Rename libp11 package to openssl-pkcs11

Since the development files were not included in the libp11 package
anymore and it is intended to be used only through the pkcs11 engine,
the package was renamed and the subpackage removed.

.gitignore

@@ -0,0 +1 @@
+/libp11-0.4.7.tar.gz

README.md

@@ -1,3 +0,0 @@
-# openssl-pkcs11
-
-The openssl-pkcs11 package

libp11-0.4.7-do-not-enumerate-slots-on-fork.patch

@@ -0,0 +1,760 @@
+diff --git a/src/p11_load.c b/src/p11_load.c
+index 58cec7c..4109083 100644
+--- a/src/p11_load.c
++++ b/src/p11_load.c
+@@ -126,8 +126,7 @@ int pkcs11_CTX_reload(PKCS11_CTX *ctx)
+ 		return -1;
+ 	}
+ 
+-	/* Reinitialize the PKCS11 internal slot table */
+-	return pkcs11_enumerate_slots(ctx, NULL, NULL);
++	return 0;
+ }
+ 
+ /*
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index b65e24a..1112078 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -9,10 +9,10 @@ AM_CPPFLAGS = \
+ AM_LDFLAGS = -no-install
+ LDADD = ../src/libp11.la $(OPENSSL_LIBS)
+ 
+-check_PROGRAMS = openssl_version fork-test evp-sign
++check_PROGRAMS = openssl_version fork-test evp-sign fork-change-slot
+ dist_check_SCRIPTS = \
+ 	rsa-testpkcs11.softhsm rsa-testfork.softhsm rsa-testlistkeys.softhsm rsa-evp-sign.softhsm \
+-	ec-testfork.softhsm
++	ec-testfork.softhsm fork-change-slot.softhsm
+ dist_check_DATA = \
+ 	rsa-cert.der rsa-prvkey.der rsa-pubkey.der \
+ 	ec-cert.der ec-prvkey.der ec-pubkey.der
+diff --git a/tests/ec-common.sh b/tests/ec-common.sh
+index 2e6f735..a709c0d 100755
+--- a/tests/ec-common.sh
++++ b/tests/ec-common.sh
+@@ -33,7 +33,7 @@ echo "Output directory: ${outdir}"
+ 
+ mkdir -p $outdir
+ 
+-for i in /usr/lib64/pkcs11 /usr/lib/softhsm /usr/local/lib/softhsm /opt/local/lib/softhsm /usr/lib/x86_64-linux-gnu/softhsm /usr/lib /usr/lib64/softhsm;do
++for i in /usr/lib64/pkcs11 /usr/lib64/softhsm /usr/lib/x86_64-linux-gnu/softhsm /usr/local/lib/softhsm /opt/local/lib/softhsm /usr/lib/softhsm /usr/lib ;do
+ 	if test -f "$i/libsofthsm2.so"; then
+ 		ADDITIONAL_PARAM="$i/libsofthsm2.so"
+ 		break
+@@ -53,6 +53,11 @@ init_card () {
+ 	PIN="$1"
+ 	PUK="$2"
+ 
++	if test -x "/usr/bin/softhsm"; then
++		export SOFTHSM_CONF="$outdir/softhsm-testpkcs11.config"
++		SOFTHSM_TOOL="/usr/bin/softhsm"
++	fi
++
+ 	if test -x "/usr/local/bin/softhsm2-util"; then
+ 		export SOFTHSM2_CONF="$outdir/softhsm-testpkcs11.config"
+ 		SOFTHSM_TOOL="/usr/local/bin/softhsm2-util"
+@@ -68,17 +73,12 @@ init_card () {
+ 		SOFTHSM_TOOL="/usr/bin/softhsm2-util"
+ 	fi
+ 
+-	if test -x "/usr/bin/softhsm"; then
+-		export SOFTHSM_CONF="$outdir/softhsm-testpkcs11.config"
+-		SOFTHSM_TOOL="/usr/bin/softhsm"
+-	fi
+-
+ 	if test -z "${SOFTHSM_TOOL}"; then
+ 		echo "Could not find softhsm(2) tool"
+ 		exit 77
+ 	fi
+ 
+-	if test -z "${SOFTHSM_CONF}"; then
++	if test -n "${SOFTHSM2_CONF}"; then
+ 		rm -rf $outdir/softhsm-testpkcs11.db
+ 		mkdir -p $outdir/softhsm-testpkcs11.db
+ 		echo "objectstore.backend = file" > "${SOFTHSM2_CONF}"
+diff --git a/tests/fork-change-slot.c b/tests/fork-change-slot.c
+new file mode 100644
+index 0000000..8e782ce
+--- /dev/null
++++ b/tests/fork-change-slot.c
+@@ -0,0 +1,288 @@
++/* libp11 test code: fork-change-slot.c
++ *
++ * This program loads a key pair using the engine pkcs11, forks to create
++ * a new process, and waits for a SIGUSR1 signal before trying to sign/verify
++ * random data in both parent and child processes.
