--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/coolkey/patches/01-coolkey.cpp.patch Mon Aug 01 12:38:38 2016 -0700
@@ -0,0 +1,548 @@
+In-house patch created to avoid the multiple declaration for log variable.
+This is necessary only when building the component with Solaris Studio.
+
+This patch is Solaris buildenv specific and may not be suitable for upstream.
+
+Other modifications were introduced to keep this in sync with upstream patches
+of the coolkey.cpp source file.
+
+For example, the addition of RSA, EC, or both mechanisms support the variance
+of different types of smart cards, where some cards support only EC, some only RSA.
+
+--- ORIGINAL/./src/coolkey/coolkey.cpp 2016-06-24 16:07:19.284028543 -0400
++++ ././src/coolkey/coolkey.cpp 2016-06-27 13:38:03.637785724 -0400
+@@ -34,15 +34,19 @@
+ #include "cky_base.h"
+ #include "params.h"
+
+-#define NULL 0
+
+ /* static module data -------------------------------- */
+-
+-static Log *log = NULL;
++
++// XXX - Solaris studio compiler specific
++// changed variable name from "log" to "mylog" as we need to
++// avoid multiple declarations of a variable named "log"
++static Log *mylog = NULL;
+
+ static SlotList *slotList = NULL;
+
+-static OSLock finalizeLock(false);
++static OSLock *finalizeLock = NULL;
++#define FINALIZE_GETLOCK() if (finalizeLock) finalizeLock->getLock();
++#define FINALIZE_RELEASELOCK() if (finalizeLock) finalizeLock->releaseLock();
+
+ static CK_BBOOL initialized = FALSE;
+ static CK_BBOOL finalizing = FALSE;
+@@ -68,11 +72,25 @@
+ /**********************************************************************
+ ************************** MECHANISM TABLE ***************************
+ **********************************************************************/
+-static MechInfo
+-mechanismList[] = {
++
++static const MechInfo
++rsaMechanismList[] = {
+ {CKM_RSA_PKCS, { 1024, 4096, CKF_HW | CKF_SIGN | CKF_DECRYPT } }
+ };
+-static unsigned int numMechanisms = sizeof(mechanismList)/sizeof(MechInfo);
++
++static const MechInfo
++ecMechanismList[] = {
++ {CKM_ECDSA,{256,521,CKF_HW | CKF_SIGN | CKF_EC_F_P}},{ CKM_ECDSA_SHA1, {256, 521, CKF_HW | CKF_SIGN | CKF_EC_F_P}},{ CKM_ECDH1_DERIVE,{256, 521, CKF_HW | CKF_DERIVE | CKF_EC_F_P} }
++};
++static const MechInfo
++allMechanismList[] = {
++ {CKM_RSA_PKCS, { 1024, 4096, CKF_HW | CKF_SIGN | CKF_DECRYPT } },
++ {CKM_ECDSA,{256,521,CKF_HW | CKF_SIGN | CKF_EC_F_P}},{ CKM_ECDSA_SHA1, {256, 521, CKF_HW | CKF_SIGN | CKF_EC_F_P}},{ CKM_ECDH1_DERIVE,{256, 521, CKF_HW | CKF_DERIVE | CKF_EC_F_P} }
++};
++
++unsigned int numRSAMechanisms = sizeof(rsaMechanismList)/sizeof(MechInfo);
++unsigned int numECMechanisms = sizeof(ecMechanismList)/sizeof(MechInfo);
++unsigned int numAllMechanisms = sizeof(allMechanismList)/sizeof(MechInfo);
+
+ /* ------------------------------------------------------------ */
+
+@@ -86,11 +104,11 @@
+ for (i = 0; i < ulCount; ++i) {
+ CK_ATTRIBUTE_PTR pT = pTemplate + i;
+ if (pT->pValue && pT->ulValueLen == 4) {
+- log->log(
++ mylog->log(
+ "template [%02lu] type: %04lx, pValue: %08lx, ulValueLen: %08lx, value: %lu\n",
+ i, pT->type, pT->pValue, pT->ulValueLen, *(CK_ULONG_PTR)pT->pValue);
+ } else
+- log->log("template [%02lu] type: %04lx, pValue: %08lx, ulValueLen: %08lx\n",
++ mylog->log("template [%02lu] type: %04lx, pValue: %08lx, ulValueLen: %08lx\n",
+ i, pT->type, pT->pValue, pT->ulValueLen);
+ }
+ }
+@@ -101,7 +119,7 @@
+ #define NOTSUPPORTED(name, args) \
+ CK_RV name args \
+ { \
+- log->log(#name " called (notSupported)\n"); \
