MSVSphere Packaging Team
3 months ago
commit
b787b38ada
GPG Key ID:
B2B0B9F29E528FE8
@ -0,0 +1 @@
|
|||||||
|
SOURCES/pkcs11-provider-0.5.tar.xz
|
||||||
@ -0,0 +1 @@
|
|||||||
|
e66696df12f6ca2180947bf9531e2449036d64ed SOURCES/pkcs11-provider-0.5.tar.xz
|
||||||
@ -0,0 +1,49 @@
|
|||||||
|
From 9fa16b7fd398b62f06cb10892fe93dc574d67399 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Simo Sorce <simo@redhat.com>
|
||||||
|
Date: Wed, 5 Jun 2024 11:22:35 -0400
|
||||||
|
Subject: [PATCH] Fix types for old 32 bit systems
|
||||||
|
|
||||||
|
On x86 CK_ULONG and size_t have different sizes, ensure we use
|
||||||
|
compatible types on our helper functions.
|
||||||
|
|
||||||
|
Signed-off-by: Simo Sorce <simo@redhat.com>
|
||||||
|
---
|
||||||
|
src/asymmetric_cipher.c | 4 ++--
|
||||||
|
src/util.h | 2 +-
|
||||||
|
2 files changed, 3 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/asymmetric_cipher.c b/src/asymmetric_cipher.c
|
||||||
|
index 4d87b1c..3256fd2 100644
|
||||||
|
--- a/src/asymmetric_cipher.c
|
||||||
|
+++ b/src/asymmetric_cipher.c
|
||||||
|
@@ -251,12 +251,12 @@ static int p11prov_rsaenc_decrypt_init(void *ctx, void *provkey,
|
||||||
|
static int
|
||||||
|
p11prov_tls_constant_time_depadding(struct p11prov_rsaenc_ctx *encctx,
|
||||||
|
unsigned char *out, unsigned char *buf,
|
||||||
|
- size_t *out_size, CK_ULONG *ret_cond)
|
||||||
|
+ CK_ULONG *out_size, CK_ULONG *ret_cond)
|
||||||
|
{
|
||||||
|
unsigned char randbuf[SSL_MAX_MASTER_KEY_LENGTH];
|
||||||
|
CK_ULONG ver_cond = 0;
|
||||||
|
CK_ULONG cond = 0;
|
||||||
|
- size_t length = SSL_MAX_MASTER_KEY_LENGTH;
|
||||||
|
+ CK_ULONG length = SSL_MAX_MASTER_KEY_LENGTH;
|
||||||
|
int err;
|
||||||
|
|
||||||
|
/* always generate a random buffer, to constant_time swap in
|
||||||
|
diff --git a/src/util.h b/src/util.h
|
||||||
|
index bcbc2db..1b24666 100644
|
||||||
|
--- a/src/util.h
|
||||||
|
+++ b/src/util.h
|
||||||
|
@@ -120,7 +120,7 @@ static inline int constant_select_int(CK_ULONG cond, int a, int b)
|
||||||
|
return (int)((A & mask) | (B & ~mask));
|
||||||
|
}
|
||||||
|
|
||||||
|
-static inline void constant_select_buf(CK_ULONG cond, size_t size,
|
||||||
|
+static inline void constant_select_buf(CK_ULONG cond, CK_ULONG size,
|
||||||
|
unsigned char *dst, unsigned char *a,
|
||||||
|
unsigned char *b)
|
||||||
|
{
|
||||||
|
--
|
||||||
|
2.45.0
|
||||||
|
|
||||||
@ -0,0 +1,10 @@
|
|||||||
|
[provider_sect]
|
||||||
|
pkcs11 = pkcs11_sect
|
||||||
|
|
||||||
|
[pkcs11_sect]
|
||||||
|
activate = 1
|
||||||
|
## Some applications may require early loading to work properly
|
||||||
|
## however this setting should not be enabled by default because
|
||||||
|
## it will cause every application loading openssl to initialize
|
||||||
|
## the token. If needed uncomment the following:
|
||||||
|
#pkcs11-module-load-behavior = early
|
||||||
@ -0,0 +1,128 @@
|
|||||||
|
## START: Set by rpmautospec
|
||||||
|
## (rpmautospec version 0.6.5)
|
||||||
|
## RPMAUTOSPEC: autorelease, autochangelog
|
||||||
|
%define autorelease(e:s:pb:n) %{?-p:0.}%{lua:
|
||||||
|
release_number = 5;
|
||||||
|
base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}"));
|
||||||
|
print(release_number + base_release_number - 1);
|
||||||
|
}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}}
|
||||||
|
## END: Set by rpmautospec
|
||||||
|
|
||||||
|
#Enable gpg signature verification
|
||||||
|
%bcond_with gpgcheck
|
||||||
|
|
||||||
|
Name: pkcs11-provider
|
||||||
|
Version: 0.5
|
||||||
|
Release: %autorelease
|
||||||
|
Summary: A PKCS#11 provider for OpenSSL 3.0+
|
||||||
|
License: Apache-2.0
|
||||||
|
URL: https://github.com/latchset/pkcs11-provider
|
||||||
|
Source0: %{url}/releases/download/v%{version}/%{name}-%{version}.tar.xz
|
||||||
|
%if %{with gpgcheck}
|
||||||
|
