RHEL 9.0.0 Alpha bootstrap
The content of this branch was automatically imported from Fedora ELN with the following as its source: https://src.fedoraproject.org/rpms/opencryptoki#28f33cc369b00493951d176ecb864885577c381b
This commit is contained in:
parent
e1b64f3c3e
commit
fdb1d74ac8
27
.gitignore
vendored
27
.gitignore
vendored
@ -0,0 +1,27 @@
|
|||||||
|
opencryptoki-2.3.1.tar.gz
|
||||||
|
/opencryptoki-2.3.2.tar.gz
|
||||||
|
/opencryptoki-2.3.3.tar.gz
|
||||||
|
/opencryptoki-2.4.tar.gz
|
||||||
|
/opencryptoki-2.4.1.tar.gz
|
||||||
|
/opencryptoki-2.4.2.tar.gz
|
||||||
|
/opencryptoki-2.4.3.tar.gz
|
||||||
|
/opencryptoki-2.4.3.1-tar.gz
|
||||||
|
/opencryptoki-v3.0.tar.gz
|
||||||
|
/opencryptoki-v3.1.tgz
|
||||||
|
/opencryptoki-v3.2.tgz
|
||||||
|
/opencryptoki-v3.3.tgz
|
||||||
|
/opencryptoki-v3.4.tgz
|
||||||
|
/opencryptoki-v3.4.1.tgz
|
||||||
|
/opencryptoki-3.5.tgz
|
||||||
|
/opencryptoki-3.5.1.tgz
|
||||||
|
/opencryptoki-3.6.2.tar.gz
|
||||||
|
/opencryptoki-3.7.0.tar.gz
|
||||||
|
/opencryptoki-3.8.2.tar.gz
|
||||||
|
/opencryptoki-3.9.0.tar.gz
|
||||||
|
/opencryptoki-3.10.0.tar.gz
|
||||||
|
/opencryptoki-3.11.0.tar.gz
|
||||||
|
/opencryptoki-3.11.1.tar.gz
|
||||||
|
/opencryptoki-3.12.0.tar.gz
|
||||||
|
/opencryptoki-3.12.1.tar.gz
|
||||||
|
/opencryptoki-3.13.0.tar.gz
|
||||||
|
/opencryptoki-3.14.0.tar.gz
|
134
0001-pkcstok_migrate-Fix-NVTOK.DAT-conversion-on-little-e.patch
Normal file
134
0001-pkcstok_migrate-Fix-NVTOK.DAT-conversion-on-little-e.patch
Normal file
@ -0,0 +1,134 @@
|
|||||||
|
From 583f0210bb8f371c2071966f27b83c95230d50cc Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||||
|
Date: Thu, 2 Jul 2020 14:09:18 +0200
|
||||||
|
Subject: [PATCH 1/2] pkcstok_migrate: Fix NVTOK.DAT conversion on little
|
||||||
|
endian platforms
|
||||||
|
|
||||||
|
The new format stores all numeric fields in big endian, while the old
|
||||||
|
format uses the platform endianness. So convert the fields to big endian
|
||||||
|
during conversion.
|
||||||
|
|
||||||
|
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||||
|
---
|
||||||
|
usr/sbin/pkcstok_migrate/pkcstok_migrate.c | 84 ++++++++++++++++++++++++++----
|
||||||
|
1 file changed, 74 insertions(+), 10 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/usr/sbin/pkcstok_migrate/pkcstok_migrate.c b/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
|
||||||
|
index e90a5c91..e0c19125 100644
|
||||||
|
--- a/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
|
||||||
|
+++ b/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
|
||||||
|
@@ -1077,6 +1077,42 @@ static CK_RV load_NVTOK_DAT(const char *data_store, const char *nvtok_name,
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if (stbuf.st_size == sizeof(TOKEN_DATA)) {
|
||||||
|
+ /* The 312 version always uses big endian */
|
||||||
|
+ td->token_info.flags = be32toh(td->token_info.flags);
|
||||||
|
+ td->token_info.ulMaxSessionCount
|
||||||
|
+ = be32toh(td->token_info.ulMaxSessionCount);
|
||||||
|
+ td->token_info.ulSessionCount
|
||||||
|
+ = be32toh(td->token_info.ulSessionCount);
|
||||||
|
+ td->token_info.ulMaxRwSessionCount
|
||||||
|
+ = be32toh(td->token_info.ulMaxRwSessionCount);
|
||||||
|
+ td->token_info.ulRwSessionCount
|
||||||
|
+ = be32toh(td->token_info.ulRwSessionCount);
|
||||||
|
+ td->token_info.ulMaxPinLen = be32toh(td->token_info.ulMaxPinLen);
|
||||||
|
+ td->token_info.ulMinPinLen = be32toh(td->token_info.ulMinPinLen);
|
||||||
|
+ td->token_info.ulTotalPublicMemory
|
||||||
|
+ = be32toh(td->token_info.ulTotalPublicMemory);
|
||||||
|
+ td->token_info.ulFreePublicMemory
|
||||||
|
+ = be32toh(td->token_info.ulFreePublicMemory);
|
||||||
|
+ td->token_info.ulTotalPrivateMemory
|
||||||
|
+ = be32toh(td->token_info.ulTotalPrivateMemory);
|
||||||
|
+ td->token_info.ulFreePrivateMemory
|
||||||
|
+ = be32toh(td->token_info.ulFreePrivateMemory);
|
||||||
|
+ td->tweak_vector.allow_weak_des
|
||||||
|
+ = be32toh(td->tweak_vector.allow_weak_des);
|
||||||
|
+ td->tweak_vector.check_des_parity
|
||||||
|
+ = be32toh(td->tweak_vector.check_des_parity);
|
||||||
|
+ td->tweak_vector.allow_key_mods
|
||||||
|
+ = be32toh(td->tweak_vector.allow_key_mods);
|
||||||
|
+ td->tweak_vector.netscape_mods
|
||||||
|
+ = be32toh(td->tweak_vector.netscape_mods);
|
||||||
|
+ td->dat.version = be32toh(td->dat.version);
|
||||||
|
+ td->dat.so_login_it = be64toh(td->dat.so_login_it);
|
||||||
|
+ td->dat.user_login_it = be64toh(td->dat.user_login_it);
|
||||||
|
+ td->dat.so_wrap_it = be64toh(td->dat.so_wrap_it);
|
||||||
|
+ td->dat.user_wrap_it = be64toh(td->dat.user_wrap_it);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
ret = CKR_OK;
|
||||||
|
|
||||||
|
done:
|
||||||
|
@@ -1628,6 +1664,7 @@ static CK_RV create_NVTOK_DAT_312(const char *data_store, const char *sopin,
|
||||||
|
{
|
||||||
|
const char *nvtok = "NVTOK.DAT_312";
|
||||||
|
char fname[PATH_MAX + 1 + strlen(nvtok) + 1];
|
||||||
|
+ TOKEN_DATA be_tokdata;
|
||||||
|
FILE *fp = NULL;
|
||||||
|
CK_RV ret;
|
||||||
|
size_t rc;
|
||||||
|
@@ -1656,14 +1693,6 @@ static CK_RV create_NVTOK_DAT_312(const char *data_store, const char *sopin,
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
- /* Write old part into NVTOK.DAT_312 */
|
||||||
|
- rc = fwrite(tokdata, sizeof(TOKEN_DATA_OLD), 1, fp);
|
||||||
|
- if (rc != 1) {
|
||||||
|
- TRACE_ERROR("fwrite(%s) failed, errno=%s.\n", fname, strerror(errno));
|
||||||
|
- ret = CKR_FUNCTION_FAILED;
|
||||||
|
- goto done;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
/* Create additions for new format */
|
||||||
|
ret = create_TOKEN_DATA_VERSION(sopin, userpin, tokdata);
|
||||||
|
if (ret != CKR_OK) {
|
||||||
|
@@ -1671,8 +1700,43 @@ static CK_RV create_NVTOK_DAT_312(const char *data_store, const char *sopin,
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
- /* Append TOKEN_DATA_VERSION to NVTOK.DAT_312 */
|
||||||
|
- rc = fwrite(&(tokdata->dat), sizeof(TOKEN_DATA_VERSION), 1, fp);
|
||||||
|
+ /* The 312 version always uses big endian */
|
||||||
|
+ memcpy(&be_tokdata, tokdata, sizeof(TOKEN_DATA));
|
||||||
|
+ be_tokdata.token_info.flags = htobe32(tokdata->token_info.flags);
|
||||||
|
+ be_tokdata.token_info.ulMaxSessionCount
|
||||||
|
+ = htobe32(tokdata->token_info.ulMaxSessionCount);
|
||||||
|
+ be_tokdata.token_info.ulSessionCount
|
||||||
|
+ = htobe32(tokdata->token_info.ulSessionCount);
|
||||||
|
+ be_tokdata.token_info.ulMaxRwSessionCount
|
||||||
|
+ = htobe32(tokdata->token_info.ulMaxRwSessionCount);
|
||||||
|
+ be_tokdata.token_info.ulRwSessionCount
|
||||||
|
+ = htobe32(tokdata->token_info.ulRwSessionCount);
|
||||||
|
+ be_tokdata.token_info.ulMaxPinLen = htobe32(tokdata->token_info.ulMaxPinLen);
|
||||||
|
+ be_tokdata.token_info.ulMinPinLen = htobe32(tokdata->token_info.ulMinPinLen);
|
||||||
|
+ be_tokdata.token_info.ulTotalPublicMemory
|
||||||
|
+ = htobe32(tokdata->token_info.ulTotalPublicMemory);
|
||||||
|
+ be_tokdata.token_info.ulFreePublicMemory
|
||||||
|
+ = htobe32(tokdata->token_info.ulFreePublicMemory);
|
||||||
|
+ be_tokdata.token_info.ulTotalPrivateMemory
|
||||||
|
