Add opencryptoki 2.3.2, is an open PKCS#11 implementation library.

Obtained from:	http://bsssd.sourceforge.net/

43 files changed, 1195 insertions, 0 deletions

diff --git a/security/opencryptoki/Makefile b/security/opencryptoki/Makefile
new file mode 100644
index 000000000000..09aae6141161
--- /dev/null
+++ b/security/opencryptoki/Makefile
@@ -0,0 +1,67 @@
+# New ports collection makefile for:	opencryptoki
+# Date created:				2010-07-16
+# Whom:					Ralf Meister
+#
+# $FreeBSD$
+#
+
+PORTNAME=	opencryptoki
+PORTVERSION=	2.3.2
+CATEGORIES=	security
+MASTER_SITES=	SF/${PORTNAME}/${PORTNAME}/${PORTVERSION}
+
+MAINTAINER=	nork@FreeBSD.org
+COMMENT=	An open PKCS\#11 implementation library
+
+LIB_DEPENDS=	tspi.2:${PORTSDIR}/security/trousers
+
+USE_BZIP2=	YES
+USE_GMAKE=	YES
+USE_LDCONFIG=	YES
+USE_AUTOTOOLS=	autoconf:268 libtool:22 automake:111
+HAS_CONFIGURE=	YES
+MAKE_JOBS_SAFE=	YES
+
+USE_RC_SUBR=	pkcsslotd
+SUB_FILES=	pkg-message
+SUB_LIST=	USERS=${USERS} GROUPS=${GROUPS}
+
+MAN1=		pkcs11_startup.1 pkcsconf.1
+MAN5=		pk_config_data.5
+MAN7=		opencryptoki.7
+MAN8=		pkcsslotd.8
+
+USERS=		_pkcs11
+GROUPS=		_pkcs11
+
+LICENSE=	CPL
+LICENSE_NAME=	Common Public License
+LICENSE_FILE=	${WRKSRC}/LICENSE
+LICENSE_PERMS=	${_LICENSE_PERMS_DEFAULT}
+
+CONFIGURE_ARGS=	--enable-swtok --enable-tpmtok \
+		--disable-crtok --disable-aeptok \
+		--disable-ccatok --disable-bcomtok \
+		--disable-pkcscca_migrate \
+		--libdir=${PREFIX}/lib \
+		--sbindir=${PREFIX}/sbin \
+		--localstatedir=${PREFIX}/var \
+		--with-pkcs11user=${USERS} \
+		--with-pkcs11group=${GROUPS}
+CONFIGURE_ENV=	LDFLAGS="${LDFLAGS} -L${LOCALBASE}/lib"
+
+.include <bsd.port.pre.mk>
+
+CFLAGS+=	-I${LOCALBASE}/include
+
+pre-configure:
+	@cd ${WRKSRC} && ${SETENV} ${CONFIGURE_ENV} ${ACLOCAL}
+	@cd ${WRKSRC} && ${SETENV} ${CONFIGURE_ENV} ${LIBTOOLIZE} --force -c
+	@cd ${WRKSRC} && ${SETENV} ${CONFIGURE_ENV} ${AUTOMAKE} --add-missing -c
+	@cd ${WRKSRC} && ${SETENV} ${CONFIGURE_ENV} ${AUTOCONF}
+
+post-install:
+	@cd ${PREFIX}/lib && ${LN} -s opencryptoki/libopencryptoki* .
+	@${CAT} ${PKGMESSAGE}
+
+.include <bsd.port.post.mk>
diff --git a/security/opencryptoki/distinfo b/security/opencryptoki/distinfo
new file mode 100644
index 000000000000..7abfdc949951
--- /dev/null
+++ b/security/opencryptoki/distinfo
@@ -0,0 +1,2 @@
+SHA256 (opencryptoki-2.3.2.tar.bz2) = 44fdf74a9eab2586240a69779c5c323e8378e8f2fde21cd4f8bd9186a24c30f7
+SIZE (opencryptoki-2.3.2.tar.bz2) = 665134
diff --git a/security/opencryptoki/files/patch-configure.in b/security/opencryptoki/files/patch-configure.in
new file mode 100644
index 000000000000..df7e9e90737d
--- /dev/null
+++ b/security/opencryptoki/files/patch-configure.in
@@ -0,0 +1,59 @@
+--- configure.in.orig	2010-07-29 21:28:41.000000000 +0900
++++ configure.in	2010-10-20 01:31:02.971984782 +0900
+@@ -8,6 +8,9 @@
+ 
+ AM_INIT_AUTOMAKE([foreign 1.6])
+ 
++AC_DEFINE(_BSD_SOURCE, 1, BSD functions)
++AC_DEFINE(__BSD_VISIBLE, 1, BSD extensions)
++
+ dnl Get the canonical host type
+ AC_CANONICAL_TARGET
+ 
+@@ -30,6 +33,7 @@
+ AC_FUNC_STRFTIME
+ AC_FUNC_VPRINTF
+ AC_CHECK_FUNCS([getcwd])
++AC_CHECK_FUNCS([asprintf])
+ 
+ dnl Used in various scripts
+ AC_PATH_PROG([ID], [id], [/us/bin/id])
+@@ -193,6 +197,21 @@
+ 	[],
+ 	[with_xcryptolinz=check])
+ 
++dnl --- check for pkcs11 user
++AC_ARG_WITH([pkcs11user],
++	AC_HELP_STRING([--with-pkcs11user[[=USER]]], [set pkcs11 user [[pkcs11]]]),
++        [pkcs11_user=$withval],
++        [pkcs11_user=pkcs11])
++
++dnl --- check for pkcs11 group
++AC_ARG_WITH(pkcs11group,
++	AC_HELP_STRING([--with-pkcs11group[[=GROUP]]], [set pkcs11 group [[pkcs11]]]),
++	[pkcs11_group=$withval],
++	[pkcs11_group=pkcs11])
++
++AC_SUBST(PKCS11USER, $pkcs11_user)
++AC_SUBST(PKCS11GROUP, $pkcs11_group)
++
+ dnl ---
+ dnl ---
+ dnl --- Now that we have all the options, let's check for a valid build
+@@ -630,11 +649,15 @@
+ 
+ CFLAGS="$CFLAGS $DEBUG_CFLAGS -DPKCS64 -D_XOPEN_SOURCE=500"
+ 
+-CFLAGS+=' -DCONFIG_PATH=\"$(localstatedir)/lib/opencryptoki\" -DSBIN_PATH=\"$(sbindir)\" -DLIB_PATH=\"$(libdir)\"'
++CFLAGS="$CFLAGS -DCONFIG_PATH='\"$localstatedir/lib/opencryptoki\"' -DSBIN_PATH='\"$sbindir\"' -DLIB_PATH='\"$libdir\"'"
++
++CFLAGS="$CFLAGS -DPKCS11USER='\"${pkcs11_user}\"' -DPKCS11GROUP='\"${pkcs11_group}\"'"
+ 
+ # At this point, CFLAGS is set to something sensible
+ AC_PROG_CC
+ 
++AC_SUBST(FPIC, $lt_prog_compiler_pic)
++
+ AC_OUTPUT([Makefile usr/Makefile \
+           usr/include/Makefile \
+           usr/include/pkcs11/Makefile \
diff --git a/security/opencryptoki/files/patch-usr-include-pkcs11-apictl.h b/security/opencryptoki/files/patch-usr-include-pkcs11-apictl.h
new file mode 100644
index 000000000000..192c312b5063
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-include-pkcs11-apictl.h
@@ -0,0 +1,11 @@
+--- usr/include/pkcs11/apictl.h.orig	2010-07-29 21:28:41.000000000 +0900
++++ usr/include/pkcs11/apictl.h	2010-10-19 23:42:04.580983829 +0900
+@@ -296,7 +296,7 @@
+ 
+ 
+ #include <pkcs11types.h>
+-#include <linux/limits.h>
++#include <limits.h>
+ #include <local_types.h>
+ #include <stdll.h>
+ #include <slotmgr.h>
diff --git a/security/opencryptoki/files/patch-usr-include-pkcs11-slotmgr.h b/security/opencryptoki/files/patch-usr-include-pkcs11-slotmgr.h
new file mode 100644
index 000000000000..ce9be4e17b33
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-include-pkcs11-slotmgr.h
@@ -0,0 +1,11 @@
+--- usr/include/pkcs11/slotmgr.h.orig	2010-07-29 21:28:41.000000000 +0900
++++ usr/include/pkcs11/slotmgr.h	2010-10-19 23:42:55.423984058 +0900
+@@ -301,7 +301,7 @@
+ 
+ 
+ #include <pkcs11types.h>
+-#include <linux/limits.h>
++#include <limits.h>
+ #include <local_types.h>
+ #include <pthread.h>
+ 
diff --git a/security/opencryptoki/files/patch-usr-include-pkcs11-stdll.h b/security/opencryptoki/files/patch-usr-include-pkcs11-stdll.h
new file mode 100644
index 000000000000..8ee112945d9e
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-include-pkcs11-stdll.h
@@ -0,0 +1,11 @@
+--- usr/include/pkcs11/stdll.h.orig	2010-07-29 21:28:41.000000000 +0900
++++ usr/include/pkcs11/stdll.h	2010-10-19 23:43:40.418984281 +0900
+@@ -302,7 +302,7 @@
+ 
+ 
+ #include <pkcs11types.h>
+-#include <linux/limits.h>
++#include <limits.h>
+ #include <local_types.h>
+ #include <slotmgr.h>
+ 
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-aep_stdll-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-aep_stdll-Makefile.am
