Merge the engine branch into the main trunk. All conflicts resolved.
authorRichard Levitte <levitte@openssl.org>
Thu, 26 Oct 2000 21:07:28 +0000 (21:07 +0000)
committerRichard Levitte <levitte@openssl.org>
Thu, 26 Oct 2000 21:07:28 +0000 (21:07 +0000)
At the same time, add VMS support for Rijndael.

94 files changed:
CHANGES
Configure
Makefile.org
STATUS
TABLE
apps/Makefile.ssl
apps/apps.c
apps/apps.h
apps/ca.c
apps/dgst.c
apps/dh.c
apps/dhparam.c
apps/dsa.c
apps/dsaparam.c
apps/enc.c
apps/gendh.c
apps/gendsa.c
apps/genrsa.c
apps/pkcs12.c
apps/pkcs7.c
apps/pkcs8.c
apps/rand.c
apps/req.c
apps/rsa.c
apps/s_client.c
apps/s_server.c
apps/smime.c
apps/speed.c
apps/spkac.c
apps/verify.c
apps/x509.c
config
crypto/Makefile.ssl
crypto/bn/bn_exp.c
crypto/cryptlib.c
crypto/crypto-lib.com
crypto/crypto.h
crypto/dh/Makefile.ssl
crypto/dh/dh.h
crypto/dh/dh_key.c
crypto/dh/dh_lib.c
crypto/dsa/Makefile.ssl
crypto/dsa/dsa.h
crypto/dsa/dsa_lib.c
crypto/dsa/dsa_ossl.c
crypto/dsa/dsa_sign.c
crypto/dsa/dsa_vrf.c
crypto/engine/.cvsignore [new file with mode: 0644]
crypto/engine/Makefile.ssl [new file with mode: 0644]
crypto/engine/README [new file with mode: 0644]
crypto/engine/engine.h [new file with mode: 0644]
crypto/engine/engine_err.c [new file with mode: 0644]
crypto/engine/engine_int.h [new file with mode: 0644]
crypto/engine/engine_lib.c [new file with mode: 0644]
crypto/engine/engine_list.c [new file with mode: 0644]
crypto/engine/engine_openssl.c [new file with mode: 0644]
crypto/engine/enginetest.c [new file with mode: 0644]
crypto/engine/hw_atalla.c [new file with mode: 0644]
crypto/engine/hw_cswift.c [new file with mode: 0644]
crypto/engine/hw_ncipher.c [new file with mode: 0644]
crypto/engine/hw_nuron.c [new file with mode: 0644]
crypto/engine/vendor_defns/atalla.h [new file with mode: 0644]
crypto/engine/vendor_defns/cswift.h [new file with mode: 0644]
crypto/engine/vendor_defns/hwcryptohook.h [new file with mode: 0644]
crypto/err/Makefile.ssl
crypto/err/err.c
crypto/err/err.h
crypto/err/err_all.c
crypto/err/openssl.ec
crypto/install.com
crypto/rand/Makefile.ssl
crypto/rand/rand.h
crypto/rand/rand_lib.c
crypto/rsa/Makefile.ssl
crypto/rsa/rsa.h
crypto/rsa/rsa_eay.c
crypto/rsa/rsa_lib.c
crypto/rsa/rsa_sign.c
doc/apps/s_client.pod
doc/apps/s_server.pod
doc/apps/speed.pod
doc/crypto/DH_set_method.pod
doc/crypto/DSA_set_method.pod
doc/crypto/RSA_set_method.pod
doc/crypto/dh.pod
doc/crypto/dsa.pod
doc/crypto/rsa.pod
makevms.com
test/Makefile.ssl
test/maketests.com
test/tests.com
util/libeay.num
util/mkdef.pl
util/mkfiles.pl

diff --git a/CHANGES b/CHANGES
index 2baa11c..eb4715d 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,16 @@
 
  Changes between 0.9.6 and 0.9.7  [xx XXX 2000]
 
+  *) Add VMS support for the Rijndael code
+     [Richard Levitte]
+
+  *) Added untested support for Nuron crypto accelerator.
+     [Ben Laurie]
+
+  *) Add support for external cryptographic devices.  This code was
+     previously distributed separately as the "engine" branch.
+     [Geoff Thorpe, Richard Levitte]
+
   *) Rework the filename-translation in the DSO code. It is now possible to
      have far greater control over how a "name" is turned into a filename
      depending on the operating environment and any oddities about the
index 3ea55df..60fbf90 100755 (executable)
--- a/Configure
+++ b/Configure
@@ -10,7 +10,7 @@ use strict;
 
 # see INSTALL for instructions.
 
-my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [rsaref] [no-threads] [no-asm] [no-dso] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [rsaref] [no-threads] [no-asm] [no-dso] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] os/compiler[:flags]\n";
 
 # Options:
 #
@@ -23,6 +23,11 @@ my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-
 #               default).  This needn't be set in advance, you can
 #               just as well use "make INSTALL_PREFIX=/whatever install".
 #
+# no-hw-xxx     do not compile support for specific crypto hardware.
+#               Generic OpenSSL-style methods relating to this support
+#               are always compiled but return NULL if the hardware
+#               support isn't compiled.
+# no-hw         do not compile support for any crypto hardware.
 # rsaref        use RSAref
 # [no-]threads  [don't] try to create a library that is suitable for
 #               multithreaded applications (default is "threads" if we
@@ -490,6 +495,18 @@ PROCESS_ARGS:
                        $flags .= "-DNO_ASM ";
                        $openssl_other_defines .= "#define NO_ASM\n";
                        }
+               elsif (/^no-hw-(.+)$/)
+                       {
+                       my $hw=$1;
+                       $hw =~ tr/[a-z]/[A-Z]/;
+                       $flags .= "-DNO_HW_$hw ";
+                       $openssl_other_defines .= "#define NO_HW_$hw\n";
+                       }
+               elsif (/^no-hw$/)
+                       {
+                       $flags .= "-DNO_HW ";
+                       $openssl_other_defines .= "#define NO_HW\n";
+                       }
                elsif (/^no-dso$/)
                        { $no_dso=1; }
                elsif (/^no-threads$/)
index 7d93839..184fd76 100644 (file)
@@ -161,7 +161,7 @@ SHLIBDIRS= crypto ssl
 SDIRS=  \
        md2 md4 md5 sha mdc2 hmac ripemd \
        des rc2 rc4 rc5 idea bf cast \
-       bn rsa dsa dh dso rijndael \
+       bn rsa dsa dh dso engine rijndael \
        buffer bio stack lhash rand err objects \
        evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
 
diff --git a/STATUS b/STATUS
index e79e85e..20ea543 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -1,6 +1,6 @@
 
   OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2000/10/23 14:36:18 $
+  ______________                           $Date: 2000/10/26 21:07:27 $
 
   DEVELOPMENT STATE
 
diff --git a/TABLE b/TABLE
index 5731d07..0066d06 100644 (file)
--- a/TABLE
+++ b/TABLE
@@ -130,7 +130,7 @@ $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $cc           = gcc
 $cflags       = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall
 $unistd       = 
-$thread_cflag = (unknown)
+$thread_cflag = -pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE
 $lflags       = 
 $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
 $bn_obj       = asm/bn86-elf.o asm/co86-elf.o
index 31fe280..10b94e1 100644 (file)
@@ -212,14 +212,15 @@ ca.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 ca.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h
 ca.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-ca.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-ca.o: ../include/openssl/evp.h ../include/openssl/idea.h
-ca.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-ca.o: ../include/openssl/md4.h ../include/openssl/md5.h
-ca.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-ca.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ca.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-ca.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ca.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+ca.o: ../include/openssl/err.h ../include/openssl/evp.h
+ca.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+ca.o: ../include/openssl/md2.h ../include/openssl/md4.h
+ca.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ca.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 ca.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 ca.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
 ca.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
@@ -302,14 +303,15 @@ dgst.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 dgst.o: ../include/openssl/des.h ../include/openssl/dh.h
 dgst.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 dgst.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-dgst.o: ../include/openssl/err.h ../include/openssl/evp.h
-dgst.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-dgst.o: ../include/openssl/md2.h ../include/openssl/md4.h
-dgst.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-dgst.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-dgst.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dgst.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-dgst.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+dgst.o: ../include/openssl/engine.h ../include/openssl/err.h
+dgst.o: ../include/openssl/evp.h ../include/openssl/idea.h
+dgst.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+dgst.o: ../include/openssl/md4.h ../include/openssl/md5.h
+dgst.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+dgst.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dgst.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dgst.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 dgst.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 dgst.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 dgst.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
@@ -322,14 +324,15 @@ dh.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 dh.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h
 dh.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-dh.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-dh.o: ../include/openssl/evp.h ../include/openssl/idea.h
-dh.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-dh.o: ../include/openssl/md4.h ../include/openssl/md5.h
-dh.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-dh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-dh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dh.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+dh.o: ../include/openssl/err.h ../include/openssl/evp.h
+dh.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+dh.o: ../include/openssl/md2.h ../include/openssl/md4.h
+dh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+dh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+dh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+dh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 dh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 dh.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
 dh.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
@@ -344,14 +347,15 @@ dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 dsa.o: ../include/openssl/des.h ../include/openssl/dh.h
 dsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 dsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-dsa.o: ../include/openssl/err.h ../include/openssl/evp.h
-dsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-dsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
-dsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-dsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-dsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-dsa.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+dsa.o: ../include/openssl/engine.h ../include/openssl/err.h
+dsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
+dsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+dsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
+dsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+dsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 dsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 dsa.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 dsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
@@ -365,14 +369,15 @@ dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 dsaparam.o: ../include/openssl/des.h ../include/openssl/dh.h
 dsaparam.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 dsaparam.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-dsaparam.o: ../include/openssl/err.h ../include/openssl/evp.h
-dsaparam.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-dsaparam.o: ../include/openssl/md2.h ../include/openssl/md4.h
-dsaparam.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-dsaparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-dsaparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dsaparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-dsaparam.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+dsaparam.o: ../include/openssl/engine.h ../include/openssl/err.h
+dsaparam.o: ../include/openssl/evp.h ../include/openssl/idea.h
+dsaparam.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+dsaparam.o: ../include/openssl/md4.h ../include/openssl/md5.h
+dsaparam.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+dsaparam.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dsaparam.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 dsaparam.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 dsaparam.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 dsaparam.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
@@ -386,21 +391,21 @@ enc.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 enc.o: ../include/openssl/des.h ../include/openssl/dh.h
 enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 enc.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-enc.o: ../include/openssl/err.h ../include/openssl/evp.h
-enc.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-enc.o: ../include/openssl/md2.h ../include/openssl/md4.h
-enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-enc.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-enc.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
-enc.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
-enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-enc.o: ../include/openssl/sha.h ../include/openssl/stack.h
-enc.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-enc.o: ../include/openssl/x509_vfy.h apps.h
+enc.o: ../include/openssl/engine.h ../include/openssl/err.h
+enc.o: ../include/openssl/evp.h ../include/openssl/idea.h
+enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+enc.o: ../include/openssl/md4.h ../include/openssl/md5.h
+enc.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+enc.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+enc.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
+enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 errstr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 errstr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 errstr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -432,21 +437,21 @@ gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 gendh.o: ../include/openssl/des.h ../include/openssl/dh.h
 gendh.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 gendh.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-gendh.o: ../include/openssl/err.h ../include/openssl/evp.h
-gendh.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-gendh.o: ../include/openssl/md2.h ../include/openssl/md4.h
-gendh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-gendh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-gendh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-gendh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-gendh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-gendh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-gendh.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
-gendh.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
-gendh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-gendh.o: ../include/openssl/sha.h ../include/openssl/stack.h
-gendh.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-gendh.o: ../include/openssl/x509_vfy.h apps.h
+gendh.o: ../include/openssl/engine.h ../include/openssl/err.h
+gendh.o: ../include/openssl/evp.h ../include/openssl/idea.h
+gendh.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+gendh.o: ../include/openssl/md4.h ../include/openssl/md5.h
+gendh.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+gendh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+gendh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+gendh.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+gendh.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+gendh.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
+gendh.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+gendh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 gendsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 gendsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 gendsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -454,14 +459,15 @@ gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 gendsa.o: ../include/openssl/des.h ../include/openssl/dh.h
 gendsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 gendsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h
-gendsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-gendsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
-gendsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-gendsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-gendsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-gendsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-gendsa.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+gendsa.o: ../include/openssl/engine.h ../include/openssl/err.h
+gendsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
+gendsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+gendsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
+gendsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+gendsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+gendsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+gendsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 gendsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 gendsa.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 gendsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
@@ -475,14 +481,15 @@ genrsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 genrsa.o: ../include/openssl/des.h ../include/openssl/dh.h
 genrsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 genrsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-genrsa.o: ../include/openssl/err.h ../include/openssl/evp.h
-genrsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-genrsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
-genrsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-genrsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-genrsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-genrsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-genrsa.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+genrsa.o: ../include/openssl/engine.h ../include/openssl/err.h
+genrsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
+genrsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+genrsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
+genrsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+genrsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+genrsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+genrsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 genrsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 genrsa.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 genrsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
@@ -563,14 +570,15 @@ pkcs12.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 pkcs12.o: ../include/openssl/des.h ../include/openssl/dh.h
 pkcs12.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 pkcs12.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-pkcs12.o: ../include/openssl/err.h ../include/openssl/evp.h
-pkcs12.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-pkcs12.o: ../include/openssl/md2.h ../include/openssl/md4.h
-pkcs12.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-pkcs12.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-pkcs12.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-pkcs12.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-pkcs12.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
+pkcs12.o: ../include/openssl/engine.h ../include/openssl/err.h
+pkcs12.o: ../include/openssl/evp.h ../include/openssl/idea.h
+pkcs12.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+pkcs12.o: ../include/openssl/md4.h ../include/openssl/md5.h
+pkcs12.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+pkcs12.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 pkcs12.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 pkcs12.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
 pkcs12.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
@@ -585,14 +593,15 @@ pkcs7.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 pkcs7.o: ../include/openssl/des.h ../include/openssl/dh.h
 pkcs7.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 pkcs7.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-pkcs7.o: ../include/openssl/err.h ../include/openssl/evp.h
-pkcs7.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-pkcs7.o: ../include/openssl/md2.h ../include/openssl/md4.h
-pkcs7.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-pkcs7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-pkcs7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-pkcs7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-pkcs7.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+pkcs7.o: ../include/openssl/engine.h ../include/openssl/err.h
+pkcs7.o: ../include/openssl/evp.h ../include/openssl/idea.h
+pkcs7.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+pkcs7.o: ../include/openssl/md4.h ../include/openssl/md5.h
+pkcs7.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+pkcs7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+pkcs7.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 pkcs7.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 pkcs7.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 pkcs7.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
@@ -606,14 +615,15 @@ pkcs8.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 pkcs8.o: ../include/openssl/des.h ../include/openssl/dh.h
 pkcs8.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 pkcs8.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-pkcs8.o: ../include/openssl/err.h ../include/openssl/evp.h
-pkcs8.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-pkcs8.o: ../include/openssl/md2.h ../include/openssl/md4.h
-pkcs8.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-pkcs8.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-pkcs8.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-pkcs8.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-pkcs8.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
+pkcs8.o: ../include/openssl/engine.h ../include/openssl/err.h
+pkcs8.o: ../include/openssl/evp.h ../include/openssl/idea.h
+pkcs8.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+pkcs8.o: ../include/openssl/md4.h ../include/openssl/md5.h
+pkcs8.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+pkcs8.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 pkcs8.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 pkcs8.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
 pkcs8.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
@@ -628,20 +638,20 @@ rand.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 rand.o: ../include/openssl/des.h ../include/openssl/dh.h
 rand.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 rand.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-rand.o: ../include/openssl/err.h ../include/openssl/evp.h
-rand.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-rand.o: ../include/openssl/md2.h ../include/openssl/md4.h
-rand.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-rand.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-rand.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
-rand.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
-rand.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
-rand.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-rand.o: ../include/openssl/x509_vfy.h apps.h
+rand.o: ../include/openssl/engine.h ../include/openssl/err.h
+rand.o: ../include/openssl/evp.h ../include/openssl/idea.h
+rand.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+rand.o: ../include/openssl/md4.h ../include/openssl/md5.h
+rand.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+rand.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
+rand.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+rand.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+rand.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
+rand.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 req.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 req.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 req.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -649,14 +659,15 @@ req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 req.o: ../include/openssl/des.h ../include/openssl/dh.h
 req.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 req.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-req.o: ../include/openssl/err.h ../include/openssl/evp.h
-req.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-req.o: ../include/openssl/md2.h ../include/openssl/md4.h
-req.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-req.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-req.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-req.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+req.o: ../include/openssl/engine.h ../include/openssl/err.h
+req.o: ../include/openssl/evp.h ../include/openssl/idea.h
+req.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+req.o: ../include/openssl/md4.h ../include/openssl/md5.h
+req.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+req.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+req.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+req.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 req.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 req.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 req.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
@@ -671,14 +682,15 @@ rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 rsa.o: ../include/openssl/des.h ../include/openssl/dh.h
 rsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 rsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-rsa.o: ../include/openssl/err.h ../include/openssl/evp.h
-rsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-rsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
-rsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-rsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-rsa.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+rsa.o: ../include/openssl/engine.h ../include/openssl/err.h
+rsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
+rsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+rsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
+rsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+rsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+rsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 rsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 rsa.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 rsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
@@ -737,14 +749,15 @@ s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_client.o: ../include/openssl/crypto.h ../include/openssl/des.h
 s_client.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 s_client.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-s_client.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s_client.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s_client.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s_client.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s_client.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s_client.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s_client.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s_client.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_client.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+s_client.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_client.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+s_client.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s_client.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s_client.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_client.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 s_client.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 s_client.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
 s_client.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
@@ -762,14 +775,15 @@ s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_server.o: ../include/openssl/crypto.h ../include/openssl/des.h
 s_server.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 s_server.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-s_server.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s_server.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s_server.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s_server.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s_server.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s_server.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s_server.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s_server.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_server.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+s_server.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_server.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+s_server.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s_server.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s_server.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_server.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 s_server.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 s_server.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
 s_server.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
@@ -860,14 +874,15 @@ smime.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 smime.o: ../include/openssl/des.h ../include/openssl/dh.h
 smime.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 smime.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-smime.o: ../include/openssl/err.h ../include/openssl/evp.h
-smime.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-smime.o: ../include/openssl/md2.h ../include/openssl/md4.h
-smime.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-smime.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-smime.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-smime.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-smime.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+smime.o: ../include/openssl/engine.h ../include/openssl/err.h
+smime.o: ../include/openssl/evp.h ../include/openssl/idea.h
+smime.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+smime.o: ../include/openssl/md4.h ../include/openssl/md5.h
+smime.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+smime.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+smime.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+smime.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+smime.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 smime.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 smime.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 smime.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
@@ -881,21 +896,21 @@ speed.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 speed.o: ../include/openssl/des.h ../include/openssl/dh.h
 speed.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 speed.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-speed.o: ../include/openssl/err.h ../include/openssl/evp.h
-speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h
-speed.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-speed.o: ../include/openssl/md4.h ../include/openssl/md5.h
-speed.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-speed.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-speed.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
-speed.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-speed.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-speed.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
-speed.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-speed.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-speed.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ./testdsa.h
-speed.o: ./testrsa.h apps.h
+speed.o: ../include/openssl/engine.h ../include/openssl/err.h
+speed.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+speed.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+speed.o: ../include/openssl/md2.h ../include/openssl/md4.h
+speed.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+speed.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+speed.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
+speed.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
+speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
+speed.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+speed.o: ../include/openssl/x509_vfy.h ./testdsa.h ./testrsa.h apps.h
 spkac.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 spkac.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 spkac.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -903,14 +918,15 @@ spkac.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 spkac.o: ../include/openssl/des.h ../include/openssl/dh.h
 spkac.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 spkac.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-spkac.o: ../include/openssl/err.h ../include/openssl/evp.h
-spkac.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-spkac.o: ../include/openssl/md2.h ../include/openssl/md4.h
-spkac.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-spkac.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-spkac.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-spkac.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-spkac.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+spkac.o: ../include/openssl/engine.h ../include/openssl/err.h
+spkac.o: ../include/openssl/evp.h ../include/openssl/idea.h
+spkac.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+spkac.o: ../include/openssl/md4.h ../include/openssl/md5.h
+spkac.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+spkac.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+spkac.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+spkac.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 spkac.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 spkac.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 spkac.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
@@ -924,14 +940,15 @@ verify.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 verify.o: ../include/openssl/des.h ../include/openssl/dh.h
 verify.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 verify.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-verify.o: ../include/openssl/err.h ../include/openssl/evp.h
-verify.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-verify.o: ../include/openssl/md2.h ../include/openssl/md4.h
-verify.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-verify.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-verify.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-verify.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-verify.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+verify.o: ../include/openssl/engine.h ../include/openssl/err.h
+verify.o: ../include/openssl/evp.h ../include/openssl/idea.h
+verify.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+verify.o: ../include/openssl/md4.h ../include/openssl/md5.h
+verify.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+verify.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+verify.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+verify.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 verify.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 verify.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 verify.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
@@ -966,14 +983,15 @@ x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 x509.o: ../include/openssl/des.h ../include/openssl/dh.h
 x509.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 x509.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-x509.o: ../include/openssl/err.h ../include/openssl/evp.h
-x509.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-x509.o: ../include/openssl/md2.h ../include/openssl/md4.h
-x509.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-x509.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-x509.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-x509.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-x509.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+x509.o: ../include/openssl/engine.h ../include/openssl/err.h
+x509.o: ../include/openssl/evp.h ../include/openssl/idea.h
+x509.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+x509.o: ../include/openssl/md4.h ../include/openssl/md5.h
+x509.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+x509.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+x509.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+x509.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 x509.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 x509.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 x509.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
index 03bd9e2..0190d71 100644 (file)
@@ -178,6 +178,8 @@ int str2fmt(char *s)
                || (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0)
                || (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0))
                return(FORMAT_PKCS12);
+       else if ((*s == 'E') || (*s == 'e'))
+               return(FORMAT_ENGINE);
        else
                return(FORMAT_UNDEF);
        }
index 0951299..7a834f9 100644 (file)
@@ -163,6 +163,7 @@ STACK_OF(X509) *load_certs(BIO *err, char *file, int format);
 #define FORMAT_NETSCAPE 4
 #define FORMAT_PKCS12   5
 #define FORMAT_SMIME    6
+#define FORMAT_ENGINE   7
 
 #define NETSCAPE_CERT_HDR      "certificate"
 
index 2d71104..2ab0c4d 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -74,6 +74,7 @@
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #ifndef W_OK
 #  ifdef VMS
@@ -167,6 +168,7 @@ static char *ca_usage[]={
 " -revoke file    - Revoke a certificate (given in file)\n",
 " -extensions ..  - Extension section (override value in config file)\n",
 " -crlexts ..     - CRL extension section (override value in config file)\n",
+" -engine e       - use engine e, possibly a hardware device.\n",
 NULL
 };
 
@@ -216,6 +218,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
        {
+       ENGINE *e = NULL;
        char *key=NULL,*passargin=NULL;
        int total=0;
        int total_done=0;
@@ -268,6 +271,7 @@ int MAIN(int argc, char **argv)
 #define BSIZE 256
        MS_STATIC char buf[3][BSIZE];
        char *randfile=NULL;
+       char *engine = NULL;
 
 #ifdef EFENCE
 EF_PROTECT_FREE=1;
@@ -419,6 +423,11 @@ EF_ALIGNMENT=0;
                        if (--argc < 1) goto bad;
                        crl_ext= *(++argv);
                        }
+               else if (strcmp(*argv,"-engine") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       engine= *(++argv);
+                       }
                else
                        {
 bad:
@@ -439,6 +448,24 @@ bad:
 
        ERR_load_crypto_strings();
 
+       if (engine != NULL)
+               {
+               if((e = ENGINE_by_id(engine)) == NULL)
+                       {
+                       BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                               engine);
+                       goto err;
+                       }
+               if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                       {
+                       BIO_printf(bio_err,"can't use that engine\n");
+                       goto err;
+                       }
+               BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+               /* Free our "structural" reference. */
+               ENGINE_free(e);
+               }
+
        /*****************************************************************/
        if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
        if (configfile == NULL) configfile = getenv("SSLEAY_CONF");
index 0e93c97..ab3e2db 100644 (file)
@@ -66,6 +66,7 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #undef BUFSIZE
 #define BUFSIZE        1024*8
@@ -80,6 +81,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
        {
+       ENGINE *e = NULL;
        unsigned char *buf=NULL;
        int i,err=0;
        const EVP_MD *md=NULL,*m;
@@ -97,6 +99,7 @@ int MAIN(int argc, char **argv)
        EVP_PKEY *sigkey = NULL;
        unsigned char *sigbuf = NULL;
        int siglen = 0;
+       char *engine=NULL;
 
        apps_startup();
 
@@ -154,6 +157,11 @@ int MAIN(int argc, char **argv)
                        if (--argc < 1) break;
                        sigfile=*(++argv);
                        }
+               else if (strcmp(*argv,"-engine") == 0)
+                       {
+                       if (--argc < 1) break;
+                       engine= *(++argv);
+                       }
                else if (strcmp(*argv,"-hex") == 0)
                        out_bin = 0;
                else if (strcmp(*argv,"-binary") == 0)
@@ -190,6 +198,7 @@ int MAIN(int argc, char **argv)
                BIO_printf(bio_err,"-prverify file  verify a signature using private key in file\n");
                BIO_printf(bio_err,"-signature file signature to verify\n");
                BIO_printf(bio_err,"-binary         output in binary form\n");
+               BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
 
                BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n",
                        LN_md5,LN_md5);
@@ -209,6 +218,24 @@ int MAIN(int argc, char **argv)
                goto end;
                }
 
+       if (engine != NULL)
+               {
+               if((e = ENGINE_by_id(engine)) == NULL)
+                       {
+                       BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                               engine);
+                       goto end;
+                       }
+               if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                       {
+                       BIO_printf(bio_err,"can't use that engine\n");
+                       goto end;
+                       }
+               BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+               /* Free our "structural" reference. */
+               ENGINE_free(e);
+               }
+
        in=BIO_new(BIO_s_file());
        bmd=BIO_new(BIO_f_md());
        if (debug)
index 7465442..229ba2f 100644 (file)
--- a/apps/dh.c
+++ b/apps/dh.c
@@ -69,6 +69,7 @@
 #include <openssl/dh.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #undef PROG
 #define PROG   dh_main
@@ -87,11 +88,12 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
        {
+       ENGINE *e = NULL;
        DH *dh=NULL;
        int i,badops=0,text=0;
        BIO *in=NULL,*out=NULL;
        int informat,outformat,check=0,noout=0,C=0,ret=1;
-       char *infile,*outfile,*prog;
+       char *infile,*outfile,*prog,*engine;
 
        apps_startup();
 
