--- a/usr/src/lib/openssl/Patches/15-pkcs11_engine-0.9.8a.patch Sat Jun 26 23:31:21 2010 -0700
+++ b/usr/src/lib/openssl/Patches/15-pkcs11_engine-0.9.8a.patch Sat Jul 10 13:38:50 2010 -0700
@@ -1,6 +1,6 @@
-diff -ruN openssl-0.9.8k/Configure openssl-0.9.8k/Configure
---- openssl-0.9.8k/Configure 2009-02-16 09:44:22.000000000 +0100
-+++ openssl-0.9.8k/Configure 2009-05-15 11:01:47.963748957 +0200
+diff -ruN openssl-0.9.8o/Configure ../b/openssl-0.9.8o/Configure
+--- openssl-0.9.8o/Configure 2010-05-20 19:36:23.000000000 +0200
++++ ../b/openssl-0.9.8o/Configure 2010-06-22 13:46:10.546496537 +0200
@@ -12,7 +12,7 @@
# see INSTALL for instructions.
@@ -20,7 +20,7 @@
# --install_prefix Additional prefix for package builders (empty by
# default). This needn't be set in advance, you can
# just as well use "make INSTALL_PREFIX=/whatever install".
-@@ -580,6 +583,9 @@
+@@ -587,6 +590,9 @@
my $idx_ranlib = $idx++;
my $idx_arflags = $idx++;
@@ -28,9 +28,9 @@
+my $pk11_libname="";
+
my $prefix="";
+ my $libdir="";
my $openssldir="";
- my $exe_ext="";
-@@ -812,6 +818,10 @@
+@@ -825,6 +831,10 @@
{
$flags.=$_." ";
}
@@ -41,7 +41,7 @@
elsif (/^--prefix=(.*)$/)
{
$prefix=$1;
-@@ -943,6 +953,13 @@
+@@ -960,6 +970,13 @@
exit 0;
}
@@ -55,7 +55,7 @@
if ($target =~ m/^CygWin32(-.*)$/) {
$target = "Cygwin".$1;
}
-@@ -1103,6 +1120,8 @@
+@@ -1126,6 +1143,8 @@
if ($flags ne "") { $cflags="$flags$cflags"; }
else { $no_user_cflags=1; }
@@ -64,7 +64,7 @@
# Kerberos settings. The flavor must be provided from outside, either through
# the script "config" or manually.
if (!$no_krb5)
-@@ -1456,6 +1475,7 @@
+@@ -1489,6 +1508,7 @@
s/^VERSION=.*/VERSION=$version/;
s/^MAJOR=.*/MAJOR=$major/;
s/^MINOR=.*/MINOR=$minor/;
@@ -72,212 +72,10 @@
s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/;
s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/;
s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/;
-diff -ruN openssl-0.9.8k/Makefile.org openssl-0.9.8k/Makefile.org
---- openssl-0.9.8k/Makefile.org 2009-03-03 23:40:29.000000000 +0100
-+++ openssl-0.9.8k/Makefile.org 2009-05-15 10:59:32.374211464 +0200
-@@ -26,6 +26,9 @@
- INSTALL_PREFIX=
- INSTALLTOP=/usr/local/ssl
-
-+# You must set this through --pk11-libname configure option.
-+PK11_LIB_LOCATION=
-+
- # Do not edit this manually. Use Configure --openssldir=DIR do change this!
- OPENSSLDIR=/usr/local/ssl
-
-diff -ruN openssl-0.9.8k/crypto/engine/Makefile openssl-0.9.8k/crypto/engine/Makefile
---- openssl-0.9.8k/crypto/engine/Makefile 2008-09-17 19:10:59.000000000 +0200
-+++ openssl-0.9.8k/crypto/engine/Makefile 2009-05-15 11:03:29.130900045 +0200
-@@ -21,12 +21,14 @@
- eng_table.c eng_pkey.c eng_fat.c eng_all.c \
- tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \
- tb_cipher.c tb_digest.c \
-- eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c eng_padlock.c
-+ eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c eng_padlock.c \
-+ hw_pk11.c hw_pk11_pub.c hw_pk11_uri.c
- LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \
- eng_table.o eng_pkey.o eng_fat.o eng_all.o \
- tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \
- tb_cipher.o tb_digest.o \
-- eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o eng_padlock.o
-+ eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o eng_padlock.o \
-+ hw_pk11.o hw_pk11_pub.o hw_pk11_uri.o
-
- SRC= $(LIBSRC)
-
-@@ -286,6 +288,62 @@
- eng_table.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
- eng_table.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h
- eng_table.o: eng_table.c
-+hw_pk11.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-+hw_pk11.o: ../../include/openssl/engine.h ../../include/openssl/ossl_typ.h
-+hw_pk11.o: ../../include/openssl/bn.h ../../include/openssl/rsa.h
-+hw_pk11.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-+hw_pk11.o: ../../include/openssl/crypto.h ../../include/openssl/stack.h
-+hw_pk11.o: ../../include/openssl/safestack.h ../../include/openssl/opensslv.h
-+hw_pk11.o: ../../include/openssl/symhacks.h ../../include/openssl/dsa.h
-+hw_pk11.o: ../../include/openssl/dh.h ../../include/openssl/rand.h
-+hw_pk11.o: ../../include/openssl/ui.h ../../include/openssl/err.h
-+hw_pk11.o: ../../include/openssl/lhash.h ../../include/openssl/dso.h
-+hw_pk11.o: ../../include/openssl/pem.h ../../include/openssl/evp.h
-+hw_pk11.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-+hw_pk11.o: ../../include/openssl/md5.h ../../include/openssl/sha.h
-+hw_pk11.o: ../../include/openssl/ripemd.h ../../include/openssl/des.h
-+hw_pk11.o: ../../include/openssl/des_old.h ../../include/openssl/ui_compat.h
-+hw_pk11.o: ../../include/openssl/rc4.h ../../include/openssl/rc2.h
-+hw_pk11.o: ../../crypto/rc5/rc5.h ../../include/openssl/blowfish.h
-+hw_pk11.o: ../../include/openssl/cast.h ../../include/openssl/idea.h
-+hw_pk11.o: ../../crypto/mdc2/mdc2.h ../../include/openssl/aes.h
-+hw_pk11.o: ../../include/openssl/objects.h ../../include/openssl/obj_mac.h
-+hw_pk11.o: ../../include/openssl/x509.h ../../include/openssl/buffer.h
-+hw_pk11.o: ../../include/openssl/x509_vfy.h ../../include/openssl/pkcs7.h
-+hw_pk11.o: ../../include/openssl/pem2.h ../cryptlib.h hw_pk11_uri.h
-+hw_pk11.o: ../../e_os.h hw_pk11_err.c hw_pk11_err.h hw_pk11.c hw_pk11.h
-+hw_pk11_pub.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-+hw_pk11_pub.o: ../../include/openssl/engine.h ../../include/openssl/ossl_typ.h
-+hw_pk11_pub.o: ../../include/openssl/bn.h ../../include/openssl/rsa.h
-+hw_pk11_pub.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-+hw_pk11_pub.o: ../../include/openssl/crypto.h ../../include/openssl/stack.h
-+hw_pk11_pub.o: ../../include/openssl/safestack.h ../../include/openssl/opensslv.h
-+hw_pk11_pub.o: ../../include/openssl/symhacks.h ../../include/openssl/dsa.h
-+hw_pk11_pub.o: ../../include/openssl/dh.h ../../include/openssl/rand.h
-+hw_pk11_pub.o: ../../include/openssl/ui.h ../../include/openssl/err.h
-+hw_pk11_pub.o: ../../include/openssl/lhash.h ../../include/openssl/dso.h
-+hw_pk11_pub.o: ../../include/openssl/pem.h ../../include/openssl/evp.h
-+hw_pk11_pub.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-+hw_pk11_pub.o: ../../include/openssl/md5.h ../../include/openssl/sha.h
-+hw_pk11_pub.o: ../../include/openssl/ripemd.h ../../include/openssl/des.h
-+hw_pk11_pub.o: ../../include/openssl/des_old.h ../../include/openssl/ui_compat.h
-+hw_pk11_pub.o: ../../include/openssl/rc4.h ../../include/openssl/rc2.h
-+hw_pk11_pub.o: ../../crypto/rc5/rc5.h ../../include/openssl/blowfish.h
-+hw_pk11_pub.o: ../../include/openssl/cast.h ../../include/openssl/idea.h
-+hw_pk11_pub.o: ../../crypto/mdc2/mdc2.h ../../include/openssl/aes.h
-+hw_pk11_pub.o: ../../include/openssl/objects.h ../../include/openssl/obj_mac.h
-+hw_pk11_pub.o: ../../include/openssl/x509.h ../../include/openssl/buffer.h
-+hw_pk11_pub.o: ../../include/openssl/x509_vfy.h ../../include/openssl/pkcs7.h
-+hw_pk11_pub.o: ../../include/openssl/pem2.h ../cryptlib.h hw_pk11.h hw_pk11_uri.h
-+hw_pk11_pub.o: ../../e_os.h hw_pk11_pub.c hw_pk11.h hw_pk11_err.h
-+hw_pk11_pub.o: hw_pk11_uri.h
-+hw_pk11_uri.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-+hw_pk11_uri.o: ../../include/openssl/opensslconf.h ../../include/openssl/stack.h
-+hw_pk11_uri.o: ../../include/openssl/safestack.h ../../include/openssl/opensslv.h
-+hw_pk11_uri.o: ../../include/openssl/ossl_typ.h ../../include/openssl/symhacks.h
-+hw_pk11_uri.o: ../../include/security/cryptoki.h ../../include/security/pkcs11.h
-+hw_pk11_uri.o: ../../include/security/pkcs11t.h ../../include/security/pkcs11f.h
-+hw_pk11_uri.o: hw_pk11.h hw_pk11_err.h hw_pk11_uri.h hw_pk11_uri.c
- tb_cipher.o: ../../e_os.h ../../include/openssl/asn1.h
- tb_cipher.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
- tb_cipher.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-diff -ruN openssl-0.9.8k/crypto/engine/cryptoki.h openssl-0.9.8k/crypto/engine/cryptoki.h
---- openssl-0.9.8k/crypto/engine/cryptoki.h 1970-01-01 01:00:00.000000000 +0100
-+++ openssl-0.9.8k/crypto/engine/cryptoki.h 2009-05-15 10:59:32.375765469 +0200
-@@ -0,0 +1,103 @@
-+/*
-+ * CDDL HEADER START
-+ *
-+ * The contents of this file are subject to the terms of the
-+ * Common Development and Distribution License, Version 1.0 only
-+ * (the "License"). You may not use this file except in compliance
-+ * with the License.
-+ *
-+ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
-+ * or http://www.opensolaris.org/os/licensing.
-+ * See the License for the specific language governing permissions
-+ * and limitations under the License.
-+ *
-+ * When distributing Covered Code, include this CDDL HEADER in each
-+ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
-+ * If applicable, add the following below this CDDL HEADER, with the
-+ * fields enclosed by brackets "[]" replaced with your own identifying
-+ * information: Portions Copyright [yyyy] [name of copyright owner]
-+ *
-+ * CDDL HEADER END
-+ */
-+/*
-+ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
-+ * Use is subject to license terms.
-+ */
-+
-+#ifndef _CRYPTOKI_H
-+#define _CRYPTOKI_H
-+
-+#pragma ident "@(#)cryptoki.h 1.2 05/06/08 SMI"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+#ifndef CK_PTR
-+#define CK_PTR *
-+#endif
-+
-+#ifndef CK_DEFINE_FUNCTION
-+#define CK_DEFINE_FUNCTION(returnType, name) returnType name
-+#endif
-+
-+#ifndef CK_DECLARE_FUNCTION
-+#define CK_DECLARE_FUNCTION(returnType, name) returnType name
-+#endif
-+
-+#ifndef CK_DECLARE_FUNCTION_POINTER
-+#define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType (* name)
-+#endif
-+
-+#ifndef CK_CALLBACK_FUNCTION
-+#define CK_CALLBACK_FUNCTION(returnType, name) returnType (* name)
-+#endif
-+
-+#ifndef NULL_PTR
-+#include <unistd.h> /* For NULL */
-+#define NULL_PTR NULL
-+#endif
-+
-+/*
-+ * pkcs11t.h defines TRUE and FALSE in a way that upsets lint
-+ */
-+#ifndef CK_DISABLE_TRUE_FALSE
-+#define CK_DISABLE_TRUE_FALSE
-+#ifndef TRUE
-+#define TRUE 1
-+#endif /* TRUE */
-+#ifndef FALSE
-+#define FALSE 0
-+#endif /* FALSE */
-+#endif /* CK_DISABLE_TRUE_FALSE */
-+
-+#undef CK_PKCS11_FUNCTION_INFO
-+
-+#include "pkcs11.h"
-+
-+/* Solaris specific functions */
-+
-+#include <stdlib.h>
-+
-+/*
-+ * SUNW_C_GetMechSession will initialize the framework and do all
-+ * the necessary PKCS#11 calls to create a session capable of
-+ * providing operations on the requested mechanism
-+ */
-+CK_RV SUNW_C_GetMechSession(CK_MECHANISM_TYPE mech,
-+ CK_SESSION_HANDLE_PTR hSession);
-+
-+/*
-+ * SUNW_C_KeyToObject will create a secret key object for the given
-+ * mechanism from the rawkey data.
-+ */
-+CK_RV SUNW_C_KeyToObject(CK_SESSION_HANDLE hSession,
-+ CK_MECHANISM_TYPE mech, const void *rawkey, size_t rawkey_len,
-+ CK_OBJECT_HANDLE_PTR obj);
-+
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* _CRYPTOKI_H */
-diff -ruN openssl-0.9.8k/crypto/engine/eng_all.c openssl-0.9.8k/crypto/engine/eng_all.c
---- openssl-0.9.8k/crypto/engine/eng_all.c 2008-06-04 20:01:39.000000000 +0200
-+++ openssl-0.9.8k/crypto/engine/eng_all.c 2009-05-15 10:59:32.376328302 +0200
+Files openssl-0.9.8o/crypto/engine/.eng_cnf.c.swp and ../b/openssl-0.9.8o/crypto/engine/.eng_cnf.c.swp differ
+diff -ruN openssl-0.9.8o/crypto/engine/eng_all.c ../b/openssl-0.9.8o/crypto/engine/eng_all.c
+--- openssl-0.9.8o/crypto/engine/eng_all.c 2010-03-01 01:30:11.000000000 +0100
++++ ../b/openssl-0.9.8o/crypto/engine/eng_all.c 2010-06-22 13:46:10.548058244 +0200
@@ -71,7 +71,17 @@
#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
ENGINE_load_padlock();
@@ -296,9 +94,9 @@
#ifndef OPENSSL_NO_STATIC_ENGINE
#ifndef OPENSSL_NO_HW
#ifndef OPENSSL_NO_HW_4758_CCA
-diff -ruN openssl-0.9.8k/crypto/engine/eng_cnf.c openssl-0.9.8k/crypto/engine/eng_cnf.c
---- openssl-0.9.8k/crypto/engine/eng_cnf.c 2008-11-05 19:36:43.000000000 +0100
-+++ openssl-0.9.8k/crypto/engine/eng_cnf.c 2009-05-15 10:59:32.376911395 +0200
+diff -ruN openssl-0.9.8o/crypto/engine/eng_cnf.c ../b/openssl-0.9.8o/crypto/engine/eng_cnf.c
+--- openssl-0.9.8o/crypto/engine/eng_cnf.c 2010-02-09 15:18:15.000000000 +0100
++++ ../b/openssl-0.9.8o/crypto/engine/eng_cnf.c 2010-06-22 13:46:10.548339829 +0200
@@ -132,6 +132,13 @@
/* Load a dynamic ENGINE */
else if (!strcmp(ctrlname, "dynamic_path"))
@@ -313,9 +111,9 @@
e = ENGINE_by_id("dynamic");
if (!e)
goto err;
-diff -ruN openssl-0.9.8k/crypto/engine/engine.h openssl-0.9.8k/crypto/engine/engine.h
---- openssl-0.9.8k/crypto/engine/engine.h 2008-06-04 20:01:40.000000000 +0200
-+++ openssl-0.9.8k/crypto/engine/engine.h 2009-05-15 10:59:32.377813267 +0200
+diff -ruN openssl-0.9.8o/crypto/engine/engine.h ../b/openssl-0.9.8o/crypto/engine/engine.h
+--- openssl-0.9.8o/crypto/engine/engine.h 2010-02-09 15:18:15.000000000 +0100
++++ ../b/openssl-0.9.8o/crypto/engine/engine.h 2010-06-22 13:46:10.548927482 +0200
@@ -337,6 +337,7 @@
void ENGINE_load_ubsec(void);
#endif
@@ -323,3112 +121,37 @@
+void ENGINE_load_pk11(void);
void ENGINE_load_padlock(void);
void ENGINE_load_builtin_engines(void);
- #ifndef OPENSSL_NO_CAPIENG
-diff -ruN openssl-0.9.8k/crypto/engine/pkcs11.h openssl-0.9.8k/crypto/engine/pkcs11.h
---- openssl-0.9.8k/crypto/engine/pkcs11.h 1970-01-01 01:00:00.000000000 +0100
-+++ openssl-0.9.8k/crypto/engine/pkcs11.h 2009-05-15 10:59:32.384822607 +0200
-@@ -0,0 +1,299 @@
-+/* pkcs11.h include file for PKCS #11. */
-+/* $Revision: 1.4 $ */
-+
-+/* License to copy and use this software is granted provided that it is
-+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
-+ * (Cryptoki)" in all material mentioning or referencing this software.
-+
-+ * License is also granted to make and use derivative works provided that
-+ * such works are identified as "derived from the RSA Security Inc. PKCS #11
-+ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
-+ * referencing the derived work.
-+
-+ * RSA Security Inc. makes no representations concerning either the
-+ * merchantability of this software or the suitability of this software for
-+ * any particular purpose. It is provided "as is" without express or implied
-+ * warranty of any kind.
-+ */
-+
-+#ifndef _PKCS11_H_
-+#define _PKCS11_H_ 1
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+/* Before including this file (pkcs11.h) (or pkcs11t.h by
-+ * itself), 6 platform-specific macros must be defined. These
-+ * macros are described below, and typical definitions for them
-+ * are also given. Be advised that these definitions can depend
-+ * on both the platform and the compiler used (and possibly also
-+ * on whether a Cryptoki library is linked statically or
-+ * dynamically).
-+ *
-+ * In addition to defining these 6 macros, the packing convention
-+ * for Cryptoki structures should be set. The Cryptoki
-+ * convention on packing is that structures should be 1-byte
-+ * aligned.
-+ *
-+ * If you're using Microsoft Developer Studio 5.0 to produce
-+ * Win32 stuff, this might be done by using the following
-+ * preprocessor directive before including pkcs11.h or pkcs11t.h:
-+ *
-+ * #pragma pack(push, cryptoki, 1)
-+ *
-+ * and using the following preprocessor directive after including
-+ * pkcs11.h or pkcs11t.h:
-+ *
-+ * #pragma pack(pop, cryptoki)
-+ *
-+ * If you're using an earlier version of Microsoft Developer
-+ * Studio to produce Win16 stuff, this might be done by using
-+ * the following preprocessor directive before including
-+ * pkcs11.h or pkcs11t.h:
-+ *
-+ * #pragma pack(1)
-+ *
-+ * In a UNIX environment, you're on your own for this. You might
-+ * not need to do (or be able to do!) anything.
