Update to PKCS#11 engine patch for 0.9.7m and 0.9.8e OpenSSL versions
By janp on May 19, 2007
I have updated the PKCS#11 engine patch for the latest OpenSSL 0.9.7m version, and what's more important, I finally made a patch for 0.9.8 branch. Both patches incorporate two important fixes for the engine that were fixed recently:
- 6540060 race in pkcs#11 engine in multithreaded environment
- 6554248 OpenSSL pkcs#11 engine doesn't strip leading zeros from a computed Diffie-Hellman shared secret
Again, I tested on my laptop (i386, snv_62 that time) and on amd64 Gentoo identifing itself as Gentoo Base System version 1.12.6. It should work probably anywhere where working PKCS#11 backend is installed. If you successfully test it on other systems I'd be very glad to hear from you. Both patches make the engine static, I haven't had time to change it to a dynamic one yet. We must do some more work yet in OpenSolaris about this so that we don't ship crypto-with-a-hole.
I will ask OpenSSL team to put these patches into the project contrib section but in the meantime you can find them here - pkcs11_engine-0.9.7m.patch.2007-05-19 (README as part of the patch) and pkcs11_engine-0.9.8e.patch.2007-05-19 (README).
Please let me know about any problems with those patches.