+++ /dev/null
---- opencryptoki-2.4/usr/lib/pkcs11/aep_stdll/aeptok_api.c.orig 2011-05-18 00:27:00.000000000 +0200
-+++ opencryptoki-2.4/usr/lib/pkcs11/aep_stdll/aeptok_api.c 2011-06-19 20:39:06.422327697 +0200
-@@ -34,6 +34,12 @@
- #include <sys/types.h>
- #include <sys/stat.h>
- #include <fcntl.h>
-+#include <string.h>
-+
-+#include "pkcs11types.h"
-+#include "defs.h"
-+#include "host_defs.h"
-+#include "h_extern.h"
-
- #include "aeptok_api.h"
-
---- opencryptoki/usr/lib/pkcs11/aep_stdll/aeptok_specific.c.orig 2013-07-15 19:25:40.000000000 +0200
-+++ opencryptoki/usr/lib/pkcs11/aep_stdll/aeptok_specific.c 2013-12-30 22:59:58.222059030 +0100
-@@ -14,7 +14,6 @@
- #include "defs.h"
- #include "host_defs.h"
- #include "h_extern.h"
--#include "args.h"
- #include "errno.h"
- #include "tok_specific.h"
-
-@@ -49,13 +48,13 @@ int cryptoki_aep_avail = TRUE;
- static int max_key_len = 2176;
-
- CK_RV
--token_specific_session(CK_SLOT_ID slotid)
-+token_specific_open_session(SESSION *session)
- {
- return CKR_OK;
- }
-
- CK_RV
--token_rng(CK_BYTE *output, CK_ULONG bytes)
-+token_specific_rng(CK_BYTE *output, CK_ULONG bytes)
- {
- #if 0
- int bytes2 = 384;
-@@ -97,19 +96,19 @@ tok_slot2local(CK_SLOT_ID snum)
-
-
- CK_RV
--token_specific_init(char * Correlator,CK_SLOT_ID SlotNumber)
-+token_specific_init(char * Correlator,CK_SLOT_ID SlotNumber,char * conf_name)
- {
- return CKR_OK;
- }
-
- CK_RV
--token_specific_final()
-+token_specific_final(void)
- {
- return CKR_OK;
- }
-
- CK_RV
--token_specific_des_key_gen(CK_BYTE *des_key,CK_ULONG len)
-+token_specific_des_key_gen(CK_BYTE *des_key,CK_ULONG len,CK_ULONG keysize)
- {
-
- // Nothing different to do for DES or TDES here as this is just
-@@ -127,10 +126,11 @@ token_specific_des_ecb(CK_BYTE * in_data
- CK_ULONG in_data_len,
- CK_BYTE *out_data,
- CK_ULONG *out_data_len,
-- CK_BYTE *key_value,
-+ OBJECT *key,
- CK_BYTE encrypt)
- {
- CK_ULONG rc;
-+ CK_ATTRIBUTE *attr = NULL;
-
- des_key_schedule des_key2;
- const_des_cblock key_val_SSL, in_key_data;
-@@ -138,8 +138,14 @@ token_specific_des_ecb(CK_BYTE * in_data
- int i,j;
- int ret;
-
-+ // get the key value
-+ if (template_attribute_find(key->template, CKA_VALUE, &attr) == FALSE) {
-+ OCK_LOG_ERR(ERR_FUNCTION_FAILED);
-+ return CKR_FUNCTION_FAILED;
-+ }
-+
- // Create the key schedule
-- memcpy(&key_val_SSL, key_value, 8);
-+ memcpy(&key_val_SSL, attr->pValue, 8);
- des_set_key_unchecked(&key_val_SSL, des_key2);
-
- // the des decrypt will only fail if the data length is not
-@@ -181,11 +187,12 @@ token_specific_des_cbc(CK_BYTE * in_data
- CK_ULONG in_data_len,
- CK_BYTE *out_data,
- CK_ULONG *out_data_len,
-- CK_BYTE *key_value,
-+ OBJECT *key,
- CK_BYTE *init_v,
- CK_BYTE encrypt)
- {
- CK_ULONG rc;
-+ CK_ATTRIBUTE *attr = NULL;
-
- des_cblock ivec;
- int ret;
-@@ -194,8 +201,14 @@ token_specific_des_cbc(CK_BYTE * in_data
- const_des_cblock key_val_SSL, in_key_data;
- des_cblock out_key_data;
-
-+ // get the key value
-+ if (template_attribute_find(key->template, CKA_VALUE, &attr) == FALSE) {
-+ OCK_LOG_ERR(ERR_FUNCTION_FAILED);
-+ return CKR_FUNCTION_FAILED;
-+ }
-+
- // Create the key schedule
-- memcpy(&key_val_SSL, key_value, 8);
-+ memcpy(&key_val_SSL, attr->pValue, 8);
- des_set_key_unchecked(&key_val_SSL, des_key2);
-
- memcpy(&ivec, init_v, 8);
-@@ -225,10 +238,13 @@ token_specific_tdes_ecb(CK_BYTE * in_dat
- CK_ULONG in_data_len,
- CK_BYTE *out_data,
- CK_ULONG *out_data_len,
-- CK_BYTE *key_value,
-+ OBJECT *key,
- CK_BYTE encrypt)
- {
- CK_RV rc;
-+ CK_ATTRIBUTE *attr = NULL;
-+ CK_KEY_TYPE keytype;
-+ CK_BYTE key_value[3*DES_KEY_SIZE];
-
- int k,j, ret;
- des_cblock out_temp;
-@@ -239,6 +255,25 @@ token_specific_tdes_ecb(CK_BYTE * in_dat
- const_des_cblock key_SSL1, key_SSL2, key_SSL3, in_key_data;
- des_cblock out_key_data;
-
-+ // get the key type
-+ rc = template_attribute_find(key->template, CKA_KEY_TYPE, &attr);
-+ if (rc == FALSE) {
-+ OCK_LOG_ERR(ERR_FUNCTION_FAILED);
-+ return CKR_FUNCTION_FAILED;
-+ }
-+ keytype = *(CK_KEY_TYPE *)attr->pValue;
-+
-+ // get the key value
-+ if (template_attribute_find(key->template, CKA_VALUE, &attr) == FALSE) {
-+ OCK_LOG_ERR(ERR_FUNCTION_FAILED);
-+ return CKR_FUNCTION_FAILED;
-+ }
-+ if (keytype == CKK_DES2) {
-+ memcpy(key_value, attr->pValue, 2*DES_KEY_SIZE);
-+ memcpy(key_value + (2*DES_KEY_SIZE), attr->pValue, DES_KEY_SIZE);
-+ } else
-+ memcpy(key_value, attr->pValue, 3*DES_KEY_SIZE);
-+
- // The key as passed is a 24 byte long string containing three des keys
- // pick them apart and create the 3 corresponding key schedules
- memcpy(&key_SSL1, key_value, 8);
-@@ -291,12 +326,16 @@ token_specific_tdes_cbc(CK_BYTE * in_dat
- CK_ULONG in_data_len,
- CK_BYTE *out_data,
- CK_ULONG *out_data_len,
-- CK_BYTE *key_value,
-+ OBJECT *key,
- CK_BYTE *init_v,
- CK_BYTE encrypt)
- {
-
