freebsd/ports
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update to 3.5. Notable changes are as follows:

Browse Source 
- No longer required to run pkcs11_startup.

   pkcs11_startup and pkcs_slotd were shell scripts that created the
   config file, pk_config_data, which was read by pkcsslotd to get
   available slot information.

   The pk_config_data configuration file has been replaced with
   /etc/opencryptoki/opencryptoki.conf.

   In version 3, the pkcsslotd daemon reads opencryptoki.conf to get slot
   information. The opencryptoki.conf by default contains slot information
   for each token currently supported by opencryptoki with the exception of
   the ICSF token, which requires some initial setup.
   Please see man page for opencryptoki.conf for further information.

   Since pk_config_data is no longer required, pkcs11_startup and
   pkcs_slotd have been removed.
This commit is contained in:
Hiroki Sato
2016-05-18 17:22:59 +00:00
parent 10c3aa0757
commit 8c8d2c3d81
53 changed files with 424 additions and 902 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
security/opencryptoki/Makefile
View File

@@ -2,8 +2,7 @@
# $FreeBSD$
PORTNAME= opencryptoki
PORTVERSION= 2.3.2
PORTREVISION= 8
PORTVERSION= 3.5
CATEGORIES= security
MASTER_SITES= SF
@@ -17,23 +16,35 @@ LICENSE_PERMS= dist-mirror dist-sell pkg-mirror pkg-sell auto-accept
LIB_DEPENDS= libtspi.so:security/trousers
USES= alias autoreconf gmake libtool tar:bzip2
USES= alias autoreconf gmake libtool tar:tgz
USE_LDCONFIG= ${PREFIX}/lib/opencryptoki
WRKSRC= ${WRKDIR}/${PORTNAME}
INSTALL_TARGET= install-strip
GNU_CONFIGURE= yes
CONFIGURE_ARGS= --enable-swtok --enable-tpmtok \
--disable-crtok --disable-aeptok \
--disable-ccatok --disable-bcomtok \
--disable-pkcscca_migrate \
--with-lockdir=/var/run/opencryptoki \
--with-logdir=/var/log/opencryptoki \
--localstatedir=/var \
--with-pkcs11user=${USERS} \
--with-pkcs11group=${GROUPS}
--with-pkcs11group=${GROUPS} \
ac_cv_path_CHGRP=true
CFLAGS+= -I${LOCALBASE}/include
LDFLAGS+= -L${LOCALBASE}/lib
USE_RC_SUBR= pkcsslotd
SUB_FILES= pkg-message
SUB_LIST= USERS=${USERS} GROUPS=${GROUPS}
SUB_LIST= USERS="${USERS}" GROUPS="${GROUPS}"
PLIST_SUB= USERS="${USERS}" GROUPS="${GROUPS}"
USERS= _pkcs11
GROUPS= _pkcs11
post-install:
${MV} ${STAGEDIR}${ETCDIR}/opencryptoki.conf \
${STAGEDIR}${ETCDIR}/opencryptoki.conf.sample
${RMDIR} ${STAGEDIR}/var/run/opencryptoki/swtok \
${STAGEDIR}/var/run/opencryptoki/tpm \
${STAGEDIR}/var/run/opencryptoki
.include <bsd.port.mk>

5
security/opencryptoki/distinfo
View File

@@ -1,2 +1,3 @@
SHA256 (opencryptoki-2.3.2.tar.bz2) = 44fdf74a9eab2586240a69779c5c323e8378e8f2fde21cd4f8bd9186a24c30f7
SIZE (opencryptoki-2.3.2.tar.bz2) = 665134
TIMESTAMP = 1463579349
SHA256 (opencryptoki-3.5.tgz) = 2789e3135196828e2b904faba766aa4c7fd9d1e67664df79bd9a05381a771452
SIZE (opencryptoki-3.5.tgz) = 1031722

6
security/opencryptoki/files/patch-Makefile.am
View File

@@ -1,6 +1,6 @@
--- Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900
+++ Makefile.am 2010-11-23 22:35:25.112978674 +0900
@@ -8,5 +8,5 @@
--- Makefile.am.orig 2016-04-29 17:26:45 UTC
+++ Makefile.am
@@ -8,5 +8,5 @@ if ENABLE_DAEMON
MISCDIR = misc
endif

69
security/opencryptoki/files/patch-configure.in
View File

@@ -1,16 +1,16 @@
--- configure.in.orig 2010-07-29 21:28:41.000000000 +0900
+++ configure.in 2010-10-20 01:31:02.971984782 +0900
@@ -8,6 +8,9 @@
--- configure.in.orig 2016-04-29 17:26:45 UTC
+++ configure.in
@@ -6,6 +6,9 @@ AC_CANONICAL_SYSTEM
AM_INIT_AUTOMAKE([foreign 1.6])
+AC_DEFINE(_BSD_SOURCE, 1, BSD functions)
+AC_DEFINE(__BSD_VISIBLE, 1, BSD extensions)
+
dnl Get the canonical host type
AC_CANONICAL_TARGET
@@ -30,6 +33,7 @@
dnl Checks for header files.
AC_DISABLE_STATIC
LT_INIT
@@ -25,6 +28,7 @@ AC_FUNC_MEMCMP
AC_FUNC_STRFTIME
AC_FUNC_VPRINTF
AC_CHECK_FUNCS([getcwd])
@@ -18,9 +18,28 @@
dnl Used in various scripts
AC_PATH_PROG([ID], [id], [/us/bin/id])
@@ -193,6 +197,21 @@
@@ -40,10 +44,16 @@ AC_PROG_YACC
dnl Define custom variables
-lockdir=$localstatedir/lock/opencryptoki
+AC_ARG_WITH([lockdir],
+ [AS_HELP_STRING([--with-lockdir],[lock directory])],
+ [lockdir=$withval],
+ [lockdir=$localstatedir/lock/opencryptoki])
AC_SUBST(lockdir)
-logdir=$localstatedir/log/opencryptoki
+AC_ARG_WITH([logdir],
+ [AS_HELP_STRING([--with-logdir],[log directory])],
+ [logdir=$withval],
+ [logdir=$localstatedir/log/opencryptoki])
AC_SUBST(logdir)
dnl ---
@@ -166,6 +176,21 @@ AC_ARG_WITH([systemd],
[],
[with_xcryptolinz=check])
[with_systemd=no])
+dnl --- check for pkcs11 user
+AC_ARG_WITH([pkcs11user],
@@ -40,20 +59,38 @@
dnl ---
dnl ---
dnl --- Now that we have all the options, let's check for a valid build
@@ -630,11 +649,15 @@
@@ -554,13 +579,31 @@ fi
CFLAGS="$CFLAGS $DEBUG_CFLAGS -DPKCS64 -D_XOPEN_SOURCE=500"
AM_CONDITIONAL([ENABLE_PKCSEP11_MIGRATE], [test "x$enable_pkcsep11_migrate" = "xyes"])
-CFLAGS+=' -DCONFIG_PATH=\"$(localstatedir)/lib/opencryptoki\" -DSBIN_PATH=\"$(sbindir)\" -DLIB_PATH=\"$(libdir)\"'
+CFLAGS="$CFLAGS -DCONFIG_PATH='\"$localstatedir/lib/opencryptoki\"' -DSBIN_PATH='\"$sbindir\"' -DLIB_PATH='\"$libdir\"'"
+
+CFLAGS="$CFLAGS -DPKCS11USER='\"${pkcs11_user}\"' -DPKCS11GROUP='\"${pkcs11_group}\"'"
-CFLAGS="$CFLAGS -DPKCS64 -D_XOPEN_SOURCE=600 -Wall -Wno-pointer-sign"
-
-CFLAGS+=' -DCONFIG_PATH=\"$(localstatedir)/lib/opencryptoki\" -DSBIN_PATH=\"$(sbindir)\" -DLIB_PATH=\"$(libdir)\" -DLOCKDIR_PATH=\"$(lockdir)\" -DOCK_CONFDIR=\"$(sysconfdir)/opencryptoki\" -DOCK_LOGDIR=\"$(logdir)\"'
+CFLAGS="$CFLAGS \
+ -Wall \
+ -Wno-pointer-sign \
+"
+CPPFX=' \
+ -DCONFIG_PATH=\"$(localstatedir)/lib/opencryptoki\" \
+ -DSBIN_PATH=\"$(sbindir)\" \
+ -DLIB_PATH=\"$(libdir)\" \
+ -DLOCKDIR_PATH=\"$(lockdir)\" \
+ -DOCK_CONFDIR=\"$(sysconfdir)/opencryptoki\" \
+ -DOCK_LOGDIR=\"$(logdir)\" \
+'
+CPPFLAGS="$CPPFLAGS \
+ -DPKCS64 \
+ -D_XOPEN_SOURCE=600 \
+ $CPPFX \
+ -DPKCS11USER=\\\"${pkcs11_user}\\\" \
+ -DPKCS11GROUP=\\\"${pkcs11_group}\\\" \
+"
# At this point, CFLAGS is set to something sensible
AC_PROG_CC
+AC_SUBST(FPIC, $lt_prog_compiler_pic)
+
AC_OUTPUT([Makefile usr/Makefile \
AC_CONFIG_FILES([Makefile usr/Makefile \
usr/include/Makefile \
usr/include/pkcs11/Makefile \

