diff -ruN openssl-0.9.8k/Configure openssl-0.9.8k/Configure

--- openssl-0.9.8k/Configure	2009-02-16 09:44:22.000000000 +0100

+++ openssl-0.9.8k/Configure	2009-05-15 11:01:47.963748957 +0200

@@ -12,7 +12,7 @@

 # see INSTALL for instructions.

-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [enable-montasm] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";

+my $usage="Usage: Configure --pk11-libname=PK11_LIB_LOCATION [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [enable-montasm] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";

 # Options:

 #

@@ -21,6 +21,9 @@

 # --prefix      prefix for the OpenSSL include, lib and bin directories

 #               (Default: the OPENSSLDIR directory)

 #

+# --pk11-libname  PKCS#11 library name.

+#               (Default: none)

+#

 # --install_prefix  Additional prefix for package builders (empty by

 #               default).  This needn't be set in advance, you can

 #               just as well use "make INSTALL_PREFIX=/whatever install".

@@ -580,6 +583,9 @@

 my $idx_ranlib = $idx++;

 my $idx_arflags = $idx++;

+# PKCS#11 engine patch

+my $pk11_libname="";

+

 my $prefix="";

 my $openssldir="";

 my $exe_ext="";

@@ -812,6 +818,10 @@

 				{

 				$flags.=$_." ";

 				}

+                        elsif (/^--pk11-libname=(.*)$/)

+                                {

+                                $pk11_libname=$1;

+                                }

 			elsif (/^--prefix=(.*)$/)

 				{

 				$prefix=$1;

@@ -943,6 +953,13 @@

 	exit 0;

 }

+if (! $pk11_libname)

+        {

+        print STDERR "You must set --pk11-libname for PKCS#11 library.\n";

+        print STDERR "See README.pkcs11 for more information.\n";

+        exit 1;

+        }

+

 if ($target =~ m/^CygWin32(-.*)$/) {

 	$target = "Cygwin".$1;

 }

@@ -1103,6 +1120,8 @@

 if ($flags ne "")	{ $cflags="$flags$cflags"; }

 else			{ $no_user_cflags=1;       }

+$cflags="-DPK11_LIB_LOCATION=\"$pk11_libname\" $cflags";

+

 # Kerberos settings.  The flavor must be provided from outside, either through

 # the script "config" or manually.

 if (!$no_krb5)

@@ -1456,6 +1475,7 @@

 	s/^VERSION=.*/VERSION=$version/;

 	s/^MAJOR=.*/MAJOR=$major/;

 	s/^MINOR=.*/MINOR=$minor/;

+	s/^PK11_LIB_LOCATION=.*/PK11_LIB_LOCATION=$pk11_libname/;

 	s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/;

 	s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/;

 	s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/;

diff -ruN openssl-0.9.8k/Makefile.org openssl-0.9.8k/Makefile.org

--- openssl-0.9.8k/Makefile.org	2009-03-03 23:40:29.000000000 +0100

+++ openssl-0.9.8k/Makefile.org	2009-05-15 10:59:32.374211464 +0200

@@ -26,6 +26,9 @@

 INSTALL_PREFIX=

 INSTALLTOP=/usr/local/ssl

+# You must set this through --pk11-libname configure option.

+PK11_LIB_LOCATION=

+

 # Do not edit this manually. Use Configure --openssldir=DIR do change this!

 OPENSSLDIR=/usr/local/ssl

diff -ruN openssl-0.9.8k/crypto/engine/Makefile openssl-0.9.8k/crypto/engine/Makefile

--- openssl-0.9.8k/crypto/engine/Makefile	2008-09-17 19:10:59.000000000 +0200

+++ openssl-0.9.8k/crypto/engine/Makefile	2009-05-15 11:03:29.130900045 +0200

@@ -21,12 +21,14 @@

 	eng_table.c eng_pkey.c eng_fat.c eng_all.c \

 	tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \

 	tb_cipher.c tb_digest.c \

-	eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c eng_padlock.c

+	eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c eng_padlock.c \

+	hw_pk11.c hw_pk11_pub.c hw_pk11_uri.c

 LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \

 	eng_table.o eng_pkey.o eng_fat.o eng_all.o \

 	tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \

 	tb_cipher.o tb_digest.o \

-	eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o eng_padlock.o

+	eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o eng_padlock.o \

+	hw_pk11.o hw_pk11_pub.o hw_pk11_uri.o

 SRC= $(LIBSRC)