++ *
++ * The intention of the signal waiting is to allow the user to add/remove
++ * devices before continuing to the signature/verifying test.
++ *
++ * Adding or removing devices can lead to a change in the list of slot IDs
++ * obtained from the PKCS#11 module. If the engine does not handle the
++ * slot ID referenced by the previously loaded key properly, then the key in
++ * the child process can reference to the wrong slot ID after forking.
++ * This would lead to an error, since the engine will try to sign the data
++ * using the key in the wrong slot.
++ */
++
++#include <sys/types.h>
++#include <sys/stat.h>
++#include <fcntl.h>
++#include <termios.h>
++#include <stdio.h>
++#include <string.h>
++#include <sys/types.h>
++#include <sys/wait.h>
++#include <unistd.h>
++#include <signal.h>
++
++#include <execinfo.h>
++
++#include <openssl/evp.h>
++#include <openssl/conf.h>
++#include <openssl/engine.h>
++
++#define RANDOM_SIZE 20
++#define MAX_SIGSIZE 1024
++
++#if OPENSSL_VERSION_NUMBER < 0x10100003L
++#define EVP_PKEY_get0_RSA(key) ((key)->pkey.rsa)
++#endif
++
++static int do_wait(pid_t pids[], int num)
++{
++    int i;
++    int status = 0;
++
++    for (i = 0; i < num; i++) {
++        waitpid(pids[i], &status, 0);
++        if (WIFEXITED(status)) {
++            printf("child %d exited with status %d\n", pids[i], WEXITSTATUS(status));
++            return (WEXITSTATUS(status));
++        }
++        if (WIFSIGNALED(status)) {
++            fprintf(stderr, "Child %d terminated by signal #%d\n", pids[i],
++                    WTERMSIG(status));
++            return (WTERMSIG(status));
++        }
++        else {
++            perror("waitpid");
++        }
++    }
++
++    return 0;
++}
++
++static int spawn_processes(int num)
++{
++    int i;
++    int chld_ret = 0;
++    pid_t *pids;
++    pid_t pid;
++
++    sigset_t set, oldset;
++    int signal;
++
++    sigemptyset(&set);
++    sigaddset(&set, SIGUSR1);
++
++    /* If only 1 process was requested, no more processes are required */
++    if (num <= 1) {
++        return 0;
++    }
++
++    pids = (pid_t *)malloc(num * sizeof(pid_t));
++    if (pids == NULL) {
++        exit(ENOMEM);
++    }
++
++    /* Spawn (num - 1) new processes to get a total of num processes */
++    for (i = 0; i < (num - 1); i++) {
++        pid = fork();
++        switch (pid) {
++            case -1: /* failed */
++                perror("fork");
++                do_wait(pids, i);
++                free(pids);
++                exit(5);
++            case 0: /* child */
++                printf("Remove or add a device to try to cause an error\n");
++                printf("Waiting for signal SIGUSR1\n");
++                sigprocmask(SIG_BLOCK, &set, &oldset);
++                sigwait(&set, &signal);
++                sigprocmask(SIG_SETMASK, &oldset, NULL);
++                free(pids);
++                return 0;
++            default: /* parent */
++                pids[i] = pid;
++                printf("spawned %d\n", pid);
++        }
++    }
++
++    /* Wait for the created processes */
++    chld_ret = do_wait(pids, (num - 1));
++
++    free(pids);
++
++    return chld_ret;
++}
++
++static void error_queue(const char *name, int pid)
++{
++    if (ERR_peek_last_error()) {
++        fprintf(stderr, "pid %d: %s generated errors:\n", pid, name);
++        ERR_print_errors_fp(stderr);
++    }
++}
++
++static void usage(char *arg)
++{
++    printf("usage: %s (Key PKCS#11 URL) [opt: PKCS#11 module path]\n",
