Release Beta 1 of 0.9.6a.

Since there was some functions added in libeay.num, it means things
are going to move in libeay.num in the OpenSSL-engine-0_9_6-stable
branch and in the main trunk.

CHANGES

@@ -2,6 +2,209 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 0.9.6 and 0.9.6a  [xx XXX 2001]
+
+  *) Fix a memory leak in err.c: free err_data string if necessary.
+     [Bodo Moeller]
+
+  *) Implement ssl23_peek (analogous to ssl23_read), which previously
+     did not exist.
+     [Bodo Moeller]
+
+  *) Replace rdtsc with _emit statements for VC++ version 5.
+     [Jeremy Cooper <jeremy@baymoo.org>]
+
+  *) Make it possible to reuse SSLv2 sessions.
+     [Richard Levitte]
+
+  *) In copy_email() check for >= 0 as a return value for
+     X509_NAME_get_index_by_NID() since 0 is a valid index.
+     [Steve Henson reported by Massimiliano Pala <madwolf@opensca.org>]
+
+  *) Use better test patterns in bntest.
+     [Ulf M<>ller]
+
+  *) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling
+     the method-specific "init()" handler. Also clean up ex_data after
+     calling the method-specific "finish()" handler. Previously, this was
+     happening the other way round.
+     [Geoff Thorpe]
+
+  *) Avoid coredump with unsupported or invalid public keys by checking if
+     X509_get_pubkey() fails in PKCS7_verify(). Fix memory leak when
+     PKCS7_verify() fails with non detached data.
+     [Steve Henson]
+
+  *) Don't use getenv in library functions when run as setuid/setgid.
+     New function OPENSSL_issetugid().
+     [Ulf Moeller]
+
+  *) Avoid false positives in memory leak detection code (crypto/mem_dbg.c)
+     due to incorrect handling of multi-threading:
+
+     1. Fix timing glitch in the MemCheck_off() portion of CRYPTO_mem_ctrl().
+
+     2. Fix logical glitch in is_MemCheck_on() aka CRYPTO_is_mem_check_on().
+
+     3. Count how many times MemCheck_off() has been called so that
+        nested use can be treated correctly.  This also avoids 
+        inband-signalling in the previous code (which relied on the
+        assumption that thread ID 0 is impossible).
+     [Bodo Moeller]
+
+  *) Add "-rand" option also to s_client and s_server.
+     [Lutz Jaenicke]
+
+  *) Fix CPU detection on Irix 6.x.
+     [Kurt Hockenbury <khockenb@stevens-tech.edu> and
+      "Bruce W. Forsberg" <bruce.forsberg@baesystems.com>]
+
+  *) Fix X509_NAME bug which produced incorrect encoding if X509_NAME
+     was empty.
+     [Steve Henson]
+
+  *) Use the cached encoding of an X509_NAME structure rather than
+     copying it. This is apparently the reason for the libsafe "errors"
+     but the code is actually correct.
+     [Steve Henson]
+
+  *) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent
+     Bleichenbacher's DSA attack.
+     Extend BN_[pseudo_]rand: As before, top=1 forces the highest two bits
+     to be set and top=0 forces the highest bit to be set; top=-1 is new
+     and leaves the highest bit random.
+     [Ulf Moeller]
+
+  *) In the NCONF_...-based implementations for CONF_... queries
+     (crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using
+     a temporary CONF structure with the data component set to NULL
+     (which gives segmentation faults in lh_retrieve).
+     Instead, use NULL for the CONF pointer in CONF_get_string and
+     CONF_get_number (which may use environment variables) and directly
+     return NULL from CONF_get_section.
+     [Bodo Moeller]
+
+  *) Fix potential buffer overrun for EBCDIC.
+     [Ulf Moeller]
+
+  *) Tolerate nonRepudiation as being valid for S/MIME signing and certSign
+     keyUsage if basicConstraints absent for a CA.
+     [Steve Henson]
+
+  *) Make SMIME_write_PKCS7() write mail header values with a format that
+     is more generally accepted (no spaces before the semicolon), since
+     some programs can't parse those values properly otherwise.  Also make
+     sure BIO's that break lines after each write do not create invalid
+     headers.
+     [Richard Levitte]
+
+  *) Make the CRL encoding routines work with empty SEQUENCE OF. The
+     macros previously used would not encode an empty SEQUENCE OF
+     and break the signature.
+     [Steve Henson]
+
+  *) Zero the premaster secret after deriving the master secret in
+     DH ciphersuites.
+     [Steve Henson]
+
+  *) Add some EVP_add_digest_alias registrations (as found in
+     OpenSSL_add_all_digests()) to SSL_library_init()
+     aka OpenSSL_add_ssl_algorithms().  This provides improved
+     compatibility with peers using X.509 certificates
+     with unconventional AlgorithmIdentifier OIDs.
+     [Bodo Moeller]
+
+  *) Fix for Irix with NO_ASM.
+     ["Bruce W. Forsberg" <bruce.forsberg@baesystems.com>]
+
+  *) ./config script fixes.
+     [Ulf Moeller, Richard Levitte]
+
+  *) Fix 'openssl passwd -1'.
+     [Bodo Moeller]
+
+  *) Change PKCS12_key_gen_asc() so it can cope with non null
+     terminated strings whose length is passed in the passlen
+     parameter, for example from PEM callbacks. This was done
+     by adding an extra length parameter to asc2uni().
+     [Steve Henson, reported by <oddissey@samsung.co.kr>]
+
+  *) Fix C code generated by 'openssl dsaparam -C': If a BN_bin2bn
+     call failed, free the DSA structure.
+     [Bodo Moeller]
+
+  *) Fix to uni2asc() to cope with zero length Unicode strings.
+     These are present in some PKCS#12 files.
+     [Steve Henson]
+
+  *) Increase s2->wbuf allocation by one byte in ssl2_new (ssl/s2_lib.c).
+     Otherwise do_ssl_write (ssl/s2_pkt.c) will write beyond buffer limits
+     when writing a 32767 byte record.
+     [Bodo Moeller; problem reported by Eric Day <eday@concentric.net>]
+
+  *) In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c),
+     obtain lock CRYPTO_LOCK_RSA before setting rsa->_method_mod_{n,p,q}.
+
+     (RSA objects have a reference count access to which is protected
+     by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c],
+     so they are meant to be shared between threads.)
+     [Bodo Moeller, Geoff Thorpe; original patch submitted by
+     "Reddie, Steven" <Steven.Reddie@ca.com>]
+
+  *) Fix a deadlock in CRYPTO_mem_leaks().
+     [Bodo Moeller]
+
+  *) rand_win.c fix for Borland C.
+     [Ulf M<>ller]
+ 
+  *) BN_rshift bugfix for n == 0.
+     [Bodo Moeller]
+
+  *) Store verify_result within SSL_SESSION also for client side to
+     avoid potential security hole. (Re-used sessions on the client side
+     always resulted in verify_result==X509_V_OK, not using the original
+     result of the server certificate verification.)
+     [Lutz Jaenicke]
+
+  *) Fix ssl3_pending: If the record in s->s3->rrec is not of type
+     SSL3_RT_APPLICATION_DATA, return 0.
+     Similarly, change ssl2_pending to return 0 if SSL_in_init(s) is true.
+     [Bodo Moeller]
+
+  *) Fix SSL_peek:
+     Both ssl2_peek and ssl3_peek, which were totally broken in earlier
+     releases, have been re-implemented by renaming the previous
+     implementations of ssl2_read and ssl3_read to ssl2_read_internal
+     and ssl3_read_internal, respectively, and adding 'peek' parameters
+     to them.  The new ssl[23]_{read,peek} functions are calls to
+     ssl[23]_read_internal with the 'peek' flag set appropriately.
+     A 'peek' parameter has also been added to ssl3_read_bytes, which
+     does the actual work for ssl3_read_internal.
+     [Bodo Moeller]
+
+  *) Increase BN_CTX_NUM (the number of BIGNUMs in a BN_CTX) to 16.
+     The previous value, 12, was not always sufficient for BN_mod_exp().
+     [Bodo Moeller]
+
+  *) Fix typo in get_cert_by_subject() in by_dir.c
+     [Jean-Marc Desperrier <jean-marc.desperrier@certplus.com>]
+
+  *) Fix SSL_CTX_set_read_ahead macro to actually use its argument.
+
+     Copy SSL_CTX's read_ahead flag to SSL object directly in SSL_new
+     and not in SSL_clear because the latter is also used by the
+     accept/connect functions; previously, the settings made by
+     SSL_set_read_ahead would be lost during the handshake.
+     [Bodo Moeller; problems reported by Anders Gertz <gertz@epact.se>]     
+
+  *) Correct util/mkdef.pl to be selective about disabled algorithms.
+     Previously, it would create entries for disableed algorithms no
+     matter what.
+     [Richard Levitte]
+
+  *) Added several new manual pages for SSL_* function.
+     [Lutz Jaenicke]
+
  Changes between 0.9.5a and 0.9.6  [24 Sep 2000]
 
   *) In ssl23_get_client_hello, generate an error message when faced

Configure

@@ -10,7 +10,7 @@ use strict;
 
 # see INSTALL for instructions.
 
-my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [rsaref] [no-threads] [no-asm] [no-dso] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [rsaref] [no-threads] [no-asm] [no-dso] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] os/compiler[:flags]\n";
 
 # Options:
 #
@@ -23,20 +23,11 @@ my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-
 #               default).  This needn't be set in advance, you can
 #               just as well use "make INSTALL_PREFIX=/whatever install".
 #
-# no-hw-xxx     do not compile support for specific crypto hardware.
-#               Generic OpenSSL-style methods relating to this support
-#               are always compiled but return NULL if the hardware
-#               support isn't compiled.
-# no-hw         do not compile support for any crypto hardware.
 # rsaref        use RSAref
 # [no-]threads  [don't] try to create a library that is suitable for
 #               multithreaded applications (default is "threads" if we
 #               know how to do it)
 # [no-]shared	[don't] try to create shared libraries when supported.
-#               IT IS NOT RECOMMENDED TO USE "shared"!  Since this is a
-#               development branch, the positions of the ENGINE symbols
-#               in the transfer vector are constantly moving, so binary
-#               backward compatibility can't be guaranteed in any way.
 # no-asm        do not use assembler
 # no-dso        do not compile in any native shared-library methods. This
 #               will ensure that all methods just return NULL.
@@ -158,7 +149,7 @@ my %table=(
 "solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC",
 "solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC",
 "solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC",
-"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC",
+"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:/usr/ccs/bin/ar rs",
 ####
 "debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC",
 "debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC",
@@ -289,8 +280,8 @@ my %table=(
 #
 #					<appro@fy.chalmers.se>
 #
-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o::",
-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o::",
+"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o:::::::::dlfcn:linux-shared:-fPIC",
+"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o:::::::::dlfcn:linux-shared:-fPIC",
 "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::",
 "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::",
 
