rpms/opencryptoki
7
0
Fork 0
Code Issues Pull Requests Releases Activity

opencryptoki-3.3-1

Browse Source
This commit is contained in:
Jakub Jelen 2015-08-27 15:21:08 +02:00
parent c8cf931391
commit f3b24dba71
7 changed files with 591 additions and 276 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -9,3 +9,4 @@ opencryptoki-2.3.1.tar.gz
/opencryptoki-v3.0.tar.gz /opencryptoki-v3.0.tar.gz
/opencryptoki-v3.1.tgz /opencryptoki-v3.1.tgz
/opencryptoki-v3.2.tgz /opencryptoki-v3.2.tgz
/opencryptoki-v3.3.tgz

72
opencryptoki-2.4-group.patch
View File

@ -1,46 +1,40 @@
diff -urp opencryptoki-2.4.orig/usr/lib/pkcs11/api/shrd_mem.c opencryptoki-2.4/usr/lib/pkcs11/api/shrd_mem.c diff -up opencryptoki/usr/lib/pkcs11/api/shrd_mem.c.in.group opencryptoki/usr/lib/pkcs11/api/shrd_mem.c.in
--- opencryptoki-2.4.orig/usr/lib/pkcs11/api/shrd_mem.c.in 2011-08-15 08:17:14.000000000 -0400 --- opencryptoki/usr/lib/pkcs11/api/shrd_mem.c.in.group 2015-08-27 11:35:42.759397175 +0200
+++ opencryptoki-2.4/usr/lib/pkcs11/api/shrd_mem.c.in 2011-08-15 10:22:49.000000000 -0400 +++ opencryptoki/usr/lib/pkcs11/api/shrd_mem.c.in 2015-08-27 11:39:02.240023425 +0200
@@ -351,43 +351,6 @@ attach_shared_memory() { @@ -352,37 +352,6 @@ attach_shared_memory() {
return NULL; return NULL;
} }
- - uid = getuid();
- // SAB check for the group id here and membership here as well - euid = geteuid();
- grp = getgrnam("pkcs11"); - // only check group membership if not root user
- if ( grp ) { - if (uid != 0 && euid != 0) {
- int i=0; - int i, member=0;
- char member=0; - grp = getgrnam("pkcs11");
- - if (!grp) {
- pw = getpwuid(getuid()); - // group pkcs11 not known to the system
- - return NULL;
- epw = getpwuid(geteuid()); - }
- - pw = getpwuid(uid);
- while( grp->gr_mem[i] ) { - epw = getpwuid(euid);
- if (pw) { - for (i=0; grp->gr_mem[i]; i++) {
- if ( strncmp(pw->pw_name, grp->gr_mem[i],strlen(pw->pw_name)) == 0 ){ - if (pw) {
- member = 1; - if (!strncmp(pw->pw_name, grp->gr_mem[i],strlen(pw->pw_name))) {
- break; - member = 1;
- } - break;
- } - }
- if (epw) { - }
- if ( strncmp(epw->pw_name, grp->gr_mem[i],strlen(epw->pw_name)) == 0 ){ - if (epw) {
- member = 1; - if (!strncmp(epw->pw_name, grp->gr_mem[i],strlen(epw->pw_name))) {
- break; - member = 1;
- } - break;
- } - }
- i++; - }
- } - }
- if ( ! member ) { - if (!member) {
- return NULL; // SAB don't bother even attaching... - return NULL;
- } - }
-
-
- } else {
- return NULL;
- } - }
-
-
- -
Anchor->shm_tok = ftok(TOK_PATH,'b'); Anchor->shm_tok = ftok(TOK_PATH,'b');

440
opencryptoki-3.2-missing-sources-and-libraries.patch
View File

@ -1,7 +1,7 @@
diff --git a/configure.in b/configure.in diff -up opencryptoki/configure.in.source opencryptoki/configure.in
--- a/configure.in --- opencryptoki/configure.in.source 2015-07-15 17:19:40.000000000 +0200
+++ b/configure.in +++ opencryptoki/configure.in 2015-08-27 13:46:22.554043041 +0200
@@ -4,7 +4,7 @@ AC_INIT([openCryptoki],[3.2],[opencryptoki-tech@lists.sourceforge.net]) @@ -4,7 +4,7 @@ AC_INIT([openCryptoki],[3.3],[opencrypto
dnl Needed for $target! dnl Needed for $target!
AC_CANONICAL_SYSTEM AC_CANONICAL_SYSTEM
@ -10,10 +10,10 @@ diff --git a/configure.in b/configure.in
dnl Checks for header files. dnl Checks for header files.
AC_DISABLE_STATIC AC_DISABLE_STATIC
diff --git a/usr/lib/pkcs11/cca_stdll/cca_specific.c b/usr/lib/pkcs11/cca_stdll/cca_specific.c diff -up opencryptoki/usr/lib/pkcs11/cca_stdll/cca_specific.c.source opencryptoki/usr/lib/pkcs11/cca_stdll/cca_specific.c
--- a/usr/lib/pkcs11/cca_stdll/cca_specific.c --- opencryptoki/usr/lib/pkcs11/cca_stdll/cca_specific.c.source 2015-07-15 17:19:40.000000000 +0200
+++ b/usr/lib/pkcs11/cca_stdll/cca_specific.c +++ opencryptoki/usr/lib/pkcs11/cca_stdll/cca_specific.c 2015-08-27 13:46:22.554043041 +0200
@@ -2352,40 +2352,3 @@ token_specific_object_add(OBJECT *object) @@ -2336,40 +2336,3 @@ token_specific_object_add(OBJECT *object
return CKR_OK; return CKR_OK;
} }
@ -28,7 +28,7 @@ diff --git a/usr/lib/pkcs11/cca_stdll/cca_specific.c b/usr/lib/pkcs11/cca_stdll/
- flag = template_attribute_find( key_obj->template, - flag = template_attribute_find( key_obj->template,
- CKA_ECDSA_PARAMS, &attr ); - CKA_ECDSA_PARAMS, &attr );
- if (flag == FALSE) { - if (flag == FALSE) {
- OCK_LOG_ERR(ERR_FUNCTION_FAILED); - TRACE_ERROR("Could not find CKA_ECDSA_PARAMS for the key.\n");
- return CKR_FUNCTION_FAILED; - return CKR_FUNCTION_FAILED;
- } - }
- -
@ -46,152 +46,18 @@ diff --git a/usr/lib/pkcs11/cca_stdll/cca_specific.c b/usr/lib/pkcs11/cca_stdll/
