From bed5cd8d53fdf0043438c92c1a0ec05f3f095cc3 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Wed, 14 May 2025 15:55:54 +0000 Subject: [PATCH] import UBI p11-kit-0.25.5-7.el10 --- .gitignore | 6 +- .p11-kit.metadata | 3 - SOURCES/001-dt-needed.patch | 42 - SOURCES/002-doc-dep.patch | 42 - SOURCES/003-IBM-mechs-and-attrs.patch | 953 ------------------ p11-kit-0.25.5-trust-file-length.patch | 73 ++ ...t-client.service => p11-kit-client.service | 0 SPECS/p11-kit.spec => p11-kit.spec | 242 ++++- sources | 3 + ...ust-extract-compat => trust-extract-compat | 0 10 files changed, 286 insertions(+), 1078 deletions(-) delete mode 100644 .p11-kit.metadata delete mode 100644 SOURCES/001-dt-needed.patch delete mode 100644 SOURCES/002-doc-dep.patch delete mode 100644 SOURCES/003-IBM-mechs-and-attrs.patch create mode 100644 p11-kit-0.25.5-trust-file-length.patch rename SOURCES/p11-kit-client.service => p11-kit-client.service (100%) rename SPECS/p11-kit.spec => p11-kit.spec (57%) create mode 100644 sources rename SOURCES/trust-extract-compat => trust-extract-compat (100%) diff --git a/.gitignore b/.gitignore index 1dd2e3b..7712dd8 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ -SOURCES/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg -SOURCES/p11-kit-0.23.22.tar.xz -SOURCES/p11-kit-0.23.22.tar.xz.sig +p11-kit-0.25.5.tar.xz +p11-kit-0.25.5.tar.xz.sig +p11-kit-release-keyring.gpg diff --git a/.p11-kit.metadata b/.p11-kit.metadata deleted file mode 100644 index afd9afe..0000000 --- a/.p11-kit.metadata +++ /dev/null @@ -1,3 +0,0 @@ -526f07b62624739ba318a171bab3352af91d0134 SOURCES/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg -339e5163ed50a9984a74739b9207ea8cd77fa7e2 SOURCES/p11-kit-0.23.22.tar.xz -1ab50d9f01bb186c60c32b56467c6f9f56e365da SOURCES/p11-kit-0.23.22.tar.xz.sig diff --git a/SOURCES/001-dt-needed.patch b/SOURCES/001-dt-needed.patch deleted file mode 100644 index 9c07b87..0000000 --- a/SOURCES/001-dt-needed.patch +++ /dev/null @@ -1,42 +0,0 @@ -From a91266ef087532e2332c75c4fd9244df66f30b64 Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Fri, 18 Dec 2020 13:37:10 +0100 -Subject: [PATCH] meson: Link trust/client modules explicitly to -ldl - -This adds the -ldl link flag missing in the meson build, but present -in the autotools build. Although the use-case is unlikely, this -allows those modules to be linked as a normal shared library to a -program. ---- - p11-kit/meson.build | 1 + - trust/meson.build | 2 +- - 2 files changed, 2 insertions(+), 1 deletion(-) - -diff --git a/p11-kit/meson.build b/p11-kit/meson.build -index 7d57cd7..02147a9 100644 ---- a/p11-kit/meson.build -+++ b/p11-kit/meson.build -@@ -92,6 +92,7 @@ if host_system != 'windows' - 'client.c', 'client-init.c', - name_prefix: '', - include_directories: [configinc, commoninc], -+ dependencies: dlopen_deps, - link_args: p11_module_ldflags, - link_depends: [p11_module_symbol_map, - p11_module_symbol_def], -diff --git a/trust/meson.build b/trust/meson.build -index 482a3c1..d4a8e15 100644 ---- a/trust/meson.build -+++ b/trust/meson.build -@@ -56,7 +56,7 @@ shared_module('p11-kit-trust', - 'module-init.c', - name_prefix: '', - c_args: p11_kit_trust_c_args, -- dependencies: [asn_h_dep, libp11_library_dep] + libtasn1_deps, -+ dependencies: [asn_h_dep, libp11_library_dep] + dlopen_deps + libtasn1_deps, - link_args: p11_module_ldflags, - link_depends: [p11_module_symbol_map, - p11_module_symbol_def], --- -2.29.2 - diff --git a/SOURCES/002-doc-dep.patch b/SOURCES/002-doc-dep.patch deleted file mode 100644 index c173db9..0000000 --- a/SOURCES/002-doc-dep.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 9f01a8a45ba913a9b65894cef9369b6010005096 Mon Sep 17 00:00:00 2001 -From: Eli Schwartz -Date: Tue, 11 Jan 2022 23:25:05 -0500 -Subject: [PATCH] gtkdoc: remove dependencies on custom target files - -Sadly, the `dependencies` kwarg does not actually do what it seems to be -trying to be used for, here. It is for listing dependency or library -objects whose compiler flags should be added to gtkdoc-scangobj. - -It will not actually add ninja target dependencies. The similar kwarg in -other meson functions (e.g. genmarshal and compile_schemas) that *do* -allow adding target dependencies, is `depend_files`. - -Older versions of meson simply did nothing in an if/elif/elif block -where these custom_targets never matched anything, and were thus -silently ignored. - -Meson 0.61 type-validates the arguments and rejects CustomTarget as -invalid: - -``` -doc/manual/meson.build:72:8: ERROR: gnome.gtkdoc keyword argument 'dependencies' was of type array[CustomTarget | PkgConfigDependency] but should have been array[Dependency | SharedLibrary | StaticLibrary] -``` - -Fixes #406 ---- - doc/manual/meson.build | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/doc/manual/meson.build b/doc/manual/meson.build -index cf8758dbf..560df8dbc 100644 ---- a/doc/manual/meson.build -+++ b/doc/manual/meson.build -@@ -73,7 +73,7 @@ if get_option('gtk_doc') - main_xml: 'p11-kit-docs.xml', - namespace: 'p11_kit', - src_dir: 'p11-kit', -- dependencies: libffi_deps + dlopen_deps + xml_deps, -+ dependencies: libffi_deps + dlopen_deps, - scan_args: [ - '--ignore-headers=' + ' '.join(ignore_headers), - '--rebuild-types', diff --git a/SOURCES/003-IBM-mechs-and-attrs.patch b/SOURCES/003-IBM-mechs-and-attrs.patch deleted file mode 100644 index 8561b16..0000000 --- a/SOURCES/003-IBM-mechs-and-attrs.patch +++ /dev/null @@ -1,953 +0,0 @@ -diff --color -ruNp a/common/attrs.c b/common/attrs.c ---- a/common/attrs.c 2020-12-11 15:48:46.000000000 +0100 -+++ b/common/attrs.c 2023-11-29 14:29:45.130552239 +0100 -@@ -709,6 +709,23 @@ attribute_is_sensitive (const CK_ATTRIBU - X (CKA_TRUST_STEP_UP_APPROVED) - X (CKA_CERT_SHA1_HASH) - X (CKA_CERT_MD5_HASH) -+ X (CKA_IBM_OPAQUE) -+ X (CKA_IBM_RESTRICTABLE) -+ X (CKA_IBM_NEVER_MODIFIABLE) -+ X (CKA_IBM_RETAINKEY) -+ X (CKA_IBM_ATTRBOUND) -+ X (CKA_IBM_KEYTYPE) -+ X (CKA_IBM_CV) -+ X (CKA_IBM_MACKEY) -+ X (CKA_IBM_USE_AS_DATA) -+ X (CKA_IBM_STRUCT_PARAMS) -+ X (CKA_IBM_STD_COMPLIANCE1) -+ X (CKA_IBM_PROTKEY_EXTRACTABLE) -+ X (CKA_IBM_PROTKEY_NEVER_EXTRACTABLE) -+ X (CKA_IBM_OPAQUE_PKEY) -+ X (CKA_IBM_DILITHIUM_KEYFORM) -+ X (CKA_IBM_DILITHIUM_RHO) -+ X (CKA_IBM_DILITHIUM_T1) - case CKA_VALUE: - return (klass != CKO_CERTIFICATE && - klass != CKO_X_CERTIFICATE_EXTENSION); -diff --color -ruNp