Compare commits

..

No commits in common. "c9s" and "c8-stream-DL1" have entirely different histories.

13 changed files with 286 additions and 3797 deletions

25
.gitignore vendored
View File

@ -1,24 +1 @@
/softhsm-1.3.0.tar.gz SOURCES/softhsm-2.6.0.tar.gz
/softhsm-1.3.2.tar.gz
/softhsm-1.3.3.tar.gz
/softhsm-1.3.5.tar.gz
/softhsm-1.3.6.tar.gz
/softhsm-2.0.0b1.tar.gz
/softhsm-2.0.0rc1.tar.gz
/softhsm-2.0.0rc1.tar.gz.sig
/softhsm-2.0.0.tar.gz
/softhsm-2.0.0.tar.gz.sig
/softhsm-2.1.0.tar.gz
/softhsm-2.1.0.tar.gz.sig
/softhsm-2.2.0.tar.gz.sig
/softhsm-2.2.0.tar.gz
/softhsm-2.3.0.tar.gz
/softhsm-2.3.0.tar.gz.sig
/softhsm-2.4.0.tar.gz
/softhsm-2.4.0.tar.gz.sig
/softhsm-2.5.0.tar.gz
/softhsm-2.5.0.tar.gz.sig
/softhsm-2.6.0.tar.gz
/softhsm-2.6.0.tar.gz.sig
/softhsm-2.6.1.tar.gz
/softhsm-2.6.1.tar.gz.sig

1
.softhsm.metadata Normal file
View File

@ -0,0 +1 @@
da4220189c358741a42a63442561ec07996badaf SOURCES/softhsm-2.6.0.tar.gz

Binary file not shown.

