3579. [maint] Updates to PKCS#11 openssl patches, supporting

versions 0.9.8y, 1.0.0k, 1.0.1e [RT #33463]
This commit is contained in:
Mark Andrews 2013-05-30 12:40:13 +10:00
parent 17a00ff54c
commit 0193e63da9
5 changed files with 150 additions and 252 deletions

View file

@ -1,3 +1,6 @@
3579. [maint] Updates to PKCS#11 openssl patches, supporting
versions 0.9.8y, 1.0.0k, 1.0.1e [RT #33463]
3578. [bug] 'rndc -c file' now fails if 'file' does not exist.
[RT #33571]

View file

@ -1,7 +1,7 @@
Index: openssl/Configure
diff -u openssl/Configure:1.8.6.1 openssl/Configure:1.8
--- openssl/Configure:1.8.6.1 Sun Jan 15 15:45:33 2012
+++ openssl/Configure Mon Jun 13 14:25:15 2011
diff -u openssl/Configure:1.8.6.1.4.1 openssl/Configure:1.8.2.1
--- openssl/Configure:1.8.6.1.4.1 Tue May 14 14:41:19 2013
+++ openssl/Configure Tue May 14 14:56:15 2013
@@ -12,7 +12,7 @@
# see INSTALL for instructions.
@ -24,7 +24,7 @@ diff -u openssl/Configure:1.8.6.1 openssl/Configure:1.8
# --with-krb5-dir Declare where Kerberos 5 lives. The libraries are expected
# to live in the subdirectory lib/ and the header files in
# include/. A value is required.
@@ -335,7 +341,7 @@
@@ -336,7 +342,7 @@
"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc32.o::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### IA-32 targets...
"linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@ -33,7 +33,7 @@ diff -u openssl/Configure:1.8.6.1 openssl/Configure:1.8
"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
####
"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -343,7 +349,7 @@
@@ -344,7 +350,7 @@
"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@ -42,7 +42,7 @@ diff -u openssl/Configure:1.8.6.1 openssl/Configure:1.8
#### SPARC Linux setups
# Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
# assisted with debugging of following two configs.
@@ -590,6 +596,10 @@
@@ -591,6 +597,10 @@
my $idx_ranlib = $idx++;
my $idx_arflags = $idx++;
@ -53,7 +53,7 @@ diff -u openssl/Configure:1.8.6.1 openssl/Configure:1.8
my $prefix="";
my $libdir="";
my $openssldir="";
@@ -828,6 +838,14 @@
@@ -829,6 +839,14 @@
{
$flags.=$_." ";
}
@ -68,7 +68,7 @@ diff -u openssl/Configure:1.8.6.1 openssl/Configure:1.8
elsif (/^--prefix=(.*)$/)
{
$prefix=$1;
@@ -963,6 +981,22 @@
@@ -964,6 +982,22 @@
exit 0;
}
@ -91,7 +91,7 @@ diff -u openssl/Configure:1.8.6.1 openssl/Configure:1.8
if ($target =~ m/^CygWin32(-.*)$/) {
$target = "Cygwin".$1;
}
@@ -1078,6 +1112,25 @@
@@ -1079,6 +1113,25 @@
print "\n";
}
@ -117,7 +117,7 @@ diff -u openssl/Configure:1.8.6.1 openssl/Configure:1.8
my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds;
$IsMK1MF=1 if ($target eq "mingw" && $^O ne "cygwin" && !is_msys());
@@ -1129,6 +1182,8 @@
@@ -1130,6 +1183,8 @@
if ($flags ne "") { $cflags="$flags$cflags"; }
else { $no_user_cflags=1; }
@ -126,7 +126,7 @@ diff -u openssl/Configure:1.8.6.1 openssl/Configure:1.8
# Kerberos settings. The flavor must be provided from outside, either through
# the script "config" or manually.
if (!$no_krb5)
@@ -1492,6 +1547,7 @@
@@ -1493,6 +1548,7 @@
s/^VERSION=.*/VERSION=$version/;
s/^MAJOR=.*/MAJOR=$major/;
s/^MINOR=.*/MINOR=$minor/;
@ -150,7 +150,7 @@ diff -u openssl/Makefile.org:1.4.6.1 openssl/Makefile.org:1.4
Index: openssl/README.pkcs11
diff -u /dev/null openssl/README.pkcs11:1.6.4.1
--- /dev/null Tue Jun 19 16:24:30 2012
--- /dev/null Thu May 16 07:41:50 2013
+++ openssl/README.pkcs11 Mon Jun 13 18:27:39 2011
@@ -0,0 +1,261 @@
+ISC modified
@ -624,7 +624,7 @@ diff -u openssl/crypto/engine/Makefile:1.6.6.1 openssl/crypto/engine/Makefile:1.
tb_cipher.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
Index: openssl/crypto/engine/cryptoki.h
diff -u /dev/null openssl/crypto/engine/cryptoki.h:1.4
--- /dev/null Tue Jun 19 16:24:30 2012
--- /dev/null Thu May 16 07:41:50 2013
+++ openssl/crypto/engine/cryptoki.h Thu Dec 18 00:14:12 2008
@@ -0,0 +1,103 @@
+/*
@ -767,9 +767,9 @@ diff -u openssl/crypto/engine/engine.h:1.4.6.1 openssl/crypto/engine/engine.h:1.
