Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package pkcs11-helper for openSUSE:Factory checked in at 2022-01-07 12:45:20 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pkcs11-helper (Old) and /work/SRC/openSUSE:Factory/.pkcs11-helper.new.1896 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pkcs11-helper" Fri Jan 7 12:45:20 2022 rev:26 rq:944144 version:1.27.0 Changes: -------- --- /work/SRC/openSUSE:Factory/pkcs11-helper/pkcs11-helper.changes 2019-08-19 20:46:19.345112181 +0200 +++ /work/SRC/openSUSE:Factory/.pkcs11-helper.new.1896/pkcs11-helper.changes 2022-01-07 12:46:04.679832823 +0100 @@ -1,0 +2,12 @@ +Mon Dec 13 20:11:31 UTC 2021 - Dirk M??ller <dmuel...@suse.com> + +- update to 1.27.0: + * core: handle PIN expiration after C_Login as C_Login may take a while + * core: return explict success when plugin&play and no threading and no + safefork, thanks to Tunnelblick + * openssl: build with openssl ec disabled + * openssl: support RSA_NO_PADDING padding, thanks to Selva Nair + * core: reduce mutex lock scope of add/remove provider, thanks to Frank Morgner + * core: improve the fork fixup sequence + +------------------------------------------------------------------- Old: ---- pkcs11-helper-1.25.1.tar.bz2 New: ---- pkcs11-helper-1.27.0.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pkcs11-helper.spec ++++++ --- /var/tmp/diff_new_pack.MGl2VK/_old 2022-01-07 12:46:05.139833142 +0100 +++ /var/tmp/diff_new_pack.MGl2VK/_new 2022-01-07 12:46:05.143833145 +0100 @@ -1,7 +1,7 @@ # # spec file for package pkcs11-helper # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,13 +17,13 @@ Name: pkcs11-helper -Version: 1.25.1 +Version: 1.27.0 Release: 0 Summary: Helper Library for the Use with Smart Cards and the PKCS#11 API License: BSD-3-Clause AND GPL-2.0-only Group: Development/Libraries/C and C++ -Url: https://github.com/OpenSC/OpenSC/wiki -Source: https://github.com/OpenSC/pkcs11-helper/releases/download/%{name}-%{version}/%{name}-%{version}.tar.bz2 +URL: https://github.com/OpenSC/OpenSC/wiki +Source0: https://github.com/OpenSC/%{name}/releases/download/%{name}-1.27/%{name}-%{version}.tar.bz2 Source2: baselibs.conf BuildRequires: doxygen BuildRequires: fdupes @@ -80,7 +80,7 @@ --disable-crypto-engine-polarssl \ --disable-crypto-engine-mbedtls \ --disable-crypto-engine-cryptoapi -make %{?_smp_mflags} +%make_build %install %make_install ++++++ pkcs11-helper-1.25.1.tar.bz2 -> pkcs11-helper-1.27.0.tar.bz2 ++++++ ++++ 8922 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pkcs11-helper-1.25.1/ChangeLog new/pkcs11-helper-1.27.0/ChangeLog --- old/pkcs11-helper-1.25.1/ChangeLog 2018-08-16 15:13:28.000000000 +0200 +++ new/pkcs11-helper-1.27.0/ChangeLog 2020-11-17 19:46:56.000000000 +0100 @@ -1,5 +1,18 @@ pkcs11-helper -Copyright (c) 2005-2018 Alon Bar-Lev <alon.bar...@gmail.com> +Copyright (c) 2005-2020 Alon Bar-Lev <alon.bar...