+3579. [maint] Updates to PKCS#11 openssl patches, supporting
+ versions 0.9.8y, 1.0.0k, 1.0.1e [RT #33463]
+
3578. [bug] 'rndc -c file' now fails if 'file' does not exist.
[RT #33571]
Index: openssl/Configure
-diff -u openssl/Configure:1.8.6.1 openssl/Configure:1.8
---- openssl/Configure:1.8.6.1 Sun Jan 15 15:45:33 2012
-+++ openssl/Configure Mon Jun 13 14:25:15 2011
+diff -u openssl/Configure:1.8.6.1.4.1 openssl/Configure:1.8.2.1
+--- openssl/Configure:1.8.6.1.4.1 Tue May 14 14:41:19 2013
++++ openssl/Configure Tue May 14 14:56:15 2013
@@ -12,7 +12,7 @@
# see INSTALL for instructions.
# --with-krb5-dir Declare where Kerberos 5 lives. The libraries are expected
# to live in the subdirectory lib/ and the header files in
# include/. A value is required.
-@@ -335,7 +341,7 @@
+@@ -336,7 +342,7 @@
"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc32.o::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### IA-32 targets...
"linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
####
"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-@@ -343,7 +349,7 @@
+@@ -344,7 +350,7 @@
"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### SPARC Linux setups
# Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
# assisted with debugging of following two configs.
-@@ -590,6 +596,10 @@
+@@ -591,6 +597,10 @@
my $idx_ranlib = $idx++;
my $idx_arflags = $idx++;
my $prefix="";
my $libdir="";
my $openssldir="";
-@@ -828,6 +838,14 @@
+@@ -829,6 +839,14 @@
{
$flags.=$_." ";
}
elsif (/^--prefix=(.*)$/)
{
$prefix=$1;
-@@ -963,6 +981,22 @@
+@@ -964,6 +982,22 @@
exit 0;
}
if ($target =~ m/^CygWin32(-.*)$/) {
$target = "Cygwin".$1;
}
-@@ -1078,6 +1112,25 @@
+@@ -1079,6 +1113,25 @@
print "\n";
}
my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds;
$IsMK1MF=1 if ($target eq "mingw" && $^O ne "cygwin" && !is_msys());
-@@ -1129,6 +1182,8 @@
+@@ -1130,6 +1183,8 @@
if ($flags ne "") { $cflags="$flags$cflags"; }
else { $no_user_cflags=1; }
# Kerberos settings. The flavor must be provided from outside, either through
# the script "config" or manually.
if (!$no_krb5)
-@@ -1492,6 +1547,7 @@
+@@ -1493,6 +1548,7 @@
s/^VERSION=.*/VERSION=$version/;
s/^MAJOR=.*/MAJOR=$major/;
s/^MINOR=.*/MINOR=$minor/;
Index: openssl/README.pkcs11
diff -u /dev/null openssl/README.pkcs11:1.6.4.1
---- /dev/null Tue Jun 19 16:24:30 2012
+--- /dev/null Thu May 16 07:41:50 2013
+++ openssl/README.pkcs11 Mon Jun 13 18:27:39 2011
@@ -0,0 +1,261 @@
+ISC modified
tb_cipher.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
Index: openssl/crypto/engine/cryptoki.h
diff -u /dev/null openssl/crypto/engine/cryptoki.h:1.4
---- /dev/null Tue Jun 19 16:24:30 2012
+--- /dev/null Thu May 16 07:41:50 2013
+++ openssl/crypto/engine/cryptoki.h Thu Dec 18 00:14:12 2008
@@ -0,0 +1,103 @@
+/*
/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
* "registry" handling. */
Index: openssl/crypto/engine/hw_pk11.c
-diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.26.4.2
---- /dev/null Tue Jun 19 16:24:30 2012
-+++ openssl/crypto/engine/hw_pk11.c Thu Jun 16 12:31:35 2011
+diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.26.4.3
+--- /dev/null Thu May 16 07:41:51 2013
++++ openssl/crypto/engine/hw_pk11.c Thu May 16 07:20:00 2013
@@ -0,0 +1,4057 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
+ */
+static const char def_PK11_LIBNAME[] = PK11_LIB_LOCATION;
+
-+static CK_BBOOL true = TRUE;
-+static CK_BBOOL false = FALSE;
++static CK_BBOOL mytrue = TRUE;
++static CK_BBOOL myfalse = FALSE;
+/* Needed in hw_pk11_pub.c as well so that's why it is not static. */
+CK_SLOT_ID pubkey_SLOTID = 0;
+static CK_SLOT_ID rand_SLOTID = 0;
+ {
+ {CKA_CLASS, (void*) NULL, sizeof (CK_OBJECT_CLASS)},
+ {CKA_KEY_TYPE, (void*) NULL, sizeof (CK_KEY_TYPE)},
-+ {CKA_TOKEN, &false, sizeof (false)},
-+ {CKA_ENCRYPT, &true, sizeof (true)},
-+ {CKA_DECRYPT, &true, sizeof (true)},
++ {CKA_TOKEN, &myfalse, sizeof (myfalse)},
++ {CKA_ENCRYPT, &mytrue, sizeof (mytrue)},
++ {CKA_DECRYPT, &mytrue, sizeof (mytrue)},
+ {CKA_VALUE, (void*) NULL, 0},
+ };
+
+#endif /* OPENSSL_NO_HW */
Index: openssl/crypto/engine/hw_pk11_err.c
diff -u /dev/null openssl/crypto/engine/hw_pk11_err.c:1.4.10.1
---- /dev/null Tue Jun 19 16:24:30 2012
+--- /dev/null Thu May 16 07:41:51 2013
+++ openssl/crypto/engine/hw_pk11_err.c Tue Jun 14 21:52:40 2011
@@ -0,0 +1,288 @@
+/*
+}
Index: openssl/crypto/engine/hw_pk11_err.h
diff -u /dev/null openssl/crypto/engine/hw_pk11_err.h:1.9.10.1
---- /dev/null Tue Jun 19 16:24:30 2012
+--- /dev/null Thu May 16 07:41:51 2013