/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
* "registry" handling. */
Index: openssl/crypto/engine/hw_pk11.c
diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.26.4.2
--- /dev/null Tue Jun 19 16:24:30 2012
+++ openssl/crypto/engine/hw_pk11.c Thu Jun 16 12:31:35 2011
diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.26.4.3
--- /dev/null Thu May 16 07:41:51 2013
+++ openssl/crypto/engine/hw_pk11.c Thu May 16 07:20:00 2013
@@ -0,0 +1,4057 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
@ -1630,8 +1630,8 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.26.4.2
+ */
+static const char def_PK11_LIBNAME[] = PK11_LIB_LOCATION;
+
+static CK_BBOOL true = TRUE;
+static CK_BBOOL false = FALSE;
+static CK_BBOOL mytrue = TRUE;
+static CK_BBOOL myfalse = FALSE;
+/* Needed in hw_pk11_pub.c as well so that's why it is not static. */
+CK_SLOT_ID pubkey_SLOTID = 0;
+static CK_SLOT_ID rand_SLOTID = 0;
@ -3707,9 +3707,9 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.26.4.2
+ {
+ {CKA_CLASS, (void*) NULL, sizeof (CK_OBJECT_CLASS)},
+ {CKA_KEY_TYPE, (void*) NULL, sizeof (CK_KEY_TYPE)},
+ {CKA_TOKEN, &false, sizeof (false)},
+ {CKA_ENCRYPT, &true, sizeof (true)},
+ {CKA_DECRYPT, &true, sizeof (true)},
+ {CKA_TOKEN, &myfalse, sizeof (myfalse)},
+ {CKA_ENCRYPT, &mytrue, sizeof (mytrue)},
+ {CKA_DECRYPT, &mytrue, sizeof (mytrue)},
+ {CKA_VALUE, (void*) NULL, 0},
+ };
+
@ -4830,7 +4830,7 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.26.4.2
+#endif /* OPENSSL_NO_HW */
Index: openssl/crypto/engine/hw_pk11_err.c
diff -u /dev/null openssl/crypto/engine/hw_pk11_err.c:1.4.10.1
--- /dev/null Tue Jun 19 16:24:30 2012
--- /dev/null Thu May 16 07:41:51 2013
+++ openssl/crypto/engine/hw_pk11_err.c Tue Jun 14 21:52:40 2011
@@ -0,0 +1,288 @@
+/*
@ -5123,7 +5123,7 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11_err.c:1.4.10.1
+}
Index: openssl/crypto/engine/hw_pk11_err.h
diff -u /dev/null openssl/crypto/engine/hw_pk11_err.h:1.9.10.1
--- /dev/null Tue Jun 19 16:24:30 2012
--- /dev/null Thu May 16 07:41:51 2013
+++ openssl/crypto/engine/hw_pk11_err.h Tue Jun 14 21:52:40 2011
@@ -0,0 +1,440 @@
+/*
@ -5568,7 +5568,7 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11_err.h:1.9.10.1
+#endif /* HW_PK11_ERR_H */
Index: openssl/crypto/engine/hw_pk11_pub.c
diff -u /dev/null openssl/crypto/engine/hw_pk11_pub.c:1.32.4.4
--- /dev/null Tue Jun 19 16:24:30 2012
--- /dev/null Thu May 16 07:41:51 2013
+++ openssl/crypto/engine/hw_pk11_pub.c Sun Jun 17 21:12:10 2012
@@ -0,0 +1,3530 @@
+/*
@ -9103,7 +9103,7 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11_pub.c:1.32.4.4
+#endif /* OPENSSL_NO_HW */
Index: openssl/crypto/engine/hw_pk11ca.h
diff -u /dev/null openssl/crypto/engine/hw_pk11ca.h:1.2.4.2
--- /dev/null Tue Jun 19 16:24:30 2012
--- /dev/null Thu May 16 07:41:51 2013
+++ openssl/crypto/engine/hw_pk11ca.h Wed Jun 15 21:12:32 2011
@@ -0,0 +1,32 @@
+/* Redefine all pk11/PK11 external symbols to pk11ca/PK11CA */
@ -9140,7 +9140,7 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11ca.h:1.2.4.2
+#define ENGINE_load_pk11 ENGINE_load_pk11ca
Index: openssl/crypto/engine/hw_pk11so.c
diff -u /dev/null openssl/crypto/engine/hw_pk11so.c:1.3.4.2
--- /dev/null Tue Jun 19 16:24:30 2012
--- /dev/null Thu May 16 07:41:51 2013
+++ openssl/crypto/engine/hw_pk11so.c Thu Jun 16 12:31:35 2011
@@ -0,0 +1,1745 @@
+/*
@ -10890,7 +10890,7 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11so.c:1.3.4.2
+#endif /* OPENSSL_NO_HW */
Index: openssl/crypto/engine/hw_pk11so.h
diff -u /dev/null openssl/crypto/engine/hw_pk11so.h:1.2.4.2
--- /dev/null Tue Jun 19 16:24:30 2012
--- /dev/null Thu May 16 07:41:51 2013
+++ openssl/crypto/engine/hw_pk11so.h Wed Jun 15 21:12:32 2011
@@ -0,0 +1,32 @@
+/* Redefine all pk11/PK11 external symbols to pk11so/PK11SO */
@ -10927,7 +10927,7 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11so.h:1.2.4.2
+#define ENGINE_load_pk11 ENGINE_load_pk11so
Index: openssl/crypto/engine/hw_pk11so_pub.c
diff -u /dev/null openssl/crypto/engine/hw_pk11so_pub.c:1.2.4.4
--- /dev/null Tue Jun 19 16:24:30 2012
--- /dev/null Thu May 16 07:41:51 2013
+++ openssl/crypto/engine/hw_pk11so_pub.c Sun Jun 17 21:12:11 2012
@@ -0,0 +1,1622 @@
+/*
@ -12554,11 +12554,11 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11so_pub.c:1.2.4.4
+#endif /* OPENSSL_NO_HW */
Index: openssl/crypto/engine/pkcs11.h
diff -u /dev/null openssl/crypto/engine/pkcs11.h:1.1.1.1
--- /dev/null Tue Jun 19 16:24:30 2012
--- /dev/null Thu May 16 07:41:51 2013
+++ openssl/crypto/engine/pkcs11.h Wed Oct 24 23:27:09 2007
@@ -0,0 +1,299 @@
+/* pkcs11.h include file for PKCS #11. */
+/* $Revision: 1.1.1.1 $ */
+/* $Revision$ */
+
+/* License to copy and use this software is granted provided that it is
+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
@ -12858,11 +12858,11 @@ diff -u /dev/null openssl/crypto/engine/pkcs11.h:1.1.1.1
+#endif
Index: openssl/crypto/engine/pkcs11f.h
diff -u /dev/null openssl/crypto/engine/pkcs11f.h:1.1.1.1
--- /dev/null Tue Jun 19 16:24:30 2012
--- /dev/null Thu May 16 07:41:51 2013
+++ openssl/crypto/engine/pkcs11f.h Wed Oct 24 23:27:09 2007
@@ -0,0 +1,912 @@
+/* pkcs11f.h include file for PKCS #11. */
+/* $Revision: 1.1.1.1 $ */
+/* $Revision$ */
+
+/* License to copy and use this software is granted provided that it is
+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
@ -13775,11 +13775,11 @@ diff -u /dev/null openssl/crypto/engine/pkcs11f.h:1.1.1.1
+#endif
Index: openssl/crypto/engine/pkcs11t.h
diff -u /dev/null openssl/crypto/engine/pkcs11t.h:1.2
--- /dev/null Tue Jun 19 16:24:30 2012
--- /dev/null Thu May 16 07:41:51 2013
+++ openssl/crypto/engine/pkcs11t.h Sat Aug 30 11:58:07 2008
@@ -0,0 +1,1885 @@
+/* pkcs11t.h include file for PKCS #11. */
+/* $Revision: 1.2 $ */
+/* $Revision$ */
+
+/* License to copy and use this software is granted provided that it is
+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
@ -15664,10 +15664,10 @@ diff -u /dev/null openssl/crypto/engine/pkcs11t.h:1.2
+
+#endif
Index: openssl/util/libeay.num
diff -u openssl/util/libeay.num:1.7.6.1 openssl/util/libeay.num:1.7
--- openssl/util/libeay.num:1.7.6.1 Sun Jan 15 15:45:40 2012
+++ openssl/util/libeay.num Mon Jun 13 14:25:25 2011
@@ -3728,3 +3728,5 @@
diff -u openssl/util/libeay.num:1.7.6.1.4.1 openssl/util/libeay.num:1.7.2.1
--- openssl/util/libeay.num:1.7.6.1.4.1 Tue May 14 14:41:22 2013
+++ openssl/util/libeay.num Tue May 14 14:56:18 2013
@@ -3729,3 +3729,5 @@
pqueue_size 4114 EXIST::FUNCTION:
OPENSSL_uni2asc 4115 EXIST:NETWARE:FUNCTION:
OPENSSL_asc2uni 4116 EXIST:NETWARE:FUNCTION:

View file

