pool/openCryptoki
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Added the following patches (bsc#986854)

Browse Source 
- ocki-3.5-icsf-reasoncode72-support.patch
  - ocki-3.5-icsf-coverity-memoryleakfix.patch
  - ocki-3.5-downgrade-syslogerror.patch
  - ocki-3.5-icsf-sessionhandle-missing-fix.patch
  - ocki-3.5-icsf-reasoncode-2028-added.patch
  - ocki-3.5-added-NULLreturn-check.patch

OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=37
This commit is contained in:
Mark Post 2016-07-08 20:30:53 +00:00 committed by Git OBS Bridge
parent dfc5337165
commit d795e80599
8 changed files with 588 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
ocki-3.5-added-NULLreturn-check.patch Normal file
View File

@ -0,0 +1,51 @@
commit ca61c6e68ecd04c5f319056a6a3eba4b261f5481
Author: Jakub Jelen <jjelen@redhat.com>
Date: Tue Jun 28 16:23:06 2016 -0400
Coverity:Check for NULL returns
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
diff --git a/usr/lib/pkcs11/common/utility.c b/usr/lib/pkcs11/common/utility.c
index 3cbb8da..39ecae8 100755
--- a/usr/lib/pkcs11/common/utility.c
+++ b/usr/lib/pkcs11/common/utility.c
@@ -589,6 +589,11 @@ CK_RV CreateXProcLock(void)
goto err;
}
grp = getgrnam("pkcs11");
+ if (grp == NULL) {
+ fprintf(stderr, "getgrname(pkcs11): %s",
+ strerror(errno));
+ goto err;
+ }
/* set ownership to euid, and pkcs11 group */
if (chown(lockdir, geteuid(), grp->gr_gid) != 0) {
fprintf(stderr, "Failed to set owner:group \
diff --git a/usr/lib/pkcs11/icsf_stdll/new_host.c b/usr/lib/pkcs11/icsf_stdll/new_host.c
index 9863d52..9478e92 100644
--- a/usr/lib/pkcs11/icsf_stdll/new_host.c
+++ b/usr/lib/pkcs11/icsf_stdll/new_host.c
@@ -813,6 +813,11 @@ CK_RV SC_OpenSession(CK_SLOT_ID sid, CK_FLAGS flags,
}
sess = session_mgr_find(*phSession);
+ if (!sess) {
+ TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
+ rc = CKR_SESSION_HANDLE_INVALID;
+ goto done;
+ }
sess->handle = *phSession;
rc = icsftok_open_session(sess);
done:
@@ -835,6 +840,11 @@ CK_RV SC_CloseSession(ST_SESSION_HANDLE *sSession)
}
sess = session_mgr_find(sSession->sessionh);
+ if (!sess) {
+ TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
+ rc = CKR_SESSION_HANDLE_INVALID;
+ goto done;
+ }
//set the handle here as handle is never set into session during creation
sess->handle = sSession->sessionh;
rc = icsftok_close_session(sess);

20
ocki-3.5-downgrade-syslogerror.patch Normal file
View File

@ -0,0 +1,20 @@
commit 786b6a4223119501f4aa7faf5a413c1ba10e38f6
Author: Vineetha Pai <vpishar@us.ibm.com>
Date: Tue May 31 15:15:14 2016 -0400
Downgraded a syslog error to warning
Signed-off-by: Vineetha Pai <vpishar@us.ibm.com>
diff --git a/usr/lib/pkcs11/api/apiutil.c b/usr/lib/pkcs11/api/apiutil.c
index ce0dc18..ec50f71 100755
--- a/usr/lib/pkcs11/api/apiutil.c
+++ b/usr/lib/pkcs11/api/apiutil.c
@@ -820,7 +820,7 @@ DLL_Load_t *dllload;
} else {
char *e = dlerror();
- OCK_SYSLOG(LOG_ERR,
+ OCK_SYSLOG(LOG_WARNING,
"%s: dlopen() failed for [%s]; dlerror = [%s]\n",
__FUNCTION__, sinfp->dll_location, e);
TRACE_DEVEL("DL_Load of %s failed, dlerror: %s\n",

