Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package pkcs11-helper for openSUSE:Factory checked in at 2022-10-27 13:52:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pkcs11-helper (Old) and /work/SRC/openSUSE:Factory/.pkcs11-helper.new.2275 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pkcs11-helper" Thu Oct 27 13:52:15 2022 rev:28 rq:1031219 version:1.29.0 Changes: -------- --- /work/SRC/openSUSE:Factory/pkcs11-helper/pkcs11-helper.changes 2022-02-28 19:43:31.525940323 +0100 +++ /work/SRC/openSUSE:Factory/.pkcs11-helper.new.2275/pkcs11-helper.changes 2022-10-27 13:52:18.640001087 +0200 @@ -1,0 +2,8 @@ +Fri Oct 14 01:34:06 UTC 2022 - Jason Sikes <[email protected]> + +- Update to 1.29.0: + * build: do not fail if slot evnets are disabled, thanks to Fabrice Fontaine. + * core: do not assume standard objects supported by provider. + * openssl: set back key into EVP for openssl-3 to work, thanks to apollo13. + +------------------------------------------------------------------- Old: ---- pkcs11-helper-1.28.0.tar.bz2 New: ---- pkcs11-helper-1.29.0.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pkcs11-helper.spec ++++++ --- /var/tmp/diff_new_pack.1PmiKj/_old 2022-10-27 13:52:19.140003591 +0200 +++ /var/tmp/diff_new_pack.1PmiKj/_new 2022-10-27 13:52:19.148003631 +0200 @@ -17,13 +17,13 @@ Name: pkcs11-helper -Version: 1.28.0 +Version: 1.29.0 Release: 0 Summary: Helper Library for the Use with Smart Cards and the PKCS#11 API License: BSD-3-Clause AND GPL-2.0-only Group: Development/Libraries/C and C++ URL: https://github.com/OpenSC/OpenSC/wiki -Source0: https://github.com/OpenSC/%{name}/releases/download/%{name}-1.28/%{name}-%{version}.tar.bz2 +Source0: https://github.com/OpenSC/%{name}/releases/download/%{name}-%{version}/%{name}-%{version}.tar.bz2 Source2: baselibs.conf BuildRequires: doxygen BuildRequires: fdupes ++++++ pkcs11-helper-1.28.0.tar.bz2 -> pkcs11-helper-1.29.0.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pkcs11-helper-1.28.0/ChangeLog new/pkcs11-helper-1.29.0/ChangeLog --- old/pkcs11-helper-1.28.0/ChangeLog 2021-12-31 20:16:07.000000000 +0100 +++ new/pkcs11-helper-1.29.0/ChangeLog 2022-04-21 09:06:43.000000000 +0200 @@ -1,5 +1,11 @@ pkcs11-helper -Copyright (c) 2005-2021 Alon Bar-Lev <[email protected]> +Copyright (c) 2005-2022 Alon Bar-Lev <[email protected]> + +2020-04-21 - Version 1.29.0 + +* build: do not fail if slot evnets are disabled, thanks to Fabrice Fontaine. +* core: do not assume standard objects supported by provider. +* openssl: set back key into EVP for openssl-3 to work, thanks to apollo13. 2021-12-31 - Version 1.28 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pkcs11-helper-1.28.0/config-w32-vc.h new/pkcs11-helper-1.29.0/config-w32-vc.h --- old/pkcs11-helper-1.28.0/config-w32-vc.h 2021-12-31 20:17:53.000000000 +0100 +++ new/pkcs11-helper-1.29.0/config-w32-vc.h 2022-04-21 09:07:25.000000000 +0200 @@ -127,13 +127,13 @@ #define PACKAGE_NAME "pkcs11-helper" /* Define to the full name and version of this package. */ -#define PACKAGE_STRING "pkcs11-helper 1.28.0" +#define PACKAGE_STRING "pkcs11-helper 1.29.0" /* Define to the one symbol short name of this package. */ #define PACKAGE_TARNAME "pkcs11-helper" /* Define to the version of this package. */ -#define PACKAGE_VERSION "1.28.0" +#define PACKAGE_VERSION "1.29.0" /* Define if you are on Cygwin */ /* #undef PKCS11H_USE_CYGWIN */ @@ -163,7 +163,7 @@ /* #undef USE_VALGRIND */ /* Version number of package */ -#define VERSION "1.28.0" +#define VERSION "1.29.0" /* Define to empty if `const' does not conform to ANSI C. */ /* #undef const */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pkcs11-helper-1.28.0/configure new/pkcs11-helper-1.29.0/configure --- old/pkcs11-helper-1.28.0/configure 2021-12-31 20:17:21.000000000 +0100 +++ new/pkcs11-helper-1.29.0/configure 2022-04-21 09:06:51.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for pkcs11-helper 1.28.0. +# Generated by GNU Autoconf 2.69 for pkcs11-helper 1.29.0. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -587,8 +587,8 @@ # Identity of this package. PACKAGE_NAME='pkcs11-helper' PACKAGE_TARNAME='pkcs11-helper' -PACKAGE_VERSION='1.28.0' -PACKAGE_STRING='pkcs11-helper 1.28.0' +PACKAGE_VERSION='1.29.0' +PACKAGE_STRING='pkcs11-helper 1.29.0' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1405,7 +1405,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures pkcs11-helper 1.28.0 to adapt to many kinds of systems. +\`configure' configures pkcs11-helper 1.29.0 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1476,7 +1476,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of pkcs11-helper 1.28.0:";; + short | recursive ) echo "Configuration of pkcs11-helper 1.29.0:";; esac cat <<\_ACEOF @@ -1638,7 +1638,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -pkcs11-helper configure 1.28.0 +pkcs11-helper configure 1.29.0 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2240,7 +2240,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by pkcs11-helper $as_me 1.28.0, which was +It was created by pkcs11-helper $as_me 1.29.0, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3110,7 +3110,7 @@ # Define the identity of the package. PACKAGE='pkcs11-helper' - VERSION='1.28.0' + VERSION='1.29.0' cat >>confdefs.h <<_ACEOF @@ -3205,7 +3205,7 @@ PKCS11H_VERSION_MAJOR="1" -PKCS11H_VERSION_MINOR="$(echo 28 | sed 's/^0*//')" +PKCS11H_VERSION_MINOR="$(echo 29 | sed 's/^0*//')" PKCS11H_VERSION_FIX="0" @@ -15621,7 +15621,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by pkcs11-helper $as_me 1.28.0, which was +This file was extended by pkcs11-helper $as_me 1.29.0, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -15687,7 +15687,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -pkcs11-helper config.status 1.28.0 +pkcs11-helper config.status 1.29.0 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pkcs11-helper-1.28.0/configure.ac new/pkcs11-helper-1.29.0/configure.ac --- old/pkcs11-helper-1.28.0/configure.ac 2021-12-31 20:15:45.000000000 +0100 +++ new/pkcs11-helper-1.29.0/configure.ac 2022-04-21 09:06:43.000000000 +0200 @@ -51,7 +51,7 @@ AC_PREREQ(2.60) define([PACKAGE_VERSION_MAJOR], [1]) -define([PACKAGE_VERSION_MINOR], [28]) +define([PACKAGE_VERSION_MINOR], [29]) define([PACKAGE_VERSION_FIX], [0]) define([PACKAGE_SUFFIX], []) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pkcs11-helper-1.28.0/distro/rpm/pkcs11-helper.spec