@gmail.com> + +2020-11-17 - Version 1.27 + +* core: handle PIN expiration after C_Login as C_Login may take a while +* core: return explict success when plugin&play and no threading and no + safefork, thanks to Tunnelblick + +2020-01-21 - Version 1.26 + +* openssl: build with openssl ec disabled +* openssl: support RSA_NO_PADDING padding, thanks to Selva Nair +* core: reduce mutex lock scope of add/remove provider, thanks to Frank Morgner +* core: improve the fork fixup sequence 2018-08-16 - Version 1.25.1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pkcs11-helper-1.25.1/compile new/pkcs11-helper-1.27.0/compile --- old/pkcs11-helper-1.25.1/compile 2018-08-16 15:13:57.000000000 +0200 +++ new/pkcs11-helper-1.27.0/compile 2020-11-17 19:48:56.000000000 +0100 @@ -1,9 +1,9 @@ #! /bin/sh # Wrapper for compilers which do not understand '-c -o'. -scriptversion=2016-01-11.22; # UTC +scriptversion=2018-03-07.03; # UTC -# Copyright (C) 1999-2017 Free Software Foundation, Inc. +# Copyright (C) 1999-2018 Free Software Foundation, Inc. # Written by Tom Tromey <tro...@cygnus.com>. # # This program is free software; you can redistribute it and/or modify @@ -17,7 +17,7 @@ # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. +# along with this program. If not, see <https://www.gnu.org/licenses/>. # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -340,7 +340,7 @@ # Local Variables: # mode: shell-script # sh-indentation: 2 -# eval: (add-hook 'write-file-hooks 'time-stamp) +# eval: (add-hook 'before-save-hook 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-time-zone: "UTC0" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pkcs11-helper-1.25.1/config-w32-vc.h new/pkcs11-helper-1.27.0/config-w32-vc.h --- old/pkcs11-helper-1.25.1/config-w32-vc.h 2018-08-16 15:14:16.000000000 +0200 +++ new/pkcs11-helper-1.27.0/config-w32-vc.h 2020-11-17 19:49:15.000000000 +0100 @@ -127,13 +127,13 @@ #define PACKAGE_NAME "pkcs11-helper" /* Define to the full name and version of this package. */ -#define PACKAGE_STRING "pkcs11-helper 1.25.1" +#define PACKAGE_STRING "pkcs11-helper 1.27.0" /* Define to the one symbol short name of this package. */ #define PACKAGE_TARNAME "pkcs11-helper" /* Define to the version of this package. */ -#define PACKAGE_VERSION "1.25.1" +#define PACKAGE_VERSION "1.27.0" /* Define if you are on Cygwin */ /* #undef PKCS11H_USE_CYGWIN */ @@ -163,7 +163,7 @@ /* #undef USE_VALGRIND */ /* Version number of package */ -#define VERSION "1.25.1" +#define VERSION "1.27.0" /* Define to empty if `const' does not conform to ANSI C. */ /* #undef const */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pkcs11-helper-1.25.1/configure.ac new/pkcs11-helper-1.27.0/configure.ac --- old/pkcs11-helper-1.25.1/configure.ac 2018-08-16 15:13:28.000000000 +0200 +++ new/pkcs11-helper-1.27.0/configure.ac 2020-11-17 19:47:08.000000000 +0100 @@ -51,8 +51,8 @@ AC_PREREQ(2.60) define([PACKAGE_VERSION_MAJOR], [1]) -define([PACKAGE_VERSION_MINOR], [25]) -define([PACKAGE_VERSION_FIX], [1]) +define([PACKAGE_VERSION_MINOR], [27]) +define([PACKAGE_VERSION_FIX], [0]) define([PACKAGE_SUFFIX], []) AC_INIT([pkcs11-helper],[PACKAGE_VERSION_MAJOR.PACKAGE_VERSION_MINOR.PACKAGE_VERSION_FIX[]PACKAGE_SUFFIX]) @@ -607,6 +607,7 @@ tests/Makefile tests/test-basic/Makefile tests/test-certificate/Makefile + tests/test-fork/Makefile tests/test-openssl/Makefile tests/test-slotevent/Makefile ]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pkcs11-helper-1.25.1/distro/rpm/pkcs11-helper.spec new/pkcs11-helper-1.27.0/distro/rpm/pkcs11-helper.spec --- old/pkcs11-helper-1.25.1/distro/rpm/pkcs11-helper.spec 2018-08-16 15:14:17.000000000 +0200 +++ new/pkcs11-helper-1.27.0/distro/rpm/pkcs11-helper.spec 2020-11-17 19:49:15.000000000 +0100 @@ -2,7 +2,7 @@ %bcond_with doc %define name pkcs11-helper -%define version 1.25.1 +%define version 1.27.0 %define release 2 %define prefix /usr diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pkcs11-helper-1.25.1/include/pkcs11-helper-1.0/pkcs11h-core.h new/pkcs11-helper-1.27.0/include/pkcs11-helper-1.0/pkcs11h-core.h --- old/pkcs11-helper-1.25.1/include/pkcs11-helper-1.0/pkcs11h-core.h 2018-08-04 20:45:23.000000000 +0200 +++ new/pkcs11-helper-1.27.0/include/pkcs11-helper-1.0/pkcs11h-core.h 2020-11-17 19:38:56.000000000 +0100 @@ -480,7 +480,11 @@ /** * @brief Handle special case of POSIX fork() * @return CK_RV. - * @attention This function must be called from the main thread. + * @attention + * This function must be called once from the main thread of child process. + * It must be called before any pkcs11-helper calls. + * In case you do not want to use PKCS#11 at child, call this function and + * then pkcs11h_terminate. * @attention * This function should be called after fork is called. This is required * due to a limitation of the PKCS#11 standard. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pkcs11-helper-1.25.1/include/pkcs11-helper-1.0/pkcs11h-version.h new/pkcs11-helper-1.27.0/include/pkcs11-helper-1.0/pkcs11h-version.h --- old/pkcs11-helper-1.25.1/include/pkcs11-helper-1.0/pkcs11h-version.h 2018-08-16 15:14:17.000000000 +0200 +++ new/pkcs11-helper-1.27.0/include/pkcs11-helper-1.0/pkcs11h-version.h 2020-11-17 19:49:15.000000000 +0100 @@ -70,8 +70,8 @@ */ #define PKCS11H_VERSION ( \ (1<<16) | \ - (25<<8) | \ - (1<<0) \ + (27<<8) | \ + (0<<0) \ ) /** @} */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pkcs11-helper-1.25.1/lib/pkcs11h-core.c new/pkcs11-helper-1.27.0/lib/pkcs11h-core.c --- old/pkcs11-helper-1.25.1/lib/pkcs11h-core.c 2018-08-16 15:05:50.000000000 +0200 +++ new/pkcs11-helper-1.27.0/lib/pkcs11h-core.c 2020-11-17 19:44:34.000000000 +0100 @@ -114,9 +114,7 @@ #endif static CK_RV -__pkcs11h_forkFixup ( - IN const PKCS11H_BOOL activate_slotevent -); +__pkcs11h_forkFixup (); #endif @@ -653,9 +651,6 @@ IN const unsigned slot_poll_interval, IN const PKCS11H_BOOL cert_is_private ) { -#if defined(ENABLE_PKCS11H_THREADING) - PKCS11H_BOOL mutex_locked = FALSE; -#endif #if defined(ENABLE_PKCS11H_DEBUG) #if defined(_WIN32) int mypid = 0; @@ -698,13 +693,6 @@ provider_location ); -#if defined(ENABLE_PKCS11H_THREADING) - if ((rv = _pkcs11h_threading_mutexLock (&_g_pkcs11h_data->mutexes.global)) != CKR_OK) { - goto cleanup; - } - mutex_locked = TRUE; -#endif - if ((rv = _pkcs11h_mem_malloc ((void *)&provider, sizeof (struct _pkcs11h_provider_s))) != CKR_OK) { goto cleanup; } @@ -806,6 +794,12 @@ provider->enabled = TRUE; +#if defined(ENABLE_PKCS11H_THREADING) + if ((rv = _pkcs11h_threading_mutexLock (&_g_pkcs11h_data->mutexes.global)) != CKR_OK) { + goto cleanup; + } +#endif + if (_g_pkcs11h_data->providers == NULL) { _g_pkcs11h_data->providers = provider; } @@ -821,6 +815,11 @@ } provider = NULL; + +#if defined(ENABLE_PKCS11H_THREADING) + _pkcs11h_threading_mutexRelease (&_g_pkcs11h_data->mutexes.global); +#endif + rv = CKR_OK; cleanup: @@ -839,13 +838,6 @@ provider = NULL; } -#if defined(ENABLE_PKCS11H_THREADING) - if (mutex_locked) { - _pkcs11h_threading_mutexRelease (&_g_pkcs11h_data->mutexes.global); - mutex_locked = FALSE; - } -#endif - #if defined(ENABLE_PKCS11H_SLOTEVENT) _pkcs11h_slotevent_notify (); #endif @@ -877,6 +869,7 @@ PKCS11H_BOOL has_mutex_global = FALSE; PKCS11H_BOOL has_mutex_cache = FALSE; PKCS11H_BOOL