11
security/opencryptoki/files/patch-usr-include-pkcs11-apictl.h
View File

@@ -1,11 +0,0 @@
--- usr/include/pkcs11/apictl.h.orig 2010-07-29 21:28:41.000000000 +0900
+++ usr/include/pkcs11/apictl.h 2010-10-19 23:42:04.580983829 +0900
@@ -296,7 +296,7 @@
#include <pkcs11types.h>
-#include <linux/limits.h>
+#include <limits.h>
#include <local_types.h>
#include <stdll.h>
#include <slotmgr.h>

11
security/opencryptoki/files/patch-usr-include-pkcs11-slotmgr.h
View File

@@ -1,11 +0,0 @@
--- usr/include/pkcs11/slotmgr.h.orig 2010-07-29 21:28:41.000000000 +0900
+++ usr/include/pkcs11/slotmgr.h 2010-10-19 23:42:55.423984058 +0900
@@ -301,7 +301,7 @@
#include <pkcs11types.h>
-#include <linux/limits.h>
+#include <limits.h>
#include <local_types.h>
#include <pthread.h>

11
security/opencryptoki/files/patch-usr-include-pkcs11-stdll.h
View File

@@ -1,11 +0,0 @@
--- usr/include/pkcs11/stdll.h.orig 2010-07-29 21:28:41.000000000 +0900
+++ usr/include/pkcs11/stdll.h 2010-10-19 23:43:40.418984281 +0900
@@ -302,7 +302,7 @@
#include <pkcs11types.h>
-#include <linux/limits.h>
+#include <limits.h>
#include <local_types.h>
#include <slotmgr.h>

8
security/opencryptoki/files/patch-usr-lib-Makefile.am
View File

@@ -1,6 +1,6 @@
--- usr/lib/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900
+++ usr/lib/Makefile.am 2010-11-24 02:34:56.159978814 +0900
@@ -1,10 +1,2 @@
--- usr/lib/Makefile.am.orig 2016-04-29 17:26:45 UTC
+++ usr/lib/Makefile.am
@@ -1,12 +1,4 @@
SUBDIRS = pkcs11
-install-data-hook:
@@ -11,3 +11,5 @@
- $(DESTDIR)/etc/ld.so.conf.d/opencryptoki-$(target_cpu).conf
- echo "**** Remember you must run ldconfig before using the above settings ****"
-
uninstall-hook:
rm -f $(DESTDIR)/etc/ld.so.conf.d/opencryptoki-$(target_cpu).conf

11
security/opencryptoki/files/patch-usr-lib-pkcs11-aep_stdll-Makefile.am
View File

@@ -1,11 +0,0 @@
--- usr/lib/pkcs11/aep_stdll/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900
+++ usr/lib/pkcs11/aep_stdll/Makefile.am 2010-10-19 23:45:36.945982287 +0900
@@ -6,7 +6,7 @@
# Not all versions of automake observe libname_CFLAGS
opencryptoki_stdll_libpkcs11_aep_la_CFLAGS = -DSPINXPL -DDEV \
--D_THREAD_SAFE -fPIC -DSHALLOW=0 -DSWTOK=1 -DLITE=0 -DNOCDMF -DNOMD2 \
+-D_THREAD_SAFE $(FPIC) -DSHALLOW=0 -DSWTOK=1 -DLITE=0 -DNOCDMF -DNOMD2 \
-DNODSA -DDEBUGON -DAEP_GENERIC -DNORIPE -DSTDLL_NAME=\"aeptok\"
opencryptoki_stdll_libpkcs11_aep_la_SOURCES = ../common/asn1.c \

16
security/opencryptoki/files/patch-usr-lib-pkcs11-api-Makefile.am
View File

@@ -1,6 +1,6 @@
--- usr/lib/pkcs11/api/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900
+++ usr/lib/pkcs11/api/Makefile.am 2010-10-19 23:49:45.125982519 +0900
@@ -4,13 +4,13 @@
--- usr/lib/pkcs11/api/Makefile.am.orig 2016-04-29 17:26:45 UTC
+++ usr/lib/pkcs11/api/Makefile.am
@@ -4,13 +4,13 @@ SO_CURRENT=0
SO_REVISION=0
SO_AGE=0
@@ -10,9 +10,9 @@
$(SO_CURRENT):$(SO_REVISION):$(SO_AGE)
# Not all versions of automake observe libname_CFLAGS
opencryptoki_libopencryptoki_la_CFLAGS = -DSPINXPL -DAPI -DDEV -D_THREAD_SAFE \
- -fPIC -I../. -I../../../include/pkcs11
+ $(FPIC) -I../. -I../../../include/pkcs11
opencryptoki_libopencryptoki_la_SOURCES = api_interface.c shrd_mem.c apiutil.c
opencryptoki_libopencryptoki_la_CFLAGS = -DAPI -DDEV -D_THREAD_SAFE \
- -fPIC -I../. -I../../../include/pkcs11 \
+ $(FPIC) -I../. -I../../../include/pkcs11 \
-I ../common -DSTDLL_NAME=\"api\"
opencryptoki_libopencryptoki_la_SOURCES = api_interface.c shrd_mem.c \

35
security/opencryptoki/files/patch-usr-lib-pkcs11-api-api_interface.c
View File

@@ -1,35 +0,0 @@
--- usr/lib/pkcs11/api/api_interface.c.orig 2010-07-29 21:28:41.000000000 +0900
+++ usr/lib/pkcs11/api/api_interface.c 2010-10-19 23:52:25.355983620 +0900
@@ -2390,7 +2390,7 @@
C_GetFunctionList ( CK_FUNCTION_LIST_PTR_PTR ppFunctionList )
{
- _init();
+ api_init();
LOG("C_GetFunctionList");
FuncList.version.major = VERSION_MAJOR;
@@ -5168,7 +5168,11 @@
}
+#ifdef __sun
+#pragma init(api_init)
+#else
void api_init(void) __attribute__((constructor));
+#endif
void
api_init(void)
@@ -5194,7 +5198,11 @@
}
+#ifdef __sun
+#pragma fini(api_fini)
+#else
void api_fini(void) __attribute__((destructor));
+#endif
void
api_fini()

32
security/opencryptoki/files/patch-usr-lib-pkcs11-api-apiutil.c
View File

@@ -1,6 +1,6 @@
--- usr/lib/pkcs11/api/apiutil.c.orig 2010-07-29 21:28:41.000000000 +0900
+++ usr/lib/pkcs11/api/apiutil.c 2010-10-19 23:54:52.374982634 +0900
@@ -305,10 +305,10 @@
--- usr/lib/pkcs11/api/apiutil.c.orig 2016-04-29 17:26:45 UTC
+++ usr/lib/pkcs11/api/apiutil.c
@@ -298,10 +298,10 @@
#include <string.h>
#include <strings.h>
#include <unistd.h>
@@ -12,33 +12,11 @@
#include <sys/ipc.h>
@@ -325,10 +325,28 @@
@@ -314,7 +314,6 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
-#include <sys/file.h>
static int xplfd=-1;
#endif
+#ifdef __sun
+#define LOCK_EX F_LOCK
+#define LOCK_UN F_ULOCK
+#define flock(fd, func) lockf(fd, func, 0)
+#endif
+
+#ifndef LOCK_SH
+#define LOCK_SH 1 /* shared lock */
+#endif
+#ifndef LOCK_EX
+#define LOCK_EX 2 /* exclusive lock */
+#endif
+#ifndef LOCK_NB
+#define LOCK_NB 4 /* don't block when locking */
+#endif
+#ifndef LOCK_UN
+#define LOCK_UN 8 /* unlock */
+#endif
+
#include <libgen.h>
static int xplfd = -1;
#define LIBLOCATION LIB_PATH

22
security/opencryptoki/files/patch-usr-lib-pkcs11-api-shrd_mem.c.in
View File

@@ -1,11 +1,11 @@
--- usr/lib/pkcs11/api/shrd_mem.c.in.orig 2010-07-29 21:28:41.000000000 +0900
+++ usr/lib/pkcs11/api/shrd_mem.c.in 2010-10-19 23:56:22.728981736 +0900
@@ -353,7 +353,7 @@
// SAB check for the group id here and membership here as well
- grp = getgrnam("pkcs11");
+ grp = getgrnam(PKCS11GROUP);
if ( grp ) {
int i=0;
char member=0;
--- usr/lib/pkcs11/api/shrd_mem.c.in.orig 2016-04-29 17:26:45 UTC
+++ usr/lib/pkcs11/api/shrd_mem.c.in
@@ -357,7 +357,7 @@ attach_shared_memory() {
// only check group membership if not root user
if (uid != 0 && euid != 0) {
int i, member=0;
- grp = getgrnam("pkcs11");
+ grp = getgrnam(PKCS11GROUP);
if (!grp) {
// group pkcs11 not known to the system
return NULL;

11
security/opencryptoki/files/patch-usr-lib-pkcs11-api-socket_client.c Normal file
View File

@@ -0,0 +1,11 @@
--- usr/lib/pkcs11/api/socket_client.c.orig 2016-04-29 17:26:45 UTC
+++ usr/lib/pkcs11/api/socket_client.c
@@ -320,7 +320,7 @@ init_socket_data() {
return FALSE;
}
- grp = getgrnam("pkcs11");
+ grp = getgrnam(PKCS11GROUP);
if ( !grp ) {
OCK_SYSLOG(LOG_ERR, "init_socket_data: pkcs11 group does not exist, errno=%d", errno);
return FALSE;

