Compare commits
No commits in common. "c8" and "c9s-private-than" have entirely different histories.
c8
...
c9s-privat
1
.fmf/version
Normal file
1
.fmf/version
Normal file
@ -0,0 +1 @@
|
|||||||
|
1
|
38
.gitignore
vendored
38
.gitignore
vendored
@ -1 +1,37 @@
|
|||||||
SOURCES/opencryptoki-3.22.0.tar.gz
|
opencryptoki-2.3.1.tar.gz
|
||||||
|
/opencryptoki-2.3.2.tar.gz
|
||||||
|
/opencryptoki-2.3.3.tar.gz
|
||||||
|
/opencryptoki-2.4.tar.gz
|
||||||
|
/opencryptoki-2.4.1.tar.gz
|
||||||
|
/opencryptoki-2.4.2.tar.gz
|
||||||
|
/opencryptoki-2.4.3.tar.gz
|
||||||
|
/opencryptoki-2.4.3.1-tar.gz
|
||||||
|
/opencryptoki-v3.0.tar.gz
|
||||||
|
/opencryptoki-v3.1.tgz
|
||||||
|
/opencryptoki-v3.2.tgz
|
||||||
|
/opencryptoki-v3.3.tgz
|
||||||
|
/opencryptoki-v3.4.tgz
|
||||||
|
/opencryptoki-v3.4.1.tgz
|
||||||
|
/opencryptoki-3.5.tgz
|
||||||
|
/opencryptoki-3.5.1.tgz
|
||||||
|
/opencryptoki-3.6.2.tar.gz
|
||||||
|
/opencryptoki-3.7.0.tar.gz
|
||||||
|
/opencryptoki-3.8.2.tar.gz
|
||||||
|
/opencryptoki-3.9.0.tar.gz
|
||||||
|
/opencryptoki-3.10.0.tar.gz
|
||||||
|
/opencryptoki-3.11.0.tar.gz
|
||||||
|
/opencryptoki-3.11.1.tar.gz
|
||||||
|
/opencryptoki-3.12.0.tar.gz
|
||||||
|
/opencryptoki-3.12.1.tar.gz
|
||||||
|
/opencryptoki-3.13.0.tar.gz
|
||||||
|
/opencryptoki-3.14.0.tar.gz
|
||||||
|
/opencryptoki-3.15.0.tar.gz
|
||||||
|
/opencryptoki-3.15.1.tar.gz
|
||||||
|
/opencryptoki-3.16.0.tar.gz
|
||||||
|
/opencryptoki-3.17.0.tar.gz
|
||||||
|
/opencryptoki-3.18.0.tar.gz
|
||||||
|
/opencryptoki-3.19.0.tar.gz
|
||||||
|
/opencryptoki-3.21.0.tar.gz
|
||||||
|
/opencryptoki-3.22.0.tar.gz
|
||||||
|
/opencryptoki-3.23.0.tar.gz
|
||||||
|
/opencryptoki-3.24.0.tar.gz
|
||||||
|
38
CI_plan.fmf
Normal file
38
CI_plan.fmf
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
/tier1-tests-on-x86_64-with-swtok:
|
||||||
|
|
||||||
|
summary: opencryptoki Tier1 tests on x86_64 with swtok
|
||||||
|
|
||||||
|
tag:
|
||||||
|
- Tier1
|
||||||
|
|
||||||
|
discover:
|
||||||
|
url: https://src.fedoraproject.org/tests/opencryptoki.git
|
||||||
|
filter: "tag:Tier1"
|
||||||
|
how: fmf
|
||||||
|
test:
|
||||||
|
- "Sanity/.*"
|
||||||
|
- "Regression/.*"
|
||||||
|
|
||||||
|
execute:
|
||||||
|
how: tmt
|
||||||
|
|
||||||
|
/sw-token-package-update:
|
||||||
|
|
||||||
|
summary: perform opencryptoki package update on a configured SW token
|
||||||
|
|
||||||
|
prepare:
|
||||||
|
- how: shell
|
||||||
|
order: 90
|
||||||
|
script:
|
||||||
|
- dnf -y downgrade 'opencryptoki*'
|
||||||
|
|
||||||
|
discover:
|
||||||
|
url: https://src.fedoraproject.org/tests/opencryptoki.git
|
||||||
|
how: fmf
|
||||||
|
test:
|
||||||
|
- /Update/initialized-sw-token/setup
|
||||||
|
- /Update/dnf-update-opencryptoki
|
||||||
|
- /Update/initialized-sw-token/test
|
||||||
|
|
||||||
|
execute:
|
||||||
|
how: tmt
|
@ -1,12 +0,0 @@
|
|||||||
diff -up opencryptoki-3.11.0/configure.ac.me opencryptoki-3.11.0/configure.ac
|
|
||||||
--- opencryptoki-3.11.0/configure.ac.me 2019-01-30 17:10:19.660952694 +0100
|
|
||||||
+++ opencryptoki-3.11.0/configure.ac 2019-01-30 17:13:54.150089964 +0100
|
|
||||||
@@ -62,7 +62,7 @@ AC_SUBST([OPENLDAP_LIBS])
|
|
||||||
|
|
||||||
dnl Define custom variables
|
|
||||||
|
|
||||||
-lockdir=$localstatedir/lock/opencryptoki
|
|
||||||
+lockdir=/run/lock/opencryptoki
|
|
||||||
AC_SUBST(lockdir)
|
|
||||||
|
|
||||||
logdir=$localstatedir/log/opencryptoki
|
|
@ -1,27 +0,0 @@
|
|||||||
diff -up opencryptoki-3.21.0/misc/pkcsslotd.service.in.me opencryptoki-3.21.0/misc/pkcsslotd.service.in
|
|
||||||
--- opencryptoki-3.21.0/misc/pkcsslotd.service.in.me 2023-05-16 20:50:08.128841932 +0200
|
|
||||||
+++ opencryptoki-3.21.0/misc/pkcsslotd.service.in 2023-05-16 21:19:35.208570589 +0200
|
|
||||||
@@ -22,17 +22,17 @@ PrivateUsers=no
|
|
||||||
PrivateNetwork=no
|
|
||||||
RestrictAddressFamilies=AF_UNIX AF_NETLINK
|
|
||||||
IPAddressDeny=any
|
|
||||||
-ProtectClock=yes
|
|
||||||
+#ProtectClock=yes
|
|
||||||
ProtectKernelTunables=yes
|
|
||||||
ProtectKernelModules=yes
|
|
||||||
-ProtectKernelLogs=yes
|
|
||||||
+#ProtectKernelLogs=yes
|
|
||||||
ProtectControlGroups=yes
|
|
||||||
ProtectHome=yes
|
|
||||||
-ProtectHostname=yes
|
|
||||||
-ProtectProc=default
|
|
||||||
+#ProtectHostname=yes
|
|
||||||
+#ProtectProc=default
|
|
||||||
ProtectSystem=strict
|
|
||||||
-ReadWritePaths=@localstatedir@
|
|
||||||
-ProcSubset=all
|
|
||||||
+ReadWritePaths=@localstatedir@ /run
|
|
||||||
+#ProcSubset=all
|
|
||||||
MemoryDenyWriteExecute=yes
|
|
||||||
RestrictRealtime=yes
|
|
||||||
RestrictNamespaces=yes
|
|
@ -1,153 +0,0 @@
|
|||||||
commit f931d6e47bf2fb26aa9cf52e231d13edc1c837a1
|
|
||||||
Author: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
||||||
Date: Tue Dec 12 17:16:56 2023 +0100
|
|
||||||
|
|
||||||
COMMON: Update rsa_parse_block_type_2() to not leak the message length
|
|
||||||
|
|
||||||
Take the implementation of OpenSSL function RSA_padding_check_PKCS1_type_2()
|
|
||||||
in crypto/rsa/rsa_pk1.c instead of ossl_rsa_padding_check_PKCS1_type_2(), since
|
|
||||||
the latter leaks the message size.
|
|
||||||
|
|
||||||
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
||||||
|
|
||||||
diff --git a/usr/lib/common/mech_rsa.c b/usr/lib/common/mech_rsa.c
|
|
||||||
index 326c5795..7bab1a84 100644
|
|
||||||
--- a/usr/lib/common/mech_rsa.c
|
|
||||||
+++ b/usr/lib/common/mech_rsa.c
|
|
||||||
@@ -29,6 +29,7 @@
|
|
||||||
#include "constant_time.h"
|
|
||||||
|
|
||||||
#include <openssl/crypto.h>
|
|
||||||
+#include <openssl/rsa.h>
|
|
||||||
|
|
||||||
CK_BBOOL is_rsa_mechanism(CK_MECHANISM_TYPE mech)
|
|
||||||
{
|
|
||||||
@@ -293,13 +294,16 @@ static CK_RV rsa_parse_block_type_2(CK_BYTE *in_data,
|
|
||||||
CK_BYTE *out_data,
|
|
||||||
CK_ULONG *out_data_len)
|
|
||||||
{
|
|
||||||
- unsigned int ok = 0, found, zero;
|
|
||||||
- size_t zero_index = 0, msg_index, mlen;
|
|
||||||
- size_t i, j;
|
|
||||||
+ int i;
|
|
||||||
+ unsigned char *em = NULL;
|
|
||||||
+ unsigned int good, found_zero_byte, mask, equals0;
|
|
||||||
+ int zero_index = 0, msg_index, mlen = -1;
|
|
||||||
+ int out_len = *out_data_len;
|
|
||||||
+ int rsa_size = in_data_len;
|
|
||||||
|
|
||||||
/*
|
|
||||||
* The implementation of this function is copied from OpenSSL's function
|
|
||||||
- * ossl_rsa_padding_check_PKCS1_type_2() in crypto/rsa/rsa_pk1.c
|
|
||||||
+ * RSA_padding_check_PKCS1_type_2() in crypto/rsa/rsa_pk1.c
|
|
||||||
* and is slightly modified to fit to the OpenCryptoki environment.
|
|
||||||
*
|
|
||||||
* The OpenSSL code is licensed under the Apache License 2.0.
|
|
||||||
@@ -324,55 +328,86 @@ static CK_RV rsa_parse_block_type_2(CK_BYTE *in_data,
|
|
||||||
* PKCS#1 v1.5 decryption. See "PKCS #1 v2.2: RSA Cryptography Standard",
|
|
||||||
* section 7.2.2.
|
|
||||||
*/
|
|
||||||
- if (in_data_len < 11) {
|
|
||||||
+ if (rsa_size < RSA_PKCS1_PADDING_SIZE) {
|
|
||||||
TRACE_DEVEL("%s\n", ock_err(ERR_FUNCTION_FAILED));
|
|
||||||
return CKR_FUNCTION_FAILED;
|
|
||||||
}
|
|
||||||
|
|
||||||
- ok = constant_time_is_zero(in_data[0]);
|
|
||||||
- ok &= constant_time_eq(in_data[1], 2);
|
|
||||||
+ em = malloc(rsa_size);
|
|
||||||
+ if (em == NULL) {
|
|
||||||
+ TRACE_DEVEL("%s\n", ock_err(ERR_HOST_MEMORY));
|
|
||||||
+ return CKR_HOST_MEMORY;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /* in_data_len is always equal to rsa_size */
|
|
||||||
+ memcpy(em, in_data, rsa_size);
|
|
||||||
+
|
|
||||||
+ good = constant_time_is_zero(em[0]);
|
|
||||||
+ good &= constant_time_eq(em[1], 2);
|
|
||||||
|
|
||||||
/* scan over padding data */
|
|
||||||
- found = 0;
|
|
||||||
- for (i = 2; i < in_data_len; i++) {
|
|
||||||
- zero = constant_time_is_zero(in_data[i]);
|
|
||||||
+ found_zero_byte = 0;
|
|
||||||
+ for (i = 2; i < rsa_size; i++) {
|
|
||||||
+ equals0 = constant_time_is_zero(em[i]);
|
|
||||||
|
|
||||||
- zero_index = constant_time_select_int(~found & zero, i, zero_index);
|
|
||||||
- found |= zero;
|
|
||||||
+ zero_index = constant_time_select_int(~found_zero_byte & equals0,
|
|
||||||
+ i, zero_index);
|
|
||||||
+ found_zero_byte |= equals0;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
- * PS must be at least 8 bytes long, and it starts two bytes into |enc_msg|.
|
|
||||||
+ * PS must be at least 8 bytes long, and it starts two bytes into |em|.
|
|
||||||
* If we never found a 0-byte, then |zero_index| is 0 and the check
|
|
||||||
* also fails.
|
|
||||||
*/
|
|
||||||
- ok &= constant_time_ge(zero_index, 2 + 8);
|
|
||||||
+ good &= constant_time_ge(zero_index, 2 + 8);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Skip the zero byte. This is incorrect if we never found a zero-byte
|
|
||||||
* but in this case we also do not copy the message out.
|
|
||||||
*/
|
|
||||||
msg_index = zero_index + 1;
|
|
||||||
- mlen = in_data_len - msg_index;
|
|
||||||
+ mlen = rsa_size - msg_index;
|
|
||||||
|
|
||||||
/*
|
|
||||||
* For good measure, do this check in constant time as well.
|
|
||||||
*/
|
|
||||||
- ok &= constant_time_ge(*out_data_len, mlen);
|
|
||||||
+ good &= constant_time_ge(out_len, mlen);
|
|
||||||
|
|
||||||
/*
|
|
||||||
- * since at this point the |msg_index| does not provide the signal
|
|
||||||
- * indicating if the padding check failed or not, we don't have to worry
|
|
||||||
- * about leaking the length of returned message, we still need to ensure
|
|
||||||
- * that we read contents of both buffers so that cache accesses don't leak
|
|
||||||
- * the value of |good|
|
|
||||||
+ * Move the result in-place by |rsa_size|-RSA_PKCS1_PADDING_SIZE-|mlen|
|
|
||||||
+ * bytes to the left.
|
|
||||||
+ * Then if |good| move |mlen| bytes from |em|+RSA_PKCS1_PADDING_SIZE to
|
|
||||||
+ * |out_data|. Otherwise leave |out_data| unchanged.
|
|
||||||
+ * Copy the memory back in a way that does not reveal the size of
|
|
||||||
+ * the data being copied via a timing side channel. This requires copying
|
|
||||||
+ * parts of the buffer multiple times based on the bits set in the real
|
|
||||||
+ * length. Clear bits do a non-copy with identical access pattern.
|
|
||||||
+ * The loop below has overall complexity of O(N*log(N)).
|
|
||||||
*/
|
|
||||||
- for (i = msg_index, j = 0; i < in_data_len && j < *out_data_len; i++, j++)
|
|
||||||
- out_data[j] = constant_time_select_8(ok, in_data[i], out_data[j]);
|
|
||||||
+ out_len = constant_time_select_int(
|
|
||||||
+ constant_time_lt(rsa_size - RSA_PKCS1_PADDING_SIZE, out_len),
|
|
||||||
+ rsa_size - RSA_PKCS1_PADDING_SIZE,
|
|
||||||
+ out_len);
|
|
||||||
+ for (msg_index = 1; msg_index < rsa_size - RSA_PKCS1_PADDING_SIZE;
|
|
||||||
+ msg_index <<= 1) {
|
|
||||||
+ mask = ~constant_time_eq(
|
|
||||||
+ msg_index & (rsa_size - RSA_PKCS1_PADDING_SIZE - mlen), 0);
|
|
||||||
+ for (i = RSA_PKCS1_PADDING_SIZE; i < rsa_size - msg_index; i++)
|
|
||||||
+ em[i] = constant_time_select_8(mask, em[i + msg_index], em[i]);
|
|
||||||
+ }
|
|
||||||
+ for (i = 0; i < out_len; i++) {
|
|
||||||
+ mask = good & constant_time_lt(i, mlen);
|
|
||||||
+ out_data[i] = constant_time_select_8(
|
|
||||||
+ mask, em[i + RSA_PKCS1_PADDING_SIZE], out_data[i]);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ OPENSSL_cleanse(em, rsa_size);
|
|
||||||
+ free(em);
|
|
||||||
|
|
||||||
- *out_data_len = j;
|
|
||||||
+ *out_data_len = constant_time_select_int(good, mlen, 0);
|
|
||||||
|
|
||||||
- return constant_time_select_int(ok, CKR_OK, CKR_ENCRYPTED_DATA_INVALID);
|
|
||||||
+ return constant_time_select_int(good, CKR_OK, CKR_ENCRYPTED_DATA_INVALID);
|
|
||||||
}
|
|
||||||
|
|
||||||
CK_RV rsa_parse_block(CK_BYTE *in_data,
|
|
@ -1,737 +0,0 @@
|
|||||||
commit 5f1a4f8641306ee192b70c8a32c9ee8a0fe9be5f
|
|
||||||
Author: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
||||||
Date: Mon Jan 15 12:53:37 2024 +0100
|
|
||||||
|
|
||||||
common: Add support for implicit rejection for RSA PKCS#1 v1.5 de-padding
|
|
||||||
|
|
||||||
Implicit rejection returns a pseudo random message in case the RSA PKCS#1 v1.5
|
|
||||||
padding is incorrect, but returns no error. The pseudo random message is based
|
|
||||||
on static secret data (the private exponent) and the provided ciphertext, so
|
|
||||||
that the attacker cannot determine that the returned value is randomly generated
|
|
||||||
instead of the result of decryption and de-padding.
|
|
||||||
|
|
||||||
The implicit rejection algorithm is the same as used by OpenSSL.
|
|
||||||
|
|
||||||
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
||||||
|
|
||||||
diff --git a/COPYRIGHTS b/COPYRIGHTS
|
|
||||||
index 2bb3dffe..21b6b702 100644
|
|
||||||
--- a/COPYRIGHTS
|
|
||||||
+++ b/COPYRIGHTS
|
|
||||||
@@ -12,19 +12,29 @@ For code originating from OpenSSL:
|
|
||||||
* Note that in OpenSSL the file crypto/bn/rsa_sup_mul.c does no longer
|
|
||||||
* exist, it was removed with commit https://github.com/openssl/openssl/commit/4209ce68d8fe8b1506494efa03d378d05baf9ff8
|
|
||||||
* - usr/lib/common/constant_time.h: Copied unchanged from OpenSSL from
|
|
||||||
- include/internal/constant_time.h
|
|
||||||
+ * include/internal/constant_time.h
|
|
||||||
* - The implementation of function rsa_parse_block_type_2() in
|
|
||||||
* usr/lib/common/mech_rsa.c is copied from OpenSSL's function
|
|
||||||
* ossl_rsa_padding_check_PKCS1_type_2() in crypto/rsa/rsa_pk1.c
|
|
||||||
* and is slightly modified to fit to the OpenCryptoki environment.