View File

@ -0,0 +1,230 @@
From cfe1f7fdd12e202fa2d056c7fd731cfeee378a98 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 15 Jul 2020 18:12:32 +0200
Subject: [PATCH] Unbreak negative mechanism lists in slots.mechanisms +
testcase
Previously, when the list for slots.mechanisms was prefixed with
minus sign "-", the first mechanism was skipped as invalid and
therefore the tool was presenting wrong list of algorithms.
This fixes the initial index for selection of first algorithm
and adds unit test for this scenario.
---
.gitignore | 1 +
configure.ac | 1 +
src/lib/SoftHSM.cpp | 9 ++-
src/lib/test/InfoTests.cpp | 70 ++++++++++++++++++-
src/lib/test/InfoTests.h | 2 +
src/lib/test/Makefile.am | 1 +
src/lib/test/softhsm2-negative-mech.conf.in | 8 +++
.../test/softhsm2-negative-mech.conf.win32 | 7 ++
win32/p11test/p11test.vcxproj.in | 2 +
9 files changed, 97 insertions(+), 4 deletions(-)
create mode 100644 src/lib/test/softhsm2-negative-mech.conf.in
create mode 100644 src/lib/test/softhsm2-negative-mech.conf.win32
diff --git a/configure.ac b/configure.ac
index d4dad435..c6a51c7a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -217,6 +217,7 @@ AC_CONFIG_FILES([
src/lib/test/softhsm2-alt.conf
src/lib/test/softhsm2-reset-on-fork.conf
src/lib/test/softhsm2-mech.conf
+ src/lib/test/softhsm2-negative-mech.conf
src/lib/test/tokens/dummy
src/bin/Makefile
src/bin/common/Makefile
diff --git a/src/lib/SoftHSM.cpp b/src/lib/SoftHSM.cpp
index 0a0c32cc..cac724e6 100644
--- a/src/lib/SoftHSM.cpp
+++ b/src/lib/SoftHSM.cpp
@@ -791,12 +791,17 @@ void SoftHSM::prepareSupportedMecahnisms(std::map<std::string, CK_MECHANISM_TYPE
if (mechs != "ALL")
{
bool negative = (mechs[0] == '-');
- if (!negative)
+ size_t pos = 0, prev = 0;
+ if (negative)
+ {
+ /* Skip the minus sign */
+ prev = 1;
+ }
+ else
{
/* For positive list, we remove everything */
supportedMechanisms.clear();
}
- size_t pos = 0, prev = 0;
std::string token;
do
{
diff --git a/src/lib/test/InfoTests.cpp b/src/lib/test/InfoTests.cpp
index a07956fb..d2218e34 100644
--- a/src/lib/test/InfoTests.cpp
+++ b/src/lib/test/InfoTests.cpp
@@ -328,9 +328,9 @@ void InfoTests::testGetMechanismListConfig()
CK_MECHANISM_TYPE_PTR pMechanismList;
#ifndef _WIN32
- setenv("SOFTHSM2_CONF", "./softhsm2-mech.conf", 1);
+ setenv("SOFTHSM2_CONF", "./softhsm2-mech.conf", 1);
#else
- setenv("SOFTHSM2_CONF", ".\\softhsm2-mech.conf", 1);
+ setenv("SOFTHSM2_CONF", ".\\softhsm2-mech.conf", 1);
#endif
// Just make sure that we finalize any previous failed tests
@@ -363,6 +363,72 @@ void InfoTests::testGetMechanismListConfig()
#endif
}
+void InfoTests::testGetMechanismNegativeListConfig()
+{
+ CK_RV rv;
+ CK_ULONG ulMechCount = 0;
+ CK_MECHANISM_TYPE_PTR pMechanismList;
+ CK_ULONG allMechsCount = 0;
+
+ // Just make sure that we finalize any previous failed tests
+ CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );
+
+ // First of all, try to get the default list
+ rv = CRYPTOKI_F_PTR( C_GetMechanismList(m_initializedTokenSlotID, NULL_PTR, &ulMechCount) );
+ CPPUNIT_ASSERT(rv == CKR_CRYPTOKI_NOT_INITIALIZED);
+
+ rv = CRYPTOKI_F_PTR( C_Initialize(NULL_PTR) );
+ CPPUNIT_ASSERT(rv == CKR_OK);
+
+ // Get the size of the buffer
+ rv = CRYPTOKI_F_PTR( C_GetMechanismList(m_initializedTokenSlotID, NULL_PTR, &ulMechCount) );
+ CPPUNIT_ASSERT(rv == CKR_OK);
+ pMechanismList = (CK_MECHANISM_TYPE_PTR)malloc(ulMechCount * sizeof(CK_MECHANISM_TYPE_PTR));
+ /* Remember how many mechanisms are supported */
+ allMechsCount = ulMechCount;
+
+ // Get the mechanism list
+ rv = CRYPTOKI_F_PTR( C_GetMechanismList(m_initializedTokenSlotID, pMechanismList, &ulMechCount) );
+ CPPUNIT_ASSERT(rv == CKR_OK);
+ CPPUNIT_ASSERT_EQUAL(allMechsCount, ulMechCount);
+ free(pMechanismList);
+
+ CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );
+ /* Now try with configuration having negative list */
+#ifndef _WIN32
+ setenv("SOFTHSM2_CONF", "./softhsm2-negative-mech.conf", 1);
+#else
+ setenv("SOFTHSM2_CONF", ".\\softhsm2-negative-mech.conf", 1);
+#endif
+
+ rv = CRYPTOKI_F_PTR( C_Initialize(NULL_PTR) );
+ CPPUNIT_ASSERT(rv == CKR_OK);
+
+ // Get the size of the buffer
+ rv = CRYPTOKI_F_PTR( C_GetMechanismList(m_initializedTokenSlotID, NULL_PTR, &ulMechCount) );
