1 # |
|
2 # This patch file adds the Solaris's pkcs11 engine. |
|
3 # This is Solaris-specific (developed in house): not suitable for upstream. |
|
4 # |
|
5 --- /tmp/Configure Fri Feb 11 14:40:39 2011 |
|
6 +++ openssl-1.0.0d/Configure Fri Feb 11 14:41:36 2011 |
|
7 @@ -10,7 +10,7 @@ |
|
8 |
|
9 # see INSTALL for instructions. |
|
10 |
|
11 -my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; |
|
12 +my $usage="Usage: Configure --pk11-libname=PK11_LIB_LOCATION [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; |
|
13 |
|
14 # Options: |
|
15 # |
|
16 @@ -19,6 +19,9 @@ |
|
17 # --prefix prefix for the OpenSSL include, lib and bin directories |
|
18 # (Default: the OPENSSLDIR directory) |
|
19 # |
|
20 +# --pk11-libname PKCS#11 library name. |
|
21 +# (Default: none) |
|
22 +# |
|
23 # --install_prefix Additional prefix for package builders (empty by |
|
24 # default). This needn't be set in advance, you can |
|
25 # just as well use "make INSTALL_PREFIX=/whatever install". |
|
26 @@ -657,6 +661,9 @@ |
|
27 my $idx_arflags = $idx++; |
|
28 my $idx_multilib = $idx++; |
|
29 |
|
30 +# PKCS#11 engine patch |
|
31 +my $pk11_libname=""; |
|
32 + |
|
33 my $prefix=""; |
|
34 my $libdir=""; |
|
35 my $openssldir=""; |
|
36 @@ -882,6 +888,10 @@ |
|
37 $_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei; |
|
38 $flags.=$_." "; |
|
39 } |
|
40 + elsif (/^--pk11-libname=(.*)$/) |
|
41 + { |
|
42 + $pk11_libname=$1; |
|
43 + } |
|
44 elsif (/^--prefix=(.*)$/) |
|
45 { |
|
46 $prefix=$1; |
|
47 @@ -1049,6 +1059,13 @@ |
|
48 exit 0; |
|
49 } |
|
50 |
|
51 +if (! $pk11_libname) |
|
52 + { |
|
53 + print STDERR "You must set --pk11-libname for PKCS#11 library.\n"; |
|
54 + print STDERR "See README.pkcs11 for more information.\n"; |
|
55 + exit 1; |
|
56 + } |
|
57 + |
|
58 if ($target =~ m/^CygWin32(-.*)$/) { |
|
59 $target = "Cygwin".$1; |
|
60 } |
|
61 @@ -1215,6 +1232,8 @@ |
|
62 if ($flags ne "") { $cflags="$flags$cflags"; } |
|
63 else { $no_user_cflags=1; } |
|
64 |
|
65 +$cflags="-DPK11_LIB_LOCATION=\"$pk11_libname\" $cflags"; |
|
66 + |
|
67 # Kerberos settings. The flavor must be provided from outside, either through |
|
68 # the script "config" or manually. |
|
69 if (!$no_krb5) |
|
70 @@ -1604,6 +1623,7 @@ |
|
71 s/^VERSION=.*/VERSION=$version/; |
|
72 s/^MAJOR=.*/MAJOR=$major/; |
|
73 s/^MINOR=.*/MINOR=$minor/; |
|
74 + s/^PK11_LIB_LOCATION=.*/PK11_LIB_LOCATION=$pk11_libname/; |
|
75 s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/; |
|
76 s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/; |
|
77 s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/; |
|
78 --- /tmp/Makefile.org Fri Feb 11 14:41:54 2011 |
|
79 +++ openssl-1.0.0d/Makefile.org Fri Feb 11 14:38:01 2011 |
|
80 @@ -26,6 +26,9 @@ |
|
81 INSTALL_PREFIX= |
|
82 INSTALLTOP=/usr/local/ssl |
|
83 |
|
84 +# You must set this through --pk11-libname configure option. |
|
85 +PK11_LIB_LOCATION= |
|
86 + |
|
87 # Do not edit this manually. Use Configure --openssldir=DIR do change this! |
|
88 OPENSSLDIR=/usr/local/ssl |
|
89 |
|
90 --- /tmp/Makefile Mon Feb 14 14:59:22 2011 |
|
91 +++ openssl-1.0.0d/engines/Makefile Mon Feb 14 15:00:35 2011 |
|
92 @@ -26,7 +26,8 @@ |
|
93 APPS= |
|
94 |
|
95 LIB=$(TOP)/libcrypto.a |
|
96 -LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec padlock capi |
|