- *size = (*size / 8) * 2; - *size = (*size / 8) * 2;
- else - else
- *size = ((*size / 8) + 1) * 2; - *size = ((*size / 8) + 1) * 2;
- OCK_LOG_DEBUG("getlen, curve = %d, size = %d\n", der_ec_supported[i].len_bits, *size); - TRACE_DEVEL("getlen, curve = %d, size = %d\n", der_ec_supported[i].len_bits, *size);
- return CKR_OK; - return CKR_OK;
- } - }
- } - }
- -
- OCK_LOG_ERR(ERR_MECHANISM_PARAM_INVALID); - TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));
- return CKR_MECHANISM_PARAM_INVALID; - return CKR_MECHANISM_PARAM_INVALID;
-} -}
diff --git a/usr/lib/pkcs11/common/mech_ec.c b/usr/lib/pkcs11/common/mech_ec.c diff -up opencryptoki/usr/lib/pkcs11/common/btree.c.source opencryptoki/usr/lib/pkcs11/common/btree.c
--- a/usr/lib/pkcs11/common/mech_ec.c --- opencryptoki/usr/lib/pkcs11/common/btree.c.source 2015-07-15 17:19:40.000000000 +0200
+++ b/usr/lib/pkcs11/common/mech_ec.c +++ opencryptoki/usr/lib/pkcs11/common/btree.c 2015-08-27 13:46:22.554043041 +0200
@@ -19,6 +19,8 @@ @@ -231,7 +231,7 @@ bt_node_free(struct btree *t, unsigned l
#include "host_defs.h"
#include "h_extern.h"
#include "tok_spec_struct.h"
+#include <stdint.h>
+#include "ec_defs.h"
CK_RV
ckm_ec_key_pair_gen( TEMPLATE * publ_tmpl,
@@ -65,6 +67,43 @@ ckm_ec_sign( CK_BYTE *in_data,
}
CK_RV
+get_ecsiglen(OBJECT *key_obj, CK_ULONG *size)
+{
+ CK_BBOOL flag;
+ CK_ATTRIBUTE *attr = NULL;
+ int i;
+
+ flag = template_attribute_find( key_obj->template,
+ CKA_ECDSA_PARAMS, &attr );
+ if (flag == FALSE) {
+ OCK_LOG_ERR(ERR_FUNCTION_FAILED);
+ return CKR_FUNCTION_FAILED;
+ }
+
+ /* loop thru supported curves to find the size.
+ * both pkcs#11v2.20 and CCA expect the signature length to be
+ * twice the length of p.
+ * (See EC Signatures in pkcs#11v2.20 and docs for CSNDDSG.)
+ */
+ for (i = 0; i < NUMEC; i++) {
+ if ((memcmp(attr->pValue, der_ec_supported[i].data,
+ attr->ulValueLen) == 0)) {
+ *size = der_ec_supported[i].len_bits;
+ /* round up if necessary */
+ if ((*size % 8) == 0)
+ *size = (*size / 8) * 2;
+ else
+ *size = ((*size / 8) + 1) * 2;
+ OCK_LOG_DEBUG("getlen, curve = %d, size = %d\n", der_ec_supported[i].len_bits, *size);
+ return CKR_OK;
+ }
+ }
+
+ OCK_LOG_ERR(ERR_MECHANISM_PARAM_INVALID);
+ return CKR_MECHANISM_PARAM_INVALID;
+}
+
+CK_RV
ec_sign( SESSION *sess,
CK_BBOOL length_only,
SIGN_VERIFY_CONTEXT *ctx,
diff --git a/usr/lib/pkcs11/icsf_stdll/Makefile.am b/usr/lib/pkcs11/icsf_stdll/Makefile.am
--- a/usr/lib/pkcs11/icsf_stdll/Makefile.am
+++ b/usr/lib/pkcs11/icsf_stdll/Makefile.am
@@ -24,7 +24,8 @@ opencryptoki_stdll_libpkcs11_icsf_la_LDFLAGS = -shared \
-lcrypto \
-lldap \
-lpthread \
- -lrt
+ -lrt \
+ -llber
opencryptoki_stdll_libpkcs11_icsf_la_SOURCES = ../common/asn1.c \
../common/btree.c \
@@ -34,6 +35,7 @@ opencryptoki_stdll_libpkcs11_icsf_la_SOURCES = ../common/asn1.c \
../common/key.c \
../common/mech_dh.c \
../common/mech_rng.c \
+ ../common/mech_ec.c \
../common/new_host.c \
../common/sign_mgr.c \
../common/cert.c \
@@ -51,6 +53,7 @@ opencryptoki_stdll_libpkcs11_icsf_la_SOURCES = ../common/asn1.c \
../common/object.c \
../common/decr_mgr.c \
../common/globals.c \
+ ../common/sw_crypt.c \
../common/loadsave.c \
../common/utility.c \
../common/mech_des.c \
diff --git a/usr/lib/pkcs11/icsf_stdll/icsf.c b/usr/lib/pkcs11/icsf_stdll/icsf.c
--- a/usr/lib/pkcs11/icsf_stdll/icsf.c
+++ b/usr/lib/pkcs11/icsf_stdll/icsf.c
@@ -14,6 +14,7 @@
#include <string.h>
#include <ctype.h>
#include "icsf.h"
+#include <lber.h>
/* For logging functions: */
#include "defs.h"
diff --git a/usr/lib/pkcs11/soft_stdll/Makefile.am b/usr/lib/pkcs11/soft_stdll/Makefile.am
--- a/usr/lib/pkcs11/soft_stdll/Makefile.am
+++ b/usr/lib/pkcs11/soft_stdll/Makefile.am
@@ -23,6 +23,7 @@ opencryptoki_stdll_libpkcs11_sw_la_SOURCES = ../common/asn1.c \
../common/dig_mgr.c \
../common/encr_mgr.c \
../common/globals.c \
+ ../common/sw_crypt.c \
../common/loadsave.c \
../common/key.c \
../common/key_mgr.c \
@@ -36,6 +37,7 @@ opencryptoki_stdll_libpkcs11_sw_la_SOURCES = ../common/asn1.c \
../common/mech_rsa.c \
../common/mech_sha.c \
../common/mech_ssl3.c \
+ ../common/mech_ec.c \
../common/new_host.c \
../common/obj_mgr.c \
../common/object.c \
diff --git a/usr/lib/pkcs11/tpm_stdll/Makefile.am b/usr/lib/pkcs11/tpm_stdll/Makefile.am
--- a/usr/lib/pkcs11/tpm_stdll/Makefile.am
+++ b/usr/lib/pkcs11/tpm_stdll/Makefile.am
@@ -28,6 +28,7 @@ opencryptoki_stdll_libpkcs11_tpm_la_SOURCES = ../common/asn1.c \
../common/key.c \
../common/mech_dh.c \
../common/mech_rng.c \
