6,115 curl/Patches/sunw-openssl.diff
View file

Large diffs are not rendered by default.

8 libidn/install-sfw
View file
@@ -28,8 +28,9 @@

PREFIX=${DESTDIR}/usr
LIBDIR=${PREFIX}/lib
INCDIR=${PREFIX}/include

mkdir -p ${LIBDIR}
mkdir -p ${LIBDIR} ${INCDIR}

. ../install.subr

@@ -39,4 +40,9 @@ _install D lib/.libs/libidn.so.11.5.40 ${LIBDIR}/libidn.so.11.5.40 555
_install L libidn.so.11.5.40 ${LIBDIR}/libidn.so
_install L libidn.so.11.5.40 ${LIBDIR}/libidn.so.11

for header in stringprep.h idna.h punycode.h idn-free.h pr29.h \
tld.h idn-int.h; do
_install N lib/${header} ${INCDIR}/${header} 0444
done

exit 0
8 manifest
View file
@@ -457,13 +457,21 @@ f usr/openldap/share/man/man5/ldif.5 0444 root bin
f usr/bin/amd64/openssl 0555 root bin
s usr/sfw/bin/amd64/openssl=../../../bin/amd64/openssl
f lib/amd64/libcrypto.so.0.9.8 0755 root bin
f lib/amd64/libcrypto.so.1.0.0 0755 root bin
s usr/lib/amd64/libcrypto.so.0.9.8=../../../lib/amd64/libcrypto.so.0.9.8
s usr/lib/amd64/libcrypto.so.1.0.0=../../../lib/amd64/libcrypto.so.1.0.0
f lib/amd64/libssl.so.0.9.8 0755 root bin
f lib/amd64/libssl.so.1.0.0 0755 root bin
s usr/lib/amd64/libssl.so.0.9.8=../../../lib/amd64/libssl.so.0.9.8
s usr/lib/amd64/libssl.so.1.0.0=../../../lib/amd64/libssl.so.1.0.0
f lib/libcrypto.so.0.9.8 0755 root bin
f lib/libcrypto.so.1.0.0 0755 root bin
s usr/lib/libcrypto.so.0.9.8=../../lib/libcrypto.so.0.9.8
s usr/lib/libcrypto.so.1.0.0=../../lib/libcrypto.so.1.0.0
f lib/libssl.so.0.9.8 0755 root bin
f lib/libssl.so.1.0.0 0755 root bin
s usr/lib/libssl.so.0.9.8=../../lib/libssl.so.0.9.8
s usr/lib/libssl.so.1.0.0=../../lib/libssl.so.1.0.0
f usr/bin/CA.pl 0555 root bin
f usr/bin/openssl 0555 root bin
s usr/sfw/bin/openssl=../../bin/openssl
17 node.js/Makefile
View file
@@ -57,17 +57,34 @@ AUTOCONF_CFLAGS = CFLAGS="$(CPPFLAGS) $(CFLAGS)"
AUTOCONF_LIBS =
AUTOCONF_ENV += CXXFLAGS="$(CPPFLAGS) $(CFLAGS)"

#
# Jump through hoops to get the locally-run build tools to build with the
# correct compiler and without referencing anything in the proto area.
# This is needed because the proto area may contain libraries that are not
# present or are of different versions on the build machine itself. A
# patch to the python configure program is also required to make this work.
#
AUTOCONF_ENV += LDFLAGS.host="-Wl,-i"
AUTOCONF_ENV += CXX.host="/opt/local/bin/g++"
AUTOCONF_ENV += CC.host="/opt/local/bin/gcc"
AUTOCONF_ENV += CXX_host="/opt/local/bin/g++"
AUTOCONF_ENV += CC_host="/opt/local/bin/gcc"
AUTOCONF_ENV += LINK.host="/opt/local/bin/g++"

OVERRIDES += $(AUTOCONF_ENV)

AUTOCONF_OUT = build/default/config.h

PATCHES = Patches/*

all: all_autoconf

# - platform_node_version.js is autogenerated with the current node version
# - we move man pages as we want them in /usr/node/0.8/man
install: install_autoconf
mkdir -p $(DESTDIR)/usr/node/$(MAJOR_VER)/node_modules
./build_require_platform_node_version.sh \
$(DESTDIR) \
$(DESTDIR)/usr/node/$(MAJOR_VER)/bin/node \
$(DESTDIR)/usr/node/$(MAJOR_VER)/node_modules/platform_node_version.js
rm -rf $(DESTDIR)/usr/node/$(MAJOR_VER)/man
73 node.js/Patches/separate-host.diff
View file
@@ -0,0 +1,73 @@
diff -ur node-v0.8.14/configure node-v0.8.14-32/configure
--- node-v0.8.14/configure 2012-10-25 20:49:32.000000000 +0000
+++ node-v0.8.14-32/configure 2013-01-11 20:31:32.754470909 +0000
@@ -359,6 +359,7 @@
target_arch = options.dest_cpu or host_arch
o['variables']['host_arch'] = host_arch
o['variables']['target_arch'] = target_arch
+ o['variables']['want_separate_host_toolset'] = '1'

if target_arch == 'arm':
configure_arm(o)
@@ -400,13 +401,13 @@

# assume shared_zlib if one of these is set?
if options.shared_zlib_libpath:
- o['libraries'] += ['-L%s' % options.shared_zlib_libpath]
+ o['ldflags_target'] += ['-L%s' % options.shared_zlib_libpath]
if options.shared_zlib_libname:
o['libraries'] += ['-l%s' % options.shared_zlib_libname]
elif options.shared_zlib:
o['libraries'] += ['-lz']
if options.shared_zlib_includes:
- o['include_dirs'] += [options.shared_zlib_includes]
+ o['include_dirs_target'] += [options.shared_zlib_includes]


def configure_v8(o):
@@ -415,13 +416,13 @@

# assume shared_v8 if one of these is set?
if options.shared_v8_libpath:
- o['libraries'] += ['-L%s' % options.shared_v8_libpath]
+ o['ldflags_target'] += ['-L%s' % options.shared_v8_libpath]
if options.shared_v8_libname:
o['libraries'] += ['-l%s' % options.shared_v8_libname]
elif options.shared_v8:
o['libraries'] += ['-lv8']
if options.shared_v8_includes:
- o['include_dirs'] += [options.shared_v8_includes]
+ o['include_dirs_target'] += [options.shared_v8_includes]


def configure_openssl(o):
@@ -438,7 +439,7 @@
(libs, cflags) = pkg_config('openssl') or ('-lssl -lcrypto', '')

if options.shared_openssl_libpath:
- o['libraries'] += ['-L%s' % options.shared_openssl_libpath]
+ o['ldflags_target'] += ['-L%s' % options.shared_openssl_libpath]

if options.shared_openssl_libname:
libnames = options.shared_openssl_libname.split(',')
@@ -447,17 +448,18 @@
o['libraries'] += libs.split()

if options.shared_openssl_includes:
- o['include_dirs'] += [options.shared_openssl_includes]
+ o['include_dirs_target'] += [options.shared_openssl_includes]
else:
o['cflags'] += cflags.split()


output = {
'variables': {},
- 'include_dirs': [],
+ 'include_dirs_target': [],
'libraries': [],
'defines': [],
'cflags': [],
+ 'ldflags_target': [],
}

configure_node(output)
12 node.js/build_require_platform_node_version.sh
View file
@@ -6,15 +6,17 @@
set -o errexit
set -o pipefail

NODE=$1
OUT=$2
DESTDIR=$1
NODE=$2
OUT=$3

if [[ -z ${NODE} || ! -x ${NODE} || -z ${OUT} || -n $3 ]]; then
echo "Usage: $0 <node> <output>" >&2
if [[ -z ${NODE} || ! -x ${NODE} || -z ${OUT} || -n $4 ]]; then
echo "Usage: $0 <proto> <node> <output>" >&2
exit 1
fi

VER=$(${NODE} -e 'console.log(process.version)')
VER=$(LD_LIBRARY_PATH=${DESTDIR}/lib:${DESTDIR}/usr/lib \
${NODE} -e 'console.log(process.version)')

cat >${OUT} <<EOF
// This file was autogenerated, do not edit manually.
7 nss-nspr/Makefile
View file
@@ -28,6 +28,7 @@ include ../Makefile.defs
NSPRVER = nspr-4.8.6
TARBALL = $(VER)-with-$(NSPRVER).tar.gz

AUTOCONF_CPPFLAGS =
UNPACK_SENTINEL = .stamp
FROB_SENTINEL.32 = /bin/true
FROB_SENTINEL.64 = /bin/true
@@ -40,13 +41,15 @@ all_32: $(VER.32)/$(UNPACK_SENTINEL)
@ (cd $(VER.32)/mozilla/security/nss; \
PATH=$(PATH) \
gmake BUILD_OPT=1 BUILD_SUN_PKG=1 NS_USE_GCC=1 NO_MDUPDATE=1 \
nss_build_all )
CC="$(GCC)" CXX="$(GXX)" CPPFLAGS="$(CPPFLAGS)" \
LDFLAGS="$(LDFLAGS)" nss_build_all )

all_64: $(VER.64)/$(UNPACK_SENTINEL)
@ (cd $(VER.64)/mozilla/security/nss; \
PATH=$(PATH) \
gmake USE_64=1 BUILD_OPT=1 BUILD_SUN_PKG=1 NS_USE_GCC=1 \
NO_MDUPDATE=1 nss_build_all )
CC="$(GCC.64)" CXX="$(GXX.64)" CPPFLAGS="$(CPPFLAGS)" \
LDFLAGS="$(LDFLAGS.64)" NO_MDUPDATE=1 nss_build_all )

install: all
DESTDIR=$(DESTDIR) ksh93 ./install-nss $(VER.32)
2 openldap/Makefile
View file
@@ -39,5 +39,7 @@ AUTOCONF_OPTS += \
LDFLAGS += \
-Wl,-R/usr/openldap/lib

PATCHES = Patches/*

include ../Makefile.targ
include ../Makefile.targ.autoconf
5,692 openldap/Patches/sunw-openssl.diff
View file

Large diffs are not rendered by default.

