commit f6f067176ea5a6a3a830702a8fd5a62987824898cbb7a0b3bcd5914cac40ee33 Author: OBS User unknown Date: Mon Jan 15 23:27:33 2007 +0000 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openCryptoki?expand=0&rev=1 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/ock_222_cmd_fix_ptr_to_arr.diff b/ock_222_cmd_fix_ptr_to_arr.diff new file mode 100644 index 0000000..bbcb747 --- /dev/null +++ b/ock_222_cmd_fix_ptr_to_arr.diff @@ -0,0 +1,12 @@ +diff -Naur ./openCryptoki-2.2.2-rc2/usr/sbin/pkcsslotd/garbage_linux.h openCryptoki-2.2.2-rc2-cmd_fix/usr/sbin/pkcsslotd/garbage_linux.h +--- ./openCryptoki-2.2.2-rc2/usr/sbin/pkcsslotd/garbage_linux.h 2006-04-04 14:45:04.000000000 -0500 ++++ openCryptoki-2.2.2-rc2-cmd_fix/usr/sbin/pkcsslotd/garbage_linux.h 2006-04-04 14:50:40.000000000 -0500 +@@ -301,7 +301,7 @@ + pid; /* process id */ + + char +- *cmd, /* command line string vector for /proc//cmdline */ ++ cmd[16], /* command line string vector for /proc//cmdline */ + state; /* single-char code for process state [R, S, D, Z, or T] */ + + int diff --git a/ock_222_proc_struct_cmd_20060309.diff b/ock_222_proc_struct_cmd_20060309.diff new file mode 100644 index 0000000..9deacd2 --- /dev/null +++ b/ock_222_proc_struct_cmd_20060309.diff @@ -0,0 +1,143 @@ +Index: usr/sbin/pkcsslotd/garbage_linux.c +=================================================================== +RCS file: /cvsroot/opencryptoki/opencryptoki/usr/sbin/pkcsslotd/garbage_linux.c,v +retrieving revision 1.4 +diff -a -u -r1.4 garbage_linux.c +--- usr/sbin/pkcsslotd/garbage_linux.c 24 Jan 2006 17:18:25 -0000 1.4 ++++ usr/sbin/pkcsslotd/garbage_linux.c 9 Mar 2006 17:06:15 -0000 +@@ -295,91 +295,15 @@ + #include + #include + #include +-/* #include "garbage_linux.h" */ + #pragma info(restore) + +- + #define PROC_BASE "/proc" + +- + extern BOOL GCBlockSignals (void); + +- + #if !defined(NOGARBAGE) + +- +-/* +- * Basic data structure which holds information we can get about a process. +- * (unless otherwise specified, fields are read from /proc//stat) +- * +- * Comes from task_struct in linux/sched.h +- */ +-typedef struct { +- int +- pid; /* process id */ +- +- char +- *cmd, /* command line string vector for /proc//cmdline */ +- state; /* single-char code for process state [R, S, D, Z, or T] */ +- +- int +- ppid, /* pid of parent process */ +- pgrp, /* process group id */ +- session, /* session id */ +- tty, /* full device number of controlling terminal */ +- tpgid; /* terminal process group id */ +- +- unsigned long +- flags, /* kernel flags for the process */ +- min_flt, /* number of minor page faults since process start */ +- cmin_flt, /* cumulative min_flt of process and child processes */ +- maj_flt, /* number of major page faults since process start */ +- cmaj_flt, /* cumulative maj_flt of process and child processes */ +- utime, /* user-mode CPU time accumulated by process */ +- stime; /* kernel-mode CPU time accumulated by process */ +- +- long +- cutime, /* cumulative utime of process and reaped children */ +- cstime, /* cumulative stime of process and reaped children */ +- priority, /* kernel scheduling priority */ +- nice, /* standard unix nice level of process */ +- timeout, /* ? */ +- it_real_value; /* ? */ +- +- unsigned long +- start_time, /* start time of process -- seconds since 1-1-70 */ +- vsize; /* number of pages of virtual memory ... */ +- +- long +- rss; /* resident set size from /proc//stat (pages) */ +- +- unsigned long +- rss_rlim, /* resident set size limit? */ +- start_code, /* address of beginning of code segment */ +- end_code, /* address of end of code segment */ +- start_stack, /* address of the bottom of stack for the process */ +- kstk_esp, /* kernel stack pointer */ +- kstk_eip; /* kernel instruction pointer */ +- +- char +- /* Linux 2.1.7x and up have more signals. This handles 88. */ +- /* long long (instead of char xxxxxx[24]) handles 64 */ +- signal[24], /* mask of pending signals */ +- blocked[24], /* mask of blocked signals */ +- sigignore[24], /* mask of ignored signals */ +- sigcatch[24]; /* mask of caught signals */ +- +- unsigned long +- wchan, /* address of kernel wait channel proc is sleeping in */ +- nswap, /* ? */ +- cnswap; /* cumulative nswap ? */ +- +- int +- exit_signal, +- processor; +- +-} proc_t; +- ++#include "garbage_linux.h" + + #ifdef PKCS64 + BOOL IsValidProcessEntry ( pid_t_64 pid, time_t_64 RegTime ); +Index: usr/sbin/pkcsslotd/garbage_linux.h +=================================================================== +RCS file: /cvsroot/opencryptoki/opencryptoki/usr/sbin/pkcsslotd/garbage_linux.h,v +retrieving revision 1.2 +diff -a -u -r1.2 garbage_linux.h +--- usr/sbin/pkcsslotd/garbage_linux.h 24 Jan 2006 17:18:26 -0000 1.2 ++++ usr/sbin/pkcsslotd/garbage_linux.h 9 Mar 2006 17:06:24 -0000 +@@ -291,18 +291,11 @@ + + */ + +-/* (C) COPYRIGHT International Business Machines Corp. 2001 */ +- ++/* (C) COPYRIGHT International Business Machines Corp. 2001 */ + + #ifndef GARBAGE_LINUX_H + #define GARBAGE_LINUX_H + +-/* +- * Basic data structure which holds all information we can get about a process. +- * (unless otherwise specified, fields are read from /proc/#/stat) +- * +- * Most of it comes from task_struct in linux/sched.h +- */ + typedef struct { + int + pid; /* process id */ +@@ -323,7 +316,7 @@ + min_flt, /* number of minor page faults since process start */ + cmin_flt, /* cumulative min_flt of process and child processes */ + maj_flt, /* number of major page faults since process start */ +- cmaj_flt; /* cumulative maj_flt of process and child processes */ ++ cmaj_flt, /* cumulative maj_flt of process and child processes */ + utime, /* user-mode CPU time accumulated by process */ + stime; /* kernel-mode CPU time accumulated by process */ + +@@ -369,6 +362,5 @@ + + } proc_t; + +- + #endif + diff --git a/ock_64_bit_fixes.diff b/ock_64_bit_fixes.diff new file mode 100644 index 0000000..b8fa729 --- /dev/null +++ b/ock_64_bit_fixes.diff @@ -0,0 +1,35 @@ +diff -Naur ./openCryptoki-2.2.2-rc2/usr/lib/pkcs11/api/apiutil.c ./openCryptoki-2.2.2-rc2-64_bit_fixes/usr/lib/pkcs11/api/apiutil.c +--- ./openCryptoki-2.2.2-rc2/usr/lib/pkcs11/api/apiutil.c 2006-04-10 22:22:16.000000000 +0200 ++++ ./openCryptoki-2.2.2-rc2-64_bit_fixes/usr/lib/pkcs11/api/apiutil.c 2006-04-10 22:23:07.000000000 +0200 +@@ -1026,16 +1026,17 @@ + + // Check for the name specified to be corre + sprintf(path,"%s",sinfp->dll_location); // make a copy since dir name can change the memory +- sprintf(path2,"%s/stdll",LIBLOCATION); // make a copy since dir name can change the memory + dname = dirname(path); ++ sprintf(path2,"%s/stdll%s",LIBLOCATION,&(sinfp->dll_location[strlen(dname)])); // make a copy since dir name can change the memory ++ /* + if (strcmp(dname,path2) != 0 ) { + // Not in the location we expect + sltp->dlop_p = NULL; + return 0; + + } +- +- dllload[i].dlop_p = dlopen(sinfp->dll_location,RTLD_NOW); ++ */ ++ dllload[i].dlop_p = dlopen(path2,RTLD_NOW); + + if (dllload[i].dlop_p != NULL ){ + sltp->dlop_p = dllload[i].dlop_p; +diff -Naur ./openCryptoki-2.2.2-rc2/usr/lib/pkcs11/common/utility.c ./openCryptoki-2.2.2-rc2-64_bit_fixes/usr/lib/pkcs11/common/utility.c +--- ./openCryptoki-2.2.2-rc2/usr/lib/pkcs11/common/utility.c 2006-04-10 22:22:16.000000000 +0200 ++++ ./openCryptoki-2.2.2-rc2-64_bit_fixes/usr/lib/pkcs11/common/utility.c 2006-04-10 22:22:53.000000000 +0200 +@@ -294,6 +294,7 @@ + #include + #include + #include ++#include + #include + #include + #include diff --git a/ock_add_free_mech_list_20060131.diff b/ock_add_free_mech_list_20060131.diff new file mode 100644 index 0000000..2f9ede6 --- /dev/null +++ b/ock_add_free_mech_list_20060131.diff @@ -0,0 +1,25 @@ +Index: ./usr/lib/pkcs11/ica_s390_stdll/ica_specific.c +=================================================================== +RCS file: /cvsroot/opencryptoki/opencryptoki/usr/lib/pkcs11/ica_s390_stdll/ica_specific.c,v +retrieving revision 1.6 +diff -a -u -r1.6 ica_specific.c +--- ./usr/lib/pkcs11/ica_s390_stdll/ica_specific.c 4 Jan 2006 15:05:50 -0000 1.6 ++++ ./usr/lib/pkcs11/ica_s390_stdll/ica_specific.c 31 Jan 2006 17:06:13 -0000 +@@ -2050,6 +2050,7 @@ + int rc = CKR_OK; + struct mech_list_item head; + struct mech_list_item *walker; ++ head.next = NULL; + #if 1 + rc = ock_generic_get_mechanism_list(pMechanismList, pulCount); + if (rc != CKR_OK) { +@@ -2090,7 +2091,8 @@ + walker = next; + } + #endif +- out: ++out: ++ free_mech_list(&head); + return rc; + } + diff --git a/ock_head_ptr_to_null_20060308.diff b/ock_head_ptr_to_null_20060308.diff new file mode 100644 index 0000000..34ef73b --- /dev/null +++ b/ock_head_ptr_to_null_20060308.diff @@ -0,0 +1,11 @@ +diff -Naur ./openCryptoki-2.2.2-rc2/usr/lib/pkcs11/ica_s390_stdll/ica_specific.c openCryptoki-2.2.2-rc2-head_ptr_to_null/usr/lib/pkcs11/ica_s390_stdll/ica_specific.c +--- ./openCryptoki-2.2.2-rc2/usr/lib/pkcs11/ica_s390_stdll/ica_specific.c 2006-03-08 13:06:28.000000000 -0500 ++++ openCryptoki-2.2.2-rc2-head_ptr_to_null/usr/lib/pkcs11/ica_s390_stdll/ica_specific.c 2006-03-08 13:07:11.000000000 -0500 +@@ -2110,6 +2110,7 @@ + int rc = CKR_MECHANISM_INVALID; + struct mech_list_item head; + struct mech_list_item *walker; ++ head.next = NULL; + #if 1 + rc = ock_generic_get_mechanism_info(type, pInfo); + if (rc == CKR_OK) { diff --git a/openCryptoki-2.2.2-rc2.tar.bz2 b/openCryptoki-2.2.2-rc2.tar.bz2 new file mode 100644 index 0000000..0e31762 --- /dev/null +++ b/openCryptoki-2.2.2-rc2.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:38e80887e0fadf5d6ca2c7ba7a561dbdc98f01595148bc62d31f8fe848930a5b +size 612893 diff --git a/openCryptoki-TFAQ.html b/openCryptoki-TFAQ.html new file mode 100644 index 0000000..a80f4a8 --- /dev/null +++ b/openCryptoki-TFAQ.html @@ -0,0 +1,1320 @@ + + + + + FV Test Plan Template + + + + + + + + + + + + + + + +

Functional +Verification Test Plan for openCryptoki

Version 0.2

08/15/2005

+
+

Owner: Michael A. Halcrow
mhalcrow@us.ibm.com
(512) +838-8096
11501 Burnet Rd Austin, TX 78758

+ + + + + +

It is the responsibility of the user of this document to + ensure that they are using the current version of this document. + To validate that your copy of this document is at the latest + level, view the latest version of this document: + <official document location or contact author/owner>

+ +

Document Control

Document Change Control

Initial Release: 0.1
Review +Frequency: At each major revision
Final Page Indicator: "End +of Document;" statement
Retention: Valid until superseded by +a new version/level. +

Reviewers/Approvers

<List +names of approver(s) and reviewer(s) – indicate next to name +approver or reviewer>

Tom Lendacky – Reviewer

Emily Ratliff - Reviewer

Change Summary

+<List reviews of +this document : include review date, version reviewed, new version(if +needed), reviewer(s), approver(s)>

+ + + + + + + + +

Review Date

Version Reviewed

New Version (if needed)

Reviewer(s)

Approver(s)

Table of Contents

I. +Introduction. +4

A. +References/Related Documents. +4

B. +LDP Items

II. +Test Plan Overview.. +5

A. +Additional Program Products. +5

B. +Test Approach and Methodology. +6

C. +System Operation. +6

D. +Performance. +6

E. +Standards Compliance. +7

F. +Stress. +7

G. +Regression. +7

H. +Ship Test +7

I. +Installation Documentation. +7

J. +Installation/Configuration Test +7

K. +Reliability, Availability, and Serviceability. +7

L. +Usability. +7

IV. +Quality Goals. +8

A. +Goals. +8

B. +Measurements. +8

V. +Status Information. +8

VI. +Testcase Descriptions. +9

A. +Naming Conventions. +9

B. +Testcase Location. +9

C. +Testcases description. +9

VII. +Functional Coverage Matrix. +9

VIII. +Approval Criteria. +10

End +of Document +10

I. +Introduction

A. +References/Related Documents

<List any documents or +references to LDP entries covered in this plan OR used in +developing this plan>

+ + + + + + + + + + + +

+ Document/Reference + + +	+ + Version +	+ + Location +
+ + +	+ + +	+ + +

B. LDP Items

<List LDP entries covered in +this plan : include LDP number, one-liner description, +product/package name that will include the LDP entry, and +targeted release>

+ + + + + + + + + + + + + +

LDP

Number + (LDP) +

+ Description

+ Included in Product/Package

+ Targeted Kernel Release/Distro

+ 31056

+ TCG: PKCS#11 usage of TPM: + openCryptoki future release

+ openCryptoki

+ RHEL4 U3

+1. +End-Use Impact

+Allows users to access cryptographic +hardware through a PKCS#11 interface.

+2. +Files (Design/Implementation +Details – New Section)

<Identify/List +any files or code impacted by OR are new for this +feature/LDP item(s)? (i.e. list files, or directories)>

+/usr/lib/opencryptoki/

+/var/lib/opencryptoki/

+/etc/pkcs11

+3. +Enablement

<Identify +how this feature/LDP item(s) is enabled. Is it automatically +enabled/default turned on? If not, how would an end-user +enable/"turn on" this feature/LDP item?>

+openCryptoki is enabled by executing +an initialization script and then running /etc/init.d/pkcsslotd. +Applications link against libopencryptoki.a and make various calls +through the library.

+4. +Parameters (Design/Implementation +Details – New Section)

+See +opencryptoki/doc/openCryptoki-HOWTO.pdf in the source base for +documentation on openCryptoki application parameters.

5. +Bugs/Defects

<Identify +how l issues/bugs/defects be tracked? (i.e. Notes +DB, Bugzilla, Bugzilla Family, Component, etc.) List +components.> +

Bugs are +tracked via the Sourceforge bugzilla: +http://sourceforge.net/tracker/?group_id=128009&atid=710344

6. +Targeted Code Completion

<Identify +targeted code completion date.> +

05/31/2005

+C. Hardware

<Identify/List supported +hardware architectures/platforms for this feature/LDP item? (i.e. +common/architecture neutral, xSeries, pSeries, zSeries, iSeries, +Power5 only, etc..)> +

i386, ppc, ppc64, +s390, s390x.

+D. Firmware

<Identify/List supported/required +firmware for this feature/LDP item?> +

N/A

+E. Limitations

< List +any known limitations or restrictions of this feature.> +

N/A

+F. General

<Identify/List any other “general” +dependencies not covered above that are required to support this +feature/LDP item.> +

Some hardware accelerators will be +required to test specific openCryptoki STDLL's or OpenSSL will be +required to test the software STDLL. For the ICA s390 token, VICOM +emulation of certain instructions (e.g., SHA-256 or AES) will need to +be enabled.

+G. Past History

<If available, describe any past +history relating to LDP items and/or components: customer problems, +error prone areas, and any strengths/weaknesses of previous testing.>

Weaknesses in +testing: although testcases exist, some of them may be token specific +and therefor require updating. There is work currently in plan for +2005 to resolve this issue.

+II. Test Plan Overview

<Describe test goals, objectives, level of testing and scope +of this plan in relation to the LDP item(s) covered.>

The goals of the current tests available are to test the PKCS#11 +API and also the functionality of specific tokens (STDLL files).

A. +Additional Program Products

<Identify/List +software/products required to perform the tests covered in this plan +– be sure to list the product/package that includes the LDP +item(s)>

+ + + + + + + + + + + + + + +

+ Software/Product + Name + +	+ + Description +	+ + Level/Version +
+ + OpenSSL +	+ + SSL and crypto libraries +	+ + 0.9.8+ +

B. Test +Approach and Methodology

<Document the test approach and +methodology to be used.>

Manually, by running +individual test cases included in the openCryptoki tarball.

C. System +Operation

<Document verification methods used +for hardware and software configurations/combinations.> +

Assume RHEL4+/s390/s390x or +SLES9+/i386/ppc/ppc64/s390/s390x

rpm -q openCryptoki succeeds

rpm -q openCryptoki-32/64bit succeeds

D. +Performance

< If applicable, document +verification methods used to determine performance equal to or better +than existing configurations.>

N/A

E. Standards +Compliance

<If applicable, identify applicable +test suites (SBLIM, GNU Automake, etc) to be run to verify standards +compliance.>

N/A

F. Stress

N/A

G. Regression

<Identify/List a set of tests from +current and proposed set of testcases to be used during regression +testing.> +

The following directories under +testcases/ contain tests that should be run during regression +testing:

speed/
+
driver/
+
oc-digest/
+
v2.11/
+

H. Ship Test

<Identify/List +a set of tests from current and proposed set of testcases to be used +during ship/final testing.> +

The following directories under +testcases/ contain tests that should be run prior to shipping:

speed/
+
driver/
+

oc-digest/
+
v2.11/
+

I. Installation Documentation

The instructions for installing the +package are in the README and INSTALL files contained within the +package tarball.

J. +Installation/Configuration Test

<If applicable, describe the +various configurations/combinations to be used during the +installation and configuration verification tasks of LDP +item(s) covered in this plan.> +

N/A

K. Reliability, Availability, and +Serviceability

<If applicable, describe the RAS +goals of the LDP item(s) covered in this plan and how these will be +verified.>

N/A

L. Usability

<If applicable, describe how +usability of the LDP item(s) covered in this plan will be verified.>

N/A

IV. +Quality Goals

A. Goals

<Identify the quality goals of this +plan.> +

Runs stably under load (multiple applications concurrently + making PKCS#11 calls through the openCryptoki library).
+
Provides PKCS#11 interface to an application.
+

B. +Measurements

<What measurement methods will be +used to track goals?>. +

Correct operation is measured via the +tests found in the testcases/ directory.

V. Status +Information

<The following information will need to be collected and +stored on a regular basis until the execution of this plan is +completed. Identify here the location of this stored information +(could be tracked by project management) and how frequently it +will be updated.

