diff options
| author | James Bottomley <James.Bottomley@HansenPartnership.com> | 2019-02-23 11:12:38 -0800 |
|---|---|---|
| committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2019-02-23 12:11:03 -0800 |
| commit | 5efe4ca1dee5b0ffd707378b9dd390940a20b60a (patch) | |
| tree | 2f0df9f8e8c5515c6a205413bdbeeb75d0b66799 | |
| parent | 6ee3890ac301f5078c665fcfda2ee00e908df845 (diff) | |
| download | openssl-pkcs11-export-5efe4ca1dee5b0ffd707378b9dd390940a20b60a.tar.gz | |
Version: 0.4.0v0.4.0
* Effect rename to openssl-pkcs11-export for Fedora
* Allow multiple sessions and finds per token
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
| -rw-r--r-- | Makefile.am | 12 | ||||
| -rw-r--r-- | configure.ac | 2 | ||||
| -rw-r--r-- | openssl-pkcs11-export.module (renamed from openssl-pkcs11.module) | 2 | ||||
| -rwxr-xr-x | tests/encryption.sh | 8 | ||||
| -rwxr-xr-x | tests/engine.sh | 2 | ||||
| -rw-r--r-- | tests/openssl.cnf | 2 | ||||
| -rwxr-xr-x | tests/p11tool_checks.sh | 6 | ||||
| -rwxr-xr-x | tests/signature.sh | 8 |
8 files changed, 21 insertions, 21 deletions
diff --git a/Makefile.am b/Makefile.am index ed0b3e0..3bb0d70 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,14 +1,14 @@ EXTRA_DIST = README -pkcs11_LTLIBRARIES=openssl-pkcs11.la +pkcs11_LTLIBRARIES=openssl-pkcs11-export.la pkcs11dir=@pkcs11_dir@ pkcs11_configsdir=@pkcs11_configs@ -pkcs11_configs_DATA = openssl-pkcs11.module +pkcs11_configs_DATA = openssl-pkcs11-export.module -openssl_pkcs11_la_LDFLAGS= -module -no-undefined -avoid-version -shared -openssl_pkcs11_la_SOURCES= pkcs11.c ini.c openssl-pkcs11.h cache.c crypto.c -openssl_pkcs11_la_CFLAGS = $(CFLAGS) $(CRYPTO_CFLAGS) $(P11KIT_CFLAGS) -Werror -Wall -openssl_pkcs11_la_LIBADD = $(CRYPTO_LIBS) +openssl_pkcs11_export_la_LDFLAGS= -module -no-undefined -avoid-version -shared +openssl_pkcs11_export_la_SOURCES= pkcs11.c ini.c openssl-pkcs11.h cache.c crypto.c +openssl_pkcs11_export_la_CFLAGS = $(CFLAGS) $(CRYPTO_CFLAGS) $(P11KIT_CFLAGS) -Werror -Wall +openssl_pkcs11_export_la_LIBADD = $(CRYPTO_LIBS) SUBDIRS = tests diff --git a/configure.ac b/configure.ac index 02baa60..e95f667 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -AC_INIT(openssl-pkcs11, 0.3.1, <James.Bottomley@HansenPartnership.com>) +AC_INIT(openssl-pkcs11-export, 0.4.0, <James.Bottomley@HansenPartnership.com>) AM_INIT_AUTOMAKE([foreign 1.6]) AC_DISABLE_STATIC diff --git a/openssl-pkcs11.module b/openssl-pkcs11-export.module index 1d142db..2ab2a50 100644 --- a/openssl-pkcs11.module +++ b/openssl-pkcs11-export.module @@ -2,4 +2,4 @@ # and exporting them as pkcs11 tokens # -module: openssl-pkcs11.so +module: openssl-pkcs11-export.so diff --git a/tests/encryption.sh b/tests/encryption.sh index 4518e80..be6ac1d 100755 --- a/tests/encryption.sh +++ b/tests/encryption.sh @@ -6,14 +6,14 @@ echo "This is a message to encrypt" > tmp.txt # simple encryption to public key using PKCS1.5 padding openssl rsautl -encrypt -pubin -inkey key-nopass.pub -in tmp.txt -out tmp.msg || exit 1 # simple decrypt random password (token always requires 4+ digit pin) -openssl rsautl -decrypt -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11;token=key-nopass;object=key-nopass' -passin pass:random -in tmp.msg -out recover.txt || exit 1 +openssl rsautl -decrypt -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-nopass;object=key-nopass' -passin pass:random -in tmp.msg -out recover.txt || exit 1 check_encryption # encrypt to password requiring public key openssl rsautl -encrypt -pubin -inkey key-pass.pub -in tmp.txt -out tmp.msg || exit 1 # check fail decrypt with wrong password -openssl rsautl -decrypt -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11;token=key-pass;object=key-pass' -passin pass:random -in tmp.msg -out recover.txt && exit 1 +openssl rsautl -decrypt -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-pass;object=key-pass' -passin pass:random -in tmp.msg -out recover.txt && exit 1 # check correct decryption with correct password -openssl rsautl -decrypt -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11;token=key-pass;object=key-pass' -passin pass:Passw0rd -in tmp.msg -out recover.txt || exit 1 +openssl rsautl -decrypt -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-pass;object=key-pass' -passin pass:Passw0rd -in tmp.msg -out recover.txt || exit 1 check_encryption ## # OAEP @@ -21,6 +21,6 @@ check_encryption for hash in sha1 sha224 sha256 sha384 sha512; do echo "OAEP hash ${hash}" openssl pkeyutl -encrypt -inkey key-pass.pub -pubin -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:${hash} -pkeyopt rsa_mgf1_md:${hash} -in tmp.txt -out tmp.msg || exit 1 - openssl pkeyutl -decrypt -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11;token=key-pass;object=key-pass' -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:${hash} -pkeyopt rsa_mgf1_md:${hash} -in tmp.msg -out recover.txt -passin pass:Passw0rd || exit 1 + openssl pkeyutl -decrypt -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-pass;object=key-pass' -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:${hash} -pkeyopt rsa_mgf1_md:${hash} -in tmp.msg -out recover.txt -passin pass:Passw0rd || exit 1 check_encryption done diff --git a/tests/engine.sh b/tests/engine.sh index 7ef1c12..b7968fd 100755 --- a/tests/engine.sh +++ b/tests/engine.sh @@ -8,7 +8,7 @@ check_signature() { rm -f recover.txt } echo "This is an engine message to sign" > tmp.txt -openssl rsautl -sign -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11;token=key-engine;object=key-engine' -passin pass:Eng1ne -in tmp.txt -out tmp.msg || exit 1 +openssl rsautl -sign -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-engine;object=key-engine' -passin pass:Eng1ne -in tmp.txt -out tmp.msg || exit 1 # verify recover openssl rsautl -verify -pubin -inkey key-nopass.pub -in tmp.msg -out recover.txt || exit 1 check_signature diff --git a/tests/openssl.cnf b/tests/openssl.cnf index de84cb0..ab3beda 100644 --- a/tests/openssl.cnf +++ b/tests/openssl.cnf @@ -13,4 +13,4 @@ pkcs11 = pkcs11_section dynamic_path = $ENV::srcdir/.libs/testengine.so [pkcs11_section] -MODULE_PATH = $ENV::srcdir/../.libs/openssl-pkcs11.so +MODULE_PATH = $ENV::srcdir/../.libs/openssl-pkcs11-export.so diff --git a/tests/p11tool_checks.sh b/tests/p11tool_checks.sh index 48d0690..1d3d447 100755 --- a/tests/p11tool_checks.sh +++ b/tests/p11tool_checks.sh @@ -1,9 +1,9 @@ #!/bin/bash set -x -P11TOOL="p11tool --provider ${srcdir}/../.libs/openssl-pkcs11.so" +P11TOOL="p11tool --provider ${srcdir}/../.libs/openssl-pkcs11-export.so" -${P11TOOL} --list-mechanisms 'pkcs11:manufacturer=openssl-pkcs11;token=key-nopass'|awk '{print $2}' > tmp.txt +${P11TOOL} --list-mechanisms 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-nopass'|awk '{print $2}' > tmp.txt for mech in CKM_RSA_PKCS \ CKM_RSA_X_509 \ CKM_RSA_PKCS_PSS \ @@ -14,5 +14,5 @@ done GNUTLS_PIN=Passw0rd export GNUTLS_PIN for f in "" "--sign-params=RSA-PSS"; do - ${P11TOOL} --test-sign ${f} 'pkcs11:manufacturer=openssl-pkcs11;token=key-pass;object=key-pass' || exit 1 + ${P11TOOL} --test-sign ${f} 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-pass;object=key-pass' || exit 1 done diff --git a/tests/signature.sh b/tests/signature.sh index 82505dd..bf06307 100755 --- a/tests/signature.sh +++ b/tests/signature.sh @@ -3,14 +3,14 @@ check_signature() { rm -f recover.txt } echo "This is a message to sign" > tmp.txt -openssl rsautl -sign -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11;token=key-nopass;object=key-nopass' -passin pass:random -in tmp.txt -out tmp.msg || exit 1 +openssl rsautl -sign -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-nopass;object=key-nopass' -passin pass:random -in tmp.txt -out tmp.msg || exit 1 # verify recover openssl rsautl -verify -pubin -inkey key-nopass.pub -in tmp.msg -out recover.txt || exit 1 check_signature # check fail decrypt with wrong password -openssl rsautl -sign -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11;token=key-pass;object=key-pass' -passin pass:random -in tmp.txt -out tmp.msg && exit 1 +openssl rsautl -sign -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-pass;object=key-pass' -passin pass:random -in tmp.txt -out tmp.msg && exit 1 # check correct decryption with correct password -openssl rsautl -sign -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11;token=key-pass;object=key-pass' -passin pass:Passw0rd -in tmp.txt -out tmp.msg || exit 1 +openssl rsautl -sign -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-pass;object=key-pass' -passin pass:Passw0rd -in tmp.txt -out tmp.msg || exit 1 # check recovery openssl rsautl -verify -pubin -inkey key-pass.pub -in tmp.msg -out recover.txt || exit 1 check_signature @@ -20,7 +20,7 @@ check_signature for hash in sha1 sha224 sha256 sha384 sha512; do echo "PSS hash ${hash}" openssl ${hash} -out tmp.md -binary tmp.txt || exit 1 - openssl pkeyutl -sign -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11;token=key-pass;object=key-pass' -pkeyopt rsa_padding_mode:pss -pkeyopt digest:${hash} -pkeyopt rsa_mgf1_md:${hash} -in tmp.md -out tmp.msg -passin pass:Passw0rd || exit 1 + openssl pkeyutl -sign -engine pkcs11 -keyform engine -inkey 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-pass;object=key-pass' -pkeyopt rsa_padding_mode:pss -pkeyopt digest:${hash} -pkeyopt rsa_mgf1_md:${hash} -in tmp.md -out tmp.msg -passin pass:Passw0rd || exit 1 ## # Would you believe openssl 1.0.2 will say the signature verified OK # but will then exit with a 1 |