From 13f38c57ace26b5a7261e9f3ae6c8e340b2681c0 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Thu, 25 Feb 2016 11:52:13 -0500 Subject: [PATCH] - Resolves: rhbz#1272453 A marked as CA certificate cannot be written in a softhsmv2 db --- softhsm-2.0.0-1272453-Issue162.patch | 201 +++++++++++++++++++++++++++ softhsm.spec | 10 +- 2 files changed, 210 insertions(+), 1 deletion(-) create mode 100644 softhsm-2.0.0-1272453-Issue162.patch diff --git a/softhsm-2.0.0-1272453-Issue162.patch b/softhsm-2.0.0-1272453-Issue162.patch new file mode 100644 index 0000000..9332256 --- /dev/null +++ b/softhsm-2.0.0-1272453-Issue162.patch @@ -0,0 +1,201 @@ +diff -Naur softhsm-2.0.0-orig/src/lib/P11Attributes.cpp softhsm-2.0.0/src/lib/P11Attributes.cpp +--- softhsm-2.0.0-orig/src/lib/P11Attributes.cpp 2015-06-01 07:28:14.000000000 -0400 ++++ softhsm-2.0.0/src/lib/P11Attributes.cpp 2016-02-25 11:36:25.005775010 -0500 +@@ -482,15 +482,10 @@ + } + + // Update the value if allowed +-CK_RV P11AttrClass::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int op) ++CK_RV P11AttrClass::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/) + { + // Attribute specific checks + +- if (op == OBJECT_OP_SET) +- { +- return CKR_ATTRIBUTE_READ_ONLY; +- } +- + if (ulValueLen !=sizeof(CK_ULONG)) + { + return CKR_ATTRIBUTE_VALUE_INVALID; +@@ -516,15 +511,10 @@ + } + + // Update the value if allowed +-CK_RV P11AttrKeyType::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int op) ++CK_RV P11AttrKeyType::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/) + { + // Attribute specific checks + +- if (op == OBJECT_OP_SET) +- { +- return CKR_ATTRIBUTE_READ_ONLY; +- } +- + if (ulValueLen !=sizeof(CK_ULONG)) + { + return CKR_ATTRIBUTE_VALUE_INVALID; +@@ -552,15 +542,10 @@ + } + + // Update the value if allowed +-CK_RV P11AttrCertificateType::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int op) ++CK_RV P11AttrCertificateType::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/) + { + // Attribute specific checks + +- if (op == OBJECT_OP_SET) +- { +- return CKR_ATTRIBUTE_READ_ONLY; +- } +- + if (ulValueLen !=sizeof(CK_ULONG)) + { + return CKR_ATTRIBUTE_VALUE_INVALID; +@@ -586,22 +571,13 @@ + } + + // Update the value if allowed +-CK_RV P11AttrToken::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int op) ++CK_RV P11AttrToken::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/) + { + OSAttribute attrTrue(true); + OSAttribute attrFalse(false); + + // Attribute specific checks + +- if (op != OBJECT_OP_GENERATE && +- op != OBJECT_OP_DERIVE && +- op != OBJECT_OP_CREATE && +- op != OBJECT_OP_COPY && +- op != OBJECT_OP_UNWRAP) +- { +- return CKR_ATTRIBUTE_READ_ONLY; +- } +- + if (ulValueLen !=sizeof(CK_BBOOL)) + { + return CKR_ATTRIBUTE_VALUE_INVALID; +@@ -633,22 +609,13 @@ + } + + // Update the value if allowed +-CK_RV P11AttrPrivate::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int op) ++CK_RV P11AttrPrivate::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/) + { + OSAttribute attrTrue(true); + OSAttribute attrFalse(false); + + // Attribute specific checks + +- if (op != OBJECT_OP_GENERATE && +- op != OBJECT_OP_DERIVE && +- op != OBJECT_OP_CREATE && +- op != OBJECT_OP_COPY && +- op != OBJECT_OP_UNWRAP) +- { +- return CKR_ATTRIBUTE_READ_ONLY; +- } +- + if (ulValueLen !=sizeof(CK_BBOOL)) + { + return CKR_ATTRIBUTE_VALUE_INVALID; +@@ -680,22 +647,13 @@ + } + + // Update the value if allowed +-CK_RV P11AttrModifiable::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int op) ++CK_RV P11AttrModifiable::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/) + { + OSAttribute attrTrue(true); + OSAttribute attrFalse(false); + + // Attribute specific checks + +- if (op != OBJECT_OP_GENERATE && +- op != OBJECT_OP_DERIVE && +- op != OBJECT_OP_CREATE && +- op != OBJECT_OP_COPY && +- op != OBJECT_OP_UNWRAP) +- { +- return CKR_ATTRIBUTE_READ_ONLY; +- } +- + if (ulValueLen !