This changes the existing hardware ENGINE implementations to dynamically
authorGeoff Thorpe <geoff@openssl.org>
Mon, 3 Sep 2001 21:33:00 +0000 (21:33 +0000)
committerGeoff Thorpe <geoff@openssl.org>
Mon, 3 Sep 2001 21:33:00 +0000 (21:33 +0000)
declare their own error strings so that they can be more easily compiled as
external shared-libraries if desired. Also, each implementation has been
given canonical "dynamic" support at the base of each file and is only
built if the ENGINE_DYNAMIC_SUPPORT symbol is defined.

Also, use "void" prototypes rather than empty prototypes in engine_int.h.

This does not yet;
  (i) remove error strings when unloading,
 (ii) remove the redundant ENGINE_R_*** codes (though ENGINE_F_*** codes
      have gone), or
(iii) provide any instructions on how to build shared-library ENGINEs or
      use them.

All are on their way.

crypto/engine/engine.h
crypto/engine/engine_dyn.c
crypto/engine/engine_err.c
crypto/engine/engine_int.h
crypto/engine/engine_openssl.c
crypto/engine/hw_atalla.c
crypto/engine/hw_cswift.c
crypto/engine/hw_ncipher.c
crypto/engine/hw_nuron.c
crypto/engine/hw_ubsec.c

index 4c03be3..149ae9a 100644 (file)
@@ -561,9 +561,6 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
                if(!fn(e,id)) return 0; \
                return 1; }
 
-/* Obligatory error function. */
-void ERR_load_ENGINE_strings(void);
-
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
@@ -573,19 +570,6 @@ void ERR_load_ENGINE_strings(void);
 /* Error codes for the ENGINE functions. */
 
 /* Function codes. */
-#define ENGINE_F_ATALLA_CTRL                            173
-#define ENGINE_F_ATALLA_FINISH                          159
-#define ENGINE_F_ATALLA_INIT                            160
-#define ENGINE_F_ATALLA_MOD_EXP                                 161
-#define ENGINE_F_ATALLA_RSA_MOD_EXP                     162
-#define ENGINE_F_CSWIFT_CTRL                            174
-#define ENGINE_F_CSWIFT_DSA_SIGN                        133
-#define ENGINE_F_CSWIFT_DSA_VERIFY                      134
-#define ENGINE_F_CSWIFT_FINISH                          100
-#define ENGINE_F_CSWIFT_INIT                            101
-#define ENGINE_F_CSWIFT_MOD_EXP                                 102
-#define ENGINE_F_CSWIFT_MOD_EXP_CRT                     103
-#define ENGINE_F_CSWIFT_RSA_MOD_EXP                     104
 #define ENGINE_F_DYNAMIC_CTRL                           180
 #define ENGINE_F_DYNAMIC_GET_DATA_CTX                   181
 #define ENGINE_F_DYNAMIC_LOAD                           182
@@ -611,32 +595,9 @@ void ERR_load_ENGINE_strings(void);
 #define ENGINE_F_ENGINE_SET_ID                          129
 #define ENGINE_F_ENGINE_SET_NAME                        130
 #define ENGINE_F_ENGINE_UNLOAD_KEY                      152
-#define ENGINE_F_HWCRHK_CTRL                            143
-#define ENGINE_F_HWCRHK_FINISH                          135
-#define ENGINE_F_HWCRHK_GET_PASS                        155
-#define ENGINE_F_HWCRHK_INIT                            136
-#define ENGINE_F_HWCRHK_INSERT_CARD                     179
-#define ENGINE_F_HWCRHK_LOAD_PRIVKEY                    153
-#define ENGINE_F_HWCRHK_LOAD_PUBKEY                     154
-#define ENGINE_F_HWCRHK_MOD_EXP                                 137
-#define ENGINE_F_HWCRHK_MOD_EXP_CRT                     138
-#define ENGINE_F_HWCRHK_RAND_BYTES                      139
-#define ENGINE_F_HWCRHK_RSA_MOD_EXP                     140
 #define ENGINE_F_INT_CTRL_HELPER                        172
 #define ENGINE_F_LOG_MESSAGE                            141
-#define ENGINE_F_NURON_CTRL                             175
-#define ENGINE_F_NURON_FINISH                           157
-#define ENGINE_F_NURON_INIT                             156
-#define ENGINE_F_NURON_MOD_EXP                          158
 #define ENGINE_F_SET_DATA_CTX                           183
-#define ENGINE_F_UBSEC_CTRL                             176
-#define ENGINE_F_UBSEC_DSA_SIGN                                 163
-#define ENGINE_F_UBSEC_DSA_VERIFY                       164
-#define ENGINE_F_UBSEC_FINISH                           165
-#define ENGINE_F_UBSEC_INIT                             166
-#define ENGINE_F_UBSEC_MOD_EXP                          167
-#define ENGINE_F_UBSEC_RSA_MOD_EXP                      168
-#define ENGINE_F_UBSEC_RSA_MOD_EXP_CRT                  169
 
 /* Reason codes. */
 #define ENGINE_R_ALREADY_LOADED                                 100
index 556e9f3..d4f00f7 100644 (file)
@@ -238,7 +238,7 @@ static dynamic_data_ctx *dynamic_get_data_ctx(ENGINE *e)
 
 /* As this is only ever called once, there's no need for locking
  * (indeed - the lock will already be held by our caller!!!) */
-ENGINE *ENGINE_dynamic()
+ENGINE *ENGINE_dynamic(void)
        {
        ENGINE *ret = ENGINE_new();
        if(!ret)
index 301415d..e76a4e3 100644 (file)
 #ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA ENGINE_str_functs[]=
        {
-{ERR_PACK(0,ENGINE_F_ATALLA_CTRL,0),   "ATALLA_CTRL"},
-{ERR_PACK(0,ENGINE_F_ATALLA_FINISH,0), "ATALLA_FINISH"},
-{ERR_PACK(0,ENGINE_F_ATALLA_INIT,0),   "ATALLA_INIT"},
-{ERR_PACK(0,ENGINE_F_ATALLA_MOD_EXP,0),        "ATALLA_MOD_EXP"},
-{ERR_PACK(0,ENGINE_F_ATALLA_RSA_MOD_EXP,0),    "ATALLA_RSA_MOD_EXP"},
-{ERR_PACK(0,ENGINE_F_CSWIFT_CTRL,0),   "CSWIFT_CTRL"},
-{ERR_PACK(0,ENGINE_F_CSWIFT_DSA_SIGN,0),       "CSWIFT_DSA_SIGN"},
-{ERR_PACK(0,ENGINE_F_CSWIFT_DSA_VERIFY,0),     "CSWIFT_DSA_VERIFY"},
-{ERR_PACK(0,ENGINE_F_CSWIFT_FINISH,0), "CSWIFT_FINISH"},
-{ERR_PACK(0,ENGINE_F_CSWIFT_INIT,0),   "CSWIFT_INIT"},
-{ERR_PACK(0,ENGINE_F_CSWIFT_MOD_EXP,0),        "CSWIFT_MOD_EXP"},
-{ERR_PACK(0,ENGINE_F_CSWIFT_MOD_EXP_CRT,0),    "CSWIFT_MOD_EXP_CRT"},
-{ERR_PACK(0,ENGINE_F_CSWIFT_RSA_MOD_EXP,0),    "CSWIFT_RSA_MOD_EXP"},
 {ERR_PACK(0,ENGINE_F_DYNAMIC_CTRL,0),  "DYNAMIC_CTRL"},
 {ERR_PACK(0,ENGINE_F_DYNAMIC_GET_DATA_CTX,0),  "DYNAMIC_GET_DATA_CTX"},
 {ERR_PACK(0,ENGINE_F_DYNAMIC_LOAD,0),  "DYNAMIC_LOAD"},
@@ -104,32 +91,9 @@ static ERR_STRING_DATA ENGINE_str_functs[]=
 {ERR_PACK(0,ENGINE_F_ENGINE_SET_ID,0), "ENGINE_set_id"},
 {ERR_PACK(0,ENGINE_F_ENGINE_SET_NAME,0),       "ENGINE_set_name"},
 {ERR_PACK(0,ENGINE_F_ENGINE_UNLOAD_KEY,0),     "ENGINE_UNLOAD_KEY"},
-{ERR_PACK(0,ENGINE_F_HWCRHK_CTRL,0),   "HWCRHK_CTRL"},
-{ERR_PACK(0,ENGINE_F_HWCRHK_FINISH,0), "HWCRHK_FINISH"},
-{ERR_PACK(0,ENGINE_F_HWCRHK_GET_PASS,0),       "HWCRHK_GET_PASS"},
-{ERR_PACK(0,ENGINE_F_HWCRHK_INIT,0),   "HWCRHK_INIT"},
-{ERR_PACK(0,ENGINE_F_HWCRHK_INSERT_CARD,0),    "HWCRHK_INSERT_CARD"},
-{ERR_PACK(0,ENGINE_F_HWCRHK_LOAD_PRIVKEY,0),   "HWCRHK_LOAD_PRIVKEY"},
-{ERR_PACK(0,ENGINE_F_HWCRHK_LOAD_PUBKEY,0),    "HWCRHK_LOAD_PUBKEY"},
-{ERR_PACK(0,ENGINE_F_HWCRHK_MOD_EXP,0),        "HWCRHK_MOD_EXP"},
-{ERR_PACK(0,ENGINE_F_HWCRHK_MOD_EXP_CRT,0),    "HWCRHK_MOD_EXP_CRT"},
-{ERR_PACK(0,ENGINE_F_HWCRHK_RAND_BYTES,0),     "HWCRHK_RAND_BYTES"},
-{ERR_PACK(0,ENGINE_F_HWCRHK_RSA_MOD_EXP,0),    "HWCRHK_RSA_MOD_EXP"},
 {ERR_PACK(0,ENGINE_F_INT_CTRL_HELPER,0),       "INT_CTRL_HELPER"},
 {ERR_PACK(0,ENGINE_F_LOG_MESSAGE,0),   "LOG_MESSAGE"},
-{ERR_PACK(0,ENGINE_F_NURON_CTRL,0),    "NURON_CTRL"},
-{ERR_PACK(0,ENGINE_F_NURON_FINISH,0),  "NURON_FINISH"},
-{ERR_PACK(0,ENGINE_F_NURON_INIT,0),    "NURON_INIT"},
-{ERR_PACK(0,ENGINE_F_NURON_MOD_EXP,0), "NURON_MOD_EXP"},
 {ERR_PACK(0,ENGINE_F_SET_DATA_CTX,0),  "SET_DATA_CTX"},
-{ERR_PACK(0,ENGINE_F_UBSEC_CTRL,0),    "UBSEC_CTRL"},
-{ERR_PACK(0,ENGINE_F_UBSEC_DSA_SIGN,0),        "UBSEC_DSA_SIGN"},
-{ERR_PACK(0,ENGINE_F_UBSEC_DSA_VERIFY,0),      "UBSEC_DSA_VERIFY"},
-{ERR_PACK(0,ENGINE_F_UBSEC_FINISH,0),  "UBSEC_FINISH"},
-{ERR_PACK(0,ENGINE_F_UBSEC_INIT,0),    "UBSEC_INIT"},
-{ERR_PACK(0,ENGINE_F_UBSEC_MOD_EXP,0), "UBSEC_MOD_EXP"},
-{ERR_PACK(0,ENGINE_F_UBSEC_RSA_MOD_EXP,0),     "UBSEC_RSA_MOD_EXP"},
-{ERR_PACK(0,ENGINE_F_UBSEC_RSA_MOD_EXP_CRT,0), "UBSEC_RSA_MOD_EXP_CRT"},
 {0,NULL}
        };
 
index b51d191..90a47a7 100644 (file)
@@ -141,11 +141,11 @@ struct engine_st
  * do not return references - they are purely for bootstrapping). */
 
 /* Returns a structure of software only methods (the default). */
-ENGINE *ENGINE_openssl();
+ENGINE *ENGINE_openssl(void);
 