+ = htobe32(tokdata->token_info.ulTotalPrivateMemory);
|
||||||
|
+ be_tokdata.token_info.ulFreePrivateMemory
|
||||||
|
+ = htobe32(tokdata->token_info.ulFreePrivateMemory);
|
||||||
|
+ be_tokdata.tweak_vector.allow_weak_des
|
||||||
|
+ = htobe32(tokdata->tweak_vector.allow_weak_des);
|
||||||
|
+ be_tokdata.tweak_vector.check_des_parity
|
||||||
|
+ = htobe32(tokdata->tweak_vector.check_des_parity);
|
||||||
|
+ be_tokdata.tweak_vector.allow_key_mods
|
||||||
|
+ = htobe32(tokdata->tweak_vector.allow_key_mods);
|
||||||
|
+ be_tokdata.tweak_vector.netscape_mods
|
||||||
|
+ = htobe32(tokdata->tweak_vector.netscape_mods);
|
||||||
|
+ be_tokdata.dat.version = htobe32(tokdata->dat.version);
|
||||||
|
+ be_tokdata.dat.so_login_it = htobe64(tokdata->dat.so_login_it);
|
||||||
|
+ be_tokdata.dat.user_login_it = htobe64(tokdata->dat.user_login_it);
|
||||||
|
+ be_tokdata.dat.so_wrap_it = htobe64(tokdata->dat.so_wrap_it);
|
||||||
|
+ be_tokdata.dat.user_wrap_it = htobe64(tokdata->dat.user_wrap_it);
|
||||||
|
+
|
||||||
|
+ /* Write converted token data into NVTOK.DAT_312 */
|
||||||
|
+ rc = fwrite(&be_tokdata, sizeof(TOKEN_DATA), 1, fp);
|
||||||
|
if (rc != 1) {
|
||||||
|
TRACE_ERROR("fwrite(%s) failed, errno=%s.\n", fname, strerror(errno));
|
||||||
|
ret = CKR_FUNCTION_FAILED;
|
||||||
|
--
|
||||||
|
2.16.2.windows.1
|
||||||
|
|
@ -0,0 +1,40 @@
|
|||||||
|
From 6faa13d83e5166e4bbe97d85935aca779fde9089 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||||
|
Date: Thu, 2 Jul 2020 14:46:29 +0200
|
||||||
|
Subject: [PATCH 2/2] pkcstok_migrate: Fix private token object conversion on
|
||||||
|
little endian platforms
|
||||||
|
|
||||||
|
The new format stores numeric fields in the object header in big endian, while
|
||||||
|
the old format uses the platform endianness. So convert the fields to big endian
|
||||||
|
during conversion.
|
||||||
|
|
||||||
|
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||||
|
---
|
||||||
|
usr/sbin/pkcstok_migrate/pkcstok_migrate.c | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/usr/sbin/pkcstok_migrate/pkcstok_migrate.c b/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
|
||||||
|
index e0c19125..0148102c 100644
|
||||||
|
--- a/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
|
||||||
|
+++ b/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
|
||||||
|
@@ -239,7 +239,7 @@ static CK_RV make_OBJECT_PRIV_312(unsigned char **obj_new, unsigned int *obj_new
|
||||||
|
|
||||||
|
/* Setup header */
|
||||||
|
memset(&header, 0, sizeof(header));
|
||||||
|
- header.tokversion = 0x0003000C;
|
||||||
|
+ header.tokversion = htobe32(0x0003000C);
|
||||||
|
header.private_flag = 0x01;
|
||||||
|
ret = aes_256_wrap(header.key_wrapped, obj_key, masterkey);
|
||||||
|
if (ret != CKR_OK) {
|
||||||
|
@@ -252,7 +252,7 @@ static CK_RV make_OBJECT_PRIV_312(unsigned char **obj_new, unsigned int *obj_new
|
||||||
|
header.iv[9] = 0;
|
||||||
|
header.iv[10] = 0;
|
||||||
|
header.iv[11] = 1;
|
||||||
|
- header.object_len = clear_len;
|
||||||
|
+ header.object_len = htobe32(clear_len);
|
||||||
|
memcpy(object, &header, HEADER_LEN);
|
||||||
|
|
||||||
|
/* Encrypt body */
|
||||||
|
--
|
||||||
|
2.16.2.windows.1
|
||||||
|
|
@ -0,0 +1,34 @@
|
|||||||
|
From c090136338b585370df6a8e29518f9e55d388fe5 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||||
|
Date: Mon, 6 Jul 2020 13:16:34 +0200
|
||||||
|
Subject: [PATCH 3/5] pkcstok_migrate: Fix public token object conversion on
|
||||||
|
little endian platforms
|
||||||
|
|
||||||
|
The new format stores numeric fields in the object header in big endian, while
|
||||||
|
the old format uses the platform endianness. So convert the fields to big endian
|
||||||
|
during conversion.
|
||||||
|
|
||||||
|
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||||
|
---
|
||||||
|
usr/sbin/pkcstok_migrate/pkcstok_migrate.c | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/usr/sbin/pkcstok_migrate/pkcstok_migrate.c b/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
|
||||||
|
index 0148102c..136c010c 100644
|
||||||
|
--- a/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
|
||||||
|
+++ b/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
|
||||||
|
@@ -103,9 +103,9 @@ static CK_RV make_OBJECT_PUB_312(char **obj_new, unsigned int *obj_new_len,
|
||||||
|
|
||||||
|
/* Setup object */
|
||||||
|
memset(&header, 0, sizeof(header));
|
||||||
|
- header.tokversion = 0x0003000C;
|
||||||
|
+ header.tokversion = htobe32(0x0003000C);
|
||||||
|
header.private_flag = 0x00;
|
||||||
|
- header.object_len = clear_len;
|
||||||
|
+ header.object_len = htobe32(clear_len);
|
||||||
|
memcpy(object, &header, sizeof(header));
|
||||||
|
memcpy(object + sizeof(header), clear, clear_len);
|
||||||
|
|
||||||
|
--
|
||||||
|
2.16.2.windows.1
|
||||||
|
|
@ -0,0 +1,93 @@
|
|||||||
|
From d1dbc25c6f424a12860295008991cd1392c888a8 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||||
|
Date: Mon, 6 Jul 2020 09:56:31 +0200
|
||||||
|
Subject: [PATCH 4/5] pkcstok_migrate: Remove the token's shared memory segment
|
||||||
|
|
||||||
|
After successfully migration, remove the tokens shared memory segment.
|
||||||
|
This will be re-created on the first use of the token.
|
||||||
|
|
||||||
|
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||||
|
---
|
||||||
|
usr/sbin/pkcstok_migrate/pkcstok_migrate.c | 38 +++++++++++++++++++++++++++++
|
||||||
|
usr/sbin/pkcstok_migrate/pkcstok_migrate.mk | 2 +-
|
||||||
|
2 files changed, 39 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/usr/sbin/pkcstok_migrate/pkcstok_migrate.c b/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
|
||||||
|
index 136c010c..46e5e57f 100644
|
||||||
|
--- a/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
|
||||||
|
+++ b/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
|
||||||
|
@@ -31,6 +31,7 @@
|
||||||
|
#include <termios.h>
|
||||||
|
#include <unistd.h>
|
||||||
|
#include <dirent.h>
|
||||||
|
+#include <sys/mman.h>
|
||||||
|
#include <pkcs11types.h>
|
||||||
|
|
||||||
|
#include "sw_crypt.h"
|
||||||
|
@@ -2108,6 +2109,36 @@ done:
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
+/**
|
||||||
|
+ * Removes the token_s shared memory from /dev/shm
|
||||||
|
+ */
|
||||||
|
+static CK_RV remove_shared_memory(char *location)
|
||||||
|
+{
|
||||||
|
+ char shm_name[PATH_MAX];
|
||||||
|
+ int i, k, rc;
|
||||||
|
+
|
||||||
|
+ i = k = 0;
|
||||||
|
+ shm_name[k++] = '/';
|
||||||
|
+ if (location[i] == '/')
|
||||||
|
+ i++;
|
||||||
|
+
|
||||||
|
+ for (; location[i]; i++, k++) {
|
||||||
|
+ if (location[i] == '/')
|
||||||
|
+ shm_name[k] = '.';
|
||||||
|
+ else
|
||||||
|
+ shm_name[k] = location[i];
|
||||||
|
+ }
|
||||||
|
+ shm_name[k] = '\0';
|
||||||
|
+
|
||||||
|
+ rc = shm_unlink(shm_name);
|
||||||
|
+ if (rc != 0) {
|
||||||
|
+ warnx("shm_unlink(%s) failed, errno=%s", shm_name, strerror(errno));
|
||||||
|
+ return CKR_FUNCTION_FAILED;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return CKR_OK;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
/**
|
||||||
|
* Copy a file given by name from a src folder to a dst folder.