@ -1,7 +1,7 @@
Index: openssl/Configure
diff -u openssl/Configure:1.9.2.1.2.1 openssl/Configure:1.11
--- openssl/Configure:1.9.2.1.2.1 Tue Jun 19 14:46:03 2012
+++ openssl/Configure Tue Jun 19 14:49:21 2012
diff -u openssl/Configure:1.9.2.1.2.1.4.1 openssl/Configure:1.11.2.1
--- openssl/Configure:1.9.2.1.2.1.4.1 Tue May 14 15:37:45 2013
+++ openssl/Configure Tue May 14 15:49:01 2013
@@ -10,7 +10,7 @@
# see INSTALL for instructions.
@ -24,7 +24,7 @@ diff -u openssl/Configure:1.9.2.1.2.1 openssl/Configure:1.11
# --with-krb5-dir Declare where Kerberos 5 lives. The libraries are expected
# to live in the subdirectory lib/ and the header files in
# include/. A value is required.
@@ -343,7 +349,7 @@
@@ -344,7 +350,7 @@
"linux-armv4", "gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### IA-32 targets...
"linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@ -33,7 +33,7 @@ diff -u openssl/Configure:1.9.2.1.2.1 openssl/Configure:1.11
"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
####
"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -351,7 +357,7 @@
@@ -352,7 +358,7 @@
"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@ -42,7 +42,7 @@ diff -u openssl/Configure:1.9.2.1.2.1 openssl/Configure:1.11
"linux-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
#### SPARC Linux setups
# Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
@@ -622,6 +628,10 @@
@@ -623,6 +629,10 @@
my $idx_arflags = $idx++;
my $idx_multilib = $idx++;
@ -53,7 +53,7 @@ diff -u openssl/Configure:1.9.2.1.2.1 openssl/Configure:1.11
my $prefix="";
my $libdir="";
my $openssldir="";
@@ -824,6 +834,14 @@
@@ -825,6 +835,14 @@
{
$flags.=$_." ";
}
@ -68,7 +68,7 @@ diff -u openssl/Configure:1.9.2.1.2.1 openssl/Configure:1.11
elsif (/^--prefix=(.*)$/)
{
$prefix=$1;
@@ -961,6 +979,22 @@
@@ -962,6 +980,22 @@
exit 0;
}
@ -91,7 +91,7 @@ diff -u openssl/Configure:1.9.2.1.2.1 openssl/Configure:1.11
if ($target =~ m/^CygWin32(-.*)$/) {
$target = "Cygwin".$1;
}
@@ -1038,6 +1072,25 @@
@@ -1039,6 +1073,25 @@
$exp_cflags .= " -DOPENSSL_EXPERIMENTAL_$ALGO";
}
@ -117,7 +117,7 @@ diff -u openssl/Configure:1.9.2.1.2.1 openssl/Configure:1.11
my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds;
$exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target =~ /^mingw/);
@@ -1125,6 +1178,8 @@
@@ -1126,6 +1179,8 @@
if ($flags ne "") { $cflags="$flags$cflags"; }
else { $no_user_cflags=1; }
@ -126,7 +126,7 @@ diff -u openssl/Configure:1.9.2.1.2.1 openssl/Configure:1.11
# Kerberos settings. The flavor must be provided from outside, either through
# the script "config" or manually.
if (!$no_krb5)
@@ -1494,6 +1549,7 @@
@@ -1495,6 +1550,7 @@
s/^VERSION=.*/VERSION=$version/;
s/^MAJOR=.*/MAJOR=$major/;
s/^MINOR=.*/MINOR=$minor/;
@ -150,7 +150,7 @@ diff -u openssl/Makefile.org:1.5.2.1.2.1 openssl/Makefile.org:1.6
Index: openssl/README.pkcs11
diff -u /dev/null openssl/README.pkcs11:1.7
--- /dev/null Tue Jun 19 16:23:56 2012
--- /dev/null Thu May 16 07:42:54 2013
+++ openssl/README.pkcs11 Mon Jun 13 18:27:17 2011
@@ -0,0 +1,261 @@
+ISC modified
@ -605,7 +605,7 @@ diff -u openssl/crypto/engine/Makefile:1.8.2.1 openssl/crypto/engine/Makefile:1.
tb_asnmth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
Index: openssl/crypto/engine/cryptoki.h
diff -u /dev/null openssl/crypto/engine/cryptoki.h:1.4
--- /dev/null Tue Jun 19 16:23:56 2012
--- /dev/null Thu May 16 07:42:54 2013
+++ openssl/crypto/engine/cryptoki.h Thu Dec 18 00:14:12 2008
@@ -0,0 +1,103 @@
+/*
@ -748,9 +748,9 @@ diff -u openssl/crypto/engine/engine.h:1.5.2.1 openssl/crypto/engine/engine.h:1.
