#4 Updated to latest upstream release
Merged 3 years ago by nmav. Opened 3 years ago by simo.
rpms/ simo/softhsm master  into  master

Updated to latest upstream release
Simo Sorce • 3 years ago  
file modified
+1
@@ -16,3 +16,4 @@ 

  /softhsm-2.3.0.tar.gz.sig

  /softhsm-2.4.0.tar.gz

  /softhsm-2.4.0.tar.gz.sig

+ /softhsm-2.5.0.tar.gz

@@ -1,72 +0,0 @@ 

- From 16f994e7944a917fa81c8db11c56c594f4e78b40 Mon Sep 17 00:00:00 2001

- From: Alexander Bokovoy <abokovoy@redhat.com>

- Date: Tue, 31 Jul 2018 14:59:03 +0300

- Subject: [PATCH] Reset mutex callbacks to the default version when finished

- 

- If a PKCS11 API caller provided own mutex handling callbacks,

- we need to ensure they aren't used after C_Finalize is called

- and SoftHSM instance is recycled.

- 

- Inability to do so may lead to a situation where callbacks might

- be provided by a different dynamically loaded object which is removed

- after C_Finalize() call. Thus, callback pointers become invalid and

- calling them leads to crashes.

- 

- Fixes: https://github.com/opendnssec/SoftHSMv2/issues/408

- 

- Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

- ---

-  src/lib/SoftHSM.cpp | 16 ++++++++++++----

-  1 file changed, 12 insertions(+), 4 deletions(-)

- 

- diff --git a/src/lib/SoftHSM.cpp b/src/lib/SoftHSM.cpp

- index ee94d3f..e4cc044 100644

- --- a/src/lib/SoftHSM.cpp

- +++ b/src/lib/SoftHSM.cpp

- @@ -314,6 +314,15 @@ static CK_ATTRIBUTE bsAttribute(CK_ATTRIBUTE_TYPE type, const ByteString &value)

-  /*****************************************************************************

-   Implementation of SoftHSM class specific functions

-   *****************************************************************************/

- +static void resetMutexFactoryCallbacks()

- +{

- +	// Reset MutexFactory callbacks to our versions

- +	MutexFactory::i()->setCreateMutex(OSCreateMutex);

- +	MutexFactory::i()->setDestroyMutex(OSDestroyMutex);

- +	MutexFactory::i()->setLockMutex(OSLockMutex);

- +	MutexFactory::i()->setUnlockMutex(OSUnlockMutex);

- +}

- +

-  

-  // Return the one-and-only instance

-  SoftHSM* SoftHSM::i()

- @@ -342,6 +351,7 @@ SoftHSM::SoftHSM()

-  	slotManager = NULL;

-  	sessionManager = NULL;

-  	handleManager = NULL;

- +	resetMutexFactoryCallbacks();

-  }

-  

-  // Destructor

- @@ -352,6 +362,7 @@ SoftHSM::~SoftHSM()

-  	if (slotManager != NULL) delete slotManager;

-  	if (objectStore != NULL) delete objectStore;

-  	if (sessionObjectStore != NULL) delete sessionObjectStore;

- +	resetMutexFactoryCallbacks();

-  }

-  

-  /*****************************************************************************

- @@ -402,10 +413,7 @@ CK_RV SoftHSM::C_Initialize(CK_VOID_PTR pInitArgs)

-  			if (args->flags & CKF_OS_LOCKING_OK)

-  			{

-  				// Use our own mutex functions.

- -				MutexFactory::i()->setCreateMutex(OSCreateMutex);

- -				MutexFactory::i()->setDestroyMutex(OSDestroyMutex);

- -				MutexFactory::i()->setLockMutex(OSLockMutex);

- -				MutexFactory::i()->setUnlockMutex(OSUnlockMutex);

- +				resetMutexFactoryCallbacks();

-  				MutexFactory::i()->enable();

-  			}

-  			else

- -- 

- 2.17.1

- 

@@ -1,465 +0,0 @@ 

- From e12d04b256f1c856003ae88c5c3bfe07ce332fa7 Mon Sep 17 00:00:00 2001

- From: Nikos Mavrogiannopoulos <nmav@redhat.com>

- Date: Mon, 24 Jul 2017 13:52:59 +0200

- Subject: [PATCH] Added support for CKM_RSA_PKCS_PSS

- 

- This mechanism is the most likely to be used by higher level

- software utilizing RSA-PSS as it is in par with CKM_RSA_PKCS

- and does not require to provide the whole data to be hashed.

