1 #

     2 # This patch file adds the Solaris's pkcs11 engine.

     3 # This is Solaris-specific (developed in house): not suitable for upstream.

     4 #

     5 --- /tmp/Configure	Fri Feb 11 14:40:39 2011

     6 +++ openssl-1.0.0d/Configure	Fri Feb 11 14:41:36 2011

     7 @@ -10,7 +10,7 @@

     8  

     9  # see INSTALL for instructions.

    10  

    11 -my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";

    12 +my $usage="Usage: Configure --pk11-libname=PK11_LIB_LOCATION [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";

    13  

    14  # Options:

    15  #

    16 @@ -19,6 +19,9 @@

    17  # --prefix      prefix for the OpenSSL include, lib and bin directories

    18  #               (Default: the OPENSSLDIR directory)

    19  #

    20 +# --pk11-libname  PKCS#11 library name.

    21 +#               (Default: none)

    22 +#

    23  # --install_prefix  Additional prefix for package builders (empty by

    24  #               default).  This needn't be set in advance, you can

    25  #               just as well use "make INSTALL_PREFIX=/whatever install".

    26 @@ -657,6 +661,9 @@

    27  my $idx_arflags = $idx++;

    28  my $idx_multilib = $idx++;

    29  

    30 +# PKCS#11 engine patch

    31 +my $pk11_libname="";

    32 +

    33  my $prefix="";

    34  my $libdir="";

    35  my $openssldir="";

    36 @@ -882,6 +888,10 @@

    37 				$_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei;

    38 				$flags.=$_." ";

    39 				}

    40 +			elsif (/^--pk11-libname=(.*)$/)

    41 +				{

    42 +				$pk11_libname=$1;

    43 +				}

    44 			elsif (/^--prefix=(.*)$/)

    45 				{

    46 				$prefix=$1;

    47 @@ -1049,6 +1059,13 @@

    48  	exit 0;

    49  }

    50  

    51 +if (! $pk11_libname)

    52 +        {

    53 +        print STDERR "You must set --pk11-libname for PKCS#11 library.\n";

    54 +        print STDERR "See README.pkcs11 for more information.\n";

    55 +        exit 1;

    56 +        }

    57 +

    58  if ($target =~ m/^CygWin32(-.*)$/) {

    59  	$target = "Cygwin".$1;

    60  }

    61 @@ -1215,6 +1232,8 @@

    62  if ($flags ne "")	{ $cflags="$flags$cflags"; }

    63  else			{ $no_user_cflags=1;       }

    64  

    65 +$cflags="-DPK11_LIB_LOCATION=\"$pk11_libname\" $cflags";

    66 +

    67  # Kerberos settings.  The flavor must be provided from outside, either through

    68  # the script "config" or manually.

    69  if (!$no_krb5)

    70 @@ -1604,6 +1623,7 @@

    71  	s/^VERSION=.*/VERSION=$version/;

    72  	s/^MAJOR=.*/MAJOR=$major/;

    73  	s/^MINOR=.*/MINOR=$minor/;

    74 +	s/^PK11_LIB_LOCATION=.*/PK11_LIB_LOCATION=$pk11_libname/;

    75  	s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/;

    76  	s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/;

    77  	s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/;

    78 --- /tmp/Makefile.org	Fri Feb 11 14:41:54 2011

    79 +++ openssl-1.0.0d/Makefile.org	Fri Feb 11 14:38:01 2011

    80 @@ -26,6 +26,9 @@

    81  INSTALL_PREFIX=

    82  INSTALLTOP=/usr/local/ssl

    83  

    84 +# You must set this through --pk11-libname configure option.

    85 +PK11_LIB_LOCATION=

    86 +

    87  # Do not edit this manually. Use Configure --openssldir=DIR do change this!

