Hi all,
I went through recent problems in opencryptoki on Fedora and found out
that there was quite enough undefined symbols that prevented to
dynamically load particular modules or even start pkcsconf. More info
can be found in this bugzilla [1]. We were using version 3.2 but patches
are rebased for upstream version and directly applicable.
First of all I turned on more strict checking in compiler to see these
problems using "-Wl,--no-undefined". This revealed few missing files in
SOURCES, header files, one library and requirement to moving one
function from one file to another (I didn't find any reason to have it
in the previous one). [patch 0001]
Second issue appeared with change in our infrastructure. We started
using gcc5 and there is different handling of inline function. Fix is
backward compatible (at least it worked for me on older versions).
[patch 0002]
Additionally I found another typo in TRACE_EBUG, which was discovered
because of more strict checking in compiler and which prevented
application to build so I'm attaching this also. [patch 0003]
If it doesn't work for you or you have any doubts, feel free to comment
Best regards.
Jakub Jelen
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1193560
>From 5ec2861f43bec7da2a34f41a19365424b34925b6 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jje...@redhat.com>
Date: Mon, 4 May 2015 16:44:22 +0200
Subject: [PATCH 3/3] Typo in TRACE_EBUG
---
usr/lib/pkcs11/icsf_stdll/icsf_specific.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/usr/lib/pkcs11/icsf_stdll/icsf_specific.c b/usr/lib/pkcs11/icsf_stdll/icsf_specific.c
index 74b07b7..1158eb5 100644
--- a/usr/lib/pkcs11/icsf_stdll/icsf_specific.c
+++ b/usr/lib/pkcs11/icsf_stdll/icsf_specific.c
@@ -929,7 +929,7 @@ static CK_RV close_session(struct session_state *session_state)
if ((rc = icsf_destroy_object(session_state->ld, &reason,
&mapping->icsf_object))) {
/* Log error */
- TRACE_EBUG("Failed to remove icsf object: %s/%lu/%c",
+ TRACE_DEBUG("Failed to remove icsf object: %s/%lu/%c",
mapping->icsf_object.token_name,
mapping->icsf_object.sequence,
mapping->icsf_object.id);
--
2.1.0
>From 45e886e2177dd8fd957cd7e81eb077f3fc1810eb Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jje...@redhat.com>
Date: Mon, 4 May 2015 16:43:46 +0200
Subject: [PATCH 2/3] GCC5 compatibility
---
usr/lib/pkcs11/common/btree.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/usr/lib/pkcs11/common/btree.c b/usr/lib/pkcs11/common/btree.c
index 8cf8daa..cf66f18 100644
--- a/usr/lib/pkcs11/common/btree.c
+++ b/usr/lib/pkcs11/common/btree.c
@@ -231,7 +231,7 @@ bt_node_free(struct btree *t, unsigned long node_num, void (*delete_func)(void *
*
* return 0 if binary tree has at least 1 node in use, !0 otherwise
*/
-inline int
+extern inline int
bt_is_empty(struct btree *t)
{
return (t->free_nodes == t->size);
--
2.1.0
>From 43cea1ae115f6993b2fcb488e67caad66110c5d6 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jje...@redhat.com>
Date: Mon, 4 May 2015 16:01:54 +0200
Subject: [PATCH 1/3] Missing sources and undefined references
---
configure.in | 2 +-
usr/lib/pkcs11/cca_stdll/cca_specific.c | 36 ------------------------------
