From f3b24dba71d31d9e13231d63b000a9cd18f10e49 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Thu, 27 Aug 2015 15:21:08 +0200 Subject: [PATCH] opencryptoki-3.3-1 --- .gitignore | 1 + opencryptoki-2.4-group.patch | 72 ++- ...ki-3.2-missing-sources-and-libraries.patch | 440 +++++++++--------- opencryptoki-3.2-no-undefined.patch | 10 +- opencryptoki-3.3-unused.patch | 336 +++++++++++++ opencryptoki.spec | 6 +- sources | 2 +- 7 files changed, 591 insertions(+), 276 deletions(-) create mode 100644 opencryptoki-3.3-unused.patch diff --git a/.gitignore b/.gitignore index a6d1ebb..786e3c3 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,4 @@ opencryptoki-2.3.1.tar.gz /opencryptoki-v3.0.tar.gz /opencryptoki-v3.1.tgz /opencryptoki-v3.2.tgz +/opencryptoki-v3.3.tgz diff --git a/opencryptoki-2.4-group.patch b/opencryptoki-2.4-group.patch index abaa592..aabacdc 100644 --- a/opencryptoki-2.4-group.patch +++ b/opencryptoki-2.4-group.patch @@ -1,46 +1,40 @@ -diff -urp opencryptoki-2.4.orig/usr/lib/pkcs11/api/shrd_mem.c opencryptoki-2.4/usr/lib/pkcs11/api/shrd_mem.c ---- opencryptoki-2.4.orig/usr/lib/pkcs11/api/shrd_mem.c.in 2011-08-15 08:17:14.000000000 -0400 -+++ opencryptoki-2.4/usr/lib/pkcs11/api/shrd_mem.c.in 2011-08-15 10:22:49.000000000 -0400 -@@ -351,43 +351,6 @@ attach_shared_memory() { +diff -up opencryptoki/usr/lib/pkcs11/api/shrd_mem.c.in.group opencryptoki/usr/lib/pkcs11/api/shrd_mem.c.in +--- opencryptoki/usr/lib/pkcs11/api/shrd_mem.c.in.group 2015-08-27 11:35:42.759397175 +0200 ++++ opencryptoki/usr/lib/pkcs11/api/shrd_mem.c.in 2015-08-27 11:39:02.240023425 +0200 +@@ -352,37 +352,6 @@ attach_shared_memory() { return NULL; } -- -- // SAB check for the group id here and membership here as well -- grp = getgrnam("pkcs11"); -- if ( grp ) { -- int i=0; -- char member=0; -- -- pw = getpwuid(getuid()); -- -- epw = getpwuid(geteuid()); -- -- while( grp->gr_mem[i] ) { -- if (pw) { -- if ( strncmp(pw->pw_name, grp->gr_mem[i],strlen(pw->pw_name)) == 0 ){ -- member = 1; -- break; -- } -- } -- if (epw) { -- if ( strncmp(epw->pw_name, grp->gr_mem[i],strlen(epw->pw_name)) == 0 ){ -- member = 1; -- break; -- } -- } -- i++; -- } -- if ( ! member ) { -- return NULL; // SAB don't bother even attaching... -- } -- -- -- } else { -- return NULL; +- uid = getuid(); +- euid = geteuid(); +- // only check group membership if not root user +- if (uid != 0 && euid != 0) { +- int i, member=0; +- grp = getgrnam("pkcs11"); +- if (!grp) { +- // group pkcs11 not known to the system +- return NULL; +- } +- pw = getpwuid(uid); +- epw = getpwuid(euid); +- for (i=0; grp->gr_mem[i]; i++) { +- if (pw) { +- if (!strncmp(pw->pw_name, grp->gr_mem[i],strlen(pw->pw_name))) { +- member = 1; +- break; +- } +- } +- if (epw) { +- if (!strncmp(epw->pw_name, grp->gr_mem[i],strlen(epw->pw_name))) { +- member = 1; +- break; +- } +- } +- } +- if (!member) { +- return NULL; +- } - } -- -- - Anchor->shm_tok = ftok(TOK_PATH,'b'); diff --git a/opencryptoki-3.2-missing-sources-and-libraries.patch b/opencryptoki-3.2-missing-sources-and-libraries.patch index f6d79f5..ec762f5 100644 --- a/opencryptoki-3.2-missing-sources-and-libraries.patch +++ b/opencryptoki-3.2-missing-sources-and-libraries.patch @@ -1,7 +1,7 @@ -diff --git a/configure.in b/configure.in ---- a/configure.in -+++ b/configure.in -@@ -4,7 +4,7 @@ AC_INIT([openCryptoki],[3.2],[opencryptoki-tech@lists.sourceforge.net]) +diff -up opencryptoki/configure.in.source opencryptoki/configure.in +--- opencryptoki/configure.in.source 2015-07-15 17:19:40.000000000 +0200 ++++ opencryptoki/configure.in 2015-08-27 13:46:22.554043041 +0200 +@@ -4,7 +4,7 @@ AC_INIT([openCryptoki],[3.3],[opencrypto dnl Needed for $target! AC_CANONICAL_SYSTEM @@ -10,10 +10,10 @@ diff --git a/configure.in b/configure.in dnl Checks for header files. AC_DISABLE_STATIC -diff --git a/usr/lib/pkcs11/cca_stdll/cca_specific.c b/usr/lib/pkcs11/cca_stdll/cca_specific.c ---- a/usr/lib/pkcs11/cca_stdll/cca_specific.c -+++ b/usr/lib/pkcs11/cca_stdll/cca_specific.c -@@ -2352,40 +2352,3 @@ token_specific_object_add(OBJECT *object) +diff -up opencryptoki/usr/lib/pkcs11/cca_stdll/cca_specific.c.source opencryptoki/usr/lib/pkcs11/cca_stdll/cca_specific.c +--- opencryptoki/usr/lib/pkcs11/cca_stdll/cca_specific.c.source 2015-07-15 17:19:40.000000000 +0200 ++++ opencryptoki/usr/lib/pkcs11/cca_stdll/cca_specific.c 2015-08-27 13:46:22.554043041 +0200 +@@ -2336,40 +2336,3 @@ token_specific_object_add(OBJECT *object return CKR_OK; } @@ -28,7 +28,7 @@ diff --git a/usr/lib/pkcs11/cca_stdll/cca_specific.c b/usr/lib/pkcs11/cca_stdll/ - flag = template_attribute_find( key_obj->template, - CKA_ECDSA_PARAMS, &attr ); - if (flag == FALSE) { -- OCK_LOG_ERR(ERR_FUNCTION_FAILED); +- TRACE_ERROR("Could not find CKA_ECDSA_PARAMS for the key.