Accepting request 866673 from home:markkp:branches:security

- Added the following patches for bsc#1179319
  * Fix compiling with C++:
    ocki-3.15.1-Fix-compiling-with-c.patch
  * Added error message handling for p11sak remove-key command.
    ocki-3.15.1-Added-error-message-handling-for-p11sak-remove-key-c.patch

OBS-URL: https://build.opensuse.org/request/show/866673
OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=114

ocki-3.15.1-Added-error-message-handling-for-p11sak-remove-key-c.patch

@@ -0,0 +1,132 @@
+From 821bc7ab4635e189d31bc3c808c626b9fcda5d02 Mon Sep 17 00:00:00 2001
+From: Matthias Reumann <matthias.reumann1@ibm.com>
+Date: Tue, 24 Nov 2020 15:52:16 +0100
+Subject: [PATCH] Added error message handling for p11sak remove-key command.
+
+Signed-off-by: Matthias Reumann <matthias.reumann1@ibm.com>
+---
+ usr/sbin/p11sak/p11sak.c | 43 +++++++++++++++++++++++++++++-----------
+ 1 file changed, 31 insertions(+), 12 deletions(-)
+
+diff --git a/usr/sbin/p11sak/p11sak.c b/usr/sbin/p11sak/p11sak.c
+index c783b29f..e87b6f97 100644
+--- a/usr/sbin/p11sak/p11sak.c
++++ b/usr/sbin/p11sak/p11sak.c
+@@ -2192,10 +2192,8 @@ static CK_RV confirm_destroy(char **user_input, char* label)
+     while (1){
+         nread = getline(user_input, &buflen, stdin);
+         if (nread == -1) {
+-            printf("User input failed (error code 0x%lX: %s)\n",
+-                    rc, p11_get_ckr(rc));
+-            rc = -1;
+-            return rc;
++            printf("User input: EOF\n");
++            return CKR_CANCEL;
+         }
+ 
+         if (user_input_ok(*user_input)) {
+@@ -2210,17 +2208,16 @@ static CK_RV confirm_destroy(char **user_input, char* label)
+     return rc;
+ }
+ 
+-
+ static CK_RV finalize_destroy_object(char *label, CK_SESSION_HANDLE *session,
+-                                   CK_OBJECT_HANDLE *hkey)
++                                   CK_OBJECT_HANDLE *hkey, CK_BBOOL *boolDestroyFlag)
+ {
+     char *user_input = NULL;
+     CK_RV rc = CKR_OK;
+ 
+     rc = confirm_destroy(&user_input, label);
+     if (rc != CKR_OK) {
+-        printf("User input failed (error code 0x%lX: %s)\n",
+-                rc, p11_get_ckr(rc));
++        printf("Skip deleting Key. User input %s\n", p11_get_ckr(rc));
++        rc = CKR_CANCEL;
+         goto done;
+     }
+ 
+@@ -2232,9 +2229,11 @@ static CK_RV finalize_destroy_object(char *label, CK_SESSION_HANDLE *session,
+                    label, rc, p11_get_ckr(rc));
+             goto done;
+         }
++        *boolDestroyFlag = CK_TRUE;
+         printf("DONE - Destroy Object with Label: %s\n", label);
+     } else if (strncmp(user_input, "n", 1) == 0) {
+         printf("Skip deleting Key\n");
++        *boolDestroyFlag = CK_FALSE;
+     } else {
+         printf("Please just enter (y) for yes or (n) for no.\n");
+     }
+@@ -2254,6 +2253,8 @@ static CK_RV delete_key(CK_SESSION_HANDLE session, p11sak_kt kt, char *rm_label,
+     CK_OBJECT_HANDLE hkey;
+     char *keytype = NULL;
+     char *label = NULL;
++    CK_BBOOL boolDestroyFlag = CK_FALSE;
++    CK_BBOOL boolSkipFlag = CK_FALSE;
+     CK_RV rc = CKR_OK;
+ 
+     rc = tok_key_list_init(session, kt, label);
+@@ -2290,6 +2291,7 @@ static CK_RV delete_key(CK_SESSION_HANDLE session, p11sak_kt kt, char *rm_label,
+         if (*forceAll) {
+             if ((strcmp(rm_label, "") == 0) || (strcmp(rm_label, label) == 0)) {
+                 printf("Destroy Object with Label: %s\n", label);
++
+                 rc = funcs->C_DestroyObject(session, hkey);
+                 if (rc != CKR_OK) {
+                     printf(
+@@ -2297,14 +2299,18 @@ static CK_RV delete_key(CK_SESSION_HANDLE session, p11sak_kt kt, char *rm_label,
+                             label, rc, p11_get_ckr(rc));
+                     goto done;
+                 }
+-                printf("DONE - Destroy Object with Label: %s\n", label);
++                boolDestroyFlag = CK_TRUE;
+             }
+         } else {
+             if ((strcmp(rm_label, "") == 0) || (strcmp(rm_label, label) == 0)) {
+-                rc = finalize_destroy_object(label, &session, &hkey);
++                rc = finalize_destroy_object(label, &session, &hkey, &boolDestroyFlag);
+                 if (rc != CKR_OK) {
+                     goto done;
+                 }
++
++                if (!boolDestroyFlag) {
++                    boolSkipFlag = CK_TRUE;
++                }
+             }
+         }
+ 
+@@ -2321,6 +2327,16 @@ static CK_RV delete_key(CK_SESSION_HANDLE session, p11sak_kt kt, char *rm_label,
+ 
+ done:
+ 
++    if (strlen(rm_label) > 0) {
++        if (boolDestroyFlag) {
++            printf("Object with Label: %s found and destroyed \n", rm_label);
++        } else if (boolSkipFlag) {
++            printf("Object with Label: %s not deleted\n", rm_label);
++        } else if (rc == CKR_OK) {
++            printf("Object with Label: %s not found\n", rm_label);
++        }
++    }
++
+     if (rc != CKR_OK) {
+         free(label);
+         free(keytype);
+@@ -2494,8 +2510,11 @@ int main(int argc, char *argv[])
+     /* Execute command */
+     rc = execute_cmd(session, slot, cmd, kt, keylength, exponent, ECcurve,
+             label, attr_string, long_print, &forceAll);
+-    if (rc != CKR_OK) {
+-        printf("Failed to execute p11sak command (error code 0x%lX: %s)\n", rc,
++    if (rc == CKR_CANCEL) {
++        printf("Cancel execution: p11sak %s command (error code 0x%lX: %s)\n", cmd2str(cmd), rc,
++                p11_get_ckr(rc));
++    } else if (rc != CKR_OK) {
++        printf("Failed to execute p11sak %s command (error code 0x%lX: %s)\n", cmd2str(cmd), rc,
+                 p11_get_ckr(rc));
+         goto done;
+     }
+-- 
+2.26.2
+