has_mutex_session = FALSE; + CK_RV lock_rv; #endif _pkcs11h_provider_t provider = NULL; CK_RV rv = CKR_FUNCTION_FAILED; @@ -896,16 +889,18 @@ ); #if defined(ENABLE_PKCS11H_THREADING) - if ((rv = _pkcs11h_threading_mutexLock (&_g_pkcs11h_data->mutexes.cache)) != CKR_OK) { - goto cleanup; + lock_rv = CKR_OK; + + if ((lock_rv = _pkcs11h_threading_mutexLock (&_g_pkcs11h_data->mutexes.cache)) != CKR_OK) { + goto free1; } has_mutex_cache = TRUE; - if ((rv = _pkcs11h_threading_mutexLock (&_g_pkcs11h_data->mutexes.session)) != CKR_OK) { - goto cleanup; + if ((lock_rv = _pkcs11h_threading_mutexLock (&_g_pkcs11h_data->mutexes.session)) != CKR_OK) { + goto free1; } has_mutex_session = TRUE; - if ((rv = _pkcs11h_threading_mutexLock (&_g_pkcs11h_data->mutexes.global)) != CKR_OK) { - goto cleanup; + if ((lock_rv = _pkcs11h_threading_mutexLock (&_g_pkcs11h_data->mutexes.global)) != CKR_OK) { + goto free1; } has_mutex_global = TRUE; @@ -926,12 +921,44 @@ provider = provider->next; } + if (provider != NULL) { + provider->enabled = FALSE; + } + +#if defined(ENABLE_PKCS11H_THREADING) +free1: + for ( + current_session = _g_pkcs11h_data->sessions; + current_session != NULL; + current_session = current_session->next + ) { + _pkcs11h_threading_mutexRelease (¤t_session->mutex); + } + + if (has_mutex_cache) { + _pkcs11h_threading_mutexRelease (&_g_pkcs11h_data->mutexes.cache); + has_mutex_cache = FALSE; + } + if (has_mutex_session) { + _pkcs11h_threading_mutexRelease (&_g_pkcs11h_data->mutexes.session); + has_mutex_session = FALSE; + } + if (has_mutex_global) { + _pkcs11h_threading_mutexRelease (&_g_pkcs11h_data->mutexes.global); + has_mutex_global = FALSE; + } + + if (lock_rv != CKR_OK) { + rv = lock_rv; + goto cleanup; + } +#endif + if (provider == NULL) { rv = CKR_OBJECT_HANDLE_INVALID; goto cleanup; } - provider->enabled = FALSE; provider->reference[0] = '\0'; if (provider->should_finalize) { @@ -968,29 +995,6 @@ cleanup: -#if defined(ENABLE_PKCS11H_THREADING) - for ( - current_session = _g_pkcs11h_data->sessions; - current_session != NULL; - current_session = current_session->next - ) { - _pkcs11h_threading_mutexRelease (¤t_session->mutex); - } - - if (has_mutex_cache) { - _pkcs11h_threading_mutexRelease (&_g_pkcs11h_data->mutexes.cache); - has_mutex_cache = FALSE; - } - if (has_mutex_session) { - _pkcs11h_threading_mutexRelease (&_g_pkcs11h_data->mutexes.session); - has_mutex_session = FALSE; - } - if (has_mutex_global) { - _pkcs11h_threading_mutexRelease (&_g_pkcs11h_data->mutexes.global); - has_mutex_global = FALSE; - } -#endif - _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_removeProvider return rv=%lu-'%s'", @@ -1010,7 +1014,10 @@ return CKR_OK; #else if (_g_pkcs11h_data->safefork) { - return __pkcs11h_forkFixup (TRUE); + return __pkcs11h_forkFixup (); + } + else { + return CKR_OK; } #endif #endif @@ -1278,7 +1285,12 @@ if (_g_pkcs11h_data != NULL && _g_pkcs11h_data->initialized) { _pkcs1h_threading_mutexReleaseAll (); if (_g_pkcs11h_data->safefork) { - __pkcs11h_forkFixup (TRUE); + static PKCS11H_BOOL in_forkfixup = FALSE; + if (!in_forkfixup) { + in_forkfixup = TRUE; + __pkcs11h_forkFixup (); + in_forkfixup = FALSE; + } } } } @@ -1287,37 +1299,20 @@ static CK_RV -__pkcs11h_forkFixup ( - IN const PKCS11H_BOOL activate_slotevent -) { -#if defined(ENABLE_PKCS11H_THREADING) - PKCS11H_BOOL mutex_locked = FALSE; -#endif +__pkcs11h_forkFixup () { #if defined(ENABLE_PKCS11H_DEBUG) pid_t mypid = getpid (); #endif _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, - "PKCS#11: __pkcs11h_forkFixup entry pid=%d, activate_slotevent=%d", - mypid, - activate_slotevent ? 