diff --git a/.gitignore b/.gitignore index 786e3c3..2487ebb 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,4 @@ opencryptoki-2.3.1.tar.gz /opencryptoki-v3.1.tgz /opencryptoki-v3.2.tgz /opencryptoki-v3.3.tgz +/opencryptoki-v3.4.tgz diff --git a/opencryptoki-3.2-missing-sources-and-libraries.patch b/opencryptoki-3.2-missing-sources-and-libraries.patch deleted file mode 100644 index ec762f5..0000000 --- a/opencryptoki-3.2-missing-sources-and-libraries.patch +++ /dev/null @@ -1,390 +0,0 @@ -diff -up opencryptoki/configure.in.source opencryptoki/configure.in ---- opencryptoki/configure.in.source 2015-07-15 17:19:40.000000000 +0200 -+++ opencryptoki/configure.in 2015-08-27 13:46:22.554043041 +0200 -@@ -4,7 +4,7 @@ AC_INIT([openCryptoki],[3.3],[opencrypto - dnl Needed for $target! - AC_CANONICAL_SYSTEM - --AM_INIT_AUTOMAKE([foreign 1.6]) -+AM_INIT_AUTOMAKE([foreign 1.6 subdir-objects]) - - dnl Checks for header files. - AC_DISABLE_STATIC -diff -up opencryptoki/usr/lib/pkcs11/cca_stdll/cca_specific.c.source opencryptoki/usr/lib/pkcs11/cca_stdll/cca_specific.c ---- opencryptoki/usr/lib/pkcs11/cca_stdll/cca_specific.c.source 2015-07-15 17:19:40.000000000 +0200 -+++ opencryptoki/usr/lib/pkcs11/cca_stdll/cca_specific.c 2015-08-27 13:46:22.554043041 +0200 -@@ -2336,40 +2336,3 @@ token_specific_object_add(OBJECT *object - - return CKR_OK; - } -- --CK_RV --get_ecsiglen(OBJECT *key_obj, CK_ULONG *size) --{ -- CK_BBOOL flag; -- CK_ATTRIBUTE *attr = NULL; -- int i; -- -- flag = template_attribute_find( key_obj->template, -- CKA_ECDSA_PARAMS, &attr ); -- if (flag == FALSE) { -- TRACE_ERROR("Could not find CKA_ECDSA_PARAMS for the key.\n"); -- return CKR_FUNCTION_FAILED; -- } -- -- /* loop thru supported curves to find the size. -- * both pkcs#11v2.20 and CCA expect the signature length to be -- * twice the length of p. -- * (See EC Signatures in pkcs#11v2.20 and docs for CSNDDSG.) -- */ -- for (i = 0; i < NUMEC; i++) { -- if ((memcmp(attr->pValue, der_ec_supported[i].data, -- attr->ulValueLen) == 0)) { -- *size = der_ec_supported[i].len_bits; -- /* round up if necessary */ -- if ((*size % 8) == 0) -- *size = (*size / 8) * 2; -- else -- *size = ((*size / 8) + 1) * 2; -- TRACE_DEVEL("getlen, curve = %d, size = %d\n", der_ec_supported[i].len_bits, *size); -- return CKR_OK; -- } -- } -- -- TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID)); -- return CKR_MECHANISM_PARAM_INVALID; --} -diff -up opencryptoki/usr/lib/pkcs11/common/btree.c.source opencryptoki/usr/lib/pkcs11/common/btree.c ---- opencryptoki/usr/lib/pkcs11/common/btree.c.source 2015-07-15 17:19:40.000000000 +0200 -+++ opencryptoki/usr/lib/pkcs11/common/btree.c 2015-08-27 13:46:22.554043041 +0200 -@@ -231,7 +231,7 @@ bt_node_free(struct btree *t, unsigned l - * - * return 0 if binary tree has at least 1 node in use, !0 otherwise - */ --inline int -+extern inline int - bt_is_empty(struct btree *t) - { - return (t->free_nodes == t->size); -diff -up opencryptoki/usr/lib/pkcs11/common/ec_defs.h.source opencryptoki/usr/lib/pkcs11/common/ec_defs.h ---- opencryptoki/usr/lib/pkcs11/common/ec_defs.h.source 2015-07-15 17:19:40.000000000 +0200 -+++ opencryptoki/usr/lib/pkcs11/common/ec_defs.h 2015-08-27 13:46:22.555043039 +0200 -@@ -30,18 +30,18 @@ - - /* Supported Elliptic Curves */ - #define NUMEC 12 /* number of supported curves */ --CK_BYTE brainpoolP160r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x01 }; --CK_BYTE brainpoolP192r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x03 }; --CK_BYTE