void ENGINE_load_gmp(void);
#endif
Index: openssl/crypto/engine/hw_pk11.c
diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.30
--- /dev/null Tue Jun 19 16:23:56 2012
+++ openssl/crypto/engine/hw_pk11.c Thu Jun 16 12:31:53 2011
diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.30.4.1
--- /dev/null Thu May 16 07:42:54 2013
+++ openssl/crypto/engine/hw_pk11.c Thu May 16 06:53:50 2013
@@ -0,0 +1,4057 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
@ -1611,8 +1611,8 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.30
+ */
+static const char def_PK11_LIBNAME[] = PK11_LIB_LOCATION;
+
+static CK_BBOOL true = TRUE;
+static CK_BBOOL false = FALSE;
+static CK_BBOOL mytrue = TRUE;
+static CK_BBOOL myfalse = FALSE;
+/* Needed in hw_pk11_pub.c as well so that's why it is not static. */
+CK_SLOT_ID pubkey_SLOTID = 0;
+static CK_SLOT_ID rand_SLOTID = 0;
@ -3688,9 +3688,9 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.30
+ {
+ {CKA_CLASS, (void*) NULL, sizeof (CK_OBJECT_CLASS)},
+ {CKA_KEY_TYPE, (void*) NULL, sizeof (CK_KEY_TYPE)},
+ {CKA_TOKEN, &false, sizeof (false)},
+ {CKA_ENCRYPT, &true, sizeof (true)},
+ {CKA_DECRYPT, &true, sizeof (true)},
+ {CKA_TOKEN, &myfalse, sizeof (myfalse)},
+ {CKA_ENCRYPT, &mytrue, sizeof (mytrue)},
+ {CKA_DECRYPT, &mytrue, sizeof (mytrue)},
+ {CKA_VALUE, (void*) NULL, 0},
+ };
+
@ -4811,7 +4811,7 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.30
+#endif /* OPENSSL_NO_HW */
Index: openssl/crypto/engine/hw_pk11_err.c
diff -u /dev/null openssl/crypto/engine/hw_pk11_err.c:1.5
--- /dev/null Tue Jun 19 16:23:56 2012
--- /dev/null Thu May 16 07:42:54 2013
+++ openssl/crypto/engine/hw_pk11_err.c Tue Jun 14 00:43:26 2011
@@ -0,0 +1,288 @@
+/*
@ -5104,7 +5104,7 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11_err.c:1.5
+}
Index: openssl/crypto/engine/hw_pk11_err.h
diff -u /dev/null openssl/crypto/engine/hw_pk11_err.h:1.12
--- /dev/null Tue Jun 19 16:23:57 2012
--- /dev/null Thu May 16 07:42:54 2013
+++ openssl/crypto/engine/hw_pk11_err.h Tue Jun 14 21:51:32 2011
@@ -0,0 +1,440 @@
+/*
@ -5549,7 +5549,7 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11_err.h:1.12
+#endif /* HW_PK11_ERR_H */
Index: openssl/crypto/engine/hw_pk11_pub.c
diff -u /dev/null openssl/crypto/engine/hw_pk11_pub.c:1.38
--- /dev/null Tue Jun 19 16:23:57 2012
--- /dev/null Thu May 16 07:42:54 2013
+++ openssl/crypto/engine/hw_pk11_pub.c Sun Jun 17 21:12:24 2012
@@ -0,0 +1,3530 @@
+/*
@ -9084,7 +9084,7 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11_pub.c:1.38
+#endif /* OPENSSL_NO_HW */
Index: openssl/crypto/engine/hw_pk11ca.h
diff -u /dev/null openssl/crypto/engine/hw_pk11ca.h:1.4
--- /dev/null Tue Jun 19 16:23:57 2012
--- /dev/null Thu May 16 07:42:54 2013
+++ openssl/crypto/engine/hw_pk11ca.h Wed Jun 15 21:12:20 2011
@@ -0,0 +1,32 @@
+/* Redefine all pk11/PK11 external symbols to pk11ca/PK11CA */
@ -9121,7 +9121,7 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11ca.h:1.4
+#define ENGINE_load_pk11 ENGINE_load_pk11ca
Index: openssl/crypto/engine/hw_pk11so.c
diff -u /dev/null openssl/crypto/engine/hw_pk11so.c:1.7
--- /dev/null Tue Jun 19 16:23:57 2012
--- /dev/null Thu May 16 07:42:54 2013
+++ openssl/crypto/engine/hw_pk11so.c Thu Jun 16 12:31:53 2011
@@ -0,0 +1,1745 @@
+/*
@ -10871,7 +10871,7 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11so.c:1.7
+#endif /* OPENSSL_NO_HW */
Index: openssl/crypto/engine/hw_pk11so.h
diff -u /dev/null openssl/crypto/engine/hw_pk11so.h:1.4
--- /dev/null Tue Jun 19 16:23:57 2012
--- /dev/null Thu May 16 07:42:54 2013
+++ openssl/crypto/engine/hw_pk11so.h Wed Jun 15 21:12:20 2011
@@ -0,0 +1,32 @@
+/* Redefine all pk11/PK11 external symbols to pk11so/PK11SO */
@ -10908,7 +10908,7 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11so.h:1.4
+#define ENGINE_load_pk11 ENGINE_load_pk11so
Index: openssl/crypto/engine/hw_pk11so_pub.c
diff -u /dev/null openssl/crypto/engine/hw_pk11so_pub.c:1.8
--- /dev/null Tue Jun 19 16:23:57 2012
--- /dev/null Thu May 16 07:42:54 2013
+++ openssl/crypto/engine/hw_pk11so_pub.c Sun Jun 17 21:12:24 2012
@@ -0,0 +1,1622 @@
+/*
@ -12535,11 +12535,11 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11so_pub.c:1.8
+#endif /* OPENSSL_NO_HW */
Index: openssl/crypto/engine/pkcs11.h
diff -u /dev/null openssl/crypto/engine/pkcs11.h:1.1.1.1
--- /dev/null Tue Jun 19 16:23:57 2012
--- /dev/null Thu May 16 07:42:54 2013
+++ openssl/crypto/engine/pkcs11.h Wed Oct 24 23:27:09 2007
@@ -0,0 +1,299 @@
+/* pkcs11.h include file for PKCS #11. */
+/* $Revision: 1.1.1.1 $ */
+/* $Revision$ */
+
+/* License to copy and use this software is granted provided that it is
+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
@ -12839,11 +12839,11 @@ diff -u /dev/null openssl/crypto/engine/pkcs11.h:1.1.1.1
+#endif
Index: openssl/crypto/engine/pkcs11f.h
diff -u /dev/null openssl/crypto/engine/pkcs11f.h:1.1.1.1
--- /dev/null Tue Jun 19 16:23:57 2012
--- /dev/null Thu May 16 07:42:54 2013
+++ openssl/crypto/engine/pkcs11f.h Wed Oct 24 23:27:09 2007
@@ -0,0 +1,912 @@
+/* pkcs11f.h include file for PKCS #11. */
+/* $Revision: 1.1.1.1 $ */
+/* $Revision$ */
+
+/* License to copy and use this software is granted provided that it is
+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
@ -13756,11 +13756,11 @@ diff -u /dev/null openssl/crypto/engine/pkcs11f.h:1.1.1.1
+#endif
Index: openssl/crypto/engine/pkcs11t.h
diff -u /dev/null openssl/crypto/engine/pkcs11t.h:1.2
--- /dev/null Tue Jun 19 16:23:57 2012
--- /dev/null Thu May 16 07:42:54 2013
+++ openssl/crypto/engine/pkcs11t.h Sat Aug 30 11:58:07 2008
@@ -0,0 +1,1885 @@
+/* pkcs11t.h include file for PKCS #11. */
+/* $Revision: 1.2 $ */
+/* $Revision$ */
+
+/* License to copy and use this software is granted provided that it is
+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
@ -15645,10 +15645,10 @@ diff -u /dev/null openssl/crypto/engine/pkcs11t.h:1.2
+
+#endif
Index: openssl/util/libeay.num
diff -u openssl/util/libeay.num:1.8.2.1 openssl/util/libeay.num:1.9
--- openssl/util/libeay.num:1.8.2.1 Sun Jan 15 16:09:52 2012
+++ openssl/util/libeay.num Sun Jan 15 16:30:10 2012
@@ -4194,3 +4194,5 @@
diff -u openssl/util/libeay.num:1.8.2.1.6.1 openssl/util/libeay.num:1.9.2.1
--- openssl/util/libeay.num:1.8.2.1.6.1 Tue May 14 15:37:52 2013
+++ openssl/util/libeay.num Tue May 14 15:49:08 2013
@@ -4195,3 +4195,5 @@
OPENSSL_strncasecmp 4566 EXIST::FUNCTION:
OPENSSL_gmtime 4567 EXIST::FUNCTION:
OPENSSL_gmtime_adj 4568 EXIST::FUNCTION:

View file