+ ../common/mech_ec.c \
../common/new_host.c \
../common/sign_mgr.c \
../common/cert.c \
@@ -46,6 +47,7 @@ opencryptoki_stdll_libpkcs11_tpm_la_SOURCES = ../common/asn1.c \
../common/object.c \
../common/decr_mgr.c \
../common/globals.c \
+ ../common/sw_crypt.c \
../common/loadsave.c \
../common/utility.c \
../common/mech_des.c \
diff --git a/usr/lib/pkcs11/common/btree.c b/usr/lib/pkcs11/common/btree.c
--- a/usr/lib/pkcs11/common/btree.c
+++ b/usr/lib/pkcs11/common/btree.c
@@ -242,7 +242,7 @@ bt_node_free(struct btree *t, unsigned long node_num, void (*delete_func)(void *
* *
* return 0 if binary tree has at least 1 node in use, !0 otherwise * return 0 if binary tree has at least 1 node in use, !0 otherwise
*/ */
@ -200,10 +66,9 @@ diff --git a/usr/lib/pkcs11/common/btree.c b/usr/lib/pkcs11/common/btree.c
bt_is_empty(struct btree *t) bt_is_empty(struct btree *t)
{ {
return (t->free_nodes == t->size); return (t->free_nodes == t->size);
diff --git a/usr/lib/pkcs11/common/ec_defs.h b/usr/lib/pkcs11/common/ec_defs.h diff -up opencryptoki/usr/lib/pkcs11/common/ec_defs.h.source opencryptoki/usr/lib/pkcs11/common/ec_defs.h
index 12e16c9..fd499de 100644 --- opencryptoki/usr/lib/pkcs11/common/ec_defs.h.source 2015-07-15 17:19:40.000000000 +0200
--- a/usr/lib/pkcs11/common/ec_defs.h +++ opencryptoki/usr/lib/pkcs11/common/ec_defs.h 2015-08-27 13:46:22.555043039 +0200
+++ b/usr/lib/pkcs11/common/ec_defs.h
@@ -30,18 +30,18 @@ @@ -30,18 +30,18 @@
/* Supported Elliptic Curves */ /* Supported Elliptic Curves */
@ -256,14 +121,16 @@ index 12e16c9..fd499de 100644
- -
+extern struct _ec der_ec_supported[NUMEC]; +extern struct _ec der_ec_supported[NUMEC];
#endif #endif
diff --git a/usr/lib/pkcs11/common/mech_ec.c b/usr/lib/pkcs11/common/mech_ec.c diff -up opencryptoki/usr/lib/pkcs11/common/mech_ec.c.source opencryptoki/usr/lib/pkcs11/common/mech_ec.c
index b9cb009..759af61 100644 --- opencryptoki/usr/lib/pkcs11/common/mech_ec.c.source 2015-07-15 17:19:40.000000000 +0200
--- a/usr/lib/pkcs11/common/mech_ec.c +++ opencryptoki/usr/lib/pkcs11/common/mech_ec.c 2015-08-27 13:47:18.703913315 +0200
+++ b/usr/lib/pkcs11/common/mech_ec.c @@ -20,6 +20,36 @@
@@ -22,6 +22,34 @@ #include "h_extern.h"
#include <stdint.h> #include "tok_spec_struct.h"
#include "ec_defs.h" #include "trace.h"
+#include <stdint.h>
+#include "ec_defs.h"
+
+CK_BYTE brainpoolP160r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x01 }; +CK_BYTE brainpoolP160r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x01 };
+CK_BYTE brainpoolP192r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x03 }; +CK_BYTE brainpoolP192r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x03 };
+CK_BYTE brainpoolP224r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x05 }; +CK_BYTE brainpoolP224r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x05 };
@ -291,27 +158,68 @@ index b9cb009..759af61 100644
+ {PRIME_CURVE, CURVE384, sizeof(secp384), &secp384}, + {PRIME_CURVE, CURVE384, sizeof(secp384), &secp384},
+ {PRIME_CURVE, CURVE521, sizeof(secp521), &secp521}, + {PRIME_CURVE, CURVE521, sizeof(secp521), &secp521},
+}; +};
+
CK_RV CK_RV
ckm_ec_key_pair_gen( TEMPLATE * publ_tmpl, ckm_ec_key_pair_gen( TEMPLATE * publ_tmpl,
TEMPLATE * priv_tmpl ) @@ -66,6 +96,43 @@ ckm_ec_sign( CK_BYTE *in_data,
diff --git a/usr/lib/pkcs11/ep11_stdll/Makefile.am b/usr/lib/pkcs11/ep11_stdll/Makefile.am }
index d587fd2..fba4889 100644
--- a/usr/lib/pkcs11/ep11_stdll/Makefile.am CK_RV
+++ b/usr/lib/pkcs11/ep11_stdll/Makefile.am +get_ecsiglen(OBJECT *key_obj, CK_ULONG *size)
@@ -31,6 +31,7 @@ opencryptoki_stdll_libpkcs11_ep11_la_SOURCES = ../common/asn1.c \ +{
../common/mech_des.c \ + CK_BBOOL flag;
../common/mech_des3.c \ + CK_ATTRIBUTE *attr = NULL;
../common/mech_aes.c \ + int i;
+ ../common/mech_ec.c \ +
../common/mech_md5.c \ + flag = template_attribute_find( key_obj->template,
../common/mech_md2.c \ + CKA_ECDSA_PARAMS, &attr );
../common/mech_rng.c \ + if (flag == FALSE) {
diff --git a/usr/lib/pkcs11/ica_s390_stdll/Makefile.am b/usr/lib/pkcs11/ica_s390_stdll/Makefile.am + TRACE_ERROR("Could not find CKA_ECDSA_PARAMS for the key.\n");
index 6d1c3e8..5d17f81 100644 + return CKR_FUNCTION_FAILED;
--- a/usr/lib/pkcs11/ica_s390_stdll/Makefile.am + }
+++ b/usr/lib/pkcs11/ica_s390_stdll/Makefile.am +
@@ -28,12 +28,14 @@ opencryptoki_stdll_libpkcs11_ica_la_SOURCES = ../common/asn1.c \ + /* loop thru supported curves to find the size.
+ * both pkcs#11v2.20 and CCA expect the signature length to be
+ * twice the length of p.