NOTE: Some testcases my be logged by hours of successful +test execution – which is ok.>

SUMMARY:

+ + + + + + + + + + + + + + + + + + + + + + + + + + + +

+ Planned Number of Testcases : #

+ Date

+ Number of Testcases

+ Written +

+ (% of planned)

+ Number of Testcases

+ Executed +

+ (% of written)

+ Number of Testcases Successful +

+ (% of executed)

+ Defects Open/Active +

+ (newest -> oldest)

+ 8/15/2005

+ 100

DETAILS: <List uncompleted work/testcases first>

+ + + + + + + + + + + + + + + + + + + + + + + + +

+ Execution Status

+ Testcase/Testsuite

+ Written/

+ Coded?

+ (mm/dd/yy)

+ Operating System/Distro +

+ Platform/ +

+ Hardware Model w/ +

+ Firmware Levels

+ Dependent Software Product Levels

+ Pass/Fail

+ Defects Open/Active +

+ (newest -> oldest)

+ testcases/ suite

+ 8/15/2005

+ all

+ x86, ppc, ppc64, s390, s390x

+ SLES9 SP2, RHEL 4 U3

+ Pass

VI. +Testcase Descriptions

A. Naming +Conventions

<If applicable, describe any name +conventions used for the testcases.>

N/A

B. Testcase Location

<Indicate the location/storage of +these test cases.>

The tests are +included in the package tarball under the testcases/ directory.

C. Testcases description

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

+ Name of + testcase +	+ What it + tests + +	+ Expected + result +
+ speed +	+ The implementation of many + different algorithms . +	+ Success. +
+ driver +	+ The implementation of many + different algorithms . +	+ Success. +
+ v2.11 +	+ Implementation of AES test. +	+ Success. +
+ oc-digest +	+ Implementation of hash + function tests. +	+ Success. +

VII. Functional +Coverage Matrix

This table describes the functional coverage of the test suite(s). +For each new or modified testcase, it shows the associated list of +assertions, whether or not the test case is automated, and whether or +not the test case is suitable for a lasting regression test suite. +

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

+ Testcase +	+ Automated? +	+ Include in Regression? +
+ <test case name> +	+ <Y/N> +	+ <Y/N> +	+ + <assertion 1> + + <assertion 2> + + <assertion 3> + + + n. <assertion n> + +
+ speed +	+ N +	+ Y +	+ For each slot reported by + + $ pkcsconf -s + + run “speed -slot N” [ Where + N is the slot number] + Verify that the test succeeded. + +
+ driver +	+ N +	+ Y +	+ For each slot reported by + + $ pkcsconf -s + 1. run “driver -slot N” [ Where + N is the slot number] + + Verify that the test succeeded. + +
+ v2.11 +	+ N +	+ Y +	+ For each slot reported by + + $ pkcsconf -s + 1. run “aes_func -slot N” [ + Where N is the slot number] + + Verify that the test succeeded. + +
+ oc-digest +	+ N +	+ Y +	+ For each slot reported by + + $ pkcsconf -s + 1. run “ocdigest -slot N -t + [digest] [filename] ” [ Where N is the slot number, digest is + the digest to test (i.e., md5, sha1, or sha256), and filename is + the name of the file containing the contents to hash] + + Verify that the test succeeded. + +

VIII. Approval Criteria

<Explicitly identify the approval criteria for the test case +execution results.>

FV exit criteria: +

100% of planned test cases + written +
+
100% of planned test cases + executed +
+
Resolution of all Sev 1 Bugs found executing this plan +
+