@ -1,7 +1,7 @@
Index: openssl/Configure
diff -u openssl/Configure:1.9.2.1.2.1.2.1 openssl/Configure:1.12
--- openssl/Configure:1.9.2.1.2.1.2.1 Tue Jun 19 15:29:45 2012
+++ openssl/Configure Tue Jun 19 16:17:49 2012
diff -u openssl/Configure:1.9.2.1.2.1.2.1.2.1 openssl/Configure:1.13
--- openssl/Configure:1.9.2.1.2.1.2.1.2.1 Wed May 15 11:46:59 2013
+++ openssl/Configure Wed May 15 11:57:36 2013
@@ -10,7 +10,7 @@
# see INSTALL for instructions.
@ -24,7 +24,7 @@ diff -u openssl/Configure:1.9.2.1.2.1.2.1 openssl/Configure:1.12
# --with-krb5-dir Declare where Kerberos 5 lives. The libraries are expected
# to live in the subdirectory lib/ and the header files in
# include/. A value is required.
@@ -350,7 +356,7 @@
@@ -352,7 +358,7 @@
"linux-armv4", "gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### IA-32 targets...
"linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@ -33,7 +33,7 @@ diff -u openssl/Configure:1.9.2.1.2.1.2.1 openssl/Configure:1.12
"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
####
"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -358,7 +364,7 @@
@@ -360,7 +366,7 @@
"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@ -42,7 +42,7 @@ diff -u openssl/Configure:1.9.2.1.2.1.2.1 openssl/Configure:1.12
"linux64-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
#### So called "highgprs" target for z/Architecture CPUs
# "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
@@ -655,6 +661,10 @@
@@ -657,6 +663,10 @@
my $idx_arflags = $idx++;
my $idx_multilib = $idx++;
@ -53,7 +53,7 @@ diff -u openssl/Configure:1.9.2.1.2.1.2.1 openssl/Configure:1.12
my $prefix="";
my $libdir="";
my $openssldir="";
@@ -874,6 +884,14 @@
@@ -876,6 +886,14 @@
$_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei;
$flags.=$_." ";
}
@ -68,7 +68,7 @@ diff -u openssl/Configure:1.9.2.1.2.1.2.1 openssl/Configure:1.12
elsif (/^--prefix=(.*)$/)
{
$prefix=$1;
@@ -1041,6 +1059,22 @@
@@ -1043,6 +1061,22 @@
exit 0;
}
@ -91,7 +91,7 @@ diff -u openssl/Configure:1.9.2.1.2.1.2.1 openssl/Configure:1.12
if ($target =~ m/^CygWin32(-.*)$/) {
$target = "Cygwin".$1;
}
@@ -1118,6 +1152,25 @@
@@ -1120,6 +1154,25 @@
$exp_cflags .= " -DOPENSSL_EXPERIMENTAL_$ALGO";
}
@ -117,7 +117,7 @@ diff -u openssl/Configure:1.9.2.1.2.1.2.1 openssl/Configure:1.12
my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds;
$exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target =~ /^mingw/);
@@ -1207,6 +1260,8 @@
@@ -1209,6 +1262,8 @@
if ($flags ne "") { $cflags="$flags$cflags"; }
else { $no_user_cflags=1; }
@ -126,7 +126,7 @@ diff -u openssl/Configure:1.9.2.1.2.1.2.1 openssl/Configure:1.12
# Kerberos settings. The flavor must be provided from outside, either through
# the script "config" or manually.
if (!$no_krb5)
@@ -1596,6 +1651,7 @@
@@ -1598,6 +1653,7 @@
s/^VERSION=.*/VERSION=$version/;
s/^MAJOR=.*/MAJOR=$major/;
s/^MINOR=.*/MINOR=$minor/;
@ -135,9 +135,9 @@ diff -u openssl/Configure:1.9.2.1.2.1.2.1 openssl/Configure:1.12
s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/;
s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/;
Index: openssl/Makefile.org
diff -u openssl/Makefile.org:1.5.2.1.2.1.2.1 openssl/Makefile.org:1.7
--- openssl/Makefile.org:1.5.2.1.2.1.2.1 Tue Jun 19 15:29:46 2012
+++ openssl/Makefile.org Tue Jun 19 16:17:49 2012
diff -u openssl/Makefile.org:1.5.2.1.2.1.2.1.2.1 openssl/Makefile.org:1.8
--- openssl/Makefile.org:1.5.2.1.2.1.2.1.2.1 Wed May 15 11:46:59 2013
+++ openssl/Makefile.org Wed May 15 11:57:36 2013
@@ -26,6 +26,9 @@
INSTALL_PREFIX=
INSTALLTOP=/usr/local/ssl
@ -150,7 +150,7 @@ diff -u openssl/Makefile.org:1.5.2.1.2.1.2.1 openssl/Makefile.org:1.7
Index: openssl/README.pkcs11
diff -u /dev/null openssl/README.pkcs11:1.7
--- /dev/null Tue Jun 19 16:21:25 2012
--- /dev/null Thu May 16 07:44:28 2013
+++ openssl/README.pkcs11 Mon Jun 13 18:27:17 2011
@@ -0,0 +1,261 @@
+ISC modified
@ -606,7 +606,7 @@ diff -u openssl/crypto/engine/Makefile:1.8.2.1.4.1 openssl/crypto/engine/Makefil
tb_asnmth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
Index: openssl/crypto/engine/cryptoki.h
diff -u /dev/null openssl/crypto/engine/cryptoki.h:1.4
--- /dev/null Tue Jun 19 16:21:25 2012
--- /dev/null Thu May 16 07:44:28 2013
+++ openssl/crypto/engine/cryptoki.h Thu Dec 18 00:14:12 2008
@@ -0,0 +1,103 @@
+/*
@ -749,10 +749,10 @@ diff -u openssl/crypto/engine/engine.h:1.5.2.1.4.1 openssl/crypto/engine/engine.
void ENGINE_load_gmp(void);
#endif
Index: openssl/crypto/engine/hw_pk11.c
diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.30
--- /dev/null Tue Jun 19 16:21:25 2012
+++ openssl/crypto/engine/hw_pk11.c Thu Jun 16 12:31:53 2011
@@ -0,0 +1,4057 @@
diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.32
--- /dev/null Thu May 16 07:44:28 2013
+++ openssl/crypto/engine/hw_pk11.c Thu May 16 06:50:56 2013
@@ -0,0 +1,3951 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
+ * Use is subject to license terms.
@ -888,15 +888,6 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.30
+#undef SOLARIS_HW_SLOT_SELECTION
+#endif
+
+/*
+ * AES counter mode is not supported in the OpenSSL EVP API yet and neither
+ * there are official OIDs for mechanisms based on this mode. With our changes,
+ * an application can define its own EVP calls for AES counter mode and then
+ * it can make use of hardware acceleration through this engine. However, it's
+ * better if we keep AES CTR support code under ifdef's.
