Hello community,
here is the log from the commit of package openCryptoki for openSUSE:Factory
checked in at 2020-10-30 11:49:31
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openCryptoki (Old)
and /work/SRC/openSUSE:Factory/.openCryptoki.new.3463 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openCryptoki"
Fri Oct 30 11:49:31 2020 rev:57 rq:844928 version:3.15.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/openCryptoki/openCryptoki.changes
2020-10-27 18:59:19.310759694 +0100
+++ /work/SRC/openSUSE:Factory/.openCryptoki.new.3463/openCryptoki.changes
2020-10-30 11:50:13.949843601 +0100
@@ -4 +4 @@
-- Upgraded to version 3.15.0 (jsc#SLE-13749, jsc#SLE-13666,
+- Upgraded to version 3.15.1 (jsc#SLE-13749, jsc#SLE-13666,
@@ -6,0 +7,2 @@
+ * openCryptoki 3.15.1
+ - Bug fixes
Old:
----
openCryptoki-3.15.0.tar.gz
New:
----
openCryptoki-3.15.1.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openCryptoki.spec ++++++
--- /var/tmp/diff_new_pack.fYRiti/_old 2020-10-30 11:50:14.461844054 +0100
+++ /var/tmp/diff_new_pack.fYRiti/_new 2020-10-30 11:50:14.461844054 +0100
@@ -26,7 +26,7 @@
%define oc_cvs_tag opencryptoki
Name: openCryptoki
-Version: 3.15.0
+Version: 3.15.1
Release: 0
Summary: An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM
Cryptographic Hardware
License: CPL-1.0
++++++ openCryptoki-3.15.0.tar.gz -> openCryptoki-3.15.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/opencryptoki-3.15.0/ChangeLog
new/opencryptoki-3.15.1/ChangeLog
--- old/opencryptoki-3.15.0/ChangeLog 2020-10-16 15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/ChangeLog 2020-10-28 15:47:43.000000000 +0100
@@ -1,3 +1,6 @@
++ openCryptoki 3.15.1
+- Bug fixes
+
+ openCryptoki 3.15
- common: conform to PKCS 11 3.0 Baseline Provider profile
- Introduce new vendor defined interface named "Vendor IBM"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/opencryptoki-3.15.0/Makefile.am
new/opencryptoki-3.15.1/Makefile.am
--- old/opencryptoki-3.15.0/Makefile.am 2020-10-16 15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/Makefile.am 2020-10-28 15:47:43.000000000 +0100
@@ -165,6 +165,8 @@
if test -d $(DESTDIR)$(libdir)/opencryptoki/stdll; then \
cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
rm -f PKCS11_EP11.so; fi
+ rm -f $(DESTDIR)$(sysconfdir)/opencryptoki/ep11tok.conf
+ rm -f $(DESTDIR)$(sysconfdir)/opencryptoki/ep11cpfilter.conf
endif
if ENABLE_ICATOK
if test -d $(DESTDIR)$(libdir)/opencryptoki/stdll; then \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/opencryptoki-3.15.0/configure.ac
new/opencryptoki-3.15.1/configure.ac
--- old/opencryptoki-3.15.0/configure.ac 2020-10-16 15:13:04.000000000
+0200
+++ new/opencryptoki-3.15.1/configure.ac 2020-10-28 15:47:43.000000000
+0100
@@ -1,6 +1,6 @@
dnl Process this file with autoconf to produce a configure script.
AC_PREREQ([2.69])
-AC_INIT([openCryptoki],[3.15.0],[[email protected]],[],[https://github.com/opencryptoki/opencryptoki])
+AC_INIT([openCryptoki],[3.15.1],[[email protected]],[],[https://github.com/opencryptoki/opencryptoki])
AC_CONFIG_SRCDIR([testcases/common/common.c])
dnl Needed for $target!
