import opencryptoki-3.17.0-5.el9_0
This commit is contained in:
parent
8f3363dec6
commit
749a27997c
@ -0,0 +1,88 @@
|
|||||||
|
commit 8e9800b492f7a40ed5dfcd85e042701b6a5c5a26
|
||||||
|
Author: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||||
|
Date: Tue Dec 7 16:39:28 2021 +0100
|
||||||
|
|
||||||
|
ICA/EP11: Support libica version 4
|
||||||
|
|
||||||
|
Try to load libica version 4 (libica.so.4), but fall back to version 3
|
||||||
|
(libica.so.3) if version 4 is not available.
|
||||||
|
|
||||||
|
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||||
|
|
||||||
|
diff --git a/usr/lib/ep11_stdll/ep11_specific.c b/usr/lib/ep11_stdll/ep11_specific.c
|
||||||
|
index 4029e5a5..f223017d 100644
|
||||||
|
--- a/usr/lib/ep11_stdll/ep11_specific.c
|
||||||
|
+++ b/usr/lib/ep11_stdll/ep11_specific.c
|
||||||
|
@@ -68,7 +68,8 @@
|
||||||
|
#define EP11SHAREDLIB_V2 "libep11.so.2"
|
||||||
|
#define EP11SHAREDLIB_V1 "libep11.so.1"
|
||||||
|
#define EP11SHAREDLIB "libep11.so"
|
||||||
|
-#define ICASHAREDLIB "libica.so.3"
|
||||||
|
+#define ICASHAREDLIB_V4 "libica.so.4"
|
||||||
|
+#define ICASHAREDLIB_V3 "libica.so.3"
|
||||||
|
|
||||||
|
CK_RV ep11tok_get_mechanism_list(STDLL_TokData_t * tokdata,
|
||||||
|
CK_MECHANISM_TYPE_PTR mlist,
|
||||||
|
@@ -2044,9 +2045,9 @@ static CK_RV make_wrapblob(STDLL_TokData_t * tokdata, CK_ATTRIBUTE * tmpl_in,
|
||||||
|
}
|
||||||
|
|
||||||
|
#ifdef EP11_HSMSIM
|
||||||
|
-#define DLOPEN_FLAGS RTLD_GLOBAL | RTLD_NOW | RTLD_DEEPBIND
|
||||||
|
+#define DLOPEN_FLAGS RTLD_NOW | RTLD_DEEPBIND
|
||||||
|
#else
|
||||||
|
-#define DLOPEN_FLAGS RTLD_GLOBAL | RTLD_NOW
|
||||||
|
+#define DLOPEN_FLAGS RTLD_NOW
|
||||||
|
#endif
|
||||||
|
|
||||||
|
static void *ep11_load_host_lib()
|
||||||
|
@@ -2209,12 +2210,16 @@ static CK_RV ep11tok_load_libica(STDLL_TokData_t *tokdata)
|
||||||
|
return CKR_OK;
|
||||||
|
|
||||||
|
if (strcmp(ep11_data->digest_libica_path, "") == 0) {
|
||||||
|
- strcpy(ep11_data->digest_libica_path, ICASHAREDLIB);
|
||||||
|
+ strcpy(ep11_data->digest_libica_path, ICASHAREDLIB_V4);
|
||||||
|
default_libica = 1;
|
||||||
|
+ libica->library = dlopen(ep11_data->digest_libica_path, RTLD_NOW);
|
||||||
|
+ if (libica->library == NULL) {
|
||||||
|
+ strcpy(ep11_data->digest_libica_path, ICASHAREDLIB_V3);
|
||||||
|
+ libica->library = dlopen(ep11_data->digest_libica_path, RTLD_NOW);
|
||||||
|
+ }
|
||||||
|
+ } else {
|
||||||
|
+ libica->library = dlopen(ep11_data->digest_libica_path, RTLD_NOW);
|
||||||
|
}
|
||||||
|
-
|
||||||
|
- libica->library = dlopen(ep11_data->digest_libica_path,
|
||||||
|
- RTLD_GLOBAL | RTLD_NOW);
|
||||||
|
if (libica->library == NULL) {
|
||||||
|
errstr = dlerror();
|
||||||
|
OCK_SYSLOG(default_libica ? LOG_WARNING : LOG_ERR,
|
||||||
|
diff --git a/usr/lib/ica_s390_stdll/ica_specific.c b/usr/lib/ica_s390_stdll/ica_specific.c
|
||||||
|
index fd18de42..c4fa9654 100644
|
||||||
|
--- a/usr/lib/ica_s390_stdll/ica_specific.c
|
||||||
|
+++ b/usr/lib/ica_s390_stdll/ica_specific.c
