Related: #2015888, ICA/EP11: Support libica version 4

2022-03-16 13:54:28 +01:00 · 2022-03-16 13:54:28 +01:00 · 613713aa86
commit 613713aa86
parent e46fb1d66d
2 changed files with 93 additions and 1 deletions
--- a/opencryptoki-3.17-libica4-8e9800b492f7a40ed5dfcd85e042701b6a5c5a26.patch
+++ b/opencryptoki-3.17-libica4-8e9800b492f7a40ed5dfcd85e042701b6a5c5a26.patch
@ -0,0 +1,88 @@
+commit 8e9800b492f7a40ed5dfcd85e042701b6a5c5a26
+Author: Ingo Franzki <ifranzki@linux.ibm.com>
+Date:   Tue Dec 7 16:39:28 2021 +0100
+
+    ICA/EP11: Support libica version 4
+    
+    Try to load libica version 4 (libica.so.4), but fall back to version 3
+    (libica.so.3) if version 4 is not available.
+    
+    Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
+
+diff --git a/usr/lib/ep11_stdll/ep11_specific.c b/usr/lib/ep11_stdll/ep11_specific.c
+index 4029e5a5..f223017d 100644
+--- a/usr/lib/ep11_stdll/ep11_specific.c
+++ b/usr/lib/ep11_stdll/ep11_specific.c
+@@ -68,7 +68,8 @@
+ #define EP11SHAREDLIB_V2 "libep11.so.2"
+ #define EP11SHAREDLIB_V1 "libep11.so.1"
+ #define EP11SHAREDLIB "libep11.so"
+-#define ICASHAREDLIB  "libica.so.3"
+#define ICASHAREDLIB_V4  "libica.so.4"
+#define ICASHAREDLIB_V3  "libica.so.3"
+ 
+ CK_RV ep11tok_get_mechanism_list(STDLL_TokData_t * tokdata,
+                                  CK_MECHANISM_TYPE_PTR mlist,
+@@ -2044,9 +2045,9 @@ static CK_RV make_wrapblob(STDLL_TokData_t * tokdata, CK_ATTRIBUTE * tmpl_in,
+ }
+ 
+ #ifdef EP11_HSMSIM
+-#define DLOPEN_FLAGS        RTLD_GLOBAL | RTLD_NOW | RTLD_DEEPBIND
+#define DLOPEN_FLAGS        RTLD_NOW | RTLD_DEEPBIND
+ #else
+-#define DLOPEN_FLAGS        RTLD_GLOBAL | RTLD_NOW
+#define DLOPEN_FLAGS        RTLD_NOW
+ #endif
+ 
+ static void *ep11_load_host_lib()
+@@ -2209,12 +2210,16 @@ static CK_RV ep11tok_load_libica(STDLL_TokData_t *tokdata)
+         return CKR_OK;
+ 
+     if (strcmp(ep11_data->digest_libica_path, "") == 0) {
+-        strcpy(ep11_data->digest_libica_path, ICASHAREDLIB);
+        strcpy(ep11_data->digest_libica_path, ICASHAREDLIB_V4);
+         default_libica = 1;
+        libica->library = dlopen(ep11_data->digest_libica_path, RTLD_NOW);
+        if (libica->library == NULL) {
+            strcpy(ep11_data->digest_libica_path, ICASHAREDLIB_V3);
+            libica->library = dlopen(ep11_data->digest_libica_path, RTLD_NOW);
+        }
+    } else {
+        libica->library = dlopen(ep11_data->digest_libica_path, RTLD_NOW);
+     }
+-
+-    libica->library = dlopen(ep11_data->digest_libica_path,
+-                             RTLD_GLOBAL | RTLD_NOW);
+     if (libica->library == NULL) {
+         errstr = dlerror();
+         OCK_SYSLOG(default_libica ? LOG_WARNING : LOG_ERR,
+diff --git a/usr/lib/ica_s390_stdll/ica_specific.c b/usr/lib/ica_s390_stdll/ica_specific.c
+index fd18de42..c4fa9654 100644
+--- a/usr/lib/ica_s390_stdll/ica_specific.c
+++ b/usr/lib/ica_s390_stdll/ica_specific.c
+@@ -83,7 +83,8 @@ const char label[] = "icatok";
+ 
+ static pthread_mutex_t rngmtx = PTHREAD_MUTEX_INITIALIZER;
+ 
+-#define LIBICA_SHARED_LIB "libica.so.3"
+#define LIBICA_SHARED_LIB_V3 "libica.so.3"
+#define LIBICA_SHARED_LIB_V4 "libica.so.4"
+ #define BIND(dso, sym)  do {                                             \
+                             if (p_##sym == NULL)                         \
+                                 *(void **)(&p_##sym) = dlsym(dso, #sym); \
+@@ -221,9 +222,13 @@ static CK_RV load_libica(void)
+     void *ibmca_dso = NULL;
+ 
+     /* Load libica */
+-    ibmca_dso = dlopen(LIBICA_SHARED_LIB, RTLD_NOW);
+    ibmca_dso = dlopen(LIBICA_SHARED_LIB_V4, RTLD_NOW);
+    if (ibmca_dso == NULL)
+        ibmca_dso = dlopen(LIBICA_SHARED_LIB_V3, RTLD_NOW);
+
+     if (ibmca_dso == NULL) {
+-        TRACE_ERROR("%s: dlopen(%s) failed\n", __func__, LIBICA_SHARED_LIB);
+        TRACE_ERROR("%s: dlopen(%s or %s) failed: %s\n", __func__,
+                    LIBICA_SHARED_LIB_V4, LIBICA_SHARED_LIB_V3, dlerror());
+         return CKR_FUNCTION_FAILED;
+     }
+ 
--- a/opencryptoki.spec
+++ b/opencryptoki.spec
@ -1,7 +1,7 @@
 Name:			opencryptoki
 Summary:		Implementation of the PKCS#11 (Cryptoki) specification v3.0
 Version:		3.17.0
-Release:		4%{?dist}
+Release:		5%{?dist}
 License:		CPL
 URL:			https://github.com/opencryptoki/opencryptoki
 Source0:		https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
@ -15,6 +15,7 @@ Patch2:			opencryptoki-3.17.0-p11sak.patch
 # PIDfile below legacy directory /var/run/
 Patch300: opencryptoki-pkcsslotd-pidfile.patch
 Patch301: opencryptoki-3.17.0-unlock-globmutex-if-user-and-group-check-fail.patch
+Patch302: opencryptoki-3.17-libica4-8e9800b492f7a40ed5dfcd85e042701b6a5c5a26.patch

 Requires(pre):		coreutils
 Requires: 		(selinux-policy >= 34.1.8-1 if selinux-policy-targeted)
@ -319,6 +320,9 @@ fi


 %changelog
+* Mon Mar 14 2022 Than Ngo <than@redhat.com> - 3.17.0-5
+- Related: #2015888, ICA/EP11: Support libica version 4
+
 * Mon Jan 17 2022 Than Ngo <than@redhat.com> - 3.17.0-4
 - Resolves: #2040678, API: Unlock GlobMutex if user and group check fails