commit openCryptoki for openSUSE:Factory

30 Oct 2020

Hello community,

here is the log from the commit of package openCryptoki for openSUSE:Factory checked in at 2020-10-30 11:49:31
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openCryptoki (Old)
 and      /work/SRC/openSUSE:Factory/.openCryptoki.new.3463 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "openCryptoki"

Fri Oct 30 11:49:31 2020 rev:57 rq:844928 version:3.15.1

Changes:
--------

--- /work/SRC/openSUSE:Factory/openCryptoki/openCryptoki.changes	2020-10-27 18:59:19.310759694 +0100
+++ /work/SRC/openSUSE:Factory/.openCryptoki.new.3463/openCryptoki.changes	2020-10-30 11:50:13.949843601 +0100
@@ -4 +4 @@
-- Upgraded to version 3.15.0 (jsc#SLE-13749, jsc#SLE-13666,
+- Upgraded to version 3.15.1 (jsc#SLE-13749, jsc#SLE-13666,
@@ -6,0 +7,2 @@
+  * openCryptoki 3.15.1
+    - Bug fixes

Old:
----
  openCryptoki-3.15.0.tar.gz

New:
----
  openCryptoki-3.15.1.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ openCryptoki.spec ++++++
--- /var/tmp/diff_new_pack.fYRiti/_old	2020-10-30 11:50:14.461844054 +0100
+++ /var/tmp/diff_new_pack.fYRiti/_new	2020-10-30 11:50:14.461844054 +0100
@@ -26,7 +26,7 @@
 %define oc_cvs_tag opencryptoki
 
 Name:           openCryptoki
-Version:        3.15.0
+Version:        3.15.1
 Release:        0
 Summary:        An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM Cryptographic Hardware
 License:        CPL-1.0

++++++ openCryptoki-3.15.0.tar.gz -> openCryptoki-3.15.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opencryptoki-3.15.0/ChangeLog new/opencryptoki-3.15.1/ChangeLog
--- old/opencryptoki-3.15.0/ChangeLog	2020-10-16 15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/ChangeLog	2020-10-28 15:47:43.000000000 +0100
@@ -1,3 +1,6 @@
++ openCryptoki 3.15.1
+- Bug fixes
+
 + openCryptoki 3.15
 - common: conform to PKCS 11 3.0 Baseline Provider profile
 - Introduce new vendor defined interface named "Vendor IBM"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opencryptoki-3.15.0/Makefile.am new/opencryptoki-3.15.1/Makefile.am
--- old/opencryptoki-3.15.0/Makefile.am	2020-10-16 15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/Makefile.am	2020-10-28 15:47:43.000000000 +0100
@@ -165,6 +165,8 @@
 	if test -d $(DESTDIR)$(libdir)/opencryptoki/stdll; then \
 		cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
 		rm -f PKCS11_EP11.so; fi
+	rm -f $(DESTDIR)$(sysconfdir)/opencryptoki/ep11tok.conf 
+	rm -f $(DESTDIR)$(sysconfdir)/opencryptoki/ep11cpfilter.conf
 endif
 if ENABLE_ICATOK
 	if test -d $(DESTDIR)$(libdir)/opencryptoki/stdll; then \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opencryptoki-3.15.0/configure.ac new/opencryptoki-3.15.1/configure.ac
--- old/opencryptoki-3.15.0/configure.ac	2020-10-16 15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/configure.ac	2020-10-28 15:47:43.000000000 +0100
@@ -1,6 +1,6 @@
 dnl Process this file with autoconf to produce a configure script.
 AC_PREREQ([2.69])
-AC_INIT([openCryptoki],[3.15.0],[opencryptoki-tech@lists.sourceforge.net],[],[https://github.com/opencryptoki/opencryptoki])
+AC_INIT([openCryptoki],[3.15.1],[opencryptoki-tech@lists.sourceforge.net],[],[https://github.com/opencryptoki/opencryptoki])
 AC_CONFIG_SRCDIR([testcases/common/common.c])
 
