diff --git a/SOURCES/opencryptoki-3.2-ep11-token-obj-class.patch b/SOURCES/opencryptoki-3.2-ep11-token-obj-class.patch new file mode 100644 index 0000000..2721d62 --- /dev/null +++ b/SOURCES/opencryptoki-3.2-ep11-token-obj-class.patch @@ -0,0 +1,41 @@ +diff -up opencryptoki/usr/lib/pkcs11/ep11_stdll/ep11_specific.c.ep11 opencryptoki/usr/lib/pkcs11/ep11_stdll/ep11_specific.c +--- opencryptoki/usr/lib/pkcs11/ep11_stdll/ep11_specific.c.ep11 2016-01-28 14:07:08.314440344 +0100 ++++ opencryptoki/usr/lib/pkcs11/ep11_stdll/ep11_specific.c 2016-01-28 14:09:22.195368138 +0100 +@@ -2765,37 +2765,6 @@ CK_RV token_specific_generate_key_pair(S + private_key_obj->name, public_key_obj, private_key_obj); + } + +- /* copy CKA_CLASS, CKA_KEY_TYPE to private template */ +- if (template_attribute_find(public_key_obj->template, CKA_CLASS, &attr)) { +- rc = build_attribute(attr->type, attr->pValue, +- attr->ulValueLen, &n_attr); +- if (rc != CKR_OK) { +- EP11TOK_ELOG(1,"build_attribute failed with rc=0x%lx",rc); +- goto error; +- } +- +- rc = template_update_attribute(private_key_obj->template, n_attr); +- if (rc != CKR_OK) { +- EP11TOK_ELOG(1,"template_update_attribute failed with rc=0x%lx",rc); +- goto error; +- } +- } +- +- if (template_attribute_find(public_key_obj->template, CKA_KEY_TYPE, &attr)) { +- rc = build_attribute(attr->type, attr->pValue, +- attr->ulValueLen, &n_attr); +- if (rc != CKR_OK) { +- EP11TOK_ELOG(1,"build_attribute failed with rc=0x%lx",rc); +- goto error; +- } +- +- rc = template_update_attribute(private_key_obj->template, n_attr); +- if (rc != CKR_OK) { +- EP11TOK_ELOG(1,"template_update_attribute failed with rc=0x%lx",rc); +- goto error; +- } +- } +- + /* Keys should be fully constructed, + * assign object handles and store keys. + */ diff --git a/SPECS/opencryptoki.spec b/SPECS/opencryptoki.spec index 6ac7729..2a4c71b 100644 --- a/SPECS/opencryptoki.spec +++ b/SPECS/opencryptoki.spec @@ -3,7 +3,7 @@ Name: opencryptoki Summary: Implementation of the PKCS#11 (Cryptoki) specification v2.11 Version: 3.2 -Release: 4.1%{?dist} +Release: 5%{?dist} License: CPL Group: System Environment/Base URL: http://sourceforge.net/projects/opencryptoki @@ -17,6 +17,8 @@ Patch1: %{name}-3.2-conditional-manpages.patch Patch2: %{name}-3.2-pkcsep11_migrate-Fixed-parameter-handling-for-pkcsep.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1088512#c18 Patch3: %{name}-3.2-Correctly-declare-OAEP-parameter-in-RSA-Wrap-tests-t.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1263179 +Patch4: %{name}-3.2-ep11-token-obj-class.patch Requires(pre): shadow-utils coreutils sed BuildRequires: openssl-devel BuildRequires: trousers-devel @@ -184,6 +186,7 @@ configured with Enterprise PKCS#11 (EP11) firmware. %patch1 -p1 -b .man %patch2 -p1 -b .pkcsep11_migrate %patch3 -p1 -b .OAEP-in-test +%patch4 -p1 -b .ep11 # Upstream tarball has unnecessary executable perms set on the sources find . -name '*.[ch]' -print0 | xargs -0 chmod -x @@ -348,6 +351,9 @@ exit 0 %changelog +* Thu Jan 28 2016 Jakub Jelen 3.2-5 +- Fix obj class for ep11 token (#1263179) + * Wed Dec 03 2014 Petr Lautrbach 3.2-4.1 - don't check if root is in pkcs11 group