+++ openssl/crypto/engine/hw_pk11_err.h Tue Jun 14 21:52:40 2011
@@ -0,0 +1,440 @@
+/*
+#endif /* HW_PK11_ERR_H */
Index: openssl/crypto/engine/hw_pk11_pub.c
diff -u /dev/null openssl/crypto/engine/hw_pk11_pub.c:1.32.4.4
---- /dev/null Tue Jun 19 16:24:30 2012
+--- /dev/null Thu May 16 07:41:51 2013
+++ openssl/crypto/engine/hw_pk11_pub.c Sun Jun 17 21:12:10 2012
@@ -0,0 +1,3530 @@
+/*
+#endif /* OPENSSL_NO_HW */
Index: openssl/crypto/engine/hw_pk11ca.h
diff -u /dev/null openssl/crypto/engine/hw_pk11ca.h:1.2.4.2
---- /dev/null Tue Jun 19 16:24:30 2012
+--- /dev/null Thu May 16 07:41:51 2013
+++ openssl/crypto/engine/hw_pk11ca.h Wed Jun 15 21:12:32 2011
@@ -0,0 +1,32 @@
+/* Redefine all pk11/PK11 external symbols to pk11ca/PK11CA */
+#define ENGINE_load_pk11 ENGINE_load_pk11ca
Index: openssl/crypto/engine/hw_pk11so.c
diff -u /dev/null openssl/crypto/engine/hw_pk11so.c:1.3.4.2
---- /dev/null Tue Jun 19 16:24:30 2012
+--- /dev/null Thu May 16 07:41:51 2013
+++ openssl/crypto/engine/hw_pk11so.c Thu Jun 16 12:31:35 2011
@@ -0,0 +1,1745 @@
+/*
+#endif /* OPENSSL_NO_HW */
Index: openssl/crypto/engine/hw_pk11so.h
diff -u /dev/null openssl/crypto/engine/hw_pk11so.h:1.2.4.2
---- /dev/null Tue Jun 19 16:24:30 2012
+--- /dev/null Thu May 16 07:41:51 2013
+++ openssl/crypto/engine/hw_pk11so.h Wed Jun 15 21:12:32 2011
@@ -0,0 +1,32 @@
+/* Redefine all pk11/PK11 external symbols to pk11so/PK11SO */
+#define ENGINE_load_pk11 ENGINE_load_pk11so
Index: openssl/crypto/engine/hw_pk11so_pub.c
diff -u /dev/null openssl/crypto/engine/hw_pk11so_pub.c:1.2.4.4
---- /dev/null Tue Jun 19 16:24:30 2012
+--- /dev/null Thu May 16 07:41:51 2013
+++ openssl/crypto/engine/hw_pk11so_pub.c Sun Jun 17 21:12:11 2012
@@ -0,0 +1,1622 @@
+/*
+#endif /* OPENSSL_NO_HW */
Index: openssl/crypto/engine/pkcs11.h
diff -u /dev/null openssl/crypto/engine/pkcs11.h:1.1.1.1
---- /dev/null Tue Jun 19 16:24:30 2012
+--- /dev/null Thu May 16 07:41:51 2013
+++ openssl/crypto/engine/pkcs11.h Wed Oct 24 23:27:09 2007
@@ -0,0 +1,299 @@
+/* pkcs11.h include file for PKCS #11. */
-+/* $Revision: 1.1.1.1 $ */
++/* $Revision$ */
+
+/* License to copy and use this software is granted provided that it is
+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
+#endif
Index: openssl/crypto/engine/pkcs11f.h
diff -u /dev/null openssl/crypto/engine/pkcs11f.h:1.1.1.1
---- /dev/null Tue Jun 19 16:24:30 2012
+--- /dev/null Thu May 16 07:41:51 2013
+++ openssl/crypto/engine/pkcs11f.h Wed Oct 24 23:27:09 2007
@@ -0,0 +1,912 @@
+/* pkcs11f.h include file for PKCS #11. */
-+/* $Revision: 1.1.1.1 $ */
++/* $Revision$ */
+
+/* License to copy and use this software is granted provided that it is
+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
+#endif
Index: openssl/crypto/engine/pkcs11t.h
diff -u /dev/null openssl/crypto/engine/pkcs11t.h:1.2
---- /dev/null Tue Jun 19 16:24:30 2012
+--- /dev/null Thu May 16 07:41:51 2013
+++ openssl/crypto/engine/pkcs11t.h Sat Aug 30 11:58:07 2008
@@ -0,0 +1,1885 @@
+/* pkcs11t.h include file for PKCS #11. */
-+/* $Revision: 1.2 $ */
++/* $Revision$ */
+
+/* License to copy and use this software is granted provided that it is
+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
+
+#endif
Index: openssl/util/libeay.num
-diff -u openssl/util/libeay.num:1.7.6.1 openssl/util/libeay.num:1.7
---- openssl/util/libeay.num:1.7.6.1 Sun Jan 15 15:45:40 2012
-+++ openssl/util/libeay.num Mon Jun 13 14:25:25 2011
-@@ -3728,3 +3728,5 @@
+diff -u openssl/util/libeay.num:1.7.6.1.4.1 openssl/util/libeay.num:1.7.2.1
+--- openssl/util/libeay.num:1.7.6.1.4.1 Tue May 14 14:41:22 2013
++++ openssl/util/libeay.num Tue May 14 14:56:18 2013
+@@ -3729,3 +3729,5 @@
pqueue_size 4114 EXIST::FUNCTION:
OPENSSL_uni2asc 4115 EXIST:NETWARE:FUNCTION:
OPENSSL_asc2uni 4116 EXIST:NETWARE:FUNCTION:
Index: openssl/Configure
-diff -u openssl/Configure:1.9.2.1.2.1 openssl/Configure:1.11
---- openssl/Configure:1.9.2.1.2.1 Tue Jun 19 14:46:03 2012
-+++ openssl/Configure Tue Jun 19 14:49:21 2012
+diff -u openssl/Configure:1.9.2.1.2.1.4.1 openssl/Configure:1.11.2.1
+--- openssl/Configure:1.9.2.1.2.1.4.1 Tue May 14 15:37:45 2013
++++ openssl/Configure Tue May 14 15:49:01 2013
@@ -10,7 +10,7 @@
# see INSTALL for instructions.
# --with-krb5-dir Declare where Kerberos 5 lives. The libraries are expected
# to live in the subdirectory lib/ and the header files in
# include/. A value is required.
-@@ -343,7 +349,7 @@
+@@ -344,7 +350,7 @@
"linux-armv4", "gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### IA-32 targets...
"linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
####
"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-@@ -351,7 +357,7 @@
+@@ -352,7 +358,7 @@
"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
#### SPARC Linux setups
# Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
-@@ -622,6 +628,10 @@
+@@ -623,6 +629,10 @@
my $idx_arflags = $idx++;
my $idx_multilib = $idx++;
my $prefix="";
my $libdir="";
my $openssldir="";
-@@ -824,6 +834,14 @@
+@@ -825,6 +835,14 @@
{
$flags.=$_." ";
}
elsif (/^--prefix=(.*)$/)
{
$prefix=$1;
-@@ -961,6 +979,22 @@
+@@ -962,6 +980,22 @@
exit 0;
}
if ($target =~ m/^CygWin32(-.*)$/) {
$target = "Cygwin".$1;
}
-@@ -1038,6 +1072,25 @@
+@@ -1039,6 +1073,25 @@
$exp_cflags .= " -DOPENSSL_EXPERIMENTAL_$ALGO";
}
my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds;
$exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target =~ /^mingw/);
-@@ -1125,6 +1178,8 @@
+@@ -1126,6 +1179,8 @@
if ($flags ne "") { $cflags="$flags$cflags"; }
else { $no_user_cflags=1; }
# Kerberos settings. The flavor must be provided from outside, either through
# the script "config" or manually.
if (!$no_krb5)
-@@ -1494,6 +1549,7 @@
+@@ -1495,6 +1550,7 @@
s/^VERSION=.*/VERSION=$version/;
s/^MAJOR=.*/MAJOR=$major/;
s/^MINOR=.*/MINOR=$minor/;
Index: openssl/README.pkcs11
diff -u /dev/null openssl/README.pkcs11:1.7
---- /dev/null Tue Jun 19 16:23:56 2012
+--- /dev/null Thu May 16 07:42:54 2013
+++ openssl/README.pkcs11 Mon Jun 13 18:27:17 2011
@@ -0,0 +1,261 @@
+ISC modified
tb_asnmth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
Index: openssl/crypto/engine/cryptoki.h
diff -u /dev/null openssl/crypto/engine/cryptoki.h:1.4
---- /dev/null Tue Jun 19 16:23:56 2012
+--- /dev/null Thu May 16 07:42:54 2013
+++ openssl/crypto/engine/cryptoki.h Thu Dec 18 00:14:12 2008
@@ -0,0 +1,103 @@
+/*
void ENGINE_load_gmp(void);
#endif
Index: openssl/crypto/engine/hw_pk11.c
-diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.30
---- /dev/null Tue Jun 19 16:23:56 2012
-+++ openssl/crypto/engine/hw_pk11.c Thu Jun 16 12:31:53 2011
+diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.30.4.1
+--- /dev/null Thu May 16 07:42:54 2013
++++ openssl/crypto/engine/hw_pk11.c Thu May 16 06:53:50 2013
@@ -0,0 +1,4057 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
+ */
+static const char def_PK11_LIBNAME[] = PK11_LIB_LOCATION;
+
-+static CK_BBOOL true = TRUE;
-+static CK_BBOOL false = FALSE;
++static CK_BBOOL mytrue = TRUE;
++static CK_BBOOL myfalse = FALSE;
+/* Needed in hw_pk11_pub.c as well so that's why it is not static. */
+CK_SLOT_ID pubkey_SLOTID = 0;
+static CK_SLOT_ID rand_SLOTID = 0;
+ {
+ {CKA_CLASS, (void*) NULL, sizeof (CK_OBJECT_CLASS)},
+ {CKA_KEY_TYPE, (void*) NULL, sizeof (CK_KEY_TYPE)},
-+ {CKA_TOKEN, &false, sizeof (false)},
-+ {CKA_ENCRYPT, &true, sizeof (true)},
-+ {CKA_DECRYPT, &true, sizeof (true)},
++ {CKA_TOKEN, &myfalse, sizeof (myfalse)},
++ {CKA_ENCRYPT, &mytrue, sizeof (mytrue)},
++ {CKA_DECRYPT, &mytrue, sizeof (mytrue)},
+ {CKA_VALUE, (void*) NULL, 0},
+ };
+
+#endif /* OPENSSL_NO_HW */
Index: openssl/crypto/engine/hw_pk11_err.c
diff -u /dev/null openssl/crypto/engine/hw_pk11_err.c:1.5
---- /dev/null Tue Jun 19 16:23:56 2012
+--- /dev/null Thu May 16 07:42:54 2013
+++ openssl/crypto/engine/hw_pk11_err.c Tue Jun 14 00:43:26 2011
@@ -0,0 +1,288 @@
+/*
+}
Index: openssl/crypto/engine/hw_pk11_err.h
diff -u /dev/null openssl/crypto/engine/hw_pk11_err.h:1.12
---- /dev/null Tue Jun 19 16:23:57 2012
+--- /dev/null Thu May 16 07:42:54 2013
+++ openssl/crypto/engine/hw_pk11_err.h Tue Jun 14 21:51:32 2011
@@ -0,0 +1,440 @@
+/*
+#endif /* HW_PK11_ERR_H */
Index: openssl/crypto/engine/hw_pk11_pub.c
diff -u /dev/null openssl/crypto/engine/hw_pk11_pub.c:1.38
---- /dev/null Tue Jun 19 16:23:57 2012
+--- /dev/null Thu May 16 07:42:54 2013
+++ openssl/crypto/engine/hw_pk11_pub.c Sun Jun 17 21:12:24 2012
@@ -0,0 +1,3530 @@
+/*
+#endif /* OPENSSL_NO_HW */
Index: openssl/crypto/engine/hw_pk11ca.h
diff -u /dev/null openssl/crypto/engine/hw_pk11ca.h:1.4