 /* Returns the "dynamic" ENGINE for loading entire ENGINE implementations from
  * shared libraries. */
-ENGINE *ENGINE_dynamic();
+ENGINE *ENGINE_dynamic(void);
 
 #ifndef OPENSSL_NO_HW
 
@@ -153,24 +153,24 @@ ENGINE *ENGINE_dynamic();
 /* Returns a structure of cswift methods ... NB: This can exist and be
  * "used" even on non-cswift systems because the "init" will fail if the
  * card/library are not found. */
-ENGINE *ENGINE_cswift();
+ENGINE *ENGINE_cswift(void);
 #endif /* !OPENSSL_NO_HW_CSWIFT */
 
 #ifndef OPENSSL_NO_HW_NCIPHER
-ENGINE *ENGINE_ncipher();
+ENGINE *ENGINE_ncipher(void);
 #endif /* !OPENSSL_NO_HW_NCIPHER */
 
 #ifndef OPENSSL_NO_HW_ATALLA
 /* Returns a structure of atalla methods. */
-ENGINE *ENGINE_atalla();
+ENGINE *ENGINE_atalla(void);
 #endif /* !OPENSSL_NO_HW_ATALLA */
 
 #ifndef OPENSSL_NO_HW_NURON
-ENGINE *ENGINE_nuron();
+ENGINE *ENGINE_nuron(void);
 #endif /* !OPENSSL_NO_HW_NURON */
 
 #ifndef OPENSSL_NO_HW_UBSEC
-ENGINE *ENGINE_ubsec();
+ENGINE *ENGINE_ubsec(void);
 #endif /* !OPENSSL_NO_HW_UBSEC */
 
 #ifdef OPENSSL_OPENBSD_DEV_CRYPTO
index cd885c0..c353df9 100644 (file)
@@ -76,7 +76,7 @@ static const char *engine_openssl_name = "Software default engine support";
 
 /* As this is only ever called once, there's no need for locking
  * (indeed - the lock will already be held by our caller!!!) */
-ENGINE *ENGINE_openssl()
+ENGINE *ENGINE_openssl(void)
        {
        ENGINE *ret = ENGINE_new();
        if(!ret)
index 5deb2c4..5716c2f 100644 (file)
@@ -167,13 +167,66 @@ static DH_METHOD atalla_dh =
        };
 #endif
 
+#ifndef OPENSSL_NO_ERR
+/* Error function codes for use in atalla operation */
+#define ATALLA_F_ATALLA_INIT                   100
+#define ATALLA_F_ATALLA_FINISH                 101
+#define ATALLA_F_ATALLA_CTRL                   102
+#define ATALLA_F_ATALLA_MOD_EXP                        103
+#define ATALLA_F_ATALLA_RSA_MOD_EXP            104
+/* Error reason codes */
+#define ATALLA_R_ALREADY_LOADED                        105
+#define ATALLA_R_NOT_LOADED                    106
+#define ATALLA_R_UNIT_FAILURE                  107
+#define ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED  108
+#define ATALLA_R_BN_CTX_FULL                   109
+#define ATALLA_R_BN_EXPAND_FAIL                        110
+#define ATALLA_R_REQUEST_FAILED                        111
+#define ATALLA_R_MISSING_KEY_COMPONENTS                112
+static ERR_STRING_DATA atalla_str_functs[] =
+       {
+       /* This first element is changed to match the dynamic 'lib' number */
+{ERR_PACK(0,0,0),                              "atalla engine code"},
+{ERR_PACK(0,ATALLA_F_ATALLA_INIT,0),           "atalla_init"},
+{ERR_PACK(0,ATALLA_F_ATALLA_FINISH,0),         "atalla_finish"},
+{ERR_PACK(0,ATALLA_F_ATALLA_CTRL,0),           "atalla_ctrl"},
+{ERR_PACK(0,ATALLA_F_ATALLA_MOD_EXP,0),                "atalla_mod_exp"},
+{ERR_PACK(0,ATALLA_F_ATALLA_RSA_MOD_EXP,0),"atalla_rsa_mod_exp"},
+{ATALLA_R_ALREADY_LOADED               ,"already loaded"},
+{ATALLA_R_UNIT_FAILURE                 ,"unit failure"},
+{ATALLA_R_NOT_LOADED,                  "not loaded"},
+{ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"control command not implemented"},
+{ATALLA_R_BN_CTX_FULL                  ,"BN_CTX full"},
+{ATALLA_R_BN_EXPAND_FAIL               ,"BN_expand failed"},
+{ATALLA_R_REQUEST_FAILED               ,"request failed"},
+{ATALLA_R_MISSING_KEY_COMPONENTS       ,"missing key components"},
+{0,NULL}
+       };
+/* The library number we obtain dynamically from the ERR code */
+static int atalla_err_lib = -1;
+#define ATALLAerr(f,r) ERR_PUT_error(atalla_err_lib,(f),(r),__FILE__,__LINE__)
+static void atalla_load_error_strings(void)
+       {
+       if (atalla_err_lib < 0)
+               {
+               if((atalla_err_lib = ERR_get_next_error_library()) <= 0)
+                       return;
+               atalla_str_functs[0].error = ERR_PACK(atalla_err_lib, 0, 0);
+               ERR_load_strings(atalla_err_lib,atalla_str_functs);
+               }
+       }
+#else
+#define ATALLAerr(f,r)                                 /* NOP */
+static void atalla_load_error_strings(void) { }                /* NOP */
+#endif
+
 /* Constants used when creating the ENGINE */
 static const char *engine_atalla_id = "atalla";
 static const char *engine_atalla_name = "Atalla hardware engine support";
 
-/* As this is only ever called once, there's no need for locking
- * (indeed - the lock will already be held by our caller!!!) */
-ENGINE *ENGINE_atalla()
+/* This internal function is used by ENGINE_atalla() and possibly by the
+ * "dynamic" ENGINE support too */
+static int bind_helper(ENGINE *e)
        {
 #ifndef OPENSSL_NO_RSA
        const RSA_METHOD *meth1;
@@ -184,29 +237,23 @@ ENGINE *ENGINE_atalla()
 #ifndef OPENSSL_NO_DH
        const DH_METHOD *meth3;
 #endif
-       ENGINE *ret = ENGINE_new();
-       if(!ret)
-               return NULL;
-       if(!ENGINE_set_id(ret, engine_atalla_id) ||
-                       !ENGINE_set_name(ret, engine_atalla_name) ||
+       if(!ENGINE_set_id(e, engine_atalla_id) ||
+                       !ENGINE_set_name(e, engine_atalla_name) ||
 #ifndef OPENSSL_NO_RSA
-                       !ENGINE_set_RSA(ret, &atalla_rsa) ||
+                       !ENGINE_set_RSA(e, &atalla_rsa) ||
 #endif
 #ifndef OPENSSL_NO_DSA
-                       !ENGINE_set_DSA(ret, &atalla_dsa) ||
+                       !ENGINE_set_DSA(e, &atalla_dsa) ||
 #endif
 #ifndef OPENSSL_NO_DH
-                       !ENGINE_set_DH(ret, &atalla_dh) ||
+                       !ENGINE_set_DH(e, &atalla_dh) ||
 #endif
-                       !ENGINE_set_BN_mod_exp(ret, atalla_mod_exp) ||
-                       !ENGINE_set_init_function(ret, atalla_init) ||
-                       !ENGINE_set_finish_function(ret, atalla_finish) ||
-                       !ENGINE_set_ctrl_function(ret, atalla_ctrl) ||
-                       !ENGINE_set_cmd_defns(ret, atalla_cmd_defns))
-               {
-               ENGINE_free(ret);
-               return NULL;
-               }
+                       !ENGINE_set_BN_mod_exp(e, atalla_mod_exp) ||
+                       !ENGINE_set_init_function(e, atalla_init) ||
+                       !ENGINE_set_finish_function(e, atalla_finish) ||
+                       !ENGINE_set_ctrl_function(e, atalla_ctrl) ||
+                       !ENGINE_set_cmd_defns(e, atalla_cmd_defns))
+               return 0;
 
 #ifndef OPENSSL_NO_RSA
        /* We know that the "PKCS1_SSLeay()" functions hook properly
@@ -238,6 +285,24 @@ ENGINE *ENGINE_atalla()
        atalla_dh.generate_key = meth3->generate_key;
        atalla_dh.compute_key = meth3->compute_key;
 #endif
+
+       /* Ensure the atalla error handling is set up */
+       atalla_load_error_strings();
+       return 1;
+       }
+
+/* As this is only ever called once, there's no need for locking
+ * (indeed - the lock will already be held by our caller!!!) */
+ENGINE *ENGINE_atalla(void)
+       {
+       ENGINE *ret = ENGINE_new();
+       if(!ret)
+               return NULL;
+       if(!bind_helper(ret))
+               {
+               ENGINE_free(ret);
+               return NULL;
+               }
        return ret;
        }
 
@@ -280,7 +345,7 @@ static int atalla_init(ENGINE *e)
 
        if(atalla_dso != NULL)
                {
-               ENGINEerr(ENGINE_F_ATALLA_INIT,ENGINE_R_ALREADY_LOADED);
+               ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_ALREADY_LOADED);
                goto err;
                }
        /* Attempt to load libatasi.so/atasi.dll/whatever. Needs to be
@@ -293,7 +358,7 @@ static int atalla_init(ENGINE *e)
        atalla_dso = DSO_load(NULL, ATALLA_LIBNAME, NULL, 0);
        if(atalla_dso == NULL)
                {
-               ENGINEerr(ENGINE_F_ATALLA_INIT,ENGINE_R_DSO_FAILURE);
+               ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_NOT_LOADED);
                goto err;
                }
        if(!(p1 = (tfnASI_GetHardwareConfig *)DSO_bind_func(
@@ -303,7 +368,7 @@ static int atalla_init(ENGINE *e)
                        !(p3 = (tfnASI_GetPerformanceStatistics *)DSO_bind_func(
                                atalla_dso, ATALLA_F3)))
                {
-               ENGINEerr(ENGINE_F_ATALLA_INIT,ENGINE_R_DSO_FAILURE);
+               ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_NOT_LOADED);
                goto err;
                }
        /* Copy the pointers */
@@ -314,7 +379,7 @@ static int atalla_init(ENGINE *e)
         * running. */
        if(p1(0L, config_buf) != 0)
                {
-               ENGINEerr(ENGINE_F_ATALLA_INIT,ENGINE_R_UNIT_FAILURE);
+               ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_UNIT_FAILURE);
                goto err;
                }
        /* Everything's fine. */
@@ -332,12 +397,12 @@ static int atalla_finish(ENGINE *e)
        {
        if(atalla_dso == NULL)
                {
-               ENGINEerr(ENGINE_F_ATALLA_FINISH,ENGINE_R_NOT_LOADED);
+               ATALLAerr(ATALLA_F_ATALLA_FINISH,ATALLA_R_NOT_LOADED);
                return 0;
                }
        if(!DSO_free(atalla_dso))
                {
-               ENGINEerr(ENGINE_F_ATALLA_FINISH,ENGINE_R_DSO_FAILURE);
+               ATALLAerr(ATALLA_F_ATALLA_FINISH,ATALLA_R_UNIT_FAILURE);
                return 0;
                }
        atalla_dso = NULL;
@@ -355,12 +420,12 @@ static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
        case ATALLA_CMD_SO_PATH:
                if(p == NULL)
                        {
-                       ENGINEerr(ENGINE_F_ATALLA_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+                       ATALLAerr(ATALLA_F_ATALLA_CTRL,ERR_R_PASSED_NULL_PARAMETER);
                        return 0;
                        }
                if(initialised)
                        {
-                       ENGINEerr(ENGINE_F_ATALLA_CTRL,ENGINE_R_ALREADY_LOADED);
+                       ATALLAerr(ATALLA_F_ATALLA_CTRL,ATALLA_R_ALREADY_LOADED);
                        return 0;
                        }
                ATALLA_LIBNAME = (const char *)p;
@@ -368,7 +433,7 @@ static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
        default:
                break;
                }
-       ENGINEerr(ENGINE_F_ATALLA_CTRL,ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+       ATALLAerr(ATALLA_F_ATALLA_CTRL,ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED);
        return 0;
        }
 