End of Document

+ + \ No newline at end of file diff --git a/openCryptoki-autoconf.patch b/openCryptoki-autoconf.patch new file mode 100644 index 0000000..11e1acb --- /dev/null +++ b/openCryptoki-autoconf.patch @@ -0,0 +1,135 @@ +--- find_files.sh ++++ find_files.sh +@@ -21,7 +21,7 @@ + # Recursively search these paths for header or library file(s) + # + HDR_PATHS="${ADDED_INCS} /usr/include /usr/local/include /usr/X11R6/include $HOME/include" +-LIB_PATHS="${ADDED_LIBS} /lib /usr/lib /usr/local/lib /usr/X11R6/lib $HOME/lib" ++LIB_PATHS="${ADDED_LIBS} /lib /lib64 /usr/lib /usr/lib64 /usr/local/lib /usr/local/lib64 /usr/X11R6/lib $HOME/lib" + + + if [ "$1" == "LIB" ]; then +--- usr/lib/pkcs11/aep_stdll/Makefile.am ++++ usr/lib/pkcs11/aep_stdll/Makefile.am +@@ -4,7 +4,7 @@ + + PKCS11_AEP_so_LDFLAGS = $(LCRYPTO) $(AEP_LIB_DIRS) -nostartfiles -shared -Wl,-soname,PKCS11_AEP.so.1 -lc -lpthread -lcrypto -laep + +-CFLAGS = $(PERFFLAG) -DSPINXPL -DDEV -D_THREAD_SAFE -DLINUX -fPIC -DSHALLOW=0 -DSWTOK=1 -DLITE=0 -DNOCDMF -DNOMD2 -DNODSA -DDEBUGON -DAEP_GENERIC ++AM_CFLAGS = $(PERFFLAG) -DSPINXPL -DDEV -D_THREAD_SAFE -DLINUX -fPIC -DSHALLOW=0 -DSWTOK=1 -DLITE=0 -DNOCDMF -DNOMD2 -DNODSA -DDEBUGON -DAEP_GENERIC + + VPATH= ./:../common + +--- usr/lib/pkcs11/api/Makefile.am ++++ usr/lib/pkcs11/api/Makefile.am +@@ -2,7 +2,7 @@ + bin_PROGRAMS=PKCS11_API.so + bindir=/tmp + PKCS11_API_so_LDFLAGS = -g -nostartfiles -shared -Wl,-soname,$@ -Wl,-Bsymbolic -lc -ldl -lpthread +-CFLAGS = $(PERFFLAG) $(PKCS64_FLG) -DSPINXPL -DAPI -DDEV -D_THREAD_SAFE -DLINUX -fPIC ++AM_CFLAGS = $(PERFFLAG) $(PKCS64_FLG) -DSPINXPL -DAPI -DDEV -D_THREAD_SAFE -DLINUX -fPIC + PKCS11_API_so_SOURCES = api_interface.c shrd_mem.c apiutil.c + INCLUDES = -I../. -I../../../include/pkcs11 + +--- usr/lib/pkcs11/bcom_stdll/Makefile.am ++++ usr/lib/pkcs11/bcom_stdll/Makefile.am +@@ -5,7 +5,7 @@ + PKCS11_BC_so_LDFLAGS = $(LCRYPTO) $(BC_LIB_DIRS) -nostartfiles -shared -Wl,-Bsymbolic -Wl,-soname,PKCS11_BC.so.1 -lc -lpthread -lubsec -ldl -lcrypto + + VARIANT = -DSHALLOW=0 -DSWTOK=1 -DLITE=0 +-CFLAGS = $(PERFFLAG) -DSPINXPL -DDEV -D_THREAD_SAFE -DLINUX -fPIC $(VARIANT) -DNOCDMF -DNOMD2 -DNODSA -DNOAES -DNODH -DDEBUGON -D_LINUX -D_LINUX_ ++AM_CFLAGS = $(PERFFLAG) -DSPINXPL -DDEV -D_THREAD_SAFE -DLINUX -fPIC $(VARIANT) -DNOCDMF -DNOMD2 -DNODSA -DNOAES -DNODH -DDEBUGON -D_LINUX -D_LINUX_ + + VPATH= ./:../common + +--- usr/lib/pkcs11/cr_stdll/Makefile.am ++++ usr/lib/pkcs11/cr_stdll/Makefile.am +@@ -5,7 +5,7 @@ + PKCS11_CR_so_LDFLAGS = $(LCRYPTO) $(CR_LIB_DIRS) -nostartfiles -shared -Wl,-Bsymbolic -Wl,-soname,PKCS11_BC.so.1 -lc -lpthread -lsocketarmor -ldl -lcrypto + + VARIANT = -DSHALLOW=0 -DSWTOK=1 -DLITE=0 +-CFLAGS = $(PERFFLAG) -DSPINXPL -DDEV -D_THREAD_SAFE -DLINUX -fPIC $(VARIANT) -DNOCDMF -DNOMD2 -DNODSA -DDEBUGON -D_LINUX -D_LINUX_ ++AM_CFLAGS = $(PERFFLAG) -DSPINXPL -DDEV -D_THREAD_SAFE -DLINUX -fPIC $(VARIANT) -DNOCDMF -DNOMD2 -DNODSA -DDEBUGON -D_LINUX -D_LINUX_ + + VPATH= ./:../common + +--- usr/lib/pkcs11/ica_s390_stdll/Makefile.am ++++ usr/lib/pkcs11/ica_s390_stdll/Makefile.am +@@ -6,7 +6,7 @@ + + PKCS11_ICA_so_LDFLAGS = $(LCRYPTO) $(ICA_LIB_DIRS) -nostartfiles -shared -Wl,-Bsymbolic -Wl,-soname,$@ -Wl,-Bsymbolic -lc -lpthread -lica -ldl -lcrypto + +-CFLAGS = $(PERFFLAG) $(PKCS64_FLG) -DSPINXPL -DDEV -D_THREAD_SAFE -DLINUX -fPIC -DSHALLOW=0 -DSWTOK=0 -DLITE=1 -DNODH -DNOAES -DNOCDMF -DNOMD2 -DNODSA -D_LINUX -D_LINUX_ ++AM_CFLAGS = $(PERFFLAG) $(PKCS64_FLG) -DSPINXPL -DDEV -D_THREAD_SAFE -DLINUX -fPIC -DSHALLOW=0 -DSWTOK=0 -DLITE=1 -DNODH -DNOAES -DNOCDMF -DNOMD2 -DNODSA -D_LINUX -D_LINUX_ + + VPATH= ./:../common + +--- usr/lib/pkcs11/ica_stdll/Makefile.am ++++ usr/lib/pkcs11/ica_stdll/Makefile.am +@@ -4,7 +4,7 @@ + + PKCS11_ICA_so_LDFLAGS = $(LCRYPTO) $(ICA_LIB_DIRS) -nostartfiles -shared -Wl,-Bsymbolic -Wl,-soname,PKCS11_ICA.so.1 -lc -lpthread -lica -ldl -lcrypto + +-CFLAGS = $(PERFFLAG) -DSPINXPL -DDEV -D_THREAD_SAFE -DLINUX -fPIC -DSHALLOW=0 -DSWTOK=0 -DLITE=1 -DNOCDMF -DNOMD2 -DNODSA -DNOAES -DNODH -D_LINUX -D_LINUX_ ++AM_CFLAGS = $(PERFFLAG) -DSPINXPL -DDEV -D_THREAD_SAFE -DLINUX -fPIC -DSHALLOW=0 -DSWTOK=0 -DLITE=1 -DNOCDMF -DNOMD2 -DNODSA -DNOAES -DNODH -D_LINUX -D_LINUX_ + + VPATH= ./:../common + +--- usr/lib/pkcs11/leeds_stdll/Makefile.am ++++ usr/lib/pkcs11/leeds_stdll/Makefile.am +@@ -5,7 +5,7 @@ + + LIBS = -lscc + +-CFLAGS = $(PERFFLAG) -DDEV -D_THREAD_SAFE -DLINUX -DLEEDS_BUILD -DAIXSTDLL -D_LINUX_ ++AM_CFLAGS = $(PERFFLAG) -DDEV -D_THREAD_SAFE -DLINUX -DLEEDS_BUILD -DAIXSTDLL -D_LINUX_ + + PKCS11_4758_so_SOURCES = host_api.c util.c + +--- usr/lib/pkcs11/methods/4758_status/Makefile.am ++++ usr/lib/pkcs11/methods/4758_status/Makefile.am +@@ -3,9 +3,9 @@ + bindir=/tmp + + +-LDFLAGS = $(SCC_LIB_DIRS) -ldl -lpthread ++AM_LDFLAGS = $(SCC_LIB_DIRS) -ldl -lpthread + LIBS = -lscc +-CFLAGS = $(PERFFLAG) -DDEV -D_THREAD_SAFE -DLINUX -DDEBUG -DAPI ++AM_CFLAGS = $(PERFFLAG) -DDEV -D_THREAD_SAFE -DLINUX -DDEBUG -DAPI + + SOURCES = 4758_status.c + +--- usr/lib/pkcs11/methods/pkcsconf/Makefile.am ++++ usr/lib/pkcs11/methods/pkcsconf/Makefile.am +@@ -4,7 +4,7 @@ + + pkcsconf_LDFLAGS = -lpthread -ldl + +-CFLAGS = $(PERFFLAG) $(PKCS64_FLG) -DSPINXPL -DLINUX -D_THREAD_SAFE -DDEBUG -DDEV -DAPI ++AM_CFLAGS = $(PERFFLAG) $(PKCS64_FLG) -DSPINXPL -DLINUX -D_THREAD_SAFE -DDEBUG -DDEV -DAPI + + pkcsconf_SOURCES = pkcsconf.c + +--- usr/lib/pkcs11/soft_stdll/Makefile.am ++++ usr/lib/pkcs11/soft_stdll/Makefile.am +@@ -4,7 +4,7 @@ + + PKCS11_SW_so_LDFLAGS = $(LCRYPTO) -nostartfiles -shared -Wl,-Bsymbolic -Wl,-soname,PKCS11_SW.so.1 -lc -lpthread -lcrypto + +-CFLAGS = $(PERFFLAG) -DSPINXPL -DDEV -D_THREAD_SAFE -DLINUX -fPIC -DSHALLOW=0 -DSWTOK=1 -DLITE=0 -DNOCDMF -DNOMD2 -DNODSA -DDEBUGON ++AM_CFLAGS = $(PERFFLAG) -DSPINXPL -DDEV -D_THREAD_SAFE -DLINUX -fPIC -DSHALLOW=0 -DSWTOK=1 -DLITE=0 -DNOCDMF -DNOMD2 -DNODSA -DDEBUGON + + VPATH= ./:../common + +--- usr/sbin/pkcsslotd/Makefile.am ++++ usr/sbin/pkcsslotd/Makefile.am +@@ -4,7 +4,7 @@ + + pkcsslotd_LDFLAGS = -lpthread + +-CFLAGS = $(PERFFLAG) $(PKCS64_FLG) -DSPINXPL -DLINUX -DPROGRAM_NAME=\"$(@)\" -DNOODM -DNODAE ++AM_CFLAGS = $(PERFFLAG) $(PKCS64_FLG) -DSPINXPL -DLINUX -DPROGRAM_NAME=\"$(@)\" -DNOODM -DNODAE + + pkcsslotd_SOURCES = slotmgr.c shmem.c signal.c mutex.c err.c log.c daemon.c no_odm.c garbage_linux.c + diff --git a/openCryptoki-compile-fixes.patch b/openCryptoki-compile-fixes.patch new file mode 100644 index 0000000..fcd4c86 --- /dev/null +++ b/openCryptoki-compile-fixes.patch @@ -0,0 +1,1534 @@ +? openCryptoki-config.patch +? opencryptoki-compile-fixes.patch +? opencryptoki-include-fix.patch +? tmp.diff +Index: testcases/driver/driver.c +=================================================================== +RCS file: /cvsroot/opencryptoki/opencryptoki/testcases/driver/driver.c,v +retrieving revision 1.6 +diff -p -u -r1.6 driver.c +--- testcases/driver/driver.c 11 Jan 2006 19:36:15 -0000 1.6 ++++ testcases/driver/driver.c 12 Jan 2006 09:56:32 -0000 +@@ -74,7 +74,7 @@ void process_time(SYSTEMTIME t1, SYSTEMT + + + +- printf("Time: %u msec\n", ms ); ++ printf("Time: %ld msec\n", ms ); + + } + +@@ -174,7 +174,7 @@ void process_ret_code( CK_RV rc ) + // + void show_error( CK_BYTE *str, CK_RV rc ) + { +- printf("%s returned: %d (0x%0x)", str, rc, rc ); ++ printf("%s returned: %d (0x%0x)", str, (int)rc, (int)rc ); + process_ret_code( rc ); + printf("\n"); + } +@@ -261,7 +261,7 @@ int main (int argc, char **argv) + for (i = 1; i < argc; i++) { + if (strcmp (argv[i], "-h") == 0 || strcmp (argv[i], "--help") == 0) { + usage (argv [0]); +- return; ++ return -1; + } + else if (strcmp (argv[i], "-noskip") == 0) + skip_token_obj = FALSE; +@@ -275,16 +275,16 @@ int main (int argc, char **argv) + else { + printf ("Invalid argument passed as option: %s\n", argv [i]); + usage (argv [0]); +- return; ++ return -1; + } + } + +- printf("Using slot #%d...\n\n", SLOT_ID ); ++ printf("Using slot #%d...\n\n", (int)SLOT_ID ); + printf("With option: no_init: %d, noskip: %d\n", no_init, skip_token_obj); + + rc = do_GetFunctionList(); + if (!rc) +- return; ++ return rc; + + memset( &cinit_args, 0x0, sizeof(cinit_args) ); + cinit_args.flags = CKF_OS_LOCKING_OK; +@@ -294,15 +294,15 @@ int main (int argc, char **argv) + funcs->C_Initialize( &cinit_args ); + + { +- CK_SESSION_HANDLE hsess; ++ CK_SESSION_HANDLE hsess = 0; + + rc = funcs->C_GetFunctionStatus(hsess); + if (rc != CKR_FUNCTION_NOT_PARALLEL) +- return; ++ return rc; + + rc = funcs->C_CancelFunction(hsess); + if (rc != CKR_FUNCTION_NOT_PARALLEL) +- return; ++ return rc; + + } + +@@ -313,25 +313,25 @@ int main (int argc, char **argv) + fprintf (stderr, "\tMisc Functions tests...\n"); + rc = misc_functions(); + if (!rc) +- return; ++ return rc; + + fprintf (stderr, "\tSession Mgmt Functions tests...\n"); + rc = sess_mgmt_functions(); + if (!rc) +- return; ++ return rc; + + fprintf (stderr, "\tObject Mgmt Functions tests...\n"); + rc = obj_mgmt_functions(); + if (!rc) +- return; ++ return rc; + + rc = des_functions(); + if (!rc) +- return; ++ return rc; + + rc = des3_functions(); + if (!rc) +- return; ++ return rc; + + rc = aes_functions(); + if (!rc) { +@@ -340,21 +340,21 @@ int main (int argc, char **argv) + + rc = digest_functions(); + if (!rc) +- return; ++ return rc; + + rc = rsa_functions(); + if (!rc) +- return; ++ return rc; + + /* Begin code contributed by Corrent corp. */ + rc = dh_functions(); + if (!rc) +- return; ++ return rc; + /* End code contributed by Corrent corp. */ + + rc = ssl3_functions(); + if (!rc) +- return; ++ return rc; + printf("------------------ Completed pass %d --------------------\n",i); + i++; + +@@ -362,4 +362,6 @@ int main (int argc, char **argv) + } + + funcs->C_Finalize( NULL ); ++ ++return 0; + } +Index: testcases/init_tok/init_tok.c +=================================================================== +RCS file: /cvsroot/opencryptoki/opencryptoki/testcases/init_tok/init_tok.c,v +retrieving revision 1.6 +diff -p -u -r1.6 init_tok.c +--- testcases/init_tok/init_tok.c 17 Jun 2005 15:35:19 -0000 1.6 ++++ testcases/init_tok/init_tok.c 12 Jan 2006 09:56:33 -0000 +@@ -686,7 +686,7 @@ int main( int argc, char **argv ) + if (strcmp(argv[i], "-h") == 0) { + printf("usage: %s [-slot ] [-h]\n\n", argv[0] ); + printf("By default, Slot #1 is used\n\n"); +- return; ++ return -1; + } + } + +@@ -705,6 +705,6 @@ int main( int argc, char **argv ) + done: + + rc = funcs->C_Finalize( NULL ); +- if (rc != CKR_OK) +- return rc; ++ ++ return rc; + } +Index: testcases/mkobj/mkobj.c +=================================================================== +RCS file: /cvsroot/opencryptoki/opencryptoki/testcases/mkobj/mkobj.c,v +retrieving revision 1.6 +diff -p -u -r1.6 mkobj.c +--- testcases/mkobj/mkobj.c 17 Jun 2005 15:35:19 -0000 1.6 ++++ testcases/mkobj/mkobj.c 12 Jan 2006 09:56:33 -0000 +@@ -705,6 +705,6 @@ int main( int argc, char **argv ) + } while (++i < 1 ); + + rc = funcs->C_Finalize( NULL ); +- if (rc != CKR_OK) +- return rc; ++ ++ return rc; + } +Index: testcases/rsa_keygen/rsa_keygen.c +=================================================================== +RCS file: /cvsroot/opencryptoki/opencryptoki/testcases/rsa_keygen/rsa_keygen.c,v +retrieving revision 1.6 +diff -p -u -r1.6 rsa_keygen.c +--- testcases/rsa_keygen/rsa_keygen.c 17 Jun 2005 15:35:19 -0000 1.6 ++++ testcases/rsa_keygen/rsa_keygen.c 12 Jan 2006 09:56:33 -0000 +@@ -139,7 +139,7 @@ void process_time(SYSTEMTIME t1, SYSTEMT + + + +- printf("Time: %u msec\n", ms ); ++ printf("Time: %ld msec\n", ms ); + + } + +@@ -239,7 +239,7 @@ void process_ret_code( CK_RV rc ) + // + void show_error( CK_BYTE *str, CK_RV rc ) + { +- printf("%s returned: %d (0x%0x)", str, rc, rc ); ++ printf("%s returned: %d (0x%0x)", str, (int)rc, (int)rc ); + process_ret_code( rc ); + printf("\n"); + } +@@ -332,11 +332,11 @@ int main( int argc, char **argv ) + printf("By default, Slot #1 is used\n\n"); + printf("By default we skip anything that creates or modifies\n"); + printf("token objects to preserve flash lifetime.\n"); +- return; ++ return -1; + } + } + +- printf("Using slot #%d...\n\n", SLOT_ID ); ++ printf("Using slot #%d...\n\n", (int)SLOT_ID ); + + rc = do_GetFunctionList(); + if (!rc) +@@ -355,4 +355,6 @@ int main( int argc, char **argv ) + return rc; + + funcs->C_Finalize( NULL ); ++ ++ return 0; + } +Index: testcases/rsa_test/rsa_test.c +=================================================================== +RCS file: /cvsroot/opencryptoki/opencryptoki/testcases/rsa_test/rsa_test.c,v +retrieving revision 1.6 +diff -p -u -r1.6 rsa_test.c +--- testcases/rsa_test/rsa_test.c 17 Jun 2005 15:35:19 -0000 1.6 ++++ testcases/rsa_test/rsa_test.c 12 Jan 2006 09:56:33 -0000 +@@ -567,4 +567,6 @@ int main( int argc, char **argv ) + return rc; + + funcs->C_Finalize( NULL ); ++ ++ return 0; + } +Index: testcases/speed/speed.c +=================================================================== +RCS file: /cvsroot/opencryptoki/opencryptoki/testcases/speed/speed.c,v +retrieving revision 1.6 +diff -p -u -r1.6 speed.c +--- testcases/speed/speed.c 17 Jun 2005 15:35:19 -0000 1.6 ++++ testcases/speed/speed.c 12 Jan 2006 09:56:33 -0000 +@@ -1329,6 +1329,8 @@ int do_DummyFunction( void ) + printf("Minimum: %d ms\n", min_time ); + printf("Maximum: %d ms\n", max_time ); + #endif ++ ++ return 0; + } + + +Index: testcases/threadmkobj/threadmkobj.c +=================================================================== +RCS file: /cvsroot/opencryptoki/opencryptoki/testcases/threadmkobj/threadmkobj.c,v +retrieving revision 1.5 +diff -p -u -r1.5 threadmkobj.c +--- testcases/threadmkobj/threadmkobj.c 17 Jun 2005 15:35:20 -0000 1.5 ++++ testcases/threadmkobj/threadmkobj.c 12 Jan 2006 09:56:33 -0000 +@@ -192,7 +192,7 @@ CK_BYTE true = TRUE; + + rc = funcs->C_Login( h_session, CKU_USER, user_pin, user_pin_len ); + +- ++ return rc; + } + + // do_create_token_object() +@@ -313,7 +313,7 @@ main( int argc, char **argv ) + if (strcmp(argv[i], "-h") == 0) { + printf("usage: %s [-slot ] [-h]\n\n", argv[0] ); + printf("By default, Slot #1 is used\n\n"); +- return; ++ return -1; + } + } + +@@ -321,7 +321,7 @@ main( int argc, char **argv ) + + rc = do_GetFunctionList(); + if (!rc) +- return; ++ return rc; + + funcs->C_Initialize( NULL ); + +@@ -339,6 +339,6 @@ main( int argc, char **argv ) + } + + rc = funcs->C_Finalize( NULL ); +- if (rc != CKR_OK) +- return; ++ ++ return rc; + } +Index: usr/lib/pkcs11/api/api_interface.c +=================================================================== +RCS file: /cvsroot/opencryptoki/opencryptoki/usr/lib/pkcs11/api/api_interface.c,v +retrieving revision 1.6 +diff -p -u -r1.6 api_interface.c +--- usr/lib/pkcs11/api/api_interface.c 12 Aug 2005 19:54:51 -0000 1.6 ++++ usr/lib/pkcs11/api/api_interface.c 12 Jan 2006 09:56:34 -0000 +@@ -297,7 +297,7 @@ + + #include + #include +- ++#include + #include + + #include +@@ -2555,13 +2555,13 @@ C_GetInfo ( CK_INFO_PTR pInfo ) + + shm = Anchor->SharedMemP; + +- bzero(pInfo, sizeof(*pInfo)); ++ memset(pInfo, 0, sizeof(*pInfo)); + + pInfo->cryptokiVersion = shm->ck_info.cryptokiVersion; + memset(pInfo->manufacturerID, '\0', 32); +- bcopy(&(shm->ck_info.manufacturerID),pInfo->manufacturerID,32); ++ memcpy(pInfo->manufacturerID,&(shm->ck_info.manufacturerID),32); + pInfo->flags = shm->ck_info.flags; +- bcopy(&(shm->ck_info.libraryDescription),pInfo->libraryDescription,32); ++ memcpy(pInfo->libraryDescription,&(shm->ck_info.libraryDescription),32); + pInfo->libraryVersion = shm->ck_info.libraryVersion; + + return CKR_OK; +@@ -2586,7 +2586,7 @@ C_GetInfo ( CK_INFO_PTR pInfo ) + } + + shm = Anchor->SharedMemP; +- bcopy(&(shm->ck_info),pInfo,sizeof(CK_INFO)); ++ memcpy(pInfo,&(shm->ck_info),sizeof(CK_INFO)); + + return CKR_OK; + } // end of C_GetInfo +@@ -2972,14 +2972,14 @@ C_GetSlotInfo ( CK_SLOT_ID slotID, + + #ifdef __64BIT__ + +- bcopy((char *)&(sinfp->pk_slot),pInfo,sizeof(CK_SLOT_INFO)); ++ memcpy(pInfo,(char *)&(sinfp->pk_slot),sizeof(CK_SLOT_INFO)); + + #else + +- bcopy((char *)&(sinfp->pk_slot.slotDescription[0]), +- (char *)&(pInfo->slotDescription[0]),64); +- bcopy((char *)&(sinfp->pk_slot.manufacturerID[0]), +- (char *)&(pInfo->manufacturerID[0]),32); ++ memcpy((char *)&(pInfo->slotDescription[0]), ++ (char *)&(sinfp->pk_slot.slotDescription[0]),64); ++ memcpy((char *)&(pInfo->manufacturerID[0]), ++ (char *)&(sinfp->pk_slot.manufacturerID[0]),32); + + pInfo->flags = sinfp->pk_slot.flags; + pInfo->hardwareVersion = sinfp->pk_slot.hardwareVersion; +@@ -3038,7 +3038,7 @@ C_GetSlotInfo ( CK_SLOT_ID slotID, + + //LOGIT(LOG_DEBUG," %32s ",sinfp->pk_slot.slotDescription); + //LOGIT(LOG_DEBUG," %32s ",sinfp->pk_slot.manufacturerID); +- bcopy((char *)&(sinfp->pk_slot),pInfo,sizeof(CK_SLOT_INFO)); ++ memcpy(pInfo,(char *)&(sinfp->pk_slot),sizeof(CK_SLOT_INFO)); + + return CKR_OK; + } // end