|
|
||||||
* See comment in function rsa_parse_block_type_2() for a list of changes.
|
|
||||||
+ * - The implementation of function openssl_specific_rsa_derive_kdk() in
|
|
||||||
+ * usr/lib/common/mech_openssl.c is copied from OpenSSL's function
|
|
||||||
+ * derive_kdk() in crypto/rsa/rsa_ossl.c and is slightly modified to fit to
|
|
||||||
+ * the OpenCryptoki environment. See comment in function
|
|
||||||
+ * openssl_specific_rsa_derive_kdk() for a list of changes.
|
|
||||||
+ * - The implementation of function openssl_specific_rsa_prf() in
|
|
||||||
+ * usr/lib/common/mech_openssl.c is copied from OpenSSL's function
|
|
||||||
+ * ossl_rsa_prf() in crypto/rsa/rsapk1.c and is slightly modified to fit to
|
|
||||||
+ * the OpenCryptoki environment. See comment in function
|
|
||||||
+ * openssl_specific_rsa_prf() for a list of changes.
|
|
||||||
* - The implementation of function decode_eme_oaep() in
|
|
||||||
* usr/lib/common/mech_rsa.c is copied from OpenSSL's function
|
|
||||||
* RSA_padding_check_PKCS1_OAEP_mgf1() in crypto/rsa/rsa_oaep.c and is
|
|
||||||
* slightly modified to fit to the OpenCryptoki environment. See comment in
|
|
||||||
* function decode_eme_oaep() for a list of changes.
|
|
||||||
*
|
|
||||||
- * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
|
|
||||||
+ * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
|
|
||||||
*
|
|
||||||
* The OpenSSL code is licensed under the Apache License 2.0 (the "License").
|
|
||||||
* You can obtain a copy in the file LICENSE in the OpenSSL source distribution
|
|
||||||
diff --git a/usr/lib/common/h_extern.h b/usr/lib/common/h_extern.h
|
|
||||||
index a88b57d0..29496d99 100644
|
|
||||||
--- a/usr/lib/common/h_extern.h
|
|
||||||
+++ b/usr/lib/common/h_extern.h
|
|
||||||
@@ -731,7 +731,8 @@ CK_RV rsa_format_block(STDLL_TokData_t *tokdata,
|
|
||||||
CK_RV rsa_parse_block(CK_BYTE *in_data,
|
|
||||||
CK_ULONG in_data_len,
|
|
||||||
CK_BYTE *out_data,
|
|
||||||
- CK_ULONG *out_data_len, CK_ULONG type);
|
|
||||||
+ CK_ULONG *out_data_len, CK_ULONG type,
|
|
||||||
+ CK_BYTE *kdk, CK_ULONG kdklen);
|
|
||||||
|
|
||||||
CK_RV get_mgf_mech(CK_RSA_PKCS_MGF_TYPE mgf, CK_MECHANISM_TYPE *mech);
|
|
||||||
|
|
||||||
@@ -3179,6 +3180,14 @@ CK_RV openssl_specific_hmac_update(SIGN_VERIFY_CONTEXT *ctx, CK_BYTE *in_data,
|
|
||||||
CK_RV openssl_specific_hmac_final(SIGN_VERIFY_CONTEXT *ctx, CK_BYTE *signature,
|
|
||||||
CK_ULONG *sig_len, CK_BBOOL sign);
|
|
||||||
|
|
||||||
+CK_RV openssl_specific_rsa_derive_kdk(STDLL_TokData_t *tokdata, OBJECT *key_obj,
|
|
||||||
+ const CK_BYTE *in, CK_ULONG inlen,
|
|
||||||
+ CK_BYTE *kdk, CK_ULONG kdklen);
|
|
||||||
+CK_RV openssl_specific_rsa_prf(CK_BYTE *out, CK_ULONG outlen,
|
|
||||||
+ const char *label, CK_ULONG labellen,
|
|
||||||
+ const CK_BYTE *kdk, CK_ULONG kdklen,
|
|
||||||
+ uint16_t bitlen);
|
|
||||||
+
|
|
||||||
#include "tok_spec_struct.h"
|
|
||||||
extern token_spec_t token_specific;
|
|
||||||
|
|
||||||
diff --git a/usr/lib/common/mech_openssl.c b/usr/lib/common/mech_openssl.c
|
|
||||||
index 9983fcb3..da515289 100644
|
|
||||||
--- a/usr/lib/common/mech_openssl.c
|
|
||||||
+++ b/usr/lib/common/mech_openssl.c
|
|
||||||
@@ -1154,6 +1154,7 @@ CK_RV openssl_specific_rsa_pkcs_decrypt(STDLL_TokData_t *tokdata,
|
|
||||||
CK_RV rc;
|
|
||||||
CK_BYTE out[MAX_RSA_KEYLEN];
|
|
||||||
CK_ULONG modulus_bytes;
|
|
||||||
+ unsigned char kdk[SHA256_HASH_SIZE] = { 0 };
|
|
||||||
|
|
||||||
modulus_bytes = in_data_len;
|
|
||||||
|
|
||||||
@@ -1163,7 +1164,16 @@ CK_RV openssl_specific_rsa_pkcs_decrypt(STDLL_TokData_t *tokdata,
|
|
||||||
goto done;
|
|
||||||
}
|
|
||||||
|
|
||||||
- rc = rsa_parse_block(out, modulus_bytes, out_data, out_data_len, PKCS_BT_2);
|
|
||||||
+ rc = openssl_specific_rsa_derive_kdk(tokdata, key_obj,
|
|
||||||
+ in_data, in_data_len,
|
|
||||||
+ kdk, sizeof(kdk));
|
|
||||||
+ if (rc != CKR_OK) {
|
|
||||||
+ TRACE_DEVEL("openssl_specific_rsa_derive_kdk failed\n");
|
|
||||||
+ goto done;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ rc = rsa_parse_block(out, modulus_bytes, out_data, out_data_len, PKCS_BT_2,
|
|
||||||
+ kdk, sizeof(kdk));
|
|
||||||
|
|
||||||
done:
|
|
||||||
OPENSSL_cleanse(out, sizeof(out));
|
|
||||||
@@ -1254,7 +1264,7 @@ CK_RV openssl_specific_rsa_pkcs_verify(STDLL_TokData_t *tokdata, SESSION *sess,
|
|
||||||
}
|
|
||||||
|
|
||||||
rc = rsa_parse_block(out, modulus_bytes, out_data, &out_data_len,
|
|
||||||
- PKCS_BT_1);
|
|
||||||
+ PKCS_BT_1, NULL, 0);
|
|
||||||
if (rc == CKR_ENCRYPTED_DATA_INVALID) {
|
|
||||||
TRACE_ERROR("%s\n", ock_err(ERR_SIGNATURE_INVALID));
|
|
||||||
return CKR_SIGNATURE_INVALID;
|
|
||||||
@@ -1318,7 +1328,8 @@ CK_RV openssl_specific_rsa_pkcs_verify_recover(STDLL_TokData_t *tokdata,
|
|
||||||
return rc;
|
|
||||||
}
|
|
||||||
|
|
||||||
- rc = rsa_parse_block(out, modulus_bytes, out_data, out_data_len, PKCS_BT_1);
|
|
||||||
+ rc = rsa_parse_block(out, modulus_bytes, out_data, out_data_len, PKCS_BT_1,
|
|
||||||
+ NULL, 0);
|
|
||||||
if (rc == CKR_ENCRYPTED_DATA_INVALID) {
|
|
||||||
TRACE_ERROR("%s\n", ock_err(ERR_SIGNATURE_INVALID));
|
|
||||||
return CKR_SIGNATURE_INVALID;
|
|
||||||
@@ -4983,3 +4994,388 @@ done:
|
|
||||||
ctx->context = NULL;
|
|
||||||
return rv;
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+static CK_RV calc_rsa_priv_exp(STDLL_TokData_t *tokdata, OBJECT *key_obj,
|
|
||||||
+ CK_BYTE *priv_exp, CK_ULONG priv_exp_len)
|
|
||||||
+{
|
|
||||||
+ CK_ATTRIBUTE *modulus = NULL, *pub_exp = NULL;
|
|
||||||
+ CK_ATTRIBUTE *prime1 = NULL, *prime2 = NULL;
|
|
||||||
+ BN_CTX *bn_ctx;
|
|
||||||
+ BIGNUM *n, *e, *p, *q, *d;
|
|
||||||
+ CK_RV rc;
|
|
||||||
+
|
|
||||||
+ UNUSED(tokdata);
|
|
||||||
+
|
|
||||||
+ bn_ctx = BN_CTX_secure_new();
|
|
||||||
+ if (bn_ctx == NULL) {
|
|
||||||
+ TRACE_ERROR("BN_CTX_secure_new failed\n");
|
|
||||||
+ return CKR_FUNCTION_FAILED;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /* Get modulus a BIGNUM */
|
|
||||||
+ rc = template_attribute_get_non_empty(key_obj->template, CKA_MODULUS,
|
|
||||||
+ &modulus);
|
|
||||||
+ if (rc != CKR_OK) {
|
|
||||||
+ TRACE_ERROR("Failed to get CKA_MODULUS\n");
|
|
||||||
+ goto done;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ n = BN_CTX_get(bn_ctx);
|
|
||||||
+ if (n == NULL ||
|
|
||||||
+ BN_bin2bn(modulus->pValue, modulus->ulValueLen, n) == NULL) {
|
|
||||||
+ TRACE_ERROR("BN_CTX_get/BN_bin2bn failed for modulus\n");
|
|
||||||
+ rc = CKR_FUNCTION_FAILED;
|
|
||||||
+ goto done;
|
|
||||||
+ }
|
|
||||||
+ BN_set_flags(n, BN_FLG_CONSTTIME);
|
|
||||||
+
|
|
||||||
+ /* Get public exponent a BIGNUM */
|
|
||||||
+ rc = template_attribute_get_non_empty(key_obj->template,
|
|
||||||
+ CKA_PUBLIC_EXPONENT, &pub_exp);
|
|
||||||
+ if (rc != CKR_OK) {
|
|
||||||
+ TRACE_ERROR("Failed to get CKA_PUBLIC_EXPONENT\n");
|
|
||||||
+ goto done;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ e = BN_CTX_get(bn_ctx);
|
|
||||||
+ if (e == NULL ||
|
|
||||||
+ BN_bin2bn(pub_exp->pValue, pub_exp->ulValueLen, e) == NULL) {
|
|
||||||
+ TRACE_ERROR("BN_CTX_get/BN_bin2bn failed for public exponent\n");
|
|
||||||
+ rc = CKR_FUNCTION_FAILED;
|
|
||||||
+ goto done;
|
|
||||||
+ }
|
|
||||||
+ BN_set_flags(e, BN_FLG_CONSTTIME);
|
|
||||||
+
|
|
||||||
+ /* Get prime1 a BIGNUM */
|
|
||||||
+ rc = template_attribute_get_non_empty(key_obj->template, CKA_PRIME_1,
|
|
||||||
+ &prime1);
|
|
||||||
+ if (rc != CKR_OK) {
|
|
||||||
+ TRACE_ERROR("Failed to get CKA_PRIME_1\n");
|
|
||||||
+ goto done;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ p = BN_CTX_get(bn_ctx);
|
|
||||||
+ if (p == NULL ||
|
|
||||||
+ BN_bin2bn(prime1->pValue, prime1->ulValueLen, p) == NULL) {
|
|
||||||
+ TRACE_ERROR("BN_CTX_get/BN_bin2bn failed for prime1\n");
|
|
||||||
+ rc = CKR_FUNCTION_FAILED;
|
|
||||||
+ goto done;
|
|
||||||
+ }
|
|
||||||
+ BN_set_flags(p, BN_FLG_CONSTTIME);
|
|
||||||
+
|
|
||||||
+ /* Get prime2 a BIGNUM */
|
|
||||||
+ rc = template_attribute_get_non_empty(key_obj->template, CKA_PRIME_2,
|
|
||||||
+ &prime2);
|
|
||||||
+ if (rc != CKR_OK) {
|
|
||||||
+ TRACE_ERROR("Failed to get CKA_PRIME_2\n");
|
|
||||||
+ goto done;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ q = BN_CTX_get(bn_ctx);
|
|
||||||
+ if (q == NULL ||
|
|
||||||
+ BN_bin2bn(prime2->pValue, prime2->ulValueLen, q) == NULL) {
|
|
||||||
+ TRACE_ERROR("BN_CTX_get/BN_bin2bn failed for prime2\n");
|
|
||||||
+ rc = CKR_FUNCTION_FAILED;
|
|
||||||
+ goto done;
|
|
||||||
+ }
|
|
||||||
+ BN_set_flags(q, BN_FLG_CONSTTIME);
|
|
||||||
+
|
|
||||||
+ d = BN_CTX_get(bn_ctx);
|
|
||||||
+ if (d == NULL) {
|
|
||||||
+ TRACE_ERROR("BN_CTX_get failed to get d\n");
|
|
||||||
+ rc = CKR_FUNCTION_FAILED;
|
|
||||||
+ goto done;
|
|
||||||
+ }
|
|
||||||
+ BN_set_flags(d, BN_FLG_CONSTTIME);
|
|
||||||
+
|
|
||||||
+ /*
|
|
||||||
+ * phi(n) = (p - 1 )(q - 1) = n - p - q + 1
|
|
||||||
+ * d = e ^{-1} mod phi(n).
|
|
||||||
+ */
|
|
||||||
+ if (BN_copy(d, n) == NULL ||
|
|
||||||
+ BN_sub(d, d, p) == 0 ||
|
|
||||||
+ BN_sub(d, d, q) == 0 ||
|
|
||||||
+ BN_add_word(d, 1) == 0 ||
|
|
||||||
+ BN_mod_inverse(d, e, d, bn_ctx) == NULL) {
|
|
||||||
+ TRACE_ERROR("Failed to calculate private key part d\n");
|
|
||||||
+ rc = CKR_FUNCTION_FAILED;
|
|
||||||
+ goto done;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (BN_bn2binpad(d, priv_exp, priv_exp_len) <= 0) {
|
|
||||||
+ TRACE_ERROR("BN_bn2binpad failed\n");
|
|
||||||
+ rc = CKR_FUNCTION_FAILED;
|
|
||||||
+ goto done;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+done:
|
|
||||||
+ BN_CTX_free(bn_ctx);
|
|
||||||
+
|
|
||||||
+ return rc;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+CK_RV openssl_specific_rsa_derive_kdk(STDLL_TokData_t *tokdata, OBJECT *key_obj,
|
|
||||||
+ const CK_BYTE *in, CK_ULONG inlen,
|
|
||||||
+ CK_BYTE *kdk, CK_ULONG kdklen)
|
|
||||||
+{
|
|
||||||
+ CK_ATTRIBUTE *priv_exp_attr = NULL, *modulus = NULL;
|
|
||||||
+ CK_BYTE *priv_exp = NULL, *buf = NULL;
|
|
||||||
+ EVP_PKEY *pkey = NULL;
|
|
||||||
+ EVP_MD_CTX *mdctx = NULL;
|
|
||||||
+ const EVP_MD *md = NULL;
|
|
||||||
+ size_t md_len;
|
|
||||||
+ unsigned char d_hash[SHA256_HASH_SIZE] = { 0 };
|
|
||||||
+ CK_RV rc;
|
|
||||||
+
|
|
||||||
+ /*
|
|
||||||
+ * The implementation of this function is copied from OpenSSL's function
|
|
||||||
+ * derive_kdk() in crypto/rsa/rsa_ossl.c and is slightly modified to fit to
|
|
||||||
+ * the OpenCryptoki environment.
|
|
||||||
+ * Changes include:
|
|
||||||
+ * - Different variable and define names.
|
|
||||||
+ * - Usage of TRACE_ERROR to report errors and issue debug messages.
|
|
||||||
+ * - Different return codes.
|
|
||||||
+ * - Different code to get the private key component 'd'.
|
|
||||||
+ * - Use of the EVP APIs instead of the internal APIs for Digest and HMAC
|
|
||||||
+ * operations.