@@ -16,7 +16,7 @@
AC_CHECK_HEADER_STDBOOL
AC_CHECK_HEADERS([arpa/inet.h fcntl.h libintl.h limits.h locale.h malloc.h \
nl_types.h stddef.h sys/file.h sys/socket.h sys/time.h \
- sys/timeb.h syslog.h termios.h])
+ syslog.h termios.h])
dnl Checks for typedefs, structures, and compiler characteristics.
AC_C_INLINE
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/opencryptoki-3.15.0/rpm/opencryptoki.spec
new/opencryptoki-3.15.1/rpm/opencryptoki.spec
--- old/opencryptoki-3.15.0/rpm/opencryptoki.spec 2020-10-16
15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/rpm/opencryptoki.spec 2020-10-28
15:47:43.000000000 +0100
@@ -1,8 +1,8 @@
%global _hardened_build 1
Name: opencryptoki
-Summary: Implementation of the PKCS#11 (Cryptoki) specification
v2.20
-Version: 3.15.0
+Summary: Implementation of the PKCS#11 (Cryptoki) specification
v3.0
+Version: 3.15.1
Release: 1%{?dist}
License: CPL
Group: System Environment/Base
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/opencryptoki-3.15.0/testcases/crypto/des3.h
new/opencryptoki-3.15.1/testcases/crypto/des3.h
--- old/opencryptoki-3.15.0/testcases/crypto/des3.h 2020-10-16
15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/testcases/crypto/des3.h 2020-10-28
15:47:43.000000000 +0100
@@ -1326,91 +1326,91 @@
/**
* Derived CBC-MAC test vectors from DES3-CBC test vectors
- * https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/
- * block-ciphers#TDES
+ * http://csrc.nist.gov/groups/STM/cavp/documents/des/tdesmmt.zip
+ * TCBCMMT3.rsp
**/
static struct mac_test_vector des3_cbc_mac_tv[] = {
{ // 0
- .key = { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
- 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
- 0x01,0x01,0x01,0x01,0x01,0x01 },
+ .key = {0x46, 0x13, 0x3d, 0xcb, 0xf2, 0x32, 0xb5, 0x19, 0x64,
+ 0xe0, 0xd9, 0x5e, 0x83, 0x20, 0x8f, 0x15, 0x67, 0x32,
+ 0xbf, 0x75, 0xb6, 0x73, 0xab, 0xf1},
.klen = 24,
.msg = { 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
.mlen = 8,
- .mac = { 0x95,0xf8,0xa5,0xe5,0xdd,0x31,0xd9,0x00 },
+ .mac = { 0x36,0x77,0x03,0x73},
.tlen = 4,
}, { // 1
- .key = { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
- 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
- 0x01,0x01,0x01,0x01,0x01,0x01 },
+ .key = {0x46, 0x13, 0x3d, 0xcb, 0xf2, 0x32, 0xb5, 0x19, 0x64,
+ 0xe0, 0xd9, 0x5e, 0x83, 0x20, 0x8f, 0x15, 0x67, 0x32,
+ 0xbf, 0x75, 0xb6, 0x73, 0xab, 0xf1},
.klen = 24,
.msg = { 0x00,0x00,0x00,0x00,0x80,0x00,0x00,0x00 },
.mlen = 8,
- .mac = { 0xe9,0x43,0xd7,0x56,0x8a,0xec,0x0c,0x5c },
+ .mac = { 0x97,0x6a,0x35,0x19,0xeb,0xcd},
.tlen = 6,
}, { // 2
- .key = { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
- 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
- 0x01,0x01,0x01,0x01,0x01,0x01 },
+ .key = {0x46, 0x13, 0x3d, 0xcb, 0xf2, 0x32, 0xb5, 0x19, 0x64,
+ 0xe0, 0xd9, 0x5e, 0x83, 0x20, 0x8f, 0x15, 0x67, 0x32,
+ 0xbf, 0x75, 0xb6, 0x73, 0xab, 0xf1},
.klen = 24,
.msg = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 },