34
ocki-3.5-icsf-coverity-memoryleakfix.patch Normal file
View File

@ -0,0 +1,34 @@
commit 54013d80a2f5eaa9ac58712a57de0cd87a55cdae
Author: Jakub Jelen <jjelen@redhat.com>
Date: Thu May 19 17:05:46 2016 -0400
icsftok memory leak fix identified in coverity scan
Signed-off-by: Vineetha Pai <vpishar@us.ibm.com>
diff --git a/usr/lib/pkcs11/icsf_stdll/icsf_specific.c b/usr/lib/pkcs11/icsf_stdll/icsf_specific.c
index 5b7fb45..1c25cd2 100644
--- a/usr/lib/pkcs11/icsf_stdll/icsf_specific.c
+++ b/usr/lib/pkcs11/icsf_stdll/icsf_specific.c
@@ -4664,6 +4664,7 @@ CK_RV icsftok_unwrap_key(SESSION *session, CK_MECHANISM_PTR mech,
"(expected %lu)\n",
(unsigned long) mech->ulParameterLen,
(unsigned long) expected_block_size);
+ free(key_mapping);
return CKR_MECHANISM_PARAM_INVALID;
}
break;
@@ -4671,12 +4672,14 @@ CK_RV icsftok_unwrap_key(SESSION *session, CK_MECHANISM_PTR mech,
if (mech->ulParameterLen != 0){
TRACE_ERROR("%s\n",
ock_err(ERR_MECHANISM_PARAM_INVALID));
+ free(key_mapping);
return CKR_MECHANISM_PARAM_INVALID;
}
break;
default:
TRACE_ERROR("icsf invalid %lu mechanism for key wrapping\n",
mech->mechanism);
+ free(key_mapping);
return CKR_MECHANISM_INVALID;
}

21
ocki-3.5-icsf-reasoncode-2028-added.patch Normal file
View File

@ -0,0 +1,21 @@
commit f45ddf572c05cbeb54c524805060256a33435149
Author: Vineetha Pai <vpishar@us.ibm.com>
Date: Tue Jun 21 17:06:25 2016 -0400
Added support for rc=8, reasoncode=2028 in icsf token
bz#142190
Signed-off-by: Vineetha Pai <vpishar@us.ibm.com>
diff --git a/usr/lib/pkcs11/icsf_stdll/icsf_specific.c b/usr/lib/pkcs11/icsf_stdll/icsf_specific.c
index 1c25cd2..c9b986b 100644
--- a/usr/lib/pkcs11/icsf_stdll/icsf_specific.c
+++ b/usr/lib/pkcs11/icsf_stdll/icsf_specific.c
@@ -233,6 +233,8 @@ int icsf_to_ock_err(int icsf_return_code, int icsf_reason_code)
switch(icsf_reason_code) {
case 2154:
return CKR_KEY_TYPE_INCONSISTENT;
+ case 2028:
+ return CKR_WRAPPED_KEY_INVALID;
case 3003:
return CKR_BUFFER_TOO_SMALL;
case 3019:

19
ocki-3.5-icsf-reasoncode72-support.patch Normal file
View File

@ -0,0 +1,19 @@
commit 165a1020da10ddbdc39e51e9a411a5c09f6dbae6
Author: Vineetha Pai <vpishar@us.ibm.com>
Date: Thu May 19 16:46:51 2016 -0400
Added pkcs11 mapping for icsf reason code 72 for return code 8
Signed-off-by: Vineetha Pai <vpishar@us.ibm.com>
diff --git a/usr/lib/pkcs11/icsf_stdll/icsf_specific.c b/usr/lib/pkcs11/icsf_stdll/icsf_specific.c
index d71b19f..5b7fb45 100644
--- a/usr/lib/pkcs11/icsf_stdll/icsf_specific.c
+++ b/usr/lib/pkcs11/icsf_stdll/icsf_specific.c
@@ -258,6 +258,7 @@ int icsf_to_ock_err(int icsf_return_code, int icsf_reason_code)
return CKR_KEY_HANDLE_INVALID;
case 3045:
return CKR_KEY_UNEXTRACTABLE;
+ case 72:
case 11000:
return CKR_DATA_LEN_RANGE;
case 11028:

