aboutsummaryrefslogtreecommitdiff
path: root/security/opencryptoki
diff options
context:
space:
mode:
authorNorikatsu Shigemura <nork@FreeBSD.org>2010-11-07 12:07:17 +0000
committerNorikatsu Shigemura <nork@FreeBSD.org>2010-11-07 12:07:17 +0000
commitc38e52a3c0b061b44ebb589d362563613f2edab8 (patch)
treee366bdd7e41998dca16600f03e415d6457bdbd42 /security/opencryptoki
parent7612f38ced29eb14aa8c63480da1733c56d714aa (diff)
downloadports-c38e52a3c0b061b44ebb589d362563613f2edab8.tar.gz
ports-c38e52a3c0b061b44ebb589d362563613f2edab8.zip
Notes
Diffstat (limited to 'security/opencryptoki')
-rw-r--r--security/opencryptoki/Makefile67
-rw-r--r--security/opencryptoki/distinfo2
-rw-r--r--security/opencryptoki/files/patch-configure.in59
-rw-r--r--security/opencryptoki/files/patch-usr-include-pkcs11-apictl.h11
-rw-r--r--security/opencryptoki/files/patch-usr-include-pkcs11-slotmgr.h11
-rw-r--r--security/opencryptoki/files/patch-usr-include-pkcs11-stdll.h11
-rw-r--r--security/opencryptoki/files/patch-usr-lib-pkcs11-aep_stdll-Makefile.am11
-rw-r--r--security/opencryptoki/files/patch-usr-lib-pkcs11-api-Makefile.am18
-rw-r--r--security/opencryptoki/files/patch-usr-lib-pkcs11-api-api_interface.c35
-rw-r--r--security/opencryptoki/files/patch-usr-lib-pkcs11-api-apiutil.c44
-rw-r--r--security/opencryptoki/files/patch-usr-lib-pkcs11-api-shrd_mem.c.in11
-rw-r--r--security/opencryptoki/files/patch-usr-lib-pkcs11-bcom_stdll-Makefile.am11
-rw-r--r--security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-host_defs.h27
-rw-r--r--security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-loadsave.c23
-rw-r--r--security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-new_host.c52
-rw-r--r--security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-tok_spec_struct.h15
-rw-r--r--security/opencryptoki/files/patch-usr-lib-pkcs11-common-host_defs.h27
-rw-r--r--security/opencryptoki/files/patch-usr-lib-pkcs11-common-loadsave.c23
-rw-r--r--security/opencryptoki/files/patch-usr-lib-pkcs11-common-new_host.c52
-rw-r--r--security/opencryptoki/files/patch-usr-lib-pkcs11-common-tok_spec_struct.h15
-rw-r--r--security/opencryptoki/files/patch-usr-lib-pkcs11-common-utility.c29
-rw-r--r--security/opencryptoki/files/patch-usr-lib-pkcs11-cr_stdll-Makefile.am18
-rw-r--r--security/opencryptoki/files/patch-usr-lib-pkcs11-ica_s390_stdll-Makefile.am16
-rw-r--r--security/opencryptoki/files/patch-usr-lib-pkcs11-ica_stdll-Makefile.am21
-rw-r--r--security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-Makefile.am11
-rw-r--r--security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-host_defs.h28
-rw-r--r--security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-loadsave.c11
-rw-r--r--security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-new_host.c11
-rw-r--r--security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-tok_spec_struct.h15
-rw-r--r--security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-utility.c30
-rw-r--r--security/opencryptoki/files/patch-usr-sbin-pkcs11_startup-Makefile.am11
-rw-r--r--security/opencryptoki/files/patch-usr-sbin-pkcs11_startup-pkcs11_startup.in41
-rw-r--r--security/opencryptoki/files/patch-usr-sbin-pkcs_slot-pkcs_slot.in142
-rw-r--r--security/opencryptoki/files/patch-usr-sbin-pkcsconf-Makefile.am10
-rw-r--r--security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c11
-rw-r--r--security/opencryptoki/files/patch-usr-sbin-pkcsslotd-err.c107
-rw-r--r--security/opencryptoki/files/patch-usr-sbin-pkcsslotd-mutex.c37
-rw-r--r--security/opencryptoki/files/patch-usr-sbin-pkcsslotd-pkcsslotd.h11
-rw-r--r--security/opencryptoki/files/patch-usr-sbin-pkcsslotd-shmem.c35
-rw-r--r--security/opencryptoki/files/pkcsslotd.in33
-rw-r--r--security/opencryptoki/files/pkg-message.in7
-rw-r--r--security/opencryptoki/pkg-descr1
-rw-r--r--security/opencryptoki/pkg-plist34
43 files changed, 1195 insertions, 0 deletions
diff --git a/security/opencryptoki/Makefile b/security/opencryptoki/Makefile
new file mode 100644
index 000000000000..09aae6141161
--- /dev/null
+++ b/security/opencryptoki/Makefile
@@ -0,0 +1,67 @@
+# New ports collection makefile for: opencryptoki
+# Date created: 2010-07-16
+# Whom: Ralf Meister
+#
+# $FreeBSD$
+#
+
+PORTNAME= opencryptoki
+PORTVERSION= 2.3.2
+CATEGORIES= security
+MASTER_SITES= SF/${PORTNAME}/${PORTNAME}/${PORTVERSION}
+
+MAINTAINER= nork@FreeBSD.org
+COMMENT= An open PKCS\#11 implementation library
+
+LIB_DEPENDS= tspi.2:${PORTSDIR}/security/trousers
+
+USE_BZIP2= YES
+USE_GMAKE= YES
+USE_LDCONFIG= YES
+USE_AUTOTOOLS= autoconf:268 libtool:22 automake:111
+HAS_CONFIGURE= YES
+MAKE_JOBS_SAFE= YES
+
+USE_RC_SUBR= pkcsslotd
+SUB_FILES= pkg-message
+SUB_LIST= USERS=${USERS} GROUPS=${GROUPS}
+
+MAN1= pkcs11_startup.1 pkcsconf.1
+MAN5= pk_config_data.5
+MAN7= opencryptoki.7
+MAN8= pkcsslotd.8
+
+USERS= _pkcs11
+GROUPS= _pkcs11
+
+LICENSE= CPL
+LICENSE_NAME= Common Public License
+LICENSE_FILE= ${WRKSRC}/LICENSE
+LICENSE_PERMS= ${_LICENSE_PERMS_DEFAULT}
+
+CONFIGURE_ARGS= --enable-swtok --enable-tpmtok \
+ --disable-crtok --disable-aeptok \
+ --disable-ccatok --disable-bcomtok \
+ --disable-pkcscca_migrate \
+ --libdir=${PREFIX}/lib \
+ --sbindir=${PREFIX}/sbin \
+ --localstatedir=${PREFIX}/var \
+ --with-pkcs11user=${USERS} \
+ --with-pkcs11group=${GROUPS}
+CONFIGURE_ENV= LDFLAGS="${LDFLAGS} -L${LOCALBASE}/lib"
+
+.include <bsd.port.pre.mk>
+
+CFLAGS+= -I${LOCALBASE}/include
+
+pre-configure:
+ @cd ${WRKSRC} && ${SETENV} ${CONFIGURE_ENV} ${ACLOCAL}
+ @cd ${WRKSRC} && ${SETENV} ${CONFIGURE_ENV} ${LIBTOOLIZE} --force -c
+ @cd ${WRKSRC} && ${SETENV} ${CONFIGURE_ENV} ${AUTOMAKE} --add-missing -c
+ @cd ${WRKSRC} && ${SETENV} ${CONFIGURE_ENV} ${AUTOCONF}
+
+post-install:
+ @cd ${PREFIX}/lib && ${LN} -s opencryptoki/libopencryptoki* .