@@ -306,6 +297,7 @@ my %table=(
 "linux-mips",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
 "linux-ppc",    "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
 "linux-m68k",   "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
+"linux-s390",	"gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
 "linux-ia64",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::SIXTY_FOUR_BIT_LONG::",
 "NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
 "NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
@@ -451,10 +443,10 @@ my $md5_obj="";
 my $sha1_obj="";
 my $rmd160_obj="";
 my $processor="";
-my $ranlib;
+my $default_ranlib;
 my $perl;
 
-$ranlib=&which("ranlib") or $ranlib="true";
+$default_ranlib= &which("ranlib") or $default_ranlib="true";
 $perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl")
   or $perl="perl";
 
@@ -499,18 +491,6 @@ PROCESS_ARGS:
 			$flags .= "-DNO_ASM ";
 			$openssl_other_defines .= "#define NO_ASM\n";
 			}
-		elsif (/^no-hw-(.+)$/)
-			{
-			my $hw=$1;
-			$hw =~ tr/[a-z]/[A-Z]/;
-			$flags .= "-DNO_HW_$hw ";
-			$openssl_other_defines .= "#define NO_HW_$hw\n";
-			}
-		elsif (/^no-hw$/)
-			{
-			$flags .= "-DNO_HW ";
-			$openssl_other_defines .= "#define NO_HW\n";
-			}
 		elsif (/^no-dso$/)
 			{ $no_dso=1; }
 		elsif (/^no-threads$/)
@@ -653,7 +633,7 @@ $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /^\//;
 print "IsWindows=$IsWindows\n";
 
 (my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj,
- $md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag)=
+ $md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag, my $ranlib)=
 	split(/\s*:\s*/,$table{$target} . ":" x 22 , -1);
 $cflags="$flags$cflags" if ($flags ne "");
 
@@ -740,6 +720,15 @@ if ($shared_cflag ne "")
 		$shared_mark2 = ".shlib.";
 		}
 	}
+else
+	{
+	$no_shared = 1;
+	}
+
+if ($ranlib eq "")
+	{
+	$ranlib = $default_ranlib;
+	}
 
 #my ($bn1)=split(/\s+/,$bn_obj);
 #$bn1 = "" unless defined $bn1;
@@ -1133,7 +1122,7 @@ sub print_table_entry
 	(my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,
 	my $bn_obj,my $des_obj,my $bf_obj,
 	my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj,
-	my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag)=
+	my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag,my $ranlib)=
 	split(/\s*:\s*/,$table{$target} . ":" x 22 , -1);
 			
 	print <<EOF
@@ -1157,5 +1146,6 @@ sub print_table_entry
 \$dso_scheme   = $dso_scheme
 \$shared_target= $shared_target
 \$shared_cflag = $shared_cflag
+\$ranlib       = $ranlib
 EOF
 	}

INSTALL

@@ -57,10 +57,7 @@
 
   shared        In addition to the usual static libraries, create shared
                 libraries on platforms where it's supported.  See "Note on
-                shared libraries" below.  THIS IS NOT RECOMMENDED!  Since
-                this is a development branch, the positions of the ENGINE
-                symbols in the transfer vector are constantly moving, so
-                binary backward compatibility can't be guaranteed in any way.
+                shared libraries" below.
 
   no-asm        Do not use assembler code.
 

LICENSE

@@ -12,7 +12,7 @@
   ---------------
 
 /* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

Makefile.org

@@ -163,7 +163,7 @@ SHLIBDIRS= crypto ssl
 SDIRS=  \
 	md2 md4 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
-	bn rsa dsa dh dso engine \
+	bn rsa dsa dh dso \
 	buffer bio stack lhash rand err objects \
 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
 
@@ -462,7 +462,8 @@ install: all install_docs
 		if [ -f "$$i" ]; then \
 		(       echo installing $$i; \
 			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
-			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+			(echo $$i | grep '\\.a$$' > /dev/null 2>&1) \
+			&& $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
 			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
 		fi \
 	done

README

@@ -1,5 +1,5 @@
 
- OpenSSL 0.9.6 [engine] 24 Sep 2000
+ OpenSSL 0.9.6a-beta1 13 Mar 2001
 
  Copyright (c) 1998-2000 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

STATUS

@@ -1,9 +1,11 @@
 
   OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2000/09/24 16:04:33 $
+  ______________                           $Date: 2001/03/13 16:08:32 $
 
   DEVELOPMENT STATE
 
+    o  OpenSSL 0.9.6a: In development...
+                       Beta 1 released on March 13th, 2001
     o  OpenSSL 0.9.6:  Released on September 24th, 2000
     o  OpenSSL 0.9.5a: Released on April      1st, 2000
     o  OpenSSL 0.9.5:  Released on February  28th, 2000

TABLE

@@ -19,6 +19,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** BC-32
 $cc           = bcc32
@@ -39,6 +40,7 @@ $rc5_obj      =
 $dso_scheme   = win32
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** BS2000-OSD
 $cc           = c89
@@ -59,6 +61,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** CygWin32
 $cc           = gcc
@@ -79,6 +82,7 @@ $rc5_obj      =
 $dso_scheme   = win32
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** FreeBSD
 $cc           = gcc
@@ -99,6 +103,7 @@ $rc5_obj      = asm/r586-out.o
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** FreeBSD-alpha
 $cc           = gcc
@@ -119,6 +124,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** FreeBSD-elf
 $cc           = gcc
@@ -139,6 +145,7 @@ $rc5_obj      = asm/r586-elf.o
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** MPE/iX-gcc
 $cc           = gcc
@@ -159,6 +166,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** Mingw32
 $cc           = gcc
@@ -179,6 +187,7 @@ $rc5_obj      =
 $dso_scheme   = win32
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** NetBSD-m68
 $cc           = gcc
@@ -199,6 +208,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** NetBSD-sparc
 $cc           = gcc
@@ -219,6 +229,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** NetBSD-x86
 $cc           = gcc
@@ -239,6 +250,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** OpenBSD
 $cc           = gcc
@@ -259,6 +271,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** OpenBSD-alpha
 $cc           = gcc
@@ -279,6 +292,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** OpenBSD-mips
 $cc           = gcc
@@ -299,6 +313,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** OpenBSD-x86
 $cc           = gcc
@@ -319,6 +334,7 @@ $rc5_obj      = asm/r586-out.o
 $dso_scheme   = dlfcn
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** ReliantUNIX
 $cc           = cc
@@ -339,6 +355,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** SINIX
 $cc           = cc
@@ -359,6 +376,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** SINIX-N
 $cc           = /usr/ucb/cc
@@ -379,6 +397,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** VC-MSDOS
 $cc           = cl
@@ -399,6 +418,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** VC-NT
 $cc           = cl
@@ -419,6 +439,7 @@ $rc5_obj      =
 $dso_scheme   = win32
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** VC-W31-16
 $cc           = cl
@@ -439,6 +460,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** VC-W31-32
 $cc           = cl
@@ -459,6 +481,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** VC-WIN16
 $cc           = cl
@@ -479,6 +502,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** VC-WIN32
 $cc           = cl
@@ -499,6 +523,7 @@ $rc5_obj      =
 $dso_scheme   = win32
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** aix-cc
 $cc           = cc
@@ -519,6 +544,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** aix-gcc
 $cc           = gcc
@@ -539,6 +565,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** alpha-cc
 $cc           = cc
@@ -559,6 +586,7 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= true64-shared
 $shared_cflag = 
+$ranlib       = 
 
 *** alpha-gcc
 $cc           = gcc
@@ -579,6 +607,7 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= true64-shared
 $shared_cflag = 
+$ranlib       = 
 
 *** alpha164-cc
 $cc           = cc
@@ -599,6 +628,7 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= true64-shared
 $shared_cflag = 
+$ranlib       = 
 
 *** bsdi-elf-gcc
 $cc           = gcc
@@ -619,6 +649,7 @@ $rc5_obj      = asm/r586-elf.o
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** bsdi-gcc
 $cc           = gcc
@@ -639,6 +670,7 @@ $rc5_obj      = asm/r586bsdi.o
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** cc
 $cc           = cc
@@ -659,6 +691,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** cray-t3e
 $cc           = cc
@@ -679,6 +712,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** cray-t90-cc
 $cc           = cc
@@ -699,6 +733,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** debug
 $cc           = gcc
@@ -719,6 +754,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** debug-ben
 $cc           = gcc
@@ -739,6 +775,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** debug-ben-debug
 $cc           = gcc
@@ -759,6 +796,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** debug-ben-strict
 $cc           = gcc
@@ -779,6 +817,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** debug-bodo
 $cc           = gcc
@@ -799,6 +838,7 @@ $rc5_obj      = asm/r586-elf.o
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** debug-levitte-linux-elf
 $cc           = gcc
@@ -819,6 +859,7 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** debug-linux-elf
 $cc           = gcc
@@ -839,6 +880,7 @@ $rc5_obj      = asm/r586-elf.o
 $dso_scheme   = dlfcn
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** debug-linux-elf-noefence
 $cc           = gcc
@@ -859,6 +901,7 @@ $rc5_obj      = asm/r586-elf.o
 $dso_scheme   = dlfcn
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** debug-rse
 $cc           = cc
@@ -879,6 +922,7 @@ $rc5_obj      = asm/r586-elf.o
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** debug-solaris-sparcv8-cc
 $cc           = cc
@@ -899,6 +943,7 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= solaris-shared
 $shared_cflag = -KPIC
+$ranlib       = 
 
 *** debug-solaris-sparcv8-gcc
 $cc           = gcc
@@ -919,6 +964,7 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= solaris-shared
 $shared_cflag = -fPIC
+$ranlib       = 
 
 *** debug-solaris-sparcv9-cc
 $cc           = cc
@@ -939,6 +985,7 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= solaris-shared
 $shared_cflag = -KPIC
+$ranlib       = 
 
