Merge the engine branch into the main trunk. All conflicts resolved.
At the same time, add VMS support for Rijndael.
diff --git a/CHANGES b/CHANGES
index 2baa11c..eb4715d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,16 @@
Changes between 0.9.6 and 0.9.7 [xx XXX 2000]
+ *) Add VMS support for the Rijndael code
+ [Richard Levitte]
+
+ *) Added untested support for Nuron crypto accelerator.
+ [Ben Laurie]
+
+ *) Add support for external cryptographic devices. This code was
+ previously distributed separately as the "engine" branch.
+ [Geoff Thorpe, Richard Levitte]
+
*) Rework the filename-translation in the DSO code. It is now possible to
have far greater control over how a "name" is turned into a filename
depending on the operating environment and any oddities about the
diff --git a/Configure b/Configure
index 3ea55df..60fbf90 100755
--- a/Configure
+++ b/Configure
@@ -10,7 +10,7 @@
# see INSTALL for instructions.
-my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [rsaref] [no-threads] [no-asm] [no-dso] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [rsaref] [no-threads] [no-asm] [no-dso] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] os/compiler[:flags]\n";
# Options:
#
@@ -23,6 +23,11 @@
# default). This needn't be set in advance, you can
# just as well use "make INSTALL_PREFIX=/whatever install".
#
+# no-hw-xxx do not compile support for specific crypto hardware.
+# Generic OpenSSL-style methods relating to this support
+# are always compiled but return NULL if the hardware
+# support isn't compiled.
+# no-hw do not compile support for any crypto hardware.
# rsaref use RSAref
# [no-]threads [don't] try to create a library that is suitable for
# multithreaded applications (default is "threads" if we
@@ -490,6 +495,18 @@
$flags .= "-DNO_ASM ";
$openssl_other_defines .= "#define NO_ASM\n";
}
+ elsif (/^no-hw-(.+)$/)
+ {
+ my $hw=$1;
+ $hw =~ tr/[a-z]/[A-Z]/;
+ $flags .= "-DNO_HW_$hw ";
+ $openssl_other_defines .= "#define NO_HW_$hw\n";
+ }
+ elsif (/^no-hw$/)
+ {
+ $flags .= "-DNO_HW ";
+ $openssl_other_defines .= "#define NO_HW\n";
+ }
elsif (/^no-dso$/)
{ $no_dso=1; }
elsif (/^no-threads$/)
diff --git a/Makefile.org b/Makefile.org
index 7d93839..184fd76 100644
--- a/Makefile.org
+++ b/Makefile.org
@@ -161,7 +161,7 @@
SDIRS= \
md2 md4 md5 sha mdc2 hmac ripemd \
des rc2 rc4 rc5 idea bf cast \
- bn rsa dsa dh dso rijndael \
+ bn rsa dsa dh dso engine rijndael \
buffer bio stack lhash rand err objects \
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
diff --git a/STATUS b/STATUS
index e79e85e..20ea543 100644
--- a/STATUS
+++ b/STATUS
@@ -1,6 +1,6 @@
OpenSSL STATUS Last modified at
- ______________ $Date: 2000/10/23 14:36:18 $
+ ______________ $Date: 2000/10/26 21:07:27 $
DEVELOPMENT STATE
diff --git a/TABLE b/TABLE
index 5731d07..0066d06 100644
--- a/TABLE
+++ b/TABLE
@@ -130,7 +130,7 @@
$cc = gcc
$cflags = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall
$unistd =
-$thread_cflag = (unknown)
+$thread_cflag = -pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE
$lflags =
$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
$bn_obj = asm/bn86-elf.o asm/co86-elf.o
diff --git a/apps/Makefile.ssl b/apps/Makefile.ssl
index 31fe280..10b94e1 100644
--- a/apps/Makefile.ssl
+++ b/apps/Makefile.ssl
@@ -212,14 +212,15 @@
ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h
ca.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h
ca.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-ca.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-ca.o: ../include/openssl/evp.h ../include/openssl/idea.h
-ca.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-ca.o: ../include/openssl/md4.h ../include/openssl/md5.h
-ca.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-ca.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ca.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-ca.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ca.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+ca.o: ../include/openssl/err.h ../include/openssl/evp.h
+ca.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+ca.o: ../include/openssl/md2.h ../include/openssl/md4.h
+ca.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ca.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
ca.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
ca.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
ca.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
@@ -302,14 +303,15 @@
dgst.o: ../include/openssl/des.h ../include/openssl/dh.h
dgst.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
dgst.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-dgst.o: ../include/openssl/err.h ../include/openssl/evp.h
-dgst.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-dgst.o: ../include/openssl/md2.h ../include/openssl/md4.h
-dgst.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-dgst.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-dgst.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dgst.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-dgst.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+dgst.o: ../include/openssl/engine.h ../include/openssl/err.h
+dgst.o: ../include/openssl/evp.h ../include/openssl/idea.h
+dgst.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+dgst.o: ../include/openssl/md4.h ../include/openssl/md5.h
+dgst.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+dgst.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dgst.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dgst.o: ../include/openssl/rand.h ../include/openssl/rc2.h
dgst.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
dgst.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
dgst.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
@@ -322,14 +324,15 @@
dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
dh.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h
dh.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-dh.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-dh.o: ../include/openssl/evp.h ../include/openssl/idea.h
-dh.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-dh.o: ../include/openssl/md4.h ../include/openssl/md5.h
-dh.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-dh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-dh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dh.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+dh.o: ../include/openssl/err.h ../include/openssl/evp.h
+dh.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+dh.o: ../include/openssl/md2.h ../include/openssl/md4.h
+dh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+dh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+dh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+dh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
dh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
dh.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
dh.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
@@ -344,14 +347,15 @@
dsa.o: ../include/openssl/des.h ../include/openssl/dh.h
dsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
dsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-dsa.o: ../include/openssl/err.h ../include/openssl/evp.h
-dsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-dsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
-dsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-dsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-dsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-dsa.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+dsa.o: ../include/openssl/engine.h ../include/openssl/err.h
+dsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
+dsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+dsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
+dsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+dsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
dsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
dsa.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
dsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
@@ -365,14 +369,15 @@
dsaparam.o: ../include/openssl/des.h ../include/openssl/dh.h
dsaparam.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
dsaparam.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-dsaparam.o: ../include/openssl/err.h ../include/openssl/evp.h
-dsaparam.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-dsaparam.o: ../include/openssl/md2.h ../include/openssl/md4.h
-dsaparam.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-dsaparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-dsaparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dsaparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-dsaparam.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+dsaparam.o: ../include/openssl/engine.h ../include/openssl/err.h
+dsaparam.o: ../include/openssl/evp.h ../include/openssl/idea.h
+dsaparam.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+dsaparam.o: ../include/openssl/md4.h ../include/openssl/md5.h
+dsaparam.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+dsaparam.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dsaparam.o: ../include/openssl/rand.h ../include/openssl/rc2.h
dsaparam.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
dsaparam.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
dsaparam.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
@@ -386,21 +391,21 @@
enc.o: ../include/openssl/des.h ../include/openssl/dh.h
enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
enc.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-enc.o: ../include/openssl/err.h ../include/openssl/evp.h
-enc.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-enc.o: ../include/openssl/md2.h ../include/openssl/md4.h
-enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-enc.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-enc.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
-enc.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
-enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-enc.o: ../include/openssl/sha.h ../include/openssl/stack.h
-enc.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-enc.o: ../include/openssl/x509_vfy.h apps.h
+enc.o: ../include/openssl/engine.h ../include/openssl/err.h
+enc.o: ../include/openssl/evp.h ../include/openssl/idea.h
+enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+enc.o: ../include/openssl/md4.h ../include/openssl/md5.h
+enc.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+enc.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+enc.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
+enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
errstr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
errstr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
errstr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -432,21 +437,21 @@
gendh.o: ../include/openssl/des.h ../include/openssl/dh.h
gendh.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
gendh.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-gendh.o: ../include/openssl/err.h ../include/openssl/evp.h
-gendh.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-gendh.o: ../include/openssl/md2.h ../include/openssl/md4.h
-gendh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-gendh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-gendh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-gendh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-gendh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-gendh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-gendh.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
-gendh.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
-gendh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-gendh.o: ../include/openssl/sha.h ../include/openssl/stack.h
-gendh.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-gendh.o: ../include/openssl/x509_vfy.h apps.h
+gendh.o: ../include/openssl/engine.h ../include/openssl/err.h
+gendh.o: ../include/openssl/evp.h ../include/openssl/idea.h
+gendh.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+gendh.o: ../include/openssl/md4.h ../include/openssl/md5.h
+gendh.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+gendh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+gendh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+gendh.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+gendh.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+gendh.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
+gendh.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+gendh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
gendsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
gendsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
gendsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -454,14 +459,15 @@
gendsa.o: ../include/openssl/des.h ../include/openssl/dh.h
gendsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
gendsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h
-gendsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-gendsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
-gendsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-gendsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-gendsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-gendsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-gendsa.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+gendsa.o: ../include/openssl/engine.h ../include/openssl/err.h
+gendsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
+gendsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+gendsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
+gendsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+gendsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+gendsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+gendsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
gendsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
gendsa.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
gendsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
@@ -475,14 +481,15 @@
genrsa.o: ../include/openssl/des.h ../include/openssl/dh.h
genrsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
genrsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-genrsa.o: ../include/openssl/err.h ../include/openssl/evp.h
-genrsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-genrsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
-genrsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-genrsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-genrsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-genrsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-genrsa.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+genrsa.o: ../include/openssl/engine.h ../include/openssl/err.h
+genrsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
+genrsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+genrsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
+genrsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+genrsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+genrsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+genrsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
genrsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
genrsa.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
genrsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
@@ -563,14 +570,15 @@
pkcs12.o: ../include/openssl/des.h ../include/openssl/dh.h
pkcs12.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
pkcs12.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-pkcs12.o: ../include/openssl/err.h ../include/openssl/evp.h
-pkcs12.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-pkcs12.o: ../include/openssl/md2.h ../include/openssl/md4.h
-pkcs12.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-pkcs12.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-pkcs12.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-pkcs12.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-pkcs12.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
+pkcs12.o: ../include/openssl/engine.h ../include/openssl/err.h
+pkcs12.o: ../include/openssl/evp.h ../include/openssl/idea.h
+pkcs12.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+pkcs12.o: ../include/openssl/md4.h ../include/openssl/md5.h
+pkcs12.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+pkcs12.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
pkcs12.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
pkcs12.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
pkcs12.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
@@ -585,14 +593,15 @@
pkcs7.o: ../include/openssl/des.h ../include/openssl/dh.h
pkcs7.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
pkcs7.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-pkcs7.o: ../include/openssl/err.h ../include/openssl/evp.h
-pkcs7.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-pkcs7.o: ../include/openssl/md2.h ../include/openssl/md4.h
-pkcs7.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-pkcs7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-pkcs7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-pkcs7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-pkcs7.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+pkcs7.o: ../include/openssl/engine.h ../include/openssl/err.h
+pkcs7.o: ../include/openssl/evp.h ../include/openssl/idea.h
+pkcs7.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+pkcs7.o: ../include/openssl/md4.h ../include/openssl/md5.h
+pkcs7.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+pkcs7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+pkcs7.o: ../include/openssl/rand.h ../include/openssl/rc2.h
pkcs7.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
pkcs7.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
pkcs7.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
@@ -606,14 +615,15 @@
pkcs8.o: ../include/openssl/des.h ../include/openssl/dh.h
pkcs8.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
pkcs8.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-pkcs8.o: ../include/openssl/err.h ../include/openssl/evp.h
-pkcs8.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-pkcs8.o: ../include/openssl/md2.h ../include/openssl/md4.h
-pkcs8.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-pkcs8.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-pkcs8.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-pkcs8.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-pkcs8.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
+pkcs8.o: ../include/openssl/engine.h ../include/openssl/err.h
+pkcs8.o: ../include/openssl/evp.h ../include/openssl/idea.h
+pkcs8.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+pkcs8.o: ../include/openssl/md4.h ../include/openssl/md5.h
+pkcs8.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+pkcs8.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
pkcs8.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
pkcs8.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
pkcs8.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
@@ -628,20 +638,20 @@
rand.o: ../include/openssl/des.h ../include/openssl/dh.h
rand.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
rand.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-rand.o: ../include/openssl/err.h ../include/openssl/evp.h
-rand.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-rand.o: ../include/openssl/md2.h ../include/openssl/md4.h
-rand.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-rand.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-rand.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
-rand.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
-rand.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
-rand.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-rand.o: ../include/openssl/x509_vfy.h apps.h
+rand.o: ../include/openssl/engine.h ../include/openssl/err.h
+rand.o: ../include/openssl/evp.h ../include/openssl/idea.h
+rand.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+rand.o: ../include/openssl/md4.h ../include/openssl/md5.h
+rand.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+rand.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
+rand.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+rand.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+rand.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
+rand.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
req.o: ../include/openssl/asn1.h ../include/openssl/bio.h
req.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
req.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -649,14 +659,15 @@
req.o: ../include/openssl/des.h ../include/openssl/dh.h
req.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
req.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-req.o: ../include/openssl/err.h ../include/openssl/evp.h
-req.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-req.o: ../include/openssl/md2.h ../include/openssl/md4.h
-req.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-req.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-req.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-req.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+req.o: ../include/openssl/engine.h ../include/openssl/err.h
+req.o: ../include/openssl/evp.h ../include/openssl/idea.h
+req.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+req.o: ../include/openssl/md4.h ../include/openssl/md5.h
+req.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+req.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+req.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+req.o: ../include/openssl/rand.h ../include/openssl/rc2.h
req.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
req.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
req.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
@@ -671,14 +682,15 @@
rsa.o: ../include/openssl/des.h ../include/openssl/dh.h
rsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
rsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-rsa.o: ../include/openssl/err.h ../include/openssl/evp.h
-rsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-rsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
-rsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-rsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-rsa.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+rsa.o: ../include/openssl/engine.h ../include/openssl/err.h
+rsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
+rsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+rsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
+rsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+rsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+rsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
rsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
rsa.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
rsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
@@ -737,14 +749,15 @@
s_client.o: ../include/openssl/crypto.h ../include/openssl/des.h
s_client.o: ../include/openssl/dh.h ../include/openssl/dsa.h
s_client.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-s_client.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s_client.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s_client.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s_client.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s_client.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s_client.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s_client.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s_client.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_client.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+s_client.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_client.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+s_client.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s_client.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s_client.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_client.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
s_client.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
s_client.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
s_client.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
@@ -762,14 +775,15 @@
s_server.o: ../include/openssl/crypto.h ../include/openssl/des.h
s_server.o: ../include/openssl/dh.h ../include/openssl/dsa.h
s_server.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-s_server.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s_server.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s_server.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s_server.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s_server.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s_server.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s_server.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s_server.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_server.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+s_server.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_server.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+s_server.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s_server.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s_server.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_server.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
s_server.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
s_server.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
s_server.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
@@ -860,14 +874,15 @@
smime.o: ../include/openssl/des.h ../include/openssl/dh.h
smime.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
smime.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-smime.o: ../include/openssl/err.h ../include/openssl/evp.h
-smime.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-smime.o: ../include/openssl/md2.h ../include/openssl/md4.h
-smime.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-smime.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-smime.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-smime.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-smime.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+smime.o: ../include/openssl/engine.h ../include/openssl/err.h
+smime.o: ../include/openssl/evp.h ../include/openssl/idea.h
+smime.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+smime.o: ../include/openssl/md4.h ../include/openssl/md5.h
+smime.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+smime.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+smime.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+smime.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+smime.o: ../include/openssl/rand.h ../include/openssl/rc2.h
smime.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
smime.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
smime.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
@@ -881,21 +896,21 @@
speed.o: ../include/openssl/des.h ../include/openssl/dh.h
speed.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
speed.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-speed.o: ../include/openssl/err.h ../include/openssl/evp.h
-speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h
-speed.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-speed.o: ../include/openssl/md4.h ../include/openssl/md5.h
-speed.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-speed.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-speed.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
-speed.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-speed.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-speed.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
-speed.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-speed.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-speed.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ./testdsa.h
-speed.o: ./testrsa.h apps.h
+speed.o: ../include/openssl/engine.h ../include/openssl/err.h
+speed.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+speed.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+speed.o: ../include/openssl/md2.h ../include/openssl/md4.h
+speed.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+speed.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+speed.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
+speed.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
+speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
+speed.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+speed.o: ../include/openssl/x509_vfy.h ./testdsa.h ./testrsa.h apps.h
spkac.o: ../include/openssl/asn1.h ../include/openssl/bio.h
spkac.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
spkac.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -903,14 +918,15 @@
spkac.o: ../include/openssl/des.h ../include/openssl/dh.h
spkac.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
spkac.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-spkac.o: ../include/openssl/err.h ../include/openssl/evp.h
-spkac.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-spkac.o: ../include/openssl/md2.h ../include/openssl/md4.h
-spkac.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-spkac.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-spkac.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-spkac.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-spkac.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+spkac.o: ../include/openssl/engine.h ../include/openssl/err.h
+spkac.o: ../include/openssl/evp.h ../include/openssl/idea.h
+spkac.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+spkac.o: ../include/openssl/md4.h ../include/openssl/md5.h
+spkac.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+spkac.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+spkac.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+spkac.o: ../include/openssl/rand.h ../include/openssl/rc2.h
spkac.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
spkac.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
spkac.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
@@ -924,14 +940,15 @@
verify.o: ../include/openssl/des.h ../include/openssl/dh.h
verify.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
verify.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-verify.o: ../include/openssl/err.h ../include/openssl/evp.h
-verify.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-verify.o: ../include/openssl/md2.h ../include/openssl/md4.h
-verify.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-verify.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-verify.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-verify.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-verify.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+verify.o: ../include/openssl/engine.h ../include/openssl/err.h
+verify.o: ../include/openssl/evp.h ../include/openssl/idea.h
+verify.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+verify.o: ../include/openssl/md4.h ../include/openssl/md5.h
+verify.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+verify.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+verify.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+verify.o: ../include/openssl/rand.h ../include/openssl/rc2.h
verify.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
verify.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
verify.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
@@ -966,14 +983,15 @@
x509.o: ../include/openssl/des.h ../include/openssl/dh.h
x509.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
x509.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-x509.o: ../include/openssl/err.h ../include/openssl/evp.h
-x509.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-x509.o: ../include/openssl/md2.h ../include/openssl/md4.h
-x509.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-x509.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-x509.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-x509.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-x509.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+x509.o: ../include/openssl/engine.h ../include/openssl/err.h
+x509.o: ../include/openssl/evp.h ../include/openssl/idea.h
+x509.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+x509.o: ../include/openssl/md4.h ../include/openssl/md5.h
+x509.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+x509.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+x509.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+x509.o: ../include/openssl/rand.h ../include/openssl/rc2.h
x509.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
x509.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
x509.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
diff --git a/apps/apps.c b/apps/apps.c
index 03bd9e2..0190d71 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -178,6 +178,8 @@
|| (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0)
|| (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0))
return(FORMAT_PKCS12);
+ else if ((*s == 'E') || (*s == 'e'))
+ return(FORMAT_ENGINE);
else
return(FORMAT_UNDEF);
}
diff --git a/apps/apps.h b/apps/apps.h
index 0951299..7a834f9 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -163,6 +163,7 @@
#define FORMAT_NETSCAPE 4
#define FORMAT_PKCS12 5
#define FORMAT_SMIME 6
+#define FORMAT_ENGINE 7
#define NETSCAPE_CERT_HDR "certificate"
diff --git a/apps/ca.c b/apps/ca.c
index 2d71104..2ab0c4d 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -74,6 +74,7 @@
#include <openssl/x509v3.h>
#include <openssl/objects.h>
#include <openssl/pem.h>
+#include <openssl/engine.h>
#ifndef W_OK
# ifdef VMS
@@ -167,6 +168,7 @@
" -revoke file - Revoke a certificate (given in file)\n",
" -extensions .. - Extension section (override value in config file)\n",
" -crlexts .. - CRL extension section (override value in config file)\n",
+" -engine e - use engine e, possibly a hardware device.\n",
NULL
};
@@ -216,6 +218,7 @@
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
char *key=NULL,*passargin=NULL;
int total=0;
int total_done=0;
@@ -268,6 +271,7 @@
#define BSIZE 256
MS_STATIC char buf[3][BSIZE];
char *randfile=NULL;
+ char *engine = NULL;
#ifdef EFENCE
EF_PROTECT_FREE=1;
@@ -419,6 +423,11 @@
if (--argc < 1) goto bad;
crl_ext= *(++argv);
}
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
else
{
bad:
@@ -439,6 +448,24 @@
ERR_load_crypto_strings();
+ if (engine != NULL)
+ {
+ if((e = ENGINE_by_id(engine)) == NULL)
+ {
+ BIO_printf(bio_err,"invalid engine \"%s\"\n",
+ engine);
+ goto err;
+ }
+ if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+ {
+ BIO_printf(bio_err,"can't use that engine\n");
+ goto err;
+ }
+ BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+ /* Free our "structural" reference. */
+ ENGINE_free(e);
+ }
+
/*****************************************************************/
if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
if (configfile == NULL) configfile = getenv("SSLEAY_CONF");
diff --git a/apps/dgst.c b/apps/dgst.c
index 0e93c97..ab3e2db 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -66,6 +66,7 @@
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
+#include <openssl/engine.h>
#undef BUFSIZE
#define BUFSIZE 1024*8
@@ -80,6 +81,7 @@
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
unsigned char *buf=NULL;
int i,err=0;
const EVP_MD *md=NULL,*m;
@@ -97,6 +99,7 @@
EVP_PKEY *sigkey = NULL;
unsigned char *sigbuf = NULL;
int siglen = 0;
+ char *engine=NULL;
apps_startup();
@@ -154,6 +157,11 @@
if (--argc < 1) break;
sigfile=*(++argv);
}
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) break;
+ engine= *(++argv);
+ }
else if (strcmp(*argv,"-hex") == 0)
out_bin = 0;
else if (strcmp(*argv,"-binary") == 0)
@@ -190,6 +198,7 @@
BIO_printf(bio_err,"-prverify file verify a signature using private key in file\n");
BIO_printf(bio_err,"-signature file signature to verify\n");
BIO_printf(bio_err,"-binary output in binary form\n");
+ BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n");
BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n",
LN_md5,LN_md5);
@@ -209,6 +218,24 @@
goto end;
}
+ if (engine != NULL)
+ {
+ if((e = ENGINE_by_id(engine)) == NULL)
+ {
+ BIO_printf(bio_err,"invalid engine \"%s\"\n",
+ engine);
+ goto end;
+ }
+ if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+ {
+ BIO_printf(bio_err,"can't use that engine\n");
+ goto end;
+ }
+ BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+ /* Free our "structural" reference. */
+ ENGINE_free(e);
+ }
+
in=BIO_new(BIO_s_file());
bmd=BIO_new(BIO_f_md());
if (debug)
diff --git a/apps/dh.c b/apps/dh.c
index 7465442..229ba2f 100644
--- a/apps/dh.c
+++ b/apps/dh.c
@@ -69,6 +69,7 @@
#include <openssl/dh.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
+#include <openssl/engine.h>
#undef PROG
#define PROG dh_main
@@ -87,11 +88,12 @@
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
DH *dh=NULL;
int i,badops=0,text=0;
BIO *in=NULL,*out=NULL;
int informat,outformat,check=0,noout=0,C=0,ret=1;
- char *infile,*outfile,*prog;
+ char *infile,*outfile,*prog,*engine;
apps_startup();
@@ -99,6 +101,7 @@
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+ engine=NULL;
infile=NULL;
outfile=NULL;
informat=FORMAT_PEM;
@@ -129,6 +132,11 @@
if (--argc < 1) goto bad;
outfile= *(++argv);
}
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
else if (strcmp(*argv,"-check") == 0)
check=1;
else if (strcmp(*argv,"-text") == 0)
@@ -160,11 +168,30 @@
BIO_printf(bio_err," -text print a text form of the DH parameters\n");
BIO_printf(bio_err," -C Output C code\n");
BIO_printf(bio_err," -noout no output\n");
+ BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
goto end;
}
ERR_load_crypto_strings();
+ if (engine != NULL)
+ {
+ if((e = ENGINE_by_id(engine)) == NULL)
+ {
+ BIO_printf(bio_err,"invalid engine \"%s\"\n",
+ engine);
+ goto end;
+ }
+ if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+ {
+ BIO_printf(bio_err,"can't use that engine\n");
+ goto end;
+ }
+ BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+ /* Free our "structural" reference. */
+ ENGINE_free(e);
+ }
+
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL))
diff --git a/apps/dhparam.c b/apps/dhparam.c
index 5f9b601..9d5705f 100644
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -121,6 +121,7 @@
#include <openssl/dh.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
+#include <openssl/engine.h>
#ifndef NO_DSA
#include <openssl/dsa.h>
@@ -148,6 +149,7 @@
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
DH *dh=NULL;
int i,badops=0,text=0;
#ifndef NO_DSA
@@ -156,7 +158,7 @@
BIO *in=NULL,*out=NULL;
int informat,outformat,check=0,noout=0,C=0,ret=1;
char *infile,*outfile,*prog;
- char *inrand=NULL;
+ char *inrand=NULL,*engine=NULL;
int num = 0, g = 0;
apps_startup();
@@ -195,6 +197,11 @@
if (--argc < 1) goto bad;
outfile= *(++argv);
}
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
else if (strcmp(*argv,"-check") == 0)
check=1;
else if (strcmp(*argv,"-text") == 0)
@@ -240,6 +247,7 @@
BIO_printf(bio_err," -2 generate parameters using 2 as the generator value\n");
BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n");
BIO_printf(bio_err," numbits number of bits in to generate (default 512)\n");
+ BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
@@ -249,6 +257,24 @@
ERR_load_crypto_strings();
+ if (engine != NULL)
+ {
+ if((e = ENGINE_by_id(engine)) == NULL)
+ {
+ BIO_printf(bio_err,"invalid engine \"%s\"\n",
+ engine);
+ goto end;
+ }
+ if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+ {
+ BIO_printf(bio_err,"can't use that engine\n");
+ goto end;
+ }
+ BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+ /* Free our "structural" reference. */
+ ENGINE_free(e);
+ }
+
if (g && !num)
num = DEFBITS;
diff --git a/apps/dsa.c b/apps/dsa.c
index 7c4a46f..49ca900 100644
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -68,6 +68,7 @@
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
+#include <openssl/engine.h>
#undef PROG
#define PROG dsa_main
@@ -87,6 +88,7 @@
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
int ret=1;
DSA *dsa=NULL;
int i,badops=0;
@@ -94,7 +96,7 @@
BIO *in=NULL,*out=NULL;
int informat,outformat,text=0,noout=0;
int pubin = 0, pubout = 0;
- char *infile,*outfile,*prog;
+ char *infile,*outfile,*prog,*engine;
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
int modulus=0;
@@ -105,6 +107,7 @@
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+ engine=NULL;
infile=NULL;
outfile=NULL;
informat=FORMAT_PEM;
@@ -145,6 +148,11 @@
if (--argc < 1) goto bad;
passargout= *(++argv);
}
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
else if (strcmp(*argv,"-noout") == 0)
noout=1;
else if (strcmp(*argv,"-text") == 0)
@@ -176,6 +184,7 @@
BIO_printf(bio_err," -passin arg input file pass phrase source\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -passout arg output file pass phrase source\n");
+ BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
#ifndef NO_IDEA
@@ -189,6 +198,24 @@
ERR_load_crypto_strings();
+ if (engine != NULL)
+ {
+ if((e = ENGINE_by_id(engine)) == NULL)
+ {
+ BIO_printf(bio_err,"invalid engine \"%s\"\n",
+ engine);
+ goto end;
+ }
+ if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+ {
+ BIO_printf(bio_err,"can't use that engine\n");
+ goto end;
+ }
+ BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+ /* Free our "structural" reference. */
+ ENGINE_free(e);
+ }
+
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index f861ec7..5177916 100644
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -69,6 +69,7 @@
#include <openssl/dsa.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
+#include <openssl/engine.h>
#undef PROG
#define PROG dsaparam_main
@@ -90,6 +91,7 @@
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
DSA *dsa=NULL;
int i,badops=0,text=0;
BIO *in=NULL,*out=NULL;
@@ -97,6 +99,7 @@
char *infile,*outfile,*prog,*inrand=NULL;
int numbits= -1,num,genkey=0;
int need_rand=0;
+ char *engine=NULL;
apps_startup();
@@ -134,6 +137,11 @@
if (--argc < 1) goto bad;
outfile= *(++argv);
}
+ else if(strcmp(*argv, "-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine = *(++argv);
+ }
else if (strcmp(*argv,"-text") == 0)
text=1;
else if (strcmp(*argv,"-C") == 0)
@@ -180,6 +188,7 @@
BIO_printf(bio_err," -C Output C code\n");
BIO_printf(bio_err," -noout no output\n");
BIO_printf(bio_err," -rand files to use for random number input\n");
+ BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
BIO_printf(bio_err," number number of bits to use for generating private key\n");
goto end;
}
@@ -223,6 +232,24 @@
}
}
+ if (engine != NULL)
+ {
+ if((e = ENGINE_by_id(engine)) == NULL)
+ {
+ BIO_printf(bio_err,"invalid engine \"%s\"\n",
+ engine);
+ goto end;
+ }
+ if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+ {
+ BIO_printf(bio_err,"can't use that engine\n");
+ goto end;
+ }
+ BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+ /* Free our "structural" reference. */
+ ENGINE_free(e);
+ }
+
if (need_rand)
{
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
diff --git a/apps/enc.c b/apps/enc.c
index 14b82d5..84179f5 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -70,6 +70,7 @@
#include <openssl/md5.h>
#endif
#include <openssl/pem.h>
+#include <openssl/engine.h>
int set_hex(char *in,unsigned char *out,int size);
#undef SIZE
@@ -84,6 +85,7 @@
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
static const char magic[]="Salted__";
char mbuf[8]; /* should be 1 smaller than magic */
char *strbuf=NULL;
@@ -101,6 +103,7 @@
BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
#define PROG_NAME_SIZE 16
char pname[PROG_NAME_SIZE];
+ char *engine = NULL;
apps_startup();
@@ -141,6 +144,11 @@
if (--argc < 1) goto bad;
passarg= *(++argv);
}
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
else if (strcmp(*argv,"-d") == 0)
enc=0;
else if (strcmp(*argv,"-p") == 0)
@@ -241,6 +249,7 @@
BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
+ BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");
BIO_printf(bio_err,"Cipher Types\n");
BIO_printf(bio_err,"des : 56 bit key DES encryption\n");
@@ -319,6 +328,24 @@
argv++;
}
+ if (engine != NULL)
+ {
+ if((e = ENGINE_by_id(engine)) == NULL)
+ {
+ BIO_printf(bio_err,"invalid engine \"%s\"\n",
+ engine);
+ goto end;
+ }
+ if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+ {
+ BIO_printf(bio_err,"can't use that engine\n");
+ goto end;
+ }
+ BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+ /* Free our "structural" reference. */
+ ENGINE_free(e);
+ }
+
if (bufsize != NULL)
{
unsigned long n;
diff --git a/apps/gendh.c b/apps/gendh.c
index e0c7889..e81109e 100644
--- a/apps/gendh.c
+++ b/apps/gendh.c
@@ -70,6 +70,7 @@
#include <openssl/dh.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
+#include <openssl/engine.h>
#define DEFBITS 512
#undef PROG
@@ -81,11 +82,13 @@
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
DH *dh=NULL;
int ret=1,num=DEFBITS;
int g=2;
char *outfile=NULL;
char *inrand=NULL;
+ char *engine=NULL;
BIO *out=NULL;
apps_startup();
@@ -110,6 +113,11 @@
g=3; */
else if (strcmp(*argv,"-5") == 0)
g=5;
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
@@ -125,15 +133,34 @@
bad:
BIO_printf(bio_err,"usage: gendh [args] [numbits]\n");
BIO_printf(bio_err," -out file - output the key to 'file\n");
- BIO_printf(bio_err," -2 use 2 as the generator value\n");
- /* BIO_printf(bio_err," -3 use 3 as the generator value\n"); */
- BIO_printf(bio_err," -5 use 5 as the generator value\n");
+ BIO_printf(bio_err," -2 - use 2 as the generator value\n");
+ /* BIO_printf(bio_err," -3 - use 3 as the generator value\n"); */
+ BIO_printf(bio_err," -5 - use 5 as the generator value\n");
+ BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
goto end;
}
+ if (engine != NULL)
+ {
+ if((e = ENGINE_by_id(engine)) == NULL)
+ {
+ BIO_printf(bio_err,"invalid engine \"%s\"\n",
+ engine);
+ goto end;
+ }
+ if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+ {
+ BIO_printf(bio_err,"can't use that engine\n");
+ goto end;
+ }
+ BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+ /* Free our "structural" reference. */
+ ENGINE_free(e);
+ }
+
out=BIO_new(BIO_s_file());
if (out == NULL)
{
diff --git a/apps/gendsa.c b/apps/gendsa.c
index 6022d8f..1c0ec37 100644
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -68,6 +68,7 @@
#include <openssl/dsa.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
+#include <openssl/engine.h>
#define DEFBITS 512
#undef PROG
@@ -77,6 +78,7 @@
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
DSA *dsa=NULL;
int ret=1;
char *outfile=NULL;
@@ -84,6 +86,7 @@
char *passargout = NULL, *passout = NULL;
BIO *out=NULL,*in=NULL;
EVP_CIPHER *enc=NULL;
+ char *engine=NULL;
apps_startup();
@@ -106,6 +109,11 @@
if (--argc < 1) goto bad;
passargout= *(++argv);
}
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
@@ -145,6 +153,7 @@
#ifndef NO_IDEA
BIO_printf(bio_err," -idea - encrypt the generated key with IDEA in cbc mode\n");
#endif
+ BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
@@ -153,6 +162,24 @@
goto end;
}
+ if (engine != NULL)
+ {
+ if((e = ENGINE_by_id(engine)) == NULL)
+ {
+ BIO_printf(bio_err,"invalid engine \"%s\"\n",
+ engine);
+ goto end;
+ }
+ if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+ {
+ BIO_printf(bio_err,"can't use that engine\n");
+ goto end;
+ }
+ BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+ /* Free our "structural" reference. */
+ ENGINE_free(e);
+ }
+
if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
diff --git a/apps/genrsa.c b/apps/genrsa.c
index ac0b709..e7445e6 100644
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -69,6 +69,7 @@
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
+#include <openssl/engine.h>
#define DEFBITS 512
#undef PROG
@@ -80,6 +81,7 @@
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
int ret=1;
RSA *rsa=NULL;
int i,num=DEFBITS;
@@ -88,6 +90,7 @@
unsigned long f4=RSA_F4;
char *outfile=NULL;
char *passargout = NULL, *passout = NULL;
+ char *engine=NULL;
char *inrand=NULL;
BIO *out=NULL;
@@ -116,6 +119,11 @@
f4=3;
else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
f4=RSA_F4;
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
@@ -154,6 +162,7 @@
BIO_printf(bio_err," -passout arg output file pass phrase source\n");
BIO_printf(bio_err," -f4 use F4 (0x10001) for the E value\n");
BIO_printf(bio_err," -3 use 3 for the E value\n");
+ BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
@@ -167,6 +176,24 @@
goto err;
}
+ if (engine != NULL)
+ {
+ if((e = ENGINE_by_id(engine)) == NULL)
+ {
+ BIO_printf(bio_err,"invalid engine \"%s\"\n",
+ engine);
+ goto err;
+ }
+ if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+ {
+ BIO_printf(bio_err,"can't use that engine\n");
+ goto err;
+ }
+ BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+ /* Free our "structural" reference. */
+ ENGINE_free(e);
+ }
+
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
@@ -186,7 +213,8 @@
}
}
- if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
+ if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
+ && !RAND_status())
{
BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
}
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 6789169..365a8ad 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -66,6 +66,7 @@
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/pkcs12.h>
+#include <openssl/engine.h>
#define PROG pkcs12_main
@@ -92,6 +93,7 @@
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
char *infile=NULL, *outfile=NULL, *keyname = NULL;
char *certfile=NULL;
BIO *in=NULL, *out = NULL, *inkey = NULL, *certsin = NULL;
@@ -118,6 +120,7 @@
char *passin = NULL, *passout = NULL;
char *inrand = NULL;
char *CApath = NULL, *CAfile = NULL;
+ char *engine=NULL;
apps_startup();
@@ -236,6 +239,11 @@
args++;
CAfile = *args;
} else badarg = 1;
+ } else if (!strcmp(*args,"-engine")) {
+ if (args[1]) {
+ args++;
+ engine = *args;
+ } else badarg = 1;
} else badarg = 1;
} else badarg = 1;
@@ -279,12 +287,27 @@
BIO_printf (bio_err, "-password p set import/export password source\n");
BIO_printf (bio_err, "-passin p input file pass phrase source\n");
BIO_printf (bio_err, "-passout p output file pass phrase source\n");
+ BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n");
BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n");
goto end;
}
+ if (engine != NULL) {
+ if((e = ENGINE_by_id(engine)) == NULL) {
+ BIO_printf(bio_err,"invalid engine \"%s\"\n", engine);
+ goto end;
+ }
+ if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
+ BIO_printf(bio_err,"can't use that engine\n");