|
||||||
|
*/
|
||||||
|
@@ -2718,6 +2749,13 @@ int main(int argc, char **argv)
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ /* Remove the token's shared memory */
|
||||||
|
+ ret = remove_shared_memory(data_store);
|
||||||
|
+ if (ret != CKR_OK) {
|
||||||
|
+ warnx("Failed to remove token's shared memory.");
|
||||||
|
+ goto done;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/* Now insert new 'tokversion=3.12' parm in opencryptoki.conf */
|
||||||
|
ret = update_opencryptoki_conf(slot_id, conf_dir);
|
||||||
|
if (ret != CKR_OK) {
|
||||||
|
diff --git a/usr/sbin/pkcstok_migrate/pkcstok_migrate.mk b/usr/sbin/pkcstok_migrate/pkcstok_migrate.mk
|
||||||
|
index dc4582e5..028a383e 100644
|
||||||
|
--- a/usr/sbin/pkcstok_migrate/pkcstok_migrate.mk
|
||||||
|
+++ b/usr/sbin/pkcstok_migrate/pkcstok_migrate.mk
|
||||||
|
@@ -6,7 +6,7 @@ noinst_HEADERS += usr/include/local_types.h
|
||||||
|
noinst_HEADERS += usr/lib/common/h_extern.h
|
||||||
|
noinst_HEADERS += usr/lib/common/pkcs_utils.h
|
||||||
|
|
||||||
|
-usr_sbin_pkcstok_migrate_pkcstok_migrate_LDFLAGS = -lcrypto -ldl
|
||||||
|
+usr_sbin_pkcstok_migrate_pkcstok_migrate_LDFLAGS = -lcrypto -ldl -lrt
|
||||||
|
|
||||||
|
usr_sbin_pkcstok_migrate_pkcstok_migrate_CFLAGS = \
|
||||||
|
-DSTDLL_NAME=\"pkcstok_migrate\" \
|
||||||
|
--
|
||||||
|
2.16.2.windows.1
|
||||||
|
|
107
0005-Fix-storing-of-public-token-objects-in-new-data-form.patch
Normal file
107
0005-Fix-storing-of-public-token-objects-in-new-data-form.patch
Normal file
@ -0,0 +1,107 @@
|
|||||||
|
From 6850ae623f9d36b70f1d2919c8390a4b14d393a1 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||||
|
Date: Mon, 6 Jul 2020 13:16:01 +0200
|
||||||
|
Subject: [PATCH 5/5] Fix storing of public token objects in new data format
|
||||||
|
|
||||||
|
The tokversion and object length field are supposed to be stored
|
||||||
|
in big endian (BE) on all platforms. This was not the case for public
|
||||||
|
token objects.
|
||||||
|
|
||||||
|
Fix this by always storing it in BE, and add logic to the read routines
|
||||||
|
to automatically detect if the fields are in the expected byte order,
|
||||||
|
or not, and handle them accordingly.
|
||||||
|
|
||||||
|
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||||
|
---
|
||||||
|
usr/lib/common/loadsave.c | 32 +++++++++++++++++++++++++++-----
|
||||||
|
1 file changed, 27 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/usr/lib/common/loadsave.c b/usr/lib/common/loadsave.c
|
||||||
|
index 068fdf36..b76dea9f 100644
|
||||||
|
--- a/usr/lib/common/loadsave.c
|
||||||
|
+++ b/usr/lib/common/loadsave.c
|
||||||
|
@@ -2557,6 +2557,7 @@ CK_RV reload_token_object(STDLL_TokData_t *tokdata, OBJECT *obj)
|
||||||
|
CK_ULONG size_64;
|
||||||
|
CK_RV rc;
|
||||||
|
uint32_t len;
|
||||||
|
+ uint32_t ver;
|
||||||
|
|
||||||
|
if (tokdata->version < TOK_NEW_DATA_STORE)
|
||||||
|
return reload_token_object_old(tokdata, obj);
|
||||||
|
@@ -2580,9 +2581,18 @@ CK_RV reload_token_object(STDLL_TokData_t *tokdata, OBJECT *obj)
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ memcpy(&ver, header, 4);
|
||||||
|
memcpy(&priv, header + 4, 1);
|
||||||
|
memcpy(&len, header + 60, 4);
|
||||||
|
- size = be32toh(len);
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * In OCK 3.12 - 3.14 the version and size was not stored in BE. So if
|
||||||
|
+ * version field is in platform endianness, keep size as is also.
|
||||||
|
+ */
|
||||||
|
+ if (ver == TOK_NEW_DATA_STORE)
|
||||||
|
+ size = len;
|
||||||
|
+ else
|
||||||
|
+ size = be32toh(len);
|
||||||
|
|
||||||
|
buf = (CK_BYTE *) malloc(size);
|
||||||
|
if (buf == NULL) {
|
||||||
|
@@ -2647,8 +2657,9 @@ CK_RV save_public_token_object(STDLL_TokData_t *tokdata, OBJECT *obj)
|
||||||
|
CK_ULONG clear_len;
|
||||||
|
CK_BBOOL flag = FALSE;
|
||||||
|
CK_RV rc;
|
||||||
|
- CK_ULONG_32 len;
|
||||||
|
+ CK_ULONG_32 len, be_len;
|
||||||
|
unsigned char reserved[7] = {0};
|
||||||
|
+ uint32_t tmp;
|
||||||
|
|
||||||
|
if (tokdata->version < TOK_NEW_DATA_STORE)
|
||||||
|
return save_public_token_object_old(tokdata, obj);
|
||||||
|
@@ -2669,11 +2680,14 @@ CK_RV save_public_token_object(STDLL_TokData_t *tokdata, OBJECT *obj)
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ tmp = htobe32(tokdata->version);
|
||||||
|
+ be_len = htobe32(len);
|
||||||
|
+
|
||||||
|
set_perm(fileno(fp));
|
||||||
|
- if (fwrite(&tokdata->version, 4, 1, fp) != 1
|
||||||
|
+ if (fwrite(&tmp, 4, 1, fp) != 1
|
||||||
|
|| fwrite(&flag, 1, 1, fp) != 1
|
||||||
|
|| fwrite(reserved, 7, 1, fp) != 1
|
||||||
|
- || fwrite(&len, 4, 1, fp) != 1
|
||||||
|
+ || fwrite(&be_len, 4, 1, fp) != 1
|
||||||
|
|| fwrite(clear, len, 1, fp) != 1) {
|
||||||
|
rc = CKR_FUNCTION_FAILED;
|
||||||
|
goto done;
|
||||||
|
@@ -2704,6 +2718,7 @@ CK_RV load_public_token_objects(STDLL_TokData_t *tokdata)
|
||||||
|
CK_BBOOL priv;
|
||||||
|
CK_ULONG_32 size;
|
||||||
|
unsigned char header[PUB_HEADER_LEN];
|
||||||
|
+ uint32_t ver;
|
||||||
|
|
||||||
|
if (tokdata->version < TOK_NEW_DATA_STORE)
|
||||||
|
return load_public_token_objects_old(tokdata);
|
||||||
|
@@ -2731,9 +2746,16 @@ CK_RV load_public_token_objects(STDLL_TokData_t *tokdata)
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ memcpy(&ver, header, 4);
|
||||||
|
memcpy(&priv, header + 4, 1);
|
||||||
|
memcpy(&size, header + 12, 4);
|
||||||
|
- size = be32toh(size);
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * In OCK 3.12 - 3.14 the version and size was not stored in BE. So if
|
||||||
|
+ * version field is in platform endianness, keep size as is also
|
||||||
|
+ */
|
||||||
|
+ if (ver != TOK_NEW_DATA_STORE)
|
||||||
|
+ size = be32toh(size);
|
||||||
|
|
||||||
|
if (priv == TRUE) {
|
||||||
|
fclose(fp2);
|
||||||
|
--
|
||||||
|
2.16.2.windows.1
|
||||||
|
|
31
opencryptoki-3.11.0-group.patch
Normal file
31
opencryptoki-3.11.0-group.patch
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
diff -up opencryptoki-3.11.0/usr/lib/api/shrd_mem.c.in.me opencryptoki-3.11.0/usr/lib/api/shrd_mem.c.in
|
||||||
|
--- opencryptoki-3.11.0/usr/lib/api/shrd_mem.c.in.me 2019-01-31 10:42:23.325797012 +0100
|
||||||
|
+++ opencryptoki-3.11.0/usr/lib/api/shrd_mem.c.in 2019-01-31 10:52:17.585191667 +0100
|
||||||
|
@@ -55,9 +55,11 @@ void *attach_shared_memory()
|
||||||
|
int shmid;
|
||||||
|
char *shmp;
|
||||||
|
struct stat statbuf;
|
||||||
|
+#if 0
|
||||||
|
struct group *grp;
|
||||||
|
struct passwd *pw, *epw;
|
||||||
|
uid_t uid, euid;
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
#if !(MMAP)
|
||||||
|
// Really should fstat the tok_path, since it will be the actual
|
||||||
|
@@ -69,6 +71,7 @@ void *attach_shared_memory()
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
+#if 0
|
||||||
|
uid = getuid();
|
||||||
|
euid = geteuid();
|
||||||
|
// only check group membership if not root user
|
||||||
|
@@ -102,6 +105,7 @@ void *attach_shared_memory()
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
Anchor->shm_tok = ftok(TOK_PATH, 'b');
|
||||||
|
|
12
opencryptoki-3.11.0-lockdir.patch
Normal file
12
opencryptoki-3.11.0-lockdir.patch
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
diff -up opencryptoki-3.11.0/configure.ac.me opencryptoki-3.11.0/configure.ac
|
||||||
|
--- opencryptoki-3.11.0/configure.ac.me 2019-01-30 17:10:19.660952694 +0100
|
||||||
|
+++ opencryptoki-3.11.0/configure.ac 2019-01-30 17:13:54.150089964 +0100
