Version: 0.4.0

* Effect rename to openssl-pkcs11-export for Fedora
* Allow multiple sessions and finds per token

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
diff --git a/Makefile.am b/Makefile.am
index ed0b3e0..3bb0d70 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,14 +1,14 @@
 EXTRA_DIST = README
 
-pkcs11_LTLIBRARIES=openssl-pkcs11.la
+pkcs11_LTLIBRARIES=openssl-pkcs11-export.la
 pkcs11dir=@pkcs11_dir@
 
 pkcs11_configsdir=@pkcs11_configs@
-pkcs11_configs_DATA = openssl-pkcs11.module
+pkcs11_configs_DATA = openssl-pkcs11-export.module
 
-openssl_pkcs11_la_LDFLAGS= -module -no-undefined -avoid-version -shared
-openssl_pkcs11_la_SOURCES= pkcs11.c ini.c openssl-pkcs11.h cache.c crypto.c
-openssl_pkcs11_la_CFLAGS = $(CFLAGS) $(CRYPTO_CFLAGS) $(P11KIT_CFLAGS) -Werror -Wall
-openssl_pkcs11_la_LIBADD = $(CRYPTO_LIBS)
+openssl_pkcs11_export_la_LDFLAGS= -module -no-undefined -avoid-version -shared
+openssl_pkcs11_export_la_SOURCES= pkcs11.c ini.c openssl-pkcs11.h cache.c crypto.c
+openssl_pkcs11_export_la_CFLAGS = $(CFLAGS) $(CRYPTO_CFLAGS) $(P11KIT_CFLAGS) -Werror -Wall
+openssl_pkcs11_export_la_LIBADD = $(CRYPTO_LIBS)
 
 SUBDIRS = tests
diff --git a/configure.ac b/configure.ac
index 02baa60..e95f667 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-AC_INIT(openssl-pkcs11, 0.3.1, <James.Bottomley@HansenPartnership.com>)
+AC_INIT(openssl-pkcs11-export, 0.4.0, <James.Bottomley@HansenPartnership.com>)
 AM_INIT_AUTOMAKE([foreign 1.6])
 
 AC_DISABLE_STATIC
diff --git a/openssl-pkcs11.module b/openssl-pkcs11-export.module
similarity index 74%
rename from openssl-pkcs11.module
rename to openssl-pkcs11-export.module
index 1d142db..2ab2a50 100644
--- a/openssl-pkcs11.module
+++ b/openssl-pkcs11-export.module
@@ -2,4 +2,4 @@
 # and exporting them as pkcs11 tokens
 #
 
-module: openssl-pkcs11.so
+module: openssl-pkcs11-export.so
diff --git a/tests/encryption.sh b/tests/encryption.sh
index 4518e80..be6ac1d 100755
--- a/tests/encryption.sh
+++ b/tests/encryption.sh
@@ -6,14 +6,14 @@
 # simple encryption to public key using PKCS1.5 padding
 openssl rsautl -encrypt -pubin -inkey key-nopass.pub -in tmp.txt -out tmp.msg || exit 1
 # simple decrypt random password (token always requires 4+ digit pin)
-openssl rsautl -decrypt -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11;token=key-nopass;object=key-nopass' -passin pass:random -in tmp.msg -out recover.txt || exit 1
+openssl rsautl -decrypt -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-nopass;object=key-nopass' -passin pass:random -in tmp.msg -out recover.txt || exit 1
 check_encryption
 # encrypt to password requiring public key
 openssl rsautl -encrypt -pubin -inkey key-pass.pub -in tmp.txt -out tmp.msg || exit 1
 # check fail decrypt with wrong password
-openssl rsautl -decrypt -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11;token=key-pass;object=key-pass' -passin pass:random -in tmp.msg -out recover.txt && exit 1
+openssl rsautl -decrypt -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-pass;object=key-pass' -passin pass:random -in tmp.msg -out recover.txt && exit 1
 # check correct decryption with correct password
-openssl rsautl -decrypt -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11;token=key-pass;object=key-pass' -passin pass:Passw0rd -in tmp.msg -out recover.txt || exit 1
+openssl rsautl -decrypt -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-pass;object=key-pass' -passin pass:Passw0rd -in tmp.msg -out recover.txt || exit 1
 check_encryption
 ##
 # OAEP
@@ -21,6 +21,6 @@
 for hash in sha1 sha224 sha256 sha384 sha512; do
     echo "OAEP hash ${hash}"
     openssl pkeyutl -encrypt -inkey key-pass.pub -pubin -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:${hash} -pkeyopt rsa_mgf1_md:${hash} -in tmp.txt -out tmp.msg || exit 1
-    openssl pkeyutl -decrypt -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11;token=key-pass;object=key-pass' -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:${hash} -pkeyopt rsa_mgf1_md:${hash} -in tmp.msg -out recover.txt -passin pass:Passw0rd || exit 1
+    openssl pkeyutl -decrypt -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-pass;object=key-pass' -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:${hash} -pkeyopt rsa_mgf1_md:${hash} -in tmp.msg -out recover.txt -passin pass:Passw0rd || exit 1
     check_encryption
 done
diff --git a/tests/engine.sh b/tests/engine.sh
index 7ef1c12..b7968fd 100755
--- a/tests/engine.sh
+++ b/tests/engine.sh
@@ -8,7 +8,7 @@
     rm -f recover.txt
 }
 echo "This is an engine message to sign" > tmp.txt
-openssl rsautl -sign -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11;token=key-engine;object=key-engine' -passin pass:Eng1ne -in tmp.txt -out tmp.msg || exit 1
+openssl rsautl -sign -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-engine;object=key-engine' -passin pass:Eng1ne -in tmp.txt -out tmp.msg || exit 1
 # verify recover
 openssl rsautl -verify -pubin -inkey key-nopass.pub -in tmp.msg -out recover.txt || exit 1
 check_signature
diff --git a/tests/openssl.cnf b/tests/openssl.cnf
index de84cb0..ab3beda 100644
--- a/tests/openssl.cnf
+++ b/tests/openssl.cnf
@@ -13,4 +13,4 @@
 dynamic_path	= $ENV::srcdir/.libs/testengine.so
 
