Accepting request 1328731 from security

OBS-URL: https://build.opensuse.org/request/show/1328731
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openCryptoki?expand=0&rev=91

ocki-3.25-PKCSSLOTD-Remove-the-use-of-MD5.patch

@@ -1,179 +0,0 @@
-From 144456ede9897662eed35ac8415d0ecb1c5907e3 Mon Sep 17 00:00:00 2001
-From: Ingo Franzki <ifranzki@linux.ibm.com>
-Date: Wed, 13 Aug 2025 13:50:24 +0200
-Subject: [PATCH] PKCSSLOTD: Remove the use of MD5
-
-The pkcsslotd uses MD5 to calculate kind of a checksum of the token directory
-path, for easy checking if the same token directory has already been used by
-other tokens.
-
-The use of MD5 for this is just historical, and has no security relevance at
-all. Still, OpenSSL running in FIPS mode might reject the use of MD5, so
-pkcsslotd will fail to start.
-
-Change the code to use SHA256 instead.
-
-Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
----
- usr/sbin/pkcsslotd/pkcsslotd.h |  6 +---
- usr/sbin/pkcsslotd/slotmgr.c   | 52 ++++++++++++++--------------------
- 2 files changed, 23 insertions(+), 35 deletions(-)
-
-diff --git a/usr/sbin/pkcsslotd/pkcsslotd.h b/usr/sbin/pkcsslotd/pkcsslotd.h
-index ec6a489a5..fa0db30f7 100644
---- a/usr/sbin/pkcsslotd/pkcsslotd.h
-+++ b/usr/sbin/pkcsslotd/pkcsslotd.h
-@@ -42,11 +42,7 @@
- 
- #endif                          /* DEV */
- 
--#define HASH_SHA1   1
--#define HASH_MD5    2
--#define compute_md5(a,b,c)      compute_hash(HASH_MD5,b,a,c)
--
--int compute_hash(int hash_type, int buf_size, char *buf, char *digest);
-+int compute_sha256(char *buf, int buf_size, char *digest);
- 
- /********************
-  * Global Variables *
-diff --git a/usr/sbin/pkcsslotd/slotmgr.c b/usr/sbin/pkcsslotd/slotmgr.c
-index 0c1a5586f..d0d85a85f 100644
---- a/usr/sbin/pkcsslotd/slotmgr.c
-+++ b/usr/sbin/pkcsslotd/slotmgr.c
-@@ -27,7 +27,7 @@
- #include "configuration.h"
- 
- #define OBJ_DIR "TOK_OBJ"
--#define MD5_HASH_SIZE 16
-+#define SHA256_HASH_SIZE 32
- 
- #define DEF_MANUFID "IBM"
- 
-@@ -44,8 +44,8 @@
-     #define DEF_SLOTDESC    "Linux"
- #endif
- 
--typedef char md5_hash_entry[MD5_HASH_SIZE];
--md5_hash_entry tokname_hash_table[NUMBER_SLOTS_MANAGED];
-+typedef char sha256_hash_entry[SHA256_HASH_SIZE];
-+sha256_hash_entry tokname_hash_table[NUMBER_SLOTS_MANAGED];
- 
- Slot_Mgr_Shr_t *shmp;           // pointer to the shared memory region.
- int shmid;
-@@ -86,27 +86,19 @@ void DumpSharedMemory(void)
-     }
- }
- 
--int compute_hash(int hash_type, int buf_size, char *buf, char *digest)
-+int compute_sha256(char *buf, int buf_size, char *digest)
- {
-     EVP_MD_CTX *md_ctx = NULL;
-     unsigned int result_size;
-     int rc;
- 
-     md_ctx = EVP_MD_CTX_create();
--
--    switch (hash_type) {
--    case HASH_SHA1:
--        rc = EVP_DigestInit(md_ctx, EVP_sha1());
--        break;
--    case HASH_MD5:
--        rc = EVP_DigestInit(md_ctx, EVP_md5());
--        break;
--    default:
--        EVP_MD_CTX_destroy(md_ctx);
-+    if (md_ctx == NULL) {
-+        fprintf(stderr, "EVP_MD_CTX_create() failed\n");
-         return -1;
--        break;
-     }
- 
-+    rc = EVP_DigestInit(md_ctx, EVP_sha256());
-     if (rc != 1) {
-         fprintf(stderr, "EVP_DigestInit() failed: rc = %d\n", rc);
-         return -1;
-@@ -374,12 +366,12 @@ void run_sanity_checks(void)
-     }
- }
- 
--int is_duplicate(md5_hash_entry hash, md5_hash_entry *hash_table)
-+int is_duplicate(sha256_hash_entry hash, sha256_hash_entry *hash_table)
- {
-     int i;
- 
-     for (i = 0; i < NUMBER_SLOTS_MANAGED; i++) {
--        if (memcmp(hash_table[i], hash, sizeof(md5_hash_entry)) == 0)
-+        if (memcmp(hash_table[i], hash, sizeof(sha256_hash_entry)) == 0)
-             return 1;
-     }
- 
-@@ -483,7 +475,7 @@ int chk_create_tokdir(Slot_Info_t_64 *psinfo)
-     mode_t proc_umask;
-     char *tokdir = psinfo->tokname;
-     char *tokgroup = psinfo->usergroup;
--    char token_md5_hash[MD5_HASH_SIZE];
-+    char token_sha256_hash[SHA256_HASH_SIZE];
- 
-     if (psinfo->present == FALSE)
-         return 0;
-@@ -517,26 +509,26 @@ int chk_create_tokdir(Slot_Info_t_64 *psinfo)
-      */
-     if (!tokdir || strlen(tokdir) == 0) {
-         /*
--         * Build the md5 hash from the dll name prefixed with 'dll:' to
-+         * Build the SHA256 hash from the dll name prefixed with 'dll:' to
-          * check for duplicate tokens with no 'tokname'.
-          */
-         snprintf(tokendir, sizeof(tokendir), "dll:%s", psinfo->dll_location);
--        rc = compute_md5(tokendir, strlen(tokendir), token_md5_hash);
-+        rc = compute_sha256(tokendir, strlen(tokendir), token_sha256_hash);
-         if (rc) {
--            fprintf(stderr, "Error calculating MD5 of token name!\n");
-+            fprintf(stderr, "Error calculating SHA256 of token name!\n");
-             return -1;
-         }
- 
-         /* check for duplicate token names */
--        if (is_duplicate(token_md5_hash, tokname_hash_table)) {
-+        if (is_duplicate(token_sha256_hash, tokname_hash_table)) {
-             fprintf(stderr, "Duplicate token in slot %llu!\n",
-                     psinfo->slot_number);
-             return -1;
-         }
- 
-         /* add entry into hash table */
--        memcpy(tokname_hash_table[psinfo->slot_number], token_md5_hash,
--               MD5_HASH_SIZE);
-+        memcpy(tokname_hash_table[psinfo->slot_number], token_sha256_hash,
-+               SHA256_HASH_SIZE);
- 
-         return 0;
-     }
-@@ -549,21 +541,21 @@ int chk_create_tokdir(Slot_Info_t_64 *psinfo)
-         return -1;
-     }
- 
--    /* calculate md5 hash from token name */
--    rc = compute_md5(tokdir, strlen(tokdir), token_md5_hash);
-+    /* calculate SHA256 hash from token name */
-+    rc = compute_sha256(tokdir, strlen(tokdir), token_sha256_hash);
-     if (rc) {
--        fprintf(stderr, "Error calculating MD5 of token name!\n");
-+        fprintf(stderr, "Error calculating SHA256 of token name!\n");
-         return -1;
-     }
-     /* check for duplicate token names */
--    if (is_duplicate(token_md5_hash, tokname_hash_table)) {
-+    if (is_duplicate(token_sha256_hash, tokname_hash_table)) {
-         fprintf(stderr, "Duplicate token name '%s'!\n", tokdir);
-         return -1;
-     }
- 
-     /* add entry into hash table */
--    memcpy(tokname_hash_table[psinfo->slot_number], token_md5_hash,
--           MD5_HASH_SIZE);
-+    memcpy(tokname_hash_table[psinfo->slot_number], token_sha256_hash,
-+           SHA256_HASH_SIZE);
- 
-     /* Create token specific directory */
-     /* sprintf checked above */