|
||||||
|
@@ -62,7 +62,7 @@ AC_SUBST([OPENLDAP_LIBS])
|
||||||
|
|
||||||
|
dnl Define custom variables
|
||||||
|
|
||||||
|
-lockdir=$localstatedir/lock/opencryptoki
|
||||||
|
+lockdir=/run/lock/opencryptoki
|
||||||
|
AC_SUBST(lockdir)
|
||||||
|
|
||||||
|
logdir=$localstatedir/log/opencryptoki
|
File diff suppressed because it is too large
Load Diff
63
opencryptoki-3.14.0-crash-in-c_setpin.patch
Normal file
63
opencryptoki-3.14.0-crash-in-c_setpin.patch
Normal file
@ -0,0 +1,63 @@
|
|||||||
|
diff -up opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_openssl.c.me opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_openssl.c
|
||||||
|
--- opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_openssl.c.me 2020-05-26 08:51:32.714189399 -0400
|
||||||
|
+++ opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_openssl.c 2020-05-26 08:52:16.429412060 -0400
|
||||||
|
@@ -57,7 +57,7 @@ void openssl_print_errors()
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
-RSA *openssl_gen_key()
|
||||||
|
+RSA *openssl_gen_key(STDLL_TokData_t *tokdata)
|
||||||
|
{
|
||||||
|
RSA *rsa;
|
||||||
|
int rc, counter = 0;
|
||||||
|
@@ -66,7 +66,7 @@ RSA *openssl_gen_key()
|
||||||
|
BIGNUM *bne;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
- token_specific_rng(NULL, (CK_BYTE *) buf, 32);
|
||||||
|
+ token_specific_rng(tokdata, (CK_BYTE *) buf, 32);
|
||||||
|
RAND_seed(buf, 32);
|
||||||
|
|
||||||
|
regen_rsa_key:
|
||||||
|
diff -up opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_specific.c.me opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_specific.c
|
||||||
|
--- opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_specific.c.me 2020-05-26 08:52:26.351235628 -0400
|
||||||
|
+++ opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_specific.c 2020-05-26 08:53:15.928354051 -0400
|
||||||
|
@@ -159,8 +159,6 @@ CK_RV token_specific_rng(STDLL_TokData_t
|
||||||
|
TSS_HTPM hTPM;
|
||||||
|
BYTE *random_bytes = NULL;
|
||||||
|
|
||||||
|
- UNUSED(tokdata);
|
||||||
|
-
|
||||||
|
rc = Tspi_Context_GetTpmObject(tpm_data->tspContext, &hTPM);
|
||||||
|
if (rc) {
|
||||||
|
TRACE_ERROR("Tspi_Context_GetTpmObject: %x\n", rc);
|
||||||
|
@@ -1389,7 +1387,7 @@ CK_RV token_create_private_tree(STDLL_To
|
||||||
|
unsigned char n[256], p[256];
|
||||||
|
|
||||||
|
/* all sw generated keys are 2048 bits */
|
||||||
|
- if ((rsa = openssl_gen_key()) == NULL)
|
||||||
|
+ if ((rsa = openssl_gen_key(tokdata)) == NULL)
|
||||||
|
return CKR_HOST_MEMORY;
|
||||||
|
|
||||||
|
if (openssl_get_modulus_and_prime(rsa, &size_n, n, &size_p, p) != 0) {
|
||||||
|
@@ -1467,7 +1465,7 @@ CK_RV token_create_public_tree(STDLL_Tok
|
||||||
|
unsigned char n[256], p[256];
|
||||||
|
|
||||||
|
/* all sw generated keys are 2048 bits */
|
||||||
|
- if ((rsa = openssl_gen_key()) == NULL)
|
||||||
|
+ if ((rsa = openssl_gen_key(tokdata)) == NULL)
|
||||||
|
return CKR_HOST_MEMORY;
|
||||||
|
|
||||||
|
if (openssl_get_modulus_and_prime(rsa, &size_n, n, &size_p, p) != 0) {
|
||||||
|
diff -up opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_specific.h.me opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_specific.h
|
||||||
|
--- opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_specific.h.me 2020-05-26 08:53:20.281276648 -0400
|
||||||
|
+++ opencryptoki-3.14.0/usr/lib/tpm_stdll/tpm_specific.h 2020-05-26 08:54:08.356421779 -0400
|
||||||
|
@@ -56,7 +56,7 @@
|
||||||
|
/* retry count for generating software RSA keys */
|
||||||
|
#define KEYGEN_RETRY 5
|
||||||
|
|
||||||
|
-RSA *openssl_gen_key();
|
||||||
|
+RSA *openssl_gen_key(STDLL_TokData_t *);
|
||||||
|
int openssl_write_key(STDLL_TokData_t *, RSA *, char *, CK_BYTE *);
|
||||||
|
CK_RV openssl_read_key(STDLL_TokData_t *, char *, CK_BYTE *, RSA **);
|
||||||
|
int openssl_get_modulus_and_prime(RSA *, unsigned int *, unsigned char *,
|
85
opencryptoki-3.14.0-early-error-in-c-initialize.patch
Normal file
85
opencryptoki-3.14.0-early-error-in-c-initialize.patch
Normal file
@ -0,0 +1,85 @@
|
|||||||
|
commit 2585fc1a52afdfc6ec119e6a27d7c5d52c06d4e2
|
||||||
|
Author: Alexander Scheel <ascheel@redhat.com>
|
||||||
|
Date: Wed Jul 1 08:23:42 2020 -0400
|
||||||
|
|
||||||
|
Handle early error cases in C_Initialize
|
||||||
|
|
||||||
|
When C_Initialize errors prior to the bt_init call, bt_destroy will be
|
||||||
|
called on garbage memory because Anchor hasn't yet been zeroed. This
|
||||||
|
gives a stack trace such as:
|
||||||
|
|
||||||
|
Stack trace of thread 27740:
|
||||||
|
#0 0x00007fce91552b05 raise (libc.so.6 + 0x3cb05)
|
||||||
|
#1 0x00007fce9153b8a4 abort (libc.so.6 + 0x258a4)
|
||||||
|
#2 0x00007fce908db2e1 _ZN2os5abortEb.cold (libjvm.so + 0x20f2e1)
|
||||||
|
#3 0x00007fce911f76c2 _ZN7VMError14report_and_dieEv (libjvm.so + 0xb2b6c2)
|
||||||
|
#4 0x00007fce90fe7a24 JVM_handle_linux_signal (libjvm.so + 0x91ba24)
|
||||||
|
#5 0x00007fce90fdaa9c _Z13signalHandleriP9siginfo_tPv (libjvm.so + 0x90ea9c)
|
||||||
|
#6 0x00007fce91552b90 __restore_rt (libc.so.6 + 0x3cb90)
|
||||||
|
#7 0x00007fce7a262550 bt_destroy (libopencryptoki.so + 0x11550)
|
||||||
|
#8 0x00007fce7a2600d6 C_Initialize (libopencryptoki.so + 0xf0d6)
|
||||||
|
#9 0x00007fce7a6c8234 initialize_module_inlock_reentrant (p11-kit-proxy.so + 0x2d234)
|
||||||
|
#10 0x00007fce7a6c8383 managed_C_Initialize (p11-kit-proxy.so + 0x2d383)
|
||||||
|
#11 0x00007fce7a6cabe0 p11_kit_modules_initialize (p11-kit-proxy.so + 0x2fbe0)
|
||||||
|
#12 0x00007fce7a6cea97 proxy_C_Initialize (p11-kit-proxy.so + 0x33a97)
|
||||||
|
#13 0x00007fce7aaaa6f2 secmod_ModuleInit (libnss3.so + 0x486f2)
|
||||||
|
#14 0x00007fce7aaaae4a secmod_LoadPKCS11Module (libnss3.so + 0x48e4a)
|
||||||
|
#15 0x00007fce7aab800d SECMOD_LoadModule (libnss3.so + 0x5600d)
|
||||||
|
#16 0x00007fce7aab8148 SECMOD_LoadModule (libnss3.so + 0x56148)
|
||||||
|
#17 0x00007fce7aa80dc1 nss_Init (libnss3.so + 0x1edc1)
|
||||||
|
#18 0x00007fce7aa8124d NSS_InitReadWrite (libnss3.so + 0x1f24d)
|
||||||
|
#19 0x00007fce7ac47a29 Java_org_mozilla_jss_CryptoManager_initializeAllNative2 (libjss4.so + 0x15a29)
|
||||||
|
#20 0x00007fce7c8133c7 n/a (n/a + 0x0)
|
||||||
|
#21 0x00007fce7c802ffd n/a (n/a + 0x0)
|
||||||
|
#22 0x00007fce7c802ffd n/a (n/a + 0x0)
|
||||||
|
#23 0x00007fce7c802ffd n/a (n/a + 0x0)
|
||||||
|
#24 0x00007fce7c802ffd n/a (n/a + 0x0)
|
||||||
|
#25 0x00007fce7c802ffd n/a (n/a + 0x0)
|
||||||
|
#26 0x00007fce7c802ffd n/a (n/a + 0x0)
|
||||||
|
#27 0x00007fce7c802ffd n/a (n/a + 0x0)
|
||||||
|
#28 0x00007fce7c802ffd n/a (n/a + 0x0)
|
||||||
|
#29 0x00007fce7c802ffd n/a (n/a + 0x0)
|
||||||
|
#30 0x00007fce7c7fb4e7 n/a (n/a + 0x0)
|
||||||
|
#31 0x00007fce90d60e45 _ZN9JavaCalls11call_helperEP9JavaValueP12methodHandleP17JavaCallArgumentsP6Thread (libjvm.so + 0x694e45)
|
||||||
|
#32 0x00007fce90d8488d _ZL17jni_invoke_staticP7JNIEnv_P9JavaValueP8_jobject11JNICallTypeP10_jmethodIDP18JNI_ArgumentPusherP6Thread.constprop.1 (libjvm.so + 0x6b888d)
|
||||||
|
#33 0x00007fce90d87996 jni_CallStaticVoidMethod (libjvm.so + 0x6bb996)
|
||||||
|
#34 0x00007fce916ee877 JavaMain (libjli.so + 0x4877)
|
||||||
|
#35 0x00007fce914dc3f9 start_thread (libpthread.so.0 + 0x93f9)
|
||||||
|
#36 0x00007fce916183b3 __clone (libc.so.6 + 0x1023b3)
|
||||||
|
|
||||||
|
Fixing this requires zeroing Anchor earlier, making t->size 0 and
|
||||||
|
allowing bt_destroy to exit with accessing uninitialized memory.
