Hello community, here is the log from the commit of package openCryptoki for openSUSE:Factory checked in at 2016-07-12 23:52:25 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openCryptoki (Old) and /work/SRC/openSUSE:Factory/.openCryptoki.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openCryptoki" Changes: -------- --- /work/SRC/openSUSE:Factory/openCryptoki/openCryptoki.changes 2016-06-23 13:36:37.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.openCryptoki.new/openCryptoki.changes 2016-07-12 23:52:29.000000000 +0200 @@ -1,0 +2,11 @@ +Fri Jul 8 18:06:42 UTC 2016 - [email protected] + +- Added the following patches (bsc#986854) + - ocki-3.5-icsf-reasoncode72-support.patch + - ocki-3.5-icsf-coverity-memoryleakfix.patch + - ocki-3.5-downgrade-syslogerror.patch + - ocki-3.5-icsf-sessionhandle-missing-fix.patch + - ocki-3.5-icsf-reasoncode-2028-added.patch + - ocki-3.5-added-NULLreturn-check.patch + +------------------------------------------------------------------- New: ---- ocki-3.5-added-NULLreturn-check.patch ocki-3.5-downgrade-syslogerror.patch ocki-3.5-icsf-coverity-memoryleakfix.patch ocki-3.5-icsf-reasoncode-2028-added.patch ocki-3.5-icsf-reasoncode72-support.patch ocki-3.5-icsf-sessionhandle-missing-fix.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openCryptoki.spec ++++++ --- /var/tmp/diff_new_pack.i9zNtH/_old 2016-07-12 23:52:31.000000000 +0200 +++ /var/tmp/diff_new_pack.i9zNtH/_new 2016-07-12 23:52:31.000000000 +0200 @@ -64,6 +64,13 @@ # and because we don't want(?) various file and directory permissions to be 0700. Patch1: ocki-3.1-remove-make-install-chgrp.patch Patch2: ocki-3.5-sanity-checking.patch +Patch3: ocki-3.5-icsf-reasoncode72-support.patch +Patch4: ocki-3.5-icsf-coverity-memoryleakfix.patch +Patch5: ocki-3.5-downgrade-syslogerror.patch +Patch6: ocki-3.5-icsf-sessionhandle-missing-fix.patch +Patch7: ocki-3.5-icsf-reasoncode-2028-added.patch +Patch8: ocki-3.5-added-NULLreturn-check.patch + Url: https://sourceforge.net/projects/opencryptoki/ BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: /usr/sbin/groupadd /usr/bin/id /usr/sbin/usermod /bin/sed @@ -143,6 +150,13 @@ %setup -q -n %{oc_cvs_tag} %patch1 -p1 %patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 + cp %{SOURCE2} . %build ++++++ ocki-3.5-added-NULLreturn-check.patch ++++++ commit ca61c6e68ecd04c5f319056a6a3eba4b261f5481 Author: Jakub Jelen <[email protected]> Date: Tue Jun 28 16:23:06 2016 -0400 Coverity:Check for NULL returns Signed-off-by: Jakub Jelen <[email protected]> diff --git a/usr/lib/pkcs11/common/utility.c b/usr/lib/pkcs11/common/utility.c index 3cbb8da..39ecae8 100755 --- a/usr/lib/pkcs11/common/utility.c +++ b/usr/lib/pkcs11/common/utility.c @@ -589,6 +589,11 @@ CK_RV CreateXProcLock(void) goto err; } grp = getgrnam("pkcs11"); + if (grp == NULL) { + fprintf(stderr, "getgrname(pkcs11): %s", + strerror(errno)); + goto err; + } /* set ownership to euid, and pkcs11 group */ if (chown(lockdir, geteuid(), grp->gr_gid) != 0) { fprintf(stderr, "Failed to set owner:group \ diff --git a/usr/lib/pkcs11/icsf_stdll/new_host.c b/usr/lib/pkcs11/icsf_stdll/new_host.c index 9863d52..9478e92 100644 --- a/usr/lib/pkcs11/icsf_stdll/new_host.c +++ b/usr/lib/pkcs11/icsf_stdll/new_host.c @@ -813,6 +813,11 @@ CK_RV SC_OpenSession(CK_SLOT_ID sid, CK_FLAGS flags, } sess = session_mgr_find(*phSession); + if (!sess) { + TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID)); + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } sess->handle = *phSession; rc = icsftok_open_session(sess); done: @@ -835,6 +840,11 @@ CK_RV SC_CloseSession(ST_SESSION_HANDLE *sSession) } sess = session_mgr_find(sSession->sessionh); + if (!sess) { + TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID)); + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } //set the handle here as handle is never set into session during creation sess->handle = sSession->sessionh; rc = icsftok_close_session(sess); ++++++ ocki-3.5-downgrade-syslogerror.patch ++++++ commit 786b6a4223119501f4aa7faf5a413c1ba10e38f6 Author: Vineetha Pai <[email protected]> Date: Tue May 31 15:15:14 2016 -0400 Downgraded a syslog error to warning Signed-off-by: Vineetha Pai <[email protected]> diff --git a/usr/lib/pkcs11/api/apiutil.c b/usr/lib/pkcs11/api/apiutil.c index ce0dc18..ec50f71 100755 --- a/usr/lib/pkcs11/api/apiutil.c +++ b/usr/lib/pkcs11/api/apiutil.c @@ -820,7 +820,7 @@ DLL_Load_t *dllload; } else { char *e = dlerror(); - OCK_SYSLOG(LOG_ERR, + OCK_SYSLOG(LOG_WARNING, "%s: dlopen() failed for [%s]; dlerror = [%s]\n", __FUNCTION__, sinfp->dll_location, e); TRACE_DEVEL("DL_Load of %s failed, dlerror: %s\n", ++++++ ocki-3.5-icsf-coverity-memoryleakfix.patch ++++++ commit 54013d80a2f5eaa9ac58712a57de0cd87a55cdae Author: Jakub Jelen <[email protected]> Date: Thu May 19 17:05:46 2016 -0400 icsftok memory leak fix identified in coverity scan Signed-off-by: Vineetha Pai <[email protected]> diff --git a/usr/lib/pkcs11/icsf_stdll/icsf_specific.c b/usr/lib/pkcs11/icsf_stdll/icsf_specific.c index 5b7fb45..1c25cd2 100644 --- a/usr/lib/pkcs11/icsf_stdll/icsf_specific.c +++ b/usr/lib/pkcs11/icsf_stdll/icsf_specific.c @@ -4664,6 +4664,7 @@ CK_RV icsftok_unwrap_key(SESSION *session, CK_MECHANISM_PTR mech, "(expected %lu)\n", (unsigned long) mech->ulParameterLen, (unsigned long) expected_block_size); + free(key_mapping); return CKR_MECHANISM_PARAM_INVALID; } break; @@ -4671,12 +4672,14 @@ CK_RV icsftok_unwrap_key(SESSION *session, CK_MECHANISM_PTR mech, if (mech->ulParameterLen != 0){ TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID)); + free(key_mapping); return CKR_MECHANISM_PARAM_INVALID; } break; default: TRACE_ERROR("icsf invalid %lu mechanism for key wrapping\n", mech->mechanism); + free(key_mapping); return CKR_MECHANISM_INVALID; } ++++++ ocki-3.5-icsf-reasoncode-2028-added.patch ++++++ commit f45ddf572c05cbeb54c524805060256a33435149 Author: Vineetha Pai <[email protected]> Date: Tue Jun 21 17:06:25 2016 -0400 Added support for rc=8, reasoncode=2028 in icsf token bz#142190 Signed-off-by: Vineetha Pai <[email protected]> diff --git a/usr/lib/pkcs11/icsf_stdll/icsf_specific.c b/usr/lib/pkcs11/icsf_stdll/icsf_specific.c index 1c25cd2..c9b986b 100644 --- a/usr/lib/pkcs11/icsf_stdll/icsf_specific.c +++ b/usr/lib/pkcs11/icsf_stdll/icsf_specific.c @@ -233,6 +233,8 @@ int icsf_to_ock_err(int icsf_return_code, int icsf_reason_code) switch(icsf_reason_code) { case 2154: return CKR_KEY_TYPE_INCONSISTENT; + case 2028: + return CKR_WRAPPED_KEY_INVALID; case 3003: return CKR_BUFFER_TOO_SMALL; case 3019: ++++++ ocki-3.5-icsf-reasoncode72-support.patch ++++++ commit 165a1020da10ddbdc39e51e9a411a5c09f6dbae6 Author: Vineetha Pai <[email protected]> Date: Thu May 19 16:46:51 2016 -0400 Added pkcs11 mapping for icsf reason code 72 for return code 8 Signed-off-by: Vineetha Pai <[email protected]> diff --git a/usr/lib/pkcs11/icsf_stdll/icsf_specific.c b/usr/lib/pkcs11/icsf_stdll/icsf_specific.c index d71b19f..5b7fb45 100644 --- a/usr/lib/pkcs11/icsf_stdll/icsf_specific.c +++ b/usr/lib/pkcs11/icsf_stdll/icsf_specific.c @@ -258,6 +258,7 @@ int icsf_to_ock_err(int icsf_return_code, int icsf_reason_code) return CKR_KEY_HANDLE_INVALID; case 3045: return CKR_KEY_UNEXTRACTABLE; + case 72: case 11000: return CKR_DATA_LEN_RANGE; case 11028: ++++++ ocki-3.5-icsf-sessionhandle-missing-fix.patch ++++++ commit 2d03c609981cd3bf5cefb7d3188878f68b33f722 Author: Vineetha Pai <[email protected]> Date: Tue Jun 21 16:43:53 2016 -0400 Fix for session handle not set in session issue. bz142186 icsf token uses the session handle for a session as the session_id in its own internal session state structure. The session handle is an index into the session btree and is not set in the SESSION structure after a new session is created. This causes session_handle to be always 0 and session_id to be always set to 0, causing issues when multiple sessions are active. This affects icsf token as it stores and uses session handle internally unlike other tokens. This patch sets the session handle into the session structure for all SC_API calls. Signed-off-by: Vineetha Pai <[email protected]> diff --git a/usr/lib/pkcs11/icsf_stdll/new_host.c b/usr/lib/pkcs11/icsf_stdll/new_host.c index 4923a77..9863d52 100644 --- a/usr/lib/pkcs11/icsf_stdll/new_host.c +++ b/usr/lib/pkcs11/icsf_stdll/new_host.c @@ -703,6 +703,9 @@ CK_RV SC_InitPIN(ST_SESSION_HANDLE *sSession, CK_CHAR_PTR pPin, rc = CKR_SESSION_HANDLE_INVALID; goto done; } + //set the handle here as handle is never set into session during creation + sess->handle = sSession->sessionh; + if (pin_locked(&sess->session_info, nv_token_data->token_info.flags) == TRUE) { TRACE_ERROR("%s\n", ock_err(ERR_PIN_LOCKED)); rc = CKR_PIN_LOCKED; @@ -746,6 +749,9 @@ CK_RV SC_SetPIN(ST_SESSION_HANDLE *sSession, CK_CHAR_PTR pOldPin, rc = CKR_SESSION_HANDLE_INVALID; goto done; } + //set the handle here as handle is never set into session during creation + sess->handle = sSession->sessionh; + if (pin_locked(&sess->session_info, nv_token_data->token_info.flags) == TRUE) { TRACE_ERROR("%s\n", ock_err(ERR_PIN_LOCKED)); @@ -807,6 +813,7 @@ CK_RV SC_OpenSession(CK_SLOT_ID sid, CK_FLAGS flags, } sess = session_mgr_find(*phSession); + sess->handle = *phSession; rc = icsftok_open_session(sess); done: if (locked) @@ -828,6 +835,8 @@ CK_RV SC_CloseSession(ST_SESSION_HANDLE *sSession) } sess = session_mgr_find(sSession->sessionh); + //set the handle here as handle is never set into session during creation + sess->handle = sSession->sessionh; rc = icsftok_close_session(sess); if (rc) goto done; @@ -923,6 +932,8 @@ CK_RV SC_GetOperationState(ST_SESSION_HANDLE *sSession, rc = CKR_SESSION_HANDLE_INVALID; goto done; } + //set the handle into the session. + sess->handle = sSession->sessionh; rc = session_mgr_get_op_state(sess, length_only, pOperationState, pulOperationStateLen); @@ -962,6 +973,8 @@ CK_RV SC_SetOperationState(ST_SESSION_HANDLE *sSession, rc = CKR_SESSION_HANDLE_INVALID; goto done; } + //set the handle into the session. + sess->handle = sSession->sessionh; rc = session_mgr_set_op_state(sess, hEncryptionKey, hAuthenticationKey, pOperationState, ulOperationStateLen); @@ -1000,6 +1013,9 @@ CK_RV SC_Login(ST_SESSION_HANDLE *sSession, CK_USER_TYPE userType, rc = CKR_SESSION_HANDLE_INVALID; goto done; } + //set the handle into the session. + sess->handle = sSession->sessionh; + flags = &nv_token_data->token_info.flags; if (!pPin || ulPinLen > MAX_PIN_LEN) { @@ -1113,6 +1129,8 @@ CK_RV SC_Logout(ST_SESSION_HANDLE *sSession) rc = CKR_SESSION_HANDLE_INVALID; goto done; } + //set the handle into the session. + sess->handle = sSession->sessionh; /* all sessions have the same state so we just have to check one */ if (session_mgr_public_session_exists()) { @@ -1155,6 +1173,8 @@ CK_RV SC_CreateObject(ST_SESSION_HANDLE *sSession, CK_ATTRIBUTE_PTR pTemplate, rc = CKR_SESSION_HANDLE_INVALID; goto done; } + //set the handle into the session. + sess->handle = sSession->sessionh; if (pin_expired(&sess->session_info, nv_token_data->token_info.flags)) { TRACE_ERROR("%s\n", ock_err(ERR_PIN_EXPIRED)); @@ -1204,6 +1224,8 @@ CK_RV SC_CopyObject(ST_SESSION_HANDLE *sSession, CK_OBJECT_HANDLE hObject, rc = CKR_SESSION_HANDLE_INVALID; goto done; } + //set the handle into the session. + sess->handle = sSession->sessionh; if (pin_expired(&sess->session_info, nv_token_data->token_info.flags) == TRUE) { TRACE_ERROR("%s\n", ock_err(ERR_PIN_EXPIRED)); @@ -1240,6 +1262,8 @@ CK_RV SC_DestroyObject(ST_SESSION_HANDLE *sSession, CK_OBJECT_HANDLE hObject) rc = CKR_SESSION_HANDLE_INVALID; goto done; } + //set the handle into the session. + sess->handle = sSession->sessionh; if (pin_expired(&sess->session_info, nv_token_data->token_info.flags) == TRUE) { TRACE_ERROR("%s\n", ock_err(ERR_PIN_EXPIRED)); @@ -1285,6 +1309,8 @@ CK_RV SC_GetObjectSize(ST_SESSION_HANDLE *sSession, CK_OBJECT_HANDLE hObject, rc = CKR_SESSION_HANDLE_INVALID; goto done; } + //set the handle into the session. + sess->handle = sSession->sessionh; rc = icsftok_get_attribute_value(sess, hObject, pTemplate, ulCount, pulSize); @@ -1319,6 +1345,8 @@ CK_RV SC_GetAttributeValue(ST_SESSION_HANDLE *sSession, rc = CKR_SESSION_HANDLE_INVALID; goto done; } + //set the handle into the session. + sess->handle = sSession->sessionh; rc = icsftok_get_attribute_value(sess, hObject, pTemplate, ulCount, NULL); @@ -1369,6 +1397,8 @@ CK_RV SC_SetAttributeValue(ST_SESSION_HANDLE *sSession, rc = CKR_SESSION_HANDLE_INVALID; goto done; } + //set the handle into the session. + sess->handle = sSession->sessionh; rc = icsftok_set_attribute_value(sess, hObject, pTemplate, ulCount); if (rc != CKR_OK) @@ -1416,6 +1446,8 @@ CK_RV SC_FindObjectsInit(ST_SESSION_HANDLE *sSession, rc = CKR_SESSION_HANDLE_INVALID; goto done; } + //set the handle into the session. + sess->handle = sSession->sessionh; if (pin_expired(&sess->session_info, nv_token_data->token_info.flags) == TRUE) { TRACE_ERROR("%s\n", ock_err(ERR_PIN_EXPIRED)); @@ -1480,6 +1512,8 @@ CK_RV SC_FindObjects(ST_SESSION_HANDLE *sSession, CK_OBJECT_HANDLE_PTR phObject, rc = CKR_SESSION_HANDLE_INVALID; goto done; } + //set the handle into the session. + sess->handle = sSession->sessionh; if (sess->find_active == FALSE) { TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED)); @@ -1525,6 +1559,8 @@ CK_RV SC_FindObjectsFinal(ST_SESSION_HANDLE *sSession) rc = CKR_SESSION_HANDLE_INVALID; goto done; } + //set the handle into the session. + sess->handle = sSession->sessionh; if (sess->find_active == FALSE) { TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED)); @@ -1576,6 +1612,8 @@ CK_RV SC_EncryptInit(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism, rc = CKR_SESSION_HANDLE_INVALID; goto done; } + //set the handle into the session. + sess->handle = sSession->sessionh; if (pin_expired(&sess->session_info, nv_token_data->token_info.flags) == TRUE) { TRACE_ERROR("%s\n", ock_err(ERR_PIN_EXPIRED)); @@ -1626,6 +1664,8 @@ CK_RV SC_Encrypt(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pData, rc = CKR_SESSION_HANDLE_INVALID; goto done; } + //set the handle into the session. + sess->handle = sSession->sessionh; if (sess->encr_ctx.active == FALSE) { TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED)); @@ -1677,6 +1717,8 @@ CK_RV SC_EncryptUpdate(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pPart, rc = CKR_SESSION_HANDLE_INVALID; goto done; } + //set the handle into the session. + sess->handle = sSession->sessionh; if (sess->encr_ctx.active == FALSE) { TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED)); @@ -1726,6 +1768,8 @@ CK_RV SC_EncryptFinal(ST_SESSION_HANDLE *sSession, rc = CKR_SESSION_HANDLE_INVALID; goto