a/common/constants.c b/common/constants.c ---- a/common/constants.c 2020-12-11 15:48:46.000000000 +0100 -+++ b/common/constants.c 2023-11-29 14:29:45.130552239 +0100 -@@ -141,6 +141,28 @@ const p11_constant p11_constant_types[] - CT (CKA_WRAP_TEMPLATE, "wrap-template") - CT (CKA_UNWRAP_TEMPLATE, "unwrap-template") - CT (CKA_ALLOWED_MECHANISMS, "allowed-mechanisms") -+ CT (CKA_IBM_OPAQUE, "ibm-opaque") -+ CT (CKA_IBM_RESTRICTABLE, "ibm-restrictable") -+ CT (CKA_IBM_NEVER_MODIFIABLE, "ibm-never-modifiable") -+ CT (CKA_IBM_RETAINKEY, "ibm-retainkey") -+ CT (CKA_IBM_ATTRBOUND, "ibm-attrbound") -+ CT (CKA_IBM_KEYTYPE, "ibm-keytype") -+ CT (CKA_IBM_CV, "ibm-cv") -+ CT (CKA_IBM_MACKEY, "ibm-mackey") -+ CT (CKA_IBM_USE_AS_DATA, "ibm-use-as-data") -+ CT (CKA_IBM_STRUCT_PARAMS, "ibm-struct-params") -+ CT (CKA_IBM_STD_COMPLIANCE1, "ibm-std_compliance1") -+ CT (CKA_IBM_PROTKEY_EXTRACTABLE, "ibm-protkey-extractable") -+ CT (CKA_IBM_PROTKEY_NEVER_EXTRACTABLE, "ibm-protkey-never-extractable") -+ CT (CKA_IBM_DILITHIUM_KEYFORM, "ibm-dilithium-keyform") -+ CT (CKA_IBM_DILITHIUM_RHO, "ibm-dilithium-rho") -+ CT (CKA_IBM_DILITHIUM_SEED, "ibm-dilithium-seed") -+ CT (CKA_IBM_DILITHIUM_TR, "ibm-dilithium-tr") -+ CT (CKA_IBM_DILITHIUM_S1, "ibm-dilithium-s1") -+ CT (CKA_IBM_DILITHIUM_S2, "ibm-dilithium-s2") -+ CT (CKA_IBM_DILITHIUM_T0, "ibm-dilithium-t0") -+ CT (CKA_IBM_DILITHIUM_T1, "ibm-dilithium-t1") -+ CT (CKA_IBM_OPAQUE_PKEY, "ibm-opaque-pkey") - CT (CKA_NSS_URL, "nss-url") - CT (CKA_NSS_EMAIL, "nss-email") - CT (CKA_NSS_SMIME_INFO, "nss-smime-constant") -@@ -247,6 +269,7 @@ const p11_constant p11_constant_keys[] = - CT (CKK_AES, "aes") - CT (CKK_BLOWFISH, "blowfish") - CT (CKK_TWOFISH, "twofish") -+ CT (CKK_IBM_PQC_DILITHIUM, "ibm-dilithium") - CT (CKK_NSS_PKCS8, "nss-pkcs8") - { CKA_INVALID }, - }; -@@ -595,6 +618,21 @@ const p11_constant p11_constant_mechanis - CT (CKM_DSA_PARAMETER_GEN, "dsa-parameter-gen") - CT (CKM_DH_PKCS_PARAMETER_GEN, "dh-pkcs-parameter-gen") - CT (CKM_X9_42_DH_PARAMETER_GEN, "x9-42-dh-parameter-gen") -+ CT (CKM_IBM_SHA3_224, "ibm-sha3-224") -+ CT (CKM_IBM_SHA3_256, "ibm-sha3-256") -+ CT (CKM_IBM_SHA3_384, "ibm-sha3-384") -+ CT (CKM_IBM_SHA3_512, "ibm-sha3-512") -+ CT (CKM_IBM_CMAC, "ibm-cmac") -+ CT (CKM_IBM_EC_X25519, "ibm-ec-x25519") -+ CT (CKM_IBM_ED25519_SHA512, "ibm-ed25519-sha512") -+ CT (CKM_IBM_EC_X448, "ibm-ec-x448") -+ CT (CKM_IBM_ED448_SHA3, "ibm-ed448-sha3") -+ CT (CKM_IBM_DILITHIUM, "ibm-dilithium") -+ CT (CKM_IBM_SHA3_224_HMAC, "ibm-sha3-224-hmac") -+ CT (CKM_IBM_SHA3_256_HMAC, "ibm-sha3-256-hmac") -+ CT (CKM_IBM_SHA3_384_HMAC, "ibm-sha3-384-hmac") -+ CT (CKM_IBM_SHA3_512_HMAC, "ibm-sha3-512-hmac") -+ CT (CKM_IBM_ATTRIBUTEBOUND_WRAP, "ibm-attributebound-wrap") - { CKA_INVALID }, - }; - -diff --color -ruNp a/common/pkcs11x.h b/common/pkcs11x.h ---- a/common/pkcs11x.h 2020-12-11 16:24:01.000000000 +0100 -+++ b/common/pkcs11x.h 2023-11-29 14:29:45.252554771 +0100 -@@ -181,6 +181,71 @@ typedef CK_ULONG - - #endif /* CRYPTOKI_RU_TEAM_TC26_VENDOR_DEFINED */ - -+/* Define this if you want the IBM specific symbols */ -+#define CRYPTOKI_IBM_VENDOR_DEFINED 1 -+#ifdef CRYPTOKI_IBM_VENDOR_DEFINED -+ -+#define CKK_IBM_PQC_DILITHIUM CKK_VENDOR_DEFINED + 0x10023 -+ -+#define CKA_IBM_OPAQUE (CKA_VENDOR_DEFINED + 1) -+#define CKA_IBM_RESTRICTABLE (CKA_VENDOR_DEFINED + 0x10001) -+#define CKA_IBM_NEVER_MODIFIABLE (CKA_VENDOR_DEFINED + 0x10002) -+#define CKA_IBM_RETAINKEY (CKA_VENDOR_DEFINED + 0x10003) -+#define CKA_IBM_ATTRBOUND (CKA_VENDOR_DEFINED + 0x10004) -+#define CKA_IBM_KEYTYPE (CKA_VENDOR_DEFINED + 0x10005) -+#define CKA_IBM_CV (CKA_VENDOR_DEFINED + 0x10006) -+#define CKA_IBM_MACKEY (CKA_VENDOR_DEFINED + 0x10007) -+#define CKA_IBM_USE_AS_DATA (CKA_VENDOR_DEFINED + 0x10008) -+#define CKA_IBM_STRUCT_PARAMS (CKA_VENDOR_DEFINED + 0x10009) -+#define CKA_IBM_STD_COMPLIANCE1 (CKA_VENDOR_DEFINED + 0x1000a) -+#define CKA_IBM_PROTKEY_EXTRACTABLE (CKA_VENDOR_DEFINED + 0x1000c) -+#define CKA_IBM_PROTKEY_NEVER_EXTRACTABLE (CKA_VENDOR_DEFINED + 0x1000d) -+#define CKA_IBM_DILITHIUM_KEYFORM (CKA_VENDOR_DEFINED + 0xd0001) -+#define CKA_IBM_DILITHIUM_RHO (CKA_VENDOR_DEFINED + 0xd0002) -+#define CKA_IBM_DILITHIUM_SEED (CKA_VENDOR_DEFINED + 0xd0003) -+#define CKA_IBM_DILITHIUM_TR (CKA_VENDOR_DEFINED + 0xd0004) -+#define CKA_IBM_DILITHIUM_S1 (CKA_VENDOR_DEFINED + 0xd0005) -+#define CKA_IBM_DILITHIUM_S2 (CKA_VENDOR_DEFINED + 0xd0006) -+#define CKA_IBM_DILITHIUM_T0 (CKA_VENDOR_DEFINED + 0xd0007) -+#define CKA_IBM_DILITHIUM_T1 (CKA_VENDOR_DEFINED + 0xd0008) -+#define CKA_IBM_OPAQUE_PKEY (CKA_VENDOR_DEFINED + 0xd0100) -+ -+#define CKM_IBM_SHA3_224 (CKM_VENDOR_DEFINED + 0x10001) -+#define CKM_IBM_SHA3_256 (CKM_VENDOR_DEFINED + 0x10002) -+#define CKM_IBM_SHA3_384 (CKM_VENDOR_DEFINED + 0x10003) -+#define CKM_IBM_SHA3_512 (CKM_VENDOR_DEFINED + 0x10004) -+#define CKM_IBM_CMAC (CKM_VENDOR_DEFINED + 0x10007) -+#define CKM_IBM_EC_X25519 (CKM_VENDOR_DEFINED + 0x1001b) -+#define CKM_IBM_ED25519_SHA512 (CKM_VENDOR_DEFINED + 0x1001c) -+#define CKM_IBM_EC_X448 (CKM_VENDOR_DEFINED + 0x1001e) -+#define CKM_IBM_ED448_SHA3 (CKM_VENDOR_DEFINED + 0x1001f) -+#define CKM_IBM_DILITHIUM (CKM_VENDOR_DEFINED + 0x10023) -+#define CKM_IBM_SHA3_224_HMAC (CKM_VENDOR_DEFINED + 0x10025) -+#define CKM_IBM_SHA3_256_HMAC (CKM_VENDOR_DEFINED + 0x10026) -+#define CKM_IBM_SHA3_384_HMAC (CKM_VENDOR_DEFINED + 0x10027) -+#define CKM_IBM_SHA3_512_HMAC (CKM_VENDOR_DEFINED + 0x10028) -+#define CKM_IBM_ATTRIBUTEBOUND_WRAP (CKM_VENDOR_DEFINED + 0x20004) -+ -+/* -+ * If the caller is using the PKCS#11 GNU calling convention, then we cater -+ * to that here. -+ */ -+#ifdef CRYPTOKI_GNU -+#define hSignVerifyKey h_sign_verify_key -+#endif -+ -+struct ck_ibm_attributebound_wrap { -+ CK_OBJECT_HANDLE hSignVerifyKey; -+}; -+ -+typedef struct ck_ibm_attributebound_wrap CK_IBM_ATTRIBUTEBOUND_WRAP_PARAMS; -+ -+#ifdef CRYPTOKI_GNU -+#undef hSignVerifyKey -+#endif -+ -+#endif /* CRYPTOKI_IBM_VENDOR_DEFINED */ -+ - #if defined(__cplusplus) - } - #endif -diff --color -ruNp a/p11-kit/meson.build b/p11-kit/meson.build ---- a/p11-kit/meson.build 2023-11-29 14:27:53.265231072 +0100 -+++ b/p11-kit/meson.build 2023-11-29 14:29:45.264555020 +0100 -@@ -211,6 +211,9 @@ gnu_h = gnu_h_gen.process(pkcs11_gnu_hea - static_library('p11-kit-pkcs11-gnu', - gnu_h, - 'pkcs11-gnu.c', -+ c_args: [ -+ '-DCRYPTOKI_GNU=1', '-DP11_KIT_FUTURE_UNSTABLE_API=1', -+ ], - include_directories: [configinc, commoninc]) - - # Tests ---------------------------------------------------------------- -diff --color -ruNp a/p11-kit/p11-kit.h b/p11-kit/p11-kit.h ---- a/p11-kit/p11-kit.h 2020-12-11 15:48:46.000000000 +0100 -+++ b/p11-kit/p11-kit.h 2023-11-29 14:29:45.265555041 +0100 -@@ -43,12 +43,17 @@ - */ - #ifdef CRYPTOKI_GNU - typedef ck_rv_t CK_RV; -+typedef ck_object_handle_t CK_OBJECT_HANDLE; -+typedef unsigned long int CK_ULONG; - typedef struct ck_function_list* CK_FUNCTION_LIST_PTR; - typedef struct ck_function_list CK_FUNCTION_LIST; - #endif - - #include "p11-kit/deprecated.h" - -+/* For size_t. */ -+#include -+ - #ifdef __cplusplus - extern "C" { - #endif -diff --color -ruNp a/p11-kit/pkcs11-gnu.c b/p11-kit/pkcs11-gnu.c ---- a/p11-kit/pkcs11-gnu.c 2020-12-11 15:48:46.000000000 +0100 -+++ b/p11-kit/pkcs11-gnu.c 2023-11-29 14:29:45.265555041 +0100 -@@ -1,3 +1,8 @@ -+#include "config.h" -+ -+#include "p11-kit.h" -+#include "pkcs11x.h" -+ - #include "pkcs11-gnu-iter.h" - #include "pkcs11-gnu-pin.h" - #include "pkcs11-gnu-uri.h" -diff --color -ruNp a/p11-kit/rpc-client.c b/p11-kit/rpc-client.c ---- a/p11-kit/rpc-client.c 2020-12-11 15:48:46.000000000 +0100 -+++ b/p11-kit/rpc-client.c 2023-11-29 14:29:45.220554107 +0100 -@@ -570,7 +570,7 @@ proto_read_sesssion_info (p11_rpc_messag - #define IN_BYTE_BUFFER(arr, len) \ - if (len == NULL) \ - { _ret = CKR_ARGUMENTS_BAD; goto _cleanup; } \ -- if (!p11_rpc_message_write_byte_buffer (&_msg, arr ? *len : 0)) \ -+ if (!p11_rpc_message_write_byte_buffer (&_msg, arr ? (*len > 0 ? *len : (uint32_t)-1) : 0)) \ - { _ret = CKR_HOST_MEMORY; goto _cleanup; } - - #define IN_BYTE_ARRAY(arr, len) \ -@@ -1489,8 +1489,6 @@ rpc_C_SignUpdate (CK_X_FUNCTION_LIST *se - CK_BYTE_PTR part, - CK_ULONG part_len) - { -- return_val_if_fail (part_len, CKR_ARGUMENTS_BAD); -- - BEGIN_CALL_OR (C_SignUpdate, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (part, part_len); -diff --color -ruNp a/p11-kit/rpc-message.c b/p11-kit/rpc-message.c ---- a/p11-kit/rpc-message.c 2020-12-11 16:25:36.000000000 +0100 -+++ b/p11-kit/rpc-message.c 2023-11-29 14:29:45.243554584 +0100 -@@ -372,7 +372,7 @@ p11_rpc_message_write_byte_array (p11_rp - assert (!msg->signature || p11_rpc_message_verify_part (msg, "ay")); - - /* No array, no data, just length */ -- if (!arr) { -+ if (!arr && num != 0) { - p11_rpc_buffer_add_byte (msg->output, 0); - p11_rpc_buffer_add_uint32 (msg->output, num); - } else { -@@ -800,6 +800,13 @@ map_attribute_to_value_type (CK_ATTRIBUT - case CKA_RESET_ON_INIT: - case CKA_HAS_RESET: - case CKA_COLOR: -+ case CKA_IBM_RESTRICTABLE: -+ case CKA_IBM_NEVER_MODIFIABLE: -+ case CKA_IBM_RETAINKEY: -+ case CKA_IBM_ATTRBOUND: -+ case CKA_IBM_USE_AS_DATA: -+ case CKA_IBM_PROTKEY_EXTRACTABLE: -+ case CKA_IBM_PROTKEY_NEVER_EXTRACTABLE: - return P11_RPC_VALUE_BYTE; - case CKA_CLASS: - case CKA_CERTIFICATE_TYPE: -@@ -821,9 +828,13 @@ map_attribute_to_value_type (CK_ATTRIBUT - case CKA_CHAR_COLUMNS: - case CKA_BITS_PER_PIXEL: - case CKA_MECHANISM_TYPE: -+ case CKA_IBM_DILITHIUM_KEYFORM: -+ case CKA_IBM_STD_COMPLIANCE1: -+ case CKA_IBM_KEYTYPE: - return P11_RPC_VALUE_ULONG; - case CKA_WRAP_TEMPLATE: - case CKA_UNWRAP_TEMPLATE: -+ case CKA_DERIVE_TEMPLATE: - return P11_RPC_VALUE_ATTRIBUTE_ARRAY; - case CKA_ALLOWED_MECHANISMS: - return P11_RPC_VALUE_MECHANISM_TYPE_ARRAY; -@@ -869,6 +880,18 @@ map_attribute_to_value_type (CK_ATTRIBUT - case CKA_REQUIRED_CMS_ATTRIBUTES: - case CKA_DEFAULT_CMS_ATTRIBUTES: - case CKA_SUPPORTED_CMS_ATTRIBUTES: -+ case CKA_IBM_OPAQUE: -+ case CKA_IBM_CV: -+ case CKA_IBM_MACKEY: -+ case CKA_IBM_STRUCT_PARAMS: -+ case CKA_IBM_OPAQUE_PKEY: -+ case CKA_IBM_DILITHIUM_RHO: -+ case CKA_IBM_DILITHIUM_SEED: -+ case CKA_IBM_DILITHIUM_TR: -+ case CKA_IBM_DILITHIUM_S1: -+ case CKA_IBM_DILITHIUM_S2: -+ case CKA_IBM_DILITHIUM_T0: -+ case CKA_IBM_DILITHIUM_T1: - return P11_RPC_VALUE_BYTE_ARRAY; - } - } -@@ -1406,9 +1429,466 @@ p11_rpc_buffer_get_rsa_pkcs_oaep_mechani - return true; - } - -+void -+p11_rpc_buffer_add_ecdh1_derive_mechanism_value (p11_buffer *buffer, -+ const void *value, -+ CK_ULONG value_length) -+{ -+ CK_ECDH1_DERIVE_PARAMS params; -+ -+ /* Check if value can be converted to CK_ECDH1_DERIVE_PARAMS. */ -+ if (value_length != sizeof (CK_ECDH1_DERIVE_PARAMS)) { -+ p11_buffer_fail (buffer); -+ return; -+ } -+ -+ memcpy (¶ms, value, value_length); -+ -+ /* Check if params.kdf can be converted to uint64_t. */ -+ if (params.kdf > UINT64_MAX) { -+ p11_buffer_fail (buffer); -+ return; -+ } -+ -+ p11_rpc_buffer_add_uint64 (buffer, params.kdf); -+ -+ /* parmas.shared_data can only be an array of CK_BYTE or -+ * NULL */ -+ p11_rpc_buffer_add_byte_array (buffer, -+ (unsigned char *)params.shared_data, -+ params.shared_data_len); -+ -+ /* parmas.public_data can only be an array of CK_BYTE or -+ * NULL */ -+ p11_rpc_buffer_add_byte_array (buffer, -+ (unsigned char *)params.public_data, -+ params.public_data_len); -+} -+ -+bool -+p11_rpc_buffer_get_ecdh1_derive_mechanism_value (p11_buffer *buffer, -+ size_t *offset, -+ void *value, -+ CK_ULONG *value_length) -+{ -+ uint64_t val; -+ const unsigned char *data1, *data2; -+ size_t len1, len2; -+ -+ if (!p11_rpc_buffer_get_uint64 (buffer, offset, &val)) -+ return false; -+ -+ if (!p11_rpc_buffer_get_byte_array (buffer, offset, &data1, &len1)) -+ return false; -+ -+ if (!p11_rpc_buffer_get_byte_array (buffer, offset, &data2, &len2)) -+ return false; -+ -+ -+ if (value) { -+ CK_ECDH1_DERIVE_PARAMS params; -+ -+ params.kdf = val; -+ params.shared_data = (void *) data1; -+ params.shared_data_len = len1; -+ params.public_data = (void *) data2; -+ params.public_data_len = len2; -+ -+ memcpy (value, ¶ms, sizeof (CK_ECDH1_DERIVE_PARAMS)); -+ } -+ -+ if (value_length) -+ *value_length = sizeof (CK_ECDH1_DERIVE_PARAMS); -+ -+ return true; -+} -+ -+void -+p11_rpc_buffer_add_ibm_attrbound_wrap_mechanism_value (p11_buffer *buffer, -+ const void *value, -+ CK_ULONG value_length) -+{ -+ CK_IBM_ATTRIBUTEBOUND_WRAP_PARAMS params; -+ -+ /* Check if value can be converted to CKM_IBM_ATTRIBUTEBOUND_WRAP. */ -+ if (value_length != sizeof (CK_IBM_ATTRIBUTEBOUND_WRAP_PARAMS)) { -+ p11_buffer_fail (buffer); -+ return; -+ } -+ -+ memcpy (¶ms, value, value_length); -+ -+ /* Check if params.hSignVerifyKey can be converted to uint64_t. */ -+ if (params.hSignVerifyKey > UINT64_MAX) { -+ p11_buffer_fail (buffer); -+ return; -+ } -+ -+ p11_rpc_buffer_add_uint64 (buffer, params.hSignVerifyKey); -+} -+ -+bool -+p11_rpc_buffer_get_ibm_attrbound_wrap_mechanism_value (p11_buffer *buffer, -+ size_t *offset, -+ void *value, -+ CK_ULONG *value_length) -+{ -+ uint64_t val; -+ -+ if (!p11_rpc_buffer_get_uint64 (buffer, offset, &val)) -+ return false; -+ -+ if (value) { -+ CK_IBM_ATTRIBUTEBOUND_WRAP_PARAMS params; -+ -+ params.hSignVerifyKey = val; -+ -+ memcpy (value, ¶ms, sizeof (CK_IBM_ATTRIBUTEBOUND_WRAP_PARAMS)); -+ } -+ -+ if (value_length) -+ *value_length = sizeof (CK_IBM_ATTRIBUTEBOUND_WRAP_PARAMS); -+ -+ return true; -+} -+ -+void -+p11_rpc_buffer_add_aes_iv_mechanism_value (p11_buffer *buffer, -+ const void *value, -+ CK_ULONG value_length) -+{ -+ /* Check if value can be converted to an AES IV. */ -+ if (value_length != 16) { -+ p11_buffer_fail (buffer); -+ return; -+ } -+ -+ p11_rpc_buffer_add_byte_array (buffer, -+ (unsigned char *)value, -+ value_length); -+} -+ -+bool -+p11_rpc_buffer_get_aes_iv_mechanism_value (p11_buffer *buffer, -+ size_t *offset, -+ void *value, -+ CK_ULONG *value_length) -+{ -+ const unsigned char *data; -+ size_t len; -+ -+ if (!p11_rpc_buffer_get_byte_array (buffer, offset, &data, &len)) -+ return false; -+ -+ if (len != 16) -+ return false; -+ -+ if (value) -+ memcpy (value, data, len); -+ -+ if (value_length) -+ *value_length = len; -+ -+ return true; -+} -+ -+void -+p11_rpc_buffer_add_aes_ctr_mechanism_value (p11_buffer *buffer, -+ const void *value, -+ CK_ULONG value_length) -+{ -+ CK_AES_CTR_PARAMS params; -+ -+ /* Check if value can be converted to CK_AES_CTR_PARAMS. */ -+ if (value_length != sizeof (CK_AES_CTR_PARAMS)) { -+ p11_buffer_fail (buffer); -+ return; -+ } -+ -+ memcpy (¶ms, value, value_length); -+ -+ /* Check if params.counter_bits can be converted to uint64_t. */ -+ if (params.counter_bits > UINT64_MAX) { -+ p11_buffer_fail (buffer); -+ return; -+ } -+ -+ p11_rpc_buffer_add_uint64 (buffer, params.counter_bits); -+ -+ p11_rpc_buffer_add_byte_array (buffer, -+ (unsigned char *)params.cb, -+ sizeof(params.cb)); -+} -+ -+bool -+p11_rpc_buffer_get_aes_ctr_mechanism_value (p11_buffer *buffer, -+ size_t *offset, -+ void *value, -+ CK_ULONG *value_length) -+{ -+ uint64_t val; -+ const unsigned char *data; -+ size_t len; -+ -+ if (!p11_rpc_buffer_get_uint64 (buffer, offset, &val)) -+ return false; -+ if (!p11_rpc_buffer_get_byte_array (buffer, offset, &data, &len)) -+ return false; -+ -+ if (value) { -+ CK_AES_CTR_PARAMS params; -+ -+ params.ulCounterBits = val; -+ -+ if (len != sizeof (params.cb)) -+ return false; -+ -+ memcpy (params.cb, data, sizeof (params.cb)); -+ memcpy (value, ¶ms, sizeof (CK_AES_CTR_PARAMS)); -+ } -+ -+ if (value_length) -+ *value_length = sizeof (CK_AES_CTR_PARAMS); -+ -+ return true; -+} -+ -+void -+p11_rpc_buffer_add_aes_gcm_mechanism_value (p11_buffer *buffer, -+ const void *value, -+ CK_ULONG value_length) -+{ -+ CK_GCM_PARAMS params; -+ -+ /* Check if value can be converted to CK_GCM_PARAMS. */ -+ if (value_length != sizeof (CK_GCM_PARAMS)) { -+ p11_buffer_fail (buffer); -+ return; -+ } -+ -+ memcpy (¶ms, value, value_length); -+ -+ /* Check if params.ulTagBits/ulIvBits can be converted to uint64_t. */ -+ if (params.ulTagBits > UINT64_MAX || params.ulIvBits > UINT64_MAX) { -+ p11_buffer_fail (buffer); -+ return; -+ } -+ -+ p11_rpc_buffer_add_byte_array (buffer, -+ (unsigned char *)params.pIv, -+ params.ulIvLen); -+ p11_rpc_buffer_add_uint64 (buffer, params.ulIvBits); -+ p11_rpc_buffer_add_byte_array (buffer, -+ (unsigned char *)params.pAAD, -+ params.ulAADLen); -+ p11_rpc_buffer_add_uint64 (buffer, params.ulTagBits); -+} -+ -+bool -+p11_rpc_buffer_get_aes_gcm_mechanism_value (p11_buffer *buffer, -+ size_t *offset, -+ void *value, -+ CK_ULONG *value_length) -+{ -+ uint64_t val1, val2; -+ const unsigned char *data1, *data2; -+ size_t len1, len2; -+ -+ if (!p11_rpc_buffer_get_byte_array (buffer, offset, &data1, &len1)) -+ return false; -+ if (!p11_rpc_buffer_get_uint64 (buffer, offset, &val1)) -+ return false; -+ if (!p11_rpc_buffer_get_byte_array (buffer, offset, &data2, &len2)) -+ return false; -+ if (!p11_rpc_buffer_get_uint64 (buffer, offset, &val2)) -+ return false; -+ -+ if (value) { -+ CK_GCM_PARAMS params; -+ -+ params.pIv = (void *) data1; -+ params.ulIvLen = len1; -+ params.ulIvBits = val1; -+ params.pAAD = (void *) data2; -+ params.ulAADLen = len2; -+ params.ulTagBits = val2; -+ -+ memcpy (value, ¶ms, sizeof (CK_GCM_PARAMS)); -+ } -+ -+ if (value_length) -+ *value_length = sizeof (CK_GCM_PARAMS); -+ -+ return true; -+} -+ -+void -+p11_rpc_buffer_add_des_iv_mechanism_value (p11_buffer *buffer, -+ const void *value, -+ CK_ULONG value_length) -+{ -+ /* Check if value can be converted to an DES IV. */ -+ if (value_length != 8) { -+ p11_buffer_fail (buffer); -+ return; -+ } -+ -+ p11_rpc_buffer_add_byte_array (buffer, -+ (unsigned char *)value, -+ value_length); -+} -+ -+bool -+p11_rpc_buffer_get_des_iv_mechanism_value (p11_buffer *buffer, -+ size_t *offset, -+ void *value, -+ CK_ULONG *value_length) -+{ -+ const unsigned char *data; -+ size_t len; -+ -+ if (!p11_rpc_buffer_get_byte_array (buffer, offset, &data, &len)) -+ return false; -+ -+ if (len != 8) -+ return false; -+ -+ if (value) -+ memcpy (value, data, len); -+ -+ if (value_length) -+ *value_length = len; -+ -+ return true; -+} -+ -+void -+p11_rpc_buffer_add_mac_general_mechanism_value (p11_buffer *buffer, -+ const void *value, -+ CK_ULONG value_length) -+{ -+ CK_ULONG val; -+ uint64_t params; -+ -+ /* -+ * Check if value can be converted to an CK_MAC_GENERAL_PARAMS which -+ * is a CK_ULONG. -+ */ -+ if (value_length != sizeof (CK_ULONG)) { -+ p11_buffer_fail (buffer); -+ return; -+ } -+ -+ memcpy (&val, value, value_length); -+ params = val; -+ -+ p11_rpc_buffer_add_uint64 (buffer, params); -+} -+ -+bool -+p11_rpc_buffer_get_mac_general_mechanism_value (p11_buffer *buffer, -+ size_t *offset, -+ void *value, -+ CK_ULONG *value_length) -+{ -+ uint64_t val; -+ CK_ULONG params; -+ -+ if (!p11_rpc_buffer_get_uint64 (buffer, offset, &val)) -+ return false; -+ -+ params = val; -+ -+ if (value) -+ memcpy (value, ¶ms, sizeof (params)); -+ -+ if (value_length) -+ *value_length = sizeof (params); -+ -+ return true; -+} -+ -+void -+p11_rpc_buffer_add_dh_pkcs_derive_mechanism_value (p11_buffer *buffer, -+ const void *value, -+ CK_ULONG