11
security/opencryptoki/files/patch-usr-lib-pkcs11-bcom_stdll-Makefile.am
View File

@@ -1,11 +0,0 @@
--- usr/lib/pkcs11/bcom_stdll/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900
+++ usr/lib/pkcs11/bcom_stdll/Makefile.am 2010-10-19 23:57:38.434983522 +0900
@@ -8,7 +8,7 @@
# Not all versions of automake observe libname_CFLAGS
opencryptoki_stdll_libpkcs11_bc_la_CFLAGS = -DSPINXPL -DDEV \
--D_THREAD_SAFE -fPIC $(VARIANT) -DNOCDMF -DNOMD2 -DNODSA -DNOAES \
+-D_THREAD_SAFE $(FPIC) $(VARIANT) -DNOCDMF -DNOMD2 -DNODSA -DNOAES \
-DNODH -DDEBUGON -DNORIPE -DSTDLL_NAME=\"bcomtok\"
opencryptoki_stdll_libpkcs11_bc_la_SOURCES = ../common/asn1.c \

18
security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-Makefile.am Normal file
View File

@@ -0,0 +1,18 @@
--- usr/lib/pkcs11/cca_stdll/Makefile.am.orig 2016-04-29 17:26:45 UTC
+++ usr/lib/pkcs11/cca_stdll/Makefile.am
@@ -66,12 +66,12 @@ install-data-hook:
cd $(DESTDIR)/$(libdir)/opencryptoki/stdll && \
ln -sf libpkcs11_cca.so PKCS11_CCA.so
$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ
- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ
- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok
+ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ
+ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok
$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ
$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok
$(MKDIR_P) $(DESTDIR)$(lockdir)/ccatok
- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/ccatok
+ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/ccatok
$(CHMOD) 0770 $(DESTDIR)$(lockdir)/ccatok
uninstall-hook:

27
security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-host_defs.h
View File

@@ -1,27 +0,0 @@
--- usr/lib/pkcs11/cca_stdll/host_defs.h.orig 2010-07-29 21:28:41.000000000 +0900
+++ usr/lib/pkcs11/cca_stdll/host_defs.h 2010-10-19 23:59:33.363984758 +0900
@@ -10,13 +10,24 @@
*/
+#include <sys/types.h>
#include <sys/mman.h>
#ifndef _HOST_DEFS_H
#define _HOST_DEFS_H
#include <semaphore.h>
#include <pthread.h>
+#if defined(__OpenBSD__) || defined(__FreeBSD__)
+#include <sys/endian.h>
+#ifdef _BYTE_ORDER
+#define __BYTE_ORDER _BYTE_ORDER
+#endif
+#ifdef _LITTLE_ENDIAN
+#define __LITTLE_ENDIAN _LITTLE_ENDIAN
+#endif
+#else
#include <endian.h>
+#endif
#include "pkcs32.h"
// Both of the strings below have a length of 32 chars and must be

23
security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-loadsave.c
View File

@@ -1,23 +0,0 @@
--- usr/lib/pkcs11/cca_stdll/loadsave.c.orig 2010-07-29 21:28:41.000000000 +0900
+++ usr/lib/pkcs11/cca_stdll/loadsave.c 2010-10-20 01:49:50.769984323 +0900
@@ -22,11 +22,9 @@
#include <string.h>
#include <strings.h>
#include <unistd.h>
-#include <alloca.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/ipc.h>
-#include <sys/file.h>
#include <errno.h>
#include <pwd.h>
@@ -51,7 +49,7 @@
// Set absolute permissions or rw-rw-r--
fchmod(file,S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH);
- grp = getgrnam("pkcs11"); // Obtain the group id
+ grp = getgrnam(PKCS11GROUP); // Obtain the group id
if (grp){
fchown(file,getuid(),grp->gr_gid); // set ownership to root, and pkcs11 group
}

52
security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-new_host.c
View File

@@ -1,52 +0,0 @@
--- usr/lib/pkcs11/cca_stdll/new_host.c.orig 2010-07-29 21:28:41.000000000 +0900
+++ usr/lib/pkcs11/cca_stdll/new_host.c 2010-10-20 00:06:26.575983974 +0900
@@ -298,7 +298,7 @@
struct group *grp;
int rc = 0;
gid_t gid,egid;
- grp = getgrnam("pkcs11");
+ grp = getgrnam(PKCS11GROUP);
if (grp) {
// Check for member of group..
// SAB get login seems to not work with some
@@ -786,7 +786,19 @@
//
object_mgr_destroy_token_objects();
#if 0 /* TODO: Implement delete_all_files_in_dir() */
+#if HAVE_ASPRINTF
local_rc = asprintf(&pk_full_path, "%s/%s", pk_dir, PK_LITE_OBJ_DIR);
+#else
+ pk_full_path = malloc(1024);
+ if( pk_full_path != NULL ) {
+ local_rc = snprintf(pk_full_path, 1023, "%s/%s",
+ pk_dir, PK_LITE_OBJ_DIR);
+ if( local_rc == -1 ) free(pk_full_path);
+ }
+ else {
+ local_rc = -1;
+ }
+#endif
if (local_rc == -1) {
rc = CKR_HOST_MEMORY;
goto out;
@@ -797,8 +809,20 @@
goto out;
}
#endif
+#if HAVE_ASPRINTF
local_rc = asprintf(&s, "%s %s/%s/* > /dev/null 2>&1", DEL_CMD, pk_dir,
PK_LITE_OBJ_DIR);
+#else
+ s = malloc(1024);
+ if( s != NULL ) {
+ local_rc = snprintf(s, 1023, "%s %s/%s/* > /dev/null 2>&1",
+ DEL_CMD, pk_dir, PK_LITE_OBJ_DIR);
+ if( local_rc == -1 ) free(s);
+ }
+ else {
+ local_rc = -1;
+ }
+#endif
if (local_rc == -1) {
rc = CKR_HOST_MEMORY;
goto out;

15
security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-tok_spec_struct.h
View File

@@ -1,15 +0,0 @@
--- usr/lib/pkcs11/cca_stdll/tok_spec_struct.h.orig 2010-07-29 21:28:41.000000000 +0900
+++ usr/lib/pkcs11/cca_stdll/tok_spec_struct.h 2010-10-20 00:08:00.317982423 +0900
@@ -22,9 +22,9 @@
#define _TOK_SPECIFIC_STRUCT
struct token_specific_struct{
- CK_BYTE token_directory[2048]; // Used to be in the token_local.h as a #def
- CK_BYTE token_subdir[2048]; // subdirectory
- CK_BYTE token_debug_tag[2048]; // debug logging tag
+ CK_BYTE *token_directory; // Used to be in the token_local.h as a #def
+ CK_BYTE *token_subdir; // subdirectory
+ CK_BYTE *token_debug_tag; // debug logging tag
CK_RV (*t_init)(char *,CK_SLOT_ID); // Initialization function
int (*t_slot2local)(); // convert the PKCS#11 slot to a local index

11
security/opencryptoki/files/patch-usr-lib-pkcs11-common-btree.c Normal file
View File

@@ -0,0 +1,11 @@
--- usr/lib/pkcs11/common/btree.c.orig 2016-04-29 17:26:45 UTC
+++ usr/lib/pkcs11/common/btree.c
@@ -30,7 +30,7 @@
#include <stdio.h>
-#include <malloc.h>
+#include <stdlib.h>
#include "pkcs11types.h"
#include "local_types.h"

17
security/opencryptoki/files/patch-usr-lib-pkcs11-common-host_defs.h
View File

@@ -1,6 +1,6 @@
--- usr/lib/pkcs11/common/host_defs.h.orig 2010-07-29 21:28:41.000000000 +0900
+++ usr/lib/pkcs11/common/host_defs.h 2010-10-20 00:10:01.398983092 +0900
@@ -294,13 +294,24 @@
--- usr/lib/pkcs11/common/host_defs.h.orig 2016-04-29 17:26:45 UTC
+++ usr/lib/pkcs11/common/host_defs.h
@@ -294,12 +294,23 @@
/* (C) COPYRIGHT International Business Machines Corp. 2001,2002 */
@@ -9,19 +9,18 @@
#ifndef _HOST_DEFS_H
#define _HOST_DEFS_H
#include <semaphore.h>
#include <pthread.h>
+#if defined(__OpenBSD__) || defined(__FreeBSD__)
+#include <sys/endian.h>
+#ifdef _BYTE_ORDER
+#define __BYTE_ORDER _BYTE_ORDER
+#ifdef _BYTE_ORDER
+#define __BYTE_ORDER _BYTE_ORDER
+#endif
+#ifdef _LITTLE_ENDIAN
+#define __LITTLE_ENDIAN _LITTLE_ENDIAN
+#ifdef _LITTLE_ENDIAN
+#define __LITTLE_ENDIAN _LITTLE_ENDIAN
+#endif
+#else
#include <endian.h>
+#endif
#include "pkcs32.h"
// Both of the strings below have a length of 32 chars and must be