@@ -99,6 +101,7 @@ int MAIN(int argc, char **argv)
                if ((bio_err=BIO_new(BIO_s_file())) != NULL)
                        BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+       engine=NULL;
        infile=NULL;
        outfile=NULL;
        informat=FORMAT_PEM;
@@ -129,6 +132,11 @@ int MAIN(int argc, char **argv)
                        if (--argc < 1) goto bad;
                        outfile= *(++argv);
                        }
+               else if (strcmp(*argv,"-engine") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       engine= *(++argv);
+                       }
                else if (strcmp(*argv,"-check") == 0)
                        check=1;
                else if (strcmp(*argv,"-text") == 0)
@@ -160,11 +168,30 @@ bad:
                BIO_printf(bio_err," -text         print a text form of the DH parameters\n");
                BIO_printf(bio_err," -C            Output C code\n");
                BIO_printf(bio_err," -noout        no output\n");
+               BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
                goto end;
                }
 
        ERR_load_crypto_strings();
 
+       if (engine != NULL)
+               {
+               if((e = ENGINE_by_id(engine)) == NULL)
+                       {
+                       BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                               engine);
+                       goto end;
+                       }
+               if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                       {
+                       BIO_printf(bio_err,"can't use that engine\n");
+                       goto end;
+                       }
+               BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+               /* Free our "structural" reference. */
+               ENGINE_free(e);
+               }
+
        in=BIO_new(BIO_s_file());
        out=BIO_new(BIO_s_file());
        if ((in == NULL) || (out == NULL))
index 5f9b601..9d5705f 100644 (file)
 #include <openssl/dh.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #ifndef NO_DSA
 #include <openssl/dsa.h>
@@ -148,6 +149,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
        {
+       ENGINE *e = NULL;
        DH *dh=NULL;
        int i,badops=0,text=0;
 #ifndef NO_DSA
@@ -156,7 +158,7 @@ int MAIN(int argc, char **argv)
        BIO *in=NULL,*out=NULL;
        int informat,outformat,check=0,noout=0,C=0,ret=1;
        char *infile,*outfile,*prog;
-       char *inrand=NULL;
+       char *inrand=NULL,*engine=NULL;
        int num = 0, g = 0;
 
        apps_startup();
@@ -195,6 +197,11 @@ int MAIN(int argc, char **argv)
                        if (--argc < 1) goto bad;
                        outfile= *(++argv);
                        }
+               else if (strcmp(*argv,"-engine") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       engine= *(++argv);
+                       }
                else if (strcmp(*argv,"-check") == 0)
                        check=1;
                else if (strcmp(*argv,"-text") == 0)
@@ -240,6 +247,7 @@ bad:
                BIO_printf(bio_err," -2            generate parameters using  2 as the generator value\n");
                BIO_printf(bio_err," -5            generate parameters using  5 as the generator value\n");
                BIO_printf(bio_err," numbits       number of bits in to generate (default 512)\n");
+               BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
                BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
                BIO_printf(bio_err,"               - load the file (or the files in the directory) into\n");
                BIO_printf(bio_err,"               the random number generator\n");
@@ -249,6 +257,24 @@ bad:
 
        ERR_load_crypto_strings();
 
+       if (engine != NULL)
+               {
+               if((e = ENGINE_by_id(engine)) == NULL)
+                       {
+                       BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                               engine);
+                       goto end;
+                       }
+               if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                       {
+                       BIO_printf(bio_err,"can't use that engine\n");
+                       goto end;
+                       }
+               BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+               /* Free our "structural" reference. */
+               ENGINE_free(e);
+               }
+
        if (g && !num)
                num = DEFBITS;
 
index 7c4a46f..49ca900 100644 (file)
@@ -68,6 +68,7 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #undef PROG
 #define PROG   dsa_main
@@ -87,6 +88,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
        {
+       ENGINE *e = NULL;
        int ret=1;
        DSA *dsa=NULL;
        int i,badops=0;
@@ -94,7 +96,7 @@ int MAIN(int argc, char **argv)
        BIO *in=NULL,*out=NULL;
        int informat,outformat,text=0,noout=0;
        int pubin = 0, pubout = 0;
-       char *infile,*outfile,*prog;
+       char *infile,*outfile,*prog,*engine;
        char *passargin = NULL, *passargout = NULL;
        char *passin = NULL, *passout = NULL;
        int modulus=0;
@@ -105,6 +107,7 @@ int MAIN(int argc, char **argv)
                if ((bio_err=BIO_new(BIO_s_file())) != NULL)
                        BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+       engine=NULL;
        infile=NULL;
        outfile=NULL;
        informat=FORMAT_PEM;
@@ -145,6 +148,11 @@ int MAIN(int argc, char **argv)
                        if (--argc < 1) goto bad;
                        passargout= *(++argv);
                        }
+               else if (strcmp(*argv,"-engine") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       engine= *(++argv);
+                       }
                else if (strcmp(*argv,"-noout") == 0)
                        noout=1;
                else if (strcmp(*argv,"-text") == 0)
@@ -176,6 +184,7 @@ bad:
                BIO_printf(bio_err," -passin arg     input file pass phrase source\n");
                BIO_printf(bio_err," -out arg        output file\n");
                BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
+               BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
                BIO_printf(bio_err," -des            encrypt PEM output with cbc des\n");
                BIO_printf(bio_err," -des3           encrypt PEM output with ede cbc des using 168 bit key\n");
 #ifndef NO_IDEA
@@ -189,6 +198,24 @@ bad:
 
        ERR_load_crypto_strings();
 
+       if (engine != NULL)
+               {
+               if((e = ENGINE_by_id(engine)) == NULL)
+                       {
+                       BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                               engine);
+                       goto end;
+                       }
+               if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                       {
+                       BIO_printf(bio_err,"can't use that engine\n");
+                       goto end;
+                       }
+               BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+               /* Free our "structural" reference. */
+               ENGINE_free(e);
+               }
+
        if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
                BIO_printf(bio_err, "Error getting passwords\n");
                goto end;
index f861ec7..5177916 100644 (file)
@@ -69,6 +69,7 @@
 #include <openssl/dsa.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #undef PROG
 #define PROG   dsaparam_main
@@ -90,6 +91,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
        {
+       ENGINE *e = NULL;
        DSA *dsa=NULL;
        int i,badops=0,text=0;
        BIO *in=NULL,*out=NULL;
@@ -97,6 +99,7 @@ int MAIN(int argc, char **argv)
        char *infile,*outfile,*prog,*inrand=NULL;
        int numbits= -1,num,genkey=0;
        int need_rand=0;
+       char *engine=NULL;
 
        apps_startup();
 
@@ -134,6 +137,11 @@ int MAIN(int argc, char **argv)
                        if (--argc < 1) goto bad;
                        outfile= *(++argv);
                        }
+               else if(strcmp(*argv, "-engine") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       engine = *(++argv);
+                       }
                else if (strcmp(*argv,"-text") == 0)
                        text=1;
                else if (strcmp(*argv,"-C") == 0)
@@ -180,6 +188,7 @@ bad:
                BIO_printf(bio_err," -C            Output C code\n");
                BIO_printf(bio_err," -noout        no output\n");
                BIO_printf(bio_err," -rand         files to use for random number input\n");
+               BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
                BIO_printf(bio_err," number        number of bits to use for generating private key\n");
                goto end;
                }
@@ -223,6 +232,24 @@ bad:
                        }
                }
 
+       if (engine != NULL)
+               {
+               if((e = ENGINE_by_id(engine)) == NULL)
+                       {
+                       BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                               engine);
+                       goto end;
+                       }
+               if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                       {
+                       BIO_printf(bio_err,"can't use that engine\n");
+                       goto end;
+                       }
+               BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+               /* Free our "structural" reference. */
+               ENGINE_free(e);
+               }
+
        if (need_rand)
                {
                app_RAND_load_file(NULL, bio_err, (inrand != NULL));
index 14b82d5..84179f5 100644 (file)
@@ -70,6 +70,7 @@
 #include <openssl/md5.h>
 #endif
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 int set_hex(char *in,unsigned char *out,int size);
 #undef SIZE
@@ -84,6 +85,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
        {
+       ENGINE *e = NULL;
        static const char magic[]="Salted__";
        char mbuf[8];   /* should be 1 smaller than magic */
        char *strbuf=NULL;
@@ -101,6 +103,7 @@ int MAIN(int argc, char **argv)
        BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
 #define PROG_NAME_SIZE  16
        char pname[PROG_NAME_SIZE];
+       char *engine = NULL;
 
        apps_startup();
 
@@ -141,6 +144,11 @@ int MAIN(int argc, char **argv)
                        if (--argc < 1) goto bad;
                        passarg= *(++argv);
                        }
+               else if (strcmp(*argv,"-engine") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       engine= *(++argv);
+                       }
                else if (strcmp(*argv,"-d") == 0)
                        enc=0;
                else if (strcmp(*argv,"-p") == 0)
@@ -241,6 +249,7 @@ bad:
                        BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
                        BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
                        BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
+                       BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");
 
                        BIO_printf(bio_err,"Cipher Types\n");
                        BIO_printf(bio_err,"des     : 56 bit key DES encryption\n");
@@ -319,6 +328,24 @@ bad:
                argv++;
                }
 
+       if (engine != NULL)
+               {
+               if((e = ENGINE_by_id(engine)) == NULL)
+                       {
+                       BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                               engine);
+                       goto end;
+                       }
+               if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                       {
+                       BIO_printf(bio_err,"can't use that engine\n");
+                       goto end;
+                       }
+               BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+               /* Free our "structural" reference. */
+               ENGINE_free(e);
+               }
+
        if (bufsize != NULL)
                {
                unsigned long n;
index e0c7889..e81109e 100644 (file)
@@ -70,6 +70,7 @@
 #include <openssl/dh.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #define DEFBITS        512
 #undef PROG
@@ -81,11 +82,13 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
        {
+       ENGINE *e = NULL;
        DH *dh=NULL;
        int ret=1,num=DEFBITS;
        int g=2;
        char *outfile=NULL;
        char *inrand=NULL;
+       char *engine=NULL;
        BIO *out=NULL;
 
        apps_startup();
@@ -110,6 +113,11 @@ int MAIN(int argc, char **argv)
                        g=3; */
                else if (strcmp(*argv,"-5") == 0)
                        g=5;
+               else if (strcmp(*argv,"-engine") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       engine= *(++argv);
+                       }
                else if (strcmp(*argv,"-rand") == 0)
                        {
                        if (--argc < 1) goto bad;
@@ -125,15 +133,34 @@ int MAIN(int argc, char **argv)
 bad:
                BIO_printf(bio_err,"usage: gendh [args] [numbits]\n");
                BIO_printf(bio_err," -out file - output the key to 'file\n");
-               BIO_printf(bio_err," -2    use 2 as the generator value\n");
-       /*      BIO_printf(bio_err," -3    use 3 as the generator value\n"); */
-               BIO_printf(bio_err," -5    use 5 as the generator value\n");
+               BIO_printf(bio_err," -2        - use 2 as the generator value\n");
+       /*      BIO_printf(bio_err," -3        - use 3 as the generator value\n"); */
+               BIO_printf(bio_err," -5        - use 5 as the generator value\n");
+               BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
                BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
                BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
                BIO_printf(bio_err,"             the random number generator\n");
                goto end;
                }
                
+       if (engine != NULL)
+               {
+               if((e = ENGINE_by_id(engine)) == NULL)
+                       {
+                       BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                               engine);
+                       goto end;
+                       }
+               if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                       {
+                       BIO_printf(bio_err,"can't use that engine\n");
+                       goto end;
+                       }
+               BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+               /* Free our "structural" reference. */
+               ENGINE_free(e);
+               }
+
        out=BIO_new(BIO_s_file());
        if (out == NULL)
                {
index 6022d8f..1c0ec37 100644 (file)
@@ -68,6 +68,7 @@
 #include <openssl/dsa.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #define DEFBITS        512
 #undef PROG
@@ -77,6 +78,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
        {
+       ENGINE *e = NULL;
        DSA *dsa=NULL;
        int ret=1;
        char *outfile=NULL;
@@ -84,6 +86,7 @@ int MAIN(int argc, char **argv)
        char *passargout = NULL, *passout = NULL;
        BIO *out=NULL,*in=NULL;
        EVP_CIPHER *enc=NULL;
+       char *engine=NULL;
 
        apps_startup();
 
@@ -106,6 +109,11 @@ int MAIN(int argc, char **argv)
                        if (--argc < 1) goto bad;
                        passargout= *(++argv);
                        }
+               else if (strcmp(*argv,"-engine") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       engine= *(++argv);
+                       }
                else if (strcmp(*argv,"-rand") == 0)
                        {
                        if (--argc < 1) goto bad;
@@ -145,6 +153,7 @@ bad:
 #ifndef NO_IDEA
                BIO_printf(bio_err," -idea     - encrypt the generated key with IDEA in cbc mode\n");
 #endif
+               BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
                BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
                BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
                BIO_printf(bio_err,"             the random number generator\n");
@@ -153,6 +162,24 @@ bad:
                goto end;
                }
 
+       if (engine != NULL)
+               {
+               if((e = ENGINE_by_id(engine)) == NULL)
+                       {
+                       BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                               engine);
+                       goto end;
+                       }
+               if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                       {
+                       BIO_printf(bio_err,"can't use that engine\n");
+                       goto end;
+                       }
+               BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+               /* Free our "structural" reference. */
+               ENGINE_free(e);
+               }
+
        if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
                BIO_printf(bio_err, "Error getting password\n");
                goto end;
index ac0b709..e7445e6 100644 (file)
@@ -69,6 +69,7 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #define DEFBITS        512
 #undef PROG
@@ -80,6 +81,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
        {
+       ENGINE *e = NULL;
        int ret=1;
        RSA *rsa=NULL;
        int i,num=DEFBITS;
@@ -88,6 +90,7 @@ int MAIN(int argc, char **argv)
        unsigned long f4=RSA_F4;
        char *outfile=NULL;
        char *passargout = NULL, *passout = NULL;
+       char *engine=NULL;
        char *inrand=NULL;
        BIO *out=NULL;
 
@@ -116,6 +119,11 @@ int MAIN(int argc, char **argv)
                        f4=3;
                else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
                        f4=RSA_F4;
+               else if (strcmp(*argv,"-engine") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       engine= *(++argv);
+                       }
                else if (strcmp(*argv,"-rand") == 0)
                        {
                        if (--argc < 1) goto bad;
@@ -154,6 +162,7 @@ bad:
                BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
                BIO_printf(bio_err," -f4             use F4 (0x10001) for the E value\n");
                BIO_printf(bio_err," -3              use 3 for the E value\n");
+               BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
                BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
                BIO_printf(bio_err,"                 load the file (or the files in the directory) into\n");
                BIO_printf(bio_err,"                 the random number generator\n");
@@ -167,6 +176,24 @@ bad:
                goto err;
        }
 
+       if (engine != NULL)
+               {
+               if((e = ENGINE_by_id(engine)) == NULL)
+                       {
+                       BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                               engine);
+                       goto err;
+                       }
+               if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                       {
+                       BIO_printf(bio_err,"can't use that engine\n");
+                       goto err;
+                       }
+               BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+               /* Free our "structural" reference. */
+               ENGINE_free(e);
+               }
+
        if (outfile == NULL)
                {
                BIO_set_fp(out,stdout,BIO_NOCLOSE);
@@ -186,7 +213,8 @@ bad:
                        }
                }
 
-       if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
+       if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
+               && !RAND_status())
                {
                BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
                }
index 6789169..365a8ad 100644 (file)
@@ -66,6 +66,7 @@
 #include <openssl/err.h>
 #include <openssl/pem.h>
 #include <openssl/pkcs12.h>
+#include <openssl/engine.h>
 
 #define PROG pkcs12_main
 
@@ -92,6 +93,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 {
+    ENGINE *e = NULL;
     char *infile=NULL, *outfile=NULL, *keyname = NULL; 
     char *certfile=NULL;
     BIO *in=NULL, *out = NULL, *inkey = NULL, *certsin = NULL;
@@ -118,6 +120,7 @@ int MAIN(int argc, char **argv)
     char *passin = NULL, *passout = NULL;
     char *inrand = NULL;
     char *CApath = NULL, *CAfile = NULL;
+    char *engine=NULL;
 
     apps_startup();
 
@@ -236,6 +239,11 @@ int MAIN(int argc, char **argv)
                        args++; 
                        CAfile = *args;
                    } else badarg = 1;
+               } else if (!strcmp(*args,"-engine")) {
+                   if (args[1]) {
+                       args++; 
+                       engine = *args;
+                   } else badarg = 1;
                } else badarg = 1;
 
        } else badarg = 1;
@@ -279,12 +287,27 @@ int MAIN(int argc, char **argv)
        BIO_printf (bio_err, "-password p   set import/export password source\n");
        BIO_printf (bio_err, "-passin p     input file pass phrase source\n");
        BIO_printf (bio_err, "-passout p    output file pass phrase source\n");
+       BIO_printf (bio_err, "-engine e     use engine e, possibly a hardware device.\n");
        BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
        BIO_printf(bio_err,  "              load the file (or the files in the directory) into\n");
        BIO_printf(bio_err,  "              the random number generator\n");
        goto end;
     }
 
+    if (engine != NULL) {
+       if((e = ENGINE_by_id(engine)) == NULL) {
+           BIO_printf(bio_err,"invalid engine \"%s\"\n", engine);
+           goto end;
+       }
+       if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
+           BIO_printf(bio_err,"can't use that engine\n");
+           goto end;
+       }
+       BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+       /* Free our "structural" reference. */
+       ENGINE_free(e);
+    }
+
     if(passarg) {
        if(export_cert) passargout = passarg;
        else passargin = passarg;
index 0af2690..b348da2 100644 (file)
@@ -67,6 +67,7 @@
 #include <openssl/x509.h>
 #include <openssl/pkcs7.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #undef PROG
 #define PROG   pkcs7_main
@@ -82,6 +83,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
        {
+       ENGINE *e = NULL;
        PKCS7 *p7=NULL;
        int i,badops=0;
        BIO *in=NULL,*out=NULL;
@@ -89,6 +91,7 @@ int MAIN(int argc, char **argv)
        char *infile,*outfile,*prog;
        int print_certs=0,text=0,noout=0;
        int ret=0;
+       char *engine=NULL;
 
        apps_startup();
 
@@ -132,6 +135,11 @@ int MAIN(int argc, char **argv)
                        text=1;
                else if (strcmp(*argv,"-print_certs") == 0)
                        print_certs=1;
+               else if (strcmp(*argv,"-engine") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       engine= *(++argv);
+                       }
                else
                        {
                        BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -154,11 +162,30 @@ bad:
                BIO_printf(bio_err," -print_certs  print any certs or crl in the input\n");
                BIO_printf(bio_err," -text         print full details of certificates\n");
                BIO_printf(bio_err," -noout        don't output encoded data\n");
+               BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
                EXIT(1);
                }
 
        ERR_load_crypto_strings();
 
+       if (engine != NULL)
+               {
+               if((e = ENGINE_by_id(engine)) == NULL)
+                       {
+                       BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                               engine);
+                       goto end;
+                       }
+               if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                       {
+                       BIO_printf(bio_err,"can't use that engine\n");
+                       goto end;
+                       }
+               BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+               /* Free our "structural" reference. */
+               ENGINE_free(e);
+               }
+
        in=BIO_new(BIO_s_file());
        out=BIO_new(BIO_s_file());
        if ((in == NULL) || (out == NULL))
index 7b588e4..bd1697a 100644 (file)
@@ -62,6 +62,7 @@
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/pkcs12.h>
+#include <openssl/engine.h>
 
 #include "apps.h"
 #define PROG pkcs8_main
@@ -70,6 +71,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 {
+       ENGINE *e = NULL;
        char **args, *infile = NULL, *outfile = NULL;
        char *passargin = NULL, *passargout = NULL;
        BIO *in = NULL, *out = NULL;
@@ -85,9 +87,13 @@ int MAIN(int argc, char **argv)
        EVP_PKEY *pkey;
        char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
        int badarg = 0;
+       char *engine=NULL;
+
        if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
+
        informat=FORMAT_PEM;
        outformat=FORMAT_PEM;
+
        ERR_load_crypto_strings();
        OpenSSL_add_all_algorithms();
        args = argv + 1;
@@ -138,6 +144,11 @@ int MAIN(int argc, char **argv)
                        if (!args[1]) goto bad;
                        passargout= *(++args);
                        }
+               else if (strcmp(*args,"-engine") == 0)
+                       {
+                       if (!args[1]) goto bad;
+                       engine= *(++args);
+                       }
                else if (!strcmp (*args, "-in")) {
                        if (args[1]) {
                                args++;
@@ -170,9 +181,28 @@ int MAIN(int argc, char **argv)
                BIO_printf(bio_err, "-nocrypt        use or expect unencrypted private key\n");
                BIO_printf(bio_err, "-v2 alg         use PKCS#5 v2.0 and cipher \"alg\"\n");
                BIO_printf(bio_err, "-v1 obj         use PKCS#5 v1.5 and cipher \"alg\"\n");
+               BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
                return (1);
        }
 
+       if (engine != NULL)
+               {
+               if((e = ENGINE_by_id(engine)) == NULL)
+                       {
+                       BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                               engine);
+                       return (1);
+                       }
+               if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                       {
+                       BIO_printf(bio_err,"can't use that engine\n");
+                       return (1);
+                       }
+               BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+               /* Free our "structural" reference. */
+               ENGINE_free(e);
+               }
+
        if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
                BIO_printf(bio_err, "Error getting passwords\n");
                return (1);
index 04764d7..6add7bb 100644 (file)
@@ -9,6 +9,7 @@
 #include <openssl/bio.h>
 #include <openssl/err.h>
 #include <openssl/rand.h>
+#include <openssl/engine.h>
 
 #undef PROG
 #define PROG rand_main
@@ -23,6 +24,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
        {
+       ENGINE *e = NULL;
        int i, r, ret = 1;
        int badopt;
        char *outfile = NULL;
@@ -30,6 +32,7 @@ int MAIN(int argc, char **argv)
        int base64 = 0;
        BIO *out = NULL;
        int num = -1;
+       char *engine=NULL;
 
        apps_startup();
 
@@ -48,6 +51,13 @@ int MAIN(int argc, char **argv)
                        else
                                badopt = 1;
                        }
+               if (strcmp(argv[i], "-engine") == 0)
+                       {
+                       if ((argv[i+1] != NULL) && (engine == NULL))
+                               engine = argv[++i];
+                       else
+                               badopt = 1;
+                       }
                else if (strcmp(argv[i], "-rand") == 0)
                        {
                        if ((argv[i+1] != NULL) && (inrand == NULL))
@@ -84,12 +94,31 @@ int MAIN(int argc, char **argv)
                {
                BIO_printf(bio_err, "Usage: rand [options] num\n");
                BIO_printf(bio_err, "where options are\n");
-               BIO_printf(bio_err, "-out file            - write to file\n");
-               BIO_printf(bio_err, "-rand file%cfile%c...  - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
-               BIO_printf(bio_err, "-base64              - encode output\n");
+               BIO_printf(bio_err, "-out file             - write to file\n");
+               BIO_printf(bio_err," -engine e             - use engine e, possibly a hardware device.\n");
+               BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+               BIO_printf(bio_err, "-base64               - encode output\n");
                goto err;
                }
 
+       if (engine != NULL)
+               {
+               if((e = ENGINE_by_id(engine)) == NULL)
+                       {
+                       BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                               engine);
+                       goto err;
+                       }
+               if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                       {
+                       BIO_printf(bio_err,"can't use that engine\n");
+                       goto err;
+                       }
+               BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+               /* Free our "structural" reference. */
+               ENGINE_free(e);
+               }
+
        app_RAND_load_file(NULL, bio_err, (inrand != NULL));
        if (inrand != NULL)
                BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
index 4d707e8..7f9abed 100644 (file)
@@ -73,6 +73,7 @@
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #define SECTION                "req"
 
@@ -140,6 +141,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
        {
+       ENGINE *e = NULL;
 #ifndef NO_DSA
        DSA *dsa_params=NULL;
 #endif
@@ -153,6 +155,7 @@ int MAIN(int argc, char **argv)
        int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
        int nodes=0,kludge=0,newhdr=0,subject=0;
        char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
+       char *engine=NULL;
        char *extensions = NULL;
        char *req_exts = NULL;
        EVP_CIPHER *cipher=NULL;
@@ -196,6 +199,11 @@ int MAIN(int argc, char **argv)
                        if (--argc < 1) goto bad;
                        outformat=str2fmt(*(++argv));
                        }
+               else if (strcmp(*argv,"-engine") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       engine= *(++argv);
+                       }
                else if (strcmp(*argv,"-key") == 0)
                        {
                        if (--argc < 1) goto bad;
@@ -383,6 +391,7 @@ bad:
                BIO_printf(bio_err," -verify        verify signature on REQ\n");
                BIO_printf(bio_err," -modulus       RSA modulus\n");
                BIO_printf(bio_err," -nodes         don't encrypt the output key\n");
+               BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device.\n");
                BIO_printf(bio_err," -key file  use the private key contained in file\n");
                BIO_printf(bio_err," -keyform arg   key file format\n");
                BIO_printf(bio_err," -keyout arg    file to send the key to\n");
@@ -530,24 +539,55 @@ bad:
        if ((in == NULL) || (out == NULL))
                goto end;
 
-       if (keyfile != NULL)
+       if (engine != NULL)
                {
-               if (BIO_read_filename(in,keyfile) <= 0)
+               if((e = ENGINE_by_id(engine)) == NULL)
+                       {
+                       BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                               engine);
+                       goto end;
+                       }
+               if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
                        {
-                       perror(keyfile);
+                       BIO_printf(bio_err,"can't use that engine\n");
                        goto end;
                        }
+               BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+               /* Free our "structural" reference. */
+               ENGINE_free(e);
+               }
 
-               if (keyform == FORMAT_ASN1)
-                       pkey=d2i_PrivateKey_bio(in,NULL);
-               else if (keyform == FORMAT_PEM)
+       if (keyfile != NULL)
+               {
+               if (keyform == FORMAT_ENGINE)
                        {
-                       pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,passin);
+                       if (!e)
+                               {
+                               BIO_printf(bio_err,"no engine specified\n");
+                               goto end;
+                               }
+                       pkey = ENGINE_load_private_key(e, keyfile, NULL);
                        }
                else
                        {
-                       BIO_printf(bio_err,"bad input format specified for X509 request\n");
-                       goto end;
+                       if (BIO_read_filename(in,keyfile) <= 0)
+                               {
+                               perror(keyfile);
+                               goto end;
+                               }
+
+                       if (keyform == FORMAT_ASN1)
+                               pkey=d2i_PrivateKey_bio(in,NULL);
+                       else if (keyform == FORMAT_PEM)
+                               {
+                               pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,
+                                       passin);
+                               }
+                       else
+                               {
+                               BIO_printf(bio_err,"bad input format specified for X509 request\n");
+                               goto end;
+                               }
                        }
 
                if (pkey == NULL)
index b4b0651..700df42 100644 (file)
@@ -68,6 +68,7 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #undef PROG
 #define PROG   rsa_main
@@ -90,6 +91,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
        {
+       ENGINE *e = NULL;
        int ret=1;
        RSA *rsa=NULL;
        int i,badops=0, sgckey=0;
@@ -100,6 +102,7 @@ int MAIN(int argc, char **argv)
        char *infile,*outfile,*prog;
        char *passargin = NULL, *passargout = NULL;
        char *passin = NULL, *passout = NULL;
+       char *engine=NULL;
        int modulus=0;
 
        apps_startup();
@@ -148,6 +151,11 @@ int MAIN(int argc, char **argv)
                        if (--argc < 1) goto bad;
                        passargout= *(++argv);
                        }
+               else if (strcmp(*argv,"-engine") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       engine= *(++argv);
+                       }
                else if (strcmp(*argv,"-sgckey") == 0)
                        sgckey=1;
                else if (strcmp(*argv,"-pubin") == 0)
@@ -195,11 +203,30 @@ bad:
                BIO_printf(bio_err," -check          verify key consistency\n");
                BIO_printf(bio_err," -pubin          expect a public key in input file\n");
                BIO_printf(bio_err," -pubout         output a public key\n");
+               BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
                goto end;
                }
 
