diff --git a/SOURCES/opencryptoki-3.11.1-d6ba9ff61743ce869a5a677f6f77339642efef4b.patch b/SOURCES/opencryptoki-3.11.1-d6ba9ff61743ce869a5a677f6f77339642efef4b.patch new file mode 100644 index 0000000..dca81c1 --- /dev/null +++ b/SOURCES/opencryptoki-3.11.1-d6ba9ff61743ce869a5a677f6f77339642efef4b.patch @@ -0,0 +1,59 @@ +commit d6ba9ff61743ce869a5a677f6f77339642efef4b +Author: Ingo Franzki +Date: Tue Sep 24 14:35:59 2019 +0200 + + EP11: Support tolerated new crypto cards + + With just toleration support of new crypt cards, new crypto + cards are reported as the last known crypto card version. + E.g. a CEX7 card is reported as CEX6, when CEX6 is the last + known crypto card version. + + The EP11 token checks the card versions and needs to distinguish + tolerated cards from supported cards. New (tolerated) crypto cards + may have different API and firmware versions, and thus need to be + handled differently. + + Signed-off-by: Ingo Franzki + +diff --git a/usr/lib/ep11_stdll/ep11_specific.c b/usr/lib/ep11_stdll/ep11_specific.c +index e22dad5d..a65accea 100644 +--- a/usr/lib/ep11_stdll/ep11_specific.c ++++ b/usr/lib/ep11_stdll/ep11_specific.c +@@ -8253,6 +8253,7 @@ static CK_RV get_card_type(uint_32 adapter, CK_ULONG *type) + char fname[PATH_MAX]; + char buf[250]; + CK_RV rc; ++ CK_ULONG hwtype, rawtype; + + sprintf(fname, "%scard%02x/type", SYSFS_DEVICES_AP, adapter); + rc = file_fgets(fname, buf, sizeof(buf)); +@@ -8260,6 +8261,28 @@ static CK_RV get_card_type(uint_32 adapter, CK_ULONG *type) + return rc; + if (sscanf(buf, "CEX%luP", type) != 1) + return CKR_FUNCTION_FAILED; ++ ++ sprintf(fname, "%scard%02x/hwtype", SYSFS_DEVICES_AP, adapter); ++ rc = file_fgets(fname, buf, sizeof(buf)); ++ if (rc != CKR_OK) ++ return rc; ++ if (sscanf(buf, "%lu", &hwtype) != 1) ++ return CKR_FUNCTION_FAILED; ++ ++ sprintf(fname, "%scard%02x/raw_hwtype", SYSFS_DEVICES_AP, adapter); ++ rc = file_fgets(fname, buf, sizeof(buf)); ++ if (rc != CKR_OK) ++ return rc; ++ if (sscanf(buf, "%lu", &rawtype) != 1) ++ return CKR_FUNCTION_FAILED; ++ ++ if (rawtype > hwtype) { ++ TRACE_DEVEL("%s adapter: %u hwtype: %lu raw_hwtype: %lu\n", ++ __func__, adapter, hwtype, rawtype); ++ /* Tolerated new card level: report calculated type */ ++ *type += (rawtype - hwtype); ++ } ++ + return CKR_OK; + } + diff --git a/SPECS/opencryptoki.spec b/SPECS/opencryptoki.spec index 51ded01..f6ab462 100644 --- a/SPECS/opencryptoki.spec +++ b/SPECS/opencryptoki.spec @@ -1,19 +1,22 @@ Name: opencryptoki Summary: Implementation of the PKCS#11 (Cryptoki) specification v2.11 Version: 3.11.1 -Release: 2%{?dist} +Release: 3%{?dist} License: CPL Group: System Environment/Base URL: https://github.com/opencryptoki/opencryptoki Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz # https://bugzilla.redhat.com/show_bug.cgi?id=732756 -Patch0: opencryptoki-3.11.0-group.patch +Patch0: opencryptoki-3.11.0-group.patch # bz#1373833, change tmpfiles snippets from /var/lock/* to /run/lock/* -Patch1: opencryptoki-3.11.0-lockdir.patch +Patch1: opencryptoki-3.11.0-lockdir.patch # bz#1063763, inform the user that he is not in pkcs11 group -Patch2: opencryptoki-3.11.0-warn-user-not-in-pkcs11-group.patch +Patch2: opencryptoki-3.11.0-warn-user-not-in-pkcs11-group.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1739433 -Patch3: opencryptoki-3.11.1-use-soname.patch +Patch3: opencryptoki-3.11.1-use-soname.patch +# bz#1772108, Support tolerated new crypto cards +Patch4: opencryptoki-3.11.1-d6ba9ff61743ce869a5a677f6f77339642efef4b.patch + Requires(pre): coreutils BuildRequires: gcc BuildRequires: openssl-devel @@ -330,6 +333,9 @@ fi %changelog +* Thu Nov 14 2019 Than Ngo - 3.11.1-3 +- Resolves: #1772108, support tolerated new crypto cards + * Mon Aug 26 2019 Dan HorĂ¡k - 3.11.1-2 - Resolves: #1739433, ICA HW token missing after the package update