From b6701859fd505bc15b2ae7cf385efd399a6db336 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Tue, 24 Jun 2025 09:55:54 +0000 Subject: [PATCH] import CS softhsm-2.6.1-16.el10 --- .gitignore | 3 +- .softhsm.metadata | 1 - SOURCES/softhsm-2.6.0.tar.gz.sig | Bin 543 -> 0 bytes .../softhsm-2.6.1-rh1857272-negatives.patch | 230 ---- ...atch => softhsm-2.6.1-rh1831086-exit.patch | 0 softhsm-2.6.1-uninitialized.patch | 12 + ...hsm-disable-usage-of-openssl-engines.patch | 93 ++ softhsm-openssl3-tests.patch | 1011 +++++++++++++++++ ...revent-global-deleted-objects-access.patch | 667 +++++++++++ softhsm-sysusers.conf | 1 + SPECS/softhsm.spec => softhsm.spec | 227 ++-- sources | 2 + 12 files changed, 1951 insertions(+), 296 deletions(-) delete mode 100644 .softhsm.metadata delete mode 100644 SOURCES/softhsm-2.6.0.tar.gz.sig delete mode 100644 SOURCES/softhsm-2.6.1-rh1857272-negatives.patch rename SOURCES/softhsm-2.6.1-rh1834909-exit.patch => softhsm-2.6.1-rh1831086-exit.patch (100%) create mode 100644 softhsm-2.6.1-uninitialized.patch create mode 100644 softhsm-disable-usage-of-openssl-engines.patch create mode 100644 softhsm-openssl3-tests.patch create mode 100644 softhsm-prevent-global-deleted-objects-access.patch create mode 100644 softhsm-sysusers.conf rename SPECS/softhsm.spec => softhsm.spec (55%) create mode 100644 sources diff --git a/.gitignore b/.gitignore index b8c2a03..9df3cef 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ -SOURCES/softhsm-2.6.0.tar.gz +softhsm-2.6.1.tar.gz +softhsm-2.6.1.tar.gz.sig diff --git a/.softhsm.metadata b/.softhsm.metadata deleted file mode 100644 index 24b031a..0000000 --- a/.softhsm.metadata +++ /dev/null @@ -1 +0,0 @@ -da4220189c358741a42a63442561ec07996badaf SOURCES/softhsm-2.6.0.tar.gz diff --git a/SOURCES/softhsm-2.6.0.tar.gz.sig b/SOURCES/softhsm-2.6.0.tar.gz.sig deleted file mode 100644 index 6dab45da270904d2096aec4192f821e9ff0042b0..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 543 zcmV+)0^t3L0vrSY0RjL91p;1h^+W&)2@pZ{Bfd||3zVVV5C2f>L8q+S+8BAKmO$QH z#LCQ4`CKwEI>j*aMkO|ULnsLZm6@2)nqFUNqwB33NH}ceOnDAi+GyH8I4(ucLBfDR9RZj4Mphr zZ%hgOoR?#fhro;G-Pb1c0=l^*0y5589GZn4{F>jY#aL9aA6{sMm|dtO^uvA7!^r1N zKM`}`SAbKXw8ak%)FGxHHTV{!U&cXEe7#c}6x|S;&Qz?p%bnEGLGT!k_)Sg*yRxP1 zZtbvExFyI>Zj?5nr5*yg!j$NiEFKybiuXwTKkU3}+y*#pAWe7c#f^>ZueE#MS|q_7 z6OqQ#f4y!JGG7R%Y35a9H#yRu2!}4mcAQ#MUcx3kTZ`q;eO|Rny4N4(UmHjNV-W4i zc~?Y&QG^x3Xe21`85{|1` z#p8#c(NiffXurMllM;jbri7VMh76{I19}Ar1r-Zz&vow7Y(SS|JK-c-5=g6JiYjJ` zyqahAP;`Hu^IzI0>W6EArL-C$!4%h63u`SG^wtKuWR&hX(Yh0R-c-a)-}4N|b=LsI hC3sN7zS66_{Wm(OJyMR0(Ytxc@dD9R$Vs&)z1osc23r6C diff --git a/SOURCES/softhsm-2.6.1-rh1857272-negatives.patch b/SOURCES/softhsm-2.6.1-rh1857272-negatives.patch deleted file mode 100644 index 049f71c..0000000 --- a/SOURCES/softhsm-2.6.1-rh1857272-negatives.patch +++ /dev/null @@ -1,230 +0,0 @@ -From cfe1f7fdd12e202fa2d056c7fd731cfeee378a98 Mon Sep 17 00:00:00 2001 -From: Jakub Jelen -Date: Wed, 15 Jul 2020 18:12:32 +0200 -Subject: [PATCH] Unbreak negative mechanism lists in slots.mechanisms + - testcase - -Previously, when the list for slots.mechanisms was prefixed with -minus sign "-", the first mechanism was skipped as invalid and -therefore the tool was presenting wrong list of algorithms. - -This fixes the initial index for selection of first algorithm -and adds unit test for this scenario. ---- - .gitignore | 1 + - configure.ac | 1 + - src/lib/SoftHSM.cpp | 9 ++- - src/lib/test/InfoTests.cpp | 70 ++++++++++++++++++- - src/lib/test/InfoTests.h | 2 + - src/lib/test/Makefile.am | 1 + - src/lib/test/softhsm2-negative-mech.conf.in | 8 +++ - .../test/softhsm2-negative-mech.conf.win32 | 7 ++ - win32/p11test/p11test.vcxproj.in | 2 + - 9 files changed, 97 insertions(+), 4 deletions(-) - create mode 100644 src/lib/test/softhsm2-negative-mech.conf.in - create mode 100644 src/lib/test/softhsm2-negative-mech.conf.win32 - -diff --git a/configure.ac b/configure.ac -index d4dad435..c6a51c7a 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -217,6 +217,7 @@ AC_CONFIG_FILES([ - src/lib/test/softhsm2-alt.conf - src/lib/test/softhsm2-reset-on-fork.conf - src/lib/test/softhsm2-mech.conf -+ src/lib/test/softhsm2-negative-mech.conf - src/lib/test/tokens/dummy - src/bin/Makefile - src/bin/common/Makefile -diff --git a/src/lib/SoftHSM.cpp b/src/lib/SoftHSM.cpp -index 0a0c32cc..cac724e6 100644 ---- a/src/lib/SoftHSM.cpp -+++ b/src/lib/SoftHSM.cpp -@@ -791,12 +791,17 @@ void SoftHSM::prepareSupportedMecahnisms(std::map -@@ -99,6 +100,7 @@ copy ..\..\src\lib\test\softhsm2.conf.win32 "$(TargetDir)\softhsm2.conf" - copy ..\..\src\lib\test\softhsm2-alt.conf.win32 "$(TargetDir)\softhsm2-alt.conf" - copy ..\..\src\lib\test\softhsm2-reset-on-fork.conf.win32 "$(TargetDir)\softhsm2-reset-on-fork.conf" - copy ..\..\src\lib\test\softhsm2-mech.conf.win32 "$(TargetDir)\softhsm2-mech.conf" -+copy ..\..\src\lib\test\softhsm2-negative-mech.conf.win32 "$(TargetDir)\softhsm2-negative-mech.conf" - mkdir "$(TargetDir)\tokens" 2> nul - copy ..\..\src\lib\test\tokens\dummy.in "$(TargetDir)\tokens\dummy" - diff --git a/SOURCES/softhsm-2.6.1-rh1834909-exit.patch b/softhsm-2.6.1-rh1831086-exit.patch similarity index 100% rename from SOURCES/softhsm-2.6.1-rh1834909-exit.patch rename to softhsm-2.6.1-rh1831086-exit.patch diff --git a/softhsm-2.6.1-uninitialized.patch b/softhsm-2.6.1-uninitialized.patch new file mode 100644 index 0000000..bcdb4ee --- /dev/null +++ b/softhsm-2.6.1-uninitialized.patch @@ -0,0 +1,12 @@ +diff --git a/src/lib/SoftHSM.cpp b/src/lib/SoftHSM.cpp +index d2bf4037a..6eeac6103 100644 +--- a/src/lib/SoftHSM.cpp ++++ b/src/lib/SoftHSM.cpp +@@ -972,6 +972,7 @@ CK_RV SoftHSM::C_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, CK_ + } + CryptoFactory::i()->recycleAsymmetricAlgorithm(eddsa); + #endif ++ pInfo->flags = 0; // initialize flags + switch (type) + { + #ifndef WITH_FIPS diff --git a/softhsm-disable-usage-of-openssl-engines.patch b/softhsm-disable-usage-of-openssl-engines.patch new file mode 100644 index 0000000..e0f1aa1 --- /dev/null +++ b/softhsm-disable-usage-of-openssl-engines.patch @@ -0,0 +1,93 @@ +From 7c7bb855e133b6c998385171b2ec86247b86933e Mon Sep 17 00:00:00 2001 +From: Francisco Trivino +Date: Fri, 2 Aug 2024 11:53:44 +0200 +Subject: [PATCH] use pkcs11 provider for OPENSSL MAJOR >= 3 + +--- +diff --git a/cmake/modules/tests/test_openssl_gost.c b/cmake/modules/tests/test_openssl_gost.c +index 33487e1..b2df4df 100644 +--- a/modules/tests/test_openssl_gost.c ++++ b/modules/tests/test_openssl_gost.c +@@ -1,3 +1,4 @@ ++#ifndef OPENSSL_NO_ENGINE + #include + #include + #include +@@ -39,3 +40,4 @@ int main() + + return 0; + } ++#endif +diff --git a/src/lib/crypto/OSSLCryptoFactory.h b/src/lib/crypto/OSSLCryptoFactory.h +index d718b69..18028c4 100644 +--- a/src/lib/crypto/OSSLCryptoFactory.h ++++ b/src/lib/crypto/OSSLCryptoFactory.h +@@ -42,7 +42,16 @@ + #include "RNG.h" + #include + #include +-#include ++#if OPENSSL_VERSION_MAJOR >= 3 ++# define USE_PKCS11_PROVIDER ++# include ++# include ++#else ++# if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DEPRECATED_3_0) ++# define USE_PKCS11_ENGINE ++# include ++# endif ++#endif + + class OSSLCryptoFactory : public CryptoFactory + { +diff --git a/src/lib/crypto/OSSLCryptoFactory.cpp b/src/lib/crypto/OSSLCryptoFactory.cpp +index 32f8dc8..a719778 100644 +--- a/src/lib/crypto/OSSLCryptoFactory.cpp ++++ b/src/lib/crypto/OSSLCryptoFactory.cpp +@@ -141,6 +141,11 @@ OSSLCryptoFactory::OSSLCryptoFactory() + // Initialise OpenSSL + OpenSSL_add_all_algorithms(); + ++ // Initialise the one-and-only RNG ++ rng = new OSSLRNG(); ++ ++#ifndef OPENSSL_NO_ENGINE ++ + #if !( OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ) + // Make sure RDRAND is loaded first + ENGINE_load_rdrand(); +@@ -221,13 +223,13 @@ err: + eg = NULL; + return; + #endif ++#endif // OPENSSL_NO_ENGINE + } + + // Destructor + OSSLCryptoFactory::~OSSLCryptoFactory() + { + bool ossl_shutdown = false; +- + #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + // OpenSSL 1.1.0+ will register an atexit() handler to run + // OPENSSL_cleanup(). If that has already happened we must +@@ -243,6 +245,7 @@ OSSLCryptoFactory::~OSSLCryptoFactory() + #endif + if (!ossl_shutdown) + { ++#ifndef OPENSSL_NO_ENGINE + #ifdef WITH_GOST + // Finish the GOST engine + if (eg != NULL) +@@ -257,7 +260,7 @@ OSSLCryptoFactory::~OSSLCryptoFactory() + ENGINE_finish(rdrand_engine); + ENGINE_free(rdrand_engine); + rdrand_engine = NULL; +- ++#endif //OPENSSL_NO_ENGINE + // Recycle locks + #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + if (setLockingCallback) +-- +2.45.2 + diff --git a/softhsm-openssl3-tests.patch b/softhsm-openssl3-tests.patch new file mode 100644 index 0000000..8245f4b --- /dev/null +++ b/softhsm-openssl3-tests.patch @@ -0,0 +1,1011 @@ +From 643f061e6fbe04552a2c49bd00528e61a9a77064 Mon Sep 17 00:00:00 2001 +From: Alexander Bokovoy +Date: Wed, 26 May 2021 20:03:25 +0300 +Subject: [PATCH 1/4] openssl 3.0: Run DES tests only if OpenSSL allows it + +OpenSSL 3.0 moves DES into a legacy provider which has to be loaded +explicitly. By default, it will not be loaded and DES methods in tests +will fail. Nest test blocks under successful initialization. + +Signed-off-by: Alexander Bokovoy +--- + src/lib/crypto/test/DESTests.cpp | 350 ++++++++++++++++--------------- + 1 file changed, 182 insertions(+), 168 deletions(-) + +diff --git a/src/lib/crypto/test/DESTests.cpp b/src/lib/crypto/test/DESTests.cpp +index bcb1c6b..aa68746 100644 +--- a/src/lib/crypto/test/DESTests.cpp ++++ b/src/lib/crypto/test/DESTests.cpp +@@ -259,54 +259,58 @@ void DESTests::testCBC() + + // Now, do the same thing using our DES implementation + shsmCipherText.wipe(); +- CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::CBC, IV)); ++ if (des->encryptInit(&desKey56, SymMode::CBC, IV)) { + +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(des->encryptFinal(OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(shsmCipherText == cipherText); ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); + +- // Check that we can get the plain text +- shsmPlainText.wipe(); +- CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CBC, IV)); ++ // Check that we can get the plain text ++ shsmPlainText.wipe(); ++ CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CBC, IV)); + +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(des->decryptFinal(OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(shsmPlainText == plainText); ++ CPPUNIT_ASSERT(shsmPlainText == plainText); ++ ++ } + + // Test 112-bit key + cipherText = ByteString(testResult[i][j][1]); + + // Now, do the same thing using our DES implementation + shsmCipherText.wipe(); +- CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::CBC, IV)); ++ if (des->encryptInit(&desKey112, SymMode::CBC, IV)) { + +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(des->encryptFinal(OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(shsmCipherText == cipherText); ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); + +- // Check that we can get the plain text +- shsmPlainText.wipe(); +- CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CBC, IV)); ++ // Check that we can get the plain text ++ shsmPlainText.wipe(); ++ CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CBC, IV)); + +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(des->decryptFinal(OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); ++ shsmPlainText += OB; ++ ++ CPPUNIT_ASSERT(shsmPlainText == plainText); ++ } + +- CPPUNIT_ASSERT(shsmPlainText == plainText); + #endif + + // Test 168-bit key +@@ -314,27 +318,28 @@ void DESTests::testCBC() + + // Now, do the same thing using our DES implementation + shsmCipherText.wipe(); +- CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::CBC, IV)); ++ if (des->encryptInit(&desKey168, SymMode::CBC, IV)) { + +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(des->encryptFinal(OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(shsmCipherText == cipherText); ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); + +- // Check that we can get the plain text +- shsmPlainText.wipe(); +- CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CBC, IV)); ++ // Check that we can get the plain text ++ shsmPlainText.wipe(); ++ CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CBC, IV)); + +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(des->decryptFinal(OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(shsmPlainText == plainText); ++ CPPUNIT_ASSERT(shsmPlainText == plainText); ++ } + } + } + } +@@ -534,54 +539,56 @@ void DESTests::testECB() + + // Now, do the same thing using our DES implementation + shsmCipherText.wipe(); +- CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::ECB, IV)); ++ if (des->encryptInit(&desKey56, SymMode::ECB, IV)) { + +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(des->encryptFinal(OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(shsmCipherText == cipherText); ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); + +- // Check that we can get the plain text +- shsmPlainText.wipe(); +- CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::ECB, IV)); ++ // Check that we can get the plain text ++ shsmPlainText.wipe(); ++ CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::ECB, IV)); + +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(des->decryptFinal(OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(shsmPlainText == plainText); ++ CPPUNIT_ASSERT(shsmPlainText == plainText); ++ } + + // Test 112-bit key + cipherText = ByteString(testResult[i][j][1]); + + // Now, do the same thing using our DES implementation + shsmCipherText.wipe(); +- CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::ECB, IV)); ++ if (des->encryptInit(&desKey112, SymMode::ECB, IV)) { + +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(des->encryptFinal(OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(shsmCipherText == cipherText); ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); + +- // Check that we can get the plain text +- shsmPlainText.wipe(); +- CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::ECB, IV)); ++ // Check that we can get the plain text ++ shsmPlainText.wipe(); ++ CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::ECB, IV)); + +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(des->decryptFinal(OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(shsmPlainText == plainText); ++ CPPUNIT_ASSERT(shsmPlainText == plainText); ++ } + #endif + + // Test 168-bit key +@@ -589,27 +596,28 @@ void DESTests::testECB() + + // Now, do the same thing using our DES implementation + shsmCipherText.wipe(); +- CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::ECB, IV)); ++ if (des->encryptInit(&desKey168, SymMode::ECB, IV)) { + +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(des->encryptFinal(OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(shsmCipherText == cipherText); ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); + +- // Check that we can get the plain text +- shsmPlainText.wipe(); +- CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::ECB, IV)); ++ // Check that we can get the plain text ++ shsmPlainText.wipe(); ++ CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::ECB, IV)); + +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(des->decryptFinal(OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(shsmPlainText == plainText); ++ CPPUNIT_ASSERT(shsmPlainText == plainText); ++ } + } + } + } +@@ -809,54 +817,56 @@ void DESTests::testOFB() + + // Now, do the same thing using our DES implementation + shsmCipherText.wipe(); +- CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::OFB, IV)); ++ if (des->encryptInit(&desKey56, SymMode::OFB, IV)) { + +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(des->encryptFinal(OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(shsmCipherText == cipherText); ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); + +- // Check that we can get the plain text +- shsmPlainText.wipe(); +- CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::OFB, IV)); ++ // Check that we can get the plain text ++ shsmPlainText.wipe(); ++ CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::OFB, IV)); + +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(des->decryptFinal(OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(shsmPlainText == plainText); ++ CPPUNIT_ASSERT(shsmPlainText == plainText); ++ } + + // Test 112-bit key + cipherText = ByteString(testResult[i][j][1]); + + // Now, do the same thing using our DES implementation + shsmCipherText.wipe(); +- CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::OFB, IV)); ++ if (des->encryptInit(&desKey112, SymMode::OFB, IV)) { + +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(des->encryptFinal(OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(shsmCipherText == cipherText); ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); + +- // Check that we can get the plain text +- shsmPlainText.wipe(); +- CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::OFB, IV)); ++ // Check that we can get the plain text ++ shsmPlainText.wipe(); ++ CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::OFB, IV)); + +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(des->decryptFinal(OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(shsmPlainText == plainText); ++ CPPUNIT_ASSERT(shsmPlainText == plainText); ++ } + #endif + + // Test 168-bit key +@@ -864,27 +874,28 @@ void DESTests::testOFB() + + // Now, do the same thing using our DES implementation + shsmCipherText.wipe(); +- CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::OFB, IV)); ++ if (des->encryptInit(&desKey168, SymMode::OFB, IV)) { + +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(des->encryptFinal(OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(shsmCipherText == cipherText); ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); + +- // Check that we can get the plain text +- shsmPlainText.wipe(); +- CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::OFB, IV)); ++ // Check that we can get the plain text ++ shsmPlainText.wipe(); ++ CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::OFB, IV)); + +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(des->decryptFinal(OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(shsmPlainText == plainText); ++ CPPUNIT_ASSERT(shsmPlainText == plainText); ++ } + } + } + } +@@ -1083,54 +1094,56 @@ void DESTests::testCFB() + + // Now, do the same thing using our DES implementation + shsmCipherText.wipe(); +- CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::CFB, IV)); ++ if (des->encryptInit(&desKey56, SymMode::CFB, IV)) { + +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(des->encryptFinal(OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(shsmCipherText == cipherText); ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); + +- // Check that we can get the plain text +- shsmPlainText.wipe(); +- CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CFB, IV)); ++ // Check that we can get the plain text ++ shsmPlainText.wipe(); ++ CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CFB, IV)); + +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(des->decryptFinal(OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(shsmPlainText == plainText); ++ CPPUNIT_ASSERT(shsmPlainText == plainText); ++ } + + // Test 112-bit key + cipherText = ByteString(testResult[i][j][1]); + + // Now, do the same thing using our DES implementation + shsmCipherText.wipe(); +- CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::CFB, IV)); ++ if (des->encryptInit(&desKey112, SymMode::CFB, IV)) { + +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(des->encryptFinal(OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(shsmCipherText == cipherText); ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); + +- // Check that we can get the plain text +- shsmPlainText.wipe(); +- CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CFB, IV)); ++ // Check that we can get the plain text ++ shsmPlainText.wipe(); ++ CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CFB, IV)); + +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(des->decryptFinal(OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(shsmPlainText == plainText); ++ CPPUNIT_ASSERT(shsmPlainText == plainText); ++ } + #endif + + // Test 168-bit key +@@ -1138,27 +1151,28 @@ void DESTests::testCFB() + + // Now, do the same thing using our DES implementation + shsmCipherText.wipe(); +- CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::CFB, IV)); ++ if (des->encryptInit(&desKey168, SymMode::CFB, IV)) { + +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(des->encryptFinal(OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(shsmCipherText == cipherText); ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); + +- // Check that we can get the plain text +- shsmPlainText.wipe(); +- CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CFB, IV)); ++ // Check that we can get the plain text ++ shsmPlainText.wipe(); ++ CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CFB, IV)); + +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(des->decryptFinal(OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(shsmPlainText == plainText); ++ CPPUNIT_ASSERT(shsmPlainText == plainText); ++ } + } + } + } +-- +2.31.1 + + +From 4e368d1b1d835b169d3b9f44e064813d132f3da6 Mon Sep 17 00:00:00 2001 +From: Alexander Bokovoy +Date: Wed, 26 May 2021 20:09:31 +0300 +Subject: [PATCH 2/4] openssl 3.0: use 2048 instead of 1024 bit for RSA tests + +Signed-off-by: Alexander Bokovoy +--- + src/lib/crypto/test/RSATests.cpp | 11 ++++------- + 1 file changed, 4 insertions(+), 7 deletions(-) + +diff --git a/src/lib/crypto/test/RSATests.cpp b/src/lib/crypto/test/RSATests.cpp +index 6af1e19..e583b8b 100644 +--- a/src/lib/crypto/test/RSATests.cpp ++++ b/src/lib/crypto/test/RSATests.cpp +@@ -78,7 +78,6 @@ void RSATests::testKeyGeneration() + + // Key sizes to test + std::vector keySizes; +- keySizes.push_back(1024); + #ifndef WITH_FIPS + keySizes.push_back(1025); + #endif +@@ -111,12 +110,12 @@ void RSATests::testKeyGeneration() + + void RSATests::testSerialisation() + { +- // Generate a 1024-bit key-pair for testing ++ // Generate a 2048-bit key-pair for testing + AsymmetricKeyPair* kp; + RSAParameters p; + + p.setE("010001"); +- p.setBitLength(1024); ++ p.setBitLength(2048); + + CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p)); + CPPUNIT_ASSERT(kp != NULL); +@@ -204,12 +203,12 @@ void RSATests::testSerialisation() + + void RSATests::testPKCS8() + { +- // Generate a 1024-bit key-pair for testing ++ // Generate a 2048-bit key-pair for testing + AsymmetricKeyPair* kp; + RSAParameters p; + + p.setE("010001"); +- p.setBitLength(1024); ++ p.setBitLength(2048); + + CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p)); + CPPUNIT_ASSERT(kp != NULL); +@@ -253,7 +252,6 @@ void RSATests::testSigningVerifying() + + // Key sizes to test + std::vector keySizes; +- keySizes.push_back(1024); + keySizes.push_back(1280); + keySizes.push_back(2048); + //keySizes.push_back(4096); +@@ -611,7 +609,6 @@ void RSATests::testEncryptDecrypt() + + // Key