.mlen = 8,
- .mac = { 0x16,0x6b,0x40,0xb4,0x4a,0xba,0x4b,0xd6 },
+ .mac = { 0xd2,0x36,0x82,0x9a,0x4c},
.tlen = 5,
}, { // 3
- .key = { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
- 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
- 0x01,0x01,0x01,0x01,0x01,0x01 },
+ .key = {0x46, 0x13, 0x3d, 0xcb, 0xf2, 0x32, 0xb5, 0x19, 0x64,
+ 0xe0, 0xd9, 0x5e, 0x83, 0x20, 0x8f, 0x15, 0x67, 0x32,
+ 0xbf, 0x75, 0xb6, 0x73, 0xab, 0xf1},
.klen = 24,
.msg = { 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
.mlen = 8,
- .mac = { 0x95,0xf8,0xa5,0xe5,0xdd,0x31,0xd9,0x00 },
+ .mac = { 0x36,0x77,0x03,0x73},
.tlen = 4,
.chunks_msg = { 2, 3, 3 },
.num_chunks_message = 3,
}, { // 4
- .key = { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
- 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
- 0x01,0x01,0x01,0x01,0x01,0x01 },
+ .key = {0x46, 0x13, 0x3d, 0xcb, 0xf2, 0x32, 0xb5, 0x19, 0x64,
+ 0xe0, 0xd9, 0x5e, 0x83, 0x20, 0x8f, 0x15, 0x67, 0x32,
+ 0xbf, 0x75, 0xb6, 0x73, 0xab, 0xf1},
.klen = 24,
.msg = { 0x00,0x00,0x00,0x00,0x80,0x00,0x00,0x00 },
.mlen = 8,
- .mac = { 0xe9,0x43,0xd7,0x56,0x8a,0xec,0x0c,0x5c },
+ .mac = { 0x97,0x6a,0x35,0x19,0xeb,0xcd},
.tlen = 6,
.chunks_msg = { 1, 1, 6 },
.num_chunks_message = 3,
}, { // 5
- .key = { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
- 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
- 0x01,0x01,0x01,0x01,0x01,0x01 },
+ .key = {0x46, 0x13, 0x3d, 0xcb, 0xf2, 0x32, 0xb5, 0x19, 0x64,
+ 0xe0, 0xd9, 0x5e, 0x83, 0x20, 0x8f, 0x15, 0x67, 0x32,
+ 0xbf, 0x75, 0xb6, 0x73, 0xab, 0xf1},
.klen = 24,
.msg = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 },
.mlen = 8,
- .mac = { 0x16,0x6b,0x40,0xb4,0x4a,0xba,0x4b,0xd6 },
+ .mac = { 0xd2,0x36,0x82,0x9a,0x4c},
.tlen = 5,
.chunks_msg = { 1, 2, 1, 2, 2 },
.num_chunks_message = 5,
}, { // 6
- .key = { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
- 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
- 0x01,0x01,0x01,0x01,0x01,0x01 },
+ .key = {0x46, 0x13, 0x3d, 0xcb, 0xf2, 0x32, 0xb5, 0x19, 0x64,
+ 0xe0, 0xd9, 0x5e, 0x83, 0x20, 0x8f, 0x15, 0x67, 0x32,
+ 0xbf, 0x75, 0xb6, 0x73, 0xab, 0xf1},
.klen = 24,
.msg = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x01 },
.mlen = 16,
- .mac = { 0x81,0x5a,0xfa,0x40,0x74,0xd8,0x13,0x4f },
+ .mac = { 0xcd,0x02,0xf0,0xd2,0xb4},
.tlen = 5,
.chunks_msg = { 5, 5, 1, 2, 3 },
.num_chunks_message = 5,
}, { // 7
- .key = { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
- 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
- 0x01,0x01,0x01,0x01,0x01,0x01 },
+ .key = {0x46, 0x13, 0x3d, 0xcb, 0xf2, 0x32, 0xb5, 0x19, 0x64,
+ 0xe0, 0xd9, 0x5e, 0x83, 0x20, 0x8f, 0x15, 0x67, 0x32,
+ 0xbf, 0x75, 0xb6, 0x73, 0xab, 0xf1},
.klen = 24,
.msg = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,
0x00,0x00,0x00,0x00,0x01 },
.mlen = 14,
- .mac = { 0xbb,0x1d,0x86,0x63,0x99,0x3a,0x58,0xcc },
+ .mac = { 0x59,0x45,0x53,0xd5,0x67},
.tlen = 5,
.chunks_msg = { 7, 2, 1, 2, 2 },
