f41ca9bf97
- Added patch for compile errors * ocki-3.19.0-0035-Fix-compile-error-error-initializer-element-is-not-c.patch - Changed spec file to use %autosetup instead of %setup. - Updated the package openCryptoki 3.19.0 (jsc#PED-616, bsc#1207760), added the following patches: * ocki-3.19.0-0001-EP11-Unify-key-pair-generation-functions.patch * ocki-3.19.0-0002-EP11-Do-not-report-DSA-DH-parameter-generation-as-be.patch * ocki-3.19.0-0003-EP11-Do-not-pass-empty-CKA_PUBLIC_KEY_INFO-to-EP11-h.patch * ocki-3.19.0-0004-Mechtable-CKM_IBM_DILITHIUM-can-also-be-used-for-key.patch * ocki-3.19.0-0005-EP11-Remove-DSA-DH-parameter-generation-mechanisms-f.patch * ocki-3.19.0-0006-EP11-Pass-back-chain-code-for-CKM_IBM_BTC_DERIVE.patch * ocki-3.19.0-0007-EP11-Supply-CKA_PUBLIC_KEY_INFO-with-CKM_IBM_BTC_DER.patch * ocki-3.19.0-0008-EP11-Supply-CKA_PUBLIC_KEY_INFO-when-importing-priva.patch * ocki-3.19.0-0009-EP11-Fix-memory-leak-introduced-with-recent-commit.patch * ocki-3.19.0-0010-p11sak-Fix-segfault-when-dilithium-version-is-not-sp.patch * ocki-3.19.0-0011-EP11-remove-dead-code-and-unused-variables.patch * ocki-3.19.0-0012-EP11-Update-EP11-host-library-header-files.patch * ocki-3.19.0-0013-EP11-Support-EP11-host-library-version-4.patch * ocki-3.19.0-0014-EP11-Add-new-control-points.patch * ocki-3.19.0-0015-EP11-Default-unknown-CPs-to-ON.patch * ocki-3.19.0-0016-COMMON-Add-defines-for-Dilithium-round-2-and-3-varia.patch * ocki-3.19.0-0017-COMMON-Add-defines-for-Kyber.patch * ocki-3.19.0-0018-COMMON-Add-post-quantum-algorithm-OIDs.patch * ocki-3.19.0-0019-COMMON-Dilithium-key-BER-encoding-decoding-allow-dif.patch * ocki-3.19.0-0020-COMMON-EP11-Add-CKA_VALUE-holding-SPKI-PKCS-8-of-key.patch * ocki-3.19.0-0021-COMMON-EP11-Allow-to-select-Dilithium-variant-via-mo.patch * ocki-3.19.0-0022-EP11-Query-supported-PQC-variants-and-restrict-usage.patch * ocki-3.19.0-0023-POLICY-Dilithium-strength-and-signature-size-depends.patch * ocki-3.19.0-0024-TESTCASES-Test-Dilithium-variants.patch * ocki-3.19.0-0025-COMMON-EP11-Add-Kyber-key-type-and-mechanism.patch * ocki-3.19.0-0026-EP11-Add-support-for-generating-and-importing-Kyber-.patch * ocki-3.19.0-0027-EP11-Add-support-for-encrypt-decrypt-and-KEM-operati.patch * ocki-3.19.0-0028-POLICY-STATISTICS-Check-for-Kyber-KEM-KDFs-and-count.patch * ocki-3.19.0-0029-TESTCASES-Add-tests-for-CKM_IBM_KYBER.patch * ocki-3.19.0-0030-p11sak-Support-additional-Dilithium-variants.patch * ocki-3.19.0-0031-p11sak-Add-support-for-IBM-Kyber-key-type.patch * ocki-3.19.0-0032-testcase-Enhance-p11sak-testcase-to-generate-IBM-Kyb.patch * ocki-3.19.0-0033-EP11-Supply-CKA_PUBLIC_KEY_INFO-with-CKM_IBM_BTC_DER.patch * ocki-3.19.0-0034-EP11-Fix-setting-unknown-CPs-to-ON.patch OBS-URL: https://build.opensuse.org/request/show/1063652 OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=128
138 lines
5.0 KiB
Diff
138 lines
5.0 KiB
Diff
From 4cad40e594b916ef3416dd574304b2c60138a6fe Mon Sep 17 00:00:00 2001
|
|
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
Date: Mon, 19 Sep 2022 09:01:13 +0200
|
|
Subject: [PATCH 13/34] EP11: Support EP11 host library version 4
|
|
|
|
Try to load the EP11 host library version 4 (libep11.so.4) first,
|
|
but fall back to version 3, 2, 1, or even the un-versioned shared library.