ocki-3.26-remove-make-install-chgrp.patch

@@ -1,5 +1,5 @@
---- a/Makefile.am	2025-06-10 08:52:39.000000000 +0200
+--- a/Makefile.am	2025-11-11 08:58:19.000000000 +0100
-+++ b/Makefile.am	2025-06-16 12:25:31.040661532 +0200
++++ b/Makefile.am	2025-11-12 10:21:00.563936369 +0100
 @@ -51,19 +51,9 @@
  include doc/doc.mk
  

openCryptoki-CVE-2026-22791-commit-e37e912.patch

@@ -0,0 +1,113 @@
+From e37e9127deeeb7bf3c3c4d852c594256c57ec3a8 Mon Sep 17 00:00:00 2001
+From: Ingo Franzki <ifranzki@linux.ibm.com>
+Date: Thu, 8 Jan 2026 10:48:29 +0100
+Subject: [PATCH] COMMON: Fix CKM_ECDH_AES_KEY_WRAP buffer size calculation
+ with compressed keys
+
+When a C_WrapKey with CKM_ECDH_AES_KEY_WRAP is performed, and the EC public
+key used with it uses a compressed EC point, then the size of the wrapped
+key material is calculated wrongly. This may lead to an out-of-bounds write
+when the caller provides a buffer of that calculated size.
+
+The temporary EC key generated internally by this mechanism is always
+uses an uncompressed EC point, but the buffer size is erroneously calculated
+using the EC point of the supplied EC public key. Thus, in case a compressed
+EC point is supplied, the buffer size calculation results in a too short
+buffer.
+
+Fix this by calculating the buffer size using the EC point of the internally
+generated EC key, because this is what is later on written to the buffer.
+
+Fixes: 785d7577e1477d12fbe235554e7e7b24f2de34b7
+Reported-by: Pavel Kohout of Aisle Research, www.aisle.com
+Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
+---
+ usr/lib/common/mech_ec.c | 54 ++++++++++++++++++++--------------------
+ 1 file changed, 27 insertions(+), 27 deletions(-)
+
+diff --git a/usr/lib/common/mech_ec.c b/usr/lib/common/mech_ec.c
+index 2399c1cfb..ce031ec0c 100644
+--- a/usr/lib/common/mech_ec.c
++++ b/usr/lib/common/mech_ec.c
+@@ -1758,6 +1758,31 @@ CK_RV ecdh_aes_key_wrap(STDLL_TokData_t *tokdata, SESSION *sess,
+         goto done;
+     }
+ 
++    /* Get the (raw) size of the generated EC point */
++    rc = object_mgr_find_in_map1(tokdata, ec_publ_key_handle,
++                                 &pub_key_obj, READ_LOCK);
++    if (rc != CKR_OK) {
++        TRACE_ERROR("Failed to acquire key from EC public key handle.\n");
++        if (rc == CKR_OBJECT_HANDLE_INVALID)
++            rc = CKR_KEY_HANDLE_INVALID;
++        goto done;
++    }
++
++    rc = template_attribute_get_non_empty(pub_key_obj->template, CKA_EC_POINT,
++                                          &ec_point);
++    if (rc != CKR_OK) {
++        TRACE_DEVEL("Failed to get CKA_EC_POINT.\n");
++        goto done;
++    }
++
++    rc = ber_decode_OCTET_STRING((CK_BYTE *)ec_point->pValue,
++                                  &pub_ec_point, &pub_ec_point_len, &field_len);
++    if (rc != CKR_OK || field_len != ec_point->ulValueLen) {
++        rc = CKR_FUNCTION_FAILED;
++        TRACE_DEVEL("Failed to decode CKA_EC_POINT.\n");
++        goto done;
++    }
++
+     /* Perform ECDH to derive a shared AES key */
+     ecdh_params.kdf = params->kdf;
+     ecdh_params.pSharedData = params->pSharedData;
+@@ -1813,7 +1838,7 @@ CK_RV ecdh_aes_key_wrap(STDLL_TokData_t *tokdata, SESSION *sess,
+     }
+ 
+     /* Calculate the final length of the wrapped key data */
+-    total_len = ecdh_params.ulPublicDataLen + wrapped_key_len;
++    total_len = pub_ec_point_len + wrapped_key_len;
+ 
+     if (length_only) {
+         *out_data_len = total_len;
+@@ -1831,31 +1856,6 @@ CK_RV ecdh_aes_key_wrap(STDLL_TokData_t *tokdata, SESSION *sess,
+      * Copy the (raw) EC point of the public transport EC key as first part of
+      * the wrapped key data.
+      */
+-    rc = object_mgr_find_in_map1(tokdata, ec_publ_key_handle,
+-                                 &pub_key_obj, READ_LOCK);
+-    if (rc != CKR_OK) {
+-        TRACE_ERROR("Failed to acquire key from EC public key handle.\n");
+-        if (rc == CKR_OBJECT_HANDLE_INVALID)
+-            return CKR_KEY_HANDLE_INVALID;
+-        else
+-            return rc;
+-    }
+-
+-    rc = template_attribute_get_non_empty(pub_key_obj->template, CKA_EC_POINT,
+-                                          &ec_point);
+-    if (rc != CKR_OK) {
+-        TRACE_DEVEL("Failed to get CKA_EC_POINT.\n");
+-        goto done;
+-    }
+-
+-    rc = ber_decode_OCTET_STRING((CK_BYTE *)ec_point->pValue,
+-                                  &pub_ec_point, &pub_ec_point_len, &field_len);
+-    if (rc != CKR_OK || field_len != ec_point->ulValueLen) {
+-        rc = CKR_FUNCTION_FAILED;
+-        TRACE_DEVEL("Failed to decode CKA_EC_POINT.\n");
+-        goto done;
+-    }
+-
+     memcpy(out_data, pub_ec_point, pub_ec_point_len);
+ 
+     /*
+@@ -1864,7 +1864,7 @@ CK_RV ecdh_aes_key_wrap(STDLL_TokData_t *tokdata, SESSION *sess,
+      */
+     rc = encr_mgr_encrypt(tokdata, sess, FALSE, &aeskw_ctx,
+                           in_data, in_data_len,
+-                          out_data + ecdh_params.ulPublicDataLen,
++                          out_data + pub_ec_point_len,
+                           &wrapped_key_len);
+     if (rc != CKR_OK) {
+         TRACE_ERROR("Failed to encrypt the to-be-wrapped key: %s (0x%lx)\n",