+ goto end;
+ }
+ BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+ /* Free our "structural" reference. */
+ ENGINE_free(e);
+ }
+
if(passarg) {
if(export_cert) passargout = passarg;
else passargin = passarg;
diff --git a/apps/pkcs7.c b/apps/pkcs7.c
index 0af2690..b348da2 100644
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@@ -67,6 +67,7 @@
#include <openssl/x509.h>
#include <openssl/pkcs7.h>
#include <openssl/pem.h>
+#include <openssl/engine.h>
#undef PROG
#define PROG pkcs7_main
@@ -82,6 +83,7 @@
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
PKCS7 *p7=NULL;
int i,badops=0;
BIO *in=NULL,*out=NULL;
@@ -89,6 +91,7 @@
char *infile,*outfile,*prog;
int print_certs=0,text=0,noout=0;
int ret=0;
+ char *engine=NULL;
apps_startup();
@@ -132,6 +135,11 @@
text=1;
else if (strcmp(*argv,"-print_certs") == 0)
print_certs=1;
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -154,11 +162,30 @@
BIO_printf(bio_err," -print_certs print any certs or crl in the input\n");
BIO_printf(bio_err," -text print full details of certificates\n");
BIO_printf(bio_err," -noout don't output encoded data\n");
+ BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
EXIT(1);
}
ERR_load_crypto_strings();
+ if (engine != NULL)
+ {
+ if((e = ENGINE_by_id(engine)) == NULL)
+ {
+ BIO_printf(bio_err,"invalid engine \"%s\"\n",
+ engine);
+ goto end;
+ }
+ if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+ {
+ BIO_printf(bio_err,"can't use that engine\n");
+ goto end;
+ }
+ BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+ /* Free our "structural" reference. */
+ ENGINE_free(e);
+ }
+
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL))
diff --git a/apps/pkcs8.c b/apps/pkcs8.c
index 7b588e4..bd1697a 100644
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -62,6 +62,7 @@
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/pkcs12.h>
+#include <openssl/engine.h>
#include "apps.h"
#define PROG pkcs8_main
@@ -70,6 +71,7 @@
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
char **args, *infile = NULL, *outfile = NULL;
char *passargin = NULL, *passargout = NULL;
BIO *in = NULL, *out = NULL;
@@ -85,9 +87,13 @@
EVP_PKEY *pkey;
char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
int badarg = 0;
+ char *engine=NULL;
+
if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
+
informat=FORMAT_PEM;
outformat=FORMAT_PEM;
+
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
args = argv + 1;
@@ -138,6 +144,11 @@
if (!args[1]) goto bad;
passargout= *(++args);
}
+ else if (strcmp(*args,"-engine") == 0)
+ {
+ if (!args[1]) goto bad;
+ engine= *(++args);
+ }
else if (!strcmp (*args, "-in")) {
if (args[1]) {
args++;
@@ -170,9 +181,28 @@
BIO_printf(bio_err, "-nocrypt use or expect unencrypted private key\n");
BIO_printf(bio_err, "-v2 alg use PKCS#5 v2.0 and cipher \"alg\"\n");
BIO_printf(bio_err, "-v1 obj use PKCS#5 v1.5 and cipher \"alg\"\n");
+ BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
return (1);
}
+ if (engine != NULL)
+ {
+ if((e = ENGINE_by_id(engine)) == NULL)
+ {
+ BIO_printf(bio_err,"invalid engine \"%s\"\n",
+ engine);
+ return (1);
+ }
+ if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+ {
+ BIO_printf(bio_err,"can't use that engine\n");
+ return (1);
+ }
+ BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+ /* Free our "structural" reference. */
+ ENGINE_free(e);
+ }
+
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
return (1);
diff --git a/apps/rand.c b/apps/rand.c
index 04764d7..6add7bb 100644
--- a/apps/rand.c
+++ b/apps/rand.c
@@ -9,6 +9,7 @@
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/rand.h>
+#include <openssl/engine.h>
#undef PROG
#define PROG rand_main
@@ -23,6 +24,7 @@
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
int i, r, ret = 1;
int badopt;
char *outfile = NULL;
@@ -30,6 +32,7 @@
int base64 = 0;
BIO *out = NULL;
int num = -1;
+ char *engine=NULL;
apps_startup();
@@ -48,6 +51,13 @@
else
badopt = 1;
}
+ if (strcmp(argv[i], "-engine") == 0)
+ {
+ if ((argv[i+1] != NULL) && (engine == NULL))
+ engine = argv[++i];
+ else
+ badopt = 1;
+ }
else if (strcmp(argv[i], "-rand") == 0)
{
if ((argv[i+1] != NULL) && (inrand == NULL))
@@ -84,12 +94,31 @@
{
BIO_printf(bio_err, "Usage: rand [options] num\n");
BIO_printf(bio_err, "where options are\n");
- BIO_printf(bio_err, "-out file - write to file\n");
- BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
- BIO_printf(bio_err, "-base64 - encode output\n");
+ BIO_printf(bio_err, "-out file - write to file\n");
+ BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
+ BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+ BIO_printf(bio_err, "-base64 - encode output\n");
goto err;
}
+ if (engine != NULL)
+ {
+ if((e = ENGINE_by_id(engine)) == NULL)
+ {
+ BIO_printf(bio_err,"invalid engine \"%s\"\n",
+ engine);
+ goto err;
+ }
+ if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+ {
+ BIO_printf(bio_err,"can't use that engine\n");
+ goto err;
+ }
+ BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+ /* Free our "structural" reference. */
+ ENGINE_free(e);
+ }
+
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
diff --git a/apps/req.c b/apps/req.c
index 4d707e8..7f9abed 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -73,6 +73,7 @@
#include <openssl/x509v3.h>
#include <openssl/objects.h>
#include <openssl/pem.h>
+#include <openssl/engine.h>
#define SECTION "req"
@@ -140,6 +141,7 @@
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
#ifndef NO_DSA
DSA *dsa_params=NULL;
#endif
@@ -153,6 +155,7 @@
int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
int nodes=0,kludge=0,newhdr=0,subject=0;
char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
+ char *engine=NULL;
char *extensions = NULL;
char *req_exts = NULL;
EVP_CIPHER *cipher=NULL;
@@ -196,6 +199,11 @@
if (--argc < 1) goto bad;
outformat=str2fmt(*(++argv));
}
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
else if (strcmp(*argv,"-key") == 0)
{
if (--argc < 1) goto bad;
@@ -383,6 +391,7 @@
BIO_printf(bio_err," -verify verify signature on REQ\n");
BIO_printf(bio_err," -modulus RSA modulus\n");
BIO_printf(bio_err," -nodes don't encrypt the output key\n");
+ BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
BIO_printf(bio_err," -key file use the private key contained in file\n");
BIO_printf(bio_err," -keyform arg key file format\n");
BIO_printf(bio_err," -keyout arg file to send the key to\n");
@@ -530,24 +539,55 @@
if ((in == NULL) || (out == NULL))
goto end;
- if (keyfile != NULL)
+ if (engine != NULL)
{
- if (BIO_read_filename(in,keyfile) <= 0)
+ if((e = ENGINE_by_id(engine)) == NULL)
{
- perror(keyfile);
+ BIO_printf(bio_err,"invalid engine \"%s\"\n",
+ engine);
goto end;
}
-
- if (keyform == FORMAT_ASN1)
- pkey=d2i_PrivateKey_bio(in,NULL);
- else if (keyform == FORMAT_PEM)
+ if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
- pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,passin);
+ BIO_printf(bio_err,"can't use that engine\n");
+ goto end;
+ }
+ BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+ /* Free our "structural" reference. */
+ ENGINE_free(e);
+ }
+
+ if (keyfile != NULL)
+ {
+ if (keyform == FORMAT_ENGINE)
+ {
+ if (!e)
+ {
+ BIO_printf(bio_err,"no engine specified\n");
+ goto end;
+ }
+ pkey = ENGINE_load_private_key(e, keyfile, NULL);
}
else
{
- BIO_printf(bio_err,"bad input format specified for X509 request\n");
- goto end;
+ if (BIO_read_filename(in,keyfile) <= 0)
+ {
+ perror(keyfile);
+ goto end;
+ }
+
+ if (keyform == FORMAT_ASN1)
+ pkey=d2i_PrivateKey_bio(in,NULL);
+ else if (keyform == FORMAT_PEM)
+ {
+ pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,
+ passin);
+ }
+ else
+ {
+ BIO_printf(bio_err,"bad input format specified for X509 request\n");
+ goto end;
+ }
}
if (pkey == NULL)
diff --git a/apps/rsa.c b/apps/rsa.c
index b4b0651..700df42 100644
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -68,6 +68,7 @@
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
+#include <openssl/engine.h>
#undef PROG
#define PROG rsa_main
@@ -90,6 +91,7 @@
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
int ret=1;
RSA *rsa=NULL;
int i,badops=0, sgckey=0;
@@ -100,6 +102,7 @@
char *infile,*outfile,*prog;
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
+ char *engine=NULL;
int modulus=0;
apps_startup();
@@ -148,6 +151,11 @@
if (--argc < 1) goto bad;
passargout= *(++argv);
}
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
else if (strcmp(*argv,"-sgckey") == 0)
sgckey=1;
else if (strcmp(*argv,"-pubin") == 0)
@@ -195,11 +203,30 @@
BIO_printf(bio_err," -check verify key consistency\n");
BIO_printf(bio_err," -pubin expect a public key in input file\n");
BIO_printf(bio_err," -pubout output a public key\n");
+ BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
goto end;
}
ERR_load_crypto_strings();
+ if (engine != NULL)
+ {
+ if((e = ENGINE_by_id(engine)) == NULL)
+ {
+ BIO_printf(bio_err,"invalid engine \"%s\"\n",
+ engine);
+ goto end;
+ }
+ if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+ {
+ BIO_printf(bio_err,"can't use that engine\n");
+ goto end;
+ }
+ BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+ /* Free our "structural" reference. */
+ ENGINE_free(e);
+ }
+
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
@@ -319,14 +346,14 @@
BIO_printf(out,"RSA key ok\n");
else if (r == 0)
{
- long e;
+ long err;
- while ((e = ERR_peek_error()) != 0 &&
- ERR_GET_LIB(e) == ERR_LIB_RSA &&
- ERR_GET_FUNC(e) == RSA_F_RSA_CHECK_KEY &&
- ERR_GET_REASON(e) != ERR_R_MALLOC_FAILURE)
+ while ((err = ERR_peek_error()) != 0 &&
+ ERR_GET_LIB(err) == ERR_LIB_RSA &&
+ ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY &&
+ ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE)
{
- BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(e));
+ BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(err));
ERR_get_error(); /* remove e from error stack */
}
}
diff --git a/apps/s_client.c b/apps/s_client.c
index c935317..45d627a 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -79,6 +79,7 @@
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/pem.h>
+#include <openssl/engine.h>
#include "s_apps.h"
#ifdef WINDOWS
@@ -152,6 +153,7 @@
BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n");
BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'openssl ciphers'\n");
BIO_printf(bio_err," command to see what is available\n");
+ BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
}
@@ -179,6 +181,8 @@
int prexit = 0;
SSL_METHOD *meth=NULL;
BIO *sbio;
+ char *engine_id=NULL;
+ ENGINE *e=NULL;
#ifdef WINDOWS
struct timeval tv;
#endif
@@ -316,6 +320,11 @@
else if (strcmp(*argv,"-nbio") == 0)
{ c_nbio=1; }
#endif
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine_id = *(++argv);
+ }
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -349,6 +358,30 @@
OpenSSL_add_ssl_algorithms();
SSL_load_error_strings();
+
+ if (engine_id != NULL)
+ {
+ if((e = ENGINE_by_id(engine_id)) == NULL)
+ {
+ BIO_printf(bio_err,"invalid engine\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if (c_debug)
+ {
+ ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
+ 0, bio_err, 0);
+ }
+ if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+ {
+ BIO_printf(bio_err,"can't use that engine\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ BIO_printf(bio_err,"engine \"%s\" set.\n", engine_id);
+ ENGINE_free(e);
+ }
+
ctx=SSL_CTX_new(meth);
if (ctx == NULL)
{
diff --git a/apps/s_server.c b/apps/s_server.c
index b593283..61a77df 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -83,6 +83,7 @@
#include <openssl/pem.h>
#include <openssl/x509.h>
#include <openssl/ssl.h>
+#include <openssl/engine.h>
#include "s_apps.h"
#ifdef WINDOWS
@@ -176,6 +177,7 @@
static int s_quiet=0;
static int hack=0;
+static char *engine_id=NULL;
#ifdef MONOLITH
static void s_server_init(void)
@@ -198,6 +200,7 @@
s_debug=0;
s_quiet=0;
hack=0;
+ engine_id=NULL;
}
#endif
@@ -242,6 +245,7 @@
BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n");
BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n");
BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
+ BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
}
static int local_argc=0;
@@ -411,6 +415,7 @@
int no_tmp_rsa=0,no_dhe=0,nocert=0;
int state=0;
SSL_METHOD *meth=NULL;
+ ENGINE *e=NULL;
#ifndef NO_DH
DH *dh=NULL;
#endif
@@ -565,6 +570,11 @@
else if (strcmp(*argv,"-tls1") == 0)
{ meth=TLSv1_server_method(); }
#endif
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine_id= *(++argv);
+ }
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -609,6 +619,29 @@
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
+ if (engine_id != NULL)
+ {
+ if((e = ENGINE_by_id(engine_id)) == NULL)
+ {
+ BIO_printf(bio_err,"invalid engine\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if (s_debug)
+ {
+ ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
+ 0, bio_err, 0);
+ }
+ if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+ {
+ BIO_printf(bio_err,"can't use that engine\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ BIO_printf(bio_err,"engine \"%s\" set.\n", engine_id);
+ ENGINE_free(e);
+ }
+
ctx=SSL_CTX_new(meth);
if (ctx == NULL)
{
diff --git a/apps/smime.c b/apps/smime.c
index 9467b59..16b9400 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -64,6 +64,7 @@
#include <openssl/crypto.h>
#include <openssl/pem.h>
#include <openssl/err.h>
+#include <openssl/engine.h>
#undef PROG
#define PROG smime_main
@@ -81,6 +82,7 @@
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
int operation = 0;
int ret = 0;
char **args;
@@ -103,8 +105,9 @@
char *inrand = NULL;
int need_rand = 0;
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
- args = argv + 1;
+ char *engine=NULL;
+ args = argv + 1;
ret = 1;
while (!badarg && *args && *args[0] == '-') {
@@ -153,6 +156,11 @@
inrand = *args;
} else badarg = 1;
need_rand = 1;
+ } else if (!strcmp(*args,"-engine")) {
+ if (args[1]) {
+ args++;
+ engine = *args;
+ } else badarg = 1;
} else if (!strcmp(*args,"-passin")) {
if (args[1]) {
args++;
@@ -290,6 +298,7 @@
BIO_printf (bio_err, "-text include or delete text MIME headers\n");
BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
+ BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n");
BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n");
@@ -297,6 +306,24 @@
goto end;
}
+ if (engine != NULL)
+ {
+ if((e = ENGINE_by_id(engine)) == NULL)
+ {
+ BIO_printf(bio_err,"invalid engine \"%s\"\n",
+ engine);
+ goto end;
+ }
+ if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+ {
+ BIO_printf(bio_err,"can't use that engine\n");
+ goto end;
+ }
+ BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+ /* Free our "structural" reference. */
+ ENGINE_free(e);
+ }
+
if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
diff --git a/apps/speed.c b/apps/speed.c
index 627cab1..ba41916 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -81,6 +81,7 @@
#include <openssl/crypto.h>
#include <openssl/rand.h>
#include <openssl/err.h>
+#include <openssl/engine.h>
#if defined(__FreeBSD__)
# define USE_TOD
@@ -310,6 +311,7 @@
int MAIN(int argc, char **argv)
{
+ ENGINE *e;
unsigned char *buf=NULL,*buf2=NULL;
int mret=1;
#define ALGOR_NUM 15
@@ -470,6 +472,37 @@
{
if ((argc > 0) && (strcmp(*argv,"-elapsed") == 0))
usertime = 0;
+ else
+ if ((argc > 0) && (strcmp(*argv,"-engine") == 0))
+ {
+ argc--;
+ argv++;
+ if(argc == 0)
+ {
+ BIO_printf(bio_err,"no engine given\n");
+ goto end;
+ }
+ if((e = ENGINE_by_id(*argv)) == NULL)
+ {
+ BIO_printf(bio_err,"invalid engine \"%s\"\n",
+ *argv);
+ goto end;
+ }
+ if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+ {
+ BIO_printf(bio_err,"can't use that engine\n");
+ goto end;
+ }
+ BIO_printf(bio_err,"engine \"%s\" set.\n", *argv);
+ /* Free our "structural" reference. */
+ ENGINE_free(e);
+ /* It will be increased again further down. We just
+ don't want speed to confuse an engine with an
+ algorithm, especially when none is given (which
+ means all of them should be run) */
+ j--;
+ }
+ else
#ifndef NO_MD2
if (strcmp(*argv,"md2") == 0) doit[D_MD2]=1;
else
@@ -517,7 +550,7 @@
#ifdef RSAref
if (strcmp(*argv,"rsaref") == 0)
{
- RSA_set_default_method(RSA_PKCS1_RSAref());
+ RSA_set_default_openssl_method(RSA_PKCS1_RSAref());
j--;
}
else
@@ -525,7 +558,7 @@
#ifndef RSA_NULL
if (strcmp(*argv,"openssl") == 0)
{
- RSA_set_default_method(RSA_PKCS1_SSLeay());
+ RSA_set_default_openssl_method(RSA_PKCS1_SSLeay());
j--;
}
else
@@ -670,11 +703,12 @@
BIO_printf(bio_err,"\n");
#endif
-#ifdef TIMES
BIO_printf(bio_err,"\n");
BIO_printf(bio_err,"Available options:\n");
+#ifdef TIMES
BIO_printf(bio_err,"-elapsed measure time in real time instead of CPU user time.\n");
#endif
+ BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n");
goto end;
}
argc--;
@@ -1379,6 +1413,7 @@
#endif
mret=0;
end:
+ ERR_print_errors(bio_err);
if (buf != NULL) OPENSSL_free(buf);
if (buf2 != NULL) OPENSSL_free(buf2);
#ifndef NO_RSA
diff --git a/apps/spkac.c b/apps/spkac.c
index 459d730..d7e4678 100644
--- a/apps/spkac.c
+++ b/apps/spkac.c
@@ -69,6 +69,7 @@
#include <openssl/lhash.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
+#include <openssl/engine.h>
#undef PROG
#define PROG spkac_main
@@ -81,6 +82,7 @@
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
int i,badops=0, ret = 1;
BIO *in = NULL,*out = NULL, *key = NULL;
int verify=0,noout=0,pubkey=0;
@@ -91,6 +93,7 @@
LHASH *conf = NULL;
NETSCAPE_SPKI *spki = NULL;
EVP_PKEY *pkey = NULL;
+ char *engine=NULL;
apps_startup();
@@ -136,6 +139,11 @@
if (--argc < 1) goto bad;
spksect= *(++argv);
}
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
else if (strcmp(*argv,"-noout") == 0)
noout=1;
else if (strcmp(*argv,"-pubkey") == 0)
@@ -161,6 +169,7 @@
BIO_printf(bio_err," -noout don't print SPKAC\n");
BIO_printf(bio_err," -pubkey output public key\n");
BIO_printf(bio_err," -verify verify SPKAC signature\n");
+ BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
goto end;
}
@@ -170,6 +179,24 @@
goto end;
}
+ if (engine != NULL)
+ {
+ if((e = ENGINE_by_id(engine)) == NULL)
+ {
+ BIO_printf(bio_err,"invalid engine \"%s\"\n",
+ engine);
+ goto end;
+ }
+ if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+ {
+ BIO_printf(bio_err,"can't use that engine\n");
+ goto end;
+ }
+ BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+ /* Free our "structural" reference. */
+ ENGINE_free(e);
+ }
+
if(keyfile) {
if(strcmp(keyfile, "-")) key = BIO_new_file(keyfile, "r");
else key = BIO_new_fp(stdin, BIO_NOCLOSE);
diff --git a/apps/verify.c b/apps/verify.c
index 47e602d..f384de6 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -65,6 +65,7 @@
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/pem.h>
+#include <openssl/engine.h>
#undef PROG
#define PROG verify_main
@@ -78,6 +79,7 @@
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
int i,ret=1;
int purpose = -1;
char *CApath=NULL,*CAfile=NULL;
@@ -85,6 +87,7 @@
STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
X509_STORE *cert_ctx=NULL;
X509_LOOKUP *lookup=NULL;
+ char *engine=NULL;
cert_ctx=X509_STORE_new();
if (cert_ctx == NULL) goto end;
@@ -137,6 +140,11 @@
if (argc-- < 1) goto end;
trustfile= *(++argv);
}
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto end;
+ engine= *(++argv);
+ }
else if (strcmp(*argv,"-help") == 0)
goto end;
else if (strcmp(*argv,"-issuer_checks") == 0)
@@ -154,6 +162,24 @@
break;
}
+ if (engine != NULL)
+ {
+ if((e = ENGINE_by_id(engine)) == NULL)
+ {
+ BIO_printf(bio_err,"invalid engine \"%s\"\n",
+ engine);
+ goto end;
+ }
+ if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+ {
+ BIO_printf(bio_err,"can't use that engine\n");
+ goto end;
+ }
+ BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+ /* Free our "structural" reference. */
+ ENGINE_free(e);
+ }
+
lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
if (lookup == NULL) abort();
if (CAfile) {
@@ -201,7 +227,7 @@
ret=0;
end:
if (ret == 1) {
- BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] cert1 cert2 ...\n");
+ BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-engine e] cert1 cert2 ...\n");
BIO_printf(bio_err,"recognized usages:\n");
for(i = 0; i < X509_PURPOSE_get_count(); i++) {
X509_PURPOSE *ptmp;
diff --git a/apps/x509.c b/apps/x509.c
index 3bef1fc..8712339 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -73,6 +73,7 @@
#include <openssl/x509v3.h>
#include <openssl/objects.h>
#include <openssl/pem.h>
+#include <openssl/engine.h>
#undef PROG
#define PROG x509_main
@@ -129,6 +130,7 @@
" -extensions - section from config file with X509V3 extensions to add\n",
" -clrext - delete extensions before signing and input certificate\n",
" -nameopt arg - various certificate name options\n",
+" -engine e - use engine e, possibly a hardware device.\n",
" -certopt arg - various certificate text options\n",
NULL
};
@@ -146,6 +148,7 @@
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
int ret=1;
X509_REQ *req=NULL;
X509 *x=NULL,*xca=NULL;
@@ -176,6 +179,7 @@
int need_rand = 0;
int checkend=0,checkoffset=0;
unsigned long nmflag = 0, certflag = 0;
+ char *engine=NULL;
reqfile=0;
@@ -343,6 +347,11 @@
alias= *(++argv);
trustout = 1;
}
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
else if (strcmp(*argv,"-C") == 0)
C= ++num;
else if (strcmp(*argv,"-email") == 0)
@@ -426,6 +435,24 @@
goto end;
}
+ if (engine != NULL)
+ {
+ if((e = ENGINE_by_id(engine)) == NULL)
+ {
+ BIO_printf(bio_err,"invalid engine \"%s\"\n",
+ engine);
+ goto end;
+ }
+ if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+ {
+ BIO_printf(bio_err,"can't use that engine\n");
+ goto end;
+ }
+ BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+ /* Free our "structural" reference. */
+ ENGINE_free(e);
+ }
+
if (need_rand)
app_RAND_load_file(NULL, bio_err, 0);
diff --git a/config b/config
index a354456..2f84a45 100755
--- a/config
+++ b/config
@@ -482,11 +482,17 @@
*) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
esac
+# NB: This atalla support has been superceded by the ENGINE support
+# That contains its own header and definitions anyway. Support can
+# be enabled or disabled on any supported platform without external
+# headers, eg. by adding the "hw-atalla" switch to ./config or
+# perl Configure
+#
# See whether we can compile Atalla support
-if [ -f /usr/include/atasi.h ]
-then
- options="$options -DATALLA"
-fi
+#if [ -f /usr/include/atasi.h ]
+#then
+# options="$options -DATALLA"
+#fi
# gcc < 2.8 does not support -mcpu=ultrasparc
if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ]
diff --git a/crypto/Makefile.ssl b/crypto/Makefile.ssl
index 72e3fe7..7bb2a5c 100644
--- a/crypto/Makefile.ssl
+++ b/crypto/Makefile.ssl
@@ -27,7 +27,7 @@
SDIRS= md2 md5 sha mdc2 hmac ripemd \
des rc2 rc4 rc5 idea bf cast \
- bn rsa dsa dh dso \
+ bn rsa dsa dh dso engine \
buffer bio stack lhash rand err objects \
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp rijndael
diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c
index 8117323..d2c9162 100644
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
@@ -113,13 +113,6 @@
#include <stdio.h>
#include "cryptlib.h"
#include "bn_lcl.h"
-#ifdef ATALLA
-# include <alloca.h>
-# include <atasi.h>
-# include <assert.h>
-# include <dlfcn.h>
-#endif
-
#define TABLE_SIZE 32
@@ -183,174 +176,6 @@
}
-#ifdef ATALLA
-
-/*
- * This routine will dynamically check for the existance of an Atalla AXL-200
- * SSL accelerator module. If one is found, the variable
- * asi_accelerator_present is set to 1 and the function pointers
- * ptr_ASI_xxxxxx above will be initialized to corresponding ASI API calls.
- */
-typedef int tfnASI_GetPerformanceStatistics(int reset_flag,
- unsigned int *ret_buf);
-typedef int tfnASI_GetHardwareConfig(long card_num, unsigned int *ret_buf);
-typedef int tfnASI_RSAPrivateKeyOpFn(RSAPrivateKey * rsaKey,
- unsigned char *output,
- unsigned char *input,
- unsigned int modulus_len);
-
-static tfnASI_GetHardwareConfig *ptr_ASI_GetHardwareConfig;
-static tfnASI_RSAPrivateKeyOpFn *ptr_ASI_RSAPrivateKeyOpFn;
-static tfnASI_GetPerformanceStatistics *ptr_ASI_GetPerformanceStatistics;
-static int asi_accelerator_present;
-static int tried_atalla;
-
-void atalla_initialize_accelerator_handle(void)
- {
- void *dl_handle;
- int status;
- unsigned int config_buf[1024];
- static int tested;
-
- if(tested)
- return;
-
- tested=1;
-
- bzero((void *)config_buf, 1024);
-
- /*
- * Check to see if the library is present on the system
- */
- dl_handle = dlopen("atasi.so", RTLD_NOW);
- if (dl_handle == (void *) NULL)
- {
-/* printf("atasi.so library is not present on the system\n");
- printf("No HW acceleration available\n");*/
- return;
- }
-
- /*
- * The library is present. Now we'll check to insure that the
- * LDM is up and running. First we'll get the address of the
- * function in the atasi library that we need to see if the
- * LDM is operating.
- */
-
- ptr_ASI_GetHardwareConfig =
- (tfnASI_GetHardwareConfig *)dlsym(dl_handle,"ASI_GetHardwareConfig");
-
- if (ptr_ASI_GetHardwareConfig)
- {
- /*
- * We found the call, now we'll get our config
- * status. If we get a non 0 result, the LDM is not
- * running and we cannot use the Atalla ASI *
- * library.
- */
- status = (*ptr_ASI_GetHardwareConfig)(0L, config_buf);
- if (status != 0)
- {
- printf("atasi.so library is present but not initialized\n");
- printf("No HW acceleration available\n");
- return;
- }
- }
- else
- {
-/* printf("We found the library, but not the function. Very Strange!\n");*/
- return ;
- }
-
- /*
- * It looks like we have acceleration capabilities. Load up the
- * pointers to our ASI API calls.
- */
- ptr_ASI_RSAPrivateKeyOpFn=
- (tfnASI_RSAPrivateKeyOpFn *)dlsym(dl_handle, "ASI_RSAPrivateKeyOpFn");
- if (ptr_ASI_RSAPrivateKeyOpFn == NULL)
- {
-/* printf("We found the library, but no RSA function. Very Strange!\n");*/
- return;
- }
-
- ptr_ASI_GetPerformanceStatistics =
- (tfnASI_GetPerformanceStatistics *)dlsym(dl_handle, "ASI_GetPerformanceStatistics");
- if (ptr_ASI_GetPerformanceStatistics == NULL)
- {
-/* printf("We found the library, but no stat function. Very Strange!\n");*/
- return;
- }
-
- /*
- * Indicate that acceleration is available
- */
- asi_accelerator_present = 1;
-
-/* printf("This system has acceleration!\n");*/
-
- return;
- }
-
-/* make sure this only gets called once when bn_mod_exp calls bn_mod_exp_mont */
-int BN_mod_exp_atalla(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m)
- {
- unsigned char *abin;
- unsigned char *pbin;
- unsigned char *mbin;
- unsigned char *rbin;
- int an,pn,mn,ret;
- RSAPrivateKey keydata;
-
- atalla_initialize_accelerator_handle();
- if(!asi_accelerator_present)
- return 0;
-
-
-/* We should be able to run without size testing */
-# define ASIZE 128
- an=BN_num_bytes(a);
- pn=BN_num_bytes(p);
- mn=BN_num_bytes(m);
-
- if(an <= ASIZE && pn <= ASIZE && mn <= ASIZE)
- {
- int size=mn;
-
- assert(an <= mn);
- abin=alloca(size);
- memset(abin,'\0',mn);
- BN_bn2bin(a,abin+size-an);
-
- pbin=alloca(pn);
- BN_bn2bin(p,pbin);
-
- mbin=alloca(size);
- memset(mbin,'\0',mn);
- BN_bn2bin(m,mbin+size-mn);
-
- rbin=alloca(size);
-
- memset(&keydata,'\0',sizeof keydata);
- keydata.privateExponent.data=pbin;
- keydata.privateExponent.len=pn;
- keydata.modulus.data=mbin;
- keydata.modulus.len=size;
-
- ret=(*ptr_ASI_RSAPrivateKeyOpFn)(&keydata,rbin,abin,keydata.modulus.len);
-/*fprintf(stderr,"!%s\n",BN_bn2hex(a));*/
- if(!ret)
- {
- BN_bin2bn(rbin,keydata.modulus.len,r);
-/*fprintf(stderr,"?%s\n",BN_bn2hex(r));*/
- return 1;
- }
- }
- return 0;
- }
-#endif /* def ATALLA */
-
-
int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
BN_CTX *ctx)
{
@@ -360,13 +185,6 @@
bn_check_top(p);
bn_check_top(m);
-#ifdef ATALLA
- if(BN_mod_exp_atalla(r,a,p,m))
- return 1;
-/* If it fails, try the other methods (but don't try atalla again) */
- tried_atalla=1;
-#endif
-
#ifdef MONT_MUL_MOD
/* I have finally been able to take out this pre-condition of
* the top bit being set. It was caused by an error in BN_div
@@ -392,10 +210,6 @@
{ ret=BN_mod_exp_simple(r,a,p,m,ctx); }
#endif
-#ifdef ATALLA
- tried_atalla=0;
-#endif
-
return(ret);
}
@@ -525,12 +339,6 @@
bn_check_top(p);
bn_check_top(m);
-#ifdef ATALLA
- if(!tried_atalla && BN_mod_exp_atalla(rr,a,p,m))
- return 1;
-/* If it fails, try the other methods */
-#endif
-
if (!(m->d[0] & 1))
{
BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
@@ -693,19 +501,6 @@
t = BN_CTX_get(ctx);
if (d == NULL || r == NULL || t == NULL) goto err;
-#ifdef ATALLA
- if (!tried_atalla)
- {
- BN_set_word(t, a);
- if (BN_mod_exp_atalla(rr, t, p, m))
- {
- BN_CTX_end(ctx);
- return 1;
- }
- }
-/* If it fails, try the other methods */
-#endif
-
if (in_mont != NULL)
mont=in_mont;
else
diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c
index 070cf59..9de60fd 100644
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -100,7 +100,8 @@
"debug_malloc2",
"dso",
"dynlock",
-#if CRYPTO_NUM_LOCKS != 28
+ "engine",
+#if CRYPTO_NUM_LOCKS != 29
# error "Inconsistency between crypto.h and cryptlib.c"
#endif
};
diff --git a/crypto/crypto-lib.com b/crypto/crypto-lib.com
index edffeff..70e3c91 100644
--- a/crypto/crypto-lib.com
+++ b/crypto/crypto-lib.com
@@ -88,7 +88,7 @@
$!
$ ENCRYPT_TYPES = "Basic,MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ -
"DES,RC2,RC4,RC5,IDEA,BF,CAST,"+ -
- "BN,RSA,DSA,DH,DSO,"+ -
+ "BN,RSA,DSA,DH,DSO,ENGINE,RIJNDAEL,"+ -
"BUFFER,BIO,STACK,LHASH,RAND,ERR,OBJECTS,"+ -
"EVP,EVP_2,ASN1,ASN1_2,PEM,X509,X509V3,"+ -
"CONF,TXT_DB,PKCS7,PKCS12,COMP"
@@ -206,6 +206,9 @@
$ LIB_DH = "dh_gen,dh_key,dh_lib,dh_check,dh_err"
$ LIB_DSO = "dso_dl,dso_dlfcn,dso_err,dso_lib,dso_null,"+ -
"dso_openssl,dso_win32,dso_vms"
+$ LIB_ENGINE = "engine_err,engine_lib,engine_list,engine_openssl,"+ -
+ "hw_atalla,hw_cswift,hw_ncipher"
+$ LIB_RIJNDAEL = "rijndael-alg-fst"
$ LIB_BUFFER = "buffer,buf_err"
$ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ -
"bss_mem,bss_null,bss_fd,"+ -
@@ -1194,7 +1197,9 @@
$ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
THEN CC = "CC/DECC"
$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
- "/NOLIST/PREFIX=ALL/INCLUDE=SYS$DISK:[]" + CCEXTRAFLAGS
+ "/NOLIST/PREFIX=ALL" + -
+ "/INCLUDE=(SYS$DISK:[],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
+ CCEXTRAFLAGS
$!
$! Define The Linker Options File Name.
$!
@@ -1226,7 +1231,8 @@
$ EXIT
$ ENDIF
$ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
-$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST/INCLUDE=SYS$DISK:[]" + -
+$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
+ "/INCLUDE=(SYS$DISK:[],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
CCEXTRAFLAGS
$ CCDEFS = """VAXC""," + CCDEFS
$!
@@ -1258,7 +1264,8 @@
$! Use GNU C...
$!
$ CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
- "/INCLUDE=SYS$DISK:[]" + CCEXTRAFLAGS
+ "/INCLUDE=(SYS$DISK:[],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
+ CCEXTRAFLAGS
$!
$! Define The Linker Options File Name.
$!
diff --git a/crypto/crypto.h b/crypto/crypto.h
index df6ccaf..52ee97b 100644
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -122,7 +122,8 @@
#define CRYPTO_LOCK_MALLOC2 25
#define CRYPTO_LOCK_DSO 26
#define CRYPTO_LOCK_DYNLOCK 27
-#define CRYPTO_NUM_LOCKS 28
+#define CRYPTO_LOCK_ENGINE 28
+#define CRYPTO_NUM_LOCKS 29
#define CRYPTO_LOCK 1
#define CRYPTO_UNLOCK 2
diff --git a/crypto/dh/Makefile.ssl b/crypto/dh/Makefile.ssl
index ccee00e..b9fed3a 100644
--- a/crypto/dh/Makefile.ssl
+++ b/crypto/dh/Makefile.ssl
@@ -101,19 +101,41 @@
dh_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
dh_gen.o: ../cryptlib.h
-dh_key.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-dh_key.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
-dh_key.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-dh_key.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dh_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+dh_key.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+dh_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+dh_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dh_key.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dh_key.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+dh_key.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+dh_key.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+dh_key.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+dh_key.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+dh_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
dh_key.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
-dh_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dh_key.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+dh_key.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
+dh_key.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+dh_key.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+dh_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
dh_key.o: ../../include/openssl/symhacks.h ../cryptlib.h
-dh_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-dh_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-dh_lib.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
-dh_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-dh_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-dh_lib.o: ../cryptlib.h
+dh_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+dh_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+dh_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+dh_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dh_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dh_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+dh_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+dh_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+dh_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+dh_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+dh_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+dh_lib.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
+dh_lib.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+dh_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+dh_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dh_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h
diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
index a15fc1c..7a8d9f8 100644
--- a/crypto/dh/dh.h
+++ b/crypto/dh/dh.h
@@ -115,7 +115,11 @@
int references;
CRYPTO_EX_DATA ex_data;
+#if 0
DH_METHOD *meth;
+#else
+ struct engine_st *engine;
+#endif
};
#define DH_GENERATOR_2 2
@@ -150,10 +154,15 @@
DH_METHOD *DH_OpenSSL(void);
-void DH_set_default_method(DH_METHOD *meth);
-DH_METHOD *DH_get_default_method(void);
+void DH_set_default_openssl_method(DH_METHOD *meth);
+DH_METHOD *DH_get_default_openssl_method(void);
+#if 0
DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth);
DH *DH_new_method(DH_METHOD *meth);
+#else
+int DH_set_method(DH *dh, struct engine_st *engine);
+DH *DH_new_method(struct engine_st *engine);
+#endif
DH * DH_new(void);
void DH_free(DH *dh);
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index 6f9426d..6915d79 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -61,6 +61,7 @@
#include <openssl/bn.h>
#include <openssl/rand.h>
#include <openssl/dh.h>
+#include <openssl/engine.h>
static int generate_key(DH *dh);
static int compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
@@ -72,12 +73,12 @@
int DH_generate_key(DH *dh)
{
- return dh->meth->generate_key(dh);
+ return ENGINE_get_DH(dh->engine)->generate_key(dh);
}
int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh)
{
- return dh->meth->compute_key(key, pub_key, dh);
+ return ENGINE_get_DH(dh->engine)->compute_key(key, pub_key, dh);
}
static DH_METHOD dh_ossl = {
@@ -137,8 +138,9 @@
}
mont=(BN_MONT_CTX *)dh->method_mont_p;
- if (!dh->meth->bn_mod_exp(dh, pub_key,dh->g,priv_key,dh->p,&ctx,mont))
- goto err;
+ if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, pub_key, dh->g,
+ priv_key,dh->p,&ctx,mont))
+ goto err;
dh->pub_key=pub_key;
dh->priv_key=priv_key;
@@ -177,7 +179,8 @@
}
mont=(BN_MONT_CTX *)dh->method_mont_p;
- if (!dh->meth->bn_mod_exp(dh, tmp,pub_key,dh->priv_key,dh->p,&ctx,mont))
+ if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, tmp, pub_key,
+ dh->priv_key,dh->p,&ctx,mont))
{
DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB);
goto err;
diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c
index a8d5340..66803b5 100644
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -60,6 +60,7 @@
#include "cryptlib.h"
#include <openssl/bn.h>
#include <openssl/dh.h>
+#include <openssl/engine.h>
const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
@@ -67,17 +68,32 @@
static int dh_meth_num = 0;
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dh_meth = NULL;
-void DH_set_default_method(DH_METHOD *meth)
+void DH_set_default_openssl_method(DH_METHOD *meth)
{
- default_DH_method = meth;
+ ENGINE *e;
+ /* We'll need to notify the "openssl" ENGINE of this
+ * change too. We won't bother locking things down at
+ * our end as there was never any locking in these
+ * functions! */
+ if(default_DH_method != meth)
+ {
+ default_DH_method = meth;
+ e = ENGINE_by_id("openssl");
+ if(e)
+ {
+ ENGINE_set_DH(e, meth);
+ ENGINE_free(e);
+ }
+ }
}
-DH_METHOD *DH_get_default_method(void)
+DH_METHOD *DH_get_default_openssl_method(void)
{
if(!default_DH_method) default_DH_method = DH_OpenSSL();
return default_DH_method;
}
+#if 0
DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth)
{
DH_METHOD *mtmp;
@@ -87,14 +103,37 @@
if (meth->init) meth->init(dh);
return mtmp;
}
+#else
+int DH_set_method(DH *dh, ENGINE *engine)
+{
+ ENGINE *mtmp;
+ DH_METHOD *meth;
+ mtmp = dh->engine;
+ meth = ENGINE_get_DH(mtmp);
+ if (!ENGINE_init(engine))
+ return 0;
+ if (meth->finish) meth->finish(dh);
+ dh->engine= engine;
+ meth = ENGINE_get_DH(engine);
+ if (meth->init) meth->init(dh);
+ /* SHOULD ERROR CHECK THIS!!! */
+ ENGINE_finish(mtmp);
+ return 1;
+}
+#endif
DH *DH_new(void)
{
return DH_new_method(NULL);
}
+#if 0
DH *DH_new_method(DH_METHOD *meth)
+#else
+DH *DH_new_method(ENGINE *engine)
+#endif
{
+ DH_METHOD *meth;
DH *ret;
ret=(DH *)OPENSSL_malloc(sizeof(DH));
@@ -103,8 +142,17 @@
DHerr(DH_F_DH_NEW,ERR_R_MALLOC_FAILURE);
return(NULL);
}
- if(meth) ret->meth = meth;
- else ret->meth = DH_get_default_method();
+ if(engine)
+ ret->engine = engine;
+ else
+ {
+ if((ret->engine=ENGINE_get_default_DH()) == NULL)
+ {
+ OPENSSL_free(ret);
+ return NULL;
+ }
+ }
+ meth = ENGINE_get_DH(ret->engine);
ret->pad=0;
ret->version=0;
ret->p=NULL;
@@ -119,8 +167,8 @@
ret->counter = NULL;
ret->method_mont_p=NULL;
ret->references = 1;
- ret->flags=ret->meth->flags;
- if ((ret->meth->init != NULL) && !ret->meth->init(ret))
+ ret->flags=meth->flags;
+ if ((meth->init != NULL) && !meth->init(ret))
{
OPENSSL_free(ret);
ret=NULL;
@@ -132,6 +180,7 @@
void DH_free(DH *r)
{
+ DH_METHOD *meth;
int i;
if(r == NULL) return;
i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH);
@@ -149,7 +198,9 @@
CRYPTO_free_ex_data(dh_meth, r, &r->ex_data);
- if(r->meth->finish) r->meth->finish(r);
+ meth = ENGINE_get_DH(r->engine);
+ if(meth->finish) meth->finish(r);
+ ENGINE_finish(r->engine);
if (r->p != NULL) BN_clear_free(r->p);
if (r->g != NULL) BN_clear_free(r->g);
diff --git a/crypto/dsa/Makefile.ssl b/crypto/dsa/Makefile.ssl
index 1dfdb2d..f9a6dbb 100644
--- a/crypto/dsa/Makefile.ssl
+++ b/crypto/dsa/Makefile.ssl
@@ -116,39 +116,81 @@
dsa_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
dsa_key.o: ../../include/openssl/symhacks.h ../cryptlib.h
dsa_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-dsa_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-dsa_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-dsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-dsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-dsa_lib.o: ../cryptlib.h
+dsa_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+dsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+dsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+dsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+dsa_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+dsa_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+dsa_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+dsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+dsa_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+dsa_lib.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
+dsa_lib.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+dsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+dsa_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h
dsa_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-dsa_ossl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-dsa_ossl.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-dsa_ossl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-dsa_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dsa_ossl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+dsa_ossl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+dsa_ossl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_ossl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dsa_ossl.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+dsa_ossl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+dsa_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+dsa_ossl.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+dsa_ossl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+dsa_ossl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
-dsa_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_ossl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+dsa_ossl.o: ../../include/openssl/rc5.h
+dsa_ossl.o: ../../include/openssl/rijndael-alg-fst.h
+dsa_ossl.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+dsa_ossl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+dsa_ossl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
dsa_ossl.o: ../../include/openssl/symhacks.h ../cryptlib.h
dsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-dsa_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-dsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dsa_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+dsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+dsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dsa_sign.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+dsa_sign.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+dsa_sign.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+dsa_sign.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+dsa_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
-dsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_sign.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+dsa_sign.o: ../../include/openssl/rc5.h
+dsa_sign.o: ../../include/openssl/rijndael-alg-fst.h
+dsa_sign.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+dsa_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+dsa_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
dsa_sign.o: ../../include/openssl/symhacks.h ../cryptlib.h
dsa_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-dsa_vrf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-dsa_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-dsa_vrf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-dsa_vrf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_vrf.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dsa_vrf.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+dsa_vrf.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+dsa_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+dsa_vrf.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+dsa_vrf.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+dsa_vrf.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+dsa_vrf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-dsa_vrf.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-dsa_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-dsa_vrf.o: ../cryptlib.h
+dsa_vrf.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+dsa_vrf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+dsa_vrf.o: ../../include/openssl/rijndael-alg-fst.h
+dsa_vrf.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+dsa_vrf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+dsa_vrf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_vrf.o: ../../include/openssl/symhacks.h ../cryptlib.h
diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h
index 3ebcc4a..65689a3 100644
--- a/crypto/dsa/dsa.h
+++ b/crypto/dsa/dsa.h
@@ -133,7 +133,11 @@
char *method_mont_p;
int references;
CRYPTO_EX_DATA ex_data;
+#if 0
DSA_METHOD *meth;
+#else
+ struct engine_st *engine;
+#endif
};
#define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \
@@ -159,12 +163,20 @@
DSA_METHOD *DSA_OpenSSL(void);
-void DSA_set_default_method(DSA_METHOD *);
-DSA_METHOD *DSA_get_default_method(void);
+void DSA_set_default_openssl_method(DSA_METHOD *);
+DSA_METHOD *DSA_get_default_openssl_method(void);
+#if 0
DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *);
+#else
+int DSA_set_method(DSA *dsa, struct engine_st *engine);
+#endif
DSA * DSA_new(void);
+#if 0
DSA * DSA_new_method(DSA_METHOD *meth);
+#else
+DSA * DSA_new_method(struct engine_st *engine);
+#endif
int DSA_size(DSA *);
/* next 4 return -1 on error */
int DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp);
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index be30d18..b31b946 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -63,6 +63,7 @@
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/asn1.h>
+#include <openssl/engine.h>
const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT;
@@ -70,12 +71,26 @@
static int dsa_meth_num = 0;
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dsa_meth = NULL;
-void DSA_set_default_method(DSA_METHOD *meth)
+void DSA_set_default_openssl_method(DSA_METHOD *meth)
{
- default_DSA_method = meth;
+ ENGINE *e;
+ /* We'll need to notify the "openssl" ENGINE of this
+ * change too. We won't bother locking things down at
+ * our end as there was never any locking in these
+ * functions! */
+ if(default_DSA_method != meth)
+ {
+ default_DSA_method = meth;
+ e = ENGINE_by_id("openssl");
+ if(e)
+ {
+ ENGINE_set_DSA(e, meth);
+ ENGINE_free(e);
+ }
+ }
}
-DSA_METHOD *DSA_get_default_method(void)
+DSA_METHOD *DSA_get_default_openssl_method(void)
{
if(!default_DSA_method) default_DSA_method = DSA_OpenSSL();
return default_DSA_method;
@@ -86,6 +101,7 @@
return DSA_new_method(NULL);
}
+#if 0
DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth)
{
DSA_METHOD *mtmp;
@@ -95,10 +111,33 @@
if (meth->init) meth->init(dsa);
return mtmp;
}
-
-
-DSA *DSA_new_method(DSA_METHOD *meth)
+#else
+int DSA_set_method(DSA *dsa, ENGINE *engine)
{
+ ENGINE *mtmp;
+ DSA_METHOD *meth;
+ mtmp = dsa->engine;
+ meth = ENGINE_get_DSA(mtmp);
+ if (!ENGINE_init(engine))
+ return 0;
+ if (meth->finish) meth->finish(dsa);
+ dsa->engine = engine;
+ meth = ENGINE_get_DSA(engine);
+ if (meth->init) meth->init(dsa);
+ /* SHOULD ERROR CHECK THIS!!! */
+ ENGINE_finish(mtmp);
+ return 1;
+ }
+#endif
+
+
+#if 0
+DSA *DSA_new_method(DSA_METHOD *meth)
+#else
+DSA *DSA_new_method(ENGINE *engine)
+#endif
+ {
+ DSA_METHOD *meth;
DSA *ret;
ret=(DSA *)OPENSSL_malloc(sizeof(DSA));
@@ -107,8 +146,17 @@
DSAerr(DSA_F_DSA_NEW,ERR_R_MALLOC_FAILURE);
return(NULL);
}
- if(meth) ret->meth = meth;
- else ret->meth = DSA_get_default_method();
+ if(engine)
+ ret->engine = engine;
+ else
+ {
+ if((ret->engine=ENGINE_get_default_DSA()) == NULL)
+ {
+ OPENSSL_free(ret);
+ return NULL;
+ }
+ }
+ meth = ENGINE_get_DSA(ret->engine);
ret->pad=0;
ret->version=0;
ret->write_params=1;
@@ -124,8 +172,8 @@
ret->method_mont_p=NULL;
ret->references=1;
- ret->flags=ret->meth->flags;
- if ((ret->meth->init != NULL) && !ret->meth->init(ret))
+ ret->flags=meth->flags;
+ if ((meth->init != NULL) && !meth->init(ret))
{
OPENSSL_free(ret);
ret=NULL;
@@ -138,6 +186,7 @@
void DSA_free(DSA *r)
{
+ DSA_METHOD *meth;
int i;
if (r == NULL) return;
@@ -157,7 +206,9 @@
CRYPTO_free_ex_data(dsa_meth, r, &r->ex_data);
- if(r->meth->finish) r->meth->finish(r);
+ meth = ENGINE_get_DSA(r->engine);
+ if(meth->finish) meth->finish(r);
+ ENGINE_finish(r->engine);
if (r->p != NULL) BN_clear_free(r->p);
if (r->q != NULL) BN_clear_free(r->q);
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index 0943565..96295dc 100644
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -64,6 +64,7 @@
#include <openssl/dsa.h>
#include <openssl/rand.h>
#include <openssl/asn1.h>
+#include <openssl/engine.h>
static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
@@ -195,7 +196,7 @@
}
/* Compute r = (g^k mod p) mod q */
- if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
+ if (!ENGINE_get_DSA(dsa->engine)->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
(BN_MONT_CTX *)dsa->method_mont_p)) goto err;
if (!BN_mod(r,r,dsa->q,ctx)) goto err;
@@ -273,7 +274,7 @@
if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err;
#else
{
- if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
+ if (!ENGINE_get_DSA(dsa->engine)->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
dsa->p,ctx,mont)) goto err;
/* BN_copy(&u1,&t1); */
/* let u1 = u1 mod q */
diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c
index 8920502..dfe27ba 100644
--- a/crypto/dsa/dsa_sign.c
+++ b/crypto/dsa/dsa_sign.c
@@ -64,10 +64,11 @@
#include <openssl/dsa.h>
#include <openssl/rand.h>
#include <openssl/asn1.h>
+#include <openssl/engine.h>
DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
{
- return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
+ return ENGINE_get_DSA(dsa->engine)->dsa_do_sign(dgst, dlen, dsa);
}
int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
@@ -87,6 +88,6 @@
int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
{
- return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
+ return ENGINE_get_DSA(dsa->engine)->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
}
diff --git a/crypto/dsa/dsa_vrf.c b/crypto/dsa/dsa_vrf.c
index 03277f8..2e891ae 100644
--- a/crypto/dsa/dsa_vrf.c
+++ b/crypto/dsa/dsa_vrf.c
@@ -65,11 +65,12 @@
#include <openssl/rand.h>
#include <openssl/asn1.h>
#include <openssl/asn1_mac.h>
+#include <openssl/engine.h>
int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
DSA *dsa)
{
- return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
+ return ENGINE_get_DSA(dsa->engine)->dsa_do_verify(dgst, dgst_len, sig, dsa);
}
/* data has already been hashed (probably with SHA or SHA-1). */
diff --git a/crypto/engine/.cvsignore b/crypto/engine/.cvsignore
new file mode 100644
index 0000000..c6d03a9
--- /dev/null
+++ b/crypto/engine/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/engine/Makefile.ssl b/crypto/engine/Makefile.ssl
new file mode 100644
index 0000000..8974ecd
--- /dev/null
+++ b/crypto/engine/Makefile.ssl
@@ -0,0 +1,256 @@
+#
+# OpenSSL/crypto/engine/Makefile
+#
+
+DIR= engine
+TOP= ../..
