ccaversion);
return CKR_FUNCTION_FAILED;
--
2.16.2.windows.1

12
SOURCES/opencryptoki-3.11.0-lockdir.patch
View File

@ -1,12 +0,0 @@
diff -up opencryptoki-3.11.0/configure.ac.me opencryptoki-3.11.0/configure.ac
--- opencryptoki-3.11.0/configure.ac.me 2019-01-30 17:10:19.660952694 +0100
+++ opencryptoki-3.11.0/configure.ac 2019-01-30 17:13:54.150089964 +0100
@@ -62,7 +62,7 @@ AC_SUBST([OPENLDAP_LIBS])
dnl Define custom variables
-lockdir=$localstatedir/lock/opencryptoki
+lockdir=/run/lock/opencryptoki
AC_SUBST(lockdir)
logdir=$localstatedir/log/opencryptoki

27
SOURCES/opencryptoki-3.21-sandboxing.patch
View File

@ -1,27 +0,0 @@
diff -up opencryptoki-3.21.0/misc/pkcsslotd.service.in.me opencryptoki-3.21.0/misc/pkcsslotd.service.in
--- opencryptoki-3.21.0/misc/pkcsslotd.service.in.me 2023-05-16 20:50:08.128841932 +0200
+++ opencryptoki-3.21.0/misc/pkcsslotd.service.in 2023-05-16 21:19:35.208570589 +0200
@@ -22,17 +22,17 @@ PrivateUsers=no
PrivateNetwork=no
RestrictAddressFamilies=AF_UNIX AF_NETLINK
IPAddressDeny=any
-ProtectClock=yes
+#ProtectClock=yes
ProtectKernelTunables=yes
ProtectKernelModules=yes
-ProtectKernelLogs=yes
+#ProtectKernelLogs=yes
ProtectControlGroups=yes
ProtectHome=yes
-ProtectHostname=yes
-ProtectProc=default
+#ProtectHostname=yes
+#ProtectProc=default
ProtectSystem=strict
-ReadWritePaths=@localstatedir@
-ProcSubset=all
+ReadWritePaths=@localstatedir@ /run
+#ProcSubset=all
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
RestrictNamespaces=yes

47
SOURCES/opencryptoki-3.24.0-tmpfiles-image-mode.patch Normal file
View File

@ -0,0 +1,47 @@
diff -up opencryptoki-3.24.0/misc/tmpfiles.conf.in.me opencryptoki-3.24.0/misc/tmpfiles.conf.in
--- opencryptoki-3.24.0/misc/tmpfiles.conf.in.me 2025-02-04 16:59:16.072468667 +0100
+++ opencryptoki-3.24.0/misc/tmpfiles.conf.in 2025-02-04 17:02:06.151451176 +0100
@@ -1,5 +1,8 @@
# path mode uid gid age
D /run/opencryptoki 710 @pkcsslotd_user@ @pkcs_group@ -
d @localstatedir@/lib/opencryptoki 0770 root @pkcs_group@ -
+d @localstatedir@/lib/opencryptoki/HSM_MK_CHANGE 770 root @pkcs_group@ -
+z /etc/opencryptoki/p11sak_defined_attrs.conf 0640 root pkcs11 -
+z /etc/opencryptoki/strength.conf 0640 root pkcs11 -
d @logdir@ 0770 root @pkcs_group@ -
D @lockdir@ 0770 root @pkcs_group@ -
diff -Nur opencryptoki-3.24.0.me/opencryptoki-ccatok.conf opencryptoki-3.24.0/opencryptoki-ccatok.conf
--- opencryptoki-3.24.0.me/opencryptoki-ccatok.conf 1970-01-01 01:00:00.000000000 +0100
+++ opencryptoki-3.24.0/opencryptoki-ccatok.conf 2025-03-12 15:40:01.270065049 +0100
@@ -0,0 +1,2 @@
+d /var/lib/opencryptoki/ccatok 770 root pkcs11 -
+d /var/lib/opencryptoki/ccatok/TOK_OBJ 770 root pkcs11 -
diff -Nur opencryptoki-3.24.0.me/opencryptoki-ep11tok.conf opencryptoki-3.24.0/opencryptoki-ep11tok.conf
--- opencryptoki-3.24.0.me/opencryptoki-ep11tok.conf 1970-01-01 01:00:00.000000000 +0100
+++ opencryptoki-3.24.0/opencryptoki-ep11tok.conf 2025-03-12 15:40:01.270122658 +0100
@@ -0,0 +1,2 @@
+d /var/lib/opencryptoki/ep11tok 770 root pkcs11 -
+d /var/lib/opencryptoki/ep11tok/TOK_OBJ 770 root pkcs11 -
diff -Nur opencryptoki-3.24.0.me/opencryptoki-icatok.conf opencryptoki-3.24.0/opencryptoki-icatok.conf
--- opencryptoki-3.24.0.me/opencryptoki-icatok.conf 1970-01-01 01:00:00.000000000 +0100
+++ opencryptoki-3.24.0/opencryptoki-icatok.conf 2025-03-12 15:40:01.270168936 +0100
@@ -0,0 +1,2 @@
+d /var/lib/opencryptoki/lite 770 root pkcs11 -
+d /var/lib/opencryptoki/lite/TOK_OBJ 770 root pkcs11 -
diff -Nur opencryptoki-3.24.0.me/opencryptoki-icsftok.conf opencryptoki-3.24.0/opencryptoki-icsftok.conf
--- opencryptoki-3.24.0.me/opencryptoki-icsftok.conf 1970-01-01 01:00:00.000000000 +0100
+++ opencryptoki-3.24.0/opencryptoki-icsftok.conf 2025-03-12 15:40:01.270213441 +0100
@@ -0,0 +1 @@
+d /var/lib/opencryptoki/icsf 770 root pkcs11 -
diff -Nur opencryptoki-3.24.0.me/opencryptoki-swtok.conf opencryptoki-3.24.0/opencryptoki-swtok.conf
--- opencryptoki-3.24.0.me/opencryptoki-swtok.conf 1970-01-01 01:00:00.000000000 +0100
+++ opencryptoki-3.24.0/opencryptoki-swtok.conf 2025-03-12 15:40:01.270256492 +0100
@@ -0,0 +1,3 @@
+# path mode uid gid age
+d /var/lib/opencryptoki/swtok 770 root pkcs11 -
+d /var/lib/opencryptoki/swtok/TOK_OBJ 770 root pkcs11 -
diff -Nur opencryptoki-3.24.0.me/opencryptoki-tpmtok.conf opencryptoki-3.24.0/opencryptoki-tpmtok.conf
--- opencryptoki-3.24.0.me/opencryptoki-tpmtok.conf 1970-01-01 01:00:00.000000000 +0100
+++ opencryptoki-3.24.0/opencryptoki-tpmtok.conf 2025-03-12 15:40:01.270339921 +0100
@@ -0,0 +1 @@
+d /var/lib/opencryptoki/tpm 770 root pkcs11 -

43
SOURCES/opencryptoki-3.25.0-covscan-findings.patch Normal file
View File

@ -0,0 +1,43 @@
commit 003d658322df316a352af591a3d059ca22fc40a3
Author: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Mon Jul 21 11:02:42 2025 +0200
Fix covscan findings
Closes: https://github.com/opencryptoki/opencryptoki/issues/879
Reported-by: Than Ngo <than@redhat.com>
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
diff --git a/usr/lib/common/mech_aes.c b/usr/lib/common/mech_aes.c
index 9195ff3c..383fb775 100644
--- a/usr/lib/common/mech_aes.c
+++ b/usr/lib/common/mech_aes.c
@@ -4561,6 +4561,11 @@ static CK_RV aeskw_wrap_pad(STDLL_TokData_t *tokdata, SESSION *sess,
* contains exactly eight octets, then prepend the AIV and encrypt
* the resulting 128-bit block using AES in ECB mode.
*/
+ if (in_data_len > AES_KEY_WRAP_BLOCK_SIZE) {
+ TRACE_ERROR("%s\n", ock_err(ERR_DATA_LEN_RANGE));
+ return CKR_DATA_LEN_RANGE;
+ }
+
memmove(buff + AES_KEY_WRAP_BLOCK_SIZE, in_data, in_data_len);
memcpy(buff, aiv, AES_KEY_WRAP_IV_SIZE);
memset(buff + AES_KEY_WRAP_IV_SIZE + in_data_len, 0, padding_len);
diff --git a/usr/sbin/p11sak/p11tool.c b/usr/sbin/p11sak/p11tool.c
index da684f79..5b72b93b 100644
--- a/usr/sbin/p11sak/p11tool.c
+++ b/usr/sbin/p11sak/p11tool.c
@@ -567,6 +567,11 @@ static void p11tool_print_options_help(const struct p11tool_opt *opts,
else
len = snprintf(tmp, sizeof(tmp),"-%c", opt->short_opt);
+ if (len >= (int)sizeof(tmp) || len < 0) {
+ warnx("Error formatting option string. Skipping.\n");
+ continue;
+ }
+
if (opt->arg.type != ARG_TYPE_PLAIN) {
if (opt->arg.required)
snprintf(&tmp[len], sizeof(tmp) - len, " %s", opt->arg.name);

36
SOURCES/opencryptoki-3.21.0-p11sak.patch → SOURCES/opencryptoki-3.25.0-p11sak.patch
View File

@ -1,37 +1,47 @@
diff -up opencryptoki-3.21.0/Makefile.am.me opencryptoki-3.21.0/Makefile.am diff -up opencryptoki-3.25.0/Makefile.am.me opencryptoki-3.25.0/Makefile.am
--- opencryptoki-3.21.0/Makefile.am.me 2023-05-15 17:01:04.932616030 +0200 --- opencryptoki-3.25.0/Makefile.am.me 2025-06-10 08:52:39.000000000 +0200
+++ opencryptoki-3.21.0/Makefile.am 2023-05-15 17:00:45.732131601 +0200 +++ opencryptoki-3.25.0/Makefile.am 2025-06-10 15:32:06.974976310 +0200
@@ -39,15 +39,8 @@ include tools/tools.mk @@ -51,20 +51,8 @@ include tools/tools.mk
include doc/doc.mk include doc/doc.mk
install-data-hook: install-data-hook:
-if AIX
- lsgroup $(pkcs_group) > /dev/null || $(GROUPADD) -a pkcs11
- lsuser $(pkcsslotd_user) > /dev/null || $(USERADD) -g $(pkcs_group) -d $(DESTDIR)$(RUN_PATH)/opencryptoki -c "Opencryptoki pkcsslotd user" $(pkcsslotd_user)
-else
- getent group $(pkcs_group) > /dev/null || $(GROUPADD) -r $(pkcs_group) - getent group $(pkcs_group) > /dev/null || $(GROUPADD) -r $(pkcs_group)
- getent passwd $(pkcsslotd_user) >/dev/null || $(USERADD) -r -g $(pkcs_group) -d /run/opencryptoki -s /sbin/nologin -c "Opencryptoki pkcsslotd user" $(pkcsslotd_user) - getent passwd $(pkcsslotd_user) >/dev/null || $(USERADD) -r -g $(pkcs_group) -d $(RUN_PATH)/opencryptoki -s /sbin/nologin -c "Opencryptoki pkcsslotd user" $(pkcsslotd_user)
$(MKDIR_P) $(DESTDIR)/run/opencryptoki/ -endif
- $(CHOWN) $(pkcsslotd_user):$(pkcs_group) $(DESTDIR)/run/opencryptoki/ $(MKDIR_P) $(DESTDIR)$(RUN_PATH)/opencryptoki/
- $(CHGRP) $(pkcs_group) $(DESTDIR)/run/opencryptoki/ - $(CHOWN) $(pkcsslotd_user):$(pkcs_group) $(DESTDIR)$(RUN_PATH)/opencryptoki/
- $(CHMOD) 0710 $(DESTDIR)/run/opencryptoki/ - $(CHGRP) $(pkcs_group) $(DESTDIR)$(RUN_PATH)/opencryptoki/
- $(CHMOD) 0710 $(DESTDIR)$(RUN_PATH)/opencryptoki/
$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki - $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki
- $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki - $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki
if ENABLE_LIBRARY if ENABLE_LIBRARY
$(MKDIR_P) $(DESTDIR)$(libdir)/opencryptoki/stdll $(MKDIR_P) $(DESTDIR)$(libdir)/opencryptoki/stdll
$(MKDIR_P) $(DESTDIR)$(libdir)/pkcs11 $(MKDIR_P) $(DESTDIR)$(libdir)/pkcs11
@@ -100,7 +93,7 @@ if ENABLE_EP11TOK @@ -117,11 +105,11 @@ if ENABLE_EP11TOK
endif endif
if ENABLE_P11SAK if ENABLE_P11SAK
test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true
- test -f $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || $(INSTALL) -g $(pkcs_group) -m 0640 $(srcdir)/usr/sbin/p11sak/p11sak_defined_attrs.conf $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || true - test -f $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || $(INSTALL) -g $(pkcs_group) -m 0640 $(srcdir)/usr/sbin/p11sak/p11sak_defined_attrs.conf $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || true
+ test -f $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || $(INSTALL) -m 0640 $(srcdir)/usr/sbin/p11sak/p11sak_defined_attrs.conf $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || true + test -f $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || $(INSTALL) -m 0640 $(srcdir)/usr/sbin/p11sak/p11sak_defined_attrs.conf $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || true
endif
if ENABLE_P11KMIP
test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true
- test -f $(DESTDIR)$(sysconfdir)/opencryptoki/p11kmip.conf || $(INSTALL) -g $(pkcs_group) -m 0640 $(srcdir)/usr/sbin/p11kmip/p11kmip.conf $(DESTDIR)$(sysconfdir)/opencryptoki/p11kmip.conf || true
+ test -f $(DESTDIR)$(sysconfdir)/opencryptoki/p11kmip.conf || $(INSTALL) -m 0640 $(srcdir)/usr/sbin/p11kmip/p11kmip.conf $(DESTDIR)$(sysconfdir)/opencryptoki/p11kmip.conf || true
endif endif
if ENABLE_ICATOK if ENABLE_ICATOK
cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
@@ -151,7 +144,7 @@ endif @@ -172,7 +160,7 @@ endif
if ENABLE_DAEMON if ENABLE_DAEMON
test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true
test -f $(DESTDIR)$(sysconfdir)/opencryptoki/opencryptoki.conf || $(INSTALL) -m 644 $(srcdir)/usr/sbin/pkcsslotd/opencryptoki.conf $(DESTDIR)$(sysconfdir)/opencryptoki/opencryptoki.conf || true test -f $(DESTDIR)$(sysconfdir)/opencryptoki/opencryptoki.conf || $(INSTALL) -m 644 $(srcdir)/usr/sbin/pkcsslotd/opencryptoki.conf $(DESTDIR)$(sysconfdir)/opencryptoki/opencryptoki.conf || true
- test -f $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || $(INSTALL) -m 640 -o root -g $(pkcs_group) -T $(srcdir)/doc/strength-example.conf $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || true - test -f $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || $(INSTALL) -m 640 -o root -g $(pkcs_group) -T $(srcdir)/doc/strength-example.conf $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || true
+ test -f $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || $(INSTALL) -m 640 -o root -T $(srcdir)/doc/strength-example.conf $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || true + test -f $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || $(INSTALL) -m 640 -T $(srcdir)/doc/strength-example.conf $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || true
endif endif
if !AIX
$(MKDIR_P) $(DESTDIR)/etc/ld.so.conf.d $(MKDIR_P) $(DESTDIR)/etc/ld.so.conf.d
echo "$(libdir)/opencryptoki" >\