@@ -391,10 +456,10 @@ static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
        to_return = 0; /* expect failure */
 
        if(!atalla_dso)
-       {
-               ENGINEerr(ENGINE_F_ATALLA_MOD_EXP,ENGINE_R_NOT_LOADED);
+               {
+               ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_NOT_LOADED);
                goto err;
-       }
+               }
        /* Prepare the params */
        BN_CTX_start(ctx);
        modulus = BN_CTX_get(ctx);
@@ -402,16 +467,16 @@ static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
        argument = BN_CTX_get(ctx);
        result = BN_CTX_get(ctx);
        if (!result)
-       {
-               ENGINEerr(ENGINE_F_ATALLA_MOD_EXP,ENGINE_R_BN_CTX_FULL);
+               {
+               ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_BN_CTX_FULL);
                goto err;
-       }
+               }
        if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, m->top) ||
           !bn_wexpand(argument, m->top) || !bn_wexpand(result, m->top))
-       {
-               ENGINEerr(ENGINE_F_ATALLA_MOD_EXP,ENGINE_R_BN_EXPAND_FAIL);
+               {
+               ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_BN_EXPAND_FAIL);
                goto err;
-       }
+               }
        /* Prepare the key-data */
        memset(&keydata, 0,sizeof keydata);
        numbytes = BN_num_bytes(m);
@@ -431,11 +496,10 @@ static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
        if(p_Atalla_RSAPrivateKeyOpFn(&keydata, (unsigned char *)result->d,
                        (unsigned char *)argument->d,
                        keydata.modulus.len) != 0)
-       {
-               ENGINEerr(ENGINE_F_ATALLA_MOD_EXP,ENGINE_R_REQUEST_FAILED);
+               {
+               ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_REQUEST_FAILED);
                goto err;
-       }
-
+               }
        /* Convert the response */
        BN_bin2bn((unsigned char *)result->d, numbytes, r);
        to_return = 1;
@@ -451,15 +515,15 @@ static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
        int to_return = 0;
 
        if(!atalla_dso)
-       {
-               ENGINEerr(ENGINE_F_ATALLA_RSA_MOD_EXP,ENGINE_R_NOT_LOADED);
+               {
+               ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP,ATALLA_R_NOT_LOADED);
                goto err;
-       }
+               }
        if((ctx = BN_CTX_new()) == NULL)
                goto err;
        if(!rsa->d || !rsa->n)
                {
-               ENGINEerr(ENGINE_F_ATALLA_RSA_MOD_EXP,ENGINE_R_MISSING_KEY_COMPONENTS);
+               ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP,ATALLA_R_MISSING_KEY_COMPONENTS);
                goto err;
                }
        to_return = atalla_mod_exp(r0, I, rsa->d, rsa->n, ctx);
@@ -523,5 +587,20 @@ static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r,
        }
 #endif
 
+/* This stuff is needed if this ENGINE is being compiled into a self-contained
+ * shared-library. */
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_fn(ENGINE *e, const char *id)
+       {
+       if(id && (strcmp(id, engine_atalla_id) != 0))
+               return 0;
+       if(!bind_helper(e))
+               return 0;
+       return 1;
+       }
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#endif /* ENGINE_DYNAMIC_SUPPORT */
+
 #endif /* !OPENSSL_NO_HW_ATALLA */
 #endif /* !OPENSSL_NO_HW */
index 5471dbe..4eab0fb 100644 (file)
@@ -179,13 +179,75 @@ static DH_METHOD cswift_dh =
        };
 #endif
 
+#ifndef OPENSSL_NO_ERR
+/* Error function codes for use in cswift operation */
+#define CSWIFT_F_CSWIFT_INIT                   100
+#define CSWIFT_F_CSWIFT_FINISH                 101
+#define CSWIFT_F_CSWIFT_CTRL                   102
+#define CSWIFT_F_CSWIFT_MOD_EXP                        103
+#define CSWIFT_F_CSWIFT_MOD_EXP_CRT            104
+#define CSWIFT_F_CSWIFT_RSA_MOD_EXP            105
+#define CSWIFT_F_CSWIFT_DSA_SIGN               106
+#define CSWIFT_F_CSWIFT_DSA_VERIFY             107
+/* Error reason codes */
+#define CSWIFT_R_ALREADY_LOADED                        108
+#define CSWIFT_R_NOT_LOADED                    109
+#define CSWIFT_R_UNIT_FAILURE                  110
+#define CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED  113
+#define CSWIFT_R_BN_CTX_FULL                   115
+#define CSWIFT_R_BN_EXPAND_FAIL                        116
+#define CSWIFT_R_BAD_KEY_SIZE                  117
+#define CSWIFT_R_REQUEST_FAILED                        118
+#define CSWIFT_R_MISSING_KEY_COMPONENTS                120
+static ERR_STRING_DATA cswift_str_functs[] =
+       {
+       /* This first element is changed to match the dynamic 'lib' number */
+{ERR_PACK(0,0,0),                              "cswift engine code"},
+{ERR_PACK(0,CSWIFT_F_CSWIFT_INIT,0),           "cswift_init"},
+{ERR_PACK(0,CSWIFT_F_CSWIFT_FINISH,0),         "cswift_finish"},
+{ERR_PACK(0,CSWIFT_F_CSWIFT_CTRL,0),           "cswift_ctrl"},
+{ERR_PACK(0,CSWIFT_F_CSWIFT_MOD_EXP,0),                "cswift_mod_exp"},
+{ERR_PACK(0,CSWIFT_F_CSWIFT_MOD_EXP_CRT,0),    "cswift_mod_exp_crt"},
+{ERR_PACK(0,CSWIFT_F_CSWIFT_RSA_MOD_EXP,0),    "cswift_rsa_mod_exp"},
+{ERR_PACK(0,CSWIFT_F_CSWIFT_DSA_SIGN,0),       "cswift_dsa_sign"},
+{ERR_PACK(0,CSWIFT_F_CSWIFT_DSA_VERIFY,0),     "cswift_dsa_verify"},
+/* Error reason codes */
+{CSWIFT_R_ALREADY_LOADED                ,"already loaded"},
+{CSWIFT_R_NOT_LOADED                    ,"not loaded"},
+{CSWIFT_R_UNIT_FAILURE                  ,"unit failure"},
+{CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED  ,"ctrl command not implemented"},
+{CSWIFT_R_BN_CTX_FULL                   ,"BN_CTX full"},
+{CSWIFT_R_BN_EXPAND_FAIL                ,"bn_expand fail"},
+{CSWIFT_R_BAD_KEY_SIZE                  ,"bad key size"},
+{CSWIFT_R_REQUEST_FAILED                ,"request failed"},
+{CSWIFT_R_MISSING_KEY_COMPONENTS        ,"missing key components"},
+{0,NULL}
+       };
+/* The library number we obtain dynamically from the ERR code */
+static int cswift_err_lib = -1;
+#define CSWIFTerr(f,r) ERR_PUT_error(cswift_err_lib,(f),(r),__FILE__,__LINE__)
+static void cswift_load_error_strings(void)
+       {
+       if(cswift_err_lib < 0)
+               {
+               if((cswift_err_lib = ERR_get_next_error_library()) <= 0)
+                       return;
+               cswift_str_functs[0].error = ERR_PACK(cswift_err_lib,0,0);
+               ERR_load_strings(cswift_err_lib, cswift_str_functs);
+               }
+       }
+#else
+#define CSWIFTerr(f,r)                                 /* NOP */
+static void cswift_load_error_strings(void) { }                /* NOP */
+#endif
+
 /* Constants used when creating the ENGINE */
 static const char *engine_cswift_id = "cswift";
 static const char *engine_cswift_name = "CryptoSwift hardware engine support";
 
-/* As this is only ever called once, there's no need for locking
- * (indeed - the lock will already be held by our caller!!!) */
-ENGINE *ENGINE_cswift()
+/* This internal function is used by ENGINE_cswift() and possibly by the
+ * "dynamic" ENGINE support too */
+static int bind_helper(ENGINE *e)
        {
 #ifndef OPENSSL_NO_RSA
        const RSA_METHOD *meth1;
@@ -193,30 +255,24 @@ ENGINE *ENGINE_cswift()
 #ifndef OPENSSL_NO_DH
        const DH_METHOD *meth2;
 #endif
-       ENGINE *ret = ENGINE_new();
-       if(!ret)
-               return NULL;
-       if(!ENGINE_set_id(ret, engine_cswift_id) ||
-                       !ENGINE_set_name(ret, engine_cswift_name) ||
+       if(!ENGINE_set_id(e, engine_cswift_id) ||
+                       !ENGINE_set_name(e, engine_cswift_name) ||
 #ifndef OPENSSL_NO_RSA
-                       !ENGINE_set_RSA(ret, &cswift_rsa) ||
+                       !ENGINE_set_RSA(e, &cswift_rsa) ||
 #endif
 #ifndef OPENSSL_NO_DSA
-                       !ENGINE_set_DSA(ret, &cswift_dsa) ||
+                       !ENGINE_set_DSA(e, &cswift_dsa) ||
 #endif
 #ifndef OPENSSL_NO_DH
-                       !ENGINE_set_DH(ret, &cswift_dh) ||
+                       !ENGINE_set_DH(e, &cswift_dh) ||
 #endif
-                       !ENGINE_set_BN_mod_exp(ret, &cswift_mod_exp) ||
-                       !ENGINE_set_BN_mod_exp_crt(ret, &cswift_mod_exp_crt) ||
-                       !ENGINE_set_init_function(ret, cswift_init) ||
-                       !ENGINE_set_finish_function(ret, cswift_finish) ||
-                       !ENGINE_set_ctrl_function(ret, cswift_ctrl) ||
-                       !ENGINE_set_cmd_defns(ret, cswift_cmd_defns))
-               {
-               ENGINE_free(ret);
-               return NULL;
-               }
+                       !ENGINE_set_BN_mod_exp(e, &cswift_mod_exp) ||
+                       !ENGINE_set_BN_mod_exp_crt(e, &cswift_mod_exp_crt) ||
+                       !ENGINE_set_init_function(e, cswift_init) ||
+                       !ENGINE_set_finish_function(e, cswift_finish) ||
+                       !ENGINE_set_ctrl_function(e, cswift_ctrl) ||
+                       !ENGINE_set_cmd_defns(e, cswift_cmd_defns))
+               return 0;
 
 #ifndef OPENSSL_NO_RSA
        /* We know that the "PKCS1_SSLeay()" functions hook properly
@@ -239,6 +295,24 @@ ENGINE *ENGINE_cswift()
        cswift_dh.generate_key = meth2->generate_key;
        cswift_dh.compute_key = meth2->compute_key;
 #endif
+
+       /* Ensure the cswift error handling is set up */
+       cswift_load_error_strings();
+       return 1;
+       }
+
+/* As this is only ever called once, there's no need for locking
+ * (indeed - the lock will already be held by our caller!!!) */
+ENGINE *ENGINE_cswift(void)
+       {
+       ENGINE *ret = ENGINE_new();
+       if(!ret)
+               return NULL;
+       if(!bind_helper(ret))
+               {
+               ENGINE_free(ret);
+               return NULL;
+               }
        return ret;
        }
 