\n"); - return CKR_FUNCTION_FAILED; - } - @@ -46,152 +46,18 @@ diff --git a/usr/lib/pkcs11/cca_stdll/cca_specific.c b/usr/lib/pkcs11/cca_stdll/ - *size = (*size / 8) * 2; - else - *size = ((*size / 8) + 1) * 2; -- OCK_LOG_DEBUG("getlen, curve = %d, size = %d\n", der_ec_supported[i].len_bits, *size); +- TRACE_DEVEL("getlen, curve = %d, size = %d\n", der_ec_supported[i].len_bits, *size); - return CKR_OK; - } - } - -- OCK_LOG_ERR(ERR_MECHANISM_PARAM_INVALID); +- TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID)); - return CKR_MECHANISM_PARAM_INVALID; -} -diff --git a/usr/lib/pkcs11/common/mech_ec.c b/usr/lib/pkcs11/common/mech_ec.c ---- a/usr/lib/pkcs11/common/mech_ec.c -+++ b/usr/lib/pkcs11/common/mech_ec.c -@@ -19,6 +19,8 @@ - #include "host_defs.h" - #include "h_extern.h" - #include "tok_spec_struct.h" -+#include -+#include "ec_defs.h" - - CK_RV - ckm_ec_key_pair_gen( TEMPLATE * publ_tmpl, -@@ -65,6 +67,43 @@ ckm_ec_sign( CK_BYTE *in_data, - } - - CK_RV -+get_ecsiglen(OBJECT *key_obj, CK_ULONG *size) -+{ -+ CK_BBOOL flag; -+ CK_ATTRIBUTE *attr = NULL; -+ int i; -+ -+ flag = template_attribute_find( key_obj->template, -+ CKA_ECDSA_PARAMS, &attr ); -+ if (flag == FALSE) { -+ OCK_LOG_ERR(ERR_FUNCTION_FAILED); -+ return CKR_FUNCTION_FAILED; -+ } -+ -+ /* loop thru supported curves to find the size. -+ * both pkcs#11v2.20 and CCA expect the signature length to be -+ * twice the length of p. -+ * (See EC Signatures in pkcs#11v2.20 and docs for CSNDDSG.) -+ */ -+ for (i = 0; i < NUMEC; i++) { -+ if ((memcmp(attr->pValue, der_ec_supported[i].data, -+ attr->ulValueLen) == 0)) { -+ *size = der_ec_supported[i].len_bits; -+ /* round up if necessary */ -+ if ((*size % 8) == 0) -+ *size = (*size / 8) * 2; -+ else -+ *size = ((*size / 8) + 1) * 2; -+ OCK_LOG_DEBUG("getlen, curve = %d, size = %d\n", der_ec_supported[i].len_bits, *size); -+ return CKR_OK; -+ } -+ } -+ -+ OCK_LOG_ERR(ERR_MECHANISM_PARAM_INVALID); -+ return CKR_MECHANISM_PARAM_INVALID; -+} -+ -+CK_RV - ec_sign( SESSION *sess, - CK_BBOOL length_only, - SIGN_VERIFY_CONTEXT *ctx, -diff --git a/usr/lib/pkcs11/icsf_stdll/Makefile.am b/usr/lib/pkcs11/icsf_stdll/Makefile.am ---- a/usr/lib/pkcs11/icsf_stdll/Makefile.am -+++ b/usr/lib/pkcs11/icsf_stdll/Makefile.am -@@ -24,7 +24,8 @@ opencryptoki_stdll_libpkcs11_icsf_la_LDFLAGS = -shared \ - -lcrypto \ - -lldap \ - -lpthread \ -- -lrt -+ -lrt \ -+ -llber - - opencryptoki_stdll_libpkcs11_icsf_la_SOURCES = ../common/asn1.c \ - ../common/btree.c \ -@@ -34,6 +35,7 @@ opencryptoki_stdll_libpkcs11_icsf_la_SOURCES = ../common/asn1.c \ - ../common/key.c \ - ../common/mech_dh.c \ - ../common/mech_rng.c \ -+ ../common/mech_ec.c \ - ../common/new_host.c \ - ../common/sign_mgr.c \ - ../common/cert.c \ -@@ -51,6 +53,7 @@ opencryptoki_stdll_libpkcs11_icsf_la_SOURCES = ../common/asn1.c \ - ../common/object.c \ - ../common/decr_mgr.c \ - ../common/globals.c \ -+ ../common/sw_crypt.c \ - ../common/loadsave.c \ - ../common/utility.c \ - ../common/mech_des.c \ -diff --git a/usr/lib/pkcs11/icsf_stdll/icsf.c b/usr/lib/pkcs11/icsf_stdll/icsf.c ---- a/usr/lib/pkcs11/icsf_stdll/icsf.c -+++ b/usr/lib/pkcs11/icsf_stdll/icsf.c -@@ -14,6 +14,7 @@ - #include - #include - #include "icsf.h" -+#include - - /* For logging functions: */ - #include "defs.h" -diff --git a/usr/lib/pkcs11/soft_stdll/Makefile.am b/usr/lib/pkcs11/soft_stdll/Makefile.am ---- a/usr/lib/pkcs11/soft_stdll/Makefile.am -+++ b/usr/lib/pkcs11/soft_stdll/Makefile.am -@@ -23,6 +23,7 @@ opencryptoki_stdll_libpkcs11_sw_la_SOURCES = ../common/asn1.c \ - ../common/dig_mgr.c \ - ../common/encr_mgr.c \ - ../common/globals.c \ -+ ../common/sw_crypt.c \ - ../common/loadsave.c \ - ../common/key.c \ - ../common/key_mgr.c \ -@@ -36,6 +37,7 @@ opencryptoki_stdll_libpkcs11_sw_la_SOURCES = ../common/asn1.c \ - ../common/mech_rsa.c \ - ../common/mech_sha.c \ - ../common/mech_ssl3.c \ -+ ../common/mech_ec.c \ - ../common/new_host.c \ - ../common/obj_mgr.c \ - ../common/object.c \ -diff --git a/usr/lib/pkcs11/tpm_stdll/Makefile.am b/usr/lib/pkcs11/tpm_stdll/Makefile.am ---- a/usr/lib/pkcs11/tpm_stdll/Makefile.am -+++ b/usr/lib/pkcs11/tpm_stdll/Makefile.am -@@ -28,6 +28,7 @@ opencryptoki_stdll_libpkcs11_tpm_la_SOURCES = ../common/asn1.c \ - ../common/key.c \ - ../common/mech_dh.c \ - ../common/mech_rng.c \ -+ ../common/mech_ec.c \ - ../common/new_host.c \ - ../common/sign_mgr.c \ - ../common/cert.c \ -@@ -46,6 +47,7 @@ opencryptoki_stdll_libpkcs11_tpm_la_SOURCES = ../common/asn1.c \ - ../common/object.c \ - ../common/decr_mgr.c \ - ../common/globals.c \ -+ ../common/sw_crypt.c \ - ../common/loadsave.c \ - ../common/utility.c \ - ../common/mech_des.c \ -diff --git a/usr/lib/pkcs11/common/btree.c b/usr/lib/pkcs11/common/btree.c ---- a/usr/lib/pkcs11/common/btree.c -+++ b/usr/lib/pkcs11/common/btree.c -@@ -242,7 +242,7 @@ bt_node_free(struct btree *t, unsigned long node_num, void (*delete_func)(void * +diff -up opencryptoki/usr/lib/pkcs11/common/btree.c.source opencryptoki/usr/lib/pkcs11/common/btree.c +--- opencryptoki/usr/lib/pkcs11/common/btree.c.source 2015-07-15 17:19:40.000000000 +0200 ++++ opencryptoki/usr/lib/pkcs11/common/btree.c 2015-08-27 13:46:22.554043041 +0200 +@@ -231,7 +231,7 @@ bt_node_free(struct btree *t, unsigned l * * return 0 if binary tree has at least 1 node in use, !0 otherwise */ @@ -200,10 +66,9 @@ diff --git a/usr/lib/pkcs11/common/btree.c b/usr/lib/pkcs11/common/btree.c bt_is_empty(struct btree *t) { return (t->free_nodes == t->size); -diff --git a/usr/lib/pkcs11/common/ec_defs.h b/usr/lib/pkcs11/common/ec_defs.h -index 12e16c9..fd499de 100644 ---- a/usr/lib/pkcs11/common/ec_defs.h -+++ b/usr/lib/pkcs11/common/ec_defs.h +diff -up opencryptoki/usr/lib/pkcs11/common/ec_defs.h.source opencryptoki/usr/lib/pkcs11/common/ec_defs.h +--- opencryptoki/usr/lib/pkcs11/common/ec_defs.h.source 2015-07-15 17:19:40.000000000 +0200 ++++ opencryptoki/usr/lib/pkcs11/common/ec_defs.h 2015-08-27 13:46:22.555043039 +0200 @@ -30,18 +30,18 @@ /* Supported Elliptic Curves */ @@ -256,14 +121,16 @@ index 12e16c9..fd499de 100644 - +extern struct _ec der_ec_supported[NUMEC]; #endif -diff --git a/usr/lib/pkcs11/common/mech_ec.c b/usr/lib/pkcs11/common/mech_ec.c -index b9cb009..759af61 100644 ---- a/usr/lib/pkcs11/common/mech_ec.c -+++ b/usr/lib/pkcs11/common/mech_ec.c -@@ -22,6 +22,34 @@ - #include - #include "ec_defs.h" - +diff -up opencryptoki/usr/lib/pkcs11/common/mech_ec.c.source opencryptoki/usr/lib/pkcs11/common/mech_ec.c +--- opencryptoki/usr/lib/pkcs11/common/mech_ec.c.source 2015-07-15 17:19:40.000000000 +0200 ++++ opencryptoki/usr/lib/pkcs11/common/mech_ec.c 2015-08-27 13:47:18.703913315 +0200 +@@ -20,6 +20,36 @@ + #include "h_extern.h" + #include "tok_spec_struct.h" + #include "trace.h" ++#include ++#include "ec_defs.h" ++ +CK_BYTE brainpoolP160r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x01 }; +CK_BYTE brainpoolP192r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x03 }; +CK_BYTE brainpoolP224r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x05 }; @@ -291,27 +158,68 @@ index b9cb009..759af61 100644 + {PRIME_CURVE, CURVE384, sizeof(secp384), &secp384}, + {PRIME_CURVE, CURVE521, sizeof(secp521), &secp521}, +}; -+ + CK_RV ckm_ec_key_pair_gen( TEMPLATE * publ_tmpl, - TEMPLATE * priv_tmpl ) -diff --git a/usr/lib/pkcs11/ep11_stdll/Makefile.am b/usr/lib/pkcs11/ep11_stdll/Makefile.am -index d587fd2..fba4889 100644 ---- a/usr/lib/pkcs11/ep11_stdll/Makefile.am -+++ b/usr/lib/pkcs11/ep11_stdll/Makefile.am -@@ -31,6 +31,7 @@ opencryptoki_stdll_libpkcs11_ep11_la_SOURCES = ../common/asn1.c \ - ../common/mech_des.c \ - ../common/mech_des3.c \ - ../common/mech_aes.c \ -+ ../common/mech_ec.c \ - ../common/mech_md5.c \ - ../common/mech_md2.c \ - ../common/mech_rng.c \ -diff --git a/usr/lib/pkcs11/ica_s390_stdll/Makefile.am b/usr/lib/pkcs11/ica_s390_stdll/Makefile.am -index 6d1c3e8..5d17f81 100644 ---- a/usr/lib/pkcs11/ica_s390_stdll/Makefile.am -+++ b/usr/lib/pkcs11/ica_s390_stdll/Makefile.am -@@ -28,12 +28,14 @@ opencryptoki_stdll_libpkcs11_ica_la_SOURCES = ../common/asn1.c \ +@@ -66,6 +96,43 @@ ckm_ec_sign( CK_BYTE *in_data, + } + + CK_RV ++get_ecsiglen(OBJECT *key_obj, CK_ULONG *size) ++{ ++ CK_BBOOL flag; ++ CK_ATTRIBUTE *attr = NULL; ++ int i; ++ ++ flag = template_attribute_find( key_obj->template, ++ CKA_ECDSA_PARAMS, &attr ); ++ if (flag == FALSE) { ++ TRACE_ERROR("Could not find CKA_ECDSA_PARAMS for the key.