 *** debug-solaris-sparcv9-gcc
 $cc           = gcc
@@ -959,6 +1006,7 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= solaris-shared
 $shared_cflag = -fPIC
+$ranlib       = 
 
 *** debug-steve
 $cc           = gcc
@@ -979,6 +1027,7 @@ $rc5_obj      = asm/r586-elf.o
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** debug-ulf
 $cc           = gcc
@@ -999,6 +1048,7 @@ $rc5_obj      = asm/r586-elf.o
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** dgux-R3-gcc
 $cc           = gcc
@@ -1019,6 +1069,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** dgux-R4-gcc
 $cc           = gcc
@@ -1039,6 +1090,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** dgux-R4-x86-gcc
 $cc           = gcc
@@ -1059,6 +1111,7 @@ $rc5_obj      = asm/r586-elf.o
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** dist
 $cc           = cc
@@ -1079,6 +1132,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** gcc
 $cc           = gcc
@@ -1099,6 +1153,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** hpux-brokencc
 $cc           = cc
@@ -1119,6 +1174,7 @@ $rc5_obj      =
 $dso_scheme   = dl
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** hpux-brokengcc
 $cc           = gcc
@@ -1139,6 +1195,7 @@ $rc5_obj      =
 $dso_scheme   = dl
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** hpux-cc
 $cc           = cc
@@ -1159,6 +1216,7 @@ $rc5_obj      =
 $dso_scheme   = dl
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** hpux-gcc
 $cc           = gcc
@@ -1179,6 +1237,7 @@ $rc5_obj      =
 $dso_scheme   = dl
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** hpux-parisc-cc
 $cc           = cc
@@ -1199,6 +1258,7 @@ $rc5_obj      =
 $dso_scheme   = dl
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** hpux-parisc-cc-o4
 $cc           = cc
@@ -1219,6 +1279,7 @@ $rc5_obj      =
 $dso_scheme   = dl
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** hpux-parisc-gcc
 $cc           = gcc
@@ -1239,6 +1300,7 @@ $rc5_obj      =
 $dso_scheme   = dl
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** hpux-parisc1_1-cc
 $cc           = cc
@@ -1259,6 +1321,7 @@ $rc5_obj      =
 $dso_scheme   = dl
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** hpux-parisc2-cc
 $cc           = cc
@@ -1279,6 +1342,7 @@ $rc5_obj      =
 $dso_scheme   = dl
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** hpux10-brokencc
 $cc           = cc
@@ -1299,6 +1363,7 @@ $rc5_obj      =
 $dso_scheme   = dl
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** hpux10-brokengcc
 $cc           = gcc
@@ -1319,6 +1384,7 @@ $rc5_obj      =
 $dso_scheme   = dl
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** hpux10-cc
 $cc           = cc
@@ -1339,6 +1405,7 @@ $rc5_obj      =
 $dso_scheme   = dl
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** hpux10-gcc
 $cc           = gcc
@@ -1359,6 +1426,7 @@ $rc5_obj      =
 $dso_scheme   = dl
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** hpux64-parisc-cc
 $cc           = cc
@@ -1379,6 +1447,7 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** hpux64-parisc2-cc
 $cc           = cc
@@ -1399,6 +1468,7 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** irix-cc
 $cc           = cc
@@ -1419,6 +1489,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** irix-gcc
 $cc           = gcc
@@ -1439,6 +1510,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** irix-mips3-cc
 $cc           = cc
@@ -1459,6 +1531,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** irix-mips3-gcc
 $cc           = gcc
@@ -1479,6 +1552,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** irix64-mips4-cc
 $cc           = cc
@@ -1499,6 +1573,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** irix64-mips4-gcc
 $cc           = gcc
@@ -1519,6 +1594,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** linux-alpha+bwx-ccc
 $cc           = ccc
@@ -1539,13 +1615,14 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** linux-alpha+bwx-gcc
 $cc           = gcc
 $cflags       = -O3 -DL_ENDIAN -DTERMIO
 $unistd       = 
 $thread_cflag = -D_REENTRANT
-$lflags       = 
+$lflags       = -ldl
 $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL
 $bn_obj       = asm/alpha.o
 $des_obj      = 
@@ -1556,9 +1633,10 @@ $cast_obj     =
 $rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
-$dso_scheme   = 
-$shared_target= 
-$shared_cflag = 
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$ranlib       = 
 
 *** linux-alpha-ccc
 $cc           = ccc
@@ -1579,13 +1657,14 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** linux-alpha-gcc
 $cc           = gcc
 $cflags       = -O3 -DL_ENDIAN -DTERMIO
 $unistd       = 
 $thread_cflag = -D_REENTRANT
-$lflags       = 
+$lflags       = -ldl
 $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL
 $bn_obj       = asm/alpha.o
 $des_obj      = 
@@ -1596,9 +1675,10 @@ $cast_obj     =
 $rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
-$dso_scheme   = 
-$shared_target= 
-$shared_cflag = 
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$ranlib       = 
 
 *** linux-aout
 $cc           = gcc
@@ -1619,6 +1699,7 @@ $rc5_obj      = asm/r586-out.o
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** linux-elf
 $cc           = gcc
@@ -1639,6 +1720,7 @@ $rc5_obj      = asm/r586-elf.o
 $dso_scheme   = dlfcn
 $shared_target= linux-shared
 $shared_cflag = -fPIC
+$ranlib       = 
 
 *** linux-elf-arm
 $cc           = gcc
@@ -1659,6 +1741,7 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= linux-shared
 $shared_cflag = -fPIC
+$ranlib       = 
 
 *** linux-ia64
 $cc           = gcc
@@ -1679,6 +1762,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** linux-m68k
 $cc           = gcc
@@ -1699,6 +1783,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** linux-mips
 $cc           = gcc
@@ -1719,6 +1804,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** linux-ppc
 $cc           = gcc
@@ -1739,6 +1825,28 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
+
+*** linux-s390
+$cc           = gcc
+$cflags       = -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$lflags       = 
+$bn_ops       = BN_LLONG
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$ranlib       = 
 
 *** linux-sparcv7
 $cc           = gcc
@@ -1759,6 +1867,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** linux-sparcv8
 $cc           = gcc
@@ -1779,6 +1888,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** linux-sparcv9
 $cc           = gcc
@@ -1799,6 +1909,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** ncr-scde
 $cc           = cc
@@ -1819,6 +1930,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** newsos4-gcc
 $cc           = gcc
@@ -1839,6 +1951,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** nextstep
 $cc           = cc
@@ -1859,6 +1972,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** nextstep3.3
 $cc           = cc
@@ -1879,6 +1993,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** purify
 $cc           = purify gcc
@@ -1899,6 +2014,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** qnx4
 $cc           = cc
@@ -1919,6 +2035,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** rhapsody-ppc-cc
 $cc           = cc
@@ -1939,6 +2056,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** sco5-cc
 $cc           = cc
@@ -1959,6 +2077,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** sco5-gcc
 $cc           = gcc
@@ -1979,6 +2098,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** solaris-sparc-sc3
 $cc           = cc
@@ -1999,6 +2119,7 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= solaris-shared
 $shared_cflag = -KPIC
+$ranlib       = 
 
 *** solaris-sparcv7-cc
 $cc           = cc
@@ -2019,6 +2140,7 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= solaris-shared
 $shared_cflag = -KPIC
+$ranlib       = 
 
 *** solaris-sparcv7-gcc
 $cc           = gcc
@@ -2039,6 +2161,7 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= solaris-shared
 $shared_cflag = -fPIC
+$ranlib       = 
 
 *** solaris-sparcv8-cc
 $cc           = cc
@@ -2059,6 +2182,7 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= solaris-shared
 $shared_cflag = -KPIC
+$ranlib       = 
 
 *** solaris-sparcv8-gcc
 $cc           = gcc
@@ -2079,6 +2203,7 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= solaris-shared
 $shared_cflag = -fPIC
+$ranlib       = 
 
 *** solaris-sparcv9-cc
 $cc           = cc
@@ -2099,6 +2224,7 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= solaris-shared
 $shared_cflag = -KPIC
+$ranlib       = 
 
 *** solaris-sparcv9-gcc
 $cc           = gcc
@@ -2119,6 +2245,7 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= solaris-shared
 $shared_cflag = -fPIC
+$ranlib       = 
 
 *** solaris-sparcv9-gcc27
 $cc           = gcc
@@ -2139,6 +2266,7 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= solaris-shared
 $shared_cflag = -fPIC
+$ranlib       = 
 
 *** solaris-x86-gcc
 $cc           = gcc
@@ -2159,6 +2287,7 @@ $rc5_obj      = asm/r586-sol.o
 $dso_scheme   = dlfcn
 $shared_target= solaris-shared
 $shared_cflag = -fPIC
+$ranlib       = 
 
 *** solaris64-sparcv9-cc
 $cc           = cc
@@ -2179,6 +2308,7 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= solaris-shared
 $shared_cflag = -KPIC
+$ranlib       = /usr/ccs/bin/ar rs
 
 *** sunos-gcc
 $cc           = gcc
@@ -2199,6 +2329,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** ultrix-cc
 $cc           = cc
@@ -2219,6 +2350,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** ultrix-gcc
 $cc           = gcc
@@ -2239,6 +2371,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** unixware-2.0
 $cc           = cc
@@ -2259,6 +2392,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** unixware-2.0-pentium
 $cc           = cc
@@ -2279,6 +2413,7 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 
 