brainpoolP224r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x05 }; --CK_BYTE brainpoolP256r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x07 }; --CK_BYTE brainpoolP320r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x09 }; --CK_BYTE brainpoolP384r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0B }; --CK_BYTE brainpoolP512r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0D }; --CK_BYTE prime192[] = { 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x01 }; --CK_BYTE secp224[] = { 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x21 }; --CK_BYTE prime256[] = { 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07 }; --CK_BYTE secp384[] = { 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22 }; --CK_BYTE secp521[] = { 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23 }; -+extern CK_BYTE brainpoolP160r1[]; -+extern CK_BYTE brainpoolP192r1[]; -+extern CK_BYTE brainpoolP224r1[]; -+extern CK_BYTE brainpoolP256r1[]; -+extern CK_BYTE brainpoolP320r1[]; -+extern CK_BYTE brainpoolP384r1[]; -+extern CK_BYTE brainpoolP512r1[]; -+extern CK_BYTE prime192[]; -+extern CK_BYTE secp224[]; -+extern CK_BYTE prime256[]; -+extern CK_BYTE secp384[]; -+extern CK_BYTE secp521[]; - - // structure of supported Elliptic Curves - -@@ -52,19 +52,5 @@ struct _ec { - CK_VOID_PTR data; - }__attribute__ ((__packed__)); - --struct _ec der_ec_supported[NUMEC] = { -- {BRAINPOOL_CURVE, CURVE160, sizeof(brainpoolP160r1), &brainpoolP160r1}, -- {BRAINPOOL_CURVE, CURVE192, sizeof(brainpoolP192r1), &brainpoolP192r1}, -- {BRAINPOOL_CURVE, CURVE224, sizeof(brainpoolP224r1), &brainpoolP224r1}, -- {BRAINPOOL_CURVE, CURVE256, sizeof(brainpoolP256r1), &brainpoolP256r1}, -- {BRAINPOOL_CURVE, CURVE320, sizeof(brainpoolP320r1), &brainpoolP320r1}, -- {BRAINPOOL_CURVE, CURVE384, sizeof(brainpoolP384r1), &brainpoolP384r1}, -- {BRAINPOOL_CURVE, CURVE512, sizeof(brainpoolP512r1), &brainpoolP512r1}, -- {PRIME_CURVE, CURVE192, sizeof(prime192), &prime192}, -- {PRIME_CURVE, CURVE224, sizeof(secp224), &secp224}, -- {PRIME_CURVE, CURVE256, sizeof(prime256), &prime256}, -- {PRIME_CURVE, CURVE384, sizeof(secp384), &secp384}, -- {PRIME_CURVE, CURVE521, sizeof(secp521), &secp521}, --}; -- -+extern struct _ec der_ec_supported[NUMEC]; - #endif -diff -up opencryptoki/usr/lib/pkcs11/common/mech_ec.c.source opencryptoki/usr/lib/pkcs11/common/mech_ec.c ---- opencryptoki/usr/lib/pkcs11/common/mech_ec.c.source 2015-07-15 17:19:40.000000000 +0200 -+++ opencryptoki/usr/lib/pkcs11/common/mech_ec.c 2015-08-27 13:47:18.703913315 +0200 -@@ -20,6 +20,36 @@ - #include "h_extern.h" - #include "tok_spec_struct.h" - #include "trace.h" -+#include -+#include "ec_defs.h" -+ -+CK_BYTE brainpoolP160r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x01 }; -+CK_BYTE brainpoolP192r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x03 }; -+CK_BYTE brainpoolP224r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x05 }; -+CK_BYTE brainpoolP256r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x07 }; -+CK_BYTE brainpoolP320r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x09 }; -+CK_BYTE brainpoolP384r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0B }; -+CK_BYTE brainpoolP512r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0D }; -+CK_BYTE prime192[] = { 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x01 }; -+CK_BYTE secp224[] = { 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x21 }; -+CK_BYTE prime256[] = { 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07 }; -+CK_BYTE