1 : 0 + "PKCS#11: __pkcs11h_forkFixup entry pid=%d", + mypid ); -#if !defined(ENABLE_PKCS11H_SLOTEVENT) - (void)activate_slotevent; -#endif - if (_g_pkcs11h_data != NULL && _g_pkcs11h_data->initialized) { _pkcs11h_provider_t current; -#if defined(ENABLE_PKCS11H_THREADING) - if (_pkcs11h_threading_mutexLock (&_g_pkcs11h_data->mutexes.global) != CKR_OK) { - goto cleanup; - } - mutex_locked = TRUE; -#endif - for ( current = _g_pkcs11h_data->providers; current != NULL; @@ -1334,22 +1329,10 @@ */ if (_g_pkcs11h_data->slotevent.initialized) { _pkcs11h_slotevent_terminate_force (); - - if (activate_slotevent) { - _pkcs11h_slotevent_init (); - } + _pkcs11h_slotevent_init (); } #endif } - -#if defined(ENABLE_PKCS11H_THREADING) - cleanup: - - if (mutex_locked) { - _pkcs11h_threading_mutexRelease (&_g_pkcs11h_data->mutexes.global); - mutex_locked = FALSE; - } -#endif } _PKCS11H_DEBUG ( diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pkcs11-helper-1.25.1/lib/pkcs11h-openssl.c new/pkcs11-helper-1.27.0/lib/pkcs11h-openssl.c --- old/pkcs11-helper-1.25.1/lib/pkcs11h-openssl.c 2018-08-04 20:45:24.000000000 +0200 +++ new/pkcs11-helper-1.27.0/lib/pkcs11h-openssl.c 2020-11-17 19:38:56.000000000 +0100 @@ -263,6 +263,7 @@ } #endif +#ifdef __ENABLE_EC #ifndef HAVE_ECDSA_SIG_SET0 static int ECDSA_SIG_set0 (ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) @@ -275,7 +276,6 @@ } #endif -#ifdef __ENABLE_EC #ifndef HAVE_EC_KEY_METHOD_GET_SIGN void EC_KEY_METHOD_get_sign(const EC_KEY_METHOD *meth, int (**psign)(int type, const unsigned char *dgst, @@ -478,6 +478,9 @@ rv = CKR_MECHANISM_INVALID; break; case RSA_NO_PADDING: + mech = CKM_RSA_X_509; + break; + default: rv = CKR_MECHANISM_INVALID; break; } @@ -552,6 +555,7 @@ PKCS11H_BOOL session_locked = FALSE; CK_RV rv = CKR_FUNCTION_FAILED; size_t tlen; + CK_MECHANISM_TYPE mech = CKM_RSA_PKCS; _PKCS11H_ASSERT (from!=NULL); _PKCS11H_ASSERT (to!=NULL); @@ -567,9 +571,16 @@ padding ); - if (padding != RSA_PKCS1_PADDING) { - rv = CKR_MECHANISM_INVALID; - goto cleanup; + switch (padding) { + case RSA_PKCS1_PADDING: + mech = CKM_RSA_PKCS; + break; + case RSA_NO_PADDING: + mech = CKM_RSA_X_509; + break; + default: + rv = CKR_MECHANISM_INVALID; + goto cleanup; } tlen = (size_t)RSA_size(rsa); @@ -587,7 +598,7 @@ if ( (rv = pkcs11h_certificate_signAny ( certificate, - CKM_RSA_PKCS, + mech, from, flen, to, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pkcs11-helper-1.25.1/lib/pkcs11h-session.c new/pkcs11-helper-1.27.0/lib/pkcs11h-session.c --- old/pkcs11-helper-1.25.1/lib/pkcs11h-session.c 2018-08-04 20:45:24.000000000 +0200 +++ new/pkcs11-helper-1.27.0/lib/pkcs11h-session.c 2020-11-17 19:38:56.000000000 +0100 @@ -1049,10 +1049,6 @@ } - if ((rv = __pkcs11h_session_touch (session)) != CKR_OK) { - goto cleanup; - } - if ( (rv = session->provider->f->C_Login ( session->session_handle, @@ -1065,6 +1061,10 @@ goto retry; } + if ((rv = __pkcs11h_session_touch (session)) != CKR_OK) { + goto cleanup; + } + login_succeeded = TRUE; rv = CKR_OK; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pkcs11-helper-1.25.1/lib/versioninfo.rc new/pkcs11-helper-1.27.0/lib/versioninfo.rc --- old/pkcs11-helper-1.25.1/lib/versioninfo.rc 2018-08-16 15:14:17.000000000 +0200 +++ new/pkcs11-helper-1.27.0/lib/versioninfo.rc 2020-11-17 19:49:15.000000000 +0100 @@ -2,7 +2,7 @@ VS_VERSION_INFO VERSIONINFO FILEVERSION 1,0,0,0 - PRODUCTVERSION 1,25,1,0 + PRODUCTVERSION 1,27,0,0 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x21L @@ -27,8 +27,8 @@ VALUE "OriginalFilename", "pkcs11-helper-1.dll\0" VALUE "PrivateBuild", "\0" VALUE "ProductName", "pkcs11-helper\0" - VALUE "ProductVersion", "1,25,1,0\0" - VALUE "SpecialBuild", " openssl engine_crypto_openssl engine_crypto_gnutls engine_crypto_nss debug threading token data certificate slotevent engine_crypto\0" + VALUE "ProductVersion", "1,27,0,0\0" + VALUE "SpecialBuild", " openssl engine_crypto_openssl engine_crypto_gnutls debug threading token data certificate slotevent engine_crypto\0" END END END diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pkcs11-helper-1.25.1/m4/libtool.m4 new/pkcs11-helper-1.27.0/m4/libtool.m4 --- old/pkcs11-helper-1.25.1/m4/libtool.m4 2018-08-16 15:13:43.000000000 +0200 +++ new/pkcs11-helper-1.27.0/m4/libtool.m4 2020-11-17 19:48:41.000000000 +0100 @@ -1708,6 +1708,11 @@ lt_cv_sys_max_cmd_len=8192; ;; + mint*) + # On MiNT this can take a long time and run out of memory. + lt_cv_sys_max_cmd_len=8192; + ;; + amigaos*) # On AmigaOS with pdksh, this test takes hours, literally. # So we just punt and use a minimum line length of 8192. @@ -2636,11 +2641,11 @@ version_type=darwin need_lib_prefix=no need_version=no - library_names_spec='$libname$release$major$shared_ext $libname$shared_ext' + library_names_spec='$libname$release$versuffix$shared_ext $libname$release$major$shared_ext $libname$shared_ext' soname_spec='$libname$release$major$shared_ext' shlibpath_overrides_runpath=yes shlibpath_var=DYLD_LIBRARY_PATH - shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' + shrext_cmds='`test .$module = .yes && echo .bundle || echo .dylib`' m4_if([$1], [],[ sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"]) sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pkcs11-helper-1.25.1/man/pkcs11-helper-1.8 new/pkcs11-helper-1.27.0/man/pkcs11-helper-1.8 --- old/pkcs11-helper-1.25.1/man/pkcs11-helper-1.8 2018-08-04 20:48:13.000000000 +0200 +++ new/pkcs11-helper-1.27.0/man/pkcs11-helper-1.8 2020-11-17 19:38:56.000000000 +0100 @@ -49,7 +49,7 @@ .\" .Dd November 18, 2006 .Os POSIX-compatible -.Dt pkcs11-helper 1 +.Dt pkcs11-helper 8 .Sh NAME .Nm pkcs11-helper .Nd Simplified PKCS#11 library. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pkcs11-helper-1.25.1/missing new/pkcs11-helper-1.27.0/missing --- old/pkcs11-helper-1.25.1/missing 2018-08-16 15:13:57.000000000 +0200 +++ new/pkcs11-helper-1.27.0/missing 2020-11-17 19:48:56.000000000 +0100 @@ -1,9 +1,9 @@ #! /bin/sh # Common wrapper for a few potentially missing GNU programs. -scriptversion=2016-01-11.22; # UTC +scriptversion=2018-03-07.03; # UTC -# Copyright (C) 1996-2017 Free Software Foundation, Inc. +# Copyright (C) 1996-2018 Free Software Foundation, Inc. # Originally written by Fran,cois Pinard <pin...