+ */
+#define SOLARIS_AES_CTR
+
+#ifdef OPENSSL_SYS_WIN32
+#pragma pack(push, cryptoki, 1)
+#include "cryptoki.h"
@ -909,16 +900,6 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.30
+#include "hw_pk11ca.h"
+#include "hw_pk11_err.c"
+
+#ifdef SOLARIS_AES_CTR
+/*
+ * NIDs for AES counter mode that will be defined during the engine
+ * initialization.
+ */
+static int NID_aes_128_ctr = NID_undef;
+static int NID_aes_192_ctr = NID_undef;
+static int NID_aes_256_ctr = NID_undef;
+#endif /* SOLARIS_AES_CTR */
+
+/*
+ * We use this lock to prevent multiple C_Login()s, guard getpassphrase(),
+ * uri_struct manipulation, and static token info. All of that is used by the
@ -1031,10 +1012,6 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.30
+
+/* Symmetric cipher and digest support functions */
+static int cipher_nid_to_pk11(int nid);
+#ifdef SOLARIS_AES_CTR
+static int pk11_add_NID(char *sn, char *ln);
+static int pk11_add_aes_ctr_NIDs(void);
+#endif /* SOLARIS_AES_CTR */
+static int pk11_usable_ciphers(const int **nids);
+static int pk11_usable_digests(const int **nids);
+static int pk11_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
@ -1099,12 +1076,10 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.30
+ PK11_AES_128_ECB,
+ PK11_AES_192_ECB,
+ PK11_AES_256_ECB,
+ PK11_BLOWFISH_CBC,
+#ifdef SOLARIS_AES_CTR
+ PK11_AES_128_CTR,
+ PK11_AES_192_CTR,
+ PK11_AES_256_CTR,
+#endif /* SOLARIS_AES_CTR */
+ PK11_BLOWFISH_CBC,
+ PK11_CIPHER_MAX
+};
+
@ -1177,17 +1152,14 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.30
+ CKK_AES, CKM_AES_ECB, },
+ { PK11_AES_256_ECB, NID_aes_256_ecb, 0, 32, 32,
+ CKK_AES, CKM_AES_ECB, },
+ { PK11_AES_128_CTR, NID_aes_128_ctr, 16, 16, 16,
+ CKK_AES, CKM_AES_CTR, },
+ { PK11_AES_192_CTR, NID_aes_192_ctr, 16, 24, 24,
+ CKK_AES, CKM_AES_CTR, },
+ { PK11_AES_256_CTR, NID_aes_256_ctr, 16, 32, 32,
+ CKK_AES, CKM_AES_CTR, },
+ { PK11_BLOWFISH_CBC, NID_bf_cbc, 8, 16, 16,
+ CKK_BLOWFISH, CKM_BLOWFISH_CBC, },
+#ifdef SOLARIS_AES_CTR
+ /* we don't know the correct NIDs until the engine is initialized */
+ { PK11_AES_128_CTR, NID_undef, 16, 16, 16,
+ CKK_AES, CKM_AES_CTR, },
+ { PK11_AES_192_CTR, NID_undef, 16, 24, 24,
+ CKK_AES, CKM_AES_CTR, },
+ { PK11_AES_256_CTR, NID_undef, 16, 32, 32,
+ CKK_AES, CKM_AES_CTR, },
+#endif /* SOLARIS_AES_CTR */
+ };
+
+typedef struct PK11_DIGEST_st
@ -1377,15 +1349,9 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.30
+ NULL
+ };
+
+#ifdef SOLARIS_AES_CTR
+/*
+ * NID_undef's will be changed to the AES counter mode NIDs as soon they are
+ * created in pk11_library_init(). Note that the need to change these structures
+ * is the reason why we don't define them with the const keyword.
+ */
+static EVP_CIPHER pk11_aes_128_ctr =
+static const EVP_CIPHER pk11_aes_128_ctr =
+ {
+ NID_undef,
+ NID_aes_128_ctr,
+ 16, 16, 16,
+ EVP_CIPH_CBC_MODE,
+ pk11_cipher_init,
@ -1397,9 +1363,9 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.30
+ NULL
+ };
+
+static EVP_CIPHER pk11_aes_192_ctr =
+static const EVP_CIPHER pk11_aes_192_ctr =
+ {
+ NID_undef,
+ NID_aes_192_ctr,
+ 16, 24, 16,
+ EVP_CIPH_CBC_MODE,
+ pk11_cipher_init,
@ -1411,9 +1377,9 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.30
+ NULL
+ };
+
+static EVP_CIPHER pk11_aes_256_ctr =
+static const EVP_CIPHER pk11_aes_256_ctr =
+ {
+ NID_undef,
+ NID_aes_256_ctr,
+ 16, 32, 16,
+ EVP_CIPH_CBC_MODE,
+ pk11_cipher_init,
@ -1424,7 +1390,6 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.30
+ EVP_CIPHER_get_asn1_iv,
+ NULL
+ };
+#endif /* SOLARIS_AES_CTR */
+
+static const EVP_CIPHER pk11_bf_cbc =
+ {
@ -1612,8 +1577,8 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.30
+ */
+static const char def_PK11_LIBNAME[] = PK11_LIB_LOCATION;
+
+static CK_BBOOL true = TRUE;
+static CK_BBOOL false = FALSE;
+static CK_BBOOL mytrue = TRUE;
+static CK_BBOOL myfalse = FALSE;
+/* Needed in hw_pk11_pub.c as well so that's why it is not static. */
+CK_SLOT_ID pubkey_SLOTID = 0;
+static CK_SLOT_ID rand_SLOTID = 0;
@ -2050,15 +2015,6 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.30
+ goto err;
+ }
+
+#ifdef SOLARIS_AES_CTR
+ /*
+ * We must do this before we start working with slots since we need all
+ * NIDs there.
+ */
+ if (pk11_add_aes_ctr_NIDs() == 0)
+ goto err;
+#endif /* SOLARIS_AES_CTR */
+
+#ifdef SOLARIS_HW_SLOT_SELECTION
+ if (check_hw_mechanisms() == 0)
+ goto err;
@ -3255,9 +3211,7 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.30
+ PK11_SESSION *sp, CK_MECHANISM_PTR pmech)
+ {
+ CK_RV rv;
+#ifdef SOLARIS_AES_CTR
+ CK_AES_CTR_PARAMS ctr_params;
+#endif /* SOLARIS_AES_CTR */
+
+ /*
+ * We expect pmech->mechanism to be already set and
@ -3268,7 +3222,6 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.30
+ OPENSSL_assert(pmech->pParameter == NULL);
+ OPENSSL_assert(pmech->ulParameterLen == 0);
+
+#ifdef SOLARIS_AES_CTR
+ if (ctx->cipher->nid == NID_aes_128_ctr ||
+ ctx->cipher->nid == NID_aes_192_ctr ||
+ ctx->cipher->nid == NID_aes_256_ctr)
@ -3288,7 +3241,6 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.30
+ (void) memcpy(ctr_params.cb, ctx->iv, AES_BLOCK_SIZE);
+ }
+ else
+#endif /* SOLARIS_AES_CTR */
+ {
+ if (pcipher->iv_len > 0)
+ {
@ -3620,20 +3572,16 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.30
+ case NID_rc4:
+ *cipher = &pk11_rc4;
+ break;
+ case NID_aes_128_ctr:
+ *cipher = &pk11_aes_128_ctr;
+ break;
+ case NID_aes_192_ctr:
+ *cipher = &pk11_aes_192_ctr;
+ break;
+ case NID_aes_256_ctr:
+ *cipher = &pk11_aes_256_ctr;
+ break;
+ default:
+#ifdef SOLARIS_AES_CTR
+ /*
+ * These can't be in separated cases because the NIDs
+ * here are not constants.