28 openssl/install-sfw
View file
@@ -51,36 +51,10 @@ if [[ ${MACH32} = "i86" ]]; then
-e 'cap:hw1 -and -cmp mmx' libcrypto.so.${LIBVER}
fi

# Install libraries
# Install libraries, for legacy use only
_install D libcrypto.so.${LIBVER} ${LIBDIR}/libcrypto.so.${LIBVER} 0755
_install L libcrypto.so.${LIBVER} ${LIBDIR}/libcrypto.so
_install D libssl.so.${LIBVER} ${LIBDIR}/libssl.so.${LIBVER} 0755
_install L libssl.so.${LIBVER} ${LIBDIR}/libssl.so
_install L ../../libcrypto.so.${LIBVER} ${USRLIBDIR}/libcrypto.so.${LIBVER}
_install L ../../libcrypto.so ${USRLIBDIR}/libcrypto.so
_install L ../../lib/libssl.so.${LIBVER} ${USRLIBDIR}/libssl.so.${LIBVER}
_install L ../../lib/libssl.so ${USRLIBDIR}/libssl.so

# Install commands
_install P apps/CA.pl ${BINDIR}/CA.pl 0555
_install E apps/openssl ${BINDIR}/openssl 0555
mkdir -p ${DESTDIR}/usr/sfw/bin
_install L ../../bin/openssl ${DESTDIR}/usr/sfw/bin/openssl

# Install etc
mkdir -p ${DESTDIR}/etc/openssl
mkdir -p ${DESTDIR}/etc/openssl/certs
mkdir -p ${DESTDIR}/etc/openssl/private
mkdir -p ${DESTDIR}/etc/sfw
chmod 0700 ${DESTDIR}/etc/openssl/private
_install N apps/openssl.cnf ${DESTDIR}/etc/openssl/openssl.cnf 0644
_install L ../openssl ${DESTDIR}/etc/sfw/openssl

# Install header files
mkdir -p ${INCDIR}/openssl
cd include/openssl
for header in !(ec*|fips*|idea*); do
_install N ${header} ${INCDIR}/openssl/${header} 0444
done

exit 0
10 openssl/install-sfw-64
View file
@@ -45,19 +45,11 @@ source ../install.subr

cd ${VERDIR}

# Install commands
_install E apps/openssl ${BINDIR}/openssl 0555
_install L ../../../bin/amd64/openssl ${SFWBINDIR}/openssl

# Install libraries
# Install libraries, for legacy use only
_install D libcrypto.so.${LIBVER} ${LIBDIR}/libcrypto.so.${LIBVER} 0755
_install L libcrypto.so.${LIBVER} ${LIBDIR}/libcrypto.so
_install D libssl.so.${LIBVER} ${LIBDIR}/libssl.so.${LIBVER} 0755
_install L libssl.so.${LIBVER} ${LIBDIR}/libssl.so
_install L amd64 ${DESTDIR}/lib/64
_install L ../../../lib/amd64/libcrypto.so.${LIBVER} ${USRLIBDIR}/libcrypto.so.${LIBVER}
_install L ../../../lib/amd64/libcrypto.so ${USRLIBDIR}/libcrypto.so
_install L ../../../lib/amd64/libssl.so.${LIBVER} ${USRLIBDIR}/libssl.so.${LIBVER}
_install L ../../../lib/amd64/libssl.so ${USRLIBDIR}/libssl.so

exit 0
183 openssl1x/Makefile
View file
@@ -0,0 +1,183 @@
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
# Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
# Copyright (c) 2012-2013, Joyent, Inc. All rights reserved.
#

VER = openssl-1.0.1c
LIBVER = 1.0.0

include ../Makefile.defs

SHELL = /bin/bash
BUILD64 = yes
UNPACK_SENTINEL = Configure
AUTOCONF_OUT = crypto/opensslconf.h

MT_CPPFLAGS = -D_REENTRANT
SHARED_CFLAGS = -fPIC -DPIC
SHARED_LDFLAGS = -fPIC -shared

PKCS11_SRCS = \
hw_pk11_err.c \
hw_pk11_err.h \
hw_pk11_pub.c \
hw_pk11_uri.c \
hw_pk11_uri.h \
hw_pk11.c \
hw_pk11.h

PKCS11_DST.32 = $(VER.32)/crypto/engine
PKCS11_DST.64 = $(VER.64)/crypto/engine

PKCS11.32 = $(PKCS11_SRCS:%=$(PKCS11_DST.32)/%)
PKCS11.64 = $(PKCS11_SRCS:%=$(PKCS11_DST.64)/%)

CHECK_LIBS = \
$(VER.32)/libcrypto.so.$(LIBVER) \
$(VER.32)/libssl.so.$(LIBVER) \
$(VER.64)/libcrypto.so.$(LIBVER) \
$(VER.64)/libssl.so.$(LIBVER)

#
# There are races between the building of assembly language sources and
# the assembly of those files. Disable parallel build.
#
PARALLEL =

CPPFLAGS += \
-DSOLARIS_OPENSSL \
-DNO_WINDOWS_BRAINDEATH \
-include openssl/sunw_prefix.h

CFLAGS += \
-O3 \
-march=pentium \
-Wall \
-Werror \
-DPK11_LIB_LOCATION=\\"/usr/lib/libpkcs11.so.1\\"

CFLAGS.64 += \
-O3 \
-Wall \
-Werror \
-DPK11_LIB_LOCATION=\\"/usr/lib/64/libpkcs11.so.1\\"

LIBS += -lsocket -lnsl

PATCHES = Patches/*

AUTOCONF_ENV =
AUTOCONF_OPTS += \
--openssldir=/etc/openssl \
--install_prefix=$(DESTDIR) \
no-ec \
no-ecdh \
no-ecdsa \
no-rc3 \
no-rc5 \
no-mdc2 \
no-idea \
no-hw_4758_cca \
no-hw_aep \
no-hw_atalla \
no-hw_chil \
no-hw_gmp \
no-hw_ncipher \
no-hw_nuron \
no-hw_padlock \
no-hw_sureware \
no-hw_ubsec \
no-hw_cswift \
enable-md2 \
threads \
shared

AUTOCONF_OPTS.32 += \
smartos-x86-gcc

AUTOCONF_OPTS.64 += \
smartos64-x86_64-gcc

$(PKCS11_DST.32)/%: engine_pkcs11/%
cp $< $@

$(PKCS11_DST.64)/%: engine_pkcs11/%
cp $< $@

$(VER.32)/%: %
cp $< $@

$(VER.64)/%: %
cp $< $@

$(VER.32)/configure: $(VER.32)/Configure Makefile $(PKCS11.32) \
$(VER.32)/sunw_prefix.h
sed -e 's#@@CC@@#$(GCC)#g' \
-e 's#@@CPPFLAGS@@#$(CPPFLAGS)#g' \
-e 's#@@CFLAGS@@#$(CFLAGS)#g' \
-e 's#@@MT_CPPFLAGS@@#$(MT_CPPFLAGS)#g' \
-e 's#@@LDFLAGS@@#$(LDFLAGS)#g' \
-e 's#@@LIBS@@#$(LIBS)#g' \
-e 's#@@SHARED_CFLAGS@@#$(SHARED_CFLAGS)#g' \
-e 's#@@SHARED_LDFLAGS@@#$(SHARED_LDFLAGS)#g' < $< > $@
chmod +x $@

$(VER.64)/configure: $(VER.64)/Configure Makefile $(PKCS11.64) \
$(VER.64)/sunw_prefix.h
sed -e 's#@@CC@@#$(GCC.64)#g' \
-e 's#@@CPPFLAGS@@#$(CPPFLAGS)#g' \
-e 's#@@CFLAGS@@#$(CFLAGS.64)#g' \
-e 's#@@MT_CPPFLAGS@@#$(MT_CPPFLAGS)#g' \
-e 's#@@LDFLAGS@@#$(LDFLAGS.64)#g' \
-e 's#@@LIBS@@#$(LIBS)#g' \
-e 's#@@SHARED_CFLAGS@@#$(SHARED_CFLAGS)#g' \
-e 's#@@SHARED_LDFLAGS@@#$(SHARED_LDFLAGS)#g' < $< > $@
chmod +x $@

all: all_autoconf

check: $(CHECK_LIBS:%=%.check)

%.check: %
syms="$$(/usr/bin/nm -ph $< | \
awk '$$2 == T && $$3 != _init && $$3 != _fini { print $$3 }' | \
grep -v ^sunw_)"; \
if [[ -n "$$syms" ]]; then \
echo "Unprefixed symbols found in $<: $$syms"; \
exit 1; \
else \
touch $@; \
fi

$(CHECK_LIBS): all

install_32: all check
DESTDIR=$(DESTDIR) VERDIR=$(VER.32) LIBVER=$(LIBVER) \
ksh93 ./install-sfw

install_64: all check
DESTDIR=$(DESTDIR) VERDIR=$(VER.64) LIBVER=$(LIBVER) \
ksh93 ./install-sfw-64

install: install_32 install_64

include ../Makefile.targ
11 openssl1x/Patches/cms-warning.diff
View file
@@ -0,0 +1,11 @@
--- openssl-1.0.1c-64/crypto/cms/cms_enc.c 2012-05-10 13:34:21.000000000 +0000
+++ openssl-1.0.1c-32/crypto/cms/cms_enc.c 2013-01-08 22:52:02.972099339 +0000
@@ -74,7 +74,7 @@
X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;
unsigned char *tkey = NULL;
- size_t tkeylen;
+ size_t tkeylen = 0;

int ok = 0;

176 openssl1x/Patches/configure.diff
View file
@@ -0,0 +1,176 @@
diff -ur openssl-1.0.1c/Configure openssl-1.0.1c-32/Configure
--- openssl-1.0.1c/Configure 2012-03-14 22:20:40.000000000 +0000
+++ openssl-1.0.1c-32/Configure 2013-01-09 00:06:33.676636706 +0000
@@ -205,6 +205,14 @@
"vos-gcc","gcc:-O3 -Wall -DOPENSSL_SYSNAME_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:",
"debug-vos-gcc","gcc:-O0 -g -Wall -DOPENSSL_SYSNAME_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:",