+ * (See EC Signatures in pkcs#11v2.20 and docs for CSNDDSG.)
+ */
+ for (i = 0; i < NUMEC; i++) {
+ if ((memcmp(attr->pValue, der_ec_supported[i].data,
+ attr->ulValueLen) == 0)) {
+ *size = der_ec_supported[i].len_bits;
+ /* round up if necessary */
+ if ((*size % 8) == 0)
+ *size = (*size / 8) * 2;
+ else
+ *size = ((*size / 8) + 1) * 2;
+ TRACE_DEVEL("getlen, curve = %d, size = %d\n", der_ec_supported[i].len_bits, *size);
+ return CKR_OK;
+ }
+ }
+
+ TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));
+ return CKR_MECHANISM_PARAM_INVALID;
+}
+
+CK_RV
ec_sign( SESSION *sess,
CK_BBOOL length_only,
SIGN_VERIFY_CONTEXT *ctx,
diff -up opencryptoki/usr/lib/pkcs11/common/mech_rng.c.source opencryptoki/usr/lib/pkcs11/common/mech_rng.c
--- opencryptoki/usr/lib/pkcs11/common/mech_rng.c.source 2015-07-15 17:19:40.000000000 +0200
+++ opencryptoki/usr/lib/pkcs11/common/mech_rng.c 2015-08-27 13:46:22.555043039 +0200
@@ -301,6 +301,7 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
+#include <unistd.h>
#include "pkcs11types.h"
#include "defs.h"
diff -up opencryptoki/usr/lib/pkcs11/ica_s390_stdll/Makefile.am.source opencryptoki/usr/lib/pkcs11/ica_s390_stdll/Makefile.am
--- opencryptoki/usr/lib/pkcs11/ica_s390_stdll/Makefile.am.source 2015-07-15 17:19:40.000000000 +0200
+++ opencryptoki/usr/lib/pkcs11/ica_s390_stdll/Makefile.am 2015-08-27 13:46:22.555043039 +0200
@@ -28,12 +28,14 @@ opencryptoki_stdll_libpkcs11_ica_la_SOUR
../common/dig_mgr.c \ ../common/dig_mgr.c \
../common/encr_mgr.c \ ../common/encr_mgr.c \
../common/globals.c \ ../common/globals.c \
@ -326,10 +234,87 @@ index 6d1c3e8..5d17f81 100644
../common/mech_md5.c \ ../common/mech_md5.c \
../common/mech_md2.c \ ../common/mech_md2.c \
../common/mech_rng.c \ ../common/mech_rng.c \
diff --git a/usr/sbin/pkcsicsf/pkcsicsf.c b/usr/sbin/pkcsicsf/pkcsicsf.c diff -up opencryptoki/usr/lib/pkcs11/icsf_stdll/icsf.c.source opencryptoki/usr/lib/pkcs11/icsf_stdll/icsf.c
index 55efc4f..ec05edf 100644 --- opencryptoki/usr/lib/pkcs11/icsf_stdll/icsf.c.source 2015-07-15 17:19:40.000000000 +0200
--- a/usr/sbin/pkcsicsf/pkcsicsf.c +++ opencryptoki/usr/lib/pkcs11/icsf_stdll/icsf.c 2015-08-27 13:46:22.556043037 +0200
+++ b/usr/sbin/pkcsicsf/pkcsicsf.c @@ -15,6 +15,7 @@
#include <string.h>
#include <ctype.h>
#include "icsf.h"
+#include <lber.h>
/* For logging functions: */
#include "defs.h"
diff -up opencryptoki/usr/lib/pkcs11/icsf_stdll/Makefile.am.source opencryptoki/usr/lib/pkcs11/icsf_stdll/Makefile.am
--- opencryptoki/usr/lib/pkcs11/icsf_stdll/Makefile.am.source 2015-07-15 17:19:40.000000000 +0200
+++ opencryptoki/usr/lib/pkcs11/icsf_stdll/Makefile.am 2015-08-27 13:46:22.556043037 +0200
@@ -24,7 +24,8 @@ opencryptoki_stdll_libpkcs11_icsf_la_LDF
-lcrypto \
-lldap \
-lpthread \
- -lrt
+ -lrt \
+ -llber
opencryptoki_stdll_libpkcs11_icsf_la_SOURCES = ../common/asn1.c \
../common/btree.c \
@@ -40,6 +41,7 @@ opencryptoki_stdll_libpkcs11_icsf_la_SOU
../common/dp_obj.c \
../common/mech_aes.c \
../common/mech_rsa.c \
+ ../common/mech_ec.c \
../common/obj_mgr.c \
../common/template.c \
../common/p11util.c \
@@ -51,6 +53,7 @@ opencryptoki_stdll_libpkcs11_icsf_la_SOU
../common/object.c \
../common/decr_mgr.c \
../common/globals.c \
+ ../common/sw_crypt.c \
../common/loadsave.c \
../common/utility.c \
../common/mech_des.c \
diff -up opencryptoki/usr/lib/pkcs11/soft_stdll/Makefile.am.source opencryptoki/usr/lib/pkcs11/soft_stdll/Makefile.am
--- opencryptoki/usr/lib/pkcs11/soft_stdll/Makefile.am.source 2015-07-15 17:19:40.000000000 +0200
+++ opencryptoki/usr/lib/pkcs11/soft_stdll/Makefile.am 2015-08-27 13:46:22.556043037 +0200
@@ -23,6 +23,7 @@ opencryptoki_stdll_libpkcs11_sw_la_SOURC
../common/dig_mgr.c \
../common/encr_mgr.c \
../common/globals.c \
+ ../common/sw_crypt.c \
../common/loadsave.c \
../common/key.c \
../common/key_mgr.c \
@@ -36,6 +37,7 @@ opencryptoki_stdll_libpkcs11_sw_la_SOURC
../common/mech_rsa.c \
../common/mech_sha.c \
../common/mech_ssl3.c \
+ ../common/mech_ec.c \
../common/new_host.c \
../common/obj_mgr.c \
../common/object.c \
diff -up opencryptoki/usr/lib/pkcs11/tpm_stdll/Makefile.am.source opencryptoki/usr/lib/pkcs11/tpm_stdll/Makefile.am
--- opencryptoki/usr/lib/pkcs11/tpm_stdll/Makefile.am.source 2015-07-15 17:19:40.000000000 +0200
