[winpr,ncrypt] bundle pkcs11.h and drop pkcs11-helper dependency

The ncrypt implementation currently relies on the pkcs11-helper library.
That is not available on RHEL for example. Let's bundle the standardized
header file from https://github.com/latchset/pkcs11-headers to avoid the
need for extra dependency.

Related: https://github.com/FreeRDP/FreeRDP/discussions/9982

.github/workflows/abi-checker.yml

@@ -67,7 +67,6 @@ jobs:
             docbook-xsl \
             libkrb5-dev \
             libcjson-dev \
-            libpkcs11-helper1-dev \
             libsdl2-ttf-dev \
             libwebkit2gtk-4.0-dev \
             libopus-dev \

.github/workflows/alt-architectures.yml

@@ -75,7 +75,6 @@ jobs:
               docbook-xsl \
               libkrb5-dev \
               libcjson-dev \
-              libpkcs11-helper1-dev \
               libsdl2-ttf-dev \
               libwebkit2gtk-4.0-dev \
               libopus-dev \

.github/workflows/clang-tidy.yml

@@ -20,7 +20,7 @@ jobs:
       with:
         clang_tidy_checks: ''
         # List of packages to install
-        apt_packages: libkrb5-dev,libxkbcommon-dev,libxkbfile-dev,libx11-dev,libwayland-dev,libxrandr-dev,libxi-dev,libxrender-dev,libxext-dev,libxinerama-dev,libxfixes-dev,libxcursor-dev,libxv-dev,libxdamage-dev,libxtst-dev,libcups2-dev,libcairo2-dev,libpcsclite-dev,libasound2-dev,libswscale-dev,libpulse-dev,libavcodec-dev,libavutil-dev,libfuse3-dev,libswresample-dev,libusb-1.0-0-dev,libudev-dev,libdbus-glib-1-dev,libpam0g-dev,uuid-dev,libxml2-dev,libcjson-dev,libsdl2-2.0-0,libsdl2-dev,libsdl2-ttf-dev,libsdl2-image-dev,libsystemd-dev,libpkcs11-helper1-dev,libwebkit2gtk-4.0-dev,liburiparser-dev,libopus-dev,opensc-pkcs11,libwebp-dev,libjpeg-dev,libpng-dev,xsltproc,docbook-xsl,libgsm1-dev,libfaac-dev,libfaad-dev,libsoxr-dev,opencl-c-headers,opencl-headers,ocl-icd-opencl-dev
+        apt_packages: libkrb5-dev,libxkbcommon-dev,libxkbfile-dev,libx11-dev,libwayland-dev,libxrandr-dev,libxi-dev,libxrender-dev,libxext-dev,libxinerama-dev,libxfixes-dev,libxcursor-dev,libxv-dev,libxdamage-dev,libxtst-dev,libcups2-dev,libcairo2-dev,libpcsclite-dev,libasound2-dev,libswscale-dev,libpulse-dev,libavcodec-dev,libavutil-dev,libfuse3-dev,libswresample-dev,libusb-1.0-0-dev,libudev-dev,libdbus-glib-1-dev,libpam0g-dev,uuid-dev,libxml2-dev,libcjson-dev,libsdl2-2.0-0,libsdl2-dev,libsdl2-ttf-dev,libsdl2-image-dev,libsystemd-dev,libwebkit2gtk-4.0-dev,liburiparser-dev,libopus-dev,libwebp-dev,libjpeg-dev,libpng-dev,xsltproc,docbook-xsl,libgsm1-dev,libfaac-dev,libfaad-dev,libsoxr-dev,opencl-c-headers,opencl-headers,ocl-icd-opencl-dev
 
         # CMake command to run in order to generate compile_commands.json
         build_dir: tidy

.github/workflows/codeql-analysis.yml

@@ -117,7 +117,6 @@ jobs:
           docbook-xsl \
           libkrb5-dev \
           libcjson-dev \
-          libpkcs11-helper1-dev \
           libsdl2-ttf-dev \
           libsdl2-image-dev \
           libwebkit2gtk-4.0-dev \

.github/workflows/coverity.yml

@@ -56,7 +56,6 @@ jobs:
          docbook-xsl \
          libkrb5-dev \
          libcjson-dev \
-         libpkcs11-helper1-dev \
          libsdl2-ttf-dev \
          libsdl2-image-dev \
          libwebkit2gtk-4.0-dev \

cmake/FindPkcs11.cmake

@@ -1,29 +0,0 @@
-# - Try to find Pkcs11-helper
-# Using Pkg-config if available for path
-#
-#  PKCS11_FOUND        - all required ffmpeg components found on system
-#  PKCS11_INCLUDE_DIRS  - combined include directories
-#  PKCS11_LIBRARIES    - combined libraries to link
-
-find_package(PkgConfig)
-
-if (PKG_CONFIG_FOUND)
-	pkg_check_modules(PKCS11 libpkcs11-helper-1)
-endif()
-
-find_path(PKCS11_INCLUDE_DIR pkcs11-helper-1.0/pkcs11.h PATHS ${PKCS11_INCLUDE_DIRS})
-find_library(PKCS11_LIBRARY pkcs11-helper PATHS ${PKCS11_LIBRARY_DIRS})
-
-if (PKCS11_INCLUDE_DIR AND PKCS11_LIBRARY)
-	set(PKCS11_FOUND TRUE)
-endif()
-
-set(Pkcs11_FOUND ${PKCS11_FOUND})
-set(Pkcs11_INCLUDE_DIR ${PKCS11_INCLUDE_DIR})
-set(Pkcs11_INCLUDE_DIRS ${PKCS11_INCLUDE_DIR})
-set(Pkcs11_LIBRARY ${PKCS11_LIBRARY})
-
-include(FindPackageHandleStandardArgs)
-FIND_PACKAGE_HANDLE_STANDARD_ARGS(Pkcs11 DEFAULT_MSG Pkcs11_FOUND)
-
-