 *** unixware-7
 $cc           = cc
@@ -2299,3 +2434,4 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
+$ranlib       = 

apps/Makefile.ssl

@@ -209,15 +209,14 @@ ca.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 ca.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h
 ca.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-ca.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-ca.o: ../include/openssl/err.h ../include/openssl/evp.h
-ca.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-ca.o: ../include/openssl/md2.h ../include/openssl/md4.h
-ca.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-ca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ca.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+ca.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ca.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ca.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ca.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ca.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ca.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ca.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+ca.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 ca.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 ca.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 ca.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -296,15 +295,14 @@ dgst.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 dgst.o: ../include/openssl/des.h ../include/openssl/dh.h
 dgst.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 dgst.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-dgst.o: ../include/openssl/engine.h ../include/openssl/err.h
-dgst.o: ../include/openssl/evp.h ../include/openssl/idea.h
-dgst.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-dgst.o: ../include/openssl/md4.h ../include/openssl/md5.h
-dgst.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-dgst.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-dgst.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-dgst.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+dgst.o: ../include/openssl/err.h ../include/openssl/evp.h
+dgst.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+dgst.o: ../include/openssl/md2.h ../include/openssl/md4.h
+dgst.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+dgst.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+dgst.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dgst.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+dgst.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
 dgst.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 dgst.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 dgst.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -316,15 +314,14 @@ dh.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 dh.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h
 dh.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-dh.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-dh.o: ../include/openssl/err.h ../include/openssl/evp.h
-dh.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-dh.o: ../include/openssl/md2.h ../include/openssl/md4.h
-dh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-dh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-dh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-dh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+dh.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+dh.o: ../include/openssl/evp.h ../include/openssl/idea.h
+dh.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+dh.o: ../include/openssl/md4.h ../include/openssl/md5.h
+dh.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+dh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 dh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 dh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 dh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -338,15 +335,14 @@ dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 dsa.o: ../include/openssl/des.h ../include/openssl/dh.h
 dsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 dsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-dsa.o: ../include/openssl/engine.h ../include/openssl/err.h
-dsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
-dsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-dsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
-dsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-dsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-dsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-dsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+dsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+dsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+dsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
+dsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+dsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+dsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+dsa.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
 dsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 dsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 dsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -359,15 +355,14 @@ dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 dsaparam.o: ../include/openssl/des.h ../include/openssl/dh.h
 dsaparam.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 dsaparam.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-dsaparam.o: ../include/openssl/engine.h ../include/openssl/err.h
-dsaparam.o: ../include/openssl/evp.h ../include/openssl/idea.h
-dsaparam.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-dsaparam.o: ../include/openssl/md4.h ../include/openssl/md5.h
-dsaparam.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-dsaparam.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-dsaparam.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+dsaparam.o: ../include/openssl/err.h ../include/openssl/evp.h
+dsaparam.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+dsaparam.o: ../include/openssl/md2.h ../include/openssl/md4.h
+dsaparam.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+dsaparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+dsaparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dsaparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+dsaparam.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
 dsaparam.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 dsaparam.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -380,20 +375,20 @@ enc.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 enc.o: ../include/openssl/des.h ../include/openssl/dh.h
 enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 enc.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-enc.o: ../include/openssl/engine.h ../include/openssl/err.h
-enc.o: ../include/openssl/evp.h ../include/openssl/idea.h
-enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-enc.o: ../include/openssl/md4.h ../include/openssl/md5.h
-enc.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-enc.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+enc.o: ../include/openssl/err.h ../include/openssl/evp.h
+enc.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+enc.o: ../include/openssl/md2.h ../include/openssl/md4.h
+enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+enc.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+enc.o: ../include/openssl/sha.h ../include/openssl/stack.h
+enc.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+enc.o: ../include/openssl/x509_vfy.h apps.h
 errstr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 errstr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 errstr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -424,20 +419,20 @@ gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 gendh.o: ../include/openssl/des.h ../include/openssl/dh.h
 gendh.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 gendh.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-gendh.o: ../include/openssl/engine.h ../include/openssl/err.h
-gendh.o: ../include/openssl/evp.h ../include/openssl/idea.h
-gendh.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-gendh.o: ../include/openssl/md4.h ../include/openssl/md5.h
-gendh.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-gendh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-gendh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-gendh.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-gendh.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-gendh.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-gendh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+gendh.o: ../include/openssl/err.h ../include/openssl/evp.h
+gendh.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+gendh.o: ../include/openssl/md2.h ../include/openssl/md4.h
+gendh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+gendh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+gendh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+gendh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+gendh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+gendh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+gendh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+gendh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+gendh.o: ../include/openssl/sha.h ../include/openssl/stack.h
+gendh.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+gendh.o: ../include/openssl/x509_vfy.h apps.h
 gendsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 gendsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 gendsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -445,15 +440,14 @@ gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 gendsa.o: ../include/openssl/des.h ../include/openssl/dh.h
 gendsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 gendsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-gendsa.o: ../include/openssl/engine.h ../include/openssl/err.h
-gendsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
-gendsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-gendsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
-gendsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-gendsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-gendsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-gendsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+gendsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+gendsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
+gendsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+gendsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+gendsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+gendsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+gendsa.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
 gendsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 gendsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 gendsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -466,15 +460,14 @@ genrsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 genrsa.o: ../include/openssl/des.h ../include/openssl/dh.h
 genrsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 genrsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-genrsa.o: ../include/openssl/engine.h ../include/openssl/err.h
-genrsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
-genrsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-genrsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
-genrsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-genrsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-genrsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-genrsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+genrsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+genrsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+genrsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
+genrsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+genrsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+genrsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+genrsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+genrsa.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
 genrsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 genrsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -551,15 +544,14 @@ pkcs12.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 pkcs12.o: ../include/openssl/des.h ../include/openssl/dh.h
 pkcs12.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 pkcs12.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-pkcs12.o: ../include/openssl/engine.h ../include/openssl/err.h
-pkcs12.o: ../include/openssl/evp.h ../include/openssl/idea.h
-pkcs12.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-pkcs12.o: ../include/openssl/md4.h ../include/openssl/md5.h
-pkcs12.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-pkcs12.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
-pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+pkcs12.o: ../include/openssl/err.h ../include/openssl/evp.h
+pkcs12.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+pkcs12.o: ../include/openssl/md2.h ../include/openssl/md4.h
+pkcs12.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+pkcs12.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+pkcs12.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+pkcs12.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+pkcs12.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
 pkcs12.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 pkcs12.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 pkcs12.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -573,15 +565,14 @@ pkcs7.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 pkcs7.o: ../include/openssl/des.h ../include/openssl/dh.h
 pkcs7.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 pkcs7.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-pkcs7.o: ../include/openssl/engine.h ../include/openssl/err.h
-pkcs7.o: ../include/openssl/evp.h ../include/openssl/idea.h
-pkcs7.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-pkcs7.o: ../include/openssl/md4.h ../include/openssl/md5.h
-pkcs7.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-pkcs7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-pkcs7.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+pkcs7.o: ../include/openssl/err.h ../include/openssl/evp.h
+pkcs7.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+pkcs7.o: ../include/openssl/md2.h ../include/openssl/md4.h
+pkcs7.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+pkcs7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+pkcs7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+pkcs7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+pkcs7.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
 pkcs7.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 pkcs7.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 pkcs7.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -594,15 +585,14 @@ pkcs8.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 pkcs8.o: ../include/openssl/des.h ../include/openssl/dh.h
 pkcs8.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 pkcs8.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-pkcs8.o: ../include/openssl/engine.h ../include/openssl/err.h
-pkcs8.o: ../include/openssl/evp.h ../include/openssl/idea.h
-pkcs8.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-pkcs8.o: ../include/openssl/md4.h ../include/openssl/md5.h
-pkcs8.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-pkcs8.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
-pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+pkcs8.o: ../include/openssl/err.h ../include/openssl/evp.h
+pkcs8.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+pkcs8.o: ../include/openssl/md2.h ../include/openssl/md4.h
+pkcs8.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+pkcs8.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+pkcs8.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+pkcs8.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+pkcs8.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
 pkcs8.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 pkcs8.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 pkcs8.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -616,19 +606,19 @@ rand.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 rand.o: ../include/openssl/des.h ../include/openssl/dh.h
 rand.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 rand.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-rand.o: ../include/openssl/engine.h ../include/openssl/err.h
-rand.o: ../include/openssl/evp.h ../include/openssl/idea.h
-rand.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-rand.o: ../include/openssl/md4.h ../include/openssl/md5.h
-rand.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-rand.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
-rand.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-rand.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-rand.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+rand.o: ../include/openssl/err.h ../include/openssl/evp.h
+rand.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+rand.o: ../include/openssl/md2.h ../include/openssl/md4.h
+rand.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+rand.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+rand.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+rand.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
+rand.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+rand.o: ../include/openssl/x509_vfy.h apps.h
 req.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 req.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 req.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -636,15 +626,14 @@ req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 req.o: ../include/openssl/des.h ../include/openssl/dh.h
 req.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 req.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-req.o: ../include/openssl/engine.h ../include/openssl/err.h
-req.o: ../include/openssl/evp.h ../include/openssl/idea.h
-req.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-req.o: ../include/openssl/md4.h ../include/openssl/md5.h
-req.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-req.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-req.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-req.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+req.o: ../include/openssl/err.h ../include/openssl/evp.h
+req.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+req.o: ../include/openssl/md2.h ../include/openssl/md4.h
+req.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+req.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+req.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+req.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
 req.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 req.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 req.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -658,15 +647,14 @@ rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 rsa.o: ../include/openssl/des.h ../include/openssl/dh.h
 rsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 rsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-rsa.o: ../include/openssl/engine.h ../include/openssl/err.h
-rsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
-rsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-rsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
-rsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-rsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-rsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+rsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+rsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+rsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
+rsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+rsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+rsa.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
 rsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 rsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -679,15 +667,14 @@ rsautl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 rsautl.o: ../include/openssl/des.h ../include/openssl/dh.h
 rsautl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 rsautl.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-rsautl.o: ../include/openssl/engine.h ../include/openssl/err.h
-rsautl.o: ../include/openssl/evp.h ../include/openssl/idea.h
-rsautl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-rsautl.o: ../include/openssl/md4.h ../include/openssl/md5.h
-rsautl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-rsautl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-rsautl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-rsautl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-rsautl.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+rsautl.o: ../include/openssl/err.h ../include/openssl/evp.h
+rsautl.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+rsautl.o: ../include/openssl/md2.h ../include/openssl/md4.h
+rsautl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+rsautl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+rsautl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+rsautl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+rsautl.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
 rsautl.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 rsautl.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 rsautl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -723,15 +710,14 @@ s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_client.o: ../include/openssl/crypto.h ../include/openssl/des.h
 s_client.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 s_client.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-s_client.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-s_client.o: ../include/openssl/err.h ../include/openssl/evp.h
-s_client.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-s_client.o: ../include/openssl/md2.h ../include/openssl/md4.h
-s_client.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-s_client.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s_client.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s_client.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s_client.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s_client.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s_client.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s_client.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s_client.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s_client.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s_client.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s_client.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 s_client.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 s_client.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -748,15 +734,14 @@ s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_server.o: ../include/openssl/crypto.h ../include/openssl/des.h
 s_server.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 s_server.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-s_server.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-s_server.o: ../include/openssl/err.h ../include/openssl/evp.h
-s_server.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-s_server.o: ../include/openssl/md2.h ../include/openssl/md4.h
-s_server.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-s_server.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s_server.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s_server.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s_server.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s_server.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s_server.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s_server.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s_server.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s_server.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s_server.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s_server.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 s_server.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 s_server.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -843,15 +828,14 @@ smime.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 smime.o: ../include/openssl/des.h ../include/openssl/dh.h
 smime.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 smime.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-smime.o: ../include/openssl/engine.h ../include/openssl/err.h
-smime.o: ../include/openssl/evp.h ../include/openssl/idea.h
-smime.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-smime.o: ../include/openssl/md4.h ../include/openssl/md5.h
-smime.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-smime.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-smime.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-smime.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-smime.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+smime.o: ../include/openssl/err.h ../include/openssl/evp.h
+smime.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+smime.o: ../include/openssl/md2.h ../include/openssl/md4.h
+smime.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+smime.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+smime.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+smime.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+smime.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
 smime.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 smime.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 smime.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -864,20 +848,20 @@ speed.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 speed.o: ../include/openssl/des.h ../include/openssl/dh.h
 speed.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 speed.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-speed.o: ../include/openssl/engine.h ../include/openssl/err.h
-speed.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-speed.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-speed.o: ../include/openssl/md2.h ../include/openssl/md4.h
-speed.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-speed.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-speed.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
-speed.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-speed.o: ../include/openssl/x509_vfy.h ./testdsa.h ./testrsa.h apps.h
+speed.o: ../include/openssl/err.h ../include/openssl/evp.h
+speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h
+speed.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+speed.o: ../include/openssl/md4.h ../include/openssl/md5.h
+speed.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+speed.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+speed.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
+speed.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+speed.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+speed.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+speed.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+speed.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ./testdsa.h
+speed.o: ./testrsa.h apps.h
 spkac.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 spkac.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 spkac.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -885,15 +869,14 @@ spkac.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 spkac.o: ../include/openssl/des.h ../include/openssl/dh.h
 spkac.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 spkac.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-spkac.o: ../include/openssl/engine.h ../include/openssl/err.h
-spkac.o: ../include/openssl/evp.h ../include/openssl/idea.h
-spkac.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-spkac.o: ../include/openssl/md4.h ../include/openssl/md5.h
-spkac.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-spkac.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-spkac.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-spkac.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+spkac.o: ../include/openssl/err.h ../include/openssl/evp.h
+spkac.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+spkac.o: ../include/openssl/md2.h ../include/openssl/md4.h
+spkac.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+spkac.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+spkac.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+spkac.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+spkac.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
 spkac.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 spkac.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 spkac.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -906,15 +889,14 @@ verify.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 verify.o: ../include/openssl/des.h ../include/openssl/dh.h
 verify.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 verify.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-verify.o: ../include/openssl/engine.h ../include/openssl/err.h
-verify.o: ../include/openssl/evp.h ../include/openssl/idea.h
-verify.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-verify.o: ../include/openssl/md4.h ../include/openssl/md5.h
-verify.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-verify.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-verify.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-verify.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+verify.o: ../include/openssl/err.h ../include/openssl/evp.h
+verify.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+verify.o: ../include/openssl/md2.h ../include/openssl/md4.h
+verify.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+verify.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+verify.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+verify.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+verify.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
 verify.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 verify.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 verify.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -947,15 +929,14 @@ x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 x509.o: ../include/openssl/des.h ../include/openssl/dh.h
 x509.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 x509.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-x509.o: ../include/openssl/engine.h ../include/openssl/err.h
-x509.o: ../include/openssl/evp.h ../include/openssl/idea.h
-x509.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-x509.o: ../include/openssl/md4.h ../include/openssl/md5.h
-x509.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-x509.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-x509.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-x509.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+x509.o: ../include/openssl/err.h ../include/openssl/evp.h
+x509.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+x509.o: ../include/openssl/md2.h ../include/openssl/md4.h
+x509.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+x509.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+x509.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+x509.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+x509.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
 x509.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 x509.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 x509.o: ../include/openssl/safestack.h ../include/openssl/sha.h