++            arg);
++}
++
++int main(int argc, char *argv[])
++{
++    const EVP_MD *digest_algo = NULL;
++    EVP_PKEY *pkey = NULL;
++    EVP_MD_CTX *md_ctx = NULL;
++    ENGINE *engine = NULL;
++    unsigned char random[RANDOM_SIZE], signature[MAX_SIGSIZE];
++    unsigned int siglen = MAX_SIGSIZE;
++
++    int ret, num_processes = 2;
++    pid_t pid;
++
++    int rv = 1;
++
++    /* Check arguments */
++    if (argc < 2) {
++        fprintf(stderr, "Missing required arguments\n");
++        usage(argv[0]);
++        goto failed;
++    }
++
++    if (argc > 4) {
++        fprintf(stderr, "Too many arguments\n");
++        usage(argv[0]);
++        goto failed;
++    }
++
++    /* Check PKCS#11 URL */
++    if (strncmp(argv[1], "pkcs11:", 7)) {
++        fprintf(stderr, "fatal: invalid PKCS#11 URL\n");
++        usage(argv[0]);
++        goto failed;
++    }
++
++    pid = getpid();
++    printf("pid %d is the parent\n", pid);
++
++    /* Load configuration file, if provided */
++    if (argc >= 3) {
++        ret = CONF_modules_load_file(argv[2], "engines", 0);
++        if (ret <= 0) {
++            fprintf(stderr, "cannot load %s\n", argv[2]);
++            error_queue("CONF_modules_load_file", pid);
++            goto failed;
++        }
++        ENGINE_add_conf_module();
++    }
++
++    ENGINE_add_conf_module();
++    OpenSSL_add_all_algorithms();
++    ERR_load_crypto_strings();
++    ERR_clear_error();
++    ENGINE_load_builtin_engines();
++
++    /* Get structural reference */
++    engine = ENGINE_by_id("pkcs11");
++    if (engine == NULL) {
++        fprintf(stderr, "fatal: engine \"pkcs11\" not available\n");
++        error_queue("ENGINE_by_id", pid);
++        goto failed;
++    }
++
++    /* Set the used  */
++    if (argc >= 4) {
++        ENGINE_ctrl_cmd(engine, "MODULE_PATH", 0, argv[3], NULL, 1);
++    }
++
++    /* Initialize to get the engine functional reference */
++    if (ENGINE_init(engine)) {
++        pkey = ENGINE_load_private_key(engine, argv[1], 0, 0);
++        if (pkey == NULL) {
++            error_queue("ENGINE_load_private_key", pid);
++            goto failed;
++        }
++
++        if (!ENGINE_set_default(engine, ENGINE_METHOD_ALL)) {
++            error_queue("ENGINE_set_default", pid);
++            goto failed;
++        }
++
++        ENGINE_free(engine);
++        engine = NULL;
++    }
++    else {
++        error_queue("ENGINE_init", pid);
++        goto failed;
++    }
++
++    /* Spawn processes and check child return */
++    if (spawn_processes(num_processes)) {
++        goto failed;
++    }
++    pid = getpid();
++
++    /* Generate random data */
++    if (!RAND_bytes(random, RANDOM_SIZE)){
++        error_queue("RAND_bytes", pid);
++        goto failed;
++    }
++
++    /* Create context to sign the random data */
++    digest_algo = EVP_get_digestbyname("sha256");
++    md_ctx = EVP_MD_CTX_create();
++    if (EVP_DigestInit(md_ctx, digest_algo) <= 0) {
++        error_queue("EVP_DigestInit", pid);
++        goto failed;
++    }
++
++    EVP_SignInit(md_ctx, digest_algo);
++    if (EVP_SignUpdate(md_ctx, random, RANDOM_SIZE) <= 0) {
++        error_queue("EVP_SignUpdate", pid);
++        goto failed;
++    }
++
++    if (EVP_SignFinal(md_ctx, signature, &siglen, pkey) <= 0) {
++        error_queue("EVP_SignFinal", pid);
++        goto failed;
++    }
++    EVP_MD_CTX_destroy(md_ctx);
++
++    printf("pid %d: %u-byte signature created\n", pid, siglen);