+ */
+ if (nid == NID_aes_128_ctr)
+ *cipher = &pk11_aes_128_ctr;
+ else if (nid == NID_aes_192_ctr)
+ *cipher = &pk11_aes_192_ctr;
+ else if (nid == NID_aes_256_ctr)
+ *cipher = &pk11_aes_256_ctr;
+ else
+#endif /* SOLARIS_AES_CTR */
+ *cipher = NULL;
+ break;
+ }
@ -3689,9 +3637,9 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.30
+ {
+ {CKA_CLASS, (void*) NULL, sizeof (CK_OBJECT_CLASS)},
+ {CKA_KEY_TYPE, (void*) NULL, sizeof (CK_KEY_TYPE)},
+ {CKA_TOKEN, &false, sizeof (false)},
+ {CKA_ENCRYPT, &true, sizeof (true)},
+ {CKA_DECRYPT, &true, sizeof (true)},
+ {CKA_TOKEN, &myfalse, sizeof (myfalse)},
+ {CKA_ENCRYPT, &mytrue, sizeof (mytrue)},
+ {CKA_DECRYPT, &mytrue, sizeof (mytrue)},
+ {CKA_VALUE, (void*) NULL, 0},
+ };
+
@ -4470,60 +4418,6 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.30
+ return;
+ }
+
+#ifdef SOLARIS_AES_CTR
+/* create a new NID when we have no OID for that mechanism */
+static int pk11_add_NID(char *sn, char *ln)
+ {
+ ASN1_OBJECT *o;
+ int nid;
+
+ if ((o = ASN1_OBJECT_create(OBJ_new_nid(1), (unsigned char *)"",
+ 1, sn, ln)) == NULL)
+ {
+ return (0);
+ }
+
+ /* will return NID_undef on error */
+ nid = OBJ_add_object(o);
+ ASN1_OBJECT_free(o);
+
+ return (nid);
+ }
+
+/*
+ * Create new NIDs for AES counter mode. OpenSSL doesn't support them now so we
+ * have to help ourselves here.
+ */
+static int pk11_add_aes_ctr_NIDs(void)
+ {
+ /* are we already set? */
+ if (NID_aes_256_ctr != NID_undef)
+ return (1);
+
+ /*
+ * There are no official names for AES counter modes yet so we just
+ * follow the format of those that exist.
+ */
+ if ((NID_aes_128_ctr = pk11_add_NID("AES-128-CTR", "aes-128-ctr")) ==
+ NID_undef)
+ goto err;
+ ciphers[PK11_AES_128_CTR].nid = pk11_aes_128_ctr.nid = NID_aes_128_ctr;
+ if ((NID_aes_192_ctr = pk11_add_NID("AES-192-CTR", "aes-192-ctr")) ==
+ NID_undef)
+ goto err;
+ ciphers[PK11_AES_192_CTR].nid = pk11_aes_192_ctr.nid = NID_aes_192_ctr;
+ if ((NID_aes_256_ctr = pk11_add_NID("AES-256-CTR", "aes-256-ctr")) ==
+ NID_undef)
+ goto err;
+ ciphers[PK11_AES_256_CTR].nid = pk11_aes_256_ctr.nid = NID_aes_256_ctr;
+ return (1);
+
+err:
+ PK11err(PK11_F_ADD_AES_CTR_NIDS, PK11_R_ADD_NID_FAILED);
+ return (0);
+ }
+#endif /* SOLARIS_AES_CTR */
+
+/* Find what symmetric ciphers this slot supports. */
+static void pk11_find_symmetric_ciphers(CK_FUNCTION_LIST_PTR pflist,
+ CK_SLOT_ID current_slot, int *current_slot_n_cipher, int *local_cipher_nids)
@ -4812,7 +4706,7 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.30
+#endif /* OPENSSL_NO_HW */
Index: openssl/crypto/engine/hw_pk11_err.c
diff -u /dev/null openssl/crypto/engine/hw_pk11_err.c:1.5
--- /dev/null Tue Jun 19 16:21:25 2012
--- /dev/null Thu May 16 07:44:28 2013
+++ openssl/crypto/engine/hw_pk11_err.c Tue Jun 14 00:43:26 2011
@@ -0,0 +1,288 @@
+/*
@ -5105,7 +4999,7 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11_err.c:1.5
+}
Index: openssl/crypto/engine/hw_pk11_err.h
diff -u /dev/null openssl/crypto/engine/hw_pk11_err.h:1.12
--- /dev/null Tue Jun 19 16:21:25 2012
--- /dev/null Thu May 16 07:44:28 2013
+++ openssl/crypto/engine/hw_pk11_err.h Tue Jun 14 21:51:32 2011
@@ -0,0 +1,440 @@
+/*
@ -5550,7 +5444,7 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11_err.h:1.12
+#endif /* HW_PK11_ERR_H */
Index: openssl/crypto/engine/hw_pk11_pub.c
diff -u /dev/null openssl/crypto/engine/hw_pk11_pub.c:1.38
--- /dev/null Tue Jun 19 16:21:25 2012
--- /dev/null Thu May 16 07:44:28 2013
+++ openssl/crypto/engine/hw_pk11_pub.c Sun Jun 17 21:12:24 2012
@@ -0,0 +1,3530 @@
+/*
@ -9085,7 +8979,7 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11_pub.c:1.38
+#endif /* OPENSSL_NO_HW */
Index: openssl/crypto/engine/hw_pk11ca.h
diff -u /dev/null openssl/crypto/engine/hw_pk11ca.h:1.4
--- /dev/null Tue Jun 19 16:21:25 2012
--- /dev/null Thu May 16 07:44:28 2013
+++ openssl/crypto/engine/hw_pk11ca.h Wed Jun 15 21:12:20 2011
@@ -0,0 +1,32 @@
+/* Redefine all pk11/PK11 external symbols to pk11ca/PK11CA */
@ -9122,7 +9016,7 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11ca.h:1.4
+#define ENGINE_load_pk11 ENGINE_load_pk11ca
Index: openssl/crypto/engine/hw_pk11so.c
diff -u /dev/null openssl/crypto/engine/hw_pk11so.c:1.7
--- /dev/null Tue Jun 19 16:21:25 2012
--- /dev/null Thu May 16 07:44:28 2013
+++ openssl/crypto/engine/hw_pk11so.c Thu Jun 16 12:31:53 2011
@@ -0,0 +1,1745 @@
+/*
@ -10872,7 +10766,7 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11so.c:1.7
+#endif /* OPENSSL_NO_HW */
Index: openssl/crypto/engine/hw_pk11so.h
diff -u /dev/null openssl/crypto/engine/hw_pk11so.h:1.4
