libp11 PKCS#11 provider support

Author: olszomal

Makefile.mingw

@@ -0,0 +1,10 @@
+
+SUBDIRS = src
+
+all::
+
+all depend install clean::
+	@for i in $(SUBDIRS); do \
+		(cd $$i && $(MAKE) BUILD_FOR=$(BUILD_FOR) OPENSSL_DIR=$(OPENSSL_DIR) -f Makefile.mak); \
+	done
+

configure.ac

@@ -38,6 +38,7 @@ opensslversion="$( \
 case "$opensslversion" in
 	3.*) # Engines directory prefix for OpenSSL 3.x
 	    LIBP11_LT_OLDEST="3"
+	    LIBP11_OSSL_PROVIDER="yes"
 	    debian_ssl_prefix="engines-3";;
 	1.1.*) # Engines directory prefix for OpenSSL 1.1.x
 	    LIBP11_LT_OLDEST="3"
@@ -50,6 +51,13 @@ case "$opensslversion" in
 	    debian_ssl_prefix="ssl/engines";;
 esac
 
+case "$OSSL_PKG_VERSION" in
+	3.*)
+		AC_MSG_NOTICE([3.*])
+		LIBP11_OSSL_PROVIDER="yes";;
+esac
+
+AM_CONDITIONAL([LIBP11_OSSL_PROVIDER], [test x$LIBP11_OSSL_PROVIDER = xyes])
 
 # LT Version numbers, remember to change them just *before* a release.
 #   (Code changed:                      REVISION++)
@@ -156,6 +164,29 @@ AC_ARG_ENABLE(
 	[enable_static_engine="no"]
 )
 
+AC_ARG_WITH(
+	[modulesdir],
+	[AS_HELP_STRING([--with-modulesdir], [OpenSSL3 providers directory])],
+	[providersexecdir="${withval}"],
+	[
+		providersexecdir="`$PKG_CONFIG --variable=modulesdir --silence-errors libcrypto`"
+		if test "${providersexecdir}" = ""; then
+		    libcryptodir="`$PKG_CONFIG --variable=libdir --silence-errors libcrypto || \
+			$PKG_CONFIG --variable=libdir openssl`"
+		    if test -d "$libcryptodir/$debian_ssl_prefix"; then
+			# Debian-based OpenSSL package (for example Ubuntu)
+			providersexecdir="$libcryptodir/$debian_ssl_prefix"
+		    else # Default OpenSSL providers directory
+			providersexecdir="$libcryptodir/ossl-modules"
+		    fi
+		    if test "${prefix}" != "NONE" -o "${exec_prefix}" != "NONE"; then
+			# Override the autodetected value with the default
+			providersexecdir="\$(libdir)"
+		    fi
+		fi
+	]
+)
+
 AC_ARG_WITH(
 	[pkcs11-module],
 	[AS_HELP_STRING([--with-pkcs11-module], [default PKCS11 module])],
@@ -220,6 +251,7 @@ pkgconfigdir="\$(libdir)/pkgconfig"
 AC_SUBST([pkgconfigdir])
 AC_SUBST([apidocdir])
 AC_SUBST([enginesexecdir])
+AC_SUBST([providersexecdir])
 AC_SUBST([LIBP11_VERSION_MAJOR])
 AC_SUBST([LIBP11_VERSION_MINOR])
 AC_SUBST([LIBP11_VERSION_FIX])
@@ -262,6 +294,7 @@ AC_CONFIG_FILES([
 	src/libp11.pc
 	src/libp11.rc
 	src/pkcs11.rc
+	src/pkcs11prov.rc
 	doc/Makefile
 	doc/doxygen.conf
 	examples/Makefile
@@ -289,6 +322,7 @@ libp11 has been configured with the following options:
 Version:                 ${PACKAGE_VERSION}
 libp11 directory:        $(eval eval eval echo "${libdir}")
 Engine directory:        ${enginesexecdir}
+Provider directory:      ${providersexecdir}
 Default PKCS11 module:   ${pkcs11_module}
 API doc support:         ${enable_api_doc}
 Static PKCS#11 engine    ${enable_static_engine}

src/Makefile.am

@@ -14,6 +14,11 @@ endif
 enginesexec_LTLIBRARIES = pkcs11.la
 pkgconfig_DATA = libp11.pc
 