new/pkcs11-helper-1.29.0/distro/rpm/pkcs11-helper.spec --- old/pkcs11-helper-1.28.0/distro/rpm/pkcs11-helper.spec 2021-12-31 20:17:54.000000000 +0100 +++ new/pkcs11-helper-1.29.0/distro/rpm/pkcs11-helper.spec 2022-04-21 09:07:25.000000000 +0200 @@ -2,7 +2,7 @@ %bcond_with doc %define name pkcs11-helper -%define version 1.28.0 +%define version 1.29.0 %define release 2 %define prefix /usr diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pkcs11-helper-1.28.0/include/pkcs11-helper-1.0/pkcs11.h new/pkcs11-helper-1.29.0/include/pkcs11-helper-1.0/pkcs11.h --- old/pkcs11-helper-1.28.0/include/pkcs11-helper-1.0/pkcs11.h 2021-09-26 19:24:35.000000000 +0200 +++ new/pkcs11-helper-1.29.0/include/pkcs11-helper-1.0/pkcs11.h 2022-02-04 21:35:00.000000000 +0100 @@ -552,6 +552,14 @@ #define CKM_SHA512_RSA_PKCS_PSS (0x45UL) #define CKM_SHA224_RSA_PKCS (0x46UL) #define CKM_SHA224_RSA_PKCS_PSS (0x47UL) +#define CKM_SHA3_256_RSA_PKCS (0x60UL) +#define CKM_SHA3_384_RSA_PKCS (0x61UL) +#define CKM_SHA3_512_RSA_PKCS (0x62UL) +#define CKM_SHA3_256_RSA_PKCS_PSS (0x63UL) +#define CKM_SHA3_384_RSA_PKCS_PSS (0x64UL) +#define CKM_SHA3_512_RSA_PKCS_PSS (0x65UL) +#define CKM_SHA3_224_RSA_PKCS (0x66UL) +#define CKM_SHA3_224_RSA_PKCS_PSS (0x67UL) #define CKM_RC2_KEY_GEN (0x100UL) #define CKM_RC2_ECB (0x101UL) #define CKM_RC2_CBC (0x102UL) @@ -573,6 +581,7 @@ #define CKM_DES3_MAC (0x134UL) #define CKM_DES3_MAC_GENERAL (0x135UL) #define CKM_DES3_CBC_PAD (0x136UL) +#define CKM_DES3_CMAC_GENERAL (0x137UL) #define CKM_DES3_CMAC (0x138UL) #define CKM_CDMF_KEY_GEN (0x140UL) #define CKM_CDMF_ECB (0x141UL) @@ -610,15 +619,19 @@ #define CKM_SHA3_256 (0x2B0UL) #define CKM_SHA3_256_HMAC (0x2B1UL) #define CKM_SHA3_256_HMAC_GENERAL (0x2B2UL) +#define CKM_SHA3_256_KEY_GEN (0x2B3UL) #define CKM_SHA3_224 (0x2B5UL) #define CKM_SHA3_224_HMAC (0x2B6UL) #define CKM_SHA3_224_HMAC_GENERAL (0x2B7UL) +#define CKM_SHA3_224_KEY_GEN (0x2B8UL) #define CKM_SHA3_384 (0x2C0UL) #define CKM_SHA3_384_HMAC (0x2C1UL) #define CKM_SHA3_384_HMAC_GENERAL (0x2C2UL) +#define CKM_SHA3_384_KEY_GEN (0x2C3UL) #define CKM_SHA3_512 (0x2D0UL) #define CKM_SHA3_512_HMAC (0x2D1UL) #define CKM_SHA3_512_HMAC_GENERAL (0x2D2UL) +#define CKM_SHA3_512_KEY_GEN (0x2D3UL) #define CKM_CAST_KEY_GEN (0x300UL) #define CKM_CAST_ECB (0x301UL) #define CKM_CAST_CBC (0x302UL) @@ -721,6 +734,10 @@ #define CKM_ECDSA_SHA256 (0x1044UL) #define CKM_ECDSA_SHA384 (0x1045UL) #define CKM_ECDSA_SHA512 (0x1046UL) +#define CKM_ECDSA_SHA3_224 (0x1047UL) +#define CKM_ECDSA_SHA3_256 (0x1048UL) +#define CKM_ECDSA_SHA3_384 (0x1049UL) +#define CKM_ECDSA_SHA3_512 (0x104AUL) #define CKM_ECDH1_DERIVE (0x1050UL) #define CKM_ECDH1_COFACTOR_DERIVE (0x1051UL) #define CKM_ECMQV_DERIVE (0x1052UL) @@ -745,6 +762,10 @@ #define CKM_AES_CCM (0x1088UL) #define CKM_AES_CTS (0x1089UL) #define CKM_AES_CMAC (0x108AUL) +#define CKM_AES_CMAC_GENERAL (0x108BUL) +#define CKM_AES_XCBC_MAC (0x108CUL) +#define CKM_AES_XCBC_MAC_96 (0x108DUL) +#define CKM_AES_GMAC (0x108EUL) #define CKM_BLOWFISH_KEY_GEN (0x1090UL) #define CKM_BLOWFISH_CBC (0x1091UL) #define CKM_TWOFISH_KEY_GEN (0x1092UL) @@ -780,11 +801,17 @@ #define