|
||||||
|
|
||||||
|
Resolves: #304
|
||||||
|
|
||||||
|
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
|
||||||
|
|
||||||
|
diff --git a/usr/lib/api/api_interface.c b/usr/lib/api/api_interface.c
|
||||||
|
index 51ab30fe..f61f2368 100644
|
||||||
|
--- a/usr/lib/api/api_interface.c
|
||||||
|
+++ b/usr/lib/api/api_interface.c
|
||||||
|
@@ -2557,6 +2557,11 @@ CK_RV C_Initialize(CK_VOID_PTR pVoid)
|
||||||
|
// Clear out the load list
|
||||||
|
memset(slot_loaded, 0, sizeof(int) * NUMBER_SLOTS_MANAGED);
|
||||||
|
|
||||||
|
+ // Zero out API_Proc_Struct
|
||||||
|
+ // This must be done prior to all goto error calls, else bt_destroy()
|
||||||
|
+ // will fail because it accesses uninitialized memory when t->size > 0.
|
||||||
|
+ memset(Anchor, 0, sizeof(API_Proc_Struct_t));
|
||||||
|
+
|
||||||
|
TRACE_DEBUG("Anchor allocated at %s\n", (char *) Anchor);
|
||||||
|
|
||||||
|
// Validation of the parameters passed
|
||||||
|
@@ -2653,12 +2658,10 @@ CK_RV C_Initialize(CK_VOID_PTR pVoid)
|
||||||
|
rc = CKR_FUNCTION_FAILED;
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
|
- //Zero out API_Proc_Struct
|
||||||
|
//Map Shared Memory Region
|
||||||
|
//if ( Shared Memory Mapped not Successful )
|
||||||
|
// Free allocated Memory
|
||||||
|
// Return CKR_HOST_MEMORY
|
||||||
|
- memset((char *) Anchor, 0, sizeof(API_Proc_Struct_t));
|
||||||
|
bt_init(&Anchor->sess_btree, free);
|
||||||
|
Anchor->Pid = getpid();
|
||||||
|
|
@ -0,0 +1,22 @@
|
|||||||
|
commit a94436937b6364c53219fb3c7922439f403e8d5e
|
||||||
|
Author: Harald Freudenberger <freude@linux.ibm.com>
|
||||||
|
Date: Wed May 27 07:30:33 2020 +0200
|
||||||
|
|
||||||
|
Fix missing entries for p11sak tool in template spec file
|
||||||
|
|
||||||
|
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
|
||||||
|
|
||||||
|
diff --git a/rpm/opencryptoki.spec b/rpm/opencryptoki.spec
|
||||||
|
index fa4b9899..ae563406 100644
|
||||||
|
--- a/rpm/opencryptoki.spec
|
||||||
|
+++ b/rpm/opencryptoki.spec
|
||||||
|
@@ -238,7 +238,9 @@ exit 0
|
||||||
|
%{_unitdir}/pkcsslotd.service
|
||||||
|
%{_sbindir}/pkcsconf
|
||||||
|
%{_sbindir}/pkcsslotd
|
||||||
|
+%{_sbindir}/p11sak
|
||||||
|
%{_mandir}/man1/pkcsconf.1*
|
||||||
|
+%{_mandir}/man1/p11sak.1*
|
||||||
|
%{_mandir}/man5/%{name}.conf.5*
|
||||||
|
%{_mandir}/man7/%{name}.7*
|
||||||
|
%{_mandir}/man8/pkcsslotd.8*
|
12
opencryptoki-3.2-no-undefined.patch
Normal file
12
opencryptoki-3.2-no-undefined.patch
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
diff -up opencryptoki/configure.in.no-undefined opencryptoki/configure.in
|
||||||
|
--- opencryptoki/configure.in.no-undefined 2015-08-27 11:49:50.815984145 +0200
|
||||||
|
+++ opencryptoki/configure.in 2015-08-27 11:50:59.432874245 +0200
|
||||||
|
@@ -574,7 +574,7 @@ fi
|
||||||
|
AM_CONDITIONAL([ENABLE_PKCSCCA_MIGRATE], [test "x$enable_pkcscca_migrate" = "xyes"])
|
||||||
|
AM_CONDITIONAL([ENABLE_PKCSEP11_MIGRATE], [test "x$enable_pkcsep11_migrate" = "xyes"])
|
||||||
|
|
||||||
|
-CFLAGS="$CFLAGS -DPKCS64 -D_XOPEN_SOURCE=500"
|
||||||
|
+CFLAGS="$CFLAGS -DPKCS64 -D_XOPEN_SOURCE=500 -Wl,--no-undefined"
|
||||||
|
|
||||||
|
CFLAGS+=' -DCONFIG_PATH=\"$(localstatedir)/lib/opencryptoki\" -DSBIN_PATH=\"$(sbindir)\" -DLIB_PATH=\"$(libdir)\" -DLOCKDIR_PATH=\"$(lockdir)\" -DOCK_CONFDIR=\"$(sysconfdir)/opencryptoki\" -DOCK_LOGDIR=\"$(logdir)\"'
|
||||||
|
|
8
opencryptoki.module
Normal file
8
opencryptoki.module
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
# This file describes how to load the opensc module
|
||||||
|
# See: http://p11-glue.freedesktop.org/doc/p11-kit/config.html
|
||||||
|
|
||||||
|
# This is a relative path, which means it will be loaded from
|
||||||
|
# the p11-kit default path which is usually $(libdir)/pkcs11.
|
||||||
|
# Doing it this way allows for packagers to package opensc for
|
||||||
|
# 32-bit and 64-bit and make them parallel installable
|
||||||
|
module: libopencryptoki.so
|
592
opencryptoki.spec
Normal file
592
opencryptoki.spec
Normal file
@ -0,0 +1,592 @@
|
|||||||
|
Name: opencryptoki
|
||||||
|
Summary: Implementation of the PKCS#11 (Cryptoki) specification v2.11
|
||||||
|
Version: 3.14.0
|
||||||
|
Release: 6%{?dist}
|
||||||
|
License: CPL
|
||||||
|
URL: https://github.com/opencryptoki/opencryptoki
|
||||||
|
Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
|
||||||
|
Source1: opencryptoki.module
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=732756
|
||||||
|
Patch0: opencryptoki-3.11.0-group.patch
|
||||||
|
|
||||||
|
# bz#1373833, change tmpfiles snippets from /var/lock/* to /run/lock/*
|
||||||
|
Patch1: opencryptoki-3.11.0-lockdir.patch
|
||||||
|
|
||||||
|
# upstream fix, regression - segfault in C_SetPin
|
||||||
|
Patch2: opencryptoki-3.14.0-crash-in-c_setpin.patch
|
||||||
|
|
||||||
|
# upstream fix, handle early error cases in C_Initialize
|
||||||
|
Patch3: opencryptoki-3.14.0-early-error-in-c-initialize.patch
|
||||||
|
|
||||||
|
# Fix missing entries for p11sak tool in template spec file
|
||||||
|
Patch4: opencryptoki-3.14.0-missing-p11sak-tool-a94436937b6364c53219fb3c7922439f403e8d5e.patch
|
||||||
|
|
||||||
|
# PIN conversion tool
|
||||||
|
Patch5: opencryptoki-3.14.0-cd40f4b7cb1b502ca754b9bfb307d934285709a9-PIN-conversion-tool.patch
|
||||||
|
Patch6: 0001-pkcstok_migrate-Fix-NVTOK.DAT-conversion-on-little-e.patch
|
||||||
|
Patch7: 0002-pkcstok_migrate-Fix-private-token-object-conversion-.patch
|
||||||
|
Patch8: 0003-pkcstok_migrate-Fix-public-token-object-conversion-o.patch
|
||||||
|
Patch9: 0004-pkcstok_migrate-Remove-the-token-s-shared-memory-seg.patch
|
||||||
|
Patch10: 0005-Fix-storing-of-public-token-objects-in-new-data-form.patch
|
||||||
|
|
||||||
|
# Use --no-undefined to debug missing symbols
|
||||||
|
#Patch100: %%{name}-3.2-no-undefined.patch
|
||||||
|
|
||||||
|
Requires(pre): coreutils
|
||||||
|
BuildRequires: gcc
|
||||||
|
BuildRequires: openssl-devel
|
||||||
|
BuildRequires: trousers-devel
|
||||||
|
BuildRequires: openldap-devel
|
||||||
|
BuildRequires: autoconf automake libtool
|
||||||
|
BuildRequires: bison flex
|
||||||
|
BuildRequires: systemd
|
||||||
|
BuildRequires: libitm-devel
|
||||||
|
BuildRequires: expect
|
||||||
|
%ifarch s390 s390x
|
||||||
|
BuildRequires: libica-devel >= 2.3
|
||||||
|
%endif
|
||||||
|
Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
|
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
|
Requires: %{name}(token)
|
||||||
|
Requires(post): systemd
|
||||||
|
Requires(preun): systemd
|
||||||
|
Requires(postun): systemd
|
||||||
|
|
||||||
|
|
||||||
|
%description
|
||||||
|
Opencryptoki implements the PKCS#11 specification v2.11 for a set of
|
||||||
|
cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the
|
||||||
|
Trusted Platform Module (TPM) chip. Opencryptoki also brings a software
|
||||||
|
token implementation that can be used without any cryptographic
|
||||||
|
hardware.
