mastercard / pkcs11-tools Goto Github PK
View Code? Open in Web Editor NEWA set of tools to manage objects on PKCS#11 cryptographic tokens. Compatible with many PKCS#11 library, including major HSM brands, NSS and softoken.
License: Other
pkcs11-tools's Issues
Support for OpenSSL 1.1+
Forked from Issue #5
Support for EdDSA curves
(Help, please) no way to build the source code on Ubuntu 20...
Good afternoon,
I am pretty lost trying to build the source code on Ubuntu 20...
After running 'autoconf' I get many 'undefined macro' messages, as you can see below,
Googling I found that running 'autoreconf -fi' might solve it, there's still a macro error related to AC_MSG_WARN though.
Any help would be much appreciated. Thanks a lot
jordi@jordi-VirtualBox:/pkcs11-tools-master$ autoconf/pkcs11-tools-master$
configure.ac:1: error: possibly undefined macro: dnl
If this token and others are legitimate, please use m4_pattern_allow.
See the Autoconf documentation.
configure.ac:20: error: possibly undefined macro: AM_MAINTAINER_MODE
configure.ac:38: error: possibly undefined macro: AC_MSG_FAILURE
configure.ac:51: error: possibly undefined macro: AC_MSG_WARN
configure.ac:60: error: possibly undefined macro: AM_INIT_AUTOMAKE
configure.ac:63: error: possibly undefined macro: AM_PROG_AR
configure.ac:66: error: possibly undefined macro: AC_PROG_LIBTOOL
configure.ac:71: error: possibly undefined macro: AM_CONDITIONAL
configure.ac:82: error: possibly undefined macro: AC_CHECK_DECLS
configure.ac:98: error: possibly undefined macro: AM_COND_IF
configure.ac:102: error: possibly undefined macro: AC_SEARCH_LIBS
configure.ac:102: error: possibly undefined macro: AC_MSG_ERROR
configure.ac:106: error: possibly undefined macro: AC_CHECK_LIB
jordi@jordi-VirtualBox:
jordi@jordi-VirtualBox:/pkcs11-tools-master$ autoreconf -fiobsolete.m4'
libtoolize: putting auxiliary files in '.'.
libtoolize: copying file './ltmain.sh'
libtoolize: putting macros in AC_CONFIG_MACRO_DIRS, 'm4'.
libtoolize: copying file 'm4/libtool.m4'
libtoolize: copying file 'm4/ltoptions.m4'
libtoolize: copying file 'm4/ltsugar.m4'
libtoolize: copying file 'm4/ltversion.m4'
libtoolize: copying file 'm4/lt
configure.ac:51: error: possibly undefined macro: AC_MSG_WARN
If this token and others are legitimate, please use m4_pattern_allow.
See the Autoconf documentation.
autoreconf: /usr/bin/autoconf failed with exit status: 1
jordi@jordi-VirtualBox:~/pkcs11-tools-master$
VERSIONS
jordi@jordi-VirtualBox:/pkcs11-tools-master$ uname -a20.04.1-Ubuntu SMP Fri Mar 26 01:01:07 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Linux jordi-VirtualBox 5.8.0-49-generic #55
jordi@jordi-VirtualBox:~/pkcs11-tools-master$ autoconf --version
autoconf (GNU Autoconf) 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+/Autoconf: GNU GPL version 3 or later
http://gnu.org/licenses/gpl.html, http://gnu.org/licenses/exceptions.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
jordi@jordi-VirtualBox:~/pkcs11-tools-master$ m4 --version
m4 (GNU M4) 1.4.18
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
build failure on Linux
Describe the bug
Following the steps on INSTALL wiki, the make step fails to build the project
To Reproduce
Steps to reproduce the behavior:
- Clone project
- run
./bootstrap.sh - run
make
Error:
In file included from attribctx_lexer.c:49:
../gl/string.h:965:1: error: expected ‘,’ or ‘;’ before ‘_GL_ATTRIBUTE_MALLOC’
965 | _GL_FUNCDECL_SYS (strdup, char *,
| ^~~~~~~~~~~~~~~~
make[2]: *** [Makefile:1655: libp11_la-attribctx_lexer.lo] Error 1
Attaching config.log
Operating System (please complete the following information):
- OS:
Linux desktop 6.1.0-8-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.25-1 (2023-04-22) x86_64 GNU/Linux
memory leak found with commands p11req and p11mkcert
Describe the bug
A memory leak has been found (using Valgrind) when executing p11req and p11mkcert. The memleak is caused by structures not being properly disposed off.
To Reproduce
Steps to reproduce the behavior:
- execute
p11reqorp11mkcertthrough valgrind - See valgrind output
Expected behavior
Valgrind should not report memory leaks at exit time for these commands.
Operating System (please complete the following information):
- OS: linux
Additional context
Seems like a simple fix, X509 and X509_REQ structures must be freed once commands are finished.
Some wrong names for hashes and MGF in the manual
Under https://github.com/Mastercard/pkcs11-tools/blob/master/docs/MANUAL.md#p11wrap-and-p11unwrap,
mgf=CKG_MGF1_SHA1|CKG_MGF1_SHA256|CKG_MGF_SHA384|CKG_MGF_SHA512 - MGF parameter, default is CKG_MGF1_SHA1
hash=CKM_SHA_1|CKM_SHA224|CKM_SHA256|CKM_SHA384|CKM_SHA512 - hashing alg. argument, default is CKM_SHA_1
These are not the same as the mechanisms listed in the standard. Yesterday I was trying unwrapping and wrapping and couldn't figure out why I was getting errors until I looked the mechanisms up.
bootstrapping failed.
Hi,
I've tried to build this toolset, but bootstrapping is failed.
After cloning I've started the .bootstrap.sh and receiving the following output:
$ ./bootstrap.sh
Submodule '.gnulib' (https://git.savannah.gnu.org/git/gnulib.git) registered for path '.gnulib'
Cloning into '/home/gryzly/work/pkcs11-tools/.gnulib'...
Submodule path '.gnulib': checked out '87dc278345db394227f281c831a3fafb0b7854fb'
Submodule 'include/oasis-pkcs11' (https://github.com/oasis-tcs/pkcs11.git) registered for path 'include/oasis-pkcs11'
Cloning into '/home/gryzly/work/pkcs11-tools/include/oasis-pkcs11'...
Submodule path 'include/oasis-pkcs11': checked out 'df530bf9c88831284ee374cfe16bad40672ce603'
Module list with included dependencies (indented):
absolute-header
alloca-opt
attribute
btowc
builtin-expect
byteswap
c99
calloc-gnu
calloc-posix
errno
extensions
extern-inline
fd-hook
getdelim
gethostname
getline
getopt-gnu
getopt-posix
gettext-h
hard-locale
include_next
intprops
inttypes-incomplete
langinfo
libc-config
limits-h
localcharset
locale
localeconv
lock
malloc-gnu
malloc-posix
mbrtowc
mbsinit
mbtowc
msvc-inval
msvc-nothrow
multiarch
nl_langinfo
nocrash
realloc-gnu
realloc-posix
regex
setlocale-null
snippet/_Noreturn
snippet/arg-nonnull
snippet/c++defs
snippet/warn-on-use
socketlib
sockets
socklen
ssize_t
std-gnu11
stdalign
stdbool
stddef
stdint
stdio
stdlib
strcase
streq
strings
sys_socket
sys_types
sys_uio
sysexits
termios
threadlib
time
unistd
verify
wchar
wcrtomb
wctype-h
windows-mutex
windows-once
windows-recmutex
windows-rwlock
File list:
lib/_Noreturn.h
lib/alloca.in.h
lib/arg-nonnull.h
lib/attribute.h
lib/btowc.c
lib/byteswap.in.h
lib/c++defs.h
lib/calloc.c
lib/cdefs.h
lib/errno.in.h
lib/fd-hook.c
lib/fd-hook.h
lib/getdelim.c
lib/gethostname.c
lib/getline.c
lib/getopt-cdefs.in.h
lib/getopt-core.h
lib/getopt-ext.h
lib/getopt-pfx-core.h
lib/getopt-pfx-ext.h
lib/getopt.c
lib/getopt.in.h
lib/getopt1.c
lib/getopt_int.h
lib/gettext.h
lib/glthread/lock.c
lib/glthread/lock.h
lib/glthread/threadlib.c
lib/hard-locale.c
lib/hard-locale.h
lib/intprops.h
lib/inttypes.in.h
lib/langinfo.in.h
lib/lc-charset-dispatch.c
lib/lc-charset-dispatch.h
lib/libc-config.h
lib/limits.in.h
lib/localcharset.c
lib/localcharset.h
lib/locale.in.h
lib/localeconv.c
lib/malloc.c
lib/mbrtowc-impl-utf8.h
lib/mbrtowc-impl.h
lib/mbrtowc.c
lib/mbsinit.c
lib/mbtowc-impl.h
lib/mbtowc-lock.c
lib/mbtowc-lock.h
lib/mbtowc.c
lib/msvc-inval.c
lib/msvc-inval.h
lib/msvc-nothrow.c
lib/msvc-nothrow.h
lib/nl_langinfo-lock.c
lib/nl_langinfo.c
lib/realloc.c
lib/regcomp.c
lib/regex.c
lib/regex.h
lib/regex_internal.c
lib/regex_internal.h
lib/regexec.c
lib/setlocale-lock.c
lib/setlocale_null.c
lib/setlocale_null.h
lib/sockets.c
lib/sockets.h
lib/stdalign.in.h