++
++    /* Now verify the result */
++    md_ctx = EVP_MD_CTX_create();
++    if (EVP_DigestInit(md_ctx, digest_algo) <= 0) {
++        error_queue("EVP_DigestInit", pid);
++        goto failed;
++    }
++
++    EVP_VerifyInit(md_ctx, digest_algo);
++    if (EVP_VerifyUpdate(md_ctx, random, RANDOM_SIZE) <= 0) {
++        error_queue("EVP_VerifyUpdate", pid);
++        goto failed;
++    }
++
++    if (EVP_VerifyFinal(md_ctx, signature, siglen, pkey) <= 0) {
++        error_queue("EVP_VerifyFinal", pid);
++        goto failed;
++    }
++    printf("pid %d: Signature matched\n", pid);
++
++    rv = 0;
++
++failed:
++    if (md_ctx != NULL)
++        EVP_MD_CTX_destroy(md_ctx);
++    if (pkey != NULL)
++        EVP_PKEY_free(pkey);
++    if (engine != NULL)
++        ENGINE_free(engine);
++    CRYPTO_cleanup_all_ex_data();
++    ERR_free_strings();
++
++    return rv;
++}
+diff --git a/tests/fork-change-slot.softhsm b/tests/fork-change-slot.softhsm
+new file mode 100755
+index 0000000..f13d2c8
+--- /dev/null
++++ b/tests/fork-change-slot.softhsm
+@@ -0,0 +1,75 @@
++#!/bin/sh
++
++# Copyright (C) 2013 Nikos Mavrogiannopoulos
++# Copyright (C) 2015 Red Hat, Inc.
++#
++# This is free software; you can redistribute it and/or modify it
++# under the terms of the GNU General Public License as published by the
++# Free Software Foundation; either version 3 of the License, or (at
++# your option) any later version.
++#
++# GnuTLS is distributed in the hope that it will be useful, but
++# WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++# General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with GnuTLS; if not, write to the Free Software Foundation,
++# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
++
++outdir="output.$$"
++
++# Load common test functions
++. ${srcdir}/rsa-common.sh
++
++sed -e "s|@MODULE_PATH@|${MODULE}|g" -e \
++	"s|@ENGINE_PATH@|../src/.libs/pkcs11.so|g" \
++	<"${srcdir}/engines.cnf.in" >"${outdir}/engines.cnf"
++
++# Set the used PIN and PUK
++PIN=1234
++PUK=1234
++
++# Initialize SoftHSM DB
++init_db
++
++# Create 2 different tokens
++init_card $PIN $PUK "token1"
++init_card $PIN $PUK "token2"
++
++# Force the use of the local built engine
++export OPENSSL_ENGINES="../src/.libs/"
++
++# Generate a key pair in the second token
++pkcs11-tool --module ${MODULE} -l --pin $PIN --keypairgen --key-type \
++	rsa:1024 --id 01020304 --label pkey --token-label token2
++if test $? != 0;then
++	exit 1;
++fi
++
++# Run the test program which will stop and wait for a signal (SIGUSR1)
++./fork-change-slot \
++	"pkcs11:token=token2;object=pkey;type=private;pin-value=$PIN" \
++	"${outdir}/engines.cnf" ${MODULE} &
++pid=$!
++
++# Wait the test program to reach the sigwait
++sleep 3
++
++# Remove the first token to change the slotID associated with token2
++${SOFTHSM_TOOL} --delete-token --token token1
++
++# Send the signal to the waiting process
++kill -USR1 `pgrep -P $pid`
++
++# Test the result
++wait $pid
++if test $? != 0;then
++	exit 1;
++fi
++
++# Cleanup
++rm -rf "$outdir"
++
++exit 0
++
+diff --git a/tests/rsa-common.sh b/tests/rsa-common.sh
+index ba1faf5..7db5ba0 100755
+--- a/tests/rsa-common.sh
++++ b/tests/rsa-common.sh
+@@ -10,7 +10,7 @@
+ #
+ # GnuTLS is distributed in the hope that it will be useful, but
+ # WITHOUT ANY WARRANTY; without even the implied warranty of
+-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	See the GNU
+ # General Public License for more details.