- ---

-  src/lib/SoftHSM.cpp                  | 112 +++++++++++++++++++++

-  src/lib/crypto/AsymmetricAlgorithm.h |   1 +

-  src/lib/crypto/OSSLRSA.cpp           | 190 +++++++++++++++++++++++++++++++++++

-  src/lib/test/SignVerifyTests.cpp     |  47 +++++++++

-  src/lib/test/SignVerifyTests.h       |   1 +

-  5 files changed, 351 insertions(+)

- 

- diff --git a/src/lib/SoftHSM.cpp b/src/lib/SoftHSM.cpp

- index ee94d3f7..f2a8f594 100644

- --- a/src/lib/SoftHSM.cpp

- +++ b/src/lib/SoftHSM.cpp

- @@ -640,6 +640,10 @@ CK_RV SoftHSM::C_GetMechanismList(CK_SLOT_ID slotID, CK_MECHANISM_TYPE_PTR pMech

-  #ifdef HAVE_AES_KEY_WRAP_PAD

-  	nrSupportedMechanisms += 1;

-  #endif

- +#ifdef WITH_OPENSSL

- +	nrSupportedMechanisms += 1; // CKM_RSA_PKCS_PSS

- +#endif

- +

-  	CK_MECHANISM_TYPE supportedMechanisms[] =

-  	{

-  #ifndef WITH_FIPS

- @@ -670,6 +674,9 @@ CK_RV SoftHSM::C_GetMechanismList(CK_SLOT_ID slotID, CK_MECHANISM_TYPE_PTR pMech

-  		CKM_SHA256_RSA_PKCS,

-  		CKM_SHA384_RSA_PKCS,

-  		CKM_SHA512_RSA_PKCS,

- +#ifdef WITH_OPENSSL

- +		CKM_RSA_PKCS_PSS,

- +#endif

-  		CKM_SHA1_RSA_PKCS_PSS,

-  		CKM_SHA224_RSA_PKCS_PSS,

-  		CKM_SHA256_RSA_PKCS_PSS,

- @@ -924,6 +931,9 @@ CK_RV SoftHSM::C_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, CK_

-  		case CKM_SHA256_RSA_PKCS:

-  		case CKM_SHA384_RSA_PKCS:

-  		case CKM_SHA512_RSA_PKCS:

- +#ifdef WITH_OPENSSL

- +		case CKM_RSA_PKCS_PSS:

- +#endif

-  		case CKM_SHA1_RSA_PKCS_PSS:

-  		case CKM_SHA224_RSA_PKCS_PSS:

-  		case CKM_SHA256_RSA_PKCS_PSS:

- @@ -3749,6 +3759,58 @@ CK_RV SoftHSM::AsymSignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechan

-  			bAllowMultiPartOp = true;

-  			isRSA = true;

-  			break;

- +		case CKM_RSA_PKCS_PSS:

- +			if (pMechanism->pParameter == NULL_PTR ||

- +			    pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS))

- +			{

- +				ERROR_MSG("Invalid RSA-PSS parameters");

- +				return CKR_ARGUMENTS_BAD;

- +			}

- +			mechanism = AsymMech::RSA_PKCS_PSS;

- +			unsigned long allowedMgf;

- +

- +			switch(CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->hashAlg) {

- +				case CKM_SHA_1:

- +					pssParam.hashAlg = HashAlgo::SHA1;

- +					pssParam.mgf = AsymRSAMGF::MGF1_SHA1;

- +					allowedMgf = CKG_MGF1_SHA1;

- +					break;

- +				case CKM_SHA224:

- +					pssParam.hashAlg = HashAlgo::SHA224;

- +					pssParam.mgf = AsymRSAMGF::MGF1_SHA224;

- +					allowedMgf = CKG_MGF1_SHA224;

- +					break;

- +				case CKM_SHA256:

- +					pssParam.hashAlg = HashAlgo::SHA256;

- +					pssParam.mgf = AsymRSAMGF::MGF1_SHA256;

- +					allowedMgf = CKG_MGF1_SHA256;

- +					break;

- +				case CKM_SHA384:

- +					pssParam.hashAlg = HashAlgo::SHA384;