value_length) -+{ -+ /* Mechanism parameter is public value of the other party */ -+ if (value_length == 0) { -+ p11_buffer_fail (buffer); -+ return; -+ } -+ -+ p11_rpc_buffer_add_byte_array (buffer, -+ (unsigned char *)value, -+ value_length); -+} -+ -+bool -+p11_rpc_buffer_get_dh_pkcs_derive_mechanism_value (p11_buffer *buffer, -+ size_t *offset, -+ void *value, -+ CK_ULONG *value_length) -+{ -+ const unsigned char *data; -+ size_t len; -+ -+ if (!p11_rpc_buffer_get_byte_array (buffer, offset, &data, &len)) -+ return false; -+ -+ if (len == 0) -+ return false; -+ -+ if (value) -+ memcpy (value, data, len); -+ -+ if (value_length) -+ *value_length = len; -+ -+ return true; -+} -+ - static p11_rpc_mechanism_serializer p11_rpc_mechanism_serializers[] = { - { CKM_RSA_PKCS_PSS, p11_rpc_buffer_add_rsa_pkcs_pss_mechanism_value, p11_rpc_buffer_get_rsa_pkcs_pss_mechanism_value }, -- { CKM_RSA_PKCS_OAEP, p11_rpc_buffer_add_rsa_pkcs_oaep_mechanism_value, p11_rpc_buffer_get_rsa_pkcs_oaep_mechanism_value } -+ { CKM_SHA1_RSA_PKCS_PSS, p11_rpc_buffer_add_rsa_pkcs_pss_mechanism_value, p11_rpc_buffer_get_rsa_pkcs_pss_mechanism_value }, -+ { CKM_SHA224_RSA_PKCS_PSS, p11_rpc_buffer_add_rsa_pkcs_pss_mechanism_value, p11_rpc_buffer_get_rsa_pkcs_pss_mechanism_value }, -+ { CKM_SHA256_RSA_PKCS_PSS, p11_rpc_buffer_add_rsa_pkcs_pss_mechanism_value, p11_rpc_buffer_get_rsa_pkcs_pss_mechanism_value }, -+ { CKM_SHA384_RSA_PKCS_PSS, p11_rpc_buffer_add_rsa_pkcs_pss_mechanism_value, p11_rpc_buffer_get_rsa_pkcs_pss_mechanism_value }, -+ { CKM_SHA512_RSA_PKCS_PSS, p11_rpc_buffer_add_rsa_pkcs_pss_mechanism_value, p11_rpc_buffer_get_rsa_pkcs_pss_mechanism_value }, -+ { CKM_RSA_PKCS_OAEP, p11_rpc_buffer_add_rsa_pkcs_oaep_mechanism_value, p11_rpc_buffer_get_rsa_pkcs_oaep_mechanism_value }, -+ { CKM_ECDH1_DERIVE, p11_rpc_buffer_add_ecdh1_derive_mechanism_value, p11_rpc_buffer_get_ecdh1_derive_mechanism_value }, -+ { CKM_IBM_ATTRIBUTEBOUND_WRAP, p11_rpc_buffer_add_ibm_attrbound_wrap_mechanism_value, p11_rpc_buffer_get_ibm_attrbound_wrap_mechanism_value }, -+ { CKM_IBM_EC_X25519, p11_rpc_buffer_add_ecdh1_derive_mechanism_value, p11_rpc_buffer_get_ecdh1_derive_mechanism_value }, -+ { CKM_IBM_EC_X448, p11_rpc_buffer_add_ecdh1_derive_mechanism_value, p11_rpc_buffer_get_ecdh1_derive_mechanism_value }, -+ { CKM_AES_CBC, p11_rpc_buffer_add_aes_iv_mechanism_value, p11_rpc_buffer_get_aes_iv_mechanism_value }, -+ { CKM_AES_CBC_PAD, p11_rpc_buffer_add_aes_iv_mechanism_value, p11_rpc_buffer_get_aes_iv_mechanism_value }, -+ { CKM_AES_OFB, p11_rpc_buffer_add_aes_iv_mechanism_value, p11_rpc_buffer_get_aes_iv_mechanism_value }, -+ { CKM_AES_CFB1, p11_rpc_buffer_add_aes_iv_mechanism_value, p11_rpc_buffer_get_aes_iv_mechanism_value }, -+ { CKM_AES_CFB8, p11_rpc_buffer_add_aes_iv_mechanism_value, p11_rpc_buffer_get_aes_iv_mechanism_value }, -+ { CKM_AES_CFB64, p11_rpc_buffer_add_aes_iv_mechanism_value, p11_rpc_buffer_get_aes_iv_mechanism_value }, -+ { CKM_AES_CFB128, p11_rpc_buffer_add_aes_iv_mechanism_value, p11_rpc_buffer_get_aes_iv_mechanism_value }, -+ { CKM_AES_CTS, p11_rpc_buffer_add_aes_iv_mechanism_value, p11_rpc_buffer_get_aes_iv_mechanism_value }, -+ { CKM_AES_CTR, p11_rpc_buffer_add_aes_ctr_mechanism_value, p11_rpc_buffer_get_aes_ctr_mechanism_value }, -+ { CKM_AES_GCM, p11_rpc_buffer_add_aes_gcm_mechanism_value, p11_rpc_buffer_get_aes_gcm_mechanism_value }, -+ { CKM_DES_CBC, p11_rpc_buffer_add_des_iv_mechanism_value, p11_rpc_buffer_get_des_iv_mechanism_value }, -+ { CKM_DES_CBC_PAD, p11_rpc_buffer_add_des_iv_mechanism_value, p11_rpc_buffer_get_des_iv_mechanism_value }, -+ { CKM_DES3_CBC, p11_rpc_buffer_add_des_iv_mechanism_value, p11_rpc_buffer_get_des_iv_mechanism_value }, -+ { CKM_DES3_CBC_PAD, p11_rpc_buffer_add_des_iv_mechanism_value, p11_rpc_buffer_get_des_iv_mechanism_value }, -+ { CKM_DES_CFB8, p11_rpc_buffer_add_des_iv_mechanism_value, p11_rpc_buffer_get_des_iv_mechanism_value }, -+ { CKM_DES_CFB64, p11_rpc_buffer_add_des_iv_mechanism_value, p11_rpc_buffer_get_des_iv_mechanism_value }, -+ { CKM_DES_OFB64, p11_rpc_buffer_add_des_iv_mechanism_value, p11_rpc_buffer_get_des_iv_mechanism_value }, -+ { CKM_SHA_1_HMAC_GENERAL, p11_rpc_buffer_add_mac_general_mechanism_value, p11_rpc_buffer_get_mac_general_mechanism_value }, -+ { CKM_SHA224_HMAC_GENERAL, p11_rpc_buffer_add_mac_general_mechanism_value, p11_rpc_buffer_get_mac_general_mechanism_value }, -+ { CKM_SHA256_HMAC_GENERAL, p11_rpc_buffer_add_mac_general_mechanism_value, p11_rpc_buffer_get_mac_general_mechanism_value }, -+ { CKM_SHA384_HMAC_GENERAL, p11_rpc_buffer_add_mac_general_mechanism_value, p11_rpc_buffer_get_mac_general_mechanism_value }, -+ { CKM_SHA512_HMAC_GENERAL, p11_rpc_buffer_add_mac_general_mechanism_value, p11_rpc_buffer_get_mac_general_mechanism_value }, -+ { CKM_SHA512_224_HMAC_GENERAL, p11_rpc_buffer_add_mac_general_mechanism_value, p11_rpc_buffer_get_mac_general_mechanism_value }, -+ { CKM_SHA512_256_HMAC_GENERAL, p11_rpc_buffer_add_mac_general_mechanism_value, p11_rpc_buffer_get_mac_general_mechanism_value }, -+ { CKM_AES_MAC_GENERAL, p11_rpc_buffer_add_mac_general_mechanism_value, p11_rpc_buffer_get_mac_general_mechanism_value }, -+ { CKM_AES_CMAC_GENERAL, p11_rpc_buffer_add_mac_general_mechanism_value, p11_rpc_buffer_get_mac_general_mechanism_value }, -+ { CKM_DES3_MAC_GENERAL, p11_rpc_buffer_add_mac_general_mechanism_value, p11_rpc_buffer_get_mac_general_mechanism_value }, -+ { CKM_DES3_CMAC_GENERAL, p11_rpc_buffer_add_mac_general_mechanism_value, p11_rpc_buffer_get_mac_general_mechanism_value }, -+ { CKM_DH_PKCS_DERIVE, p11_rpc_buffer_add_dh_pkcs_derive_mechanism_value, p11_rpc_buffer_get_dh_pkcs_derive_mechanism_value }, - }; - - static p11_rpc_mechanism_serializer p11_rpc_byte_array_mechanism_serializer = { -@@ -1453,6 +1933,7 @@ mechanism_has_no_parameters (CK_MECHANIS - case CKM_MD2_RSA_PKCS: - case CKM_MD5_RSA_PKCS: - case CKM_SHA1_RSA_PKCS: -+ case CKM_SHA224_RSA_PKCS: - case CKM_SHA256_RSA_PKCS: - case CKM_SHA384_RSA_PKCS: - case CKM_SHA512_RSA_PKCS: -@@ -1467,6 +1948,10 @@ mechanism_has_no_parameters (CK_MECHANIS - case CKM_EC_KEY_PAIR_GEN: - case CKM_ECDSA: - case CKM_ECDSA_SHA1: -+ case CKM_ECDSA_SHA224: -+ case CKM_ECDSA_SHA256: -+ case CKM_ECDSA_SHA384: -+ case CKM_ECDSA_SHA512: - case CKM_DH_PKCS_KEY_PAIR_GEN: - case CKM_DH_PKCS_PARAMETER_GEN: - case CKM_X9_42_DH_KEY_PAIR_GEN: -@@ -1480,6 +1965,7 @@ mechanism_has_no_parameters (CK_MECHANIS - case CKM_AES_KEY_GEN: - case CKM_AES_ECB: - case CKM_AES_MAC: -+ case CKM_AES_CMAC: - case CKM_DES_KEY_GEN: - case CKM_DES2_KEY_GEN: - case CKM_DES3_KEY_GEN: -@@ -1505,6 +1991,7 @@ mechanism_has_no_parameters (CK_MECHANIS - case CKM_RC2_MAC: - case CKM_DES_MAC: - case CKM_DES3_MAC: -+ case CKM_DES3_CMAC: - case CKM_CDMF_MAC: - case CKM_CAST_MAC: - case CKM_CAST3_MAC: -@@ -1521,18 +2008,46 @@ mechanism_has_no_parameters (CK_MECHANIS - case CKM_MD5_HMAC: - case CKM_SHA_1: - case CKM_SHA_1_HMAC: -+ case CKM_SHA1_KEY_DERIVATION: -+ case CKM_SHA224: -+ case CKM_SHA224_HMAC: -+ case CKM_SHA224_KEY_DERIVATION: - case CKM_SHA256: - case CKM_SHA256_HMAC: -+ case CKM_SHA256_KEY_DERIVATION: - case CKM_SHA384: - case CKM_SHA384_HMAC: -+ case CKM_SHA384_KEY_DERIVATION: - case CKM_SHA512: - case CKM_SHA512_HMAC: -+ case CKM_SHA512_KEY_DERIVATION: -+ case CKM_SHA512_T: -+ case CKM_SHA512_T_HMAC: -+ case CKM_SHA512_T_KEY_DERIVATION: -+ case CKM_SHA512_224: -+ case CKM_SHA512_224_HMAC: -+ case CKM_SHA512_224_KEY_DERIVATION: -+ case CKM_SHA512_256: -+ case CKM_SHA512_256_HMAC: -+ case CKM_SHA512_256_KEY_DERIVATION: - case CKM_FASTHASH: - case CKM_RIPEMD128: - case CKM_RIPEMD128_HMAC: - case CKM_RIPEMD160: - case CKM_RIPEMD160_HMAC: - case CKM_KEY_WRAP_LYNKS: -+ case CKM_IBM_SHA3_224: -+ case CKM_IBM_SHA3_256: -+ case CKM_IBM_SHA3_384: -+ case CKM_IBM_SHA3_512: -+ case CKM_IBM_CMAC: -+ case CKM_IBM_DILITHIUM: -+ case CKM_IBM_SHA3_224_HMAC: -+ case CKM_IBM_SHA3_256_HMAC: -+ case CKM_IBM_SHA3_384_HMAC: -+ case CKM_IBM_SHA3_512_HMAC: -+ case CKM_IBM_ED25519_SHA512: -+ case CKM_IBM_ED448_SHA3: - return true; - default: - return false; -diff --color -ruNp a/p11-kit/rpc-message.h b/p11-kit/rpc-message.h ---- a/p11-kit/rpc-message.h 2020-12-11 16:25:36.000000000 +0100 -+++ b/p11-kit/rpc-message.h 2023-11-29 14:29:45.243554584 +0100 -@@ -42,6 +42,7 @@ - - #include "buffer.h" - #include "pkcs11.h" -+#include "pkcs11x.h" - - /* The calls, must be in sync with array below */ - enum { -@@ -478,5 +479,85 @@ bool p11_rpc_buffer_get_rsa_ - size_t *offset, - void *value, - CK_ULONG *value_length); -+ -+void p11_rpc_buffer_add_ecdh1_derive_mechanism_value -+ (p11_buffer *buffer, -+ const void *value, -+ CK_ULONG value_length); -+ -+bool p11_rpc_buffer_get_ecdh1_derive_mechanism_value -+ (p11_buffer *buffer, -+ size_t *offset, -+ void *value, -+ CK_ULONG *value_length); -+ -+void p11_rpc_buffer_add_ibm_attrbound_wrap_mechanism_value -+ (p11_buffer *buffer, -+ const void *value, -+ CK_ULONG value_length); -+ -+bool p11_rpc_buffer_get_ibm_attrbound_wrap_mechanism_value -+ (p11_buffer *buffer, -+ size_t *offset, -+ void *value, -+ CK_ULONG *value_length); -+ -+void p11_rpc_buffer_add_aes_iv_mechanism_value (p11_buffer *buffer, -+ const void *value, -+ CK_ULONG value_length); -+ -+bool p11_rpc_buffer_get_aes_iv_mechanism_value (p11_buffer *buffer, -+ size_t *offset, -+ void *value, -+ CK_ULONG *value_length); -+ -+void p11_rpc_buffer_add_aes_ctr_mechanism_value (p11_buffer *buffer, -+ const void *value, -+ CK_ULONG value_length); -+ -+bool p11_rpc_buffer_get_aes_ctr_mechanism_value (p11_buffer *buffer, -+ size_t *offset, -+ void *value, -+ CK_ULONG *value_length); -+ -+void p11_rpc_buffer_add_aes_gcm_mechanism_value (p11_buffer *buffer, -+ const void *value, -+ CK_ULONG value_length); -+ -+bool p11_rpc_buffer_get_aes_gcm_mechanism_value (p11_buffer *buffer, -+ size_t *offset, -+ void *value, -+ CK_ULONG *value_length); -+ -+void p11_rpc_buffer_add_des_iv_mechanism_value (p11_buffer *buffer, -+ const void *value, -+ CK_ULONG value_length); -+ -+bool p11_rpc_buffer_get_des_iv_mechanism_value (p11_buffer *buffer, -+ size_t *offset, -+ void *value, -+ CK_ULONG *value_length); -+ -+void p11_rpc_buffer_add_mac_general_mechanism_value -+ (p11_buffer *buffer, -+ const void *value, -+ CK_ULONG value_length); -+ -+bool p11_rpc_buffer_get_mac_general_mechanism_value -+ (p11_buffer *buffer, -+ size_t *offset, -+ void *value, -+ CK_ULONG *value_length); -+ -+void p11_rpc_buffer_add_dh_pkcs_derive_mechanism_value -+ (p11_buffer *buffer, -+ const void *value, -+ CK_ULONG value_length); -+ -+bool p11_rpc_buffer_get_dh_pkcs_derive_mechanism_value -+ (p11_buffer *buffer, -+ size_t *offset, -+ void *value, -+ CK_ULONG *value_length); - - #endif /* _RPC_MESSAGE_H */ -diff --color -ruNp a/p11-kit/rpc-server.c b/p11-kit/rpc-server.c ---- a/p11-kit/rpc-server.c 2020-12-11 16:25:36.000000000 +0100 -+++ b/p11-kit/rpc-server.c 2023-11-29 14:29:45.221554128 +0100 -@@ -84,6 +84,12 @@ proto_read_byte_buffer (p11_rpc_message - *n_buffer = length; - *buffer = NULL; - -+ /* length = -1 indicates length = 0, but buffer not NULL */ -+ if (length == (uint32_t)-1) { -+ *n_buffer = 0; -+ length = 1; /*allocate 1 dummy byte */ -+ } -+ - /* If set to zero, then they just want the length */ - if (length == 0) - return CKR_OK; diff --git a/p11-kit-0.25.5-trust-file-length.patch b/p11-kit-0.25.5-trust-file-length.patch new file mode 100644 index 0000000..d84f858 --- /dev/null +++ b/p11-kit-0.25.5-trust-file-length.patch @@ -0,0 +1,73 @@ +From a8b94642dbe6d52aa7a7805fbb60b64c4cfd7245 Mon Sep 17 00:00:00 2001 +From: Zoltan Fridrich +Date: Thu, 3 Oct 2024 11:34:14 +0200 +Subject: [PATCH] trust: don't create file names longer then 255 + +Signed-off-by: Zoltan Fridrich +--- + trust/save.c | 19 ++++++++++++++++--- + 1 file changed, 16 insertions(+), 3 deletions(-) + +diff --git a/trust/save.c b/trust/save.c +index 057a9c5e3..acabcbf6d 100644 +--- a/trust/save.c ++++ b/trust/save.c +@@ -61,6 +61,8 @@ + #define O_DIRECTORY 0 + #endif + ++#define MAX_FILE_NAME 255 ++ + struct _p11_save_file { + char *bare; + char *extension; +@@ -414,12 +416,23 @@ make_unique_name (const char *bare, + p11_buffer buf; + int ret; + int i; ++ int bare_len, ext_len, diff; + + assert (bare != NULL); + assert (check != NULL); + + p11_buffer_init_null (&buf, 0); + ++ /* ++ * Make sure the name will not be longer then MAX_FILE_NAME ++ */ ++ bare_len = strlen (bare); ++ ext_len = extension ? strlen (extension) : 0; ++ diff = bare_len + ext_len + sizeof (unique) - MAX_FILE_NAME; ++ if (diff > 0) ++ bare_len -= diff; ++ return_val_if_fail (bare_len > 0, NULL); ++ + for (i = 0; true; i++) { + + p11_buffer_reset (&buf, 64); +@@ -431,7 +444,7 @@ make_unique_name (const char *bare, + * provided by the caller. + */ + case 0: +- p11_buffer_add (&buf, bare, -1); ++ p11_buffer_add (&buf, bare, bare_len); + break; + + /* +@@ -448,14 +461,14 @@ make_unique_name (const char *bare, + /* fall through */ + + default: +- p11_buffer_add (&buf, bare, -1); ++ p11_buffer_add (&buf, bare, bare_len); + snprintf (unique, sizeof (unique), ".