+++ opencryptoki/usr/lib/pkcs11/tpm_stdll/Makefile.am 2015-08-27 13:46:22.556043037 +0200
@@ -28,6 +28,7 @@ opencryptoki_stdll_libpkcs11_tpm_la_SOUR
../common/key.c \
../common/mech_dh.c \
../common/mech_rng.c \
+ ../common/mech_ec.c \
../common/new_host.c \
../common/sign_mgr.c \
../common/cert.c \
@@ -46,6 +47,7 @@ opencryptoki_stdll_libpkcs11_tpm_la_SOUR
../common/object.c \
../common/decr_mgr.c \
../common/globals.c \
+ ../common/sw_crypt.c \
../common/loadsave.c \
../common/utility.c \
../common/mech_des.c \
diff -up opencryptoki/usr/sbin/pkcsicsf/pkcsicsf.c.source opencryptoki/usr/sbin/pkcsicsf/pkcsicsf.c
--- opencryptoki/usr/sbin/pkcsicsf/pkcsicsf.c.source 2015-07-15 17:19:40.000000000 +0200
+++ opencryptoki/usr/sbin/pkcsicsf/pkcsicsf.c 2015-08-27 13:46:22.556043037 +0200
@@ -8,6 +8,7 @@ @@ -8,6 +8,7 @@
#include <sys/types.h> #include <sys/types.h>
#include <sys/stat.h> #include <sys/stat.h>
@ -338,10 +323,32 @@ index 55efc4f..ec05edf 100644
#include "icsf.h" #include "icsf.h"
#include "slotmgr.h" #include "slotmgr.h"
diff --git a/usr/sbin/pkcsslotd/mutex.c b/usr/sbin/pkcsslotd/mutex.c diff -up opencryptoki/usr/sbin/pkcsslotd/garbage_linux.c.source opencryptoki/usr/sbin/pkcsslotd/garbage_linux.c
index c517e66..b3f6309 100755 --- opencryptoki/usr/sbin/pkcsslotd/garbage_linux.c.source 2015-07-15 17:19:40.000000000 +0200
--- a/usr/sbin/pkcsslotd/mutex.c +++ opencryptoki/usr/sbin/pkcsslotd/garbage_linux.c 2015-08-27 13:46:22.556043037 +0200
+++ b/usr/sbin/pkcsslotd/mutex.c @@ -294,6 +294,7 @@
#include <string.h>
#include <sys/types.h>
#include <fcntl.h>
+#include <unistd.h>
#include "log.h"
#include "slotmgr.h"
diff -up opencryptoki/usr/sbin/pkcsslotd/log.c.source opencryptoki/usr/sbin/pkcsslotd/log.c
--- opencryptoki/usr/sbin/pkcsslotd/log.c.source 2015-07-15 17:19:40.000000000 +0200
+++ opencryptoki/usr/sbin/pkcsslotd/log.c 2015-08-27 13:46:22.557043034 +0200
@@ -294,6 +294,8 @@
#include <syslog.h>
#include <stdarg.h>
#include <sys/types.h>
+#include <unistd.h>
+#include <stdlib.h>
#include "log.h"
#include "err.h"
diff -up opencryptoki/usr/sbin/pkcsslotd/mutex.c.source opencryptoki/usr/sbin/pkcsslotd/mutex.c
--- opencryptoki/usr/sbin/pkcsslotd/mutex.c.source 2015-07-15 17:19:40.000000000 +0200
+++ opencryptoki/usr/sbin/pkcsslotd/mutex.c 2015-08-27 13:46:22.557043034 +0200
@@ -292,6 +292,9 @@ @@ -292,6 +292,9 @@
#include <stdarg.h> #include <stdarg.h>
#include <sys/types.h> #include <sys/types.h>
@ -352,47 +359,9 @@ index c517e66..b3f6309 100755
#include <grp.h> #include <grp.h>
#include "log.h" #include "log.h"
diff --git a/usr/lib/pkcs11/common/mech_rng.c b/usr/lib/pkcs11/common/mech_rng.c diff -up opencryptoki/usr/sbin/pkcsslotd/slotmgr.c.source opencryptoki/usr/sbin/pkcsslotd/slotmgr.c
index be3e858..f3bd861 100755 --- opencryptoki/usr/sbin/pkcsslotd/slotmgr.c.source 2015-07-15 17:19:40.000000000 +0200
--- a/usr/lib/pkcs11/common/mech_rng.c +++ opencryptoki/usr/sbin/pkcsslotd/slotmgr.c 2015-08-27 13:46:22.557043034 +0200
+++ b/usr/lib/pkcs11/common/mech_rng.c
@@ -301,6 +301,7 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
+#include <unistd.h>
#include "pkcs11types.h"
diff --git a/usr/sbin/pkcsslotd/garbage_linux.c b/usr/sbin/pkcsslotd/garbage_linux.c
index 90492ce..c3c5564 100755
--- a/usr/sbin/pkcsslotd/garbage_linux.c
+++ b/usr/sbin/pkcsslotd/garbage_linux.c
@@ -294,6 +294,7 @@
#include <string.h>
#include <sys/types.h>
#include <fcntl.h>
+#include <unistd.h>
#include "log.h"
#include "slotmgr.h"
diff --git a/usr/sbin/pkcsslotd/log.c b/usr/sbin/pkcsslotd/log.c
index 859a421..f6112d2 100755
--- a/usr/sbin/pkcsslotd/log.c
+++ b/usr/sbin/pkcsslotd/log.c
@@ -294,6 +294,8 @@
#include <syslog.h>
#include <stdarg.h>
#include <sys/types.h>
+#include <unistd.h>
+#include <stdlib.h>
#include "log.h"
#include "err.h"
diff --git a/usr/sbin/pkcsslotd/slotmgr.c b/usr/sbin/pkcsslotd/slotmgr.c
index b164e42..f8667d1 100755
--- a/usr/sbin/pkcsslotd/slotmgr.c
+++ b/usr/sbin/pkcsslotd/slotmgr.c
@@ -292,9 +292,12 @@ @@ -292,9 +292,12 @@
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
@ -406,3 +375,16 @@ index b164e42..f8667d1 100755
Slot_Mgr_Shr_t *shmp; // pointer to the shared memory region. Slot_Mgr_Shr_t *shmp; // pointer to the shared memory region.
