From a88a6cd47c7c24b24f190a93c2a91e2b96b45cd5 Mon Sep 17 00:00:00 2001
From: MSVSphere Packaging Team <packager@msvsphere-os.ru>
Date: Fri, 25 Oct 2024 18:24:31 +0300
Subject: [PATCH] import pkcs11-provider-0.5-5.el10

---
 .gitignore                                    |   1 +
 .pkcs11-provider.metadata                     |   1 +
 ...001-Fix-types-for-old-32-bit-systems.patch |  49 +++++++
 SOURCES/pkcs11-provider.conf                  |  10 ++
 SPECS/pkcs11-provider.spec                    | 128 ++++++++++++++++++
 5 files changed, 189 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 .pkcs11-provider.metadata
 create mode 100644 SOURCES/0001-Fix-types-for-old-32-bit-systems.patch
 create mode 100644 SOURCES/pkcs11-provider.conf
 create mode 100644 SPECS/pkcs11-provider.spec

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..2e7e915
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+SOURCES/pkcs11-provider-0.5.tar.xz
diff --git a/.pkcs11-provider.metadata b/.pkcs11-provider.metadata
new file mode 100644
index 0000000..202524d
--- /dev/null
+++ b/.pkcs11-provider.metadata
@@ -0,0 +1 @@
+e66696df12f6ca2180947bf9531e2449036d64ed SOURCES/pkcs11-provider-0.5.tar.xz
diff --git a/SOURCES/0001-Fix-types-for-old-32-bit-systems.patch b/SOURCES/0001-Fix-types-for-old-32-bit-systems.patch
new file mode 100644
index 0000000..674e5c8
--- /dev/null
+++ b/SOURCES/0001-Fix-types-for-old-32-bit-systems.patch
@@ -0,0 +1,49 @@
+From 9fa16b7fd398b62f06cb10892fe93dc574d67399 Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo@redhat.com>
+Date: Wed, 5 Jun 2024 11:22:35 -0400
+Subject: [PATCH] Fix types for old 32 bit systems
+
+On x86 CK_ULONG and size_t have different sizes, ensure we use
+compatible types on our helper functions.
+
+Signed-off-by: Simo Sorce <simo@redhat.com>
+---
+ src/asymmetric_cipher.c | 4 ++--
+ src/util.h              | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/asymmetric_cipher.c b/src/asymmetric_cipher.c
+index 4d87b1c..3256fd2 100644
+--- a/src/asymmetric_cipher.c
++++ b/src/asymmetric_cipher.c
+@@ -251,12 +251,12 @@ static int p11prov_rsaenc_decrypt_init(void *ctx, void *provkey,
+ static int
+ p11prov_tls_constant_time_depadding(struct p11prov_rsaenc_ctx *encctx,
+                                     unsigned char *out, unsigned char *buf,
+-                                    size_t *out_size, CK_ULONG *ret_cond)
++                                    CK_ULONG *out_size, CK_ULONG *ret_cond)
+ {
+     unsigned char randbuf[SSL_MAX_MASTER_KEY_LENGTH];
+     CK_ULONG ver_cond = 0;
+     CK_ULONG cond = 0;
+-    size_t length = SSL_MAX_MASTER_KEY_LENGTH;
++    CK_ULONG length = SSL_MAX_MASTER_KEY_LENGTH;
+     int err;
+ 
+     /* always generate a random buffer, to constant_time swap in
+diff --git a/src/util.h b/src/util.h
+index bcbc2db..1b24666 100644
+--- a/src/util.h
++++ b/src/util.h
+@@ -120,7 +120,7 @@ static inline int constant_select_int(CK_ULONG cond, int a, int b)
+     return (int)((A & mask) | (B & ~mask));
+ }
+ 
+-static inline void constant_select_buf(CK_ULONG cond, size_t size,
++static inline void constant_select_buf(CK_ULONG cond, CK_ULONG size,
+                                        unsigned char *dst, unsigned char *a,
+                                        unsigned char *b)
+ {
+-- 
+2.45.0
+
diff --git a/SOURCES/pkcs11-provider.conf b/SOURCES/pkcs11-provider.conf
new file mode 100644
index 0000000..d7c1f36
--- /dev/null
+++ b/SOURCES/pkcs11-provider.conf
@@ -0,0 +1,10 @@
+[provider_sect]
+pkcs11 = pkcs11_sect
+
+[pkcs11_sect]
+activate = 1
+## Some applications may require early loading to work properly
+## however this setting should not be enabled by default because
+## it will cause every application loading openssl to initialize
+## the token. If needed uncomment the following:
+#pkcs11-module-load-behavior = early
