From 76307be97a42f5a743e7cf0ef75a87dac0c0106f Mon Sep 17 00:00:00 2001 From: Ingo Franzki Date: Wed, 16 Feb 2022 13:04:24 +0100 Subject: [PATCH 19/34] COMMON: Dilithium key BER encoding/decoding allow different OIDs Signed-off-by: Ingo Franzki --- usr/lib/cca_stdll/cca_stdll.mk | 2 +- usr/lib/common/asn1.c | 143 ++++++++++++++++++++----------- usr/lib/common/globals.c | 8 +- usr/lib/common/h_extern.h | 54 ++++++------ usr/lib/common/key.c | 10 ++- usr/lib/common/key_mgr.c | 13 ++- usr/lib/ep11_stdll/ep11_specific.c | 6 +- usr/lib/ep11_stdll/ep11_stdll.mk | 3 +- usr/lib/ica_s390_stdll/ica_s390_stdll.mk | 2 +- usr/lib/icsf_stdll/icsf_stdll.mk | 2 +- usr/lib/soft_stdll/soft_stdll.mk | 2 +- usr/lib/tpm_stdll/tpm_stdll.mk | 2 +- usr/sbin/pkcscca/pkcscca.mk | 2 +- 13 files changed, 152 insertions(+), 97 deletions(-) diff --git a/usr/lib/cca_stdll/cca_stdll.mk b/usr/lib/cca_stdll/cca_stdll.mk index 9b71085a..5963df59 100644 --- a/usr/lib/cca_stdll/cca_stdll.mk +++ b/usr/lib/cca_stdll/cca_stdll.mk @@ -41,7 +41,7 @@ opencryptoki_stdll_libpkcs11_cca_la_SOURCES = usr/lib/common/asn1.c \ usr/lib/common/utility_common.c usr/lib/common/ec_supported.c \ usr/lib/api/policyhelper.c usr/lib/config/configuration.c \ usr/lib/config/cfgparse.y usr/lib/config/cfglex.l \ - usr/lib/common/mech_openssl.c + usr/lib/common/mech_openssl.c usr/lib/common/pqc_supported.c if ENABLE_LOCKS opencryptoki_stdll_libpkcs11_cca_la_SOURCES += \ diff --git a/usr/lib/common/asn1.c b/usr/lib/common/asn1.c index b3f49c41..884ef489 100644 --- a/usr/lib/common/asn1.c +++ b/usr/lib/common/asn1.c @@ -24,6 +24,7 @@ #include "host_defs.h" #include "h_extern.h" #include "trace.h" +#include "pqc_defs.h" // @@ -3616,7 +3617,7 @@ cleanup: * * SEQUENCE (2 elem) * SEQUENCE (2 elem) - * OBJECT IDENTIFIER 1.3.6.1.4.1.2.267.1.6.5 + * OBJECT IDENTIFIER 1.3.6.1.4.1.2.267.xxx * NULL * BIT STRING (1 elem) * SEQUENCE (2 elem) @@ -3624,20 +3625,26 @@ cleanup: * BIT STRING (13824 bit) = 1728 bytes */ CK_RV ber_encode_IBM_DilithiumPublicKey(CK_BBOOL length_only, - CK_BYTE **data, CK_ULONG *data_len, - CK_ATTRIBUTE *rho, CK_ATTRIBUTE *t1) + CK_BYTE **data, CK_ULONG *data_len, + const CK_BYTE *oid, CK_ULONG oid_len, + CK_ATTRIBUTE *rho, CK_ATTRIBUTE *t1) { CK_BYTE *buf = NULL, *buf2 = NULL, *buf3 = NULL, *buf4 = NULL; - CK_ULONG len = 0, len4, offset, total, total_len; + CK_BYTE *buf5 = NULL, *algid = NULL; + CK_ULONG len = 0, len4, offset, total, total_len, algid_len; CK_RV rc; UNUSED(length_only); offset = 0; rc = 0; - total_len = ber_AlgIdDilithiumLen; + total_len = 0; total = 0; + /* Calculate storage for AlgID sequence */ + rc |= ber_encode_SEQUENCE(TRUE, NULL, &total_len, NULL, + oid_len + ber_NULLLen); + /* Calculate storage for inner sequence */ rc |= ber_encode_INTEGER(TRUE, NULL, &len, NULL, rho->ulValueLen); offset += len; @@ -3709,12 +3716,30 @@ CK_RV ber_encode_IBM_DilithiumPublicKey(CK_BBOOL length_only, /* * SEQUENCE (2 elem) - * OBJECT IDENTIFIER 1.3.6.1.4.1.2.267.1.6.5 + * OBJECT IDENTIFIER 1.3.6.1.4.1.2.267.xxx * NULL <- no parms for this oid */ - total_len = 0; - memcpy(buf3 + total_len, ber_AlgIdDilithium, ber_AlgIdDilithiumLen); - total_len += ber_AlgIdDilithiumLen; + buf5 = (CK_BYTE *) malloc(oid_len + ber_NULLLen); + if (!buf5) { + TRACE_ERROR("%s Memory allocation failed\n", __func__); + rc = CKR_HOST_MEMORY; + goto error; + } + memcpy(buf5, oid, oid_len); + memcpy(buf5 + oid_len, ber_NULL, ber_NULLLen); + + rc = ber_encode_SEQUENCE(FALSE, &algid, &algid_len, buf5, + oid_len + ber_NULLLen); + free(buf5); + if (rc != CKR_OK) { + TRACE_ERROR("%s ber_encode_SEQUENCE failed with rc=0x%lx\n", __func__, rc); + goto error; + } + + total_len = algid_len; + memcpy(buf3, algid, algid_len); + free(algid); + algid = NULL; /* * BIT STRING (1 elem) @@ -3760,16 +3785,15 @@ error: CK_RV ber_decode_IBM_DilithiumPublicKey(CK_BYTE *data, - CK_ULONG data_len, - CK_ATTRIBUTE **rho_attr, - CK_ATTRIBUTE **t1_attr) + CK_ULONG data_len, + CK_ATTRIBUTE **rho_attr, + CK_ATTRIBUTE **t1_attr) { CK_ATTRIBUTE *rho_attr_temp = NULL; CK_ATTRIBUTE *t1_attr_temp = NULL; - CK_BYTE *algid_DilithiumBase = NULL; - CK_BYTE *algid = NULL; - CK_ULONG algid_len; + CK_BYTE *algoid = NULL; + CK_ULONG algoid_len; CK_BYTE *param = NULL; CK_ULONG param_len; CK_BYTE *val = NULL; @@ -3780,26 +3804,20 @@ CK_RV ber_decode_IBM_DilithiumPublicKey(CK_BYTE *data, CK_ULONG rho_len; CK_BYTE *t1; CK_ULONG t1_len; - CK_ULONG field_len, offset, len; + CK_ULONG field_len, offset; CK_RV rc; UNUSED(data_len); // XXX can this parameter be removed ? - rc = ber_decode_SPKI(data, &algid, &algid_len, ¶m, ¶m_len, + rc = ber_decode_SPKI(data, &algoid, &algoid_len, ¶m, ¶m_len, &val, &val_len); if (rc != CKR_OK) { TRACE_DEVEL("ber_decode_SPKI failed\n"); return rc; } - /* Make sure we're dealing with a Dilithium key */ - rc = ber_decode_SEQUENCE((CK_BYTE *)ber_AlgIdDilithium, &algid_DilithiumBase, &len, - &field_len); - if (rc != CKR_OK) { - TRACE_DEVEL("ber_decode_SEQUENCE failed\n"); - return rc; - } - if (memcmp(algid, algid_DilithiumBase, len) != 0) { + if (algoid_len != dilithium_r2_65_len || + memcmp(algoid, dilithium_r2_65, dilithium_r2_65_len) != 0) { TRACE_ERROR("%s\n", ock_err(ERR_FUNCTION_FAILED)); return CKR_FUNCTION_FAILED; } @@ -3879,18 +3897,20 @@ cleanup: * } */ CK_RV ber_encode_IBM_DilithiumPrivateKey(CK_BBOOL length_only, - CK_BYTE **data, - CK_ULONG *data_len, - CK_ATTRIBUTE *rho, - CK_ATTRIBUTE *seed, - CK_ATTRIBUTE *tr, - CK_ATTRIBUTE *s1, - CK_ATTRIBUTE *s2, - CK_ATTRIBUTE *t0, - CK_ATTRIBUTE *t1) + CK_BYTE **data, + CK_ULONG *data_len, + const CK_BYTE *oid, CK_ULONG oid_len, + CK_ATTRIBUTE *rho, + CK_ATTRIBUTE *seed, + CK_ATTRIBUTE *tr, + CK_ATTRIBUTE *s1, + CK_ATTRIBUTE *s2, + CK_ATTRIBUTE *t0, + CK_ATTRIBUTE *t1) { CK_BYTE *buf = NULL, *buf2 = NULL, *buf3 = NULL; - CK_ULONG len, len2 = 0, offset; + CK_BYTE *algid = NULL, *algid_buf = NULL; + CK_ULONG len, len2 = 0, offset, algid_len = 0; CK_BYTE version[] = { 0 }; CK_RV rc; @@ -3898,6 +3918,9 @@ CK_RV ber_encode_IBM_DilithiumPrivateKey(CK_BBOOL length_only, offset = 0; rc = 0; + rc |= ber_encode_SEQUENCE(TRUE, NULL, &algid_len, NULL, + oid_len + ber_NULLLen); + rc |= ber_encode_INTEGER(TRUE, NULL, &len, NULL, sizeof(version)); offset += len; rc |= ber_encode_BIT_STRING(TRUE, NULL, &len, NULL, rho->ulValueLen, 0); @@ -3931,7 +3954,7 @@ CK_RV ber_encode_IBM_DilithiumPrivateKey(CK_BBOOL length_only, } rc = ber_encode_PrivateKeyInfo(TRUE, NULL, data_len, - NULL, ber_AlgIdDilithiumLen, + NULL, algid_len, NULL, len); if (rc != CKR_OK) { TRACE_DEVEL("ber_encode_PrivateKeyInfo failed\n"); @@ -4051,10 +4074,28 @@ CK_RV ber_encode_IBM_DilithiumPrivateKey(CK_BBOOL length_only, TRACE_ERROR("ber_encode_SEQUENCE failed\n"); goto error; } + + algid_buf = (CK_BYTE *) malloc(oid_len + ber_NULLLen); + if (!algid_buf) { + TRACE_ERROR("%s Memory allocation failed\n", __func__); + rc = CKR_HOST_MEMORY; + goto error; + } + memcpy(algid_buf, oid, oid_len); + memcpy(algid_buf + oid_len, ber_NULL, ber_NULLLen); + + rc = ber_encode_SEQUENCE(FALSE, &algid, &algid_len, algid_buf, + oid_len + ber_NULLLen); + free(algid_buf); + if (rc != CKR_OK) { + TRACE_ERROR("%s ber_encode_SEQUENCE failed with rc=0x%lx\n", __func__, rc); + goto error; + } + rc = ber_encode_PrivateKeyInfo(FALSE, data, data_len, - ber_AlgIdDilithium, - ber_AlgIdDilithiumLen, buf2, len); + algid, algid_len, + buf2, len); if (rc != CKR_OK) { TRACE_ERROR("ber_encode_PrivateKeyInfo failed\n"); } @@ -4066,6 +4107,8 @@ error: free(buf2); if (buf) free(buf); + if (algid) + free(algid); return rc; } @@ -4087,19 +4130,19 @@ error: * } */ CK_RV ber_decode_IBM_DilithiumPrivateKey(CK_BYTE *data, - CK_ULONG data_len, - CK_ATTRIBUTE **rho, - CK_ATTRIBUTE **seed, - CK_ATTRIBUTE **tr, - CK_ATTRIBUTE **s1, - CK_ATTRIBUTE **s2, - CK_ATTRIBUTE **t0, - CK_ATTRIBUTE **t1) + CK_ULONG data_len, + CK_ATTRIBUTE **rho, + CK_ATTRIBUTE **seed, + CK_ATTRIBUTE **tr, + CK_ATTRIBUTE **s1, + CK_ATTRIBUTE **s2, + CK_ATTRIBUTE **t0, + CK_ATTRIBUTE **t1) { CK_ATTRIBUTE *rho_attr = NULL, *seed_attr = NULL; CK_ATTRIBUTE *tr_attr = NULL, *s1_attr = NULL, *s2_attr = NULL; CK_ATTRIBUTE *t0_attr = NULL, *t1_attr = NULL; - CK_BYTE *alg = NULL; + CK_BYTE *algoid = NULL; CK_BYTE *dilithium_priv_key = NULL; CK_BYTE *buf = NULL; CK_BYTE *tmp = NULL; @@ -4107,15 +4150,15 @@ CK_RV ber_decode_IBM_DilithiumPrivateKey(CK_BYTE *data, CK_RV rc; /* Check if this is a Dilithium private key */ - rc = ber_decode_PrivateKeyInfo(data, data_len, &alg, &len, + rc = ber_decode_PrivateKeyInfo(data, data_len, &algoid, &len, &dilithium_priv_key); if (rc != CKR_OK) { TRACE_DEVEL("ber_decode_PrivateKeyInfo failed\n"); return rc; } - if (memcmp(alg, ber_AlgIdDilithium, ber_AlgIdDilithiumLen) != 0) { - // probably ought to use a different error + if (len != dilithium_r2_65_len + ber_NULLLen || + memcmp(algoid, dilithium_r2_65, dilithium_r2_65_len) != 0) { TRACE_ERROR("%s\n", ock_err(ERR_FUNCTION_FAILED)); return CKR_FUNCTION_FAILED; } diff --git a/usr/lib/common/globals.c b/usr/lib/common/globals.c index 5b79e785..a7197ec6 100644 --- a/usr/lib/common/globals.c +++ b/usr/lib/common/globals.c @@ -105,11 +105,7 @@ const CK_BYTE ber_AlgIdRSAEncryption[] = { const CK_BYTE der_AlgIdECBase[] = { 0x30, 0x09, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01 }; -const CK_BYTE ber_AlgIdDilithium[] = - { 0x30, 0x0F, 0x06, 0x0B, 0x2B, 0x06, 0x01, - 0x04, 0x01, 0x02, 0x82, 0x0B, 0x01, 0x06, - 0x05, 0x05, 0x00 -}; +const CK_BYTE ber_NULL[] = { 0x05, 0x00 }; // ID Lengths // @@ -135,7 +131,7 @@ const CK_ULONG ber_AlgSha384Len = sizeof(ber_AlgSha384); const CK_ULONG ber_AlgSha512Len = sizeof(ber_AlgSha512); const CK_ULONG ber_AlgIdRSAEncryptionLen = sizeof(ber_AlgIdRSAEncryption); const CK_ULONG der_AlgIdECBaseLen = sizeof(der_AlgIdECBase); -const CK_ULONG ber_AlgIdDilithiumLen = sizeof(ber_AlgIdDilithium); +const CK_ULONG ber_NULLLen = sizeof(ber_NULL); const CK_ULONG des_weak_count = 4; const CK_ULONG des_semi_weak_count = 12; diff --git a/usr/lib/common/h_extern.h b/usr/lib/common/h_extern.h index 340ab88d..41ca12df 100644 --- a/usr/lib/common/h_extern.h +++ b/usr/lib/common/h_extern.h @@ -56,16 +56,14 @@ extern const CK_BYTE ber_rsaEncryption[]; extern const CK_ULONG ber_rsaEncryptionLen; extern const CK_BYTE der_AlgIdECBase[]; extern const CK_ULONG der_AlgIdECBaseLen; -extern const CK_BYTE ber_AlgIdDilithium[]; -extern const CK_ULONG ber_AlgIdDilithiumLen; extern const CK_BYTE ber_idDSA[]; extern const CK_ULONG ber_idDSALen; extern const CK_BYTE ber_idDH[]; extern const CK_ULONG ber_idDHLen; extern const CK_BYTE ber_idEC[]; extern const CK_ULONG ber_idECLen; -extern const CK_BYTE ber_idDilithium[]; -extern const CK_ULONG ber_idDilithiumLen; +extern const CK_BYTE ber_NULL[]; +extern const CK_ULONG ber_NULLLen; #if !