new file mode 100644
index 000000000000..424ea1b8c461
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-aep_stdll-Makefile.am
@@ -0,0 +1,11 @@
+--- usr/lib/pkcs11/aep_stdll/Makefile.am.orig	2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/aep_stdll/Makefile.am	2010-10-19 23:45:36.945982287 +0900
+@@ -6,7 +6,7 @@
+ 
+ # Not all versions of automake observe libname_CFLAGS
+ opencryptoki_stdll_libpkcs11_aep_la_CFLAGS = -DSPINXPL -DDEV		\
+--D_THREAD_SAFE -fPIC -DSHALLOW=0 -DSWTOK=1 -DLITE=0 -DNOCDMF -DNOMD2	\
++-D_THREAD_SAFE $(FPIC) -DSHALLOW=0 -DSWTOK=1 -DLITE=0 -DNOCDMF -DNOMD2	\
+ -DNODSA -DDEBUGON -DAEP_GENERIC -DNORIPE -DSTDLL_NAME=\"aeptok\"
+ 
+ opencryptoki_stdll_libpkcs11_aep_la_SOURCES = ../common/asn1.c		\
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-api-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-Makefile.am
new file mode 100644
index 000000000000..caf3d7e49ff1
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-Makefile.am
@@ -0,0 +1,18 @@
+--- usr/lib/pkcs11/api/Makefile.am.orig	2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/api/Makefile.am	2010-10-19 23:49:45.125982519 +0900
+@@ -4,13 +4,13 @@
+ SO_REVISION=0
+ SO_AGE=0
+ 
+-opencryptoki_libopencryptoki_la_LDFLAGS = -shared -Wl,-Bsymbolic -lc -ldl \
++opencryptoki_libopencryptoki_la_LDFLAGS = -shared -Wl,-Bsymbolic -lc \
+ 					  -lpthread -version-info         \
+ 					  $(SO_CURRENT):$(SO_REVISION):$(SO_AGE)
+ 
+ # Not all versions of automake observe libname_CFLAGS
+ opencryptoki_libopencryptoki_la_CFLAGS = -DSPINXPL -DAPI -DDEV -D_THREAD_SAFE \
+-					 -fPIC -I../. -I../../../include/pkcs11
++					 $(FPIC) -I../. -I../../../include/pkcs11
+ 
+ opencryptoki_libopencryptoki_la_SOURCES = api_interface.c shrd_mem.c apiutil.c
+ 
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-api-api_interface.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-api_interface.c
new file mode 100644
index 000000000000..e8dc61475253
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-api_interface.c
@@ -0,0 +1,35 @@
+--- usr/lib/pkcs11/api/api_interface.c.orig	2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/api/api_interface.c	2010-10-19 23:52:25.355983620 +0900
+@@ -2390,7 +2390,7 @@
+ C_GetFunctionList ( CK_FUNCTION_LIST_PTR_PTR ppFunctionList )
+ {
+ 
+-   _init();
++   api_init();
+    
+    LOG("C_GetFunctionList");
+    FuncList.version.major = VERSION_MAJOR;
+@@ -5168,7 +5168,11 @@
+ 
+ }
+ 
++#ifdef __sun
++#pragma init(api_init)
++#else
+ void api_init(void) __attribute__((constructor));
++#endif
+ 
+ void
+ api_init(void)
+@@ -5194,7 +5198,11 @@
+ 
+ }
+ 
++#ifdef __sun
++#pragma fini(api_fini)
++#else
+ void api_fini(void) __attribute__((destructor));
++#endif
+ 
+ void
+ api_fini()
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-api-apiutil.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-apiutil.c
new file mode 100644
index 000000000000..350878557631
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-apiutil.c
@@ -0,0 +1,44 @@
+--- usr/lib/pkcs11/api/apiutil.c.orig	2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/api/apiutil.c	2010-10-19 23:54:52.374982634 +0900
+@@ -305,10 +305,10 @@
+ #include <string.h>
+ #include <strings.h>
+ #include <unistd.h>
+-#include <alloca.h>
+ #include <dlfcn.h>
+ #include <errno.h>
+ #include <sys/syslog.h>
++#include <limits.h>
+ 
+ #include <sys/ipc.h>
+ 
+@@ -325,10 +325,28 @@
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <fcntl.h>
+-#include <sys/file.h>
+ static int xplfd=-1;
+ #endif
+ 
++#ifdef __sun
++#define	LOCK_EX	F_LOCK
++#define	LOCK_UN	F_ULOCK
++#define	flock(fd, func)	lockf(fd, func, 0)
++#endif
++
++#ifndef	LOCK_SH
++#define	LOCK_SH	1	/* shared lock */
++#endif
++#ifndef	LOCK_EX
++#define	LOCK_EX	2	/* exclusive lock */
++#endif
++#ifndef	LOCK_NB
++#define	LOCK_NB	4	/* don't block when locking */
++#endif
++#ifndef	LOCK_UN
++#define	LOCK_UN	8	/* unlock */
++#endif
++
+ #include <libgen.h>
+ 
+ #define LIBLOCATION  LIB_PATH
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-api-shrd_mem.c.in b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-shrd_mem.c.in
new file mode 100644
index 000000000000..f615f1f34a35
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-shrd_mem.c.in
@@ -0,0 +1,11 @@
+--- usr/lib/pkcs11/api/shrd_mem.c.in.orig	2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/api/shrd_mem.c.in	2010-10-19 23:56:22.728981736 +0900
+@@ -353,7 +353,7 @@
+ 
+ 
+    // SAB check for the group id here and membership here as well
+-   grp = getgrnam("pkcs11");
++   grp = getgrnam(PKCS11GROUP);
+    if ( grp ) {
+         int i=0;
+         char member=0;
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-bcom_stdll-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-bcom_stdll-Makefile.am
new file mode 100644
index 000000000000..30c7b7da9d91
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-bcom_stdll-Makefile.am
@@ -0,0 +1,11 @@
+--- usr/lib/pkcs11/bcom_stdll/Makefile.am.orig	2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/bcom_stdll/Makefile.am	2010-10-19 23:57:38.434983522 +0900
+@@ -8,7 +8,7 @@
+ 
+ # Not all versions of automake observe libname_CFLAGS
+ opencryptoki_stdll_libpkcs11_bc_la_CFLAGS = -DSPINXPL -DDEV		\
+--D_THREAD_SAFE -fPIC $(VARIANT) -DNOCDMF -DNOMD2 -DNODSA -DNOAES	\
++-D_THREAD_SAFE $(FPIC) $(VARIANT) -DNOCDMF -DNOMD2 -DNODSA -DNOAES	\
+ -DNODH -DDEBUGON -DNORIPE -DSTDLL_NAME=\"bcomtok\"
+ 
+ opencryptoki_stdll_libpkcs11_bc_la_SOURCES = ../common/asn1.c	\
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-host_defs.h b/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-host_defs.h
new file mode 100644
index 000000000000..4db0453f3d2c
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-host_defs.h
@@ -0,0 +1,27 @@
+--- usr/lib/pkcs11/cca_stdll/host_defs.h.orig	2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/cca_stdll/host_defs.h	2010-10-19 23:59:33.363984758 +0900
+@@ -10,13 +10,24 @@
+  */
+ 
+ 
++#include <sys/types.h>
+ #include <sys/mman.h>
+ #ifndef _HOST_DEFS_H
+ #define _HOST_DEFS_H
+ 
+ #include <semaphore.h>
+ #include <pthread.h>
++#if defined(__OpenBSD__) || defined(__FreeBSD__)
++#include <sys/endian.h>
++#ifdef	_BYTE_ORDER
++#define	__BYTE_ORDER	_BYTE_ORDER
++#endif
++#ifdef	_LITTLE_ENDIAN
++#define	__LITTLE_ENDIAN	_LITTLE_ENDIAN
++#endif
++#else
+ #include <endian.h>
++#endif
+ 
+ #include "pkcs32.h"
+ // Both of the strings below have a length of 32 chars and must be