done; } + //set the handle into the session. + sess->handle = sSession->sessionh; if (sess->encr_ctx.active == FALSE) { TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED)); @@ -1780,6 +1824,8 @@ CK_RV SC_DecryptInit(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism, rc = CKR_SESSION_HANDLE_INVALID; goto done; } + //set the handle into the session. + sess->handle = sSession->sessionh; if (pin_expired(&sess->session_info, nv_token_data->token_info.flags) == TRUE) { TRACE_ERROR("%s\n", ock_err(ERR_PIN_EXPIRED)); @@ -1832,6 +1878,8 @@ CK_RV SC_Decrypt(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pEncryptedData, rc = CKR_SESSION_HANDLE_INVALID; goto done; } + //set the handle into the session. + sess->handle = sSession->sessionh; if (sess->decr_ctx.active == FALSE) { TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED)); @@ -1884,6 +1932,8 @@ CK_RV SC_DecryptUpdate(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pEncryptedPart, rc = CKR_SESSION_HANDLE_INVALID; goto done; } + //set the handle into the session. + sess->handle = sSession->sessionh; if (sess->decr_ctx.active == FALSE) { TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED)); @@ -1933,6 +1983,8 @@ CK_RV SC_DecryptFinal(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pLastPart, rc = CKR_SESSION_HANDLE_INVALID; goto done; } + //set the handle into the session. + sess->handle = sSession->sessionh; if (sess->decr_ctx.active == FALSE) { TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED)); @@ -1984,6 +2036,8 @@ CK_RV SC_DigestInit(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism) rc = CKR_SESSION_HANDLE_INVALID; goto done; } + //set the handle into the session. + sess->handle = sSession->sessionh; if (pin_expired(&sess->session_info, nv_token_data->token_info.flags) == TRUE) { TRACE_ERROR("%s\n", ock_err(ERR_PIN_EXPIRED)); @@ -2039,6 +2093,8 @@ CK_RV SC_Digest(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pData, rc = CKR_SESSION_HANDLE_INVALID; goto done; } + //set the handle into the session. + sess->handle = sSession->sessionh; if (sess->digest_ctx.active == FALSE) { TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED)); @@ -2086,6 +2142,8 @@ CK_RV SC_DigestUpdate(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pPart, rc = CKR_SESSION_HANDLE_INVALID; goto done; } + //set the handle into the session. + sess->handle = sSession->sessionh; if (sess->digest_ctx.active == FALSE) { TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED)); @@ -2125,6 +2183,8 @@ CK_RV SC_DigestKey(ST_SESSION_HANDLE *sSession, CK_OBJECT_HANDLE hKey) rc = CKR_SESSION_HANDLE_INVALID; goto done; } + //set the handle into the session. + sess->handle = sSession->sessionh; if (sess->digest_ctx.active == FALSE) { TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED)); @@ -2169,6 +2229,8 @@ CK_RV SC_DigestFinal(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pDigest, rc = CKR_SESSION_HANDLE_INVALID; goto done; } + //set the handle into the session. + sess->handle = sSession->sessionh; if (sess->digest_ctx.active == FALSE) { TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED)); @@ -2216,6 +2278,8 @@ CK_RV SC_SignInit(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism, rc = CKR_SESSION_HANDLE_INVALID; goto done; } + //set the handle into the session. + sess->handle = sSession->sessionh; rc = valid_mech(pMechanism, CKF_SIGN); if (rc != CKR_OK) @@ -2271,6 +2335,8 @@ CK_RV SC_Sign(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pData, rc = CKR_SESSION_HANDLE_INVALID; goto done; } + //set the handle into the session. + sess->handle = sSession->sessionh; if (sess->sign_ctx.active == FALSE) { TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED)); @@ -2318,6 +2384,8 @@ CK_RV SC_SignUpdate(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pPart, rc = CKR_SESSION_HANDLE_INVALID; goto done; } + //set the handle into the session. + sess->handle = sSession->sessionh; if (sess->sign_ctx.active == FALSE) { TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED)); @@ -2363,6 +2431,8 @@ CK_RV SC_SignFinal(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pSignature, rc = CKR_SESSION_HANDLE_INVALID; goto done; } + //set the handle into the session. + sess->handle = sSession->sessionh; if (sess->sign_ctx.active == FALSE) { TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED)); @@ -2440,6 +2510,8 @@ CK_RV SC_VerifyInit(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism, rc = CKR_SESSION_HANDLE_INVALID; goto done; } + //set the handle into the session. + sess->handle = sSession->sessionh; if (pin_expired(&sess->session_info, nv_token_data->token_info.flags) == TRUE) { @@ -2492,6 +2564,8 @@ CK_RV SC_Verify(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pData, rc = CKR_SESSION_HANDLE_INVALID; goto done; } + //set the handle into the session. + sess->handle = sSession->sessionh; if (sess->verify_ctx.active == FALSE) { rc = CKR_OPERATION_NOT_INITIALIZED; @@ -2537,6 +2611,8 @@ CK_RV SC_VerifyUpdate(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pPart, rc = CKR_SESSION_HANDLE_INVALID; goto done; } + //set the handle into the session. + sess->handle = sSession->sessionh; if (sess->verify_ctx.active == FALSE) { rc = CKR_OPERATION_NOT_INITIALIZED; @@ -2583,6 +2659,8 @@ CK_RV SC_VerifyFinal(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pSignature, rc = CKR_SESSION_HANDLE_INVALID; goto done; } + //set the handle into the session. + sess->handle = sSession->sessionh; if (sess->verify_ctx.active == FALSE) { rc = CKR_OPERATION_NOT_INITIALIZED; @@ -2718,6 +2796,8 @@ CK_RV SC_GenerateKey(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism, rc = CKR_SESSION_HANDLE_INVALID; goto done; } + //set the handle into the session. + sess->handle = sSession->sessionh; if (pin_expired(&sess->session_info, nv_token_data->token_info.flags) == TRUE) { @@ -2791,6 +2871,8 @@ CK_RV SC_GenerateKeyPair(ST_SESSION_HANDLE *sSession, rc = CKR_SESSION_HANDLE_INVALID; goto done; } + //set the handle into the session. + sess->handle = sSession->sessionh; if (pin_expired(&sess->session_info, nv_token_data->token_info.flags) == TRUE) { @@ -2875,6 +2957,8 @@ CK_RV SC_WrapKey(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism, rc = CKR_SESSION_HANDLE_INVALID; goto done; } + //set the handle into the session. + sess->handle = sSession->sessionh; if (pin_expired(&sess->session_info, nv_token_data->token_info.flags) == TRUE) { @@ -2929,6 +3013,8 @@ CK_RV SC_UnwrapKey(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism, rc = CKR_SESSION_HANDLE_INVALID; goto done; } + //set the handle into the session. + sess->handle = sSession->sessionh; if (pin_expired(&sess->session_info, nv_token_data->token_info.flags) == TRUE) { @@ -2998,6 +3084,8 @@ CK_RV SC_DeriveKey(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism, rc = CKR_SESSION_HANDLE_INVALID; goto done; } + //set the handle into the session. + sess->handle = sSession->sessionh; if (pin_expired(&sess->session_info, nv_token_data->token_info.flags) == TRUE) { @@ -3104,6 +3192,8 @@ CK_RV SC_GenerateRandom(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pRandomData, rc = CKR_SESSION_HANDLE_INVALID; goto done; } + //set the handle into the session. + sess->handle = sSession->sessionh; rc = rng_generate(pRandomData, ulRandomLen); if (rc != CKR_OK)