|
|
||||||
+ */
|
|
||||||
+
|
|
||||||
+ if (kdklen != SHA256_HASH_SIZE) {
|
|
||||||
+ TRACE_ERROR("KDK length is wrong\n");
|
|
||||||
+ return CKR_ARGUMENTS_BAD;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ rc = template_attribute_get_non_empty(key_obj->template, CKA_MODULUS,
|
|
||||||
+ &modulus);
|
|
||||||
+ if (rc != CKR_OK) {
|
|
||||||
+ TRACE_ERROR("Failed to get CKA_MODULUS\n");
|
|
||||||
+ return rc;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ buf = calloc(1, modulus->ulValueLen);
|
|
||||||
+ if (buf == NULL) {
|
|
||||||
+ TRACE_ERROR("Failed to allocate a buffer for private exponent\n");
|
|
||||||
+ return CKR_HOST_MEMORY;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ rc = template_attribute_get_non_empty(key_obj->template,
|
|
||||||
+ CKA_PRIVATE_EXPONENT, &priv_exp_attr);
|
|
||||||
+ if (rc != CKR_OK && rc != CKR_TEMPLATE_INCOMPLETE) {
|
|
||||||
+ TRACE_ERROR("Failed to get CKA_PRIVATE_EXPONENT\n");
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (priv_exp_attr == NULL) {
|
|
||||||
+ rc = calc_rsa_priv_exp(tokdata, key_obj, buf, modulus->ulValueLen);
|
|
||||||
+ if (rc != CKR_OK) {
|
|
||||||
+ TRACE_ERROR("calc_rsa_priv_exp failed\n");
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+ priv_exp = buf;
|
|
||||||
+ } else {
|
|
||||||
+ if (priv_exp_attr->ulValueLen < modulus->ulValueLen) {
|
|
||||||
+ memcpy(buf + modulus->ulValueLen - priv_exp_attr->ulValueLen,
|
|
||||||
+ priv_exp_attr->pValue, priv_exp_attr->ulValueLen);
|
|
||||||
+ priv_exp = buf;
|
|
||||||
+ } else {
|
|
||||||
+ priv_exp = (CK_BYTE *)priv_exp_attr->pValue +
|
|
||||||
+ priv_exp_attr->ulValueLen - modulus->ulValueLen;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /*
|
|
||||||
+ * we use hardcoded hash so that migrating between versions that use
|
|
||||||
+ * different hash doesn't provide a Bleichenbacher oracle:
|
|
||||||
+ * if the attacker can see that different versions return different
|
|
||||||
+ * messages for the same ciphertext, they'll know that the message is
|
|
||||||
+ * synthetically generated, which means that the padding check failed
|
|
||||||
+ */
|
|
||||||
+ md = EVP_sha256();
|
|
||||||
+ if (md == NULL) {
|
|
||||||
+ TRACE_ERROR("EVP_sha256 failed\n");
|
|
||||||
+ rc = CKR_FUNCTION_FAILED;
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (EVP_Digest(priv_exp, modulus->ulValueLen, d_hash, NULL,
|
|
||||||
+ md, NULL) <= 0) {
|
|
||||||
+ TRACE_ERROR("EVP_Digest failed\n");
|
|
||||||
+ rc = CKR_FUNCTION_FAILED;
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, d_hash, sizeof(d_hash));
|
|
||||||
+ if (pkey == NULL) {
|
|
||||||
+ TRACE_ERROR("EVP_PKEY_new_mac_key() failed.\n");
|
|
||||||
+ rc = CKR_FUNCTION_FAILED;
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ mdctx = EVP_MD_CTX_create();
|
|
||||||
+ if (mdctx == NULL) {
|
|
||||||
+ TRACE_ERROR("EVP_MD_CTX_create() failed.\n");
|
|
||||||
+ rc = CKR_FUNCTION_FAILED;
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (EVP_DigestSignInit(mdctx, NULL, md, NULL, pkey) != 1) {
|
|
||||||
+ TRACE_ERROR("EVP_DigestSignInit failed\n");
|
|
||||||
+ rc = CKR_FUNCTION_FAILED;
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (inlen < modulus->ulValueLen) {
|
|
||||||
+ memset(buf, 0, modulus->ulValueLen - inlen);
|
|
||||||
+ if (EVP_DigestSignUpdate(mdctx, buf, modulus->ulValueLen - inlen)!= 1) {
|
|
||||||
+ TRACE_ERROR("EVP_DigestSignUpdate failed\n");
|
|
||||||
+ rc = CKR_FUNCTION_FAILED;
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ if (EVP_DigestSignUpdate(mdctx, in, inlen) != 1) {
|
|
||||||
+ TRACE_ERROR("EVP_DigestSignUpdate failed\n");
|
|
||||||
+ rc = CKR_FUNCTION_FAILED;
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ md_len = kdklen;
|
|
||||||
+ if (EVP_DigestSignFinal(mdctx, kdk, &md_len) != 1 ||
|
|
||||||
+ md_len != kdklen) {
|
|
||||||
+ TRACE_ERROR("EVP_DigestSignFinal failed\n");
|
|
||||||
+ rc = CKR_FUNCTION_FAILED;
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ rc = CKR_OK;
|
|
||||||
+
|
|
||||||
+out:
|
|
||||||
+ if (buf != NULL)
|
|
||||||
+ free(buf);
|
|
||||||
+ if (pkey != NULL)
|
|
||||||
+ EVP_PKEY_free(pkey);
|
|
||||||
+ if (mdctx != NULL)
|
|
||||||
+ EVP_MD_CTX_free(mdctx);
|
|
||||||
+
|
|
||||||
+ return rc;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+CK_RV openssl_specific_rsa_prf(CK_BYTE *out, CK_ULONG outlen,
|
|
||||||
+ const char *label, CK_ULONG labellen,
|
|
||||||
+ const CK_BYTE *kdk, CK_ULONG kdklen,
|
|
||||||
+ uint16_t bitlen)
|
|
||||||
+{
|
|
||||||
+ CK_RV rc;
|
|
||||||
+ CK_ULONG pos;
|
|
||||||
+ uint16_t iter = 0;
|
|
||||||
+ unsigned char be_iter[sizeof(iter)];
|
|
||||||
+ unsigned char be_bitlen[sizeof(bitlen)];
|
|
||||||
+ EVP_PKEY *pkey = NULL;
|
|
||||||
+ EVP_MD_CTX *mdctx = NULL;
|
|
||||||
+ unsigned char hmac_out[SHA256_HASH_SIZE];
|
|
||||||
+ size_t md_len;
|
|
||||||
+
|
|
||||||
+ /*
|
|
||||||
+ * The implementation of this function is copied from OpenSSL's function
|
|
||||||
+ * ossl_rsa_prf() in crypto/rsa/rsapk1.c and is slightly modified to fit to
|
|
||||||
+ * the providers environment.
|
|
||||||
+ * Changes include:
|
|
||||||
+ * - Different variable and define names.
|
|
||||||
+ * - Usage of TRACE_ERROR report errors and issue debug messages.
|
|
||||||
+ * - Different return codes.
|
|
||||||
+ * - Use of the EVP API instead of the internal APIs for HMAC operations.
|
|
||||||
+ */
|
|
||||||
+
|
|
||||||
+ if (kdklen != SHA256_HASH_SIZE) {
|
|
||||||
+ TRACE_ERROR("invalid kdklen\n");
|
|
||||||
+ return CKR_ARGUMENTS_BAD;
|
|
||||||
+ }
|
|
||||||
+ if (outlen * 8 != bitlen) {
|
|
||||||
+ TRACE_ERROR("invalid outlen\n");
|
|
||||||
+ return CKR_ARGUMENTS_BAD;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ be_bitlen[0] = (bitlen >> 8) & 0xff;
|
|
||||||
+ be_bitlen[1] = bitlen & 0xff;
|
|
||||||
+
|
|
||||||
+ pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, kdk, kdklen);
|
|
||||||
+ if (pkey == NULL) {
|
|
||||||
+ TRACE_ERROR("EVP_PKEY_new_mac_key() failed.\n");
|
|
||||||
+ rc = CKR_FUNCTION_FAILED;
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ mdctx = EVP_MD_CTX_create();
|
|
||||||
+ if (mdctx == NULL) {
|
|
||||||
+ TRACE_ERROR("EVP_MD_CTX_create() failed.\n");
|
|
||||||
+ rc = CKR_FUNCTION_FAILED;
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /*
|
|
||||||
+ * we use hardcoded hash so that migrating between versions that use
|
|
||||||
+ * different hash doesn't provide a Bleichenbacher oracle:
|
|
||||||
+ * if the attacker can see that different versions return different
|
|
||||||
+ * messages for the same ciphertext, they'll know that the message is
|
|
||||||
+ * synthetically generated, which means that the padding check failed
|
|
||||||
+ */
|
|
||||||
+ for (pos = 0; pos < outlen; pos += SHA256_HASH_SIZE, iter++) {
|
|
||||||
+ if (EVP_DigestSignInit(mdctx, NULL, EVP_sha256(), NULL, pkey) != 1) {
|
|
||||||
+ TRACE_ERROR("EVP_DigestSignInit failed\n");
|
|
||||||
+ rc = CKR_FUNCTION_FAILED;
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ be_iter[0] = (iter >> 8) & 0xff;
|
|
||||||
+ be_iter[1] = iter & 0xff;
|
|
||||||
+
|
|
||||||
+ if (EVP_DigestSignUpdate(mdctx, be_iter, sizeof(be_iter)) != 1) {
|
|
||||||
+ TRACE_ERROR("EVP_DigestSignUpdate failed\n");
|
|
||||||
+ rc = CKR_FUNCTION_FAILED;
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+ if (EVP_DigestSignUpdate(mdctx, (unsigned char *)label, labellen) != 1) {
|
|
||||||
+ TRACE_ERROR("EVP_DigestSignUpdate failed\n");
|
|
||||||
+ rc = CKR_FUNCTION_FAILED;
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+ if (EVP_DigestSignUpdate(mdctx, be_bitlen, sizeof(be_bitlen)) != 1) {
|
|
||||||
+ TRACE_ERROR("EVP_DigestSignUpdate failed\n");
|
|
||||||
+ rc = CKR_FUNCTION_FAILED;
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /*
|
|
||||||
+ * HMAC_Final requires the output buffer to fit the whole MAC
|
|
||||||
+ * value, so we need to use the intermediate buffer for the last
|
|
||||||
+ * unaligned block
|
|
||||||
+ */
|
|
||||||
+ md_len = SHA256_HASH_SIZE;
|
|
||||||
+ if (pos + SHA256_HASH_SIZE > outlen) {
|
|
||||||
+ md_len = sizeof(hmac_out);
|
|
||||||
+ if (EVP_DigestSignFinal(mdctx, hmac_out, &md_len) != 1) {
|
|
||||||
+ TRACE_ERROR("EVP_DigestSignFinal failed\n");
|
|
||||||
+ rc = CKR_FUNCTION_FAILED;
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+ memcpy(out + pos, hmac_out, outlen - pos);
|
|
||||||
+ } else {
|
|
||||||
+ md_len = outlen - pos;
|
|
||||||
+ if (EVP_DigestSignFinal(mdctx, out + pos, &md_len) != 1) {
|
|
||||||
+ TRACE_ERROR("EVP_DigestSignFinal failed\n");
|
|
||||||
+ rc = CKR_FUNCTION_FAILED;
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ rc = CKR_OK;
|
|
||||||
+
|
|
||||||
+out:
|
|
||||||
+ if (pkey != NULL)
|
|
||||||
+ EVP_PKEY_free(pkey);
|
|
||||||
+ if (mdctx != NULL)
|
|
||||||
+ EVP_MD_CTX_free(mdctx);
|
|
||||||
+
|
|
||||||
+ return rc;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
diff --git a/usr/lib/common/mech_rsa.c b/usr/lib/common/mech_rsa.c
|
|
||||||
index 7bab1a84..7dc9589a 100644
|
|
||||||
--- a/usr/lib/common/mech_rsa.c
|
|
||||||
+++ b/usr/lib/common/mech_rsa.c
|
|
||||||
@@ -289,21 +289,34 @@ static CK_RV rsa_parse_block_type_1(CK_BYTE *in_data,
|
|
||||||
return rc;
|
|
||||||
}
|
|
||||||
|
|
||||||
+#define MAX_LEN_GEN_TRIES 128
|
|
||||||
+
|
|
||||||
static CK_RV rsa_parse_block_type_2(CK_BYTE *in_data,
|
|
||||||
CK_ULONG in_data_len,
|
|
||||||
CK_BYTE *out_data,
|
|
||||||
- CK_ULONG *out_data_len)
|
|
||||||
+ CK_ULONG *out_data_len,
|
|
||||||
+ CK_BYTE *kdk, CK_ULONG kdklen)
|
|
||||||
{
|
|
||||||
- int i;
|
|
||||||
- unsigned char *em = NULL;
|
|
||||||
- unsigned int good, found_zero_byte, mask, equals0;
|
|
||||||
- int zero_index = 0, msg_index, mlen = -1;
|
|
||||||
- int out_len = *out_data_len;
|
|
||||||
- int rsa_size = in_data_len;
|
|
||||||
+ unsigned int good = 0, found_zero_byte, equals0;
|
|
||||||
+ size_t zero_index = 0, msg_index;
|
|
||||||
+ unsigned char *synthetic = NULL;
|
|
||||||
+ int synthetic_length;
|
|
||||||
+ uint16_t len_candidate;
|
|
||||||
+ unsigned char candidate_lengths[MAX_LEN_GEN_TRIES * sizeof(len_candidate)];
|
|
||||||
+ uint16_t len_mask;
|
|
||||||
+ uint16_t max_sep_offset;
|
|
||||||
+ int synth_msg_index = 0;
|
|
||||||
+ size_t i, j;
|
|
||||||
+ CK_RV rc;
|
|
||||||
+
|
|
||||||
+ if (kdk == NULL || kdklen == 0) {
|
|
||||||
+ TRACE_DEVEL("%s\n", ock_err(ERR_ARGUMENTS_BAD));
|
|
||||||
+ return CKR_ARGUMENTS_BAD;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
/*
|
|
||||||
* The implementation of this function is copied from OpenSSL's function
|
|
||||||
- * RSA_padding_check_PKCS1_type_2() in crypto/rsa/rsa_pk1.c
|
|
||||||
+ * ossl_rsa_padding_check_PKCS1_type_2() in crypto/rsa/rsa_pk1.c
|
|
||||||
* and is slightly modified to fit to the OpenCryptoki environment.
|
|
||||||
*
|
|
||||||
* The OpenSSL code is licensed under the Apache License 2.0.
|
|
||||||
@@ -328,27 +341,67 @@ static CK_RV rsa_parse_block_type_2(CK_BYTE *in_data,
|
|
||||||
* PKCS#1 v1.5 decryption. See "PKCS #1 v2.2: RSA Cryptography Standard",
|
|
||||||
* section 7.2.2.
|
|
||||||
*/
|
|
||||||
- if (rsa_size < RSA_PKCS1_PADDING_SIZE) {
|
|
||||||
+ if (in_data_len < RSA_PKCS1_PADDING_SIZE) {
|
|
||||||
TRACE_DEVEL("%s\n", ock_err(ERR_FUNCTION_FAILED));
|
|
||||||
return CKR_FUNCTION_FAILED;
|
|
||||||
}
|
|
||||||
|
|
||||||
- em = malloc(rsa_size);
|
|
||||||
- if (em == NULL) {
|
|
||||||
- TRACE_DEVEL("%s\n", ock_err(ERR_HOST_MEMORY));
|
|
||||||
+ /* Generate a random message to return in case the padding checks fail. */
|
|
||||||
+ synthetic = calloc(1, in_data_len);
|
|
||||||
+ if (synthetic == NULL) {
|
|
||||||
+ TRACE_ERROR("Failed to allocate synthetic buffer");
|
|
||||||
return CKR_HOST_MEMORY;
|
|
||||||
}
|
|
||||||
|
|
||||||
- /* in_data_len is always equal to rsa_size */
|
|
||||||
- memcpy(em, in_data, rsa_size);
|
|
||||||
+ rc = openssl_specific_rsa_prf(synthetic, in_data_len, "message", 7,
|
|
||||||
+ kdk, kdklen, in_data_len * 8);
|
|
||||||
+ if (rc != CKR_OK)
|
|
||||||
+ goto out;
|
|
||||||
+
|
|
||||||
+ /* decide how long the random message should be */
|
|
||||||
+ rc = openssl_specific_rsa_prf(candidate_lengths,
|
|
||||||
+ sizeof(candidate_lengths),
|
|
||||||
+ "length", 6, kdk, kdklen,
|
|
||||||
+ MAX_LEN_GEN_TRIES *
|
|
||||||
+ sizeof(len_candidate) * 8);
|
|
||||||
+ if (rc != CKR_OK)
|
|
||||||
+ goto out;
|
|
||||||
|
|
||||||
- good = constant_time_is_zero(em[0]);
|
|
||||||
- good &= constant_time_eq(em[1], 2);
|
|
||||||
+ /*
|
|
||||||
+ * max message size is the size of the modulus size minus 2 bytes for
|
|
||||||
+ * version and padding type and a minimum of 8 bytes padding
|
|
||||||
+ */
|
|
||||||
+ len_mask = max_sep_offset = in_data_len - 2 - 8;
|
|
||||||
+ /*
|
|
||||||
+ * we want a mask so let's propagate the high bit to all positions less
|
|
||||||
+ * significant than it
|
|
||||||
+ */
|
|
||||||
+ len_mask |= len_mask >> 1;
|
|
||||||
+ len_mask |= len_mask >> 2;
|
|
||||||
+ len_mask |= len_mask >> 4;
|
|
||||||
+ len_mask |= len_mask >> 8;
|
|
||||||
+
|
|
||||||
+ synthetic_length = 0;
|
|
||||||
+ for (i = 0; i < MAX_LEN_GEN_TRIES * (int)sizeof(len_candidate);
|
|
||||||
+ i += sizeof(len_candidate)) {
|
|
||||||
+ len_candidate = (candidate_lengths[i] << 8) |
|
|
||||||
+ candidate_lengths[i + 1];
|
|
||||||
+ len_candidate &= len_mask;
|
|
||||||
+
|
|
||||||
+ synthetic_length = constant_time_select_int(
|
|
||||||
+ constant_time_lt(len_candidate, max_sep_offset),
|
|
||||||
+ len_candidate, synthetic_length);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ synth_msg_index = in_data_len - synthetic_length;
|
|
||||||
+
|
|
||||||
+ good = constant_time_is_zero(in_data[0]);
|
|
||||||
+ good &= constant_time_eq(in_data[1], 2);
|
|
||||||
|
|
||||||
/* scan over padding data */
|
|
||||||
found_zero_byte = 0;
|
|
||||||
- for (i = 2; i < rsa_size; i++) {
|
|
||||||
- equals0 = constant_time_is_zero(em[i]);
|
|
||||||
+ for (i = 2; i < in_data_len; i++) {
|
|
||||||
+ equals0 = constant_time_is_zero(in_data[i]);
|
|
||||||
|
|
||||||
zero_index = constant_time_select_int(~found_zero_byte & equals0,
|
|
||||||
i, zero_index);
|
|
||||||
@@ -356,7 +409,7 @@ static CK_RV rsa_parse_block_type_2(CK_BYTE *in_data,
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
- * PS must be at least 8 bytes long, and it starts two bytes into |em|.
|
|
||||||
+ * PS must be at least 8 bytes long, and it starts two bytes into |in_data|.
|
|
||||||
* If we never found a 0-byte, then |zero_index| is 0 and the check
|
|
||||||
* also fails.
|
|
||||||
*/
|
|
||||||
@@ -367,53 +420,41 @@ static CK_RV rsa_parse_block_type_2(CK_BYTE *in_data,
|
|
||||||
* but in this case we also do not copy the message out.
|
|
||||||
*/
|
|
||||||
msg_index = zero_index + 1;
|
|
||||||
- mlen = rsa_size - msg_index;
|
|
||||||
|
|
||||||
/*
|
|
||||||
- * For good measure, do this check in constant time as well.
|
|
||||||
+ * old code returned an error in case the decrypted message wouldn't fit
|
|
||||||
+ * into the |out_data|, since that would leak information, return the
|
|
||||||
+ * synthetic message instead
|
|
||||||
*/
|
|
||||||
- good &= constant_time_ge(out_len, mlen);
|
|
||||||
+ good &= constant_time_ge(*out_data_len, in_data_len - msg_index);
|
|
||||||
+
|
|
||||||
+ msg_index = constant_time_select_int(good, msg_index, synth_msg_index);
|
|
||||||
|
|
||||||
/*
|
|
||||||
- * Move the result in-place by |rsa_size|-RSA_PKCS1_PADDING_SIZE-|mlen|
|
|
||||||
- * bytes to the left.
|
|
||||||
- * Then if |good| move |mlen| bytes from |em|+RSA_PKCS1_PADDING_SIZE to
|
|
||||||
- * |out_data|. Otherwise leave |out_data| unchanged.
