powerel9
/
pkcs11-helper
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

initial package creation 

Signed-off-by: Toshaan Bharvani <toshaan@powerel.org>
master
Toshaan Bharvani 2 years ago
commit
fd18832490
2 changed files with 934 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 719
      SOURCES/pkcs11-helper-rfc7512.patch
  2. 215
      SPECS/pkcs11-helper.spec

719
SOURCES/pkcs11-helper-rfc7512.patch
Unescape View File

@ -0,0 +1,719 @@ @@ -0,0 +1,719 @@
From 14e09211c3d50eb06825090c9765e4382cf52f19 Mon Sep 17 00:00:00 2001
From: David Woodhouse <David.Woodhouse@intel.com>
Date: Sun, 14 Dec 2014 19:42:18 +0000
Subject: [PATCH 1/3] Stop _pkcs11h_util_hexToBinary() checking for trailing
NUL

We are going to want to use this for parsing %XX hex escapes in RFC7512
PKCS#11 URIs, where we cannot expect a trailing NUL. Since there's only
one existing caller at the moment, it's simple just to let the caller
have responsibility for that check.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
---
lib/pkcs11h-serialization.c | 8 +++++++-
lib/pkcs11h-util.c | 7 +------
2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/lib/pkcs11h-serialization.c b/lib/pkcs11h-serialization.c
index 74b4ca7..a45a6c5 100644
--- a/lib/pkcs11h-serialization.c
+++ b/lib/pkcs11h-serialization.c
@@ -368,6 +368,7 @@ pkcs11h_certificate_deserializeCertificateId (
CK_RV rv = CKR_FUNCTION_FAILED;
char *p = NULL;
char *_sz = NULL;
+ size_t id_hex_len;
_PKCS11H_ASSERT (p_certificate_id!=NULL);
_PKCS11H_ASSERT (sz!=NULL);
@@ -413,7 +414,12 @@ pkcs11h_certificate_deserializeCertificateId (
goto cleanup;
}
- certificate_id->attrCKA_ID_size = strlen (p)/2;
+ id_hex_len = strlen (p);
+ if (id_hex_len & 1) {
+ rv = CKR_ATTRIBUTE_VALUE_INVALID;
+ goto cleanup;
+ }
+ certificate_id->attrCKA_ID_size = id_hex_len/2;
if (
(rv = _pkcs11h_mem_malloc (
diff --git a/lib/pkcs11h-util.c b/lib/pkcs11h-util.c
index 7325db4..7dfe9a3 100644
--- a/lib/pkcs11h-util.c
+++ b/lib/pkcs11h-util.c
@@ -109,12 +109,7 @@ _pkcs11h_util_hexToBinary (
p++;
}
- if (*p != '\x0') {
- return CKR_ATTRIBUTE_VALUE_INVALID;
- }
- else {
- return CKR_OK;
- }
+ return CKR_OK;
}
CK_RV

From 4d5280da8df591aab701dff4493d13a835a9b29c Mon Sep 17 00:00:00 2001
From: David Woodhouse <David.Woodhouse@intel.com>
Date: Wed, 10 Dec 2014 14:00:21 +0000
Subject: [PATCH 2/3] Accept RFC7512-compliant PKCS#11 URIs as serialized
token/certificate IDs

The old format is still accepted for compatibility.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
---
lib/pkcs11h-serialization.c | 305 ++++++++++++++++++++++++++++++------
1 file changed, 256 insertions(+), 49 deletions(-)