+#### SmartOS setups
+# These always use gcc. Also, because these interfaces are private on SmartOS,
+# we needn't jump through so many hoops. We allow this to be templatised by
+# higher-level build software. Otherwise similar to Solaris.
+"smartos-x86-gcc","@@CC@@:@@CPPFLAGS@@ @@CFLAGS@@ -DL_ENDIAN::@@MT_CPPFLAGS@@::@@LDFLAGS@@ @@LIBS@@:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:solaris-shared:@@SHARED_CFLAGS@@:@@CFLAGS@@ @@SHARED_CFLAGS@@ @@SHARED_LDFLAGS@@:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+"smartos64-x86_64-gcc","@@CC@@:@@CPPFLAGS@@ @@CFLAGS@@ -DL_ENDIAN::@@MT_CPPFLAGS@@::@@LDFLAGS@@ @@LIBS@@:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:@@SHARED_CFLAGS@@:@@CFLAGS@@ @@SHARED_CFLAGS@@ @@SHARED_LDFLAGS@@:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
+
#### Solaris x86 with GNU C setups
# -DOPENSSL_NO_INLINE_ASM switches off inline assembler. We have to do it
# here because whenever GNU C instantiates an assembler template it
@@ -1800,12 +1808,6 @@
$foo =~ s/\\/\\\\/g;
print OUT "#define OPENSSLDIR \"$foo\"\n";
}
- elsif (/^#define\s+ENGINESDIR/)
- {
- my $foo = "$prefix/$libdir/engines";
- $foo =~ s/\\/\\\\/g;
- print OUT "#define ENGINESDIR \"$foo\"\n";
- }
elsif (/^#((define)|(undef))\s+OPENSSL_EXPORT_VAR_AS_FUNCTION/)
{ printf OUT "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION\n"
if $export_var_as_fn;
@@ -1816,39 +1818,14 @@
$unistd = "<unistd.h>" if $unistd eq "";
print OUT "#define OPENSSL_UNISTD $unistd\n";
}
- elsif (/^#((define)|(undef))\s+SIXTY_FOUR_BIT_LONG/)
- { printf OUT "#%s SIXTY_FOUR_BIT_LONG\n",($b64l)?"define":"undef"; }
- elsif (/^#((define)|(undef))\s+SIXTY_FOUR_BIT/)
- { printf OUT "#%s SIXTY_FOUR_BIT\n",($b64)?"define":"undef"; }
- elsif (/^#((define)|(undef))\s+THIRTY_TWO_BIT/)
- { printf OUT "#%s THIRTY_TWO_BIT\n",($b32)?"define":"undef"; }
elsif (/^#((define)|(undef))\s+SIXTEEN_BIT/)
{ printf OUT "#%s SIXTEEN_BIT\n",($b16)?"define":"undef"; }
elsif (/^#((define)|(undef))\s+EIGHT_BIT/)
{ printf OUT "#%s EIGHT_BIT\n",($b8)?"define":"undef"; }
- elsif (/^#((define)|(undef))\s+BN_LLONG\s*$/)
- { printf OUT "#%s BN_LLONG\n",($bn_ll)?"define":"undef"; }
- elsif (/^\#define\s+DES_LONG\s+.*/)
- { printf OUT "#define DES_LONG unsigned %s\n",
- ($des_int)?'int':'long'; }
- elsif (/^\#(define|undef)\s+DES_PTR/)
- { printf OUT "#%s DES_PTR\n",($des_ptr)?'define':'undef'; }
- elsif (/^\#(define|undef)\s+DES_RISC1/)
- { printf OUT "#%s DES_RISC1\n",($des_risc1)?'define':'undef'; }
elsif (/^\#(define|undef)\s+DES_RISC2/)
{ printf OUT "#%s DES_RISC2\n",($des_risc2)?'define':'undef'; }
elsif (/^\#(define|undef)\s+DES_UNROLL/)
{ printf OUT "#%s DES_UNROLL\n",($des_unroll)?'define':'undef'; }
- elsif (/^#define\s+RC4_INT\s/)
- { printf OUT "#define RC4_INT unsigned %s\n",$type[$rc4_int]; }
- elsif (/^#undef\s+RC4_CHUNK/)
- {
- printf OUT "#undef RC4_CHUNK\n" if $rc4_chunk==0;
- printf OUT "#define RC4_CHUNK unsigned long\n" if $rc4_chunk==1;
- printf OUT "#define RC4_CHUNK unsigned long long\n" if $rc4_chunk==2;
- }
- elsif (/^#((define)|(undef))\s+RC4_INDEX/)
- { printf OUT "#%s RC4_INDEX\n",($rc4_idx)?"define":"undef"; }
elsif (/^#(define|undef)\s+I386_ONLY/)
{ printf OUT "#%s I386_ONLY\n", ($processor eq "386")?
"define":"undef"; }
diff -ur openssl-1.0.1c/crypto/opensslconf.h.in openssl-1.0.1c-32/crypto/opensslconf.h.in
--- openssl-1.0.1c/crypto/opensslconf.h.in 2005-12-16 10:37:23.000000000 +0000
+++ openssl-1.0.1c-32/crypto/opensslconf.h.in 2013-01-08 23:49:26.594537984 +0000
@@ -1,11 +1,19 @@
/* crypto/opensslconf.h.in */

+#ifdef __sparc
+#error "SPARC is not currently supported by the build system."
+#endif
+
/* Generate 80386 code? */
#undef I386_ONLY

#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/local/lib/engines"
+#if defined(__x86_64)
+#define ENGINESDIR "/usr/lib/64/engines"
+#else
+#define ENGINESDIR "/usr/lib/engines"
+#endif /* __x86_64 */
#define OPENSSLDIR "/usr/local/ssl"
#endif
#endif
@@ -44,7 +52,11 @@
* This enables code handling data aligned at natural CPU word
* boundary. See crypto/rc4/rc4_enc.c for further details.
*/
+#if defined(__x86_64)
+#define RC4_CHUNK unsigned long
+#else
#undef RC4_CHUNK
+#endif /* __x86_64 */
#endif
#endif

@@ -52,27 +64,44 @@
/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
* %20 speed up (longs are 8 bytes, int's are 4). */
#ifndef DES_LONG
+#if defined(__x86_64)
+#define DES_LONG unsigned int
+#else
#define DES_LONG unsigned long
+#endif /* __x86_64 */
#endif
#endif

#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
#define CONFIG_HEADER_BN_H
+#if defined(__x86_64)
#undef BN_LLONG
+#else
+#define BN_LLONG
+#endif /* __x86_64 */

/* Should we define BN_DIV2W here? */

/* Only one for the following should be defined */
+#if defined(__x86_64)
+#define SIXTY_FOUR_BIT_LONG
+#undef THIRTY_TWO_BIT
+#else
#undef SIXTY_FOUR_BIT_LONG
-#undef SIXTY_FOUR_BIT
#define THIRTY_TWO_BIT
+#endif /* __x86_64 */
+#undef SIXTY_FOUR_BIT
#endif

#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
#define CONFIG_HEADER_RC4_LOCL_H
/* if this is defined data[i] is used instead of *data, this is a %20
* speedup on x86 */
+#if defined(__x86_64)
#undef RC4_INDEX
+#else
+#define RC4_INDEX
+#endif /* __x86_64 */
#endif

#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
@@ -86,14 +115,22 @@
/* the following is tweaked from a config script, that is why it is a
* protected undef/define */
#ifndef DES_PTR
+#if defined(__x86_64)
#undef DES_PTR
+#else
+#define DES_PTR
+#endif /* __x86_64 */
#endif

/* This helps C compiler generate the correct code for multiple functional
* units. It reduces register dependancies at the expense of 2 more
* registers */
#ifndef DES_RISC1
+#if defined(__x86_64)
#undef DES_RISC1
+#else
+#define DES_RISC1
+#endif /* __x86_64 */
#endif

#ifndef DES_RISC2
42 openssl1x/Patches/pkcs11.diff
View file
@@ -0,0 +1,42 @@
diff -urN openssl-1.0.1c/crypto/engine/eng_all.c openssl-1.0.1c-src/crypto/engine/eng_all.c
--- openssl-1.0.1c/crypto/engine/eng_all.c 2011-08-10 18:53:13.000000000 +0000
+++ openssl-1.0.1c-src/crypto/engine/eng_all.c 2013-01-07 23:15:10.868557614 +0000
@@ -80,6 +80,9 @@
ENGINE_load_rdrand();
#endif
ENGINE_load_dynamic();
+#ifndef OPENSSL_NO_HW_PKCS11
+ ENGINE_load_pk11();
+#endif
#ifndef OPENSSL_NO_STATIC_ENGINE
#ifndef OPENSSL_NO_HW
#ifndef OPENSSL_NO_HW_4758_CCA
diff -urN openssl-1.0.1c/crypto/engine/engine.h openssl-1.0.1c-src/crypto/engine/engine.h
--- openssl-1.0.1c/crypto/engine/engine.h 2011-08-10 18:53:13.000000000 +0000
+++ openssl-1.0.1c-src/crypto/engine/engine.h 2013-01-07 23:15:56.210595780 +0000
@@ -351,6 +351,7 @@
#endif
#endif
void ENGINE_load_cryptodev(void);
+void ENGINE_load_pk11(void);
void ENGINE_load_rsax(void);
void ENGINE_load_rdrand(void);
void ENGINE_load_builtin_engines(void);
diff -urN openssl-1.0.1c/crypto/engine/Makefile openssl-1.0.1c-src/crypto/engine/Makefile
--- openssl-1.0.1c/crypto/engine/Makefile 2011-08-14 13:47:27.000000000 +0000
+++ openssl-1.0.1c-src/crypto/engine/Makefile 2013-01-07 23:14:30.020619793 +0000
@@ -22,13 +22,13 @@
tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \
tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c \
eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c \
- eng_rsax.c eng_rdrand.c
+ eng_rsax.c eng_rdrand.c hw_pk11.c hw_pk11_pub.c hw_pk11_uri.c
LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \
eng_table.o eng_pkey.o eng_fat.o eng_all.o \
tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \
tb_cipher.o tb_digest.o tb_pkmeth.o tb_asnmth.o \
eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o \
- eng_rsax.o eng_rdrand.o
+ eng_rsax.o eng_rdrand.o hw_pk11.o hw_pk11_pub.o hw_pk11_uri.o

SRC= $(LIBSRC)
82 openssl1x/Patches/prefix.diff
View file
@@ -0,0 +1,82 @@
--- openssl-1.0.1c/Makefile.org Sun Apr 22 13:25:19 2012
+++ openssl-1.0.1c-32/Makefile.org Thu Jan 10 00:55:18 2013
@@ -181,7 +181,7 @@
NAME= $(BASENAME)-$(VERSION)
TARFILE= $(NAME).tar
WTARFILE= $(NAME)-win.tar
-EXHEADER= e_os2.h
+EXHEADER= e_os2.h sunw_prefix.h
HEADER= e_os.h

all: Makefile build_all openssl.pc libssl.pc libcrypto.pc
diff -ur openssl-1.0.1c/crypto/perlasm/x86asm.pl openssl-1.0.1c-32/crypto/perlasm/x86asm.pl
--- openssl-1.0.1c/crypto/perlasm/x86asm.pl Mon Nov 14 20:44:20 2011
+++ openssl-1.0.1c-32/crypto/perlasm/x86asm.pl Thu Jan 10 03:26:00 2013
@@ -137,6 +137,7 @@

sub ::islabel # see is argument is a known label
{ my $i;
+ if ($_[0] eq "_GLOBAL_OFFSET_TABLE_") { return $_[0]; }
foreach $i (values %label) { return $i if ($i eq $_[0]); }
$label{$_[0]}; # can be undef
}
diff -ur openssl-1.0.1c/crypto/perlasm/x86gas.pl openssl-1.0.1c-32/crypto/perlasm/x86gas.pl
--- openssl-1.0.1c/crypto/perlasm/x86gas.pl Fri Dec 9 19:16:35 2011
+++ openssl-1.0.1c-32/crypto/perlasm/x86gas.pl Thu Jan 10 03:26:11 2013
@@ -5,7 +5,7 @@
*out=\@::out;

