Version: 0.4.0
* Effect rename to openssl-pkcs11-export for Fedora
* Allow multiple sessions and finds per token
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
diff --git a/Makefile.am b/Makefile.am
index ed0b3e0..3bb0d70 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,14 +1,14 @@
EXTRA_DIST = README
-pkcs11_LTLIBRARIES=openssl-pkcs11.la
+pkcs11_LTLIBRARIES=openssl-pkcs11-export.la
pkcs11dir=@pkcs11_dir@
pkcs11_configsdir=@pkcs11_configs@
-pkcs11_configs_DATA = openssl-pkcs11.module
+pkcs11_configs_DATA = openssl-pkcs11-export.module
-openssl_pkcs11_la_LDFLAGS= -module -no-undefined -avoid-version -shared
-openssl_pkcs11_la_SOURCES= pkcs11.c ini.c openssl-pkcs11.h cache.c crypto.c
-openssl_pkcs11_la_CFLAGS = $(CFLAGS) $(CRYPTO_CFLAGS) $(P11KIT_CFLAGS) -Werror -Wall
-openssl_pkcs11_la_LIBADD = $(CRYPTO_LIBS)
+openssl_pkcs11_export_la_LDFLAGS= -module -no-undefined -avoid-version -shared
+openssl_pkcs11_export_la_SOURCES= pkcs11.c ini.c openssl-pkcs11.h cache.c crypto.c
+openssl_pkcs11_export_la_CFLAGS = $(CFLAGS) $(CRYPTO_CFLAGS) $(P11KIT_CFLAGS) -Werror -Wall
+openssl_pkcs11_export_la_LIBADD = $(CRYPTO_LIBS)
SUBDIRS = tests
diff --git a/configure.ac b/configure.ac
index 02baa60..e95f667 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-AC_INIT(openssl-pkcs11, 0.3.1, <James.Bottomley@HansenPartnership.com>)
+AC_INIT(openssl-pkcs11-export, 0.4.0, <James.Bottomley@HansenPartnership.com>)
AM_INIT_AUTOMAKE([foreign 1.6])
AC_DISABLE_STATIC
diff --git a/openssl-pkcs11.module b/openssl-pkcs11-export.module
similarity index 74%
rename from openssl-pkcs11.module
rename to openssl-pkcs11-export.module
index 1d142db..2ab2a50 100644
--- a/openssl-pkcs11.module
+++ b/openssl-pkcs11-export.module
@@ -2,4 +2,4 @@
# and exporting them as pkcs11 tokens
#
-module: openssl-pkcs11.so
+module: openssl-pkcs11-export.so
diff --git a/tests/encryption.sh b/tests/encryption.sh
index 4518e80..be6ac1d 100755
--- a/tests/encryption.sh
+++ b/tests/encryption.sh
@@ -6,14 +6,14 @@
# simple encryption to public key using PKCS1.5 padding
openssl rsautl -encrypt -pubin -inkey key-nopass.pub -in tmp.txt -out tmp.msg || exit 1
# simple decrypt random password (token always requires 4+ digit pin)
-openssl rsautl -decrypt -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11;token=key-nopass;object=key-nopass' -passin pass:random -in tmp.msg -out recover.txt || exit 1
+openssl rsautl -decrypt -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-nopass;object=key-nopass' -passin pass:random -in tmp.msg -out recover.txt || exit 1
check_encryption
# encrypt to password requiring public key
openssl rsautl -encrypt -pubin -inkey key-pass.pub -in tmp.txt -out tmp.msg || exit 1
# check fail decrypt with wrong password
-openssl rsautl -decrypt -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11;token=key-pass;object=key-pass' -passin pass:random -in tmp.msg -out recover.txt && exit 1
+openssl rsautl -decrypt -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-pass;object=key-pass' -passin pass:random -in tmp.msg -out recover.txt && exit 1
# check correct decryption with correct password
-openssl rsautl -decrypt -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11;token=key-pass;object=key-pass' -passin pass:Passw0rd -in tmp.msg -out recover.txt || exit 1
+openssl rsautl -decrypt -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-pass;object=key-pass' -passin pass:Passw0rd -in tmp.msg -out recover.txt || exit 1
check_encryption
##
# OAEP
@@ -21,6 +21,6 @@
for hash in sha1 sha224 sha256 sha384 sha512; do
echo "OAEP hash ${hash}"
openssl pkeyutl -encrypt -inkey key-pass.pub -pubin -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:${hash} -pkeyopt rsa_mgf1_md:${hash} -in tmp.txt -out tmp.msg || exit 1
- openssl pkeyutl -decrypt -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11;token=key-pass;object=key-pass' -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:${hash} -pkeyopt rsa_mgf1_md:${hash} -in tmp.msg -out recover.txt -passin pass:Passw0rd || exit 1
+ openssl pkeyutl -decrypt -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-pass;object=key-pass' -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:${hash} -pkeyopt rsa_mgf1_md:${hash} -in tmp.msg -out recover.txt -passin pass:Passw0rd || exit 1