- CK_RV rc = CKR_OK;
-+ CK_ATTRIBUTE *attr = NULL;
-+ CK_KEY_TYPE keytype;
-+ CK_BYTE key_value[3*DES_KEY_SIZE];
-+
- des_key_schedule des_key1;
- des_key_schedule des_key2;
- des_key_schedule des_key3;
-@@ -304,6 +343,25 @@ token_specific_tdes_cbc(CK_BYTE * in_dat
- const_des_cblock key_SSL1, key_SSL2, key_SSL3, in_key_data;
- des_cblock ivec;
-
-+ // get the key type
-+ rc = template_attribute_find(key->template, CKA_KEY_TYPE, &attr);
-+ if (rc == FALSE) {
-+ OCK_LOG_ERR(ERR_FUNCTION_FAILED);
-+ return CKR_FUNCTION_FAILED;
-+ }
-+ keytype = *(CK_KEY_TYPE *)attr->pValue;
-+
-+ // get the key value
-+ if (template_attribute_find(key->template, CKA_VALUE, &attr) == FALSE) {
-+ OCK_LOG_ERR(ERR_FUNCTION_FAILED);
-+ return CKR_FUNCTION_FAILED;
-+ }
-+ if (keytype == CKK_DES2) {
-+ memcpy(key_value, attr->pValue, 2*DES_KEY_SIZE);
-+ memcpy(key_value + (2*DES_KEY_SIZE), attr->pValue, DES_KEY_SIZE);
-+ } else
-+ memcpy(key_value, attr->pValue, 3*DES_KEY_SIZE);
-+
- // The key as passed in is a 24 byte string containing 3 keys
- // pick it apart and create the key schedules
- memcpy(&key_SSL1, key_value, 8);
-@@ -829,12 +887,18 @@ CK_RV
- token_specific_rsa_encrypt( CK_BYTE * in_data,
- CK_ULONG in_data_len,
- CK_BYTE * out_data,
-+ CK_ULONG * out_data_len,
- OBJECT * key_obj )
- {
- CK_RV rc;
- RSA *rsa;
- int mLen;
-
-+ if (in_data_len > *out_data_len) {
-+ OCK_LOG_DEBUG("CKR_DATA_LEN_RANGE\n");
-+ return CKR_DATA_LEN_RANGE;
-+ }
-+
- // Convert the local representation to an RSA representation
- rsa = (RSA *)rsa_convert_public_key(key_obj, &mLen);
- if (rsa==NULL) {
-@@ -862,6 +926,7 @@ token_specific_rsa_encrypt( CK_BYTE *
- }
-
- if (rc != 0) {
-+ *out_data_len = in_data_len;
- rc = CKR_OK;
- } else {
- OCK_LOG_ERR(ERR_FUNCTION_FAILED);
-@@ -879,12 +944,18 @@ CK_RV
- token_specific_rsa_decrypt( CK_BYTE * in_data,
- CK_ULONG in_data_len,
- CK_BYTE * out_data,
-+ CK_ULONG * out_data_len,
- OBJECT * key_obj )
- {
- CK_RV rc;
- RSA *rsa;
- int mLen;
-
-+ if (*out_data_len < in_data_len) {
-+ OCK_LOG_ERR(ERR_BUFFER_TOO_SMALL);
-+ return CKR_BUFFER_TOO_SMALL;
-+ }
-+
- // Convert the local key representation to an RSA key representaion
- rsa = (RSA *)rsa_convert_private_key(key_obj, &mLen);
- if (rsa == NULL) {
-@@ -910,6 +981,7 @@ token_specific_rsa_decrypt( CK_BYTE *
- rsa, RSA_NO_PADDING);
- }
- if (rc != 0) {
-+ *out_data_len = in_data_len;
- rc = CKR_OK;
- } else {
- OCK_LOG_ERR(ERR_FUNCTION_FAILED);
-@@ -925,7 +997,7 @@ token_specific_rsa_decrypt( CK_BYTE *
- #ifndef NOAES
-
- CK_RV
--token_specific_aes_key_gen( CK_BYTE *key, CK_ULONG len )
-+token_specific_aes_key_gen( CK_BYTE *key, CK_ULONG len, CK_ULONG keysize )
- {
- return rng_generate(key, len);
- }
-@@ -935,22 +1007,28 @@ token_specific_aes_ecb( CK_BYTE
- CK_ULONG in_data_len,
- CK_BYTE *out_data,
- CK_ULONG *out_data_len,
-- CK_BYTE *key_value,
-- CK_ULONG key_len,
-+ OBJECT *key,
- CK_BYTE encrypt)
- {
-+ CK_ATTRIBUTE *attr = NULL;
- AES_KEY ssl_aes_key;
- int i;
- /* There's a previous check that in_data_len % AES_BLOCK_SIZE == 0,
- * so this is fine */
- CK_ULONG loops = (CK_ULONG)(in_data_len/AES_BLOCK_SIZE);
-
-+ // get the key value
-+ if (template_attribute_find(key->template, CKA_VALUE, &attr) == FALSE) {
-+ OCK_LOG_ERR(ERR_FUNCTION_FAILED);
-+ return CKR_FUNCTION_FAILED;
-+ }
-+
- memset( &ssl_aes_key, 0, sizeof(AES_KEY));
-
- // AES_ecb_encrypt encrypts only a single block, so we have to break up the
- // input data here
- if (encrypt) {
-- AES_set_encrypt_key((unsigned char *)key_value, (key_len*8), &ssl_aes_key);
-+ AES_set_encrypt_key((unsigned char *)attr->pValue, (attr->ulValueLen*8), &ssl_aes_key);
- for( i=0; i<loops; i++ ) {
- AES_ecb_encrypt((unsigned char *)in_data + (i*AES_BLOCK_SIZE),
- (unsigned char *)out_data + (i*AES_BLOCK_SIZE),
-@@ -958,7 +1036,7 @@ token_specific_aes_ecb( CK_BYTE
- AES_ENCRYPT);
- }
- } else {
-- AES_set_decrypt_key((unsigned char *)key_value, (key_len*8), &ssl_aes_key);
-+ AES_set_decrypt_key((unsigned char *)attr->pValue, (attr->ulValueLen*8), &ssl_aes_key);
- for( i=0; i<loops; i++ ) {
- AES_ecb_encrypt((unsigned char *)in_data + (i*AES_BLOCK_SIZE),
- (unsigned char *)out_data + (i*AES_BLOCK_SIZE),
-@@ -976,25 +1054,31 @@ token_specific_aes_cbc( CK_BYTE
- CK_ULONG in_data_len,
- CK_BYTE *out_data,
- CK_ULONG *out_data_len,
-- CK_BYTE *key_value,
-- CK_ULONG key_len,
-+ OBJECT *key,
- CK_BYTE *init_v,
- CK_BYTE encrypt)
- {
- AES_KEY ssl_aes_key;
-+ CK_ATTRIBUTE *attr = NULL;
- int i;
-
-+ // get the key value
-+ if(template_attribute_find(key->template, CKA_VALUE, &attr) == FALSE) {
-+ OCK_LOG_ERR(ERR_FUNCTION_FAILED);
-+ return CKR_FUNCTION_FAILED;
-+ }
-+
- memset( &ssl_aes_key, 0, sizeof(AES_KEY));
-
- // AES_cbc_encrypt chunks the data into AES_BLOCK_SIZE blocks, unlike
- // AES_ecb_encrypt, so no looping required.