 [pkcs11_section]
-MODULE_PATH	= $ENV::srcdir/../.libs/openssl-pkcs11.so
+MODULE_PATH	= $ENV::srcdir/../.libs/openssl-pkcs11-export.so
diff --git a/tests/p11tool_checks.sh b/tests/p11tool_checks.sh
index 48d0690..1d3d447 100755
--- a/tests/p11tool_checks.sh
+++ b/tests/p11tool_checks.sh
@@ -1,9 +1,9 @@
 #!/bin/bash
 set -x
 
-P11TOOL="p11tool --provider ${srcdir}/../.libs/openssl-pkcs11.so"
+P11TOOL="p11tool --provider ${srcdir}/../.libs/openssl-pkcs11-export.so"
 
-${P11TOOL} --list-mechanisms 'pkcs11:manufacturer=openssl-pkcs11;token=key-nopass'|awk '{print $2}' > tmp.txt
+${P11TOOL} --list-mechanisms 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-nopass'|awk '{print $2}' > tmp.txt
 for mech in CKM_RSA_PKCS \
 		CKM_RSA_X_509 \
 		CKM_RSA_PKCS_PSS \
@@ -14,5 +14,5 @@
 GNUTLS_PIN=Passw0rd
 export GNUTLS_PIN
 for f in "" "--sign-params=RSA-PSS"; do
-    ${P11TOOL} --test-sign ${f} 'pkcs11:manufacturer=openssl-pkcs11;token=key-pass;object=key-pass' || exit 1
+    ${P11TOOL} --test-sign ${f} 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-pass;object=key-pass' || exit 1
 done
diff --git a/tests/signature.sh b/tests/signature.sh
index 82505dd..bf06307 100755
--- a/tests/signature.sh
+++ b/tests/signature.sh
@@ -3,14 +3,14 @@
     rm -f recover.txt
 }
 echo "This is a message to sign" > tmp.txt
-openssl rsautl -sign -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11;token=key-nopass;object=key-nopass' -passin pass:random -in tmp.txt -out tmp.msg || exit 1
+openssl rsautl -sign -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-nopass;object=key-nopass' -passin pass:random -in tmp.txt -out tmp.msg || exit 1
 # verify recover
 openssl rsautl -verify -pubin -inkey key-nopass.pub -in tmp.msg -out recover.txt || exit 1
 check_signature
 # check fail decrypt with wrong password
-openssl rsautl -sign -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11;token=key-pass;object=key-pass' -passin pass:random -in tmp.txt -out tmp.msg && exit 1
+openssl rsautl -sign -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-pass;object=key-pass' -passin pass:random -in tmp.txt -out tmp.msg && exit 1
 # check correct decryption with correct password
-openssl rsautl -sign -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11;token=key-pass;object=key-pass' -passin pass:Passw0rd -in tmp.txt -out tmp.msg || exit 1
+openssl rsautl -sign -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-pass;object=key-pass' -passin pass:Passw0rd -in tmp.txt -out tmp.msg || exit 1
 # check recovery
 openssl rsautl -verify -pubin -inkey key-pass.pub -in tmp.msg -out recover.txt || exit 1
 check_signature
@@ -20,7 +20,7 @@
 for hash in sha1 sha224 sha256 sha384 sha512; do
     echo "PSS hash ${hash}"
     openssl ${hash} -out tmp.md -binary tmp.txt || exit 1
-    openssl pkeyutl -sign -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11;token=key-pass;object=key-pass' -pkeyopt rsa_padding_mode:pss -pkeyopt digest:${hash} -pkeyopt rsa_mgf1_md:${hash} -in tmp.md -out tmp.msg -passin pass:Passw0rd || exit 1
+    openssl pkeyutl -sign -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-pass;object=key-pass' -pkeyopt rsa_padding_mode:pss -pkeyopt digest:${hash} -pkeyopt rsa_mgf1_md:${hash} -in tmp.md -out tmp.msg -passin pass:Passw0rd || exit 1
     ##
     # Would you believe openssl 1.0.2 will say the signature verified OK
     # but will then exit with a 1