176
SOURCES/opencryptoki-3.25.0-reject-using-md5-in-fips-mode.patch Normal file
View File

@ -0,0 +1,176 @@
commit 144456ede9897662eed35ac8415d0ecb1c5907e3
Author: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Wed Aug 13 13:50:24 2025 +0200
PKCSSLOTD: Remove the use of MD5
The pkcsslotd uses MD5 to calculate kind of a checksum of the token directory
path, for easy checking if the same token directory has already been used by
other tokens.
The use of MD5 for this is just historical, and has no security relevance at
all. Still, OpenSSL running in FIPS mode might reject the use of MD5, so
pkcsslotd will fail to start.
Change the code to use SHA256 instead.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
diff --git a/usr/sbin/pkcsslotd/pkcsslotd.h b/usr/sbin/pkcsslotd/pkcsslotd.h
index ec6a489a..fa0db30f 100644
--- a/usr/sbin/pkcsslotd/pkcsslotd.h
+++ b/usr/sbin/pkcsslotd/pkcsslotd.h
@@ -42,11 +42,7 @@
#endif /* DEV */
-#define HASH_SHA1 1
-#define HASH_MD5 2
-#define compute_md5(a,b,c) compute_hash(HASH_MD5,b,a,c)
-
-int compute_hash(int hash_type, int buf_size, char *buf, char *digest);
+int compute_sha256(char *buf, int buf_size, char *digest);
/********************
* Global Variables *
diff --git a/usr/sbin/pkcsslotd/slotmgr.c b/usr/sbin/pkcsslotd/slotmgr.c
index 0c1a5586..d0d85a85 100644
--- a/usr/sbin/pkcsslotd/slotmgr.c
+++ b/usr/sbin/pkcsslotd/slotmgr.c
@@ -27,7 +27,7 @@
#include "configuration.h"
#define OBJ_DIR "TOK_OBJ"
-#define MD5_HASH_SIZE 16
+#define SHA256_HASH_SIZE 32
#define DEF_MANUFID "IBM"
@@ -44,8 +44,8 @@
#define DEF_SLOTDESC "Linux"
#endif
-typedef char md5_hash_entry[MD5_HASH_SIZE];
-md5_hash_entry tokname_hash_table[NUMBER_SLOTS_MANAGED];
+typedef char sha256_hash_entry[SHA256_HASH_SIZE];
+sha256_hash_entry tokname_hash_table[NUMBER_SLOTS_MANAGED];
Slot_Mgr_Shr_t *shmp; // pointer to the shared memory region.
int shmid;
@@ -86,27 +86,19 @@ void DumpSharedMemory(void)
}
}
-int compute_hash(int hash_type, int buf_size, char *buf, char *digest)
+int compute_sha256(char *buf, int buf_size, char *digest)
{
EVP_MD_CTX *md_ctx = NULL;
unsigned int result_size;
int rc;
md_ctx = EVP_MD_CTX_create();
-
- switch (hash_type) {
- case HASH_SHA1:
- rc = EVP_DigestInit(md_ctx, EVP_sha1());
- break;
- case HASH_MD5:
- rc = EVP_DigestInit(md_ctx, EVP_md5());
- break;
- default:
- EVP_MD_CTX_destroy(md_ctx);
+ if (md_ctx == NULL) {
+ fprintf(stderr, "EVP_MD_CTX_create() failed\n");
return -1;
- break;
}
+ rc = EVP_DigestInit(md_ctx, EVP_sha256());
if (rc != 1) {
fprintf(stderr, "EVP_DigestInit() failed: rc = %d\n", rc);
return -1;
@@ -374,12 +366,12 @@ void run_sanity_checks(void)
}
}
-int is_duplicate(md5_hash_entry hash, md5_hash_entry *hash_table)
+int is_duplicate(sha256_hash_entry hash, sha256_hash_entry *hash_table)
{
int i;
for (i = 0; i < NUMBER_SLOTS_MANAGED; i++) {
- if (memcmp(hash_table[i], hash, sizeof(md5_hash_entry)) == 0)
+ if (memcmp(hash_table[i], hash, sizeof(sha256_hash_entry)) == 0)
return 1;
}
@@ -483,7 +475,7 @@ int chk_create_tokdir(Slot_Info_t_64 *psinfo)
mode_t proc_umask;
char *tokdir = psinfo->tokname;
char *tokgroup = psinfo->usergroup;
- char token_md5_hash[MD5_HASH_SIZE];
+ char token_sha256_hash[SHA256_HASH_SIZE];
if (psinfo->present == FALSE)
return 0;
@@ -517,26 +509,26 @@ int chk_create_tokdir(Slot_Info_t_64 *psinfo)
*/
if (!tokdir || strlen(tokdir) == 0) {
/*
- * Build the md5 hash from the dll name prefixed with 'dll:' to
+ * Build the SHA256 hash from the dll name prefixed with 'dll:' to
* check for duplicate tokens with no 'tokname'.
*/
snprintf(tokendir, sizeof(tokendir), "dll:%s", psinfo->dll_location);
- rc = compute_md5(tokendir, strlen(tokendir), token_md5_hash);
+ rc = compute_sha256(tokendir, strlen(tokendir), token_sha256_hash);
if (rc) {
- fprintf(stderr, "Error calculating MD5 of token name!\n");
+ fprintf(stderr, "Error calculating SHA256 of token name!\n");
return -1;
}
/* check for duplicate token names */
- if (is_duplicate(token_md5_hash, tokname_hash_table)) {
+ if (is_duplicate(token_sha256_hash, tokname_hash_table)) {
fprintf(stderr, "Duplicate token in slot %llu!\n",
psinfo->slot_number);
return -1;
}
/* add entry into hash table */
- memcpy(tokname_hash_table[psinfo->slot_number], token_md5_hash,
- MD5_HASH_SIZE);
+ memcpy(tokname_hash_table[psinfo->slot_number], token_sha256_hash,
+ SHA256_HASH_SIZE);
return 0;
}
@@ -549,21 +541,21 @@ int chk_create_tokdir(Slot_Info_t_64 *psinfo)
return -1;
}
- /* calculate md5 hash from token name */
- rc = compute_md5(tokdir, strlen(tokdir), token_md5_hash);
+ /* calculate SHA256 hash from token name */
+ rc = compute_sha256(tokdir, strlen(tokdir), token_sha256_hash);
if (rc) {
- fprintf(stderr, "Error calculating MD5 of token name!\n");
+ fprintf(stderr, "Error calculating SHA256 of token name!\n");
return -1;
}
/* check for duplicate token names */
- if (is_duplicate(token_md5_hash, tokname_hash_table)) {
+ if (is_duplicate(token_sha256_hash, tokname_hash_table)) {
fprintf(stderr, "Duplicate token name '%s'!\n", tokdir);
return -1;
}
/* add entry into hash table */
- memcpy(tokname_hash_table[psinfo->slot_number], token_md5_hash,
- MD5_HASH_SIZE);
+ memcpy(tokname_hash_table[psinfo->slot_number], token_sha256_hash,
+ SHA256_HASH_SIZE);
/* Create token specific directory */
/* sprintf checked above */

153
SOURCES/opencryptoki-CVE-2024-0914-part1.patch
View File

@ -1,153 +0,0 @@
commit f931d6e47bf2fb26aa9cf52e231d13edc1c837a1
Author: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Tue Dec 12 17:16:56 2023 +0100
COMMON: Update rsa_parse_block_type_2() to not leak the message length
Take the implementation of OpenSSL function RSA_padding_check_PKCS1_type_2()
in crypto/rsa/rsa_pk1.c instead of ossl_rsa_padding_check_PKCS1_type_2(), since
the latter leaks the message size.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
diff --git a/usr/lib/common/mech_rsa.c b/usr/lib/common/mech_rsa.c
index 326c5795..7bab1a84 100644
--- a/usr/lib/common/mech_rsa.c
+++ b/usr/lib/common/mech_rsa.c
@@ -29,6 +29,7 @@
#include "constant_time.h"
#include <openssl/crypto.h>
+#include <openssl/rsa.h>
CK_BBOOL is_rsa_mechanism(CK_MECHANISM_TYPE mech)
{
@@ -293,13 +294,16 @@ static CK_RV rsa_parse_block_type_2(CK_BYTE *in_data,
CK_BYTE *out_data,
CK_ULONG *out_data_len)
{
- unsigned int ok = 0, found, zero;
- size_t zero_index = 0, msg_index, mlen;
- size_t i, j;
+ int i;
+ unsigned char *em = NULL;
+ unsigned int good, found_zero_byte, mask, equals0;
+ int zero_index = 0, msg_index, mlen = -1;
+ int out_len = *out_data_len;
+ int rsa_size = in_data_len;
/*
* The implementation of this function is copied from OpenSSL's function
- * ossl_rsa_padding_check_PKCS1_type_2() in crypto/rsa/rsa_pk1.c
+ * RSA_padding_check_PKCS1_type_2() in crypto/rsa/rsa_pk1.c
* and is slightly modified to fit to the OpenCryptoki environment.
*
* The OpenSSL code is licensed under the Apache License 2.0.
@@ -324,55 +328,86 @@ static CK_RV rsa_parse_block_type_2(CK_BYTE *in_data,
* PKCS#1 v1.5 decryption. See "PKCS #1 v2.2: RSA Cryptography Standard",
* section 7.2.2.
*/
- if (in_data_len < 11) {
+ if (rsa_size < RSA_PKCS1_PADDING_SIZE) {
TRACE_DEVEL("%s\n", ock_err(ERR_FUNCTION_FAILED));
return CKR_FUNCTION_FAILED;
}
- ok = constant_time_is_zero(in_data[0]);
- ok &= constant_time_eq(in_data[1], 2);
+ em = malloc(rsa_size);
+ if (em == NULL) {
+ TRACE_DEVEL("%s\n", ock_err(ERR_HOST_MEMORY));
+ return CKR_HOST_MEMORY;
+ }
+
+ /* in_data_len is always equal to rsa_size */
+ memcpy(em, in_data, rsa_size);
+
+ good = constant_time_is_zero(em[0]);
+ good &= constant_time_eq(em[1], 2);
/* scan over padding data */
- found = 0;
- for (i = 2; i < in_data_len; i++) {
- zero = constant_time_is_zero(in_data[i]);
+ found_zero_byte = 0;
+ for (i = 2; i < rsa_size; i++) {
+ equals0 = constant_time_is_zero(em[i]);
- zero_index = constant_time_select_int(~found & zero, i, zero_index);
- found |= zero;
+ zero_index = constant_time_select_int(~found_zero_byte & equals0,
+ i, zero_index);
+ found_zero_byte |= equals0;
}
/*
- * PS must be at least 8 bytes long, and it starts two bytes into |enc_msg|.
+ * PS must be at least 8 bytes long, and it starts two bytes into |em|.
* If we never found a 0-byte, then |zero_index| is 0 and the check
* also fails.
*/
- ok &= constant_time_ge(zero_index, 2 + 8);
+ good &= constant_time_ge(zero_index, 2 + 8);
/*
* Skip the zero byte. This is incorrect if we never found a zero-byte
* but in this case we also do not copy the message out.
*/
msg_index = zero_index + 1;
- mlen = in_data_len - msg_index;
+ mlen = rsa_size - msg_index;
/*
* For good measure, do this check in constant time as well.
*/
- ok &= constant_time_ge(*out_data_len, mlen);
+ good &= constant_time_ge(out_len, mlen);
/*
- * since at this point the |msg_index| does not provide the signal
- * indicating if the padding check failed or not, we don't have to worry
- * about leaking the length of returned message, we still need to ensure
- * that we read contents of both buffers so that cache accesses don't leak
- * the value of |good|
+ * Move the result in-place by |rsa_size|-RSA_PKCS1_PADDING_SIZE-|mlen|
+ * bytes to the left.
+ * Then if |good| move |mlen| bytes from |em|+RSA_PKCS1_PADDING_SIZE to
+ * |out_data|. Otherwise leave |out_data| unchanged.
+ * Copy the memory back in a way that does not reveal the size of
+ * the data being copied via a timing side channel. This requires copying
+ * parts of the buffer multiple times based on the bits set in the real
+ * length. Clear bits do a non-copy with identical access pattern.
+ * The loop below has overall complexity of O(N*log(N)).
*/
- for (i = msg_index, j = 0; i < in_data_len && j < *out_data_len; i++, j++)
- out_data[j] = constant_time_select_8(ok, in_data[i], out_data[j]);
+ out_len = constant_time_select_int(
+ constant_time_lt(rsa_size - RSA_PKCS1_PADDING_SIZE, out_len),
+ rsa_size - RSA_PKCS1_PADDING_SIZE,
+ out_len);
+ for (msg_index = 1; msg_index < rsa_size - RSA_PKCS1_PADDING_SIZE;
+ msg_index <<= 1) {
+ mask = ~constant_time_eq(
+ msg_index & (rsa_size - RSA_PKCS1_PADDING_SIZE - mlen), 0);
+ for (i = RSA_PKCS1_PADDING_SIZE; i < rsa_size - msg_index; i++)
+ em[i] = constant_time_select_8(mask, em[i + msg_index], em[i]);
+ }
+ for (i = 0; i < out_len; i++) {
+ mask = good & constant_time_lt(i, mlen);
+ out_data[i] = constant_time_select_8(
+ mask, em[i + RSA_PKCS1_PADDING_SIZE], out_data[i]);
+ }
+
+ OPENSSL_cleanse(em, rsa_size);
+ free(em);
- *out_data_len = j;
+ *out_data_len = constant_time_select_int(good, mlen, 0);
- return constant_time_select_int(ok, CKR_OK, CKR_ENCRYPTED_DATA_INVALID);
+ return constant_time_select_int(good, CKR_OK, CKR_ENCRYPTED_DATA_INVALID);
}
CK_RV rsa_parse_block(CK_BYTE *in_data,