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-loadsave.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-loadsave.c
new file mode 100644
index 000000000000..fd6dc631209f
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-loadsave.c
@@ -0,0 +1,23 @@
+--- usr/lib/pkcs11/cca_stdll/loadsave.c.orig	2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/cca_stdll/loadsave.c	2010-10-20 01:49:50.769984323 +0900
+@@ -22,11 +22,9 @@
+ #include <string.h>
+ #include <strings.h>
+ #include <unistd.h>
+-#include <alloca.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <sys/ipc.h>
+-#include <sys/file.h>
+ #include <errno.h>
+ 
+ #include <pwd.h>
+@@ -51,7 +49,7 @@
+    // Set absolute permissions or rw-rw-r--
+    fchmod(file,S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH);
+ 
+-   grp = getgrnam("pkcs11"); // Obtain the group id
++   grp = getgrnam(PKCS11GROUP); // Obtain the group id
+    if (grp){
+ 	   fchown(file,getuid(),grp->gr_gid);  // set ownership to root, and pkcs11 group
+    }
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-new_host.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-new_host.c
new file mode 100644
index 000000000000..c00cf212bad4
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-new_host.c
@@ -0,0 +1,52 @@
+--- usr/lib/pkcs11/cca_stdll/new_host.c.orig	2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/cca_stdll/new_host.c	2010-10-20 00:06:26.575983974 +0900
+@@ -298,7 +298,7 @@
+ 		struct group *grp;
+ 		int   rc = 0;
+ 		gid_t  gid,egid;
+-		grp = getgrnam("pkcs11");
++		grp = getgrnam(PKCS11GROUP);
+ 		if (grp) {
+ 			// Check for member of group..
+ 			// SAB get login seems to not work with some
+@@ -786,7 +786,19 @@
+ 	//
+ 	object_mgr_destroy_token_objects();
+ #if 0 /* TODO: Implement delete_all_files_in_dir() */
++#if HAVE_ASPRINTF
+ 	local_rc = asprintf(&pk_full_path, "%s/%s", pk_dir, PK_LITE_OBJ_DIR);
++#else
++	pk_full_path = malloc(1024);
++	if( pk_full_path != NULL ) {
++		local_rc = snprintf(pk_full_path, 1023, "%s/%s",
++				pk_dir, PK_LITE_OBJ_DIR);
++		if( local_rc == -1 ) free(pk_full_path);
++	}
++	else {
++		local_rc = -1;
++	}
++#endif
+ 	if (local_rc == -1) {
+ 		rc = CKR_HOST_MEMORY;
+ 		goto out;
+@@ -797,8 +809,20 @@
+ 		goto out;
+ 	}
+ #endif
++#if HAVE_ASPRINTF
+ 	local_rc = asprintf(&s, "%s %s/%s/* > /dev/null 2>&1", DEL_CMD, pk_dir,
+ 			    PK_LITE_OBJ_DIR);
++#else
++	s = malloc(1024);
++	if( s != NULL ) {
++		local_rc = snprintf(s, 1023, "%s %s/%s/* > /dev/null 2>&1",
++				DEL_CMD, pk_dir, PK_LITE_OBJ_DIR);
++		if( local_rc == -1 ) free(s);
++	}
++	else {
++		local_rc = -1;
++	}
++#endif
+ 	if (local_rc == -1) {
+ 		rc = CKR_HOST_MEMORY;
+ 		goto out;
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-tok_spec_struct.h b/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-tok_spec_struct.h
new file mode 100644
index 000000000000..302deaba508e
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-tok_spec_struct.h
@@ -0,0 +1,15 @@
+--- usr/lib/pkcs11/cca_stdll/tok_spec_struct.h.orig	2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/cca_stdll/tok_spec_struct.h	2010-10-20 00:08:00.317982423 +0900
+@@ -22,9 +22,9 @@
+ #define _TOK_SPECIFIC_STRUCT
+ 
+ struct token_specific_struct{
+-   CK_BYTE  token_directory[2048];  // Used to be in the token_local.h as a #def
+-   CK_BYTE  token_subdir[2048];     // subdirectory
+-   CK_BYTE  token_debug_tag[2048];  // debug logging tag
++   CK_BYTE  *token_directory;  // Used to be in the token_local.h as a #def
++   CK_BYTE  *token_subdir;     // subdirectory
++   CK_BYTE  *token_debug_tag;  // debug logging tag
+ 
+    CK_RV  (*t_init)(char *,CK_SLOT_ID);             // Initialization function
+    int  (*t_slot2local)();       // convert the PKCS#11 slot to a local index
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-host_defs.h b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-host_defs.h
new file mode 100644
index 000000000000..d111bf5e002f
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-host_defs.h
@@ -0,0 +1,27 @@
+--- usr/lib/pkcs11/common/host_defs.h.orig	2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/common/host_defs.h	2010-10-20 00:10:01.398983092 +0900
+@@ -294,13 +294,24 @@
+ /* (C) COPYRIGHT International Business Machines Corp. 2001,2002          */
+ 
+ 
++#include <sys/types.h>
+ #include <sys/mman.h>
+ #ifndef _HOST_DEFS_H
+ #define _HOST_DEFS_H
+ 
+ #include <semaphore.h>
+ #include <pthread.h>
++#if defined(__OpenBSD__) || defined(__FreeBSD__)
++#include <sys/endian.h>
++#ifdef	_BYTE_ORDER
++#define	__BYTE_ORDER	_BYTE_ORDER
++#endif
++#ifdef	_LITTLE_ENDIAN
++#define	__LITTLE_ENDIAN	_LITTLE_ENDIAN
++#endif
++#else
+ #include <endian.h>
++#endif
+ 
+ #include "pkcs32.h"
+ // Both of the strings below have a length of 32 chars and must be
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-loadsave.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-loadsave.c
new file mode 100644
index 000000000000..f213b304b0a8
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-loadsave.c
@@ -0,0 +1,23 @@
+--- usr/lib/pkcs11/common/loadsave.c.orig	2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/common/loadsave.c	2010-10-20 00:11:28.399983780 +0900
+@@ -301,11 +301,9 @@
+ #include <string.h>
+ #include <strings.h>
+ #include <unistd.h>
+-#include <alloca.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <sys/ipc.h>
+-#include <sys/file.h>
+ #include <errno.h>
+ 
+ #include <pwd.h>
+@@ -328,7 +326,7 @@
+    // Set absolute permissions or rw-rw-r--
+    fchmod(file,S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH);
+ 
+-   grp = getgrnam("pkcs11"); // Obtain the group id
++   grp = getgrnam(PKCS11GROUP); // Obtain the group id
+    if (grp){
+ 	   fchown(file,getuid(),grp->gr_gid);  // set ownership to root, and pkcs11 group
+    }
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-new_host.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-new_host.c
new file mode 100644
index 000000000000..0c1cc783c420
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-new_host.c
@@ -0,0 +1,52 @@
+--- usr/lib/pkcs11/common/new_host.c.orig	2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/common/new_host.c	2010-10-20 00:16:08.274985517 +0900
+@@ -576,7 +576,7 @@
+ 		struct group *grp;
+ 		int   rc = 0;
+ 		gid_t  gid,egid;
+-		grp = getgrnam("pkcs11");
++		grp = getgrnam(PKCS11GROUP);
+ 		if (grp) {
+ 			// Check for member of group..
