diff options
author | Norikatsu Shigemura <nork@FreeBSD.org> | 2010-11-07 12:07:17 +0000 |
---|---|---|
committer | Norikatsu Shigemura <nork@FreeBSD.org> | 2010-11-07 12:07:17 +0000 |
commit | c38e52a3c0b061b44ebb589d362563613f2edab8 (patch) | |
tree | e366bdd7e41998dca16600f03e415d6457bdbd42 /security/opencryptoki | |
parent | 7612f38ced29eb14aa8c63480da1733c56d714aa (diff) | |
download | ports-c38e52a3c0b061b44ebb589d362563613f2edab8.tar.gz ports-c38e52a3c0b061b44ebb589d362563613f2edab8.zip |
Notes
Diffstat (limited to 'security/opencryptoki')
43 files changed, 1195 insertions, 0 deletions
diff --git a/security/opencryptoki/Makefile b/security/opencryptoki/Makefile new file mode 100644 index 000000000000..09aae6141161 --- /dev/null +++ b/security/opencryptoki/Makefile @@ -0,0 +1,67 @@ +# New ports collection makefile for: opencryptoki +# Date created: 2010-07-16 +# Whom: Ralf Meister +# +# $FreeBSD$ +# + +PORTNAME= opencryptoki +PORTVERSION= 2.3.2 +CATEGORIES= security +MASTER_SITES= SF/${PORTNAME}/${PORTNAME}/${PORTVERSION} + +MAINTAINER= nork@FreeBSD.org +COMMENT= An open PKCS\#11 implementation library + +LIB_DEPENDS= tspi.2:${PORTSDIR}/security/trousers + +USE_BZIP2= YES +USE_GMAKE= YES +USE_LDCONFIG= YES +USE_AUTOTOOLS= autoconf:268 libtool:22 automake:111 +HAS_CONFIGURE= YES +MAKE_JOBS_SAFE= YES + +USE_RC_SUBR= pkcsslotd +SUB_FILES= pkg-message +SUB_LIST= USERS=${USERS} GROUPS=${GROUPS} + +MAN1= pkcs11_startup.1 pkcsconf.1 +MAN5= pk_config_data.5 +MAN7= opencryptoki.7 +MAN8= pkcsslotd.8 + +USERS= _pkcs11 +GROUPS= _pkcs11 + +LICENSE= CPL +LICENSE_NAME= Common Public License +LICENSE_FILE= ${WRKSRC}/LICENSE +LICENSE_PERMS= ${_LICENSE_PERMS_DEFAULT} + +CONFIGURE_ARGS= --enable-swtok --enable-tpmtok \ + --disable-crtok --disable-aeptok \ + --disable-ccatok --disable-bcomtok \ + --disable-pkcscca_migrate \ + --libdir=${PREFIX}/lib \ + --sbindir=${PREFIX}/sbin \ + --localstatedir=${PREFIX}/var \ + --with-pkcs11user=${USERS} \ + --with-pkcs11group=${GROUPS} +CONFIGURE_ENV= LDFLAGS="${LDFLAGS} -L${LOCALBASE}/lib" + +.include <bsd.port.pre.mk> + +CFLAGS+= -I${LOCALBASE}/include + +pre-configure: + @cd ${WRKSRC} && ${SETENV} ${CONFIGURE_ENV} ${ACLOCAL} + @cd ${WRKSRC} && ${SETENV} ${CONFIGURE_ENV} ${LIBTOOLIZE} --force -c + @cd ${WRKSRC} && ${SETENV} ${CONFIGURE_ENV} ${AUTOMAKE} --add-missing -c + @cd ${WRKSRC} && ${SETENV} ${CONFIGURE_ENV} ${AUTOCONF} + +post-install: + @cd ${PREFIX}/lib && ${LN} -s opencryptoki/libopencryptoki* . + @${CAT} ${PKGMESSAGE} + +.include <bsd.port.post.mk> diff --git a/security/opencryptoki/distinfo b/security/opencryptoki/distinfo new file mode 100644 index 000000000000..7abfdc949951 --- /dev/null +++ b/security/opencryptoki/distinfo @@ -0,0 +1,2 @@ +SHA256 (opencryptoki-2.3.2.tar.bz2) = 44fdf74a9eab2586240a69779c5c323e8378e8f2fde21cd4f8bd9186a24c30f7 +SIZE (opencryptoki-2.3.2.tar.bz2) = 665134 diff --git a/security/opencryptoki/files/patch-configure.in b/security/opencryptoki/files/patch-configure.in new file mode 100644 index 000000000000..df7e9e90737d --- /dev/null +++ b/security/opencryptoki/files/patch-configure.in @@ -0,0 +1,59 @@ +--- configure.in.orig 2010-07-29 21:28:41.000000000 +0900 ++++ configure.in 2010-10-20 01:31:02.971984782 +0900 +@@ -8,6 +8,9 @@ + + AM_INIT_AUTOMAKE([foreign 1.6]) + ++AC_DEFINE(_BSD_SOURCE, 1, BSD functions) ++AC_DEFINE(__BSD_VISIBLE, 1, BSD extensions) ++ + dnl Get the canonical host type + AC_CANONICAL_TARGET + +@@ -30,6 +33,7 @@ + AC_FUNC_STRFTIME + AC_FUNC_VPRINTF + AC_CHECK_FUNCS([getcwd]) ++AC_CHECK_FUNCS([asprintf]) + + dnl Used in various scripts + AC_PATH_PROG([ID], [id], [/us/bin/id]) +@@ -193,6 +197,21 @@ + [], + [with_xcryptolinz=check]) + ++dnl --- check for pkcs11 user ++AC_ARG_WITH([pkcs11user], ++ AC_HELP_STRING([--with-pkcs11user[[=USER]]], [set pkcs11 user [[pkcs11]]]), ++ [pkcs11_user=$withval], ++ [pkcs11_user=pkcs11]) ++ ++dnl --- check for pkcs11 group ++AC_ARG_WITH(pkcs11group, ++ AC_HELP_STRING([--with-pkcs11group[[=GROUP]]], [set pkcs11 group [[pkcs11]]]), ++ [pkcs11_group=$withval], ++ [pkcs11_group=pkcs11]) ++ ++AC_SUBST(PKCS11USER, $pkcs11_user) ++AC_SUBST(PKCS11GROUP, $pkcs11_group) ++ + dnl --- + dnl --- + dnl --- Now that we have all the options, let's check for a valid build +@@ -630,11 +649,15 @@ + + CFLAGS="$CFLAGS $DEBUG_CFLAGS -DPKCS64 -D_XOPEN_SOURCE=500" + +-CFLAGS+=' -DCONFIG_PATH=\"$(localstatedir)/lib/opencryptoki\" -DSBIN_PATH=\"$(sbindir)\" -DLIB_PATH=\"$(libdir)\"' ++CFLAGS="$CFLAGS -DCONFIG_PATH='\"$localstatedir/lib/opencryptoki\"' -DSBIN_PATH='\"$sbindir\"' -DLIB_PATH='\"$libdir\"'" ++ ++CFLAGS="$CFLAGS -DPKCS11USER='\"${pkcs11_user}\"' -DPKCS11GROUP='\"${pkcs11_group}\"'" + + # At this point, CFLAGS is set to something sensible + AC_PROG_CC + ++AC_SUBST(FPIC, $lt_prog_compiler_pic) ++ + AC_OUTPUT([Makefile usr/Makefile \ + usr/include/Makefile \ + usr/include/pkcs11/Makefile \ diff --git a/security/opencryptoki/files/patch-usr-include-pkcs11-apictl.h b/security/opencryptoki/files/patch-usr-include-pkcs11-apictl.h new file mode 100644 index 000000000000..192c312b5063 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-include-pkcs11-apictl.h @@ -0,0 +1,11 @@ +--- usr/include/pkcs11/apictl.h.orig 2010-07-29 21:28:41.000000000 +0900 ++++ usr/include/pkcs11/apictl.h 2010-10-19 23:42:04.580983829 +0900 +@@ -296,7 +296,7 @@ + + + #include <pkcs11types.h> +-#include <linux/limits.h> ++#include <limits.h> + #include <local_types.h> + #include <stdll.h> + #include <slotmgr.h> diff --git a/security/opencryptoki/files/patch-usr-include-pkcs11-slotmgr.h b/security/opencryptoki/files/patch-usr-include-pkcs11-slotmgr.h new file mode 100644 index 000000000000..ce9be4e17b33 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-include-pkcs11-slotmgr.h @@ -0,0 +1,11 @@ +--- usr/include/pkcs11/slotmgr.h.orig 2010-07-29 21:28:41.000000000 +0900 ++++ usr/include/pkcs11/slotmgr.h 