+CC= cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR= /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE= make -f Makefile.ssl
+MAKEDEPEND= $(TOP)/util/domd $(TOP)
+MAKEFILE= Makefile.ssl
+AR= ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST= enginetest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= engine_err.c engine_lib.c engine_list.c engine_openssl.c \
+ hw_atalla.c hw_cswift.c hw_ncipher.c hw_nuron.c
+LIBOBJ= engine_err.o engine_lib.o engine_list.o engine_openssl.o \
+ hw_atalla.o hw_cswift.o hw_ncipher.o hw_nuron.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= engine.h
+HEADER= $(EXHEADER)
+
+ALL= $(GENERAL) $(SRC) $(HEADER)
+
+top:
+ (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all: lib
+
+lib: $(LIBOBJ)
+ $(AR) $(LIB) $(LIBOBJ)
+ $(RANLIB) $(LIB)
+ @touch lib
+
+files:
+ $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+ @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+ @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+ @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+ @for i in $(EXHEADER) ; \
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+tags:
+ ctags $(SRC)
+
+tests:
+
+lint:
+ lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+ $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+
+dclean:
+ $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+ mv -f Makefile.new $(MAKEFILE)
+
+clean:
+ rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+engine_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+engine_err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+engine_err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+engine_err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+engine_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+engine_err.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+engine_err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+engine_err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+engine_err.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+engine_err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+engine_err.o: ../../include/openssl/objects.h
+engine_err.o: ../../include/openssl/opensslconf.h
+engine_err.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+engine_err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+engine_err.o: ../../include/openssl/rc5.h
+engine_err.o: ../../include/openssl/rijndael-alg-fst.h
+engine_err.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+engine_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+engine_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+engine_err.o: ../../include/openssl/symhacks.h
+engine_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+engine_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+engine_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+engine_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+engine_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+engine_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+engine_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+engine_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+engine_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+engine_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+engine_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+engine_lib.o: ../../include/openssl/objects.h
+engine_lib.o: ../../include/openssl/opensslconf.h
+engine_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+engine_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+engine_lib.o: ../../include/openssl/rc5.h
+engine_lib.o: ../../include/openssl/rijndael-alg-fst.h
+engine_lib.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+engine_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+engine_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+engine_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
+engine_list.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+engine_list.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+engine_list.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+engine_list.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+engine_list.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+engine_list.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+engine_list.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+engine_list.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+engine_list.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+engine_list.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+engine_list.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+engine_list.o: ../../include/openssl/objects.h
+engine_list.o: ../../include/openssl/opensslconf.h
+engine_list.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+engine_list.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+engine_list.o: ../../include/openssl/rc5.h
+engine_list.o: ../../include/openssl/rijndael-alg-fst.h
+engine_list.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+engine_list.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+engine_list.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+engine_list.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
+engine_openssl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+engine_openssl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+engine_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+engine_openssl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+engine_openssl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+engine_openssl.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h
+engine_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+engine_openssl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+engine_openssl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+engine_openssl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+engine_openssl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+engine_openssl.o: ../../include/openssl/obj_mac.h
+engine_openssl.o: ../../include/openssl/objects.h
+engine_openssl.o: ../../include/openssl/opensslconf.h
+engine_openssl.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+engine_openssl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+engine_openssl.o: ../../include/openssl/rc5.h
+engine_openssl.o: ../../include/openssl/rijndael-alg-fst.h
+engine_openssl.o: ../../include/openssl/rijndael.h
+engine_openssl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+engine_openssl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+engine_openssl.o: ../../include/openssl/stack.h
+engine_openssl.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
+hw_atalla.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hw_atalla.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+hw_atalla.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+hw_atalla.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+hw_atalla.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hw_atalla.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h
+hw_atalla.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+hw_atalla.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+hw_atalla.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+hw_atalla.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+hw_atalla.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hw_atalla.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hw_atalla.o: ../../include/openssl/opensslconf.h
+hw_atalla.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+hw_atalla.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+hw_atalla.o: ../../include/openssl/rc5.h
+hw_atalla.o: ../../include/openssl/rijndael-alg-fst.h
+hw_atalla.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+hw_atalla.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+hw_atalla.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+hw_atalla.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
+hw_atalla.o: vendor_defns/atalla.h
+hw_cswift.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hw_cswift.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+hw_cswift.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+hw_cswift.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+hw_cswift.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hw_cswift.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h
+hw_cswift.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+hw_cswift.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+hw_cswift.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+hw_cswift.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+hw_cswift.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hw_cswift.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hw_cswift.o: ../../include/openssl/opensslconf.h
+hw_cswift.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+hw_cswift.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+hw_cswift.o: ../../include/openssl/rc5.h
+hw_cswift.o: ../../include/openssl/rijndael-alg-fst.h
+hw_cswift.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+hw_cswift.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+hw_cswift.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+hw_cswift.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
+hw_cswift.o: vendor_defns/cswift.h
+hw_ncipher.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hw_ncipher.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+hw_ncipher.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+hw_ncipher.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+hw_ncipher.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hw_ncipher.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h
+hw_ncipher.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+hw_ncipher.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+hw_ncipher.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+hw_ncipher.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+hw_ncipher.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hw_ncipher.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hw_ncipher.o: ../../include/openssl/opensslconf.h
+hw_ncipher.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
+hw_ncipher.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+hw_ncipher.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+hw_ncipher.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+hw_ncipher.o: ../../include/openssl/rijndael-alg-fst.h
+hw_ncipher.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+hw_ncipher.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+hw_ncipher.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+hw_ncipher.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+hw_ncipher.o: ../../include/openssl/x509_vfy.h ../cryptlib.h engine_int.h
+hw_ncipher.o: vendor_defns/hwcryptohook.h
+hw_nuron.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hw_nuron.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+hw_nuron.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+hw_nuron.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+hw_nuron.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hw_nuron.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h
+hw_nuron.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+hw_nuron.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+hw_nuron.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+hw_nuron.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+hw_nuron.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hw_nuron.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hw_nuron.o: ../../include/openssl/opensslconf.h
+hw_nuron.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+hw_nuron.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+hw_nuron.o: ../../include/openssl/rc5.h
+hw_nuron.o: ../../include/openssl/rijndael-alg-fst.h
+hw_nuron.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+hw_nuron.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+hw_nuron.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+hw_nuron.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
diff --git a/crypto/engine/README b/crypto/engine/README
new file mode 100644
index 0000000..96595e6
--- /dev/null
+++ b/crypto/engine/README
@@ -0,0 +1,278 @@
+NOTES, THOUGHTS, and EVERYTHING
+-------------------------------
+
+(1) Concurrency and locking ... I made a change to the ENGINE_free code
+ because I spotted a potential hold-up in proceedings (doing too
+ much inside a lock including calling a callback), there may be
+ other bits like this. What do the speed/optimisation freaks think
+ of this aspect of the code and design? There's lots of locking for
+ manipulation functions and I need that to keep things nice and
+ solid, but this manipulation is mostly (de)initialisation, I would
+ think that most run-time locking is purely in the ENGINE_init and
+ ENGINE_finish calls that might be made when getting handles for
+ RSA (and friends') structures. These would be mostly reference
+ count operations as the functional references should always be 1
+ or greater at run-time to prevent init/deinit thrashing.
+
+(2) nCipher support, via the HWCryptoHook API, is now in the code.
+ Apparently this hasn't been tested too much yet, but it looks
+ good. :-) Atalla support has been added too, but shares a lot in
+ common with Ben's original hooks in bn_exp.c (although it has been
+ ENGINE-ified, and error handling wrapped around it) and it's also
+ had some low-volume testing, so it should be usable.
+
+(3) Of more concern, we need to work out (a) how to put together usable
+ RAND_METHODs for units that just have one "get n or less random
+ bytes" function, (b) we also need to determine how to hook the code
+ in crypto/rand/ to use the ENGINE defaults in a way similar to what
+ has been done in crypto/rsa/, crypto/dsa/, etc.
+
+(4) ENGINE should really grow to encompass more than 3 public key
+ algorithms and randomness gathering. The structure/data level of
+ the engine code is hidden from code outside the crypto/engine/
+ directory so change shouldn't be too viral. More important though
+ is how things should evolve ... this needs thought and discussion.
+
+
+-----------------------------------==*==-----------------------------------
+
+More notes 2000-08-01
+---------------------
+
+Geoff Thorpe, who designed the engine part, wrote a pretty good description
+of the thoughts he had when he built it, good enough to include verbatim here
+(with his permission) -- Richard Levitte
+
+
+Date: Tue, 1 Aug 2000 16:54:08 +0100 (BST)
+From: Geoff Thorpe
+Subject: Re: The thoughts to merge BRANCH_engine into the main trunk are
+ emerging
+
+Hi there,
+
+I'm going to try and do some justice to this, but I'm a little short on
+time and the there is an endless amount that could be discussed on this
+subject. sigh ... please bear with me :-)
+
+> The changes in BRANCH_engine dig deep into the core of OpenSSL, for example
+> into the RSA and RAND routines, adding a level of indirection which is needed
+> to keep the abstraction, as far as I understand. It would be a good thing if
+> those who do play with those things took a look at the changes that have been
+> done in the branch and say out loud how much (or hopefully little) we've made
+> fools of ourselves.
+
+The point here is that the code that has emerged in the BRANCH_engine
+branch was based on some initial requirements of mine that I went in and
+addressed, and Richard has picked up the ball and run with it too. It
+would be really useful to get some review of the approach we've taken, but
+first I think I need to describe as best I can the reasons behind what has
+been done so far, in particular what issues we have tried to address when
+doing this, and what issues we have intentionally (or necessarily) tried
+to avoid.
+
+methods, engines, and evps
+--------------------------
+
+There has been some dicussion, particularly with Steve, about where this
+ENGINE stuff might fit into the conceptual picture as/when we start to
+abstract algorithms a little bit to make the library more extensible. In
+particular, it would desirable to have algorithms (symmetric, hash, pkc,
+etc) abstracted in some way that allows them to be just objects sitting in
+a list (or database) ... it'll just happen that the "DSA" object doesn't
+support encryption whereas the "RSA" object does. This requires a lot of
+consideration to begin to know how to tackle it; in particular how
+encapsulated should these things be? If the objects also understand their
+own ASN1 encodings and what-not, then it would for example be possible to
+add support for elliptic-curve DSA in as a new algorithm and automatically
+have ECC-DSA certificates supported in SSL applications. Possible, but not
+easy. :-)
+
+Whatever, it seems that the way to go (if I've grok'd Steve's comments on
+this in the past) is to amalgamate these things in EVP as is already done
+(I think) for ciphers or hashes (Steve, please correct/elaborate). I
+certainly think something should be done in this direction because right
+now we have different source directories, types, functions, and methods
+for each algorithm - even when conceptually they are very much different
+feathers of the same bird. (This is certainly all true for the public-key
+stuff, and may be partially true for the other parts.)
+
+ENGINE was *not* conceived as a way of solving this, far from it. Nor was
+it conceived as a way of replacing the various "***_METHOD"s. It was
+conceived as an abstraction of a sort of "virtual crypto device". If we
+lived in a world where "EVP_ALGO"s (or something like them) encapsulated
+particular algorithms like RSA,DSA,MD5,RC4,etc, and "***_METHOD"s
+encapsulated interfaces to algorithms (eg. some algo's might support a
+PKC_METHOD, a HASH_METHOD, or a CIPHER_METHOD, who knows?), then I would
+think that ENGINE would encapsulate an implementation of arbitrarily many
+of those algorithms - perhaps as alternatives to existing algorithms
+and/or perhaps as new previously unimplemented algorithms. An ENGINE could
+be used to contain an alternative software implementation, a wrapper for a
+hardware acceleration and/or key-management unit, a comms-wrapper for
+distributing cryptographic operations to remote machines, or any other
+"devices" your imagination can dream up.
+
+However, what has been done in the ENGINE branch so far is nothing more
+than starting to get our toes wet. I had a couple of self-imposed
+requirements when putting the initial abstraction together, and I may have
+already posed these in one form or another on the list, but briefly;
+
+ (i) only bother with public key algorithms for now, and maybe RAND too
+ (motivated by the need to get hardware support going and the fact
+ this was a comparitively easy subset to address to begin with).
+
+ (ii) don't change (if at all possible) the existing crypto code, ie. the
+ implementations, the way the ***_METHODs work, etc.
+
+ (iii) ensure that if no function from the ENGINE code is ever called then
+ things work the way they always did, and there is no memory
+ allocation (otherwise the failure to cleanup would be a problem -
+ this is part of the reason no STACKs were used, the other part of
+ the reason being I found them inappropriate).
+
+ (iv) ensure that all the built-in crypto was encapsulated by one of
+ these "ENGINE"s and that this engine was automatically selected as
+ the default.
+
+ (v) provide the minimum hooking possible in the existing crypto code
+ so that global functions (eg. RSA_public_encrypt) do not need any
+ extra parameter, yet will use whatever the current default ENGINE
+ for that RSA key is, and that the default can be set "per-key"
+ and globally (new keys will assume the global default, and keys
+ without their own default will be operated on using the global
+ default). NB: Try and make (v) conflict as little as possible with
+ (ii). :-)
+
+ (vi) wrap the ENGINE code up in duct tape so you can't even see the
+ corners. Ie. expose no structures at all, just black-box pointers.
+
+ (v) maintain internally a list of ENGINEs on which a calling
+ application can iterate, interrogate, etc. Allow a calling
+ application to hook in new ENGINEs, remove ENGINEs from the list,
+ and enforce uniqueness within the global list of each ENGINE's
+ "unique id".
+
+ (vi) keep reference counts for everything - eg. this includes storing a
+ reference inside each RSA structure to the ENGINE that it uses.
+ This is freed when the RSA structure is destroyed, or has its
+ ENGINE explicitly changed. The net effect needs to be that at any
+ time, it is deterministic to know whether an ENGINE is in use or
+ can be safely removed (or unloaded in the case of the other type
+ of reference) without invalidating function pointers that may or
+ may not be used indavertently in the future. This was actually
+ one of the biggest problems to overcome in the existing OpenSSL
+ code - implementations had always been assumed to be ever-present,
+ so there was no trivial way to get round this.
+
+ (vii) distinguish between structural references and functional
+ references.
+
+A *little* detail
+-----------------
+
+While my mind is on it; I'll illustrate the bit in item (vii). This idea
+turned out to be very handy - the ENGINEs themselves need to be operated
+on and manipulated simply as objects without necessarily trying to
+"enable" them for use. Eg. most host machines will not have the necessary
+hardware or software to support all the engines one might compile into
+OpenSSL, yet it needs to be possible to iterate across the ENGINEs,
+querying their names, properties, etc - all happening in a thread-safe
+manner that uses reference counts (if you imagine two threads iterating
+through a list and one thread removing the ENGINE the other is currently
+looking at - you can see the gotcha waiting to happen). For all of this,
+*structural references* are used and operate much like the other reference
+counts in OpenSSL.
+
+The other kind of reference count is for *functional* references - these
+indicate a reference on which the caller can actually assume the
+particular ENGINE to be initialised and usable to perform the operations
+it implements. Any increment or decrement of the functional reference
+count automatically invokes a corresponding change in the structural
+reference count, as it is fairly obvious that a functional reference is a
+restricted case of a structural reference. So struct_ref >= funct_ref at
+all times. NB: functional references are usually obtained by a call to
+ENGINE_init(), but can also be created implicitly by calls that require a
+new functional reference to be created, eg. ENGINE_set_default(). Either
+way the only time the underlying ENGINE's "init" function is really called
+is when the (functional) reference count increases to 1, similarly the
+underlying "finish" handler is only called as the count goes down to 0.
+The effect of this, for example, is that if you set the default ENGINE for
+RSA operations to be "cswift", then its functional reference count will
+already be at least 1 so the CryptoSwift shared-library and the card will
+stay loaded and initialised until such time as all RSA keys using the
+cswift ENGINE are changed or destroyed and the default ENGINE for RSA
+operations has been changed. This prevents repeated thrashing of init and
+finish handling if the count keeps getting down as far as zero.
+
+Otherwise, the way the ENGINE code has been put together I think pretty
+much reflects the above points. The reason for the ENGINE structure having
+individual RSA_METHOD, DSA_METHOD, etc pointers is simply that it was the
+easiest way to go about things for now, to hook it all into the raw
+RSA,DSA,etc code, and I was trying to the keep the structure invisible
+anyway so that the way this is internally managed could be easily changed
+later on when we start to work out what's to be done about these other
+abstractions.
+
+Down the line, if some EVP-based technique emerges for adequately
+encapsulating algorithms and all their various bits and pieces, then I can
+imagine that "ENGINE" would turn into a reference-counting database of
+these EVP things, of which the default "openssl" ENGINE would be the
+library's own object database of pre-built software implemented algorithms
+(and such). It would also be cool to see the idea of "METHOD"s detached
+from the algorithms themselves ... so RSA, DSA, ElGamal, etc can all
+expose essentially the same METHOD (aka interface), which would include
+any querying/flagging stuff to identify what the algorithm can/can't do,
+its name, and other stuff like max/min block sizes, key sizes, etc. This
+would result in ENGINE similarly detaching its internal database of
+algorithm implementations from the function definitions that return
+interfaces to them. I think ...
+
+As for DSOs etc. Well the DSO code is pretty handy (but could be made much
+more so) for loading vendor's driver-libraries and talking to them in some
+generic way, but right now there's still big problems associated with
+actually putting OpenSSL code (ie. new ENGINEs, or anything else for that
+matter) in dynamically loadable libraries. These problems won't go away in
+a hurry so I don't think we should expect to have any kind of
+shared-library extensions any time soon - but solving the problems is a
+good thing to aim for, and would as a side-effect probably help make
+OpenSSL more usable as a shared-library itself (looking at the things
+needed to do this will show you why).
+
+One of the problems is that if you look at any of the ENGINE
+implementations, eg. hw_cswift.c or hw_ncipher.c, you'll see how it needs
+a variety of functionality and definitions from various areas of OpenSSL,
+including crypto/bn/, crypto/err/, crypto/ itself (locking for example),
+crypto/dso/, crypto/engine/, crypto/rsa, etc etc etc. So if similar code
+were to be suctioned off into shared libraries, the shared libraries would
+either have to duplicate all the definitions and code and avoid loader
+conflicts, or OpenSSL would have to somehow expose all that functionality
+to the shared-library. If this isn't a big enough problem, the issue of
+binary compatibility will be - anyone writing Apache modules can tell you
+that (Ralf? Ben? :-). However, I don't think OpenSSL would need to be
+quite so forgiving as Apache should be, so OpenSSL could simply tell its
+version to the DSO and leave the DSO with the problem of deciding whether
+to proceed or bail out for fear of binary incompatibilities.
+
+Certainly one thing that would go a long way to addressing this is to
+embark on a bit of an opaqueness mission. I've set the ENGINE code up with
+this in mind - it's so draconian that even to declare your own ENGINE, you
+have to get the engine code to create the underlying ENGINE structure, and
+then feed in the new ENGINE's function/method pointers through various
+"set" functions. The more of the code that takes on such a black-box
+approach, the more of the code that will be (a) easy to expose to shared
+libraries that need it, and (b) easy to expose to applications wanting to
+use OpenSSL itself as a shared-library. From my own explorations in
+OpenSSL, the biggest leviathan I've seen that is a problem in this respect
+is the BIGNUM code. Trying to "expose" the bignum code through any kind of
+organised "METHODs", let alone do all the necessary bignum operations
+solely through functions rather than direct access to the structures and
+macros, will be a massive pain in the "r"s.
+
+Anyway, I'm done for now - hope it was readable. Thoughts?
+
+Cheers,
+Geoff
+
+
+-----------------------------------==*==-----------------------------------
+
diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
new file mode 100644
index 0000000..78cf41c
--- /dev/null
+++ b/crypto/engine/engine.h
@@ -0,0 +1,403 @@
+/* openssl/engine.h */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_ENGINE_H
+#define HEADER_ENGINE_H
+
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/dh.h>
+#include <openssl/rand.h>
+#include <openssl/evp.h>
+#include <openssl/symhacks.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* These flags are used to control combinations of algorithm (methods)
+ * by bitwise "OR"ing. */
+#define ENGINE_METHOD_RSA (unsigned int)0x0001
+#define ENGINE_METHOD_DSA (unsigned int)0x0002
+#define ENGINE_METHOD_DH (unsigned int)0x0004
+#define ENGINE_METHOD_RAND (unsigned int)0x0008
+#define ENGINE_METHOD_BN_MOD_EXP (unsigned int)0x0010
+#define ENGINE_METHOD_BN_MOD_EXP_CRT (unsigned int)0x0020
+/* Obvious all-or-nothing cases. */
+#define ENGINE_METHOD_ALL (unsigned int)0xFFFF
+#define ENGINE_METHOD_NONE (unsigned int)0x0000
+
+/* These flags are used to tell the ctrl function what should be done.
+ * All command numbers are shared between all engines, even if some don't
+ * make sense to some engines. In such a case, they do nothing but return
+ * the error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. */
+#define ENGINE_CTRL_SET_LOGSTREAM 1
+#define ENGINE_CTRL_SET_PASSWORD_CALLBACK 2
+/* Flags specific to the nCipher "chil" engine */
+#define ENGINE_CTRL_CHIL_SET_FORKCHECK 100
+ /* Depending on the value of the (long)i argument, this sets or
+ * unsets the SimpleForkCheck flag in the CHIL API to enable or
+ * disable checking and workarounds for applications that fork().
+ */
+#define ENGINE_CTRL_CHIL_NO_LOCKING 101
+ /* This prevents the initialisation function from providing mutex
+ * callbacks to the nCipher library. */
+
+/* As we're missing a BIGNUM_METHOD, we need a couple of locally
+ * defined function types that engines can implement. */
+
+#ifndef HEADER_ENGINE_INT_H
+/* mod_exp operation, calculates; r = a ^ p mod m
+ * NB: ctx can be NULL, but if supplied, the implementation may use
+ * it if it wishes. */
+typedef int (*BN_MOD_EXP)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx);
+
+/* private key operation for RSA, provided seperately in case other
+ * RSA implementations wish to use it. */
+typedef int (*BN_MOD_EXP_CRT)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
+ const BIGNUM *iqmp, BN_CTX *ctx);
+
+/* Generic function pointer */
+typedef void (*ENGINE_GEN_FUNC_PTR)();
+/* Generic function pointer taking no arguments */
+typedef void (*ENGINE_GEN_INT_FUNC_PTR)(void);
+/* Specific control function pointer */
+typedef int (*ENGINE_CTRL_FUNC_PTR)(int cmd, long i, void *p, void (*f)());
+
+/* The list of "engine" types is a static array of (const ENGINE*)
+ * pointers (not dynamic because static is fine for now and we otherwise
+ * have to hook an appropriate load/unload function in to initialise and
+ * cleanup). */
+typedef struct engine_st ENGINE;
+#endif
+
+/* STRUCTURE functions ... all of these functions deal with pointers to
+ * ENGINE structures where the pointers have a "structural reference".
+ * This means that their reference is to allow access to the structure
+ * but it does not imply that the structure is functional. To simply
+ * increment or decrement the structural reference count, use ENGINE_new
+ * and ENGINE_free. NB: This is not required when iterating using
+ * ENGINE_get_next as it will automatically decrement the structural
+ * reference count of the "current" ENGINE and increment the structural
+ * reference count of the ENGINE it returns (unless it is NULL). */
+
+/* Get the first/last "ENGINE" type available. */
+ENGINE *ENGINE_get_first(void);
+ENGINE *ENGINE_get_last(void);
+/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
+ENGINE *ENGINE_get_next(ENGINE *e);
+ENGINE *ENGINE_get_prev(ENGINE *e);
+/* Add another "ENGINE" type into the array. */
+int ENGINE_add(ENGINE *e);
+/* Remove an existing "ENGINE" type from the array. */
+int ENGINE_remove(ENGINE *e);
+/* Retrieve an engine from the list by its unique "id" value. */
+ENGINE *ENGINE_by_id(const char *id);
+
+/* These functions are useful for manufacturing new ENGINE
+ * structures. They don't address reference counting at all -
+ * one uses them to populate an ENGINE structure with personalised
+ * implementations of things prior to using it directly or adding
+ * it to the builtin ENGINE list in OpenSSL. These are also here
+ * so that the ENGINE structure doesn't have to be exposed and
+ * break binary compatibility!
+ *
+ * NB: I'm changing ENGINE_new to force the ENGINE structure to
+ * be allocated from within OpenSSL. See the comment for
+ * ENGINE_get_struct_size().
+ */
+#if 0
+ENGINE *ENGINE_new(ENGINE *e);
+#else
+ENGINE *ENGINE_new(void);
+#endif
+int ENGINE_free(ENGINE *e);
+int ENGINE_set_id(ENGINE *e, const char *id);
+int ENGINE_set_name(ENGINE *e, const char *name);
+int ENGINE_set_RSA(ENGINE *e, RSA_METHOD *rsa_meth);
+int ENGINE_set_DSA(ENGINE *e, DSA_METHOD *dsa_meth);
+int ENGINE_set_DH(ENGINE *e, DH_METHOD *dh_meth);
+int ENGINE_set_RAND(ENGINE *e, RAND_METHOD *rand_meth);
+int ENGINE_set_BN_mod_exp(ENGINE *e, BN_MOD_EXP bn_mod_exp);
+int ENGINE_set_BN_mod_exp_crt(ENGINE *e, BN_MOD_EXP_CRT bn_mod_exp_crt);
+int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
+int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
+int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
+
+/* These return values from within the ENGINE structure. These can
+ * be useful with functional references as well as structural
+ * references - it depends which you obtained. Using the result
+ * for functional purposes if you only obtained a structural
+ * reference may be problematic! */
+const char *ENGINE_get_id(ENGINE *e);
+const char *ENGINE_get_name(ENGINE *e);
+RSA_METHOD *ENGINE_get_RSA(ENGINE *e);
+DSA_METHOD *ENGINE_get_DSA(ENGINE *e);
+DH_METHOD *ENGINE_get_DH(ENGINE *e);
+RAND_METHOD *ENGINE_get_RAND(ENGINE *e);
+BN_MOD_EXP ENGINE_get_BN_mod_exp(ENGINE *e);
+BN_MOD_EXP_CRT ENGINE_get_BN_mod_exp_crt(ENGINE *e);
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(ENGINE *e);
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(ENGINE *e);
+ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(ENGINE *e);
+
+/* ENGINE_new is normally passed a NULL in the first parameter because
+ * the calling code doesn't have access to the definition of the ENGINE
+ * structure (for good reason). However, if the caller wishes to use
+ * its own memory allocation or use a static array, the following call
+ * should be used to check the amount of memory the ENGINE structure
+ * will occupy. This will make the code more future-proof.
+ *
+ * NB: I'm "#if 0"-ing this out because it's better to force the use of
+ * internally allocated memory. See similar change in ENGINE_new().
+ */
+#if 0
+int ENGINE_get_struct_size(void);
+#endif
+
+/* FUNCTIONAL functions. These functions deal with ENGINE structures
+ * that have (or will) be initialised for use. Broadly speaking, the
+ * structural functions are useful for iterating the list of available
+ * engine types, creating new engine types, and other "list" operations.
+ * These functions actually deal with ENGINEs that are to be used. As
+ * such these functions can fail (if applicable) when particular
+ * engines are unavailable - eg. if a hardware accelerator is not
+ * attached or not functioning correctly. Each ENGINE has 2 reference
+ * counts; structural and functional. Every time a functional reference
+ * is obtained or released, a corresponding structural reference is
+ * automatically obtained or released too. */
+
+/* Initialise a engine type for use (or up its reference count if it's
+ * already in use). This will fail if the engine is not currently
+ * operational and cannot initialise. */
+int ENGINE_init(ENGINE *e);
+/* Free a functional reference to a engine type. This does not require
+ * a corresponding call to ENGINE_free as it also releases a structural
+ * reference. */
+int ENGINE_finish(ENGINE *e);
+/* Send control parametrised commands to the engine. The possibilities
+ * to send down an integer, a pointer to data or a function pointer are
+ * provided. Any of the parameters may or may not be NULL, depending
+ * on the command number */
+/* WARNING: This is currently experimental and may change radically! */
+int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+
+/* The following functions handle keys that are stored in some secondary
+ * location, handled by the engine. The storage may be on a card or
+ * whatever. */
+EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
+ const char *passphrase);
+EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
+ const char *passphrase);
+
+/* This returns a pointer for the current ENGINE structure that
+ * is (by default) performing any RSA operations. The value returned
+ * is an incremented reference, so it should be free'd (ENGINE_finish)
+ * before it is discarded. */
+ENGINE *ENGINE_get_default_RSA(void);
+/* Same for the other "methods" */
+ENGINE *ENGINE_get_default_DSA(void);
+ENGINE *ENGINE_get_default_DH(void);
+ENGINE *ENGINE_get_default_RAND(void);
+ENGINE *ENGINE_get_default_BN_mod_exp(void);
+ENGINE *ENGINE_get_default_BN_mod_exp_crt(void);
+
+/* This sets a new default ENGINE structure for performing RSA
+ * operations. If the result is non-zero (success) then the ENGINE
+ * structure will have had its reference count up'd so the caller
+ * should still free their own reference 'e'. */
+int ENGINE_set_default_RSA(ENGINE *e);
+/* Same for the other "methods" */
+int ENGINE_set_default_DSA(ENGINE *e);
+int ENGINE_set_default_DH(ENGINE *e);
+int ENGINE_set_default_RAND(ENGINE *e);
+int ENGINE_set_default_BN_mod_exp(ENGINE *e);
+int ENGINE_set_default_BN_mod_exp_crt(ENGINE *e);
+
+/* The combination "set" - the flags are bitwise "OR"d from the
+ * ENGINE_METHOD_*** defines above. */
+int ENGINE_set_default(ENGINE *e, unsigned int flags);
+
+/* Obligatory error function. */
+void ERR_load_ENGINE_strings(void);
+
+/*
+ * Error codes for all engine functions. NB: We use "generic"
+ * function names instead of per-implementation ones because this
+ * levels the playing field for externally implemented bootstrapped
+ * support code. As the filename and line number is included, it's
+ * more important to indicate the type of function, so that
+ * bootstrapped code (that can't easily add its own errors in) can
+ * use the same error codes too.