+ 			// SAB get login seems to not work with some
+@@ -1064,7 +1064,19 @@
+ 	//
+ 	object_mgr_destroy_token_objects();
+ #if 0 /* TODO: Implement delete_all_files_in_dir() */
++#if HAVE_ASPRINTF
+ 	local_rc = asprintf(&pk_full_path, "%s/%s", pk_dir, PK_LITE_OBJ_DIR);
++#else
++	pk_full_path = malloc(1024);
++	if( pk_full_path != NULL ) {
++		local_rc = snprintf(pk_full_path, 1023, "%s/%s",
++				pk_dir, PK_LITE_OBJ_DIR);
++		if( local_rc == -1 ) free(pk_full_path);
++	}
++	else {
++		local_rc = -1;
++	}
++#endif
+ 	if (local_rc == -1) {
+ 		rc = CKR_HOST_MEMORY;
+ 		goto out;
+@@ -1075,8 +1087,20 @@
+ 		goto out;
+ 	}
+ #endif
++#if HAVE_ASPRINTF
+ 	local_rc = asprintf(&s, "%s %s/%s/* > /dev/null 2>&1", DEL_CMD, pk_dir,
+ 			    PK_LITE_OBJ_DIR);
++#else
++	s = malloc(1024);
++	if( s != NULL ) {
++		local_rc = snprintf(s, 1023, "%s %s/%s/* > /dev/null 2>&1",
++				DEL_CMD, pk_dir, PK_LITE_OBJ_DIR);
++		if( local_rc == -1 ) free(s);
++	}
++	else {
++		local_rc = -1;
++	}
++#endif
+ 	if (local_rc == -1) {
+ 		rc = CKR_HOST_MEMORY;
+ 		goto out;
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-tok_spec_struct.h b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-tok_spec_struct.h
new file mode 100644
index 000000000000..bcbfff0dd613
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-tok_spec_struct.h
@@ -0,0 +1,15 @@
+--- usr/lib/pkcs11/common/tok_spec_struct.h.orig	2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/common/tok_spec_struct.h	2010-10-20 00:17:28.288984976 +0900
+@@ -308,9 +308,9 @@
+ #define _TOK_SPECIFIC_STRUCT
+ 
+ struct token_specific_struct{
+-   CK_BYTE  token_directory[PATH_MAX];  // Used to be in the token_local.h as a #def
+-   CK_BYTE  token_subdir[PATH_MAX];     // subdirectory
+-   CK_BYTE  token_debug_tag[PATH_MAX];  // debug logging tag
++   CK_BYTE  *token_directory;  // Used to be in the token_local.h as a #def
++   CK_BYTE  *token_subdir;     // subdirectory
++   CK_BYTE  *token_debug_tag;  // debug logging tag
+ 
+    CK_RV  (*t_init)(char *,CK_SLOT_ID);             // Initialization function
+    int  (*t_slot2local)();       // convert the PKCS#11 slot to a local index
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-utility.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-utility.c
new file mode 100644
index 000000000000..77e821c60edc
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-utility.c
@@ -0,0 +1,29 @@
+--- usr/lib/pkcs11/common/utility.c.orig	2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/common/utility.c	2010-10-20 00:19:02.740983592 +0900
+@@ -302,6 +302,26 @@
+ #include <errno.h>
+ #include <pwd.h>
+ 
++#include <fcntl.h>
++
++#ifdef __sun
++#define	LOCK_EX	F_LOCK
++#define	LOCK_UN	F_ULOCK
++#define	flock(fd, func)	lockf(fd, func, 0)
++#endif
++
++#ifndef	LOCK_SH
++#define	LOCK_SH	1	/* shared lock */
++#endif
++#ifndef	LOCK_EX
++#define	LOCK_EX	2	/* exclusive lock */
++#endif
++#ifndef	LOCK_NB
++#define	LOCK_NB	4	/* don't block when locking */
++#endif
++#ifndef	LOCK_UN
++#define	LOCK_UN	8	/* unlock */
++#endif
+ 
+ #include "pkcs11types.h"
+ #include "defs.h"
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-cr_stdll-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-cr_stdll-Makefile.am
new file mode 100644
index 000000000000..dbf0a2ff35ce
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-cr_stdll-Makefile.am
@@ -0,0 +1,18 @@
+--- usr/lib/pkcs11/cr_stdll/Makefile.am.orig	2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/cr_stdll/Makefile.am	2010-10-20 00:20:46.987982761 +0900
+@@ -2,13 +2,13 @@
+ 
+ opencryptoki_stdll_libpkcs11_cr_la_LDFLAGS = $(LCRYPTO) $(CR_LIB_DIRS)	\
+ -nostartfiles -shared -Wl,-Bsymbolic -Wl,-soname,PKCS11_BC.so.1 -lc	\
+--lpthread -lsocketarmor -ldl -lcrypto
++-lpthread -lsocketarmor -lcrypto
+ 
+ VARIANT = -DSHALLOW=0 -DSWTOK=1 -DLITE=0
+ 
+ # Not all versions of automake observe libname_CFLAGS
+ opencryptoki_stdll_libpkcs11_cr_la_CFLAGS = -DSPINXPL -DDEV		\
+--D_THREAD_SAFE -fPIC $(VARIANT) -DNOCDMF -DNOMD2 -DNODSA -DDEBUGON
++-D_THREAD_SAFE $(FPIC) $(VARIANT) -DNOCDMF -DNOMD2 -DNODSA -DDEBUGON
+ 
+ opencryptoki_stdll_libpkcs11_cr_la_SOURCES = ../common/asn1.c	\
+ ../common/cert.c ../common/hwf_obj.c ../common/dp_obj.c		\
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_s390_stdll-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_s390_stdll-Makefile.am
new file mode 100644
index 000000000000..3dbaac74a518
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_s390_stdll-Makefile.am
@@ -0,0 +1,16 @@
+--- usr/lib/pkcs11/ica_s390_stdll/Makefile.am.orig	2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/ica_s390_stdll/Makefile.am	2010-10-20 00:22:00.867981839 +0900
+@@ -2,11 +2,11 @@
+ 
+ opencryptoki_stdll_libpkcs11_ica_la_LDFLAGS = $(LCRYPTO)		\
+ $(ICA_LIB_DIRS) -nostartfiles -shared -Wl,-Bsymbolic -Wl,-soname,$@	\
+--Wl,-Bsymbolic -lc -lpthread -lica -ldl -lcrypto
++-Wl,-Bsymbolic -lc -lpthread -lica -lcrypto
+ 
+ # Not all versions of automake observe libname_CFLAGS
+ opencryptoki_stdll_libpkcs11_ica_la_CFLAGS = -DSPINXPL -DDEV		\
+--D_THREAD_SAFE -fPIC -DSHALLOW=0 -DSWTOK=0 -DLITE=1 -DNODH 		\
++-D_THREAD_SAFE $(FPIC) -DSHALLOW=0 -DSWTOK=0 -DLITE=1 -DNODH 		\
+ -DNOCDMF -DNOMD2 -DNODSA -DSTDLL_NAME=\"icatok\"
+ 
+ opencryptoki_stdll_libpkcs11_ica_la_SOURCES = ../common/asn1.c	\
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_stdll-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_stdll-Makefile.am
new file mode 100644
index 000000000000..6d41bd3d8b03
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_stdll-Makefile.am
@@ -0,0 +1,21 @@
+--- usr/lib/pkcs11/ica_stdll/Makefile.am.orig	2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/ica_stdll/Makefile.am	2010-10-20 00:23:51.161996275 +0900
+@@ -2,15 +2,15 @@
+ 
+ opencryptoki_stdll_libpkcs11_ica_la_LDFLAGS = $(LCRYPTO)	\
+ $(ICA_LIB_DIRS) -nostartfiles -shared -Wl,-Bsymbolic		\
+--Wl,-soname,PKCS11_ICA.so.1 -lc -lpthread -ldl -lica
++-Wl,-soname,PKCS11_ICA.so.1 -lc -lpthread -lica
+ 
+ # Not all versions of automake observe libname_CFLAGS
+ opencryptoki_stdll_libpkcs11_ica_la_CFLAGS = -DSPINXPL -DDEV		\
+--D_THREAD_SAFE -fPIC -DSHALLOW=0 -DSWTOK=0 -DLITE=1 -DNOCDMF -DNOMD2	\
++-D_THREAD_SAFE $(FPIC) -DSHALLOW=0 -DSWTOK=0 -DLITE=1 -DNOCDMF -DNOMD2	\
+ -DNODSA -DNOAES -DNODH -DNORIPE -DSTDLL_NAME=\"icatok\"
+ 
+ # Not all versions of automake observe libname_CFLAGS
+-AM_CFLAGS = -DSPINXPL -DDEV -D_THREAD_SAFE -fPIC -DSHALLOW=0 -DSWTOK=0	\
++AM_CFLAGS = -DSPINXPL -DDEV -D_THREAD_SAFE $(FPIC) -DSHALLOW=0 -DSWTOK=0 \
+ -DLITE=1 -DNOCDMF -DNOMD2 -DNODSA -DNOAES -DNODH -DNORIPE
+ 
+ opencryptoki_stdll_libpkcs11_ica_la_SOURCES= ../common/asn1.c	\
