Subject: zkey: Enhance error message about missing CCA library. From: Ingo Franzki Description: zkey: Enhance error message about missing CCA library. Symptom: "zkey-cryptsetup reencipher" fails with missing library and confusing error message. Problem: The "zkey reencipher" command as well as the "zkey-cryptsetup reencipher" command requires the IBM CCA Host Libraries and Tools package to be installed. This is a closed source library that is not distributed by the distributions, but must be downloaded separately from an IBM web page. Solution: Enhance the error message to point to the web page where the package can be downloaded. Reproduction: Run the "zkey-cryptsetup reencipher" or "zkey reencipher" command without having installed the IBM CCA Host Libraries and Tools package. Upstream-ID: - Problem-ID: 173878 Signed-off-by: Ingo Franzki --- zkey/pkey.c | 13 +++++++++---- zkey/zkey-cryptsetup.1 | 3 ++- zkey/zkey.1 | 3 ++- 3 files changed, 13 insertions(+), 6 deletions(-) --- a/zkey/pkey.c +++ b/zkey/pkey.c @@ -48,6 +48,7 @@ * Definitions for the CCA library */ #define CCA_LIBRARY_NAME "libcsulcca.so" +#define CCA_WEB_PAGE "http://www.ibm.com/security/cryptocards" #define DEFAULT_KEYBITS 256 @@ -71,16 +72,20 @@ int load_cca_library(void **lib_csulcca, /* Load the CCA library */ *lib_csulcca = dlopen(CCA_LIBRARY_NAME, RTLD_GLOBAL | RTLD_NOW); if (*lib_csulcca == NULL) { - warnx("%s\nEnsure that the IBM CCA Host Libraries and " - "Tools are installed properly", dlerror()); + pr_verbose(verbose, "%s", dlerror()); + warnx("The command requires the IBM CCA Host Libraries and " + "Tools.\nFor the supported environments and downloads, " + "see:\n%s", CCA_WEB_PAGE); return -ELIBACC; } /* Get the Key Token Change function */ *dll_CSNBKTC = (t_CSNBKTC)dlsym(*lib_csulcca, "CSNBKTC"); if (*dll_CSNBKTC == NULL) { - warnx("%s\nEnsure that the IBM CCA Host Libraries and " - "Tools are installed properly", dlerror()); + pr_verbose(verbose, "%s", dlerror()); + warnx("The command requires the IBM CCA Host Libraries and " + "Tools.\nFor the supported environments and downloads, " + "see:\n%s", CCA_WEB_PAGE); dlclose(*lib_csulcca); *lib_csulcca = NULL; return -ELIBACC; --- a/zkey/zkey-cryptsetup.1 +++ b/zkey/zkey-cryptsetup.1 @@ -182,7 +182,8 @@ behave in the same way as with \fBcrypts .PP .B Note: The \fBreencipher\fP command requires the CCA host library (libcsulcca.so) -to be installed. +to be installed. For the supported environments and downloads, see: +\fIhttp://www.ibm.com/security/cryptocards\fP . . . --- a/zkey/zkey.1 +++ b/zkey/zkey.1 @@ -282,7 +282,8 @@ a staged re-enciphering for the \fBOLD\f .PP .B Note: The \fBreencipher\fP command requires the CCA host library (libcsulcca.so) -to be installed. +to be installed. For the supported environments and downloads, see: +\fIhttp://www.ibm.com/security/cryptocards\fP . .SS "Import existing AES secure keys into the secure key repository" .