418
ocki-3.5-icsf-sessionhandle-missing-fix.patch Normal file
View File

@ -0,0 +1,418 @@
commit 2d03c609981cd3bf5cefb7d3188878f68b33f722
Author: Vineetha Pai <vpishar@us.ibm.com>
Date: Tue Jun 21 16:43:53 2016 -0400
Fix for session handle not set in session issue.
bz142186
icsf token uses the session handle for a session as the session_id in
its own internal session state structure. The session handle is an
index into the session btree and is not set in the SESSION structure
after a new session is created. This causes session_handle to be always 0 and
session_id to be always set to 0, causing issues when multiple sessions are active.
This affects icsf token as it stores and uses session handle internally
unlike other tokens. This patch sets the session handle into the session
structure for all SC_API calls.
Signed-off-by: Vineetha Pai <vpishar@us.ibm.com>
diff --git a/usr/lib/pkcs11/icsf_stdll/new_host.c b/usr/lib/pkcs11/icsf_stdll/new_host.c
index 4923a77..9863d52 100644
--- a/usr/lib/pkcs11/icsf_stdll/new_host.c
+++ b/usr/lib/pkcs11/icsf_stdll/new_host.c
@@ -703,6 +703,9 @@ CK_RV SC_InitPIN(ST_SESSION_HANDLE *sSession, CK_CHAR_PTR pPin,
rc = CKR_SESSION_HANDLE_INVALID;
goto done;
}
+ //set the handle here as handle is never set into session during creation
+ sess->handle = sSession->sessionh;
+
if (pin_locked(&sess->session_info, nv_token_data->token_info.flags) == TRUE) {
TRACE_ERROR("%s\n", ock_err(ERR_PIN_LOCKED));
rc = CKR_PIN_LOCKED;
@@ -746,6 +749,9 @@ CK_RV SC_SetPIN(ST_SESSION_HANDLE *sSession, CK_CHAR_PTR pOldPin,
rc = CKR_SESSION_HANDLE_INVALID;
goto done;
}
+ //set the handle here as handle is never set into session during creation
+ sess->handle = sSession->sessionh;
+
if (pin_locked(&sess->session_info,
nv_token_data->token_info.flags) == TRUE) {
TRACE_ERROR("%s\n", ock_err(ERR_PIN_LOCKED));
@@ -807,6 +813,7 @@ CK_RV SC_OpenSession(CK_SLOT_ID sid, CK_FLAGS flags,
}
sess = session_mgr_find(*phSession);
+ sess->handle = *phSession;
rc = icsftok_open_session(sess);
done:
if (locked)
@@ -828,6 +835,8 @@ CK_RV SC_CloseSession(ST_SESSION_HANDLE *sSession)
}
sess = session_mgr_find(sSession->sessionh);
+ //set the handle here as handle is never set into session during creation
+ sess->handle = sSession->sessionh;
rc = icsftok_close_session(sess);
if (rc)
goto done;
@@ -923,6 +932,8 @@ CK_RV SC_GetOperationState(ST_SESSION_HANDLE *sSession,
rc = CKR_SESSION_HANDLE_INVALID;
goto done;
}
+ //set the handle into the session.
+ sess->handle = sSession->sessionh;
rc = session_mgr_get_op_state(sess, length_only, pOperationState,
pulOperationStateLen);
@@ -962,6 +973,8 @@ CK_RV SC_SetOperationState(ST_SESSION_HANDLE *sSession,
rc = CKR_SESSION_HANDLE_INVALID;
goto done;
}
+ //set the handle into the session.
+ sess->handle = sSession->sessionh;
rc = session_mgr_set_op_state(sess, hEncryptionKey, hAuthenticationKey,
pOperationState, ulOperationStateLen);
@@ -1000,6 +1013,9 @@ CK_RV SC_Login(ST_SESSION_HANDLE *sSession, CK_USER_TYPE userType,
rc = CKR_SESSION_HANDLE_INVALID;
goto done;
}
+ //set the handle into the session.
+ sess->handle = sSession->sessionh;
+
flags = &nv_token_data->token_info.flags;
if (!pPin || ulPinLen > MAX_PIN_LEN) {
@@ -1113,6 +1129,8 @@ CK_RV SC_Logout(ST_SESSION_HANDLE *sSession)
rc = CKR_SESSION_HANDLE_INVALID;
goto done;
}
+ //set the handle into the session.
+ sess->handle = sSession->sessionh;
/* all sessions have the same state so we just have to check one */
if (session_mgr_public_session_exists()) {
@@ -1155,6 +1173,8 @@ CK_RV SC_CreateObject(ST_SESSION_HANDLE *sSession, CK_ATTRIBUTE_PTR pTemplate,
rc = CKR_SESSION_HANDLE_INVALID;
goto done;
}
+ //set the handle into the session.
