Hello community,
here is the log from the commit of package openCryptoki for openSUSE:Factory
checked in at 2019-12-03 12:42:46
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openCryptoki (Old)
and /work/SRC/openSUSE:Factory/.openCryptoki.new.4691 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openCryptoki"
Tue Dec 3 12:42:46 2019 rev:54 rq:753057 version:3.12.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/openCryptoki/openCryptoki.changes
2019-11-12 11:58:19.583528986 +0100
+++ /work/SRC/openSUSE:Factory/.openCryptoki.new.4691/openCryptoki.changes
2019-12-03 12:43:10.554119560 +0100
@@ -1,0 +2,6 @@
+Mon Dec 2 21:29:35 UTC 2019 - Mark Post <mp...@suse.com>
+
+- Upgraded to version 3.12.1 (bsc#1157863)
+ * Fix pkcsep11_migrate tool
+
+-------------------------------------------------------------------
Old:
----
openCryptoki-3.12.0.tar.gz
New:
----
openCryptoki-3.12.1.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openCryptoki.spec ++++++
--- /var/tmp/diff_new_pack.VDTsiU/_old 2019-12-03 12:43:11.110119406 +0100
+++ /var/tmp/diff_new_pack.VDTsiU/_new 2019-12-03 12:43:11.114119405 +0100
@@ -26,7 +26,7 @@
%define oc_cvs_tag opencryptoki
Name: openCryptoki
-Version: 3.12.0
+Version: 3.12.1
Release: 0
Summary: An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM
Cryptographic Hardware
License: CPL-1.0
++++++ openCryptoki-3.12.0.tar.gz -> openCryptoki-3.12.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/opencryptoki-3.12.0/.travis.yml
new/opencryptoki-3.12.1/.travis.yml
--- old/opencryptoki-3.12.0/.travis.yml 2019-11-11 15:41:42.000000000 +0100
+++ new/opencryptoki-3.12.1/.travis.yml 2019-11-22 13:22:15.000000000 +0100
@@ -1,11 +1,15 @@
sudo: required
-dist: xenial
+dist: bionic
language: c
before_install:
- sudo apt-get -qq update
- - sudo apt-get install -y expect trousers libldap2-dev libtspi-dev
+ - sudo apt-get install -y expect trousers libldap2-dev libtspi-dev wget
+ - sudo wget
https://launchpad.net/ubuntu/+archive/primary/+files/libica3_3.4.0-0ubuntu1_s390x.deb
+ - sudo wget
https://launchpad.net/ubuntu/+archive/primary/+files/libica-dev_3.4.0-0ubuntu1_s390x.deb
+ - sudo dpkg -i libica3_3.4.0-0ubuntu1_s390x.deb || true # icatok needs
libica >= 3.3
+ - sudo dpkg -i libica-dev_3.4.0-0ubuntu1_s390x.deb || true # but install
otherwise fails for non-s390x
matrix:
include:
@@ -13,19 +17,39 @@
- name: "linux-x86-clang-locks"
os: linux
compiler: clang
- env: CONFIG_OPTS="--enable-icsftok --enable-ccatok --enable-tpmtok
--enable-testcases --enable-locks" CFLAGS="-O3 -Wextra -std=c99 -pedantic
-Werror -DDEBUG"
+ env: CONFIG_OPTS="--enable-swtok --enable-icsftok --enable-ccatok
--enable-tpmtok --enable-testcases --enable-locks" CFLAGS="-O3 -Wextra -std=c99
-pedantic -Werror -DDEBUG"
- name: "linux-x86-gcc-tm"
os: linux
compiler: gcc
- env: CONFIG_OPTS="--enable-icsftok --enable-ccatok --enable-tpmtok
--enable-testcases" CFLAGS="-O3 -Wno-clobbered -Wextra -std=c99 -pedantic