+ @${CAT} ${PKGMESSAGE}
+
+.include <bsd.port.post.mk>
diff --git a/security/opencryptoki/distinfo b/security/opencryptoki/distinfo
new file mode 100644
index 000000000000..7abfdc949951
--- /dev/null
+++ b/security/opencryptoki/distinfo
@@ -0,0 +1,2 @@
+SHA256 (opencryptoki-2.3.2.tar.bz2) = 44fdf74a9eab2586240a69779c5c323e8378e8f2fde21cd4f8bd9186a24c30f7
+SIZE (opencryptoki-2.3.2.tar.bz2) = 665134
diff --git a/security/opencryptoki/files/patch-configure.in b/security/opencryptoki/files/patch-configure.in
new file mode 100644
index 000000000000..df7e9e90737d
--- /dev/null
+++ b/security/opencryptoki/files/patch-configure.in
@@ -0,0 +1,59 @@
+--- configure.in.orig 2010-07-29 21:28:41.000000000 +0900
++++ configure.in 2010-10-20 01:31:02.971984782 +0900
+@@ -8,6 +8,9 @@
+
+ AM_INIT_AUTOMAKE([foreign 1.6])
+
++AC_DEFINE(_BSD_SOURCE, 1, BSD functions)
++AC_DEFINE(__BSD_VISIBLE, 1, BSD extensions)
++
+ dnl Get the canonical host type
+ AC_CANONICAL_TARGET
+
+@@ -30,6 +33,7 @@
+ AC_FUNC_STRFTIME
+ AC_FUNC_VPRINTF
+ AC_CHECK_FUNCS([getcwd])
++AC_CHECK_FUNCS([asprintf])
+
+ dnl Used in various scripts
+ AC_PATH_PROG([ID], [id], [/us/bin/id])
+@@ -193,6 +197,21 @@
+ [],
+ [with_xcryptolinz=check])
+
++dnl --- check for pkcs11 user
++AC_ARG_WITH([pkcs11user],
++ AC_HELP_STRING([--with-pkcs11user[[=USER]]], [set pkcs11 user [[pkcs11]]]),
++ [pkcs11_user=$withval],
++ [pkcs11_user=pkcs11])
++
++dnl --- check for pkcs11 group
++AC_ARG_WITH(pkcs11group,
++ AC_HELP_STRING([--with-pkcs11group[[=GROUP]]], [set pkcs11 group [[pkcs11]]]),
++ [pkcs11_group=$withval],
++ [pkcs11_group=pkcs11])
++
++AC_SUBST(PKCS11USER, $pkcs11_user)
++AC_SUBST(PKCS11GROUP, $pkcs11_group)
++
+ dnl ---
+ dnl ---
+ dnl --- Now that we have all the options, let's check for a valid build
+@@ -630,11 +649,15 @@
+
+ CFLAGS="$CFLAGS $DEBUG_CFLAGS -DPKCS64 -D_XOPEN_SOURCE=500"
+
+-CFLAGS+=' -DCONFIG_PATH=\"$(localstatedir)/lib/opencryptoki\" -DSBIN_PATH=\"$(sbindir)\" -DLIB_PATH=\"$(libdir)\"'
++CFLAGS="$CFLAGS -DCONFIG_PATH='\"$localstatedir/lib/opencryptoki\"' -DSBIN_PATH='\"$sbindir\"' -DLIB_PATH='\"$libdir\"'"
++
++CFLAGS="$CFLAGS -DPKCS11USER='\"${pkcs11_user}\"' -DPKCS11GROUP='\"${pkcs11_group}\"'"
+
+ # At this point, CFLAGS is set to something sensible
+ AC_PROG_CC
+
++AC_SUBST(FPIC, $lt_prog_compiler_pic)
++
+ AC_OUTPUT([Makefile usr/Makefile \
+ usr/include/Makefile \
+ usr/include/pkcs11/Makefile \
diff --git a/security/opencryptoki/files/patch-usr-include-pkcs11-apictl.h b/security/opencryptoki/files/patch-usr-include-pkcs11-apictl.h
new file mode 100644
index 000000000000..192c312b5063
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-include-pkcs11-apictl.h
@@ -0,0 +1,11 @@
+--- usr/include/pkcs11/apictl.h.orig 2010-07-29 21:28:41.000000000 +0900
++++ usr/include/pkcs11/apictl.h 2010-10-19 23:42:04.580983829 +0900
+@@ -296,7 +296,7 @@
+
+
+ #include <pkcs11types.h>
+-#include <linux/limits.h>
++#include <limits.h>
+ #include <local_types.h>
+ #include <stdll.h>
+ #include <slotmgr.h>
diff --git a/security/opencryptoki/files/patch-usr-include-pkcs11-slotmgr.h b/security/opencryptoki/files/patch-usr-include-pkcs11-slotmgr.h
new file mode 100644
index 000000000000..ce9be4e17b33
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-include-pkcs11-slotmgr.h
@@ -0,0 +1,11 @@
+--- usr/include/pkcs11/slotmgr.h.orig 2010-07-29 21:28:41.000000000 +0900
++++ usr/include/pkcs11/slotmgr.h 2010-10-19 23:42:55.423984058 +0900
+@@ -301,7 +301,7 @@
+
+
+ #include <pkcs11types.h>
+-#include <linux/limits.h>
++#include <limits.h>
+ #include <local_types.h>
+ #include <pthread.h>
+
diff --git a/security/opencryptoki/files/patch-usr-include-pkcs11-stdll.h b/security/opencryptoki/files/patch-usr-include-pkcs11-stdll.h
new file mode 100644
index 000000000000..8ee112945d9e
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-include-pkcs11-stdll.h
@@ -0,0 +1,11 @@
+--- usr/include/pkcs11/stdll.h.orig 2010-07-29 21:28:41.000000000 +0900
++++ usr/include/pkcs11/stdll.h 2010-10-19 23:43:40.418984281 +0900
+@@ -302,7 +302,7 @@
+
+
+ #include <pkcs11types.h>
+-#include <linux/limits.h>
++#include <limits.h>
+ #include <local_types.h>
+ #include <slotmgr.h>
+
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-aep_stdll-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-aep_stdll-Makefile.am
new file mode 100644
index 000000000000..424ea1b8c461
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-aep_stdll-Makefile.am
@@ -0,0 +1,11 @@
+--- usr/lib/pkcs11/aep_stdll/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/aep_stdll/Makefile.am 2010-10-19 23:45:36.945982287 +0900
+@@ -6,7 +6,7 @@
+
+ # Not all versions of automake observe libname_CFLAGS
+ opencryptoki_stdll_libpkcs11_aep_la_CFLAGS = -DSPINXPL -DDEV \
+--D_THREAD_SAFE -fPIC -DSHALLOW=0 -DSWTOK=1 -DLITE=0 -DNOCDMF -DNOMD2 \
++-D_THREAD_SAFE $(FPIC) -DSHALLOW=0 -DSWTOK=1 -DLITE=0 -DNOCDMF -DNOMD2 \
+ -DNODSA -DDEBUGON -DAEP_GENERIC -DNORIPE -DSTDLL_NAME=\"aeptok\"
+
+ opencryptoki_stdll_libpkcs11_aep_la_SOURCES = ../common/asn1.c \
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-api-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-Makefile.am
new file mode 100644
index 000000000000..caf3d7e49ff1
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-Makefile.am
@@ -0,0 +1,18 @@
+--- usr/lib/pkcs11/api/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/api/Makefile.am 2010-10-19 23:49:45.125982519 +0900
+@@ -4,13 +4,13 @@
+ SO_REVISION=0
+ SO_AGE=0
+
+-opencryptoki_libopencryptoki_la_LDFLAGS = -shared -Wl,-Bsymbolic -lc -ldl \
++opencryptoki_libopencryptoki_la_LDFLAGS = -shared -Wl,-Bsymbolic -lc \
+ -lpthread -version-info \
+ $(SO_CURRENT):$(SO_REVISION):$(SO_AGE)
+
+ # Not all versions of automake observe libname_CFLAGS
+ opencryptoki_libopencryptoki_la_CFLAGS = -DSPINXPL -DAPI -DDEV -D_THREAD_SAFE \
+- -fPIC -I../. -I../../../include/pkcs11
++ $(FPIC) -I../. -I../../../include/pkcs11
+
+ opencryptoki_libopencryptoki_la_SOURCES = api_interface.c shrd_mem.c apiutil.c
+
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-api-api_interface.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-api_interface.c