@@ -298,14 +372,14 @@ static int cswift_init(ENGINE *e)
 
        if(cswift_dso != NULL)
                {
-               ENGINEerr(ENGINE_F_CSWIFT_INIT,ENGINE_R_ALREADY_LOADED);
+               CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_ALREADY_LOADED);
                goto err;
                }
        /* Attempt to load libswift.so/swift.dll/whatever. */
        cswift_dso = DSO_load(NULL, CSWIFT_LIBNAME, NULL, 0);
        if(cswift_dso == NULL)
                {
-               ENGINEerr(ENGINE_F_CSWIFT_INIT,ENGINE_R_DSO_FAILURE);
+               CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_NOT_LOADED);
                goto err;
                }
        if(!(p1 = (t_swAcquireAccContext *)
@@ -317,7 +391,7 @@ static int cswift_init(ENGINE *e)
                        !(p4 = (t_swReleaseAccContext *)
                                DSO_bind_func(cswift_dso, CSWIFT_F4)))
                {
-               ENGINEerr(ENGINE_F_CSWIFT_INIT,ENGINE_R_DSO_FAILURE);
+               CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_NOT_LOADED);
                goto err;
                }
        /* Copy the pointers */
@@ -329,7 +403,7 @@ static int cswift_init(ENGINE *e)
         * accelerator! */
        if(!get_context(&hac))
                {
-               ENGINEerr(ENGINE_F_CSWIFT_INIT,ENGINE_R_UNIT_FAILURE);
+               CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_UNIT_FAILURE);
                goto err;
                }
        release_context(hac);
@@ -349,12 +423,12 @@ static int cswift_finish(ENGINE *e)
        {
        if(cswift_dso == NULL)
                {
-               ENGINEerr(ENGINE_F_CSWIFT_FINISH,ENGINE_R_NOT_LOADED);
+               CSWIFTerr(CSWIFT_F_CSWIFT_FINISH,CSWIFT_R_NOT_LOADED);
                return 0;
                }
        if(!DSO_free(cswift_dso))
                {
-               ENGINEerr(ENGINE_F_CSWIFT_FINISH,ENGINE_R_DSO_FAILURE);
+               CSWIFTerr(CSWIFT_F_CSWIFT_FINISH,CSWIFT_R_UNIT_FAILURE);
                return 0;
                }
        cswift_dso = NULL;
@@ -373,14 +447,12 @@ static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
        case CSWIFT_CMD_SO_PATH:
                if(p == NULL)
                        {
-                       ENGINEerr(ENGINE_F_CSWIFT_CTRL,
-                               ERR_R_PASSED_NULL_PARAMETER);
+                       CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,ERR_R_PASSED_NULL_PARAMETER);
                        return 0;
                        }
                if(initialised)
                        {
-                       ENGINEerr(ENGINE_F_CSWIFT_CTRL,
-                               ENGINE_R_ALREADY_LOADED);
+                       CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,CSWIFT_R_ALREADY_LOADED);
                        return 0;
                        }
                CSWIFT_LIBNAME = (const char *)p;
@@ -388,7 +460,7 @@ static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
        default:
                break;
                }
-       ENGINEerr(ENGINE_F_CSWIFT_CTRL,ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+       CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED);
        return 0;
        }
 
@@ -417,7 +489,7 @@ static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
  
        if(!get_context(&hac))
                {
-               ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_GET_HANDLE_FAILED);
+               CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_UNIT_FAILURE);
                goto err;
                }
        acquired = 1;
@@ -429,13 +501,13 @@ static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
        result = BN_CTX_get(ctx);
        if(!result)
                {
-               ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_BN_CTX_FULL);
+               CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BN_CTX_FULL);
                goto err;
                }
        if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, p->top) ||
                !bn_wexpand(argument, a->top) || !bn_wexpand(result, m->top))
                {
-               ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_BN_EXPAND_FAIL);
+               CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BN_EXPAND_FAIL);
                goto err;
                }
        sw_param.type = SW_ALG_EXP;
@@ -452,13 +524,12 @@ static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
        case SW_OK:
                break;
        case SW_ERR_INPUT_SIZE:
-               ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,
-                       ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+               CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BAD_KEY_SIZE);
                goto err;
        default:
                {
                char tmpbuf[20];
-               ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_REQUEST_FAILED);
+               CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);
                sprintf(tmpbuf, "%ld", sw_status);
                ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
                }
@@ -475,7 +546,7 @@ static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                &res, 1)) != SW_OK)
                {
                char tmpbuf[20];
-               ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_REQUEST_FAILED);
+               CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);
                sprintf(tmpbuf, "%ld", sw_status);
                ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
                goto err;
@@ -511,7 +582,7 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
  
        if(!get_context(&hac))
                {
-               ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_GET_HANDLE_FAILED);
+               CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_UNIT_FAILURE);
                goto err;
                }
        acquired = 1;
@@ -526,7 +597,7 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
        result = BN_CTX_get(ctx);
        if(!result)
                {
-               ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_BN_CTX_FULL);
+               CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_CTX_FULL);
                goto err;
                }
        if(!bn_wexpand(rsa_p, p->top) || !bn_wexpand(rsa_q, q->top) ||
@@ -536,7 +607,7 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                        !bn_wexpand(argument, a->top) ||
                        !bn_wexpand(result, p->top + q->top))
                {
-               ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_BN_EXPAND_FAIL);
+               CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
                goto err;
                }
        sw_param.type = SW_ALG_CRT;
@@ -560,13 +631,12 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
        case SW_OK:
                break;
        case SW_ERR_INPUT_SIZE:
-               ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,
-                       ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+               CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BAD_KEY_SIZE);
                goto err;
        default:
                {
                char tmpbuf[20];
-               ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_REQUEST_FAILED);
+               CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);
                sprintf(tmpbuf, "%ld", sw_status);
                ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
                }
@@ -583,7 +653,7 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                &res, 1)) != SW_OK)
                {
                char tmpbuf[20];
-               ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_REQUEST_FAILED);
+               CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);
                sprintf(tmpbuf, "%ld", sw_status);
                ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
                goto err;
@@ -608,7 +678,7 @@ static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
                goto err;
        if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
                {
-               ENGINEerr(ENGINE_F_CSWIFT_RSA_MOD_EXP,ENGINE_R_MISSING_KEY_COMPONENTS);
+               CSWIFTerr(CSWIFT_F_CSWIFT_RSA_MOD_EXP,CSWIFT_R_MISSING_KEY_COMPONENTS);
                goto err;
                }
        to_return = cswift_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
@@ -648,7 +718,7 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
                goto err;
        if(!get_context(&hac))
                {
-               ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_GET_HANDLE_FAILED);
+               CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_UNIT_FAILURE);
                goto err;
                }
        acquired = 1;
@@ -661,7 +731,7 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
        result = BN_CTX_get(ctx);
        if(!result)
                {
-               ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_BN_CTX_FULL);
+               CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BN_CTX_FULL);
                goto err;
                }
        if(!bn_wexpand(dsa_p, dsa->p->top) ||
@@ -670,7 +740,7 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
                        !bn_wexpand(dsa_key, dsa->priv_key->top) ||
                        !bn_wexpand(result, dsa->p->top))
                {
-               ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_BN_EXPAND_FAIL);
+               CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BN_EXPAND_FAIL);
                goto err;
                }
        sw_param.type = SW_ALG_DSA;
@@ -693,13 +763,12 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
        case SW_OK:
                break;
        case SW_ERR_INPUT_SIZE:
-               ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,
-                       ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+               CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BAD_KEY_SIZE);
                goto err;
        default:
                {
                char tmpbuf[20];
-               ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_REQUEST_FAILED);
+               CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);
                sprintf(tmpbuf, "%ld", sw_status);
                ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
                }
@@ -717,7 +786,7 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
        if(sw_status != SW_OK)
                {
                char tmpbuf[20];
-               ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_REQUEST_FAILED);
+               CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);
                sprintf(tmpbuf, "%ld", sw_status);
                ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
                goto err;
@@ -761,7 +830,7 @@ static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
                goto err;
        if(!get_context(&hac))
                {
-               ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_GET_HANDLE_FAILED);
+               CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_UNIT_FAILURE);
                goto err;
                }
        acquired = 1;
@@ -774,7 +843,7 @@ static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
        argument = BN_CTX_get(ctx);
        if(!argument)
                {
-               ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_BN_CTX_FULL);
+               CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BN_CTX_FULL);
                goto err;
                }
        if(!bn_wexpand(dsa_p, dsa->p->top) ||
@@ -783,7 +852,7 @@ static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
                        !bn_wexpand(dsa_key, dsa->pub_key->top) ||
                        !bn_wexpand(argument, 40))
                {
-               ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_BN_EXPAND_FAIL);
+               CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BN_EXPAND_FAIL);
                goto err;
                }
        sw_param.type = SW_ALG_DSA;
@@ -806,13 +875,12 @@ static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
        case SW_OK:
                break;
        case SW_ERR_INPUT_SIZE:
-               ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,
-                       ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+               CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BAD_KEY_SIZE);
                goto err;
        default:
                {
                char tmpbuf[20];
-               ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_REQUEST_FAILED);
+               CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);
                sprintf(tmpbuf, "%ld", sw_status);
                ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
                }
@@ -834,7 +902,7 @@ static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
        if(sw_status != SW_OK)
                {
                char tmpbuf[20];
-               ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_REQUEST_FAILED);
+               CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);
                sprintf(tmpbuf, "%ld", sw_status);
                ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
                goto err;
@@ -864,5 +932,20 @@ static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r,
        }
 #endif
 
+/* This stuff is needed if this ENGINE is being compiled into a self-contained
+ * shared-library. */
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_fn(ENGINE *e, const char *id)
+       {
+       if(id && (strcmp(id, engine_cswift_id) != 0))
+               return 0;
+       if(!bind_helper(e))
+               return 0;
+       return 1;
+       }       
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#endif /* ENGINE_DYNAMIC_SUPPORT */
+
 #endif /* !OPENSSL_NO_HW_CSWIFT */
 #endif /* !OPENSSL_NO_HW */
index 8ae08de..03990c5 100644 (file)
@@ -210,6 +210,82 @@ static RAND_METHOD hwcrhk_rand =
        hwcrhk_rand_status,
        };
 
+#ifndef OPENSSL_NO_ERR
+/* Error function codes for use in hwcrhk operation */
+#define HWCRHK_F_HWCRHK_INIT                   100
+#define HWCRHK_F_HWCRHK_FINISH                 101
+#define HWCRHK_F_HWCRHK_CTRL                   102
+#define HWCRHK_F_HWCRHK_LOAD_PRIVKEY           103
+#define HWCRHK_F_HWCRHK_LOAD_PUBKEY            104
+#define HWCRHK_F_HWCRHK_MOD_EXP                        105
+#define HWCRHK_F_HWCRHK_RSA_MOD_EXP            106
+#define HWCRHK_F_HWCRHK_RAND_BYTES             107
+#define HWCRHK_F_HWCRHK_GET_PASS               108
+#define HWCRHK_F_HWCRHK_INSERT_CARD            109
+/* Error reason codes */
+#define HWCRHK_R_ALREADY_LOADED                        110
+#define HWCRHK_R_DSO_FAILURE                   111
+#define HWCRHK_R_UNIT_FAILURE                  112
+#define HWCRHK_R_NOT_LOADED                    113
+#define HWCRHK_R_BIO_WAS_FREED                 114
+#define HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED  115
+#define HWCRHK_R_NOT_INITIALISED               116
+#define HWCRHK_R_CHIL_ERROR                    117
+#define HWCRHK_R_NO_KEY                                118
+#define HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED 119
+#define HWCRHK_R_REQUEST_FALLBACK              120
+#define HWCRHK_R_REQUEST_FAILED                        121
+#define HWCRHK_R_MISSING_KEY_COMPONENTS                122
+#define HWCRHK_R_NO_CALLBACK                   123
+static ERR_STRING_DATA hwcrhk_str_functs[] =
+       {
+       /* This first element is changed to match the dynamic 'lib' number */
+{ERR_PACK(0,0,0),                              "hwcrhk engine code"},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_INIT,0),           "hwcrhk_init"},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_FINISH,0),                         ""},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_CTRL,0),                           ""},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_LOAD_PRIVKEY,0),                           ""},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_LOAD_PUBKEY,0),                            ""},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_MOD_EXP,0),                                ""},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_RSA_MOD_EXP,0),                            ""},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_RAND_BYTES,0),                             ""},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_GET_PASS,0),                               ""},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_INSERT_CARD,0),                            ""},
+/* Error reason codes */
+{HWCRHK_R_ALREADY_LOADED               ,"already loaded"},
+{HWCRHK_R_DSO_FAILURE                  ,"DSO failure"},
+{HWCRHK_R_UNIT_FAILURE                 ,"unit failure"},
+{HWCRHK_R_NOT_LOADED                   ,"not loaded"},
+{HWCRHK_R_BIO_WAS_FREED                        ,"BIO was freed"},
+{HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"},
+{HWCRHK_R_NOT_INITIALISED              ,"not initialised"},
+{HWCRHK_R_CHIL_ERROR                   ,"'chil' error"},
+{HWCRHK_R_NO_KEY                       ,"no key"},
+{HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED,"private key algorithms disabled"},
+{HWCRHK_R_REQUEST_FALLBACK             ,"request fallback"},
+{HWCRHK_R_REQUEST_FAILED               ,"request failed"},
+{HWCRHK_R_MISSING_KEY_COMPONENTS       ,"missing key components"},
+{HWCRHK_R_NO_CALLBACK                  ,"no callback"},
+{0,NULL}
+       };
+/* The library number we obtain dynamically from the ERR code */
+static int hwcrhk_err_lib = -1;
+#define HWCRHKerr(f,r) ERR_PUT_error(hwcrhk_err_lib,(f),(r),__FILE__,__LINE__)
+static void hwcrhk_load_error_strings(void)
+       {
+       if(hwcrhk_err_lib < 0)
+               {
+               if((hwcrhk_err_lib = ERR_get_next_error_library()) <= 0)
+                       return;
+               hwcrhk_str_functs[0].error = ERR_PACK(hwcrhk_err_lib,0,0);
+               ERR_load_strings(hwcrhk_err_lib, hwcrhk_str_functs);
+               }
+       }
+#else
+#define HWCRHKerr(f,r)                           /* NOP */
+static void hwcrhk_load_error_strings(void) { }         /* NOP */
+#endif
+
 /* Constants used when creating the ENGINE */
 static const char *engine_hwcrhk_id = "chil";
 static const char *engine_hwcrhk_name = "nCipher hardware engine support";
@@ -312,9 +388,9 @@ static HWCryptoHook_InitInfo hwcrhk_globals = {
 