        ERR_load_crypto_strings();
 
+       if (engine != NULL)
+               {
+               if((e = ENGINE_by_id(engine)) == NULL)
+                       {
+                       BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                               engine);
+                       goto end;
+                       }
+               if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                       {
+                       BIO_printf(bio_err,"can't use that engine\n");
+                       goto end;
+                       }
+               BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+               /* Free our "structural" reference. */
+               ENGINE_free(e);
+               }
+
        if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
                BIO_printf(bio_err, "Error getting passwords\n");
                goto end;
@@ -319,14 +346,14 @@ bad:
                        BIO_printf(out,"RSA key ok\n");
                else if (r == 0)
                        {
-                       long e;
+                       long err;
 
-                       while ((e = ERR_peek_error()) != 0 &&
-                               ERR_GET_LIB(e) == ERR_LIB_RSA &&
-                               ERR_GET_FUNC(e) == RSA_F_RSA_CHECK_KEY &&
-                               ERR_GET_REASON(e) != ERR_R_MALLOC_FAILURE)
+                       while ((err = ERR_peek_error()) != 0 &&
+                               ERR_GET_LIB(err) == ERR_LIB_RSA &&
+                               ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY &&
+                               ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE)
                                {
-                               BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(e));
+                               BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(err));
                                ERR_get_error(); /* remove e from error stack */
                                }
                        }
index c935317..45d627a 100644 (file)
@@ -79,6 +79,7 @@ typedef unsigned int u_int;
 #include <openssl/ssl.h>
 #include <openssl/err.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 #include "s_apps.h"
 
 #ifdef WINDOWS
@@ -152,6 +153,7 @@ static void sc_usage(void)
        BIO_printf(bio_err," -bugs         - Switch on all SSL implementation bug workarounds\n");
        BIO_printf(bio_err," -cipher       - preferred cipher to use, use the 'openssl ciphers'\n");
        BIO_printf(bio_err,"                 command to see what is available\n");
+       BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
 
        }
 
@@ -179,6 +181,8 @@ int MAIN(int argc, char **argv)
        int prexit = 0;
        SSL_METHOD *meth=NULL;
        BIO *sbio;
+       char *engine_id=NULL;
+       ENGINE *e=NULL;
 #ifdef WINDOWS
        struct timeval tv;
 #endif
@@ -316,6 +320,11 @@ int MAIN(int argc, char **argv)
                else if (strcmp(*argv,"-nbio") == 0)
                        { c_nbio=1; }
 #endif
+               else if (strcmp(*argv,"-engine") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       engine_id = *(++argv);
+                       }
                else
                        {
                        BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -349,6 +358,30 @@ bad:
 
        OpenSSL_add_ssl_algorithms();
        SSL_load_error_strings();
+
+       if (engine_id != NULL)
+               {
+               if((e = ENGINE_by_id(engine_id)) == NULL)
+                       {
+                       BIO_printf(bio_err,"invalid engine\n");
+                       ERR_print_errors(bio_err);
+                       goto end;
+                       }
+               if (c_debug)
+                       {
+                       ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
+                               0, bio_err, 0);
+                       }
+               if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                       {
+                       BIO_printf(bio_err,"can't use that engine\n");
+                       ERR_print_errors(bio_err);
+                       goto end;
+                       }
+               BIO_printf(bio_err,"engine \"%s\" set.\n", engine_id);
+               ENGINE_free(e);
+               }
+
        ctx=SSL_CTX_new(meth);
        if (ctx == NULL)
                {
index b593283..61a77df 100644 (file)
@@ -83,6 +83,7 @@ typedef unsigned int u_int;
 #include <openssl/pem.h>
 #include <openssl/x509.h>
 #include <openssl/ssl.h>
+#include <openssl/engine.h>
 #include "s_apps.h"
 
 #ifdef WINDOWS
@@ -176,6 +177,7 @@ static int s_debug=0;
 static int s_quiet=0;
 
 static int hack=0;
+static char *engine_id=NULL;
 
 #ifdef MONOLITH
 static void s_server_init(void)
@@ -198,6 +200,7 @@ static void s_server_init(void)
        s_debug=0;
        s_quiet=0;
        hack=0;
+       engine_id=NULL;
        }
 #endif
 
@@ -242,6 +245,7 @@ static void sv_usage(void)
        BIO_printf(bio_err," -bugs         - Turn on SSL bug compatibility\n");
        BIO_printf(bio_err," -www          - Respond to a 'GET /' with a status page\n");
        BIO_printf(bio_err," -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
+       BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
        }
 
 static int local_argc=0;
@@ -411,6 +415,7 @@ int MAIN(int argc, char *argv[])
        int no_tmp_rsa=0,no_dhe=0,nocert=0;
        int state=0;
        SSL_METHOD *meth=NULL;
+       ENGINE *e=NULL;
 #ifndef NO_DH
        DH *dh=NULL;
 #endif
@@ -565,6 +570,11 @@ int MAIN(int argc, char *argv[])
                else if (strcmp(*argv,"-tls1") == 0)
                        { meth=TLSv1_server_method(); }
 #endif
+               else if (strcmp(*argv,"-engine") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       engine_id= *(++argv);
+                       }
                else
                        {
                        BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -609,6 +619,29 @@ bad:
        SSL_load_error_strings();
        OpenSSL_add_ssl_algorithms();
 
+       if (engine_id != NULL)
+               {
+               if((e = ENGINE_by_id(engine_id)) == NULL)
+                       {
+                       BIO_printf(bio_err,"invalid engine\n");
+                       ERR_print_errors(bio_err);
+                       goto end;
+                       }
+               if (s_debug)
+                       {
+                       ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
+                               0, bio_err, 0);
+                       }
+               if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                       {
+                       BIO_printf(bio_err,"can't use that engine\n");
+                       ERR_print_errors(bio_err);
+                       goto end;
+                       }
+               BIO_printf(bio_err,"engine \"%s\" set.\n", engine_id);
+               ENGINE_free(e);
+               }
+
        ctx=SSL_CTX_new(meth);
        if (ctx == NULL)
                {
index 9467b59..16b9400 100644 (file)
@@ -64,6 +64,7 @@
 #include <openssl/crypto.h>
 #include <openssl/pem.h>
 #include <openssl/err.h>
+#include <openssl/engine.h>
 
 #undef PROG
 #define PROG smime_main
@@ -81,6 +82,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 {
+       ENGINE *e = NULL;
        int operation = 0;
        int ret = 0;
        char **args;
@@ -103,8 +105,9 @@ int MAIN(int argc, char **argv)
        char *inrand = NULL;
        int need_rand = 0;
        int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
-       args = argv + 1;
+       char *engine=NULL;
 
+       args = argv + 1;
        ret = 1;
 
        while (!badarg && *args && *args[0] == '-') {
@@ -153,6 +156,11 @@ int MAIN(int argc, char **argv)
                                inrand = *args;
                        } else badarg = 1;
                        need_rand = 1;
+               } else if (!strcmp(*args,"-engine")) {
+                       if (args[1]) {
+                               args++;
+                               engine = *args;
+                       } else badarg = 1;
                } else if (!strcmp(*args,"-passin")) {
                        if (args[1]) {
                                args++;
@@ -290,6 +298,7 @@ int MAIN(int argc, char **argv)
                BIO_printf (bio_err, "-text          include or delete text MIME headers\n");
                BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");
                BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
+               BIO_printf (bio_err, "-engine e      use engine e, possibly a hardware device.\n");
                BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
                BIO_printf(bio_err,  "               load the file (or the files in the directory) into\n");
                BIO_printf(bio_err,  "               the random number generator\n");
@@ -297,6 +306,24 @@ int MAIN(int argc, char **argv)
                goto end;
        }
 
+       if (engine != NULL)
+               {
+               if((e = ENGINE_by_id(engine)) == NULL)
+                       {
+                       BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                               engine);
+                       goto end;
+                       }
+               if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                       {
+                       BIO_printf(bio_err,"can't use that engine\n");
+                       goto end;
+                       }
+               BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+               /* Free our "structural" reference. */
+               ENGINE_free(e);
+               }
+
        if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
                BIO_printf(bio_err, "Error getting password\n");
                goto end;
index 627cab1..ba41916 100644 (file)
@@ -81,6 +81,7 @@
 #include <openssl/crypto.h>
 #include <openssl/rand.h>
 #include <openssl/err.h>
+#include <openssl/engine.h>
 
 #if defined(__FreeBSD__)
 # define USE_TOD
@@ -310,6 +311,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
        {
+       ENGINE *e;
        unsigned char *buf=NULL,*buf2=NULL;
        int mret=1;
 #define ALGOR_NUM      15
@@ -470,6 +472,37 @@ int MAIN(int argc, char **argv)
                {
                if      ((argc > 0) && (strcmp(*argv,"-elapsed") == 0))
                        usertime = 0;
+               else
+               if      ((argc > 0) && (strcmp(*argv,"-engine") == 0))
+                       {
+                       argc--;
+                       argv++;
+                       if(argc == 0)
+                               {
+                               BIO_printf(bio_err,"no engine given\n");
+                               goto end;
+                               }
+                       if((e = ENGINE_by_id(*argv)) == NULL)
+                               {
+                               BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                                       *argv);
+                               goto end;
+                               }
+                       if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                               {
+                               BIO_printf(bio_err,"can't use that engine\n");
+                               goto end;
+                               }
+                       BIO_printf(bio_err,"engine \"%s\" set.\n", *argv);
+                       /* Free our "structural" reference. */
+                       ENGINE_free(e);
+                       /* It will be increased again further down.  We just
+                          don't want speed to confuse an engine with an
+                          algorithm, especially when none is given (which
+                          means all of them should be run) */
+                       j--;
+                       }
+               else
 #ifndef NO_MD2
                if      (strcmp(*argv,"md2") == 0) doit[D_MD2]=1;
                else
@@ -517,7 +550,7 @@ int MAIN(int argc, char **argv)
 #ifdef RSAref
                        if (strcmp(*argv,"rsaref") == 0) 
                        {
-                       RSA_set_default_method(RSA_PKCS1_RSAref());
+                       RSA_set_default_openssl_method(RSA_PKCS1_RSAref());
                        j--;
                        }
                else
@@ -525,7 +558,7 @@ int MAIN(int argc, char **argv)
 #ifndef RSA_NULL
                        if (strcmp(*argv,"openssl") == 0) 
                        {
-                       RSA_set_default_method(RSA_PKCS1_SSLeay());
+                       RSA_set_default_openssl_method(RSA_PKCS1_SSLeay());
                        j--;
                        }
                else
@@ -670,11 +703,12 @@ int MAIN(int argc, char **argv)
                        BIO_printf(bio_err,"\n");
 #endif
 
-#ifdef TIMES
                        BIO_printf(bio_err,"\n");
                        BIO_printf(bio_err,"Available options:\n");
+#ifdef TIMES
                        BIO_printf(bio_err,"-elapsed        measure time in real time instead of CPU user time.\n");
 #endif
+                       BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
                        goto end;
                        }
                argc--;
@@ -1379,6 +1413,7 @@ int MAIN(int argc, char **argv)
 #endif
        mret=0;
 end:
+       ERR_print_errors(bio_err);
        if (buf != NULL) OPENSSL_free(buf);
        if (buf2 != NULL) OPENSSL_free(buf2);
 #ifndef NO_RSA
index 459d730..d7e4678 100644 (file)
@@ -69,6 +69,7 @@
 #include <openssl/lhash.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #undef PROG
 #define PROG   spkac_main
@@ -81,6 +82,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
        {
+       ENGINE *e = NULL;
        int i,badops=0, ret = 1;
        BIO *in = NULL,*out = NULL, *key = NULL;
        int verify=0,noout=0,pubkey=0;
@@ -91,6 +93,7 @@ int MAIN(int argc, char **argv)
        LHASH *conf = NULL;
        NETSCAPE_SPKI *spki = NULL;
        EVP_PKEY *pkey = NULL;
+       char *engine=NULL;
 
        apps_startup();
 
@@ -136,6 +139,11 @@ int MAIN(int argc, char **argv)
                        if (--argc < 1) goto bad;
                        spksect= *(++argv);
                        }
+               else if (strcmp(*argv,"-engine") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       engine= *(++argv);
+                       }
                else if (strcmp(*argv,"-noout") == 0)
                        noout=1;
                else if (strcmp(*argv,"-pubkey") == 0)
@@ -161,6 +169,7 @@ bad:
                BIO_printf(bio_err," -noout         don't print SPKAC\n");
                BIO_printf(bio_err," -pubkey        output public key\n");
                BIO_printf(bio_err," -verify        verify SPKAC signature\n");
+               BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device.\n");
                goto end;
                }
 
@@ -170,6 +179,24 @@ bad:
                goto end;
        }
 
+       if (engine != NULL)
+               {
+               if((e = ENGINE_by_id(engine)) == NULL)
+                       {
+                       BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                               engine);
+                       goto end;
+                       }
+               if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                       {
+                       BIO_printf(bio_err,"can't use that engine\n");
+                       goto end;
+                       }
+               BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+               /* Free our "structural" reference. */
+               ENGINE_free(e);
+               }
+
        if(keyfile) {
                if(strcmp(keyfile, "-")) key = BIO_new_file(keyfile, "r");
                else key = BIO_new_fp(stdin, BIO_NOCLOSE);
index 47e602d..f384de6 100644 (file)
@@ -65,6 +65,7 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #undef PROG
 #define PROG   verify_main
@@ -78,6 +79,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
        {
+       ENGINE *e = NULL;
        int i,ret=1;
        int purpose = -1;
        char *CApath=NULL,*CAfile=NULL;
@@ -85,6 +87,7 @@ int MAIN(int argc, char **argv)
        STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
        X509_STORE *cert_ctx=NULL;
        X509_LOOKUP *lookup=NULL;
+       char *engine=NULL;
 
        cert_ctx=X509_STORE_new();
        if (cert_ctx == NULL) goto end;
@@ -137,6 +140,11 @@ int MAIN(int argc, char **argv)
                                if (argc-- < 1) goto end;
                                trustfile= *(++argv);
                                }
+                       else if (strcmp(*argv,"-engine") == 0)
+                               {
+                               if (--argc < 1) goto end;
+                               engine= *(++argv);
+                               }
                        else if (strcmp(*argv,"-help") == 0)
                                goto end;
                        else if (strcmp(*argv,"-issuer_checks") == 0)
@@ -154,6 +162,24 @@ int MAIN(int argc, char **argv)
                        break;
                }
 
+       if (engine != NULL)
+               {
+               if((e = ENGINE_by_id(engine)) == NULL)
+                       {
+                       BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                               engine);
+                       goto end;
+                       }
+               if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                       {
+                       BIO_printf(bio_err,"can't use that engine\n");
+                       goto end;
+                       }
+               BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+               /* Free our "structural" reference. */
+               ENGINE_free(e);
+               }
+
        lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
        if (lookup == NULL) abort();
        if (CAfile) {
@@ -201,7 +227,7 @@ int MAIN(int argc, char **argv)
        ret=0;
 end:
        if (ret == 1) {
-               BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] cert1 cert2 ...\n");
+               BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-engine e] cert1 cert2 ...\n");
                BIO_printf(bio_err,"recognized usages:\n");
                for(i = 0; i < X509_PURPOSE_get_count(); i++) {
                        X509_PURPOSE *ptmp;
index 3bef1fc..8712339 100644 (file)
@@ -73,6 +73,7 @@
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #undef PROG
 #define PROG x509_main
@@ -129,6 +130,7 @@ static char *x509_usage[]={
 " -extensions     - section from config file with X509V3 extensions to add\n",
 " -clrext         - delete extensions before signing and input certificate\n",
 " -nameopt arg    - various certificate name options\n",
+" -engine e       - use engine e, possibly a hardware device.\n",
 " -certopt arg    - various certificate text options\n",
 NULL
 };
@@ -146,6 +148,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
        {
+       ENGINE *e = NULL;
        int ret=1;
        X509_REQ *req=NULL;
        X509 *x=NULL,*xca=NULL;
@@ -176,6 +179,7 @@ int MAIN(int argc, char **argv)
        int need_rand = 0;
        int checkend=0,checkoffset=0;
        unsigned long nmflag = 0, certflag = 0;
+       char *engine=NULL;
 
        reqfile=0;
 
@@ -343,6 +347,11 @@ int MAIN(int argc, char **argv)
                        alias= *(++argv);
                        trustout = 1;
                        }
+               else if (strcmp(*argv,"-engine") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       engine= *(++argv);
+                       }
                else if (strcmp(*argv,"-C") == 0)
                        C= ++num;
                else if (strcmp(*argv,"-email") == 0)
@@ -426,6 +435,24 @@ bad:
                goto end;
                }
 
+       if (engine != NULL)
+               {
+               if((e = ENGINE_by_id(engine)) == NULL)
+                       {
+                       BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                               engine);
+                       goto end;
+                       }
+               if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                       {
+                       BIO_printf(bio_err,"can't use that engine\n");
+                       goto end;
+                       }
+               BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+               /* Free our "structural" reference. */
+               ENGINE_free(e);
+               }
+
        if (need_rand)
                app_RAND_load_file(NULL, bio_err, 0);
 
diff --git a/config b/config
index a354456..2f84a45 100755 (executable)
--- a/config
+++ b/config
@@ -482,11 +482,17 @@ case "$GUESSOS" in
   *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
 esac
 
+# NB: This atalla support has been superceded by the ENGINE support
+# That contains its own header and definitions anyway. Support can
+# be enabled or disabled on any supported platform without external
+# headers, eg. by adding the "hw-atalla" switch to ./config or
+# perl Configure
+#
 # See whether we can compile Atalla support
-if [ -f /usr/include/atasi.h ]
-then
-  options="$options -DATALLA"
-fi
+#if [ -f /usr/include/atasi.h ]
+#then
+#  options="$options -DATALLA"
+#fi
 
 # gcc < 2.8 does not support -mcpu=ultrasparc
 if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ]
index 72e3fe7..7bb2a5c 100644 (file)
@@ -27,7 +27,7 @@ LIBS=
 
 SDIRS= md2 md5 sha mdc2 hmac ripemd \
        des rc2 rc4 rc5 idea bf cast \
-       bn rsa dsa dh dso \
+       bn rsa dsa dh dso engine \
        buffer bio stack lhash rand err objects \
        evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp rijndael
 
index 8117323..d2c9162 100644 (file)
 #include <stdio.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
-#ifdef ATALLA
-# include <alloca.h>
-# include <atasi.h>
-# include <assert.h>
-# include <dlfcn.h>
-#endif
-
 
 #define TABLE_SIZE     32
 
@@ -183,174 +176,6 @@ err:
        }
 
 
-#ifdef ATALLA
-
-/*
- * This routine will dynamically check for the existance of an Atalla AXL-200
- * SSL accelerator module.  If one is found, the variable
- * asi_accelerator_present is set to 1 and the function pointers
- * ptr_ASI_xxxxxx above will be initialized to corresponding ASI API calls.
- */
-typedef int tfnASI_GetPerformanceStatistics(int reset_flag,
-                                           unsigned int *ret_buf);
-typedef int tfnASI_GetHardwareConfig(long card_num, unsigned int *ret_buf);
-typedef int tfnASI_RSAPrivateKeyOpFn(RSAPrivateKey * rsaKey,
-                                    unsigned char *output,
-                                    unsigned char *input,
-                                    unsigned int modulus_len);
-
-static tfnASI_GetHardwareConfig *ptr_ASI_GetHardwareConfig;
-static tfnASI_RSAPrivateKeyOpFn *ptr_ASI_RSAPrivateKeyOpFn;
-static tfnASI_GetPerformanceStatistics *ptr_ASI_GetPerformanceStatistics;
-static int asi_accelerator_present;
-static int tried_atalla;
-
-void atalla_initialize_accelerator_handle(void)
-       {
-       void *dl_handle;
-       int status;
-       unsigned int config_buf[1024]; 
-       static int tested;
-
-       if(tested)
-               return;
-
-       tested=1;
-
-       bzero((void *)config_buf, 1024);
-
-       /*
-        * Check to see if the library is present on the system
-        */
-       dl_handle = dlopen("atasi.so", RTLD_NOW);
-       if (dl_handle == (void *) NULL)
-               {
-/*             printf("atasi.so library is not present on the system\n");
-               printf("No HW acceleration available\n");*/
-               return;
-               }
-
-       /*
-        * The library is present.  Now we'll check to insure that the
-        * LDM is up and running. First we'll get the address of the
-        * function in the atasi library that we need to see if the
-        * LDM is operating.
-        */
-
-       ptr_ASI_GetHardwareConfig =
-         (tfnASI_GetHardwareConfig *)dlsym(dl_handle,"ASI_GetHardwareConfig");
-
-       if (ptr_ASI_GetHardwareConfig)
-               {
-               /*
-                * We found the call, now we'll get our config
-                * status.  If we get a non 0 result, the LDM is not
-                * running and we cannot use the Atalla ASI *
-                * library.
-                */
-               status = (*ptr_ASI_GetHardwareConfig)(0L, config_buf);
-               if (status != 0)
-                       {
-                       printf("atasi.so library is present but not initialized\n");
-                       printf("No HW acceleration available\n");
-                       return;
-                       }    
-               }
-       else
-               {
-/*             printf("We found the library, but not the function. Very Strange!\n");*/
-               return ;
-               }
-
-       /* 
-        * It looks like we have acceleration capabilities.  Load up the
-        * pointers to our ASI API calls.
-        */
-       ptr_ASI_RSAPrivateKeyOpFn=
-         (tfnASI_RSAPrivateKeyOpFn *)dlsym(dl_handle, "ASI_RSAPrivateKeyOpFn");
-       if (ptr_ASI_RSAPrivateKeyOpFn == NULL)
-               {
-/*             printf("We found the library, but no RSA function. Very Strange!\n");*/
-               return;
-               }
-
-       ptr_ASI_GetPerformanceStatistics =
-         (tfnASI_GetPerformanceStatistics *)dlsym(dl_handle, "ASI_GetPerformanceStatistics");
-       if (ptr_ASI_GetPerformanceStatistics == NULL)
-               {
-/*             printf("We found the library, but no stat function. Very Strange!\n");*/
-               return;
-             }
-
-       /*
-        * Indicate that acceleration is available
-        */
-       asi_accelerator_present = 1;
-
-/*     printf("This system has acceleration!\n");*/
-
-       return;
-       }
-
-/* make sure this only gets called once when bn_mod_exp calls bn_mod_exp_mont */
-int BN_mod_exp_atalla(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m)
-       {
-       unsigned char *abin;
-       unsigned char *pbin;
-       unsigned char *mbin;
-       unsigned char *rbin;
-       int an,pn,mn,ret;
-       RSAPrivateKey keydata;
-
-       atalla_initialize_accelerator_handle();
-       if(!asi_accelerator_present)
-               return 0;
-
-
-/* We should be able to run without size testing */
-# define ASIZE 128
-       an=BN_num_bytes(a);
-       pn=BN_num_bytes(p);
-       mn=BN_num_bytes(m);
-
-       if(an <= ASIZE && pn <= ASIZE && mn <= ASIZE)
-           {
-           int size=mn;
-
-           assert(an <= mn);
-           abin=alloca(size);
-           memset(abin,'\0',mn);
-           BN_bn2bin(a,abin+size-an);
-
-           pbin=alloca(pn);
-           BN_bn2bin(p,pbin);
-
-           mbin=alloca(size);
-           memset(mbin,'\0',mn);
-           BN_bn2bin(m,mbin+size-mn);
-
-           rbin=alloca(size);
-
-           memset(&keydata,'\0',sizeof keydata);
-           keydata.privateExponent.data=pbin;
-           keydata.privateExponent.len=pn;
-           keydata.modulus.data=mbin;
-           keydata.modulus.len=size;
-
-           ret=(*ptr_ASI_RSAPrivateKeyOpFn)(&keydata,rbin,abin,keydata.modulus.len);
-/*fprintf(stderr,"!%s\n",BN_bn2hex(a));*/
-           if(!ret)
-               {
-               BN_bin2bn(rbin,keydata.modulus.len,r);
-/*fprintf(stderr,"?%s\n",BN_bn2hex(r));*/
-               return 1;
-               }
-           }
-       return 0;
-        }
-#endif /* def ATALLA */
-
-
 int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
               BN_CTX *ctx)
        {
@@ -360,13 +185,6 @@ int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
        bn_check_top(p);
        bn_check_top(m);
 
-#ifdef ATALLA
-       if(BN_mod_exp_atalla(r,a,p,m))
-           return 1;
-/* If it fails, try the other methods (but don't try atalla again) */
-       tried_atalla=1;
-#endif
-
 #ifdef MONT_MUL_MOD
        /* I have finally been able to take out this pre-condition of
         * the top bit being set.  It was caused by an error in BN_div
@@ -392,10 +210,6 @@ int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
                { ret=BN_mod_exp_simple(r,a,p,m,ctx); }
 #endif
 
-#ifdef ATALLA
-       tried_atalla=0;
-#endif
-
        return(ret);
        }
 
@@ -525,12 +339,6 @@ int BN_mod_exp_mont(BIGNUM *rr, BIGNUM *a, const BIGNUM *p,
        bn_check_top(p);
        bn_check_top(m);
 
-#ifdef ATALLA
-       if(!tried_atalla && BN_mod_exp_atalla(rr,a,p,m))
-           return 1;
-/* If it fails, try the other methods */
-#endif
-
        if (!(m->d[0] & 1))
                {
                BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
@@ -693,19 +501,6 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
        t = BN_CTX_get(ctx);
        if (d == NULL || r == NULL || t == NULL) goto err;
 