|
||||||
|
This package contains the Slot Daemon (pkcsslotd) and general utilities.
|
||||||
|
|
||||||
|
|
||||||
|
%package libs
|
||||||
|
Summary: The run-time libraries for opencryptoki package
|
||||||
|
Requires(pre): shadow-utils
|
||||||
|
|
||||||
|
%description libs
|
||||||
|
Opencryptoki implements the PKCS#11 specification v2.11 for a set of
|
||||||
|
cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the
|
||||||
|
Trusted Platform Module (TPM) chip. Opencryptoki also brings a software
|
||||||
|
token implementation that can be used without any cryptographic
|
||||||
|
hardware.
|
||||||
|
This package contains the PKCS#11 library implementation, and requires
|
||||||
|
at least one token implementation (packaged separately) to be fully
|
||||||
|
functional.
|
||||||
|
|
||||||
|
|
||||||
|
%package devel
|
||||||
|
Summary: Development files for openCryptoki
|
||||||
|
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
|
|
||||||
|
%description devel
|
||||||
|
This package contains the development header files for building
|
||||||
|
opencryptoki and PKCS#11 based applications
|
||||||
|
|
||||||
|
|
||||||
|
%package swtok
|
||||||
|
Summary: The software token implementation for opencryptoki
|
||||||
|
Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
|
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
|
Provides: %{name}(token)
|
||||||
|
|
||||||
|
%description swtok
|
||||||
|
Opencryptoki implements the PKCS#11 specification v2.11 for a set of
|
||||||
|
cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the
|
||||||
|
Trusted Platform Module (TPM) chip. Opencryptoki also brings a software
|
||||||
|
token implementation that can be used without any cryptographic
|
||||||
|
hardware.
|
||||||
|
This package brings the software token implementation to use opencryptoki
|
||||||
|
without any specific cryptographic hardware.
|
||||||
|
|
||||||
|
|
||||||
|
%package tpmtok
|
||||||
|
Summary: Trusted Platform Module (TPM) device support for opencryptoki
|
||||||
|
Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
|
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
|
Provides: %{name}(token)
|
||||||
|
|
||||||
|
%description tpmtok
|
||||||
|
Opencryptoki implements the PKCS#11 specification v2.11 for a set of
|
||||||
|
cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the
|
||||||
|
Trusted Platform Module (TPM) chip. Opencryptoki also brings a software
|
||||||
|
token implementation that can be used without any cryptographic
|
||||||
|
hardware.
|
||||||
|
This package brings the necessary libraries and files to support
|
||||||
|
Trusted Platform Module (TPM) devices in the opencryptoki stack.
|
||||||
|
|
||||||
|
|
||||||
|
%package icsftok
|
||||||
|
Summary: ICSF token support for opencryptoki
|
||||||
|
Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
|
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
|
Provides: %{name}(token)
|
||||||
|
|
||||||
|
%description icsftok
|
||||||
|
Opencryptoki implements the PKCS#11 specification v2.11 for a set of
|
||||||
|
cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the
|
||||||
|
Trusted Platform Module (TPM) chip. Opencryptoki also brings a software
|
||||||
|
token implementation that can be used without any cryptographic
|
||||||
|
hardware.
|
||||||
|
This package brings the necessary libraries and files to support
|
||||||
|
ICSF token in the opencryptoki stack.
|
||||||
|
|
||||||
|
|
||||||
|
%ifarch s390 s390x
|
||||||
|
%package icatok
|
||||||
|
Summary: ICA cryptographic devices (clear-key) support for opencryptoki
|
||||||
|
Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
|
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
|
Provides: %{name}(token)
|
||||||
|
|
||||||
|
%description icatok
|
||||||
|
Opencryptoki implements the PKCS#11 specification v2.11 for a set of
|
||||||
|
cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the
|
||||||
|
Trusted Platform Module (TPM) chip. Opencryptoki also brings a software
|
||||||
|
token implementation that can be used without any cryptographic
|
||||||
|
hardware.
|
||||||
|
This package brings the necessary libraries and files to support ICA
|
||||||
|
devices in the opencryptoki stack. ICA is an interface to IBM
|
||||||
|
cryptographic hardware such as IBM 4764 or 4765 that uses the
|
||||||
|
"accelerator" or "clear-key" path.
|
||||||
|
|
||||||
|
%package ccatok
|
||||||
|
Summary: CCA cryptographic devices (secure-key) support for opencryptoki
|
||||||
|
Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
|
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
|
Provides: %{name}(token)
|
||||||
|
|
||||||
|
%description ccatok
|
||||||
|
Opencryptoki implements the PKCS#11 specification v2.11 for a set of
|
||||||
|
cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the
|
||||||
|
Trusted Platform Module (TPM) chip. Opencryptoki also brings a software
|
||||||
|
token implementation that can be used without any cryptographic
|
||||||
|
hardware.
|
||||||
|
This package brings the necessary libraries and files to support CCA
|
||||||
|
devices in the opencryptoki stack. CCA is an interface to IBM
|
||||||
|
cryptographic hardware such as IBM 4764 or 4765 that uses the
|
||||||
|
"co-processor" or "secure-key" path.
|
||||||
|
|
||||||
|
%package ep11tok
|
||||||
|
Summary: CCA cryptographic devices (secure-key) support for opencryptoki
|
||||||
|
Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
|
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
|
Provides: %{name}(token)
|
||||||
|
|
||||||
|
%description ep11tok
|
||||||
|
Opencryptoki implements the PKCS#11 specification v2.11 for a set of
|
||||||
|
cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the
|
||||||
|
Trusted Platform Module (TPM) chip. Opencryptoki also brings a software
|
||||||
|
token implementation that can be used without any cryptographic
|
||||||
|
hardware.
|
||||||
|
This package brings the necessary libraries and files to support EP11
|
||||||
|
tokens in the opencryptoki stack. The EP11 token is a token that uses
|
||||||
|
the IBM Crypto Express adapters (starting with Crypto Express 4S adapters)
|
||||||
|
configured with Enterprise PKCS#11 (EP11) firmware.
|
||||||
|
%endif
|
||||||
|
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%autosetup -p1
|
||||||
|
|
||||||
|
|
||||||
|
%build
|
||||||
|
./bootstrap.sh
|
||||||
|
|
||||||
|
%configure --with-systemd=%{_unitdir} --enable-testcases \
|
||||||
|
%ifarch s390 s390x
|
||||||
|
--enable-icatok --enable-ccatok --enable-ep11tok --enable-pkcsep11_migrate
|
||||||
|
%else
|
||||||
|
--disable-icatok --disable-ccatok --disable-ep11tok --disable-pkcsep11_migrate
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%make_build CHGRP=/bin/true
|
||||||
|
|
||||||
|
|
||||||
|
%install
|
||||||
|
%make_install CHGRP=/bin/true
|
||||||
|
install -Dpm 644 %{SOURCE1} $RPM_BUILD_ROOT%{_datadir}/p11-kit/modules/opencryptoki.module