24
security/opencryptoki/files/patch-usr-lib-pkcs11-common-loadsave.c
View File

@@ -1,6 +1,6 @@
--- usr/lib/pkcs11/common/loadsave.c.orig 2010-07-29 21:28:41.000000000 +0900
+++ usr/lib/pkcs11/common/loadsave.c 2010-10-20 00:11:28.399983780 +0900
@@ -301,11 +301,9 @@
--- usr/lib/pkcs11/common/loadsave.c.orig 2016-04-29 17:26:45 UTC
+++ usr/lib/pkcs11/common/loadsave.c
@@ -293,11 +293,9 @@
#include <string.h>
#include <strings.h>
#include <unistd.h>
@@ -10,14 +10,14 @@
#include <sys/ipc.h>
-#include <sys/file.h>
#include <errno.h>
#include <syslog.h>
#include <pwd.h>
@@ -328,7 +326,7 @@
// Set absolute permissions or rw-rw-r--
fchmod(file,S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH);
@@ -637,7 +635,7 @@ void set_perm(int file)
// Set absolute permissions or rw-rw----
fchmod(file, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
- grp = getgrnam("pkcs11"); // Obtain the group id
+ grp = getgrnam(PKCS11GROUP); // Obtain the group id
if (grp){
fchown(file,getuid(),grp->gr_gid); // set ownership to root, and pkcs11 group
}
- grp = getgrnam("pkcs11"); // Obtain the group id
+ grp = getgrnam(PKCS11GROUP); // Obtain the group id
if (grp) {
// set ownership to root, and pkcs11 group
if (fchown(file, getuid(), grp->gr_gid) != 0) {

52
security/opencryptoki/files/patch-usr-lib-pkcs11-common-new_host.c
View File

@@ -1,52 +0,0 @@
--- usr/lib/pkcs11/common/new_host.c.orig 2010-07-29 21:28:41.000000000 +0900
+++ usr/lib/pkcs11/common/new_host.c 2010-10-20 00:16:08.274985517 +0900
@@ -576,7 +576,7 @@
struct group *grp;
int rc = 0;
gid_t gid,egid;
- grp = getgrnam("pkcs11");
+ grp = getgrnam(PKCS11GROUP);
if (grp) {
// Check for member of group..
// SAB get login seems to not work with some
@@ -1064,7 +1064,19 @@
//
object_mgr_destroy_token_objects();
#if 0 /* TODO: Implement delete_all_files_in_dir() */
+#if HAVE_ASPRINTF
local_rc = asprintf(&pk_full_path, "%s/%s", pk_dir, PK_LITE_OBJ_DIR);
+#else
+ pk_full_path = malloc(1024);
+ if( pk_full_path != NULL ) {
+ local_rc = snprintf(pk_full_path, 1023, "%s/%s",
+ pk_dir, PK_LITE_OBJ_DIR);
+ if( local_rc == -1 ) free(pk_full_path);
+ }
+ else {
+ local_rc = -1;
+ }
+#endif
if (local_rc == -1) {
rc = CKR_HOST_MEMORY;
goto out;
@@ -1075,8 +1087,20 @@
goto out;
}
#endif
+#if HAVE_ASPRINTF
local_rc = asprintf(&s, "%s %s/%s/* > /dev/null 2>&1", DEL_CMD, pk_dir,
PK_LITE_OBJ_DIR);
+#else
+ s = malloc(1024);
+ if( s != NULL ) {
+ local_rc = snprintf(s, 1023, "%s %s/%s/* > /dev/null 2>&1",
+ DEL_CMD, pk_dir, PK_LITE_OBJ_DIR);
+ if( local_rc == -1 ) free(s);
+ }
+ else {
+ local_rc = -1;
+ }
+#endif
if (local_rc == -1) {
rc = CKR_HOST_MEMORY;
goto out;

15
security/opencryptoki/files/patch-usr-lib-pkcs11-common-tok_spec_struct.h
View File

@@ -1,15 +0,0 @@
--- usr/lib/pkcs11/common/tok_spec_struct.h.orig 2010-07-29 21:28:41.000000000 +0900
+++ usr/lib/pkcs11/common/tok_spec_struct.h 2010-10-20 00:17:28.288984976 +0900
@@ -308,9 +308,9 @@
#define _TOK_SPECIFIC_STRUCT
struct token_specific_struct{
- CK_BYTE token_directory[PATH_MAX]; // Used to be in the token_local.h as a #def
- CK_BYTE token_subdir[PATH_MAX]; // subdirectory
- CK_BYTE token_debug_tag[PATH_MAX]; // debug logging tag
+ CK_BYTE *token_directory; // Used to be in the token_local.h as a #def
+ CK_BYTE *token_subdir; // subdirectory
+ CK_BYTE *token_debug_tag; // debug logging tag
CK_RV (*t_init)(char *,CK_SLOT_ID); // Initialization function
int (*t_slot2local)(); // convert the PKCS#11 slot to a local index

19
security/opencryptoki/files/patch-usr-lib-pkcs11-common-trace.c Normal file
View File

@@ -0,0 +1,19 @@
--- usr/lib/pkcs11/common/trace.c.orig 2016-04-29 17:26:46 UTC
+++ usr/lib/pkcs11/common/trace.c
@@ -301,6 +301,7 @@
#include <unistd.h>
#include <sys/file.h>
#include <sys/types.h>
+#include <sys/stat.h>
#include "pkcs11types.h"
#include "defs.h"
@@ -449,7 +450,7 @@ CK_RV trace_initialize(void)
return(CKR_FUNCTION_FAILED);
}
- grp = getgrnam("pkcs11");
+ grp = getgrnam(PKCS11GROUP);
if (grp == NULL) {
OCK_SYSLOG(LOG_ERR, "getgrnam(pkcs11) failed: %s."
"Tracing is disabled.\n", strerror(errno));

37
security/opencryptoki/files/patch-usr-lib-pkcs11-common-utility.c
View File

@@ -1,11 +1,14 @@
--- usr/lib/pkcs11/common/utility.c.orig 2010-07-29 21:28:41.000000000 +0900
+++ usr/lib/pkcs11/common/utility.c 2010-10-20 00:19:02.740983592 +0900
@@ -302,6 +302,26 @@
#include <errno.h>
#include <pwd.h>
--- usr/lib/pkcs11/common/utility.c.orig 2016-04-29 17:26:46 UTC
+++ usr/lib/pkcs11/common/utility.c
@@ -275,9 +275,28 @@
legal action under this Agreement more than one year after
the cause of action arose. Each party waives its rights to
a jury trial in any resulting litigation.
+*/
+#include <fcntl.h>
+
-*/
+#ifdef __sun
+#define LOCK_EX F_LOCK
+#define LOCK_UN F_ULOCK
@@ -25,5 +28,23 @@
+#define LOCK_UN 8 /* unlock */
+#endif
#include "pkcs11types.h"
#include "defs.h"
/* (C) COPYRIGHT International Business Machines Corp. 2001,2002 */
@@ -587,7 +606,7 @@ CK_RV CreateXProcLock(void)
goto err;
}
- grp = getgrnam("pkcs11");
+ grp = getgrnam(PKCS11GROUP);
if (grp != NULL) {
if (fchown(spinxplfd, -1, grp->gr_gid)
== -1) {
@@ -1131,7 +1150,7 @@ CK_RV check_user_and_group()
* when forked). So we need to get the group information.
* Really need to take the uid and map it to a name.
*/
- grp = getgrnam("pkcs11");
+ grp = getgrnam(PKCS11GROUP);
if (grp == NULL) {
OCK_SYSLOG(LOG_ERR, "getgrnam() failed: %s\n", strerror(errno));
goto error;

18
security/opencryptoki/files/patch-usr-lib-pkcs11-cr_stdll-Makefile.am
View File

@@ -1,18 +0,0 @@
--- usr/lib/pkcs11/cr_stdll/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900
+++ usr/lib/pkcs11/cr_stdll/Makefile.am 2010-10-20 00:20:46.987982761 +0900
@@ -2,13 +2,13 @@
opencryptoki_stdll_libpkcs11_cr_la_LDFLAGS = $(LCRYPTO) $(CR_LIB_DIRS) \
-nostartfiles -shared -Wl,-Bsymbolic -Wl,-soname,PKCS11_BC.so.1 -lc \
--lpthread -lsocketarmor -ldl -lcrypto
+-lpthread -lsocketarmor -lcrypto
VARIANT = -DSHALLOW=0 -DSWTOK=1 -DLITE=0
# Not all versions of automake observe libname_CFLAGS
opencryptoki_stdll_libpkcs11_cr_la_CFLAGS = -DSPINXPL -DDEV \
--D_THREAD_SAFE -fPIC $(VARIANT) -DNOCDMF -DNOMD2 -DNODSA -DDEBUGON
+-D_THREAD_SAFE $(FPIC) $(VARIANT) -DNOCDMF -DNOMD2 -DNODSA -DDEBUGON
opencryptoki_stdll_libpkcs11_cr_la_SOURCES = ../common/asn1.c \
../common/cert.c ../common/hwf_obj.c ../common/dp_obj.c \

43
security/opencryptoki/files/patch-usr-lib-pkcs11-ica_s390_stdll-Makefile.am
View File