of C_GetSlotInfo +@@ -3311,7 +3311,7 @@ C_Initialize ( CK_VOID_PTR pVoid ) + return CKR_CRYPTOKI_ALREADY_INITIALIZED; + } + +- bzero(slot_loaded,sizeof(int)*NUMBER_SLOTS_MANAGED); // Clear out the load list ++ memset(slot_loaded,0,sizeof(int)*NUMBER_SLOTS_MANAGED); // Clear out the load list + + + LOGIT(LOG_DEBUG,"Anchor allocated at %x",(char *)Anchor); +@@ -3424,7 +3424,7 @@ C_Initialize ( CK_VOID_PTR pVoid ) + //if ( Shared Memory Mapped not Successful ) + // Free allocated Memory + // Return CKR_HOST_MEMORY +- bzero((char *)Anchor,sizeof(API_Proc_Struct_t)); ++ memset((char *)Anchor,0,sizeof(API_Proc_Struct_t)); + pthread_mutex_init(&(Anchor->ProcMutex),NULL); // This is not shared across apps. + pthread_mutex_init(&(Anchor->SessListMutex),NULL); // This is not shared across apps. + pthread_mutex_init(&GlobMutex,NULL); +Index: usr/lib/pkcs11/api/apiproto.h +=================================================================== +RCS file: /cvsroot/opencryptoki/opencryptoki/usr/lib/pkcs11/api/apiproto.h,v +retrieving revision 1.1.1.1 +diff -p -u -r1.1.1.1 apiproto.h +--- usr/lib/pkcs11/api/apiproto.h 18 Jan 2005 16:09:00 -0000 1.1.1.1 ++++ usr/lib/pkcs11/api/apiproto.h 12 Jan 2006 09:56:34 -0000 +@@ -308,6 +308,13 @@ + void *attach_shared_memory(); + void detach_shared_memory(char *); + ++void loginit(); ++void logterm(); ++void st_err_log(int num, ...); ++ ++int Valid_Session(Session_Struct_t *, ST_SESSION_T *); ++void RemoveFromSessionList(Session_Struct_t *); ++int decr_sess_counts(CK_SLOT_ID); + + int API_Initialized(); + void Terminate_All_Process_Sessions(); +Index: usr/lib/pkcs11/api/apiutil.c +=================================================================== +RCS file: /cvsroot/opencryptoki/opencryptoki/usr/lib/pkcs11/api/apiutil.c,v +retrieving revision 1.5 +diff -p -u -r1.5 apiutil.c +--- usr/lib/pkcs11/api/apiutil.c 11 Oct 2005 19:04:23 -0000 1.5 ++++ usr/lib/pkcs11/api/apiutil.c 12 Jan 2006 09:56:34 -0000 +@@ -302,10 +302,13 @@ + + #include + #include ++#include + #include + #include + #include +- ++#include ++#include ++#include + #include + + #include "msg.h" //HACK +@@ -356,7 +359,7 @@ set_perm(int file) + #ifdef DEBUG + #define LOGIT logit + #else +-#define LOGIT ++#define LOGIT(x...) + #endif + + #define SYSLOG +@@ -654,6 +657,7 @@ incr_sess_counts(slotID) + + XProcUnLock(&(shm->slt_mutex)); + ++ return 0; + } + + int +@@ -687,7 +691,7 @@ decr_sess_counts(slotID) + + XProcUnLock(&(shm->slt_mutex)); + +- ++ return 0; + } + + // Check if any sessions from other applicaitons exist on this particular +@@ -863,9 +867,9 @@ API_Register() + } + + #ifdef PKCS64 +- bzero((char *)procp,sizeof(Slot_Mgr_Proc_t_64)); ++ memset((char *)procp,0,sizeof(Slot_Mgr_Proc_t_64)); + #else +- bzero((char *)procp,sizeof(Slot_Mgr_Proc_t)); ++ memset((char *)procp,0,sizeof(Slot_Mgr_Proc_t)); + #endif + procp->inuse = TRUE; + procp->proc_id = getpid(); +@@ -916,9 +920,9 @@ API_UnRegister() + procp = &(shm->proc_table[Anchor->MgrProcIndex]); + + #ifdef PKCS64 +- bzero((char *)procp,sizeof(Slot_Mgr_Proc_t_64)); ++ memset((char *)procp,0,sizeof(Slot_Mgr_Proc_t_64)); + #else +- bzero((char *)procp,sizeof(Slot_Mgr_Proc_t)); ++ memset((char *)procp,0,sizeof(Slot_Mgr_Proc_t)); + #endif + + Anchor->MgrProcIndex=0; +@@ -1070,6 +1074,7 @@ int DL_Unload(sltp) + sltp->pSTfini = NULL; + sltp->pSTcloseall = NULL; + ++ return TRUE; + } + + int +Index: usr/lib/pkcs11/bcom_stdll/bcom_specific.c +=================================================================== +RCS file: /cvsroot/opencryptoki/opencryptoki/usr/lib/pkcs11/bcom_stdll/bcom_specific.c,v +retrieving revision 1.2 +diff -p -u -r1.2 bcom_specific.c +--- usr/lib/pkcs11/bcom_stdll/bcom_specific.c 1 Sep 2005 22:57:04 -0000 1.2 ++++ usr/lib/pkcs11/bcom_stdll/bcom_specific.c 12 Jan 2006 09:56:37 -0000 +@@ -428,7 +428,7 @@ CK_RV build_swapped_attribute(CK_ATTRIBU + if (! swapped_data) { + return CKR_DEVICE_ERROR; + } +- bzero(swapped_data, data_len); ++ memset(swapped_data, 0, data_len); + real_data_len = data_len; + + pos = data_len -1; +@@ -483,10 +483,10 @@ int bcom_rsa_pub_new(BCOM_RSA_PUB_KEY_t + } + + rsa_pub->n = (U32_t *)malloc(MAX_PUBLIC_KEY_BYTES*sizeof(unsigned char)); +- bzero(rsa_pub->n, MAX_PUBLIC_KEY_BYTES); ++ memset(rsa_pub->n, 0, MAX_PUBLIC_KEY_BYTES); + rsa_pub->n_len = 0; + rsa_pub->e = (U32_t *)malloc(MAX_PUBLIC_KEY_BYTES*sizeof(unsigned char)); +- bzero(rsa_pub->e, MAX_PUBLIC_KEY_BYTES); ++ memset(rsa_pub->e, 0, MAX_PUBLIC_KEY_BYTES); + rsa_pub->e_len = 0; + + if (! (rsa_pub->n && rsa_pub->e)) { +@@ -578,24 +578,24 @@ int bcom_rsa_crt_new(BCOM_RSA_CRT_KEY_t + } + + rsa_priv->n = (U32_t *)malloc(MAX_PUBLIC_KEY_BYTES); +- bzero(rsa_priv->n, MAX_PUBLIC_KEY_BYTES); ++ memset(rsa_priv->n, 0, MAX_PUBLIC_KEY_BYTES); + rsa_priv->d = (U32_t *)malloc(MAX_PUBLIC_KEY_BYTES); +- bzero(rsa_priv->d, MAX_PUBLIC_KEY_BYTES); ++ memset(rsa_priv->d, 0, MAX_PUBLIC_KEY_BYTES); + rsa_priv->d_len = 0; + rsa_priv->p = (U32_t *)malloc(MAX_PUBLIC_KEY_BYTES); +- bzero(rsa_priv->p, MAX_PUBLIC_KEY_BYTES); ++ memset(rsa_priv->p, 0, MAX_PUBLIC_KEY_BYTES); + rsa_priv->p_len = 0; + rsa_priv->q = (U32_t *)malloc(MAX_PUBLIC_KEY_BYTES); +- bzero(rsa_priv->q, MAX_PUBLIC_KEY_BYTES); ++ memset(rsa_priv->q, 0, MAX_PUBLIC_KEY_BYTES); + rsa_priv->q_len = 0; + rsa_priv->dp = (U32_t *)malloc(MAX_PUBLIC_KEY_BYTES); +- bzero(rsa_priv->dp, MAX_PUBLIC_KEY_BYTES); ++ memset(rsa_priv->dp, 0, MAX_PUBLIC_KEY_BYTES); + rsa_priv->dp_len = 0; + rsa_priv->dq = (U32_t *)malloc(MAX_PUBLIC_KEY_BYTES); +- bzero(rsa_priv->dq, MAX_PUBLIC_KEY_BYTES); ++ memset(rsa_priv->dq, 0, MAX_PUBLIC_KEY_BYTES); + rsa_priv->dq_len = 0; + rsa_priv->pinv = (U32_t *)malloc(MAX_PUBLIC_KEY_BYTES); +- bzero(rsa_priv->pinv, MAX_PUBLIC_KEY_BYTES); ++ memset(rsa_priv->pinv, 0, MAX_PUBLIC_KEY_BYTES); + rsa_priv->pinv_len = 0; + + if (! (rsa_priv->p && rsa_priv->q && rsa_priv->dp && rsa_priv->dq && rsa_priv->pinv)) { +Index: usr/lib/pkcs11/common/loadsave.c +=================================================================== +RCS file: /cvsroot/opencryptoki/opencryptoki/usr/lib/pkcs11/common/loadsave.c,v +retrieving revision 1.4 +diff -p -u -r1.4 loadsave.c +--- usr/lib/pkcs11/common/loadsave.c 14 Dec 2005 19:14:16 -0000 1.4 ++++ usr/lib/pkcs11/common/loadsave.c 12 Jan 2006 09:56:37 -0000 +@@ -303,6 +303,8 @@ + #include + #include + #include ++#include ++#include + #include + + #include +@@ -331,9 +333,11 @@ load_token_data() + FILE * fp; + CK_BYTE fname[2048]; + TOKEN_DATA td; ++#if 0 + CK_BYTE clear[3 * DES_BLOCK_SIZE]; // enough to hold a CBC-encrypted SHA hash + CK_BYTE cipher[3 * DES_BLOCK_SIZE]; + CK_ULONG clear_len, cipher_len; ++#endif + CK_RV rc; + struct passwd *pw = NULL; + +@@ -392,6 +396,7 @@ load_token_data() + goto out_unlock; + } + ++#if 0 + // memcpy( cipher, &td.user_pin_sha, 3*DES_BLOCK_SIZE ); + // clear_len = cipher_len = 3 * DES_BLOCK_SIZE; + // rc = ckm_des3_cbc_decrypt( cipher, cipher_len, clear, &clear_len, "12345678", master_key ); +@@ -407,6 +412,7 @@ load_token_data() + // return CKR_FUNCTION_FAILED; + // + // memcpy( &td.so_pin_sha, clear, clear_len ); ++#endif + + memcpy( nv_token_data, &td, sizeof(TOKEN_DATA) ); + +@@ -427,9 +433,11 @@ save_token_data() + { + FILE *fp; + TOKEN_DATA td; ++#if 0 + CK_BYTE clear[3 * DES_BLOCK_SIZE]; + CK_BYTE cipher[3 * DES_BLOCK_SIZE]; + CK_ULONG clear_len, cipher_len; ++#endif + CK_RV rc; + CK_BYTE fname[2048]; + struct passwd *pw = NULL; +@@ -477,7 +485,7 @@ save_token_data() + // + // memcpy( td.so_pin_sha, cipher, 3*DES_BLOCK_SIZE ); + +- fwrite( &td, sizeof(TOKEN_DATA), 1, fp ); ++ (void)fwrite( &td, sizeof(TOKEN_DATA), 1, fp ); + fclose(fp); + + rc = CKR_OK; +@@ -526,7 +534,7 @@ save_token_object( OBJECT *obj ) + if (fp) { + set_perm(fileno(fp)); + while (!feof(fp)) { +- fgets((char *)line, 50, fp ); ++ (void)fgets((char *)line, 50, fp ); + if (!feof(fp)) { + line[ strlen((char *)line)-1 ] = 0; + if (strcmp((char *)line,(char *)( obj->name)) == 0) { +@@ -600,9 +608,9 @@ save_public_token_object( OBJECT *obj ) + + total_len = cleartxt_len + sizeof(CK_ULONG_32) + sizeof(CK_BBOOL); + +- fwrite( &total_len, sizeof(CK_ULONG_32), 1, fp ); +- fwrite( &flag, sizeof(CK_BBOOL), 1, fp ); +- fwrite( cleartxt, cleartxt_len, 1, fp ); ++ (void)fwrite( &total_len, sizeof(CK_ULONG_32), 1, fp ); ++ (void)fwrite( &flag, sizeof(CK_BBOOL), 1, fp ); ++ (void)fwrite( cleartxt, cleartxt_len, 1, fp ); + + fclose( fp ); + free( cleartxt ); +@@ -628,9 +636,8 @@ save_private_token_object( OBJECT *obj ) + CK_BYTE * ptr = NULL; + CK_BYTE fname[100]; + CK_BYTE hash_sha[SHA1_HASH_SIZE]; +- CK_BYTE hash_md5[MD5_HASH_SIZE]; + CK_BYTE des3_key[3 * DES_KEY_SIZE]; +- CK_ULONG obj_data_len,cleartxt_len, ciphertxt_len, hash_len, tmp, tmp2; ++ CK_ULONG obj_data_len,cleartxt_len, ciphertxt_len; + CK_ULONG padded_len; + CK_BBOOL flag; + CK_RV rc; +@@ -704,7 +711,7 @@ save_private_token_object( OBJECT *obj ) + + initial_vector = (CK_BYTE *)alloca(strlen("10293847")+5); + if (initial_vector) { +- bcopy("10293847",initial_vector,strlen("10293847")); ++ memcpy(initial_vector,"10293847",strlen("10293847")); + rc = ckm_des3_cbc_encrypt( cleartxt, padded_len, + ciphertxt, &ciphertxt_len, + initial_vector, (char *) des3_key ); +@@ -714,7 +721,7 @@ save_private_token_object( OBJECT *obj ) + + } + #else +- bcopy(cleartxt,ciphertxt,padded_len); ++ memcpy(ciphertxt,cleartxt,padded_len); + rc = CKR_OK; + #endif + if (rc != CKR_OK){ +@@ -738,9 +745,9 @@ save_private_token_object( OBJECT *obj ) + + flag = TRUE; + +- fwrite( &total_len, sizeof(CK_ULONG_32), 1, fp ); +- fwrite( &flag, sizeof(CK_BBOOL), 1, fp ); +- fwrite( ciphertxt, ciphertxt_len, 1, fp ); ++ (void)fwrite( &total_len, sizeof(CK_ULONG_32), 1, fp ); ++ (void)fwrite( &flag, sizeof(CK_BBOOL), 1, fp ); ++ (void)fwrite( ciphertxt, ciphertxt_len, 1, fp ); + + fclose( fp ); + +@@ -786,7 +793,7 @@ load_public_token_objects( void ) + return CKR_OK; // no token objects + + while (!feof(fp1)) { +- fgets( (char *)tmp, 50, fp1 ); ++ (void)fgets( (char *)tmp, 50, fp1 ); + if (!feof(fp1)) { + tmp[ strlen((char *)tmp)-1 ] = 0; + +@@ -798,8 +805,8 @@ load_public_token_objects( void ) + if (!fp2) + continue; + +- fread( &size, sizeof(CK_ULONG_32), 1, fp2 ); +- fread( &priv, sizeof(CK_BBOOL), 1, fp2 ); ++ (void)fread( &size, sizeof(CK_ULONG_32), 1, fp2 ); ++ (void)fread( &priv, sizeof(CK_BBOOL), 1, fp2 ); + if (priv == TRUE) { + fclose( fp2 ); + continue; +@@ -815,7 +822,7 @@ load_public_token_objects( void ) + return CKR_HOST_MEMORY; + } + +- fread( buf, size, 1, fp2 ); ++ (void)fread( buf, size, 1, fp2 ); + + // ... grab object mutex here. + MY_LockMutex(&obj_list_mutex); +@@ -839,7 +846,6 @@ load_private_token_objects( void ) + FILE *fp1 = NULL, *fp2 = NULL; + CK_BYTE *buf = NULL; + CK_BYTE tmp[2048], fname[2048],iname[2048]; +- CK_BYTE sha_hash[SHA1_HASH_SIZE], old_hash[SHA1_HASH_SIZE]; + CK_BBOOL priv; + CK_ULONG_32 size; + CK_RV rc; +@@ -859,7 +865,7 @@ load_private_token_objects( void ) + return CKR_OK; // no token objects + + while (!feof(fp1)) { +- fgets((char *) tmp, 50, fp1 ); ++ (void)fgets((char *) tmp, 50, fp1 ); + if (!feof(fp1)) { + tmp[ strlen((char *)tmp)-1 ] = 0; + +@@ -871,8 +877,8 @@ load_private_token_objects( void ) + if (!fp2) + continue; + +- fread( &size, sizeof(CK_ULONG_32), 1, fp2 ); +- fread( &priv, sizeof(CK_BBOOL), 1, fp2 ); ++ (void)fread( &size, sizeof(CK_ULONG_32), 1, fp2 ); ++ (void)fread( &priv, sizeof(CK_BBOOL), 1, fp2 ); + if (priv == FALSE) { + fclose( fp2 ); + continue; +@@ -932,10 +938,7 @@ restore_private_token_object( CK_BYTE * + CK_BYTE * ptr = NULL; + CK_BYTE des3_key[3 * DES_KEY_SIZE]; + CK_BYTE hash_sha[SHA1_HASH_SIZE]; +- CK_MECHANISM mech; +- DIGEST_CONTEXT digest_ctx; +- ENCR_DECR_CONTEXT encr_ctx; +- CK_ULONG hash_len, cleartxt_len, obj_data_len; ++ CK_ULONG cleartxt_len, obj_data_len; + CK_RV rc; + + // format for the object data: +@@ -968,7 +971,7 @@ restore_private_token_object( CK_BYTE * + + initial_vector = (CK_BYTE *)alloca(strlen("10293847")+5); + if (initial_vector) { +- bcopy("10293847",initial_vector,strlen("10293847")); ++ memcpy(initial_vector,"10293847",strlen("10293847")); + rc = ckm_des3_cbc_decrypt( ciphertxt, len, + cleartxt, &len, + initial_vector, (char *) des3_key ); +@@ -984,7 +987,7 @@ restore_private_token_object( CK_BYTE * + "10293847", des3_key ); + #endif + #else +- bcopy(ciphertxt,cleartxt,len); ++ memcpy(cleartxt,ciphertxt,len); + rc = CKR_OK; + #endif + +@@ -1098,7 +1101,7 @@ load_masterkey_so( void ) + + initial_vector = (CK_BYTE *)alloca(strlen("12345678")+5); + if (initial_vector) { +- bcopy("12345678",initial_vector,strlen("12345678")); ++ memcpy(initial_vector,"12345678",strlen("12345678")); + rc = ckm_des3_cbc_decrypt( cipher, cipher_len, + clear, &clear_len, + initial_vector, (char *) des3_key ); +@@ -1112,7 +1115,7 @@ load_masterkey_so( void ) + rc = ckm_des3_cbc_decrypt( cipher, cipher_len, clear, &clear_len, "12345678", des3_key ); + #endif + #else +- bcopy(cipher,clear,cipher_len); ++ memcpy(clear,cipher,cipher_len); + rc = CKR_OK; + #endif + +@@ -1208,7 +1211,7 @@ load_masterkey_user( void ) + + initial_vector = (CK_BYTE *)alloca(strlen("12345678")+5); + if (initial_vector) { +- bcopy("12345678",initial_vector,strlen("12345678")); ++ memcpy(initial_vector,"12345678",strlen("12345678")); + rc = ckm_des3_cbc_decrypt( cipher, cipher_len, + clear, &clear_len, + initial_vector, (char *) des3_key ); +@@ -1221,7 +1224,7 @@ load_masterkey_user( void ) + rc = ckm_des3_cbc_decrypt( cipher, cipher_len, clear, &clear_len, "12345678", des3_key ); + #endif + #else +- bcopy(cipher,clear,cipher_len); ++ memcpy(clear,cipher,cipher_len); + rc = CKR_OK; + #endif + +@@ -1300,7 +1303,7 @@ save_masterkey_so( void ) + + initial_vector = (CK_BYTE *)alloca(strlen("12345678")); + if (initial_vector) { +- bcopy("12345678",initial_vector,strlen("12345678")); ++ memcpy(initial_vector,"12345678",strlen("12345678")); + rc = ckm_des3_cbc_encrypt( cleartxt, padded_len, + ciphertxt, &ciphertxt_len, + initial_vector, (char *) des3_key ); +@@ -1313,7 +1316,7 @@ save_masterkey_so( void ) + rc = ckm_des3_cbc_encrypt( cleartxt, padded_len, ciphertxt, &ciphertxt_len, "12345678", des3_key ); + #endif + #else +- bcopy(cleartxt,ciphertxt,padded_len); ++ memcpy(ciphertxt,cleartxt,padded_len); + rc = CKR_OK; + #endif + +@@ -1396,7 +1399,7 @@ save_masterkey_user( void ) + + initial_vector = (CK_BYTE *)alloca(strlen("12345678")+5); + if (initial_vector) { +- bcopy("12345678",initial_vector,strlen("12345678")); ++ memcpy(initial_vector,"12345678",strlen("12345678")); + rc = ckm_des3_cbc_encrypt( cleartxt, padded_len, + ciphertxt, &ciphertxt_len, + initial_vector, (char *) des3_key ); +@@ -1409,7 +1412,7 @@ save_masterkey_user( void ) + rc = ckm_des3_cbc_encrypt( cleartxt, padded_len, ciphertxt, &ciphertxt_len, "12345678", des3_key ); + #endif + #else +- bcopy(cleartxt,ciphertxt,padded_len); ++ memcpy(ciphertxt,cleartxt,padded_len); + rc = CKR_OK; + #endif + +@@ -1563,7 +1566,7 @@ delete_token_object( OBJECT *obj ) + set_perm(fileno(fp2)); + + while (!feof(fp1)) { +- fgets((char *)line, 50, fp1 ); ++ (void)fgets((char *)line, 50, fp1 ); + if (!feof(fp1)) { + line[ strlen((char *)line)-1 ] = 0; + if (strcmp((char *)line, (char *)obj->name) == 0) +@@ -1589,7 +1592,7 @@ delete_token_object( OBJECT *obj ) + set_perm(fileno(fp2)); + + while (!feof(fp1)) { +- fgets((char *)line, 50, fp1 ); ++ (void)fgets((char *)line, 50, fp1 ); + if (!feof(fp1)) + fprintf( fp2, "%s",(char *) line ); + } +Index: usr/lib/pkcs11/common/mech_list.c +=================================================================== +RCS file: /cvsroot/opencryptoki/opencryptoki/usr/lib/pkcs11/common/mech_list.c,v +retrieving revision 1.2 +diff -p -u -r1.2 mech_list.c +--- usr/lib/pkcs11/common/mech_list.c 1 Sep 2005 22:57:04 -0000 1.2 ++++ usr/lib/pkcs11/common/mech_list.c 12 Jan 2006 09:56:37 -0000 +@@ -288,6 +288,8 @@ + + /* COPYRIGHT (c) International Business Machines Corp. 2005 */ + ++#include ++#include + #include "pkcs11types.h" + #include "defs.h" + #include "host_defs.h" +Index: usr/lib/pkcs11/common/mech_ssl3.c +=================================================================== +RCS file: /cvsroot/opencryptoki/opencryptoki/usr/lib/pkcs11/common/mech_ssl3.c,v +retrieving revision 1.2 +diff -p -u -r1.2 mech_ssl3.c +--- usr/lib/pkcs11/common/mech_ssl3.c 24 Feb 2005 21:35:09 -0000 1.2 ++++ usr/lib/pkcs11/common/mech_ssl3.c 12 Jan 2006 09:56:37 -0000 +@@ -1486,7 +1486,7 @@ ssl3_key_and_mac_derive( SESSION + CK_BYTE key_block[(16*26) + (4*16)]; + CK_ULONG i, key_material_loop_count; + CK_ULONG iv_len, MAC_len, write_len; +- CK_RV rc; ++ CK_RV rc = CKR_OK; + + CK_BYTE * base_key_value = NULL; + CK_BBOOL base_sensitive; +@@ -2000,7 +2000,7 @@ ssl3_kmd_process_write_keys( SESSION + CK_ULONG i, cnt; + CK_ULONG true_vals[] = { CKA_ENCRYPT, CKA_DECRYPT, CKA_DERIVE }; + CK_ULONG false_vals[] = { CKA_SIGN, CKA_VERIFY, CKA_WRAP, CKA_UNWRAP }; +- CK_RV rc; ++ CK_RV rc = CKR_HOST_MEMORY; + + // for the write keys, we want the following default values: + // CKA_ENCRYPT, CKA_DECRYPT, CKA_DERIVE = TRUE +@@ -2027,7 +2027,6 @@ ssl3_kmd_process_write_keys( SESSION + attr->ulValueLen = sizeof(CK_BBOOL); + attr->pValue = (CK_BBOOL *)malloc(sizeof(CK_BBOOL)); + if (!attr->pValue) { +- rc = CKR_HOST_MEMORY; + st_err_log(0, __FILE__, __LINE__); + goto error; + } +@@ -2039,7 +2038,6 @@ ssl3_kmd_process_write_keys( SESSION + attr->ulValueLen = sizeof(CK_BBOOL); + attr->pValue = (CK_BBOOL *)malloc(sizeof(CK_BBOOL)); + if (!attr->pValue) { +- rc = CKR_HOST_MEMORY; + st_err_log(0, __FILE__, __LINE__); + goto error; + } +@@ -2055,7 +2053,6 @@ ssl3_kmd_process_write_keys( SESSION + attr->ulValueLen = pTemplate[i].ulValueLen; + attr->pValue = (char *)malloc(attr->ulValueLen); + if (!attr->pValue) { +- rc = CKR_HOST_MEMORY; + st_err_log(0, __FILE__, __LINE__); + goto error; + } +Index: usr/lib/pkcs11/common/new_host.c +=================================================================== +RCS file: /cvsroot/opencryptoki/opencryptoki/usr/lib/pkcs11/common/new_host.c,v +retrieving revision 1.15 +diff -p -u -r1.15 new_host.c +--- usr/lib/pkcs11/common/new_host.c 1 Sep 2005 22:57:04 -0000 1.15 ++++ usr/lib/pkcs11/common/new_host.c 12 Jan 2006 09:56:37 -0000 +@@ -310,6 +310,7 @@ + #include + #include + #include ++#include + + #include "pkcs11types.h" + #include "stdll.h" +@@ -532,11 +533,11 @@ init_data_store(char *directory) + char *pkdir; + if ( (pkdir = getenv("PKCS_APP_STORE")) != NULL){ + pk_dir = (char *) malloc(strlen(pkdir)+1024); +- bzero(pk_dir,strlen(pkdir)+1024); ++ memset(pk_dir,0,strlen(pkdir)+1024); + sprintf(pk_dir,"%s/%s",pkdir,SUB_DIR); + } else { + pk_dir = (char *)malloc(strlen(directory)+25); +- bzero(pk_dir,strlen(directory)+25); ++ memset(pk_dir,0,strlen(directory)+25); + sprintf(pk_dir,"%s",directory); + + } +Index: usr/lib/pkcs11/common/obj_mgr.c +=================================================================== +RCS file: /cvsroot/opencryptoki/opencryptoki/usr/lib/pkcs11/common/obj_mgr.c,v +retrieving revision 1.11 +diff -p -u -r1.11 obj_mgr.c +--- usr/lib/pkcs11/common/obj_mgr.c 12 Dec 2005 17:44:37 -0000 1.11 ++++ usr/lib/pkcs11/common/obj_mgr.c 12 Jan 2006 09:56:38 -0000 +@@ -2217,17 +2217,17 @@ object_mgr_del_from_shm( OBJECT *obj ) + + if (count > 0) { // If we are not deleting the last element in the list + // Move up count number of elements effectively deleting the index +- bcopy((char *)&global_shm->priv_tok_objs[index+1], +- (char *)&global_shm->priv_tok_objs[index], ++ memcpy((char *)&global_shm->priv_tok_objs[index], ++ (char *)&global_shm->priv_tok_objs[index+1], + sizeof(TOK_OBJ_ENTRY) * count ); + // We need to zero out the last entry... Since the memcopy + // does not zero it out... +- bzero((char *)&global_shm->priv_tok_objs[global_shm->num_priv_tok_obj+1], +- sizeof(TOK_OBJ_ENTRY)); ++ memset((char *)&global_shm->priv_tok_objs[global_shm->num_priv_tok_obj+1], ++ 0,sizeof(TOK_OBJ_ENTRY)); + } + else { // We are deleting the last element which is in num_priv_tok_obj +- bzero((char *)&global_shm->priv_tok_objs[global_shm->num_priv_tok_obj], +- sizeof(TOK_OBJ_ENTRY)); ++ memset((char *)&global_shm->priv_tok_objs[global_shm->num_priv_tok_obj], ++ 0,sizeof(TOK_OBJ_ENTRY)); + } + } + else { +@@ -2252,17 +2252,17 @@ object_mgr_del_from_shm( OBJECT *obj ) + #endif + + if (count > 0) { +- bcopy((char *)&global_shm->publ_tok_objs[index+1], +- (char *)&global_shm->publ_tok_objs[index], ++ memcpy((char *)&global_shm->publ_tok_objs[index], ++ (char *)&global_shm->publ_tok_objs[index+1], + sizeof(TOK_OBJ_ENTRY) * count); + // We need to zero out the last entry... Since the memcopy + // does not zero it out... +- bzero((char *)&global_shm->publ_tok_objs[global_shm->num_publ_tok_obj+1], +- sizeof(TOK_OBJ_ENTRY)); ++ memset((char *)&global_shm->publ_tok_objs[global_shm->num_publ_tok_obj+1], ++ 0,sizeof(TOK_OBJ_ENTRY)); + } + else { +- bzero((char *)&global_shm->publ_tok_objs[global_shm->num_publ_tok_obj], +- sizeof(TOK_OBJ_ENTRY)); ++ memset((char *)&global_shm->publ_tok_objs[global_shm->num_publ_tok_obj], ++ 0,sizeof(TOK_OBJ_ENTRY)); + } + } + +@@ -2439,6 +2439,8 @@ object_mgr_update_from_shm( void ) + { + object_mgr_update_publ_tok_obj_from_shm(); + object_mgr_update_priv_tok_obj_from_shm(); ++ ++ return CKR_OK; + } + + +Index: usr/lib/pkcs11/common/sess_mgr.c +=================================================================== +RCS file: /cvsroot/opencryptoki/opencryptoki/usr/lib/pkcs11/common/sess_mgr.c,v +retrieving revision 1.3 +diff -p -u -r1.3 sess_mgr.c +--- usr/lib/pkcs11/common/sess_mgr.c 10 May 2005 18:51:59 -0000 1.3 ++++ usr/lib/pkcs11/common/sess_mgr.c 12 Jan 2006 09:56:38 -0000 +@@ -874,7 +874,7 @@ session_mgr_get_op_state( SESSION *ses + CK_ULONG *data_len ) + { + OP_STATE_DATA *op_data = NULL; +- CK_ULONG op_data_len; ++ CK_ULONG op_data_len = 0; + CK_ULONG offset; + + if (!sess){ +Index: usr/lib/pkcs11/common/template.c +=================================================================== +RCS file: /cvsroot/opencryptoki/opencryptoki/usr/lib/pkcs11/common/template.c,v +retrieving revision 1.2 +diff -p -u -r1.2 template.c +--- usr/lib/pkcs11/common/template.c 24 Feb 2005 21:35:10 -0000 1.2 ++++ usr/lib/pkcs11/common/template.c 12 Jan 2006 09:56:38 -0000 +@@ -868,7 +868,7 @@ template_flatten( TEMPLATE * tmpl, + DL_NODE * node = NULL; + CK_BYTE * ptr = NULL; + CK_ULONG_32 long_len; +- CK_ATTRIBUTE_32 *attr_32; ++ CK_ATTRIBUTE_32 *attr_32 = NULL; + CK_ULONG Val; + CK_ULONG_32 Val_32; + CK_ULONG * pVal; +@@ -929,7 +929,7 @@ template_flatten( TEMPLATE * tmpl, + node = node->next; + } + +- if (long_len != 4) ++ if (attr_32) + free(attr_32); + + return CKR_OK; +Index: usr/lib/pkcs11/common/utility.c +=================================================================== +RCS file: /cvsroot/opencryptoki/opencryptoki/usr/lib/pkcs11/common/utility.c,v +retrieving revision 1.6 +diff -p -u -r1.6 utility.c +--- usr/lib/pkcs11/common/utility.c 12 Aug 2005 15:54:31 -0000 1.6 ++++ usr/lib/pkcs11/common/utility.c 12 Jan 2006 09:56:38 -0000 +@@ -299,7 +299,7 @@ + #include + #include + #include +- ++#include + + #include "pkcs11types.h" + #include "defs.h" +Index: usr/lib/pkcs11/ica_s390_stdll/ica_specific.c +=================================================================== +RCS file: /cvsroot/opencryptoki/opencryptoki/usr/lib/pkcs11/ica_s390_stdll/ica_specific.c,v +retrieving revision 1.6 +diff -p -u -r1.6 ica_specific.c +--- usr/lib/pkcs11/ica_s390_stdll/ica_specific.c 4 Jan 2006 15:05:50 -0000 1.6 ++++ usr/lib/pkcs11/ica_s390_stdll/ica_specific.c 12 Jan 2006 09:56:38 -0000 +@@ -292,6 +292,7 @@ + + #include + #include // for memcmp() et al ++#include + #include + + #ifndef NOAES +@@ -439,7 +440,7 @@ token_specific_des_ecb(CK_BYTE * in_data + unsigned int temp = 0; + temp = (unsigned int) *out_data_len; + +- bzero(&empty_iv,sizeof(empty_iv)); ++ memset(&empty_iv,0,sizeof(empty_iv)); + if ( encrypt) { + rc = icaDesEncrypt(adapter_handle, MODE_DES_ECB, (unsigned int)in_data_len, in_data, + &empty_iv, (ICA_KEY_DES_SINGLE *)key_value, +@@ -515,7 +516,7 @@ token_specific_tdes_ecb(CK_BYTE * in_dat + unsigned int temp; + temp = (unsigned int) *out_data_len; + +- bzero(&empty_iv,sizeof(empty_iv)); ++ memset(&empty_iv,0,sizeof(empty_iv)); + if ( encrypt) { + rc = icaTDesEncrypt(adapter_handle, MODE_DES_ECB, (unsigned int)in_data_len, in_data, + &empty_iv, +@@ -1127,7 +1128,7 @@ rsa_convert_public_key( OBJECT * key_ + if (publKey == NULL) { + return NULL; + } +- bzero(publKey, sizeof(ICA_KEY_RSA_MODEXPO)); ++ memset(publKey, 0, sizeof(ICA_KEY_RSA_MODEXPO)); + + // Currently using definition of ICA_KEY_RSA_MODEXPO in NT spec v1.12 + +@@ -1142,9 +1143,9 @@ rsa_convert_public_key( OBJECT * key_ + + pkey = (CK_BYTE_PTR) publKey->keyRecord; + pkey += modulus->ulValueLen - pub_exp->ulValueLen; +- bcopy(pub_exp->pValue, pkey, pub_exp->ulValueLen); ++ memcpy(pkey, pub_exp->pValue, pub_exp->ulValueLen); + pkey += pub_exp->ulValueLen; +- bcopy(modulus->pValue, pkey, modulus->ulValueLen); ++ memcpy(pkey, modulus->pValue, modulus->ulValueLen); + return publKey; + + } +@@ -1186,7 +1187,7 @@ rsa_convert_private_key(OBJECT *key_obj) + if (privKey == NULL) { + return NULL; + } +- bzero(privKey, sizeof(ICA_KEY_RSA_CRT)); ++ memset(privKey, 0, sizeof(ICA_KEY_RSA_CRT)); + + // Currently using definition of ICA_KEY_RSA_CRT in NT spec v1.12 + // (with nLength and nOffset removed per BEF's e-mail) +@@ -1210,19 +1211,19 @@ rsa_convert_private_key(OBJECT *key_obj) + privKey->qInvOffset = offset + qSize; + pkey = (CK_BYTE_PTR) privKey->keyRecord; + pkey += pSize - exp1->ulValueLen; +- bcopy(exp1->pValue, pkey, exp1->ulValueLen); ++ memcpy(pkey, exp1->pValue, exp1->ulValueLen); + // pkey += exp1->ulValueLen + qSize - exp2->ulValueLen; + pkey += exp1->ulValueLen; +- bcopy(exp2->pValue, pkey, exp2->ulValueLen); ++ memcpy(pkey, exp2->pValue, exp2->ulValueLen); + // pkey += exp2->ulValueLen + pSize - prime1->ulValueLen; + pkey += qSize + pSize - prime1->ulValueLen; +- bcopy(prime1->pValue, pkey, prime1->ulValueLen); ++ memcpy(pkey, prime1->pValue, prime1->ulValueLen); + // pkey += prime1->ulValueLen + qSize - prime2->ulValueLen; + pkey += prime1->ulValueLen; +- bcopy(prime2->pValue, pkey, prime2->ulValueLen); ++ memcpy(pkey, prime2->pValue, prime2->ulValueLen); + // pkey += prime2->ulValueLen + pSize - coeff->ulValueLen; + pkey += qSize + pSize - coeff->ulValueLen; +- bcopy(coeff->pValue, pkey, coeff->ulValueLen); ++ memcpy(pkey, coeff->pValue, coeff->ulValueLen); + return privKey; + // hex_dump_to_file("PRIVATEKEY",(char *)privKey,sizeof(ICA_KEY_RSA_CRT)); + } else { // must be a non-CRT key +@@ -1233,7 +1234,7 @@ rsa_convert_private_key(OBJECT *key_obj) + if (privModKey == NULL) { + return NULL; + } +- bzero(privModKey, sizeof(ICA_KEY_RSA_MODEXPO)); ++ memset(privModKey, 0, sizeof(ICA_KEY_RSA_MODEXPO)); + + // Currently using definition of ICA_KEY_RSA_MODEXPO in NT spec v1.12 + +@@ -1249,9 +1250,9 @@ rsa_convert_private_key(OBJECT *key_obj) + + pkey = (CK_BYTE_PTR) privModKey->keyRecord; + pkey += modulus->ulValueLen - priv_exp->ulValueLen; +- bcopy(priv_exp->pValue, pkey, priv_exp->ulValueLen); ++ memcpy(pkey, priv_exp->pValue, priv_exp->ulValueLen); + pkey += priv_exp->ulValueLen; +- bcopy(modulus->pValue, pkey, modulus->ulValueLen); ++ memcpy(pkey, modulus->pValue, modulus->ulValueLen); + + return privModKey; + } +Index: usr/lib/pkcs11/ica_stdll/ica_specific.c +=================================================================== +RCS file: /cvsroot/opencryptoki/opencryptoki/usr/lib/pkcs11/ica_stdll/ica_specific.c,v +retrieving revision 1.7 +diff -p -u -r1.7 ica_specific.c +--- usr/lib/pkcs11/ica_stdll/ica_specific.c 1 Sep 2005 22:57:05 -0000 1.7 ++++ usr/lib/pkcs11/ica_stdll/ica_specific.c 12 Jan 2006 09:56:39 -0000 +@@ -291,6 +291,7 @@ + + #include + #include // for memcmp() et al ++#include + #include + + #ifndef NOAES +@@ -438,7 +439,7 @@ token_specific_des_ecb(CK_BYTE * in_data + CK_RV rc; + unsigned int _out_data_len = *out_data_len; + +- bzero(&empty_iv,sizeof(empty_iv)); ++ memset(&empty_iv,0,sizeof(empty_iv)); + if ( encrypt) { + rc = icaDesEncrypt(adapter_handle, (unsigned int)MODE_DES_ECB, (unsigned int)in_data_len, in_data, + &empty_iv, (ICA_KEY_DES_SINGLE *)key_value, +@@ -513,7 +514,7 @@ token_specific_tdes_ecb(CK_BYTE * in_dat + unsigned int _out_data_len = *out_data_len; + + +- bzero(&empty_iv,sizeof(empty_iv)); ++ memset(&empty_iv,0,sizeof(empty_iv)); + if ( encrypt) { + rc = icaTDesEncrypt(adapter_handle, (unsigned int)MODE_DES_ECB, + (unsigned int)in_data_len, in_data, +@@ -617,7 +618,7 @@ rsa_convert_public_key( OBJECT * key_ + if (publKey == NULL) { + return NULL; + } +- bzero(publKey, sizeof(ICA_KEY_RSA_MODEXPO)); ++ memset(publKey, 0, sizeof(ICA_KEY_RSA_MODEXPO)); + + // Currently using definition of ICA_KEY_RSA_MODEXPO in NT spec v1.12 + +@@ -676,7 +677,7 @@ rsa_convert_private_key(OBJECT *key_obj) + if (privKey == NULL) { + return NULL; + } +- bzero(privKey, sizeof(ICA_KEY_RSA_CRT)); ++ memset(privKey, 0, sizeof(ICA_KEY_RSA_CRT)); + + // Currently using definition of ICA_KEY_RSA_CRT in NT spec v1.12 + // (with nLength and nOffset removed per BEF's e-mail) +@@ -723,7 +724,7 @@ rsa_convert_private_key(OBJECT *key_obj) + if (privModKey == NULL) { + return NULL; + } +- bzero(privModKey, sizeof(ICA_KEY_RSA_MODEXPO)); ++ memset(privModKey, 0, sizeof(ICA_KEY_RSA_MODEXPO)); + + // Currently using definition of ICA_KEY_RSA_MODEXPO in NT spec v1.12 + +Index: usr/lib/pkcs11/leeds_stdll/host_api.c +=================================================================== +RCS file: /cvsroot/opencryptoki/opencryptoki/usr/lib/pkcs11/leeds_stdll/host_api.c,v +retrieving revision 1.4 +diff -p -u -r1.4 host_api.c +--- usr/lib/pkcs11/leeds_stdll/host_api.c 3 Nov 2005 19:38:00 -0000 1.4 ++++ usr/lib/pkcs11/leeds_stdll/host_api.c 12 Jan 2006 09:56:42 -0000 +@@ -838,7 +838,7 @@ copy_attribute_value(void *source, void + + break; + default: +- bcopy(source,dest,attr->ulValueLen); ++ memcpy(dest,source,attr->ulValueLen); + break; + } + +@@ -874,10 +874,10 @@ ModifyAttribute(type,val) + #ifdef PKCS64 + tval = HTOCL((CK_ULONG_32)*val); + *val = tval; +- // bcopy(&tval,val,sizeof(CK_ULONG_32)); ++ // memcpy(val,&tval,sizeof(CK_ULONG_32)); + #else + tval = HTOCL((CK_ULONG)*val); +- bcopy(&tval,val,sizeof(CK_ULONG)); ++ memcpy(val,&tval,sizeof(CK_ULONG)); + #endif + + default: +@@ -1254,7 +1254,7 @@ CK_RV communicate( CK_ULONG cmd_id, C + } + hst=*hs; + saddr.sin_family = AF_INET; +- bcopy(hs->h_addr,(char *)&saddr.sin_addr,hs->h_length); ++ memcpy((char *)&saddr.sin_addr,hs->h_addr,hs->h_length); + //saddr.sin_addr.s_addr = htonl(0x0933510c); + saddr.sin_port = htons(PORT); + +@@ -1556,11 +1556,11 @@ CK_RV SC_Initialize( void **FunctionList + // Zero out the adapter handle array + // an adapter handle of 0 indicates that the particular adapter has + // NOT been initialized +- bzero((char *)adapter_handle,sizeof(sccAdapterHandle_t)*MAX_SLOT_ID); ++ memset((char *)adapter_handle,0,sizeof(sccAdapterHandle_t)*MAX_SLOT_ID); + initialized = TRUE; + initedpid = getpid(); + SC_SetFunctionList(); +- bzero((char *)correlator_init,PKW_MAX_DEVICES * sizeof(struct Cor_init)); ++ memset((char *)correlator_init,0,PKW_MAX_DEVICES * sizeof(struct Cor_init)); + + { + int i; +@@ -1645,7 +1645,7 @@ rc = 0; + + + saddr.sin_family = AF_INET; +- bcopy(hs->h_addr,(char *)&saddr.sin_addr,hs->h_length); ++ memcpy((char *)&saddr.sin_addr,hs->h_addr,hs->h_length); + saddr.sin_port = htons(PORT); + if ( connect (adapter_handle[i],(struct sockaddr *)&saddr,sizeof(struct sockaddr_in)) < 0 ){ + // XXX FIXME just bail for now. +@@ -3133,7 +3133,7 @@ CK_RV SC_CopyObject( ST_SESSION_HANDLE + #if __64BIT__ + copy_attribute_value(ps,pd,attr); + #else +- bcopy(ps,pd,attr->ulValueLen); ++ memcpy(pd,ps,attr->ulValueLen); + #endif + + #if __64BIT__ +@@ -3842,7 +3842,7 @@ CK_RV SC_SetAttributeValue( ST_SESSION_ + #if __64BIT__ + copy_attribute_value(ps,pd,attr); + #else +- bcopy(ps,pd,attr->ulValueLen); ++ memcpy(pd,ps,attr->ulValueLen); + #endif + + #if __64BIT__ +@@ -3997,7 +3997,7 @@ CK_RV SC_FindObjectsInit( ST_SESSION_HAN + #if __64BIT__ + copy_attribute_value(ps,pd,attr); + #else +- bcopy(ps,pd,attr->ulValueLen); ++ memcpy(pd,ps,attr->ulValueLen); + #endif + + #if __64BIT__ +@@ -4457,7 +4457,7 @@ CK_RV SC_GenerateKey( ST_SESSION_HANDLE + #if __64BIT__ + copy_attribute_value(ps,pd,attr); + #else +- bcopy(ps,pd,attr->ulValueLen); ++ memcpy(pd,ps,attr->ulValueLen); + #endif + + #if __64BIT__ +@@ -5555,7 +5555,7 @@ CK_RV SC_UnwrapKey( ST_SESSION_HANDLE + #if __64BIT__ + copy_attribute_value(ps,pd,attr); + #else +- bcopy(ps,pd,attr->ulValueLen); ++ memcpy(pd,ps,attr->ulValueLen); + #endif + + +@@ -6142,7 +6142,7 @@ CK_RV SC_GenerateKeyPair( ST_SESSION_HAN + #if __64BIT__ + copy_attribute_value(ps,pd,attr); + #else +- bcopy(ps,pd,attr->ulValueLen); ++ memcpy(pd,ps,attr->ulValueLen); + #endif + + #if __64BIT__ +@@ -6205,7 +6205,7 @@ CK_RV SC_GenerateKeyPair( ST_SESSION_HAN + #if __64BIT__ + copy_attribute_value(ps,pd,attr); + #else +- bcopy(ps,pd,attr->ulValueLen); ++ memcpy(pd,ps,attr->ulValueLen); + #endif + + #if __64BIT__ +@@ -7995,7 +7995,7 @@ CK_RV SC_DeriveKey( ST_SESSION_HANDLE + #if __64BIT__ + copy_attribute_value(ps,pd,attr); + #else +- bcopy(ps,pd,attr->ulValueLen); ++ memcpy(pd,ps,attr->ulValueLen); + #endif + + #if __64BIT__ +Index: usr/lib/pkcs11/soft_stdll/soft_specific.c +=================================================================== +RCS file: /cvsroot/opencryptoki/opencryptoki/usr/lib/pkcs11/soft_stdll/soft_specific.c,v +retrieving revision 1.3 +diff -p -u -r1.3 soft_specific.c +--- usr/lib/pkcs11/soft_stdll/soft_specific.c 1 Sep 2005 22:57:05 -0000 1.3 ++++ usr/lib/pkcs11/soft_stdll/soft_specific.c 12 Jan 2006 09:56:42 -0000 +@@ -302,6 +302,7 @@ + #include + #include // for memcmp() et al + #include ++#include + + #include "pkcs11types.h" + #include "defs.h" +@@ -395,6 +396,7 @@ token_specific_init(char * Correlator,CK + CK_RV + token_specific_final() + { ++ return CKR_OK; + } + + +Index: usr/lib/pkcs11/tpm_stdll/new_host.c +=================================================================== +RCS file: /cvsroot/opencryptoki/opencryptoki/usr/lib/pkcs11/tpm_stdll/new_host.c,v +retrieving revision 1.10 +diff -p -u -r1.10 new_host.c +--- usr/lib/pkcs11/tpm_stdll/new_host.c 11 Aug 2005 20:52:59 -0000 1.10 ++++ usr/lib/pkcs11/tpm_stdll/new_host.c 12 Jan 2006 09:56:42 -0000 +@@ -305,12 +305,12 @@ init_data_store(char *directory) + + if ( (pkdir = getenv("PKCS_APP_STORE")) != NULL) { + pk_dir = (char *) malloc(strlen(pkdir)+1024); +- bzero(pk_dir,strlen(pkdir)+1024); ++ memset(pk_dir,0,strlen(pkdir)+1024); + sprintf(pk_dir,"%s/%s",pkdir,SUB_DIR); + LogError("Using custom data store location: %s", pk_dir); + } else { + pk_dir = (char *)malloc(strlen(directory)+25); +- bzero(pk_dir,strlen(directory)+25); ++ memset(pk_dir,0,strlen(directory)+25); + sprintf(pk_dir,"%s",directory); + } + } +Index: usr/sbin/pkcsconf/pkcsconf.c +=================================================================== +RCS file: /cvsroot/opencryptoki/opencryptoki/usr/sbin/pkcsconf/pkcsconf.c,v +retrieving revision 1.5 +diff -p -u -r1.5 pkcsconf.c +--- usr/sbin/pkcsconf/pkcsconf.c 11 Aug 2005 21:00:57 -0000 1.5 ++++ usr/sbin/pkcsconf/pkcsconf.c 12 Jan 2006 09:56:42 -0000 +@@ -588,17 +588,17 @@ done: + #endif + + if (sopin) { +- bzero (sopin, strlen(sopin)); ++ memset (sopin, 0, strlen(sopin)); + free (sopin); + } + + if (pin) { +- bzero (pin, strlen(pin)); ++ memset (pin, 0, strlen(pin)); + free (pin); + } + + if (newpin) { +- bzero (newpin, strlen(newpin)); ++ memset (newpin, 0, strlen(newpin)); + free (newpin); + } + +@@ -672,6 +672,8 @@ echo(int bool){ + * displayed on the terminal is invalid */ + if (tcsetattr(STDIN_FILENO, TCSAFLUSH, &term) != 0) + return -1; ++ ++ return 0; + } + + #if SHM +@@ -725,6 +727,8 @@ display_pkcs11_info(void){ + printf(PKCSINIT_MSG(LIBVERSION, "\tLibrary Version %d.