737
SOURCES/opencryptoki-CVE-2024-0914-part2.patch
View File

@ -1,737 +0,0 @@
commit 5f1a4f8641306ee192b70c8a32c9ee8a0fe9be5f
Author: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Mon Jan 15 12:53:37 2024 +0100
common: Add support for implicit rejection for RSA PKCS#1 v1.5 de-padding
Implicit rejection returns a pseudo random message in case the RSA PKCS#1 v1.5
padding is incorrect, but returns no error. The pseudo random message is based
on static secret data (the private exponent) and the provided ciphertext, so
that the attacker cannot determine that the returned value is randomly generated
instead of the result of decryption and de-padding.
The implicit rejection algorithm is the same as used by OpenSSL.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
diff --git a/COPYRIGHTS b/COPYRIGHTS
index 2bb3dffe..21b6b702 100644
--- a/COPYRIGHTS
+++ b/COPYRIGHTS
@@ -12,19 +12,29 @@ For code originating from OpenSSL:
* Note that in OpenSSL the file crypto/bn/rsa_sup_mul.c does no longer
* exist, it was removed with commit https://github.com/openssl/openssl/commit/4209ce68d8fe8b1506494efa03d378d05baf9ff8
* - usr/lib/common/constant_time.h: Copied unchanged from OpenSSL from
- include/internal/constant_time.h
+ * include/internal/constant_time.h
* - The implementation of function rsa_parse_block_type_2() in
* usr/lib/common/mech_rsa.c is copied from OpenSSL's function
* ossl_rsa_padding_check_PKCS1_type_2() in crypto/rsa/rsa_pk1.c
* and is slightly modified to fit to the OpenCryptoki environment.
* See comment in function rsa_parse_block_type_2() for a list of changes.
+ * - The implementation of function openssl_specific_rsa_derive_kdk() in
+ * usr/lib/common/mech_openssl.c is copied from OpenSSL's function
+ * derive_kdk() in crypto/rsa/rsa_ossl.c and is slightly modified to fit to
+ * the OpenCryptoki environment. See comment in function
+ * openssl_specific_rsa_derive_kdk() for a list of changes.
+ * - The implementation of function openssl_specific_rsa_prf() in
+ * usr/lib/common/mech_openssl.c is copied from OpenSSL's function
+ * ossl_rsa_prf() in crypto/rsa/rsapk1.c and is slightly modified to fit to
+ * the OpenCryptoki environment. See comment in function
+ * openssl_specific_rsa_prf() for a list of changes.
* - The implementation of function decode_eme_oaep() in
* usr/lib/common/mech_rsa.c is copied from OpenSSL's function
* RSA_padding_check_PKCS1_OAEP_mgf1() in crypto/rsa/rsa_oaep.c and is
* slightly modified to fit to the OpenCryptoki environment. See comment in
* function decode_eme_oaep() for a list of changes.
*
- * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* The OpenSSL code is licensed under the Apache License 2.0 (the "License").
* You can obtain a copy in the file LICENSE in the OpenSSL source distribution
diff --git a/usr/lib/common/h_extern.h b/usr/lib/common/h_extern.h
index a88b57d0..29496d99 100644
--- a/usr/lib/common/h_extern.h
+++ b/usr/lib/common/h_extern.h
@@ -731,7 +731,8 @@ CK_RV rsa_format_block(STDLL_TokData_t *tokdata,
CK_RV rsa_parse_block(CK_BYTE *in_data,
CK_ULONG in_data_len,
CK_BYTE *out_data,
- CK_ULONG *out_data_len, CK_ULONG type);
+ CK_ULONG *out_data_len, CK_ULONG type,
+ CK_BYTE *kdk, CK_ULONG kdklen);
CK_RV get_mgf_mech(CK_RSA_PKCS_MGF_TYPE mgf, CK_MECHANISM_TYPE *mech);
@@ -3179,6 +3180,14 @@ CK_RV openssl_specific_hmac_update(SIGN_VERIFY_CONTEXT *ctx, CK_BYTE *in_data,
CK_RV openssl_specific_hmac_final(SIGN_VERIFY_CONTEXT *ctx, CK_BYTE *signature,
CK_ULONG *sig_len, CK_BBOOL sign);
+CK_RV openssl_specific_rsa_derive_kdk(STDLL_TokData_t *tokdata, OBJECT *key_obj,
+ const CK_BYTE *in, CK_ULONG inlen,
+ CK_BYTE *kdk, CK_ULONG kdklen);
+CK_RV openssl_specific_rsa_prf(CK_BYTE *out, CK_ULONG outlen,
+ const char *label, CK_ULONG labellen,
+ const CK_BYTE *kdk, CK_ULONG kdklen,
+ uint16_t bitlen);
+
#include "tok_spec_struct.h"
extern token_spec_t token_specific;
diff --git a/usr/lib/common/mech_openssl.c b/usr/lib/common/mech_openssl.c
index 9983fcb3..da515289 100644
--- a/usr/lib/common/mech_openssl.c
+++ b/usr/lib/common/mech_openssl.c
@@ -1154,6 +1154,7 @@ CK_RV openssl_specific_rsa_pkcs_decrypt(STDLL_TokData_t *tokdata,
CK_RV rc;
CK_BYTE out[MAX_RSA_KEYLEN];
CK_ULONG modulus_bytes;
+ unsigned char kdk[SHA256_HASH_SIZE] = { 0 };
modulus_bytes = in_data_len;
@@ -1163,7 +1164,16 @@ CK_RV openssl_specific_rsa_pkcs_decrypt(STDLL_TokData_t *tokdata,
goto done;
}
- rc = rsa_parse_block(out, modulus_bytes, out_data, out_data_len, PKCS_BT_2);
+ rc = openssl_specific_rsa_derive_kdk(tokdata, key_obj,
+ in_data, in_data_len,
+ kdk, sizeof(kdk));
+ if (rc != CKR_OK) {
+ TRACE_DEVEL("openssl_specific_rsa_derive_kdk failed\n");
+ goto done;
+ }
+
+ rc = rsa_parse_block(out, modulus_bytes, out_data, out_data_len, PKCS_BT_2,
+ kdk, sizeof(kdk));
done:
OPENSSL_cleanse(out, sizeof(out));
@@ -1254,7 +1264,7 @@ CK_RV openssl_specific_rsa_pkcs_verify(STDLL_TokData_t *tokdata, SESSION *sess,
}
rc = rsa_parse_block(out, modulus_bytes, out_data, &out_data_len,
- PKCS_BT_1);
+ PKCS_BT_1, NULL, 0);
if (rc == CKR_ENCRYPTED_DATA_INVALID) {
TRACE_ERROR("%s\n", ock_err(ERR_SIGNATURE_INVALID));
return CKR_SIGNATURE_INVALID;
@@ -1318,7 +1328,8 @@ CK_RV openssl_specific_rsa_pkcs_verify_recover(STDLL_TokData_t *tokdata,
return rc;
}
- rc = rsa_parse_block(out, modulus_bytes, out_data, out_data_len, PKCS_BT_1);
+ rc = rsa_parse_block(out, modulus_bytes, out_data, out_data_len, PKCS_BT_1,
+ NULL, 0);
if (rc == CKR_ENCRYPTED_DATA_INVALID) {
TRACE_ERROR("%s\n", ock_err(ERR_SIGNATURE_INVALID));
return CKR_SIGNATURE_INVALID;
@@ -4983,3 +4994,388 @@ done:
ctx->context = NULL;
return rv;
}
+
+static CK_RV calc_rsa_priv_exp(STDLL_TokData_t *tokdata, OBJECT *key_obj,
+ CK_BYTE *priv_exp, CK_ULONG priv_exp_len)
+{
+ CK_ATTRIBUTE *modulus = NULL, *pub_exp = NULL;
+ CK_ATTRIBUTE *prime1 = NULL, *prime2 = NULL;
+ BN_CTX *bn_ctx;
+ BIGNUM *n, *e, *p, *q, *d;
+ CK_RV rc;
+
+ UNUSED(tokdata);
+
+ bn_ctx = BN_CTX_secure_new();
+ if (bn_ctx == NULL) {
+ TRACE_ERROR("BN_CTX_secure_new failed\n");
+ return CKR_FUNCTION_FAILED;
+ }
+
+ /* Get modulus a BIGNUM */
+ rc = template_attribute_get_non_empty(key_obj->template, CKA_MODULUS,
+ &modulus);
+ if (rc != CKR_OK) {
+ TRACE_ERROR("Failed to get CKA_MODULUS\n");
+ goto done;
+ }
+
+ n = BN_CTX_get(bn_ctx);
+ if (n == NULL ||
+ BN_bin2bn(modulus->pValue, modulus->ulValueLen, n) == NULL) {
+ TRACE_ERROR("BN_CTX_get/BN_bin2bn failed for modulus\n");
+ rc = CKR_FUNCTION_FAILED;
+ goto done;
+ }
+ BN_set_flags(n, BN_FLG_CONSTTIME);
+
+ /* Get public exponent a BIGNUM */
+ rc = template_attribute_get_non_empty(key_obj->template,
+ CKA_PUBLIC_EXPONENT, &pub_exp);
+ if (rc != CKR_OK) {
+ TRACE_ERROR("Failed to get CKA_PUBLIC_EXPONENT\n");
+ goto done;
+ }
+
+ e = BN_CTX_get(bn_ctx);
+ if (e == NULL ||
+ BN_bin2bn(pub_exp->pValue, pub_exp->ulValueLen, e) == NULL) {
+ TRACE_ERROR("BN_CTX_get/BN_bin2bn failed for public exponent\n");
+ rc = CKR_FUNCTION_FAILED;
+ goto done;
+ }
+ BN_set_flags(e, BN_FLG_CONSTTIME);
+
+ /* Get prime1 a BIGNUM */
+ rc = template_attribute_get_non_empty(key_obj->template, CKA_PRIME_1,
+ &prime1);
+ if (rc != CKR_OK) {
+ TRACE_ERROR("Failed to get CKA_PRIME_1\n");
+ goto done;
+ }
+
+ p = BN_CTX_get(bn_ctx);
+ if (p == NULL ||
+ BN_bin2bn(prime1->pValue, prime1->ulValueLen, p) == NULL) {
+ TRACE_ERROR("BN_CTX_get/BN_bin2bn failed for prime1\n");
+ rc = CKR_FUNCTION_FAILED;
+ goto done;
+ }
+ BN_set_flags(p, BN_FLG_CONSTTIME);
+
+ /* Get prime2 a BIGNUM */
+ rc = template_attribute_get_non_empty(key_obj->template, CKA_PRIME_2,
+ &prime2);
+ if (rc != CKR_OK) {
+ TRACE_ERROR("Failed to get CKA_PRIME_2\n");
+ goto done;
+ }
+
+ q = BN_CTX_get(bn_ctx);
+ if (q == NULL ||
+ BN_bin2bn(prime2->pValue, prime2->ulValueLen, q) == NULL) {
+ TRACE_ERROR("BN_CTX_get/BN_bin2bn failed for prime2\n");
+ rc = CKR_FUNCTION_FAILED;
+ goto done;
+ }
+ BN_set_flags(q, BN_FLG_CONSTTIME);
+
+ d = BN_CTX_get(bn_ctx);
+ if (d == NULL) {
+ TRACE_ERROR("BN_CTX_get failed to get d\n");
+ rc = CKR_FUNCTION_FAILED;
+ goto done;
+ }
+ BN_set_flags(d, BN_FLG_CONSTTIME);
+
+ /*
+ * phi(n) = (p - 1 )(q - 1) = n - p - q + 1
+ * d = e ^{-1} mod phi(n).
+ */
+ if (BN_copy(d, n) == NULL ||
+ BN_sub(d, d, p) == 0 ||
+ BN_sub(d, d, q) == 0 ||
+ BN_add_word(d, 1) == 0 ||
+ BN_mod_inverse(d, e, d, bn_ctx) == NULL) {
+ TRACE_ERROR("Failed to calculate private key part d\n");
+ rc = CKR_FUNCTION_FAILED;
+ goto done;
+ }
+
+ if (BN_bn2binpad(d, priv_exp, priv_exp_len) <= 0) {
+ TRACE_ERROR("BN_bn2binpad failed\n");
+ rc = CKR_FUNCTION_FAILED;
+ goto done;
+ }
+
+done:
+ BN_CTX_free(bn_ctx);
+
+ return rc;
+}
+
+CK_RV openssl_specific_rsa_derive_kdk(STDLL_TokData_t *tokdata, OBJECT *key_obj,
+ const CK_BYTE *in, CK_ULONG inlen,
+ CK_BYTE *kdk, CK_ULONG kdklen)
+{
+ CK_ATTRIBUTE *priv_exp_attr = NULL, *modulus = NULL;
+ CK_BYTE *priv_exp = NULL, *buf = NULL;
+ EVP_PKEY *pkey = NULL;
+ EVP_MD_CTX *mdctx = NULL;
+ const EVP_MD *md = NULL;
+ size_t md_len;
+ unsigned char d_hash[SHA256_HASH_SIZE] = { 0 };
+ CK_RV rc;
+
+ /*
+ * The implementation of this function is copied from OpenSSL's function
+ * derive_kdk() in crypto/rsa/rsa_ossl.c and is slightly modified to fit to
+ * the OpenCryptoki environment.
+ * Changes include:
+ * - Different variable and define names.
+ * - Usage of TRACE_ERROR to report errors and issue debug messages.
+ * - Different return codes.
+ * - Different code to get the private key component 'd'.
+ * - Use of the EVP APIs instead of the internal APIs for Digest and HMAC
+ * operations.
+ */
+
+ if (kdklen != SHA256_HASH_SIZE) {
+ TRACE_ERROR("KDK length is wrong\n");
+ return CKR_ARGUMENTS_BAD;
+ }
+
+ rc = template_attribute_get_non_empty(key_obj->template, CKA_MODULUS,
+ &modulus);
+ if (rc != CKR_OK) {
+ TRACE_ERROR("Failed to get CKA_MODULUS\n");
+ return rc;
+ }
+
+ buf = calloc(1, modulus->ulValueLen);
+ if (buf == NULL) {
+ TRACE_ERROR("Failed to allocate a buffer for private exponent\n");
+ return CKR_HOST_MEMORY;
+ }
+
+ rc = template_attribute_get_non_empty(key_obj->template,
+ CKA_PRIVATE_EXPONENT, &priv_exp_attr);
+ if (rc != CKR_OK && rc != CKR_TEMPLATE_INCOMPLETE) {
+ TRACE_ERROR("Failed to get CKA_PRIVATE_EXPONENT\n");
+ goto out;
+ }
+
+ if (priv_exp_attr == NULL) {
+ rc = calc_rsa_priv_exp(tokdata, key_obj, buf, modulus->ulValueLen);
+ if (rc != CKR_OK) {
+ TRACE_ERROR("calc_rsa_priv_exp failed\n");
+ goto out;
+ }
+ priv_exp = buf;
+ } else {
+ if (priv_exp_attr->ulValueLen < modulus->ulValueLen) {
+ memcpy(buf + modulus->ulValueLen - priv_exp_attr->ulValueLen,
+ priv_exp_attr->pValue, priv_exp_attr->ulValueLen);
+ priv_exp = buf;
+ } else {
+ priv_exp = (CK_BYTE *)priv_exp_attr->pValue +
+ priv_exp_attr->ulValueLen - modulus->ulValueLen;
+ }
+ }
+
+ /*
+ * we use hardcoded hash so that migrating between versions that use
+ * different hash doesn't provide a Bleichenbacher oracle:
+ * if the attacker can see that different versions return different
+ * messages for the same ciphertext, they'll know that the message is
+ * synthetically generated, which means that the padding check failed
+ */
+ md = EVP_sha256();
+ if (md == NULL) {
+ TRACE_ERROR("EVP_sha256 failed\n");
+ rc = CKR_FUNCTION_FAILED;
+ goto out;
+ }
+
+ if (EVP_Digest(priv_exp, modulus->ulValueLen, d_hash, NULL,
+ md, NULL) <= 0) {
+ TRACE_ERROR("EVP_Digest failed\n");
+ rc = CKR_FUNCTION_FAILED;
+ goto out;
+ }
+
+ pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, d_hash, sizeof(d_hash));
+ if (pkey == NULL) {
+ TRACE_ERROR("EVP_PKEY_new_mac_key() failed.\n");
+ rc = CKR_FUNCTION_FAILED;
+ goto out;
+ }
+
+ mdctx = EVP_MD_CTX_create();
+ if (mdctx == NULL) {