usr/lib/pkcs11/common/mech_ec.c | 39 +++++++++++++++++++++++++++++++++
usr/lib/pkcs11/icsf_stdll/Makefile.am | 5 ++++-
usr/lib/pkcs11/icsf_stdll/icsf.c | 1 +
usr/lib/pkcs11/soft_stdll/Makefile.am | 2 ++
usr/lib/pkcs11/tpm_stdll/Makefile.am | 2 ++
7 files changed, 49 insertions(+), 38 deletions(-)
diff --git a/configure.in b/configure.in
index d500dac..1c2fc8e 100644
--- a/configure.in
+++ b/configure.in
@@ -574,7 +574,7 @@ fi
AM_CONDITIONAL([ENABLE_PKCSCCA_MIGRATE], [test "x$enable_pkcscca_migrate" = "xyes"])
AM_CONDITIONAL([ENABLE_PKCSEP11_MIGRATE], [test "x$enable_pkcsep11_migrate" = "xyes"])
-CFLAGS="$CFLAGS -DPKCS64 -D_XOPEN_SOURCE=500"
+CFLAGS="$CFLAGS -DPKCS64 -D_XOPEN_SOURCE=500 -Wl,--no-undefined"
CFLAGS+=' -DCONFIG_PATH=\"$(localstatedir)/lib/opencryptoki\" -DSBIN_PATH=\"$(sbindir)\" -DLIB_PATH=\"$(libdir)\" -DLOCKDIR_PATH=\"$(lockdir)\" -DOCK_CONFDIR=\"$(sysconfdir)/opencryptoki\" -DOCK_LOGDIR=\"$(logdir)\"'
diff --git a/usr/lib/pkcs11/cca_stdll/cca_specific.c b/usr/lib/pkcs11/cca_stdll/cca_specific.c
index 75762a2..87b44b9 100644
--- a/usr/lib/pkcs11/cca_stdll/cca_specific.c
+++ b/usr/lib/pkcs11/cca_stdll/cca_specific.c
@@ -2337,39 +2337,3 @@ token_specific_object_add(OBJECT *object)
return CKR_OK;
}
-CK_RV
-get_ecsiglen(OBJECT *key_obj, CK_ULONG *size)
-{
- CK_BBOOL flag;
- CK_ATTRIBUTE *attr = NULL;
- int i;
-
- flag = template_attribute_find( key_obj->template,
- CKA_ECDSA_PARAMS, &attr );
- if (flag == FALSE) {
- TRACE_ERROR("Could not find CKA_ECDSA_PARAMS for the key.\n");
- return CKR_FUNCTION_FAILED;
- }
-
- /* loop thru supported curves to find the size.
- * both pkcs#11v2.20 and CCA expect the signature length to be
- * twice the length of p.
- * (See EC Signatures in pkcs#11v2.20 and docs for CSNDDSG.)
- */
- for (i = 0; i < NUMEC; i++) {
- if ((memcmp(attr->pValue, der_ec_supported[i].data,
- attr->ulValueLen) == 0)) {
- *size = der_ec_supported[i].len_bits;
- /* round up if necessary */
- if ((*size % 8) == 0)
- *size = (*size / 8) * 2;
- else
- *size = ((*size / 8) + 1) * 2;
- TRACE_DEVEL("getlen, curve = %d, size = %d\n", der_ec_supported[i].len_bits, *size);
- return CKR_OK;
- }
- }
-
- TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));
- return CKR_MECHANISM_PARAM_INVALID;
-}
diff --git a/usr/lib/pkcs11/common/mech_ec.c b/usr/lib/pkcs11/common/mech_ec.c
index b4c96fe..d3b6523 100644
--- a/usr/lib/pkcs11/common/mech_ec.c
+++ b/usr/lib/pkcs11/common/mech_ec.c
@@ -20,6 +20,8 @@
#include "h_extern.h"
#include "tok_spec_struct.h"
#include "trace.h"
+#include <stdint.h>
+#include "ec_defs.h"
CK_RV
ckm_ec_key_pair_gen( TEMPLATE * publ_tmpl,
@@ -33,6 +35,43 @@ ckm_ec_key_pair_gen( TEMPLATE * publ_tmpl,
}
CK_RV
+get_ecsiglen(OBJECT *key_obj, CK_ULONG *size)
+{
+ CK_BBOOL flag;
+ CK_ATTRIBUTE *attr = NULL;
+ int i;
+
+ flag = template_attribute_find( key_obj->template,
+ CKA_ECDSA_PARAMS, &attr );
+ if (flag == FALSE) {
+ TRACE_ERROR("Could not find CKA_ECDSA_PARAMS for the key.\n");
+ return CKR_FUNCTION_FAILED;
+ }
+
+ /* loop thru supported curves to find the size.
+ * both pkcs#11v2.20 and CCA expect the signature length to be
+ * twice the length of p.
+ * (See EC Signatures in pkcs#11v2.20 and docs for CSNDDSG.)
