diff mbox series

libp11: Add new package for OpenSSL PKCS#11 engine

Message ID 20181109234640.18735-1-tpiepho@impinj.com
State Superseded
Headers show
Series libp11: Add new package for OpenSSL PKCS#11 engine | expand

Commit Message

Trent Piepho Nov. 9, 2018, 11:47 p.m. UTC 
Library for using PKCS#11, which includes an engine for OpenSSL that
lets it use PKCS#11 modules.  Which is really what this package is
about, not that libp11 library itself, which has no users outside the of
OpenSSL engine.

If p11-kit is enabled, configure the engine to use that as the default
PKCS#11 module.  That module is a sort of multiplexer that allows
multiple modules to be used at once, so it makes sense to use it even if
there are other modules present, e.g. softhsm2, nssckbi, pkcs11-proxy,
ykcs11, etc.

A host package is created too, with a host configuration option.  Since
this a dynamically loaded module, there is no build time reason to
select it from a host package.  It could be used by host openssl, to
allow host rauc to sign a software update bundle using a key from a HSM
with a PKCS#11 interface.

Signed-off-by: Trent Piepho <tpiepho@impinj.com>
---
 package/Config.in             |  1 +
 package/Config.in.host        |  1 +
 package/libp11/Config.in      |  7 +++++++
 package/libp11/Config.in.host |  6 ++++++
 package/libp11/libp11.hash    |  3 +++
 package/libp11/libp11.mk      | 19 +++++++++++++++++++
 6 files changed, 37 insertions(+)
 create mode 100644 package/libp11/Config.in
 create mode 100644 package/libp11/Config.in.host
 create mode 100644 package/libp11/libp11.hash
 create mode 100644 package/libp11/libp11.mk

Comments

Trent Piepho Nov. 13, 2018, 12:35 a.m. UTC | #1 
On Fri, 2018-11-09 at 23:47 +0000, Trent Piepho wrote:
> Library for using PKCS#11, which includes an engine for OpenSSL that
> lets it use PKCS#11 modules.  Which is really what this package is
> about, not that libp11 library itself, which has no users outside the of
> OpenSSL engine.

> 
> +LIBP11_VERSION = 0.4.9
> +LIBP11_SITE = https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FOpenSC%2Flibp11%2Freleases%2Fdownload%2Flibp11-%24(LIBP11_VERSION&amp;data=02%7C01%7Ctpiepho%40impinj.com%7Cbd8de140ec3244b8c42108d6469dc209%7C6de70f0f73574529a415d8cbb7e93e5e%7C0%7C0%7C636774040745907586&amp;sdata=IYhav3gbZ4QzBNDl%2BOxKLKP7R%2F9YysTtBH38oFcvs1w%3D&amp;reserved=0)
> +LIBP11_DEPENDENCIES = openssl
> +LIBP11_INSTALL_STAGING = YES
> +LIBP11_LICENSE = LGPLv2.1
> +LIBP11_LICENSE_FILES = COPYING
> +
> +ifeq ($(BR2_PACKAGE_P11_KIT),y)
> +LIBP11_CONF_OPTS += --with-pkcs11-module=/usr/lib/p11-kit-proxy.so
> +endif

Forgot to add:

HOST_LIBP11_DEPENDENCIES = host-openssl

> +
> +$(eval $(autotools-package))
> +$(eval $(host-autotools-package))
diff mbox series

Patch

diff --git a/package/Config.in b/package/Config.in
index fd86e37a52..4ed8a82fa4 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -1162,6 +1162,7 @@  menu "Crypto"
 	source "package/libmcrypt/Config.in"
 	source "package/libmhash/Config.in"
 	source "package/libnss/Config.in"
+	source "package/libp11/Config.in"
 	source "package/libscrypt/Config.in"
 	source "package/libsecret/Config.in"
 	source "package/libsha1/Config.in"
diff --git a/package/Config.in.host b/package/Config.in.host
index 28ae8c3ac7..c528f6bd44 100644
--- a/package/Config.in.host
+++ b/package/Config.in.host
@@ -30,6 +30,7 @@  menu "Host utilities"
 	source "package/imx-usb-loader/Config.in.host"
 	source "package/jq/Config.in.host"
 	source "package/jsmin/Config.in.host"
+	source "package/libp11/Config.in.host"
 	source "package/lpc3250loader/Config.in.host"
 	source "package/lttng-babeltrace/Config.in.host"
 	source "package/mfgtools/Config.in.host"
diff --git a/package/libp11/Config.in b/package/libp11/Config.in
new file mode 100644
index 0000000000..0b9a739db3
--- /dev/null
+++ b/package/libp11/Config.in
@@ -0,0 +1,7 @@ 
+config BR2_PACKAGE_LIBP11
+	bool "libp11"
+	select BR2_PACKAGE_OPENSSL
+	help
+	  OpenSSL engine for PKCS#11 modules.  Part of the OpenSC project.
+
+	  https://github.com/OpenSC/OpenSC/wiki
diff --git a/package/libp11/Config.in.host b/package/libp11/Config.in.host
new file mode 100644
index 0000000000..ccc171025a
--- /dev/null
+++ b/package/libp11/Config.in.host
@@ -0,0 +1,6 @@ 
+config BR2_PACKAGE_HOST_LIBP11
+	bool "host libp11"
+	help
+	  OpenSSL engine for PKCS#11 modules.  Part of the OpenSC project.
+
+	  https://github.com/OpenSC/OpenSC/wiki
diff --git a/package/libp11/libp11.hash b/package/libp11/libp11.hash
new file mode 100644
index 0000000000..01cea6466b
--- /dev/null
+++ b/package/libp11/libp11.hash
@@ -0,0 +1,3 @@ 
+# Locally computed:
+sha256 9d1c76d74c21ca224f96204982097ebc6b956f645b2b0b5f9c502a20e9ffcfd8  libp11-0.4.9.tar.gz
+sha256 d80c9d084ebfb50ea1ed91bfbc2410d6ce542097a32c43b00781b83adcb8c77f  COPYING
diff --git a/package/libp11/libp11.mk b/package/libp11/libp11.mk
new file mode 100644
index 0000000000..a720b1c629
--- /dev/null
+++ b/package/libp11/libp11.mk
@@ -0,0 +1,19 @@ 
+################################################################################
+#
+# libp11
+#
+################################################################################
+
+LIBP11_VERSION = 0.4.9
+LIBP11_SITE = https://github.com/OpenSC/libp11/releases/download/libp11-$(LIBP11_VERSION)
+LIBP11_DEPENDENCIES = openssl
+LIBP11_INSTALL_STAGING = YES
+LIBP11_LICENSE = LGPLv2.1
+LIBP11_LICENSE_FILES = COPYING
+
+ifeq ($(BR2_PACKAGE_P11_KIT),y)
+LIBP11_CONF_OPTS += --with-pkcs11-module=/usr/lib/p11-kit-proxy.so
+endif
+
+$(eval $(autotools-package))
+$(eval $(host-autotools-package))