+ CPPUNIT_ASSERT(rv == CKR_OK);
+ /* We should get 2 shorter */
+ //CPPUNIT_ASSERT_EQUAL(allMechsCount - 2, ulMechCount);
+ pMechanismList = (CK_MECHANISM_TYPE_PTR)malloc(ulMechCount * sizeof(CK_MECHANISM_TYPE_PTR));
+
+ // Get the mechanism list
+ rv = CRYPTOKI_F_PTR( C_GetMechanismList(m_initializedTokenSlotID, pMechanismList, &ulMechCount) );
+ CPPUNIT_ASSERT(rv == CKR_OK);
+ //CPPUNIT_ASSERT_EQUAL(allMechsCount - 2, ulMechCount);
+ for (unsigned long i = 0; i < ulMechCount; i++) {
+ CPPUNIT_ASSERT(pMechanismList[i] != CKM_RSA_X_509);
+ CPPUNIT_ASSERT(pMechanismList[i] != CKM_RSA_PKCS);
+ }
+ free(pMechanismList);
+
+ CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );
+#ifndef _WIN32
+ setenv("SOFTHSM2_CONF", "./softhsm2.conf", 1);
+#else
+ setenv("SOFTHSM2_CONF", ".\\softhsm2.conf", 1);
+#endif
+}
+
void InfoTests::testWaitForSlotEvent()
{
CK_RV rv;
diff --git a/src/lib/test/InfoTests.h b/src/lib/test/InfoTests.h
index dfd02953..1cc99ccb 100644
--- a/src/lib/test/InfoTests.h
+++ b/src/lib/test/InfoTests.h
@@ -49,6 +49,7 @@ class InfoTests : public TestsNoPINInitBase
CPPUNIT_TEST(testGetMechanismInfo);
CPPUNIT_TEST(testGetSlotInfoAlt);
CPPUNIT_TEST(testGetMechanismListConfig);
+ CPPUNIT_TEST(testGetMechanismNegativeListConfig);
CPPUNIT_TEST(testWaitForSlotEvent);
CPPUNIT_TEST_SUITE_END();
@@ -62,6 +63,7 @@ class InfoTests : public TestsNoPINInitBase
void testGetMechanismInfo();
void testGetSlotInfoAlt();
void testGetMechanismListConfig();
+ void testGetMechanismNegativeListConfig();
void testWaitForSlotEvent();
};
diff --git a/src/lib/test/Makefile.am b/src/lib/test/Makefile.am
index 17887dd4..a22ce668 100644
--- a/src/lib/test/Makefile.am
+++ b/src/lib/test/Makefile.am
@@ -39,6 +39,7 @@ EXTRA_DIST = $(srcdir)/CMakeLists.txt \
$(srcdir)/*.h \
$(srcdir)/softhsm2-alt.conf.win32 \
$(srcdir)/softhsm2-reset-on-fork.conf.win32 \
+ $(srcdir)/softhsm2-negative-mech.conf.win32 \
$(srcdir)/softhsm2-mech.conf.win32 \
$(srcdir)/softhsm2.conf.win32 \
$(srcdir)/tokens/dummy.in
diff --git a/src/lib/test/softhsm2-negative-mech.conf.in b/src/lib/test/softhsm2-negative-mech.conf.in
new file mode 100644
index 00000000..51f7e6ac
--- /dev/null
+++ b/src/lib/test/softhsm2-negative-mech.conf.in
@@ -0,0 +1,8 @@
+# SoftHSM v2 configuration file
+
+directories.tokendir = @builddir@/tokens
+objectstore.backend = file
+log.level = INFO
+slots.removable = false
+slots.mechanisms = -CKM_RSA_X_509,CKM_RSA_PKCS
+
diff --git a/src/lib/test/softhsm2-negative-mech.conf.win32 b/src/lib/test/softhsm2-negative-mech.conf.win32
new file mode 100644
index 00000000..a3aefb96
--- /dev/null
+++ b/src/lib/test/softhsm2-negative-mech.conf.win32
@@ -0,0 +1,7 @@
+# SoftHSM v2 configuration file
+
+directories.tokendir = .\tokens
+objectstore.backend = file
+log.level = INFO
+slots.removable = false
+slots.mechanisms = -CKM_RSA_X_509,CKM_RSA_PKCS
diff --git a/win32/p11test/p11test.vcxproj.in b/win32/p11test/p11test.vcxproj.in
index 55dfb087..88859bca 100644
--- a/win32/p11test/p11test.vcxproj.in
+++ b/win32/p11test/p11test.vcxproj.in
@@ -67,6 +67,7 @@ copy ..\..\src\lib\test\softhsm2.conf.win32 "$(TargetDir)\softhsm2.conf"
copy ..\..\src\lib\test\softhsm2-alt.conf.win32 "$(TargetDir)\softhsm2-alt.conf"
copy ..\..\src\lib\test\softhsm2-reset-on-fork.conf.win32 "$(TargetDir)\softhsm2-reset-on-fork.conf"
copy ..\..\src\lib\test\softhsm2-mech.conf.win32 "$(TargetDir)\softhsm2-mech.conf"
+copy ..\..\src\lib\test\softhsm2-negative-mech.conf.win32 "$(TargetDir)\softhsm2-negative-mech.conf"
mkdir "$(TargetDir)\tokens" 2&gt; nul
copy ..\..\src\lib\test\tokens\dummy.in "$(TargetDir)\tokens\dummy"
</Command>
@@ -99,6 +100,7 @@ copy ..\..\src\lib\test\softhsm2.conf.win32 "$(TargetDir)\softhsm2.conf"
copy ..\..\src\lib\test\softhsm2-alt.conf.win32 "$(TargetDir)\softhsm2-alt.conf"
copy ..\..\src\lib\test\softhsm2-reset-on-fork.conf.win32 "$(TargetDir)\softhsm2-reset-on-fork.conf"
copy ..\..\src\lib\test\softhsm2-mech.conf.win32 "$(TargetDir)\softhsm2-mech.conf"
+copy ..\..\src\lib\test\softhsm2-negative-mech.conf.win32 "$(TargetDir)\softhsm2-negative-mech.conf"
mkdir "$(TargetDir)\tokens" 2&gt; nul
copy ..\..\src\lib\test\tokens\dummy.in "$(TargetDir)\tokens\dummy"
</Command>

