This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "opencryptoki".
The annotated tag, v2.3.2 has been created
at fc7cd94bb03a6d0a4765ca71484395db5515fc4d (tag)
tagging 4498ff813bd2e176ae1646b5d394f4872af99740 (commit)
tagged by Klaus Heinrich Kiwi
on Thu Jul 29 09:33:04 2010 -0300
- Log -----------------------------------------------------------------
opencryptoki-2.3.2
Dan Horák (5):
add force-reload action to pkcsslotd initscript
sync pidfile path between pkcsslotd initscript and executable
don't set TERM signal explicitely when calling killproc
add -h command line option
print usage information when no option is given
Kent Yoder (5):
Print readable mechanism info in pkcsconf -m output
Print readable mechanism info in pkcsconf -m output, round 2
soft token mechanism list issues
session perf testcase returning buffer too small
soft token mechanism flag changes
Klaus Heinrich Kiwi (57):
Fix CKR_TEMPLATE_INCOMPLETE for AES Keys
Minor fixes/enhancements to the ock_tests.sh script
Add CCA Token to pkcs11_startup and pkcs_slot + minor cleanups
Libica-2 support
Fix NSS breakage, don't change caller's C_Initialize args
Add more items to be tracked-down in the TODO file
Move loader configuration from misc dir to usr/lib dir
Process pkcsslotd.in at build time instead of configure time
Use a ock_tests.sh.in to use the correct paths at build time
Minor fixes and cleanups to aep token Makefile.am
Minor fixes and cleanups to bcom token Makefile.am
Process pkcs_slot.in at build time instead of configure time
Minor fixes and cleanups to cca token Makefile.am
Minor fixes and cleanups to cr token Makefile.am
Minor fixes and cleanups to ica (s390) token Makefile.am
Minor fixes and cleanups to ica token Makefile.am
Minor fixes and cleanups to icc token Makefile.am
Minor fixes and cleanups to software token Makefile.am
Minor fixes and cleanups to TPM token Makefile.am
configure.in: avoid redefining standard directory variables
Process pkcs11_startup.in at build time instead of configure time
AEP token: use compiler flags (C macro) to resolve directories
CCA token: use compiler flags (C macro) to resolve directories
BCOM token: use compiler flags (C macro) to resolve directories
Corrent token: use compiler flags (C macro) to resolve directories
ica (s390) token: use compiler flags (C macro) to resolve directories
ica token: use compiler flags (C macro) to resolve directories
4758_status: Standardize Makefile.am
Minor fixes and cleanups to API Makefile.am
TPM token: use compiler flags (C macro) to resolve directories
software token: use compiler flags (C macro) to resolve directories
configure.in: complete refactor.
Fix wrong log message for "API already initialized" condition
Merge branch 'master' into opencryptoki-next
Fix minor typo in pkcsconf output
Fix minor typo in pkcsconf output
Important fixes to the RSA mechanisms
Automake: Use hardcoded path for ld.so.conf
Automake: Exclude ica_stdll from build, use ica_s390_stdll instead
Autoconf: Check for expect when building testcases
Misc Autoconf/automake fixes
Revert "Print readable mechanism info in pkcsconf -m output"
New "sess_perf.c" testcase
Remove duplicate object_mgr_remove_from_map() function
Optimize tracking for Read-Only sessions and login state
Use pointer as session handler in API layer
Use pointer as session handler in common library layer
Use pointer as object handler
Don't use $DESTDIR in references
Autoconf target fixes
Create local state directories when installing
Move specific documentation to doc/
RPM Spec files refactor
Fix CCA token: undefined symbol
Fix TPM token:undefined symbol
Merge branch 'opencryptoki-next'
New release: opencryptoki-2.3.2
Rajiv Andrade (5):
Version update
Makes pkcscca_migrate tool link dynamically to libcsulcca.so by using
dlopen() instead.
AES support included into the CCA token.
Version update.
Fixed the pkcsslotd init script to make it return codes according to LSB
specification.