diff --git a/SPECS/pkcs11-provider.spec b/SPECS/pkcs11-provider.spec
new file mode 100644
index 0000000..e0716d4
--- /dev/null
+++ b/SPECS/pkcs11-provider.spec
@@ -0,0 +1,128 @@
+## START: Set by rpmautospec
+## (rpmautospec version 0.6.5)
+## RPMAUTOSPEC: autorelease, autochangelog
+%define autorelease(e:s:pb:n) %{?-p:0.}%{lua:
+    release_number = 5;
+    base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}"));
+    print(release_number + base_release_number - 1);
+}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}}
+## END: Set by rpmautospec
+
+#Enable gpg signature verification
+%bcond_with gpgcheck
+
+Name:          pkcs11-provider
+Version:       0.5
+Release:       %autorelease
+Summary:       A PKCS#11 provider for OpenSSL 3.0+
+License:       Apache-2.0
+URL:           https://github.com/latchset/pkcs11-provider
+Source0:       %{url}/releases/download/v%{version}/%{name}-%{version}.tar.xz
+%if %{with gpgcheck}
+Source1:       %{url}/releases/download/v%{version}/%{name}-%{version}.tar.xz.asc
+Source2:       https://people.redhat.com/~ssorce/simo_redhat.asc
+%endif
+Source3:       pkcs11-provider.conf
+
+BuildRequires: openssl-devel >= 3.0.7
+BuildRequires: gcc
+BuildRequires: meson
+%if %{with gpgcheck}
+BuildRequires: gnupg2
+%endif
+
+# for tests
+BuildRequires: nss-devel
+BuildRequires: nss-softokn
+BuildRequires: nss-softokn-devel
+BuildRequires: nss-tools
+BuildRequires: openssl
+BuildRequires: softhsm
+BuildRequires: opensc
+BuildRequires: p11-kit-devel
+BuildRequires: p11-kit-server
+BuildRequires: gnutls-utils
+BuildRequires: xz
+BuildRequires: expect
+
+Patch01: 0001-Fix-types-for-old-32-bit-systems.patch
+
+%description
+This is an Openssl 3.x provider to access Hardware or Software Tokens using
+the PKCS#11 Cryptographic Token Interface.
+This code targets version 3.0 of the interface but should be backwards
+compatible to previous versions as well.
+
+
+%prep
+%if %{with gpgcheck}
+%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
+%endif
+
+%autosetup -p1
+
+
+%build
+%meson
+%meson_build
+
+
+%install
+%meson_install
+mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.d
+install -m644 '%{SOURCE3}' \
+        $RPM_BUILD_ROOT/%{_sysconfdir}/pki/tls/openssl.d/pkcs11-provider.conf
+
+
+
+%check
+# do not run them in parrallel with %{?_smp_mflags}
+%meson_test --num-processes 1
+
+
+%files
+%license COPYING
+%{_mandir}/man7/provider-pkcs11.*
+%doc README.md
+%{_libdir}/ossl-modules/pkcs11.so
+%config(noreplace) %{_sysconfdir}/pki/tls/openssl.d/pkcs11-provider.conf
+
+%changelog
+## START: Generated by rpmautospec
+* Wed Aug 07 2024 Ondrej Moris <omoris@redhat.com> - 0.5-5
+- Add RHEL-10 CI and gating configuration
+
+* Tue Aug 06 2024 Simo Sorce <simo@redhat.com> - 0.5-4
+- Add automatic configuration on install
+
+* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 0.5-3
+- Bump release for June 2024 mass rebuild
+
+* Wed Jun 05 2024 Simo Sorce <simo@redhat.com> - 0.5-2
+- Fix issue on i686 builds
+
+* Wed Jun 05 2024 Simo Sorce <simo@redhat.com> - 0.5-1
+- Update to version 0.5
+
+* Tue Feb 20 2024 Yaakov Selkowitz <yselkowi@redhat.com> - 0.3-4
+- Revert "Temporarily disable softhsm test dependency"
+
+* Tue Feb 13 2024 Yaakov Selkowitz <yselkowi@redhat.com> - 0.3-3
+- Temporarily disable softhsm test dependency
+
+* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Mon Jan 22 2024 Simo Sorce <simo@redhat.com> - 0.3-1
+- Updato to version 0.3
+
+* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.2-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Fri Jul 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Tue Jul 18 2023 Sahana Prasad <sahana@redhat.com> - 0.2-1
+- Adding the sources and spec file to build the package Approved fedora
+  review bug rhbz#2211754
+## END: Generated by rpmautospec