new file mode 100644
index 000000000000..e8dc61475253
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-api_interface.c
@@ -0,0 +1,35 @@
+--- usr/lib/pkcs11/api/api_interface.c.orig 2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/api/api_interface.c 2010-10-19 23:52:25.355983620 +0900
+@@ -2390,7 +2390,7 @@
+ C_GetFunctionList ( CK_FUNCTION_LIST_PTR_PTR ppFunctionList )
+ {
+
+- _init();
++ api_init();
+
+ LOG("C_GetFunctionList");
+ FuncList.version.major = VERSION_MAJOR;
+@@ -5168,7 +5168,11 @@
+
+ }
+
++#ifdef __sun
++#pragma init(api_init)
++#else
+ void api_init(void) __attribute__((constructor));
++#endif
+
+ void
+ api_init(void)
+@@ -5194,7 +5198,11 @@
+
+ }
+
++#ifdef __sun
++#pragma fini(api_fini)
++#else
+ void api_fini(void) __attribute__((destructor));
++#endif
+
+ void
+ api_fini()
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-api-apiutil.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-apiutil.c
new file mode 100644
index 000000000000..350878557631
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-apiutil.c
@@ -0,0 +1,44 @@
+--- usr/lib/pkcs11/api/apiutil.c.orig 2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/api/apiutil.c 2010-10-19 23:54:52.374982634 +0900
+@@ -305,10 +305,10 @@
+ #include <string.h>
+ #include <strings.h>
+ #include <unistd.h>
+-#include <alloca.h>
+ #include <dlfcn.h>
+ #include <errno.h>
+ #include <sys/syslog.h>
++#include <limits.h>
+
+ #include <sys/ipc.h>
+
+@@ -325,10 +325,28 @@
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <fcntl.h>
+-#include <sys/file.h>
+ static int xplfd=-1;
+ #endif
+
++#ifdef __sun
++#define LOCK_EX F_LOCK
++#define LOCK_UN F_ULOCK
++#define flock(fd, func) lockf(fd, func, 0)
++#endif
++
++#ifndef LOCK_SH
++#define LOCK_SH 1 /* shared lock */
++#endif
++#ifndef LOCK_EX
++#define LOCK_EX 2 /* exclusive lock */
++#endif
++#ifndef LOCK_NB
++#define LOCK_NB 4 /* don't block when locking */
++#endif
++#ifndef LOCK_UN
++#define LOCK_UN 8 /* unlock */
++#endif
++
+ #include <libgen.h>
+
+ #define LIBLOCATION LIB_PATH
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-api-shrd_mem.c.in b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-shrd_mem.c.in
new file mode 100644
index 000000000000..f615f1f34a35
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-shrd_mem.c.in
@@ -0,0 +1,11 @@
+--- usr/lib/pkcs11/api/shrd_mem.c.in.orig 2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/api/shrd_mem.c.in 2010-10-19 23:56:22.728981736 +0900
+@@ -353,7 +353,7 @@
+
+
+ // SAB check for the group id here and membership here as well
+- grp = getgrnam("pkcs11");
++ grp = getgrnam(PKCS11GROUP);
+ if ( grp ) {
+ int i=0;
+ char member=0;
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-bcom_stdll-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-bcom_stdll-Makefile.am
new file mode 100644
index 000000000000..30c7b7da9d91
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-bcom_stdll-Makefile.am
@@ -0,0 +1,11 @@
+--- usr/lib/pkcs11/bcom_stdll/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/bcom_stdll/Makefile.am 2010-10-19 23:57:38.434983522 +0900
+@@ -8,7 +8,7 @@
+
+ # Not all versions of automake observe libname_CFLAGS
+ opencryptoki_stdll_libpkcs11_bc_la_CFLAGS = -DSPINXPL -DDEV \
+--D_THREAD_SAFE -fPIC $(VARIANT) -DNOCDMF -DNOMD2 -DNODSA -DNOAES \
++-D_THREAD_SAFE $(FPIC) $(VARIANT) -DNOCDMF -DNOMD2 -DNODSA -DNOAES \
+ -DNODH -DDEBUGON -DNORIPE -DSTDLL_NAME=\"bcomtok\"
+
+ opencryptoki_stdll_libpkcs11_bc_la_SOURCES = ../common/asn1.c \
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-host_defs.h b/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-host_defs.h
new file mode 100644
index 000000000000..4db0453f3d2c
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-host_defs.h
@@ -0,0 +1,27 @@
+--- usr/lib/pkcs11/cca_stdll/host_defs.h.orig 2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/cca_stdll/host_defs.h 2010-10-19 23:59:33.363984758 +0900
+@@ -10,13 +10,24 @@
+ */
+
+
++#include <sys/types.h>
+ #include <sys/mman.h>
+ #ifndef _HOST_DEFS_H
+ #define _HOST_DEFS_H
+
+ #include <semaphore.h>
+ #include <pthread.h>
++#if defined(__OpenBSD__) || defined(__FreeBSD__)
++#include <sys/endian.h>
++#ifdef _BYTE_ORDER
++#define __BYTE_ORDER _BYTE_ORDER
++#endif
++#ifdef _LITTLE_ENDIAN
++#define __LITTLE_ENDIAN _LITTLE_ENDIAN
++#endif
++#else
+ #include <endian.h>
++#endif
+
+ #include "pkcs32.h"
+ // Both of the strings below have a length of 32 chars and must be
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-loadsave.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-loadsave.c
new file mode 100644
index 000000000000..fd6dc631209f
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-loadsave.c
@@ -0,0 +1,23 @@
+--- usr/lib/pkcs11/cca_stdll/loadsave.c.orig 2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/cca_stdll/loadsave.c 2010-10-20 01:49:50.769984323 +0900
+@@ -22,11 +22,9 @@
+ #include <string.h>
+ #include <strings.h>
+ #include <unistd.h>
+-#include <alloca.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <sys/ipc.h>
+-#include <sys/file.h>
+ #include <errno.h>
+
+ #include <pwd.h>
+@@ -51,7 +49,7 @@
+ // Set absolute permissions or rw-rw-r--
+ fchmod(file,S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH);
+
+- grp = getgrnam("pkcs11"); // Obtain the group id
++ grp = getgrnam(PKCS11GROUP); // Obtain the group id
+ if (grp){
+ fchown(file,getuid(),grp->gr_gid); // set ownership to root, and pkcs11 group
+ }
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-new_host.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-new_host.c
new file mode 100644
index 000000000000..c00cf212bad4
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-new_host.c
@@ -0,0 +1,52 @@
+--- usr/lib/pkcs11/cca_stdll/new_host.c.orig 2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/cca_stdll/new_host.c 2010-10-20 00:06:26.575983974 +0900
+@@ -298,7 +298,7 @@
+ struct group *grp;
+ int rc = 0;
+ gid_t gid,egid;
+- grp = getgrnam("pkcs11");
++ grp = getgrnam(PKCS11GROUP);
+ if (grp) {
+ // Check for member of group..