openCryptoki-CVE-2026-23893-commit-5e6e4b4.patch

@@ -0,0 +1,460 @@
+From 5e6e4b42f2b1fcc1e4ef1b920e463bfa55da8b45 Mon Sep 17 00:00:00 2001
+From: Pavel Kohout <pavel@aisle.com>
+Date: Tue, 13 Jan 2026 00:00:00 +0000
+Subject: [PATCH] Fix symlink-following vulnerabilities (CWE-59)
+
+Multiple symlink-following vulnerabilities exist in OpenCryptoki that run
+in privileged contexts. These allow a token-group user to redirect file
+operations to arbitrary filesystem targets by planting symlinks in
+group-writable token directories, resulting in privilege escalation or
+data exposure.
+
+Affected components:
+1. pkcstok_admin: set_file_permissions() uses stat() which follows symlinks,
+   then applies chmod/chown to the symlink target.
+2. pkcstok_migrate: fopen() follows symlinks, then set_perm() modifies the
+   target permissions.
+3. loadsave.c: Multiple wrapper functions use fopen() followed by set_perm().
+4. hsm_mk_change.c: hsm_mk_change_op_open() uses fopen() followed by
+   hsm_mk_change_op_set_perm().
+5. pbkdf.c: fopen() followed by set_perms() in two locations.
+
+This fix:
+- Introduces fopen_nofollow() helper in platform.h
+- Checks for O_NOFOLLOW at compile time (not hardcoded per-platform)
+- On platforms with O_NOFOLLOW: uses open(O_NOFOLLOW) + fdopen() for atomic
+  symlink rejection (race-condition free)
+- On platforms without O_NOFOLLOW: falls back to lstat() + fopen() and emits
+  a compiler warning so the unsafe fallback doesn't go unnoticed
+- Updates all affected wrapper functions to use fopen_nofollow()
+- pkcstok_admin: Uses lstat() instead of stat() and skips symlinks
+
+Reported-by: Pavel Kohout, Aisle Research, www.aisle.com
+Signed-off-by: Pavel Kohout <pavel@aisle.com>
+Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
+---
+ usr/lib/common/loadsave.c                  | 81 +++++++++++++++++----
+ usr/lib/common/platform.h                  | 82 +++++++++++++++++++++-
+ usr/lib/hsm_mk_change/hsm_mk_change.c      |  8 ++-
+ usr/lib/icsf_stdll/pbkdf.c                 | 17 +++--
+ usr/sbin/pkcstok_admin/pkcstok_admin.c     |  9 ++-
+ usr/sbin/pkcstok_migrate/pkcstok_migrate.c | 23 ++++--
+ 6 files changed, 194 insertions(+), 26 deletions(-)
+
+diff --git a/usr/lib/common/loadsave.c b/usr/lib/common/loadsave.c
+index 18b8aa044..f9c0cc7f0 100644
+--- a/usr/lib/common/loadsave.c
++++ b/usr/lib/common/loadsave.c
+@@ -68,9 +68,17 @@ static FILE *open_token_object_path(char *buf, size_t buflen,
+                                     STDLL_TokData_t *tokdata, const char *path,
+                                     const char *mode)
+ {
++    FILE *fp;
++
+     if (get_token_object_path(buf, buflen, tokdata, path, NULL) < 0)
+         return NULL;
+-    return fopen(buf, mode);
++
++    /* CWE-59 fix: Use fopen_nofollow to prevent symlink attacks */
++    fp = fopen_nofollow(buf, mode);
++    if (fp == NULL && errno == ELOOP)
++        TRACE_ERROR("Refusing to follow symlink: %s\n", buf);
++
++    return fp;
+ }
+ 
+ static FILE *open_token_object_path_new(char *newbuf, size_t newbuflen,
+@@ -78,11 +86,19 @@ static FILE *open_token_object_path_new(char *newbuf, size_t newbuflen,
+                                         STDLL_TokData_t *tokdata,
+                                         const char *path, const char *mode)
+ {
++    FILE *fp;
++
+     if (get_token_object_path(newbuf, newbuflen, tokdata, path, ".TMP") < 0)
+         return NULL;
+     if (get_token_object_path(basebuf, basebuflen, tokdata, path, NULL) < 0)
+         return NULL;
+-    return fopen(newbuf, mode);
++
++    /* CWE-59 fix: Use fopen_nofollow to prevent symlink attacks */
++    fp = fopen_nofollow(newbuf, mode);
++    if (fp == NULL && errno == ELOOP)
++        TRACE_ERROR("Refusing to follow symlink: %s\n", newbuf);
++
++    return fp;
+ }
+ 
+ static int get_token_data_store_path(char *buf, size_t buflen,
+@@ -101,9 +117,17 @@ static FILE *open_token_data_store_path(char *buf, size_t buflen,
+                                         STDLL_TokData_t *tokdata,
+                                         const char *path, const char *mode)
+ {
++    FILE *fp;
++
+     if (get_token_data_store_path(buf, buflen, tokdata, path, NULL) < 0)
+         return NULL;
+-    return fopen(buf, mode);
++
++    /* CWE-59 fix: Use fopen_nofollow to prevent symlink attacks */