\n"); ++ return CKR_FUNCTION_FAILED; ++ } ++ ++ /* loop thru supported curves to find the size. ++ * both pkcs#11v2.20 and CCA expect the signature length to be ++ * twice the length of p. ++ * (See EC Signatures in pkcs#11v2.20 and docs for CSNDDSG.) ++ */ ++ for (i = 0; i < NUMEC; i++) { ++ if ((memcmp(attr->pValue, der_ec_supported[i].data, ++ attr->ulValueLen) == 0)) { ++ *size = der_ec_supported[i].len_bits; ++ /* round up if necessary */ ++ if ((*size % 8) == 0) ++ *size = (*size / 8) * 2; ++ else ++ *size = ((*size / 8) + 1) * 2; ++ TRACE_DEVEL("getlen, curve = %d, size = %d\n", der_ec_supported[i].len_bits, *size); ++ return CKR_OK; ++ } ++ } ++ ++ TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID)); ++ return CKR_MECHANISM_PARAM_INVALID; ++} ++ ++CK_RV + ec_sign( SESSION *sess, + CK_BBOOL length_only, + SIGN_VERIFY_CONTEXT *ctx, +diff -up opencryptoki/usr/lib/pkcs11/common/mech_rng.c.source opencryptoki/usr/lib/pkcs11/common/mech_rng.c +--- opencryptoki/usr/lib/pkcs11/common/mech_rng.c.source 2015-07-15 17:19:40.000000000 +0200 ++++ opencryptoki/usr/lib/pkcs11/common/mech_rng.c 2015-08-27 13:46:22.555043039 +0200 +@@ -301,6 +301,7 @@ + #include + #include + #include ++#include + + #include "pkcs11types.h" + #include "defs.h" +diff -up opencryptoki/usr/lib/pkcs11/ica_s390_stdll/Makefile.am.source opencryptoki/usr/lib/pkcs11/ica_s390_stdll/Makefile.am +--- opencryptoki/usr/lib/pkcs11/ica_s390_stdll/Makefile.am.source 2015-07-15 17:19:40.000000000 +0200 ++++ opencryptoki/usr/lib/pkcs11/ica_s390_stdll/Makefile.am 2015-08-27 13:46:22.555043039 +0200 +@@ -28,12 +28,14 @@ opencryptoki_stdll_libpkcs11_ica_la_SOUR ../common/dig_mgr.c \ ../common/encr_mgr.c \ ../common/globals.c \ @@ -326,10 +234,87 @@ index 6d1c3e8..5d17f81 100644 ../common/mech_md5.c \ ../common/mech_md2.c \ ../common/mech_rng.c \ -diff --git a/usr/sbin/pkcsicsf/pkcsicsf.c b/usr/sbin/pkcsicsf/pkcsicsf.c -index 55efc4f..ec05edf 100644 ---- a/usr/sbin/pkcsicsf/pkcsicsf.c -+++ b/usr/sbin/pkcsicsf/pkcsicsf.c +diff -up opencryptoki/usr/lib/pkcs11/icsf_stdll/icsf.c.source opencryptoki/usr/lib/pkcs11/icsf_stdll/icsf.c +--- opencryptoki/usr/lib/pkcs11/icsf_stdll/icsf.c.source 2015-07-15 17:19:40.000000000 +0200 ++++ opencryptoki/usr/lib/pkcs11/icsf_stdll/icsf.c 2015-08-27 13:46:22.556043037 +0200 +@@ -15,6 +15,7 @@ + #include + #include + #include "icsf.h" ++#include + + /* For logging functions: */ + #include "defs.h" +diff -up opencryptoki/usr/lib/pkcs11/icsf_stdll/Makefile.am.source opencryptoki/usr/lib/pkcs11/icsf_stdll/Makefile.am +--- opencryptoki/usr/lib/pkcs11/icsf_stdll/Makefile.am.source 2015-07-15 17:19:40.000000000 +0200 ++++ opencryptoki/usr/lib/pkcs11/icsf_stdll/Makefile.am 2015-08-27 13:46:22.556043037 +0200 +@@ -24,7 +24,8 @@ opencryptoki_stdll_libpkcs11_icsf_la_LDF + -lcrypto \ + -lldap \ + -lpthread \ +- -lrt ++ -lrt \ ++ -llber + + opencryptoki_stdll_libpkcs11_icsf_la_SOURCES = ../common/asn1.c \ + ../common/btree.c \ +@@ -40,6 +41,7 @@ opencryptoki_stdll_libpkcs11_icsf_la_SOU + ../common/dp_obj.c \ + ../common/mech_aes.c \ + ../common/mech_rsa.c \ ++ ../common/mech_ec.c \ + ../common/obj_mgr.c \ + ../common/template.c \ + ../common/p11util.c \ +@@ -51,6 +53,7 @@ opencryptoki_stdll_libpkcs11_icsf_la_SOU + ../common/object.c \ + ../common/decr_mgr.c \ + ../common/globals.c \ ++ ../common/sw_crypt.c \ + ../common/loadsave.c \ + ../common/utility.c \ + ../common/mech_des.c \ +diff -up opencryptoki/usr/lib/pkcs11/soft_stdll/Makefile.am.source opencryptoki/usr/lib/pkcs11/soft_stdll/Makefile.am +--- opencryptoki/usr/lib/pkcs11/soft_stdll/Makefile.am.source 2015-07-15 17:19:40.000000000 +0200 ++++ opencryptoki/usr/lib/pkcs11/soft_stdll/Makefile.am 2015-08-27 13:46:22.556043037 +0200 +@@ -23,6 +23,7 @@ opencryptoki_stdll_libpkcs11_sw_la_SOURC + ../common/dig_mgr.c \ + ../common/encr_mgr.c \ + ../common/globals.c \ ++ ../common/sw_crypt.c \ + ../common/loadsave.c \ + ../common/key.c \ + ../common/key_mgr.c \ +@@ -36,6 +37,7 @@ opencryptoki_stdll_libpkcs11_sw_la_SOURC + ../common/mech_rsa.c \ + ../common/mech_sha.c \ + ../common/mech_ssl3.c \ ++ ../common/mech_ec.c \ + ../common/new_host.c \ + ../common/obj_mgr.c \ + ../common/object.c \ +diff -up