+ // SAB get login seems to not work with some
+@@ -786,7 +786,19 @@
+ //
+ object_mgr_destroy_token_objects();
+ #if 0 /* TODO: Implement delete_all_files_in_dir() */
++#if HAVE_ASPRINTF
+ local_rc = asprintf(&pk_full_path, "%s/%s", pk_dir, PK_LITE_OBJ_DIR);
++#else
++ pk_full_path = malloc(1024);
++ if( pk_full_path != NULL ) {
++ local_rc = snprintf(pk_full_path, 1023, "%s/%s",
++ pk_dir, PK_LITE_OBJ_DIR);
++ if( local_rc == -1 ) free(pk_full_path);
++ }
++ else {
++ local_rc = -1;
++ }
++#endif
+ if (local_rc == -1) {
+ rc = CKR_HOST_MEMORY;
+ goto out;
+@@ -797,8 +809,20 @@
+ goto out;
+ }
+ #endif
++#if HAVE_ASPRINTF
+ local_rc = asprintf(&s, "%s %s/%s/* > /dev/null 2>&1", DEL_CMD, pk_dir,
+ PK_LITE_OBJ_DIR);
++#else
++ s = malloc(1024);
++ if( s != NULL ) {
++ local_rc = snprintf(s, 1023, "%s %s/%s/* > /dev/null 2>&1",
++ DEL_CMD, pk_dir, PK_LITE_OBJ_DIR);
++ if( local_rc == -1 ) free(s);
++ }
++ else {
++ local_rc = -1;
++ }
++#endif
+ if (local_rc == -1) {
+ rc = CKR_HOST_MEMORY;
+ goto out;
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-tok_spec_struct.h b/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-tok_spec_struct.h
new file mode 100644
index 000000000000..302deaba508e
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-tok_spec_struct.h
@@ -0,0 +1,15 @@
+--- usr/lib/pkcs11/cca_stdll/tok_spec_struct.h.orig 2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/cca_stdll/tok_spec_struct.h 2010-10-20 00:08:00.317982423 +0900
+@@ -22,9 +22,9 @@
+ #define _TOK_SPECIFIC_STRUCT
+
+ struct token_specific_struct{
+- CK_BYTE token_directory[2048]; // Used to be in the token_local.h as a #def
+- CK_BYTE token_subdir[2048]; // subdirectory
+- CK_BYTE token_debug_tag[2048]; // debug logging tag
++ CK_BYTE *token_directory; // Used to be in the token_local.h as a #def
++ CK_BYTE *token_subdir; // subdirectory
++ CK_BYTE *token_debug_tag; // debug logging tag
+
+ CK_RV (*t_init)(char *,CK_SLOT_ID); // Initialization function
+ int (*t_slot2local)(); // convert the PKCS#11 slot to a local index
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-host_defs.h b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-host_defs.h
new file mode 100644
index 000000000000..d111bf5e002f
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-host_defs.h
@@ -0,0 +1,27 @@
+--- usr/lib/pkcs11/common/host_defs.h.orig 2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/common/host_defs.h 2010-10-20 00:10:01.398983092 +0900
+@@ -294,13 +294,24 @@
+ /* (C) COPYRIGHT International Business Machines Corp. 2001,2002 */
+
+
++#include <sys/types.h>
+ #include <sys/mman.h>
+ #ifndef _HOST_DEFS_H
+ #define _HOST_DEFS_H
+
+ #include <semaphore.h>
+ #include <pthread.h>
++#if defined(__OpenBSD__) || defined(__FreeBSD__)
++#include <sys/endian.h>
++#ifdef _BYTE_ORDER
++#define __BYTE_ORDER _BYTE_ORDER
++#endif
++#ifdef _LITTLE_ENDIAN
++#define __LITTLE_ENDIAN _LITTLE_ENDIAN
++#endif
++#else
+ #include <endian.h>
++#endif
+
+ #include "pkcs32.h"
+ // Both of the strings below have a length of 32 chars and must be
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-loadsave.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-loadsave.c
new file mode 100644
index 000000000000..f213b304b0a8
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-loadsave.c
@@ -0,0 +1,23 @@
+--- usr/lib/pkcs11/common/loadsave.c.orig 2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/common/loadsave.c 2010-10-20 00:11:28.399983780 +0900
+@@ -301,11 +301,9 @@
+ #include <string.h>
+ #include <strings.h>
+ #include <unistd.h>
+-#include <alloca.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <sys/ipc.h>
+-#include <sys/file.h>
+ #include <errno.h>
+
+ #include <pwd.h>
+@@ -328,7 +326,7 @@
+ // Set absolute permissions or rw-rw-r--
+ fchmod(file,S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH);
+
+- grp = getgrnam("pkcs11"); // Obtain the group id
++ grp = getgrnam(PKCS11GROUP); // Obtain the group id
+ if (grp){
+ fchown(file,getuid(),grp->gr_gid); // set ownership to root, and pkcs11 group
+ }
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-new_host.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-new_host.c
new file mode 100644
index 000000000000..0c1cc783c420
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-new_host.c
@@ -0,0 +1,52 @@
+--- usr/lib/pkcs11/common/new_host.c.orig 2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/common/new_host.c 2010-10-20 00:16:08.274985517 +0900
+@@ -576,7 +576,7 @@
+ struct group *grp;
+ int rc = 0;
+ gid_t gid,egid;
+- grp = getgrnam("pkcs11");
++ grp = getgrnam(PKCS11GROUP);
+ if (grp) {
+ // Check for member of group..
+ // SAB get login seems to not work with some
+@@ -1064,7 +1064,19 @@
+ //
+ object_mgr_destroy_token_objects();
+ #if 0 /* TODO: Implement delete_all_files_in_dir() */
++#if HAVE_ASPRINTF
+ local_rc = asprintf(&pk_full_path, "%s/%s", pk_dir, PK_LITE_OBJ_DIR);
++#else
++ pk_full_path = malloc(1024);
++ if( pk_full_path != NULL ) {
++ local_rc = snprintf(pk_full_path, 1023, "%s/%s",
++ pk_dir, PK_LITE_OBJ_DIR);
++ if( local_rc == -1 ) free(pk_full_path);
++ }
++ else {
++ local_rc = -1;
++ }
++#endif
+ if (local_rc == -1) {
+ rc = CKR_HOST_MEMORY;
+ goto out;
+@@ -1075,8 +1087,20 @@
+ goto out;
+ }
+ #endif
++#if HAVE_ASPRINTF
+ local_rc = asprintf(&s, "%s %s/%s/* > /dev/null 2>&1", DEL_CMD, pk_dir,
+ PK_LITE_OBJ_DIR);
++#else
++ s = malloc(1024);
++ if( s != NULL ) {
++ local_rc = snprintf(s, 1023, "%s %s/%s/* > /dev/null 2>&1",
++ DEL_CMD, pk_dir, PK_LITE_OBJ_DIR);
++ if( local_rc == -1 ) free(s);
++ }
++ else {
++ local_rc = -1;
++ }
++#endif
+ if (local_rc == -1) {
+ rc = CKR_HOST_MEMORY;
+ goto out;
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-tok_spec_struct.h b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-tok_spec_struct.h
new file mode 100644
index 000000000000..bcbfff0dd613
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-tok_spec_struct.h
@@ -0,0 +1,15 @@
+--- usr/lib/pkcs11/common/tok_spec_struct.h.orig 2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/common/tok_spec_struct.h 2010-10-20 00:17:28.288984976 +0900
+@@ -308,9 +308,9 @@
+ #define _TOK_SPECIFIC_STRUCT
+
+ struct token_specific_struct{
+- CK_BYTE token_directory[PATH_MAX]; // Used to be in the token_local.h as a #def
+- CK_BYTE token_subdir[PATH_MAX]; // subdirectory
+- CK_BYTE token_debug_tag[PATH_MAX]; // debug logging tag
++ CK_BYTE *token_directory; // Used to be in the token_local.h as a #def
++ CK_BYTE *token_subdir; // subdirectory
++ CK_BYTE *token_debug_tag; // debug logging tag
+
+ CK_RV (*t_init)(char *,CK_SLOT_ID); // Initialization function
+ int (*t_slot2local)(); // convert the PKCS#11 slot to a local index
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-utility.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-utility.c
new file mode 100644
index 000000000000..77e821c60edc
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-utility.c
@@ -0,0 +1,29 @@
+--- usr/lib/pkcs11/common/utility.c.orig 2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/common/utility.c 2010-10-20 00:19:02.740983592 +0900
