pool/openCryptoki
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 843288 from home:markkp:branches:security

Browse Source 
- Upgraded to version 3.15.0 (jsc#SLE-13749, jsc#SLE-13666,
  jsc#SLE-13813, jsc#SLE-13812, jsc#SLE-13723, jsc#SLE-13714
  jsc#SLE-13715, jsc#SLE-13710, jsc#SLE-13774, jsc#SLE-13786)
  * openCryptoki 3.15.0
    - common: conform to PKCS 11 3.0 Baseline Provider profile
    - Introduce new vendor defined interface named "Vendor IBM"
    - Support C_IBM_ReencryptSingle via "Vendor IBM" interface
    - CCA: support key wrapping
    - SOFT: support ECC
    - p11sak tool: add remove-key command
    - Bug fixes
  * openCryptoki 3.14.0
    - EP11: Dilitium support stage 2
    - Common: Rework on process and thread locking
    - Common: Rework on btree and object locking
    - ICSF: minor fixes
    - TPM, ICA, ICSF: support multiple token instances
    - new tool p11sak
  * openCryptoki 3.13.0
    - EP11: Dilithium support
    - EP11: EdDSA support
    - EP11: support RSA-OAEP with non-SHA1 hash and MGF
- Removed obsolete oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch

OBS-URL: https://build.opensuse.org/request/show/843288
OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=106
This commit is contained in:
Mark Post 2020-10-21 23:12:00 +00:00 committed by Git OBS Bridge
parent 22f37498e5
commit dbe3a3a7ff
5 changed files with 34 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch
View File

@ -1,38 +0,0 @@
From 50a8a8806059647a3e446fd129995af61ec54867 Mon Sep 17 00:00:00 2001
From: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Tue, 3 Dec 2019 14:58:26 +0100
Subject: [PATCH] EP11: Fix EC-uncompress buffer length
Function ec_uncompress_public_key() expects the size of the output
buffer in out_pubkey to be specified in the out_len parameter.
However, variable pubkey_len is uninitialized when calling
ec_uncompress_public_key(), so this may result in CKR_BUFFER_TOO_SMALL
dependent on the value of pubkey_len.
Fix this by setting pubkey_len to the size of the public key buffer
allocated above.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
---
usr/lib/ep11_stdll/ep11_specific.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/usr/lib/ep11_stdll/ep11_specific.c b/usr/lib/ep11_stdll/ep11_specific.c
index 38b6708f..10dfe4e0 100644
--- a/usr/lib/ep11_stdll/ep11_specific.c
+++ b/usr/lib/ep11_stdll/ep11_specific.c
@@ -2034,9 +2034,10 @@ static CK_RV import_EC_key(STDLL_TokData_t * tokdata, SESSION * sess,
rc = get_ecsiglen(ec_key_obj, &privkey_len);
if (rc != CKR_OK)
goto import_EC_key_end;
- privkey_len /= 2; /* Public key is half the size of an EC signature */
+ privkey_len /= 2; /* private key is half the size of an EC signature */
- pubkey = (CK_BYTE *)malloc(1 + 2 * privkey_len);
+ pubkey_len = 1 + 2 * privkey_len;
+ pubkey = (CK_BYTE *)malloc(pubkey_len);
if (pubkey == NULL) {
rc = CKR_HOST_MEMORY;
goto import_EC_key_end;
--
2.13.7

3
openCryptoki-3.12.1.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a55b4f64a7df220df6b3041a34b4ed03a0852b2fa6bddf542a5876020853d7f1
size 974180

3
openCryptoki-3.15.0.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:8404b8b4d56904065ff232d2ead95c5451b2078eaaec64f0ae0c47118d762000
size 1145768

