Blob Blame History Raw
diff --git a/bin/Makefile.in b/bin/Makefile.in
index 87ca5b2..187ec23 100644
--- a/bin/Makefile.in
+++ b/bin/Makefile.in
@@ -19,7 +19,7 @@ srcdir =	@srcdir@
 VPATH =		@srcdir@
 top_srcdir =	@top_srcdir@
 
-SUBDIRS =	named rndc dig dnssec tools tests nsupdate \
+SUBDIRS =	named named-pkcs11 rndc dig dnssec dnssec-pkcs11 tools tests nsupdate \
 		check confgen @PYTHON_TOOLS@ @PKCS11_TOOLS@
 TARGETS =
 
diff --git a/bin/dnssec-pkcs11/Makefile.in b/bin/dnssec-pkcs11/Makefile.in
index 64e1846..7846662 100644
--- a/bin/dnssec-pkcs11/Makefile.in
+++ b/bin/dnssec-pkcs11/Makefile.in
@@ -23,18 +23,18 @@ top_srcdir =	@top_srcdir@
 
 @BIND9_MAKE_INCLUDES@
 
-CINCLUDES =	${DNS_INCLUDES} ${ISC_INCLUDES}
+CINCLUDES =	${DNS_PKCS11_INCLUDES} ${ISC_PKCS11_INCLUDES}
 
 CDEFINES =	-DVERSION=\"${VERSION}\" @USE_PKCS11@ @PKCS11_ENGINE@ \
-		@CRYPTO@ -DPK11_LIB_LOCATION=\"@PKCS11_PROVIDER@\"
+		@CRYPTO_PK11@ -DPK11_LIB_LOCATION=\"@PKCS11_PROVIDER@\"
 CWARNINGS =
 
-DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
-ISCLIBS =	../../lib/isc/libisc.@A@
-ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@
+DNSLIBS =	../../lib/dns-pkcs11/libdns-pkcs11.@A@ @DNS_CRYPTO_PK11_LIBS@
+ISCLIBS =	../../lib/isc-pkcs11/libisc-pkcs11.@A@
+ISCNOSYMLIBS =	../../lib/isc-pkcs11/libisc-pkcs11-nosymtbl.@A@
 
-DNSDEPLIBS =	../../lib/dns/libdns.@A@
-ISCDEPLIBS =	../../lib/isc/libisc.@A@
+DNSDEPLIBS =	../../lib/dns-pkcs11/libdns-pkcs11.@A@
+ISCDEPLIBS =	../../lib/isc-pkcs11/libisc-pkcs11.@A@
 
 DEPLIBS =	${DNSDEPLIBS} ${ISCDEPLIBS}
 
@@ -43,10 +43,10 @@ LIBS =		${DNSLIBS} ${ISCLIBS} @LIBS@
 NOSYMLIBS =	${DNSLIBS} ${ISCNOSYMLIBS} @LIBS@
 
 # Alphabetically
-TARGETS =	dnssec-keygen@EXEEXT@ dnssec-signzone@EXEEXT@ \
-		dnssec-keyfromlabel@EXEEXT@ dnssec-dsfromkey@EXEEXT@ \
-		dnssec-revoke@EXEEXT@ dnssec-settime@EXEEXT@ \
-		dnssec-verify@EXEEXT@ dnssec-importkey@EXEEXT@
+TARGETS =	dnssec-keygen-pkcs11@EXEEXT@ dnssec-signzone-pkcs11@EXEEXT@ \
+		dnssec-keyfromlabel-pkcs11@EXEEXT@ dnssec-dsfromkey-pkcs11@EXEEXT@ \
+		dnssec-revoke-pkcs11@EXEEXT@ dnssec-settime-pkcs11@EXEEXT@ \
+		dnssec-verify-pkcs11@EXEEXT@ dnssec-importkey-pkcs11@EXEEXT@
 
 OBJS =		dnssectool.@O@
 
@@ -67,15 +67,15 @@ MANOBJS =	${MANPAGES} ${HTMLPAGES}
 
 @BIND9_MAKE_RULES@
 
-dnssec-dsfromkey@EXEEXT@: dnssec-dsfromkey.@O@ ${OBJS} ${DEPLIBS}
+dnssec-dsfromkey-pkcs11@EXEEXT@: dnssec-dsfromkey.@O@ ${OBJS} ${DEPLIBS}
 	export BASEOBJS="dnssec-dsfromkey.@O@ ${OBJS}"; \
 	${FINALBUILDCMD}
 
-dnssec-keyfromlabel@EXEEXT@: dnssec-keyfromlabel.@O@ ${OBJS} ${DEPLIBS}
+dnssec-keyfromlabel-pkcs11@EXEEXT@: dnssec-keyfromlabel.@O@ ${OBJS} ${DEPLIBS}
 	export BASEOBJS="dnssec-keyfromlabel.@O@ ${OBJS}"; \
 	${FINALBUILDCMD}
 