- +					pssParam.mgf = AsymRSAMGF::MGF1_SHA384;

- +					allowedMgf = CKG_MGF1_SHA384;

- +					break;

- +				case CKM_SHA512:

- +					pssParam.hashAlg = HashAlgo::SHA512;

- +					pssParam.mgf = AsymRSAMGF::MGF1_SHA512;

- +					allowedMgf = CKG_MGF1_SHA512;

- +					break;

- +				default:

- +					ERROR_MSG("Invalid RSA-PSS hash");

- +					return CKR_ARGUMENTS_BAD;

- +			}

- +

- +			if (CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->mgf != allowedMgf) {

- +				ERROR_MSG("Hash and MGF don't match");

- +				return CKR_ARGUMENTS_BAD;

- +			}

- +

- +			pssParam.sLen = CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->sLen;

- +			param = &pssParam;

- +			paramLen = sizeof(pssParam);

- +			bAllowMultiPartOp = false;

- +			isRSA = true;

- +			break;

-  		case CKM_SHA1_RSA_PKCS_PSS:

-  			if (pMechanism->pParameter == NULL_PTR ||

-  			    pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS) ||

- @@ -4593,6 +4655,56 @@ CK_RV SoftHSM::AsymVerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMech

-  			bAllowMultiPartOp = true;

-  			isRSA = true;

-  			break;

- +		case CKM_RSA_PKCS_PSS:

- +			if (pMechanism->pParameter == NULL_PTR ||

- +			    pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS))

- +			{

- +				ERROR_MSG("Invalid parameters");

- +				return CKR_ARGUMENTS_BAD;

- +			}

- +			mechanism = AsymMech::RSA_PKCS_PSS;

- +

- +			unsigned long expectedMgf;

- +			switch(CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->hashAlg) {

- +				case CKM_SHA_1:

- +					pssParam.hashAlg = HashAlgo::SHA1;

- +					pssParam.mgf = AsymRSAMGF::MGF1_SHA1;

- +					expectedMgf = CKG_MGF1_SHA1;

- +					break;

- +				case CKM_SHA224:

- +					pssParam.hashAlg = HashAlgo::SHA224;

- +					pssParam.mgf = AsymRSAMGF::MGF1_SHA224;

- +					expectedMgf = CKG_MGF1_SHA224;

- +					break;

- +				case CKM_SHA256:

- +					pssParam.hashAlg = HashAlgo::SHA256;

- +					pssParam.mgf = AsymRSAMGF::MGF1_SHA256;

- +					expectedMgf = CKG_MGF1_SHA256;

- +					break;

- +				case CKM_SHA384:

- +					pssParam.hashAlg = HashAlgo::SHA384;

- +					pssParam.mgf = AsymRSAMGF::MGF1_SHA384;

- +					expectedMgf = CKG_MGF1_SHA384;

- +					break;

- +				case CKM_SHA512:

- +					pssParam.hashAlg = HashAlgo::SHA512;

- +					pssParam.mgf = AsymRSAMGF::MGF1_SHA512;

- +					expectedMgf = CKG_MGF1_SHA512;

- +					break;

- +				default:

- +					return CKR_ARGUMENTS_BAD;

- +			}

- +

- +			if (CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->mgf != expectedMgf) {

- +				return CKR_ARGUMENTS_BAD;

- +			}

- +

- +			pssParam.sLen = CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->sLen;

- +			param = &pssParam;

- +			paramLen = sizeof(pssParam);

- +			bAllowMultiPartOp = false;

- +			isRSA = true;

- +			break;

-  		case CKM_SHA1_RSA_PKCS_PSS:

-  			if (pMechanism->pParameter == NULL_PTR ||

-  			    pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS) ||

- diff --git a/src/lib/crypto/AsymmetricAlgorithm.h b/src/lib/crypto/AsymmetricAlgorithm.h