 dnl Needed for $target!
@@ -16,7 +16,7 @@
 AC_CHECK_HEADER_STDBOOL
 AC_CHECK_HEADERS([arpa/inet.h fcntl.h libintl.h limits.h locale.h malloc.h \
 		  nl_types.h stddef.h sys/file.h sys/socket.h sys/time.h   \
-		  sys/timeb.h syslog.h termios.h])
+		  syslog.h termios.h])
 
 dnl Checks for typedefs, structures, and compiler characteristics.
 AC_C_INLINE
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opencryptoki-3.15.0/rpm/opencryptoki.spec new/opencryptoki-3.15.1/rpm/opencryptoki.spec
--- old/opencryptoki-3.15.0/rpm/opencryptoki.spec	2020-10-16 15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/rpm/opencryptoki.spec	2020-10-28 15:47:43.000000000 +0100
@@ -1,8 +1,8 @@
 %global _hardened_build 1
 
 Name:			opencryptoki
-Summary:		Implementation of the PKCS#11 (Cryptoki) specification v2.20
-Version:		3.15.0
+Summary:		Implementation of the PKCS#11 (Cryptoki) specification v3.0
+Version:		3.15.1
 Release:		1%{?dist}
 License:		CPL
 Group:			System Environment/Base
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opencryptoki-3.15.0/testcases/crypto/des3.h new/opencryptoki-3.15.1/testcases/crypto/des3.h
--- old/opencryptoki-3.15.0/testcases/crypto/des3.h	2020-10-16 15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/testcases/crypto/des3.h	2020-10-28 15:47:43.000000000 +0100
@@ -1326,91 +1326,91 @@
 
