update to softhsm-1.3.8, from Patrik Lundin

2016-11-19 22:47:23 +00:00 · 2016-11-19 22:47:23 +00:00 · 7c53f41d58
commit 7c53f41d58
parent 1bea2dbb0f
5 changed files with 8 additions and 218 deletions
--- a/security/softhsm/Makefile
+++ b/security/softhsm/Makefile
@ -1,13 +1,11 @@
-# $OpenBSD: Makefile,v 1.6 2016/09/23 09:16:57 sthen Exp $
+# $OpenBSD: Makefile,v 1.7 2016/11/19 22:47:23 sthen Exp $

 PORTROACH=	limit:^1\.
 PORTROACH_COMMENT=	the 2.x version has a different user interface

 COMMENT=	software PKCS\#11 cryptographic token

-DISTNAME=	softhsm-1.3.7
-
-REVISION=	1
+DISTNAME=	softhsm-1.3.8

 CATEGORIES=	security

--- a/security/softhsm/distinfo
+++ b/security/softhsm/distinfo
@ -1,2 +1,2 @@
-SHA256 (softhsm-1.3.7.tar.gz) = 0S1kVqhVYSZtnaQnVl8+43RqNd9mcNXmvnXeJTwoEKQ=
-SIZE (softhsm-1.3.7.tar.gz) = 438437
+SHA256 (softhsm-1.3.8.tar.gz) = LqrjoB7DAkHay8bEar8aeNflRkPneTz4qb6Y++a1lTo=
+SIZE (softhsm-1.3.8.tar.gz) = 451445
--- a/security/softhsm/patches/patch-configure
+++ b/security/softhsm/patches/patch-configure
@ -1,18 +1,7 @@
-$OpenBSD: patch-configure,v 1.1.1.1 2015/06/23 11:26:05 jca Exp $
--- configure.orig	Wed May 28 08:03:56 2014
-+++ configure	Mon Jun 22 13:16:45 2015
-@@ -4351,8 +4351,8 @@ else
- fi
- 
- 
-	BOTAN_INCLUDES="-I$BOTAN_PATH/include/botan-1.10"
-	BOTAN_LIBS="-L$BOTAN_PATH/lib -lbotan-1.10"
-+	BOTAN_INCLUDES=`botan-config-1.10 --cflags`
-+	BOTAN_LIBS=`botan-config-1.10 --libs`
- 	tmp_CPPFLAGS=$CPPFLAGS
- 	tmp_LIBS=$LIBS
- 	CPPFLAGS="$CPPFLAGS $BOTAN_INCLUDES"
-@@ -16255,7 +16255,7 @@ CFLAGS=$lt_save_CFLAGS
+$OpenBSD: patch-configure,v 1.2 2016/11/19 22:47:23 sthen Exp $
+--- configure.orig	Sat Nov 19 20:40:23 2016
+++ configure	Sat Nov 19 20:40:39 2016
+@@ -16410,7 +16410,7 @@ CFLAGS=$lt_save_CFLAGS
 
 
 