apps/app_rand.c

@@ -177,8 +177,10 @@ long app_RAND_load_files(char *name)
 		if (*n == '\0') break;
 
 		egd=RAND_egd(n);
-		if (egd > 0) tot+=egd;
-		tot+=RAND_load_file(n,-1);
+		if (egd > 0)
+			tot+=egd;
+		else
+			tot+=RAND_load_file(n,-1);
 		if (last) break;
 		}
 	if (tot > 512)

apps/apps.c

@@ -170,8 +170,6 @@ int str2fmt(char *s)
 		|| (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0)
 		|| (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0))
 		return(FORMAT_PKCS12);
-	else if ((*s == 'E') || (*s == 'e'))
-		return(FORMAT_ENGINE);
 	else
 		return(FORMAT_UNDEF);
 	}

apps/apps.h

@@ -162,8 +162,6 @@ STACK_OF(X509) *load_certs(BIO *err, char *file, int format);
 #define FORMAT_NETSCAPE 4
 #define FORMAT_PKCS12   5
 #define FORMAT_SMIME    6
-/* Since this is currently inofficial, let's give it a high number */
-#define FORMAT_ENGINE   127
 
 #define NETSCAPE_CERT_HDR	"certificate"
 

apps/ca-cert.srl

@@ -1 +1 @@
-05
+07

apps/ca.c

@@ -74,7 +74,6 @@
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
-#include <openssl/engine.h>
 
 #ifndef W_OK
 #  ifdef VMS
@@ -168,7 +167,6 @@ static char *ca_usage[]={
 " -revoke file    - Revoke a certificate (given in file)\n",
 " -extensions ..  - Extension section (override value in config file)\n",
 " -crlexts ..     - CRL extension section (override value in config file)\n",
-" -engine e       - use engine e, possibly a hardware device.\n",
 NULL
 };
 
@@ -218,7 +216,6 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-	ENGINE *e = NULL;
 	char *key=NULL,*passargin=NULL;
 	int total=0;
 	int total_done=0;
@@ -271,7 +268,6 @@ int MAIN(int argc, char **argv)
 #define BSIZE 256
 	MS_STATIC char buf[3][BSIZE];
 	char *randfile=NULL;
-	char *engine = NULL;
 
 #ifdef EFENCE
 EF_PROTECT_FREE=1;
@@ -423,11 +419,6 @@ EF_ALIGNMENT=0;
 			if (--argc < 1) goto bad;
 			crl_ext= *(++argv);
 			}
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
 		else
 			{
 bad:
@@ -448,24 +439,6 @@ bad:
 
 	ERR_load_crypto_strings();
 
-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto err;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto err;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
 	/*****************************************************************/
 	if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
 	if (configfile == NULL) configfile = getenv("SSLEAY_CONF");

apps/dgst.c

@@ -66,7 +66,6 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
-#include <openssl/engine.h>
 
 #undef BUFSIZE
 #define BUFSIZE	1024*8
@@ -81,7 +80,6 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-	ENGINE *e = NULL;
 	unsigned char *buf=NULL;
 	int i,err=0;
 	const EVP_MD *md=NULL,*m;
@@ -99,7 +97,6 @@ int MAIN(int argc, char **argv)
 	EVP_PKEY *sigkey = NULL;
 	unsigned char *sigbuf = NULL;
 	int siglen = 0;
-	char *engine=NULL;
 
 	apps_startup();
 
@@ -157,11 +154,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) break;
 			sigfile=*(++argv);
 			}
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) break;
-			engine= *(++argv);
-			}
 		else if (strcmp(*argv,"-hex") == 0)
 			out_bin = 0;
 		else if (strcmp(*argv,"-binary") == 0)
@@ -198,7 +190,6 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err,"-prverify file  verify a signature using private key in file\n");
 		BIO_printf(bio_err,"-signature file signature to verify\n");
 		BIO_printf(bio_err,"-binary         output in binary form\n");
-		BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
 
 		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n",
 			LN_md5,LN_md5);
@@ -218,24 +209,6 @@ int MAIN(int argc, char **argv)
 		goto end;
 		}
 
-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto end;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
 	in=BIO_new(BIO_s_file());
 	bmd=BIO_new(BIO_f_md());
 	if (debug)

apps/dh.c

@@ -69,7 +69,6 @@
 #include <openssl/dh.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
-#include <openssl/engine.h>
 
 #undef PROG
 #define PROG	dh_main
@@ -88,12 +87,11 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-	ENGINE *e = NULL;
 	DH *dh=NULL;
 	int i,badops=0,text=0;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,check=0,noout=0,C=0,ret=1;
-	char *infile,*outfile,*prog,*engine;
+	char *infile,*outfile,*prog;
 
 	apps_startup();
 
@@ -101,7 +99,6 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
-	engine=NULL;
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
@@ -132,11 +129,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
 		else if (strcmp(*argv,"-check") == 0)
 			check=1;
 		else if (strcmp(*argv,"-text") == 0)
@@ -168,30 +160,11 @@ bad:
 		BIO_printf(bio_err," -text         print a text form of the DH parameters\n");
 		BIO_printf(bio_err," -C            Output C code\n");
 		BIO_printf(bio_err," -noout        no output\n");
-		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
 		goto end;
 		}
 
 	ERR_load_crypto_strings();
 
-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto end;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
 	if ((in == NULL) || (out == NULL))

apps/dhparam.c

@@ -121,7 +121,6 @@
 #include <openssl/dh.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
-#include <openssl/engine.h>
 
 #ifndef NO_DSA
 #include <openssl/dsa.h>
@@ -149,7 +148,6 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-	ENGINE *e = NULL;
 	DH *dh=NULL;
 	int i,badops=0,text=0;
 #ifndef NO_DSA
@@ -158,7 +156,7 @@ int MAIN(int argc, char **argv)
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,check=0,noout=0,C=0,ret=1;
 	char *infile,*outfile,*prog;
-	char *inrand=NULL,*engine=NULL;
+	char *inrand=NULL;
 	int num = 0, g = 0;
 
 	apps_startup();
@@ -197,11 +195,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
 		else if (strcmp(*argv,"-check") == 0)
 			check=1;
 		else if (strcmp(*argv,"-text") == 0)
@@ -247,7 +240,6 @@ bad:
 		BIO_printf(bio_err," -2            generate parameters using  2 as the generator value\n");
 		BIO_printf(bio_err," -5            generate parameters using  5 as the generator value\n");
 		BIO_printf(bio_err," numbits       number of bits in to generate (default 512)\n");
-		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"               - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"               the random number generator\n");
@@ -257,24 +249,6 @@ bad:
 