-#ifdef ATALLA
-       if (!tried_atalla)
-               {
-               BN_set_word(t, a);
-               if (BN_mod_exp_atalla(rr, t, p, m))
-                       {
-                       BN_CTX_end(ctx);
-                       return 1;
-                       }
-               }
-/* If it fails, try the other methods */
-#endif
-
        if (in_mont != NULL)
                mont=in_mont;
        else
index 070cf59..9de60fd 100644 (file)
@@ -100,7 +100,8 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] =
        "debug_malloc2",
        "dso",
        "dynlock",
-#if CRYPTO_NUM_LOCKS != 28
+       "engine",
+#if CRYPTO_NUM_LOCKS != 29
 # error "Inconsistency between crypto.h and cryptlib.c"
 #endif
        };
index edffeff..70e3c91 100644 (file)
@@ -88,7 +88,7 @@ $! Define The Different Encryption Types.
 $!
 $ ENCRYPT_TYPES = "Basic,MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ -
                  "DES,RC2,RC4,RC5,IDEA,BF,CAST,"+ -
-                 "BN,RSA,DSA,DH,DSO,"+ -
+                 "BN,RSA,DSA,DH,DSO,ENGINE,RIJNDAEL,"+ -
                  "BUFFER,BIO,STACK,LHASH,RAND,ERR,OBJECTS,"+ -
                  "EVP,EVP_2,ASN1,ASN1_2,PEM,X509,X509V3,"+ -
                  "CONF,TXT_DB,PKCS7,PKCS12,COMP"
@@ -206,6 +206,9 @@ $ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,dsa_err,dsa_ossl"
 $ LIB_DH = "dh_gen,dh_key,dh_lib,dh_check,dh_err"
 $ LIB_DSO = "dso_dl,dso_dlfcn,dso_err,dso_lib,dso_null,"+ -
        "dso_openssl,dso_win32,dso_vms"
+$ LIB_ENGINE = "engine_err,engine_lib,engine_list,engine_openssl,"+ -
+       "hw_atalla,hw_cswift,hw_ncipher"
+$ LIB_RIJNDAEL = "rijndael-alg-fst"
 $ LIB_BUFFER = "buffer,buf_err"
 $ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ -
        "bss_mem,bss_null,bss_fd,"+ -
@@ -1194,7 +1197,9 @@ $     CC = "CC"
 $     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
         THEN CC = "CC/DECC"
 $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
-           "/NOLIST/PREFIX=ALL/INCLUDE=SYS$DISK:[]" + CCEXTRAFLAGS
+           "/NOLIST/PREFIX=ALL" + -
+          "/INCLUDE=(SYS$DISK:[],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
+          CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
@@ -1226,7 +1231,8 @@ $ WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
 $      EXIT
 $     ENDIF
 $     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
-$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST/INCLUDE=SYS$DISK:[]" + -
+$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
+          "/INCLUDE=(SYS$DISK:[],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
           CCEXTRAFLAGS
 $     CCDEFS = """VAXC""," + CCDEFS
 $!
@@ -1258,7 +1264,8 @@ $!
 $!    Use GNU C...
 $!
 $     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-          "/INCLUDE=SYS$DISK:[]" + CCEXTRAFLAGS
+          "/INCLUDE=(SYS$DISK:[],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
+          CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
index df6ccaf..52ee97b 100644 (file)
@@ -122,7 +122,8 @@ extern "C" {
 #define        CRYPTO_LOCK_MALLOC2             25
 #define        CRYPTO_LOCK_DSO                 26
 #define        CRYPTO_LOCK_DYNLOCK             27
-#define        CRYPTO_NUM_LOCKS                28
+#define        CRYPTO_LOCK_ENGINE              28
+#define        CRYPTO_NUM_LOCKS                29
 
 #define CRYPTO_LOCK            1
 #define CRYPTO_UNLOCK          2
index ccee00e..b9fed3a 100644 (file)
@@ -101,19 +101,41 @@ dh_gen.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 dh_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 dh_gen.o: ../cryptlib.h
-dh_key.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-dh_key.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
-dh_key.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-dh_key.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dh_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+dh_key.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+dh_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+dh_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dh_key.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dh_key.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+dh_key.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+dh_key.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+dh_key.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+dh_key.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+dh_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 dh_key.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
-dh_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dh_key.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+dh_key.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
+dh_key.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+dh_key.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+dh_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 dh_key.o: ../../include/openssl/symhacks.h ../cryptlib.h
-dh_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-dh_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-dh_lib.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
-dh_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-dh_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-dh_lib.o: ../cryptlib.h
+dh_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+dh_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+dh_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+dh_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dh_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dh_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+dh_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+dh_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+dh_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+dh_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+dh_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+dh_lib.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
+dh_lib.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+dh_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+dh_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dh_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h
index a15fc1c..7a8d9f8 100644 (file)
@@ -115,7 +115,11 @@ struct dh_st
 
        int references;
        CRYPTO_EX_DATA ex_data;
+#if 0
        DH_METHOD *meth;
+#else
+       struct engine_st *engine;
+#endif
        };
 
 #define DH_GENERATOR_2         2
@@ -150,10 +154,15 @@ struct dh_st
 
 DH_METHOD *DH_OpenSSL(void);
 
-void DH_set_default_method(DH_METHOD *meth);
-DH_METHOD *DH_get_default_method(void);
+void DH_set_default_openssl_method(DH_METHOD *meth);
+DH_METHOD *DH_get_default_openssl_method(void);
+#if 0
 DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth);
 DH *DH_new_method(DH_METHOD *meth);
+#else
+int DH_set_method(DH *dh, struct engine_st *engine);
+DH *DH_new_method(struct engine_st *engine);
+#endif
 
 DH *   DH_new(void);
 void   DH_free(DH *dh);
index 6f9426d..6915d79 100644 (file)
@@ -61,6 +61,7 @@
 #include <openssl/bn.h>
 #include <openssl/rand.h>
 #include <openssl/dh.h>
+#include <openssl/engine.h>
 
 static int generate_key(DH *dh);
 static int compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
@@ -72,12 +73,12 @@ static int dh_finish(DH *dh);
 
 int DH_generate_key(DH *dh)
        {
-       return dh->meth->generate_key(dh);
+       return ENGINE_get_DH(dh->engine)->generate_key(dh);
        }
 
 int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh)
        {
-       return dh->meth->compute_key(key, pub_key, dh);
+       return ENGINE_get_DH(dh->engine)->compute_key(key, pub_key, dh);
        }
 
 static DH_METHOD dh_ossl = {
@@ -137,8 +138,9 @@ static int generate_key(DH *dh)
                }
        mont=(BN_MONT_CTX *)dh->method_mont_p;
 
-       if (!dh->meth->bn_mod_exp(dh, pub_key,dh->g,priv_key,dh->p,&ctx,mont))
-                                                               goto err;
+       if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, pub_key, dh->g,
+                               priv_key,dh->p,&ctx,mont))
+               goto err;
                
        dh->pub_key=pub_key;
        dh->priv_key=priv_key;
@@ -177,7 +179,8 @@ static int compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh)
                }
 
        mont=(BN_MONT_CTX *)dh->method_mont_p;
-       if (!dh->meth->bn_mod_exp(dh, tmp,pub_key,dh->priv_key,dh->p,&ctx,mont))
+       if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, tmp, pub_key,
+                               dh->priv_key,dh->p,&ctx,mont))
                {
                DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB);
                goto err;
index a8d5340..66803b5 100644 (file)
@@ -60,6 +60,7 @@
 #include "cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/dh.h>
+#include <openssl/engine.h>
 
 const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
 
@@ -67,17 +68,32 @@ static DH_METHOD *default_DH_method;
 static int dh_meth_num = 0;
 static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dh_meth = NULL;
 
-void DH_set_default_method(DH_METHOD *meth)
+void DH_set_default_openssl_method(DH_METHOD *meth)
 {
-       default_DH_method = meth;
+       ENGINE *e;
+       /* We'll need to notify the "openssl" ENGINE of this
+        * change too. We won't bother locking things down at
+        * our end as there was never any locking in these
+        * functions! */
+       if(default_DH_method != meth)
+               {
+               default_DH_method = meth;
+               e = ENGINE_by_id("openssl");
+               if(e)
+                       {
+                       ENGINE_set_DH(e, meth);
+                       ENGINE_free(e);
+                       }
+               }
 }
 
-DH_METHOD *DH_get_default_method(void)
+DH_METHOD *DH_get_default_openssl_method(void)
 {
        if(!default_DH_method) default_DH_method = DH_OpenSSL();
        return default_DH_method;
 }
 
+#if 0
 DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth)
 {
         DH_METHOD *mtmp;
@@ -87,14 +103,37 @@ DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth)
         if (meth->init) meth->init(dh);
         return mtmp;
 }
+#else
+int DH_set_method(DH *dh, ENGINE *engine)
+{
+       ENGINE *mtmp;
+       DH_METHOD *meth;
+       mtmp = dh->engine;
+       meth = ENGINE_get_DH(mtmp);
+       if (!ENGINE_init(engine))
+               return 0;
+       if (meth->finish) meth->finish(dh);
+       dh->engine= engine;
+       meth = ENGINE_get_DH(engine);
+       if (meth->init) meth->init(dh);
+       /* SHOULD ERROR CHECK THIS!!! */
+       ENGINE_finish(mtmp);
+       return 1;
+}
+#endif
 
 DH *DH_new(void)
 {
        return DH_new_method(NULL);
 }
 
+#if 0
 DH *DH_new_method(DH_METHOD *meth)
+#else
+DH *DH_new_method(ENGINE *engine)
+#endif
        {
+       DH_METHOD *meth;
        DH *ret;
        ret=(DH *)OPENSSL_malloc(sizeof(DH));
 
@@ -103,8 +142,17 @@ DH *DH_new_method(DH_METHOD *meth)
                DHerr(DH_F_DH_NEW,ERR_R_MALLOC_FAILURE);
                return(NULL);
                }
-       if(meth) ret->meth = meth;
-       else ret->meth = DH_get_default_method();
+       if(engine)
+               ret->engine = engine;
+       else
+               {
+               if((ret->engine=ENGINE_get_default_DH()) == NULL)
+                       {
+                       OPENSSL_free(ret);
+                       return NULL;
+                       }
+               }
+       meth = ENGINE_get_DH(ret->engine);
        ret->pad=0;
        ret->version=0;
        ret->p=NULL;
@@ -119,8 +167,8 @@ DH *DH_new_method(DH_METHOD *meth)
        ret->counter = NULL;
        ret->method_mont_p=NULL;
        ret->references = 1;
-       ret->flags=ret->meth->flags;
-       if ((ret->meth->init != NULL) && !ret->meth->init(ret))
+       ret->flags=meth->flags;
+       if ((meth->init != NULL) && !meth->init(ret))
                {
                OPENSSL_free(ret);
                ret=NULL;
@@ -132,6 +180,7 @@ DH *DH_new_method(DH_METHOD *meth)
 
 void DH_free(DH *r)
        {
+       DH_METHOD *meth;
        int i;
        if(r == NULL) return;
        i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH);
@@ -149,7 +198,9 @@ void DH_free(DH *r)
 
        CRYPTO_free_ex_data(dh_meth, r, &r->ex_data);
 
-       if(r->meth->finish) r->meth->finish(r);
+       meth = ENGINE_get_DH(r->engine);
+       if(meth->finish) meth->finish(r);
+       ENGINE_finish(r->engine);
 
        if (r->p != NULL) BN_clear_free(r->p);
        if (r->g != NULL) BN_clear_free(r->g);
index 1dfdb2d..f9a6dbb 100644 (file)
@@ -116,39 +116,81 @@ dsa_key.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
 dsa_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 dsa_key.o: ../../include/openssl/symhacks.h ../cryptlib.h
 dsa_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-dsa_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-dsa_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-dsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-dsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-dsa_lib.o: ../cryptlib.h
+dsa_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+dsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+dsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+dsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+dsa_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+dsa_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+dsa_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+dsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+dsa_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+dsa_lib.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
+dsa_lib.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+dsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+dsa_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h
 dsa_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-dsa_ossl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-dsa_ossl.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-dsa_ossl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-dsa_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dsa_ossl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+dsa_ossl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+dsa_ossl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_ossl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dsa_ossl.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+dsa_ossl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+dsa_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+dsa_ossl.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+dsa_ossl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+dsa_ossl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
-dsa_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_ossl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+dsa_ossl.o: ../../include/openssl/rc5.h
+dsa_ossl.o: ../../include/openssl/rijndael-alg-fst.h
+dsa_ossl.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+dsa_ossl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+dsa_ossl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 dsa_ossl.o: ../../include/openssl/symhacks.h ../cryptlib.h
 dsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-dsa_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-dsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dsa_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+dsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+dsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dsa_sign.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+dsa_sign.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+dsa_sign.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+dsa_sign.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+dsa_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
-dsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_sign.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+dsa_sign.o: ../../include/openssl/rc5.h
+dsa_sign.o: ../../include/openssl/rijndael-alg-fst.h
+dsa_sign.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+dsa_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+dsa_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 dsa_sign.o: ../../include/openssl/symhacks.h ../cryptlib.h
 dsa_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-dsa_vrf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-dsa_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-dsa_vrf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-dsa_vrf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_vrf.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dsa_vrf.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+dsa_vrf.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+dsa_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+dsa_vrf.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+dsa_vrf.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+dsa_vrf.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+dsa_vrf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-dsa_vrf.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-dsa_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-dsa_vrf.o: ../cryptlib.h
+dsa_vrf.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+dsa_vrf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+dsa_vrf.o: ../../include/openssl/rijndael-alg-fst.h
+dsa_vrf.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+dsa_vrf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+dsa_vrf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_vrf.o: ../../include/openssl/symhacks.h ../cryptlib.h
index 3ebcc4a..65689a3 100644 (file)
@@ -133,7 +133,11 @@ struct dsa_st
        char *method_mont_p;
        int references;
        CRYPTO_EX_DATA ex_data;
+#if 0
        DSA_METHOD *meth;
+#else
+       struct engine_st *engine;
+#endif
        };
 
 #define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \
@@ -159,12 +163,20 @@ int       DSA_do_verify(const unsigned char *dgst,int dgst_len,
 
 DSA_METHOD *DSA_OpenSSL(void);
 
-void        DSA_set_default_method(DSA_METHOD *);
-DSA_METHOD *DSA_get_default_method(void);
+void        DSA_set_default_openssl_method(DSA_METHOD *);
+DSA_METHOD *DSA_get_default_openssl_method(void);
+#if 0
 DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *);
+#else
+int DSA_set_method(DSA *dsa, struct engine_st *engine);
+#endif
 
 DSA *  DSA_new(void);
+#if 0
 DSA *  DSA_new_method(DSA_METHOD *meth);
+#else
+DSA *  DSA_new_method(struct engine_st *engine);
+#endif
 int    DSA_size(DSA *);
        /* next 4 return -1 on error */
 int    DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp);
index be30d18..b31b946 100644 (file)
@@ -63,6 +63,7 @@
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
 #include <openssl/asn1.h>
+#include <openssl/engine.h>
 
 const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT;
 
@@ -70,12 +71,26 @@ static DSA_METHOD *default_DSA_method;
 static int dsa_meth_num = 0;
 static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dsa_meth = NULL;
 
-void DSA_set_default_method(DSA_METHOD *meth)
+void DSA_set_default_openssl_method(DSA_METHOD *meth)
 {
-       default_DSA_method = meth;
+       ENGINE *e;
+       /* We'll need to notify the "openssl" ENGINE of this
+        * change too. We won't bother locking things down at
+        * our end as there was never any locking in these
+        * functions! */
+       if(default_DSA_method != meth)
+               {
+               default_DSA_method = meth;
+               e = ENGINE_by_id("openssl");
+               if(e)
+                       {
+                       ENGINE_set_DSA(e, meth);
+                       ENGINE_free(e);
+                       }
+               }
 }
 
-DSA_METHOD *DSA_get_default_method(void)
+DSA_METHOD *DSA_get_default_openssl_method(void)
 {
        if(!default_DSA_method) default_DSA_method = DSA_OpenSSL();
        return default_DSA_method;
@@ -86,6 +101,7 @@ DSA *DSA_new(void)
        return DSA_new_method(NULL);
 }
 
+#if 0
 DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth)
 {
         DSA_METHOD *mtmp;
@@ -95,10 +111,33 @@ DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth)
         if (meth->init) meth->init(dsa);
         return mtmp;
 }
+#else
+int DSA_set_method(DSA *dsa, ENGINE *engine)
+       {
+       ENGINE *mtmp;
+       DSA_METHOD *meth;
+       mtmp = dsa->engine;
+       meth = ENGINE_get_DSA(mtmp);
+       if (!ENGINE_init(engine))
+               return 0;
+       if (meth->finish) meth->finish(dsa);
+       dsa->engine = engine;
+       meth = ENGINE_get_DSA(engine);
+       if (meth->init) meth->init(dsa);
+       /* SHOULD ERROR CHECK THIS!!! */
+       ENGINE_finish(mtmp);
+       return 1;
+       }
+#endif
 
 
+#if 0
 DSA *DSA_new_method(DSA_METHOD *meth)
+#else
+DSA *DSA_new_method(ENGINE *engine)
+#endif
        {
+       DSA_METHOD *meth;
        DSA *ret;
 
        ret=(DSA *)OPENSSL_malloc(sizeof(DSA));
@@ -107,8 +146,17 @@ DSA *DSA_new_method(DSA_METHOD *meth)
                DSAerr(DSA_F_DSA_NEW,ERR_R_MALLOC_FAILURE);
                return(NULL);
                }
-       if(meth) ret->meth = meth;
-       else ret->meth = DSA_get_default_method();
+       if(engine)
+               ret->engine = engine;
+       else
+               {
+               if((ret->engine=ENGINE_get_default_DSA()) == NULL)
+                       {
+                       OPENSSL_free(ret);
+                       return NULL;
+                       }
+               }
+       meth = ENGINE_get_DSA(ret->engine);
        ret->pad=0;
        ret->version=0;
        ret->write_params=1;
@@ -124,8 +172,8 @@ DSA *DSA_new_method(DSA_METHOD *meth)
        ret->method_mont_p=NULL;
 
        ret->references=1;
-       ret->flags=ret->meth->flags;
-       if ((ret->meth->init != NULL) && !ret->meth->init(ret))
+       ret->flags=meth->flags;
+       if ((meth->init != NULL) && !meth->init(ret))
                {
                OPENSSL_free(ret);
                ret=NULL;
@@ -138,6 +186,7 @@ DSA *DSA_new_method(DSA_METHOD *meth)
 
 void DSA_free(DSA *r)
        {
+       DSA_METHOD *meth;
        int i;
 
        if (r == NULL) return;
@@ -157,7 +206,9 @@ void DSA_free(DSA *r)
 
        CRYPTO_free_ex_data(dsa_meth, r, &r->ex_data);
 
-       if(r->meth->finish) r->meth->finish(r);
+       meth = ENGINE_get_DSA(r->engine);
+       if(meth->finish) meth->finish(r);
+       ENGINE_finish(r->engine);
 
        if (r->p != NULL) BN_clear_free(r->p);
        if (r->q != NULL) BN_clear_free(r->q);
index 0943565..96295dc 100644 (file)
@@ -64,6 +64,7 @@
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
+#include <openssl/engine.h>
 
 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
@@ -195,7 +196,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
                }
 
        /* Compute r = (g^k mod p) mod q */
-       if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
+       if (!ENGINE_get_DSA(dsa->engine)->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
                (BN_MONT_CTX *)dsa->method_mont_p)) goto err;
        if (!BN_mod(r,r,dsa->q,ctx)) goto err;
 
@@ -273,7 +274,7 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
        if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err;
 #else
        {
-       if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
+       if (!ENGINE_get_DSA(dsa->engine)->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
                                                dsa->p,ctx,mont)) goto err;
        /* BN_copy(&u1,&t1); */
        /* let u1 = u1 mod q */
index 8920502..dfe27ba 100644 (file)
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
+#include <openssl/engine.h>
 
 DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
        {
-       return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
+       return ENGINE_get_DSA(dsa->engine)->dsa_do_sign(dgst, dlen, dsa);
        }
 
 int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
@@ -87,6 +88,6 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
 
 int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
        {
-       return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
+       return ENGINE_get_DSA(dsa->engine)->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
        }
 
index 03277f8..2e891ae 100644 (file)
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1_mac.h>
+#include <openssl/engine.h>
 
 int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
                  DSA *dsa)
        {
-       return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
+       return ENGINE_get_DSA(dsa->engine)->dsa_do_verify(dgst, dgst_len, sig, dsa);
        }
 