@@ -1,16 +1,33 @@
--- usr/lib/pkcs11/ica_s390_stdll/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900
+++ usr/lib/pkcs11/ica_s390_stdll/Makefile.am 2010-10-20 00:22:00.867981839 +0900
@@ -2,11 +2,11 @@
opencryptoki_stdll_libpkcs11_ica_la_LDFLAGS = $(LCRYPTO) \
$(ICA_LIB_DIRS) -nostartfiles -shared -Wl,-Bsymbolic -Wl,-soname,$@ \
--Wl,-Bsymbolic -lc -lpthread -lica -ldl -lcrypto
+-Wl,-Bsymbolic -lc -lpthread -lica -lcrypto
--- usr/lib/pkcs11/ica_s390_stdll/Makefile.am.orig 2016-04-29 17:26:46 UTC
+++ usr/lib/pkcs11/ica_s390_stdll/Makefile.am
@@ -6,12 +6,12 @@ opencryptoki_stdll_libpkcs11_ica_la_LDFL
-Wl,-Bsymbolic \
-Wl,-soname,$@ \
-Wl,-Bsymbolic -lc \
- -lpthread -lica -ldl \
+ -lpthread -lica \
-lcrypto
# Not all versions of automake observe libname_CFLAGS
opencryptoki_stdll_libpkcs11_ica_la_CFLAGS = -DSPINXPL -DDEV \
--D_THREAD_SAFE -fPIC -DSHALLOW=0 -DSWTOK=0 -DLITE=1 -DNODH \
+-D_THREAD_SAFE $(FPIC) -DSHALLOW=0 -DSWTOK=0 -DLITE=1 -DNODH \
-DNOCDMF -DNOMD2 -DNODSA -DSTDLL_NAME=\"icatok\"
opencryptoki_stdll_libpkcs11_ica_la_CFLAGS = -DDEV \
- -D_THREAD_SAFE -fPIC \
+ -D_THREAD_SAFE $(FPIC) \
-DSHALLOW=0 -DSWTOK=0 \
-DLITE=1 -DNODH \
-DNOCDMF -DNOMD2 -DNODSA \
@@ -64,12 +64,12 @@ install-data-hook:
cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
ln -sf libpkcs11_ica.so PKCS11_ICA.so
$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ
- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ
- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite
+ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ
+ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite
$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ
$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite
$(MKDIR_P) $(DESTDIR)$(lockdir)/lite
- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/lite
+ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/lite
$(CHMOD) 0770 $(DESTDIR)$(lockdir)/lite
opencryptoki_stdll_libpkcs11_ica_la_SOURCES = ../common/asn1.c \
uninstall-hook:

21
security/opencryptoki/files/patch-usr-lib-pkcs11-ica_stdll-Makefile.am
View File

@@ -1,21 +0,0 @@
--- usr/lib/pkcs11/ica_stdll/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900
+++ usr/lib/pkcs11/ica_stdll/Makefile.am 2010-10-20 00:23:51.161996275 +0900
@@ -2,15 +2,15 @@
opencryptoki_stdll_libpkcs11_ica_la_LDFLAGS = $(LCRYPTO) \
$(ICA_LIB_DIRS) -nostartfiles -shared -Wl,-Bsymbolic \
--Wl,-soname,PKCS11_ICA.so.1 -lc -lpthread -ldl -lica
+-Wl,-soname,PKCS11_ICA.so.1 -lc -lpthread -lica
# Not all versions of automake observe libname_CFLAGS
opencryptoki_stdll_libpkcs11_ica_la_CFLAGS = -DSPINXPL -DDEV \
--D_THREAD_SAFE -fPIC -DSHALLOW=0 -DSWTOK=0 -DLITE=1 -DNOCDMF -DNOMD2 \
+-D_THREAD_SAFE $(FPIC) -DSHALLOW=0 -DSWTOK=0 -DLITE=1 -DNOCDMF -DNOMD2 \
-DNODSA -DNOAES -DNODH -DNORIPE -DSTDLL_NAME=\"icatok\"
# Not all versions of automake observe libname_CFLAGS
-AM_CFLAGS = -DSPINXPL -DDEV -D_THREAD_SAFE -fPIC -DSHALLOW=0 -DSWTOK=0 \
+AM_CFLAGS = -DSPINXPL -DDEV -D_THREAD_SAFE $(FPIC) -DSHALLOW=0 -DSWTOK=0 \
-DLITE=1 -DNOCDMF -DNOMD2 -DNODSA -DNOAES -DNODH -DNORIPE
opencryptoki_stdll_libpkcs11_ica_la_SOURCES= ../common/asn1.c \

15
security/opencryptoki/files/patch-usr-lib-pkcs11-icsf_stdll-Makefile.am Normal file
View File

@@ -0,0 +1,15 @@
--- usr/lib/pkcs11/icsf_stdll/Makefile.am.orig 2016-04-29 17:26:46 UTC
+++ usr/lib/pkcs11/icsf_stdll/Makefile.am
@@ -79,10 +79,10 @@ install-data-hook:
cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
ln -sf libpkcs11_icsf.so PKCS11_ICSF.so
$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf
- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf
+ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf
$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf
$(MKDIR_P) $(DESTDIR)$(lockdir)/icsf
- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/icsf
+ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/icsf
$(CHMOD) 0770 $(DESTDIR)$(lockdir)/icsf
uninstall-hook:

11
security/opencryptoki/files/patch-usr-lib-pkcs11-icsf_stdll-pbkdf.c Normal file
View File

@@ -0,0 +1,11 @@
--- usr/lib/pkcs11/icsf_stdll/pbkdf.c.orig 2016-04-29 17:26:46 UTC
+++ usr/lib/pkcs11/icsf_stdll/pbkdf.c
@@ -337,7 +337,7 @@ set_perms(int file)
return CKR_FUNCTION_FAILED;
}
- grp = getgrnam("pkcs11");
+ grp = getgrnam(PKCS11GROUP);
if (grp) {
if (fchown(file, -1, grp->gr_gid) != 0) {
TRACE_ERROR("fchown failed: %s\n", strerror(errno));

28
security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-Makefile.am
View File

@@ -1,11 +1,27 @@
--- usr/lib/pkcs11/soft_stdll/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900
+++ usr/lib/pkcs11/soft_stdll/Makefile.am 2010-10-20 00:25:03.227984225 +0900
@@ -7,7 +7,7 @@
opencryptoki_stdll_libpkcs11_sw_la_CFLAGS = -DSPINXPL -DDEV -D_THREAD_SAFE \
--- usr/lib/pkcs11/soft_stdll/Makefile.am.orig 2016-04-29 17:26:46 UTC
+++ usr/lib/pkcs11/soft_stdll/Makefile.am
@@ -7,7 +7,7 @@ opencryptoki_stdll_libpkcs11_sw_la_LDFLA
opencryptoki_stdll_libpkcs11_sw_la_CFLAGS = -DDEV -D_THREAD_SAFE \
-DSHALLOW=0 -DSWTOK=1 -DLITE=0 \
-DNOCDMF -DNOMD2 -DNODSA -DNORIPE \
- -DDEBUGON -fPIC \
+ -DDEBUGON $(FPIC) \
- -fPIC \
+ $(FPIC) \
-I/usr/include -I. \
-I../../../include/pkcs11/stdll \
-I../../../include/pkcs11 \
@@ -56,12 +56,12 @@ install-data-hook:
cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
ln -sf libpkcs11_sw.so PKCS11_SW.so
$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ
- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ
- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok
+ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ
+ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok
$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ
$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok
$(MKDIR_P) $(DESTDIR)$(lockdir)/swtok
- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/swtok
+ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/swtok
$(CHMOD) 0770 $(DESTDIR)$(lockdir)/swtok
uninstall-hook:

30
security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-soft_specific.c Normal file
View File

@@ -0,0 +1,30 @@
--- usr/lib/pkcs11/soft_stdll/soft_specific.c.orig 2016-04-29 17:26:46 UTC
+++ usr/lib/pkcs11/soft_stdll/soft_specific.c
@@ -298,7 +298,9 @@
****************************************************************************/
+#ifndef _BSD_SOURCE
#define _BSD_SOURCE
+#endif
#include <pthread.h>
#include <string.h> // for memcmp() et al
@@ -317,7 +319,17 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
+#if defined(__OpenBSD__) || defined(__FreeBSD__)
+#include <sys/endian.h>
+#ifdef _BYTE_ORDER
+#define __BYTE_ORDER _BYTE_ORDER
+#endif
+#ifdef _LITTLE_ENDIAN
+#define __LITTLE_ENDIAN _LITTLE_ENDIAN
+#endif
+#else
#include <endian.h>
+#endif
#include <openssl/des.h>
#include <openssl/rand.h>

15
security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-Makefile.am Normal file
View File

@@ -0,0 +1,15 @@
--- usr/lib/pkcs11/tpm_stdll/Makefile.am.orig 2016-04-29 17:26:46 UTC
+++ usr/lib/pkcs11/tpm_stdll/Makefile.am
@@ -71,10 +71,10 @@ install-data-hook:
cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
ln -sf libpkcs11_tpm.so PKCS11_TPM.so
$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm
- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm
+ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm
$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm
$(MKDIR_P) $(DESTDIR)$(lockdir)/tpm
- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/tpm
+ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/tpm
$(CHMOD) 0770 $(DESTDIR)$(lockdir)/tpm
uninstall-hook:

28
security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-host_defs.h
View File