---- /dev/null Tue Jun 19 16:23:57 2012
+--- /dev/null Thu May 16 07:42:54 2013
+++ openssl/crypto/engine/hw_pk11ca.h Wed Jun 15 21:12:20 2011
@@ -0,0 +1,32 @@
+/* Redefine all pk11/PK11 external symbols to pk11ca/PK11CA */
+#define ENGINE_load_pk11 ENGINE_load_pk11ca
Index: openssl/crypto/engine/hw_pk11so.c
diff -u /dev/null openssl/crypto/engine/hw_pk11so.c:1.7
---- /dev/null Tue Jun 19 16:23:57 2012
+--- /dev/null Thu May 16 07:42:54 2013
+++ openssl/crypto/engine/hw_pk11so.c Thu Jun 16 12:31:53 2011
@@ -0,0 +1,1745 @@
+/*
+#endif /* OPENSSL_NO_HW */
Index: openssl/crypto/engine/hw_pk11so.h
diff -u /dev/null openssl/crypto/engine/hw_pk11so.h:1.4
---- /dev/null Tue Jun 19 16:23:57 2012
+--- /dev/null Thu May 16 07:42:54 2013
+++ openssl/crypto/engine/hw_pk11so.h Wed Jun 15 21:12:20 2011
@@ -0,0 +1,32 @@
+/* Redefine all pk11/PK11 external symbols to pk11so/PK11SO */
+#define ENGINE_load_pk11 ENGINE_load_pk11so
Index: openssl/crypto/engine/hw_pk11so_pub.c
diff -u /dev/null openssl/crypto/engine/hw_pk11so_pub.c:1.8
---- /dev/null Tue Jun 19 16:23:57 2012
+--- /dev/null Thu May 16 07:42:54 2013
+++ openssl/crypto/engine/hw_pk11so_pub.c Sun Jun 17 21:12:24 2012
@@ -0,0 +1,1622 @@
+/*
+#endif /* OPENSSL_NO_HW */
Index: openssl/crypto/engine/pkcs11.h
diff -u /dev/null openssl/crypto/engine/pkcs11.h:1.1.1.1
---- /dev/null Tue Jun 19 16:23:57 2012
+--- /dev/null Thu May 16 07:42:54 2013
+++ openssl/crypto/engine/pkcs11.h Wed Oct 24 23:27:09 2007
@@ -0,0 +1,299 @@
+/* pkcs11.h include file for PKCS #11. */
-+/* $Revision: 1.1.1.1 $ */
++/* $Revision$ */
+
+/* License to copy and use this software is granted provided that it is
+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
+#endif
Index: openssl/crypto/engine/pkcs11f.h
diff -u /dev/null openssl/crypto/engine/pkcs11f.h:1.1.1.1
---- /dev/null Tue Jun 19 16:23:57 2012
+--- /dev/null Thu May 16 07:42:54 2013
+++ openssl/crypto/engine/pkcs11f.h Wed Oct 24 23:27:09 2007
@@ -0,0 +1,912 @@
+/* pkcs11f.h include file for PKCS #11. */
-+/* $Revision: 1.1.1.1 $ */
++/* $Revision$ */
+
+/* License to copy and use this software is granted provided that it is
+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
+#endif
Index: openssl/crypto/engine/pkcs11t.h
diff -u /dev/null openssl/crypto/engine/pkcs11t.h:1.2
---- /dev/null Tue Jun 19 16:23:57 2012
+--- /dev/null Thu May 16 07:42:54 2013
+++ openssl/crypto/engine/pkcs11t.h Sat Aug 30 11:58:07 2008
@@ -0,0 +1,1885 @@
+/* pkcs11t.h include file for PKCS #11. */
-+/* $Revision: 1.2 $ */
++/* $Revision$ */
+
+/* License to copy and use this software is granted provided that it is
+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
+
+#endif
Index: openssl/util/libeay.num
-diff -u openssl/util/libeay.num:1.8.2.1 openssl/util/libeay.num:1.9
---- openssl/util/libeay.num:1.8.2.1 Sun Jan 15 16:09:52 2012
-+++ openssl/util/libeay.num Sun Jan 15 16:30:10 2012
-@@ -4194,3 +4194,5 @@
+diff -u openssl/util/libeay.num:1.8.2.1.6.1 openssl/util/libeay.num:1.9.2.1
+--- openssl/util/libeay.num:1.8.2.1.6.1 Tue May 14 15:37:52 2013
++++ openssl/util/libeay.num Tue May 14 15:49:08 2013
+@@ -4195,3 +4195,5 @@
OPENSSL_strncasecmp 4566 EXIST::FUNCTION:
OPENSSL_gmtime 4567 EXIST::FUNCTION:
OPENSSL_gmtime_adj 4568 EXIST::FUNCTION:
Index: openssl/Configure
-diff -u openssl/Configure:1.9.2.1.2.1.2.1 openssl/Configure:1.12
---- openssl/Configure:1.9.2.1.2.1.2.1 Tue Jun 19 15:29:45 2012
-+++ openssl/Configure Tue Jun 19 16:17:49 2012
+diff -u openssl/Configure:1.9.2.1.2.1.2.1.2.1 openssl/Configure:1.13
+--- openssl/Configure:1.9.2.1.2.1.2.1.2.1 Wed May 15 11:46:59 2013
++++ openssl/Configure Wed May 15 11:57:36 2013
@@ -10,7 +10,7 @@
# see INSTALL for instructions.
# --with-krb5-dir Declare where Kerberos 5 lives. The libraries are expected
# to live in the subdirectory lib/ and the header files in
# include/. A value is required.
-@@ -350,7 +356,7 @@
+@@ -352,7 +358,7 @@
"linux-armv4", "gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### IA-32 targets...
"linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
####
"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-@@ -358,7 +364,7 @@
+@@ -360,7 +366,7 @@
"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux64-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
#### So called "highgprs" target for z/Architecture CPUs
# "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
-@@ -655,6 +661,10 @@
+@@ -657,6 +663,10 @@
my $idx_arflags = $idx++;
my $idx_multilib = $idx++;
my $prefix="";
my $libdir="";
my $openssldir="";
-@@ -874,6 +884,14 @@
+@@ -876,6 +886,14 @@
$_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei;
$flags.=$_." ";
}
elsif (/^--prefix=(.*)$/)
{
$prefix=$1;
-@@ -1041,6 +1059,22 @@
+@@ -1043,6 +1061,22 @@
exit 0;
}
if ($target =~ m/^CygWin32(-.*)$/) {
$target = "Cygwin".$1;
}
-@@ -1118,6 +1152,25 @@
+@@ -1120,6 +1154,25 @@
$exp_cflags .= " -DOPENSSL_EXPERIMENTAL_$ALGO";
}
my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds;
$exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target =~ /^mingw/);
-@@ -1207,6 +1260,8 @@
+@@ -1209,6 +1262,8 @@
if ($flags ne "") { $cflags="$flags$cflags"; }
else { $no_user_cflags=1; }
# Kerberos settings. The flavor must be provided from outside, either through
# the script "config" or manually.
if (!$no_krb5)
-@@ -1596,6 +1651,7 @@
+@@ -1598,6 +1653,7 @@
s/^VERSION=.*/VERSION=$version/;
s/^MAJOR=.*/MAJOR=$major/;
s/^MINOR=.*/MINOR=$minor/;
s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/;
s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/;
Index: openssl/Makefile.org
-diff -u openssl/Makefile.org:1.5.2.1.2.1.2.1 openssl/Makefile.org:1.7
---- openssl/Makefile.org:1.5.2.1.2.1.2.1 Tue Jun 19 15:29:46 2012
-+++ openssl/Makefile.org Tue Jun 19 16:17:49 2012
+diff -u openssl/Makefile.org:1.5.2.1.2.1.2.1.2.1 openssl/Makefile.org:1.8
+--- openssl/Makefile.org:1.5.2.1.2.1.2.1.2.1 Wed May 15 11:46:59 2013
++++ openssl/Makefile.org Wed May 15 11:57:36 2013
@@ -26,6 +26,9 @@
INSTALL_PREFIX=
INSTALLTOP=/usr/local/ssl
Index: openssl/README.pkcs11
diff -u /dev/null openssl/README.pkcs11:1.7
---- /dev/null Tue Jun 19 16:21:25 2012
+--- /dev/null Thu May 16 07:44:28 2013
+++ openssl/README.pkcs11 Mon Jun 13 18:27:17 2011
@@ -0,0 +1,261 @@
+ISC modified
tb_asnmth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
Index: openssl/crypto/engine/cryptoki.h
diff -u /dev/null openssl/crypto/engine/cryptoki.h:1.4
---- /dev/null Tue Jun 19 16:21:25 2012
+--- /dev/null Thu May 16 07:44:28 2013
+++ openssl/crypto/engine/cryptoki.h Thu Dec 18 00:14:12 2008
@@ -0,0 +1,103 @@
+/*
void ENGINE_load_gmp(void);
#endif
Index: openssl/crypto/engine/hw_pk11.c
-diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.30
---- /dev/null Tue Jun 19 16:21:25 2012
-+++ openssl/crypto/engine/hw_pk11.c Thu Jun 16 12:31:53 2011
-@@ -0,0 +1,4057 @@
+diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.32
+--- /dev/null Thu May 16 07:44:28 2013
++++ openssl/crypto/engine/hw_pk11.c Thu May 16 06:50:56 2013
+@@ -0,0 +1,3951 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
+ * Use is subject to license terms.
+#undef SOLARIS_HW_SLOT_SELECTION
+#endif
+
-+/*
-+ * AES counter mode is not supported in the OpenSSL EVP API yet and neither
-+ * there are official OIDs for mechanisms based on this mode. With our changes,
-+ * an application can define its own EVP calls for AES counter mode and then
-+ * it can make use of hardware acceleration through this engine. However, it's
-+ * better if we keep AES CTR support code under ifdef's.
-+ */
-+#define SOLARIS_AES_CTR
-+
+#ifdef OPENSSL_SYS_WIN32
+#pragma pack(push, cryptoki, 1)
+#include "cryptoki.h"
+#include "hw_pk11ca.h"
+#include "hw_pk11_err.c"
+
-+#ifdef SOLARIS_AES_CTR
-+/*
-+ * NIDs for AES counter mode that will be defined during the engine
-+ * initialization.