+@@ -302,6 +302,26 @@
+ #include <errno.h>
+ #include <pwd.h>
+
++#include <fcntl.h>
++
++#ifdef __sun
++#define LOCK_EX F_LOCK
++#define LOCK_UN F_ULOCK
++#define flock(fd, func) lockf(fd, func, 0)
++#endif
++
++#ifndef LOCK_SH
++#define LOCK_SH 1 /* shared lock */
++#endif
++#ifndef LOCK_EX
++#define LOCK_EX 2 /* exclusive lock */
++#endif
++#ifndef LOCK_NB
++#define LOCK_NB 4 /* don't block when locking */
++#endif
++#ifndef LOCK_UN
++#define LOCK_UN 8 /* unlock */
++#endif
+
+ #include "pkcs11types.h"
+ #include "defs.h"
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-cr_stdll-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-cr_stdll-Makefile.am
new file mode 100644
index 000000000000..dbf0a2ff35ce
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-cr_stdll-Makefile.am
@@ -0,0 +1,18 @@
+--- usr/lib/pkcs11/cr_stdll/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/cr_stdll/Makefile.am 2010-10-20 00:20:46.987982761 +0900
+@@ -2,13 +2,13 @@
+
+ opencryptoki_stdll_libpkcs11_cr_la_LDFLAGS = $(LCRYPTO) $(CR_LIB_DIRS) \
+ -nostartfiles -shared -Wl,-Bsymbolic -Wl,-soname,PKCS11_BC.so.1 -lc \
+--lpthread -lsocketarmor -ldl -lcrypto
++-lpthread -lsocketarmor -lcrypto
+
+ VARIANT = -DSHALLOW=0 -DSWTOK=1 -DLITE=0
+
+ # Not all versions of automake observe libname_CFLAGS
+ opencryptoki_stdll_libpkcs11_cr_la_CFLAGS = -DSPINXPL -DDEV \
+--D_THREAD_SAFE -fPIC $(VARIANT) -DNOCDMF -DNOMD2 -DNODSA -DDEBUGON
++-D_THREAD_SAFE $(FPIC) $(VARIANT) -DNOCDMF -DNOMD2 -DNODSA -DDEBUGON
+
+ opencryptoki_stdll_libpkcs11_cr_la_SOURCES = ../common/asn1.c \
+ ../common/cert.c ../common/hwf_obj.c ../common/dp_obj.c \
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_s390_stdll-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_s390_stdll-Makefile.am
new file mode 100644
index 000000000000..3dbaac74a518
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_s390_stdll-Makefile.am
@@ -0,0 +1,16 @@
+--- usr/lib/pkcs11/ica_s390_stdll/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/ica_s390_stdll/Makefile.am 2010-10-20 00:22:00.867981839 +0900
+@@ -2,11 +2,11 @@
+
+ opencryptoki_stdll_libpkcs11_ica_la_LDFLAGS = $(LCRYPTO) \
+ $(ICA_LIB_DIRS) -nostartfiles -shared -Wl,-Bsymbolic -Wl,-soname,$@ \
+--Wl,-Bsymbolic -lc -lpthread -lica -ldl -lcrypto
++-Wl,-Bsymbolic -lc -lpthread -lica -lcrypto
+
+ # Not all versions of automake observe libname_CFLAGS
+ opencryptoki_stdll_libpkcs11_ica_la_CFLAGS = -DSPINXPL -DDEV \
+--D_THREAD_SAFE -fPIC -DSHALLOW=0 -DSWTOK=0 -DLITE=1 -DNODH \
++-D_THREAD_SAFE $(FPIC) -DSHALLOW=0 -DSWTOK=0 -DLITE=1 -DNODH \
+ -DNOCDMF -DNOMD2 -DNODSA -DSTDLL_NAME=\"icatok\"
+
+ opencryptoki_stdll_libpkcs11_ica_la_SOURCES = ../common/asn1.c \
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_stdll-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_stdll-Makefile.am
new file mode 100644
index 000000000000..6d41bd3d8b03
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_stdll-Makefile.am
@@ -0,0 +1,21 @@
+--- usr/lib/pkcs11/ica_stdll/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/ica_stdll/Makefile.am 2010-10-20 00:23:51.161996275 +0900
+@@ -2,15 +2,15 @@
+
+ opencryptoki_stdll_libpkcs11_ica_la_LDFLAGS = $(LCRYPTO) \
+ $(ICA_LIB_DIRS) -nostartfiles -shared -Wl,-Bsymbolic \
+--Wl,-soname,PKCS11_ICA.so.1 -lc -lpthread -ldl -lica
++-Wl,-soname,PKCS11_ICA.so.1 -lc -lpthread -lica
+
+ # Not all versions of automake observe libname_CFLAGS
+ opencryptoki_stdll_libpkcs11_ica_la_CFLAGS = -DSPINXPL -DDEV \
+--D_THREAD_SAFE -fPIC -DSHALLOW=0 -DSWTOK=0 -DLITE=1 -DNOCDMF -DNOMD2 \
++-D_THREAD_SAFE $(FPIC) -DSHALLOW=0 -DSWTOK=0 -DLITE=1 -DNOCDMF -DNOMD2 \
+ -DNODSA -DNOAES -DNODH -DNORIPE -DSTDLL_NAME=\"icatok\"
+
+ # Not all versions of automake observe libname_CFLAGS
+-AM_CFLAGS = -DSPINXPL -DDEV -D_THREAD_SAFE -fPIC -DSHALLOW=0 -DSWTOK=0 \
++AM_CFLAGS = -DSPINXPL -DDEV -D_THREAD_SAFE $(FPIC) -DSHALLOW=0 -DSWTOK=0 \
+ -DLITE=1 -DNOCDMF -DNOMD2 -DNODSA -DNOAES -DNODH -DNORIPE
+
+ opencryptoki_stdll_libpkcs11_ica_la_SOURCES= ../common/asn1.c \
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-Makefile.am
new file mode 100644
index 000000000000..056d26b6f727
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-Makefile.am
@@ -0,0 +1,11 @@
+--- usr/lib/pkcs11/soft_stdll/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/soft_stdll/Makefile.am 2010-10-20 00:25:03.227984225 +0900
+@@ -7,7 +7,7 @@
+ opencryptoki_stdll_libpkcs11_sw_la_CFLAGS = -DSPINXPL -DDEV -D_THREAD_SAFE \
+ -DSHALLOW=0 -DSWTOK=1 -DLITE=0 \
+ -DNOCDMF -DNOMD2 -DNODSA -DNORIPE \
+- -DDEBUGON -fPIC \
++ -DDEBUGON $(FPIC) \
+ -I/usr/include -I. \
+ -I../../../include/pkcs11/stdll \
+ -I../../../include/pkcs11 \
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-host_defs.h b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-host_defs.h
new file mode 100644
index 000000000000..dcbdda52666c
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-host_defs.h
@@ -0,0 +1,28 @@
+--- usr/lib/pkcs11/tpm_stdll/host_defs.h.orig 2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/tpm_stdll/host_defs.h 2010-10-20 00:26:48.474982648 +0900
+@@ -2,13 +2,25 @@
+ /* (C) COPYRIGHT International Business Machines Corp. 2001, 2002, 2005*/
+
+
++#include <sys/types.h>
+ #include <sys/mman.h>
+ #ifndef _HOST_DEFS_H
+ #define _HOST_DEFS_H
+
+ #include <semaphore.h>
+ #include <pthread.h>
++
++#if defined(__OpenBSD__) || defined(__FreeBSD__)
++#include <sys/endian.h>
++#ifdef _BYTE_ORDER
++#define __BYTE_ORDER _BYTE_ORDER
++#endif
++#ifdef _LITTLE_ENDIAN
++#define __LITTLE_ENDIAN _LITTLE_ENDIAN
++#endif
++#else
+ #include <endian.h>
++#endif
+
+ #include "pkcs32.h"
+ // Both of the strings below have a length of 32 chars and must be
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-loadsave.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-loadsave.c
new file mode 100644
index 000000000000..7144ab0d4f51
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-loadsave.c
@@ -0,0 +1,11 @@
+--- usr/lib/pkcs11/tpm_stdll/loadsave.c.orig 2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/tpm_stdll/loadsave.c 2010-10-20 00:27:47.109983972 +0900
+@@ -339,7 +339,7 @@
+ fchmod(file,S_IRUSR|S_IWUSR);
+
+ #if 0
+- grp = getgrnam("pkcs11"); // Obtain the group id
++ grp = getgrnam(PKCS11GROUP); // Obtain the group id
+ if (grp){
+ fchown(file,getuid(),grp->gr_gid); // set ownership to root, and pkcs11 group
+ }
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-new_host.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-new_host.c
new file mode 100644
index 000000000000..b89f2b1ecb78
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-new_host.c
@@ -0,0 +1,11 @@
+--- usr/lib/pkcs11/tpm_stdll/new_host.c.orig 2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/tpm_stdll/new_host.c 2010-10-20 00:29:17.108984288 +0900
+@@ -356,7 +356,7 @@
+ int rc = 0;
+ int index = 0;
+ gid_t gid,egid;
+- grp = getgrnam("pkcs11");
++ grp = getgrnam(PKCS11GROUP);
+ if ( grp ) {
+ // Check for member of group..