@@ -286,6 +288,62 @@

 eng_table.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h

 eng_table.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h

 eng_table.o: eng_table.c

+hw_pk11.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h

+hw_pk11.o: ../../include/openssl/engine.h ../../include/openssl/ossl_typ.h

+hw_pk11.o: ../../include/openssl/bn.h ../../include/openssl/rsa.h

+hw_pk11.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

+hw_pk11.o: ../../include/openssl/crypto.h ../../include/openssl/stack.h

+hw_pk11.o: ../../include/openssl/safestack.h ../../include/openssl/opensslv.h

+hw_pk11.o: ../../include/openssl/symhacks.h ../../include/openssl/dsa.h

+hw_pk11.o: ../../include/openssl/dh.h ../../include/openssl/rand.h

+hw_pk11.o: ../../include/openssl/ui.h ../../include/openssl/err.h

+hw_pk11.o: ../../include/openssl/lhash.h ../../include/openssl/dso.h

+hw_pk11.o: ../../include/openssl/pem.h ../../include/openssl/evp.h

+hw_pk11.o: ../../include/openssl/md2.h ../../include/openssl/md4.h

+hw_pk11.o: ../../include/openssl/md5.h ../../include/openssl/sha.h

+hw_pk11.o: ../../include/openssl/ripemd.h ../../include/openssl/des.h

+hw_pk11.o: ../../include/openssl/des_old.h ../../include/openssl/ui_compat.h

+hw_pk11.o: ../../include/openssl/rc4.h ../../include/openssl/rc2.h

+hw_pk11.o: ../../crypto/rc5/rc5.h ../../include/openssl/blowfish.h

+hw_pk11.o: ../../include/openssl/cast.h ../../include/openssl/idea.h

+hw_pk11.o: ../../crypto/mdc2/mdc2.h ../../include/openssl/aes.h

+hw_pk11.o: ../../include/openssl/objects.h ../../include/openssl/obj_mac.h

+hw_pk11.o: ../../include/openssl/x509.h ../../include/openssl/buffer.h

+hw_pk11.o: ../../include/openssl/x509_vfy.h ../../include/openssl/pkcs7.h

+hw_pk11.o: ../../include/openssl/pem2.h ../cryptlib.h hw_pk11_uri.h

+hw_pk11.o: ../../e_os.h hw_pk11_err.c hw_pk11_err.h hw_pk11.c hw_pk11.h

+hw_pk11_pub.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h

+hw_pk11_pub.o: ../../include/openssl/engine.h ../../include/openssl/ossl_typ.h

+hw_pk11_pub.o: ../../include/openssl/bn.h ../../include/openssl/rsa.h

+hw_pk11_pub.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

+hw_pk11_pub.o: ../../include/openssl/crypto.h ../../include/openssl/stack.h

+hw_pk11_pub.o: ../../include/openssl/safestack.h ../../include/openssl/opensslv.h

+hw_pk11_pub.o: ../../include/openssl/symhacks.h ../../include/openssl/dsa.h

+hw_pk11_pub.o: ../../include/openssl/dh.h ../../include/openssl/rand.h

+hw_pk11_pub.o: ../../include/openssl/ui.h ../../include/openssl/err.h

+hw_pk11_pub.o: ../../include/openssl/lhash.h ../../include/openssl/dso.h

+hw_pk11_pub.o: ../../include/openssl/pem.h ../../include/openssl/evp.h

+hw_pk11_pub.o: ../../include/openssl/md2.h ../../include/openssl/md4.h

+hw_pk11_pub.o: ../../include/openssl/md5.h ../../include/openssl/sha.h

+hw_pk11_pub.o: ../../include/openssl/ripemd.h ../../include/openssl/des.h

+hw_pk11_pub.o: ../../include/openssl/des_old.h ../../include/openssl/ui_compat.h

