--- a/components/openssl/openssl-0.9.8-fips-140/patches/15-pkcs11_engine-0.9.8a.patch Mon Jan 27 23:00:15 2014 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,208 +0,0 @@
-diff -ruN ../a/openssl-0.9.8o/Configure openssl-0.9.8o/Configure
---- ../a/openssl-0.9.8o/Configure 2010-05-20 10:36:23.000000000 -0700
-+++ openssl-0.9.8o/Configure 2010-09-22 18:32:18.922795700 -0700
-@@ -12,7 +12,7 @@
-
- # see INSTALL for instructions.
-
--my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [enable-montasm] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
-+my $usage="Usage: Configure --pk11-libname=PK11_LIB_LOCATION [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [enable-montasm] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
-
- # Options:
- #
-@@ -21,6 +21,9 @@
- # --prefix prefix for the OpenSSL include, lib and bin directories
- # (Default: the OPENSSLDIR directory)
- #
-+# --pk11-libname PKCS#11 library name.
-+# (Default: none)
-+#
- # --install_prefix Additional prefix for package builders (empty by
- # default). This needn't be set in advance, you can
- # just as well use "make INSTALL_PREFIX=/whatever install".
-@@ -587,6 +590,9 @@
- my $idx_ranlib = $idx++;
- my $idx_arflags = $idx++;
-
-+# PKCS#11 engine patch
-+my $pk11_libname="";
-+
- my $prefix="";
- my $libdir="";
- my $openssldir="";
-@@ -825,6 +831,10 @@
- {
- $flags.=$_." ";
- }
-+ elsif (/^--pk11-libname=(.*)$/)
-+ {
-+ $pk11_libname=$1;
-+ }
- elsif (/^--prefix=(.*)$/)
- {
- $prefix=$1;
-@@ -960,6 +970,13 @@
- exit 0;
- }
-
-+if (! $pk11_libname)
-+ {
-+ print STDERR "You must set --pk11-libname for PKCS#11 library.\n";
-+ print STDERR "See README.pkcs11 for more information.\n";
-+ exit 1;
-+ }
-+
- if ($target =~ m/^CygWin32(-.*)$/) {
- $target = "Cygwin".$1;
- }
-@@ -1126,6 +1143,8 @@
- if ($flags ne "") { $cflags="$flags$cflags"; }
- else { $no_user_cflags=1; }
-
-+$cflags="-DPK11_LIB_LOCATION=\"$pk11_libname\" $cflags";
-+
- # Kerberos settings. The flavor must be provided from outside, either through
- # the script "config" or manually.
- if (!$no_krb5)
-@@ -1489,6 +1508,7 @@
- s/^VERSION=.*/VERSION=$version/;
- s/^MAJOR=.*/MAJOR=$major/;
- s/^MINOR=.*/MINOR=$minor/;
-+ s/^PK11_LIB_LOCATION=.*/PK11_LIB_LOCATION=$pk11_libname/;
- s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/;
- s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/;
- s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/;
-diff -ruN ../a/openssl-0.9.8o/Makefile.org openssl-0.9.8o/Makefile.org
---- ../a/openssl-0.9.8o/Makefile.org 2010-01-27 08:06:36.000000000 -0800
-+++ openssl-0.9.8o/Makefile.org 2010-09-22 18:32:19.152576100 -0700
-@@ -26,6 +26,9 @@
- INSTALL_PREFIX=
- INSTALLTOP=/usr/local/ssl
-
-+# You must set this through --pk11-libname configure option.
-+PK11_LIB_LOCATION=
-+
- # Do not edit this manually. Use Configure --openssldir=DIR do change this!