- if (encrypt) {
-- AES_set_encrypt_key((unsigned char *)key_value, (key_len*8), &ssl_aes_key);
-+ AES_set_encrypt_key((unsigned char *)attr->pValue, (attr->ulValueLen*8), &ssl_aes_key);
- AES_cbc_encrypt((unsigned char *)in_data, (unsigned char *)out_data,
- in_data_len, &ssl_aes_key,
- init_v, AES_ENCRYPT);
- } else {
-- AES_set_decrypt_key((unsigned char *)key_value, (key_len*8), &ssl_aes_key);
-+ AES_set_decrypt_key((unsigned char *)attr->pValue, (attr->ulValueLen*8), &ssl_aes_key);
- AES_cbc_encrypt((unsigned char *)in_data, (unsigned char *)out_data,
- in_data_len, &ssl_aes_key,
- init_v, AES_DECRYPT);
---- opencryptoki/usr/lib/pkcs11/aep_stdll/tok_struct.h.orig 2013-07-15 19:25:40.000000000 +0200
-+++ opencryptoki/usr/lib/pkcs11/aep_stdll/tok_struct.h 2013-12-30 23:06:15.798709893 +0100
-@@ -310,26 +310,91 @@
- token_spec_t token_specific = {
- AEP_CONFIG_PATH,
- "aep",
-- "AEP_STDLL_Debug",
-+ 0,
-+ {
-+ FALSE,
-+ FALSE,
-+ CKM_DES3_CBC,
-+ "12345678",
-+ "10293847"
-+ },
-+ NULL, /* creatlock */
-+ NULL, /* attach_shm */
- &token_specific_init,
-+ NULL, /* init_token_data */
-+ NULL, /* load_token_data */
-+ NULL, /* save_token_data */
- &tok_slot2local,
-- &token_rng,
-- &token_specific_session,
-+ &token_specific_rng,
-+ &token_specific_open_session,
-+ NULL, /* close_session */
- &token_specific_final,
-+ NULL, /* init_token */
-+ NULL, /* login */
-+ NULL, /* logout */
-+ NULL, /* init_pin */
-+ NULL, /* set_pin */
-+ NULL, /* copy object */
-+ NULL, /* create_object */
-+ NULL, /* get_attribute_value */
-+ NULL, /* set_attribute_value */
-+ NULL, /* find_objects_init */
-+ NULL, /* destroy_object */
-+ NULL, /* generate_key */
-+ NULL, /* generate_key_pair */
-+ NULL, /* encrypt_init */
-+ NULL, /* encrypt */
-+ NULL, /* encrypt_update */
-+ NULL, /* encrypt_final */
-+ NULL, /* decrypt_init */
-+ NULL, /* decrypt */
-+ NULL, /* decrypt_update */
-+ NULL, /* decrypt_final */
-+ NULL, /* derive_key */
-+ NULL, /* wrap_key */
-+ NULL, /* unwrap_key */
-+ NULL, /* sign_init */
-+ NULL, /* sign */
-+ NULL, /* sign_update */
-+ NULL, /* sign_final */
-+ NULL, /* verify_init */
-+ NULL, /* verify */
-+ NULL, /* verify_update */
-+ NULL, /* verify_final */
-+
- &token_specific_des_key_gen,
- &token_specific_des_ecb,
- &token_specific_des_cbc,
-
- &token_specific_tdes_ecb,
- &token_specific_tdes_cbc,
--
-+ NULL, /* tdes_ofb */
-+ NULL, /* tdes_cfb */
-+ NULL, /* tdes_mac */
-
- &token_specific_rsa_decrypt,
- &token_specific_rsa_encrypt,
-+ NULL, /* rsa_sign */
-+ NULL, /* rsa_verify */
-+ NULL, /* rsa_verify_recover */
-+ NULL, /* rsa_x509_decrypt */
-+ NULL, /* rsa_x509_encrypt */
-+ NULL, /* rsa_x509_sign */
-+ NULL, /* rsa_x509_verify */
-+ NULL, /* rsa_x509_verify_recover */
- &token_specific_rsa_generate_keypair,
-+
-+ NULL, /* ec_sign */
-+ NULL, /* ec_verify */
-+ NULL, /* ec_generate_keypair */
- // DH
-+#ifndef NODH
- &token_specific_dh_pkcs_derive,
- &token_specific_dh_pkcs_key_pair_gen,
-+#else
-+ NULL,
-+ NULL,
-+#endif
- // SHA1
- NULL,
- NULL,
-@@ -346,15 +411,29 @@ token_spec_t token_specific = {
- NULL,
- NULL,
- NULL,
--#ifndef NOAES
- // AES
-+#ifndef NOAES
- &token_specific_aes_key_gen,
- &token_specific_aes_ecb,
- &token_specific_aes_cbc,
-+#else
-+ NULL,
-+ NULL,
- NULL,
- #endif
-+ NULL,
-+
-+ NULL, /* t_aes_ofb */
-+ NULL, /* t_aes_cfb */
-+ NULL, /* t_aes_mac */
-+
-+ NULL, /* dsa_generate_keypair */
-+ NULL, /* dsa_sign */
-+ NULL, /* dsa_verify */
-+
- &token_specific_get_mechanism_list,
-- &token_specific_get_mechanism_info
-+ &token_specific_get_mechanism_info,
-+ NULL /* object_add */
- };
-
- #endif
+++ /dev/null
---- opencryptoki-2.3.2/configure.in.orig 2010-10-09 21:43:05.827741882 +0200
-+++ opencryptoki-2.3.2/configure.in 2010-10-09 23:12:37.735734339 +0200
-@@ -597,7 +597,7 @@
- else
- enable_bcomtok=no
- fi
--AM_CONDITIONAL([ENABLE_BCOMTOK], [test "x$enable_bcom" = "xyes"])
-+AM_CONDITIONAL([ENABLE_BCOMTOK], [test "x$enable_bcomtok" = "xyes"])
-
- dnl --- enable_crtok
- if test "x$enable_crtok" = "xyes"; then
---- opencryptoki/usr/lib/pkcs11/bcom_stdll/bcom_specific.c.orig 2013-07-15 19:25:40.000000000 +0200
-+++ opencryptoki/usr/lib/pkcs11/bcom_stdll/bcom_specific.c 2013-12-30 23:06:27.528709358 +0100
-@@ -6,7 +6,6 @@
- #include "defs.h"
- #include "host_defs.h"
- #include "h_extern.h"
--#include "args.h"
- #include "errno.h"