++ mylog->log(#name " called (notSupported)\n"); \
+ return CKR_FUNCTION_NOT_SUPPORTED; \
+ }
+
+@@ -112,11 +130,11 @@
+ return CKR_CRYPTOKI_NOT_INITIALIZED; \
+ } \
+ try { \
+- log->log(#name " called\n"); \
++ mylog->log(#name " called\n"); \
+ slotList->name2 use_args ; \
+ return CKR_OK; \
+ } catch(PKCS11Exception& e) { \
+- e.log(log); \
++ e.log(mylog); \
+ return e.getCRV(); \
+ } \
+ }
+@@ -164,7 +182,6 @@
+ NOTSUPPORTED(C_GenerateKeyPair, (CK_SESSION_HANDLE,CK_MECHANISM_PTR,CK_ATTRIBUTE_PTR,CK_ULONG,CK_ATTRIBUTE_PTR,CK_ULONG,CK_OBJECT_HANDLE_PTR,CK_OBJECT_HANDLE_PTR))
+ NOTSUPPORTED(C_WrapKey, (CK_SESSION_HANDLE,CK_MECHANISM_PTR,CK_OBJECT_HANDLE,CK_OBJECT_HANDLE,CK_BYTE_PTR,CK_ULONG_PTR))
+ NOTSUPPORTED(C_UnwrapKey, (CK_SESSION_HANDLE,CK_MECHANISM_PTR,CK_OBJECT_HANDLE,CK_BYTE_PTR,CK_ULONG,CK_ATTRIBUTE_PTR,CK_ULONG,CK_OBJECT_HANDLE_PTR))
+-NOTSUPPORTED(C_DeriveKey, (CK_SESSION_HANDLE,CK_MECHANISM_PTR,CK_OBJECT_HANDLE,CK_ATTRIBUTE_PTR,CK_ULONG,CK_OBJECT_HANDLE_PTR))
+ NOTSUPPORTED(C_GetFunctionStatus, (CK_SESSION_HANDLE))
+ NOTSUPPORTED(C_CancelFunction, (CK_SESSION_HANDLE))
+
+@@ -198,6 +215,10 @@
+ SUPPORTED(C_GenerateRandom, generateRandom,
+ (CK_SESSION_HANDLE hSession ,CK_BYTE_PTR data,CK_ULONG dataLen),
+ (hSession, data, dataLen))
++SUPPORTED(C_DeriveKey,derive,
++ (CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
++ CK_OBJECT_HANDLE hBaseKey, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey ),
++ (hSession, pMechanism, hBaseKey, pTemplate, ulAttributeCount, phKey))
+
+ /* non-specialized functions supported with the slot directly */
+
+@@ -208,11 +229,13 @@
+ if( initialized ) {
+ return CKR_CRYPTOKI_ALREADY_INITIALIZED;
+ }
+- if (!finalizeLock.isValid()) {
++ if (finalizeLock && !finalizeLock->isValid()) {
+ return CKR_CANT_LOCK;
+ }
+ CK_C_INITIALIZE_ARGS* initArgs = (CK_C_INITIALIZE_ARGS*) pInitArgs;
++ OSLock::setThreadSafe(0);
+ if( initArgs != NULL ) {
++ bool needThreads;
+ /* work around a bug in NSS where the library parameters are only
+ * send if locking is requested */
+ if (initArgs->LibraryParameters) {
+@@ -220,28 +243,38 @@
+ } else {
+ Params::ClearParams();
+ }
+- if( (initArgs->flags & CKF_OS_LOCKING_OK) || initArgs->LockMutex ){
++ needThreads = ((initArgs->flags & CKF_OS_LOCKING_OK) != 0);
++ OSLock::setThreadSafe(needThreads);
++ /* don't get a finalize lock unless someone initializes us asking
++ * us to use threads */
++ if (needThreads && !finalizeLock) {
++ finalizeLock = new OSLock(true);
++ if (finalizeLock == NULL) return CKR_HOST_MEMORY;
++ }
++ /* only support OS LOCKING threads */
++ if( ((initArgs->flags & CKF_OS_LOCKING_OK) == 0)
++ && initArgs->LockMutex ){
+ throw PKCS11Exception(CKR_CANT_LOCK);
+ }
+ }
+ char * logFileName = getenv("COOL_KEY_LOG_FILE");
+ if (logFileName) {
+ if (strcmp(logFileName,"SYSLOG") == 0) {
+- log = new SysLog();
++ mylog = new SysLog();
+ } else {
+- log = new FileLog(logFileName);
++ mylog = new FileLog(logFileName);
+ }
+ } else {
+- log = new DummyLog();
++ mylog = new DummyLog();
+ }
+- log->log("Initialize called, hello %d\n", 5);
+- CKY_SetName("coolkey");
+- slotList = new SlotList(log);
++ mylog->log("Initialize called, hello %d\n", 5);
++ CKY_SetName((char *) "coolkey");
++ slotList = new SlotList(mylog);
+ initialized = TRUE;
+ return CKR_OK;
+ } catch(PKCS11Exception &e) {
+- if( log )
+- e.log(log);
++ if( mylog )
++ e.log(mylog);
+ return e.getReturnValue();
+ }
+ }
+@@ -254,14 +287,14 @@
+ }
+ // XXX cleanup all data structures !!!