ocki-3.15.1-Fix-compiling-with-c.patch

@@ -0,0 +1,25 @@
+From 2d16f003911ceee50967546f4b3c7cac2db9ba86 Mon Sep 17 00:00:00 2001
+From: Bjar Ne <43565432+gleichdick@users.noreply.github.com>
+Date: Wed, 25 Nov 2020 09:13:57 +0000
+Subject: [PATCH] Fix compiling with c++
+
+---
+ usr/include/pkcs11types.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/usr/include/pkcs11types.h b/usr/include/pkcs11types.h
+index 18a82715..c9a475dd 100644
+--- a/usr/include/pkcs11types.h
++++ b/usr/include/pkcs11types.h
+@@ -1483,7 +1483,7 @@ typedef CK_FUNCTION_LIST_3_0_PTR CK_PTR CK_FUNCTION_LIST_3_0_PTR_PTR;
+ 
+ typedef struct CK_IBM_FUNCTION_LIST_1_0 CK_IBM_FUNCTION_LIST_1_0;
+ typedef struct CK_IBM_FUNCTION_LIST_1_0 CK_PTR CK_IBM_FUNCTION_LIST_1_0_PTR;
+-typedef struct CK_IBM_FUNCTION_LIST_1_0_PTR CK_PTR CK_IBM_FUNCTION_LIST_1_0_PTR_PTR;
++typedef CK_IBM_FUNCTION_LIST_1_0_PTR CK_PTR CK_IBM_FUNCTION_LIST_1_0_PTR_PTR;
+ 
+ typedef CK_RV (CK_PTR CK_C_Initialize) (CK_VOID_PTR pReserved);
+ typedef CK_RV (CK_PTR CK_C_Finalize) (CK_VOID_PTR pReserved);
+-- 
+2.26.2
+

openCryptoki.changes

@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Mon Jan 25 20:23:12 UTC 2021 - Mark Post <mpost@suse.com>
+
+- Added the following patches for bsc#1179319
+  * Fix compiling with C++:
+    ocki-3.15.1-Fix-compiling-with-c.patch
+  * Added error message handling for p11sak remove-key command.
+    ocki-3.15.1-Added-error-message-handling-for-p11sak-remove-key-c.patch
+
 -------------------------------------------------------------------
 Thu Jan 21 13:34:51 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
 

openCryptoki.spec

@@ -39,6 +39,8 @@ Source3:        openCryptoki-rpmlintrc
 # Patch 1 is needed because group pkcs11 doesn't exist in the build environment
 # and because we don't want(?) various file and directory permissions to be 0700.
 Patch1:         ocki-3.11-remove-make-install-chgrp.patch
+Patch2:         ocki-3.15.1-Added-error-message-handling-for-p11sak-remove-key-c.patch
+Patch3:         ocki-3.15.1-Fix-compiling-with-c.patch
 BuildRequires:  bison
 BuildRequires:  dos2unix
 BuildRequires:  flex
@@ -127,6 +129,8 @@ Cryptographic Accelerator (FC 4960 on pSeries).
 %prep
 %setup -q -n %{oc_cvs_tag}-%{version}
 %patch1 -p1
+%patch2 -p1
+%patch3 -p1
 
 cp %{SOURCE2} .