- #include "tok_specific.h"
- #include "tok_struct.h"
-@@ -62,14 +61,14 @@ void swapper(char *s, char *d, int size)
-
-
- CK_RV
--token_specific_session(CK_SLOT_ID slotid)
-+token_specific_open_session(SESSION *session)
- {
- return CKR_OK;
-
- }
-
- CK_RV
--token_rng(CK_BYTE *output, CK_ULONG bytes)
-+token_specific_rng(CK_BYTE *output, CK_ULONG bytes)
- {
-
- #if 1
-@@ -115,14 +114,14 @@ tok_slot2local(CK_SLOT_ID snum)
-
-
- CK_RV
--token_specific_init(char * Correlator,CK_SLOT_ID SlotNumber)
-+token_specific_init(char * Correlator,CK_SLOT_ID SlotNumber,char * conf_name)
- {
- bcomfd = ubsec_open(UBSEC_KEY_DEVICE);
- return CKR_OK;
- }
-
- CK_RV
--token_specific_final()
-+token_specific_final(void)
- {
-
- ubsec_close(bcomfd);
-@@ -132,7 +131,7 @@ token_specific_final()
-
-
- CK_RV
--token_specific_des_key_gen(CK_BYTE *des_key,CK_ULONG _len)
-+token_specific_des_key_gen(CK_BYTE *des_key,CK_ULONG _len,CK_ULONG keysize)
- {
-
- // Nothing different to do for DES or TDES here as this is just
-@@ -150,18 +149,25 @@ token_specific_des_ecb(CK_BYTE * in_data
- CK_ULONG in_data__len,
- CK_BYTE *out_data,
- CK_ULONG *out_data__len,
-- CK_BYTE *key_value,
-+ OBJECT *key,
- CK_BYTE encrypt)
- {
- CK_ULONG rc;
-+ CK_ATTRIBUTE *attr = NULL;
- unsigned char in_block_data[8];
- unsigned char out_block_data[8];
- int i,j;
- int ret;
- ubsec_crypto_context_t ctx;
-
-+ // get the key value
-+ if (template_attribute_find(key->template, CKA_VALUE, &attr) == FALSE) {
-+ OCK_LOG_ERR(ERR_FUNCTION_FAILED);
-+ return CKR_FUNCTION_FAILED;
-+ }
-+
- // Initialize the crypto contexte
-- ubsec_crypto_init(key_value, ZERO_KEY, ZERO_KEY,
-+ ubsec_crypto_init(attr->pValue, ZERO_KEY, ZERO_KEY,
- ZERO_KEY, UBSEC_DES, 0, &ctx);
-
- // the des decrypt will only fail if the data _length is not evenly divisible
-@@ -213,16 +219,23 @@ token_specific_des_cbc(CK_BYTE * in_data
- CK_ULONG in_data__len,
- CK_BYTE *out_data,
- CK_ULONG *out_data__len,
-- CK_BYTE *key_value,
-+ OBJECT *key,
- CK_BYTE *init_v,
- CK_BYTE encrypt)
- {
- CK_ULONG rc;
-+ CK_ATTRIBUTE *attr = NULL;
- int ret;
- ubsec_crypto_context_t ctx;
-
-+ // get the key value
-+ if (template_attribute_find(key->template, CKA_VALUE, &attr) == FALSE) {
-+ OCK_LOG_ERR(ERR_FUNCTION_FAILED);
-+ return CKR_FUNCTION_FAILED;
-+ }
-+
- // Initialize the crypto contexte
-- ubsec_crypto_init(key_value, ZERO_KEY, ZERO_KEY,
-+ ubsec_crypto_init(attr->pValue, ZERO_KEY, ZERO_KEY,
- ZERO_KEY, UBSEC_DES, 0, &ctx);
-
- // the des decrypt will only fail if the data _length is not evenly divisible
-@@ -255,16 +268,38 @@ token_specific_tdes_ecb(CK_BYTE * in_dat
- CK_ULONG in_data__len,
- CK_BYTE *out_data,
- CK_ULONG *out_data__len,
-- CK_BYTE *key_value,
-+ OBJECT *key,
- CK_BYTE encrypt)
- {
- CK_ULONG rc;
-+ CK_ATTRIBUTE *attr = NULL;
-+ CK_KEY_TYPE keytype;
-+ CK_BYTE key_value[3*DES_KEY_SIZE];
- unsigned char in_block_data[8];
- unsigned char out_block_data[8];
- int i,j;
- int ret;
- ubsec_crypto_context_t ctx;
-
-+ // get the key type
-+ rc = template_attribute_find(key->template, CKA_KEY_TYPE, &attr);
-+ if (rc == FALSE) {
-+ OCK_LOG_ERR(ERR_FUNCTION_FAILED);
-+ return CKR_FUNCTION_FAILED;
-+ }
-+ keytype = *(CK_KEY_TYPE *)attr->pValue;
-+
-+ // get the key value
-+ if (template_attribute_find(key->template, CKA_VALUE, &attr) == FALSE) {
-+ OCK_LOG_ERR(ERR_FUNCTION_FAILED);
-+ return CKR_FUNCTION_FAILED;
-+ }
-+ if (keytype == CKK_DES2) {
-+ memcpy(key_value, attr->pValue, 2*DES_KEY_SIZE);
-+ memcpy(key_value + (2*DES_KEY_SIZE), attr->pValue, DES_KEY_SIZE);
-+ } else
-+ memcpy(key_value, attr->pValue, 3*DES_KEY_SIZE);
-+
- // Initialize the crypto contexte
- // the triple DES key is in the 24-byte array key_value
- ubsec_crypto_init(key_value, key_value+8, key_value+16,
-@@ -318,14 +353,36 @@ token_specific_tdes_cbc(CK_BYTE * in_dat
- CK_ULONG in_data__len,
- CK_BYTE *out_data,
- CK_ULONG *out_data__len,
-- CK_BYTE *key_value,
-+ OBJECT *key,
- CK_BYTE *init_v,
- CK_BYTE encrypt)
- {
- CK_ULONG rc;
-+ CK_ATTRIBUTE *attr = NULL;
-+ CK_KEY_TYPE keytype;
-+ CK_BYTE key_value[3*DES_KEY_SIZE];
- int ret;
- ubsec_crypto_context_t ctx;
-
-+ // get the key type
-+ rc = template_attribute_find(key->template, CKA_KEY_TYPE, &attr);
-+ if (rc == FALSE) {
-+ OCK_LOG_ERR(ERR_FUNCTION_FAILED);
-+ return CKR_FUNCTION_FAILED;
-+ }
-+ keytype = *(CK_KEY_TYPE *)attr->pValue;
