diff -Nru opencryptoki-2.2.4/usr/sbin/pkcs11_startup/pkcs11_startup.in opencryptoki-2.2.4.1/usr/sbin/pkcs11_startup/pkcs11_startup.in --- opencryptoki-2.2.4/usr/sbin/pkcs11_startup/pkcs11_startup.in 2009-11-19 08:51:04.000000000 -0500 +++ opencryptoki-2.2.4.1/usr/sbin/pkcs11_startup/pkcs11_startup.in 2009-07-29 16:09:30.000000000 -0400 @@ -387,22 +387,13 @@ # Add the ICA device if it exists +# Starting from version 1.3, libica supports software +# fallback when no specialized hardware is found, so +# we default for including the ica token when it's +# stdll is present (s390x by default) - KlausK Jul'09 if [ -f @STDLL_PATH@/libpkcs11_ica.so ] then -# This won't work if the driver is built into the kernel -# so we will look for it in /proc/devices -# /sbin/lsmod | grep devica >/dev/null 2>&1 - /bin/cat /proc/devices | grep leedslite >/dev/null 2>&1 - rc=$? - if [ $rc = 0 ] - then - @METHOD_PATH@/pkcs_slot 0 ica - else - # We used to require hardware for the ICA token, now we allow - # its use as a software token on System Z. - KEY Sep/2007 - # - @METHOD_PATH@/pkcs_slot 0 ica - fi + @METHOD_PATH@/pkcs_slot 0 ica fi @@ -431,14 +422,16 @@ fi fi -# add the CCA device - -if [ -f @STDLL_PATH@/libpkcs11_cca.so ] +# add the CCA token +# CCA stdll is always built by default in supported archs, so check for both +# the CCA stdll *and* for a library needed by the CCA token - KlausK Jul'09 +# The libraries required by CCA token are provided by the 'xcryptolinzGA' +# RPM package, available from the IBM web site. +if [ -f @STDLL_PATH@/libpkcs11_cca.so ] && [ -f /usr/lib64/libcsulmkapi.so.1 ] then - @METHOD_PATH@/pkcs_slot 0 cca + @METHOD_PATH@/pkcs_slot 0 cca fi - - + # Add the SW token last, so that "dumb" apps that always open # slot 0 will get a HW token if one exists if [ -f @STDLL_PATH@/libpkcs11_sw.so ] diff -Nru opencryptoki-2.2.4/usr/sbin/pkcs_slot/pkcs_slot.in opencryptoki-2.2.4.1/usr/sbin/pkcs_slot/pkcs_slot.in --- opencryptoki-2.2.4/usr/sbin/pkcs_slot/pkcs_slot.in 2009-11-19 08:51:04.000000000 -0500 +++ opencryptoki-2.2.4.1/usr/sbin/pkcs_slot/pkcs_slot.in 2009-07-29 16:09:30.000000000 -0400 @@ -391,6 +391,19 @@ SYS_SLOT="TPM" fi +if [ $DEPTH = "cca" ] +then + test -d $CCA_DIR + if [ $? -ne 0 ] + then + mkdir $CCA_DIR + chgrp pkcs11 $CCA_DIR + mkdir "$CCA_DIR"/TOK_OBJ + chgrp pkcs11 "$CCA_DIR"/TOK_OBJ + fi + SYS_SLOT="CCA" +fi + # If we are using a shallow device, make sure that the directory # to store token objects is available, if not create it and change # the ownership to the pkcs11 group @@ -448,19 +461,6 @@ SYS_SLOT="CRNT" fi -if [ $DEPTH = "cca" ] -then - test -d $CCA_DIR - if [ $? -ne 0 ] - then - mkdir $CCA_DIR - chgrp pkcs11 $CCA_DIR - mkdir "$CCA_DIR"/TOK_OBJ - chgrp pkcs11 "$CCA_DIR"/TOK_OBJ - fi - SYS_SLOT="CCA" -fi - # The device name is now parsed to find the minor number of the # device we are examining. Since the last letter of crypt is "t" # everything after the t is treated as the device number @@ -491,15 +491,15 @@ elif [ $DEPTH = "cr" ] then echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$CR_DLL_FN|$CR_INIT" >>$CFGFILE -elif [ $DEPTH = "cca" ] -then -echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$CCA_DLL_FN|$CCA_INIT" >>$CFGFILE elif [ $DEPTH = "soft" ] then echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|FALSE|0|0|1|1|NONE|$SOFT_DLL_FN|$SOFT_INIT" >>$CFGFILE elif [ $DEPTH = "tpm" ] then echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$TPM_DLL_FN|$TPM_INIT" >>$CFGFILE +elif [ $DEPTH = "cca" ] +then +echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$CCA_DLL_FN|$CCA_INIT" >>$CFGFILE fi cd @DB_PATH@