|
|
|
|
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
---
|
|
usr/lib/ep11_stdll/ep11_specific.c | 15 ++++++++++++---
|
|
usr/sbin/pkcsep11_migrate/pkcsep11_migrate.c | 11 +++++++++--
|
|
usr/sbin/pkcsep11_session/pkcsep11_session.c | 11 +++++++++--
|
|
3 files changed, 30 insertions(+), 7 deletions(-)
|
|
|
|
diff --git a/usr/lib/ep11_stdll/ep11_specific.c b/usr/lib/ep11_stdll/ep11_specific.c
|
|
index 1dbfe0f5..304989fc 100644
|
|
--- a/usr/lib/ep11_stdll/ep11_specific.c
|
|
+++ b/usr/lib/ep11_stdll/ep11_specific.c
|
|
@@ -66,6 +66,7 @@
|
|
#include "pkey_utils.h"
|
|
|
|
#define EP11SHAREDLIB_NAME "OCK_EP11_LIBRARY"
|
|
+#define EP11SHAREDLIB_V4 "libep11.so.4"
|
|
#define EP11SHAREDLIB_V3 "libep11.so.3"
|
|
#define EP11SHAREDLIB_V2 "libep11.so.2"
|
|
#define EP11SHAREDLIB_V1 "libep11.so.1"
|
|
@@ -2209,9 +2210,17 @@ static void *ep11_load_host_lib()
|
|
return lib_ep11;
|
|
}
|
|
|
|
- ep11_lib_name = EP11SHAREDLIB_V3;
|
|
+ ep11_lib_name = EP11SHAREDLIB_V4;
|
|
lib_ep11 = dlopen(ep11_lib_name, DLOPEN_FLAGS);
|
|
|
|
+ if (lib_ep11 == NULL) {
|
|
+ TRACE_DEVEL("%s Error loading shared library '%s', trying '%s'\n",
|
|
+ __func__, EP11SHAREDLIB_V4, EP11SHAREDLIB_V3);
|
|
+ /* Try version 3 instead */
|
|
+ ep11_lib_name = EP11SHAREDLIB_V3;
|
|
+ lib_ep11 = dlopen(ep11_lib_name, DLOPEN_FLAGS);
|
|
+ }
|
|
+
|
|
if (lib_ep11 == NULL) {
|
|
TRACE_DEVEL("%s Error loading shared library '%s', trying '%s'\n",
|
|
__func__, EP11SHAREDLIB_V3, EP11SHAREDLIB_V2);
|
|
@@ -2239,9 +2248,9 @@ static void *ep11_load_host_lib()
|
|
if (lib_ep11 == NULL) {
|
|
errstr = dlerror();
|
|
OCK_SYSLOG(LOG_ERR,
|
|
- "%s: Error loading shared library '%s[.3|.2|.1]' [%s]\n",
|
|
+ "%s: Error loading shared library '%s[.4][.3|.2|.1]' [%s]\n",
|
|
__func__, EP11SHAREDLIB, errstr);
|
|
- TRACE_ERROR("%s Error loading shared library '%s[.3|.2|.1]' [%s]\n",
|
|
+ TRACE_ERROR("%s Error loading shared library '%s[.4][.3|.2|.1]' [%s]\n",
|
|
__func__, EP11SHAREDLIB, errstr);
|
|
return NULL;
|
|
}
|
|
diff --git a/usr/sbin/pkcsep11_migrate/pkcsep11_migrate.c b/usr/sbin/pkcsep11_migrate/pkcsep11_migrate.c
|
|
index 4a42a085..f80cfa9f 100644
|
|
--- a/usr/sbin/pkcsep11_migrate/pkcsep11_migrate.c
|
|
+++ b/usr/sbin/pkcsep11_migrate/pkcsep11_migrate.c
|
|
@@ -30,6 +30,7 @@
|
|
#include "pin_prompt.h"
|
|
|
|
#define EP11SHAREDLIB_NAME "OCK_EP11_LIBRARY"
|
|