+ sess->handle = sSession->sessionh;
if (pin_expired(&sess->session_info, nv_token_data->token_info.flags)) {
TRACE_ERROR("%s\n", ock_err(ERR_PIN_EXPIRED));
@@ -1204,6 +1224,8 @@ CK_RV SC_CopyObject(ST_SESSION_HANDLE *sSession, CK_OBJECT_HANDLE hObject,
rc = CKR_SESSION_HANDLE_INVALID;
goto done;
}
+ //set the handle into the session.
+ sess->handle = sSession->sessionh;
if (pin_expired(&sess->session_info, nv_token_data->token_info.flags) == TRUE) {
TRACE_ERROR("%s\n", ock_err(ERR_PIN_EXPIRED));
@@ -1240,6 +1262,8 @@ CK_RV SC_DestroyObject(ST_SESSION_HANDLE *sSession, CK_OBJECT_HANDLE hObject)
rc = CKR_SESSION_HANDLE_INVALID;
goto done;
}
+ //set the handle into the session.
+ sess->handle = sSession->sessionh;
if (pin_expired(&sess->session_info, nv_token_data->token_info.flags) == TRUE) {
TRACE_ERROR("%s\n", ock_err(ERR_PIN_EXPIRED));
@@ -1285,6 +1309,8 @@ CK_RV SC_GetObjectSize(ST_SESSION_HANDLE *sSession, CK_OBJECT_HANDLE hObject,
rc = CKR_SESSION_HANDLE_INVALID;
goto done;
}
+ //set the handle into the session.
+ sess->handle = sSession->sessionh;
rc = icsftok_get_attribute_value(sess, hObject, pTemplate,
ulCount, pulSize);
@@ -1319,6 +1345,8 @@ CK_RV SC_GetAttributeValue(ST_SESSION_HANDLE *sSession,
rc = CKR_SESSION_HANDLE_INVALID;
goto done;
}
+ //set the handle into the session.
+ sess->handle = sSession->sessionh;
rc = icsftok_get_attribute_value(sess, hObject, pTemplate,
ulCount, NULL);
@@ -1369,6 +1397,8 @@ CK_RV SC_SetAttributeValue(ST_SESSION_HANDLE *sSession,
rc = CKR_SESSION_HANDLE_INVALID;
goto done;
}
+ //set the handle into the session.
+ sess->handle = sSession->sessionh;
rc = icsftok_set_attribute_value(sess, hObject, pTemplate, ulCount);
if (rc != CKR_OK)
@@ -1416,6 +1446,8 @@ CK_RV SC_FindObjectsInit(ST_SESSION_HANDLE *sSession,
rc = CKR_SESSION_HANDLE_INVALID;
goto done;
}
+ //set the handle into the session.
+ sess->handle = sSession->sessionh;
if (pin_expired(&sess->session_info, nv_token_data->token_info.flags) == TRUE) {
TRACE_ERROR("%s\n", ock_err(ERR_PIN_EXPIRED));
@@ -1480,6 +1512,8 @@ CK_RV SC_FindObjects(ST_SESSION_HANDLE *sSession, CK_OBJECT_HANDLE_PTR phObject,
rc = CKR_SESSION_HANDLE_INVALID;
goto done;
}
+ //set the handle into the session.
+ sess->handle = sSession->sessionh;
if (sess->find_active == FALSE) {
TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));
@@ -1525,6 +1559,8 @@ CK_RV SC_FindObjectsFinal(ST_SESSION_HANDLE *sSession)
rc = CKR_SESSION_HANDLE_INVALID;
goto done;
}
+ //set the handle into the session.
+ sess->handle = sSession->sessionh;
if (sess->find_active == FALSE) {
TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));
@@ -1576,6 +1612,8 @@ CK_RV SC_EncryptInit(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism,
rc = CKR_SESSION_HANDLE_INVALID;
goto done;
}
+ //set the handle into the session.
+ sess->handle = sSession->sessionh;
if (pin_expired(&sess->session_info, nv_token_data->token_info.flags) == TRUE) {
TRACE_ERROR("%s\n", ock_err(ERR_PIN_EXPIRED));
@@ -1626,6 +1664,8 @@ CK_RV SC_Encrypt(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pData,
rc = CKR_SESSION_HANDLE_INVALID;
goto done;
}
+ //set the handle into the session.
+ sess->handle = sSession->sessionh;
if (sess->encr_ctx.active == FALSE) {
TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));
@@ -1677,6 +1717,8 @@ CK_RV SC_EncryptUpdate(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pPart,
rc = CKR_SESSION_HANDLE_INVALID;
goto done;
}
+ //set the handle into the session.
+ sess->handle = sSession->sessionh;
if (sess->encr_ctx.active == FALSE) {
TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));
@@ -1726,6 +1768,8 @@ CK_RV SC_EncryptFinal(ST_SESSION_HANDLE *sSession,