-+ *
-+ *
-+ * Now for the macros:
-+ *
-+ *
-+ * 1. CK_PTR: The indirection string for making a pointer to an
-+ * object. It can be used like this:
-+ *
-+ * typedef CK_BYTE CK_PTR CK_BYTE_PTR;
-+ *
-+ * If you're using Microsoft Developer Studio 5.0 to produce
-+ * Win32 stuff, it might be defined by:
-+ *
-+ * #define CK_PTR *
-+ *
-+ * If you're using an earlier version of Microsoft Developer
-+ * Studio to produce Win16 stuff, it might be defined by:
-+ *
-+ * #define CK_PTR far *
-+ *
-+ * In a typical UNIX environment, it might be defined by:
-+ *
-+ * #define CK_PTR *
-+ *
-+ *
-+ * 2. CK_DEFINE_FUNCTION(returnType, name): A macro which makes
-+ * an exportable Cryptoki library function definition out of a
-+ * return type and a function name. It should be used in the
-+ * following fashion to define the exposed Cryptoki functions in
-+ * a Cryptoki library:
-+ *
-+ * CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(
-+ * CK_VOID_PTR pReserved
-+ * )
-+ * {
-+ * ...
-+ * }
-+ *
-+ * If you're using Microsoft Developer Studio 5.0 to define a
-+ * function in a Win32 Cryptoki .dll, it might be defined by:
-+ *
-+ * #define CK_DEFINE_FUNCTION(returnType, name) \
-+ * returnType __declspec(dllexport) name
-+ *
-+ * If you're using an earlier version of Microsoft Developer
-+ * Studio to define a function in a Win16 Cryptoki .dll, it
-+ * might be defined by:
-+ *
-+ * #define CK_DEFINE_FUNCTION(returnType, name) \
-+ * returnType __export _far _pascal name
-+ *
-+ * In a UNIX environment, it might be defined by:
-+ *
-+ * #define CK_DEFINE_FUNCTION(returnType, name) \
-+ * returnType name
-+ *
-+ *
-+ * 3. CK_DECLARE_FUNCTION(returnType, name): A macro which makes
-+ * an importable Cryptoki library function declaration out of a
-+ * return type and a function name. It should be used in the
-+ * following fashion:
-+ *
-+ * extern CK_DECLARE_FUNCTION(CK_RV, C_Initialize)(
-+ * CK_VOID_PTR pReserved
-+ * );
-+ *
-+ * If you're using Microsoft Developer Studio 5.0 to declare a
-+ * function in a Win32 Cryptoki .dll, it might be defined by:
-+ *
-+ * #define CK_DECLARE_FUNCTION(returnType, name) \
-+ * returnType __declspec(dllimport) name
-+ *
-+ * If you're using an earlier version of Microsoft Developer
-+ * Studio to declare a function in a Win16 Cryptoki .dll, it
-+ * might be defined by:
-+ *
-+ * #define CK_DECLARE_FUNCTION(returnType, name) \
-+ * returnType __export _far _pascal name
-+ *
-+ * In a UNIX environment, it might be defined by:
-+ *
-+ * #define CK_DECLARE_FUNCTION(returnType, name) \
-+ * returnType name
-+ *
-+ *
-+ * 4. CK_DECLARE_FUNCTION_POINTER(returnType, name): A macro
-+ * which makes a Cryptoki API function pointer declaration or
-+ * function pointer type declaration out of a return type and a
-+ * function name. It should be used in the following fashion:
-+ *
-+ * // Define funcPtr to be a pointer to a Cryptoki API function
-+ * // taking arguments args and returning CK_RV.
-+ * CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtr)(args);
-+ *
-+ * or
-+ *
-+ * // Define funcPtrType to be the type of a pointer to a
-+ * // Cryptoki API function taking arguments args and returning
-+ * // CK_RV, and then define funcPtr to be a variable of type
-+ * // funcPtrType.
-+ * typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtrType)(args);
-+ * funcPtrType funcPtr;
-+ *
-+ * If you're using Microsoft Developer Studio 5.0 to access
-+ * functions in a Win32 Cryptoki .dll, in might be defined by:
-+ *
-+ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
-+ * returnType __declspec(dllimport) (* name)
-+ *
-+ * If you're using an earlier version of Microsoft Developer
-+ * Studio to access functions in a Win16 Cryptoki .dll, it might
-+ * be defined by:
-+ *
-+ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
-+ * returnType __export _far _pascal (* name)
-+ *
-+ * In a UNIX environment, it might be defined by:
-+ *
-+ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
-+ * returnType (* name)
-+ *
-+ *
-+ * 5. CK_CALLBACK_FUNCTION(returnType, name): A macro which makes
-+ * a function pointer type for an application callback out of
-+ * a return type for the callback and a name for the callback.
-+ * It should be used in the following fashion:
-+ *
-+ * CK_CALLBACK_FUNCTION(CK_RV, myCallback)(args);
-+ *
-+ * to declare a function pointer, myCallback, to a callback
-+ * which takes arguments args and returns a CK_RV. It can also
-+ * be used like this:
-+ *
-+ * typedef CK_CALLBACK_FUNCTION(CK_RV, myCallbackType)(args);
-+ * myCallbackType myCallback;
-+ *
-+ * If you're using Microsoft Developer Studio 5.0 to do Win32
-+ * Cryptoki development, it might be defined by:
-+ *
-+ * #define CK_CALLBACK_FUNCTION(returnType, name) \
-+ * returnType (* name)
-+ *
-+ * If you're using an earlier version of Microsoft Developer
-+ * Studio to do Win16 development, it might be defined by:
-+ *
-+ * #define CK_CALLBACK_FUNCTION(returnType, name) \
-+ * returnType _far _pascal (* name)
-+ *
-+ * In a UNIX environment, it might be defined by:
-+ *
-+ * #define CK_CALLBACK_FUNCTION(returnType, name) \
-+ * returnType (* name)
-+ *
-+ *
-+ * 6. NULL_PTR: This macro is the value of a NULL pointer.
-+ *
-+ * In any ANSI/ISO C environment (and in many others as well),
-+ * this should best be defined by
-+ *
-+ * #ifndef NULL_PTR
-+ * #define NULL_PTR 0
-+ * #endif
-+ */
-+
-+
-+/* All the various Cryptoki types and #define'd values are in the
-+ * file pkcs11t.h. */
-+#include "pkcs11t.h"
-+
-+#define __PASTE(x,y) x##y
-+
-+
-+/* ==============================================================
-+ * Define the "extern" form of all the entry points.
-+ * ==============================================================
-+ */
-+
-+#define CK_NEED_ARG_LIST 1
-+#define CK_PKCS11_FUNCTION_INFO(name) \
-+ extern CK_DECLARE_FUNCTION(CK_RV, name)
-+
-+/* pkcs11f.h has all the information about the Cryptoki
-+ * function prototypes. */
-+#include "pkcs11f.h"
-+
-+#undef CK_NEED_ARG_LIST
-+#undef CK_PKCS11_FUNCTION_INFO
-+
-+
-+/* ==============================================================
-+ * Define the typedef form of all the entry points. That is, for
-+ * each Cryptoki function C_XXX, define a type CK_C_XXX which is
-+ * a pointer to that kind of function.
-+ * ==============================================================
-+ */
-+
-+#define CK_NEED_ARG_LIST 1
-+#define CK_PKCS11_FUNCTION_INFO(name) \
-+ typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, __PASTE(CK_,name))
-+
-+/* pkcs11f.h has all the information about the Cryptoki
-+ * function prototypes. */
-+#include "pkcs11f.h"
-+
-+#undef CK_NEED_ARG_LIST
-+#undef CK_PKCS11_FUNCTION_INFO
-+
-+
-+/* ==============================================================
-+ * Define structed vector of entry points. A CK_FUNCTION_LIST
-+ * contains a CK_VERSION indicating a library's Cryptoki version
-+ * and then a whole slew of function pointers to the routines in
-+ * the library. This type was declared, but not defined, in
-+ * pkcs11t.h.
-+ * ==============================================================
-+ */
-+
-+#define CK_PKCS11_FUNCTION_INFO(name) \
-+ __PASTE(CK_,name) name;
-+
-+struct CK_FUNCTION_LIST {
-+
-+ CK_VERSION version; /* Cryptoki version */
-+
-+/* Pile all the function pointers into the CK_FUNCTION_LIST. */
-+/* pkcs11f.h has all the information about the Cryptoki
-+ * function prototypes. */
-+#include "pkcs11f.h"
-+
-+};
-+
-+#undef CK_PKCS11_FUNCTION_INFO
-+
-+
-+#undef __PASTE
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif
-diff -ruN openssl-0.9.8k/crypto/engine/pkcs11f.h openssl-0.9.8k/crypto/engine/pkcs11f.h
---- openssl-0.9.8k/crypto/engine/pkcs11f.h 1970-01-01 01:00:00.000000000 +0100
-+++ openssl-0.9.8k/crypto/engine/pkcs11f.h 2009-05-15 10:59:32.385809195 +0200
-@@ -0,0 +1,912 @@
-+/* pkcs11f.h include file for PKCS #11. */
-+/* $Revision: 1.4 $ */
-+
-+/* License to copy and use this software is granted provided that it is
-+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
-+ * (Cryptoki)" in all material mentioning or referencing this software.
-+
-+ * License is also granted to make and use derivative works provided that
-+ * such works are identified as "derived from the RSA Security Inc. PKCS #11
-+ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
-+ * referencing the derived work.
-+
-+ * RSA Security Inc. makes no representations concerning either the
-+ * merchantability of this software or the suitability of this software for
-+ * any particular purpose. It is provided "as is" without express or implied
-+ * warranty of any kind.
-+ */
-+
-+/* This header file contains pretty much everything about all the */
-+/* Cryptoki function prototypes. Because this information is */
-+/* used for more than just declaring function prototypes, the */
-+/* order of the functions appearing herein is important, and */
-+/* should not be altered. */
-+
-+/* General-purpose */
-+
-+/* C_Initialize initializes the Cryptoki library. */
-+CK_PKCS11_FUNCTION_INFO(C_Initialize)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_VOID_PTR pInitArgs /* if this is not NULL_PTR, it gets
-+ * cast to CK_C_INITIALIZE_ARGS_PTR
-+ * and dereferenced */
-+);
-+#endif
-+
-+
-+/* C_Finalize indicates that an application is done with the
-+ * Cryptoki library. */
-+CK_PKCS11_FUNCTION_INFO(C_Finalize)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_VOID_PTR pReserved /* reserved. Should be NULL_PTR */
-+);
-+#endif
-+
-+
-+/* C_GetInfo returns general information about Cryptoki. */
-+CK_PKCS11_FUNCTION_INFO(C_GetInfo)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_INFO_PTR pInfo /* location that receives information */
-+);
-+#endif
-+
-+
-+/* C_GetFunctionList returns the function list. */
-+CK_PKCS11_FUNCTION_INFO(C_GetFunctionList)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_FUNCTION_LIST_PTR_PTR ppFunctionList /* receives pointer to
-+ * function list */
-+);
-+#endif
-+
-+
-+
-+/* Slot and token management */
-+
-+/* C_GetSlotList obtains a list of slots in the system. */
-+CK_PKCS11_FUNCTION_INFO(C_GetSlotList)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_BBOOL tokenPresent, /* only slots with tokens? */
-+ CK_SLOT_ID_PTR pSlotList, /* receives array of slot IDs */
-+ CK_ULONG_PTR pulCount /* receives number of slots */
-+);
-+#endif
-+
-+
-+/* C_GetSlotInfo obtains information about a particular slot in
-+ * the system. */
-+CK_PKCS11_FUNCTION_INFO(C_GetSlotInfo)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SLOT_ID slotID, /* the ID of the slot */
-+ CK_SLOT_INFO_PTR pInfo /* receives the slot information */
-+);
-+#endif
-+
-+
-+/* C_GetTokenInfo obtains information about a particular token
-+ * in the system. */
-+CK_PKCS11_FUNCTION_INFO(C_GetTokenInfo)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SLOT_ID slotID, /* ID of the token's slot */
-+ CK_TOKEN_INFO_PTR pInfo /* receives the token information */
-+);
-+#endif
-+
-+
-+/* C_GetMechanismList obtains a list of mechanism types
-+ * supported by a token. */
-+CK_PKCS11_FUNCTION_INFO(C_GetMechanismList)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SLOT_ID slotID, /* ID of token's slot */
-+ CK_MECHANISM_TYPE_PTR pMechanismList, /* gets mech. array */
-+ CK_ULONG_PTR pulCount /* gets # of mechs. */
-+);
-+#endif
-+
-+
-+/* C_GetMechanismInfo obtains information about a particular
-+ * mechanism possibly supported by a token. */
-+CK_PKCS11_FUNCTION_INFO(C_GetMechanismInfo)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SLOT_ID slotID, /* ID of the token's slot */
-+ CK_MECHANISM_TYPE type, /* type of mechanism */
-+ CK_MECHANISM_INFO_PTR pInfo /* receives mechanism info */
-+);
-+#endif
-+
-+
-+/* C_InitToken initializes a token. */
-+CK_PKCS11_FUNCTION_INFO(C_InitToken)
-+#ifdef CK_NEED_ARG_LIST
-+/* pLabel changed from CK_CHAR_PTR to CK_UTF8CHAR_PTR for v2.10 */
-+(
-+ CK_SLOT_ID slotID, /* ID of the token's slot */
-+ CK_UTF8CHAR_PTR pPin, /* the SO's initial PIN */
-+ CK_ULONG ulPinLen, /* length in bytes of the PIN */
-+ CK_UTF8CHAR_PTR pLabel /* 32-byte token label (blank padded) */
-+);
-+#endif
-+
-+
-+/* C_InitPIN initializes the normal user's PIN. */
-+CK_PKCS11_FUNCTION_INFO(C_InitPIN)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_UTF8CHAR_PTR pPin, /* the normal user's PIN */
-+ CK_ULONG ulPinLen /* length in bytes of the PIN */
-+);
-+#endif
-+
-+
-+/* C_SetPIN modifies the PIN of the user who is logged in. */
-+CK_PKCS11_FUNCTION_INFO(C_SetPIN)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_UTF8CHAR_PTR pOldPin, /* the old PIN */
-+ CK_ULONG ulOldLen, /* length of the old PIN */
-+ CK_UTF8CHAR_PTR pNewPin, /* the new PIN */
-+ CK_ULONG ulNewLen /* length of the new PIN */
-+);
-+#endif
-+
-+
-+
-+/* Session management */
-+
-+/* C_OpenSession opens a session between an application and a
-+ * token. */
-+CK_PKCS11_FUNCTION_INFO(C_OpenSession)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SLOT_ID slotID, /* the slot's ID */
-+ CK_FLAGS flags, /* from CK_SESSION_INFO */
-+ CK_VOID_PTR pApplication, /* passed to callback */
-+ CK_NOTIFY Notify, /* callback function */
-+ CK_SESSION_HANDLE_PTR phSession /* gets session handle */
-+);
-+#endif
-+
-+
-+/* C_CloseSession closes a session between an application and a
-+ * token. */
-+CK_PKCS11_FUNCTION_INFO(C_CloseSession)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession /* the session's handle */
-+);
-+#endif
-+
-+
-+/* C_CloseAllSessions closes all sessions with a token. */
-+CK_PKCS11_FUNCTION_INFO(C_CloseAllSessions)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SLOT_ID slotID /* the token's slot */
-+);
-+#endif
-+
-+
-+/* C_GetSessionInfo obtains information about the session. */
-+CK_PKCS11_FUNCTION_INFO(C_GetSessionInfo)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_SESSION_INFO_PTR pInfo /* receives session info */
-+);
-+#endif
-+
-+
-+/* C_GetOperationState obtains the state of the cryptographic operation
-+ * in a session. */
-+CK_PKCS11_FUNCTION_INFO(C_GetOperationState)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pOperationState, /* gets state */
-+ CK_ULONG_PTR pulOperationStateLen /* gets state length */
-+);
-+#endif
-+
-+
-+/* C_SetOperationState restores the state of the cryptographic
-+ * operation in a session. */
-+CK_PKCS11_FUNCTION_INFO(C_SetOperationState)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pOperationState, /* holds state */
-+ CK_ULONG ulOperationStateLen, /* holds state length */
-+ CK_OBJECT_HANDLE hEncryptionKey, /* en/decryption key */
-+ CK_OBJECT_HANDLE hAuthenticationKey /* sign/verify key */
-+);
-+#endif
-+
-+
-+/* C_Login logs a user into a token. */
-+CK_PKCS11_FUNCTION_INFO(C_Login)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_USER_TYPE userType, /* the user type */
-+ CK_UTF8CHAR_PTR pPin, /* the user's PIN */
-+ CK_ULONG ulPinLen /* the length of the PIN */
-+);
-+#endif
-+
-+
-+/* C_Logout logs a user out from a token. */
-+CK_PKCS11_FUNCTION_INFO(C_Logout)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession /* the session's handle */
-+);
-+#endif
-+
-+
-+
-+/* Object management */
-+
-+/* C_CreateObject creates a new object. */
-+CK_PKCS11_FUNCTION_INFO(C_CreateObject)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_ATTRIBUTE_PTR pTemplate, /* the object's template */
-+ CK_ULONG ulCount, /* attributes in template */
-+ CK_OBJECT_HANDLE_PTR phObject /* gets new object's handle. */
-+);
-+#endif
-+
-+
-+/* C_CopyObject copies an object, creating a new object for the
-+ * copy. */
-+CK_PKCS11_FUNCTION_INFO(C_CopyObject)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_OBJECT_HANDLE hObject, /* the object's handle */
-+ CK_ATTRIBUTE_PTR pTemplate, /* template for new object */
-+ CK_ULONG ulCount, /* attributes in template */
-+ CK_OBJECT_HANDLE_PTR phNewObject /* receives handle of copy */
-+);
-+#endif
-+
-+
-+/* C_DestroyObject destroys an object. */
-+CK_PKCS11_FUNCTION_INFO(C_DestroyObject)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_OBJECT_HANDLE hObject /* the object's handle */
-+);
-+#endif
-+
-+
-+/* C_GetObjectSize gets the size of an object in bytes. */
-+CK_PKCS11_FUNCTION_INFO(C_GetObjectSize)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_OBJECT_HANDLE hObject, /* the object's handle */
-+ CK_ULONG_PTR pulSize /* receives size of object */
-+);
-+#endif
-+
-+
-+/* C_GetAttributeValue obtains the value of one or more object
-+ * attributes. */
-+CK_PKCS11_FUNCTION_INFO(C_GetAttributeValue)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_OBJECT_HANDLE hObject, /* the object's handle */
-+ CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs; gets vals */
-+ CK_ULONG ulCount /* attributes in template */
-+);
-+#endif
-+
-+
-+/* C_SetAttributeValue modifies the value of one or more object
-+ * attributes */