+hw_pk11_pub.o: ../../include/openssl/rc4.h ../../include/openssl/rc2.h

+hw_pk11_pub.o: ../../crypto/rc5/rc5.h ../../include/openssl/blowfish.h

+hw_pk11_pub.o: ../../include/openssl/cast.h ../../include/openssl/idea.h

+hw_pk11_pub.o: ../../crypto/mdc2/mdc2.h ../../include/openssl/aes.h

+hw_pk11_pub.o: ../../include/openssl/objects.h ../../include/openssl/obj_mac.h

+hw_pk11_pub.o: ../../include/openssl/x509.h ../../include/openssl/buffer.h

+hw_pk11_pub.o: ../../include/openssl/x509_vfy.h ../../include/openssl/pkcs7.h

+hw_pk11_pub.o: ../../include/openssl/pem2.h ../cryptlib.h hw_pk11.h hw_pk11_uri.h

+hw_pk11_pub.o: ../../e_os.h hw_pk11_pub.c hw_pk11.h hw_pk11_err.h

+hw_pk11_pub.o: hw_pk11_uri.h

+hw_pk11_uri.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

+hw_pk11_uri.o: ../../include/openssl/opensslconf.h ../../include/openssl/stack.h

+hw_pk11_uri.o: ../../include/openssl/safestack.h ../../include/openssl/opensslv.h

+hw_pk11_uri.o: ../../include/openssl/ossl_typ.h ../../include/openssl/symhacks.h

+hw_pk11_uri.o: ../../include/security/cryptoki.h ../../include/security/pkcs11.h

+hw_pk11_uri.o: ../../include/security/pkcs11t.h ../../include/security/pkcs11f.h

+hw_pk11_uri.o: hw_pk11.h hw_pk11_err.h hw_pk11_uri.h hw_pk11_uri.c

 tb_cipher.o: ../../e_os.h ../../include/openssl/asn1.h

 tb_cipher.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h

 tb_cipher.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

diff -ruN openssl-0.9.8k/crypto/engine/cryptoki.h openssl-0.9.8k/crypto/engine/cryptoki.h

--- openssl-0.9.8k/crypto/engine/cryptoki.h	1970-01-01 01:00:00.000000000 +0100

+++ openssl-0.9.8k/crypto/engine/cryptoki.h	2009-05-15 10:59:32.375765469 +0200

@@ -0,0 +1,103 @@

+/*

+ * CDDL HEADER START

+ *

+ * The contents of this file are subject to the terms of the

+ * Common Development and Distribution License, Version 1.0 only

+ * (the "License").  You may not use this file except in compliance

+ * with the License.

+ *

+ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE

+ * or http://www.opensolaris.org/os/licensing.

+ * See the License for the specific language governing permissions

+ * and limitations under the License.

+ *

+ * When distributing Covered Code, include this CDDL HEADER in each

+ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.

+ * If applicable, add the following below this CDDL HEADER, with the

+ * fields enclosed by brackets "[]" replaced with your own identifying

+ * information: Portions Copyright [yyyy] [name of copyright owner]

+ *

+ * CDDL HEADER END

+ */

+/*

+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.

+ * Use is subject to license terms.

+ */

+

+#ifndef	_CRYPTOKI_H

+#define	_CRYPTOKI_H

+

+#pragma ident	"@(#)cryptoki.h	1.2	05/06/08 SMI"

+

+#ifdef	__cplusplus

+extern "C" {

+#endif

+

+#ifndef	CK_PTR

+#define	CK_PTR *

+#endif

+

+#ifndef CK_DEFINE_FUNCTION

+#define	CK_DEFINE_FUNCTION(returnType, name) returnType name

+#endif

+

+#ifndef CK_DECLARE_FUNCTION

+#define	CK_DECLARE_FUNCTION(returnType, name) returnType name

+#endif

+

+#ifndef CK_DECLARE_FUNCTION_POINTER

+#define	CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType (* name)