$::lbdecor=$::aout?"L":".L"; # local label decoration
-$nmdecor=($::aout or $::coff)?"_":""; # external name decoration
+$nmdecor=($::aout or $::coff)?"_":"sunw_"; # external name decoration

$initseg="";

--- openssl-1.0.1c/crypto/perlasm/x86_64-xlate.pl 2012-03-13 19:19:31.000000000 +0000
+++ openssl-1.0.1c-64/crypto/perlasm/x86_64-xlate.pl 2013-01-10 19:21:29.169546571 +0000
@@ -68,7 +68,7 @@
my $gas=1; $gas=0 if ($output =~ /\.asm$/);
my $elf=1; $elf=0 if (!$gas);
my $win64=0;
-my $prefix="";
+my $prefix="sunw_";
my $decor=".L";

my $masmref=8 + 50727*2**-32; # 8.00.50727 shipped with VS2005
@@ -467,6 +467,7 @@
}
$line =~ s/\@abi\-omnipotent/\@function/;
$line =~ s/\@function.*/\@function/;
+ $line =~ s/$sym/$globals{$sym} or $sym/e;
last;
};
/\.asciz/ && do { if ($line =~ /^"(.*)"$/) {
@@ -480,6 +481,9 @@
$line =~ s/\.L/$decor/g;
last;
};
+ /\.size/ && do { $line =~ s/([_a-z][_a-z0-9]*)/$globals{$1} or $1/gei;
+ last;
+ };
}

if ($gas) {
@@ -513,6 +517,7 @@
} elsif ($dir =~ /\.hidden/) {
if ($flavour eq "macosx") { $self->{value} = ".private_extern\t$prefix$line"; }
elsif ($flavour eq "mingw64") { $self->{value} = ""; }
+ else { $self->{value} = ".hidden\t$prefix$line"; }
} elsif ($dir =~ /\.comm/) {
$self->{value} = "$dir\t$prefix$line";
$self->{value} =~ s|,([0-9]+),([0-9]+)$|",$1,".log($2)/log(2)|e if ($flavour eq "macosx");
diff -urN openssl-1.0.1c/crypto/opensslconf.h.in openssl-1.0.1c-32/crypto/opensslconf.h.in
--- openssl-1.0.1c/crypto/opensslconf.h.in 2005-12-16 10:37:23.000000000 +0000
+++ openssl-1.0.1c-32/crypto/opensslconf.h.in 2013-01-10 23:47:08.346611475 +0000
@@ -1,5 +1,7 @@
/* crypto/opensslconf.h.in */

+#include <openssl/sunw_prefix.h>
+
/* Generate 80386 code? */
#undef I386_ONLY

105 openssl1x/README.integration
View file
@@ -0,0 +1,105 @@
OpenSSL 1.x illumos-extra Integration Notes

There are several changes made to OpenSSL that are worth highlighting for
the benefit of anyone wishing to upgrade or further modify the installation.
Generally, they are:

- The addition of a "hw_pk11" engine, written by Sun for 0.9.x, that
supports various HW accelerators that have KCF drivers. It is highly
unlikely at this point that anyone actually cares about this. There are a
few minor changes to hook this into the library, as well as the various
files themselves that implement the engine and are simply copied in.
There are no changes required to the build system in order to make this
work.

- New smartos-* build targets. These are patched into Configure as
templates. These templates are later filled in by trivial sed rules in
the build system to generate a configure (lower-case) that we then use to
actually set up the links. This allows us to control variables such as CC
and CFLAGS in the usual way, and to treat the OpenSSL configuration system
as if it were autoconf even though it's nothing of the sort.

- Changes to Configure, the assembly generators/translators, and the
addition of a header file to effect prefixing of globally visible function
symbol names.

- Changes to opensslconf.h.in, which is transformed into opensshconf.h
and delivered. This header defines data types used in the
implementations of algorithms along with which algorithms have been
built and several other pieces of metadata. Because OpenSSL does not
include proper multilib support and instead assumes that the libraries
and headers that are generated will be used on the build system, this
doesn't work well in our multilib environment. Rather than patching the
header after it's generated (which is basically impossible, since there
are so many differences between 32-bit and 64-bit), we instead modify it
in advance to support both. We then remove Configure's ability to
modify those portions of the header during the build. The introduction
of new algorithms whose preprocessor definitions or parameters differ
between 32-bit and 64-bit implementation will require further changes in
this area.

- Minor changes to eliminate warnings so that we can build with -Wall
-Werror. Fixes for these should be accumulated if required, and sent
upstream where possible.

If you are upgrading, it is likely that simply replacing the tarball and
modifying VER in the makefile will suffice. The changes to most of the
above are targeted at areas of the code that are unlikely to be changed,
especially to fix security bugs. One other thing to be aware of is that if
the library numbering (the portion of the filename after '.so') changes, you
will also need to change LIBVER. There is also a possibility that changes
to the library may break the hw_pk11 engine. For example, from 0.9.x to
1.x, the aes-ctr NIDs were added, making some of the code redundant.
Porting this code should not be a great deal of work, but if it becomes so,
it is probably best to delete it.

When upgrading, you will need to be sure that no new symbols have been
introduced. If any have been, it will be necessary to add them to
sunw_prefix.h. Unfortunately, the public interface to OpenSSL is not really
defined anywhere, so making a proper mapfile is difficult and every new
symbol, even those that are not intended for public use, must be added
there. A tool is included that can generate an appropriate header from an
OpenSSL library built from unmodified code; however, it will then be
necessary to append the Sun pk11 engine symbols to that.

Also, the prefixing of symbol names can confuse foreign software that
makes assumptions about the names of symbols in the libraries. The most
common culprit here is GNU autoconf (and configure scripts that use it);
there are several macros that are designed to check for symbols in a
library without bothering to include any of the headers necessary to
actually use the library. These will need to be fixed up in any
software that consumes OpenSSL in illumos-extra. This does not affect
ON, nor any other software that simply consumes OpenSSL in the
documented manner.

The libraries as delivered are not, and are not intended to be,
compatible with consumers built against 0.9.8. In addition to the
inherent changes to OpenSSL itself, the symbol prefixing and our
simplification of algorithm selection (namely, the adoption of the
standard implementations the OpenSSL Configure script would choose based
on our hardware architecture) have altered the binary interfaces. The
use of the bootstrap proto area allows arbitrary incompatible changes
here -- the libraries we deliver are used only by software in the
platform.

MOST IMPORTANT OF ALL:

This software is absolutely critical to the security of our customers'
information. Do not upgrade this package on a whim. If a security fix
necessitates an upgrade, take the time to understand what has changed
and how it will interact with our build environment and consumers. It
may be preferable to apply a patch rather than do a wholesale upgrade if
that avoids complex interactions with our changes. While these changes
have been designed to avoid conflict with likely changes in OpenSSL,
there are several classes of change that would inherently necessitate
minor additional integration work in order for them to work correctly.
BE CERTAIN THAT YOU HAVE UNDERSTOOD THE RAMIFICATIONS OF ANY UPGRADE!
It is not sufficient that updating the tarball and bumping VERSION
builds successfully; despite the checks that are in place to prevent
errors, it is still important that you read the release notes, change
logs, and diffs to ensure proper integration. The "unique" build
environment we have here is unfortunately more costly than usual to
maintain, but this software also has unusual importance both in the
number of consumers and the critical nature of the functionality it
provides. If there is anywhere to spend the time getting it right, it
is here. Don't take shortcuts.
3,736 openssl1x/engine_pkcs11/hw_pk11.c
View file

Large diffs are not rendered by default.

251 openssl1x/engine_pkcs11/hw_pk11.h
View file
@@ -0,0 +1,251 @@
/*
* Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
*
*/

/* crypto/engine/hw_pk11.h */
/*
* This product includes software developed by the OpenSSL Project for
* use in the OpenSSL Toolkit (http://www.openssl.org/).
*
* This project also referenced hw_pkcs11-0.9.7b.patch written by
* Afchine Madjlessi.
*/
/*
* ====================================================================
* Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/

#ifndef HW_PK11_H
#define HW_PK11_H

#include "hw_pk11_err.h"

/* max byte length of a symetric key we support */
#define PK11_KEY_LEN_MAX 32

/*
* This structure encapsulates all reusable information for a PKCS#11
* session. A list of these objects is created on behalf of the
* calling application using an on-demand method. Each operation
* type (see PK11_OPTYPE below) has its own per-process list.
* Each of the lists is basically a cache for faster PKCS#11 object
* access to avoid expensive C_Find{,Init,Final}Object() calls.
*
* When a new request comes in, an object will be taken from the list
* (if there is one) or a new one is created to handle the request
* (if the list is empty). See pk11_get_session() on how it is done.
*/
typedef struct PK11_st_SESSION
{
struct PK11_st_SESSION *next;
CK_SESSION_HANDLE session; /* PK11 session handle */
pid_t pid; /* Current process ID */
CK_BBOOL persistent; /* is that a keystore object? */
union
{
#ifndef OPENSSL_NO_RSA
struct
{
CK_OBJECT_HANDLE rsa_pub_key; /* pub handle */
CK_OBJECT_HANDLE rsa_priv_key; /* priv handle */
RSA *rsa_pub; /* pub key addr */
BIGNUM *rsa_n_num; /* pub modulus */
BIGNUM *rsa_e_num; /* pub exponent */
RSA *rsa_priv; /* priv key addr */
BIGNUM *rsa_d_num; /* priv exponent */
} u_RSA;
#endif /* OPENSSL_NO_RSA */
#ifndef OPENSSL_NO_DSA
struct
{
CK_OBJECT_HANDLE dsa_pub_key; /* pub handle */
CK_OBJECT_HANDLE dsa_priv_key; /* priv handle */
DSA *dsa_pub; /* pub key addr */
BIGNUM *dsa_pub_num; /* pub key */
DSA *dsa_priv; /* priv key addr */
BIGNUM *dsa_priv_num; /* priv key */
} u_DSA;
#endif /* OPENSSL_NO_DSA */
#ifndef OPENSSL_NO_DH
struct
{
CK_OBJECT_HANDLE dh_key; /* key handle */
DH *dh; /* dh key addr */
BIGNUM *dh_priv_num; /* priv dh key */
} u_DH;
#endif /* OPENSSL_NO_DH */
struct
{
CK_OBJECT_HANDLE cipher_key; /* key handle */
unsigned char key[PK11_KEY_LEN_MAX];
int key_len; /* priv key len */
int encrypt; /* 1/0 enc/decr */
} u_cipher;
} opdata_u;
} PK11_SESSION;

