---- opencryptoki-2.3.2/configure.in.orig 2010-10-09 21:43:05.827741882 +0200
-+++ opencryptoki-2.3.2/configure.in 2010-10-09 23:12:37.735734339 +0200
-@@ -597,7 +597,7 @@
- else
- enable_bcomtok=no
- fi
--AM_CONDITIONAL([ENABLE_BCOMTOK], [test "x$enable_bcom" = "xyes"])
-+AM_CONDITIONAL([ENABLE_BCOMTOK], [test "x$enable_bcomtok" = "xyes"])
-
- dnl --- enable_crtok
- if test "x$enable_crtok" = "xyes"; then
---- opencryptoki/usr/lib/pkcs11/bcom_stdll/bcom_specific.c.orig 2013-07-15 19:25:40.000000000 +0200
-+++ opencryptoki/usr/lib/pkcs11/bcom_stdll/bcom_specific.c 2013-12-30 23:06:27.528709358 +0100
-@@ -6,7 +6,6 @@
- #include "defs.h"
- #include "host_defs.h"
- #include "h_extern.h"
--#include "args.h"
- #include "errno.h"
- #include "tok_specific.h"
- #include "tok_struct.h"
-@@ -62,14 +61,14 @@ void swapper(char *s, char *d, int size)
-
-
- CK_RV
--token_specific_session(CK_SLOT_ID slotid)
-+token_specific_open_session(SESSION *session)
- {
- return CKR_OK;
-
- }
-
- CK_RV
--token_rng(CK_BYTE *output, CK_ULONG bytes)
-+token_specific_rng(CK_BYTE *output, CK_ULONG bytes)
- {
-
- #if 1
-@@ -115,14 +114,14 @@ tok_slot2local(CK_SLOT_ID snum)
-
-
- CK_RV
--token_specific_init(char * Correlator,CK_SLOT_ID SlotNumber)
-+token_specific_init(char * Correlator,CK_SLOT_ID SlotNumber,char * conf_name)
- {
- bcomfd = ubsec_open(UBSEC_KEY_DEVICE);
- return CKR_OK;
- }
-
- CK_RV
--token_specific_final()
-+token_specific_final(void)
- {
-
- ubsec_close(bcomfd);
-@@ -132,7 +131,7 @@ token_specific_final()
-
-
- CK_RV
--token_specific_des_key_gen(CK_BYTE *des_key,CK_ULONG _len)
-+token_specific_des_key_gen(CK_BYTE *des_key,CK_ULONG _len,CK_ULONG keysize)
- {
-
- // Nothing different to do for DES or TDES here as this is just
-@@ -150,18 +149,25 @@ token_specific_des_ecb(CK_BYTE * in_data
- CK_ULONG in_data__len,
- CK_BYTE *out_data,
- CK_ULONG *out_data__len,
-- CK_BYTE *key_value,
-+ OBJECT *key,
- CK_BYTE encrypt)
- {
- CK_ULONG rc;
-+ CK_ATTRIBUTE *attr = NULL;
- unsigned char in_block_data[8];
- unsigned char out_block_data[8];
- int i,j;
- int ret;
- ubsec_crypto_context_t ctx;
-
-+ // get the key value
-+ if (template_attribute_find(key->template, CKA_VALUE, &attr) == FALSE) {
-+ OCK_LOG_ERR(ERR_FUNCTION_FAILED);
-+ return CKR_FUNCTION_FAILED;
-+ }
-+
- // Initialize the crypto contexte
-- ubsec_crypto_init(key_value, ZERO_KEY, ZERO_KEY,
-+ ubsec_crypto_init(attr->pValue, ZERO_KEY, ZERO_KEY,
- ZERO_KEY, UBSEC_DES, 0, &ctx);
-
- // the des decrypt will only fail if the data _length is not evenly divisible
-@@ -213,16 +219,23 @@ token_specific_des_cbc(CK_BYTE * in_data
