Blob Blame History Raw
commit 8e9800b492f7a40ed5dfcd85e042701b6a5c5a26
Author: Ingo Franzki <ifranzki@linux.ibm.com>
Date:   Tue Dec 7 16:39:28 2021 +0100

    ICA/EP11: Support libica version 4
    
    Try to load libica version 4 (libica.so.4), but fall back to version 3
    (libica.so.3) if version 4 is not available.
    
    Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>

diff --git a/usr/lib/ep11_stdll/ep11_specific.c b/usr/lib/ep11_stdll/ep11_specific.c
index 4029e5a5..f223017d 100644
--- a/usr/lib/ep11_stdll/ep11_specific.c
+++ b/usr/lib/ep11_stdll/ep11_specific.c
@@ -68,7 +68,8 @@
 #define EP11SHAREDLIB_V2 "libep11.so.2"
 #define EP11SHAREDLIB_V1 "libep11.so.1"
 #define EP11SHAREDLIB "libep11.so"
-#define ICASHAREDLIB  "libica.so.3"
+#define ICASHAREDLIB_V4  "libica.so.4"
+#define ICASHAREDLIB_V3  "libica.so.3"
 
 CK_RV ep11tok_get_mechanism_list(STDLL_TokData_t * tokdata,
                                  CK_MECHANISM_TYPE_PTR mlist,
@@ -2044,9 +2045,9 @@ static CK_RV make_wrapblob(STDLL_TokData_t * tokdata, CK_ATTRIBUTE * tmpl_in,
 }
 
 #ifdef EP11_HSMSIM
-#define DLOPEN_FLAGS        RTLD_GLOBAL | RTLD_NOW | RTLD_DEEPBIND
+#define DLOPEN_FLAGS        RTLD_NOW | RTLD_DEEPBIND
 #else
-#define DLOPEN_FLAGS        RTLD_GLOBAL | RTLD_NOW
+#define DLOPEN_FLAGS        RTLD_NOW
 #endif
 
 static void *ep11_load_host_lib()
@@ -2209,12 +2210,16 @@ static CK_RV ep11tok_load_libica(STDLL_TokData_t *tokdata)
         return CKR_OK;
 
     if (strcmp(ep11_data->digest_libica_path, "") == 0) {
-        strcpy(ep11_data->digest_libica_path, ICASHAREDLIB);
+        strcpy(ep11_data->digest_libica_path, ICASHAREDLIB_V4);
         default_libica = 1;
+        libica->library = dlopen(ep11_data->digest_libica_path, RTLD_NOW);
+        if (libica->library == NULL) {
+            strcpy(ep11_data->digest_libica_path, ICASHAREDLIB_V3);
+            libica->library = dlopen(ep11_data->digest_libica_path, RTLD_NOW);
+        }
+    } else {
+        libica->library = dlopen(ep11_data->digest_libica_path, RTLD_NOW);
     }
-
-    libica->library = dlopen(ep11_data->digest_libica_path,
-                             RTLD_GLOBAL | RTLD_NOW);
     if (libica->library == NULL) {
         errstr = dlerror();
         OCK_SYSLOG(default_libica ? LOG_WARNING : LOG_ERR,
diff --git a/usr/lib/ica_s390_stdll/ica_specific.c b/usr/lib/ica_s390_stdll/ica_specific.c
index fd18de42..c4fa9654 100644
--- a/usr/lib/ica_s390_stdll/ica_specific.c
+++ b/usr/lib/ica_s390_stdll/ica_specific.c
@@ -83,7 +83,8 @@ const char label[] = "icatok";
 
 static pthread_mutex_t rngmtx = PTHREAD_MUTEX_INITIALIZER;
 
-#define LIBICA_SHARED_LIB "libica.so.3"
+#define LIBICA_SHARED_LIB_V3 "libica.so.3"
+#define LIBICA_SHARED_LIB_V4 "libica.so.4"
 #define BIND(dso, sym)  do {                                             \
                             if (p_##sym == NULL)                         \
                                 *(void **)(&p_##sym) = dlsym(dso, #sym); \
@@ -221,9 +222,13 @@ static CK_RV load_libica(void)
     void *ibmca_dso = NULL;
 
     /* Load libica */
-    ibmca_dso = dlopen(LIBICA_SHARED_LIB, RTLD_NOW);
+    ibmca_dso = dlopen(LIBICA_SHARED_LIB_V4, RTLD_NOW);
+    if (ibmca_dso == NULL)
+        ibmca_dso = dlopen(LIBICA_SHARED_LIB_V3, RTLD_NOW);
+
     if (ibmca_dso == NULL) {
-        TRACE_ERROR("%s: dlopen(%s) failed\n", __func__, LIBICA_SHARED_LIB);
+        TRACE_ERROR("%s: dlopen(%s or %s) failed: %s\n", __func__,
+                    LIBICA_SHARED_LIB_V4, LIBICA_SHARED_LIB_V3, dlerror());
         return CKR_FUNCTION_FAILED;
     }