-+ */
-+static int NID_aes_128_ctr = NID_undef;
-+static int NID_aes_192_ctr = NID_undef;
-+static int NID_aes_256_ctr = NID_undef;
-+#endif /* SOLARIS_AES_CTR */
-+
+/*
+ * We use this lock to prevent multiple C_Login()s, guard getpassphrase(),
+ * uri_struct manipulation, and static token info. All of that is used by the
+
+/* Symmetric cipher and digest support functions */
+static int cipher_nid_to_pk11(int nid);
-+#ifdef SOLARIS_AES_CTR
-+static int pk11_add_NID(char *sn, char *ln);
-+static int pk11_add_aes_ctr_NIDs(void);
-+#endif /* SOLARIS_AES_CTR */
+static int pk11_usable_ciphers(const int **nids);
+static int pk11_usable_digests(const int **nids);
+static int pk11_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ PK11_AES_128_ECB,
+ PK11_AES_192_ECB,
+ PK11_AES_256_ECB,
-+ PK11_BLOWFISH_CBC,
-+#ifdef SOLARIS_AES_CTR
+ PK11_AES_128_CTR,
+ PK11_AES_192_CTR,
+ PK11_AES_256_CTR,
-+#endif /* SOLARIS_AES_CTR */
++ PK11_BLOWFISH_CBC,
+ PK11_CIPHER_MAX
+};
+
+ CKK_AES, CKM_AES_ECB, },
+ { PK11_AES_256_ECB, NID_aes_256_ecb, 0, 32, 32,
+ CKK_AES, CKM_AES_ECB, },
-+ { PK11_BLOWFISH_CBC, NID_bf_cbc, 8, 16, 16,
-+ CKK_BLOWFISH, CKM_BLOWFISH_CBC, },
-+#ifdef SOLARIS_AES_CTR
-+ /* we don't know the correct NIDs until the engine is initialized */
-+ { PK11_AES_128_CTR, NID_undef, 16, 16, 16,
++ { PK11_AES_128_CTR, NID_aes_128_ctr, 16, 16, 16,
+ CKK_AES, CKM_AES_CTR, },
-+ { PK11_AES_192_CTR, NID_undef, 16, 24, 24,
++ { PK11_AES_192_CTR, NID_aes_192_ctr, 16, 24, 24,
+ CKK_AES, CKM_AES_CTR, },
-+ { PK11_AES_256_CTR, NID_undef, 16, 32, 32,
++ { PK11_AES_256_CTR, NID_aes_256_ctr, 16, 32, 32,
+ CKK_AES, CKM_AES_CTR, },
-+#endif /* SOLARIS_AES_CTR */
++ { PK11_BLOWFISH_CBC, NID_bf_cbc, 8, 16, 16,
++ CKK_BLOWFISH, CKM_BLOWFISH_CBC, },
+ };
+
+typedef struct PK11_DIGEST_st
+ NULL
+ };
+
-+#ifdef SOLARIS_AES_CTR
-+/*
-+ * NID_undef's will be changed to the AES counter mode NIDs as soon they are
-+ * created in pk11_library_init(). Note that the need to change these structures
-+ * is the reason why we don't define them with the const keyword.
-+ */
-+static EVP_CIPHER pk11_aes_128_ctr =
++static const EVP_CIPHER pk11_aes_128_ctr =
+ {
-+ NID_undef,
++ NID_aes_128_ctr,
+ 16, 16, 16,
+ EVP_CIPH_CBC_MODE,
+ pk11_cipher_init,
+ NULL
+ };
+
-+static EVP_CIPHER pk11_aes_192_ctr =
++static const EVP_CIPHER pk11_aes_192_ctr =
+ {
-+ NID_undef,
++ NID_aes_192_ctr,
+ 16, 24, 16,
+ EVP_CIPH_CBC_MODE,
+ pk11_cipher_init,
+ NULL
+ };
+
-+static EVP_CIPHER pk11_aes_256_ctr =
++static const EVP_CIPHER pk11_aes_256_ctr =
+ {
-+ NID_undef,
++ NID_aes_256_ctr,
+ 16, 32, 16,
+ EVP_CIPH_CBC_MODE,
+ pk11_cipher_init,
+ EVP_CIPHER_get_asn1_iv,
+ NULL
+ };
-+#endif /* SOLARIS_AES_CTR */
+
+static const EVP_CIPHER pk11_bf_cbc =
+ {
+ */
+static const char def_PK11_LIBNAME[] = PK11_LIB_LOCATION;
+
-+static CK_BBOOL true = TRUE;
-+static CK_BBOOL false = FALSE;
++static CK_BBOOL mytrue = TRUE;
++static CK_BBOOL myfalse = FALSE;
+/* Needed in hw_pk11_pub.c as well so that's why it is not static. */
+CK_SLOT_ID pubkey_SLOTID = 0;
+static CK_SLOT_ID rand_SLOTID = 0;
+ goto err;
+ }
+
-+#ifdef SOLARIS_AES_CTR
-+ /*
-+ * We must do this before we start working with slots since we need all
-+ * NIDs there.
-+ */
-+ if (pk11_add_aes_ctr_NIDs() == 0)
-+ goto err;
-+#endif /* SOLARIS_AES_CTR */
-+
+#ifdef SOLARIS_HW_SLOT_SELECTION
+ if (check_hw_mechanisms() == 0)
+ goto err;
+ PK11_SESSION *sp, CK_MECHANISM_PTR pmech)
+ {
+ CK_RV rv;
-+#ifdef SOLARIS_AES_CTR
+ CK_AES_CTR_PARAMS ctr_params;
-+#endif /* SOLARIS_AES_CTR */
+
+ /*
+ * We expect pmech->mechanism to be already set and
+ OPENSSL_assert(pmech->pParameter == NULL);
+ OPENSSL_assert(pmech->ulParameterLen == 0);
+
-+#ifdef SOLARIS_AES_CTR
+ if (ctx->cipher->nid == NID_aes_128_ctr ||
+ ctx->cipher->nid == NID_aes_192_ctr ||
+ ctx->cipher->nid == NID_aes_256_ctr)
+ (void) memcpy(ctr_params.cb, ctx->iv, AES_BLOCK_SIZE);
+ }
+ else
-+#endif /* SOLARIS_AES_CTR */
+ {
+ if (pcipher->iv_len > 0)
+ {
+ case NID_rc4:
+ *cipher = &pk11_rc4;
+ break;
++ case NID_aes_128_ctr:
++ *cipher = &pk11_aes_128_ctr;
++ break;
++ case NID_aes_192_ctr:
++ *cipher = &pk11_aes_192_ctr;
++ break;
++ case NID_aes_256_ctr:
++ *cipher = &pk11_aes_256_ctr;
++ break;
+ default:
-+#ifdef SOLARIS_AES_CTR
-+ /*
-+ * These can't be in separated cases because the NIDs
-+ * here are not constants.