diff --git a/lib/pkcs11h-serialization.c b/lib/pkcs11h-serialization.c
index a45a6c5..390ac0e 100644
--- a/lib/pkcs11h-serialization.c
+++ b/lib/pkcs11h-serialization.c
@@ -60,6 +60,26 @@
#if defined(ENABLE_PKCS11H_TOKEN) || defined(ENABLE_PKCS11H_CERTIFICATE)
+#define URI_SCHEME "pkcs11:"
+
+#define token_field_ofs(field) ((unsigned long)&(((struct pkcs11h_token_id_s *)0)->field))
+#define token_field_size(field) sizeof((((struct pkcs11h_token_id_s *)0)->field))
+#define token_field(name, field) { name "=", sizeof(name), \
+ token_field_ofs(field), token_field_size(field) }
+
+static struct {
+ const char const *name;
+ size_t namelen;
+ unsigned long field_ofs;
+ size_t field_size;
+} __token_fields[] = {
+ token_field ("model", model),
+ token_field ("token", label),
+ token_field ("manufacturer", manufacturerID ),
+ token_field ("serial", serialNumber ),
+ { NULL },
+};
+
CK_RV
pkcs11h_token_serializeTokenId (
OUT char * const sz,
@@ -149,9 +169,147 @@ pkcs11h_token_serializeTokenId (
return rv;
}
+static
CK_RV
-pkcs11h_token_deserializeTokenId (
- OUT pkcs11h_token_id_t *p_token_id,
+__parse_token_uri_attr (
+ const char *uri,
+ size_t urilen,
+ char *tokstr,
+ size_t toklen,
+ size_t *parsed_len
+) {
+ size_t orig_toklen = toklen;
+ CK_RV rv = CKR_OK;
+
+ while (urilen && toklen > 1) {
+ if (*uri == '%') {
+ size_t size = 1;
+
+ if (urilen < 3) {
+ rv = CKR_ATTRIBUTE_VALUE_INVALID;
+ goto done;
+ }
+
+ rv = _pkcs11h_util_hexToBinary ((unsigned char *)tokstr,
+ uri + 1, &size);
+ if (rv != CKR_OK) {
+ goto done;
+ }
+
+ uri += 2;
+ urilen -= 2;
+ } else {
+ *tokstr = *uri;
+ }
+ tokstr++;
+ uri++;
+ toklen--;
+ urilen--;
+ tokstr[0] = 0;
+ }
+
+ if (urilen) {
+ rv = CKR_ATTRIBUTE_VALUE_INVALID;
+ } else if (parsed_len) {
+ *parsed_len = orig_toklen - toklen;
+ }
+
+ done:
+ return rv;
+}
+
+static
+CK_RV
+__parse_pkcs11_uri (
+ OUT pkcs11h_token_id_t token_id,
+ OUT pkcs11h_certificate_id_t certificate_id,
+ IN const char * const sz
+) {
+ const char *end, *p;
+ CK_RV rv = CKR_OK;
+
+ _PKCS11H_ASSERT (token_id!=NULL);
+ _PKCS11H_ASSERT (sz!=NULL);
+
+ if (strncmp (sz, URI_SCHEME, strlen (URI_SCHEME)))
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+
+ end = sz + strlen (URI_SCHEME) - 1;
+ while (rv == CKR_OK && end[0] && end[1]) {
+ int i;
+
+ p = end + 1;
+ end = strchr (p, ';');
+ if (!end)
+ end = p + strlen(p);
+
+ for (i = 0; __token_fields[i].name; i++) {
+ /* Parse the token=, label=, manufacturer= and serial= fields */
+ if (!strncmp(p, __token_fields[i].name, __token_fields[i].namelen)) {
+ char *field = ((char *)token_id) + __token_fields[i].field_ofs;
+
+ p += __token_fields[i].namelen;
+ rv = __parse_token_uri_attr (p, end - p, field,
+ __token_fields[i].field_size,
+ NULL);
+ if (rv != CKR_OK) {
+ goto cleanup;
+ }
+
+ goto matched;
+ }
+ }
+ if (certificate_id && !strncmp(p, "id=", 3)) {
+ p += 3;
+
+ rv = _pkcs11h_mem_malloc ((void *)&certificate_id->attrCKA_ID,
+ end - p + 1);
+ if (rv != CKR_OK) {
+ goto cleanup;
+ }
+
