From a15ba93dba6fc5334d25d6995a97affff9ae2af4563dc3d98ea21b01dd09a38b Mon Sep 17 00:00:00 2001 From: Mark Post Date: Mon, 25 Jan 2021 20:49:50 +0000 Subject: [PATCH] Accepting request 866673 from home:markkp:branches:security - Added the following patches for bsc#1179319 * Fix compiling with C++: ocki-3.15.1-Fix-compiling-with-c.patch * Added error message handling for p11sak remove-key command. ocki-3.15.1-Added-error-message-handling-for-p11sak-remove-key-c.patch OBS-URL: https://build.opensuse.org/request/show/866673 OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=114 --- ...age-handling-for-p11sak-remove-key-c.patch | 132 ++++++++++++++++++ ocki-3.15.1-Fix-compiling-with-c.patch | 25 ++++ openCryptoki.changes | 9 ++ openCryptoki.spec | 4 + 4 files changed, 170 insertions(+) create mode 100644 ocki-3.15.1-Added-error-message-handling-for-p11sak-remove-key-c.patch create mode 100644 ocki-3.15.1-Fix-compiling-with-c.patch diff --git a/ocki-3.15.1-Added-error-message-handling-for-p11sak-remove-key-c.patch b/ocki-3.15.1-Added-error-message-handling-for-p11sak-remove-key-c.patch new file mode 100644 index 0000000..9b6dcdf --- /dev/null +++ b/ocki-3.15.1-Added-error-message-handling-for-p11sak-remove-key-c.patch @@ -0,0 +1,132 @@ +From 821bc7ab4635e189d31bc3c808c626b9fcda5d02 Mon Sep 17 00:00:00 2001 +From: Matthias Reumann +Date: Tue, 24 Nov 2020 15:52:16 +0100 +Subject: [PATCH] Added error message handling for p11sak remove-key command. + +Signed-off-by: Matthias Reumann +--- + usr/sbin/p11sak/p11sak.c | 43 +++++++++++++++++++++++++++++----------- + 1 file changed, 31 insertions(+), 12 deletions(-) + +diff --git a/usr/sbin/p11sak/p11sak.c b/usr/sbin/p11sak/p11sak.c +index c783b29f..e87b6f97 100644 +--- a/usr/sbin/p11sak/p11sak.c ++++ b/usr/sbin/p11sak/p11sak.c +@@ -2192,10 +2192,8 @@ static CK_RV confirm_destroy(char **user_input, char* label) + while (1){ + nread = getline(user_input, &buflen, stdin); + if (nread == -1) { +- printf("User input failed (error code 0x%lX: %s)\n", +- rc, p11_get_ckr(rc)); +- rc = -1; +- return rc; ++ printf("User input: EOF\n"); ++ return CKR_CANCEL; + } + + if (user_input_ok(*user_input)) { +@@ -2210,17 +2208,16 @@ static CK_RV confirm_destroy(char **user_input, char* label) + return rc; + } + +- + static CK_RV finalize_destroy_object(char *label, CK_SESSION_HANDLE *session, +- CK_OBJECT_HANDLE *hkey) ++ CK_OBJECT_HANDLE *hkey, CK_BBOOL *boolDestroyFlag) + { + char *user_input = NULL; + CK_RV rc = CKR_OK; + + rc = confirm_destroy(&user_input, label); + if (rc != CKR_OK) { +- printf("User input failed (error code 0x%lX: %s)\n", +- rc, p11_get_ckr(rc)); ++ printf("Skip deleting Key. User input %s\n", p11_get_ckr(rc)); ++ rc = CKR_CANCEL; + goto done; + } + +@@ -2232,9 +2229,11 @@ static CK_RV finalize_destroy_object(char *label, CK_SESSION_HANDLE *session, + label, rc, p11_get_ckr(rc)); + goto done; + } ++ *boolDestroyFlag = CK_TRUE; + printf("DONE - Destroy Object with Label: %s\n", label); + } else if (strncmp(user_input, "n", 1) == 0) { + printf("Skip deleting Key\n"); ++ *boolDestroyFlag = CK_FALSE; + } else { + printf("Please just enter (y) for yes or (n) for no.\n"); + } +@@ -2254,6 +2253,8 @@ static CK_RV delete_key(CK_SESSION_HANDLE session, p11sak_kt kt, char *rm_label, + CK_OBJECT_HANDLE hkey; + char *keytype = NULL; + char *label = NULL; ++ CK_BBOOL boolDestroyFlag = CK_FALSE; ++ CK_BBOOL boolSkipFlag = CK_FALSE; + CK_RV rc = CKR_OK; + + rc = tok_key_list_init(session, kt, label); +@@ -2290,6 +2291,7 @@ static CK_RV delete_key(CK_SESSION_HANDLE session, p11sak_kt kt, char *rm_label, + if (*forceAll) { + if ((strcmp(rm_label, "") == 0) || (strcmp(rm_label, label) == 0)) { + printf("Destroy Object with Label: %s\n", label); ++ + rc = funcs->C_DestroyObject(session, hkey); + if (rc != CKR_OK) { + printf( +@@ -2297,14 +2299,18 @@ static CK_RV delete_key(CK_SESSION_HANDLE session, p11sak_kt kt, char *rm_label, + label, rc, p11_get_ckr(rc)); + goto done; + } +- printf("DONE - Destroy Object with Label: %s\n", label); ++ boolDestroyFlag = CK_TRUE; + } + } else { + if ((strcmp(rm_label, "") == 0) || (strcmp(rm_label, label) == 0)) { +- rc = finalize_destroy_object(label, &session, &hkey); ++ rc = finalize_destroy_object(label, &session, &hkey, &boolDestroyFlag); + if (rc != CKR_OK) { + goto done; + } ++ ++ if (!boolDestroyFlag) { ++ boolSkipFlag = CK_TRUE; ++ } + } + } + +@@ -2321,6 +2327,16 @@ static CK_RV delete_key(CK_SESSION_HANDLE session, p11sak_kt kt, char *rm_label, + + done: + ++ if (strlen(rm_label) > 0) { ++ if (boolDestroyFlag) { ++ printf("Object with Label: %s found and destroyed \n", rm_label); ++ } else if (boolSkipFlag) { ++ printf("Object with Label: %s not deleted\n", rm_label); ++ } else if (rc == CKR_OK) { ++ printf("Object with Label: %s not found\n", rm_label); ++ } ++ } ++ + if (rc != CKR_OK) { + free(label); + free(keytype); +@@ -2494,8 +2510,11 @@ int main(int argc, char *argv[]) + /* Execute command */ + rc = execute_cmd(session, slot, cmd, kt, keylength, exponent, ECcurve, + label, attr_string, long_print, &forceAll); +- if (rc != CKR_OK) { +- printf("Failed to execute p11sak command (error code 0x%lX: %s)\n", rc, ++ if (rc == CKR_CANCEL) { ++ printf("Cancel execution: p11sak %s command (error code 0x%lX: %s)\n", cmd2str(cmd), rc, ++ p11_get_ckr(rc)); ++ } else if (rc != CKR_OK) { ++ printf("Failed to execute p11sak %s command (error code 0x%lX: %s)\n", cmd2str(cmd), rc, + p11_get_ckr(rc)); + goto done; + } +-- +2.26.2 + diff --git a/ocki-3.15.1-Fix-compiling-with-c.patch b/ocki-3.15.1-Fix-compiling-with-c.patch new file mode 100644 index 0000000..3692b2a --- /dev/null +++ b/ocki-3.15.1-Fix-compiling-with-c.patch @@ -0,0 +1,25 @@ +From 2d16f003911ceee50967546f4b3c7cac2db9ba86 Mon Sep 17 00:00:00 2001 +From: Bjar Ne <43565432+gleichdick@users.noreply.github.com> +Date: Wed, 25 Nov 2020 09:13:57 +0000 +Subject: [PATCH] Fix compiling with c++ + +--- + usr/include/pkcs11types.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/usr/include/pkcs11types.h b/usr/include/pkcs11types.h +index 18a82715..c9a475dd 100644 +--- a/usr/include/pkcs11types.h ++++ b/usr/include/pkcs11types.h +@@ -1483,7 +1483,7 @@ typedef CK_FUNCTION_LIST_3_0_PTR CK_PTR CK_FUNCTION_LIST_3_0_PTR_PTR; + + typedef struct CK_IBM_FUNCTION_LIST_1_0 CK_IBM_FUNCTION_LIST_1_0; + typedef struct CK_IBM_FUNCTION_LIST_1_0 CK_PTR CK_IBM_FUNCTION_LIST_1_0_PTR; +-typedef struct CK_IBM_FUNCTION_LIST_1_0_PTR CK_PTR CK_IBM_FUNCTION_LIST_1_0_PTR_PTR; ++typedef CK_IBM_FUNCTION_LIST_1_0_PTR CK_PTR CK_IBM_FUNCTION_LIST_1_0_PTR_PTR; + + typedef CK_RV (CK_PTR CK_C_Initialize) (CK_VOID_PTR pReserved); + typedef CK_RV (CK_PTR CK_C_Finalize) (CK_VOID_PTR pReserved); +-- +2.26.2 + diff --git a/openCryptoki.changes b/openCryptoki.changes index 3e5c0fe..f261980 100644 --- a/openCryptoki.changes +++ b/openCryptoki.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Mon Jan 25 20:23:12 UTC 2021 - Mark Post + +- Added the following patches for bsc#1179319 + * Fix compiling with C++: + ocki-3.15.1-Fix-compiling-with-c.patch + * Added error message handling for p11sak remove-key command. + ocki-3.15.1-Added-error-message-handling-for-p11sak-remove-key-c.patch + ------------------------------------------------------------------- Thu Jan 21 13:34:51 UTC 2021 - Thorsten Kukuk diff --git a/openCryptoki.spec b/openCryptoki.spec index 1ae60d4..c9dc773 100644 --- a/openCryptoki.spec +++ b/openCryptoki.spec @@ -39,6 +39,8 @@ Source3: openCryptoki-rpmlintrc # Patch 1 is needed because group pkcs11 doesn't exist in the build environment # and because we don't want(?) various file and directory permissions to be 0700. Patch1: ocki-3.11-remove-make-install-chgrp.patch +Patch2: ocki-3.15.1-Added-error-message-handling-for-p11sak-remove-key-c.patch +Patch3: ocki-3.15.1-Fix-compiling-with-c.patch BuildRequires: bison BuildRequires: dos2unix BuildRequires: flex @@ -127,6 +129,8 @@ Cryptographic Accelerator (FC 4960 on pSeries). %prep %setup -q -n %{oc_cvs_tag}-%{version} %patch1 -p1 +%patch2 -p1 +%patch3 -p1 cp %{SOURCE2} .