#define opdata_rsa_pub_key opdata_u.u_RSA.rsa_pub_key
#define opdata_rsa_priv_key opdata_u.u_RSA.rsa_priv_key
#define opdata_rsa_pub opdata_u.u_RSA.rsa_pub
#define opdata_rsa_priv opdata_u.u_RSA.rsa_priv
#define opdata_rsa_n_num opdata_u.u_RSA.rsa_n_num
#define opdata_rsa_e_num opdata_u.u_RSA.rsa_e_num
#define opdata_rsa_d_num opdata_u.u_RSA.rsa_d_num
#define opdata_dsa_pub_key opdata_u.u_DSA.dsa_pub_key
#define opdata_dsa_priv_key opdata_u.u_DSA.dsa_priv_key
#define opdata_dsa_pub opdata_u.u_DSA.dsa_pub
#define opdata_dsa_pub_num opdata_u.u_DSA.dsa_pub_num
#define opdata_dsa_priv opdata_u.u_DSA.dsa_priv
#define opdata_dsa_priv_num opdata_u.u_DSA.dsa_priv_num
#define opdata_dh_key opdata_u.u_DH.dh_key
#define opdata_dh opdata_u.u_DH.dh
#define opdata_dh_priv_num opdata_u.u_DH.dh_priv_num
#define opdata_cipher_key opdata_u.u_cipher.cipher_key
#define opdata_key opdata_u.u_cipher.key
#define opdata_key_len opdata_u.u_cipher.key_len
#define opdata_encrypt opdata_u.u_cipher.encrypt

/*
* We have 3 different groups of operation types:
* 1) asymmetric operations
* 2) random operations
* 3) symmetric and digest operations
*
* This division into groups stems from the fact that it's common that hardware
* providers may support operations from one group only. For example, hardware
* providers on UltraSPARC T2, n2rng(7d), ncp(7d), and n2cp(7d), each support
* only a single group of operations.
*
* For every group a different slot can be chosen. That means that we must have
* at least 3 different lists of cached PKCS#11 sessions since sessions from
* different groups may be initialized in different slots.
*
* To provide locking granularity in multithreaded environment, the groups are
* further splitted into types with each type having a separate session cache.
*/
typedef enum PK11_OPTYPE_ENUM
{
OP_RAND,
OP_RSA,
OP_DSA,
OP_DH,
OP_CIPHER,
OP_DIGEST,
OP_MAX
} PK11_OPTYPE;

/*
* This structure contains the heads of the lists forming the object caches
* and locks associated with the lists.
*/
typedef struct PK11_st_CACHE
{
PK11_SESSION *head;
pthread_mutex_t *lock;
} PK11_CACHE;

/* structure for tracking handles of asymmetric key objects */
typedef struct PK11_active_st
{
CK_OBJECT_HANDLE h;
unsigned int refcnt;
struct PK11_active_st *prev;
struct PK11_active_st *next;
} PK11_active;

extern pthread_mutex_t *find_lock[];
extern PK11_active *active_list[];
/*
* These variables are specific for the RSA keys by reference code. See
* hw_pk11_pub.c for explanation.
*/
extern char *passphrasedialog;
extern CK_FLAGS pubkey_token_flags;

#define LOCK_OBJSTORE(alg_type) \
(void) pthread_mutex_lock(find_lock[alg_type])
#define UNLOCK_OBJSTORE(alg_type) \
(void) pthread_mutex_unlock(find_lock[alg_type])

extern PK11_SESSION *pk11_get_session(PK11_OPTYPE optype);
extern void pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype);

#ifndef OPENSSL_NO_RSA
extern int pk11_destroy_rsa_key_objects(PK11_SESSION *session);
extern int pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
extern int pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
extern EVP_PKEY *pk11_load_privkey(ENGINE *e, const char *pubkey_file,
UI_METHOD *ui_method, void *callback_data);
extern EVP_PKEY *pk11_load_pubkey(ENGINE *e, const char *pubkey_file,
UI_METHOD *ui_method, void *callback_data);
extern RSA_METHOD *PK11_RSA(void);
#endif /* OPENSSL_NO_RSA */
#ifndef OPENSSL_NO_DSA
extern int pk11_destroy_dsa_key_objects(PK11_SESSION *session);
extern int pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
extern int pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
extern DSA_METHOD *PK11_DSA(void);
#endif /* OPENSSL_NO_DSA */
#ifndef OPENSSL_NO_DH
extern int pk11_destroy_dh_key_objects(PK11_SESSION *session);
extern int pk11_destroy_dh_object(PK11_SESSION *sp, CK_BBOOL uselock);
extern DH_METHOD *PK11_DH(void);
#endif /* OPENSSL_NO_DH */

extern CK_FUNCTION_LIST_PTR pFuncList;

extern int pk11_active_delete(CK_OBJECT_HANDLE h, PK11_OPTYPE type);
extern void pk11_free_active_list(PK11_OPTYPE type);

#endif /* HW_PK11_H */
307 openssl1x/engine_pkcs11/hw_pk11_err.c
View file
@@ -0,0 +1,307 @@
/*
* Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
*
*/

/* crypto/engine/hw_pk11_err.c */
/*
* This product includes software developed by the OpenSSL Project for
* use in the OpenSSL Toolkit (http://www.openssl.org/).
*
* This project also referenced hw_pkcs11-0.9.7b.patch written by
* Afchine Madjlessi.
*/
/*
* ====================================================================
* Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/

#include <stdio.h>
#include <openssl/err.h>
#include "hw_pk11_err.h"

/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
static ERR_STRING_DATA pk11_str_functs[]=
{
{ ERR_PACK(0, PK11_F_INIT, 0), "PK11_INIT"},
{ ERR_PACK(0, PK11_F_FINISH, 0), "PK11_FINISH"},
{ ERR_PACK(0, PK11_F_DESTROY, 0), "PK11_DESTROY"},
{ ERR_PACK(0, PK11_F_CTRL, 0), "PK11_CTRL"},
{ ERR_PACK(0, PK11_F_RSA_INIT, 0), "PK11_RSA_INIT"},
{ ERR_PACK(0, PK11_F_RSA_FINISH, 0), "PK11_RSA_FINISH"},
{ ERR_PACK(0, PK11_F_GET_PUB_RSA_KEY, 0), "PK11_GET_PUB_RSA_KEY"},
{ ERR_PACK(0, PK11_F_GET_PRIV_RSA_KEY, 0), "PK11_GET_PRIV_RSA_KEY"},
{ ERR_PACK(0, PK11_F_RSA_GEN_KEY, 0), "PK11_RSA_GEN_KEY"},
{ ERR_PACK(0, PK11_F_RSA_PUB_ENC, 0), "PK11_RSA_PUB_ENC"},
{ ERR_PACK(0, PK11_F_RSA_PRIV_ENC, 0), "PK11_RSA_PRIV_ENC"},
{ ERR_PACK(0, PK11_F_RSA_PUB_DEC, 0), "PK11_RSA_PUB_DEC"},
{ ERR_PACK(0, PK11_F_RSA_PRIV_DEC, 0), "PK11_RSA_PRIV_DEC"},
{ ERR_PACK(0, PK11_F_RSA_SIGN, 0), "PK11_RSA_SIGN"},
{ ERR_PACK(0, PK11_F_RSA_VERIFY, 0), "PK11_RSA_VERIFY"},
{ ERR_PACK(0, PK11_F_RAND_ADD, 0), "PK11_RAND_ADD"},
{ ERR_PACK(0, PK11_F_RAND_BYTES, 0), "PK11_RAND_BYTES"},
{ ERR_PACK(0, PK11_F_GET_SESSION, 0), "PK11_GET_SESSION"},
{ ERR_PACK(0, PK11_F_FREE_SESSION, 0), "PK11_FREE_SESSION"},
{ ERR_PACK(0, PK11_F_LOAD_PUBKEY, 0), "PK11_LOAD_PUBKEY"},
{ ERR_PACK(0, PK11_F_LOAD_PRIVKEY, 0), "PK11_LOAD_PRIV_KEY"},
{ ERR_PACK(0, PK11_F_RSA_PUB_ENC_LOW, 0), "PK11_RSA_PUB_ENC_LOW"},
{ ERR_PACK(0, PK11_F_RSA_PRIV_ENC_LOW, 0), "PK11_RSA_PRIV_ENC_LOW"},
{ ERR_PACK(0, PK11_F_RSA_PUB_DEC_LOW, 0), "PK11_RSA_PUB_DEC_LOW"},
{ ERR_PACK(0, PK11_F_RSA_PRIV_DEC_LOW, 0), "PK11_RSA_PRIV_DEC_LOW"},
{ ERR_PACK(0, PK11_F_DSA_SIGN, 0), "PK11_DSA_SIGN"},
{ ERR_PACK(0, PK11_F_DSA_VERIFY, 0), "PK11_DSA_VERIFY"},
{ ERR_PACK(0, PK11_F_DSA_INIT, 0), "PK11_DSA_INIT"},
{ ERR_PACK(0, PK11_F_DSA_FINISH, 0), "PK11_DSA_FINISH"},
{ ERR_PACK(0, PK11_F_GET_PUB_DSA_KEY, 0), "PK11_GET_PUB_DSA_KEY"},
{ ERR_PACK(0, PK11_F_GET_PRIV_DSA_KEY, 0), "PK11_GET_PRIV_DSA_KEY"},
{ ERR_PACK(0, PK11_F_DH_INIT, 0), "PK11_DH_INIT"},
{ ERR_PACK(0, PK11_F_DH_FINISH, 0), "PK11_DH_FINISH"},
{ ERR_PACK(0, PK11_F_MOD_EXP_DH, 0), "PK11_MOD_EXP_DH"},
{ ERR_PACK(0, PK11_F_GET_DH_KEY, 0), "PK11_GET_DH_KEY"},
{ ERR_PACK(0, PK11_F_FREE_ALL_SESSIONS, 0), "PK11_FREE_ALL_SESSIONS"},
{ ERR_PACK(0, PK11_F_SETUP_SESSION, 0), "PK11_SETUP_SESSION"},
{ ERR_PACK(0, PK11_F_DESTROY_OBJECT, 0), "PK11_DESTROY_OBJECT"},
{ ERR_PACK(0, PK11_F_CIPHER_INIT, 0), "PK11_CIPHER_INIT"},
{ ERR_PACK(0, PK11_F_CIPHER_DO_CIPHER, 0), "PK11_CIPHER_DO_CIPHER"},
{ ERR_PACK(0, PK11_F_GET_CIPHER_KEY, 0), "PK11_GET_CIPHER_KEY"},
{ ERR_PACK(0, PK11_F_DIGEST_INIT, 0), "PK11_DIGEST_INIT"},
{ ERR_PACK(0, PK11_F_DIGEST_UPDATE, 0), "PK11_DIGEST_UPDATE"},
{ ERR_PACK(0, PK11_F_DIGEST_FINAL, 0), "PK11_DIGEST_FINAL"},
{ ERR_PACK(0, PK11_F_CHOOSE_SLOT, 0), "PK11_CHOOSE_SLOT"},
{ ERR_PACK(0, PK11_F_CIPHER_FINAL, 0), "PK11_CIPHER_FINAL"},
{ ERR_PACK(0, PK11_F_LIBRARY_INIT, 0), "PK11_LIBRARY_INIT"},
{ ERR_PACK(0, PK11_F_LOAD, 0), "ENGINE_LOAD_PK11"},
{ ERR_PACK(0, PK11_F_DH_GEN_KEY, 0), "PK11_DH_GEN_KEY"},
{ ERR_PACK(0, PK11_F_DH_COMP_KEY, 0), "PK11_DH_COMP_KEY"},
{ ERR_PACK(0, PK11_F_DIGEST_COPY, 0), "PK11_DIGEST_COPY"},
{ ERR_PACK(0, PK11_F_CIPHER_CLEANUP, 0), "PK11_CIPHER_CLEANUP"},
{ ERR_PACK(0, PK11_F_ACTIVE_ADD, 0), "PK11_ACTIVE_ADD"},
{ ERR_PACK(0, PK11_F_ACTIVE_DELETE, 0), "PK11_ACTIVE_DELETE"},
{ ERR_PACK(0, PK11_F_CHECK_HW_MECHANISMS, 0), "PK11_CHECK_HW_MECHANISMS"},
{ ERR_PACK(0, PK11_F_INIT_SYMMETRIC, 0), "PK11_INIT_SYMMETRIC"},
{ ERR_PACK(0, PK11_F_ADD_AES_CTR_NIDS, 0), "PK11_ADD_AES_CTR_NIDS"},
{ ERR_PACK(0, PK11_F_INIT_ALL_LOCKS, 0), "PK11_INIT_ALL_LOCKS"},
{ ERR_PACK(0, PK11_F_RETURN_SESSION, 0), "PK11_RETURN_SESSION"},
{ ERR_PACK(0, PK11_F_GET_PIN, 0), "PK11_GET_PIN"},
{ ERR_PACK(0, PK11_F_FIND_ONE_OBJECT, 0), "PK11_FIND_ONE_OBJECT"},
{ ERR_PACK(0, PK11_F_CHECK_TOKEN_ATTRS, 0), "PK11_CHECK_TOKEN_ATTRS"},
{ ERR_PACK(0, PK11_F_CACHE_PIN, 0), "PK11_CACHE_PIN"},
{ ERR_PACK(0, PK11_F_MLOCK_PIN_IN_MEMORY, 0), "PK11_MLOCK_PIN_IN_MEMORY"},
{ ERR_PACK(0, PK11_F_TOKEN_LOGIN, 0), "PK11_TOKEN_LOGIN"},
{ ERR_PACK(0, PK11_F_TOKEN_RELOGIN, 0), "PK11_TOKEN_RELOGIN"},
{ ERR_PACK(0, PK11_F_RUN_ASKPASS, 0), "PK11_F_RUN_ASKPASS"},
{ 0, NULL}
};