-dnssec-keygen@EXEEXT@: dnssec-keygen.@O@ ${OBJS} ${DEPLIBS}
+dnssec-keygen-pkcs11@EXEEXT@: dnssec-keygen.@O@ ${OBJS} ${DEPLIBS}
 	export BASEOBJS="dnssec-keygen.@O@ ${OBJS}"; \
 	${FINALBUILDCMD}
 
@@ -83,7 +83,7 @@ dnssec-signzone.@O@: dnssec-signzone.c
 	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \
 		-c ${srcdir}/dnssec-signzone.c
 
-dnssec-signzone@EXEEXT@: dnssec-signzone.@O@ ${OBJS} ${DEPLIBS}
+dnssec-signzone-pkcs11@EXEEXT@: dnssec-signzone.@O@ ${OBJS} ${DEPLIBS}
 	export BASEOBJS="dnssec-signzone.@O@ ${OBJS}"; \
 	${FINALBUILDCMD}
 
@@ -91,19 +91,19 @@ dnssec-verify.@O@: dnssec-verify.c
 	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \
 		-c ${srcdir}/dnssec-verify.c
 
-dnssec-verify@EXEEXT@: dnssec-verify.@O@ ${OBJS} ${DEPLIBS}
+dnssec-verify-pkcs11@EXEEXT@: dnssec-verify.@O@ ${OBJS} ${DEPLIBS}
 	export BASEOBJS="dnssec-verify.@O@ ${OBJS}"; \
 	${FINALBUILDCMD}
 
-dnssec-revoke@EXEEXT@: dnssec-revoke.@O@ ${OBJS} ${DEPLIBS}
+dnssec-revoke-pkcs11@EXEEXT@: dnssec-revoke.@O@ ${OBJS} ${DEPLIBS}
 	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
 	dnssec-revoke.@O@ ${OBJS} ${LIBS}
 
-dnssec-settime@EXEEXT@: dnssec-settime.@O@ ${OBJS} ${DEPLIBS}
+dnssec-settime-pkcs11@EXEEXT@: dnssec-settime.@O@ ${OBJS} ${DEPLIBS}
 	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
 	dnssec-settime.@O@ ${OBJS} ${LIBS}
 
-dnssec-importkey@EXEEXT@: dnssec-importkey.@O@ ${OBJS} ${DEPLIBS}
+dnssec-importkey-pkcs11@EXEEXT@: dnssec-importkey.@O@ ${OBJS} ${DEPLIBS}
 	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
 	dnssec-importkey.@O@ ${OBJS} ${LIBS}
 
@@ -114,11 +114,9 @@ docclean manclean maintainer-clean::
 
 installdirs:
 	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8
 
 install:: ${TARGETS} installdirs
 	for t in ${TARGETS}; do ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} $$t ${DESTDIR}${sbindir}; done
-	for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man8; done
 
 clean distclean::
 	rm -f ${TARGETS}
diff --git a/bin/dnssec/Makefile.in b/bin/dnssec/Makefile.in
index 64e1846..cfb5628 100644
--- a/bin/dnssec/Makefile.in
+++ b/bin/dnssec/Makefile.in
@@ -25,7 +25,7 @@ top_srcdir =	@top_srcdir@
 
 CINCLUDES =	${DNS_INCLUDES} ${ISC_INCLUDES}
 
-CDEFINES =	-DVERSION=\"${VERSION}\" @USE_PKCS11@ @PKCS11_ENGINE@ \
+CDEFINES =	-DVERSION=\"${VERSION}\" \
 		@CRYPTO@ -DPK11_LIB_LOCATION=\"@PKCS11_PROVIDER@\"
 CWARNINGS =
 
diff --git a/bin/named-pkcs11/Makefile.in b/bin/named-pkcs11/Makefile.in
index 8b9e87a..5b7d939 100644
--- a/bin/named-pkcs11/Makefile.in
+++ b/bin/named-pkcs11/Makefile.in
@@ -45,26 +45,26 @@ DLZDRIVER_INCLUDES =	@DLZ_DRIVER_INCLUDES@
 DLZDRIVER_LIBS =	@DLZ_DRIVER_LIBS@
 
 CINCLUDES =	-I${srcdir}/include -I${srcdir}/unix/include -I. \
-		${LWRES_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES} \
-		${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} ${ISC_INCLUDES} \
+		${LWRES_INCLUDES} ${DNS_PKCS11_INCLUDES} ${BIND9_INCLUDES} \
+		${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} ${ISC_PKCS11_INCLUDES} \
 		${DLZDRIVER_INCLUDES} ${DBDRIVER_INCLUDES} @DST_OPENSSL_INC@
 
-CDEFINES =      @CONTRIB_DLZ@ @USE_PKCS11@ @PKCS11_ENGINE@ @CRYPTO@
+CDEFINES =      @USE_PKCS11@ @PKCS11_ENGINE@ @CRYPTO_PK11@
 