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-Makefile.am
new file mode 100644
index 000000000000..056d26b6f727
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-Makefile.am
@@ -0,0 +1,11 @@
+--- usr/lib/pkcs11/soft_stdll/Makefile.am.orig	2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/soft_stdll/Makefile.am	2010-10-20 00:25:03.227984225 +0900
+@@ -7,7 +7,7 @@
+ opencryptoki_stdll_libpkcs11_sw_la_CFLAGS = -DSPINXPL -DDEV -D_THREAD_SAFE  \
+ 					    -DSHALLOW=0 -DSWTOK=1 -DLITE=0  \
+ 					    -DNOCDMF -DNOMD2 -DNODSA -DNORIPE	    \
+-					    -DDEBUGON -fPIC		    \
++					    -DDEBUGON $(FPIC)		    \
+ 					    -I/usr/include -I.		    \
+ 					    -I../../../include/pkcs11/stdll \
+ 					    -I../../../include/pkcs11	    \
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-host_defs.h b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-host_defs.h
new file mode 100644
index 000000000000..dcbdda52666c
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-host_defs.h
@@ -0,0 +1,28 @@
+--- usr/lib/pkcs11/tpm_stdll/host_defs.h.orig	2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/tpm_stdll/host_defs.h	2010-10-20 00:26:48.474982648 +0900
+@@ -2,13 +2,25 @@
+ /* (C) COPYRIGHT International Business Machines Corp. 2001, 2002, 2005*/
+ 
+ 
++#include <sys/types.h>
+ #include <sys/mman.h>
+ #ifndef _HOST_DEFS_H
+ #define _HOST_DEFS_H
+ 
+ #include <semaphore.h>
+ #include <pthread.h>
++
++#if defined(__OpenBSD__) || defined(__FreeBSD__)
++#include <sys/endian.h>
++#ifdef	_BYTE_ORDER
++#define	__BYTE_ORDER	_BYTE_ORDER
++#endif
++#ifdef	_LITTLE_ENDIAN
++#define	__LITTLE_ENDIAN	_LITTLE_ENDIAN
++#endif
++#else
+ #include <endian.h>
++#endif
+ 
+ #include "pkcs32.h"
+ // Both of the strings below have a length of 32 chars and must be
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-loadsave.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-loadsave.c
new file mode 100644
index 000000000000..7144ab0d4f51
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-loadsave.c
@@ -0,0 +1,11 @@
+--- usr/lib/pkcs11/tpm_stdll/loadsave.c.orig	2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/tpm_stdll/loadsave.c	2010-10-20 00:27:47.109983972 +0900
+@@ -339,7 +339,7 @@
+    fchmod(file,S_IRUSR|S_IWUSR);
+ 
+ #if 0
+-   grp = getgrnam("pkcs11"); // Obtain the group id
++   grp = getgrnam(PKCS11GROUP); // Obtain the group id
+    if (grp){
+       fchown(file,getuid(),grp->gr_gid);  // set ownership to root, and pkcs11 group
+    }
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-new_host.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-new_host.c
new file mode 100644
index 000000000000..b89f2b1ecb78
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-new_host.c
@@ -0,0 +1,11 @@
+--- usr/lib/pkcs11/tpm_stdll/new_host.c.orig	2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/tpm_stdll/new_host.c	2010-10-20 00:29:17.108984288 +0900
+@@ -356,7 +356,7 @@
+ 		int   rc = 0;
+ 		int   index = 0;
+ 		gid_t  gid,egid;
+-		grp = getgrnam("pkcs11");
++		grp = getgrnam(PKCS11GROUP);
+ 		if ( grp ) {
+ 			// Check for member of group..
+ 
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-tok_spec_struct.h b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-tok_spec_struct.h
new file mode 100644
index 000000000000..c49362f92053
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-tok_spec_struct.h
@@ -0,0 +1,15 @@
+--- usr/lib/pkcs11/tpm_stdll/tok_spec_struct.h.orig	2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/tpm_stdll/tok_spec_struct.h	2010-10-20 00:30:22.991986453 +0900
+@@ -33,9 +33,9 @@
+ #define _TOK_SPECIFIC_STRUCT
+ 
+ struct token_specific_struct{
+-   CK_BYTE  token_directory[PATH_MAX];  // Used to be in the token_local.h as a #def
+-   CK_BYTE  token_subdir[PATH_MAX];     // subdirectory
+-   CK_BYTE  token_debug_tag[PATH_MAX];  // debug logging tag
++   CK_BYTE  *token_directory;  // Used to be in the token_local.h as a #def
++   CK_BYTE  *token_subdir;     // subdirectory
++   CK_BYTE  *token_debug_tag;  // debug logging tag
+ 
+    CK_RV  (*t_init)(char *,CK_SLOT_ID);             // Initialization function
+    int  (*t_slot2local)();       // convert the PKCS#11 slot to a local index
diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-utility.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-utility.c
new file mode 100644
index 000000000000..db9dc344854e
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-utility.c
@@ -0,0 +1,30 @@
+--- usr/lib/pkcs11/tpm_stdll/utility.c.orig	2010-07-29 21:28:41.000000000 +0900
++++ usr/lib/pkcs11/tpm_stdll/utility.c	2010-10-20 00:33:02.810983787 +0900
+@@ -44,6 +44,27 @@
+ #include "tok_spec_struct.h"
+ #include "pkcs32.h"
+ 
++#include <fcntl.h>
++
++#ifdef __sun
++#define	LOCK_EX	F_LOCK
++#define	LOCK_UN	F_ULOCK
++#define	flock(fd, func)	lockf(fd, func, 0)
++#endif
++
++#ifndef	LOCK_SH
++#define	LOCK_SH	1	/* shared lock */
++#endif
++#ifndef	LOCK_EX
++#define	LOCK_EX	2	/* exclusive lock */
++#endif
++#ifndef	LOCK_NB
++#define	LOCK_NB	4	/* don't block when locking */
++#endif
++#ifndef	LOCK_UN
++#define	LOCK_UN	8	/* unlock */
++#endif
++
+ #if (SPINXPL)
+ #include <sys/file.h>
+ #endif
diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcs11_startup-Makefile.am b/security/opencryptoki/files/patch-usr-sbin-pkcs11_startup-Makefile.am
new file mode 100644
index 000000000000..5a4da539916b
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-sbin-pkcs11_startup-Makefile.am
@@ -0,0 +1,11 @@
+--- usr/sbin/pkcs11_startup/Makefile.am.orig	2010-07-29 21:28:41.000000000 +0900
++++ usr/sbin/pkcs11_startup/Makefile.am	2010-10-22 00:59:30.397048865 +0900
+@@ -12,6 +12,8 @@
+ 		-e s!\@ID\@!"@ID@"!g				\
+ 		-e s!\@CAT\@!"@CAT@"!g				\
+ 		-e s!\@SED\@!"@SED@"!g				\
++		-e s!\@PKCS11USER\@!"@PKCS11USER@"!g		\
++		-e s!\@PKCS11GROUP\@!"@PKCS11GROUP@"!g		\
+ 		-e s!\@GROUPADD\@!"@GROUPADD@"!g		\
+ 		-e s!\@USERMOD\@!"@USERMOD@"!g < $< > $@-t
+ 	@CHMOD@ +x $@-t
diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcs11_startup-pkcs11_startup.in b/security/opencryptoki/files/patch-usr-sbin-pkcs11_startup-pkcs11_startup.in
new file mode 100644
index 000000000000..eab5c2b3b78a
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-sbin-pkcs11_startup-pkcs11_startup.in
@@ -0,0 +1,41 @@
+--- usr/sbin/pkcs11_startup/pkcs11_startup.in.orig	2010-07-29 21:28:41.000000000 +0900
++++ usr/sbin/pkcs11_startup/pkcs11_startup.in	2010-10-22 00:57:35.508983672 +0900
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/bin/sh
+ 
+ #
+ #
+@@ -310,29 +310,20 @@
+ 
+ 
+ # Create the pkcs11 group if it does not exist...
