diff --git a/libp11-0.4.12.tar.gz b/libp11-0.4.12.tar.gz deleted file mode 100644 index 10d321747a23a1ecfbc8fc6eac77ced628592e97..0000000000000000000000000000000000000000 Binary files a/libp11-0.4.12.tar.gz and /dev/null differ diff --git a/libp11-0.4.13.tar.gz b/libp11-0.4.13.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..50b097b889acd8503ca72fc92d6a76ae3e9ee146 Binary files /dev/null and b/libp11-0.4.13.tar.gz differ diff --git a/openssl-pkcs11-0.4.10-set-rsa-fips-method-flag.patch b/openssl-pkcs11-0.4.10-set-rsa-fips-method-flag.patch deleted file mode 100644 index 6b3e14939de3607f6e62634598541f6eee73d370..0000000000000000000000000000000000000000 --- a/openssl-pkcs11-0.4.10-set-rsa-fips-method-flag.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/src/p11_rsa.c 2019-04-03 21:58:18.000000000 +0200 -+++ b/src/p11_rsa.c 2019-11-28 15:46:18.898258545 +0100 -@@ -478,7 +478,7 @@ - if (!ops) - return NULL; - RSA_meth_set1_name(ops, "libp11 RSA method"); -- RSA_meth_set_flags(ops, 0); -+ RSA_meth_set_flags(ops, RSA_FLAG_FIPS_METHOD); - RSA_meth_set_priv_enc(ops, pkcs11_rsa_priv_enc_method); - RSA_meth_set_priv_dec(ops, pkcs11_rsa_priv_dec_method); - RSA_meth_set_finish(ops, pkcs11_rsa_free_method); diff --git a/openssl-pkcs11-ossl3.patch b/openssl-pkcs11-ossl3.patch deleted file mode 100644 index 87ec6dc1194c36feb4f81ff3cda9471b9f73f71a..0000000000000000000000000000000000000000 --- a/openssl-pkcs11-ossl3.patch +++ /dev/null @@ -1,249 +0,0 @@ -From 6efcf3c52db1857aaa18741a509741519b0c5775 Mon Sep 17 00:00:00 2001 -From: Doug Engert -Date: Fri, 29 Jul 2022 17:54:42 -0500 -Subject: [PATCH 1/3] Deffer initializing crypto routines in PKCS11 engine - until needed - -Fixes:#456 - -bind_helper in eng_font.c is split into bind_helper and bind_helper2 -The calls to ENGINE_set_RSA, ENGINE_set_EC, ENGINE_set_ECDH and -ENGINE_set_pkey_meths are moved to bind_helper2. - -bind_helper2 is called from load_pubkey and load_privkey. - -This in effect gets around the problem OpenSSL 3.0.x has when -it loads the pkcs11 engine from openssl.cnf, and then tries to use it -as a default provider even when no engine was specified on -the command line. - - On branch deffer_init_crypto - Changes to be committed: - modified: eng_front.c ---- - src/eng_front.c | 28 ++++++++++++++++++++++++---- - 1 file changed, 24 insertions(+), 4 deletions(-) - -diff --git a/src/eng_front.c b/src/eng_front.c -index 3a3c8910..bfc35025 100644 ---- a/src/eng_front.c -+++ b/src/eng_front.c -@@ -82,6 +82,8 @@ static const ENGINE_CMD_DEFN engine_cmd_defns[] = { - {0, NULL, NULL, 0} - }; - -+static int bind_helper2(ENGINE *e); -+ - static ENGINE_CTX *get_ctx(ENGINE *engine) - { - ENGINE_CTX *ctx; -@@ -174,6 +176,7 @@ static EVP_PKEY *load_pubkey(ENGINE *engine, const char *s_key_id, - ctx = get_ctx(engine); - if (!ctx) - return 0; -+ bind_helper2(engine); - return ctx_load_pubkey(ctx, s_key_id, ui_method, callback_data); - } - -@@ -186,6 +189,7 @@ static EVP_PKEY *load_privkey(ENGINE *engine, const char *s_key_id, - ctx = get_ctx(engine); - if (!ctx) - return 0; -+ bind_helper2(engine); - pkey = ctx_load_privkey(ctx, s_key_id, ui_method, callback_data); - #ifdef EVP_F_EVP_PKEY_SET1_ENGINE - /* EVP_PKEY_set1_engine() is required for OpenSSL 1.1.x, -@@ -219,6 +223,25 @@ static int bind_helper(ENGINE *e) - !ENGINE_set_ctrl_function(e, engine_ctrl) || - !ENGINE_set_cmd_defns(e, engine_cmd_defns) || - !ENGINE_set_name(e, PKCS11_ENGINE_NAME) || -+ -+ !ENGINE_set_load_pubkey_function(e, load_pubkey) || -+ !ENGINE_set_load_privkey_function(e, load_privkey)) { -+ return 0; -+ } else { -+ ERR_load_ENG_strings(); -+ return 1; -+ } -+} -+ -+/* -+ * With OpenSSL 3.x, engines might be used because defined in openssl.cnf -+ * which will cause problems -+ * only add engine routines after a call to load keys -+ */ -+ -+static int bind_helper2(ENGINE *e) -+{ -+ if ( - #ifndef OPENSSL_NO_RSA - !ENGINE_set_RSA(e, PKCS11_get_rsa_method()) || - #endif -@@ -235,12 +258,9 @@ static int bind_helper(ENGINE *e) - !ENGINE_set_ECDH(e, PKCS11_get_ecdh_method()) || - #endif - #endif /* OPENSSL_VERSION_NUMBER */ -- !ENGINE_set_pkey_meths(e, PKCS11_pkey_meths) || -- !ENGINE_set_load_pubkey_function(e, load_pubkey) || -- !ENGINE_set_load_privkey_function(e, load_privkey)) { -+ !ENGINE_set_pkey_meths(e, PKCS11_pkey_meths)) { - return 0; - } else { -- ERR_load_ENG_strings(); - return 1; - } - } - -From d06388774ca3846c61354835fc0fef34013db91e Mon Sep 17 00:00:00 2001 -From: Doug Engert -Date: Tue, 2 Aug 2022 19:36:02 -0500 -Subject: [PATCH 2/3] Suggested changes - -rename bind_helper2 to bind_helper_methods - -remove blank line - - On branch deffer_init_crypto - Changes to be committed: - modified: eng_front.c ---- - src/eng_front.c | 9 ++++----- - 1 file changed, 4 insertions(+), 5 deletions(-) - -diff --git a/src/eng_front.c b/src/eng_front.c -index bfc35025..556b170e 100644 ---- a/src/eng_front.c -+++ b/src/eng_front.c -@@ -82,7 +82,7 @@ static const ENGINE_CMD_DEFN engine_cmd_defns[] = { - {0, NULL, NULL, 0} - }; - --static int bind_helper2(ENGINE *e); -+static int bind_helper_methods(ENGINE *e); - - static ENGINE_CTX *get_ctx(ENGINE *engine) - { -@@ -176,7 +176,7 @@ static EVP_PKEY *load_pubkey(ENGINE *engine, const char *s_key_id, - ctx = get_ctx(engine); - if (!ctx) - return 0; -- bind_helper2(engine); -+ bind_helper_methods(engine); - return ctx_load_pubkey(ctx, s_key_id, ui_method, callback_data); - } - -@@ -189,7 +189,7 @@ static EVP_PKEY *load_privkey(ENGINE *engine, const char *s_key_id, - ctx = get_ctx(engine); - if (!ctx) - return 0; -- bind_helper2(engine); -+ bind_helper_methods(engine); - pkey = ctx_load_privkey(ctx, s_key_id, ui_method, callback_data); - #ifdef EVP_F_EVP_PKEY_SET1_ENGINE - /* EVP_PKEY_set1_engine() is required for OpenSSL 1.1.x, -@@ -223,7 +223,6 @@ static int bind_helper(ENGINE *e) - !ENGINE_set_ctrl_function(e, engine_ctrl) || - !ENGINE_set_cmd_defns(e, engine_cmd_defns) || - !ENGINE_set_name(e, PKCS11_ENGINE_NAME) || -- - !ENGINE_set_load_pubkey_function(e, load_pubkey) || - !ENGINE_set_load_privkey_function(e, load_privkey)) { - return 0; -@@ -239,7 +238,7 @@ static int bind_helper(ENGINE *e) - * only add engine routines after a call to load keys - */ - --static int bind_helper2(ENGINE *e) -+static int bind_helper_methods(ENGINE *e) - { - if ( - #ifndef OPENSSL_NO_RSA - -From 83c0091f5b07cf2be8036974695873fa82cf76e8 Mon Sep 17 00:00:00 2001 -From: Doug Engert -Date: Fri, 5 Aug 2022 20:47:24 -0500 -Subject: [PATCH 3/3] Fix test for $OSTYPE in test scripts - -$OSTYPE varies by shell and OS. Replace "if" by case. - - On branch deffer_init_crypto - Changes to be committed: - modified: pkcs11-uri-without-token.softhsm - modified: search-all-matching-tokens.softhsm ---- - tests/pkcs11-uri-without-token.softhsm | 13 ++++++++----- - tests/search-all-matching-tokens.softhsm | 14 +++++++++----- - 2 files changed, 17 insertions(+), 10 deletions(-) - -diff --git a/tests/pkcs11-uri-without-token.softhsm b/tests/pkcs11-uri-without-token.softhsm -index 8833fa8b..da95ebfe 100755 ---- a/tests/pkcs11-uri-without-token.softhsm -+++ b/tests/pkcs11-uri-without-token.softhsm -@@ -29,11 +29,14 @@ common_init - - echo "Detected system: ${OSTYPE}" - --if [[ "${OSTYPE}" == "darwin"* ]]; then -- SHARED_EXT=.dylib --else -- SHARED_EXT=.so --fi -+case "${OSTYPE}" in -+ darwin* ) -+ SHARED_EXT=.dylib -+ ;; -+ *) -+ SHARED_EXT=.so -+ ;; -+esac - - sed -e "s|@MODULE_PATH@|${MODULE}|g" -e \ - "s|@ENGINE_PATH@|../src/.libs/pkcs11${SHARED_EXT}|g" \ -diff --git a/tests/search-all-matching-tokens.softhsm b/tests/search-all-matching-tokens.softhsm -index 915e7c67..3cd26a66 100755 ---- a/tests/search-all-matching-tokens.softhsm -+++ b/tests/search-all-matching-tokens.softhsm -@@ -45,11 +45,15 @@ create_devices $NUM_DEVICES $PIN $PUK "libp11-test" "label" - - echo "Detected system: ${OSTYPE}" - --if [[ "${OSTYPE}" == "darwin"* ]]; then -- SHARED_EXT=.dylib --else -- SHARED_EXT=.so --fi -+ -+case "${OSTYPE}" in -+ darwin* ) -+ SHARED_EXT=.dylib -+ ;; -+ *) -+ SHARED_EXT=.so -+ ;; -+esac - - sed -e "s|@MODULE_PATH@|${MODULE}|g" -e \ - "s|@ENGINE_PATH@|../src/.libs/pkcs11${SHARED_EXT}|g" \ - -From feb22a666ca361adb6f454bcb541281f8e9615f8 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Micha=C5=82=20Trojnara?= -Date: Sat, 6 Aug 2022 23:14:55 +0200 -Subject: [PATCH] Also bind helper methods in engine_ctrl() - ---- - src/eng_front.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/eng_front.c b/src/eng_front.c -index 556b170..fd6940f 100644 ---- a/src/eng_front.c -+++ b/src/eng_front.c -@@ -209,6 +209,7 @@ static int engine_ctrl(ENGINE *engine, int cmd, long i, void *p, void (*f) ()) - ctx = get_ctx(engine); - if (!ctx) - return 0; -+ bind_helper_methods(engine); - return ctx_engine_ctrl(ctx, cmd, i, p, f); - } - - diff --git a/openssl-pkcs11.spec b/openssl-pkcs11.spec index 2ce6ba55e4ccc0e3a1b04d69a13d3d90ff85d287..cc7f017f2e6f327f4fb64994a131371510cae152 100644 --- a/openssl-pkcs11.spec +++ b/openssl-pkcs11.spec @@ -1,18 +1,15 @@ -%define anolis_release 2 +%define anolis_release 1 Name: openssl-pkcs11 -Version: 0.4.12 +Version: 0.4.13 Release: %{anolis_release}%{?dist} Summary: A PKCS#11 engine for use with OpenSSL License: LGPLv2+ and BSD URL: https://github.com/OpenSC/libp11 Source0: https://github.com/OpenSC/libp11/releases/download/libp11-%{version}/libp11-%{version}.tar.gz -Patch4: openssl-pkcs11-0.4.10-set-rsa-fips-method-flag.patch -Patch5: openssl-pkcs11-ossl3.patch - BuildRequires: make autoconf automake libtool -BuildRequires: softhsm opensc procps-ng openssl +BuildRequires: softhsm opensc procps-ng openssl >= 3.0.0 BuildRequires: pkgconfig(libcrypto) >= 0.9.8 pkgconfig(openssl) pkgconfig(p11-kit-1) Requires: p11-kit-trust @@ -46,7 +43,7 @@ The %{name}-doc package contains documentation files for %{name}. %autosetup -p1 -n libp11-%{version} %build -%configure --disable-static +%configure --disable-static %make_build %install @@ -67,12 +64,16 @@ rm -rf %{buildroot}%{_docdir} %license COPYING %{_libdir}/libp11.so.* %{_libdir}/engines-*/*.so +%{_libdir}/libpkcs11.so* %{abidir}/*.dump %files doc %doc README.md NEWS %changelog +* Thu Apr 24 2025 mgb01105731 - 0.4.13-1 +- update to 0.4.13 + * Sat Apr 15 2023 Shawn Wang - 0.4.12-2 - Add doc package - Add abi info