 CWARNINGS =
 
-DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
+DNSLIBS =	../../lib/dns-pkcs11/libdns-pkcs11.@A@ @DNS_CRYPTO_LIBS@
 ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
 ISCCCLIBS =	../../lib/isccc/libisccc.@A@
-ISCLIBS =	../../lib/isc/libisc.@A@
+ISCLIBS =	../../lib/isc-pkcs11/libisc-pkcs11.@A@
 ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@
 LWRESLIBS =	../../lib/lwres/liblwres.@A@
 BIND9LIBS =	../../lib/bind9/libbind9.@A@
 
-DNSDEPLIBS =	../../lib/dns/libdns.@A@
+DNSDEPLIBS =	../../lib/dns-pkcs11/libdns-pkcs11.@A@
 ISCCFGDEPLIBS =	../../lib/isccfg/libisccfg.@A@
 ISCCCDEPLIBS =	../../lib/isccc/libisccc.@A@
-ISCDEPLIBS =	../../lib/isc/libisc.@A@
+ISCDEPLIBS =	../../lib/isc-pkcs11/libisc-pkcs11.@A@
 LWRESDEPLIBS =	../../lib/lwres/liblwres.@A@
 BIND9DEPLIBS =	../../lib/bind9/libbind9.@A@
 
@@ -73,15 +73,15 @@ DEPLIBS =	${LWRESDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} \
 
 LIBS =		${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} \
 		${ISCCFGLIBS} ${ISCCCLIBS} ${ISCLIBS} \
-		${DLZDRIVER_LIBS} ${DBDRIVER_LIBS} @LIBS@
+		@LIBS@
 
 NOSYMLIBS =	${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} \
 		${ISCCFGLIBS} ${ISCCCLIBS} ${ISCNOSYMLIBS} \
-		${DLZDRIVER_LIBS} ${DBDRIVER_LIBS} @LIBS@
+		@LIBS@
 
 SUBDIRS =	unix
 
-TARGETS =	named@EXEEXT@ lwresd@EXEEXT@
+TARGETS =	named-pkcs11@EXEEXT@
 
 GEOIPLINKOBJS = geoip.@O@
 
@@ -92,8 +92,7 @@ OBJS =		builtin.@O@ client.@O@ config.@O@ control.@O@ \
 		tkeyconf.@O@ tsigconf.@O@ update.@O@ xfrout.@O@ \
 		zoneconf.@O@ \
 		lwaddr.@O@ lwresd.@O@ lwdclient.@O@ lwderror.@O@ lwdgabn.@O@ \
-		lwdgnba.@O@ lwdgrbn.@O@ lwdnoop.@O@ lwsearch.@O@ \
-		${DLZDRIVER_OBJS} ${DBDRIVER_OBJS}
+		lwdgnba.@O@ lwdgrbn.@O@ lwdnoop.@O@ lwsearch.@O@
 
 UOBJS =		unix/os.@O@ unix/dlz_dlopen_driver.@O@
 
@@ -108,8 +107,7 @@ SRCS =		builtin.c client.c config.c control.c \
 		tkeyconf.c tsigconf.c update.c xfrout.c \
 		zoneconf.c \
 		lwaddr.c lwresd.c lwdclient.c lwderror.c lwdgabn.c \
-		lwdgnba.c lwdgrbn.c lwdnoop.c lwsearch.c \
-		${DLZDRIVER_SRCS} ${DBDRIVER_SRCS}
+		lwdgnba.c lwdgrbn.c lwdnoop.c lwsearch.c
 
 MANPAGES =	named.8 lwresd.8 named.conf.5
 
@@ -145,7 +143,7 @@ config.@O@: config.c bind.keys.h
 		-DNS_SYSCONFDIR=\"${sysconfdir}\" \
 		-c ${srcdir}/config.c
 
-named@EXEEXT@: ${OBJS} ${UOBJS} ${DEPLIBS}
+named-pkcs11@EXEEXT@: ${OBJS} ${UOBJS} ${DEPLIBS}
 	export MAKE_SYMTABLE="yes"; \
 	export BASEOBJS="${OBJS} ${UOBJS}"; \
 	${FINALBUILDCMD}
@@ -176,15 +174,9 @@ statschannel.@O@: bind9.xsl.h bind9.ver3.xsl.h
 
 installdirs:
 	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man5
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8
-
-install:: named@EXEEXT@ lwresd@EXEEXT@ installdirs
-	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named@EXEEXT@ ${DESTDIR}${sbindir}
-	(cd ${DESTDIR}${sbindir}; rm -f lwresd@EXEEXT@; @LN@ named@EXEEXT@ lwresd@EXEEXT@)
-	${INSTALL_DATA} ${srcdir}/named.8 ${DESTDIR}${mandir}/man8
-	${INSTALL_DATA} ${srcdir}/lwresd.8 ${DESTDIR}${mandir}/man8
-	${INSTALL_DATA} ${srcdir}/named.conf.5 ${DESTDIR}${mandir}/man5
+
+install:: named-pkcs11@EXEEXT@ installdirs
+	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named-pkcs11@EXEEXT@ ${DESTDIR}${sbindir}
 
