File s390-tools-sles15sp1-zkey-Enhance-error-message-about-missing-CCA-library.patch of Package s390-tools.14411
Subject: zkey: Enhance error message about missing CCA library.
From: Ingo Franzki <ifranzki@linux.ibm.com>
Description: zkey: Enhance error message about missing CCA library.
Symptom: "zkey-cryptsetup reencipher" fails with missing
library and confusing error message.
Problem: The "zkey reencipher" command as well as the "zkey-cryptsetup
reencipher" command requires the IBM CCA Host Libraries and
Tools package to be installed. This is a closed source
library that is not distributed by the distributions, but
must be downloaded separately from an IBM web page.
Solution: Enhance the error message to point to the web page where
the package can be downloaded.
Reproduction: Run the "zkey-cryptsetup reencipher" or "zkey reencipher"
command without having installed the IBM CCA Host Libraries
and Tools package.
Upstream-ID: -
Problem-ID: 173878
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
---
zkey/pkey.c | 13 +++++++++----
zkey/zkey-cryptsetup.1 | 3 ++-
zkey/zkey.1 | 3 ++-
3 files changed, 13 insertions(+), 6 deletions(-)
--- a/zkey/pkey.c
+++ b/zkey/pkey.c
@@ -48,6 +48,7 @@
* Definitions for the CCA library
*/
#define CCA_LIBRARY_NAME "libcsulcca.so"
+#define CCA_WEB_PAGE "http://www.ibm.com/security/cryptocards"
#define DEFAULT_KEYBITS 256
@@ -71,16 +72,20 @@ int load_cca_library(void **lib_csulcca,
/* Load the CCA library */
*lib_csulcca = dlopen(CCA_LIBRARY_NAME, RTLD_GLOBAL | RTLD_NOW);
if (*lib_csulcca == NULL) {
- warnx("%s\nEnsure that the IBM CCA Host Libraries and "
- "Tools are installed properly", dlerror());
+ pr_verbose(verbose, "%s", dlerror());
+ warnx("The command requires the IBM CCA Host Libraries and "
+ "Tools.\nFor the supported environments and downloads, "
+ "see:\n%s", CCA_WEB_PAGE);
return -ELIBACC;
}
/* Get the Key Token Change function */
*dll_CSNBKTC = (t_CSNBKTC)dlsym(*lib_csulcca, "CSNBKTC");
if (*dll_CSNBKTC == NULL) {
- warnx("%s\nEnsure that the IBM CCA Host Libraries and "
- "Tools are installed properly", dlerror());
+ pr_verbose(verbose, "%s", dlerror());
+ warnx("The command requires the IBM CCA Host Libraries and "
+ "Tools.\nFor the supported environments and downloads, "
+ "see:\n%s", CCA_WEB_PAGE);
dlclose(*lib_csulcca);
*lib_csulcca = NULL;
return -ELIBACC;
--- a/zkey/zkey-cryptsetup.1
+++ b/zkey/zkey-cryptsetup.1
@@ -182,7 +182,8 @@ behave in the same way as with \fBcrypts
.PP
.B Note:
The \fBreencipher\fP command requires the CCA host library (libcsulcca.so)
-to be installed.
+to be installed. For the supported environments and downloads, see:
+\fIhttp://www.ibm.com/security/cryptocards\fP
.
.
.
--- a/zkey/zkey.1
+++ b/zkey/zkey.1
@@ -282,7 +282,8 @@ a staged re-enciphering for the \fBOLD\f
.PP
.B Note:
The \fBreencipher\fP command requires the CCA host library (libcsulcca.so)
-to be installed.
+to be installed. For the supported environments and downloads, see:
+\fIhttp://www.ibm.com/security/cryptocards\fP
.
.SS "Import existing AES secure keys into the secure key repository"
.