+-cat /etc/group|grep pkcs11 >/dev/null 2>&1
++cat /etc/group|grep @PKCS11GROUP@ >/dev/null 2>&1
+ rc=$?
+ if [ $rc = 1 ]
+ then
+    if [ -x @GROUPADD@ ]
+    then
+-	   @GROUPADD@ pkcs11 >/dev/null 2>&1
++	   @GROUPADD@ @PKCS11GROUP@ >/dev/null 2>&1
+ 
+    else
+-	   echo "Couldn't execute @GROUPADD@. Please add the group 'pkcs11' manually."
++	   echo "Couldn't execute @GROUPADD@. Please add the group '@PKCS11GROUP@' manually."
+    fi
+ fi
+ 
+ 
+-if [ -x @USERMOD@ -a -x @ID@ ]
+-then
+-	# add the pkcs group
+-	# replace spaces by commas
+-	@USERMOD@ -G $( @ID@ --groups --name root | @SED@ -e 'y/ /,/'),pkcs11  root
+-else
+-	echo "Couldn't execute @USERMOD@. Please add root to the group 'pkcs11' manually."
+-fi
+-
+ 
+ # For each card run the status command and if successful
+ # create the odm stanza for the file
diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcs_slot-pkcs_slot.in b/security/opencryptoki/files/patch-usr-sbin-pkcs_slot-pkcs_slot.in
new file mode 100644
index 000000000000..92446a0b6353
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-sbin-pkcs_slot-pkcs_slot.in
@@ -0,0 +1,142 @@
+--- usr/sbin/pkcs_slot/pkcs_slot.in.orig	2010-07-29 21:28:41.000000000 +0900
++++ usr/sbin/pkcs_slot/pkcs_slot.in	2010-10-22 00:42:38.286985256 +0900
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/bin/sh
+ 
+ #
+ #
+@@ -360,7 +360,7 @@
+ if [ ! -d @localstatedir@/lib/opencryptoki ]
+ then
+ 	@MKDIR_P@ @localstatedir@/lib/opencryptoki
+-        @CHGRP@ pkcs11 @localstatedir@/lib/opencryptoki
++        @CHGRP@ @PKCS11GROUP@ @localstatedir@/lib/opencryptoki
+ 	@CHMOD@ -R g+rwX @localstatedir@/lib/opencryptoki
+ fi
+ 
+@@ -372,9 +372,9 @@
+     if [ $? -ne 0 ]
+     then
+ 	mkdir  $SOFT_DIR
+-	@CHGRP@ pkcs11 $SOFT_DIR
++	@CHGRP@ @PKCS11GROUP@ $SOFT_DIR
+ 	mkdir "$SOFT_DIR"/TOK_OBJ
+-	@CHGRP@ pkcs11 "$SOFT_DIR"/TOK_OBJ
++	@CHGRP@ @PKCS11GROUP@ "$SOFT_DIR"/TOK_OBJ
+     fi
+     SYS_SLOT="Soft"
+ fi
+@@ -386,7 +386,7 @@
+     if [ $? -ne 0 ]
+     then
+ 	mkdir  $TPM_DIR
+-	@CHGRP@ pkcs11 $TPM_DIR
++	@CHGRP@ @PKCS11GROUP@ $TPM_DIR
+     fi
+     SYS_SLOT="TPM"
+ fi
+@@ -397,7 +397,7 @@
+     if [ $? -ne 0 ]
+     then
+        mkdir  $CCA_DIR
+-       @CHGRP@ pkcs11 $CCA_DIR
++       @CHGRP@ @PKCS11GROUP@ $CCA_DIR
+        mkdir "$CCA_DIR"/TOK_OBJ
+        @CHGRP@ pkcs11 "$CCA_DIR"/TOK_OBJ
+     fi
+@@ -406,7 +406,7 @@
+ 
+ # If we are using a shallow device, make sure that the directory
+ # to store token objects is available, if not create it and change
+-# the ownership to the pkcs11 group 
++# the ownership to the @PKCS11GROUP@ group 
+ 
+ 
+ if [ $DEPTH = "ica" ]
+@@ -415,9 +415,9 @@
+     if [ $? -ne 0 ]
+     then
+ 	mkdir  $ICA_DIR
+-	@CHGRP@ pkcs11 $ICA_DIR
++	@CHGRP@ @PKCS11GROUP@ $ICA_DIR
+ 	mkdir "$ICA_DIR"/TOK_OBJ
+-	@CHGRP@ pkcs11 "$ICA_DIR"/TOK_OBJ
++	@CHGRP@ @PKCS11GROUP@ "$ICA_DIR"/TOK_OBJ
+     fi
+     SYS_SLOT="ICA"
+ fi
+@@ -428,9 +428,9 @@
+     if [ $? -ne 0 ]
+     then
+ 	mkdir  $BCOM_DIR
+-	@CHGRP@ pkcs11 $BCOM_DIR
++	@CHGRP@ @PKCS11GROUP@ $BCOM_DIR
+ 	mkdir "$BCOM_DIR"/TOK_OBJ
+-	@CHGRP@ pkcs11 "$BCOM_DIR"/TOK_OBJ
++	@CHGRP@ @PKCS11GROUP@ "$BCOM_DIR"/TOK_OBJ
+     fi
+     SYS_SLOT="BCOM"
+ fi
+@@ -441,9 +441,9 @@
+     if [ $? -ne 0 ]
+     then
+ 	mkdir  $AEP_DIR
+-	@CHGRP@ pkcs11 $AEP_DIR
++	@CHGRP@ @PKCS11GROUP@ $AEP_DIR
+ 	mkdir "$AEP_DIR"/TOK_OBJ
+-	@CHGRP@ pkcs11 "$AEP_DIR"/TOK_OBJ
++	@CHGRP@ @PKCS11GROUP@ "$AEP_DIR"/TOK_OBJ
+     fi
+     SYS_SLOT="AEP"
+ fi
+@@ -454,9 +454,9 @@
+     if [ $? -ne 0 ]
+     then
+         mkdir  $CR_DIR
+-        @CHGRP@ pkcs11 $CR_DIR
++        @CHGRP@ @PKCS11GROUP@ $CR_DIR
+         mkdir "$CR_DIR"/TOK_OBJ
+-        @CHGRP@ pkcs11 "$CR_DIR"/TOK_OBJ
++        @CHGRP@ @PKCS11GROUP@ "$CR_DIR"/TOK_OBJ
+     fi
+     SYS_SLOT="CRNT"
+ fi
+@@ -477,29 +477,29 @@
+ 
+ if [ $DEPTH = "deep" ]
+ then
+-echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|$DEVICE|$DEEP4758_DLL_FN|$DEEP4758_INIT" >>$CFGFILE
++echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|$DEVICE|$DEEP4758_DLL|$DEEP4758_INIT" >>$CFGFILE
+ 
+ elif [ $DEPTH = "ica" ]
+ then
+-echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$ICA_DLL_FN|$ICA_INIT" >>$CFGFILE
++echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$ICA_DLL|$ICA_INIT" >>$CFGFILE
+ elif [ $DEPTH = "bcom" ]
+ then
+-echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$BCOM_DLL_FN|$BCOM_INIT" >>$CFGFILE
++echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$BCOM_DLL|$BCOM_INIT" >>$CFGFILE
+ elif [ $DEPTH = "aep" ]
+ then
+-echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$AEP_DLL_FN|$AEP_INIT" >>$CFGFILE
++echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$AEP_DLL|$AEP_INIT" >>$CFGFILE
+ elif [ $DEPTH = "cr" ]
+ then
+-echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$CR_DLL_FN|$CR_INIT" >>$CFGFILE
++echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$CR_DLL|$CR_INIT" >>$CFGFILE
+ elif [ $DEPTH = "soft" ]
+ then
+-echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|FALSE|0|0|1|1|NONE|$SOFT_DLL_FN|$SOFT_INIT" >>$CFGFILE
++echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|FALSE|0|0|1|1|NONE|$SOFT_DLL|$SOFT_INIT" >>$CFGFILE
+ elif [ $DEPTH = "tpm" ]
+ then
+-echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$TPM_DLL_FN|$TPM_INIT" >>$CFGFILE
++echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$TPM_DLL|$TPM_INIT" >>$CFGFILE
+ elif [ $DEPTH = "cca" ]
+ then
+-echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$CCA_DLL_FN|$CCA_INIT" >>$CFGFILE
++echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$CCA_DLL|$CCA_INIT" >>$CFGFILE
+ fi
+ 
+ @CHMOD@ -R g+wrX @localstatedir@/lib/opencryptoki
diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsconf-Makefile.am b/security/opencryptoki/files/patch-usr-sbin-pkcsconf-Makefile.am
new file mode 100644
index 000000000000..6e61e87c04b0
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-sbin-pkcsconf-Makefile.am
@@ -0,0 +1,10 @@
+--- usr/sbin/pkcsconf/Makefile.am.orig	2010-07-29 21:28:41.000000000 +0900
++++ usr/sbin/pkcsconf/Makefile.am	2010-10-20 00:46:34.600985372 +0900
+@@ -1,6 +1,6 @@
+ sbin_PROGRAMS=pkcsconf
+ 
+-pkcsconf_LDFLAGS = -lpthread -ldl
++pkcsconf_LDFLAGS = -lpthread
+ 
+ # Not all versions of automake observe sbinname_CFLAGS
+ pkcsconf_CFLAGS = -DSPINXPL -D_THREAD_SAFE -DDEBUG -DDEV -DAPI
diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c b/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c
new file mode 100644
index 000000000000..31aef7224424
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c
@@ -0,0 +1,11 @@
+--- usr/sbin/pkcsconf/pkcsconf.c.orig	2010-07-29 21:28:41.000000000 +0900
++++ usr/sbin/pkcsconf/pkcsconf.c	2010-10-20 00:47:46.462984231 +0900
+@@ -654,6 +654,8 @@
+       free (newpin2);
+    }
+ 
++   cleanup();
++
+    return rc;
+ 
+ }
diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-err.c b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-err.c
new file mode 100644
index 000000000000..1ef0ba153f20
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-err.c
@@ -0,0 +1,107 @@
+--- usr/sbin/pkcsslotd/err.c.orig	2010-07-29 21:28:41.000000000 +0900
++++ usr/sbin/pkcsslotd/err.c	2010-10-20 01:17:17.245985003 +0900
+@@ -288,6 +288,7 @@
+ 
+ /* (C) COPYRIGHT International Business Machines Corp. 2001          */
+ 
++#include <signal.h>
+ 
+ #include "pthread.h"
+ 
+@@ -331,14 +332,30 @@
+ 	CONSTINFO(ERANGE), 
+ 	CONSTINFO(ENOMSG), 
+ 	CONSTINFO(EIDRM), 
++#ifdef ECHRNG
+ 	CONSTINFO(ECHRNG), 
++#endif
++#ifdef EL2NSYNC
+ 	CONSTINFO(EL2NSYNC), 
++#endif
++#ifdef EL3HLT
+ 	CONSTINFO(EL3HLT), 
++#endif
++#ifdef EL3RST
+ 	CONSTINFO(EL3RST), 
++#endif
++#ifdef ELNRNG
+ 	CONSTINFO(ELNRNG), 
++#endif
++#ifdef EUNATCH
+ 	CONSTINFO(EUNATCH), 
++#endif
++#ifdef ENOCSI
+ 	CONSTINFO(ENOCSI), 
++#endif
++#ifdef EL2HLT
+ 	CONSTINFO(EL2HLT), 
++#endif
+ 	CONSTINFO(EDEADLK),
+ 	CONSTINFO(ESTALE), 
+ 	CONSTINFO(EWOULDBLOCK), 
+@@ -369,7 +386,9 @@
+ 	CONSTINFO(ECONNREFUSED), 
+ 	CONSTINFO(EHOSTDOWN), 
+ 	CONSTINFO(EHOSTUNREACH), 
++#ifdef ERESTART
+ 	CONSTINFO(ERESTART), 
++#endif
+ 	CONSTINFO(EUSERS), 
+ 	CONSTINFO(ELOOP), 
+ 	CONSTINFO(ENAMETOOLONG), 
+@@ -380,16 +399,34 @@
+ 	CONSTINFO(ETOOMANYREFS), 
+ 	CONSTINFO(EILSEQ), 
+ 	CONSTINFO(ECANCELED), 
++#ifdef ENOSR
+ 	CONSTINFO(ENOSR), 
++#endif
++#ifdef ETIME
+ 	CONSTINFO(ETIME), 
++#endif
++#ifdef EBADMSG
+ 	CONSTINFO(EBADMSG), 
++#endif
++#ifdef EPROTO
+ 	CONSTINFO(EPROTO), 
++#endif
++#ifdef ENODATA
+ 	CONSTINFO(ENODATA), 
++#endif
++#ifdef ENOSTR
+ 	CONSTINFO(ENOSTR), 
++#endif
+ 	CONSTINFO(ENOTSUP), 
++#ifdef EMULTIHOP
+ 	CONSTINFO(EMULTIHOP), 
++#endif
++#ifdef ENOLINK
+ 	CONSTINFO(ENOLINK), 
++#endif
++#ifdef EOVERFLOW
+ 	CONSTINFO(EOVERFLOW),
++#endif
+ 
+   };
+ 
+@@ -424,14 +461,20 @@
+ 	CONSTINFO(SIGXCPU), 
+ 	CONSTINFO(SIGXFSZ), 
+ 	CONSTINFO(SIGWINCH), 
++#ifdef SIGPWR
+ 	CONSTINFO(SIGPWR), 
++#endif
+ 	CONSTINFO(SIGUSR1), 
+ 	CONSTINFO(SIGUSR2), 
+ 	CONSTINFO(SIGPROF), 
+ 	CONSTINFO(SIGVTALRM), 
+ 	CONSTINFO(SIGIOT), 
++#ifdef SIGCLD
+ 	CONSTINFO(SIGCLD), 
++#endif
++#ifdef SIGPOLL
+ 	CONSTINFO(SIGPOLL), 
++#endif
+         #if 0
+ 	  CONSTINFO(SIG_DFL), 
+ 	  CONSTINFO(SIG_IGN), 
diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-mutex.c b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-mutex.c
new file mode 100644
index 000000000000..4b8c83064dbe
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-mutex.c
@@ -0,0 +1,37 @@
+--- usr/sbin/pkcsslotd/mutex.c.orig	2010-07-29 21:28:41.000000000 +0900
++++ usr/sbin/pkcsslotd/mutex.c	2010-10-20 01:19:28.613984045 +0900
+@@ -293,6 +293,26 @@
+ 
+ #include "pkcsslotd.h"
+ 
++#include <fcntl.h>
++
++#ifdef __sun
++#define	LOCK_EX	F_LOCK
++#define	LOCK_UN	F_ULOCK
++#define	flock(fd, func)	lockf(fd, func, 0)
++#endif
++
++#ifndef	LOCK_SH
++#define	LOCK_SH	1	/* shared lock */
++#endif
++#ifndef	LOCK_EX
++#define	LOCK_EX	2	/* exclusive lock */
++#endif
++#ifndef	LOCK_NB
++#define	LOCK_NB	4	/* don't block when locking */
++#endif
++#ifndef	LOCK_UN
++#define	LOCK_UN	8	/* unlock */
++#endif
+ 
+ #if SYSVSEM
+ #error "Caveat Emptor... this does not work"