+ //delete sessionManager;
+- log->log("Finalizing...\n");
++ mylog->log("Finalizing...\n");
+ // don't race the setting of finalizing. If C_WaitEvent gets passed
+ // the finalizing call first, we know it will set waitEvent before
+ // we can get the lock, so we only need to protect setting finalizing
+ // to true.
+- finalizeLock.getLock();
++ FINALIZE_GETLOCK();
+ finalizing = TRUE;
+- finalizeLock.releaseLock();
++ FINALIZE_RELEASELOCK();
+ if (waitEvent) {
+ /* we're waiting on a slot event, shutdown first to allow
+ * the wait function to complete before we pull the rug out.
+@@ -272,11 +305,11 @@
+ }
+ }
+ delete slotList;
+- delete log;
+- finalizeLock.getLock();
++ delete mylog;
++ FINALIZE_GETLOCK();
+ finalizing = FALSE;
+ initialized = FALSE;
+- finalizeLock.releaseLock();
++ FINALIZE_RELEASELOCK();
+ return CKR_OK;
+ }
+
+@@ -287,7 +320,7 @@
+ if( ! initialized ) {
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ }
+- log->log("C_GetInfo called\n");
++ mylog->log("C_GetInfo called\n");
+ ckInfo.manufacturerID[31] = ' ';
+ ckInfo.libraryDescription[31] = ' ';
+ *p = ckInfo;
+@@ -302,12 +335,12 @@
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ }
+ try {
+- log->log("Called C_GetSlotInfo\n");
++ mylog->log("Called C_GetSlotInfo\n");
+ slotList->validateSlotID(slotID);
+ return slotList->getSlot(
+ slotIDToIndex(slotID))->getSlotInfo(pSlotInfo);
+ } catch( PKCS11Exception &excep ) {
+- excep.log(log);
++ excep.log(mylog);
+ return excep.getCRV();
+ }
+ }
+@@ -319,12 +352,12 @@
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ }
+ try {
+- log->log("C_GetTokenInfo called\n");
++ mylog->log("C_GetTokenInfo called\n");
+ slotList->validateSlotID(slotID);
+ return slotList->getSlot(
+ slotIDToIndex(slotID))->getTokenInfo(pTokenInfo);
+ } catch( PKCS11Exception &excep ) {
+- excep.log(log);
++ excep.log(mylog);
+ return excep.getCRV();
+ }
+ }
+@@ -333,23 +366,47 @@
+ C_GetMechanismList(CK_SLOT_ID slotID, CK_MECHANISM_TYPE_PTR pMechanismList,
+ CK_ULONG_PTR pulCount)
+ {
++
++ const MechInfo *mechanismList = NULL;
++ unsigned int numMechanisms = 0;
++
++
+ if( ! initialized ) {
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ }
+ try {
+ CK_RV rv = CKR_OK;
+
+- log->log("C_GetMechanismList called\n");
++ mylog->log("C_GetMechanismList called\n");
+ if( pulCount == NULL ) {
+ throw PKCS11Exception(CKR_ARGUMENTS_BAD);
+ }
+
+ slotList->validateSlotID(slotID);
+- if( ! slotList->getSlot(
+- slotIDToIndex(slotID))->isTokenPresent() ) {
++
++ Slot *slot = slotList->getSlot(slotIDToIndex(slotID));
++
++ if( ! slot || ! slot->isTokenPresent() ) {
+ return CKR_TOKEN_NOT_PRESENT;
+ }
+
++ switch (slot->getAlgs()) {
++ case ALG_ECC|ALG_RSA:
++ mechanismList = allMechanismList;
++ numMechanisms = numAllMechanisms;
++ break;
++ case ALG_ECC:
++ mechanismList = ecMechanismList;
++ numMechanisms = numECMechanisms;
++ break;
++ case ALG_NONE:
++ case ALG_RSA:
++ default:
++ mechanismList = rsaMechanismList;
++ numMechanisms = numRSAMechanisms;
++ break;
++ }
++
+ if( pMechanismList != NULL ) {
+ if( *pulCount < numMechanisms ) {
+ rv = CKR_BUFFER_TOO_SMALL;
+@@ -362,11 +419,11 @@