lib/stdbool.in.h
lib/stddef.in.h
lib/stdint.in.h
lib/stdio.in.h
lib/stdlib.in.h
lib/strcasecmp.c
lib/streq.h
lib/strings.in.h
lib/strncasecmp.c
lib/sys_socket.c
lib/sys_socket.in.h
lib/sys_types.in.h
lib/sys_uio.in.h
lib/sysexits.in.h
lib/termios.in.h
lib/time.in.h
lib/unistd.c
lib/unistd.in.h
lib/verify.h
lib/w32sock.h
lib/warn-on-use.h
lib/wchar.in.h
lib/wcrtomb.c
lib/wctype-h.c
lib/wctype.in.h
lib/windows-initguard.h
lib/windows-mutex.c
lib/windows-mutex.h
lib/windows-once.c
lib/windows-once.h
lib/windows-recmutex.c
lib/windows-recmutex.h
lib/windows-rwlock.c
lib/windows-rwlock.h
m4/00gnulib.m4
m4/__inline.m4
m4/absolute-header.m4
m4/alloca.m4
m4/btowc.m4
m4/builtin-expect.m4
m4/byteswap.m4
m4/calloc.m4
m4/codeset.m4
m4/eealloc.m4
m4/errno_h.m4
m4/extensions.m4
m4/extern-inline.m4
m4/getdelim.m4
m4/gethostname.m4
m4/getline.m4
m4/getopt.m4
m4/glibc21.m4
m4/gnulib-common.m4
m4/include_next.m4
m4/inttypes.m4
m4/langinfo_h.m4
m4/limits-h.m4
m4/localcharset.m4
m4/locale-fr.m4
m4/locale-ja.m4
m4/locale-zh.m4
m4/locale_h.m4
m4/localeconv.m4
m4/lock.m4
m4/malloc.m4
m4/mbrtowc.m4
m4/mbsinit.m4
m4/mbstate_t.m4
m4/mbtowc.m4
m4/msvc-inval.m4
m4/msvc-nothrow.m4
m4/multiarch.m4
m4/nl_langinfo.m4
m4/nocrash.m4
m4/off_t.m4
m4/pid_t.m4
m4/pthread_rwlock_rdlock.m4
m4/realloc.m4
m4/regex.m4
m4/setlocale_null.m4
m4/socketlib.m4
m4/sockets.m4
m4/socklen.m4
m4/sockpfaf.m4
m4/ssize_t.m4
m4/std-gnu11.m4
m4/stdalign.m4
m4/stdbool.m4
m4/stddef_h.m4
m4/stdint.m4
m4/stdio_h.m4
m4/stdlib_h.m4
m4/strcase.m4
m4/strings_h.m4
m4/sys_socket_h.m4
m4/sys_types_h.m4
m4/sys_uio_h.m4
m4/sysexits.m4
m4/termios_h.m4
m4/threadlib.m4
m4/time_h.m4
m4/unistd_h.m4
m4/visibility.m4
m4/warn-on-use.m4
m4/wchar_h.m4
m4/wchar_t.m4
m4/wcrtomb.m4
m4/wctype_h.m4
m4/wint_t.m4
m4/zzgnulib.m4
Creating directory ./gl
Creating directory ./gl/glthread
Copying file gl/_Noreturn.h
Copying file gl/alloca.in.h
Copying file gl/arg-nonnull.h
Copying file gl/attribute.h
Copying file gl/btowc.c
Copying file gl/byteswap.in.h
Copying file gl/c++defs.h
Copying file gl/calloc.c
Copying file gl/cdefs.h
Copying file gl/errno.in.h
Copying file gl/fd-hook.c
Copying file gl/fd-hook.h
Copying file gl/getdelim.c
Copying file gl/gethostname.c
Copying file gl/getline.c
Copying file gl/getopt-cdefs.in.h
Copying file gl/getopt-core.h
Copying file gl/getopt-ext.h
Copying file gl/getopt-pfx-core.h
Copying file gl/getopt-pfx-ext.h
Copying file gl/getopt.c
Copying file gl/getopt.in.h
Copying file gl/getopt1.c
Copying file gl/getopt_int.h
Copying file gl/gettext.h
Copying file gl/glthread/lock.c
Copying file gl/glthread/lock.h
Copying file gl/glthread/threadlib.c
Copying file gl/hard-locale.c
Copying file gl/hard-locale.h
Copying file gl/intprops.h
Copying file gl/inttypes.in.h
Copying file gl/langinfo.in.h
Copying file gl/lc-charset-dispatch.c
Copying file gl/lc-charset-dispatch.h
Copying file gl/libc-config.h
Copying file gl/limits.in.h
Copying file gl/localcharset.c
Copying file gl/localcharset.h
Copying file gl/locale.in.h
Copying file gl/localeconv.c
Copying file gl/malloc.c
Copying file gl/mbrtowc-impl-utf8.h
Copying file gl/mbrtowc-impl.h
Copying file gl/mbrtowc.c
Copying file gl/mbsinit.c
Copying file gl/mbtowc-impl.h
Copying file gl/mbtowc-lock.c
Copying file gl/mbtowc-lock.h
Copying file gl/mbtowc.c
Copying file gl/msvc-inval.c
Copying file gl/msvc-inval.h
Copying file gl/msvc-nothrow.c
Copying file gl/msvc-nothrow.h
Copying file gl/nl_langinfo-lock.c
Copying file gl/nl_langinfo.c
Copying file gl/realloc.c
Copying file gl/regcomp.c
Copying file gl/regex.c
Copying file gl/regex.h
Copying file gl/regex_internal.c
Copying file gl/regex_internal.h
Copying file gl/regexec.c
Copying file gl/setlocale-lock.c
Copying file gl/setlocale_null.c
Copying file gl/setlocale_null.h
Copying file gl/sockets.c
Copying file gl/sockets.h
Copying file gl/stdalign.in.h
Copying file gl/stdbool.in.h
Copying file gl/stddef.in.h
Copying file gl/stdint.in.h
Copying file gl/stdio.in.h
Copying file gl/stdlib.in.h
Copying file gl/strcasecmp.c
Copying file gl/streq.h
Copying file gl/strings.in.h
Copying file gl/strncasecmp.c
Copying file gl/sys_socket.c
Copying file gl/sys_socket.in.h
Copying file gl/sys_types.in.h
Copying file gl/sys_uio.in.h
Copying file gl/sysexits.in.h
Copying file gl/termios.in.h
Copying file gl/time.in.h
Copying file gl/unistd.c
Copying file gl/unistd.in.h
Copying file gl/verify.h
Copying file gl/w32sock.h
Copying file gl/warn-on-use.h
Copying file gl/wchar.in.h
Copying file gl/wcrtomb.c
Copying file gl/wctype-h.c
Copying file gl/wctype.in.h
Copying file gl/windows-initguard.h
Copying file gl/windows-mutex.c
Copying file gl/windows-mutex.h
Copying file gl/windows-once.c
Copying file gl/windows-once.h
Copying file gl/windows-recmutex.c
Copying file gl/windows-recmutex.h
Copying file gl/windows-rwlock.c
Copying file gl/windows-rwlock.h
Copying file m4/00gnulib.m4
Copying file m4/__inline.m4
Copying file m4/absolute-header.m4
Copying file m4/alloca.m4
Copying file m4/btowc.m4
Copying file m4/builtin-expect.m4
Copying file m4/byteswap.m4
Copying file m4/calloc.m4
Copying file m4/codeset.m4
Copying file m4/eealloc.m4
Copying file m4/errno_h.m4
Copying file m4/extensions.m4
Copying file m4/extern-inline.m4
Copying file m4/getdelim.m4
Copying file m4/gethostname.m4
Copying file m4/getline.m4
Copying file m4/getopt.m4
Copying file m4/glibc21.m4
Copying file m4/gnulib-common.m4
Copying file m4/gnulib-tool.m4
Copying file m4/include_next.m4
Copying file m4/inttypes.m4
Copying file m4/langinfo_h.m4
Copying file m4/limits-h.m4
Copying file m4/localcharset.m4
Copying file m4/locale-fr.m4
Copying file m4/locale-ja.m4
Copying file m4/locale-zh.m4
Copying file m4/locale_h.m4
Copying file m4/localeconv.m4
Copying file m4/lock.m4
Copying file m4/malloc.m4
Copying file m4/mbrtowc.m4
Copying file m4/mbsinit.m4
Copying file m4/mbstate_t.m4
Copying file m4/mbtowc.m4
Copying file m4/msvc-inval.m4
Copying file m4/msvc-nothrow.m4
Copying file m4/multiarch.m4
Copying file m4/nl_langinfo.m4
Copying file m4/nocrash.m4
Copying file m4/off_t.m4
Copying file m4/pid_t.m4
Copying file m4/pthread_rwlock_rdlock.m4
Copying file m4/realloc.m4
Copying file m4/regex.m4
Copying file m4/setlocale_null.m4
Copying file m4/socketlib.m4
Copying file m4/sockets.m4
Copying file m4/socklen.m4
Copying file m4/sockpfaf.m4
Copying file m4/ssize_t.m4
Copying file m4/std-gnu11.m4
Copying file m4/stdalign.m4
Copying file m4/stdbool.m4
Copying file m4/stddef_h.m4
Copying file m4/stdint.m4
Copying file m4/stdio_h.m4
Copying file m4/stdlib_h.m4
Copying file m4/strcase.m4
Copying file m4/strings_h.m4
Copying file m4/sys_socket_h.m4
Copying file m4/sys_types_h.m4
Copying file m4/sys_uio_h.m4
Copying file m4/sysexits.m4
Copying file m4/termios_h.m4
Copying file m4/threadlib.m4
Copying file m4/time_h.m4
Copying file m4/unistd_h.m4
Copying file m4/visibility.m4
Copying file m4/warn-on-use.m4
Copying file m4/wchar_h.m4
Copying file m4/wchar_t.m4
Copying file m4/wcrtomb.m4
Copying file m4/wctype_h.m4
Copying file m4/wint_t.m4
Copying file m4/zzgnulib.m4
Creating gl/Makefile.am
Creating m4/gnulib-cache.m4
Creating m4/gnulib-comp.m4
Creating ./gl/.gitignore
Creating ./gl/glthread/.gitignore
Creating ./m4/.gitignore
Finished.
You may need to add #include directives for the following .h files.
#include <byteswap.h>
#include <getopt.h>
#include <regex.h>
#include <stdio.h>
#include <stdlib.h>
#include <strings.h>
#include <sysexits.h>
#include <termios.h>
#include <time.h>
#include <unistd.h>
You may need to use the following Makefile variables when linking.
Use them in <program>_LDADD when linking a program, or
in <library>_a_LDFLAGS or <library>_la_LDFLAGS when linking a library.
