PKCS#11 engine patch for OpenSSL 0.9.8k

I didn't generate the patch for OpenSSL 0.9.8k. Given the few changes between 0.9.8j and 0.9.8k it is no suprise that you can apply the PKCS#11 engine patch for 0.9.8j on 0.9.8k:

$ cd openssl-0.9.8k
$ gpatch -p1 < ../pkcs11_engine-0.9.8j.patch.2009-03-11 
patching file Configure
Hunk #3 succeeded at 583 (offset 5 lines).
Hunk #4 succeeded at 818 (offset 5 lines).
Hunk #5 succeeded at 953 (offset 5 lines).
Hunk #6 succeeded at 1120 (offset 8 lines).
Hunk #7 succeeded at 1475 (offset 10 lines).
patching file Makefile
patching file Makefile.org
patching file crypto/opensslconf.h
patching file crypto/engine/Makefile
patching file crypto/engine/cryptoki.h
patching file crypto/engine/eng_all.c
patching file crypto/engine/engine.h
patching file crypto/engine/hw_pk11.c
patching file crypto/engine/hw_pk11_err.c
patching file crypto/engine/hw_pk11_err.h
patching file crypto/engine/hw_pk11_pub.c
patching file crypto/engine/pkcs11.h
patching file crypto/engine/pkcs11f.h
patching file crypto/engine/pkcs11t.h

I guess that if you use the patch you already figured that out. And given the fact that we didn't do any changes in the PKCS#11 engine itself in OpenSolaris in that short 0.9.8j-k timeframe I will not regenerate the patch. I would probably just rename it anyway :-)

Comments:

Hello Jan,
I've attempted to apply this patch on a RHEL5 box with OpenCryptoki 2.2.7 library. I am patching OpenSSL 0.9.8k.

> ./config --pk11-libname=/usr/local/lib/pkcs11/PKCS11_API.so --openssldir=/usr/local/ssl

> make
...
...
make[2]: Entering directory `/tmp/openssl-0.9.8k/apps'
( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}"; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DPK11_LIB_LOCATION=\\"/usr/local/lib/pkcs11/PKCS11_API.so\\" -march=pentium -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM}"; LIBPATH=`for x in $LIBDEPS; do if echo $x | grep '\^ \*-L' > /dev/null 2>&1; then echo $x | sed -e 's/\^ \*-L//'; fi; done | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=openssl} openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o ocsp.o prime.o cms.o ${LIBDEPS} )
../libcrypto.a(hw_pk11.o): In function `pk11_library_init':
hw_pk11.c:(.text+0x1d9d): undefined reference to `pthread_atfork'
collect2: ld returned 1 exit status
make[2]: \*\*\* [link_app.] Error 1
make[2]: Leaving directory `/tmp/openssl-0.9.8k/apps'
make[1]: \*\*\* [openssl] Error 2
make[1]: Leaving directory `/tmp/openssl-0.9.8k/apps'
make: \*\*\* [build_apps] Error 1

Any ideas what may be causing this problem?

Thanks,
Greg Rabil

Posted by Greg Rabil on July 16, 2009 at 02:31 PM CEST #

hi Greg, please read README.pkcs11 shipped with the patch, it's documented there. J.

Posted by Jan on July 16, 2009 at 04:23 PM CEST #

Jan, have you considered the possibility of donating this Engine to the OpenSSL project? Is there anything that would hold back such a donation?

Posted by Sander Temme on July 16, 2009 at 11:32 PM CEST #

Jan,
I had of course, read the README.pkcs11 file, I just didn't read down far enough to see the FAQs! Many thanks... works fine after patching Configure as indicated there.

Greg

Posted by Greg Rabil on July 17, 2009 at 08:58 AM CEST #

to Sander: it was a plan when the engine was written many years ago. It hasn't happen so far, I think mostly due to lack of resources on both sides, and the situation may change soon so I'm not sure this will ever happen.

Posted by Jan on July 17, 2009 at 12:41 PM CEST #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Jan Pechanec

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today