-Werror"
+ env: CONFIG_OPTS="--enable-swtok --enable-icsftok --enable-ccatok
--enable-tpmtok --enable-testcases" CFLAGS="-O3 -Wno-clobbered -Wextra -std=c99
-pedantic -Werror"
- name: "linux-ppc64le-clang-locks"
os: linux-ppc64le
compiler: clang
- env: CONFIG_OPTS="--enable-icsftok --enable-ccatok --enable-tpmtok
--enable-testcases --enable-locks" CFLAGS="-O3 -Wextra -std=c99 -pedantic
-Werror"
+ env: CONFIG_OPTS="--enable-swtok --enable-icsftok --enable-ccatok
--enable-tpmtok --enable-testcases --enable-locks" CFLAGS="-O3 -Wextra -std=c99
-pedantic -Werror"
- name: "linux-ppc64le-gcc-tm"
os: linux-ppc64le
compiler: gcc
- env: CONFIG_OPTS="--enable-icsftok --enable-ccatok --enable-tpmtok
--enable-testcases" CFLAGS="-O3 -Wextra -Wno-clobbered -std=c99 -pedantic
-Werror -DDEBUG"
+ env: CONFIG_OPTS="--enable-swttok --enable-icsftok --enable-ccatok
--enable-tpmtok --enable-testcases" CFLAGS="-O3 -Wextra -Wno-clobbered -std=c99
-pedantic -Werror -DDEBUG"
+ - name: "linux-s390x-clang-locks"
+ os: linux
+ arch: s390x
+ compiler: clang
+ env: CONFIG_OPTS="--enable-swttok --enable-icsftok --enable-ccatok
--enable-tpmtok --enable-icatok --enable-ep11tok --enable-testcases
--enable-locks" CFLAGS="-O3 -Wextra -std=c99 -pedantic -Werror -DDEBUG"
+ - name: "linux-s390x-gcc-tm"
+ os: linux
+ arch: s390x
+ compiler: gcc
+ env: CONFIG_OPTS="--enable-swttok --enable-icsftok --enable-ccatok
--enable-tpmtok --enable-icatok --enable-ep11tok --enable-testcases"
CFLAGS="-O3 -Wextra -Wno-clobbered -std=c99 -pedantic -Werror"
+ - name: "linux-arm64-clang-locks"
+ os: linux
+ arch: arm64
+ compiler: clang
+ env: CONFIG_OPTS="--enable-swttok --enable-icsftok --enable-ccatok
--enable-tpmtok --enable-testcases --enable-locks" CFLAGS="-O3 -Wextra -std=c99
-pedantic -Werror"
+ - name: "linux-arm64-gcc-tm"
+ os: linux
+ arch: arm64
+ compiler: gcc
+ env: CONFIG_OPTS="--enable-swttok --enable-icsftok --enable-ccatok
--enable-tpmtok --enable-testcases" CFLAGS="-O3 -Wextra -Wno-clobbered -std=c99
-pedantic -Werror -DDEBUG"
before_script:
- sudo groupadd pkcs11
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/opencryptoki-3.12.0/ChangeLog
new/opencryptoki-3.12.1/ChangeLog
--- old/opencryptoki-3.12.0/ChangeLog 2019-11-11 15:41:42.000000000 +0100
+++ new/opencryptoki-3.12.1/ChangeLog 2019-11-22 13:22:15.000000000 +0100
@@ -1,3 +1,6 @@
++ openCryptoki 3.12.1
+- Fix pkcsep11_migrate tool
+
+ openCryptoki 3.12.0
- Update token pin and data store encryption for soft,ica,cca and ep11
- EP11: Allow importing of compressed EC public keys
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/opencryptoki-3.12.0/README.md
new/opencryptoki-3.12.1/README.md
--- old/opencryptoki-3.12.0/README.md 2019-11-11 15:41:42.000000000 +0100
+++ new/opencryptoki-3.12.1/README.md 2019-11-22 13:22:15.000000000 +0100
@@ -3,13 +3,13 @@
# openCryptoki
-Package version 3.12.0
+Package version 3.12.1
Please see [ChangeLog](ChangeLog) for release specific information.