(NOMD2) extern const CK_BYTE ber_md2WithRSAEncryption[]; @@ -2742,35 +2740,37 @@ CK_RV ber_decode_ECDHPrivateKey(CK_BYTE *data, CK_ATTRIBUTE **pub_key, CK_ATTRIBUTE **priv_key); -CK_RV ber_encode_IBM_DilithiumPublicKey(CK_BBOOL length_only, CK_BYTE **data, - CK_ULONG *data_len, CK_ATTRIBUTE *rho, - CK_ATTRIBUTE *t1); +CK_RV ber_encode_IBM_DilithiumPublicKey(CK_BBOOL length_only, + CK_BYTE **data, CK_ULONG *data_len, + const CK_BYTE *oid, CK_ULONG oid_len, + CK_ATTRIBUTE *rho, CK_ATTRIBUTE *t1); CK_RV ber_decode_IBM_DilithiumPublicKey(CK_BYTE *data, - CK_ULONG data_len, - CK_ATTRIBUTE **rho_attr, - CK_ATTRIBUTE **t1_attr); + CK_ULONG data_len, + CK_ATTRIBUTE **rho_attr, + CK_ATTRIBUTE **t1_attr); CK_RV ber_encode_IBM_DilithiumPrivateKey(CK_BBOOL length_only, - CK_BYTE **data, - CK_ULONG *data_len, - CK_ATTRIBUTE *rho, - CK_ATTRIBUTE *seed, - CK_ATTRIBUTE *tr, - CK_ATTRIBUTE *s1, - CK_ATTRIBUTE *s2, - CK_ATTRIBUTE *t0, - CK_ATTRIBUTE *t1); + CK_BYTE **data, + CK_ULONG *data_len, + const CK_BYTE *oid, CK_ULONG oid_len, + CK_ATTRIBUTE *rho, + CK_ATTRIBUTE *seed, + CK_ATTRIBUTE *tr, + CK_ATTRIBUTE *s1, + CK_ATTRIBUTE *s2, + CK_ATTRIBUTE *t0, + CK_ATTRIBUTE *t1); CK_RV ber_decode_IBM_DilithiumPrivateKey(CK_BYTE *data, - CK_ULONG data_len, - CK_ATTRIBUTE **rho, - CK_ATTRIBUTE **seed, - CK_ATTRIBUTE **tr, - CK_ATTRIBUTE **s1, - CK_ATTRIBUTE **s2, - CK_ATTRIBUTE **t0, - CK_ATTRIBUTE **t1); + CK_ULONG data_len, + CK_ATTRIBUTE **rho, + CK_ATTRIBUTE **seed, + CK_ATTRIBUTE **tr, + CK_ATTRIBUTE **s1, + CK_ATTRIBUTE **s2, + CK_ATTRIBUTE **t0, + CK_ATTRIBUTE **t1); typedef CK_RV (*t_rsa_encrypt)(STDLL_TokData_t *, CK_BYTE *in_data, CK_ULONG in_data_len, CK_BYTE *out_data, diff --git a/usr/lib/common/key.c b/usr/lib/common/key.c index 6e9a839a..41857b97 100644 --- a/usr/lib/common/key.c +++ b/usr/lib/common/key.c @@ -81,6 +81,7 @@ #include "h_extern.h" #include "attributes.h" #include "trace.h" +#include "pqc_defs.h" #include "tok_spec_struct.h" @@ -2688,7 +2689,10 @@ CK_RV ibm_dilithium_publ_get_spki(TEMPLATE *tmpl, CK_BBOOL length_only, return rc; } - rc = ber_encode_IBM_DilithiumPublicKey(length_only, data,data_len, rho, t1); + rc = ber_encode_IBM_DilithiumPublicKey(length_only, data, data_len, + dilithium_r2_65, + dilithium_r2_65_len, + rho, t1); if (rc != CKR_OK) { TRACE_ERROR("ber_encode_IBM_DilithiumPublicKey failed.\n"); return rc; @@ -2766,7 +2770,9 @@ CK_RV ibm_dilithium_priv_wrap_get_data(TEMPLATE *tmpl, } rc = ber_encode_IBM_DilithiumPrivateKey(length_only, data, data_len, - rho, seed, tr, s1, s2, t0, t1); + dilithium_r2_65, + dilithium_r2_65_len, + rho, seed, tr, s1, s2, t0, t1); if (rc != CKR_OK) { TRACE_DEVEL("ber_encode_IBM_DilithiumPrivateKey failed\n"); } diff --git a/usr/lib/common/key_mgr.c b/usr/lib/common/key_mgr.c index 99f2a72e..01103dc2 100644 --- a/usr/lib/common/key_mgr.c +++ b/usr/lib/common/key_mgr.c @@ -35,6 +35,7 @@ #include "attributes.h" #include "tok_spec_struct.h" #include "trace.h" +#include "pqc_defs.h" #include "../api/policy.h" #include "../api/statistics.h" @@ -1368,7 +1369,7 @@ CK_RV key_mgr_get_private_key_type(CK_BYTE *keydata, { CK_BYTE *alg = NULL; CK_BYTE *priv_key = NULL; - CK_ULONG alg_len; + CK_ULONG alg_len, i; CK_RV rc; rc = ber_decode_PrivateKeyInfo(keydata, keylen, &alg, &alg_len, &priv_key); @@ -1408,10 +1409,14 @@ CK_RV key_mgr_get_private_key_type(CK_BYTE *keydata, return CKR_OK; } } - // Check only the OBJECT IDENTIFIER for DILITHIUM + // Check only the OBJECT IDENTIFIERs for DILITHIUM // - if (alg_len >= ber_idDilithiumLen) { - if (memcmp(alg, ber_idDilithium, ber_idDilithiumLen) == 0) { + for (i = 0; dilithium_oids[i].oid != NULL; i++) { + if (alg_len == dilithium_oids[i].oid_len + ber_NULLLen && + memcmp(alg, dilithium_oids[i].oid, + dilithium_oids[i].oid_len) == 0 && + memcmp(alg + dilithium_oids[i].oid_len, + ber_NULL, ber_NULLLen) == 0) { *keytype = CKK_IBM_PQC_DILITHIUM; return CKR_OK; } diff --git a/usr/lib/ep11_stdll/ep11_specific.c b/usr/lib/ep11_stdll/ep11_specific.c index e3451163..45069ae8 100644 --- a/usr/lib/ep11_stdll/ep11_specific.c +++ b/usr/lib/ep11_stdll/ep11_specific.c @@ -37,6 +37,7 @@ #include "trace.h" #include "ock_syslog.h" #include "ec_defs.h" +#include "pqc_defs.h" #include "p11util.h" #include "events.h" #include "cfgparser.h" @@ -3645,7 +3646,10 @@ static CK_RV import_IBM_Dilithium_key(STDLL_TokData_t *tokdata, SESSION *sess, } /* Encode the public key */ - rc = ber_encode_IBM_DilithiumPublicKey(0, &data, &data_len, rho, t1); + rc = ber_encode_IBM_DilithiumPublicKey(FALSE, &data, &data_len, + dilithium_r2_65, + dilithium_r2_65_len, + rho, t1); if (rc != CKR_OK) { TRACE_ERROR("%s public key import class=0x%lx rc=0x%lx " "data_len=0x%lx\n", __func__, class, rc, data_len); diff --git a/usr/lib/ep11_stdll/ep11_stdll.mk b/usr/lib/ep11_stdll/ep11_stdll.mk index 9a8aa76a..11061f76 100644 --- a/usr/lib/ep11_stdll/ep11_stdll.mk +++ b/usr/lib/ep11_stdll/ep11_stdll.mk @@ -43,7 +43,8 @@ opencryptoki_stdll_libpkcs11_ep11_la_SOURCES = usr/lib/common/asn1.c \ usr/lib/ep11_stdll/ep11_specific.c \ usr/lib/common/utility_common.c usr/lib/common/ec_supported.c \ usr/lib/api/policyhelper.c usr/lib/config/configuration.c \ - usr/lib/config/cfgparse.y usr/lib/config/cfglex.l + usr/lib/config/cfgparse.y usr/lib/config/cfglex.l \ + usr/lib/common/pqc_supported.c if ENABLE_LOCKS opencryptoki_stdll_libpkcs11_ep11_la_SOURCES += \ diff --git a/usr/lib/ica_s390_stdll/ica_s390_stdll.mk b/usr/lib/ica_s390_stdll/ica_s390_stdll.mk index cb9d898f..f89cd343 100644 --- a/usr/lib/ica_s390_stdll/ica_s390_stdll.mk +++ b/usr/lib/ica_s390_stdll/ica_s390_stdll.mk @@ -38,7 +38,7 @@ opencryptoki_stdll_libpkcs11_ica_la_SOURCES = \ usr/lib/ica_s390_stdll/ica_specific.c usr/lib/common/dlist.c \ usr/lib/common/mech_openssl.c \ usr/lib/common/utility_common.c usr/lib/common/ec_supported.c \ - usr/lib/api/policyhelper.c + usr/lib/api/policyhelper.c usr/lib/common/pqc_supported.c if ENABLE_LOCKS opencryptoki_stdll_libpkcs11_ica_la_SOURCES += \ diff --git a/usr/lib/icsf_stdll/icsf_stdll.mk b/usr/lib/icsf_stdll/icsf_stdll.mk index ee83f674..ebf24290 100644 --- a/usr/lib/icsf_stdll/icsf_stdll.mk +++ b/usr/lib/icsf_stdll/icsf_stdll.mk @@ -43,7 +43,7 @@ opencryptoki_stdll_libpkcs11_icsf_la_SOURCES = usr/lib/common/asn1.c \ usr/lib/icsf_stdll/icsf_specific.c \ usr/lib/icsf_stdll/icsf.c usr/lib/common/utility_common.c \ usr/lib/common/ec_supported.c usr/lib/api/policyhelper.c \ - usr/lib/config/configuration.c \ + usr/lib/config/configuration.c usr/lib/common/pqc_supported.c \ usr/lib/config/cfgparse.y usr/lib/config/cfglex.l \ usr/lib/common/mech_openssl.c diff --git a/usr/lib/soft_stdll/soft_stdll.mk b/usr/lib/soft_stdll/soft_stdll.mk index 6cdf82b8..7a842ddc 100644 --- a/usr/lib/soft_stdll/soft_stdll.mk +++ b/usr/lib/soft_stdll/soft_stdll.mk @@ -36,7 +36,7 @@ opencryptoki_stdll_libpkcs11_sw_la_SOURCES = \ usr/lib/soft_stdll/soft_specific.c usr/lib/common/attributes.c \ usr/lib/common/dlist.c usr/lib/common/mech_openssl.c \ usr/lib/common/utility_common.c usr/lib/common/ec_supported.c \ - usr/lib/api/policyhelper.c + usr/lib/api/policyhelper.c usr/lib/common/pqc_supported.c if ENABLE_LOCKS opencryptoki_stdll_libpkcs11_sw_la_SOURCES += \ diff --git a/usr/lib/tpm_stdll/tpm_stdll.mk b/usr/lib/tpm_stdll/tpm_stdll.mk index 54551c1f..7fa18121 100644 --- a/usr/lib/tpm_stdll/tpm_stdll.mk +++ b/usr/lib/tpm_stdll/tpm_stdll.mk @@ -38,7 +38,7 @@ opencryptoki_stdll_libpkcs11_tpm_la_SOURCES = \ usr/lib/tpm_stdll/tpm_openssl.c usr/lib/tpm_stdll/tpm_util.c \ usr/lib/common/dlist.c usr/lib/common/mech_openssl.c \ usr/lib/common/utility_common.c usr/lib/common/ec_supported.c \ - usr/lib/api/policyhelper.c + usr/lib/api/policyhelper.c usr/lib/common/pqc_supported.c if ENABLE_LOCKS opencryptoki_stdll_libpkcs11_tpm_la_SOURCES += \ diff --git a/usr/sbin/pkcscca/pkcscca.mk b/usr/sbin/pkcscca/pkcscca.mk index 187a93f2..59300ef5 100644 --- a/usr/sbin/pkcscca/pkcscca.mk +++ b/usr/sbin/pkcscca/pkcscca.mk @@ -41,7 +41,7 @@ usr_sbin_pkcscca_pkcscca_SOURCES = usr/lib/common/asn1.c \ usr/lib/common/dlist.c usr/sbin/pkcscca/pkcscca.c \ usr/lib/common/utility_common.c usr/lib/common/ec_supported.c \ usr/lib/common/pin_prompt.c usr/lib/common/mech_openssl.c \ - usr/lib/api/policyhelper.c + usr/lib/api/policyhelper.c usr/lib/common/pqc_supported.c nodist_usr_sbin_pkcscca_pkcscca_SOURCES = usr/lib/api/mechtable.c -- 2.16.2.windows.1