+
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-tok_spec_struct.h b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-tok_spec_struct.h
new file mode 100644
index 000000000000..c49362f92053
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-tok_spec_struct.h
@@ -0,0 +1,15 @@
+--- usr/lib/pkcs11/tpm_stdll/tok_spec_struct.h.orig 2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/tpm_stdll/tok_spec_struct.h 2010-10-20 00:30:22.991986453 +0900
+@@ -33,9 +33,9 @@
+ #define _TOK_SPECIFIC_STRUCT
+
+ struct token_specific_struct{
+- CK_BYTE token_directory[PATH_MAX]; // Used to be in the token_local.h as a #def
+- CK_BYTE token_subdir[PATH_MAX]; // subdirectory
+- CK_BYTE token_debug_tag[PATH_MAX]; // debug logging tag
++ CK_BYTE *token_directory; // Used to be in the token_local.h as a #def
++ CK_BYTE *token_subdir; // subdirectory
++ CK_BYTE *token_debug_tag; // debug logging tag
+
+ CK_RV (*t_init)(char *,CK_SLOT_ID); // Initialization function
+ int (*t_slot2local)(); // convert the PKCS#11 slot to a local index
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-utility.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-utility.c
new file mode 100644
index 000000000000..db9dc344854e
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-utility.c
@@ -0,0 +1,30 @@
+--- usr/lib/pkcs11/tpm_stdll/utility.c.orig 2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/tpm_stdll/utility.c 2010-10-20 00:33:02.810983787 +0900
+@@ -44,6 +44,27 @@
+ #include "tok_spec_struct.h"
+ #include "pkcs32.h"
+
++#include <fcntl.h>
++
++#ifdef __sun
++#define LOCK_EX F_LOCK
++#define LOCK_UN F_ULOCK
++#define flock(fd, func) lockf(fd, func, 0)
++#endif
++
++#ifndef LOCK_SH
++#define LOCK_SH 1 /* shared lock */
++#endif
++#ifndef LOCK_EX
++#define LOCK_EX 2 /* exclusive lock */
++#endif
++#ifndef LOCK_NB
++#define LOCK_NB 4 /* don't block when locking */
++#endif
++#ifndef LOCK_UN
++#define LOCK_UN 8 /* unlock */
++#endif
++
+ #if (SPINXPL)
+ #include <sys/file.h>
+ #endif
diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcs11_startup-Makefile.am b/security/opencryptoki/files/patch-usr-sbin-pkcs11_startup-Makefile.am
new file mode 100644
index 000000000000..5a4da539916b
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-sbin-pkcs11_startup-Makefile.am
@@ -0,0 +1,11 @@
+--- usr/sbin/pkcs11_startup/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900
++++ usr/sbin/pkcs11_startup/Makefile.am 2010-10-22 00:59:30.397048865 +0900
+@@ -12,6 +12,8 @@
+ -e s!\@ID\@!"@ID@"!g \
+ -e s!\@CAT\@!"@CAT@"!g \
+ -e s!\@SED\@!"@SED@"!g \
++ -e s!\@PKCS11USER\@!"@PKCS11USER@"!g \
++ -e s!\@PKCS11GROUP\@!"@PKCS11GROUP@"!g \
+ -e s!\@GROUPADD\@!"@GROUPADD@"!g \
+ -e s!\@USERMOD\@!"@USERMOD@"!g < $< > $@-t
+ @CHMOD@ +x $@-t
diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcs11_startup-pkcs11_startup.in b/security/opencryptoki/files/patch-usr-sbin-pkcs11_startup-pkcs11_startup.in
new file mode 100644
index 000000000000..eab5c2b3b78a
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-sbin-pkcs11_startup-pkcs11_startup.in
@@ -0,0 +1,41 @@
+--- usr/sbin/pkcs11_startup/pkcs11_startup.in.orig 2010-07-29 21:28:41.000000000 +0900
++++ usr/sbin/pkcs11_startup/pkcs11_startup.in 2010-10-22 00:57:35.508983672 +0900
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/bin/sh
+
+ #
+ #
+@@ -310,29 +310,20 @@
+
+
+ # Create the pkcs11 group if it does not exist...
+-cat /etc/group|grep pkcs11 >/dev/null 2>&1
++cat /etc/group|grep @PKCS11GROUP@ >/dev/null 2>&1
+ rc=$?
+ if [ $rc = 1 ]
+ then
+ if [ -x @GROUPADD@ ]
+ then
+- @GROUPADD@ pkcs11 >/dev/null 2>&1
++ @GROUPADD@ @PKCS11GROUP@ >/dev/null 2>&1
+
+ else
+- echo "Couldn't execute @GROUPADD@. Please add the group 'pkcs11' manually."
++ echo "Couldn't execute @GROUPADD@. Please add the group '@PKCS11GROUP@' manually."
+ fi
+ fi
+
+
+-if [ -x @USERMOD@ -a -x @ID@ ]
+-then
+- # add the pkcs group
+- # replace spaces by commas
+- @USERMOD@ -G $( @ID@ --groups --name root | @SED@ -e 'y/ /,/'),pkcs11 root
+-else
+- echo "Couldn't execute @USERMOD@. Please add root to the group 'pkcs11' manually."
+-fi
+-
+
+ # For each card run the status command and if successful
+ # create the odm stanza for the file
diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcs_slot-pkcs_slot.in b/security/opencryptoki/files/patch-usr-sbin-pkcs_slot-pkcs_slot.in
new file mode 100644
index 000000000000..92446a0b6353
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-sbin-pkcs_slot-pkcs_slot.in
@@ -0,0 +1,142 @@
+--- usr/sbin/pkcs_slot/pkcs_slot.in.orig 2010-07-29 21:28:41.000000000 +0900
++++ usr/sbin/pkcs_slot/pkcs_slot.in 2010-10-22 00:42:38.286985256 +0900
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/bin/sh
+
+ #
+ #
+@@ -360,7 +360,7 @@
+ if [ ! -d @localstatedir@/lib/opencryptoki ]
+ then
+ @MKDIR_P@ @localstatedir@/lib/opencryptoki
+- @CHGRP@ pkcs11 @localstatedir@/lib/opencryptoki
++ @CHGRP@ @PKCS11GROUP@ @localstatedir@/lib/opencryptoki
+ @CHMOD@ -R g+rwX @localstatedir@/lib/opencryptoki
+ fi
+
+@@ -372,9 +372,9 @@
+ if [ $? -ne 0 ]
+ then
+ mkdir $SOFT_DIR
+- @CHGRP@ pkcs11 $SOFT_DIR
++ @CHGRP@ @PKCS11GROUP@ $SOFT_DIR
+ mkdir "$SOFT_DIR"/TOK_OBJ
+- @CHGRP@ pkcs11 "$SOFT_DIR"/TOK_OBJ
++ @CHGRP@ @PKCS11GROUP@ "$SOFT_DIR"/TOK_OBJ
+ fi
+ SYS_SLOT="Soft"
+ fi
+@@ -386,7 +386,7 @@
+ if [ $? -ne 0 ]
+ then
+ mkdir $TPM_DIR
+- @CHGRP@ pkcs11 $TPM_DIR
++ @CHGRP@ @PKCS11GROUP@ $TPM_DIR
+ fi
+ SYS_SLOT="TPM"
+ fi
+@@ -397,7 +397,7 @@
+ if [ $? -ne 0 ]
+ then
+ mkdir $CCA_DIR
+- @CHGRP@ pkcs11 $CCA_DIR
++ @CHGRP@ @PKCS11GROUP@ $CCA_DIR
+ mkdir "$CCA_DIR"/TOK_OBJ
+ @CHGRP@ pkcs11 "$CCA_DIR"/TOK_OBJ
+ fi
+@@ -406,7 +406,7 @@
+
+ # If we are using a shallow device, make sure that the directory
+ # to store token objects is available, if not create it and change
+-# the ownership to the pkcs11 group
++# the ownership to the @PKCS11GROUP@ group
+
+
+ if [ $DEPTH = "ica" ]
+@@ -415,9 +415,9 @@
+ if [ $? -ne 0 ]
+ then
+ mkdir $ICA_DIR
+- @CHGRP@ pkcs11 $ICA_DIR