|
|
||||||
- * Copy the memory back in a way that does not reveal the size of
|
|
||||||
- * the data being copied via a timing side channel. This requires copying
|
|
||||||
- * parts of the buffer multiple times based on the bits set in the real
|
|
||||||
- * length. Clear bits do a non-copy with identical access pattern.
|
|
||||||
- * The loop below has overall complexity of O(N*log(N)).
|
|
||||||
+ * since at this point the |msg_index| does not provide the signal
|
|
||||||
+ * indicating if the padding check failed or not, we don't have to worry
|
|
||||||
+ * about leaking the length of returned message, we still need to ensure
|
|
||||||
+ * that we read contents of both buffers so that cache accesses don't leak
|
|
||||||
+ * the value of |good|
|
|
||||||
*/
|
|
||||||
- out_len = constant_time_select_int(
|
|
||||||
- constant_time_lt(rsa_size - RSA_PKCS1_PADDING_SIZE, out_len),
|
|
||||||
- rsa_size - RSA_PKCS1_PADDING_SIZE,
|
|
||||||
- out_len);
|
|
||||||
- for (msg_index = 1; msg_index < rsa_size - RSA_PKCS1_PADDING_SIZE;
|
|
||||||
- msg_index <<= 1) {
|
|
||||||
- mask = ~constant_time_eq(
|
|
||||||
- msg_index & (rsa_size - RSA_PKCS1_PADDING_SIZE - mlen), 0);
|
|
||||||
- for (i = RSA_PKCS1_PADDING_SIZE; i < rsa_size - msg_index; i++)
|
|
||||||
- em[i] = constant_time_select_8(mask, em[i + msg_index], em[i]);
|
|
||||||
- }
|
|
||||||
- for (i = 0; i < out_len; i++) {
|
|
||||||
- mask = good & constant_time_lt(i, mlen);
|
|
||||||
- out_data[i] = constant_time_select_8(
|
|
||||||
- mask, em[i + RSA_PKCS1_PADDING_SIZE], out_data[i]);
|
|
||||||
- }
|
|
||||||
+ for (i = msg_index, j = 0; i < in_data_len && j < *out_data_len;
|
|
||||||
+ i++, j++)
|
|
||||||
+ out_data[j] = constant_time_select_8(good, in_data[i], synthetic[i]);
|
|
||||||
|
|
||||||
- OPENSSL_cleanse(em, rsa_size);
|
|
||||||
- free(em);
|
|
||||||
+ *out_data_len = j;
|
|
||||||
|
|
||||||
- *out_data_len = constant_time_select_int(good, mlen, 0);
|
|
||||||
+out:
|
|
||||||
+ if (synthetic != NULL)
|
|
||||||
+ free(synthetic);
|
|
||||||
|
|
||||||
- return constant_time_select_int(good, CKR_OK, CKR_ENCRYPTED_DATA_INVALID);
|
|
||||||
+ return rc;
|
|
||||||
}
|
|
||||||
|
|
||||||
CK_RV rsa_parse_block(CK_BYTE *in_data,
|
|
||||||
CK_ULONG in_data_len,
|
|
||||||
CK_BYTE *out_data,
|
|
||||||
- CK_ULONG *out_data_len, CK_ULONG type)
|
|
||||||
+ CK_ULONG *out_data_len, CK_ULONG type,
|
|
||||||
+ CK_BYTE *kdk, CK_ULONG kdklen)
|
|
||||||
{
|
|
||||||
switch (type) {
|
|
||||||
case PKCS_BT_1:
|
|
||||||
@@ -421,7 +462,7 @@ CK_RV rsa_parse_block(CK_BYTE *in_data,
|
|
||||||
out_data, out_data_len);
|
|
||||||
case PKCS_BT_2:
|
|
||||||
return rsa_parse_block_type_2(in_data, in_data_len,
|
|
||||||
- out_data, out_data_len);
|
|
||||||
+ out_data, out_data_len, kdk, kdklen);
|
|
||||||
}
|
|
||||||
|
|
||||||
return CKR_ARGUMENTS_BAD;
|
|
@ -1,387 +0,0 @@
|
|||||||
commit e2b496f58a84c2f537667655fe08a0d4923f0c70
|
|
||||||
Author: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
||||||
Date: Fri Jan 12 09:36:27 2024 +0100
|
|
||||||
|
|
||||||
Constant time fixes for C_Decrypt return code handling
|
|
||||||
|
|
||||||
Return code handling of C_Decrypt, C_DecryptUpdate, and C_DecryptFinal must
|
|
||||||
be performed in a constant time manner for RSA mechanisms. Otherwise it
|
|
||||||
may cause a timing side channel that may be used to perform a Bleichenbacher
|
|
||||||
style attack.
|
|
||||||
|
|
||||||
Handling of error situations with CKR_BUFFER_TOO_SMALL or size-query calls,
|
|
||||||
where the output buffer is NULL and the required size of the output buffer
|
|
||||||
is to be returned, do not need to be performed in constant time, since
|
|
||||||
these cases are shortcut anyway, and the result is only dependent on the
|
|
||||||
modulus size of the RSA key (which is public information anyway).
|
|
||||||
|
|
||||||
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
||||||
|
|
||||||
diff --git a/usr/lib/common/new_host.c b/usr/lib/common/new_host.c
|
|
||||||
index 8a1e8723..bbb0f601 100644
|
|
||||||
--- a/usr/lib/common/new_host.c
|
|
||||||
+++ b/usr/lib/common/new_host.c
|
|
||||||
@@ -47,6 +47,7 @@
|
|
||||||
#include "trace.h"
|
|
||||||
#include "slotmgr.h"
|
|
||||||
#include "attributes.h"
|
|
||||||
+#include "constant_time.h"
|
|
||||||
|
|
||||||
#include "../api/apiproto.h"
|
|
||||||
#include "../api/policy.h"
|
|
||||||
@@ -2345,6 +2346,7 @@ CK_RV SC_Decrypt(STDLL_TokData_t *tokdata, ST_SESSION_HANDLE *sSession,
|
|
||||||
SESSION *sess = NULL;
|
|
||||||
CK_BBOOL length_only = FALSE;
|
|
||||||
CK_RV rc = CKR_OK;
|
|
||||||
+ unsigned int mask;
|
|
||||||
|
|
||||||
if (tokdata->initialized == FALSE) {
|
|
||||||
TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
|
|
||||||
@@ -2377,11 +2379,19 @@ CK_RV SC_Decrypt(STDLL_TokData_t *tokdata, ST_SESSION_HANDLE *sSession,
|
|
||||||
rc = decr_mgr_decrypt(tokdata, sess, length_only, &sess->decr_ctx,
|
|
||||||
pEncryptedData, ulEncryptedDataLen, pData,
|
|
||||||
pulDataLen);
|
|
||||||
- if (!is_rsa_mechanism(sess->decr_ctx.mech.mechanism) && rc != CKR_OK)
|
|
||||||
+ /* (!is_rsa_mechanism(sess->decr_ctx.mech.mechanism) && rc != CKR_OK) */
|
|
||||||
+ mask = ~constant_time_is_zero(
|
|
||||||
+ is_rsa_mechanism(sess->decr_ctx.mech.mechanism));
|
|
||||||
+ mask &= ~constant_time_eq(rc, CKR_OK);
|
|
||||||
+ if (mask)
|
|
||||||
TRACE_DEVEL("decr_mgr_decrypt() failed.\n");
|
|
||||||
|
|
||||||
done:
|
|
||||||
- if (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE)) {
|
|
||||||
+ /* (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE)) */
|
|
||||||
+ mask = ~constant_time_eq(rc, CKR_OK);
|
|
||||||
+ mask |= constant_time_is_zero(length_only);
|
|
||||||
+ mask &= ~constant_time_eq(rc, CKR_BUFFER_TOO_SMALL);
|
|
||||||
+ if (mask) {
|
|
||||||
if (sess)
|
|
||||||
decr_mgr_cleanup(tokdata, sess, &sess->decr_ctx);
|
|
||||||
}
|
|
||||||
@@ -2404,6 +2414,7 @@ CK_RV SC_DecryptUpdate(STDLL_TokData_t *tokdata, ST_SESSION_HANDLE *sSession,
|
|
||||||
SESSION *sess = NULL;
|
|
||||||
CK_BBOOL length_only = FALSE;
|
|
||||||
CK_RV rc = CKR_OK;
|
|
||||||
+ unsigned int mask;
|
|
||||||
|
|
||||||
if (tokdata->initialized == FALSE) {
|
|
||||||
TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
|
|
||||||
@@ -2436,11 +2447,18 @@ CK_RV SC_DecryptUpdate(STDLL_TokData_t *tokdata, ST_SESSION_HANDLE *sSession,
|
|
||||||
rc = decr_mgr_decrypt_update(tokdata, sess, length_only,
|
|
||||||
&sess->decr_ctx, pEncryptedPart,
|
|
||||||
ulEncryptedPartLen, pPart, pulPartLen);
|
|
||||||
- if (!is_rsa_mechanism(sess->decr_ctx.mech.mechanism) && rc != CKR_OK)
|
|
||||||
+ /* (!is_rsa_mechanism(sess->decr_ctx.mech.mechanism) && rc != CKR_OK) */
|
|
||||||
+ mask = ~constant_time_is_zero(
|
|
||||||
+ is_rsa_mechanism(sess->decr_ctx.mech.mechanism));
|
|
||||||
+ mask &= ~constant_time_eq(rc, CKR_OK);
|
|
||||||
+ if (mask)
|
|
||||||
TRACE_DEVEL("decr_mgr_decrypt_update() failed.\n");
|
|
||||||
|
|
||||||
done:
|
|
||||||
- if (rc != CKR_OK && rc != CKR_BUFFER_TOO_SMALL && sess != NULL) {
|
|
||||||
+ /* (rc != CKR_OK && rc != CKR_BUFFER_TOO_SMALL */
|
|
||||||
+ mask = ~constant_time_eq(rc, CKR_OK);
|
|
||||||
+ mask &= ~constant_time_eq(rc, CKR_BUFFER_TOO_SMALL);
|
|
||||||
+ if (mask) {
|
|
||||||
if (sess)
|
|
||||||
decr_mgr_cleanup(tokdata, sess, &sess->decr_ctx);
|
|
||||||
}
|
|
||||||
@@ -2462,6 +2480,7 @@ CK_RV SC_DecryptFinal(STDLL_TokData_t *tokdata, ST_SESSION_HANDLE *sSession,
|
|
||||||
SESSION *sess = NULL;
|
|
||||||
CK_BBOOL length_only = FALSE;
|
|
||||||
CK_RV rc = CKR_OK;
|
|
||||||
+ unsigned int mask;
|
|
||||||
|
|
||||||
if (tokdata->initialized == FALSE) {
|
|
||||||
TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
|
|
||||||
@@ -2493,11 +2512,19 @@ CK_RV SC_DecryptFinal(STDLL_TokData_t *tokdata, ST_SESSION_HANDLE *sSession,
|
|
||||||
|
|
||||||
rc = decr_mgr_decrypt_final(tokdata, sess, length_only, &sess->decr_ctx,
|
|
||||||
pLastPart, pulLastPartLen);
|
|
||||||
- if (!is_rsa_mechanism(sess->decr_ctx.mech.mechanism) && rc != CKR_OK)
|
|
||||||
+ /* (!is_rsa_mechanism(sess->decr_ctx.mech.mechanism) && rc != CKR_OK) */
|
|
||||||
+ mask = ~constant_time_is_zero(
|
|
||||||
+ is_rsa_mechanism(sess->decr_ctx.mech.mechanism));
|
|
||||||
+ mask &= ~constant_time_eq(rc, CKR_OK);
|
|
||||||
+ if (mask)
|
|
||||||
TRACE_DEVEL("decr_mgr_decrypt_final() failed.\n");
|
|
||||||
|
|
||||||
done:
|
|
||||||
- if (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE)) {
|
|
||||||
+ /* (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE)) */
|
|
||||||
+ mask = ~constant_time_eq(rc, CKR_OK);
|
|
||||||
+ mask |= constant_time_is_zero(length_only);
|
|
||||||
+ mask &= ~constant_time_eq(rc, CKR_BUFFER_TOO_SMALL);
|
|
||||||
+ if (mask) {
|
|
||||||
if (sess)
|
|
||||||
decr_mgr_cleanup(tokdata, sess, &sess->decr_ctx);
|
|
||||||
}
|
|
||||||
diff --git a/usr/lib/ep11_stdll/ep11_specific.c b/usr/lib/ep11_stdll/ep11_specific.c
|
|
||||||
index 073b349f..6d08b95e 100644
|
|
||||||
--- a/usr/lib/ep11_stdll/ep11_specific.c
|
|
||||||
+++ b/usr/lib/ep11_stdll/ep11_specific.c
|
|
||||||
@@ -9552,10 +9552,12 @@ CK_RV ep11tok_decrypt_final(STDLL_TokData_t * tokdata, SESSION * session,
|
|
||||||
rc = constant_time_select(constant_time_eq(rc, CKR_OK),
|
|
||||||
ep11_error_to_pkcs11_error(rc, session),
|
|
||||||
rc);
|
|
||||||
- if (rc != CKR_OK) {
|
|
||||||
- TRACE_ERROR("%s rc=0x%lx\n", __func__, rc);
|
|
||||||
- } else {
|
|
||||||
- TRACE_INFO("%s rc=0x%lx\n", __func__, rc);
|
|
||||||
+ if (!is_rsa_mechanism(ctx->mech.mechanism)) {
|
|
||||||
+ if (rc != CKR_OK) {
|
|
||||||
+ TRACE_ERROR("%s rc=0x%lx\n", __func__, rc);
|
|
||||||
+ } else {
|
|
||||||
+ TRACE_INFO("%s rc=0x%lx\n", __func__, rc);
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
|
|
||||||
done:
|
|
||||||
@@ -9611,10 +9613,12 @@ CK_RV ep11tok_decrypt(STDLL_TokData_t * tokdata, SESSION * session,
|
|
||||||
rc = constant_time_select(constant_time_eq(rc, CKR_OK),
|
|
||||||
ep11_error_to_pkcs11_error(rc, session),
|
|
||||||
rc);
|
|
||||||
- if (rc != CKR_OK) {
|
|
||||||
- TRACE_ERROR("%s rc=0x%lx\n", __func__, rc);
|
|
||||||
- } else {
|
|
||||||
- TRACE_INFO("%s rc=0x%lx\n", __func__, rc);
|
|
||||||
+ if (!is_rsa_mechanism(ctx->mech.mechanism)) {
|
|
||||||
+ if (rc != CKR_OK) {
|
|
||||||
+ TRACE_ERROR("%s rc=0x%lx\n", __func__, rc);
|
|
||||||
+ } else {
|
|
||||||
+ TRACE_INFO("%s rc=0x%lx\n", __func__, rc);
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
|
|
||||||
done:
|
|
||||||
@@ -9676,10 +9680,12 @@ CK_RV ep11tok_decrypt_update(STDLL_TokData_t * tokdata, SESSION * session,
|
|
||||||
rc = constant_time_select(constant_time_eq(rc, CKR_OK),
|
|
||||||
ep11_error_to_pkcs11_error(rc, session),
|
|
||||||
rc);
|
|
||||||
- if (rc != CKR_OK) {
|
|
||||||
- TRACE_ERROR("%s rc=0x%lx\n", __func__, rc);
|
|
||||||
- } else {
|
|
||||||
- TRACE_INFO("%s rc=0x%lx\n", __func__, rc);
|
|
||||||
+ if (!is_rsa_mechanism(ctx->mech.mechanism)) {
|
|
||||||
+ if (rc != CKR_OK) {
|
|
||||||
+ TRACE_ERROR("%s rc=0x%lx\n", __func__, rc);
|
|
||||||
+ } else {
|
|
||||||
+ TRACE_INFO("%s rc=0x%lx\n", __func__, rc);