+ rv = __parse_token_uri_attr (p, end - p,
+ (char *)certificate_id->attrCKA_ID,
+ end - p + 1,
+ &certificate_id->attrCKA_ID_size);
+ if (rv != CKR_OK) {
+ goto cleanup;
+ }
+
+ goto matched;
+ }
+
+ /* We don't parse object= because the match code doesn't support
+ matching by label. */
+
+ /* Failed to parse PKCS#11 URI element. */
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+
+ matched:
+ ;
+ }
+cleanup:
+ /* The matching code doesn't support support partial matches; it needs
+ * *all* of manufacturer, model, serial and label attributes to be
+ * defined. So reject partial URIs early instead of letting it do the
+ * wrong thing. We can maybe improve this later. */
+ if (!token_id->model[0] || !token_id->label[0] ||
+ !token_id->manufacturerID[0] || !token_id->serialNumber[0]) {
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
+
+ /* For a certificate ID we need CKA_ID */
+ if (certificate_id && !certificate_id->attrCKA_ID_size) {
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
+
+ return rv;
+}
+
+static
+CK_RV
+__pkcs11h_token_legacy_deserializeTokenId (
+ OUT pkcs11h_token_id_t token_id,
IN const char * const sz
) {
#define __PKCS11H_TARGETS_NUMBER 4
@@ -160,24 +318,11 @@ pkcs11h_token_deserializeTokenId (
size_t s;
} targets[__PKCS11H_TARGETS_NUMBER];
- pkcs11h_token_id_t token_id = NULL;
char *p1 = NULL;
char *_sz = NULL;
int e;
CK_RV rv = CKR_FUNCTION_FAILED;
- _PKCS11H_ASSERT (p_token_id!=NULL);
- _PKCS11H_ASSERT (sz!=NULL);
-
- _PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG2,
- "PKCS#11: pkcs11h_token_deserializeTokenId entry p_token_id=%p, sz='%s'",
- (void *)p_token_id,
- sz
- );
-
- *p_token_id = NULL;
-
if (
(rv = _pkcs11h_mem_strdup (
(void *)&_sz,
@@ -189,10 +334,6 @@ pkcs11h_token_deserializeTokenId (
p1 = _sz;
- if ((rv = _pkcs11h_token_newTokenId (&token_id)) != CKR_OK) {
- goto cleanup;
- }
-
targets[0].p = token_id->manufacturerID;
targets[0].s = sizeof (token_id->manufacturerID);
targets[1].p = token_id->model;
@@ -251,6 +392,51 @@ pkcs11h_token_deserializeTokenId (
p1 = p2+1;
}
+ rv = CKR_OK;
+
+cleanup:
+
+ if (_sz != NULL) {
+ _pkcs11h_mem_free ((void *)&_sz);
+ }
+
+ return rv;
+#undef __PKCS11H_TARGETS_NUMBER
+}
+
+CK_RV
+pkcs11h_token_deserializeTokenId (
+ OUT pkcs11h_token_id_t *p_token_id,
+ IN const char * const sz
+) {
+ pkcs11h_token_id_t token_id = NULL;
+ CK_RV rv = CKR_FUNCTION_FAILED;
+
+ _PKCS11H_ASSERT (p_token_id!=NULL);
+ _PKCS11H_ASSERT (sz!=NULL);
+
+ _PKCS11H_DEBUG (
+ PKCS11H_LOG_DEBUG2,
+ "PKCS#11: pkcs11h_token_deserializeTokenId entry p_token_id=%p, sz='%s'",
+ (void *)p_token_id,
+ sz
+ );
+
+ *p_token_id = NULL;
+
+ if ((rv = _pkcs11h_token_newTokenId (&token_id)) != CKR_OK) {
+ goto cleanup;
+ }
+
+ if (!strncmp (sz, URI_SCHEME, strlen (URI_SCHEME))) {
+ rv = __parse_pkcs11_uri(token_id, NULL, sz);
+ } else {
+ rv = __pkcs11h_token_legacy_deserializeTokenId(token_id, sz);
+ }
+ if (rv != CKR_OK) {
+ goto cleanup;
+ }
+
strncpy (
token_id->display,
token_id->label,