Ramon de Carvalho Valle (8):
Fix public exponent attribute endianness bug
Check for vendor-defined object classes
Check the return values of RSA functions
Add rsa_parse_block function to RSA mechanisms
Fix CKR_BUFFER_TOO_SMALL error messages
Repl rsa_format_block function in RSA mechanisms
Modify PKCS functions to use rsa_parse_block
Add rsa_parse_block error message
danielhjones (14):
updated version to 2.2.3
Changes made to enable 64bit daemon/tools on 64bit platforms. Some
Closing spin lock file descriptor during SC_Finalize to prevent leaks on
Removing non-essential files from head branch.
Cleanup compiler warnings.
Compiler warning cleanup. Fix end of line chars on text files.
Mainly a cleanup of configure.in to remove target specific conditionals
and
Added pkcsslotd init script
Fixed /var/lib path perms and post processing.
The 390 arch does not build the software token. Symlinks are created for
These modifications represent a significant change in the way opencryptoki
Adding symlink for /usr/lib/pkcs11/libopencryptoki.so
Missing include for bzero bcopy.
Fixed calls to do_GetFunctionList.
kyoder (193):
Initial revision
nixed
removed, no need for this to be in CVS
removed, no need for this to be in CVS. Will submit to the patch tracker
on sf.
took out invalid include path involving /root
added detection of libtspi.so for the TPM STDLL
added tpm_stdll directory detection
added detection of the TPM STDLL
initial code drop for the TPM STDLL
initial drop for the TPM STDLL
Remove rcsid variable.
fix file perms for created files/directories.
check for tss/tss.h
always call FindObjectsFinal, even on error path
made openssl_read_key() return a value and set the RSA* as a param;
commented out size checks while getting RSA values
removed prototype for loadblob function (now included in trousers); added
public root key definitions and changed SUFFIX to ID to make more sense
removed loadblob function; added util_set_username() function
set APPID to TPM_STDLL
intial add, needed for changes to mainline
bugfixes to mainline for paths returning CKR_PIN_EXPIRED
added CKA_HIDDEN attribute
added code to filter out search results where CKA_HIDDEN is found
added util_create_id() function and added a few includes
moved variables to tpm_specific.c; changed protos; commented out
CKA_APPLICATION_ID
moved token_gen_identifier to tpm_util.c; added hidden attribute to keys;
moved variables out of tpm_specific.h
#undef PIN_LEN defines to get rid of compile warnings
make cleartext the default save method for the TPM token
get rid of session parameter to token specific login
formatting
change t_login functino to not require a session
change login functino to not require a session
add key_keysize_flag function
add key_keysize_flag function prototype
remove session handle requirement from all functions; add public root key
functionality; implement rsa encryption functions
initial add; added CKM_PKCS_RSA_OAEP mechanism for the TPM token only
added CKM_PKCS_RSA_OAEP mechanism for the TPM token only
added RSA OAEP functions
changes related to adding CKM_PKCS_RSA_OAEP mechanism for the TPM token
only
changes related to getting RSA encrypt/decrypt working
print name of unfound tag in find_key routine
2 bad casts fixed
unified logging; bugfix in referenceing out_data_len; added back rsa
functions for PKCS1.5 padding
added back PKCS1.5 padding RSA funcs
trimmed and corrected the mechanism list
remove x509 and OAEP stuff
remove x509 stuff
*** empty log message ***
added length params to rsa encrypt functions
added code to call t_rsa_encrypt without pre-padding
remove refs to oaep
remove oaep stuff
removed oaep funcs; make rsa enc/dec use PKCSv1.5 padding all the time
commented out unused code; changed an incorect free to
Tspi_Context_FreeMemory
cleanups; call build_attribute for each instance of
template_update_attribute
make sure legacy keys have the right encryption and signature schemes
cleanups; removed unused code
removed masterkey for the TPM token
removed refs to old masterkey and TPMTOK_USERNAME
nearly completely reverting back to common code, except private token
objects are stored with a TPM protected key
removed references to masterkey
removed refs to user dirs and updated the ID creation function
Updated to new design. Only 4 keys now, public root and leaf and private
root and leaf. Private token objects are protected by a TPM protected triple
DES key for now, will be AES in the future. 3DES key is wrapped by the private
leaf key, which requires auth.