$(GETHOSTNAME_LIB)
$(LIBSOCKET)
$(LIBTHREAD)
$(LIB_HARD_LOCALE)
$(LIB_MBRTOWC)
$(LIB_SETLOCALE_NULL)
$(LTLIBINTL) when linking with libtool, $(LIBINTL) otherwise
Don't forget to
- add "gl/Makefile" to AC_CONFIG_FILES in ./configure.ac,
- mention "gl" in SUBDIRS in Makefile.am,
- mention "-I m4" in ACLOCAL_AMFLAGS in Makefile.am,
- mention "m4/gnulib-cache.m4" in EXTRA_DIST in Makefile.am,
- invoke gl_EARLY in ./configure.ac, right after AC_PROG_CC_C99,
- invoke gl_INIT in ./configure.ac.
autoreconf: Entering directory `.'
autoreconf: configure.ac: not using Gettext
autoreconf: running: aclocal --force -I m4
autoreconf: configure.ac: tracing
autoreconf: running: libtoolize --copy --force
libtoolize: putting auxiliary files in '.'.
libtoolize: copying file './ltmain.sh'
libtoolize: putting macros in AC_CONFIG_MACRO_DIRS, 'm4'.
libtoolize: copying file 'm4/libtool.m4'
libtoolize: copying file 'm4/ltoptions.m4'
libtoolize: copying file 'm4/ltsugar.m4'
libtoolize: copying file 'm4/ltversion.m4'
libtoolize: copying file 'm4/lt~obsolete.m4'
autoreconf: running: /usr/bin/autoconf --force
configure.ac:51: error: possibly undefined macro: AC_MSG_WARN
If this token and others are legitimate, please use m4_pattern_allow.
See the Autoconf documentation.
autoreconf: /usr/bin/autoconf failed with exit status: 1
OS: CentOS Linux release 8.3.2011
Kernel: 4.18.0-240.1.1.el8_3.x86_64
Dependencies:
- automake-1.16.1-6.el8.noarch
- autoconf-2.69-27.el8.noarch
- libtool-2.4.6-25.el8.x86_64
cross-compiling fails under v1.0.1
Describe the bug
When cross-compiling, configure script chokes and reports the following error:
checking for include/cryptoki/ncipher.h... configure: error: cannot check for file existence when cross compiling
To Reproduce
Steps to reproduce the behavior:
- download tagged version
v1.0.1 - follow cross-compiling instructions from
INSTALL.md
Expected behavior
configure script should suceed.
Operating System (please complete the following information):
- OS: debian 9
Additional context
cross-compiling for win32.
Commandline option -t can't find token
If I usel e.g. one of the tools p11ls, p11rm or p11mv with the -t option followed by the name of an existing token, I always get the message "*** Error: token with label 'xxx' not found".
This maybe also true for other commands as well but I haven't check that.
Cause of problem:
Source: lib/pkcs11_session.c
function: rtrim()
The above mentioned source file contains the following line (around line 37):
n = strlen((const char *)str)>limit ? limit : strlen((const char *)str);
That line is not working correctly. The > comparision fails.
Because strlen() calculates a length of 98 for the string and because this value is bigger than the limit of 32, after that comparison, n should have the value 32.
But it has not. n has still the value 98 and therefore the following comparison with the entered token name fails.
This is not an error in that line of code itself ! In my opinion, the root cause of the problem is an error in the gcc compiler if one of the optimization options -O1 or -O2 or -O3 is used.
One idea to solve the problem is to not use the -O2 flag for compilation of that source file.
The second ideas is to switch of the -O2 optimization just for the rtrim() function. This can be done to extend the pototype of that function to:
static CK_UTF8CHAR_PTR rtrim(CK_UTF8CHAR_PTR str, int limit) attribute((optimize("-O0")));
If I do this in my environment, the comparison now works correctly and therefore the commands now find my token by name successfully.
Additional info:
gcc (GCC) 8.2.1 20180905 (Red Hat 8.2.1-3) running on an AWS ec2-micro instance.
pkcs11-tools Latest commit db918aa on 22 Feb.
p11mv belongs to pkcs11-tools v1.0.2 (Aug 26 2019)
arch/CPU/OS: x86_64/x86_64/linux-gnu
using openssl library: OpenSSL 1.0.2t-dev xx XXX xxxx
Hope that helps :-)
By the way, these pkcs11-tools are extremely helpful. Thank you very much for that.
Compilation failed
I try to compile it my ubuntu. but here is the problem. even i installed the pkg-config
Once I removed the square brackets around the AC_MSG_ERROR and AC_MSG_WARN macro, it worked
49-50line:
AX_PROG_FLEX([],AC_MSG_WARN([GNU flex is required to regenerate lexer. Generated source code is provided, so it should be OK, until you change the lexer source file. Hint: use LEX variable to point to flex on your system.]))
AX_PROG_FLEX_VERSION([2.5.0],[],AC_MSG_WARN([GNU flex 2.5+ is required to regenerate lexer. Generated source code is provided, so it should be OK, until you change the lexer source file.]))55-56line:
AX_PROG_BISON([],AC_MSG_WARN([GNU bison is required to regenerate parser. Generated source code is provided, so it should be OK, until you change the parser source file.]))
AX_PROG_BISON_VERSION([3.0.0],[],AC_MSG_WARN([GNU bison v3+ is required to regenerate parser. Generated source code is provided, so it should be OK, until you change the parser source file. Hint: use YACC variable to point to bison on your system.]))
88line:
AC_SEARCH_LIBS([dlopen], [dl dld], [], AC_MSG_ERROR([unable to find the dlopen() function]) )But when i start to ./configure , it was another problem:
ian@star01:~/Desktop/pkcs11-tools$ ./configure
checking whether to enable maintainer-specific portions of Makefiles... no
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking target system type... x86_64-pc-linux-gnu
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking whether gcc understands -c and -o together... yes
checking for gcc option to accept ISO C99... none needed
checking for perl... /usr/bin/perl
checking for a thread-safe mkdir -p... /usr/bin/mkdir -p
checking for gtar... no
checking for tar... tar
checking for flex... flex
checking lex output file root... lex.yy
checking lex library... -lfl
checking whether yytext is a pointer... yes
./configure: line 4744: syntax error near unexpected token `,{'
./configure: line 4744: `AX_PROG_FLEX(,{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: GNU flex is required to regenerate lexer. Generated source code is provided, so it should be OK, until you change the lexer source file. Hint: use LEX variable to point to flex on your system." >&5'Here is the OS and releated info:
Linux star01 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
gcc (Ubuntu 9.3.0-17ubuntu1~20.04) 9.3.0
g++ (Ubuntu 9.3.0-17ubuntu1~20.04) 9.3.0
autoreconf (GNU Autoconf) 2.69
C_WrapKey using AES key to wrap ED448 and ED25519 fails for CKM_AES_KEY_WRAP_PAD with CKR_KEY_NOT_WRAPPABLE
Describe the bug
C_WrapKey using AES key to wrap ED448 and ED25519 fails for CKM_AES_KEY_WRAP_PAD with CKR_KEY_NOT_WRAPPABLE
To Reproduce
Steps to reproduce the behavior:
- Let's try wrapping a prime256v1 key with same steps and observe that it is successful.
p11keygen -k ec -q prime256v1 -i prime256v1-17 CKA_EXTRACTABLE=true -W 'wrappingkey="aes-sharing",algorithm=rfc5649,filename="prime256v1-key-wrapped.seck"'
+ p11keygen -k ec -q prime256v1 -i prime256v1-17 CKA_EXTRACTABLE=true -W 'wrappingkey="aes-sharing",algorithm=rfc5649,filename="prime256v1-key-wrapped.seck"'
Generating, please wait...
>>> key generated
>>> job #1: wrapping key 'prime256v1-17' with parameters 'wrappingkey="aes-sharing",algorithm=rfc5649,filename="prime256v1-key-wrapped.seck"'
key generation succeeded
- Repeat for ED25519 key
p11keygen -k ed -q ED25519 -i ED25519-17 CKA_EXTRACTABLE=true -W 'wrappingkey="aes-sharing",algorithm=rfc5649,filename="ED25519-key-wrapped.seck"'
+ p11keygen -k ed -q ED25519 -i ED25519-17 CKA_EXTRACTABLE=true -W 'wrappingkey="aes-sharing",algorithm=rfc5649,filename="ED25519-key-wrapped.seck"'
Generating, please wait...
>>> key generated
>>> job #1: wrapping key 'ED25519-17' with parameters 'wrappingkey="aes-sharing",algorithm=rfc5649,filename="ED25519-key-wrapped.seck"'
*** PKCS#11 Error: C_WrapKey() returned CKR_KEY_NOT_WRAPPABLE ( 0x00000069 )
***Warning: It didn't work with CKM_AES_KEY_WRAP_PAD
***Error: tried all mechanisms, no one worked
***Error: wrapping operation failed for wrapping job #1
some (1) wrapping jobs failed - returning code 1 (0x0001) to calling process
- p11keygen -k ed -q ED448 -i ED448-17 CKA_EXTRACTABLE=true -W 'wrappingkey="aes-sharing",algorithm=rfc5649,filename="ED448-key-wrapped.seck"'
+ p11keygen -k ed -q ED448 -i ED448-17 CKA_EXTRACTABLE=true -W 'wrappingkey="aes-sharing",algorithm=rfc5649,filename="ED448-key-wrapped.seck"'
Generating, please wait...
>>> key generated
>>> job #1: wrapping key 'ED448-17' with parameters 'wrappingkey="aes-sharing",algorithm=rfc5649,filename="ED448-key-wrapped.seck"'
*** PKCS#11 Error: C_WrapKey() returned CKR_KEY_NOT_WRAPPABLE ( 0x00000069 )
***Warning: It didn't work with CKM_AES_KEY_WRAP_PAD
***Error: tried all mechanisms, no one worked
***Error: wrapping operation failed for wrapping job #1
some (1) wrapping jobs failed - returning code 1 (0x0001) to calling process
Expected behavior
CKM_AES_KEY_WRAP_PAD should have been successful.
Screenshots
Operating System (please complete the following information):
- OS: CentOS 8.3.2011
- Kernel 5.8.5-1.el8.elrepo.x86_64
Support for more MACing options with `p11kcv`
p11kcv should support more MACing mechanisms:
- it should allow using the
CKA_CHECK_VALUEattribute value when found - support for CMAC, for 3DES and AES keys
- support for XCBC-MAC and XCBC-MAC-96 for AES keys
- support for regular MAC on 3DES and AES keys
Do not store generated files in the git repo
Describe the bug
Some files are in the git repository but they should not.