+ */
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+/* Error codes for the ENGINE functions. */
+
+/* Function codes. */
+#define ENGINE_F_ATALLA_FINISH 135
+#define ENGINE_F_ATALLA_INIT 136
+#define ENGINE_F_ATALLA_MOD_EXP 137
+#define ENGINE_F_ATALLA_RSA_MOD_EXP 138
+#define ENGINE_F_CSWIFT_DSA_SIGN 133
+#define ENGINE_F_CSWIFT_DSA_VERIFY 134
+#define ENGINE_F_CSWIFT_FINISH 100
+#define ENGINE_F_CSWIFT_INIT 101
+#define ENGINE_F_CSWIFT_MOD_EXP 102
+#define ENGINE_F_CSWIFT_MOD_EXP_CRT 103
+#define ENGINE_F_CSWIFT_RSA_MOD_EXP 104
+#define ENGINE_F_ENGINE_ADD 105
+#define ENGINE_F_ENGINE_BY_ID 106
+#define ENGINE_F_ENGINE_CTRL 142
+#define ENGINE_F_ENGINE_FINISH 107
+#define ENGINE_F_ENGINE_FREE 108
+#define ENGINE_F_ENGINE_GET_BN_MOD_EXP 109
+#define ENGINE_F_ENGINE_GET_BN_MOD_EXP_CRT 110
+#define ENGINE_F_ENGINE_GET_CTRL_FUNCTION 144
+#define ENGINE_F_ENGINE_GET_DH 111
+#define ENGINE_F_ENGINE_GET_DSA 112
+#define ENGINE_F_ENGINE_GET_FINISH_FUNCTION 145
+#define ENGINE_F_ENGINE_GET_ID 113
+#define ENGINE_F_ENGINE_GET_INIT_FUNCTION 146
+#define ENGINE_F_ENGINE_GET_NAME 114
+#define ENGINE_F_ENGINE_GET_NEXT 115
+#define ENGINE_F_ENGINE_GET_PREV 116
+#define ENGINE_F_ENGINE_GET_RAND 117
+#define ENGINE_F_ENGINE_GET_RSA 118
+#define ENGINE_F_ENGINE_INIT 119
+#define ENGINE_F_ENGINE_LIST_ADD 120
+#define ENGINE_F_ENGINE_LIST_REMOVE 121
+#define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150
+#define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151
+#define ENGINE_F_ENGINE_NEW 122
+#define ENGINE_F_ENGINE_REMOVE 123
+#define ENGINE_F_ENGINE_SET_BN_MOD_EXP 124
+#define ENGINE_F_ENGINE_SET_BN_MOD_EXP_CRT 125
+#define ENGINE_F_ENGINE_SET_CTRL_FUNCTION 147
+#define ENGINE_F_ENGINE_SET_DEFAULT_TYPE 126
+#define ENGINE_F_ENGINE_SET_DH 127
+#define ENGINE_F_ENGINE_SET_DSA 128
+#define ENGINE_F_ENGINE_SET_FINISH_FUNCTION 148
+#define ENGINE_F_ENGINE_SET_ID 129
+#define ENGINE_F_ENGINE_SET_INIT_FUNCTION 149
+#define ENGINE_F_ENGINE_SET_NAME 130
+#define ENGINE_F_ENGINE_SET_RAND 131
+#define ENGINE_F_ENGINE_SET_RSA 132
+#define ENGINE_F_ENGINE_UNLOAD_KEY 152
+#define ENGINE_F_HWCRHK_CTRL 143
+#define ENGINE_F_HWCRHK_FINISH 135
+#define ENGINE_F_HWCRHK_GET_PASS 155
+#define ENGINE_F_HWCRHK_INIT 136
+#define ENGINE_F_HWCRHK_LOAD_PRIVKEY 153
+#define ENGINE_F_HWCRHK_LOAD_PUBKEY 154
+#define ENGINE_F_HWCRHK_MOD_EXP 137
+#define ENGINE_F_HWCRHK_MOD_EXP_CRT 138
+#define ENGINE_F_HWCRHK_RAND_BYTES 139
+#define ENGINE_F_HWCRHK_RSA_MOD_EXP 140
+#define ENGINE_F_LOG_MESSAGE 141
+#define ENGINE_F_NURON_FINISH 157
+#define ENGINE_F_NURON_INIT 156
+#define ENGINE_F_NURON_MOD_EXP 158
+
+/* Reason codes. */
+#define ENGINE_R_ALREADY_LOADED 100
+#define ENGINE_R_BIO_WAS_FREED 121
+#define ENGINE_R_BN_CTX_FULL 101
+#define ENGINE_R_BN_EXPAND_FAIL 102
+#define ENGINE_R_CHIL_ERROR 123
+#define ENGINE_R_CONFLICTING_ENGINE_ID 103
+#define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119
+#define ENGINE_R_DSO_FAILURE 104
+#define ENGINE_R_DSO_FUNCTION_NOT_FOUND 131
+#define ENGINE_R_DSO_NOT_FOUND 132
+#define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105
+#define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128
+#define ENGINE_R_FAILED_LOADING_PUBLIC_KEY 129
+#define ENGINE_R_FINISH_FAILED 106
+#define ENGINE_R_GET_HANDLE_FAILED 107
+#define ENGINE_R_ID_OR_NAME_MISSING 108
+#define ENGINE_R_INIT_FAILED 109
+#define ENGINE_R_INTERNAL_LIST_ERROR 110
+#define ENGINE_R_MISSING_KEY_COMPONENTS 111
+#define ENGINE_R_NOT_INITIALISED 117
+#define ENGINE_R_NOT_LOADED 112
+#define ENGINE_R_NO_CALLBACK 127
+#define ENGINE_R_NO_CONTROL_FUNCTION 120
+#define ENGINE_R_NO_KEY 124
+#define ENGINE_R_NO_LOAD_FUNCTION 125
+#define ENGINE_R_NO_REFERENCE 130
+#define ENGINE_R_NO_SUCH_ENGINE 116
+#define ENGINE_R_NO_UNLOAD_FUNCTION 126
+#define ENGINE_R_PROVIDE_PARAMETERS 113
+#define ENGINE_R_REQUEST_FAILED 114
+#define ENGINE_R_REQUEST_FALLBACK 118
+#define ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL 122
+#define ENGINE_R_UNIT_FAILURE 115
+
+#ifdef __cplusplus
+}
+#endif
+#endif
+
diff --git a/crypto/engine/engine_err.c b/crypto/engine/engine_err.c
new file mode 100644
index 0000000..44c4fb9
--- /dev/null
+++ b/crypto/engine/engine_err.c
@@ -0,0 +1,188 @@
+/* crypto/engine/engine_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/engine.h>
+
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA ENGINE_str_functs[]=
+ {
+{ERR_PACK(0,ENGINE_F_ATALLA_FINISH,0), "ATALLA_FINISH"},
+{ERR_PACK(0,ENGINE_F_ATALLA_INIT,0), "ATALLA_INIT"},
+{ERR_PACK(0,ENGINE_F_ATALLA_MOD_EXP,0), "ATALLA_MOD_EXP"},
+{ERR_PACK(0,ENGINE_F_ATALLA_RSA_MOD_EXP,0), "ATALLA_RSA_MOD_EXP"},
+{ERR_PACK(0,ENGINE_F_CSWIFT_DSA_SIGN,0), "CSWIFT_DSA_SIGN"},
+{ERR_PACK(0,ENGINE_F_CSWIFT_DSA_VERIFY,0), "CSWIFT_DSA_VERIFY"},
+{ERR_PACK(0,ENGINE_F_CSWIFT_FINISH,0), "CSWIFT_FINISH"},
+{ERR_PACK(0,ENGINE_F_CSWIFT_INIT,0), "CSWIFT_INIT"},
+{ERR_PACK(0,ENGINE_F_CSWIFT_MOD_EXP,0), "CSWIFT_MOD_EXP"},
+{ERR_PACK(0,ENGINE_F_CSWIFT_MOD_EXP_CRT,0), "CSWIFT_MOD_EXP_CRT"},
+{ERR_PACK(0,ENGINE_F_CSWIFT_RSA_MOD_EXP,0), "CSWIFT_RSA_MOD_EXP"},
+{ERR_PACK(0,ENGINE_F_ENGINE_ADD,0), "ENGINE_add"},
+{ERR_PACK(0,ENGINE_F_ENGINE_BY_ID,0), "ENGINE_by_id"},
+{ERR_PACK(0,ENGINE_F_ENGINE_CTRL,0), "ENGINE_ctrl"},
+{ERR_PACK(0,ENGINE_F_ENGINE_FINISH,0), "ENGINE_finish"},
+{ERR_PACK(0,ENGINE_F_ENGINE_FREE,0), "ENGINE_free"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_BN_MOD_EXP,0), "ENGINE_get_BN_mod_exp"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_BN_MOD_EXP_CRT,0), "ENGINE_get_BN_mod_exp_crt"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_CTRL_FUNCTION,0), "ENGINE_get_ctrl_function"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_DH,0), "ENGINE_get_DH"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_DSA,0), "ENGINE_get_DSA"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_FINISH_FUNCTION,0), "ENGINE_get_finish_function"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_ID,0), "ENGINE_get_id"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_INIT_FUNCTION,0), "ENGINE_get_init_function"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_NAME,0), "ENGINE_get_name"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_NEXT,0), "ENGINE_get_next"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_PREV,0), "ENGINE_get_prev"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_RAND,0), "ENGINE_get_RAND"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_RSA,0), "ENGINE_get_RSA"},
+{ERR_PACK(0,ENGINE_F_ENGINE_INIT,0), "ENGINE_init"},
+{ERR_PACK(0,ENGINE_F_ENGINE_LIST_ADD,0), "ENGINE_LIST_ADD"},
+{ERR_PACK(0,ENGINE_F_ENGINE_LIST_REMOVE,0), "ENGINE_LIST_REMOVE"},
+{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,0), "ENGINE_load_private_key"},
+{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,0), "ENGINE_load_public_key"},
+{ERR_PACK(0,ENGINE_F_ENGINE_NEW,0), "ENGINE_new"},
+{ERR_PACK(0,ENGINE_F_ENGINE_REMOVE,0), "ENGINE_remove"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_BN_MOD_EXP,0), "ENGINE_set_BN_mod_exp"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_BN_MOD_EXP_CRT,0), "ENGINE_set_BN_mod_exp_crt"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_CTRL_FUNCTION,0), "ENGINE_set_ctrl_function"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_DEFAULT_TYPE,0), "ENGINE_SET_DEFAULT_TYPE"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_DH,0), "ENGINE_set_DH"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_DSA,0), "ENGINE_set_DSA"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_FINISH_FUNCTION,0), "ENGINE_set_finish_function"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_ID,0), "ENGINE_set_id"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_INIT_FUNCTION,0), "ENGINE_set_init_function"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_NAME,0), "ENGINE_set_name"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_RAND,0), "ENGINE_set_RAND"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_RSA,0), "ENGINE_set_RSA"},
+{ERR_PACK(0,ENGINE_F_ENGINE_UNLOAD_KEY,0), "ENGINE_UNLOAD_KEY"},
+{ERR_PACK(0,ENGINE_F_HWCRHK_CTRL,0), "HWCRHK_CTRL"},
+{ERR_PACK(0,ENGINE_F_HWCRHK_FINISH,0), "HWCRHK_FINISH"},
+{ERR_PACK(0,ENGINE_F_HWCRHK_GET_PASS,0), "HWCRHK_GET_PASS"},
+{ERR_PACK(0,ENGINE_F_HWCRHK_INIT,0), "HWCRHK_INIT"},
+{ERR_PACK(0,ENGINE_F_HWCRHK_LOAD_PRIVKEY,0), "HWCRHK_LOAD_PRIVKEY"},
+{ERR_PACK(0,ENGINE_F_HWCRHK_LOAD_PUBKEY,0), "HWCRHK_LOAD_PUBKEY"},
+{ERR_PACK(0,ENGINE_F_HWCRHK_MOD_EXP,0), "HWCRHK_MOD_EXP"},
+{ERR_PACK(0,ENGINE_F_HWCRHK_MOD_EXP_CRT,0), "HWCRHK_MOD_EXP_CRT"},
+{ERR_PACK(0,ENGINE_F_HWCRHK_RAND_BYTES,0), "HWCRHK_RAND_BYTES"},
+{ERR_PACK(0,ENGINE_F_HWCRHK_RSA_MOD_EXP,0), "HWCRHK_RSA_MOD_EXP"},
+{ERR_PACK(0,ENGINE_F_LOG_MESSAGE,0), "LOG_MESSAGE"},
+{ERR_PACK(0,ENGINE_F_NURON_FINISH,0), "NURON_FINISH"},
+{ERR_PACK(0,ENGINE_F_NURON_INIT,0), "NURON_INIT"},
+{ERR_PACK(0,ENGINE_F_NURON_MOD_EXP,0), "NURON_MOD_EXP"},
+{0,NULL}
+ };
+
+static ERR_STRING_DATA ENGINE_str_reasons[]=
+ {
+{ENGINE_R_ALREADY_LOADED ,"already loaded"},
+{ENGINE_R_BIO_WAS_FREED ,"bio was freed"},
+{ENGINE_R_BN_CTX_FULL ,"BN_CTX full"},
+{ENGINE_R_BN_EXPAND_FAIL ,"bn_expand fail"},
+{ENGINE_R_CHIL_ERROR ,"chil error"},
+{ENGINE_R_CONFLICTING_ENGINE_ID ,"conflicting engine id"},
+{ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"},
+{ENGINE_R_DSO_FAILURE ,"DSO failure"},
+{ENGINE_R_DSO_FUNCTION_NOT_FOUND ,"dso function not found"},
+{ENGINE_R_DSO_NOT_FOUND ,"dso not found"},
+{ENGINE_R_ENGINE_IS_NOT_IN_LIST ,"engine is not in the list"},
+{ENGINE_R_FAILED_LOADING_PRIVATE_KEY ,"failed loading private key"},
+{ENGINE_R_FAILED_LOADING_PUBLIC_KEY ,"failed loading public key"},
+{ENGINE_R_FINISH_FAILED ,"finish failed"},
+{ENGINE_R_GET_HANDLE_FAILED ,"could not obtain hardware handle"},
+{ENGINE_R_ID_OR_NAME_MISSING ,"'id' or 'name' missing"},
+{ENGINE_R_INIT_FAILED ,"init failed"},
+{ENGINE_R_INTERNAL_LIST_ERROR ,"internal list error"},
+{ENGINE_R_MISSING_KEY_COMPONENTS ,"missing key components"},
+{ENGINE_R_NOT_INITIALISED ,"not initialised"},
+{ENGINE_R_NOT_LOADED ,"not loaded"},
+{ENGINE_R_NO_CALLBACK ,"no callback"},
+{ENGINE_R_NO_CONTROL_FUNCTION ,"no control function"},
+{ENGINE_R_NO_KEY ,"no key"},
+{ENGINE_R_NO_LOAD_FUNCTION ,"no load function"},
+{ENGINE_R_NO_REFERENCE ,"no reference"},
+{ENGINE_R_NO_SUCH_ENGINE ,"no such engine"},
+{ENGINE_R_NO_UNLOAD_FUNCTION ,"no unload function"},
+{ENGINE_R_PROVIDE_PARAMETERS ,"provide parameters"},
+{ENGINE_R_REQUEST_FAILED ,"request failed"},
+{ENGINE_R_REQUEST_FALLBACK ,"request fallback"},
+{ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL ,"size too large or too small"},
+{ENGINE_R_UNIT_FAILURE ,"unit failure"},
+{0,NULL}
+ };
+
+#endif
+
+void ERR_load_ENGINE_strings(void)
+ {
+ static int init=1;
+
+ if (init)
+ {
+ init=0;
+#ifndef NO_ERR
+ ERR_load_strings(ERR_LIB_ENGINE,ENGINE_str_functs);
+ ERR_load_strings(ERR_LIB_ENGINE,ENGINE_str_reasons);
+#endif
+
+ }
+ }
diff --git a/crypto/engine/engine_int.h b/crypto/engine/engine_int.h
new file mode 100644
index 0000000..d4aa8fa
--- /dev/null
+++ b/crypto/engine/engine_int.h
@@ -0,0 +1,164 @@
+/* crypto/engine/engine_int.h */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_ENGINE_INT_H
+#define HEADER_ENGINE_INT_H
+
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/dh.h>
+#include <openssl/rand.h>
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Bitwise OR-able values for the "flags" variable in ENGINE. */
+#define ENGINE_FLAGS_MALLOCED 0x0001
+
+#ifndef HEADER_ENGINE_H
+/* Regrettably, we need to reproduce the "BN" function types here
+ * because there is no such "BIGNUM_METHOD" as there is with RSA,
+ * DSA, etc. We do this so that we don't have a case where engine.h
+ * and engine_int.h conflict with each other. */
+typedef int (*BN_MOD_EXP)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx);
+
+/* private key operation for RSA, provided seperately in case other
+ * RSA implementations wish to use it. */
+typedef int (*BN_MOD_EXP_CRT)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
+ const BIGNUM *iqmp, BN_CTX *ctx);
+
+/* Generic function pointer */
+typedef int (*ENGINE_GEN_FUNC_PTR)();
+/* Generic function pointer taking no arguments */
+typedef int (*ENGINE_GEN_INT_FUNC_PTR)(void);
+/* Specific control function pointer */
+typedef int (*ENGINE_CTRL_FUNC_PTR)(int cmd, long i, void *p, void (*f)());
+
+#endif
+
+/* This is a structure for storing implementations of various crypto
+ * algorithms and functions. */
+typedef struct engine_st
+ {
+ const char *id;
+ const char *name;
+ RSA_METHOD *rsa_meth;
+ DSA_METHOD *dsa_meth;
+ DH_METHOD *dh_meth;
+ RAND_METHOD *rand_meth;
+ BN_MOD_EXP bn_mod_exp;
+ BN_MOD_EXP_CRT bn_mod_exp_crt;
+ int (*init)(void);
+ int (*finish)(void);
+ int (*ctrl)(int cmd, long i, void *p, void (*f)());
+ EVP_PKEY *(*load_privkey)(const char *key_id, const char *passphrase);
+ EVP_PKEY *(*load_pubkey)(const char *key_id, const char *passphrase);
+ int flags;
+ /* reference count on the structure itself */
+ int struct_ref;
+ /* reference count on usability of the engine type. NB: This
+ * controls the loading and initialisation of any functionlity
+ * required by this engine, whereas the previous count is
+ * simply to cope with (de)allocation of this structure. Hence,
+ * running_ref <= struct_ref at all times. */
+ int funct_ref;
+ /* Used to maintain the linked-list of engines. */
+ struct engine_st *prev;
+ struct engine_st *next;
+ } ENGINE;
+
+/* BUILT-IN ENGINES. (these functions are only ever called once and
+ * do not return references - they are purely for bootstrapping). */
+
+/* Returns a structure of software only methods (the default). */
+ENGINE *ENGINE_openssl();
+
+#ifndef NO_HW
+
+#ifndef NO_HW_CSWIFT
+/* Returns a structure of cswift methods ... NB: This can exist and be
+ * "used" even on non-cswift systems because the "init" will fail if the
+ * card/library are not found. */
+ENGINE *ENGINE_cswift();
+#endif /* !NO_HW_CSWIFT */
+
+#ifndef NO_HW_NCIPHER
+ENGINE *ENGINE_ncipher();
+#endif /* !NO_HW_NCIPHER */
+
+#ifndef NO_HW_ATALLA
+/* Returns a structure of atalla methods. */
+ENGINE *ENGINE_atalla();
+#endif /* !NO_HW_ATALLA */
+
+#ifndef NO_HW_NURON
+ENGINE *ENGINE_nuron();
+#endif /* !NO_HW_NURON */
+
+#endif /* !NO_HW */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* HEADER_ENGINE_INT_H */
diff --git a/crypto/engine/engine_lib.c b/crypto/engine/engine_lib.c
new file mode 100644
index 0000000..1df07af
--- /dev/null
+++ b/crypto/engine/engine_lib.c
@@ -0,0 +1,488 @@
+/* crypto/engine/engine_lib.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include "engine_int.h"
+#include <openssl/engine.h>
+
+/* These pointers each have their own "functional reference" when they
+ * are non-NULL. Similarly, when they are retrieved by a call to
+ * ENGINE_get_default_[RSA|DSA|...] the returned pointer is also a
+ * reference and the caller is responsible for freeing that when they
+ * are finished with it (with a call to ENGINE_finish() *NOT* just
+ * ENGINE_free()!!!!!!). */
+static ENGINE *engine_def_rsa = NULL;
+static ENGINE *engine_def_dsa = NULL;
+static ENGINE *engine_def_dh = NULL;
+static ENGINE *engine_def_rand = NULL;
+static ENGINE *engine_def_bn_mod_exp = NULL;
+static ENGINE *engine_def_bn_mod_exp_crt = NULL;
+/* A static "once-only" flag used to control if/when the above were
+ * initialised to suitable start-up defaults. */
+static int engine_def_flag = 0;
+
+/* This is used in certain static utility functions to save code
+ * repetition for per-algorithm functions. */
+typedef enum {
+ ENGINE_TYPE_RSA,
+ ENGINE_TYPE_DSA,
+ ENGINE_TYPE_DH,
+ ENGINE_TYPE_RAND,
+ ENGINE_TYPE_BN_MOD_EXP,
+ ENGINE_TYPE_BN_MOD_EXP_CRT
+ } ENGINE_TYPE;
+
+static void engine_def_check_util(ENGINE **def, ENGINE *val)
+ {
+ *def = val;
+ val->struct_ref++;
+ val->funct_ref++;
+ }
+
+/* In a slight break with convention - this static function must be
+ * called *outside* any locking of CRYPTO_LOCK_ENGINE. */
+static void engine_def_check(void)
+ {
+ ENGINE *e;
+ if(engine_def_flag)
+ return;
+ e = ENGINE_get_first();
+ if(e == NULL)
+ /* The list is empty ... not much we can do! */
+ return;
+ /* We have a structural reference, see if getting a functional
+ * reference is possible. This is done to cope with init errors
+ * in the engine - the following locked code does a bunch of
+ * manual "ENGINE_init"s which do *not* allow such an init
+ * error so this is worth doing. */
+ if(ENGINE_init(e))
+ {
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ /* Doing another check here prevents an obvious race
+ * condition because the whole function itself cannot
+ * be locked. */
+ if(engine_def_flag)
+ goto skip_set_defaults;
+ /* OK, we got a functional reference, so we get one each
+ * for the defaults too. */
+ engine_def_check_util(&engine_def_rsa, e);
+ engine_def_check_util(&engine_def_dsa, e);
+ engine_def_check_util(&engine_def_dh, e);
+ engine_def_check_util(&engine_def_rand, e);
+ engine_def_check_util(&engine_def_bn_mod_exp, e);
+ engine_def_check_util(&engine_def_bn_mod_exp_crt, e);
+ engine_def_flag = 1;
+skip_set_defaults:
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ /* The "if" needs to be balanced out. */
+ ENGINE_finish(e);
+ }
+ /* We need to balance out the fact we obtained a structural
+ * reference to begin with from ENGINE_get_first(). */
+ ENGINE_free(e);
+ }
+
+/* Initialise a engine type for use (or up its functional reference count
+ * if it's already in use). */
+int ENGINE_init(ENGINE *e)
+ {
+ int to_return = 1;
+
+ if(e == NULL)
+ {
+ ENGINEerr(ENGINE_F_ENGINE_INIT,ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ if((e->funct_ref == 0) && e->init)
+ /* This is the first functional reference and the engine
+ * requires initialisation so we do it now. */
+ to_return = e->init();
+ if(to_return)
+ {
+ /* OK, we return a functional reference which is also a
+ * structural reference. */
+ e->struct_ref++;
+ e->funct_ref++;
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ return to_return;
+ }
+
+/* Free a functional reference to a engine type */
+int ENGINE_finish(ENGINE *e)
+ {
+ int to_return = 1;
+
+ if(e == NULL)
+ {
+ ENGINEerr(ENGINE_F_ENGINE_FINISH,ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ if((e->funct_ref == 1) && e->finish)
+#if 0
+ /* This is the last functional reference and the engine
+ * requires cleanup so we do it now. */
+ to_return = e->finish();
+ if(to_return)
+ {
+ /* Cleanup the functional reference which is also a
+ * structural reference. */
+ e->struct_ref--;
+ e->funct_ref--;
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+#else
+ /* I'm going to deliberately do a convoluted version of this
+ * piece of code because we don't want "finish" functions
+ * being called inside a locked block of code, if at all
+ * possible. I'd rather have this call take an extra couple
+ * of ticks than have throughput serialised on a externally-
+ * provided callback function that may conceivably never come
+ * back. :-( */
+ {
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ /* CODE ALERT: This *IS* supposed to be "=" and NOT "==" :-) */
+ if((to_return = e->finish()))
+ {
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ /* Cleanup the functional reference which is also a
+ * structural reference. */
+ e->struct_ref--;
+ e->funct_ref--;
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ }
+ }
+ else
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+#endif
+ return to_return;
+ }
+
+EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
+ const char *passphrase)
+ {
+ EVP_PKEY *pkey;
+
+ if(e == NULL)
+ {
+ ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ if(e->funct_ref == 0)
+ {
+ ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+ ENGINE_R_NOT_INITIALISED);
+ return 0;
+ }
+ if (!e->load_privkey)
+ {
+ ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+ ENGINE_R_NO_LOAD_FUNCTION);
+ return 0;
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ pkey = e->load_privkey(key_id, passphrase);
+ if (!pkey)
+ {
+ ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+ ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
+ return 0;
+ }
+ return pkey;
+ }
+
+EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
+ const char *passphrase)
+ {
+ EVP_PKEY *pkey;
+
+ if(e == NULL)
+ {
+ ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ if(e->funct_ref == 0)
+ {
+ ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+ ENGINE_R_NOT_INITIALISED);
+ return 0;
+ }
+ if (!e->load_pubkey)
+ {
+ ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+ ENGINE_R_NO_LOAD_FUNCTION);
+ return 0;
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ pkey = e->load_pubkey(key_id, passphrase);
+ if (!pkey)
+ {
+ ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+ ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
+ return 0;
+ }
+ return pkey;
+ }
+
+/* Initialise a engine type for use (or up its functional reference count
+ * if it's already in use). */
+int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+ {
+ if(e == NULL)
+ {
+ ENGINEerr(ENGINE_F_ENGINE_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ if(e->struct_ref == 0)
+ {
+ ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_REFERENCE);
+ return 0;
+ }
+ if (!e->ctrl)
+ {
+ ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION);
+ return 0;
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ return e->ctrl(cmd, i, p, f);
+ }
+
+static ENGINE *engine_get_default_type(ENGINE_TYPE t)
+ {
+ ENGINE *ret = NULL;
+
+ /* engine_def_check is lean and mean and won't replace any
+ * prior default engines ... so we must ensure that it is always
+ * the first function to get to touch the default values. */
+ engine_def_check();
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ switch(t)
+ {
+ case ENGINE_TYPE_RSA:
+ ret = engine_def_rsa; break;
+ case ENGINE_TYPE_DSA:
+ ret = engine_def_dsa; break;
+ case ENGINE_TYPE_DH:
+ ret = engine_def_dh; break;
+ case ENGINE_TYPE_RAND:
+ ret = engine_def_rand; break;
+ case ENGINE_TYPE_BN_MOD_EXP:
+ ret = engine_def_bn_mod_exp; break;
+ case ENGINE_TYPE_BN_MOD_EXP_CRT:
+ ret = engine_def_bn_mod_exp_crt; break;
+ }
+ /* Unforunately we can't do this work outside the lock with a
+ * call to ENGINE_init() because that would leave a race
+ * condition open. */
+ if(ret)
+ {
+ ret->struct_ref++;
+ ret->funct_ref++;
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ return ret;
+ }
+
+ENGINE *ENGINE_get_default_RSA(void)
+ {
+ return engine_get_default_type(ENGINE_TYPE_RSA);
+ }
+
+ENGINE *ENGINE_get_default_DSA(void)
+ {
+ return engine_get_default_type(ENGINE_TYPE_DSA);
+ }
+
+ENGINE *ENGINE_get_default_DH(void)
+ {
+ return engine_get_default_type(ENGINE_TYPE_DH);
+ }
+
+ENGINE *ENGINE_get_default_RAND(void)
+ {
+ return engine_get_default_type(ENGINE_TYPE_RAND);
+ }
+
+ENGINE *ENGINE_get_default_BN_mod_exp(void)
+ {
+ return engine_get_default_type(ENGINE_TYPE_BN_MOD_EXP);
+ }
+
+ENGINE *ENGINE_get_default_BN_mod_exp_crt(void)
+ {
+ return engine_get_default_type(ENGINE_TYPE_BN_MOD_EXP_CRT);
+ }
+
+static int engine_set_default_type(ENGINE_TYPE t, ENGINE *e)
+ {
+ ENGINE *old = NULL;
+
+ if(e == NULL)
+ {
+ ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_TYPE,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ /* engine_def_check is lean and mean and won't replace any
+ * prior default engines ... so we must ensure that it is always
+ * the first function to get to touch the default values. */
+ engine_def_check();
+ /* Attempt to get a functional reference (we need one anyway, but
+ * also, 'e' may be just a structural reference being passed in so
+ * this call may actually be the first). */
+ if(!ENGINE_init(e))
+ {
+ ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_TYPE,
+ ENGINE_R_INIT_FAILED);
+ return 0;
+ }
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ switch(t)
+ {
+ case ENGINE_TYPE_RSA:
+ old = engine_def_rsa;
+ engine_def_rsa = e; break;
+ case ENGINE_TYPE_DSA:
+ old = engine_def_dsa;
+ engine_def_dsa = e; break;
+ case ENGINE_TYPE_DH:
+ old = engine_def_dh;
+ engine_def_dh = e; break;
+ case ENGINE_TYPE_RAND:
+ old = engine_def_rand;
+ engine_def_rand = e; break;
+ case ENGINE_TYPE_BN_MOD_EXP:
+ old = engine_def_bn_mod_exp;
+ engine_def_bn_mod_exp = e; break;
+ case ENGINE_TYPE_BN_MOD_EXP_CRT:
+ old = engine_def_bn_mod_exp_crt;
+ engine_def_bn_mod_exp_crt = e; break;
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ /* If we've replaced a previous value, then we need to remove the
+ * functional reference we had. */
+ if(old && !ENGINE_finish(old))
+ {
+ ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_TYPE,
+ ENGINE_R_FINISH_FAILED);
+ return 0;
+ }
+ return 1;
+ }
+
+int ENGINE_set_default_RSA(ENGINE *e)
+ {
+ return engine_set_default_type(ENGINE_TYPE_RSA, e);
+ }
+
+int ENGINE_set_default_DSA(ENGINE *e)
+ {
+ return engine_set_default_type(ENGINE_TYPE_DSA, e);
+ }
+
+int ENGINE_set_default_DH(ENGINE *e)
+ {
+ return engine_set_default_type(ENGINE_TYPE_DH, e);
+ }
+
+int ENGINE_set_default_RAND(ENGINE *e)
+ {
+ return engine_set_default_type(ENGINE_TYPE_RAND, e);
+ }
+
+int ENGINE_set_default_BN_mod_exp(ENGINE *e)
+ {
+ return engine_set_default_type(ENGINE_TYPE_BN_MOD_EXP, e);
+ }
+
+int ENGINE_set_default_BN_mod_exp_crt(ENGINE *e)
+ {
+ return engine_set_default_type(ENGINE_TYPE_BN_MOD_EXP_CRT, e);
+ }
+
+int ENGINE_set_default(ENGINE *e, unsigned int flags)
+ {
+ if((flags & ENGINE_METHOD_RSA) && e->rsa_meth &&
+ !ENGINE_set_default_RSA(e))
+ return 0;
+ if((flags & ENGINE_METHOD_DSA) && e->dsa_meth &&
+ !ENGINE_set_default_DSA(e))
+ return 0;
+ if((flags & ENGINE_METHOD_DH) && e->dh_meth &&
+ !ENGINE_set_default_DH(e))
+ return 0;
+ if((flags & ENGINE_METHOD_RAND) && e->rand_meth &&
+ !ENGINE_set_default_RAND(e))
+ return 0;
+ if((flags & ENGINE_METHOD_BN_MOD_EXP) && e->bn_mod_exp &&
+ !ENGINE_set_default_BN_mod_exp(e))
+ return 0;
+ if((flags & ENGINE_METHOD_BN_MOD_EXP_CRT) && e->bn_mod_exp_crt &&
+ !ENGINE_set_default_BN_mod_exp_crt(e))
+ return 0;
+ return 1;
+ }
+
diff --git a/crypto/engine/engine_list.c b/crypto/engine/engine_list.c
new file mode 100644
index 0000000..8fe4f30
--- /dev/null
+++ b/crypto/engine/engine_list.c
@@ -0,0 +1,679 @@
+/* crypto/engine/engine_list.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include "engine_int.h"
+#include <openssl/engine.h>
+
+/* The linked-list of pointers to engine types. engine_list_head
+ * incorporates an implicit structural reference but engine_list_tail
+ * does not - the latter is a computational niceity and only points
+ * to something that is already pointed to by its predecessor in the
+ * list (or engine_list_head itself). In the same way, the use of the
+ * "prev" pointer in each ENGINE is to save excessive list iteration,
+ * it doesn't correspond to an extra structural reference. Hence,
+ * engine_list_head, and each non-null "next" pointer account for
+ * the list itself assuming exactly 1 structural reference on each
+ * list member. */
+static ENGINE *engine_list_head = NULL;
+static ENGINE *engine_list_tail = NULL;
+/* A boolean switch, used to ensure we only initialise once. This
+ * is needed because the engine list may genuinely become empty during
+ * use (so we can't use engine_list_head as an indicator for example. */
+static int engine_list_flag = 0;
+
+/* These static functions starting with a lower case "engine_" always
+ * take place when CRYPTO_LOCK_ENGINE has been locked up. */
+static int engine_list_add(ENGINE *e)
+ {
+ int conflict = 0;
+ ENGINE *iterator = NULL;
+
+ if(e == NULL)
+ {
+ ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ iterator = engine_list_head;
+ while(iterator && !conflict)
+ {
+ conflict = (strcmp(iterator->id, e->id) == 0);
+ iterator = iterator->next;
+ }
+ if(conflict)
+ {
+ ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
+ ENGINE_R_CONFLICTING_ENGINE_ID);
+ return 0;
+ }
+ if(engine_list_head == NULL)
+ {
+ /* We are adding to an empty list. */
+ if(engine_list_tail)
+ {
+ ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
+ ENGINE_R_INTERNAL_LIST_ERROR);
+ return 0;
+ }
+ engine_list_head = e;
+ e->prev = NULL;
+ }
+ else
+ {
+ /* We are adding to the tail of an existing list. */
+ if((engine_list_tail == NULL) ||
+ (engine_list_tail->next != NULL))
+ {
+ ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
+ ENGINE_R_INTERNAL_LIST_ERROR);
+ return 0;
+ }
+ engine_list_tail->next = e;
+ e->prev = engine_list_tail;
+ }
+ /* Having the engine in the list assumes a structural
+ * reference. */
+ e->struct_ref++;
+ /* However it came to be, e is the last item in the list. */
+ engine_list_tail = e;
+ e->next = NULL;
+ return 1;
+ }
+
+static int engine_list_remove(ENGINE *e)
+ {
+ ENGINE *iterator;
+
+ if(e == NULL)
+ {
+ ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ /* We need to check that e is in our linked list! */
+ iterator = engine_list_head;
+ while(iterator && (iterator != e))
+ iterator = iterator->next;
+ if(iterator == NULL)
+ {
+ ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
+ ENGINE_R_ENGINE_IS_NOT_IN_LIST);
+ return 0;
+ }
+ /* un-link e from the chain. */
+ if(e->next)
+ e->next->prev = e->prev;
+ if(e->prev)
+ e->prev->next = e->next;
+ /* Correct our head/tail if necessary. */
+ if(engine_list_head == e)
+ engine_list_head = e->next;
+ if(engine_list_tail == e)
+ engine_list_tail = e->prev;
+ /* remove our structural reference. */
+ e->struct_ref--;
+ return 1;
+ }
+
+/* This check always takes place with CRYPTO_LOCK_ENGINE locked up
+ * so we're synchronised, but we can't call anything that tries to
+ * lock it again! :-) NB: For convenience (and code-clarity) we
+ * don't output errors for failures of the engine_list_add function
+ * as it will generate errors itself. */
+static int engine_internal_check(void)
+ {
+ if(engine_list_flag)
+ return 1;
+ /* This is our first time up, we need to populate the list
+ * with our statically compiled-in engines. */
+ if(!engine_list_add(ENGINE_openssl()))
+ return 0;
+#ifndef NO_HW
+#ifndef NO_HW_CSWIFT
+ if(!engine_list_add(ENGINE_cswift()))
+ return 0;
+#endif /* !NO_HW_CSWIFT */
+#ifndef NO_HW_NCIPHER
+ if(!engine_list_add(ENGINE_ncipher()))
+ return 0;
+#endif /* !NO_HW_NCIPHER */
+#ifndef NO_HW_ATALLA
+ if(!engine_list_add(ENGINE_atalla()))
+ return 0;
+#endif /* !NO_HW_ATALLA */
+#ifndef NO_HW_NURON
+ if(!engine_list_add(ENGINE_nuron()))
+ return 0;
+#endif /* !NO_HW_NURON */
+#endif /* !NO_HW */
+ engine_list_flag = 1;
+ return 1;
+ }
+
+/* Get the first/last "ENGINE" type available. */
+ENGINE *ENGINE_get_first(void)
+ {
+ ENGINE *ret = NULL;
+
+ CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
+ if(engine_internal_check())
+ {
+ ret = engine_list_head;
+ if(ret)
+ ret->struct_ref++;
+ }
+ CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
+ return ret;
+ }
+ENGINE *ENGINE_get_last(void)
+ {
+ ENGINE *ret = NULL;
+
+ CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
+ if(engine_internal_check())
+ {
+ ret = engine_list_tail;
+ if(ret)
+ ret->struct_ref++;
+ }
+ CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
+ return ret;
+ }
+
+/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
+ENGINE *ENGINE_get_next(ENGINE *e)
+ {
+ ENGINE *ret = NULL;
+ if(e == NULL)
+ {
+ ENGINEerr(ENGINE_F_ENGINE_GET_NEXT,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
+ ret = e->next;
+ e->struct_ref--;
+ if(ret)
+ ret->struct_ref++;
+ CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
+ return ret;
+ }
+ENGINE *ENGINE_get_prev(ENGINE *e)
+ {
+ ENGINE *ret = NULL;
+ if(e == NULL)
+ {
+ ENGINEerr(ENGINE_F_ENGINE_GET_PREV,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
+ ret = e->prev;
+ e->struct_ref--;
+ if(ret)
+ ret->struct_ref++;
+ CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
+ return ret;
+ }
+
+/* Add another "ENGINE" type into the list. */
+int ENGINE_add(ENGINE *e)
+ {
+ int to_return = 1;
+ if(e == NULL)
+ {
+ ENGINEerr(ENGINE_F_ENGINE_ADD,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ if((e->id == NULL) || (e->name == NULL))
+ {
+ ENGINEerr(ENGINE_F_ENGINE_ADD,
+ ENGINE_R_ID_OR_NAME_MISSING);
+ }
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ if(!engine_internal_check() || !engine_list_add(e))
+ {
+ ENGINEerr(ENGINE_F_ENGINE_ADD,
+ ENGINE_R_INTERNAL_LIST_ERROR);
+ to_return = 0;
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ return to_return;
+ }
+
+/* Remove an existing "ENGINE" type from the array. */
+int ENGINE_remove(ENGINE *e)
+ {
+ int to_return = 1;
+ if(e == NULL)
+ {
+ ENGINEerr(ENGINE_F_ENGINE_REMOVE,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ if(!engine_internal_check() || !engine_list_remove(e))
+ {
+ ENGINEerr(ENGINE_F_ENGINE_REMOVE,
+ ENGINE_R_INTERNAL_LIST_ERROR);
+ to_return = 0;
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ return to_return;
+ }
+
+ENGINE *ENGINE_by_id(const char *id)
+ {
+ ENGINE *iterator = NULL;
+ if(id == NULL)
+ {
+ ENGINEerr(ENGINE_F_ENGINE_BY_ID,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return NULL;
+ }
+ CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
+ if(!engine_internal_check())
+ ENGINEerr(ENGINE_F_ENGINE_BY_ID,
+ ENGINE_R_INTERNAL_LIST_ERROR);
+ else
+ {
+ iterator = engine_list_head;
+ while(iterator && (strcmp(id, iterator->id) != 0))
+ iterator = iterator->next;
+ if(iterator)
+ /* We need to return a structural reference */
+ iterator->struct_ref++;
+ }
+ CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
+ if(iterator == NULL)
+ ENGINEerr(ENGINE_F_ENGINE_BY_ID,
+ ENGINE_R_NO_SUCH_ENGINE);
+ return iterator;
+ }
+
+/* As per the comments in engine.h, it is generally better all round
+ * if the ENGINE structure is allocated within this framework. */
+#if 0
+int ENGINE_get_struct_size(void)
+ {
+ return sizeof(ENGINE);
+ }
+
+ENGINE *ENGINE_new(ENGINE *e)
+ {
+ ENGINE *ret;
+
+ if(e == NULL)
+ {
+ ret = (ENGINE *)(OPENSSL_malloc(sizeof(ENGINE));
+ if(ret == NULL)
+ {
+ ENGINEerr(ENGINE_F_ENGINE_NEW,
+ ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ }
+ else
+ ret = e;
+ memset(ret, 0, sizeof(ENGINE));
+ if(e)
+ ret->flags = ENGINE_FLAGS_MALLOCED;
+ ret->struct_ref = 1;
+ return ret;
+ }
+#else
+ENGINE *ENGINE_new(void)
+ {
+ ENGINE *ret;
+
+ ret = (ENGINE *)OPENSSL_malloc(sizeof(ENGINE));
+ if(ret == NULL)
+ {
+ ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ memset(ret, 0, sizeof(ENGINE));
+ ret->flags = ENGINE_FLAGS_MALLOCED;
+ ret->struct_ref = 1;
+ return ret;
+ }
+#endif
+
+int ENGINE_free(ENGINE *e)
+ {
+ int i;
+
+ if(e == NULL)
+ {
+ ENGINEerr(ENGINE_F_ENGINE_FREE,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ i = CRYPTO_add(&e->struct_ref,-1,CRYPTO_LOCK_ENGINE);
+#ifdef REF_PRINT
+ REF_PRINT("ENGINE",e);
+#endif
+ if (i > 0) return 1;
+#ifdef REF_CHECK
+ if (i < 0)
+ {
+ fprintf(stderr,"ENGINE_free, bad reference count\n");
+ abort();
+ }
+#endif
+ if(e->flags & ENGINE_FLAGS_MALLOCED)
+ OPENSSL_free(e);
+ return 1;
+ }
+
+int ENGINE_set_id(ENGINE *e, const char *id)
+ {
+ if((e == NULL) || (id == NULL))
+ {
+ ENGINEerr(ENGINE_F_ENGINE_SET_ID,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ e->id = id;
+ return 1;
+ }
+
+int ENGINE_set_name(ENGINE *e, const char *name)
+ {
+ if((e == NULL) || (name == NULL))
+ {
+ ENGINEerr(ENGINE_F_ENGINE_SET_NAME,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ e->name = name;
+ return 1;
+ }
+
+int ENGINE_set_RSA(ENGINE *e, RSA_METHOD *rsa_meth)
+ {
+ if((e == NULL) || (rsa_meth == NULL))
+ {
+ ENGINEerr(ENGINE_F_ENGINE_SET_RSA,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ e->rsa_meth = rsa_meth;
+ return 1;
+ }
+
+int ENGINE_set_DSA(ENGINE *e, DSA_METHOD *dsa_meth)
+ {
+ if((e == NULL) || (dsa_meth == NULL))
+ {
+ ENGINEerr(ENGINE_F_ENGINE_SET_DSA,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ e->dsa_meth = dsa_meth;
+ return 1;
+ }
+
+int ENGINE_set_DH(ENGINE *e, DH_METHOD *dh_meth)
+ {
+ if((e == NULL) || (dh_meth == NULL))
+ {
+ ENGINEerr(ENGINE_F_ENGINE_SET_DH,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ e->dh_meth = dh_meth;
+ return 1;
+ }
+
+int ENGINE_set_RAND(ENGINE *e, RAND_METHOD *rand_meth)
+ {
+ if((e == NULL) || (rand_meth == NULL))
+ {
+ ENGINEerr(ENGINE_F_ENGINE_SET_RAND,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ e->rand_meth = rand_meth;
+ return 1;
+ }
+
+int ENGINE_set_BN_mod_exp(ENGINE *e, BN_MOD_EXP bn_mod_exp)
+ {
+ if((e == NULL) || (bn_mod_exp == NULL))
+ {
+ ENGINEerr(ENGINE_F_ENGINE_SET_BN_MOD_EXP,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ e->bn_mod_exp = bn_mod_exp;
+ return 1;
+ }
+
+int ENGINE_set_BN_mod_exp_crt(ENGINE *e, BN_MOD_EXP_CRT bn_mod_exp_crt)
+ {
+ if((e == NULL) || (bn_mod_exp_crt == NULL))
+ {
+ ENGINEerr(ENGINE_F_ENGINE_SET_BN_MOD_EXP_CRT,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ e->bn_mod_exp_crt = bn_mod_exp_crt;
+ return 1;
+ }
+
+int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f)
+ {
+ if((e == NULL) || (init_f == NULL))
+ {
+ ENGINEerr(ENGINE_F_ENGINE_SET_INIT_FUNCTION,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ e->init = init_f;
+ return 1;
+ }
+
+int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f)
+ {
+ if((e == NULL) || (finish_f == NULL))
+ {
+ ENGINEerr(ENGINE_F_ENGINE_SET_FINISH_FUNCTION,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ e->finish = finish_f;
+ return 1;
+ }
+
+int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f)
+ {
+ if((e == NULL) || (ctrl_f == NULL))
+ {
+ ENGINEerr(ENGINE_F_ENGINE_SET_CTRL_FUNCTION,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ e->ctrl = ctrl_f;
+ return 1;
+ }
+
+const char *ENGINE_get_id(ENGINE *e)
+ {
+ if(e == NULL)
+ {
+ ENGINEerr(ENGINE_F_ENGINE_GET_ID,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ return e->id;
+ }
+
+const char *ENGINE_get_name(ENGINE *e)
+ {
+ if(e == NULL)
+ {
+ ENGINEerr(ENGINE_F_ENGINE_GET_NAME,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ return e->name;
+ }
+
+RSA_METHOD *ENGINE_get_RSA(ENGINE *e)
+ {
+ if(e == NULL)
+ {
+ ENGINEerr(ENGINE_F_ENGINE_GET_RSA,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return NULL;
+ }
+ return e->rsa_meth;
+ }
+
+DSA_METHOD *ENGINE_get_DSA(ENGINE *e)
+ {
+ if(e == NULL)
+ {
+ ENGINEerr(ENGINE_F_ENGINE_GET_DSA,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return NULL;
+ }
+ return e->dsa_meth;
+ }
+
+DH_METHOD *ENGINE_get_DH(ENGINE *e)
+ {
+ if(e == NULL)
+ {
+ ENGINEerr(ENGINE_F_ENGINE_GET_DH,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return NULL;
+ }
+ return e->dh_meth;
+ }
+
+RAND_METHOD *ENGINE_get_RAND(ENGINE *e)
+ {
+ if(e == NULL)
+ {
+ ENGINEerr(ENGINE_F_ENGINE_GET_RAND,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return NULL;
+ }
+ return e->rand_meth;
+ }
+
+BN_MOD_EXP ENGINE_get_BN_mod_exp(ENGINE *e)
+ {
+ if(e == NULL)
+ {
+ ENGINEerr(ENGINE_F_ENGINE_GET_BN_MOD_EXP,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return NULL;
+ }
+ return e->bn_mod_exp;
+ }
+
+BN_MOD_EXP_CRT ENGINE_get_BN_mod_exp_crt(ENGINE *e)
+ {
+ if(e == NULL)
+ {
+ ENGINEerr(ENGINE_F_ENGINE_GET_BN_MOD_EXP_CRT,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return NULL;
+ }
+ return e->bn_mod_exp_crt;
+ }
+
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(ENGINE *e)
+ {
+ if(e == NULL)
+ {
+ ENGINEerr(ENGINE_F_ENGINE_GET_INIT_FUNCTION,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return NULL;
+ }
+ return e->init;
+ }
+
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(ENGINE *e)
+ {
+ if(e == NULL)
+ {
+ ENGINEerr(ENGINE_F_ENGINE_GET_FINISH_FUNCTION,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return NULL;
+ }
+ return e->finish;
+ }
+
+ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(ENGINE *e)
+ {
+ if(e == NULL)
+ {
+ ENGINEerr(ENGINE_F_ENGINE_GET_CTRL_FUNCTION,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return NULL;
+ }
+ return e->ctrl;
+ }
+
diff --git a/crypto/engine/engine_openssl.c b/crypto/engine/engine_openssl.c
new file mode 100644
index 0000000..9636f51
--- /dev/null
+++ b/crypto/engine/engine_openssl.c
@@ -0,0 +1,174 @@
+/* crypto/engine/engine_openssl.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include "engine_int.h"
+#include <openssl/engine.h>
+#include <openssl/dso.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/dh.h>
+#include <openssl/rand.h>
+#include <openssl/bn.h>
+
+/* This is the only function we need to implement as OpenSSL
+ * doesn't have a native CRT mod_exp. Perhaps this should be
+ * BN_mod_exp_crt and moved into crypto/bn/ ?? ... dunno. */
+static int openssl_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
+ const BIGNUM *iqmp, BN_CTX *ctx);
+
+/* The ENGINE structure that can be pointed to. */
+static ENGINE engine_openssl =
+ {
+ "openssl",
+ "Software default engine support",
+ NULL,
+ NULL,
+ NULL, /* these methods are "stolen" in ENGINE_openssl() */
+ NULL,
+ NULL,
+ openssl_mod_exp_crt,
+ NULL, /* no init() */
+ NULL, /* no finish() */
+ NULL, /* no ctrl() */
+ NULL, /* no load_privkey() */
+ NULL, /* no load_pubkey() */
+ 0, /* no flags */
+ 0, 0, /* no references. */
+ NULL, NULL /* unlinked */
+ };
+
+/* As this is only ever called once, there's no need for locking
+ * (indeed - the lock will already be held by our caller!!!) */
+ENGINE *ENGINE_openssl()
+ {
+ /* We need to populate our structure with the software pointers
+ * that we want to steal. */
+ engine_openssl.rsa_meth = RSA_get_default_openssl_method();
+ engine_openssl.dsa_meth = DSA_get_default_openssl_method();
+ engine_openssl.dh_meth = DH_get_default_openssl_method();
+ engine_openssl.rand_meth = RAND_SSLeay();
+ engine_openssl.bn_mod_exp = BN_mod_exp;
+ return &engine_openssl;
+ }
+
+/* Chinese Remainder Theorem, taken and adapted from rsa_eay.c */
+static int openssl_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *q, const BIGNUM *dmp1,
+ const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx)
+ {
+ BIGNUM r1,m1;
+ int ret=0;
+ BN_CTX *bn_ctx;
+ BIGNUM *temp_bn = NULL;
+
+ if (ctx)
+ bn_ctx = ctx;
+ else
+ if ((bn_ctx=BN_CTX_new()) == NULL) goto err;
+ BN_init(&m1);
+ BN_init(&r1);
+ /* BN_mul() cannot accept const BIGNUMs so I use the BN_CTX
+ * to duplicate what I need. <sigh> */
+ if ((temp_bn = BN_CTX_get(bn_ctx)) == NULL) goto err;
+ if (!BN_copy(temp_bn, iqmp)) goto err;
+
+ if (!BN_mod(&r1, a, q, bn_ctx)) goto err;
+ if (!engine_openssl.bn_mod_exp(&m1, &r1, dmq1, q, bn_ctx))
+ goto err;
+
+ if (!BN_mod(&r1, a, p, bn_ctx)) goto err;
+ if (!engine_openssl.bn_mod_exp(r, &r1, dmp1, p, bn_ctx))
+ goto err;
+
+ if (!BN_sub(r, r, &m1)) goto err;
+ /* This will help stop the size of r0 increasing, which does
+ * affect the multiply if it optimised for a power of 2 size */
+ if (r->neg)
+ if (!BN_add(r, r, p)) goto err;
+
+ if (!BN_mul(&r1, r, temp_bn, bn_ctx)) goto err;
+ if (!BN_mod(r, &r1, p, bn_ctx)) goto err;
+ /* If p < q it is occasionally possible for the correction of
+ * adding 'p' if r is negative above to leave the result still
+ * negative. This can break the private key operations: the following
+ * second correction should *always* correct this rare occurrence.