-+CK_PKCS11_FUNCTION_INFO(C_SetAttributeValue)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_OBJECT_HANDLE hObject, /* the object's handle */
-+ CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs and values */
-+ CK_ULONG ulCount /* attributes in template */
-+);
-+#endif
-+
-+
-+/* C_FindObjectsInit initializes a search for token and session
-+ * objects that match a template. */
-+CK_PKCS11_FUNCTION_INFO(C_FindObjectsInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_ATTRIBUTE_PTR pTemplate, /* attribute values to match */
-+ CK_ULONG ulCount /* attrs in search template */
-+);
-+#endif
-+
-+
-+/* C_FindObjects continues a search for token and session
-+ * objects that match a template, obtaining additional object
-+ * handles. */
-+CK_PKCS11_FUNCTION_INFO(C_FindObjects)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_OBJECT_HANDLE_PTR phObject, /* gets obj. handles */
-+ CK_ULONG ulMaxObjectCount, /* max handles to get */
-+ CK_ULONG_PTR pulObjectCount /* actual # returned */
-+);
-+#endif
-+
-+
-+/* C_FindObjectsFinal finishes a search for token and session
-+ * objects. */
-+CK_PKCS11_FUNCTION_INFO(C_FindObjectsFinal)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession /* the session's handle */
-+);
-+#endif
-+
-+
-+
-+/* Encryption and decryption */
-+
-+/* C_EncryptInit initializes an encryption operation. */
-+CK_PKCS11_FUNCTION_INFO(C_EncryptInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* the encryption mechanism */
-+ CK_OBJECT_HANDLE hKey /* handle of encryption key */
-+);
-+#endif
-+
-+
-+/* C_Encrypt encrypts single-part data. */
-+CK_PKCS11_FUNCTION_INFO(C_Encrypt)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pData, /* the plaintext data */
-+ CK_ULONG ulDataLen, /* bytes of plaintext */
-+ CK_BYTE_PTR pEncryptedData, /* gets ciphertext */
-+ CK_ULONG_PTR pulEncryptedDataLen /* gets c-text size */
-+);
-+#endif
-+
-+
-+/* C_EncryptUpdate continues a multiple-part encryption
-+ * operation. */
-+CK_PKCS11_FUNCTION_INFO(C_EncryptUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pPart, /* the plaintext data */
-+ CK_ULONG ulPartLen, /* plaintext data len */
-+ CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */
-+ CK_ULONG_PTR pulEncryptedPartLen /* gets c-text size */
-+);
-+#endif
-+
-+
-+/* C_EncryptFinal finishes a multiple-part encryption
-+ * operation. */
-+CK_PKCS11_FUNCTION_INFO(C_EncryptFinal)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session handle */
-+ CK_BYTE_PTR pLastEncryptedPart, /* last c-text */
-+ CK_ULONG_PTR pulLastEncryptedPartLen /* gets last size */
-+);
-+#endif
-+
-+
-+/* C_DecryptInit initializes a decryption operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DecryptInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* the decryption mechanism */
-+ CK_OBJECT_HANDLE hKey /* handle of decryption key */
-+);
-+#endif
-+
-+
-+/* C_Decrypt decrypts encrypted data in a single part. */
-+CK_PKCS11_FUNCTION_INFO(C_Decrypt)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pEncryptedData, /* ciphertext */
-+ CK_ULONG ulEncryptedDataLen, /* ciphertext length */
-+ CK_BYTE_PTR pData, /* gets plaintext */
-+ CK_ULONG_PTR pulDataLen /* gets p-text size */
-+);
-+#endif
-+
-+
-+/* C_DecryptUpdate continues a multiple-part decryption
-+ * operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DecryptUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pEncryptedPart, /* encrypted data */
-+ CK_ULONG ulEncryptedPartLen, /* input length */
-+ CK_BYTE_PTR pPart, /* gets plaintext */
-+ CK_ULONG_PTR pulPartLen /* p-text size */
-+);
-+#endif
-+
-+
-+/* C_DecryptFinal finishes a multiple-part decryption
-+ * operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DecryptFinal)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pLastPart, /* gets plaintext */
-+ CK_ULONG_PTR pulLastPartLen /* p-text size */
-+);
-+#endif
-+
-+
-+
-+/* Message digesting */
-+
-+/* C_DigestInit initializes a message-digesting operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DigestInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism /* the digesting mechanism */
-+);
-+#endif
-+
-+
-+/* C_Digest digests data in a single part. */
-+CK_PKCS11_FUNCTION_INFO(C_Digest)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pData, /* data to be digested */
-+ CK_ULONG ulDataLen, /* bytes of data to digest */
-+ CK_BYTE_PTR pDigest, /* gets the message digest */
-+ CK_ULONG_PTR pulDigestLen /* gets digest length */
-+);
-+#endif
-+
-+
-+/* C_DigestUpdate continues a multiple-part message-digesting
-+ * operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DigestUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pPart, /* data to be digested */
-+ CK_ULONG ulPartLen /* bytes of data to be digested */
-+);
-+#endif
-+
-+
-+/* C_DigestKey continues a multi-part message-digesting
-+ * operation, by digesting the value of a secret key as part of
-+ * the data already digested. */
-+CK_PKCS11_FUNCTION_INFO(C_DigestKey)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_OBJECT_HANDLE hKey /* secret key to digest */
-+);
-+#endif
-+
-+
-+/* C_DigestFinal finishes a multiple-part message-digesting
-+ * operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DigestFinal)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pDigest, /* gets the message digest */
-+ CK_ULONG_PTR pulDigestLen /* gets byte count of digest */
-+);
-+#endif
-+
-+
-+
-+/* Signing and MACing */
-+
-+/* C_SignInit initializes a signature (private key encryption)
-+ * operation, where the signature is (will be) an appendix to
-+ * the data, and plaintext cannot be recovered from the
-+ *signature. */
-+CK_PKCS11_FUNCTION_INFO(C_SignInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* the signature mechanism */
-+ CK_OBJECT_HANDLE hKey /* handle of signature key */
-+);
-+#endif
-+
-+
-+/* C_Sign signs (encrypts with private key) data in a single
-+ * part, where the signature is (will be) an appendix to the
-+ * data, and plaintext cannot be recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_Sign)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pData, /* the data to sign */
-+ CK_ULONG ulDataLen, /* count of bytes to sign */
-+ CK_BYTE_PTR pSignature, /* gets the signature */
-+ CK_ULONG_PTR pulSignatureLen /* gets signature length */
-+);
-+#endif
-+
-+
-+/* C_SignUpdate continues a multiple-part signature operation,
-+ * where the signature is (will be) an appendix to the data,
-+ * and plaintext cannot be recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_SignUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pPart, /* the data to sign */
-+ CK_ULONG ulPartLen /* count of bytes to sign */
-+);
-+#endif
-+
-+
-+/* C_SignFinal finishes a multiple-part signature operation,
-+ * returning the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_SignFinal)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pSignature, /* gets the signature */
-+ CK_ULONG_PTR pulSignatureLen /* gets signature length */
-+);
-+#endif
-+
-+
-+/* C_SignRecoverInit initializes a signature operation, where
-+ * the data can be recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_SignRecoverInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* the signature mechanism */
-+ CK_OBJECT_HANDLE hKey /* handle of the signature key */
-+);
-+#endif
-+
-+
-+/* C_SignRecover signs data in a single operation, where the
-+ * data can be recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_SignRecover)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pData, /* the data to sign */
-+ CK_ULONG ulDataLen, /* count of bytes to sign */
-+ CK_BYTE_PTR pSignature, /* gets the signature */
-+ CK_ULONG_PTR pulSignatureLen /* gets signature length */
-+);
-+#endif
-+
-+
-+
-+/* Verifying signatures and MACs */
-+
-+/* C_VerifyInit initializes a verification operation, where the
-+ * signature is an appendix to the data, and plaintext cannot
-+ * cannot be recovered from the signature (e.g. DSA). */
-+CK_PKCS11_FUNCTION_INFO(C_VerifyInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* the verification mechanism */
-+ CK_OBJECT_HANDLE hKey /* verification key */
-+);
-+#endif
-+
-+
-+/* C_Verify verifies a signature in a single-part operation,
-+ * where the signature is an appendix to the data, and plaintext
-+ * cannot be recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_Verify)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pData, /* signed data */
-+ CK_ULONG ulDataLen, /* length of signed data */
-+ CK_BYTE_PTR pSignature, /* signature */
-+ CK_ULONG ulSignatureLen /* signature length*/
-+);
-+#endif
-+
-+
-+/* C_VerifyUpdate continues a multiple-part verification
-+ * operation, where the signature is an appendix to the data,
-+ * and plaintext cannot be recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pPart, /* signed data */
-+ CK_ULONG ulPartLen /* length of signed data */
-+);
-+#endif
-+
-+
-+/* C_VerifyFinal finishes a multiple-part verification
-+ * operation, checking the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_VerifyFinal)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pSignature, /* signature to verify */
-+ CK_ULONG ulSignatureLen /* signature length */
-+);
-+#endif
-+
-+
-+/* C_VerifyRecoverInit initializes a signature verification
-+ * operation, where the data is recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_VerifyRecoverInit)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* the verification mechanism */
-+ CK_OBJECT_HANDLE hKey /* verification key */
-+);
-+#endif
-+
-+
-+/* C_VerifyRecover verifies a signature in a single-part
-+ * operation, where the data is recovered from the signature. */
-+CK_PKCS11_FUNCTION_INFO(C_VerifyRecover)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pSignature, /* signature to verify */
-+ CK_ULONG ulSignatureLen, /* signature length */
-+ CK_BYTE_PTR pData, /* gets signed data */
-+ CK_ULONG_PTR pulDataLen /* gets signed data len */
-+);
-+#endif
-+
-+
-+
-+/* Dual-function cryptographic operations */
-+
-+/* C_DigestEncryptUpdate continues a multiple-part digesting
-+ * and encryption operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DigestEncryptUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pPart, /* the plaintext data */
-+ CK_ULONG ulPartLen, /* plaintext length */
-+ CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */
-+ CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */
-+);
-+#endif
-+
-+
-+/* C_DecryptDigestUpdate continues a multiple-part decryption and
-+ * digesting operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DecryptDigestUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pEncryptedPart, /* ciphertext */
-+ CK_ULONG ulEncryptedPartLen, /* ciphertext length */
-+ CK_BYTE_PTR pPart, /* gets plaintext */
-+ CK_ULONG_PTR pulPartLen /* gets plaintext len */
-+);
-+#endif
-+
-+
-+/* C_SignEncryptUpdate continues a multiple-part signing and
-+ * encryption operation. */
-+CK_PKCS11_FUNCTION_INFO(C_SignEncryptUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pPart, /* the plaintext data */
-+ CK_ULONG ulPartLen, /* plaintext length */
-+ CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */
-+ CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */
-+);
-+#endif
-+
-+
-+/* C_DecryptVerifyUpdate continues a multiple-part decryption and
-+ * verify operation. */
-+CK_PKCS11_FUNCTION_INFO(C_DecryptVerifyUpdate)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_BYTE_PTR pEncryptedPart, /* ciphertext */
-+ CK_ULONG ulEncryptedPartLen, /* ciphertext length */
-+ CK_BYTE_PTR pPart, /* gets plaintext */
-+ CK_ULONG_PTR pulPartLen /* gets p-text length */
-+);
-+#endif
-+
-+
-+
-+/* Key management */
-+
-+/* C_GenerateKey generates a secret key, creating a new key
-+ * object. */
-+CK_PKCS11_FUNCTION_INFO(C_GenerateKey)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* key generation mech. */
-+ CK_ATTRIBUTE_PTR pTemplate, /* template for new key */
-+ CK_ULONG ulCount, /* # of attrs in template */
-+ CK_OBJECT_HANDLE_PTR phKey /* gets handle of new key */
-+);
-+#endif
-+
-+
-+/* C_GenerateKeyPair generates a public-key/private-key pair,
-+ * creating new key objects. */
-+CK_PKCS11_FUNCTION_INFO(C_GenerateKeyPair)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session
-+ * handle */
-+ CK_MECHANISM_PTR pMechanism, /* key-gen
-+ * mech. */
-+ CK_ATTRIBUTE_PTR pPublicKeyTemplate, /* template
-+ * for pub.
-+ * key */
-+ CK_ULONG ulPublicKeyAttributeCount, /* # pub.
-+ * attrs. */
-+ CK_ATTRIBUTE_PTR pPrivateKeyTemplate, /* template
-+ * for priv.
-+ * key */
-+ CK_ULONG ulPrivateKeyAttributeCount, /* # priv.
-+ * attrs. */
-+ CK_OBJECT_HANDLE_PTR phPublicKey, /* gets pub.
-+ * key
-+ * handle */
-+ CK_OBJECT_HANDLE_PTR phPrivateKey /* gets
-+ * priv. key
-+ * handle */
-+);
-+#endif
-+
-+
-+/* C_WrapKey wraps (i.e., encrypts) a key. */
-+CK_PKCS11_FUNCTION_INFO(C_WrapKey)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* the wrapping mechanism */
-+ CK_OBJECT_HANDLE hWrappingKey, /* wrapping key */
-+ CK_OBJECT_HANDLE hKey, /* key to be wrapped */
-+ CK_BYTE_PTR pWrappedKey, /* gets wrapped key */
-+ CK_ULONG_PTR pulWrappedKeyLen /* gets wrapped key size */
-+);
-+#endif
-+
-+
-+/* C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new
-+ * key object. */
-+CK_PKCS11_FUNCTION_INFO(C_UnwrapKey)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* unwrapping mech. */
-+ CK_OBJECT_HANDLE hUnwrappingKey, /* unwrapping key */
-+ CK_BYTE_PTR pWrappedKey, /* the wrapped key */
-+ CK_ULONG ulWrappedKeyLen, /* wrapped key len */
-+ CK_ATTRIBUTE_PTR pTemplate, /* new key template */
-+ CK_ULONG ulAttributeCount, /* template length */
-+ CK_OBJECT_HANDLE_PTR phKey /* gets new handle */
-+);
-+#endif
-+
-+
-+/* C_DeriveKey derives a key from a base key, creating a new key
-+ * object. */
-+CK_PKCS11_FUNCTION_INFO(C_DeriveKey)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* session's handle */
-+ CK_MECHANISM_PTR pMechanism, /* key deriv. mech. */
-+ CK_OBJECT_HANDLE hBaseKey, /* base key */
-+ CK_ATTRIBUTE_PTR pTemplate, /* new key template */
-+ CK_ULONG ulAttributeCount, /* template length */
-+ CK_OBJECT_HANDLE_PTR phKey /* gets new handle */
-+);
-+#endif
-+
-+
-+
-+/* Random number generation */
-+
-+/* C_SeedRandom mixes additional seed material into the token's
-+ * random number generator. */
-+CK_PKCS11_FUNCTION_INFO(C_SeedRandom)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR pSeed, /* the seed material */
-+ CK_ULONG ulSeedLen /* length of seed material */
-+);
-+#endif
-+
-+
-+/* C_GenerateRandom generates random data. */
-+CK_PKCS11_FUNCTION_INFO(C_GenerateRandom)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_BYTE_PTR RandomData, /* receives the random data */
-+ CK_ULONG ulRandomLen /* # of bytes to generate */
-+);
-+#endif
-+
-+
-+
-+/* Parallel function management */
-+
-+/* C_GetFunctionStatus is a legacy function; it obtains an
-+ * updated status of a function running in parallel with an
-+ * application. */
-+CK_PKCS11_FUNCTION_INFO(C_GetFunctionStatus)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession /* the session's handle */
-+);
-+#endif
-+
-+
-+/* C_CancelFunction is a legacy function; it cancels a function
-+ * running in parallel. */
-+CK_PKCS11_FUNCTION_INFO(C_CancelFunction)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_SESSION_HANDLE hSession /* the session's handle */
-+);
-+#endif
-+
-+
-+
-+/* Functions added in for Cryptoki Version 2.01 or later */
-+
-+/* C_WaitForSlotEvent waits for a slot event (token insertion,
-+ * removal, etc.) to occur. */
-+CK_PKCS11_FUNCTION_INFO(C_WaitForSlotEvent)
-+#ifdef CK_NEED_ARG_LIST
-+(
-+ CK_FLAGS flags, /* blocking/nonblocking flag */
-+ CK_SLOT_ID_PTR pSlot, /* location that receives the slot ID */
-+ CK_VOID_PTR pRserved /* reserved. Should be NULL_PTR */
-+);
-+#endif
-diff -ruN openssl-0.9.8k/crypto/engine/pkcs11t.h openssl-0.9.8k/crypto/engine/pkcs11t.h
---- openssl-0.9.8k/crypto/engine/pkcs11t.h 1970-01-01 01:00:00.000000000 +0100
-+++ openssl-0.9.8k/crypto/engine/pkcs11t.h 2009-05-15 10:59:32.387525683 +0200
-@@ -0,0 +1,1885 @@
-+/* pkcs11t.h include file for PKCS #11. */
-+/* $Revision: 1.10 $ */
-+
-+/* License to copy and use this software is granted provided that it is
-+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
-+ * (Cryptoki)" in all material mentioning or referencing this software.
-+
-+ * License is also granted to make and use derivative works provided that
-+ * such works are identified as "derived from the RSA Security Inc. PKCS #11
-+ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
-+ * referencing the derived work.
-+
-+ * RSA Security Inc. makes no representations concerning either the
-+ * merchantability of this software or the suitability of this software for
-+ * any particular purpose. It is provided "as is" without express or implied
-+ * warranty of any kind.