- index 54ac78d5..ca0d8400 100644

- --- a/src/lib/crypto/AsymmetricAlgorithm.h

- +++ b/src/lib/crypto/AsymmetricAlgorithm.h

- @@ -70,6 +70,7 @@ struct AsymMech

-  		RSA_SHA256_PKCS,

-  		RSA_SHA384_PKCS,

-  		RSA_SHA512_PKCS,

- +		RSA_PKCS_PSS,

-  		RSA_SHA1_PKCS_PSS,

-  		RSA_SHA224_PKCS_PSS,

-  		RSA_SHA256_PKCS_PSS,

- diff --git a/src/lib/crypto/OSSLRSA.cpp b/src/lib/crypto/OSSLRSA.cpp

- index 91b6466c..1e5638a0 100644

- --- a/src/lib/crypto/OSSLRSA.cpp

- +++ b/src/lib/crypto/OSSLRSA.cpp

- @@ -121,6 +121,112 @@ bool OSSLRSA::sign(PrivateKey* privateKey, const ByteString& dataToSign,

-  

-  		return true;

-  	}

- +	else if (mechanism == AsymMech::RSA_PKCS_PSS)

- +	{

- +		const RSA_PKCS_PSS_PARAMS *pssParam = (RSA_PKCS_PSS_PARAMS*)param;

- +

- +		// Separate implementation for RSA PKCS #1 signing without hash computation

- +

- +		// Check if the private key is the right type

- +		if (!privateKey->isOfType(OSSLRSAPrivateKey::type))

- +		{

- +			ERROR_MSG("Invalid key type supplied");

- +

- +			return false;

- +		}

- +

- +		if (pssParam == NULL || paramLen != sizeof(RSA_PKCS_PSS_PARAMS))

- +		{

- +			ERROR_MSG("Invalid parameters supplied");

- +

- +			return false;

- +		}

- +

- +		size_t allowedLen;

- +		const EVP_MD* hash = NULL;

- +

- +		switch (pssParam->hashAlg)

- +		{

- +		case HashAlgo::SHA1:

- +			hash = EVP_sha1();

- +			allowedLen = 20;

- +			break;

- +		case HashAlgo::SHA224:

- +			hash = EVP_sha224();

- +			allowedLen = 28;

- +			break;

- +		case HashAlgo::SHA256:

- +			hash = EVP_sha256();

- +			allowedLen = 32;

- +			break;

- +		case HashAlgo::SHA384:

- +			hash = EVP_sha384();

- +			allowedLen = 48;

- +			break;

- +		case HashAlgo::SHA512:

- +			hash = EVP_sha512();

- +			allowedLen = 64;

- +			break;

- +		default:

- +			return false;

- +		}

- +

- +		OSSLRSAPrivateKey* osslKey = (OSSLRSAPrivateKey*) privateKey;

- +

- +		RSA* rsa = osslKey->getOSSLKey();

- +

- +		if (dataToSign.size() != allowedLen)

- +		{

- +			ERROR_MSG("Data to sign does not match expected (%d) for RSA PSS", (int)allowedLen);

- +

- +			return false;

- +		}

- +

- +		size_t sLen = pssParam->sLen;

- +		if (sLen > ((privateKey->getBitLength()+6)/8-2-allowedLen))

- +		{

- +			ERROR_MSG("sLen (%lu) is too large for current key size (%lu)",

- +				  (unsigned long)sLen, privateKey->getBitLength());

- +			return false;

- +		}

- +

- +		ByteString em;

- +		em.resize(osslKey->getN().size());

- +

- +		int status = RSA_padding_add_PKCS1_PSS_mgf1(rsa, &em[0], (unsigned char*) dataToSign.const_byte_str(), hash, hash, pssParam->sLen);

- +		if (!status)

- +		{

- +			ERROR_MSG("Error in RSA PSS padding generation");

- +

- +			return false;

- +		}

- +

- +

- +		if (!RSA_blinding_on(rsa, NULL))

- +		{

- +			ERROR_MSG("Failed to turn on blinding for OpenSSL RSA key");

- +

- +			return false;

- +		}

- +

- +		// Perform the signature operation

- +		signature.resize(osslKey->getN().size());

- +

- +		int sigLen = RSA_private_encrypt(osslKey->getN().size(), &em[0], &signature[0], rsa, RSA_NO_PADDING);

- +

- +		RSA_blinding_off(rsa);

- +

- +		if (sigLen == -1)

- +		{

- +			ERROR_MSG("An error occurred while performing the RSA-PSS signature");

- +

- +			return false;

- +		}

- +

- +		signature.resize(sigLen);

- +

- +		return true;

- +	}

-  	else if (mechanism == AsymMech::RSA)

-  	{

-  		// Separate implementation for raw RSA signing

- @@ -607,6 +713,90 @@ bool OSSLRSA::verify(PublicKey* publicKey, const ByteString& originalData,