+ * This will *never* happen with OpenSSL generated keys because
+ * they ensure p > q [steve]
+ */
+ if (r->neg)
+ if (!BN_add(r, r, p)) goto err;
+ /* Again, BN_mul() will need non-const values. */
+ if (!BN_copy(temp_bn, q)) goto err;
+ if (!BN_mul(&r1, r, temp_bn, bn_ctx)) goto err;
+ if (!BN_add(r, &r1, &m1)) goto err;
+
+ ret=1;
+err:
+ BN_clear_free(&m1);
+ BN_clear_free(&r1);
+ if (temp_bn)
+ bn_ctx->tos--;
+ if (!ctx)
+ BN_CTX_free(bn_ctx);
+ return(ret);
+ }
diff --git a/crypto/engine/enginetest.c b/crypto/engine/enginetest.c
new file mode 100644
index 0000000..a5a3c47
--- /dev/null
+++ b/crypto/engine/enginetest.c
@@ -0,0 +1,251 @@
+/* crypto/engine/enginetest.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/engine.h>
+#include <openssl/err.h>
+
+static void display_engine_list()
+ {
+ ENGINE *h;
+ int loop;
+
+ h = ENGINE_get_first();
+ loop = 0;
+ printf("listing available engine types\n");
+ while(h)
+ {
+ printf("engine %i, id = \"%s\", name = \"%s\"\n",
+ loop++, ENGINE_get_id(h), ENGINE_get_name(h));
+ h = ENGINE_get_next(h);
+ }
+ printf("end of list\n");
+ }
+
+int main(int argc, char *argv[])
+ {
+ ENGINE *block[512];
+ char buf[256];
+ const char *id, *name;
+ ENGINE *ptr;
+ int loop;
+ int to_return = 1;
+ ENGINE *new_h1 = NULL;
+ ENGINE *new_h2 = NULL;
+ ENGINE *new_h3 = NULL;
+ ENGINE *new_h4 = NULL;
+
+ ERR_load_crypto_strings();
+
+ memset(block, 0, 512 * sizeof(ENGINE *));
+ if(((new_h1 = ENGINE_new()) == NULL) ||
+ !ENGINE_set_id(new_h1, "test_id0") ||
+ !ENGINE_set_name(new_h1, "First test item") ||
+ ((new_h2 = ENGINE_new()) == NULL) ||
+ !ENGINE_set_id(new_h2, "test_id1") ||
+ !ENGINE_set_name(new_h2, "Second test item") ||
+ ((new_h3 = ENGINE_new()) == NULL) ||
+ !ENGINE_set_id(new_h3, "test_id2") ||
+ !ENGINE_set_name(new_h3, "Third test item") ||
+ ((new_h4 = ENGINE_new()) == NULL) ||
+ !ENGINE_set_id(new_h4, "test_id3") ||
+ !ENGINE_set_name(new_h4, "Fourth test item"))
+ {
+ printf("Couldn't set up test ENGINE structures\n");
+ goto end;
+ }
+ printf("\nenginetest beginning\n\n");
+ display_engine_list();
+ if(!ENGINE_add(new_h1))
+ {
+ printf("Add failed!\n");
+ goto end;
+ }
+ display_engine_list();
+ ptr = ENGINE_get_first();
+ if(!ENGINE_remove(ptr))
+ {
+ printf("Remove failed!\n");
+ goto end;
+ }
+ display_engine_list();
+ if(!ENGINE_add(new_h3) || !ENGINE_add(new_h2))
+ {
+ printf("Add failed!\n");
+ goto end;
+ }
+ display_engine_list();
+ if(!ENGINE_remove(new_h2))
+ {
+ printf("Remove failed!\n");
+ goto end;
+ }
+ display_engine_list();
+ if(!ENGINE_add(new_h4))
+ {
+ printf("Add failed!\n");
+ goto end;
+ }
+ display_engine_list();
+ if(ENGINE_add(new_h3))
+ {
+ printf("Add *should* have failed but didn't!\n");
+ goto end;
+ }
+ else
+ printf("Add that should fail did.\n");
+ ERR_clear_error();
+ if(ENGINE_remove(new_h2))
+ {
+ printf("Remove *should* have failed but didn't!\n");
+ goto end;
+ }
+ else
+ printf("Remove that should fail did.\n");
+ if(!ENGINE_remove(new_h1))
+ {
+ printf("Remove failed!\n");
+ goto end;
+ }
+ display_engine_list();
+ if(!ENGINE_remove(new_h3))
+ {
+ printf("Remove failed!\n");
+ goto end;
+ }
+ display_engine_list();
+ if(!ENGINE_remove(new_h4))
+ {
+ printf("Remove failed!\n");
+ goto end;
+ }
+ display_engine_list();
+ /* Depending on whether there's any hardware support compiled
+ * in, this remove may be destined to fail. */
+ ptr = ENGINE_get_first();
+ if(ptr)
+ if(!ENGINE_remove(ptr))
+ printf("Remove failed!i - probably no hardware "
+ "support present.\n");
+ display_engine_list();
+ if(!ENGINE_add(new_h1) || !ENGINE_remove(new_h1))
+ {
+ printf("Couldn't add and remove to an empty list!\n");
+ goto end;
+ }
+ else
+ printf("Successfully added and removed to an empty list!\n");
+ printf("About to beef up the engine-type list\n");
+ for(loop = 0; loop < 512; loop++)
+ {
+ sprintf(buf, "id%i", loop);
+ id = strdup(buf);
+ sprintf(buf, "Fake engine type %i", loop);
+ name = strdup(buf);
+ if(((block[loop] = ENGINE_new()) == NULL) ||
+ !ENGINE_set_id(block[loop], id) ||
+ !ENGINE_set_name(block[loop], name))
+ {
+ printf("Couldn't create block of ENGINE structures.\n"
+ "I'll probably also core-dump now, damn.\n");
+ goto end;
+ }
+ }
+ for(loop = 0; loop < 512; loop++)
+ {
+ if(!ENGINE_add(block[loop]))
+ {
+ printf("\nAdding stopped at %i, (%s,%s)\n",
+ loop, ENGINE_get_id(block[loop]),
+ ENGINE_get_name(block[loop]));
+ goto cleanup_loop;
+ }
+ else
+ printf("."); fflush(stdout);
+ }
+cleanup_loop:
+ printf("\nAbout to empty the engine-type list\n");
+ while((ptr = ENGINE_get_first()) != NULL)
+ {
+ if(!ENGINE_remove(ptr))
+ {
+ printf("\nRemove failed!\n");
+ goto end;
+ }
+ printf("."); fflush(stdout);
+ }
+ for(loop = 0; loop < 512; loop++)
+ {
+ free((char *)(ENGINE_get_id(block[loop])));
+ free((char *)(ENGINE_get_name(block[loop])));
+ }
+ printf("\nTests completed happily\n");
+ to_return = 0;
+end:
+ if(to_return)
+ ERR_print_errors_fp(stderr);
+ if(new_h1) ENGINE_free(new_h1);
+ if(new_h2) ENGINE_free(new_h2);
+ if(new_h3) ENGINE_free(new_h3);
+ if(new_h4) ENGINE_free(new_h4);
+ for(loop = 0; loop < 512; loop++)
+ if(block[loop])
+ ENGINE_free(block[loop]);
+ return to_return;
+ }
diff --git a/crypto/engine/hw_atalla.c b/crypto/engine/hw_atalla.c
new file mode 100644
index 0000000..e536420
--- /dev/null
+++ b/crypto/engine/hw_atalla.c
@@ -0,0 +1,443 @@
+/* crypto/engine/hw_atalla.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+#include "engine_int.h"
+#include <openssl/engine.h>
+
+#ifndef NO_HW
+#ifndef NO_HW_ATALLA
+
+#ifdef FLAT_INC
+#include "atalla.h"
+#else
+#include "vendor_defns/atalla.h"
+#endif
+
+static int atalla_init(void);
+static int atalla_finish(void);
+
+/* BIGNUM stuff */
+static int atalla_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx);
+
+/* RSA stuff */
+static int atalla_rsa_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa);
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int atalla_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+
+/* DSA stuff */
+static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+ BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *in_mont);
+static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+
+/* DH stuff */
+/* This function is alised to mod_exp (with the DH and mont dropped). */
+static int atalla_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+
+
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD atalla_rsa =
+ {
+ "Atalla RSA method",
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ atalla_rsa_mod_exp,
+ atalla_mod_exp_mont,
+ NULL,
+ NULL,
+ 0,
+ NULL,
+ NULL,
+ NULL
+ };
+
+/* Our internal DSA_METHOD that we provide pointers to */
+static DSA_METHOD atalla_dsa =
+ {
+ "Atalla DSA method",
+ NULL, /* dsa_do_sign */
+ NULL, /* dsa_sign_setup */
+ NULL, /* dsa_do_verify */
+ atalla_dsa_mod_exp, /* dsa_mod_exp */
+ atalla_mod_exp_dsa, /* bn_mod_exp */
+ NULL, /* init */
+ NULL, /* finish */
+ 0, /* flags */
+ NULL /* app_data */
+ };
+
+/* Our internal DH_METHOD that we provide pointers to */
+static DH_METHOD atalla_dh =
+ {
+ "Atalla DH method",
+ NULL,
+ NULL,
+ atalla_mod_exp_dh,
+ NULL,
+ NULL,
+ 0,
+ NULL
+ };
+
+/* Our ENGINE structure. */
+static ENGINE engine_atalla =
+ {
+ "atalla",
+ "Atalla hardware engine support",
+ &atalla_rsa,
+ &atalla_dsa,
+ &atalla_dh,
+ NULL,
+ atalla_mod_exp,
+ NULL,
+ atalla_init,
+ atalla_finish,
+ NULL, /* no ctrl() */
+ NULL, /* no load_privkey() */
+ NULL, /* no load_pubkey() */
+ 0, /* no flags */
+ 0, 0, /* no references */
+ NULL, NULL /* unlinked */
+ };
+
+/* As this is only ever called once, there's no need for locking
+ * (indeed - the lock will already be held by our caller!!!) */
+ENGINE *ENGINE_atalla()
+ {
+ RSA_METHOD *meth1;
+ DSA_METHOD *meth2;
+ DH_METHOD *meth3;
+
+ /* We know that the "PKCS1_SSLeay()" functions hook properly
+ * to the atalla-specific mod_exp and mod_exp_crt so we use
+ * those functions. NB: We don't use ENGINE_openssl() or
+ * anything "more generic" because something like the RSAref
+ * code may not hook properly, and if you own one of these
+ * cards then you have the right to do RSA operations on it
+ * anyway! */
+ meth1 = RSA_PKCS1_SSLeay();
+ atalla_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+ atalla_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+ atalla_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+ atalla_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+
+ /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
+ * bits. */
+ meth2 = DSA_OpenSSL();
+ atalla_dsa.dsa_do_sign = meth2->dsa_do_sign;
+ atalla_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
+ atalla_dsa.dsa_do_verify = meth2->dsa_do_verify;
+
+ /* Much the same for Diffie-Hellman */
+ meth3 = DH_OpenSSL();
+ atalla_dh.generate_key = meth3->generate_key;
+ atalla_dh.compute_key = meth3->compute_key;
+ return &engine_atalla;
+ }
+
+/* This is a process-global DSO handle used for loading and unloading
+ * the Atalla library. NB: This is only set (or unset) during an
+ * init() or finish() call (reference counts permitting) and they're
+ * operating with global locks, so this should be thread-safe
+ * implicitly. */
+static DSO *atalla_dso = NULL;
+
+/* These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded. */
+static tfnASI_GetHardwareConfig *p_Atalla_GetHardwareConfig = NULL;
+static tfnASI_RSAPrivateKeyOpFn *p_Atalla_RSAPrivateKeyOpFn = NULL;
+static tfnASI_GetPerformanceStatistics *p_Atalla_GetPerformanceStatistics = NULL;
+
+/* (de)initialisation functions. */
+static int atalla_init()
+ {
+ tfnASI_GetHardwareConfig *p1;
+ tfnASI_RSAPrivateKeyOpFn *p2;
+ tfnASI_GetPerformanceStatistics *p3;
+ /* Not sure of the origin of this magic value, but Ben's code had it
+ * and it seemed to have been working for a few people. :-) */
+ unsigned int config_buf[1024];
+
+ if(atalla_dso != NULL)
+ {
+ ENGINEerr(ENGINE_F_ATALLA_INIT,ENGINE_R_ALREADY_LOADED);
+ goto err;
+ }
+ /* Attempt to load libatasi.so/atasi.dll/whatever. Needs to be
+ * changed unfortunately because the Atalla drivers don't have
+ * standard library names that can be platform-translated well. */
+ /* TODO: Work out how to actually map to the names the Atalla
+ * drivers really use - for now a symbollic link needs to be
+ * created on the host system from libatasi.so to atasi.so on
+ * unix variants. */
+ atalla_dso = DSO_load(NULL, ATALLA_LIBNAME, NULL, 0);
+ if(atalla_dso == NULL)
+ {
+ ENGINEerr(ENGINE_F_ATALLA_INIT,ENGINE_R_DSO_FAILURE);
+ goto err;
+ }
+ if(!(p1 = (tfnASI_GetHardwareConfig *)DSO_bind_func(
+ atalla_dso, ATALLA_F1)) ||
+ !(p2 = (tfnASI_RSAPrivateKeyOpFn *)DSO_bind_func(
+ atalla_dso, ATALLA_F2)) ||
+ !(p3 = (tfnASI_GetPerformanceStatistics *)DSO_bind_func(
+ atalla_dso, ATALLA_F3)))
+ {
+ ENGINEerr(ENGINE_F_ATALLA_INIT,ENGINE_R_DSO_FAILURE);
+ goto err;
+ }
+ /* Copy the pointers */
+ p_Atalla_GetHardwareConfig = p1;
+ p_Atalla_RSAPrivateKeyOpFn = p2;
+ p_Atalla_GetPerformanceStatistics = p3;
+ /* Perform a basic test to see if there's actually any unit
+ * running. */
+ if(p1(0L, config_buf) != 0)
+ {
+ ENGINEerr(ENGINE_F_ATALLA_INIT,ENGINE_R_UNIT_FAILURE);
+ goto err;
+ }
+ /* Everything's fine. */
+ return 1;
+err:
+ if(atalla_dso)
+ DSO_free(atalla_dso);
+ p_Atalla_GetHardwareConfig = NULL;
+ p_Atalla_RSAPrivateKeyOpFn = NULL;
+ p_Atalla_GetPerformanceStatistics = NULL;
+ return 0;
+ }
+
+static int atalla_finish()
+ {
+ if(atalla_dso == NULL)
+ {
+ ENGINEerr(ENGINE_F_ATALLA_FINISH,ENGINE_R_NOT_LOADED);
+ return 0;
+ }
+ if(!DSO_free(atalla_dso))
+ {
+ ENGINEerr(ENGINE_F_ATALLA_FINISH,ENGINE_R_DSO_FAILURE);
+ return 0;
+ }
+ atalla_dso = NULL;
+ p_Atalla_GetHardwareConfig = NULL;
+ p_Atalla_RSAPrivateKeyOpFn = NULL;
+ p_Atalla_GetPerformanceStatistics = NULL;
+ return 1;
+ }
+
+static int atalla_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx)
+ {
+ /* I need somewhere to store temporary serialised values for
+ * use with the Atalla API calls. A neat cheat - I'll use
+ * BIGNUMs from the BN_CTX but access their arrays directly as
+ * byte arrays <grin>. This way I don't have to clean anything
+ * up. */
+ BIGNUM *modulus;
+ BIGNUM *exponent;
+ BIGNUM *argument;
+ BIGNUM *result;
+ RSAPrivateKey keydata;
+ int to_return, numbytes;
+
+ modulus = exponent = argument = result = NULL;
+ to_return = 0; /* expect failure */
+
+ if(!atalla_dso)
+ {
+ ENGINEerr(ENGINE_F_ATALLA_MOD_EXP,ENGINE_R_NOT_LOADED);
+ goto err;
+ }
+ /* Prepare the params */
+ modulus = BN_CTX_get(ctx);
+ exponent = BN_CTX_get(ctx);
+ argument = BN_CTX_get(ctx);
+ result = BN_CTX_get(ctx);
+ if(!modulus || !exponent || !argument || !result)
+ {
+ ENGINEerr(ENGINE_F_ATALLA_MOD_EXP,ENGINE_R_BN_CTX_FULL);
+ goto err;
+ }
+ if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, m->top) ||
+ !bn_wexpand(argument, m->top) || !bn_wexpand(result, m->top))
+ {
+ ENGINEerr(ENGINE_F_ATALLA_MOD_EXP,ENGINE_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ /* Prepare the key-data */
+ memset(&keydata, 0,sizeof keydata);
+ numbytes = BN_num_bytes(m);
+ memset(exponent->d, 0, numbytes);
+ memset(modulus->d, 0, numbytes);
+ BN_bn2bin(p, (unsigned char *)exponent->d + numbytes - BN_num_bytes(p));
+ BN_bn2bin(m, (unsigned char *)modulus->d + numbytes - BN_num_bytes(m));
+ keydata.privateExponent.data = (unsigned char *)exponent->d;
+ keydata.privateExponent.len = numbytes;
+ keydata.modulus.data = (unsigned char *)modulus->d;
+ keydata.modulus.len = numbytes;
+ /* Prepare the argument */
+ memset(argument->d, 0, numbytes);
+ memset(result->d, 0, numbytes);
+ BN_bn2bin(a, (unsigned char *)argument->d + numbytes - BN_num_bytes(a));
+ /* Perform the operation */
+ if(p_Atalla_RSAPrivateKeyOpFn(&keydata, (unsigned char *)result->d,
+ (unsigned char *)argument->d,
+ keydata.modulus.len) != 0)
+ {
+ ENGINEerr(ENGINE_F_ATALLA_MOD_EXP,ENGINE_R_REQUEST_FAILED);
+ goto err;
+ }
+ /* Convert the response */
+ BN_bin2bn((unsigned char *)result->d, numbytes, r);
+ to_return = 1;
+err:
+ if(modulus) ctx->tos--;
+ if(exponent) ctx->tos--;
+ if(argument) ctx->tos--;
+ if(result) ctx->tos--;
+ return to_return;
+ }
+
+static int atalla_rsa_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
+ {
+ BN_CTX *ctx = NULL;
+ int to_return = 0;
+
+ if(!atalla_dso)
+ {
+ ENGINEerr(ENGINE_F_ATALLA_RSA_MOD_EXP,ENGINE_R_NOT_LOADED);
+ goto err;
+ }
+ if((ctx = BN_CTX_new()) == NULL)
+ goto err;
+ if(!rsa->d || !rsa->n)
+ {
+ ENGINEerr(ENGINE_F_ATALLA_RSA_MOD_EXP,ENGINE_R_MISSING_KEY_COMPONENTS);
+ goto err;
+ }
+ to_return = atalla_mod_exp(r0, I, rsa->d, rsa->n, ctx);
+err:
+ if(ctx)
+ BN_CTX_free(ctx);
+ return to_return;
+ }
+
+/* This code was liberated and adapted from the commented-out code in
+ * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration
+ * (it doesn't have a CRT form for RSA), this function means that an
+ * Atalla system running with a DSA server certificate can handshake
+ * around 5 or 6 times faster/more than an equivalent system running with
+ * RSA. Just check out the "signs" statistics from the RSA and DSA parts
+ * of "openssl speed -engine atalla dsa1024 rsa1024". */
+static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+ BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *in_mont)
+ {
+ BIGNUM t;
+ int to_return = 0;
+
+ BN_init(&t);
+ /* let rr = a1 ^ p1 mod m */
+ if (!atalla_mod_exp(rr,a1,p1,m,ctx)) goto end;
+ /* let t = a2 ^ p2 mod m */
+ if (!atalla_mod_exp(&t,a2,p2,m,ctx)) goto end;
+ /* let rr = rr * t mod m */
+ if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
+ to_return = 1;
+end:
+ BN_free(&t);
+ return to_return;
+ }
+
+
+static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx)
+ {
+ return atalla_mod_exp(r, a, p, m, ctx);
+ }
+
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int atalla_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+ {
+ return atalla_mod_exp(r, a, p, m, ctx);
+ }
+
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int atalla_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+ {
+ return atalla_mod_exp(r, a, p, m, ctx);
+ }
+
+#endif /* !NO_HW_ATALLA */
+#endif /* !NO_HW */
diff --git a/crypto/engine/hw_cswift.c b/crypto/engine/hw_cswift.c
new file mode 100644
index 0000000..5747973
--- /dev/null
+++ b/crypto/engine/hw_cswift.c
@@ -0,0 +1,806 @@
+/* crypto/engine/hw_cswift.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+#include "engine_int.h"
+#include <openssl/engine.h>
+
+#ifndef NO_HW
+#ifndef NO_HW_CSWIFT
+
+/* Attribution notice: Rainbow have generously allowed me to reproduce
+ * the necessary definitions here from their API. This means the support
+ * can build independently of whether application builders have the
+ * API or hardware. This will allow developers to easily produce software
+ * that has latent hardware support for any users that have accelerators
+ * installed, without the developers themselves needing anything extra.
+ *
+ * I have only clipped the parts from the CryptoSwift header files that
+ * are (or seem) relevant to the CryptoSwift support code. This is
+ * simply to keep the file sizes reasonable.
+ * [Geoff]
+ */
+#ifdef FLAT_INC
+#include "cswift.h"
+#else
+#include "vendor_defns/cswift.h"
+#endif
+
+static int cswift_init(void);
+static int cswift_finish(void);
+
+/* BIGNUM stuff */
+static int cswift_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx);
+static int cswift_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
+ const BIGNUM *iqmp, BN_CTX *ctx);
+
+/* RSA stuff */
+static int cswift_rsa_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa);
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int cswift_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+
+/* DSA stuff */
+static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
+ DSA_SIG *sig, DSA *dsa);
+
+/* DH stuff */
+/* This function is alised to mod_exp (with the DH and mont dropped). */
+static int cswift_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+
+
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD cswift_rsa =
+ {
+ "CryptoSwift RSA method",
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ cswift_rsa_mod_exp,
+ cswift_mod_exp_mont,
+ NULL,
+ NULL,
+ 0,
+ NULL,
+ NULL,
+ NULL
+ };
+
+/* Our internal DSA_METHOD that we provide pointers to */
+static DSA_METHOD cswift_dsa =
+ {
+ "CryptoSwift DSA method",
+ cswift_dsa_sign,
+ NULL, /* dsa_sign_setup */
+ cswift_dsa_verify,
+ NULL, /* dsa_mod_exp */
+ NULL, /* bn_mod_exp */
+ NULL, /* init */
+ NULL, /* finish */
+ 0, /* flags */
+ NULL /* app_data */
+ };
+
+/* Our internal DH_METHOD that we provide pointers to */
+static DH_METHOD cswift_dh =
+ {
+ "CryptoSwift DH method",
+ NULL,
+ NULL,
+ cswift_mod_exp_dh,
+ NULL,
+ NULL,
+ 0,
+ NULL
+ };
+
+/* Our ENGINE structure. */
+static ENGINE engine_cswift =
+ {
+ "cswift",
+ "CryptoSwift hardware engine support",
+ &cswift_rsa,
+ &cswift_dsa,
+ &cswift_dh,
+ NULL,
+ cswift_mod_exp,
+ cswift_mod_exp_crt,
+ cswift_init,
+ cswift_finish,
+ NULL, /* no ctrl() */
+ NULL, /* no load_privkey() */
+ NULL, /* no load_pubkey() */
+ 0, /* no flags */
+ 0, 0, /* no references */
+ NULL, NULL /* unlinked */
+ };
+
+/* As this is only ever called once, there's no need for locking
+ * (indeed - the lock will already be held by our caller!!!) */
+ENGINE *ENGINE_cswift()
+ {
+ RSA_METHOD *meth1;
+ DH_METHOD *meth2;
+
+ /* We know that the "PKCS1_SSLeay()" functions hook properly
+ * to the cswift-specific mod_exp and mod_exp_crt so we use
+ * those functions. NB: We don't use ENGINE_openssl() or
+ * anything "more generic" because something like the RSAref
+ * code may not hook properly, and if you own one of these
+ * cards then you have the right to do RSA operations on it
+ * anyway! */
+ meth1 = RSA_PKCS1_SSLeay();
+ cswift_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+ cswift_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+ cswift_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+ cswift_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+
+ /* Much the same for Diffie-Hellman */
+ meth2 = DH_OpenSSL();
+ cswift_dh.generate_key = meth2->generate_key;
+ cswift_dh.compute_key = meth2->compute_key;
+ return &engine_cswift;
+ }
+
+/* This is a process-global DSO handle used for loading and unloading
+ * the CryptoSwift library. NB: This is only set (or unset) during an
+ * init() or finish() call (reference counts permitting) and they're
+ * operating with global locks, so this should be thread-safe
+ * implicitly. */
+static DSO *cswift_dso = NULL;
+
+/* These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded. */
+t_swAcquireAccContext *p_CSwift_AcquireAccContext = NULL;
+t_swAttachKeyParam *p_CSwift_AttachKeyParam = NULL;
+t_swSimpleRequest *p_CSwift_SimpleRequest = NULL;
+t_swReleaseAccContext *p_CSwift_ReleaseAccContext = NULL;
+
+/* Used in the DSO operations. */
+static const char *CSWIFT_LIBNAME = "swift";
+static const char *CSWIFT_F1 = "swAcquireAccContext";
+static const char *CSWIFT_F2 = "swAttachKeyParam";
+static const char *CSWIFT_F3 = "swSimpleRequest";
+static const char *CSWIFT_F4 = "swReleaseAccContext";
+
+
+/* CryptoSwift library functions and mechanics - these are used by the
+ * higher-level functions further down. NB: As and where there's no
+ * error checking, take a look lower down where these functions are
+ * called, the checking and error handling is probably down there. */
+
+/* utility function to obtain a context */
+static int get_context(SW_CONTEXT_HANDLE *hac)
+ {
+ SW_STATUS status;
+
+ status = p_CSwift_AcquireAccContext(hac);
+ if(status != SW_OK)
+ return 0;
+ return 1;
+ }
+
+/* similarly to release one. */
+static void release_context(SW_CONTEXT_HANDLE hac)
+ {
+ p_CSwift_ReleaseAccContext(hac);
+ }
+
+/* (de)initialisation functions. */
+static int cswift_init()
+ {
+ SW_CONTEXT_HANDLE hac;
+ t_swAcquireAccContext *p1;
+ t_swAttachKeyParam *p2;
+ t_swSimpleRequest *p3;
+ t_swReleaseAccContext *p4;
+
+ if(cswift_dso != NULL)
+ {
+ ENGINEerr(ENGINE_F_CSWIFT_INIT,ENGINE_R_ALREADY_LOADED);
+ goto err;
+ }
+ /* Attempt to load libswift.so/swift.dll/whatever. */
+ cswift_dso = DSO_load(NULL, CSWIFT_LIBNAME, NULL, 0);
+ if(cswift_dso == NULL)
+ {
+ ENGINEerr(ENGINE_F_CSWIFT_INIT,ENGINE_R_DSO_FAILURE);
+ goto err;
+ }
+ if(!(p1 = (t_swAcquireAccContext *)
+ DSO_bind_func(cswift_dso, CSWIFT_F1)) ||
+ !(p2 = (t_swAttachKeyParam *)
+ DSO_bind_func(cswift_dso, CSWIFT_F2)) ||
+ !(p3 = (t_swSimpleRequest *)
+ DSO_bind_func(cswift_dso, CSWIFT_F3)) ||
+ !(p4 = (t_swReleaseAccContext *)
+ DSO_bind_func(cswift_dso, CSWIFT_F4)))
+ {
+ ENGINEerr(ENGINE_F_CSWIFT_INIT,ENGINE_R_DSO_FAILURE);
+ goto err;
+ }
+ /* Copy the pointers */
+ p_CSwift_AcquireAccContext = p1;
+ p_CSwift_AttachKeyParam = p2;
+ p_CSwift_SimpleRequest = p3;
+ p_CSwift_ReleaseAccContext = p4;
+ /* Try and get a context - if not, we may have a DSO but no
+ * accelerator! */
+ if(!get_context(&hac))
+ {
+ ENGINEerr(ENGINE_F_CSWIFT_INIT,ENGINE_R_UNIT_FAILURE);
+ goto err;
+ }
+ release_context(hac);
+ /* Everything's fine. */
+ return 1;
+err:
+ if(cswift_dso)
+ DSO_free(cswift_dso);
+ p_CSwift_AcquireAccContext = NULL;
+ p_CSwift_AttachKeyParam = NULL;
+ p_CSwift_SimpleRequest = NULL;
+ p_CSwift_ReleaseAccContext = NULL;
+ return 0;
+ }
+
+static int cswift_finish()
+ {
+ if(cswift_dso == NULL)
+ {
+ ENGINEerr(ENGINE_F_CSWIFT_FINISH,ENGINE_R_NOT_LOADED);
+ return 0;
+ }
+ if(!DSO_free(cswift_dso))
+ {
+ ENGINEerr(ENGINE_F_CSWIFT_FINISH,ENGINE_R_DSO_FAILURE);
+ return 0;
+ }
+ cswift_dso = NULL;
+ p_CSwift_AcquireAccContext = NULL;
+ p_CSwift_AttachKeyParam = NULL;
+ p_CSwift_SimpleRequest = NULL;
+ p_CSwift_ReleaseAccContext = NULL;
+ return 1;
+ }
+
+/* Un petit mod_exp */
+static int cswift_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx)
+ {
+ /* I need somewhere to store temporary serialised values for
+ * use with the CryptoSwift API calls. A neat cheat - I'll use
+ * BIGNUMs from the BN_CTX but access their arrays directly as
+ * byte arrays <grin>. This way I don't have to clean anything
+ * up. */
+ BIGNUM *modulus;
+ BIGNUM *exponent;
+ BIGNUM *argument;
+ BIGNUM *result;
+ SW_STATUS sw_status;
+ SW_LARGENUMBER arg, res;
+ SW_PARAM sw_param;
+ SW_CONTEXT_HANDLE hac;
+ int to_return, acquired;
+
+ modulus = exponent = argument = result = NULL;
+ to_return = 0; /* expect failure */
+ acquired = 0;
+
+ if(!get_context(&hac))
+ {
+ ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_GET_HANDLE_FAILED);
+ goto err;
+ }
+ acquired = 1;
+ /* Prepare the params */
+ modulus = BN_CTX_get(ctx);
+ exponent = BN_CTX_get(ctx);
+ argument = BN_CTX_get(ctx);
+ result = BN_CTX_get(ctx);
+ if(!modulus || !exponent || !argument || !result)
+ {
+ ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_BN_CTX_FULL);
+ goto err;
+ }
+ if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, p->top) ||
+ !bn_wexpand(argument, a->top) || !bn_wexpand(result, m->top))
+ {
+ ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ sw_param.type = SW_ALG_EXP;
+ sw_param.up.exp.modulus.nbytes = BN_bn2bin(m,
+ (unsigned char *)modulus->d);
+ sw_param.up.exp.modulus.value = (unsigned char *)modulus->d;
+ sw_param.up.exp.exponent.nbytes = BN_bn2bin(p,
+ (unsigned char *)exponent->d);
+ sw_param.up.exp.exponent.value = (unsigned char *)exponent->d;
+ /* Attach the key params */
+ sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
+ switch(sw_status)
+ {
+ case SW_OK:
+ break;
+ case SW_ERR_INPUT_SIZE:
+ ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,
+ ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+ goto err;
+ default:
+ {
+ char tmpbuf[20];
+ ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_REQUEST_FAILED);
+ sprintf(tmpbuf, "%ld", sw_status);
+ ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+ }
+ goto err;
+ }
+ /* Prepare the argument and response */
+ arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);
+ arg.value = (unsigned char *)argument->d;
+ res.nbytes = BN_num_bytes(m);
+ memset(result->d, 0, res.nbytes);
+ res.value = (unsigned char *)result->d;
+ /* Perform the operation */
+ if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP, &arg, 1,
+ &res, 1)) != SW_OK)
+ {
+ char tmpbuf[20];
+ ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_REQUEST_FAILED);
+ sprintf(tmpbuf, "%ld", sw_status);
+ ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+ goto err;
+ }
+ /* Convert the response */
+ BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
+ to_return = 1;
+err:
+ if(acquired)
+ release_context(hac);
+ if(modulus) ctx->tos--;
+ if(exponent) ctx->tos--;
+ if(argument) ctx->tos--;
+ if(result) ctx->tos--;
+ return to_return;
+ }
+
+/* Un petit mod_exp chinois */
+static int cswift_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *q, const BIGNUM *dmp1,
+ const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx)
+ {
+ SW_STATUS sw_status;
+ SW_LARGENUMBER arg, res;
+ SW_PARAM sw_param;
+ SW_CONTEXT_HANDLE hac;
+ BIGNUM *rsa_p = NULL;
+ BIGNUM *rsa_q = NULL;
+ BIGNUM *rsa_dmp1 = NULL;
+ BIGNUM *rsa_dmq1 = NULL;
+ BIGNUM *rsa_iqmp = NULL;
+ BIGNUM *argument = NULL;
+ BIGNUM *result = NULL;
+ int to_return = 0; /* expect failure */
+ int acquired = 0;
+
+ if(!get_context(&hac))
+ {
+ ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_GET_HANDLE_FAILED);
+ goto err;
+ }
+ acquired = 1;
+ /* Prepare the params */
+ rsa_p = BN_CTX_get(ctx);
+ rsa_q = BN_CTX_get(ctx);
+ rsa_dmp1 = BN_CTX_get(ctx);
+ rsa_dmq1 = BN_CTX_get(ctx);
+ rsa_iqmp = BN_CTX_get(ctx);
+ argument = BN_CTX_get(ctx);
+ result = BN_CTX_get(ctx);
+ if(!rsa_p || !rsa_q || !rsa_dmp1 || !rsa_dmq1 || !rsa_iqmp ||
+ !argument || !result)
+ {
+ ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_BN_CTX_FULL);
+ goto err;
+ }
+ if(!bn_wexpand(rsa_p, p->top) || !bn_wexpand(rsa_q, q->top) ||
+ !bn_wexpand(rsa_dmp1, dmp1->top) ||
+ !bn_wexpand(rsa_dmq1, dmq1->top) ||
+ !bn_wexpand(rsa_iqmp, iqmp->top) ||
+ !bn_wexpand(argument, a->top) ||
+ !bn_wexpand(result, p->top + q->top))
+ {
+ ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ sw_param.type = SW_ALG_CRT;
+ sw_param.up.crt.p.nbytes = BN_bn2bin(p, (unsigned char *)rsa_p->d);
+ sw_param.up.crt.p.value = (unsigned char *)rsa_p->d;
+ sw_param.up.crt.q.nbytes = BN_bn2bin(q, (unsigned char *)rsa_q->d);
+ sw_param.up.crt.q.value = (unsigned char *)rsa_q->d;
+ sw_param.up.crt.dmp1.nbytes = BN_bn2bin(dmp1,
+ (unsigned char *)rsa_dmp1->d);
+ sw_param.up.crt.dmp1.value = (unsigned char *)rsa_dmp1->d;
+ sw_param.up.crt.dmq1.nbytes = BN_bn2bin(dmq1,
+ (unsigned char *)rsa_dmq1->d);
+ sw_param.up.crt.dmq1.value = (unsigned char *)rsa_dmq1->d;
+ sw_param.up.crt.iqmp.nbytes = BN_bn2bin(iqmp,
+ (unsigned char *)rsa_iqmp->d);
+ sw_param.up.crt.iqmp.value = (unsigned char *)rsa_iqmp->d;
+ /* Attach the key params */
+ sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
+ switch(sw_status)
+ {
+ case SW_OK:
+ break;
+ case SW_ERR_INPUT_SIZE:
+ ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,
+ ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+ goto err;
+ default:
+ {
+ char tmpbuf[20];
+ ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_REQUEST_FAILED);
+ sprintf(tmpbuf, "%ld", sw_status);
+ ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+ }
+ goto err;
+ }
+ /* Prepare the argument and response */
+ arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);
+ arg.value = (unsigned char *)argument->d;
+ res.nbytes = 2 * BN_num_bytes(p);
+ memset(result->d, 0, res.nbytes);
+ res.value = (unsigned char *)result->d;
+ /* Perform the operation */
+ if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP_CRT, &arg, 1,
+ &res, 1)) != SW_OK)
+ {
+ char tmpbuf[20];
+ ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_REQUEST_FAILED);
+ sprintf(tmpbuf, "%ld", sw_status);
+ ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+ goto err;
+ }
+ /* Convert the response */
+ BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
+ to_return = 1;
+err:
+ if(acquired)
+ release_context(hac);
+ if(rsa_p) ctx->tos--;
+ if(rsa_q) ctx->tos--;
+ if(rsa_dmp1) ctx->tos--;
+ if(rsa_dmq1) ctx->tos--;
+ if(rsa_iqmp) ctx->tos--;
+ if(argument) ctx->tos--;
+ if(result) ctx->tos--;
+ return to_return;
+ }
+
+static int cswift_rsa_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
+ {
+ BN_CTX *ctx;
+ int to_return = 0;
+
+ if((ctx = BN_CTX_new()) == NULL)
+ goto err;
+ if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
+ {
+ ENGINEerr(ENGINE_F_CSWIFT_RSA_MOD_EXP,ENGINE_R_MISSING_KEY_COMPONENTS);
+ goto err;
+ }
+ to_return = cswift_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
+ rsa->dmq1, rsa->iqmp, ctx);
+err:
+ if(ctx)
+ BN_CTX_free(ctx);
+ return to_return;
+ }
+
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int cswift_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+ {
+ return cswift_mod_exp(r, a, p, m, ctx);
+ }
+
+static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+ {
+ SW_CONTEXT_HANDLE hac;
+ SW_PARAM sw_param;
+ SW_STATUS sw_status;
+ SW_LARGENUMBER arg, res;
+ unsigned char *ptr;
+ BN_CTX *ctx;
+ BIGNUM *dsa_p = NULL;
+ BIGNUM *dsa_q = NULL;
+ BIGNUM *dsa_g = NULL;
+ BIGNUM *dsa_key = NULL;
+ BIGNUM *result = NULL;
+ DSA_SIG *to_return = NULL;
+ int acquired = 0;
+
+ if((ctx = BN_CTX_new()) == NULL)
+ goto err;
+ if(!get_context(&hac))
+ {
+ ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_GET_HANDLE_FAILED);
+ goto err;
+ }
+ acquired = 1;
+ /* Prepare the params */
+ dsa_p = BN_CTX_get(ctx);
+ dsa_q = BN_CTX_get(ctx);
+ dsa_g = BN_CTX_get(ctx);
+ dsa_key = BN_CTX_get(ctx);
+ result = BN_CTX_get(ctx);
+ if(!dsa_p || !dsa_q || !dsa_g || !dsa_key || !result)
+ {
+ ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_BN_CTX_FULL);
+ goto err;
+ }
+ if(!bn_wexpand(dsa_p, dsa->p->top) ||
+ !bn_wexpand(dsa_q, dsa->q->top) ||
+ !bn_wexpand(dsa_g, dsa->g->top) ||
+ !bn_wexpand(dsa_key, dsa->priv_key->top) ||
+ !bn_wexpand(result, dsa->p->top))
+ {
+ ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ sw_param.type = SW_ALG_DSA;
+ sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p,
+ (unsigned char *)dsa_p->d);
+ sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;
+ sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q,
+ (unsigned char *)dsa_q->d);
+ sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;
+ sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g,
+ (unsigned char *)dsa_g->d);
+ sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;
+ sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->priv_key,
+ (unsigned char *)dsa_key->d);
+ sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;
+ /* Attach the key params */
+ sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
+ switch(sw_status)
+ {
+ case SW_OK:
+ break;
+ case SW_ERR_INPUT_SIZE:
+ ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,
+ ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+ goto err;
+ default:
+ {
+ char tmpbuf[20];
+ ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_REQUEST_FAILED);
+ sprintf(tmpbuf, "%ld", sw_status);
+ ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+ }
+ goto err;
+ }
+ /* Prepare the argument and response */
+ arg.nbytes = dlen;
+ arg.value = (unsigned char *)dgst;
+ res.nbytes = BN_num_bytes(dsa->p);
+ memset(result->d, 0, res.nbytes);
+ res.value = (unsigned char *)result->d;
+ /* Perform the operation */
+ sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_SIGN, &arg, 1,
+ &res, 1);
+ if(sw_status != SW_OK)
+ {
+ char tmpbuf[20];
+ ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_REQUEST_FAILED);
+ sprintf(tmpbuf, "%ld", sw_status);
+ ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+ goto err;
+ }
+ /* Convert the response */
+ ptr = (unsigned char *)result->d;
+ if((to_return = DSA_SIG_new()) == NULL)
+ goto err;
+ to_return->r = BN_bin2bn((unsigned char *)result->d, 20, NULL);
+ to_return->s = BN_bin2bn((unsigned char *)result->d + 20, 20, NULL);
+
+err:
+ if(acquired)
+ release_context(hac);
+ if(dsa_p) ctx->tos--;
+ if(dsa_q) ctx->tos--;
+ if(dsa_g) ctx->tos--;
+ if(dsa_key) ctx->tos--;
+ if(result) ctx->tos--;
+ if(ctx)
+ BN_CTX_free(ctx);
+ return to_return;
+ }
+
+static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
+ DSA_SIG *sig, DSA *dsa)
+ {
+ SW_CONTEXT_HANDLE hac;
+ SW_PARAM sw_param;
+ SW_STATUS sw_status;
+ SW_LARGENUMBER arg[2], res;
+ unsigned long sig_result;
+ BN_CTX *ctx;
+ BIGNUM *dsa_p = NULL;
+ BIGNUM *dsa_q = NULL;
+ BIGNUM *dsa_g = NULL;
+ BIGNUM *dsa_key = NULL;
+ BIGNUM *argument = NULL;
+ int to_return = -1;
+ int acquired = 0;
+
+ if((ctx = BN_CTX_new()) == NULL)
+ goto err;
+ if(!get_context(&hac))
+ {
+ ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_GET_HANDLE_FAILED);
+ goto err;
+ }
+ acquired = 1;
+ /* Prepare the params */
+ dsa_p = BN_CTX_get(ctx);
+ dsa_q = BN_CTX_get(ctx);
+ dsa_g = BN_CTX_get(ctx);
+ dsa_key = BN_CTX_get(ctx);
+ argument = BN_CTX_get(ctx);
+ if(!dsa_p || !dsa_q || !dsa_g || !dsa_key || !argument)
+ {
+ ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_BN_CTX_FULL);
+ goto err;
+ }
+ if(!bn_wexpand(dsa_p, dsa->p->top) ||
+ !bn_wexpand(dsa_q, dsa->q->top) ||
+ !bn_wexpand(dsa_g, dsa->g->top) ||
+ !bn_wexpand(dsa_key, dsa->pub_key->top) ||
+ !bn_wexpand(argument, 40))
+ {
+ ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ sw_param.type = SW_ALG_DSA;
+ sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p,
+ (unsigned char *)dsa_p->d);
+ sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;
+ sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q,
+ (unsigned char *)dsa_q->d);
+ sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;
+ sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g,
+ (unsigned char *)dsa_g->d);
+ sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;
+ sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->pub_key,
+ (unsigned char *)dsa_key->d);
+ sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;
+ /* Attach the key params */
+ sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
+ switch(sw_status)
+ {
+ case SW_OK:
+ break;
+ case SW_ERR_INPUT_SIZE:
+ ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,
+ ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+ goto err;
+ default:
+ {
+ char tmpbuf[20];
+ ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_REQUEST_FAILED);
+ sprintf(tmpbuf, "%ld", sw_status);
+ ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+ }
+ goto err;
+ }
+ /* Prepare the argument and response */
+ arg[0].nbytes = dgst_len;
+ arg[0].value = (unsigned char *)dgst;
+ arg[1].nbytes = 40;
+ arg[1].value = (unsigned char *)argument->d;
+ memset(arg[1].value, 0, 40);
+ BN_bn2bin(sig->r, arg[1].value + 20 - BN_num_bytes(sig->r));
+ BN_bn2bin(sig->s, arg[1].value + 40 - BN_num_bytes(sig->s));
+ res.nbytes = 4; /* unsigned long */
+ res.value = (unsigned char *)(&sig_result);
+ /* Perform the operation */
+ sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_VERIFY, arg, 2,
+ &res, 1);
+ if(sw_status != SW_OK)
+ {
+ char tmpbuf[20];
+ ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_REQUEST_FAILED);
+ sprintf(tmpbuf, "%ld", sw_status);
+ ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+ goto err;
+ }
+ /* Convert the response */
+ to_return = ((sig_result == 0) ? 0 : 1);
+
+err:
+ if(acquired)
+ release_context(hac);
+ if(dsa_p) ctx->tos--;
+ if(dsa_q) ctx->tos--;
+ if(dsa_g) ctx->tos--;
+ if(dsa_key) ctx->tos--;
+ if(argument) ctx->tos--;
+ if(ctx)
+ BN_CTX_free(ctx);
+ return to_return;
+ }
+
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int cswift_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+ {
+ return cswift_mod_exp(r, a, p, m, ctx);
+ }
+
+#endif /* !NO_HW_CSWIFT */
+#endif /* !NO_HW */
diff --git a/crypto/engine/hw_ncipher.c b/crypto/engine/hw_ncipher.c
new file mode 100644
index 0000000..f6b06e4
--- /dev/null
+++ b/crypto/engine/hw_ncipher.c
@@ -0,0 +1,1018 @@
+/* crypto/engine/hw_ncipher.c -*- mode: C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org), Geoff Thorpe
+ * (geoff@geoffthorpe.net) and Dr Stephen N Henson (shenson@bigfoot.com)
+ * for the OpenSSL project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include <openssl/pem.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+#include "engine_int.h"
+#include <openssl/engine.h>
+
+#ifndef NO_HW
+#ifndef NO_HW_NCIPHER
+
+/* Attribution notice: nCipher have said several times that it's OK for
+ * us to implement a general interface to their boxes, and recently declared
+ * their HWCryptoHook to be public, and therefore available for us to use.