 /* data has already been hashed (probably with SHA or SHA-1). */
diff --git a/crypto/engine/.cvsignore b/crypto/engine/.cvsignore
new file mode 100644 (file)
index 0000000..c6d03a9
--- /dev/null
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/engine/Makefile.ssl b/crypto/engine/Makefile.ssl
new file mode 100644 (file)
index 0000000..8974ecd
--- /dev/null
@@ -0,0 +1,256 @@
+#
+# OpenSSL/crypto/engine/Makefile
+#
+
+DIR=   engine
+TOP=   ../..
+CC=    cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=          make -f Makefile.ssl
+MAKEDEPEND=    $(TOP)/util/domd $(TOP)
+MAKEFILE=      Makefile.ssl
+AR=            ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST= enginetest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= engine_err.c engine_lib.c engine_list.c engine_openssl.c \
+       hw_atalla.c hw_cswift.c hw_ncipher.c hw_nuron.c
+LIBOBJ= engine_err.o engine_lib.o engine_list.o engine_openssl.o \
+       hw_atalla.o hw_cswift.o hw_ncipher.o hw_nuron.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= engine.h
+HEADER=        $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+       (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:   lib
+
+lib:   $(LIBOBJ)
+       $(AR) $(LIB) $(LIBOBJ)
+       $(RANLIB) $(LIB)
+       @touch lib
+
+files:
+       $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+       @$(TOP)/util/point.sh Makefile.ssl Makefile
+       @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+       @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+       @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+       @for i in $(EXHEADER) ; \
+       do  \
+       (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+       chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+       done;
+
+tags:
+       ctags $(SRC)
+
+tests:
+
+lint:
+       lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+       $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+
+dclean:
+       $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+       mv -f Makefile.new $(MAKEFILE)
+
+clean:
+       rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+engine_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+engine_err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+engine_err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+engine_err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+engine_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+engine_err.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+engine_err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+engine_err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+engine_err.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+engine_err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+engine_err.o: ../../include/openssl/objects.h
+engine_err.o: ../../include/openssl/opensslconf.h
+engine_err.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+engine_err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+engine_err.o: ../../include/openssl/rc5.h
+engine_err.o: ../../include/openssl/rijndael-alg-fst.h
+engine_err.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+engine_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+engine_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+engine_err.o: ../../include/openssl/symhacks.h
+engine_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+engine_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+engine_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+engine_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+engine_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+engine_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+engine_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+engine_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+engine_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+engine_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+engine_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+engine_lib.o: ../../include/openssl/objects.h
+engine_lib.o: ../../include/openssl/opensslconf.h
+engine_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+engine_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+engine_lib.o: ../../include/openssl/rc5.h
+engine_lib.o: ../../include/openssl/rijndael-alg-fst.h
+engine_lib.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+engine_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+engine_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+engine_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
+engine_list.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+engine_list.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+engine_list.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+engine_list.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+engine_list.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+engine_list.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+engine_list.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+engine_list.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+engine_list.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+engine_list.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+engine_list.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+engine_list.o: ../../include/openssl/objects.h
+engine_list.o: ../../include/openssl/opensslconf.h
+engine_list.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+engine_list.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+engine_list.o: ../../include/openssl/rc5.h
+engine_list.o: ../../include/openssl/rijndael-alg-fst.h
+engine_list.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+engine_list.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+engine_list.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+engine_list.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
+engine_openssl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+engine_openssl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+engine_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+engine_openssl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+engine_openssl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+engine_openssl.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h
+engine_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+engine_openssl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+engine_openssl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+engine_openssl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+engine_openssl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+engine_openssl.o: ../../include/openssl/obj_mac.h
+engine_openssl.o: ../../include/openssl/objects.h
+engine_openssl.o: ../../include/openssl/opensslconf.h
+engine_openssl.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+engine_openssl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+engine_openssl.o: ../../include/openssl/rc5.h
+engine_openssl.o: ../../include/openssl/rijndael-alg-fst.h
+engine_openssl.o: ../../include/openssl/rijndael.h
+engine_openssl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+engine_openssl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+engine_openssl.o: ../../include/openssl/stack.h
+engine_openssl.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
+hw_atalla.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hw_atalla.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+hw_atalla.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+hw_atalla.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+hw_atalla.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hw_atalla.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h
+hw_atalla.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+hw_atalla.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+hw_atalla.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+hw_atalla.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+hw_atalla.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hw_atalla.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hw_atalla.o: ../../include/openssl/opensslconf.h
+hw_atalla.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+hw_atalla.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+hw_atalla.o: ../../include/openssl/rc5.h
+hw_atalla.o: ../../include/openssl/rijndael-alg-fst.h
+hw_atalla.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+hw_atalla.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+hw_atalla.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+hw_atalla.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
+hw_atalla.o: vendor_defns/atalla.h
+hw_cswift.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hw_cswift.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+hw_cswift.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+hw_cswift.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+hw_cswift.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hw_cswift.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h
+hw_cswift.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+hw_cswift.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+hw_cswift.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+hw_cswift.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+hw_cswift.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hw_cswift.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hw_cswift.o: ../../include/openssl/opensslconf.h
+hw_cswift.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+hw_cswift.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+hw_cswift.o: ../../include/openssl/rc5.h
+hw_cswift.o: ../../include/openssl/rijndael-alg-fst.h
+hw_cswift.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+hw_cswift.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+hw_cswift.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+hw_cswift.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
+hw_cswift.o: vendor_defns/cswift.h
+hw_ncipher.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hw_ncipher.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+hw_ncipher.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+hw_ncipher.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+hw_ncipher.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hw_ncipher.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h
+hw_ncipher.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+hw_ncipher.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+hw_ncipher.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+hw_ncipher.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+hw_ncipher.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hw_ncipher.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hw_ncipher.o: ../../include/openssl/opensslconf.h
+hw_ncipher.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
+hw_ncipher.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+hw_ncipher.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+hw_ncipher.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+hw_ncipher.o: ../../include/openssl/rijndael-alg-fst.h
+hw_ncipher.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+hw_ncipher.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+hw_ncipher.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+hw_ncipher.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+hw_ncipher.o: ../../include/openssl/x509_vfy.h ../cryptlib.h engine_int.h
+hw_ncipher.o: vendor_defns/hwcryptohook.h
+hw_nuron.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hw_nuron.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+hw_nuron.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+hw_nuron.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+hw_nuron.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hw_nuron.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h
+hw_nuron.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+hw_nuron.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+hw_nuron.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+hw_nuron.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+hw_nuron.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hw_nuron.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hw_nuron.o: ../../include/openssl/opensslconf.h
+hw_nuron.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+hw_nuron.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+hw_nuron.o: ../../include/openssl/rc5.h
+hw_nuron.o: ../../include/openssl/rijndael-alg-fst.h
+hw_nuron.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+hw_nuron.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+hw_nuron.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+hw_nuron.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
diff --git a/crypto/engine/README b/crypto/engine/README
new file mode 100644 (file)
index 0000000..96595e6
--- /dev/null
@@ -0,0 +1,278 @@
+NOTES, THOUGHTS, and EVERYTHING
+-------------------------------
+
+(1) Concurrency and locking ... I made a change to the ENGINE_free code
+    because I spotted a potential hold-up in proceedings (doing too
+    much inside a lock including calling a callback), there may be
+    other bits like this. What do the speed/optimisation freaks think
+    of this aspect of the code and design? There's lots of locking for
+    manipulation functions and I need that to keep things nice and
+    solid, but this manipulation is mostly (de)initialisation, I would
+    think that most run-time locking is purely in the ENGINE_init and
+    ENGINE_finish calls that might be made when getting handles for
+    RSA (and friends') structures. These would be mostly reference
+    count operations as the functional references should always be 1
+    or greater at run-time to prevent init/deinit thrashing.
+
+(2) nCipher support, via the HWCryptoHook API, is now in the code.
+    Apparently this hasn't been tested too much yet, but it looks
+    good. :-) Atalla support has been added too, but shares a lot in
+    common with Ben's original hooks in bn_exp.c (although it has been
+    ENGINE-ified, and error handling wrapped around it) and it's also
+    had some low-volume testing, so it should be usable.
+
+(3) Of more concern, we need to work out (a) how to put together usable
+    RAND_METHODs for units that just have one "get n or less random
+    bytes" function, (b) we also need to determine how to hook the code
+    in crypto/rand/ to use the ENGINE defaults in a way similar to what
+    has been done in crypto/rsa/, crypto/dsa/, etc.
+
+(4) ENGINE should really grow to encompass more than 3 public key
+    algorithms and randomness gathering. The structure/data level of
+    the engine code is hidden from code outside the crypto/engine/
+    directory so change shouldn't be too viral. More important though
+    is how things should evolve ... this needs thought and discussion.
+
+
+-----------------------------------==*==-----------------------------------
+
+More notes 2000-08-01
+---------------------
+
+Geoff Thorpe, who designed the engine part, wrote a pretty good description
+of the thoughts he had when he built it, good enough to include verbatim here
+(with his permission)                                  -- Richard Levitte
+
+
+Date: Tue, 1 Aug 2000 16:54:08 +0100 (BST)
+From: Geoff Thorpe
+Subject: Re: The thoughts to merge BRANCH_engine into the main trunk are
+ emerging
+
+Hi there,
+
+I'm going to try and do some justice to this, but I'm a little short on
+time and the there is an endless amount that could be discussed on this
+subject. sigh ... please bear with me :-)
+
+> The changes in BRANCH_engine dig deep into the core of OpenSSL, for example
+> into the RSA and RAND routines, adding a level of indirection which is needed
+> to keep the abstraction, as far as I understand.  It would be a good thing if
+> those who do play with those things took a look at the changes that have been
+> done in the branch and say out loud how much (or hopefully little) we've made
+> fools of ourselves.
+
+The point here is that the code that has emerged in the BRANCH_engine
+branch was based on some initial requirements of mine that I went in and
+addressed, and Richard has picked up the ball and run with it too. It
+would be really useful to get some review of the approach we've taken, but
+first I think I need to describe as best I can the reasons behind what has
+been done so far, in particular what issues we have tried to address when
+doing this, and what issues we have intentionally (or necessarily) tried
+to avoid.
+
+methods, engines, and evps
+--------------------------
+
+There has been some dicussion, particularly with Steve, about where this
+ENGINE stuff might fit into the conceptual picture as/when we start to
+abstract algorithms a little bit to make the library more extensible. In
+particular, it would desirable to have algorithms (symmetric, hash, pkc,
+etc) abstracted in some way that allows them to be just objects sitting in
+a list (or database) ... it'll just happen that the "DSA" object doesn't
+support encryption whereas the "RSA" object does. This requires a lot of
+consideration to begin to know how to tackle it; in particular how
+encapsulated should these things be? If the objects also understand their
+own ASN1 encodings and what-not, then it would for example be possible to
+add support for elliptic-curve DSA in as a new algorithm and automatically
+have ECC-DSA certificates supported in SSL applications. Possible, but not
+easy. :-)
+
+Whatever, it seems that the way to go (if I've grok'd Steve's comments on
+this in the past) is to amalgamate these things in EVP as is already done
+(I think) for ciphers or hashes (Steve, please correct/elaborate). I
+certainly think something should be done in this direction because right
+now we have different source directories, types, functions, and methods
+for each algorithm - even when conceptually they are very much different
+feathers of the same bird. (This is certainly all true for the public-key
+stuff, and may be partially true for the other parts.)
+
+ENGINE was *not* conceived as a way of solving this, far from it. Nor was
+it conceived as a way of replacing the various "***_METHOD"s. It was
+conceived as an abstraction of a sort of "virtual crypto device". If we
+lived in a world where "EVP_ALGO"s (or something like them) encapsulated
+particular algorithms like RSA,DSA,MD5,RC4,etc, and "***_METHOD"s
+encapsulated interfaces to algorithms (eg. some algo's might support a
+PKC_METHOD, a HASH_METHOD, or a CIPHER_METHOD, who knows?), then I would
+think that ENGINE would encapsulate an implementation of arbitrarily many
+of those algorithms - perhaps as alternatives to existing algorithms
+and/or perhaps as new previously unimplemented algorithms. An ENGINE could
+be used to contain an alternative software implementation, a wrapper for a
+hardware acceleration and/or key-management unit, a comms-wrapper for
+distributing cryptographic operations to remote machines, or any other
+"devices" your imagination can dream up.
+
+However, what has been done in the ENGINE branch so far is nothing more
+than starting to get our toes wet. I had a couple of self-imposed
+requirements when putting the initial abstraction together, and I may have
+already posed these in one form or another on the list, but briefly;
+
+   (i) only bother with public key algorithms for now, and maybe RAND too
+       (motivated by the need to get hardware support going and the fact
+       this was a comparitively easy subset to address to begin with).
+
+  (ii) don't change (if at all possible) the existing crypto code, ie. the
+       implementations, the way the ***_METHODs work, etc.
+
+ (iii) ensure that if no function from the ENGINE code is ever called then
+       things work the way they always did, and there is no memory
+       allocation (otherwise the failure to cleanup would be a problem -
+       this is part of the reason no STACKs were used, the other part of
+       the reason being I found them inappropriate).
+
+  (iv) ensure that all the built-in crypto was encapsulated by one of
+       these "ENGINE"s and that this engine was automatically selected as
+       the default.
+
+   (v) provide the minimum hooking possible in the existing crypto code
+       so that global functions (eg. RSA_public_encrypt) do not need any
+       extra parameter, yet will use whatever the current default ENGINE
+       for that RSA key is, and that the default can be set "per-key"
+       and globally (new keys will assume the global default, and keys
+       without their own default will be operated on using the global
+       default). NB: Try and make (v) conflict as little as possible with
+       (ii). :-)
+
+  (vi) wrap the ENGINE code up in duct tape so you can't even see the
+       corners. Ie. expose no structures at all, just black-box pointers.
+
+   (v) maintain internally a list of ENGINEs on which a calling
+       application can iterate, interrogate, etc. Allow a calling
+       application to hook in new ENGINEs, remove ENGINEs from the list,
+       and enforce uniqueness within the global list of each ENGINE's
+       "unique id".
+
+  (vi) keep reference counts for everything - eg. this includes storing a
+       reference inside each RSA structure to the ENGINE that it uses.
+       This is freed when the RSA structure is destroyed, or has its
+       ENGINE explicitly changed. The net effect needs to be that at any
+       time, it is deterministic to know whether an ENGINE is in use or
+       can be safely removed (or unloaded in the case of the other type
+       of reference) without invalidating function pointers that may or
+       may not be used indavertently in the future. This was actually
+       one of the biggest problems to overcome in the existing OpenSSL
+       code - implementations had always been assumed to be ever-present,
+       so there was no trivial way to get round this.
+
+ (vii) distinguish between structural references and functional
+       references.
+
+A *little* detail
+-----------------
+
+While my mind is on it; I'll illustrate the bit in item (vii). This idea
+turned out to be very handy - the ENGINEs themselves need to be operated
+on and manipulated simply as objects without necessarily trying to
+"enable" them for use. Eg. most host machines will not have the necessary
+hardware or software to support all the engines one might compile into
+OpenSSL, yet it needs to be possible to iterate across the ENGINEs,
+querying their names, properties, etc - all happening in a thread-safe
+manner that uses reference counts (if you imagine two threads iterating
+through a list and one thread removing the ENGINE the other is currently
+looking at - you can see the gotcha waiting to happen). For all of this,
+*structural references* are used and operate much like the other reference
+counts in OpenSSL.
+
+The other kind of reference count is for *functional* references - these
+indicate a reference on which the caller can actually assume the
+particular ENGINE to be initialised and usable to perform the operations
+it implements. Any increment or decrement of the functional reference
+count automatically invokes a corresponding change in the structural
+reference count, as it is fairly obvious that a functional reference is a
+restricted case of a structural reference. So struct_ref >= funct_ref at
+all times. NB: functional references are usually obtained by a call to
+ENGINE_init(), but can also be created implicitly by calls that require a
+new functional reference to be created, eg. ENGINE_set_default(). Either
+way the only time the underlying ENGINE's "init" function is really called
+is when the (functional) reference count increases to 1, similarly the
+underlying "finish" handler is only called as the count goes down to 0.
+The effect of this, for example, is that if you set the default ENGINE for
+RSA operations to be "cswift", then its functional reference count will
+already be at least 1 so the CryptoSwift shared-library and the card will
+stay loaded and initialised until such time as all RSA keys using the
+cswift ENGINE are changed or destroyed and the default ENGINE for RSA
+operations has been changed. This prevents repeated thrashing of init and
+finish handling if the count keeps getting down as far as zero.
+
+Otherwise, the way the ENGINE code has been put together I think pretty
+much reflects the above points. The reason for the ENGINE structure having
+individual RSA_METHOD, DSA_METHOD, etc pointers is simply that it was the
+easiest way to go about things for now, to hook it all into the raw
+RSA,DSA,etc code, and I was trying to the keep the structure invisible
+anyway so that the way this is internally managed could be easily changed
+later on when we start to work out what's to be done about these other
+abstractions.
+
+Down the line, if some EVP-based technique emerges for adequately
+encapsulating algorithms and all their various bits and pieces, then I can
+imagine that "ENGINE" would turn into a reference-counting database of
+these EVP things, of which the default "openssl" ENGINE would be the
+library's own object database of pre-built software implemented algorithms
+(and such). It would also be cool to see the idea of "METHOD"s detached
+from the algorithms themselves ... so RSA, DSA, ElGamal, etc can all
+expose essentially the same METHOD (aka interface), which would include
+any querying/flagging stuff to identify what the algorithm can/can't do,
+its name, and other stuff like max/min block sizes, key sizes, etc. This
+would result in ENGINE similarly detaching its internal database of
+algorithm implementations from the function definitions that return
+interfaces to them. I think ...
+
+As for DSOs etc. Well the DSO code is pretty handy (but could be made much
+more so) for loading vendor's driver-libraries and talking to them in some
+generic way, but right now there's still big problems associated with
+actually putting OpenSSL code (ie. new ENGINEs, or anything else for that
+matter) in dynamically loadable libraries. These problems won't go away in
+a hurry so I don't think we should expect to have any kind of
+shared-library extensions any time soon - but solving the problems is a
+good thing to aim for, and would as a side-effect probably help make
+OpenSSL more usable as a shared-library itself (looking at the things
+needed to do this will show you why).
+
+One of the problems is that if you look at any of the ENGINE
+implementations, eg. hw_cswift.c or hw_ncipher.c, you'll see how it needs
+a variety of functionality and definitions from various areas of OpenSSL,
+including crypto/bn/, crypto/err/, crypto/ itself (locking for example),
+crypto/dso/, crypto/engine/, crypto/rsa, etc etc etc. So if similar code
+were to be suctioned off into shared libraries, the shared libraries would
+either have to duplicate all the definitions and code and avoid loader
+conflicts, or OpenSSL would have to somehow expose all that functionality
+to the shared-library. If this isn't a big enough problem, the issue of
+binary compatibility will be - anyone writing Apache modules can tell you
+that (Ralf? Ben? :-). However, I don't think OpenSSL would need to be
+quite so forgiving as Apache should be, so OpenSSL could simply tell its
+version to the DSO and leave the DSO with the problem of deciding whether
+to proceed or bail out for fear of binary incompatibilities.
+
+Certainly one thing that would go a long way to addressing this is to
+embark on a bit of an opaqueness mission. I've set the ENGINE code up with
+this in mind - it's so draconian that even to declare your own ENGINE, you
+have to get the engine code to create the underlying ENGINE structure, and
+then feed in the new ENGINE's function/method pointers through various
+"set" functions. The more of the code that takes on such a black-box
+approach, the more of the code that will be (a) easy to expose to shared
+libraries that need it, and (b) easy to expose to applications wanting to
+use OpenSSL itself as a shared-library. From my own explorations in
+OpenSSL, the biggest leviathan I've seen that is a problem in this respect
+is the BIGNUM code. Trying to "expose" the bignum code through any kind of
+organised "METHODs", let alone do all the necessary bignum operations
+solely through functions rather than direct access to the structures and
+macros, will be a massive pain in the "r"s.
+
+Anyway, I'm done for now - hope it was readable. Thoughts?
+
+Cheers,
+Geoff
+
+
+-----------------------------------==*==-----------------------------------
+
diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
new file mode 100644 (file)
index 0000000..78cf41c
--- /dev/null
@@ -0,0 +1,403 @@
+/* openssl/engine.h */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_ENGINE_H
+#define HEADER_ENGINE_H
+
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/dh.h>
+#include <openssl/rand.h>
+#include <openssl/evp.h>
+#include <openssl/symhacks.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* These flags are used to control combinations of algorithm (methods)
+ * by bitwise "OR"ing. */
+#define ENGINE_METHOD_RSA              (unsigned int)0x0001
+#define ENGINE_METHOD_DSA              (unsigned int)0x0002
+#define ENGINE_METHOD_DH               (unsigned int)0x0004
+#define ENGINE_METHOD_RAND             (unsigned int)0x0008
+#define ENGINE_METHOD_BN_MOD_EXP       (unsigned int)0x0010
+#define ENGINE_METHOD_BN_MOD_EXP_CRT   (unsigned int)0x0020
+/* Obvious all-or-nothing cases. */
+#define ENGINE_METHOD_ALL              (unsigned int)0xFFFF
+#define ENGINE_METHOD_NONE             (unsigned int)0x0000
+
+/* These flags are used to tell the ctrl function what should be done.
+ * All command numbers are shared between all engines, even if some don't
+ * make sense to some engines.  In such a case, they do nothing but return
+ * the error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. */
+#define ENGINE_CTRL_SET_LOGSTREAM              1
+#define ENGINE_CTRL_SET_PASSWORD_CALLBACK      2
+/* Flags specific to the nCipher "chil" engine */
+#define ENGINE_CTRL_CHIL_SET_FORKCHECK         100
+       /* Depending on the value of the (long)i argument, this sets or
+        * unsets the SimpleForkCheck flag in the CHIL API to enable or
+        * disable checking and workarounds for applications that fork().
+        */
+#define ENGINE_CTRL_CHIL_NO_LOCKING            101
+       /* This prevents the initialisation function from providing mutex
+        * callbacks to the nCipher library. */
+
+/* As we're missing a BIGNUM_METHOD, we need a couple of locally
+ * defined function types that engines can implement. */
+
+#ifndef HEADER_ENGINE_INT_H
+/* mod_exp operation, calculates; r = a ^ p mod m
+ * NB: ctx can be NULL, but if supplied, the implementation may use
+ * it if it wishes. */
+typedef int (*BN_MOD_EXP)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+               const BIGNUM *m, BN_CTX *ctx);
+
+/* private key operation for RSA, provided seperately in case other
+ * RSA implementations wish to use it. */
+typedef int (*BN_MOD_EXP_CRT)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+               const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