+ #
+ # You should have received a copy of the GNU General Public License
+@@ -23,13 +23,15 @@ echo "Output directory: ${outdir}"
+ 
+ mkdir -p $outdir
+ 
+-for i in /usr/lib64/pkcs11 /usr/lib/softhsm /usr/local/lib/softhsm /opt/local/lib/softhsm /usr/lib/x86_64-linux-gnu/softhsm /usr/lib /usr/lib64/softhsm;do
++# Set the module to be used
++for i in /usr/lib64/pkcs11 /usr/lib64/softhsm /usr/lib/x86_64-linux-gnu/softhsm \
++	/usr/local/lib/softhsm /opt/local/lib/softhsm /usr/lib/softhsm /usr/lib ;do
+ 	if test -f "$i/libsofthsm2.so"; then
+-		ADDITIONAL_PARAM="$i/libsofthsm2.so"
++		MODULE="$i/libsofthsm2.so"
+ 		break
+ 	else
+ 		if test -f "$i/libsofthsm.so";then
+-			ADDITIONAL_PARAM="$i/libsofthsm.so"
++			MODULE="$i/libsofthsm.so"
+ 			break
+ 		fi
+ 	fi
+@@ -39,28 +41,30 @@ if (! test -x /usr/bin/pkcs11-tool && ! test -x /usr/local/bin/pkcs11-tool);then
+ 	exit 77
+ fi
+ 
+-init_card () {
+-	PIN="$1"
+-	PUK="$2"
++# Initialize the SoftHSM DB
++init_db () {
++	if test -x "/usr/bin/softhsm"; then
++		export SOFTHSM_CONF="$outdir/softhsm-testpkcs11.config"
++		SOFTHSM_TOOL="/usr/bin/softhsm"
++		SLOT="--slot 0"
++	fi
+ 
+ 	if test -x "/usr/local/bin/softhsm2-util"; then
+ 		export SOFTHSM2_CONF="$outdir/softhsm-testpkcs11.config"
+ 		SOFTHSM_TOOL="/usr/local/bin/softhsm2-util"
++		SLOT="--free "
+ 	fi
+ 
+ 	if test -x "/opt/local/bin/softhsm2-util"; then
+ 		export SOFTHSM2_CONF="$outdir/softhsm-testpkcs11.config"
+ 		SOFTHSM_TOOL="/opt/local/bin/softhsm2-util"
++		SLOT="--free "
+ 	fi
+ 
+ 	if test -x "/usr/bin/softhsm2-util"; then
+ 		export SOFTHSM2_CONF="$outdir/softhsm-testpkcs11.config"
+ 		SOFTHSM_TOOL="/usr/bin/softhsm2-util"
+-	fi
+-
+-	if test -x "/usr/bin/softhsm"; then
+-		export SOFTHSM_CONF="$outdir/softhsm-testpkcs11.config"
+-		SOFTHSM_TOOL="/usr/bin/softhsm"
++		SLOT="--free "
+ 	fi
+ 
+ 	if test -z "${SOFTHSM_TOOL}"; then
+@@ -68,19 +72,27 @@ init_card () {
+ 		exit 77
+ 	fi
+ 
+-	if test -z "${SOFTHSM_CONF}"; then
++	if test -n "${SOFTHSM2_CONF}"; then
+ 		rm -rf $outdir/softhsm-testpkcs11.db
+ 		mkdir -p $outdir/softhsm-testpkcs11.db
+ 		echo "objectstore.backend = file" > "${SOFTHSM2_CONF}"
+-		echo "directories.tokendir = $outdir/softhsm-testpkcs11.db" >> "${SOFTHSM2_CONF}"
++		echo "directories.tokendir = $outdir/softhsm-testpkcs11.db" >> \
++			"${SOFTHSM2_CONF}"
+ 	else
+ 		rm -rf $outdir/softhsm-testpkcs11.db
+ 		echo "0:$outdir/softhsm-testpkcs11.db" > "${SOFTHSM_CONF}"
+ 	fi
++}
+ 
++# Create a new device
++init_card () {
++	PIN="$1"
++	PUK="$2"
++	DEV_LABEL="$3"
+ 