opencryptoki/usr/lib/pkcs11/tpm_stdll/Makefile.am.source opencryptoki/usr/lib/pkcs11/tpm_stdll/Makefile.am +--- opencryptoki/usr/lib/pkcs11/tpm_stdll/Makefile.am.source 2015-07-15 17:19:40.000000000 +0200 ++++ opencryptoki/usr/lib/pkcs11/tpm_stdll/Makefile.am 2015-08-27 13:46:22.556043037 +0200 +@@ -28,6 +28,7 @@ opencryptoki_stdll_libpkcs11_tpm_la_SOUR + ../common/key.c \ + ../common/mech_dh.c \ + ../common/mech_rng.c \ ++ ../common/mech_ec.c \ + ../common/new_host.c \ + ../common/sign_mgr.c \ + ../common/cert.c \ +@@ -46,6 +47,7 @@ opencryptoki_stdll_libpkcs11_tpm_la_SOUR + ../common/object.c \ + ../common/decr_mgr.c \ + ../common/globals.c \ ++ ../common/sw_crypt.c \ + ../common/loadsave.c \ + ../common/utility.c \ + ../common/mech_des.c \ +diff -up opencryptoki/usr/sbin/pkcsicsf/pkcsicsf.c.source opencryptoki/usr/sbin/pkcsicsf/pkcsicsf.c +--- opencryptoki/usr/sbin/pkcsicsf/pkcsicsf.c.source 2015-07-15 17:19:40.000000000 +0200 ++++ opencryptoki/usr/sbin/pkcsicsf/pkcsicsf.c 2015-08-27 13:46:22.556043037 +0200 @@ -8,6 +8,7 @@ #include #include @@ -338,10 +323,32 @@ index 55efc4f..ec05edf 100644 #include "icsf.h" #include "slotmgr.h" -diff --git a/usr/sbin/pkcsslotd/mutex.c b/usr/sbin/pkcsslotd/mutex.c -index c517e66..b3f6309 100755 ---- a/usr/sbin/pkcsslotd/mutex.c -+++ b/usr/sbin/pkcsslotd/mutex.c +diff -up opencryptoki/usr/sbin/pkcsslotd/garbage_linux.c.source opencryptoki/usr/sbin/pkcsslotd/garbage_linux.c +--- opencryptoki/usr/sbin/pkcsslotd/garbage_linux.c.source 2015-07-15 17:19:40.000000000 +0200 ++++ opencryptoki/usr/sbin/pkcsslotd/garbage_linux.c 2015-08-27 13:46:22.556043037 +0200 +@@ -294,6 +294,7 @@ + #include + #include + #include ++#include + + #include "log.h" + #include "slotmgr.h" +diff -up opencryptoki/usr/sbin/pkcsslotd/log.c.source opencryptoki/usr/sbin/pkcsslotd/log.c +--- opencryptoki/usr/sbin/pkcsslotd/log.c.source 2015-07-15 17:19:40.000000000 +0200 ++++ opencryptoki/usr/sbin/pkcsslotd/log.c 2015-08-27 13:46:22.557043034 +0200 +@@ -294,6 +294,8 @@ + #include + #include + #include ++#include ++#include + + #include "log.h" + #include "err.h" +diff -up opencryptoki/usr/sbin/pkcsslotd/mutex.c.source opencryptoki/usr/sbin/pkcsslotd/mutex.c +--- opencryptoki/usr/sbin/pkcsslotd/mutex.c.source 2015-07-15 17:19:40.000000000 +0200 ++++ opencryptoki/usr/sbin/pkcsslotd/mutex.c 2015-08-27 13:46:22.557043034 +0200 @@ -292,6 +292,9 @@ #include #include @@ -352,47 +359,9 @@ index c517e66..b3f6309 100755 #include #include "log.h" -diff --git a/usr/lib/pkcs11/common/mech_rng.c b/usr/lib/pkcs11/common/mech_rng.c -index be3e858..f3bd861 100755 ---- a/usr/lib/pkcs11/common/mech_rng.c -+++ b/usr/lib/pkcs11/common/mech_rng.c -@@ -301,6 +301,7 @@ - #include - #include - #include -+#include - - - #include "pkcs11types.h" -diff --git a/usr/sbin/pkcsslotd/garbage_linux.c b/usr/sbin/pkcsslotd/garbage_linux.c -index 90492ce..c3c5564 100755 ---- a/usr/sbin/pkcsslotd/garbage_linux.c -+++ b/usr/sbin/pkcsslotd/garbage_linux.c -@@ -294,6 +294,7 @@ - #include - #include - #include -+#include - - #include "log.h" - #include "slotmgr.h" -diff --git a/usr/sbin/pkcsslotd/log.c b/usr/sbin/pkcsslotd/log.c -index 859a421..f6112d2 100755 ---- a/usr/sbin/pkcsslotd/log.c -+++ b/usr/sbin/pkcsslotd/log.c -@@ -294,6 +294,8 @@ - #include - #include - #include -+#include -+#include - - #include "log.h" - #include "err.h" -diff --git a/usr/sbin/pkcsslotd/slotmgr.c b/usr/sbin/pkcsslotd/slotmgr.c -index b164e42..f8667d1 100755 ---- a/usr/sbin/pkcsslotd/slotmgr.c -+++ b/usr/sbin/pkcsslotd/slotmgr.c +diff -up opencryptoki/usr/sbin/pkcsslotd/slotmgr.c.source opencryptoki/usr/sbin/pkcsslotd/slotmgr.c +--- opencryptoki/usr/sbin/pkcsslotd/slotmgr.c.source 2015-07-15 17:19:40.000000000 +0200 ++++ opencryptoki/usr/sbin/pkcsslotd/slotmgr.c 2015-08-27 13:46:22.557043034 +0200 @@ -292,9 +292,12 @@ #include #include @@ -406,3 +375,16 @@ index b164e42..f8667d1 100755 Slot_Mgr_Shr_t *shmp; // pointer to the shared memory region. int shmid; +diff --git a/usr/lib/pkcs11/icsf_stdll/icsf_specific.c b/usr/lib/pkcs11/icsf_stdll/icsf_specific.c +index 74b07b7..1158eb5 100644 +--- a/usr/lib/pkcs11/icsf_stdll/icsf_specific.c ++++ b/usr/lib/pkcs11/icsf_stdll/icsf_specific.c +@@ -929,7 +929,7 @@ static CK_RV close_session(struct session_state *session_state) + if ((rc = icsf_destroy_object(session_state->ld, &reason, + &mapping->icsf_object))) { + /* Log