Bug 1283305

Summary: [RFE] export all C_* functions in pkcs11-spy
Product: Red Hat Enterprise Linux 7 Reporter: Petr Spacek <pspacek>
Component: openscAssignee: Nikos Mavrogiannopoulos <nmavrogi>
Status: CLOSED ERRATA QA Contact: Release Test Team <release-test-team-automation>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.3CC: mhruscak, nmavrogi, pkotvan, pspacek
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: opensc-0.14.0-2.el7 Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
: 1283306 (view as bug list) Environment:
Last Closed: 2016-11-04 00:05:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1281702, 1292074, 1296125, 1313485    

Description Petr Spacek 2015-11-18 16:33:43 UTC 
Description of problem:
Header files distributed with PKCS#11 v2.30 define all functions as extern and some applications (like BIND 9.10) do not work without all functions being exported.

Version-Release number of selected component (if applicable):
opensc-0.14.0-1

How reproducible:
100 %

Steps to Reproduce:
0. configure PKCS#11 provider of your choice and try to use it with pkcs11spy & BIND-pkcs11 build
1. $ yum install bind-pkcs11-utils
2. $ export PKCS11_PROVIDER=/usr/lib64/pkcs11/pkcs11-spy.so
3. $ export PKCS11SPY=/path/to/your/pkcs11/provider.so
4. $ pkcs11-list

Actual results:
pkcs11-list does not work

Expected results:
pkcs11-list does work

Additional info:
This was fixed upstream in https://github.com/OpenSC/OpenSC/pull/590

This change would be tremendously useful for DNSSEC debugging in IdM/FreeIPA.
Comment 8 Marek Hruscak 2016-09-08 12:49:37 UTC 
Hi Peter,
the patch from description was applied on src/pkcs11/pkcs11-spy.exports , may you please verify if it is correct?
Comment 9 Petr Spacek 2016-09-19 08:34:29 UTC 
Let me be more specific:

(In reply to Petr Spacek from comment #0)
> Steps to Reproduce:
> 0. configure PKCS#11 provider of your choice and try to use it with
> pkcs11spy & BIND-pkcs11 build

SoftHSM package is good enough. This should work:
0.a. $ yum install softhsm
0.b. $ softhsm2-util --init-token --slot 0 --label test --so-pin 1234 --pin 1234


> 1. $ yum install bind-pkcs11-utils
> 2. $ export PKCS11_PROVIDER=/usr/lib64/pkcs11/pkcs11-spy.so
> 3. $ export PKCS11SPY=/path/to/your/pkcs11/provider.so
3. export PKCS11SPY=/usr/lib64/pkcs11/libsofthsm2.so
(on 64 bit arches)

> 4. $ pkcs11-list

It should not print any error. Last lines should look like:
... C_Finalize
...
Returned:  0 CKR_OK
Comment 10 Peter Kotvan 2016-09-19 10:03:15 UTC 
Reproduced on RHEL-7.2 GA with opensc-0.14.0-1.el7, reproduced on RHEL-7.3-20160914.1 with opensc-0.14.0-2.el7.
Comment 11 Peter Kotvan 2016-09-19 10:06:01 UTC 
Ow thare's a typo, the bug was verified on RHEL-7.3-20160914.1 with opensc-0.14.0-2.el7.
Comment 13 errata-xmlrpc 2016-11-04 00:05:41 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2178.html