+ TRACE_ERROR("EVP_MD_CTX_create() failed.\n");
+ rc = CKR_FUNCTION_FAILED;
+ goto out;
+ }
+
+ if (EVP_DigestSignInit(mdctx, NULL, md, NULL, pkey) != 1) {
+ TRACE_ERROR("EVP_DigestSignInit failed\n");
+ rc = CKR_FUNCTION_FAILED;
+ goto out;
+ }
+
+ if (inlen < modulus->ulValueLen) {
+ memset(buf, 0, modulus->ulValueLen - inlen);
+ if (EVP_DigestSignUpdate(mdctx, buf, modulus->ulValueLen - inlen)!= 1) {
+ TRACE_ERROR("EVP_DigestSignUpdate failed\n");
+ rc = CKR_FUNCTION_FAILED;
+ goto out;
+ }
+ }
+ if (EVP_DigestSignUpdate(mdctx, in, inlen) != 1) {
+ TRACE_ERROR("EVP_DigestSignUpdate failed\n");
+ rc = CKR_FUNCTION_FAILED;
+ goto out;
+ }
+
+ md_len = kdklen;
+ if (EVP_DigestSignFinal(mdctx, kdk, &md_len) != 1 ||
+ md_len != kdklen) {
+ TRACE_ERROR("EVP_DigestSignFinal failed\n");
+ rc = CKR_FUNCTION_FAILED;
+ goto out;
+ }
+
+ rc = CKR_OK;
+
+out:
+ if (buf != NULL)
+ free(buf);
+ if (pkey != NULL)
+ EVP_PKEY_free(pkey);
+ if (mdctx != NULL)
+ EVP_MD_CTX_free(mdctx);
+
+ return rc;
+}
+
+CK_RV openssl_specific_rsa_prf(CK_BYTE *out, CK_ULONG outlen,
+ const char *label, CK_ULONG labellen,
+ const CK_BYTE *kdk, CK_ULONG kdklen,
+ uint16_t bitlen)
+{
+ CK_RV rc;
+ CK_ULONG pos;
+ uint16_t iter = 0;
+ unsigned char be_iter[sizeof(iter)];
+ unsigned char be_bitlen[sizeof(bitlen)];
+ EVP_PKEY *pkey = NULL;
+ EVP_MD_CTX *mdctx = NULL;
+ unsigned char hmac_out[SHA256_HASH_SIZE];
+ size_t md_len;
+
+ /*
+ * The implementation of this function is copied from OpenSSL's function
+ * ossl_rsa_prf() in crypto/rsa/rsapk1.c and is slightly modified to fit to
+ * the providers environment.
+ * Changes include:
+ * - Different variable and define names.
+ * - Usage of TRACE_ERROR report errors and issue debug messages.
+ * - Different return codes.
+ * - Use of the EVP API instead of the internal APIs for HMAC operations.
+ */
+
+ if (kdklen != SHA256_HASH_SIZE) {
+ TRACE_ERROR("invalid kdklen\n");
+ return CKR_ARGUMENTS_BAD;
+ }
+ if (outlen * 8 != bitlen) {
+ TRACE_ERROR("invalid outlen\n");
+ return CKR_ARGUMENTS_BAD;
+ }
+
+ be_bitlen[0] = (bitlen >> 8) & 0xff;
+ be_bitlen[1] = bitlen & 0xff;
+
+ pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, kdk, kdklen);
+ if (pkey == NULL) {
+ TRACE_ERROR("EVP_PKEY_new_mac_key() failed.\n");
+ rc = CKR_FUNCTION_FAILED;
+ goto out;
+ }
+
+ mdctx = EVP_MD_CTX_create();
+ if (mdctx == NULL) {
+ TRACE_ERROR("EVP_MD_CTX_create() failed.\n");
+ rc = CKR_FUNCTION_FAILED;
+ goto out;
+ }
+
+ /*
+ * we use hardcoded hash so that migrating between versions that use
+ * different hash doesn't provide a Bleichenbacher oracle:
+ * if the attacker can see that different versions return different
+ * messages for the same ciphertext, they'll know that the message is
+ * synthetically generated, which means that the padding check failed
+ */
+ for (pos = 0; pos < outlen; pos += SHA256_HASH_SIZE, iter++) {
+ if (EVP_DigestSignInit(mdctx, NULL, EVP_sha256(), NULL, pkey) != 1) {
+ TRACE_ERROR("EVP_DigestSignInit failed\n");
+ rc = CKR_FUNCTION_FAILED;
+ goto out;
+ }
+
+ be_iter[0] = (iter >> 8) & 0xff;
+ be_iter[1] = iter & 0xff;
+
+ if (EVP_DigestSignUpdate(mdctx, be_iter, sizeof(be_iter)) != 1) {
+ TRACE_ERROR("EVP_DigestSignUpdate failed\n");
+ rc = CKR_FUNCTION_FAILED;
+ goto out;
+ }
+ if (EVP_DigestSignUpdate(mdctx, (unsigned char *)label, labellen) != 1) {
+ TRACE_ERROR("EVP_DigestSignUpdate failed\n");
+ rc = CKR_FUNCTION_FAILED;
+ goto out;
+ }
+ if (EVP_DigestSignUpdate(mdctx, be_bitlen, sizeof(be_bitlen)) != 1) {
+ TRACE_ERROR("EVP_DigestSignUpdate failed\n");
+ rc = CKR_FUNCTION_FAILED;
+ goto out;
+ }
+
+ /*
+ * HMAC_Final requires the output buffer to fit the whole MAC
+ * value, so we need to use the intermediate buffer for the last
+ * unaligned block
+ */
+ md_len = SHA256_HASH_SIZE;
+ if (pos + SHA256_HASH_SIZE > outlen) {
+ md_len = sizeof(hmac_out);
+ if (EVP_DigestSignFinal(mdctx, hmac_out, &md_len) != 1) {
+ TRACE_ERROR("EVP_DigestSignFinal failed\n");
+ rc = CKR_FUNCTION_FAILED;
+ goto out;
+ }
+ memcpy(out + pos, hmac_out, outlen - pos);
+ } else {
+ md_len = outlen - pos;
+ if (EVP_DigestSignFinal(mdctx, out + pos, &md_len) != 1) {
+ TRACE_ERROR("EVP_DigestSignFinal failed\n");
+ rc = CKR_FUNCTION_FAILED;
+ goto out;
+ }
+ }
+ }
+
+ rc = CKR_OK;
+
+out:
+ if (pkey != NULL)
+ EVP_PKEY_free(pkey);
+ if (mdctx != NULL)
+ EVP_MD_CTX_free(mdctx);
+
+ return rc;
+}
+
diff --git a/usr/lib/common/mech_rsa.c b/usr/lib/common/mech_rsa.c
index 7bab1a84..7dc9589a 100644
--- a/usr/lib/common/mech_rsa.c
+++ b/usr/lib/common/mech_rsa.c
@@ -289,21 +289,34 @@ static CK_RV rsa_parse_block_type_1(CK_BYTE *in_data,
return rc;
}
+#define MAX_LEN_GEN_TRIES 128
+
static CK_RV rsa_parse_block_type_2(CK_BYTE *in_data,
CK_ULONG in_data_len,
CK_BYTE *out_data,
- CK_ULONG *out_data_len)
+ CK_ULONG *out_data_len,
+ CK_BYTE *kdk, CK_ULONG kdklen)
{
- int i;
- unsigned char *em = NULL;
- unsigned int good, found_zero_byte, mask, equals0;
- int zero_index = 0, msg_index, mlen = -1;
- int out_len = *out_data_len;
- int rsa_size = in_data_len;
+ unsigned int good = 0, found_zero_byte, equals0;
+ size_t zero_index = 0, msg_index;
+ unsigned char *synthetic = NULL;
+ int synthetic_length;
+ uint16_t len_candidate;
+ unsigned char candidate_lengths[MAX_LEN_GEN_TRIES * sizeof(len_candidate)];
+ uint16_t len_mask;
+ uint16_t max_sep_offset;
+ int synth_msg_index = 0;
+ size_t i, j;
+ CK_RV rc;
+
+ if (kdk == NULL || kdklen == 0) {
+ TRACE_DEVEL("%s\n", ock_err(ERR_ARGUMENTS_BAD));
+ return CKR_ARGUMENTS_BAD;
+ }
/*
* The implementation of this function is copied from OpenSSL's function
- * RSA_padding_check_PKCS1_type_2() in crypto/rsa/rsa_pk1.c
+ * ossl_rsa_padding_check_PKCS1_type_2() in crypto/rsa/rsa_pk1.c
* and is slightly modified to fit to the OpenCryptoki environment.
*
* The OpenSSL code is licensed under the Apache License 2.0.
@@ -328,27 +341,67 @@ static CK_RV rsa_parse_block_type_2(CK_BYTE *in_data,
* PKCS#1 v1.5 decryption. See "PKCS #1 v2.2: RSA Cryptography Standard",
* section 7.2.2.
*/
- if (rsa_size < RSA_PKCS1_PADDING_SIZE) {
+ if (in_data_len < RSA_PKCS1_PADDING_SIZE) {
TRACE_DEVEL("%s\n", ock_err(ERR_FUNCTION_FAILED));
return CKR_FUNCTION_FAILED;
}
- em = malloc(rsa_size);
- if (em == NULL) {
- TRACE_DEVEL("%s\n", ock_err(ERR_HOST_MEMORY));
+ /* Generate a random message to return in case the padding checks fail. */
+ synthetic = calloc(1, in_data_len);
+ if (synthetic == NULL) {
+ TRACE_ERROR("Failed to allocate synthetic buffer");
return CKR_HOST_MEMORY;
}
- /* in_data_len is always equal to rsa_size */
- memcpy(em, in_data, rsa_size);
+ rc = openssl_specific_rsa_prf(synthetic, in_data_len, "message", 7,
+ kdk, kdklen, in_data_len * 8);
+ if (rc != CKR_OK)
+ goto out;
+
+ /* decide how long the random message should be */
+ rc = openssl_specific_rsa_prf(candidate_lengths,
+ sizeof(candidate_lengths),
+ "length", 6, kdk, kdklen,
+ MAX_LEN_GEN_TRIES *
+ sizeof(len_candidate) * 8);
+ if (rc != CKR_OK)
+ goto out;
- good = constant_time_is_zero(em[0]);
- good &= constant_time_eq(em[1], 2);
+ /*
+ * max message size is the size of the modulus size minus 2 bytes for
+ * version and padding type and a minimum of 8 bytes padding
+ */
+ len_mask = max_sep_offset = in_data_len - 2 - 8;
+ /*
+ * we want a mask so let's propagate the high bit to all positions less
+ * significant than it
+ */
+ len_mask |= len_mask >> 1;
+ len_mask |= len_mask >> 2;
+ len_mask |= len_mask >> 4;
+ len_mask |= len_mask >> 8;
+
+ synthetic_length = 0;
+ for (i = 0; i < MAX_LEN_GEN_TRIES * (int)sizeof(len_candidate);
+ i += sizeof(len_candidate)) {
+ len_candidate = (candidate_lengths[i] << 8) |
+ candidate_lengths[i + 1];
+ len_candidate &= len_mask;
+
+ synthetic_length = constant_time_select_int(
+ constant_time_lt(len_candidate, max_sep_offset),
+ len_candidate, synthetic_length);
+ }
+
+ synth_msg_index = in_data_len - synthetic_length;
+
+ good = constant_time_is_zero(in_data[0]);
+ good &= constant_time_eq(in_data[1], 2);
/* scan over padding data */
found_zero_byte = 0;
- for (i = 2; i < rsa_size; i++) {
- equals0 = constant_time_is_zero(em[i]);
+ for (i = 2; i < in_data_len; i++) {
+ equals0 = constant_time_is_zero(in_data[i]);
zero_index = constant_time_select_int(~found_zero_byte & equals0,
i, zero_index);
@@ -356,7 +409,7 @@ static CK_RV rsa_parse_block_type_2(CK_BYTE *in_data,
}
/*
- * PS must be at least 8 bytes long, and it starts two bytes into |em|.
+ * PS must be at least 8 bytes long, and it starts two bytes into |in_data|.
* If we never found a 0-byte, then |zero_index| is 0 and the check
* also fails.
*/
@@ -367,53 +420,41 @@ static CK_RV rsa_parse_block_type_2(CK_BYTE *in_data,
* but in this case we also do not copy the message out.
*/
msg_index = zero_index + 1;
- mlen = rsa_size - msg_index;
/*
- * For good measure, do this check in constant time as well.
+ * old code returned an error in case the decrypted message wouldn't fit
+ * into the |out_data|, since that would leak information, return the
+ * synthetic message instead
*/
- good &= constant_time_ge(out_len, mlen);
+ good &= constant_time_ge(*out_data_len, in_data_len - msg_index);
+
+ msg_index = constant_time_select_int(good, msg_index, synth_msg_index);
/*
- * Move the result in-place by |rsa_size|-RSA_PKCS1_PADDING_SIZE-|mlen|
- * bytes to the left.
- * Then if |good| move |mlen| bytes from |em|+RSA_PKCS1_PADDING_SIZE to
- * |out_data|. Otherwise leave |out_data| unchanged.
- * Copy the memory back in a way that does not reveal the size of
- * the data being copied via a timing side channel. This requires copying
- * parts of the buffer multiple times based on the bits set in the real
- * length. Clear bits do a non-copy with identical access pattern.
- * The loop below has overall complexity of O(N*log(N)).
+ * since at this point the |msg_index| does not provide the signal
+ * indicating if the padding check failed or not, we don't have to worry
+ * about leaking the length of returned message, we still need to ensure
+ * that we read contents of both buffers so that cache accesses don't leak
+ * the value of |good|
*/
- out_len = constant_time_select_int(
- constant_time_lt(rsa_size - RSA_PKCS1_PADDING_SIZE, out_len),
- rsa_size - RSA_PKCS1_PADDING_SIZE,
- out_len);
- for (msg_index = 1; msg_index < rsa_size - RSA_PKCS1_PADDING_SIZE;
- msg_index <<= 1) {
- mask = ~constant_time_eq(
- msg_index & (rsa_size - RSA_PKCS1_PADDING_SIZE - mlen), 0);
- for (i = RSA_PKCS1_PADDING_SIZE; i < rsa_size - msg_index; i++)
- em[i] = constant_time_select_8(mask, em[i + msg_index], em[i]);
- }
- for (i = 0; i < out_len; i++) {
- mask = good & constant_time_lt(i, mlen);
- out_data[i] = constant_time_select_8(
- mask, em[i + RSA_PKCS1_PADDING_SIZE], out_data[i]);
- }
+ for (i = msg_index, j = 0; i < in_data_len && j < *out_data_len;
+ i++, j++)
+ out_data[j] = constant_time_select_8(good, in_data[i], synthetic[i]);
- OPENSSL_cleanse(em, rsa_size);
- free(em);
+ *out_data_len = j;
- *out_data_len = constant_time_select_int(good, mlen, 0);
+out:
+ if (synthetic != NULL)
+ free(synthetic);
- return constant_time_select_int(good, CKR_OK, CKR_ENCRYPTED_DATA_INVALID);
+ return rc;
}
CK_RV rsa_parse_block(CK_BYTE *in_data,
CK_ULONG in_data_len,
CK_BYTE *out_data,
- CK_ULONG *out_data_len, CK_ULONG type)
+ CK_ULONG *out_data_len, CK_ULONG type,
+ CK_BYTE *kdk, CK_ULONG kdklen)
{
switch (type) {
case PKCS_BT_1:
@@ -421,7 +462,7 @@ CK_RV rsa_parse_block(CK_BYTE *in_data,
out_data, out_data_len);
case PKCS_BT_2:
return rsa_parse_block_type_2(in_data, in_data_len,
- out_data, out_data_len);
+ out_data, out_data_len, kdk, kdklen);
}
return CKR_ARGUMENTS_BAD;