-+ */
-+
-+/* See top of pkcs11.h for information about the macros that
-+ * must be defined and the structure-packing conventions that
-+ * must be set before including this file. */
-+
-+#ifndef _PKCS11T_H_
-+#define _PKCS11T_H_ 1
-+
-+#define CRYPTOKI_VERSION_MAJOR 2
-+#define CRYPTOKI_VERSION_MINOR 20
-+#define CRYPTOKI_VERSION_AMENDMENT 3
-+
-+#define CK_TRUE 1
-+#define CK_FALSE 0
-+
-+#ifndef CK_DISABLE_TRUE_FALSE
-+#ifndef FALSE
-+#define FALSE CK_FALSE
-+#endif
-+
-+#ifndef TRUE
-+#define TRUE CK_TRUE
-+#endif
-+#endif
-+
-+/* an unsigned 8-bit value */
-+typedef unsigned char CK_BYTE;
-+
-+/* an unsigned 8-bit character */
-+typedef CK_BYTE CK_CHAR;
-+
-+/* an 8-bit UTF-8 character */
-+typedef CK_BYTE CK_UTF8CHAR;
-+
-+/* a BYTE-sized Boolean flag */
-+typedef CK_BYTE CK_BBOOL;
-+
-+/* an unsigned value, at least 32 bits long */
-+typedef unsigned long int CK_ULONG;
-+
-+/* a signed value, the same size as a CK_ULONG */
-+/* CK_LONG is new for v2.0 */
-+typedef long int CK_LONG;
-+
-+/* at least 32 bits; each bit is a Boolean flag */
-+typedef CK_ULONG CK_FLAGS;
-+
-+
-+/* some special values for certain CK_ULONG variables */
-+#define CK_UNAVAILABLE_INFORMATION (~0UL)
-+#define CK_EFFECTIVELY_INFINITE 0
-+
-+
-+typedef CK_BYTE CK_PTR CK_BYTE_PTR;
-+typedef CK_CHAR CK_PTR CK_CHAR_PTR;
-+typedef CK_UTF8CHAR CK_PTR CK_UTF8CHAR_PTR;
-+typedef CK_ULONG CK_PTR CK_ULONG_PTR;
-+typedef void CK_PTR CK_VOID_PTR;
-+
-+/* Pointer to a CK_VOID_PTR-- i.e., pointer to pointer to void */
-+typedef CK_VOID_PTR CK_PTR CK_VOID_PTR_PTR;
-+
-+
-+/* The following value is always invalid if used as a session */
-+/* handle or object handle */
-+#define CK_INVALID_HANDLE 0
-+
-+
-+typedef struct CK_VERSION {
-+ CK_BYTE major; /* integer portion of version number */
-+ CK_BYTE minor; /* 1/100ths portion of version number */
-+} CK_VERSION;
-+
-+typedef CK_VERSION CK_PTR CK_VERSION_PTR;
-+
-+
-+typedef struct CK_INFO {
-+ /* manufacturerID and libraryDecription have been changed from
-+ * CK_CHAR to CK_UTF8CHAR for v2.10 */
-+ CK_VERSION cryptokiVersion; /* Cryptoki interface ver */
-+ CK_UTF8CHAR manufacturerID[32]; /* blank padded */
-+ CK_FLAGS flags; /* must be zero */
-+
-+ /* libraryDescription and libraryVersion are new for v2.0 */
-+ CK_UTF8CHAR libraryDescription[32]; /* blank padded */
-+ CK_VERSION libraryVersion; /* version of library */
-+} CK_INFO;
-+
-+typedef CK_INFO CK_PTR CK_INFO_PTR;
-+
-+
-+/* CK_NOTIFICATION enumerates the types of notifications that
-+ * Cryptoki provides to an application */
-+/* CK_NOTIFICATION has been changed from an enum to a CK_ULONG
-+ * for v2.0 */
-+typedef CK_ULONG CK_NOTIFICATION;
-+#define CKN_SURRENDER 0
-+
-+/* The following notification is new for PKCS #11 v2.20 amendment 3 */
-+#define CKN_OTP_CHANGED 1
-+
-+
-+typedef CK_ULONG CK_SLOT_ID;
-+
-+typedef CK_SLOT_ID CK_PTR CK_SLOT_ID_PTR;
-+
-+
-+/* CK_SLOT_INFO provides information about a slot */
-+typedef struct CK_SLOT_INFO {
-+ /* slotDescription and manufacturerID have been changed from
-+ * CK_CHAR to CK_UTF8CHAR for v2.10 */
-+ CK_UTF8CHAR slotDescription[64]; /* blank padded */
-+ CK_UTF8CHAR manufacturerID[32]; /* blank padded */
-+ CK_FLAGS flags;
-+
-+ /* hardwareVersion and firmwareVersion are new for v2.0 */
-+ CK_VERSION hardwareVersion; /* version of hardware */
-+ CK_VERSION firmwareVersion; /* version of firmware */
-+} CK_SLOT_INFO;
-+
-+/* flags: bit flags that provide capabilities of the slot
-+ * Bit Flag Mask Meaning
-+ */
-+#define CKF_TOKEN_PRESENT 0x00000001 /* a token is there */
-+#define CKF_REMOVABLE_DEVICE 0x00000002 /* removable devices*/
-+#define CKF_HW_SLOT 0x00000004 /* hardware slot */
-+
-+typedef CK_SLOT_INFO CK_PTR CK_SLOT_INFO_PTR;
-+
-+
-+/* CK_TOKEN_INFO provides information about a token */
-+typedef struct CK_TOKEN_INFO {
-+ /* label, manufacturerID, and model have been changed from
-+ * CK_CHAR to CK_UTF8CHAR for v2.10 */
-+ CK_UTF8CHAR label[32]; /* blank padded */
-+ CK_UTF8CHAR manufacturerID[32]; /* blank padded */
-+ CK_UTF8CHAR model[16]; /* blank padded */
-+ CK_CHAR serialNumber[16]; /* blank padded */
-+ CK_FLAGS flags; /* see below */
-+
-+ /* ulMaxSessionCount, ulSessionCount, ulMaxRwSessionCount,
-+ * ulRwSessionCount, ulMaxPinLen, and ulMinPinLen have all been
-+ * changed from CK_USHORT to CK_ULONG for v2.0 */
-+ CK_ULONG ulMaxSessionCount; /* max open sessions */
-+ CK_ULONG ulSessionCount; /* sess. now open */
-+ CK_ULONG ulMaxRwSessionCount; /* max R/W sessions */
-+ CK_ULONG ulRwSessionCount; /* R/W sess. now open */
-+ CK_ULONG ulMaxPinLen; /* in bytes */
-+ CK_ULONG ulMinPinLen; /* in bytes */
-+ CK_ULONG ulTotalPublicMemory; /* in bytes */
-+ CK_ULONG ulFreePublicMemory; /* in bytes */
-+ CK_ULONG ulTotalPrivateMemory; /* in bytes */
-+ CK_ULONG ulFreePrivateMemory; /* in bytes */
-+
-+ /* hardwareVersion, firmwareVersion, and time are new for
-+ * v2.0 */
-+ CK_VERSION hardwareVersion; /* version of hardware */
-+ CK_VERSION firmwareVersion; /* version of firmware */
-+ CK_CHAR utcTime[16]; /* time */
-+} CK_TOKEN_INFO;
-+
-+/* The flags parameter is defined as follows:
-+ * Bit Flag Mask Meaning
-+ */
-+#define CKF_RNG 0x00000001 /* has random #
-+ * generator */
-+#define CKF_WRITE_PROTECTED 0x00000002 /* token is
-+ * write-
-+ * protected */
-+#define CKF_LOGIN_REQUIRED 0x00000004 /* user must
-+ * login */
-+#define CKF_USER_PIN_INITIALIZED 0x00000008 /* normal user's
-+ * PIN is set */
-+
-+/* CKF_RESTORE_KEY_NOT_NEEDED is new for v2.0. If it is set,
-+ * that means that *every* time the state of cryptographic
-+ * operations of a session is successfully saved, all keys
-+ * needed to continue those operations are stored in the state */
-+#define CKF_RESTORE_KEY_NOT_NEEDED 0x00000020
-+
-+/* CKF_CLOCK_ON_TOKEN is new for v2.0. If it is set, that means
-+ * that the token has some sort of clock. The time on that
-+ * clock is returned in the token info structure */
-+#define CKF_CLOCK_ON_TOKEN 0x00000040
-+
-+/* CKF_PROTECTED_AUTHENTICATION_PATH is new for v2.0. If it is
-+ * set, that means that there is some way for the user to login
-+ * without sending a PIN through the Cryptoki library itself */
-+#define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100
-+
-+/* CKF_DUAL_CRYPTO_OPERATIONS is new for v2.0. If it is true,
-+ * that means that a single session with the token can perform
-+ * dual simultaneous cryptographic operations (digest and
-+ * encrypt; decrypt and digest; sign and encrypt; and decrypt
-+ * and sign) */
-+#define CKF_DUAL_CRYPTO_OPERATIONS 0x00000200
-+
-+/* CKF_TOKEN_INITIALIZED if new for v2.10. If it is true, the
-+ * token has been initialized using C_InitializeToken or an
-+ * equivalent mechanism outside the scope of PKCS #11.
-+ * Calling C_InitializeToken when this flag is set will cause
-+ * the token to be reinitialized. */
-+#define CKF_TOKEN_INITIALIZED 0x00000400
-+
-+/* CKF_SECONDARY_AUTHENTICATION if new for v2.10. If it is
-+ * true, the token supports secondary authentication for
-+ * private key objects. This flag is deprecated in v2.11 and
-+ onwards. */
-+#define CKF_SECONDARY_AUTHENTICATION 0x00000800
-+
-+/* CKF_USER_PIN_COUNT_LOW if new for v2.10. If it is true, an
-+ * incorrect user login PIN has been entered at least once
-+ * since the last successful authentication. */
-+#define CKF_USER_PIN_COUNT_LOW 0x00010000
-+
-+/* CKF_USER_PIN_FINAL_TRY if new for v2.10. If it is true,
-+ * supplying an incorrect user PIN will it to become locked. */
-+#define CKF_USER_PIN_FINAL_TRY 0x00020000
-+
-+/* CKF_USER_PIN_LOCKED if new for v2.10. If it is true, the
-+ * user PIN has been locked. User login to the token is not
-+ * possible. */
-+#define CKF_USER_PIN_LOCKED 0x00040000
-+
-+/* CKF_USER_PIN_TO_BE_CHANGED if new for v2.10. If it is true,
-+ * the user PIN value is the default value set by token
-+ * initialization or manufacturing, or the PIN has been
-+ * expired by the card. */
-+#define CKF_USER_PIN_TO_BE_CHANGED 0x00080000
-+
-+/* CKF_SO_PIN_COUNT_LOW if new for v2.10. If it is true, an
-+ * incorrect SO login PIN has been entered at least once since
-+ * the last successful authentication. */
-+#define CKF_SO_PIN_COUNT_LOW 0x00100000
-+
-+/* CKF_SO_PIN_FINAL_TRY if new for v2.10. If it is true,
-+ * supplying an incorrect SO PIN will it to become locked. */
-+#define CKF_SO_PIN_FINAL_TRY 0x00200000
-+
-+/* CKF_SO_PIN_LOCKED if new for v2.10. If it is true, the SO
-+ * PIN has been locked. SO login to the token is not possible.
-+ */
-+#define CKF_SO_PIN_LOCKED 0x00400000
-+
-+/* CKF_SO_PIN_TO_BE_CHANGED if new for v2.10. If it is true,
-+ * the SO PIN value is the default value set by token
-+ * initialization or manufacturing, or the PIN has been
-+ * expired by the card. */
-+#define CKF_SO_PIN_TO_BE_CHANGED 0x00800000
-+
-+typedef CK_TOKEN_INFO CK_PTR CK_TOKEN_INFO_PTR;
-+
-+
-+/* CK_SESSION_HANDLE is a Cryptoki-assigned value that
-+ * identifies a session */
-+typedef CK_ULONG CK_SESSION_HANDLE;
-+
-+typedef CK_SESSION_HANDLE CK_PTR CK_SESSION_HANDLE_PTR;
-+
-+
-+/* CK_USER_TYPE enumerates the types of Cryptoki users */
-+/* CK_USER_TYPE has been changed from an enum to a CK_ULONG for
-+ * v2.0 */
-+typedef CK_ULONG CK_USER_TYPE;
-+/* Security Officer */
-+#define CKU_SO 0
-+/* Normal user */
-+#define CKU_USER 1
-+/* Context specific (added in v2.20) */
-+#define CKU_CONTEXT_SPECIFIC 2
-+
-+/* CK_STATE enumerates the session states */
-+/* CK_STATE has been changed from an enum to a CK_ULONG for
-+ * v2.0 */
-+typedef CK_ULONG CK_STATE;
-+#define CKS_RO_PUBLIC_SESSION 0
-+#define CKS_RO_USER_FUNCTIONS 1
-+#define CKS_RW_PUBLIC_SESSION 2
-+#define CKS_RW_USER_FUNCTIONS 3
-+#define CKS_RW_SO_FUNCTIONS 4
-+
-+
-+/* CK_SESSION_INFO provides information about a session */
-+typedef struct CK_SESSION_INFO {
-+ CK_SLOT_ID slotID;
-+ CK_STATE state;
-+ CK_FLAGS flags; /* see below */
-+
-+ /* ulDeviceError was changed from CK_USHORT to CK_ULONG for
-+ * v2.0 */
-+ CK_ULONG ulDeviceError; /* device-dependent error code */
-+} CK_SESSION_INFO;
-+
-+/* The flags are defined in the following table:
-+ * Bit Flag Mask Meaning
-+ */
-+#define CKF_RW_SESSION 0x00000002 /* session is r/w */
-+#define CKF_SERIAL_SESSION 0x00000004 /* no parallel */
-+
-+typedef CK_SESSION_INFO CK_PTR CK_SESSION_INFO_PTR;
-+
-+
-+/* CK_OBJECT_HANDLE is a token-specific identifier for an
-+ * object */
-+typedef CK_ULONG CK_OBJECT_HANDLE;
-+
-+typedef CK_OBJECT_HANDLE CK_PTR CK_OBJECT_HANDLE_PTR;
-+
+ #ifdef OPENSSL_SYS_WIN32
+diff -ruN openssl-0.9.8o/crypto/engine/Makefile ../b/openssl-0.9.8o/crypto/engine/Makefile
+--- openssl-0.9.8o/crypto/engine/Makefile 2009-09-27 16:04:32.000000000 +0200
++++ ../b/openssl-0.9.8o/crypto/engine/Makefile 2010-06-22 13:57:17.293428607 +0200
+@@ -21,12 +21,14 @@
+ eng_table.c eng_pkey.c eng_fat.c eng_all.c \
+ tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \
+ tb_cipher.c tb_digest.c \
+- eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c eng_padlock.c
++ eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c eng_padlock.c \
++ hw_pk11.c hw_pk11_pub.c hw_pk11_uri.c
+ LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \
+ eng_table.o eng_pkey.o eng_fat.o eng_all.o \
+ tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \
+ tb_cipher.o tb_digest.o \
+- eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o eng_padlock.o
++ eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o eng_padlock.o \
++ hw_pk11.o hw_pk11_pub.o hw_pk11_uri.o
+
+ SRC= $(LIBSRC)
+
+diff -ruN openssl-0.9.8o/Makefile.org ../b/openssl-0.9.8o/Makefile.org
+--- openssl-0.9.8o/Makefile.org 2010-01-27 17:06:36.000000000 +0100
++++ ../b/openssl-0.9.8o/Makefile.org 2010-06-22 13:46:10.546941884 +0200
+@@ -26,6 +26,9 @@
+ INSTALL_PREFIX=
+ INSTALLTOP=/usr/local/ssl
+
++# You must set this through --pk11-libname configure option.
++PK11_LIB_LOCATION=
+
-+/* CK_OBJECT_CLASS is a value that identifies the classes (or
-+ * types) of objects that Cryptoki recognizes. It is defined
-+ * as follows: */
-+/* CK_OBJECT_CLASS was changed from CK_USHORT to CK_ULONG for
-+ * v2.0 */
-+typedef CK_ULONG CK_OBJECT_CLASS;
-+
-+/* The following classes of objects are defined: */
-+/* CKO_HW_FEATURE is new for v2.10 */
-+/* CKO_DOMAIN_PARAMETERS is new for v2.11 */
-+/* CKO_MECHANISM is new for v2.20 */
-+#define CKO_DATA 0x00000000
-+#define CKO_CERTIFICATE 0x00000001
-+#define CKO_PUBLIC_KEY 0x00000002
-+#define CKO_PRIVATE_KEY 0x00000003
-+#define CKO_SECRET_KEY 0x00000004
-+#define CKO_HW_FEATURE 0x00000005
-+#define CKO_DOMAIN_PARAMETERS 0x00000006
-+#define CKO_MECHANISM 0x00000007
-+
-+/* CKO_OTP_KEY is new for PKCS #11 v2.20 amendment 1 */
-+#define CKO_OTP_KEY 0x00000008
-+
-+#define CKO_VENDOR_DEFINED 0x80000000
-+
-+typedef CK_OBJECT_CLASS CK_PTR CK_OBJECT_CLASS_PTR;
-+
-+/* CK_HW_FEATURE_TYPE is new for v2.10. CK_HW_FEATURE_TYPE is a
-+ * value that identifies the hardware feature type of an object
-+ * with CK_OBJECT_CLASS equal to CKO_HW_FEATURE. */
-+typedef CK_ULONG CK_HW_FEATURE_TYPE;
-+
-+/* The following hardware feature types are defined */
-+/* CKH_USER_INTERFACE is new for v2.20 */
-+#define CKH_MONOTONIC_COUNTER 0x00000001
-+#define CKH_CLOCK 0x00000002
-+#define CKH_USER_INTERFACE 0x00000003
-+#define CKH_VENDOR_DEFINED 0x80000000
-+
-+/* CK_KEY_TYPE is a value that identifies a key type */
-+/* CK_KEY_TYPE was changed from CK_USHORT to CK_ULONG for v2.0 */
-+typedef CK_ULONG CK_KEY_TYPE;
-+
-+/* the following key types are defined: */
-+#define CKK_RSA 0x00000000
-+#define CKK_DSA 0x00000001
-+#define CKK_DH 0x00000002
-+
-+/* CKK_ECDSA and CKK_KEA are new for v2.0 */
-+/* CKK_ECDSA is deprecated in v2.11, CKK_EC is preferred. */
-+#define CKK_ECDSA 0x00000003
-+#define CKK_EC 0x00000003
-+#define CKK_X9_42_DH 0x00000004
-+#define CKK_KEA 0x00000005
-+
-+#define CKK_GENERIC_SECRET 0x00000010
-+#define CKK_RC2 0x00000011
-+#define CKK_RC4 0x00000012
-+#define CKK_DES 0x00000013
-+#define CKK_DES2 0x00000014
-+#define CKK_DES3 0x00000015
-+
-+/* all these key types are new for v2.0 */
-+#define CKK_CAST 0x00000016
-+#define CKK_CAST3 0x00000017
-+/* CKK_CAST5 is deprecated in v2.11, CKK_CAST128 is preferred. */
-+#define CKK_CAST5 0x00000018
-+#define CKK_CAST128 0x00000018
-+#define CKK_RC5 0x00000019
-+#define CKK_IDEA 0x0000001A
-+#define CKK_SKIPJACK 0x0000001B
-+#define CKK_BATON 0x0000001C
-+#define CKK_JUNIPER 0x0000001D
-+#define CKK_CDMF 0x0000001E
-+#define CKK_AES 0x0000001F
-+
-+/* BlowFish and TwoFish are new for v2.20 */
-+#define CKK_BLOWFISH 0x00000020
-+#define CKK_TWOFISH 0x00000021
-+
-+/* SecurID, HOTP, and ACTI are new for PKCS #11 v2.20 amendment 1 */
-+#define CKK_SECURID 0x00000022
-+#define CKK_HOTP 0x00000023
-+#define CKK_ACTI 0x00000024
-+
-+/* Camellia is new for PKCS #11 v2.20 amendment 3 */
-+#define CKK_CAMELLIA 0x00000025
-+/* ARIA is new for PKCS #11 v2.20 amendment 3 */
-+#define CKK_ARIA 0x00000026
-+
-+
-+#define CKK_VENDOR_DEFINED 0x80000000
-+
-+
-+/* CK_CERTIFICATE_TYPE is a value that identifies a certificate
-+ * type */
-+/* CK_CERTIFICATE_TYPE was changed from CK_USHORT to CK_ULONG
-+ * for v2.0 */
-+typedef CK_ULONG CK_CERTIFICATE_TYPE;
-+
-+/* The following certificate types are defined: */
-+/* CKC_X_509_ATTR_CERT is new for v2.10 */
-+/* CKC_WTLS is new for v2.20 */
-+#define CKC_X_509 0x00000000
-+#define CKC_X_509_ATTR_CERT 0x00000001
-+#define CKC_WTLS 0x00000002
-+#define CKC_VENDOR_DEFINED 0x80000000
-+
-+
-+/* CK_ATTRIBUTE_TYPE is a value that identifies an attribute
-+ * type */
-+/* CK_ATTRIBUTE_TYPE was changed from CK_USHORT to CK_ULONG for
-+ * v2.0 */
-+typedef CK_ULONG CK_ATTRIBUTE_TYPE;
-+
-+/* The CKF_ARRAY_ATTRIBUTE flag identifies an attribute which
-+ consists of an array of values. */
-+#define CKF_ARRAY_ATTRIBUTE 0x40000000
-+
-+/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1
-+ and relates to the CKA_OTP_FORMAT attribute */
-+#define CK_OTP_FORMAT_DECIMAL 0
-+#define CK_OTP_FORMAT_HEXADECIMAL 1
-+#define CK_OTP_FORMAT_ALPHANUMERIC 2
-+#define CK_OTP_FORMAT_BINARY 3
-+
-+/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1
-+ and relates to the CKA_OTP_..._REQUIREMENT attributes */
-+#define CK_OTP_PARAM_IGNORED 0
-+#define CK_OTP_PARAM_OPTIONAL 1
-+#define CK_OTP_PARAM_MANDATORY 2
-+
-+/* The following attribute types are defined: */
-+#define CKA_CLASS 0x00000000
-+#define CKA_TOKEN 0x00000001
-+#define CKA_PRIVATE 0x00000002
-+#define CKA_LABEL 0x00000003
-+#define CKA_APPLICATION 0x00000010
-+#define CKA_VALUE 0x00000011
-+
-+/* CKA_OBJECT_ID is new for v2.10 */
-+#define CKA_OBJECT_ID 0x00000012
-+
-+#define CKA_CERTIFICATE_TYPE 0x00000080
-+#define CKA_ISSUER 0x00000081
-+#define CKA_SERIAL_NUMBER 0x00000082
-+
-+/* CKA_AC_ISSUER, CKA_OWNER, and CKA_ATTR_TYPES are new
-+ * for v2.10 */
-+#define CKA_AC_ISSUER 0x00000083
-+#define CKA_OWNER 0x00000084
-+#define CKA_ATTR_TYPES 0x00000085
-+
-+/* CKA_TRUSTED is new for v2.11 */
-+#define CKA_TRUSTED 0x00000086
-+
-+/* CKA_CERTIFICATE_CATEGORY ...