## OVERVIEW
-openCryptoki version 3.12.0 implements the PKCS#11 specification version 2.20.
+openCryptoki version 3.12.1 implements the PKCS#11 specification version 2.20.
This package includes several cryptographic tokens:
CCA, ICA, TPM , SWToken, ICSF and EP11.
@@ -19,7 +19,7 @@
## REQUIREMENTS:
-- IBM ICA - requires libica library version 2.3.0 or higher for accessing ICA
+- IBM ICA - requires libica library version 3.3.0 or higher for accessing ICA
hardware crypto on IBM zSeries.
- IBM CCA - requires IBM XCrypto CEX3C card (or higher) and the CEX3C host
@@ -27,7 +27,7 @@
- TPM - requires a TPM, TPM tools, and TCG software stack.
-- SWToken - The software token uses OpenSSL version 0.9.7 or higher.
+- SWToken - The software token uses OpenSSL version 1.0.2 or higher.
- ICSF - The Integrated Cryptographic Service Facility (ICSF) token requires
openldap and openldap client software version 2.4.23 or higher. Lex and Yacc
are
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/opencryptoki-3.12.0/configure.ac
new/opencryptoki-3.12.1/configure.ac
--- old/opencryptoki-3.12.0/configure.ac 2019-11-11 15:41:42.000000000
+0100
+++ new/opencryptoki-3.12.1/configure.ac 2019-11-22 13:22:15.000000000
+0100
@@ -1,6 +1,6 @@
dnl Process this file with autoconf to produce a configure script.
AC_PREREQ([2.69])
-AC_INIT([openCryptoki],[3.12.0],[opencryptoki-t...@lists.sourceforge.net],[],[https://github.com/opencryptoki/opencryptoki])
+AC_INIT([openCryptoki],[3.12.1],[opencryptoki-t...@lists.sourceforge.net],[],[https://github.com/opencryptoki/opencryptoki])
AC_CONFIG_SRCDIR([testcases/common/common.c])
dnl Needed for $target!
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/opencryptoki-3.12.0/rpm/opencryptoki.spec
new/opencryptoki-3.12.1/rpm/opencryptoki.spec
--- old/opencryptoki-3.12.0/rpm/opencryptoki.spec 2019-11-11
15:41:42.000000000 +0100
+++ new/opencryptoki-3.12.1/rpm/opencryptoki.spec 2019-11-22
13:22:15.000000000 +0100
@@ -2,7 +2,7 @@
Name: opencryptoki
Summary: Implementation of the PKCS#11 (Cryptoki) specification
v2.20
-Version: 3.12.0
+Version: 3.12.1
Release: 1%{?dist}
License: CPL
Group: System Environment/Base
@@ -18,7 +18,7 @@
BuildRequires: systemd
BuildRequires: libitm-devel
%ifarch s390 s390x
-BuildRequires: libica-devel >= 2.3
+BuildRequires: libica-devel >= 3.3
%endif
Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release}
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
@@ -320,6 +320,8 @@
%changelog
+* Fri Nov 15 2019 Patrick Steuer <patrick.ste...@de.ibm.com> 3.12.0
+- Update build time requirements
* Thu Oct 26 2017 Eduardo Barretto <ebarre...@linux.vnet.ibm.com> 3.8.0
- Update URL and source
- Remove unnecessary steps from spec file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/opencryptoki-3.12.0/testcases/crypto/aes_func.c
new/opencryptoki-3.12.1/testcases/crypto/aes_func.c