.num_chunks_message = 5,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/opencryptoki-3.15.0/testcases/login/digest_init.c
new/opencryptoki-3.15.1/testcases/login/digest_init.c
--- old/opencryptoki-3.15.0/testcases/login/digest_init.c 2020-10-16
15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/testcases/login/digest_init.c 2020-10-28
15:47:43.000000000 +0100
@@ -14,7 +14,6 @@
#include <memory.h>
#include <dlfcn.h>
-#include <sys/timeb.h>
#include "pkcs11types.h"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/opencryptoki-3.15.0/testcases/login/init_pin.c
new/opencryptoki-3.15.1/testcases/login/init_pin.c
--- old/opencryptoki-3.15.0/testcases/login/init_pin.c 2020-10-16
15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/testcases/login/init_pin.c 2020-10-28
15:47:43.000000000 +0100
@@ -14,7 +14,6 @@
#include <memory.h>
#include <dlfcn.h>
-#include <sys/timeb.h>
#include "pkcs11types.h"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/opencryptoki-3.15.0/testcases/login/login.c
new/opencryptoki-3.15.1/testcases/login/login.c
--- old/opencryptoki-3.15.0/testcases/login/login.c 2020-10-16
15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/testcases/login/login.c 2020-10-28
15:47:43.000000000 +0100
@@ -14,7 +14,6 @@
#include <memory.h>
#include <dlfcn.h>
-#include <sys/timeb.h>
#include "pkcs11types.h"
#include "regress.h"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/opencryptoki-3.15.0/testcases/login/set_pin.c
new/opencryptoki-3.15.1/testcases/login/set_pin.c
--- old/opencryptoki-3.15.0/testcases/login/set_pin.c 2020-10-16
15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/testcases/login/set_pin.c 2020-10-28
15:47:43.000000000 +0100
@@ -15,7 +15,6 @@
#include <memory.h>
#include <dlfcn.h>
-#include <sys/timeb.h>
#include "pkcs11types.h"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/opencryptoki-3.15.0/testcases/misc_tests/fork.c
new/opencryptoki-3.15.1/testcases/misc_tests/fork.c
--- old/opencryptoki-3.15.0/testcases/misc_tests/fork.c 2020-10-16
15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/testcases/misc_tests/fork.c 2020-10-28
15:47:43.000000000 +0100
@@ -20,7 +20,6 @@
#include <unistd.h>
#include <dlfcn.h>
-#include <sys/timeb.h>
#include <sys/types.h>
#include <sys/wait.h>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/opencryptoki-3.15.0/testcases/misc_tests/multi_instance.c
new/opencryptoki-3.15.1/testcases/misc_tests/multi_instance.c
--- old/opencryptoki-3.15.0/testcases/misc_tests/multi_instance.c
2020-10-16 15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/testcases/misc_tests/multi_instance.c
2020-10-28 15:47:43.000000000 +0100
@@ -20,7 +20,6 @@
#include <unistd.h>
#include <dlfcn.h>
-#include <sys/timeb.h>
#include <sys/types.h>
#include <sys/wait.h>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/opencryptoki-3.15.0/testcases/misc_tests/obj_lock.c
new/opencryptoki-3.15.1/testcases/misc_tests/obj_lock.c