--- /dev/null Tue Jun 19 16:21:26 2012
--- /dev/null Thu May 16 07:44:28 2013
+++ openssl/crypto/engine/hw_pk11so.h Wed Jun 15 21:12:20 2011
@@ -0,0 +1,32 @@
+/* Redefine all pk11/PK11 external symbols to pk11so/PK11SO */
@ -10909,7 +10803,7 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11so.h:1.4
+#define ENGINE_load_pk11 ENGINE_load_pk11so
Index: openssl/crypto/engine/hw_pk11so_pub.c
diff -u /dev/null openssl/crypto/engine/hw_pk11so_pub.c:1.8
--- /dev/null Tue Jun 19 16:21:26 2012
--- /dev/null Thu May 16 07:44:28 2013
+++ openssl/crypto/engine/hw_pk11so_pub.c Sun Jun 17 21:12:24 2012
@@ -0,0 +1,1622 @@
+/*
@ -12536,11 +12430,11 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11so_pub.c:1.8
+#endif /* OPENSSL_NO_HW */
Index: openssl/crypto/engine/pkcs11.h
diff -u /dev/null openssl/crypto/engine/pkcs11.h:1.1.1.1
--- /dev/null Tue Jun 19 16:21:26 2012
--- /dev/null Thu May 16 07:44:28 2013
+++ openssl/crypto/engine/pkcs11.h Wed Oct 24 23:27:09 2007
@@ -0,0 +1,299 @@
+/* pkcs11.h include file for PKCS #11. */
+/* $Revision: 1.1.1.1 $ */
+/* $Revision$ */
+
+/* License to copy and use this software is granted provided that it is
+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
@ -12840,11 +12734,11 @@ diff -u /dev/null openssl/crypto/engine/pkcs11.h:1.1.1.1
+#endif
Index: openssl/crypto/engine/pkcs11f.h
diff -u /dev/null openssl/crypto/engine/pkcs11f.h:1.1.1.1
--- /dev/null Tue Jun 19 16:21:26 2012
--- /dev/null Thu May 16 07:44:28 2013
+++ openssl/crypto/engine/pkcs11f.h Wed Oct 24 23:27:09 2007
@@ -0,0 +1,912 @@
+/* pkcs11f.h include file for PKCS #11. */
+/* $Revision: 1.1.1.1 $ */
+/* $Revision$ */
+
+/* License to copy and use this software is granted provided that it is
+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
@ -13757,11 +13651,11 @@ diff -u /dev/null openssl/crypto/engine/pkcs11f.h:1.1.1.1
+#endif
Index: openssl/crypto/engine/pkcs11t.h
diff -u /dev/null openssl/crypto/engine/pkcs11t.h:1.2
--- /dev/null Tue Jun 19 16:21:26 2012
--- /dev/null Thu May 16 07:44:28 2013
+++ openssl/crypto/engine/pkcs11t.h Sat Aug 30 11:58:07 2008
@@ -0,0 +1,1885 @@
+/* pkcs11t.h include file for PKCS #11. */
+/* $Revision: 1.2 $ */
+/* $Revision$ */
+
+/* License to copy and use this software is granted provided that it is
+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
@ -15646,10 +15540,10 @@ diff -u /dev/null openssl/crypto/engine/pkcs11t.h:1.2
+
+#endif
Index: openssl/util/libeay.num
diff -u openssl/util/libeay.num:1.8.2.1.4.1 openssl/util/libeay.num:1.10
--- openssl/util/libeay.num:1.8.2.1.4.1 Tue Jun 19 15:30:18 2012
+++ openssl/util/libeay.num Tue Jun 19 16:18:10 2012
@@ -4310,3 +4310,5 @@
diff -u openssl/util/libeay.num:1.8.2.1.4.1.2.1 openssl/util/libeay.num:1.11
--- openssl/util/libeay.num:1.8.2.1.4.1.2.1 Wed May 15 11:47:13 2013
+++ openssl/util/libeay.num Wed May 15 11:57:43 2013
@@ -4311,3 +4311,5 @@
BIO_s_datagram_sctp 4680 EXIST::FUNCTION:DGRAM,SCTP
BIO_dgram_is_sctp 4681 EXIST::FUNCTION:SCTP
BIO_dgram_sctp_notification_cb 4682 EXIST::FUNCTION:SCTP
@ -15736,9 +15630,9 @@ diff -u openssl/util/mkdef.pl:1.7.2.1.4.1 openssl/util/mkdef.pl:1.9
if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; }
if ($keyword eq "GMP" && $no_gmp) { return 0; }
Index: openssl/util/pl/VC-32.pl
diff -u openssl/util/pl/VC-32.pl:1.7.2.1.4.1 openssl/util/pl/VC-32.pl:1.8
--- openssl/util/pl/VC-32.pl:1.7.2.1.4.1 Tue Jun 19 15:30:18 2012
+++ openssl/util/pl/VC-32.pl Tue Jun 19 16:18:10 2012
diff -u openssl/util/pl/VC-32.pl:1.7.2.1.4.1.2.1 openssl/util/pl/VC-32.pl:1.9
--- openssl/util/pl/VC-32.pl:1.7.2.1.4.1.2.1 Wed May 15 11:47:13 2013
+++ openssl/util/pl/VC-32.pl Wed May 15 11:57:43 2013
@@ -46,7 +46,7 @@
my $f = $shlib || $fips ?' /MD':' /MT';
$lib_cflag='/Zl' if (!$shlib); # remove /DEFAULTLIBs from static lib

View file

@ -70,13 +70,14 @@
</itemizedlist>
<para>The modified OpenSSL code is included in the BIND 9 release,
in the form of a context diff against the latest verions of
OpenSSL. OpenSSL 0.9.8 and 1.0.0 are both supported; there are
OpenSSL. OpenSSL 0.9.8, 1.0.0 and 1.0.1 are supported; there are
separate diffs for each version. In the examples to follow,
we use OpenSSL 0.9.8, but the same methods work with OpenSSL 1.0.0.
we use OpenSSL 0.9.8, but the same methods work with OpenSSL 1.0.0
and 1.0.1.
</para>
<note>
The latest OpenSSL versions at the time of the BIND release
are 0.9.8s and 1.0.0f.
are 0.9.8y, 1.0.0k and 1.0.1e.
ISC will provide an updated patch as new versions of OpenSSL
are released. The version number in the following examples
is expected to change.</note>