 /**
  * Derived CBC-MAC test vectors from DES3-CBC test vectors
- * https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/
- * block-ciphers#TDES
+ * http://csrc.nist.gov/groups/STM/cavp/documents/des/tdesmmt.zip
+ * TCBCMMT3.rsp
  **/
 static struct mac_test_vector des3_cbc_mac_tv[] = {
     {   // 0
-        .key = { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
-                 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
-                 0x01,0x01,0x01,0x01,0x01,0x01 },
+        .key = {0x46, 0x13, 0x3d, 0xcb, 0xf2, 0x32, 0xb5, 0x19, 0x64,
+                0xe0, 0xd9, 0x5e, 0x83, 0x20, 0x8f, 0x15, 0x67, 0x32,
+                0xbf, 0x75, 0xb6, 0x73, 0xab, 0xf1},
         .klen = 24,
         .msg = { 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
         .mlen = 8,
-        .mac = { 0x95,0xf8,0xa5,0xe5,0xdd,0x31,0xd9,0x00 },
+        .mac = { 0x36,0x77,0x03,0x73},
         .tlen = 4,
     }, {   // 1
-        .key = { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
-                 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
-                 0x01,0x01,0x01,0x01,0x01,0x01 },
+        .key = {0x46, 0x13, 0x3d, 0xcb, 0xf2, 0x32, 0xb5, 0x19, 0x64,
+                0xe0, 0xd9, 0x5e, 0x83, 0x20, 0x8f, 0x15, 0x67, 0x32,
+                0xbf, 0x75, 0xb6, 0x73, 0xab, 0xf1},
         .klen = 24,
         .msg = { 0x00,0x00,0x00,0x00,0x80,0x00,0x00,0x00 },
         .mlen = 8,
-        .mac = { 0xe9,0x43,0xd7,0x56,0x8a,0xec,0x0c,0x5c },
+        .mac = { 0x97,0x6a,0x35,0x19,0xeb,0xcd},
         .tlen = 6,
     }, {   // 2
-        .key = { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
-                 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
-                 0x01,0x01,0x01,0x01,0x01,0x01 },
+        .key = {0x46, 0x13, 0x3d, 0xcb, 0xf2, 0x32, 0xb5, 0x19, 0x64,
+                0xe0, 0xd9, 0x5e, 0x83, 0x20, 0x8f, 0x15, 0x67, 0x32,
+                0xbf, 0x75, 0xb6, 0x73, 0xab, 0xf1},
         .klen = 24,
         .msg = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 },
         .mlen = 8,
-        .mac = { 0x16,0x6b,0x40,0xb4,0x4a,0xba,0x4b,0xd6 },
+        .mac = { 0xd2,0x36,0x82,0x9a,0x4c},
         .tlen = 5,
     }, {   // 3
-        .key = { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
-                 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
-                 0x01,0x01,0x01,0x01,0x01,0x01 },
+        .key = {0x46, 0x13, 0x3d, 0xcb, 0xf2, 0x32, 0xb5, 0x19, 0x64,
+                0xe0, 0xd9, 0x5e, 0x83, 0x20, 0x8f, 0x15, 0x67, 0x32,
+                0xbf, 0x75, 0xb6, 0x73, 0xab, 0xf1},
         .klen = 24,
         .msg = { 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
         .mlen = 8,
-        .mac = { 0x95,0xf8,0xa5,0xe5,0xdd,0x31,0xd9,0x00 },
+        .mac = { 0x36,0x77,0x03,0x73},
         .tlen = 4,
         .chunks_msg = { 2, 3, 3 },
         .num_chunks_message = 3,
     }, {   // 4
-        .key = { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
-                 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
-                 0x01,0x01,0x01,0x01,0x01,0x01 },
+        .key = {0x46, 0x13, 0x3d, 0xcb, 0xf2, 0x32, 0xb5, 0x19, 0x64,
+                0xe0, 0xd9, 0x5e, 0x83, 0x20, 0x8f, 0x15, 0x67, 0x32,
+                0xbf, 0x75, 0xb6, 0x73, 0xab, 0xf1},
         .klen = 24,
         .msg = { 0x00,0x00,0x00,0x00,0x80,0x00,0x00,0x00 },
         .mlen = 8,
-        .mac = { 0xe9,0x43,0xd7,0x56,0x8a,0xec,0x0c,0x5c },
+        .mac = { 0x97,0x6a,0x35,0x19,0xeb,0xcd},
         .tlen = 6,
         .chunks_msg = { 1, 1, 6 },
         .num_chunks_message = 3,
     }, {   // 5
-        .key = { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
-                 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
-                 0x01,0x01,0x01,0x01,0x01,0x01 },
+        .key = {0x46, 0x13, 0x3d, 0xcb, 0xf2, 0x32, 0xb5, 0x19, 0x64,
+                0xe0, 0xd9, 0x5e, 0x83, 0x20, 0x8f, 0x15, 0x67, 0x32,
+                0xbf, 0x75, 0xb6, 0x73, 0xab, 0xf1},
         .klen = 24,
         .msg = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 },
         .mlen = 8,
-        .mac = { 0x16,0x6b,0x40,0xb4,0x4a,0xba,0x4b,0xd6 },
+        .mac = { 0xd2,0x36,0x82,0x9a,0x4c},
         .tlen = 5,
         .chunks_msg = { 1, 2, 1, 2, 2 },
         .num_chunks_message = 5,
     }, {   // 6
-        .key = { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
-                 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
-                 0x01,0x01,0x01,0x01,0x01,0x01 },
+        .key = {0x46, 0x13, 0x3d, 0xcb, 0xf2, 0x32, 0xb5, 0x19, 0x64,
+                0xe0, 0xd9, 0x5e, 0x83, 0x20, 0x8f, 0x15, 0x67, 0x32,
+                0xbf, 0x75, 0xb6, 0x73, 0xab, 0xf1},
         .klen = 24,
         .msg = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,
                  0x00,0x00,0x00,0x00,0x00,0x00,0x01 },
         .mlen = 16,
-        .mac = { 0x81,0x5a,0xfa,0x40,0x74,0xd8,0x13,0x4f },
+        .mac = { 0xcd,0x02,0xf0,0xd2,0xb4},
         .tlen = 5,
         .chunks_msg = { 5, 5, 1, 2, 3 },
         .num_chunks_message = 5,
     }, {   // 7
-        .key = { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
-                 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
-                 0x01,0x01,0x01,0x01,0x01,0x01 },
+        .key = {0x46, 0x13, 0x3d, 0xcb, 0xf2, 0x32, 0xb5, 0x19, 0x64,
+                0xe0, 0xd9, 0x5e, 0x83, 0x20, 0x8f, 0x15, 0x67, 0x32,
+                0xbf, 0x75, 0xb6, 0x73, 0xab, 0xf1},
         .klen = 24,
         .msg = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,
                  0x00,0x00,0x00,0x00,0x01 },
         .mlen = 14,
-        .mac = { 0xbb,0x1d,0x86,0x63,0x99,0x3a,0x58,0xcc },
+        .mac = { 0x59,0x45,0x53,0xd5,0x67},
         .tlen = 5,
         .chunks_msg = { 7, 2, 1, 2, 2 },
         .num_chunks_message = 5,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opencryptoki-3.15.0/testcases/login/digest_init.c new/opencryptoki-3.15.1/testcases/login/digest_init.c
--- old/opencryptoki-3.15.0/testcases/login/digest_init.c	2020-10-16 15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/testcases/login/digest_init.c	2020-10-28 15:47:43.000000000 +0100
@@ -14,7 +14,6 @@
 #include <memory.h>
 
