diff --git a/opencryptoki-3.2-missing-sources-and-libraries.patch b/opencryptoki-3.2-missing-sources-and-libraries.patch new file mode 100644 index 0000000..511fcc1 --- /dev/null +++ b/opencryptoki-3.2-missing-sources-and-libraries.patch @@ -0,0 +1,199 @@ +diff --git a/configure.in b/configure.in +--- a/configure.in ++++ b/configure.in +@@ -4,7 +4,7 @@ AC_INIT([openCryptoki],[3.2],[opencryptoki-tech@lists.sourceforge.net]) + dnl Needed for $target! + AC_CANONICAL_SYSTEM + +-AM_INIT_AUTOMAKE([foreign 1.6]) ++AM_INIT_AUTOMAKE([foreign 1.6 subdir-objects]) + + dnl Checks for header files. + AC_DISABLE_STATIC +@@ -571,7 +571,7 @@ fi + AM_CONDITIONAL([ENABLE_PKCSCCA_MIGRATE], [test "x$enable_pkcscca_migrate" = "xyes"]) + AM_CONDITIONAL([ENABLE_PKCSEP11_MIGRATE], [test "x$enable_pkcsep11_migrate" = "xyes"]) + +-CFLAGS="$CFLAGS -DPKCS64 -D_XOPEN_SOURCE=500" ++CFLAGS="$CFLAGS -DPKCS64 -D_XOPEN_SOURCE=500 -Wl,--no-undefined" + + CFLAGS+=' -DCONFIG_PATH=\"$(localstatedir)/lib/opencryptoki\" -DSBIN_PATH=\"$(sbindir)\" -DLIB_PATH=\"$(libdir)\" -DLOCKDIR_PATH=\"$(lockdir)\" -DOCK_CONFDIR=\"$(sysconfdir)/opencryptoki\"' + +diff --git a/usr/lib/pkcs11/cca_stdll/cca_specific.c b/usr/lib/pkcs11/cca_stdll/cca_specific.c +--- a/usr/lib/pkcs11/cca_stdll/cca_specific.c ++++ b/usr/lib/pkcs11/cca_stdll/cca_specific.c +@@ -2352,40 +2352,3 @@ token_specific_object_add(OBJECT *object) + + return CKR_OK; + } +- +-CK_RV +-get_ecsiglen(OBJECT *key_obj, CK_ULONG *size) +-{ +- CK_BBOOL flag; +- CK_ATTRIBUTE *attr = NULL; +- int i; +- +- flag = template_attribute_find( key_obj->template, +- CKA_ECDSA_PARAMS, &attr ); +- if (flag == FALSE) { +- OCK_LOG_ERR(ERR_FUNCTION_FAILED); +- return CKR_FUNCTION_FAILED; +- } +- +- /* loop thru supported curves to find the size. +- * both pkcs#11v2.20 and CCA expect the signature length to be +- * twice the length of p. +- * (See EC Signatures in pkcs#11v2.20 and docs for CSNDDSG.) +- */ +- for (i = 0; i < NUMEC; i++) { +- if ((memcmp(attr->pValue, der_ec_supported[i].data, +- attr->ulValueLen) == 0)) { +- *size = der_ec_supported[i].len_bits; +- /* round up if necessary */ +- if ((*size % 8) == 0) +- *size = (*size / 8) * 2; +- else +- *size = ((*size / 8) + 1) * 2; +- OCK_LOG_DEBUG("getlen, curve = %d, size = %d\n", der_ec_supported[i].len_bits, *size); +- return CKR_OK; +- } +- } +- +- OCK_LOG_ERR(ERR_MECHANISM_PARAM_INVALID); +- return CKR_MECHANISM_PARAM_INVALID; +-} +diff --git a/usr/lib/pkcs11/common/mech_ec.c b/usr/lib/pkcs11/common/mech_ec.c +--- a/usr/lib/pkcs11/common/mech_ec.c ++++ b/usr/lib/pkcs11/common/mech_ec.c +@@ -19,6 +19,8 @@ + #include "host_defs.h" + #include "h_extern.h" + #include "tok_spec_struct.h" ++#include ++#include "ec_defs.h" + + CK_RV + ckm_ec_key_pair_gen( TEMPLATE * publ_tmpl, +@@ -65,6 +67,43 @@ ckm_ec_sign( CK_BYTE *in_data, + } + + CK_RV ++get_ecsiglen(OBJECT *key_obj, CK_ULONG *size) ++{ ++ CK_BBOOL flag; ++ CK_ATTRIBUTE *attr = NULL; ++ int i; ++ ++ flag = template_attribute_find( key_obj->template, ++ CKA_ECDSA_PARAMS, &attr ); ++ if (flag == FALSE) { ++ OCK_LOG_ERR(ERR_FUNCTION_FAILED); ++ return CKR_FUNCTION_FAILED; ++ } ++ ++ /* loop thru supported curves to find the size. ++ * both pkcs#11v2.20 and CCA expect the signature length to be ++ * twice the length of p. ++ * (See EC Signatures in pkcs#11v2.20 and docs for CSNDDSG.) ++ */ ++ for (i = 0; i < NUMEC; i++) { ++ if ((memcmp(attr->pValue, der_ec_supported[i].data, ++ attr->ulValueLen) == 0)) { ++ *size = der_ec_supported[i].len_bits; ++ /* round up if necessary */ ++ if ((*size % 8) == 0) ++ *size = (*size / 8) * 2; ++ else ++ *size = ((*size / 8) + 1) * 2; ++ OCK_LOG_DEBUG("getlen, curve = %d, size = %d\n", der_ec_supported[i].len_bits, *size); ++ return CKR_OK; ++ } ++ } ++ ++ OCK_LOG_ERR(ERR_MECHANISM_PARAM_INVALID); ++ return CKR_MECHANISM_PARAM_INVALID; ++} ++ ++CK_RV + ec_sign( SESSION *sess, + CK_BBOOL length_only, + SIGN_VERIFY_CONTEXT *ctx, +diff --git a/usr/lib/pkcs11/icsf_stdll/Makefile.am b/usr/lib/pkcs11/icsf_stdll/Makefile.am +--- a/usr/lib/pkcs11/icsf_stdll/Makefile.am ++++ b/usr/lib/pkcs11/icsf_stdll/Makefile.am +@@ -24,7 +24,8 @@ opencryptoki_stdll_libpkcs11_icsf_la_LDFLAGS = -shared \ + -lcrypto \ + -lldap \ + -lpthread \ +- -lrt ++ -lrt \ ++ -llber + + opencryptoki_stdll_libpkcs11_icsf_la_SOURCES = ../common/asn1.c \ + ../common/btree.c \ +@@ -34,6 +35,7 @@ opencryptoki_stdll_libpkcs11_icsf_la_SOURCES = ../common/asn1.c \ + ../common/key.c \ + ../common/mech_dh.c \ + ../common/mech_rng.c \ ++ ../common/mech_ec.c \ + ../common/new_host.c \ + ../common/sign_mgr.c \ + ../common/cert.c \ +@@ -51,6 +53,7 @@ opencryptoki_stdll_libpkcs11_icsf_la_SOURCES = ../common/asn1.c \ + ../common/object.c \ + ../common/decr_mgr.c \ + ../common/globals.c \ ++ ../common/sw_crypt.c \ + ../common/loadsave.c \ + ../common/utility.c \ + ../common/mech_des.c \ +diff --git a/usr/lib/pkcs11/icsf_stdll/icsf.c b/usr/lib/pkcs11/icsf_stdll/icsf.c +--- a/usr/lib/pkcs11/icsf_stdll/icsf.c ++++ b/usr/lib/pkcs11/icsf_stdll/icsf.c +@@ -14,6 +14,7 @@ + #include + #include + #include "icsf.h" ++#include + + /* For logging functions: */ + #include "defs.h" +diff --git a/usr/lib/pkcs11/soft_stdll/Makefile.am b/usr/lib/pkcs11/soft_stdll/Makefile.am +--- a/usr/lib/pkcs11/soft_stdll/Makefile.am ++++ b/usr/lib/pkcs11/soft_stdll/Makefile.am +@@ -23,6 +23,7 @@ opencryptoki_stdll_libpkcs11_sw_la_SOURCES = ../common/asn1.c \ + ../common/dig_mgr.c \ + ../common/encr_mgr.c \ + ../common/globals.c \ ++ ../common/sw_crypt.c \ + ../common/loadsave.c \ + ../common/key.c \ + ../common/key_mgr.c \ +@@ -36,6 +37,7 @@ opencryptoki_stdll_libpkcs11_sw_la_SOURCES = ../common/asn1.c \ + ../common/mech_rsa.c \ + ../common/mech_sha.c \ + ../common/mech_ssl3.c \ ++ ../common/mech_ec.c \ + ../common/new_host.c \ + ../common/obj_mgr.c \ + ../common/object.c \ +diff --git a/usr/lib/pkcs11/tpm_stdll/Makefile.am b/usr/lib/pkcs11/tpm_stdll/Makefile.am +--- a/usr/lib/pkcs11/tpm_stdll/Makefile.am ++++ b/usr/lib/pkcs11/tpm_stdll/Makefile.am +@@ -28,6 +28,7 @@ opencryptoki_stdll_libpkcs11_tpm_la_SOURCES = ../common/asn1.c \ + ../common/key.c \ + ../common/mech_dh.c \ + ../common/mech_rng.c \ ++ ../common/mech_ec.c \ + ../common/new_host.c \ + ../common/sign_mgr.c \ + ../common/cert.c \ +@@ -46,6 +47,7 @@ opencryptoki_stdll_libpkcs11_tpm_la_SOURCES = ../common/asn1.c \ + ../common/object.c \ + ../common/decr_mgr.c \ + ../common/globals.c \ ++ ../common/sw_crypt.c \ + ../common/loadsave.c \ + ../common/utility.c \ + ../common/mech_des.c \ diff --git a/opencryptoki.spec b/opencryptoki.spec index 7b50ade..3324075 100644 --- a/opencryptoki.spec +++ b/opencryptoki.spec @@ -13,6 +13,8 @@ Source1: %{name}-tmpfiles.conf Patch0: %{name}-2.4-group.patch # do not install pkcsep11_migrate.1 and pkcscca.1 when it's not enabled Patch1: %{name}-3.2-conditional-manpages.patch +# Fix missing sources and libraries in makefiles causing undefined symbols (#1193560) +Patch2: %{name}-3.2-missing-sources-and-libraries.patch Requires(pre): shadow-utils coreutils sed BuildRequires: openssl-devel BuildRequires: trousers-devel @@ -177,6 +179,7 @@ configured with Enterprise PKCS#11 (EP11) firmware. %setup -q -n %{name} %patch0 -p1 -b .group %patch1 -p1 -b .man +%patch2 -p1 -b .source # Upstream tarball has unnecessary executable perms set on the sources find . -name '*.[ch]' -print0 | xargs -0 chmod -x