2010-10-19 23:42:55.423984058 +0900 +@@ -301,7 +301,7 @@ + + + #include <pkcs11types.h> +-#include <linux/limits.h> ++#include <limits.h> + #include <local_types.h> + #include <pthread.h> + diff --git a/security/opencryptoki/files/patch-usr-include-pkcs11-stdll.h b/security/opencryptoki/files/patch-usr-include-pkcs11-stdll.h new file mode 100644 index 000000000000..8ee112945d9e --- /dev/null +++ b/security/opencryptoki/files/patch-usr-include-pkcs11-stdll.h @@ -0,0 +1,11 @@ +--- usr/include/pkcs11/stdll.h.orig 2010-07-29 21:28:41.000000000 +0900 ++++ usr/include/pkcs11/stdll.h 2010-10-19 23:43:40.418984281 +0900 +@@ -302,7 +302,7 @@ + + + #include <pkcs11types.h> +-#include <linux/limits.h> ++#include <limits.h> + #include <local_types.h> + #include <slotmgr.h> + diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-aep_stdll-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-aep_stdll-Makefile.am new file mode 100644 index 000000000000..424ea1b8c461 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-aep_stdll-Makefile.am @@ -0,0 +1,11 @@ +--- usr/lib/pkcs11/aep_stdll/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900 ++++ usr/lib/pkcs11/aep_stdll/Makefile.am 2010-10-19 23:45:36.945982287 +0900 +@@ -6,7 +6,7 @@ + + # Not all versions of automake observe libname_CFLAGS + opencryptoki_stdll_libpkcs11_aep_la_CFLAGS = -DSPINXPL -DDEV \ +--D_THREAD_SAFE -fPIC -DSHALLOW=0 -DSWTOK=1 -DLITE=0 -DNOCDMF -DNOMD2 \ ++-D_THREAD_SAFE $(FPIC) -DSHALLOW=0 -DSWTOK=1 -DLITE=0 -DNOCDMF -DNOMD2 \ + -DNODSA -DDEBUGON -DAEP_GENERIC -DNORIPE -DSTDLL_NAME=\"aeptok\" + + opencryptoki_stdll_libpkcs11_aep_la_SOURCES = ../common/asn1.c \ diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-api-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-Makefile.am new file mode 100644 index 000000000000..caf3d7e49ff1 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-Makefile.am @@ -0,0 +1,18 @@ +--- usr/lib/pkcs11/api/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900 ++++ usr/lib/pkcs11/api/Makefile.am 2010-10-19 23:49:45.125982519 +0900 +@@ -4,13 +4,13 @@ + SO_REVISION=0 + SO_AGE=0 + +-opencryptoki_libopencryptoki_la_LDFLAGS = -shared -Wl,-Bsymbolic -lc -ldl \ ++opencryptoki_libopencryptoki_la_LDFLAGS = -shared -Wl,-Bsymbolic -lc \ + -lpthread -version-info \ + $(SO_CURRENT):$(SO_REVISION):$(SO_AGE) + + # Not all versions of automake observe libname_CFLAGS + opencryptoki_libopencryptoki_la_CFLAGS = -DSPINXPL -DAPI -DDEV -D_THREAD_SAFE \ +- -fPIC -I../. -I../../../include/pkcs11 ++ $(FPIC) -I../. -I../../../include/pkcs11 + + opencryptoki_libopencryptoki_la_SOURCES = api_interface.c shrd_mem.c apiutil.c + diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-api-api_interface.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-api_interface.c new file mode 100644 index 000000000000..e8dc61475253 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-api_interface.c @@ -0,0 +1,35 @@ +--- usr/lib/pkcs11/api/api_interface.c.orig 2010-07-29 21:28:41.000000000 +0900 ++++ usr/lib/pkcs11/api/api_interface.c 2010-10-19 23:52:25.355983620 +0900 +@@ -2390,7 +2390,7 @@ + C_GetFunctionList ( CK_FUNCTION_LIST_PTR_PTR ppFunctionList ) + { + +- _init(); ++ api_init(); + + LOG("C_GetFunctionList"); + FuncList.version.major = VERSION_MAJOR; +@@ -5168,7 +5168,11 @@ + + } + ++#ifdef __sun ++#pragma init(api_init) ++#else + void api_init(void) __attribute__((constructor)); ++#endif + + void + api_init(void) +@@ -5194,7 +5198,11 @@ + + } + ++#ifdef __sun ++#pragma fini(api_fini) ++#else + void api_fini(void) __attribute__((destructor)); ++#endif + + void + api_fini() diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-api-apiutil.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-apiutil.c new file mode 100644 index 000000000000..350878557631 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-apiutil.c @@ -0,0 +1,44 @@ +--- usr/lib/pkcs11/api/apiutil.c.orig 2010-07-29 21:28:41.000000000 +0900 ++++ usr/lib/pkcs11/api/apiutil.c 2010-10-19 23:54:52.374982634 +0900 +@@ -305,10 +305,10 @@ + #include <string.h> + #include <strings.h> + #include <unistd.h> +-#include <alloca.h> + #include <dlfcn.h> + #include <errno.h> + #include <sys/syslog.h> ++#include <limits.h> + + #include <sys/ipc.h> + +@@ -325,10 +325,28 @@ + #include <sys/types.h> + #include <sys/stat.h> + #include <fcntl.h> +-#include <sys/file.h> + static int xplfd=-1; + #endif + ++#ifdef __sun ++#define LOCK_EX F_LOCK ++#define LOCK_UN F_ULOCK ++#define flock(fd, func) lockf(fd, func, 0) ++#endif ++ ++#ifndef LOCK_SH ++#define LOCK_SH 1 /* shared lock */ ++#endif ++#ifndef LOCK_EX ++#define LOCK_EX 2 /* exclusive lock */ ++#endif ++#ifndef LOCK_NB ++#define LOCK_NB 4 /* don't block when locking */ ++#endif ++#ifndef LOCK_UN ++#define LOCK_UN 8 /* unlock */ ++#endif ++ + #include <libgen.h> + + #define LIBLOCATION LIB_PATH diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-api-shrd_mem.c.in b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-shrd_mem.c.in new file mode 100644 index 000000000000..f615f1f34a35 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-shrd_mem.c.in @@ -0,0 +1,11 @@ +--- usr/lib/pkcs11/api/shrd_mem.c.in.orig 2010-07-29 21:28:41.000000000 +0900 ++++ usr/lib/pkcs11/api/shrd_mem.c.in 2010-10-19 23:56:22.728981736 +0900 +@@ -353,7 +353,7 @@ + + + // SAB check for the group id here and membership here as well +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if ( grp ) { + int i=0; + char member=0; diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-bcom_stdll-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-bcom_stdll-Makefile.am new file mode 100644 index 000000000000..30c7b7da9d91 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-bcom_stdll-Makefile.am @@ -0,0 +1,11 @@ +--- usr/lib/pkcs11/bcom_stdll/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900 ++++ usr/lib/pkcs11/bcom_stdll/Makefile.am 