387
SOURCES/opencryptoki-CVE-2024-0914-part3.patch
View File

@ -1,387 +0,0 @@
commit e2b496f58a84c2f537667655fe08a0d4923f0c70
Author: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Fri Jan 12 09:36:27 2024 +0100
Constant time fixes for C_Decrypt return code handling
Return code handling of C_Decrypt, C_DecryptUpdate, and C_DecryptFinal must
be performed in a constant time manner for RSA mechanisms. Otherwise it
may cause a timing side channel that may be used to perform a Bleichenbacher
style attack.
Handling of error situations with CKR_BUFFER_TOO_SMALL or size-query calls,
where the output buffer is NULL and the required size of the output buffer
is to be returned, do not need to be performed in constant time, since
these cases are shortcut anyway, and the result is only dependent on the
modulus size of the RSA key (which is public information anyway).
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
diff --git a/usr/lib/common/new_host.c b/usr/lib/common/new_host.c
index 8a1e8723..bbb0f601 100644
--- a/usr/lib/common/new_host.c
+++ b/usr/lib/common/new_host.c
@@ -47,6 +47,7 @@
#include "trace.h"
#include "slotmgr.h"
#include "attributes.h"
+#include "constant_time.h"
#include "../api/apiproto.h"
#include "../api/policy.h"
@@ -2345,6 +2346,7 @@ CK_RV SC_Decrypt(STDLL_TokData_t *tokdata, ST_SESSION_HANDLE *sSession,
SESSION *sess = NULL;
CK_BBOOL length_only = FALSE;
CK_RV rc = CKR_OK;
+ unsigned int mask;
if (tokdata->initialized == FALSE) {
TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
@@ -2377,11 +2379,19 @@ CK_RV SC_Decrypt(STDLL_TokData_t *tokdata, ST_SESSION_HANDLE *sSession,
rc = decr_mgr_decrypt(tokdata, sess, length_only, &sess->decr_ctx,
pEncryptedData, ulEncryptedDataLen, pData,
pulDataLen);
- if (!is_rsa_mechanism(sess->decr_ctx.mech.mechanism) && rc != CKR_OK)
+ /* (!is_rsa_mechanism(sess->decr_ctx.mech.mechanism) && rc != CKR_OK) */
+ mask = ~constant_time_is_zero(
+ is_rsa_mechanism(sess->decr_ctx.mech.mechanism));
+ mask &= ~constant_time_eq(rc, CKR_OK);
+ if (mask)
TRACE_DEVEL("decr_mgr_decrypt() failed.\n");
done:
- if (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE)) {
+ /* (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE)) */
+ mask = ~constant_time_eq(rc, CKR_OK);
+ mask |= constant_time_is_zero(length_only);
+ mask &= ~constant_time_eq(rc, CKR_BUFFER_TOO_SMALL);
+ if (mask) {
if (sess)
decr_mgr_cleanup(tokdata, sess, &sess->decr_ctx);
}
@@ -2404,6 +2414,7 @@ CK_RV SC_DecryptUpdate(STDLL_TokData_t *tokdata, ST_SESSION_HANDLE *sSession,
SESSION *sess = NULL;
CK_BBOOL length_only = FALSE;
CK_RV rc = CKR_OK;
+ unsigned int mask;
if (tokdata->initialized == FALSE) {
TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
@@ -2436,11 +2447,18 @@ CK_RV SC_DecryptUpdate(STDLL_TokData_t *tokdata, ST_SESSION_HANDLE *sSession,
rc = decr_mgr_decrypt_update(tokdata, sess, length_only,
&sess->decr_ctx, pEncryptedPart,
ulEncryptedPartLen, pPart, pulPartLen);
- if (!is_rsa_mechanism(sess->decr_ctx.mech.mechanism) && rc != CKR_OK)
+ /* (!is_rsa_mechanism(sess->decr_ctx.mech.mechanism) && rc != CKR_OK) */
+ mask = ~constant_time_is_zero(
+ is_rsa_mechanism(sess->decr_ctx.mech.mechanism));
+ mask &= ~constant_time_eq(rc, CKR_OK);
+ if (mask)
TRACE_DEVEL("decr_mgr_decrypt_update() failed.\n");
done:
- if (rc != CKR_OK && rc != CKR_BUFFER_TOO_SMALL && sess != NULL) {
+ /* (rc != CKR_OK && rc != CKR_BUFFER_TOO_SMALL */
+ mask = ~constant_time_eq(rc, CKR_OK);
+ mask &= ~constant_time_eq(rc, CKR_BUFFER_TOO_SMALL);
+ if (mask) {
if (sess)
decr_mgr_cleanup(tokdata, sess, &sess->decr_ctx);
}
@@ -2462,6 +2480,7 @@ CK_RV SC_DecryptFinal(STDLL_TokData_t *tokdata, ST_SESSION_HANDLE *sSession,
SESSION *sess = NULL;
CK_BBOOL length_only = FALSE;
CK_RV rc = CKR_OK;
+ unsigned int mask;
if (tokdata->initialized == FALSE) {
TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
@@ -2493,11 +2512,19 @@ CK_RV SC_DecryptFinal(STDLL_TokData_t *tokdata, ST_SESSION_HANDLE *sSession,
rc = decr_mgr_decrypt_final(tokdata, sess, length_only, &sess->decr_ctx,
pLastPart, pulLastPartLen);
- if (!is_rsa_mechanism(sess->decr_ctx.mech.mechanism) && rc != CKR_OK)
+ /* (!is_rsa_mechanism(sess->decr_ctx.mech.mechanism) && rc != CKR_OK) */
+ mask = ~constant_time_is_zero(
+ is_rsa_mechanism(sess->decr_ctx.mech.mechanism));
+ mask &= ~constant_time_eq(rc, CKR_OK);
+ if (mask)
TRACE_DEVEL("decr_mgr_decrypt_final() failed.\n");
done:
- if (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE)) {
+ /* (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE)) */
+ mask = ~constant_time_eq(rc, CKR_OK);
+ mask |= constant_time_is_zero(length_only);
+ mask &= ~constant_time_eq(rc, CKR_BUFFER_TOO_SMALL);
+ if (mask) {
if (sess)
decr_mgr_cleanup(tokdata, sess, &sess->decr_ctx);
}
diff --git a/usr/lib/ep11_stdll/ep11_specific.c b/usr/lib/ep11_stdll/ep11_specific.c
index 073b349f..6d08b95e 100644
--- a/usr/lib/ep11_stdll/ep11_specific.c
+++ b/usr/lib/ep11_stdll/ep11_specific.c
@@ -9552,10 +9552,12 @@ CK_RV ep11tok_decrypt_final(STDLL_TokData_t * tokdata, SESSION * session,
rc = constant_time_select(constant_time_eq(rc, CKR_OK),
ep11_error_to_pkcs11_error(rc, session),
rc);
- if (rc != CKR_OK) {
- TRACE_ERROR("%s rc=0x%lx\n", __func__, rc);
- } else {
- TRACE_INFO("%s rc=0x%lx\n", __func__, rc);
+ if (!is_rsa_mechanism(ctx->mech.mechanism)) {
+ if (rc != CKR_OK) {
+ TRACE_ERROR("%s rc=0x%lx\n", __func__, rc);
+ } else {
+ TRACE_INFO("%s rc=0x%lx\n", __func__, rc);
+ }
}
done:
@@ -9611,10 +9613,12 @@ CK_RV ep11tok_decrypt(STDLL_TokData_t * tokdata, SESSION * session,
rc = constant_time_select(constant_time_eq(rc, CKR_OK),
ep11_error_to_pkcs11_error(rc, session),
rc);
- if (rc != CKR_OK) {
- TRACE_ERROR("%s rc=0x%lx\n", __func__, rc);
- } else {
- TRACE_INFO("%s rc=0x%lx\n", __func__, rc);
+ if (!is_rsa_mechanism(ctx->mech.mechanism)) {
+ if (rc != CKR_OK) {
+ TRACE_ERROR("%s rc=0x%lx\n", __func__, rc);
+ } else {
+ TRACE_INFO("%s rc=0x%lx\n", __func__, rc);
+ }
}
done:
@@ -9676,10 +9680,12 @@ CK_RV ep11tok_decrypt_update(STDLL_TokData_t * tokdata, SESSION * session,
rc = constant_time_select(constant_time_eq(rc, CKR_OK),
ep11_error_to_pkcs11_error(rc, session),
rc);
- if (rc != CKR_OK) {
- TRACE_ERROR("%s rc=0x%lx\n", __func__, rc);
- } else {
- TRACE_INFO("%s rc=0x%lx\n", __func__, rc);
+ if (!is_rsa_mechanism(ctx->mech.mechanism)) {
+ if (rc != CKR_OK) {
+ TRACE_ERROR("%s rc=0x%lx\n", __func__, rc);
+ } else {
+ TRACE_INFO("%s rc=0x%lx\n", __func__, rc);
+ }
}
done:
diff --git a/usr/lib/ep11_stdll/new_host.c b/usr/lib/ep11_stdll/new_host.c
index 55e34c18..299a1d3c 100644
--- a/usr/lib/ep11_stdll/new_host.c
+++ b/usr/lib/ep11_stdll/new_host.c
@@ -38,6 +38,7 @@
#include "slotmgr.h"
#include "attributes.h"
#include "ep11_specific.h"
+#include "constant_time.h"
#include "../api/apiproto.h"
#include "../api/policy.h"
@@ -2466,6 +2467,7 @@ CK_RV SC_Decrypt(STDLL_TokData_t *tokdata, ST_SESSION_HANDLE *sSession,
SESSION *sess = NULL;
CK_BBOOL length_only = FALSE;
CK_RV rc = CKR_OK;
+ unsigned int mask;
if (tokdata->initialized == FALSE) {
TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
@@ -2513,17 +2515,29 @@ CK_RV SC_Decrypt(STDLL_TokData_t *tokdata, ST_SESSION_HANDLE *sSession,
length_only, sess->decr_ctx.key,
pEncryptedData, ulEncryptedDataLen,
pData, pulDataLen);
- if (!is_rsa_mechanism(sess->decr_ctx.mech.mechanism) && rc != CKR_OK)
+ /* (!is_rsa_mechanism(sess->decr_ctx.mech.mechanism) && rc != CKR_OK) */
+ mask = ~constant_time_is_zero(
+ is_rsa_mechanism(sess->decr_ctx.mech.mechanism));
+ mask &= ~constant_time_eq(rc, CKR_OK);
+ if (mask)
TRACE_DEVEL("ep11tok_decrypt_single() failed.\n");
} else {
rc = ep11tok_decrypt(tokdata, sess, pEncryptedData, ulEncryptedDataLen,
pData, pulDataLen);
- if (!is_rsa_mechanism(sess->decr_ctx.mech.mechanism) && rc != CKR_OK)
+ /* (!is_rsa_mechanism(sess->decr_ctx.mech.mechanism) && rc != CKR_OK) */
+ mask = ~constant_time_is_zero(
+ is_rsa_mechanism(sess->decr_ctx.mech.mechanism));
+ mask &= ~constant_time_eq(rc, CKR_OK);
+ if (mask)
TRACE_DEVEL("ep11tok_decrypt() failed.\n");
}
done:
- if (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE)) {
+ /* (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE)) */
+ mask = ~constant_time_eq(rc, CKR_OK);
+ mask |= constant_time_is_zero(length_only);
+ mask &= ~constant_time_eq(rc, CKR_BUFFER_TOO_SMALL);
+ if (mask) {
if (sess)
decr_mgr_cleanup(tokdata, sess, &sess->decr_ctx);
}
@@ -2545,6 +2559,7 @@ CK_RV SC_DecryptUpdate(STDLL_TokData_t *tokdata, ST_SESSION_HANDLE *sSession,
{
SESSION *sess = NULL;
CK_RV rc = CKR_OK;
+ unsigned int mask;
if (tokdata->initialized == FALSE) {
TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
@@ -2596,11 +2611,18 @@ CK_RV SC_DecryptUpdate(STDLL_TokData_t *tokdata, ST_SESSION_HANDLE *sSession,
rc = ep11tok_decrypt_update(tokdata, sess, pEncryptedPart,
ulEncryptedPartLen, pPart, pulPartLen);
- if (!is_rsa_mechanism(sess->decr_ctx.mech.mechanism) && rc != CKR_OK)
+ /* (!is_rsa_mechanism(sess->decr_ctx.mech.mechanism) && rc != CKR_OK) */
+ mask = ~constant_time_is_zero(
+ is_rsa_mechanism(sess->decr_ctx.mech.mechanism));
+ mask &= ~constant_time_eq(rc, CKR_OK);
+ if (mask)
TRACE_DEVEL("ep11tok_decrypt_update() failed.\n");
done:
- if (rc != CKR_OK && rc != CKR_BUFFER_TOO_SMALL && sess != NULL) {
+ /* (rc != CKR_OK && rc != CKR_BUFFER_TOO_SMALL */
+ mask = ~constant_time_eq(rc, CKR_OK);
+ mask &= ~constant_time_eq(rc, CKR_BUFFER_TOO_SMALL);
+ if (mask) {
if (sess)
decr_mgr_cleanup(tokdata, sess, &sess->decr_ctx);
}
@@ -2622,6 +2644,7 @@ CK_RV SC_DecryptFinal(STDLL_TokData_t *tokdata, ST_SESSION_HANDLE *sSession,
SESSION *sess = NULL;
CK_BBOOL length_only = FALSE;
CK_RV rc = CKR_OK;
+ unsigned int mask;
if (tokdata->initialized == FALSE) {
TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
@@ -2670,10 +2693,18 @@ CK_RV SC_DecryptFinal(STDLL_TokData_t *tokdata, ST_SESSION_HANDLE *sSession,
}
rc = ep11tok_decrypt_final(tokdata, sess, pLastPart, pulLastPartLen);
- if (!is_rsa_mechanism(sess->decr_ctx.mech.mechanism) && rc != CKR_OK)
+ /* (!is_rsa_mechanism(sess->decr_ctx.mech.mechanism) && rc != CKR_OK) */
+ mask = ~constant_time_is_zero(
+ is_rsa_mechanism(sess->decr_ctx.mech.mechanism));
+ mask &= ~constant_time_eq(rc, CKR_OK);
+ if (mask)
TRACE_DEVEL("ep11tok_decrypt_final() failed.\n");
done:
- if (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE)) {
+ /* (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE)) */
+ mask = ~constant_time_eq(rc, CKR_OK);
+ mask |= constant_time_is_zero(length_only);
+ mask &= ~constant_time_eq(rc, CKR_BUFFER_TOO_SMALL);
+ if (mask) {
if (sess)
decr_mgr_cleanup(tokdata, sess, &sess->decr_ctx);
}
diff --git a/usr/lib/icsf_stdll/new_host.c b/usr/lib/icsf_stdll/new_host.c
index 6c419750..d8064559 100644
--- a/usr/lib/icsf_stdll/new_host.c
+++ b/usr/lib/icsf_stdll/new_host.c
@@ -35,6 +35,8 @@
#include "slotmgr.h"
#include "attributes.h"
#include "icsf_specific.h"
+#include "constant_time.h"
+
#include "../api/apiproto.h"
#include "../api/policy.h"
@@ -1768,6 +1770,7 @@ CK_RV SC_Decrypt(STDLL_TokData_t *tokdata, ST_SESSION_HANDLE *sSession,
SESSION *sess = NULL;
CK_BBOOL length_only = FALSE;
CK_RV rc = CKR_OK;
+ unsigned int mask;
if (tokdata->initialized == FALSE) {
TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
@@ -1801,11 +1804,19 @@ CK_RV SC_Decrypt(STDLL_TokData_t *tokdata, ST_SESSION_HANDLE *sSession,
rc = icsftok_decrypt(tokdata, sess, pEncryptedData, ulEncryptedDataLen,
pData, pulDataLen);
- if (!is_rsa_mechanism(sess->decr_ctx.mech.mechanism) && rc != CKR_OK)
+ /* (!is_rsa_mechanism(sess->decr_ctx.mech.mechanism) && rc != CKR_OK) */
+ mask = ~constant_time_is_zero(
+ is_rsa_mechanism(sess->decr_ctx.mech.mechanism));
+ mask &= ~constant_time_eq(rc, CKR_OK);
+ if (mask)
TRACE_DEVEL("icsftok_decrypt() failed.\n");
done:
- if (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE)) {
+ /* (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE)) */
+ mask = ~constant_time_eq(rc, CKR_OK);
+ mask |= constant_time_is_zero(length_only);
+ mask &= ~constant_time_eq(rc, CKR_BUFFER_TOO_SMALL);
+ if (mask) {
if (sess)
decr_mgr_cleanup(tokdata, sess, &sess->decr_ctx);
}
@@ -1827,6 +1838,7 @@ CK_RV SC_DecryptUpdate(STDLL_TokData_t *tokdata, ST_SESSION_HANDLE *sSession,
{
SESSION *sess = NULL;
CK_RV rc = CKR_OK;
+ unsigned int mask;
if (tokdata->initialized == FALSE) {
TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
@@ -1857,11 +1869,18 @@ CK_RV SC_DecryptUpdate(STDLL_TokData_t *tokdata, ST_SESSION_HANDLE *sSession,
rc = icsftok_decrypt_update(tokdata, sess, pEncryptedPart,
ulEncryptedPartLen, pPart, pulPartLen);
- if (!is_rsa_mechanism(sess->decr_ctx.mech.mechanism) && rc != CKR_OK)
+ /* (!is_rsa_mechanism(sess->decr_ctx.mech.mechanism) && rc != CKR_OK) */
+ mask = ~constant_time_is_zero(
+ is_rsa_mechanism(sess->decr_ctx.mech.mechanism));
+ mask &= ~constant_time_eq(rc, CKR_OK);
+ if (mask)
TRACE_DEVEL("icsftok_decrypt_update() failed.\n");
done:
- if (rc != CKR_OK && rc != CKR_BUFFER_TOO_SMALL && sess != NULL) {
+ /* (rc != CKR_OK && rc != CKR_BUFFER_TOO_SMALL */
+ mask = ~constant_time_eq(rc, CKR_OK);
+ mask &= ~constant_time_eq(rc, CKR_BUFFER_TOO_SMALL);
+ if (mask) {
if (sess)
decr_mgr_cleanup(tokdata, sess, &sess->decr_ctx);
}
@@ -1883,6 +1902,7 @@ CK_RV SC_DecryptFinal(STDLL_TokData_t *tokdata, ST_SESSION_HANDLE *sSession,
SESSION *sess = NULL;
CK_BBOOL length_only = FALSE;
CK_RV rc = CKR_OK;
+ unsigned int mask;
if (tokdata->initialized == FALSE) {
TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
@@ -1915,10 +1935,18 @@ CK_RV SC_DecryptFinal(STDLL_TokData_t *tokdata, ST_SESSION_HANDLE *sSession,
length_only = TRUE;
rc = icsftok_decrypt_final(tokdata, sess, pLastPart, pulLastPartLen);
- if (!is_rsa_mechanism(sess->decr_ctx.mech.mechanism) && rc != CKR_OK)
+ /* (!is_rsa_mechanism(sess->decr_ctx.mech.mechanism) && rc != CKR_OK) */
+ mask = ~constant_time_is_zero(
+ is_rsa_mechanism(sess->decr_ctx.mech.mechanism));
+ mask &= ~constant_time_eq(rc, CKR_OK);
+ if (mask)
TRACE_DEVEL("icsftok_decrypt_final() failed.\n");
done:
- if (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE)) {
+ /* (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE)) */
+ mask = ~constant_time_eq(rc, CKR_OK);
+ mask |= constant_time_is_zero(length_only);
+ mask &= ~constant_time_eq(rc, CKR_BUFFER_TOO_SMALL);
+ if (mask) {
if (sess)
decr_mgr_cleanup(tokdata, sess, &sess->decr_ctx);
}

1013
SOURCES/opencryptoki-CVE-2024-0914-part4.patch
View File

File diff suppressed because it is too large Load Diff

31
SOURCES/opencryptoki-CVE-2024-0914-part5.patch
View File

@ -1,31 +0,0 @@
commit d756ba1ec270a289950e66398c7e8be59c4a594d
Author: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Fri Feb 9 14:07:34 2024 +0100
COMMON: Fix implicit rejection with RSA keys with empty CKA_PRIVATE_EXPONENT
An RSA key object that has no CKA_PRIVATE_EXPONENT may either don't have that
attribute at all, or may have an empty CKA_PRIVATE_EXPONENT attribute.
Both situations should be handed the same, and the private exponent of the
key needs to be calculated from the other key components.
Note that RSA key objects generated with a current soft or ICA token will
always have a valid CKA_PRIVATE_EXPONENT attribute, since this is provided
during key generation.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
diff --git a/usr/lib/common/mech_openssl.c b/usr/lib/common/mech_openssl.c
index da515289..14c82e2d 100644
--- a/usr/lib/common/mech_openssl.c
+++ b/usr/lib/common/mech_openssl.c
@@ -5160,7 +5160,8 @@ CK_RV openssl_specific_rsa_derive_kdk(STDLL_TokData_t *tokdata, OBJECT *key_obj,
rc = template_attribute_get_non_empty(key_obj->template,
CKA_PRIVATE_EXPONENT, &priv_exp_attr);
- if (rc != CKR_OK && rc != CKR_TEMPLATE_INCOMPLETE) {
+ if (rc != CKR_OK && rc != CKR_TEMPLATE_INCOMPLETE &&
+ rc != CKR_ATTRIBUTE_VALUE_INVALID) {
TRACE_ERROR("Failed to get CKA_PRIVATE_EXPONENT\n");
goto out;
}