CKM_DSA_PARAMETER_GEN (0x2000UL) #define CKM_DH_PKCS_PARAMETER_GEN (0x2001UL) #define CKM_X9_42_DH_PARAMETER_GEN (0x2002UL) +#define CKM_AES_OFB (0x2104UL) +#define CKM_AES_CFB64 (0x2105UL) +#define CKM_AES_CFB8 (0x2106UL) +#define CKM_AES_CFB128 (0x2107UL) #define CKM_AES_KEY_WRAP (0x2109UL) +#define CKM_AES_KEY_WRAP_PAD (0x210AUL) #define CKM_XEDDSA (0x4029UL) -#define CKM_VENDOR_DEFINED (1UL << 31) +#define CKM_VENDOR_DEFINED (1UL << 31) + struct ck_mechanism { ck_mechanism_type_t mechanism; @@ -801,6 +828,14 @@ }; #define CKF_HW (1UL << 0) + +#define CKF_MESSAGE_ENCRYPT (1UL << 1) +#define CKF_MESSAGE_DECRYPT (1UL << 2) +#define CKF_MESSAGE_SIGN (1UL << 3) +#define CKF_MESSAGE_VERIFY (1UL << 4) +#define CKF_MULTI_MESSAGE (1UL << 5) +#define CKF_FIND_OBJECTS (1UL << 6) + #define CKF_ENCRYPT (1UL << 8) #define CKF_DECRYPT (1UL << 9) #define CKF_DIGEST (1UL << 10) @@ -878,6 +913,10 @@ #define CKG_MGF1_SHA256 (0x00000002UL) #define CKG_MGF1_SHA384 (0x00000003UL) #define CKG_MGF1_SHA512 (0x00000004UL) +#define CKG_MGF1_SHA3_224 (0x00000006UL) +#define CKG_MGF1_SHA3_256 (0x00000007UL) +#define CKG_MGF1_SHA3_384 (0x00000008UL) +#define CKG_MGF1_SHA3_512 (0x00000009UL) #define CKZ_DATA_SPECIFIED (0x00000001UL) @@ -906,6 +945,13 @@ typedef CK_XEDDSA_PARAMS *CK_XEDDSA_PARAMS_PTR; +typedef struct CK_AES_CTR_PARAMS { + unsigned long ulCounterBits; + unsigned char cb[16]; +} CK_AES_CTR_PARAMS; + +typedef CK_AES_CTR_PARAMS *CK_AES_CTR_PARAMS_PTR; + typedef unsigned long ck_rv_t; @@ -1210,7 +1256,7 @@ _CK_DECLARE_FUNCTION (C_GetInterface, (unsigned char *interface_name, struct ck_version *version, - struct ck_interface **interface, + struct ck_interface **interface_ptr, ck_flags_t flags)); _CK_DECLARE_FUNCTION (C_LoginUser, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pkcs11-helper-1.28.0/include/pkcs11-helper-1.0/pkcs11h-version.h new/pkcs11-helper-1.29.0/include/pkcs11-helper-1.0/pkcs11h-version.h --- old/pkcs11-helper-1.28.0/include/pkcs11-helper-1.0/pkcs11h-version.h 2021-12-31 20:17:53.000000000 +0100 +++ new/pkcs11-helper-1.29.0/include/pkcs11-helper-1.0/pkcs11h-version.h 2022-04-21 09:07:25.000000000 +0200 @@ -70,7 +70,7 @@ */ #define PKCS11H_VERSION ( \ (1<<16) | \ - (28<<8) | \ + (29<<8) | \ (0<<0) \ ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pkcs11-helper-1.28.0/lib/pkcs11h-certificate.c new/pkcs11-helper-1.29.0/lib/pkcs11h-certificate.c --- old/pkcs11-helper-1.28.0/lib/pkcs11h-certificate.c 2021-12-31 19:33:35.000000000 +0100 +++ new/pkcs11-helper-1.29.0/lib/pkcs11h-certificate.c 2022-04-07 19:01:01.000000000 +0200 @@ -300,6 +300,16 @@ pkcs11h_getMessage (rv) ); } + else if (attrs[0].ulValueLen == CK_UNAVAILABLE_INFORMATION) { + _PKCS11H_DEBUG ( + PKCS11H_LOG_DEBUG1, + "PKCS#11: Cannot certificate '%s' object %ld rv=%lu-'%s'", + certificate->session->provider->manufacturerID, + objects[i], + rv, + pkcs11h_getMessage (rv) + ); + } else { if ( _pkcs11h_certificate_isBetterCertificate ( @@ -500,11 +510,12 @@ op_succeed = TRUE; } else { - CK_BBOOL *key_attrs_sign; - CK_BBOOL *key_attrs_sign_recover; - CK_BBOOL *key_attrs_decrypt; - CK_BBOOL *key_attrs_unwrap; - CK_BBOOL *key_attrs_always_authenticate; + CK_BBOOL *key_attrs_sign = NULL; + CK_BBOOL *key_attrs_sign_recover = NULL; + CK_BBOOL *key_attrs_decrypt = NULL; + CK_BBOOL *key_attrs_unwrap = NULL; + CK_BBOOL *key_attrs_always_authenticate = NULL; + int i; if ( (rv = _pkcs11h_session_getObjectAttributes ( @@ -517,11 +528,26 @@ goto retry; } - key_attrs_sign = (CK_BBOOL *)key_attrs[0].pValue; - key_attrs_sign_recover = (CK_BBOOL *)key_attrs[1].pValue; - key_attrs_decrypt = (CK_BBOOL *)key_attrs[2].pValue; - key_attrs_unwrap = (CK_BBOOL *)key_attrs[3].pValue; - key_attrs_always_authenticate = (CK_BBOOL *)key_attrs[4].pValue; + i=0; + if (key_attrs[i].ulValueLen != CK_UNAVAILABLE_INFORMATION) { + key_attrs_sign = (CK_BBOOL *)key_attrs[i].pValue; + } + i++; + if (key_attrs[i].ulValueLen != CK_UNAVAILABLE_INFORMATION) { + key_attrs_sign_recover = (CK_BBOOL *)key_attrs[i].pValue; + } + i++; + if (key_attrs[i].ulValueLen != CK_UNAVAILABLE_INFORMATION) { + key_attrs_decrypt = (CK_BBOOL *)key_attrs[i].pValue; + } + i++; + if (key_attrs[i].ulValueLen != CK_UNAVAILABLE_INFORMATION) { + key_attrs_unwrap = (CK_BBOOL *)key_attrs[i].pValue; + } + i++; + if (key_attrs[i].ulValueLen != CK_UNAVAILABLE_INFORMATION) { + key_attrs_always_authenticate = (CK_BBOOL *)key_attrs[i].pValue; + } if (key_attrs_sign != NULL && *key_attrs_sign != CK_FALSE) { certificate->mask_private_mode |= PKCS11H_PRIVATEMODE_MASK_SIGN; @@ -541,7 +567,7 @@ } if (key_attrs_always_authenticate != NULL) { - certificate->always_authenticate = *key_attrs_always_authenticate != 0; + certificate->always_authenticate = *key_attrs_always_authenticate != CK_FALSE; } if (strlen(certificate->id->displayName) == 0) { @@ -2567,8 +2593,10 @@ * won't be able to retrieve them. */ if ( + attrs[0].ulValueLen == CK_UNAVAILABLE_INFORMATION || attrs[0].pValue == NULL || - attrs[0].ulValueLen == 0 + attrs[0].ulValueLen == 0 || + attrs[1].ulValueLen == CK_UNAVAILABLE_INFORMATION ) { rv = CKR_OK; goto retry1; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pkcs11-helper-1.28.0/lib/pkcs11h-core.c new/pkcs11-helper-1.29.0/lib/pkcs11h-core.c --- old/pkcs11-helper-1.28.0/lib/pkcs11h-core.c 2021-12-31 19:33:35.000000000 +0100 +++ new/pkcs11-helper-1.29.0/lib/pkcs11h-core.c 2022-04-06 20:09:20.000000000 +0200 @@ -726,9 +726,11 @@ switch (property) { case PKCS11H_PROPERTY_SLOT_EVENT_HOOK: +#if defined(ENABLE_PKCS11H_SLOTEVENT) if ((rv = _pkcs11h_slotevent_init ()) != CKR_OK) { goto cleanup; } +#endif break; } cleanup: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pkcs11-helper-1.28.0/lib/pkcs11h-data.c new/pkcs11-helper-1.29.0/lib/pkcs11h-data.c --- old/pkcs11-helper-1.28.0/lib/pkcs11h-data.c 2021-09-28 00:25:58.000000000 +0200 +++ new/pkcs11-helper-1.29.0/lib/pkcs11h-data.c 2022-04-07 19:01:01.000000000 +0200 @@ -216,6 +216,11 @@ goto retry; } + if (attrs[0].ulValueLen == CK_UNAVAILABLE_INFORMATION) { + rv = CKR_ATTRIBUTE_TYPE_INVALID; + goto cleanup; + } + op_succeed = TRUE; rv = CKR_OK; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pkcs11-helper-1.28.0/lib/pkcs11h-openssl.c new/pkcs11-helper-1.29.0/lib/pkcs11h-openssl.c --- old/pkcs11-helper-1.28.0/lib/pkcs11h-openssl.c 2021-09-26 19:24:35.000000000 +0200 +++ new/pkcs11-helper-1.29.0/lib/pkcs11h-openssl.c 