diff options
author | James Bottomley <James.Bottomley@HansenPartnership.com> | 2019-02-04 11:48:35 -0500 |
---|---|---|
committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2019-02-04 11:48:35 -0500 |
commit | 878e666920a9319d21e3aeb453ac5bef0e330578 (patch) | |
tree | 0f160c3b4d18a302358e9e21c638d8ff31ebe61e | |
parent | 4f9a710b2d235527dd80013ef5207b93b782ab00 (diff) | |
download | openssl-pkcs11-export-878e666920a9319d21e3aeb453ac5bef0e330578.tar.gz |
move from opencryptoki to p11-kit include files
We already use p11-kit for the module path, so we might as well use it
for the definitions. Add a pkgconf check for the right version and
cope with a missing CKZ symbol (which was eventually added in a later
p11-kit version).
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
-rw-r--r-- | Makefile.am | 2 | ||||
-rw-r--r-- | configure.ac | 2 | ||||
-rw-r--r-- | crypto.c | 4 | ||||
-rw-r--r-- | openssl-pkcs11.h | 10 | ||||
-rw-r--r-- | pkcs11.c | 2 |
5 files changed, 13 insertions, 7 deletions
diff --git a/Makefile.am b/Makefile.am index 11da1e0..97e8da3 100644 --- a/Makefile.am +++ b/Makefile.am @@ -5,5 +5,5 @@ pkcs11dir=@pkcs11_dir@ openssl_pkcs11_la_LDFLAGS= -module -no-undefined -avoid-version -shared openssl_pkcs11_la_SOURCES= pkcs11.c ini.c openssl-pkcs11.h cache.c crypto.c -openssl_pkcs11_la_CFLAGS = $(CFLAGS) $(CRYPTO_CFLAGS) -Werror -Wall +openssl_pkcs11_la_CFLAGS = $(CFLAGS) $(CRYPTO_CFLAGS) $(P11KIT_CFLAGS) -Werror -Wall openssl_pkcs11_la_LIBADD = $(CRYPTO_LIBS) diff --git a/configure.ac b/configure.ac index aef8fb6..d498200 100644 --- a/configure.ac +++ b/configure.ac @@ -9,6 +9,8 @@ AC_PROG_LIBTOOL AC_PROG_LN_S PKG_CHECK_MODULES([CRYPTO], [libcrypto]) +# OAEP definitions are missing from earlier p11-kit +PKG_CHECK_MODULES([P11KIT], [p11-kit-1 >= 0.23.3]) AC_ARG_WITH( [pkcs11-dir], @@ -17,8 +17,6 @@ #include <openssl/err.h> #include <openssl/rsa.h> -#include <opencryptoki/pkcs11.h> - #include "openssl-pkcs11.h" static void crypto_add_BN(int sec_num, const char *key, const BIGNUM *value) @@ -217,7 +215,7 @@ static EVP_PKEY_CTX *add_padding(EVP_PKEY_CTX *ctx, CK_MECHANISM_PTR mech) EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, get_mgf1(p->mgf)); EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, p->sLen); } else if (mech->mechanism == CKM_RSA_PKCS_OAEP) { - struct CK_RSA_PKCS_OAEP_PARAMS *p = mech->pParameter; + CK_RSA_PKCS_OAEP_PARAMS *p = mech->pParameter; if (mech->ulParameterLen != sizeof(*p)) { fprintf(stderr, "OAEP mechanism parameter length %ld != %ld\n", diff --git a/openssl-pkcs11.h b/openssl-pkcs11.h index f225d85..4033cd8 100644 --- a/openssl-pkcs11.h +++ b/openssl-pkcs11.h @@ -1,7 +1,15 @@ #ifndef _OPENSSL_PKCS11_H #define _OPENSSL_PKCS11_H -#include <opencryptoki/pkcs11.h> +#include <p11-kit/pkcs11.h> + +/* some versions of p11-kit have a missing OAEP settings */ +#ifndef CKZ_DATA_SPECIFIED + +/* PKCS#1 RSA OAEP Encoding Parameter Sources */ +#define CKZ_DATA_SPECIFIED 0x00000001 + +#endif #define ENV_CONFIG "OPENSSL_PKCS11_CONF" #define CONFIG_FILE ".config/openssl-pkcs11/openssl-pkcs11.conf" @@ -9,8 +9,6 @@ #include <string.h> #include <stdio.h> -#include <opencryptoki/pkcs11.h> - #include "openssl-pkcs11.h" /* according to PKCS11 attribute values have to be space padded */ |