+
+ *pulCount = numMechanisms;
+
+- log->log("C_GetMechanismList returning %d\n", rv);
++ mylog->log("C_GetMechanismList returning %d\n", rv);
+ return rv;
+
+ } catch(PKCS11Exception &excep ) {
+- excep.log(log);
++ excep.log(mylog);
+ return excep.getCRV();
+ }
+
+@@ -376,30 +433,56 @@
+ C_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type,
+ CK_MECHANISM_INFO_PTR pInfo)
+ {
++ const MechInfo *mechanismList = NULL;
++ unsigned int numMechanisms = 0;
++
+ if( ! initialized ) {
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ }
++
++
+ try {
+- log->log("C_GetMechanismInfo called\n");
++ mylog->log("C_GetMechanismInfo called\n");
+ if( pInfo == NULL ) {
+ throw PKCS11Exception(CKR_ARGUMENTS_BAD);
+ }
+ slotList->validateSlotID(slotID);
+- if( ! slotList->getSlot(slotIDToIndex(slotID))->isTokenPresent() ) {
++
++
++ Slot *slot = slotList->getSlot(slotIDToIndex(slotID));
++
++ if( ! slot || ! slot->isTokenPresent() ) {
+ return CKR_TOKEN_NOT_PRESENT;
+ }
+
++ switch (slot->getAlgs()) {
++ case ALG_ECC|ALG_RSA:
++ mechanismList = allMechanismList;
++ numMechanisms = numAllMechanisms;
++ break;
++ case ALG_ECC:
++ mechanismList = ecMechanismList;
++ numMechanisms = numECMechanisms;
++ break;
++ case ALG_NONE:
++ case ALG_RSA:
++ default:
++ mechanismList = rsaMechanismList;
++ numMechanisms = numRSAMechanisms;
++ break;
++ }
++
+ for(unsigned int i=0; i < numMechanisms; ++i ) {
+ if( mechanismList[i].mech == type ) {
+ *pInfo = mechanismList[i].info;
+- log->log("C_GetMechanismInfo got info about %d\n", type);
++ mylog->log("C_GetMechanismInfo got info about %d\n", type);
+ return CKR_OK;
+ }
+ }
+- log->log("C_GetMechanismInfo failed to find info about %d\n", type);
++ mylog->log("C_GetMechanismInfo failed to find info about %d\n", type);
+ return CKR_MECHANISM_INVALID; // mechanism not in the list
+ } catch(PKCS11Exception &e) {
+- e.log(log);
++ e.log(mylog);
+ return e.getCRV();
+ }
+ }
+@@ -412,7 +495,7 @@
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ }
+ try {
+- log->log("C_OpenSession called\n");
++ mylog->log("C_OpenSession called\n");
+ slotList->validateSlotID(slotID);
+ #ifdef LATER // the CSP isn't setting this bit right now.
+ if( ! (flags & CKF_SERIAL_SESSION) ) {
+@@ -430,7 +513,7 @@
+ return CKR_OK;
+
+ } catch(PKCS11Exception &e) {
+- e.log(log);
++ e.log(mylog);
+ return e.getCRV();
+ }
+ }
+@@ -442,13 +525,13 @@
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ }
+ try {
+- log->log("C_CloseSession(0x%x) called\n", hSession);
++ mylog->log("C_CloseSession(0x%x) called\n", hSession);
+ // !!!XXX Hack
+ // If nothing else, we need to logout the token when all
+ // its sessions are closed.
+ return CKR_OK;
+ } catch(PKCS11Exception &e) {
+- e.log(log);
++ e.log(mylog);
+ return e.getCRV();
+ }
+ }
+@@ -460,14 +543,14 @@
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ }
+ try {
+- log->log("C_CloseAllSessions(0x%x) called\n", slotID);
++ mylog->log("C_CloseAllSessions(0x%x) called\n", slotID);
+ slotList->validateSlotID(slotID);
+ // !!!XXX Hack
+ // If nothing else, we need to logout the token when all
+ // its sessions are closed.