- CK_ULONG in_data__len,
- CK_BYTE *out_data,
- CK_ULONG *out_data__len,
-- CK_BYTE *key_value,
-+ OBJECT *key,
- CK_BYTE *init_v,
- CK_BYTE encrypt)
- {
- CK_ULONG rc;
-+ CK_ATTRIBUTE *attr = NULL;
- int ret;
- ubsec_crypto_context_t ctx;
-
-+ // get the key value
-+ if (template_attribute_find(key->template, CKA_VALUE, &attr) == FALSE) {
-+ OCK_LOG_ERR(ERR_FUNCTION_FAILED);
-+ return CKR_FUNCTION_FAILED;
-+ }
-+
- // Initialize the crypto contexte
-- ubsec_crypto_init(key_value, ZERO_KEY, ZERO_KEY,
-+ ubsec_crypto_init(attr->pValue, ZERO_KEY, ZERO_KEY,
- ZERO_KEY, UBSEC_DES, 0, &ctx);
-
- // the des decrypt will only fail if the data _length is not evenly divisible
-@@ -255,16 +268,38 @@ token_specific_tdes_ecb(CK_BYTE * in_dat
- CK_ULONG in_data__len,
- CK_BYTE *out_data,
- CK_ULONG *out_data__len,
-- CK_BYTE *key_value,
-+ OBJECT *key,
- CK_BYTE encrypt)
- {
- CK_ULONG rc;
-+ CK_ATTRIBUTE *attr = NULL;
-+ CK_KEY_TYPE keytype;
-+ CK_BYTE key_value[3*DES_KEY_SIZE];
- unsigned char in_block_data[8];
- unsigned char out_block_data[8];
- int i,j;
- int ret;
- ubsec_crypto_context_t ctx;
-
-+ // get the key type
-+ rc = template_attribute_find(key->template, CKA_KEY_TYPE, &attr);
-+ if (rc == FALSE) {
-+ OCK_LOG_ERR(ERR_FUNCTION_FAILED);
-+ return CKR_FUNCTION_FAILED;
-+ }
-+ keytype = *(CK_KEY_TYPE *)attr->pValue;
-+
-+ // get the key value
-+ if (template_attribute_find(key->template, CKA_VALUE, &attr) == FALSE) {
-+ OCK_LOG_ERR(ERR_FUNCTION_FAILED);
-+ return CKR_FUNCTION_FAILED;
-+ }
-+ if (keytype == CKK_DES2) {
-+ memcpy(key_value, attr->pValue, 2*DES_KEY_SIZE);
-+ memcpy(key_value + (2*DES_KEY_SIZE), attr->pValue, DES_KEY_SIZE);
-+ } else
-+ memcpy(key_value, attr->pValue, 3*DES_KEY_SIZE);
-+
- // Initialize the crypto contexte
- // the triple DES key is in the 24-byte array key_value
- ubsec_crypto_init(key_value, key_value+8, key_value+16,
-@@ -318,14 +353,36 @@ token_specific_tdes_cbc(CK_BYTE * in_dat
- CK_ULONG in_data__len,
- CK_BYTE *out_data,
- CK_ULONG *out_data__len,
-- CK_BYTE *key_value,
-+ OBJECT *key,
- CK_BYTE *init_v,
- CK_BYTE encrypt)
- {
- CK_ULONG rc;
-+ CK_ATTRIBUTE *attr = NULL;
-+ CK_KEY_TYPE keytype;
-+ CK_BYTE key_value[3*DES_KEY_SIZE];
- int ret;
- ubsec_crypto_context_t ctx;
-
-+ // get the key type
-+ rc = template_attribute_find(key->template, CKA_KEY_TYPE, &attr);
-+ if (rc == FALSE) {
-+ OCK_LOG_ERR(ERR_FUNCTION_FAILED);
-+ return CKR_FUNCTION_FAILED;
-+ }
-+ keytype = *(CK_KEY_TYPE *)attr->pValue;
-+
-+ // get the key value
-+ if (template_attribute_find(key->template, CKA_VALUE, &attr) == FALSE) {
-+ OCK_LOG_ERR(ERR_FUNCTION_FAILED);