@@ -1,28 +0,0 @@
--- usr/lib/pkcs11/tpm_stdll/host_defs.h.orig 2010-07-29 21:28:41.000000000 +0900
+++ usr/lib/pkcs11/tpm_stdll/host_defs.h 2010-10-20 00:26:48.474982648 +0900
@@ -2,13 +2,25 @@
/* (C) COPYRIGHT International Business Machines Corp. 2001, 2002, 2005*/
+#include <sys/types.h>
#include <sys/mman.h>
#ifndef _HOST_DEFS_H
#define _HOST_DEFS_H
#include <semaphore.h>
#include <pthread.h>
+
+#if defined(__OpenBSD__) || defined(__FreeBSD__)
+#include <sys/endian.h>
+#ifdef _BYTE_ORDER
+#define __BYTE_ORDER _BYTE_ORDER
+#endif
+#ifdef _LITTLE_ENDIAN
+#define __LITTLE_ENDIAN _LITTLE_ENDIAN
+#endif
+#else
#include <endian.h>
+#endif
#include "pkcs32.h"
// Both of the strings below have a length of 32 chars and must be

11
security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-loadsave.c
View File

@@ -1,11 +0,0 @@
--- usr/lib/pkcs11/tpm_stdll/loadsave.c.orig 2010-07-29 21:28:41.000000000 +0900
+++ usr/lib/pkcs11/tpm_stdll/loadsave.c 2010-10-20 00:27:47.109983972 +0900
@@ -339,7 +339,7 @@
fchmod(file,S_IRUSR|S_IWUSR);
#if 0
- grp = getgrnam("pkcs11"); // Obtain the group id
+ grp = getgrnam(PKCS11GROUP); // Obtain the group id
if (grp){
fchown(file,getuid(),grp->gr_gid); // set ownership to root, and pkcs11 group
}

11
security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-new_host.c
View File

@@ -1,11 +0,0 @@
--- usr/lib/pkcs11/tpm_stdll/new_host.c.orig 2010-07-29 21:28:41.000000000 +0900
+++ usr/lib/pkcs11/tpm_stdll/new_host.c 2010-10-20 00:29:17.108984288 +0900
@@ -356,7 +356,7 @@
int rc = 0;
int index = 0;
gid_t gid,egid;
- grp = getgrnam("pkcs11");
+ grp = getgrnam(PKCS11GROUP);
if ( grp ) {
// Check for member of group..

15
security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-tok_spec_struct.h
View File

@@ -1,15 +0,0 @@
--- usr/lib/pkcs11/tpm_stdll/tok_spec_struct.h.orig 2010-07-29 21:28:41.000000000 +0900
+++ usr/lib/pkcs11/tpm_stdll/tok_spec_struct.h 2010-10-20 00:30:22.991986453 +0900
@@ -33,9 +33,9 @@
#define _TOK_SPECIFIC_STRUCT
struct token_specific_struct{
- CK_BYTE token_directory[PATH_MAX]; // Used to be in the token_local.h as a #def
- CK_BYTE token_subdir[PATH_MAX]; // subdirectory
- CK_BYTE token_debug_tag[PATH_MAX]; // debug logging tag
+ CK_BYTE *token_directory; // Used to be in the token_local.h as a #def
+ CK_BYTE *token_subdir; // subdirectory
+ CK_BYTE *token_debug_tag; // debug logging tag
CK_RV (*t_init)(char *,CK_SLOT_ID); // Initialization function
int (*t_slot2local)(); // convert the PKCS#11 slot to a local index

30
security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-utility.c
View File

@@ -1,30 +0,0 @@
--- usr/lib/pkcs11/tpm_stdll/utility.c.orig 2010-07-29 21:28:41.000000000 +0900
+++ usr/lib/pkcs11/tpm_stdll/utility.c 2010-10-20 00:33:02.810983787 +0900
@@ -44,6 +44,27 @@
#include "tok_spec_struct.h"
#include "pkcs32.h"
+#include <fcntl.h>
+
+#ifdef __sun
+#define LOCK_EX F_LOCK
+#define LOCK_UN F_ULOCK
+#define flock(fd, func) lockf(fd, func, 0)
+#endif
+
+#ifndef LOCK_SH
+#define LOCK_SH 1 /* shared lock */
+#endif
+#ifndef LOCK_EX
+#define LOCK_EX 2 /* exclusive lock */
+#endif
+#ifndef LOCK_NB
+#define LOCK_NB 4 /* don't block when locking */
+#endif
+#ifndef LOCK_UN
+#define LOCK_UN 8 /* unlock */
+#endif
+
#if (SPINXPL)
#include <sys/file.h>
#endif

11
security/opencryptoki/files/patch-usr-sbin-pkcs11_startup-Makefile.am
View File

@@ -1,11 +0,0 @@
--- usr/sbin/pkcs11_startup/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900
+++ usr/sbin/pkcs11_startup/Makefile.am 2010-10-22 00:59:30.397048865 +0900
@@ -12,6 +12,8 @@
-e s!\@ID\@!"@ID@"!g \
-e s!\@CAT\@!"@CAT@"!g \
-e s!\@SED\@!"@SED@"!g \
+ -e s!\@PKCS11USER\@!"@PKCS11USER@"!g \
+ -e s!\@PKCS11GROUP\@!"@PKCS11GROUP@"!g \
-e s!\@GROUPADD\@!"@GROUPADD@"!g \
-e s!\@USERMOD\@!"@USERMOD@"!g < $< > $@-t
@CHMOD@ +x $@-t

41
security/opencryptoki/files/patch-usr-sbin-pkcs11_startup-pkcs11_startup.in
View File

@@ -1,41 +0,0 @@
--- usr/sbin/pkcs11_startup/pkcs11_startup.in.orig 2010-07-29 21:28:41.000000000 +0900
+++ usr/sbin/pkcs11_startup/pkcs11_startup.in 2010-10-22 00:57:35.508983672 +0900
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
#
#
@@ -310,29 +310,20 @@
# Create the pkcs11 group if it does not exist...
-cat /etc/group|grep pkcs11 >/dev/null 2>&1
+cat /etc/group|grep @PKCS11GROUP@ >/dev/null 2>&1
rc=$?
if [ $rc = 1 ]
then
if [ -x @GROUPADD@ ]
then
- @GROUPADD@ pkcs11 >/dev/null 2>&1
+ @GROUPADD@ @PKCS11GROUP@ >/dev/null 2>&1
else
- echo "Couldn't execute @GROUPADD@. Please add the group 'pkcs11' manually."
+ echo "Couldn't execute @GROUPADD@. Please add the group '@PKCS11GROUP@' manually."
fi
fi
-if [ -x @USERMOD@ -a -x @ID@ ]
-then
- # add the pkcs group
- # replace spaces by commas
- @USERMOD@ -G $( @ID@ --groups --name root | @SED@ -e 'y/ /,/'),pkcs11 root
-else
- echo "Couldn't execute @USERMOD@. Please add root to the group 'pkcs11' manually."
-fi
-
# For each card run the status command and if successful
# create the odm stanza for the file