+ * Thanks, nCipher.
+ *
+ * The hwcryptohook.h included here is from May 2000.
+ * [Richard Levitte]
+ */
+#ifdef FLAT_INC
+#include "hwcryptohook.h"
+#else
+#include "vendor_defns/hwcryptohook.h"
+#endif
+
+static int hwcrhk_init(void);
+static int hwcrhk_finish(void);
+static int hwcrhk_ctrl(int cmd, long i, void *p, void (*f)());
+
+/* Functions to handle mutexes */
+static int hwcrhk_mutex_init(HWCryptoHook_Mutex*, HWCryptoHook_CallerContext*);
+static int hwcrhk_mutex_lock(HWCryptoHook_Mutex*);
+static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex*);
+static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex*);
+
+/* BIGNUM stuff */
+static int hwcrhk_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx);
+
+/* RSA stuff */
+static int hwcrhk_rsa_mod_exp(BIGNUM *r, BIGNUM *I, RSA *rsa);
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int hwcrhk_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+
+/* DH stuff */
+/* This function is alised to mod_exp (with the DH and mont dropped). */
+static int hwcrhk_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+
+/* RAND stuff */
+static int hwcrhk_rand_bytes(unsigned char *buf, int num);
+static int hwcrhk_rand_status(void);
+
+/* KM stuff */
+static EVP_PKEY *hwcrhk_load_privkey(const char *key_id,
+ const char *passphrase);
+static EVP_PKEY *hwcrhk_load_pubkey(const char *key_id,
+ const char *passphrase);
+static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
+ int ind,long argl, void *argp);
+
+/* Interaction stuff */
+static int hwcrhk_get_pass(const char *prompt_info,
+ int *len_io, char *buf,
+ HWCryptoHook_PassphraseContext *ppctx,
+ HWCryptoHook_CallerContext *cactx);
+static void hwcrhk_log_message(void *logstr, const char *message);
+
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD hwcrhk_rsa =
+ {
+ "nCipher RSA method",
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ hwcrhk_rsa_mod_exp,
+ hwcrhk_mod_exp_mont,
+ NULL,
+ NULL,
+ 0,
+ NULL,
+ NULL,
+ NULL
+ };
+
+/* Our internal DH_METHOD that we provide pointers to */
+static DH_METHOD hwcrhk_dh =
+ {
+ "nCipher DH method",
+ NULL,
+ NULL,
+ hwcrhk_mod_exp_dh,
+ NULL,
+ NULL,
+ 0,
+ NULL
+ };
+
+static RAND_METHOD hwcrhk_rand =
+ {
+ /* "nCipher RAND method", */
+ NULL,
+ hwcrhk_rand_bytes,
+ NULL,
+ NULL,
+ hwcrhk_rand_bytes,
+ hwcrhk_rand_status,
+ };
+
+/* Our ENGINE structure. */
+static ENGINE engine_hwcrhk =
+ {
+ "chil",
+ "nCipher hardware engine support",
+ &hwcrhk_rsa,
+ NULL,
+ &hwcrhk_dh,
+ &hwcrhk_rand,
+ hwcrhk_mod_exp,
+ NULL,
+ hwcrhk_init,
+ hwcrhk_finish,
+ hwcrhk_ctrl,
+ hwcrhk_load_privkey,
+ hwcrhk_load_pubkey,
+ 0, /* no flags */
+ 0, 0, /* no references */
+ NULL, NULL /* unlinked */
+ };
+
+/* Internal stuff for HWCryptoHook */
+
+/* Some structures needed for proper use of thread locks */
+/* hwcryptohook.h has some typedefs that turn struct HWCryptoHook_MutexValue
+ into HWCryptoHook_Mutex */
+struct HWCryptoHook_MutexValue
+ {
+ int lockid;
+ };
+
+/* hwcryptohook.h has some typedefs that turn
+ struct HWCryptoHook_PassphraseContextValue
+ into HWCryptoHook_PassphraseContext */
+struct HWCryptoHook_PassphraseContextValue
+ {
+ void *any;
+ };
+
+/* hwcryptohook.h has some typedefs that turn
+ struct HWCryptoHook_CallerContextValue
+ into HWCryptoHook_CallerContext */
+struct HWCryptoHook_CallerContextValue
+ {
+ void *any;
+ };
+
+/* The MPI structure in HWCryptoHook is pretty compatible with OpenSSL
+ BIGNUM's, so lets define a couple of conversion macros */
+#define BN2MPI(mp, bn) \
+ {mp.size = bn->top * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;}
+#define MPI2BN(bn, mp) \
+ {mp.size = bn->dmax * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;}
+
+#if 0 /* Card and password management is not yet supported */
+/* HWCryptoHook callbacks. insert_card() and get_pass() are not yet
+ defined, because we haven't quite decided on the proper form yet.
+ log_message() just adds an entry in the error stack. I don't know
+ if that's good or bad... */
+static int insert_card(const char *prompt_info,
+ const char *wrong_info,
+ HWCryptoHook_PassphraseContext *ppctx,
+ HWCryptoHook_CallerContext *cactx);
+static int get_pass(const char *prompt_info,
+ int *len_io, char *buf,
+ HWCryptoHook_PassphraseContext *ppctx,
+ HWCryptoHook_CallerContext *cactx);
+#endif
+
+static BIO *logstream = NULL;
+static pem_password_cb *password_callback = NULL;
+#if 0
+static void *password_callback_userdata = NULL;
+#endif
+static int disable_mutex_callbacks = 0;
+
+/* Stuff to pass to the HWCryptoHook library */
+static HWCryptoHook_InitInfo hwcrhk_globals = {
+ 0, /* Flags */
+ &logstream, /* logstream */
+ sizeof(BN_ULONG), /* limbsize */
+ 0, /* mslimb first: false for BNs */
+ -1, /* msbyte first: use native */
+ 0, /* Max mutexes, 0 = no small limit */
+ 0, /* Max simultaneous, 0 = default */
+
+ /* The next few are mutex stuff: we write wrapper functions
+ around the OS mutex functions. We initialise them to 0
+ here, and change that to actual function pointers in hwcrhk_init()
+ if dynamic locks are supported (that is, if the application
+ programmer has made sure of setting up callbacks bafore starting
+ this engine) *and* if disable_mutex_callbacks hasn't been set by
+ a call to ENGINE_ctrl(ENGINE_CTRL_CHIL_NO_LOCKING). */
+ sizeof(HWCryptoHook_Mutex),
+ 0,
+ 0,
+ 0,
+ 0,
+
+ /* The next few are condvar stuff: we write wrapper functions
+ round the OS functions. Currently not implemented and not
+ and absolute necessity even in threaded programs, therefore
+ 0'ed. Will hopefully be implemented some day, since it
+ enhances the efficiency of HWCryptoHook. */
+ 0, /* sizeof(HWCryptoHook_CondVar), */
+ 0, /* hwcrhk_cv_init, */
+ 0, /* hwcrhk_cv_wait, */
+ 0, /* hwcrhk_cv_signal, */
+ 0, /* hwcrhk_cv_broadcast, */
+ 0, /* hwcrhk_cv_destroy, */
+
+ hwcrhk_get_pass, /* pass phrase */
+ 0, /* insert_card, */ /* insert a card */
+ hwcrhk_log_message /* Log message */
+};
+
+
+/* Now, to our own code */
+
+/* As this is only ever called once, there's no need for locking
+ * (indeed - the lock will already be held by our caller!!!) */
+ENGINE *ENGINE_ncipher()
+ {
+ RSA_METHOD *meth1;
+ DH_METHOD *meth2;
+
+ /* We know that the "PKCS1_SSLeay()" functions hook properly
+ * to the cswift-specific mod_exp and mod_exp_crt so we use
+ * those functions. NB: We don't use ENGINE_openssl() or
+ * anything "more generic" because something like the RSAref
+ * code may not hook properly, and if you own one of these
+ * cards then you have the right to do RSA operations on it
+ * anyway! */
+ meth1 = RSA_PKCS1_SSLeay();
+ hwcrhk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+ hwcrhk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+ hwcrhk_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+ hwcrhk_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+
+ /* Much the same for Diffie-Hellman */
+ meth2 = DH_OpenSSL();
+ hwcrhk_dh.generate_key = meth2->generate_key;
+ hwcrhk_dh.compute_key = meth2->compute_key;
+ return &engine_hwcrhk;
+ }
+
+/* This is a process-global DSO handle used for loading and unloading
+ * the HWCryptoHook library. NB: This is only set (or unset) during an
+ * init() or finish() call (reference counts permitting) and they're
+ * operating with global locks, so this should be thread-safe
+ * implicitly. */
+static DSO *hwcrhk_dso = NULL;
+static HWCryptoHook_ContextHandle hwcrhk_context = 0;
+static int hndidx = -1; /* Index for KM handle. Not really used yet. */
+
+/* These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded. */
+static HWCryptoHook_Init_t *p_hwcrhk_Init = NULL;
+static HWCryptoHook_Finish_t *p_hwcrhk_Finish = NULL;
+static HWCryptoHook_ModExp_t *p_hwcrhk_ModExp = NULL;
+static HWCryptoHook_RSA_t *p_hwcrhk_RSA = NULL;
+static HWCryptoHook_RandomBytes_t *p_hwcrhk_RandomBytes = NULL;
+static HWCryptoHook_RSALoadKey_t *p_hwcrhk_RSALoadKey = NULL;
+static HWCryptoHook_RSAGetPublicKey_t *p_hwcrhk_RSAGetPublicKey = NULL;
+static HWCryptoHook_RSAUnloadKey_t *p_hwcrhk_RSAUnloadKey = NULL;
+static HWCryptoHook_ModExpCRT_t *p_hwcrhk_ModExpCRT = NULL;
+
+/* Used in the DSO operations. */
+static const char *HWCRHK_LIBNAME = "nfhwcrhk";
+static const char *n_hwcrhk_Init = "HWCryptoHook_Init";
+static const char *n_hwcrhk_Finish = "HWCryptoHook_Finish";
+static const char *n_hwcrhk_ModExp = "HWCryptoHook_ModExp";
+static const char *n_hwcrhk_RSA = "HWCryptoHook_RSA";
+static const char *n_hwcrhk_RandomBytes = "HWCryptoHook_RandomBytes";
+static const char *n_hwcrhk_RSALoadKey = "HWCryptoHook_RSALoadKey";
+static const char *n_hwcrhk_RSAGetPublicKey = "HWCryptoHook_RSAGetPublicKey";
+static const char *n_hwcrhk_RSAUnloadKey = "HWCryptoHook_RSAUnloadKey";
+static const char *n_hwcrhk_ModExpCRT = "HWCryptoHook_ModExpCRT";
+
+/* HWCryptoHook library functions and mechanics - these are used by the
+ * higher-level functions further down. NB: As and where there's no
+ * error checking, take a look lower down where these functions are
+ * called, the checking and error handling is probably down there. */
+
+/* utility function to obtain a context */
+static int get_context(HWCryptoHook_ContextHandle *hac)
+ {
+ char tempbuf[1024];
+ HWCryptoHook_ErrMsgBuf rmsg;
+
+ rmsg.buf = tempbuf;
+ rmsg.size = 1024;
+
+ *hac = p_hwcrhk_Init(&hwcrhk_globals, sizeof(hwcrhk_globals), &rmsg,
+ NULL);
+ if (!*hac)
+ return 0;
+ return 1;
+ }
+
+/* similarly to release one. */
+static void release_context(HWCryptoHook_ContextHandle hac)
+ {
+ p_hwcrhk_Finish(hac);
+ }
+
+/* (de)initialisation functions. */
+static int hwcrhk_init()
+ {
+ HWCryptoHook_Init_t *p1;
+ HWCryptoHook_Finish_t *p2;
+ HWCryptoHook_ModExp_t *p3;
+ HWCryptoHook_RSA_t *p4;
+ HWCryptoHook_RSALoadKey_t *p5;
+ HWCryptoHook_RSAGetPublicKey_t *p6;
+ HWCryptoHook_RSAUnloadKey_t *p7;
+ HWCryptoHook_RandomBytes_t *p8;
+ HWCryptoHook_ModExpCRT_t *p9;
+
+ if(hwcrhk_dso != NULL)
+ {
+ ENGINEerr(ENGINE_F_HWCRHK_INIT,ENGINE_R_ALREADY_LOADED);
+ goto err;
+ }
+ /* Attempt to load libnfhwcrhk.so/nfhwcrhk.dll/whatever. */
+ hwcrhk_dso = DSO_load(NULL, HWCRHK_LIBNAME, NULL, 0);
+ if(hwcrhk_dso == NULL)
+ {
+ ENGINEerr(ENGINE_F_HWCRHK_INIT,ENGINE_R_DSO_FAILURE);
+ goto err;
+ }
+ if(!(p1 = (HWCryptoHook_Init_t *)
+ DSO_bind_func(hwcrhk_dso, n_hwcrhk_Init)) ||
+ !(p2 = (HWCryptoHook_Finish_t *)
+ DSO_bind_func(hwcrhk_dso, n_hwcrhk_Finish)) ||
+ !(p3 = (HWCryptoHook_ModExp_t *)
+ DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExp)) ||
+ !(p4 = (HWCryptoHook_RSA_t *)
+ DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSA)) ||
+ !(p5 = (HWCryptoHook_RSALoadKey_t *)
+ DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSALoadKey)) ||
+ !(p6 = (HWCryptoHook_RSAGetPublicKey_t *)
+ DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAGetPublicKey)) ||
+ !(p7 = (HWCryptoHook_RSAUnloadKey_t *)
+ DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAUnloadKey)) ||
+ !(p8 = (HWCryptoHook_RandomBytes_t *)
+ DSO_bind_func(hwcrhk_dso, n_hwcrhk_RandomBytes)) ||
+ !(p9 = (HWCryptoHook_ModExpCRT_t *)
+ DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExpCRT)))
+ {
+ ENGINEerr(ENGINE_F_HWCRHK_INIT,ENGINE_R_DSO_FAILURE);
+ goto err;
+ }
+ /* Copy the pointers */
+ p_hwcrhk_Init = p1;
+ p_hwcrhk_Finish = p2;
+ p_hwcrhk_ModExp = p3;
+ p_hwcrhk_RSA = p4;
+ p_hwcrhk_RSALoadKey = p5;
+ p_hwcrhk_RSAGetPublicKey = p6;
+ p_hwcrhk_RSAUnloadKey = p7;
+ p_hwcrhk_RandomBytes = p8;
+ p_hwcrhk_ModExpCRT = p9;
+
+ /* Check if the application decided to support dynamic locks,
+ and if it does, use them. */
+ if (disable_mutex_callbacks == 0 &&
+ CRYPTO_get_dynlock_create_callback() != NULL &&
+ CRYPTO_get_dynlock_lock_callback() != NULL &&
+ CRYPTO_get_dynlock_destroy_callback() != NULL)
+ {
+ hwcrhk_globals.mutex_init = hwcrhk_mutex_init;
+ hwcrhk_globals.mutex_acquire = hwcrhk_mutex_lock;
+ hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock;
+ hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy;
+ }
+
+ /* Try and get a context - if not, we may have a DSO but no
+ * accelerator! */
+ if(!get_context(&hwcrhk_context))
+ {
+ ENGINEerr(ENGINE_F_HWCRHK_INIT,ENGINE_R_UNIT_FAILURE);
+ goto err;
+ }
+ /* Everything's fine. */
+ if (hndidx == -1)
+ hndidx = RSA_get_ex_new_index(0,
+ "nFast HWCryptoHook RSA key handle",
+ NULL, NULL, hwcrhk_ex_free);
+ return 1;
+err:
+ if(hwcrhk_dso)
+ DSO_free(hwcrhk_dso);
+ hwcrhk_dso = NULL;
+ p_hwcrhk_Init = NULL;
+ p_hwcrhk_Finish = NULL;
+ p_hwcrhk_ModExp = NULL;
+ p_hwcrhk_RSA = NULL;
+ p_hwcrhk_RSALoadKey = NULL;
+ p_hwcrhk_RSAGetPublicKey = NULL;
+ p_hwcrhk_RSAUnloadKey = NULL;
+ p_hwcrhk_ModExpCRT = NULL;
+ p_hwcrhk_RandomBytes = NULL;
+ return 0;
+ }
+
+static int hwcrhk_finish()
+ {
+ int to_return = 1;
+ if(hwcrhk_dso == NULL)
+ {
+ ENGINEerr(ENGINE_F_HWCRHK_FINISH,ENGINE_R_NOT_LOADED);
+ to_return = 0;
+ goto err;
+ }
+ release_context(hwcrhk_context);
+ if(!DSO_free(hwcrhk_dso))
+ {
+ ENGINEerr(ENGINE_F_HWCRHK_FINISH,ENGINE_R_DSO_FAILURE);
+ to_return = 0;
+ goto err;
+ }
+ err:
+ if (logstream)
+ BIO_free(logstream);
+ hwcrhk_dso = NULL;
+ p_hwcrhk_Init = NULL;
+ p_hwcrhk_Finish = NULL;
+ p_hwcrhk_ModExp = NULL;
+ p_hwcrhk_RSA = NULL;
+ p_hwcrhk_RSALoadKey = NULL;
+ p_hwcrhk_RSAGetPublicKey = NULL;
+ p_hwcrhk_RSAUnloadKey = NULL;
+ p_hwcrhk_ModExpCRT = NULL;
+ p_hwcrhk_RandomBytes = NULL;
+ return to_return;
+ }
+
+static int hwcrhk_ctrl(int cmd, long i, void *p, void (*f)())
+ {
+ int to_return = 1;
+
+ switch(cmd)
+ {
+ case ENGINE_CTRL_SET_LOGSTREAM:
+ {
+ BIO *bio = (BIO *)p;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ if (logstream)
+ {
+ BIO_free(logstream);
+ logstream = NULL;
+ }
+ if (CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO) > 1)
+ logstream = bio;
+ else
+ ENGINEerr(ENGINE_F_HWCRHK_CTRL,ENGINE_R_BIO_WAS_FREED);
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ break;
+ case ENGINE_CTRL_SET_PASSWORD_CALLBACK:
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ password_callback = (pem_password_cb *)f;
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ break;
+ /* this enables or disables the "SimpleForkCheck" flag used in the
+ * initialisation structure. */
+ case ENGINE_CTRL_CHIL_SET_FORKCHECK:
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ if(i)
+ hwcrhk_globals.flags |=
+ HWCryptoHook_InitFlags_SimpleForkCheck;
+ else
+ hwcrhk_globals.flags &=
+ ~HWCryptoHook_InitFlags_SimpleForkCheck;
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ break;
+ /* This will prevent the initialisation function from "installing"
+ * the mutex-handling callbacks, even if they are available from
+ * within the library (or were provided to the library from the
+ * calling application). This is to remove any baggage for
+ * applications not using multithreading. */
+ case ENGINE_CTRL_CHIL_NO_LOCKING:
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ disable_mutex_callbacks = 1;
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ break;
+
+ /* The command isn't understood by this engine */
+ default:
+ ENGINEerr(ENGINE_F_HWCRHK_CTRL,
+ ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+ to_return = 0;
+ break;
+ }
+
+ return to_return;
+ }
+
+static EVP_PKEY *hwcrhk_load_privkey(const char *key_id,
+ const char *passphrase)
+ {
+ RSA *rtmp = NULL;
+ EVP_PKEY *res = NULL;
+ HWCryptoHook_MPI e, n;
+ HWCryptoHook_RSAKeyHandle *hptr;
+ HWCryptoHook_ErrMsgBuf rmsg;
+
+ if(!hwcrhk_context)
+ {
+ ENGINEerr(ENGINE_F_HWCRHK_LOAD_PRIVKEY,
+ ENGINE_R_NOT_INITIALISED);
+ goto err;
+ }
+ hptr = OPENSSL_malloc(sizeof(HWCryptoHook_RSAKeyHandle));
+ if (!hptr)
+ {
+ ENGINEerr(ENGINE_F_HWCRHK_LOAD_PRIVKEY,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (p_hwcrhk_RSALoadKey(hwcrhk_context, key_id, hptr,
+ &rmsg, NULL))
+ {
+ ENGINEerr(ENGINE_F_HWCRHK_LOAD_PRIVKEY,
+ ENGINE_R_CHIL_ERROR);
+ ERR_add_error_data(1,rmsg.buf);
+ goto err;
+ }
+ if (!*hptr)
+ {
+ ENGINEerr(ENGINE_F_HWCRHK_LOAD_PRIVKEY,
+ ENGINE_R_NO_KEY);
+ goto err;
+ }
+ rtmp = RSA_new_method(&engine_hwcrhk);
+ RSA_set_ex_data(rtmp, hndidx, (char *)hptr);
+ rtmp->e = BN_new();
+ rtmp->n = BN_new();
+ rtmp->flags |= RSA_FLAG_EXT_PKEY;
+ MPI2BN(rtmp->e, e);
+ MPI2BN(rtmp->n, n);
+ if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg)
+ != HWCRYPTOHOOK_ERROR_MPISIZE)
+ {
+ ENGINEerr(ENGINE_F_HWCRHK_LOAD_PUBKEY,ENGINE_R_CHIL_ERROR);
+ ERR_add_error_data(1,rmsg.buf);
+ goto err;
+ }
+
+ bn_expand2(rtmp->e, e.size/sizeof(BN_ULONG));
+ bn_expand2(rtmp->n, n.size/sizeof(BN_ULONG));
+ MPI2BN(rtmp->e, e);
+ MPI2BN(rtmp->n, n);
+
+ if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg))
+ {
+ ENGINEerr(ENGINE_F_HWCRHK_LOAD_PUBKEY,
+ ENGINE_R_CHIL_ERROR);
+ ERR_add_error_data(1,rmsg.buf);
+ goto err;
+ }
+ rtmp->e->top = e.size / sizeof(BN_ULONG);
+ bn_fix_top(rtmp->e);
+ rtmp->n->top = n.size / sizeof(BN_ULONG);
+ bn_fix_top(rtmp->n);
+
+ res = EVP_PKEY_new();
+ EVP_PKEY_assign_RSA(res, rtmp);
+
+ return res;
+ err:
+ if (res)
+ EVP_PKEY_free(res);
+ if (rtmp)
+ RSA_free(rtmp);
+ return NULL;
+ }
+
+static EVP_PKEY *hwcrhk_load_pubkey(const char *key_id, const char *passphrase)
+ {
+ EVP_PKEY *res = hwcrhk_load_privkey(key_id, passphrase);
+
+ if (res)
+ switch(res->type)
+ {
+ case EVP_PKEY_RSA:
+ {
+ RSA *rsa = NULL;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
+ rsa = res->pkey.rsa;
+ res->pkey.rsa = RSA_new();
+ res->pkey.rsa->n = rsa->n;
+ res->pkey.rsa->e = rsa->e;
+ CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
+ RSA_free(rsa);
+ }
+ default:
+ ENGINEerr(ENGINE_F_HWCRHK_LOAD_PUBKEY,
+ ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+ goto err;
+ }
+
+ return res;
+ err:
+ if (res)
+ EVP_PKEY_free(res);
+ return NULL;
+ }
+
+/* A little mod_exp */
+static int hwcrhk_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx)
+ {
+ char tempbuf[1024];
+ HWCryptoHook_ErrMsgBuf rmsg;
+ /* Since HWCryptoHook_MPI is pretty compatible with BIGNUM's,
+ we use them directly, plus a little macro magic. We only
+ thing we need to make sure of is that enough space is allocated. */
+ HWCryptoHook_MPI m_a, m_p, m_n, m_r;
+ int to_return, ret;
+
+ to_return = 0; /* expect failure */
+ rmsg.buf = tempbuf;
+ rmsg.size = 1024;
+
+ if(!hwcrhk_context)
+ {
+ ENGINEerr(ENGINE_F_HWCRHK_MOD_EXP,ENGINE_R_NOT_INITIALISED);
+ goto err;
+ }
+ /* Prepare the params */
+ bn_expand2(r, m->top); /* Check for error !! */
+ BN2MPI(m_a, a);
+ BN2MPI(m_p, p);
+ BN2MPI(m_n, m);
+ MPI2BN(r, m_r);
+
+ /* Perform the operation */
+ ret = p_hwcrhk_ModExp(hwcrhk_context, m_a, m_p, m_n, &m_r, &rmsg);
+
+ /* Convert the response */
+ r->top = m_r.size / sizeof(BN_ULONG);
+ bn_fix_top(r);
+
+ if (ret < 0)
+ {
+ /* FIXME: When this error is returned, HWCryptoHook is
+ telling us that falling back to software computation
+ might be a good thing. */
+ if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
+ {
+ ENGINEerr(ENGINE_F_HWCRHK_MOD_EXP,ENGINE_R_REQUEST_FALLBACK);
+ }
+ else
+ {
+ ENGINEerr(ENGINE_F_HWCRHK_MOD_EXP,ENGINE_R_REQUEST_FAILED);
+ }
+ ERR_add_error_data(1,rmsg.buf);
+ goto err;
+ }
+
+ to_return = 1;
+err:
+ return to_return;
+ }
+
+static int hwcrhk_rsa_mod_exp(BIGNUM *r, BIGNUM *I, RSA *rsa)
+ {
+ char tempbuf[1024];
+ HWCryptoHook_ErrMsgBuf rmsg;
+ HWCryptoHook_RSAKeyHandle *hptr;
+ int to_return = 0, ret;
+
+ if(!hwcrhk_context)
+ {
+ ENGINEerr(ENGINE_F_HWCRHK_MOD_EXP,ENGINE_R_NOT_INITIALISED);
+ goto err;
+ }
+
+ /* This provides support for nForce keys. Since that's opaque data
+ all we do is provide a handle to the proper key and let HWCryptoHook
+ take care of the rest. */
+ if ((hptr = (HWCryptoHook_RSAKeyHandle *) RSA_get_ex_data(rsa, hndidx))
+ != NULL)
+ {
+ HWCryptoHook_MPI m_a, m_r;
+
+ if(!rsa->n)
+ {
+ ENGINEerr(ENGINE_F_HWCRHK_RSA_MOD_EXP,
+ ENGINE_R_MISSING_KEY_COMPONENTS);
+ goto err;
+ }
+
+ rmsg.buf = tempbuf;
+ rmsg.size = 1024;
+
+ /* Prepare the params */
+ bn_expand2(r, rsa->n->top); /* Check for error !! */
+ BN2MPI(m_a, I);
+ MPI2BN(r, m_r);
+
+ /* Perform the operation */
+ ret = p_hwcrhk_RSA(m_a, *hptr, &m_r, &rmsg);
+
+ /* Convert the response */
+ r->top = m_r.size / sizeof(BN_ULONG);
+ bn_fix_top(r);
+
+ if (ret < 0)
+ {
+ /* FIXME: When this error is returned, HWCryptoHook is
+ telling us that falling back to software computation
+ might be a good thing. */
+ if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
+ {
+ ENGINEerr(ENGINE_F_HWCRHK_RSA_MOD_EXP,ENGINE_R_REQUEST_FALLBACK);
+ }
+ else
+ {
+ ENGINEerr(ENGINE_F_HWCRHK_RSA_MOD_EXP,ENGINE_R_REQUEST_FAILED);
+ }
+ ERR_add_error_data(1,rmsg.buf);
+ goto err;
+ }
+ }
+ else
+ {
+ HWCryptoHook_MPI m_a, m_p, m_q, m_dmp1, m_dmq1, m_iqmp, m_r;
+
+ if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
+ {
+ ENGINEerr(ENGINE_F_HWCRHK_RSA_MOD_EXP,
+ ENGINE_R_MISSING_KEY_COMPONENTS);
+ goto err;
+ }
+
+ rmsg.buf = tempbuf;
+ rmsg.size = 1024;
+
+ /* Prepare the params */
+ bn_expand2(r, rsa->n->top); /* Check for error !! */
+ BN2MPI(m_a, I);
+ BN2MPI(m_p, rsa->p);
+ BN2MPI(m_q, rsa->q);
+ BN2MPI(m_dmp1, rsa->dmp1);
+ BN2MPI(m_dmq1, rsa->dmq1);
+ BN2MPI(m_iqmp, rsa->iqmp);
+ MPI2BN(r, m_r);
+
+ /* Perform the operation */
+ ret = p_hwcrhk_ModExpCRT(hwcrhk_context, m_a, m_p, m_q,
+ m_dmp1, m_dmq1, m_iqmp, &m_r, NULL);
+
+ /* Convert the response */
+ r->top = m_r.size / sizeof(BN_ULONG);
+ bn_fix_top(r);
+
+ if (ret < 0)
+ {
+ /* FIXME: When this error is returned, HWCryptoHook is
+ telling us that falling back to software computation
+ might be a good thing. */
+ if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
+ {
+ ENGINEerr(ENGINE_F_HWCRHK_RSA_MOD_EXP,ENGINE_R_REQUEST_FALLBACK);
+ }
+ else
+ {
+ ENGINEerr(ENGINE_F_HWCRHK_RSA_MOD_EXP,ENGINE_R_REQUEST_FAILED);
+ }
+ ERR_add_error_data(1,rmsg.buf);
+ goto err;
+ }
+ }
+ /* If we're here, we must be here with some semblance of success :-) */
+ to_return = 1;
+err:
+ return to_return;
+ }
+
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int hwcrhk_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+ {
+ return hwcrhk_mod_exp(r, a, p, m, ctx);
+ }
+
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int hwcrhk_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+ {
+ return hwcrhk_mod_exp(r, a, p, m, ctx);
+ }
+
+/* Random bytes are good */
+static int hwcrhk_rand_bytes(unsigned char *buf, int num)
+ {
+ char tempbuf[1024];
+ HWCryptoHook_ErrMsgBuf rmsg;
+ int to_return = 0; /* assume failure */
+ int ret;
+
+ rmsg.buf = tempbuf;
+ rmsg.size = 1024;
+
+ if(!hwcrhk_context)
+ {
+ ENGINEerr(ENGINE_F_HWCRHK_RAND_BYTES,ENGINE_R_NOT_INITIALISED);
+ goto err;
+ }
+
+ ret = p_hwcrhk_RandomBytes(hwcrhk_context, buf, num, &rmsg);
+ if (ret < 0)
+ {
+ /* FIXME: When this error is returned, HWCryptoHook is
+ telling us that falling back to software computation
+ might be a good thing. */
+ if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
+ {
+ ENGINEerr(ENGINE_F_HWCRHK_RAND_BYTES,ENGINE_R_REQUEST_FALLBACK);
+ }
+ else
+ {
+ ENGINEerr(ENGINE_F_HWCRHK_RAND_BYTES,ENGINE_R_REQUEST_FAILED);
+ }
+ ERR_add_error_data(1,rmsg.buf);
+ goto err;
+ }
+ to_return = 1;
+ err:
+ return to_return;
+ }
+
+static int hwcrhk_rand_status(void)
+ {
+ return 1;
+ }
+
+/* This cleans up an RSA KM key, called when ex_data is freed */
+
+static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
+ int ind,long argl, void *argp)
+{
+ char tempbuf[1024];
+ HWCryptoHook_ErrMsgBuf rmsg;
+ HWCryptoHook_RSAKeyHandle *hptr;
+ int ret;
+
+ rmsg.buf = tempbuf;
+ rmsg.size = 1024;
+
+ hptr = (HWCryptoHook_RSAKeyHandle *) item;
+ if(!hptr) return;
+ ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL);
+ OPENSSL_free(hptr);
+}
+
+/* Mutex calls: since the HWCryptoHook model closely follows the POSIX model
+ * these just wrap the POSIX functions and add some logging.
+ */
+
+static int hwcrhk_mutex_init(HWCryptoHook_Mutex* mt,
+ HWCryptoHook_CallerContext *cactx)
+ {
+ mt->lockid = CRYPTO_get_new_dynlockid();
+ if (mt->lockid == 0)
+ return 0;
+ return 1;
+ }
+
+static int hwcrhk_mutex_lock(HWCryptoHook_Mutex *mt)
+ {
+ CRYPTO_w_lock(mt->lockid);
+ return 1;
+ }
+
+void hwcrhk_mutex_unlock(HWCryptoHook_Mutex * mt)
+ {
+ CRYPTO_w_unlock(mt->lockid);
+ }
+
+static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex *mt)
+ {
+ CRYPTO_destroy_dynlockid(mt->lockid);
+ }
+
+static int hwcrhk_get_pass(const char *prompt_info,
+ int *len_io, char *buf,
+ HWCryptoHook_PassphraseContext *ppctx,
+ HWCryptoHook_CallerContext *cactx)
+ {
+ int l = 0;
+ char prompt[1024];
+
+ if (password_callback == NULL)
+ {
+ ENGINEerr(ENGINE_F_HWCRHK_GET_PASS,ENGINE_R_NO_CALLBACK);
+ return -1;
+ }
+ if (prompt_info)
+ {
+ strncpy(prompt, "Card: \"", sizeof(prompt));
+ l += 5;
+ strncpy(prompt + l, prompt_info, sizeof(prompt) - l);
+ l += strlen(prompt_info);
+ if (l + 2 < sizeof(prompt))
+ {
+ strncpy(prompt + l, "\"\n", sizeof(prompt) - l);
+ l += 2;
+ }
+ }
+ if (l < sizeof(prompt) - 1)
+ {
+ strncpy(prompt, "Enter Passphrase <enter to cancel>:",
+ sizeof(prompt) - l);
+ l += 35;
+ }
+ prompt[l] = '\0';
+
+ /* I know, passing on the prompt instead of the user data *is*
+ a bad thing. However, that's all we have right now.
+ -- Richard Levitte */
+ *len_io = password_callback(buf, *len_io, 0, prompt);
+ if(!*len_io)
+ return -1;
+ return 0;
+ }
+
+static void hwcrhk_log_message(void *logstr, const char *message)
+ {
+ BIO *lstream = NULL;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_BIO);
+ if (logstr)
+ lstream=*(BIO **)logstr;
+ if (lstream)
+ {
+ BIO_write(lstream, message, strlen(message));
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_BIO);
+ }
+
+#endif /* !NO_HW_NCIPHER */
+#endif /* !NO_HW */
diff --git a/crypto/engine/hw_nuron.c b/crypto/engine/hw_nuron.c
new file mode 100644
index 0000000..d8a3e3f
--- /dev/null
+++ b/crypto/engine/hw_nuron.c
@@ -0,0 +1,286 @@
+/* crypto/engine/hw_nuron.c */
+/* Written by Ben Laurie for the OpenSSL Project, leaning heavily on Geoff
+ * Thorpe's Atalla implementation.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+#include "engine_int.h"
+#include <openssl/engine.h>
+#include <dlfcn.h>
+
+
+#ifndef NO_HW
+#ifndef NO_HW_NURON
+
+typedef int tfnModExp(BIGNUM *r,BIGNUM *a,const BIGNUM *p,const BIGNUM *m);
+static tfnModExp *pfnModExp = NULL;
+
+static DSO *pvDSOHandle = NULL;
+
+static int nuron_init()
+ {
+ if(pvDSOHandle != NULL)
+ {
+ ENGINEerr(ENGINE_F_NURON_INIT,ENGINE_R_ALREADY_LOADED);
+ return 0;
+ }
+
+ pvDSOHandle=DSO_load(NULL,"nuronssl",NULL,
+ DSO_FLAG_NAME_TRANSLATION_EXT_ONLY);
+ if(!pvDSOHandle)
+ {
+ ENGINEerr(ENGINE_F_NURON_INIT,ENGINE_R_DSO_NOT_FOUND);
+ return 0;
+ }
+
+ pfnModExp=(tfnModExp *)DSO_bind_func(pvDSOHandle,"nuron_mod_exp");
+ if(!pfnModExp)
+ {
+ ENGINEerr(ENGINE_F_NURON_INIT,ENGINE_R_DSO_FUNCTION_NOT_FOUND);
+ return 0;
+ }
+
+ return 1;
+ }
+
+static int nuron_finish()
+ {
+ if(pvDSOHandle == NULL)
+ {
+ ENGINEerr(ENGINE_F_NURON_FINISH,ENGINE_R_NOT_LOADED);
+ return 0;
+ }
+ if(!DSO_free(pvDSOHandle))
+ {
+ ENGINEerr(ENGINE_F_NURON_FINISH,ENGINE_R_DSO_FAILURE);
+ return 0;
+ }
+ pvDSOHandle=NULL;
+ pfnModExp=NULL;
+ return 1;
+ }
+
+static int nuron_mod_exp(BIGNUM *r,BIGNUM *a,const BIGNUM *p,
+ const BIGNUM *m,BN_CTX *ctx)
+ {
+ if(!pvDSOHandle)
+ {
+ ENGINEerr(ENGINE_F_NURON_MOD_EXP,ENGINE_R_NOT_LOADED);
+ return 0;
+ }
+ return pfnModExp(r,a,p,m);
+ }
+
+static int nuron_rsa_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
+ {
+ return nuron_mod_exp(r0,I,rsa->d,rsa->n,NULL);
+ }
+
+/* This code was liberated and adapted from the commented-out code in
+ * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration
+ * (it doesn't have a CRT form for RSA), this function means that an
+ * Atalla system running with a DSA server certificate can handshake
+ * around 5 or 6 times faster/more than an equivalent system running with
+ * RSA. Just check out the "signs" statistics from the RSA and DSA parts
+ * of "openssl speed -engine atalla dsa1024 rsa1024". */
+static int nuron_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+ BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *in_mont)
+ {
+ BIGNUM t;
+ int to_return = 0;
+
+ BN_init(&t);
+ /* let rr = a1 ^ p1 mod m */
+ if (!nuron_mod_exp(rr,a1,p1,m,ctx))
+ goto end;
+ /* let t = a2 ^ p2 mod m */
+ if (!nuron_mod_exp(&t,a2,p2,m,ctx))
+ goto end;
+ /* let rr = rr * t mod m */
+ if (!BN_mod_mul(rr,rr,&t,m,ctx))
+ goto end;
+ to_return = 1;
+end:
+ BN_free(&t);
+ return to_return;
+ }
+
+
+static int nuron_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx)
+ {
+ return nuron_mod_exp(r, a, p, m, ctx);
+ }
+
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int nuron_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+ {
+ return nuron_mod_exp(r, a, p, m, ctx);
+ }
+
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int nuron_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+ {
+ return nuron_mod_exp(r, a, p, m, ctx);
+ }
+
+static RSA_METHOD nuron_rsa =
+ {
+ "Nuron RSA method",
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ nuron_rsa_mod_exp,
+ nuron_mod_exp_mont,
+ NULL,
+ NULL,
+ 0,
+ NULL,
+ NULL,
+ NULL
+ };
+
+static DSA_METHOD nuron_dsa =
+ {
+ "Nuron DSA method",
+ NULL, /* dsa_do_sign */
+ NULL, /* dsa_sign_setup */
+ NULL, /* dsa_do_verify */
+ nuron_dsa_mod_exp, /* dsa_mod_exp */
+ nuron_mod_exp_dsa, /* bn_mod_exp */
+ NULL, /* init */
+ NULL, /* finish */
+ 0, /* flags */
+ NULL /* app_data */
+ };
+
+static DH_METHOD nuron_dh =
+ {
+ "Nuron DH method",
+ NULL,
+ NULL,
+ nuron_mod_exp_dh,
+ NULL,
+ NULL,
+ 0,
+ NULL
+ };
+
+static ENGINE engine_nuron =
+ {
+ "nuron",
+ "Nuron hardware engine support",
+ &nuron_rsa,
+ &nuron_dsa,
+ &nuron_dh,
+ NULL,
+ nuron_mod_exp,
+ NULL,
+ nuron_init,
+ nuron_finish,
+ NULL, /* no ctrl() */
+ NULL, /* no load_privkey() */
+ NULL, /* no load_pubkey() */
+ 0, /* no flags */
+ 0, 0, /* no references */
+ NULL, NULL /* unlinked */
+ };
+
+/* As this is only ever called once, there's no need for locking
+ * (indeed - the lock will already be held by our caller!!!) */
+ENGINE *ENGINE_nuron()
+ {
+ RSA_METHOD *meth1;
+ DSA_METHOD *meth2;
+ DH_METHOD *meth3;
+
+ /* We know that the "PKCS1_SSLeay()" functions hook properly
+ * to the nuron-specific mod_exp and mod_exp_crt so we use
+ * those functions. NB: We don't use ENGINE_openssl() or
+ * anything "more generic" because something like the RSAref
+ * code may not hook properly, and if you own one of these
+ * cards then you have the right to do RSA operations on it
+ * anyway! */
+ meth1=RSA_PKCS1_SSLeay();
+ nuron_rsa.rsa_pub_enc=meth1->rsa_pub_enc;
+ nuron_rsa.rsa_pub_dec=meth1->rsa_pub_dec;
+ nuron_rsa.rsa_priv_enc=meth1->rsa_priv_enc;
+ nuron_rsa.rsa_priv_dec=meth1->rsa_priv_dec;
+
+ /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
+ * bits. */
+ meth2=DSA_OpenSSL();
+ nuron_dsa.dsa_do_sign=meth2->dsa_do_sign;
+ nuron_dsa.dsa_sign_setup=meth2->dsa_sign_setup;
+ nuron_dsa.dsa_do_verify=meth2->dsa_do_verify;
+
+ /* Much the same for Diffie-Hellman */
+ meth3=DH_OpenSSL();
+ nuron_dh.generate_key=meth3->generate_key;
+ nuron_dh.compute_key=meth3->compute_key;
+ return &engine_nuron;
+ }
+
+#endif /* !NO_HW_NURON */
+#endif /* !NO_HW */
diff --git a/crypto/engine/vendor_defns/atalla.h b/crypto/engine/vendor_defns/atalla.h
new file mode 100644
index 0000000..8111649
--- /dev/null
+++ b/crypto/engine/vendor_defns/atalla.h
@@ -0,0 +1,61 @@
+/* This header declares the necessary definitions for using the exponentiation
+ * acceleration capabilities of Atalla cards. The only cryptographic operation
+ * is performed by "ASI_RSAPrivateKeyOpFn" and this takes a structure that
+ * defines an "RSA private key". However, it is really only performing a
+ * regular mod_exp using the supplied modulus and exponent - no CRT form is
+ * being used. Hence, it is a generic mod_exp function in disguise, and we use
+ * it as such.
+ *
+ * Thanks to the people at Atalla for letting me know these definitions are
+ * fine and that they can be reproduced here.
+ *
+ * Geoff.
+ */
+
+typedef struct ItemStr
+ {
+ unsigned char *data;
+ int len;
+ } Item;
+
+typedef struct RSAPrivateKeyStr
+ {
+ void *reserved;
+ Item version;
+ Item modulus;
+ Item publicExponent;
+ Item privateExponent;
+ Item prime[2];
+ Item exponent[2];
+ Item coefficient;
+ } RSAPrivateKey;
+
+/* Predeclare the function pointer types that we dynamically load from the DSO.
+ * These use the same names and form that Ben's original support code had (in
+ * crypto/bn/bn_exp.c) unless of course I've inadvertently changed the style
+ * somewhere along the way!