-  

-  		return (originalData == recoveredData);

-  	}

- +	else if (mechanism == AsymMech::RSA_PKCS_PSS)

- +	{

- +		const RSA_PKCS_PSS_PARAMS *pssParam = (RSA_PKCS_PSS_PARAMS*)param;

- +

- +		if (pssParam == NULL || paramLen != sizeof(RSA_PKCS_PSS_PARAMS))

- +		{

- +			ERROR_MSG("Invalid parameters supplied");

- +

- +			return false;

- +		}

- +

- +		// Check if the public key is the right type

- +		if (!publicKey->isOfType(OSSLRSAPublicKey::type))

- +		{

- +			ERROR_MSG("Invalid key type supplied");

- +

- +			return false;

- +		}

- +

- +		// Perform the RSA public key operation

- +		OSSLRSAPublicKey* osslKey = (OSSLRSAPublicKey*) publicKey;

- +

- +		ByteString recoveredData;

- +

- +		recoveredData.resize(osslKey->getN().size());

- +

- +		RSA* rsa = osslKey->getOSSLKey();

- +

- +		int retLen = RSA_public_decrypt(signature.size(), (unsigned char*) signature.const_byte_str(), &recoveredData[0], rsa, RSA_NO_PADDING);

- +

- +		if (retLen == -1)

- +		{

- +			ERROR_MSG("Public key operation failed");

- +

- +			return false;

- +		}

- +

- +		recoveredData.resize(retLen);

- +

- +		size_t allowedLen;

- +		const EVP_MD* hash = NULL;

- +

- +		switch (pssParam->hashAlg)

- +		{

- +		case HashAlgo::SHA1:

- +			hash = EVP_sha1();

- +			allowedLen = 20;

- +			break;

- +		case HashAlgo::SHA224:

- +			hash = EVP_sha224();

- +			allowedLen = 28;

- +			break;

- +		case HashAlgo::SHA256:

- +			hash = EVP_sha256();

- +			allowedLen = 32;

- +			break;

- +		case HashAlgo::SHA384:

- +			hash = EVP_sha384();

- +			allowedLen = 48;

- +			break;

- +		case HashAlgo::SHA512:

- +			hash = EVP_sha512();

- +			allowedLen = 64;

- +			break;

- +		default:

- +			return false;

- +		}

- +

- +		if (originalData.size() != allowedLen) {

- +			return false;

- +		}

- +

- +		size_t sLen = pssParam->sLen;

- +		if (sLen > ((osslKey->getBitLength()+6)/8-2-allowedLen))

- +		{

- +			ERROR_MSG("sLen (%lu) is too large for current key size (%lu)",

- +				  (unsigned long)sLen, osslKey->getBitLength());

- +			return false;

- +		}

- +

- +		int status = RSA_verify_PKCS1_PSS_mgf1(rsa, (unsigned char*)originalData.const_byte_str(), hash, hash, (unsigned char*) recoveredData.const_byte_str(), pssParam->sLen);

- +

- +		return (status == 1);

- +	}

-  	else if (mechanism == AsymMech::RSA)

-  	{

-  		// Specific implementation for raw RSA verifiction; originalData is assumed to contain the

- diff --git a/src/lib/test/SignVerifyTests.cpp b/src/lib/test/SignVerifyTests.cpp

- index 4536d7aa..46ebfb61 100644

- --- a/src/lib/test/SignVerifyTests.cpp

- +++ b/src/lib/test/SignVerifyTests.cpp

- @@ -195,6 +195,44 @@ void SignVerifyTests::signVerifySingle(CK_MECHANISM_TYPE mechanismType, CK_SESSI

-  	CPPUNIT_ASSERT(rv==CKR_SIGNATURE_INVALID);

-  }

-  

- +void SignVerifyTests::signVerifySingleData(size_t dataSize, CK_MECHANISM_TYPE mechanismType, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hPublicKey, CK_OBJECT_HANDLE hPrivateKey, CK_VOID_PTR param /* = NULL_PTR */, CK_ULONG paramLen /* = 0 */)

- +{

- +	CK_RV rv;

- +	CK_MECHANISM mechanism = { mechanismType, param, paramLen };

- +	CK_BYTE *data = (CK_BYTE*)malloc(dataSize);