sizes to test + std::vector keySizes; +- keySizes.push_back(1024); + keySizes.push_back(1280); + keySizes.push_back(2048); + //keySizes.push_back(4096); +-- +2.31.1 + + +From d8b6ebb67244f6fb4d2c8f72ae2b8bef5ca96bed Mon Sep 17 00:00:00 2001 +From: Alexander Bokovoy +Date: Wed, 26 May 2021 22:29:22 +0300 +Subject: [PATCH 3/4] openssl 3.0: Skip tests with unsupported key sizes + +OpenSSL 3.0 on systems with systemd-wide crypto policy (Fedora, RHEL, +CentOS 9 Stream) might block certain key sizes which causes the tests to +fail. Skip these tests because we are not going to get the results +anyway. + +There is no way with CPPUNIT to produce a warning only, so we have to +skip the whole test result. + +Signed-off-by: Alexander Bokovoy +--- + src/lib/crypto/test/RSATests.cpp | 31 ++++++++++++++++++------------- + 1 file changed, 18 insertions(+), 13 deletions(-) + +diff --git a/src/lib/crypto/test/RSATests.cpp b/src/lib/crypto/test/RSATests.cpp +index e583b8b..3b397d2 100644 +--- a/src/lib/crypto/test/RSATests.cpp ++++ b/src/lib/crypto/test/RSATests.cpp +@@ -92,18 +92,19 @@ void RSATests::testKeyGeneration() + p.setE(*e); + p.setBitLength(*k); + +- // Generate key-pair +- CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p)); ++ // Generate key-pair but skip test if key size is unsupported in OpenSSL 3.0.0 ++ if (rsa->generateKeyPair(&kp, &p)) { + +- RSAPublicKey* pub = (RSAPublicKey*) kp->getPublicKey(); +- RSAPrivateKey* priv = (RSAPrivateKey*) kp->getPrivateKey(); ++ RSAPublicKey* pub = (RSAPublicKey*) kp->getPublicKey(); ++ RSAPrivateKey* priv = (RSAPrivateKey*) kp->getPrivateKey(); + +- CPPUNIT_ASSERT(pub->getBitLength() == *k); +- CPPUNIT_ASSERT(priv->getBitLength() == *k); +- CPPUNIT_ASSERT(pub->getE() == *e); +- CPPUNIT_ASSERT(priv->getE() == *e); ++ CPPUNIT_ASSERT(pub->getBitLength() == *k); ++ CPPUNIT_ASSERT(priv->getBitLength() == *k); ++ CPPUNIT_ASSERT(pub->getE() == *e); ++ CPPUNIT_ASSERT(priv->getE() == *e); + +- rsa->recycleKeyPair(kp); ++ rsa->recycleKeyPair(kp); ++ } + } + } + } +@@ -291,8 +292,10 @@ void RSATests::testSigningVerifying() + p.setE(*e); + p.setBitLength(*k); + +- // Generate key-pair +- CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p)); ++ // Generate key-pair but skip those that unsupported in OpenSSL 3.0.0 ++ if (!rsa->generateKeyPair(&kp, &p)) { ++ continue; ++ } + + // Generate some data to sign + ByteString dataToSign; +@@ -626,8 +629,10 @@ void RSATests::testEncryptDecrypt() + p.setE(*e); + p.setBitLength(*k); + +- // Generate key-pair +- CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p)); ++ // Generate key-pair but skip those that unsupported in OpenSSL 3.0.0 ++ if (!rsa->generateKeyPair(&kp, &p)) { ++ continue; ++ } + + RNG* rng = CryptoFactory::i()->getRNG(); + +-- +2.31.1 + + +From ca037b327fc77b8a7078c63118f507a157d3c913 Mon Sep 17 00:00:00 2001 +From: Alexander Bokovoy +Date: Thu, 27 May 2021 15:08:02 +0300 +Subject: [PATCH 4/4] openssl3: skip DES* tests + +Signed-off-by: Alexander Bokovoy +--- + src/lib/test/DeriveTests.cpp | 16 ++- + src/lib/test/ObjectTests.cpp | 21 ++-- + src/lib/test/SymmetricAlgorithmTests.cpp | 129 +++++++++++++---------- + 3 files changed, 100 insertions(+), 66 deletions(-) + +diff --git a/src/lib/test/DeriveTests.cpp b/src/lib/test/DeriveTests.cpp +index 9438ac2..275c399 100644 +--- a/src/lib/test/DeriveTests.cpp ++++ b/src/lib/test/DeriveTests.cpp +@@ -666,11 +666,14 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C + 0x25, 0x26, 0x27, 0x28, 0x29, 0x30, 0x31, 0x32 + }; + CK_ULONG secLen = 0; ++ CK_BBOOL oldMechs = CK_FALSE; + + switch (mechType) + { + case CKM_DES_ECB_ENCRYPT_DATA: + case CKM_DES3_ECB_ENCRYPT_DATA: ++ oldMechs = CK_TRUE; ++ /* fall-through */ + case CKM_AES_ECB_ENCRYPT_DATA: + param1.pData = &data[0]; + param1.ulLen = sizeof(data); +@@ -679,6 +682,7 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C + break; + case CKM_DES_CBC_ENCRYPT_DATA: + case CKM_DES3_CBC_ENCRYPT_DATA: ++ oldMechs = CK_TRUE; + memcpy(param2.iv, "12345678", 8); + param2.pData = &data[0]; + param2.length = sizeof(data); +@@ -703,10 +707,12 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C + break; + case CKK_DES: + mechEncrypt.mechanism = CKM_DES_ECB; ++ oldMechs = CK_TRUE; + break; + case CKK_DES2: + case CKK_DES3: + mechEncrypt.mechanism = CKM_DES3_ECB; ++ oldMechs = CK_TRUE; + break; + case CKK_AES: + mechEncrypt.mechanism = CKM_AES_ECB; +@@ -743,7 +749,11 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C + keyAttribs, sizeof(keyAttribs)/sizeof(CK_ATTRIBUTE) - 1, + &hDerive) ); + } +- CPPUNIT_ASSERT(rv == CKR_OK); ++ if (rv != CKR_OK && oldMechs == CK_TRUE) { ++ // Skip old mechanisms, they don't work under this crypto library ++ return; ++ } ++ CPPUNIT_ASSERT(rv==CKR_OK); + + // Check that KCV has been set + CK_ATTRIBUTE checkAttribs[] = { +@@ -764,6 +774,10 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C + CK_ULONG ulRecoveredTextLen; + + rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,&mechEncrypt,hDerive) ); ++ if (rv != CKR_OK && oldMechs == CK_TRUE) { ++ // Skip old mechanisms, they don't work under this crypto library ++ return; ++ } + CPPUNIT_ASSERT(rv==CKR_OK); + + ulCipherTextLen = sizeof(cipherText); +diff --git a/src/lib/test/ObjectTests.cpp b/src/lib/test/ObjectTests.cpp +index 9491ce1..4ffc1c8 100644 +--- a/src/lib/test/ObjectTests.cpp ++++ b/src/lib/test/ObjectTests.cpp +@@ -2370,8 +2370,10 @@ void ObjectTests::testCreateSecretKey() + CPPUNIT_ASSERT(rv == CKR_OK); + rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) ); + CPPUNIT_ASSERT(rv == CKR_OK); +- CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3); +- CPPUNIT_ASSERT(memcmp(pCheckValue, desKCV, 3) == 0); ++ // If DES key is not supported, skip it ++ if (attribKCV[0].ulValueLen == 3) { ++ CPPUNIT_ASSERT(memcmp(pCheckValue, desKCV, 3) == 0); ++ } + rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) ); + CPPUNIT_ASSERT(rv == CKR_OK); + +@@ -2381,9 +2383,12 @@ void ObjectTests::testCreateSecretKey() + rv = CRYPTOKI_F_PTR( C_CreateObject(hSession, attribs, sizeof(attribs)/sizeof(CK_ATTRIBUTE), &hObject) ); + CPPUNIT_ASSERT(rv == CKR_OK); + rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) ); +- CPPUNIT_ASSERT(rv == CKR_OK); +- CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3); +- CPPUNIT_ASSERT(memcmp(pCheckValue, des2KCV, 3) == 0); ++ // If DES2 key is not supported, skip it ++ if (rv == CKR_OK) { ++ if (attribKCV[0].ulValueLen == 3) { ++ CPPUNIT_ASSERT(memcmp(pCheckValue, des2KCV, 3) == 0); ++ } ++ } + rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) ); + CPPUNIT_ASSERT(rv == CKR_OK); + +@@ -2394,8 +2399,10 @@ void ObjectTests::testCreateSecretKey() + CPPUNIT_ASSERT(rv == CKR_OK); + rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) ); + CPPUNIT_ASSERT(rv == CKR_OK); +- CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3); +- CPPUNIT_ASSERT(memcmp(pCheckValue, des3KCV, 3) == 0); ++ // If DES3 key is not supported, skip it ++ if (attribKCV[0].ulValueLen == 3) { ++ CPPUNIT_ASSERT(memcmp(pCheckValue, des3KCV, 3) == 0); ++ } + rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) ); + CPPUNIT_ASSERT(rv == CKR_OK); + } +diff --git a/src/lib/test/SymmetricAlgorithmTests.cpp b/src/lib/test/SymmetricAlgorithmTests.cpp +index b24caaf..1994563 100644 +--- a/src/lib/test/SymmetricAlgorithmTests.cpp ++++ b/src/lib/test/SymmetricAlgorithmTests.cpp +@@ -195,6 +195,8 @@ void SymmetricAlgorithmTests::encryptDecrypt( + std::vector vEncryptedData; + std::vector vEncryptedDataParted; + PartSize partSize(blockSize, &vData); ++ CK_BBOOL oldMechs = CK_FALSE; ++ CK_RV rv = CKR_OK; + + CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_GenerateRandom(hSession, (CK_BYTE_PTR)&vData.front(), messageSize) ) ); + +@@ -233,6 +235,8 @@ void SymmetricAlgorithmTests::encryptDecrypt( + case CKM_DES_CBC_PAD: + case CKM_DES3_CBC: + case CKM_DES3_CBC_PAD: ++ oldMechs = CK_TRUE; ++ /* fall-through */ + case CKM_AES_CBC: + case CKM_AES_CBC_PAD: + pMechanism->pParameter = (CK_VOID_PTR)&vData.front(); +@@ -246,12 +250,18 @@ void SymmetricAlgorithmTests::encryptDecrypt( + pMechanism->pParameter = &gcmParams; + pMechanism->ulParameterLen = sizeof(gcmParams); + break; ++ case CKM_DES_ECB: ++ case CKM_DES3_ECB: ++ oldMechs = CK_TRUE; ++ break; + default: + break; + } + + // Single-part encryption +- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ) ); ++ rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ); ++ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) ); ++ if (oldMechs == CK_FALSE) + { + CK_ULONG ulEncryptedDataLen; + const CK_RV rv( CRYPTOKI_F_PTR( C_Encrypt(hSession,(CK_BYTE_PTR)&vData.front(),messageSize,NULL_PTR,&ulEncryptedDataLen) ) ); +@@ -267,40 +277,42 @@ void SymmetricAlgorithmTests::encryptDecrypt( + } + + // Multi-part encryption +- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ) ); +- +- for ( std::vector::const_iterator i(vData.begin()); i0 ? &vEncryptedDataParted.at(oldSize) : &dummy ); +- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,pEncryptedPart,&ulEncryptedPartLen) ) ); +- vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen); +- } +- { +- CK_ULONG ulLastEncryptedPartLen; +- const CK_RV rv( CRYPTOKI_F_PTR( C_EncryptFinal(hSession,NULL_PTR,&ulLastEncryptedPartLen) ) ); +- if ( isSizeOK ) { +- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, rv ); ++ rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ); ++ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) ); ++ if (oldMechs == CK_FALSE) { ++ for ( std::vector::const_iterator i(vData.begin()); i0 ? &vEncryptedDataParted.at(oldSize) : &dummy ); +- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptFinal(hSession,pLastEncryptedPart,&ulLastEncryptedPartLen) ) ); +- vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen); +- } else { +- CPPUNIT_ASSERT_EQUAL_MESSAGE("C_EncryptFinal should fail with C_CKR_DATA_LEN_RANGE", (CK_RV)CKR_DATA_LEN_RANGE, rv); +- vEncryptedDataParted = vData; ++ const CK_BYTE_PTR pEncryptedPart( ulEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy ); ++ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,pEncryptedPart,&ulEncryptedPartLen) ) ); ++ vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen); ++ } ++ { ++ CK_ULONG ulLastEncryptedPartLen; ++ const CK_RV rv( CRYPTOKI_F_PTR( C_EncryptFinal(hSession,NULL_PTR,&ulLastEncryptedPartLen) ) ); ++ if ( isSizeOK ) { ++ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, rv ); ++ const size_t oldSize( vEncryptedDataParted.size() ); ++ CK_BYTE dummy; ++ vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen); ++ const CK_BYTE_PTR pLastEncryptedPart( ulLastEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy ); ++ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptFinal(hSession,pLastEncryptedPart,&ulLastEncryptedPartLen) ) ); ++ vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen); ++ } else { ++ CPPUNIT_ASSERT_EQUAL_MESSAGE("C_EncryptFinal should fail with C_CKR_DATA_LEN_RANGE", (CK_RV)CKR_DATA_LEN_RANGE, rv); ++ vEncryptedDataParted = vData; ++ } + } + } + + // Single-part decryption +- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) ) ); +- +- { ++ rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) ); ++ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) ); ++ if (oldMechs == CK_FALSE) { + CK_ULONG ulDataLen; + const CK_RV rv( CRYPTOKI_F_PTR( C_Decrypt(hSession,&vEncryptedData.front(),vEncryptedData.size(),NULL_PTR,&ulDataLen) ) ); + if ( isSizeOK ) { +@@ -315,8 +327,9 @@ void SymmetricAlgorithmTests::encryptDecrypt( + } + + // Multi-part decryption +- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) ) ); +- { ++ rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) ); ++ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) ); ++ if (oldMechs == CK_FALSE) { + std::vector vDecryptedData; + CK_BYTE dummy; + for ( std::vector::iterator i(vEncryptedDataParted.begin()); i +Date: Fri, 27 Oct 2023 14:57:37 -0400 +Subject: [PATCH] Prevent accessing of global c++ objects once they are deleted + +Fixes (Maybe) #729. +Reset objects_deleted after reset is called. +--- + src/lib/SoftHSM.cpp | 5 ++ + src/lib/main.cpp | 138 ++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 143 insertions(+) + +diff --git a/src/lib/SoftHSM.cpp b/src/lib/SoftHSM.cpp +index 02c0f95ec..95bf208da 100644 +--- a/src/lib/SoftHSM.cpp ++++ b/src/lib/SoftHSM.cpp +@@ -89,6 +89,8 @@ + + // Initialise the one-and-only instance + ++int objects_deleted = 0; ++ + #ifdef HAVE_CXX11 + + std::unique_ptr MutexFactory::instance(nullptr); +@@ -406,6 +408,8 @@ void SoftHSM::reset() + { + if (instance.get()) + instance.reset(); ++ ++ objects_deleted = 0; + } + + // Constructor +@@ -445,6 +449,7 @@ SoftHSM::~SoftHSM() + + isInitialised = false; + ++ objects_deleted = 1; + resetMutexFactoryCallbacks(); + } + +diff --git a/src/lib/main.cpp b/src/lib/main.cpp +index 2dfd0eb87..e89f18c10 100644 +--- a/src/lib/main.cpp ++++ b/src/lib/main.cpp +@@ -49,6 +49,8 @@ + #define PKCS_API + #endif + ++extern int objects_deleted; ++ + // PKCS #11 function list + static CK_FUNCTION_LIST functionList = + { +@@ -130,6 +132,8 @@ PKCS_API CK_RV C_Initialize(CK_VOID_PTR pInitArgs) + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_Initialize(pInitArgs); + } + catch (...) +@@ -145,6 +149,8 @@ PKCS_API CK_RV C_Finalize(CK_VOID_PTR pReserved) + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_Finalize(pReserved); + } + catch (...) +@@ -160,6 +166,8 @@ PKCS_API CK_RV C_GetInfo(CK_INFO_PTR pInfo) + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_GetInfo(pInfo); + } + catch (...) +@@ -175,6 +183,8 @@ PKCS_API CK_RV C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList) + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + if (ppFunctionList == NULL_PTR) return CKR_ARGUMENTS_BAD; + + *ppFunctionList = &functionList; +@@ -194,6 +204,8 @@ PKCS_API CK_RV C_GetSlotList(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, CK + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_GetSlotList(tokenPresent, pSlotList, pulCount); + } + catch (...) +@@ -209,6 +221,8 @@ PKCS_API CK_RV C_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_GetSlotInfo(slotID, pInfo); + } + catch (...) +@@ -224,6 +238,8 @@ PKCS_API CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo) + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_GetTokenInfo(slotID, pInfo); + } + catch (...) +@@ -239,6 +255,8 @@ PKCS_API CK_RV C_GetMechanismList(CK_SLOT_ID slotID, CK_MECHANISM_TYPE_PTR pMech + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_GetMechanismList(slotID, pMechanismList, pulCount); + } + catch (...) +@@ -254,6 +272,8 @@ PKCS_API CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, CK_ + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_GetMechanismInfo(slotID, type, pInfo); + } + catch (...) +@@ -269,6 +289,8 @@ PKCS_API CK_RV C_InitToken(CK_SLOT_ID slotID, CK_UTF8CHAR_PTR pPin, CK_ULONG ulP + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_InitToken(slotID, pPin, ulPinLen, pLabel); + } + catch (...) +@@ -284,6 +306,8 @@ PKCS_API CK_RV C_InitPIN(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pPin, CK_UL + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_InitPIN(hSession, pPin, ulPinLen); + } + catch (...) +@@ -299,6 +323,8 @@ PKCS_API CK_RV C_SetPIN(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pOldPin, CK_ + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_SetPIN(hSession, pOldPin, ulOldLen, pNewPin, ulNewLen); + } + catch (...) +@@ -314,6 +340,8 @@ PKCS_API