4002N/A#
4002N/A# This patch file adds the Solaris's pkcs11 engine.
4002N/A# This is Solaris-specific (developed in house): not suitable for upstream.
4002N/A#
363N/A--- /tmp/Configure Fri Feb 11 14:40:39 2011
363N/A+++ openssl-1.0.0d/Configure Fri Feb 11 14:41:36 2011
363N/A@@ -10,7 +10,7 @@
363N/A
363N/A # see INSTALL for instructions.
363N/A
1426N/A-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
1426N/A+my $usage="Usage: Configure --pk11-libname=PK11_LIB_LOCATION [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
363N/A
363N/A # Options:
363N/A #
363N/A@@ -19,6 +19,9 @@
363N/A # --prefix prefix for the OpenSSL include, lib and bin directories
363N/A # (Default: the OPENSSLDIR directory)
363N/A #
363N/A+# --pk11-libname PKCS#11 library name.
363N/A+# (Default: none)
363N/A+#
363N/A # --install_prefix Additional prefix for package builders (empty by
363N/A # default). This needn't be set in advance, you can
363N/A # just as well use "make INSTALL_PREFIX=/whatever install".
4820N/A@@ -716,6 +719,9 @@
363N/A my $idx_arflags = $idx++;
363N/A my $idx_multilib = $idx++;
363N/A
363N/A+# PKCS#11 engine patch
363N/A+my $pk11_libname="";
363N/A+
363N/A my $prefix="";
363N/A my $libdir="";
363N/A my $openssldir="";
4820N/A@@ -938,6 +944,10 @@
4820N/A {
4820N/A $prefix=$1;
4820N/A }
1426N/A+ elsif (/^--pk11-libname=(.*)$/)
1426N/A+ {
1426N/A+ $pk11_libname=$1;
1426N/A+ }
4820N/A elsif (/^--libdir=(.*)$/)
4820N/A {
4820N/A $libdir=$1;
4820N/A@@ -1105,6 +11115,13 @@
363N/A exit 0;
363N/A }
363N/A
363N/A+if (! $pk11_libname)
363N/A+ {
363N/A+ print STDERR "You must set --pk11-libname for PKCS#11 library.\n";
363N/A+ print STDERR "See README.pkcs11 for more information.\n";
363N/A+ exit 1;
363N/A+ }
363N/A+
363N/A if ($target =~ m/^CygWin32(-.*)$/) {
363N/A $target = "Cygwin".$1;
363N/A }
4820N/A@@ -1279,6 +1296,8 @@
363N/A if ($flags ne "") { $cflags="$flags$cflags"; }
363N/A else { $no_user_cflags=1; }
363N/A
363N/A+$cflags="-DPK11_LIB_LOCATION=\"$pk11_libname\" $cflags";
363N/A+
363N/A # Kerberos settings. The flavor must be provided from outside, either through
363N/A # the script "config" or manually.
363N/A if (!$no_krb5)
4820N/A@@ -1687,6 +1706,7 @@
363N/A s/^VERSION=.*/VERSION=$version/;
363N/A s/^MAJOR=.*/MAJOR=$major/;
363N/A s/^MINOR=.*/MINOR=$minor/;
363N/A+ s/^PK11_LIB_LOCATION=.*/PK11_LIB_LOCATION=$pk11_libname/;
363N/A s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/;
363N/A s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/;
363N/A s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/;
363N/A--- /tmp/Makefile.org Fri Feb 11 14:41:54 2011
363N/A+++ openssl-1.0.0d/Makefile.org Fri Feb 11 14:38:01 2011
363N/A@@ -26,6 +26,9 @@
363N/A INSTALL_PREFIX=
363N/A INSTALLTOP=/usr/local/ssl
363N/A
363N/A+# You must set this through --pk11-libname configure option.
363N/A+PK11_LIB_LOCATION=
363N/A+
363N/A # Do not edit this manually. Use Configure --openssldir=DIR do change this!