97 +LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec padlock capi \ |
|
98 + pk11 |
|
99 |
|
100 LIBSRC= e_4758cca.c \ |
|
101 e_aep.c \ |
|
102 @@ -38,7 +39,8 @@ |
|
103 e_sureware.c \ |
|
104 e_ubsec.c \ |
|
105 e_padlock.c \ |
|
106 - e_capi.c |
|
107 + e_capi.c \ |
|
108 + e_pk11.c |
|
109 LIBOBJ= e_4758cca.o \ |
|
110 e_aep.o \ |
|
111 e_atalla.o \ |
|
112 @@ -49,7 +51,8 @@ |
|
113 e_sureware.o \ |
|
114 e_ubsec.o \ |
|
115 e_padlock.o \ |
|
116 - e_capi.o |
|
117 + e_capi.o \ |
|
118 + e_pk11.o |
|
119 |
|
120 SRC= $(LIBSRC) |
|
121 |
|
122 @@ -63,7 +66,8 @@ |
|
123 e_nuron_err.c e_nuron_err.h \ |
|
124 e_sureware_err.c e_sureware_err.h \ |
|
125 e_ubsec_err.c e_ubsec_err.h \ |
|
126 - e_capi_err.c e_capi_err.h |
|
127 + e_capi_err.c e_capi_err.h \ |
|
128 + e_pk11.h e_pk11_uri.h e_pk11_err.h e_pk11_pub.c e_pk11_uri.c e_pk11_err.c |
|
129 |
|
130 ALL= $(GENERAL) $(SRC) $(HEADER) |
|
131 |
|
132 @@ -78,7 +82,7 @@ |
|
133 for l in $(LIBNAMES); do \ |
|
134 $(MAKE) -f ../Makefile.shared -e \ |
|
135 LIBNAME=$$l LIBEXTRAS=e_$$l.o \ |
|
136 - LIBDEPS='-L.. -lcrypto $(EX_LIBS)' \ |
|
137 + LIBDEPS='-L.. -lcrypto -lcryptoutil $(EX_LIBS)' \ |
|
138 link_o.$(SHLIB_TARGET); \ |
|
139 done; \ |
|
140 else \ |
|
141 --- crypto/engine/eng_all.c Thu Sep 5 12:59:50 2013 |
|
142 +++ openssl-1.0.1e/crypto/engine/eng_all.c Thu Sep 5 12:59:50 2013 |
|
143 @@ -60,6 +60,16 @@ |
|
144 #include "cryptlib.h" |
|
145 #include "eng_int.h" |
|
146 |
|
147 +/* |
|
148 + * pkcs11 engine no longer is a built-in engine, and ENGINE_load_pk11() needs to be |
|
149 + * defined in libcrypto.so for ssh. Instead of load pkcs11 engine, it load dynamic |
|
150 + * engines. |
|
151 + */ |
|
152 +void ENGINE_load_pk11(void) |
|
153 + { |
|
154 + ENGINE_load_dynamic(); |
|
155 + } |
|
156 + |
|
157 void ENGINE_load_builtin_engines(void) |
|
158 { |
|
159 /* Some ENGINEs need this */ |
|
160 --- crypto/dso/dso_lib.c Thu Sep 5 12:59:50 2013 |
|
161 +++ openssl-1.0.1e/crypto/dso/dso_lib.c Thu Sep 5 12:59:50 2013 |
|
162 @@ -396,6 +396,24 @@ |
|
163 DSOerr(DSO_F_DSO_CONVERT_FILENAME, DSO_R_NO_FILENAME); |
|
164 return (NULL); |
|
165 } |
|
166 + /* |
|
167 + * For pkcs11 engine, use libpk11.so (instead of libpkcs11.so) to |
|
168 + * avoid the name collision with PKCS#11 library. |
|
169 + */ |
|
170 + if (strcmp(filename, "pkcs11") == 0) { |
|
171 +#ifdef _LP64 |
|
172 + char *fullpath = "/lib/openssl/engines/64/libpk11.so"; |
|
173 +#else |
|
174 + char *fullpath = "/lib/openssl/engines/libpk11.so"; |
|
175 +#endif |
|
176 + result = OPENSSL_malloc(strlen(fullpath) + 1); |
|
177 + if(result == NULL) { |
|
178 + DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_MALLOC_FAILURE); |
|
179 + return(NULL); |
|
180 + } |
|
181 + BUF_strlcpy(result, fullpath, strlen(fullpath) + 1); |
|
182 + return (result); |
|
183 + } |
|
184 if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) { |
|
185 if (dso->name_converter != NULL) |
|
186 result = dso->name_converter(dso, filename); |
|
187 --- /tmp/engine.h Fri Feb 11 14:46:24 2011 |
|
188 +++ openssl-1.0.0d/crypto/engine/engine.h Fri Feb 11 14:47:32 2011 |
|
189 @@ -413,6 +413,7 @@ |
|
190 # endif |
|
191 # endif |
|
192 void ENGINE_load_cryptodev(void); |
|
193 +void ENGINE_load_pk11(void); |
|
194 void ENGINE_load_rsax(void); |
|
195 void ENGINE_load_rdrand(void); |
|
196 void ENGINE_load_builtin_engines(void); |
|