--- a/security/softhsm/patches/patch-src_bin_softhsm-keyconv_cpp
+++ b/security/softhsm/patches/patch-src_bin_softhsm-keyconv_cpp
@ -1,113 +0,0 @@
-$OpenBSD: patch-src_bin_softhsm-keyconv_cpp,v 1.1 2015/09/21 13:24:46 sthen Exp $
-
-From aa2d1ebb0ef31c71a4db4435f3dc056cacf87209 Mon Sep 17 00:00:00 2001
-From: Rickard Bellgrim <rickard@opendnssec.org>
-Date: Sun, 26 Oct 2014 08:08:43 +0100
-Subject: [PATCH 1/2] SOFTHSM-101: softhsm-keyconv creates files with sensitive
- material in insecure way. Also applies to softhsm when using --export or
- --optimize.
-
-From 285ae80336ca57e186f69bd249736ade6445b873 Mon Sep 17 00:00:00 2001
-From: Rickard Bellgrim <rickard@opendnssec.org>
-Date: Sun, 26 Oct 2014 08:45:11 +0100
-Subject: [PATCH 2/2] SOFTHSM-101: Include more header files
-
--- src/bin/softhsm-keyconv.cpp.orig	Wed May 28 07:59:14 2014
-+++ src/bin/softhsm-keyconv.cpp	Mon Sep 21 14:25:56 2015
-@@ -48,6 +48,10 @@
- #include <iostream>
- #include <fstream>
- #include <stdint.h>
-+#include <fcntl.h>
-+#include <sys/types.h>
-+#include <sys/stat.h>
-+#include <errno.h>
- 
- void usage() {
-   printf("Converting between BIND .private-key format and PKCS#8 key file format.\n");
-@@ -391,6 +395,15 @@ int to_pkcs8(char *in_path, char *out_path, char *file
-     return 1;
-   }
- 
-+  // Create and set file permissions if the file does not exist.
-+  int fd = open(out_path, O_CREAT, S_IRUSR | S_IWUSR);
-+  if (fd == -1) {
-+    fprintf(stderr, "ERROR: Could not open the output file: %s (errno %i)\n",
-+            out_path, errno);
-+    return 1;
-+  }
-+  close(fd);
-+
-   // Save the the key to the disk
-   switch(algorithm) {
-     case DNS_KEYALG_ERROR:
-@@ -735,8 +748,16 @@ int save_rsa_bind(char *name, int ttl, Botan::Private_
-   snprintf(priv_out, MAX_LINE, "K%s+%03i+%05i.private", name, algorithm, key_tag);
-   snprintf(pub_out, MAX_LINE, "K%s+%03i+%05i.key", name, algorithm, key_tag);
- 
-  // Create the private key file
-+  // Create and set file permissions if the file does not exist.
-+  int fd = open(priv_out, O_CREAT, S_IRUSR | S_IWUSR);
-+  if (fd == -1) {
-+    fprintf(stderr, "ERROR: Could not open the output file: %s (errno %i)\n",
-+            priv_out, errno);
-+    return 1;
-+  }
-+  close(fd);
- 
-+  // Create the private key file
-   file_pointer = fopen(priv_out, "w");
-   if (!file_pointer) {
-     fprintf(stderr, "Error: Could not open output file %.100s for writing.\n", priv_out);
-@@ -786,8 +807,16 @@ int save_rsa_bind(char *name, int ttl, Botan::Private_
- 
-   printf("The private key has been written to %s\n", priv_out);
- 
-  // Create the public key file
-+  // Create and set file permissions if the file does not exist.
-+  fd = open(pub_out, O_CREAT, S_IRUSR | S_IWUSR);
-+  if (fd == -1) {
-+    fprintf(stderr, "ERROR: Could not open the output file: %s (errno %i)\n",
-+            pub_out, errno);
-+    return 1;
-+  }
-+  close(fd);
- 
-+  // Create the public key file
-   file_pointer = fopen(pub_out, "w");
-   if (!file_pointer) {
-     fprintf(stderr, "Error: Could not open output file %.100s for writing.\n", pub_out);
-@@ -836,6 +865,15 @@ int save_dsa_bind(char *name, int ttl, Botan::Private_
-   snprintf(priv_out, MAX_LINE, "K%s+%03i+%05i.private", name, algorithm, key_tag);
-   snprintf(pub_out, MAX_LINE, "K%s+%03i+%05i.key", name, algorithm, key_tag);
- 
-+  // Create and set file permissions if the file does not exist.
-+  int fd = open(priv_out, O_CREAT, S_IRUSR | S_IWUSR);
-+  if (fd == -1) {
-+    fprintf(stderr, "ERROR: Could not open the output file: %s (errno %i)\n",
-+            priv_out, errno);
-+    return 1;
-+  }
-+  close(fd);
-+
-   file_pointer = fopen(priv_out, "w");
-   if (!file_pointer) {
-     fprintf(stderr, "Error: Could not open output file %.100s for writing.\n", priv_out);
-@@ -873,8 +911,16 @@ int save_dsa_bind(char *name, int ttl, Botan::Private_