12
SOURCES/opencryptoki-lockdir-image-mode.patch Normal file
View File

@ -0,0 +1,12 @@
diff -up opencryptoki-3.25.0/configure.ac.me opencryptoki-3.25.0/configure.ac
--- opencryptoki-3.25.0/configure.ac.me 2025-07-09 16:20:51.825293158 +0200
+++ opencryptoki-3.25.0/configure.ac 2025-07-09 16:23:42.416757050 +0200
@@ -322,7 +322,7 @@ case "${host_os}" in
esac
dnl Define custom variables
-lockdir=${localstatedir}/lock/opencryptoki
+lockdir=/run/lock/opencryptoki
logdir=${localstatedir}/log/opencryptoki
dnl runstatedir is only defined starting from autoconf 2.70

48
SOURCES/opencryptoki-openssl-3.5.x.patch Normal file
View File

@ -0,0 +1,48 @@
commit 8209874fc0ea78079aa21c386df0f385ee0e5dca
Author: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Wed Jul 9 09:09:32 2025 +0200
COMMON: Fix detection of EC curve not supported by OpenSSL
OpenSSL 3.5 recently changed the behavior in regards of error reporting
with EVP_PKEY_keygen(). When the EC curve is not supported it used to
return error EC_R_INVALID_CURVE as top most entry in the error stack.
Since commit https://github.com/openssl/openssl/commit/72351b0d18078170af270418b2d5e9fc579cb1af
this is no longer the case, instead a generic EVP_R_PROVIDER_KEYMGMT_FAILURE
error is now the top most entry, and EC_R_INVALID_CURVE is the second one.
Make the detection independent of the error reporting and check for the
curve already in curve_nid_from_params().
Closes: https://github.com/opencryptoki/opencryptoki/issues/877
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
diff --git a/usr/lib/common/mech_openssl.c b/usr/lib/common/mech_openssl.c
index f29b4946..e1bb6b83 100644
--- a/usr/lib/common/mech_openssl.c
+++ b/usr/lib/common/mech_openssl.c
@@ -1854,6 +1854,7 @@ static int curve_nid_from_params(const CK_BYTE *params, CK_ULONG params_len)
{
const unsigned char *oid;
ASN1_OBJECT *obj = NULL;
+ EC_GROUP *grp;
int nid;
oid = params;
@@ -1866,6 +1867,14 @@ static int curve_nid_from_params(const CK_BYTE *params, CK_ULONG params_len)
nid = OBJ_obj2nid(obj);
ASN1_OBJECT_free(obj);
+ grp = EC_GROUP_new_by_curve_name(nid);
+ if (grp == NULL) {
+ TRACE_ERROR("curve not supported by OpenSSL.\n");
+ return NID_undef;
+ }
+
+ EC_GROUP_free(grp);
+
return nid;
}

2
SOURCES/opencryptoki.sysusers.conf Normal file
View File

@ -0,0 +1,2 @@
g pkcs11 - -
u pkcsslotd -:pkcs11 "Opencryptoki pkcsslotd user" /run/opencryptoki /sbin/nologin