rc = CKR_SESSION_HANDLE_INVALID;
goto done;
}
+ //set the handle into the session.
+ sess->handle = sSession->sessionh;
if (sess->encr_ctx.active == FALSE) {
TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));
@@ -1780,6 +1824,8 @@ CK_RV SC_DecryptInit(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism,
rc = CKR_SESSION_HANDLE_INVALID;
goto done;
}
+ //set the handle into the session.
+ sess->handle = sSession->sessionh;
if (pin_expired(&sess->session_info, nv_token_data->token_info.flags) == TRUE) {
TRACE_ERROR("%s\n", ock_err(ERR_PIN_EXPIRED));
@@ -1832,6 +1878,8 @@ CK_RV SC_Decrypt(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pEncryptedData,
rc = CKR_SESSION_HANDLE_INVALID;
goto done;
}
+ //set the handle into the session.
+ sess->handle = sSession->sessionh;
if (sess->decr_ctx.active == FALSE) {
TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));
@@ -1884,6 +1932,8 @@ CK_RV SC_DecryptUpdate(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pEncryptedPart,
rc = CKR_SESSION_HANDLE_INVALID;
goto done;
}
+ //set the handle into the session.
+ sess->handle = sSession->sessionh;
if (sess->decr_ctx.active == FALSE) {
TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));
@@ -1933,6 +1983,8 @@ CK_RV SC_DecryptFinal(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pLastPart,
rc = CKR_SESSION_HANDLE_INVALID;
goto done;
}
+ //set the handle into the session.
+ sess->handle = sSession->sessionh;
if (sess->decr_ctx.active == FALSE) {
TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));
@@ -1984,6 +2036,8 @@ CK_RV SC_DigestInit(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism)
rc = CKR_SESSION_HANDLE_INVALID;
goto done;
}
+ //set the handle into the session.
+ sess->handle = sSession->sessionh;
if (pin_expired(&sess->session_info, nv_token_data->token_info.flags) == TRUE) {
TRACE_ERROR("%s\n", ock_err(ERR_PIN_EXPIRED));
@@ -2039,6 +2093,8 @@ CK_RV SC_Digest(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pData,
rc = CKR_SESSION_HANDLE_INVALID;
goto done;
}
+ //set the handle into the session.
+ sess->handle = sSession->sessionh;
if (sess->digest_ctx.active == FALSE) {
TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));
@@ -2086,6 +2142,8 @@ CK_RV SC_DigestUpdate(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pPart,
rc = CKR_SESSION_HANDLE_INVALID;
goto done;
}
+ //set the handle into the session.
+ sess->handle = sSession->sessionh;
if (sess->digest_ctx.active == FALSE) {
TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));
@@ -2125,6 +2183,8 @@ CK_RV SC_DigestKey(ST_SESSION_HANDLE *sSession, CK_OBJECT_HANDLE hKey)
rc = CKR_SESSION_HANDLE_INVALID;
goto done;
}
+ //set the handle into the session.
+ sess->handle = sSession->sessionh;
if (sess->digest_ctx.active == FALSE) {
TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));
@@ -2169,6 +2229,8 @@ CK_RV SC_DigestFinal(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pDigest,
rc = CKR_SESSION_HANDLE_INVALID;
goto done;
}
+ //set the handle into the session.
+ sess->handle = sSession->sessionh;
if (sess->digest_ctx.active == FALSE) {
TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));
@@ -2216,6 +2278,8 @@ CK_RV SC_SignInit(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism,
rc = CKR_SESSION_HANDLE_INVALID;
goto done;
}
+ //set the handle into the session.
+ sess->handle = sSession->sessionh;
rc = valid_mech(pMechanism, CKF_SIGN);
if (rc != CKR_OK)
@@ -2271,6 +2335,8 @@ CK_RV SC_Sign(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pData,
rc = CKR_SESSION_HANDLE_INVALID;
goto done;
}
+ //set the handle into the session.
+ sess->handle = sSession->sessionh;
if (sess->sign_ctx.active == FALSE) {
TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));
@@ -2318,6 +2384,8 @@ CK_RV SC_SignUpdate(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pPart,
rc = CKR_SESSION_HANDLE_INVALID;
goto done;
}
+ //set the handle into the session.
+ sess->handle = sSession->sessionh;
if (sess->sign_ctx.active == FALSE) {
TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));
@@ -2363,6 +2431,8 @@ CK_RV SC_SignFinal(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pSignature,
rc = CKR_SESSION_HANDLE_INVALID;
goto done;
}
+ //set the handle into the session.
+ sess->handle = sSession->sessionh;
if (sess->sign_ctx.active == FALSE) {
TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));
@@ -2440,6 +2510,8 @@ CK_RV SC_VerifyInit(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism,
rc = CKR_SESSION_HANDLE_INVALID;
goto done;
}
+ //set the handle into the session.
+ sess->handle = sSession->sessionh;
if (pin_expired(&sess->session_info,
nv_token_data->token_info.flags) == TRUE) {
@@ -2492,6 +2564,8 @@ CK_RV SC_Verify(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pData,
rc = CKR_SESSION_HANDLE_INVALID;
goto done;
}
+ //set the handle into the session.
+ sess->handle = sSession->sessionh;
if (sess->verify_ctx.active == FALSE) {
rc = CKR_OPERATION_NOT_INITIALIZED;
@@ -2537,6 +2611,8 @@ CK_RV SC_VerifyUpdate(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pPart,
rc = CKR_SESSION_HANDLE_INVALID;
goto done;
}
+ //set the handle into the session.
+ sess->handle = sSession->sessionh;
if (sess->verify_ctx.active == FALSE) {
rc = CKR_OPERATION_NOT_INITIALIZED;
@@ -2583,6 +2659,8 @@ CK_RV SC_VerifyFinal(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pSignature,
rc = CKR_SESSION_HANDLE_INVALID;
goto done;
}
+ //set the handle into the session.
+ sess->handle = sSession->sessionh;
if (sess->verify_ctx.active == FALSE) {
rc = CKR_OPERATION_NOT_INITIALIZED;
@@ -2718,6 +2796,8 @@ CK_RV SC_GenerateKey(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism,
rc = CKR_SESSION_HANDLE_INVALID;
goto done;
}
+ //set the handle into the session.
+ sess->handle = sSession->sessionh;
if (pin_expired(&sess->session_info,
nv_token_data->token_info.flags) == TRUE) {
@@ -2791,6 +2871,8 @@ CK_RV SC_GenerateKeyPair(ST_SESSION_HANDLE *sSession,
rc = CKR_SESSION_HANDLE_INVALID;
goto done;
}
+ //set the handle into the session.
+ sess->handle = sSession->sessionh;
if (pin_expired(&sess->session_info,
nv_token_data->token_info.flags) == TRUE) {
@@ -2875,6 +2957,8 @@ CK_RV SC_WrapKey(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism,
rc = CKR_SESSION_HANDLE_INVALID;
goto done;
}
+ //set the handle into the session.
+ sess->handle = sSession->sessionh;
if (pin_expired(&sess->session_info,
nv_token_data->token_info.flags) == TRUE) {
@@ -2929,6 +3013,8 @@ CK_RV SC_UnwrapKey(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism,
rc = CKR_SESSION_HANDLE_INVALID;
goto done;
}
+ //set the handle into the session.
+ sess->handle = sSession->sessionh;
if (pin_expired(&sess->session_info,
nv_token_data->token_info.flags) == TRUE) {
@@ -2998,6 +3084,8 @@ CK_RV SC_DeriveKey(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism,
rc = CKR_SESSION_HANDLE_INVALID;
goto done;
}
+ //set the handle into the session.
+ sess->handle = sSession->sessionh;
if (pin_expired(&sess->session_info,
nv_token_data->token_info.flags) == TRUE) {
@@ -3104,6 +3192,8 @@ CK_RV SC_GenerateRandom(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pRandomData,
rc = CKR_SESSION_HANDLE_INVALID;
goto done;
}
+ //set the handle into the session.
+ sess->handle = sSession->sessionh;
rc = rng_generate(pRandomData, ulRandomLen);
if (rc != CKR_OK)