- 
-   printf("The private key has been written to %s\n", priv_out);
- 
-  // Create the public key file
-+  // Create and set file permissions if the file does not exist.
-+  fd = open(pub_out, O_CREAT, S_IRUSR | S_IWUSR);
-+  if (fd == -1) {
-+    fprintf(stderr, "ERROR: Could not open the output file: %s (errno %i)\n",
-+            pub_out, errno);
-+    return 1;
-+  }
-+  close(fd);
- 
-+  // Create the public key file
-   file_pointer = fopen(pub_out, "w");
-   if (!file_pointer) {
-     fprintf(stderr, "Error: Could not open output file %.100s for writing.\n", pub_out);
--- a/security/softhsm/patches/patch-src_bin_softhsm_cpp
+++ b/security/softhsm/patches/patch-src_bin_softhsm_cpp
@ -1,84 +0,0 @@
-$OpenBSD: patch-src_bin_softhsm_cpp,v 1.1 2015/09/21 13:24:46 sthen Exp $
-
-From aa2d1ebb0ef31c71a4db4435f3dc056cacf87209 Mon Sep 17 00:00:00 2001
-From: Rickard Bellgrim <rickard@opendnssec.org>
-Date: Sun, 26 Oct 2014 08:08:43 +0100
-Subject: [PATCH 1/2] SOFTHSM-101: softhsm-keyconv creates files with sensitive
- material in insecure way. Also applies to softhsm when using --export or
- --optimize.
-
-From 285ae80336ca57e186f69bd249736ade6445b873 Mon Sep 17 00:00:00 2001
-From: Rickard Bellgrim <rickard@opendnssec.org>
-Date: Sun, 26 Oct 2014 08:45:11 +0100
-Subject: [PATCH 2/2] SOFTHSM-101: Include more header files
-
--- src/bin/softhsm.cpp.orig	Wed May 28 07:59:22 2014
-+++ src/bin/softhsm.cpp	Mon Sep 21 14:25:56 2015
-@@ -46,6 +46,10 @@
- #include <iostream>
- #include <fstream>
- #include <sched.h>
-+#include <fcntl.h>
-+#include <sys/types.h>
-+#include <sys/stat.h>
-+#include <errno.h>
- 
- #ifdef HAVE_DLOPEN
- #include <dlfcn.h>
-@@ -1005,6 +1009,15 @@ int removeSessionObjs(char *dbPath) {
-   CK_BBOOL ckFalse = CK_FALSE;
-   int retVal = 0;
- 
-+  // Create and set file permissions if the DB does not exist.
-+  int fd = open(dbPath, O_CREAT, S_IRUSR | S_IWUSR);
-+  if(fd == -1) {
-+    fprintf(stderr, "Could not open the token database. errno=%i. "
-+                    "Probably wrong privileges: %s", errno, dbPath);
-+    return 1;
-+  }
-+  close(fd);
-+
-   if(sqlite3_open(dbPath, &db) != 0) {
-     fprintf(stderr, "ERROR: Could not connect to database.\n");
-     return 1;
-@@ -1278,6 +1291,15 @@ CK_RV writeKeyToDisk(char *filePath, char *filePIN, Bo
-     return CKR_GENERAL_ERROR;
-   }
- 
-+  // Create and set file permissions if the file does not exist.
-+  int fd = open(filePath, O_CREAT, S_IRUSR | S_IWUSR);
-+  if (fd == -1) {
-+    fprintf(stderr, "ERROR: Could not open the output file: %s (errno %i)\n",
-+            filePath, errno);
-+    return CKR_GENERAL_ERROR;
-+  }
-+  close(fd);
-+
-   std::ofstream privFile(filePath);
- 
-   if(!privFile) {
-@@ -1468,6 +1490,15 @@ Botan::Private_Key* getPrivKey(char *dbPath, CK_OBJECT
-   sqlite3_stmt *select_sql = NULL;
-   Botan::Private_Key *privKey = NULL;
- 
-+  // Create and set file permissions if the DB does not exist.
-+  int fd = open(dbPath, O_CREAT, S_IRUSR | S_IWUSR);
-+  if(fd == -1) {
-+    fprintf(stderr, "Could not open the token database. errno=%i. "
-+                    "Probably wrong privileges: %s", errno, dbPath);
-+    return NULL;
-+  }
-+  close(fd);
-+
-   if(sqlite3_open(dbPath, &db) == 0 && sqlite3_prepare_v2(db, select_str, -1, &select_sql, NULL) == 0) {
-     if(getObjectClass(select_sql, oHandle) == CKO_PRIVATE_KEY && getKeyType(select_sql, oHandle) == CKK_RSA) {
-       Botan::BigInt bigN = getBigIntAttribute(select_sql, oHandle, CKA_MODULUS);
-@@ -1477,7 +1508,7 @@ Botan::Private_Key* getPrivKey(char *dbPath, CK_OBJECT
-       Botan::BigInt bigQ = getBigIntAttribute(select_sql, oHandle, CKA_PRIME_2);
- 
-       Botan::AutoSeeded_RNG *rng = new Botan::AutoSeeded_RNG();
-      
-+
-       try {
-         privKey = new Botan::RSA_PrivateKey(*rng, bigP, bigQ, bigE, bigD, bigN);
-       }