-+
-+ // get the key value
-+ if (template_attribute_find(key->template, CKA_VALUE, &attr) == FALSE) {
-+ OCK_LOG_ERR(ERR_FUNCTION_FAILED);
-+ return CKR_FUNCTION_FAILED;
-+ }
-+ if (keytype == CKK_DES2) {
-+ memcpy(key_value, attr->pValue, 2*DES_KEY_SIZE);
-+ memcpy(key_value + (2*DES_KEY_SIZE), attr->pValue, DES_KEY_SIZE);
-+ } else
-+ memcpy(key_value, attr->pValue, 3*DES_KEY_SIZE);
-+
- // Initialize the crypto contexte
- // Triple DES key is in the 24-byte array key_value
- ubsec_crypto_init(key_value, key_value+8, key_value+16,
-@@ -947,6 +1004,7 @@ CK_RV
- token_specific_rsa_encrypt( CK_BYTE *in_data,
- CK_ULONG in_data_len,
- CK_BYTE *out_data,
-+ CK_ULONG * out_data_len,
- OBJECT *key_obj )
- {
- CK_RV rc;
-@@ -954,6 +1012,11 @@ token_specific_rsa_encrypt( CK_BYTE *i
- int out_len_bits;
- CK_BYTE *tcipher, *tclear;
-
-+ if (in_data_len > *out_data_len) {
-+ OCK_LOG_DEBUG("CKR_DATA_LEN_RANGE\n");
-+ return CKR_DATA_LEN_RANGE;
-+ }
-+
- rc = bcom_rsa_pub_from_object(key_obj, &pubKey);
- if ( rc != 0) {
- rc = CKR_FUNCTION_FAILED;
-@@ -1017,6 +1080,7 @@ token_specific_rsa_encrypt( CK_BYTE *i
- /* swapp to get back PKCS11 representation */
- swapper(tcipher, out_data, in_data_len);
-
-+ *out_data_len = in_data_len;
- rc = CKR_OK;
- done:
-
-@@ -1038,6 +1102,7 @@ CK_RV
- token_specific_rsa_decrypt( CK_BYTE * in_data,
- CK_ULONG in_data_len,
- CK_BYTE * out_data,
-+ CK_ULONG * out_data_len,
- OBJECT * key_obj )
- {
- CK_RV rc;
-@@ -1046,6 +1111,11 @@ token_specific_rsa_decrypt( CK_BYTE *
- BCOM_RSA_CRT_KEY_t *privKey;
- int out_len;
-
-+ if (*out_data_len < in_data_len) {
-+ OCK_LOG_ERR(ERR_BUFFER_TOO_SMALL);
-+ return CKR_BUFFER_TOO_SMALL;
-+ }
-+
- rc = bcom_rsa_crt_key_from_object(key_obj, &privKey);
- if (rc != 0) {
- rc = CKR_FUNCTION_FAILED;
-@@ -1114,6 +1184,7 @@ token_specific_rsa_decrypt( CK_BYTE *
- swapper(tclear, out_data,in_data_len);
-
-
-+ *out_data_len = in_data_len;
- rc = CKR_OK;
-
- done:
-@@ -1154,7 +1225,7 @@ PrintNumber(FILE *ofptr, void *num, unsi
-
- #ifndef NOAES
- CK_RV
--token_specific_aes_key_gen( CK_BYTE *key, CK_ULONG len )
-+token_specific_aes_key_gen( CK_BYTE *key, CK_ULONG len, CK_ULONG keysize )
- {
- return rng_generate(key, len);
- }
-@@ -1164,22 +1235,28 @@ token_specific_aes_ecb( CK_BYTE
- CK_ULONG in_data_len,
- CK_BYTE *out_data,
- CK_ULONG *out_data_len,
-- CK_BYTE *key_value,
-- CK_ULONG key_len,
-+ OBJECT *key,
- CK_BYTE encrypt)
- {
-+ CK_ATTRIBUTE *attr = NULL;
- AES_KEY ssl_aes_key;
- int i;
- /* There's a previous check that in_data_len % AES_BLOCK_SIZE == 0,
- * so this is fine */
- CK_ULONG loops = (CK_ULONG)(in_data_len/AES_BLOCK_SIZE);
-
-+ // get the key value
-+ if (template_attribute_find(key->template, CKA_VALUE, &attr) == FALSE) {
-+ OCK_LOG_ERR(ERR_FUNCTION_FAILED);
-+ return CKR_FUNCTION_FAILED;
-+ }
-+
- memset( &ssl_aes_key, 0, sizeof(AES_KEY));
-
- // AES_ecb_encrypt encrypts only a single block, so we have to break up the
- // input data here
- if (encrypt) {
-- AES_set_encrypt_key((unsigned char *)key_value, (key_len*8), &ssl_aes_key);
-+ AES_set_encrypt_key((unsigned char *)attr->pValue, (attr->ulValueLen*8), &ssl_aes_key);
- for( i=0; i<loops; i++ ) {
- AES_ecb_encrypt((unsigned char *)in_data + (i*AES_BLOCK_SIZE),
- (unsigned char *)out_data + (i*AES_BLOCK_SIZE),
-@@ -1187,7 +1264,7 @@ token_specific_aes_ecb( CK_BYTE
- AES_ENCRYPT);
- }
- } else {
-- AES_set_decrypt_key((unsigned char *)key_value, (key_len*8), &ssl_aes_key);
-+ AES_set_decrypt_key((unsigned char *)attr->pValue, (attr->ulValueLen*8), &ssl_aes_key);
- for( i=0; i<loops; i++ ) {
- AES_ecb_encrypt((unsigned char *)in_data + (i*AES_BLOCK_SIZE),
- (unsigned char *)out_data + (i*AES_BLOCK_SIZE),
-@@ -1204,25 +1281,31 @@ token_specific_aes_cbc( CK_BYTE
- CK_ULONG in_data_len,
- CK_BYTE *out_data,
- CK_ULONG *out_data_len,
-- CK_BYTE *key_value,
-- CK_ULONG key_len,
-+ OBJECT *key,
- CK_BYTE *init_v,
- CK_BYTE encrypt)
- {
- AES_KEY ssl_aes_key;
-+ CK_ATTRIBUTE *attr = NULL;
- int i;
-
-+ // get the key value
-+ if(template_attribute_find(key->template, CKA_VALUE, &attr) == FALSE) {
-+ OCK_LOG_ERR(ERR_FUNCTION_FAILED);
-+ return CKR_FUNCTION_FAILED;
-+ }
-+
- memset( &ssl_aes_key, 0, sizeof(AES_KEY));
-
- // AES_cbc_encrypt chunks the data into AES_BLOCK_SIZE blocks, unlike
- // AES_ecb_encrypt, so no looping required.