Source1: %{url}/releases/download/v%{version}/%{name}-%{version}.tar.xz.asc
|
||||||
|
Source2: https://people.redhat.com/~ssorce/simo_redhat.asc
|
||||||
|
%endif
|
||||||
|
Source3: pkcs11-provider.conf
|
||||||
|
|
||||||
|
BuildRequires: openssl-devel >= 3.0.7
|
||||||
|
BuildRequires: gcc
|
||||||
|
BuildRequires: meson
|
||||||
|
%if %{with gpgcheck}
|
||||||
|
BuildRequires: gnupg2
|
||||||
|
%endif
|
||||||
|
|
||||||
|
# for tests
|
||||||
|
BuildRequires: nss-devel
|
||||||
|
BuildRequires: nss-softokn
|
||||||
|
BuildRequires: nss-softokn-devel
|
||||||
|
BuildRequires: nss-tools
|
||||||
|
BuildRequires: openssl
|
||||||
|
BuildRequires: softhsm
|
||||||
|
BuildRequires: opensc
|
||||||
|
BuildRequires: p11-kit-devel
|
||||||
|
BuildRequires: p11-kit-server
|
||||||
|
BuildRequires: gnutls-utils
|
||||||
|
BuildRequires: xz
|
||||||
|
BuildRequires: expect
|
||||||
|
|
||||||
|
Patch01: 0001-Fix-types-for-old-32-bit-systems.patch
|
||||||
|
|
||||||
|
%description
|
||||||
|
This is an Openssl 3.x provider to access Hardware or Software Tokens using
|
||||||
|
the PKCS#11 Cryptographic Token Interface.
|
||||||
|
This code targets version 3.0 of the interface but should be backwards
|
||||||
|
compatible to previous versions as well.
|
||||||
|
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%if %{with gpgcheck}
|
||||||
|
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%autosetup -p1
|
||||||
|
|
||||||
|
|
||||||
|
%build
|
||||||
|
%meson
|
||||||
|
%meson_build
|
||||||
|
|
||||||
|
|
||||||
|
%install
|
||||||
|
%meson_install
|
||||||
|
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.d
|
||||||
|
install -m644 '%{SOURCE3}' \
|
||||||
|
$RPM_BUILD_ROOT/%{_sysconfdir}/pki/tls/openssl.d/pkcs11-provider.conf
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
%check
|
||||||
|
# do not run them in parrallel with %{?_smp_mflags}
|
||||||
|
%meson_test --num-processes 1
|
||||||
|
|
||||||
|
|
||||||
|
%files
|
||||||
|
%license COPYING
|
||||||
|
%{_mandir}/man7/provider-pkcs11.*
|
||||||
|
%doc README.md
|
||||||
|
%{_libdir}/ossl-modules/pkcs11.so
|
||||||
|
%config(noreplace) %{_sysconfdir}/pki/tls/openssl.d/pkcs11-provider.conf
|
||||||
|
|
||||||
|
%changelog
|
||||||
|
## START: Generated by rpmautospec
|
||||||
|
* Wed Aug 07 2024 Ondrej Moris <omoris@redhat.com> - 0.5-5
|
||||||
|
- Add RHEL-10 CI and gating configuration
|
||||||
|
|
||||||
|
* Tue Aug 06 2024 Simo Sorce <simo@redhat.com> - 0.5-4
|
||||||
|
- Add automatic configuration on install
|
||||||
|
|
||||||
|
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 0.5-3
|
||||||
|
- Bump release for June 2024 mass rebuild
|
||||||
|
|
||||||
|
* Wed Jun 05 2024 Simo Sorce <simo@redhat.com> - 0.5-2
|
||||||
|
- Fix issue on i686 builds
|
||||||
|
|
||||||
|
* Wed Jun 05 2024 Simo Sorce <simo@redhat.com> - 0.5-1
|
||||||
|
- Update to version 0.5
|
||||||
|
|
||||||
|
* Tue Feb 20 2024 Yaakov Selkowitz <yselkowi@redhat.com> - 0.3-4
|
||||||
|
- Revert "Temporarily disable softhsm test dependency"
|
||||||
|
|
||||||
|
* Tue Feb 13 2024 Yaakov Selkowitz <yselkowi@redhat.com> - 0.3-3
|
||||||
|
- Temporarily disable softhsm test dependency
|
||||||
|
|
||||||
|
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.3-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Jan 22 2024 Simo Sorce <simo@redhat.com> - 0.3-1
|
||||||
|
- Updato to version 0.3
|
||||||
|
|
||||||
|
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.2-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Jul 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.2-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Jul 18 2023 Sahana Prasad <sahana@redhat.com> - 0.2-1
|
||||||
|
- Adding the sources and spec file to build the package Approved fedora
|
||||||
|
review bug rhbz#2211754
|
||||||
|
## END: Generated by rpmautospec
|
||||||
Loading…
Reference in new issue