@iro.umontreal.ca>, 1996. # This program is free software; you can redistribute it and/or modify @@ -17,7 +17,7 @@ # GNU General Public License for more details. # You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. +# along with this program. If not, see <https://www.gnu.org/licenses/>. # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -101,9 +101,9 @@ exit $st fi -perl_URL=http://www.perl.org/ -flex_URL=http://flex.sourceforge.net/ -gnu_software_URL=http://www.gnu.org/software +perl_URL=https://www.perl.org/ +flex_URL=https://github.com/westes/flex +gnu_software_URL=https://www.gnu.org/software program_details () { @@ -207,7 +207,7 @@ exit $st # Local variables: -# eval: (add-hook 'write-file-hooks 'time-stamp) +# eval: (add-hook 'before-save-hook 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-time-zone: "UTC0" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pkcs11-helper-1.25.1/test-driver new/pkcs11-helper-1.27.0/test-driver --- old/pkcs11-helper-1.25.1/test-driver 2018-08-16 15:13:57.000000000 +0200 +++ new/pkcs11-helper-1.27.0/test-driver 2020-11-17 19:48:57.000000000 +0100 @@ -1,9 +1,9 @@ #! /bin/sh # test-driver - basic testsuite driver script. -scriptversion=2016-01-11.22; # UTC +scriptversion=2018-03-07.03; # UTC -# Copyright (C) 2011-2017 Free Software Foundation, Inc. +# Copyright (C) 2011-2018 Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -16,7 +16,7 @@ # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. +# along with this program. If not, see <https://www.gnu.org/licenses/>. # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -140,7 +140,7 @@ # Local Variables: # mode: shell-script # sh-indentation: 2 -# eval: (add-hook 'write-file-hooks 'time-stamp) +# eval: (add-hook 'before-save-hook 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-time-zone: "UTC0" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pkcs11-helper-1.25.1/tests/Makefile.am new/pkcs11-helper-1.27.0/tests/Makefile.am --- old/pkcs11-helper-1.25.1/tests/Makefile.am 2018-08-04 20:45:24.000000000 +0200 +++ new/pkcs11-helper-1.27.0/tests/Makefile.am 2020-11-17 19:38:56.000000000 +0100 @@ -52,6 +52,7 @@ COMMON= \ test-basic \ + test-fork \ test-certificate \ test-openssl \ test-slotevent diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pkcs11-helper-1.25.1/tests/test-fork/Makefile.am new/pkcs11-helper-1.27.0/tests/test-fork/Makefile.am --- old/pkcs11-helper-1.25.1/tests/test-fork/Makefile.am 1970-01-01 01:00:00.000000000 +0100 +++ new/pkcs11-helper-1.27.0/tests/test-fork/Makefile.am 2020-11-17 19:38:56.000000000 +0100 @@ -0,0 +1,62 @@ +# +# Copyright (c) 2005-2018 Alon Bar-Lev <alon.bar...@gmail.com> +# +# This software is available to you under a choice of one of two +# licenses. You may choose to be licensed under the terms of the GNU +# General Public License (GPL) Version 2, or the BSD license. +# +# GNU General Public License (GPL) Version 2 +# =========================================== +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program (see the file COPYING.GPL included with this +# distribution); if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# BSD License +# ============ +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# +# o Redistributions of source code must retain the above copyright notice, +# this list of conditions and the following disclaimer. +# o Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# o Neither the name of the Alon Bar-Lev nor the names of its +# contributors may be used to endorse or promote products derived from +# this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE +# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# + +MAINTAINERCLEANFILES=$(srcdir)/Makefile.in + +TESTS=test-fork +noinst_PROGRAMS=test-fork + +AM_CPPFLAGS= \ + -I$(top_srcdir)/include \ + -I$(top_builddir)/include +LDADD= \ + $(top_builddir)/lib/libpkcs11-helper.la + +test_fork_SOURCES=test-fork.c diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pkcs11-helper-1.25.1/tests/test-fork/test-fork.c new/pkcs11-helper-1.27.0/tests/test-fork/test-fork.c --- old/pkcs11-helper-1.25.1/tests/test-fork/test-fork.c 1970-01-01 01:00:00.000000000 +0100 +++ new/pkcs11-helper-1.27.0/tests/test-fork/test-fork.c 2020-11-17 19:38:56.000000000 +0100 @@ -0,0 +1,131 @@ +#include <stdio.h> +#include <stdlib.h> +#include "../../config.h" +#include <pkcs11-helper-1.0/pkcs11h-core.h> + +#if !defined(ENABLE_PKCS11H_CERTIFICATE) || defined(WIN32) +int main () { + printf ("!win32, certificate, enum and crypto engine interfaces should be enabled for this test"); + exit (77); + return 0; +} +#else + +#include <pkcs11-helper-1.0/pkcs11h-certificate.h> +#include <sys/wait.h> +#include <unistd.h> + +static +void +fatal (const char * const m, CK_RV rv) { + fprintf (stderr, "%s - %08lu - %s\n", m, rv, pkcs11h_getMessage (rv)); + exit (1); +} + +static +void +_pkcs11h_hooks_log ( + IN void * const global_data, + IN unsigned flags, + IN const char * const format, + IN va_list args +) { + vfprintf (stdout, format, args); + fprintf (stdout, "\n"); + fflush (stdout); +} + +int main () { + pkcs11h_certificate_id_list_t issuers, certs; + pid_t pid; + CK_RV rv; + + printf ("Version: %08x\n", pkcs11h_getVersion ()); + printf ("Features: %08x\n", pkcs11h_getFeatures ()); + + printf ("Initializing pkcs11-helper\n"); + + if ((rv = pkcs11h_initialize ()) != CKR_OK) { + fatal ("pkcs11h_initialize failed", rv); + } + + pkcs11h_setForkMode(TRUE); + + printf ("Registering pkcs11-helper hooks\n"); + + if ((rv = pkcs11h_setLogHook (_pkcs11h_hooks_log, NULL)) != CKR_OK) { + fatal ("pkcs11h_setLogHook failed", rv); + } + + pkcs11h_setLogLevel (TEST_LOG_LEVEL); + + printf ("Adding provider '%s'\n", TEST_PROVIDER); + + if ( + (rv = pkcs11h_addProvider ( + TEST_PROVIDER, + TEST_PROVIDER, + FALSE, + PKCS11H_PRIVATEMODE_MASK_AUTO, + PKCS11H_SLOTEVENT_METHOD_AUTO, + 0, + FALSE + )) != CKR_OK + ) { + fatal ("pkcs11h_addProvider failed", rv); + } + + printf ("Forking pkcs11-helper\n"); + fflush(stdout); + + if ((pid = fork()) == -1) { + fatal ("fork failed", CKR_GENERAL_ERROR); + } + else if (pid == 0) { + printf ("Child fork fixup\n"); + pkcs11h_forkFixup(); + printf ("Child Enum certs\n"); + if ( + (rv = pkcs11h_certificate_enumCertificateIds ( + PKCS11H_ENUM_METHOD_CACHE, + NULL, + PKCS11H_PROMPT_MASK_ALLOW_ALL, + &issuers, + &certs + )) != CKR_OK + ) { + fatal ("pkcs11h_certificate_enumCertificateIds failed", rv); + } + printf ("Child termination\n"); + if ((rv = pkcs11h_terminate ()) != CKR_OK) { + fatal ("pkcs11h_terminate failed", rv); + } + exit (0); + } + else { + printf ("Parent Enum certs\n"); + if ( + (rv = pkcs11h_certificate_enumCertificateIds ( + PKCS11H_ENUM_METHOD_CACHE, + NULL, + PKCS11H_PROMPT_MASK_ALLOW_ALL, + &issuers, + &certs + )) != CKR_OK + ) { + fatal ("pkcs11h_certificate_enumCertificateIds failed", rv); + } + waitpid(pid, NULL, 0); + } + + printf ("Terminating pkcs11-helper\n"); + + if ((rv = pkcs11h_terminate ()) != CKR_OK) { + fatal ("pkcs11h_terminate failed", rv); + } + + exit (0); + return 0; +} + +#endif