363N/A OPENSSLDIR=/usr/local/ssl
363N/A
2041N/A--- /tmp/Makefile Mon Feb 14 14:59:22 2011
2041N/A+++ openssl-1.0.0d/engines/Makefile Mon Feb 14 15:00:35 2011
2041N/A@@ -26,7 +26,8 @@
2041N/A APPS=
2041N/A
2041N/A LIB=$(TOP)/libcrypto.a
2041N/A-LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec padlock capi
2041N/A+LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec padlock capi \
2041N/A+ pk11
2041N/A
2041N/A LIBSRC= e_4758cca.c \
2041N/A e_aep.c \
2041N/A@@ -38,7 +39,8 @@
2041N/A e_sureware.c \
2041N/A e_ubsec.c \
2041N/A e_padlock.c \
2041N/A- e_capi.c
2041N/A+ e_capi.c \
2041N/A+ e_pk11.c
2041N/A LIBOBJ= e_4758cca.o \
2041N/A e_aep.o \
2041N/A e_atalla.o \
2041N/A@@ -49,7 +51,8 @@
2041N/A e_sureware.o \
2041N/A e_ubsec.o \
2041N/A e_padlock.o \
2041N/A- e_capi.o
2041N/A+ e_capi.o \
2041N/A+ e_pk11.o
2041N/A
2041N/A SRC= $(LIBSRC)
2041N/A
2041N/A@@ -63,7 +66,8 @@
2041N/A e_nuron_err.c e_nuron_err.h \
2041N/A e_sureware_err.c e_sureware_err.h \
2041N/A e_ubsec_err.c e_ubsec_err.h \
2041N/A- e_capi_err.c e_capi_err.h
2041N/A+ e_capi_err.c e_capi_err.h \
2041N/A+ e_pk11.h e_pk11_uri.h e_pk11_err.h e_pk11_pub.c e_pk11_uri.c e_pk11_err.c
2041N/A
2041N/A ALL= $(GENERAL) $(SRC) $(HEADER)
2041N/A
2041N/A@@ -78,7 +82,7 @@
2041N/A for l in $(LIBNAMES); do \
2041N/A $(MAKE) -f ../Makefile.shared -e \
2041N/A LIBNAME=$$l LIBEXTRAS=e_$$l.o \
2041N/A- LIBDEPS='-L.. -lcrypto $(EX_LIBS)' \
2041N/A+ LIBDEPS='-L.. -lcrypto -lcryptoutil $(EX_LIBS)' \
2041N/A link_o.$(SHLIB_TARGET); \
2041N/A done; \
2041N/A else \
2041N/A--- crypto/engine/eng_all.c Thu Sep 5 12:59:50 2013
2041N/A+++ openssl-1.0.1e/crypto/engine/eng_all.c Thu Sep 5 12:59:50 2013
4002N/A@@ -60,6 +60,16 @@
2041N/A #include "cryptlib.h"
2041N/A #include "eng_int.h"
1426N/A
2041N/A+/*
2041N/A+ * pkcs11 engine no longer is a built-in engine, and ENGINE_load_pk11() needs to be
2041N/A+ * defined in libcrypto.so for ssh. Instead of load pkcs11 engine, it load dynamic
2041N/A+ * engines.
2041N/A+ */
2041N/A+void ENGINE_load_pk11(void)
2041N/A+ {
2041N/A+ ENGINE_load_dynamic();
2041N/A+ }
2041N/A+
2041N/A void ENGINE_load_builtin_engines(void)
4002N/A {
4002N/A /* Some ENGINEs need this */
2041N/A--- crypto/dso/dso_lib.c Thu Sep 5 12:59:50 2013
2041N/A+++ openssl-1.0.1e/crypto/dso/dso_lib.c Thu Sep 5 12:59:50 2013
4002N/A@@ -396,6 +396,24 @@
4002N/A DSOerr(DSO_F_DSO_CONVERT_FILENAME, DSO_R_NO_FILENAME);
4002N/A return (NULL);
4002N/A }
4002N/A+ /*
4002N/A+ * For pkcs11 engine, use libpk11.so (instead of libpkcs11.so) to
4002N/A+ * avoid the name collision with PKCS#11 library.
4002N/A+ */
4002N/A+ if (strcmp(filename, "pkcs11") == 0) {
4002N/A+#ifdef _LP64
4002N/A+ char *fullpath = "/lib/openssl/engines/64/libpk11.so";
2041N/A+#else
4002N/A+ char *fullpath = "/lib/openssl/engines/libpk11.so";
363N/A+#endif
4002N/A+ result = OPENSSL_malloc(strlen(fullpath) + 1);
4002N/A+ if(result == NULL) {
4002N/A+ DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_MALLOC_FAILURE);
4002N/A+ return(NULL);
4002N/A+ }
4002N/A+ BUF_strlcpy(result, fullpath, strlen(fullpath) + 1);
4002N/A+ return (result);
4002N/A+ }
4002N/A if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) {
4002N/A if (dso->name_converter != NULL)
4002N/A result = dso->name_converter(dso, filename);
2041N/A--- /tmp/engine.h Fri Feb 11 14:46:24 2011
2041N/A+++ openssl-1.0.0d/crypto/engine/engine.h Fri Feb 11 14:47:32 2011
4002N/A@@ -413,6 +413,7 @@
4002N/A # endif
4002N/A # endif
363N/A void ENGINE_load_cryptodev(void);
363N/A+void ENGINE_load_pk11(void);
1426N/A void ENGINE_load_rdrand(void);
363N/A void ENGINE_load_builtin_engines(void);
4820N/A