-+ return CKR_FUNCTION_FAILED;
-+ }
-+ if (keytype == CKK_DES2) {
-+ memcpy(key_value, attr->pValue, 2*DES_KEY_SIZE);
-+ memcpy(key_value + (2*DES_KEY_SIZE), attr->pValue, DES_KEY_SIZE);
-+ } else
-+ memcpy(key_value, attr->pValue, 3*DES_KEY_SIZE);
-+
- // Initialize the crypto contexte
- // Triple DES key is in the 24-byte array key_value
- ubsec_crypto_init(key_value, key_value+8, key_value+16,
-@@ -947,6 +1004,7 @@ CK_RV
- token_specific_rsa_encrypt( CK_BYTE *in_data,
- CK_ULONG in_data_len,
- CK_BYTE *out_data,
-+ CK_ULONG * out_data_len,
- OBJECT *key_obj )
- {
- CK_RV rc;
-@@ -954,6 +1012,11 @@ token_specific_rsa_encrypt( CK_BYTE *i
- int out_len_bits;
- CK_BYTE *tcipher, *tclear;
-
-+ if (in_data_len > *out_data_len) {
-+ OCK_LOG_DEBUG("CKR_DATA_LEN_RANGE\n");
-+ return CKR_DATA_LEN_RANGE;
-+ }
-+
- rc = bcom_rsa_pub_from_object(key_obj, &pubKey);
- if ( rc != 0) {
- rc = CKR_FUNCTION_FAILED;
-@@ -1017,6 +1080,7 @@ token_specific_rsa_encrypt( CK_BYTE *i
- /* swapp to get back PKCS11 representation */
- swapper(tcipher, out_data, in_data_len);
-
-+ *out_data_len = in_data_len;
- rc = CKR_OK;
- done:
-
-@@ -1038,6 +1102,7 @@ CK_RV
- token_specific_rsa_decrypt( CK_BYTE * in_data,
- CK_ULONG in_data_len,
- CK_BYTE * out_data,
-+ CK_ULONG * out_data_len,
- OBJECT * key_obj )
- {
- CK_RV rc;
-@@ -1046,6 +1111,11 @@ token_specific_rsa_decrypt( CK_BYTE *
- BCOM_RSA_CRT_KEY_t *privKey;
- int out_len;
-
-+ if (*out_data_len < in_data_len) {
-+ OCK_LOG_ERR(ERR_BUFFER_TOO_SMALL);
-+ return CKR_BUFFER_TOO_SMALL;
-+ }
-+
- rc = bcom_rsa_crt_key_from_object(key_obj, &privKey);
- if (rc != 0) {
- rc = CKR_FUNCTION_FAILED;
-@@ -1114,6 +1184,7 @@ token_specific_rsa_decrypt( CK_BYTE *
- swapper(tclear, out_data,in_data_len);
-
-
-+ *out_data_len = in_data_len;
- rc = CKR_OK;
-
- done:
-@@ -1154,7 +1225,7 @@ PrintNumber(FILE *ofptr, void *num, unsi
-
- #ifndef NOAES
- CK_RV
--token_specific_aes_key_gen( CK_BYTE *key, CK_ULONG len )
-+token_specific_aes_key_gen( CK_BYTE *key, CK_ULONG len, CK_ULONG keysize )
- {
- return rng_generate(key, len);
- }
-@@ -1164,22 +1235,28 @@ token_specific_aes_ecb( CK_BYTE
- CK_ULONG in_data_len,
- CK_BYTE *out_data,
- CK_ULONG *out_data_len,
-- CK_BYTE *key_value,
-- CK_ULONG key_len,
-+ OBJECT *key,
- CK_BYTE encrypt)
- {
-+ CK_ATTRIBUTE *attr = NULL;
- AES_KEY ssl_aes_key;
- int i;
- /* There's a previous check that in_data_len % AES_BLOCK_SIZE == 0,
- * so this is fine */
- CK_ULONG loops = (CK_ULONG)(in_data_len/AES_BLOCK_SIZE);
-
-+ // get the key value
-+ if (template_attribute_find(key->template, CKA_VALUE, &attr) == FALSE) {
