File ocki-3.2_06_icsf_sign_verify.patch of Package openCryptoki.2906

commit 72a1ac0ae9898de4262c5b98751c281f8979704b
Author: Joy Latten <jmlatten@linux.vnet.ibm.com>
Date:   Wed Mar 25 17:12:14 2015 -0500

    ICSF Token: chain data was not being copied for hmac signing and verifying.
    
    Signed-off-by: Joy Latten <jmlatten@linux.vnet.ibm.com>

diff --git a/usr/lib/pkcs11/icsf_stdll/icsf_specific.c b/usr/lib/pkcs11/icsf_stdll/icsf_specific.c
index c6fc231..fa4bad7 100644
--- a/usr/lib/pkcs11/icsf_stdll/icsf_specific.c
+++ b/usr/lib/pkcs11/icsf_stdll/icsf_specific.c
@@ -3526,7 +3526,12 @@ CK_RV icsftok_sign_update(SESSION *session, CK_BYTE *in_data,
 		if (rc != 0) {
			OCK_LOG_ERR(CKR_FUNCTION_FAILED);
 			rc = icsf_to_ock_err(rc, reason);
+		} else {
+			multi_part_ctx->initiated = TRUE;
+			memcpy(multi_part_ctx->chain_data, chain_data,
+			       chain_data_len);
 		}
+
 		break;
 
 	case CKM_MD5_RSA_PKCS:
@@ -3675,7 +3680,8 @@ CK_RV icsftok_sign_final(SESSION *session, CK_BBOOL length_only,
 		}
 
 		rc = icsf_hmac_sign(session_state->ld, &reason,
-				&mapping->icsf_object, &ctx->mech, "LAST", "",
+				&mapping->icsf_object, &ctx->mech,
+				multi_part_ctx->initiated ? "LAST":"ONLY", "",
 				0, signature, sig_len, chain_data,
 				&chain_data_len);
 		if (rc != 0)
@@ -4055,7 +4061,12 @@ CK_RV icsftok_verify_update(SESSION *session, CK_BYTE *in_data,
 		if (rc != 0) {
			OCK_LOG_ERR(CKR_FUNCTION_FAILED);
 			rc = icsf_to_ock_err(rc, reason);
+		} else {
+			multi_part_ctx->initiated = TRUE;
+			memcpy(multi_part_ctx->chain_data, chain_data,
+			       chain_data_len);
 		}
+
 		break;
 
 	case CKM_MD5_RSA_PKCS:
@@ -4122,6 +4133,7 @@ CK_RV icsftok_verify_update(SESSION *session, CK_BYTE *in_data,
 			memcpy(multi_part_ctx->chain_data, chain_data,
 			       chain_data_len);
 		}
+
 		if (buffer)
 			free(buffer);
 
@@ -4191,7 +4203,8 @@ CK_RV icsftok_verify_final(SESSION *session, CK_BYTE *signature,
 
 		/* get the chain data */
 		rc = icsf_hmac_verify(session_state->ld, &reason,
-				&mapping->icsf_object, &ctx->mech, "LAST", "",
+				&mapping->icsf_object, &ctx->mech,
+				multi_part_ctx->initiated ? "LAST":"ONLY", "",
 				0, signature, sig_len, chain_data,
 				&chain_data_len);
 		if (rc != 0)
openSUSE Build Service is sponsored by