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
|
|
||||||
done:
|
|
||||||
diff --git a/usr/lib/ep11_stdll/new_host.c b/usr/lib/ep11_stdll/new_host.c
|
|
||||||
index 55e34c18..299a1d3c 100644
|
|
||||||
--- a/usr/lib/ep11_stdll/new_host.c
|
|
||||||
+++ b/usr/lib/ep11_stdll/new_host.c
|
|
||||||
@@ -38,6 +38,7 @@
|
|
||||||
#include "slotmgr.h"
|
|
||||||
#include "attributes.h"
|
|
||||||
#include "ep11_specific.h"
|
|
||||||
+#include "constant_time.h"
|
|
||||||
|
|
||||||
#include "../api/apiproto.h"
|
|
||||||
#include "../api/policy.h"
|
|
||||||
@@ -2466,6 +2467,7 @@ CK_RV SC_Decrypt(STDLL_TokData_t *tokdata, ST_SESSION_HANDLE *sSession,
|
|
||||||
SESSION *sess = NULL;
|
|
||||||
CK_BBOOL length_only = FALSE;
|
|
||||||
CK_RV rc = CKR_OK;
|
|
||||||
+ unsigned int mask;
|
|
||||||
|
|
||||||
if (tokdata->initialized == FALSE) {
|
|
||||||
TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
|
|
||||||
@@ -2513,17 +2515,29 @@ CK_RV SC_Decrypt(STDLL_TokData_t *tokdata, ST_SESSION_HANDLE *sSession,
|
|
||||||
length_only, sess->decr_ctx.key,
|
|
||||||
pEncryptedData, ulEncryptedDataLen,
|
|
||||||
pData, pulDataLen);
|
|
||||||
- if (!is_rsa_mechanism(sess->decr_ctx.mech.mechanism) && rc != CKR_OK)
|
|
||||||
+ /* (!is_rsa_mechanism(sess->decr_ctx.mech.mechanism) && rc != CKR_OK) */
|
|
||||||
+ mask = ~constant_time_is_zero(
|
|
||||||
+ is_rsa_mechanism(sess->decr_ctx.mech.mechanism));
|
|
||||||
+ mask &= ~constant_time_eq(rc, CKR_OK);
|
|
||||||
+ if (mask)
|
|
||||||
TRACE_DEVEL("ep11tok_decrypt_single() failed.\n");
|
|
||||||
} else {
|
|
||||||
rc = ep11tok_decrypt(tokdata, sess, pEncryptedData, ulEncryptedDataLen,
|
|
||||||
pData, pulDataLen);
|
|
||||||
- if (!is_rsa_mechanism(sess->decr_ctx.mech.mechanism) && rc != CKR_OK)
|
|
||||||
+ /* (!is_rsa_mechanism(sess->decr_ctx.mech.mechanism) && rc != CKR_OK) */
|
|
||||||
+ mask = ~constant_time_is_zero(
|
|
||||||
+ is_rsa_mechanism(sess->decr_ctx.mech.mechanism));
|
|
||||||
+ mask &= ~constant_time_eq(rc, CKR_OK);
|
|
||||||
+ if (mask)
|
|
||||||
TRACE_DEVEL("ep11tok_decrypt() failed.\n");
|
|
||||||
}
|
|
||||||
|
|
||||||
done:
|
|
||||||
- if (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE)) {
|
|
||||||
+ /* (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE)) */
|
|
||||||
+ mask = ~constant_time_eq(rc, CKR_OK);
|
|
||||||
+ mask |= constant_time_is_zero(length_only);
|
|
||||||
+ mask &= ~constant_time_eq(rc, CKR_BUFFER_TOO_SMALL);
|
|
||||||
+ if (mask) {
|
|
||||||
if (sess)
|
|
||||||
decr_mgr_cleanup(tokdata, sess, &sess->decr_ctx);
|
|
||||||
}
|
|
||||||
@@ -2545,6 +2559,7 @@ CK_RV SC_DecryptUpdate(STDLL_TokData_t *tokdata, ST_SESSION_HANDLE *sSession,
|
|
||||||
{
|
|
||||||
SESSION *sess = NULL;
|
|
||||||
CK_RV rc = CKR_OK;
|
|
||||||
+ unsigned int mask;
|
|
||||||
|
|
||||||
if (tokdata->initialized == FALSE) {
|
|
||||||
TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
|
|
||||||
@@ -2596,11 +2611,18 @@ CK_RV SC_DecryptUpdate(STDLL_TokData_t *tokdata, ST_SESSION_HANDLE *sSession,
|
|
||||||
|
|
||||||
rc = ep11tok_decrypt_update(tokdata, sess, pEncryptedPart,
|
|
||||||
ulEncryptedPartLen, pPart, pulPartLen);
|
|
||||||
- if (!is_rsa_mechanism(sess->decr_ctx.mech.mechanism) && rc != CKR_OK)
|
|
||||||
+ /* (!is_rsa_mechanism(sess->decr_ctx.mech.mechanism) && rc != CKR_OK) */
|
|
||||||
+ mask = ~constant_time_is_zero(
|
|
||||||
+ is_rsa_mechanism(sess->decr_ctx.mech.mechanism));
|
|
||||||
+ mask &= ~constant_time_eq(rc, CKR_OK);
|
|
||||||
+ if (mask)
|
|
||||||
TRACE_DEVEL("ep11tok_decrypt_update() failed.\n");
|
|
||||||
|
|
||||||
done:
|
|
||||||
- if (rc != CKR_OK && rc != CKR_BUFFER_TOO_SMALL && sess != NULL) {
|
|
||||||
+ /* (rc != CKR_OK && rc != CKR_BUFFER_TOO_SMALL */
|
|
||||||
+ mask = ~constant_time_eq(rc, CKR_OK);
|
|
||||||
+ mask &= ~constant_time_eq(rc, CKR_BUFFER_TOO_SMALL);
|
|
||||||
+ if (mask) {
|
|
||||||
if (sess)
|
|
||||||
decr_mgr_cleanup(tokdata, sess, &sess->decr_ctx);
|
|
||||||
}
|
|
||||||
@@ -2622,6 +2644,7 @@ CK_RV SC_DecryptFinal(STDLL_TokData_t *tokdata, ST_SESSION_HANDLE *sSession,
|
|
||||||
SESSION *sess = NULL;
|
|
||||||
CK_BBOOL length_only = FALSE;
|
|
||||||
CK_RV rc = CKR_OK;
|
|
||||||
+ unsigned int mask;
|
|
||||||
|
|
||||||
if (tokdata->initialized == FALSE) {
|
|
||||||
TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
|
|
||||||
@@ -2670,10 +2693,18 @@ CK_RV SC_DecryptFinal(STDLL_TokData_t *tokdata, ST_SESSION_HANDLE *sSession,
|
|
||||||
}
|
|
||||||
|
|
||||||
rc = ep11tok_decrypt_final(tokdata, sess, pLastPart, pulLastPartLen);
|
|
||||||
- if (!is_rsa_mechanism(sess->decr_ctx.mech.mechanism) && rc != CKR_OK)
|
|
||||||
+ /* (!is_rsa_mechanism(sess->decr_ctx.mech.mechanism) && rc != CKR_OK) */
|
|
||||||
+ mask = ~constant_time_is_zero(
|
|
||||||
+ is_rsa_mechanism(sess->decr_ctx.mech.mechanism));
|
|
||||||
+ mask &= ~constant_time_eq(rc, CKR_OK);
|
|
||||||
+ if (mask)
|
|
||||||
TRACE_DEVEL("ep11tok_decrypt_final() failed.\n");
|
|
||||||
done:
|
|
||||||
- if (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE)) {
|
|
||||||
+ /* (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE)) */
|
|
||||||
+ mask = ~constant_time_eq(rc, CKR_OK);
|
|
||||||
+ mask |= constant_time_is_zero(length_only);
|
|
||||||
+ mask &= ~constant_time_eq(rc, CKR_BUFFER_TOO_SMALL);
|
|
||||||
+ if (mask) {
|
|
||||||
if (sess)
|
|
||||||
decr_mgr_cleanup(tokdata, sess, &sess->decr_ctx);
|
|
||||||
}
|
|
||||||
diff --git a/usr/lib/icsf_stdll/new_host.c b/usr/lib/icsf_stdll/new_host.c
|
|
||||||
index 6c419750..d8064559 100644
|
|
||||||
--- a/usr/lib/icsf_stdll/new_host.c
|
|
||||||
+++ b/usr/lib/icsf_stdll/new_host.c
|
|
||||||
@@ -35,6 +35,8 @@
|
|
||||||
#include "slotmgr.h"
|
|
||||||
#include "attributes.h"
|
|
||||||
#include "icsf_specific.h"
|
|
||||||
+#include "constant_time.h"
|
|
||||||
+
|
|
||||||
#include "../api/apiproto.h"
|
|
||||||
#include "../api/policy.h"
|
|
||||||
|
|
||||||
@@ -1768,6 +1770,7 @@ CK_RV SC_Decrypt(STDLL_TokData_t *tokdata, ST_SESSION_HANDLE *sSession,
|
|
||||||
SESSION *sess = NULL;
|
|
||||||
CK_BBOOL length_only = FALSE;
|
|
||||||
CK_RV rc = CKR_OK;
|
|
||||||
+ unsigned int mask;
|
|
||||||
|
|
||||||
if (tokdata->initialized == FALSE) {
|
|
||||||
TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
|
|
||||||
@@ -1801,11 +1804,19 @@ CK_RV SC_Decrypt(STDLL_TokData_t *tokdata, ST_SESSION_HANDLE *sSession,
|
|
||||||
|
|
||||||
rc = icsftok_decrypt(tokdata, sess, pEncryptedData, ulEncryptedDataLen,
|
|
||||||
pData, pulDataLen);
|
|
||||||
- if (!is_rsa_mechanism(sess->decr_ctx.mech.mechanism) && rc != CKR_OK)
|
|
||||||
+ /* (!is_rsa_mechanism(sess->decr_ctx.mech.mechanism) && rc != CKR_OK) */
|
|
||||||
+ mask = ~constant_time_is_zero(
|
|
||||||
+ is_rsa_mechanism(sess->decr_ctx.mech.mechanism));
|
|
||||||
+ mask &= ~constant_time_eq(rc, CKR_OK);
|
|
||||||
+ if (mask)
|
|
||||||
TRACE_DEVEL("icsftok_decrypt() failed.\n");
|
|
||||||
|
|
||||||
done:
|
|
||||||
- if (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE)) {
|
|
||||||
+ /* (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE)) */
|
|
||||||
+ mask = ~constant_time_eq(rc, CKR_OK);
|
|
||||||
+ mask |= constant_time_is_zero(length_only);
|
|
||||||
+ mask &= ~constant_time_eq(rc, CKR_BUFFER_TOO_SMALL);
|
|
||||||
+ if (mask) {
|
|
||||||
if (sess)
|
|
||||||
decr_mgr_cleanup(tokdata, sess, &sess->decr_ctx);
|
|
||||||
}
|
|
||||||
@@ -1827,6 +1838,7 @@ CK_RV SC_DecryptUpdate(STDLL_TokData_t *tokdata, ST_SESSION_HANDLE *sSession,
|
|
||||||
{
|
|
||||||
SESSION *sess = NULL;
|
|
||||||
CK_RV rc = CKR_OK;
|
|
||||||
+ unsigned int mask;
|
|
||||||
|
|
||||||
if (tokdata->initialized == FALSE) {
|
|
||||||
TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
|
|
||||||
@@ -1857,11 +1869,18 @@ CK_RV SC_DecryptUpdate(STDLL_TokData_t *tokdata, ST_SESSION_HANDLE *sSession,
|
|
||||||
|
|
||||||
rc = icsftok_decrypt_update(tokdata, sess, pEncryptedPart,
|
|
||||||
ulEncryptedPartLen, pPart, pulPartLen);
|
|
||||||
- if (!is_rsa_mechanism(sess->decr_ctx.mech.mechanism) && rc != CKR_OK)
|
|
||||||
+ /* (!is_rsa_mechanism(sess->decr_ctx.mech.mechanism) && rc != CKR_OK) */
|
|
||||||
+ mask = ~constant_time_is_zero(
|
|
||||||
+ is_rsa_mechanism(sess->decr_ctx.mech.mechanism));
|
|
||||||
+ mask &= ~constant_time_eq(rc, CKR_OK);
|
|
||||||
+ if (mask)
|
|
||||||
TRACE_DEVEL("icsftok_decrypt_update() failed.\n");
|
|
||||||
|
|
||||||
done:
|
|
||||||
- if (rc != CKR_OK && rc != CKR_BUFFER_TOO_SMALL && sess != NULL) {
|
|
||||||
+ /* (rc != CKR_OK && rc != CKR_BUFFER_TOO_SMALL */
|
|
||||||
+ mask = ~constant_time_eq(rc, CKR_OK);
|
|
||||||
+ mask &= ~constant_time_eq(rc, CKR_BUFFER_TOO_SMALL);
|
|
||||||
+ if (mask) {
|
|
||||||
if (sess)
|
|
||||||
decr_mgr_cleanup(tokdata, sess, &sess->decr_ctx);
|
|
||||||
}
|
|
||||||
@@ -1883,6 +1902,7 @@ CK_RV SC_DecryptFinal(STDLL_TokData_t *tokdata, ST_SESSION_HANDLE *sSession,
|
|
||||||
SESSION *sess = NULL;
|
|
||||||
CK_BBOOL length_only = FALSE;
|
|
||||||
CK_RV rc = CKR_OK;
|
|
||||||
+ unsigned int mask;
|
|
||||||
|
|
||||||
if (tokdata->initialized == FALSE) {
|
|
||||||
TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
|
|
||||||
@@ -1915,10 +1935,18 @@ CK_RV SC_DecryptFinal(STDLL_TokData_t *tokdata, ST_SESSION_HANDLE *sSession,
|
|
||||||
length_only = TRUE;
|
|
||||||
|
|
||||||
rc = icsftok_decrypt_final(tokdata, sess, pLastPart, pulLastPartLen);
|
|
||||||
- if (!is_rsa_mechanism(sess->decr_ctx.mech.mechanism) && rc != CKR_OK)
|
|
||||||
+ /* (!is_rsa_mechanism(sess->decr_ctx.mech.mechanism) && rc != CKR_OK) */
|
|
||||||
+ mask = ~constant_time_is_zero(
|
|
||||||
+ is_rsa_mechanism(sess->decr_ctx.mech.mechanism));
|
|
||||||
+ mask &= ~constant_time_eq(rc, CKR_OK);
|
|
||||||
+ if (mask)
|
|
||||||
TRACE_DEVEL("icsftok_decrypt_final() failed.\n");
|
|
||||||
done:
|
|
||||||
- if (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE)) {
|
|
||||||
+ /* (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE)) */
|
|
||||||
+ mask = ~constant_time_eq(rc, CKR_OK);
|
|
||||||
+ mask |= constant_time_is_zero(length_only);
|
|
||||||
+ mask &= ~constant_time_eq(rc, CKR_BUFFER_TOO_SMALL);
|
|
||||||
+ if (mask) {
|
|
||||||
if (sess)
|
|
||||||
decr_mgr_cleanup(tokdata, sess, &sess->decr_ctx);
|
|
||||||
}
|
|
File diff suppressed because it is too large
Load Diff
@ -1,31 +0,0 @@
|
|||||||
commit d756ba1ec270a289950e66398c7e8be59c4a594d
|
|
||||||
Author: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
||||||
Date: Fri Feb 9 14:07:34 2024 +0100
|
|
||||||
|
|
||||||
COMMON: Fix implicit rejection with RSA keys with empty CKA_PRIVATE_EXPONENT
|
|
||||||
|
|
||||||
An RSA key object that has no CKA_PRIVATE_EXPONENT may either don't have that
|
|
||||||
attribute at all, or may have an empty CKA_PRIVATE_EXPONENT attribute.
|
|
||||||
Both situations should be handed the same, and the private exponent of the
|
|
||||||
key needs to be calculated from the other key components.
|
|
||||||
|
|
||||||
Note that RSA key objects generated with a current soft or ICA token will
|
|
||||||
always have a valid CKA_PRIVATE_EXPONENT attribute, since this is provided
|
|
||||||
during key generation.