Expected behavior
The following files should be removed from git:
- compile
- config.guess
- config.rpath
- config.sub
- configure
- depcomp
- install-sh
- Makefile.in
- missing
- ylwrap
The m4/ directory should also be removed unless some specific files are not installed by the aclocal command.
Operating System (please complete the following information):
- OS: any
- Version any
Additional context
files generated by the autotools (automake, autoconf, autoheader, libtool, etc.) should not be in the git repo since they are generated.
You can provide a bootstrap.sh script to generated them for example.
`p11wrap` is mistakenly adding `CKA_EC_PARAMS` attribute.
p11wrap is mistakenly adding CKA_EC_PARAMS attribute.
When unwrapping the key, that parameter is forbidden, according to PKCS#11 v2.40 curr table 31 PKCS#11 v2.40 base table 10, item 6, "MUST not be specified when object is unwrapped with C_UnwrapKey."
This results in EC keys that cannot unwrap, when using cbcpad wrapping algorithm.
The workaround is to comment out CKA_EC_PARAMS from the wrap file before unwrapping the key.
Informational: Listed mechanism for SoftHSM
Hi @keldonin! Thanks for working on this awesome utility. While playing with it, I was a little confused by the output of p11slotinfo -l /usr/lib/softhsm/libsofthsm.so.
-----------
CKM_RSA_PKCS_KEY_PAIR_GEN --- --- --- --- --- --- --- --- gkp --- --- --- SW (00000000)
CKM_RSA_PKCS enc dec --- sig --- vfy --- --- --- --- --- --- SW (00000001)
CKM_RSA_X_509 --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000003)
CKM_MD5 --- --- hsh --- --- --- --- --- --- --- --- --- SW (00000210)
CKM_RIPEMD160 --- --- hsh --- --- --- --- --- --- --- --- --- SW (00000240)
CKM_SHA_1 --- --- hsh --- --- --- --- --- --- --- --- --- SW (00000220)
CKM_SHA256 --- --- hsh --- --- --- --- --- --- --- --- --- SW (00000250)
CKM_SHA384 --- --- hsh --- --- --- --- --- --- --- --- --- SW (00000260)
CKM_SHA512 --- --- hsh --- --- --- --- --- --- --- --- --- SW (00000270)
CKM_MD5_RSA_PKCS --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000005)
CKM_RIPEMD160_RSA_PKCS --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000008)
CKM_SHA1_RSA_PKCS --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000006)
CKM_SHA256_RSA_PKCS --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000040)
CKM_SHA384_RSA_PKCS --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000041)
CKM_SHA512_RSA_PKCS --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000042)
CKM_SHA1_RSA_PKCS_PSS --- --- --- sig --- vfy --- --- --- --- --- --- SW (0000000e)
CKM_SHA256_RSA_PKCS_PSS --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000043)
CKM_SHA384_RSA_PKCS_PSS --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000044)
CKM_SHA512_RSA_PKCS_PSS --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000045)
SoftHSM has support for AES GCM but it does not show up as a supported mechanism in the output. Any thoughts?
invalid mechanisms reported by p11slotinfo, on MIPS/Linux platform
Describe the bug
When executing p11slotinfo on a mips platform, mechanism names are incorrect.
To Reproduce
Steps to reproduce the behavior:
- deploy a new NSS token:
certutil -dsql:. -N - execute the following command:
$ with_nss p11slotinfo
PKCS#11 Library
---------------
Name : /usr/lib/libsoftokn3.so
Lib version : 3.89
API version : 2.40
Description : NSS Internal Crypto Services
Manufacturer: Mozilla Foundation
Slot[1]
-------------
Slot Number : 2
Description : NSS User Private Key and Certificate Services
Manufacturer: Mozilla Foundation
Slot Flags : [ CKF_TOKEN_PRESENT ]
Token
-------------
Label : NSS Certificate DB
Manufacturer: Mozilla Foundation
Token Flags : [ CKF_RNG CKF_LOGIN_REQUIRED CKF_USER_PIN_INITIALIZED CKF_DUAL_CRYPTO_OPERATIONS CKF_TOKEN_INITIALIZED ]
Mechanisms:
-----------
CKM_UNKNOWN_MECHANISM --- --- --- --- --- --- --- --- gkp --- --- --- SW (00000000)
CKM_UNKNOWN_MECHANISM enc dec --- sig sir vfy vre --- --- wra unw --- SW (00000001)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (0000000d)
CKM_UNKNOWN_MECHANISM enc dec --- --- --- --- --- --- --- wra unw --- SW (00000009)
CKM_UNKNOWN_MECHANISM enc dec --- sig sir vfy vre --- --- wra unw --- SW (00000003)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000004)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000005)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000006)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000046)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000040)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000041)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000042)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (0000000e)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000047)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000043)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000044)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000045)
CKM_UNKNOWN_MECHANISM --- --- --- --- --- --- --- --- gkp --- --- --- SW (00000010)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000011)
CKM_UNKNOWN_MECHANISM --- --- --- --- --- --- --- gen --- --- --- --- SW (00002000)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000012)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000013)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000014)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000015)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000016)
CKM_UNKNOWN_MECHANISM --- --- --- --- --- --- --- --- gkp --- --- --- SW (00000020)
CKM_UNKNOWN_MECHANISM --- --- --- --- --- --- --- --- --- --- --- der SW (00000021)
CKM_UNKNOWN_MECHANISM --- --- --- --- --- --- --- --- gkp --- --- --- SW (00001040) ec: F^p F2m --- nam unc ---
CKM_UNKNOWN_MECHANISM --- --- --- --- --- --- --- --- --- --- --- der SW (00001050) ec: F^p F2m --- nam unc ---
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00001041) ec: F^p F2m --- nam unc ---
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00001042) ec: F^p F2m --- nam unc ---
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00001043) ec: F^p F2m --- nam unc ---
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00001044) ec: F^p F2m --- nam unc ---
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00001045) ec: F^p F2m --- nam unc ---
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00001046) ec: F^p F2m --- nam unc ---
CKM_UNKNOWN_MECHANISM --- --- --- --- --- --- --- gen --- --- --- --- SW (00000100)
CKM_UNKNOWN_MECHANISM enc dec --- --- --- --- --- --- --- wra unw --- SW (00000101)
CKM_UNKNOWN_MECHANISM enc dec --- --- --- --- --- --- --- wra unw --- SW (00000102)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000103)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000104)
CKM_UNKNOWN_MECHANISM enc dec --- --- --- --- --- --- --- wra unw --- SW (00000105)
CKM_UNKNOWN_MECHANISM --- --- --- --- --- --- --- gen --- --- --- --- SW (00000120)
CKM_UNKNOWN_MECHANISM enc dec --- --- --- --- --- --- --- wra unw --- SW (00000121)
CKM_UNKNOWN_MECHANISM enc dec --- --- --- --- --- --- --- wra unw --- SW (00000122)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000123)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000124)
CKM_UNKNOWN_MECHANISM enc dec --- --- --- --- --- --- --- wra unw --- SW (00000125)
CKM_UNKNOWN_MECHANISM --- --- --- --- --- --- --- gen --- --- --- --- SW (00000130)
CKM_UNKNOWN_MECHANISM --- --- --- --- --- --- --- gen --- --- --- --- SW (00000131)
CKM_UNKNOWN_MECHANISM enc dec --- --- --- --- --- --- --- wra unw --- SW (00000132)
CKM_UNKNOWN_MECHANISM enc dec --- --- --- --- --- --- --- wra unw --- SW (00000133)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000134)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000135)
CKM_UNKNOWN_MECHANISM enc dec --- --- --- --- --- --- --- wra unw --- SW (00000136)
CKM_UNKNOWN_MECHANISM --- --- --- --- --- --- --- gen --- --- --- --- SW (00000140)
CKM_UNKNOWN_MECHANISM enc dec --- --- --- --- --- --- --- wra unw --- SW (00000141)
CKM_UNKNOWN_MECHANISM enc dec --- --- --- --- --- --- --- wra unw --- SW (00000142)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000143)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000144)
CKM_UNKNOWN_MECHANISM enc dec --- --- --- --- --- --- --- wra unw --- SW (00000145)