 /* Now, to our own code */
 
-/* As this is only ever called once, there's no need for locking
- * (indeed - the lock will already be held by our caller!!!) */
-ENGINE *ENGINE_ncipher()
+/* This internal function is used by ENGINE_ncipher() and possibly by the
+ * "dynamic" ENGINE support too */
+static int bind_helper(ENGINE *e)
        {
 #ifndef OPENSSL_NO_RSA
        const RSA_METHOD *meth1;
@@ -322,29 +398,23 @@ ENGINE *ENGINE_ncipher()
 #ifndef OPENSSL_NO_DH
        const DH_METHOD *meth2;
 #endif
-       ENGINE *ret = ENGINE_new();
-       if(!ret)
-               return NULL;
-       if(!ENGINE_set_id(ret, engine_hwcrhk_id) ||
-                       !ENGINE_set_name(ret, engine_hwcrhk_name) ||
+       if(!ENGINE_set_id(e, engine_hwcrhk_id) ||
+                       !ENGINE_set_name(e, engine_hwcrhk_name) ||
 #ifndef OPENSSL_NO_RSA
-                       !ENGINE_set_RSA(ret, &hwcrhk_rsa) ||
+                       !ENGINE_set_RSA(e, &hwcrhk_rsa) ||
 #endif
 #ifndef OPENSSL_NO_DH
-                       !ENGINE_set_DH(ret, &hwcrhk_dh) ||
+                       !ENGINE_set_DH(e, &hwcrhk_dh) ||
 #endif
-                       !ENGINE_set_RAND(ret, &hwcrhk_rand) ||
-                       !ENGINE_set_BN_mod_exp(ret, hwcrhk_mod_exp) ||
-                       !ENGINE_set_init_function(ret, hwcrhk_init) ||
-                       !ENGINE_set_finish_function(ret, hwcrhk_finish) ||
-                       !ENGINE_set_ctrl_function(ret, hwcrhk_ctrl) ||
-                       !ENGINE_set_load_privkey_function(ret, hwcrhk_load_privkey) ||
-                       !ENGINE_set_load_pubkey_function(ret, hwcrhk_load_pubkey) ||
-                       !ENGINE_set_cmd_defns(ret, hwcrhk_cmd_defns))
-               {
-               ENGINE_free(ret);
-               return NULL;
-               }
+                       !ENGINE_set_RAND(e, &hwcrhk_rand) ||
+                       !ENGINE_set_BN_mod_exp(e, hwcrhk_mod_exp) ||
+                       !ENGINE_set_init_function(e, hwcrhk_init) ||
+                       !ENGINE_set_finish_function(e, hwcrhk_finish) ||
+                       !ENGINE_set_ctrl_function(e, hwcrhk_ctrl) ||
+                       !ENGINE_set_load_privkey_function(e, hwcrhk_load_privkey) ||
+                       !ENGINE_set_load_pubkey_function(e, hwcrhk_load_pubkey) ||
+                       !ENGINE_set_cmd_defns(e, hwcrhk_cmd_defns))
+               return 0;
 
 #ifndef OPENSSL_NO_RSA
        /* We know that the "PKCS1_SSLeay()" functions hook properly
@@ -367,6 +437,24 @@ ENGINE *ENGINE_ncipher()
        hwcrhk_dh.generate_key = meth2->generate_key;
        hwcrhk_dh.compute_key = meth2->compute_key;
 #endif
+
+       /* Ensure the hwcrhk error handling is set up */
+       hwcrhk_load_error_strings();
+       return 1;
+       }
+
+/* As this is only ever called once, there's no need for locking
+ * (indeed - the lock will already be held by our caller!!!) */
+ENGINE *ENGINE_ncipher(void)
+       {
+       ENGINE *ret = ENGINE_new();
+       if(!ret)
+               return NULL;
+       if(!bind_helper(ret))
+               {
+               ENGINE_free(ret);
+               return NULL;
+               }
        return ret;
        }
 
@@ -459,14 +547,14 @@ static int hwcrhk_init(ENGINE *e)
 
        if(hwcrhk_dso != NULL)
                {
-               ENGINEerr(ENGINE_F_HWCRHK_INIT,ENGINE_R_ALREADY_LOADED);
+               HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_ALREADY_LOADED);
                goto err;
                }
        /* Attempt to load libnfhwcrhk.so/nfhwcrhk.dll/whatever. */
        hwcrhk_dso = DSO_load(NULL, HWCRHK_LIBNAME, NULL, 0);
        if(hwcrhk_dso == NULL)
                {
-               ENGINEerr(ENGINE_F_HWCRHK_INIT,ENGINE_R_DSO_FAILURE);
+               HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DSO_FAILURE);
                goto err;
                }
        if(!(p1 = (HWCryptoHook_Init_t *)
@@ -490,7 +578,7 @@ static int hwcrhk_init(ENGINE *e)
                !(p9 = (HWCryptoHook_ModExpCRT_t *)
                        DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExpCRT)))
                {
-               ENGINEerr(ENGINE_F_HWCRHK_INIT,ENGINE_R_DSO_FAILURE);
+               HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DSO_FAILURE);
                goto err;
                }
        /* Copy the pointers */
@@ -523,7 +611,7 @@ static int hwcrhk_init(ENGINE *e)
         * accelerator! */
        if(!get_context(&hwcrhk_context, &password_context))
                {
-               ENGINEerr(ENGINE_F_HWCRHK_INIT,ENGINE_R_UNIT_FAILURE);
+               HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_UNIT_FAILURE);
                goto err;
                }
        /* Everything's fine. */
@@ -557,14 +645,14 @@ static int hwcrhk_finish(ENGINE *e)
        int to_return = 1;
        if(hwcrhk_dso == NULL)
                {
-               ENGINEerr(ENGINE_F_HWCRHK_FINISH,ENGINE_R_NOT_LOADED);
+               HWCRHKerr(HWCRHK_F_HWCRHK_FINISH,HWCRHK_R_NOT_LOADED);
                to_return = 0;
                goto err;
                }
        release_context(hwcrhk_context);
        if(!DSO_free(hwcrhk_dso))
                {
-               ENGINEerr(ENGINE_F_HWCRHK_FINISH,ENGINE_R_DSO_FAILURE);
+               HWCRHKerr(HWCRHK_F_HWCRHK_FINISH,HWCRHK_R_DSO_FAILURE);
                to_return = 0;
                goto err;
                }
@@ -595,12 +683,12 @@ static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
        case HWCRHK_CMD_SO_PATH:
                if(hwcrhk_dso)
                        {
-                       ENGINEerr(ENGINE_F_HWCRHK_CTRL,ENGINE_R_ALREADY_LOADED);
+                       HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,HWCRHK_R_ALREADY_LOADED);
                        return 0;
                        }
                if(p == NULL)
                        {
-                       ENGINEerr(ENGINE_F_HWCRHK_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+                       HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,ERR_R_PASSED_NULL_PARAMETER);
                        return 0;
                        }
                HWCRHK_LIBNAME = (const char *)p;
@@ -618,7 +706,7 @@ static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
                if (CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO) > 1)
                        logstream = bio;
                else
-                       ENGINEerr(ENGINE_F_HWCRHK_CTRL,ENGINE_R_BIO_WAS_FREED);
+                       HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,HWCRHK_R_BIO_WAS_FREED);
                }
                CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
                break;
@@ -668,8 +756,8 @@ static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
 
        /* The command isn't understood by this engine */
        default:
-               ENGINEerr(ENGINE_F_HWCRHK_CTRL,
-                       ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+               HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,
+                       HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
                to_return = 0;
                break;
                }
@@ -695,15 +783,15 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
 
        if(!hwcrhk_context)
                {
-               ENGINEerr(ENGINE_F_HWCRHK_LOAD_PRIVKEY,
-                       ENGINE_R_NOT_INITIALISED);
+               HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
+                       HWCRHK_R_NOT_INITIALISED);
                goto err;
                }
 #ifndef OPENSSL_NO_RSA
        hptr = OPENSSL_malloc(sizeof(HWCryptoHook_RSAKeyHandle));
        if (!hptr)
                {
-               ENGINEerr(ENGINE_F_HWCRHK_LOAD_PRIVKEY,
+               HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
                        ERR_R_MALLOC_FAILURE);
                goto err;
                }
@@ -712,15 +800,15 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
        if (p_hwcrhk_RSALoadKey(hwcrhk_context, key_id, hptr,
                &rmsg, &ppctx))
                {
-               ENGINEerr(ENGINE_F_HWCRHK_LOAD_PRIVKEY,
-                       ENGINE_R_CHIL_ERROR);
+               HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
+                       HWCRHK_R_CHIL_ERROR);
                ERR_add_error_data(1,rmsg.buf);
                goto err;
                }
        if (!*hptr)
                {
-               ENGINEerr(ENGINE_F_HWCRHK_LOAD_PRIVKEY,
-                       ENGINE_R_NO_KEY);
+               HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
+                       HWCRHK_R_NO_KEY);
                goto err;
                }
 #endif
@@ -735,7 +823,7 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
        if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg)
                != HWCRYPTOHOOK_ERROR_MPISIZE)
                {
-               ENGINEerr(ENGINE_F_HWCRHK_LOAD_PUBKEY,ENGINE_R_CHIL_ERROR);
+               HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,HWCRHK_R_CHIL_ERROR);
                ERR_add_error_data(1,rmsg.buf);
                goto err;
                }
@@ -747,8 +835,8 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
 
        if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg))
                {
-               ENGINEerr(ENGINE_F_HWCRHK_LOAD_PUBKEY,
-                       ENGINE_R_CHIL_ERROR);
+               HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,
+                       HWCRHK_R_CHIL_ERROR);
                ERR_add_error_data(1,rmsg.buf);
                goto err;
                }
@@ -762,8 +850,8 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
 #endif
 
         if (!res)
-                ENGINEerr(ENGINE_F_HWCRHK_LOAD_PUBKEY,
-                        ENGINE_R_PRIVATE_KEY_ALGORITHMS_DISABLED);
+                HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,
+                        HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED);
 
        return res;
  err:
@@ -804,8 +892,8 @@ static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
                        }
 #endif
                default:
-                       ENGINEerr(ENGINE_F_HWCRHK_LOAD_PUBKEY,
-                               ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+                       HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,
+                               HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
                        goto err;
                        }
 