637
SPECS/opencryptoki.spec
View File

@ -1,72 +1,84 @@
Name: opencryptoki Name: opencryptoki
Summary: Implementation of the PKCS#11 (Cryptoki) specification v3.0 Summary: Implementation of the PKCS#11 (Cryptoki) specification v3.0 and partially v3.1
Version: 3.22.0 Version: 3.25.0
Release: 3%{?dist}.1 Release: 4%{?dist}
License: CPL License: CPL-1.0
Group: System Environment/Base
URL: https://github.com/opencryptoki/opencryptoki URL: https://github.com/opencryptoki/opencryptoki
Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
# bz#1373833, change tmpfiles snippets from /var/lock/* to /run/lock/* # sysusers.d config file to allow rpm to create users/groups automatically
Patch1: opencryptoki-3.11.0-lockdir.patch Source1: opencryptoki.sysusers.conf
# add missing p11sak_defined_attrs.conf
Patch2: opencryptoki-3.21.0-p11sak.patch # fix install problem in buildroot
# comment some unsupported sandbox options and add /run to ReadWritePaths to exclude Patch1: opencryptoki-3.25.0-p11sak.patch
# /run directory from being made read-only on rhel8
Patch3: opencryptoki-3.21-sandboxing.patch # tmpfiles.d config files for image mode
Patch2: opencryptoki-3.24.0-tmpfiles-image-mode.patch
# everything using /var/lock should be fixed in the end to use /run/lock
# https://gitlab.com/fedora/bootc/base-images/-/issues/48
Patch3: opencryptoki-lockdir-image-mode.patch
# upstream patches # upstream patches
# CVE-2024-0914 opencryptoki: timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts # Fix detection of EC curve not supported by OpenSSL-3.5.x
Patch20: opencryptoki-CVE-2024-0914-part1.patch Patch10: opencryptoki-openssl-3.5.x.patch
Patch21: opencryptoki-CVE-2024-0914-part2.patch
Patch22: opencryptoki-CVE-2024-0914-part3.patch
Patch23: opencryptoki-CVE-2024-0914-part4.patch
Patch24: opencryptoki-CVE-2024-0914-part5.patch
# supporting CCA 8.4
Patch25: 3.22-CCA-Adjust-CCA-host-library-version-detection-for-ne.patch
Requires(pre): coreutils diffutils # Fix covscan findings, https://github.com/opencryptoki/opencryptoki/pull/880
Requires: (selinux-policy >= 3.14.3-121 if selinux-policy-targeted) Patch11: opencryptoki-3.25.0-covscan-findings.patch
BuildRequires: gcc
BuildRequires: gcc-c++ # Remove the use of MD5, pkcsslotd crashes in FIPS mode
Patch12: opencryptoki-3.25.0-reject-using-md5-in-fips-mode.patch
Requires(pre): coreutils
Requires: (selinux-policy >= 38.1.14-1 if selinux-policy-targeted)
BuildRequires: gcc gcc-c++
BuildRequires: openssl-devel >= 1.1.1 BuildRequires: openssl-devel >= 1.1.1
# testcases require 'openssl' command line tool
BuildRequires: openssl >= 1.1.1
# testcases require 'jq' command line tool
BuildRequires: jq
%if 0%{?tmptok}
BuildRequires: trousers-devel BuildRequires: trousers-devel
%endif
BuildRequires: openldap-devel BuildRequires: openldap-devel
BuildRequires: autoconf automake libtool BuildRequires: autoconf automake libtool
BuildRequires: bison flex BuildRequires: bison flex
BuildRequires: systemd-devel
BuildRequires: libcap-devel BuildRequires: libcap-devel
BuildRequires: expect BuildRequires: expect
BuildRequires: make BuildRequires: make
# sysusers_create_compat macro
BuildRequires: systemd-rpm-macros
%{?sysusers_requires_compat}
%ifarch s390 s390x %ifarch s390 s390x
BuildRequires: libica-devel >= 3.3 BuildRequires: libica-devel >= 3.3
# for /usr/include/libudev.h
BuildRequires: systemd-devel
%endif %endif
Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release} Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release}
Requires: %{name}-libs%{?_isa} = %{version}-%{release} Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Requires: %{name}(token) Requires: %{name}(token)
Requires(post): systemd Requires(post): systemd diffutils
Requires(preun): systemd Requires(preun): systemd
Requires(postun): systemd Requires(postun): systemd
%description %description
Opencryptoki implements the PKCS#11 specification v2.20 for a set of Opencryptoki implements the PKCS#11 specification v3.0 and partially v3.1
cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the for a set of cryptographic hardware, such as IBM 4767, 4768, 4769 and 4770
Trusted Platform Module (TPM) chip. Opencryptoki also brings a software crypto cards, and the Trusted Platform Module (TPM) chip. Opencryptoki also
token implementation that can be used without any cryptographic brings a software token implementation that can be used without any cryptographic
hardware. hardware.
This package contains the Slot Daemon (pkcsslotd) and general utilities. This package contains the Slot Daemon (pkcsslotd) and general utilities.
%package libs %package libs
Group: System Environment/Libraries Summary: The run-time libraries for opencryptoki package
Summary: The run-time libraries for opencryptoki package Requires(pre): shadow-utils
Requires(pre): shadow-utils
%description libs %description libs
Opencryptoki implements the PKCS#11 specification v2.20 for a set of Opencryptoki implements the PKCS#11 specification v3.0 and partially v3.1
cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the for a set of cryptographic hardware, such as IBM 4767, 4768, 4769 and 4770
Trusted Platform Module (TPM) chip. Opencryptoki also brings a software crypto cards, and the Trusted Platform Module (TPM) chip. Opencryptoki also
token implementation that can be used without any cryptographic brings a software token implementation that can be used without any cryptographic
hardware. hardware.
This package contains the PKCS#11 library implementation, and requires This package contains the PKCS#11 library implementation, and requires
at least one token implementation (packaged separately) to be fully at least one token implementation (packaged separately) to be fully
@ -74,9 +86,8 @@ functional.
%package devel %package devel
Group: Development/Libraries Summary: Development files for openCryptoki
Summary: Development files for openCryptoki Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
%description devel %description devel
This package contains the development header files for building This package contains the development header files for building
@ -84,111 +95,103 @@ opencryptoki and PKCS#11 based applications
%package swtok %package swtok
Group: System Environment/Libraries Summary: The software token implementation for opencryptoki
Summary: The software token implementation for opencryptoki Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release}
Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release} Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Requires: %{name}-libs%{?_isa} = %{version}-%{release} Provides: %{name}(token)
Provides: %{name}(token)
%description swtok %description swtok
Opencryptoki implements the PKCS#11 specification v2.20 for a set of Opencryptoki implements the PKCS#11 specification v3.0 and partially v3.1
cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the for a set of cryptographic hardware, such as IBM 4767, 4768, 4769 and 4770
Trusted Platform Module (TPM) chip. Opencryptoki also brings a software crypto cards, and the Trusted Platform Module (TPM) chip. Opencryptoki also
token implementation that can be used without any cryptographic brings a software token implementation that can be used without any cryptographic
hardware. hardware.
This package brings the software token implementation to use opencryptoki This package brings the software token implementation to use opencryptoki
without any specific cryptographic hardware. without any specific cryptographic hardware.
%package tpmtok %package tpmtok
Group: System Environment/Libraries Summary: Trusted Platform Module (TPM) device support for opencryptoki
Summary: Trusted Platform Module (TPM) device support for opencryptoki Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release}
Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release} Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Requires: %{name}-libs%{?_isa} = %{version}-%{release} Provides: %{name}(token)
Provides: %{name}(token)
%description tpmtok %description tpmtok
Opencryptoki implements the PKCS#11 specification v2.20 for a set of Opencryptoki implements the PKCS#11 specification v3.0 and partially v3.1
cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the for a set of cryptographic hardware, such as IBM 4767, 4768, 4769 and 4770
Trusted Platform Module (TPM) chip. Opencryptoki also brings a software crypto cards, and the Trusted Platform Module (TPM) chip. Opencryptoki also
token implementation that can be used without any cryptographic brings a software token implementation that can be used without any cryptographic
hardware. hardware.
This package brings the necessary libraries and files to support This package brings the necessary libraries and files to support
Trusted Platform Module (TPM) devices in the opencryptoki stack. Trusted Platform Module (TPM) devices in the opencryptoki stack.
%package icsftok %package icsftok
Group: System Environment/Libraries Summary: ICSF token support for opencryptoki
Summary: ICSF token support for opencryptoki Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release}
Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release} Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Requires: %{name}-libs%{?_isa} = %{version}-%{release} Provides: %{name}(token)
Provides: %{name}(token)
%description icsftok %description icsftok
Opencryptoki implements the PKCS#11 specification v2.20 for a set of Opencryptoki implements the PKCS#11 specification v3.0 and partially v3.1
cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the for a set of cryptographic hardware, such as IBM 4767, 4768, 4769 and 4770
Trusted Platform Module (TPM) chip. Opencryptoki also brings a software crypto cards, and the Trusted Platform Module (TPM) chip. Opencryptoki also
token implementation that can be used without any cryptographic brings a software token implementation that can be used without any cryptographic
hardware. hardware.
This package brings the necessary libraries and files to support This package brings the necessary libraries and files to support
ICSF token in the opencryptoki stack. ICSF token in the opencryptoki stack.
%ifarch s390 s390x
%package icatok %package icatok
Group: System Environment/Libraries Summary: ICA cryptographic devices (clear-key) support for opencryptoki
Summary: ICA cryptographic devices (clear-key) support for opencryptoki Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release}
Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release} Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Requires: %{name}-libs%{?_isa} = %{version}-%{release} Provides: %{name}(token)
Provides: %{name}(token)
%description icatok %description icatok
Opencryptoki implements the PKCS#11 specification v2.20 for a set of Opencryptoki implements the PKCS#11 specification v3.0 and partially v3.1
cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the for a set of cryptographic hardware, such as IBM 4767, 4768, 4769 and 4770
Trusted Platform Module (TPM) chip. Opencryptoki also brings a software crypto cards, and the Trusted Platform Module (TPM) chip. Opencryptoki also
token implementation that can be used without any cryptographic brings a software token implementation that can be used without any cryptographic
hardware. hardware.
This package brings the necessary libraries and files to support ICA This package brings the necessary libraries and files to support ICA
devices in the opencryptoki stack. ICA is an interface to IBM devices in the opencryptoki stack. ICA is an interface to IBM
cryptographic hardware such as IBM 4764 or 4765 that uses the cryptographic hardware such as IBM 4767, 4768, 4769 and 4770 that uses the
"accelerator" or "clear-key" path. "accelerator" or "clear-key" path.
%package ccatok %package ccatok
Group: System Environment/Libraries Summary: CCA cryptographic devices (secure-key) support for opencryptoki
Summary: CCA cryptographic devices (secure-key) support for opencryptoki Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release}
Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release} Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Requires: %{name}-libs%{?_isa} = %{version}-%{release} Provides: %{name}(token)
Provides: %{name}(token)
%description ccatok %description ccatok
Opencryptoki implements the PKCS#11 specification v2.20 for a set of Opencryptoki implements the PKCS#11 specification v3.0 and partially v3.1
cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the for a set of cryptographic hardware, such as IBM 4767, 4768, 4769 and 4770
Trusted Platform Module (TPM) chip. Opencryptoki also brings a software crypto cards, and the Trusted Platform Module (TPM) chip. Opencryptoki also
token implementation that can be used without any cryptographic brings a software token implementation that can be used without any cryptographic
hardware. hardware.
This package brings the necessary libraries and files to support CCA This package brings the necessary libraries and files to support CCA
devices in the opencryptoki stack. CCA is an interface to IBM devices in the opencryptoki stack. CCA is an interface to IBM
cryptographic hardware such as IBM 4764 or 4765 that uses the cryptographic hardware such as IBM 4767, 4768, 4769 and 4770 that uses the
"co-processor" or "secure-key" path. "co-processor" or "secure-key" path.
%package ep11tok %package ep11tok
Group: System Environment/Libraries Summary: EP11 cryptographic devices (secure-key) support for opencryptoki
Summary: CCA cryptographic devices (secure-key) support for opencryptoki Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release}
Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release} Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Requires: %{name}-libs%{?_isa} = %{version}-%{release} Provides: %{name}(token)
Provides: %{name}(token)
%description ep11tok %description ep11tok
Opencryptoki implements the PKCS#11 specification v2.20 for a set of Opencryptoki implements the PKCS#11 specification v3.0 and partially v3.1
cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the for a set of cryptographic hardware, such as IBM 4767, 4768, 4769 and 4770
Trusted Platform Module (TPM) chip. Opencryptoki also brings a software crypto cards, and the Trusted Platform Module (TPM) chip. Opencryptoki also
token implementation that can be used without any cryptographic brings a software token implementation that can be used without any cryptographic
hardware. hardware.
This package brings the necessary libraries and files to support EP11 This package brings the necessary libraries and files to support EP11
tokens in the opencryptoki stack. The EP11 token is a token that uses tokens in the opencryptoki stack. The EP11 token is a token that uses
the IBM Crypto Express adapters (starting with Crypto Express 4S adapters) the IBM Crypto Express adapters (starting with Crypto Express 4S adapters)
configured with Enterprise PKCS#11 (EP11) firmware. configured with Enterprise PKCS#11 (EP11) firmware.
%endif
%prep %prep
@ -198,48 +201,60 @@ configured with Enterprise PKCS#11 (EP11) firmware.
%build %build
./bootstrap.sh ./bootstrap.sh
%configure --with-systemd=%{_unitdir} \ %configure --with-systemd=%{_unitdir} --enable-testcases \
--with-pkcsslotd-user=pkcsslotd --with-pkcs-group=pkcs11 \ --with-pkcsslotd-user=pkcsslotd --with-pkcs-group=pkcs11 \
%ifarch s390 s390x %if 0%{?tpmtok}
--enable-icatok --enable-ccatok --enable-ep11tok --enable-pkcsep11_migrate --enable-tpmtok \
%else %else
--disable-icatok --disable-ccatok --disable-ep11tok --disable-pkcsep11_migrate --disable-pkcscca_migrate --disable-tpmtok \
%endif
%ifarch s390 s390x x86_64 ppc64le
--enable-ccatok \
%else
--disable-ccatok \
%endif
%ifarch s390 s390x
--enable-icatok --enable-ep11tok --enable-pkcsep11_migrate
%else
--disable-icatok --disable-ep11tok --disable-pkcsep11_migrate --enable-pkcscca_migrate
%endif %endif
make %{?_smp_mflags} CHGRP=/bin/true %make_build CHGRP=/bin/true
%install %install
make install DESTDIR=$RPM_BUILD_ROOT CHGRP=/bin/true %make_install CHGRP=/bin/true
# Remove unwanted cruft # Install sysusers.d config file
rm -f $RPM_BUILD_ROOT/%{_libdir}/%{name}/*.la install -p -D -m 0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/%{name}.sysusers.conf
rm -f $RPM_BUILD_ROOT/%{_libdir}/%{name}/stdll/*.la
# Install tmpfiles.d config files
%post libs -p /sbin/ldconfig
%post swtok -p /sbin/ldconfig
%post tpmtok -p /sbin/ldconfig
%post icsftok -p /sbin/ldconfig
%ifarch s390 s390x %ifarch s390 s390x
%post icatok -p /sbin/ldconfig install -p -D -m 0644 %{name}-icatok.conf %{buildroot}%{_tmpfilesdir}/
%post ccatok -p /sbin/ldconfig install -p -D -m 0644 %{name}-ep11tok.conf %{buildroot}%{_tmpfilesdir}/
%post ep11tok -p /sbin/ldconfig
%endif %endif
%postun libs -p /sbin/ldconfig %ifarch s390 s390x x86_64 ppc64le
%postun swtok -p /sbin/ldconfig install -p -D -m 0644 %{name}-ccatok.conf %{buildroot}%{_tmpfilesdir}/
%postun tpmtok -p /sbin/ldconfig
%postun icsftok -p /sbin/ldconfig
%ifarch s390 s390x
%postun icatok -p /sbin/ldconfig
%postun ccatok -p /sbin/ldconfig
%postun ep11tok -p /sbin/ldconfig
%endif %endif
%if 0%{?tmptok}
install -p -D -m 0644 %{name}-tpmtok.conf %{buildroot}%{_tmpfilesdir}/
%endif
install -p -D -m 0644 %{name}-swtok.conf %{buildroot}%{_tmpfilesdir}/
install -p -D -m 0644 %{name}-icsftok.conf %{buildroot}%{_tmpfilesdir}/
# convert absolute links to relative links.
rm -f %{buildroot}%{_libdir}/%{name}/methods && ln -fs ../../bin %{buildroot}%{_libdir}/%{name}/methods
rm -f %{buildroot}%{_libdir}/pkcs11/methods && ln -fs ../../bin %{buildroot}%{_libdir}/pkcs11/methods
%check
make check
%pre %pre
# don't touch opencryptoki.conf even if it is unchanged due to new tokversion # don't touch opencryptoki.conf even if it is unchanged due to new tokversion
# backup config file # backup config file. bz#2044179
%global cfile /etc/opencryptoki/opencryptoki.conf %global cfile /etc/opencryptoki/opencryptoki.conf
%global csuffix .rpmsave.XyoP %global csuffix .rpmsave.XyoP
if test $1 -gt 1 && test -f %{cfile} ; then if test $1 -gt 1 && test -f %{cfile} ; then
@ -247,9 +262,7 @@ if test $1 -gt 1 && test -f %{cfile} ; then
fi fi
%pre libs %pre libs
getent group pkcs11 >/dev/null || groupadd -r pkcs11 %sysusers_create_compat %{SOURCE1}
getent passwd pkcsslotd >/dev/null || useradd -r -g pkcs11 -d /run/opencryptoki -s /sbin/nologin -c "Opencryptoki pkcsslotd user" pkcsslotd
exit 0
%post %post
# restore the config file from %pre # restore the config file from %pre
@ -262,7 +275,7 @@ fi
%systemd_post pkcsslotd.service %systemd_post pkcsslotd.service
if test $1 -eq 1; then if test $1 -eq 1; then
%tmpfiles_create %tmpfiles_create %{name}.conf
fi fi
%preun %preun
@ -271,8 +284,6 @@ fi
%postun %postun
%systemd_postun_with_restart pkcsslotd.service %systemd_postun_with_restart pkcsslotd.service
%triggerun -- opencryptoki < 3.21.0-1
/usr/bin/systemctl daemon-reload
%files %files
%doc ChangeLog FAQ README.md %doc ChangeLog FAQ README.md
@ -281,23 +292,29 @@ fi
%doc %{_docdir}/%{name}/*.conf %doc %{_docdir}/%{name}/*.conf
%dir %{_sysconfdir}/%{name} %dir %{_sysconfdir}/%{name}
%verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf %verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
%attr(0640, root, pkcs11) %config(noreplace) %{_sysconfdir}/%{name}/p11sak_defined_attrs.conf %verify(not md5 size mtime) %attr(0640, root, pkcs11) %config(noreplace) %{_sysconfdir}/%{name}/p11sak_defined_attrs.conf
%attr(0640, root, pkcs11) %config(noreplace) %{_sysconfdir}/%{name}/strength.conf %verify(not md5 size mtime) %attr(0640, root, pkcs11) %config(noreplace) %{_sysconfdir}/%{name}/strength.conf
%verify(not md5 size mtime) %attr(0640, root, pkcs11) %config(noreplace) %{_sysconfdir}/%{name}/p11kmip.conf
%{_tmpfilesdir}/%{name}.conf %{_tmpfilesdir}/%{name}.conf
%{_unitdir}/pkcsslotd.service %{_unitdir}/pkcsslotd.service
%{_sbindir}/p11sak %{_sbindir}/p11sak
%{_sbindir}/p11kmip
%{_sbindir}/pkcstok_migrate %{_sbindir}/pkcstok_migrate
%{_sbindir}/pkcsconf %{_sbindir}/pkcsconf
%{_sbindir}/pkcsslotd %{_sbindir}/pkcsslotd
%{_sbindir}/pkcsstats %{_sbindir}/pkcsstats
%{_sbindir}/pkcshsm_mk_change %{_sbindir}/pkcshsm_mk_change
%{_sbindir}/pkcstok_admin
%{_mandir}/man1/p11sak.1* %{_mandir}/man1/p11sak.1*
%{_mandir}/man1/pkcstok_migrate.1* %{_mandir}/man1/pkcstok_migrate.1*
%{_mandir}/man1/pkcsconf.1* %{_mandir}/man1/pkcsconf.1*
%{_mandir}/man1/p11kmip.1*
%{_mandir}/man1/pkcsstats.1* %{_mandir}/man1/pkcsstats.1*
%{_mandir}/man1/pkcshsm_mk_change.1* %{_mandir}/man1/pkcshsm_mk_change.1*
%{_mandir}/man1/pkcstok_admin.1*
%{_mandir}/man5/policy.conf.5* %{_mandir}/man5/policy.conf.5*
%{_mandir}/man5/strength.conf.5* %{_mandir}/man5/strength.conf.5*
%{_mandir}/man5/p11kmip.conf.5*
%{_mandir}/man5/%{name}.conf.5* %{_mandir}/man5/%{name}.conf.5*
%{_mandir}/man5/p11sak_defined_attrs.conf.5* %{_mandir}/man5/p11sak_defined_attrs.conf.5*
%{_mandir}/man7/%{name}.7* %{_mandir}/man7/%{name}.7*
@ -325,6 +342,7 @@ fi
%{_libdir}/pkcs11/PKCS11_API.so %{_libdir}/pkcs11/PKCS11_API.so
%{_libdir}/pkcs11/stdll %{_libdir}/pkcs11/stdll
%dir %attr(770,root,pkcs11) %{_localstatedir}/log/opencryptoki %dir %attr(770,root,pkcs11) %{_localstatedir}/log/opencryptoki
%{_sysusersdir}/%{name}.sysusers.conf
%files devel %files devel
%{_includedir}/%{name}/ %{_includedir}/%{name}/