CKM_UNKNOWN_MECHANISM --- --- --- --- --- --- --- gen --- --- --- --- SW (00001080)
CKM_UNKNOWN_MECHANISM enc dec --- --- --- --- --- --- --- wra unw --- SW (00001081)
CKM_UNKNOWN_MECHANISM enc dec --- --- --- --- --- --- --- wra unw --- SW (00001082)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00001083)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00001084)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (0000108a)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (0000108b)
CKM_UNKNOWN_MECHANISM enc dec --- --- --- --- --- --- --- wra unw --- SW (00001085)
CKM_UNKNOWN_MECHANISM enc dec --- --- --- --- --- --- --- --- --- --- SW (00001089)
CKM_UNKNOWN_MECHANISM enc dec --- --- --- --- --- --- --- --- --- --- SW (00001086)
CKM_UNKNOWN_MECHANISM enc dec --- --- --- --- --- --- --- --- --- --- SW (00001087)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (0000108d)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (0000108c)
CKM_UNKNOWN_MECHANISM --- --- --- --- --- --- --- gen --- --- --- --- SW (00000550)
CKM_UNKNOWN_MECHANISM enc dec --- --- --- --- --- --- --- wra unw --- SW (00000551)
CKM_UNKNOWN_MECHANISM enc dec --- --- --- --- --- --- --- wra unw --- SW (00000552)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000553)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000554)
CKM_UNKNOWN_MECHANISM enc dec --- --- --- --- --- --- --- wra unw --- SW (00000555)
CKM_UNKNOWN_MECHANISM --- --- --- --- --- --- --- gen --- --- --- --- SW (00000650)
CKM_UNKNOWN_MECHANISM enc dec --- --- --- --- --- --- --- wra unw --- SW (00000651)
CKM_UNKNOWN_MECHANISM enc dec --- --- --- --- --- --- --- wra unw --- SW (00000652)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000653)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000654)
CKM_UNKNOWN_MECHANISM enc dec --- --- --- --- --- --- --- wra unw --- SW (00000655)
CKM_VENDOR_DEFINED *--- --- --- --- --- --- --- gen --- --- --- --- SW (ce53436b)
CKM_VENDOR_DEFINED *enc dec --- --- --- --- --- --- --- --- --- --- SW (ce53436c)
CKM_VENDOR_DEFINED *enc dec --- --- --- --- --- --- --- --- --- --- SW (ce534371)
CKM_UNKNOWN_MECHANISM --- --- --- --- --- --- --- gen --- --- --- --- SW (00001225)
CKM_UNKNOWN_MECHANISM enc dec --- --- --- --- --- --- --- --- --- --- SW (00001226)
CKM_UNKNOWN_MECHANISM enc dec --- --- --- --- --- --- --- --- --- --- SW (00004021)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000201)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000202)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000211)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000212)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000221)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000222)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000256)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000257)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000251)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000252)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000261)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000262)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000271)
CKM_UNKNOWN_MECHANISM --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000272)
CKM_UNKNOWN_MECHANISM --- --- --- --- --- --- --- --- --- --- --- der SW (0000402a)
CKM_UNKNOWN_MECHANISM --- --- --- --- --- --- --- --- --- --- --- der SW (0000402b)
CKM_UNKNOWN_MECHANISM --- --- --- --- --- --- --- gen --- --- --- --- SW (0000402c)
CKM_VENDOR_DEFINED *--- --- --- --- --- --- --- --- --- --- --- der SW (ce534353)
CKM_VENDOR_DEFINED *--- --- --- --- --- --- --- --- --- --- --- der SW (ce534354)
CKM_VENDOR_DEFINED *--- --- --- --- --- --- --- --- --- --- --- der SW (ce534355)
CKM_VENDOR_DEFINED *--- --- --- --- --- --- --- --- --- --- --- der SW (ce534356)
CKM_UNKNOWN_MECHANISM --- --- --- --- --- --- --- gen --- --- --- --- SW (00000350)
CKM_UNKNOWN_MECHANISM --- --- --- --- --- --- --- --- --- --- --- der SW (000003a0)
CKM_UNKNOWN_MECHANISM --- --- --- --- --- --- --- --- --- --- --- der SW (000003a1)
CKM_VENDOR_DEFINED *--- --- --- --- --- --- --- gen --- --- --- --- SW (80000002)
CKM_VENDOR_DEFINED *--- --- --- --- --- --- --- gen --- --- --- --- SW (80000008)
CKM_UNKNOWN_MECHANISM --- --- --- --- --- --- --- gen --- --- --- --- SW (000003a8)
CKM_UNKNOWN_MECHANISM --- --- --- --- --- --- --- gen --- --- --- --- SW (000003a9)
CKM_UNKNOWN_MECHANISM --- --- --- --- --- --- --- gen --- --- --- --- SW (000003ab)
CKM_UNKNOWN_MECHANISM --- --- --- --- --- --- --- gen --- --- --- --- SW (000003aa)
CKM_UNKNOWN_MECHANISM --- --- --- --- --- --- --- gen --- --- --- --- SW (000003a7)
CKM_UNKNOWN_MECHANISM --- --- --- --- --- --- --- gen --- --- --- --- SW (000003a6)
CKM_UNKNOWN_MECHANISM --- --- --- --- --- --- --- gen --- --- --- --- SW (000003c0)
CKM_UNKNOWN_MECHANISM --- --- --- --- --- --- --- gen --- --- --- --- SW (000003b0)
CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN *--- --- --- --- --- --- --- gen --- --- --- --- SW (80000009)
CKM_VENDOR_DEFINED *--- --- --- --- --- --- --- gen --- --- --- --- SW (8000000a)
CKM_VENDOR_DEFINED *--- --- --- --- --- --- --- gen --- --- --- --- SW (8000000b)
CKM_VENDOR_DEFINED *--- --- --- --- --- --- --- gen --- --- --- --- SW (ce53436d)
CKM_VENDOR_DEFINED *--- --- --- --- --- --- --- gen --- --- --- --- SW (ce53436e)
CKM_VENDOR_DEFINED *--- --- --- --- --- --- --- gen --- --- --- --- SW (ce53436f)
CKM_VENDOR_DEFINED *--- --- --- --- --- --- --- gen --- --- --- --- SW (ce534370)
CKM_UNKNOWN_MECHANISM --- --- --- --- --- --- --- --- --- --- --- der SW (000003ac)
CKM_UNKNOWN_MECHANISM --- --- --- --- --- --- --- --- --- --- --- der SW (000003ad)
CKM_UNKNOWN_MECHANISM --- --- --- --- --- --- --- --- --- --- --- der SW (000003ae)
CKM_VENDOR_DEFINED *--- --- --- --- --- --- --- --- --- --- --- der SW (ce53437a)
CKM_VENDOR_DEFINED *--- --- --- --- --- --- --- --- --- --- --- der SW (ce53437b)
CKM_VENDOR_DEFINED *--- --- --- --- --- --- --- --- --- --- --- der SW (ce53437c)
CKM_VENDOR_DEFINED *enc dec --- --- --- --- --- --- --- wra unw --- SW (ce534351)
CKM_VENDOR_DEFINED *enc dec --- --- --- --- --- --- --- wra unw --- SW (ce534352)
CKM_UNKNOWN_MECHANISM enc dec --- --- --- --- --- --- --- wra unw --- SW (00002109)
CKM_UNKNOWN_MECHANISM enc dec --- --- --- --- --- --- --- wra unw --- SW (0000210a)
CKM_UNKNOWN_MECHANISM enc dec --- --- --- --- --- --- --- wra unw --- SW (0000210b)
CKM_NSS_JPAKE_ROUND1_SHA1 *--- --- --- --- --- --- --- gen --- --- --- --- SW (ce534357)
CKM_VENDOR_DEFINED *--- --- --- --- --- --- --- gen --- --- --- --- SW (ce534358)
CKM_VENDOR_DEFINED *--- --- --- --- --- --- --- gen --- --- --- --- SW (ce534359)
CKM_VENDOR_DEFINED *--- --- --- --- --- --- --- gen --- --- --- --- SW (ce53435a)
CKM_VENDOR_DEFINED *--- --- --- --- --- --- --- --- --- --- --- der SW (ce53435b)
CKM_VENDOR_DEFINED *--- --- --- --- --- --- --- --- --- --- --- der SW (ce53435c)
CKM_VENDOR_DEFINED *--- --- --- --- --- --- --- --- --- --- --- der SW (ce53435d)
CKM_NSS_JPAKE_ROUND2_SHA512 *--- --- --- --- --- --- --- --- --- --- --- der SW (ce53435e)
CKM_VENDOR_DEFINED *--- --- --- --- --- --- --- --- --- --- --- der SW (ce53435f)
CKM_VENDOR_DEFINED *--- --- --- --- --- --- --- --- --- --- --- der SW (ce534360)
CKM_VENDOR_DEFINED *--- --- --- --- --- --- --- --- --- --- --- der SW (ce534361)
CKM_NSS_JPAKE_FINAL_SHA512 *--- --- --- --- --- --- --- --- --- --- --- der SW (ce534362)
CKM_VENDOR_DEFINED *--- --- hsh --- --- --- --- --- --- --- --- --- SW (ce534363)
CKM_NSS_SSL3_MAC_CONSTANT_TIME *--- --- hsh --- --- --- --- --- --- --- --- --- SW (ce534364)
CKM_VENDOR_DEFINED *--- --- --- --- --- --- --- --- --- --- --- der SW (ce534372)
CKM_VENDOR_DEFINED *--- --- --- --- --- --- --- --- --- --- --- der SW (ce534373)
CKM_VENDOR_DEFINED *--- --- --- --- --- --- --- --- --- --- --- der SW (ce534374)
CKM_VENDOR_DEFINED *--- --- --- --- --- --- --- --- --- --- --- der SW (ce534375)
Expected behavior
Most of the mechanisms should have their proper mechanism name instead of CKM_VENDOR_DEFINED.
Operating System (please complete the following information):
- OS: GNU/Linux 5.15.137
- arch: mips
Failing compilation on Ubuntu 22.04
Describe the bug
The first step in building this software, ./bootstrap.sh fails with issues pointing to the configuration files.