@@ -263,11 +449,6 @@ pkcs11h_token_deserializeTokenId (
rv = CKR_OK;
cleanup:
-
- if (_sz != NULL) {
- _pkcs11h_mem_free ((void *)&_sz);
- }
-
if (token_id != NULL) {
pkcs11h_token_freeTokenId (token_id);
}
@@ -280,7 +461,6 @@ pkcs11h_token_deserializeTokenId (
);
return rv;
-#undef __PKCS11H_TARGETS_NUMBER
}
#endif /* ENABLE_PKCS11H_TOKEN || ENABLE_PKCS11H_CERTIFICATE */
@@ -359,29 +539,17 @@ pkcs11h_certificate_serializeCertificateId (
return rv;
}
+static
CK_RV
-pkcs11h_certificate_deserializeCertificateId (
- OUT pkcs11h_certificate_id_t * const p_certificate_id,
+__pkcs11h_certificate_legacy_deserializeCertificateId (
+ OUT pkcs11h_certificate_id_t certificate_id,
IN const char * const sz
) {
- pkcs11h_certificate_id_t certificate_id = NULL;
CK_RV rv = CKR_FUNCTION_FAILED;
char *p = NULL;
char *_sz = NULL;
size_t id_hex_len;
- _PKCS11H_ASSERT (p_certificate_id!=NULL);
- _PKCS11H_ASSERT (sz!=NULL);
-
- *p_certificate_id = NULL;
-
- _PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG2,
- "PKCS#11: pkcs11h_certificate_deserializeCertificateId entry p_certificate_id=%p, sz='%s'",
- (void *)p_certificate_id,
- sz
- );
-
if (
(rv = _pkcs11h_mem_strdup (
(void *)&_sz,
@@ -393,10 +561,6 @@ pkcs11h_certificate_deserializeCertificateId (
p = _sz;
- if ((rv = _pkcs11h_certificate_newCertificateId (&certificate_id)) != CKR_OK) {
- goto cleanup;
- }
-
if ((p = strrchr (_sz, '/')) == NULL) {
rv = CKR_ATTRIBUTE_VALUE_INVALID;
goto cleanup;
@@ -435,21 +599,64 @@ pkcs11h_certificate_deserializeCertificateId (
goto cleanup;
}
+ rv = CKR_OK;
+
+cleanup:
+
+ if (_sz != NULL) {
+ _pkcs11h_mem_free ((void *)&_sz);
+ }
+
+ return rv;
+
+}
+
+CK_RV
+pkcs11h_certificate_deserializeCertificateId (
+ OUT pkcs11h_certificate_id_t * const p_certificate_id,
+ IN const char * const sz
+) {
+ pkcs11h_certificate_id_t certificate_id = NULL;
+ CK_RV rv = CKR_FUNCTION_FAILED;
+
+ _PKCS11H_ASSERT (p_certificate_id!=NULL);
+ _PKCS11H_ASSERT (sz!=NULL);
+
+ *p_certificate_id = NULL;
+
+ _PKCS11H_DEBUG (
+ PKCS11H_LOG_DEBUG2,
+ "PKCS#11: pkcs11h_certificate_deserializeCertificateId entry p_certificate_id=%p, sz='%s'",
+ (void *)p_certificate_id,
+ sz
+ );
+
+ if ((rv = _pkcs11h_certificate_newCertificateId (&certificate_id)) != CKR_OK) {
+ goto cleanup;
+ }
+ if ((rv = _pkcs11h_token_newTokenId (&certificate_id->token_id)) != CKR_OK) {
+ goto cleanup;
+ }
+
+ if (!strncmp(sz, URI_SCHEME, strlen (URI_SCHEME))) {
+ rv = __parse_pkcs11_uri (certificate_id->token_id, certificate_id, sz);
+ } else {
+ rv = __pkcs11h_certificate_legacy_deserializeCertificateId (certificate_id, sz);
+ }
+ if (rv != CKR_OK) {
+ goto cleanup;
+ }
+
*p_certificate_id = certificate_id;
certificate_id = NULL;
rv = CKR_OK;
cleanup:
-
if (certificate_id != NULL) {
pkcs11h_certificate_freeCertificateId (certificate_id);
certificate_id = NULL;
}
- if (_sz != NULL) {
- _pkcs11h_mem_free ((void *)&_sz);
- }
-
_PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_certificate_deserializeCertificateId return rv=%lu-'%s'",