-+ * CKA_CHECK_VALUE are new for v2.20 */
-+#define CKA_CERTIFICATE_CATEGORY 0x00000087
-+#define CKA_JAVA_MIDP_SECURITY_DOMAIN 0x00000088
-+#define CKA_URL 0x00000089
-+#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY 0x0000008A
-+#define CKA_HASH_OF_ISSUER_PUBLIC_KEY 0x0000008B
-+#define CKA_CHECK_VALUE 0x00000090
-+
-+#define CKA_KEY_TYPE 0x00000100
-+#define CKA_SUBJECT 0x00000101
-+#define CKA_ID 0x00000102
-+#define CKA_SENSITIVE 0x00000103
-+#define CKA_ENCRYPT 0x00000104
-+#define CKA_DECRYPT 0x00000105
-+#define CKA_WRAP 0x00000106
-+#define CKA_UNWRAP 0x00000107
-+#define CKA_SIGN 0x00000108
-+#define CKA_SIGN_RECOVER 0x00000109
-+#define CKA_VERIFY 0x0000010A
-+#define CKA_VERIFY_RECOVER 0x0000010B
-+#define CKA_DERIVE 0x0000010C
-+#define CKA_START_DATE 0x00000110
-+#define CKA_END_DATE 0x00000111
-+#define CKA_MODULUS 0x00000120
-+#define CKA_MODULUS_BITS 0x00000121
-+#define CKA_PUBLIC_EXPONENT 0x00000122
-+#define CKA_PRIVATE_EXPONENT 0x00000123
-+#define CKA_PRIME_1 0x00000124
-+#define CKA_PRIME_2 0x00000125
-+#define CKA_EXPONENT_1 0x00000126
-+#define CKA_EXPONENT_2 0x00000127
-+#define CKA_COEFFICIENT 0x00000128
-+#define CKA_PRIME 0x00000130
-+#define CKA_SUBPRIME 0x00000131
-+#define CKA_BASE 0x00000132
-+
-+/* CKA_PRIME_BITS and CKA_SUB_PRIME_BITS are new for v2.11 */
-+#define CKA_PRIME_BITS 0x00000133
-+#define CKA_SUBPRIME_BITS 0x00000134
-+#define CKA_SUB_PRIME_BITS CKA_SUBPRIME_BITS
-+/* (To retain backwards-compatibility) */
-+
-+#define CKA_VALUE_BITS 0x00000160
-+#define CKA_VALUE_LEN 0x00000161
-+
-+/* CKA_EXTRACTABLE, CKA_LOCAL, CKA_NEVER_EXTRACTABLE,
-+ * CKA_ALWAYS_SENSITIVE, CKA_MODIFIABLE, CKA_ECDSA_PARAMS,
-+ * and CKA_EC_POINT are new for v2.0 */
-+#define CKA_EXTRACTABLE 0x00000162
-+#define CKA_LOCAL 0x00000163
-+#define CKA_NEVER_EXTRACTABLE 0x00000164
-+#define CKA_ALWAYS_SENSITIVE 0x00000165
-+
-+/* CKA_KEY_GEN_MECHANISM is new for v2.11 */
-+#define CKA_KEY_GEN_MECHANISM 0x00000166
-+
-+#define CKA_MODIFIABLE 0x00000170
-+
-+/* CKA_ECDSA_PARAMS is deprecated in v2.11,
-+ * CKA_EC_PARAMS is preferred. */
-+#define CKA_ECDSA_PARAMS 0x00000180
-+#define CKA_EC_PARAMS 0x00000180
-+
-+#define CKA_EC_POINT 0x00000181
-+
-+/* CKA_SECONDARY_AUTH, CKA_AUTH_PIN_FLAGS,
-+ * are new for v2.10. Deprecated in v2.11 and onwards. */
-+#define CKA_SECONDARY_AUTH 0x00000200
-+#define CKA_AUTH_PIN_FLAGS 0x00000201
-+
-+/* CKA_ALWAYS_AUTHENTICATE ...
-+ * CKA_UNWRAP_TEMPLATE are new for v2.20 */
-+#define CKA_ALWAYS_AUTHENTICATE 0x00000202
-+
-+#define CKA_WRAP_WITH_TRUSTED 0x00000210
-+#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000211)
-+#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000212)
-+
-+/* CKA_OTP... atttributes are new for PKCS #11 v2.20 amendment 3. */
-+#define CKA_OTP_FORMAT 0x00000220
-+#define CKA_OTP_LENGTH 0x00000221
-+#define CKA_OTP_TIME_INTERVAL 0x00000222
-+#define CKA_OTP_USER_FRIENDLY_MODE 0x00000223
-+#define CKA_OTP_CHALLENGE_REQUIREMENT 0x00000224
-+#define CKA_OTP_TIME_REQUIREMENT 0x00000225
-+#define CKA_OTP_COUNTER_REQUIREMENT 0x00000226
-+#define CKA_OTP_PIN_REQUIREMENT 0x00000227
-+#define CKA_OTP_COUNTER 0x0000022E
-+#define CKA_OTP_TIME 0x0000022F
-+#define CKA_OTP_USER_IDENTIFIER 0x0000022A
-+#define CKA_OTP_SERVICE_IDENTIFIER 0x0000022B
-+#define CKA_OTP_SERVICE_LOGO 0x0000022C
-+#define CKA_OTP_SERVICE_LOGO_TYPE 0x0000022D
-+
-+
-+/* CKA_HW_FEATURE_TYPE, CKA_RESET_ON_INIT, and CKA_HAS_RESET
-+ * are new for v2.10 */
-+#define CKA_HW_FEATURE_TYPE 0x00000300
-+#define CKA_RESET_ON_INIT 0x00000301
-+#define CKA_HAS_RESET 0x00000302
-+
-+/* The following attributes are new for v2.20 */
-+#define CKA_PIXEL_X 0x00000400
-+#define CKA_PIXEL_Y 0x00000401
-+#define CKA_RESOLUTION 0x00000402
-+#define CKA_CHAR_ROWS 0x00000403
-+#define CKA_CHAR_COLUMNS 0x00000404
-+#define CKA_COLOR 0x00000405
-+#define CKA_BITS_PER_PIXEL 0x00000406
-+#define CKA_CHAR_SETS 0x00000480
-+#define CKA_ENCODING_METHODS 0x00000481
-+#define CKA_MIME_TYPES 0x00000482
-+#define CKA_MECHANISM_TYPE 0x00000500
-+#define CKA_REQUIRED_CMS_ATTRIBUTES 0x00000501
-+#define CKA_DEFAULT_CMS_ATTRIBUTES 0x00000502
-+#define CKA_SUPPORTED_CMS_ATTRIBUTES 0x00000503
-+#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE|0x00000600)
-+
-+#define CKA_VENDOR_DEFINED 0x80000000
-+
-+/* CK_ATTRIBUTE is a structure that includes the type, length
-+ * and value of an attribute */
-+typedef struct CK_ATTRIBUTE {
-+ CK_ATTRIBUTE_TYPE type;
-+ CK_VOID_PTR pValue;
-+
-+ /* ulValueLen went from CK_USHORT to CK_ULONG for v2.0 */
-+ CK_ULONG ulValueLen; /* in bytes */
-+} CK_ATTRIBUTE;
-+
-+typedef CK_ATTRIBUTE CK_PTR CK_ATTRIBUTE_PTR;
-+
-+
-+/* CK_DATE is a structure that defines a date */
-+typedef struct CK_DATE{
-+ CK_CHAR year[4]; /* the year ("1900" - "9999") */
-+ CK_CHAR month[2]; /* the month ("01" - "12") */
-+ CK_CHAR day[2]; /* the day ("01" - "31") */
-+} CK_DATE;
-+
-+
-+/* CK_MECHANISM_TYPE is a value that identifies a mechanism
-+ * type */
-+/* CK_MECHANISM_TYPE was changed from CK_USHORT to CK_ULONG for
-+ * v2.0 */
-+typedef CK_ULONG CK_MECHANISM_TYPE;
-+
-+/* the following mechanism types are defined: */
-+#define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000
-+#define CKM_RSA_PKCS 0x00000001
-+#define CKM_RSA_9796 0x00000002
-+#define CKM_RSA_X_509 0x00000003
-+
-+/* CKM_MD2_RSA_PKCS, CKM_MD5_RSA_PKCS, and CKM_SHA1_RSA_PKCS
-+ * are new for v2.0. They are mechanisms which hash and sign */
-+#define CKM_MD2_RSA_PKCS 0x00000004
-+#define CKM_MD5_RSA_PKCS 0x00000005
-+#define CKM_SHA1_RSA_PKCS 0x00000006
-+
-+/* CKM_RIPEMD128_RSA_PKCS, CKM_RIPEMD160_RSA_PKCS, and
-+ * CKM_RSA_PKCS_OAEP are new for v2.10 */
-+#define CKM_RIPEMD128_RSA_PKCS 0x00000007
-+#define CKM_RIPEMD160_RSA_PKCS 0x00000008
-+#define CKM_RSA_PKCS_OAEP 0x00000009
-+
-+/* CKM_RSA_X9_31_KEY_PAIR_GEN, CKM_RSA_X9_31, CKM_SHA1_RSA_X9_31,
-+ * CKM_RSA_PKCS_PSS, and CKM_SHA1_RSA_PKCS_PSS are new for v2.11 */
-+#define CKM_RSA_X9_31_KEY_PAIR_GEN 0x0000000A
-+#define CKM_RSA_X9_31 0x0000000B
-+#define CKM_SHA1_RSA_X9_31 0x0000000C
-+#define CKM_RSA_PKCS_PSS 0x0000000D
-+#define CKM_SHA1_RSA_PKCS_PSS 0x0000000E
-+
-+#define CKM_DSA_KEY_PAIR_GEN 0x00000010
-+#define CKM_DSA 0x00000011
-+#define CKM_DSA_SHA1 0x00000012
-+#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020
-+#define CKM_DH_PKCS_DERIVE 0x00000021
-+
-+/* CKM_X9_42_DH_KEY_PAIR_GEN, CKM_X9_42_DH_DERIVE,
-+ * CKM_X9_42_DH_HYBRID_DERIVE, and CKM_X9_42_MQV_DERIVE are new for
-+ * v2.11 */
-+#define CKM_X9_42_DH_KEY_PAIR_GEN 0x00000030
-+#define CKM_X9_42_DH_DERIVE 0x00000031
-+#define CKM_X9_42_DH_HYBRID_DERIVE 0x00000032
-+#define CKM_X9_42_MQV_DERIVE 0x00000033
-+
-+/* CKM_SHA256/384/512 are new for v2.20 */
-+#define CKM_SHA256_RSA_PKCS 0x00000040
-+#define CKM_SHA384_RSA_PKCS 0x00000041
-+#define CKM_SHA512_RSA_PKCS 0x00000042
-+#define CKM_SHA256_RSA_PKCS_PSS 0x00000043
-+#define CKM_SHA384_RSA_PKCS_PSS 0x00000044
-+#define CKM_SHA512_RSA_PKCS_PSS 0x00000045
-+
-+/* SHA-224 RSA mechanisms are new for PKCS #11 v2.20 amendment 3 */
-+#define CKM_SHA224_RSA_PKCS 0x00000046
-+#define CKM_SHA224_RSA_PKCS_PSS 0x00000047
-+
-+#define CKM_RC2_KEY_GEN 0x00000100
-+#define CKM_RC2_ECB 0x00000101
-+#define CKM_RC2_CBC 0x00000102
-+#define CKM_RC2_MAC 0x00000103
-+
-+/* CKM_RC2_MAC_GENERAL and CKM_RC2_CBC_PAD are new for v2.0 */
-+#define CKM_RC2_MAC_GENERAL 0x00000104
-+#define CKM_RC2_CBC_PAD 0x00000105
-+
-+#define CKM_RC4_KEY_GEN 0x00000110
-+#define CKM_RC4 0x00000111
-+#define CKM_DES_KEY_GEN 0x00000120
-+#define CKM_DES_ECB 0x00000121
-+#define CKM_DES_CBC 0x00000122
-+#define CKM_DES_MAC 0x00000123
-+
-+/* CKM_DES_MAC_GENERAL and CKM_DES_CBC_PAD are new for v2.0 */
-+#define CKM_DES_MAC_GENERAL 0x00000124
-+#define CKM_DES_CBC_PAD 0x00000125
-+
-+#define CKM_DES2_KEY_GEN 0x00000130
-+#define CKM_DES3_KEY_GEN 0x00000131
-+#define CKM_DES3_ECB 0x00000132
-+#define CKM_DES3_CBC 0x00000133
-+#define CKM_DES3_MAC 0x00000134
-+
-+/* CKM_DES3_MAC_GENERAL, CKM_DES3_CBC_PAD, CKM_CDMF_KEY_GEN,
-+ * CKM_CDMF_ECB, CKM_CDMF_CBC, CKM_CDMF_MAC,
-+ * CKM_CDMF_MAC_GENERAL, and CKM_CDMF_CBC_PAD are new for v2.0 */
-+#define CKM_DES3_MAC_GENERAL 0x00000135
-+#define CKM_DES3_CBC_PAD 0x00000136
-+#define CKM_CDMF_KEY_GEN 0x00000140
-+#define CKM_CDMF_ECB 0x00000141
-+#define CKM_CDMF_CBC 0x00000142
-+#define CKM_CDMF_MAC 0x00000143
-+#define CKM_CDMF_MAC_GENERAL 0x00000144
-+#define CKM_CDMF_CBC_PAD 0x00000145
-+
-+/* the following four DES mechanisms are new for v2.20 */
-+#define CKM_DES_OFB64 0x00000150
-+#define CKM_DES_OFB8 0x00000151
-+#define CKM_DES_CFB64 0x00000152
-+#define CKM_DES_CFB8 0x00000153
-+
-+#define CKM_MD2 0x00000200
-+
-+/* CKM_MD2_HMAC and CKM_MD2_HMAC_GENERAL are new for v2.0 */
-+#define CKM_MD2_HMAC 0x00000201
-+#define CKM_MD2_HMAC_GENERAL 0x00000202
-+
-+#define CKM_MD5 0x00000210
-+
-+/* CKM_MD5_HMAC and CKM_MD5_HMAC_GENERAL are new for v2.0 */
-+#define CKM_MD5_HMAC 0x00000211
-+#define CKM_MD5_HMAC_GENERAL 0x00000212
-+
-+#define CKM_SHA_1 0x00000220
-+
-+/* CKM_SHA_1_HMAC and CKM_SHA_1_HMAC_GENERAL are new for v2.0 */
-+#define CKM_SHA_1_HMAC 0x00000221
-+#define CKM_SHA_1_HMAC_GENERAL 0x00000222
-+
-+/* CKM_RIPEMD128, CKM_RIPEMD128_HMAC,
-+ * CKM_RIPEMD128_HMAC_GENERAL, CKM_RIPEMD160, CKM_RIPEMD160_HMAC,
-+ * and CKM_RIPEMD160_HMAC_GENERAL are new for v2.10 */
-+#define CKM_RIPEMD128 0x00000230
-+#define CKM_RIPEMD128_HMAC 0x00000231
-+#define CKM_RIPEMD128_HMAC_GENERAL 0x00000232
-+#define CKM_RIPEMD160 0x00000240
-+#define CKM_RIPEMD160_HMAC 0x00000241
-+#define CKM_RIPEMD160_HMAC_GENERAL 0x00000242
-+
-+/* CKM_SHA256/384/512 are new for v2.20 */
-+#define CKM_SHA256 0x00000250
-+#define CKM_SHA256_HMAC 0x00000251
-+#define CKM_SHA256_HMAC_GENERAL 0x00000252
-+
-+/* SHA-224 is new for PKCS #11 v2.20 amendment 3 */
-+#define CKM_SHA224 0x00000255
-+#define CKM_SHA224_HMAC 0x00000256
-+#define CKM_SHA224_HMAC_GENERAL 0x00000257
-+
-+#define CKM_SHA384 0x00000260
-+#define CKM_SHA384_HMAC 0x00000261
-+#define CKM_SHA384_HMAC_GENERAL 0x00000262
-+#define CKM_SHA512 0x00000270
-+#define CKM_SHA512_HMAC 0x00000271
-+#define CKM_SHA512_HMAC_GENERAL 0x00000272
-+
-+/* SecurID is new for PKCS #11 v2.20 amendment 1 */
-+#define CKM_SECURID_KEY_GEN 0x00000280
-+#define CKM_SECURID 0x00000282
-+
-+/* HOTP is new for PKCS #11 v2.20 amendment 1 */
-+#define CKM_HOTP_KEY_GEN 0x00000290
-+#define CKM_HOTP 0x00000291
-+
-+/* ACTI is new for PKCS #11 v2.20 amendment 1 */
-+#define CKM_ACTI 0x000002A0
-+#define CKM_ACTI_KEY_GEN 0x000002A1
-+
-+/* All of the following mechanisms are new for v2.0 */
-+/* Note that CAST128 and CAST5 are the same algorithm */
-+#define CKM_CAST_KEY_GEN 0x00000300
-+#define CKM_CAST_ECB 0x00000301
-+#define CKM_CAST_CBC 0x00000302
-+#define CKM_CAST_MAC 0x00000303
-+#define CKM_CAST_MAC_GENERAL 0x00000304
-+#define CKM_CAST_CBC_PAD 0x00000305
-+#define CKM_CAST3_KEY_GEN 0x00000310
-+#define CKM_CAST3_ECB 0x00000311
-+#define CKM_CAST3_CBC 0x00000312
-+#define CKM_CAST3_MAC 0x00000313