int shmid; int shmid;
diff --git a/usr/lib/pkcs11/icsf_stdll/icsf_specific.c b/usr/lib/pkcs11/icsf_stdll/icsf_specific.c
index 74b07b7..1158eb5 100644
--- a/usr/lib/pkcs11/icsf_stdll/icsf_specific.c
+++ b/usr/lib/pkcs11/icsf_stdll/icsf_specific.c
@@ -929,7 +929,7 @@ static CK_RV close_session(struct session_state *session_state)
if ((rc = icsf_destroy_object(session_state->ld, &reason,
&mapping->icsf_object))) {
/* Log error */
- TRACE_EBUG("Failed to remove icsf object: %s/%lu/%c",
+ TRACE_DEBUG("Failed to remove icsf object: %s/%lu/%c",
mapping->icsf_object.token_name,
mapping->icsf_object.sequence,
mapping->icsf_object.id);

10
opencryptoki-3.2-no-undefined.patch
View File

@ -1,12 +1,12 @@
diff --git a/configure.in b/configure.in diff -up opencryptoki/configure.in.no-undefined opencryptoki/configure.in
--- a/configure.in --- opencryptoki/configure.in.no-undefined 2015-08-27 11:49:50.815984145 +0200
+++ b/configure.in +++ opencryptoki/configure.in 2015-08-27 11:50:59.432874245 +0200
@@ -571,7 +571,7 @@ fi @@ -574,7 +574,7 @@ fi
AM_CONDITIONAL([ENABLE_PKCSCCA_MIGRATE], [test "x$enable_pkcscca_migrate" = "xyes"]) AM_CONDITIONAL([ENABLE_PKCSCCA_MIGRATE], [test "x$enable_pkcscca_migrate" = "xyes"])
AM_CONDITIONAL([ENABLE_PKCSEP11_MIGRATE], [test "x$enable_pkcsep11_migrate" = "xyes"]) AM_CONDITIONAL([ENABLE_PKCSEP11_MIGRATE], [test "x$enable_pkcsep11_migrate" = "xyes"])
-CFLAGS="$CFLAGS -DPKCS64 -D_XOPEN_SOURCE=500" -CFLAGS="$CFLAGS -DPKCS64 -D_XOPEN_SOURCE=500"
+CFLAGS="$CFLAGS -DPKCS64 -D_XOPEN_SOURCE=500 -Wl,--no-undefined" +CFLAGS="$CFLAGS -DPKCS64 -D_XOPEN_SOURCE=500 -Wl,--no-undefined"
CFLAGS+=' -DCONFIG_PATH=\"$(localstatedir)/lib/opencryptoki\" -DSBIN_PATH=\"$(sbindir)\" -DLIB_PATH=\"$(libdir)\" -DLOCKDIR_PATH=\"$(lockdir)\" -DOCK_CONFDIR=\"$(sysconfdir)/opencryptoki\"' CFLAGS+=' -DCONFIG_PATH=\"$(localstatedir)/lib/opencryptoki\" -DSBIN_PATH=\"$(sbindir)\" -DLIB_PATH=\"$(libdir)\" -DLOCKDIR_PATH=\"$(lockdir)\" -DOCK_CONFDIR=\"$(sysconfdir)/opencryptoki\" -DOCK_LOGDIR=\"$(logdir)\"'

336
opencryptoki-3.3-unused.patch Normal file
View File

@ -0,0 +1,336 @@
diff --git a/usr/lib/pkcs11/common/encr_mgr.c b/usr/lib/pkcs11/common/encr_mgr.c
index 50fa661..e12aec8 100755
--- a/usr/lib/pkcs11/common/encr_mgr.c
+++ b/usr/lib/pkcs11/common/encr_mgr.c
@@ -764,7 +764,6 @@ encr_mgr_init( SESSION * sess,
break;
case CKM_AES_CTR:
{
- CK_AES_CTR_PARAMS aesctr;
if (mech->ulParameterLen != sizeof(CK_AES_CTR_PARAMS)){
TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));
return CKR_MECHANISM_PARAM_INVALID;
diff --git a/usr/lib/pkcs11/common/mech_aes.c b/usr/lib/pkcs11/common/mech_aes.c
index 453253d..4eacad5 100644
--- a/usr/lib/pkcs11/common/mech_aes.c
+++ b/usr/lib/pkcs11/common/mech_aes.c
@@ -2671,7 +2671,6 @@ aes_mac_verify_update( SESSION * sess,
{
CK_ULONG rc;
OBJECT * key_obj = NULL;
- CK_ULONG mac_len;
AES_DATA_CONTEXT * context = NULL;
CK_BYTE * cipher = NULL;
CK_ULONG total, remain, out_len;
diff --git a/usr/lib/pkcs11/common/mech_ec.c b/usr/lib/pkcs11/common/mech_ec.c
index 88bb08e..4817b45 100644
--- a/usr/lib/pkcs11/common/mech_ec.c
+++ b/usr/lib/pkcs11/common/mech_ec.c
@@ -143,7 +143,6 @@ ec_sign( SESSION *sess,
{
OBJECT *key_obj = NULL;
CK_ULONG plen;
- CK_BBOOL flag;
CK_RV rc;
if (!sess || !ctx || !out_data_len){
@@ -225,7 +224,6 @@ ec_verify(SESSION *sess,
{
OBJECT *key_obj = NULL;
CK_ULONG plen;
- CK_BBOOL flag;
CK_RV rc;
diff --git a/usr/lib/pkcs11/common/mech_rsa.c b/usr/lib/pkcs11/common/mech_rsa.c
index 60cac63..0430863 100755
--- a/usr/lib/pkcs11/common/mech_rsa.c
+++ b/usr/lib/pkcs11/common/mech_rsa.c
@@ -776,7 +776,7 @@ CK_RV rsa_oaep_crypt(SESSION *sess, CK_BBOOL length_only,
CK_ULONG *out_data_len, CK_BBOOL encrypt)
{
OBJECT *key_obj = NULL;
- CK_ULONG hlen, modulus_bytes, mgf_mech;
+ CK_ULONG hlen, modulus_bytes;
CK_OBJECT_CLASS keyclass;
CK_BYTE hash[MAX_SHA_HASH_SIZE];
CK_RV rc;
@@ -1536,9 +1536,8 @@ CK_RV rsa_pss_verify(SESSION *sess, SIGN_VERIFY_CONTEXT *ctx, CK_BYTE *in_data,
{
CK_RV rc;
OBJECT *key_obj = NULL;
- CK_ULONG modulus_bytes, hlen;
+ CK_ULONG modulus_bytes;
CK_OBJECT_CLASS keyclass;
- CK_RSA_PKCS_PSS_PARAMS_PTR pssParms = NULL;
rc = object_mgr_find_in_map1(ctx->key, &key_obj);
if (rc != CKR_OK) {
diff --git a/usr/lib/pkcs11/common/obj_mgr.c b/usr/lib/pkcs11/common/obj_mgr.c
index c275225..80f5998 100755
--- a/usr/lib/pkcs11/common/obj_mgr.c
+++ b/usr/lib/pkcs11/common/obj_mgr.c
@@ -1247,7 +1247,6 @@ CK_RV