%d \n"), + CryptokiInfo.libraryVersion.major, + CryptokiInfo.libraryVersion.minor); ++ ++ return 0; + } + + CK_RV +@@ -1176,7 +1180,7 @@ init(void){ + dllPtr = dlopen("/usr/lib/pkcs11/PKCS11_API.so64", RTLD_NOW); */ + dllPtr = dlopen("libopencryptoki.so", RTLD_NOW); + if (!dllPtr) { +- printf(PKCSINIT_MSG(LOADERROR, "Error loading PKCS#11 library: 0x%X\n"), rc); ++ printf(PKCSINIT_MSG(LOADERROR, "Error loading PKCS#11 library;\n")); + printf(PKCSINIT_MSG(LOADERROR, "dlopen error: %s\n"), dlerror()); + fflush(stdout); + return -1; +Index: usr/sbin/pkcsslotd/garbage_linux.c +=================================================================== +RCS file: /cvsroot/opencryptoki/opencryptoki/usr/sbin/pkcsslotd/garbage_linux.c,v +retrieving revision 1.3 +diff -p -u -r1.3 garbage_linux.c +--- usr/sbin/pkcsslotd/garbage_linux.c 24 Feb 2005 21:35:10 -0000 1.3 ++++ usr/sbin/pkcsslotd/garbage_linux.c 12 Jan 2006 09:56:42 -0000 +@@ -917,7 +917,7 @@ BOOL IsValidProcessEntry ( pid_t pid, ti + p = (proc_t *)malloc(sizeof(proc_t)); + #else + p = &procstore; +- bzero(p, sizeof(proc_t)); ++ memset(p, 0, sizeof(proc_t)); + #endif + + if( !(valid = Stat2Proc( (int)pid, p )) ) +Index: usr/sbin/pkcsslotd/no_odm.c +=================================================================== +RCS file: /cvsroot/opencryptoki/opencryptoki/usr/sbin/pkcsslotd/no_odm.c,v +retrieving revision 1.5 +diff -p -u -r1.5 no_odm.c +--- usr/sbin/pkcsslotd/no_odm.c 3 Jun 2005 16:07:39 -0000 1.5 ++++ usr/sbin/pkcsslotd/no_odm.c 12 Jan 2006 09:56:42 -0000 +@@ -502,7 +502,7 @@ BOOL ReadSlotInfoDB ( void ) { + #ifdef ALLOCATE + slot_entry = (char *)malloc(sizeof(char)*(PATH_MAX)); + #else +- bzero(slot_entry,PATH_MAX); ++ memset(slot_entry,0,PATH_MAX); + #endif + + fgets(slot_entry, PATH_MAX, fp); +@@ -523,7 +523,7 @@ BOOL ReadSlotInfoDB ( void ) { + // if( feof(fp) ) + // break; + +- bzero(&sinfo_struct,sizeof(sinfo_struct)); // for good measure zero it out before use each time ++ memset(&sinfo_struct,0,sizeof(sinfo_struct)); // for good measure zero it out before use each time + + sinfo_struct.global_sessions = 0; // initializing to zero + element_num = Present; +@@ -746,7 +746,7 @@ BOOL ReadSlotInfoDB ( void ) { + /* WarnLog ( "***** ReadSlotInfoDB: %s: file not found (%s). Skipping DB entry.", sinfo[Index].dll_location, SysError(Err) ); */ + } + else { +- fprintf(stderr, "\nReading Slot Info: %s: looking at %s, stat64() returned %s (%d; %#x)", sinfo_struct.dll_location, SysError(Err), Err, Err); ++ fprintf(stderr, "\nReading Slot Info: %s: stat64() returned %s (%d; %#x)", sinfo_struct.dll_location, SysError(Err), Err, Err); + /* DbgLog (DL0, "***** ReadSlotInfoDB: looking at %s, stat64() returned %s (%d; %#x)", sinfo[Index].dll_location, SysError(Err), Err, Err); */ + } + memset( pSlot, '\0', sizeof(*pSlot) ); +@@ -809,7 +809,7 @@ BOOL ReadSlotInfoDB ( void ) { + if( (sinfo_struct.dll_location != NULL) && + (sinfo_struct.slot_init_fcn != NULL) ) { + +- bcopy(&sinfo_struct,&sinfo[Index],sizeof(sinfo_struct)); // similar to sinfo[Index] = &sinfo_struct; ++ memcpy(&sinfo[Index],&sinfo_struct,sizeof(sinfo_struct)); // similar to sinfo[Index] = &sinfo_struct; + PrintSlotInfo( &(sinfo[Index]) ); + Index++; + diff --git a/openCryptoki-config.patch b/openCryptoki-config.patch new file mode 100644 index 0000000..bab7245 --- /dev/null +++ b/openCryptoki-config.patch @@ -0,0 +1,81 @@ +? opencryptoki-include-fix.patch +Index: Makefile.am +=================================================================== +RCS file: /cvsroot/opencryptoki/opencryptoki/Makefile.am,v +retrieving revision 1.2 +diff -u -r1.2 Makefile.am +--- Makefile.am 3 Jun 2005 18:18:35 -0000 1.2 ++++ Makefile.am 11 Jan 2006 13:24:51 -0000 +@@ -1,5 +1,5 @@ + SUBDIRS = usr testcases +-SPEC=rpm//openCryptoki-$(shell uname -m).spec ++SPEC=rpm//openCryptoki-$(host_cpu).spec + + rpm: ${SPEC} + rm -rf /usr/src/openCryptoki +Index: usr/include/pkcs11/Makefile.am +=================================================================== +RCS file: /cvsroot/opencryptoki/opencryptoki/usr/include/pkcs11/Makefile.am,v +retrieving revision 1.3 +diff -u -r1.3 Makefile.am +--- usr/include/pkcs11/Makefile.am 1 Jun 2005 15:08:35 -0000 1.3 ++++ usr/include/pkcs11/Makefile.am 11 Jan 2006 13:24:51 -0000 +@@ -1,5 +1,5 @@ + opencryptoki_headers = apiclient.h pkcs11types.h pkcs11.h + +-opencryptokiincludedir=$(DESTDIR)/$(includedir)/opencryptoki ++opencryptokiincludedir=$(includedir)/opencryptoki + + opencryptokiinclude_HEADERS = $(opencryptoki_headers) +Index: usr/lib/pkcs11/api/Makefile.am +=================================================================== +RCS file: /cvsroot/opencryptoki/opencryptoki/usr/lib/pkcs11/api/Makefile.am,v +retrieving revision 1.28 +diff -u -r1.28 Makefile.am +--- usr/lib/pkcs11/api/Makefile.am 3 Aug 2005 02:43:41 -0000 1.28 ++++ usr/lib/pkcs11/api/Makefile.am 11 Jan 2006 13:24:51 -0000 +@@ -37,29 +37,3 @@ + mkdir -p $(DESTDIR)/$(libdir)/opencryptoki/stdll + cd $(DESTDIR)/$(libdir)/pkcs11 && rm -f stdll && \ + ln -sf ../opencryptoki/stdll/ stdll +- -groupadd pkcs11 +- if test "x$(prefix)" = "x/usr"; then \ +- mkdir -p $(DESTDIR)/var/lib/opencryptoki ; \ +- chown root:pkcs11 $(DESTDIR)/var/lib/opencryptoki ; \ +- chmod 775 $(DESTDIR)/var/lib/opencryptoki ; \ +- if [ ! -L $(DESTDIR)/etc/pkcs11 ] ; then \ +- if [ -e $(DESTDIR)/etc/pkcs11/* ] ; then \ +- mv $(DESTDIR)/etc/pkcs11/* $(DESTDIR)/var/lib/opencryptoki ; \ +- fi ; \ +- fi ;\ +- cd $(DESTDIR)/etc && rm -rf pkcs11 && \ +- ln -sf $(DESTDIR)/var/lib/opencryptoki pkcs11 ; \ +- else \ +- mkdir -p $(DESTDIR)/$(localstatedir)/lib/opencryptoki ; \ +- chown root:pkcs11 $(DESTDIR)/$(localstatedir)/lib/opencryptoki ; \ +- chmod 775 $(DESTDIR)/$(localstatedir)/lib/opencryptoki ; \ +- if [ ! -L $(DESTDIR)/$(sysconfdir)/pkcs11 ] ; then \ +- if [ -e $(DESTDIR)/$(sysconfdir)/pkcs11/* ] ; then \ +- mv $(DESTDIR)/$(sysconfdir)/pkcs11/* \ +- $(DESTDIR)/$(localstatedir)/lib/opencryptoki ; \ +- fi ; \ +- fi ; \ +- mkdir -p $(DESTDIR)/$(sysconfdir) ; \ +- cd $(DESTDIR)/$(sysconfdir) && rm -rf pkcs11 && \ +- ln -sf $(DESTDIR)/$(localstatedir)/lib/opencryptoki pkcs11 ; \ +- fi +Index: usr/lib/pkcs11/methods/4758_status/Makefile.am +=================================================================== +RCS file: /cvsroot/opencryptoki/opencryptoki/usr/lib/pkcs11/methods/4758_status/Makefile.am,v +retrieving revision 1.2 +diff -u -r1.2 Makefile.am +--- usr/lib/pkcs11/methods/4758_status/Makefile.am 22 Feb 2005 20:48:07 -0000 1.2 ++++ usr/lib/pkcs11/methods/4758_status/Makefile.am 11 Jan 2006 13:25:00 -0000 +@@ -11,6 +11,6 @@ + + install-data-local: + mkdir -p $(INSROOT)/usr/lib/pkcs11/methods; \ +- if [ $(shell uname -m) != s390x ] ;then cp 4758_status \ ++ if [ $(host_cpu) != s390x ] ;then cp 4758_status \ + $(INSROOT)/usr/lib/pkcs11/methods/; fi; \ + rm -f /tmp/4758*; diff --git a/openCryptoki-no_mmap.patch b/openCryptoki-no_mmap.patch new file mode 100644 index 0000000..d58f359 --- /dev/null +++ b/openCryptoki-no_mmap.patch @@ -0,0 +1,11 @@ +--- configure.in 2006-01-11 13:16:18.000000000 -0600 ++++ configure.in 2006-01-25 16:32:36.000000000 -0600 +@@ -246,7 +246,7 @@ + AC_MSG_RESULT([*** Disabling the Corrent Crypto Accelerator token at user request ***]) + fi + +-CFLAGS="$CFLAGS -DMMAP -DPKCS64 \ ++CFLAGS="$CFLAGS -DPKCS64 \ + -DCONFIG_PATH=\\\"$CONFIG_PATH\\\" \ + -DSBIN_PATH=\\\"$SBIN_PATH\\\" \ + -DLIB_PATH=\\\"$LIB_PATH\\\" \ diff --git a/openCryptoki-per_user.patch b/openCryptoki-per_user.patch new file mode 100644 index 0000000..717e5e0 --- /dev/null +++ b/openCryptoki-per_user.patch @@ -0,0 +1,331 @@ +--- usr/lib/pkcs11/common/loadsave.c 2006-01-25 17:06:14.000000000 -0600 ++++ usr/lib/pkcs11/common/loadsave.c 2006-01-25 18:02:20.000000000 -0600 +@@ -320,9 +320,21 @@ + void + set_perm(int file) + { ++#ifdef PER_USER_TOKEN + /* With per user data stores, we don't share the token data amongst a + * group. In fact, we want to restrict access to a single user */ + fchmod(file,S_IRUSR|S_IWUSR); ++#else ++ struct group *grp; ++ ++ // Set absolute permissions or rw-rw-r-- ++ fchmod(file,S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH); ++ ++ grp = getgrnam("pkcs11"); // Obtain the group id ++ if (grp){ ++ fchown(file,getuid(),grp->gr_gid); // set ownership to root, and pkcs11 group ++ } ++#endif + } + + // +@@ -339,6 +351,7 @@ + CK_ULONG clear_len, cipher_len; + #endif + CK_RV rc; ++#ifdef PER_USER_TOKEN + struct passwd *pw = NULL; + + if ((pw = getpwuid(getuid())) == NULL){ +@@ -347,6 +360,9 @@ + } + + sprintf((char *)fname,"%s/%s/%s",(char *)pk_dir, pw->pw_name, PK_LITE_NV); ++#else ++ sprintf((char *)fname,"%s/%s",(char *)pk_dir, PK_LITE_NV); ++#endif + + rc = XProcLock( xproclock ); + if (rc != CKR_OK){ +@@ -440,6 +456,7 @@ + #endif + CK_RV rc; + CK_BYTE fname[2048]; ++#ifdef PER_USER_TOKEN + struct passwd *pw = NULL; + + if ((pw = getpwuid(getuid())) == NULL){ +@@ -448,6 +465,9 @@ + } + + sprintf((char *)fname,"%s/%s/%s",(char *)pk_dir, pw->pw_name, PK_LITE_NV); ++#else ++ sprintf((char *)fname,"%s/%s",pk_dir, PK_LITE_NV); ++#endif + + rc = XProcLock( xproclock ); + if (rc != CKR_OK){ +@@ -507,8 +527,9 @@ + CK_BYTE line[100]; + CK_RV rc; + CK_BYTE fname[2048]; ++#ifdef PER_USER_TOKEN + struct passwd *pw = NULL; +- ++#endif + + if (object_is_private(obj) == TRUE) + rc = save_private_token_object( obj ); +@@ -521,6 +542,7 @@ + } + // update the index file if it exists + // ++#ifdef PER_USER_TOKEN + if ((pw = getpwuid(getuid())) == NULL){ + LogError("getpwuid failed: %s", strerror(errno)); + return CKR_FUNCTION_FAILED; +@@ -528,6 +550,9 @@ + + sprintf((char *)fname,"%s/%s/%s/%s",(char *)pk_dir, pw->pw_name, + PK_LITE_OBJ_DIR, PK_LITE_OBJ_IDX); ++#else ++ sprintf((char *)fname,"%s/%s/%s",pk_dir,PK_LITE_OBJ_DIR,PK_LITE_OBJ_IDX); ++#endif + + //fp = fopen( "/tmp/TOK_OBJ/OBJ.IDX", "r" ); + fp = fopen( (char *)fname, "r" ); +@@ -579,6 +604,7 @@ + CK_BBOOL flag = FALSE; + CK_RV rc; + CK_ULONG_32 total_len; ++#ifdef PER_USER_TOKEN + struct passwd *pw = NULL; + + if ((pw = getpwuid(getuid())) == NULL){ +@@ -588,6 +614,9 @@ + + sprintf((char *)fname,"%s/%s/%s/",(char *)pk_dir, pw->pw_name, + PK_LITE_OBJ_DIR); ++#else ++ sprintf( (char *)fname,"%s/%s/", pk_dir,PK_LITE_OBJ_DIR); ++#endif + + //strcpy( fname, "/tmp/TOK_OBJ/" ); + strncat( (char *)fname, (char *) obj->name, 8 ); +@@ -643,6 +672,7 @@ + CK_RV rc; + CK_ULONG_32 obj_data_len_32; + CK_ULONG_32 total_len; ++#ifdef PER_USER_TOKEN + struct passwd * pw = NULL; + + if ((pw = getpwuid(getuid())) == NULL){ +@@ -652,6 +682,9 @@ + + sprintf((char *)fname,"%s/%s/%s/",(char *)pk_dir, pw->pw_name, + PK_LITE_OBJ_DIR); ++#else ++ sprintf( (char *)fname,"%s/%s/", pk_dir,PK_LITE_OBJ_DIR); ++#endif + + rc = object_flatten( obj, &obj_data, &obj_data_len ); + obj_data_len_32 = obj_data_len; +@@ -777,6 +810,7 @@ + CK_BYTE tmp[2048], fname[2048],iname[2048]; + CK_BBOOL priv; + CK_ULONG_32 size; ++#ifdef PER_USER_TOKEN + struct passwd *pw = NULL; + + if ((pw = getpwuid(getuid())) == NULL){ +@@ -786,6 +820,9 @@ + + sprintf((char *)iname,"%s/%s/%s/%s",(char *)pk_dir, pw->pw_name, + PK_LITE_OBJ_DIR, PK_LITE_OBJ_IDX); ++#else ++ sprintf((char *)iname,"%s/%s/%s",pk_dir,PK_LITE_OBJ_DIR, PK_LITE_OBJ_IDX); ++#endif + + //fp1 = fopen("/tmp/TOK_OBJ/OBJ.IDX", "r"); + fp1 = fopen((char *)iname, "r"); +@@ -798,7 +835,11 @@ + tmp[ strlen((char *)tmp)-1 ] = 0; + + //strcpy(fname,"/tmp/TOK_OBJ/"); ++#ifdef PER_USER_TOKEN + sprintf((char *)fname,"%s/%s/%s/",pk_dir, pw->pw_name, PK_LITE_OBJ_DIR); ++#else ++ sprintf((char *)fname,"%s/%s/",pk_dir, PK_LITE_OBJ_DIR); ++#endif + strcat((char *)fname, (char *)tmp ); + + fp2 = fopen( (char *)fname, "r" ); +@@ -849,6 +890,7 @@ + CK_BBOOL priv; + CK_ULONG_32 size; + CK_RV rc; ++#ifdef PER_USER_TOKEN + struct passwd *pw = NULL; + + if ((pw = getpwuid(getuid())) == NULL){ +@@ -858,6 +900,9 @@ + + sprintf((char *)iname,"%s/%s/%s/%s",(char *)pk_dir, pw->pw_name, + PK_LITE_OBJ_DIR, PK_LITE_OBJ_IDX); ++#else ++ sprintf((char *)iname,"%s/%s/%s",pk_dir,PK_LITE_OBJ_DIR, PK_LITE_OBJ_IDX); ++#endif + + //fp1 = fopen("/tmp/TOK_OBJ/OBJ.IDX", "r"); + fp1 = fopen((char *)iname, "r"); +@@ -870,7 +915,11 @@ + tmp[ strlen((char *)tmp)-1 ] = 0; + + //strcpy(fname,"/tmp/TOK_OBJ/"); ++#ifdef PER_USER_TOKEN + sprintf((char *)fname,"%s/%s/%s/",pk_dir, pw->pw_name, PK_LITE_OBJ_DIR); ++#else ++ sprintf((char *)fname,"%s/%s/",pk_dir,PK_LITE_OBJ_DIR); ++#endif + strcat((char *)fname,(char *) tmp ); + + fp2 = fopen( (char *)fname, "r" ); +@@ -1057,6 +1106,7 @@ + CK_ULONG cipher_len, clear_len, hash_len; + CK_RV rc; + CK_BYTE fname[2048]; ++#ifdef PER_USER_TOKEN + struct passwd * pw = NULL; + + if ((pw = getpwuid(getuid())) == NULL){ +@@ -1065,6 +1115,9 @@ + } + + sprintf((char *)fname,"%s/%s/MK_SO",(char *)pk_dir, pw->pw_name); ++#else ++ sprintf((char *)fname,"%s/MK_SO",pk_dir); ++#endif + + memset( master_key, 0x0, 3*DES_KEY_SIZE ); + +@@ -1167,6 +1220,7 @@ + CK_ULONG cipher_len, clear_len, hash_len; + CK_RV rc; + CK_BYTE fname[2048]; ++#ifdef PER_USER_TOKEN + struct passwd * pw = NULL; + + if ((pw = getpwuid(getuid())) == NULL){ +@@ -1175,6 +1229,9 @@ + } + + sprintf((char *)fname,"%s/%s/MK_USER",(char *)pk_dir, pw->pw_name); ++#else ++ sprintf((char *)fname,"%s/MK_USER",pk_dir); ++#endif + + memset( master_key, 0x0, 3*DES_KEY_SIZE ); + +@@ -1274,12 +1331,14 @@ + CK_ULONG hash_len, cleartxt_len, ciphertxt_len, padded_len; + CK_RV rc; + CK_BYTE fname[2048]; ++#ifdef PER_USER_TOKEN + struct passwd * pw = NULL; + + if ((pw = getpwuid(getuid())) == NULL){ + LogError("getpwuid failed: %s", strerror(errno)); + return CKR_FUNCTION_FAILED; + } ++#endif + + memcpy( mk.key, master_key, 3 * DES_KEY_SIZE); + +@@ -1329,7 +1388,11 @@ + // + // probably ought to ensure the permissions are correct + // ++#ifdef PER_USER_TOKEN + sprintf((char *)fname,"%s/%s/MK_SO",(char *)pk_dir, pw->pw_name); ++#else ++ sprintf((char *)fname,"%s/MK_SO",pk_dir); ++#endif + //fp = fopen( "/tmp/MK_SO", "w" ); + fp = fopen( (char *)fname, "w" ); + if (!fp) { +@@ -1369,12 +1432,14 @@ + CK_ULONG hash_len, cleartxt_len, ciphertxt_len, padded_len; + CK_RV rc; + CK_BYTE fname[2048]; ++#ifdef PER_USER_TOKEN + struct passwd * pw = NULL; + + if ((pw = getpwuid(getuid())) == NULL){ + LogError("getpwuid failed: %s", strerror(errno)); + return CKR_FUNCTION_FAILED; + } ++#endif + + memcpy( mk.key, master_key, 3 * DES_KEY_SIZE); + +@@ -1426,7 +1491,11 @@ + // + // probably ought to ensure the permissions are correct + // ++#ifdef PER_USER_TOKEN + sprintf((char *)fname,"%s/%s/MK_USER",(char *)pk_dir, pw->pw_name); ++#else ++ sprintf((char *)fname,"%s/MK_USER", pk_dir); ++#endif + //fp = fopen( "/tmp/MK_USER", "w" ); + fp = fopen( (char *)fname, "w" ); + if (!fp) { +@@ -1463,17 +1532,22 @@ + CK_ULONG_32 size; + CK_ULONG size_64; + CK_RV rc; ++#ifdef PER_USER_TOKEN + struct passwd *pw = NULL; + + if ((pw = getpwuid(getuid())) == NULL){ + LogError("getpwuid failed: %s", strerror(errno)); + return CKR_FUNCTION_FAILED; + } +- ++#endif + memset( (char *)fname, 0x0, sizeof(fname) ); + ++#ifdef PER_USER_TOKEN + sprintf((char *)fname,"%s/%s/%s/",(char *)pk_dir, pw->pw_name, + PK_LITE_OBJ_DIR); ++#else ++ sprintf((char *)fname,"%s/%s/",pk_dir, PK_LITE_OBJ_DIR); ++#endif + + // strcpy(fname, "/tmp/TOK_OBJ/" ); + strncat((char *)fname,(char *) obj->name, 8 ); +@@ -1532,6 +1606,7 @@ + FILE *fp1, *fp2; + CK_BYTE line[100]; + CK_BYTE objidx[2048], idxtmp[2048],fname[2048]; ++#ifdef PER_USER_TOKEN + struct passwd *pw = NULL; + + if ((pw = getpwuid(getuid())) == NULL){ +@@ -1543,7 +1618,10 @@ + PK_LITE_OBJ_DIR, PK_LITE_OBJ_IDX); + sprintf((char *)idxtmp,"%s/%s/%s/%s",(char *)pk_dir, pw->pw_name, + PK_LITE_OBJ_DIR, "IDX.TMP"); +- ++#else ++ sprintf((char *)objidx,"%s/%s/%s",pk_dir, PK_LITE_OBJ_DIR,PK_LITE_OBJ_IDX); ++ sprintf((char *)idxtmp,"%s/%s/%s",pk_dir, PK_LITE_OBJ_DIR, "IDX.TMP"); ++#endif + + // FIXME: on UNIX, we need to make sure these guys aren't symlinks + // before we blindly write to these files... +@@ -1600,7 +1678,11 @@ + fclose(fp1); + fclose(fp2); + ++#ifdef PER_USER_TOKEN + sprintf((char *)fname,"%s/%s/%s/%s",pk_dir, pw->pw_name, PK_LITE_OBJ_DIR, (char *)obj->name); ++#else ++ sprintf((char *)fname,"%s/%s/%s",pk_dir, PK_LITE_OBJ_DIR,(char *)obj->name); ++#endif + unlink((char *)fname); + return CKR_OK; + diff --git a/openCryptoki-pkcsslotd-removepidfile.patch b/openCryptoki-pkcsslotd-removepidfile.patch new file mode 100644 index 0000000..37e06a6 --- /dev/null +++ b/openCryptoki-pkcsslotd-removepidfile.patch @@ -0,0 +1,32 @@ +--- usr/include/pkcs11/slotmgr.h ++++ usr/include/pkcs11/slotmgr.h +@@ -325,7 +325,7 @@ + #endif + + +-#define PID_FILE_PATH CONFIG_PATH "/.slotpid" ++#define PID_FILE_PATH "/var/run/pkcsslotd.pid" + + #ifndef CK_BOOL + #define CK_BOOL CK_BBOOL +--- usr/sbin/pkcsslotd/slotmgr.c ++++ usr/sbin/pkcsslotd/slotmgr.c +@@ -314,6 +314,10 @@ + + void DumpSharedMemory ( void ); + ++void unlink_pidfile(void) ++{ ++ unlink(PID_FILE_PATH); ++} + + /***************************************** + * main() - +@@ -575,6 +579,7 @@ + fprintf(pidfile,"%d",getpid()); + fclose(pidfile); + } ++ atexit(unlink_pidfile); + } + + #pragma info(none) diff --git a/openCryptoki-prototypes.patch b/openCryptoki-prototypes.patch new file mode 100644 index 0000000..ae236e2 --- /dev/null +++ b/openCryptoki-prototypes.patch @@ -0,0 +1,11 @@ +--- usr/lib/pkcs11/api/shrd_mem.c.in ++++ usr/lib/pkcs11/api/shrd_mem.c.in +@@ -322,6 +322,8 @@ + #include + #include + ++#include ++ + #define MAPFILENAME "@CONFIG_PATH@/.apimap" + + extern API_Proc_Struct_t *Anchor; diff --git a/openCryptoki-retval.patch b/openCryptoki-retval.patch new file mode 100644 index 0000000..df2dcc2 --- /dev/null +++ b/openCryptoki-retval.patch @@ -0,0 +1,107 @@ +--- testcases/login/login.c ++++ testcases/login/login.c +@@ -82,7 +82,7 @@ + } else { + printf("usage: %s [-slot ] [-h] [-pass passwd] [-user|-so]\n\n", argv[0] ); + printf("By default, Slot %d is used, as user\n\n", SLOT_ID_DEFAULT); +- return; ++ return 0; + } + } + +--- testcases/oc-digest/oc-digest.c ++++ testcases/oc-digest/oc-digest.c +@@ -164,7 +164,7 @@ + + if( (rc = funcs->C_Initialize( &initialize_args )) != CKR_OK ) { + oc_err_msg("C_Initialize", rc); +- return; ++ return clean_up(); + } + + /* stat the file for size, etc */ +--- testcases/rsa_test/rsa_test_genkey.c ++++ testcases/rsa_test/rsa_test_genkey.c +@@ -544,7 +544,7 @@ + printf("By default, Slot #1 is used\n\n"); + printf("By default we skip anything that creates or modifies\n"); + printf("token objects to preserve flash lifetime.\n"); +- return; ++ return 0; + } + } + +@@ -552,7 +552,7 @@ + + rc = do_GetFunctionList(); + if (!rc) +- return; ++ return 0; + + memset( &cinit_args, 0x0, sizeof(cinit_args) ); + cinit_args.flags = CKF_OS_LOCKING_OK; +@@ -564,7 +564,8 @@ + + rc = do_EncryptRSA_PKCS(); + if (!rc) +- return; ++ return 0; + + funcs->C_Finalize( NULL ); ++ return 0; + } +--- testcases/rsa_test/rsa_thread_test.c ++++ testcases/rsa_test/rsa_thread_test.c +@@ -417,7 +417,7 @@ + threads[index].processed = loopcount - failed; + threads[index].ops = (float) ((float)(loopcount - failed) / (float)diff); + +- return; ++ return 0; + errordecrypt: + //if (len1 != len2) { + // printf(" ERROR: lengths don't match\n"); +--- testcases/v2.11/aes_func.c ++++ testcases/v2.11/aes_func.c +@@ -1946,7 +1946,7 @@ + + if ((rc = funcs->C_Initialize(&initialize_args)) != CKR_OK) { + OC_ERR_MSG("C_Initialize", rc); +- return; ++ return 0; + } + + +--- testcases/v2.11/hw_fn.c ++++ testcases/v2.11/hw_fn.c +@@ -289,7 +289,7 @@ + + if( (rc = funcs->C_Initialize( &initialize_args )) != CKR_OK ) { + OC_ERR_MSG("C_Initialize", rc); +- return; ++ return 0; + } + + /* Open a session with the token */ +--- testcases/v2.11/login.c ++++ testcases/v2.11/login.c +@@ -63,7 +63,7 @@ + + if( (rc = funcs->C_Initialize( &initialize_args )) != CKR_OK ) { + oc_err_msg("C_Initialize", rc); +- return; ++ return 0; + } + + // +--- testcases/v2.11/rijndael.c ++++ testcases/v2.11/rijndael.c +@@ -925,7 +925,7 @@ + + if( (rc = funcs->C_Initialize( &initialize_args )) != CKR_OK ) { + OC_ERR_MSG("C_Initialize", rc); +- return; ++ return 0; + } + + /* Open a session with the token */ diff --git a/openCryptoki.changes b/openCryptoki.changes new file mode 100644 index 0000000..dfb555f --- /dev/null +++ b/openCryptoki.changes @@ -0,0 +1,261 @@ +------------------------------------------------------------------- +Fri Oct 20 02:25:46 CEST 2006 - ro@suse.de + +- fix missing return values from non-void funcs + +------------------------------------------------------------------- +Fri Apr 21 13:06:00 CEST 2006 - uli@suse.de + +- pkcsslotd: create PID file in the right place, delete it on + exit (bug #164664) + +------------------------------------------------------------------- +Tue Apr 11 13:29:07 CEST 2006 - uli@suse.de + +- added 64-bit patches from IBM (bug #145666) + +------------------------------------------------------------------- +Mon Apr 10 13:30:50 CEST 2006 - uli@suse.de + +- added small change missing from patch for bug #156651 + +------------------------------------------------------------------- +Mon Apr 3 13:57:52 CEST 2006 - uli@suse.de + +- fixed location of pkcs11_startup in init script (bug #162372) + +------------------------------------------------------------------- +Mon Mar 13 15:05:17 CET 2006 - uli@suse.de + +- fixed proc_t structure mixup (bug #156651) + +------------------------------------------------------------------- +Thu Mar 9 17:18:33 CET 2006 - uli@suse.de + +- initialize head pointer (bug #156229) + +------------------------------------------------------------------- +Mon Mar 6 13:20:21 CET 2006 - uli@suse.de + +- %ghost symlinks that are generated in %post (bug #154961) + +------------------------------------------------------------------- +Thu Feb 2 13:15:13 CET 2006 - uli@suse.de + +- stuffed memleak (patch by IBM, bug #147036) + +------------------------------------------------------------------- +Wed Feb 1 13:31:05 CET 2006 - uli@suse.de + +- changed RPM layout to meet IBM's demands (based on patch by IBM, + bug #145666) +- removed mmap, per-user data store support (patch by IBM, bug + #145666) + +------------------------------------------------------------------- +Wed Jan 25 21:38:59 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Thu Jan 12 10:25:37 CET 2006 - hare@suse.de + +- Update to 2.2.2-rc2 + +------------------------------------------------------------------- +Wed Jan 11 17:11:58 CET 2006 - hare@suse.de + +- Update to 2.2.1-rc2 +- Fixed build errors +- Cleaned up spec file. + +------------------------------------------------------------------- +Wed Dec 14 01:32:20 CET 2005 - ro@suse.de + +- copy TFAQ to build directory (fix build) + +------------------------------------------------------------------- +Mon Dec 12 15:35:22 CET 2005 - hare@suse.de + +- Update to 2.1.6-rc5. +- Port fixes from SLES9 SP3. + +------------------------------------------------------------------- +Tue Nov 15 18:03:22 CET 2005 - uli@suse.de + +- enabled for ARM + +------------------------------------------------------------------- +Thu Feb 17 12:58:00 CET 2005 - od@suse.de + +- fix #50050: + - ./configure.in: wrong test against $host makes ppc(64) miss + -DPKCS64 in CFLAGS + - corrected: S390 flag was set for ppc in this conditional + +------------------------------------------------------------------- +Mon Aug 16 12:52:01 CEST 2004 - ro@suse.de + +- run full autoreconf / simplify specfile a little + +------------------------------------------------------------------- +Tue Apr 27 08:26:46 CEST 2004 - hare@suse.de + +- Print correct error message (#37427 again). + +------------------------------------------------------------------- +Fri Apr 23 08:18:14 CEST 2004 - hare@suse.de + +- Check for the correct module on startup (#37427) + +------------------------------------------------------------------- +Sun Apr 18 17:57:30 CEST 2004 - olh@suse.de + +- update to openCryptoki-2.1.5, ppc64 version (#39026) + +------------------------------------------------------------------- +Wed Feb 18 01:29:07 CET 2004 - ro@suse.de + +- adapt filelist on ppc + +------------------------------------------------------------------- +Thu Feb 12 14:27:08 CET 2004 - kukuk@suse.de + +- Fix owner/group of files/directories + +------------------------------------------------------------------- +Fri Dec 5 12:28:30 CET 2003 - ro@suse.de + +- no need to specify "root" as supplementary group for root, + it's already primary + +------------------------------------------------------------------- +Wed Jul 30 18:12:32 CEST 2003 - hare@suse.de + +- Update to openCryptoki-2.1.3 +- Fixed configure errors. + +------------------------------------------------------------------- +Mon Jun 23 02:12:34 CEST 2003 - ro@suse.de + +- added directories to filelist + +------------------------------------------------------------------- +Wed Jun 4 00:31:28 CEST 2003 - ro@suse.de + +- remove CVS subdirs +- remove unpackaged files from buildroot + +------------------------------------------------------------------- +Thu Nov 21 01:34:11 CET 2002 - ro@suse.de + +- removed duplicates from configure.in + +------------------------------------------------------------------- +Tue Oct 1 10:51:18 CEST 2002 - froh@suse.de + +- exclude ppc64 from the architectures, the package is built for. + 64bit mode is not supported by IBM yet; dlopen wrappers are also + missing 64bit filename handling. (#20380) +- actually compress the openCryptoki-1.4*.tar.bz2 + +------------------------------------------------------------------- +Tue Sep 24 20:18:36 CEST 2002 - ro@suse.de + +- make it even build ... + +------------------------------------------------------------------- +Tue Sep 24 14:25:51 CEST 2002 - froh@suse.de + +- make openCryptoki-XXbit PreReq: openCryptoki to enforce pkcs11 group + creation before package installation (#20079) +- correct version number (the patch actiually lifts openCryptoki to 1.5) +- fix groupadd call to no longer silently ignore errors in all cases + using (hopefully) posix exit codes. alternative would be to use + undocumented '-f' option of groupadd. + +------------------------------------------------------------------- +Fri Sep 20 13:37:22 CEST 2002 - froh@suse.de + +- add user root to group pkcs11 to enable root to administrate the + crypto hardware support (#19566) + +------------------------------------------------------------------- +Mon Aug 26 17:24:21 CEST 2002 - okir@suse.de + +- misc security fixes (#18377) + +------------------------------------------------------------------- +Fri Aug 23 17:14:45 CEST 2002 - froh@suse.de + +- replaced openCryptoki-tools with openCryptoki-32bit and + openCryptoki-64bit + +------------------------------------------------------------------- +Thu Aug 22 10:45:35 CEST 2002 - froh@suse.de + +- moved dlopen objects that are available for non-x86 out of the + ifarch ix86 +- moved postun to tools subpackge (which contains the daemon) +- removed include files. no development support for now. +- replaced %%ix86, etc by appropriate generic %%openCryptoki_tools_arch + and %%openCryptoki_no_tools_arch + +------------------------------------------------------------------- +Wed Aug 21 12:06:21 CEST 2002 - ro@suse.de + +- replaced all i386 occurrences with %ix86 +- changed filelist to what's really built + +------------------------------------------------------------------- +Tue Aug 20 12:24:50 CEST 2002 - froh@suse.de + +- split package to openCryptoki and openCryptoki-tools to allow + parallel installation of 32bit tools with 64bit dlopen objects for + foreign middleware. +- removed automatical insserv on install, because the package needs + manual configuration (#18031) + +------------------------------------------------------------------- +Mon Aug 12 11:01:37 CEST 2002 - froh@suse.de + +- added missing %post before insserv (Bug #17600) + +------------------------------------------------------------------- +Fri Aug 9 13:03:05 CEST 2002 - kukuk@suse.de + +- Fix path in PreReq. + +------------------------------------------------------------------- +Wed Aug 7 12:36:09 CEST 2002 - froh@suse.de + +- add groupadd pkcs11 in %pre install + +------------------------------------------------------------------- +Mon Jul 29 17:21:49 CEST 2002 - froh@suse.de + +- updated to current version +- removed old START_ variable + +------------------------------------------------------------------- +Fri Jun 14 00:07:03 CEST 2002 - ro@suse.de + +- always use macros when calling insserv + +------------------------------------------------------------------- +Tue Apr 9 21:06:49 CEST 2002 - bk@suse.de + +- add lib64 support + +------------------------------------------------------------------- +Tue Feb 5 11:01:16 CET 2002 - froh@suse.de + +- Added openssl to #neededforbuild, which is needed in addition to + openssl-devel + +------------------------------------------------------------------- +Wed Jan 30 16:20:48 CET 2002 - froh@suse.de + +- initial version + +------------------------------------------------------------------- diff --git a/openCryptoki.pkcsslotd b/openCryptoki.pkcsslotd new file mode 100644 index 0000000..46fe358 --- /dev/null +++ b/openCryptoki.pkcsslotd @@ -0,0 +1,149 @@ +#! /bin/sh +# Copyright (c) 1995-2000 SuSE GmbH Nuernberg, Germany. +# +# Author: Jiri Smid +# +# /etc/init.d/pkcsslotd +# +# and symbolic its link +# +# /usr/sbin/rcpkcsslotd +# +### BEGIN INIT INFO +# Provides: pkcsslotd +# Required-Start: z90crypt +# Required-Stop: +# Default-Start: 3 5 +# Default-Stop: 0 1 2 6 +# Description: Start the pkcsslotd daemon +### END INIT INFO + +. /etc/rc.status + +# Check for missing binaries (stale symlinks should not happen) +PKCSSLOTD_BIN=/usr/sbin/pkcsslotd +test -x $PKCSSLOTD_BIN || exit 5 + +# Shell functions sourced from /etc/rc.status: +# rc_check check and set local and overall rc status +# rc_status check and set local and overall rc status +# rc_status -v ditto but be verbose in local rc status +# rc_status -v -r ditto and clear the local rc status +# rc_failed set local and overall rc status to failed +# rc_reset clear local rc status (overall remains) +# rc_exit exit appropriate to overall rc status + +# Check for machine architecture +PKCS_ARCH=$(/bin/uname -m) + +# First reset status of this service +rc_reset +case "$1" in + start) + case "$PKCS_ARCH" in + s390|s390x) + PKCS_MODULE="z90crypt" + ;; + *) + PKCS_MODULE="leedslite" + ;; + esac + lsmod | grep $PKCS_MODULE > /dev/null 2>&1 \ + || echo "$PKCS_MODULE module is not installed - PKCS#11 will not be hardware accelerated" + + echo -n "Starting pkcsslotd daemon:" + + # Generate the configuration information + /usr/sbin/pkcs11_startup + + ## Start daemon with startproc(8). If this fails + ## the echo return value is set appropriate. + + if [ ! -f /var/run/pkcsslotd.pid ]; then + # /var/run/pkcsslotd.pid does not exist + startproc -f $PKCSSLOTD_BIN + elif ! ps -h --pid `cat /var/run/pkcsslotd.pid` | grep "$PKCSSLOTD_BIN" 2>&1 >/dev/null; then + # /var/run/pkcsslotd.pid exists but named pid not + rm -f /var/run/pkcsslotd.pid + startproc -f $PKCSSLOTD_BIN + else + # just to have "failed" message + startproc $PKCSSLOTD_BIN + fi + + # Remember status and be verbose + rc_status -v + ;; + stop) + echo -n "Shutting down pkcsslotd daemon:" + ## Stop daemon with killproc(8) and