Operating System (please complete the following information):
- OS: Ubuntu 22.04 (64-bit)
Additional context
Output from running the command:
/pkcs11-tools$ ./bootstrap.sh
Module list with included dependencies (indented):
absolute-header
attribute
btowc
builtin-expect
byteswap
c99
calloc-gnu
calloc-posix
dynarray
errno
extensions
extern-inline
fd-hook
free-posix
getdelim
gethostname
getline
getopt-gnu
getopt-posix
gettext-h
hard-locale
include_next
intprops
inttypes-incomplete
langinfo
libc-config
limits-h
localcharset
locale
localeconv
lock
malloc-gnu
malloc-posix
mbrtowc
mbsinit
mbtowc
msvc-inval
msvc-nothrow
multiarch
nl_langinfo
nocrash
realloc-gnu
realloc-posix
regex
setlocale-null
snippet/_Noreturn
snippet/arg-nonnull
snippet/c++defs
snippet/warn-on-use
socketlib
sockets
socklen
ssize_t
std-gnu11
stdalign
stdbool
stddef
stdint
stdio
stdlib
strcase
streq
string
strings
sys_socket
sys_types
sys_uio
sysexits
termios
threadlib
time
unistd
vararrays
verify
wchar
wcrtomb
wctype-h
windows-mutex
windows-once
windows-recmutex
windows-rwlock
xalloc-oversized
File list:
lib/_Noreturn.h
lib/arg-nonnull.h
lib/attribute.h
lib/btowc.c
lib/byteswap.in.h
lib/c++defs.h
lib/calloc.c
lib/cdefs.h
lib/dynarray.h
lib/errno.in.h
lib/fd-hook.c
lib/fd-hook.h
lib/free.c
lib/getdelim.c
lib/gethostname.c
lib/getline.c
lib/getopt-cdefs.in.h
lib/getopt-core.h
lib/getopt-ext.h
lib/getopt-pfx-core.h
lib/getopt-pfx-ext.h
lib/getopt.c
lib/getopt.in.h
lib/getopt1.c
lib/getopt_int.h
lib/gettext.h
lib/glthread/lock.c
lib/glthread/lock.h
lib/glthread/threadlib.c
lib/hard-locale.c
lib/hard-locale.h
lib/intprops.h
lib/inttypes.in.h
lib/langinfo.in.h
lib/lc-charset-dispatch.c
lib/lc-charset-dispatch.h
lib/libc-config.h
lib/limits.in.h
lib/localcharset.c
lib/localcharset.h
lib/locale.in.h
lib/localeconv.c
lib/malloc.c
lib/malloc/dynarray-skeleton.c
lib/malloc/dynarray.h
lib/malloc/dynarray_at_failure.c
lib/malloc/dynarray_emplace_enlarge.c
lib/malloc/dynarray_finalize.c
lib/malloc/dynarray_resize.c
lib/malloc/dynarray_resize_clear.c
lib/mbrtowc-impl-utf8.h
lib/mbrtowc-impl.h
lib/mbrtowc.c
lib/mbsinit.c
lib/mbtowc-impl.h
lib/mbtowc-lock.c
lib/mbtowc-lock.h
lib/mbtowc.c
lib/msvc-inval.c
lib/msvc-inval.h
lib/msvc-nothrow.c
lib/msvc-nothrow.h
lib/nl_langinfo-lock.c
lib/nl_langinfo.c
lib/realloc.c
lib/regcomp.c
lib/regex.c
lib/regex.h
lib/regex_internal.c
lib/regex_internal.h
lib/regexec.c
lib/setlocale-lock.c
lib/setlocale_null.c
lib/setlocale_null.h
lib/sockets.c
lib/sockets.h
lib/stdalign.in.h
lib/stdbool.in.h
lib/stddef.in.h
lib/stdint.in.h
lib/stdio.in.h
lib/stdlib.in.h
lib/strcasecmp.c
lib/streq.h
lib/string.in.h
lib/strings.in.h
lib/strncasecmp.c
lib/sys_socket.c
lib/sys_socket.in.h
lib/sys_types.in.h
lib/sys_uio.in.h
lib/sysexits.in.h
lib/termios.in.h
lib/time.in.h
lib/unistd.c
lib/unistd.in.h
lib/verify.h
lib/w32sock.h
lib/warn-on-use.h
lib/wchar.in.h
lib/wcrtomb.c
lib/wctype-h.c
lib/wctype.in.h
lib/windows-initguard.h
lib/windows-mutex.c
lib/windows-mutex.h
lib/windows-once.c
lib/windows-once.h
lib/windows-recmutex.c
lib/windows-recmutex.h
lib/windows-rwlock.c
lib/windows-rwlock.h
lib/xalloc-oversized.h
m4/00gnulib.m4
m4/__inline.m4
m4/absolute-header.m4
m4/btowc.m4
m4/builtin-expect.m4
m4/byteswap.m4
m4/calloc.m4
m4/codeset.m4
m4/eealloc.m4
m4/errno_h.m4
m4/extensions.m4
m4/extern-inline.m4
m4/free.m4
m4/getdelim.m4
m4/gethostname.m4
m4/getline.m4
m4/getopt.m4
m4/gnulib-common.m4
m4/include_next.m4
m4/inttypes.m4
m4/langinfo_h.m4
m4/limits-h.m4
m4/localcharset.m4
m4/locale-fr.m4
m4/locale-ja.m4
m4/locale-zh.m4
m4/locale_h.m4
m4/localeconv.m4
m4/lock.m4
m4/malloc.m4
m4/mbrtowc.m4
m4/mbsinit.m4
m4/mbstate_t.m4
m4/mbtowc.m4
m4/msvc-inval.m4
m4/msvc-nothrow.m4
m4/multiarch.m4
m4/nl_langinfo.m4
m4/nocrash.m4
m4/off_t.m4
m4/pid_t.m4
m4/pthread_rwlock_rdlock.m4
m4/realloc.m4
m4/regex.m4
m4/setlocale_null.m4
m4/socketlib.m4
m4/sockets.m4
m4/socklen.m4
m4/sockpfaf.m4
m4/ssize_t.m4
m4/std-gnu11.m4
m4/stdalign.m4
m4/stdbool.m4
m4/stddef_h.m4
m4/stdint.m4
m4/stdio_h.m4
m4/stdlib_h.m4
m4/strcase.m4
m4/string_h.m4
m4/strings_h.m4
m4/sys_socket_h.m4
m4/sys_types_h.m4
m4/sys_uio_h.m4
m4/sysexits.m4
m4/termios_h.m4
m4/threadlib.m4
m4/time_h.m4
m4/unistd_h.m4
m4/vararrays.m4
m4/visibility.m4
m4/warn-on-use.m4
m4/wchar_h.m4
m4/wchar_t.m4
m4/wcrtomb.m4
m4/wctype_h.m4
m4/wint_t.m4
m4/zzgnulib.m4
Finished.You may need to add #include directives for the following .h files.
#include <byteswap.h>
#include <getopt.h>
#include <regex.h>
#include <stdio.h>
#include <stdlib.h>
#include <strings.h>
#include <sysexits.h>
#include <termios.h>
#include <time.h>
#include <unistd.h>You may need to use the following Makefile variables when linking.
Use them in _LDADD when linking a program, or
in _a_LDFLAGS or _la_LDFLAGS when linking a library.
$(GETHOSTNAME_LIB)
$(LIBSOCKET)
$(LIBTHREAD)
$(LIB_HARD_LOCALE)
$(LIB_MBRTOWC)
$(LIB_SETLOCALE_NULL)
$(LTLIBINTL) when linking with libtool, $ (LIBINTL) otherwiseDon't forget to
- add "gl/Makefile" to AC_CONFIG_FILES in ./configure.ac,
- mention "gl" in SUBDIRS in Makefile.am,
- mention "-I m4" in ACLOCAL_AMFLAGS in Makefile.am,
- mention "m4/gnulib-cache.m4" in EXTRA_DIST in Makefile.am,
- invoke gl_EARLY in ./configure.ac, right after AC_PROG_CC,
- invoke gl_INIT in ./configure.ac.
autoreconf: export WARNINGS=
autoreconf: Entering directory '.'
autoreconf: configure.ac: not using Gettext
autoreconf: running: aclocal --force -I m4
autoreconf: configure.ac: tracing
autoreconf: running: libtoolize --copy --force
libtoolize: putting auxiliary files in '.'.
libtoolize: copying file './ltmain.sh'
libtoolize: putting macros in AC_CONFIG_MACRO_DIRS, 'm4'.
libtoolize: copying file 'm4/libtool.m4'
libtoolize: copying file 'm4/ltoptions.m4'
libtoolize: copying file 'm4/ltsugar.m4'
libtoolize: copying file 'm4/ltversion.m4'
libtoolize: copying file 'm4/lt~obsolete.m4'
autoreconf: configure.ac: not using Intltool
autoreconf: configure.ac: not using Gtkdoc
autoreconf: running: aclocal --force -I m4
autoreconf: running: /usr/bin/autoconf --force
configure.ac:37: warning: AC_PROG_CC_C99 is obsolete; use AC_PROG_CC
configure.ac:40: warning: ac_ext=c
configure.ac:40: ac_cpp='$CPP $CPPFLAGS'
configure.ac:40: ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
configure.ac:40: ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
configure.ac:40: ac_compiler_gnu=$ac_cv_c_compiler_gnu
configure.ac:40: if test -n "$ac_tool_prefix"; then
configure.ac:40: # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
configure.ac:40: set dummy ${ac_tool_prefix}gcc; ac_word=$2
configure.ac:40: { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
configure.ac:40: printf %s "checking for $ac_word... " >&6; }
configure.ac:40: if test ${ac_cv_prog_CC+y}
configure.ac:40: then :
configure.ac:40: printf %s "(cached) " >&6
configure.ac:40: else $as_nop
configure.ac:40: if test -n "$CC"; then
configure.ac:40: ac_cv_prog_CC="$CC" # Let the user override the test.
configure.ac:40: else
configure.ac:40: as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
configure.ac:40: for as_dir in $PATH
configure.ac:40: do
configure.ac:40: IFS=$as_save_IFS
configure.ac:40: case $as_dir in #(((
configure.ac:40: '' is m4_require'd but not m4_defun'd
lib/m4sugar/m4sh.m4:692: _AS_IF_ELSE is expanded from...
lib/m4sugar/m4sh.m4:699: AS_IF is expanded from...
./lib/autoconf/general.m4:2249: AC_CACHE_VAL is expanded from...
./lib/autoconf/programs.m4:41: _AC_CHECK_PROG is expanded from...
./lib/autoconf/programs.m4:101: AC_CHECK_PROG is expanded from...
./lib/autoconf/programs.m4:221: AC_CHECK_TOOL is expanded from...
./lib/autoconf/c.m4:452: AC_PROG_CC is expanded from...
configure.ac:40: the top level
configure.ac:46: warning: ac_ext=c
configure.ac:46: ac_cpp='$CPP $CPPFLAGS'
configure.ac:46: ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
configure.ac:46: ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
configure.ac:46: ac_compiler_gnu=$ac_cv_c_compiler_gnu
configure.ac:46: if test -n "$ac_tool_prefix"; then
configure.ac:46: # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
configure.ac:46: set dummy ${ac_tool_prefix}gcc; ac_word=$2
configure.ac:46: { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
configure.ac:46: printf %s "checking for $ac_word... " >&6; }
configure.ac:46: if test ${ac_cv_prog_CC+y}
configure.ac:46: then :
configure.ac:46: printf %s "(cached) " >&6
configure.ac:46: else $as_nop
configure.ac:46: if test -n "$CC"; then
configure.ac:46: ac_cv_prog_CC="$CC" # Let the user override the test.
configure.ac:46: else
configure.ac:46: as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
configure.ac:46: for as_dir in $PATH
configure.ac:46: do
configure.ac:46: IFS=$as_save_IFS
configure.ac:46: case $as_dir in #(((
configure.ac:46: '' is m4_require'd but not m4_defun'd
lib/m4sugar/m4sh.m4:692: _AS_IF_ELSE is expanded from...
lib/m4sugar/m4sh.m4:699: AS_IF is expanded from...
./lib/autoconf/general.m4:2249: AC_CACHE_VAL is expanded from...
./lib/autoconf/programs.m4:41: _AC_CHECK_PROG is expanded from...
./lib/autoconf/programs.m4:101: AC_CHECK_PROG is expanded from...
./lib/autoconf/programs.m4:221: AC_CHECK_TOOL is expanded from...