+ */
+
+typedef int tfnASI_GetPerformanceStatistics(int reset_flag,
+ unsigned int *ret_buf);
+
+typedef int tfnASI_GetHardwareConfig(long card_num, unsigned int *ret_buf);
+
+typedef int tfnASI_RSAPrivateKeyOpFn(RSAPrivateKey * rsaKey,
+ unsigned char *output,
+ unsigned char *input,
+ unsigned int modulus_len);
+
+/* These are the static string constants for the DSO file name and the function
+ * symbol names to bind to. Regrettably, the DSO name on *nix appears to be
+ * "atasi.so" rather than something more consistent like "libatasi.so". At the
+ * time of writing, I'm not sure what the file name on win32 is but clearly
+ * native name translation is not possible (eg libatasi.so on *nix, and
+ * atasi.dll on win32). For the purposes of testing, I have created a symbollic
+ * link called "libatasi.so" so that we can use native name-translation - a
+ * better solution will be needed. */
+static const char *ATALLA_LIBNAME = "atasi";
+static const char *ATALLA_F1 = "ASI_GetHardwareConfig";
+static const char *ATALLA_F2 = "ASI_RSAPrivateKeyOpFn";
+static const char *ATALLA_F3 = "ASI_GetPerformanceStatistics";
+
diff --git a/crypto/engine/vendor_defns/cswift.h b/crypto/engine/vendor_defns/cswift.h
new file mode 100644
index 0000000..0af14a1
--- /dev/null
+++ b/crypto/engine/vendor_defns/cswift.h
@@ -0,0 +1,213 @@
+/* Attribution notice: Rainbow have generously allowed me to reproduce
+ * the necessary definitions here from their API. This means the support
+ * can build independently of whether application builders have the
+ * API or hardware. This will allow developers to easily produce software
+ * that has latent hardware support for any users that have accelertors
+ * installed, without the developers themselves needing anything extra.
+ *
+ * I have only clipped the parts from the CryptoSwift header files that
+ * are (or seem) relevant to the CryptoSwift support code. This is
+ * simply to keep the file sizes reasonable.
+ * [Geoff]
+ */
+
+
+/* NB: These type widths do *not* seem right in general, in particular
+ * they're not terribly friendly to 64-bit architectures (unsigned long)
+ * will be 64-bit on IA-64 for a start. I'm leaving these alone as they
+ * agree with Rainbow's API and this will only be called into question
+ * on platforms with Rainbow support anyway! ;-) */
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+typedef long SW_STATUS; /* status */
+typedef unsigned char SW_BYTE; /* 8 bit byte */
+typedef unsigned short SW_U16; /* 16 bit number */
+#if defined(_IRIX)
+#include <sgidefs.h>
+typedef __uint32_t SW_U32;
+#else
+typedef unsigned long SW_U32; /* 32 bit integer */
+#endif
+
+#if defined(WIN32)
+ typedef struct _SW_U64 {
+ SW_U32 low32;
+ SW_U32 high32;
+ } SW_U64; /* 64 bit integer */
+#elif defined(MAC)
+ typedef longlong SW_U64
+#else /* Unix variants */
+ typedef struct _SW_U64 {
+ SW_U32 low32;
+ SW_U32 high32;
+ } SW_U64; /* 64 bit integer */
+#endif
+
+/* status codes */
+#define SW_OK (0L)
+#define SW_ERR_BASE (-10000L)
+#define SW_ERR_NO_CARD (SW_ERR_BASE-1) /* The Card is not present */
+#define SW_ERR_CARD_NOT_READY (SW_ERR_BASE-2) /* The card has not powered */
+ /* up yet */
+#define SW_ERR_TIME_OUT (SW_ERR_BASE-3) /* Execution of a command */
+ /* time out */
+#define SW_ERR_NO_EXECUTE (SW_ERR_BASE-4) /* The Card failed to */
+ /* execute the command */
+#define SW_ERR_INPUT_NULL_PTR (SW_ERR_BASE-5) /* a required pointer is */
+ /* NULL */
+#define SW_ERR_INPUT_SIZE (SW_ERR_BASE-6) /* size is invalid, too */
+ /* small, too large. */
+#define SW_ERR_INVALID_HANDLE (SW_ERR_BASE-7) /* Invalid SW_ACC_CONTEXT */
+ /* handle */
+#define SW_ERR_PENDING (SW_ERR_BASE-8) /* A request is already out- */
+ /* standing at this */
+ /* context handle */
+#define SW_ERR_AVAILABLE (SW_ERR_BASE-9) /* A result is available. */
+#define SW_ERR_NO_PENDING (SW_ERR_BASE-10)/* No request is pending. */
+#define SW_ERR_NO_MEMORY (SW_ERR_BASE-11)/* Not enough memory */
+#define SW_ERR_BAD_ALGORITHM (SW_ERR_BASE-12)/* Invalid algorithm type */
+ /* in SW_PARAM structure */
+#define SW_ERR_MISSING_KEY (SW_ERR_BASE-13)/* No key is associated with */
+ /* context. */
+ /* swAttachKeyParam() is */
+ /* not called. */
+#define SW_ERR_KEY_CMD_MISMATCH \
+ (SW_ERR_BASE-14)/* Cannot perform requested */
+ /* SW_COMMAND_CODE since */
+ /* key attached via */
+ /* swAttachKeyParam() */
+ /* cannot be used for this*/
+ /* SW_COMMAND_CODE. */
+#define SW_ERR_NOT_IMPLEMENTED \
+ (SW_ERR_BASE-15)/* Not implemented */
+#define SW_ERR_BAD_COMMAND (SW_ERR_BASE-16)/* Bad command code */
+#define SW_ERR_BAD_ITEM_SIZE (SW_ERR_BASE-17)/* too small or too large in */
+ /* the "initems" or */
+ /* "outitems". */
+#define SW_ERR_BAD_ACCNUM (SW_ERR_BASE-18)/* Bad accelerator number */
+#define SW_ERR_SELFTEST_FAIL (SW_ERR_BASE-19)/* At least one of the self */
+ /* test fail, look at the */
+ /* selfTestBitmap in */
+ /* SW_ACCELERATOR_INFO for*/
+ /* details. */
+#define SW_ERR_MISALIGN (SW_ERR_BASE-20)/* Certain alogrithms require*/
+ /* key materials aligned */
+ /* in certain order, e.g. */
+ /* 128 bit for CRT */
+#define SW_ERR_OUTPUT_NULL_PTR \
+ (SW_ERR_BASE-21)/* a required pointer is */
+ /* NULL */
+#define SW_ERR_OUTPUT_SIZE \
+ (SW_ERR_BASE-22)/* size is invalid, too */
+ /* small, too large. */
+#define SW_ERR_FIRMWARE_CHECKSUM \
+ (SW_ERR_BASE-23)/* firmware checksum mismatch*/
+ /* download failed. */
+#define SW_ERR_UNKNOWN_FIRMWARE \
+ (SW_ERR_BASE-24)/* unknown firmware error */
+#define SW_ERR_INTERRUPT (SW_ERR_BASE-25)/* request is abort when */
+ /* it's waiting to be */
+ /* completed. */
+#define SW_ERR_NVWRITE_FAIL (SW_ERR_BASE-26)/* error in writing to Non- */
+ /* volatile memory */
+#define SW_ERR_NVWRITE_RANGE (SW_ERR_BASE-27)/* out of range error in */
+ /* writing to NV memory */
+#define SW_ERR_RNG_ERROR (SW_ERR_BASE-28)/* Random Number Generation */
+ /* failure */
+#define SW_ERR_DSS_FAILURE (SW_ERR_BASE-29)/* DSS Sign or Verify failure*/
+#define SW_ERR_MODEXP_FAILURE (SW_ERR_BASE-30)/* Failure in various math */
+ /* calculations */
+#define SW_ERR_ONBOARD_MEMORY (SW_ERR_BASE-31)/* Error in accessing on - */
+ /* board memory */
+#define SW_ERR_FIRMWARE_VERSION \
+ (SW_ERR_BASE-32)/* Wrong version in firmware */
+ /* update */
+#define SW_ERR_ZERO_WORKING_ACCELERATOR \
+ (SW_ERR_BASE-44)/* All accelerators are bad */
+
+
+ /* algorithm type */
+#define SW_ALG_CRT 1
+#define SW_ALG_EXP 2
+#define SW_ALG_DSA 3
+#define SW_ALG_NVDATA 4
+
+ /* command code */
+#define SW_CMD_MODEXP_CRT 1 /* perform Modular Exponentiation using */
+ /* Chinese Remainder Theorem (CRT) */
+#define SW_CMD_MODEXP 2 /* perform Modular Exponentiation */
+#define SW_CMD_DSS_SIGN 3 /* perform DSS sign */
+#define SW_CMD_DSS_VERIFY 4 /* perform DSS verify */
+#define SW_CMD_RAND 5 /* perform random number generation */
+#define SW_CMD_NVREAD 6 /* perform read to nonvolatile RAM */
+#define SW_CMD_NVWRITE 7 /* perform write to nonvolatile RAM */
+
+typedef SW_U32 SW_ALGTYPE; /* alogrithm type */
+typedef SW_U32 SW_STATE; /* state */
+typedef SW_U32 SW_COMMAND_CODE; /* command code */
+typedef SW_U32 SW_COMMAND_BITMAP[4]; /* bitmap */
+
+typedef struct _SW_LARGENUMBER {
+ SW_U32 nbytes; /* number of bytes in the buffer "value" */
+ SW_BYTE* value; /* the large integer as a string of */
+ /* bytes in network (big endian) order */
+} SW_LARGENUMBER;
+
+typedef struct _SW_CRT {
+ SW_LARGENUMBER p; /* prime number p */
+ SW_LARGENUMBER q; /* prime number q */
+ SW_LARGENUMBER dmp1; /* exponent1 */
+ SW_LARGENUMBER dmq1; /* exponent2 */
+ SW_LARGENUMBER iqmp; /* CRT coefficient */
+} SW_CRT;
+
+typedef struct _SW_EXP {
+ SW_LARGENUMBER modulus; /* modulus */
+ SW_LARGENUMBER exponent;/* exponent */
+} SW_EXP;
+
+typedef struct _SW_DSA {
+ SW_LARGENUMBER p; /* */
+ SW_LARGENUMBER q; /* */
+ SW_LARGENUMBER g; /* */
+ SW_LARGENUMBER key; /* private/public key */
+} SW_DSA;
+
+typedef struct _SW_NVDATA {
+ SW_U32 accnum; /* accelerator board number */
+ SW_U32 offset; /* offset in byte */
+} SW_NVDATA;
+
+typedef struct _SW_PARAM {
+ SW_ALGTYPE type; /* type of the alogrithm */
+ union {
+ SW_CRT crt;
+ SW_EXP exp;
+ SW_DSA dsa;
+ SW_NVDATA nvdata;
+ } up;
+} SW_PARAM;
+
+typedef SW_U32 SW_CONTEXT_HANDLE; /* opaque context handle */
+
+
+/* Now the OpenSSL bits, these function types are the for the function
+ * pointers that will bound into the Rainbow shared libraries. */
+typedef SW_STATUS t_swAcquireAccContext(SW_CONTEXT_HANDLE *hac);
+typedef SW_STATUS t_swAttachKeyParam(SW_CONTEXT_HANDLE hac,
+ SW_PARAM *key_params);
+typedef SW_STATUS t_swSimpleRequest(SW_CONTEXT_HANDLE hac,
+ SW_COMMAND_CODE cmd,
+ SW_LARGENUMBER pin[],
+ SW_U32 pin_count,
+ SW_LARGENUMBER pout[],
+ SW_U32 pout_count);
+typedef SW_STATUS t_swReleaseAccContext(SW_CONTEXT_HANDLE hac);
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
diff --git a/crypto/engine/vendor_defns/hwcryptohook.h b/crypto/engine/vendor_defns/hwcryptohook.h
new file mode 100644
index 0000000..ed88051
--- /dev/null
+++ b/crypto/engine/vendor_defns/hwcryptohook.h
@@ -0,0 +1,476 @@
+/*
+ * ModExp / RSA (with/without KM) plugin API
+ *
+ * The application will load a dynamic library which
+ * exports entrypoint(s) defined in this file.
+ *
+ * This set of entrypoints provides only a multithreaded,
+ * synchronous-within-each-thread, facility.
+ *
+ *
+ * This file is Copyright 1998-1999 nCipher Corporation Limited.
+ *
+ * This file is provided for your information and assistance. You are
+ * permitted to copy it verbatim, to use it to create compatible
+ * software, and for review and comment. However, you may not
+ * distribute changed versions or other derivative works. All other
+ * rights are reserved.
+ *
+ * IN NO EVENT SHALL NCIPHER CORPORATION LIMITED (`NCIPHER') AND/OR
+ * ANY OTHER AUTHORS OR DISTRIBUTORS OF THIS FILE BE LIABLE for any
+ * damages arising directly or indirectly from this file, its use or
+ * this licence. Without prejudice to the generality of the
+ * foregoing: all liability shall be excluded for direct, indirect,
+ * special, incidental, consequential or other damages or any loss of
+ * profits, business, revenue goodwill or anticipated savings;
+ * liability shall be excluded even if nCipher or anyone else has been
+ * advised of the possibility of damage. In any event, if the
+ * exclusion of liability is not effective, the liability of nCipher
+ * or any author or distributor shall be limited to the lesser of the
+ * price paid and 1,000 pounds sterling. This licence only fails to
+ * exclude or limit liability for death or personal injury arising out
+ * of negligence, and only to the extent that such an exclusion or
+ * limitation is not effective.
+ *
+ * NCIPHER AND THE AUTHORS AND DISTRIBUTORS SPECIFICALLY DISCLAIM ALL
+ * AND ANY WARRANTIES (WHETHER EXPRESS OR IMPLIED), including, but not
+ * limited to, any implied warranties of merchantability, fitness for
+ * a particular purpose, satisfactory quality, and/or non-infringement
+ * of any third party rights.
+ *
+ * US Government use: This software and documentation is Commercial
+ * Computer Software and Computer Software Documentation, as defined in
+ * sub-paragraphs (a)(1) and (a)(5) of DFAR 252.227-7014, "Rights in
+ * Noncommercial Computer Software and Noncommercial Computer Software
+ * Documentation." Use, duplication or disclosure by the Government is
+ * subject to the terms and conditions specified here.
+ *
+ * By using or distributing this file you will be accepting these
+ * terms and conditions, including the limitation of liability and
+ * lack of warranty. If you do not wish to accept these terms and
+ * conditions, DO NOT USE THE FILE.
+ *
+ *
+ * The actual dynamically loadable plugin, and the library files for
+ * static linking, which are also provided in this distribution, are
+ * not covered by the licence described above. You should have
+ * received a separate licence with terms and conditions for these
+ * library files; if you received the library files without a licence,
+ * please contact nCipher.
+ *
+ *
+ * $Id: hwcryptohook.h,v 1.2 2000/10/26 21:06:30 levitte Exp $
+ */
+
+#ifndef HWCRYPTOHOOK_H
+#define HWCRYPTOHOOK_H
+
+#include <sys/types.h>
+#include <stdio.h>
+
+#ifndef HWCRYPTOHOOK_DECLARE_APPTYPES
+#define HWCRYPTOHOOK_DECLARE_APPTYPES 1
+#endif
+
+#define HWCRYPTOHOOK_ERROR_FAILED -1
+#define HWCRYPTOHOOK_ERROR_FALLBACK -2
+#define HWCRYPTOHOOK_ERROR_MPISIZE -3
+
+#if HWCRYPTOHOOK_DECLARE_APPTYPES
+
+/* These structs are defined by the application and opaque to the
+ * crypto plugin. The application may define these as it sees fit.
+ * Default declarations are provided here, but the application may
+ * #define HWCRYPTOHOOK_DECLARE_APPTYPES 0
+ * to prevent these declarations, and instead provide its own
+ * declarations of these types. (Pointers to them must still be
+ * ordinary pointers to structs or unions, or the resulting combined
+ * program will have a type inconsistency.)
+ */
+typedef struct HWCryptoHook_MutexValue HWCryptoHook_Mutex;
+typedef struct HWCryptoHook_CondVarValue HWCryptoHook_CondVar;
+typedef struct HWCryptoHook_PassphraseContextValue HWCryptoHook_PassphraseContext;
+typedef struct HWCryptoHook_CallerContextValue HWCryptoHook_CallerContext;
+
+#endif /* HWCRYPTOHOOK_DECLARE_APPTYPES */
+
+/* These next two structs are opaque to the application. The crypto
+ * plugin will return pointers to them; the caller simply manipulates
+ * the pointers.
+ */
+typedef struct HWCryptoHook_Context *HWCryptoHook_ContextHandle;
+typedef struct HWCryptoHook_RSAKey *HWCryptoHook_RSAKeyHandle;
+
+typedef struct {
+ char *buf;
+ size_t size;
+} HWCryptoHook_ErrMsgBuf;
+/* Used for error reporting. When a HWCryptoHook function fails it
+ * will return a sentinel value (0 for pointer-valued functions, or a
+ * negative number, usually HWCRYPTOHOOK_ERROR_FAILED, for
+ * integer-valued ones). It will, if an ErrMsgBuf is passed, also put
+ * an error message there.
+ *
+ * size is the size of the buffer. When the buffer is filled, it will
+ * always be null-terminated. If you pass 0 buf buf you must pass 0
+ * for size, and nothing will be recorded (just as if you passed 0 for
+ * the struct pointer). Size will not be modified when an error is
+ * recorded. The buffer is always null-terminated even if there is an
+ * overrun.
+ *
+ * The contents of the buffer are not defined if there is no error.
+ */
+
+typedef struct HWCryptoHook_MPIStruct {
+ unsigned char *buf;
+ size_t size;
+} HWCryptoHook_MPI;
+/* When one of these is returned, a pointer is passed to the function.
+ * At call, size is the space available. Afterwards it is updated.
+ * buf (the pointer) is not updated. size is in bytes and may be
+ * zero, but must be a multiple of the limb size. Zero limbs at the
+ * MS end are not permitted.
+ */
+
+#define HWCryptoHook_InitFlags_FallbackModExp 0x0002UL
+#define HWCryptoHook_InitFlags_FallbackRSAImmed 0x0004UL
+/* Enable requesting fallback to software in case of problems with the
+ * hardware support. This indicates to the crypto provider that the
+ * application is prepared to fall back to software operation if the
+ * ModExp* or RSAImmed* functions return HWCRYPTOHOOK_ERROR_FALLBACK.
+ * Without this flag those calls will never return
+ * HWCRYPTOHOOK_ERROR_FALLBACK. The flag will also cause the crypto
+ * provider to avoid repeatedly attempting to contact dead hardware
+ * within a short interval, if appropriate.
+ */
+
+#define HWCryptoHook_InitFlags_SimpleForkCheck 0x0010UL
+/* Without _SimpleForkCheck the library is allowed to assume that the
+ * application will not fork and call the library in the child(ren).
+ *
+ * When it is specified, this is allowed. However, after a fork
+ * neither parent nor child may unload any loaded keys or call
+ * _Finish. Instead, they should call exit (or die with a signal)
+ * without calling _Finish. After all the children have died the
+ * parent may unload keys or call _Finish.
+ *
+ * This flag only has any effect on UN*X platforms.
+ */
+
+typedef struct {
+ unsigned long flags;
+ void *logstream; /* usually a FILE*. See below. */
+
+ size_t limbsize; /* bignum format - size of radix type, must be power of 2 */
+ int mslimbfirst; /* 0 or 1 */
+ int msbytefirst; /* 0 or 1; -1 = native */
+
+ /* All the callback functions should return 0 on success, or a
+ * nonzero integer (whose value will be visible in the error message
+ * put in the buffer passed to the call).
+ *
+ * If a callback is not available pass a null function pointer.
+ *
+ * The callbacks may not call down again into the crypto plugin.
+ */
+
+ /* For thread-safety. Set everything to 0 if you promise only to be
+ * singlethreaded. maxsimultaneous is the number of calls to
+ * ModExp[Crt]/RSAImmed{Priv,Pub}/RSA. If you don't know what to
+ * put there then say 0 and the hook library will use a default.
+ *
+ * maxmutexes is a small limit on the number of simultaneous mutexes
+ * which will be requested by the library. If there is no small
+ * limit, set it to 0. If the crypto plugin cannot create the
+ * advertised number of mutexes the calls to its functions may fail.
+ * If a low number of mutexes is advertised the plugin will try to
+ * do the best it can. Making larger numbers of mutexes available
+ * may improve performance and parallelism by reducing contention
+ * over critical sections. Unavailability of any mutexes, implying
+ * single-threaded operation, should be indicated by the setting
+ * mutex_init et al to 0.
+ */
+ int maxmutexes;
+ int maxsimultaneous;
+ size_t mutexsize;
+ int (*mutex_init)(HWCryptoHook_Mutex*, HWCryptoHook_CallerContext *cactx);
+ int (*mutex_acquire)(HWCryptoHook_Mutex*);
+ void (*mutex_release)(HWCryptoHook_Mutex*);
+ void (*mutex_destroy)(HWCryptoHook_Mutex*);
+
+ /* For greater efficiency, can use condition vars internally for
+ * synchronisation. In this case maxsimultaneous is ignored, but
+ * the other mutex stuff must be available. In singlethreaded
+ * programs, set everything to 0.
+ */
+ size_t condvarsize;
+ int (*condvar_init)(HWCryptoHook_CondVar*, HWCryptoHook_CallerContext *cactx);
+ int (*condvar_wait)(HWCryptoHook_CondVar*, HWCryptoHook_Mutex*);
+ void (*condvar_signal)(HWCryptoHook_CondVar*);
+ void (*condvar_broadcast)(HWCryptoHook_CondVar*);
+ void (*condvar_destroy)(HWCryptoHook_CondVar*);
+
+ /* The semantics of acquiring and releasing mutexes and broadcasting
+ * and waiting on condition variables are expected to be those from
+ * POSIX threads (pthreads). The mutexes may be (in pthread-speak)
+ * fast mutexes, recursive mutexes, or nonrecursive ones.
+ *
+ * The _release/_signal/_broadcast and _destroy functions must
+ * always succeed when given a valid argument; if they are given an
+ * invalid argument then the program (crypto plugin + application)
+ * has an internal error, and they should abort the program.
+ */
+
+ int (*getpassphrase)(const char *prompt_info,
+ int *len_io, char *buf,
+ HWCryptoHook_PassphraseContext *ppctx,
+ HWCryptoHook_CallerContext *cactx);
+ /* Passphrases and the prompt_info, if they contain high-bit-set
+ * characters, are UTF-8. The prompt_info may be a null pointer if
+ * no prompt information is available (it should not be an empty
+ * string). It will not contain text like `enter passphrase';
+ * instead it might say something like `Operator Card for John
+ * Smith' or `SmartCard in nFast Module #1, Slot #1'.
+ *
+ * buf points to a buffer in which to return the passphrase; on
+ * entry *len_io is the length of the buffer. It should be updated
+ * by the callback. The returned passphrase should not be
+ * null-terminated by the callback.
+ */
+
+ int (*getphystoken)(const char *prompt_info,
+ const char *wrong_info,
+ HWCryptoHook_PassphraseContext *ppctx,
+ HWCryptoHook_CallerContext *cactx);
+ /* Requests that the human user physically insert a different
+ * smartcard, DataKey, etc. The plugin should check whether the
+ * currently inserted token(s) are appropriate, and if they are it
+ * should not make this call.
+ *
+ * prompt_info is as before. wrong_info is a description of the
+ * currently inserted token(s) so that the user is told what
+ * something is. wrong_info, like prompt_info, may be null, but
+ * should not be an empty string. Its contents should be
+ * syntactically similar to that of prompt_info.
+ */
+
+ /* Note that a single LoadKey operation might cause several calls to
+ * getpassphrase and/or requestphystoken. If requestphystoken is
+ * not provided (ie, a null pointer is passed) then the plugin may
+ * not support loading keys for which authorisation by several cards
+ * is required. If getpassphrase is not provided then cards with
+ * passphrases may not be supported.
+ *
+ * getpassphrase and getphystoken do not need to check that the
+ * passphrase has been entered correctly or the correct token
+ * inserted; the crypto plugin will do that. If this is not the
+ * case then the crypto plugin is responsible for calling these
+ * routines again as appropriate until the correct token(s) and
+ * passphrase(s) are supplied as required, or until any retry limits
+ * implemented by the crypto plugin are reached.
+ *
+ * In either case, the application must allow the user to say `no'
+ * or `cancel' to indicate that they do not know the passphrase or
+ * have the appropriate token; this should cause the callback to
+ * return nonzero indicating error.
+ */
+
+ void (*logmessage)(void *logstream, const char *message);
+ /* A log message will be generated at least every time something goes
+ * wrong and an ErrMsgBuf is filled in (or would be if one was
+ * provided). Other diagnostic information may be written there too,
+ * including more detailed reasons for errors which are reported in an
+ * ErrMsgBuf.
+ *
+ * When a log message is generated, this callback is called. It
+ * should write a message to the relevant logging arrangements.
+ *
+ * The message string passed will be null-terminated and may be of arbitrary
+ * length. It will not be prefixed by the time and date, nor by the
+ * name of the library that is generating it - if this is required,
+ * the logmessage callback must do it. The message will not have a
+ * trailing newline (though it may contain internal newlines).
+ *
+ * If a null pointer is passed for logmessage a default function is
+ * used. The default function treats logstream as a FILE* which has
+ * been converted to a void*. If logstream is 0 it does nothing.
+ * Otherwise it prepends the date and time and library name and
+ * writes the message to logstream. Each line will be prefixed by a
+ * descriptive string containing the date, time and identity of the
+ * crypto plugin. Errors on the logstream are not reported
+ * anywhere, and the default function doesn't flush the stream, so
+ * the application must set the buffering how it wants it.
+ *
+ * The crypto plugin may also provide a facility to have copies of
+ * log messages sent elsewhere, and or for adjusting the verbosity
+ * of the log messages; any such facilities will be configured by
+ * external means.
+ */
+
+} HWCryptoHook_InitInfo;
+
+typedef
+HWCryptoHook_ContextHandle HWCryptoHook_Init_t(const HWCryptoHook_InitInfo *initinfo,
+ size_t initinfosize,
+ HWCryptoHook_ErrMsgBuf *errors,
+ HWCryptoHook_CallerContext *cactx);
+extern HWCryptoHook_Init_t HWCryptoHook_Init;
+
+/* Caller should set initinfosize to the size of the HWCryptoHook struct,
+ * so it can be extended later.
+ *
+ * On success, a message for display or logging by the server,
+ * including the name and version number of the plugin, will be filled
+ * in into *errors; on failure *errors is used for error handling, as
+ * usual.
+ */
+
+/* All these functions return 0 on success, HWCRYPTOHOOK_ERROR_FAILED
+ * on most failures. HWCRYPTOHOOK_ERROR_MPISIZE means at least one of
+ * the output MPI buffer(s) was too small; the sizes of all have been
+ * set to the desired size (and for those where the buffer was large
+ * enough, the value may have been copied in), and no error message
+ * has been recorded.
+ *
+ * You may pass 0 for the errors struct. In any case, unless you set
+ * _NoStderr at init time then messages may be reported to stderr.
+ */
+
+/* The RSAImmed* functions (and key managed RSA) only work with
+ * modules which have an RSA patent licence - currently that means KM
+ * units; the ModExp* ones work with all modules, so you need a patent
+ * licence in the software in the US.
+ */
+
+typedef
+void HWCryptoHook_Finish_t(HWCryptoHook_ContextHandle hwctx);
+extern HWCryptoHook_Finish_t HWCryptoHook_Finish;
+/* You must not have any calls going or keys loaded when you call this. */
+
+typedef
+int HWCryptoHook_RandomBytes_t(HWCryptoHook_ContextHandle hwctx,
+ unsigned char *buf, size_t len,
+ const HWCryptoHook_ErrMsgBuf *errors);
+extern HWCryptoHook_RandomBytes_t HWCryptoHook_RandomBytes;
+
+typedef
+int HWCryptoHook_ModExp_t(HWCryptoHook_ContextHandle hwctx,
+ HWCryptoHook_MPI a,
+ HWCryptoHook_MPI p,
+ HWCryptoHook_MPI n,
+ HWCryptoHook_MPI *r,
+ const HWCryptoHook_ErrMsgBuf *errors);
+extern HWCryptoHook_ModExp_t HWCryptoHook_ModExp;
+
+typedef
+int HWCryptoHook_RSAImmedPub_t(HWCryptoHook_ContextHandle hwctx,
+ HWCryptoHook_MPI m,
+ HWCryptoHook_MPI e,
+ HWCryptoHook_MPI n,
+ HWCryptoHook_MPI *r,
+ const HWCryptoHook_ErrMsgBuf *errors);
+extern HWCryptoHook_RSAImmedPub_t HWCryptoHook_RSAImmedPub;
+
+typedef
+int HWCryptoHook_ModExpCRT_t(HWCryptoHook_ContextHandle hwctx,
+ HWCryptoHook_MPI a,
+ HWCryptoHook_MPI p,
+ HWCryptoHook_MPI q,
+ HWCryptoHook_MPI dmp1,
+ HWCryptoHook_MPI dmq1,
+ HWCryptoHook_MPI iqmp,
+ HWCryptoHook_MPI *r,
+ const HWCryptoHook_ErrMsgBuf *errors);
+extern HWCryptoHook_ModExpCRT_t HWCryptoHook_ModExpCRT;
+
+typedef
+int HWCryptoHook_RSAImmedPriv_t(HWCryptoHook_ContextHandle hwctx,
+ HWCryptoHook_MPI m,
+ HWCryptoHook_MPI p,
+ HWCryptoHook_MPI q,
+ HWCryptoHook_MPI dmp1,
+ HWCryptoHook_MPI dmq1,
+ HWCryptoHook_MPI iqmp,
+ HWCryptoHook_MPI *r,
+ const HWCryptoHook_ErrMsgBuf *errors);
+extern HWCryptoHook_RSAImmedPriv_t HWCryptoHook_RSAImmedPriv;
+
+/* The RSAImmed* and ModExp* functions may return E_FAILED or
+ * E_FALLBACK for failure.
+ *
+ * E_FAILED means the failure is permanent and definite and there
+ * should be no attempt to fall back to software. (Eg, for some
+ * applications, which support only the acceleration-only
+ * functions, the `key material' may actually be an encoded key
+ * identifier, and doing the operation in software would give wrong
+ * answers.)
+ *
+ * E_FALLBACK means that doing the computation in software would seem
+ * reasonable. If an application pays attention to this and is
+ * able to fall back, it should also set the Fallback init flags.
+ */
+
+typedef
+int HWCryptoHook_RSALoadKey_t(HWCryptoHook_ContextHandle hwctx,
+ const char *key_ident,
+ HWCryptoHook_RSAKeyHandle *keyhandle_r,
+ const HWCryptoHook_ErrMsgBuf *errors,
+ HWCryptoHook_PassphraseContext *ppctx);
+extern HWCryptoHook_RSALoadKey_t HWCryptoHook_RSALoadKey;
+/* The key_ident is a null-terminated string configured by the
+ * user via the application's usual configuration mechanisms.
+ * It is provided to the user by the crypto provider's key management
+ * system. The user must be able to enter at least any string of between
+ * 1 and 1023 characters inclusive, consisting of printable 7-bit
+ * ASCII characters. The provider should avoid using
+ * any characters except alphanumerics and the punctuation
+ * characters _ - + . / @ ~ (the user is expected to be able
+ * to enter these without quoting). The string may be case-sensitive.
+ * The application may allow the user to enter other NULL-terminated strings,
+ * and the provider must cope (returning an error if the string is not
+ * valid).
+ *
+ * If the key does not exist, it is _not_ an error - in that case,
+ * keyhandle_r will be set to 0 instead of to a key handle.
+ */
+
+typedef
+int HWCryptoHook_RSAGetPublicKey_t(HWCryptoHook_RSAKeyHandle k,
+ HWCryptoHook_MPI *n,
+ HWCryptoHook_MPI *e,
+ const HWCryptoHook_ErrMsgBuf *errors);
+extern HWCryptoHook_RSAGetPublicKey_t HWCryptoHook_RSAGetPublicKey;
+/* The crypto plugin will not store certificates.
+ *
+ * Although this function for acquiring the public key value is
+ * provided, it is not the purpose of this API to deal fully with the
+ * handling of the public key.
+ *
+ * It is expected that the crypto supplier's key generation program
+ * will provide general facilities for producing X.509
+ * self-certificates and certificate requests in PEM format. These
+ * will be given to the user so that they can configure them in the
+ * application, send them to CAs, or whatever.
+ *
+ * In case this kind of certificate handling is not appropriate, the
+ * crypto supplier's key generation program should be able to be
+ * configured not to generate such a self-certificate or certificate
+ * request. Then the application will need to do all of this, and
+ * will need to store and handle the public key and certificates
+ * itself.