static ERR_STRING_DATA pk11_str_reasons[]=
{
{ PK11_R_ALREADY_LOADED, "PKCS#11 DSO already loaded"},
{ PK11_R_DSO_FAILURE, "unable to load PKCS#11 DSO"},
{ PK11_R_NOT_LOADED, "PKCS#11 DSO not loaded"},
{ PK11_R_PASSED_NULL_PARAMETER, "null parameter passed"},
{ PK11_R_COMMAND_NOT_IMPLEMENTED, "command not implemented"},
{ PK11_R_INITIALIZE, "C_Initialize failed"},
{ PK11_R_FINALIZE, "C_Finalize failed"},
{ PK11_R_GETINFO, "C_GetInfo faile"},
{ PK11_R_GETSLOTLIST, "C_GetSlotList failed"},
{ PK11_R_NO_MODULUS_OR_NO_EXPONENT, "no modulus or no exponent"},
{ PK11_R_ATTRIBUT_SENSITIVE_OR_INVALID, "attr sensitive or invalid"},
{ PK11_R_GETATTRIBUTVALUE, "C_GetAttributeValue failed"},
{ PK11_R_NO_MODULUS, "no modulus"},
{ PK11_R_NO_EXPONENT, "no exponent"},
{ PK11_R_FINDOBJECTSINIT, "C_FindObjectsInit failed"},
{ PK11_R_FINDOBJECTS, "C_FindObjects failed"},
{ PK11_R_FINDOBJECTSFINAL, "C_FindObjectsFinal failed"},
{ PK11_R_CREATEOBJECT, "C_CreateObject failed"},
{ PK11_R_DESTROYOBJECT, "C_DestroyObject failed"},
{ PK11_R_OPENSESSION, "C_OpenSession failed"},
{ PK11_R_CLOSESESSION, "C_CloseSession failed"},
{ PK11_R_ENCRYPTINIT, "C_EncryptInit failed"},
{ PK11_R_ENCRYPT, "C_Encrypt failed"},
{ PK11_R_SIGNINIT, "C_SignInit failed"},
{ PK11_R_SIGN, "C_Sign failed"},
{ PK11_R_DECRYPTINIT, "C_DecryptInit failed"},
{ PK11_R_DECRYPT, "C_Decrypt failed"},
{ PK11_R_VERIFYINIT, "C_VerifyRecover failed"},
{ PK11_R_VERIFY, "C_Verify failed"},
{ PK11_R_VERIFYRECOVERINIT, "C_VerifyRecoverInit failed"},
{ PK11_R_VERIFYRECOVER, "C_VerifyRecover failed"},
{ PK11_R_GEN_KEY, "C_GenerateKeyPair failed"},
{ PK11_R_SEEDRANDOM, "C_SeedRandom failed"},
{ PK11_R_GENERATERANDOM, "C_GenerateRandom failed"},
{ PK11_R_INVALID_MESSAGE_LENGTH, "invalid message length"},
{ PK11_R_UNKNOWN_ALGORITHM_TYPE, "unknown algorithm type"},
{ PK11_R_UNKNOWN_ASN1_OBJECT_ID, "unknown asn1 onject id"},
{ PK11_R_UNKNOWN_PADDING_TYPE, "unknown padding type"},
{ PK11_R_PADDING_CHECK_FAILED, "padding check failed"},
{ PK11_R_DIGEST_TOO_BIG, "digest too big"},
{ PK11_R_MALLOC_FAILURE, "malloc failure"},
{ PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED, "ctl command not implemented"},
{ PK11_R_DATA_GREATER_THAN_MOD_LEN, "data is bigger than mod"},
{ PK11_R_DATA_TOO_LARGE_FOR_MODULUS, "data is too larger for mod"},
{ PK11_R_MISSING_KEY_COMPONENT, "a dsa component is missing"},
{ PK11_R_INVALID_SIGNATURE_LENGTH, "invalid signature length"},
{ PK11_R_INVALID_DSA_SIGNATURE_R, "missing r in dsa verify"},
{ PK11_R_INVALID_DSA_SIGNATURE_S, "missing s in dsa verify"},
{ PK11_R_INCONSISTENT_KEY, "inconsistent key type"},
{ PK11_R_ENCRYPTUPDATE, "C_EncryptUpdate failed"},
{ PK11_R_DECRYPTUPDATE, "C_DecryptUpdate failed"},
{ PK11_R_DIGESTINIT, "C_DigestInit failed"},
{ PK11_R_DIGESTUPDATE, "C_DigestUpdate failed"},
{ PK11_R_DIGESTFINAL, "C_DigestFinal failed"},
{ PK11_R_ENCRYPTFINAL, "C_EncryptFinal failed"},
{ PK11_R_DECRYPTFINAL, "C_DecryptFinal failed"},
{ PK11_R_NO_PRNG_SUPPORT, "Slot does not support PRNG"},
{ PK11_R_GETTOKENINFO, "C_GetTokenInfo failed"},
{ PK11_R_DERIVEKEY, "C_DeriveKey failed"},
{ PK11_R_GET_OPERATION_STATE, "C_GetOperationState failed"},
{ PK11_R_SET_OPERATION_STATE, "C_SetOperationState failed"},
{ PK11_R_INVALID_HANDLE, "invalid PKCS#11 object handle"},
{ PK11_R_KEY_OR_IV_LEN_PROBLEM, "IV or key length incorrect"},
{ PK11_R_INVALID_OPERATION_TYPE, "invalid operation type"},
{ PK11_R_ADD_NID_FAILED, "failed to add NID" },
{ PK11_R_ATFORK_FAILED, "atfork failed" },
{ PK11_R_TOKEN_LOGIN_FAILED, "C_Login failed on token" },
{ PK11_R_MORE_THAN_ONE_OBJECT_FOUND, "more than one object found" },
{ PK11_R_INVALID_PKCS11_URI, "pkcs11 URI provided is invalid" },
{ PK11_R_COULD_NOT_READ_PIN, "could not read PIN from terminal" },
{ PK11_R_PIN_NOT_READ_FROM_COMMAND, "PIN not read from external command" },
{ PK11_R_COULD_NOT_OPEN_COMMAND, "could not popen dialog command" },
{ PK11_R_PIPE_FAILED, "pipe failed" },
{ PK11_R_BAD_PASSPHRASE_SPEC, "bad passphrasedialog specification" },
{ PK11_R_TOKEN_NOT_INITIALIZED, "token not initialized" },
{ PK11_R_TOKEN_PIN_NOT_SET, "token PIN required but not set" },
{ PK11_R_TOKEN_PIN_NOT_PROVIDED, "token PIN required but not provided" },
{ PK11_R_MISSING_OBJECT_LABEL, "missing mandatory 'object' keyword" },
{ PK11_R_TOKEN_ATTRS_DO_NOT_MATCH, "token attrs provided do not match" },
{ PK11_R_PRIV_KEY_NOT_FOUND, "private key not found in keystore" },
{ PK11_R_NO_OBJECT_FOUND, "specified object not found" },
{ PK11_R_PIN_CACHING_POLICY_INVALID, "PIN set but caching policy invalid" },
{ PK11_R_SYSCONF_FAILED, "sysconf failed" },
{ PK11_R_MMAP_FAILED, "mmap failed" },
{ PK11_R_PRIV_PROC_LOCK_MEMORY_MISSING, "PROC_LOCK_MEMORY privilege missing" },
{ PK11_R_MLOCK_FAILED, "mlock failed" },
{ PK11_R_FORK_FAILED, "fork failed" },
{ 0, NULL}
};
#endif /* OPENSSL_NO_ERR */

static int pk11_lib_error_code = 0;
static int pk11_error_init = 1;