++    fp = fopen_nofollow(buf, mode);
++    if (fp == NULL && errno == ELOOP)
++        TRACE_ERROR("Refusing to follow symlink: %s\n", buf);
++
++    return fp;
+ }
+ 
+ static FILE *open_token_data_store_path_new(char *newbuf, size_t newbuflen,
+@@ -111,11 +135,19 @@ static FILE *open_token_data_store_path_new(char *newbuf, size_t newbuflen,
+                                             STDLL_TokData_t *tokdata,
+                                             const char *path, const char *mode)
+ {
++    FILE *fp;
++
+     if (get_token_data_store_path(newbuf, newbuflen, tokdata, path, ".TMP") < 0)
+         return NULL;
+     if (get_token_data_store_path(basebuf, basebuflen, tokdata, path, NULL) < 0)
+         return NULL;
+-    return fopen(newbuf, mode);
++
++    /* CWE-59 fix: Use fopen_nofollow to prevent symlink attacks */
++    fp = fopen_nofollow(newbuf, mode);
++    if (fp == NULL && errno == ELOOP)
++        TRACE_ERROR("Refusing to follow symlink: %s\n", newbuf);
++
++    return fp;
+ }
+ 
+ static FILE *open_token_object_index(char *buf, size_t buflen,
+@@ -127,17 +159,27 @@ static FILE *open_token_object_index(char *buf, size_t buflen,
+ static FILE *open_token_nvdat(char *buf, size_t buflen,
+                               STDLL_TokData_t *tokdata, const char *mode)
+ {
++    FILE *fp;
++
+     if (ock_snprintf(buf, buflen, "%s/" PK_LITE_NV, tokdata->data_store)) {
+         TRACE_ERROR("NVDAT.TOK file name buffer overflow\n");
+         return NULL;
+     }
+-    return fopen(buf, mode);
++
++    /* CWE-59 fix: Use fopen_nofollow to prevent symlink attacks */
++    fp = fopen_nofollow(buf, mode);
++    if (fp == NULL && errno == ELOOP)
++        TRACE_ERROR("Refusing to follow symlink: %s\n", buf);
++
++    return fp;
+ }
+ 
+ static FILE *open_token_nvdat_new(char *newbuf, size_t newbuflen,
+                                   char *basebuf, size_t basebuflen,
+                                   STDLL_TokData_t *tokdata, const char *mode)
+ {
++    FILE *fp;
++
+     if (ock_snprintf(newbuf, newbuflen, "%s/" PK_LITE_NV ".TMP",
+                      tokdata->data_store)) {
+         TRACE_ERROR("NVDAT.TOK file name buffer overflow\n");
+@@ -148,7 +190,13 @@ static FILE *open_token_nvdat_new(char *newbuf, size_t newbuflen,
+         TRACE_ERROR("NVDAT.TOK file name buffer overflow\n");
+         return NULL;
+     }
+-    return fopen(newbuf, mode);
++
++    /* CWE-59 fix: Use fopen_nofollow to prevent symlink attacks */
++    fp = fopen_nofollow(newbuf, mode);
++    if (fp == NULL && errno == ELOOP)
++        TRACE_ERROR("Refusing to follow symlink: %s\n", newbuf);
++
++    return fp;
+ }
+ 
+ static CK_RV close_token_file_new(FILE * fp, CK_RV rc,
+@@ -289,9 +337,12 @@ CK_RV save_token_object(STDLL_TokData_t *tokdata, OBJECT *obj)
+     // we didn't find it...either the index file doesn't exist or this
+     // is a new object...
+     //
+-    fp = fopen(fname, "a");
++    fp = fopen_nofollow(fname, "a");
+     if (!fp) {
+-        TRACE_ERROR("fopen(%s): %s\n", fname, strerror(errno));
++        if (errno == ELOOP)
++            TRACE_ERROR("Refusing to follow symlink: %s\n", fname);
++        else
++            TRACE_ERROR("fopen(%s): %s\n", fname, strerror(errno));
+         return CKR_FUNCTION_FAILED;
+     }
+ 
+@@ -663,11 +714,14 @@ CK_RV load_token_data_old(STDLL_TokData_t *tokdata, CK_SLOT_ID slot_id)
+         if (errno == ENOENT) {
+             init_token_data(tokdata, slot_id);
+ 
+-            fp = fopen(fname, "r");
++            fp = fopen_nofollow(fname, "r");
+             if (!fp) {
+                 // were really hosed here since the created
+                 // did not occur
+-                TRACE_ERROR("fopen(%s): %s\n", fname, strerror(errno));
++                if (errno == ELOOP)
++                    TRACE_ERROR("Refusing to follow symlink: %s\n", fname);
++                else
++                    TRACE_ERROR("fopen(%s): %s\n", fname, strerror(errno));
+                 rc = CKR_FUNCTION_FAILED;
+                 goto out_unlock;
+             }
+@@ -2345,11 +2399,14 @@ CK_RV load_token_data(STDLL_TokData_t *tokdata, CK_SLOT_ID slot_id)
+         if (errno == ENOENT) {
+             init_token_data(tokdata, slot_id);
+ 
+-            fp = fopen(fname, "r");
++            fp = fopen_nofollow(fname, "r");
+             if (!fp) {