-+ OCK_LOG_ERR(ERR_FUNCTION_FAILED);
-+ return CKR_FUNCTION_FAILED;
-+ }
-+
- memset( &ssl_aes_key, 0, sizeof(AES_KEY));
-
- // AES_ecb_encrypt encrypts only a single block, so we have to break up the
- // input data here
- if (encrypt) {
-- AES_set_encrypt_key((unsigned char *)key_value, (key_len*8), &ssl_aes_key);
-+ AES_set_encrypt_key((unsigned char *)attr->pValue, (attr->ulValueLen*8), &ssl_aes_key);
- for( i=0; i<loops; i++ ) {
- AES_ecb_encrypt((unsigned char *)in_data + (i*AES_BLOCK_SIZE),
- (unsigned char *)out_data + (i*AES_BLOCK_SIZE),
-@@ -1187,7 +1264,7 @@ token_specific_aes_ecb( CK_BYTE
- AES_ENCRYPT);
- }
- } else {
-- AES_set_decrypt_key((unsigned char *)key_value, (key_len*8), &ssl_aes_key);
-+ AES_set_decrypt_key((unsigned char *)attr->pValue, (attr->ulValueLen*8), &ssl_aes_key);
- for( i=0; i<loops; i++ ) {
- AES_ecb_encrypt((unsigned char *)in_data + (i*AES_BLOCK_SIZE),
- (unsigned char *)out_data + (i*AES_BLOCK_SIZE),
-@@ -1204,25 +1281,31 @@ token_specific_aes_cbc( CK_BYTE
- CK_ULONG in_data_len,
- CK_BYTE *out_data,
- CK_ULONG *out_data_len,
-- CK_BYTE *key_value,
-- CK_ULONG key_len,
-+ OBJECT *key,
- CK_BYTE *init_v,
- CK_BYTE encrypt)
- {
- AES_KEY ssl_aes_key;
-+ CK_ATTRIBUTE *attr = NULL;
- int i;
-
-+ // get the key value
-+ if(template_attribute_find(key->template, CKA_VALUE, &attr) == FALSE) {
-+ OCK_LOG_ERR(ERR_FUNCTION_FAILED);
-+ return CKR_FUNCTION_FAILED;
-+ }
-+
- memset( &ssl_aes_key, 0, sizeof(AES_KEY));
-
- // AES_cbc_encrypt chunks the data into AES_BLOCK_SIZE blocks, unlike
- // AES_ecb_encrypt, so no looping required.
- if (encrypt) {
-- AES_set_encrypt_key((unsigned char *)key_value, (key_len*8), &ssl_aes_key);
-+ AES_set_encrypt_key((unsigned char *)attr->pValue, (attr->ulValueLen*8), &ssl_aes_key);
- AES_cbc_encrypt((unsigned char *)in_data, (unsigned char *)out_data,
- in_data_len, &ssl_aes_key,
- init_v, AES_ENCRYPT);
- } else {
-- AES_set_decrypt_key((unsigned char *)key_value, (key_len*8), &ssl_aes_key);
-+ AES_set_decrypt_key((unsigned char *)attr->pValue, (attr->ulValueLen*8), &ssl_aes_key);
- AES_cbc_encrypt((unsigned char *)in_data, (unsigned char *)out_data,
- in_data_len, &ssl_aes_key,
- init_v, AES_DECRYPT);
---- opencryptoki/usr/lib/pkcs11/bcom_stdll/tok_struct.h.orig 2013-07-15 19:25:41.000000000 +0200
-+++ opencryptoki/usr/lib/pkcs11/bcom_stdll/tok_struct.h 2013-12-30 23:06:13.915376610 +0100
-@@ -310,27 +310,90 @@
- token_spec_t token_specific = {
- BCOM_CONFIG_PATH,
- "bcom",
-- "BC_STDLL_Debug",
-+ 0,
-+ {
-+ FALSE,
-+ FALSE,
-+ CKM_DES3_CBC,
-+ "12345678",
-+ NULL
-+ },