./lib/autoconf/c.m4:452: AC_PROG_CC is expanded from...
configure.ac:46: the top level
configure.ac:55: warning: AC_PROG_LEX without either yywrap or noyywrap is obsolete
./lib/autoconf/programs.m4:716: _AC_PROG_LEX is expanded from...
./lib/autoconf/programs.m4:709: AC_PROG_LEX is expanded from...
aclocal.m4:1041: AM_PROG_LEX is expanded from...
configure.ac:55: the top level
configure.ac:72: warning: The macro 'AC_PROG_LIBTOOL' is obsolete.
configure.ac:72: You should run autoupdate.
m4/libtool.m4:99: AC_PROG_LIBTOOL is expanded from...
configure.ac:72: the top level
configure.ac:214: warning: The macro 'AC_CANONICAL_SYSTEM' is obsolete.
configure.ac:214: You should run autoupdate.
./lib/autoconf/general.m4:2081: AC_CANONICAL_SYSTEM is expanded from...
m4/ax_create_target_h.m4:473: AC_CANONICAL_CPU_ARCH is expanded from...
m4/ax_create_target_h.m4:93: AX_CREATE_TARGET_H is expanded from...
configure.ac:214: the top level
configure.ac:34: error: possibly undefined macro: AC_PROG_CC
If this token and others are legitimate, please use m4_pattern_allow.
See the Autoconf documentation.
configure.ac:38: error: possibly undefined macro: AC_PROG_CC_C99
configure.ac:57: error: possibly undefined macro: AC_MSG_WARN
autoreconf: error: /usr/bin/autoconf failed with exit status: 1/pkcs11-tools$
Support for PKCS#11 v2.40
Forked from issue #5
bootstrap error Ubuntu 22.04
neither bootstrap nor autreconf is working on Ubuntu 22.04:
$ ./bootstrap.sh
aclocal.m4:1041: AM_PROG_LEX is expanded from...
configure.ac:49: the top level
configure.ac:66: warning: The macro `AC_PROG_LIBTOOL' is obsolete.
configure.ac:66: You should run autoupdate.
m4/libtool.m4:99: AC_PROG_LIBTOOL is expanded from...
configure.ac:66: the top level
configure.ac:208: warning: The macro `AC_CANONICAL_SYSTEM' is obsolete.
configure.ac:208: You should run autoupdate.
./lib/autoconf/general.m4:2081: AC_CANONICAL_SYSTEM is expanded from...
m4/ax_create_target_h.m4:473: AC_CANONICAL_CPU_ARCH is expanded from...
m4/ax_create_target_h.m4:93: AX_CREATE_TARGET_H is expanded from...
configure.ac:208: the top level
configure.ac:51: error: possibly undefined macro: AC_MSG_WARN
If this token and others are legitimate, please use m4_pattern_allow.
See the Autoconf documentation.
autoreconf: error: /usr/bin/autoconf failed with exit status: 1
$ autoreconf -ifv
autoreconf: export WARNINGS=
autoreconf: Entering directory '.'
autoreconf: configure.ac: not using Gettext
autoreconf: running: aclocal --force -I m4
autoreconf: configure.ac: tracing
autoreconf: running: libtoolize --copy --force
libtoolize: putting auxiliary files in '.'.
libtoolize: copying file './ltmain.sh'
libtoolize: putting macros in AC_CONFIG_MACRO_DIRS, 'm4'.
libtoolize: copying file 'm4/libtool.m4'
libtoolize: copying file 'm4/ltoptions.m4'
libtoolize: copying file 'm4/ltsugar.m4'
libtoolize: copying file 'm4/ltversion.m4'
libtoolize: copying file 'm4/lt~obsolete.m4'
autoreconf: configure.ac: not using Intltool
autoreconf: configure.ac: not using Gtkdoc
autoreconf: running: aclocal --force -I m4
autoreconf: running: /usr/bin/autoconf --force
configure.ac:37: warning: The macro `AC_PROG_CC_C99' is obsolete.
configure.ac:37: You should run autoupdate.
./lib/autoconf/c.m4:1659: AC_PROG_CC_C99 is expanded from...
configure.ac:37: the top level
configure.ac:49: warning: AC_PROG_LEX without either yywrap or noyywrap is obsolete
./lib/autoconf/programs.m4:716: _AC_PROG_LEX is expanded from...
./lib/autoconf/programs.m4:709: AC_PROG_LEX is expanded from...
aclocal.m4:1041: AM_PROG_LEX is expanded from...
configure.ac:49: the top level
configure.ac:66: warning: The macro `AC_PROG_LIBTOOL' is obsolete.
configure.ac:66: You should run autoupdate.
m4/libtool.m4:99: AC_PROG_LIBTOOL is expanded from...
configure.ac:66: the top level
configure.ac:208: warning: The macro `AC_CANONICAL_SYSTEM' is obsolete.
configure.ac:208: You should run autoupdate.
./lib/autoconf/general.m4:2081: AC_CANONICAL_SYSTEM is expanded from...
m4/ax_create_target_h.m4:473: AC_CANONICAL_CPU_ARCH is expanded from...
m4/ax_create_target_h.m4:93: AX_CREATE_TARGET_H is expanded from...
configure.ac:208: the top level
configure.ac:51: error: possibly undefined macro: AC_MSG_WARN
If this token and others are legitimate, please use m4_pattern_allow.
See the Autoconf documentation.
autoreconf: error: /usr/bin/autoconf failed with exit status: 1
It's the only package it fails autoreconf, didn't notice this error with any other software so far.
p11req -X option results in malloc failure
Describe the bug
using the p11req command with the following options
$ p11req -i testp1 -d /CN=abc/O=def/C=xx-o ~/cavium_testp1.pkcs10 -e IP:0.0.0.0 -X
results in the following bug
*** OpenSSL ERROR at ../../lib/pkcs11_req.c:49 'error:0F076041:common libcrypto routines:OPENSSL_hexstr2buf:malloc failure' - (from crypto/o_str.c:157)
To Reproduce
1.
$ p11req -i testp1 -d /CN=abc/O=def/C=xx-o ~/cavium_testp1.pkcs10 -e IP:0.0.0.0 -X
*** OpenSSL ERROR at ../../lib/pkcs11_req.c:49 'error:0F076041:common libcrypto routines:OPENSSL_hexstr2buf:malloc failure' - (from crypto/o_str.c:157)
Expected behavior
No malloc error, command should produce valid pkcs10 request file. Removing the -X option at the end makes it succeed.
Screenshots
N/A
Operating System (please complete the following information):
- OS: Linux
- Version
Linux 3.10.0-1160.71.1.0.1.el7.x86_64 #1 SMP Tue Jun 28 22:16:18 PDT 2022 x86_64 x86_64 x86_64 GNU/Linux
$ p11req -V
p11req belongs to pkcs11-tools v2.6.0 (Jul 13 2023)
arch/CPU/OS: x86_64/x86_64/linux-gnu
using openssl library: OpenSSL 1.1.1t 7 Feb 2023
compiled with nCipher extensions
compiled with Gemalto Safenet Luna extensions
Additional context
N/A
ubuntu 22.04 Compilation error
Describe the bug
When building pkcs-tools-2.5.1 package 2.5.1 I receive the following issue:
In file included from attribctx_lexer.c:49:
../gl/string.h:965:1: error: expected ',' or ';' before '_GL_ATTRIBUTE_MALLOC'
965 | _GL_FUNCDECL_SYS (strdup, char *,
| ^~~~~~~~~~~~~~~~
make[2]: *** [Makefile:1657: libp11_la-attribctx_lexer.lo] Error 1
To Reproduce
Steps to reproduce the behavior:
- Download pkcs11-tools-2.5.1.tar.gz
- Untar the achive
- ./configure
- ./make
Expected behavior
Expect the package to build.
Screenshots
If applicable, add screenshots to help explain your problem.
Operating System (please complete the following information):
- OS: Linux
- Version Ubuntu 22.04
Additional context
Add any other context about the problem here.
OpenSSL 1.1.1, Cryptoki 2.40, possibly Cryptoki v3 EdDSA features?
Hi Eric,
great project! I see in https://github.com/Mastercard/pkcs11-tools/projects/1 that you're planning to support OpenSSL 1.1 and update to Cryptoki 2.40, is this actively being worked on, in the sense having an idea when it will land?
Additionally, it would be great to already have support for EdDSA: it should be included in PKCS#11 version 3, there is a draft that looks close to final, and SoftHSMv2 added support in 2.5.
issues with eddsa after keygen
Able to run keygen and ls using ed25519 and 448. but not other functions such as cat, req, mkcert, etc with eddsa. No issues with other tested algorithms such as prime256, etc. Believe to have a working install otherwise.
-
setup system
compile and install softhsm 2.6.1 with --enable-eddsa
compile and install mastercard/pkcs11-tools
install gnutls-utils 3.7.2
openssl 1.1.1k -
initialize softhsm token
softhsm2-util --init-token --slot 0 --label "CA_G1" --so-pin password --pin 1111
softhsm2-util --sh
2a. Results
Found token (9e4f3336-a231-b09b-b7dd-be8a5edc900b) with matching serial.
The token (/var/lib/softhsm/tokens/9e4f3336-a231-b09b-b7dd-be8a5edc900b) has been deleted.