--- old/opencryptoki-3.12.0/testcases/crypto/aes_func.c 2019-11-11
15:41:42.000000000 +0100
+++ new/opencryptoki-3.12.1/testcases/crypto/aes_func.c 2019-11-22
13:22:15.000000000 +0100
@@ -1277,6 +1277,14 @@
(unsigned int) tsuite->mech.mechanism);
goto testcase_cleanup;
}
+ if (!mech_supported(slot_id, CKM_RSA_PKCS)) {
+ testsuite_skip(3,
+ "Slot %u doesn't support %s (%u)",
+ (unsigned int) slot_id,
+ mech_to_str(CKM_RSA_PKCS),
+ (unsigned int) CKM_RSA_PKCS);
+ goto testcase_cleanup;
+ }
for (i = 0; i < 3; i++) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/opencryptoki-3.12.0/usr/lib/ep11_stdll/ep11_specific.c
new/opencryptoki-3.12.1/usr/lib/ep11_stdll/ep11_specific.c
--- old/opencryptoki-3.12.0/usr/lib/ep11_stdll/ep11_specific.c 2019-11-11
15:41:42.000000000 +0100
+++ new/opencryptoki-3.12.1/usr/lib/ep11_stdll/ep11_specific.c 2019-11-22
13:22:15.000000000 +0100
@@ -465,7 +465,7 @@
/* mechanisms provided by this token will be generated from the underlaying
* crypto adapter. Anyway to be conform to the generic mech_list handling
* we need to define these dummies */
-MECH_LIST_ELEMENT mech_list[] = {{0}};
+MECH_LIST_ELEMENT mech_list[] = {{0, {0, 0, 0}}};
CK_ULONG mech_list_len = 0;
@@ -8175,7 +8175,7 @@
return rc;
}
lib_version->major = (host_version & 0x00FF0000) >> 16;
- lib_version->minor = host_version & 0x000000FF0000;
+ lib_version->minor = host_version & 0x000000FF;
/*
* EP11 host library < v2.0 returns an invalid version (i.e. 0x100). This
* can safely be treated as version 1.0
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/opencryptoki-3.12.0/usr/sbin/pkcsep11_migrate/ep11adm.h
new/opencryptoki-3.12.1/usr/sbin/pkcsep11_migrate/ep11adm.h
--- old/opencryptoki-3.12.0/usr/sbin/pkcsep11_migrate/ep11adm.h 2019-11-11
15:41:42.000000000 +0100
+++ new/opencryptoki-3.12.1/usr/sbin/pkcsep11_migrate/ep11adm.h 2019-11-22
13:22:15.000000000 +0100
@@ -22,24 +22,24 @@
// these numbers apply to current version, subject to change
//
-#if !defined(EP11_SERIALNR_CHARS)
-#define EP11_SERIALNR_CHARS 8
+#if !defined(XCP_SERIALNR_CHARS)
+#define XCP_SERIALNR_CHARS 8
#endif
-#if !defined(EP11_KEYCSUM_BYTES)
-#define EP11_KEYCSUM_BYTES (256/8) /* full size of verific. pattern */
+#if !defined(XCP_KEYCSUM_BYTES)
+#define XCP_KEYCSUM_BYTES (256/8) /* full size of verific. pattern */
#endif
-#if !defined(EP11_ADMCTR_BYTES)
-#define EP11_ADMCTR_BYTES (128/8) /* admin transaction ctrs */
+#if !defined(XCP_ADMCTR_BYTES)
+#define XCP_ADMCTR_BYTES (128/8) /* admin transaction ctrs */
#endif
-#if !defined(EP11_ADM_REENCRYPT)
-#define EP11_ADM_REENCRYPT 25 /* transform blobs to next WK */
+#if !defined(XCP_ADM_REENCRYPT)
+#define XCP_ADM_REENCRYPT 25 /* transform blobs to next WK */
#endif
-#if !defined(CK_IBM_EP11Q_DOMAIN)
-#define CK_IBM_EP11Q_DOMAIN 3 /* list domain's WK hashes */
+#if !defined(CK_IBM_XCPQ_DOMAIN)
+#define CK_IBM_XCPQ_DOMAIN 3 /* list domain's WK hashes */