 	ERR_load_crypto_strings();
 
-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto end;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
 	if (g && !num)
 		num = DEFBITS;
 

apps/dsa.c

@@ -68,7 +68,6 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
-#include <openssl/engine.h>
 
 #undef PROG
 #define PROG	dsa_main
@@ -88,7 +87,6 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-	ENGINE *e = NULL;
 	int ret=1;
 	DSA *dsa=NULL;
 	int i,badops=0;
@@ -96,7 +94,7 @@ int MAIN(int argc, char **argv)
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,text=0,noout=0;
 	int pubin = 0, pubout = 0;
-	char *infile,*outfile,*prog,*engine;
+	char *infile,*outfile,*prog;
 	char *passargin = NULL, *passargout = NULL;
 	char *passin = NULL, *passout = NULL;
 	int modulus=0;
@@ -107,7 +105,6 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
-	engine=NULL;
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
@@ -148,11 +145,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
 		else if (strcmp(*argv,"-text") == 0)
@@ -184,7 +176,6 @@ bad:
 		BIO_printf(bio_err," -passin arg     input file pass phrase source\n");
 		BIO_printf(bio_err," -out arg        output file\n");
 		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
-		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -des            encrypt PEM output with cbc des\n");
 		BIO_printf(bio_err," -des3           encrypt PEM output with ede cbc des using 168 bit key\n");
 #ifndef NO_IDEA
@@ -198,24 +189,6 @@ bad:
 
 	ERR_load_crypto_strings();
 
-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto end;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
 	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
 		BIO_printf(bio_err, "Error getting passwords\n");
 		goto end;

apps/dsaparam.c

@@ -69,7 +69,6 @@
 #include <openssl/dsa.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
-#include <openssl/engine.h>
 
 #undef PROG
 #define PROG	dsaparam_main
@@ -91,12 +90,11 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-	ENGINE *e = NULL;
 	DSA *dsa=NULL;
 	int i,badops=0,text=0;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,noout=0,C=0,ret=1;
-	char *infile,*outfile,*prog,*inrand=NULL,*engine=NULL;
+	char *infile,*outfile,*prog,*inrand=NULL;
 	int numbits= -1,num,genkey=0;
 	int need_rand=0;
 
@@ -313,7 +311,7 @@ bad:
 		printf("\tdsa->g=BN_bin2bn(dsa%d_g,sizeof(dsa%d_g),NULL);\n",
 			bits_p,bits_p);
 		printf("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n");
-		printf("\t\treturn(NULL);\n");
+		printf("\t\t{ DSA_free(dsa); return(NULL); }\n");
 		printf("\treturn(dsa);\n\t}\n");
 		}
 

apps/enc.c

@@ -70,7 +70,6 @@
 #include <openssl/md5.h>
 #endif
 #include <openssl/pem.h>
-#include <openssl/engine.h>
 
 int set_hex(char *in,unsigned char *out,int size);
 #undef SIZE
@@ -85,7 +84,6 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-	ENGINE *e = NULL;
 	static const char magic[]="Salted__";
 	char mbuf[8];	/* should be 1 smaller than magic */
 	char *strbuf=NULL;
@@ -103,7 +101,6 @@ int MAIN(int argc, char **argv)
 	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
 #define PROG_NAME_SIZE  16
 	char pname[PROG_NAME_SIZE];
-	char *engine = NULL;
 
 	apps_startup();
 
@@ -144,11 +141,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passarg= *(++argv);
 			}
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
 		else if	(strcmp(*argv,"-d") == 0)
 			enc=0;
 		else if	(strcmp(*argv,"-p") == 0)
@@ -249,7 +241,6 @@ bad:
 			BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
 			BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
 			BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
-			BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");
 
 			BIO_printf(bio_err,"Cipher Types\n");
 			BIO_printf(bio_err,"des     : 56 bit key DES encryption\n");
@@ -323,24 +314,6 @@ bad:
 		argv++;
 		}
 
-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto end;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
 	if (bufsize != NULL)
 		{
 		unsigned long n;

apps/gendh.c

@@ -70,7 +70,6 @@
 #include <openssl/dh.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
-#include <openssl/engine.h>
 
 #define DEFBITS	512
 #undef PROG
@@ -82,13 +81,11 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-	ENGINE *e = NULL;
 	DH *dh=NULL;
 	int ret=1,num=DEFBITS;
 	int g=2;
 	char *outfile=NULL;
 	char *inrand=NULL;
-	char *engine=NULL;
 	BIO *out=NULL;
 
 	apps_startup();
@@ -113,11 +110,6 @@ int MAIN(int argc, char **argv)
 			g=3; */
 		else if (strcmp(*argv,"-5") == 0)
 			g=5;
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -133,34 +125,15 @@ int MAIN(int argc, char **argv)
 bad:
 		BIO_printf(bio_err,"usage: gendh [args] [numbits]\n");
 		BIO_printf(bio_err," -out file - output the key to 'file\n");
-		BIO_printf(bio_err," -2        - use 2 as the generator value\n");
-	/*	BIO_printf(bio_err," -3        - use 3 as the generator value\n"); */
-		BIO_printf(bio_err," -5        - use 5 as the generator value\n");
-		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err," -2    use 2 as the generator value\n");
+	/*	BIO_printf(bio_err," -3    use 3 as the generator value\n"); */
+		BIO_printf(bio_err," -5    use 5 as the generator value\n");
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"             the random number generator\n");
 		goto end;
 		}
 		
-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto end;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
 	out=BIO_new(BIO_s_file());
 	if (out == NULL)
 		{

apps/gendsa.c

@@ -68,7 +68,6 @@
 #include <openssl/dsa.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
-#include <openssl/engine.h>
 
 #define DEFBITS	512
 #undef PROG
@@ -78,7 +77,6 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-	ENGINE *e = NULL;
 	DSA *dsa=NULL;
 	int ret=1;
 	char *outfile=NULL;
@@ -86,7 +84,6 @@ int MAIN(int argc, char **argv)
 	char *passargout = NULL, *passout = NULL;
 	BIO *out=NULL,*in=NULL;
 	EVP_CIPHER *enc=NULL;
-	char *engine=NULL;
 
 	apps_startup();
 
@@ -109,11 +106,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -153,7 +145,6 @@ bad:
 #ifndef NO_IDEA
 		BIO_printf(bio_err," -idea     - encrypt the generated key with IDEA in cbc mode\n");
 #endif
-		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"             the random number generator\n");
@@ -162,24 +153,6 @@ bad:
 		goto end;
 		}
 
-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto end;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
 	if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
 		BIO_printf(bio_err, "Error getting password\n");
 		goto end;

apps/genrsa.c

@@ -69,7 +69,6 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
-#include <openssl/engine.h>
 
 #define DEFBITS	512
 #undef PROG
@@ -81,7 +80,6 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-	ENGINE *e = NULL;
 	int ret=1;
 	RSA *rsa=NULL;
 	int i,num=DEFBITS;
@@ -90,7 +88,6 @@ int MAIN(int argc, char **argv)
 	unsigned long f4=RSA_F4;
 	char *outfile=NULL;
 	char *passargout = NULL, *passout = NULL;
-	char *engine=NULL;
 	char *inrand=NULL;
 	BIO *out=NULL;
 
@@ -119,11 +116,6 @@ int MAIN(int argc, char **argv)
 			f4=3;
 		else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
 			f4=RSA_F4;
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -162,7 +154,6 @@ bad:
 		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
 		BIO_printf(bio_err," -f4             use F4 (0x10001) for the E value\n");
 		BIO_printf(bio_err," -3              use 3 for the E value\n");
-		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"                 load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"                 the random number generator\n");
@@ -176,24 +167,6 @@ bad:
 		goto err;
 	}
 
-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto err;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto err;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
@@ -213,8 +186,7 @@ bad:
 			}
 		}
 
-	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
-		&& !RAND_status())
+	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
 		{
 		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
 		}

apps/passwd.c

@@ -315,7 +315,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
 	strncat(out_buf, "$", 1);
 	strncat(out_buf, salt, 8);
 	assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
-	salt_out = out_buf + 6;
+	salt_out = out_buf + 2 + strlen(magic);
 	salt_len = strlen(salt_out);
 	assert(salt_len <= 8);
 	

apps/pca-cert.srl

@@ -1 +1 @@
-01
+07

apps/pkcs12.c

@@ -66,7 +66,6 @@
 #include <openssl/err.h>
 #include <openssl/pem.h>
 #include <openssl/pkcs12.h>
-#include <openssl/engine.h>
 
 #define PROG pkcs12_main
 
@@ -93,7 +92,6 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 {
-    ENGINE *e = NULL;
     char *infile=NULL, *outfile=NULL, *keyname = NULL;	
     char *certfile=NULL;
     BIO *in=NULL, *out = NULL, *inkey = NULL, *certsin = NULL;
@@ -120,7 +118,6 @@ int MAIN(int argc, char **argv)
     char *passin = NULL, *passout = NULL;
     char *inrand = NULL;
     char *CApath = NULL, *CAfile = NULL;
-    char *engine=NULL;
 
     apps_startup();
 
@@ -239,11 +236,6 @@ int MAIN(int argc, char **argv)
 			args++;	
 			CAfile = *args;
 		    } else badarg = 1;
-		} else if (!strcmp(*args,"-engine")) {
-		    if (args[1]) {
-			args++;	
-			engine = *args;
-		    } else badarg = 1;
 		} else badarg = 1;
 
 	} else badarg = 1;
@@ -287,27 +279,12 @@ int MAIN(int argc, char **argv)
 	BIO_printf (bio_err, "-password p   set import/export password source\n");
 	BIO_printf (bio_err, "-passin p     input file pass phrase source\n");
 	BIO_printf (bio_err, "-passout p    output file pass phrase source\n");
-	BIO_printf (bio_err, "-engine e     use engine e, possibly a hardware device.\n");
 	BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 	BIO_printf(bio_err,  "              load the file (or the files in the directory) into\n");
 	BIO_printf(bio_err,  "              the random number generator\n");
     	goto end;
     }
 