From 90590b02085edc3830bdfe0942a46c4e7bf3f1ab Mon Sep 17 00:00:00 2001
From: David Woodhouse <David.Woodhouse@intel.com>
Date: Thu, 30 Apr 2015 14:58:24 +0100
Subject: [PATCH 3/3] Serialize to RFC7512-compliant PKCS#11 URIs

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
---
lib/pkcs11h-serialization.c | 186 ++++++++++++++++++------------------
1 file changed, 91 insertions(+), 95 deletions(-)

diff --git a/lib/pkcs11h-serialization.c b/lib/pkcs11h-serialization.c
index 390ac0e..0ea1861 100644
--- a/lib/pkcs11h-serialization.c
+++ b/lib/pkcs11h-serialization.c
@@ -80,29 +80,107 @@ static struct {
{ NULL },
};
+#define P11_URL_VERBATIM "abcdefghijklmnopqrstuvwxyz" \
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ" \
+ "0123456789_-."
+
+static
+int
+__token_attr_escape(char *uri, char *attr, size_t attrlen)
+{
+ int len = 0, i;
+
+ for (i = 0; i < attrlen; i++) {
+ if ((attr[i] != '\x0') && strchr(P11_URL_VERBATIM, attr[i])) {
+ if (uri) {
+ *(uri++) = attr[i];
+ }
+ len++;
+ } else {
+ if (uri) {
+ sprintf(uri, "%%%02x", (unsigned char)attr[i]);
+ uri += 3;
+ }
+ len += 3;
+ }
+ }
+ return len;
+}
+
+static
+CK_RV
+__generate_pkcs11_uri (
+ OUT char * const sz,
+ IN OUT size_t *max,
+ IN const pkcs11h_certificate_id_t certificate_id,
+ IN const pkcs11h_token_id_t token_id
+) {
+ size_t _max;
+ char *p = sz;
+ int i;
+
+ _PKCS11H_ASSERT (max!=NULL);
+ _PKCS11H_ASSERT (token_id!=NULL);
+
+ _max = strlen(URI_SCHEME);
+ for (i = 0; __token_fields[i].name; i++) {
+ char *field = ((char *)token_id) + __token_fields[i].field_ofs;
+
+ _max += __token_fields[i].namelen;
+ _max += __token_attr_escape (NULL, field, strlen(field));
+ _max++; /* For a semicolon or trailing NUL */
+ }
+ if (certificate_id) {
+ _max += strlen (";id=");
+ _max += __token_attr_escape (NULL,
+ (char *)certificate_id->attrCKA_ID,
+ certificate_id->attrCKA_ID_size);
+ }
+
+ if (!sz) {
+ *max = _max;
+ return CKR_OK;
+ }
+
+ if (sz && *max < _max)
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+
+ p += sprintf(p, URI_SCHEME);
+ for (i = 0; __token_fields[i].name; i++) {
+ char *field = ((char *)token_id) + __token_fields[i].field_ofs;
+
+ p += sprintf (p, "%s", __token_fields[i].name);
+ p += __token_attr_escape (p, field, strlen(field));
+ *(p++) = ';';
+ }
+ if (certificate_id) {
+ p += sprintf (p, "id=");
+ p += __token_attr_escape (p,
+ (char *)certificate_id->attrCKA_ID,
+ certificate_id->attrCKA_ID_size);
+ } else {
+ /* Remove the unneeded trailing semicolon */
+ p--;
+ }
+ *(p++) = 0;
+
+ *max = _max;
+
+ return CKR_OK;
+}
+
CK_RV
pkcs11h_token_serializeTokenId (
OUT char * const sz,
IN OUT size_t *max,
IN const pkcs11h_token_id_t token_id
) {
- const char *sources[5];
CK_RV rv = CKR_FUNCTION_FAILED;
- size_t n;
- int e;
/*_PKCS11H_ASSERT (sz!=NULL); Not required*/
_PKCS11H_ASSERT (max!=NULL);
_PKCS11H_ASSERT (token_id!=NULL);
- { /* Must be after assert */
- sources[0] = token_id->manufacturerID;
- sources[1] = token_id->model;
- sources[2] = token_id->serialNumber;
- sources[3] = token_id->label;
- sources[4] = NULL;
- }
-
_PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_token_serializeTokenId entry sz=%p, *max="P_Z", token_id=%p",
@@ -111,51 +189,7 @@ pkcs11h_token_serializeTokenId (
(void *)token_id
);
- n = 0;
- for (e=0;sources[e] != NULL;e++) {
- size_t t;
- if (
- (rv = _pkcs11h_util_escapeString (
- NULL,
- sources[e],
- &t,
- __PKCS11H_SERIALIZE_INVALID_CHARS
- )) != CKR_OK
- ) {
- goto cleanup;
- }
- n+=t;
- }
-
- if (sz != NULL) {
- if (*max < n) {
- rv = CKR_ATTRIBUTE_VALUE_INVALID;
- goto cleanup;
- }
-
- n = 0;
- for (e=0;sources[e] != NULL;e++) {
- size_t t = *max-n;
- if (
- (rv = _pkcs11h_util_escapeString (
- sz+n,
- sources[e],
- &t,
- __PKCS11H_SERIALIZE_INVALID_CHARS
- )) != CKR_OK
- ) {
- goto cleanup;
- }
- n+=t;
- sz[n-1] = '/';
- }
- sz[n-1] = '\x0';
- }
-
- *max = n;
- rv = CKR_OK;
-
-cleanup:
+ rv = __generate_pkcs11_uri(sz, max, NULL, token_id);
_PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
@@ -474,9 +508,6 @@ pkcs11h_certificate_serializeCertificateId (
IN const pkcs11h_certificate_id_t certificate_id
) {
CK_RV rv = CKR_FUNCTION_FAILED;
- size_t saved_max = 0;
- size_t n = 0;
- size_t _max = 0;
/*_PKCS11H_ASSERT (sz!=NULL); Not required */
_PKCS11H_ASSERT (max!=NULL);
@@ -490,42 +521,7 @@ pkcs11h_certificate_serializeCertificateId (
(void *)certificate_id
);
- if (sz != NULL) {
- saved_max = n = *max;
- }
- *max = 0;
-
- if (
- (rv = pkcs11h_token_serializeTokenId (
- sz,
- &n,
- certificate_id->token_id
- )) != CKR_OK
- ) {
- goto cleanup;
- }
-
- _max = n + certificate_id->attrCKA_ID_size*2 + 1;
-
- if (sz != NULL) {
- if (saved_max < _max) {
- rv = CKR_ATTRIBUTE_VALUE_INVALID;
- goto cleanup;
- }
-
- sz[n-1] = '/';
- rv = _pkcs11h_util_binaryToHex (
- sz+n,
- saved_max-n,
- certificate_id->attrCKA_ID,
- certificate_id->attrCKA_ID_size
- );
- }
-
- *max = _max;
- rv = CKR_OK;
-
-cleanup:
+ rv = __generate_pkcs11_uri(sz, max, certificate_id, certificate_id->token_id);
_PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,