+               const BIGNUM *iqmp, BN_CTX *ctx);
+
+/* Generic function pointer */
+typedef void (*ENGINE_GEN_FUNC_PTR)();
+/* Generic function pointer taking no arguments */
+typedef void (*ENGINE_GEN_INT_FUNC_PTR)(void);
+/* Specific control function pointer */
+typedef int (*ENGINE_CTRL_FUNC_PTR)(int cmd, long i, void *p, void (*f)());
+
+/* The list of "engine" types is a static array of (const ENGINE*)
+ * pointers (not dynamic because static is fine for now and we otherwise
+ * have to hook an appropriate load/unload function in to initialise and
+ * cleanup). */
+typedef struct engine_st ENGINE;
+#endif
+
+/* STRUCTURE functions ... all of these functions deal with pointers to
+ * ENGINE structures where the pointers have a "structural reference".
+ * This means that their reference is to allow access to the structure
+ * but it does not imply that the structure is functional. To simply
+ * increment or decrement the structural reference count, use ENGINE_new
+ * and ENGINE_free. NB: This is not required when iterating using
+ * ENGINE_get_next as it will automatically decrement the structural
+ * reference count of the "current" ENGINE and increment the structural
+ * reference count of the ENGINE it returns (unless it is NULL). */
+
+/* Get the first/last "ENGINE" type available. */
+ENGINE *ENGINE_get_first(void);
+ENGINE *ENGINE_get_last(void);
+/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
+ENGINE *ENGINE_get_next(ENGINE *e);
+ENGINE *ENGINE_get_prev(ENGINE *e);
+/* Add another "ENGINE" type into the array. */
+int ENGINE_add(ENGINE *e);
+/* Remove an existing "ENGINE" type from the array. */
+int ENGINE_remove(ENGINE *e);
+/* Retrieve an engine from the list by its unique "id" value. */
+ENGINE *ENGINE_by_id(const char *id);
+
+/* These functions are useful for manufacturing new ENGINE
+ * structures. They don't address reference counting at all -
+ * one uses them to populate an ENGINE structure with personalised
+ * implementations of things prior to using it directly or adding
+ * it to the builtin ENGINE list in OpenSSL. These are also here
+ * so that the ENGINE structure doesn't have to be exposed and
+ * break binary compatibility!
+ *
+ * NB: I'm changing ENGINE_new to force the ENGINE structure to
+ * be allocated from within OpenSSL. See the comment for
+ * ENGINE_get_struct_size().
+ */
+#if 0
+ENGINE *ENGINE_new(ENGINE *e);
+#else
+ENGINE *ENGINE_new(void);
+#endif
+int ENGINE_free(ENGINE *e);
+int ENGINE_set_id(ENGINE *e, const char *id);
+int ENGINE_set_name(ENGINE *e, const char *name);
+int ENGINE_set_RSA(ENGINE *e, RSA_METHOD *rsa_meth);
+int ENGINE_set_DSA(ENGINE *e, DSA_METHOD *dsa_meth);
+int ENGINE_set_DH(ENGINE *e, DH_METHOD *dh_meth);
+int ENGINE_set_RAND(ENGINE *e, RAND_METHOD *rand_meth);
+int ENGINE_set_BN_mod_exp(ENGINE *e, BN_MOD_EXP bn_mod_exp);
+int ENGINE_set_BN_mod_exp_crt(ENGINE *e, BN_MOD_EXP_CRT bn_mod_exp_crt);
+int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
+int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
+int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
+
+/* These return values from within the ENGINE structure. These can
+ * be useful with functional references as well as structural
+ * references - it depends which you obtained. Using the result
+ * for functional purposes if you only obtained a structural
+ * reference may be problematic! */
+const char *ENGINE_get_id(ENGINE *e);
+const char *ENGINE_get_name(ENGINE *e);
+RSA_METHOD *ENGINE_get_RSA(ENGINE *e);
+DSA_METHOD *ENGINE_get_DSA(ENGINE *e);
+DH_METHOD *ENGINE_get_DH(ENGINE *e);
+RAND_METHOD *ENGINE_get_RAND(ENGINE *e);
+BN_MOD_EXP ENGINE_get_BN_mod_exp(ENGINE *e);
+BN_MOD_EXP_CRT ENGINE_get_BN_mod_exp_crt(ENGINE *e);
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(ENGINE *e);
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(ENGINE *e);
+ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(ENGINE *e);
+
+/* ENGINE_new is normally passed a NULL in the first parameter because
+ * the calling code doesn't have access to the definition of the ENGINE
+ * structure (for good reason). However, if the caller wishes to use
+ * its own memory allocation or use a static array, the following call
+ * should be used to check the amount of memory the ENGINE structure
+ * will occupy. This will make the code more future-proof.
+ *
+ * NB: I'm "#if 0"-ing this out because it's better to force the use of
+ * internally allocated memory. See similar change in ENGINE_new().
+ */
+#if 0
+int ENGINE_get_struct_size(void);
+#endif
+
+/* FUNCTIONAL functions. These functions deal with ENGINE structures
+ * that have (or will) be initialised for use. Broadly speaking, the
+ * structural functions are useful for iterating the list of available
+ * engine types, creating new engine types, and other "list" operations.
+ * These functions actually deal with ENGINEs that are to be used. As
+ * such these functions can fail (if applicable) when particular
+ * engines are unavailable - eg. if a hardware accelerator is not
+ * attached or not functioning correctly. Each ENGINE has 2 reference
+ * counts; structural and functional. Every time a functional reference
+ * is obtained or released, a corresponding structural reference is
+ * automatically obtained or released too. */
+
+/* Initialise a engine type for use (or up its reference count if it's
+ * already in use). This will fail if the engine is not currently
+ * operational and cannot initialise. */
+int ENGINE_init(ENGINE *e);
+/* Free a functional reference to a engine type. This does not require
+ * a corresponding call to ENGINE_free as it also releases a structural
+ * reference. */
+int ENGINE_finish(ENGINE *e);
+/* Send control parametrised commands to the engine.  The possibilities
+ * to send down an integer, a pointer to data or a function pointer are
+ * provided.  Any of the parameters may or may not be NULL, depending
+ * on the command number */
+/* WARNING: This is currently experimental and may change radically! */
+int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+
+/* The following functions handle keys that are stored in some secondary
+ * location, handled by the engine.  The storage may be on a card or
+ * whatever. */
+EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
+       const char *passphrase);
+EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
+       const char *passphrase);
+
+/* This returns a pointer for the current ENGINE structure that
+ * is (by default) performing any RSA operations. The value returned
+ * is an incremented reference, so it should be free'd (ENGINE_finish)
+ * before it is discarded. */
+ENGINE *ENGINE_get_default_RSA(void);
+/* Same for the other "methods" */
+ENGINE *ENGINE_get_default_DSA(void);
+ENGINE *ENGINE_get_default_DH(void);
+ENGINE *ENGINE_get_default_RAND(void);
+ENGINE *ENGINE_get_default_BN_mod_exp(void);
+ENGINE *ENGINE_get_default_BN_mod_exp_crt(void);
+
+/* This sets a new default ENGINE structure for performing RSA
+ * operations. If the result is non-zero (success) then the ENGINE
+ * structure will have had its reference count up'd so the caller
+ * should still free their own reference 'e'. */
+int ENGINE_set_default_RSA(ENGINE *e);
+/* Same for the other "methods" */
+int ENGINE_set_default_DSA(ENGINE *e);
+int ENGINE_set_default_DH(ENGINE *e);
+int ENGINE_set_default_RAND(ENGINE *e);
+int ENGINE_set_default_BN_mod_exp(ENGINE *e);
+int ENGINE_set_default_BN_mod_exp_crt(ENGINE *e);
+
+/* The combination "set" - the flags are bitwise "OR"d from the
+ * ENGINE_METHOD_*** defines above. */
+int ENGINE_set_default(ENGINE *e, unsigned int flags);
+
+/* Obligatory error function. */
+void ERR_load_ENGINE_strings(void);
+
+/*
+ * Error codes for all engine functions. NB: We use "generic"
+ * function names instead of per-implementation ones because this
+ * levels the playing field for externally implemented bootstrapped
+ * support code. As the filename and line number is included, it's
+ * more important to indicate the type of function, so that
+ * bootstrapped code (that can't easily add its own errors in) can
+ * use the same error codes too.
+ */
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+/* Error codes for the ENGINE functions. */
+
+/* Function codes. */
+#define ENGINE_F_ATALLA_FINISH                          135
+#define ENGINE_F_ATALLA_INIT                            136
+#define ENGINE_F_ATALLA_MOD_EXP                                 137
+#define ENGINE_F_ATALLA_RSA_MOD_EXP                     138
+#define ENGINE_F_CSWIFT_DSA_SIGN                        133
+#define ENGINE_F_CSWIFT_DSA_VERIFY                      134
+#define ENGINE_F_CSWIFT_FINISH                          100
+#define ENGINE_F_CSWIFT_INIT                            101
+#define ENGINE_F_CSWIFT_MOD_EXP                                 102
+#define ENGINE_F_CSWIFT_MOD_EXP_CRT                     103
+#define ENGINE_F_CSWIFT_RSA_MOD_EXP                     104
+#define ENGINE_F_ENGINE_ADD                             105
+#define ENGINE_F_ENGINE_BY_ID                           106
+#define ENGINE_F_ENGINE_CTRL                            142
+#define ENGINE_F_ENGINE_FINISH                          107
+#define ENGINE_F_ENGINE_FREE                            108
+#define ENGINE_F_ENGINE_GET_BN_MOD_EXP                  109
+#define ENGINE_F_ENGINE_GET_BN_MOD_EXP_CRT              110
+#define ENGINE_F_ENGINE_GET_CTRL_FUNCTION               144
+#define ENGINE_F_ENGINE_GET_DH                          111
+#define ENGINE_F_ENGINE_GET_DSA                                 112
+#define ENGINE_F_ENGINE_GET_FINISH_FUNCTION             145
+#define ENGINE_F_ENGINE_GET_ID                          113
+#define ENGINE_F_ENGINE_GET_INIT_FUNCTION               146
+#define ENGINE_F_ENGINE_GET_NAME                        114
+#define ENGINE_F_ENGINE_GET_NEXT                        115
+#define ENGINE_F_ENGINE_GET_PREV                        116
+#define ENGINE_F_ENGINE_GET_RAND                        117
+#define ENGINE_F_ENGINE_GET_RSA                                 118
+#define ENGINE_F_ENGINE_INIT                            119
+#define ENGINE_F_ENGINE_LIST_ADD                        120
+#define ENGINE_F_ENGINE_LIST_REMOVE                     121
+#define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY                150
+#define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY                         151
+#define ENGINE_F_ENGINE_NEW                             122
+#define ENGINE_F_ENGINE_REMOVE                          123
+#define ENGINE_F_ENGINE_SET_BN_MOD_EXP                  124
+#define ENGINE_F_ENGINE_SET_BN_MOD_EXP_CRT              125
+#define ENGINE_F_ENGINE_SET_CTRL_FUNCTION               147
+#define ENGINE_F_ENGINE_SET_DEFAULT_TYPE                126
+#define ENGINE_F_ENGINE_SET_DH                          127
+#define ENGINE_F_ENGINE_SET_DSA                                 128
+#define ENGINE_F_ENGINE_SET_FINISH_FUNCTION             148
+#define ENGINE_F_ENGINE_SET_ID                          129
+#define ENGINE_F_ENGINE_SET_INIT_FUNCTION               149
+#define ENGINE_F_ENGINE_SET_NAME                        130
+#define ENGINE_F_ENGINE_SET_RAND                        131
+#define ENGINE_F_ENGINE_SET_RSA                                 132
+#define ENGINE_F_ENGINE_UNLOAD_KEY                      152
+#define ENGINE_F_HWCRHK_CTRL                            143
+#define ENGINE_F_HWCRHK_FINISH                          135
+#define ENGINE_F_HWCRHK_GET_PASS                        155
+#define ENGINE_F_HWCRHK_INIT                            136
+#define ENGINE_F_HWCRHK_LOAD_PRIVKEY                    153
+#define ENGINE_F_HWCRHK_LOAD_PUBKEY                     154
+#define ENGINE_F_HWCRHK_MOD_EXP                                 137
+#define ENGINE_F_HWCRHK_MOD_EXP_CRT                     138
+#define ENGINE_F_HWCRHK_RAND_BYTES                      139
+#define ENGINE_F_HWCRHK_RSA_MOD_EXP                     140
+#define ENGINE_F_LOG_MESSAGE                            141
+#define ENGINE_F_NURON_FINISH                           157
+#define ENGINE_F_NURON_INIT                             156
+#define ENGINE_F_NURON_MOD_EXP                          158
+
+/* Reason codes. */
+#define ENGINE_R_ALREADY_LOADED                                 100
+#define ENGINE_R_BIO_WAS_FREED                          121
+#define ENGINE_R_BN_CTX_FULL                            101
+#define ENGINE_R_BN_EXPAND_FAIL                                 102
+#define ENGINE_R_CHIL_ERROR                             123
+#define ENGINE_R_CONFLICTING_ENGINE_ID                  103
+#define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED           119
+#define ENGINE_R_DSO_FAILURE                            104
+#define ENGINE_R_DSO_FUNCTION_NOT_FOUND                         131
+#define ENGINE_R_DSO_NOT_FOUND                          132
+#define ENGINE_R_ENGINE_IS_NOT_IN_LIST                  105
+#define ENGINE_R_FAILED_LOADING_PRIVATE_KEY             128
+#define ENGINE_R_FAILED_LOADING_PUBLIC_KEY              129
+#define ENGINE_R_FINISH_FAILED                          106
+#define ENGINE_R_GET_HANDLE_FAILED                      107
+#define ENGINE_R_ID_OR_NAME_MISSING                     108
+#define ENGINE_R_INIT_FAILED                            109
+#define ENGINE_R_INTERNAL_LIST_ERROR                    110
+#define ENGINE_R_MISSING_KEY_COMPONENTS                         111
+#define ENGINE_R_NOT_INITIALISED                        117
+#define ENGINE_R_NOT_LOADED                             112
+#define ENGINE_R_NO_CALLBACK                            127
+#define ENGINE_R_NO_CONTROL_FUNCTION                    120
+#define ENGINE_R_NO_KEY                                         124
+#define ENGINE_R_NO_LOAD_FUNCTION                       125
+#define ENGINE_R_NO_REFERENCE                           130
+#define ENGINE_R_NO_SUCH_ENGINE                                 116
+#define ENGINE_R_NO_UNLOAD_FUNCTION                     126
+#define ENGINE_R_PROVIDE_PARAMETERS                     113
+#define ENGINE_R_REQUEST_FAILED                                 114
+#define ENGINE_R_REQUEST_FALLBACK                       118
+#define ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL            122
+#define ENGINE_R_UNIT_FAILURE                           115
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/crypto/engine/engine_err.c b/crypto/engine/engine_err.c
new file mode 100644 (file)
index 0000000..44c4fb9
--- /dev/null
@@ -0,0 +1,188 @@
+/* crypto/engine/engine_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/engine.h>
+
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA ENGINE_str_functs[]=
+       {
+{ERR_PACK(0,ENGINE_F_ATALLA_FINISH,0), "ATALLA_FINISH"},
+{ERR_PACK(0,ENGINE_F_ATALLA_INIT,0),   "ATALLA_INIT"},
+{ERR_PACK(0,ENGINE_F_ATALLA_MOD_EXP,0),        "ATALLA_MOD_EXP"},
+{ERR_PACK(0,ENGINE_F_ATALLA_RSA_MOD_EXP,0),    "ATALLA_RSA_MOD_EXP"},
+{ERR_PACK(0,ENGINE_F_CSWIFT_DSA_SIGN,0),       "CSWIFT_DSA_SIGN"},
+{ERR_PACK(0,ENGINE_F_CSWIFT_DSA_VERIFY,0),     "CSWIFT_DSA_VERIFY"},
+{ERR_PACK(0,ENGINE_F_CSWIFT_FINISH,0), "CSWIFT_FINISH"},
+{ERR_PACK(0,ENGINE_F_CSWIFT_INIT,0),   "CSWIFT_INIT"},
+{ERR_PACK(0,ENGINE_F_CSWIFT_MOD_EXP,0),        "CSWIFT_MOD_EXP"},
+{ERR_PACK(0,ENGINE_F_CSWIFT_MOD_EXP_CRT,0),    "CSWIFT_MOD_EXP_CRT"},
+{ERR_PACK(0,ENGINE_F_CSWIFT_RSA_MOD_EXP,0),    "CSWIFT_RSA_MOD_EXP"},
+{ERR_PACK(0,ENGINE_F_ENGINE_ADD,0),    "ENGINE_add"},
+{ERR_PACK(0,ENGINE_F_ENGINE_BY_ID,0),  "ENGINE_by_id"},
+{ERR_PACK(0,ENGINE_F_ENGINE_CTRL,0),   "ENGINE_ctrl"},
+{ERR_PACK(0,ENGINE_F_ENGINE_FINISH,0), "ENGINE_finish"},
+{ERR_PACK(0,ENGINE_F_ENGINE_FREE,0),   "ENGINE_free"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_BN_MOD_EXP,0), "ENGINE_get_BN_mod_exp"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_BN_MOD_EXP_CRT,0),     "ENGINE_get_BN_mod_exp_crt"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_CTRL_FUNCTION,0),      "ENGINE_get_ctrl_function"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_DH,0), "ENGINE_get_DH"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_DSA,0),        "ENGINE_get_DSA"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_FINISH_FUNCTION,0),    "ENGINE_get_finish_function"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_ID,0), "ENGINE_get_id"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_INIT_FUNCTION,0),      "ENGINE_get_init_function"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_NAME,0),       "ENGINE_get_name"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_NEXT,0),       "ENGINE_get_next"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_PREV,0),       "ENGINE_get_prev"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_RAND,0),       "ENGINE_get_RAND"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_RSA,0),        "ENGINE_get_RSA"},
+{ERR_PACK(0,ENGINE_F_ENGINE_INIT,0),   "ENGINE_init"},
+{ERR_PACK(0,ENGINE_F_ENGINE_LIST_ADD,0),       "ENGINE_LIST_ADD"},
+{ERR_PACK(0,ENGINE_F_ENGINE_LIST_REMOVE,0),    "ENGINE_LIST_REMOVE"},
+{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,0),       "ENGINE_load_private_key"},
+{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,0),        "ENGINE_load_public_key"},
+{ERR_PACK(0,ENGINE_F_ENGINE_NEW,0),    "ENGINE_new"},
+{ERR_PACK(0,ENGINE_F_ENGINE_REMOVE,0), "ENGINE_remove"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_BN_MOD_EXP,0), "ENGINE_set_BN_mod_exp"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_BN_MOD_EXP_CRT,0),     "ENGINE_set_BN_mod_exp_crt"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_CTRL_FUNCTION,0),      "ENGINE_set_ctrl_function"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_DEFAULT_TYPE,0),       "ENGINE_SET_DEFAULT_TYPE"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_DH,0), "ENGINE_set_DH"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_DSA,0),        "ENGINE_set_DSA"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_FINISH_FUNCTION,0),    "ENGINE_set_finish_function"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_ID,0), "ENGINE_set_id"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_INIT_FUNCTION,0),      "ENGINE_set_init_function"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_NAME,0),       "ENGINE_set_name"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_RAND,0),       "ENGINE_set_RAND"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_RSA,0),        "ENGINE_set_RSA"},
+{ERR_PACK(0,ENGINE_F_ENGINE_UNLOAD_KEY,0),     "ENGINE_UNLOAD_KEY"},
+{ERR_PACK(0,ENGINE_F_HWCRHK_CTRL,0),   "HWCRHK_CTRL"},
+{ERR_PACK(0,ENGINE_F_HWCRHK_FINISH,0), "HWCRHK_FINISH"},
+{ERR_PACK(0,ENGINE_F_HWCRHK_GET_PASS,0),       "HWCRHK_GET_PASS"},
+{ERR_PACK(0,ENGINE_F_HWCRHK_INIT,0),   "HWCRHK_INIT"},
+{ERR_PACK(0,ENGINE_F_HWCRHK_LOAD_PRIVKEY,0),   "HWCRHK_LOAD_PRIVKEY"},
+{ERR_PACK(0,ENGINE_F_HWCRHK_LOAD_PUBKEY,0),    "HWCRHK_LOAD_PUBKEY"},
+{ERR_PACK(0,ENGINE_F_HWCRHK_MOD_EXP,0),        "HWCRHK_MOD_EXP"},
+{ERR_PACK(0,ENGINE_F_HWCRHK_MOD_EXP_CRT,0),    "HWCRHK_MOD_EXP_CRT"},
+{ERR_PACK(0,ENGINE_F_HWCRHK_RAND_BYTES,0),     "HWCRHK_RAND_BYTES"},
+{ERR_PACK(0,ENGINE_F_HWCRHK_RSA_MOD_EXP,0),    "HWCRHK_RSA_MOD_EXP"},
+{ERR_PACK(0,ENGINE_F_LOG_MESSAGE,0),   "LOG_MESSAGE"},
+{ERR_PACK(0,ENGINE_F_NURON_FINISH,0),  "NURON_FINISH"},
+{ERR_PACK(0,ENGINE_F_NURON_INIT,0),    "NURON_INIT"},
+{ERR_PACK(0,ENGINE_F_NURON_MOD_EXP,0), "NURON_MOD_EXP"},
+{0,NULL}
+       };
+
+static ERR_STRING_DATA ENGINE_str_reasons[]=
+       {
+{ENGINE_R_ALREADY_LOADED                 ,"already loaded"},
+{ENGINE_R_BIO_WAS_FREED                  ,"bio was freed"},
+{ENGINE_R_BN_CTX_FULL                    ,"BN_CTX full"},
+{ENGINE_R_BN_EXPAND_FAIL                 ,"bn_expand fail"},
+{ENGINE_R_CHIL_ERROR                     ,"chil error"},
+{ENGINE_R_CONFLICTING_ENGINE_ID          ,"conflicting engine id"},
+{ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED   ,"ctrl command not implemented"},
+{ENGINE_R_DSO_FAILURE                    ,"DSO failure"},
+{ENGINE_R_DSO_FUNCTION_NOT_FOUND         ,"dso function not found"},
+{ENGINE_R_DSO_NOT_FOUND                  ,"dso not found"},
+{ENGINE_R_ENGINE_IS_NOT_IN_LIST          ,"engine is not in the list"},
+{ENGINE_R_FAILED_LOADING_PRIVATE_KEY     ,"failed loading private key"},
+{ENGINE_R_FAILED_LOADING_PUBLIC_KEY      ,"failed loading public key"},
+{ENGINE_R_FINISH_FAILED                  ,"finish failed"},
+{ENGINE_R_GET_HANDLE_FAILED              ,"could not obtain hardware handle"},
+{ENGINE_R_ID_OR_NAME_MISSING             ,"'id' or 'name' missing"},
+{ENGINE_R_INIT_FAILED                    ,"init failed"},
+{ENGINE_R_INTERNAL_LIST_ERROR            ,"internal list error"},
+{ENGINE_R_MISSING_KEY_COMPONENTS         ,"missing key components"},
+{ENGINE_R_NOT_INITIALISED                ,"not initialised"},
+{ENGINE_R_NOT_LOADED                     ,"not loaded"},
+{ENGINE_R_NO_CALLBACK                    ,"no callback"},
+{ENGINE_R_NO_CONTROL_FUNCTION            ,"no control function"},
+{ENGINE_R_NO_KEY                         ,"no key"},
+{ENGINE_R_NO_LOAD_FUNCTION               ,"no load function"},
+{ENGINE_R_NO_REFERENCE                   ,"no reference"},
+{ENGINE_R_NO_SUCH_ENGINE                 ,"no such engine"},
+{ENGINE_R_NO_UNLOAD_FUNCTION             ,"no unload function"},
+{ENGINE_R_PROVIDE_PARAMETERS             ,"provide parameters"},
+{ENGINE_R_REQUEST_FAILED                 ,"request failed"},
+{ENGINE_R_REQUEST_FALLBACK               ,"request fallback"},
+{ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL    ,"size too large or too small"},
+{ENGINE_R_UNIT_FAILURE                   ,"unit failure"},
+{0,NULL}
+       };
+
+#endif
+
+void ERR_load_ENGINE_strings(void)
+       {
+       static int init=1;
+
+       if (init)
+               {
+               init=0;
+#ifndef NO_ERR
+               ERR_load_strings(ERR_LIB_ENGINE,ENGINE_str_functs);
+               ERR_load_strings(ERR_LIB_ENGINE,ENGINE_str_reasons);
+#endif
+
+               }
+       }
diff --git a/crypto/engine/engine_int.h b/crypto/engine/engine_int.h
new file mode 100644 (file)
index 0000000..d4aa8fa
--- /dev/null
@@ -0,0 +1,164 @@
+/* crypto/engine/engine_int.h */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_ENGINE_INT_H
+#define HEADER_ENGINE_INT_H
+
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/dh.h>
+#include <openssl/rand.h>
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Bitwise OR-able values for the "flags" variable in ENGINE. */
+#define ENGINE_FLAGS_MALLOCED  0x0001
+
+#ifndef HEADER_ENGINE_H
+/* Regrettably, we need to reproduce the "BN" function types here
+ * because there is no such "BIGNUM_METHOD" as there is with RSA,
+ * DSA, etc. We do this so that we don't have a case where engine.h
+ * and engine_int.h conflict with each other. */
+typedef int (*BN_MOD_EXP)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+               const BIGNUM *m, BN_CTX *ctx);
+/* private key operation for RSA, provided seperately in case other
+ * RSA implementations wish to use it. */
+typedef int (*BN_MOD_EXP_CRT)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+               const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
+               const BIGNUM *iqmp, BN_CTX *ctx);
+
+/* Generic function pointer */
+typedef int (*ENGINE_GEN_FUNC_PTR)();
+/* Generic function pointer taking no arguments */
+typedef int (*ENGINE_GEN_INT_FUNC_PTR)(void);
+/* Specific control function pointer */
+typedef int (*ENGINE_CTRL_FUNC_PTR)(int cmd, long i, void *p, void (*f)());
+
+#endif
+
+/* This is a structure for storing implementations of various crypto
+ * algorithms and functions. */
+typedef struct engine_st
+       {
+       const char *id;
+       const char *name;
+       RSA_METHOD *rsa_meth;
+       DSA_METHOD *dsa_meth;
+       DH_METHOD *dh_meth;
+       RAND_METHOD *rand_meth;
+       BN_MOD_EXP bn_mod_exp;
+       BN_MOD_EXP_CRT bn_mod_exp_crt;
+       int (*init)(void);
+       int (*finish)(void);
+       int (*ctrl)(int cmd, long i, void *p, void (*f)());
+       EVP_PKEY *(*load_privkey)(const char *key_id, const char *passphrase);
+       EVP_PKEY *(*load_pubkey)(const char *key_id, const char *passphrase);
+       int flags;
+       /* reference count on the structure itself */
+       int struct_ref;
+       /* reference count on usability of the engine type. NB: This
+        * controls the loading and initialisation of any functionlity
+        * required by this engine, whereas the previous count is
+        * simply to cope with (de)allocation of this structure. Hence,
+        * running_ref <= struct_ref at all times. */
+       int funct_ref;
+       /* Used to maintain the linked-list of engines. */
+       struct engine_st *prev;
+       struct engine_st *next;
+       } ENGINE;
+
+/* BUILT-IN ENGINES. (these functions are only ever called once and
+ * do not return references - they are purely for bootstrapping). */
+
+/* Returns a structure of software only methods (the default). */
+ENGINE *ENGINE_openssl();
+
+#ifndef NO_HW
+
+#ifndef NO_HW_CSWIFT
+/* Returns a structure of cswift methods ... NB: This can exist and be
+ * "used" even on non-cswift systems because the "init" will fail if the
+ * card/library are not found. */
+ENGINE *ENGINE_cswift();
+#endif /* !NO_HW_CSWIFT */
+
+#ifndef NO_HW_NCIPHER
+ENGINE *ENGINE_ncipher();
+#endif /* !NO_HW_NCIPHER */
+
+#ifndef NO_HW_ATALLA
+/* Returns a structure of atalla methods. */
+ENGINE *ENGINE_atalla();
+#endif /* !NO_HW_ATALLA */
+
+#ifndef NO_HW_NURON
+ENGINE *ENGINE_nuron();
+#endif /* !NO_HW_NURON */
+
+#endif /* !NO_HW */
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif /* HEADER_ENGINE_INT_H */
diff --git a/crypto/engine/engine_lib.c b/crypto/engine/engine_lib.c
new file mode 100644 (file)
index 0000000..1df07af
--- /dev/null
@@ -0,0 +1,488 @@
+/* crypto/engine/engine_lib.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include "engine_int.h"
+#include <openssl/engine.h>
+
+/* These pointers each have their own "functional reference" when they
+ * are non-NULL. Similarly, when they are retrieved by a call to
+ * ENGINE_get_default_[RSA|DSA|...] the returned pointer is also a
+ * reference and the caller is responsible for freeing that when they
+ * are finished with it (with a call to ENGINE_finish() *NOT* just
+ * ENGINE_free()!!!!!!). */
+static ENGINE *engine_def_rsa = NULL;
+static ENGINE *engine_def_dsa = NULL;
+static ENGINE *engine_def_dh = NULL;
+static ENGINE *engine_def_rand = NULL;
+static ENGINE *engine_def_bn_mod_exp = NULL;
+static ENGINE *engine_def_bn_mod_exp_crt = NULL;
+/* A static "once-only" flag used to control if/when the above were
+ * initialised to suitable start-up defaults. */
+static int engine_def_flag = 0;
+
+/* This is used in certain static utility functions to save code
+ * repetition for per-algorithm functions. */
+typedef enum {
+       ENGINE_TYPE_RSA,
+       ENGINE_TYPE_DSA,
+       ENGINE_TYPE_DH,
+       ENGINE_TYPE_RAND,
+       ENGINE_TYPE_BN_MOD_EXP,
+       ENGINE_TYPE_BN_MOD_EXP_CRT
+       } ENGINE_TYPE;
+
+static void engine_def_check_util(ENGINE **def, ENGINE *val)
+       {
+       *def = val;
+       val->struct_ref++;
+       val->funct_ref++;
+       }
+
+/* In a slight break with convention - this static function must be
+ * called *outside* any locking of CRYPTO_LOCK_ENGINE. */
+static void engine_def_check(void)
+       {
+       ENGINE *e;
+       if(engine_def_flag)
+               return;
+       e = ENGINE_get_first();
+       if(e == NULL)
+               /* The list is empty ... not much we can do! */
+               return;
+       /* We have a structural reference, see if getting a functional
+        * reference is possible. This is done to cope with init errors
+        * in the engine - the following locked code does a bunch of
+        * manual "ENGINE_init"s which do *not* allow such an init
+        * error so this is worth doing. */
+       if(ENGINE_init(e))
+               {
+               CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+               /* Doing another check here prevents an obvious race
+                * condition because the whole function itself cannot
+                * be locked. */
+               if(engine_def_flag)
+                       goto skip_set_defaults;
+               /* OK, we got a functional reference, so we get one each
+                * for the defaults too. */
+               engine_def_check_util(&engine_def_rsa, e);
+               engine_def_check_util(&engine_def_dsa, e);
+               engine_def_check_util(&engine_def_dh, e);
+               engine_def_check_util(&engine_def_rand, e);
+               engine_def_check_util(&engine_def_bn_mod_exp, e);
+               engine_def_check_util(&engine_def_bn_mod_exp_crt, e);
+               engine_def_flag = 1;
+skip_set_defaults:
+               CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+               /* The "if" needs to be balanced out. */
+               ENGINE_finish(e);
+               }
+       /* We need to balance out the fact we obtained a structural
+        * reference to begin with from ENGINE_get_first(). */
+       ENGINE_free(e);
+       }
+
+/* Initialise a engine type for use (or up its functional reference count
+ * if it's already in use). */
+int ENGINE_init(ENGINE *e)
+       {
+       int to_return = 1;
+
+       if(e == NULL)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_INIT,ERR_R_PASSED_NULL_PARAMETER);
+               return 0;
+               }
+       CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+       if((e->funct_ref == 0) && e->init)
+               /* This is the first functional reference and the engine
+                * requires initialisation so we do it now. */
+               to_return = e->init();
+       if(to_return)
+               {
+               /* OK, we return a functional reference which is also a
+                * structural reference. */
+               e->struct_ref++;
+               e->funct_ref++;
+               }
+       CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+       return to_return;
+       }
+
+/* Free a functional reference to a engine type */
+int ENGINE_finish(ENGINE *e)
+       {
+       int to_return = 1;
+
+       if(e == NULL)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_FINISH,ERR_R_PASSED_NULL_PARAMETER);
+               return 0;
+               }
+       CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+       if((e->funct_ref == 1) && e->finish)
+#if 0
+               /* This is the last functional reference and the engine
+                * requires cleanup so we do it now. */
+               to_return = e->finish();
+       if(to_return)
+               {
+               /* Cleanup the functional reference which is also a
+                * structural reference. */
+               e->struct_ref--;
+               e->funct_ref--;
+               }
+       CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+#else
+               /* I'm going to deliberately do a convoluted version of this
+                * piece of code because we don't want "finish" functions
+                * being called inside a locked block of code, if at all
