diff --git a/lib/util/pkcs11t.h b/lib/util/pkcs11t.h
--- a/lib/util/pkcs11t.h
+++ b/lib/util/pkcs11t.h
@@ -819,16 +819,26 @@ typedef CK_ULONG          CK_MECHANISM_T
 /* WTLS mechanisms are new for v2.20 */
 #define CKM_WTLS_PRE_MASTER_KEY_GEN         0x000003D0
 #define CKM_WTLS_MASTER_KEY_DERIVE          0x000003D1
 #define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC   0x000003D2
 #define CKM_WTLS_PRF                        0x000003D3
 #define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE  0x000003D4
 #define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE  0x000003D5
 
+/* TLS 1.2 mechanisms are new for v2.40 */
+#define CKM_TLS12_MASTER_KEY_DERIVE         0x000003E0
+#define CKM_TLS12_KEY_AND_MAC_DERIVE        0x000003E1
+#define CKM_TLS12_MASTER_KEY_DERIVE_DH      0x000003E2
+#define CKM_TLS10_MAC_SERVER                0x000003E3
+#define CKM_TLS10_MAC_CLIENT                0x000003E4
+#define CKM_TLS12_MAC                       0x000003E5
+#define CKM_TLS12_KEY_SAFE_DERIVE           0x000003E6
+#define CKM_TLS_KDF                         0x000003E7
+
 #define CKM_KEY_WRAP_LYNKS             0x00000400
 #define CKM_KEY_WRAP_SET_OAEP          0x00000401
 
 /* CKM_CMS_SIG is new for v2.20 */
 #define CKM_CMS_SIG                    0x00000500
 
 /* Fortezza mechanisms */
 #define CKM_SKIPJACK_KEY_GEN           0x00001000
@@ -1643,16 +1653,55 @@ typedef struct CK_TLS_PRF_PARAMS {
   CK_BYTE_PTR  pLabel;
   CK_ULONG     ulLabelLen;
   CK_BYTE_PTR  pOutput;
   CK_ULONG_PTR pulOutputLen;
 } CK_TLS_PRF_PARAMS;
 
 typedef CK_TLS_PRF_PARAMS CK_PTR CK_TLS_PRF_PARAMS_PTR;
 
+/* TLS 1.2 is new for version 2.40 */
+typedef struct CK_TLS12_MASTER_KEY_DERIVE_PARAMS {
+  CK_SSL3_RANDOM_DATA RandomInfo;
+  CK_VERSION_PTR pVersion;
+  CK_MECHANISM_TYPE prfHashMechanism;
+} CK_TLS12_MASTER_KEY_DERIVE_PARAMS;
+
+typedef CK_TLS12_MASTER_KEY_DERIVE_PARAMS CK_PTR \
+  CK_TLS12_MASTER_KEY_DERIVE_PARAMS_PTR;
+
+typedef struct CK_TLS12_KEY_MAT_PARAMS {
+  CK_ULONG ulMacSizeInBits;
+  CK_ULONG ulKeySizeInBits;
+  CK_ULONG ulIVSizeInBits;
+  CK_BBOOL bIsExport;  /* Unused. Must be set to CK_FALSE. */
+  CK_SSL3_RANDOM_DATA RandomInfo;
+  CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
+  CK_MECHANISM_TYPE prfHashMechanism;
+} CK_TLS12_KEY_MAT_PARAMS;
+
+typedef CK_TLS12_KEY_MAT_PARAMS CK_PTR CK_TLS12_KEY_MAT_PARAMS_PTR;
+
+typedef struct CK_TLS_KDF_PARAMS {
+  CK_MECHANISM_TYPE prfMechanism;
+  CK_BYTE_PTR pLabel;
+  CK_ULONG ulLabelLength;
+  CK_SSL3_RANDOM_DATA RandomInfo;
+  CK_BYTE_PTR pContextData;
+  CK_ULONG ulContextDataLength;
+} CK_TLS_KDF_PARAMS;
+
+typedef struct CK_TLS12_MAC_PARAMS {
+  CK_MECHANISM_TYPE prfHashMechanism;
+  CK_ULONG ulMacLength;
+  CK_ULONG ulServerOrClient;
+} CK_TLS12_MAC_PARAMS;
+
+typedef CK_TLS12_MAC_PARAMS CK_PTR CK_TLS12_MAC_PARAMS_PTR;
+
 /* WTLS is new for version 2.20 */
 typedef struct CK_WTLS_RANDOM_DATA {
   CK_BYTE_PTR pClientRandom;
   CK_ULONG    ulClientRandomLen;
   CK_BYTE_PTR pServerRandom;
   CK_ULONG    ulServerRandomLen;
 } CK_WTLS_RANDOM_DATA;