+ return CKR_OK;
+ } catch(PKCS11Exception &e) {
+- e.log(log);
++ e.log(mylog);
+ return e.getCRV();
+ }
+ }
+@@ -481,7 +564,7 @@
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ }
+ try {
+- log->log("C_FindObjectsInit called, %lu templates\n", ulCount);
++ mylog->log("C_FindObjectsInit called, %lu templates\n", ulCount);
+ dumpTemplates(pTemplate, ulCount);
+
+ if( pTemplate == NULL && ulCount != 0 ) {
+@@ -490,7 +573,7 @@
+ slotList->findObjectsInit(hSession, pTemplate, ulCount);
+ return CKR_OK;
+ } catch(PKCS11Exception &e) {
+- e.log(log);
++ e.log(mylog);
+ return e.getCRV();
+ }
+ }
+@@ -504,22 +587,22 @@
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ }
+ try {
+- log->log("C_FindObjects called, max objects = %lu\n", ulMaxObjectCount );
++ mylog->log("C_FindObjects called, max objects = %lu\n", ulMaxObjectCount );
+ if( phObject == NULL && ulMaxObjectCount != 0 ) {
+ throw PKCS11Exception(CKR_ARGUMENTS_BAD);
+ }
+ slotList->findObjects(hSession, phObject, ulMaxObjectCount,
+ pulObjectCount);
+ count = *pulObjectCount;
+- log->log("returned %lu objects:", count );
++ mylog->log("returned %lu objects:", count );
+ CK_ULONG i;
+ for (i = 0; i < count; ++i) {
+- log->log(" 0x%08lx", phObject[i]);
++ mylog->log(" 0x%08lx", phObject[i]);
+ }
+- log->log("\n" );
++ mylog->log("\n" );
+ return CKR_OK;
+ } catch(PKCS11Exception &e) {
+- e.log(log);
++ e.log(mylog);
+ return e.getCRV();
+ }
+ }
+@@ -542,7 +625,7 @@
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ }
+ try {
+- log->log("C_Login called\n");
++ mylog->log("C_Login called\n");
+ if( userType != CKU_USER ) {
+ throw PKCS11Exception(CKR_USER_TYPE_INVALID);
+ }
+@@ -552,7 +635,7 @@
+ slotList->login(hSession, pPin, ulPinLen);
+ return CKR_OK;
+ } catch(PKCS11Exception &e) {
+- e.log(log);
++ e.log(mylog);
+ return e.getCRV();
+ }
+ }
+@@ -566,7 +649,7 @@
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ }
+ try {
+- log->log("C_GetAttributeValue called, %lu templates for object 0x%08lx\n", ulCount, hObject);
++ mylog->log("C_GetAttributeValue called, %lu templates for object 0x%08lx\n", ulCount, hObject);
+ dumpTemplates(pTemplate, ulCount);
+ if( pTemplate == NULL && ulCount != 0 ) {
+ throw PKCS11Exception(CKR_ARGUMENTS_BAD);
+@@ -576,7 +659,7 @@
+ return CKR_OK;
+ } catch(PKCS11Exception& e) {
+ CK_RV rv = e.getCRV();
+- e.log(log);
++ e.log(mylog);
+ if (rv == CKR_ATTRIBUTE_TYPE_INVALID ||
+ rv == CKR_BUFFER_TOO_SMALL) {
+ dumpTemplates(pTemplate, ulCount);
+@@ -595,24 +678,24 @@
+ CK_RV
+ C_WaitForSlotEvent(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot, CK_VOID_PTR pReserved)
+ {
+- finalizeLock.getLock();
++ FINALIZE_GETLOCK();
+ if( ! initialized ) {
+- finalizeLock.releaseLock();
++ FINALIZE_RELEASELOCK();
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ }
+ if (finalizing) {
+- finalizeLock.releaseLock();
++ FINALIZE_RELEASELOCK();
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ }
+ waitEvent = TRUE;
+- finalizeLock.releaseLock();
++ FINALIZE_RELEASELOCK();
+ try {
+- log->log("C_WaitForSlotEvent called\n");
++ mylog->log("C_WaitForSlotEvent called\n");
+ slotList->waitForSlotEvent(flags, pSlot, pReserved);
+ waitEvent = FALSE;
+ return CKR_OK;
+ } catch(PKCS11Exception& e) {
+- e.log(log);
++ e.log(mylog);
+ waitEvent = FALSE;
+ return e.getCRV();
+ }