--- old/opencryptoki-3.15.0/testcases/misc_tests/obj_lock.c 2020-10-16
15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/testcases/misc_tests/obj_lock.c 2020-10-28
15:47:43.000000000 +0100
@@ -21,7 +21,6 @@
#include <pthread.h>
#include <dlfcn.h>
-#include <sys/timeb.h>
#include <sys/types.h>
#include <sys/wait.h>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/opencryptoki-3.15.0/testcases/misc_tests/reencrypt.c
new/opencryptoki-3.15.1/testcases/misc_tests/reencrypt.c
--- old/opencryptoki-3.15.0/testcases/misc_tests/reencrypt.c 2020-10-16
15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/testcases/misc_tests/reencrypt.c 2020-10-28
15:47:43.000000000 +0100
@@ -20,7 +20,6 @@
#include <unistd.h>
#include <dlfcn.h>
-#include <sys/timeb.h>
#include <sys/types.h>
#include <sys/wait.h>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/opencryptoki-3.15.0/testcases/misc_tests/speed.c
new/opencryptoki-3.15.1/testcases/misc_tests/speed.c
--- old/opencryptoki-3.15.0/testcases/misc_tests/speed.c 2020-10-16
15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/testcases/misc_tests/speed.c 2020-10-28
15:47:43.000000000 +0100
@@ -27,7 +27,6 @@
#include <memory.h>
#include <sys/types.h>
#include <sys/time.h>
-#include <sys/timeb.h>
#include "pkcs11types.h"
#include "regress.h"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/opencryptoki-3.15.0/testcases/misc_tests/tok2tok_transport.c
new/opencryptoki-3.15.1/testcases/misc_tests/tok2tok_transport.c
--- old/opencryptoki-3.15.0/testcases/misc_tests/tok2tok_transport.c
2020-10-16 15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/testcases/misc_tests/tok2tok_transport.c
2020-10-28 15:47:43.000000000 +0100
@@ -20,7 +20,6 @@
#include <unistd.h>
#include <dlfcn.h>
-#include <sys/timeb.h>
#include <sys/types.h>
#include <sys/wait.h>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/opencryptoki-3.15.0/testcases/misc_tests/tok_des.c
new/opencryptoki-3.15.1/testcases/misc_tests/tok_des.c
--- old/opencryptoki-3.15.0/testcases/misc_tests/tok_des.c 2020-10-16
15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/testcases/misc_tests/tok_des.c 2020-10-28
15:47:43.000000000 +0100
@@ -19,7 +19,6 @@
#include <memory.h>
#include <dlfcn.h>
-#include <sys/timeb.h>
#include "pkcs11types.h"
#include "regress.h"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/opencryptoki-3.15.0/testcases/misc_tests/tok_rsa.c
new/opencryptoki-3.15.1/testcases/misc_tests/tok_rsa.c
--- old/opencryptoki-3.15.0/testcases/misc_tests/tok_rsa.c 2020-10-16
15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/testcases/misc_tests/tok_rsa.c 2020-10-28
15:47:43.000000000 +0100
@@ -19,7 +19,6 @@
#include <memory.h>
#include <dlfcn.h>
-#include <sys/timeb.h>
#include "pkcs11types.h"
#include "regress.h"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/opencryptoki-3.15.0/usr/lib/cca_stdll/cca_specific.c
new/opencryptoki-3.15.1/usr/lib/cca_stdll/cca_specific.c
--- old/opencryptoki-3.15.0/usr/lib/cca_stdll/cca_specific.c 2020-10-16