packaging/deb/freerdp-nightly/control

@@ -50,7 +50,6 @@ Build-Depends:
  libsdl2-ttf-dev,
  libsdl2-image-dev,
  libsystemd-dev,
- libpkcs11-helper1-dev,
  libwebkit2gtk-4.0-dev,
  liburiparser-dev,
  libopus-dev,

packaging/flatpak/com.freerdp.FreeRDP.json

@@ -53,7 +53,6 @@
 		"modules/cJSON.json",
 		"modules/xprop.json",
 		"modules/pcsc.json",
-		"modules/pkcs11-helper.json",
 		"modules/krb5.json",
 		"modules/opensc.json",
 		{

packaging/flatpak/modules/pkcs11-helper.json

@@ -1,21 +0,0 @@
-{
-	"name": "pkcs11-helper",
-	"buildsystem": "autotools",
-	"cleanup": [],
-	"config-opts": [],
-	"sources": [
-		{
-			"type": "git",
-			"url": "https://github.com/OpenSC/pkcs11-helper.git",
-			"tag": "pkcs11-helper-1.30.0",
-			"commit": "8bed16034f629a0361fa8ff89deed2b43dc45d8b"
-		},
-		{
-			"type": "script",
-			"dest-filename": "autogen.sh",
-			"commands": [
-				"autoreconf -vfi"
-			]
-		}
-	]
-}

packaging/rpm/freerdp-nightly.spec

@@ -49,7 +49,6 @@ BuildRequires: uriparser-devel
 BuildRequires: libpng-devel
 BuildRequires: libwebp-devel
 BuildRequires: fuse3-devel
-BuildRequires: pkcs11-helper-devel
 BuildRequires: pam-devel
 BuildRequires: libicu-devel
 

winpr/CMakeLists.txt

@@ -313,7 +313,6 @@ else()
 endif()
 option(WITH_PKCS11 "encryption, certificate validation, hashing functions" ${PKCS11_DEFAULT})
 if (WITH_PKCS11)
-	find_package(Pkcs11 REQUIRED)
 	add_definitions("-DWITH_PKCS11")
 endif()
 

winpr/libwinpr/ncrypt/CMakeLists.txt

@@ -15,31 +15,10 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-if (PKCS11_FOUND)
-	winpr_include_directory_add(${PKCS11_INCLUDE_DIR})
-
-	option(WITH_OPENSC_PKCS11_LINKED "Directly link opensc-pkcs11" OFF)
-	if (WITH_OPENSC_PKCS11_LINKED)
-
-		# opensc-pkcs11 is installed without any library prefix.
-		# Disable this when checking for this library.
-		set(backup ${CMAKE_FIND_LIBRARY_PREFIXES})
-		set(CMAKE_FIND_LIBRARY_PREFIXES "")
-		find_library(OPENSC_PKCS11
-			NAMES opensc-pkcs11
-			PATH_SUFFIXES pkcs11
-			REQUIRED)
-		set(CMAKE_FIND_LIBRARY_PREFIXES ${backup})
-
-		winpr_definition_add(-DWITH_OPENSC_PKCS11_LINKED)
-		winpr_library_add_private(${OPENSC_PKCS11})
-		winpr_library_add_private(${PKCS11_LIBRARY})
-	endif()
-endif()
-
-if (PKCS11_FOUND)
+if (WITH_PKCS11)
 	winpr_module_add(
 		ncrypt_pkcs11.c
+		pkcs11-headers/pkcs11.h
 		)
 endif()
 

winpr/libwinpr/ncrypt/ncrypt_pkcs11.c

@@ -18,7 +18,6 @@
  */
 
 #include <stdlib.h>
-#include <pkcs11-helper-1.0/pkcs11.h>
 
 #include <winpr/library.h>
 #include <winpr/assert.h>
@@ -29,6 +28,9 @@
 #include "../log.h"
 #include "ncrypt.h"
 
+/* https://github.com/latchset/pkcs11-headers/blob/main/public-domain/3.1/pkcs11.h */
+#include "pkcs11-headers/pkcs11.h"
+
 #define TAG WINPR_TAG("ncryptp11")
 
 #define MAX_SLOTS 64
@@ -1232,11 +1234,6 @@ SECURITY_STATUS NCryptOpenP11StorageProviderEx(NCRYPT_PROV_HANDLE* phProvider,
 	if (!phProvider)
 		return ERROR_INVALID_PARAMETER;
 
-#if defined(WITH_OPENSC_PKCS11_LINKED)
-	if (!modulePaths)
-		return initialize_pkcs11(NULL, C_GetFunctionList, phProvider);
-#endif
-
 	if (!modulePaths)
 		modulePaths = openscPaths;
 

winpr/libwinpr/ncrypt/pkcs11-headers/.clang-format

@@ -0,0 +1 @@
+DisableFormat: true