+ */
+ for (i = 0; i < NUMEC; i++) {
+ if ((memcmp(attr->pValue, der_ec_supported[i].data,
+ attr->ulValueLen) == 0)) {
+ *size = der_ec_supported[i].len_bits;
+ /* round up if necessary */
+ if ((*size % 8) == 0)
+ *size = (*size / 8) * 2;
+ else
+ *size = ((*size / 8) + 1) * 2;
+ TRACE_DEVEL("getlen, curve = %d, size = %d\n", der_ec_supported[i].len_bits, *size);
+ return CKR_OK;
+ }
+ }
+
+ TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));
+ return CKR_MECHANISM_PARAM_INVALID;
+}
+
+CK_RV
ckm_ec_sign( CK_BYTE *in_data,
CK_ULONG in_data_len,
CK_BYTE *out_data,
diff --git a/usr/lib/pkcs11/icsf_stdll/Makefile.am b/usr/lib/pkcs11/icsf_stdll/Makefile.am
index 9d3f82b..ca3f4da 100644
--- a/usr/lib/pkcs11/icsf_stdll/Makefile.am
+++ b/usr/lib/pkcs11/icsf_stdll/Makefile.am
@@ -24,7 +24,8 @@ opencryptoki_stdll_libpkcs11_icsf_la_LDFLAGS = -shared \
-lcrypto \
-lldap \
-lpthread \
- -lrt
+ -lrt \
+ -llber
opencryptoki_stdll_libpkcs11_icsf_la_SOURCES = ../common/asn1.c \
../common/btree.c \
@@ -40,6 +41,7 @@ opencryptoki_stdll_libpkcs11_icsf_la_SOURCES = ../common/asn1.c \
../common/dp_obj.c \
../common/mech_aes.c \
../common/mech_rsa.c \
+ ../common/mech_ec.c \
../common/obj_mgr.c \
../common/template.c \
../common/p11util.c \
@@ -51,6 +53,7 @@ opencryptoki_stdll_libpkcs11_icsf_la_SOURCES = ../common/asn1.c \
../common/object.c \
../common/decr_mgr.c \
../common/globals.c \
+ ../common/sw_crypt.c \
../common/loadsave.c \
../common/utility.c \
../common/mech_des.c \
diff --git a/usr/lib/pkcs11/icsf_stdll/icsf.c b/usr/lib/pkcs11/icsf_stdll/icsf.c
index 188000b..e7712e7 100644
--- a/usr/lib/pkcs11/icsf_stdll/icsf.c
+++ b/usr/lib/pkcs11/icsf_stdll/icsf.c
@@ -15,6 +15,7 @@
#include <string.h>
#include <ctype.h>
#include "icsf.h"
+#include <lber.h>
/* For logging functions: */
#include "defs.h"
diff --git a/usr/lib/pkcs11/soft_stdll/Makefile.am b/usr/lib/pkcs11/soft_stdll/Makefile.am
index bbfcc75..2ee2cda 100644
--- a/usr/lib/pkcs11/soft_stdll/Makefile.am
+++ b/usr/lib/pkcs11/soft_stdll/Makefile.am
@@ -23,12 +23,14 @@ opencryptoki_stdll_libpkcs11_sw_la_SOURCES = ../common/asn1.c \
../common/dig_mgr.c \
../common/encr_mgr.c \
../common/globals.c \
+ ../common/sw_crypt.c \
../common/loadsave.c \
../common/key.c \
../common/key_mgr.c \
../common/mech_aes.c \
../common/mech_des.c \
../common/mech_des3.c \
+ ../common/mech_ec.c \
../common/mech_dh.c \
../common/mech_md5.c \
../common/mech_md2.c \
diff --git a/usr/lib/pkcs11/tpm_stdll/Makefile.am b/usr/lib/pkcs11/tpm_stdll/Makefile.am
index e98b197..038c82b 100644
--- a/usr/lib/pkcs11/tpm_stdll/Makefile.am
+++ b/usr/lib/pkcs11/tpm_stdll/Makefile.am
@@ -35,6 +35,7 @@ opencryptoki_stdll_libpkcs11_tpm_la_SOURCES = ../common/asn1.c \
../common/mech_aes.c \
../common/$(MECH_DSA) \
../common/mech_rsa.c \
+ ../common/mech_ec.c \
../common/obj_mgr.c \
../common/template.c \
../common/p11util.c \
@@ -46,6 +47,7 @@ opencryptoki_stdll_libpkcs11_tpm_la_SOURCES = ../common/asn1.c \
../common/object.c \
../common/decr_mgr.c \
../common/globals.c \
+ ../common/sw_crypt.c \
../common/loadsave.c \
../common/utility.c \
../common/mech_des.c \
--
2.1.0
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Opencryptoki-tech mailing list
Opencryptoki-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opencryptoki-tech