215
SPECS/pkcs11-helper.spec
Unescape View File

@ -0,0 +1,215 @@ @@ -0,0 +1,215 @@
Name: pkcs11-helper
Version: 1.29.0
Release: 1%{?dist}
Summary: A library for using PKCS#11 providers

License: GPLv2 or BSD
URL: http://www.opensc-project.org/opensc/wiki/pkcs11-helper
Source0: https://github.com/OpenSC/pkcs11-helper/releases/download/pkcs11-helper-%{version}/pkcs11-helper-%{version}.tar.bz2
# https://github.com/OpenSC/pkcs11-helper/pull/4
Patch2: pkcs11-helper-rfc7512.patch

BuildRequires: make
BuildRequires: gcc
BuildRequires: doxygen graphviz
BuildRequires: openssl-devel

%description
pkcs11-helper is a library that simplifies the interaction with PKCS#11
providers for end-user applications using a simple API and optional OpenSSL
engine. The library allows using multiple PKCS#11 providers at the same time,
enumerating available token certificates, or selecting a certificate directly
by serialized id, handling card removal and card insert events, handling card
re-insert to a different slot, supporting session expiration and much more all
using a simple API.

%package devel
Summary: Development files for pkcs11-helper
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: openssl-devel
# for /usr/share/aclocal
Requires: automake

%description devel
This package contains header files and documentation necessary for developing
programs using the pkcs11-helper library.