-+ */
-+ if (nid == NID_aes_128_ctr)
-+ *cipher = &pk11_aes_128_ctr;
-+ else if (nid == NID_aes_192_ctr)
-+ *cipher = &pk11_aes_192_ctr;
-+ else if (nid == NID_aes_256_ctr)
-+ *cipher = &pk11_aes_256_ctr;
-+ else
-+#endif /* SOLARIS_AES_CTR */
+ *cipher = NULL;
+ break;
+ }
+ {
+ {CKA_CLASS, (void*) NULL, sizeof (CK_OBJECT_CLASS)},
+ {CKA_KEY_TYPE, (void*) NULL, sizeof (CK_KEY_TYPE)},
-+ {CKA_TOKEN, &false, sizeof (false)},
-+ {CKA_ENCRYPT, &true, sizeof (true)},
-+ {CKA_DECRYPT, &true, sizeof (true)},
++ {CKA_TOKEN, &myfalse, sizeof (myfalse)},
++ {CKA_ENCRYPT, &mytrue, sizeof (mytrue)},
++ {CKA_DECRYPT, &mytrue, sizeof (mytrue)},
+ {CKA_VALUE, (void*) NULL, 0},
+ };
+
+ return;
+ }
+
-+#ifdef SOLARIS_AES_CTR
-+/* create a new NID when we have no OID for that mechanism */
-+static int pk11_add_NID(char *sn, char *ln)
-+ {
-+ ASN1_OBJECT *o;
-+ int nid;
-+
-+ if ((o = ASN1_OBJECT_create(OBJ_new_nid(1), (unsigned char *)"",
-+ 1, sn, ln)) == NULL)
-+ {
-+ return (0);
-+ }
-+
-+ /* will return NID_undef on error */
-+ nid = OBJ_add_object(o);
-+ ASN1_OBJECT_free(o);
-+
-+ return (nid);
-+ }
-+
-+/*
-+ * Create new NIDs for AES counter mode. OpenSSL doesn't support them now so we
-+ * have to help ourselves here.
-+ */
-+static int pk11_add_aes_ctr_NIDs(void)
-+ {
-+ /* are we already set? */
-+ if (NID_aes_256_ctr != NID_undef)
-+ return (1);
-+
-+ /*
-+ * There are no official names for AES counter modes yet so we just
-+ * follow the format of those that exist.
-+ */
-+ if ((NID_aes_128_ctr = pk11_add_NID("AES-128-CTR", "aes-128-ctr")) ==
-+ NID_undef)
-+ goto err;
-+ ciphers[PK11_AES_128_CTR].nid = pk11_aes_128_ctr.nid = NID_aes_128_ctr;
-+ if ((NID_aes_192_ctr = pk11_add_NID("AES-192-CTR", "aes-192-ctr")) ==
-+ NID_undef)
-+ goto err;
-+ ciphers[PK11_AES_192_CTR].nid = pk11_aes_192_ctr.nid = NID_aes_192_ctr;
-+ if ((NID_aes_256_ctr = pk11_add_NID("AES-256-CTR", "aes-256-ctr")) ==
-+ NID_undef)
-+ goto err;
-+ ciphers[PK11_AES_256_CTR].nid = pk11_aes_256_ctr.nid = NID_aes_256_ctr;
-+ return (1);
-+
-+err:
-+ PK11err(PK11_F_ADD_AES_CTR_NIDS, PK11_R_ADD_NID_FAILED);
-+ return (0);
-+ }
-+#endif /* SOLARIS_AES_CTR */
-+
+/* Find what symmetric ciphers this slot supports. */
+static void pk11_find_symmetric_ciphers(CK_FUNCTION_LIST_PTR pflist,
+ CK_SLOT_ID current_slot, int *current_slot_n_cipher, int *local_cipher_nids)
+#endif /* OPENSSL_NO_HW */
Index: openssl/crypto/engine/hw_pk11_err.c
diff -u /dev/null openssl/crypto/engine/hw_pk11_err.c:1.5
---- /dev/null Tue Jun 19 16:21:25 2012
+--- /dev/null Thu May 16 07:44:28 2013
+++ openssl/crypto/engine/hw_pk11_err.c Tue Jun 14 00:43:26 2011
@@ -0,0 +1,288 @@
+/*
+}
Index: openssl/crypto/engine/hw_pk11_err.h
diff -u /dev/null openssl/crypto/engine/hw_pk11_err.h:1.12
---- /dev/null Tue Jun 19 16:21:25 2012
+--- /dev/null Thu May 16 07:44:28 2013
+++ openssl/crypto/engine/hw_pk11_err.h Tue Jun 14 21:51:32 2011
@@ -0,0 +1,440 @@
+/*
+#endif /* HW_PK11_ERR_H */
Index: openssl/crypto/engine/hw_pk11_pub.c
diff -u /dev/null openssl/crypto/engine/hw_pk11_pub.c:1.38
---- /dev/null Tue Jun 19 16:21:25 2012
+--- /dev/null Thu May 16 07:44:28 2013
+++ openssl/crypto/engine/hw_pk11_pub.c Sun Jun 17 21:12:24 2012
@@ -0,0 +1,3530 @@
+/*
+#endif /* OPENSSL_NO_HW */
Index: openssl/crypto/engine/hw_pk11ca.h
diff -u /dev/null openssl/crypto/engine/hw_pk11ca.h:1.4
---- /dev/null Tue Jun 19 16:21:25 2012
+--- /dev/null Thu May 16 07:44:28 2013
+++ openssl/crypto/engine/hw_pk11ca.h Wed Jun 15 21:12:20 2011
@@ -0,0 +1,32 @@
+/* Redefine all pk11/PK11 external symbols to pk11ca/PK11CA */
+#define ENGINE_load_pk11 ENGINE_load_pk11ca
Index: openssl/crypto/engine/hw_pk11so.c
diff -u /dev/null openssl/crypto/engine/hw_pk11so.c:1.7
---- /dev/null Tue Jun 19 16:21:25 2012
+--- /dev/null Thu May 16 07:44:28 2013
+++ openssl/crypto/engine/hw_pk11so.c Thu Jun 16 12:31:53 2011
@@ -0,0 +1,1745 @@
+/*
+#endif /* OPENSSL_NO_HW */
Index: openssl/crypto/engine/hw_pk11so.h
diff -u /dev/null openssl/crypto/engine/hw_pk11so.h:1.4
---- /dev/null Tue Jun 19 16:21:26 2012
