rpms/pkcs11-provider
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Backport upstream fixes

Browse Source 
Resolves: RHEL-82708

Signed-off-by: Simo Sorce <simo@redhat.com>
This commit is contained in:
Simo Sorce 2025-03-11 14:13:15 -04:00
parent 61db950bcf
commit 6a4694191f
4 changed files with 101 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
0001-utils-Do-not-fail-if-non-mandatory-attribute-is-not-.patch Normal file
View File

@ -0,0 +1,35 @@
From 577471d781d1ee0365f6739b1cfc1c9c566c893a Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Mon, 3 Mar 2025 15:54:07 +0100
Subject: [PATCH] utils: Do not fail if non-mandatory attribute is not
available
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
src/util.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/util.c b/src/util.c
index 66a3bd0..a956f9d 100644
--- a/src/util.c
+++ b/src/util.c
@@ -34,10 +34,13 @@ CK_RV p11prov_fetch_attributes(P11PROV_CTX *ctx, P11PROV_SESSION *session,
unsigned long retrnums = 0;
for (size_t i = 0; i < attrnums; i++) {
if (q[i].ulValueLen == CK_UNAVAILABLE_INFORMATION) {
- /* This can't happen according to the algorithm described
- * in the spec when the call returns CKR_OK. */
+ /* This means the attribute is valid, but not available for a
+ * given object. Just skip it, unless it is required */
+ if (!attrs[i].required) {
+ continue;
+ }
ret = CKR_GENERAL_ERROR;
- P11PROV_raise(ctx, ret, "Failed to get attributes");
+ P11PROV_raise(ctx, ret, "Failed to get required attributes");
goto done;
}
if (attrs[i].allocate) {
--
2.48.1

28
0001-utils-Do-not-repeat-GetAttribute-calls-when-the-size.patch Normal file
View File

@ -0,0 +1,28 @@
From cf6bcbb4edbe983691996f8fb126c6b143dc796d Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Mon, 3 Mar 2025 17:11:03 +0100
Subject: [PATCH] utils: Do not repeat GetAttribute calls when the size query
already failed
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
src/util.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/util.c b/src/util.c
index bb1a389..3c72e8c 100644
--- a/src/util.c
+++ b/src/util.c
@@ -83,6 +83,9 @@ CK_RV p11prov_fetch_attributes(P11PROV_CTX *ctx, P11PROV_SESSION *session,
if (attrs[i].required) {
return ret;
}
+ /* Invalid attribute: No need to call the function again for
+ * this attribute */
+ continue;
} else {
CK_ULONG len = attrs[i].attr.ulValueLen;
if (len == CK_UNAVAILABLE_INFORMATION) {
--
2.48.1

34
0001-utils-Handle-correctly-CK_UNAVAILABLE_INFORMATION-wh.patch Normal file
View File

@ -0,0 +1,34 @@
From 02dc73fd441f9f87bd237a1fbd0a7cab9d948cbe Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Mon, 3 Mar 2025 17:10:17 +0100
Subject: [PATCH] utils: Handle correctly CK_UNAVAILABLE_INFORMATION when
reading attributes
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
src/util.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/src/util.c b/src/util.c
index a956f9d..bb1a389 100644
--- a/src/util.c
+++ b/src/util.c
@@ -84,8 +84,13 @@ CK_RV p11prov_fetch_attributes(P11PROV_CTX *ctx, P11PROV_SESSION *session,
return ret;
}
} else {
- attrs[i].attr.pValue =
- OPENSSL_zalloc(attrs[i].attr.ulValueLen + 1);
+ CK_ULONG len = attrs[i].attr.ulValueLen;
+ if (len == CK_UNAVAILABLE_INFORMATION) {
+ /* The attribute is known to the module, but not
+ * available on this object */
+ continue;
+ }
+ attrs[i].attr.pValue = OPENSSL_zalloc(len + 1);
if (!attrs[i].attr.pValue) {
ret = CKR_HOST_MEMORY;
P11PROV_raise(ctx, ret, "Failed to get attributes");
--
2.48.1

4
pkcs11-provider.spec
View File

@ -14,6 +14,10 @@ Source2: https://people.redhat.com/~ssorce/simo_redhat.asc
%endif
Source3: pkcs11-provider.conf
Patch1: 0001-utils-Do-not-fail-if-non-mandatory-attribute-is-not-.patch
Patch2: 0001-utils-Handle-correctly-CK_UNAVAILABLE_INFORMATION-wh.patch
Patch3: 0001-utils-Do-not-repeat-GetAttribute-calls-when-the-size.patch
BuildRequires: openssl-devel >= 3.0.7
BuildRequires: gcc
BuildRequires: meson