|
|
||||||
|
|
||||||
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
||||||
|
|
||||||
diff --git a/usr/lib/common/mech_openssl.c b/usr/lib/common/mech_openssl.c
|
|
||||||
index da515289..14c82e2d 100644
|
|
||||||
--- a/usr/lib/common/mech_openssl.c
|
|
||||||
+++ b/usr/lib/common/mech_openssl.c
|
|
||||||
@@ -5160,7 +5160,8 @@ CK_RV openssl_specific_rsa_derive_kdk(STDLL_TokData_t *tokdata, OBJECT *key_obj,
|
|
||||||
|
|
||||||
rc = template_attribute_get_non_empty(key_obj->template,
|
|
||||||
CKA_PRIVATE_EXPONENT, &priv_exp_attr);
|
|
||||||
- if (rc != CKR_OK && rc != CKR_TEMPLATE_INCOMPLETE) {
|
|
||||||
+ if (rc != CKR_OK && rc != CKR_TEMPLATE_INCOMPLETE &&
|
|
||||||
+ rc != CKR_ATTRIBUTE_VALUE_INVALID) {
|
|
||||||
TRACE_ERROR("Failed to get CKA_PRIVATE_EXPONENT\n");
|
|
||||||
goto out;
|
|
||||||
}
|
|
7
gating.yaml
Normal file
7
gating.yaml
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
--- !Policy
|
||||||
|
product_versions:
|
||||||
|
- rhel-*
|
||||||
|
decision_context: osci_compose_gate
|
||||||
|
rules:
|
||||||
|
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
|
||||||
|
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.beaker-tier1.functional}
|
@ -0,0 +1,66 @@
|
|||||||
|
commit e58d2086cf9268a1dd2431c64c6bcdd74c2c3233
|
||||||
|
Author: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||||
|
Date: Mon Sep 16 09:16:03 2024 +0200
|
||||||
|
|
||||||
|
COMMON: Fix compile error due to incompatible pointer types
|
||||||
|
|
||||||
|
usr/lib/common/mech_openssl.c:4751:36: error: passing argument 2 of
|
||||||
|
'get_sha_size' from incompatible pointer type [-Wincompatible-pointer-types]
|
||||||
|
4751 | rc = get_sha_size(digest_mech, &mac_len);
|
||||||
|
|
||||||
|
usr/lib/common/mech_openssl.c:4851:36: error: passing argument 2 of
|
||||||
|
'get_sha_size' from incompatible pointer type [-Wincompatible-pointer-types]
|
||||||
|
4851 | rc = get_sha_size(digest_mech, &mac_len);
|
||||||
|
|
||||||
|
Closes: https://github.com/opencryptoki/opencryptoki/issues/809
|
||||||
|
|
||||||
|
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||||
|
|
||||||
|
diff --git a/usr/lib/common/mech_openssl.c b/usr/lib/common/mech_openssl.c
|
||||||
|
index 296b5e0a..500b6f91 100644
|
||||||
|
--- a/usr/lib/common/mech_openssl.c
|
||||||
|
+++ b/usr/lib/common/mech_openssl.c
|
||||||
|
@@ -4731,6 +4731,7 @@ CK_RV openssl_specific_hmac(SIGN_VERIFY_CONTEXT *ctx, CK_BYTE *in_data,
|
||||||
|
CK_RV rv = CKR_OK;
|
||||||
|
CK_BBOOL general = FALSE;
|
||||||
|
CK_MECHANISM_TYPE digest_mech;
|
||||||
|
+ CK_ULONG mac_len2;
|
||||||
|
|
||||||
|
if (!ctx || !ctx->context) {
|
||||||
|
TRACE_ERROR("%s received bad argument(s)\n", __func__);
|
||||||
|
@@ -4748,11 +4749,12 @@ CK_RV openssl_specific_hmac(SIGN_VERIFY_CONTEXT *ctx, CK_BYTE *in_data,
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
|
||||||
|
- rc = get_sha_size(digest_mech, &mac_len);
|
||||||
|
+ rc = get_sha_size(digest_mech, &mac_len2);
|
||||||
|
if (rc != CKR_OK) {
|
||||||
|
TRACE_ERROR("%s get_sha_size failed\n", __func__);
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
+ mac_len = mac_len2;
|
||||||
|
|
||||||
|
mdctx = (EVP_MD_CTX *) ctx->context;
|
||||||
|
|
||||||
|
@@ -4833,6 +4835,7 @@ CK_RV openssl_specific_hmac_final(SIGN_VERIFY_CONTEXT *ctx, CK_BYTE *signature,
|
||||||
|
CK_RV rv = CKR_OK;
|
||||||
|
CK_BBOOL general = FALSE;
|
||||||
|
CK_MECHANISM_TYPE digest_mech;
|
||||||
|
+ CK_ULONG mac_len2;
|
||||||
|
|
||||||
|
if (!ctx || !ctx->context)
|
||||||
|
return CKR_OPERATION_NOT_INITIALIZED;
|
||||||
|
@@ -4848,11 +4851,12 @@ CK_RV openssl_specific_hmac_final(SIGN_VERIFY_CONTEXT *ctx, CK_BYTE *signature,
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
|
||||||
|
- rc = get_sha_size(digest_mech, &mac_len);
|
||||||
|
+ rc = get_sha_size(digest_mech, &mac_len2);
|
||||||
|
if (rc != CKR_OK) {
|
||||||
|
TRACE_ERROR("%s get_sha_size failed\n", __func__);
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
+ mac_len = mac_len2;
|
||||||
|
|
||||||
|
if (signature == NULL) {
|
||||||
|
if (sign) {
|
@ -1,23 +1,28 @@
|
|||||||
diff -up opencryptoki-3.21.0/Makefile.am.me opencryptoki-3.21.0/Makefile.am
|
diff -up opencryptoki-3.24.0/Makefile.am.me opencryptoki-3.24.0/Makefile.am
|
||||||
--- opencryptoki-3.21.0/Makefile.am.me 2023-05-15 17:01:04.932616030 +0200
|
--- opencryptoki-3.24.0/Makefile.am.me 2024-09-12 12:53:05.023882913 +0200
|
||||||
+++ opencryptoki-3.21.0/Makefile.am 2023-05-15 17:00:45.732131601 +0200
|
+++ opencryptoki-3.24.0/Makefile.am 2024-09-12 12:55:34.366644836 +0200
|
||||||
@@ -39,15 +39,8 @@ include tools/tools.mk
|
@@ -51,20 +51,8 @@ include tools/tools.mk
|
||||||
include doc/doc.mk
|
include doc/doc.mk
|
||||||
|
|
||||||
install-data-hook:
|
install-data-hook:
|
||||||
|
-if AIX
|
||||||
|
- lsgroup $(pkcs_group) > /dev/null || $(GROUPADD) -a pkcs11
|
||||||
|
- lsuser $(pkcsslotd_user) > /dev/null || $(USERADD) -g $(pkcs_group) -d $(DESTDIR)$(RUN_PATH)/opencryptoki -c "Opencryptoki pkcsslotd user" $(pkcsslotd_user)
|
||||||
|
-else
|
||||||
- getent group $(pkcs_group) > /dev/null || $(GROUPADD) -r $(pkcs_group)
|
- getent group $(pkcs_group) > /dev/null || $(GROUPADD) -r $(pkcs_group)
|
||||||
- getent passwd $(pkcsslotd_user) >/dev/null || $(USERADD) -r -g $(pkcs_group) -d /run/opencryptoki -s /sbin/nologin -c "Opencryptoki pkcsslotd user" $(pkcsslotd_user)
|
- getent passwd $(pkcsslotd_user) >/dev/null || $(USERADD) -r -g $(pkcs_group) -d $(RUN_PATH)/opencryptoki -s /sbin/nologin -c "Opencryptoki pkcsslotd user" $(pkcsslotd_user)
|
||||||
$(MKDIR_P) $(DESTDIR)/run/opencryptoki/
|
-endif
|
||||||
- $(CHOWN) $(pkcsslotd_user):$(pkcs_group) $(DESTDIR)/run/opencryptoki/
|
$(MKDIR_P) $(DESTDIR)$(RUN_PATH)/opencryptoki/
|
||||||
- $(CHGRP) $(pkcs_group) $(DESTDIR)/run/opencryptoki/
|
- $(CHOWN) $(pkcsslotd_user):$(pkcs_group) $(DESTDIR)$(RUN_PATH)/opencryptoki/
|
||||||
- $(CHMOD) 0710 $(DESTDIR)/run/opencryptoki/
|
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(RUN_PATH)/opencryptoki/
|
||||||
|
- $(CHMOD) 0710 $(DESTDIR)$(RUN_PATH)/opencryptoki/
|
||||||
$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki
|
$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki
|
||||||
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki
|
- $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki
|
||||||
- $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki
|
- $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki
|
||||||
if ENABLE_LIBRARY
|
if ENABLE_LIBRARY
|
||||||
$(MKDIR_P) $(DESTDIR)$(libdir)/opencryptoki/stdll
|
$(MKDIR_P) $(DESTDIR)$(libdir)/opencryptoki/stdll
|
||||||
$(MKDIR_P) $(DESTDIR)$(libdir)/pkcs11
|
$(MKDIR_P) $(DESTDIR)$(libdir)/pkcs11
|
||||||
@@ -100,7 +93,7 @@ if ENABLE_EP11TOK
|
@@ -117,7 +105,7 @@ if ENABLE_EP11TOK
|
||||||
endif
|
endif
|
||||||
if ENABLE_P11SAK
|
if ENABLE_P11SAK
|
||||||
test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true
|
test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true
|
||||||
@ -26,12 +31,12 @@ diff -up opencryptoki-3.21.0/Makefile.am.me opencryptoki-3.21.0/Makefile.am
|
|||||||
endif
|
endif
|
||||||
if ENABLE_ICATOK
|
if ENABLE_ICATOK
|
||||||
cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
|
cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
|
||||||
@@ -151,7 +144,7 @@ endif
|
@@ -168,7 +156,7 @@ endif
|
||||||
if ENABLE_DAEMON
|
if ENABLE_DAEMON
|
||||||
test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true
|
test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true
|
||||||
test -f $(DESTDIR)$(sysconfdir)/opencryptoki/opencryptoki.conf || $(INSTALL) -m 644 $(srcdir)/usr/sbin/pkcsslotd/opencryptoki.conf $(DESTDIR)$(sysconfdir)/opencryptoki/opencryptoki.conf || true
|
test -f $(DESTDIR)$(sysconfdir)/opencryptoki/opencryptoki.conf || $(INSTALL) -m 644 $(srcdir)/usr/sbin/pkcsslotd/opencryptoki.conf $(DESTDIR)$(sysconfdir)/opencryptoki/opencryptoki.conf || true
|
||||||
- test -f $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || $(INSTALL) -m 640 -o root -g $(pkcs_group) -T $(srcdir)/doc/strength-example.conf $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || true
|
- test -f $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || $(INSTALL) -m 640 -o root -g $(pkcs_group) -T $(srcdir)/doc/strength-example.conf $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || true
|
||||||
+ test -f $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || $(INSTALL) -m 640 -o root -T $(srcdir)/doc/strength-example.conf $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || true
|
+ test -f $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || $(INSTALL) -m 640 -o root -T $(srcdir)/doc/strength-example.conf $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || true
|
||||||
endif
|
endif
|
||||||
|
if !AIX
|
||||||
$(MKDIR_P) $(DESTDIR)/etc/ld.so.conf.d
|
$(MKDIR_P) $(DESTDIR)/etc/ld.so.conf.d
|
||||||
echo "$(libdir)/opencryptoki" >\
|
|
75
opencryptoki-3.24.0-resource-leaks.patch
Normal file
75
opencryptoki-3.24.0-resource-leaks.patch
Normal file
@ -0,0 +1,75 @@
|
|||||||
|
commit 66a18ffa057565b6bf292e50969ea27ce33b394c
|
||||||
|
Author: Than Ngo <than@redhat.com>
|
||||||
|
Date: Tue Oct 29 13:41:23 2024 +0100
|
||||||
|
|
||||||
|
Fix resource leak
|
||||||
|
|
||||||
|
1. Defect type: RESOURCE_LEAK
|
||||||
|
4. opencryptoki-3.24.0/usr/sbin/pkcscca/pkcscca.c:740:5: alloc_fn: Storage is returned from allocation function "malloc".
|
||||||
|
5. opencryptoki-3.24.0/usr/sbin/pkcscca/pkcscca.c:740:5: var_assign: Assigning: "new_key->opaque_attr" = storage returned from "malloc(attrs[0].ulValueLen)".
|
||||||
|
7. opencryptoki-3.24.0/usr/sbin/pkcscca/pkcscca.c:748:5: noescape: Resource "new_key->opaque_attr" is not freed or pointed-to in "memcpy". [Note: The source code implementation of the function has been overridden by a builtin model.]
|
||||||
|
9. opencryptoki-3.24.0/usr/sbin/pkcscca/pkcscca.c:752:9: leaked_storage: Freeing "new_key" without freeing its pointer field "opaque_attr" leaks the storage that "opaque_attr" points to.
|
||||||
|
750| if (!new_key->label) {
|
||||||
|
751| print_error("Malloc of %lu bytes failed!", attrs[2].ulValueLen + 1);
|
||||||
|
752|-> free(new_key);
|
||||||
|
753| return 2;
|
||||||
|
754| }
|
||||||
|
|
||||||
|
2. Defect type: RESOURCE_LEAK
|
||||||
|
15. opencryptoki-3.24.0/usr/lib/common/mech_ec.c:1140:5: alloc_arg: "object_mgr_create_skel" allocates memory that is stored into "temp_obj".
|
||||||
|
21. opencryptoki-3.24.0/usr/lib/common/mech_ec.c:1182:5: leaked_storage: Variable "temp_obj" going out of scope leaks the storage it points to.
|
||||||
|
1180| free(derived_key);
|
||||||
|
1181|
|
||||||
|
1182|-> return rc;
|
||||||
|
1183| }
|
||||||
|
1184|
|
||||||
|
|
||||||
|
Signed-off-by: Than Ngo <than@redhat.com>
|
||||||
|
|
||||||
|
diff --git a/usr/lib/common/mech_dh.c b/usr/lib/common/mech_dh.c
|
||||||
|
index b59ed852..79ac5b4d 100644
|
||||||
|
--- a/usr/lib/common/mech_dh.c
|
||||||
|
+++ b/usr/lib/common/mech_dh.c
|
||||||
|
@@ -124,6 +124,8 @@ CK_RV dh_pkcs_derive(STDLL_TokData_t *tokdata,
|
||||||
|
if (rc != CKR_OK) {
|
||||||
|
TRACE_ERROR("template_update_attribute failed\n");
|
||||||
|
free(new_attr);
|
||||||
|
+ object_free(temp_obj);
|
||||||
|
+ temp_obj = NULL;
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/usr/lib/common/mech_ec.c b/usr/lib/common/mech_ec.c
|
||||||
|
index be8f5218..b062dbfb 100644
|
||||||
|
--- a/usr/lib/common/mech_ec.c
|
||||||
|
+++ b/usr/lib/common/mech_ec.c
|
||||||
|
@@ -1152,6 +1152,8 @@ CK_RV ecdh_pkcs_derive(STDLL_TokData_t *tokdata, SESSION *sess,
|
||||||
|
TRACE_ERROR("template_update_attribute failed\n");
|
||||||
|
free(value_attr);
|
||||||
|
free(vallen_attr);
|
||||||
|
+ object_free(temp_obj);
|
||||||
|
+ temp_obj = NULL;
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -1160,6 +1162,8 @@ CK_RV ecdh_pkcs_derive(STDLL_TokData_t *tokdata, SESSION *sess,
|
||||||
|
if (rc != CKR_OK) {
|
||||||
|
TRACE_ERROR("template_update_attribute failed\n");
|
||||||
|
free(vallen_attr);
|
||||||
|
+ object_free(temp_obj);
|
||||||
|
+ temp_obj = NULL;
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
diff --git a/usr/sbin/pkcscca/pkcscca.c b/usr/sbin/pkcscca/pkcscca.c
|
||||||
|
index ffbe3311..a3756c14 100644
|
||||||
|
--- a/usr/sbin/pkcscca/pkcscca.c
|
||||||
|
+++ b/usr/sbin/pkcscca/pkcscca.c
|
||||||
|
@@ -749,6 +749,7 @@ int add_key(CK_OBJECT_HANDLE handle, CK_ATTRIBUTE *attrs, struct key **keys)
|
||||||
|
new_key->label = malloc(attrs[2].ulValueLen + 1);
|
||||||
|
if (!new_key->label) {
|
||||||
|
print_error("Malloc of %lu bytes failed!", attrs[2].ulValueLen + 1);
|
||||||
|
+ free(new_key->opaque_attr);
|
||||||
|
free(new_key);
|
||||||
|
return 2;
|
||||||
|
}
|
@ -1,47 +1,40 @@
|
|||||||
Name: opencryptoki
|
Name: opencryptoki
|
||||||
Summary: Implementation of the PKCS#11 (Cryptoki) specification v3.0
|
Summary: Implementation of the PKCS#11 (Cryptoki) specification v3.0
|
||||||
Version: 3.22.0
|
Version: 3.24.0
|
||||||
Release: 3%{?dist}
|
Release: 2%{?dist}
|
||||||
License: CPL
|
License: CPL-1.0
|
||||||
Group: System Environment/Base
|
|
||||||
URL: https://github.com/opencryptoki/opencryptoki
|
URL: https://github.com/opencryptoki/opencryptoki
|
||||||
Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
|
Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
|
||||||
# bz#1373833, change tmpfiles snippets from /var/lock/* to /run/lock/*
|
# fix install problem in buildroot
|
||||||
Patch1: opencryptoki-3.11.0-lockdir.patch
|
Patch1: opencryptoki-3.24.0-p11sak.patch
|
||||||
# add missing p11sak_defined_attrs.conf
|
|
||||||
Patch2: opencryptoki-3.21.0-p11sak.patch
|
|
||||||
# comment some unsupported sandbox options and add /run to ReadWritePaths to exclude
|
|
||||||
# /run directory from being made read-only on rhel8
|
|
||||||
Patch3: opencryptoki-3.21-sandboxing.patch
|
|
||||||
|
|
||||||
# upstream patches
|
# upstream patches
|
||||||
# CVE-2024-0914 opencryptoki: timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts
|
Patch2: opencryptoki-3.24.0-compile-error-due-to-incompatible-pointer-types.patch
|
||||||
Patch20: opencryptoki-CVE-2024-0914-part1.patch
|
Patch3: opencryptoki-3.24.0-resource-leaks.patch
|
||||||
Patch21: opencryptoki-CVE-2024-0914-part2.patch
|
|
||||||
Patch22: opencryptoki-CVE-2024-0914-part3.patch
|
|
||||||
Patch23: opencryptoki-CVE-2024-0914-part4.patch
|
|
||||||
Patch24: opencryptoki-CVE-2024-0914-part5.patch
|
|
||||||
|
|
||||||
Requires(pre): coreutils diffutils
|
Requires(pre): coreutils
|
||||||
Requires: (selinux-policy >= 3.14.3-121 if selinux-policy-targeted)
|
Requires: (selinux-policy >= 38.1.14-1 if selinux-policy-targeted)
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc gcc-c++
|
||||||
BuildRequires: gcc-c++
|
|
||||||
BuildRequires: openssl-devel >= 1.1.1
|
BuildRequires: openssl-devel >= 1.1.1
|
||||||
|
%if 0%{?tmptok}
|
||||||
BuildRequires: trousers-devel
|
BuildRequires: trousers-devel
|
||||||
|
%endif
|
||||||
BuildRequires: openldap-devel
|
BuildRequires: openldap-devel
|
||||||
BuildRequires: autoconf automake libtool
|
BuildRequires: autoconf automake libtool
|
||||||
BuildRequires: bison flex
|
BuildRequires: bison flex
|
||||||
BuildRequires: systemd-devel
|
|
||||||
BuildRequires: libcap-devel
|
BuildRequires: libcap-devel
|
||||||
BuildRequires: expect
|
BuildRequires: expect
|
||||||
BuildRequires: make
|
BuildRequires: make
|
||||||
|
BuildRequires: systemd-rpm-macros
|
||||||
%ifarch s390 s390x
|
%ifarch s390 s390x
|
||||||
BuildRequires: libica-devel >= 3.3
|
BuildRequires: libica-devel >= 3.3
|
||||||
|
# for /usr/include/libudev.h
|
||||||
|
BuildRequires: systemd-devel
|
||||||
%endif
|
%endif
|
||||||
Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release}
|
Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
Requires: %{name}(token)
|
Requires: %{name}(token)
|
||||||
Requires(post): systemd
|
Requires(post): systemd diffutils
|
||||||
Requires(preun): systemd
|
Requires(preun): systemd
|
||||||
Requires(postun): systemd
|
Requires(postun): systemd
|
||||||
|
|
||||||
@ -56,9 +49,8 @@ This package contains the Slot Daemon (pkcsslotd) and general utilities.
|
|||||||
|
|
||||||
|
|
||||||
%package libs
|
%package libs
|
||||||
Group: System Environment/Libraries
|
Summary: The run-time libraries for opencryptoki package
|
||||||
Summary: The run-time libraries for opencryptoki package
|
Requires(pre): shadow-utils
|
||||||
Requires(pre): shadow-utils
|
|
||||||
|
|
||||||
%description libs
|
%description libs
|
||||||
Opencryptoki implements the PKCS#11 specification v2.20 for a set of
|
Opencryptoki implements the PKCS#11 specification v2.20 for a set of
|
||||||
@ -72,9 +64,8 @@ functional.
|
|||||||
|
|
||||||
|
|
||||||
%package devel
|
%package devel
|
||||||
Group: Development/Libraries
|
Summary: Development files for openCryptoki
|
||||||
Summary: Development files for openCryptoki
|
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
|
||||||
|
|
||||||
%description devel
|
%description devel
|
||||||
This package contains the development header files for building
|
This package contains the development header files for building
|
||||||
@ -82,11 +73,10 @@ opencryptoki and PKCS#11 based applications
|
|||||||
|
|
||||||
|
|
||||||
%package swtok
|
%package swtok
|
||||||
Group: System Environment/Libraries
|
Summary: The software token implementation for opencryptoki
|
||||||
Summary: The software token implementation for opencryptoki
|
Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release}
|
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
Provides: %{name}(token)
|
||||||
Provides: %{name}(token)
|
|
||||||
|
|
||||||
%description swtok
|
%description swtok
|
||||||
Opencryptoki implements the PKCS#11 specification v2.20 for a set of
|
Opencryptoki implements the PKCS#11 specification v2.20 for a set of
|
||||||
@ -99,11 +89,10 @@ without any specific cryptographic hardware.
|
|||||||
|
|
||||||
|
|
||||||
%package tpmtok
|
%package tpmtok
|
||||||
Group: System Environment/Libraries
|
Summary: Trusted Platform Module (TPM) device support for opencryptoki
|
||||||
Summary: Trusted Platform Module (TPM) device support for opencryptoki
|
Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release}
|
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
Provides: %{name}(token)
|
||||||
Provides: %{name}(token)
|
|
||||||
|
|
||||||
%description tpmtok
|
%description tpmtok
|
||||||
Opencryptoki implements the PKCS#11 specification v2.20 for a set of
|
Opencryptoki implements the PKCS#11 specification v2.20 for a set of
|
||||||
@ -116,11 +105,10 @@ Trusted Platform Module (TPM) devices in the opencryptoki stack.