%d", i); + p11_buffer_add (&buf, unique, -1); + break; + } + + if (extension) +- p11_buffer_add (&buf, extension, -1); ++ p11_buffer_add (&buf, extension, ext_len); + + return_val_if_fail (p11_buffer_ok (&buf), NULL); + diff --git a/SOURCES/p11-kit-client.service b/p11-kit-client.service similarity index 100% rename from SOURCES/p11-kit-client.service rename to p11-kit-client.service diff --git a/SPECS/p11-kit.spec b/p11-kit.spec similarity index 57% rename from SPECS/p11-kit.spec rename to p11-kit.spec index b842443..0fa4cde 100644 --- a/SPECS/p11-kit.spec +++ b/p11-kit.spec @@ -1,6 +1,16 @@ +## START: Set by rpmautospec +## (rpmautospec version 0.6.5) +## RPMAUTOSPEC: autorelease, autochangelog +%define autorelease(e:s:pb:n) %{?-p:0.}%{lua: + release_number = 7; + base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}")); + print(release_number + base_release_number - 1); +}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}} +## END: Set by rpmautospec + # This spec file has been automatically updated -Version: 0.23.22 -Release: 2%{?dist} +Version: 0.25.5 +Release: %{?autorelease}%{!?autorelease:1%{?dist}} Name: p11-kit Summary: Library for loading and sharing PKCS#11 modules @@ -8,19 +18,14 @@ License: BSD-3-Clause URL: http://p11-glue.freedesktop.org/p11-kit.html Source0: https://github.com/p11-glue/p11-kit/releases/download/%{version}/p11-kit-%{version}.tar.xz Source1: https://github.com/p11-glue/p11-kit/releases/download/%{version}/p11-kit-%{version}.tar.xz.sig -Source2: gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg +Source2: https://p11-glue.github.io/p11-glue/p11-kit/p11-kit-release-keyring.gpg Source3: trust-extract-compat Source4: p11-kit-client.service -Patch0: 001-dt-needed.patch -Patch1: 002-doc-dep.patch -# commits: 4059f17, d07a8ff, 218e971, c4ade85, 242e5db, ac0da82, 7235af6, -# b72aa47, 506b941, 3c0be1d, 7ea5901, 7675f86, d1782b6 -Patch2: 003-IBM-mechs-and-attrs.patch +Patch: p11-kit-0.25.5-trust-file-length.patch BuildRequires: gcc BuildRequires: libtasn1-devel >= 2.3 -BuildRequires: libtasn1-tools BuildRequires: libffi-devel BuildRequires: gettext BuildRequires: gtk-doc @@ -159,44 +164,209 @@ fi %changelog -* Fri Dec 01 2023 Zoltan Fridrich - 0.23.22-2 -- Add IBM specific mechanisms and attributes - Resolves: RHEL-10571 +## START: Generated by rpmautospec +* Fri Nov 01 2024 Miluse Bezo Konecna - 0.25.5-7 +- fix typo in ci.fmf -* Mon Jan 11 2021 Daiki Ueno - 0.23.22-1 -- Rebase to 0.23.22 to fix memory safety issues (CVE-2020-29361, CVE-2020-29362, and CVE-2020-29363) -- Preserve DT_NEEDED information from the previous version, flagged by rpmdiff -- Add xsltproc to BR +* Tue Oct 29 2024 Troy Dawson - 0.25.5-6 +- Bump release for October 2024 mass rebuild: -* Tue Nov 10 2020 Daiki Ueno - 0.23.21-4 -- Fix realloc usage on proxy cleanup (#1894979) -- Make 'trust anchor --store' preserve all attributes from .p11-kit files +* Fri Oct 25 2024 Zoltan Fridrich - 0.25.5-5 +- Fix regression in trust where file creation fails for long cert labels -* Tue Nov 3 2020 Daiki Ueno - 0.23.21-3 -- Restore clobbered changelog entry +* Tue Jul 30 2024 Miluse Bezo Konecna - 0.25.5-4 +- Fix gating.yaml -* Mon Nov 2 2020 Daiki Ueno - 0.23.21-2 -- Update p11-kit-invalid-config.patch to be more thorough (thanks to - Alexander Sosedkin) +* Fri Jul 19 2024 Miluse Bezo Konecna - 0.25.5-3 +- add gating RHEL-10 -* Tue Oct 20 2020 Daiki Ueno - 0.23.21-1 -- Update to upstream 0.23.21 release +* Thu Jul 11 2024 Zoltan Fridrich - 0.25.5-2 +- Add gating.yaml -* Fri Mar 29 2019 Daiki Ueno - 0.23.14-5 -- Fix crash on unloading the library, when it is both linked and dlopen'ed +* Wed Jul 10 2024 Zoltan Fridrich - 0.25.5-1 +- Rebase to 0.25.5 -* Mon Oct 29 2018 Daiki Ueno - 0.23.14-4 -- Prefer fixed closures to libffi closures +* Mon Jun 24 2024 Troy Dawson - 0.25.3-9 +- Bump release for June 2024 mass rebuild -* Wed Oct 17 2018 Daiki Ueno - 0.23.14-3 -- Update p11-kit-coverity.patch +* Tue May 28 2024 Zoltan Fridrich - 0.25.3-8 +- Remove tests and packit from repo -* Tue Oct 16 2018 Daiki Ueno - 0.23.14-2 -- Fix issues spotted by coverity +* Tue May 21 2024 Zoltan Fridrich - 0.25.3-7 +- Fix a bug where eddsa mechanism isnt recognized in generate-keypair -* Wed Oct 10 2018 Daiki Ueno - 0.23.14-1 +* Tue May 21 2024 Zoltan Fridrich - 0.25.3-6 +- Fix issues found by static analysis + +* Tue May 21 2024 Zoltan Fridrich - 0.25.3-5 +- Fix usage message in p11-kit list-tokens command + +* Wed Jan 31 2024 Daiki Ueno - 0.25.3-4 +- import-object: Avoid integer truncation on 32-bit platforms + +* Thu Jan 25 2024 Fedora Release Engineering - 0.25.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Sun Jan 21 2024 Fedora Release Engineering - 0.25.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Wed Nov 15 2023 Packit - 0.25.3-1 +- [packit] 0.25.3 upstream release + +* Wed Nov 08 2023 Zoltan Fridrich - 0.25.2-2 +- Replace "black list" with "blocklist" in package description + +* Tue Oct 31 2023 Packit - 0.25.2-1 +- [packit] 0.25.2 upstream release + +* Thu Oct 26 2023 Packit - 0.25.1-1 +- [packit] 0.25.1 upstream release + +* Thu Aug 24 2023 Daiki Ueno - 0.25.0-3 +- Migrate License field to SPDX license identifier + +* Fri Jul 14 2023 Packit - 0.25.0-1 +- [packit] 0.25.0 upstream release + +* Thu Jan 19 2023 Fedora Release Engineering - 0.24.1-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Mon Dec 12 2022 Florian Weimer - 0.24.1-5 +- Port meson build script to C99 + +* Fri Jul 22 2022 Fedora Release Engineering - 0.24.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Thu Jan 20 2022 Fedora Release Engineering - 0.24.