-    if (engine != NULL) {
-	if((e = ENGINE_by_id(engine)) == NULL) {
-	    BIO_printf(bio_err,"invalid engine \"%s\"\n", engine);
-	    goto end;
-	}
-	if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
-	    BIO_printf(bio_err,"can't use that engine\n");
-	    goto end;
-	}
-	BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-	/* Free our "structural" reference. */
-	ENGINE_free(e);
-    }
-
     if(passarg) {
 	if(export_cert) passargout = passarg;
 	else passargin = passarg;

apps/pkcs7.c

@@ -67,7 +67,6 @@
 #include <openssl/x509.h>
 #include <openssl/pkcs7.h>
 #include <openssl/pem.h>
-#include <openssl/engine.h>
 
 #undef PROG
 #define PROG	pkcs7_main
@@ -83,7 +82,6 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-	ENGINE *e = NULL;
 	PKCS7 *p7=NULL;
 	int i,badops=0;
 	BIO *in=NULL,*out=NULL;
@@ -91,7 +89,6 @@ int MAIN(int argc, char **argv)
 	char *infile,*outfile,*prog;
 	int print_certs=0,text=0,noout=0;
 	int ret=0;
-	char *engine=NULL;
 
 	apps_startup();
 
@@ -135,11 +132,6 @@ int MAIN(int argc, char **argv)
 			text=1;
 		else if (strcmp(*argv,"-print_certs") == 0)
 			print_certs=1;
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -162,30 +154,11 @@ bad:
 		BIO_printf(bio_err," -print_certs  print any certs or crl in the input\n");
 		BIO_printf(bio_err," -text         print full details of certificates\n");
 		BIO_printf(bio_err," -noout        don't output encoded data\n");
-		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
 		EXIT(1);
 		}
 
 	ERR_load_crypto_strings();
 
-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto end;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
 	if ((in == NULL) || (out == NULL))

apps/pkcs8.c

@@ -62,7 +62,6 @@
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/pkcs12.h>
-#include <openssl/engine.h>
 
 #include "apps.h"
 #define PROG pkcs8_main
@@ -71,7 +70,6 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 {
-	ENGINE *e = NULL;
 	char **args, *infile = NULL, *outfile = NULL;
 	char *passargin = NULL, *passargout = NULL;
 	BIO *in = NULL, *out = NULL;
@@ -87,13 +85,9 @@ int MAIN(int argc, char **argv)
 	EVP_PKEY *pkey;
 	char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
 	int badarg = 0;
-	char *engine=NULL;
-
 	if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
-
 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
-
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_algorithms();
 	args = argv + 1;
@@ -144,11 +138,6 @@ int MAIN(int argc, char **argv)
 			if (!args[1]) goto bad;
 			passargout= *(++args);
 			}
-		else if (strcmp(*args,"-engine") == 0)
-			{
-			if (!args[1]) goto bad;
-			engine= *(++args);
-			}
 		else if (!strcmp (*args, "-in")) {
 			if (args[1]) {
 				args++;
@@ -181,28 +170,9 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err, "-nocrypt        use or expect unencrypted private key\n");
 		BIO_printf(bio_err, "-v2 alg         use PKCS#5 v2.0 and cipher \"alg\"\n");
 		BIO_printf(bio_err, "-v1 obj         use PKCS#5 v1.5 and cipher \"alg\"\n");
-		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 		return (1);
 	}
 
-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			return (1);
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			return (1);
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
 	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
 		BIO_printf(bio_err, "Error getting passwords\n");
 		return (1);

apps/rand.c

@@ -9,7 +9,6 @@
 #include <openssl/bio.h>
 #include <openssl/err.h>
 #include <openssl/rand.h>
-#include <openssl/engine.h>
 
 #undef PROG
 #define PROG rand_main
@@ -24,7 +23,6 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-	ENGINE *e = NULL;
 	int i, r, ret = 1;
 	int badopt;
 	char *outfile = NULL;
@@ -32,7 +30,6 @@ int MAIN(int argc, char **argv)
 	int base64 = 0;
 	BIO *out = NULL;
 	int num = -1;
-	char *engine=NULL;
 
 	apps_startup();
 
@@ -51,13 +48,6 @@ int MAIN(int argc, char **argv)
 			else
 				badopt = 1;
 			}
-		if (strcmp(argv[i], "-engine") == 0)
-			{
-			if ((argv[i+1] != NULL) && (engine == NULL))
-				engine = argv[++i];
-			else
-				badopt = 1;
-			}
 		else if (strcmp(argv[i], "-rand") == 0)
 			{
 			if ((argv[i+1] != NULL) && (inrand == NULL))
@@ -94,31 +84,12 @@ int MAIN(int argc, char **argv)
 		{
 		BIO_printf(bio_err, "Usage: rand [options] num\n");
 		BIO_printf(bio_err, "where options are\n");
-		BIO_printf(bio_err, "-out file             - write to file\n");
-		BIO_printf(bio_err," -engine e             - use engine e, possibly a hardware device.\n");
-		BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
-		BIO_printf(bio_err, "-base64               - encode output\n");
+		BIO_printf(bio_err, "-out file            - write to file\n");
+		BIO_printf(bio_err, "-rand file%cfile%c...  - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+		BIO_printf(bio_err, "-base64              - encode output\n");
 		goto err;
 		}
 
-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto err;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto err;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
 	app_RAND_load_file(NULL, bio_err, (inrand != NULL));
 	if (inrand != NULL)
 		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",

apps/req.c

@@ -73,7 +73,6 @@
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
-#include <openssl/engine.h>
 
 #define SECTION		"req"
 
@@ -141,7 +140,6 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-	ENGINE *e = NULL;
 #ifndef NO_DSA
 	DSA *dsa_params=NULL;
 #endif
@@ -154,7 +152,6 @@ int MAIN(int argc, char **argv)
 	int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
 	int nodes=0,kludge=0,newhdr=0;
 	char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
-	char *engine=NULL;
 	char *extensions = NULL;
 	char *req_exts = NULL;
 	EVP_CIPHER *cipher=NULL;
@@ -198,11 +195,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
 			}
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
 		else if (strcmp(*argv,"-key") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -383,7 +375,6 @@ bad:
 		BIO_printf(bio_err," -verify        verify signature on REQ\n");
 		BIO_printf(bio_err," -modulus       RSA modulus\n");
 		BIO_printf(bio_err," -nodes         don't encrypt the output key\n");
-		BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -key file	use the private key contained in file\n");
 		BIO_printf(bio_err," -keyform arg   key file format\n");
 		BIO_printf(bio_err," -keyout arg    file to send the key to\n");
@@ -531,55 +522,24 @@ bad:
 	if ((in == NULL) || (out == NULL))
 		goto end;
 
-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto end;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
 	if (keyfile != NULL)
 		{
-		if (keyform == FORMAT_ENGINE)
+		if (BIO_read_filename(in,keyfile) <= 0)
 			{
-			if (!e)
-				{
-				BIO_printf(bio_err,"no engine specified\n");
-				goto end;
-				}
-			pkey = ENGINE_load_private_key(e, keyfile, NULL);
+			perror(keyfile);
+			goto end;
+			}
+
+		if (keyform == FORMAT_ASN1)
+			pkey=d2i_PrivateKey_bio(in,NULL);
+		else if (keyform == FORMAT_PEM)
+			{
+			pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,passin);
 			}
 		else
 			{
-			if (BIO_read_filename(in,keyfile) <= 0)
-				{
-				perror(keyfile);
-				goto end;
-				}
-
-			if (keyform == FORMAT_ASN1)
-				pkey=d2i_PrivateKey_bio(in,NULL);
-			else if (keyform == FORMAT_PEM)
-				{
-				pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,
-					passin);
-				}
-			else
-				{
-				BIO_printf(bio_err,"bad input format specified for X509 request\n");
-				goto end;
-				}
+			BIO_printf(bio_err,"bad input format specified for X509 request\n");
+			goto end;
 			}
 
 		if (pkey == NULL)
@@ -725,16 +685,15 @@ loop:
 
 	if (newreq || x509)
 		{
-#ifndef NO_DSA
-		if (pkey->type == EVP_PKEY_DSA)
-			digest=EVP_dss1();
-#endif
-
 		if (pkey == NULL)
 			{
 			BIO_printf(bio_err,"you need to specify a private key\n");
 			goto end;
 			}
+#ifndef NO_DSA
+		if (pkey->type == EVP_PKEY_DSA)
+			digest=EVP_dss1();
+#endif
 		if (req == NULL)
 			{
 			req=X509_REQ_new();

apps/rsa.c

@@ -68,7 +68,6 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
-#include <openssl/engine.h>
 
 #undef PROG
 #define PROG	rsa_main
@@ -91,7 +90,6 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-	ENGINE *e = NULL;
 	int ret=1;
 	RSA *rsa=NULL;
 	int i,badops=0, sgckey=0;
@@ -102,7 +100,6 @@ int MAIN(int argc, char **argv)
 	char *infile,*outfile,*prog;
 	char *passargin = NULL, *passargout = NULL;
 	char *passin = NULL, *passout = NULL;
-	char *engine=NULL;
 	int modulus=0;
 
 	apps_startup();
@@ -151,11 +148,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
 		else if (strcmp(*argv,"-sgckey") == 0)
 			sgckey=1;
 		else if (strcmp(*argv,"-pubin") == 0)
@@ -203,30 +195,11 @@ bad:
 		BIO_printf(bio_err," -check          verify key consistency\n");
 		BIO_printf(bio_err," -pubin          expect a public key in input file\n");
 		BIO_printf(bio_err," -pubout         output a public key\n");
-		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 		goto end;
 		}
 
 	ERR_load_crypto_strings();
 
-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto end;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
 	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
 		BIO_printf(bio_err, "Error getting passwords\n");
 		goto end;

apps/rsautl.c

@@ -55,11 +55,13 @@
  * Hudson (tjh@cryptsoft.com).
  *
  */
+
+#ifndef NO_RSA
+
 #include "apps.h"
 #include <string.h>
 #include <openssl/err.h>
 #include <openssl/pem.h>
-#include <openssl/engine.h>
 
 #define RSA_SIGN 	1
 #define RSA_VERIFY 	2
@@ -80,7 +82,6 @@ int MAIN(int argc, char **);
 
 int MAIN(int argc, char **argv)
 {
-	ENGINE *e = NULL;
 	BIO *in = NULL, *out = NULL;
 	char *infile = NULL, *outfile = NULL;
 	char *keyfile = NULL;
@@ -94,7 +95,6 @@ int MAIN(int argc, char **argv)
 	unsigned char *rsa_in = NULL, *rsa_out = NULL, pad;
 	int rsa_inlen, rsa_outlen = 0;
 	int keysize;
-	char *engine=NULL;
 
 	int ret = 1;
 