+#endif

+

+#ifndef CK_CALLBACK_FUNCTION

+#define	CK_CALLBACK_FUNCTION(returnType, name) returnType (* name)

+#endif

+

+#ifndef NULL_PTR

+#include <unistd.h>	/* For NULL */

+#define	NULL_PTR NULL

+#endif

+

+/*

+ * pkcs11t.h defines TRUE and FALSE in a way that upsets lint

+ */

+#ifndef	CK_DISABLE_TRUE_FALSE

+#define	CK_DISABLE_TRUE_FALSE

+#ifndef	TRUE

+#define	TRUE	1

+#endif /* TRUE */

+#ifndef	FALSE

+#define	FALSE	0

+#endif /* FALSE */

+#endif /* CK_DISABLE_TRUE_FALSE */

+

+#undef CK_PKCS11_FUNCTION_INFO

+

+#include "pkcs11.h"

+

+/* Solaris specific functions */

+

+#include <stdlib.h>

+

+/*

+ * SUNW_C_GetMechSession will initialize the framework and do all

+ * the necessary PKCS#11 calls to create a session capable of

+ * providing operations on the requested mechanism

+ */

+CK_RV SUNW_C_GetMechSession(CK_MECHANISM_TYPE mech,

+    CK_SESSION_HANDLE_PTR hSession);

+

+/*

+ * SUNW_C_KeyToObject will create a secret key object for the given

+ * mechanism from the rawkey data.

+ */

+CK_RV SUNW_C_KeyToObject(CK_SESSION_HANDLE hSession,

+    CK_MECHANISM_TYPE mech, const void *rawkey, size_t rawkey_len,

+    CK_OBJECT_HANDLE_PTR obj);

+

+

+#ifdef	__cplusplus

+}

+#endif

+

+#endif	/* _CRYPTOKI_H */

diff -ruN openssl-0.9.8k/crypto/engine/eng_all.c openssl-0.9.8k/crypto/engine/eng_all.c

--- openssl-0.9.8k/crypto/engine/eng_all.c	2008-06-04 20:01:39.000000000 +0200

+++ openssl-0.9.8k/crypto/engine/eng_all.c	2009-05-15 10:59:32.376328302 +0200

@@ -71,7 +71,17 @@

 #if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)

 	ENGINE_load_padlock();

 #endif

+/*

+ * On Solaris we must disable the dynamic engine loading until we enforce

+ * signing of the modules, otherwise this is crypto with a hole.

+ * This is a US Government Export Approval required change.

+ */

+#ifndef	SOLARIS_OPENSSL

 	ENGINE_load_dynamic();

+#endif

+#ifndef OPENSSL_NO_HW_PKCS11

+	ENGINE_load_pk11();

+#endif

 #ifndef OPENSSL_NO_STATIC_ENGINE

 #ifndef OPENSSL_NO_HW

 #ifndef OPENSSL_NO_HW_4758_CCA

diff -ruN openssl-0.9.8k/crypto/engine/eng_cnf.c openssl-0.9.8k/crypto/engine/eng_cnf.c

--- openssl-0.9.8k/crypto/engine/eng_cnf.c	2008-11-05 19:36:43.000000000 +0100

+++ openssl-0.9.8k/crypto/engine/eng_cnf.c	2009-05-15 10:59:32.376911395 +0200

@@ -132,6 +132,13 @@

 		/* Load a dynamic ENGINE */

 		else if (!strcmp(ctrlname, "dynamic_path"))

 			{

+#ifdef SOLARIS_OPENSSL

+			/*

+			 * Dynamic engines must be disabled until signature

+			 * verification is implemented.