CK_RV C_OpenSession(CK_SLOT_ID slotID, CK_FLAGS flags, CK_VOID_PTR pApp + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_OpenSession(slotID, flags, pApplication, notify, phSession); + } + catch (...) +@@ -329,6 +357,8 @@ PKCS_API CK_RV C_CloseSession(CK_SESSION_HANDLE hSession) + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_CloseSession(hSession); + } + catch (...) +@@ -344,6 +374,8 @@ PKCS_API CK_RV C_CloseAllSessions(CK_SLOT_ID slotID) + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_CloseAllSessions(slotID); + } + catch (...) +@@ -359,6 +391,8 @@ PKCS_API CK_RV C_GetSessionInfo(CK_SESSION_HANDLE hSession, CK_SESSION_INFO_PTR + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_GetSessionInfo(hSession, pInfo); + } + catch (...) +@@ -374,6 +408,8 @@ PKCS_API CK_RV C_GetOperationState(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pOper + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_GetOperationState(hSession, pOperationState, pulOperationStateLen); + } + catch (...) +@@ -389,6 +425,8 @@ PKCS_API CK_RV C_SetOperationState(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pOper + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_SetOperationState(hSession, pOperationState, ulOperationStateLen, hEncryptionKey, hAuthenticationKey); + } + catch (...) +@@ -404,6 +442,8 @@ PKCS_API CK_RV C_Login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, CK_UTF + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_Login(hSession, userType, pPin, ulPinLen); + } + catch (...) +@@ -419,6 +459,8 @@ PKCS_API CK_RV C_Logout(CK_SESSION_HANDLE hSession) + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_Logout(hSession); + } + catch (...) +@@ -434,6 +476,8 @@ PKCS_API CK_RV C_CreateObject(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemp + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_CreateObject(hSession, pTemplate, ulCount, phObject); + } + catch (...) +@@ -449,6 +493,8 @@ PKCS_API CK_RV C_CopyObject(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_CopyObject(hSession, hObject, pTemplate, ulCount, phNewObject); + } + catch (...) +@@ -464,6 +510,8 @@ PKCS_API CK_RV C_DestroyObject(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObj + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_DestroyObject(hSession, hObject); + } + catch (...) +@@ -479,6 +527,8 @@ PKCS_API CK_RV C_GetObjectSize(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObj + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_GetObjectSize(hSession, hObject, pulSize); + } + catch (...) +@@ -494,6 +544,8 @@ PKCS_API CK_RV C_GetAttributeValue(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_GetAttributeValue(hSession, hObject, pTemplate, ulCount); + } + catch (...) +@@ -509,6 +561,8 @@ PKCS_API CK_RV C_SetAttributeValue(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_SetAttributeValue(hSession, hObject, pTemplate, ulCount); + } + catch (...) +@@ -524,6 +578,8 @@ PKCS_API CK_RV C_FindObjectsInit(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pT + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_FindObjectsInit(hSession, pTemplate, ulCount); + } + catch (...) +@@ -539,6 +595,8 @@ PKCS_API CK_RV C_FindObjects(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE_PTR ph + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_FindObjects(hSession, phObject, ulMaxObjectCount, pulObjectCount); + } + catch (...) +@@ -554,6 +612,8 @@ PKCS_API CK_RV C_FindObjectsFinal(CK_SESSION_HANDLE hSession) + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_FindObjectsFinal(hSession); + } + catch (...) +@@ -569,6 +629,8 @@ PKCS_API CK_RV C_EncryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMecha + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_EncryptInit(hSession, pMechanism, hObject); + } + catch (...) +@@ -584,6 +646,8 @@ PKCS_API CK_RV C_Encrypt(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_Encrypt(hSession, pData, ulDataLen, pEncryptedData, pulEncryptedDataLen); + } + catch (...) +@@ -599,6 +663,8 @@ PKCS_API CK_RV C_EncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_EncryptUpdate(hSession, pData, ulDataLen, pEncryptedData, pulEncryptedDataLen); + } + catch (...) +@@ -614,6 +680,8 @@ PKCS_API CK_RV C_EncryptFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncrypted + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_EncryptFinal(hSession, pEncryptedData, pulEncryptedDataLen); + } + catch (...) +@@ -629,6 +697,8 @@ PKCS_API CK_RV C_DecryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMecha + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_DecryptInit(hSession, pMechanism, hObject); + } + catch (...) +@@ -644,6 +714,8 @@ PKCS_API CK_RV C_Decrypt(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedData, + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_Decrypt(hSession, pEncryptedData, ulEncryptedDataLen, pData, pulDataLen); + } + catch (...) +@@ -659,6 +731,8 @@ PKCS_API CK_RV C_DecryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncrypte + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_DecryptUpdate(hSession, pEncryptedData, ulEncryptedDataLen, pData, pDataLen); + } + catch (...) +@@ -674,6 +748,8 @@ PKCS_API CK_RV C_DecryptFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_DecryptFinal(hSession, pData, pDataLen); + } + catch (...) +@@ -689,6 +765,8 @@ PKCS_API CK_RV C_DigestInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechan + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_DigestInit(hSession, pMechanism); + } + catch (...) +@@ -704,6 +782,8 @@ PKCS_API CK_RV C_Digest(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_Digest(hSession, pData, ulDataLen, pDigest, pulDigestLen); + } + catch (...) +@@ -719,6 +799,8 @@ PKCS_API CK_RV C_DigestUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_DigestUpdate(hSession, pPart, ulPartLen); + } + catch (...) +@@ -734,6 +816,8 @@ PKCS_API CK_RV C_DigestKey(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject) + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_DigestKey(hSession, hObject); + } + catch (...) +@@ -749,6 +833,8 @@ PKCS_API CK_RV C_DigestFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pDigest, CK + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_DigestFinal(hSession, pDigest, pulDigestLen); + } + catch (...) +@@ -764,6 +850,8 @@ PKCS_API CK_RV C_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanis + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_SignInit(hSession, pMechanism, hKey); + } + catch (...) +@@ -779,6 +867,8 @@ PKCS_API CK_RV C_Sign(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ul + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_Sign(hSession, pData, ulDataLen, pSignature, pulSignatureLen); + } + catch (...) +@@ -794,6 +884,8 @@ PKCS_API CK_RV C_SignUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_UL + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_SignUpdate(hSession, pPart, ulPartLen); + } + catch (...) +@@ -809,6 +901,8 @@ PKCS_API CK_RV C_SignFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, C + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_SignFinal(hSession, pSignature, pulSignatureLen); + } + catch (...) +@@ -824,6 +918,8 @@ PKCS_API CK_RV C_SignRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pM + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_SignRecoverInit(hSession, pMechanism, hKey); + } + catch (...) +@@ -839,6 +935,8 @@ PKCS_API CK_RV C_SignRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_U + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_SignRecover(hSession, pData, ulDataLen, pSignature, pulSignatureLen); + } + catch (...) +@@ -854,6 +952,8 @@ PKCS_API CK_RV C_VerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechan + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_VerifyInit(hSession, pMechanism, hKey); + } + catch (...) +@@ -869,6 +969,8 @@ PKCS_API CK_RV C_Verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_Verify(hSession, pData, ulDataLen, pSignature, ulSignatureLen); + } + catch (...) +@@ -884,6 +986,8 @@ PKCS_API CK_RV C_VerifyUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_VerifyUpdate(hSession, pPart, ulPartLen); + } + catch (...) +@@ -899,6 +1003,8 @@ PKCS_API CK_RV C_VerifyFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_VerifyFinal(hSession, pSignature, ulSignatureLen); + } + catch (...) +@@ -914,6 +1020,8 @@ PKCS_API CK_RV C_VerifyRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_VerifyRecoverInit(hSession, pMechanism, hKey); + } + catch (...) +@@ -929,6 +1037,8 @@ PKCS_API CK_RV C_VerifyRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignatur + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_VerifyRecover(hSession, pSignature, ulSignatureLen, pData, pulDataLen); + } + catch (...) +@@ -944,6 +1054,8 @@ PKCS_API CK_RV C_DigestEncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPa + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_DigestEncryptUpdate(hSession, pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen); + } + catch (...) +@@ -959,6 +1071,8 @@ PKCS_API CK_RV C_DecryptDigestUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPa + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_DecryptDigestUpdate(hSession, pPart, ulPartLen, pDecryptedPart, pulDecryptedPartLen); + } + catch (...) +@@ -974,6 +1088,8 @@ PKCS_API CK_RV C_SignEncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_SignEncryptUpdate(hSession, pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen); + } + catch (...) +@@ -989,6 +1105,8 @@ PKCS_API CK_RV C_DecryptVerifyUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEn + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_DecryptVerifyUpdate(hSession, pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen); + } + catch (...) +@@ -1004,6 +1122,8 @@ PKCS_API CK_RV C_GenerateKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMecha + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_GenerateKey(hSession, pMechanism, pTemplate, ulCount, phKey); + } + catch (...) +@@ -1029,6 +1149,8 @@ PKCS_API CK_RV C_GenerateKeyPair + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_GenerateKeyPair(hSession, pMechanism, pPublicKeyTemplate, ulPublicKeyAttributeCount, pPrivateKeyTemplate, ulPrivateKeyAttributeCount, phPublicKey, phPrivateKey); + } + catch (...) +@@ -1052,6 +1174,8 @@ PKCS_API CK_RV C_WrapKey + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_WrapKey(hSession, pMechanism, hWrappingKey, hKey, pWrappedKey, pulWrappedKeyLen); + } + catch (...) +@@ -1077,6 +1201,8 @@ PKCS_API CK_RV C_UnwrapKey + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_UnwrapKey(hSession, pMechanism, hUnwrappingKey, pWrappedKey, ulWrappedKeyLen, pTemplate, ulCount, phKey); + } + catch (...) +@@ -1100,6 +1226,8 @@ PKCS_API CK_RV C_DeriveKey + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_DeriveKey(hSession, pMechanism, hBaseKey, pTemplate, ulCount, phKey); + } + catch (...) +@@ -1115,6 +1243,8 @@ PKCS_API CK_RV C_SeedRandom(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSeed, CK_UL + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_SeedRandom(hSession, pSeed, ulSeedLen); + } + catch (...) +@@ -1130,6 +1260,8 @@ PKCS_API CK_RV C_GenerateRandom(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pRandomD + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_GenerateRandom(hSession, pRandomData, ulRandomLen); + } + catch (...) +@@ -1145,6 +1277,8 @@ PKCS_API CK_RV C_GetFunctionStatus(CK_SESSION_HANDLE hSession) + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_GetFunctionStatus(hSession); + } + catch (...) +@@ -1160,6 +1294,8 @@ PKCS_API CK_RV C_CancelFunction(CK_SESSION_HANDLE hSession) + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_CancelFunction(hSession); + } + catch (...) +@@ -1175,6 +1311,8 @@ PKCS_API CK_RV C_WaitForSlotEvent(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot, CK_VOID_ + { + try + { ++ if (objects_deleted == 1) ++ return CKR_FUNCTION_FAILED; + return SoftHSM::i()->C_WaitForSlotEvent(flags, pSlot, pReserved); + } + catch (...) diff --git a/softhsm-sysusers.conf b/softhsm-sysusers.conf new file mode 100644 index 0000000..b47c25f --- /dev/null +++ b/softhsm-sysusers.conf @@ -0,0 +1 @@ +u ods - "opendnssec daemon account" diff --git a/SPECS/softhsm.spec b/softhsm.spec similarity index 55% rename from SPECS/softhsm.spec rename to softhsm.spec index 22b7a55..5d5e044 100644 --- a/SPECS/softhsm.spec +++ b/softhsm.spec @@ -1,25 +1,32 @@ #global prever rc1 -# Rebuild configure.ac if patches do change it -%global rebuild_ac 1 +#global prerelease yes Summary: Software version of a PKCS#11 Hardware Security Module Name: softhsm -Version: 2.6.0 -Release: %{?prever:0.}5%{?prever:.%{prever}}%{?dist} +Version: 2.6.1 +Release: %{?prever:0.}16%{?prever:.%{prever}}%{?dist} License: BSD Url: http://www.opendnssec.org/ Source: http://dist.opendnssec.org/source/%{?prever:testing/}%{name}-%{version}.tar.gz Source1: http://dist.opendnssec.org/source/%{?prever:testing/}%{name}-%{version}.tar.gz.sig +Source2: softhsm-sysusers.conf -Patch1: softhsm-2.6.1-rh1834909-exit.patch -Patch2: softhsm-2.6.1-rh1857272-negatives.patch +Patch1: softhsm-2.6.1-rh1831086-exit.patch +Patch2: softhsm-openssl3-tests.patch +# based on https://github.com/opendnssec/SoftHSMv2/commit/f94aaffc879ade97a51b8e1308af42f86be1885f +Patch3: softhsm-2.6.1-uninitialized.patch +# from https://github.com/Emantor/SoftHSMv2/tree/fix/openssl3 +# as discussed at https://github.com/opendnssec/SoftHSMv2/issues/729 +Patch4: softhsm-prevent-global-deleted-objects-access.patch +Patch5: softhsm-disable-usage-of-openssl-engines.patch -Group: Applications/System +BuildRequires: make BuildRequires: openssl-devel >= 1.0.1k-6, sqlite-devel >= 3.4.2, cppunit-devel -BuildRequires: gcc-c++, pkgconfig, p11-kit-devel, nss-devel +BuildRequires: gcc-c++, pkgconfig, p11-kit-devel +BuildRequires: systemd-rpm-macros Requires(pre): shadow-utils -Requires: p11-kit, nss-tools +Requires: p11-kit Requires: openssl-libs >= 1.0.1k-6 %global _hardened_build 1 @@ -34,9 +41,8 @@ with other cryptographic products because of the PKCS#11 interface. %package devel Summary: Development package of softhsm that includes the header files -Group: Development/Libraries Requires: %{name} = %{version}-%{release}, openssl-devel, sqlite-devel -%if 0%{?prever:!} || 0%{?rebuild_ac} +%if 0%{?prever:1} || 0%{?prerelease:1} BuildRequires: autoconf, libtool, automake %endif @@ -44,41 +50,34 @@ BuildRequires: autoconf, libtool, automake The devel package contains the libsofthsm include files %prep -%setup -q -n %{name}-%{version}%{?prever} -%patch1 -p1 -%patch2 -p1 +%autosetup -p1 -n %{name}-%{version}%{?prever} -# remove softhsm/ subdir auto-added to --libdir -sed -i "s:full_libdir/softhsm:full_libdir:g" configure -%if 0%{?prever:1} || 0%{?rebuild_ac} -sed -i 's:^full_libdir=":#full_libdir=":g' configure.ac -%endif -sed -i "s:libdir)/@PACKAGE@:libdir):" Makefile.in - -sed -i 's:$full_libdir/libsofthsm2\.so:libsofthsm2\.so:g' configure - -%if 0%{?prever:1} || 0%{?rebuild_ac} -sed -i 's:$full_libdir/libsofthsm2\.so:libsofthsm2\.so:g' configure.ac -%endif - -%if 0%{?prever:1} || 0%{?rebuild_ac} +%if 0%{?prever:1} || 0%{?prerelease:1} + # pre-release or post-release snapshots fixup + sed -i 's:^full_libdir=":#full_libdir=":g' configure.ac + sed -i "s:libdir)/@PACKAGE@:libdir):" Makefile.in autoreconf -fiv +%else + # remove softhsm/ subdir auto-added to --libdir + sed -i 's:full_libdir/softhsm:full_libdir:g' configure %endif %build -%configure --libdir=%{_libdir}/pkcs11 --with-openssl=%{_prefix} --enable-ecc --disable-gost \ +# This package fails its testsuite with LTO enabled and needs further +# investigation +%define _lto_cflags %{nil} + +%configure CFLAGS="${CFLAGS} -DOPENSSL_NO_ENGINE" --libdir=%{_libdir}/pkcs11 --with-openssl=%{_prefix} --enable-ecc --enable-eddsa --disable-gost \ --with-migrate --enable-visibility --with-p11-kit=%{_datadir}/p11-kit/modules/ -make %{?