Sophie: openCryptoki-2.2.4-22.el5

openCryptoki-2.2.4-22.el5_4.2.src.rpm

diff -Nru opencryptoki-2.2.4/usr/sbin/pkcs11_startup/pkcs11_startup.in opencryptoki-2.2.4.1/usr/sbin/pkcs11_startup/pkcs11_startup.in
--- opencryptoki-2.2.4/usr/sbin/pkcs11_startup/pkcs11_startup.in	2009-11-19 08:51:04.000000000 -0500
+++ opencryptoki-2.2.4.1/usr/sbin/pkcs11_startup/pkcs11_startup.in	2009-07-29 16:09:30.000000000 -0400
@@ -387,22 +387,13 @@
 
 
 # Add the ICA device if it exists
+# Starting from version 1.3, libica supports software
+# fallback when no specialized hardware is found, so
+# we default for including the ica token when it's
+# stdll is present (s390x by default) - KlausK Jul'09
 if [ -f @STDLL_PATH@/libpkcs11_ica.so ]
 then
-#  This won't work if the driver is built into the kernel
-# so we will look for it in /proc/devices
-#    /sbin/lsmod | grep devica >/dev/null 2>&1
-    /bin/cat /proc/devices | grep leedslite >/dev/null 2>&1
-    rc=$?
-    if [ $rc = 0 ]
-    then
-	    @METHOD_PATH@/pkcs_slot 0  ica
-    else
-	# We used to require hardware for the ICA token, now we allow
-	# its use as a software token on System Z. - KEY Sep/2007
-	#
-	@METHOD_PATH@/pkcs_slot 0  ica
-    fi
+    @METHOD_PATH@/pkcs_slot 0  ica
 fi
 
 
@@ -431,14 +422,16 @@
     fi
 fi
 
-# add the CCA device
-
-if [ -f @STDLL_PATH@/libpkcs11_cca.so ]
+# add the CCA token
+# CCA stdll is always built by default in supported archs, so check for both
+# the CCA stdll *and* for a library needed by the CCA token - KlausK Jul'09
+# The libraries required by CCA token are provided by the 'xcryptolinzGA'
+# RPM package, available from the IBM web site.
+if [ -f @STDLL_PATH@/libpkcs11_cca.so ] && [ -f /usr/lib64/libcsulmkapi.so.1 ]
 then
-            @METHOD_PATH@/pkcs_slot 0  cca
+    @METHOD_PATH@/pkcs_slot 0 cca
 fi
-
-
+ 
 # Add the SW token last, so that "dumb" apps that always open
 # slot 0 will get a HW token if one exists
 if [ -f @STDLL_PATH@/libpkcs11_sw.so ]
diff -Nru opencryptoki-2.2.4/usr/sbin/pkcs_slot/pkcs_slot.in opencryptoki-2.2.4.1/usr/sbin/pkcs_slot/pkcs_slot.in
--- opencryptoki-2.2.4/usr/sbin/pkcs_slot/pkcs_slot.in	2009-11-19 08:51:04.000000000 -0500
+++ opencryptoki-2.2.4.1/usr/sbin/pkcs_slot/pkcs_slot.in	2009-07-29 16:09:30.000000000 -0400
@@ -391,6 +391,19 @@
     SYS_SLOT="TPM"
 fi
 
+if [ $DEPTH = "cca" ]
+then
+    test  -d $CCA_DIR
+    if [ $? -ne 0 ]
+    then
+       mkdir  $CCA_DIR
+       chgrp pkcs11 $CCA_DIR
+       mkdir "$CCA_DIR"/TOK_OBJ
+       chgrp pkcs11 "$CCA_DIR"/TOK_OBJ
+    fi
+    SYS_SLOT="CCA"
+fi
+ 
 # If we are using a shallow device, make sure that the directory
 # to store token objects is available, if not create it and change
 # the ownership to the pkcs11 group 
@@ -448,19 +461,6 @@
     SYS_SLOT="CRNT"
 fi
 
-if [ $DEPTH = "cca" ]
-then
-    test  -d $CCA_DIR
-    if [ $? -ne 0 ]
-    then
-        mkdir  $CCA_DIR
-        chgrp pkcs11 $CCA_DIR
-        mkdir "$CCA_DIR"/TOK_OBJ
-        chgrp pkcs11 "$CCA_DIR"/TOK_OBJ
-    fi
-    SYS_SLOT="CCA"
-fi
-
 # The device name is now parsed to find the minor number of the
 # device we are examining.  Since the last letter of crypt is "t"
 # everything after the t is treated as the device number
@@ -491,15 +491,15 @@
 elif [ $DEPTH = "cr" ]
 then
 echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$CR_DLL_FN|$CR_INIT" >>$CFGFILE
-elif [ $DEPTH = "cca" ]
-then
-echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$CCA_DLL_FN|$CCA_INIT" >>$CFGFILE
 elif [ $DEPTH = "soft" ]
 then
 echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|FALSE|0|0|1|1|NONE|$SOFT_DLL_FN|$SOFT_INIT" >>$CFGFILE
 elif [ $DEPTH = "tpm" ]
 then
 echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$TPM_DLL_FN|$TPM_INIT" >>$CFGFILE
+elif [ $DEPTH = "cca" ]
+then
+echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$CCA_DLL_FN|$CCA_INIT" >>$CFGFILE
 fi
 
 cd @DB_PATH@