2010-10-19 23:57:38.434983522 +0900 +@@ -8,7 +8,7 @@ + + # Not all versions of automake observe libname_CFLAGS + opencryptoki_stdll_libpkcs11_bc_la_CFLAGS = -DSPINXPL -DDEV \ +--D_THREAD_SAFE -fPIC $(VARIANT) -DNOCDMF -DNOMD2 -DNODSA -DNOAES \ ++-D_THREAD_SAFE $(FPIC) $(VARIANT) -DNOCDMF -DNOMD2 -DNODSA -DNOAES \ + -DNODH -DDEBUGON -DNORIPE -DSTDLL_NAME=\"bcomtok\" + + opencryptoki_stdll_libpkcs11_bc_la_SOURCES = ../common/asn1.c \ diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-host_defs.h b/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-host_defs.h new file mode 100644 index 000000000000..4db0453f3d2c --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-host_defs.h @@ -0,0 +1,27 @@ +--- usr/lib/pkcs11/cca_stdll/host_defs.h.orig 2010-07-29 21:28:41.000000000 +0900 ++++ usr/lib/pkcs11/cca_stdll/host_defs.h 2010-10-19 23:59:33.363984758 +0900 +@@ -10,13 +10,24 @@ + */ + + ++#include <sys/types.h> + #include <sys/mman.h> + #ifndef _HOST_DEFS_H + #define _HOST_DEFS_H + + #include <semaphore.h> + #include <pthread.h> ++#if defined(__OpenBSD__) || defined(__FreeBSD__) ++#include <sys/endian.h> ++#ifdef _BYTE_ORDER ++#define __BYTE_ORDER _BYTE_ORDER ++#endif ++#ifdef _LITTLE_ENDIAN ++#define __LITTLE_ENDIAN _LITTLE_ENDIAN ++#endif ++#else + #include <endian.h> ++#endif + + #include "pkcs32.h" + // Both of the strings below have a length of 32 chars and must be diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-loadsave.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-loadsave.c new file mode 100644 index 000000000000..fd6dc631209f --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-loadsave.c @@ -0,0 +1,23 @@ +--- usr/lib/pkcs11/cca_stdll/loadsave.c.orig 2010-07-29 21:28:41.000000000 +0900 ++++ usr/lib/pkcs11/cca_stdll/loadsave.c 2010-10-20 01:49:50.769984323 +0900 +@@ -22,11 +22,9 @@ + #include <string.h> + #include <strings.h> + #include <unistd.h> +-#include <alloca.h> + #include <sys/types.h> + #include <sys/stat.h> + #include <sys/ipc.h> +-#include <sys/file.h> + #include <errno.h> + + #include <pwd.h> +@@ -51,7 +49,7 @@ + // Set absolute permissions or rw-rw-r-- + fchmod(file,S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH); + +- grp = getgrnam("pkcs11"); // Obtain the group id ++ grp = getgrnam(PKCS11GROUP); // Obtain the group id + if (grp){ + fchown(file,getuid(),grp->gr_gid); // set ownership to root, and pkcs11 group + } diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-new_host.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-new_host.c new file mode 100644 index 000000000000..c00cf212bad4 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-new_host.c @@ -0,0 +1,52 @@ +--- usr/lib/pkcs11/cca_stdll/new_host.c.orig 2010-07-29 21:28:41.000000000 +0900 ++++ usr/lib/pkcs11/cca_stdll/new_host.c 2010-10-20 00:06:26.575983974 +0900 +@@ -298,7 +298,7 @@ + struct group *grp; + int rc = 0; + gid_t gid,egid; +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if (grp) { + // Check for member of group.. + // SAB get login seems to not work with some +@@ -786,7 +786,19 @@ + // + object_mgr_destroy_token_objects(); + #if 0 /* TODO: Implement delete_all_files_in_dir() */ ++#if HAVE_ASPRINTF + local_rc = asprintf(&pk_full_path, "%s/%s", pk_dir, PK_LITE_OBJ_DIR); ++#else ++ pk_full_path = malloc(1024); ++ if( pk_full_path != NULL ) { ++ local_rc = snprintf(pk_full_path, 1023, "%s/%s", ++ pk_dir, PK_LITE_OBJ_DIR); ++ if( local_rc == -1 ) free(pk_full_path); ++ } ++ else { ++ local_rc = -1; ++ } ++#endif + if (local_rc == -1) { + rc = CKR_HOST_MEMORY; + goto out; +@@ -797,8 +809,20 @@ + goto out; + } + #endif ++#if HAVE_ASPRINTF + local_rc = asprintf(&s, "%s %s/%s/* > /dev/null 2>&1", DEL_CMD, pk_dir, + PK_LITE_OBJ_DIR); ++#else ++ s = malloc(1024); ++ if( s != NULL ) { ++ local_rc = snprintf(s, 1023, "%s %s/%s/* > /dev/null 2>&1", ++ DEL_CMD, pk_dir, PK_LITE_OBJ_DIR); ++ if( local_rc == -1 ) free(s); ++ } ++ else { ++ local_rc = -1; ++ } ++#endif + if (local_rc == -1) { + rc = CKR_HOST_MEMORY; + goto out; diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-tok_spec_struct.h b/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-tok_spec_struct.h new file mode 100644 index 000000000000..302deaba508e --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-tok_spec_struct.h @@ -0,0 +1,15 @@ +--- usr/lib/pkcs11/cca_stdll/tok_spec_struct.h.orig 2010-07-29 21:28:41.000000000 +0900 ++++ usr/lib/pkcs11/cca_stdll/tok_spec_struct.h 2010-10-20 00:08:00.317982423 +0900 +@@ -22,9 +22,9 @@ + #define _TOK_SPECIFIC_STRUCT + + struct token_specific_struct{ +- CK_BYTE token_directory[2048]; // Used to be in the token_local.h as a #def +- CK_BYTE token_subdir[2048]; // subdirectory +- CK_BYTE token_debug_tag[2048]; // debug logging tag ++ CK_BYTE *token_directory; // Used to be in the token_local.h as a #def ++ CK_BYTE *token_subdir; // subdirectory ++ CK_BYTE *token_debug_tag; // debug logging tag + + CK_RV (*t_init)(char *,CK_SLOT_ID); // Initialization function + int (*t_slot2local)(); // convert the PKCS#11 slot to a local index diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-host_defs.h b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-host_defs.h new file mode 100644 index 000000000000..d111bf5e002f --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-host_defs.h @@ -0,0 +1,27 @@ +--- usr/lib/pkcs11/common/host_defs.h.orig 2010-07-29 21:28:41.000000000 +0900 ++++ usr/lib/pkcs11/common/host_defs.h 2010-10-20 00:10:01.398983092 +0900 +@@ -294,13 +294,24 @@ + /* (C) COPYRIGHT International Business Machines Corp. 2001,2002 */ + + ++#include <sys/types.h> + #include <sys/mman.h> + #ifndef _HOST_DEFS_H + #define _HOST_DEFS_H + + #include <semaphore.h> + #include <pthread.h> ++#if defined(__OpenBSD__) || defined(__FreeBSD__) ++#include <sys/endian.h> ++#ifdef _BYTE_ORDER ++#define __BYTE_ORDER _BYTE_ORDER ++#endif ++#ifdef _LITTLE_ENDIAN ++#define __LITTLE_ENDIAN _LITTLE_ENDIAN ++#endif ++#else + #include <endian.h> ++#endif + + #include "pkcs32.h" + // Both of the strings below have a length of 32 chars and must be diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-loadsave.