- +	CK_BYTE signature[1024];

- +	CK_ULONG ulSignatureLen = 0;

- +	unsigned i;

- +

- +	CPPUNIT_ASSERT(data != NULL);

- +

- +	for (i=0;i<dataSize;i++)

- +		data[i] = i;

- +

- +	rv = CRYPTOKI_F_PTR( C_SignInit(hSession,&mechanism,hPrivateKey) );

- +	CPPUNIT_ASSERT(rv==CKR_OK);

- +

- +	ulSignatureLen = sizeof(signature);

- +	rv = CRYPTOKI_F_PTR( C_Sign(hSession,data,dataSize,signature,&ulSignatureLen) );

- +	CPPUNIT_ASSERT(rv==CKR_OK);

- +

- +	rv = CRYPTOKI_F_PTR( C_VerifyInit(hSession,&mechanism,hPublicKey) );

- +	CPPUNIT_ASSERT(rv==CKR_OK);

- +

- +	rv = CRYPTOKI_F_PTR( C_Verify(hSession,data,dataSize,signature,ulSignatureLen) );

- +	CPPUNIT_ASSERT(rv==CKR_OK);

- +

- +	// verify again, but now change the input that is being signed.

- +	rv = CRYPTOKI_F_PTR( C_VerifyInit(hSession,&mechanism,hPublicKey) );

- +	CPPUNIT_ASSERT(rv==CKR_OK);

- +

- +	data[0] = 0xff;

- +	rv = CRYPTOKI_F_PTR( C_Verify(hSession,data,dataSize,signature,ulSignatureLen) );

- +	CPPUNIT_ASSERT(rv==CKR_SIGNATURE_INVALID);

- +

- +	free(data);

- +}

- +

-  void SignVerifyTests::signVerifyMulti(CK_MECHANISM_TYPE mechanismType, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hPublicKey, CK_OBJECT_HANDLE hPrivateKey, CK_VOID_PTR param /* = NULL_PTR */, CK_ULONG paramLen /* = 0 */)

-  {

-  	CK_RV rv;

- @@ -287,6 +325,15 @@ void SignVerifyTests::testRsaSignVerify()

-  	signVerifyMulti(CKM_SHA256_RSA_PKCS, hSessionRO, hPuk,hPrk);

-  	signVerifyMulti(CKM_SHA384_RSA_PKCS, hSessionRO, hPuk,hPrk);

-  	signVerifyMulti(CKM_SHA512_RSA_PKCS, hSessionRO, hPuk,hPrk);

- +

- +#ifdef WITH_OPENSSL

- +	signVerifySingleData(20, CKM_RSA_PKCS_PSS, hSessionRO, hPuk,hPrk, &params[0], sizeof(params[0]));

- +	signVerifySingleData(28, CKM_RSA_PKCS_PSS, hSessionRO, hPuk,hPrk, &params[1], sizeof(params[1]));

- +	signVerifySingleData(32, CKM_RSA_PKCS_PSS, hSessionRO, hPuk,hPrk, &params[2], sizeof(params[2]));

- +	signVerifySingleData(48, CKM_RSA_PKCS_PSS, hSessionRO, hPuk,hPrk, &params[3], sizeof(params[3]));

- +	signVerifySingleData(64, CKM_RSA_PKCS_PSS, hSessionRO, hPuk,hPrk, &params[4], sizeof(params[4]));

- +#endif

- +

-  	signVerifyMulti(CKM_SHA1_RSA_PKCS_PSS, hSessionRO, hPuk,hPrk, &params[0], sizeof(params[0]));

-  	signVerifyMulti(CKM_SHA224_RSA_PKCS_PSS, hSessionRO, hPuk,hPrk, &params[1], sizeof(params[1]));

-  	signVerifyMulti(CKM_SHA256_RSA_PKCS_PSS, hSessionRO, hPuk,hPrk, &params[2], sizeof(params[2]));

- diff --git a/src/lib/test/SignVerifyTests.h b/src/lib/test/SignVerifyTests.h

- index dc645ef6..0fa6a145 100644

- --- a/src/lib/test/SignVerifyTests.h

- +++ b/src/lib/test/SignVerifyTests.h

- @@ -61,6 +61,7 @@ class SignVerifyTests : public TestsBase

-  	CK_RV generateEC(const char* curve, CK_SESSION_HANDLE hSession, CK_BBOOL bTokenPuk, CK_BBOOL bPrivatePuk, CK_BBOOL bTokenPrk, CK_BBOOL bPrivatePrk, CK_OBJECT_HANDLE &hPuk, CK_OBJECT_HANDLE &hPrk);