@@ -834,7 +922,7 @@ static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 
        if(!hwcrhk_context)
                {
-               ENGINEerr(ENGINE_F_HWCRHK_MOD_EXP,ENGINE_R_NOT_INITIALISED);
+               HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_NOT_INITIALISED);
                goto err;
                }
        /* Prepare the params */
@@ -858,11 +946,11 @@ static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                   might be a good thing. */
                if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
                        {
-                       ENGINEerr(ENGINE_F_HWCRHK_MOD_EXP,ENGINE_R_REQUEST_FALLBACK);
+                       HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_REQUEST_FALLBACK);
                        }
                else
                        {
-                       ENGINEerr(ENGINE_F_HWCRHK_MOD_EXP,ENGINE_R_REQUEST_FAILED);
+                       HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_REQUEST_FAILED);
                        }
                ERR_add_error_data(1,rmsg.buf);
                goto err;
@@ -883,7 +971,7 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa)
 
        if(!hwcrhk_context)
                {
-               ENGINEerr(ENGINE_F_HWCRHK_MOD_EXP,ENGINE_R_NOT_INITIALISED);
+               HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_NOT_INITIALISED);
                goto err;
                }
 
@@ -897,8 +985,8 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa)
 
                if(!rsa->n)
                        {
-                       ENGINEerr(ENGINE_F_HWCRHK_RSA_MOD_EXP,
-                               ENGINE_R_MISSING_KEY_COMPONENTS);
+                       HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+                               HWCRHK_R_MISSING_KEY_COMPONENTS);
                        goto err;
                        }
 
@@ -924,11 +1012,13 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa)
                           might be a good thing. */
                        if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
                                {
-                               ENGINEerr(ENGINE_F_HWCRHK_RSA_MOD_EXP,ENGINE_R_REQUEST_FALLBACK);
+                               HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+                                       HWCRHK_R_REQUEST_FALLBACK);
                                }
                        else
                                {
-                               ENGINEerr(ENGINE_F_HWCRHK_RSA_MOD_EXP,ENGINE_R_REQUEST_FAILED);
+                               HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+                                       HWCRHK_R_REQUEST_FAILED);
                                }
                        ERR_add_error_data(1,rmsg.buf);
                        goto err;
@@ -940,8 +1030,8 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa)
 
                if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
                        {
-                       ENGINEerr(ENGINE_F_HWCRHK_RSA_MOD_EXP,
-                               ENGINE_R_MISSING_KEY_COMPONENTS);
+                       HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+                               HWCRHK_R_MISSING_KEY_COMPONENTS);
                        goto err;
                        }
 
@@ -973,11 +1063,13 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa)
                           might be a good thing. */
                        if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
                                {
-                               ENGINEerr(ENGINE_F_HWCRHK_RSA_MOD_EXP,ENGINE_R_REQUEST_FALLBACK);
+                               HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+                                       HWCRHK_R_REQUEST_FALLBACK);
                                }
                        else
                                {
-                               ENGINEerr(ENGINE_F_HWCRHK_RSA_MOD_EXP,ENGINE_R_REQUEST_FAILED);
+                               HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+                                       HWCRHK_R_REQUEST_FAILED);
                                }
                        ERR_add_error_data(1,rmsg.buf);
                        goto err;
@@ -1018,7 +1110,7 @@ static int hwcrhk_rand_bytes(unsigned char *buf, int num)
 
        if(!hwcrhk_context)
                {
-               ENGINEerr(ENGINE_F_HWCRHK_RAND_BYTES,ENGINE_R_NOT_INITIALISED);
+               HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES,HWCRHK_R_NOT_INITIALISED);
                goto err;
                }
 
@@ -1030,11 +1122,13 @@ static int hwcrhk_rand_bytes(unsigned char *buf, int num)
                   might be a good thing. */
                if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
                        {
-                       ENGINEerr(ENGINE_F_HWCRHK_RAND_BYTES,ENGINE_R_REQUEST_FALLBACK);
+                       HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES,
+                               HWCRHK_R_REQUEST_FALLBACK);
                        }
                else
                        {
-                       ENGINEerr(ENGINE_F_HWCRHK_RAND_BYTES,ENGINE_R_REQUEST_FAILED);
+                       HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES,
+                               HWCRHK_R_REQUEST_FAILED);
                        }
                ERR_add_error_data(1,rmsg.buf);
                goto err;
@@ -1135,7 +1229,7 @@ static int hwcrhk_get_pass(const char *prompt_info,
                }
        if (callback == NULL && ui_method == NULL)
                {
-               ENGINEerr(ENGINE_F_HWCRHK_GET_PASS,ENGINE_R_NO_CALLBACK);
+               HWCRHKerr(HWCRHK_F_HWCRHK_GET_PASS,HWCRHK_R_NO_CALLBACK);
                return -1;
                }
 
@@ -1203,44 +1297,45 @@ static int hwcrhk_insert_card(const char *prompt_info,
                }
        if (ui_method == NULL)
                {
-               ENGINEerr(ENGINE_F_HWCRHK_INSERT_CARD,ENGINE_R_NO_CALLBACK);
+               HWCRHKerr(HWCRHK_F_HWCRHK_INSERT_CARD,
+                       HWCRHK_R_NO_CALLBACK);
                return -1;
                }
 
-        ui = UI_new_method(ui_method);
+       ui = UI_new_method(ui_method);
 
-        if (ui)
-                {
-                char answer;
-                char buf[BUFSIZ];
-
-                if (wrong_info)
-                        BIO_snprintf(buf, sizeof(buf)-1,
-                                "Current card: \"%s\"\n", wrong_info);
-                ok = UI_dup_info_string(ui, buf);
-                if (ok >= 0 && prompt_info)
-                        {
-                        BIO_snprintf(buf, sizeof(buf)-1,
-                                "Insert card \"%s\"", prompt_info);
+       if (ui)
+               {
+               char answer;
+               char buf[BUFSIZ];
+
+               if (wrong_info)
+                       BIO_snprintf(buf, sizeof(buf)-1,
+                               "Current card: \"%s\"\n", wrong_info);
+               ok = UI_dup_info_string(ui, buf);
+               if (ok >= 0 && prompt_info)
+                       {
+                       BIO_snprintf(buf, sizeof(buf)-1,
+                               "Insert card \"%s\"", prompt_info);
                        ok = UI_dup_input_boolean(ui, buf,
                                "\n then hit <enter> or C<enter> to cancel\n",
                                "\r\n", "Cc", UI_INPUT_FLAG_ECHO, &answer);
-                        }
-                UI_add_user_data(ui, callback_data);
+                       }
+               UI_add_user_data(ui, callback_data);
 
-                if (ok >= 0)
-                        ok = UI_process(ui);
-                UI_free(ui);
+               if (ok >= 0)
+                       ok = UI_process(ui);
+               UI_free(ui);
 
-                if (ok == -2 || (ok >= 0 && answer == 'C'))
-                        ok = 1;
+               if (ok == -2 || (ok >= 0 && answer == 'C'))
+                       ok = 1;
                else if (ok < 0)
                        ok = -1;
                else
                        ok = 0;
-                }
-        return ok;
-        }
+               }
+       return ok;
+       }
 
 static void hwcrhk_log_message(void *logstr, const char *message)
        {
@@ -1256,5 +1351,20 @@ static void hwcrhk_log_message(void *logstr, const char *message)
        CRYPTO_w_unlock(CRYPTO_LOCK_BIO);
        }
 
+/* This stuff is needed if this ENGINE is being compiled into a self-contained
+ * shared-library. */     
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_fn(ENGINE *e, const char *id)
+       {
+       if(id && (strcmp(id, engine_hwcrhk_id) != 0))
+               return 0;
+       if(!bind_helper(e))
+               return 0;
+       return 1;
+       }       
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#endif /* ENGINE_DYNAMIC_SUPPORT */
+
 #endif /* !OPENSSL_NO_HW_NCIPHER */
 #endif /* !OPENSSL_NO_HW */
index 06eafa7..1a8570c 100644 (file)
@@ -80,6 +80,56 @@ static const ENGINE_CMD_DEFN nuron_cmd_defns[] = {
        {0, NULL, NULL, 0}
        };
 
+#ifndef OPENSSL_NO_ERR
+/* Error function codes for use in nuron operation */
+#define NURON_F_NURON_INIT                     100
+#define NURON_F_NURON_FINISH                   101
+#define NURON_F_NURON_CTRL                     102
+#define NURON_F_NURON_MOD_EXP                  103
+/* Error reason codes */
+#define NURON_R_ALREADY_LOADED                 104
+#define NURON_R_DSO_NOT_FOUND                  105
+#define NURON_R_DSO_FUNCTION_NOT_FOUND         106
+#define NURON_R_NOT_LOADED                     107
+#define NURON_R_DSO_FAILURE                    108
+#define NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED   109
+#define NURON_R_NOT_LOADED                     110
+static ERR_STRING_DATA nuron_str_functs[] =
+       {
+       /* This first element is changed to match the dynamic 'lib' number */
+{ERR_PACK(0,0,0),                              "nuron engine code"},
+{ERR_PACK(0,NURON_F_NURON_INIT,0),             "nuron_init"},
+{ERR_PACK(0,NURON_F_NURON_FINISH,0),           "nuron_finish"},
+{ERR_PACK(0,NURON_F_NURON_CTRL,0),             "nuron_ctrl"},
+{ERR_PACK(0,NURON_F_NURON_MOD_EXP,0),          "nuron_mod_exp"},
+/* Error reason codes */
+{NURON_R_ALREADY_LOADED                        ,"already loaded"},
+{NURON_R_DSO_NOT_FOUND                 ,"DSO not found"},
+{NURON_R_DSO_FUNCTION_NOT_FOUND                ,"DSO function not found"},
+{NURON_R_NOT_LOADED                    ,"not loaded"},
+{NURON_R_DSO_FAILURE                   ,"DSO failure"},
+{NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED  ,"ctrl command not implemented"},
+{NURON_R_NOT_LOADED                    ,"not loaded"},
+{0,NULL}
+       };
+/* The library number we obtain dynamically from the ERR code */
+static int nuron_err_lib = -1;
+#define NURONerr(f,r) ERR_PUT_error(nuron_err_lib,(f),(r),__FILE__,__LINE__)
+static void nuron_load_error_strings(void)
+       {
+       if(nuron_err_lib < 0)
+               {
+               if((nuron_err_lib = ERR_get_next_error_library()) <= 0)
+                       return;
+               nuron_str_functs[0].error = ERR_PACK(nuron_err_lib,0,0);
+               ERR_load_strings(nuron_err_lib, nuron_str_functs);
+               }
+       }
+#else
+#define NURONerr(f,r)                            /* NOP */
+static void nuron_load_error_strings(void) { }  /* NOP */
+#endif
+
 typedef int tfnModExp(BIGNUM *r,const BIGNUM *a,const BIGNUM *p,const BIGNUM *m);
 static tfnModExp *pfnModExp = NULL;
 
@@ -89,7 +139,7 @@ static int nuron_init(ENGINE *e)
        {
        if(pvDSOHandle != NULL)
                {
-               ENGINEerr(ENGINE_F_NURON_INIT,ENGINE_R_ALREADY_LOADED);
+               NURONerr(NURON_F_NURON_INIT,NURON_R_ALREADY_LOADED);
                return 0;
                }
 