_smp_mflags} -# install our copy of pk11install taken from coolkey package +%make_build -%check -# skip while cppunit is broken -#make check %install rm -rf %{buildroot} -make DESTDIR=%{buildroot} install +%make_install + +install -D %{SOURCE2} %{buildroot}%{_sysusersdir}/%{name}.conf rm %{buildroot}/%{_sysconfdir}/softhsm2.conf.sample rm -f %{buildroot}/%{_libdir}/pkcs11/*a @@ -105,17 +104,15 @@ ln -s ../pkcs11/libsofthsm2.so %{buildroot}/%{_libdir}/softhsm/libsofthsm.so %attr(1770,ods,ods) %dir %{_sharedstatedir}/softhsm/tokens %doc LICENSE README.md NEWS %{_mandir}/*/* +%{_sysusersdir}/%{name}.conf %files devel %attr(0755,root,root) %dir %{_includedir}/softhsm %{_includedir}/softhsm/*.h %pre -getent group ods >/dev/null || groupadd -r ods -getent passwd ods >/dev/null || \ - useradd -r -g ods -d %{_sharedstatedir}/softhsm -s /sbin/nologin \ - -c "softhsm private keys owner" ods -exit 0 + +%sysusers_create_package %{name} %{SOURCE2} %post @@ -125,41 +122,143 @@ if [ -f /var/softhsm/slot0.db ]; then fi %changelog -* Mon Feb 15 2021 Thomas Woerner - 2.6.0-5 -- Install prever devel package requirements for new negative option patch - Related: RHBZ#1857272 +* Wed Apr 23 2025 Andrea Bolognani - 2.6.1-16 +- Add BuildRequires on systemd-rpm-macros + Resolves: RHEL-88182 -* Mon Feb 15 2021 Alexander Bokovoy - 2.6.0-4 -- Fixes: rhbz#1857272 - negative option for token.mechanism not working correctly +* Thu Jan 23 2025 Rafael Jeffman - 2.6.1-15 +- Use systemd-sysusers + Resolves: RHEL-4901 -* Thu Jun 04 2020 Alexander Bokovoy - 2.6.0-3 -- Fixes: rhbz#1834909 - softhsm use-after-free on process exit -- Synchronize the final fix with Fedora +* Tue Oct 29 2024 Troy Dawson - 2.6.1-14.1 +- Bump release for October 2024 mass rebuild: + Resolves: RHEL-64018 -* Thu May 14 2020 Paul Wouters - 2.6.0-2 -- Fixes: rhbz#1834909 - softhsm use-after-free on process exit +* Tue Sep 17 2024 Rafael Jeffman - 2.6.1-14 +- Bump release due to beta release build issues. + Resolves: RHEL-33748 -* Wed Apr 01 2020 Alexander Bokovoy - 2.6.0-1 -- Fixes: rhbz#1818877 - rebase to softhsm 2.6.0+ -- Fixes: rhbz#1701233 - support setting supported signature methods on the token +* Wed Sep 11 2024 Rafael Jeffman - 2.6.1-13 +- Bump release for exception phase. + Resolves: RHEL-33748 -* Mon Feb 17 2020 Alexander Bokovoy - 2.4.0-4 -- Provide specific version libsofthsm2.so for p11-kit -- Fixes: rhbz#1727065 +* Thu Sep 05 2024 Rafael Jeffman - 2.6.1-12 +- Bump release for rebuild. + Related: RHEL-33748 -* Tue Feb 11 2020 Alexander Bokovoy - 2.4.0-3 -- Remove architecture-specific path from softhsm2.module definition -- Fixes: rhbz#1727065 +* Mon Sep 02 2024 Rafael Jeffman - 2.6.1-11 +- Fix initialization of random number generator. + Related: RHEL-33748 -* Fri Aug 17 2018 Alexander Bokovoy - 2.4.0-2 -- Replace PKCS11 headers by a more liberal version from p11-kit -- Fixes: rhbz#1615766 +* Wed Aug 28 2024 Rafael Jeffman - 2.6.1-10 +- Disable usage of OpenSSL engines when providers are available. + Resolves: RHEL-33748 + +* Mon Jun 24 2024 Troy Dawson - 2.6.1-9.1 +- Bump release for June 2024 mass rebuild + +* Fri Feb 09 2024 Alexander Bokovoy - 2.6.1-9 +- Prevent access to global C++ variables once they destroyed +- Patch from Neil Horman (OpenSSL) + +* Thu Feb 08 2024 Alexander Bokovoy - 2.6.1-8 +- Run p11test tests individually +- Resolves: rhbz#2261703 + +* Sat Jan 27 2024 Fedora Release Engineering - 2.6.1-7.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Thu Nov 09 2023 Alexander Bokovoy - 2.6.1-7 +- fix uninitialized variable +- bump build release to avoid confusion in the changelog + +* Sat Jul 22 2023 Fedora Release Engineering - 2.6.1-5.7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Sat Jan 21 2023 Fedora Release Engineering - 2.6.1-5.6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Sat Jul 23 2022 Fedora Release Engineering - 2.6.1-5.5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Sat Jan 22 2022 Fedora Release Engineering - 2.6.1-5.4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Wed Nov 10 2021 Alexander Bokovoy - 2.6.1-6 +- Resolves: rhbz#2021906 - softhsm: FTBFS with OpenSSL 3.0.0 + +* Tue Sep 14 2021 Sahana Prasad - 2.6.1-5.3 +- Rebuilt with OpenSSL 3.0.0 + +* Fri Jul 23 2021 Fedora Release Engineering - 2.6.1-5.2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Wed Jan 27 2021 Fedora Release Engineering - 2.6.1-5.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Tue Dec 8 20:45:53 EST 2020 Paul Wouters - 2.6.1-5 +- rebuilt to fixup numbering clobbered by automatic bumps + +* Mon Aug 11 2020 Jeff Law - 2.6.1-3.4 +- Disable LTO + +* Sat Aug 01 2020 Fedora Release Engineering - 2.6.1-3.3 +- Second attempt - Rebuilt for + https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jul 29 2020 Fedora Release Engineering - 2.6.1-3.2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jul 14 2020 Tom Stellard - 2.6.1-3.1 +- Use make macros +- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro + +* Wed May 13 2020 David Woodhouse - 2.6.1-3 +- Resolves: rhbz#1831086 softhsm use-after-free on process exit + Fix crash introduced by initial patch + +* Tue May 12 2020 Paul Wouters - 2.6.1-2 +- Resolves: rhbz#1831086 softhsm use-after-free on process exit + +* Thu Apr 30 2020 Paul Wouters - 2.6.1-1 +- Resolves: rhbz#1814324 -softhsm-2.6.1 is available + +* Mon Mar 30 2020 Alexander Bokovoy - 2.6.0-1 +- Resolves: rhbz#1814324 softhsm-2.6.0 is available + +* Thu Jan 30 2020 Fedora Release Engineering - 2.5.0-4.3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Sat Dec 14 2019 Jeff Law - 2.5.0-4.2 +- Fix missing #includes for gcc-10 + +* Fri Jul 26 2019 Fedora Release Engineering - 2.5.0-4.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Fri May 31 2019 Paul Wouters - 2.5.0-4 +- Pull in git master fixes to address assertion failure in make check +- Re-enable testing + +* Sun Feb 03 2019 Fedora Release Engineering - 2.5.0-3.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Wed Nov 14 2018 Nikos Mavrogiannopoulos - 2.5.0-3 +- Removed dependency on NSS; it was not necessary. + +* Mon Nov 05 2018 Nikos Mavrogiannopoulos - 2.5.0-2 +- Rebuilt to match f29 version + +* Mon Oct 29 2018 Simo Sorce - 2.5.0-1 +- Updated to latest upstream release * Sat Aug 11 2018 Nikos Mavrogiannopoulos - 2.4.0-1 - Updated to latest upstream release * Tue Jul 31 2018 Alexander Bokovoy - 2.3.0-4 -- Fix crash when used as a PKCS11 library via p11-kit (#1608690) +- Fix crash when used via p11-kit (#1607635) + +* Sat Jul 14 2018 Fedora Release Engineering - 2.3.0-3.2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Fri Feb 09 2018 Fedora Release Engineering - 2.3.0-3.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild @@ -288,4 +387,4 @@ fi - Upgraded to 1.3.0 * Thu Mar 3 2011 Paul Wouters - 1.2.0-1 -- Initial package for Fedora +- Initial package for Fedora diff --git a/sources b/sources new file mode 100644 index 0000000..ff6df0b --- /dev/null +++ b/sources @@ -0,0 +1,2 @@ +SHA512 (softhsm-2.6.1.tar.gz) = e77137096ff2ac2f5396971efbaa2007188855a8f723cb511182c6c5e5a353b3f98297442758e77a18c3a378c0ca3fce8abe090977f0f4f8d526de204fd523fb +SHA512 (softhsm-2.6.1.tar.gz.sig) = e5ff6ac9675a93e116a8b103b464fa9e729c4050323562746751c6e7dde0ad9b84c9966ce41519925d27d04620ebd3ccd305597f90be135de139163c80a184d0