    88  OPENSSLDIR=/usr/local/ssl

    89  

    90 --- /tmp/Makefile	Mon Feb 14 14:59:22 2011

    91 +++ openssl-1.0.0d/engines/Makefile	Mon Feb 14 15:00:35 2011

    92 @@ -26,7 +26,8 @@

    93  APPS=

    94  

    95  LIB=$(TOP)/libcrypto.a

    96 -LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec padlock capi

    97 +LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec padlock capi \

    98 +	  pk11

    99  

   100  LIBSRC=	e_4758cca.c \

   101  	e_aep.c \

   102 @@ -38,7 +39,8 @@

   103  	e_sureware.c \

   104  	e_ubsec.c \

   105  	e_padlock.c \

   106 -	e_capi.c

   107 +	e_capi.c \

   108 +	e_pk11.c

   109  LIBOBJ= e_4758cca.o \

   110  	e_aep.o \

   111  	e_atalla.o \

   112 @@ -49,7 +51,8 @@

   113  	e_sureware.o \

   114  	e_ubsec.o \

   115  	e_padlock.o \

   116 -	e_capi.o

   117 +	e_capi.o \

   118 +	e_pk11.o

   119  

   120  SRC= $(LIBSRC)

   121  

   122 @@ -63,7 +66,8 @@

   123  	e_nuron_err.c e_nuron_err.h \

   124  	e_sureware_err.c e_sureware_err.h \

   125  	e_ubsec_err.c e_ubsec_err.h \

   126 -	e_capi_err.c e_capi_err.h

   127 +	e_capi_err.c e_capi_err.h \

   128 +	e_pk11.h e_pk11_uri.h e_pk11_err.h e_pk11_pub.c e_pk11_uri.c e_pk11_err.c

   129  

   130  ALL=    $(GENERAL) $(SRC) $(HEADER)

   131  

   132 @@ -78,7 +82,7 @@

   133  		for l in $(LIBNAMES); do \

   134  			$(MAKE) -f ../Makefile.shared -e \

   135  				LIBNAME=$$l LIBEXTRAS=e_$$l.o \

   136 -				LIBDEPS='-L.. -lcrypto $(EX_LIBS)' \

   137 +				LIBDEPS='-L.. -lcrypto -lcryptoutil $(EX_LIBS)' \

   138  				link_o.$(SHLIB_TARGET); \

   139  		done; \

   140  	else \

   141 --- crypto/engine/eng_all.c Thu Sep  5 12:59:50 2013

   142 +++ openssl-1.0.1e/crypto/engine/eng_all.c Thu Sep  5 12:59:50 2013

   143 @@ -60,6 +60,16 @@

   144  #include "cryptlib.h"

   145  #include "eng_int.h"

   146 

   147 +/*

   148 + * pkcs11 engine no longer is a built-in engine, and ENGINE_load_pk11() needs to be

   149 + * defined in libcrypto.so for ssh.  Instead of load pkcs11 engine, it load dynamic

   150 + * engines.

   151 + */

   152 +void ENGINE_load_pk11(void)

   153 +	{

   154 +	ENGINE_load_dynamic();

   155 +	}

   156 +

   157  void ENGINE_load_builtin_engines(void)

   158  {

   159      /* Some ENGINEs need this */

   160 --- crypto/dso/dso_lib.c Thu Sep  5 12:59:50 2013

   161 +++ openssl-1.0.1e/crypto/dso/dso_lib.c Thu Sep  5 12:59:50 2013

   162 @@ -396,6 +396,24 @@

   163          DSOerr(DSO_F_DSO_CONVERT_FILENAME, DSO_R_NO_FILENAME);

   164          return (NULL);

   165      }

   166 +    /*

   167 +     * For pkcs11 engine, use libpk11.so (instead of libpkcs11.so) to

   168 +     * avoid the name collision with PKCS#11 library.

   169 +     */

   170 +    if (strcmp(filename, "pkcs11") == 0) {

   171 +#ifdef  _LP64

   172 +        char *fullpath = "/lib/openssl/engines/64/libpk11.so";

   173 +#else

   174 +        char *fullpath = "/lib/openssl/engines/libpk11.so";

   175 +#endif

   176 +        result = OPENSSL_malloc(strlen(fullpath) + 1);

   177 +        if(result == NULL) {

   178 +            DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_MALLOC_FAILURE);

   179 +            return(NULL);

   180 +        }

   181 +        BUF_strlcpy(result, fullpath, strlen(fullpath) + 1);

   182 +        return (result);

   183 +    }

   184      if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) {

   185          if (dso->name_converter != NULL)

   186              result = dso->name_converter(dso, filename);

   187 --- /tmp/engine.h       Fri Feb 11 14:46:24 2011

   188 +++ openssl-1.0.0d/crypto/engine/engine.h       Fri Feb 11 14:47:32 2011

   189 @@ -413,6 +413,7 @@

   190  #  endif

   191  # endif

   192  void ENGINE_load_cryptodev(void);

   193 +void ENGINE_load_pk11(void);

   194  void ENGINE_load_rsax(void);

   195  void ENGINE_load_rdrand(void);

   196  void ENGINE_load_builtin_engines(void);