 @DLZ_DRIVER_RULES@
 
diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in
index 8b9e87a..5ba3f56 100644
--- a/bin/named/Makefile.in
+++ b/bin/named/Makefile.in
@@ -49,7 +49,7 @@ CINCLUDES =	-I${srcdir}/include -I${srcdir}/unix/include -I. \
 		${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} ${ISC_INCLUDES} \
 		${DLZDRIVER_INCLUDES} ${DBDRIVER_INCLUDES} @DST_OPENSSL_INC@
 
-CDEFINES =      @CONTRIB_DLZ@ @USE_PKCS11@ @PKCS11_ENGINE@ @CRYPTO@
+CDEFINES =      @CONTRIB_DLZ@ @CRYPTO@
 
 CWARNINGS =
 
diff --git a/bin/pkcs11/Makefile.in b/bin/pkcs11/Makefile.in
index 15d3fb5..32cc753 100644
--- a/bin/pkcs11/Makefile.in
+++ b/bin/pkcs11/Makefile.in
@@ -20,13 +20,13 @@ top_srcdir =	@top_srcdir@
 
 @BIND9_MAKE_INCLUDES@
 
-CINCLUDES =	${ISC_INCLUDES}
+CINCLUDES =	${ISC_PKCS11_INCLUDES}
 
 CDEFINES =
 
-ISCLIBS =	../../lib/isc/libisc.@A@
+ISCLIBS =	../../lib/isc-pkcs11/libisc-pkcs11.@A@
 
-ISCDEPLIBS =	../../lib/isc/libisc.@A@
+ISCDEPLIBS =	../../lib/isc-pkcs11/libisc-pkcs11.@A@
 
 DEPLIBS =	${ISCDEPLIBS}
 
diff --git a/configure.in b/configure.in
index 5c79d6d..6c08de9 100644
--- a/configure.in
+++ b/configure.in
@@ -659,10 +659,10 @@ AC_ARG_WITH(pkcs11,
 openssldirs="/usr /usr/local /usr/local/ssl /usr/pkg /usr/sfw"
 if test "$use_openssl" = "auto"
 then
-    if test "$want_native_pkcs11" = "yes"
-    then
-        use_openssl="native_pkcs11"
-    else
+#    if test "$want_native_pkcs11" = "yes"
+#    then
+#        use_openssl="native_pkcs11"
+#    else
 	    for d in $openssldirs
     	do
 	    	if test -f $d/include/openssl/opensslv.h
@@ -671,7 +671,7 @@ then
     			break
 		    fi
     	done
-    fi
+#    fi
 fi
 OPENSSL_ECDSA=""
 OPENSSL_GOST=""
@@ -730,11 +730,11 @@ case "$use_openssl" in
 If you don't want OpenSSL, use --without-openssl])
 		;;
 	*)
-		if test "$want_native_pkcs11" = "yes"
-		then
-                        AC_MSG_RESULT()
-			AC_MSG_ERROR([OpenSSL and native PKCS11 cannot be used together.])
-		fi
+#		if test "$want_native_pkcs11" = "yes"
+#		then
+#                        AC_MSG_RESULT()
+#			AC_MSG_ERROR([OpenSSL and native PKCS11 cannot be used together.])
+#		fi
 		if test "$use_openssl" = "yes"
 		then
 			# User did not specify a path - guess it
@@ -1014,6 +1014,7 @@ AC_SUBST(OPENSSL_ECDSA)
 AC_SUBST(OPENSSL_GOST)
 
 DNS_CRYPTO_LIBS="$DNS_CRYPTO_LIBS $DNS_OPENSSL_LIBS"
+DNS_CRYPTO_PK11_LIBS="$DNS_CRYPTO_LIBS"
 
 #
 # Use OpenSSL for hash functions
@@ -1195,7 +1196,7 @@ case "$use_pkcs11" in
 esac
 AC_SUBST(PKCS11_PROVIDER)
 
-
+CRYPTO_PK11=""
 PKCS11_ECDSA=""
 PKCS11_GOST=""
 AC_MSG_CHECKING(for native PKCS11)
@@ -1203,7 +1204,7 @@ AC_MSG_CHECKING(for native PKCS11)
 case "$want_native_pkcs11" in
 	yes)
 		AC_MSG_RESULT(using native PKCS11 crypto)
-		CRYPTO="-DPKCS11CRYPTO"
+		CRYPTO_PK11="-DPKCS11CRYPTO"
 		PKCS11LINKOBJS='${PKCS11LINKOBJS}'
 		PKCS11LINKSRCS='${PKCS11LINKSRCS}'
                 PKCS11_TEST=pkcs11
@@ -1240,6 +1241,7 @@ esac
 AC_SUBST(PKCS11LINKOBJS)
 AC_SUBST(PKCS11LINKSRCS)
 AC_SUBST(CRYPTO)
+AC_SUBST(CRYPTO_PK11)
 AC_SUBST(PKCS11_ECDSA)
 AC_SUBST(PKCS11_GOST)
 AC_SUBST(PKCS11_TEST)
@@ -1531,12 +1533,13 @@ AC_SUBST(USE_GSSAPI)
 AC_SUBST(DST_GSSAPI_INC)
 AC_SUBST(DNS_GSSAPI_LIBS)
 DNS_CRYPTO_LIBS="$DNS_GSSAPI_LIBS $DNS_CRYPTO_LIBS"
-
+DNS_CRYPTO_PK11_LIBS="$DNS_GSSAPI_LIBS $DNS_CRYPTO_PK11_LIBS"
 #
 # Applications linking with libdns also need to link with these libraries.
 #
 