+ 	echo -n "* Initializing smart card... "
+-	${SOFTHSM_TOOL} --init-token --slot 0 --label "libp11-test" --so-pin "${PUK}" --pin "${PIN}" >/dev/null
++	${SOFTHSM_TOOL} --init-token ${SLOT} --label "${DEV_LABEL}" \
++		--so-pin "${PUK}" --pin "${PIN}" >/dev/null
+ 	if test $? = 0; then
+ 		echo ok
+ 	else
+@@ -89,27 +101,55 @@ init_card () {
+ 	fi
+ }
+ 
+-PIN=1234
+-PUK=1234
+-init_card $PIN $PUK
++# Import objects to the token
++import_objects () {
++	ID=$1
++	OBJ_LABEL=$2
+ 
+-# generate key in token
+-pkcs11-tool -p $PIN --module $ADDITIONAL_PARAM -d 01020304 -a server-key -l -w ${srcdir}/rsa-prvkey.der -y privkey >/dev/null
+-if test $? != 0;then
+-	exit 1;
+-fi
++	pkcs11-tool -p ${PIN} --module ${MODULE} -d ${ID} -a ${OBJ_LABEL} -l -w \
++		${srcdir}/rsa-prvkey.der -y privkey >/dev/null
++	if test $? != 0;then
++		exit 1;
++	fi
+ 
+-pkcs11-tool -p $PIN --module $ADDITIONAL_PARAM -d 01020304 -a server-key -l -w ${srcdir}/rsa-pubkey.der -y pubkey >/dev/null
+-if test $? != 0;then
+-	exit 1;
+-fi
++	pkcs11-tool -p ${PIN} --module ${MODULE} -d ${ID} -a ${OBJ_LABEL} -l -w \
++		${srcdir}/rsa-pubkey.der -y pubkey >/dev/null
++	if test $? != 0;then
++		exit 1;
++	fi
+ 
+-pkcs11-tool -p $PIN --module $ADDITIONAL_PARAM -d 01020304 -a server-key -l -w ${srcdir}/rsa-cert.der -y cert >/dev/null
+-if test $? != 0;then
+-	exit 1;
+-fi
++	pkcs11-tool -p ${PIN} --module ${MODULE} -d ${ID} -a ${OBJ_LABEL} -l -w \
++		${srcdir}/rsa-cert.der -y cert >/dev/null
++	if test $? != 0;then
++		exit 1;
++	fi
++
++	echo Finished
++}
+ 
+-echo "***************"
+-echo "Listing objects"
+-echo "***************"
+-pkcs11-tool -p $PIN --module $ADDITIONAL_PARAM -l -O
++# List the objects contained in the token
++list_objects () {
++	echo "***************"
++	echo "Listing objects"
++	echo "***************"
++	pkcs11-tool -p ${PIN} --module ${MODULE} -l -O
++}
++
++common_init () {
++	# Set the used PIN and PUK
++	PIN=1234
++	PUK=1234
++
++	# Initialize the SoftHSM DB
++	init_db
++
++	# Initialize a new device
++	init_card $PIN $PUK "libp11-test"
++
++	echo Importing
++	# Import the used objects (private key, public key, and certificate)
++	import_objects 01020304 "server-key"
++
++	# List the imported objects
++	list_objects
++}
+diff --git a/tests/rsa-evp-sign.softhsm b/tests/rsa-evp-sign.softhsm
+index 4d60c83..7ef993d 100755
+--- a/tests/rsa-evp-sign.softhsm
++++ b/tests/rsa-evp-sign.softhsm
+@@ -18,47 +18,49 @@
+ 
+ outdir="output.$$"
+ 
++# Load common test functions
+ . ${srcdir}/rsa-common.sh
+ 
+-# This uses the engine for basic sign-verify operation.