+ */
+
+typedef
+int HWCryptoHook_RSAUnloadKey_t(HWCryptoHook_RSAKeyHandle k,
+ const HWCryptoHook_ErrMsgBuf *errors);
+extern HWCryptoHook_RSAUnloadKey_t HWCryptoHook_RSAUnloadKey;
+/* Might fail due to locking problems, or other serious internal problems. */
+
+typedef
+int HWCryptoHook_RSA_t(HWCryptoHook_MPI m,
+ HWCryptoHook_RSAKeyHandle k,
+ HWCryptoHook_MPI *r,
+ const HWCryptoHook_ErrMsgBuf *errors);
+extern HWCryptoHook_RSA_t HWCryptoHook_RSA;
+
+#endif /*HWCRYPTOHOOK_H*/
diff --git a/crypto/err/Makefile.ssl b/crypto/err/Makefile.ssl
index a31bc78..00ee86f 100644
--- a/crypto/err/Makefile.ssl
+++ b/crypto/err/Makefile.ssl
@@ -93,16 +93,17 @@
err_all.o: ../../include/openssl/des.h ../../include/openssl/dh.h
err_all.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
err_all.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-err_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-err_all.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-err_all.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-err_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-err_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-err_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-err_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
-err_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-err_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-err_all.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
+err_all.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+err_all.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+err_all.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+err_all.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+err_all.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+err_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+err_all.o: ../../include/openssl/opensslv.h ../../include/openssl/pem2.h
+err_all.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+err_all.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+err_all.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+err_all.o: ../../include/openssl/rijndael-alg-fst.h
err_all.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
err_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
err_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
diff --git a/crypto/err/err.c b/crypto/err/err.c
index bfecb86..99272e4 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -157,6 +157,7 @@
{ERR_PACK(ERR_LIB_PKCS12,0,0) ,"PKCS12 routines"},
{ERR_PACK(ERR_LIB_RAND,0,0) ,"random number generator"},
{ERR_PACK(ERR_LIB_DSO,0,0) ,"DSO support routines"},
+{ERR_PACK(ERR_LIB_ENGINE,0,0) ,"engine routines"},
{0,NULL},
};
@@ -208,6 +209,7 @@
{ERR_R_ASN1_LENGTH_MISMATCH ,"asn1 length mismatch"},
{ERR_R_MISSING_ASN1_EOS ,"missing asn1 eos"},
{ERR_R_DSO_LIB ,"DSO lib"},
+{ERR_R_ENGINE_LIB ,"ENGINE lib"},
{0,NULL},
};
diff --git a/crypto/err/err.h b/crypto/err/err.h
index 2c3d39c..7388a4a 100644
--- a/crypto/err/err.h
+++ b/crypto/err/err.h
@@ -132,6 +132,7 @@
#define ERR_LIB_PKCS12 35
#define ERR_LIB_RAND 36
#define ERR_LIB_DSO 37
+#define ERR_LIB_ENGINE 38
#define ERR_LIB_USER 128
@@ -161,6 +162,7 @@
#define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),ERR_file_name,__LINE__)
#define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),ERR_file_name,__LINE__)
#define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),ERR_file_name,__LINE__)
+#define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),ERR_file_name,__LINE__)
/* Borland C seems too stupid to be able to shift and do longs in
* the pre-processor :-( */
@@ -210,6 +212,7 @@
#define ERR_R_PKCS7_LIB ERR_LIB_PKCS7
#define ERR_R_PKCS12_LIB ERR_LIB_PKCS12
#define ERR_R_DSO_LIB ERR_LIB_DSO
+#define ERR_R_ENGINE_LIB ERR_LIB_ENGINE
/* fatal error */
#define ERR_R_MALLOC_FAILURE (1|ERR_R_FATAL)
diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c
index 638ed3f..b8315d8 100644
--- a/crypto/err/err_all.c
+++ b/crypto/err/err_all.c
@@ -81,8 +81,9 @@
#include <openssl/conf.h>
#include <openssl/pkcs12.h>
#include <openssl/rand.h>
-#include <openssl/err.h>
#include <openssl/dso.h>
+#include <openssl/engine.h>
+#include <openssl/err.h>
void ERR_load_crypto_strings(void)
{
@@ -120,5 +121,6 @@
ERR_load_PKCS12_strings();
ERR_load_RAND_strings();
ERR_load_DSO_strings();
+ ERR_load_ENGINE_strings();
#endif
}
diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec
index 02deaa6..861d680 100644
--- a/crypto/err/openssl.ec
+++ b/crypto/err/openssl.ec
@@ -23,6 +23,7 @@
L SSL ssl/ssl.h ssl/ssl_err.c
L COMP crypto/comp/comp.h crypto/comp/comp_err.c
L RAND crypto/rand/rand.h crypto/rand/rand_err.c
+L ENGINE crypto/engine/engine.h crypto/engine/engine_err.c
F RSAREF_F_RSA_BN2BIN
diff --git a/crypto/install.com b/crypto/install.com
index 8c283c4..4780118 100644
--- a/crypto/install.com
+++ b/crypto/install.com
@@ -34,7 +34,7 @@
$
$ SDIRS := ,MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,-
DES,RC2,RC4,RC5,IDEA,BF,CAST,-
- BN,RSA,DSA,DH,DSO,-
+ BN,RSA,DSA,DH,DSO,ENGINE,RIJNDAEL,-
BUFFER,BIO,STACK,LHASH,RAND,ERR,OBJECTS,-
EVP,ASN1,PEM,X509,X509V3,CONF,TXT_DB,PKCS7,PKCS12,COMP
$ EXHEADER_ := crypto.h,tmdiff.h,opensslv.h,opensslconf.h,ebcdic.h,symhacks.h
@@ -57,6 +57,8 @@
$ EXHEADER_DSA := dsa.h
$ EXHEADER_DH := dh.h
$ EXHEADER_DSO := dso.h
+$ EXHEADER_ENGINE := engine.h
+$ EXHEADER_RIJNDAEL := rijndael-alg-fst.h,rijndael.h
$ EXHEADER_BUFFER := buffer.h
$ EXHEADER_BIO := bio.h
$ EXHEADER_STACK := stack.h,safestack.h
diff --git a/crypto/rand/Makefile.ssl b/crypto/rand/Makefile.ssl
index e9a6876..a005df2 100644
--- a/crypto/rand/Makefile.ssl
+++ b/crypto/rand/Makefile.ssl
@@ -92,7 +92,24 @@
rand_err.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
rand_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
rand_err.o: ../../include/openssl/symhacks.h
-rand_lib.o: ../../include/openssl/rand.h
+rand_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rand_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+rand_lib.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+rand_lib.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+rand_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+rand_lib.o: ../../include/openssl/engine.h ../../include/openssl/evp.h
+rand_lib.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+rand_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+rand_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+rand_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rand_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+rand_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+rand_lib.o: ../../include/openssl/rc5.h
+rand_lib.o: ../../include/openssl/rijndael-alg-fst.h
+rand_lib.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+rand_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rand_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+rand_lib.o: ../../include/openssl/symhacks.h
rand_win.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
rand_win.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
rand_win.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
diff --git a/crypto/rand/rand.h b/crypto/rand/rand.h
index 971880e..eb9c8c0 100644
--- a/crypto/rand/rand.h
+++ b/crypto/rand/rand.h
@@ -77,7 +77,9 @@
extern int rand_predictable;
#endif
-void RAND_set_rand_method(RAND_METHOD *meth);
+struct engine_st;
+
+int RAND_set_rand_method(struct engine_st *meth);
RAND_METHOD *RAND_get_rand_method(void );
RAND_METHOD *RAND_SSLeay(void);
void RAND_cleanup(void );
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index 7da74aa..57eff0f 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -59,59 +59,78 @@
#include <stdio.h>
#include <time.h>
#include <openssl/rand.h>
+#include <openssl/engine.h>
-#ifdef NO_RAND
-static RAND_METHOD *rand_meth=NULL;
-#else
-extern RAND_METHOD rand_ssleay_meth;
-static RAND_METHOD *rand_meth= &rand_ssleay_meth;
-#endif
+static ENGINE *rand_engine=NULL;
+#if 0
void RAND_set_rand_method(RAND_METHOD *meth)
{
rand_meth=meth;
}
+#else
+int RAND_set_rand_method(ENGINE *engine)
+ {
+ ENGINE *mtmp;
+ mtmp = rand_engine;
+ if (!ENGINE_init(engine))
+ return 0;
+ rand_engine = engine;
+ /* SHOULD ERROR CHECK THIS!!! */
+ ENGINE_finish(mtmp);
+ return 1;
+ }
+#endif
RAND_METHOD *RAND_get_rand_method(void)
{
- return(rand_meth);
+ if (rand_engine == NULL
+ && (rand_engine = ENGINE_get_default_RAND()) == NULL)
+ return NULL;
+ return ENGINE_get_RAND(rand_engine);
}
void RAND_cleanup(void)
{
- if (rand_meth != NULL)
- rand_meth->cleanup();
+ RAND_METHOD *meth = RAND_get_rand_method();
+ if (meth && meth->cleanup)
+ meth->cleanup();
}
void RAND_seed(const void *buf, int num)
{
- if (rand_meth != NULL)
- rand_meth->seed(buf,num);
+ RAND_METHOD *meth = RAND_get_rand_method();
+ if (meth && meth->seed)
+ meth->seed(buf,num);
}
void RAND_add(const void *buf, int num, double entropy)
{
- if (rand_meth != NULL)
- rand_meth->add(buf,num,entropy);
+ RAND_METHOD *meth = RAND_get_rand_method();
+ if (meth && meth->add)
+ meth->add(buf,num,entropy);
}
int RAND_bytes(unsigned char *buf, int num)
{
- if (rand_meth != NULL)
- return rand_meth->bytes(buf,num);
+ RAND_METHOD *meth = RAND_get_rand_method();
+ if (meth && meth->bytes)
+ return meth->bytes(buf,num);
return(-1);
}
int RAND_pseudo_bytes(unsigned char *buf, int num)
{
- if (rand_meth != NULL)
- return rand_meth->pseudorand(buf,num);
+ RAND_METHOD *meth = RAND_get_rand_method();
+ if (meth && meth->pseudorand)
+ return meth->pseudorand(buf,num);
return(-1);
}
int RAND_status(void)
{
- if (rand_meth != NULL)
- return rand_meth->status();
+ RAND_METHOD *meth = RAND_get_rand_method();
+ if (meth && meth->status)
+ return meth->status();
return 0;
}
diff --git a/crypto/rsa/Makefile.ssl b/crypto/rsa/Makefile.ssl
index 8fd68a6..5e01a50 100644
--- a/crypto/rsa/Makefile.ssl
+++ b/crypto/rsa/Makefile.ssl
@@ -87,13 +87,24 @@
rsa_chk.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
rsa_chk.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
rsa_chk.o: ../../include/openssl/symhacks.h
-rsa_eay.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-rsa_eay.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_eay.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rsa_eay.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+rsa_eay.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+rsa_eay.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rsa_eay.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
rsa_eay.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-rsa_eay.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-rsa_eay.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
-rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_eay.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+rsa_eay.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+rsa_eay.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+rsa_eay.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+rsa_eay.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+rsa_eay.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+rsa_eay.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+rsa_eay.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
+rsa_eay.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+rsa_eay.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_eay.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
rsa_eay.o: ../../include/openssl/symhacks.h ../cryptlib.h
rsa_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
rsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/err.h
@@ -109,14 +120,25 @@
rsa_gen.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
rsa_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
rsa_gen.o: ../cryptlib.h
-rsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rsa_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+rsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
rsa_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-rsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-rsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+rsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+rsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+rsa_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+rsa_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+rsa_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+rsa_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+rsa_lib.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
+rsa_lib.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
rsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-rsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-rsa_lib.o: ../cryptlib.h
+rsa_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+rsa_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h
rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
rsa_none.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
rsa_none.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
@@ -179,15 +201,15 @@
rsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
rsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
rsa_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-rsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-rsa_sign.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-rsa_sign.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-rsa_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-rsa_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-rsa_sign.o: ../../include/openssl/opensslconf.h
+rsa_sign.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+rsa_sign.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+rsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+rsa_sign.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+rsa_sign.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+rsa_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
rsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-rsa_sign.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-rsa_sign.o: ../../include/openssl/rc5.h
+rsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+rsa_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
rsa_sign.o: ../../include/openssl/rijndael-alg-fst.h
rsa_sign.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
rsa_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h
index fef4ef5..bda636a 100644
--- a/crypto/rsa/rsa.h
+++ b/crypto/rsa/rsa.h
@@ -114,7 +114,11 @@
* this is passed instead of aEVP_PKEY, it is set to 0 */
int pad;
int version;
+#if 0
RSA_METHOD *meth;
+#else
+ struct engine_st *engine;
+#endif
BIGNUM *n;
BIGNUM *e;
BIGNUM *d;
@@ -168,7 +172,11 @@
#define RSA_get_app_data(s) RSA_get_ex_data(s,0)
RSA * RSA_new(void);
+#if 0
RSA * RSA_new_method(RSA_METHOD *method);
+#else
+RSA * RSA_new_method(struct engine_st *engine);
+#endif
int RSA_size(RSA *);
RSA * RSA_generate_key(int bits, unsigned long e,void
(*callback)(int,int,void *),void *cb_arg);
@@ -186,10 +194,14 @@
int RSA_flags(RSA *r);
-void RSA_set_default_method(RSA_METHOD *meth);
-RSA_METHOD *RSA_get_default_method(void);
+void RSA_set_default_openssl_method(RSA_METHOD *meth);
+RSA_METHOD *RSA_get_default_openssl_method(void);
RSA_METHOD *RSA_get_method(RSA *rsa);
+#if 0
RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth);
+#else
+int RSA_set_method(RSA *rsa, struct engine_st *engine);
+#endif
/* This function needs the memory locking malloc callbacks to be installed */
int RSA_memory_lock(RSA *r);
diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c
index 618b5bd..8b8a1e2 100644
--- a/crypto/rsa/rsa_eay.c
+++ b/crypto/rsa/rsa_eay.c
@@ -61,6 +61,7 @@
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/rand.h>
+#include <openssl/engine.h>
#ifndef RSA_NULL
@@ -97,11 +98,13 @@
static int RSA_eay_public_encrypt(int flen, unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
+ const RSA_METHOD *meth;
BIGNUM f,ret;
int i,j,k,num=0,r= -1;
unsigned char *buf=NULL;
BN_CTX *ctx=NULL;
+ meth = ENGINE_get_RSA(rsa->engine);
BN_init(&f);
BN_init(&ret);
if ((ctx=BN_CTX_new()) == NULL) goto err;
@@ -143,7 +146,7 @@
goto err;
}
- if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
+ if (!meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
rsa->_method_mod_n)) goto err;
/* put in leading 0 bytes if the number is less than the
@@ -169,11 +172,13 @@
static int RSA_eay_private_encrypt(int flen, unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
+ const RSA_METHOD *meth;
BIGNUM f,ret;
int i,j,k,num=0,r= -1;
unsigned char *buf=NULL;
BN_CTX *ctx=NULL;
+ meth = ENGINE_get_RSA(rsa->engine);
BN_init(&f);
BN_init(&ret);
@@ -213,10 +218,10 @@
(rsa->dmp1 != NULL) &&
(rsa->dmq1 != NULL) &&
(rsa->iqmp != NULL)) )
- { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
+ { if (!meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
else
{
- if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err;
+ if (!meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err;
}
if (rsa->flags & RSA_FLAG_BLINDING)
@@ -245,12 +250,14 @@
static int RSA_eay_private_decrypt(int flen, unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
+ const RSA_METHOD *meth;
BIGNUM f,ret;
int j,num=0,r= -1;
unsigned char *p;
unsigned char *buf=NULL;
BN_CTX *ctx=NULL;
+ meth = ENGINE_get_RSA(rsa->engine);
BN_init(&f);
BN_init(&ret);
ctx=BN_CTX_new();
@@ -287,10 +294,10 @@
(rsa->dmp1 != NULL) &&
(rsa->dmq1 != NULL) &&
(rsa->iqmp != NULL)) )
- { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
+ { if (!meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
else
{
- if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL))
+ if (!meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL))
goto err;
}
@@ -338,12 +345,14 @@
static int RSA_eay_public_decrypt(int flen, unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
+ const RSA_METHOD *meth;
BIGNUM f,ret;
int i,num=0,r= -1;
unsigned char *p;
unsigned char *buf=NULL;
BN_CTX *ctx=NULL;
+ meth = ENGINE_get_RSA(rsa->engine);
BN_init(&f);
BN_init(&ret);
ctx=BN_CTX_new();
@@ -374,7 +383,7 @@
goto err;
}
- if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
+ if (!meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
rsa->_method_mod_n)) goto err;
p=buf;
@@ -409,10 +418,12 @@
static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
{
+ const RSA_METHOD *meth;
BIGNUM r1,m1;
int ret=0;
BN_CTX *ctx;
+ meth = ENGINE_get_RSA(rsa->engine);
if ((ctx=BN_CTX_new()) == NULL) goto err;
BN_init(&m1);
BN_init(&r1);
@@ -436,11 +447,11 @@
}
if (!BN_mod(&r1,I,rsa->q,ctx)) goto err;
- if (!rsa->meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx,
+ if (!meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx,
rsa->_method_mod_q)) goto err;
if (!BN_mod(&r1,I,rsa->p,ctx)) goto err;
- if (!rsa->meth->bn_mod_exp(r0,&r1,rsa->dmp1,rsa->p,ctx,
+ if (!meth->bn_mod_exp(r0,&r1,rsa->dmp1,rsa->p,ctx,
rsa->_method_mod_p)) goto err;
if (!BN_sub(r0,r0,&m1)) goto err;
diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index bbddd3f..5e1e8fc 100644
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -62,6 +62,7 @@
#include <openssl/lhash.h>
#include <openssl/bn.h>
#include <openssl/rsa.h>
+#include <openssl/engine.h>
const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT;
@@ -74,12 +75,26 @@
return(RSA_new_method(NULL));
}
-void RSA_set_default_method(RSA_METHOD *meth)
+void RSA_set_default_openssl_method(RSA_METHOD *meth)
{
- default_RSA_meth=meth;
+ ENGINE *e;
+ /* We'll need to notify the "openssl" ENGINE of this
+ * change too. We won't bother locking things down at
+ * our end as there was never any locking in these
+ * functions! */
+ if(default_RSA_meth != meth)
+ {
+ default_RSA_meth = meth;
+ e = ENGINE_by_id("openssl");
+ if(e)
+ {
+ ENGINE_set_RSA(e, meth);
+ ENGINE_free(e);
+ }
+ }
}
-RSA_METHOD *RSA_get_default_method(void)
+RSA_METHOD *RSA_get_default_openssl_method(void)
{
if (default_RSA_meth == NULL)
{
@@ -99,9 +114,10 @@
RSA_METHOD *RSA_get_method(RSA *rsa)
{
- return rsa->meth;
+ return ENGINE_get_RSA(rsa->engine);
}
+#if 0
RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth)
{
RSA_METHOD *mtmp;
@@ -111,9 +127,32 @@
if (meth->init) meth->init(rsa);
return mtmp;
}
+#else
+int RSA_set_method(RSA *rsa, ENGINE *engine)
+{
+ ENGINE *mtmp;
+ RSA_METHOD *meth;
+ mtmp = rsa->engine;
+ meth = ENGINE_get_RSA(mtmp);
+ if (!ENGINE_init(engine))
+ return 0;
+ if (meth->finish) meth->finish(rsa);
+ rsa->engine = engine;
+ meth = ENGINE_get_RSA(engine);
+ if (meth->init) meth->init(rsa);
+ /* SHOULD ERROR CHECK THIS!!! */
+ ENGINE_finish(mtmp);
+ return 1;
+}
+#endif
+#if 0
RSA *RSA_new_method(RSA_METHOD *meth)
+#else
+RSA *RSA_new_method(ENGINE *engine)
+#endif
{
+ RSA_METHOD *meth;
RSA *ret;
ret=(RSA *)OPENSSL_malloc(sizeof(RSA));
@@ -123,10 +162,17 @@
return(NULL);
}
- if (meth == NULL)
- ret->meth=RSA_get_default_method();
+ if (engine == NULL)
+ {
+ if((ret->engine=ENGINE_get_default_RSA()) == NULL)
+ {
+ OPENSSL_free(ret);
+ return NULL;
+ }
+ }
else
- ret->meth=meth;
+ ret->engine=engine;
+ meth = ENGINE_get_RSA(ret->engine);
ret->pad=0;
ret->version=0;
@@ -144,8 +190,8 @@
ret->_method_mod_q=NULL;
ret->blinding=NULL;
ret->bignum_data=NULL;
- ret->flags=ret->meth->flags;
- if ((ret->meth->init != NULL) && !ret->meth->init(ret))
+ ret->flags=meth->flags;
+ if ((meth->init != NULL) && !meth->init(ret))
{
OPENSSL_free(ret);
ret=NULL;
@@ -157,6 +203,7 @@
void RSA_free(RSA *r)
{
+ RSA_METHOD *meth;
int i;
if (r == NULL) return;
@@ -176,8 +223,10 @@
CRYPTO_free_ex_data(rsa_meth,r,&r->ex_data);
- if (r->meth->finish != NULL)
- r->meth->finish(r);
+ meth = ENGINE_get_RSA(r->engine);
+ if (meth->finish != NULL)
+ meth->finish(r);
+ ENGINE_finish(r->engine);
if (r->n != NULL) BN_clear_free(r->n);
if (r->e != NULL) BN_clear_free(r->e);
@@ -218,30 +267,34 @@
int RSA_public_encrypt(int flen, unsigned char *from, unsigned char *to,
RSA *rsa, int padding)
{
- return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding));
+ return(ENGINE_get_RSA(rsa->engine)->rsa_pub_enc(flen,
+ from, to, rsa, padding));
}
int RSA_private_encrypt(int flen, unsigned char *from, unsigned char *to,
RSA *rsa, int padding)
{
- return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
+ return(ENGINE_get_RSA(rsa->engine)->rsa_priv_enc(flen,
+ from, to, rsa, padding));
}
int RSA_private_decrypt(int flen, unsigned char *from, unsigned char *to,
RSA *rsa, int padding)
{
- return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding));
+ return(ENGINE_get_RSA(rsa->engine)->rsa_priv_dec(flen,
+ from, to, rsa, padding));
}
int RSA_public_decrypt(int flen, unsigned char *from, unsigned char *to,
RSA *rsa, int padding)
{
- return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
+ return(ENGINE_get_RSA(rsa->engine)->rsa_pub_dec(flen,
+ from, to, rsa, padding));
}
int RSA_flags(RSA *r)
{
- return((r == NULL)?0:r->meth->flags);
+ return((r == NULL)?0:ENGINE_get_RSA(r->engine)->flags);
}
void RSA_blinding_off(RSA *rsa)
@@ -275,7 +328,8 @@
if (!BN_rand(A,BN_num_bits(rsa->n)-1,1,0)) goto err;
if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err;
- if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n))
+ if (!ENGINE_get_RSA(rsa->engine)->bn_mod_exp(A,A,
+ rsa->e,rsa->n,ctx,rsa->_method_mod_n))
goto err;
rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n);
rsa->flags|=RSA_FLAG_BLINDING;
diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c
index 31049b9..cf00876 100644
--- a/crypto/rsa/rsa_sign.c
+++ b/crypto/rsa/rsa_sign.c
@@ -62,6 +62,7 @@
#include <openssl/rsa.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
+#include <openssl/engine.h>
/* Size of an SSL signature: MD5+SHA1 */
#define SSL_SIG_LENGTH 36
@@ -76,7 +77,8 @@
X509_ALGOR algor;
ASN1_OCTET_STRING digest;
if(rsa->flags & RSA_FLAG_SIGN_VER)
- return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);
+ return ENGINE_get_RSA(rsa->engine)->rsa_sign(type,
+ m, m_len, sigret, siglen, rsa);
/* Special case: SSL signature, just check the length */
if(type == NID_md5_sha1) {
if(m_len != SSL_SIG_LENGTH) {
@@ -151,7 +153,8 @@
}
if(rsa->flags & RSA_FLAG_SIGN_VER)
- return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa);
+ return ENGINE_get_RSA(rsa->engine)->rsa_verify(dtype,
+ m, m_len, sigbuf, siglen, rsa);
s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen);
if (s == NULL)
diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod
index 2f80375..9df1c07 100644
--- a/doc/apps/s_client.pod
+++ b/doc/apps/s_client.pod
@@ -32,6 +32,7 @@
[B<-no_tls1>]
[B<-bugs>]
[B<-cipher cipherlist>]
+[B<-engine id>]
=head1 DESCRIPTION
@@ -156,6 +157,13 @@
supported cipher in the list sent by the client. See the B<ciphers>
command for more information.
+=item B<-engine id>
+
+specifying an engine (by it's unique B<id> string) will cause B<s_client>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
=back
=head1 CONNECTED COMMANDS
diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod
index 403c1aa..fcb5222 100644
--- a/doc/apps/s_server.pod
+++ b/doc/apps/s_server.pod
@@ -39,6 +39,7 @@
[B<-hack>]
[B<-www>]
[B<-WWW>]
+[B<-engine id>]
=head1 DESCRIPTION
@@ -186,6 +187,13 @@
current directory, for example if the URL https://myhost/page.html is
requested the file ./page.html will be loaded.
+=item B<-engine id>
+
+specifying an engine (by it's unique B<id> string) will cause B<s_server>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
=back
=head1 CONNECTED COMMANDS
diff --git a/doc/apps/speed.pod b/doc/apps/speed.pod
index 77560f1..8101851 100644
--- a/doc/apps/speed.pod
+++ b/doc/apps/speed.pod
@@ -7,6 +7,7 @@
=head1 SYNOPSIS
B<openssl speed>
+[B<-engine id>]
[B<md2>]
[B<mdc2>]
[B<md5>]
@@ -39,6 +40,17 @@
=head1 OPTIONS
+=over 4
+
+=item B<-engine id>
+
+specifying an engine (by it's unique B<id> string) will cause B<speed>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
+=item B<[zero or more test algorithms]>
+
If any options are given, B<speed> tests those algorithms, otherwise all of
the above are tested.
diff --git a/doc/crypto/DH_set_method.pod b/doc/crypto/DH_set_method.pod
index b9a61d5..d990bf8 100644
--- a/doc/crypto/DH_set_method.pod
+++ b/doc/crypto/DH_set_method.pod
@@ -2,20 +2,21 @@
=head1 NAME
-DH_set_default_method, DH_get_default_method, DH_set_method,
-DH_new_method, DH_OpenSSL - select DH method
+DH_set_default_openssl_method, DH_get_default_openssl_method,
+DH_set_method, DH_new_method, DH_OpenSSL - select DH method
=head1 SYNOPSIS
#include <openssl/dh.h>
+ #include <openssl/engine.h>
- void DH_set_default_method(DH_METHOD *meth);
+ void DH_set_default_openssl_method(DH_METHOD *meth);
- DH_METHOD *DH_get_default_method(void);
+ DH_METHOD *DH_get_default_openssl_method(void);
- DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth);
+ int DH_set_method(DH *dh, ENGINE *engine);
- DH *DH_new_method(DH_METHOD *meth);
+ DH *DH_new_method(ENGINE *engine);
DH_METHOD *DH_OpenSSL(void);
@@ -28,17 +29,26 @@
Initially, the default is to use the OpenSSL internal implementation.
DH_OpenSSL() returns a pointer to that method.
-DH_set_default_method() makes B<meth> the default method for all B<DH>
-structures created later.
+DH_set_default_openssl_method() makes B<meth> the default method for all DH
+structures created later. B<NB:> This is true only whilst the default engine
+for Diffie-Hellman operations remains as "openssl". ENGINEs provide an
+encapsulation for implementations of one or more algorithms, and all the DH
+functions mentioned here operate within the scope of the default
+"openssl" engine.
-DH_get_default_method() returns a pointer to the current default
-method.
+DH_get_default_openssl_method() returns a pointer to the current default
+method for the "openssl" engine.
-DH_set_method() selects B<meth> for all operations using the structure B<dh>.
+DH_set_method() selects B<engine> as the engine that will be responsible for
+all operations using the structure B<dh>. If this function completes successfully,
+then the B<dh> structure will have its own functional reference of B<engine>, so
+the caller should remember to free their own reference to B<engine> when they are
+finished with it. NB: An ENGINE's DH_METHOD can be retrieved (or set) by
+ENGINE_get_DH() or ENGINE_set_DH().
-DH_new_method() allocates and initializes a B<DH> structure so that
-B<method> will be used for the DH operations. If B<method> is B<NULL>,
-the default method is used.
+DH_new_method() allocates and initializes a DH structure so that
+B<engine> will be used for the DH operations. If B<engine> is NULL,
+the default engine for Diffie-Hellman opertaions is used.
=head1 THE DH_METHOD STRUCTURE
@@ -72,17 +82,17 @@
=head1 RETURN VALUES
-DH_OpenSSL() and DH_get_default_method() return pointers to the respective
-B<DH_METHOD>s.
+DH_OpenSSL() and DH_get_default_openssl_method() return pointers to the
+respective B<DH_METHOD>s.
-DH_set_default_method() returns no value.
+DH_set_default_openssl_method() returns no value.
-DH_set_method() returns a pointer to the B<DH_METHOD> previously
-associated with B<dh>.
+DH_set_method() returns non-zero if the ENGINE associated with B<dh>
+was successfully changed to B<engine>.
-DH_new_method() returns B<NULL> and sets an error code that can be
-obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise it
-returns a pointer to the newly allocated structure.
+DH_new_method() returns NULL and sets an error code that can be
+obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails.
+Otherwise it returns a pointer to the newly allocated structure.
=head1 SEE ALSO
@@ -93,4 +103,9 @@
DH_set_default_method(), DH_get_default_method(), DH_set_method(),
DH_new_method() and DH_OpenSSL() were added in OpenSSL 0.9.4.
+DH_set_default_openssl_method() and DH_get_default_openssl_method()
+replaced DH_set_default_method() and DH_get_default_method() respectively,
+and DH_set_method() and DH_new_method() were altered to use B<ENGINE>s
+rather than B<DH_METHOD>s during development of OpenSSL 0.9.6.
+
=cut
diff --git a/doc/crypto/DSA_set_method.pod b/doc/crypto/DSA_set_method.pod
index cabc3c0..36a1052 100644
--- a/doc/crypto/DSA_set_method.pod
+++ b/doc/crypto/DSA_set_method.pod
@@ -2,20 +2,21 @@
=head1 NAME
-DSA_set_default_method, DSA_get_default_method, DSA_set_method,
-DSA_new_method, DSA_OpenSSL - select DSA method
+DSA_set_default_openssl_method, DSA_get_default_openssl_method,
+DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method
=head1 SYNOPSIS
#include <openssl/dsa.h>
+ #include <openssl/engine.h>
- void DSA_set_default_method(DSA_METHOD *meth);
+ void DSA_set_default_openssl_method(DSA_METHOD *meth);
- DSA_METHOD *DSA_get_default_method(void);
+ DSA_METHOD *DSA_get_default_openssl_method(void);
- DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth);
+ int DSA_set_method(DSA *dsa, ENGINE *engine);
- DSA *DSA_new_method(DSA_METHOD *meth);
+ DSA *DSA_new_method(ENGINE *engine);
DSA_METHOD *DSA_OpenSSL(void);
@@ -28,17 +29,21 @@
Initially, the default is to use the OpenSSL internal implementation.
DSA_OpenSSL() returns a pointer to that method.
-DSA_set_default_method() makes B<meth> the default method for all B<DSA>
-structures created later.
+DSA_set_default_openssl_method() makes B<meth> the default method for
+all DSA structures created later. B<NB:> This is true only whilst the
+default engine for DSA operations remains as "openssl". ENGINEs
+provide an encapsulation for implementations of one or more algorithms at a
+time, and all the DSA functions mentioned here operate within the scope
+of the default "openssl" engine.
-DSA_get_default_method() returns a pointer to the current default
-method.
+DSA_get_default_openssl_method() returns a pointer to the current default
+method for the "openssl" engine.
-DSA_set_method() selects B<meth> for all operations using the structure B<dsa>.
+DSA_set_method() selects B<engine> for all operations using the structure B<dsa>.
-DSA_new_method() allocates and initializes a B<DSA> structure so that
-B<method> will be used for the DSA operations. If B<method> is B<NULL>,
-the default method is used.
+DSA_new_method() allocates and initializes a DSA structure so that
+B<engine> will be used for the DSA operations. If B<engine> is NULL,
+the default engine for DSA operations is used.
=head1 THE DSA_METHOD STRUCTURE
@@ -84,18 +89,17 @@
=head1 RETURN VALUES
-DSA_OpenSSL() and DSA_get_default_method() return pointers to the
+DSA_OpenSSL() and DSA_get_default_openssl_method() return pointers to the
respective B<DSA_METHOD>s.
-DSA_set_default_method() returns no value.
+DSA_set_default_openssl_method() returns no value.
-DSA_set_method() returns a pointer to the B<DSA_METHOD> previously
-associated with B<dsa>.
+DSA_set_method() returns non-zero if the ENGINE associated with B<dsa>
+was successfully changed to B<engine>.
-DSA_new_method() returns B<NULL> and sets an error code that can be
+DSA_new_method() returns NULL and sets an error code that can be
obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation
-fails. Otherwise it returns a pointer to the newly allocated
-structure.
+fails. Otherwise it returns a pointer to the newly allocated structure.
=head1 SEE ALSO
@@ -106,4 +110,9 @@
DSA_set_default_method(), DSA_get_default_method(), DSA_set_method(),
DSA_new_method() and DSA_OpenSSL() were added in OpenSSL 0.9.4.
+DSA_set_default_openssl_method() and DSA_get_default_openssl_method()
+replaced DSA_set_default_method() and DSA_get_default_method() respectively,
+and DSA_set_method() and DSA_new_method() were altered to use B<ENGINE>s
+rather than B<DSA_METHOD>s during development of OpenSSL 0.9.6.
+
=cut
diff --git a/doc/crypto/RSA_set_method.pod b/doc/crypto/RSA_set_method.pod
index c1a5b39..bc0891a 100644
--- a/doc/crypto/RSA_set_method.pod
+++ b/doc/crypto/RSA_set_method.pod
@@ -9,12 +9,13 @@
=head1 SYNOPSIS
#include <openssl/rsa.h>
+ #include <openssl/engine.h>
- void RSA_set_default_method(RSA_METHOD *meth);
+ void RSA_set_default_openssl_method(RSA_METHOD *meth);
- RSA_METHOD *RSA_get_default_method(void);
+ RSA_METHOD *RSA_get_default_openssl_method(void);
- RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth);
+ int RSA_set_method(RSA *rsa, ENGINE *engine);
RSA_METHOD *RSA_get_method(RSA *rsa);
@@ -26,7 +27,7 @@
int RSA_flags(RSA *rsa);
- RSA *RSA_new_method(RSA_METHOD *method);
+ RSA *RSA_new_method(ENGINE *engine);
=head1 DESCRIPTION
@@ -46,23 +47,27 @@
C<-DRSA_NULL>. These methods may be useful in the USA because of a
patent on the RSA cryptosystem.
-RSA_set_default_method() makes B<meth> the default method for all B<RSA>
-structures created later.
+RSA_set_default_openssl_method() makes B<meth> the default method for all B<RSA>
+structures created later. B<NB:> This is true only whilst the default engine
+for RSA operations remains as "openssl". ENGINEs provide an
+encapsulation for implementations of one or more algorithms at a time, and all
+the RSA functions mentioned here operate within the scope of the default
+"openssl" engine.
-RSA_get_default_method() returns a pointer to the current default
-method.
+RSA_get_default_openssl_method() returns a pointer to the current default
+method for the "openssl" engine.
-RSA_set_method() selects B<meth> for all operations using the key
+RSA_set_method() selects B<engine> for all operations using the key
B<rsa>.
-RSA_get_method() returns a pointer to the method currently selected
-for B<rsa>.
+RSA_get_method() returns a pointer to the RSA_METHOD from the currently
+selected ENGINE for B<rsa>.
RSA_flags() returns the B<flags> that are set for B<rsa>'s current method.
-RSA_new_method() allocates and initializes an B<RSA> structure so that
-B<method> will be used for the RSA operations. If B<method> is B<NULL>,
-the default method is used.
+RSA_new_method() allocates and initializes an RSA structure so that
+B<engine> will be used for the RSA operations. If B<engine> is NULL,
+the default engine for RSA operations is used.
=head1 THE RSA_METHOD STRUCTURE
@@ -128,17 +133,21 @@
=head1 RETURN VALUES
RSA_PKCS1_SSLeay(), RSA_PKCS1_RSAref(), RSA_PKCS1_null_method(),
-RSA_get_default_method() and RSA_get_method() return pointers to the
-respective B<RSA_METHOD>s.
+RSA_get_default_openssl_method() and RSA_get_method() return pointers to
+the respective RSA_METHODs.
-RSA_set_default_method() returns no value.
+RSA_set_default_openssl_method() returns no value.
-RSA_set_method() returns a pointer to the B<RSA_METHOD> previously
-associated with B<rsa>.
+RSA_set_method() selects B<engine> as the engine that will be responsible for
+all operations using the structure B<rsa>. If this function completes successfully,
+then the B<rsa> structure will have its own functional reference of B<engine>, so
+the caller should remember to free their own reference to B<engine> when they are
+finished with it. NB: An ENGINE's RSA_METHOD can be retrieved (or set) by
+ENGINE_get_RSA() or ENGINE_set_RSA().
-RSA_new_method() returns B<NULL> and sets an error code that can be
-obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise it
-returns a pointer to the newly allocated structure.
+RSA_new_method() returns NULL and sets an error code that can be
+obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise
+it returns a pointer to the newly allocated structure.
=head1 SEE ALSO
@@ -151,4 +160,9 @@
well as the rsa_sign and rsa_verify components of RSA_METHOD were
added in OpenSSL 0.9.4.
+RSA_set_default_openssl_method() and RSA_get_default_openssl_method()
+replaced RSA_set_default_method() and RSA_get_default_method() respectively,
+and RSA_set_method() and RSA_new_method() were altered to use B<ENGINE>s
+rather than B<DH_METHOD>s during development of OpenSSL 0.9.6.
+
=cut
diff --git a/doc/crypto/dh.pod b/doc/crypto/dh.pod
index 0a9b7c0..b4be4be 100644
--- a/doc/crypto/dh.pod
+++ b/doc/crypto/dh.pod
@@ -7,6 +7,7 @@
=head1 SYNOPSIS
#include <openssl/dh.h>
+ #include <openssl/engine.h>
DH * DH_new(void);
void DH_free(DH *dh);
@@ -20,10 +21,10 @@
int DH_generate_key(DH *dh);
int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
- void DH_set_default_method(DH_METHOD *meth);
- DH_METHOD *DH_get_default_method(void);
- DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth);
- DH *DH_new_method(DH_METHOD *meth);
+ void DH_set_default_openssl_method(DH_METHOD *meth);
+ DH_METHOD *DH_get_default_openssl_method(void);
+ int DH_set_method(DH *dh, ENGINE *engine);
+ DH *DH_new_method(ENGINE *engine);
DH_METHOD *DH_OpenSSL(void);
int DH_get_ex_new_index(long argl, char *argp, int (*new_func)(),
diff --git a/doc/crypto/dsa.pod b/doc/crypto/dsa.pod
index 2c09244..82d7fb7 100644
--- a/doc/crypto/dsa.pod
+++ b/doc/crypto/dsa.pod
@@ -7,6 +7,7 @@
=head1 SYNOPSIS
#include <openssl/dsa.h>
+ #include <openssl/engine.h>
DSA * DSA_new(void);
void DSA_free(DSA *dsa);
@@ -28,10 +29,10 @@
int DSA_verify(int dummy, const unsigned char *dgst, int len,
unsigned char *sigbuf, int siglen, DSA *dsa);
- void DSA_set_default_method(DSA_METHOD *meth);
- DSA_METHOD *DSA_get_default_method(void);
- DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth);
- DSA *DSA_new_method(DSA_METHOD *meth);
+ void DSA_set_default_openssl_method(DSA_METHOD *meth);
+ DSA_METHOD *DSA_get_default_openssl_method(void);
+ int DSA_set_method(DSA *dsa, ENGINE *engine);
+ DSA *DSA_new_method(ENGINE *engine);
DSA_METHOD *DSA_OpenSSL(void);
int DSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),
diff --git a/doc/crypto/rsa.pod b/doc/crypto/rsa.pod
index 1633840..ef0d4df 100644
--- a/doc/crypto/rsa.pod
+++ b/doc/crypto/rsa.pod
@@ -7,6 +7,7 @@
=head1 SYNOPSIS
#include <openssl/rsa.h>
+ #include <openssl/engine.h>
RSA * RSA_new(void);
void RSA_free(RSA *rsa);
@@ -31,15 +32,15 @@
int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
void RSA_blinding_off(RSA *rsa);
- void RSA_set_default_method(RSA_METHOD *meth);
- RSA_METHOD *RSA_get_default_method(void);
- RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth);
+ void RSA_set_default_openssl_method(RSA_METHOD *meth);
+ RSA_METHOD *RSA_get_default_openssl_method(void);
+ int RSA_set_method(RSA *rsa, ENGINE *engine);
RSA_METHOD *RSA_get_method(RSA *rsa);
RSA_METHOD *RSA_PKCS1_SSLeay(void);
RSA_METHOD *RSA_PKCS1_RSAref(void);
RSA_METHOD *RSA_null_method(void);
int RSA_flags(RSA *rsa);
- RSA *RSA_new_method(RSA_METHOD *method);
+ RSA *RSA_new_method(ENGINE *engine);
int RSA_print(BIO *bp, RSA *x, int offset);
int RSA_print_fp(FILE *fp, RSA *x, int offset);
diff --git a/makevms.com b/makevms.com
index 2577537..15cbc9c 100755
--- a/makevms.com
+++ b/makevms.com
@@ -365,7 +365,7 @@
$!
$ SDIRS := ,MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,-
DES,RC2,RC4,RC5,IDEA,BF,CAST,-
- BN,RSA,DSA,DH,DSO,-
+ BN,RSA,DSA,DH,DSO,ENGINE,RIJNDAEL,-
BUFFER,BIO,STACK,LHASH,RAND,ERR,OBJECTS,-
EVP,ASN1,PEM,X509,X509V3,CONF,TXT_DB,PKCS7,PKCS12,COMP
$ EXHEADER_ := crypto.h,tmdiff.h,opensslv.h,opensslconf.h,ebcdic.h,symhacks.h
@@ -388,6 +388,8 @@
$ EXHEADER_DSA := dsa.h
$ EXHEADER_DH := dh.h
$ EXHEADER_DSO := dso.h
+$ EXHEADER_ENGINE := engine.h
+$ EXHEADER_RIJNDAEL := rijndael-alg-fst.h,rijndael.h
$ EXHEADER_BUFFER := buffer.h
$ EXHEADER_BIO := bio.h
$ EXHEADER_STACK := stack.h,safestack.h
diff --git a/test/Makefile.ssl b/test/Makefile.ssl
index 39c6cfb..eea811d 100644
--- a/test/Makefile.ssl
+++ b/test/Makefile.ssl
@@ -53,12 +53,13 @@
METHTEST= methtest
SSLTEST= ssltest
RSATEST= rsa_test
+ENGINETEST= enginetest
EXE= $(BNTEST) $(IDEATEST) $(MD2TEST) $(MD4TEST) $(MD5TEST) $(HMACTEST) \
$(RC2TEST) $(RC4TEST) $(RC5TEST) \
$(DESTEST) $(SHATEST) $(SHA1TEST) $(MDC2TEST) $(RMDTEST) \
- $(RANDTEST) $(DHTEST) \
- $(BFTEST) $(CASTTEST) $(SSLTEST) $(EXPTEST) $(DSATEST) $(RSATEST)
+ $(RANDTEST) $(DHTEST) $(ENGINETEST) \
+ $(BFTEST) $(CASTTEST) $(SSLTEST) $(EXPTEST) $(DSATEST) $(RSATEST)
# $(METHTEST)
@@ -66,13 +67,13 @@
$(HMACTEST).o \
$(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \
$(DESTEST).o $(SHATEST).o $(SHA1TEST).o $(MDC2TEST).o $(RMDTEST).o \
- $(RANDTEST).o $(DHTEST).o $(CASTTEST).o \
+ $(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \
$(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o
SRC= $(BNTEST).c $(IDEATEST).c $(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \
$(HMACTEST).c \
$(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \
$(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \
- $(RANDTEST).c $(DHTEST).c $(CASTTEST).c \
+ $(RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \
$(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c $(RSATEST).c
EXHEADER=
@@ -106,7 +107,7 @@
test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast \
test_rand test_bn test_enc test_x509 test_rsa test_crl test_sid \
test_gen test_req test_pkcs7 test_verify test_dh test_dsa \
- test_ss test_ca test_ssl test_rd
+ test_ss test_ca test_engine test_ssl test_rd
apps:
@(cd ../apps; $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' all)
@@ -217,6 +218,10 @@
@echo "Generate and certify a test certificate"
@sh ./testss
+test_engine:
+ @echo "Manipulate the ENGINE structures"
+ ./$(ENGINETEST)
+
test_ssl: keyU.ss certU.ss certCA.ss
@echo "test SSL protocol"
@sh ./testssl keyU.ss certU.ss certCA.ss
@@ -321,6 +326,9 @@
$(SSLTEST): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
$(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
+$(ENGINETEST): $(ENGINETEST).o $(DLIBCRYPTO)
+ $(CC) -o $(ENGINETEST) $(CFLAGS) $(ENGINETEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
#$(RDTEST).o: $(RDTEST).c
# $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(RDTEST).c
@@ -365,6 +373,24 @@
dsatest.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
dsatest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
dsatest.o: ../include/openssl/symhacks.h
+enginetest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+enginetest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+enginetest.o: ../include/openssl/cast.h ../include/openssl/crypto.h
+enginetest.o: ../include/openssl/des.h ../include/openssl/dh.h
+enginetest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+enginetest.o: ../include/openssl/engine.h ../include/openssl/err.h
+enginetest.o: ../include/openssl/evp.h ../include/openssl/idea.h
+enginetest.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+enginetest.o: ../include/openssl/md4.h ../include/openssl/md5.h
+enginetest.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+enginetest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+enginetest.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
+enginetest.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+enginetest.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
+enginetest.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
+enginetest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+enginetest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+enginetest.o: ../include/openssl/symhacks.h
exptest.o: ../include/openssl/bio.h ../include/openssl/bn.h
exptest.o: ../include/openssl/crypto.h ../include/openssl/err.h
exptest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
diff --git a/test/maketests.com b/test/maketests.com
index 135e0bf..3eba56e 100644
--- a/test/maketests.com
+++ b/test/maketests.com
@@ -147,7 +147,7 @@
"RC2TEST,RC4TEST,RC5TEST,"+ -
"DESTEST,SHATEST,SHA1TEST,MDC2TEST,RMDTEST,"+ -
"RANDTEST,DHTEST,"+ -
- "BFTEST,CASTTEST,SSLTEST,EXPTEST,DSATEST,RSA_TEST"
+ "BFTEST,CASTTEST,SSLTEST,EXPTEST,DSATEST,RSA_TEST,ENGINETEST"
$ TCPIP_PROGRAMS = ",,"
$ IF COMPILER .EQS. "VAXC" THEN -
TCPIP_PROGRAMS = ",SSLTEST,"
diff --git a/test/tests.com b/test/tests.com
index df8f46e..4d9e308 100644
--- a/test/tests.com
+++ b/test/tests.com
@@ -24,7 +24,7 @@
test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,-
test_rand,test_bn,test_enc,test_x509,test_rsa,test_crl,test_sid,-
test_gen,test_req,test_pkcs7,test_verify,test_dh,test_dsa,-
- test_ss,test_ca,test_ssl
+ test_ss,test_ca,test_engine,test_ssl,test_rd
$ endif
$ tests = f$edit(tests,"COLLAPSE")
$
@@ -51,6 +51,7 @@
$ METHTEST := methtest
$ SSLTEST := ssltest
$ RSATEST := rsa_test
+$ ENGINETEST := enginetest
$
$ tests_i = 0
$ loop_tests:
@@ -201,6 +202,10 @@
$ write sys$output "Generate and certify a test certificate"
$ @testss.com
$ return
+$ test_engine:
+$ write sys$output "Manipulate the ENGINE structures"
+$ mcr 'texe_dir''enginetest'
+$ return
$ test_ssl:
$ write sys$output "test SSL protocol"
$ gosub maybe_test_ss
diff --git a/util/libeay.num b/util/libeay.num
index 05e35d1..a3b15bb 100755
--- a/util/libeay.num
+++ b/util/libeay.num
@@ -1874,3 +1874,66 @@
X509_print_ex_fp 2465 EXIST::FUNCTION:FP_API
EVP_rijndael_ecb 2466 EXIST::FUNCTION:
NCONF_get_number_e 2467 EXIST::FUNCTION:
+ERR_load_ENGINE_strings 2468 EXIST::FUNCTION:
+ENGINE_set_DSA 2469 EXIST::FUNCTION:
+ENGINE_get_finish_function 2470 EXIST::FUNCTION:
+ENGINE_get_default_RSA 2471 EXIST::FUNCTION:
+ENGINE_get_BN_mod_exp 2472 EXIST::FUNCTION:
+DSA_get_default_openssl_method 2473 EXIST::FUNCTION:DSA
+DSO_convert_filename 2474 EXIST::FUNCTION:
+ENGINE_set_DH 2475 EXIST::FUNCTION:
+ENGINE_set_default_BN_mod_exp_crt 2476 EXIST:!VMS:FUNCTION:
+ENGINE_set_def_BN_mod_exp_crt 2476 EXIST:VMS:FUNCTION:
+ENGINE_init 2477 EXIST::FUNCTION:
+DH_get_default_openssl_method 2478 EXIST::FUNCTION:DH
+RSA_set_default_openssl_method 2479 EXIST::FUNCTION:RSA
+ENGINE_finish 2480 EXIST::FUNCTION:
+ENGINE_load_public_key 2481 EXIST::FUNCTION:
+ENGINE_get_DH 2482 EXIST::FUNCTION:
+ENGINE_ctrl 2483 EXIST::FUNCTION:
+ENGINE_get_init_function 2484 EXIST::FUNCTION:
+ENGINE_set_init_function 2485 EXIST::FUNCTION:
+ENGINE_set_default_DSA 2486 EXIST::FUNCTION:
+ENGINE_get_name 2487 EXIST::FUNCTION:
+ENGINE_get_last 2488 EXIST::FUNCTION:
+ENGINE_get_prev 2489 EXIST::FUNCTION:
+ENGINE_get_default_DH 2490 EXIST::FUNCTION:
+ENGINE_get_RSA 2491 EXIST::FUNCTION:
+ENGINE_set_default 2492 EXIST::FUNCTION:
+ENGINE_get_RAND 2493 EXIST::FUNCTION:
+ENGINE_get_first 2494 EXIST::FUNCTION:
+ENGINE_by_id 2495 EXIST::FUNCTION:
+ENGINE_set_finish_function 2496 EXIST::FUNCTION:
+ENGINE_get_default_BN_mod_exp_crt 2497 EXIST:!VMS:FUNCTION:
+ENGINE_get_def_BN_mod_exp_crt 2497 EXIST:VMS:FUNCTION:
+DSO_get_filename 2498 EXIST::FUNCTION:
+RSA_get_default_openssl_method 2499 EXIST::FUNCTION:RSA
+ENGINE_set_RSA 2500 EXIST::FUNCTION:
+ENGINE_load_private_key 2501 EXIST::FUNCTION:
+ENGINE_set_default_RAND 2502 EXIST::FUNCTION:
+DSO_get_loaded_filename 2503 EXIST::FUNCTION:
+DSO_set_name_converter 2504 EXIST::FUNCTION:
+DSO_set_filename 2505 EXIST::FUNCTION:
+ENGINE_set_BN_mod_exp 2506 EXIST::FUNCTION:
+ENGINE_remove 2507 EXIST::FUNCTION:
+ENGINE_free 2508 EXIST::FUNCTION:
+ENGINE_get_BN_mod_exp_crt 2509 EXIST::FUNCTION:
+ENGINE_get_next 2510 EXIST::FUNCTION:
+ENGINE_set_name 2511 EXIST::FUNCTION:
+ENGINE_get_default_DSA 2512 EXIST::FUNCTION:
+ENGINE_set_default_BN_mod_exp 2513 EXIST::FUNCTION:
+ENGINE_set_default_RSA 2514 EXIST::FUNCTION:
+ENGINE_get_default_RAND 2515 EXIST::FUNCTION:
+ENGINE_get_default_BN_mod_exp 2516 EXIST::FUNCTION:
+ENGINE_set_RAND 2517 EXIST::FUNCTION:
+ENGINE_set_id 2518 EXIST::FUNCTION:
+ENGINE_set_BN_mod_exp_crt 2519 EXIST::FUNCTION:
+ENGINE_set_default_DH 2520 EXIST::FUNCTION:
+ENGINE_new 2521 EXIST::FUNCTION:
+ENGINE_get_id 2522 EXIST::FUNCTION:
+DSA_set_default_openssl_method 2523 EXIST::FUNCTION:DSA
+ENGINE_add 2524 EXIST::FUNCTION:
+DH_set_default_openssl_method 2525 EXIST::FUNCTION:DH
+ENGINE_get_DSA 2526 EXIST::FUNCTION:
+ENGINE_get_ctrl_function 2527 EXIST::FUNCTION:
+ENGINE_set_ctrl_function 2528 EXIST::FUNCTION:
diff --git a/util/mkdef.pl b/util/mkdef.pl
index 8ec1d07..ba45335 100755
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -179,6 +179,7 @@
$crypto.=" crypto/dh/dh.h" unless $no_dh;
$crypto.=" crypto/hmac/hmac.h" unless $no_hmac;
+$crypto.=" crypto/engine/engine.h";
$crypto.=" crypto/stack/stack.h";
$crypto.=" crypto/buffer/buffer.h";
$crypto.=" crypto/bio/bio.h";
diff --git a/util/mkfiles.pl b/util/mkfiles.pl
index 5296bdb..470feea 100755
--- a/util/mkfiles.pl
+++ b/util/mkfiles.pl
@@ -45,6 +45,7 @@
"crypto/pkcs7",
"crypto/pkcs12",
"crypto/comp",
+"crypto/engine",
"ssl",
"rsaref",
"apps",