-  #endif

-  	void signVerifySingle(CK_MECHANISM_TYPE mechanismType, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hPublicKey, CK_OBJECT_HANDLE hPrivateKey, CK_VOID_PTR param = NULL_PTR, CK_ULONG paramLen = 0);

- +	void signVerifySingleData(size_t dataSize, CK_MECHANISM_TYPE mechanismType, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hPublicKey, CK_OBJECT_HANDLE hPrivateKey, CK_VOID_PTR param = NULL_PTR, CK_ULONG paramLen = 0);

-  	void signVerifyMulti(CK_MECHANISM_TYPE mechanismType, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hPublicKey, CK_OBJECT_HANDLE hPrivateKey, CK_VOID_PTR param = NULL_PTR, CK_ULONG paramLen = 0);

-  	CK_RV generateKey(CK_SESSION_HANDLE hSession, CK_KEY_TYPE keyType, CK_BBOOL bToken, CK_BBOOL bPrivate, CK_OBJECT_HANDLE &hKey);

-  	void hmacSignVerify(CK_MECHANISM_TYPE mechanismType, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey);

- 

file modified
+5 -6
@@ -2,15 +2,13 @@ 

  

  Summary: Software version of a PKCS#11 Hardware Security Module

  Name: softhsm

- Version: 2.4.0

+ Version: 2.5.0

  Release: %{?prever:0.}1%{?prever:.%{prever}}%{?dist}

  License: BSD

  Url: http://www.opendnssec.org/

  Source: http://dist.opendnssec.org/source/%{?prever:testing/}%{name}-%{version}.tar.gz

  Source1: http://dist.opendnssec.org/source/%{?prever:testing/}%{name}-%{version}.tar.gz.sig

  

- Patch1: softhsm-2.3.0-reset-mutex-callbacks.patch

- 

  Group: Applications/System

  BuildRequires: openssl-devel >= 1.0.1k-6, sqlite-devel >= 3.4.2, cppunit-devel

  BuildRequires: gcc-c++, pkgconfig, p11-kit-devel, nss-devel
@@ -43,8 +41,6 @@ 

  %prep

  %setup -q -n %{name}-%{version}%{?prever}

  

- %patch1 -p1

- 

  %if 0%{?prever:1}

  autoreconf -fiv

  %endif
@@ -57,7 +53,7 @@ 

  sed -i "s:libdir)/@PACKAGE@:libdir):" Makefile.in

  

  %build

- %configure --libdir=%{_libdir}/pkcs11 --with-openssl=%{_prefix} --enable-ecc --disable-gost \

+ %configure --libdir=%{_libdir}/pkcs11 --with-openssl=%{_prefix} --enable-ecc --enable-eddsa --disable-gost \

             --with-migrate --enable-visibility --with-p11-kit=%{_datadir}/p11-kit/modules/

  

  make %{?_smp_mflags}
@@ -116,6 +112,9 @@ 

  fi

  

  %changelog

+ * Mon Oct 29 2018 Simo Sorce <simo@redhat.com> - 2.5.0-1

+ - Updated to latest upstream release

+ 

  * Sat Aug 11 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 2.4.0-1

  - Updated to latest upstream release

  

file modified
+1 -2
@@ -1,2 +1,1 @@ 

- SHA512 (softhsm-2.4.0.tar.gz) = f14f65de32206500f708523ee88d8d5e3d1fd40175f1a9cd24c7760c829e2de9dbcb05453022df8186836c49a57e4eae7f2e75ce6a5346a426114f4d610a8a84

- SHA512 (softhsm-2.4.0.tar.gz.sig) = a8f616e2a5ab7fdb09c0d2a850bda833be889aea0aa1e5e2bcb0012351dcf3c870e496918ba16bb0bb942bb13350ff1030b25feab29914d07897b39c30526624

+ SHA512 (softhsm-2.5.0.tar.gz) = a1e686729196dc25591eb3da57c2c8ea8494ed274ba711842b2dcae696f477a202acda13a975b8fb1eb68e8e44a79e839dbbc6ba500cab02ad13072c660752d9