++# Do the common test initialization
++common_init
+ 
+-sed -e "s|@MODULE_PATH@|${ADDITIONAL_PARAM}|g" -e "s|@ENGINE_PATH@|../src/.libs/pkcs11.so|g" <"${srcdir}/engines.cnf.in" >"${outdir}/engines.cnf"
++sed -e "s|@MODULE_PATH@|${MODULE}|g" -e "s|@ENGINE_PATH@|../src/.libs/pkcs11.so|g" <"${srcdir}/engines.cnf.in" >"${outdir}/engines.cnf"
+ 
+ export OPENSSL_ENGINES="../src/.libs/"
+ PRIVATE_KEY="pkcs11:token=libp11-test;id=%01%02%03%04;object=server-key;type=private;pin-value=1234"
+ PUBLIC_KEY="pkcs11:token=libp11-test;id=%01%02%03%04;object=server-key;type=public;pin-value=1234"
+ 
+-./evp-sign ctrl false "${outdir}/engines.cnf" ${PRIVATE_KEY} ${PUBLIC_KEY} ${ADDITIONAL_PARAM}
++./evp-sign ctrl false "${outdir}/engines.cnf" ${PRIVATE_KEY} ${PUBLIC_KEY} ${MODULE}
+ if test $? != 0;then
+ 	echo "Basic PKCS #11 test, using ctrl failed"
+ 	exit 1;
+ fi
+ 
+-./evp-sign default false "${outdir}/engines.cnf" ${PRIVATE_KEY} ${PUBLIC_KEY} ${ADDITIONAL_PARAM}
++./evp-sign default false "${outdir}/engines.cnf" ${PRIVATE_KEY} ${PUBLIC_KEY} ${MODULE}
+ if test $? != 0;then
+ 	echo "Basic PKCS #11 test, using default failed"
+ 	exit 1;
+ fi
+ 
+-./evp-sign ctrl 1234 "${outdir}/engines.cnf" ${PRIVATE_KEY} ${PUBLIC_KEY} ${ADDITIONAL_PARAM}
++./evp-sign ctrl 1234 "${outdir}/engines.cnf" ${PRIVATE_KEY} ${PUBLIC_KEY} ${MODULE}
+ if test $? != 0;then
+ 	echo "Basic PKCS #11 test without pin-value, using ctrl failed"
+ 	exit 1;
+ fi
+ 
+-./evp-sign default 1234 "${outdir}/engines.cnf" ${PRIVATE_KEY} ${PUBLIC_KEY} ${ADDITIONAL_PARAM}
++./evp-sign default 1234 "${outdir}/engines.cnf" ${PRIVATE_KEY} ${PUBLIC_KEY} ${MODULE}
+ if test $? != 0;then
+ 	echo "Basic PKCS #11 test without pin-value, using default failed"
+ 	exit 1;
+ fi
+ 
+-./evp-sign ctrl 1234 "${outdir}/engines.cnf" "label_server-key" "label_server-key" ${ADDITIONAL_PARAM}
++./evp-sign ctrl 1234 "${outdir}/engines.cnf" "label_server-key" "label_server-key" ${MODULE}
+ if test $? != 0;then
+ 	echo "Basic PKCS #11 test with legacy name #1 failed"
+ 	exit 1;
+ fi
+ 
+-./evp-sign default 1234 "${outdir}/engines.cnf" "id_01020304" "id_01020304" ${ADDITIONAL_PARAM}
++./evp-sign default 1234 "${outdir}/engines.cnf" "id_01020304" "id_01020304" ${MODULE}
+ if test $? != 0;then
+ 	echo "Basic PKCS #11 test with legacy name #2 failed"
+ 	exit 1;
+diff --git a/tests/rsa-testfork.softhsm b/tests/rsa-testfork.softhsm
+index 0643e96..ba5d851 100755
+--- a/tests/rsa-testfork.softhsm
++++ b/tests/rsa-testfork.softhsm
+@@ -19,13 +19,19 @@
+ 
+ outdir="output.$$"
+ 
++# Load common test functions
+ . ${srcdir}/rsa-common.sh
+ 
+-./fork-test $ADDITIONAL_PARAM $PIN
++# Do the common test initialization
++common_init
++
++# Run the test
++./fork-test ${MODULE} ${PIN}
+ if test $? != 0;then
+ 	exit 1;
+ fi
+ 
++# Cleanup
+ rm -rf "$outdir"
+ 
+ exit 0
+diff --git a/tests/rsa-testlistkeys.softhsm b/tests/rsa-testlistkeys.softhsm
+index 9494f9d..b3696f5 100755
+--- a/tests/rsa-testlistkeys.softhsm
++++ b/tests/rsa-testlistkeys.softhsm
+@@ -19,9 +19,14 @@
+ 
+ outdir="output.$$"
+ 
++# Load common test functions
+ . ${srcdir}/rsa-common.sh
+ 
+-../examples/listkeys $ADDITIONAL_PARAM $PIN
++# Do the common test initialization
++common_init
++
++# Run the test
++../examples/listkeys ${MODULE} ${PIN}
+ if test $? != 0;then
+ 	exit 1;
+ fi