object_mgr_find_in_map_nocache( CK_OBJECT_HANDLE handle,
OBJECT ** ptr )
{
- DL_NODE * node = NULL;
OBJECT_MAP * map = NULL;
OBJECT * obj = NULL;
CK_RV rc = CKR_OK;
diff --git a/usr/lib/pkcs11/common/sess_mgr.c b/usr/lib/pkcs11/common/sess_mgr.c
index 31607df..32d1081 100755
--- a/usr/lib/pkcs11/common/sess_mgr.c
+++ b/usr/lib/pkcs11/common/sess_mgr.c
@@ -317,7 +317,6 @@
SESSION *
session_mgr_find( CK_SESSION_HANDLE handle )
{
- struct btnode *n;
SESSION * result = NULL;
CK_RV rc;
@@ -351,7 +350,6 @@ CK_RV
session_mgr_new( CK_ULONG flags, CK_SLOT_ID slot_id, CK_SESSION_HANDLE_PTR phSession )
{
SESSION * new_session = NULL;
- SESSION * s = NULL;
CK_BBOOL user_session = FALSE;
CK_BBOOL so_session = FALSE;
CK_BBOOL pkcs_locked = TRUE;
@@ -560,7 +558,6 @@ session_mgr_readonly_session_exists( void )
CK_RV
session_mgr_close_session( CK_SESSION_HANDLE handle )
{
- struct btnode *n;
SESSION *sess;
CK_RV rc = CKR_OK;
@@ -709,8 +706,6 @@ CK_RV
session_mgr_close_all_sessions( void )
{
CK_RV rc = CKR_OK;
- SESSION *sess;
- unsigned long i;
rc = MY_LockMutex( &sess_list_mutex );
if (rc != CKR_OK){
@@ -759,9 +754,6 @@ session_login(void *node_value, unsigned long node_idx, void *p3)
CK_RV
session_mgr_login_all( CK_USER_TYPE user_type )
{
- struct btnode *n;
- unsigned long i;
- SESSION *s;
CK_RV rc = CKR_OK;
rc = MY_LockMutex( &sess_list_mutex );
@@ -805,8 +797,6 @@ session_logout(void *node_value, unsigned long node_idx, void *p3)
CK_RV
session_mgr_logout_all( void )
{
- unsigned long i;
- SESSION * s = NULL;
CK_RV rc = CKR_OK;
rc = MY_LockMutex( &sess_list_mutex );
diff --git a/usr/lib/pkcs11/icsf_stdll/icsf.c b/usr/lib/pkcs11/icsf_stdll/icsf.c
index e7712e7..5ec344f 100644
--- a/usr/lib/pkcs11/icsf_stdll/icsf.c
+++ b/usr/lib/pkcs11/icsf_stdll/icsf.c
@@ -2615,7 +2615,6 @@ int icsf_hmac_verify(LDAP *ld, int *reason, struct icsf_object_record *key,
char rule_array[2 * ICSF_RULE_ITEM_LEN];
BerElement *msg = NULL;
BerElement *result = NULL;
- struct berval bvHmac = { 0UL, NULL };
struct berval bvChain = { 0UL, NULL };
const char *rule_alg;
@@ -3209,7 +3208,6 @@ icsf_derive_multple_keys(LDAP *ld, int *p_reason, CK_MECHANISM_PTR mech,
struct icsf_object_record *server_iv)
{
int rc = 0;
- int reason = 0;
const char *rule_alg;
char handle[ICSF_HANDLE_LEN];
char rule_array[ICSF_RULE_ITEM_LEN];
diff --git a/usr/lib/pkcs11/icsf_stdll/icsf_specific.c b/usr/lib/pkcs11/icsf_stdll/icsf_specific.c
index 1158eb5..5c92454 100644
--- a/usr/lib/pkcs11/icsf_stdll/icsf_specific.c
+++ b/usr/lib/pkcs11/icsf_stdll/icsf_specific.c
@@ -1045,7 +1045,6 @@ CK_RV icsftok_login(SESSION *sess, CK_USER_TYPE userType, CK_CHAR_PTR pPin,
char *ca_dir = NULL;
CK_SLOT_ID slot_id = sess->session_info.slotID;
struct session_state *session_state;
- int sessions_locked = 0;
LDAP *ld;
/* Check Slot ID */
diff --git a/usr/lib/pkcs11/icsf_stdll/new_host.c b/usr/lib/pkcs11/icsf_stdll/new_host.c
index dc9790a..bf492c8 100644
--- a/usr/lib/pkcs11/icsf_stdll/new_host.c
+++ b/usr/lib/pkcs11/icsf_stdll/new_host.c
@@ -378,7 +378,6 @@ CK_RV valid_mech(CK_MECHANISM_PTR m, CK_FLAGS f)
CK_RV ST_Initialize(void **FunctionList, CK_SLOT_ID SlotNumber, char *conf_name,
struct trace_handle_t t)
{
- int i;
CK_RV rc = CKR_OK;
if ((rc = check_user_and_group()) != CKR_OK)
@@ -1626,7 +1625,6 @@ CK_RV SC_EncryptUpdate(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pPart,
CK_ULONG_PTR pulEncryptedPartLen)
{
SESSION *sess = NULL;
- CK_BBOOL length_only = FALSE;
CK_RV rc = CKR_OK;
if (initialized == FALSE) {
@@ -1654,9 +1652,6 @@ CK_RV SC_EncryptUpdate(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pPart,
goto done;
}
- if (!pEncryptedPart)
- length_only = TRUE;
-
rc = icsftok_encrypt_update(sess, pPart, ulPartLen, pEncryptedPart,
pulEncryptedPartLen);
if (rc != CKR_OK)
@@ -1837,7 +1832,6 @@ CK_RV SC_DecryptUpdate(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pEncryptedPart,
CK_ULONG_PTR pulPartLen)
{
SESSION *sess = NULL;
- CK_BBOOL length_only = FALSE;
CK_RV rc = CKR_OK;
if (initialized == FALSE) {
@@ -1865,9 +1859,6 @@ CK_RV SC_DecryptUpdate(ST_SESSION_HANDLE *sSession, CK_BYTE_PTR pEncryptedPart,
goto done;
}
- if (!pPart)
- length_only = TRUE;
-
rc = icsftok_decrypt_update(sess, pEncryptedPart, ulEncryptedPartLen,
pPart, pulPartLen);
if (rc != CKR_OK)
@@ -2835,7 +2826,6 @@ CK_RV SC_WrapKey(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism,
CK_BYTE_PTR pWrappedKey, CK_ULONG_PTR pulWrappedKeyLen)
{
SESSION *sess = NULL;