+                 // were really hosed here since the created
+                 // did not occur
+-                TRACE_ERROR("fopen(%s): %s\n", fname, strerror(errno));
++                if (errno == ELOOP)
++                    TRACE_ERROR("Refusing to follow symlink: %s\n", fname);
++                else
++                    TRACE_ERROR("fopen(%s): %s\n", fname, strerror(errno));
+                 rc = CKR_FUNCTION_FAILED;
+                 goto out_unlock;
+             }
+diff --git a/usr/lib/common/platform.h b/usr/lib/common/platform.h
+index 799821b57..51cc1c737 100644
+--- a/usr/lib/common/platform.h
++++ b/usr/lib/common/platform.h
+@@ -7,7 +7,16 @@
+  * found in the file LICENSE file or at
+  * https://opensource.org/licenses/cpl1.0.php
+  */
++#ifndef PLATFORM_H
++#define PLATFORM_H
++
+ #include <dlfcn.h>
++#include <stdio.h>
++#include <fcntl.h>
++#include <unistd.h>
++#include <string.h>
++#include <errno.h>
++#include <sys/stat.h>
+ 
+ #if defined(_AIX)
+ #include "aix/getopt.h"
+@@ -30,10 +39,81 @@
+ /* for htobexx, htolexx, bexxtoh and lexxtoh macros */
+ #include <endian.h>
+ /* macros from bsdlog and friends */
+-#include <stdio.h>
+ #include <err.h>
+ 
+ #define OCK_API_LIBNAME "libopencryptoki.so"
+ #define DYNLIB_LDFLAGS (RTLD_NOW)
+ 
+ #endif /* _AIX */
++
++/*
++ * Check for O_NOFOLLOW support at compile time.
++ * If not available, fall back to lstat() + fopen() (has TOCTOU race).
++ */
++#ifndef O_NOFOLLOW
++#define OCK_NO_O_NOFOLLOW 1
++#warning "O_NOFOLLOW not supported, symlink protection uses racy lstat() fallback!"
++#endif
++
++/*
++ * CWE-59 fix: Open file without following symlinks.
++ *
++ * On platforms with O_NOFOLLOW support:
++ *   Uses open(O_NOFOLLOW) + fdopen() for atomic symlink rejection.
++ *
++ * On platforms without O_NOFOLLOW (e.g., older AIX):
++ *   Falls back to lstat() + fopen(). This has a TOCTOU race condition,
++ *   but still catches pre-planted symlinks which is the common attack
++ *   scenario. Better than no protection at all.
++ *
++ * Returns NULL with errno=ELOOP if path is a symlink.
++ */
++static inline FILE *fopen_nofollow(const char *path, const char *mode)
++{
++#ifdef OCK_NO_O_NOFOLLOW
++    /*
++     * Fallback for platforms without O_NOFOLLOW: use lstat() check.
++     * This has a TOCTOU race but catches pre-planted symlinks.
++     */
++    struct stat sb;
++
++    if (lstat(path, &sb) == 0) {
++        if (S_ISLNK(sb.st_mode)) {
++            errno = ELOOP;
++            return NULL;
++        }
++    }
++    /* Note: if lstat fails (e.g., file doesn't exist for "w" mode),
++     * we proceed with fopen() which will handle the error appropriately */
++    return fopen(path, mode);
++#else
++    /* Preferred: atomic symlink rejection via O_NOFOLLOW */
++    int flags = O_NOFOLLOW;
++    int fd;
++    FILE *fp;
++
++    /* Determine flags based on mode */
++    if (mode[0] == 'r') {
++        flags |= (mode[1] == '+') ? O_RDWR : O_RDONLY;
++    } else if (mode[0] == 'w') {
++        flags |= O_CREAT | O_TRUNC | ((mode[1] == '+') ? O_RDWR : O_WRONLY);
++    } else if (mode[0] == 'a') {
++        flags |= O_CREAT | O_APPEND | ((mode[1] == '+') ? O_RDWR : O_WRONLY);
++    } else {
++        return NULL;
++    }
++
++    fd = open(path, flags, 0600);
++    if (fd < 0)
++        return NULL;
++
++    fp = fdopen(fd, mode);
++    if (fp == NULL) {
++        close(fd);
++        return NULL;
++    }
++    return fp;
++#endif
++}
++
++#endif /* PLATFORM_H */
+diff --git a/usr/lib/hsm_mk_change/hsm_mk_change.c b/usr/lib/hsm_mk_change/hsm_mk_change.c
+index f40dfb43e..8c66546f6 100644
+--- a/usr/lib/hsm_mk_change/hsm_mk_change.c
++++ b/usr/lib/hsm_mk_change/hsm_mk_change.c
+@@ -623,9 +623,13 @@ static FILE* hsm_mk_change_op_open(const char *id, CK_SLOT_ID slot_id,
+ 
+     TRACE_DEVEL("file to open: %s mode: %s\n", hsm_mk_change_file, mode);
+ 
+-    fp = fopen(hsm_mk_change_file, mode);
++    /* CWE-59 fix: Use fopen_nofollow to prevent symlink attacks */
++    fp = fopen_nofollow(hsm_mk_change_file, mode);
+     if (fp == NULL) {
+-        TRACE_ERROR("%s fopen(%s, %s): %s\n", __func__,
++        if (errno == ELOOP)
++            TRACE_ERROR("Refusing to follow symlink: %s\n", hsm_mk_change_file);
++        else
++            TRACE_ERROR("%s fopen(%s, %s): %s\n", __func__,
