import opencryptoki-3.17.0-5.el9_0

This commit is contained in:
CentOS Sources 2022-04-05 07:07:49 -04:00 committed by Stepan Oksanichenko
parent 8f3363dec6
commit 749a27997c
2 changed files with 93 additions and 1 deletions

View File

@ -0,0 +1,88 @@
commit 8e9800b492f7a40ed5dfcd85e042701b6a5c5a26
Author: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Tue Dec 7 16:39:28 2021 +0100
ICA/EP11: Support libica version 4
Try to load libica version 4 (libica.so.4), but fall back to version 3
(libica.so.3) if version 4 is not available.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
diff --git a/usr/lib/ep11_stdll/ep11_specific.c b/usr/lib/ep11_stdll/ep11_specific.c
index 4029e5a5..f223017d 100644
--- a/usr/lib/ep11_stdll/ep11_specific.c
+++ b/usr/lib/ep11_stdll/ep11_specific.c
@@ -68,7 +68,8 @@
#define EP11SHAREDLIB_V2 "libep11.so.2"
#define EP11SHAREDLIB_V1 "libep11.so.1"
#define EP11SHAREDLIB "libep11.so"
-#define ICASHAREDLIB "libica.so.3"
+#define ICASHAREDLIB_V4 "libica.so.4"
+#define ICASHAREDLIB_V3 "libica.so.3"
CK_RV ep11tok_get_mechanism_list(STDLL_TokData_t * tokdata,
CK_MECHANISM_TYPE_PTR mlist,
@@ -2044,9 +2045,9 @@ static CK_RV make_wrapblob(STDLL_TokData_t * tokdata, CK_ATTRIBUTE * tmpl_in,
}
#ifdef EP11_HSMSIM
-#define DLOPEN_FLAGS RTLD_GLOBAL | RTLD_NOW | RTLD_DEEPBIND
+#define DLOPEN_FLAGS RTLD_NOW | RTLD_DEEPBIND
#else
-#define DLOPEN_FLAGS RTLD_GLOBAL | RTLD_NOW
+#define DLOPEN_FLAGS RTLD_NOW
#endif
static void *ep11_load_host_lib()
@@ -2209,12 +2210,16 @@ static CK_RV ep11tok_load_libica(STDLL_TokData_t *tokdata)
return CKR_OK;
if (strcmp(ep11_data->digest_libica_path, "") == 0) {
- strcpy(ep11_data->digest_libica_path, ICASHAREDLIB);
+ strcpy(ep11_data->digest_libica_path, ICASHAREDLIB_V4);
default_libica = 1;
+ libica->library = dlopen(ep11_data->digest_libica_path, RTLD_NOW);
+ if (libica->library == NULL) {
+ strcpy(ep11_data->digest_libica_path, ICASHAREDLIB_V3);
+ libica->library = dlopen(ep11_data->digest_libica_path, RTLD_NOW);
+ }
+ } else {
+ libica->library = dlopen(ep11_data->digest_libica_path, RTLD_NOW);
}
-
- libica->library = dlopen(ep11_data->digest_libica_path,
- RTLD_GLOBAL | RTLD_NOW);
if (libica->library == NULL) {
errstr = dlerror();
OCK_SYSLOG(default_libica ? LOG_WARNING : LOG_ERR,
diff --git a/usr/lib/ica_s390_stdll/ica_specific.c b/usr/lib/ica_s390_stdll/ica_specific.c
index fd18de42..c4fa9654 100644
--- a/usr/lib/ica_s390_stdll/ica_specific.c
+++ b/usr/lib/ica_s390_stdll/ica_specific.c
@@ -83,7 +83,8 @@ const char label[] = "icatok";
static pthread_mutex_t rngmtx = PTHREAD_MUTEX_INITIALIZER;
-#define LIBICA_SHARED_LIB "libica.so.3"
+#define LIBICA_SHARED_LIB_V3 "libica.so.3"
+#define LIBICA_SHARED_LIB_V4 "libica.so.4"
#define BIND(dso, sym) do { \
if (p_##sym == NULL) \
*(void **)(&p_##sym) = dlsym(dso, #sym); \
@@ -221,9 +222,13 @@ static CK_RV load_libica(void)
void *ibmca_dso = NULL;
/* Load libica */
- ibmca_dso = dlopen(LIBICA_SHARED_LIB, RTLD_NOW);
+ ibmca_dso = dlopen(LIBICA_SHARED_LIB_V4, RTLD_NOW);
+ if (ibmca_dso == NULL)
+ ibmca_dso = dlopen(LIBICA_SHARED_LIB_V3, RTLD_NOW);
+
if (ibmca_dso == NULL) {
- TRACE_ERROR("%s: dlopen(%s) failed\n", __func__, LIBICA_SHARED_LIB);
+ TRACE_ERROR("%s: dlopen(%s or %s) failed: %s\n", __func__,
+ LIBICA_SHARED_LIB_V4, LIBICA_SHARED_LIB_V3, dlerror());
return CKR_FUNCTION_FAILED;
}

View File

@ -1,7 +1,7 @@
Name: opencryptoki Name: opencryptoki
Summary: Implementation of the PKCS#11 (Cryptoki) specification v3.0 Summary: Implementation of the PKCS#11 (Cryptoki) specification v3.0
Version: 3.17.0 Version: 3.17.0
Release: 4%{?dist} Release: 5%{?dist}
License: CPL License: CPL
URL: https://github.com/opencryptoki/opencryptoki URL: https://github.com/opencryptoki/opencryptoki
Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
@ -15,6 +15,7 @@ Patch2: opencryptoki-3.17.0-p11sak.patch
# PIDfile below legacy directory /var/run/ # PIDfile below legacy directory /var/run/
Patch300: opencryptoki-pkcsslotd-pidfile.patch Patch300: opencryptoki-pkcsslotd-pidfile.patch
Patch301: opencryptoki-3.17.0-unlock-globmutex-if-user-and-group-check-fail.patch Patch301: opencryptoki-3.17.0-unlock-globmutex-if-user-and-group-check-fail.patch
Patch302: opencryptoki-3.17-libica4-8e9800b492f7a40ed5dfcd85e042701b6a5c5a26.patch
Requires(pre): coreutils Requires(pre): coreutils
Requires: (selinux-policy >= 34.1.8-1 if selinux-policy-targeted) Requires: (selinux-policy >= 34.1.8-1 if selinux-policy-targeted)
@ -319,6 +320,9 @@ fi
%changelog %changelog
* Mon Mar 14 2022 Than Ngo <than@redhat.com> - 3.17.0-5
- Related: #2015888, ICA/EP11: Support libica version 4
* Mon Jan 17 2022 Than Ngo <than@redhat.com> - 3.17.0-4 * Mon Jan 17 2022 Than Ngo <than@redhat.com> - 3.17.0-4
- Resolves: #2040678, API: Unlock GlobMutex if user and group check fails - Resolves: #2040678, API: Unlock GlobMutex if user and group check fails