View File

@ -1,29 +1,25 @@
#global prever rc1 #global prever rc1
#global prerelease yes # Rebuild configure.ac if patches do change it
%global rebuild_ac 1
Summary: Software version of a PKCS#11 Hardware Security Module Summary: Software version of a PKCS#11 Hardware Security Module
Name: softhsm Name: softhsm
Version: 2.6.1 Version: 2.6.0
Release: %{?prever:0.}10%{?prever:.%{prever}}%{?dist} Release: %{?prever:0.}5%{?prever:.%{prever}}%{?dist}
License: BSD License: BSD
Url: http://www.opendnssec.org/ Url: http://www.opendnssec.org/
Source: http://dist.opendnssec.org/source/%{?prever:testing/}%{name}-%{version}.tar.gz Source: http://dist.opendnssec.org/source/%{?prever:testing/}%{name}-%{version}.tar.gz
Source1: http://dist.opendnssec.org/source/%{?prever:testing/}%{name}-%{version}.tar.gz.sig Source1: http://dist.opendnssec.org/source/%{?prever:testing/}%{name}-%{version}.tar.gz.sig
Patch1: softhsm-2.6.1-rh1831086-exit.patch Patch1: softhsm-2.6.1-rh1834909-exit.patch
Patch2: softhsm-openssl3-tests.patch Patch2: softhsm-2.6.1-rh1857272-negatives.patch
# based on https://github.com/opendnssec/SoftHSMv2/commit/f94aaffc879ade97a51b8e1308af42f86be1885f
Patch3: softhsm-2.6.1-uninitialized.patch
# from https://github.com/Emantor/SoftHSMv2/tree/fix/openssl3
# as discussed at https://github.com/opendnssec/SoftHSMv2/issues/729
Patch4: softhsm-prevent-global-deleted-objects-access.patch
BuildRequires: make Group: Applications/System
BuildRequires: openssl-devel >= 1.0.1k-6, sqlite-devel >= 3.4.2, cppunit-devel BuildRequires: openssl-devel >= 1.0.1k-6, sqlite-devel >= 3.4.2, cppunit-devel
BuildRequires: gcc-c++, pkgconfig, p11-kit-devel BuildRequires: gcc-c++, pkgconfig, p11-kit-devel, nss-devel
Requires(pre): shadow-utils Requires(pre): shadow-utils
Requires: p11-kit Requires: p11-kit, nss-tools
Requires: openssl-libs >= 1.0.1k-6 Requires: openssl-libs >= 1.0.1k-6
%global _hardened_build 1 %global _hardened_build 1
@ -38,8 +34,9 @@ with other cryptographic products because of the PKCS#11 interface.
%package devel %package devel
Summary: Development package of softhsm that includes the header files Summary: Development package of softhsm that includes the header files
Group: Development/Libraries
Requires: %{name} = %{version}-%{release}, openssl-devel, sqlite-devel Requires: %{name} = %{version}-%{release}, openssl-devel, sqlite-devel
%if 0%{?prever:1} || 0%{?prerelease:1} %if 0%{?prever:!} || 0%{?rebuild_ac}
BuildRequires: autoconf, libtool, automake BuildRequires: autoconf, libtool, automake
%endif %endif
@ -50,47 +47,38 @@ The devel package contains the libsofthsm include files
%setup -q -n %{name}-%{version}%{?prever} %setup -q -n %{name}-%{version}%{?prever}
%patch1 -p1 %patch1 -p1
%patch2 -p1 %patch2 -p1
%patch3 -p1
%patch4 -p1
%if 0%{?prever:1} || 0%{?prerelease:1} # remove softhsm/ subdir auto-added to --libdir
# pre-release or post-release snapshots fixup sed -i "s:full_libdir/softhsm:full_libdir:g" configure
sed -i 's:^full_libdir=":#full_libdir=":g' configure.ac %if 0%{?prever:1} || 0%{?rebuild_ac}
sed -i "s:libdir)/@PACKAGE@:libdir):" Makefile.in sed -i 's:^full_libdir=":#full_libdir=":g' configure.ac
%endif
sed -i "s:libdir)/@PACKAGE@:libdir):" Makefile.in
sed -i 's:$full_libdir/libsofthsm2\.so:libsofthsm2\.so:g' configure
%if 0%{?prever:1} || 0%{?rebuild_ac}
sed -i 's:$full_libdir/libsofthsm2\.so:libsofthsm2\.so:g' configure.ac
%endif
%if 0%{?prever:1} || 0%{?rebuild_ac}
autoreconf -fiv autoreconf -fiv
%else
# remove softhsm/ subdir auto-added to --libdir
sed -i 's:full_libdir/softhsm:full_libdir:g' configure
%endif %endif
%build %build
# This package fails its testsuite with LTO enabled and needs further %configure --libdir=%{_libdir}/pkcs11 --with-openssl=%{_prefix} --enable-ecc --disable-gost \
# investigation
%define _lto_cflags %{nil}
%configure --libdir=%{_libdir}/pkcs11 --with-openssl=%{_prefix} --enable-ecc --enable-eddsa --disable-gost \
--with-migrate --enable-visibility --with-p11-kit=%{_datadir}/p11-kit/modules/ --with-migrate --enable-visibility --with-p11-kit=%{_datadir}/p11-kit/modules/
%make_build make %{?_smp_mflags}
# install our copy of pk11install taken from coolkey package
%check %check
for d in crypto data_mgr handle_mgr object_store session_mgr slot_mgr ; do # skip while cppunit is broken
make check -C src/lib/$d #make check
done
pushd src/lib/test
make p11test
for t in TokenTests AsymWrapUnwrapTests DigestTests ForkTests \
InitTests InfoTests SessionTests UserTests RandomTests \
SignVerifyTests AsymEncryptDecryptTests DeriveTests \
ObjectTests SymmetricAlgorithmTests ; do
./p11test $t
done
popd
%install %install
rm -rf %{buildroot} rm -rf %{buildroot}
%make_install make DESTDIR=%{buildroot} install
rm %{buildroot}/%{_sysconfdir}/softhsm2.conf.sample rm %{buildroot}/%{_sysconfdir}/softhsm2.conf.sample
rm -f %{buildroot}/%{_libdir}/pkcs11/*a rm -f %{buildroot}/%{_libdir}/pkcs11/*a
@ -137,102 +125,41 @@ if [ -f /var/softhsm/slot0.db ]; then
fi fi
%changelog %changelog