+                         hsm_mk_change_file, mode, strerror(errno));
+     }
+ 
+diff --git a/usr/lib/icsf_stdll/pbkdf.c b/usr/lib/icsf_stdll/pbkdf.c
+index 47d1b97c3..91230804f 100644
+--- a/usr/lib/icsf_stdll/pbkdf.c
++++ b/usr/lib/icsf_stdll/pbkdf.c
+@@ -26,6 +26,7 @@
+ #include "h_extern.h"
+ #include "pbkdf.h"
+ #include "trace.h"
++#include "platform.h"
+ 
+ 
+ CK_RV get_randombytes(unsigned char *output, int bytes)
+@@ -546,9 +547,13 @@ CK_RV secure_racf(STDLL_TokData_t *tokdata,
+     totallen = outputlen + AES_INIT_VECTOR_SIZE;
+ 
+     snprintf(fname, sizeof(fname), "%s/%s/%s", CONFIG_PATH, tokname, RACFFILE);
+-    fp = fopen(fname, "w");
++    /* CWE-59 fix: Use fopen_nofollow to prevent symlink attacks */
++    fp = fopen_nofollow(fname, "w");
+     if (!fp) {
+-        TRACE_ERROR("fopen failed: %s\n", strerror(errno));
++        if (errno == ELOOP)
++            TRACE_ERROR("Refusing to follow symlink: %s\n", fname);
++        else
++            TRACE_ERROR("fopen failed: %s\n", strerror(errno));
+         return CKR_FUNCTION_FAILED;
+     }
+ 
+@@ -619,9 +624,13 @@ CK_RV secure_masterkey(STDLL_TokData_t *tokdata,
+     /* get the total length */
+     totallen = outputlen + SALTSIZE;
+ 
+-    fp = fopen(fname, "w");
++    /* CWE-59 fix: Use fopen_nofollow to prevent symlink attacks */
++    fp = fopen_nofollow(fname, "w");
+     if (!fp) {
+-        TRACE_ERROR("fopen failed: %s\n", strerror(errno));
++        if (errno == ELOOP)
++            TRACE_ERROR("Refusing to follow symlink: %s\n", fname);
++        else
++            TRACE_ERROR("fopen failed: %s\n", strerror(errno));
+         return CKR_FUNCTION_FAILED;
+     }
+ 
+diff --git a/usr/sbin/pkcstok_admin/pkcstok_admin.c b/usr/sbin/pkcstok_admin/pkcstok_admin.c
+index 9912804ee..d144cc04c 100644
+--- a/usr/sbin/pkcstok_admin/pkcstok_admin.c
++++ b/usr/sbin/pkcstok_admin/pkcstok_admin.c
+@@ -336,11 +336,18 @@ static int set_file_permissions(const char *fname, const struct group *group,
+     pr_verbose("Setting permissions for '%s' with group '%s'", fname,
+                group->gr_name);
+ 
+-    if (stat(fname, &sb) != 0) {
++    /* CWE-59 fix: Use lstat to detect symlinks */
++    if (lstat(fname, &sb) != 0) {
+         warnx("'%s' does not exist.", fname);
+         return -1;
+     }
+ 
++    /* Only process regular files and directories (CWE-59 fix) */
++    if (!S_ISREG(sb.st_mode) && !S_ISDIR(sb.st_mode)) {
++        warnx("Skipping '%s': not a regular file or directory.", fname);
++        return 0;
++    }
++
+     if (sb.st_uid != 0) {
+         /* owner is not root */
+         pwd = getpwuid(sb.st_uid);
+diff --git a/usr/sbin/pkcstok_migrate/pkcstok_migrate.c b/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
+index 12b605b5b..9579e2364 100644
+--- a/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
++++ b/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
+@@ -48,6 +48,7 @@
+ #include "local_types.h"
+ #include "h_extern.h"
+ #include "slotmgr.h" // for ock_snprintf
++#include "platform.h"
+ 
+ #define OCK_TOOL
+ #include "pkcs_utils.h"
+@@ -77,9 +78,14 @@ static FILE *open_datastore_file(char *buf, size_t buflen,
+         TRACE_ERROR("Path overflow for datastore file %s\n", file);
+         return NULL;
+     }
+-    res = fopen(buf, mode);
+-    if (!res)
+-        TRACE_ERROR("fopen(%s) failed, errno=%s\n", buf, strerror(errno));
++    /* CWE-59 fix: Use fopen_nofollow to prevent symlink attacks */
++    res = fopen_nofollow(buf, mode);
++    if (!res) {
++        if (errno == ELOOP)
++            TRACE_ERROR("Refusing to follow symlink: %s\n", buf);
++        else
++            TRACE_ERROR("fopen(%s) failed, errno=%s\n", buf, strerror(errno));
++    }
+     return res;
+ }
+ 
+@@ -94,9 +100,14 @@ static FILE *open_tokenobject(char *buf, size_t buflen,
+                     file, tokenobj);
+         return NULL;
+     }
+-    res = fopen(buf, mode);
+-    if (!res)
+-        TRACE_ERROR("fopen(%s) failed, errno=%s\n", buf, strerror(errno));
++    /* CWE-59 fix: Use fopen_nofollow to prevent symlink attacks */
++    res = fopen_nofollow(buf, mode);
++    if (!res) {
++        if (errno == ELOOP)
++            TRACE_ERROR("Refusing to follow symlink: %s\n", buf);
++        else
++            TRACE_ERROR("fopen(%s) failed, errno=%s\n", buf, strerror(errno));
++    }
+     return res;
+ }
+ 