-+#define CKM_CAST3_MAC_GENERAL 0x00000314
-+#define CKM_CAST3_CBC_PAD 0x00000315
-+#define CKM_CAST5_KEY_GEN 0x00000320
-+#define CKM_CAST128_KEY_GEN 0x00000320
-+#define CKM_CAST5_ECB 0x00000321
-+#define CKM_CAST128_ECB 0x00000321
-+#define CKM_CAST5_CBC 0x00000322
-+#define CKM_CAST128_CBC 0x00000322
-+#define CKM_CAST5_MAC 0x00000323
-+#define CKM_CAST128_MAC 0x00000323
-+#define CKM_CAST5_MAC_GENERAL 0x00000324
-+#define CKM_CAST128_MAC_GENERAL 0x00000324
-+#define CKM_CAST5_CBC_PAD 0x00000325
-+#define CKM_CAST128_CBC_PAD 0x00000325
-+#define CKM_RC5_KEY_GEN 0x00000330
-+#define CKM_RC5_ECB 0x00000331
-+#define CKM_RC5_CBC 0x00000332
-+#define CKM_RC5_MAC 0x00000333
-+#define CKM_RC5_MAC_GENERAL 0x00000334
-+#define CKM_RC5_CBC_PAD 0x00000335
-+#define CKM_IDEA_KEY_GEN 0x00000340
-+#define CKM_IDEA_ECB 0x00000341
-+#define CKM_IDEA_CBC 0x00000342
-+#define CKM_IDEA_MAC 0x00000343
-+#define CKM_IDEA_MAC_GENERAL 0x00000344
-+#define CKM_IDEA_CBC_PAD 0x00000345
-+#define CKM_GENERIC_SECRET_KEY_GEN 0x00000350
-+#define CKM_CONCATENATE_BASE_AND_KEY 0x00000360
-+#define CKM_CONCATENATE_BASE_AND_DATA 0x00000362
-+#define CKM_CONCATENATE_DATA_AND_BASE 0x00000363
-+#define CKM_XOR_BASE_AND_DATA 0x00000364
-+#define CKM_EXTRACT_KEY_FROM_KEY 0x00000365
-+#define CKM_SSL3_PRE_MASTER_KEY_GEN 0x00000370
-+#define CKM_SSL3_MASTER_KEY_DERIVE 0x00000371
-+#define CKM_SSL3_KEY_AND_MAC_DERIVE 0x00000372
-+
-+/* CKM_SSL3_MASTER_KEY_DERIVE_DH, CKM_TLS_PRE_MASTER_KEY_GEN,
-+ * CKM_TLS_MASTER_KEY_DERIVE, CKM_TLS_KEY_AND_MAC_DERIVE, and
-+ * CKM_TLS_MASTER_KEY_DERIVE_DH are new for v2.11 */
-+#define CKM_SSL3_MASTER_KEY_DERIVE_DH 0x00000373
-+#define CKM_TLS_PRE_MASTER_KEY_GEN 0x00000374
-+#define CKM_TLS_MASTER_KEY_DERIVE 0x00000375
-+#define CKM_TLS_KEY_AND_MAC_DERIVE 0x00000376
-+#define CKM_TLS_MASTER_KEY_DERIVE_DH 0x00000377
-+
-+/* CKM_TLS_PRF is new for v2.20 */
-+#define CKM_TLS_PRF 0x00000378
-+
-+#define CKM_SSL3_MD5_MAC 0x00000380
-+#define CKM_SSL3_SHA1_MAC 0x00000381
-+#define CKM_MD5_KEY_DERIVATION 0x00000390
-+#define CKM_MD2_KEY_DERIVATION 0x00000391
-+#define CKM_SHA1_KEY_DERIVATION 0x00000392
-+
-+/* CKM_SHA256/384/512 are new for v2.20 */
-+#define CKM_SHA256_KEY_DERIVATION 0x00000393
-+#define CKM_SHA384_KEY_DERIVATION 0x00000394
-+#define CKM_SHA512_KEY_DERIVATION 0x00000395
-+
-+/* SHA-224 key derivation is new for PKCS #11 v2.20 amendment 3 */
-+#define CKM_SHA224_KEY_DERIVATION 0x00000396
-+
-+#define CKM_PBE_MD2_DES_CBC 0x000003A0
-+#define CKM_PBE_MD5_DES_CBC 0x000003A1
-+#define CKM_PBE_MD5_CAST_CBC 0x000003A2
-+#define CKM_PBE_MD5_CAST3_CBC 0x000003A3
-+#define CKM_PBE_MD5_CAST5_CBC 0x000003A4
-+#define CKM_PBE_MD5_CAST128_CBC 0x000003A4
-+#define CKM_PBE_SHA1_CAST5_CBC 0x000003A5
-+#define CKM_PBE_SHA1_CAST128_CBC 0x000003A5
-+#define CKM_PBE_SHA1_RC4_128 0x000003A6
-+#define CKM_PBE_SHA1_RC4_40 0x000003A7
-+#define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003A8
-+#define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9
-+#define CKM_PBE_SHA1_RC2_128_CBC 0x000003AA
-+#define CKM_PBE_SHA1_RC2_40_CBC 0x000003AB
-+
-+/* CKM_PKCS5_PBKD2 is new for v2.10 */
-+#define CKM_PKCS5_PBKD2 0x000003B0
-+
-+#define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0
-+
-+/* WTLS mechanisms are new for v2.20 */
-+#define CKM_WTLS_PRE_MASTER_KEY_GEN 0x000003D0
-+#define CKM_WTLS_MASTER_KEY_DERIVE 0x000003D1
-+#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC 0x000003D2
-+#define CKM_WTLS_PRF 0x000003D3
-+#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE 0x000003D4
-+#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE 0x000003D5
-+
-+#define CKM_KEY_WRAP_LYNKS 0x00000400
-+#define CKM_KEY_WRAP_SET_OAEP 0x00000401
-+
-+/* CKM_CMS_SIG is new for v2.20 */
-+#define CKM_CMS_SIG 0x00000500
-+
-+/* CKM_KIP mechanisms are new for PKCS #11 v2.20 amendment 2 */
-+#define CKM_KIP_DERIVE 0x00000510
-+#define CKM_KIP_WRAP 0x00000511
-+#define CKM_KIP_MAC 0x00000512
-+
-+/* Camellia is new for PKCS #11 v2.20 amendment 3 */
-+#define CKM_CAMELLIA_KEY_GEN 0x00000550
-+#define CKM_CAMELLIA_ECB 0x00000551
-+#define CKM_CAMELLIA_CBC 0x00000552
-+#define CKM_CAMELLIA_MAC 0x00000553
-+#define CKM_CAMELLIA_MAC_GENERAL 0x00000554
-+#define CKM_CAMELLIA_CBC_PAD 0x00000555
-+#define CKM_CAMELLIA_ECB_ENCRYPT_DATA 0x00000556
-+#define CKM_CAMELLIA_CBC_ENCRYPT_DATA 0x00000557
-+#define CKM_CAMELLIA_CTR 0x00000558
-+
-+/* ARIA is new for PKCS #11 v2.20 amendment 3 */
-+#define CKM_ARIA_KEY_GEN 0x00000560
-+#define CKM_ARIA_ECB 0x00000561
-+#define CKM_ARIA_CBC 0x00000562
-+#define CKM_ARIA_MAC 0x00000563
-+#define CKM_ARIA_MAC_GENERAL 0x00000564
-+#define CKM_ARIA_CBC_PAD 0x00000565
-+#define CKM_ARIA_ECB_ENCRYPT_DATA 0x00000566
-+#define CKM_ARIA_CBC_ENCRYPT_DATA 0x00000567
-+
-+/* Fortezza mechanisms */
-+#define CKM_SKIPJACK_KEY_GEN 0x00001000
-+#define CKM_SKIPJACK_ECB64 0x00001001
-+#define CKM_SKIPJACK_CBC64 0x00001002
-+#define CKM_SKIPJACK_OFB64 0x00001003
-+#define CKM_SKIPJACK_CFB64 0x00001004
-+#define CKM_SKIPJACK_CFB32 0x00001005
-+#define CKM_SKIPJACK_CFB16 0x00001006
-+#define CKM_SKIPJACK_CFB8 0x00001007
-+#define CKM_SKIPJACK_WRAP 0x00001008
-+#define CKM_SKIPJACK_PRIVATE_WRAP 0x00001009
-+#define CKM_SKIPJACK_RELAYX 0x0000100a
-+#define CKM_KEA_KEY_PAIR_GEN 0x00001010
-+#define CKM_KEA_KEY_DERIVE 0x00001011
-+#define CKM_FORTEZZA_TIMESTAMP 0x00001020
-+#define CKM_BATON_KEY_GEN 0x00001030
-+#define CKM_BATON_ECB128 0x00001031
-+#define CKM_BATON_ECB96 0x00001032
-+#define CKM_BATON_CBC128 0x00001033
-+#define CKM_BATON_COUNTER 0x00001034
-+#define CKM_BATON_SHUFFLE 0x00001035
-+#define CKM_BATON_WRAP 0x00001036
-+
-+/* CKM_ECDSA_KEY_PAIR_GEN is deprecated in v2.11,
-+ * CKM_EC_KEY_PAIR_GEN is preferred */
-+#define CKM_ECDSA_KEY_PAIR_GEN 0x00001040
-+#define CKM_EC_KEY_PAIR_GEN 0x00001040
-+
-+#define CKM_ECDSA 0x00001041
-+#define CKM_ECDSA_SHA1 0x00001042
-+
-+/* CKM_ECDH1_DERIVE, CKM_ECDH1_COFACTOR_DERIVE, and CKM_ECMQV_DERIVE
-+ * are new for v2.11 */
-+#define CKM_ECDH1_DERIVE 0x00001050
-+#define CKM_ECDH1_COFACTOR_DERIVE 0x00001051
-+#define CKM_ECMQV_DERIVE 0x00001052
-+
-+#define CKM_JUNIPER_KEY_GEN 0x00001060
-+#define CKM_JUNIPER_ECB128 0x00001061
-+#define CKM_JUNIPER_CBC128 0x00001062
-+#define CKM_JUNIPER_COUNTER 0x00001063
-+#define CKM_JUNIPER_SHUFFLE 0x00001064
-+#define CKM_JUNIPER_WRAP 0x00001065
-+#define CKM_FASTHASH 0x00001070
-+
-+/* CKM_AES_KEY_GEN, CKM_AES_ECB, CKM_AES_CBC, CKM_AES_MAC,
-+ * CKM_AES_MAC_GENERAL, CKM_AES_CBC_PAD, CKM_DSA_PARAMETER_GEN,
-+ * CKM_DH_PKCS_PARAMETER_GEN, and CKM_X9_42_DH_PARAMETER_GEN are
-+ * new for v2.11 */
-+#define CKM_AES_KEY_GEN 0x00001080
-+#define CKM_AES_ECB 0x00001081
-+#define CKM_AES_CBC 0x00001082
-+#define CKM_AES_MAC 0x00001083
-+#define CKM_AES_MAC_GENERAL 0x00001084
-+#define CKM_AES_CBC_PAD 0x00001085
-+
-+/* AES counter mode is new for PKCS #11 v2.20 amendment 3 */
-+#define CKM_AES_CTR 0x00001086
-+
-+/* BlowFish and TwoFish are new for v2.20 */
-+#define CKM_BLOWFISH_KEY_GEN 0x00001090
-+#define CKM_BLOWFISH_CBC 0x00001091
-+#define CKM_TWOFISH_KEY_GEN 0x00001092
-+#define CKM_TWOFISH_CBC 0x00001093
-+
-+
-+/* CKM_xxx_ENCRYPT_DATA mechanisms are new for v2.20 */
-+#define CKM_DES_ECB_ENCRYPT_DATA 0x00001100
-+#define CKM_DES_CBC_ENCRYPT_DATA 0x00001101
-+#define CKM_DES3_ECB_ENCRYPT_DATA 0x00001102
-+#define CKM_DES3_CBC_ENCRYPT_DATA 0x00001103
-+#define CKM_AES_ECB_ENCRYPT_DATA 0x00001104
-+#define CKM_AES_CBC_ENCRYPT_DATA 0x00001105
-+
-+#define CKM_DSA_PARAMETER_GEN 0x00002000
-+#define CKM_DH_PKCS_PARAMETER_GEN 0x00002001
-+#define CKM_X9_42_DH_PARAMETER_GEN 0x00002002
-+
-+#define CKM_VENDOR_DEFINED 0x80000000
-+
-+typedef CK_MECHANISM_TYPE CK_PTR CK_MECHANISM_TYPE_PTR;
-+
-+
-+/* CK_MECHANISM is a structure that specifies a particular
-+ * mechanism */
-+typedef struct CK_MECHANISM {
-+ CK_MECHANISM_TYPE mechanism;
-+ CK_VOID_PTR pParameter;
-+
-+ /* ulParameterLen was changed from CK_USHORT to CK_ULONG for
-+ * v2.0 */
-+ CK_ULONG ulParameterLen; /* in bytes */
-+} CK_MECHANISM;
-+
-+typedef CK_MECHANISM CK_PTR CK_MECHANISM_PTR;
-+
-+
-+/* CK_MECHANISM_INFO provides information about a particular
-+ * mechanism */
-+typedef struct CK_MECHANISM_INFO {
-+ CK_ULONG ulMinKeySize;
-+ CK_ULONG ulMaxKeySize;
-+ CK_FLAGS flags;
-+} CK_MECHANISM_INFO;
-+
-+/* The flags are defined as follows:
-+ * Bit Flag Mask Meaning */
-+#define CKF_HW 0x00000001 /* performed by HW */
-+
-+/* The flags CKF_ENCRYPT, CKF_DECRYPT, CKF_DIGEST, CKF_SIGN,
-+ * CKG_SIGN_RECOVER, CKF_VERIFY, CKF_VERIFY_RECOVER,
-+ * CKF_GENERATE, CKF_GENERATE_KEY_PAIR, CKF_WRAP, CKF_UNWRAP,
-+ * and CKF_DERIVE are new for v2.0. They specify whether or not
-+ * a mechanism can be used for a particular task */
-+#define CKF_ENCRYPT 0x00000100
-+#define CKF_DECRYPT 0x00000200
-+#define CKF_DIGEST 0x00000400
-+#define CKF_SIGN 0x00000800
-+#define CKF_SIGN_RECOVER 0x00001000
-+#define CKF_VERIFY 0x00002000
-+#define CKF_VERIFY_RECOVER 0x00004000
-+#define CKF_GENERATE 0x00008000
-+#define CKF_GENERATE_KEY_PAIR 0x00010000
-+#define CKF_WRAP 0x00020000
-+#define CKF_UNWRAP 0x00040000
-+#define CKF_DERIVE 0x00080000
-+
-+/* CKF_EC_F_P, CKF_EC_F_2M, CKF_EC_ECPARAMETERS, CKF_EC_NAMEDCURVE,
-+ * CKF_EC_UNCOMPRESS, and CKF_EC_COMPRESS are new for v2.11. They
-+ * describe a token's EC capabilities not available in mechanism
-+ * information. */
-+#define CKF_EC_F_P 0x00100000
-+#define CKF_EC_F_2M 0x00200000
-+#define CKF_EC_ECPARAMETERS 0x00400000
-+#define CKF_EC_NAMEDCURVE 0x00800000
-+#define CKF_EC_UNCOMPRESS 0x01000000
-+#define CKF_EC_COMPRESS 0x02000000
-+
-+#define CKF_EXTENSION 0x80000000 /* FALSE for this version */
-+
-+typedef CK_MECHANISM_INFO CK_PTR CK_MECHANISM_INFO_PTR;
-+
-+
-+/* CK_RV is a value that identifies the return value of a
-+ * Cryptoki function */
-+/* CK_RV was changed from CK_USHORT to CK_ULONG for v2.0 */
-+typedef CK_ULONG CK_RV;
-+
-+#define CKR_OK 0x00000000
-+#define CKR_CANCEL 0x00000001
-+#define CKR_HOST_MEMORY 0x00000002
-+#define CKR_SLOT_ID_INVALID 0x00000003
-+
-+/* CKR_FLAGS_INVALID was removed for v2.0 */
-+
-+/* CKR_GENERAL_ERROR and CKR_FUNCTION_FAILED are new for v2.0 */
-+#define CKR_GENERAL_ERROR 0x00000005
-+#define CKR_FUNCTION_FAILED 0x00000006
-+
-+/* CKR_ARGUMENTS_BAD, CKR_NO_EVENT, CKR_NEED_TO_CREATE_THREADS,
-+ * and CKR_CANT_LOCK are new for v2.01 */
-+#define CKR_ARGUMENTS_BAD 0x00000007
-+#define CKR_NO_EVENT 0x00000008
-+#define CKR_NEED_TO_CREATE_THREADS 0x00000009
-+#define CKR_CANT_LOCK 0x0000000A
-+
-+#define CKR_ATTRIBUTE_READ_ONLY 0x00000010
-+#define CKR_ATTRIBUTE_SENSITIVE 0x00000011
-+#define CKR_ATTRIBUTE_TYPE_INVALID 0x00000012
-+#define CKR_ATTRIBUTE_VALUE_INVALID 0x00000013
-+#define CKR_DATA_INVALID 0x00000020
-+#define CKR_DATA_LEN_RANGE 0x00000021
-+#define CKR_DEVICE_ERROR 0x00000030
-+#define CKR_DEVICE_MEMORY 0x00000031
-+#define CKR_DEVICE_REMOVED 0x00000032
-+#define CKR_ENCRYPTED_DATA_INVALID 0x00000040
-+#define CKR_ENCRYPTED_DATA_LEN_RANGE 0x00000041
-+#define CKR_FUNCTION_CANCELED 0x00000050