++ @CHGRP@ @PKCS11GROUP@ $ICA_DIR
+ mkdir "$ICA_DIR"/TOK_OBJ
+- @CHGRP@ pkcs11 "$ICA_DIR"/TOK_OBJ
++ @CHGRP@ @PKCS11GROUP@ "$ICA_DIR"/TOK_OBJ
+ fi
+ SYS_SLOT="ICA"
+ fi
+@@ -428,9 +428,9 @@
+ if [ $? -ne 0 ]
+ then
+ mkdir $BCOM_DIR
+- @CHGRP@ pkcs11 $BCOM_DIR
++ @CHGRP@ @PKCS11GROUP@ $BCOM_DIR
+ mkdir "$BCOM_DIR"/TOK_OBJ
+- @CHGRP@ pkcs11 "$BCOM_DIR"/TOK_OBJ
++ @CHGRP@ @PKCS11GROUP@ "$BCOM_DIR"/TOK_OBJ
+ fi
+ SYS_SLOT="BCOM"
+ fi
+@@ -441,9 +441,9 @@
+ if [ $? -ne 0 ]
+ then
+ mkdir $AEP_DIR
+- @CHGRP@ pkcs11 $AEP_DIR
++ @CHGRP@ @PKCS11GROUP@ $AEP_DIR
+ mkdir "$AEP_DIR"/TOK_OBJ
+- @CHGRP@ pkcs11 "$AEP_DIR"/TOK_OBJ
++ @CHGRP@ @PKCS11GROUP@ "$AEP_DIR"/TOK_OBJ
+ fi
+ SYS_SLOT="AEP"
+ fi
+@@ -454,9 +454,9 @@
+ if [ $? -ne 0 ]
+ then
+ mkdir $CR_DIR
+- @CHGRP@ pkcs11 $CR_DIR
++ @CHGRP@ @PKCS11GROUP@ $CR_DIR
+ mkdir "$CR_DIR"/TOK_OBJ
+- @CHGRP@ pkcs11 "$CR_DIR"/TOK_OBJ
++ @CHGRP@ @PKCS11GROUP@ "$CR_DIR"/TOK_OBJ
+ fi
+ SYS_SLOT="CRNT"
+ fi
+@@ -477,29 +477,29 @@
+
+ if [ $DEPTH = "deep" ]
+ then
+-echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|$DEVICE|$DEEP4758_DLL_FN|$DEEP4758_INIT" >>$CFGFILE
++echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|$DEVICE|$DEEP4758_DLL|$DEEP4758_INIT" >>$CFGFILE
+
+ elif [ $DEPTH = "ica" ]
+ then
+-echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$ICA_DLL_FN|$ICA_INIT" >>$CFGFILE
++echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$ICA_DLL|$ICA_INIT" >>$CFGFILE
+ elif [ $DEPTH = "bcom" ]
+ then
+-echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$BCOM_DLL_FN|$BCOM_INIT" >>$CFGFILE
++echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$BCOM_DLL|$BCOM_INIT" >>$CFGFILE
+ elif [ $DEPTH = "aep" ]
+ then
+-echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$AEP_DLL_FN|$AEP_INIT" >>$CFGFILE
++echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$AEP_DLL|$AEP_INIT" >>$CFGFILE
+ elif [ $DEPTH = "cr" ]
+ then
+-echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$CR_DLL_FN|$CR_INIT" >>$CFGFILE
++echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$CR_DLL|$CR_INIT" >>$CFGFILE
+ elif [ $DEPTH = "soft" ]
+ then
+-echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|FALSE|0|0|1|1|NONE|$SOFT_DLL_FN|$SOFT_INIT" >>$CFGFILE
++echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|FALSE|0|0|1|1|NONE|$SOFT_DLL|$SOFT_INIT" >>$CFGFILE
+ elif [ $DEPTH = "tpm" ]
+ then
+-echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$TPM_DLL_FN|$TPM_INIT" >>$CFGFILE
++echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$TPM_DLL|$TPM_INIT" >>$CFGFILE
+ elif [ $DEPTH = "cca" ]
+ then
+-echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$CCA_DLL_FN|$CCA_INIT" >>$CFGFILE
++echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$CCA_DLL|$CCA_INIT" >>$CFGFILE
+ fi
+
+ @CHMOD@ -R g+wrX @localstatedir@/lib/opencryptoki
diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsconf-Makefile.am b/security/opencryptoki/files/patch-usr-sbin-pkcsconf-Makefile.am
new file mode 100644
index 000000000000..6e61e87c04b0
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-sbin-pkcsconf-Makefile.am
@@ -0,0 +1,10 @@
+--- usr/sbin/pkcsconf/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900
++++ usr/sbin/pkcsconf/Makefile.am 2010-10-20 00:46:34.600985372 +0900
+@@ -1,6 +1,6 @@
+ sbin_PROGRAMS=pkcsconf
+
+-pkcsconf_LDFLAGS = -lpthread -ldl
++pkcsconf_LDFLAGS = -lpthread
+
+ # Not all versions of automake observe sbinname_CFLAGS
+ pkcsconf_CFLAGS = -DSPINXPL -D_THREAD_SAFE -DDEBUG -DDEV -DAPI
diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c b/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c
new file mode 100644
index 000000000000..31aef7224424
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c
@@ -0,0 +1,11 @@
+--- usr/sbin/pkcsconf/pkcsconf.c.orig 2010-07-29 21:28:41.000000000 +0900
++++ usr/sbin/pkcsconf/pkcsconf.c 2010-10-20 00:47:46.462984231 +0900
+@@ -654,6 +654,8 @@
+ free (newpin2);
+ }
+
++ cleanup();
++
+ return rc;
+
+ }
diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-err.c b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-err.c
new file mode 100644
index 000000000000..1ef0ba153f20
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-err.c
@@ -0,0 +1,107 @@
+--- usr/sbin/pkcsslotd/err.c.orig 2010-07-29 21:28:41.000000000 +0900
++++ usr/sbin/pkcsslotd/err.c 2010-10-20 01:17:17.245985003 +0900
+@@ -288,6 +288,7 @@
+
+ /* (C) COPYRIGHT International Business Machines Corp. 2001 */
+
++#include <signal.h>
+
+ #include "pthread.h"
+
+@@ -331,14 +332,30 @@
+ CONSTINFO(ERANGE),
+ CONSTINFO(ENOMSG),
+ CONSTINFO(EIDRM),
++#ifdef ECHRNG
+ CONSTINFO(ECHRNG),
++#endif
++#ifdef EL2NSYNC
+ CONSTINFO(EL2NSYNC),
++#endif
++#ifdef EL3HLT
+ CONSTINFO(EL3HLT),
++#endif
++#ifdef EL3RST
+ CONSTINFO(EL3RST),
++#endif
++#ifdef ELNRNG
+ CONSTINFO(ELNRNG),
++#endif
++#ifdef EUNATCH
+ CONSTINFO(EUNATCH),
++#endif
++#ifdef ENOCSI
+ CONSTINFO(ENOCSI),
++#endif
++#ifdef EL2HLT
+ CONSTINFO(EL2HLT),
++#endif
+ CONSTINFO(EDEADLK),
+ CONSTINFO(ESTALE),
+ CONSTINFO(EWOULDBLOCK),
+@@ -369,7 +386,9 @@
+ CONSTINFO(ECONNREFUSED),
+ CONSTINFO(EHOSTDOWN),
+ CONSTINFO(EHOSTUNREACH),
++#ifdef ERESTART
+ CONSTINFO(ERESTART),
++#endif
+ CONSTINFO(EUSERS),
+ CONSTINFO(ELOOP),
+ CONSTINFO(ENAMETOOLONG),
+@@ -380,16 +399,34 @@
+ CONSTINFO(ETOOMANYREFS),
+ CONSTINFO(EILSEQ),
+ CONSTINFO(ECANCELED),
++#ifdef ENOSR
+ CONSTINFO(ENOSR),
++#endif
++#ifdef ETIME
+ CONSTINFO(ETIME),
++#endif
++#ifdef EBADMSG
+ CONSTINFO(EBADMSG),
++#endif
++#ifdef EPROTO
+ CONSTINFO(EPROTO),
++#endif
++#ifdef ENODATA
+ CONSTINFO(ENODATA),
++#endif
++#ifdef ENOSTR
+ CONSTINFO(ENOSTR),
++#endif
+ CONSTINFO(ENOTSUP),
++#ifdef EMULTIHOP
+ CONSTINFO(EMULTIHOP),
++#endif
++#ifdef ENOLINK
+ CONSTINFO(ENOLINK),
++#endif
++#ifdef EOVERFLOW
+ CONSTINFO(EOVERFLOW),
++#endif
+
+ };
+
+@@ -424,14 +461,20 @@
+ CONSTINFO(SIGXCPU),
+ CONSTINFO(SIGXFSZ),
+ CONSTINFO(SIGWINCH),
++#ifdef SIGPWR
+ CONSTINFO(SIGPWR),
++#endif
+ CONSTINFO(SIGUSR1),
+ CONSTINFO(SIGUSR2),
+ CONSTINFO(SIGPROF),
+ CONSTINFO(SIGVTALRM),