+if LIBP11_OSSL_PROVIDER
+EXTRA_DIST += pkcs11prov.rc.in
+providersexec_LTLIBRARIES = pkcs11prov.la
+endif
+
 SHARED_EXT=@SHARED_EXT@
 
 libp11_la_SOURCES = libpkcs11.c p11_attr.c p11_cert.c p11_err.c p11_ckr.c \
@@ -67,6 +72,9 @@ check-local: $(LTLIBRARIES)
 
 install-exec-hook:
 	cd '$(DESTDIR)$(enginesexecdir)' && $(LN_S) -f pkcs11$(SHARED_EXT) libpkcs11$(SHARED_EXT)
+if LIBP11_OSSL_PROVIDER
+	cd '$(DESTDIR)$(providersexecdir)' && $(LN_S) -f pkcs11prov$(SHARED_EXT) libpkcs11$(SHARED_EXT)
+endif
 
 if WIN32
 # def file required for MS users to build library
@@ -79,6 +87,20 @@ RCCOMPILE = $(RC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
 	$(AM_CPPFLAGS) $(CPPFLAGS)
 LTRCCOMPILE = $(LIBTOOL) --mode=compile --tag=RC $(RCCOMPILE)
 
+# openssl PKCS#11 provider
+pkcs11prov_la_SOURCES = provider.c util_uri.c pkcs11prov.exports
+if WIN32
+pkcs11prov_la_SOURCES += pkcs11prov.rc
+else
+dist_noinst_DATA += pkcs11prov.rc
+endif
+pkcs11prov_la_CFLAGS = $(AM_CFLAGS) $(OPENSSL_EXTRA_CFLAGS) $(OPENSSL_CFLAGS)
+pkcs11prov_la_LIBADD = $(libp11_la_OBJECTS) $(OPENSSL_LIBS)
+
+# We intentionally not version symbols in this module because no
+# application links with it. It is dynamically opened.
+pkcs11prov_la_LDFLAGS = $(AM_LDFLAGS) -module -shared -shrext $(SHARED_EXT) \
+	-avoid-version -export-symbols "$(srcdir)/pkcs11prov.exports"
 .rc.lo:
 	$(LTRCCOMPILE) -i "$<" -o "$@"
 

src/Makefile.mak

@@ -12,13 +12,16 @@ LIBP11_TARGET = libp11.dll
 PKCS11_OBJECTS = eng_front.obj eng_back.obj eng_err.obj util_uri.obj
 PKCS11_TARGET = pkcs11.dll
 
-OBJECTS = $(LIBP11_OBJECTS) $(PKCS11_OBJECTS)
-TARGETS = $(LIBP11_TARGET) $(PKCS11_TARGET)
+PKCS11PROV_OBJECTS = provider.obj util_uri.obj
+PKCS11PROV_TARGET = pkcs11prov.dll
+
+OBJECTS = $(LIBP11_OBJECTS) $(PKCS11_OBJECTS) $(PKCS11PROV_OBJECTS)
+TARGETS = $(LIBP11_TARGET) $(PKCS11_TARGET) $(PKCS11PROV_TARGET)
 
 all: $(TARGETS)
 
 clean:
-	del $(OBJECTS) $(TARGETS) *.lib *.def *.res libp11.exp pkcs11.exp
+	del $(OBJECTS) $(TARGETS) *.lib *.def *.res libp11.exp pkcs11.exp pkcs11prov.exp
 
 .rc.res:
 	rc /r /fo$@ $<
@@ -40,4 +43,9 @@ $(PKCS11_TARGET): $(PKCS11_OBJECTS) $(LIBP11_OBJECTS) $*.def $*.res
 		$(PKCS11_OBJECTS) $(LIBP11_OBJECTS) $(LIBS) $*.res
 	if EXIST $*.dll.manifest mt -manifest $*.dll.manifest -outputresource:$*.dll;2
 