* Tue Apr 09 2024 Alexander Bokovoy <abokovoy@redhat.com> - 2.6.1-10 * Mon Feb 15 2021 Thomas Woerner <twoerner@redhat.com> - 2.6.0-5
- Revert SPDX license change as RHEL 9 does not use it - Install prever devel package requirements for new negative option patch
Related: RHBZ#1857272
* Fri Feb 09 2024 Alexander Bokovoy <abokovoy@redhat.com> - 2.6.1-9 * Mon Feb 15 2021 Alexander Bokovoy <abokovoy@redhat.com> - 2.6.0-4
- Prevent access to global C++ variables once they destroyed - Fixes: rhbz#1857272 - negative option for token.mechanism not working correctly
- Patch from Neil Horman (OpenSSL)
* Thu Feb 08 2024 Alexander Bokovoy <abokovoy@redhat.com> - 2.6.1-8 * Thu Jun 04 2020 Alexander Bokovoy <abokovoy@redhat.com> - 2.6.0-3
- Run p11test tests individually - Fixes: rhbz#1834909 - softhsm use-after-free on process exit
- Resolves: rhbz#2261703 - Synchronize the final fix with Fedora
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 2.6.1-7.2 * Thu May 14 2020 Paul Wouters <pwouters@redhat.com> - 2.6.0-2
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags - Fixes: rhbz#1834909 - softhsm use-after-free on process exit
Related: rhbz#1991688
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.6.1-7.1 * Wed Apr 01 2020 Alexander Bokovoy <abokovoy@redhat.com> - 2.6.0-1
- Rebuilt for RHEL 9 BETA for openssl 3.0 - Fixes: rhbz#1818877 - rebase to softhsm 2.6.0+
Related: rhbz#1971065 - Fixes: rhbz#1701233 - support setting supported signature methods on the token
* Wed Jun 02 2021 Alexander Bokovoy <abokovoy@redhat.com> - 2.6.1-7 * Mon Feb 17 2020 Alexander Bokovoy <abokovoy@redhat.com> - 2.4.0-4
- Fix tests against OpenSSL 3.0: improve p11test - Provide specific version libsofthsm2.so for p11-kit
- Resolves: rhbz#1964838 - Fixes: rhbz#1727065
* Thu May 27 2021 Alexander Bokovoy <abokovoy@redhat.com> - 2.6.1-6 * Tue Feb 11 2020 Alexander Bokovoy <abokovoy@redhat.com> - 2.4.0-3
- Fix tests against OpenSSL 3.0 - Remove architecture-specific path from softhsm2.module definition
- Resolves: rhbz#1964838 - Fixes: rhbz#1727065
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.6.1-5.2 * Fri Aug 17 2018 Alexander Bokovoy <abokovoy@redhat.com> - 2.4.0-2
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 - Replace PKCS11 headers by a more liberal version from p11-kit
- Fixes: rhbz#1615766
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.1-5.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Dec 8 20:45:53 EST 2020 Paul Wouters <pwouters@redhat.com> - 2.6.1-5
- rebuilt to fixup numbering clobbered by automatic bumps
* Mon Aug 11 2020 Jeff Law <law@redhat.org> - 2.6.1-3.4
- Disable LTO
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.1-3.3
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.1-3.2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 2.6.1-3.1
- Use make macros
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
* Wed May 13 2020 David Woodhouse <dwmw2@infradead.org> - 2.6.1-3
- Resolves: rhbz#1831086 softhsm use-after-free on process exit
Fix crash introduced by initial patch
* Tue May 12 2020 Paul Wouters <pwouters@redhat.com> - 2.6.1-2
- Resolves: rhbz#1831086 softhsm use-after-free on process exit
* Thu Apr 30 2020 Paul Wouters <pwouters@redhat.com> - 2.6.1-1
- Resolves: rhbz#1814324 -softhsm-2.6.1 is available
* Mon Mar 30 2020 Alexander Bokovoy <abokovoy@redhat.com> - 2.6.0-1
- Resolves: rhbz#1814324 softhsm-2.6.0 is available
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.0-4.3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Sat Dec 14 2019 Jeff Law <law@redhat.com> - 2.5.0-4.2
- Fix missing #includes for gcc-10
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.0-4.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri May 31 2019 Paul Wouters <pwouters@redhat.com> - 2.5.0-4
- Pull in git master fixes to address assertion failure in make check
- Re-enable testing
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.0-3.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Wed Nov 14 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 2.5.0-3
- Removed dependency on NSS; it was not necessary.
* Mon Nov 05 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 2.5.0-2
- Rebuilt to match f29 version
* Mon Oct 29 2018 Simo Sorce <simo@redhat.com> - 2.5.0-1
- Updated to latest upstream release
* Sat Aug 11 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 2.4.0-1 * Sat Aug 11 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 2.4.0-1
- Updated to latest upstream release - Updated to latest upstream release
* Tue Jul 31 2018 Alexander Bokovoy <abokovoy@redhat.com> - 2.3.0-4 * Tue Jul 31 2018 Alexander Bokovoy <abokovoy@redhat.com> - 2.3.0-4
- Fix crash when used via p11-kit (#1607635) - Fix crash when used as a PKCS11 library via p11-kit (#1608690)
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-3.2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-3.1 * Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-3.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

