Ubuntu
opencryptoki package

  1. Bug #1814521
  2. Comment #2

Comment 2 for bug 1814521

Revision history for this message
bugproxy (bugproxy) wrote : Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2019-02-04 05:31 EDT-------
Problem Description:

When the EP11 token of Opencryptoki is configured with STRICT_MODE or VHSM_MODE (or both) in config file /etc/opencryptoki/ep11tok.conf then C_Login may return CKR_DEVICE_ERROR.

---Steps to Reproduce---
Configure the EP11 token of Opencryptoki with keywords STRICT_MODE or VHSM_MODE (or both) in config file /etc/opencryptoki/ep11tok.conf

Then run 'pkcsep11_session show -slot 4' and enter the user pin.It fails with 'C_Login() rc = 0x30 [CKR_DEVICE_ERROR]'

The OCK trace shows lines like the following with corrupted APQNs:

11/23/2018 10:43:45 [ep11_specific.c:6208 ep11tok] INFO: ep11tok_login_session session=1
11/23/2018 10:43:45 [ep11_specific.c:6074 ep11tok] INFO: Logging in adapter 2B8E.FFFF8EE0
11/23/2018 10:43:45 [ep11_specific.c:6127 ep11tok] ERROR: ep11_login_handler dll_m_Login failed: 0x6
11/23/2018 10:43:45 [ep11_specific.c:6074 ep11tok] INFO: Logging in adapter 00.0000
11/23/2018 10:43:45 [ep11_specific.c:6127 ep11tok] ERROR: ep11_login_handler dll_m_Login failed: 0x6
11/23/2018 10:43:45 [ep11_specific.c:6074 ep11tok] INFO: Logging in adapter 00.0000

Userspace tool common name: Opencryptoki

Problem exit only for version 3.10 and 3.11.

For Version 3.11 following upstream commit can be applied seamlessly.
Upstream commit that fixes this problem:
https://github.com/opencryptoki/opencryptoki/commit/1dae7c15e7bc3bb5b5aad72b851e0b9cd328bb0b

For version 3.10 , patch attached.

Mean, need to be integrated into 18.10 and 19.04