- if (encrypt) {
-- AES_set_encrypt_key((unsigned char *)key_value, (key_len*8), &ssl_aes_key);
-+ AES_set_encrypt_key((unsigned char *)attr->pValue, (attr->ulValueLen*8), &ssl_aes_key);
- AES_cbc_encrypt((unsigned char *)in_data, (unsigned char *)out_data,
- in_data_len, &ssl_aes_key,
- init_v, AES_ENCRYPT);
- } else {
-- AES_set_decrypt_key((unsigned char *)key_value, (key_len*8), &ssl_aes_key);
-+ AES_set_decrypt_key((unsigned char *)attr->pValue, (attr->ulValueLen*8), &ssl_aes_key);
- AES_cbc_encrypt((unsigned char *)in_data, (unsigned char *)out_data,
- in_data_len, &ssl_aes_key,
- init_v, AES_DECRYPT);
---- opencryptoki/usr/lib/pkcs11/bcom_stdll/tok_struct.h.orig 2013-07-15 19:25:41.000000000 +0200
-+++ opencryptoki/usr/lib/pkcs11/bcom_stdll/tok_struct.h 2013-12-30 23:06:13.915376610 +0100
-@@ -310,27 +310,90 @@
- token_spec_t token_specific = {
- BCOM_CONFIG_PATH,
- "bcom",
-- "BC_STDLL_Debug",
-+ 0,
-+ {
-+ FALSE,
-+ FALSE,
-+ CKM_DES3_CBC,
-+ "12345678",
-+ NULL
-+ },
-+ NULL, /* creatlock */
-+ NULL, /* attach_shm */
- &token_specific_init,
-+ NULL, /* init_token_data */
-+ NULL, /* load_token_data */
-+ NULL, /* save_token_data */
- &tok_slot2local,
-- &token_rng,
-- &token_specific_session,
-+ &token_specific_rng,
-+ &token_specific_open_session,
-+ NULL, /* close_session */
- &token_specific_final,
-+ NULL, /* init_token */
-+ NULL, /* login */
-+ NULL, /* logout */
-+ NULL, /* init_pin */
-+ NULL, /* set_pin */
-+ NULL, /* copy object */
-+ NULL, /* create_object */
-+ NULL, /* get_attribute_value */
-+ NULL, /* set_attribute_value */
-+ NULL, /* find_objects_init */
-+ NULL, /* destroy_object */
-+ NULL, /* generate_key */
-+ NULL, /* generate_key_pair */
-+ NULL, /* encrypt_init */
-+ NULL, /* encrypt */
-+ NULL, /* encrypt_update */
-+ NULL, /* encrypt_final */
-+ NULL, /* decrypt_init */
-+ NULL, /* decrypt */
-+ NULL, /* decrypt_update */
-+ NULL, /* decrypt_final */
-+ NULL, /* derive_key */
-+ NULL, /* wrap_key */
-+ NULL, /* unwrap_key */
-+ NULL, /* sign_init */
-+ NULL, /* sign */
-+ NULL, /* sign_update */
-+ NULL, /* sign_final */
-+ NULL, /* verify_init */
-+ NULL, /* verify */
-+ NULL, /* verify_update */
-+ NULL, /* verify_final */
-+
- &token_specific_des_key_gen,
- &token_specific_des_ecb,
- &token_specific_des_cbc,
-
- &token_specific_tdes_ecb,
- &token_specific_tdes_cbc,
--
-+ NULL, /* tdes_ofb */
-+ NULL, /* tdes_cfb */
-+ NULL, /* tdes_mac */
-
- &token_specific_rsa_decrypt,
- &token_specific_rsa_encrypt,
-+ NULL, /* rsa_sign */
-+ NULL, /* rsa_verify */
-+ NULL, /* rsa_verify_recover */
-+ NULL, /* rsa_x509_decrypt */
-+ NULL, /* rsa_x509_encrypt */
-+ NULL, /* rsa_x509_sign */
-+ NULL, /* rsa_x509_verify */
-+ NULL, /* rsa_x509_verify_recover */
- &token_specific_rsa_generate_keypair,
--#ifndef NODH
-+
-+ NULL, /* ec_sign */
-+ NULL, /* ec_verify */
-+ NULL, /* ec_generate_keypair */
- // DH
-+#ifndef NODH
- &token_specific_dh_pkcs_derive,
- &token_specific_dh_pkcs_key_pair_gen,
-+#else
-+ NULL,
-+ NULL,
- #endif
- // SHA1
- NULL,
-@@ -348,15 +411,29 @@ token_spec_t token_specific = {
- NULL,
- NULL,
- NULL,
--#ifndef NOAES
- // AES
-+#ifndef NOAES
- &token_specific_aes_key_gen,
- &token_specific_aes_ecb,
- &token_specific_aes_cbc,
-+#else
-+ NULL,
-+ NULL,
- NULL,
- #endif
-+ NULL,
-+
-+ NULL, /* t_aes_ofb */
-+ NULL, /* t_aes_cfb */
-+ NULL, /* t_aes_mac */
-+
-+ NULL, /* dsa_generate_keypair */
-+ NULL, /* dsa_sign */
-+ NULL, /* dsa_verify */
-+
- &token_specific_get_mechanism_list,
-- &token_specific_get_mechanism_info
-+ &token_specific_get_mechanism_info,
-+ NULL /* object_add */
- };
-
- #endif
+++ /dev/null
---- opencryptoki/usr/sbin/pkcsslotd/log.c.orig 2013-07-15 19:25:41.000000000 +0200
-+++ opencryptoki/usr/sbin/pkcsslotd/log.c 2013-12-30 23:09:12.875369087 +0100
-@@ -823,7 +823,7 @@
-
- /* Always log to syslog, if we're using it */
- if ( pInfo->UseSyslog ) {
-- syslog(pInfo->LogLevel, Buffer);
-+ syslog(pInfo->LogLevel, "%s", Buffer);
- }
-
- return TRUE;
+++ /dev/null
---- opencryptoki-2.2.5/usr/lib/pkcs11/ica_stdll/ica_specific.c.orig 2007-09-06 17:40:13.000000000 +0200
-+++ opencryptoki-2.2.5/usr/lib/pkcs11/ica_stdll/ica_specific.c 2008-01-13 19:31:06.979358339 +0100
-@@ -1101,27 +1101,27 @@
- CK_RV
- token_specific_sha_init( DIGEST_CONTEXT * ctx )
- {
-- oc_sha1_ctx *sc;
-+ struct oc_sha_ctx *sc;
-
- /* For the C_DigestInit, C_Digest case, we may have already
- * created ctx->context... - KEY
- */
- if(ctx->context) {
-- sc = (oc_sha1_ctx *)ctx->context;
-+ sc = (struct oc_sha_ctx *)ctx->context;
- if(sc->dev_ctx)
- free(sc->dev_ctx);
- free(ctx->context);
- }
-
- /* The caller will check to see if ctx->context == NULL */
-- ctx->context_len = sizeof(oc_sha1_ctx);
-- ctx->context = malloc(sizeof(oc_sha1_ctx));
-+ ctx->context_len = sizeof(struct oc_sha_ctx);
-+ ctx->context = malloc(sizeof(struct oc_sha_ctx));
-
- if(ctx->context == NULL)
- return CKR_HOST_MEMORY;
-
- memset(ctx->context, 0, ctx->context_len);
-- sc = (oc_sha1_ctx *)ctx->context;
-+ sc = (struct oc_sha_ctx *)ctx->context;
- sc->hash_len = SHA1_HASH_SIZE;
- sc->message_part = SHA_MSG_PART_ONLY;
- /* This is libica's LENGTH_SHA_CONTEXT */
-@@ -1142,7 +1142,7 @@