 #include <dlfcn.h>
-#include <sys/timeb.h>
 
 #include "pkcs11types.h"
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opencryptoki-3.15.0/testcases/login/init_pin.c new/opencryptoki-3.15.1/testcases/login/init_pin.c
--- old/opencryptoki-3.15.0/testcases/login/init_pin.c	2020-10-16 15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/testcases/login/init_pin.c	2020-10-28 15:47:43.000000000 +0100
@@ -14,7 +14,6 @@
 #include <memory.h>
 
 #include <dlfcn.h>
-#include <sys/timeb.h>
 
 #include "pkcs11types.h"
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opencryptoki-3.15.0/testcases/login/login.c new/opencryptoki-3.15.1/testcases/login/login.c
--- old/opencryptoki-3.15.0/testcases/login/login.c	2020-10-16 15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/testcases/login/login.c	2020-10-28 15:47:43.000000000 +0100
@@ -14,7 +14,6 @@
 #include <memory.h>
 
 #include <dlfcn.h>
-#include <sys/timeb.h>
 
 #include "pkcs11types.h"
 #include "regress.h"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opencryptoki-3.15.0/testcases/login/set_pin.c new/opencryptoki-3.15.1/testcases/login/set_pin.c
--- old/opencryptoki-3.15.0/testcases/login/set_pin.c	2020-10-16 15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/testcases/login/set_pin.c	2020-10-28 15:47:43.000000000 +0100
@@ -15,7 +15,6 @@
 #include <memory.h>
 
 #include <dlfcn.h>
-#include <sys/timeb.h>
 
 #include "pkcs11types.h"
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opencryptoki-3.15.0/testcases/misc_tests/fork.c new/opencryptoki-3.15.1/testcases/misc_tests/fork.c
--- old/opencryptoki-3.15.0/testcases/misc_tests/fork.c	2020-10-16 15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/testcases/misc_tests/fork.c	2020-10-28 15:47:43.000000000 +0100
@@ -20,7 +20,6 @@
 #include <unistd.h>
 
 #include <dlfcn.h>
-#include <sys/timeb.h>
 #include <sys/types.h>
 #include <sys/wait.h>
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opencryptoki-3.15.0/testcases/misc_tests/multi_instance.c new/opencryptoki-3.15.1/testcases/misc_tests/multi_instance.c
--- old/opencryptoki-3.15.0/testcases/misc_tests/multi_instance.c	2020-10-16 15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/testcases/misc_tests/multi_instance.c	2020-10-28 15:47:43.000000000 +0100
@@ -20,7 +20,6 @@
 #include <unistd.h>
 