changes to unlock user PIN once locked
add sign and verify functions
added sign and verify functions, moved the loadkey path to a common
function
cleanups
use AES to encrypt the private data store
moved debugging #defines to the header file
added openssl stuff, cleanups
removed masterkey_public and commented out code; removed legacy so ops;
allow changeauth on the backup software keys to fail silently when they're not
found on disk
moved the opaque attribute to pkcs11types.h; added better commenting
change CKA_KEY_BLOB to CKA_IBM_OPAQUE
removed commented out code
added TPMTOK_PUB_EXP #define since its used several places
added code to create a TSS key when one isn't found in the key object
added CKA_IBM_OPAQUE attribute
All changes for per user data stores.
formatting changes; modifications to do per user stuff using mmapped files
added function to check the public exponent
changes for per user pem file storing
modified #defines a bit
added all per user store code; added code to create a TSS_HKEY blob if
one's not found
added -DMMAP by default
don't create tpmtok/TOK_OBJ.. the stdll will create
tpmtok/username/TOK_OBJ automatically
changed related to MMAP
fchown and fchmod the mapfile on creation
comment out the relogging_in path
delete tpm token specific stuff on a call to initToken
include openssl/rsa.h so other files don't have to
deleted commented out code
BUGFIX for pin_expired/pin_locked. Incorrect flags were being passed in.
replaced the manual key wrapping with a version that calls
Tspi_Key_WrapKey
fix return code path in openssl_read_key
code added to verify oldPin in set_pin().
updated for release; fixed CFLAG wrt debugging
added comment
fixed hard coded path to pkcsconf
fixed hard coded path to pkcs11_startup
added -c to libtoolize line
added testcase Makefiles to AC_OUTPUT
add testcases to build
removed in favor of Makefile.am
*** empty log message ***
added to tie testcases into the main build
fixed compile errors/warnings
updated the token_info flags, not the session_info flags
tie all passwords into on #define in include/regress.h
put the so version numbers on one line (FC4 bug)
changed the header we check for at configure time to work with trousers
0.2.x
compat with trousers-0.2.x
Fixed type-o
Moved struct error_msg[] to log.c.
moved struct error_msg[] from msg.h to here.
added new logging macros
added logging identifier to the build
added #include h_extern.h for logging macros and formatting change
added master_key_private definition
compile in common code
use the common args.h and change st_err_log to LogError calls
added definition for CK_ENC_AUTHDATA
use the common args.h
move order of #includes so that things compile
#include tok_spec_struct.h
wrapped code in #ifndef NODH
added NODH #define
wrapped DH code in #ifndef NODH
added #ifndef NODH around DH functions
put #ifndef NODH around the entire file
compile files local to the tpm_stdll dir so that we don't have to port
the token_specific stuff yet
Removed in favor of common files
init the rwlock which resides in ../common/obj_mgr.c
pthread_mutex_t should be pthread_rwlock_t
added #include <endian.h> since we're compile with _XOPEN_SOURCE=500
s/mutex/rwlock/
compile with _XOPEN_SOURCE=500 to get pthread's read/write locks
BUGFIX: New TSS headers means the old check for key type is now wrong
Only set the PIN flags when an incorrect PIN error occurs.
print out more informative token info flags
print out more informative slot info flags
moved default_user_pin_sha in from h_extern.h
moved default_user_pin_sha out to globals.c
imported mmap code from tpm_stdll for per-user data stores
backported per-user data store from tpm_stdll
added AC_OUTPUT for new login testcase
added default_user_pin_sha
added login directory
intial add of login testcases
in C_GetSlotList, set *pulCount everywhere
Added a comment that clarifies why R/W Public sessions will set the USER
pin on a SetPIN call.