- CK_ULONG in_data_len )
- {
- unsigned int rc, i, fill_size = 0;
-- oc_sha1_ctx *oc_sha_ctx = (oc_sha1_ctx *)ctx->context;
-+ struct oc_sha_ctx *oc_sha_ctx = (struct oc_sha_ctx *)ctx->context;
- SHA_CONTEXT *ica_sha_ctx = (SHA_CONTEXT *)oc_sha_ctx->dev_ctx;
-
- if( !ctx )
-@@ -1316,7 +1316,7 @@
- CK_ULONG *out_data_len )
- {
- CK_RV rv = CKR_OK;
-- oc_sha1_ctx *oc_sha_ctx = (oc_sha1_ctx *)ctx->context;
-+ struct oc_sha_ctx *oc_sha_ctx = (struct oc_sha_ctx *)ctx->context;
- int copy_len = MIN(*out_data_len, LENGTH_SHA_HASH);
-
- if( !ctx )
$(CHMOD) 0770 $(DESTDIR)$(lockdir)/icsf
uninstall-hook:
---- opencryptoki/usr/Makefile.am.orig 2013-07-15 19:25:40.000000000 +0200
-+++ opencryptoki/usr/Makefile.am 2013-12-31 09:26:05.323815816 +0100
+--- opencryptoki/usr/Makefile.am.orig 2016-03-05 22:26:13.779273281 +0100
++++ opencryptoki/usr/Makefile.am 2016-03-05 23:06:04.015839640 +0100
@@ -6,5 +6,4 @@
install-data-hook:
- $(MKDIR_P) $(DESTDIR)$(lockdir)
-- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)
- $(CHMOD) 0770 $(DESTDIR)$(lockdir)
+ $(MKDIR_P) $(DESTDIR)$(lockdir) $(DESTDIR)$(logdir)
+- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir) $(DESTDIR)$(logdir)
+ $(CHMOD) 0770 $(DESTDIR)$(lockdir) $(DESTDIR)$(logdir)
---- opencryptoki/configure.in.orig 2013-12-30 15:35:25.853178364 +0100
-+++ opencryptoki/configure.in 2013-12-30 15:36:03.333176738 +0100
-@@ -721,7 +721,7 @@
+--- opencryptoki/configure.in.orig 2016-03-05 21:11:02.889462586 +0100
++++ opencryptoki/configure.in 2016-03-05 21:12:55.766124521 +0100
+@@ -556,7 +556,7 @@
- CFLAGS="$CFLAGS -DPKCS64 -D_XOPEN_SOURCE=500"
+ CFLAGS="$CFLAGS -DPKCS64 -D_XOPEN_SOURCE=500 -Wall -Wno-pointer-sign"
--CFLAGS+=' -DCONFIG_PATH=\"$(localstatedir)/lib/opencryptoki\" -DSBIN_PATH=\"$(sbindir)\" -DLIB_PATH=\"$(libdir)\" -DLOCKDIR_PATH=\"$(lockdir)\" -DOCK_CONFDIR=\"$(sysconfdir)/opencryptoki\"'
-+CFLAGS="$CFLAGS"' -DCONFIG_PATH=\"$(localstatedir)/lib/opencryptoki\" -DSBIN_PATH=\"$(sbindir)\" -DLIB_PATH=\"$(libdir)\" -DLOCKDIR_PATH=\"$(lockdir)\" -DOCK_CONFDIR=\"$(sysconfdir)/opencryptoki\"'
+-CFLAGS+=' -DCONFIG_PATH=\"$(localstatedir)/lib/opencryptoki\" -DSBIN_PATH=\"$(sbindir)\" -DLIB_PATH=\"$(libdir)\" -DLOCKDIR_PATH=\"$(lockdir)\" -DOCK_CONFDIR=\"$(sysconfdir)/opencryptoki\" -DOCK_LOGDIR=\"$(logdir)\"'
++CFLAGS="$CFLAGS"' -DCONFIG_PATH=\"$(localstatedir)/lib/opencryptoki\" -DSBIN_PATH=\"$(sbindir)\" -DLIB_PATH=\"$(libdir)\" -DLOCKDIR_PATH=\"$(lockdir)\" -DOCK_CONFDIR=\"$(sysconfdir)/opencryptoki\" -DOCK_LOGDIR=\"$(logdir)\"'
# At this point, CFLAGS is set to something sensible
AC_PROG_CC
-#
-# Conditional build:
-%bcond_without aep # AEP Crypto Accelerator support
-%bcond_without bcom # Broadcom Crypto Accelerator support
-%bcond_with corrent # Corrent Crypto Accelerator support [BR: libsocketarmor/typhoon.h; probably no longer available]
-%bcond_with pkcscca # CCA token key migration tool [BR: xcryptolinz, s390x arch]
-#
Summary: An Implementation of PKCS#11 (Cryptoki) v2.11
Summary(pl.UTF-8): Implementacja PKCS#11 (Cryptoki) v2.11
Name: opencryptoki
-Version: 3.0
+Version: 3.4.1
Release: 1
License: CPL v0.5
Group: Applications/System
-Source0: http://downloads.sourceforge.net/opencryptoki/%{name}-v%{version}.tar.gz
-# Source0-md5: ec4e2a196c8a336d400d3b17288260af
-Patch0: %{name}-ica.patch
-Patch1: %{name}-sh.patch
-Patch2: %{name}-bcom.patch
-Patch3: %{name}-aep.patch
-Patch4: %{name}-format.patch
-Patch5: %{name}-noroot.patch
-Patch6: %{name}-notonlysystemd.patch
+Source0: http://downloads.sourceforge.net/opencryptoki/%{name}-v%{version}.tgz
+# Source0-md5: 100d587be68f299b1f196aba0e6e0b76
+Patch0: %{name}-sh.patch
+Patch1: %{name}-noroot.patch
+Patch2: %{name}-notonlysystemd.patch
URL: http://opencryptoki.sourceforge.net/
-%{?with_aep:BuildRequires: aep1000-devel}
BuildRequires: autoconf
BuildRequires: automake >= 1.6
-%{?with_bcom:BuildRequires: bcm5820-devel}
%ifarch s390 s390x
BuildRequires: libica-devel >= 2.0
%endif
BuildRequires: openssl-devel
BuildRequires: rpmbuild(macros) >= 1.647
BuildRequires: trousers-devel >= 0.2.9
-%if %{with pkcscca}
-# from http://www-03.ibm.com/security/cryptocards/pcixcc/ordersoftware.shtml :
-# http://www-03.ibm.com/security/cryptocards/dwnlds/xcryptolinzGA-3.28-rc08.s390x.rpm
-BuildRequires: xcryptolinzGA
-%endif
Requires(post,preun): /sbin/chkconfig
Requires(post,preun,postun): systemd-units >= 38
Requires(postun): /usr/sbin/groupdel
Requires: rc-scripts
Requires: systemd-units >= 38
Provides: group(pkcs11)
+Obsoletes: opencrytoki-module-aeptok
+Obsoletes: opencrytoki-module-crtok
+Obsoletes: opencrytoki-module-bcomtok
BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
%define skip_post_check_so .*%{_libdir}/opencryptoki/stdll/libpkcs11_.*\.so.*
%description devel -l pl.UTF-8
Pliki nagłówkowe biblioteki openCryptoki.
-%package module-aeptok
-Summary: AEP Crypto Accelerator support for openCryptoki
-Summary(pl.UTF-8): Obsługa urządzeń AEP Crypto Accelerator dla openCryptoki
-Group: Libraries
-Requires: %{name} = %{version}-%{release}
-
-%description module-aeptok
-This package brings the necessary libraries and files to support AEP
-Crypto Accelerator devices in the openCryptoki stack.