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-loadsave.c new file mode 100644 index 000000000000..f213b304b0a8 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-loadsave.c @@ -0,0 +1,23 @@ +--- usr/lib/pkcs11/common/loadsave.c.orig 2010-07-29 21:28:41.000000000 +0900 ++++ usr/lib/pkcs11/common/loadsave.c 2010-10-20 00:11:28.399983780 +0900 +@@ -301,11 +301,9 @@ + #include <string.h> + #include <strings.h> + #include <unistd.h> +-#include <alloca.h> + #include <sys/types.h> + #include <sys/stat.h> + #include <sys/ipc.h> +-#include <sys/file.h> + #include <errno.h> + + #include <pwd.h> +@@ -328,7 +326,7 @@ + // Set absolute permissions or rw-rw-r-- + fchmod(file,S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH); + +- grp = getgrnam("pkcs11"); // Obtain the group id ++ grp = getgrnam(PKCS11GROUP); // Obtain the group id + if (grp){ + fchown(file,getuid(),grp->gr_gid); // set ownership to root, and pkcs11 group + } diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-new_host.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-new_host.c new file mode 100644 index 000000000000..0c1cc783c420 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-new_host.c @@ -0,0 +1,52 @@ +--- usr/lib/pkcs11/common/new_host.c.orig 2010-07-29 21:28:41.000000000 +0900 ++++ usr/lib/pkcs11/common/new_host.c 2010-10-20 00:16:08.274985517 +0900 +@@ -576,7 +576,7 @@ + struct group *grp; + int rc = 0; + gid_t gid,egid; +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if (grp) { + // Check for member of group.. + // SAB get login seems to not work with some +@@ -1064,7 +1064,19 @@ + // + object_mgr_destroy_token_objects(); + #if 0 /* TODO: Implement delete_all_files_in_dir() */ ++#if HAVE_ASPRINTF + local_rc = asprintf(&pk_full_path, "%s/%s", pk_dir, PK_LITE_OBJ_DIR); ++#else ++ pk_full_path = malloc(1024); ++ if( pk_full_path != NULL ) { ++ local_rc = snprintf(pk_full_path, 1023, "%s/%s", ++ pk_dir, PK_LITE_OBJ_DIR); ++ if( local_rc == -1 ) free(pk_full_path); ++ } ++ else { ++ local_rc = -1; ++ } ++#endif + if (local_rc == -1) { + rc = CKR_HOST_MEMORY; + goto out; +@@ -1075,8 +1087,20 @@ + goto out; + } + #endif ++#if HAVE_ASPRINTF + local_rc = asprintf(&s, "%s %s/%s/* > /dev/null 2>&1", DEL_CMD, pk_dir, + PK_LITE_OBJ_DIR); ++#else ++ s = malloc(1024); ++ if( s != NULL ) { ++ local_rc = snprintf(s, 1023, "%s %s/%s/* > /dev/null 2>&1", ++ DEL_CMD, pk_dir, PK_LITE_OBJ_DIR); ++ if( local_rc == -1 ) free(s); ++ } ++ else { ++ local_rc = -1; ++ } ++#endif + if (local_rc == -1) { + rc = CKR_HOST_MEMORY; + goto out; diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-tok_spec_struct.h b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-tok_spec_struct.h new file mode 100644 index 000000000000..bcbfff0dd613 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-tok_spec_struct.h @@ -0,0 +1,15 @@ +--- usr/lib/pkcs11/common/tok_spec_struct.h.orig 2010-07-29 21:28:41.000000000 +0900 ++++ usr/lib/pkcs11/common/tok_spec_struct.h 2010-10-20 00:17:28.288984976 +0900 +@@ -308,9 +308,9 @@ + #define _TOK_SPECIFIC_STRUCT + + struct token_specific_struct{ +- CK_BYTE token_directory[PATH_MAX]; // Used to be in the token_local.h as a #def +- CK_BYTE token_subdir[PATH_MAX]; // subdirectory +- CK_BYTE token_debug_tag[PATH_MAX]; // debug logging tag ++ CK_BYTE *token_directory; // Used to be in the token_local.h as a #def ++ CK_BYTE *token_subdir; // subdirectory ++ CK_BYTE *token_debug_tag; // debug logging tag + + CK_RV (*t_init)(char *,CK_SLOT_ID); // Initialization function + int (*t_slot2local)(); // convert the PKCS#11 slot to a local index diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-utility.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-utility.c new file mode 100644 index 000000000000..77e821c60edc --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-utility.c @@ -0,0 +1,29 @@ +--- usr/lib/pkcs11/common/utility.c.orig 2010-07-29 21:28:41.000000000 +0900 ++++ usr/lib/pkcs11/common/utility.c 2010-10-20 00:19:02.740983592 +0900 +@@ -302,6 +302,26 @@ + #include <errno.h> + #include <pwd.h> + ++#include <fcntl.h> ++ ++#ifdef __sun ++#define LOCK_EX F_LOCK ++#define LOCK_UN F_ULOCK ++#define flock(fd, func) lockf(fd, func, 0) ++#endif ++ ++#ifndef LOCK_SH ++#define LOCK_SH 1 /* shared lock */ ++#endif ++#ifndef LOCK_EX ++#define LOCK_EX 2 /* exclusive lock */ ++#endif ++#ifndef LOCK_NB ++#define LOCK_NB 4 /* don't block when locking */ ++#endif ++#ifndef LOCK_UN ++#define LOCK_UN 8 /* unlock */ ++#endif + + #include "pkcs11types.h" + #include "defs.h" diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-cr_stdll-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-cr_stdll-Makefile.am new file mode 100644 index 000000000000..dbf0a2ff35ce --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-cr_stdll-Makefile.am @@ -0,0 +1,18 @@ +--- usr/lib/pkcs11/cr_stdll/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900 ++++ usr/lib/pkcs11/cr_stdll/Makefile.am 2010-10-20 00:20:46.987982761 +0900 +@@ -2,13 +2,13 @@ + + opencryptoki_stdll_libpkcs11_cr_la_LDFLAGS = $(LCRYPTO) $(CR_LIB_DIRS) \ + -nostartfiles -shared -Wl,-Bsymbolic -Wl,-soname,PKCS11_BC.so.1 -lc \ +--lpthread -lsocketarmor -ldl -lcrypto ++-lpthread -lsocketarmor -lcrypto + + VARIANT = -DSHALLOW=0 -DSWTOK=1 -DLITE=0 + + # Not all versions of automake observe libname_CFLAGS + opencryptoki_stdll_libpkcs11_cr_la_CFLAGS = -DSPINXPL -DDEV \ +--D_THREAD_SAFE -fPIC $(VARIANT) -DNOCDMF -DNOMD2 -DNODSA -DDEBUGON ++-D_THREAD_SAFE $(FPIC) $(VARIANT) -DNOCDMF -DNOMD2 -DNODSA -DDEBUGON + + opencryptoki_stdll_libpkcs11_cr_la_SOURCES = ../common/asn1.c \ + ../common/cert.c ../common/hwf_obj.c ../common/dp_obj.c \ diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_s390_stdll-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_s390_stdll-Makefile.am new file mode 100644 index 000000000000..3dbaac74a518 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_s390_stdll-Makefile.am @@ -0,0 +1,16 @@ +--- usr/lib/pkcs11/ica_s390_stdll/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900 ++++ usr/lib/pkcs11/ica_s390_stdll/Makefile.am 2010-10-20 00:22:00.867981839 +0900 +@@ -2,11 +2,11 @@ + + opencryptoki_stdll_libpkcs11_ica_la_LDFLAGS = $(LCRYPTO) \ + $(ICA_LIB_DIRS) -nostartfiles -shared -Wl,-Bsymbolic -Wl,-soname,$@ \ +--Wl,-Bsymbolic -lc -lpthread -lica -ldl -lcrypto ++-Wl,-Bsymbolic -lc -lpthread -lica -lcrypto + + # Not all versions of automake observe libname_CFLAGS + opencryptoki_stdll_libpkcs11_ica_la_CFLAGS = -DSPINXPL -DDEV \ +--D_THREAD_SAFE -fPIC -DSHALLOW=0 -DSWTOK=0 -DLITE=1 -DNODH \ ++-D_THREAD_SAFE $(FPIC) -DSHALLOW=0 -DSWTOK=0 -DLITE=1 -DNODH \ + -DNOCDMF -DNOMD2 -DNODSA -DSTDLL_NAME=\"icatok\" + + opencryptoki_stdll_libpkcs11_ica_la_SOURCES = ../common/asn1.c \ diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_stdll-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_stdll-Makefile.am new file mode 100644 index 000000000000..6d41bd3d8b03 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_stdll-Makefile.am @@ -0,0 +1,21 @@ +--- usr/lib/pkcs11/ica_stdll/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900 ++++ usr/lib/pkcs11/ica_stdll/Makefile.am 2010-10-20 00:23:51.161996275 +0900 +@@ -2,15 +2,15 @@ + + opencryptoki_stdll_libpkcs11_ica_la_LDFLAGS = $(LCRYPTO) \ + $(ICA_LIB_DIRS) -nostartfiles -shared -Wl,-Bsymbolic \ +--Wl,-soname,PKCS11_ICA.so.1 -lc -lpthread -ldl -lica ++-Wl,-soname,PKCS11_ICA.so.1 -lc -lpthread -lica + + # Not all versions of automake observe libname_CFLAGS + opencryptoki_stdll_libpkcs11_ica_la_CFLAGS = -DSPINXPL -DDEV \ +--D_THREAD_SAFE -fPIC -DSHALLOW=0 -DSWTOK=0 -DLITE=1 -DNOCDMF -DNOMD2 \ ++-D_THREAD_SAFE $(FPIC) -DSHALLOW=0 -DSWTOK=0 -DLITE=1 -DNOCDMF -DNOMD2 \ + -DNODSA -DNOAES -DNODH -DNORIPE -DSTDLL_NAME=\"icatok\" + + # Not all versions of automake observe libname_CFLAGS +-AM_CFLAGS = -DSPINXPL -DDEV -D_THREAD_SAFE -fPIC -DSHALLOW=0 -DSWTOK=0 \ ++AM_CFLAGS = -DSPINXPL -DDEV -D_THREAD_SAFE $(FPIC) -DSHALLOW=0 -DSWTOK=0 \ + -DLITE=1 -DNOCDMF -DNOMD2 -DNODSA -DNOAES -DNODH -DNORIPE + + opencryptoki_stdll_libpkcs11_ica_la_SOURCES= ../common/asn1.c \ diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-Makefile.am new file mode 100644 index 000000000000..056d26b6f727 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-Makefile.am @@ -0,0 +1,11 @@ +--- usr/lib/pkcs11/soft_stdll/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900 ++++ usr/lib/pkcs11/soft_stdll/Makefile.am 2010-10-20 00:25:03.227984225 +0900 +@@ -7,7 +7,7 @@ + opencryptoki_stdll_libpkcs11_sw_la_CFLAGS = -DSPINXPL -DDEV -D_THREAD_SAFE \ + -DSHALLOW=0 -DSWTOK=1 -DLITE=0 \ + -DNOCDMF -DNOMD2 -DNODSA -DNORIPE \ +- -DDEBUGON -fPIC \ ++ -DDEBUGON $(FPIC) \ + -I/usr/include -I. \ + -I../../../include/pkcs11/stdll \ + -I../../../include/pkcs11 \ diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-host_defs.h b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-host_defs.h new file mode 100644 index 000000000000..dcbdda52666c --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-host_defs.h @@ -0,0 +1,28 @@ +--- usr/lib/pkcs11/tpm_stdll/host_defs.h.orig 2010-07-29 21:28:41.000000000 +0900 ++++ usr/lib/pkcs11/tpm_stdll/host_defs.h 2010-10-20 00:26:48.474982648 +0900 +@@ -2,13 +2,25 @@ + /* (C) COPYRIGHT International Business Machines Corp. 2001, 2002, 2005*/ + + ++#include <sys/types.h> + #include <sys/mman.h> + #ifndef _HOST_DEFS_H + #define _HOST_DEFS_H + + #include <semaphore.h> + #include <pthread.h> ++ ++#if defined(__OpenBSD__) || defined(__FreeBSD__) ++#include <sys/endian.h> ++#ifdef _BYTE_ORDER ++#define __BYTE_ORDER _BYTE_ORDER ++#endif ++#ifdef _LITTLE_ENDIAN ++#define __LITTLE_ENDIAN _LITTLE_ENDIAN ++#endif ++#else + #include <endian.h> ++#endif + + #include "pkcs32.h" + // Both of the strings below have a length of 32 chars and must be diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-loadsave.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-loadsave.c new file mode 100644 index 000000000000..7144ab0d4f51 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-loadsave.c @@ -0,0 +1,11 @@ +--- usr/lib/pkcs11/tpm_stdll/loadsave.c.orig 2010-07-29 21:28:41.000000000 +0900 ++++ usr/lib/pkcs11/tpm_stdll/loadsave.c 2010-10-20 00:27:47.109983972 +0900 +@@ -339,7 +339,7 @@ + fchmod(file,S_IRUSR|S_IWUSR); + + #if 0 +- grp = getgrnam("pkcs11"); // Obtain the group id ++ grp = getgrnam(PKCS11GROUP); // Obtain the group id + if (grp){ + fchown(file,getuid(),grp->gr_gid); // set ownership to root, and pkcs11 group + } diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-new_host.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-new_host.c new file mode 100644 index 000000000000..b89f2b1ecb78 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-new_host.c @@ -0,0 +1,11 @@ +--- usr/lib/pkcs11/tpm_stdll/new_host.c.orig 2010-07-29 21:28:41.000000000 +0900 ++++ usr/lib/pkcs11/tpm_stdll/new_host.c 2010-10-20 00:29:17.108984288 +0900 +@@ -356,7 +356,7 @@ + int rc = 0; + int index = 0; + gid_t gid,egid; +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if ( grp ) { + // Check for member of group.. + diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-tok_spec_struct.h b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-tok_spec_struct.h new file mode 100644 index 000000000000..c49362f92053 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-tok_spec_struct.h @@ -0,0 +1,15 @@ +--- usr/lib/pkcs11/tpm_stdll/tok_spec_struct.h.orig 2010-07-29 21:28:41.000000000 +0900 ++++ usr/lib/pkcs11/tpm_stdll/tok_spec_struct.h 2010-10-20 00:30:22.991986453 +0900 +@@ -33,9 +33,9 @@ + #define _TOK_SPECIFIC_STRUCT + + struct token_specific_struct{ +- CK_BYTE token_directory[PATH_MAX]; // Used to be in the token_local.h as a #def +- CK_BYTE token_subdir[PATH_MAX]; // subdirectory +- CK_BYTE token_debug_tag[PATH_MAX]; // debug logging tag ++ CK_BYTE *token_directory; // Used to be in the token_local.h as a #def ++ CK_BYTE *token_subdir; // subdirectory ++ CK_BYTE *token_debug_tag; // debug logging tag + + CK_RV (*t_init)(char *,CK_SLOT_ID); // Initialization function + int (*t_slot2local)(); // convert the PKCS#11 slot to a local index diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-utility.