@@ -97,14 +147,14 @@ static int nuron_init(ENGINE *e)
                DSO_FLAG_NAME_TRANSLATION_EXT_ONLY);
        if(!pvDSOHandle)
                {
-               ENGINEerr(ENGINE_F_NURON_INIT,ENGINE_R_DSO_NOT_FOUND);
+               NURONerr(NURON_F_NURON_INIT,NURON_R_DSO_NOT_FOUND);
                return 0;
                }
 
        pfnModExp = (tfnModExp *)DSO_bind_func(pvDSOHandle, NURON_F1);
        if(!pfnModExp)
                {
-               ENGINEerr(ENGINE_F_NURON_INIT,ENGINE_R_DSO_FUNCTION_NOT_FOUND);
+               NURONerr(NURON_F_NURON_INIT,NURON_R_DSO_FUNCTION_NOT_FOUND);
                return 0;
                }
 
@@ -115,12 +165,12 @@ static int nuron_finish(ENGINE *e)
        {
        if(pvDSOHandle == NULL)
                {
-               ENGINEerr(ENGINE_F_NURON_FINISH,ENGINE_R_NOT_LOADED);
+               NURONerr(NURON_F_NURON_FINISH,NURON_R_NOT_LOADED);
                return 0;
                }
        if(!DSO_free(pvDSOHandle))
                {
-               ENGINEerr(ENGINE_F_NURON_FINISH,ENGINE_R_DSO_FAILURE);
+               NURONerr(NURON_F_NURON_FINISH,NURON_R_DSO_FAILURE);
                return 0;
                }
        pvDSOHandle=NULL;
@@ -136,12 +186,12 @@ static int nuron_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
        case NURON_CMD_SO_PATH:
                if(p == NULL)
                        {
-                       ENGINEerr(ENGINE_F_NURON_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+                       NURONerr(NURON_F_NURON_CTRL,ERR_R_PASSED_NULL_PARAMETER);
                        return 0;
                        }
                if(initialised)
                        {
-                       ENGINEerr(ENGINE_F_NURON_CTRL,ENGINE_R_ALREADY_LOADED);
+                       NURONerr(NURON_F_NURON_CTRL,NURON_R_ALREADY_LOADED);
                        return 0;
                        }
                NURON_LIBNAME = (const char *)p;
@@ -149,7 +199,7 @@ static int nuron_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
        default:
                break;
                }
-       ENGINEerr(ENGINE_F_NURON_CTRL,ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+       NURONerr(NURON_F_NURON_CTRL,NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED);
        return 0;
 }
 
@@ -158,7 +208,7 @@ static int nuron_mod_exp(BIGNUM *r,const BIGNUM *a,const BIGNUM *p,
        {
        if(!pvDSOHandle)
                {
-               ENGINEerr(ENGINE_F_NURON_MOD_EXP,ENGINE_R_NOT_LOADED);
+               NURONerr(NURON_F_NURON_MOD_EXP,NURON_R_NOT_LOADED);
                return 0;
                }
        return pfnModExp(r,a,p,m);
@@ -281,9 +331,9 @@ static DH_METHOD nuron_dh =
 static const char *engine_nuron_id = "nuron";
 static const char *engine_nuron_name = "Nuron hardware engine support";
 
-/* As this is only ever called once, there's no need for locking
- * (indeed - the lock will already be held by our caller!!!) */
-ENGINE *ENGINE_nuron()
+/* This internal function is used by ENGINE_nuron() and possibly by the
+ * "dynamic" ENGINE support too */
+static int bind_helper(ENGINE *e)
        {
 #ifndef OPENSSL_NO_RSA
        const RSA_METHOD *meth1;
@@ -294,29 +344,23 @@ ENGINE *ENGINE_nuron()
 #ifndef OPENSSL_NO_DH
        const DH_METHOD *meth3;
 #endif
-       ENGINE *ret = ENGINE_new();
-       if(!ret)
-               return NULL;
-       if(!ENGINE_set_id(ret, engine_nuron_id) ||
-                       !ENGINE_set_name(ret, engine_nuron_name) ||
+       if(!ENGINE_set_id(e, engine_nuron_id) ||
+                       !ENGINE_set_name(e, engine_nuron_name) ||
 #ifndef OPENSSL_NO_RSA
-                       !ENGINE_set_RSA(ret, &nuron_rsa) ||
+                       !ENGINE_set_RSA(e, &nuron_rsa) ||
 #endif
 #ifndef OPENSSL_NO_DSA
-                       !ENGINE_set_DSA(ret, &nuron_dsa) ||
+                       !ENGINE_set_DSA(e, &nuron_dsa) ||
 #endif
 #ifndef OPENSSL_NO_DH
-                       !ENGINE_set_DH(ret, &nuron_dh) ||
+                       !ENGINE_set_DH(e, &nuron_dh) ||
 #endif
-                       !ENGINE_set_BN_mod_exp(ret, nuron_mod_exp) ||
-                       !ENGINE_set_init_function(ret, nuron_init) ||
-                       !ENGINE_set_finish_function(ret, nuron_finish) ||
-                       !ENGINE_set_ctrl_function(ret, nuron_ctrl) ||
-                       !ENGINE_set_cmd_defns(ret, nuron_cmd_defns))
-               {
-               ENGINE_free(ret);
-               return NULL;
-               }
+                       !ENGINE_set_BN_mod_exp(e, nuron_mod_exp) ||
+                       !ENGINE_set_init_function(e, nuron_init) ||
+                       !ENGINE_set_finish_function(e, nuron_finish) ||
+                       !ENGINE_set_ctrl_function(e, nuron_ctrl) ||
+                       !ENGINE_set_cmd_defns(e, nuron_cmd_defns))
+               return 0;
 
 #ifndef OPENSSL_NO_RSA
        /* We know that the "PKCS1_SSLeay()" functions hook properly
@@ -348,8 +392,41 @@ ENGINE *ENGINE_nuron()
        nuron_dh.generate_key=meth3->generate_key;
        nuron_dh.compute_key=meth3->compute_key;
 #endif
+
+       /* Ensure the nuron error handling is set up */
+       nuron_load_error_strings();
+       return 1;
+       }
+
+/* As this is only ever called once, there's no need for locking
+ * (indeed - the lock will already be held by our caller!!!) */
+ENGINE *ENGINE_nuron(void)
+       {
+       ENGINE *ret = ENGINE_new();
+       if(!ret)
+               return NULL;
+       if(!bind_helper(ret))
+               {
+               ENGINE_free(ret);
+               return NULL;
+               }
        return ret;
        }
 
+/* This stuff is needed if this ENGINE is being compiled into a self-contained
+ * shared-library. */     
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_fn(ENGINE *e, const char *id)
+       {
+       if(id && (strcmp(id, engine_nuron_id) != 0))
+               return 0;
+       if(!bind_helper(e))
+               return 0;
+       return 1;
+       }       
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#endif /* ENGINE_DYNAMIC_SUPPORT */
+
 #endif /* !OPENSSL_NO_HW_NURON */
 #endif /* !OPENSSL_NO_HW */
index f8f1d41..f2d5a34 100644 (file)
@@ -173,13 +173,75 @@ static DH_METHOD ubsec_dh =
        };
 #endif
 
+#ifndef OPENSSL_NO_ERR
+/* Error function codes for use in ubsec operation */
+#define UBSEC_F_UBSEC_INIT                     100
+#define UBSEC_F_UBSEC_FINISH                   101
+#define UBSEC_F_UBSEC_CTRL                     102
+#define UBSEC_F_UBSEC_MOD_EXP                  103
+#define UBSEC_F_UBSEC_RSA_MOD_EXP              104
+#define UBSEC_F_UBSEC_RSA_MOD_EXP_CRT          105
+#define UBSEC_F_UBSEC_DSA_SIGN                 106
+#define UBSEC_F_UBSEC_DSA_VERIFY               107
+/* Error reason codes */
+#define UBSEC_R_ALREADY_LOADED                 108
+#define UBSEC_R_DSO_FAILURE                    109
+#define UBSEC_R_UNIT_FAILURE                   110
+#define UBSEC_R_NOT_LOADED                     111
+#define UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED   112
+#define UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL    113
+#define UBSEC_R_BN_EXPAND_FAIL                 114
+#define UBSEC_R_REQUEST_FAILED                 115
+#define UBSEC_R_MISSING_KEY_COMPONENTS         116
+static ERR_STRING_DATA ubsec_str_functs[] =
+       {
+       /* This first element is changed to match the dynamic 'lib' number */
+{ERR_PACK(0,0,0),                              "ubsec engine code"},
+{ERR_PACK(0,UBSEC_F_UBSEC_INIT,0),             "ubsec_init"},
+{ERR_PACK(0,UBSEC_F_UBSEC_FINISH,0),           "ubsec_finish"},
+{ERR_PACK(0,UBSEC_F_UBSEC_CTRL,0),             "ubsec_ctrl"},
+{ERR_PACK(0,UBSEC_F_UBSEC_MOD_EXP,0),          "ubsec_mod_exp"},
+{ERR_PACK(0,UBSEC_F_UBSEC_RSA_MOD_EXP,0),      "ubsec_rsa_mod_exp"},
+{ERR_PACK(0,UBSEC_F_UBSEC_RSA_MOD_EXP_CRT,0),  "ubsec_rsa_mod_exp_crt"},
+{ERR_PACK(0,UBSEC_F_UBSEC_DSA_SIGN,0),         "ubsec_dsa_sign"},
+{ERR_PACK(0,UBSEC_F_UBSEC_DSA_VERIFY,0),       "ubsec_dsa_verify"},
+/* Error reason codes */
+{UBSEC_R_ALREADY_LOADED                        ,"already loaded"},
+{UBSEC_R_DSO_FAILURE                   ,"DSO failure"},
+{UBSEC_R_UNIT_FAILURE                  ,"unit failure"},
+{UBSEC_R_NOT_LOADED                    ,"not loaded"},
+{UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED  ,"ctrl command not implemented"},
+{UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL   ,"size too large or too small"},
+{UBSEC_R_BN_EXPAND_FAIL                        ,"bn_expand fail"},
+{UBSEC_R_REQUEST_FAILED                        ,"request failed"},
+{UBSEC_R_MISSING_KEY_COMPONENTS                ,"missing key components"},
+{0,NULL}
+       };
+/* The library number we obtain dynamically from the ERR code */
+static int ubsec_err_lib = -1;
+#define UBSECerr(f,r) ERR_PUT_error(ubsec_err_lib,(f),(r),__FILE__,__LINE__)
+static void ubsec_load_error_strings(void)
+       {
+       if(ubsec_err_lib < 0)
+               {
+               if((ubsec_err_lib = ERR_get_next_error_library()) <= 0)
+                       return;
+               ubsec_str_functs[0].error = ERR_PACK(ubsec_err_lib,0,0);
+               ERR_load_strings(ubsec_err_lib, ubsec_str_functs);
+               }
+       }
+#else
+#define UBSECerr(f,r)                            /* NOP */
+static void ubsec_load_error_strings(void) { }  /* NOP */
+#endif
+
 /* Constants used when creating the ENGINE */
 static const char *engine_ubsec_id = "ubsec";
 static const char *engine_ubsec_name = "UBSEC hardware engine support";
 
