86 --- /tmp/Makefile	Fri Feb 11 14:42:03 2011

    86 --- openssl-1.0.1f/engines/Makefile.~1~	Thu Jan 30 10:42:05 2014

    87 +++ openssl-1.0.0d/crypto/engine/Makefile	Fri Feb 11 14:45:43 2011

    87 +++ openssl-1.0.1f/engines/Makefile	Thu Jan 30 10:45:27 2014

    88 @@ -22,13 +22,13 @@

    88 @@ -26,7 +26,8 @@

    89 	tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \

    89  APPS=

    90 	tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c \

    90  

    91 	eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c \

    91  LIB=$(TOP)/libcrypto.a

    92 -	eng_rsax.c eng_rdrand.c

    92 -LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec padlock capi

    93 +	eng_rsax.c eng_rdrand.c hw_pk11.c hw_pk11_pub.c hw_pk11_uri.c

    93 +LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec padlock capi \

    94  LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \

    94 +	  pk11

    95 	eng_table.o eng_pkey.o eng_fat.o eng_all.o \

    95  

    96 	tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \

    96  LIBSRC=	e_4758cca.c \

    97 	tb_cipher.o tb_digest.o tb_pkmeth.o tb_asnmth.o \

    97  	e_aep.c \

    98 	eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o \

    98 @@ -38,7 +39,8 @@

    99 -	eng_rsax.o eng_rdrand.o

    99  	e_sureware.c \

   100 +	eng_rsax.o eng_rdrand.o hw_pk11.o hw_pk11_pub.o hw_pk11_uri.o

   100  	e_ubsec.c \

   101 

   101  	e_padlock.c \

   102 -	e_capi.c

   103 +	e_capi.c \

   104 +	e_pk11.c

   105  LIBOBJ= e_4758cca.o \

   106  	e_aep.o \

   107  	e_atalla.o \

   108 @@ -49,7 +51,8 @@

   109  	e_sureware.o \

   110  	e_ubsec.o \

   111  	e_padlock.o \

   112 -	e_capi.o

   113 +	e_capi.o \

   114 +	e_pk11.o

   115  

   103 

   117  

   104 --- /tmp/eng_all.c	Fri Feb 11 14:46:11 2011

   118 @@ -63,7 +66,8 @@

   105 +++ openssl-1.0.0d/crypto/engine/eng_all.c	Fri Feb 11 14:38:01 2011

   119  	e_nuron_err.c e_nuron_err.h \

   106 @@ -80,6 +80,9 @@

   120  	e_sureware_err.c e_sureware_err.h \

   107 	ENGINE_load_rdrand();

   121  	e_ubsec_err.c e_ubsec_err.h \

   108  #endif

   122 -	e_capi_err.c e_capi_err.h

   109 	ENGINE_load_dynamic();

   123 +	e_capi_err.c e_capi_err.h \

   110 +#ifndef OPENSSL_NO_HW_PKCS11

   124 +	e_pk11.h e_pk11_uri.h e_pk11_err.h e_pk11_pub.c e_pk11_uri.c e_pk11_err.c

   111 +	ENGINE_load_pk11();

   125  

   126  ALL=    $(GENERAL) $(SRC) $(HEADER)

   127  

   128 @@ -78,7 +82,7 @@

   129  		for l in $(LIBNAMES); do \

   130  			$(MAKE) -f ../Makefile.shared -e \

   131  				LIBNAME=$$l LIBEXTRAS=e_$$l.o \

   132 -				LIBDEPS='-L.. -lcrypto $(EX_LIBS)' \

   133 +				LIBDEPS='-L.. -lcrypto -lcryptoutil $(EX_LIBS)' \

   134  				link_o.$(SHLIB_TARGET); \

   135  		done; \

   136  	else \

   137 --- openssl-1.0.1f/crypto/engine/eng_all.c.~1~	Thu Jan 30 10:55:48 2014

   138 +++ openssl-1.0.1f/crypto/engine/eng_all.c	Thu Jan 30 10:57:29 2014

   139 @@ -59,6 +59,16 @@

   140  #include "cryptlib.h"

   141  #include "eng_int.h"

   142  

   143 +/*

   144 + * pkcs11 engine no longer is a built-in engine, and ENGINE_load_pk11() needs to be

   145 + * defined in libcrypto.so for ssh. Instead of load pkcs11 engine, it loads dynamic

   146 + * engines.

   147 + */

   148 +void ENGINE_load_pk11(void)

   149 +	{

   150 +	ENGINE_load_dynamic();

   151 +	}

   152 +

   153  void ENGINE_load_builtin_engines(void)

   154  	{

   155  	/* Some ENGINEs need this */

   156 --- openssl-1.0.1f/crypto/dso/dso_lib.c.~1~	Thu Jan 30 11:04:41 2014

   157 +++ openssl-1.0.1f/crypto/dso/dso_lib.c	Thu Jan 30 11:29:40 2014

   158 @@ -426,6 +426,26 @@

   159  		DSOerr(DSO_F_DSO_CONVERT_FILENAME,DSO_R_NO_FILENAME);

   160  		return(NULL);

   161  		}

   162 +/*

   163 + * For pkcs11 engine, use libpk11.so (instead of libpkcs11.so) to

   164 + * avoid the name collision with PKCS#11 library.

   165 + */

   166 +	if (strcmp(filename, "pkcs11") == 0)

   167 +		{

   168 +#ifdef _LP64

   169 +		static const char fullpath[] = "/lib/openssl/engines/64/libpk11.so";

   170 +#else

   171 +		static const char fullpath[] = "/lib/openssl/engines/libpk11.so";

   113  #ifndef OPENSSL_NO_STATIC_ENGINE

   173 +		result = OPENSSL_malloc(strlen(fullpath) + 1);

   114  #ifndef OPENSSL_NO_HW

   174 +		if (result == NULL)

   115  #ifndef OPENSSL_NO_HW_4758_CCA

   175 +			{

   116 --- /tmp/engine.h	Fri Feb 11 14:46:24 2011

   176 +			DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_MALLOC_FAILURE);

   117 +++ openssl-1.0.0d/crypto/engine/engine.h	Fri Feb 11 14:47:32 2011

   177 +			return(NULL);

   178 +			}

   179 +		BUF_strlcpy(result, fullpath, sizeof(fullpath));

   180 +		return(result);

   181 +		}

   182  	if((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0)

   183  		{

   184  		if(dso->name_converter != NULL)

   185 --- /tmp/engine.h       Fri Feb 11 14:46:24 2011

   186 +++ openssl-1.0.0d/crypto/engine/engine.h       Fri Feb 11 14:47:32 2011