error */ +- TRACE_EBUG("Failed to remove icsf object: %s/%lu/%c", ++ TRACE_DEBUG("Failed to remove icsf object: %s/%lu/%c", + mapping->icsf_object.token_name, + mapping->icsf_object.sequence, + mapping->icsf_object.id); diff --git a/opencryptoki-3.2-no-undefined.patch b/opencryptoki-3.2-no-undefined.patch index 200de6a..b5806f3 100644 --- a/opencryptoki-3.2-no-undefined.patch +++ b/opencryptoki-3.2-no-undefined.patch @@ -1,12 +1,12 @@ -diff --git a/configure.in b/configure.in ---- a/configure.in -+++ b/configure.in -@@ -571,7 +571,7 @@ fi +diff -up opencryptoki/configure.in.no-undefined opencryptoki/configure.in +--- opencryptoki/configure.in.no-undefined 2015-08-27 11:49:50.815984145 +0200 ++++ opencryptoki/configure.in 2015-08-27 11:50:59.432874245 +0200 +@@ -574,7 +574,7 @@ fi AM_CONDITIONAL([ENABLE_PKCSCCA_MIGRATE], [test "x$enable_pkcscca_migrate" = "xyes"]) AM_CONDITIONAL([ENABLE_PKCSEP11_MIGRATE], [test "x$enable_pkcsep11_migrate" = "xyes"]) -CFLAGS="$CFLAGS -DPKCS64 -D_XOPEN_SOURCE=500" +CFLAGS="$CFLAGS -DPKCS64 -D_XOPEN_SOURCE=500 -Wl,--no-undefined" - CFLAGS+=' -DCONFIG_PATH=\"$(localstatedir)/lib/opencryptoki\" -DSBIN_PATH=\"$(sbindir)\" -DLIB_PATH=\"$(libdir)\" -DLOCKDIR_PATH=\"$(lockdir)\" -DOCK_CONFDIR=\"$(sysconfdir)/opencryptoki\"' + CFLAGS+=' -DCONFIG_PATH=\"$(localstatedir)/lib/opencryptoki\" -DSBIN_PATH=\"$(sbindir)\" -DLIB_PATH=\"$(libdir)\" -DLOCKDIR_PATH=\"$(lockdir)\" -DOCK_CONFDIR=\"$(sysconfdir)/opencryptoki\" -DOCK_LOGDIR=\"$(logdir)\"' diff --git a/opencryptoki-3.3-unused.patch b/opencryptoki-3.3-unused.patch new file mode 100644 index 0000000..628befa --- /dev/null +++ b/opencryptoki-3.3-unused.patch @@ -0,0 +1,336 @@ +diff --git a/usr/lib/pkcs11/common/encr_mgr.c b/usr/lib/pkcs11/common/encr_mgr.c +index 50fa661..e12aec8 100755 +--- a/usr/lib/pkcs11/common/encr_mgr.c ++++ b/usr/lib/pkcs11/common/encr_mgr.c +@@ -764,7 +764,6 @@ encr_mgr_init( SESSION * sess, + break; + case CKM_AES_CTR: + { +- CK_AES_CTR_PARAMS aesctr; + if (mech->ulParameterLen != sizeof(CK_AES_CTR_PARAMS)){ + TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID)); + return CKR_MECHANISM_PARAM_INVALID; +diff --git a/usr/lib/pkcs11/common/mech_aes.c b/usr/lib/pkcs11/common/mech_aes.c +index 453253d..4eacad5 100644 +--- a/usr/lib/pkcs11/common/mech_aes.c ++++ b/usr/lib/pkcs11/common/mech_aes.c +@@ -2671,7 +2671,6 @@ aes_mac_verify_update( SESSION * sess, + { + CK_ULONG rc; + OBJECT * key_obj = NULL; +- CK_ULONG mac_len; + AES_DATA_CONTEXT * context = NULL; + CK_BYTE * cipher = NULL; + CK_ULONG total, remain, out_len; +diff --git a/usr/lib/pkcs11/common/mech_ec.c b/usr/lib/pkcs11/common/mech_ec.c +index 88bb08e..4817b45 100644 +--- a/usr/lib/pkcs11/common/mech_ec.c ++++ b/usr/lib/pkcs11/common/mech_ec.c +@@ -143,7 +143,6 @@ ec_sign( SESSION *sess, + { + OBJECT *key_obj = NULL; + CK_ULONG plen; +- CK_BBOOL flag; + CK_RV rc; + + if (!sess || !ctx || !out_data_len){ +@@ -225,7 +224,6 @@ ec_verify(SESSION *sess, + { + OBJECT *key_obj = NULL; + CK_ULONG plen; +- CK_BBOOL flag; + CK_RV rc; + + +diff --git a/usr/lib/pkcs11/common/mech_rsa.c b/usr/lib/pkcs11/common/mech_rsa.c +index 60cac63..0430863 100755 +--- a/usr/lib/pkcs11/common/mech_rsa.c ++++ b/usr/lib/pkcs11/common/mech_rsa.c +@@ -776,7 +776,7 @@ CK_RV rsa_oaep_crypt(SESSION *sess, CK_BBOOL length_only, + CK_ULONG *out_data_len, CK_BBOOL encrypt) + { + OBJECT *key_obj = NULL; +- CK_ULONG hlen, modulus_bytes, mgf_mech; ++ CK_ULONG hlen, modulus_bytes; + CK_OBJECT_CLASS keyclass; + CK_BYTE hash[MAX_SHA_HASH_SIZE]; + CK_RV rc; +@@ -1536,9 +1536,8 @@ CK_RV rsa_pss_verify(SESSION *sess, SIGN_VERIFY_CONTEXT *ctx, CK_BYTE *in_data, + { + CK_RV rc; + OBJECT *key_obj = NULL; +- CK_ULONG modulus_bytes, hlen; ++ CK_ULONG modulus_bytes; + CK_OBJECT_CLASS keyclass; +- CK_RSA_PKCS_PSS_PARAMS_PTR pssParms = NULL; + + rc = object_mgr_find_in_map1(ctx->key, &key_obj); + if (rc != CKR_OK) { +diff --git a/usr/lib/pkcs11/common/obj_mgr.c b/usr/lib/pkcs11/common/obj_mgr.c +index c275225..80f5998 100755 +--- a/usr/lib/pkcs11/common/obj_mgr.c ++++ b/usr/lib/pkcs11/common/obj_mgr.c +@@ -1247,7 +1247,6 @@ CK_RV + object_mgr_find_in_map_nocache( CK_OBJECT_HANDLE handle, + OBJECT ** ptr ) + { +- DL_NODE * node = NULL; + OBJECT_MAP * map = NULL; + OBJECT * obj = NULL; + CK_RV rc = CKR_OK; +diff --git a/usr/lib/pkcs11/common/sess_mgr.c