11
openCryptoki.changes
View File

@ -1,3 +1,14 @@
-------------------------------------------------------------------
Fri Jul 8 18:06:42 UTC 2016 - mpost@suse.com
- Added the following patches (bsc#986854)
- ocki-3.5-icsf-reasoncode72-support.patch
- ocki-3.5-icsf-coverity-memoryleakfix.patch
- ocki-3.5-downgrade-syslogerror.patch
- ocki-3.5-icsf-sessionhandle-missing-fix.patch
- ocki-3.5-icsf-reasoncode-2028-added.patch
- ocki-3.5-added-NULLreturn-check.patch
-------------------------------------------------------------------
Mon Jun 13 20:17:04 UTC 2016 - mpost@suse.com

14
openCryptoki.spec
View File

@ -64,6 +64,13 @@ Source3: openCryptoki-tmp.conf
# and because we don't want(?) various file and directory permissions to be 0700.
Patch1: ocki-3.1-remove-make-install-chgrp.patch
Patch2: ocki-3.5-sanity-checking.patch
Patch3: ocki-3.5-icsf-reasoncode72-support.patch
Patch4: ocki-3.5-icsf-coverity-memoryleakfix.patch
Patch5: ocki-3.5-downgrade-syslogerror.patch
Patch6: ocki-3.5-icsf-sessionhandle-missing-fix.patch
Patch7: ocki-3.5-icsf-reasoncode-2028-added.patch
Patch8: ocki-3.5-added-NULLreturn-check.patch
Url: https://sourceforge.net/projects/opencryptoki/
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: /usr/sbin/groupadd /usr/bin/id /usr/sbin/usermod /bin/sed
@ -143,6 +150,13 @@ Cryptographic Accelerator (FC 4960 on pSeries).
%setup -q -n %{oc_cvs_tag}
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
cp %{SOURCE2} .
%build