 AC_SUBST(DNS_CRYPTO_LIBS)
+AC_SUBST(DNS_CRYPTO_PK11_LIBS)
 
 #
 # was --with-randomdev specified?
@@ -4014,7 +4017,10 @@ AC_CONFIG_FILES([
 	bin/confgen/unix/Makefile
 	bin/dig/Makefile
 	bin/dnssec/Makefile
+	bin/dnssec-pkcs11/Makefile
 	bin/named/Makefile
+	bin/named-pkcs11/Makefile
+	bin/named-pkcs11/unix/Makefile
 	bin/named/unix/Makefile
 	bin/nsupdate/Makefile
 	bin/pkcs11/Makefile
@@ -4097,11 +4103,19 @@ AC_CONFIG_FILES([
 	lib/dns/include/dns/Makefile
 	lib/dns/include/dst/Makefile
 	lib/dns/tests/Makefile
+	lib/dns-pkcs11/Makefile
+	lib/dns-pkcs11/include/Makefile
+	lib/dns-pkcs11/include/dns/Makefile
+	lib/dns-pkcs11/include/dst/Makefile
 	lib/export/Makefile
 	lib/export/dns/Makefile
 	lib/export/dns/include/Makefile
 	lib/export/dns/include/dns/Makefile
 	lib/export/dns/include/dst/Makefile
+	lib/export/dns-pkcs11/Makefile
+	lib/export/dns-pkcs11/include/Makefile
+	lib/export/dns-pkcs11/include/dns/Makefile
+	lib/export/dns-pkcs11/include/dst/Makefile
 	lib/export/irs/Makefile
 	lib/export/irs/include/Makefile
 	lib/export/irs/include/irs/Makefile
@@ -4115,6 +4129,16 @@ AC_CONFIG_FILES([
 	lib/export/isc/unix/Makefile
 	lib/export/isc/unix/include/Makefile
 	lib/export/isc/unix/include/isc/Makefile
+	lib/export/isc-pkcs11/$thread_dir/Makefile
+	lib/export/isc-pkcs11/$thread_dir/include/Makefile
+	lib/export/isc-pkcs11/$thread_dir/include/isc/Makefile
+	lib/export/isc-pkcs11/Makefile
+	lib/export/isc-pkcs11/include/Makefile
+	lib/export/isc-pkcs11/include/isc/Makefile
+	lib/export/isc-pkcs11/nls/Makefile
+	lib/export/isc-pkcs11/unix/Makefile
+	lib/export/isc-pkcs11/unix/include/Makefile
+	lib/export/isc-pkcs11/unix/include/isc/Makefile
 	lib/export/isccfg/Makefile
 	lib/export/isccfg/include/Makefile
 	lib/export/isccfg/include/isccfg/Makefile
@@ -4143,6 +4167,24 @@ AC_CONFIG_FILES([
 	lib/isc/unix/include/Makefile
 	lib/isc/unix/include/isc/Makefile
 	lib/isc/unix/include/pkcs11/Makefile
+	lib/isc-pkcs11/$arch/Makefile
+	lib/isc-pkcs11/$arch/include/Makefile
+	lib/isc-pkcs11/$arch/include/isc/Makefile
+	lib/isc-pkcs11/$thread_dir/Makefile
+	lib/isc-pkcs11/$thread_dir/include/Makefile
+	lib/isc-pkcs11/$thread_dir/include/isc/Makefile
+	lib/isc-pkcs11/Makefile
+	lib/isc-pkcs11/include/Makefile
+	lib/isc-pkcs11/include/isc/Makefile
+	lib/isc-pkcs11/include/isc/platform.h
+	lib/isc-pkcs11/include/pk11/Makefile
+	lib/isc-pkcs11/include/pkcs11/Makefile
+	lib/isc-pkcs11/tests/Makefile
+	lib/isc-pkcs11/nls/Makefile
+	lib/isc-pkcs11/unix/Makefile
+	lib/isc-pkcs11/unix/include/Makefile
+	lib/isc-pkcs11/unix/include/isc/Makefile
+	lib/isc-pkcs11/unix/include/pkcs11/Makefile
 	lib/isccc/Makefile
 	lib/isccc/include/Makefile
 	lib/isccc/include/isccc/Makefile
diff --git a/lib/Makefile.in b/lib/Makefile.in
index 8dc1d38..8e48d5e 100644
--- a/lib/Makefile.in
+++ b/lib/Makefile.in
@@ -23,7 +23,7 @@ top_srcdir =	@top_srcdir@
 # Attempt to disable parallel processing.
 .NOTPARALLEL:
 .NO_PARALLEL:
-SUBDIRS =	isc isccc dns isccfg bind9 lwres tests
+SUBDIRS =	isc isccc dns isccfg bind9 lwres tests isc-pkcs11 dns-pkcs11
 TARGETS =
 