-
-%description module-aeptok -l pl.UTF-8
-Ten pakiet dostarcza biblioteki i pliki potrzebne do obsługi urządzeń
-kryptograficznych AEP Crypto Accelerator w stosie openCryptoki.
-
-%package module-bcomtok
-Summary: Broadcom Crypto Accelerator support for openCryptoki
-Summary(pl.UTF-8): Obsługa urządzeń Broadcom Crypto Accelerator dla openCryptoki
-Group: Libraries
-Requires: %{name} = %{version}-%{release}
-
-%description module-bcomtok
-This package brings the necessary libraries and files to support
-Broadcom Crypto Accelerator devices in the openCryptoki stack.
-
-%description module-bcomtok -l pl.UTF-8
-Ten pakiet dostarcza biblioteki i pliki potrzebne do obsługi urządzeń
-kryptograficznych Broadcom Crypto Accelerator w stosie openCryptoki.
-
%package module-ccatok
Summary: CCA cryptographics devices (secure-key) support for openCryptoki
Summary(pl.UTF-8): Obsługa urządzeń kryptograficznych ICA (z bezpiecznym kluczem) dla openCryptoki
sprzętu kryptograficznego firmy IBM, takiego jak IBM 4764 lub 4765,
wykorzystującego "koprocesor" lub ścieżkę "bezpiecznego klucza".
-%package module-crtok
-Summary: Corrent Crypto Accelerator support for openCryptoki
-Summary(pl.UTF-8): Obsługa urządzeń Corrent Crypto Accelerator dla openCryptoki
-Group: Libraries
-Requires: %{name} = %{version}-%{release}
-
-%description module-crtok
-This package brings the necessary libraries and files to support
-Corrent Crypto Accelerator devices in the openCryptoki stack.
-
-%description module-crtok -l pl.UTF-8
-Ten pakiet dostarcza biblioteki i pliki potrzebne do obsługi urządzeń
-kryptograficznych Corrent Crypto Accelerator w stosie openCryptoki.
-
%package module-icatok
Summary: ICA cryptographics devices (clear-key) support for openCryptoki
Summary(pl.UTF-8): Obsługa urządzeń kryptograficznych ICA (z jawnym kluczem) dla openCryptoki
%patch0 -p1
%patch1 -p1
%patch2 -p1
-%patch3 -p1
-%patch4 -p1
-%patch5 -p1
-%patch6 -p1
%build
%{__libtoolize}
%{__autoconf}
%{__automake}
%configure \
- %{!?with_aep:--disable-aeptok} \
- %{!?with_bcom:--disable-bcomtok} \
- %{!?with_corrent:--disable-crtok} \
%ifarch s390 s390x
--enable-ccatok \
+ --enable-ep11tok \
--enable-icatok \
%else
--disable-ccatok \
+ --disable-ep11tok \
--disable-icatok \
%endif
- %{!?with_pkcsccs:--disable-pkcscca-migrate} \
--enable-tpmtok \
--with-systemd=%{systemdunitdir}
-# icctok (PCICC) not supported on Linux (only AIX, Windows, OS/2)
%{__make}
initdir=/etc/rc.d/init.d
%{__rm} $RPM_BUILD_ROOT%{_libdir}/opencryptoki/stdll/*.la
+%ifnarch s390 s390x
+%{__rm} $RPM_BUILD_ROOT%{_mandir}/man1/{pkcscca,pkcsep11_migrate}.1
+%endif
%clean
rm -rf $RPM_BUILD_ROOT
%{_libdir}/opencryptoki/libopencryptoki.la
%{_includedir}/opencryptoki
-%if %{with aep}
-%files module-aeptok
-%defattr(644,root,root,755)
-%attr(755,root,root) %{_libdir}/opencryptoki/stdll/libpkcs11_aep.so*
-%attr(755,root,root) %{_libdir}/opencryptoki/stdll/PKCS11_AEP.so
-%endif
-
-%if %{with bcom}
-%files module-bcomtok
-%defattr(644,root,root,755)
-%attr(755,root,root) %{_libdir}/opencryptoki/stdll/libpkcs11_bc.so*
-%attr(755,root,root) %{_libdir}/opencryptoki/stdll/PKCS11_BC.so
-%endif
-
%ifarch s390 s390x
%files module-ccatok
%defattr(644,root,root,755)
-%doc doc/{README-IBM_CCA_users,README.cca_stdll} %{?with_pkcscca:doc/README.pkcscca_migrate}
-%if %{with pkcscca}
+%doc doc/{README-IBM_CCA_users,README.cca_stdll,README.pkcscca_migrate}
%attr(755,root,root) %{_sbindir}/pkcscca_migrate
%attr(755,root,root) %{_sbindir}/pkcscca_migrate.sh
-%endif
%attr(755,root,root) %{_libdir}/opencryptoki/stdll/libpkcs11_cca.so*
%attr(755,root,root) %{_libdir}/opencryptoki/stdll/PKCS11_CCA.so
+%attr(770,root,pkcs11) %dir /var/lib/opencryptoki/ccatok
+%attr(770,root,pkcs11) %dir /var/lib/opencryptoki/ccatok/TOK_OBJ
+%attr(770,root,pkcs11) %dir /var/lock/opencryptoki/ccatok
+%{_mandir}/man1/pkcscca.1*
%endif
-%if %{with corrent}
-%files module-crtok
+%ifarch s390 s390x
+%files module-ep11tok
%defattr(644,root,root,755)
-%attr(755,root,root) %{_libdir}/opencryptoki/stdll/libpkcs11_cr.so*
-%attr(755,root,root) %{_libdir}/opencryptoki/stdll/PKCS11_CR.so
+%doc doc/README.ep11_stdll
+%attr(755,root,root) %{_sbindir}/pkcsep11_migrate
+%attr(755,root,root) %{_libdir}/opencryptoki/stdll/libpkcs11_ep11.so*
+%attr(755,root,root) %{_libdir}/opencryptoki/stdll/PKCS11_EP11.so
+%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/opencryptoki/ep11tok.conf
+%attr(770,root,pkcs11) %dir /var/lib/opencryptoki/ep11tok
+%attr(770,root,pkcs11) %dir /var/lib/opencryptoki/ep11tok/TOK_OBJ
+%attr(770,root,pkcs11) %dir /var/lock/opencryptoki/ep11tok
+%{_mandir}/man1/pkcsep11_migrate.1*
%endif
%ifarch s390 s390x
%defattr(644,root,root,755)
%attr(755,root,root) %{_libdir}/opencryptoki/stdll/libpkcs11_ica.so*
%attr(755,root,root) %{_libdir}/opencryptoki/stdll/PKCS11_ICA.so
+%attr(770,root,pkcs11) %dir /var/lib/opencryptoki/lite
+%attr(770,root,pkcs11) %dir /var/lib/opencryptoki/lite/TOK_OBJ
+%attr(770,root,pkcs11) %dir /var/lock/opencryptoki/lite
%endif
%files module-icsftok
projects / packages / opencryptoki.git / commitdiff