#ifdef PK11_ENGINE_LIB_NAME
static ERR_STRING_DATA pk11_engine_lib_name[] =
{
{0, PK11_ENGINE_LIB_NAME},
{0, NULL}
};
#endif

static void
ERR_load_pk11_strings(void)
{
if (pk11_lib_error_code == 0)
pk11_lib_error_code = ERR_get_next_error_library();

if (pk11_error_init)
{
pk11_error_init = 0;
#ifndef OPENSSL_NO_ERR
ERR_load_strings(pk11_lib_error_code, pk11_str_functs);
ERR_load_strings(pk11_lib_error_code, pk11_str_reasons);
#endif

#ifdef PK11_ENGINE_LIB_NAME
pk11_engine_lib_name->error =
ERR_PACK(pk11_lib_error_code, 0, 0);
ERR_load_strings(0, pk11_engine_lib_name);
#endif
}
}

static void
ERR_unload_pk11_strings(void)
{
if (pk11_error_init == 0)
{
#ifndef OPENSSL_NO_ERR
ERR_unload_strings(pk11_lib_error_code, pk11_str_functs);
ERR_unload_strings(pk11_lib_error_code, pk11_str_reasons);
#endif

#ifdef PK11_ENGINE_LIB_NAME
ERR_unload_strings(0, pk11_engine_lib_name);
#endif

pk11_error_init = 1;
}
}

void
ERR_pk11_error(int function, int reason, char *file, int line)
{
if (pk11_lib_error_code == 0)
pk11_lib_error_code = ERR_get_next_error_library();
ERR_PUT_error(pk11_lib_error_code, function, reason, file, line);
}

void
PK11err_add_data(int function, int reason, CK_RV rv)
{
char tmp_buf[20];

PK11err(function, reason);
(void) snprintf(tmp_buf, sizeof (tmp_buf), "%lx", rv);
ERR_add_error_data(2, "PK11 CK_RV=0X", tmp_buf);
}
236 openssl1x/engine_pkcs11/hw_pk11_err.h
View file
@@ -0,0 +1,236 @@
/*
* Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
*
*/

/*
* This product includes software developed by the OpenSSL Project for
* use in the OpenSSL Toolkit (http://www.openssl.org/).
*
* This project also referenced hw_pkcs11-0.9.7b.patch written by
* Afchine Madjlessi.
*/
/*
* ====================================================================
* Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/

#ifndef HW_PK11_ERR_H
#define HW_PK11_ERR_H

void ERR_pk11_error(int function, int reason, char *file, int line);
void PK11err_add_data(int function, int reason, CK_RV rv);
#define PK11err(f, r) ERR_pk11_error((f), (r), __FILE__, __LINE__)

/* Error codes for the PK11 functions. */

/* Function codes. */

#define PK11_F_INIT 100
#define PK11_F_FINISH 101
#define PK11_F_DESTROY 102
#define PK11_F_CTRL 103
#define PK11_F_RSA_INIT 104
#define PK11_F_RSA_FINISH 105
#define PK11_F_GET_PUB_RSA_KEY 106
#define PK11_F_GET_PRIV_RSA_KEY 107
#define PK11_F_RSA_GEN_KEY 108
#define PK11_F_RSA_PUB_ENC 109
#define PK11_F_RSA_PRIV_ENC 110
#define PK11_F_RSA_PUB_DEC 111
#define PK11_F_RSA_PRIV_DEC 112
#define PK11_F_RSA_SIGN 113
#define PK11_F_RSA_VERIFY 114
#define PK11_F_RAND_ADD 115
#define PK11_F_RAND_BYTES 116
#define PK11_F_GET_SESSION 117
#define PK11_F_FREE_SESSION 118
#define PK11_F_LOAD_PUBKEY 119
#define PK11_F_LOAD_PRIVKEY 120
#define PK11_F_RSA_PUB_ENC_LOW 121
#define PK11_F_RSA_PRIV_ENC_LOW 122
#define PK11_F_RSA_PUB_DEC_LOW 123
#define PK11_F_RSA_PRIV_DEC_LOW 124
#define PK11_F_DSA_SIGN 125
#define PK11_F_DSA_VERIFY 126
#define PK11_F_DSA_INIT 127
#define PK11_F_DSA_FINISH 128
#define PK11_F_GET_PUB_DSA_KEY 129
#define PK11_F_GET_PRIV_DSA_KEY 130
#define PK11_F_DH_INIT 131
#define PK11_F_DH_FINISH 132
#define PK11_F_MOD_EXP_DH 133
#define PK11_F_GET_DH_KEY 134
#define PK11_F_FREE_ALL_SESSIONS 135
#define PK11_F_SETUP_SESSION 136
#define PK11_F_DESTROY_OBJECT 137
#define PK11_F_CIPHER_INIT 138
#define PK11_F_CIPHER_DO_CIPHER 139
#define PK11_F_GET_CIPHER_KEY 140
#define PK11_F_DIGEST_INIT 141
#define PK11_F_DIGEST_UPDATE 142
#define PK11_F_DIGEST_FINAL 143
#define PK11_F_CHOOSE_SLOT 144
#define PK11_F_CIPHER_FINAL 145
#define PK11_F_LIBRARY_INIT 146
#define PK11_F_LOAD 147
#define PK11_F_DH_GEN_KEY 148
#define PK11_F_DH_COMP_KEY 149
#define PK11_F_DIGEST_COPY 150
#define PK11_F_CIPHER_CLEANUP 151
#define PK11_F_ACTIVE_ADD 152
#define PK11_F_ACTIVE_DELETE 153
#define PK11_F_CHECK_HW_MECHANISMS 154
#define PK11_F_INIT_SYMMETRIC 155
#define PK11_F_ADD_AES_CTR_NIDS 156
#define PK11_F_INIT_ALL_LOCKS 157
#define PK11_F_RETURN_SESSION 158
#define PK11_F_GET_PIN 159
#define PK11_F_FIND_ONE_OBJECT 160
#define PK11_F_CHECK_TOKEN_ATTRS 161
#define PK11_F_CACHE_PIN 162
#define PK11_F_MLOCK_PIN_IN_MEMORY 163
#define PK11_F_TOKEN_LOGIN 164
#define PK11_F_TOKEN_RELOGIN 165
#define PK11_F_RUN_ASKPASS 166

/* Reason codes. */
#define PK11_R_ALREADY_LOADED 100
#define PK11_R_DSO_FAILURE 101
#define PK11_R_NOT_LOADED 102
#define PK11_R_PASSED_NULL_PARAMETER 103
#define PK11_R_COMMAND_NOT_IMPLEMENTED 104
#define PK11_R_INITIALIZE 105
#define PK11_R_FINALIZE 106
#define PK11_R_GETINFO 107
#define PK11_R_GETSLOTLIST 108
#define PK11_R_NO_MODULUS_OR_NO_EXPONENT 109
#define PK11_R_ATTRIBUT_SENSITIVE_OR_INVALID 110
#define PK11_R_GETATTRIBUTVALUE 111
#define PK11_R_NO_MODULUS 112
#define PK11_R_NO_EXPONENT 113
#define PK11_R_FINDOBJECTSINIT 114
#define PK11_R_FINDOBJECTS 115
#define PK11_R_FINDOBJECTSFINAL 116
#define PK11_R_CREATEOBJECT 118
#define PK11_R_DESTROYOBJECT 119
#define PK11_R_OPENSESSION 120
#define PK11_R_CLOSESESSION 121
#define PK11_R_ENCRYPTINIT 122
#define PK11_R_ENCRYPT 123
#define PK11_R_SIGNINIT 124
#define PK11_R_SIGN 125
#define PK11_R_DECRYPTINIT 126
#define PK11_R_DECRYPT 127
#define PK11_R_VERIFYINIT 128
#define PK11_R_VERIFY 129
#define PK11_R_VERIFYRECOVERINIT 130
#define PK11_R_VERIFYRECOVER 131
#define PK11_R_GEN_KEY 132
#define PK11_R_SEEDRANDOM 133
#define PK11_R_GENERATERANDOM 134
#define PK11_R_INVALID_MESSAGE_LENGTH 135
#define PK11_R_UNKNOWN_ALGORITHM_TYPE 136
#define PK11_R_UNKNOWN_ASN1_OBJECT_ID 137
#define PK11_R_UNKNOWN_PADDING_TYPE 138
#define PK11_R_PADDING_CHECK_FAILED 139
#define PK11_R_DIGEST_TOO_BIG 140
#define PK11_R_MALLOC_FAILURE 141
#define PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED 142
#define PK11_R_DATA_GREATER_THAN_MOD_LEN 143
#define PK11_R_DATA_TOO_LARGE_FOR_MODULUS 144
#define PK11_R_MISSING_KEY_COMPONENT 145
#define PK11_R_INVALID_SIGNATURE_LENGTH 146
#define PK11_R_INVALID_DSA_SIGNATURE_R 147
#define PK11_R_INVALID_DSA_SIGNATURE_S 148
#define PK11_R_INCONSISTENT_KEY 149
#define PK11_R_ENCRYPTUPDATE 150
#define PK11_R_DECRYPTUPDATE 151
#define PK11_R_DIGESTINIT 152
#define PK11_R_DIGESTUPDATE 153
#define PK11_R_DIGESTFINAL 154
#define PK11_R_ENCRYPTFINAL 155
#define PK11_R_DECRYPTFINAL 156
#define PK11_R_NO_PRNG_SUPPORT 157
#define PK11_R_GETTOKENINFO 158
#define PK11_R_DERIVEKEY 159
#define PK11_R_GET_OPERATION_STATE 160
#define PK11_R_SET_OPERATION_STATE 161
#define PK11_R_INVALID_HANDLE 162
#define PK11_R_KEY_OR_IV_LEN_PROBLEM 163
#define PK11_R_INVALID_OPERATION_TYPE 164
#define PK11_R_ADD_NID_FAILED 165
#define PK11_R_ATFORK_FAILED 166
#define PK11_R_TOKEN_LOGIN_FAILED 167
#define PK11_R_MORE_THAN_ONE_OBJECT_FOUND 168
#define PK11_R_INVALID_PKCS11_URI 169
#define PK11_R_COULD_NOT_READ_PIN 170
#define PK11_R_COULD_NOT_OPEN_COMMAND 171
#define PK11_R_PIPE_FAILED 172
#define PK11_R_PIN_NOT_READ_FROM_COMMAND 173
#define PK11_R_BAD_PASSPHRASE_SPEC 174
#define PK11_R_TOKEN_NOT_INITIALIZED 175
#define PK11_R_TOKEN_PIN_NOT_SET 176
#define PK11_R_TOKEN_PIN_NOT_PROVIDED 177
#define PK11_R_MISSING_OBJECT_LABEL 178
#define PK11_R_TOKEN_ATTRS_DO_NOT_MATCH 179
#define PK11_R_PRIV_KEY_NOT_FOUND 180
#define PK11_R_NO_OBJECT_FOUND 181
#define PK11_R_PIN_CACHING_POLICY_INVALID 182
#define PK11_R_SYSCONF_FAILED 183
#define PK11_R_MMAP_FAILED 183
#define PK11_R_PRIV_PROC_LOCK_MEMORY_MISSING 184
#define PK11_R_MLOCK_FAILED 185
#define PK11_R_FORK_FAILED 186

#endif /* HW_PK11_ERR_H */
3,240 openssl1x/engine_pkcs11/hw_pk11_pub.c
View file

Large diffs are not rendered by default.