 @BIND9_MAKE_RULES@
diff --git a/lib/dns-pkcs11/Makefile.in b/lib/dns-pkcs11/Makefile.in
index ae316c5..1a79768 100644
--- a/lib/dns-pkcs11/Makefile.in
+++ b/lib/dns-pkcs11/Makefile.in
@@ -27,16 +27,16 @@ top_srcdir =	@top_srcdir@
 
 USE_ISC_SPNEGO = @USE_ISC_SPNEGO@
 
-CINCLUDES =	-I. -I${top_srcdir}/lib/dns -Iinclude ${DNS_INCLUDES} ${ISC_INCLUDES} \
+CINCLUDES =	-I. -I${top_srcdir}/lib/dns-pkcs11 -Iinclude ${DNS_PKCS11_INCLUDES} ${ISC_PKCS11_INCLUDES} \
 		@DST_OPENSSL_INC@ @DST_GSSAPI_INC@
 
-CDEFINES =	-DUSE_MD5 @CRYPTO@ @USE_GSSAPI@ ${USE_ISC_SPNEGO}
+CDEFINES =	-DUSE_MD5 @CRYPTO_PK11@ @USE_GSSAPI@ ${USE_ISC_SPNEGO}
 
 CWARNINGS =
 
-ISCLIBS =	../../lib/isc/libisc.@A@
+ISCLIBS =	../../lib/isc-pkcs11/libisc-pkcs11.@A@
 
-ISCDEPLIBS =	../../lib/isc/libisc.@A@
+ISCDEPLIBS =	../../lib/isc-pkcs11/libisc-pkcs11.@A@
 
 LIBS =		@LIBS@
 
@@ -131,24 +131,24 @@ version.@O@: version.c
 		-DLIBAGE=${LIBAGE} \
 		-c ${srcdir}/version.c
 
-libdns.@SA@: ${OBJS}
+libdns-pkcs11.@SA@: ${OBJS}
 	${AR} ${ARFLAGS} $@ ${OBJS}
 	${RANLIB} $@
 
-libdns.la: ${OBJS}
+libdns-pkcs11.la: ${OBJS}
 	${LIBTOOL_MODE_LINK} \
-		${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libdns.la -rpath ${libdir} \
+		${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libdns-pkcs11.la -rpath ${libdir} \
 		-version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \
 		${OBJS} ${ISCLIBS} @DNS_CRYPTO_LIBS@ ${LIBS}
 
-timestamp: libdns.@A@
+timestamp: libdns-pkcs11.@A@
 	touch timestamp
 
 installdirs:
 	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${libdir}
 
 install:: timestamp installdirs
-	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} libdns.@A@ ${DESTDIR}${libdir}
+	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} libdns-pkcs11.@A@ ${DESTDIR}${libdir}
 
 clean distclean::
 	rm -f libdns.@A@ timestamp
@@ -181,7 +181,7 @@ code.h:	gen
 	./gen -s ${srcdir} > code.h
 
 gen: gen.c
-	${BUILD_CC} ${BUILD_CFLAGS} -I${top_srcdir}/lib/isc/include \
+	${BUILD_CC} ${BUILD_CFLAGS} -I${top_srcdir}/lib/isc-pkcs11/include \
 	${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} -o $@ ${srcdir}/gen.c ${BUILD_LIBS}
 
 rbtdb64.@O@: rbtdb.c
diff --git a/lib/export/Makefile.in b/lib/export/Makefile.in
index 1fd7216..a8a1342 100644
--- a/lib/export/Makefile.in
+++ b/lib/export/Makefile.in
@@ -21,7 +21,7 @@ top_srcdir =	@top_srcdir@
 # Attempt to disable parallel processing.
 .NOTPARALLEL:
 .NO_PARALLEL:
-SUBDIRS =	isc dns isccfg irs samples
+SUBDIRS =	isc dns isccfg irs samples isc-pkcs11 dns-pkcs11
 TARGETS =
 
 @BIND9_MAKE_RULES@
diff --git a/lib/export/dns-pkcs11/Makefile.in b/lib/export/dns-pkcs11/Makefile.in
index 887acb9..0f8abd3 100644
--- a/lib/export/dns-pkcs11/Makefile.in
+++ b/lib/export/dns-pkcs11/Makefile.in
@@ -15,7 +15,7 @@
 # $Id$
 
 top_srcdir =	@top_srcdir@
-srcdir =	@top_srcdir@/lib/dns
+srcdir =	@top_srcdir@/lib/dns-pkcs11
 export_srcdir =	@top_srcdir@/lib/export
 