+--- /dev/null Thu May 16 07:44:28 2013
+++ openssl/crypto/engine/hw_pk11so.h Wed Jun 15 21:12:20 2011
@@ -0,0 +1,32 @@
+/* Redefine all pk11/PK11 external symbols to pk11so/PK11SO */
+#define ENGINE_load_pk11 ENGINE_load_pk11so
Index: openssl/crypto/engine/hw_pk11so_pub.c
diff -u /dev/null openssl/crypto/engine/hw_pk11so_pub.c:1.8
---- /dev/null Tue Jun 19 16:21:26 2012
+--- /dev/null Thu May 16 07:44:28 2013
+++ openssl/crypto/engine/hw_pk11so_pub.c Sun Jun 17 21:12:24 2012
@@ -0,0 +1,1622 @@
+/*
+#endif /* OPENSSL_NO_HW */
Index: openssl/crypto/engine/pkcs11.h
diff -u /dev/null openssl/crypto/engine/pkcs11.h:1.1.1.1
---- /dev/null Tue Jun 19 16:21:26 2012
+--- /dev/null Thu May 16 07:44:28 2013
+++ openssl/crypto/engine/pkcs11.h Wed Oct 24 23:27:09 2007
@@ -0,0 +1,299 @@
+/* pkcs11.h include file for PKCS #11. */
-+/* $Revision: 1.1.1.1 $ */
++/* $Revision$ */
+
+/* License to copy and use this software is granted provided that it is
+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
+#endif
Index: openssl/crypto/engine/pkcs11f.h
diff -u /dev/null openssl/crypto/engine/pkcs11f.h:1.1.1.1
---- /dev/null Tue Jun 19 16:21:26 2012
+--- /dev/null Thu May 16 07:44:28 2013
+++ openssl/crypto/engine/pkcs11f.h Wed Oct 24 23:27:09 2007
@@ -0,0 +1,912 @@
+/* pkcs11f.h include file for PKCS #11. */
-+/* $Revision: 1.1.1.1 $ */
++/* $Revision$ */
+
+/* License to copy and use this software is granted provided that it is
+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
+#endif
Index: openssl/crypto/engine/pkcs11t.h
diff -u /dev/null openssl/crypto/engine/pkcs11t.h:1.2
---- /dev/null Tue Jun 19 16:21:26 2012
+--- /dev/null Thu May 16 07:44:28 2013
+++ openssl/crypto/engine/pkcs11t.h Sat Aug 30 11:58:07 2008
@@ -0,0 +1,1885 @@
+/* pkcs11t.h include file for PKCS #11. */
-+/* $Revision: 1.2 $ */
++/* $Revision$ */
+
+/* License to copy and use this software is granted provided that it is
+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
+
+#endif
Index: openssl/util/libeay.num
-diff -u openssl/util/libeay.num:1.8.2.1.4.1 openssl/util/libeay.num:1.10
---- openssl/util/libeay.num:1.8.2.1.4.1 Tue Jun 19 15:30:18 2012
-+++ openssl/util/libeay.num Tue Jun 19 16:18:10 2012
-@@ -4310,3 +4310,5 @@
+diff -u openssl/util/libeay.num:1.8.2.1.4.1.2.1 openssl/util/libeay.num:1.11
+--- openssl/util/libeay.num:1.8.2.1.4.1.2.1 Wed May 15 11:47:13 2013
++++ openssl/util/libeay.num Wed May 15 11:57:43 2013
+@@ -4311,3 +4311,5 @@
BIO_s_datagram_sctp 4680 EXIST::FUNCTION:DGRAM,SCTP
BIO_dgram_is_sctp 4681 EXIST::FUNCTION:SCTP
BIO_dgram_sctp_notification_cb 4682 EXIST::FUNCTION:SCTP
if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; }
if ($keyword eq "GMP" && $no_gmp) { return 0; }
Index: openssl/util/pl/VC-32.pl
-diff -u openssl/util/pl/VC-32.pl:1.7.2.1.4.1 openssl/util/pl/VC-32.pl:1.8
---- openssl/util/pl/VC-32.pl:1.7.2.1.4.1 Tue Jun 19 15:30:18 2012
-+++ openssl/util/pl/VC-32.pl Tue Jun 19 16:18:10 2012
+diff -u openssl/util/pl/VC-32.pl:1.7.2.1.4.1.2.1 openssl/util/pl/VC-32.pl:1.9
+--- openssl/util/pl/VC-32.pl:1.7.2.1.4.1.2.1 Wed May 15 11:47:13 2013
++++ openssl/util/pl/VC-32.pl Wed May 15 11:57:43 2013
@@ -46,7 +46,7 @@
my $f = $shlib || $fips ?' /MD':' /MT';
$lib_cflag='/Zl' if (!$shlib); # remove /DEFAULTLIBs from static lib
</itemizedlist>
<para>The modified OpenSSL code is included in the BIND 9 release,
in the form of a context diff against the latest verions of
- OpenSSL. OpenSSL 0.9.8 and 1.0.0 are both supported; there are
+ OpenSSL. OpenSSL 0.9.8, 1.0.0 and 1.0.1 are supported; there are
separate diffs for each version. In the examples to follow,
- we use OpenSSL 0.9.8, but the same methods work with OpenSSL 1.0.0.
+ we use OpenSSL 0.9.8, but the same methods work with OpenSSL 1.0.0
+ and 1.0.1.
</para>
<note>
The latest OpenSSL versions at the time of the BIND release
- are 0.9.8s and 1.0.0f.
+ are 0.9.8y, 1.0.0k and 1.0.1e.
ISC will provide an updated patch as new versions of OpenSSL
are released. The version number in the following examples
is expected to change.</note>