 #include <dlfcn.h>
-#include <sys/timeb.h>
 #include <sys/types.h>
 #include <sys/wait.h>
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opencryptoki-3.15.0/testcases/misc_tests/obj_lock.c new/opencryptoki-3.15.1/testcases/misc_tests/obj_lock.c
--- old/opencryptoki-3.15.0/testcases/misc_tests/obj_lock.c	2020-10-16 15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/testcases/misc_tests/obj_lock.c	2020-10-28 15:47:43.000000000 +0100
@@ -21,7 +21,6 @@
 #include <pthread.h>
 
 #include <dlfcn.h>
-#include <sys/timeb.h>
 #include <sys/types.h>
 #include <sys/wait.h>
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opencryptoki-3.15.0/testcases/misc_tests/reencrypt.c new/opencryptoki-3.15.1/testcases/misc_tests/reencrypt.c
--- old/opencryptoki-3.15.0/testcases/misc_tests/reencrypt.c	2020-10-16 15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/testcases/misc_tests/reencrypt.c	2020-10-28 15:47:43.000000000 +0100
@@ -20,7 +20,6 @@
 #include <unistd.h>
 
 #include <dlfcn.h>
-#include <sys/timeb.h>
 #include <sys/types.h>
 #include <sys/wait.h>
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opencryptoki-3.15.0/testcases/misc_tests/speed.c new/opencryptoki-3.15.1/testcases/misc_tests/speed.c
--- old/opencryptoki-3.15.0/testcases/misc_tests/speed.c	2020-10-16 15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/testcases/misc_tests/speed.c	2020-10-28 15:47:43.000000000 +0100
@@ -27,7 +27,6 @@
 #include <memory.h>
 #include <sys/types.h>
 #include <sys/time.h>
-#include <sys/timeb.h>
 
 #include "pkcs11types.h"
 #include "regress.h"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opencryptoki-3.15.0/testcases/misc_tests/tok2tok_transport.c new/opencryptoki-3.15.1/testcases/misc_tests/tok2tok_transport.c
--- old/opencryptoki-3.15.0/testcases/misc_tests/tok2tok_transport.c	2020-10-16 15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/testcases/misc_tests/tok2tok_transport.c	2020-10-28 15:47:43.000000000 +0100
@@ -20,7 +20,6 @@
 #include <unistd.h>
 
 #include <dlfcn.h>
-#include <sys/timeb.h>
 #include <sys/types.h>
 #include <sys/wait.h>
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opencryptoki-3.15.0/testcases/misc_tests/tok_des.c new/opencryptoki-3.15.1/testcases/misc_tests/tok_des.c
--- old/opencryptoki-3.15.0/testcases/misc_tests/tok_des.c	2020-10-16 15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/testcases/misc_tests/tok_des.c	2020-10-28 15:47:43.000000000 +0100
@@ -19,7 +19,6 @@
 #include <memory.h>
 
 #include <dlfcn.h>
-#include <sys/timeb.h>
 
 #include "pkcs11types.h"
 #include "regress.h"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opencryptoki-3.15.0/testcases/misc_tests/tok_rsa.c new/opencryptoki-3.15.1/testcases/misc_tests/tok_rsa.c
--- old/opencryptoki-3.15.0/testcases/misc_tests/tok_rsa.c	2020-10-16 15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/testcases/misc_tests/tok_rsa.c	2020-10-28 15:47:43.000000000 +0100
@@ -19,7 +19,6 @@
 #include <memory.h>
 
 #include <dlfcn.h>
-#include <sys/timeb.h>
 
 #include "pkcs11types.h"
 #include "regress.h"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opencryptoki-3.15.0/usr/lib/cca_stdll/cca_specific.c new/opencryptoki-3.15.1/usr/lib/cca_stdll/cca_specific.c
--- old/opencryptoki-3.15.0/usr/lib/cca_stdll/cca_specific.c	2020-10-16 15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/usr/lib/cca_stdll/cca_specific.c	2020-10-28 15:47:43.000000000 +0100
@@ -526,7 +526,7 @@
 
     UNUSED(tokdata);
 