-+#define CKR_FUNCTION_NOT_PARALLEL 0x00000051
-+
-+/* CKR_FUNCTION_NOT_SUPPORTED is new for v2.0 */
-+#define CKR_FUNCTION_NOT_SUPPORTED 0x00000054
-+
-+#define CKR_KEY_HANDLE_INVALID 0x00000060
-+
-+/* CKR_KEY_SENSITIVE was removed for v2.0 */
-+
-+#define CKR_KEY_SIZE_RANGE 0x00000062
-+#define CKR_KEY_TYPE_INCONSISTENT 0x00000063
-+
-+/* CKR_KEY_NOT_NEEDED, CKR_KEY_CHANGED, CKR_KEY_NEEDED,
-+ * CKR_KEY_INDIGESTIBLE, CKR_KEY_FUNCTION_NOT_PERMITTED,
-+ * CKR_KEY_NOT_WRAPPABLE, and CKR_KEY_UNEXTRACTABLE are new for
-+ * v2.0 */
-+#define CKR_KEY_NOT_NEEDED 0x00000064
-+#define CKR_KEY_CHANGED 0x00000065
-+#define CKR_KEY_NEEDED 0x00000066
-+#define CKR_KEY_INDIGESTIBLE 0x00000067
-+#define CKR_KEY_FUNCTION_NOT_PERMITTED 0x00000068
-+#define CKR_KEY_NOT_WRAPPABLE 0x00000069
-+#define CKR_KEY_UNEXTRACTABLE 0x0000006A
-+
-+#define CKR_MECHANISM_INVALID 0x00000070
-+#define CKR_MECHANISM_PARAM_INVALID 0x00000071
-+
-+/* CKR_OBJECT_CLASS_INCONSISTENT and CKR_OBJECT_CLASS_INVALID
-+ * were removed for v2.0 */
-+#define CKR_OBJECT_HANDLE_INVALID 0x00000082
-+#define CKR_OPERATION_ACTIVE 0x00000090
-+#define CKR_OPERATION_NOT_INITIALIZED 0x00000091
-+#define CKR_PIN_INCORRECT 0x000000A0
-+#define CKR_PIN_INVALID 0x000000A1
-+#define CKR_PIN_LEN_RANGE 0x000000A2
-+
-+/* CKR_PIN_EXPIRED and CKR_PIN_LOCKED are new for v2.0 */
-+#define CKR_PIN_EXPIRED 0x000000A3
-+#define CKR_PIN_LOCKED 0x000000A4
-+
-+#define CKR_SESSION_CLOSED 0x000000B0
-+#define CKR_SESSION_COUNT 0x000000B1
-+#define CKR_SESSION_HANDLE_INVALID 0x000000B3
-+#define CKR_SESSION_PARALLEL_NOT_SUPPORTED 0x000000B4
-+#define CKR_SESSION_READ_ONLY 0x000000B5
-+#define CKR_SESSION_EXISTS 0x000000B6
-+
-+/* CKR_SESSION_READ_ONLY_EXISTS and
-+ * CKR_SESSION_READ_WRITE_SO_EXISTS are new for v2.0 */
-+#define CKR_SESSION_READ_ONLY_EXISTS 0x000000B7
-+#define CKR_SESSION_READ_WRITE_SO_EXISTS 0x000000B8
-+
-+#define CKR_SIGNATURE_INVALID 0x000000C0
-+#define CKR_SIGNATURE_LEN_RANGE 0x000000C1
-+#define CKR_TEMPLATE_INCOMPLETE 0x000000D0
-+#define CKR_TEMPLATE_INCONSISTENT 0x000000D1
-+#define CKR_TOKEN_NOT_PRESENT 0x000000E0
-+#define CKR_TOKEN_NOT_RECOGNIZED 0x000000E1
-+#define CKR_TOKEN_WRITE_PROTECTED 0x000000E2
-+#define CKR_UNWRAPPING_KEY_HANDLE_INVALID 0x000000F0
-+#define CKR_UNWRAPPING_KEY_SIZE_RANGE 0x000000F1
-+#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT 0x000000F2
-+#define CKR_USER_ALREADY_LOGGED_IN 0x00000100
-+#define CKR_USER_NOT_LOGGED_IN 0x00000101
-+#define CKR_USER_PIN_NOT_INITIALIZED 0x00000102
-+#define CKR_USER_TYPE_INVALID 0x00000103
-+
-+/* CKR_USER_ANOTHER_ALREADY_LOGGED_IN and CKR_USER_TOO_MANY_TYPES
-+ * are new to v2.01 */
-+#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN 0x00000104
-+#define CKR_USER_TOO_MANY_TYPES 0x00000105
-+
-+#define CKR_WRAPPED_KEY_INVALID 0x00000110
-+#define CKR_WRAPPED_KEY_LEN_RANGE 0x00000112
-+#define CKR_WRAPPING_KEY_HANDLE_INVALID 0x00000113
-+#define CKR_WRAPPING_KEY_SIZE_RANGE 0x00000114
-+#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT 0x00000115
-+#define CKR_RANDOM_SEED_NOT_SUPPORTED 0x00000120
-+
-+/* These are new to v2.0 */
-+#define CKR_RANDOM_NO_RNG 0x00000121
-+
-+/* These are new to v2.11 */
-+#define CKR_DOMAIN_PARAMS_INVALID 0x00000130
-+
-+/* These are new to v2.0 */
-+#define CKR_BUFFER_TOO_SMALL 0x00000150
-+#define CKR_SAVED_STATE_INVALID 0x00000160
-+#define CKR_INFORMATION_SENSITIVE 0x00000170
-+#define CKR_STATE_UNSAVEABLE 0x00000180
-+
-+/* These are new to v2.01 */
-+#define CKR_CRYPTOKI_NOT_INITIALIZED 0x00000190
-+#define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191
-+#define CKR_MUTEX_BAD 0x000001A0
-+#define CKR_MUTEX_NOT_LOCKED 0x000001A1
-+
-+/* The following return values are new for PKCS #11 v2.20 amendment 3 */
-+#define CKR_NEW_PIN_MODE 0x000001B0
-+#define CKR_NEXT_OTP 0x000001B1
-+
-+/* This is new to v2.20 */
-+#define CKR_FUNCTION_REJECTED 0x00000200
-+
-+#define CKR_VENDOR_DEFINED 0x80000000
-+
-+
-+/* CK_NOTIFY is an application callback that processes events */
-+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_NOTIFY)(
-+ CK_SESSION_HANDLE hSession, /* the session's handle */
-+ CK_NOTIFICATION event,
-+ CK_VOID_PTR pApplication /* passed to C_OpenSession */
-+);
-+
-+
-+/* CK_FUNCTION_LIST is a structure holding a Cryptoki spec
-+ * version and pointers of appropriate types to all the
-+ * Cryptoki functions */
-+/* CK_FUNCTION_LIST is new for v2.0 */
-+typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST;
-+
-+typedef CK_FUNCTION_LIST CK_PTR CK_FUNCTION_LIST_PTR;
-+
-+typedef CK_FUNCTION_LIST_PTR CK_PTR CK_FUNCTION_LIST_PTR_PTR;
-+
-+
-+/* CK_CREATEMUTEX is an application callback for creating a
-+ * mutex object */
-+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_CREATEMUTEX)(
-+ CK_VOID_PTR_PTR ppMutex /* location to receive ptr to mutex */
-+);
-+
-+
-+/* CK_DESTROYMUTEX is an application callback for destroying a
-+ * mutex object */
-+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_DESTROYMUTEX)(
-+ CK_VOID_PTR pMutex /* pointer to mutex */
-+);
-+
-+
-+/* CK_LOCKMUTEX is an application callback for locking a mutex */
-+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_LOCKMUTEX)(
-+ CK_VOID_PTR pMutex /* pointer to mutex */
-+);
-+
-+
-+/* CK_UNLOCKMUTEX is an application callback for unlocking a
-+ * mutex */
-+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_UNLOCKMUTEX)(
-+ CK_VOID_PTR pMutex /* pointer to mutex */
-+);
-+
-+
-+/* CK_C_INITIALIZE_ARGS provides the optional arguments to
-+ * C_Initialize */
-+typedef struct CK_C_INITIALIZE_ARGS {
-+ CK_CREATEMUTEX CreateMutex;
-+ CK_DESTROYMUTEX DestroyMutex;
-+ CK_LOCKMUTEX LockMutex;
-+ CK_UNLOCKMUTEX UnlockMutex;
-+ CK_FLAGS flags;
-+ CK_VOID_PTR pReserved;
-+} CK_C_INITIALIZE_ARGS;
-+
-+/* flags: bit flags that provide capabilities of the slot
-+ * Bit Flag Mask Meaning
-+ */
-+#define CKF_LIBRARY_CANT_CREATE_OS_THREADS 0x00000001
-+#define CKF_OS_LOCKING_OK 0x00000002
-+
-+typedef CK_C_INITIALIZE_ARGS CK_PTR CK_C_INITIALIZE_ARGS_PTR;
-+
-+
-+/* additional flags for parameters to functions */
-+
-+/* CKF_DONT_BLOCK is for the function C_WaitForSlotEvent */
-+#define CKF_DONT_BLOCK 1
-+
-+/* CK_RSA_PKCS_OAEP_MGF_TYPE is new for v2.10.
-+ * CK_RSA_PKCS_OAEP_MGF_TYPE is used to indicate the Message
-+ * Generation Function (MGF) applied to a message block when
-+ * formatting a message block for the PKCS #1 OAEP encryption
-+ * scheme. */
-+typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE;
-+
-+typedef CK_RSA_PKCS_MGF_TYPE CK_PTR CK_RSA_PKCS_MGF_TYPE_PTR;
-+
-+/* The following MGFs are defined */
-+/* CKG_MGF1_SHA256, CKG_MGF1_SHA384, and CKG_MGF1_SHA512
-+ * are new for v2.20 */
-+#define CKG_MGF1_SHA1 0x00000001
-+#define CKG_MGF1_SHA256 0x00000002
-+#define CKG_MGF1_SHA384 0x00000003
-+#define CKG_MGF1_SHA512 0x00000004
-+/* SHA-224 is new for PKCS #11 v2.20 amendment 3 */
-+#define CKG_MGF1_SHA224 0x00000005
-+
-+/* CK_RSA_PKCS_OAEP_SOURCE_TYPE is new for v2.10.
-+ * CK_RSA_PKCS_OAEP_SOURCE_TYPE is used to indicate the source
-+ * of the encoding parameter when formatting a message block
-+ * for the PKCS #1 OAEP encryption scheme. */
-+typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE;
-+
-+typedef CK_RSA_PKCS_OAEP_SOURCE_TYPE CK_PTR CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR;
-+
-+/* The following encoding parameter sources are defined */
-+#define CKZ_DATA_SPECIFIED 0x00000001
-+
-+/* CK_RSA_PKCS_OAEP_PARAMS is new for v2.10.
-+ * CK_RSA_PKCS_OAEP_PARAMS provides the parameters to the
-+ * CKM_RSA_PKCS_OAEP mechanism. */
-+typedef struct CK_RSA_PKCS_OAEP_PARAMS {
-+ CK_MECHANISM_TYPE hashAlg;
-+ CK_RSA_PKCS_MGF_TYPE mgf;
-+ CK_RSA_PKCS_OAEP_SOURCE_TYPE source;
-+ CK_VOID_PTR pSourceData;
-+ CK_ULONG ulSourceDataLen;
-+} CK_RSA_PKCS_OAEP_PARAMS;
-+
-+typedef CK_RSA_PKCS_OAEP_PARAMS CK_PTR CK_RSA_PKCS_OAEP_PARAMS_PTR;
-+
-+/* CK_RSA_PKCS_PSS_PARAMS is new for v2.11.
-+ * CK_RSA_PKCS_PSS_PARAMS provides the parameters to the
-+ * CKM_RSA_PKCS_PSS mechanism(s). */
-+typedef struct CK_RSA_PKCS_PSS_PARAMS {
-+ CK_MECHANISM_TYPE hashAlg;
-+ CK_RSA_PKCS_MGF_TYPE mgf;
-+ CK_ULONG sLen;
-+} CK_RSA_PKCS_PSS_PARAMS;
-+
-+typedef CK_RSA_PKCS_PSS_PARAMS CK_PTR CK_RSA_PKCS_PSS_PARAMS_PTR;
-+
-+/* CK_EC_KDF_TYPE is new for v2.11. */
-+typedef CK_ULONG CK_EC_KDF_TYPE;
-+
-+/* The following EC Key Derivation Functions are defined */
-+#define CKD_NULL 0x00000001
-+#define CKD_SHA1_KDF 0x00000002
-+
-+/* CK_ECDH1_DERIVE_PARAMS is new for v2.11.
-+ * CK_ECDH1_DERIVE_PARAMS provides the parameters to the
-+ * CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE mechanisms,
-+ * where each party contributes one key pair.
-+ */
-+typedef struct CK_ECDH1_DERIVE_PARAMS {
-+ CK_EC_KDF_TYPE kdf;
-+ CK_ULONG ulSharedDataLen;
-+ CK_BYTE_PTR pSharedData;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+} CK_ECDH1_DERIVE_PARAMS;
-+
-+typedef CK_ECDH1_DERIVE_PARAMS CK_PTR CK_ECDH1_DERIVE_PARAMS_PTR;
-+
-+
-+/* CK_ECDH2_DERIVE_PARAMS is new for v2.11.
-+ * CK_ECDH2_DERIVE_PARAMS provides the parameters to the
-+ * CKM_ECMQV_DERIVE mechanism, where each party contributes two key pairs. */
-+typedef struct CK_ECDH2_DERIVE_PARAMS {
-+ CK_EC_KDF_TYPE kdf;
-+ CK_ULONG ulSharedDataLen;
-+ CK_BYTE_PTR pSharedData;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+ CK_ULONG ulPrivateDataLen;
-+ CK_OBJECT_HANDLE hPrivateData;
-+ CK_ULONG ulPublicDataLen2;
-+ CK_BYTE_PTR pPublicData2;
-+} CK_ECDH2_DERIVE_PARAMS;
-+
-+typedef CK_ECDH2_DERIVE_PARAMS CK_PTR CK_ECDH2_DERIVE_PARAMS_PTR;
-+
-+typedef struct CK_ECMQV_DERIVE_PARAMS {
-+ CK_EC_KDF_TYPE kdf;
-+ CK_ULONG ulSharedDataLen;
-+ CK_BYTE_PTR pSharedData;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+ CK_ULONG ulPrivateDataLen;
-+ CK_OBJECT_HANDLE hPrivateData;
-+ CK_ULONG ulPublicDataLen2;
-+ CK_BYTE_PTR pPublicData2;
-+ CK_OBJECT_HANDLE publicKey;
-+} CK_ECMQV_DERIVE_PARAMS;
-+
-+typedef CK_ECMQV_DERIVE_PARAMS CK_PTR CK_ECMQV_DERIVE_PARAMS_PTR;
-+
-+/* Typedefs and defines for the CKM_X9_42_DH_KEY_PAIR_GEN and the
-+ * CKM_X9_42_DH_PARAMETER_GEN mechanisms (new for PKCS #11 v2.11) */
-+typedef CK_ULONG CK_X9_42_DH_KDF_TYPE;
-+typedef CK_X9_42_DH_KDF_TYPE CK_PTR CK_X9_42_DH_KDF_TYPE_PTR;
-+
-+/* The following X9.42 DH key derivation functions are defined
-+ (besides CKD_NULL already defined : */
-+#define CKD_SHA1_KDF_ASN1 0x00000003
-+#define CKD_SHA1_KDF_CONCATENATE 0x00000004
-+
-+/* CK_X9_42_DH1_DERIVE_PARAMS is new for v2.11.
-+ * CK_X9_42_DH1_DERIVE_PARAMS provides the parameters to the
-+ * CKM_X9_42_DH_DERIVE key derivation mechanism, where each party
-+ * contributes one key pair */
-+typedef struct CK_X9_42_DH1_DERIVE_PARAMS {
-+ CK_X9_42_DH_KDF_TYPE kdf;
-+ CK_ULONG ulOtherInfoLen;
-+ CK_BYTE_PTR pOtherInfo;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+} CK_X9_42_DH1_DERIVE_PARAMS;
-+
-+typedef struct CK_X9_42_DH1_DERIVE_PARAMS CK_PTR CK_X9_42_DH1_DERIVE_PARAMS_PTR;
-+
-+/* CK_X9_42_DH2_DERIVE_PARAMS is new for v2.11.