2022-04-07 19:01:01.000000000 +0200 @@ -653,6 +653,10 @@ #if OPENSSL_VERSION_NUMBER < 0x10100001L rsa->flags |= RSA_FLAG_SIGN_VER; #endif + if (EVP_PKEY_set1_RSA (evp, rsa) != 1) { + _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot set RSA key"); + goto cleanup; + } #ifdef BROKEN_OPENSSL_ENGINE if (!rsa->engine) { @@ -849,6 +853,11 @@ DSA_set_method (dsa, __openssl_methods.dsa); DSA_set_ex_data (dsa, __openssl_methods.dsa_index, openssl_session); + if (EVP_PKEY_set1_DSA (evp, dsa) != 1) { + _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot set DSA key"); + goto cleanup; + } + ret = TRUE; cleanup: @@ -1047,6 +1056,11 @@ EC_KEY_set_method (ec, __openssl_methods.eckey); EC_KEY_set_ex_data (ec, __openssl_methods.eckey_index, openssl_session); + if (EVP_PKEY_set1_EC_KEY (evp, ec) != 1) { + _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot set EC key"); + goto cleanup; + } + ret = TRUE; cleanup: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pkcs11-helper-1.28.0/lib/pkcs11h-session.c new/pkcs11-helper-1.29.0/lib/pkcs11h-session.c --- old/pkcs11-helper-1.28.0/lib/pkcs11h-session.c 2021-12-31 19:33:35.000000000 +0100 +++ new/pkcs11-helper-1.29.0/lib/pkcs11h-session.c 2022-04-07 19:01:01.000000000 +0200 @@ -173,13 +173,13 @@ count )) != CKR_OK ) { - goto cleanup; + if (rv != CKR_ATTRIBUTE_SENSITIVE && rv != CKR_ATTRIBUTE_TYPE_INVALID) { + goto cleanup; + } } for (i=0;i<count;i++) { - if (attrs[i].ulValueLen == (CK_ULONG)-1) { - rv = CKR_ATTRIBUTE_VALUE_INVALID; - goto cleanup; + if (attrs[i].ulValueLen == CK_UNAVAILABLE_INFORMATION) { } else if (attrs[i].ulValueLen == 0) { attrs[i].pValue = NULL; @@ -204,9 +204,13 @@ count )) != CKR_OK ) { - goto cleanup; + if (rv != CKR_ATTRIBUTE_SENSITIVE && rv != CKR_ATTRIBUTE_TYPE_INVALID) { + goto cleanup; + } } + rv = CKR_OK; + cleanup: _PKCS11H_DEBUG ( @@ -1058,7 +1062,7 @@ _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Calling pin_prompt hook for '%s'", - compact_token_id->display + label == NULL ? session->token_id->display : compact_token_id->display ); prompt_ret = _g_pkcs11h_data->hooks.pin_prompt ( _g_pkcs11h_data->hooks.pin_prompt_data, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pkcs11-helper-1.28.0/lib/versioninfo.rc new/pkcs11-helper-1.29.0/lib/versioninfo.rc --- old/pkcs11-helper-1.28.0/lib/versioninfo.rc 2021-12-31 20:17:53.000000000 +0100 +++ new/pkcs11-helper-1.29.0/lib/versioninfo.rc 2022-04-21 09:07:25.000000000 +0200 @@ -2,7 +2,7 @@ VS_VERSION_INFO VERSIONINFO FILEVERSION 1,0,0,0 - PRODUCTVERSION 1,28,0,0 + PRODUCTVERSION 1,29,0,0 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x21L @@ -27,8 +27,8 @@ VALUE "OriginalFilename", "pkcs11-helper-1.dll\0" VALUE "PrivateBuild", "\0" VALUE "ProductName", "pkcs11-helper\0" - VALUE "ProductVersion", "1,28,0,0\0" - VALUE "SpecialBuild", " key_prompt openssl engine_crypto_openssl engine_crypto_nss debug threading token data certificate slotevent engine_crypto \0" + VALUE "ProductVersion", "1,29,0,0\0" + VALUE "SpecialBuild", " key_prompt openssl engine_crypto_openssl engine_crypto_nss engine_crypto_mbedtls debug threading token data certificate slotevent engine_crypto \0" END END END