View File

@ -1,7 +0,0 @@
# recipients: abokovoy, frenaud, kaleem, ftrivino
--- !Policy
product_versions:
- rhel-9
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: idm-ci.brew-build.tier1.functional}

View File

@ -1,11 +0,0 @@
diff -Nrup a/src/lib/SoftHSM.cpp b/src/lib/SoftHSM.cpp
--- a/src/lib/SoftHSM.cpp 2019-09-23 10:45:59.979484657 -0600
+++ b/src/lib/SoftHSM.cpp 2019-09-23 10:46:46.394199562 -0600
@@ -78,6 +78,7 @@
#include <stdlib.h>
#include <algorithm>
+#include <stdexcept>
// Initialise the one-and-only instance

File diff suppressed because it is too large Load Diff

View File

@ -1,12 +0,0 @@
diff --git a/src/lib/SoftHSM.cpp b/src/lib/SoftHSM.cpp
index d2bf4037a..6eeac6103 100644
--- a/src/lib/SoftHSM.cpp
+++ b/src/lib/SoftHSM.cpp
@@ -972,6 +972,7 @@ CK_RV SoftHSM::C_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, CK_
}
CryptoFactory::i()->recycleAsymmetricAlgorithm(eddsa);
#endif
+ pInfo->flags = 0; // initialize flags
switch (type)
{
#ifndef WITH_FIPS

