------- Comment From <email address hidden> 2019-02-04 05:31 EDT-------
Problem Description:
When the EP11 token of Opencryptoki is configured with STRICT_MODE or VHSM_MODE (or both) in config file /etc/opencryptoki/ep11tok.conf then C_Login may return CKR_DEVICE_ERROR.
---Steps to Reproduce---
Configure the EP11 token of Opencryptoki with keywords STRICT_MODE or VHSM_MODE (or both) in config file /etc/opencryptoki/ep11tok.conf
Then run 'pkcsep11_session show -slot 4' and enter the user pin.It fails with 'C_Login() rc = 0x30 [CKR_DEVICE_ERROR]'
The OCK trace shows lines like the following with corrupted APQNs:
------- Comment From <email address hidden> 2019-02-04 05:31 EDT-------
Problem Description:
When the EP11 token of Opencryptoki is configured with STRICT_MODE or VHSM_MODE (or both) in config file /etc/opencrypto ki/ep11tok. conf then C_Login may return CKR_DEVICE_ERROR.
---Steps to Reproduce--- ki/ep11tok. conf
Configure the EP11 token of Opencryptoki with keywords STRICT_MODE or VHSM_MODE (or both) in config file /etc/opencrypto
Then run 'pkcsep11_session show -slot 4' and enter the user pin.It fails with 'C_Login() rc = 0x30 [CKR_DEVICE_ERROR]'
The OCK trace shows lines like the following with corrupted APQNs:
11/23/2018 10:43:45 [ep11_specific. c:6208 ep11tok] INFO: ep11tok_ login_session session=1 c:6074 ep11tok] INFO: Logging in adapter 2B8E.FFFF8EE0 c:6127 ep11tok] ERROR: ep11_login_handler dll_m_Login failed: 0x6 c:6074 ep11tok] INFO: Logging in adapter 00.0000 c:6127 ep11tok] ERROR: ep11_login_handler dll_m_Login failed: 0x6 c:6074 ep11tok] INFO: Logging in adapter 00.0000
11/23/2018 10:43:45 [ep11_specific.
11/23/2018 10:43:45 [ep11_specific.
11/23/2018 10:43:45 [ep11_specific.
11/23/2018 10:43:45 [ep11_specific.
11/23/2018 10:43:45 [ep11_specific.
Userspace tool common name: Opencryptoki
Problem exit only for version 3.10 and 3.11.
For Version 3.11 following upstream commit can be applied seamlessly. /github. com/opencryptok i/opencryptoki/ commit/ 1dae7c15e7bc3bb 5b5aad72b851e0b 9cd328bb0b
Upstream commit that fixes this problem:
https:/
For version 3.10 , patch attached.
Mean, need to be integrated into 18.10 and 19.04