 # Attempt to disable parallel processing.
@@ -28,16 +28,16 @@ export_srcdir =	@top_srcdir@/lib/export
 
 @BIND9_MAKE_INCLUDES@
 
-CINCLUDES =	-I. -I${top_srcdir}/lib/dns -Iinclude ${DNS_INCLUDES} -I${export_srcdir}/isc/include \
-		${ISC_INCLUDES} @DST_OPENSSL_INC@ @DST_GSSAPI_INC@
+CINCLUDES =	-I. -I${top_srcdir}/lib/dns-pkcs11 -Iinclude ${DNS_PKCS11_INCLUDES} -I${export_srcdir}/isc-pkcs11/include \
+		${ISC_PKCS11_INCLUDES} @DST_OPENSSL_INC@ @DST_GSSAPI_INC@
 
-CDEFINES =	-DUSE_MD5 @CRYPTO@ @USE_GSSAPI@
+CDEFINES =	-DUSE_MD5 @CRYPTO_PK11@ @USE_GSSAPI@
 
 CWARNINGS =
 
-ISCLIBS =	../isc/libisc-export.@A@
+ISCLIBS =	../isc-pkcs11/libisc-pkcs11-export.@A@
 
-ISCDEPLIBS =	../isc/libisc-export.@A@
+ISCDEPLIBS =	../isc-pkcs11/libisc-pkcs11-export.@A@
 
 LIBS =		@LIBS@
 
@@ -118,29 +118,29 @@ version.@O@: ${srcdir}/version.c
 		-DLIBAGE=${LIBAGE} \
 		-c ${srcdir}/version.c
 
-libdns-export.@SA@: ${OBJS}
+libdns-pkcs11-export.@SA@: ${OBJS}
 	${AR} ${ARFLAGS} $@ ${OBJS}
 	${RANLIB} $@
 
-libdns-export.la: ${OBJS}
+libdns-pkcs11-export.la: ${OBJS}
 	${LIBTOOL_MODE_LINK} \
-		${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libdns-export.la \
+		${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libdns-pkcs11-export.la \
 		-rpath ${export_libdir} \
 		-version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \
-		${OBJS} ${ISCLIBS} @DNS_CRYPTO_LIBS@ ${LIBS}
+		${OBJS} ${ISCLIBS} @DNS_CRYPTO_PK11_LIBS@ ${LIBS}
 
-timestamp: libdns-export.@A@
+timestamp: libdns-pkcs11-export.@A@
 	touch timestamp
 
 installdirs:
 	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${export_libdir}
 
 install:: timestamp installdirs
-	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} libdns-export.@A@ \
+	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} libdns-pkcs11-export.@A@ \
 	${DESTDIR}${export_libdir}/
 
 clean distclean::
-	rm -f libdns-export.@A@ timestamp
+	rm -f libdns-pkcs11-export.@A@ timestamp
 	rm -f gen code.h include/dns/enumtype.h include/dns/enumclass.h
 	rm -f include/dns/rdatastruct.h
 
diff --git a/lib/export/isc-pkcs11/Makefile.in b/lib/export/isc-pkcs11/Makefile.in
index 4f4a9f7..f8224e7 100644
--- a/lib/export/isc-pkcs11/Makefile.in
+++ b/lib/export/isc-pkcs11/Makefile.in
@@ -15,7 +15,7 @@
 # $Id: Makefile.in,v 1.8 2010/06/09 23:50:58 tbox Exp $
 
 top_srcdir =	@top_srcdir@
-srcdir =	@top_srcdir@/lib/isc
+srcdir =	@top_srcdir@/lib/isc-pkcs11
 export_srcdir =	@top_srcdir@/lib/export
 
 @BIND9_VERSION@
@@ -25,9 +25,9 @@ export_srcdir =	@top_srcdir@/lib/export
 CINCLUDES =	-I${srcdir}/unix/include \
 		-I${srcdir}/@ISC_THREAD_DIR@/include \
 		-I${srcdir}/@ISC_ARCH_DIR@/include \
-		-I${export_srcdir}/isc/include -I${srcdir}/include \
+		-I${export_srcdir}/isc-pkcs11/include -I${srcdir}/include \
 		@ISC_OPENSSL_INC@
-CDEFINES =	@CRYPTO@ -DUSE_APPIMPREGISTER -DUSE_MEMIMPREGISTER \
+CDEFINES =	@CRYPTO_PK11@ -DUSE_APPIMPREGISTER -DUSE_MEMIMPREGISTER \
 		-DUSE_SOCKETIMPREGISTER -DUSE_TASKIMPREGISTER \
 		-DUSE_TIMERIMPREGISTER
 CWARNINGS =
@@ -119,26 +119,26 @@ version.@O@: ${srcdir}/version.c
 		-DLIBAGE=${LIBAGE} \
 		-c ${srcdir}/version.c
 
-libisc-export.@SA@: ${OBJS}
+libisc-pkcs11-export.@SA@: ${OBJS}
 	${AR} ${ARFLAGS} $@ ${OBJS}
 	${RANLIB} $@
 
-libisc-export.la: ${OBJS}
+libisc-pkcs11-export.la: ${OBJS}
 	${LIBTOOL_MODE_LINK} \
-		${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libisc-export.la \
+		${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libisc-pkcs11-export.la \
 		-rpath ${export_libdir} \
 		-version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \
 		${OBJS} ${LIBS}
 
