81 +PK11_LIB_LOCATION= |
81 +PK11_LIB_LOCATION= |
82 + |
82 + |
83 # Do not edit this manually. Use Configure --openssldir=DIR do change this! |
83 # Do not edit this manually. Use Configure --openssldir=DIR do change this! |
84 OPENSSLDIR=/usr/local/ssl |
84 OPENSSLDIR=/usr/local/ssl |
85 |
85 |
86 --- /tmp/Makefile Fri Feb 11 14:42:03 2011 |
86 --- openssl-1.0.1f/engines/Makefile.~1~ Thu Jan 30 10:42:05 2014 |
87 +++ openssl-1.0.0d/crypto/engine/Makefile Fri Feb 11 14:45:43 2011 |
87 +++ openssl-1.0.1f/engines/Makefile Thu Jan 30 10:45:27 2014 |
88 @@ -22,13 +22,13 @@ |
88 @@ -26,7 +26,8 @@ |
89 tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \ |
89 APPS= |
90 tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c \ |
90 |
91 eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c \ |
91 LIB=$(TOP)/libcrypto.a |
92 - eng_rsax.c eng_rdrand.c |
92 -LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec padlock capi |
93 + eng_rsax.c eng_rdrand.c hw_pk11.c hw_pk11_pub.c hw_pk11_uri.c |
93 +LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec padlock capi \ |
94 LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \ |
94 + pk11 |
95 eng_table.o eng_pkey.o eng_fat.o eng_all.o \ |
95 |
96 tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \ |
96 LIBSRC= e_4758cca.c \ |
97 tb_cipher.o tb_digest.o tb_pkmeth.o tb_asnmth.o \ |
97 e_aep.c \ |
98 eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o \ |
98 @@ -38,7 +39,8 @@ |
99 - eng_rsax.o eng_rdrand.o |
99 e_sureware.c \ |
100 + eng_rsax.o eng_rdrand.o hw_pk11.o hw_pk11_pub.o hw_pk11_uri.o |
100 e_ubsec.c \ |
101 |
101 e_padlock.c \ |
|
102 - e_capi.c |
|
103 + e_capi.c \ |
|
104 + e_pk11.c |
|
105 LIBOBJ= e_4758cca.o \ |
|
106 e_aep.o \ |
|
107 e_atalla.o \ |
|
108 @@ -49,7 +51,8 @@ |
|
109 e_sureware.o \ |
|
110 e_ubsec.o \ |
|
111 e_padlock.o \ |
|
112 - e_capi.o |
|
113 + e_capi.o \ |
|
114 + e_pk11.o |
|
115 |
102 SRC= $(LIBSRC) |
116 SRC= $(LIBSRC) |
103 |
117 |
104 --- /tmp/eng_all.c Fri Feb 11 14:46:11 2011 |
118 @@ -63,7 +66,8 @@ |
105 +++ openssl-1.0.0d/crypto/engine/eng_all.c Fri Feb 11 14:38:01 2011 |
119 e_nuron_err.c e_nuron_err.h \ |
106 @@ -80,6 +80,9 @@ |
120 e_sureware_err.c e_sureware_err.h \ |
107 ENGINE_load_rdrand(); |
121 e_ubsec_err.c e_ubsec_err.h \ |
108 #endif |
122 - e_capi_err.c e_capi_err.h |
109 ENGINE_load_dynamic(); |
123 + e_capi_err.c e_capi_err.h \ |
110 +#ifndef OPENSSL_NO_HW_PKCS11 |
124 + e_pk11.h e_pk11_uri.h e_pk11_err.h e_pk11_pub.c e_pk11_uri.c e_pk11_err.c |
111 + ENGINE_load_pk11(); |
125 |
|
126 ALL= $(GENERAL) $(SRC) $(HEADER) |
|
127 |
|
128 @@ -78,7 +82,7 @@ |
|
129 for l in $(LIBNAMES); do \ |
|