BUGFIX: R/W Public sessions will set the USER pin on a SetPIN call.
Previously, it looks like the R/W Public sessions would return
CKR_SESSION_READ_ONLY from a C_SetPIN call.
fixed help message
removed unneeded code
only include the custom SSL include path if the user sets --with-openssl
added support for loading the SRK pubkey using Tspi_Key_GetPubKey and 2
formatting changes
allow passwords to be overridden by env vars;print out the SO/USER pins
that the testcase leaves set
2 BUGFIXes: pass initFlags into token_wrap_sw_key so that custom keys can
be wrapped; actually wrap the passed in key object in token_wrap_key_object
BUGFIX: Use correct OIDs in creating CKM_{ALG}_RSA_PKCS signatures over
data
merge with cleanup branch
initial add - saves objects to the store, closes the ctx and reads them
back out
initial add -- common routines that all testcases use
testcase complete rework
added testcases/common to AC_OUTPUT
use the common code library
include rsa_sign_test
initial add -- verifies RSA signatures against openssl
updated for trousers 0.2.8; minor printing bugs also fixed
return error when AES tests fail
Fixes for 4 problems throughout this file: Invalid AES key creation
templates, invalid IV sizes, invalid key unwrapping templates and invalid
buffer sizes for decrypt operations
Updated with fixes to match trousers 0.2.9.
Updated version info, contact info.
fix pub exponent in test_rsa_encryption
initial add - man page support
bumped version to 2.2.5; added manpages to AC_OUTPUT
fix for LTC bugzilla #33240; patch is
../opencryptoki-free_object_fix_for_max_token_data_error_path-092607.patch
fix for s390, which now uses the ica tok as a swtok
removed for a .in which uses @PACKAGE_VERSION@
initial add
added manpage dir
generate manpages since they include @PACKAGE_VERSION@
moved to proper manpage format and integrated into the build under
man/man*
updated
removed no-op lsmod command in detection of ica token
pulled in from ../common to remove sha2 symbols which broke the build
use ./dig_mgr.c, not ../common/dig_mgr.c
added definition of LOG to log things to syslog; added #define to strip
TSS error layer information
When GetPubKey on the SRK fails w/ invalid keyhandle, log to syslog
telling the user; check return codes from compute_sha; wrap and imported key if
the opaque attribute is not found; in rsa_verify, strip TSS error layer info
off before testing the return code; give the SRK its own policy before
assigning it a secret
in token_wrap_sw_key, if we're wrapping a legacy key, set its signature
and encryption schemes to match keys generated on token
bug fix when using the SSL3_KEY_AND_MAC_DERIVE mechanism. This bug was
found during Java 7 testing.
return buffer too small in the ckm_*_cbc_encrypt function
fixed bugs in testing PIN input
moved in from ../common in support of C_WrapKey features
updates for C_WrapKey support for DES, 3DES and RSA
updated
mhalcrow (132):
Initial revision
Set of patches from Kent Yoder:
Patches
Remvoed by patches
Some .in files missed since last round of patches
File added in last round of patches
Minor updates for more recent versions of autoconf
Fix installation targets for PKCS11 API library
Fix lib64 issue
Fix installation of libaries
Tweak library name
Symlink to libopencryptoki.so
Install header files
HEADER_PATH
Complete Makefile.am chain
Fix header installations
Closer to what we might expect for header file installation
Correct library locations
Set the execute bit on /etc/pkcs11
If the directory already exists, we need to set the permission bits
correctly after the fact.
New pkcs11_startup location
pkcs_slot relocation
New pkcsconf location
New location for pkcsconf
Moved to usr/sbin/pkcs_slot
Moved pkcs_slot
Move pkcs11_startup and pkcsconf
Moved pkcsconf
Removed old script references
Makefile updates
var/lib/pkcs11 in configure.in
More install target fixes
Finish with make install updates
Minor update for /usr install target
Removed superfluous comment
Fix up TPM makefile
Shared object work
PKCS11_API => libpkcs11_api
SPEC file updates to reflect new location
Ensure permissions are set right
More minor fixes to the build and install process
Propagate build changes through the rest of the tokens
Build updates that still require review and testing
Create the pkcs11 group before referencing it
Ignore groupadd error
Fix for RPM compatibility
Patched for RPM compatibility
The real RPM file
ICA build fix
Makefile updates
Fix some RPM build issues
Correctly functioning spec file
Minor fix for /var/lib/opencryptoki directory
Correct permissions
Symlink fixes
Commented-out entire for the TPM token
.