check_encryption
done
diff --git a/tests/engine.sh b/tests/engine.sh
index 7ef1c12..b7968fd 100755
--- a/tests/engine.sh
+++ b/tests/engine.sh
@@ -8,7 +8,7 @@
rm -f recover.txt
}
echo "This is an engine message to sign" > tmp.txt
-openssl rsautl -sign -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11;token=key-engine;object=key-engine' -passin pass:Eng1ne -in tmp.txt -out tmp.msg || exit 1
+openssl rsautl -sign -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-engine;object=key-engine' -passin pass:Eng1ne -in tmp.txt -out tmp.msg || exit 1
# verify recover
openssl rsautl -verify -pubin -inkey key-nopass.pub -in tmp.msg -out recover.txt || exit 1
check_signature
diff --git a/tests/openssl.cnf b/tests/openssl.cnf
index de84cb0..ab3beda 100644
--- a/tests/openssl.cnf
+++ b/tests/openssl.cnf
@@ -13,4 +13,4 @@
dynamic_path = $ENV::srcdir/.libs/testengine.so
[pkcs11_section]
-MODULE_PATH = $ENV::srcdir/../.libs/openssl-pkcs11.so
+MODULE_PATH = $ENV::srcdir/../.libs/openssl-pkcs11-export.so
diff --git a/tests/p11tool_checks.sh b/tests/p11tool_checks.sh
index 48d0690..1d3d447 100755
--- a/tests/p11tool_checks.sh
+++ b/tests/p11tool_checks.sh
@@ -1,9 +1,9 @@
#!/bin/bash
set -x
-P11TOOL="p11tool --provider ${srcdir}/../.libs/openssl-pkcs11.so"
+P11TOOL="p11tool --provider ${srcdir}/../.libs/openssl-pkcs11-export.so"
-${P11TOOL} --list-mechanisms 'pkcs11:manufacturer=openssl-pkcs11;token=key-nopass'|awk '{print $2}' > tmp.txt
+${P11TOOL} --list-mechanisms 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-nopass'|awk '{print $2}' > tmp.txt
for mech in CKM_RSA_PKCS \
CKM_RSA_X_509 \
CKM_RSA_PKCS_PSS \
@@ -14,5 +14,5 @@
GNUTLS_PIN=Passw0rd
export GNUTLS_PIN
for f in "" "--sign-params=RSA-PSS"; do
- ${P11TOOL} --test-sign ${f} 'pkcs11:manufacturer=openssl-pkcs11;token=key-pass;object=key-pass' || exit 1
+ ${P11TOOL} --test-sign ${f} 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-pass;object=key-pass' || exit 1
done
diff --git a/tests/signature.sh b/tests/signature.sh
index 82505dd..bf06307 100755
--- a/tests/signature.sh
+++ b/tests/signature.sh
@@ -3,14 +3,14 @@
rm -f recover.txt
}
echo "This is a message to sign" > tmp.txt
-openssl rsautl -sign -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11;token=key-nopass;object=key-nopass' -passin pass:random -in tmp.txt -out tmp.msg || exit 1
+openssl rsautl -sign -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-nopass;object=key-nopass' -passin pass:random -in tmp.txt -out tmp.msg || exit 1
# verify recover
openssl rsautl -verify -pubin -inkey key-nopass.pub -in tmp.msg -out recover.txt || exit 1
check_signature
# check fail decrypt with wrong password
-openssl rsautl -sign -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11;token=key-pass;object=key-pass' -passin pass:random -in tmp.txt -out tmp.msg && exit 1
+openssl rsautl -sign -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-pass;object=key-pass' -passin pass:random -in tmp.txt -out tmp.msg && exit 1
# check correct decryption with correct password
-openssl rsautl -sign -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11;token=key-pass;object=key-pass' -passin pass:Passw0rd -in tmp.txt -out tmp.msg || exit 1
+openssl rsautl -sign -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-pass;object=key-pass' -passin pass:Passw0rd -in tmp.txt -out tmp.msg || exit 1
# check recovery
openssl rsautl -verify -pubin -inkey key-pass.pub -in tmp.msg -out recover.txt || exit 1
check_signature
@@ -20,7 +20,7 @@
for hash in sha1 sha224 sha256 sha384 sha512; do
echo "PSS hash ${hash}"
openssl ${hash} -out tmp.md -binary tmp.txt || exit 1
- openssl pkeyutl -sign -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11;token=key-pass;object=key-pass' -pkeyopt rsa_padding_mode:pss -pkeyopt digest:${hash} -pkeyopt rsa_mgf1_md:${hash} -in tmp.md -out tmp.msg -passin pass:Passw0rd || exit 1
+ openssl pkeyutl -sign -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-pass;object=key-pass' -pkeyopt rsa_padding_mode:pss -pkeyopt digest:${hash} -pkeyopt rsa_mgf1_md:${hash} -in tmp.md -out tmp.msg -passin pass:Passw0rd || exit 1
##
# Would you believe openssl 1.0.2 will say the signature verified OK
# but will then exit with a 1