The token has been initialized and is reassigned to slot 124920443
Available slots:
Slot 124920443
Slot info:
Description: SoftHSM slot ID 0x772227b
Manufacturer ID: SoftHSM project
Hardware version: 2.6
Firmware version: 2.6
Token present: yes
Token info:
Manufacturer ID: SoftHSM project
Model: SoftHSM v2
Hardware version: 2.6
Firmware version: 2.6
Serial number: cecf60180772227b
Initialized: yes
User PIN init.: yes
Label: CA_G1
Slot 1
Slot info:
Description: SoftHSM slot ID 0x1
Manufacturer ID: SoftHSM project
Hardware version: 2.6
Firmware version: 2.6
Token present: yes
Token info:
Manufacturer ID: SoftHSM project
Model: SoftHSM v2
Hardware version: 2.6
Firmware version: 2.6
Serial number:
Initialized: no
User PIN init.: no
Label:
- setup pkcs11-tools and generate keys
export PKCS11LIB=/usr/local/lib/softhsm/libsofthsm2.so
export PKCS11SLOT=0
export PKCS11TOKENLABEL=CA_G1
export PKCS11PASSWORD=1111
p11slotinfo (abbreviated to show relevant supported algorithms)
PKCS#11 Library
Name : /usr/local/lib/softhsm/libsofthsm2.so
Lib version : 2.6
API version : 2.40
Description : Implementation of PKCS11
Manufacturer: SoftHSM
Slot[0]
Slot Number : 124920443
Description : SoftHSM slot ID 0x772227b
Manufacturer: SoftHSM project
Slot Flags : [ CKF_TOKEN_PRESENT ]
Token
Label : CA_G1
Manufacturer: SoftHSM project
Token Flags : [ CKF_RNG CKF_LOGIN_REQUIRED CKF_USER_PIN_INITIALIZED CKF_RESTORE_KEY_NOT_NEEDED CKF_TOKEN_INITIALIZED ]
Mechanisms:
CKM_ECDH1_DERIVE --- --- --- --- --- --- --- --- --- --- --- der SW (00001050)
CKM_ECDSA --- --- --- sig --- vfy --- --- --- --- --- --- SW (00001041) ec: F^p --- --- nam unc ---
CKM_EC_EDWARDS_KEY_PAIR_GEN --- --- --- --- --- --- --- --- gkp --- --- --- SW (00001055)
CKM_ECDSA_KEY_PAIR_GEN --- --- --- --- --- --- --- --- gkp --- --- --- SW (00001040) ec: F^p --- --- nam unc ---
CKM_EDDSA --- --- --- sig --- vfy --- --- --- --- --- --- SW (00001057)
p11keygen -k ed -q ed448 -i test-448
p11keygen -k ed -q ed25519 -i test-25519
view with p11tool (test-25519 shows as type 25519 for private and public, test-448 shows as type 448 for public and 25519 for private)
p11tool --provider /usr/local/lib/softhsm/libsofthsm2.so --list-all --login --set-pin=1111
Object 0:
URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=cecf60180772227b;token=CA_G1;id=%87%44%23%DB%DA%B9%94%0D%B6%48%40%91%D7%27%7E%D2%B0%C6%A1%0B;object=test-25519;type=public
Type: Public key (EdDSA (Ed25519))
Label: test-25519
ID: 87:44:23:db:da:b9:94:0d:b6:48:40:91:d7:27:7e:d2:b0:c6:a1:0b
Object 1:
URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=cecf60180772227b;token=CA_G1;id=%87%44%23%DB%DA%B9%94%0D%B6%48%40%91%D7%27%7E%D2%B0%C6%A1%0B;object=test-25519;type=private
Type: Private key (EdDSA (Ed25519))
Label: test-25519
Flags: CKA_PRIVATE; CKA_NEVER_EXTRACTABLE; CKA_SENSITIVE;
ID: 87:44:23:db:da:b9:94:0d:b6:48:40:91:d7:27:7e:d2:b0:c6:a1:0b
Object 2:
URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=cecf60180772227b;token=CA_G1;id=%24%25%9C%A2%E2%A6%4B%40%B5%B4%AC%E6%A7%2C%BC%BF%BF%D9%92%D2;object=test-448;type=public
Type: Public key (EdDSA (Ed448))
Label: test-448
ID: 24:25:9c:a2:e2:a6:4b:40:b5:b4:ac:e6:a7:2c:bc:bf:bf:d9:92:d2
Object 3:
URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=cecf60180772227b;token=CA_G1;id=%24%25%9C%A2%E2%A6%4B%40%B5%B4%AC%E6%A7%2C%BC%BF%BF%D9%92%D2;object=test-448;type=private
Type: Private key (EdDSA (Ed25519))
Label: test-448
Flags: CKA_PRIVATE; CKA_NEVER_EXTRACTABLE; CKA_SENSITIVE;
ID: 24:25:9c:a2:e2:a6:4b:40:b5:b4:ac:e6:a7:2c:bc:bf:bf:d9:92:d2
p11ls (shows correct for all, only command that seems to work)
pubk/test-25519 tok,pub,r/w,loc,ed(ED25519)
prvk/test-25519 tok,prv,r/w,loc,sen,ase,nxt,ed(ED25519)
pubk/test-448 tok,pub,r/w,loc,ed(ED448)
prvk/test-448 tok,prv,r/w,loc,sen,ase,nxt,ed(ED448)
p11more pubk (other commands such as p11cat, p11req, p11mkcert, etc produce this same result)
*** OpenSSL ERROR at pkcs11_more.c:458 'error:2606A074:engine routines:ENGINE_by_id:no such engine' - (from crypto/engine/eng_list.c:334)
*** OpenSSL ERROR at pkcs11_more.c:458 'error:2606A074:engine routines:ENGINE_by_id:no such engine' - (from crypto/engine/eng_list.c:334)
Expected behavior
to generate, view, and utilize eddsa the same as other
Screenshots
results as above
Operating System (please complete the following information):
tested on fedora 34
ubuntu 20.04
Thank you
"configure.ac:47: error: possibly undefined macro: AC_MSG_WARN" on CentOS 7.8
Describe the bug
...
autoreconf: running: /usr/bin/autoconf --force
configure.ac:47: error: possibly undefined macro: AC_MSG_WARN
If this token and others are legitimate, please use m4_pattern_allow.
See the Autoconf documentation.
autoreconf: /usr/bin/autoconf failed with exit status: 1
To Reproduce
Steps to reproduce the behavior:
- git clone https://github.com/Mastercard/pkcs11-tools.git
- cd pkcs11-tools
- ./bootstrap.sh
- See error
Expected behavior
./bootstrap.sh should exit cleanly
Operating System (please complete the following information):
- OS: CentOS Linux
- Version 7.8.2003 (Core)
wrapped keys should have `CKA_EXRTACTABLE` set to `false` by default
When wrapping a key using p11wrap, the attribute CKA_EXTRACTABLE is set to true, since that key must have this attribute set to be wrapped. There is however no reason to maintain this attribute to true; moreover, this creates a potential security issue since, without modifying the unwrap template manually, the recovered key will also feature this attribute, making it vulnerable to extraction.
It is recommended to set this attribute to false, irrespective of its value fetched from the wrapped key.
rpmbuild: fails because of missing pkcs11_ossl.h in the tar.gz and INSTALL.md has a typo
After running ./configure and make dist, rpmbuild fails:
CC libp11_la-pkcs11_ossl_fake_sign.lo
pkcs11_ossl_rsa_meth.c:28:10: fatal error: pkcs11_ossl.h: No such file or directory
28 | #include "pkcs11_ossl.h"
| ^~~~~~~~~~~~~~~
compilation terminated.
make[2]: *** [Makefile:1724: libp11_la-pkcs11_ossl_rsa_meth.lo] Error 1
make[2]: *** Waiting for unfinished jobs....
pkcs11_ossl_dsa_meth.c:28:10: fatal error: pkcs11_ossl.h: No such file or directory
28 | #include "pkcs11_ossl.h"
| ^~~~~~~~~~~~~~~
compilation terminated.
pkcs11_ossl_ecdsa_meth.c:29:10: fatal error: pkcs11_ossl.h: No such file or directory
29 | #include "pkcs11_ossl.h"
| ^~~~~~~~~~~~~~~
Once I added the missing file into the .tar.gz file generated by make dist and ran rpmbuild again, it succeeded and the resulting RPM installs with DNF. This is on Fedora 32.
There's also a typo in INSTALL.md:
$ cp pkcs11-tools-[VERSION].tar.gz $HOME/rpmbuild/SRPMS
should be
$ cp pkcs11-tools-[VERSION].tar.gz $HOME/rpmbuild/SOURCES
p11keygen ignores some of unknown argument
Describe the bug
p11keygen simply ignores unknown argument if argument starts with unicode characters
To Reproduce
Steps to reproduce the behavior:
- run
p11keygen -i test_key -k rsa WRAP £UNWRAP, success to generate key - run
p11ls prvk/test_keyoutputsprvk/test_key tok,prv,r/w,loc,sen,ase,nxt,rsa(2048). Nounwattribute found
Expected behavior
run p11keygen -i test_key -k rsa WRAP £UNWRAP should fail with error message
Operating System (please complete the following information):
- OS: Oracle Linux 7
- Kernel Version: 3.10.0 x86_64
Issue when autoreconf -vfi is run from bootstrap.sh
Hi,
I am having the following error when autoreconf -vfi if run from bootstrap.sh:
configure.ac:51: error: possibly undefined macro: AC_MSG_WARN
When I run the generated configure script, I am getting
./configure: line 6198: syntax error near unexpected token ,AC_MSG_WARN' ./configure: line 6198: AX_PROG_FLEX(,AC_MSG_WARN([GNU flex is required to regenerate lexer. Generated source code is provided, so it should be OK, until you change the lexer source file. Hint: use LEX variable to point to flex on your system.]))'
Would it be possible to put the configure file in the repository?
Thanks a lot, best regards.
AES support
in the README.md it said it support AES operations but I could'nt find the implementation anywhere in the code !
p11mkcert Make failed
I am getting the following errors when attempting to run make on the latest pkcs11-tools:
Making all in src
make[1]: Entering directory '/home/lm19/pkcs11-tools/src'
CC libcommon_la-version.lo
CCLD libcommon.la
ar: u' modifier ignored since D' is the default (see U') CC p11mkcert.o CCLD p11mkcert ../lib/.libs/libp11.a(libp11_la-pkcs11_ossl_eddsa_meth.o): In function eddsa_method_setup':
/home/lm19/pkcs11-tools/lib/pkcs11_ossl_eddsa_meth.c:177: undefined reference to EVP_PKEY_meth_get_digestsign' /home/lm19/pkcs11-tools/lib/pkcs11_ossl_eddsa_meth.c:178: undefined reference to EVP_PKEY_meth_set_digestsign'
collect2: error: ld returned 1 exit status
Makefile:1388: recipe for target 'p11mkcert' failed
make[1]: *** [p11mkcert] Error 1
make[1]: Leaving directory '/home/lm19/pkcs11-tools/src'
Makefile:1199: recipe for target 'all-recursive' failed
make: *** [all-recursive] Error 1
README.md Typos
I found a couple of typos in README.md. I wanted to make sure I followed the contributing guide as much as possible for this. Since this is such a small change, I am not sure if anything else needs to be included in this.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.