diff --git a/ocki-3.5-added-NULLreturn-check.patch b/ocki-3.5-added-NULLreturn-check.patch new file mode 100644 index 0000000..5266680 --- /dev/null +++ b/ocki-3.5-added-NULLreturn-check.patch @@ -0,0 +1,51 @@ +commit ca61c6e68ecd04c5f319056a6a3eba4b261f5481 +Author: Jakub Jelen +Date: Tue Jun 28 16:23:06 2016 -0400 + + Coverity:Check for NULL returns + Signed-off-by: Jakub Jelen + +diff --git a/usr/lib/pkcs11/common/utility.c b/usr/lib/pkcs11/common/utility.c +index 3cbb8da..39ecae8 100755 +--- a/usr/lib/pkcs11/common/utility.c ++++ b/usr/lib/pkcs11/common/utility.c +@@ -589,6 +589,11 @@ CK_RV CreateXProcLock(void) + goto err; + } + grp = getgrnam("pkcs11"); ++ if (grp == NULL) { ++ fprintf(stderr, "getgrname(pkcs11): %s", ++ strerror(errno)); ++ goto err; ++ } + /* set ownership to euid, and pkcs11 group */ + if (chown(lockdir, geteuid(), grp->gr_gid) != 0) { + fprintf(stderr, "Failed to set owner:group \ +diff --git a/usr/lib/pkcs11/icsf_stdll/new_host.c b/usr/lib/pkcs11/icsf_stdll/new_host.c +index 9863d52..9478e92 100644 +--- a/usr/lib/pkcs11/icsf_stdll/new_host.c ++++ b/usr/lib/pkcs11/icsf_stdll/new_host.c +@@ -813,6 +813,11 @@ CK_RV SC_OpenSession(CK_SLOT_ID sid, CK_FLAGS flags, + } + + sess = session_mgr_find(*phSession); ++ if (!sess) { ++ TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID)); ++ rc = CKR_SESSION_HANDLE_INVALID; ++ goto done; ++ } + sess->handle = *phSession; + rc = icsftok_open_session(sess); + done: +@@ -835,6 +840,11 @@ CK_RV SC_CloseSession(ST_SESSION_HANDLE *sSession) + } + + sess = session_mgr_find(sSession->sessionh); ++ if (!sess) { ++ TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID)); ++ rc = CKR_SESSION_HANDLE_INVALID; ++ goto done; ++ } + //set the handle here as handle is never set into session during creation + sess->handle = sSession->sessionh; + rc = icsftok_close_session(sess); diff --git a/ocki-3.5-downgrade-syslogerror.patch b/ocki-3.5-downgrade-syslogerror.patch new file mode 100644 index 0000000..db3d88f --- /dev/null +++ b/ocki-3.5-downgrade-syslogerror.patch @@ -0,0 +1,20 @@ +commit 786b6a4223119501f4aa7faf5a413c1ba10e38f6 +Author: Vineetha Pai +Date: Tue May 31 15:15:14 2016 -0400 + + Downgraded a syslog error to warning + Signed-off-by: Vineetha Pai + +diff --git a/usr/lib/pkcs11/api/apiutil.c b/usr/lib/pkcs11/api/apiutil.c +index ce0dc18..ec50f71 100755 +--- a/usr/lib/pkcs11/api/apiutil.c ++++ b/usr/lib/pkcs11/api/apiutil.c +@@ -820,7 +820,7 @@ DLL_Load_t *dllload; + + } else { + char *e = dlerror(); +- OCK_SYSLOG(LOG_ERR, ++ OCK_SYSLOG(LOG_WARNING, + "%s: dlopen() failed for [%s]; dlerror = [%s]\n", + __FUNCTION__, sinfp->dll_location, e); + TRACE_DEVEL("DL_Load of %s failed, dlerror: %s\n", diff --git a/ocki-3.5-icsf-coverity-memoryleakfix.patch b/ocki-3.5-icsf-coverity-memoryleakfix.patch new file mode 100644 index 0000000..0905718 --- /dev/null +++ b/ocki-3.5-icsf-coverity-memoryleakfix.patch @@ -0,0 +1,34 @@ +commit 54013d80a2f5eaa9ac58712a57de0cd87a55cdae +Author: Jakub Jelen +Date: Thu May 19 17:05:46 2016 -0400 + + icsftok memory leak fix identified in coverity scan + Signed-off-by: Vineetha Pai + +diff --git a/usr/lib/pkcs11/icsf_stdll/icsf_specific.c b/usr/lib/pkcs11/icsf_stdll/icsf_specific.c +index 5b7fb45..1c25cd2 100644 +--- a/usr/lib/pkcs11/icsf_stdll/icsf_specific.c ++++ b/usr/lib/pkcs11/icsf_stdll/icsf_specific.c +@@ -4664,6 +4664,7 @@ CK_RV icsftok_unwrap_key(SESSION *session, CK_MECHANISM_PTR mech, + "(expected %lu)\n", + (unsigned long) mech->ulParameterLen, + (unsigned long) expected_block_size); ++ free(key_mapping); + return CKR_MECHANISM_PARAM_INVALID; + } + break; +@@ -4671,12 +4672,14 @@ CK_RV icsftok_unwrap_key(SESSION *session, CK_MECHANISM_PTR mech, + if (mech->ulParameterLen != 0){ + TRACE_ERROR("%s\n", + ock_err(ERR_MECHANISM_PARAM_INVALID)); ++ free(key_mapping); + return CKR_MECHANISM_PARAM_INVALID; + } + break; + default: + TRACE_ERROR("icsf invalid %lu mechanism for key wrapping\n", + mech->mechanism); ++ free(key_mapping); + return CKR_MECHANISM_INVALID; + } + diff --git a/ocki-3.5-icsf-reasoncode-2028-added.patch b/ocki-3.5-icsf-reasoncode-2028-added.patch new file mode 100644 index 0000000..422b64e --- /dev/null +++ b/ocki-3.5-icsf-reasoncode-2028-added.patch @@ -0,0 +1,21 @@ +commit f45ddf572c05cbeb54c524805060256a33435149 +Author: Vineetha Pai +Date: Tue Jun 21 17:06:25 2016 -0400 + + Added support for rc=8, reasoncode=2028 in icsf token + bz#142190 + Signed-off-by: Vineetha Pai + +diff --git a/usr/lib/pkcs11/icsf_stdll/icsf_specific.c b/usr/lib/pkcs11/icsf_stdll/icsf_specific.c +index 1c25cd2..c9b986b 100644 +--- a/usr/lib/pkcs11/icsf_stdll/icsf_specific.c ++++ b/usr/lib/pkcs11/icsf_stdll/icsf_specific.c +@@ -233,6 +233,8 @@ int icsf_to_ock_err(int icsf_return_code, int icsf_reason_code) + switch(icsf_reason_code) { + case 2154: + return CKR_KEY_TYPE_INCONSISTENT; ++ case 2028: ++ return CKR_WRAPPED_KEY_INVALID; + case 3003: + return CKR_BUFFER_TOO_SMALL; + case 3019: diff --git a/ocki-3.5-icsf-reasoncode72-support.patch b/ocki-3.5-icsf-reasoncode72-support.patch new file mode 100644 index 0000000..fe67ed9 --- /dev/null +++ b/ocki-3.5-icsf-reasoncode72-support.patch @@ -0,0 +1,19 @@ +commit 165a1020da10ddbdc39e51e9a411a5c09f6dbae6 +Author: Vineetha Pai +Date: Thu May 19 16:46:51 2016 -0400 + + Added pkcs11 mapping for icsf reason code 72 for return code 8 + Signed-off-by: Vineetha Pai + +diff --git a/usr/lib/pkcs11/icsf_stdll/icsf_specific.c b/usr/lib/pkcs11/icsf_stdll/icsf_specific.c +index d71b19f..5b7fb45 100644 +--- a/usr/lib/pkcs11/icsf_stdll/icsf_specific.c ++++ b/usr/lib/pkcs11/icsf_stdll/icsf_specific.c +@@ -258,6 +258,7 @@ int icsf_to_ock_err(int icsf_return_code, int icsf_reason_code) + return CKR_KEY_HANDLE_INVALID; + case 3045: + return CKR_KEY_UNEXTRACTABLE; ++ case 72: + case 11000: + return CKR_DATA_LEN_RANGE; + case 11028: diff --git a/ocki-3.5-icsf-sessionhandle-missing-fix.patch b/ocki-3.5-icsf-sessionhandle-missing-fix.patch new file mode 100644 index 0000000..2847e25 --- /dev/null +++ b/ocki-3.5-icsf-sessionhandle-missing-fix.patch @@ -0,0 +1,418 @@ +commit 2d03c609981cd3bf5cefb7d3188878f68b33f722 +Author: Vineetha Pai +Date: Tue Jun 21 16:43:53 2016 -0400 + + Fix for session handle not set in session issue. + bz142186 + icsf token uses the session handle for a session as the session_id in + its own internal session state structure. The session handle is an + index into the session btree and is not set in the SESSION structure + after a new session is created. This causes session_handle to be always 0 and + session_id to be always set to 0, causing issues when multiple sessions are active. + This affects icsf token as it stores and uses session handle internally + unlike other tokens. This patch sets the session handle into the session + structure for all SC_API calls. + Signed-off-by: Vineetha Pai + +diff --git a/usr/lib/pkcs11/icsf_stdll/new_host.c b/usr/lib/pkcs11/icsf_stdll/new_host.c +index 4923a77..9863d52 100644 +--- a/usr/lib/pkcs11/icsf_stdll/new_host.c ++++ b/usr/lib/pkcs11/icsf_stdll/new_host.c +@@ -703,6 +703,9 @@ CK_RV SC_InitPIN(ST_SESSION_HANDLE *sSession, CK_CHAR_PTR pPin, + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } ++ //set the handle here as handle is never set into session during creation ++ sess->handle = sSession->sessionh; ++ + if (pin_locked(&sess->session_info, nv_token_data->token_info.flags) == TRUE) { + TRACE_ERROR("%s\n", ock_err(ERR_PIN_LOCKED)); + rc = CKR_PIN_LOCKED; +@@ -746,6 +749,9 @@ CK_RV SC_SetPIN(ST_SESSION_HANDLE *sSession, CK_CHAR_PTR pOldPin, + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } ++ //set the handle here as handle is never set into session during creation ++ sess->handle = sSession->sessionh; ++ + if (pin_locked(&sess->session_info, + nv_token_data->token_info.flags) == TRUE) { + TRACE_ERROR("%s\n", ock_err(ERR_PIN_LOCKED)); +@@ -807,6 +813,7 @@ CK_RV SC_OpenSession(CK_SLOT_ID sid, CK_FLAGS flags, + } + + sess = session_mgr_find(*phSession); ++ sess->handle = *phSession; + rc = icsftok_open_session(sess); + done: + if (locked) +@@ -828,6 +835,8 @@ CK_RV SC_CloseSession(ST_SESSION_HANDLE *sSession) + } + + sess = session_mgr_find(sSession->sessionh); ++ //set the handle here as handle is never set into session during creation ++ sess->handle = sSession->sessionh; + rc = icsftok_close_session(sess); + if (rc) + goto done; +@@ -923,6 +932,8 @@ CK_RV SC_GetOperationState(ST_SESSION_HANDLE *sSession, + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } ++ //set the handle into the session. ++ sess->handle = sSession->sessionh; + + rc = session_mgr_get_op_state(sess, length_only, pOperationState, + pulOperationStateLen); +@@ -962,6 +973,8 @@ CK_RV SC_SetOperationState(ST_SESSION_HANDLE *sSession, + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } ++ //set the handle into the session. ++ sess->handle = sSession->sessionh; + + rc = session_mgr_set_op_state(sess, hEncryptionKey, hAuthenticationKey, + pOperationState, ulOperationStateLen); +@@ -1000,6 +1013,9 @@ CK_RV SC_Login(ST_SESSION_HANDLE *sSession, CK_USER_TYPE userType, + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } ++ //set the handle into the session. ++ sess->handle = sSession->sessionh; ++ + flags = &nv_token_data->token_info.flags; + + if (!pPin || ulPinLen > MAX_PIN_LEN) { +@@ -1113,6 +1129,8 @@ CK_RV SC_Logout(ST_SESSION_HANDLE *sSession) + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } ++ //set the handle into the session. ++ sess->handle = sSession->sessionh; + + /* all sessions have the same state so we just have to check one */ + if (session_mgr_public_session_exists()) { +@@ -1155,6 +1173,8 @@ CK_RV SC_CreateObject(ST_SESSION_HANDLE *sSession, CK_ATTRIBUTE_PTR pTemplate, + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } ++ //set the handle into the session. ++ sess->handle = sSession->sessionh; + + if (pin_expired(&sess->session_info, nv_token_data->token_info.flags)) { + TRACE_ERROR("%s\n", ock_err(ERR_PIN_EXPIRED)); +@@ -1204,6 +1224,8 @@ CK_RV SC_CopyObject(ST_SESSION_HANDLE *sSession, CK_OBJECT_HANDLE hObject, + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } ++ //set the handle into the session. ++ sess->handle = sSession->sessionh; + + if (pin_expired(&sess->session_info, nv_token_data->token_info.flags) == TRUE) { + TRACE_ERROR("%s\n", ock_err(ERR_PIN_EXPIRED)); +@@ -1240,6 +1262,8 @@ CK_RV SC_DestroyObject(ST_SESSION_HANDLE *sSession, CK_OBJECT_HANDLE hObject) + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } ++ //set the handle into the session. ++ sess->handle = sSession->sessionh; + + if (pin_expired(&sess->session_info, nv_token_data->token_info.flags) == TRUE) { + TRACE_ERROR("%s\n", ock_err(ERR_PIN_EXPIRED)); +@@ -1285,6 +1309,8 @@ CK_RV SC_GetObjectSize(ST_SESSION_HANDLE *sSession, CK_OBJECT_HANDLE hObject, + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } ++ //set the handle into the session. ++ sess->handle = sSession->sessionh; + + rc = icsftok_get_attribute_value(sess, hObject, pTemplate, + ulCount, pulSize); +@@ -1319,6 +1345,8 @@ CK_RV SC_GetAttributeValue(ST_SESSION_HANDLE *sSession, + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } ++ //set the handle into the session. ++ sess->handle = sSession->sessionh; + + rc = icsftok_get_attribute_value(sess, hObject, pTemplate, + ulCount, NULL); +@@ -1369,6 +1397,8 @@ CK_RV SC_SetAttributeValue(ST_SESSION_HANDLE *sSession, + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } ++ //set the handle into the session. ++ sess->handle = sSession->sessionh; + + rc = icsftok_set_attribute_value(sess, hObject, pTemplate, ulCount); + if (rc != CKR_OK) +@@ -1416,6 +1446,8 @@ CK_RV SC_FindObjectsInit(ST_SESSION_HANDLE *sSession, + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } ++ //set the handle into the session. ++ sess->handle = sSession->sessionh; + + if (pin_expired(&sess->session_info, nv_token_data->token_info.flags) == TRUE) { + TRACE_ERROR("%s\n", ock_err(ERR_PIN_EXPIRED)); +@@ -1480,6 +1512,8 @@ CK_RV SC_FindObjects(ST_SESSION_HANDLE *sSession, CK_OBJECT_HANDLE_PTR phObject, + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } ++ //set the handle into the session. ++ sess->handle = sSession->sessionh; + + if (sess->find_active == FALSE) { + TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED)); +@@ -1525,6 +1559,8 @@ CK_RV SC_FindObjectsFinal(ST_SESSION_HANDLE *sSession) + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } ++ //set the handle into the session. ++ sess->handle = sSession->sessionh; + + if (sess->find_active == FALSE) { + TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED)); +@@ -1576,6 +1612,8 @@ CK_RV SC_EncryptInit(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism, + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } ++ //set the handle into the session. ++ sess->handle = sSession->sessionh; + + if (pin_expired(&sess->session_info, nv_token_data->token_info.flags) == TRUE) { + TRACE_ERROR("%s\n", ock_err(ERR_PIN_EXPIRED)); +@@ -1626,6 +1664,8 @@ CK_RV SC_Encrypt(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pData, + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } ++ //set the handle into the session. ++ sess->handle = sSession->sessionh; + + if (sess->encr_ctx.active == FALSE) { + TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED)); +@@ -1677,6 +1717,8 @@ CK_RV SC_EncryptUpdate(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pPart, + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } ++ //set the handle into the session. ++ sess->handle = sSession->sessionh; + + if (sess->encr_ctx.active == FALSE) { + TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED)); +@@ -1726,6 +1768,8 @@ CK_RV SC_EncryptFinal(ST_SESSION_HANDLE *sSession, + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } ++ //set the handle into the session. ++ sess->handle = sSession->sessionh; + + if (sess->encr_ctx.active == FALSE) { + TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED)); +@@ -1780,6 +1824,8 @@ CK_RV SC_DecryptInit(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism, + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } ++ //set the handle into the session. ++ sess->handle = sSession->sessionh; + + if (pin_expired(&sess->session_info, nv_token_data->token_info.flags) == TRUE) { + TRACE_ERROR("%s\n", ock_err(ERR_PIN_EXPIRED)); +@@ -1832,6 +1878,8 @@ CK_RV SC_Decrypt(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pEncryptedData, + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } ++ //set the handle into the session. ++ sess->handle = sSession->sessionh; + + if (sess->decr_ctx.active == FALSE) { + TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED)); +@@ -1884,6 +1932,8 @@ CK_RV SC_DecryptUpdate(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pEncryptedPart, + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } ++ //set the handle into the session. ++ sess->handle = sSession->sessionh; + + if (sess->decr_ctx.active == FALSE) { + TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED)); +@@ -1933,6 +1983,8 @@ CK_RV SC_DecryptFinal(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pLastPart, + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } ++ //set the handle into the session. ++ sess->handle = sSession->sessionh; + + if (sess->decr_ctx.active == FALSE) { + TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED)); +@@ -1984,6 +2036,8 @@ CK_RV SC_DigestInit(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism) + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } ++ //set the handle into the session. ++ sess->handle = sSession->sessionh; + + if (pin_expired(&sess->session_info, nv_token_data->token_info.flags) == TRUE) { + TRACE_ERROR("%s\n", ock_err(ERR_PIN_EXPIRED)); +@@ -2039,6 +2093,8 @@ CK_RV SC_Digest(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pData, + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } ++ //set the handle into the session. ++ sess->handle = sSession->sessionh; + + if (sess->digest_ctx.active == FALSE) { + TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED)); +@@ -2086,6 +2142,8 @@ CK_RV SC_DigestUpdate(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pPart, + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } ++ //set the handle into the session. ++ sess->handle = sSession->sessionh; + + if (sess->digest_ctx.active == FALSE) { + TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED)); +@@ -2125,6 +2183,8 @@ CK_RV SC_DigestKey(ST_SESSION_HANDLE *sSession, CK_OBJECT_HANDLE hKey) + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } ++ //set the handle into the session. ++ sess->handle = sSession->sessionh; + + if (sess->digest_ctx.active == FALSE) { + TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED)); +@@ -2169,6 +2229,8 @@ CK_RV SC_DigestFinal(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pDigest, + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } ++ //set the handle into the session. ++ sess->handle = sSession->sessionh; + + if (sess->digest_ctx.active == FALSE) { + TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED)); +@@ -2216,6 +2278,8 @@ CK_RV SC_SignInit(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism, + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } ++ //set the handle into the session. ++ sess->handle = sSession->sessionh; + + rc = valid_mech(pMechanism, CKF_SIGN); + if (rc != CKR_OK) +@@ -2271,6 +2335,8 @@ CK_RV SC_Sign(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pData, + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } ++ //set the handle into the session. ++ sess->handle = sSession->sessionh; + + if (sess->sign_ctx.active == FALSE) { + TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED)); +@@ -2318,6 +2384,8 @@ CK_RV SC_SignUpdate(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pPart, + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } ++ //set the handle into the session. ++ sess->handle = sSession->sessionh; + + if (sess->sign_ctx.active == FALSE) { + TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED)); +@@ -2363,6 +2431,8 @@ CK_RV SC_SignFinal(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pSignature, + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } ++ //set the handle into the session. ++ sess->handle = sSession->sessionh; + + if (sess->sign_ctx.active == FALSE) { + TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED)); +@@ -2440,6 +2510,8 @@ CK_RV SC_VerifyInit(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism, + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } ++ //set the handle into the session. ++ sess->handle = sSession->sessionh; + + if (pin_expired(&sess->session_info, + nv_token_data->token_info.flags) == TRUE) { +@@ -2492,6 +2564,8 @@ CK_RV SC_Verify(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pData, + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } ++ //set the handle into the session. ++ sess->handle = sSession->sessionh; + + if (sess->verify_ctx.active == FALSE) { + rc = CKR_OPERATION_NOT_INITIALIZED; +@@ -2537,6 +2611,8 @@ CK_RV SC_VerifyUpdate(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pPart, + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } ++ //set the handle into the session. ++ sess->handle = sSession->sessionh; + + if (sess->verify_ctx.active == FALSE) { + rc = CKR_OPERATION_NOT_INITIALIZED; +@@ -2583,6 +2659,8 @@ CK_RV SC_VerifyFinal(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pSignature, + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } ++ //set the handle into the session. ++ sess->handle = sSession->sessionh; + + if (sess->verify_ctx.active == FALSE) { + rc = CKR_OPERATION_NOT_INITIALIZED; +@@ -2718,6 +2796,8 @@ CK_RV SC_GenerateKey(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism, + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } ++ //set the handle into the session. ++ sess->handle = sSession->sessionh; + + if (pin_expired(&sess->session_info, + nv_token_data->token_info.flags) == TRUE) { +@@ -2791,6 +2871,8 @@ CK_RV SC_GenerateKeyPair(ST_SESSION_HANDLE *sSession, + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } ++ //set the handle into the session. ++ sess->handle = sSession->sessionh; + + if (pin_expired(&sess->session_info, + nv_token_data->token_info.flags) == TRUE) { +@@ -2875,6 +2957,8 @@ CK_RV SC_WrapKey(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism, + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } ++ //set the handle into the session. ++ sess->handle = sSession->sessionh; + + if (pin_expired(&sess->session_info, + nv_token_data->token_info.flags) == TRUE) { +@@ -2929,6 +3013,8 @@ CK_RV SC_UnwrapKey(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism, + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } ++ //set the handle into the session. ++ sess->handle = sSession->sessionh; + + if (pin_expired(&sess->session_info, + nv_token_data->token_info.flags) == TRUE) { +@@ -2998,6 +3084,8 @@ CK_RV SC_DeriveKey(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism, + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } ++ //set the handle into the session. ++ sess->handle = sSession->sessionh; + + if (pin_expired(&sess->session_info, + nv_token_data->token_info.flags) == TRUE) { +@@ -3104,6 +3192,8 @@ CK_RV SC_GenerateRandom(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pRandomData, + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } ++ //set the handle into the session. ++ sess->handle = sSession->sessionh; + + rc = rng_generate(pRandomData, ulRandomLen); + if (rc != CKR_OK) diff --git a/openCryptoki.changes b/openCryptoki.changes index cc8a863..192d77b 100644 --- a/openCryptoki.changes +++ b/openCryptoki.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Fri Jul 8 18:06:42 UTC 2016 - mpost@suse.com + +- Added the following patches (bsc#986854) + - ocki-3.5-icsf-reasoncode72-support.patch + - ocki-3.5-icsf-coverity-memoryleakfix.patch + - ocki-3.5-downgrade-syslogerror.patch + - ocki-3.5-icsf-sessionhandle-missing-fix.patch + - ocki-3.5-icsf-reasoncode-2028-added.patch + - ocki-3.5-added-NULLreturn-check.patch + ------------------------------------------------------------------- Mon Jun 13 20:17:04 UTC 2016 - mpost@suse.com diff --git a/openCryptoki.spec b/openCryptoki.spec index 22ed898..bcad290 100644 --- a/openCryptoki.spec +++ b/openCryptoki.spec @@ -64,6 +64,13 @@ Source3: openCryptoki-tmp.conf # and because we don't want(?) various file and directory permissions to be 0700. Patch1: ocki-3.1-remove-make-install-chgrp.patch Patch2: ocki-3.5-sanity-checking.patch +Patch3: ocki-3.5-icsf-reasoncode72-support.patch +Patch4: ocki-3.5-icsf-coverity-memoryleakfix.patch +Patch5: ocki-3.5-downgrade-syslogerror.patch +Patch6: ocki-3.5-icsf-sessionhandle-missing-fix.patch +Patch7: ocki-3.5-icsf-reasoncode-2028-added.patch +Patch8: ocki-3.5-added-NULLreturn-check.patch + Url: https://sourceforge.net/projects/opencryptoki/ BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: /usr/sbin/groupadd /usr/bin/id /usr/sbin/usermod /bin/sed @@ -143,6 +150,13 @@ Cryptographic Accelerator (FC 4960 on pSeries). %setup -q -n %{oc_cvs_tag} %patch1 -p1 %patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 + cp %{SOURCE2} . %build