+ CONSTINFO(SIGIOT),
++#ifdef SIGCLD
+ CONSTINFO(SIGCLD),
++#endif
++#ifdef SIGPOLL
+ CONSTINFO(SIGPOLL),
++#endif
+ #if 0
+ CONSTINFO(SIG_DFL),
+ CONSTINFO(SIG_IGN),
diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-mutex.c b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-mutex.c
new file mode 100644
index 000000000000..4b8c83064dbe
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-mutex.c
@@ -0,0 +1,37 @@
+--- usr/sbin/pkcsslotd/mutex.c.orig 2010-07-29 21:28:41.000000000 +0900
++++ usr/sbin/pkcsslotd/mutex.c 2010-10-20 01:19:28.613984045 +0900
+@@ -293,6 +293,26 @@
+
+ #include "pkcsslotd.h"
+
++#include <fcntl.h>
++
++#ifdef __sun
++#define LOCK_EX F_LOCK
++#define LOCK_UN F_ULOCK
++#define flock(fd, func) lockf(fd, func, 0)
++#endif
++
++#ifndef LOCK_SH
++#define LOCK_SH 1 /* shared lock */
++#endif
++#ifndef LOCK_EX
++#define LOCK_EX 2 /* exclusive lock */
++#endif
++#ifndef LOCK_NB
++#define LOCK_NB 4 /* don't block when locking */
++#endif
++#ifndef LOCK_UN
++#define LOCK_UN 8 /* unlock */
++#endif
+
+ #if SYSVSEM
+ #error "Caveat Emptor... this does not work"
+@@ -315,7 +335,6 @@
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <fcntl.h>
+-#include <sys/file.h>
+ static int xplfd=-1;
+ #endif
+
diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-pkcsslotd.h b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-pkcsslotd.h
new file mode 100644
index 000000000000..024873633a1c
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-pkcsslotd.h
@@ -0,0 +1,11 @@
+--- usr/sbin/pkcsslotd/pkcsslotd.h.orig 2010-07-29 21:28:41.000000000 +0900
++++ usr/sbin/pkcsslotd/pkcsslotd.h 2010-10-20 01:20:18.253984238 +0900
+@@ -353,7 +353,7 @@
+ #include <nl_types.h>
+
+ #include <sys/ipc.h>
+-#include <linux/limits.h>
++#include <limits.h>
+ #include <sys/shm.h>
+ #include <sys/stat.h>
+ #include <sys/types.h>
diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-shmem.c b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-shmem.c
new file mode 100644
index 000000000000..973c25b76436
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-shmem.c
@@ -0,0 +1,35 @@
+--- usr/sbin/pkcsslotd/shmem.c.orig 2010-07-29 21:28:41.000000000 +0900
++++ usr/sbin/pkcsslotd/shmem.c 2010-10-20 01:23:03.203984101 +0900
+@@ -338,9 +338,9 @@
+ }
+ // SAB Get the group information for the PKCS#11 group... fail if
+ // it does not exist
+- grp = getgrnam("pkcs11");
++ grp = getgrnam(PKCS11GROUP);
+ if ( !grp ) {
+- ErrLog("Group PKCS#11 does not exist ");
++ ErrLog("Group " PKCS11GROUP " does not exist ");
+ return FALSE; // Group does not exist... setup is wrong..
+ }
+
+@@ -409,9 +409,9 @@
+ int i;
+ char *buffer;
+
+- grp = getgrnam("pkcs11");
++ grp = getgrnam(PKCS11GROUP);
+ if ( !grp ) {
+- ErrLog("Group \"pkcs11\" does not exist! Please run %s/pkcs11_startup.",
++ ErrLog("Group " PKCS11GROUP " does not exist! Please run %s/pkcs11_startup.",
+ SBIN_PATH);
+ return FALSE; // Group does not exist... setup is wrong..
+ }
+@@ -431,7 +431,7 @@
+ return FALSE;
+ }
+ if (fchown(fd, 0, grp->gr_gid) == -1) {
+- ErrLog("%s: fchown(%s, root, pkcs11): %s", __FUNCTION__, MAPFILENAME,
++ ErrLog("%s: fchown(%s, root, %s): %s", __FUNCTION__, MAPFILENAME, PKCS11GROUP,
+ strerror(errno));
+ close(fd);
+ return FALSE;
diff --git a/security/opencryptoki/files/pkcsslotd.in b/security/opencryptoki/files/pkcsslotd.in
new file mode 100644
index 000000000000..ca0fb7744dc3
--- /dev/null
+++ b/security/opencryptoki/files/pkcsslotd.in
@@ -0,0 +1,33 @@
+#!/bin/sh
+
+# $FreeBSD$
+#
+# PROVIDE: pkcsslotd
+# REQUIRE: LOGIN tcsd
+# KEYWORD: shutdown
+#
+# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
+# to enable this service:
+#
+# pkcsslotd_enable (bool): Set to NO by default.
+# Set it to YES to enable pkcsslotd.
+#
+
+. /etc/rc.subr
+
+name=pkcsslotd
+rcvar=`set_rcvar`
+command=%%PREFIX%%/sbin/${name}
+start_precmd=${name}_prestart
+
+pkcsslotd_prestart () {
+ [ -f %%PREFIX%%/var/lib/opencryptoki/pk_config_data ] || \
+ %%PREFIX%%/sbin/pkcs11_startup
+}
+
+load_rc_config ${name}
+
+: pkcsslotd_enable=${pkcsslotd_enable-"NO"}
+
+run_rc_command "$1"
+
diff --git a/security/opencryptoki/files/pkg-message.in b/security/opencryptoki/files/pkg-message.in
new file mode 100644
index 000000000000..70b4dd1edd64
--- /dev/null
+++ b/security/opencryptoki/files/pkg-message.in
@@ -0,0 +1,7 @@
+To run pkcsslotd automatically, add the following line to /etc/rc.conf
+
+pkcsslotd_enable="YES"
+
+To use PKCS#11 token, add your_account to '%%GROUPS%%' like following:
+
+# pw groupadd %%GROUPS%% -m your_account
diff --git a/security/opencryptoki/pkg-descr b/security/opencryptoki/pkg-descr
new file mode 100644
index 000000000000..cdaa8827a684
--- /dev/null
+++ b/security/opencryptoki/pkg-descr
@@ -0,0 +1 @@
+openCryptoki is a PKCS#11 implementation.
diff --git a/security/opencryptoki/pkg-plist b/security/opencryptoki/pkg-plist
new file mode 100644
index 000000000000..12d85ac93185
--- /dev/null
+++ b/security/opencryptoki/pkg-plist
@@ -0,0 +1,34 @@
+include/opencryptoki/apiclient.h
+include/opencryptoki/pkcs11.h
+include/opencryptoki/pkcs11types.h
+lib/libopencryptoki.la
+lib/libopencryptoki.so
+lib/libopencryptoki.so.0
+lib/opencryptoki/PKCS11_API.so
+lib/opencryptoki/libopencryptoki.la
+lib/opencryptoki/libopencryptoki.so
+lib/opencryptoki/libopencryptoki.so.0
+lib/opencryptoki/methods
+lib/opencryptoki/stdll/PKCS11_SW.so
+lib/opencryptoki/stdll/libpkcs11_sw.la
+lib/opencryptoki/stdll/libpkcs11_sw.so
+lib/opencryptoki/stdll/libpkcs11_sw.so.0
+lib/opencryptoki/stdll/PKCS11_TPM.so
+lib/opencryptoki/stdll/libpkcs11_tpm.la
+lib/opencryptoki/stdll/libpkcs11_tpm.so
+lib/opencryptoki/stdll/libpkcs11_tpm.so.0
+lib/pkcs11/PKCS11_API.so
+lib/pkcs11/libopencryptoki.so
+lib/pkcs11/methods
+lib/pkcs11/stdll
+sbin/pkcs11_startup
+sbin/pkcs_slot
+sbin/pkcsconf
+sbin/pkcsslotd
+@dirrmtry var/lib/opencryptoki
+@dirrmtry var/lib
+@dirrmtry var
+@dirrm lib/pkcs11
+@dirrm lib/opencryptoki/stdll
+@dirrm lib/opencryptoki
+@dirrm include/opencryptoki