+diff --git a/tests/rsa-testpkcs11.softhsm b/tests/rsa-testpkcs11.softhsm
+index d1e1f50..f76a8d3 100755
+--- a/tests/rsa-testpkcs11.softhsm
++++ b/tests/rsa-testpkcs11.softhsm
+@@ -20,14 +20,19 @@
+ 
+ outdir="output.$$"
+ 
++# Load common test functions
+ . ${srcdir}/rsa-common.sh
+ 
+-../examples/auth $ADDITIONAL_PARAM $PIN
++# Do the common test initialization
++common_init
++
++../examples/auth ${MODULE} ${PIN}
+ if test $? != 0;then
+ 	echo "Basic PKCS #11 test test failed"
+ 	exit 1;
+ fi
+ 
++# Cleanup
+ rm -rf "$outdir"
+ 
+ exit 0

openssl-pkcs11.spec

@@ -0,0 +1,81 @@
+Version: 0.4.7
+Release: 4%{?dist}
+
+# Define the directory where the OpenSSL engines are installed
+%global enginesdir %{_libdir}/engines-1.1
+
+Name:           openssl-pkcs11
+Summary:        A PKCS#11 engine for use with OpenSSL
+# The source code is LGPLv2+ except eng_back.c and eng_parse.c which are BSD
+License:        LGPLv2+ and BSD
+URL:            https://github.com/OpenSC/libp11
+Source0:        https://github.com/OpenSC/libp11/releases/download/libp11-%{version}/libp11-%{version}.tar.gz
+
+Patch1:         libp11-0.4.7-do-not-enumerate-slots-on-fork.patch
+
+BuildRequires:  autoconf automake libtool
+BuildRequires:  openssl-devel
+BuildRequires:  pkgconfig
+BuildRequires:  pkgconfig(p11-kit-1)
+# Needed for testsuite
+BuildRequires:  softhsm opensc procps-ng
+
+Requires:       p11-kit-trust
+Requires:       openssl > 0.9.6
+
+# Package renamed from libp11 to openssl-pkcs11 in release 0.4.7-4
+Provides:       libp11%{?_isa} = %{version}-%{release}
+Obsoletes:      libp11%{?_isa} < 0.4.7-4
+# The engine_pkcs11 subpackage is also provided 
+Provides:       engine_pkcs11%{?_isa} = %{version}-%{release}
+Obsoletes:      engine_pkcs11%{?_isa} < 0.4.7-4
+
+%description -n openssl-pkcs11
+openssl-pkcs11 is an implementation of an engine for OpenSSL. It can be loaded
+using code, config file or command line and will pass any function call by
+OpenSSL to a PKCS#11 module. openssl-pkcs11 is meant to be used with smart
+cards and software for using smart cards in PKCS#11 format, such as OpenSC.
+
+%prep
+%autosetup -p 1 -n libp11-%{version}
+# Fix permissions for file brought by a patch
+chmod ugo+x %{_builddir}/libp11-0.4.7/tests/fork-change-slot.softhsm
+
+%build
+autoreconf -fvi
+export CFLAGS="%{optflags}"
+%configure --disable-static --with-enginesdir=%{enginesdir}
+make V=1 %{?_smp_mflags}
+
+%install
+mkdir -p %{buildroot}%{enginesdir}
+make install DESTDIR=%{buildroot}
+
+# Remove libtool .la files
+rm -f %{buildroot}%{_libdir}/*.la
+rm -f %{buildroot}%{enginesdir}/*.la
+
+## Remove development files
+rm -f %{buildroot}%{_libdir}/libp11.so
+rm -f %{buildroot}%{_libdir}/pkgconfig/libp11.pc
+rm -f %{buildroot}%{_includedir}/*.h
+
+# Remove documentation automatically installed by make install
+rm -rf %{buildroot}%{_docdir}/libp11/
+
+%check
+make check %{?_smp_mflags}
+
+%post -p /sbin/ldconfig
+
+%postun -p /sbin/ldconfig
+
+%files
+%license COPYING
+%doc NEWS
+%{_libdir}/libp11.so.*
+%{enginesdir}/*.so
+
+%changelog
+* Thu Mar 01 2018 Anderson Sasaki <ansasaki@redhat.com> - 0.4.7-4
+- Package renamed from libp11 to openssl-pkcs11

sources

@@ -0,0 +1 @@
+SHA512 (libp11-0.4.7.tar.gz) = 8142b32bee9e6763b506b93be788a4df2b28ae8cb3ad6e11fc53ba3db770d77bdcc0362661c2f906cab1b5afc2828019f3d0f0b9d898414c0d6266201b7e08e6