- OPENSSLDIR=/usr/local/ssl
-
---- openssl-0.9.8y/engines/Makefile.~1~ Wed Jan 8 14:07:33 2014
-+++ openssl-0.9.8y/engines/Makefile Wed Jan 8 13:51:03 2014
-@@ -20,7 +20,8 @@
- APPS=
-
- LIB=$(TOP)/libcrypto.a
--LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec capi
-+LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec capi \
-+ pk11
-
- LIBSRC= e_4758cca.c \
- e_aep.c \
-@@ -31,7 +32,8 @@
- e_nuron.c \
- e_sureware.c \
- e_ubsec.c \
-- e_capi.c
-+ e_capi.c \
-+ e_pk11.c
- LIBOBJ= e_4758cca.o \
- e_aep.o \
- e_atalla.o \
-@@ -41,7 +43,8 @@
- e_nuron.o \
- e_sureware.o \
- e_ubsec.o \
-- e_capi.o
-+ e_capi.o \
-+ e_pk11.o
-
- SRC= $(LIBSRC)
-
-@@ -55,7 +58,8 @@
- e_nuron_err.c e_nuron_err.h \
- e_sureware_err.c e_sureware_err.h \
- e_ubsec_err.c e_ubsec_err.h \
-- e_capi_err.c e_capi_err.h
-+ e_capi_err.c e_capi_err.h \
-+ e_pk11.h e_pk11_uri.h e_pk11_err.h e_pk11_pub.c e_pk11_uri.c e_pk11_err.c
-
- ALL= $(GENERAL) $(SRC) $(HEADER)
-
-@@ -70,7 +74,7 @@
- for l in $(LIBNAMES); do \
- $(MAKE) -f ../Makefile.shared -e \
- LIBNAME=$$l LIBEXTRAS=e_$$l.o \
-- LIBDEPS='-L.. -lcrypto $(EX_LIBS)' \
-+ LIBDEPS='-L.. -lcrypto -lcryptoutil $(EX_LIBS)' \
- link_o.$(SHLIB_TARGET); \
- done; \
- else \
---- openssl-0.9.8y/crypto/engine/eng_all.c.~1~ Tue Feb 5 03:58:59 2013
-+++ openssl-0.9.8y/crypto/engine/eng_all.c Wed Jan 8 14:24:35 2014
-@@ -59,6 +59,16 @@
- #include "cryptlib.h"
- #include "eng_int.h"
-
-+/*
-+ * pkcs11 engine is no longer a build-in engine, and ENGINE_load_pk11() needs to be
-+ * defined in libcrypto.so for ssh. Instead of load pkcs11 engine, it loads dynamic
-+ * engines.
-+ */
-+void ENGINE_load_pk11(void)
-+ {
-+ ENGINE_load_dynamic();
-+ }
-+
- void ENGINE_load_builtin_engines(void)
- {
- /* There's no longer any need for an "openssl" ENGINE unless, one day,
-@@ -72,6 +82,9 @@
- ENGINE_load_padlock();
- #endif
- ENGINE_load_dynamic();
-+#ifndef OPENSSL_NO_HW_PKCS11
-+ ENGINE_load_pk11();
-+#endif
- #ifndef OPENSSL_NO_STATIC_ENGINE
- #ifndef OPENSSL_NO_HW
- #ifndef OPENSSL_NO_HW_4758_CCA
-
---- openssl-0.9.8y/crypto/dso/dso_lib.c.~1~ Wed Jan 8 15:16:36 2014
-+++ openssl-0.9.8y/crypto/dso/dso_lib.c Wed Jan 8 15:22:18 2014
-@@ -433,6 +433,26 @@
- DSOerr(DSO_F_DSO_CONVERT_FILENAME,DSO_R_NO_FILENAME);
- return(NULL);
- }
-+/*
-+ * For pkcs11 engine, use libpk11.so (instead of libpkcs11.so) to
-+ * avoid the name collision with PKCS#11 library.
-+ */
-+ if (strcmp(filename, "pkcs11") == 0)
-+ {
-+#ifdef _LP64
-+ static const char fullpath[] = "/lib/openssl/engines/64/libpk11.so";
-+#else
-+ static const char fullpath[] = "/lib/openssl/engines/libpk11.so";
-+#endif
-+ result = OPENSSL_malloc(strlen(fullpath) + 1);
-+ if (result == NULL)
-+ {
-+ DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_MALLOC_FAILURE);
-+ return(NULL);
-+ }
-+ BUF_strlcpy(result, fullpath, sizeof(fullpath));
-+ return(result);
-+ }
- if((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0)
- {
- if(dso->name_converter != NULL)
-diff -ruN ../a/openssl-0.9.8o/crypto/engine/engine.h openssl-0.9.8o/crypto/engine/engine.h
---- ../a/openssl-0.9.8o/crypto/engine/engine.h 2010-02-09 06:18:15.000000000 -0800
-+++ openssl-0.9.8o/crypto/engine/engine.h 2010-09-22 18:32:19.063758100 -0700
-@@ -337,6 +337,7 @@
- void ENGINE_load_ubsec(void);
- #endif
- void ENGINE_load_cryptodev(void);
-+void ENGINE_load_pk11(void);
- void ENGINE_load_padlock(void);
- void ENGINE_load_builtin_engines(void);
- #ifdef OPENSSL_SYS_WIN32