52 + } |
56 + } |
53 + |
57 + |
54 if ($target =~ m/^CygWin32(-.*)$/) { |
58 if ($target =~ m/^CygWin32(-.*)$/) { |
55 $target = "Cygwin".$1; |
59 $target = "Cygwin".$1; |
56 } |
60 } |
57 @@ -1209,6 +1226,8 @@ |
61 @@ -1215,6 +1232,8 @@ |
58 if ($flags ne "") { $cflags="$flags$cflags"; } |
62 if ($flags ne "") { $cflags="$flags$cflags"; } |
59 else { $no_user_cflags=1; } |
63 else { $no_user_cflags=1; } |
60 |
64 |
61 +$cflags="-DPK11_LIB_LOCATION=\"$pk11_libname\" $cflags"; |
65 +$cflags="-DPK11_LIB_LOCATION=\"$pk11_libname\" $cflags"; |
62 + |
66 + |
63 # Kerberos settings. The flavor must be provided from outside, either through |
67 # Kerberos settings. The flavor must be provided from outside, either through |
64 # the script "config" or manually. |
68 # the script "config" or manually. |
65 if (!$no_krb5) |
69 if (!$no_krb5) |
66 @@ -1598,6 +1617,7 @@ |
70 @@ -1604,6 +1623,7 @@ |
67 s/^VERSION=.*/VERSION=$version/; |
71 s/^VERSION=.*/VERSION=$version/; |
68 s/^MAJOR=.*/MAJOR=$major/; |
72 s/^MAJOR=.*/MAJOR=$major/; |
69 s/^MINOR=.*/MINOR=$minor/; |
73 s/^MINOR=.*/MINOR=$minor/; |
70 + s/^PK11_LIB_LOCATION=.*/PK11_LIB_LOCATION=$pk11_libname/; |
74 + s/^PK11_LIB_LOCATION=.*/PK11_LIB_LOCATION=$pk11_libname/; |
71 s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/; |
75 s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/; |
72 s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/; |
76 s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/; |
73 s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/; |
77 s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/; |
74 --- /tmp/Makefile.org Fri Feb 11 14:41:54 2011 |
78 --- /tmp/Makefile.org Fri Feb 11 14:41:54 2011 |
75 +++ openssl-1.0.0d/Makefile.org Fri Feb 11 14:38:01 2011 |
79 +++ openssl-1.0.0d/Makefile.org Fri Feb 11 14:38:01 2011 |
76 @@ -26,6 +26,9 @@ |
80 @@ -26,6 +26,9 @@ |
81 +PK11_LIB_LOCATION= |
85 +PK11_LIB_LOCATION= |
82 + |
86 + |
83 # Do not edit this manually. Use Configure --openssldir=DIR do change this! |
87 # Do not edit this manually. Use Configure --openssldir=DIR do change this! |
84 OPENSSLDIR=/usr/local/ssl |
88 OPENSSLDIR=/usr/local/ssl |
85 |
89 |
86 --- openssl-1.0.1e/engines/Makefile.~1~ Fri Nov 22 13:40:31 2013 |
90 --- /tmp/Makefile Mon Feb 14 14:59:22 2011 |
87 +++ openssl-1.0.1e/engines/Makefile Fri Nov 22 13:43:46 2013 |
91 +++ openssl-1.0.0d/engines/Makefile Mon Feb 14 15:00:35 2011 |
88 @@ -26,7 +26,8 @@ |
92 @@ -26,7 +26,8 @@ |
89 APPS= |
93 APPS= |
90 |
94 |
91 LIB=$(TOP)/libcrypto.a |
95 LIB=$(TOP)/libcrypto.a |
92 -LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec padlock capi |
96 -LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec padlock capi |
93 +LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec padlock capi \ |
97 +LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec padlock capi \ |
94 + pk11 |
98 + pk11 |
95 |
99 |
96 LIBSRC= e_4758cca.c \ |
100 LIBSRC= e_4758cca.c \ |
97 e_aep.c \ |
101 e_aep.c \ |
98 @@ -38,7 +39,8 @@ |
102 @@ -38,7 +39,8 @@ |
99 e_sureware.c \ |
103 e_sureware.c \ |
100 e_ubsec.c \ |
104 e_ubsec.c \ |
101 e_padlock.c \ |
105 e_padlock.c \ |
102 - e_capi.c |
106 - e_capi.c |
103 + e_capi.c \ |
107 + e_capi.c \ |
104 + e_pk11.c |
