The engine API in OpenSSL 3.0 is deprecated so we are in the progress of working
on a PKCS#11 provider for OpenSSL. This commit introduces a conditional build
with the pkcs11-provider support (instead of engines) with all the changes
required for the provider to work with existing code and tests.
The CI modification is only temporary before we will have the real package in
Fedora or somewhere to use.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
This avoids a lot of long and hard to read constants by replacing them with
dynamic snprintf()s and a bit or reformatting
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
The tests are compiled without -D_GNU_SOURCE, therefore
the XSI version of strerror_r is used. Defining
_GNU_SOURCE in torture.h then including *.c gives error
because it is assuming GNU version of strerror_r in
the source file.
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
ssh_pki_export_pubkey_blob() is incorrectly used to export ecdsa pubkeys from privkeys
when pubkeys are not imported into pkcs #11 tokens.
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
determines if public keys must be loaded in pkcs #11 tokens or not.
tests: Adds the load_public parameter in all files where torture_setup_tokens() was used.
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