#endif
#if !defined(CK_IBM_DOM_COMMITTED_NWK)
@@ -47,17 +47,17 @@
#endif
-typedef struct ep11_admresp {
+typedef struct XCPadmresp {
uint32_t fn;
uint32_t domain;
uint32_t domainInst;
/* module ID || module instance */
- unsigned char module[EP11_SERIALNR_CHARS + EP11_SERIALNR_CHARS];
- unsigned char modNr[EP11_SERIALNR_CHARS];
- unsigned char modInst[EP11_SERIALNR_CHARS];
+ unsigned char module[XCP_SERIALNR_CHARS + XCP_SERIALNR_CHARS];
+ unsigned char modNr[XCP_SERIALNR_CHARS];
+ unsigned char modInst[XCP_SERIALNR_CHARS];
- unsigned char tctr[EP11_ADMCTR_BYTES]; /* transaction counter */
+ unsigned char tctr[XCP_ADMCTR_BYTES]; /* transaction counter */
CK_RV rv;
uint32_t reason;
@@ -67,14 +67,14 @@
//
const unsigned char *payload;
size_t pllen;
-} *ep11_admresp_t;
+} *XCPadmresp_t;
#if !defined(__XCP_H__)
typedef struct CK_IBM_DOMAIN_INFO {
CK_ULONG domain;
- CK_BYTE wk[EP11_KEYCSUM_BYTES];
- CK_BYTE nextwk[EP11_KEYCSUM_BYTES];
+ CK_BYTE wk[XCP_KEYCSUM_BYTES];
+ CK_BYTE nextwk[XCP_KEYCSUM_BYTES];
CK_ULONG flags;
CK_BYTE mode[8];
} CK_IBM_DOMAIN_INFO;
@@ -82,30 +82,30 @@
/*----------------------------------------------------------------------
- * build a command block to (blk,blen), querying 'fn'
- * (payload,plen) copied to query block if non-NULL
+ * build a query block to (blk,blen), querying 'fn'
+ * (payload,plen) copied to query block if non-NULL
*
- * returns written bytecount; size query if blk is NULL
- * *minf used for module ID and transaction counter
- * ignored for commands where those fields are ignored
+ * returns written bytecount; size query if blk is NULL
+ *
+ * *minf used for module ID and transaction counter
+ * ignored for commands where those fields are ignored
*/
-long ep11a_cmdblock(unsigned char *blk,
- size_t blen,
- unsigned int fn,
- const struct ep11_admresp *minf,
- const unsigned char *tctr, /* EP11_ADMCTR_BYTES */
- const unsigned char *payload, size_t plen);
+long xcpa_cmdblock(unsigned char *blk,
+ size_t blen,
+ unsigned int fn,
+ const struct XCPadmresp *minf,
+ const unsigned char *tctr, /* XCP_ADMCTR_BYTES */
+ const unsigned char *payload, size_t plen) ;
/*----------------------------------------------------------------------
- * returns <0 if response is malformed, or contents invalid
+ * returns <0 if response is malformed, or contents invalid
*
- * parse embedded return value from response, writes to *rv if non-NULL
- * (outside envelope always reports CKR_OK, unless infrastructure
- * failed)
+ * parse embedded return value from response, writes to *rv if non-NULL
+ * (outside envelope always reports CKR_OK, unless infrastructure failed)
*/
-long ep11a_internal_rv(const unsigned char *rsp, size_t rlen,
- struct ep11_admresp *rspblk, CK_RV *rv);
+long xcpa_internal_rv(const unsigned char *rsp, size_t rlen,
+ struct XCPadmresp *rspblk, CK_RV *rv) ;