+@@ -315,7 +335,6 @@
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <fcntl.h>
+-#include <sys/file.h>
+ static int xplfd=-1;
+ #endif
+ 
diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-pkcsslotd.h b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-pkcsslotd.h
new file mode 100644
index 000000000000..024873633a1c
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-pkcsslotd.h
@@ -0,0 +1,11 @@
+--- usr/sbin/pkcsslotd/pkcsslotd.h.orig	2010-07-29 21:28:41.000000000 +0900
++++ usr/sbin/pkcsslotd/pkcsslotd.h	2010-10-20 01:20:18.253984238 +0900
+@@ -353,7 +353,7 @@
+ #include <nl_types.h>
+ 
+ #include <sys/ipc.h>
+-#include <linux/limits.h>
++#include <limits.h>
+ #include <sys/shm.h>
+ #include <sys/stat.h>
+ #include <sys/types.h>
diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-shmem.c b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-shmem.c
new file mode 100644
index 000000000000..973c25b76436
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-shmem.c
@@ -0,0 +1,35 @@
+--- usr/sbin/pkcsslotd/shmem.c.orig	2010-07-29 21:28:41.000000000 +0900
++++ usr/sbin/pkcsslotd/shmem.c	2010-10-20 01:23:03.203984101 +0900
+@@ -338,9 +338,9 @@
+    }
+    // SAB  Get the group information for the PKCS#11 group... fail if
+    // it does not exist
+-   grp = getgrnam("pkcs11");
++   grp = getgrnam(PKCS11GROUP);
+    if ( !grp ) {
+-     ErrLog("Group PKCS#11 does not exist ");
++     ErrLog("Group " PKCS11GROUP " does not exist ");
+      return FALSE;  // Group does not exist... setup is wrong..
+    }
+ 
+@@ -409,9 +409,9 @@
+    int i;
+    char *buffer;
+    
+-   grp = getgrnam("pkcs11");
++   grp = getgrnam(PKCS11GROUP);
+    if ( !grp ) {
+-     ErrLog("Group \"pkcs11\" does not exist! Please run %s/pkcs11_startup.",
++     ErrLog("Group " PKCS11GROUP " does not exist! Please run %s/pkcs11_startup.",
+ 		     SBIN_PATH);
+      return FALSE;  // Group does not exist... setup is wrong..
+    }
+@@ -431,7 +431,7 @@
+ 	 return FALSE;
+        }
+        if (fchown(fd, 0, grp->gr_gid) == -1) {
+-	 ErrLog("%s: fchown(%s, root, pkcs11): %s", __FUNCTION__, MAPFILENAME,
++	 ErrLog("%s: fchown(%s, root, %s): %s", __FUNCTION__, MAPFILENAME, PKCS11GROUP,
+ 		strerror(errno));
+ 	 close(fd);
+ 	 return FALSE;
diff --git a/security/opencryptoki/files/pkcsslotd.in b/security/opencryptoki/files/pkcsslotd.in
new file mode 100644
index 000000000000..ca0fb7744dc3
--- /dev/null
+++ b/security/opencryptoki/files/pkcsslotd.in
@@ -0,0 +1,33 @@
+#!/bin/sh
+
+# $FreeBSD$
+#
+# PROVIDE: pkcsslotd
+# REQUIRE: LOGIN tcsd
+# KEYWORD: shutdown
+#
+# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
+# to enable this service:
+#
+# pkcsslotd_enable (bool): Set to NO by default.
+#                          Set it to YES to enable pkcsslotd.
+#
+
+. /etc/rc.subr
+
+name=pkcsslotd
+rcvar=`set_rcvar`
+command=%%PREFIX%%/sbin/${name}
+start_precmd=${name}_prestart
+
+pkcsslotd_prestart () {
+	[ -f %%PREFIX%%/var/lib/opencryptoki/pk_config_data ] || \
+		%%PREFIX%%/sbin/pkcs11_startup
+}
+
+load_rc_config ${name}
+
+: pkcsslotd_enable=${pkcsslotd_enable-"NO"}
+
+run_rc_command "$1"
+
diff --git a/security/opencryptoki/files/pkg-message.in b/security/opencryptoki/files/pkg-message.in
new file mode 100644
index 000000000000..70b4dd1edd64
--- /dev/null
+++ b/security/opencryptoki/files/pkg-message.in
@@ -0,0 +1,7 @@
+To run pkcsslotd automatically, add the following line to /etc/rc.conf
+
+pkcsslotd_enable="YES"
+
+To use PKCS#11 token, add your_account to '%%GROUPS%%' like following:
+
+# pw groupadd %%GROUPS%% -m your_account
diff --git a/security/opencryptoki/pkg-descr b/security/opencryptoki/pkg-descr
new file mode 100644
index 000000000000..cdaa8827a684
--- /dev/null
+++ b/security/opencryptoki/pkg-descr
@@ -0,0 +1 @@
+openCryptoki is a PKCS#11 implementation.
diff --git a/security/opencryptoki/pkg-plist b/security/opencryptoki/pkg-plist
new file mode 100644
index 000000000000..12d85ac93185
--- /dev/null
+++ b/security/opencryptoki/pkg-plist
@@ -0,0 +1,34 @@
+include/opencryptoki/apiclient.h
+include/opencryptoki/pkcs11.h
+include/opencryptoki/pkcs11types.h
+lib/libopencryptoki.la
+lib/libopencryptoki.so
+lib/libopencryptoki.so.0
+lib/opencryptoki/PKCS11_API.so
+lib/opencryptoki/libopencryptoki.la
+lib/opencryptoki/libopencryptoki.so
+lib/opencryptoki/libopencryptoki.so.0
+lib/opencryptoki/methods
+lib/opencryptoki/stdll/PKCS11_SW.so
+lib/opencryptoki/stdll/libpkcs11_sw.la
+lib/opencryptoki/stdll/libpkcs11_sw.so
+lib/opencryptoki/stdll/libpkcs11_sw.so.0
+lib/opencryptoki/stdll/PKCS11_TPM.so
+lib/opencryptoki/stdll/libpkcs11_tpm.la
+lib/opencryptoki/stdll/libpkcs11_tpm.so
+lib/opencryptoki/stdll/libpkcs11_tpm.so.0
+lib/pkcs11/PKCS11_API.so
+lib/pkcs11/libopencryptoki.so
+lib/pkcs11/methods
+lib/pkcs11/stdll
+sbin/pkcs11_startup
+sbin/pkcs_slot
+sbin/pkcsconf
+sbin/pkcsslotd
+@dirrmtry var/lib/opencryptoki
+@dirrmtry var/lib
+@dirrmtry var
+@dirrm lib/pkcs11
+@dirrm lib/opencryptoki/stdll
+@dirrm lib/opencryptoki
+@dirrm include/opencryptoki