$(DESTDIR) support
Replace library names
Whitespace
Propagate changes to other tokens here
Whitespace
Makefile updates
We still require that the CKF_SERIAL_SESSION flag be
CKF_USER_PIN_TO_BE_CHANGED flag should be set to FALSE when the user
Test syncmail
Test syncmail
Test syncmail
Test syncmail
Test syncmail
Steve Bade has indicated that the CKF_USER_PIN_TO_BE_CHANGED flag should
not be unset in the InitPin path per the spec, so I am pulling that change out
for now.
Added note to README about openCryptoki defaulting to be usable by anyone
in the pkcs11 group.
Update location of PKCS#11 tutorial.
Mutex for object lists.
Error message in the event that the map file exists.
Added code to fix the group perms for the STDLL map file.
Kent ported pin locking flag fix from TPM token; thread locking code.
Preliminary tests pass; need to run thread stress test.
Hack to support certain versions of automake
A couple of missed directory creations
Partial completion of SHA256 support for ICA token. Don't expect this to
build yet.
Minor naming conflict fix for build
Move SHA256 code to ica s/390 token
Example header declarations and functions for converting library-specific
mechanism descriptors into an openCryptoki mechanism list.
Test executable demonstrating how openCryptoki might use the
generate_pkcs11_mech_list call.
Correct build instructions.
Forward-port SHA-256, AES, and mechanism list updates. It builds, but it
requires more testing.
Script to automate test setup
Make sure that the directory exists before we try to operate within it.
Remove reference to mech_dh in build list (included by accident)
mech_aes needs to be compiled in too
Update PIN settings for new values in 2.2.x
Updates for mech list functions in token-specific structs.
Fix reference to shared object library; according to Linux standards,
having an ".so64" suffix is incorrect. The library should instead be in a
location like "/usr/lib64/", and the linker should resolve the right library
when necessary.
Fix typo; remove unused VERSION typedef declaration.
Set the testcase pins correctly
Apply mutex fixes for proper list management.
Update the library version number to pull value from AC_INIT() macro
version.
Remove redundant build #define name
Support for testing SHA256 (from 2.1.6 branch)
80-column rule
Add AES test to driver testcase set
AES tests
Remove reference to out label (defined in prior version of OCK)
Beginnings of a script to migrate a machine from version 2.1 to 2.2.
Flesh out the migration script
Fix write to uninitialized memory (SF Request #1413862)
Bring SPEC file into line with what is in SLES 10 (BugZilla #20943)
Remove per-user data store support (BugZilla #20943)
Documentation update (BugZilla N/A)
Fix CVS mistake (BugZilla N/A)
Define version numbers only if not previously defined (SF Request
#1415656)
Create etc/ directory if it is not already there (SF Request #1415659)
Add code to free the the mechanism list on the heap in the ICA 390 token
(BugZilla ticket #21201).
Fix TPM token wrt showing user pin init'd (SF Request #1425626)
Allow the swtok to be a system token while the tpmtok is per-user
(BugZilla ticket #20943).
Make the library patch variable (it could be lib for 32-bit or lib64 for
64-bit)
Initialize the head pointer to NULL (BugZilla Ticket #22200)
This memory in the proc_t struct needs to be allocated before it is used
(BugZilla ticket #22308)
Migrate to libopencryptoki.so. The linker should resolve the library
location.
First pass at some man page pre-images for openCryptoki.
pkcs11_startup man page
Fix the testcase PIN number (TODO: make this the same #define as all the
other tests)
Set the PIN numbers to be right for the speed test
Changing permissions (step 1)
Change permission (step 1)
Add support for SHA-384 and SHA-512 in the S390 ICA token.