15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/usr/lib/cca_stdll/cca_specific.c 2020-10-28
15:47:43.000000000 +0100
@@ -526,7 +526,7 @@
UNUSED(tokdata);
- *des_key = malloc(CCA_KEY_ID_SIZE);
+ *des_key = calloc(CCA_KEY_ID_SIZE, 1);
if (*des_key == NULL)
return CKR_HOST_MEMORY;
*len = CCA_KEY_ID_SIZE;
@@ -1734,7 +1734,7 @@
UNUSED(tokdata);
- *aes_key = malloc(CCA_KEY_ID_SIZE);
+ *aes_key = calloc(CCA_KEY_ID_SIZE, 1);
if (*aes_key == NULL)
return CKR_HOST_MEMORY;
*len = CCA_KEY_ID_SIZE;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/opencryptoki-3.15.0/usr/lib/common/mech_aes.c
new/opencryptoki-3.15.1/usr/lib/common/mech_aes.c
--- old/opencryptoki-3.15.0/usr/lib/common/mech_aes.c 2020-10-16
15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/usr/lib/common/mech_aes.c 2020-10-28
15:47:43.000000000 +0100
@@ -3409,7 +3409,8 @@
} else {
if (token_keysize != key_size) {
TRACE_ERROR("Invalid key size: %lu\n", token_keysize);
- return CKR_FUNCTION_FAILED;
+ rc = CKR_FUNCTION_FAILED;
+ goto err;
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/opencryptoki-3.15.0/usr/lib/common/mech_des.c
new/opencryptoki-3.15.1/usr/lib/common/mech_des.c
--- old/opencryptoki-3.15.0/usr/lib/common/mech_des.c 2020-10-16
15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/usr/lib/common/mech_des.c 2020-10-28
15:47:43.000000000 +0100
@@ -1256,7 +1256,8 @@
} else {
if (keysize != DES_KEY_SIZE) {
TRACE_ERROR("Invalid key size: %lu\n", keysize);
- return CKR_FUNCTION_FAILED;
+ rc = CKR_FUNCTION_FAILED;
+ goto err;
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/opencryptoki-3.15.0/usr/lib/common/mech_des3.c
new/opencryptoki-3.15.1/usr/lib/common/mech_des3.c
--- old/opencryptoki-3.15.0/usr/lib/common/mech_des3.c 2020-10-16
15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/usr/lib/common/mech_des3.c 2020-10-28
15:47:43.000000000 +0100
@@ -2743,7 +2743,8 @@
} else {
if (keysize != 3 * DES_KEY_SIZE) {
TRACE_ERROR("Invalid key size: %lu\n", keysize);
- return CKR_FUNCTION_FAILED;
+ rc = CKR_FUNCTION_FAILED;
+ goto err;
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/opencryptoki-3.15.0/usr/lib/common/obj_mgr.c
new/opencryptoki-3.15.1/usr/lib/common/obj_mgr.c
--- old/opencryptoki-3.15.0/usr/lib/common/obj_mgr.c 2020-10-16
15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/usr/lib/common/obj_mgr.c 2020-10-28
15:47:43.000000000 +0100
@@ -721,9 +721,26 @@
OBJECT_MAP *map;
OBJECT *o = NULL;
CK_BBOOL locked = FALSE;
+ CK_BBOOL priv_obj;
+ CK_BBOOL sess_obj;
UNUSED(sess);
+ rc = object_mgr_find_in_map1(tokdata, handle, &o, READ_LOCK);
+ if (rc != CKR_OK || o == NULL) {
+ TRACE_DEVEL("object_mgr_find_in_map1 failed.\n");
+ return CKR_OBJECT_HANDLE_INVALID;
+ }
+
+ sess_obj = object_is_session_object(o);
+ priv_obj = object_is_private(o);
+
+ rc = object_mgr_check_session(sess, priv_obj, sess_obj);
+ object_put(tokdata, o, TRUE);
+ o = NULL;
+ if (rc != CKR_OK)
+ return rc;
+