if this fails + ## set echo the echo return value. + + killproc -p /var/run/pkcsslotd.pid -TERM $PKCSSLOTD_BIN + + # Remember status and be verbose + rc_status -v + ;; + try-restart) + ## Stop the service and if this succeeds (i.e. the + ## service was running before), start it again. + $0 status >/dev/null && $0 restart + + # Remember status and be quiet + rc_status + ;; + restart) + ## Stop the service and regardless of whether it was + ## running or not, start it again. + $0 stop + $0 start + + # Remember status and be quiet + rc_status + ;; + force-reload) + ## Signal the daemon to reload its config. Most daemons + ## do this on signal 1 (SIGHUP). + ## If it does not support it, restart. + + echo -n "Reload service pkcsslotd" + ## if it supports it: + killproc -p /var/run/pkcsslotd.pid -HUP $PKCSSLOTD_BIN + #touch /var/run/pkcsslotd.pid + rc_status -v + + ;; + reload) + ## Like force-reload, but if daemon does not support + ## signalling, do nothing (!) + + # If it supports signalling: + echo -n "Reload service pkcsslotd" + killproc -p /var/run/pkcsslotd.pid -HUP $PKCSSLOTD_BIN + #touch /var/run/pkcsslotd.pid + rc_status -v + + # If it does not support reload: + #exit 3 + ;; + status) + echo -n "Checking for service pkcsslotd: " + ## Check status with checkproc(8), if process is running + ## checkproc will return with exit status 0. + + # Status has a slightly different for the status command: + # 0 - service running + # 1 - service dead, but /var/run/ pid file exists + # 2 - service dead, but /var/lock/ lock file exists + # 3 - service not running + + # NOTE: checkproc returns LSB compliant status values. + checkproc $PKCSSLOTD_BIN + rc_status -v + ;; + *) + echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload}" + exit 1 + ;; +esac +rc_exit diff --git a/openCryptoki.spec b/openCryptoki.spec new file mode 100644 index 0000000..fe36d52 --- /dev/null +++ b/openCryptoki.spec @@ -0,0 +1,423 @@ +# +# spec file for package openCryptoki (Version 2.2.2) +# +# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. +# This file and all modifications and additions to the pristine +# package are under the same license as the package itself. +# +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# + +# norootforbuild + +Name: openCryptoki +BuildRequires: gcc-c++ libica openssl-devel +Summary: An Implementation of PKCS#11 (Cryptoki) v2.01 for IBM Cryptographic Hardware +Version: 2.2.2 +Release: 27 +License: Other License(s), see package, IBM Public License +Group: Productivity/Security +# :pserver:anonymous@cvs.sourceforge.net:/cvsroot/opencryptoki +# cvs co -r openCryptoki-2-1-5 -d openCryptoki-2-1-5 . +Source: openCryptoki-2.2.2-rc2.tar.bz2 +Source1: openCryptoki.pkcsslotd +Source2: openCryptoki-TFAQ.html +Patch0: openCryptoki-autoconf.patch +Patch1: openCryptoki-config.patch +Patch3: openCryptoki-compile-fixes.patch +Patch4: openCryptoki-no_mmap.patch +Patch5: openCryptoki-per_user.patch +Patch6: openCryptoki-prototypes.patch +Patch7: ock_add_free_mech_list_20060131.diff +Patch8: ock_head_ptr_to_null_20060308.diff +Patch9: ock_222_proc_struct_cmd_20060309.diff +Patch10: ock_222_cmd_fix_ptr_to_arr.diff +Patch11: ock_64_bit_fixes.diff +Patch12: openCryptoki-pkcsslotd-removepidfile.patch +Patch13: openCryptoki-retval.patch +URL: http://oss.software.ibm.com/developerworks/opensource/opencryptoki +BuildRoot: %{_tmppath}/%{name}-%{version}-build +PreReq: /usr/sbin/groupadd /usr/bin/id /usr/sbin/usermod /bin/sed +Requires: libica +%define oc_cvs_tag openCryptoki-2.2.2-rc2 +# the userland tools are only maintained in 32bit, when a 32bit +# userland compatibility is available for the corresponding 64bit +# architecture. +# +# Thus, the user is supposed to install the 32bit package and the +# additional 64bit package together. +# +# +# openCryptoki contains the common files. is always installed natively +# openCryptoki-32bit contains the 32bit binaries for native use and +# for the 'other' distribution +# openCryptoki-64bit contains the 64bit binaries for use on the 'other' distribution +%define openCryptoki_32bit_arch %ix86 s390 ppc %arm +# support in the workings for: ppc64 +# no support in sight for: ia64 x86_64 +%define openCryptoki_64bit_arch s390x ppc64 +# autobuild:/work/cd/lib/misc/group +# openCryptoki pkcs11:x:64: +%define pkcs11_group_id 64 +# IBM maintains openCryptoki on these architectures: +ExclusiveArch: %openCryptoki_32bit_arch %openCryptoki_64bit_arch +# + +%description +The PKCS#11 version 2.01 API implemented for the IBM cryptographic +cards. This package includes support for the IBM 4758 cryptographic +coprocessor (with the PKCS#11 firmware loaded) and the IBM eServer +Cryptographic Accelerator (FC 4960 on pSeries). + + + +%ifarch %openCryptoki_32bit_arch +%package 32bit +%else +%package 64bit +%endif +Summary: Implementation of PKCS#11 (Cryptoki) v2.01 for IBM Crypto Hardware +Group: Productivity/Security +# this is needed to make sure the pkcs11 group exists before +# installation: +PreReq: openCryptoki +%ifarch %openCryptoki_32bit_arch + +%description 32bit +This is a re-packaged binary rpm. For the package source, please look +for the source of the package without the "32bit" ending + +The PKCS#11 version 2.01 API implemented for the IBM cryptographic +cards. This package includes support for the IBM 4758 cryptographic +co-processor (with the PKCS#11 firmware loaded) and the IBM eServer +Cryptographic Accelerator (FC 4960 on pSeries). + + + +%else + +%description 64bit +This is a re-packaged binary rpm. For the package source, please look +for the source of the package without the "64bit" ending + +The PKCS#11 Version 2.01 api implemented for the IBM Crypto cards. This +package includes support for the IBM 4758 Cryptographic CoProcessor +(with the PKCS#11 firmware loaded) and the IBM eServer Cryptographic +Accelerator (FC 4960 on pSeries) + + + +%endif +%package devel +Summary: An Implementation of PKCS#11 (Cryptoki) v2.01 for IBM Cryptographic Hardware +Group: Productivity/Security +Requires: openCryptoki = %{version}-%{release}, glibc-devel, openssl-devel + +%description devel +The PKCS#11 version 2.01 API implemented for the IBM cryptographic +cards. This package includes support for the IBM 4758 cryptographic +co-processor (with the PKCS#11 firmware loaded) and the IBM eServer +Cryptographic Accelerator (FC 4960 on pSeries). + + + +%prep +%setup -n %{oc_cvs_tag} +%patch1 +%patch3 +%patch4 +%patch5 +%patch6 +%patch7 +%patch8 -p1 +%patch9 +%patch10 -p1 +%patch11 -p2 +%patch12 +%patch13 +cp %{SOURCE2} . +#find -name CVS -type d -print0 | xargs -0 rm -rfv + +%build +autoreconf --force --install +CFLAGS="$RPM_OPT_FLAGS -D__USE_BSD" ./configure --prefix=/usr --libdir=%{_libdir} +make + +%install +make install DESTDIR=$RPM_BUILD_ROOT INSROOT=$RPM_BUILD_ROOT +mkdir -p $RPM_BUILD_ROOT/usr/include +mkdir -p $RPM_BUILD_ROOT/var/lib/opencryptoki +mkdir -p $RPM_BUILD_ROOT/etc/init.d +mkdir -p $RPM_BUILD_ROOT/usr/sbin +cp -av %{S:1} $RPM_BUILD_ROOT/etc/init.d/pkcsslotd +ln -sfv ../../etc/init.d/pkcsslotd $RPM_BUILD_ROOT/usr/sbin/rcpkcsslotd +rm -rf $RPM_BUILD_ROOT/tmp +# Remove all development files +rm -f $RPM_BUILD_ROOT${_libdir}/opencryptoki/libopencryptoki.la +# +# FIX to build it on ppc64 +# +# %ifarch ppc64 +# rm -f $RPM_BUILD_ROOT/usr/lib/pkcs11/methods/pkcs11_startup +# rm -f $RPM_BUILD_ROOT/usr/lib/pkcs11/methods/pkcs_slot +# rm -f $RPM_BUILD_ROOT/usr/lib/pkcs11/stdll/PKCS11_SW.so +# rm -f $RPM_BUILD_ROOT/usr/sbin/pkcsslotd +# %endif +%ifnarch %openCryptoki_32bit_arch +rm -f $RPM_BUILD_ROOT/etc/init.d/pkcsslotd +rm -f $RPM_BUILD_ROOT/usr/include/opencryptoki/apiclient.h +rm -f $RPM_BUILD_ROOT/usr/include/opencryptoki/pkcs11.h +rm -f $RPM_BUILD_ROOT/usr/include/opencryptoki/pkcs11types.h +rm -f $RPM_BUILD_ROOT/usr/lib64/opencryptoki/libopencryptoki.la +rm -f $RPM_BUILD_ROOT/usr/lib64/opencryptoki/stdll/libpkcs11_ica.la +rm -f $RPM_BUILD_ROOT/usr/lib64/opencryptoki/stdll/libpkcs11_sw.la +rm -f $RPM_BUILD_ROOT/usr/sbin/pkcs11_startup +rm -f $RPM_BUILD_ROOT/usr/sbin/pkcs_slot +rm -f $RPM_BUILD_ROOT/usr/sbin/pkcsconf +rm -f $RPM_BUILD_ROOT/usr/sbin/pkcsslotd +rm -f $RPM_BUILD_ROOT/usr/sbin/rcpkcsslotd +%endif +rm -f $RPM_BUILD_ROOT/%_libdir/opencryptoki/methods + +%pre +# autobuild:/work/cd/lib/misc/group +# openCryptoki pkcs11:x:64: +/usr/sbin/groupadd -g %pkcs11_group_id -o -r pkcs11 2>/dev/null || true +# add root to group pkcs11 to enable root to run pkcsconf +/usr/sbin/usermod -G $(/usr/bin/id --groups --name root | /bin/sed \ +-e 's/root//' -e ' +# add the pkcs group if it is missing +/(^| )pkcs11( |$)/!s/$/ pkcs11/ +# replace spaces by commas +y/ /,/ +'),pkcs11 root +%ifarch %openCryptoki_32bit_arch + +%postun +if [ -L %{_sysconfdir}/pkcs11 ] ; then + rm %{_sysconfdir}/pkcs11 +fi + +%postun 32bit +# remove the openCryptoki start script +%{insserv_cleanup} +%endif +%ifarch %openCryptoki_32bit_arch + +%post 32bit +# Old library name links +cd %{_libdir}/opencryptoki && ln -sf ./libopencryptoki.so PKCS11_API.so +ln -sf %{_sbindir} %{_libdir}/opencryptoki/methods +rm -rf %{_libdir}/pkcs11/stdll +if [ -d %{_libdir}/pkcs11 ] ; then + cd %{_libdir}/pkcs11 + ln -sf ../opencryptoki/stdll stdll + cd stdll + [ -f libpkcs11_ica.so ] && ln -sf ./libpkcs11_ica.so PKCS11_ICA.so || true + [ -f libpkcs11_sw.so ] && ln -sf ./libpkcs11_sw.so PKCS11_SW.so || true +fi +%else + +%post 64bit +# Old library name for 64bit libs were under /usr/lib/pkcs11. For migration purposes only. +test -d /usr/lib/pkcs11 || mkdir -p /usr/lib/pkcs11 +ln -sf %{_libdir}/opencryptoki/libopencryptoki.so /usr/lib/pkcs11/PKCS11_API.so64 +%endif + +%post +# Symlink from /var/lib/opencryptoki to /etc/pkcs11 +if [ ! -L %{_sysconfdir}/pkcs11 ] ; then + if [ -e %{_sysconfdir}/pkcs11/pk_config_data ] ; then + mv %{_sysconfdir}/pkcs11/* %{_localstatedir}/lib/opencryptoki + cd %{_sysconfdir} && rm -rf pkcs11 && \ + ln -sf %{_localstatedir}/lib/opencryptoki pkcs11 + fi +fi +################################################################### +%ifarch %openCryptoki_32bit_arch + +%files +%defattr(-,root,root) +%doc openCryptoki-TFAQ.html + # configuration directory +%dir %attr(755,root,pkcs11) /var/lib/opencryptoki +/etc/init.d/pkcsslotd +/usr/sbin/rcpkcsslotd + # utilities +/usr/sbin/pkcsslotd +/usr/sbin/pkcs11_startup +/usr/sbin/pkcsconf +/usr/sbin/pkcs_slot +%dir %{_libdir}/opencryptoki +%dir %{_libdir}/opencryptoki/stdll + +%files 32bit +%defattr(-,root,root) + # these don't conflict because they only exist as 64bit binaries if + # there is no 32bit version of them usable +%{_libdir}/opencryptoki/libopencryptoki.so +%ghost %{_libdir}/opencryptoki/PKCS11_API.so +%{_libdir}/opencryptoki/*.0 +%{_libdir}/opencryptoki/stdll/libpkcs11_ica.so +%ghost %{_libdir}/opencryptoki/stdll/PKCS11_ICA.so +%ifnarch s390 s390x +%{_libdir}/opencryptoki/stdll/libpkcs11_sw.so +%ghost %{_libdir}/opencryptoki/stdll/PKCS11_SW.so +%endif +%{_libdir}/opencryptoki/stdll/*.0 +%dir %{_libdir}/pkcs11 +%ghost %{_libdir}/pkcs11/stdll +%ghost %{_libdir}/pkcs11/methods +%{_libdir}/pkcs11/*.so +%{_libdir}/libopencryptoki.so +%{_libdir}/libopencryptoki.so.0 + +%files devel +%defattr(-,root,root) +%dir %{_libdir}/opencryptoki +%dir %{_libdir}/opencryptoki/stdll +%{_libdir}/opencryptoki/*.la +%{_libdir}/opencryptoki/stdll/*.la +%{_includedir}/opencryptoki +################################################################### +%else # not openCryptoki_32bit_arch but 64bit arch + +%files 64bit +%defattr(-,root,root) +%dir %_libdir/opencryptoki +%{_libdir}/opencryptoki/*.so +%{_libdir}/opencryptoki/*.0 +%dir %_libdir/opencryptoki/stdll +%{_libdir}/opencryptoki/stdll/*.so +%{_libdir}/opencryptoki/stdll/*.0 +%{_libdir}/pkcs11 +%{_libdir}/libopencryptoki.so +%{_libdir}/libopencryptoki.so.0 +%endif + +%changelog -n openCryptoki +* Fri Oct 20 2006 - ro@suse.de +- fix missing return values from non-void funcs +* Fri Apr 21 2006 - uli@suse.de +- pkcsslotd: create PID file in the right place, delete it on + exit (bug #164664) +* Tue Apr 11 2006 - uli@suse.de +- added 64-bit patches from IBM (bug #145666) +* Mon Apr 10 2006 - uli@suse.de +- added small change missing from patch for bug #156651 +* Mon Apr 03 2006 - uli@suse.de +- fixed location of pkcs11_startup in init script (bug #162372) +* Mon Mar 13 2006 - uli@suse.de +- fixed proc_t structure mixup (bug #156651) +* Thu Mar 09 2006 - uli@suse.de +- initialize head pointer (bug #156229) +* Mon Mar 06 2006 - uli@suse.de +- %%ghost symlinks that are generated in %%post (bug #154961) +* Thu Feb 02 2006 - uli@suse.de +- stuffed memleak (patch by IBM, bug #147036) +* Wed Feb 01 2006 - uli@suse.de +- changed RPM layout to meet IBM's demands (based on patch by IBM, + bug #145666) +- removed mmap, per-user data store support (patch by IBM, bug + [#145666]) +* Wed Jan 25 2006 - mls@suse.de +- converted neededforbuild to BuildRequires +* Thu Jan 12 2006 - hare@suse.de +- Update to 2.2.2-rc2 +* Wed Jan 11 2006 - hare@suse.de +- Update to 2.2.1-rc2 +- Fixed build errors +- Cleaned up spec file. +* Wed Dec 14 2005 - ro@suse.de +- copy TFAQ to build directory (fix build) +* Mon Dec 12 2005 - hare@suse.de +- Update to 2.1.6-rc5. +- Port fixes from SLES9 SP3. +* Tue Nov 15 2005 - uli@suse.de +- enabled for ARM +* Thu Feb 17 2005 - od@suse.de +- fix #50050: + - ./configure.in: wrong test against $host makes ppc(64) miss + -DPKCS64 in CFLAGS + - corrected: S390 flag was set for ppc in this conditional +* Mon Aug 16 2004 - ro@suse.de +- run full autoreconf / simplify specfile a little +* Tue Apr 27 2004 - hare@suse.de +- Print correct error message (#37427 again). +* Fri Apr 23 2004 - hare@suse.de +- Check for the correct module on startup (#37427) +* Sun Apr 18 2004 - olh@suse.de +- update to openCryptoki-2.1.5, ppc64 version (#39026) +* Wed Feb 18 2004 - ro@suse.de +- adapt filelist on ppc +* Thu Feb 12 2004 - kukuk@suse.de +- Fix owner/group of files/directories +* Fri Dec 05 2003 - ro@suse.de +- no need to specify "root" as supplementary group for root, + it's already primary +* Wed Jul 30 2003 - hare@suse.de +- Update to openCryptoki-2.1.3 +- Fixed configure errors. +* Mon Jun 23 2003 - ro@suse.de +- added directories to filelist +* Wed Jun 04 2003 - ro@suse.de +- remove CVS subdirs +- remove unpackaged files from buildroot +* Thu Nov 21 2002 - ro@suse.de +- removed duplicates from configure.in +* Tue Oct 01 2002 - froh@suse.de +- exclude ppc64 from the architectures, the package is built for. + 64bit mode is not supported by IBM yet; dlopen wrappers are also + missing 64bit filename handling. (#20380) +- actually compress the openCryptoki-1.4*.tar.bz2 +* Tue Sep 24 2002 - ro@suse.de +- make it even build ... +* Tue Sep 24 2002 - froh@suse.de +- make openCryptoki-XXbit PreReq: openCryptoki to enforce pkcs11 group + creation before package installation (#20079) +- correct version number (the patch actiually lifts openCryptoki to 1.5) +- fix groupadd call to no longer silently ignore errors in all cases + using (hopefully) posix exit codes. alternative would be to use + undocumented '-f' option of groupadd. +* Fri Sep 20 2002 - froh@suse.de +- add user root to group pkcs11 to enable root to administrate the + crypto hardware support (#19566) +* Mon Aug 26 2002 - okir@suse.de +- misc security fixes (#18377) +* Fri Aug 23 2002 - froh@suse.de +- replaced openCryptoki-tools with openCryptoki-32bit and + openCryptoki-64bit +* Thu Aug 22 2002 - froh@suse.de +- moved dlopen objects that are available for non-x86 out of the + ifarch ix86 +- moved postun to tools subpackge (which contains the daemon) +- removed include files. no development support for now. +- replaced %%ix86, etc by appropriate generic %%openCryptoki_tools_arch + and %%openCryptoki_no_tools_arch +* Wed Aug 21 2002 - ro@suse.de +- replaced all i386 occurrences with %%ix86 +- changed filelist to what's really built +* Tue Aug 20 2002 - froh@suse.de +- split package to openCryptoki and openCryptoki-tools to allow + parallel installation of 32bit tools with 64bit dlopen objects for + foreign middleware. +- removed automatical insserv on install, because the package needs + manual configuration (#18031) +* Mon Aug 12 2002 - froh@suse.de +- added missing %%post before insserv (Bug #17600) +* Fri Aug 09 2002 - kukuk@suse.de +- Fix path in PreReq. +* Wed Aug 07 2002 - froh@suse.de +- add groupadd pkcs11 in %%pre install +* Mon Jul 29 2002 - froh@suse.de +- updated to current version +- removed old START_ variable +* Fri Jun 14 2002 - ro@suse.de +- always use macros when calling insserv +* Tue Apr 09 2002 - bk@suse.de +- add lib64 support +* Tue Feb 05 2002 - froh@suse.de +- Added openssl to #neededforbuild, which is needed in addition to + openssl-devel +* Wed Jan 30 2002 - froh@suse.de +- initial version diff --git a/ready b/ready new file mode 100644 index 0000000..473a0f4