/*----------------------------------------------------------------------
@@ -116,9 +116,9 @@
* list therefore, infbytes is ignored by other types (we still check
* if present)
*/
-CK_RV m_get_ep11_info(CK_VOID_PTR pinfo, CK_ULONG_PTR infbytes,
- unsigned int query,
- unsigned int subquery, uint64_t target);
+CK_RV m_get_xcp_info (CK_VOID_PTR pinfo, CK_ULONG_PTR infbytes,
+ unsigned int query,
+ unsigned int subquery, target_t target) ;
#endif /* !defined(__EP11ADM_H__) */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/opencryptoki-3.12.0/usr/sbin/pkcsep11_migrate/pkcsep11_migrate.c
new/opencryptoki-3.12.1/usr/sbin/pkcsep11_migrate/pkcsep11_migrate.c
--- old/opencryptoki-3.12.0/usr/sbin/pkcsep11_migrate/pkcsep11_migrate.c
2019-11-11 15:41:42.000000000 +0100
+++ new/opencryptoki-3.12.1/usr/sbin/pkcsep11_migrate/pkcsep11_migrate.c
2019-11-22 13:22:15.000000000 +0100
@@ -41,32 +41,29 @@
CK_LONG domain = -1;
CK_OBJECT_HANDLE key_store[4096];
-typedef int (*m_get_ep11_info_t) (CK_VOID_PTR, CK_ULONG_PTR,
- unsigned int, unsigned int, target_t);
typedef unsigned long int (*m_admin_t) (unsigned char *, size_t *,
unsigned char *,
size_t *, const unsigned char *,
size_t, const unsigned char *,
size_t, target_t);
-typedef long (*ep11a_cmdblock_t) (unsigned char *, size_t, unsigned int,
- const struct ep11_admresp *,
- const unsigned char *,
- const unsigned char *, size_t);
-typedef long (*ep11a_internal_rv_t) (const unsigned char *, size_t,
- struct ep11_admresp *, CK_RV *);
+typedef long (*xcpa_cmdblock_t) (unsigned char *, size_t, unsigned int,
+ const struct XCPadmresp *,
+ const unsigned char *,
+ const unsigned char *, size_t);
+typedef long (*xcpa_internal_rv_t) (const unsigned char *, size_t,
+ struct XCPadmresp *, CK_RV *);
typedef int (*m_add_module_t) (XCP_Module_t, target_t *);
typedef int (*m_rm_module_t) (XCP_Module_t, target_t);
typedef CK_RV (*m_get_xcp_info_t)(CK_VOID_PTR pinfo, CK_ULONG_PTR infbytes,
unsigned int query, unsigned int subquery,
target_t target);
-m_get_ep11_info_t _m_get_ep11_info;
+m_get_xcp_info_t _m_get_xcp_info;
m_admin_t _m_admin;
-ep11a_cmdblock_t _ep11a_cmdblock;
-ep11a_internal_rv_t _ep11a_internal_rv;
+xcpa_cmdblock_t _xcpa_cmdblock;
+xcpa_internal_rv_t _xcpa_internal_rv;
m_add_module_t _m_add_module;
m_rm_module_t _m_rm_module;
-m_get_xcp_info_t dll_m_get_xcp_info;
CK_VERSION lib_version;
@@ -79,34 +76,29 @@
} __attribute__ ((packed)) ep11_target_t;
-#define blobsize 2048*4
+#define BLOBSIZE 2048*4
+
-typedef struct {
- size_t blob_size;
- size_t blob_id;
- unsigned char blob[blobsize];
-} ep11_opaque;
-static int reencrypt(CK_SESSION_HANDLE session, CK_ULONG obj, CK_BYTE *old)
+static int reencrypt(CK_SESSION_HANDLE session, CK_ULONG obj, CK_BYTE *old,
+ CK_ULONG old_len)
{
- CK_BYTE req[blobsize];
- CK_BYTE resp[blobsize];
+ CK_BYTE req[BLOBSIZE];
+ CK_BYTE resp[BLOBSIZE];
CK_LONG req_len;