|
||||||
|
|
||||||
|
|
||||||
|
%pre libs
|
||||||
|
getent group pkcs11 >/dev/null || groupadd -r pkcs11
|
||||||
|
exit 0
|
||||||
|
|
||||||
|
%post
|
||||||
|
%systemd_post pkcsslotd.service
|
||||||
|
if test $1 -eq 1; then
|
||||||
|
%tmpfiles_create %{name}.conf
|
||||||
|
fi
|
||||||
|
|
||||||
|
%preun
|
||||||
|
%systemd_preun pkcsslotd.service
|
||||||
|
|
||||||
|
%postun
|
||||||
|
%systemd_postun_with_restart pkcsslotd.service
|
||||||
|
|
||||||
|
|
||||||
|
%files
|
||||||
|
%doc ChangeLog FAQ README.md
|
||||||
|
%doc doc/opencryptoki-howto.md
|
||||||
|
%doc doc/README.token_data
|
||||||
|
%dir %{_sysconfdir}/%{name}
|
||||||
|
%config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
|
||||||
|
%{_tmpfilesdir}/%{name}.conf
|
||||||
|
%{_unitdir}/pkcsslotd.service
|
||||||
|
%{_sbindir}/p11sak
|
||||||
|
%{_sbindir}/pkcstok_migrate
|
||||||
|
%{_sbindir}/pkcsconf
|
||||||
|
%{_sbindir}/pkcsslotd
|
||||||
|
%{_mandir}/man1/p11sak.1*
|
||||||
|
%{_mandir}/man1/pkcstok_migrate.1*
|
||||||
|
%{_mandir}/man1/pkcsconf.1*
|
||||||
|
%{_mandir}/man5/%{name}.conf.5*
|
||||||
|
%{_mandir}/man7/%{name}.7*
|
||||||
|
%{_mandir}/man8/pkcsslotd.8*
|
||||||
|
%{_libdir}/opencryptoki/methods
|
||||||
|
%{_libdir}/pkcs11/methods
|
||||||
|
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}
|
||||||
|
%ghost %dir %attr(770,root,pkcs11) %{_rundir}/lock/%{name}
|
||||||
|
%ghost %dir %attr(770,root,pkcs11) %{_rundir}/lock/%{name}/*
|
||||||
|
%dir %attr(770,root,pkcs11) %{_localstatedir}/log/opencryptoki
|
||||||
|
|
||||||
|
%files libs
|
||||||
|
%license LICENSE
|
||||||
|
%{_sysconfdir}/ld.so.conf.d/*
|
||||||
|
# Unversioned .so symlinks usually belong to -devel packages, but opencryptoki
|
||||||
|
# needs them in the main package, because:
|
||||||
|
# documentation suggests that programs should dlopen "PKCS11_API.so".
|
||||||
|
%dir %{_libdir}/opencryptoki
|
||||||
|
%{_libdir}/opencryptoki/libopencryptoki.*
|
||||||
|
%{_libdir}/opencryptoki/PKCS11_API.so
|
||||||
|
%dir %{_libdir}/opencryptoki/stdll
|
||||||
|
%dir %{_libdir}/pkcs11
|
||||||
|
%{_libdir}/pkcs11/libopencryptoki.so
|
||||||
|
%{_libdir}/pkcs11/PKCS11_API.so
|
||||||
|
%{_libdir}/pkcs11/stdll
|
||||||
|
# Co-owned with p11-kit
|
||||||
|
%dir %{_datadir}/p11-kit/
|
||||||
|
%dir %{_datadir}/p11-kit/modules/
|
||||||
|
%{_datadir}/p11-kit/modules/opencryptoki.module
|
||||||
|
|
||||||
|
%files devel
|
||||||
|
%{_includedir}/%{name}/
|
||||||
|
|
||||||
|
%files swtok
|
||||||
|
%{_libdir}/opencryptoki/stdll/libpkcs11_sw.*
|
||||||
|
%{_libdir}/opencryptoki/stdll/PKCS11_SW.so
|
||||||
|
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/swtok/
|
||||||
|
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/swtok/TOK_OBJ/
|
||||||
|
|
||||||
|
%files tpmtok
|
||||||
|
%doc doc/README.tpm_stdll
|
||||||
|
%{_libdir}/opencryptoki/stdll/libpkcs11_tpm.*
|
||||||
|
%{_libdir}/opencryptoki/stdll/PKCS11_TPM.so
|
||||||
|
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/tpm/
|
||||||
|
|
||||||
|
%files icsftok
|
||||||
|
%doc doc/README.icsf_stdll
|
||||||
|
%{_sbindir}/pkcsicsf
|
||||||
|
%{_mandir}/man1/pkcsicsf.1*
|
||||||
|
%{_libdir}/opencryptoki/stdll/libpkcs11_icsf.*
|
||||||
|
%{_libdir}/opencryptoki/stdll/PKCS11_ICSF.so
|
||||||
|
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/icsf/
|
||||||
|
|
||||||
|
%ifarch s390 s390x
|
||||||
|
%files icatok
|
||||||
|
%{_libdir}/opencryptoki/stdll/libpkcs11_ica.*
|
||||||
|
%{_libdir}/opencryptoki/stdll/PKCS11_ICA.so
|
||||||
|
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/lite/
|
||||||
|
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/lite/TOK_OBJ/
|
||||||
|
|
||||||
|
%files ccatok
|
||||||
|
%doc doc/README.cca_stdll
|
||||||
|
%{_sbindir}/pkcscca
|
||||||
|
%{_mandir}/man1/pkcscca.1*
|
||||||
|
%{_libdir}/opencryptoki/stdll/libpkcs11_cca.*
|
||||||
|
%{_libdir}/opencryptoki/stdll/PKCS11_CCA.so
|
||||||
|
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/ccatok/
|
||||||
|
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/ccatok/TOK_OBJ/
|
||||||
|
|
||||||
|
%files ep11tok
|
||||||
|
%doc doc/README.ep11_stdll
|
||||||
|
%config(noreplace) %{_sysconfdir}/%{name}/ep11tok.conf
|
||||||
|
%config(noreplace) %{_sysconfdir}/%{name}/ep11cpfilter.conf
|
||||||
|
%{_sbindir}/pkcsep11_migrate
|
||||||
|
%{_sbindir}/pkcsep11_session
|
||||||
|
%{_mandir}/man1/pkcsep11_migrate.1*
|
||||||
|
%{_mandir}/man1/pkcsep11_session.1*
|
||||||
|
%{_libdir}/opencryptoki/stdll/libpkcs11_ep11.*
|
||||||
|
%{_libdir}/opencryptoki/stdll/PKCS11_EP11.so
|
||||||
|
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/ep11tok/
|
||||||
|
%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/ep11tok/TOK_OBJ/
|
||||||
|
%endif
|
||||||
|
|
||||||
|
|
||||||
|
%changelog
|
||||||
|
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.14.0-6
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 3.14.0-5
|
||||||
|
- Use make macros
|
||||||
|
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
|
||||||
|
|
||||||
|
* Wed Jul 08 2020 Than Ngo <than@redhat.com> - 3.14.0-4
|
||||||
|
- added PIN conversion tool
|
||||||
|
|
||||||
|
* Wed Jul 01 2020 Than Ngo <than@redhat.com> - 3.14.0-3
|
||||||
|
- upstream fix - handle early error cases in C_Initialize
|
||||||
|
|
||||||
|
* Wed May 27 2020 Than Ngo <than@redhat.com> - 3.14.0-2
|
||||||
|
- fix regression, segfault in C_SetPin
|
||||||
|
|
||||||
|
* Fri May 15 2020 Dan Horák <dan[at]danny.cz> - 3.14.0-1
|
||||||
|
- Rebase to 3.14.0
|
||||||
|
|
||||||
|
* Fri Mar 06 2020 Dan Horák <dan[at]danny.cz> - 3.13.0-1
|
||||||
|
- Rebase to 3.13.0
|
||||||
|
|
||||||
|
* Mon Feb 03 2020 Dan Horák <dan[at]danny.cz> - 3.12.1-3
|
||||||
|
- fix build with gcc 10
|
||||||
|
|
||||||
|
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.12.1-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Nov 27 2019 Dan Horák <dan[at]danny.cz> - 3.12.1-1
|
||||||
|
- Rebase to 3.12.1
|
||||||
|
|
||||||
|
* Wed Nov 13 2019 Dan Horák <dan[at]danny.cz> - 3.12.0-1
|
||||||
|
- Rebase to 3.12.0
|
||||||
|
|
||||||
|
* Sun Sep 22 2019 Dan Horák <dan[at]danny.cz> - 3.11.1-1
|
||||||
|
- Rebase to 3.11.1
|
||||||
|
|
||||||
|
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.11.0-5
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Mar 28 2019 Than Ngo <than@redhat.com> - 3.11.0-4
|
||||||
|
- enable testcase by default
|
||||||
|
- fix URL
|
||||||
|
|
||||||
|
* Tue Feb 19 2019 Than Ngo <than@redhat.com> - 3.11.0-3
|
||||||
|
- Resolved #1063763 - opencryptoki tools should inform the user that he is not in pkcs11 group
|
||||||
|
|
||||||
|
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.11.0-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Jan 31 2019 Than Ngo <than@redhat.com> - 3.11.0-1
|
||||||
|
- Updated to 3.11.0
|
||||||
|
- Resolved #1341079 - Failed to create directory or subvolume "/var/lock/opencryptoki"
|
||||||
|
- Ported root's group membership's patch for 3.11.0
|
||||||
|
|
||||||
|
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.10.0-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Jun 12 2018 Dan Horák <dan[at]danny.cz> - 3.10.0-1
|
||||||
|
- Rebase to 3.10.0
|
||||||
|
|
||||||
|
* Fri Feb 23 2018 Dan Horák <dan[at]danny.cz> - 3.9.0-1
|
||||||
|
- Rebase to 3.9.0
|
||||||
|
|
||||||
|
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.8.2-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Nov 24 2017 Dan Horák <dan[at]danny.cz> - 3.8.2-2
|
||||||
|
- use upstream tmpfiles config
|
||||||
|
|
||||||
|
* Thu Nov 23 2017 Dan Horák <dan[at]danny.cz> - 3.8.2-1
|
||||||
|
- Rebase to 3.8.2 (#1512678)
|
||||||
|
|
||||||
|
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.7.0-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.7.0-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed May 17 2017 Sinny Kumari <sinny@redhat.com> - 3.7.0-1
|
||||||
|
- Rebase to 3.7.0
|
||||||
|
- Added libitm-devel as BuildRequires
|
||||||
|
|
||||||
|