-    *des_key = malloc(CCA_KEY_ID_SIZE);
+    *des_key = calloc(CCA_KEY_ID_SIZE, 1);
     if (*des_key == NULL)
         return CKR_HOST_MEMORY;
     *len = CCA_KEY_ID_SIZE;
@@ -1734,7 +1734,7 @@
 
     UNUSED(tokdata);
 
-    *aes_key = malloc(CCA_KEY_ID_SIZE);
+    *aes_key = calloc(CCA_KEY_ID_SIZE, 1);
     if (*aes_key == NULL)
         return CKR_HOST_MEMORY;
     *len = CCA_KEY_ID_SIZE;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opencryptoki-3.15.0/usr/lib/common/mech_aes.c new/opencryptoki-3.15.1/usr/lib/common/mech_aes.c
--- old/opencryptoki-3.15.0/usr/lib/common/mech_aes.c	2020-10-16 15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/usr/lib/common/mech_aes.c	2020-10-28 15:47:43.000000000 +0100
@@ -3409,7 +3409,8 @@
     } else {
         if (token_keysize != key_size) {
             TRACE_ERROR("Invalid key size: %lu\n", token_keysize);
-            return CKR_FUNCTION_FAILED;
+            rc = CKR_FUNCTION_FAILED;
+            goto err;
         }
     }
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opencryptoki-3.15.0/usr/lib/common/mech_des.c new/opencryptoki-3.15.1/usr/lib/common/mech_des.c
--- old/opencryptoki-3.15.0/usr/lib/common/mech_des.c	2020-10-16 15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/usr/lib/common/mech_des.c	2020-10-28 15:47:43.000000000 +0100
@@ -1256,7 +1256,8 @@
     } else {
         if (keysize != DES_KEY_SIZE) {
             TRACE_ERROR("Invalid key size: %lu\n", keysize);
-            return CKR_FUNCTION_FAILED;
+            rc = CKR_FUNCTION_FAILED;
+            goto err;
         }
     }
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opencryptoki-3.15.0/usr/lib/common/mech_des3.c new/opencryptoki-3.15.1/usr/lib/common/mech_des3.c
--- old/opencryptoki-3.15.0/usr/lib/common/mech_des3.c	2020-10-16 15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/usr/lib/common/mech_des3.c	2020-10-28 15:47:43.000000000 +0100
@@ -2743,7 +2743,8 @@
     } else {
         if (keysize != 3 * DES_KEY_SIZE) {
             TRACE_ERROR("Invalid key size: %lu\n", keysize);
-            return CKR_FUNCTION_FAILED;
+            rc = CKR_FUNCTION_FAILED;
+            goto err;
         }
     }
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opencryptoki-3.15.0/usr/lib/common/obj_mgr.c new/opencryptoki-3.15.1/usr/lib/common/obj_mgr.c
--- old/opencryptoki-3.15.0/usr/lib/common/obj_mgr.c	2020-10-16 15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/usr/lib/common/obj_mgr.c	2020-10-28 15:47:43.000000000 +0100
@@ -721,9 +721,26 @@
     OBJECT_MAP *map;
     OBJECT *o = NULL;
     CK_BBOOL locked = FALSE;
+    CK_BBOOL priv_obj;
+    CK_BBOOL sess_obj;
 
     UNUSED(sess);
 
+    rc = object_mgr_find_in_map1(tokdata, handle, &o, READ_LOCK);
+    if (rc != CKR_OK || o == NULL) {
+        TRACE_DEVEL("object_mgr_find_in_map1 failed.\n");
+        return CKR_OBJECT_HANDLE_INVALID;
+    }
+
+    sess_obj = object_is_session_object(o);
+    priv_obj = object_is_private(o);
+
+    rc = object_mgr_check_session(sess, priv_obj, sess_obj);
+    object_put(tokdata, o, TRUE);
+    o = NULL;
+    if (rc != CKR_OK)
+        return rc;
+
     /* Don't use a delete callback, the map will be freed below */
     map = bt_node_free(&tokdata->object_map_btree, handle, FALSE);
     if (map == NULL) {
@@ -731,10 +748,6 @@
         return CKR_OBJECT_HANDLE_INVALID;
     }
 