-/* As this is only ever called once, there's no need for locking
- * (indeed - the lock will already be held by our caller!!!) */
-ENGINE *ENGINE_ubsec()
+/* This internal function is used by ENGINE_ubsec() and possibly by the
+ * "dynamic" ENGINE support too */
+static int bind_helper(ENGINE *e)
        {
 #ifndef OPENSSL_NO_RSA
        const RSA_METHOD *meth1;
@@ -189,30 +251,24 @@ ENGINE *ENGINE_ubsec()
        const DH_METHOD *meth3;
 #endif /* HAVE_UBSEC_DH */
 #endif
-       ENGINE *ret = ENGINE_new();
-       if(!ret)
-               return NULL;
-       if(!ENGINE_set_id(ret, engine_ubsec_id) ||
-                       !ENGINE_set_name(ret, engine_ubsec_name) ||
+       if(!ENGINE_set_id(e, engine_ubsec_id) ||
+                       !ENGINE_set_name(e, engine_ubsec_name) ||
 #ifndef OPENSSL_NO_RSA
-                       !ENGINE_set_RSA(ret, &ubsec_rsa) ||
+                       !ENGINE_set_RSA(e, &ubsec_rsa) ||
 #endif
 #ifndef OPENSSL_NO_DSA
-                       !ENGINE_set_DSA(ret, &ubsec_dsa) ||
+                       !ENGINE_set_DSA(e, &ubsec_dsa) ||
 #endif
 #ifndef OPENSSL_NO_DH
-                       !ENGINE_set_DH(ret, &ubsec_dh) ||
-#endif
-                       !ENGINE_set_BN_mod_exp(ret, ubsec_mod_exp) ||
-                       !ENGINE_set_BN_mod_exp_crt(ret, ubsec_mod_exp_crt) ||
-                       !ENGINE_set_init_function(ret, ubsec_init) ||
-                       !ENGINE_set_finish_function(ret, ubsec_finish) ||
-                       !ENGINE_set_ctrl_function(ret, ubsec_ctrl) ||
-                       !ENGINE_set_cmd_defns(ret, ubsec_cmd_defns))
-               {
-               ENGINE_free(ret);
-               return NULL;
-               }
+                       !ENGINE_set_DH(e, &ubsec_dh) ||
+#endif
+                       !ENGINE_set_BN_mod_exp(e, ubsec_mod_exp) ||
+                       !ENGINE_set_BN_mod_exp_crt(e, ubsec_mod_exp_crt) ||
+                       !ENGINE_set_init_function(e, ubsec_init) ||
+                       !ENGINE_set_finish_function(e, ubsec_finish) ||
+                       !ENGINE_set_ctrl_function(e, ubsec_ctrl) ||
+                       !ENGINE_set_cmd_defns(e, ubsec_cmd_defns))
+               return 0;
 
 #ifndef OPENSSL_NO_RSA
        /* We know that the "PKCS1_SSLeay()" functions hook properly
@@ -238,6 +294,23 @@ ENGINE *ENGINE_ubsec()
 #endif /* HAVE_UBSEC_DH */
 #endif
 
+       /* Ensure the ubsec error handling is set up */
+       ubsec_load_error_strings();
+       return 1;
+       }
+
+/* As this is only ever called once, there's no need for locking
+ * (indeed - the lock will already be held by our caller!!!) */
+ENGINE *ENGINE_ubsec(void)
+       {
+       ENGINE *ret = ENGINE_new();
+       if(!ret)
+               return NULL;
+       if(!bind_helper(ret))
+               {
+               ENGINE_free(ret);
+               return NULL;
+               }
        return ret;
        }
 
@@ -322,7 +395,7 @@ static int ubsec_init(ENGINE *e)
 
        if(ubsec_dso != NULL)
                {
-               ENGINEerr(ENGINE_F_UBSEC_INIT, ENGINE_R_ALREADY_LOADED);
+               UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_ALREADY_LOADED);
                goto err;
                }
        /* 
@@ -331,7 +404,7 @@ static int ubsec_init(ENGINE *e)
        ubsec_dso = DSO_load(NULL, UBSEC_LIBNAME, NULL, 0);
        if(ubsec_dso == NULL)
                {
-               ENGINEerr(ENGINE_F_UBSEC_INIT, ENGINE_R_DSO_FAILURE);
+               UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_DSO_FAILURE);
                goto err;
                }
 
@@ -358,7 +431,7 @@ static int ubsec_init(ENGINE *e)
                                DSO_bind_func(ubsec_dso, UBSEC_F11)) ||
        !(p12 = (t_UBSEC_rng_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F12)))
                {
-               ENGINEerr(ENGINE_F_UBSEC_INIT, ENGINE_R_DSO_FAILURE);
+               UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_DSO_FAILURE);
                goto err;
                }
 
@@ -390,7 +463,7 @@ static int ubsec_init(ENGINE *e)
                }
        else
                {
-               ENGINEerr(ENGINE_F_UBSEC_INIT, ENGINE_R_UNIT_FAILURE);
+               UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
                }
 
 err:
@@ -422,12 +495,12 @@ static int ubsec_finish(ENGINE *e)
        {
        if(ubsec_dso == NULL)
                {
-               ENGINEerr(ENGINE_F_UBSEC_FINISH, ENGINE_R_NOT_LOADED);
+               UBSECerr(UBSEC_F_UBSEC_FINISH, UBSEC_R_NOT_LOADED);
                return 0;
                }
        if(!DSO_free(ubsec_dso))
                {
-               ENGINEerr(ENGINE_F_UBSEC_FINISH, ENGINE_R_DSO_FAILURE);
+               UBSECerr(UBSEC_F_UBSEC_FINISH, UBSEC_R_DSO_FAILURE);
                return 0;
                }
        ubsec_dso = NULL;
@@ -460,12 +533,12 @@ static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
        case UBSEC_CMD_SO_PATH:
                if(p == NULL)
                        {
-                       ENGINEerr(ENGINE_F_UBSEC_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+                       UBSECerr(UBSEC_F_UBSEC_CTRL,ERR_R_PASSED_NULL_PARAMETER);
                        return 0;
                        }
                if(initialised)
                        {
-                       ENGINEerr(ENGINE_F_UBSEC_CTRL,ENGINE_R_ALREADY_LOADED);
+                       UBSECerr(UBSEC_F_UBSEC_CTRL,UBSEC_R_ALREADY_LOADED);
                        return 0;
                        }
                UBSEC_LIBNAME = (const char *)p;
@@ -473,7 +546,7 @@ static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
        default:
                break;
                }
-       ENGINEerr(ENGINE_F_UBSEC_CTRL,ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+       UBSECerr(UBSEC_F_UBSEC_CTRL,UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED);
        return 0;
        }
 
@@ -485,27 +558,27 @@ static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 
        if(ubsec_dso == NULL)
        {
-               ENGINEerr(ENGINE_F_UBSEC_MOD_EXP, ENGINE_R_NOT_LOADED);
+               UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_NOT_LOADED);
                return 0;
        }
 
        /* Check if hardware can't handle this argument. */
        y_len = BN_num_bits(m);
        if (y_len > 1024) {
-               ENGINEerr(ENGINE_F_UBSEC_MOD_EXP, ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+               UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
                return 0;
        } 
 
        if(!bn_wexpand(r, m->top))
        {
-               ENGINEerr(ENGINE_F_UBSEC_MOD_EXP, ENGINE_R_BN_EXPAND_FAIL);
+               UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_BN_EXPAND_FAIL);
                return 0;
        }
        memset(r->d, 0, BN_num_bytes(m));
 
        if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
                fd = 0;
-               ENGINEerr(ENGINE_F_UBSEC_INIT, ENGINE_R_UNIT_FAILURE);
+               UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
                return 0;
        }
 
@@ -513,7 +586,7 @@ static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                (unsigned char *)m->d, BN_num_bits(m), (unsigned char *)p->d, 
                BN_num_bits(p), (unsigned char *)r->d, &y_len) != 0)
        {
-               ENGINEerr(ENGINE_F_UBSEC_MOD_EXP, ENGINE_R_REQUEST_FAILED);
+               UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_REQUEST_FAILED);
                return 0;
        }
 
@@ -534,7 +607,7 @@ static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
 
        if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
                {
-               ENGINEerr(ENGINE_F_UBSEC_RSA_MOD_EXP, ENGINE_R_MISSING_KEY_COMPONENTS);
+               UBSECerr(UBSEC_F_UBSEC_RSA_MOD_EXP, UBSEC_R_MISSING_KEY_COMPONENTS);
                goto err;
                }
 
@@ -568,18 +641,18 @@ static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 
        /* Check if hardware can't handle this argument. */
        if (y_len > 1024) {
-               ENGINEerr(ENGINE_F_UBSEC_MOD_EXP, ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+               UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
                return 0;
        } 
 
        if (!bn_wexpand(r, p->top + q->top + 1)) {
-               ENGINEerr(ENGINE_F_UBSEC_RSA_MOD_EXP_CRT, ENGINE_R_BN_EXPAND_FAIL);
+               UBSECerr(UBSEC_F_UBSEC_RSA_MOD_EXP_CRT, UBSEC_R_BN_EXPAND_FAIL);
                return 0;
        }
 
        if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
                fd = 0;
-               ENGINEerr(ENGINE_F_UBSEC_INIT, ENGINE_R_UNIT_FAILURE);
+               UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
                return 0;
        }
 
@@ -591,7 +664,7 @@ static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                (unsigned char *)dq->d, BN_num_bits(dq),
                (unsigned char *)q->d, BN_num_bits(q),
                (unsigned char *)r->d,  &y_len) != 0) {
-               ENGINEerr(ENGINE_F_UBSEC_MOD_EXP, ENGINE_R_REQUEST_FAILED);
+               UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_REQUEST_FAILED);
                return 0;
        }
 
@@ -684,18 +757,18 @@ static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 
         if(!bn_wexpand(r, (160+BN_BITS2-1)/BN_BITS2) ||
                   (!bn_wexpand(s, (160+BN_BITS2-1)/BN_BITS2))) {
-               ENGINEerr(ENGINE_F_UBSEC_DSA_SIGN, ENGINE_R_BN_EXPAND_FAIL);
+               UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_BN_EXPAND_FAIL);
                goto err;
        }
 
        if (BN_bin2bn(dgst,dlen,&m) == NULL) {
-               ENGINEerr(ENGINE_F_UBSEC_DSA_SIGN, ENGINE_R_BN_EXPAND_FAIL);
+               UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_BN_EXPAND_FAIL);
                goto err;
        } 
 
        if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
                fd = 0;
-               ENGINEerr(ENGINE_F_UBSEC_INIT, ENGINE_R_UNIT_FAILURE);
+               UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
                return 0;
        }
 
@@ -708,7 +781,7 @@ static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
                (unsigned char *)dsa->priv_key->d, BN_num_bits(dsa->priv_key),
                (unsigned char *)r->d, &r_len,
                (unsigned char *)s->d, &s_len ) != 0) {
-               ENGINEerr(ENGINE_F_UBSEC_DSA_SIGN, ENGINE_R_REQUEST_FAILED);
+               UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_REQUEST_FAILED);
                goto err;
        }
 
@@ -719,7 +792,7 @@ static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 
        to_return = DSA_SIG_new();
        if(to_return == NULL) {
-               ENGINEerr(ENGINE_F_UBSEC_DSA_SIGN, ENGINE_R_BN_EXPAND_FAIL);
+               UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_BN_EXPAND_FAIL);
                goto err;
        }
 
@@ -746,7 +819,7 @@ static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len,
        BN_init(&v);
 
        if(!bn_wexpand(&v, dsa->p->top)) {
-               ENGINEerr(ENGINE_F_UBSEC_DSA_VERIFY ,ENGINE_R_BN_EXPAND_FAIL);
+               UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY ,UBSEC_R_BN_EXPAND_FAIL);
                goto err;
        }
 
@@ -756,7 +829,7 @@ static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len,
 
        if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
                fd = 0;
-               ENGINEerr(ENGINE_F_UBSEC_INIT, ENGINE_R_UNIT_FAILURE);
+               UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
                return 0;
        }
 
@@ -769,7 +842,7 @@ static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len,
                (unsigned char *)sig->r->d, BN_num_bits(sig->r),
                (unsigned char *)sig->s->d, BN_num_bits(sig->s),
                (unsigned char *)v.d, &v_len) != 0) {
-               ENGINEerr(ENGINE_F_UBSEC_DSA_VERIFY , ENGINE_R_REQUEST_FAILED);
+               UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY , UBSEC_R_REQUEST_FAILED);
                goto err;
        }
 
@@ -806,5 +879,20 @@ static int ubsec_rand_status(void)
        }
 #endif
 
+/* This stuff is needed if this ENGINE is being compiled into a self-contained
+ * shared-library. */
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_fn(ENGINE *e, const char *id)
+       {
+       if(id && (strcmp(id, engine_ubsec_id) != 0))
+               return 0;
+       if(!bind_helper(e))
+               return 0;
+       return 1;
+       }
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#endif /* ENGINE_DYNAMIC_SUPPORT */
+
 #endif /* !OPENSSL_NO_HW_UBSEC */
 #endif /* !OPENSSL_NO_HW */