-timestamp: libisc-export.@A@
+timestamp: libisc-pkcs11-export.@A@
 	touch timestamp
 
 installdirs:
 	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${export_libdir}
 
 install:: timestamp installdirs
-	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} libisc-export.@A@ \
+	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} libisc-pkcs11-export.@A@ \
 	${DESTDIR}${export_libdir}
 
 clean distclean::
-	rm -f libisc-export.@A@ libisc-export.la timestamp
+	rm -f libisc-pkcs11-export.@A@ libisc-pkcs11-export.la timestamp
diff --git a/lib/isc-pkcs11/Makefile.in b/lib/isc-pkcs11/Makefile.in
index df62ec9..d9f0107 100644
--- a/lib/isc-pkcs11/Makefile.in
+++ b/lib/isc-pkcs11/Makefile.in
@@ -31,8 +31,8 @@ CINCLUDES =	-I${srcdir}/unix/include \
 		-I${srcdir}/@ISC_THREAD_DIR@/include \
 		-I${srcdir}/@ISC_ARCH_DIR@/include \
 		-I./include \
-		-I${srcdir}/include @ISC_OPENSSL_INC@ ${DNS_INCLUDES}
-CDEFINES =	@CRYPTO@ -DPK11_LIB_LOCATION=\"${PROVIDER}\"
+		-I${srcdir}/include ${DNS_PKCS11_INCLUDES}
+CDEFINES =	@CRYPTO_PK11@ -DPK11_LIB_LOCATION=\"${PROVIDER}\"
 CWARNINGS =
 
 # Alphabetically
@@ -110,35 +110,35 @@ version.@O@: version.c
 		-DLIBAGE=${LIBAGE} \
 		-c ${srcdir}/version.c
 
-libisc.@SA@: ${OBJS} ${SYMTBLOBJS}
+libisc-pkcs11.@SA@: ${OBJS} ${SYMTBLOBJS}
 	${AR} ${ARFLAGS} $@ ${OBJS} ${SYMTBLOBJS}
 	${RANLIB} $@
 
-libisc-nosymtbl.@SA@: ${OBJS}
+libisc-pkcs11-nosymtbl.@SA@: ${OBJS}
 	${AR} ${ARFLAGS} $@ ${OBJS}
 	${RANLIB} $@
 
-libisc.la: ${OBJS} ${SYMTBLOBJS}
+libisc-pkcs11.la: ${OBJS} ${SYMTBLOBJS}
 	${LIBTOOL_MODE_LINK} \
-		${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libisc.la -rpath ${libdir} \
+		${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libisc-pkcs11.la -rpath ${libdir} \
 		-version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \
 		${OBJS} ${SYMTBLOBJS} ${LIBS}
 
-libisc-nosymtbl.la: ${OBJS}
+libisc-pkcs11-nosymtbl.la: ${OBJS}
 	${LIBTOOL_MODE_LINK} \
-		${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libisc-nosymtbl.la -rpath ${libdir} \
+		${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libisc-pkcs11-nosymtbl.la -rpath ${libdir} \
 		-version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \
 		${OBJS} ${LIBS}
 
-timestamp: libisc.@A@ libisc-nosymtbl.@A@
+timestamp: libisc-pkcs11.@A@ libisc-pkcs11-nosymtbl.@A@
 	touch timestamp
 
 installdirs:
 	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${libdir}
 
 install:: timestamp installdirs
-	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} libisc.@A@ ${DESTDIR}${libdir}
+	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} libisc-pkcs11.@A@ ${DESTDIR}${libdir}
 
 clean distclean::
-	rm -f libisc.@A@ libisc-nosymtbl.@A@ libisc.la \
-	libisc-nosymtbl.la timestamp
+	rm -f libisc-pkcs11.@A@ libisc-pkcs11-nosymtbl.@A@ libisc-pkcs11.la \
+	libisc-pkcs11-nosymtbl.la timestamp
diff --git a/make/includes.in b/make/includes.in
index f2f1b3f..639477c 100644
--- a/make/includes.in
+++ b/make/includes.in
@@ -46,3 +46,13 @@ BIND9_INCLUDES = @BIND9_BIND9_BUILDINCLUDE@ \
 
 TEST_INCLUDES = \
 	-I${top_srcdir}/lib/tests/include
+
+ISC_PKCS11_INCLUDES = @BIND9_ISC_BUILDINCLUDE@ \
+	-I${top_srcdir}/lib/isc-pkcs11 \
+	-I${top_srcdir}/lib/isc-pkcs11/include \
+	-I${top_srcdir}/lib/isc-pkcs11/unix/include \
+	-I${top_srcdir}/lib/isc-pkcs11/@ISC_THREAD_DIR@/include \
+	-I${top_srcdir}/lib/isc-pkcs11/@ISC_ARCH_DIR@/include
+
+DNS_PKCS11_INCLUDES = @BIND9_DNS_BUILDINCLUDE@ \
+	-I${top_srcdir}/lib/dns-pkcs11/include