-    rc = object_mgr_check_session(sess, map->is_private, map->is_session_obj);
-    if (rc != CKR_OK)
-        goto done;
-
     if (map->is_session_obj) {
         bt_node_free(&tokdata->sess_obj_btree, map->obj_handle, TRUE);
     } else {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opencryptoki-3.15.0/usr/lib/common/template.c new/opencryptoki-3.15.1/usr/lib/common/template.c
--- old/opencryptoki-3.15.0/usr/lib/common/template.c	2020-10-16 15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/usr/lib/common/template.c	2020-10-28 15:47:43.000000000 +0100
@@ -484,6 +484,7 @@
  */
 CK_RV template_copy(TEMPLATE *dest, TEMPLATE *src)
 {
+    char unique_id_str[2 * UNIQUE_ID_LEN + 1];
     DL_NODE *node;
 
     if (!dest || !src) {
@@ -509,12 +510,19 @@
         new_attr->pValue = (CK_BYTE *) new_attr + sizeof(CK_ATTRIBUTE);
 
         if (attr->type == CKA_UNIQUE_ID) {
-            if (get_unique_id_str(new_attr->pValue) != CKR_OK) {
+            if (attr->ulValueLen < 2 * UNIQUE_ID_LEN) {
+                free(new_attr);
+                TRACE_ERROR("%s\n", ock_err(ERR_ATTRIBUTE_VALUE_INVALID));
+                return CKR_ATTRIBUTE_VALUE_INVALID;
+            }
+            if (get_unique_id_str(unique_id_str) != CKR_OK) {
                 free(new_attr);
                 TRACE_ERROR("%s\n", ock_err(ERR_FUNCTION_FAILED));
                 return CKR_FUNCTION_FAILED;
-	    }
-	}
+            }
+            memcpy(new_attr->pValue, unique_id_str, 2 * UNIQUE_ID_LEN);
+            new_attr->ulValueLen = 2 * UNIQUE_ID_LEN;
+        }
 
         dest->attribute_list = dlist_add_as_first(dest->attribute_list,
                                                   new_attr);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opencryptoki-3.15.0/usr/lib/tpm_stdll/tpm_openssl.c new/opencryptoki-3.15.1/usr/lib/tpm_stdll/tpm_openssl.c
--- old/opencryptoki-3.15.0/usr/lib/tpm_stdll/tpm_openssl.c	2020-10-16 15:13:04.000000000 +0200
+++ new/opencryptoki-3.15.1/usr/lib/tpm_stdll/tpm_openssl.c	2020-10-28 15:47:43.000000000 +0100
@@ -98,8 +98,14 @@
 
     if (EVP_PKEY_keygen_init(ctx) <= 0
         || EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0
-        || EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, bne) <= 0
-        || EVP_PKEY_keygen(ctx, &pkey) <= 0
+        || EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, bne) <= 0) {
+        fprintf(stderr, "Error generating user's RSA key\n");
+        ERR_load_crypto_strings();
+        ERR_print_errors_fp(stderr);
+        goto err;
+    }
+    bne = NULL; // will be freed as part of the context
+    if (EVP_PKEY_keygen(ctx, &pkey) <= 0
         || (rsa = EVP_PKEY_get1_RSA(pkey)) == NULL) {
         fprintf(stderr, "Error generating user's RSA key\n");
         ERR_load_crypto_strings();
@@ -109,13 +115,14 @@
 #if OPENSSL_VERSION_NUMBER < 0x10101000L
     rc = RSA_check_key(rsa);
 #else
-    rc = EVP_PKEY_check(ctx) == 1 ? 1 : 0;
+    rc = (EVP_PKEY_check(ctx) == 1 ? 1 : 0);
 #endif
 #endif
     switch (rc) {
     case 0:
         /* rsa is not a valid RSA key */
         RSA_free(rsa);
+        rsa = NULL;
         counter++;
         if (counter == KEYGEN_RETRY) {
             TRACE_DEVEL("Tried %d times to generate a "

    

root

tags

participants (1)