+                * possible. I'd rather have this call take an extra couple
+                * of ticks than have throughput serialised on a externally-
+                * provided callback function that may conceivably never come
+                * back. :-( */
+               {
+               CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+               /* CODE ALERT: This *IS* supposed to be "=" and NOT "==" :-) */
+               if((to_return = e->finish()))
+                       {
+                       CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+                       /* Cleanup the functional reference which is also a
+                        * structural reference. */
+                       e->struct_ref--;
+                       e->funct_ref--;
+                       CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+                       }
+               }
+       else
+               CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+#endif
+       return to_return;
+       }
+
+EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
+       const char *passphrase)
+       {
+       EVP_PKEY *pkey;
+
+       if(e == NULL)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+                       ERR_R_PASSED_NULL_PARAMETER);
+               return 0;
+               }
+       CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+       if(e->funct_ref == 0)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+                       ENGINE_R_NOT_INITIALISED);
+               return 0;
+               }
+       if (!e->load_privkey)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+                       ENGINE_R_NO_LOAD_FUNCTION);
+               return 0;
+               }
+       CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+       pkey = e->load_privkey(key_id, passphrase);
+       if (!pkey)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+                       ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
+               return 0;
+               }
+       return pkey;
+       }
+
+EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
+       const char *passphrase)
+       {
+       EVP_PKEY *pkey;
+
+       if(e == NULL)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+                       ERR_R_PASSED_NULL_PARAMETER);
+               return 0;
+               }
+       CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+       if(e->funct_ref == 0)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+                       ENGINE_R_NOT_INITIALISED);
+               return 0;
+               }
+       if (!e->load_pubkey)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+                       ENGINE_R_NO_LOAD_FUNCTION);
+               return 0;
+               }
+       CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+       pkey = e->load_pubkey(key_id, passphrase);
+       if (!pkey)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+                       ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
+               return 0;
+               }
+       return pkey;
+       }
+
+/* Initialise a engine type for use (or up its functional reference count
+ * if it's already in use). */
+int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+       {
+       if(e == NULL)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+               return 0;
+               }
+       CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+       if(e->struct_ref == 0)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_REFERENCE);
+               return 0;
+               }
+       if (!e->ctrl)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION);
+               return 0;
+               }
+       CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+       return e->ctrl(cmd, i, p, f);
+       }
+
+static ENGINE *engine_get_default_type(ENGINE_TYPE t)
+       {
+       ENGINE *ret = NULL;
+
+       /* engine_def_check is lean and mean and won't replace any
+        * prior default engines ... so we must ensure that it is always
+        * the first function to get to touch the default values. */
+       engine_def_check();
+       CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+       switch(t)
+               {
+       case ENGINE_TYPE_RSA:
+               ret = engine_def_rsa; break;
+       case ENGINE_TYPE_DSA:
+               ret = engine_def_dsa; break;
+       case ENGINE_TYPE_DH:
+               ret = engine_def_dh; break;
+       case ENGINE_TYPE_RAND:
+               ret = engine_def_rand; break;
+       case ENGINE_TYPE_BN_MOD_EXP:
+               ret = engine_def_bn_mod_exp; break;
+       case ENGINE_TYPE_BN_MOD_EXP_CRT:
+               ret = engine_def_bn_mod_exp_crt; break;
+               }
+       /* Unforunately we can't do this work outside the lock with a
+        * call to ENGINE_init() because that would leave a race
+        * condition open. */
+       if(ret)
+               {
+               ret->struct_ref++;
+               ret->funct_ref++;
+               }
+       CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+       return ret;
+       }
+
+ENGINE *ENGINE_get_default_RSA(void)
+       {
+       return engine_get_default_type(ENGINE_TYPE_RSA);
+       }
+
+ENGINE *ENGINE_get_default_DSA(void)
+       {
+       return engine_get_default_type(ENGINE_TYPE_DSA);
+       }
+
+ENGINE *ENGINE_get_default_DH(void)
+       {
+       return engine_get_default_type(ENGINE_TYPE_DH);
+       }
+
+ENGINE *ENGINE_get_default_RAND(void)
+       {
+       return engine_get_default_type(ENGINE_TYPE_RAND);
+       }
+
+ENGINE *ENGINE_get_default_BN_mod_exp(void)
+       {
+       return engine_get_default_type(ENGINE_TYPE_BN_MOD_EXP);
+       }
+
+ENGINE *ENGINE_get_default_BN_mod_exp_crt(void)
+       {
+       return engine_get_default_type(ENGINE_TYPE_BN_MOD_EXP_CRT);
+       }
+
+static int engine_set_default_type(ENGINE_TYPE t, ENGINE *e)
+       {
+       ENGINE *old = NULL;
+
+       if(e == NULL)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_TYPE,
+                       ERR_R_PASSED_NULL_PARAMETER);
+               return 0;
+               }
+       /* engine_def_check is lean and mean and won't replace any
+        * prior default engines ... so we must ensure that it is always
+        * the first function to get to touch the default values. */
+       engine_def_check();
+       /* Attempt to get a functional reference (we need one anyway, but
+        * also, 'e' may be just a structural reference being passed in so
+        * this call may actually be the first). */
+       if(!ENGINE_init(e))
+               {
+               ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_TYPE,
+                       ENGINE_R_INIT_FAILED);
+               return 0;
+               }
+       CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+       switch(t)
+               {
+       case ENGINE_TYPE_RSA:
+               old = engine_def_rsa;
+               engine_def_rsa = e; break;
+       case ENGINE_TYPE_DSA:
+               old = engine_def_dsa;
+               engine_def_dsa = e; break;
+       case ENGINE_TYPE_DH:
+               old = engine_def_dh;
+               engine_def_dh = e; break;
+       case ENGINE_TYPE_RAND:
+               old = engine_def_rand;
+               engine_def_rand = e; break;
+       case ENGINE_TYPE_BN_MOD_EXP:
+               old = engine_def_bn_mod_exp;
+               engine_def_bn_mod_exp = e; break;
+       case ENGINE_TYPE_BN_MOD_EXP_CRT:
+               old = engine_def_bn_mod_exp_crt;
+               engine_def_bn_mod_exp_crt = e; break;
+               }
+       CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+       /* If we've replaced a previous value, then we need to remove the
+        * functional reference we had. */
+       if(old && !ENGINE_finish(old))
+               {
+               ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_TYPE,
+                       ENGINE_R_FINISH_FAILED);
+               return 0;
+               }
+       return 1;
+       }
+
+int ENGINE_set_default_RSA(ENGINE *e)
+       {
+       return engine_set_default_type(ENGINE_TYPE_RSA, e);
+       }
+
+int ENGINE_set_default_DSA(ENGINE *e)
+       {
+       return engine_set_default_type(ENGINE_TYPE_DSA, e);
+       }
+
+int ENGINE_set_default_DH(ENGINE *e)
+       {
+       return engine_set_default_type(ENGINE_TYPE_DH, e);
+       }
+
+int ENGINE_set_default_RAND(ENGINE *e)
+       {
+       return engine_set_default_type(ENGINE_TYPE_RAND, e);
+       }
+
+int ENGINE_set_default_BN_mod_exp(ENGINE *e)
+       {
+       return engine_set_default_type(ENGINE_TYPE_BN_MOD_EXP, e);
+       }
+
+int ENGINE_set_default_BN_mod_exp_crt(ENGINE *e)
+       {
+       return engine_set_default_type(ENGINE_TYPE_BN_MOD_EXP_CRT, e);
+       }
+
+int ENGINE_set_default(ENGINE *e, unsigned int flags)
+       {
+       if((flags & ENGINE_METHOD_RSA) && e->rsa_meth &&
+                       !ENGINE_set_default_RSA(e))
+               return 0;
+       if((flags & ENGINE_METHOD_DSA) && e->dsa_meth &&
+                       !ENGINE_set_default_DSA(e))
+               return 0;
+       if((flags & ENGINE_METHOD_DH) && e->dh_meth &&
+                       !ENGINE_set_default_DH(e))
+               return 0;
+       if((flags & ENGINE_METHOD_RAND) && e->rand_meth &&
+                       !ENGINE_set_default_RAND(e))
+               return 0;
+       if((flags & ENGINE_METHOD_BN_MOD_EXP) && e->bn_mod_exp &&
+                       !ENGINE_set_default_BN_mod_exp(e))
+               return 0;
+       if((flags & ENGINE_METHOD_BN_MOD_EXP_CRT) && e->bn_mod_exp_crt &&
+                       !ENGINE_set_default_BN_mod_exp_crt(e))
+               return 0;
+       return 1;
+       }
+
diff --git a/crypto/engine/engine_list.c b/crypto/engine/engine_list.c
new file mode 100644 (file)
index 0000000..8fe4f30
--- /dev/null
@@ -0,0 +1,679 @@
+/* crypto/engine/engine_list.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include "engine_int.h"
+#include <openssl/engine.h>
+
+/* The linked-list of pointers to engine types. engine_list_head
+ * incorporates an implicit structural reference but engine_list_tail
+ * does not - the latter is a computational niceity and only points
+ * to something that is already pointed to by its predecessor in the
+ * list (or engine_list_head itself). In the same way, the use of the
+ * "prev" pointer in each ENGINE is to save excessive list iteration,
+ * it doesn't correspond to an extra structural reference. Hence,
+ * engine_list_head, and each non-null "next" pointer account for
+ * the list itself assuming exactly 1 structural reference on each
+ * list member. */
+static ENGINE *engine_list_head = NULL;
+static ENGINE *engine_list_tail = NULL;
+/* A boolean switch, used to ensure we only initialise once. This
+ * is needed because the engine list may genuinely become empty during
+ * use (so we can't use engine_list_head as an indicator for example. */
+static int engine_list_flag = 0;
+
+/* These static functions starting with a lower case "engine_" always
+ * take place when CRYPTO_LOCK_ENGINE has been locked up. */
+static int engine_list_add(ENGINE *e)
+       {
+       int conflict = 0;
+       ENGINE *iterator = NULL;
+
+       if(e == NULL)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
+                       ERR_R_PASSED_NULL_PARAMETER);
+               return 0;
+               }
+       iterator = engine_list_head;
+       while(iterator && !conflict)
+               {
+               conflict = (strcmp(iterator->id, e->id) == 0);
+               iterator = iterator->next;
+               }
+       if(conflict)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
+                       ENGINE_R_CONFLICTING_ENGINE_ID);
+               return 0;
+               }
+       if(engine_list_head == NULL)
+               {
+               /* We are adding to an empty list. */
+               if(engine_list_tail)
+                       {
+                       ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
+                               ENGINE_R_INTERNAL_LIST_ERROR);
+                       return 0;
+                       }
+               engine_list_head = e;
+               e->prev = NULL;
+               }
+       else
+               {
+               /* We are adding to the tail of an existing list. */
+               if((engine_list_tail == NULL) ||
+                               (engine_list_tail->next != NULL))
+                       {
+                       ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
+                               ENGINE_R_INTERNAL_LIST_ERROR);
+                       return 0;
+                       }
+               engine_list_tail->next = e;
+               e->prev = engine_list_tail;
+               }
+       /* Having the engine in the list assumes a structural
+        * reference. */
+       e->struct_ref++;
+       /* However it came to be, e is the last item in the list. */
+       engine_list_tail = e;
+       e->next = NULL;
+       return 1;
+       }
+
+static int engine_list_remove(ENGINE *e)
+       {
+       ENGINE *iterator;
+
+       if(e == NULL)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
+                       ERR_R_PASSED_NULL_PARAMETER);
+               return 0;
+               }
+       /* We need to check that e is in our linked list! */
+       iterator = engine_list_head;
+       while(iterator && (iterator != e))
+               iterator = iterator->next;
+       if(iterator == NULL)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
+                       ENGINE_R_ENGINE_IS_NOT_IN_LIST);
+               return 0;
+               }
+       /* un-link e from the chain. */
+       if(e->next)
+               e->next->prev = e->prev;
+       if(e->prev)
+               e->prev->next = e->next;
+       /* Correct our head/tail if necessary. */
+       if(engine_list_head == e)
+               engine_list_head = e->next;
+       if(engine_list_tail == e)
+               engine_list_tail = e->prev;
+       /* remove our structural reference. */
+       e->struct_ref--;
+       return 1;
+       }
+
+/* This check always takes place with CRYPTO_LOCK_ENGINE locked up
+ * so we're synchronised, but we can't call anything that tries to
+ * lock it again! :-) NB: For convenience (and code-clarity) we
+ * don't output errors for failures of the engine_list_add function
+ * as it will generate errors itself. */
+static int engine_internal_check(void)
+       {
+       if(engine_list_flag)
+               return 1;
+       /* This is our first time up, we need to populate the list
+        * with our statically compiled-in engines. */
+       if(!engine_list_add(ENGINE_openssl()))
+               return 0;
+#ifndef NO_HW
+#ifndef NO_HW_CSWIFT
+       if(!engine_list_add(ENGINE_cswift()))
+               return 0;
+#endif /* !NO_HW_CSWIFT */
+#ifndef NO_HW_NCIPHER
+       if(!engine_list_add(ENGINE_ncipher()))
+               return 0;
+#endif /* !NO_HW_NCIPHER */
+#ifndef NO_HW_ATALLA
+       if(!engine_list_add(ENGINE_atalla()))
+               return 0;
+#endif /* !NO_HW_ATALLA */
+#ifndef NO_HW_NURON
+       if(!engine_list_add(ENGINE_nuron()))
+               return 0;
+#endif /* !NO_HW_NURON */
+#endif /* !NO_HW */
+       engine_list_flag = 1;
+       return 1;
+       }
+
+/* Get the first/last "ENGINE" type available. */
+ENGINE *ENGINE_get_first(void)
+       {
+       ENGINE *ret = NULL;
+
+       CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
+       if(engine_internal_check())
+               {
+               ret = engine_list_head;
+               if(ret)
+                       ret->struct_ref++;
+               }
+       CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
+       return ret;
+       }
+ENGINE *ENGINE_get_last(void)
+       {
+       ENGINE *ret = NULL;
+
+       CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
+       if(engine_internal_check())
+               {
+               ret = engine_list_tail;
+               if(ret)
+                       ret->struct_ref++;
+               }
+       CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
+       return ret;
+       }
+
+/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
+ENGINE *ENGINE_get_next(ENGINE *e)
+       {
+       ENGINE *ret = NULL;
+       if(e == NULL)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_GET_NEXT,
+                       ERR_R_PASSED_NULL_PARAMETER);
+               return 0;
+               }
+       CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
+       ret = e->next;
+       e->struct_ref--;
+       if(ret)
+               ret->struct_ref++;
+       CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
+       return ret;
+       }
+ENGINE *ENGINE_get_prev(ENGINE *e)
+       {
+       ENGINE *ret = NULL;
+       if(e == NULL)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_GET_PREV,
+                       ERR_R_PASSED_NULL_PARAMETER);
+               return 0;
+               }
+       CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
+       ret = e->prev;
+       e->struct_ref--;
+       if(ret)
+               ret->struct_ref++;
+       CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
+       return ret;
+       }
+
+/* Add another "ENGINE" type into the list. */
+int ENGINE_add(ENGINE *e)
+       {
+       int to_return = 1;
+       if(e == NULL)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_ADD,
+                       ERR_R_PASSED_NULL_PARAMETER);
+               return 0;
+               }
+       if((e->id == NULL) || (e->name == NULL))
+               {
+               ENGINEerr(ENGINE_F_ENGINE_ADD,
+                       ENGINE_R_ID_OR_NAME_MISSING);
+               }
+       CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+       if(!engine_internal_check() || !engine_list_add(e))
+               {
+               ENGINEerr(ENGINE_F_ENGINE_ADD,
+                       ENGINE_R_INTERNAL_LIST_ERROR);
+               to_return = 0;
+               }
+       CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+       return to_return;
+       }
+
+/* Remove an existing "ENGINE" type from the array. */
+int ENGINE_remove(ENGINE *e)
+       {
+       int to_return = 1;
+       if(e == NULL)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_REMOVE,
+                       ERR_R_PASSED_NULL_PARAMETER);
+               return 0;
+               }
+       CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+       if(!engine_internal_check() || !engine_list_remove(e))
+               {
+               ENGINEerr(ENGINE_F_ENGINE_REMOVE,
+                       ENGINE_R_INTERNAL_LIST_ERROR);
+               to_return = 0;
+               }
+       CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+       return to_return;
+       }
+
+ENGINE *ENGINE_by_id(const char *id)
+       {
+       ENGINE *iterator = NULL;
+       if(id == NULL)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_BY_ID,
+                       ERR_R_PASSED_NULL_PARAMETER);
+               return NULL;
+               }
+       CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
+       if(!engine_internal_check())
+               ENGINEerr(ENGINE_F_ENGINE_BY_ID,
+                       ENGINE_R_INTERNAL_LIST_ERROR);
+       else
+               {
+               iterator = engine_list_head;
+               while(iterator && (strcmp(id, iterator->id) != 0))
+                       iterator = iterator->next;
+               if(iterator)
+                       /* We need to return a structural reference */
+                       iterator->struct_ref++;
+               }
+       CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
+       if(iterator == NULL)
+               ENGINEerr(ENGINE_F_ENGINE_BY_ID,
+                       ENGINE_R_NO_SUCH_ENGINE);
+       return iterator;
+       }
+
+/* As per the comments in engine.h, it is generally better all round
+ * if the ENGINE structure is allocated within this framework. */
+#if 0
+int ENGINE_get_struct_size(void)
+       {
+       return sizeof(ENGINE);
+       }
+
+ENGINE *ENGINE_new(ENGINE *e)
+       {
+       ENGINE *ret;
+
+       if(e == NULL)
+               {
+               ret = (ENGINE *)(OPENSSL_malloc(sizeof(ENGINE));
+               if(ret == NULL)
+                       {
+                       ENGINEerr(ENGINE_F_ENGINE_NEW,
+                               ERR_R_MALLOC_FAILURE);
+                       return NULL;
+                       }
+               }
+       else
+               ret = e;
+       memset(ret, 0, sizeof(ENGINE));
+       if(e)
+               ret->flags = ENGINE_FLAGS_MALLOCED;
+       ret->struct_ref = 1;
+       return ret;
+       }
+#else
+ENGINE *ENGINE_new(void)
+       {
+       ENGINE *ret;
+
+       ret = (ENGINE *)OPENSSL_malloc(sizeof(ENGINE));
+       if(ret == NULL)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE);
+               return NULL;
+               }
+       memset(ret, 0, sizeof(ENGINE));
+       ret->flags = ENGINE_FLAGS_MALLOCED;
+       ret->struct_ref = 1;
+       return ret;
+       }
+#endif
+
+int ENGINE_free(ENGINE *e)
+       {
+       int i;
+
+       if(e == NULL)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_FREE,
+                       ERR_R_PASSED_NULL_PARAMETER);
+               return 0;
+               }
+       i = CRYPTO_add(&e->struct_ref,-1,CRYPTO_LOCK_ENGINE);
+#ifdef REF_PRINT
+       REF_PRINT("ENGINE",e);
+#endif
+       if (i > 0) return 1;
+#ifdef REF_CHECK
+       if (i < 0)
+               {
+               fprintf(stderr,"ENGINE_free, bad reference count\n");
+               abort();
+               }
+#endif
+       if(e->flags & ENGINE_FLAGS_MALLOCED)
+               OPENSSL_free(e);
+       return 1;
+       }
+
+int ENGINE_set_id(ENGINE *e, const char *id)
+       {
+       if((e == NULL) || (id == NULL))
+               {
+               ENGINEerr(ENGINE_F_ENGINE_SET_ID,
+                       ERR_R_PASSED_NULL_PARAMETER);
+               return 0;
+               }
+       e->id = id;
+       return 1;
+       }
+
+int ENGINE_set_name(ENGINE *e, const char *name)
+       {
+       if((e == NULL) || (name == NULL))
+               {
+               ENGINEerr(ENGINE_F_ENGINE_SET_NAME,
+                       ERR_R_PASSED_NULL_PARAMETER);
+               return 0;
+               }
+       e->name = name;
+       return 1;
+       }
+
+int ENGINE_set_RSA(ENGINE *e, RSA_METHOD *rsa_meth)
+       {
+       if((e == NULL) || (rsa_meth == NULL))
+               {
+               ENGINEerr(ENGINE_F_ENGINE_SET_RSA,
+                       ERR_R_PASSED_NULL_PARAMETER);
+               return 0;
+               }
+       e->rsa_meth = rsa_meth;
+       return 1;
+       }
+
+int ENGINE_set_DSA(ENGINE *e, DSA_METHOD *dsa_meth)
+       {
+       if((e == NULL) || (dsa_meth == NULL))
+               {
+               ENGINEerr(ENGINE_F_ENGINE_SET_DSA,
+                       ERR_R_PASSED_NULL_PARAMETER);
+               return 0;
+               }
+       e->dsa_meth = dsa_meth;
+       return 1;
+       }
+
+int ENGINE_set_DH(ENGINE *e, DH_METHOD *dh_meth)
+       {
+       if((e == NULL) || (dh_meth == NULL))
+               {
+               ENGINEerr(ENGINE_F_ENGINE_SET_DH,
+                       ERR_R_PASSED_NULL_PARAMETER);
+               return 0;
+               }
+       e->dh_meth = dh_meth;
+       return 1;
+       }
+
+int ENGINE_set_RAND(ENGINE *e, RAND_METHOD *rand_meth)
+       {
+       if((e == NULL) || (rand_meth == NULL))
+               {
+               ENGINEerr(ENGINE_F_ENGINE_SET_RAND,
+                       ERR_R_PASSED_NULL_PARAMETER);
+               return 0;
+               }
+       e->rand_meth = rand_meth;
+       return 1;
+       }
+
+int ENGINE_set_BN_mod_exp(ENGINE *e, BN_MOD_EXP bn_mod_exp)
+       {
+       if((e == NULL) || (bn_mod_exp == NULL))
+               {
+               ENGINEerr(ENGINE_F_ENGINE_SET_BN_MOD_EXP,
+                       ERR_R_PASSED_NULL_PARAMETER);
+               return 0;
+               }
+       e->bn_mod_exp = bn_mod_exp;
+       return 1;
+       }
+
+int ENGINE_set_BN_mod_exp_crt(ENGINE *e, BN_MOD_EXP_CRT bn_mod_exp_crt)
+       {
+       if((e == NULL) || (bn_mod_exp_crt == NULL))
+               {
+               ENGINEerr(ENGINE_F_ENGINE_SET_BN_MOD_EXP_CRT,
+                       ERR_R_PASSED_NULL_PARAMETER);
+               return 0;
+               }
+       e->bn_mod_exp_crt = bn_mod_exp_crt;
+       return 1;
+       }
+
+int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f)
+       {
+       if((e == NULL) || (init_f == NULL))
+               {
+               ENGINEerr(ENGINE_F_ENGINE_SET_INIT_FUNCTION,
+                       ERR_R_PASSED_NULL_PARAMETER);
+               return 0;
+               }
+       e->init = init_f;
+       return 1;
+       }
+
+int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f)
+       {
+       if((e == NULL) || (finish_f == NULL))
+               {
+               ENGINEerr(ENGINE_F_ENGINE_SET_FINISH_FUNCTION,
+                       ERR_R_PASSED_NULL_PARAMETER);
+               return 0;
+               }
+       e->finish = finish_f;
+       return 1;
+       }
+
+int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f)
+       {
+       if((e == NULL) || (ctrl_f == NULL))
+               {
+               ENGINEerr(ENGINE_F_ENGINE_SET_CTRL_FUNCTION,
+                       ERR_R_PASSED_NULL_PARAMETER);
+               return 0;
+               }
+       e->ctrl = ctrl_f;
+       return 1;
+       }
+
+const char *ENGINE_get_id(ENGINE *e)
+       {
+       if(e == NULL)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_GET_ID,
+                       ERR_R_PASSED_NULL_PARAMETER);
+               return 0;
+               }
+       return e->id;
+       }
+
+const char *ENGINE_get_name(ENGINE *e)
+       {
+       if(e == NULL)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_GET_NAME,
+                       ERR_R_PASSED_NULL_PARAMETER);
+               return 0;
+               }
+       return e->name;
+       }
+
+RSA_METHOD *ENGINE_get_RSA(ENGINE *e)
+       {
+       if(e == NULL)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_GET_RSA,
+                       ERR_R_PASSED_NULL_PARAMETER);
+               return NULL;
+               }
+       return e->rsa_meth;
+       }
+
+DSA_METHOD *ENGINE_get_DSA(ENGINE *e)
+       {
+       if(e == NULL)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_GET_DSA,
+                       ERR_R_PASSED_NULL_PARAMETER);
+               return NULL;
+               }
+       return e->dsa_meth;
+       }
+
+DH_METHOD *ENGINE_get_DH(ENGINE *e)
+       {
+       if(e == NULL)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_GET_DH,
+                       ERR_R_PASSED_NULL_PARAMETER);
+               return NULL;
+               }
+       return e->dh_meth;
+       }
+
+RAND_METHOD *ENGINE_get_RAND(ENGINE *e)
+       {
+       if(e == NULL)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_GET_RAND,
+                       ERR_R_PASSED_NULL_PARAMETER);
+               return NULL;
+               }
+       return e->rand_meth;
+       }
+
+BN_MOD_EXP ENGINE_get_BN_mod_exp(ENGINE *e)
+       {
+       if(e == NULL)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_GET_BN_MOD_EXP,
+                       ERR_R_PASSED_NULL_PARAMETER);
+               return NULL;
+               }
+       return e->bn_mod_exp;
+       }
+
+BN_MOD_EXP_CRT ENGINE_get_BN_mod_exp_crt(ENGINE *e)
+       {
+       if(e == NULL)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_GET_BN_MOD_EXP_CRT,
+                       ERR_R_PASSED_NULL_PARAMETER);
+               return NULL;
+               }
+       return e->bn_mod_exp_crt;
+       }
+
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(ENGINE *e)
+       {
+       if(e == NULL)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_GET_INIT_FUNCTION,
+                       ERR_R_PASSED_NULL_PARAMETER);
+               return NULL;
+               }
+       return e->init;
+       }
+
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(ENGINE *e)
+       {
+       if(e == NULL)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_GET_FINISH_FUNCTION,
+                       ERR_R_PASSED_NULL_PARAMETER);
+               return NULL;
+               }
+       return e->finish;
+       }
+
+ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(ENGINE *e)
+       {
+       if(e == NULL)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_GET_CTRL_FUNCTION,
+                       ERR_R_PASSED_NULL_PARAMETER);
+               return NULL;
+               }
+       return e->ctrl;
+       }
+
diff --git a/crypto/engine/engine_openssl.c b/crypto/engine/engine_openssl.c
new file mode 100644 (file)
index 0000000..9636f51
--- /dev/null
@@ -0,0 +1,174 @@
+/* crypto/engine/engine_openssl.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include "engine_int.h"
+#include <openssl/engine.h>
+#include <openssl/dso.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/dh.h>
+#include <openssl/rand.h>
+#include <openssl/bn.h>
+
+/* This is the only function we need to implement as OpenSSL
+ * doesn't have a native CRT mod_exp. Perhaps this should be
+ * BN_mod_exp_crt and moved into crypto/bn/ ?? ... dunno. */
+static int openssl_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+               const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
+               const BIGNUM *iqmp, BN_CTX *ctx);
+
+/* The ENGINE structure that can be pointed to. */
+static ENGINE engine_openssl =
+        {
+       "openssl",
+       "Software default engine support",
+       NULL,
+       NULL,
+       NULL, /* these methods are "stolen" in ENGINE_openssl() */
+       NULL,
+       NULL,
+       openssl_mod_exp_crt,
+       NULL, /* no init() */
+       NULL, /* no finish() */
+       NULL, /* no ctrl() */
+       NULL, /* no load_privkey() */
+       NULL, /* no load_pubkey() */
+       0, /* no flags */
+       0, 0, /* no references. */
+       NULL, NULL /* unlinked */
+        };
+
+/* As this is only ever called once, there's no need for locking
+ * (indeed - the lock will already be held by our caller!!!) */
+ENGINE *ENGINE_openssl()
+       {
+       /* We need to populate our structure with the software pointers
+        * that we want to steal. */
+       engine_openssl.rsa_meth = RSA_get_default_openssl_method();
+       engine_openssl.dsa_meth = DSA_get_default_openssl_method();
+       engine_openssl.dh_meth = DH_get_default_openssl_method();
+       engine_openssl.rand_meth = RAND_SSLeay();
+       engine_openssl.bn_mod_exp = BN_mod_exp;
+       return &engine_openssl;
+       }
+
+/* Chinese Remainder Theorem, taken and adapted from rsa_eay.c */
+static int openssl_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                       const BIGNUM *q, const BIGNUM *dmp1,
+                       const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx)
+       {
+       BIGNUM r1,m1;
+       int ret=0;
+       BN_CTX *bn_ctx;
+       BIGNUM *temp_bn = NULL;
+
+       if (ctx)
+               bn_ctx = ctx;
+       else
