From ab4b7f7ca4a3a477df1cf61418f2d63755652dcc Mon Sep 17 00:00:00 2001
From: Johnny Hughes <johnny@centos.org>
Date: Mon, 14 May 2018 14:34:43 +0000
Subject: [PATCH] set ipaplatform to rhel for compatibilty for updates

---
 SOURCES/0042-Log-errors-from-NSS-during-FIPS-OTP-key-import.patch |   59 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 59 insertions(+), 0 deletions(-)

diff --git a/SOURCES/0042-Log-errors-from-NSS-during-FIPS-OTP-key-import.patch b/SOURCES/0042-Log-errors-from-NSS-during-FIPS-OTP-key-import.patch
new file mode 100644
index 0000000..4ee49e1
--- /dev/null
+++ b/SOURCES/0042-Log-errors-from-NSS-during-FIPS-OTP-key-import.patch
@@ -0,0 +1,59 @@
+From b9194a0292ce57418b3c9f5faf2ee5509f0fb749 Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Thu, 1 Mar 2018 14:25:55 -0500
+Subject: [PATCH] Log errors from NSS during FIPS OTP key import
+
+Signed-off-by: Robbie Harwood <rharwood@redhat.com>
+Reviewed-By: Christian Heimes <cheimes@redhat.com>
+Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
+---
+ daemons/ipa-slapi-plugins/libotp/hotp.c | 16 ++++++++++++++--
+ 1 file changed, 14 insertions(+), 2 deletions(-)
+
+diff --git a/daemons/ipa-slapi-plugins/libotp/hotp.c b/daemons/ipa-slapi-plugins/libotp/hotp.c
+index 0c9de96d37183e597867b736d6324db60fa1b3bb..1b9110ebf89a705c9c670d4d33fc7ed615ad25f3 100644
+--- a/daemons/ipa-slapi-plugins/libotp/hotp.c
++++ b/daemons/ipa-slapi-plugins/libotp/hotp.c
+@@ -49,7 +49,9 @@
+ #include <blapit.h>
+ #include <pk11pub.h>
+ #include <hasht.h>
++#include <prerror.h>
+ #include <prnetdb.h>
++#include <syslog.h>
+ 
+ struct digest_buffer {
+     uint8_t buf[SHA512_LENGTH];
+@@ -93,17 +95,27 @@ import_key(PK11SlotInfo *slot, CK_MECHANISM_TYPE mech, SECItem *key)
+                                      PK11_ATTR_SESSION |
+                                      PK11_ATTR_PRIVATE |
+                                      PK11_ATTR_SENSITIVE, NULL);
+-    if (!ekey)
++    if (!ekey) {
++        syslog(LOG_ERR, "libotp: in FIPS, PK11_TokenKeyGenWithFlags failed: %d",
++               PR_GetError());
+         goto egress;
++    }
+ 
+     /* Encrypt the input key. */
+     if (PK11_Encrypt(ekey, CKM_AES_CBC_PAD, &ivitem, ctitem.data, &ctitem.len,
+-                     ctitem.len, key->data, key->len) != SECSuccess)
++                     ctitem.len, key->data, key->len) != SECSuccess) {
++        syslog(LOG_ERR, "libotp: in FIPS, PK11_Encrypt failed: %d",
++               PR_GetError());
+         goto egress;
++    }
+ 
+     /* Unwrap the input key. */
+     skey = PK11_UnwrapSymKey(ekey, CKM_AES_CBC_PAD, &ivitem,
+                              &ctitem, mech, CKA_SIGN, key->len);
++    if (!skey) {
++        syslog(LOG_ERR, "libotp: in FIPS, PK11_UnwrapSymKey failed: %d",
++               PR_GetError());
++    }
+ 
+ egress:
+     PK11_FreeSymKey(ekey);
+-- 
+2.14.3
+

--
Gitblit v1.8.0