=sizeof(CK_BBOOL)) + { + return CKR_ATTRIBUTE_VALUE_INVALID; +@@ -738,22 +696,13 @@ + } + + // Update the value if allowed +-CK_RV P11AttrCopyable::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int op) ++CK_RV P11AttrCopyable::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/) + { + OSAttribute attrTrue(true); + OSAttribute attrFalse(false); + + // Attribute specific checks + +- if (op != OBJECT_OP_GENERATE && +- op != OBJECT_OP_DERIVE && +- op != OBJECT_OP_CREATE && +- op != OBJECT_OP_COPY && +- op != OBJECT_OP_UNWRAP) +- { +- return CKR_ATTRIBUTE_READ_ONLY; +- } +- + if (ulValueLen !=sizeof(CK_BBOOL)) + { + return CKR_ATTRIBUTE_VALUE_INVALID; +@@ -955,15 +904,10 @@ + } + + // Update the value if allowed +-CK_RV P11AttrCertificateCategory::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int op) ++CK_RV P11AttrCertificateCategory::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/) + { + // Attribute specific checks + +- if (op != OBJECT_OP_SET) +- { +- return CKR_ATTRIBUTE_READ_ONLY; +- } +- + if (ulValueLen !=sizeof(CK_ULONG)) + { + return CKR_ATTRIBUTE_VALUE_INVALID; +@@ -1085,15 +1029,10 @@ + } + + // Update the value if allowed +-CK_RV P11AttrJavaMidpSecurityDomain::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int op) ++CK_RV P11AttrJavaMidpSecurityDomain::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/) + { + // Attribute specific checks + +- if (op != OBJECT_OP_SET) +- { +- return CKR_ATTRIBUTE_READ_ONLY; +- } +- + if (ulValueLen !=sizeof(CK_ULONG)) + { + return CKR_ATTRIBUTE_VALUE_INVALID; +@@ -1117,15 +1056,10 @@ + } + + // Update the value if allowed +-CK_RV P11AttrNameHashAlgorithm::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int op) ++CK_RV P11AttrNameHashAlgorithm::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_VOID_PTR pValue, CK_ULONG ulValueLen, int /*op*/) + { + // Attribute specific checks + +- if (op != OBJECT_OP_SET) +- { +- return CKR_ATTRIBUTE_READ_ONLY; +- } +- + if (ulValueLen !=sizeof(CK_ULONG)) + { + return CKR_ATTRIBUTE_VALUE_INVALID; diff --git a/softhsm.spec b/softhsm.spec index 1645432..b519930 100644 --- a/softhsm.spec +++ b/softhsm.spec @@ -3,7 +3,7 @@ Summary: Software version of a PKCS#11 Hardware Security Module Name: softhsm Version: 2.0.0 -Release: %{?prever:0.}1%{?prever:.%{prever}}%{?dist}.1 +Release: %{?prever:0.}2%{?prever:.%{prever}}%{?dist} License: BSD Url: http://www.opendnssec.org/ Source: http://dist.opendnssec.org/source/%{?prever:testing/}%{name}-%{version}.tar.gz @@ -12,6 +12,8 @@ Source2: softhsm.module # taken from coolkey which is not build on all arches we build on Source3: softhsm2-pk11install.c +Patch1: softhsm-2.0.0-1272453-Issue162.patch + Group: Applications/System BuildRequires: openssl-devel >= 1.0.1k-6, sqlite-devel >= 3.4.2, cppunit-devel BuildRequires: gcc-c++, pkgconfig, p11-kit-devel, nss-devel @@ -44,6 +46,9 @@ The devel package contains the libsofthsm include files %prep %setup -q -n %{name}-%{version}%{?prever} + +%patch1 -p1 + %if 0%{?prever:1} autoreconf -fiv %endif @@ -124,6 +129,9 @@ if [ -f /var/softhsm/slot0.db ]; then fi %changelog +* Thu Feb 25 2016 Paul Wouters - 2.0.0-2 +- Resolves: rhbz#1272453 A marked as CA certificate cannot be written in a softhsmv2 db + * Fri Feb 05 2016 Fedora Release Engineering - 2.0.0-1.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild