rpms/openssl-pkcs11
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to 0.4.8-1

Browse Source 
- Support RSA key generation on the token
- RSA-OAEP and RSA-PKCS encryption support
- RSA-PSS signature support
- Support for OpenSSL 1.1.1 beta
- Removed support for OpenSSL 0.9.8
- Various bug fixes and enhancements
This commit is contained in:
Anderson Toshiyuki Sasaki 2018-08-06 12:46:25 +02:00
parent bfc5f19c99
commit 35fa3e5734
4 changed files with 13 additions and 767 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1 +1,2 @@
/libp11-0.4.7.tar.gz /libp11-0.4.7.tar.gz
/libp11-0.4.8.tar.gz

760
libp11-0.4.7-do-not-enumerate-slots-on-fork.patch
View File

@ -1,760 +0,0 @@
diff --git a/src/p11_load.c b/src/p11_load.c
index 58cec7c..4109083 100644
--- a/src/p11_load.c
+++ b/src/p11_load.c
@@ -126,8 +126,7 @@ int pkcs11_CTX_reload(PKCS11_CTX *ctx)
return -1;
}
- /* Reinitialize the PKCS11 internal slot table */
- return pkcs11_enumerate_slots(ctx, NULL, NULL);
+ return 0;
}
/*
diff --git a/tests/Makefile.am b/tests/Makefile.am
index b65e24a..1112078 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -9,10 +9,10 @@ AM_CPPFLAGS = \
AM_LDFLAGS = -no-install
LDADD = ../src/libp11.la $(OPENSSL_LIBS)
-check_PROGRAMS = openssl_version fork-test evp-sign
+check_PROGRAMS = openssl_version fork-test evp-sign fork-change-slot
dist_check_SCRIPTS = \
rsa-testpkcs11.softhsm rsa-testfork.softhsm rsa-testlistkeys.softhsm rsa-evp-sign.softhsm \
- ec-testfork.softhsm
+ ec-testfork.softhsm fork-change-slot.softhsm
dist_check_DATA = \
rsa-cert.der rsa-prvkey.der rsa-pubkey.der \
ec-cert.der ec-prvkey.der ec-pubkey.der
diff --git a/tests/ec-common.sh b/tests/ec-common.sh
index 2e6f735..a709c0d 100755
--- a/tests/ec-common.sh
+++ b/tests/ec-common.sh
@@ -33,7 +33,7 @@ echo "Output directory: ${outdir}"
mkdir -p $outdir
-for i in /usr/lib64/pkcs11 /usr/lib/softhsm /usr/local/lib/softhsm /opt/local/lib/softhsm /usr/lib/x86_64-linux-gnu/softhsm /usr/lib /usr/lib64/softhsm;do
+for i in /usr/lib64/pkcs11 /usr/lib64/softhsm /usr/lib/x86_64-linux-gnu/softhsm /usr/local/lib/softhsm /opt/local/lib/softhsm /usr/lib/softhsm /usr/lib ;do
if test -f "$i/libsofthsm2.so"; then
ADDITIONAL_PARAM="$i/libsofthsm2.so"
break
@@ -53,6 +53,11 @@ init_card () {
PIN="$1"
PUK="$2"
+ if test -x "/usr/bin/softhsm"; then
+ export SOFTHSM_CONF="$outdir/softhsm-testpkcs11.config"
+ SOFTHSM_TOOL="/usr/bin/softhsm"
+ fi
+
if test -x "/usr/local/bin/softhsm2-util"; then
export SOFTHSM2_CONF="$outdir/softhsm-testpkcs11.config"
SOFTHSM_TOOL="/usr/local/bin/softhsm2-util"
@@ -68,17 +73,12 @@ init_card () {
SOFTHSM_TOOL="/usr/bin/softhsm2-util"
fi
- if test -x "/usr/bin/softhsm"; then
- export SOFTHSM_CONF="$outdir/softhsm-testpkcs11.config"
- SOFTHSM_TOOL="/usr/bin/softhsm"
- fi
-
if test -z "${SOFTHSM_TOOL}"; then
echo "Could not find softhsm(2) tool"
exit 77
fi
- if test -z "${SOFTHSM_CONF}"; then
+ if test -n "${SOFTHSM2_CONF}"; then
rm -rf $outdir/softhsm-testpkcs11.db
mkdir -p $outdir/softhsm-testpkcs11.db
echo "objectstore.backend = file" > "${SOFTHSM2_CONF}"
diff --git a/tests/fork-change-slot.c b/tests/fork-change-slot.c
new file mode 100644
index 0000000..8e782ce
--- /dev/null
+++ b/tests/fork-change-slot.c
@@ -0,0 +1,288 @@
+/* libp11 test code: fork-change-slot.c
+ *
+ * This program loads a key pair using the engine pkcs11, forks to create
+ * a new process, and waits for a SIGUSR1 signal before trying to sign/verify
+ * random data in both parent and child processes.
+ *
+ * The intention of the signal waiting is to allow the user to add/remove
+ * devices before continuing to the signature/verifying test.
+ *
+ * Adding or removing devices can lead to a change in the list of slot IDs
+ * obtained from the PKCS#11 module. If the engine does not handle the
+ * slot ID referenced by the previously loaded key properly, then the key in
+ * the child process can reference to the wrong slot ID after forking.
+ * This would lead to an error, since the engine will try to sign the data
+ * using the key in the wrong slot.
+ */
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <termios.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <unistd.h>
+#include <signal.h>
+
+#include <execinfo.h>
+
+#include <openssl/evp.h>
+#include <openssl/conf.h>
+#include <openssl/engine.h>
+
+#define RANDOM_SIZE 20
+#define MAX_SIGSIZE 1024
+
+#if OPENSSL_VERSION_NUMBER < 0x10100003L
+#define EVP_PKEY_get0_RSA(key) ((key)->pkey.rsa)
+#endif
+
+static int do_wait(pid_t pids[], int num)
+{
+ int i;
+ int status = 0;
+
+ for (i = 0; i < num; i++) {
+ waitpid(pids[i], &status, 0);
+ if (WIFEXITED(status)) {
+ printf("child %d exited with status %d\n", pids[i], WEXITSTATUS(status));
+ return (WEXITSTATUS(status));
+ }
+ if (WIFSIGNALED(status)) {
+ fprintf(stderr, "Child %d terminated by signal #%d\n", pids[i],
+ WTERMSIG(status));
+ return (WTERMSIG(status));
+ }
+ else {
+ perror("waitpid");
+ }
+ }
+
+ return 0;
+}
+
+static int spawn_processes(int num)
+{
+ int i;
+ int chld_ret = 0;
+ pid_t *pids;
+ pid_t pid;
+
+ sigset_t set, oldset;
+ int signal;
+
+ sigemptyset(&set);
+ sigaddset(&set, SIGUSR1);
+
+ /* If only 1 process was requested, no more processes are required */
+ if (num <= 1) {
+ return 0;
+ }
+
+ pids = (pid_t *)malloc(num * sizeof(pid_t));
+ if (pids == NULL) {
+ exit(ENOMEM);
+ }
+
+ /* Spawn (num - 1) new processes to get a total of num processes */
+ for (i = 0; i < (num - 1); i++) {
+ pid = fork();
+ switch (pid) {
+ case -1: /* failed */
+ perror("fork");
+ do_wait(pids, i);
+ free(pids);
+ exit(5);
+ case 0: /* child */
+ printf("Remove or add a device to try to cause an error\n");
+ printf("Waiting for signal SIGUSR1\n");
+ sigprocmask(SIG_BLOCK, &set, &oldset);
+ sigwait(&set, &signal);
+ sigprocmask(SIG_SETMASK, &oldset, NULL);
+ free(pids);
+ return 0;
+ default: /* parent */
+ pids[i] = pid;
+ printf("spawned %d\n", pid);
+ }
+ }
+
+ /* Wait for the created processes */
+ chld_ret = do_wait(pids, (num - 1));
+
+ free(pids);
+
+ return chld_ret;
+}
+
+static void error_queue(const char *name, int pid)
+{
+ if (ERR_peek_last_error()) {
+ fprintf(stderr, "pid %d: %s generated errors:\n", pid, name);
+ ERR_print_errors_fp(stderr);
+ }
+}
+
+static void usage(char *arg)
+{
+ printf("usage: %s (Key PKCS#11 URL) [opt: PKCS#11 module path]\n",
+ arg);
+}
+
+int main(int argc, char *argv[])
+{
+ const EVP_MD *digest_algo = NULL;
+ EVP_PKEY *pkey = NULL;
+ EVP_MD_CTX *md_ctx = NULL;
+ ENGINE *engine = NULL;
+ unsigned char random[RANDOM_SIZE], signature[MAX_SIGSIZE];
+ unsigned int siglen = MAX_SIGSIZE;
+
+ int ret, num_processes = 2;
+ pid_t pid;
+
+ int rv = 1;
+
+ /* Check arguments */
+ if (argc < 2) {
+ fprintf(stderr, "Missing required arguments\n");
+ usage(argv[0]);
+ goto failed;
+ }
+
+ if (argc > 4) {
+ fprintf(stderr, "Too many arguments\n");
+ usage(argv[0]);
+ goto failed;
+ }
+
+ /* Check PKCS#11 URL */
+ if (strncmp(argv[1], "pkcs11:", 7)) {
+ fprintf(stderr, "fatal: invalid PKCS#11 URL\n");
+ usage(argv[0]);
+ goto failed;
+ }
+
+ pid = getpid();
+ printf("pid %d is the parent\n", pid);
+
+ /* Load configuration file, if provided */
+ if (argc >= 3) {
+ ret = CONF_modules_load_file(argv[2], "engines", 0);
+ if (ret <= 0) {
+ fprintf(stderr, "cannot load %s\n", argv[2]);
+ error_queue("CONF_modules_load_file", pid);
+ goto failed;
+ }
+ ENGINE_add_conf_module();
+ }
+
+ ENGINE_add_conf_module();
+ OpenSSL_add_all_algorithms();
+ ERR_load_crypto_strings();
+ ERR_clear_error();
+ ENGINE_load_builtin_engines();
+
+ /* Get structural reference */
+ engine = ENGINE_by_id("pkcs11");
+ if (engine == NULL) {
+ fprintf(stderr, "fatal: engine \"pkcs11\" not available\n");
+ error_queue("ENGINE_by_id", pid);
+ goto failed;
+ }
+
+ /* Set the used */
+ if (argc >= 4) {
+ ENGINE_ctrl_cmd(engine, "MODULE_PATH", 0, argv[3], NULL, 1);
+ }
+
+ /* Initialize to get the engine functional reference */
+ if (ENGINE_init(engine)) {
+ pkey = ENGINE_load_private_key(engine, argv[1], 0, 0);
+ if (pkey == NULL) {
+ error_queue("ENGINE_load_private_key", pid);
+ goto failed;
+ }
+
+ if (!ENGINE_set_default(engine, ENGINE_METHOD_ALL)) {
+ error_queue("ENGINE_set_default", pid);
+ goto failed;
+ }
+
+ ENGINE_free(engine);
+ engine = NULL;
+ }
+ else {
+ error_queue("ENGINE_init", pid);
+ goto failed;
+ }
+
+ /* Spawn processes and check child return */
+ if (spawn_processes(num_processes)) {
+ goto failed;
+ }
+ pid = getpid();
+
+ /* Generate random data */
+ if (!RAND_bytes(random, RANDOM_SIZE)){
+ error_queue("RAND_bytes", pid);
+ goto failed;
+ }
+
+ /* Create context to sign the random data */
+ digest_algo = EVP_get_digestbyname("sha256");
+ md_ctx = EVP_MD_CTX_create();
+ if (EVP_DigestInit(md_ctx, digest_algo) <= 0) {
+ error_queue("EVP_DigestInit", pid);
+ goto failed;
+ }
+
+ EVP_SignInit(md_ctx, digest_algo);
+ if (EVP_SignUpdate(md_ctx, random, RANDOM_SIZE) <= 0) {
+ error_queue("EVP_SignUpdate", pid);
+ goto failed;
+ }
+
+ if (EVP_SignFinal(md_ctx, signature, &siglen, pkey) <= 0) {
+ error_queue("EVP_SignFinal", pid);
+ goto failed;
+ }
+ EVP_MD_CTX_destroy(md_ctx);
+
+ printf("pid %d: %u-byte signature created\n", pid, siglen);
+
+ /* Now verify the result */
+ md_ctx = EVP_MD_CTX_create();
+ if (EVP_DigestInit(md_ctx, digest_algo) <= 0) {
+ error_queue("EVP_DigestInit", pid);
+ goto failed;
+ }
+
+ EVP_VerifyInit(md_ctx, digest_algo);
+ if (EVP_VerifyUpdate(md_ctx, random, RANDOM_SIZE) <= 0) {
+ error_queue("EVP_VerifyUpdate", pid);
+ goto failed;
+ }
+
+ if (EVP_VerifyFinal(md_ctx, signature, siglen, pkey) <= 0) {
+ error_queue("EVP_VerifyFinal", pid);
+ goto failed;
+ }
+ printf("pid %d: Signature matched\n", pid);
+
+ rv = 0;
+
+failed:
+ if (md_ctx != NULL)
+ EVP_MD_CTX_destroy(md_ctx);
+ if (pkey != NULL)
+ EVP_PKEY_free(pkey);
+ if (engine != NULL)
+ ENGINE_free(engine);
+ CRYPTO_cleanup_all_ex_data();
+ ERR_free_strings();
+
+ return rv;
+}
diff --git a/tests/fork-change-slot.softhsm b/tests/fork-change-slot.softhsm
new file mode 100755
index 0000000..f13d2c8
--- /dev/null
+++ b/tests/fork-change-slot.softhsm
@@ -0,0 +1,75 @@
+#!/bin/sh
+
+# Copyright (C) 2013 Nikos Mavrogiannopoulos
+# Copyright (C) 2015 Red Hat, Inc.
+#
+# This is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+outdir="output.$$"
+
+# Load common test functions
+. ${srcdir}/rsa-common.sh
+
+sed -e "s|@MODULE_PATH@|${MODULE}|g" -e \
+ "s|@ENGINE_PATH@|../src/.libs/pkcs11.so|g" \
+ <"${srcdir}/engines.cnf.in" >"${outdir}/engines.cnf"
+
+# Set the used PIN and PUK
+PIN=1234
+PUK=1234
+
+# Initialize SoftHSM DB
+init_db
+
+# Create 2 different tokens
+init_card $PIN $PUK "token1"
+init_card $PIN $PUK "token2"
+
+# Force the use of the local built engine
+export OPENSSL_ENGINES="../src/.libs/"
+
+# Generate a key pair in the second token
+pkcs11-tool --module ${MODULE} -l --pin $PIN --keypairgen --key-type \
+ rsa:1024 --id 01020304 --label pkey --token-label token2
+if test $? != 0;then
+ exit 1;
+fi
+
+# Run the test program which will stop and wait for a signal (SIGUSR1)
+./fork-change-slot \
+ "pkcs11:token=token2;object=pkey;type=private;pin-value=$PIN" \
+ "${outdir}/engines.cnf" ${MODULE} &
+pid=$!
+
+# Wait the test program to reach the sigwait
+sleep 3
+
+# Remove the first token to change the slotID associated with token2
+${SOFTHSM_TOOL} --delete-token --token token1
+
+# Send the signal to the waiting process
+kill -USR1 `pgrep -P $pid`
+
+# Test the result
+wait $pid
+if test $? != 0;then
+ exit 1;
+fi
+
+# Cleanup
+rm -rf "$outdir"
+
+exit 0
+
diff --git a/tests/rsa-common.sh b/tests/rsa-common.sh
index ba1faf5..7db5ba0 100755
--- a/tests/rsa-common.sh
+++ b/tests/rsa-common.sh
@@ -10,7 +10,7 @@
#
# GnuTLS is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
@@ -23,13 +23,15 @@ echo "Output directory: ${outdir}"
mkdir -p $outdir
-for i in /usr/lib64/pkcs11 /usr/lib/softhsm /usr/local/lib/softhsm /opt/local/lib/softhsm /usr/lib/x86_64-linux-gnu/softhsm /usr/lib /usr/lib64/softhsm;do
+# Set the module to be used
+for i in /usr/lib64/pkcs11 /usr/lib64/softhsm /usr/lib/x86_64-linux-gnu/softhsm \
+ /usr/local/lib/softhsm /opt/local/lib/softhsm /usr/lib/softhsm /usr/lib ;do
if test -f "$i/libsofthsm2.so"; then
- ADDITIONAL_PARAM="$i/libsofthsm2.so"
+ MODULE="$i/libsofthsm2.so"
break
else
if test -f "$i/libsofthsm.so";then
- ADDITIONAL_PARAM="$i/libsofthsm.so"
+ MODULE="$i/libsofthsm.so"
break
fi
fi
@@ -39,28 +41,30 @@ if (! test -x /usr/bin/pkcs11-tool && ! test -x /usr/local/bin/pkcs11-tool);then
exit 77
fi
-init_card () {
- PIN="$1"
- PUK="$2"
+# Initialize the SoftHSM DB
+init_db () {
+ if test -x "/usr/bin/softhsm"; then
+ export SOFTHSM_CONF="$outdir/softhsm-testpkcs11.config"
+ SOFTHSM_TOOL="/usr/bin/softhsm"
+ SLOT="--slot 0"
+ fi
if test -x "/usr/local/bin/softhsm2-util"; then
export SOFTHSM2_CONF="$outdir/softhsm-testpkcs11.config"
SOFTHSM_TOOL="/usr/local/bin/softhsm2-util"
+ SLOT="--free "
fi
if test -x "/opt/local/bin/softhsm2-util"; then
export SOFTHSM2_CONF="$outdir/softhsm-testpkcs11.config"
SOFTHSM_TOOL="/opt/local/bin/softhsm2-util"
+ SLOT="--free "
fi
if test -x "/usr/bin/softhsm2-util"; then
export SOFTHSM2_CONF="$outdir/softhsm-testpkcs11.config"
SOFTHSM_TOOL="/usr/bin/softhsm2-util"
- fi
-
- if test -x "/usr/bin/softhsm"; then
- export SOFTHSM_CONF="$outdir/softhsm-testpkcs11.config"
- SOFTHSM_TOOL="/usr/bin/softhsm"
+ SLOT="--free "
fi
if test -z "${SOFTHSM_TOOL}"; then
@@ -68,19 +72,27 @@ init_card () {
exit 77
fi
- if test -z "${SOFTHSM_CONF}"; then
+ if test -n "${SOFTHSM2_CONF}"; then
rm -rf $outdir/softhsm-testpkcs11.db
mkdir -p $outdir/softhsm-testpkcs11.db
echo "objectstore.backend = file" > "${SOFTHSM2_CONF}"
- echo "directories.tokendir = $outdir/softhsm-testpkcs11.db" >> "${SOFTHSM2_CONF}"
+ echo "directories.tokendir = $outdir/softhsm-testpkcs11.db" >> \
+ "${SOFTHSM2_CONF}"
else
rm -rf $outdir/softhsm-testpkcs11.db
echo "0:$outdir/softhsm-testpkcs11.db" > "${SOFTHSM_CONF}"
fi
+}
+# Create a new device
+init_card () {
+ PIN="$1"
+ PUK="$2"
+ DEV_LABEL="$3"
echo -n "* Initializing smart card... "
- ${SOFTHSM_TOOL} --init-token --slot 0 --label "libp11-test" --so-pin "${PUK}" --pin "${PIN}" >/dev/null
+ ${SOFTHSM_TOOL} --init-token ${SLOT} --label "${DEV_LABEL}" \
+ --so-pin "${PUK}" --pin "${PIN}" >/dev/null
if test $? = 0; then
echo ok
else
@@ -89,27 +101,55 @@ init_card () {
fi
}
-PIN=1234
-PUK=1234
-init_card $PIN $PUK
+# Import objects to the token
+import_objects () {
+ ID=$1
+ OBJ_LABEL=$2
-# generate key in token
-pkcs11-tool -p $PIN --module $ADDITIONAL_PARAM -d 01020304 -a server-key -l -w ${srcdir}/rsa-prvkey.der -y privkey >/dev/null
-if test $? != 0;then
- exit 1;
-fi
+ pkcs11-tool -p ${PIN} --module ${MODULE} -d ${ID} -a ${OBJ_LABEL} -l -w \
+ ${srcdir}/rsa-prvkey.der -y privkey >/dev/null
+ if test $? != 0;then
+ exit 1;
+ fi
-pkcs11-tool -p $PIN --module $ADDITIONAL_PARAM -d 01020304 -a server-key -l -w ${srcdir}/rsa-pubkey.der -y pubkey >/dev/null
-if test $? != 0;then
- exit 1;
-fi
+ pkcs11-tool -p ${PIN} --module ${MODULE} -d ${ID} -a ${OBJ_LABEL} -l -w \
+ ${srcdir}/rsa-pubkey.der -y pubkey >/dev/null
+ if test $? != 0;then
+ exit 1;
+ fi
-pkcs11-tool -p $PIN --module $ADDITIONAL_PARAM -d 01020304 -a server-key -l -w ${srcdir}/rsa-cert.der -y cert >/dev/null
-if test $? != 0;then
- exit 1;
-fi
+ pkcs11-tool -p ${PIN} --module ${MODULE} -d ${ID} -a ${OBJ_LABEL} -l -w \
+ ${srcdir}/rsa-cert.der -y cert >/dev/null
+ if test $? != 0;then
+ exit 1;
+ fi
+
+ echo Finished
+}
-echo "***************"
-echo "Listing objects"
-echo "***************"
-pkcs11-tool -p $PIN --module $ADDITIONAL_PARAM -l -O
+# List the objects contained in the token
+list_objects () {
+ echo "***************"
+ echo "Listing objects"
+ echo "***************"
+ pkcs11-tool -p ${PIN} --module ${MODULE} -l -O
+}
+
+common_init () {
+ # Set the used PIN and PUK
+ PIN=1234
+ PUK=1234
+
+ # Initialize the SoftHSM DB
+ init_db
+
+ # Initialize a new device
+ init_card $PIN $PUK "libp11-test"
+
+ echo Importing
+ # Import the used objects (private key, public key, and certificate)
+ import_objects 01020304 "server-key"
+
+ # List the imported objects
+ list_objects
+}
diff --git a/tests/rsa-evp-sign.softhsm b/tests/rsa-evp-sign.softhsm
index 4d60c83..7ef993d 100755
--- a/tests/rsa-evp-sign.softhsm
+++ b/tests/rsa-evp-sign.softhsm
@@ -18,47 +18,49 @@
outdir="output.$$"
+# Load common test functions
. ${srcdir}/rsa-common.sh
-# This uses the engine for basic sign-verify operation.
+# Do the common test initialization
+common_init
-sed -e "s|@MODULE_PATH@|${ADDITIONAL_PARAM}|g" -e "s|@ENGINE_PATH@|../src/.libs/pkcs11.so|g" <"${srcdir}/engines.cnf.in" >"${outdir}/engines.cnf"
+sed -e "s|@MODULE_PATH@|${MODULE}|g" -e "s|@ENGINE_PATH@|../src/.libs/pkcs11.so|g" <"${srcdir}/engines.cnf.in" >"${outdir}/engines.cnf"
export OPENSSL_ENGINES="../src/.libs/"
PRIVATE_KEY="pkcs11:token=libp11-test;id=%01%02%03%04;object=server-key;type=private;pin-value=1234"
PUBLIC_KEY="pkcs11:token=libp11-test;id=%01%02%03%04;object=server-key;type=public;pin-value=1234"
-./evp-sign ctrl false "${outdir}/engines.cnf" ${PRIVATE_KEY} ${PUBLIC_KEY} ${ADDITIONAL_PARAM}
+./evp-sign ctrl false "${outdir}/engines.cnf" ${PRIVATE_KEY} ${PUBLIC_KEY} ${MODULE}
if test $? != 0;then
echo "Basic PKCS #11 test, using ctrl failed"
exit 1;
fi
-./evp-sign default false "${outdir}/engines.cnf" ${PRIVATE_KEY} ${PUBLIC_KEY} ${ADDITIONAL_PARAM}
+./evp-sign default false "${outdir}/engines.cnf" ${PRIVATE_KEY} ${PUBLIC_KEY} ${MODULE}
if test $? != 0;then
echo "Basic PKCS #11 test, using default failed"
exit 1;
fi
-./evp-sign ctrl 1234 "${outdir}/engines.cnf" ${PRIVATE_KEY} ${PUBLIC_KEY} ${ADDITIONAL_PARAM}
+./evp-sign ctrl 1234 "${outdir}/engines.cnf" ${PRIVATE_KEY} ${PUBLIC_KEY} ${MODULE}
if test $? != 0;then
echo "Basic PKCS #11 test without pin-value, using ctrl failed"
exit 1;
fi
-./evp-sign default 1234 "${outdir}/engines.cnf" ${PRIVATE_KEY} ${PUBLIC_KEY} ${ADDITIONAL_PARAM}
+./evp-sign default 1234 "${outdir}/engines.cnf" ${PRIVATE_KEY} ${PUBLIC_KEY} ${MODULE}
if test $? != 0;then
echo "Basic PKCS #11 test without pin-value, using default failed"
exit 1;
fi
-./evp-sign ctrl 1234 "${outdir}/engines.cnf" "label_server-key" "label_server-key" ${ADDITIONAL_PARAM}
+./evp-sign ctrl 1234 "${outdir}/engines.cnf" "label_server-key" "label_server-key" ${MODULE}
if test $? != 0;then
echo "Basic PKCS #11 test with legacy name #1 failed"
exit 1;
fi
-./evp-sign default 1234 "${outdir}/engines.cnf" "id_01020304" "id_01020304" ${ADDITIONAL_PARAM}
+./evp-sign default 1234 "${outdir}/engines.cnf" "id_01020304" "id_01020304" ${MODULE}
if test $? != 0;then
echo "Basic PKCS #11 test with legacy name #2 failed"
exit 1;
diff --git a/tests/rsa-testfork.softhsm b/tests/rsa-testfork.softhsm
index 0643e96..ba5d851 100755
--- a/tests/rsa-testfork.softhsm
+++ b/tests/rsa-testfork.softhsm
@@ -19,13 +19,19 @@
outdir="output.$$"
+# Load common test functions
. ${srcdir}/rsa-common.sh
-./fork-test $ADDITIONAL_PARAM $PIN
+# Do the common test initialization
+common_init
+
+# Run the test
+./fork-test ${MODULE} ${PIN}
if test $? != 0;then
exit 1;
fi
+# Cleanup
rm -rf "$outdir"
exit 0
diff --git a/tests/rsa-testlistkeys.softhsm b/tests/rsa-testlistkeys.softhsm
index 9494f9d..b3696f5 100755
--- a/tests/rsa-testlistkeys.softhsm
+++ b/tests/rsa-testlistkeys.softhsm
@@ -19,9 +19,14 @@
outdir="output.$$"
+# Load common test functions
. ${srcdir}/rsa-common.sh
-../examples/listkeys $ADDITIONAL_PARAM $PIN
+# Do the common test initialization
+common_init
+
+# Run the test
+../examples/listkeys ${MODULE} ${PIN}
if test $? != 0;then
exit 1;
fi
diff --git a/tests/rsa-testpkcs11.softhsm b/tests/rsa-testpkcs11.softhsm
index d1e1f50..f76a8d3 100755
--- a/tests/rsa-testpkcs11.softhsm
+++ b/tests/rsa-testpkcs11.softhsm
@@ -20,14 +20,19 @@
outdir="output.$$"
+# Load common test functions
. ${srcdir}/rsa-common.sh
-../examples/auth $ADDITIONAL_PARAM $PIN
+# Do the common test initialization
+common_init
+
+../examples/auth ${MODULE} ${PIN}
if test $? != 0;then
echo "Basic PKCS #11 test test failed"
exit 1;
fi
+# Cleanup
rm -rf "$outdir"
exit 0

17
openssl-pkcs11.spec
View File

@ -1,5 +1,5 @@
Version: 0.4.7 Version: 0.4.8
Release: 8%{?dist} Release: 1%{?dist}
# Define the directory where the OpenSSL engines are installed # Define the directory where the OpenSSL engines are installed
%global enginesdir %{_libdir}/engines-1.1 %global enginesdir %{_libdir}/engines-1.1
@ -11,8 +11,6 @@ License: LGPLv2+ and BSD
URL: https://github.com/OpenSC/libp11 URL: https://github.com/OpenSC/libp11
Source0: https://github.com/OpenSC/libp11/releases/download/libp11-%{version}/libp11-%{version}.tar.gz Source0: https://github.com/OpenSC/libp11/releases/download/libp11-%{version}/libp11-%{version}.tar.gz
Patch1: libp11-0.4.7-do-not-enumerate-slots-on-fork.patch
BuildRequires: autoconf automake libtool BuildRequires: autoconf automake libtool
BuildRequires: openssl-devel BuildRequires: openssl-devel
BuildRequires: pkgconfig BuildRequires: pkgconfig
@ -60,8 +58,6 @@ developing applications that use libp11.
%prep %prep
%autosetup -p 1 -n libp11-%{version} %autosetup -p 1 -n libp11-%{version}
# Fix permissions for file brought by a patch
chmod ugo+x %{_builddir}/libp11-0.4.7/tests/fork-change-slot.softhsm
%build %build
autoreconf -fvi autoreconf -fvi
@ -113,6 +109,15 @@ make check %{?_smp_mflags}
%endif %endif
%changelog %changelog
* Mon Aug 06 2018 Anderson Sasaki <ansasaki@redhat.com> - 0.4.8-1
- Update to 0.4.8-1
- RSA key generation on the token
- RSA-OAEP and RSA-PKCS encryption support
- RSA-PSS signature support
- Support for OpenSSL 1.1.1 beta
- Removed support for OpenSSL 0.9.8
- Various bug fixes and enhancements
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.7-8 * Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.7-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

2
sources
View File

@ -1 +1 @@
SHA512 (libp11-0.4.7.tar.gz) = 8142b32bee9e6763b506b93be788a4df2b28ae8cb3ad6e11fc53ba3db770d77bdcc0362661c2f906cab1b5afc2828019f3d0f0b9d898414c0d6266201b7e08e6 SHA512 (libp11-0.4.8.tar.gz) = efce50f88bf560255666640f30d6a5fa7d8cbbb55678551c4e938abdc6f60331534f9e6245d99d6b6c5c5d283f21b7c2dfb8c97b381da56035be4fe0550a948b