%prep
%autosetup -p1

%build
%configure --disable-static --enable-doc
%make_build


%install
%make_install

# Use %%doc to install documentation in a standard location
mkdir apidocdir
mv $RPM_BUILD_ROOT%{_datadir}/doc/%{name}/api/ apidocdir/
rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/%{name}/

# Remove libtool .la files
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la


%ldconfig_scriptlets


%files
%license COPYING*
%doc AUTHORS ChangeLog README THANKS
%{_libdir}/libpkcs11-helper.so.1*


%files devel
%doc apidocdir/*
%{_includedir}/pkcs11-helper-1.0/
%{_libdir}/libpkcs11-helper.so
%{_libdir}/pkgconfig/libpkcs11-helper-1.pc
%{_datadir}/aclocal/pkcs11-helper-1.m4
%{_mandir}/man8/pkcs11-helper-1.8*


%changelog
* Thu Apr 21 2022 Anthony Rabbito <hello@anthonyrabbito.com> - 1.29.0-1
- Update to 1.29.0

* Thu Apr 21 2022 Anthony Rabbito <hello@anthonyrabbito.com> - 1.28.0-3
- Drop pkcs11-helper-openssl3.patch

* Thu Apr 21 2022 Anthony Rabbito <hello@anthonyrabbito.com> - 1.28.0-2
- Use version macro in the entire source URL.

* Thu Apr 21 2022 Anthony Rabbito <hello@anthonyrabbito.com> - 1.28.0-1
- Update to 1.28.0

* Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.27.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild

* Mon Oct 04 2021 Neal Gompa <ngompa@fedoraproject.org> - 1.27.0-6
- Backport fix for OpenSSL 3.0 support

* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 1.27.0-5
- Rebuilt with OpenSSL 3.0.0

* Tue Jul 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.27.0-4
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild

* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.27.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

* Fri Dec 18 2020 Kalev Lember <klember@redhat.com> - 1.27.0-2
- Update pkcs11-helper-rfc7512.patch from
https://github.com/OpenSC/pkcs11-helper/pull/4 (#1849259)

* Fri Nov 20 2020 Kalev Lember <klember@redhat.com> - 1.27.0-1
- Update to 1.27.0
- Use make_build and make_install macros
- Tighten soname globs
- Use license macro for COPYING*
- Tighten requires with _isa macro

* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.22-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

* Fri Apr 24 2020 David Woodhouse <dwmw2@infradead.org> - 1.22-10
- Fix serialisation of attributes with NUL bytes in (#1825496)

* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.22-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild

* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.22-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild

* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.22-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild

* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.22-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.22-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

* Fri Nov 24 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 1.22-4
- Addressed issue with RFC7512 URI parsing (#1516474)

* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.22-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.22-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

* Tue Feb 21 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 1.22-1
- New upstream release

* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.11-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild

* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.11-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

* Tue Sep 22 2015 David Woodhouse <David.Woodhouse@intel.com> - 1.11-7
- Fix ID buffer size for URI parsing (#1264645)

* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.11-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

* Wed Apr 29 2015 David Woodhouse <David.Woodhouse@intel.com> - 1.11-5
- Migrate ID serialisation format to RFC7512 (#1173554)

* Tue Dec 09 2014 David Woodhouse <David.Woodhouse@intel.com> - 1.11-4
- Apply upstream fix for bug #1172237 (ignore objects without CKA_ID)

* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.11-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.11-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

* Fri Apr 11 2014 Jon Ciesla <limburgher@gmail.com> - 1.11-1
- Latest upstream, required for openvpn 2.3.3.

* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

* Tue Apr 02 2013 Kalev Lember <kalevlember@gmail.com> - 1.10-1
- Update to 1.10

* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.09-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.09-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.09-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

* Wed Aug 17 2011 Kalev Lember <kalevlember@gmail.com> - 1.09-1
- Update to 1.09

* Sun Jun 19 2011 Kalev Lember <kalev@smartlink.ee> - 1.08-1
- Update to 1.08
- Clean up the spec file for modern rpmbuild

* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.07-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

* Thu Jul 01 2010 Kalev Lember <kalev@smartlink.ee> - 1.07-5
- use System Environment/Libraries group for main package
- removed R: pkgconfig from devel subpackage

* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 1.07-4
- rebuilt with new openssl

* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.07-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

* Sat Jul 11 2009 Kalev Lember <kalev@smartlink.ee> - 1.07-2
- Make devel package depend on automake for /usr/share/aclocal

* Tue Jun 23 2009 Kalev Lember <kalev@smartlink.ee> - 1.07-1
- Initial RPM release.
Write Preview
Loading…
Cancel
Save