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-utility.c new file mode 100644 index 000000000000..db9dc344854e --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-utility.c @@ -0,0 +1,30 @@ +--- usr/lib/pkcs11/tpm_stdll/utility.c.orig 2010-07-29 21:28:41.000000000 +0900 ++++ usr/lib/pkcs11/tpm_stdll/utility.c 2010-10-20 00:33:02.810983787 +0900 +@@ -44,6 +44,27 @@ + #include "tok_spec_struct.h" + #include "pkcs32.h" + ++#include <fcntl.h> ++ ++#ifdef __sun ++#define LOCK_EX F_LOCK ++#define LOCK_UN F_ULOCK ++#define flock(fd, func) lockf(fd, func, 0) ++#endif ++ ++#ifndef LOCK_SH ++#define LOCK_SH 1 /* shared lock */ ++#endif ++#ifndef LOCK_EX ++#define LOCK_EX 2 /* exclusive lock */ ++#endif ++#ifndef LOCK_NB ++#define LOCK_NB 4 /* don't block when locking */ ++#endif ++#ifndef LOCK_UN ++#define LOCK_UN 8 /* unlock */ ++#endif ++ + #if (SPINXPL) + #include <sys/file.h> + #endif diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcs11_startup-Makefile.am b/security/opencryptoki/files/patch-usr-sbin-pkcs11_startup-Makefile.am new file mode 100644 index 000000000000..5a4da539916b --- /dev/null +++ b/security/opencryptoki/files/patch-usr-sbin-pkcs11_startup-Makefile.am @@ -0,0 +1,11 @@ +--- usr/sbin/pkcs11_startup/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900 ++++ usr/sbin/pkcs11_startup/Makefile.am 2010-10-22 00:59:30.397048865 +0900 +@@ -12,6 +12,8 @@ + -e s!\@ID\@!"@ID@"!g \ + -e s!\@CAT\@!"@CAT@"!g \ + -e s!\@SED\@!"@SED@"!g \ ++ -e s!\@PKCS11USER\@!"@PKCS11USER@"!g \ ++ -e s!\@PKCS11GROUP\@!"@PKCS11GROUP@"!g \ + -e s!\@GROUPADD\@!"@GROUPADD@"!g \ + -e s!\@USERMOD\@!"@USERMOD@"!g < $< > $@-t + @CHMOD@ +x $@-t diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcs11_startup-pkcs11_startup.in b/security/opencryptoki/files/patch-usr-sbin-pkcs11_startup-pkcs11_startup.in new file mode 100644 index 000000000000..eab5c2b3b78a --- /dev/null +++ b/security/opencryptoki/files/patch-usr-sbin-pkcs11_startup-pkcs11_startup.in @@ -0,0 +1,41 @@ +--- usr/sbin/pkcs11_startup/pkcs11_startup.in.orig 2010-07-29 21:28:41.000000000 +0900 ++++ usr/sbin/pkcs11_startup/pkcs11_startup.in 2010-10-22 00:57:35.508983672 +0900 +@@ -1,4 +1,4 @@ +-#!/bin/bash ++#!/bin/sh + + # + # +@@ -310,29 +310,20 @@ + + + # Create the pkcs11 group if it does not exist... +-cat /etc/group|grep pkcs11 >/dev/null 2>&1 ++cat /etc/group|grep @PKCS11GROUP@ >/dev/null 2>&1 + rc=$? + if [ $rc = 1 ] + then + if [ -x @GROUPADD@ ] + then +- @GROUPADD@ pkcs11 >/dev/null 2>&1 ++ @GROUPADD@ @PKCS11GROUP@ >/dev/null 2>&1 + + else +- echo "Couldn't execute @GROUPADD@. Please add the group 'pkcs11' manually." ++ echo "Couldn't execute @GROUPADD@. Please add the group '@PKCS11GROUP@' manually." + fi + fi + + +-if [ -x @USERMOD@ -a -x @ID@ ] +-then +- # add the pkcs group +- # replace spaces by commas +- @USERMOD@ -G $( @ID@ --groups --name root | @SED@ -e 'y/ /,/'),pkcs11 root +-else +- echo "Couldn't execute @USERMOD@. Please add root to the group 'pkcs11' manually." +-fi +- + + # For each card run the status command and if successful + # create the odm stanza for the file diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcs_slot-pkcs_slot.in b/security/opencryptoki/files/patch-usr-sbin-pkcs_slot-pkcs_slot.in new file mode 100644 index 000000000000..92446a0b6353 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-sbin-pkcs_slot-pkcs_slot.in @@ -0,0 +1,142 @@ +--- usr/sbin/pkcs_slot/pkcs_slot.in.orig 2010-07-29 21:28:41.000000000 +0900 ++++ usr/sbin/pkcs_slot/pkcs_slot.in 2010-10-22 00:42:38.286985256 +0900 +@@ -1,4 +1,4 @@ +-#!/bin/bash ++#!/bin/sh + + # + # +@@ -360,7 +360,7 @@ + if [ ! -d @localstatedir@/lib/opencryptoki ] + then + @MKDIR_P@ @localstatedir@/lib/opencryptoki +- @CHGRP@ pkcs11 @localstatedir@/lib/opencryptoki ++ @CHGRP@ @PKCS11GROUP@ @localstatedir@/lib/opencryptoki + @CHMOD@ -R g+rwX @localstatedir@/lib/opencryptoki + fi + +@@ -372,9 +372,9 @@ + if [ $? -ne 0 ] + then + mkdir $SOFT_DIR +- @CHGRP@ pkcs11 $SOFT_DIR ++ @CHGRP@ @PKCS11GROUP@ $SOFT_DIR + mkdir "$SOFT_DIR"/TOK_OBJ +- @CHGRP@ pkcs11 "$SOFT_DIR"/TOK_OBJ ++ @CHGRP@ @PKCS11GROUP@ "$SOFT_DIR"/TOK_OBJ + fi + SYS_SLOT="Soft" + fi +@@ -386,7 +386,7 @@ + if [ $? -ne 0 ] + then + mkdir $TPM_DIR +- @CHGRP@ pkcs11 $TPM_DIR ++ @CHGRP@ @PKCS11GROUP@ $TPM_DIR + fi + SYS_SLOT="TPM" + fi +@@ -397,7 +397,7 @@ + if [ $? -ne 0 ] + then + mkdir $CCA_DIR +- @CHGRP@ pkcs11 $CCA_DIR ++ @CHGRP@ @PKCS11GROUP@ $CCA_DIR + mkdir "$CCA_DIR"/TOK_OBJ + @CHGRP@ pkcs11 "$CCA_DIR"/TOK_OBJ + fi +@@ -406,7 +406,7 @@ + + # If we are using a shallow device, make sure that the directory + # to store token objects is available, if not create it and change +-# the ownership to the pkcs11 group ++# the ownership to the @PKCS11GROUP@ group + + + if [ $DEPTH = "ica" ] +@@ -415,9 +415,9 @@ + if [ $? -ne 0 ] + then + mkdir $ICA_DIR +- @CHGRP@ pkcs11 $ICA_DIR ++ @CHGRP@ @PKCS11GROUP@ $ICA_DIR + mkdir "$ICA_DIR"/TOK_OBJ +- @CHGRP@ pkcs11 "$ICA_DIR"/TOK_OBJ ++ @CHGRP@ @PKCS11GROUP@ "$ICA_DIR"/TOK_OBJ + fi + SYS_SLOT="ICA" + fi +@@ -428,9 +428,9 @@ + if [ $? -ne 0 ] + then + mkdir $BCOM_DIR +- @CHGRP@ pkcs11 $BCOM_DIR ++ @CHGRP@ @PKCS11GROUP@ $BCOM_DIR + mkdir "$BCOM_DIR"/TOK_OBJ +- @CHGRP@ pkcs11 "$BCOM_DIR"/TOK_OBJ ++ @CHGRP@ @PKCS11GROUP@ "$BCOM_DIR"/TOK_OBJ + fi + SYS_SLOT="BCOM" + fi +@@ -441,9 +441,9 @@ + if [ $? -ne 0 ] + then + mkdir $AEP_DIR +- @CHGRP@ pkcs11 $AEP_DIR ++ @CHGRP@ @PKCS11GROUP@ $AEP_DIR + mkdir "$AEP_DIR"/TOK_OBJ +- @CHGRP@ pkcs11 "$AEP_DIR"/TOK_OBJ ++ @CHGRP@ @PKCS11GROUP@ "$AEP_DIR"/TOK_OBJ + fi + SYS_SLOT="AEP" + fi +@@ -454,9 +454,9 @@ + if [ $? -ne 0 ] + then + mkdir $CR_DIR +- @CHGRP@ pkcs11 $CR_DIR ++ @CHGRP@ @PKCS11GROUP@ $CR_DIR + mkdir "$CR_DIR"/TOK_OBJ +- @CHGRP@ pkcs11 "$CR_DIR"/TOK_OBJ ++ @CHGRP@ @PKCS11GROUP@ "$CR_DIR"/TOK_OBJ + fi + SYS_SLOT="CRNT" + fi +@@ -477,29 +477,29 @@ + + if [ $DEPTH = "deep" ] + then +-echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|$DEVICE|$DEEP4758_DLL_FN|$DEEP4758_INIT" >>$CFGFILE ++echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|$DEVICE|$DEEP4758_DLL|$DEEP4758_INIT" >>$CFGFILE + + elif [ $DEPTH = "ica" ] + then +-echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$ICA_DLL_FN|$ICA_INIT" >>$CFGFILE ++echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$ICA_DLL|$ICA_INIT" >>$CFGFILE + elif [ $DEPTH = "bcom" ] + then +-echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$BCOM_DLL_FN|$BCOM_INIT" >>$CFGFILE ++echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$BCOM_DLL|$BCOM_INIT" >>$CFGFILE + elif [ $DEPTH = "aep" ] + then +-echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$AEP_DLL_FN|$AEP_INIT" >>$CFGFILE ++echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$AEP_DLL|$AEP_INIT" >>$CFGFILE + elif [ $DEPTH = "cr" ] + then +-echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$CR_DLL_FN|$CR_INIT" >>$CFGFILE ++echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$CR_DLL|$CR_INIT" >>$CFGFILE + elif [ $DEPTH = "soft" ] + then +-echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|FALSE|0|0|1|1|NONE|$SOFT_DLL_FN|$SOFT_INIT" >>$CFGFILE ++echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|FALSE|0|0|1|1|NONE|$SOFT_DLL|$SOFT_INIT" >>$CFGFILE + elif [ $DEPTH = "tpm" ] + then +-echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$TPM_DLL_FN|$TPM_INIT" >>$CFGFILE ++echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$TPM_DLL|$TPM_INIT" >>$CFGFILE + elif [ $DEPTH = "cca" ] + then +-echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$CCA_DLL_FN|$CCA_INIT" >>$CFGFILE ++echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$CCA_DLL|$CCA_INIT" >>$CFGFILE + fi + + @CHMOD@ -R g+wrX @localstatedir@/lib/opencryptoki diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsconf-Makefile.am b/security/opencryptoki/files/patch-usr-sbin-pkcsconf-Makefile.am new file mode 100644 index 000000000000..6e61e87c04b0 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-sbin-pkcsconf-Makefile.am @@ -0,0 +1,10 @@ +--- usr/sbin/pkcsconf/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900 ++++ usr/sbin/pkcsconf/Makefile.am 2010-10-20 00:46:34.600985372 +0900 +@@ -1,6 +1,6 @@ + sbin_PROGRAMS=pkcsconf + +-pkcsconf_LDFLAGS = -lpthread -ldl ++pkcsconf_LDFLAGS = -lpthread + + # Not all versions of automake observe sbinname_CFLAGS + pkcsconf_CFLAGS = -DSPINXPL -D_THREAD_SAFE -DDEBUG -DDEV -DAPI diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c b/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c new file mode 100644 index 000000000000..31aef7224424 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c @@ -0,0 +1,11 @@ +--- usr/sbin/pkcsconf/pkcsconf.c.orig 2010-07-29 21:28:41.000000000 +0900 ++++ usr/sbin/pkcsconf/pkcsconf.c 2010-10-20 00:47:46.462984231 +0900 +@@ -654,6 +654,8 @@ + free (newpin2); + } + ++ cleanup(); ++ + return rc; + + } diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-err.c b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-err.c new file mode 100644 index 000000000000..1ef0ba153f20 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-err.c @@ -0,0 +1,107 @@ +--- usr/sbin/pkcsslotd/err.c.orig 2010-07-29 21:28:41.000000000 +0900 ++++ usr/sbin/pkcsslotd/err.c 2010-10-20 01:17:17.245985003 +0900 +@@ -288,6 +288,7 @@ + + /* (C) COPYRIGHT International Business Machines Corp. 2001 */ + ++#include <signal.h> + + #include "pthread.h" + +@@ -331,14 +332,30 @@ + CONSTINFO(ERANGE), + CONSTINFO(ENOMSG), + CONSTINFO(EIDRM), ++#ifdef ECHRNG + CONSTINFO(ECHRNG), ++#endif ++#ifdef EL2NSYNC + CONSTINFO(EL2NSYNC), ++#endif ++#ifdef EL3HLT + CONSTINFO(EL3HLT), ++#endif ++#ifdef EL3RST + CONSTINFO(EL3RST), ++#endif ++#ifdef ELNRNG + CONSTINFO(ELNRNG), ++#endif ++#ifdef EUNATCH + CONSTINFO(EUNATCH), ++#endif ++#ifdef ENOCSI + CONSTINFO(ENOCSI), ++#endif ++#ifdef EL2HLT + CONSTINFO(EL2HLT), ++#endif + CONSTINFO(EDEADLK), + CONSTINFO(ESTALE), + CONSTINFO(EWOULDBLOCK), +@@ -369,7 +386,9 @@ + CONSTINFO(ECONNREFUSED), + CONSTINFO(EHOSTDOWN), + CONSTINFO(EHOSTUNREACH), ++#ifdef ERESTART + CONSTINFO(ERESTART), ++#endif + CONSTINFO(EUSERS), + CONSTINFO(ELOOP), + CONSTINFO(ENAMETOOLONG), +@@ -380,16 +399,34 @@ + CONSTINFO(ETOOMANYREFS), + CONSTINFO(EILSEQ), + CONSTINFO(ECANCELED), ++#ifdef ENOSR + CONSTINFO(ENOSR), ++#endif ++#ifdef ETIME + CONSTINFO(ETIME), ++#endif ++#ifdef EBADMSG + CONSTINFO(EBADMSG), ++#endif ++#ifdef EPROTO + CONSTINFO(EPROTO), ++#endif ++#ifdef ENODATA + CONSTINFO(ENODATA), ++#endif ++#ifdef ENOSTR + CONSTINFO(ENOSTR), ++#endif + CONSTINFO(ENOTSUP), ++#ifdef EMULTIHOP + CONSTINFO(EMULTIHOP), ++#endif ++#ifdef ENOLINK + CONSTINFO(ENOLINK), ++#endif ++#ifdef EOVERFLOW + CONSTINFO(EOVERFLOW), ++#endif + + }; + +@@ -424,14 +461,20 @@ + CONSTINFO(SIGXCPU), + CONSTINFO(SIGXFSZ), + CONSTINFO(SIGWINCH), ++#ifdef SIGPWR + CONSTINFO(SIGPWR), ++#endif + CONSTINFO(SIGUSR1), + CONSTINFO(SIGUSR2), + CONSTINFO(SIGPROF), + CONSTINFO(SIGVTALRM), + CONSTINFO(SIGIOT), ++#ifdef SIGCLD + CONSTINFO(SIGCLD), ++#endif ++#ifdef SIGPOLL + CONSTINFO(SIGPOLL), ++#endif + #if 0 + CONSTINFO(SIG_DFL), + CONSTINFO(SIG_IGN), diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-mutex.c b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-mutex.c new file mode 100644 index 000000000000..4b8c83064dbe --- /dev/null +++ b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-mutex.c @@ -0,0 +1,37 @@ +--- usr/sbin/pkcsslotd/mutex.c.orig 2010-07-29 21:28:41.000000000 +0900 ++++ usr/sbin/pkcsslotd/mutex.c 2010-10-20 01:19:28.613984045 +0900 +@@ -293,6 +293,26 @@ + + #include "pkcsslotd.h" + ++#include <fcntl.h> ++ ++#ifdef __sun ++#define LOCK_EX F_LOCK ++#define LOCK_UN F_ULOCK ++#define flock(fd, func) lockf(fd, func, 0) ++#endif ++ ++#ifndef LOCK_SH ++#define LOCK_SH 1 /* shared lock */ ++#endif ++#ifndef LOCK_EX ++#define LOCK_EX 2 /* exclusive lock */ ++#endif ++#ifndef LOCK_NB ++#define LOCK_NB 4 /* don't block when locking */ ++#endif ++#ifndef LOCK_UN ++#define LOCK_UN 8 /* unlock */ ++#endif + + #if SYSVSEM + #error "Caveat Emptor... this does not work" +@@ -315,7 +335,6 @@ + #include <sys/types.h> + #include <sys/stat.h> + #include <fcntl.h> +-#include <sys/file.h> + static int xplfd=-1; + #endif + diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-pkcsslotd.h b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-pkcsslotd.h new file mode 100644 index 000000000000..024873633a1c --- /dev/null +++ b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-pkcsslotd.h @@ -0,0 +1,11 @@ +--- usr/sbin/pkcsslotd/pkcsslotd.h.orig 2010-07-29 21:28:41.000000000 +0900 ++++ usr/sbin/pkcsslotd/pkcsslotd.h 2010-10-20 01:20:18.253984238 +0900 +@@ -353,7 +353,7 @@ + #include <nl_types.h> + + #include <sys/ipc.h> +-#include <linux/limits.h> ++#include <limits.h> + #include <sys/shm.h> + #include <sys/stat.h> + #include <sys/types.h> diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-shmem.c b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-shmem.c new file mode 100644 index 000000000000..973c25b76436 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-shmem.c @@ -0,0 +1,35 @@ +--- usr/sbin/pkcsslotd/shmem.c.orig 2010-07-29 21:28:41.000000000 +0900 ++++ usr/sbin/pkcsslotd/shmem.c 2010-10-20 01:23:03.203984101 +0900 +@@ -338,9 +338,9 @@ + } + // SAB Get the group information for the PKCS#11 group... fail if + // it does not exist +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if ( !grp ) { +- ErrLog("Group PKCS#11 does not exist "); ++ ErrLog("Group " PKCS11GROUP " does not exist "); + return FALSE; // Group does not exist... setup is wrong.. + } + +@@ -409,9 +409,9 @@ + int i; + char *buffer; + +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if ( !grp ) { +- ErrLog("Group \"pkcs11\" does not exist! Please run %s/pkcs11_startup.", ++ ErrLog("Group " PKCS11GROUP " does not exist! Please run %s/pkcs11_startup.", + SBIN_PATH); + return FALSE; // Group does not exist... setup is wrong.. + } +@@ -431,7 +431,7 @@ + return FALSE; + } + if (fchown(fd, 0, grp->gr_gid) == -1) { +- ErrLog("%s: fchown(%s, root, pkcs11): %s", __FUNCTION__, MAPFILENAME, ++ ErrLog("%s: fchown(%s, root, %s): %s", __FUNCTION__, MAPFILENAME, PKCS11GROUP, + strerror(errno)); + close(fd); + return FALSE; diff --git a/security/opencryptoki/files/pkcsslotd.in b/security/opencryptoki/files/pkcsslotd.in new file mode 100644 index 000000000000..ca0fb7744dc3 --- /dev/null +++ b/security/opencryptoki/files/pkcsslotd.in @@ -0,0 +1,33 @@ +#!/bin/sh + +# $FreeBSD$ +# +# PROVIDE: pkcsslotd +# REQUIRE: LOGIN tcsd +# KEYWORD: shutdown +# +# Add the following lines to /etc/rc.conf.local or /etc/rc.conf +# to enable this service: +# +# pkcsslotd_enable (bool): Set to NO by default. +# Set it to YES to enable pkcsslotd. +# + +. /etc/rc.subr + +name=pkcsslotd +rcvar=`set_rcvar` +command=%%PREFIX%%/sbin/${name} +start_precmd=${name}_prestart + +pkcsslotd_prestart () { + [ -f %%PREFIX%%/var/lib/opencryptoki/pk_config_data ] || \ + %%PREFIX%%/sbin/pkcs11_startup +} + +load_rc_config ${name} + +: pkcsslotd_enable=${pkcsslotd_enable-"NO"} + +run_rc_command "$1" + diff --git a/security/opencryptoki/files/pkg-message.in b/security/opencryptoki/files/pkg-message.in new file mode 100644 index 000000000000..70b4dd1edd64 --- /dev/null +++ b/security/opencryptoki/files/pkg-message.in @@ -0,0 +1,7 @@ +To run pkcsslotd automatically, add the following line to /etc/rc.conf + +pkcsslotd_enable="YES" + +To use PKCS#11 token, add your_account to '%%GROUPS%%' like following: + +# pw groupadd %%GROUPS%% -m your_account diff --git a/security/opencryptoki/pkg-descr b/security/opencryptoki/pkg-descr new file mode 100644 index 000000000000..cdaa8827a684 --- /dev/null +++ b/security/opencryptoki/pkg-descr @@ -0,0 +1 @@ +openCryptoki is a PKCS#11 implementation. diff --git a/security/opencryptoki/pkg-plist b/security/opencryptoki/pkg-plist new file mode 100644 index 000000000000..12d85ac93185 --- /dev/null +++ b/security/opencryptoki/pkg-plist @@ -0,0 +1,34 @@ +include/opencryptoki/apiclient.h +include/opencryptoki/pkcs11.h +include/opencryptoki/pkcs11types.h +lib/libopencryptoki.la +lib/libopencryptoki.so +lib/libopencryptoki.so.0 +lib/opencryptoki/PKCS11_API.so +lib/opencryptoki/libopencryptoki.la +lib/opencryptoki/libopencryptoki.so +lib/opencryptoki/libopencryptoki.so.0 +lib/opencryptoki/methods +lib/opencryptoki/stdll/PKCS11_SW.so +lib/opencryptoki/stdll/libpkcs11_sw.la +lib/opencryptoki/stdll/libpkcs11_sw.so +lib/opencryptoki/stdll/libpkcs11_sw.so.0 +lib/opencryptoki/stdll/PKCS11_TPM.so +lib/opencryptoki/stdll/libpkcs11_tpm.la +lib/opencryptoki/stdll/libpkcs11_tpm.so +lib/opencryptoki/stdll/libpkcs11_tpm.so.0 +lib/pkcs11/PKCS11_API.so +lib/pkcs11/libopencryptoki.so +lib/pkcs11/methods +lib/pkcs11/stdll +sbin/pkcs11_startup +sbin/pkcs_slot +sbin/pkcsconf +sbin/pkcsslotd +@dirrmtry var/lib/opencryptoki +@dirrmtry var/lib +@dirrmtry var +@dirrm lib/pkcs11 +@dirrm lib/opencryptoki/stdll +@dirrm lib/opencryptoki +@dirrm include/opencryptoki |