|
|||||||
|
|
||||||
|
|
||||||
%package icsftok
|
%package icsftok
|
||||||
Group: System Environment/Libraries
|
Summary: ICSF token support for opencryptoki
|
||||||
Summary: ICSF token support for opencryptoki
|
Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release}
|
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
Provides: %{name}(token)
|
||||||
Provides: %{name}(token)
|
|
||||||
|
|
||||||
%description icsftok
|
%description icsftok
|
||||||
Opencryptoki implements the PKCS#11 specification v2.20 for a set of
|
Opencryptoki implements the PKCS#11 specification v2.20 for a set of
|
||||||
@ -132,13 +120,11 @@ This package brings the necessary libraries and files to support
|
|||||||
ICSF token in the opencryptoki stack.
|
ICSF token in the opencryptoki stack.
|
||||||
|
|
||||||
|
|
||||||
%ifarch s390 s390x
|
|
||||||
%package icatok
|
%package icatok
|
||||||
Group: System Environment/Libraries
|
Summary: ICA cryptographic devices (clear-key) support for opencryptoki
|
||||||
Summary: ICA cryptographic devices (clear-key) support for opencryptoki
|
Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release}
|
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
Provides: %{name}(token)
|
||||||
Provides: %{name}(token)
|
|
||||||
|
|
||||||
%description icatok
|
%description icatok
|
||||||
Opencryptoki implements the PKCS#11 specification v2.20 for a set of
|
Opencryptoki implements the PKCS#11 specification v2.20 for a set of
|
||||||
@ -152,11 +138,10 @@ cryptographic hardware such as IBM 4764 or 4765 that uses the
|
|||||||
"accelerator" or "clear-key" path.
|
"accelerator" or "clear-key" path.
|
||||||
|
|
||||||
%package ccatok
|
%package ccatok
|
||||||
Group: System Environment/Libraries
|
Summary: CCA cryptographic devices (secure-key) support for opencryptoki
|
||||||
Summary: CCA cryptographic devices (secure-key) support for opencryptoki
|
Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release}
|
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
Provides: %{name}(token)
|
||||||
Provides: %{name}(token)
|
|
||||||
|
|
||||||
%description ccatok
|
%description ccatok
|
||||||
Opencryptoki implements the PKCS#11 specification v2.20 for a set of
|
Opencryptoki implements the PKCS#11 specification v2.20 for a set of
|
||||||
@ -170,11 +155,10 @@ cryptographic hardware such as IBM 4764 or 4765 that uses the
|
|||||||
"co-processor" or "secure-key" path.
|
"co-processor" or "secure-key" path.
|
||||||
|
|
||||||
%package ep11tok
|
%package ep11tok
|
||||||
Group: System Environment/Libraries
|
Summary: EP11 cryptographic devices (secure-key) support for opencryptoki
|
||||||
Summary: CCA cryptographic devices (secure-key) support for opencryptoki
|
Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release}
|
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
Provides: %{name}(token)
|
||||||
Provides: %{name}(token)
|
|
||||||
|
|
||||||
%description ep11tok
|
%description ep11tok
|
||||||
Opencryptoki implements the PKCS#11 specification v2.20 for a set of
|
Opencryptoki implements the PKCS#11 specification v2.20 for a set of
|
||||||
@ -186,7 +170,6 @@ This package brings the necessary libraries and files to support EP11
|
|||||||
tokens in the opencryptoki stack. The EP11 token is a token that uses
|
tokens in the opencryptoki stack. The EP11 token is a token that uses
|
||||||
the IBM Crypto Express adapters (starting with Crypto Express 4S adapters)
|
the IBM Crypto Express adapters (starting with Crypto Express 4S adapters)
|
||||||
configured with Enterprise PKCS#11 (EP11) firmware.
|
configured with Enterprise PKCS#11 (EP11) firmware.
|
||||||
%endif
|
|
||||||
|
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
@ -196,48 +179,29 @@ configured with Enterprise PKCS#11 (EP11) firmware.
|
|||||||
%build
|
%build
|
||||||
./bootstrap.sh
|
./bootstrap.sh
|
||||||
|
|
||||||
%configure --with-systemd=%{_unitdir} \
|
%configure --with-systemd=%{_unitdir} --enable-testcases \
|
||||||
--with-pkcsslotd-user=pkcsslotd --with-pkcs-group=pkcs11 \
|
--with-pkcsslotd-user=pkcsslotd --with-pkcs-group=pkcs11 \
|
||||||
|
%if 0%{?tpmtok}
|
||||||
|
--enable-tpmtok \
|
||||||
|
%else
|
||||||
|
--disable-tpmtok \
|
||||||
|
%endif
|
||||||
%ifarch s390 s390x
|
%ifarch s390 s390x
|
||||||
--enable-icatok --enable-ccatok --enable-ep11tok --enable-pkcsep11_migrate
|
--enable-icatok --enable-ccatok --enable-ep11tok --enable-pkcsep11_migrate
|
||||||
%else
|
%else
|
||||||
--disable-icatok --disable-ccatok --disable-ep11tok --disable-pkcsep11_migrate --disable-pkcscca_migrate
|
--disable-icatok --enable-ccatok --disable-ep11tok --disable-pkcsep11_migrate --enable-pkcscca_migrate
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
make %{?_smp_mflags} CHGRP=/bin/true
|
%make_build CHGRP=/bin/true
|
||||||
|
|
||||||
|
|
||||||
%install
|
%install
|
||||||
make install DESTDIR=$RPM_BUILD_ROOT CHGRP=/bin/true
|
%make_install CHGRP=/bin/true
|
||||||
|
|
||||||
# Remove unwanted cruft
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_libdir}/%{name}/*.la
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_libdir}/%{name}/stdll/*.la
|
|
||||||
|
|
||||||
|
|
||||||
%post libs -p /sbin/ldconfig
|
|
||||||
%post swtok -p /sbin/ldconfig
|
|
||||||
%post tpmtok -p /sbin/ldconfig
|
|
||||||
%post icsftok -p /sbin/ldconfig
|
|
||||||
%ifarch s390 s390x
|
|
||||||
%post icatok -p /sbin/ldconfig
|
|
||||||
%post ccatok -p /sbin/ldconfig
|
|
||||||
%post ep11tok -p /sbin/ldconfig
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%postun libs -p /sbin/ldconfig
|
|
||||||
%postun swtok -p /sbin/ldconfig
|
|
||||||
%postun tpmtok -p /sbin/ldconfig
|
|
||||||
%postun icsftok -p /sbin/ldconfig
|
|
||||||
%ifarch s390 s390x
|
|
||||||
%postun icatok -p /sbin/ldconfig
|
|
||||||
%postun ccatok -p /sbin/ldconfig
|
|
||||||
%postun ep11tok -p /sbin/ldconfig
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%pre
|
%pre
|
||||||
# don't touch opencryptoki.conf even if it is unchanged due to new tokversion
|
# don't touch opencryptoki.conf even if it is unchanged due to new tokversion
|
||||||
# backup config file
|
# backup config file. bz#2044179
|
||||||
%global cfile /etc/opencryptoki/opencryptoki.conf
|
%global cfile /etc/opencryptoki/opencryptoki.conf
|
||||||
%global csuffix .rpmsave.XyoP
|
%global csuffix .rpmsave.XyoP
|
||||||
if test $1 -gt 1 && test -f %{cfile} ; then
|
if test $1 -gt 1 && test -f %{cfile} ; then
|
||||||
@ -260,7 +224,7 @@ fi
|
|||||||
|
|
||||||
%systemd_post pkcsslotd.service
|
%systemd_post pkcsslotd.service
|
||||||
if test $1 -eq 1; then
|
if test $1 -eq 1; then
|
||||||
%tmpfiles_create
|
%tmpfiles_create %{name}.conf
|
||||||
fi
|
fi
|
||||||
|
|
||||||
%preun
|
%preun
|
||||||
@ -269,8 +233,6 @@ fi
|
|||||||
%postun
|
%postun
|
||||||
%systemd_postun_with_restart pkcsslotd.service
|
%systemd_postun_with_restart pkcsslotd.service
|
||||||
|
|
||||||
%triggerun -- opencryptoki < 3.21.0-1
|
|
||||||
/usr/bin/systemctl daemon-reload
|
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%doc ChangeLog FAQ README.md
|
%doc ChangeLog FAQ README.md
|
||||||
@ -289,11 +251,13 @@ fi
|
|||||||
%{_sbindir}/pkcsslotd
|
%{_sbindir}/pkcsslotd
|
||||||
%{_sbindir}/pkcsstats
|
%{_sbindir}/pkcsstats
|
||||||
%{_sbindir}/pkcshsm_mk_change
|
%{_sbindir}/pkcshsm_mk_change
|
||||||
|
%{_sbindir}/pkcstok_admin
|
||||||
%{_mandir}/man1/p11sak.1*
|
%{_mandir}/man1/p11sak.1*
|
||||||
%{_mandir}/man1/pkcstok_migrate.1*
|
%{_mandir}/man1/pkcstok_migrate.1*
|
||||||
%{_mandir}/man1/pkcsconf.1*
|
%{_mandir}/man1/pkcsconf.1*
|
||||||
%{_mandir}/man1/pkcsstats.1*
|
%{_mandir}/man1/pkcsstats.1*
|
||||||
%{_mandir}/man1/pkcshsm_mk_change.1*
|
%{_mandir}/man1/pkcshsm_mk_change.1*
|
||||||
|
%{_mandir}/man1/pkcstok_admin.1*
|
||||||
%{_mandir}/man5/policy.conf.5*
|
%{_mandir}/man5/policy.conf.5*
|
||||||
%{_mandir}/man5/strength.conf.5*
|
%{_mandir}/man5/strength.conf.5*
|
||||||
%{_mandir}/man5/%{name}.conf.5*
|
%{_mandir}/man5/%{name}.conf.5*
|
||||||
@ -334,11 +298,13 @@ fi
|
|||||||
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/swtok/
|
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/swtok/
|
||||||
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/swtok/TOK_OBJ/
|
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/swtok/TOK_OBJ/
|
||||||
|
|
||||||
|
%if 0%{?tmptok}
|
||||||
%files tpmtok
|
%files tpmtok
|
||||||
%doc doc/README.tpm_stdll
|
%doc doc/README.tpm_stdll
|
||||||
%{_libdir}/opencryptoki/stdll/libpkcs11_tpm.*
|
%{_libdir}/opencryptoki/stdll/libpkcs11_tpm.*
|
||||||
%{_libdir}/opencryptoki/stdll/PKCS11_TPM.so
|
%{_libdir}/opencryptoki/stdll/PKCS11_TPM.so
|
||||||
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/tpm/
|
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/tpm/
|
||||||
|
%endif
|
||||||
|
|
||||||
%files icsftok
|
%files icsftok
|
||||||
%doc doc/README.icsf_stdll
|
%doc doc/README.icsf_stdll
|
||||||
@ -354,6 +320,7 @@ fi
|
|||||||
%{_libdir}/opencryptoki/stdll/PKCS11_ICA.so
|
%{_libdir}/opencryptoki/stdll/PKCS11_ICA.so
|
||||||
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/lite/
|
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/lite/
|
||||||
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/lite/TOK_OBJ/
|
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/lite/TOK_OBJ/
|
||||||
|
%endif
|
||||||
|
|
||||||
%files ccatok
|
%files ccatok
|
||||||
%doc doc/README.cca_stdll
|
%doc doc/README.cca_stdll
|
||||||
@ -365,6 +332,7 @@ fi
|
|||||||
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/ccatok/
|
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/ccatok/
|
||||||
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/ccatok/TOK_OBJ/
|
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/ccatok/TOK_OBJ/
|
||||||
|
|
||||||
|
%ifarch s390 s390x
|
||||||
%files ep11tok
|
%files ep11tok
|
||||||
%doc doc/README.ep11_stdll
|
%doc doc/README.ep11_stdll
|
||||||
%config(noreplace) %{_sysconfdir}/%{name}/ep11tok.conf
|
%config(noreplace) %{_sysconfdir}/%{name}/ep11tok.conf
|
||||||
@ -381,196 +349,223 @@ fi
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Nov 07 2024 Than Ngo <than@redhat.com> - 3.24.0-2
|
||||||
|
- Fix resource leak
|
||||||
|
Related: RHEL-50064
|
||||||
|
|
||||||
|
* Tue Oct 22 2024 Than Ngo <than@redhat.com> - 3.24.0-1
|
||||||
|
- Resolves: RHEL-50064, update to 3.24.0
|
||||||
|
- Resolves: RHEL-50063, opencryptoki CCA Token support for x86_64 and ppc64le
|
||||||
|
- Resolves: RHEL-50058, openCryptoki CCA token support of Dilithium
|
||||||
|
- Resolves: RHEL-50056, openCryptoki cca token SHA3 support
|
||||||
|
- Resolves: RHEL-50057, openCryptoki cca token RSA OAEP v2.1 support
|
||||||
|
|
||||||
|
* Wed May 22 2024 Than Ngo <than@redhat.com> - 3.23.0-1
|
||||||
|
- Resolves: RHEL-23671, ep11 token: support protected keys for extractable keys
|
||||||
|
- Resolves: RHEL-23672, ep11 token support for FIPS 2021-session bound EP11 keys
|
||||||
|
- Resolves: RHEL-23673, update to 3.23.0
|
||||||
|
|
||||||
* Fri Feb 16 2024 Than Ngo <than@redhat.com> - 3.22.0-3
|
* Fri Feb 16 2024 Than Ngo <than@redhat.com> - 3.22.0-3
|
||||||
- Fix implicit rejection with RSA keys with empty CKA_PRIVATE_EXPONENT
|
- Fix implicit rejection with RSA keys with empty CKA_PRIVATE_EXPONENT
|
||||||
Related: RHEL-22791
|
Related: RHEL-22792
|
||||||
|
|
||||||
* Thu Feb 08 2024 Than Ngo <than@redhat.com> - 3.22.0-2
|
* Thu Feb 08 2024 Than Ngo <than@redhat.com> - 3.22.0-2
|
||||||
- timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin)
|
- timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin)
|
||||||
Resolves: RHEL-22791
|
Resolves: RHEL-22792
|
||||||
|
|
||||||
* Thu Nov 23 2023 Than Ngo <than@redhat.com> - 3.22.0-1
|
* Tue Nov 21 2023 Than Ngo <than@redhat.com> - 3.22.0-1
|
||||||
- Resolves: RHEL-11413, update to 3.22.0
|
- Resolves: RHEL-11412, rebase to 3.22.0
|
||||||
|
- Resolves: RHEL-10569, openCryptoki for PKCS #11 3.0
|
||||||
|
|
||||||
* Tue Jul 18 2023 Than Ngo <than@redhat.com> - 3.21.0-9
|
* Fri Jul 14 2023 Than Ngo <than@redhat.com> - 3.21.0-8
|
||||||
- Resolves: #2223588, FTBFS
|
- Resolves: #2222592, p11sak tool: slot option does not accept argument 0 for slot index 0
|
||||||
|
- Resolves: #2222596, p11sak fails as soon as there reside non-key objects
|
||||||
* Tue Jul 18 2023 Than Ngo <than@redhat.com> - 3.21.0-8
|
|
||||||
- Related: #2222595, add triggerun to reload daemon
|
|
||||||
|
|
||||||
* Fri Jul 14 2023 Than Ngo <than@redhat.com> - 3.21.0-7
|
|
||||||
- Resolves: #2222595, p11sak tool: slot option does not accept argument 0 for slot index 0
|
|
||||||
- Resolves: #2222594, p11sak fails as soon as there reside non-key objects
|
|
||||||
|
|
||||||
* Tue Jul 04 2023 Than Ngo <than@redhat.com> - 3.21.0-6
|
|
||||||
- add workaround for segfault in PEM_write_bio() on OpenSSL 1.1.1
|
|
||||||
Related: #2159741
|
|
||||||
|
|
||||||
* Tue Jun 13 2023 Than Ngo <than@redhat.com> - 3.21.0-5
|
* Tue Jun 13 2023 Than Ngo <than@redhat.com> - 3.21.0-5
|
||||||
- add requirement on selinux-policy >= 3.14.3-121 for pkcsslotd policy sandboxing
|
- add requirement on selinux-policy >= 38.1.14-1 for pkcsslotd policy sandboxing
|
||||||
Related: #2159697
|
Related: #2160061
|
||||||
|
|
||||||
* Thu May 25 2023 Than Ngo <than@redhat.com> - 3.21.0-4
|
* Fri May 26 2023 Than Ngo <than@redhat.com> - 3.21.0-4
|
||||||
- add verify attributes for opencryptoki.conf to ignore the verification
|
- add verify attributes for opencryptoki.conf to ignore the verification
|
||||||
Related: #2159697
|
|
||||||
|
Related: #2160061
|
||||||
|
|
||||||
* Mon May 22 2023 Than Ngo <than@redhat.com> - 3.21.0-3
|
* Mon May 22 2023 Than Ngo <than@redhat.com> - 3.21.0-3
|
||||||
- pkcsstats: Fix handling of user name
|
- Resolves: #2110497, concurrent MK rotation for cca token
|
||||||
- p11sak: Fix user confirmation prompt behavior when stdin is closed
|
- Resolves: #2110498, concurrent MK rotation for ep11 token
|
||||||
Related: #2159697
|
- Resolves: #2110499, ep11 token: PKCS #11 3.0 - support AES_XTS
|
||||||
|
- Resolves: #2111010, cca token: protected key support
|
||||||
* Tue May 16 2023 Than Ngo <than@redhat.com> - 3.21.0-2
|
- Resolves: #2160061, rebase to 3.21.0
|
||||||
- add missing /var/lib/opencryptoki/HSM_MK_CHANGE
|
- Resolves: #2160105, pkcsslotd hardening
|
||||||
- disable unsupported sandbox options and add /run to ReadWritePaths to exclude
|
- Resolves: #2160107, p11sak support Dilithium and Kyber keys
|
||||||
/run directory from being made read-only on rhel8
|
- Resolves: #2160109, ica and soft tokens: PKCS #11 3.0 - support AES_XTS
|
||||||
Related: #2159697
|
|
||||||
|
|
||||||
* Mon May 15 2023 Than Ngo <than@redhat.com> - 3.21.0-1
|
|
||||||
- Resolves: #1984865, ep11 and cca: support concurrent HSM master key changes