size_t resp_len;
- struct ep11_admresp rb;
- struct ep11_admresp lrb;
+ struct XCPadmresp rb;
+ struct XCPadmresp lrb;
ep11_target_t target_list;
struct XCP_Module module;
target_t target = XCP_TGT_INIT;
CK_RV rc;
CK_BYTE name[256];
-
- ep11_opaque *op_old = (ep11_opaque *) old;
- ep11_opaque op_new;
-
+ unsigned char blob[BLOBSIZE];
+ CK_ULONG blob_len;
CK_ATTRIBUTE opaque_template[] = {
- {CKA_IBM_OPAQUE, &op_new, sizeof(op_new)}
+ { CKA_IBM_OPAQUE, blob, BLOBSIZE }
};
CK_ATTRIBUTE name_template[] = {
@@ -127,7 +119,6 @@
memset(&rb, 0, sizeof(rb));
memset(&lrb, 0, sizeof(lrb));
- memset(&target, 0, sizeof(target));
if (_m_add_module != NULL) {
memset(&module, 0, sizeof(module));
@@ -151,12 +142,12 @@
rb.domain = domain;
lrb.domain = domain;
- fprintf(stderr, "going to reencrpyt key %lx with blob len %lx %s\n", obj,
- op_old->blob_size, name);
- resp_len = blobsize;
+ fprintf(stderr, "going to reencrpyt key %lx with blob len %lx: '%s'\n",
obj,
+ old_len, name);
+ resp_len = BLOBSIZE;
- req_len = _ep11a_cmdblock(req, blobsize, EP11_ADM_REENCRYPT, &rb,
- NULL, op_old->blob, op_old->blob_size);
+ req_len = _xcpa_cmdblock(req, BLOBSIZE, XCP_ADM_REENCRYPT, &rb,
+ NULL, old, old_len);
if (req_len < 0) {
fprintf(stderr, "reencrypt cmd block construction failed\n");
@@ -168,40 +159,46 @@
target);
if (rc != CKR_OK || resp_len == 0) {
- fprintf(stderr, "reencryption failed %lx %ld\n", rc, req_len);
+ fprintf(stderr, "reencryption failed: %lx %ld\n", rc, req_len);
rc = -3;
goto out;
}
- if (_ep11a_internal_rv(resp, resp_len, &lrb, &rc) < 0) {
- fprintf(stderr, "reencryption response malformed %lx\n", rc);
+ if (_xcpa_internal_rv(resp, resp_len, &lrb, &rc) < 0) {
+ fprintf(stderr, "reencryption response malformed: %lx\n", rc);
rc = -4;
goto out;
}
- if (op_old->blob_size != lrb.pllen) {
- fprintf(stderr, "reencryption blob size changed %lx %lx %lx %lx\n",
- op_old->blob_size, lrb.pllen, resp_len, req_len);
+ if (rc != 0) {
+ fprintf(stderr, "reencryption failed: %lx\n", rc);
+ rc = -7;
+ goto out;
+ }
+
+ if (old_len != lrb.pllen) {
+ fprintf(stderr, "reencryption blob size changed: %lx %lx %lx %lx\n",
+ old_len, lrb.pllen, resp_len, req_len);
rc = -5;
goto out;
}
- memset(&op_new, 0, sizeof(op_new));
- op_new.blob_id = op_old->blob_id;
- op_new.blob_size = op_old->blob_size;
- memcpy(op_new.blob, lrb.payload, op_new.blob_size);
+ memset(blob, 0, sizeof(blob));
+ blob_len = old_len;
+ memcpy(blob, lrb.payload, blob_len);
+ opaque_template[0].ulValueLen = blob_len;
rc = funcs->C_SetAttributeValue(session, key_store[obj], opaque_template,
1);
if (rc != CKR_OK) {
fprintf(stderr,
- "reencryption C_SetAttributeValue failed obj %lx %s rc %lx\n",
+ "reencryption C_SetAttributeValue failed: obj %lx '%s' rc:
%lx\n",
obj, name, rc);
rc = -6;
goto out;
}
- fprintf(stderr, "reencryption success obj %lx %s\n", obj, name);