142
security/opencryptoki/files/patch-usr-sbin-pkcs_slot-pkcs_slot.in
View File

@@ -1,142 +0,0 @@
--- usr/sbin/pkcs_slot/pkcs_slot.in.orig 2010-07-29 21:28:41.000000000 +0900
+++ usr/sbin/pkcs_slot/pkcs_slot.in 2010-10-22 00:42:38.286985256 +0900
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
#
#
@@ -360,7 +360,7 @@
if [ ! -d @localstatedir@/lib/opencryptoki ]
then
@MKDIR_P@ @localstatedir@/lib/opencryptoki
- @CHGRP@ pkcs11 @localstatedir@/lib/opencryptoki
+ @CHGRP@ @PKCS11GROUP@ @localstatedir@/lib/opencryptoki
@CHMOD@ -R g+rwX @localstatedir@/lib/opencryptoki
fi
@@ -372,9 +372,9 @@
if [ $? -ne 0 ]
then
mkdir $SOFT_DIR
- @CHGRP@ pkcs11 $SOFT_DIR
+ @CHGRP@ @PKCS11GROUP@ $SOFT_DIR
mkdir "$SOFT_DIR"/TOK_OBJ
- @CHGRP@ pkcs11 "$SOFT_DIR"/TOK_OBJ
+ @CHGRP@ @PKCS11GROUP@ "$SOFT_DIR"/TOK_OBJ
fi
SYS_SLOT="Soft"
fi
@@ -386,7 +386,7 @@
if [ $? -ne 0 ]
then
mkdir $TPM_DIR
- @CHGRP@ pkcs11 $TPM_DIR
+ @CHGRP@ @PKCS11GROUP@ $TPM_DIR
fi
SYS_SLOT="TPM"
fi
@@ -397,7 +397,7 @@
if [ $? -ne 0 ]
then
mkdir $CCA_DIR
- @CHGRP@ pkcs11 $CCA_DIR
+ @CHGRP@ @PKCS11GROUP@ $CCA_DIR
mkdir "$CCA_DIR"/TOK_OBJ
@CHGRP@ pkcs11 "$CCA_DIR"/TOK_OBJ
fi
@@ -406,7 +406,7 @@
# If we are using a shallow device, make sure that the directory
# to store token objects is available, if not create it and change
-# the ownership to the pkcs11 group
+# the ownership to the @PKCS11GROUP@ group
if [ $DEPTH = "ica" ]
@@ -415,9 +415,9 @@
if [ $? -ne 0 ]
then
mkdir $ICA_DIR
- @CHGRP@ pkcs11 $ICA_DIR
+ @CHGRP@ @PKCS11GROUP@ $ICA_DIR
mkdir "$ICA_DIR"/TOK_OBJ
- @CHGRP@ pkcs11 "$ICA_DIR"/TOK_OBJ
+ @CHGRP@ @PKCS11GROUP@ "$ICA_DIR"/TOK_OBJ
fi
SYS_SLOT="ICA"
fi
@@ -428,9 +428,9 @@
if [ $? -ne 0 ]
then
mkdir $BCOM_DIR
- @CHGRP@ pkcs11 $BCOM_DIR
+ @CHGRP@ @PKCS11GROUP@ $BCOM_DIR
mkdir "$BCOM_DIR"/TOK_OBJ
- @CHGRP@ pkcs11 "$BCOM_DIR"/TOK_OBJ
+ @CHGRP@ @PKCS11GROUP@ "$BCOM_DIR"/TOK_OBJ
fi
SYS_SLOT="BCOM"
fi
@@ -441,9 +441,9 @@
if [ $? -ne 0 ]
then
mkdir $AEP_DIR
- @CHGRP@ pkcs11 $AEP_DIR
+ @CHGRP@ @PKCS11GROUP@ $AEP_DIR
mkdir "$AEP_DIR"/TOK_OBJ
- @CHGRP@ pkcs11 "$AEP_DIR"/TOK_OBJ
+ @CHGRP@ @PKCS11GROUP@ "$AEP_DIR"/TOK_OBJ
fi
SYS_SLOT="AEP"
fi
@@ -454,9 +454,9 @@
if [ $? -ne 0 ]
then
mkdir $CR_DIR
- @CHGRP@ pkcs11 $CR_DIR
+ @CHGRP@ @PKCS11GROUP@ $CR_DIR
mkdir "$CR_DIR"/TOK_OBJ
- @CHGRP@ pkcs11 "$CR_DIR"/TOK_OBJ
+ @CHGRP@ @PKCS11GROUP@ "$CR_DIR"/TOK_OBJ
fi
SYS_SLOT="CRNT"
fi
@@ -477,29 +477,29 @@
if [ $DEPTH = "deep" ]
then
-echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|$DEVICE|$DEEP4758_DLL_FN|$DEEP4758_INIT" >>$CFGFILE
+echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|$DEVICE|$DEEP4758_DLL|$DEEP4758_INIT" >>$CFGFILE
elif [ $DEPTH = "ica" ]
then
-echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$ICA_DLL_FN|$ICA_INIT" >>$CFGFILE
+echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$ICA_DLL|$ICA_INIT" >>$CFGFILE
elif [ $DEPTH = "bcom" ]
then
-echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$BCOM_DLL_FN|$BCOM_INIT" >>$CFGFILE
+echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$BCOM_DLL|$BCOM_INIT" >>$CFGFILE
elif [ $DEPTH = "aep" ]
then
-echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$AEP_DLL_FN|$AEP_INIT" >>$CFGFILE
+echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$AEP_DLL|$AEP_INIT" >>$CFGFILE
elif [ $DEPTH = "cr" ]
then
-echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$CR_DLL_FN|$CR_INIT" >>$CFGFILE
+echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$CR_DLL|$CR_INIT" >>$CFGFILE
elif [ $DEPTH = "soft" ]
then
-echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|FALSE|0|0|1|1|NONE|$SOFT_DLL_FN|$SOFT_INIT" >>$CFGFILE
+echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|FALSE|0|0|1|1|NONE|$SOFT_DLL|$SOFT_INIT" >>$CFGFILE
elif [ $DEPTH = "tpm" ]
then
-echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$TPM_DLL_FN|$TPM_INIT" >>$CFGFILE
+echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$TPM_DLL|$TPM_INIT" >>$CFGFILE
elif [ $DEPTH = "cca" ]
then
-echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$CCA_DLL_FN|$CCA_INIT" >>$CFGFILE
+echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$CCA_DLL|$CCA_INIT" >>$CFGFILE
fi
@CHMOD@ -R g+wrX @localstatedir@/lib/opencryptoki

6
security/opencryptoki/files/patch-usr-sbin-pkcsconf-Makefile.am
View File

@@ -1,5 +1,5 @@
--- usr/sbin/pkcsconf/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900
+++ usr/sbin/pkcsconf/Makefile.am 2010-10-20 00:46:34.600985372 +0900
--- usr/sbin/pkcsconf/Makefile.am.orig 2016-04-29 17:26:46 UTC
+++ usr/sbin/pkcsconf/Makefile.am
@@ -1,6 +1,6 @@
sbin_PROGRAMS=pkcsconf
@@ -7,4 +7,4 @@
+pkcsconf_LDFLAGS = -lpthread
# Not all versions of automake observe sbinname_CFLAGS
pkcsconf_CFLAGS = -DSPINXPL -D_THREAD_SAFE -DDEBUG -DDEV -DAPI
pkcsconf_CFLAGS = -D_THREAD_SAFE -DDEBUG -DDEV -DAPI

12
security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c
View File

@@ -1,11 +1,11 @@
--- usr/sbin/pkcsconf/pkcsconf.c.orig 2010-07-29 21:28:41.000000000 +0900
+++ usr/sbin/pkcsconf/pkcsconf.c 2010-10-20 00:47:46.462984231 +0900
@@ -654,6 +654,8 @@
free (newpin2);
}
--- usr/sbin/pkcsconf/pkcsconf.c.orig 2016-04-29 17:26:46 UTC
+++ usr/sbin/pkcsconf/pkcsconf.c
@@ -777,6 +777,8 @@ display_pkcs11_info(void){
printf("\tLibrary Version %d.%d \n", CryptokiInfo.libraryVersion.major,
CryptokiInfo.libraryVersion.minor);
+ cleanup();
+
return rc;
}

107
security/opencryptoki/files/patch-usr-sbin-pkcsslotd-err.c
View File

@@ -1,107 +0,0 @@
--- usr/sbin/pkcsslotd/err.c.orig 2010-07-29 21:28:41.000000000 +0900
+++ usr/sbin/pkcsslotd/err.c 2010-10-20 01:17:17.245985003 +0900
@@ -288,6 +288,7 @@
/* (C) COPYRIGHT International Business Machines Corp. 2001 */
+#include <signal.h>
#include "pthread.h"
@@ -331,14 +332,30 @@
CONSTINFO(ERANGE),
CONSTINFO(ENOMSG),
CONSTINFO(EIDRM),
+#ifdef ECHRNG
CONSTINFO(ECHRNG),
+#endif
+#ifdef EL2NSYNC
CONSTINFO(EL2NSYNC),
+#endif
+#ifdef EL3HLT
CONSTINFO(EL3HLT),
+#endif
+#ifdef EL3RST
CONSTINFO(EL3RST),
+#endif
+#ifdef ELNRNG
CONSTINFO(ELNRNG),
+#endif
+#ifdef EUNATCH
CONSTINFO(EUNATCH),
+#endif
+#ifdef ENOCSI
CONSTINFO(ENOCSI),
+#endif
+#ifdef EL2HLT
CONSTINFO(EL2HLT),
+#endif
CONSTINFO(EDEADLK),
CONSTINFO(ESTALE),
CONSTINFO(EWOULDBLOCK),
@@ -369,7 +386,9 @@
CONSTINFO(ECONNREFUSED),
CONSTINFO(EHOSTDOWN),
CONSTINFO(EHOSTUNREACH),
+#ifdef ERESTART
CONSTINFO(ERESTART),
+#endif
CONSTINFO(EUSERS),
CONSTINFO(ELOOP),
CONSTINFO(ENAMETOOLONG),
@@ -380,16 +399,34 @@
CONSTINFO(ETOOMANYREFS),
CONSTINFO(EILSEQ),
CONSTINFO(ECANCELED),
+#ifdef ENOSR
CONSTINFO(ENOSR),
+#endif
+#ifdef ETIME
CONSTINFO(ETIME),
+#endif
+#ifdef EBADMSG
CONSTINFO(EBADMSG),
+#endif
+#ifdef EPROTO
CONSTINFO(EPROTO),
+#endif
+#ifdef ENODATA
CONSTINFO(ENODATA),
+#endif
+#ifdef ENOSTR
CONSTINFO(ENOSTR),
+#endif
CONSTINFO(ENOTSUP),
+#ifdef EMULTIHOP
CONSTINFO(EMULTIHOP),
+#endif
+#ifdef ENOLINK
CONSTINFO(ENOLINK),
+#endif
+#ifdef EOVERFLOW
CONSTINFO(EOVERFLOW),
+#endif
};
@@ -424,14 +461,20 @@
CONSTINFO(SIGXCPU),
CONSTINFO(SIGXFSZ),
CONSTINFO(SIGWINCH),
+#ifdef SIGPWR
CONSTINFO(SIGPWR),
+#endif
CONSTINFO(SIGUSR1),
CONSTINFO(SIGUSR2),
CONSTINFO(SIGPROF),
CONSTINFO(SIGVTALRM),
CONSTINFO(SIGIOT),
+#ifdef SIGCLD
CONSTINFO(SIGCLD),
+#endif
+#ifdef SIGPOLL
CONSTINFO(SIGPOLL),
+#endif
#if 0
CONSTINFO(SIG_DFL),
CONSTINFO(SIG_IGN),

14
security/opencryptoki/files/patch-usr-sbin-pkcsslotd-log.h Normal file
View File