- CK_BBOOL length_only = FALSE;
CK_RV rc = CKR_OK;
if (initialized == FALSE) {
@@ -2854,9 +2844,6 @@ CK_RV SC_WrapKey(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism,
if (rc != CKR_OK)
goto done;
- if (!pWrappedKey)
- length_only = TRUE;
-
sess = session_mgr_find(sSession->sessionh);
if (!sess) {
TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
diff --git a/usr/lib/pkcs11/icsf_stdll/pbkdf.c b/usr/lib/pkcs11/icsf_stdll/pbkdf.c
index 33d36c8..fbbcb39 100644
--- a/usr/lib/pkcs11/icsf_stdll/pbkdf.c
+++ b/usr/lib/pkcs11/icsf_stdll/pbkdf.c
@@ -545,7 +545,6 @@ pbkdf(CK_BYTE *password, CK_ULONG len, CK_BYTE *salt, CK_BYTE *dkey, CK_ULONG kl
unsigned char *result;
unsigned int r, num_of_blocks;
unsigned int count, hashlen;
- unsigned char *ret;
CK_ULONG rc = CKR_OK;
int i, j, k;
diff --git a/usr/sbin/pkcsicsf/pkcsicsf.c b/usr/sbin/pkcsicsf/pkcsicsf.c
index ec05edf..dd31bbe 100644
--- a/usr/sbin/pkcsicsf/pkcsicsf.c
+++ b/usr/sbin/pkcsicsf/pkcsicsf.c
@@ -476,7 +476,6 @@ main(int argc, char **argv)
{
char *racfpwd = NULL;
size_t racflen;
- unsigned char *ret;
char *tokenname = NULL;
int c;
int rc = 0;
@@ -488,7 +487,7 @@ main(int argc, char **argv)
flags |= CFG_ADD;
if ((tokenname = strdup(optarg)) == NULL) {
rc = -1;
- fprintf(stderr, "strdup failed: line %s\n",
+ fprintf(stderr, "strdup failed: line %d\n",
__LINE__);
goto cleanup;
}
@@ -500,34 +499,34 @@ main(int argc, char **argv)
flags |= CFG_BINDDN;
if ((binddn = strdup(optarg)) == NULL) {
rc = -1;
- fprintf(stderr, "strdup failed: line %s\n",
+ fprintf(stderr, "strdup failed: line %d\n",
__LINE__);
goto cleanup;
}
break;
case 'c':
- flags != CFG_CERT;
+ flags |= CFG_CERT;
if ((cert = strdup(optarg)) == NULL) {
rc = -1;
- fprintf(stderr, "strdup failed: line %s\n",
+ fprintf(stderr, "strdup failed: line %d\n",
__LINE__);
goto cleanup;
}
break;
case 'k':
- flags != CFG_PRIVKEY;
+ flags |= CFG_PRIVKEY;
if ((privkey = strdup(optarg)) == NULL) {
rc = -1;
- fprintf(stderr, "strdup failed: line %s\n",
+ fprintf(stderr, "strdup failed: line %d\n",
__LINE__);
goto cleanup;
}
break;
case 'C':
- flags != CFG_CACERT;
+ flags |= CFG_CACERT;
if ((cacert = strdup(optarg)) == NULL) {
rc = -1;
- fprintf(stderr, "strdup failed: line %s\n",
+ fprintf(stderr, "strdup failed: line %d\n",
__LINE__);
goto cleanup;
}
@@ -536,7 +535,7 @@ main(int argc, char **argv)
flags |= CFG_URI;
if ((uri = strdup(optarg)) == NULL) {
rc = -1;
- fprintf(stderr, "strdup failed: line %s\n",
+ fprintf(stderr, "strdup failed: line %d\n",
__LINE__);
goto cleanup;
}
@@ -545,7 +544,7 @@ main(int argc, char **argv)
flags |= CFG_MECH;
if ((mech = strdup(optarg)) == NULL) {
rc = -1;
- fprintf(stderr, "strdup failed: line %s\n",
+ fprintf(stderr, "strdup failed: line %d\n",
__LINE__);
goto cleanup;
}
@@ -686,7 +685,7 @@ cleanup:
if (uri)
free(uri);
if (mech)
- mech;
+ free(mech);
if (racfpwd)
free(racfpwd);
return rc;

6
opencryptoki.spec
View File

@ -2,8 +2,8 @@
Name: opencryptoki Name: opencryptoki
Summary: Implementation of the PKCS#11 (Cryptoki) specification v2.11 Summary: Implementation of the PKCS#11 (Cryptoki) specification v2.11
Version: 3.2 Version: 3.3
Release: 4%{?dist} Release: 1%{?dist}
License: CPL License: CPL
Group: System Environment/Base Group: System Environment/Base
URL: http://sourceforge.net/projects/opencryptoki URL: http://sourceforge.net/projects/opencryptoki
@ -15,6 +15,7 @@ Patch0: %{name}-2.4-group.patch
Patch1: %{name}-3.2-conditional-manpages.patch Patch1: %{name}-3.2-conditional-manpages.patch
# Fix missing sources and libraries in makefiles causing undefined symbols (#1193560) # Fix missing sources and libraries in makefiles causing undefined symbols (#1193560)
Patch2: %{name}-3.2-missing-sources-and-libraries.patch Patch2: %{name}-3.2-missing-sources-and-libraries.patch
Patch3: %{name}-3.3-unused.patch
# Use --no-undefined to debug missing symbols # Use --no-undefined to debug missing symbols
#Patch100: %{name}-3.2-no-undefined.patch #Patch100: %{name}-3.2-no-undefined.patch
@ -185,6 +186,7 @@ configured with Enterprise PKCS#11 (EP11) firmware.
%patch0 -p1 -b .group %patch0 -p1 -b .group
%patch1 -p1 -b .man %patch1 -p1 -b .man
%patch2 -p1 -b .source %patch2 -p1 -b .source
%patch3 -p1 -b .unused
#%patch100 -p1 -b .no-undefined #%patch100 -p1 -b .no-undefined

2
sources
View File

@ -1 +1 @@
9c3b3ff3d935e09bfa132f2951d4c859 opencryptoki-v3.2.tgz df6a738460ac6be657de72abf4fcf21c opencryptoki-v3.3.tgz