Exchange CCA stub libraries with dlopen() employing lazy symbol
resolution.
Remove unneeded stub libraries.
Two more minor build-related fixes for the cca token dlopen patch.
This patch is as a result of feedback of an audit of opencryptoki,
Version bump (2.2.6)
The backspace code is buggy, per LTC bugzilla ticket 40960. Since the
phreakz (26):
Script responsible for testcases automation, checking the environment in
which they will be run
Now includes rijndael tests
Now includes rijndael_func call
Now includes rijndael_func call
rijndael tests
Replaced spaces for tabs, and included the option to do not stop the test
in case one fails
Replaced spaces for tabs, and included the option to do not stop the test
in case one fails
Replaced spaces for tabs, included the option to do not stop the test in
case one fails, and also included the do_Login test
Replaced spaces for tabs, included the option to do not stop the test in
case one fails, included do_HWFeatureSearch test
Replaced spaces for tabs, included the option to do not stop the test in
case one fails, included do_LoginLogout test
Replaced spaces for tabs and included the option to do not stop the test
in case one fails
Update on driver directory, new instructions regarding deprecated
testcases and ock_tests.sh
Added 4096 bit RSA keys support.
Added 4096 bit RSA keys support to the software token.
Testcases improvements:
skip_token_obj now declared inside testcases/include/regress.h
Removed redunant handling of PKCSLIB environment variable.
skip_token_obj now declared inside testcases/include/regress.h
Fixed bug in get_pin() loop when entering user pin, now the user can
proceed entering the new user pin.
Consider also the case in which the backspace key is mapped to delete
character (ASCII code = 0x7f).
Now able to log tests errors
Now NVTOK.DAT is protected against truncation due fopen() "w" flag.
Added NVTOK.DAT protection against truncation to tpm token
Fixed buffer mishandling, previously it copied the first bytes of
Reverting to 1.11 code, better fix available is comming with next revision
Fixed buffer mishandling, previously it copied the first bytes of
sbade (10):
Updateing to add no-cache object find calls in the encrypt update calls
back out what was supposed to go into sandbox
remove things that should have gone in my sandbox
Bug 126107 - Remove check for Serial flag and set flag to include serial
session.
Bug 1216106 Set key lengths for mechanisms in the mech_list
Bug 1222641 Create new function to find in map without checking cache
against shared memory
Bug 1222641
Defect 1243270. Fix problem where count becomes inverted and bcopy fails.
Defect 1216122 - Correct to have -DNORIPE on all Common Shallow based
tokens.
Some crypto providers actualy change the initial vector after the
operation is
tlendacky (33):
AM_CFLAGS
Updates to fix build complaints
Finish up automake fixes
_init and _fini fixes
Makefile updates
Makefile cleanup
Move mkdir
Relative paths
Installation target upgrades
Update library paths
Library location fix
Config path fix for slot daemon
var lib path update
Work toward changing out hardcoded paths
Config location updates
configuration define fix
/
Lower case lib name
To lower case
Build fixes and updates
Build updates
Build fixes
Remove hardcoded path
length only enc/dec update fix
update max pin length
init routine fix
Fix testcases build errors when openCryptoki isn't installed
Make the TPM token use the tss headers instead of trousers headers
Replace trousers header dependent function
Add support for the CKA_HIDDEN attr to the object manager
Create a helper macro for the TSS key type check
fix some compiler warnings
cca token support and some fixups
-----------------------------------------------------------------------
hooks/post-receive
--
opencryptoki
------------------------------------------------------------------------------
The Palm PDK Hot Apps Program offers developers who use the
Plug-In Development Kit to bring their C/C++ apps to Palm for a share
of $1 Million in cash or HP Products. Visit us here for more details:
http://p.sf.net/sfu/dev2dev-palm
_______________________________________________
Opencryptoki-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opencryptoki-tech