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Mon Jan 17 2022 Packit Service - 0.24.1-1 +- Release 0.24.1 (Daiki Ueno) +- common: Support copying attribute array recursively (Daiki Ueno) +- common: Add assert_ptr_cmp (Daiki Ueno) +- gtkdoc: remove dependencies on custom target files (Eli Schwartz) +- doc: Replace occurrence of black list with blocklist (Daiki Ueno) +- build: Suppress cppcheck false-positive on array bounds (Daiki Ueno) +- ci: Use Docker image from the same repository (Daiki Ueno) +- ci: Integrate Docker image building to GitHub workflow (Daiki Ueno) +- rpc: Fallback to version 0 if server does not support negotiation (Daiki Ueno) +- build: Port e850e03be65ed573d0b69ee0408e776c08fad8a3 to meson (Daiki Ueno) +- Link libp11-kit so that it cannot unload (Emmanuel Dreyfus) +- trust: Use dngettext for plurals (Daiki Ueno) +- rpc: Support protocol version negotiation (Daiki Ueno) +- rpc: Separate authentication step from transaction (Daiki Ueno) +- Meson: p11_system_config_modules instead of p11_package_config_modules (Issam E. Maghni) +- shell: test -a|o is not POSIX (Issam E. Maghni) +- Meson: Add libtasn1 to trust programs (Issam E. Maghni) +- meson: optionalise glib's development files for gtk_doc (Đoàn Trần Công Danh) + +* Sat Jan 08 2022 Miro Hrončok - 0.23.22-5 +- Rebuilt for https://fedoraproject.org/wiki/Changes/LIBFFI34 + +* Thu Jul 22 2021 Fedora Release Engineering - 0.23.22-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Tue Jan 26 2021 Daiki Ueno - 0.23.22-3 +- Suppress intentional memleak in getprogname emulation (#1905581) + +* Tue Jan 26 2021 Fedora Release Engineering - 0.23.22-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Fri Dec 11 2020 Packit Service - 0.23.22-1 +- Release 0.23.22 (Daiki Ueno) +- Follow-up to arithmetic overflow fix (David Cook) +- Check for arithmetic overflows before allocating (David Cook) +- Check attribute length against buffer size (David Cook) +- Fix bounds check in p11_rpc_buffer_get_byte_array (David Cook) +- Fix buffer overflow in log_token_info (David Cook) +- common: Don't assume __STDC_VERSION__ is always defined (Daiki Ueno) +- compat: getauxval: correct compiler macro for FreeBSD (Daiki Ueno) +- compat: fdwalk: add guard for Linux specific local variables (Daiki Ueno) +- meson: Add missing libtasn1 dependency (Daiki Ueno) +- travis: Add freebsd build (Daiki Ueno) +- anchor: Prefer persistent format when storing anchor (Daiki Ueno) +- travis: Run "make check" along with "make distcheck" for coverage (Daiki Ueno) +- travis: Use python3 as the default Python interpreter (Daiki Ueno) +- travis: Route to Ubuntu 20.04 base image (Daiki Ueno) +- meson: Set -fstack-protector for MinGW64 cross build (Daiki Ueno) +- meson: expand ternary operator in function call for compatibility (Daiki Ueno) +- meson: Use custom_target for generating external XML entities (Daiki Ueno) +- meson: Allow building manpages without gtk-doc (Jan Alexander Steffens (heftig)) +- Rename is_path_component to is_path_separator (Alexander Sosedkin) +- Use is_path_component in one more place (Alexander Sosedkin) +- Remove more duplicate separators in p11_path_build (Alexander Sosedkin) +- common: Fix infloop in p11_path_build (Daiki Ueno) +- proxy: C_CloseAllSessions: Make sure that calloc args are non-zero (Daiki Ueno) +- build: Use calloc in a consistent manner (Daiki Ueno) +- meson: Allow override of default bashcompdir. Fixes meson regression (issue #322). Pass -Dbashcompdir=/xxx to meson. (John Hein) +- common: Check for a NULL locale before freeing it (Tavian Barnes) +- p11_test_copy_setgid: Skip setgid tests on nosuid filesystems (Anders Kaseorg) +- unix-peer: replace incorrect include1 (Rosen Penev) +- test-compat: Skip getprogname test if BUILDDIR contains a symlink (Daiki Ueno) +- add trust-extract-compat into EXTRA-DIST (Xℹ Ruoyao) +- meson: install trust-extract-compat (Xℹ Ruoyao) +- rename trust-extract-compat.in to trust-extract-compat (Xℹ Ruoyao) + +* Thu Nov 12 2020 Alexander Sosedkin - 0.23.21-3 +- Add an explicit build dependency on xsltproc + +* Tue Aug 18 2020 Packit Service - 0.23.21-2 +- new upstream release: 0.23.21 + +* Tue Jul 28 2020 Fedora Release Engineering - 0.23.20-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jan 29 2020 Daiki Ueno - 0.23.20-1 +- Update to upstream 0.23.20 release + +* Wed Jan 22 2020 Daiki Ueno - 0.23.19-1 +- Update to upstream 0.23.19 release +- Check archive signature in %%prep +- Switch to using Meson as the build system + +* Mon Sep 30 2019 Daiki Ueno - 0.23.18.1-1 +- Update to upstream 0.23.18.1 release + +* Thu Jul 25 2019 Fedora Release Engineering - 0.23.16.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Thu May 23 2019 Daiki Ueno - 0.23.16.1-1 +- Update to upstream 0.23.16.1 release + +* Thu May 23 2019 Daiki Ueno - 0.23.16-1 +- Update to upstream 0.23.16 release + +* Mon Feb 18 2019 Daiki Ueno - 0.23.15-3 +- trust: Ignore unreadable content in anchors + +* Fri Feb 01 2019 Fedora Release Engineering - 0.23.15-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Mon Jan 21 2019 Daiki Ueno - 0.23.15-1 +- Update to upstream 0.23.15 release + +* Fri Jan 11 2019 Nils Philippsen - 0.23.14-3 +- use spaces instead of tabs consistently +- prefer fixed closures to libffi closures (#1656245, patch by Daiki Ueno) + +* Mon Oct 29 2018 James Antill - 0.23.14-2 +- Remove ldconfig scriptlet, now done via. transfiletrigger in glibc. + +* Fri Sep 07 2018 Daiki Ueno - 0.23.14-1 - Update to upstream 0.23.14 release +* Wed Aug 15 2018 Daiki Ueno - 0.23.13-3 +- Forcibly link with libpthread to avoid regressions (rhbz#1615038) + +* Wed Aug 15 2018 Daiki Ueno - 0.23.13-2 +- Fix invalid memory access on proxy cleanup + +* Fri Aug 10 2018 Daiki Ueno - 0.23.13-1 +- Update to upstream 0.23.13 release + +* Fri Jul 13 2018 Fedora Release Engineering - 0.23.12-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + * Wed May 30 2018 Daiki Ueno - 0.23.12-1 - Update to upstream 0.23.11 release @@ -428,3 +598,5 @@ fi * Tue Jul 12 2011 Kalev Lember - 0.2-1 - Initial RPM release + +## END: Generated by rpmautospec diff --git a/sources b/sources new file mode 100644 index 0000000..bed7eca --- /dev/null +++ b/sources @@ -0,0 +1,3 @@ +SHA512 (p11-kit-0.25.5.tar.xz) = 177ec6ff5eb891901078306dce2bf3f5c1a0e5c2a8c493bdf5a08ae1ff1240fdf6952961e973c373f80ac3d1d5a9927e07f4da49e4ff92269d992e744889fc94 +SHA512 (p11-kit-0.25.5.tar.xz.sig) = 2be5aa4ccbb889e32aed88fc1f7926c3ccaadc90cc6b15a187358c812eee4ce1712068d1f271766ac51366112c0619aad46cff345ed2edd009fb2fe7fb804493 +SHA512 (p11-kit-release-keyring.gpg) = 9a832a8ac3a139cbbf1ecb66573f0709847ebfef4975777cf82b4dca09af1ad8e6400f0af0bcdb92860e7ed4fc05082ba1edda0238a21fe24d49555a1069e881 diff --git a/SOURCES/trust-extract-compat b/trust-extract-compat similarity index 100% rename from SOURCES/trust-extract-compat rename to trust-extract-compat