|
|
||||||
- Resolves: #2110500, ep11 token: PKCS #11 3.0 - support AES_XTS
|
|
||||||
- Resolves: #2111011, cca token: protected key support
|
|
||||||
- Resolves: #2159697, update to 3.21.0
|
|
||||||
- Resolves: #2159740, pkcsslotd hardening
|
|
||||||
- Resolves: #2159741, p11sak support Dilithium and Kyber keys
|
|
||||||
- Resolves: #2159742, ica and soft tokens: PKCS #11 3.0 - support AES_XTS
|
|
||||||
|
|
||||||
* Mon Jan 30 2023 Than Ngo <than@redhat.com> - 3.19.0-2
|
* Mon Jan 30 2023 Than Ngo <than@redhat.com> - 3.19.0-2
|
||||||
- Resolves: #2043856, Support of ep11 token for new IBM Z Hardware (IBM z16)
|
- Resolves: #2044182, Support of ep11 token for new IBM Z Hardware (IBM z16)
|
||||||
|
|
||||||
* Tue Nov 01 2022 Than Ngo <than@redhat.com> - 3.19.0-1
|
* Tue Oct 11 2022 Than Ngo <than@redhat.com> - 3.19.0-1
|
||||||
- Resolves: #2126612, opencryptoki fails after generating > 500 RSA keys
|
- Resolves: #2126294, opencryptoki fails after generating > 500 RSA keys
|
||||||
- Resolves: #2110315, rebase to 3.19.0
|
- Resolves: #2110314, rebase to 3.19.0
|
||||||
- Resolves: #2110990, openCryptoki key generation with expected MKVP only on CCA and EP11 tokens
|
- Resolves: #2110989, openCryptoki key generation with expected MKVP only on CCA and EP11 tokens
|
||||||
- Resolves: #2110477, openCryptoki ep11 token: master key consistency
|
- Resolves: #2110476, openCryptoki ep11 token: master key consistency
|
||||||
- Resolves: #1984871, openCryptoki ep11 token: vendor specific key derivation
|
- Resolves: #2018458, openCryptoki ep11 token: vendor specific key derivation
|
||||||
|
|
||||||
* Mon Aug 01 2022 Than Ngo <than@redhat.com> - 3.18.0-3
|
* Fri Jul 29 2022 Than Ngo <than@redhat.com> - 3.18.0-4
|
||||||
- Related: #2043854, do not touch opencryptoki.conf if it is in place already and even if it is unchanged
|
- Related: #2044179, do not touch opencryptoki.conf if it is in place already and even if it is unchanged
|
||||||
- Resolves: #2112785, EP11: Fix C_GetMechanismList returning CKR_BUFFER_TOO_SMALL
|
|
||||||
|
|
||||||
* Tue Jun 07 2022 Than Ngo <than@redhat.com> - 3.18.0-2
|
* Tue Jun 07 2022 Than Ngo <than@redhat.com> - 3.18.0-3
|
||||||
- Related: #2043854, fix json output
|
- Related: #2044179, fix json output
|
||||||
|
|
||||||
* Tue May 24 2022 Than Ngo <than@redhat.com> - 3.18.0-1
|
* Mon May 09 2022 Than Ngo <than@redhat.com> - 3.18.0-2
|
||||||
- Resolves: #2043845, rebase to 3.18.0
|
- Related: #2044179, add missing strength.conf
|
||||||
- Resolves: #2043854, add crypto counters
|
|
||||||
- Resolves: #2043855, support crypto profiles
|
|
||||||
|
|
||||||
* Fri Apr 15 2022 Than Ngo <than@redhat.com> - 3.17.0-4
|
* Mon May 09 2022 Than Ngo <than@redhat.com> - 3.18.0-1
|
||||||
- Resolves: #2066762, Dilithium support not available
|
- Resolves: #2044179, rebase to 3.18.0
|
||||||
|
- Resolves: #2068091, pkcsconf -t failed with Segmentation fault in FIPS mode
|
||||||
|
- Resolves: #2066763, Dilithium support not available
|
||||||
|
- Resolves: #2064697, OpenSSL 3.0 Compatibility for IBM Security Libraries and Tools
|
||||||
|
- Resolves: #2044181, support crypto profiles
|
||||||
|
- Resolves: #2044180, add crypto counters
|
||||||
|
|
||||||
* Mon Jan 17 2022 Than Ngo <than@redhat.com> - 3.17.0-3
|
* Tue May 03 2022 Than Ngo <than@redhat.com> - 3.17.0-6
|
||||||
- Resolves: #2040677, API: Unlock GlobMutex if user and group check fails
|
- Resolves: #2066763, Dilithium support not available
|
||||||
|
|
||||||
* Tue Nov 09 2021 Than Ngo <than@redhat.com> - 3.17.0-2
|
* Mon Mar 14 2022 Than Ngo <than@redhat.com> - 3.17.0-5
|
||||||
- Related: #1984993, add missing p11sak_defined_attrs.conf
|
- Resolves: #2064697, ICA/EP11: Support libica version 4
|
||||||
|
|
||||||
* Tue Oct 19 2021 Than Ngo <than@redhat.com> - 3.17.0-1
|
* Mon Jan 17 2022 Than Ngo <than@redhat.com> - 3.17.0-4
|
||||||
- Resolves: #1984993, rebase to 3.17.0
|
- Resolves: #2040678, API: Unlock GlobMutex if user and group check fails
|
||||||
- Resolves: #1984870, openCryptoki key management tool
|
|
||||||
|
|
||||||
* Mon Sep 13 2021 Than Ngo <than@redhat.com> - 3.16.0-6
|
* Sat Dec 04 2021 Than Ngo <than@redhat.com> - 3.17.0-3
|
||||||
- Fix: Could not open /run/lock/opencryptoki/LCK..APIlock
|
- Related: #2015888, added missing patch pkcsslotd-pidfile
|
||||||
|
|
||||||
* Thu Aug 19 2021 Than Ngo <than@redhat.com> - 3.16.0-5
|
* Wed Nov 24 2021 Than Ngo <than@redhat.com> - 3.17.0-2
|
||||||
- Resolves: #1987256, pkcstok_migrate leaves options with multiple strings in opencryptoki.conf options without double-quotes
|
- Related: #2015888, add missing p11sak_defined_attrs.conf
|
||||||
|
|
||||||
* Fri Jul 16 2021 Than Ngo <than@redhat.com> - 3.16.0-4
|
* Wed Nov 03 2021 Than Ngo <than@redhat.com> - 3.17.0-1
|
||||||
- Resolves: #1964304, Fix detection if pkcsslotd is still running
|
- Resolves: #2015888, rebase to 3.17.0
|
||||||
|
- Resolves: #2017720, openCryptoki key management tool
|
||||||
|
|
||||||
* Tue Jun 15 2021 Than Ngo <than@redhat.com> - 3.16.0-3
|
* Thu Aug 26 2021 Than Ngo <than@redhat.com> - 3.16.0-12
|
||||||
- Related: #1919223, add conditional requirement
|
- Related: #1989138, Support for OpenSSL 3.0
|
||||||
|
|
||||||
* Fri Jun 11 2021 Than Ngo <than@redhat.com> - 3.16.0-2
|
* Mon Aug 23 2021 Than Ngo <than@redhat.com> - 3.16.0-11
|
||||||
- Related: #1919223, add requirement on selinux-policy >= 3.14.3-70 for using ipsec
|
- Resolves: #1989138, Support for OpenSSL 3.0
|
||||||
|
|
||||||
* Tue Jun 01 2021 Than Ngo <than@redhat.com> - 3.16.0-1
|
* Thu Aug 19 2021 Than Ngo <than@redhat.com> - 3.16.0-10
|
||||||
- Resolves: #1919223, rebase to 3.16.0
|
- Resolves: #1987186, pkcstok_migrate leaves options with multiple strings in opencryptoki.conf options without double-quotes
|
||||||
- Resolves: #1922195, Event Notification Support
|
|
||||||
- Resolves: #1959936, Soft token does not check if an EC key is valid
|
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.16.0-9
|
||||||
- Resolves: #1851104, import and export of secure key objects
|
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||||
- Resolves: #1851106, openCryptoki ep11 token: protected key support
|
Related: rhbz#1991688
|
||||||
- Resolves: #1851107, openCryptoki ep11 token: support attribute bound keys
|
|
||||||
|
* Wed Jul 28 2021 Florian Weimer <fweimer@redhat.com> - 3.16.0-8
|
||||||
|
- Rebuild to pick up OpenSSL 3.0 Beta ABI (#1984097)
|
||||||
|
|
||||||
|
* Fri Jul 16 2021 Than Ngo <than@redhat.com> - 3.16.0-7
|
||||||
|
- Resolves: #1974365, Fix detection if pkcsslotd is still running
|
||||||
|
|
||||||
|
* Fri Jun 25 2021 Than Ngo <than@redhat.com> - 3.16.0-6
|
||||||
|
- Resolves: #1974693, pkcsslotd PIDfile below legacy directory /var/run/
|
||||||
|
|
||||||
|
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.16.0-5
|
||||||
|
- Rebuilt for RHEL 9 BETA for openssl 3.0
|
||||||
|
Related: rhbz#1971065
|
||||||
|
|
||||||
|
* Tue Jun 15 2021 Than Ngo <than@redhat.com> - 3.16.0-4
|
||||||
|
- Related: #1924120, add conditional requirement on new selinux-policy
|
||||||
|
|
||||||
|
* Mon May 17 2021 Than Ngo <than@redhat.com> - 3.16.0-3
|
||||||
|
- Resolves: #1959894, Soft token does not check if an EC key is valid
|
||||||
|
- Resolves: #1924120, Event Notification Support
|
||||||
|
|
||||||
|
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.16.0-2
|
||||||
|
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||||
|
|
||||||
|
* Wed Mar 31 2021 Dan Horák <dan[at]danny.cz> - 3.16.0-1
|
||||||
|
- Rebase to 3.16.0
|
||||||
|
|
||||||
|
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 3.15.1-6
|
||||||
|
- Rebuilt for updated systemd-rpm-macros
|
||||||
|
See https://pagure.io/fesco/issue/2583.
|
||||||
|
|
||||||
* Fri Feb 12 2021 Than Ngo <than@redhat.com> - 3.15.1-5
|
* Fri Feb 12 2021 Than Ngo <than@redhat.com> - 3.15.1-5
|
||||||
- Resolves: #1928120, Fix problem with C_Get/SetOperationState and digest contexts
|
- Added upstream patch, a slot ID has nothing to do with the number of slots
|
||||||
|
|
||||||
* Fri Feb 12 2021 Than Ngo <than@redhat.com> - 3.15.1-4
|
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.15.1-4
|
||||||
- Resolves: #1927745, pkcscca migration fails with usr/sb2 is not a valid slot ID
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||||
|
|
||||||
* Thu Nov 26 2020 Than Ngo <than@redhat.com> - 3.15.1-3
|
* Tue Dec 22 2020 Than Ngo <than@redhat.com> - 3.15.1-3
|
||||||
- Resolves: #1902022
|
- Drop tpm1.2 support by default
|
||||||
Fix compiling with c++
|
|
||||||
Added error message handling for p11sak remove-key command
|
|
||||||
|
|
||||||
* Thu Nov 26 2020 Than Ngo <than@redhat.com> - 3.15.1-2
|
* Tue Dec 22 2020 Than Ngo <than@redhat.com> - 3.15.1-2
|
||||||
- Related: #1847433, Added error message handling for p11sak remove-key command
|
- Fix compiling with c++
|
||||||
|
- Added error message handling for p11sak remove-key command
|
||||||
|
- Add BR on make
|
||||||
|
|
||||||
* Mon Nov 02 2020 Than Ngo <than@redhat.com> - 3.15.1-1
|
* Mon Nov 02 2020 Than Ngo <than@redhat.com> - 3.15.1-1
|
||||||
- Related: #1847433
|
- Rebase to 3.15.1
|
||||||
upstream fixes:
|
|
||||||
- Free generated key in all error cases
|
|
||||||
- CCA: Zeroize key buffer to avoid CCA 8/32 error
|
|
||||||
- Do not delete the map-btree entry if destroying an object is not allowed
|
|
||||||
- Remove now unused header timeb.h
|
|
||||||
- TESTCASES: Use FIPS conforming keys for 3DES CBC-MAC test vectors
|
|
||||||
- Fix buffer overrun in C_CopyObject
|
|
||||||
- TPM: Fix double free in openssl_gen_key
|
|
||||||
|
|
||||||
* Mon Oct 19 2020 Than Ngo <than@redhat.com> - 3.15.0-1
|
* Mon Oct 19 2020 Dan Horák <dan[at]danny.cz> - 3.15.0-1
|
||||||
- Resolves: #1847433, rebase to 3.15.0
|
- Rebase to 3.15.0
|
||||||
- Resolves: #1851105, PKCS #11 3.0 - baseline provider support
|
|
||||||
- Resolves: #1851108, openCryptoki ep11 token: enhanced functionality
|
|
||||||
- Resolves: #1851109, openCryptoki key management tool: key deletion function
|
|
||||||
|
|
||||||
* Mon Jul 06 2020 Than Ngo <than@redhat.com> - 3.14.0-5
|
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.14.0-6
|
||||||
- Related: #1853420, more fixes
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||||
|
|
||||||
* Fri Jul 03 2020 Than Ngo <than@redhat.com> - 3.14.0-4
|
* Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 3.14.0-5
|
||||||
- Resolves: #1853420, endian issue
|
- Use make macros
|
||||||
|
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
|
||||||
|
|
||||||
* Mon Jun 15 2020 Than Ngo <than@redhat.com> - 3.14.0-3
|
* Wed Jul 08 2020 Than Ngo <than@redhat.com> - 3.14.0-4
|
||||||
- Resolves: #1780294, PIN conversion tool
|
- added PIN conversion tool
|
||||||
|
|
||||||
* Tue May 26 2020 Than Ngo <than@redhat.com> - 3.14.0-2
|
* Wed Jul 01 2020 Than Ngo <than@redhat.com> - 3.14.0-3
|
||||||
- Related: #1780293, fix regression, segfault in C_SetPin
|
- upstream fix - handle early error cases in C_Initialize
|
||||||
|
|
||||||
* Tue May 19 2020 Than Ngo <than@redhat.com> - 3.14.0-1
|
* Wed May 27 2020 Than Ngo <than@redhat.com> - 3.14.0-2
|
||||||
- Resolves: #1723863 - ep11 token: Enhanced Support
|
- fix regression, segfault in C_SetPin
|
||||||
- Resolves: #1780285 - ep11 token: Support for new IBM Z hardware z15
|
|
||||||
- Resolves: #1780293 - rebase to 3.14.0
|
|
||||||
- Resolves: #1800549 - key management tool: list keys function
|
|
||||||
-Resolves: #1800555 - key management tool: random key generation function
|
|
||||||
|
|
||||||
* Fri Dec 13 2019 Than Ngo <than@redhat.com> - 3.12.1-2
|
* Fri May 15 2020 Dan Horák <dan[at]danny.cz> - 3.14.0-1
|
||||||
- Resolves: #1782445, EP11: Fix EC-uncompress buffer length
|
- Rebase to 3.14.0
|
||||||
|
|
||||||
* Thu Nov 28 2019 Than Ngo <than@redhat.com> - 3.12.1-1
|
* Fri Mar 06 2020 Dan Horák <dan[at]danny.cz> - 3.13.0-1
|
||||||
- Resolves: #1777313, rebase to 3.12.1
|
- Rebase to 3.13.0
|
||||||
|
|
||||||
* Tue Nov 12 2019 Than Ngo <than@redhat.com> - 3.12.0-1
|
* Mon Feb 03 2020 Dan Horák <dan[at]danny.cz> - 3.12.1-3
|
||||||
- Resolves: #1726243, rebase to 3.12.0
|
- fix build with gcc 10
|
||||||
|
|
||||||
* Mon Aug 26 2019 Dan Horák <dhorak@redhat.com> - 3.11.1-2
|
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.12.1-2
|
||||||
- Resolves: #1739433, ICA HW token missing after the package update
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||||
|
|
||||||
* Mon May 06 2019 Than Ngo <than@redhat.com> - 3.11.1-1
|
* Wed Nov 27 2019 Dan Horák <dan[at]danny.cz> - 3.12.1-1
|
||||||
- Resolves: #1706140, rebase to 3.11.1
|
- Rebase to 3.12.1
|
||||||
|
|
||||||
* Tue Mar 26 2019 Than Ngo <than@redhat.com> - 3.11.0-3
|
* Wed Nov 13 2019 Dan Horák <dan[at]danny.cz> - 3.12.0-1
|
||||||
- Resolves: #1667941, 3des tests failures due to FIPS incompatible test scenarios
|
- Rebase to 3.12.0
|
||||||
- Resolves: #1651731, ep11 token: enhanced IBM z14 functions
|
|
||||||
- Resolves: #1651732, ep11 token: support m_*Single functions from ep11 lib
|
|
||||||
- Resolves: #1525407, use CPACF hashes in ep11 token
|
|
||||||
- Resolves: #1651238, rebase to 3.11.0
|
|
||||||
- Resolves: #1682530, gating
|
|
||||||
|
|
||||||
* Fri Dec 14 2018 Than Ngo <than@redhat.com> - 3.10.0-3
|
* Sun Sep 22 2019 Dan Horák <dan[at]danny.cz> - 3.11.1-1
|
||||||
- Resolves: #1657683, can't establish libica token in FIPS mode
|
- Rebase to 3.11.1
|
||||||
- Resolves: #1652856, EP11 token fails when using Strict-Session mode or VHSM-Mode
|
|
||||||
|
|
||||||
* Thu Oct 25 2018 Than Ngo <than@redhat.com> - 3.10.0-2
|
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.11.0-5
|
||||||
- Resolves: #1602641, covscan
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Mar 28 2019 Than Ngo <than@redhat.com> - 3.11.0-4
|
||||||
|
- enable testcase by default
|
||||||
|
- fix URL
|
||||||
|
|
||||||
|
* Tue Feb 19 2019 Than Ngo <than@redhat.com> - 3.11.0-3
|
||||||
|
- Resolved #1063763 - opencryptoki tools should inform the user that he is not in pkcs11 group
|
||||||
|
|
||||||
|
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.11.0-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Jan 31 2019 Than Ngo <than@redhat.com> - 3.11.0-1
|
||||||
|
- Updated to 3.11.0
|
||||||
|
- Resolved #1341079 - Failed to create directory or subvolume "/var/lock/opencryptoki"
|
||||||
|
- Ported root's group membership's patch for 3.11.0
|
||||||
|
|
||||||
|
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.10.0-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||||
|
|
||||||
* Tue Jun 12 2018 Dan Horák <dan[at]danny.cz> - 3.10.0-1
|
* Tue Jun 12 2018 Dan Horák <dan[at]danny.cz> - 3.10.0-1
|
||||||
- Rebase to 3.10.0
|
- Rebase to 3.10.0
|
Loading…
Reference in New Issue
Block a user