b/usr/lib/pkcs11/common/sess_mgr.c +index 31607df..32d1081 100755 +--- a/usr/lib/pkcs11/common/sess_mgr.c ++++ b/usr/lib/pkcs11/common/sess_mgr.c +@@ -317,7 +317,6 @@ + SESSION * + session_mgr_find( CK_SESSION_HANDLE handle ) + { +- struct btnode *n; + SESSION * result = NULL; + CK_RV rc; + +@@ -351,7 +350,6 @@ CK_RV + session_mgr_new( CK_ULONG flags, CK_SLOT_ID slot_id, CK_SESSION_HANDLE_PTR phSession ) + { + SESSION * new_session = NULL; +- SESSION * s = NULL; + CK_BBOOL user_session = FALSE; + CK_BBOOL so_session = FALSE; + CK_BBOOL pkcs_locked = TRUE; +@@ -560,7 +558,6 @@ session_mgr_readonly_session_exists( void ) + CK_RV + session_mgr_close_session( CK_SESSION_HANDLE handle ) + { +- struct btnode *n; + SESSION *sess; + CK_RV rc = CKR_OK; + +@@ -709,8 +706,6 @@ CK_RV + session_mgr_close_all_sessions( void ) + { + CK_RV rc = CKR_OK; +- SESSION *sess; +- unsigned long i; + + rc = MY_LockMutex( &sess_list_mutex ); + if (rc != CKR_OK){ +@@ -759,9 +754,6 @@ session_login(void *node_value, unsigned long node_idx, void *p3) + CK_RV + session_mgr_login_all( CK_USER_TYPE user_type ) + { +- struct btnode *n; +- unsigned long i; +- SESSION *s; + CK_RV rc = CKR_OK; + + rc = MY_LockMutex( &sess_list_mutex ); +@@ -805,8 +797,6 @@ session_logout(void *node_value, unsigned long node_idx, void *p3) + CK_RV + session_mgr_logout_all( void ) + { +- unsigned long i; +- SESSION * s = NULL; + CK_RV rc = CKR_OK; + + rc = MY_LockMutex( &sess_list_mutex ); +diff --git a/usr/lib/pkcs11/icsf_stdll/icsf.c b/usr/lib/pkcs11/icsf_stdll/icsf.c +index e7712e7..5ec344f 100644 +--- a/usr/lib/pkcs11/icsf_stdll/icsf.c ++++ b/usr/lib/pkcs11/icsf_stdll/icsf.c +@@ -2615,7 +2615,6 @@ int icsf_hmac_verify(LDAP *ld, int *reason, struct icsf_object_record *key, + char rule_array[2 * ICSF_RULE_ITEM_LEN]; + BerElement *msg = NULL; + BerElement *result = NULL; +- struct berval bvHmac = { 0UL, NULL }; + struct berval bvChain = { 0UL, NULL }; + const char *rule_alg; + +@@ -3209,7 +3208,6 @@ icsf_derive_multple_keys(LDAP *ld, int *p_reason, CK_MECHANISM_PTR mech, + struct icsf_object_record *server_iv) + { + int rc = 0; +- int reason = 0; + const char *rule_alg; + char handle[ICSF_HANDLE_LEN]; + char rule_array[ICSF_RULE_ITEM_LEN]; +diff --git a/usr/lib/pkcs11/icsf_stdll/icsf_specific.c b/usr/lib/pkcs11/icsf_stdll/icsf_specific.c +index 1158eb5..5c92454 100644 +--- a/usr/lib/pkcs11/icsf_stdll/icsf_specific.c ++++ b/usr/lib/pkcs11/icsf_stdll/icsf_specific.c +@@ -1045,7 +1045,6 @@ CK_RV icsftok_login(SESSION *sess, CK_USER_TYPE userType, CK_CHAR_PTR pPin, + char *ca_dir = NULL; + CK_SLOT_ID slot_id = sess->session_info.slotID; + struct session_state *session_state; +- int sessions_locked = 0; + LDAP *ld; + + /* Check Slot ID */ +diff --git a/usr/lib/pkcs11/icsf_stdll/new_host.c b/usr/lib/pkcs11/icsf_stdll/new_host.c +index dc9790a..bf492c8 100644 +--- a/usr/lib/pkcs11/icsf_stdll/new_host.c ++++ b/usr/lib/pkcs11/icsf_stdll/new_host.c +@@ -378,7 +378,6 @@ CK_RV valid_mech(CK_MECHANISM_PTR m, CK_FLAGS f) + CK_RV ST_Initialize(void **FunctionList, CK_SLOT_ID SlotNumber, char *conf_name, + struct trace_handle_t t) + { +- int i; + CK_RV rc = CKR_OK; + + if ((rc = check_user_and_group()) != CKR_OK) +@@ -1626,7 +1625,6 @@ CK_RV SC_EncryptUpdate(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pPart, + CK_ULONG_PTR pulEncryptedPartLen) + { + SESSION *sess = NULL; +- CK_BBOOL length_only = FALSE; + CK_RV rc = CKR_OK; + + if (initialized == FALSE) { +@@ -1654,9 +1652,6 @@ CK_RV SC_EncryptUpdate(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pPart, + goto done; + } + +- if (!pEncryptedPart) +- length_only = TRUE; +- + rc = icsftok_encrypt_update(sess, pPart, ulPartLen, pEncryptedPart, + pulEncryptedPartLen); + if (rc != CKR_OK) +@@ -1837,7 +1832,6 @@ CK_RV SC_DecryptUpdate(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR pulPartLen) + { + SESSION *sess = NULL; +- CK_BBOOL length_only = FALSE; + CK_RV rc = CKR_OK; + + if (initialized == FALSE) { +@@ -1865,9 +1859,6 @@ CK_RV SC_DecryptUpdate(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pEncryptedPart, + goto done; + } + +- if (!pPart) +- length_only = TRUE; +- + rc = icsftok_decrypt_update(sess, pEncryptedPart, ulEncryptedPartLen, + pPart, pulPartLen); + if (rc != CKR_OK) +@@ -2835,7 +2826,6 @@ CK_RV SC_WrapKey(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism, + CK_BYTE_PTR