@ -335,12 +353,16 @@ fi
%{_libdir}/opencryptoki/stdll/PKCS11_SW.so %{_libdir}/opencryptoki/stdll/PKCS11_SW.so
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/swtok/ %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/swtok/
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/swtok/TOK_OBJ/ %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/swtok/TOK_OBJ/
%{_tmpfilesdir}/%{name}-swtok.conf
%if 0%{?tmptok}
%files tpmtok %files tpmtok
%doc doc/README.tpm_stdll %doc doc/README.tpm_stdll
%{_libdir}/opencryptoki/stdll/libpkcs11_tpm.* %{_libdir}/opencryptoki/stdll/libpkcs11_tpm.*
%{_libdir}/opencryptoki/stdll/PKCS11_TPM.so %{_libdir}/opencryptoki/stdll/PKCS11_TPM.so
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/tpm/ %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/tpm/
%{_tmpfilesdir}/%{name}-tpmtok.conf
%endif
%files icsftok %files icsftok
%doc doc/README.icsf_stdll %doc doc/README.icsf_stdll
@ -349,6 +371,7 @@ fi
%{_libdir}/opencryptoki/stdll/libpkcs11_icsf.* %{_libdir}/opencryptoki/stdll/libpkcs11_icsf.*
%{_libdir}/opencryptoki/stdll/PKCS11_ICSF.so %{_libdir}/opencryptoki/stdll/PKCS11_ICSF.so
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/icsf/ %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/icsf/
%{_tmpfilesdir}/%{name}-icsftok.conf
%ifarch s390 s390x %ifarch s390 s390x
%files icatok %files icatok
@ -356,7 +379,10 @@ fi
%{_libdir}/opencryptoki/stdll/PKCS11_ICA.so %{_libdir}/opencryptoki/stdll/PKCS11_ICA.so
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/lite/ %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/lite/
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/lite/TOK_OBJ/ %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/lite/TOK_OBJ/
%{_tmpfilesdir}/%{name}-icatok.conf
%endif
%ifarch s390 s390x x86_64 ppc64le
%files ccatok %files ccatok
%doc doc/README.cca_stdll %doc doc/README.cca_stdll
%config(noreplace) %{_sysconfdir}/%{name}/ccatok.conf %config(noreplace) %{_sysconfdir}/%{name}/ccatok.conf
@ -366,7 +392,10 @@ fi
%{_libdir}/opencryptoki/stdll/PKCS11_CCA.so %{_libdir}/opencryptoki/stdll/PKCS11_CCA.so
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/ccatok/ %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/ccatok/
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/ccatok/TOK_OBJ/ %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/ccatok/TOK_OBJ/
%{_tmpfilesdir}/%{name}-ccatok.conf
%endif
%ifarch s390 s390x
%files ep11tok %files ep11tok
%doc doc/README.ep11_stdll %doc doc/README.ep11_stdll
%config(noreplace) %{_sysconfdir}/%{name}/ep11tok.conf %config(noreplace) %{_sysconfdir}/%{name}/ep11tok.conf
@ -379,203 +408,263 @@ fi
%{_libdir}/opencryptoki/stdll/PKCS11_EP11.so %{_libdir}/opencryptoki/stdll/PKCS11_EP11.so
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/ep11tok/ %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/ep11tok/
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/ep11tok/TOK_OBJ/ %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/ep11tok/TOK_OBJ/
%{_tmpfilesdir}/%{name}-ep11tok.conf
%endif %endif
%changelog %changelog
* Mon Aug 11 2025 Than Ngo <than@redhat.com> - 3.22.0-3.1 * Wed Aug 13 2025 Than Ngo <than@redhat.com> - 3.25.0-4
- Resolves: RHEL-105918, fix for supporting CCA 8.4 - Fix pkcsslotd fails to start in FIPS
- Drop tier1 test as it mostly provides duplicate results
- Enable ci test for FIPS mode
Resolves: RHEL-109050
* Mon Jul 21 2025 Than Ngo <than@redhat.com> - 3.25.0-3
- Fix incorrect effective group id of pkcsslotd daemon
- Fix covscan findings
Resolves: RHEL-104602
* Mon Jul 14 2025 Than Ngo <than@redhat.com> - 3.25.0-2
- Related: RHEL-73344, Fix detection of EC curve not supported by OpenSSL-3.5.x
- Related: RHEL-77147, Fix the image mode issue again as bootc expects to use /run/lock
* Fri Jul 04 2025 Than Ngo <than@redhat.com> - 3.25.0-1
- Resolves: RHEL-73344, upgrade openCryptoki
- Resolves: RHEL-90590, basic support of AES-GCM
- Resolves: RHEL-72965, cca token support cipher keys
- Resolves: RHEL-72969, support for CKM_RSA_AES_KEY_WRAP for cca, ica and soft tokens
- Resolves: RHEL-75141, add a tool to import/export PKCS #11 keys from to a KMIP server
- Resolves: RHEL-75762, ep11 token: import and export of secure key objects
- Resolves: RHEL-85375, cca token: Support ECDH to derive AES keys
- Resolves: RHEL-85377, ep11 token: PKCS #11 3.0 - support SHA3
* Wed Apr 09 2025 Than Ngo <than@redhat.com> - 3.24.0-5
- Related: RHEL-77147, opencryptoki doesn't work in image mode
* Wed Mar 19 2025 Than Ngo <than@redhat.com> - 3.24.0-4
- Resolves: RHEL-77147, opencryptoki doesn't work in image mode
* Tue Nov 26 2024 Than Ngo <than@redhat.com> - 3.24.0-3
- Disable ccatok on aarch64
Related: RHEL-50064
* Thu Nov 07 2024 Than Ngo <than@redhat.com> - 3.24.0-2
- Fix resource leak
Related: RHEL-50064
* Tue Oct 22 2024 Than Ngo <than@redhat.com> - 3.24.0-1
- Resolves: RHEL-50064, update to 3.24.0
- Resolves: RHEL-50063, opencryptoki CCA Token support for x86_64 and ppc64le
- Resolves: RHEL-50058, openCryptoki CCA token support of Dilithium
- Resolves: RHEL-50056, openCryptoki cca token SHA3 support
- Resolves: RHEL-50057, openCryptoki cca token RSA OAEP v2.1 support
* Wed May 22 2024 Than Ngo <than@redhat.com> - 3.23.0-1
- Resolves: RHEL-23671, ep11 token: support protected keys for extractable keys
- Resolves: RHEL-23672, ep11 token support for FIPS 2021-session bound EP11 keys
- Resolves: RHEL-23673, update to 3.23.0
* Fri Feb 16 2024 Than Ngo <than@redhat.com> - 3.22.0-3 * Fri Feb 16 2024 Than Ngo <than@redhat.com> - 3.22.0-3
- Fix implicit rejection with RSA keys with empty CKA_PRIVATE_EXPONENT - Fix implicit rejection with RSA keys with empty CKA_PRIVATE_EXPONENT
Related: RHEL-22791 Related: RHEL-22792
* Thu Feb 08 2024 Than Ngo <than@redhat.com> - 3.22.0-2 * Thu Feb 08 2024 Than Ngo <than@redhat.com> - 3.22.0-2
- timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin) - timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin)
Resolves: RHEL-22791 Resolves: RHEL-22792
* Thu Nov 23 2023 Than Ngo <than@redhat.com> - 3.22.0-1 * Tue Nov 21 2023 Than Ngo <than@redhat.com> - 3.22.0-1
- Resolves: RHEL-11413, update to 3.22.0 - Resolves: RHEL-11412, rebase to 3.22.0
- Resolves: RHEL-10569, openCryptoki for PKCS #11 3.0
* Tue Jul 18 2023 Than Ngo <than@redhat.com> - 3.21.0-9 * Fri Jul 14 2023 Than Ngo <than@redhat.com> - 3.21.0-8
- Resolves: #2223588, FTBFS - Resolves: #2222592, p11sak tool: slot option does not accept argument 0 for slot index 0
- Resolves: #2222596, p11sak fails as soon as there reside non-key objects
* Tue Jul 18 2023 Than Ngo <than@redhat.com> - 3.21.0-8
- Related: #2222595, add triggerun to reload daemon
* Fri Jul 14 2023 Than Ngo <than@redhat.com> - 3.21.0-7
- Resolves: #2222595, p11sak tool: slot option does not accept argument 0 for slot index 0
- Resolves: #2222594, p11sak fails as soon as there reside non-key objects
* Tue Jul 04 2023 Than Ngo <than@redhat.com> - 3.21.0-6
- add workaround for segfault in PEM_write_bio() on OpenSSL 1.1.1
Related: #2159741
* Tue Jun 13 2023 Than Ngo <than@redhat.com> - 3.21.0-5 * Tue Jun 13 2023 Than Ngo <than@redhat.com> - 3.21.0-5
- add requirement on selinux-policy >= 3.14.3-121 for pkcsslotd policy sandboxing - add requirement on selinux-policy >= 38.1.14-1 for pkcsslotd policy sandboxing
Related: #2159697 Related: #2160061
* Thu May 25 2023 Than Ngo <than@redhat.com> - 3.21.0-4 * Fri May 26 2023 Than Ngo <than@redhat.com> - 3.21.0-4
- add verify attributes for opencryptoki.conf to ignore the verification - add verify attributes for opencryptoki.conf to ignore the verification
Related: #2159697
Related: #2160061
* Mon May 22 2023 Than Ngo <than@redhat.com> - 3.21.0-3 * Mon May 22 2023 Than Ngo <than@redhat.com> - 3.21.0-3
- pkcsstats: Fix handling of user name - Resolves: #2110497, concurrent MK rotation for cca token
- p11sak: Fix user confirmation prompt behavior when stdin is closed - Resolves: #2110498, concurrent MK rotation for ep11 token
Related: #2159697 - Resolves: #2110499, ep11 token: PKCS #11 3.0 - support AES_XTS
- Resolves: #2111010, cca token: protected key support
* Tue May 16 2023 Than Ngo <than@redhat.com> - 3.21.0-2 - Resolves: #2160061, rebase to 3.21.0
- add missing /var/lib/opencryptoki/HSM_MK_CHANGE - Resolves: #2160105, pkcsslotd hardening
- disable unsupported sandbox options and add /run to ReadWritePaths to exclude - Resolves: #2160107, p11sak support Dilithium and Kyber keys
/run directory from being made read-only on rhel8 - Resolves: #2160109, ica and soft tokens: PKCS #11 3.0 - support AES_XTS
Related: #2159697
* Mon May 15 2023 Than Ngo <than@redhat.com> - 3.21.0-1
- Resolves: #1984865, ep11 and cca: support concurrent HSM master key changes
- Resolves: #2110500, ep11 token: PKCS #11 3.0 - support AES_XTS
- Resolves: #2111011, cca token: protected key support
- Resolves: #2159697, update to 3.21.0
- Resolves: #2159740, pkcsslotd hardening
- Resolves: #2159741, p11sak support Dilithium and Kyber keys
- Resolves: #2159742, ica and soft tokens: PKCS #11 3.0 - support AES_XTS
* Mon Jan 30 2023 Than Ngo <than@redhat.com> - 3.19.0-2 * Mon Jan 30 2023 Than Ngo <than@redhat.com> - 3.19.0-2
- Resolves: #2043856, Support of ep11 token for new IBM Z Hardware (IBM z16) - Resolves: #2044182, Support of ep11 token for new IBM Z Hardware (IBM z16)
* Tue Nov 01 2022 Than Ngo <than@redhat.com> - 3.19.0-1 * Tue Oct 11 2022 Than Ngo <than@redhat.com> - 3.19.0-1
- Resolves: #2126612, opencryptoki fails after generating > 500 RSA keys - Resolves: #2126294, opencryptoki fails after generating > 500 RSA keys
- Resolves: #2110315, rebase to 3.19.0 - Resolves: #2110314, rebase to 3.19.0
- Resolves: #2110990, openCryptoki key generation with expected MKVP only on CCA and EP11 tokens - Resolves: #2110989, openCryptoki key generation with expected MKVP only on CCA and EP11 tokens
- Resolves: #2110477, openCryptoki ep11 token: master key consistency - Resolves: #2110476, openCryptoki ep11 token: master key consistency
- Resolves: #1984871, openCryptoki ep11 token: vendor specific key derivation - Resolves: #2018458, openCryptoki ep11 token: vendor specific key derivation
* Mon Aug 01 2022 Than Ngo <than@redhat.com> - 3.18.0-3 * Fri Jul 29 2022 Than Ngo <than@redhat.com> - 3.18.0-4
- Related: #2043854, do not touch opencryptoki.conf if it is in place already and even if it is unchanged - Related: #2044179, do not touch opencryptoki.conf if it is in place already and even if it is unchanged
- Resolves: #2112785, EP11: Fix C_GetMechanismList returning CKR_BUFFER_TOO_SMALL
* Tue Jun 07 2022 Than Ngo <than@redhat.com> - 3.18.0-2 * Tue Jun 07 2022 Than Ngo <than@redhat.com> - 3.18.0-3
- Related: #2043854, fix json output - Related: #2044179, fix json output
* Tue May 24 2022 Than Ngo <than@redhat.com> - 3.18.0-1 * Mon May 09 2022 Than Ngo <than@redhat.com> - 3.18.0-2
- Resolves: #2043845, rebase to 3.18.0 - Related: #2044179, add missing strength.conf
- Resolves: #2043854, add crypto counters
- Resolves: #2043855, support crypto profiles
* Fri Apr 15 2022 Than Ngo <than@redhat.com> - 3.17.0-4 * Mon May 09 2022 Than Ngo <than@redhat.com> - 3.18.0-1
- Resolves: #2066762, Dilithium support not available - Resolves: #2044179, rebase to 3.18.0
- Resolves: #2068091, pkcsconf -t failed with Segmentation fault in FIPS mode
- Resolves: #2066763, Dilithium support not available
- Resolves: #2064697, OpenSSL 3.0 Compatibility for IBM Security Libraries and Tools
- Resolves: #2044181, support crypto profiles
- Resolves: #2044180, add crypto counters
* Mon Jan 17 2022 Than Ngo <than@redhat.com> - 3.17.0-3 * Tue May 03 2022 Than Ngo <than@redhat.com> - 3.17.0-6
- Resolves: #2040677, API: Unlock GlobMutex if user and group check fails - Resolves: #2066763, Dilithium support not available
* Tue Nov 09 2021 Than Ngo <than@redhat.com> - 3.17.0-2 * Mon Mar 14 2022 Than Ngo <than@redhat.com> - 3.17.0-5
- Related: #1984993, add missing p11sak_defined_attrs.conf - Resolves: #2064697, ICA/EP11: Support libica version 4
* Tue Oct 19 2021 Than Ngo <than@redhat.com> - 3.17.0-1 * Mon Jan 17 2022 Than Ngo <than@redhat.com> - 3.17.0-4
- Resolves: #1984993, rebase to 3.17.0 - Resolves: #2040678, API: Unlock GlobMutex if user and group check fails
- Resolves: #1984870, openCryptoki key management tool
* Mon Sep 13 2021 Than Ngo <than@redhat.com> - 3.16.0-6 * Sat Dec 04 2021 Than Ngo <than@redhat.com> - 3.17.0-3
- Fix: Could not open /run/lock/opencryptoki/LCK..APIlock - Related: #2015888, added missing patch pkcsslotd-pidfile
* Thu Aug 19 2021 Than Ngo <than@redhat.com> - 3.16.0-5 * Wed Nov 24 2021 Than Ngo <than@redhat.com> - 3.17.0-2
- Resolves: #1987256, pkcstok_migrate leaves options with multiple strings in opencryptoki.conf options without double-quotes - Related: #2015888, add missing p11sak_defined_attrs.conf
* Fri Jul 16 2021 Than Ngo <than@redhat.com> - 3.16.0-4 * Wed Nov 03 2021 Than Ngo <than@redhat.com> - 3.17.0-1
- Resolves: #1964304, Fix detection if pkcsslotd is still running - Resolves: #2015888, rebase to 3.17.0
- Resolves: #2017720, openCryptoki key management tool
* Tue Jun 15 2021 Than Ngo <than@redhat.com> - 3.16.0-3 * Thu Aug 26 2021 Than Ngo <than@redhat.com> - 3.16.0-12
- Related: #1919223, add conditional requirement - Related: #1989138, Support for OpenSSL 3.0
* Fri Jun 11 2021 Than Ngo <than@redhat.com> - 3.16.0-2 * Mon Aug 23 2021 Than Ngo <than@redhat.com> - 3.16.0-11
- Related: #1919223, add requirement on selinux-policy >= 3.14.3-70 for using ipsec - Resolves: #1989138, Support for OpenSSL 3.0
* Tue Jun 01 2021 Than Ngo <than@redhat.com> - 3.16.0-1 * Thu Aug 19 2021 Than Ngo <than@redhat.com> - 3.16.0-10
- Resolves: #1919223, rebase to 3.16.0 - Resolves: #1987186, pkcstok_migrate leaves options with multiple strings in opencryptoki.conf options without double-quotes
- Resolves: #1922195, Event Notification Support
- Resolves: #1959936, Soft token does not check if an EC key is valid * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.16.0-9
- Resolves: #1851104, import and export of secure key objects - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
- Resolves: #1851106, openCryptoki ep11 token: protected key support Related: rhbz#1991688
- Resolves: #1851107, openCryptoki ep11 token: support attribute bound keys
* Wed Jul 28 2021 Florian Weimer <fweimer@redhat.com> - 3.16.0-8
- Rebuild to pick up OpenSSL 3.0 Beta ABI (#1984097)
* Fri Jul 16 2021 Than Ngo <than@redhat.com> - 3.16.0-7
- Resolves: #1974365, Fix detection if pkcsslotd is still running
* Fri Jun 25 2021 Than Ngo <than@redhat.com> - 3.16.0-6
- Resolves: #1974693, pkcsslotd PIDfile below legacy directory /var/run/
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.16.0-5
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Tue Jun 15 2021 Than Ngo <than@redhat.com> - 3.16.0-4
- Related: #1924120, add conditional requirement on new selinux-policy
* Mon May 17 2021 Than Ngo <than@redhat.com> - 3.16.0-3
- Resolves: #1959894, Soft token does not check if an EC key is valid
- Resolves: #1924120, Event Notification Support
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.16.0-2
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Wed Mar 31 2021 Dan Horák <dan[at]danny.cz> - 3.16.0-1
- Rebase to 3.16.0
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 3.15.1-6
- Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.
* Fri Feb 12 2021 Than Ngo <than@redhat.com> - 3.15.1-5 * Fri Feb 12 2021 Than Ngo <than@redhat.com> - 3.15.1-5
- Resolves: #1928120, Fix problem with C_Get/SetOperationState and digest contexts - Added upstream patch, a slot ID has nothing to do with the number of slots
* Fri Feb 12 2021 Than Ngo <than@redhat.com> - 3.15.1-4 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.15.1-4
- Resolves: #1927745, pkcscca migration fails with usr/sb2 is not a valid slot ID - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Thu Nov 26 2020 Than Ngo <than@redhat.com> - 3.15.1-3 * Tue Dec 22 2020 Than Ngo <than@redhat.com> - 3.15.1-3
- Resolves: #1902022 - Drop tpm1.2 support by default
Fix compiling with c++
Added error message handling for p11sak remove-key command
* Thu Nov 26 2020 Than Ngo <than@redhat.com> - 3.15.1-2 * Tue Dec 22 2020 Than Ngo <than@redhat.com> - 3.15.1-2
- Related: #1847433, Added error message handling for p11sak remove-key command - Fix compiling with c++
- Added error message handling for p11sak remove-key command
- Add BR on make
* Mon Nov 02 2020 Than Ngo <than@redhat.com> - 3.15.1-1 * Mon Nov 02 2020 Than Ngo <than@redhat.com> - 3.15.1-1
- Related: #1847433 - Rebase to 3.15.1
upstream fixes:
- Free generated key in all error cases
- CCA: Zeroize key buffer to avoid CCA 8/32 error
- Do not delete the map-btree entry if destroying an object is not allowed
- Remove now unused header timeb.h
- TESTCASES: Use FIPS conforming keys for 3DES CBC-MAC test vectors
- Fix buffer overrun in C_CopyObject
- TPM: Fix double free in openssl_gen_key
* Mon Oct 19 2020 Than Ngo <than@redhat.com> - 3.15.0-1 * Mon Oct 19 2020 Dan Horák <dan[at]danny.cz> - 3.15.0-1
- Resolves: #1847433, rebase to 3.15.0 - Rebase to 3.15.0
- Resolves: #1851105, PKCS #11 3.0 - baseline provider support
- Resolves: #1851108, openCryptoki ep11 token: enhanced functionality
- Resolves: #1851109, openCryptoki key management tool: key deletion function
* Mon Jul 06 2020 Than Ngo <than@redhat.com> - 3.14.0-5 * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.14.0-6
- Related: #1853420, more fixes - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Fri Jul 03 2020 Than Ngo <than@redhat.com> - 3.14.0-4 * Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 3.14.0-5
- Resolves: #1853420, endian issue - Use make macros
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
* Mon Jun 15 2020 Than Ngo <than@redhat.com> - 3.14.0-3 * Wed Jul 08 2020 Than Ngo <than@redhat.com> - 3.14.0-4
- Resolves: #1780294, PIN conversion tool - added PIN conversion tool
* Tue May 26 2020 Than Ngo <than@redhat.com> - 3.14.0-2 * Wed Jul 01 2020 Than Ngo <than@redhat.com> - 3.14.0-3
- Related: #1780293, fix regression, segfault in C_SetPin - upstream fix - handle early error cases in C_Initialize
* Tue May 19 2020 Than Ngo <than@redhat.com> - 3.14.0-1 * Wed May 27 2020 Than Ngo <than@redhat.com> - 3.14.0-2
- Resolves: #1723863 - ep11 token: Enhanced Support - fix regression, segfault in C_SetPin
- Resolves: #1780285 - ep11 token: Support for new IBM Z hardware z15
- Resolves: #1780293 - rebase to 3.14.0
- Resolves: #1800549 - key management tool: list keys function
-Resolves: #1800555 - key management tool: random key generation function
* Fri Dec 13 2019 Than Ngo <than@redhat.com> - 3.12.1-2 * Fri May 15 2020 Dan Horák <dan[at]danny.cz> - 3.14.0-1
- Resolves: #1782445, EP11: Fix EC-uncompress buffer length - Rebase to 3.14.0
* Thu Nov 28 2019 Than Ngo <than@redhat.com> - 3.12.1-1 * Fri Mar 06 2020 Dan Horák <dan[at]danny.cz> - 3.13.0-1
- Resolves: #1777313, rebase to 3.12.1 - Rebase to 3.13.0
* Tue Nov 12 2019 Than Ngo <than@redhat.com> - 3.12.0-1 * Mon Feb 03 2020 Dan Horák <dan[at]danny.cz> - 3.12.1-3
- Resolves: #1726243, rebase to 3.12.0 - fix build with gcc 10
* Mon Aug 26 2019 Dan Horák <dhorak@redhat.com> - 3.11.1-2 * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.12.1-2
- Resolves: #1739433, ICA HW token missing after the package update - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Mon May 06 2019 Than Ngo <than@redhat.com> - 3.11.1-1 * Wed Nov 27 2019 Dan Horák <dan[at]danny.cz> - 3.12.1-1
- Resolves: #1706140, rebase to 3.11.1 - Rebase to 3.12.1
* Tue Mar 26 2019 Than Ngo <than@redhat.com> - 3.11.0-3 * Wed Nov 13 2019 Dan Horák <dan[at]danny.cz> - 3.12.0-1
- Resolves: #1667941, 3des tests failures due to FIPS incompatible test scenarios - Rebase to 3.12.0
- Resolves: #1651731, ep11 token: enhanced IBM z14 functions
- Resolves: #1651732, ep11 token: support m_*Single functions from ep11 lib
- Resolves: #1525407, use CPACF hashes in ep11 token
- Resolves: #1651238, rebase to 3.11.0
- Resolves: #1682530, gating
* Fri Dec 14 2018 Than Ngo <than@redhat.com> - 3.10.0-3 * Sun Sep 22 2019 Dan Horák <dan[at]danny.cz> - 3.11.1-1
- Resolves: #1657683, can't establish libica token in FIPS mode - Rebase to 3.11.1
- Resolves: #1652856, EP11 token fails when using Strict-Session mode or VHSM-Mode
* Thu Oct 25 2018 Than Ngo <than@redhat.com> - 3.10.0-2 * Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.11.0-5
- Resolves: #1602641, covscan - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu Mar 28 2019 Than Ngo <than@redhat.com> - 3.11.0-4
- enable testcase by default
- fix URL
* Tue Feb 19 2019 Than Ngo <than@redhat.com> - 3.11.0-3
- Resolved #1063763 - opencryptoki tools should inform the user that he is not in pkcs11 group
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.11.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Thu Jan 31 2019 Than Ngo <than@redhat.com> - 3.11.0-1
- Updated to 3.11.0
- Resolved #1341079 - Failed to create directory or subvolume "/var/lock/opencryptoki"
- Ported root's group membership's patch for 3.11.0
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.10.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Jun 12 2018 Dan Horák <dan[at]danny.cz> - 3.10.0-1 * Tue Jun 12 2018 Dan Horák <dan[at]danny.cz> - 3.10.0-1
- Rebase to 3.10.0 - Rebase to 3.10.0