secp384[] = { 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22 }; -+CK_BYTE secp521[] = { 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23 }; -+ -+struct _ec der_ec_supported[NUMEC] = { -+ {BRAINPOOL_CURVE, CURVE160, sizeof(brainpoolP160r1), &brainpoolP160r1}, -+ {BRAINPOOL_CURVE, CURVE192, sizeof(brainpoolP192r1), &brainpoolP192r1}, -+ {BRAINPOOL_CURVE, CURVE224, sizeof(brainpoolP224r1), &brainpoolP224r1}, -+ {BRAINPOOL_CURVE, CURVE256, sizeof(brainpoolP256r1), &brainpoolP256r1}, -+ {BRAINPOOL_CURVE, CURVE320, sizeof(brainpoolP320r1), &brainpoolP320r1}, -+ {BRAINPOOL_CURVE, CURVE384, sizeof(brainpoolP384r1), &brainpoolP384r1}, -+ {BRAINPOOL_CURVE, CURVE512, sizeof(brainpoolP512r1), &brainpoolP512r1}, -+ {PRIME_CURVE, CURVE192, sizeof(prime192), &prime192}, -+ {PRIME_CURVE, CURVE224, sizeof(secp224), &secp224}, -+ {PRIME_CURVE, CURVE256, sizeof(prime256), &prime256}, -+ {PRIME_CURVE, CURVE384, sizeof(secp384), &secp384}, -+ {PRIME_CURVE, CURVE521, sizeof(secp521), &secp521}, -+}; - - CK_RV - ckm_ec_key_pair_gen( TEMPLATE * publ_tmpl, -@@ -66,6 +96,43 @@ ckm_ec_sign( CK_BYTE *in_data, - } - - CK_RV -+get_ecsiglen(OBJECT *key_obj, CK_ULONG *size) -+{ -+ CK_BBOOL flag; -+ CK_ATTRIBUTE *attr = NULL; -+ int i; -+ -+ flag = template_attribute_find( key_obj->template, -+ CKA_ECDSA_PARAMS, &attr ); -+ if (flag == FALSE) { -+ TRACE_ERROR("Could not find CKA_ECDSA_PARAMS for the key.\n"); -+ return CKR_FUNCTION_FAILED; -+ } -+ -+ /* loop thru supported curves to find the size. -+ * both pkcs#11v2.20 and CCA expect the signature length to be -+ * twice the length of p. -+ * (See EC Signatures in pkcs#11v2.20 and docs for CSNDDSG.) -+ */ -+ for (i = 0; i < NUMEC; i++) { -+ if ((memcmp(attr->pValue, der_ec_supported[i].data, -+ attr->ulValueLen) == 0)) { -+ *size = der_ec_supported[i].len_bits; -+ /* round up if necessary */ -+ if ((*size % 8) == 0) -+ *size = (*size / 8) * 2; -+ else -+ *size = ((*size / 8) + 1) * 2; -+ TRACE_DEVEL("getlen, curve = %d, size = %d\n", der_ec_supported[i].len_bits, *size); -+ return CKR_OK; -+ } -+ } -+ -+ TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID)); -+ return CKR_MECHANISM_PARAM_INVALID; -+} -+ -+CK_RV - ec_sign( SESSION *sess, - CK_BBOOL length_only, - SIGN_VERIFY_CONTEXT *ctx, -diff -up opencryptoki/usr/lib/pkcs11/common/mech_rng.c.source opencryptoki/usr/lib/pkcs11/common/mech_rng.c ---- opencryptoki/usr/lib/pkcs11/common/mech_rng.c.source 2015-07-15 17:19:40.000000000 +0200 -+++ opencryptoki/usr/lib/pkcs11/common/mech_rng.c 2015-08-27 13:46:22.555043039 +0200 -@@ -301,6 +301,7 @@ - #include - #include - #include -+#include - - #include "pkcs11types.h" - #include "defs.h" -diff -up opencryptoki/usr/lib/pkcs11/ica_s390_stdll/Makefile.am.source opencryptoki/usr/lib/pkcs11/ica_s390_stdll/Makefile.am ---- opencryptoki/usr/lib/pkcs11/ica_s390_stdll/Makefile.am.source 2015-07-15 17:19:40.000000000 +0200 -+++ opencryptoki/usr/lib/pkcs11/ica_s390_stdll/Makefile.am 2015-08-27 13:46:22.555043039 +0200 -@@ -28,12 +28,14 @@ opencryptoki_stdll_libpkcs11_ica_la_SOUR - ../common/dig_mgr.c \ - ../common/encr_mgr.c \ - ../common/globals.c \ -+ ../common/sw_crypt.c \ - ../common/loadsave.c \ - ../common/key.c \ - ../common/key_mgr.c \ - ../common/mech_des.c \ - ../common/mech_des3.c \ - ../common/mech_aes.c \ -+ ../common/mech_ec.c \ - ../common/mech_md5.c \ - ../common/mech_md2.c \ - ../common/mech_rng.c \ -diff -up opencryptoki/usr/lib/pkcs11/icsf_stdll/icsf.c.source opencryptoki/usr/lib/pkcs11/icsf_stdll/icsf.c ---- opencryptoki/usr/lib/pkcs11/icsf_stdll/icsf.c.source 2015-07-15 17:19:40.000000000 +0200 -+++ opencryptoki/usr/lib/pkcs11/icsf_stdll/icsf.c 2015-08-27 13:46:22.556043037 +0200 -@@ -15,6 +15,7 @@ - #include - #include - #include "icsf.h" -+#include - - /* For logging functions: */ - #include "defs.h" -diff -up opencryptoki/usr/lib/pkcs11/icsf_stdll/Makefile.am.source opencryptoki/usr/lib/pkcs11/icsf_stdll/Makefile.am ---- opencryptoki/usr/lib/pkcs11/icsf_stdll/Makefile.am.source 2015-07-15 17:19:40.000000000 +0200 -+++ opencryptoki/usr/lib/pkcs11/icsf_stdll/Makefile.am 2015-08-27 13:46:22.556043037 +0200 -@@ -24,7 +24,8 @@ opencryptoki_stdll_libpkcs11_icsf_la_LDF - -lcrypto \ - -lldap \ - -lpthread \ -- -lrt -+ -lrt \ -+ -llber - - opencryptoki_stdll_libpkcs11_icsf_la_SOURCES = ../common/asn1.c \ - ../common/btree.c \ -@@ -40,6 +41,7 @@ opencryptoki_stdll_libpkcs11_icsf_la_SOU - ../common/dp_obj.c \ - ../common/mech_aes.c \ - ../common/mech_rsa.c \ -+ ../common/mech_ec.c \ - ../common/obj_mgr.c \ - ../common/template.c \ - ../common/p11util.c \ -@@ -51,6 +53,7 @@ opencryptoki_stdll_libpkcs11_icsf_la_SOU - ../common/object.c \ - ../common/decr_mgr.c \ - ../common/globals.c \ -+ ../common/sw_crypt.c \ - ../common/loadsave.c \ - ../common/utility.c \ - ../common/mech_des.c \ -diff -up opencryptoki/usr/lib/pkcs11/soft_stdll/Makefile.am.source opencryptoki/usr/lib/pkcs11/soft_stdll/Makefile.am ---- opencryptoki/usr/lib/pkcs11/soft_stdll/Makefile.am.source 2015-07-15 17:19:40.000000000 +0200 -+++ opencryptoki/usr/lib/pkcs11/soft_stdll/Makefile.am 2015-08-27 13:46:22.556043037 +0200 -@@ -23,6 +23,7 @@ opencryptoki_stdll_libpkcs11_sw_la_SOURC - ../common/dig_mgr.c \ - ../common/encr_mgr.c \ - ../common/globals.c \ -+ ../common/sw_crypt.c \ - ../common/loadsave.c \ - ../common/key.c \ - ../common/key_mgr.c \ -@@ -36,6 +37,7 @@ opencryptoki_stdll_libpkcs11_sw_la_SOURC - ../common/mech_rsa.c \ - ../common/mech_sha.c \ - ../common/mech_ssl3.c \ -+ ../common/mech_ec.c \ - ../common/new_host.c \ - ../common/obj_mgr.c \ - ../common/object.c \ -diff -up opencryptoki/usr/lib/pkcs11/tpm_stdll/Makefile.am.source opencryptoki/usr/lib/pkcs11/tpm_stdll/Makefile.am ---- opencryptoki/usr/lib/pkcs11/tpm_stdll/Makefile.am.source 2015-07-15 17:19:40.000000000 +0200 -+++ opencryptoki/usr/lib/pkcs11/tpm_stdll/Makefile.am 2015-08-27 13:46:22.556043037 +0200 -@@ -28,6 +28,7 @@ opencryptoki_stdll_libpkcs11_tpm_la_SOUR - ../common/key.c \ - ../common/mech_dh.c \ - ../common/mech_rng.c \ -+ ../common/mech_ec.c \ - ../common/new_host.c \ - ../common/sign_mgr.c \ - ../common/cert.c \ -@@ -46,6 +47,7 @@ opencryptoki_stdll_libpkcs11_tpm_la_SOUR - ../common/object.c \ - ../common/decr_mgr.c \ - ../common/globals.c \ -+ ../common/sw_crypt.c \ - ../common/loadsave.c \ - ../common/utility.c \ - ../common/mech_des.c \ -diff -up opencryptoki/usr/sbin/pkcsicsf/pkcsicsf.c.source opencryptoki/usr/sbin/pkcsicsf/pkcsicsf.c ---- opencryptoki/usr/sbin/pkcsicsf/pkcsicsf.c.source 2015-07-15 17:19:40.000000000 +0200 -+++ opencryptoki/usr/sbin/pkcsicsf/pkcsicsf.c 2015-08-27 13:46:22.556043037 +0200 -@@ -8,6 +8,7 @@ - #include - #include - #include -+#include - - #include "icsf.h" - #include "slotmgr.h" -diff -up opencryptoki/usr/sbin/pkcsslotd/garbage_linux.c.source opencryptoki/usr/sbin/pkcsslotd/garbage_linux.c ---- opencryptoki/usr/sbin/pkcsslotd/garbage_linux.c.source 2015-07-15 17:19:40.000000000 +0200 -+++ opencryptoki/usr/sbin/pkcsslotd/garbage_linux.c 2015-08-27 13:46:22.556043037 +0200 -@@ -294,6 +294,7 @@ - #include - #include - #include -+#include - - #include "log.h" - #include "slotmgr.h" -diff -up opencryptoki/usr/sbin/pkcsslotd/log.c.source opencryptoki/usr/sbin/pkcsslotd/log.c ---- opencryptoki/usr/sbin/pkcsslotd/log.c.source 2015-07-15 17:19:40.000000000 +0200 -+++ opencryptoki/usr/sbin/pkcsslotd/log.c 2015-08-27 13:46:22.557043034 +0200 -@@ -294,6 +294,8 @@ - #include - #include - #include -+#include -+#include - - #include "log.h" - #include "err.h" -diff -up opencryptoki/usr/sbin/pkcsslotd/mutex.c.source opencryptoki/usr/sbin/pkcsslotd/mutex.c ---- opencryptoki/usr/sbin/pkcsslotd/mutex.c.source 2015-07-15 17:19:40.000000000 +0200 -+++ opencryptoki/usr/sbin/pkcsslotd/mutex.c 2015-08-27 13:46:22.557043034 +0200 -@@ -292,6 +292,9 @@ - #include - #include - #include -+#include -+#include -+#include - #include - - #include "log.h" -diff -up opencryptoki/usr/sbin/pkcsslotd/slotmgr.c.source opencryptoki/usr/sbin/pkcsslotd/slotmgr.c ---- opencryptoki/usr/sbin/pkcsslotd/slotmgr.c.source 2015-07-15 17:19:40.000000000 +0200 -+++ opencryptoki/usr/sbin/pkcsslotd/slotmgr.c 2015-08-27 13:46:22.557043034 +0200 -@@ -292,9 +292,12 @@ - #include - #include - #include -+#include - - #include "log.h" - #include "slotmgr.h" -+#include "pkcsslotd.h" -+#include "parser.h" - - Slot_Mgr_Shr_t *shmp; // pointer to the shared memory region. - int shmid; -diff --git a/usr/lib/pkcs11/icsf_stdll/icsf_specific.c b/usr/lib/pkcs11/icsf_stdll/icsf_specific.c -index 74b07b7..1158eb5 100644 ---- a/usr/lib/pkcs11/icsf_stdll/icsf_specific.c -+++ b/usr/lib/pkcs11/icsf_stdll/icsf_specific.c -@@ -929,7 +929,7 @@ static CK_RV close_session(struct session_state *session_state) - if ((rc = icsf_destroy_object(session_state->ld, &reason, - &mapping->icsf_object))) { - /* Log error */ -- TRACE_EBUG("Failed to remove icsf object: %s/%lu/%c", -+ TRACE_DEBUG("Failed to remove icsf object: %s/%lu/%c", - mapping->icsf_object.token_name, - mapping->icsf_object.sequence, - mapping->icsf_object.id); diff --git a/opencryptoki-3.3-unused.patch b/opencryptoki-3.3-unused.patch deleted file mode 100644 index 628befa..0000000 --- a/opencryptoki-3.3-unused.patch +++ /dev/null @@ -1,336 +0,0 @@ -diff --git a/usr/lib/pkcs11/common/encr_mgr.c b/usr/lib/pkcs11/common/encr_mgr.c -index 50fa661..e12aec8 100755 ---- a/usr/lib/pkcs11/common/encr_mgr.c -+++ b/usr/lib/pkcs11/common/encr_mgr.c -@@ -764,7 +764,6 @@ encr_mgr_init( SESSION * sess, - break; - case CKM_AES_CTR: - { -- CK_AES_CTR_PARAMS aesctr; - if (mech->ulParameterLen != sizeof(CK_AES_CTR_PARAMS)){ - TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID)); - return CKR_MECHANISM_PARAM_INVALID; -diff --git a/usr/lib/pkcs11/common/mech_aes.c b/usr/lib/pkcs11/common/mech_aes.c -index 453253d..4eacad5 100644 ---- a/usr/lib/pkcs11/common/mech_aes.c -+++ b/usr/lib/pkcs11/common/mech_aes.c -@@ -2671,7 +2671,6 @@ aes_mac_verify_update( SESSION * sess, - { - CK_ULONG rc; - OBJECT * key_obj = NULL; -- CK_ULONG mac_len; - AES_DATA_CONTEXT * context = NULL; - CK_BYTE * cipher = NULL; - CK_ULONG total, remain, out_len; -diff --git a/usr/lib/pkcs11/common/mech_ec.c b/usr/lib/pkcs11/common/mech_ec.c -index 88bb08e..4817b45 100644 ---- a/usr/lib/pkcs11/common/mech_ec.c -+++ b/usr/lib/pkcs11/common/mech_ec.c -@@ -143,7 +143,6 @@ ec_sign( SESSION *sess, - { - OBJECT *key_obj = NULL; - CK_ULONG plen; -- CK_BBOOL flag; - CK_RV rc; - - if (!sess || !ctx || !out_data_len){ -@@ -225,7 +224,6 @@ ec_verify(SESSION *sess, - { - OBJECT *key_obj = NULL; - CK_ULONG plen; -- CK_BBOOL flag; - CK_RV