pWrappedKey, CK_ULONG_PTR pulWrappedKeyLen) + { + SESSION *sess = NULL; +- CK_BBOOL length_only = FALSE; + CK_RV rc = CKR_OK; + + if (initialized == FALSE) { +@@ -2854,9 +2844,6 @@ CK_RV SC_WrapKey(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism, + if (rc != CKR_OK) + goto done; + +- if (!pWrappedKey) +- length_only = TRUE; +- + sess = session_mgr_find(sSession->sessionh); + if (!sess) { + TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID)); +diff --git a/usr/lib/pkcs11/icsf_stdll/pbkdf.c b/usr/lib/pkcs11/icsf_stdll/pbkdf.c +index 33d36c8..fbbcb39 100644 +--- a/usr/lib/pkcs11/icsf_stdll/pbkdf.c ++++ b/usr/lib/pkcs11/icsf_stdll/pbkdf.c +@@ -545,7 +545,6 @@ pbkdf(CK_BYTE *password, CK_ULONG len, CK_BYTE *salt, CK_BYTE *dkey, CK_ULONG kl + unsigned char *result; + unsigned int r, num_of_blocks; + unsigned int count, hashlen; +- unsigned char *ret; + CK_ULONG rc = CKR_OK; + int i, j, k; + +diff --git a/usr/sbin/pkcsicsf/pkcsicsf.c b/usr/sbin/pkcsicsf/pkcsicsf.c +index ec05edf..dd31bbe 100644 +--- a/usr/sbin/pkcsicsf/pkcsicsf.c ++++ b/usr/sbin/pkcsicsf/pkcsicsf.c +@@ -476,7 +476,6 @@ main(int argc, char **argv) + { + char *racfpwd = NULL; + size_t racflen; +- unsigned char *ret; + char *tokenname = NULL; + int c; + int rc = 0; +@@ -488,7 +487,7 @@ main(int argc, char **argv) + flags |= CFG_ADD; + if ((tokenname = strdup(optarg)) == NULL) { + rc = -1; +- fprintf(stderr, "strdup failed: line %s\n", ++ fprintf(stderr, "strdup failed: line %d\n", + __LINE__); + goto cleanup; + } +@@ -500,34 +499,34 @@ main(int argc, char **argv) + flags |= CFG_BINDDN; + if ((binddn = strdup(optarg)) == NULL) { + rc = -1; +- fprintf(stderr, "strdup failed: line %s\n", ++ fprintf(stderr, "strdup failed: line %d\n", + __LINE__); + goto cleanup; + } + break; + case 'c': +- flags != CFG_CERT; ++ flags |= CFG_CERT; + if ((cert = strdup(optarg)) == NULL) { + rc = -1; +- fprintf(stderr, "strdup failed: line %s\n", ++ fprintf(stderr, "strdup failed: line %d\n", + __LINE__); + goto cleanup; + } + break; + case 'k': +- flags != CFG_PRIVKEY; ++ flags |= CFG_PRIVKEY; + if ((privkey = strdup(optarg)) == NULL) { + rc = -1; +- fprintf(stderr, "strdup failed: line %s\n", ++ fprintf(stderr, "strdup failed: line %d\n", + __LINE__); + goto cleanup; + } + break; + case 'C': +- flags != CFG_CACERT; ++ flags |= CFG_CACERT; + if ((cacert = strdup(optarg)) == NULL) { + rc = -1; +- fprintf(stderr, "strdup failed: line %s\n", ++ fprintf(stderr, "strdup failed: line %d\n", + __LINE__); + goto cleanup; + } +@@ -536,7 +535,7 @@ main(int argc, char **argv) + flags |= CFG_URI; + if ((uri = strdup(optarg)) == NULL) { + rc = -1; +- fprintf(stderr, "strdup failed: line %s\n", ++ fprintf(stderr, "strdup failed: line %d\n", + __LINE__); + goto cleanup; + } +@@ -545,7 +544,7 @@ main(int argc, char **argv) + flags |= CFG_MECH; + if ((mech = strdup(optarg)) == NULL) { + rc = -1; +- fprintf(stderr, "strdup failed: line %s\n", ++ fprintf(stderr, "strdup failed: line %d\n", + __LINE__); + goto cleanup; + } +@@ -686,7 +685,7 @@ cleanup: + if (uri) + free(uri); + if (mech) +- mech; ++ free(mech); + if (racfpwd) + free(racfpwd); + return rc; diff --git a/opencryptoki.spec b/opencryptoki.spec index 3a98986..7da1009 100644 --- a/opencryptoki.spec +++ b/opencryptoki.spec @@ -2,8 +2,8 @@ Name: opencryptoki Summary: Implementation of the PKCS#11 (Cryptoki) specification v2.11 -Version: 3.2 -Release: 4%{?dist} +Version: 3.3 +Release: 1%{?dist} License: CPL Group: System Environment/Base URL: http://sourceforge.net/projects/opencryptoki @@ -15,6 +15,7 @@ Patch0: %{name}-2.4-group.patch Patch1: %{name}-3.2-conditional-manpages.patch # Fix missing sources and libraries in makefiles causing undefined symbols (#1193560) Patch2: %{name}-3.2-missing-sources-and-libraries.patch +Patch3: %{name}-3.3-unused.patch # Use --no-undefined to debug missing symbols #Patch100: %{name}-3.2-no-undefined.patch @@ -185,6 +186,7 @@ configured with Enterprise PKCS#11 (EP11) firmware. %patch0 -p1 -b .group %patch1 -p1 -b .man %patch2 -p1 -b .source +%patch3 -p1 -b .unused #%patch100 -p1 -b .no-undefined diff --git a/sources b/sources index 2837ce1..1cd0d38 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -9c3b3ff3d935e09bfa132f2951d4c859 opencryptoki-v3.2.tgz +df6a738460ac6be657de72abf4fcf21c opencryptoki-v3.3.tgz