+               if ((bn_ctx=BN_CTX_new()) == NULL) goto err;
+       BN_init(&m1);
+       BN_init(&r1);
+       /* BN_mul() cannot accept const BIGNUMs so I use the BN_CTX
+        * to duplicate what I need. <sigh> */
+       if ((temp_bn = BN_CTX_get(bn_ctx)) == NULL) goto err;
+       if (!BN_copy(temp_bn, iqmp)) goto err;
+       if (!BN_mod(&r1, a, q, bn_ctx)) goto err;
+       if (!engine_openssl.bn_mod_exp(&m1, &r1, dmq1, q, bn_ctx))
+               goto err;
+       if (!BN_mod(&r1, a, p, bn_ctx)) goto err;
+       if (!engine_openssl.bn_mod_exp(r, &r1, dmp1, p, bn_ctx))
+               goto err;
+
+       if (!BN_sub(r, r, &m1)) goto err;
+       /* This will help stop the size of r0 increasing, which does
+        * affect the multiply if it optimised for a power of 2 size */
+       if (r->neg)
+               if (!BN_add(r, r, p)) goto err;
+       if (!BN_mul(&r1, r, temp_bn, bn_ctx)) goto err;
+       if (!BN_mod(r, &r1, p, bn_ctx)) goto err;
+       /* If p < q it is occasionally possible for the correction of
+        * adding 'p' if r is negative above to leave the result still
+        * negative. This can break the private key operations: the following
+        * second correction should *always* correct this rare occurrence.
+        * This will *never* happen with OpenSSL generated keys because
+        * they ensure p > q [steve]
+        */
+       if (r->neg)
+               if (!BN_add(r, r, p)) goto err;
+       /* Again, BN_mul() will need non-const values. */
+       if (!BN_copy(temp_bn, q)) goto err;
+       if (!BN_mul(&r1, r, temp_bn, bn_ctx)) goto err;
+       if (!BN_add(r, &r1, &m1)) goto err;
+       ret=1;
+err:
+       BN_clear_free(&m1);
+       BN_clear_free(&r1);
+       if (temp_bn)
+               bn_ctx->tos--;
+       if (!ctx)
+               BN_CTX_free(bn_ctx);
+       return(ret);
+       }
diff --git a/crypto/engine/enginetest.c b/crypto/engine/enginetest.c
new file mode 100644 (file)
index 0000000..a5a3c47
--- /dev/null
@@ -0,0 +1,251 @@
+/* crypto/engine/enginetest.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/engine.h>
+#include <openssl/err.h>
+
+static void display_engine_list()
+       {
+       ENGINE *h;
+       int loop;
+
+       h = ENGINE_get_first();
+       loop = 0;
+       printf("listing available engine types\n");
+       while(h)
+               {
+               printf("engine %i, id = \"%s\", name = \"%s\"\n",
+                       loop++, ENGINE_get_id(h), ENGINE_get_name(h));
+               h = ENGINE_get_next(h);
+               }
+       printf("end of list\n");
+       }
+
+int main(int argc, char *argv[])
+       {
+       ENGINE *block[512];
+       char buf[256];
+       const char *id, *name;
+       ENGINE *ptr;
+       int loop;
+       int to_return = 1;
+       ENGINE *new_h1 = NULL;
+       ENGINE *new_h2 = NULL;
+       ENGINE *new_h3 = NULL;
+       ENGINE *new_h4 = NULL;
+
+       ERR_load_crypto_strings();
+
+       memset(block, 0, 512 * sizeof(ENGINE *));
+       if(((new_h1 = ENGINE_new()) == NULL) ||
+                       !ENGINE_set_id(new_h1, "test_id0") ||
+                       !ENGINE_set_name(new_h1, "First test item") ||
+                       ((new_h2 = ENGINE_new()) == NULL) ||
+                       !ENGINE_set_id(new_h2, "test_id1") ||
+                       !ENGINE_set_name(new_h2, "Second test item") ||
+                       ((new_h3 = ENGINE_new()) == NULL) ||
+                       !ENGINE_set_id(new_h3, "test_id2") ||
+                       !ENGINE_set_name(new_h3, "Third test item") ||
+                       ((new_h4 = ENGINE_new()) == NULL) ||
+                       !ENGINE_set_id(new_h4, "test_id3") ||
+                       !ENGINE_set_name(new_h4, "Fourth test item"))
+               {
+               printf("Couldn't set up test ENGINE structures\n");
+               goto end;
+               }
+       printf("\nenginetest beginning\n\n");
+       display_engine_list();
+       if(!ENGINE_add(new_h1))
+               {
+               printf("Add failed!\n");
+               goto end;
+               }
+       display_engine_list();
+       ptr = ENGINE_get_first();
+       if(!ENGINE_remove(ptr))
+               {
+               printf("Remove failed!\n");
+               goto end;
+               }
+       display_engine_list();
+       if(!ENGINE_add(new_h3) || !ENGINE_add(new_h2))
+               {
+               printf("Add failed!\n");
+               goto end;
+               }
+       display_engine_list();
+       if(!ENGINE_remove(new_h2))
+               {
+               printf("Remove failed!\n");
+               goto end;
+               }
+       display_engine_list();
+       if(!ENGINE_add(new_h4))
+               {
+               printf("Add failed!\n");
+               goto end;
+               }
+       display_engine_list();
+       if(ENGINE_add(new_h3))
+               {
+               printf("Add *should* have failed but didn't!\n");
+               goto end;
+               }
+       else
+               printf("Add that should fail did.\n");
+       ERR_clear_error();
+       if(ENGINE_remove(new_h2))
+               {
+               printf("Remove *should* have failed but didn't!\n");
+               goto end;
+               }
+       else
+               printf("Remove that should fail did.\n");
+       if(!ENGINE_remove(new_h1))
+               {
+               printf("Remove failed!\n");
+               goto end;
+               }
+       display_engine_list();
+       if(!ENGINE_remove(new_h3))
+               {
+               printf("Remove failed!\n");
+               goto end;
+               }
+       display_engine_list();
+       if(!ENGINE_remove(new_h4))
+               {
+               printf("Remove failed!\n");
+               goto end;
+               }
+       display_engine_list();
+       /* Depending on whether there's any hardware support compiled
+        * in, this remove may be destined to fail. */
+       ptr = ENGINE_get_first();
+       if(ptr)
+               if(!ENGINE_remove(ptr))
+                       printf("Remove failed!i - probably no hardware "
+                               "support present.\n");
+       display_engine_list();
+       if(!ENGINE_add(new_h1) || !ENGINE_remove(new_h1))
+               {
+               printf("Couldn't add and remove to an empty list!\n");
+               goto end;
+               }
+       else
+               printf("Successfully added and removed to an empty list!\n");
+       printf("About to beef up the engine-type list\n");
+       for(loop = 0; loop < 512; loop++)
+               {
+               sprintf(buf, "id%i", loop);
+               id = strdup(buf);
+               sprintf(buf, "Fake engine type %i", loop);
+               name = strdup(buf);
+               if(((block[loop] = ENGINE_new()) == NULL) ||
+                               !ENGINE_set_id(block[loop], id) ||
+                               !ENGINE_set_name(block[loop], name))
+                       {
+                       printf("Couldn't create block of ENGINE structures.\n"
+                               "I'll probably also core-dump now, damn.\n");
+                       goto end;
+                       }
+               }
+       for(loop = 0; loop < 512; loop++)
+               {
+               if(!ENGINE_add(block[loop]))
+                       {
+                       printf("\nAdding stopped at %i, (%s,%s)\n",
+                               loop, ENGINE_get_id(block[loop]),
+                               ENGINE_get_name(block[loop]));
+                       goto cleanup_loop;
+                       }
+               else
+                       printf("."); fflush(stdout);
+               }
+cleanup_loop:
+       printf("\nAbout to empty the engine-type list\n");
+       while((ptr = ENGINE_get_first()) != NULL)
+               {
+               if(!ENGINE_remove(ptr))
+                       {
+                       printf("\nRemove failed!\n");
+                       goto end;
+                       }
+               printf("."); fflush(stdout);
+               }
+       for(loop = 0; loop < 512; loop++)
+               {
+               free((char *)(ENGINE_get_id(block[loop])));
+               free((char *)(ENGINE_get_name(block[loop])));
+               }
+       printf("\nTests completed happily\n");
+       to_return = 0;
+end:
+       if(to_return)
+               ERR_print_errors_fp(stderr);
+       if(new_h1) ENGINE_free(new_h1);
+       if(new_h2) ENGINE_free(new_h2);
+       if(new_h3) ENGINE_free(new_h3);
+       if(new_h4) ENGINE_free(new_h4);
+       for(loop = 0; loop < 512; loop++)
+               if(block[loop])
+                       ENGINE_free(block[loop]);
+       return to_return;
+       }
diff --git a/crypto/engine/hw_atalla.c b/crypto/engine/hw_atalla.c
new file mode 100644 (file)
index 0000000..e536420
--- /dev/null
@@ -0,0 +1,443 @@
+/* crypto/engine/hw_atalla.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+#include "engine_int.h"
+#include <openssl/engine.h>
+
+#ifndef NO_HW
+#ifndef NO_HW_ATALLA
+
+#ifdef FLAT_INC
+#include "atalla.h"
+#else
+#include "vendor_defns/atalla.h"
+#endif
+
+static int atalla_init(void);
+static int atalla_finish(void);
+
+/* BIGNUM stuff */
+static int atalla_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+               const BIGNUM *m, BN_CTX *ctx);
+
+/* RSA stuff */
+static int atalla_rsa_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa);
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int atalla_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+               const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+
+/* DSA stuff */
+static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+               BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+               BN_CTX *ctx, BN_MONT_CTX *in_mont);
+static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+               const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+               BN_MONT_CTX *m_ctx);
+
+/* DH stuff */
+/* This function is alised to mod_exp (with the DH and mont dropped). */
+static int atalla_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+               const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+
+
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD atalla_rsa =
+       {
+       "Atalla RSA method",
+       NULL,
+       NULL,
+       NULL,
+       NULL,
+       atalla_rsa_mod_exp,
+       atalla_mod_exp_mont,
+       NULL,
+       NULL,
+       0,
+       NULL,
+       NULL,
+       NULL
+       };
+
+/* Our internal DSA_METHOD that we provide pointers to */
+static DSA_METHOD atalla_dsa =
+       {
+       "Atalla DSA method",
+       NULL, /* dsa_do_sign */
+       NULL, /* dsa_sign_setup */
+       NULL, /* dsa_do_verify */
+       atalla_dsa_mod_exp, /* dsa_mod_exp */
+       atalla_mod_exp_dsa, /* bn_mod_exp */
+       NULL, /* init */
+       NULL, /* finish */
+       0, /* flags */
+       NULL /* app_data */
+       };
+
+/* Our internal DH_METHOD that we provide pointers to */
+static DH_METHOD atalla_dh =
+       {
+       "Atalla DH method",
+       NULL,
+       NULL,
+       atalla_mod_exp_dh,
+       NULL,
+       NULL,
+       0,
+       NULL
+       };
+
+/* Our ENGINE structure. */
+static ENGINE engine_atalla =
+        {
+       "atalla",
+       "Atalla hardware engine support",
+       &atalla_rsa,
+       &atalla_dsa,
+       &atalla_dh,
+       NULL,
+       atalla_mod_exp,
+       NULL,
+       atalla_init,
+       atalla_finish,
+       NULL, /* no ctrl() */
+       NULL, /* no load_privkey() */
+       NULL, /* no load_pubkey() */
+       0, /* no flags */
+       0, 0, /* no references */
+       NULL, NULL /* unlinked */
+        };
+
+/* As this is only ever called once, there's no need for locking
+ * (indeed - the lock will already be held by our caller!!!) */
+ENGINE *ENGINE_atalla()
+       {
+       RSA_METHOD *meth1;
+       DSA_METHOD *meth2;
+       DH_METHOD *meth3;
+
+       /* We know that the "PKCS1_SSLeay()" functions hook properly
+        * to the atalla-specific mod_exp and mod_exp_crt so we use
+        * those functions. NB: We don't use ENGINE_openssl() or
+        * anything "more generic" because something like the RSAref
+        * code may not hook properly, and if you own one of these
+        * cards then you have the right to do RSA operations on it
+        * anyway! */ 
+       meth1 = RSA_PKCS1_SSLeay();
+       atalla_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+       atalla_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+       atalla_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+       atalla_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+
+       /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
+        * bits. */
+       meth2 = DSA_OpenSSL();
+       atalla_dsa.dsa_do_sign = meth2->dsa_do_sign;
+       atalla_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
+       atalla_dsa.dsa_do_verify = meth2->dsa_do_verify;
+
+       /* Much the same for Diffie-Hellman */
+       meth3 = DH_OpenSSL();
+       atalla_dh.generate_key = meth3->generate_key;
+       atalla_dh.compute_key = meth3->compute_key;
+       return &engine_atalla;
+       }
+
+/* This is a process-global DSO handle used for loading and unloading
+ * the Atalla library. NB: This is only set (or unset) during an
+ * init() or finish() call (reference counts permitting) and they're
+ * operating with global locks, so this should be thread-safe
+ * implicitly. */
+static DSO *atalla_dso = NULL;
+
+/* These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded. */
+static tfnASI_GetHardwareConfig *p_Atalla_GetHardwareConfig = NULL;
+static tfnASI_RSAPrivateKeyOpFn *p_Atalla_RSAPrivateKeyOpFn = NULL;
+static tfnASI_GetPerformanceStatistics *p_Atalla_GetPerformanceStatistics = NULL;
+
+/* (de)initialisation functions. */
+static int atalla_init()
+       {
+       tfnASI_GetHardwareConfig *p1;
+       tfnASI_RSAPrivateKeyOpFn *p2;
+       tfnASI_GetPerformanceStatistics *p3;
+       /* Not sure of the origin of this magic value, but Ben's code had it
+        * and it seemed to have been working for a few people. :-) */
+       unsigned int config_buf[1024];
+
+       if(atalla_dso != NULL)
+               {
+               ENGINEerr(ENGINE_F_ATALLA_INIT,ENGINE_R_ALREADY_LOADED);
+               goto err;
+               }
+       /* Attempt to load libatasi.so/atasi.dll/whatever. Needs to be
+        * changed unfortunately because the Atalla drivers don't have
+        * standard library names that can be platform-translated well. */
+       /* TODO: Work out how to actually map to the names the Atalla
+        * drivers really use - for now a symbollic link needs to be
+        * created on the host system from libatasi.so to atasi.so on
+        * unix variants. */
+       atalla_dso = DSO_load(NULL, ATALLA_LIBNAME, NULL, 0);
+       if(atalla_dso == NULL)
+               {
+               ENGINEerr(ENGINE_F_ATALLA_INIT,ENGINE_R_DSO_FAILURE);
+               goto err;
+               }
+       if(!(p1 = (tfnASI_GetHardwareConfig *)DSO_bind_func(
+                               atalla_dso, ATALLA_F1)) ||
+                       !(p2 = (tfnASI_RSAPrivateKeyOpFn *)DSO_bind_func(
+                               atalla_dso, ATALLA_F2)) ||
+                       !(p3 = (tfnASI_GetPerformanceStatistics *)DSO_bind_func(
+                               atalla_dso, ATALLA_F3)))
+               {
+               ENGINEerr(ENGINE_F_ATALLA_INIT,ENGINE_R_DSO_FAILURE);
+               goto err;
+               }
+       /* Copy the pointers */
+       p_Atalla_GetHardwareConfig = p1;
+       p_Atalla_RSAPrivateKeyOpFn = p2;
+       p_Atalla_GetPerformanceStatistics = p3;
+       /* Perform a basic test to see if there's actually any unit
+        * running. */
+       if(p1(0L, config_buf) != 0)
+               {
+               ENGINEerr(ENGINE_F_ATALLA_INIT,ENGINE_R_UNIT_FAILURE);
+               goto err;
+               }
+       /* Everything's fine. */
+       return 1;
+err:
+       if(atalla_dso)
+               DSO_free(atalla_dso);
+       p_Atalla_GetHardwareConfig = NULL;
+       p_Atalla_RSAPrivateKeyOpFn = NULL;
+       p_Atalla_GetPerformanceStatistics = NULL;
+       return 0;
+       }
+
+static int atalla_finish()
+       {
+       if(atalla_dso == NULL)
+               {
+               ENGINEerr(ENGINE_F_ATALLA_FINISH,ENGINE_R_NOT_LOADED);
+               return 0;
+               }
+       if(!DSO_free(atalla_dso))
+               {
+               ENGINEerr(ENGINE_F_ATALLA_FINISH,ENGINE_R_DSO_FAILURE);
+               return 0;
+               }
+       atalla_dso = NULL;
+       p_Atalla_GetHardwareConfig = NULL;
+       p_Atalla_RSAPrivateKeyOpFn = NULL;
+       p_Atalla_GetPerformanceStatistics = NULL;
+       return 1;
+       }
+
+static int atalla_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                       const BIGNUM *m, BN_CTX *ctx)
+       {
+       /* I need somewhere to store temporary serialised values for
+        * use with the Atalla API calls. A neat cheat - I'll use
+        * BIGNUMs from the BN_CTX but access their arrays directly as
+        * byte arrays <grin>. This way I don't have to clean anything
+        * up. */
+       BIGNUM *modulus;
+       BIGNUM *exponent;
+       BIGNUM *argument;
+       BIGNUM *result;
+       RSAPrivateKey keydata;
+       int to_return, numbytes;
+
+       modulus = exponent = argument = result = NULL;
+       to_return = 0; /* expect failure */
+
+       if(!atalla_dso)
+       {
+               ENGINEerr(ENGINE_F_ATALLA_MOD_EXP,ENGINE_R_NOT_LOADED);
+               goto err;
+       }
+       /* Prepare the params */
+       modulus = BN_CTX_get(ctx);
+       exponent = BN_CTX_get(ctx);
+       argument = BN_CTX_get(ctx);
+       result = BN_CTX_get(ctx);
+       if(!modulus || !exponent || !argument || !result)
+       {
+               ENGINEerr(ENGINE_F_ATALLA_MOD_EXP,ENGINE_R_BN_CTX_FULL);
+               goto err;
+       }
+       if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, m->top) ||
+          !bn_wexpand(argument, m->top) || !bn_wexpand(result, m->top))
+       {
+               ENGINEerr(ENGINE_F_ATALLA_MOD_EXP,ENGINE_R_BN_EXPAND_FAIL);
+               goto err;
+       }
+       /* Prepare the key-data */
+       memset(&keydata, 0,sizeof keydata);
+       numbytes = BN_num_bytes(m);
+       memset(exponent->d, 0, numbytes);
+       memset(modulus->d, 0, numbytes);
+       BN_bn2bin(p, (unsigned char *)exponent->d + numbytes - BN_num_bytes(p));
+       BN_bn2bin(m, (unsigned char *)modulus->d + numbytes - BN_num_bytes(m));
+       keydata.privateExponent.data = (unsigned char *)exponent->d;
+       keydata.privateExponent.len = numbytes;
+       keydata.modulus.data = (unsigned char *)modulus->d;
+       keydata.modulus.len = numbytes;
+       /* Prepare the argument */
+       memset(argument->d, 0, numbytes);
+       memset(result->d, 0, numbytes);
+       BN_bn2bin(a, (unsigned char *)argument->d + numbytes - BN_num_bytes(a));
+       /* Perform the operation */
+       if(p_Atalla_RSAPrivateKeyOpFn(&keydata, (unsigned char *)result->d,
+                       (unsigned char *)argument->d,
+                       keydata.modulus.len) != 0)
+       {
+               ENGINEerr(ENGINE_F_ATALLA_MOD_EXP,ENGINE_R_REQUEST_FAILED);
+               goto err;
+       }
+       /* Convert the response */
+       BN_bin2bn((unsigned char *)result->d, numbytes, r);
+       to_return = 1;
+err:
+       if(modulus) ctx->tos--;
+       if(exponent) ctx->tos--;
+       if(argument) ctx->tos--;
+       if(result) ctx->tos--;
+       return to_return;
+       }
+
+static int atalla_rsa_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
+       {
+       BN_CTX *ctx = NULL;
+       int to_return = 0;
+
+       if(!atalla_dso)
+       {
+               ENGINEerr(ENGINE_F_ATALLA_RSA_MOD_EXP,ENGINE_R_NOT_LOADED);
+               goto err;
+       }
+       if((ctx = BN_CTX_new()) == NULL)
+               goto err;
+       if(!rsa->d || !rsa->n)
+               {
+               ENGINEerr(ENGINE_F_ATALLA_RSA_MOD_EXP,ENGINE_R_MISSING_KEY_COMPONENTS);
+               goto err;
+               }
+       to_return = atalla_mod_exp(r0, I, rsa->d, rsa->n, ctx);
+err:
+       if(ctx)
+               BN_CTX_free(ctx);
+       return to_return;
+       }
+
+/* This code was liberated and adapted from the commented-out code in
+ * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration
+ * (it doesn't have a CRT form for RSA), this function means that an
+ * Atalla system running with a DSA server certificate can handshake
+ * around 5 or 6 times faster/more than an equivalent system running with
+ * RSA. Just check out the "signs" statistics from the RSA and DSA parts
+ * of "openssl speed -engine atalla dsa1024 rsa1024". */
+static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+               BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+               BN_CTX *ctx, BN_MONT_CTX *in_mont)
+       {
+       BIGNUM t;
+       int to_return = 0;
+       BN_init(&t);
+       /* let rr = a1 ^ p1 mod m */
+       if (!atalla_mod_exp(rr,a1,p1,m,ctx)) goto end;
+       /* let t = a2 ^ p2 mod m */
+       if (!atalla_mod_exp(&t,a2,p2,m,ctx)) goto end;
+       /* let rr = rr * t mod m */
+       if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
+       to_return = 1;
+end:
+       BN_free(&t);
+       return to_return;
+       }
+
+
+static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+               const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+               BN_MONT_CTX *m_ctx)
+       {
+       return atalla_mod_exp(r, a, p, m, ctx);
+       }
+
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int atalla_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+               const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+       {
+       return atalla_mod_exp(r, a, p, m, ctx);
+       }
+
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int atalla_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+               const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+       {
+       return atalla_mod_exp(r, a, p, m, ctx);
+       }
+
+#endif /* !NO_HW_ATALLA */
+#endif /* !NO_HW */
diff --git a/crypto/engine/hw_cswift.c b/crypto/engine/hw_cswift.c
new file mode 100644 (file)
index 0000000..5747973
--- /dev/null
@@ -0,0 +1,806 @@
+/* crypto/engine/hw_cswift.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+#include "engine_int.h"
+#include <openssl/engine.h>
+
+#ifndef NO_HW
+#ifndef NO_HW_CSWIFT
+
+/* Attribution notice: Rainbow have generously allowed me to reproduce
+ * the necessary definitions here from their API. This means the support
+ * can build independently of whether application builders have the
+ * API or hardware. This will allow developers to easily produce software
+ * that has latent hardware support for any users that have accelerators
+ * installed, without the developers themselves needing anything extra.
+ *
+ * I have only clipped the parts from the CryptoSwift header files that
+ * are (or seem) relevant to the CryptoSwift support code. This is
+ * simply to keep the file sizes reasonable.
+ * [Geoff]
+ */
+#ifdef FLAT_INC
+#include "cswift.h"
+#else
+#include "vendor_defns/cswift.h"
+#endif
+
+static int cswift_init(void);
+static int cswift_finish(void);
+
+/* BIGNUM stuff */
+static int cswift_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+               const BIGNUM *m, BN_CTX *ctx);
+static int cswift_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+               const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
+               const BIGNUM *iqmp, BN_CTX *ctx);
+
+/* RSA stuff */
+static int cswift_rsa_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa);
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int cswift_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+               const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+
+/* DSA stuff */
+static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
+                               DSA_SIG *sig, DSA *dsa);
+
+/* DH stuff */
+/* This function is alised to mod_exp (with the DH and mont dropped). */
+static int cswift_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+               const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+
+
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD cswift_rsa =
+       {
+       "CryptoSwift RSA method",
+       NULL,
+       NULL,
+       NULL,
+       NULL,
+       cswift_rsa_mod_exp,
+       cswift_mod_exp_mont,
+       NULL,
+       NULL,
+       0,
+       NULL,
+       NULL,
+       NULL
+       };
+
+/* Our internal DSA_METHOD that we provide pointers to */
+static DSA_METHOD cswift_dsa =
+       {
+       "CryptoSwift DSA method",
+       cswift_dsa_sign,
+       NULL, /* dsa_sign_setup */
+       cswift_dsa_verify,
+       NULL, /* dsa_mod_exp */
+       NULL, /* bn_mod_exp */
+       NULL, /* init */
+       NULL, /* finish */
+       0, /* flags */
+       NULL /* app_data */
+       };
+
+/* Our internal DH_METHOD that we provide pointers to */
+static DH_METHOD cswift_dh =
+       {
+       "CryptoSwift DH method",
+       NULL,
+       NULL,
+       cswift_mod_exp_dh,
+       NULL,
+       NULL,
+       0,
+       NULL
+       };
+
+/* Our ENGINE structure. */
+static ENGINE engine_cswift =
+        {
+       "cswift",
+       "CryptoSwift hardware engine support",
+       &cswift_rsa,
+       &cswift_dsa,
+       &cswift_dh,
+       NULL,
+       cswift_mod_exp,
+       cswift_mod_exp_crt,
+       cswift_init,
+       cswift_finish,
+       NULL, /* no ctrl() */
+       NULL, /* no load_privkey() */
+       NULL, /* no load_pubkey() */
+       0, /* no flags */
+       0, 0, /* no references */
+       NULL, NULL /* unlinked */
+        };
+
+/* As this is only ever called once, there's no need for locking
+ * (indeed - the lock will already be held by our caller!!!) */
+ENGINE *ENGINE_cswift()
+       {
+       RSA_METHOD *meth1;
+       DH_METHOD *meth2;
+
+       /* We know that the "PKCS1_SSLeay()" functions hook properly
+        * to the cswift-specific mod_exp and mod_exp_crt so we use
+        * those functions. NB: We don't use ENGINE_openssl() or
+        * anything "more generic" because something like the RSAref
+        * code may not hook properly, and if you own one of these
+        * cards then you have the right to do RSA operations on it
+        * anyway! */ 
+       meth1 = RSA_PKCS1_SSLeay();
+       cswift_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+       cswift_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+       cswift_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+       cswift_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+
+       /* Much the same for Diffie-Hellman */
+       meth2 = DH_OpenSSL();
+       cswift_dh.generate_key = meth2->generate_key;
+       cswift_dh.compute_key = meth2->compute_key;
+       return &engine_cswift;
+       }
+
+/* This is a process-global DSO handle used for loading and unloading
+ * the CryptoSwift library. NB: This is only set (or unset) during an
+ * init() or finish() call (reference counts permitting) and they're
+ * operating with global locks, so this should be thread-safe
+ * implicitly. */
+static DSO *cswift_dso = NULL;
+
+/* These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded. */
+t_swAcquireAccContext *p_CSwift_AcquireAccContext = NULL;
+t_swAttachKeyParam *p_CSwift_AttachKeyParam = NULL;
+t_swSimpleRequest *p_CSwift_SimpleRequest = NULL;
+t_swReleaseAccContext *p_CSwift_ReleaseAccContext = NULL;
+
+/* Used in the DSO operations. */
+static const char *CSWIFT_LIBNAME = "swift";
+static const char *CSWIFT_F1 = "swAcquireAccContext";
+static const char *CSWIFT_F2 = "swAttachKeyParam";
+static const char *CSWIFT_F3 = "swSimpleRequest";
+static const char *CSWIFT_F4 = "swReleaseAccContext";
+
+
+/* CryptoSwift library functions and mechanics - these are used by the
+ * higher-level functions further down. NB: As and where there's no
+ * error checking, take a look lower down where these functions are
+ * called, the checking and error handling is probably down there. */
+
+/* utility function to obtain a context */
+static int get_context(SW_CONTEXT_HANDLE *hac)
+       {
+        SW_STATUS status;
+        status = p_CSwift_AcquireAccContext(hac);
+        if(status != SW_OK)
+                return 0;
+        return 1;
+       }
+/* similarly to release one. */
+static void release_context(SW_CONTEXT_HANDLE hac)
+       {
+        p_CSwift_ReleaseAccContext(hac);
+       }
+
+/* (de)initialisation functions. */
+static int cswift_init()
+       {
+        SW_CONTEXT_HANDLE hac;
+        t_swAcquireAccContext *p1;
+        t_swAttachKeyParam *p2;
+        t_swSimpleRequest *p3;
+        t_swReleaseAccContext *p4;
+
+       if(cswift_dso != NULL)
+               {
+               ENGINEerr(ENGINE_F_CSWIFT_INIT,ENGINE_R_ALREADY_LOADED);
+               goto err;
+               }
+       /* Attempt to load libswift.so/swift.dll/whatever. */
+       cswift_dso = DSO_load(NULL, CSWIFT_LIBNAME, NULL, 0);
+       if(cswift_dso == NULL)
+               {
+               ENGINEerr(ENGINE_F_CSWIFT_INIT,ENGINE_R_DSO_FAILURE);
+               goto err;
+               }
+       if(!(p1 = (t_swAcquireAccContext *)
+                               DSO_bind_func(cswift_dso, CSWIFT_F1)) ||
+                       !(p2 = (t_swAttachKeyParam *)
+                               DSO_bind_func(cswift_dso, CSWIFT_F2)) ||
+                       !(p3 = (t_swSimpleRequest *)
+                               DSO_bind_func(cswift_dso, CSWIFT_F3)) ||
+                       !(p4 = (t_swReleaseAccContext *)
+                               DSO_bind_func(cswift_dso, CSWIFT_F4)))
+               {
+               ENGINEerr(ENGINE_F_CSWIFT_INIT,ENGINE_R_DSO_FAILURE);
+               goto err;
+               }
+       /* Copy the pointers */
+       p_CSwift_AcquireAccContext = p1;
+       p_CSwift_AttachKeyParam = p2;
+       p_CSwift_SimpleRequest = p3;
+       p_CSwift_ReleaseAccContext = p4;
+       /* Try and get a context - if not, we may have a DSO but no
+        * accelerator! */
+       if(!get_context(&hac))
+               {
+               ENGINEerr(ENGINE_F_CSWIFT_INIT,ENGINE_R_UNIT_FAILURE);
+               goto err;
+               }
+       release_context(hac);
+       /* Everything's fine. */
+       return 1;
+err:
+       if(cswift_dso)
+               DSO_free(cswift_dso);
+       p_CSwift_AcquireAccContext = NULL;
+       p_CSwift_AttachKeyParam = NULL;
+       p_CSwift_SimpleRequest = NULL;
+       p_CSwift_ReleaseAccContext = NULL;
+       return 0;
+       }
+
+static int cswift_finish()
+       {
+       if(cswift_dso == NULL)
+               {
+               ENGINEerr(ENGINE_F_CSWIFT_FINISH,ENGINE_R_NOT_LOADED);
+               return 0;
+               }
+       if(!DSO_free(cswift_dso))
+               {
+               ENGINEerr(ENGINE_F_CSWIFT_FINISH,ENGINE_R_DSO_FAILURE);
+               return 0;
+             &n