130 $(MAKE) -f ../Makefile.shared -e \ |
|
131 LIBNAME=$$l LIBEXTRAS=e_$$l.o \ |
|
132 - LIBDEPS='-L.. -lcrypto $(EX_LIBS)' \ |
|
133 + LIBDEPS='-L.. -lcrypto -lcryptoutil $(EX_LIBS)' \ |
|
134 link_o.$(SHLIB_TARGET); \ |
|
135 done; \ |
|
136 else \ |
|
137 --- openssl-1.0.1f/crypto/engine/eng_all.c.~1~ Thu Jan 30 10:55:48 2014 |
|
138 +++ openssl-1.0.1f/crypto/engine/eng_all.c Thu Jan 30 10:57:29 2014 |
|
139 @@ -59,6 +59,16 @@ |
|
140 #include "cryptlib.h" |
|
141 #include "eng_int.h" |
|
142 |
|
143 +/* |
|
144 + * pkcs11 engine no longer is a built-in engine, and ENGINE_load_pk11() needs to be |
|
145 + * defined in libcrypto.so for ssh. Instead of load pkcs11 engine, it loads dynamic |
|
146 + * engines. |
|
147 + */ |
|
148 +void ENGINE_load_pk11(void) |
|
149 + { |
|
150 + ENGINE_load_dynamic(); |
|
151 + } |
|
152 + |
|
153 void ENGINE_load_builtin_engines(void) |
|
154 { |
|
155 /* Some ENGINEs need this */ |
|
156 --- openssl-1.0.1f/crypto/dso/dso_lib.c.~1~ Thu Jan 30 11:04:41 2014 |
|
157 +++ openssl-1.0.1f/crypto/dso/dso_lib.c Thu Jan 30 11:29:40 2014 |
|
158 @@ -426,6 +426,26 @@ |
|
159 DSOerr(DSO_F_DSO_CONVERT_FILENAME,DSO_R_NO_FILENAME); |
|
160 return(NULL); |
|
161 } |
|
162 +/* |
|
163 + * For pkcs11 engine, use libpk11.so (instead of libpkcs11.so) to |
|
164 + * avoid the name collision with PKCS#11 library. |
|
165 + */ |
|
166 + if (strcmp(filename, "pkcs11") == 0) |
|
167 + { |
|
168 +#ifdef _LP64 |
|
169 + static const char fullpath[] = "/lib/openssl/engines/64/libpk11.so"; |
|
170 +#else |
|
171 + static const char fullpath[] = "/lib/openssl/engines/libpk11.so"; |
112 +#endif |
172 +#endif |
113 #ifndef OPENSSL_NO_STATIC_ENGINE |
173 + result = OPENSSL_malloc(strlen(fullpath) + 1); |
114 #ifndef OPENSSL_NO_HW |
174 + if (result == NULL) |
115 #ifndef OPENSSL_NO_HW_4758_CCA |
175 + { |
116 --- /tmp/engine.h Fri Feb 11 14:46:24 2011 |
176 + DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_MALLOC_FAILURE); |
117 +++ openssl-1.0.0d/crypto/engine/engine.h Fri Feb 11 14:47:32 2011 |
177 + return(NULL); |
|
178 + } |
|
179 + BUF_strlcpy(result, fullpath, sizeof(fullpath)); |
|
180 + return(result); |
|
181 + } |
|
182 if((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) |
|
183 { |
|
184 if(dso->name_converter != NULL) |
|
185 --- /tmp/engine.h Fri Feb 11 14:46:24 2011 |
|
186 +++ openssl-1.0.0d/crypto/engine/engine.h Fri Feb 11 14:47:32 2011 |
118 @@ -351,6 +351,7 @@ |
187 @@ -351,6 +351,7 @@ |
119 #endif |
188 #endif |
120 #endif |
189 #endif |
121 void ENGINE_load_cryptodev(void); |
190 void ENGINE_load_cryptodev(void); |
122 +void ENGINE_load_pk11(void); |
191 +void ENGINE_load_pk11(void); |