rc; - - -diff --git a/usr/lib/pkcs11/common/mech_rsa.c b/usr/lib/pkcs11/common/mech_rsa.c -index 60cac63..0430863 100755 ---- a/usr/lib/pkcs11/common/mech_rsa.c -+++ b/usr/lib/pkcs11/common/mech_rsa.c -@@ -776,7 +776,7 @@ CK_RV rsa_oaep_crypt(SESSION *sess, CK_BBOOL length_only, - CK_ULONG *out_data_len, CK_BBOOL encrypt) - { - OBJECT *key_obj = NULL; -- CK_ULONG hlen, modulus_bytes, mgf_mech; -+ CK_ULONG hlen, modulus_bytes; - CK_OBJECT_CLASS keyclass; - CK_BYTE hash[MAX_SHA_HASH_SIZE]; - CK_RV rc; -@@ -1536,9 +1536,8 @@ CK_RV rsa_pss_verify(SESSION *sess, SIGN_VERIFY_CONTEXT *ctx, CK_BYTE *in_data, - { - CK_RV rc; - OBJECT *key_obj = NULL; -- CK_ULONG modulus_bytes, hlen; -+ CK_ULONG modulus_bytes; - CK_OBJECT_CLASS keyclass; -- CK_RSA_PKCS_PSS_PARAMS_PTR pssParms = NULL; - - rc = object_mgr_find_in_map1(ctx->key, &key_obj); - if (rc != CKR_OK) { -diff --git a/usr/lib/pkcs11/common/obj_mgr.c b/usr/lib/pkcs11/common/obj_mgr.c -index c275225..80f5998 100755 ---- a/usr/lib/pkcs11/common/obj_mgr.c -+++ b/usr/lib/pkcs11/common/obj_mgr.c -@@ -1247,7 +1247,6 @@ CK_RV - object_mgr_find_in_map_nocache( CK_OBJECT_HANDLE handle, - OBJECT ** ptr ) - { -- DL_NODE * node = NULL; - OBJECT_MAP * map = NULL; - OBJECT * obj = NULL; - CK_RV rc = CKR_OK; -diff --git a/usr/lib/pkcs11/common/sess_mgr.c b/usr/lib/pkcs11/common/sess_mgr.c -index 31607df..32d1081 100755 ---- a/usr/lib/pkcs11/common/sess_mgr.c -+++ b/usr/lib/pkcs11/common/sess_mgr.c -@@ -317,7 +317,6 @@ - SESSION * - session_mgr_find( CK_SESSION_HANDLE handle ) - { -- struct btnode *n; - SESSION * result = NULL; - CK_RV rc; - -@@ -351,7 +350,6 @@ CK_RV - session_mgr_new( CK_ULONG flags, CK_SLOT_ID slot_id, CK_SESSION_HANDLE_PTR phSession ) - { - SESSION * new_session = NULL; -- SESSION * s = NULL; - CK_BBOOL user_session = FALSE; - CK_BBOOL so_session = FALSE; - CK_BBOOL pkcs_locked = TRUE; -@@ -560,7 +558,6 @@ session_mgr_readonly_session_exists( void ) - CK_RV - session_mgr_close_session( CK_SESSION_HANDLE handle ) - { -- struct btnode *n; - SESSION *sess; - CK_RV rc = CKR_OK; - -@@ -709,8 +706,6 @@ CK_RV - session_mgr_close_all_sessions( void ) - { - CK_RV rc = CKR_OK; -- SESSION *sess; -- unsigned long i; - - rc = MY_LockMutex( &sess_list_mutex ); - if (rc != CKR_OK){ -@@ -759,9 +754,6 @@ session_login(void *node_value, unsigned long node_idx, void *p3) - CK_RV - session_mgr_login_all( CK_USER_TYPE user_type ) - { -- struct btnode *n; -- unsigned long i; -- SESSION *s; - CK_RV rc = CKR_OK; - - rc = MY_LockMutex( &sess_list_mutex ); -@@ -805,8 +797,6 @@ session_logout(void *node_value, unsigned long node_idx, void *p3) - CK_RV - session_mgr_logout_all( void ) - { -- unsigned long i; -- SESSION * s = NULL; - CK_RV rc = CKR_OK; - - rc = MY_LockMutex( &sess_list_mutex ); -diff --git a/usr/lib/pkcs11/icsf_stdll/icsf.c b/usr/lib/pkcs11/icsf_stdll/icsf.c -index e7712e7..5ec344f 100644 ---- a/usr/lib/pkcs11/icsf_stdll/icsf.c -+++ b/usr/lib/pkcs11/icsf_stdll/icsf.c -@@ -2615,7 +2615,6 @@ int icsf_hmac_verify(LDAP *ld, int *reason, struct icsf_object_record *key, - char rule_array[2 * ICSF_RULE_ITEM_LEN]; - BerElement *msg = NULL; - BerElement *result = NULL; -- struct berval bvHmac = { 0UL, NULL }; - struct berval bvChain = { 0UL, NULL }; - const char *rule_alg; - -@@ -3209,7 +3208,6 @@ icsf_derive_multple_keys(LDAP *ld, int *p_reason, CK_MECHANISM_PTR mech, - struct icsf_object_record *server_iv) - { - int rc = 0; -- int reason = 0; - const char *rule_alg; - char handle[ICSF_HANDLE_LEN]; - char rule_array[ICSF_RULE_ITEM_LEN]; -diff --git a/usr/lib/pkcs11/icsf_stdll/icsf_specific.c b/usr/lib/pkcs11/icsf_stdll/icsf_specific.c -index 1158eb5..5c92454 100644 ---- a/usr/lib/pkcs11/icsf_stdll/icsf_specific.c -+++ b/usr/lib/pkcs11/icsf_stdll/icsf_specific.c -@@ -1045,7 +1045,6 @@ CK_RV icsftok_login(SESSION *sess, CK_USER_TYPE userType, CK_CHAR_PTR pPin, - char *ca_dir = NULL; - CK_SLOT_ID slot_id = sess->session_info.slotID; - struct session_state *session_state; -- int sessions_locked = 0; - LDAP *ld; - - /* Check Slot ID */ -diff --git a/usr/lib/pkcs11/icsf_stdll/new_host.c b/usr/lib/pkcs11/icsf_stdll/new_host.c -index dc9790a..bf492c8 100644 ---- a/usr/lib/pkcs11/icsf_stdll/new_host.c -+++ b/usr/lib/pkcs11/icsf_stdll/new_host.c -@@ -378,7 +378,6 @@ CK_RV valid_mech(CK_MECHANISM_PTR m, CK_FLAGS f) - CK_RV ST_Initialize(void **FunctionList, CK_SLOT_ID SlotNumber, char *conf_name, - struct trace_handle_t t) - { -- int i; - CK_RV rc = CKR_OK; - - if ((rc = check_user_and_group()) != CKR_OK) -@@ -1626,7 +1625,6 @@ CK_RV SC_EncryptUpdate(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pPart, - CK_ULONG_PTR pulEncryptedPartLen) - { - SESSION *sess = NULL; -- CK_BBOOL length_only = FALSE; - CK_RV rc = CKR_OK; - - if (initialized == FALSE) { -@@ -1654,9 +1652,6 @@ CK_RV SC_EncryptUpdate(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pPart, - goto done; - } - -- if (!pEncryptedPart) -- length_only = TRUE; -- - rc = icsftok_encrypt_update(sess, pPart, ulPartLen, pEncryptedPart, - pulEncryptedPartLen); - if (rc != CKR_OK) -@@ -1837,7 +1832,6 @@ CK_RV SC_DecryptUpdate(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pEncryptedPart, - CK_ULONG_PTR pulPartLen) - { - SESSION *sess = NULL; -- CK_BBOOL length_only = FALSE; - CK_RV rc = CKR_OK; - - if (initialized == FALSE) { -@@ -1865,9 +1859,6 @@ CK_RV SC_DecryptUpdate(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pEncryptedPart, - goto done; - } - -- if (!pPart) -- length_only = TRUE; -- - rc = icsftok_decrypt_update(sess, pEncryptedPart, ulEncryptedPartLen, - pPart, pulPartLen); - if (rc != CKR_OK) -@@ -2835,7 +2826,6 @@ CK_RV SC_WrapKey(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism, - CK_BYTE_PTR pWrappedKey, CK_ULONG_PTR pulWrappedKeyLen) - { - SESSION *sess = NULL; -- CK_BBOOL length_only = FALSE; - CK_RV rc = CKR_OK; - - if (initialized == FALSE) { -@@ -2854,9 +2844,6 @@ CK_RV SC_WrapKey(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism, - if (rc != CKR_OK) - goto done; - -- if (!pWrappedKey) -- length_only = TRUE; -- - sess = session_mgr_find(sSession->sessionh); - if (!sess) { - TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID)); -diff --git a/usr/lib/pkcs11/icsf_stdll/pbkdf.c b/usr/lib/pkcs11/icsf_stdll/pbkdf.c -index 33d36c8..fbbcb39 100644 ---- a/usr/lib/pkcs11/icsf_stdll/pbkdf.c -+++ b/usr/lib/pkcs11/icsf_stdll/pbkdf.c -@@ -545,7 +545,6 @@ pbkdf(CK_BYTE *password, CK_ULONG len, CK_BYTE *salt, CK_BYTE *dkey, CK_ULONG kl - unsigned char *result; - unsigned int r, num_of_blocks; - unsigned int count, hashlen; -- unsigned char *ret; - CK_ULONG rc = CKR_OK; - int i, j, k; - -diff --git a/usr/sbin/pkcsicsf/pkcsicsf.c b/usr/sbin/pkcsicsf/pkcsicsf.c -index ec05edf..dd31bbe 100644 ---- a/usr/sbin/pkcsicsf/pkcsicsf.c -+++ b/usr/sbin/pkcsicsf/pkcsicsf.c -@@ -476,7 +476,6 @@ main(int argc, char **argv) - { - char *racfpwd = NULL; - size_t racflen; -- unsigned char *ret; - char *tokenname = NULL; - int c; - int rc = 0; -@@ -488,7 +487,7 @@ main(int argc, char **argv) - flags |= CFG_ADD; - if ((tokenname = strdup(optarg)) == NULL) { - rc = -1; -- fprintf(stderr, "strdup failed: line %s\n", -+ fprintf(stderr, "strdup failed: line %d\n", - __LINE__); - goto cleanup; - } -@@ -500,34 +499,34 @@ main(int argc, char **argv) - flags |= CFG_BINDDN; - if ((binddn = strdup(optarg)) == NULL) { - rc = -1; -- fprintf(stderr, "strdup failed: line %s\n", -+ fprintf(stderr, "strdup failed: line %d\n", - __LINE__); - goto cleanup; - } - break; - case 'c': -- flags != CFG_CERT; -+ flags |= CFG_CERT; - if ((cert = strdup(optarg)) == NULL) { - rc = -1; -- fprintf(stderr, "strdup failed: line %s\n", -+ fprintf(stderr, "strdup failed: line %d\n", - __LINE__); - goto cleanup; - } - break; - case 'k': -- flags != CFG_PRIVKEY; -+ flags |= CFG_PRIVKEY; - if ((privkey = strdup(optarg)) == NULL) { - rc = -1; -- fprintf(stderr, "strdup failed: line %s\n", -+ fprintf(stderr, "strdup failed: line %d\n", - __LINE__); - goto cleanup; - } - break; - case 'C': -- flags != CFG_CACERT; -+ flags |= CFG_CACERT; - if ((cacert = strdup(optarg)) == NULL) { - rc = -1; -- fprintf(stderr, "strdup failed: line %s\n", -+ fprintf(stderr, "strdup failed: line %d\n", - __LINE__); - goto cleanup; - } -@@ -536,7 +535,7 @@ main(int argc, char **argv) - flags |= CFG_URI; - if ((uri = strdup(optarg)) == NULL) { - rc = -1; -- fprintf(stderr, "strdup failed: line %s\n", -+ fprintf(stderr, "strdup failed: line %d\n", - __LINE__); - goto cleanup; - } -@@ -545,7 +544,7 @@ main(int argc, char **argv) - flags |= CFG_MECH; - if ((mech = strdup(optarg)) == NULL) { - rc = -1; -- fprintf(stderr, "strdup failed: line %s\n", -+ fprintf(stderr, "strdup failed: line %d\n", - __LINE__); - goto cleanup; - } -@@ -686,7 +685,7 @@ cleanup: - if (uri) - free(uri); - if (mech) -- mech; -+ free(mech); - if (racfpwd) - free(racfpwd); - return rc; diff --git a/opencryptoki.spec b/opencryptoki.spec index 684b354..264cb1c 100644 --- a/opencryptoki.spec +++ b/opencryptoki.spec @@ -2,8 +2,8 @@ Name: opencryptoki Summary: Implementation of the PKCS#11 (Cryptoki) specification v2.11 -Version: 3.3 -Release: 1%{?dist}.1 +Version: 3.4 +Release: 1%{?dist} License: CPL Group: System Environment/Base URL: http://sourceforge.net/projects/opencryptoki @@ -13,9 +13,9 @@ Source1: %{name}-tmpfiles.conf Patch0: %{name}-2.4-group.patch # do not install pkcsep11_migrate.1 and pkcscca.1 when it's not enabled Patch1: %{name}-3.2-conditional-manpages.patch -# Fix missing sources and libraries in makefiles causing undefined symbols (#1193560) -Patch2: %{name}-3.2-missing-sources-and-libraries.patch -Patch3: %{name}-3.3-unused.patch +# post-release compile warnings: +# http://sourceforge.net/p/opencryptoki/mailman/message/34625700/ +Patch2: %{name}-3.4-compile-warnings.patch # Use --no-undefined to debug missing symbols #Patch100: %{name}-3.2-no-undefined.patch @@ -185,8 +185,7 @@ configured with Enterprise PKCS#11 (EP11) firmware. %setup -q -n %{name} %patch0 -p1 -b .group %patch1 -p1 -b .man -%patch2 -p1 -b .source -%patch3 -p1 -b .unused +%patch2 -p1 -b .warnings #%patch100 -p1 -b .no-undefined @@ -353,6 +352,10 @@ exit 0 %changelog +* Wed Nov 18 2015 Jakub Jelen 3.4-1.1 +- New upstream release +- Adding post-release patch fixing compile warnings + * Thu Aug 27 2015 Jakub Jelen 3.3-1.1 - New upstream release - Correct dependencies for group creation diff --git a/sources b/sources index 1cd0d38..6beb0fc 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -df6a738460ac6be657de72abf4fcf21c opencryptoki-v3.3.tgz +c60ea121f529845d6c226fc095d0354d opencryptoki-v3.4.tgz