Add support for PKCS#11 provider in OpenSSL 3.0

The engine API in OpenSSL 3.0 is deprecated so we are in the progress of working on a PKCS#11 provider for OpenSSL. This commit introduces a conditional build with the pkcs11-provider support (instead of engines) with all the changes required for the provider to work with existing code and tests. The CI modification is only temporary before we will have the real package in Fedora or somewhere to use. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com>
2026-02-07 02:39:48 +09:00 · 2022-10-31 15:09:26 +01:00
parent 7291f2173c
commit 2539d72b7c
18 changed files with 276 additions and 62 deletions
--- a/tests/unittests/CMakeLists.txt
+++ b/tests/unittests/CMakeLists.txt
@@ -69,6 +69,7 @@ if (UNIX AND NOT WIN32)
            torture_pki_rsa_uri
            torture_pki_ecdsa_uri
        )
+        list(APPEND TORTURE_UNIT_ENVIRONMENT PKCS11_PROVIDER_DEBUG=file:/tmp/p11prov-debug.log)
    endif()

    if (HAVE_ECC)
--- a/tests/unittests/torture_pki_ecdsa_uri.c
+++ b/tests/unittests/torture_pki_ecdsa_uri.c
@@ -76,7 +76,6 @@ static int setup_directory_structure(void **state)
    struct pki_st *test_state = NULL;
    char *temp_dir;
    int rc;
-    char conf_path[1024] = {0};

    test_state = (struct pki_st *)malloc(sizeof(struct pki_st));
    assert_non_null(test_state);
@@ -96,9 +95,6 @@ static int setup_directory_structure(void **state)

    *state = test_state;

-    snprintf(conf_path, sizeof(conf_path), "%s/softhsm.conf", test_state->temp_dir);
-    setenv("SOFTHSM2_CONF", conf_path, 1);
-
    setup_tokens_ecdsa(state, 256, "ecdsa256", "1");
    setup_tokens_ecdsa(state, 384, "ecdsa384", "1");
    setup_tokens_ecdsa(state, 521, "ecdsa521", "1");
@@ -114,7 +110,7 @@ static int teardown_directory_structure(void **state)
    struct pki_st *test_state = *state;
    int rc;

-    unsetenv("SOFTHSM2_CONF");
+    torture_cleanup_tokens(test_state->temp_dir);

    rc = torture_change_dir(test_state->orig_dir);
    assert_int_equal(rc, 0);
--- a/tests/unittests/torture_pki_rsa_uri.c
+++ b/tests/unittests/torture_pki_rsa_uri.c
@@ -13,7 +13,6 @@

 #define LIBSSH_RSA_TESTKEY            "libssh_testkey.id_rsa"
 #define LIBSSH_RSA_TESTKEY_PASSPHRASE "libssh_testkey_passphrase.id_rsa"
-#define SOFTHSM_CONF "softhsm.conf"
 #define PUB_URI_FMT  "pkcs11:token=%s;object=%s;type=public"
 #define PRIV_URI_FMT "pkcs11:token=%s;object=%s;type=private?pin-value=%s"

@@ -33,7 +32,6 @@ struct pki_st {

 static int setup_tokens(void **state)
 {
-    char conf_path[1024] = {0};
    char keys_path[1024] = {0};
    char keys_path_pub[1024] = {0};
    char *cwd = NULL;
@@ -85,10 +83,6 @@ static int setup_tokens(void **state)

    torture_setup_tokens(cwd, keys_path, obj_tempname, "1");

-    snprintf(conf_path, sizeof(conf_path), "%s/softhsm.conf", cwd);
-
-    setenv("SOFTHSM2_CONF", conf_path, 1);
-
    return 0;
 }

@@ -126,6 +120,8 @@ static int teardown_directory_structure(void **state)
    struct pki_st *test_state = *state;
    int rc;

+    torture_cleanup_tokens(test_state->temp_dir);
+
    rc = torture_change_dir(test_state->orig_dir);
    assert_int_equal(rc, 0);

@@ -142,8 +138,6 @@ static int teardown_directory_structure(void **state)
    SAFE_FREE(test_state->pub_uri_invalid_token);
    SAFE_FREE(test_state);

-    unsetenv("SOFTHSM2_CONF");
-
    return 0;
 }