+			 */

+			goto err;

+#endif /* SOLARIS_OPENSSL */

 			e = ENGINE_by_id("dynamic");

 			if (!e)

 				goto err;

diff -ruN openssl-0.9.8k/crypto/engine/engine.h openssl-0.9.8k/crypto/engine/engine.h

--- openssl-0.9.8k/crypto/engine/engine.h	2008-06-04 20:01:40.000000000 +0200

+++ openssl-0.9.8k/crypto/engine/engine.h	2009-05-15 10:59:32.377813267 +0200

@@ -337,6 +337,7 @@

 void ENGINE_load_ubsec(void);

 #endif

 void ENGINE_load_cryptodev(void);

+void ENGINE_load_pk11(void);

 void ENGINE_load_padlock(void);

 void ENGINE_load_builtin_engines(void);

 #ifndef OPENSSL_NO_CAPIENG

diff -ruN openssl-0.9.8k/crypto/engine/pkcs11.h openssl-0.9.8k/crypto/engine/pkcs11.h

--- openssl-0.9.8k/crypto/engine/pkcs11.h	1970-01-01 01:00:00.000000000 +0100

+++ openssl-0.9.8k/crypto/engine/pkcs11.h	2009-05-15 10:59:32.384822607 +0200

@@ -0,0 +1,299 @@

+/* pkcs11.h include file for PKCS #11. */

+/* $Revision: 1.4 $ */

+

+/* License to copy and use this software is granted provided that it is

+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface

+ * (Cryptoki)" in all material mentioning or referencing this software.

+

+ * License is also granted to make and use derivative works provided that

+ * such works are identified as "derived from the RSA Security Inc. PKCS #11

+ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or 

+ * referencing the derived work.

+

+ * RSA Security Inc. makes no representations concerning either the 

+ * merchantability of this software or the suitability of this software for

+ * any particular purpose. It is provided "as is" without express or implied

+ * warranty of any kind.

+ */

+

+#ifndef _PKCS11_H_

+#define _PKCS11_H_ 1

+

+#ifdef __cplusplus

+extern "C" {

+#endif

+

+/* Before including this file (pkcs11.h) (or pkcs11t.h by

+ * itself), 6 platform-specific macros must be defined.  These

+ * macros are described below, and typical definitions for them

+ * are also given.  Be advised that these definitions can depend

+ * on both the platform and the compiler used (and possibly also

+ * on whether a Cryptoki library is linked statically or

+ * dynamically).

+ *

+ * In addition to defining these 6 macros, the packing convention

+ * for Cryptoki structures should be set.  The Cryptoki

+ * convention on packing is that structures should be 1-byte

+ * aligned.

+ *

+ * If you're using Microsoft Developer Studio 5.0 to produce

+ * Win32 stuff, this might be done by using the following

+ * preprocessor directive before including pkcs11.h or pkcs11t.h:

+ *

+ * #pragma pack(push, cryptoki, 1)

+ *

+ * and using the following preprocessor directive after including

+ * pkcs11.h or pkcs11t.h:

+ *

+ * #pragma pack(pop, cryptoki)

+ *

+ * If you're using an earlier version of Microsoft Developer

+ * Studio to produce Win16 stuff, this might be done by using

+ * the following preprocessor directive before including

+ * pkcs11.h or pkcs11t.h:

+ *

+ * #pragma pack(1)

+ *

+ * In a UNIX environment, you're on your own for this.  You might

+ * not need to do (or be able to do!) anything.

+ *

+ *

+ * Now for the macros:

+ *

+ *

+ * 1. CK_PTR: The indirection string for making a pointer to an

+ * object.  It can be used like this:

+ *

+ * typedef CK_BYTE CK_PTR CK_BYTE_PTR;

+ *

+ * If you're using Microsoft Developer Studio 5.0 to produce

+ * Win32 stuff, it might be defined by:

+ *

+ * #define CK_PTR *

+ *

+ * If you're using an earlier version of Microsoft Developer

+ * Studio to produce Win16 stuff, it might be defined by:

+ *

+ * #define CK_PTR far *

+ *

+ * In a typical UNIX environment, it might be defined by:

+ *

+ * #define CK_PTR *

+ *

+ *

+ * 2. CK_DEFINE_FUNCTION(returnType, name): A macro which makes

+ * an exportable Cryptoki library function definition out of a

+ * return type and a function name.  It should be used in the

+ * following fashion to define the exposed Cryptoki functions in

+ * a Cryptoki library:

+ *

+ * CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(

+ *   CK_VOID_PTR pReserved

+ * )

+ * {

+ *   ...