openCryptoki.changes

@@ -1,3 +1,49 @@
+-------------------------------------------------------------------
+Thu Jan 22 16:34:43 UTC 2026 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
+
+- Applied a patch (bsc#1257116,  CVE-2026-23893) 
+ * openCryptoki-CVE-2026-23893-commit-5e6e4b4.patch
+
+-------------------------------------------------------------------
+Wed Jan 14 13:06:33 UTC 2026 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
+
+- Applied a patch (bsc#1256673, CVE-2026-22791)
+  * openCryptoki-CVE-2026-22791-commit-e37e912.patch
+
+-------------------------------------------------------------------
+Thu Jan  8 10:14:17 UTC 2026 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
+
+- Modified the .spec file for Immutable Mode (jsc#PED-14798)
+
+-------------------------------------------------------------------
+Wed Nov 12 09:04:02 UTC 2025 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
+
+- Upgrade openCryptoki to 3.26
+  * Soft: Add support for RSA keys up to 16K bits.
+  * CCA: Add support for RSA keys up to 8K bits (requires CCA v8.4 or v7.6 or later).
+  * p11sak: Add support for generating RSA keys up to 16K bits.
+  * Soft/ICA: Add support for SHA512/224 and SHA512/256 key derivation mechanism (CKM_SHA512_224_KEY_DERIVATION and CKM_SHA512_256_KEY_DERIVATION).
+  * Soft/ICA/CCA/EP11: Add support for SHA-HMAC key types CKK_SHAxxx_HMAC and key gen mechanisms CKM_SHAxxx_KEY_GEN.
+  * p11sak: Add support for SHA-HMAC key types and key generation.
+  * p11sak: Add support for key wrap and unwrap commands to export and import private and secret keys by means of key wrapping/unwrapping 
+    with various key wrapping mechanism.
+  * p11kmip: Add support for using an HSM-protected TLS client key via a PKCS#11 provider.
+  * p11sak: Add support for exporting non-sensitive private keys to password protected PEM files.
+  * Add support for canceling an operation via NULL mechanism pointer at C_XxxInit() call as an alternative to C_SessionCancel() (PKCS#11 v3.0).
+  * EP11: Add support for pairing friendly BLS12-381 EC curve for sign/verify using CKM_IBM_ECDSA_OTHER and signature/public key aggregation using CKM_IBM_EC_AGGREGATE.
+  * p11sak: Add support for generating BLS12-381 EC keys.
+  * EP11: Add support for IBM-specific ML-DSA and ML-KEM key types and mechanisms (requires an EP11 host library v4.2 or later, and 
+    a CEX8P crypto card with firmware v9.6 or later on IBM z17, and v8.39 or later on IBM z16).
+  * CCA: Add support for IBM-specific ML-DSA and ML-KEM key types and mechanisms (requires CCA v8.4 or later).
+  * Soft: Add support for IBM-specific ML-DSA and ML-KEM key types and mechanisms (requires OpenSSL 3.5 or later, or the OQS-provider must be configured).
+  * p11sak: Add support for IBM-specific ML-DSA and ML-KEM key types.
+  * Bug fixes. 
+- Removed obsolete patches
+  * ocki-3.25-remove-make-install-chgrp.patch 
+  * ocki-3.25-PKCSSLOTD-Remove-the-use-of-MD5.patch
+- Applied a new patch for version 3.26
+  * ocki-3.26-remove-make-install-chgrp.patch 
+
 -------------------------------------------------------------------
 Thu Aug 14 04:56:04 UTC 2025 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
 
@@ -7,7 +53,7 @@ Thu Aug 14 04:56:04 UTC 2025 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
 -------------------------------------------------------------------
 Tue Jul 29 07:27:20 UTC 2025 - Andreas Schwab <schwab@suse.de>
 
-- Add riscv54 to openCryptoki_64bit_arch
+- Add riscv64 to openCryptoki_64bit_arch
 
 -------------------------------------------------------------------
 Mon Jun 16 09:43:23 UTC 2025 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>

openCryptoki.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package openCryptoki
 #
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2026 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -26,8 +26,18 @@
 %define pkcs_group pkcs11
 %define oc_cvs_tag opencryptoki
 
+%ifarch s390 s390x
+    %define ocki_conf_flags --enable-icatok --enable-ccatok --enable-ep11tok --enable-pkcsep11_migrate
+%else
+    %ifnarch i586
+        %define ocki_conf_flags --disable-icatok --enable-ccatok --disable-ep11tok --disable-pkcsep11_migrate --enable-pkcscca_migrate
+    %else
+        %define ocki_conf_flags --disable-icatok --disable-ccatok --disable-ep11tok --disable-pkcsep11_migrate --disable-pkcscca_migrate
+    %endif
+%endif
+
 Name:           openCryptoki
-Version:        3.25.0
+Version:        3.26.0
 Release:        0
 Summary:        An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM Cryptographic Hardware
 License:        CPL-1.0
@@ -39,9 +49,10 @@ Source2:        openCryptoki-TFAQ.html
 Source3:        openCryptoki-rpmlintrc
 # Patch 0 is needed because group pkcs11 doesn't exist in the build environment
 # and because we don't want(?) various file and directory permissions to be 0700.
-Patch000:       ocki-3.25-remove-make-install-chgrp.patch
+Patch000:       ocki-3.26-remove-make-install-chgrp.patch
 #
-Patch010:       ocki-3.25-PKCSSLOTD-Remove-the-use-of-MD5.patch
+Patch010:       openCryptoki-CVE-2026-22791-commit-e37e912.patch
+Patch011:       openCryptoki-CVE-2026-23893-commit-5e6e4b4.patch
 #
 BuildRequires:  bison
 BuildRequires:  dos2unix
@@ -155,15 +166,7 @@ cp %{SOURCE2} .
 %ifarch aarch64  # Apparently, gcc for aarch64 doesn't support transactional memory
     --enable-locks \
 %endif
-%ifarch s390 s390x
+    %{ocki_conf_flags}
-    --enable-icatok --enable-ccatok --enable-ep11tok --enable-pkcsep11_migrate
-%else
-%ifnarch i586
-    --disable-icatok --enable-ccatok --disable-ep11tok --disable-pkcsep11_migrate --enable-pkcscca_migrate
-%else
-    --disable-icatok --disable-ccatok --disable-ep11tok --disable-pkcsep11_migrate --disable-pkcscca_migrate
-%endif
-%endif
 