+#define EP11SHAREDLIB_V4 "libep11.so.4"
|
|
#define EP11SHAREDLIB_V3 "libep11.so.3"
|
|
#define EP11SHAREDLIB_V2 "libep11.so.2"
|
|
#define EP11SHAREDLIB_V1 "libep11.so.1"
|
|
@@ -424,9 +425,15 @@ static void *ep11_load_host_lib()
|
|
return lib_ep11;
|
|
}
|
|
|
|
- ep11_lib_name = EP11SHAREDLIB_V3;
|
|
+ ep11_lib_name = EP11SHAREDLIB_V4;
|
|
lib_ep11 = dlopen(ep11_lib_name, DLOPEN_FLAGS);
|
|
|
|
+ if (lib_ep11 == NULL) {
|
|
+ /* Try version 3 instead */
|
|
+ ep11_lib_name = EP11SHAREDLIB_V3;
|
|
+ lib_ep11 = dlopen(ep11_lib_name, DLOPEN_FLAGS);
|
|
+ }
|
|
+
|
|
if (lib_ep11 == NULL) {
|
|
/* Try version 2 instead */
|
|
ep11_lib_name = EP11SHAREDLIB_V2;
|
|
@@ -447,7 +454,7 @@ static void *ep11_load_host_lib()
|
|
|
|
if (lib_ep11 == NULL) {
|
|
errstr = dlerror();
|
|
- fprintf(stderr, "Error loading shared library '%s[.3|.2|.1]' [%s]\n",
|
|
+ fprintf(stderr, "Error loading shared library '%s[.4|.3|.2|.1]' [%s]\n",
|
|
EP11SHAREDLIB, errstr);
|
|
return NULL;
|
|
}
|
|
diff --git a/usr/sbin/pkcsep11_session/pkcsep11_session.c b/usr/sbin/pkcsep11_session/pkcsep11_session.c
|
|
index 0c210135..b7b9e9c4 100644
|
|
--- a/usr/sbin/pkcsep11_session/pkcsep11_session.c
|
|
+++ b/usr/sbin/pkcsep11_session/pkcsep11_session.c
|
|
@@ -35,6 +35,7 @@
|
|
#include "pin_prompt.h"
|
|
|
|
#define EP11SHAREDLIB_NAME "OCK_EP11_LIBRARY"
|
|
+#define EP11SHAREDLIB_V4 "libep11.so.4"
|
|
#define EP11SHAREDLIB_V3 "libep11.so.3"
|
|
#define EP11SHAREDLIB_V2 "libep11.so.2"
|
|
#define EP11SHAREDLIB_V1 "libep11.so.1"
|
|
@@ -1050,9 +1051,15 @@ static void *ep11_load_host_lib()
|
|
return lib_ep11;
|
|
}
|
|
|
|
- ep11_lib_name = EP11SHAREDLIB_V3;
|
|
+ ep11_lib_name = EP11SHAREDLIB_V4;
|
|
lib_ep11 = dlopen(ep11_lib_name, DLOPEN_FLAGS);
|
|
|
|
+ if (lib_ep11 == NULL) {
|
|
+ /* Try version 3 instead */
|
|
+ ep11_lib_name = EP11SHAREDLIB_V3;
|
|
+ lib_ep11 = dlopen(ep11_lib_name, DLOPEN_FLAGS);
|
|
+ }
|
|
+
|
|
if (lib_ep11 == NULL) {
|
|
/* Try version 2 instead */
|
|
ep11_lib_name = EP11SHAREDLIB_V2;
|
|
@@ -1073,7 +1080,7 @@ static void *ep11_load_host_lib()
|
|
|
|
if (lib_ep11 == NULL) {
|
|
errstr = dlerror();
|
|
- fprintf(stderr, "Error loading shared library '%s[.3|.2|.1]' [%s]\n",
|
|
+ fprintf(stderr, "Error loading shared library '%s[.4|.3|.2|.1]' [%s]\n",
|
|
EP11SHAREDLIB, errstr);
|
|
return NULL;
|
|
}
|
|
--
|
|
2.16.2.windows.1
|
|
|