+ fprintf(stderr, "reencryption success obj: %lx '%s:\n", obj, name);
out:
if (_m_rm_module != NULL)
@@ -215,10 +212,10 @@
CK_ULONG version_len = sizeof(host_version);
CK_RV rc;
- rc = dll_m_get_xcp_info(&host_version, &version_len,
- CK_IBM_XCPHQ_VERSION, 0, 0);
+ rc = _m_get_xcp_info(&host_version, &version_len,
+ CK_IBM_XCPHQ_VERSION, 0, 0);
if (rc != CKR_OK) {
- fprintf(stderr, "dll_m_get_xcp_info (HOST) failed: rc=0x%lx\n", rc);
+ fprintf(stderr, "_m_get_xcp_info (HOST) failed: rc=0x%lx\n", rc);
return rc;
}
lib_version->major = (host_version & 0x00FF0000) >> 16;
@@ -269,11 +266,11 @@
target = (target_t)&target_list;
}
- rc = _m_get_ep11_info((CK_VOID_PTR) &dinf, &dinf_len,
- CK_IBM_EP11Q_DOMAIN, 0, target);
+ rc = _m_get_xcp_info((CK_VOID_PTR) &dinf, &dinf_len,
+ CK_IBM_XCPQ_DOMAIN, 0, target);
if (rc != CKR_OK) {
- fprintf(stderr, "m_get_ep11_info rc 0x%lx, valid apapter/domain "
+ fprintf(stderr, "m_get_xcp_info rc 0x%lx, valid apapter/domain "
"0x%02lx/%ld?.\n", rc, adapter, domain);
rc = -1;
goto out;
@@ -549,14 +546,19 @@
if (!lib_ep11)
return CKR_FUNCTION_FAILED;
- *(void **)(&_m_get_ep11_info) = dlsym(lib_ep11, "m_get_ep11_info");
- *(void **)(&_ep11a_cmdblock) = dlsym(lib_ep11, "ep11a_cmdblock");
+ *(void **)(&_xcpa_cmdblock) = dlsym(lib_ep11, "xcpa_cmdblock");
+ if (_xcpa_cmdblock == NULL)
+ *(void **)(&_xcpa_cmdblock) = dlsym(lib_ep11, "ep11a_cmdblock");
*(void **)(&_m_admin) = dlsym(lib_ep11, "m_admin");
- *(void **)(&_ep11a_internal_rv) = dlsym(lib_ep11, "ep11a_internal_rv");
- *(void **)(&dll_m_get_xcp_info) = dlsym(lib_ep11, "m_get_xcp_info");
+ *(void **)(&_xcpa_internal_rv) = dlsym(lib_ep11, "xcpa_internal_rv");
+ if (_xcpa_internal_rv == NULL)
+ *(void **)(&_xcpa_internal_rv) = dlsym(lib_ep11, "ep11a_internal_rv");
+ *(void **)(&_m_get_xcp_info) = dlsym(lib_ep11, "m_get_xcp_info");
+ if (_m_get_xcp_info == NULL)
+ *(void **)(&_m_get_xcp_info) = dlsym(lib_ep11, "m_get_ep11_info");
- if (!_m_get_ep11_info || !_ep11a_cmdblock ||
- !_m_admin || !_ep11a_internal_rv || !dll_m_get_xcp_info) {
+ if (!_m_get_xcp_info || !_xcpa_cmdblock ||
+ !_m_admin || !_xcpa_internal_rv) {
fprintf(stderr, "ERROR getting function pointer from shared lib '%s'",
EP11SHAREDLIB);
return CKR_FUNCTION_FAILED;
@@ -677,7 +679,8 @@
return rc;
} else {
if (reencrypt(session, obj,
- (CK_BYTE *) opaque_template[0].pValue) != 0)
{
+ (CK_BYTE *) opaque_template[0].pValue,
+ opaque_template[0].ulValueLen) != 0) {
/* reencrypt failed */
return -1;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/opencryptoki-3.12.0/usr/sbin/pkcsslotd/lexer.l
new/opencryptoki-3.12.1/usr/sbin/pkcsslotd/lexer.l
--- old/opencryptoki-3.12.0/usr/sbin/pkcsslotd/lexer.l 2019-11-11
15:41:42.000000000 +0100
+++ new/opencryptoki-3.12.1/usr/sbin/pkcsslotd/lexer.l 2019-11-22
13:22:15.000000000 +0100
@@ -13,6 +13,7 @@
#include <stdio.h>
#include <stdlib.h>
+#include <stdint.h>
#include "parser.h"