+$(PKCS11PROV_TARGET): $(PKCS11PROV_OBJECTS) $(LIBP11_OBJECTS) pkcs11prov.def $*.res
+	link $(LINKFLAGS) /dll /def:pkcs11prov.def /implib:pkcs11prov.lib /out:$@ \
+		$(PKCS11PROV_OBJECTS) $(LIBP11_OBJECTS) $(LIBS) $*.res
+	if EXIST $*.dll.manifest mt -manifest $*.dll.manifest -outputresource:$*.dll;2
+
 .SUFFIXES: .exports

src/pkcs11prov.exports

@@ -0,0 +1 @@
+OSSL_provider_init

src/pkcs11prov.rc

@@ -0,0 +1,38 @@
+#include <winresrc.h>
+
+VS_VERSION_INFO VERSIONINFO
+	FILEVERSION 0,4,14,0
+	PRODUCTVERSION 0,4,14,0
+	FILEFLAGSMASK 0x3fL
+#ifdef _DEBUG
+	FILEFLAGS 0x21L
+#else
+	FILEFLAGS 0x20L
+#endif
+	FILEOS 0x40004L
+	FILETYPE VFT_DLL
+	FILESUBTYPE 0x0L
+BEGIN
+	BLOCK "StringFileInfo"
+	BEGIN
+		BLOCK "040904b0"
+		BEGIN
+			VALUE "Comments", "Provided under the terms of the GNU General Public License (LGPLv2.1+).\0"
+			VALUE "CompanyName", "OpenSC Project\0"
+			VALUE "FileDescription", "OpenSSL PKCS#11 provider\0"
+			VALUE "FileVersion", "0.4.14.0\0"
+			VALUE "InternalName", "libp11\0"
+			VALUE "LegalCopyright", "OpenSC Project\0"
+			VALUE "LegalTrademarks", "\0"
+			VALUE "OriginalFilename", "pkcs11prov.dll\0"
+			VALUE "PrivateBuild", "\0"
+			VALUE "ProductName", "libp11\0"
+			VALUE "ProductVersion", "0.4.14.0\0"
+			VALUE "SpecialBuild", "\0"
+		END
+	END
+	BLOCK "VarFileInfo"
+	BEGIN
+		VALUE "Translation", 0x409, 1200
+	END
+END

src/pkcs11prov.rc.in

@@ -0,0 +1,38 @@
+#include <winresrc.h>
+
+VS_VERSION_INFO VERSIONINFO
+	FILEVERSION @LIBP11_VERSION_MAJOR@,@LIBP11_VERSION_MINOR@,@LIBP11_VERSION_FIX@,0
+	PRODUCTVERSION @LIBP11_VERSION_MAJOR@,@LIBP11_VERSION_MINOR@,@LIBP11_VERSION_FIX@,0
+	FILEFLAGSMASK 0x3fL
+#ifdef _DEBUG
+	FILEFLAGS 0x21L
+#else
+	FILEFLAGS 0x20L
+#endif
+	FILEOS 0x40004L
+	FILETYPE VFT_DLL
+	FILESUBTYPE 0x0L
+BEGIN
+	BLOCK "StringFileInfo"
+	BEGIN
+		BLOCK "040904b0"
+		BEGIN
+			VALUE "Comments", "Provided under the terms of the GNU General Public License (LGPLv2.1+).\0"
+			VALUE "CompanyName", "OpenSC Project\0"
+			VALUE "FileDescription", "OpenSSL PKCS#11 provider\0"
+			VALUE "FileVersion", "@LIBP11_VERSION_MAJOR@.@LIBP11_VERSION_MINOR@.@LIBP11_VERSION_FIX@.0\0"
+			VALUE "InternalName", "@PACKAGE_NAME@\0"
+			VALUE "LegalCopyright", "OpenSC Project\0"
+			VALUE "LegalTrademarks", "\0"
+			VALUE "OriginalFilename", "pkcs11prov.dll\0"
+			VALUE "PrivateBuild", "\0"
+			VALUE "ProductName", "@PACKAGE_NAME@\0"
+			VALUE "ProductVersion", "@LIBP11_VERSION_MAJOR@.@LIBP11_VERSION_MINOR@.@LIBP11_VERSION_FIX@.0\0"
+			VALUE "SpecialBuild", "\0"
+		END
+	END
+	BLOCK "VarFileInfo"
+	BEGIN
+		VALUE "Translation", 0x409, 1200
+	END
+END