-+ NULL, /* creatlock */
-+ NULL, /* attach_shm */
- &token_specific_init,
-+ NULL, /* init_token_data */
-+ NULL, /* load_token_data */
-+ NULL, /* save_token_data */
- &tok_slot2local,
-- &token_rng,
-- &token_specific_session,
-+ &token_specific_rng,
-+ &token_specific_open_session,
-+ NULL, /* close_session */
- &token_specific_final,
-+ NULL, /* init_token */
-+ NULL, /* login */
-+ NULL, /* logout */
-+ NULL, /* init_pin */
-+ NULL, /* set_pin */
-+ NULL, /* copy object */
-+ NULL, /* create_object */
-+ NULL, /* get_attribute_value */
-+ NULL, /* set_attribute_value */
-+ NULL, /* find_objects_init */
-+ NULL, /* destroy_object */
-+ NULL, /* generate_key */
-+ NULL, /* generate_key_pair */
-+ NULL, /* encrypt_init */
-+ NULL, /* encrypt */
-+ NULL, /* encrypt_update */
-+ NULL, /* encrypt_final */
-+ NULL, /* decrypt_init */
-+ NULL, /* decrypt */
-+ NULL, /* decrypt_update */
-+ NULL, /* decrypt_final */
-+ NULL, /* derive_key */
-+ NULL, /* wrap_key */
-+ NULL, /* unwrap_key */
-+ NULL, /* sign_init */
-+ NULL, /* sign */
-+ NULL, /* sign_update */
-+ NULL, /* sign_final */
-+ NULL, /* verify_init */
-+ NULL, /* verify */
-+ NULL, /* verify_update */
-+ NULL, /* verify_final */
-+
- &token_specific_des_key_gen,
- &token_specific_des_ecb,
- &token_specific_des_cbc,
-
- &token_specific_tdes_ecb,
- &token_specific_tdes_cbc,
--
-+ NULL, /* tdes_ofb */
-+ NULL, /* tdes_cfb */
-+ NULL, /* tdes_mac */
-
- &token_specific_rsa_decrypt,
- &token_specific_rsa_encrypt,
-+ NULL, /* rsa_sign */
-+ NULL, /* rsa_verify */
-+ NULL, /* rsa_verify_recover */
-+ NULL, /* rsa_x509_decrypt */
-+ NULL, /* rsa_x509_encrypt */
-+ NULL, /* rsa_x509_sign */
-+ NULL, /* rsa_x509_verify */
-+ NULL, /* rsa_x509_verify_recover */
- &token_specific_rsa_generate_keypair,
--#ifndef NODH
-+
-+ NULL, /* ec_sign */
-+ NULL, /* ec_verify */
-+ NULL, /* ec_generate_keypair */
- // DH
-+#ifndef NODH
- &token_specific_dh_pkcs_derive,
- &token_specific_dh_pkcs_key_pair_gen,
-+#else
-+ NULL,
-+ NULL,
- #endif
- // SHA1
- NULL,
-@@ -348,15 +411,29 @@ token_spec_t token_specific = {
- NULL,
- NULL,
- NULL,
--#ifndef NOAES
- // AES
-+#ifndef NOAES
- &token_specific_aes_key_gen,
- &token_specific_aes_ecb,
- &token_specific_aes_cbc,
-+#else
-+ NULL,
-+ NULL,
- NULL,
- #endif
-+ NULL,
-+
-+ NULL, /* t_aes_ofb */
-+ NULL, /* t_aes_cfb */
-+ NULL, /* t_aes_mac */
-+
-+ NULL, /* dsa_generate_keypair */
-+ NULL, /* dsa_sign */
-+ NULL, /* dsa_verify */
-+
- &token_specific_get_mechanism_list,
-- &token_specific_get_mechanism_info
-+ &token_specific_get_mechanism_info,
-+ NULL /* object_add */
- };
-
- #endif