27
openCryptoki.changes
View File

@ -1,3 +1,30 @@
-------------------------------------------------------------------
Wed Oct 21 22:28:16 UTC 2020 - Mark Post <mpost@suse.com>
- Upgraded to version 3.15.0 (jsc#SLE-13749, jsc#SLE-13666,
jsc#SLE-13813, jsc#SLE-13812, jsc#SLE-13723, jsc#SLE-13714
jsc#SLE-13715, jsc#SLE-13710, jsc#SLE-13774, jsc#SLE-13786)
* openCryptoki 3.15.0
- common: conform to PKCS 11 3.0 Baseline Provider profile
- Introduce new vendor defined interface named "Vendor IBM"
- Support C_IBM_ReencryptSingle via "Vendor IBM" interface
- CCA: support key wrapping
- SOFT: support ECC
- p11sak tool: add remove-key command
- Bug fixes
* openCryptoki 3.14.0
- EP11: Dilitium support stage 2
- Common: Rework on process and thread locking
- Common: Rework on btree and object locking
- ICSF: minor fixes
- TPM, ICA, ICSF: support multiple token instances
- new tool p11sak
* openCryptoki 3.13.0
- EP11: Dilithium support
- EP11: EdDSA support
- EP11: support RSA-OAEP with non-SHA1 hash and MGF
- Removed obsolete oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Jan 6 19:25:16 UTC 2020 - Mark Post <mpost@suse.com> Mon Jan 6 19:25:16 UTC 2020 - Mark Post <mpost@suse.com>

8
openCryptoki.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package openCryptoki # spec file for package openCryptoki
# #
# Copyright (c) 2018-2020 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2018-2020 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -26,7 +26,7 @@
%define oc_cvs_tag opencryptoki %define oc_cvs_tag opencryptoki
Name: openCryptoki Name: openCryptoki
Version: 3.12.1 Version: 3.15.0
Release: 0 Release: 0
Summary: An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM Cryptographic Hardware Summary: An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM Cryptographic Hardware
License: CPL-1.0 License: CPL-1.0
@ -39,7 +39,6 @@ Source3: openCryptoki-rpmlintrc
# Patch 1 is needed because group pkcs11 doesn't exist in the build environment # Patch 1 is needed because group pkcs11 doesn't exist in the build environment
# and because we don't want(?) various file and directory permissions to be 0700. # and because we don't want(?) various file and directory permissions to be 0700.
Patch1: ocki-3.11-remove-make-install-chgrp.patch Patch1: ocki-3.11-remove-make-install-chgrp.patch
Patch2: oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch
BuildRequires: bison BuildRequires: bison
BuildRequires: dos2unix BuildRequires: dos2unix
BuildRequires: flex BuildRequires: flex
@ -129,7 +128,6 @@ Cryptographic Accelerator (FC 4960 on pSeries).
%prep %prep
%setup -q -n %{oc_cvs_tag}-%{version} %setup -q -n %{oc_cvs_tag}-%{version}
%patch1 -p1 %patch1 -p1
%patch2 -p1
cp %{SOURCE2} . cp %{SOURCE2} .
@ -235,6 +233,7 @@ ln -sf %{_libdir}/opencryptoki/libopencryptoki.so %{_prefix}/lib/pkcs11/PKCS11_A
%config %{_sysconfdir}/opencryptoki/ep11tok.conf %config %{_sysconfdir}/opencryptoki/ep11tok.conf
%{_sbindir}/pkcsep11_migrate %{_sbindir}/pkcsep11_migrate
%endif %endif
%{_sbindir}/p11sak
%{_unitdir}/pkcsslotd.service %{_unitdir}/pkcsslotd.service
%{_tmpfilesdir}/opencryptoki.conf %{_tmpfilesdir}/opencryptoki.conf
%{_sbindir}/rcpkcsslotd %{_sbindir}/rcpkcsslotd
@ -246,6 +245,7 @@ ln -sf %{_libdir}/opencryptoki/libopencryptoki.so %{_prefix}/lib/pkcs11/PKCS11_A
%{_sbindir}/pkcsslotd %{_sbindir}/pkcsslotd
%{_sbindir}/pkcsconf %{_sbindir}/pkcsconf
%{_sbindir}/pkcsicsf %{_sbindir}/pkcsicsf
%{_sbindir}/pkcstok_migrate
%dir %{_libdir}/opencryptoki %dir %{_libdir}/opencryptoki
%dir %{_libdir}/opencryptoki/stdll %dir %{_libdir}/opencryptoki/stdll
# State and lock directories # State and lock directories