File diff suppressed because it is too large Load Diff

View File

@ -1,667 +0,0 @@
From 41968e7b742ad59046523a7eeb63514237fb63af Mon Sep 17 00:00:00 2001
From: Neil Horman <nhorman@openssl.org>
Date: Fri, 27 Oct 2023 14:57:37 -0400
Subject: [PATCH] Prevent accessing of global c++ objects once they are deleted
Fixes (Maybe) #729.
Reset objects_deleted after reset is called.
---
src/lib/SoftHSM.cpp | 5 ++
src/lib/main.cpp | 138 ++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 143 insertions(+)
diff --git a/src/lib/SoftHSM.cpp b/src/lib/SoftHSM.cpp
index 02c0f95ec..95bf208da 100644
--- a/src/lib/SoftHSM.cpp
+++ b/src/lib/SoftHSM.cpp
@@ -89,6 +89,8 @@
// Initialise the one-and-only instance
+int objects_deleted = 0;
+
#ifdef HAVE_CXX11
std::unique_ptr<MutexFactory> MutexFactory::instance(nullptr);
@@ -406,6 +408,8 @@ void SoftHSM::reset()
{
if (instance.get())
instance.reset();
+
+ objects_deleted = 0;
}
// Constructor
@@ -445,6 +449,7 @@ SoftHSM::~SoftHSM()
isInitialised = false;
+ objects_deleted = 1;
resetMutexFactoryCallbacks();
}
diff --git a/src/lib/main.cpp b/src/lib/main.cpp
index 2dfd0eb87..e89f18c10 100644
--- a/src/lib/main.cpp
+++ b/src/lib/main.cpp
@@ -49,6 +49,8 @@
#define PKCS_API
#endif
+extern int objects_deleted;
+
// PKCS #11 function list
static CK_FUNCTION_LIST functionList =
{
@@ -130,6 +132,8 @@ PKCS_API CK_RV C_Initialize(CK_VOID_PTR pInitArgs)
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_Initialize(pInitArgs);
}
catch (...)
@@ -145,6 +149,8 @@ PKCS_API CK_RV C_Finalize(CK_VOID_PTR pReserved)
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_Finalize(pReserved);
}
catch (...)
@@ -160,6 +166,8 @@ PKCS_API CK_RV C_GetInfo(CK_INFO_PTR pInfo)
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_GetInfo(pInfo);
}
catch (...)
@@ -175,6 +183,8 @@ PKCS_API CK_RV C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList)
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
if (ppFunctionList == NULL_PTR) return CKR_ARGUMENTS_BAD;
*ppFunctionList = &functionList;
@@ -194,6 +204,8 @@ PKCS_API CK_RV C_GetSlotList(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, CK
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_GetSlotList(tokenPresent, pSlotList, pulCount);
}
catch (...)
@@ -209,6 +221,8 @@ PKCS_API CK_RV C_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo)
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_GetSlotInfo(slotID, pInfo);
}
catch (...)
@@ -224,6 +238,8 @@ PKCS_API CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_GetTokenInfo(slotID, pInfo);
}
catch (...)
@@ -239,6 +255,8 @@ PKCS_API CK_RV C_GetMechanismList(CK_SLOT_ID slotID, CK_MECHANISM_TYPE_PTR pMech
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_GetMechanismList(slotID, pMechanismList, pulCount);
}
catch (...)
@@ -254,6 +272,8 @@ PKCS_API CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, CK_
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_GetMechanismInfo(slotID, type, pInfo);
}
catch (...)
@@ -269,6 +289,8 @@ PKCS_API CK_RV C_InitToken(CK_SLOT_ID slotID, CK_UTF8CHAR_PTR pPin, CK_ULONG ulP
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_InitToken(slotID, pPin, ulPinLen, pLabel);
}
catch (...)
@@ -284,6 +306,8 @@ PKCS_API CK_RV C_InitPIN(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pPin, CK_UL
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_InitPIN(hSession, pPin, ulPinLen);
}
catch (...)
@@ -299,6 +323,8 @@ PKCS_API CK_RV C_SetPIN(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pOldPin, CK_
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_SetPIN(hSession, pOldPin, ulOldLen, pNewPin, ulNewLen);
}
catch (...)
@@ -314,6 +340,8 @@ PKCS_API CK_RV C_OpenSession(CK_SLOT_ID slotID, CK_FLAGS flags, CK_VOID_PTR pApp
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_OpenSession(slotID, flags, pApplication, notify, phSession);
}
catch (...)
@@ -329,6 +357,8 @@ PKCS_API CK_RV C_CloseSession(CK_SESSION_HANDLE hSession)
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_CloseSession(hSession);
}
catch (...)
@@ -344,6 +374,8 @@ PKCS_API CK_RV C_CloseAllSessions(CK_SLOT_ID slotID)
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_CloseAllSessions(slotID);
}
catch (...)
@@ -359,6 +391,8 @@ PKCS_API CK_RV C_GetSessionInfo(CK_SESSION_HANDLE hSession, CK_SESSION_INFO_PTR
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_GetSessionInfo(hSession, pInfo);
}
catch (...)
@@ -374,6 +408,8 @@ PKCS_API CK_RV C_GetOperationState(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pOper
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_GetOperationState(hSession, pOperationState, pulOperationStateLen);
}
catch (...)
@@ -389,6 +425,8 @@ PKCS_API CK_RV C_SetOperationState(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pOper
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_SetOperationState(hSession, pOperationState, ulOperationStateLen, hEncryptionKey, hAuthenticationKey);
}
catch (...)
@@ -404,6 +442,8 @@ PKCS_API CK_RV C_Login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, CK_UTF
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_Login(hSession, userType, pPin, ulPinLen);
}
catch (...)
@@ -419,6 +459,8 @@ PKCS_API CK_RV C_Logout(CK_SESSION_HANDLE hSession)
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_Logout(hSession);
}
catch (...)
@@ -434,6 +476,8 @@ PKCS_API CK_RV C_CreateObject(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemp
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_CreateObject(hSession, pTemplate, ulCount, phObject);
}
catch (...)
@@ -449,6 +493,8 @@ PKCS_API CK_RV C_CopyObject(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_CopyObject(hSession, hObject, pTemplate, ulCount, phNewObject);
}
catch (...)
@@ -464,6 +510,8 @@ PKCS_API CK_RV C_DestroyObject(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObj
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_DestroyObject(hSession, hObject);
}
catch (...)
@@ -479,6 +527,8 @@ PKCS_API CK_RV C_GetObjectSize(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObj
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_GetObjectSize(hSession, hObject, pulSize);
}
catch (...)
@@ -494,6 +544,8 @@ PKCS_API CK_RV C_GetAttributeValue(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_GetAttributeValue(hSession, hObject, pTemplate, ulCount);
}
catch (...)
@@ -509,6 +561,8 @@ PKCS_API CK_RV C_SetAttributeValue(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_SetAttributeValue(hSession, hObject, pTemplate, ulCount);
}
catch (...)
@@ -524,6 +578,8 @@ PKCS_API CK_RV C_FindObjectsInit(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pT
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_FindObjectsInit(hSession, pTemplate, ulCount);
}
catch (...)
@@ -539,6 +595,8 @@ PKCS_API CK_RV C_FindObjects(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE_PTR ph
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_FindObjects(hSession, phObject, ulMaxObjectCount, pulObjectCount);
}
catch (...)
@@ -554,6 +612,8 @@ PKCS_API CK_RV C_FindObjectsFinal(CK_SESSION_HANDLE hSession)
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_FindObjectsFinal(hSession);
}
catch (...)
@@ -569,6 +629,8 @@ PKCS_API CK_RV C_EncryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMecha
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_EncryptInit(hSession, pMechanism, hObject);
}
catch (...)
@@ -584,6 +646,8 @@ PKCS_API CK_RV C_Encrypt(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_Encrypt(hSession, pData, ulDataLen, pEncryptedData, pulEncryptedDataLen);
}
catch (...)
@@ -599,6 +663,8 @@ PKCS_API CK_RV C_EncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_EncryptUpdate(hSession, pData, ulDataLen, pEncryptedData, pulEncryptedDataLen);
}
catch (...)
@@ -614,6 +680,8 @@ PKCS_API CK_RV C_EncryptFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncrypted
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_EncryptFinal(hSession, pEncryptedData, pulEncryptedDataLen);
}
catch (...)
@@ -629,6 +697,8 @@ PKCS_API CK_RV C_DecryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMecha
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_DecryptInit(hSession, pMechanism, hObject);
}
catch (...)
@@ -644,6 +714,8 @@ PKCS_API CK_RV C_Decrypt(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedData,
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_Decrypt(hSession, pEncryptedData, ulEncryptedDataLen, pData, pulDataLen);
}
catch (...)
@@ -659,6 +731,8 @@ PKCS_API CK_RV C_DecryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncrypte
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_DecryptUpdate(hSession, pEncryptedData, ulEncryptedDataLen, pData, pDataLen);
}
catch (...)
@@ -674,6 +748,8 @@ PKCS_API CK_RV C_DecryptFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_DecryptFinal(hSession, pData, pDataLen);
}
catch (...)
@@ -689,6 +765,8 @@ PKCS_API CK_RV C_DigestInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechan
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_DigestInit(hSession, pMechanism);
}
catch (...)
@@ -704,6 +782,8 @@ PKCS_API CK_RV C_Digest(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_Digest(hSession, pData, ulDataLen, pDigest, pulDigestLen);
}
catch (...)
@@ -719,6 +799,8 @@ PKCS_API CK_RV C_DigestUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_DigestUpdate(hSession, pPart, ulPartLen);
}
catch (...)
@@ -734,6 +816,8 @@ PKCS_API CK_RV C_DigestKey(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject)
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_DigestKey(hSession, hObject);
}
catch (...)
@@ -749,6 +833,8 @@ PKCS_API CK_RV C_DigestFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pDigest, CK
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_DigestFinal(hSession, pDigest, pulDigestLen);
}
catch (...)
@@ -764,6 +850,8 @@ PKCS_API CK_RV C_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanis
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_SignInit(hSession, pMechanism, hKey);
}
catch (...)
@@ -779,6 +867,8 @@ PKCS_API CK_RV C_Sign(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ul
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_Sign(hSession, pData, ulDataLen, pSignature, pulSignatureLen);
}
catch (...)
@@ -794,6 +884,8 @@ PKCS_API CK_RV C_SignUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_UL
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_SignUpdate(hSession, pPart, ulPartLen);
}
catch (...)
@@ -809,6 +901,8 @@ PKCS_API CK_RV C_SignFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, C
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_SignFinal(hSession, pSignature, pulSignatureLen);
}
catch (...)
@@ -824,6 +918,8 @@ PKCS_API CK_RV C_SignRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pM
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_SignRecoverInit(hSession, pMechanism, hKey);
}
catch (...)
@@ -839,6 +935,8 @@ PKCS_API CK_RV C_SignRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_U
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_SignRecover(hSession, pData, ulDataLen, pSignature, pulSignatureLen);
}
catch (...)
@@ -854,6 +952,8 @@ PKCS_API CK_RV C_VerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechan
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_VerifyInit(hSession, pMechanism, hKey);
}
catch (...)
@@ -869,6 +969,8 @@ PKCS_API CK_RV C_Verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_Verify(hSession, pData, ulDataLen, pSignature, ulSignatureLen);
}
catch (...)
@@ -884,6 +986,8 @@ PKCS_API CK_RV C_VerifyUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_VerifyUpdate(hSession, pPart, ulPartLen);
}
catch (...)
@@ -899,6 +1003,8 @@ PKCS_API CK_RV C_VerifyFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_VerifyFinal(hSession, pSignature, ulSignatureLen);
}
catch (...)
@@ -914,6 +1020,8 @@ PKCS_API CK_RV C_VerifyRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_VerifyRecoverInit(hSession, pMechanism, hKey);
}
catch (...)
@@ -929,6 +1037,8 @@ PKCS_API CK_RV C_VerifyRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignatur
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_VerifyRecover(hSession, pSignature, ulSignatureLen, pData, pulDataLen);
}
catch (...)
@@ -944,6 +1054,8 @@ PKCS_API CK_RV C_DigestEncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPa
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_DigestEncryptUpdate(hSession, pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen);
}
catch (...)
@@ -959,6 +1071,8 @@ PKCS_API CK_RV C_DecryptDigestUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPa
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_DecryptDigestUpdate(hSession, pPart, ulPartLen, pDecryptedPart, pulDecryptedPartLen);
}
catch (...)
@@ -974,6 +1088,8 @@ PKCS_API CK_RV C_SignEncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_SignEncryptUpdate(hSession, pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen);
}
catch (...)
@@ -989,6 +1105,8 @@ PKCS_API CK_RV C_DecryptVerifyUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEn
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_DecryptVerifyUpdate(hSession, pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen);
}
catch (...)
@@ -1004,6 +1122,8 @@ PKCS_API CK_RV C_GenerateKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMecha
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_GenerateKey(hSession, pMechanism, pTemplate, ulCount, phKey);
}
catch (...)
@@ -1029,6 +1149,8 @@ PKCS_API CK_RV C_GenerateKeyPair
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_GenerateKeyPair(hSession, pMechanism, pPublicKeyTemplate, ulPublicKeyAttributeCount, pPrivateKeyTemplate, ulPrivateKeyAttributeCount, phPublicKey, phPrivateKey);
}
catch (...)
@@ -1052,6 +1174,8 @@ PKCS_API CK_RV C_WrapKey
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_WrapKey(hSession, pMechanism, hWrappingKey, hKey, pWrappedKey, pulWrappedKeyLen);
}
catch (...)
@@ -1077,6 +1201,8 @@ PKCS_API CK_RV C_UnwrapKey
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_UnwrapKey(hSession, pMechanism, hUnwrappingKey, pWrappedKey, ulWrappedKeyLen, pTemplate, ulCount, phKey);
}
catch (...)
@@ -1100,6 +1226,8 @@ PKCS_API CK_RV C_DeriveKey
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_DeriveKey(hSession, pMechanism, hBaseKey, pTemplate, ulCount, phKey);
}
catch (...)
@@ -1115,6 +1243,8 @@ PKCS_API CK_RV C_SeedRandom(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSeed, CK_UL
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_SeedRandom(hSession, pSeed, ulSeedLen);
}
catch (...)
@@ -1130,6 +1260,8 @@ PKCS_API CK_RV C_GenerateRandom(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pRandomD
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_GenerateRandom(hSession, pRandomData, ulRandomLen);
}
catch (...)
@@ -1145,6 +1277,8 @@ PKCS_API CK_RV C_GetFunctionStatus(CK_SESSION_HANDLE hSession)
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_GetFunctionStatus(hSession);
}
catch (...)
@@ -1160,6 +1294,8 @@ PKCS_API CK_RV C_CancelFunction(CK_SESSION_HANDLE hSession)
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_CancelFunction(hSession);
}
catch (...)
@@ -1175,6 +1311,8 @@ PKCS_API CK_RV C_WaitForSlotEvent(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot, CK_VOID_
{
try
{
+ if (objects_deleted == 1)
+ return CKR_FUNCTION_FAILED;
return SoftHSM::i()->C_WaitForSlotEvent(flags, pSlot, pReserved);
}
catch (...)

View File

@ -1,2 +0,0 @@
SHA512 (softhsm-2.6.1.tar.gz) = e77137096ff2ac2f5396971efbaa2007188855a8f723cb511182c6c5e5a353b3f98297442758e77a18c3a378c0ca3fce8abe090977f0f4f8d526de204fd523fb
SHA512 (softhsm-2.6.1.tar.gz.sig) = e5ff6ac9675a93e116a8b103b464fa9e729c4050323562746751c6e7dde0ad9b84c9966ce41519925d27d04620ebd3ccd305597f90be135de139163c80a184d0