871 openssl1x/engine_pkcs11/hw_pk11_uri.c
View file

Large diffs are not rendered by default.

107 openssl1x/engine_pkcs11/hw_pk11_uri.h
View file
@@ -0,0 +1,107 @@
/*
* Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
*
*/

/*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*/

#ifndef HW_PK11_URI_H
#define HW_PK11_URI_H

#include <security/pkcs11t.h>

/* PKCS#11 URI related prefixes and attributes. */
#define PK11_URI_PREFIX "pkcs11:"
#define FILE_URI_PREFIX "file://"
#define PK11_TOKEN "token"
#define PK11_MANUF "manuf"
#define PK11_SERIAL "serial"
#define PK11_MODEL "model"
#define PK11_OBJECT "object"
#define PK11_OBJECTTYPE "objecttype"
#define PK11_ASKPASS "passphrasedialog"

/* PIN caching policy. */
#define POLICY_NOT_INITIALIZED 0
#define POLICY_NONE 1
#define POLICY_MEMORY 2
#define POLICY_MLOCKED_MEMORY 3
#define POLICY_WRONG_VALUE 4

/*
* That's what getpassphrase(3c) supports.
*/
#define PK11_MAX_PIN_LEN 256

/* Add new attributes of the PKCS#11 URI here. */
typedef struct pkcs11_uri_struct {
char *object; /* object label, the only mandatory info */
char *objecttype; /* (private|public|cert), currently unused */
char *token; /* token label */
char *manuf; /* manufacturer label */
char *serial; /* serial number label */
char *model; /* model label */
char *askpass; /* full path to the command to get the PIN */
/* Not part of the PKCS11 URI itself. */
char *pin; /* token PIN */
} pkcs11_uri;

/* For URI processing. */
extern pthread_mutex_t *uri_lock;

int pk11_get_pin(char *dialog, char **pin);
int pk11_get_pin_caching_policy(void);
int pk11_process_pkcs11_uri(const char *uristr, pkcs11_uri *uri_struct,
const char **file);
int pk11_check_token_attrs(pkcs11_uri *uri_struct);
void pk11_free_pkcs11_uri(pkcs11_uri *uri_struct, CK_BBOOL free_uri_itself);
int pk11_cache_pin(char *pin);
int pk11_token_login(CK_SESSION_HANDLE session, CK_BBOOL *login_done,
pkcs11_uri *uri_struct, CK_BBOOL is_private);
int pk11_token_relogin(CK_SESSION_HANDLE session);

#endif /* HW_PK11_URI_H */
83 openssl1x/install-sfw
View file
@@ -0,0 +1,83 @@
#!/usr/bin/ksh93
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#

#
# Copyright 2010 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# Copyright (c) 2010 Joyent Inc.
#

set -o errexit

LIBDIR=${DESTDIR}/lib
BINDIR=${DESTDIR}/usr/bin
USRLIBDIR=${DESTDIR}/usr/lib
INCDIR=${DESTDIR}/usr/include

mkdir -p $LIBDIR
mkdir -p $BINDIR
mkdir -p $USRLIBDIR
mkdir -p $INCDIR

if [[ -z "$VERDIR" || -z "$LIBVER" ]]; then
echo "VERDIR and/or LIBVER not set; fix your bugs."
exit 1
fi

source ../install.subr

cd $VERDIR

# Install libraries
_install D libcrypto.so.${LIBVER} ${LIBDIR}/libcrypto.so.${LIBVER} 0755
_install L libcrypto.so.${LIBVER} ${LIBDIR}/libcrypto.so
_install D libssl.so.${LIBVER} ${LIBDIR}/libssl.so.${LIBVER} 0755
_install L libssl.so.${LIBVER} ${LIBDIR}/libssl.so
_install L ../../lib/libcrypto.so.${LIBVER} ${USRLIBDIR}/libcrypto.so.${LIBVER}
_install L ../../lib/libcrypto.so ${USRLIBDIR}/libcrypto.so
_install L ../../lib/libssl.so.${LIBVER} ${USRLIBDIR}/libssl.so.${LIBVER}
_install L ../../lib/libssl.so ${USRLIBDIR}/libssl.so

# Install commands
_install P apps/CA.pl ${BINDIR}/CA.pl 0555
_install E apps/openssl ${BINDIR}/openssl 0555
mkdir -p ${DESTDIR}/usr/sfw/bin
_install L ../../bin/openssl ${DESTDIR}/usr/sfw/bin/openssl

# Install etc
mkdir -p ${DESTDIR}/etc/openssl
mkdir -p ${DESTDIR}/etc/openssl/certs
mkdir -p ${DESTDIR}/etc/openssl/private
mkdir -p ${DESTDIR}/etc/sfw
chmod 0700 ${DESTDIR}/etc/openssl/private
_install N apps/openssl.cnf ${DESTDIR}/etc/openssl/openssl.cnf 0644
_install L ../openssl ${DESTDIR}/etc/sfw/openssl

# Install header files
mkdir -p ${INCDIR}/openssl
cd include/openssl
for header in !(ec*|fips*|idea*); do
_install N ${header} ${INCDIR}/openssl/${header} 0444
done

exit 0
66 openssl1x/install-sfw-64
View file
@@ -0,0 +1,66 @@
#!/usr/bin/ksh93
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#

#
# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# Copyright (c) 2010 Joyent Inc.
#

set -o errexit

LIBDIR=${DESTDIR}/lib/amd64 # MACH64 passed in by makefile
BINDIR=${DESTDIR}/usr/bin/amd64
USRLIBDIR=${DESTDIR}/usr/lib/amd64
SFWBINDIR=${DESTDIR}/usr/sfw/bin/amd64

mkdir -p $LIBDIR
mkdir -p $BINDIR
mkdir -p $USRLIBDIR
mkdir -p $SFWBINDIR

if [[ -z "$VERDIR" || -z "$LIBVER" ]]; then
echo "VERDIR and/or LIBVER not set; fix your bugs."
exit 1
fi

source ../install.subr

cd ${VERDIR}

# Install commands
_install E apps/openssl ${BINDIR}/openssl 0555
_install L ../../../bin/amd64/openssl ${SFWBINDIR}/openssl

# Install libraries
_install D libcrypto.so.${LIBVER} ${LIBDIR}/libcrypto.so.${LIBVER} 0755
_install L libcrypto.so.${LIBVER} ${LIBDIR}/libcrypto.so
_install D libssl.so.${LIBVER} ${LIBDIR}/libssl.so.${LIBVER} 0755
_install L libssl.so.${LIBVER} ${LIBDIR}/libssl.so
_install L amd64 ${DESTDIR}/lib/64
_install L ../../../lib/amd64/libcrypto.so.${LIBVER} ${USRLIBDIR}/libcrypto.so.${LIBVER}
_install L ../../../lib/amd64/libcrypto.so ${USRLIBDIR}/libcrypto.so
_install L ../../../lib/amd64/libssl.so.${LIBVER} ${USRLIBDIR}/libssl.so.${LIBVER}
_install L ../../../lib/amd64/libssl.so ${USRLIBDIR}/libssl.so

exit 0
BIN +4.25 MB openssl1x/openssl-1.0.1c.tar.gz
View file
Binary file not shown.
4,279 openssl1x/sunw_prefix.h
View file

Large diffs are not rendered by default.

5 openssl1x/tools/gensyms.awk
View file
@@ -0,0 +1,5 @@
($2 == "A" || $2 == "T" || $2 == "C" || $2 == "N" || $2 == "D") && \
$3 != "_etext" && $3 != "_edata" && $3 != "_DYNAMIC" && $3 != "_init" && \
$3 != "_fini" && $3 != "_lib_version" && $3 != "_GLOBAL_OFFSET_TABLE_" && \
$3 != "_PROCEDURE_LINKAGE_TABLE_" \
{ print $3 }
80 openssl1x/tools/gensyms.bash
View file
@@ -0,0 +1,80 @@
#! /bin/bash

TOOLS_BASE="$(dirname $0)"
HEADER="sunw_prefix.h"
MF_CRYPTO="mapfile-vers.crypto"
MF_SSL="mapfile-vers.ssl"

hdr_header()
{
hdr=$1

cat > "$hdr" <<EOF
#ifndef _SUNW_PREFIX_H
#define _SUNW_PREFIX_H
EOF
}

mapfile_header()
{
mapfile=$1

cat > "$mapfile" <<EOF
\$mapfile_version 2
SYMBOL_VERSION SUNWprivate_1.1 {
global:
EOF
}

hdr_footer()
{
hdr=$1

cat >> "$hdr" <<EOF
#endif /* _SUNW_PREFIX_H */
EOF
}

mapfile_footer()
{
mapfile=$1

cat >> "$mapfile" <<EOF
local:
*;
};
EOF
}

extract_syms()
{
lib=$1
lib64=$2
hdr=$3
mapfile=$4

/usr/bin/nm -pgh "$lib" "$lib64" | \
awk -f "$TOOLS_BASE/gensyms.awk" | \
sort | uniq | while read sym; do \
printf "#pragma redefine_extname\t$sym sunw_$sym\n" >> "$hdr"
printf "\tsunw_$sym;\n" >> "$mapfile"
done
}

root=$1

hdr_header "$HEADER"
mapfile_header "$MF_CRYPTO"
mapfile_header "$MF_SSL"

extract_syms $root/lib/libcrypto.so.1.0.0 $root/lib/64/libcrypto.so.1.0.0 \
"$HEADER" "$MF_CRYPTO"
extract_syms $root/lib/libssl.so.1.0.0 $root/lib/64/libssl.so.1.0.0 \
"$HEADER" "$MF_SSL"

hdr_footer "$HEADER"
mapfile_footer "$MF_CRYPTO"
mapfile_footer "$MF_SSL"