@@ -0,0 +1,14 @@
--- usr/sbin/pkcsslotd/log.h.orig 2016-04-29 17:26:46 UTC
+++ usr/sbin/pkcsslotd/log.h
@@ -297,9 +297,8 @@
#ifndef _LOG_H
#define _LOG_H 1
-
-
-
+#include <sys/types.h>
+#include <unistd.h>
#ifndef FALSE
#define FALSE 0

49
security/opencryptoki/files/patch-usr-sbin-pkcsslotd-mutex.c
View File

@@ -1,17 +1,20 @@
--- usr/sbin/pkcsslotd/mutex.c.orig 2010-07-29 21:28:41.000000000 +0900
+++ usr/sbin/pkcsslotd/mutex.c 2010-12-19 12:13:34.837579374 +0900
@@ -293,6 +293,26 @@
#include "pkcsslotd.h"
--- usr/sbin/pkcsslotd/mutex.c.orig 2016-04-29 17:26:46 UTC
+++ usr/sbin/pkcsslotd/mutex.c
@@ -281,10 +281,28 @@
legal action under this Agreement more than one year after
the cause of action arose. Each party waives its rights to
a jury trial in any resulting litigation.
+*/
+#include <fcntl.h>
+
+#ifdef __sun
+#define LOCK_EX F_LOCK
+#define LOCK_UN F_ULOCK
+#define flock(fd, func) lockf(fd, func, 0)
+#endif
+
-*/
+#ifndef LOCK_SH
+#define LOCK_SH 1 /* shared lock */
+#endif
@@ -25,28 +28,14 @@
+#define LOCK_UN 8 /* unlock */
+#endif
#if SYSVSEM
#error "Caveat Emptor... this does not work"
@@ -315,7 +335,7 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
-#include <sys/file.h>
+#include <grp.h>
static int xplfd=-1;
#endif
/* (C) COPYRIGHT International Business Machines Corp. 2001 */
@@ -349,6 +369,13 @@
#elif (SPINXPL)
xplfd = open (XPL_FILE,O_CREAT|O_RDWR,S_IRWXU|S_IRWXG|S_IRWXO);
+ {
+ struct group *grp;
+ fchmod(xplfd,S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH);
+ grp = getgrnam(PKCS11GROUP);
+ if (grp)
+ fchown(xplfd,getuid(),grp->gr_gid);
+ }
@@ -323,7 +341,7 @@ CreateXProcLock(void)
goto error;
}
#elif (SYSVSEM)
#error "Caveat Emptor... this does not work"
- grp = getgrnam("pkcs11");
+ grp = getgrnam(PKCS11GROUP);
if (grp != NULL) {
if (fchown(xplfd,-1,grp->gr_gid) == -1) {
DbgLog(DL0,"%s:fchown(%s):%s\n",

21
security/opencryptoki/files/patch-usr-sbin-pkcsslotd-pkcsslotd.h
View File

@@ -1,11 +1,12 @@
--- usr/sbin/pkcsslotd/pkcsslotd.h.orig 2010-07-29 21:28:41.000000000 +0900
+++ usr/sbin/pkcsslotd/pkcsslotd.h 2010-10-20 01:20:18.253984238 +0900
@@ -353,7 +353,7 @@
#include <nl_types.h>
--- usr/sbin/pkcsslotd/pkcsslotd.h.orig 2016-04-29 17:26:46 UTC
+++ usr/sbin/pkcsslotd/pkcsslotd.h
@@ -305,6 +305,9 @@
#ifndef _PKCSSLOTMGR_H
#define _PKCSSLOTMGR_H 1
#include <sys/ipc.h>
-#include <linux/limits.h>
+#include <limits.h>
#include <sys/shm.h>
#include <sys/stat.h>
#include <sys/types.h>
+#include <sys/types.h>
+#include <sys/ipc.h>
+
/***********
* Defines *
***********/

10
security/opencryptoki/files/patch-usr-sbin-pkcsslotd-shmem.c
View File

@@ -1,6 +1,6 @@
--- usr/sbin/pkcsslotd/shmem.c.orig 2010-07-29 21:28:41.000000000 +0900
+++ usr/sbin/pkcsslotd/shmem.c 2010-10-20 01:23:03.203984101 +0900
@@ -338,9 +338,9 @@
--- usr/sbin/pkcsslotd/shmem.c.orig 2016-04-29 17:26:46 UTC
+++ usr/sbin/pkcsslotd/shmem.c
@@ -336,9 +336,9 @@ int CreateSharedMemory ( void ) {
}
// SAB Get the group information for the PKCS#11 group... fail if
// it does not exist
@@ -12,7 +12,7 @@
return FALSE; // Group does not exist... setup is wrong..
}
@@ -409,9 +409,9 @@
@@ -415,9 +415,9 @@ int CreateSharedMemory ( void ) {
int i;
char *buffer;
@@ -24,7 +24,7 @@
SBIN_PATH);
return FALSE; // Group does not exist... setup is wrong..
}
@@ -431,7 +431,7 @@
@@ -437,7 +437,7 @@ int CreateSharedMemory ( void ) {
return FALSE;
}
if (fchown(fd, 0, grp->gr_gid) == -1) {

11
security/opencryptoki/files/patch-usr-sbin-pkcsslotd-socket_server.c Normal file
View File

@@ -0,0 +1,11 @@
--- usr/sbin/pkcsslotd/socket_server.c.orig 2016-04-29 17:26:46 UTC
+++ usr/sbin/pkcsslotd/socket_server.c
@@ -337,7 +337,7 @@ int CreateListenerSocket (void) {
// make socket file part of the pkcs11 group, and write accessable
// for that group
- grp = getgrnam("pkcs11");
+ grp = getgrnam(PKCS11GROUP);
if (!grp) {
ErrLog("Group PKCS#11 does not exist");
DetachSocketListener(socketfd);

13
security/opencryptoki/files/pkcsslotd.in
View File

@@ -16,18 +16,19 @@
. /etc/rc.subr
name=pkcsslotd
rcvar=pkcsslotd_enable
command=%%PREFIX%%/sbin/${name}
rcvar=${name}_enable
command="%%PREFIX%%/sbin/$name"
start_precmd=${name}_prestart
pkcsslotd_prestart () {
[ -f /var/lib/opencryptoki/pk_config_data ] || \
%%PREFIX%%/sbin/pkcs11_startup
install -d -o %%USERS%% -g %%GROUPS%% -m 0755 \
/var/run/opencryptoki/swtok \
/var/run/opencryptoki/tpm
}
load_rc_config ${name}
load_rc_config $name
: pkcsslotd_enable=${pkcsslotd_enable-"NO"}
: ${pkcsslotd_enable="NO"}
run_rc_command "$1"

23
security/opencryptoki/pkg-plist
View File

@@ -1,3 +1,4 @@
@sample etc/opencryptoki/opencryptoki.conf.sample
include/opencryptoki/apiclient.h
include/opencryptoki/pkcs11.h
include/opencryptoki/pkcs11types.h
@@ -7,10 +8,10 @@ lib/opencryptoki/libopencryptoki.so.0
lib/opencryptoki/libopencryptoki.so.0.0.0
lib/opencryptoki/methods
lib/opencryptoki/stdll/PKCS11_SW.so
lib/opencryptoki/stdll/PKCS11_TPM.so
lib/opencryptoki/stdll/libpkcs11_sw.so
lib/opencryptoki/stdll/libpkcs11_sw.so.0
lib/opencryptoki/stdll/libpkcs11_sw.so.0.0.0
lib/opencryptoki/stdll/PKCS11_TPM.so
lib/opencryptoki/stdll/libpkcs11_tpm.so
lib/opencryptoki/stdll/libpkcs11_tpm.so.0
lib/opencryptoki/stdll/libpkcs11_tpm.so.0.0.0
@@ -18,16 +19,18 @@ lib/pkcs11/PKCS11_API.so
lib/pkcs11/libopencryptoki.so
lib/pkcs11/methods
lib/pkcs11/stdll
sbin/pkcs11_startup
sbin/pkcs_slot
sbin/pkcsconf
sbin/pkcsslotd
man/man1/pkcs11_startup.1.gz
man/man1/pkcscca.1.gz
man/man1/pkcsconf.1.gz
man/man5/pk_config_data.5.gz
man/man1/pkcsep11_migrate.1.gz
man/man1/pkcsicsf.1.gz
man/man5/opencryptoki.conf.5.gz
man/man7/opencryptoki.7.gz
man/man8/pkcsslotd.8.gz
@dir(_pkcs11,_pkcs11,700) /var/lib/opencryptoki/swtok
@dir(_pkcs11,_pkcs11,700) /var/lib/opencryptoki/tpm
@dir(_pkcs11,_pkcs11,700) /var/lib/opencryptoki
sbin/pkcsconf
sbin/pkcsslotd
@dir(%%USERS%%,%%GROUPS%%,700) /var/lib/opencryptoki/swtok/TOK_OBJ
@dir(%%USERS%%,%%GROUPS%%,700) /var/lib/opencryptoki/swtok
@dir(%%USERS%%,%%GROUPS%%,700) /var/lib/opencryptoki/tpm
@dir(%%USERS%%,%%GROUPS%%,700) /var/lib/opencryptoki
@dir /var/lib
@dir /var/log/opencryptoki