* Mon Apr 03 2017 Sinny Kumari <sinny@redhat.com> - 3.6.2-1
|
||||||
|
- Rebase to 3.6.2
|
||||||
|
- RHBZ#1424017 - opencryptoki: FTBFS in rawhide
|
||||||
|
|
||||||
|
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.1-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Sep 01 2016 Jakub Jelen <jjelen@redhat.com> - 3.5.1-1
|
||||||
|
- New upstream release
|
||||||
|
|
||||||
|
* Tue May 03 2016 Jakub Jelen <jjelen@redhat.com> - 3.5-1
|
||||||
|
- New upstream release
|
||||||
|
|
||||||
|
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 3.4.1-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Dec 07 2015 Jakub Jelen <jjelen@redhat.com> 3.4.1-1
|
||||||
|
- New bugfix upstream release
|
||||||
|
|
||||||
|
* Wed Nov 18 2015 Jakub Jelen <jjelen@redhat.com> 3.4-1
|
||||||
|
- New upstream release
|
||||||
|
- Adding post-release patch fixing compile warnings
|
||||||
|
|
||||||
|
* Thu Aug 27 2015 Jakub Jelen <jjelen@redhat.com> 3.3-1.1
|
||||||
|
- New upstream release
|
||||||
|
- Correct dependencies for group creation
|
||||||
|
|
||||||
|
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.2-4
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu May 07 2015 Jakub Jelen <jjelen@redhat.com> 3.2-3
|
||||||
|
- Few more undefined symbols fixed for s390(x) specific targets
|
||||||
|
- Do not require --no-undefined, because s390(x) requires some
|
||||||
|
|
||||||
|
* Mon May 04 2015 Jakub Jelen <jjelen@redhat.com> 3.2-2
|
||||||
|
- Fix missing sources and libraries in makefiles causing undefined symbols (#1193560)
|
||||||
|
- Make inline function compatible for GCC5
|
||||||
|
|
||||||
|
* Wed Sep 10 2014 Petr Lautrbach <plautrba@redhat.com> 3.2-1
|
||||||
|
- new upstream release 3.2
|
||||||
|
- add new sub-package opencryptoki-ep11tok on s390x
|
||||||
|
|
||||||
|
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.1-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Jul 24 2014 Petr Lautrbach <plautrba@redhat.com> 3.1-1
|
||||||
|
- new upstream release 3.1
|
||||||
|
|
||||||
|
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.0-11
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Feb 17 2014 Petr Lautrbach <plautrba@redhat.com> 3.0-10
|
||||||
|
- create the right lock directory for cca tokens (#1054442)
|
||||||
|
|
||||||
|
* Wed Jan 29 2014 Petr Lautrbach <plautrba@redhat.com> 3.0-9
|
||||||
|
- use Requires(pre): opencryptoki-libs for subpackages
|
||||||
|
|
||||||
|
* Mon Jan 20 2014 Dan Horák <dan[at]danny.cz> - 3.0-8
|
||||||
|
- include token specific directories (#1013017, #1045775, #1054442)
|
||||||
|
- fix pkcsconf crash for non-root users (#10054661)
|
||||||
|
- the libs subpackage must care of creating the pkcs11 group, it's the first to be installed
|
||||||
|
|
||||||
|
* Tue Dec 03 2013 Dan Horák <dan[at]danny.cz> - 3.0-7
|
||||||
|
- fix build with -Werror=format-security (#1037228)
|
||||||
|
|
||||||
|
* Fri Nov 22 2013 Dan Horák <dan[at]danny.cz> - 3.0-6
|
||||||
|
- apply post-3.0 fixes (#1033284)
|
||||||
|
|
||||||
|
* Tue Nov 19 2013 Dan Horák <dan[at]danny.cz> - 3.0-5
|
||||||
|
- update opencryptoki man page (#1001729)
|
||||||
|
|
||||||
|
* Fri Aug 23 2013 Dan Horák <dan[at]danny.cz> - 3.0-4
|
||||||
|
- update unit file (#995002)
|
||||||
|
|
||||||
|
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.0-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Jul 23 2013 Dan Horák <dan[at]danny.cz> - 3.0-2
|
||||||
|
- update pkcsconf man page (#948460)
|
||||||
|
|
||||||
|
* Mon Jul 22 2013 Dan Horák <dan[at]danny.cz> - 3.0-1
|
||||||
|
- new upstream release 3.0
|
||||||
|
|
||||||
|
* Tue Jun 25 2013 Dan Horák <dan[at]danny.cz> - 2.4.3.1-1
|
||||||
|
- new upstream release 2.4.3.1
|
||||||
|
|
||||||
|
* Fri May 03 2013 Dan Horák <dan[at]danny.cz> - 2.4.3-1
|
||||||
|
- new upstream release 2.4.3
|
||||||
|
|
||||||
|
* Thu Apr 04 2013 Dan Horák <dan[at]danny.cz> - 2.4.2-4
|
||||||
|
- enable hardened build
|
||||||
|
- switch to systemd macros in scriptlets (#850240)
|
||||||
|
|
||||||
|
* Mon Jan 28 2013 Dan Horák <dan[at]danny.cz> - 2.4.2-3
|
||||||
|
- add virtual opencryptoki(token) Provides to token modules and as Requires
|
||||||
|
to main package (#904986)
|
||||||
|
|
||||||
|
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.2-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Jun 21 2012 Dan Horák <dan[at]danny.cz> - 2.4.2-1
|
||||||
|
- new upstream release 2.4.2
|
||||||
|
- add pkcs_slot man page
|
||||||
|
- don't add root to the pkcs11 group
|
||||||
|
|
||||||
|
* Mon Jun 11 2012 Dan Horák <dan[at]danny.cz> - 2.4.1-2
|
||||||
|
- fix unresolved symbols in TPM module (#830129)
|
||||||
|
|
||||||
|
* Sat Feb 25 2012 Dan Horák <dan[at]danny.cz> - 2.4.1-1
|
||||||
|
- new upstream release 2.4.1
|
||||||
|
- convert from initscript to systemd unit
|
||||||
|
- import fixes from RHEL-6 about root's group membership (#732756, #730903)
|
||||||
|
|
||||||
|
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Jul 07 2011 Dan Horák <dan[at]danny.cz> - 2.4-1
|
||||||
|
- new upstream release 2.4
|
||||||
|
|
||||||
|
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3.3-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Jan 17 2011 Dan Horák <dan[at]danny.cz> 2.3.3-1
|
||||||
|
- new upstream release 2.3.3
|
||||||
|
|
||||||
|
* Tue Nov 09 2010 Michal Schmidt <mschmidt@redhat.com> 2.3.2-2
|
||||||
|
- Apply Obsoletes to package names, not provides.
|
||||||
|
|
||||||
|
* Tue Sep 14 2010 Dan Horák <dan[at]danny.cz> 2.3.2-1
|
||||||
|
- new upstream release 2.3.2
|
||||||
|
- put STDLLs in separate packages to match upstream package design
|
||||||
|
|
||||||
|
* Thu Jul 08 2010 Michal Schmidt <mschmidt@redhat.com> 2.3.1-7
|
||||||
|
- Move the LICENSE file to the -libs subpackage.
|
||||||
|
|
||||||
|
* Tue Jun 29 2010 Dan Horák <dan[at]danny.cz> 2.3.1-6
|
||||||
|
- rebuilt with CCA enabled (#604287)
|
||||||
|
- fixed issues from #546274
|
||||||
|
|
||||||
|
* Fri Apr 30 2010 Dan Horák <dan[at]danny.cz> 2.3.1-5
|
||||||
|
- fixed one more issue in the initscript (#547324)
|
||||||
|
|
||||||
|
* Mon Apr 26 2010 Dan Horák <dan[at]danny.cz> 2.3.1-4
|
||||||
|
- fixed pidfile creating and usage (#547324)
|
||||||
|
|
||||||
|
* Mon Feb 08 2010 Michal Schmidt <mschmidt@redhat.com> 2.3.1-3
|
||||||
|
- Also list 'reload' and 'force-reload' in "Usage: ...".
|
||||||
|
|
||||||
|
* Mon Feb 08 2010 Michal Schmidt <mschmidt@redhat.com> 2.3.1-2
|
||||||
|
- Support 'force-reload' in the initscript.
|
||||||
|
|
||||||
|
* Wed Jan 27 2010 Michal Schmidt <mschmidt@redhat.com> 2.3.1-1
|
||||||
|
- New upstream release 2.3.1.
|
||||||
|
- opencryptoki-2.3.0-fix-nss-breakage.patch was merged.
|
||||||
|
|
||||||
|
* Fri Jan 22 2010 Dan Horák <dan[at]danny.cz> 2.3.0-5
|
||||||
|
- made pkcsslotd initscript LSB compliant (#522149)
|
||||||
|
|
||||||
|
* Mon Sep 07 2009 Michal Schmidt <mschmidt@redhat.com> 2.3.0-4
|
||||||
|
- Added opencryptoki-2.3.0-fix-nss-breakage.patch on upstream request.
|
||||||
|
|
||||||
|
* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 2.3.0-3
|
||||||
|
- rebuilt with new openssl
|
||||||
|
|
||||||
|
* Sun Aug 16 2009 Michal Schmidt <mschmidt@redhat.com> 2.3.0-2
|
||||||
|
- Require libica-2.0.
|
||||||
|
|
||||||
|
* Fri Aug 07 2009 Michal Schmidt <mschmidt@redhat.com> 2.3.0-1
|
||||||
|
- New upstream release 2.3.0:
|
||||||
|
- adds support for RSA 4096 bit keys in the ICA token.
|
||||||
|
|
||||||
|
* Tue Jul 21 2009 Michal Schmidt <mschmidt@redhat.com> - 2.2.8-5
|
||||||
|
- Require arch-specific dependency on -libs.
|
||||||
|
|
||||||
|
* Tue Jul 21 2009 Michal Schmidt <mschmidt@redhat.com> - 2.2.8-4
|
||||||
|
- Return support for crypto hw on s390.
|
||||||
|
- Renamed to opencryptoki.
|
||||||
|
- Simplified multilib by putting libs in subpackage as suggested by Dan Horák.
|
||||||
|
|
||||||
|
* Tue Jul 21 2009 Michal Schmidt <mschmidt@redhat.com> - 2.2.8-2
|
||||||
|
- Fedora package based on RHEL-5 package.
|
Loading…
Reference in New Issue
Block a user