+ * }

+ *

+ * If you're using Microsoft Developer Studio 5.0 to define a

+ * function in a Win32 Cryptoki .dll, it might be defined by:

+ *

+ * #define CK_DEFINE_FUNCTION(returnType, name) \

+ *   returnType __declspec(dllexport) name

+ *

+ * If you're using an earlier version of Microsoft Developer

+ * Studio to define a function in a Win16 Cryptoki .dll, it

+ * might be defined by:

+ *

+ * #define CK_DEFINE_FUNCTION(returnType, name) \

+ *   returnType __export _far _pascal name

+ *

+ * In a UNIX environment, it might be defined by:

+ *

+ * #define CK_DEFINE_FUNCTION(returnType, name) \

+ *   returnType name

+ *

+ *

+ * 3. CK_DECLARE_FUNCTION(returnType, name): A macro which makes

+ * an importable Cryptoki library function declaration out of a

+ * return type and a function name.  It should be used in the

+ * following fashion:

+ *

+ * extern CK_DECLARE_FUNCTION(CK_RV, C_Initialize)(

+ *   CK_VOID_PTR pReserved

+ * );

+ *

+ * If you're using Microsoft Developer Studio 5.0 to declare a

+ * function in a Win32 Cryptoki .dll, it might be defined by:

+ *

+ * #define CK_DECLARE_FUNCTION(returnType, name) \

+ *   returnType __declspec(dllimport) name

+ *

+ * If you're using an earlier version of Microsoft Developer

+ * Studio to declare a function in a Win16 Cryptoki .dll, it

+ * might be defined by:

+ *

+ * #define CK_DECLARE_FUNCTION(returnType, name) \

+ *   returnType __export _far _pascal name

+ *

+ * In a UNIX environment, it might be defined by:

+ *

+ * #define CK_DECLARE_FUNCTION(returnType, name) \

+ *   returnType name

+ *

+ *

+ * 4. CK_DECLARE_FUNCTION_POINTER(returnType, name): A macro

+ * which makes a Cryptoki API function pointer declaration or

+ * function pointer type declaration out of a return type and a

+ * function name.  It should be used in the following fashion:

+ *

+ * // Define funcPtr to be a pointer to a Cryptoki API function

+ * // taking arguments args and returning CK_RV.

+ * CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtr)(args);

+ *

+ * or

+ *

+ * // Define funcPtrType to be the type of a pointer to a

+ * // Cryptoki API function taking arguments args and returning

+ * // CK_RV, and then define funcPtr to be a variable of type

+ * // funcPtrType.

+ * typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtrType)(args);

+ * funcPtrType funcPtr;

+ *

+ * If you're using Microsoft Developer Studio 5.0 to access

+ * functions in a Win32 Cryptoki .dll, in might be defined by:

+ *

+ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \

+ *   returnType __declspec(dllimport) (* name)

+ *

+ * If you're using an earlier version of Microsoft Developer

+ * Studio to access functions in a Win16 Cryptoki .dll, it might

+ * be defined by:

+ *

+ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \

+ *   returnType __export _far _pascal (* name)

+ *

+ * In a UNIX environment, it might be defined by:

+ *

+ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \

+ *   returnType (* name)

+ *

+ *

+ * 5. CK_CALLBACK_FUNCTION(returnType, name): A macro which makes

+ * a function pointer type for an application callback out of

+ * a return type for the callback and a name for the callback.

+ * It should be used in the following fashion:

+ *

+ * CK_CALLBACK_FUNCTION(CK_RV, myCallback)(args);

+ *

+ * to declare a function pointer, myCallback, to a callback

+ * which takes arguments args and returns a CK_RV.  It can also

+ * be used like this:

+ *

+ * typedef CK_CALLBACK_FUNCTION(CK_RV, myCallbackType)(args);

+ * myCallbackType myCallback;

+ *

+ * If you're using Microsoft Developer Studio 5.0 to do Win32

+ * Cryptoki development, it might be defined by:

+ *