|
||||||
|
@@ -83,7 +83,8 @@ const char label[] = "icatok";
|
||||||
|
|
||||||
|
static pthread_mutex_t rngmtx = PTHREAD_MUTEX_INITIALIZER;
|
||||||
|
|
||||||
|
-#define LIBICA_SHARED_LIB "libica.so.3"
|
||||||
|
+#define LIBICA_SHARED_LIB_V3 "libica.so.3"
|
||||||
|
+#define LIBICA_SHARED_LIB_V4 "libica.so.4"
|
||||||
|
#define BIND(dso, sym) do { \
|
||||||
|
if (p_##sym == NULL) \
|
||||||
|
*(void **)(&p_##sym) = dlsym(dso, #sym); \
|
||||||
|
@@ -221,9 +222,13 @@ static CK_RV load_libica(void)
|
||||||
|
void *ibmca_dso = NULL;
|
||||||
|
|
||||||
|
/* Load libica */
|
||||||
|
- ibmca_dso = dlopen(LIBICA_SHARED_LIB, RTLD_NOW);
|
||||||
|
+ ibmca_dso = dlopen(LIBICA_SHARED_LIB_V4, RTLD_NOW);
|
||||||
|
+ if (ibmca_dso == NULL)
|
||||||
|
+ ibmca_dso = dlopen(LIBICA_SHARED_LIB_V3, RTLD_NOW);
|
||||||
|
+
|
||||||
|
if (ibmca_dso == NULL) {
|
||||||
|
- TRACE_ERROR("%s: dlopen(%s) failed\n", __func__, LIBICA_SHARED_LIB);
|
||||||
|
+ TRACE_ERROR("%s: dlopen(%s or %s) failed: %s\n", __func__,
|
||||||
|
+ LIBICA_SHARED_LIB_V4, LIBICA_SHARED_LIB_V3, dlerror());
|
||||||
|
return CKR_FUNCTION_FAILED;
|
||||||
|
}
|
||||||
|
|
@ -1,7 +1,7 @@
|
|||||||
Name: opencryptoki
|
Name: opencryptoki
|
||||||
Summary: Implementation of the PKCS#11 (Cryptoki) specification v3.0
|
Summary: Implementation of the PKCS#11 (Cryptoki) specification v3.0
|
||||||
Version: 3.17.0
|
Version: 3.17.0
|
||||||
Release: 4%{?dist}
|
Release: 5%{?dist}
|
||||||
License: CPL
|
License: CPL
|
||||||
URL: https://github.com/opencryptoki/opencryptoki
|
URL: https://github.com/opencryptoki/opencryptoki
|
||||||
Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
|
Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
|
||||||
@ -15,6 +15,7 @@ Patch2: opencryptoki-3.17.0-p11sak.patch
|
|||||||
# PIDfile below legacy directory /var/run/
|
# PIDfile below legacy directory /var/run/
|
||||||
Patch300: opencryptoki-pkcsslotd-pidfile.patch
|
Patch300: opencryptoki-pkcsslotd-pidfile.patch
|
||||||
Patch301: opencryptoki-3.17.0-unlock-globmutex-if-user-and-group-check-fail.patch
|
Patch301: opencryptoki-3.17.0-unlock-globmutex-if-user-and-group-check-fail.patch
|
||||||
|
Patch302: opencryptoki-3.17-libica4-8e9800b492f7a40ed5dfcd85e042701b6a5c5a26.patch
|
||||||
|
|
||||||
Requires(pre): coreutils
|
Requires(pre): coreutils
|
||||||
Requires: (selinux-policy >= 34.1.8-1 if selinux-policy-targeted)
|
Requires: (selinux-policy >= 34.1.8-1 if selinux-policy-targeted)
|
||||||
@ -319,6 +320,9 @@ fi
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Mar 14 2022 Than Ngo <than@redhat.com> - 3.17.0-5
|
||||||
|
- Related: #2015888, ICA/EP11: Support libica version 4
|
||||||
|
|
||||||
* Mon Jan 17 2022 Than Ngo <than@redhat.com> - 3.17.0-4
|
* Mon Jan 17 2022 Than Ngo <than@redhat.com> - 3.17.0-4
|
||||||
- Resolves: #2040678, API: Unlock GlobMutex if user and group check fails
|
- Resolves: #2040678, API: Unlock GlobMutex if user and group check fails
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user