-+ * CK_X9_42_DH2_DERIVE_PARAMS provides the parameters to the
-+ * CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation
-+ * mechanisms, where each party contributes two key pairs */
-+typedef struct CK_X9_42_DH2_DERIVE_PARAMS {
-+ CK_X9_42_DH_KDF_TYPE kdf;
-+ CK_ULONG ulOtherInfoLen;
-+ CK_BYTE_PTR pOtherInfo;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+ CK_ULONG ulPrivateDataLen;
-+ CK_OBJECT_HANDLE hPrivateData;
-+ CK_ULONG ulPublicDataLen2;
-+ CK_BYTE_PTR pPublicData2;
-+} CK_X9_42_DH2_DERIVE_PARAMS;
-+
-+typedef CK_X9_42_DH2_DERIVE_PARAMS CK_PTR CK_X9_42_DH2_DERIVE_PARAMS_PTR;
-+
-+typedef struct CK_X9_42_MQV_DERIVE_PARAMS {
-+ CK_X9_42_DH_KDF_TYPE kdf;
-+ CK_ULONG ulOtherInfoLen;
-+ CK_BYTE_PTR pOtherInfo;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+ CK_ULONG ulPrivateDataLen;
-+ CK_OBJECT_HANDLE hPrivateData;
-+ CK_ULONG ulPublicDataLen2;
-+ CK_BYTE_PTR pPublicData2;
-+ CK_OBJECT_HANDLE publicKey;
-+} CK_X9_42_MQV_DERIVE_PARAMS;
-+
-+typedef CK_X9_42_MQV_DERIVE_PARAMS CK_PTR CK_X9_42_MQV_DERIVE_PARAMS_PTR;
-+
-+/* CK_KEA_DERIVE_PARAMS provides the parameters to the
-+ * CKM_KEA_DERIVE mechanism */
-+/* CK_KEA_DERIVE_PARAMS is new for v2.0 */
-+typedef struct CK_KEA_DERIVE_PARAMS {
-+ CK_BBOOL isSender;
-+ CK_ULONG ulRandomLen;
-+ CK_BYTE_PTR pRandomA;
-+ CK_BYTE_PTR pRandomB;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+} CK_KEA_DERIVE_PARAMS;
-+
-+typedef CK_KEA_DERIVE_PARAMS CK_PTR CK_KEA_DERIVE_PARAMS_PTR;
-+
-+
-+/* CK_RC2_PARAMS provides the parameters to the CKM_RC2_ECB and
-+ * CKM_RC2_MAC mechanisms. An instance of CK_RC2_PARAMS just
-+ * holds the effective keysize */
-+typedef CK_ULONG CK_RC2_PARAMS;
-+
-+typedef CK_RC2_PARAMS CK_PTR CK_RC2_PARAMS_PTR;
-+
-+
-+/* CK_RC2_CBC_PARAMS provides the parameters to the CKM_RC2_CBC
-+ * mechanism */
-+typedef struct CK_RC2_CBC_PARAMS {
-+ /* ulEffectiveBits was changed from CK_USHORT to CK_ULONG for
-+ * v2.0 */
-+ CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */
-+
-+ CK_BYTE iv[8]; /* IV for CBC mode */
-+} CK_RC2_CBC_PARAMS;
-+
-+typedef CK_RC2_CBC_PARAMS CK_PTR CK_RC2_CBC_PARAMS_PTR;
-+
-+
-+/* CK_RC2_MAC_GENERAL_PARAMS provides the parameters for the
-+ * CKM_RC2_MAC_GENERAL mechanism */
-+/* CK_RC2_MAC_GENERAL_PARAMS is new for v2.0 */
-+typedef struct CK_RC2_MAC_GENERAL_PARAMS {
-+ CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */
-+ CK_ULONG ulMacLength; /* Length of MAC in bytes */
-+} CK_RC2_MAC_GENERAL_PARAMS;
-+
-+typedef CK_RC2_MAC_GENERAL_PARAMS CK_PTR \
-+ CK_RC2_MAC_GENERAL_PARAMS_PTR;
-+
-+
-+/* CK_RC5_PARAMS provides the parameters to the CKM_RC5_ECB and
-+ * CKM_RC5_MAC mechanisms */
-+/* CK_RC5_PARAMS is new for v2.0 */
-+typedef struct CK_RC5_PARAMS {
-+ CK_ULONG ulWordsize; /* wordsize in bits */
-+ CK_ULONG ulRounds; /* number of rounds */
-+} CK_RC5_PARAMS;
-+
-+typedef CK_RC5_PARAMS CK_PTR CK_RC5_PARAMS_PTR;
-+
-+
-+/* CK_RC5_CBC_PARAMS provides the parameters to the CKM_RC5_CBC
-+ * mechanism */
-+/* CK_RC5_CBC_PARAMS is new for v2.0 */
-+typedef struct CK_RC5_CBC_PARAMS {
-+ CK_ULONG ulWordsize; /* wordsize in bits */
-+ CK_ULONG ulRounds; /* number of rounds */
-+ CK_BYTE_PTR pIv; /* pointer to IV */
-+ CK_ULONG ulIvLen; /* length of IV in bytes */
-+} CK_RC5_CBC_PARAMS;
-+
-+typedef CK_RC5_CBC_PARAMS CK_PTR CK_RC5_CBC_PARAMS_PTR;
-+
-+
-+/* CK_RC5_MAC_GENERAL_PARAMS provides the parameters for the
-+ * CKM_RC5_MAC_GENERAL mechanism */
-+/* CK_RC5_MAC_GENERAL_PARAMS is new for v2.0 */
-+typedef struct CK_RC5_MAC_GENERAL_PARAMS {
-+ CK_ULONG ulWordsize; /* wordsize in bits */
-+ CK_ULONG ulRounds; /* number of rounds */
-+ CK_ULONG ulMacLength; /* Length of MAC in bytes */
-+} CK_RC5_MAC_GENERAL_PARAMS;
-+
-+typedef CK_RC5_MAC_GENERAL_PARAMS CK_PTR \
-+ CK_RC5_MAC_GENERAL_PARAMS_PTR;
-+
-+
-+/* CK_MAC_GENERAL_PARAMS provides the parameters to most block
-+ * ciphers' MAC_GENERAL mechanisms. Its value is the length of
-+ * the MAC */
-+/* CK_MAC_GENERAL_PARAMS is new for v2.0 */
-+typedef CK_ULONG CK_MAC_GENERAL_PARAMS;
-+
-+typedef CK_MAC_GENERAL_PARAMS CK_PTR CK_MAC_GENERAL_PARAMS_PTR;
-+
-+/* CK_DES/AES_ECB/CBC_ENCRYPT_DATA_PARAMS are new for v2.20 */
-+typedef struct CK_DES_CBC_ENCRYPT_DATA_PARAMS {
-+ CK_BYTE iv[8];
-+ CK_BYTE_PTR pData;
-+ CK_ULONG length;
-+} CK_DES_CBC_ENCRYPT_DATA_PARAMS;
-+
-+typedef CK_DES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR;
-+
-+typedef struct CK_AES_CBC_ENCRYPT_DATA_PARAMS {
-+ CK_BYTE iv[16];
-+ CK_BYTE_PTR pData;
-+ CK_ULONG length;
-+} CK_AES_CBC_ENCRYPT_DATA_PARAMS;
-+
-+typedef CK_AES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR;
-+
-+/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS provides the parameters to the
-+ * CKM_SKIPJACK_PRIVATE_WRAP mechanism */
-+/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS is new for v2.0 */
-+typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS {
-+ CK_ULONG ulPasswordLen;
-+ CK_BYTE_PTR pPassword;
-+ CK_ULONG ulPublicDataLen;
-+ CK_BYTE_PTR pPublicData;
-+ CK_ULONG ulPAndGLen;
-+ CK_ULONG ulQLen;
-+ CK_ULONG ulRandomLen;
-+ CK_BYTE_PTR pRandomA;
-+ CK_BYTE_PTR pPrimeP;
-+ CK_BYTE_PTR pBaseG;
-+ CK_BYTE_PTR pSubprimeQ;
-+} CK_SKIPJACK_PRIVATE_WRAP_PARAMS;
-+
-+typedef CK_SKIPJACK_PRIVATE_WRAP_PARAMS CK_PTR \
-+ CK_SKIPJACK_PRIVATE_WRAP_PTR;
-+
-+
-+/* CK_SKIPJACK_RELAYX_PARAMS provides the parameters to the
-+ * CKM_SKIPJACK_RELAYX mechanism */
-+/* CK_SKIPJACK_RELAYX_PARAMS is new for v2.0 */
-+typedef struct CK_SKIPJACK_RELAYX_PARAMS {
-+ CK_ULONG ulOldWrappedXLen;
-+ CK_BYTE_PTR pOldWrappedX;
-+ CK_ULONG ulOldPasswordLen;
-+ CK_BYTE_PTR pOldPassword;
-+ CK_ULONG ulOldPublicDataLen;
-+ CK_BYTE_PTR pOldPublicData;
-+ CK_ULONG ulOldRandomLen;
-+ CK_BYTE_PTR pOldRandomA;
-+ CK_ULONG ulNewPasswordLen;
-+ CK_BYTE_PTR pNewPassword;
-+ CK_ULONG ulNewPublicDataLen;
-+ CK_BYTE_PTR pNewPublicData;
-+ CK_ULONG ulNewRandomLen;
-+ CK_BYTE_PTR pNewRandomA;
-+} CK_SKIPJACK_RELAYX_PARAMS;
-+
-+typedef CK_SKIPJACK_RELAYX_PARAMS CK_PTR \
-+ CK_SKIPJACK_RELAYX_PARAMS_PTR;
-+
-+
-+typedef struct CK_PBE_PARAMS {
-+ CK_BYTE_PTR pInitVector;
-+ CK_UTF8CHAR_PTR pPassword;
-+ CK_ULONG ulPasswordLen;
-+ CK_BYTE_PTR pSalt;
-+ CK_ULONG ulSaltLen;
-+ CK_ULONG ulIteration;
-+} CK_PBE_PARAMS;
-+
-+typedef CK_PBE_PARAMS CK_PTR CK_PBE_PARAMS_PTR;
-+
-+
-+/* CK_KEY_WRAP_SET_OAEP_PARAMS provides the parameters to the
-+ * CKM_KEY_WRAP_SET_OAEP mechanism */
-+/* CK_KEY_WRAP_SET_OAEP_PARAMS is new for v2.0 */
-+typedef struct CK_KEY_WRAP_SET_OAEP_PARAMS {
-+ CK_BYTE bBC; /* block contents byte */
-+ CK_BYTE_PTR pX; /* extra data */
-+ CK_ULONG ulXLen; /* length of extra data in bytes */
-+} CK_KEY_WRAP_SET_OAEP_PARAMS;
-+
-+typedef CK_KEY_WRAP_SET_OAEP_PARAMS CK_PTR \
-+ CK_KEY_WRAP_SET_OAEP_PARAMS_PTR;
-+
-+
-+typedef struct CK_SSL3_RANDOM_DATA {
-+ CK_BYTE_PTR pClientRandom;
-+ CK_ULONG ulClientRandomLen;
-+ CK_BYTE_PTR pServerRandom;
-+ CK_ULONG ulServerRandomLen;
-+} CK_SSL3_RANDOM_DATA;
-+
-+
-+typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS {
-+ CK_SSL3_RANDOM_DATA RandomInfo;
-+ CK_VERSION_PTR pVersion;
-+} CK_SSL3_MASTER_KEY_DERIVE_PARAMS;
-+
-+typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS CK_PTR \
-+ CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR;
-+
-+
-+typedef struct CK_SSL3_KEY_MAT_OUT {
-+ CK_OBJECT_HANDLE hClientMacSecret;
-+ CK_OBJECT_HANDLE hServerMacSecret;
-+ CK_OBJECT_HANDLE hClientKey;
-+ CK_OBJECT_HANDLE hServerKey;
-+ CK_BYTE_PTR pIVClient;
-+ CK_BYTE_PTR pIVServer;
-+} CK_SSL3_KEY_MAT_OUT;
-+
-+typedef CK_SSL3_KEY_MAT_OUT CK_PTR CK_SSL3_KEY_MAT_OUT_PTR;
-+
-+
-+typedef struct CK_SSL3_KEY_MAT_PARAMS {
-+ CK_ULONG ulMacSizeInBits;
-+ CK_ULONG ulKeySizeInBits;
-+ CK_ULONG ulIVSizeInBits;
-+ CK_BBOOL bIsExport;
-+ CK_SSL3_RANDOM_DATA RandomInfo;
-+ CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
-+} CK_SSL3_KEY_MAT_PARAMS;
-+
-+typedef CK_SSL3_KEY_MAT_PARAMS CK_PTR CK_SSL3_KEY_MAT_PARAMS_PTR;
-+
-+/* CK_TLS_PRF_PARAMS is new for version 2.20 */
-+typedef struct CK_TLS_PRF_PARAMS {
-+ CK_BYTE_PTR pSeed;
-+ CK_ULONG ulSeedLen;
-+ CK_BYTE_PTR pLabel;
-+ CK_ULONG ulLabelLen;
-+ CK_BYTE_PTR pOutput;
-+ CK_ULONG_PTR pulOutputLen;
-+} CK_TLS_PRF_PARAMS;
-+
-+typedef CK_TLS_PRF_PARAMS CK_PTR CK_TLS_PRF_PARAMS_PTR;
-+
-+/* WTLS is new for version 2.20 */
-+typedef struct CK_WTLS_RANDOM_DATA {
-+ CK_BYTE_PTR pClientRandom;
-+ CK_ULONG ulClientRandomLen;
-+ CK_BYTE_PTR pServerRandom;
-+ CK_ULONG ulServerRandomLen;
-+} CK_WTLS_RANDOM_DATA;
-+
-+typedef CK_WTLS_RANDOM_DATA CK_PTR CK_WTLS_RANDOM_DATA_PTR;
-+
-+typedef struct CK_WTLS_MASTER_KEY_DERIVE_PARAMS {
-+ CK_MECHANISM_TYPE DigestMechanism;
-+ CK_WTLS_RANDOM_DATA RandomInfo;
-+ CK_BYTE_PTR pVersion;
-+} CK_WTLS_MASTER_KEY_DERIVE_PARAMS;
-+
-+typedef CK_WTLS_MASTER_KEY_DERIVE_PARAMS CK_PTR \
-+ CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTR;
-+
-+typedef struct CK_WTLS_PRF_PARAMS {
-+ CK_MECHANISM_TYPE DigestMechanism;
-+ CK_BYTE_PTR pSeed;
-+ CK_ULONG ulSeedLen;
-+ CK_BYTE_PTR pLabel;
-+ CK_ULONG ulLabelLen;
-+ CK_BYTE_PTR pOutput;
-+ CK_ULONG_PTR pulOutputLen;
-+} CK_WTLS_PRF_PARAMS;
-+
-+typedef CK_WTLS_PRF_PARAMS CK_PTR CK_WTLS_PRF_PARAMS_PTR;
-+
-+typedef struct CK_WTLS_KEY_MAT_OUT {
-+ CK_OBJECT_HANDLE hMacSecret;
-+ CK_OBJECT_HANDLE hKey;
-+ CK_BYTE_PTR pIV;
-+} CK_WTLS_KEY_MAT_OUT;
-+
-+typedef CK_WTLS_KEY_MAT_OUT CK_PTR CK_WTLS_KEY_MAT_OUT_PTR;
-+
-+typedef struct CK_WTLS_KEY_MAT_PARAMS {
-+ CK_MECHANISM_TYPE DigestMechanism;
-+ CK_ULONG ulMacSizeInBits;
-+ CK_ULONG ulKeySizeInBits;
-+ CK_ULONG ulIVSizeInBits;
-+ CK_ULONG ulSequenceNumber;
-+ CK_BBOOL bIsExport;
-+ CK_WTLS_RANDOM_DATA RandomInfo;
-+ CK_WTLS_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
-+} CK_WTLS_KEY_MAT_PARAMS;
-+
-+typedef CK_WTLS_KEY_MAT_PARAMS CK_PTR CK_WTLS_KEY_MAT_PARAMS_PTR;
-+
-+/* CMS is new for version 2.20 */
-+typedef struct CK_CMS_SIG_PARAMS {
-+ CK_OBJECT_HANDLE certificateHandle;
-+ CK_MECHANISM_PTR pSigningMechanism;
-+ CK_MECHANISM_PTR pDigestMechanism;
-+ CK_UTF8CHAR_PTR pContentType;
-+ CK_BYTE_PTR pRequestedAttributes;
-+ CK_ULONG ulRequestedAttributesLen;
-+ CK_BYTE_PTR pRequiredAttributes;
-+ CK_ULONG ulRequiredAttributesLen;
-+} CK_CMS_SIG_PARAMS;
-+
-+typedef CK_CMS_SIG_PARAMS CK_PTR CK_CMS_SIG_PARAMS_PTR;
-+
-+typedef struct CK_KEY_DERIVATION_STRING_DATA {
-+ CK_BYTE_PTR pData;
-+ CK_ULONG ulLen;
-+} CK_KEY_DERIVATION_STRING_DATA;
-+
-+typedef CK_KEY_DERIVATION_STRING_DATA CK_PTR \
-+ CK_KEY_DERIVATION_STRING_DATA_PTR;
-+
-+
-+/* The CK_EXTRACT_PARAMS is used for the
-+ * CKM_EXTRACT_KEY_FROM_KEY mechanism. It specifies which bit
-+ * of the base key should be used as the first bit of the
-+ * derived key */
-+/* CK_EXTRACT_PARAMS is new for v2.0 */
-+typedef CK_ULONG CK_EXTRACT_PARAMS;
-+
-+typedef CK_EXTRACT_PARAMS CK_PTR CK_EXTRACT_PARAMS_PTR;
-+
-+/* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is new for v2.10.
-+ * CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to
-+ * indicate the Pseudo-Random Function (PRF) used to generate
-+ * key bits using PKCS #5 PBKDF2. */
-+typedef CK_ULONG CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE;
-+
-+typedef CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE CK_PTR CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR;
-+
-+/* The following PRFs are defined in PKCS #5 v2.0. */
-+#define CKP_PKCS5_PBKD2_HMAC_SHA1 0x00000001
-+
-+
-+/* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is new for v2.10.
-+ * CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the
-+ * source of the salt value when deriving a key using PKCS #5
-+ * PBKDF2. */
-+typedef CK_ULONG CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE;
-+
-+typedef CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE CK_PTR CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR;
-+
-+/* The following salt value sources are defined in PKCS #5 v2.0. */
-+#define CKZ_SALT_SPECIFIED 0x00000001
-+
-+/* CK_PKCS5_PBKD2_PARAMS is new for v2.10.
-+ * CK_PKCS5_PBKD2_PARAMS is a structure that provides the
-+ * parameters to the CKM_PKCS5_PBKD2 mechanism. */
-+typedef struct CK_PKCS5_PBKD2_PARAMS {
-+ CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource;
-+ CK_VOID_PTR pSaltSourceData;
-+ CK_ULONG ulSaltSourceDataLen;
-+ CK_ULONG iterations;
-+ CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf;
-+ CK_VOID_PTR pPrfData;
-+ CK_ULONG ulPrfDataLen;
-+ CK_UTF8CHAR_PTR pPassword;
-+ CK_ULONG_PTR ulPasswordLen;
-+} CK_PKCS5_PBKD2_PARAMS;
-+
-+typedef CK_PKCS5_PBKD2_PARAMS CK_PTR CK_PKCS5_PBKD2_PARAMS_PTR;
-+
-+/* All CK_OTP structs are new for PKCS #11 v2.20 amendment 3 */
-+
-+typedef CK_ULONG CK_OTP_PARAM_TYPE;
-+typedef CK_OTP_PARAM_TYPE CK_PARAM_TYPE; /* B/w compatibility */
-+
-+typedef struct CK_OTP_PARAM {
-+ CK_OTP_PARAM_TYPE type;
-+ CK_VOID_PTR pValue;
-+ CK_ULONG ulValueLen;
-+} CK_OTP_PARAM;
-+
-+typedef CK_OTP_PARAM CK_PTR CK_OTP_PARAM_PTR;
-+
-+typedef struct CK_OTP_PARAMS {
-+ CK_OTP_PARAM_PTR pParams;
-+ CK_ULONG ulCount;
-+} CK_OTP_PARAMS;
-+
-+typedef CK_OTP_PARAMS CK_PTR CK_OTP_PARAMS_PTR;
-+
-+typedef struct CK_OTP_SIGNATURE_INFO {
-+ CK_OTP_PARAM_PTR pParams;
-+ CK_ULONG ulCount;
-+} CK_OTP_SIGNATURE_INFO;
-+
-+typedef CK_OTP_SIGNATURE_INFO CK_PTR CK_OTP_SIGNATURE_INFO_PTR;
-+
-+/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 */
-+#define CK_OTP_VALUE 0
-+#define CK_OTP_PIN 1
-+#define CK_OTP_CHALLENGE 2
-+#define CK_OTP_TIME 3
-+#define CK_OTP_COUNTER 4
-+#define CK_OTP_FLAGS 5
-+#define CK_OTP_OUTPUT_LENGTH 6
-+#define CK_OTP_OUTPUT_FORMAT 7
-+
-+/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 */
-+#define CKF_NEXT_OTP 0x00000001
-+#define CKF_EXCLUDE_TIME 0x00000002
-+#define CKF_EXCLUDE_COUNTER 0x00000004
-+#define CKF_EXCLUDE_CHALLENGE 0x00000008
-+#define CKF_EXCLUDE_PIN 0x00000010
-+#define CKF_USER_FRIENDLY_OTP 0x00000020
-+
-+/* CK_KIP_PARAMS is new for PKCS #11 v2.20 amendment 2 */
-+typedef struct CK_KIP_PARAMS {
-+ CK_MECHANISM_PTR pMechanism;
-+ CK_OBJECT_HANDLE hKey;
-+ CK_BYTE_PTR pSeed;
-+ CK_ULONG ulSeedLen;
-+} CK_KIP_PARAMS;
-+
-+typedef CK_KIP_PARAMS CK_PTR CK_KIP_PARAMS_PTR;
-+
-+/* CK_AES_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */
-+typedef struct CK_AES_CTR_PARAMS {
-+ CK_ULONG ulCounterBits;
-+ CK_BYTE cb[16];
-+} CK_AES_CTR_PARAMS;
-+
-+typedef CK_AES_CTR_PARAMS CK_PTR CK_AES_CTR_PARAMS_PTR;
-+
-+/* CK_CAMELLIA_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */
-+typedef struct CK_CAMELLIA_CTR_PARAMS {
-+ CK_ULONG ulCounterBits;
-+ CK_BYTE cb[16];
-+} CK_CAMELLIA_CTR_PARAMS;
-+
-+typedef CK_CAMELLIA_CTR_PARAMS CK_PTR CK_CAMELLIA_CTR_PARAMS_PTR;
-+
-+/* CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS is new for PKCS #11 v2.20 amendment 3 */
-+typedef struct CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS {
-+ CK_BYTE iv[16];
-+ CK_BYTE_PTR pData;
-+ CK_ULONG length;
-+} CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS;
-+
-+typedef CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS_PTR;
-+
-+/* CK_ARIA_CBC_ENCRYPT_DATA_PARAMS is new for PKCS #11 v2.20 amendment 3 */
-+typedef struct CK_ARIA_CBC_ENCRYPT_DATA_PARAMS {
-+ CK_BYTE iv[16];
-+ CK_BYTE_PTR pData;
-+ CK_ULONG length;
-+} CK_ARIA_CBC_ENCRYPT_DATA_PARAMS;
-+
-+typedef CK_ARIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_ARIA_CBC_ENCRYPT_DATA_PARAMS_PTR;
-+
-+#endif
+ # Do not edit this manually. Use Configure --openssldir=DIR do change this!
+ OPENSSLDIR=/usr/local/ssl
+