85 lines
3.0 KiB
Plaintext
85 lines
3.0 KiB
Plaintext
$OpenBSD: patch-src_bin_softhsm_cpp,v 1.1 2015/09/21 13:24:46 sthen Exp $
|
|
|
|
From aa2d1ebb0ef31c71a4db4435f3dc056cacf87209 Mon Sep 17 00:00:00 2001
|
|
From: Rickard Bellgrim <rickard@opendnssec.org>
|
|
Date: Sun, 26 Oct 2014 08:08:43 +0100
|
|
Subject: [PATCH 1/2] SOFTHSM-101: softhsm-keyconv creates files with sensitive
|
|
material in insecure way. Also applies to softhsm when using --export or
|
|
--optimize.
|
|
|
|
From 285ae80336ca57e186f69bd249736ade6445b873 Mon Sep 17 00:00:00 2001
|
|
From: Rickard Bellgrim <rickard@opendnssec.org>
|
|
Date: Sun, 26 Oct 2014 08:45:11 +0100
|
|
Subject: [PATCH 2/2] SOFTHSM-101: Include more header files
|
|
|
|
--- src/bin/softhsm.cpp.orig Wed May 28 07:59:22 2014
|
|
+++ src/bin/softhsm.cpp Mon Sep 21 14:25:56 2015
|
|
@@ -46,6 +46,10 @@
|
|
#include <iostream>
|
|
#include <fstream>
|
|
#include <sched.h>
|
|
+#include <fcntl.h>
|
|
+#include <sys/types.h>
|
|
+#include <sys/stat.h>
|
|
+#include <errno.h>
|
|
|
|
#ifdef HAVE_DLOPEN
|
|
#include <dlfcn.h>
|
|
@@ -1005,6 +1009,15 @@ int removeSessionObjs(char *dbPath) {
|
|
CK_BBOOL ckFalse = CK_FALSE;
|
|
int retVal = 0;
|
|
|
|
+ // Create and set file permissions if the DB does not exist.
|
|
+ int fd = open(dbPath, O_CREAT, S_IRUSR | S_IWUSR);
|
|
+ if(fd == -1) {
|
|
+ fprintf(stderr, "Could not open the token database. errno=%i. "
|
|
+ "Probably wrong privileges: %s", errno, dbPath);
|
|
+ return 1;
|
|
+ }
|
|
+ close(fd);
|
|
+
|
|
if(sqlite3_open(dbPath, &db) != 0) {
|
|
fprintf(stderr, "ERROR: Could not connect to database.\n");
|
|
return 1;
|
|
@@ -1278,6 +1291,15 @@ CK_RV writeKeyToDisk(char *filePath, char *filePIN, Bo
|
|
return CKR_GENERAL_ERROR;
|
|
}
|
|
|
|
+ // Create and set file permissions if the file does not exist.
|
|
+ int fd = open(filePath, O_CREAT, S_IRUSR | S_IWUSR);
|
|
+ if (fd == -1) {
|
|
+ fprintf(stderr, "ERROR: Could not open the output file: %s (errno %i)\n",
|
|
+ filePath, errno);
|
|
+ return CKR_GENERAL_ERROR;
|
|
+ }
|
|
+ close(fd);
|
|
+
|
|
std::ofstream privFile(filePath);
|
|
|
|
if(!privFile) {
|
|
@@ -1468,6 +1490,15 @@ Botan::Private_Key* getPrivKey(char *dbPath, CK_OBJECT
|
|
sqlite3_stmt *select_sql = NULL;
|
|
Botan::Private_Key *privKey = NULL;
|
|
|
|
+ // Create and set file permissions if the DB does not exist.
|
|
+ int fd = open(dbPath, O_CREAT, S_IRUSR | S_IWUSR);
|
|
+ if(fd == -1) {
|
|
+ fprintf(stderr, "Could not open the token database. errno=%i. "
|
|
+ "Probably wrong privileges: %s", errno, dbPath);
|
|
+ return NULL;
|
|
+ }
|
|
+ close(fd);
|
|
+
|
|
if(sqlite3_open(dbPath, &db) == 0 && sqlite3_prepare_v2(db, select_str, -1, &select_sql, NULL) == 0) {
|
|
if(getObjectClass(select_sql, oHandle) == CKO_PRIVATE_KEY && getKeyType(select_sql, oHandle) == CKK_RSA) {
|
|
Botan::BigInt bigN = getBigIntAttribute(select_sql, oHandle, CKA_MODULUS);
|
|
@@ -1477,7 +1508,7 @@ Botan::Private_Key* getPrivKey(char *dbPath, CK_OBJECT
|
|
Botan::BigInt bigQ = getBigIntAttribute(select_sql, oHandle, CKA_PRIME_2);
|
|
|
|
Botan::AutoSeeded_RNG *rng = new Botan::AutoSeeded_RNG();
|
|
-
|
|
+
|
|
try {
|
|
privKey = new Botan::RSA_PrivateKey(*rng, bigP, bigQ, bigE, bigD, bigN);
|
|
}
|