108 + e_pk11.c |
105 LIBOBJ= e_4758cca.o \ |
109 LIBOBJ= e_4758cca.o \ |
106 e_aep.o \ |
110 e_aep.o \ |
107 e_atalla.o \ |
111 e_atalla.o \ |
108 @@ -49,7 +51,8 @@ |
112 @@ -49,7 +51,8 @@ |
109 e_sureware.o \ |
113 e_sureware.o \ |
110 e_ubsec.o \ |
114 e_ubsec.o \ |
111 e_padlock.o \ |
115 e_padlock.o \ |
112 - e_capi.o |
116 - e_capi.o |
113 + e_capi.o \ |
117 + e_capi.o \ |
114 + e_pk11.o |
118 + e_pk11.o |
115 |
119 |
116 SRC= $(LIBSRC) |
120 SRC= $(LIBSRC) |
117 |
121 |
118 @@ -63,7 +66,8 @@ |
122 @@ -63,7 +66,8 @@ |
119 e_nuron_err.c e_nuron_err.h \ |
123 e_nuron_err.c e_nuron_err.h \ |
120 e_sureware_err.c e_sureware_err.h \ |
124 e_sureware_err.c e_sureware_err.h \ |
121 e_ubsec_err.c e_ubsec_err.h \ |
125 e_ubsec_err.c e_ubsec_err.h \ |
122 - e_capi_err.c e_capi_err.h |
126 - e_capi_err.c e_capi_err.h |
123 + e_capi_err.c e_capi_err.h \ |
127 + e_capi_err.c e_capi_err.h \ |
124 + e_pk11.h e_pk11_uri.h e_pk11_err.h e_pk11_pub.c e_pk11_uri.c e_pk11_err.c |
128 + e_pk11.h e_pk11_uri.h e_pk11_err.h e_pk11_pub.c e_pk11_uri.c e_pk11_err.c |
125 |
129 |
126 ALL= $(GENERAL) $(SRC) $(HEADER) |
130 ALL= $(GENERAL) $(SRC) $(HEADER) |
127 |
131 |
128 @@ -78,7 +82,7 @@ |
132 @@ -78,7 +82,7 @@ |
129 for l in $(LIBNAMES); do \ |
133 for l in $(LIBNAMES); do \ |
130 $(MAKE) -f ../Makefile.shared -e \ |
134 $(MAKE) -f ../Makefile.shared -e \ |
131 LIBNAME=$$l LIBEXTRAS=e_$$l.o \ |
135 LIBNAME=$$l LIBEXTRAS=e_$$l.o \ |
132 - LIBDEPS='-L.. -lcrypto $(EX_LIBS)' \ |
136 - LIBDEPS='-L.. -lcrypto $(EX_LIBS)' \ |
133 + LIBDEPS='-L.. -lcrypto -lcryptoutil $(EX_LIBS)' \ |
137 + LIBDEPS='-L.. -lcrypto -lcryptoutil $(EX_LIBS)' \ |
134 link_o.$(SHLIB_TARGET); \ |
138 link_o.$(SHLIB_TARGET); \ |
135 done; \ |
139 done; \ |
136 else \ |
140 else \ |
137 --- openssl-1.0.1e/crypto/engine/eng_all.c.~1~ Mon Feb 11 07:26:04 2013 |
141 --- crypto/engine/eng_all.c Thu Sep 5 12:59:50 2013 |
138 +++ openssl-1.0.1e/crypto/engine/eng_all.c Wed Nov 20 11:38:05 2013 |
142 +++ openssl-1.0.1e/crypto/engine/eng_all.c Thu Sep 5 12:59:50 2013 |
139 @@ -59,6 +59,16 @@ |
143 @@ -60,6 +60,16 @@ |
140 #include "cryptlib.h" |
144 #include "cryptlib.h" |
141 #include "eng_int.h" |
145 #include "eng_int.h" |
142 |
146 |
143 +/* |
147 +/* |
144 + * pkcs11 engine no longer is a built-in engine, and ENGINE_load_pk11() needs to be |
148 + * pkcs11 engine no longer is a built-in engine, and ENGINE_load_pk11() needs to be |
145 + * defined in libcrypto.so for ssh. Instead of load pkcs11 engine, it loads dynamic |
149 + * defined in libcrypto.so for ssh. Instead of load pkcs11 engine, it load dynamic |
146 + * engines. |
150 + * engines. |
147 + */ |
151 + */ |
148 +void ENGINE_load_pk11(void) |
152 +void ENGINE_load_pk11(void) |
149 + { |
153 + { |
150 + ENGINE_load_dynamic(); |
154 + ENGINE_load_dynamic(); |
151 + } |
155 + } |
152 + |
156 + |
153 void ENGINE_load_builtin_engines(void) |
157 void ENGINE_load_builtin_engines(void) |
154 { |
158 { |
155 /* Some ENGINEs need this */ |
159 /* Some ENGINEs need this */ |
156 @@ -80,6 +90,9 @@ |
160 @@ -80,6 +90,9 @@ |
157 ENGINE_load_rdrand(); |
161 ENGINE_load_rdrand(); |
158 #endif |
162 #endif |
159 ENGINE_load_dynamic(); |
163 ENGINE_load_dynamic(); |
160 +#ifndef OPENSSL_NO_HW_PKCS11 |