/* Don't use a delete callback, the map will be freed below */
map = bt_node_free(&tokdata->object_map_btree, handle, FALSE);
if (map == NULL) {
@@ -731,10 +748,6 @@
return CKR_OBJECT_HANDLE_INVALID;
}
- rc = object_mgr_check_session(sess, map->is_private, map->is_session_obj);
- if (rc != CKR_OK)
- goto done;
-
if (map->is_session_obj) {
bt_node_free(&tokdata->sess_obj_btree, map->obj_handle, TRUE);
} else {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/opencryptoki-3.15.0/usr/lib/common/template.c
new/opencryptoki-3.15.1/usr/lib/common/template.c
--- old/opencryptoki-3.15.0/usr/lib/common/template.c 2020-10-16
15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/usr/lib/common/template.c 2020-10-28
15:47:43.000000000 +0100
@@ -484,6 +484,7 @@
*/
CK_RV template_copy(TEMPLATE *dest, TEMPLATE *src)
{
+ char unique_id_str[2 * UNIQUE_ID_LEN + 1];
DL_NODE *node;
if (!dest || !src) {
@@ -509,12 +510,19 @@
new_attr->pValue = (CK_BYTE *) new_attr + sizeof(CK_ATTRIBUTE);
if (attr->type == CKA_UNIQUE_ID) {
- if (get_unique_id_str(new_attr->pValue) != CKR_OK) {
+ if (attr->ulValueLen < 2 * UNIQUE_ID_LEN) {
+ free(new_attr);
+ TRACE_ERROR("%s\n", ock_err(ERR_ATTRIBUTE_VALUE_INVALID));
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
+ if (get_unique_id_str(unique_id_str) != CKR_OK) {
free(new_attr);
TRACE_ERROR("%s\n", ock_err(ERR_FUNCTION_FAILED));
return CKR_FUNCTION_FAILED;
- }
- }
+ }
+ memcpy(new_attr->pValue, unique_id_str, 2 * UNIQUE_ID_LEN);
+ new_attr->ulValueLen = 2 * UNIQUE_ID_LEN;
+ }
dest->attribute_list = dlist_add_as_first(dest->attribute_list,
new_attr);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/opencryptoki-3.15.0/usr/lib/tpm_stdll/tpm_openssl.c
new/opencryptoki-3.15.1/usr/lib/tpm_stdll/tpm_openssl.c
--- old/opencryptoki-3.15.0/usr/lib/tpm_stdll/tpm_openssl.c 2020-10-16
15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/usr/lib/tpm_stdll/tpm_openssl.c 2020-10-28
15:47:43.000000000 +0100
@@ -98,8 +98,14 @@
if (EVP_PKEY_keygen_init(ctx) <= 0
|| EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0
- || EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, bne) <= 0
- || EVP_PKEY_keygen(ctx, &pkey) <= 0
+ || EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, bne) <= 0) {
+ fprintf(stderr, "Error generating user's RSA key\n");
+ ERR_load_crypto_strings();
+ ERR_print_errors_fp(stderr);
+ goto err;
+ }
+ bne = NULL; // will be freed as part of the context
+ if (EVP_PKEY_keygen(ctx, &pkey) <= 0
|| (rsa = EVP_PKEY_get1_RSA(pkey)) == NULL) {
fprintf(stderr, "Error generating user's RSA key\n");
ERR_load_crypto_strings();
@@ -109,13 +115,14 @@
#if OPENSSL_VERSION_NUMBER < 0x10101000L
rc = RSA_check_key(rsa);
#else
- rc = EVP_PKEY_check(ctx) == 1 ? 1 : 0;
+ rc = (EVP_PKEY_check(ctx) == 1 ? 1 : 0);
#endif
#endif
switch (rc) {
case 0:
/* rsa is not a valid RSA key */
RSA_free(rsa);
+ rsa = NULL;
counter++;
if (counter == KEYGEN_RETRY) {
TRACE_DEVEL("Tried %d times to generate a "