 make %{?_smp_mflags}
 dos2unix doc/README.ep11_stdll
@@ -171,10 +174,25 @@ dos2unix doc/README.ep11_stdll
 %install
 %make_install
 install -d %{buildroot}%{_includedir}
-install -d %{buildroot}%{_localstatedir}/lib/opencryptoki
+# Move data templates from /var to /usr/share/opencryptoki for tmpfiles to use
+install -d %{buildroot}%{_datadir}/opencryptoki/templates
 install -d %{buildroot}%{_initddir}
 install -d %{buildroot}%{_sbindir}
 install -d %{buildroot}%{_prefix}/lib/tmpfiles.d
+# Define the tmpfiles.d configuration
+cat > %{buildroot}%{_prefix}/lib/tmpfiles.d/opencryptoki.conf <<EOF
+# Type Path        Mode UID  GID  Age Argument
+d /var/lib/opencryptoki 0755 root pkcs11 - -
+d /var/lib/opencryptoki/swtok 0770 root pkcs11 - -
+d /var/lib/opencryptoki/swtok/TOK_OBJ 0770 root pkcs11 - -
+d /var/lib/opencryptoki/tpm 0770 root pkcs11 - -
+d /var/lib/opencryptoki/icsf 0770 root pkcs11 - -
+d /var/log/opencryptoki 0770 root pkcs11 - -
+L+ /etc/pkcs11 - - - - /var/lib/opencryptoki
+EOF
+# Remove manual directory creation in %install that belongs in /var
+rm -rf %{buildroot}%{_localstatedir}/lib/opencryptoki
+rm -rf %{buildroot}%{_localstatedir}/log/opencryptoki
 #
 mkdir -p %{buildroot}%{_datadir}/opencryptoki
 cp %{buildroot}%{_datadir}/doc/opencryptoki/*.conf %{buildroot}%{_datadir}/opencryptoki
@@ -199,22 +217,13 @@ getent passwd pkcsslotd 2>/dev/null || %{_sbindir}/useradd -g %{pkcs_group} -r p
 %{service_del_preun pkcsslotd.service}
 
 %post
-# Symlink from /var/lib/opencryptoki to /etc/pkcs11
+# Use the systemd-tmpfiles macro to ensure directories are created on next boot/transaction
-if [ ! -L %{_sysconfdir}/pkcs11 ] ; then
+%tmpfiles_create %{_tmpfilesdir}/opencryptoki.conf
-	if [ -e %{_sysconfdir}/pkcs11/pk_config_data ] ; then
-		mv %{_sysconfdir}/pkcs11/* %{_localstatedir}/lib/opencryptoki
-		cd %{_sysconfdir} && rm -rf pkcs11 && \
-			ln -sf %{_localstatedir}/lib/opencryptoki pkcs11
-	fi
-fi
 /sbin/ldconfig
-%{?tmpfiles_create:%tmpfiles_create %{_tmpfilesdir}/opencryptoki.conf}
 %{service_add_post pkcsslotd.service}
 
 %postun
-if [ -L %{_sysconfdir}/pkcs11 ] ; then
+/sbin/ldconfig
-	rm %{_sysconfdir}/pkcs11
-fi
 %{service_del_postun pkcsslotd.service}
 
 %ifarch %{openCryptoki_32bit_arch}
@@ -282,8 +291,6 @@ ln -sf %{_libdir}/opencryptoki/libopencryptoki.so %{_prefix}/lib/pkcs11/PKCS11_A
 %ifnarch i586
 %config %{_sysconfdir}/opencryptoki/ccatok.conf
 %{_sbindir}/pkcscca
-%dir %attr(770,root,%{pkcs_group}) %{_localstatedir}/lib/opencryptoki/ccatok
-%dir %attr(770,root,%{pkcs_group}) %{_localstatedir}/lib/opencryptoki/ccatok/TOK_OBJ
 %endif
 %{_sbindir}/p11kmip
 %{_sbindir}/pkcsslotd
@@ -295,20 +302,12 @@ ln -sf %{_libdir}/opencryptoki/libopencryptoki.so %{_prefix}/lib/pkcs11/PKCS11_A
 %dir %{_libdir}/opencryptoki
 %dir %{_libdir}/opencryptoki/stdll
   # State and lock directories
-%dir %attr(755,root,%{pkcs_group}) %{_localstatedir}/lib/opencryptoki
-%dir %attr(770,root,%{pkcs_group}) %{_localstatedir}/lib/opencryptoki/swtok
-%dir %attr(770,root,%{pkcs_group}) %{_localstatedir}/lib/opencryptoki/swtok/TOK_OBJ
-%dir %attr(770,root,%{pkcs_group}) %{_localstatedir}/lib/opencryptoki/tpm
-%dir %attr(770,root,%{pkcs_group}) %{_localstatedir}/lib/opencryptoki/icsf
-%ifarch s390 s390x
-%dir %attr(770,root,%{pkcs_group}) %{_localstatedir}/lib/opencryptoki/ep11tok
-%dir %attr(770,root,%{pkcs_group}) %{_localstatedir}/lib/opencryptoki/ep11tok/TOK_OBJ
-%dir %attr(770,root,%{pkcs_group}) %{_localstatedir}/lib/opencryptoki/lite
-%dir %attr(770,root,%{pkcs_group}) %{_localstatedir}/lib/opencryptoki/lite/TOK_OBJ
-%endif
-%dir %attr(770,root,%{pkcs_group}) %{_localstatedir}/log/opencryptoki/
 %{_mandir}/man*/*
 %{_sbindir}/pkcshsm_mk_change
+#
+%{_prefix}/lib/tmpfiles.d/opencryptoki.conf
+# Ensure we don't package files in /var directly
+%ghost %dir %attr(755,root,%{pkcs_group}) %{_localstatedir}/lib/opencryptoki
 
 %files devel
 %dir %{_libdir}/opencryptoki