164 +#ifndef OPENSSL_NO_HW_PKCS11 |
161 + ENGINE_load_pk11(); |
165 + ENGINE_load_pk11(); |
162 +#endif |
166 +#endif |
163 #ifndef OPENSSL_NO_STATIC_ENGINE |
167 #ifndef OPENSSL_NO_STATIC_ENGINE |
164 #ifndef OPENSSL_NO_HW |
168 # ifndef OPENSSL_NO_HW |
165 #ifndef OPENSSL_NO_HW_4758_CCA |
169 # ifndef OPENSSL_NO_HW_4758_CCA |
166 --- openssl-1.0.1e/crypto/dso/dso_lib.c.~1~ Wed Nov 20 13:10:57 2013 |
170 --- crypto/dso/dso_lib.c Thu Sep 5 12:59:50 2013 |
167 +++ openssl-1.0.1e/crypto/dso/dso_lib.c Wed Nov 20 13:30:46 2013 |
171 +++ openssl-1.0.1e/crypto/dso/dso_lib.c Thu Sep 5 12:59:50 2013 |
168 @@ -426,6 +426,26 @@ |
172 @@ -396,6 +396,24 @@ |
169 DSOerr(DSO_F_DSO_CONVERT_FILENAME,DSO_R_NO_FILENAME); |
173 DSOerr(DSO_F_DSO_CONVERT_FILENAME, DSO_R_NO_FILENAME); |
170 return(NULL); |
174 return (NULL); |
171 } |
175 } |
172 + /* |
176 + /* |
173 + * For pkcs11 engine, use libpk11.so (instead of libpkcs11.so) to |
177 + * For pkcs11 engine, use libpk11.so (instead of libpkcs11.so) to |
174 + * avoid the name collision with PKCS#11 library. |
178 + * avoid the name collision with PKCS#11 library. |
175 + */ |
179 + */ |
176 + if (strcmp(filename, "pkcs11") == 0) |
180 + if (strcmp(filename, "pkcs11") == 0) { |
177 + { |
181 +#ifdef _LP64 |
178 +#ifdef _LP64 |
182 + static const char fullpath[] = "/lib/openssl/engines/64/libpk11.so"; |
179 + static const char fullpath[] = "/lib/openssl/engines/64/libpk11.so"; |
|
180 +#else |
183 +#else |
181 + static const char fullpath[] = "/lib/openssl/engines/libpk11.so"; |
184 + static const char fullpath[] = "/lib/openssl/engines/libpk11.so"; |
182 +#endif |
185 +#endif |
183 + result = OPENSSL_malloc(strlen(fullpath) + 1); |
186 + result = OPENSSL_malloc(strlen(fullpath) + 1); |
184 + if(result == NULL) |
187 + if(result == NULL) { |
185 + { |
188 + DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_MALLOC_FAILURE); |
186 + DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_MALLOC_FAILURE); |
189 + return(NULL); |
187 + return(NULL); |
190 + } |
188 + } |
191 + BUF_strlcpy(result, fullpath, strlen(fullpath) + 1); |
189 + BUF_strlcpy(result, fullpath, sizeof(fullpath)); |
192 + return (result); |
190 + return(result); |
193 + } |
191 + } |
194 if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) { |
192 if((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) |
195 if (dso->name_converter != NULL) |
193 { |
196 result = dso->name_converter(dso, filename); |
194 if(dso->name_converter != NULL) |
197 --- /tmp/engine.h Fri Feb 11 14:46:24 2011 |
195 --- /tmp/engine.h Fri Feb 11 14:46:24 2011 |
198 +++ openssl-1.0.0d/crypto/engine/engine.h Fri Feb 11 14:47:32 2011 |
196 +++ openssl-1.0.0d/crypto/engine/engine.h Fri Feb 11 14:47:32 2011 |
199 @@ -413,6 +413,7 @@ |
197 @@ -351,6 +351,7 @@ |
200 # endif |
198 #endif |
201 # endif |
199 #endif |
|
200 void ENGINE_load_cryptodev(void); |
202 void ENGINE_load_cryptodev(void); |
201 +void ENGINE_load_pk11(void); |
203 +void ENGINE_load_pk11(void); |
202 void ENGINE_load_rsax(void); |
204 void ENGINE_load_rsax(void); |
203 void ENGINE_load_rdrand(void); |
205 void ENGINE_load_rdrand(void); |
204 void ENGINE_load_builtin_engines(void); |
206 void ENGINE_load_builtin_engines(void); |