@@ -117,9 +117,6 @@ int MAIN(int argc, char **argv)
 		} else if(!strcmp(*argv, "-inkey")) {
 			if (--argc < 1) badarg = 1;
 			keyfile = *(++argv);
-		} else if(!strcmp(*argv, "-engine")) {
-			if (--argc < 1) badarg = 1;
-			engine = *(++argv);
 		} else if(!strcmp(*argv, "-pubin")) {
 			key_type = KEY_PUBKEY;
 		} else if(!strcmp(*argv, "-certin")) {
@@ -154,24 +151,6 @@ int MAIN(int argc, char **argv)
 		goto end;
 	}
 
-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto end;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
 /* FIXME: seed PRNG only if needed */
 	app_RAND_load_file(NULL, bio_err, 0);
 	
@@ -301,7 +280,6 @@ static void usage()
 	BIO_printf(bio_err, "-inkey file     input key\n");
 	BIO_printf(bio_err, "-pubin          input is an RSA public\n");
 	BIO_printf(bio_err, "-certin         input is a certificate carrying an RSA public key\n");
-	BIO_printf(bio_err, "-engine e       use engine e, possibly a hardware device.\n");
 	BIO_printf(bio_err, "-ssl            use SSL v2 padding\n");
 	BIO_printf(bio_err, "-raw            use no padding\n");
 	BIO_printf(bio_err, "-pkcs           use PKCS#1 v1.5 padding (default)\n");
@@ -313,3 +291,4 @@ static void usage()
 	BIO_printf(bio_err, "-hexdump        hex dump output\n");
 }
 
+#endif

apps/s_client.c

@@ -79,7 +79,6 @@ typedef unsigned int u_int;
 #include <openssl/ssl.h>
 #include <openssl/err.h>
 #include <openssl/pem.h>
-#include <openssl/engine.h>
 #include "s_apps.h"
 
 #ifdef WINDOWS
@@ -153,7 +152,7 @@ static void sc_usage(void)
 	BIO_printf(bio_err," -bugs         - Switch on all SSL implementation bug workarounds\n");
 	BIO_printf(bio_err," -cipher       - preferred cipher to use, use the 'openssl ciphers'\n");
 	BIO_printf(bio_err,"                 command to see what is available\n");
-	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
+	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 
 	}
 
@@ -181,8 +180,7 @@ int MAIN(int argc, char **argv)
 	int prexit = 0;
 	SSL_METHOD *meth=NULL;
 	BIO *sbio;
-	char *engine_id=NULL;
-	ENGINE *e=NULL;
+	char *inrand=NULL;
 #ifdef WINDOWS
 	struct timeval tv;
 #endif
@@ -320,10 +318,10 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-nbio") == 0)
 			{ c_nbio=1; }
 #endif
-		else if	(strcmp(*argv,"-engine") == 0)
+		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
-			engine_id = *(++argv);
+			inrand= *(++argv);
 			}
 		else
 			{
@@ -341,7 +339,14 @@ bad:
 		goto end;
 		}
 
-	app_RAND_load_file(NULL, bio_err, 0);
+	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
+		&& !RAND_status())
+		{
+		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
+		}
+	if (inrand != NULL)
+		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+			app_RAND_load_files(inrand));
 
 	if (bio_c_out == NULL)
 		{
@@ -358,30 +363,6 @@ bad:
 
 	OpenSSL_add_ssl_algorithms();
 	SSL_load_error_strings();
-
-	if (engine_id != NULL)
-		{
-		if((e = ENGINE_by_id(engine_id)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine\n");
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		if (c_debug)
-			{
-			ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
-				0, bio_err, 0);
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine_id);
-		ENGINE_free(e);
-		}
-
 	ctx=SSL_CTX_new(meth);
 	if (ctx == NULL)
 		{

apps/s_server.c

@@ -83,7 +83,6 @@ typedef unsigned int u_int;
 #include <openssl/pem.h>
 #include <openssl/x509.h>
 #include <openssl/ssl.h>
-#include <openssl/engine.h>
 #include "s_apps.h"
 
 #ifdef WINDOWS
@@ -177,7 +176,6 @@ static int s_debug=0;
 static int s_quiet=0;
 
 static int hack=0;
-static char *engine_id=NULL;
 
 #ifdef MONOLITH
 static void s_server_init(void)
@@ -200,7 +198,6 @@ static void s_server_init(void)
 	s_debug=0;
 	s_quiet=0;
 	hack=0;
-	engine_id=NULL;
 	}
 #endif
 
@@ -245,7 +242,7 @@ static void sv_usage(void)
 	BIO_printf(bio_err," -bugs         - Turn on SSL bug compatibility\n");
 	BIO_printf(bio_err," -www          - Respond to a 'GET /' with a status page\n");
 	BIO_printf(bio_err," -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
-	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
+	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 	}
 
 static int local_argc=0;
@@ -415,7 +412,7 @@ int MAIN(int argc, char *argv[])
 	int no_tmp_rsa=0,no_dhe=0,nocert=0;
 	int state=0;
 	SSL_METHOD *meth=NULL;
-	ENGINE *e=NULL;
+	char *inrand=NULL;
 #ifndef NO_DH
 	DH *dh=NULL;
 #endif
@@ -570,10 +567,10 @@ int MAIN(int argc, char *argv[])
 		else if	(strcmp(*argv,"-tls1") == 0)
 			{ meth=TLSv1_server_method(); }
 #endif
-		else if (strcmp(*argv,"-engine") == 0)
+		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
-			engine_id= *(++argv);
+			inrand= *(++argv);
 			}
 		else
 			{
@@ -591,7 +588,14 @@ bad:
 		goto end;
 		}
 
-	app_RAND_load_file(NULL, bio_err, 0);
+	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
+		&& !RAND_status())
+		{
+		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
+		}
+	if (inrand != NULL)
+		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+			app_RAND_load_files(inrand));
 
 	if (bio_s_out == NULL)
 		{
@@ -619,29 +623,6 @@ bad:
 	SSL_load_error_strings();
 	OpenSSL_add_ssl_algorithms();
 
-	if (engine_id != NULL)
-		{
-		if((e = ENGINE_by_id(engine_id)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine\n");
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		if (s_debug)
-			{
-			ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
-				0, bio_err, 0);
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine_id);
-		ENGINE_free(e);
-		}
-
 	ctx=SSL_CTX_new(meth);
 	if (ctx == NULL)
 		{
@@ -709,7 +690,8 @@ bad:
 
 #ifndef NO_RSA
 #if 1
-	SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
+	if (!no_tmp_rsa)
+		SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
 #else
 	if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx))
 		{

apps/server.pem

@@ -1,17 +1,17 @@
 issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
-subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit)
+subject= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit)
 -----BEGIN CERTIFICATE-----
-MIIB6TCCAVICAQQwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
+MIIB6TCCAVICAQYwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
 BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
-VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTgwNjI5MjM1MjQwWhcNMDAwNjI4
-MjM1MjQwWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
+VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNMDAxMDE2MjIzMTAzWhcNMDMwMTE0
+MjIzMTAzWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
 A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl
 cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP
 Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2//
-Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCVvvfkGSe2GHgDFfmOua4Isjb9
-JVhImWMASiOClkZlMESDJjsszg/6+d/W+8TrbObhazpl95FivXBVucbj9dudh7AO
-IZu1h1MAPlyknc9Ud816vz3FejB4qqUoaXjnlkrIgEbr/un7jSS86WOe0hRhwHkJ
-FUGcPZf9ND22Etc+AQ==
+Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCT0grFQeZaqYb5EYfk20XixZV4
+GmyAbXMftG1Eo7qGiMhYzRwGNWxEYojf5PZkYZXvSqZ/ZXHXa4g59jK/rJNnaVGM
+k+xIX8mxQvlV0n5O9PIha5BX5teZnkHKgL8aKKLKW1BK7YTngsfSzzaeame5iKfz
+itAE+OjGF+PFKbwX8Q==
 -----END CERTIFICATE-----
 -----BEGIN RSA PRIVATE KEY-----
 MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD

apps/smime.c

@@ -64,7 +64,6 @@
 #include <openssl/crypto.h>
 #include <openssl/pem.h>
 #include <openssl/err.h>
-#include <openssl/engine.h>
 
 #undef PROG
 #define PROG smime_main
@@ -82,7 +81,6 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 {
-	ENGINE *e = NULL;
 	int operation = 0;
 	int ret = 0;
 	char **args;
@@ -105,9 +103,8 @@ int MAIN(int argc, char **argv)
 	char *inrand = NULL;
 	int need_rand = 0;
 	int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
-	char *engine=NULL;
-
 	args = argv + 1;
+
 	ret = 1;
 
 	while (!badarg && *args && *args[0] == '-') {
@@ -156,11 +153,6 @@ int MAIN(int argc, char **argv)
 				inrand = *args;
 			} else badarg = 1;
 			need_rand = 1;
-		} else if (!strcmp(*args,"-engine")) {
-			if (args[1]) {
-				args++;
-				engine = *args;
-			} else badarg = 1;
 		} else if (!strcmp(*args,"-passin")) {
 			if (args[1]) {
 				args++;
@@ -298,7 +290,6 @@ int MAIN(int argc, char **argv)
 		BIO_printf (bio_err, "-text          include or delete text MIME headers\n");
 		BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");
 		BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
-		BIO_printf (bio_err, "-engine e      use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,  "               load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,  "               the random number generator\n");
@@ -306,24 +297,6 @@ int MAIN(int argc, char **argv)
 		goto end;
 	}
 
-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto end;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
 	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
 		BIO_printf(bio_err, "Error getting password\n");
 		goto end;

apps/speed.c

@@ -81,7 +81,6 @@
 #include <openssl/crypto.h>
 #include <openssl/rand.h>
 #include <openssl/err.h>
-#include <openssl/engine.h>
 
 #if defined(__FreeBSD__)
 # define USE_TOD
@@ -311,7 +310,6 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-	ENGINE *e;
 	unsigned char *buf=NULL,*buf2=NULL;
 	int mret=1;
 #define ALGOR_NUM	15
@@ -472,37 +470,6 @@ int MAIN(int argc, char **argv)
 		{
 		if	((argc > 0) && (strcmp(*argv,"-elapsed") == 0))
 			usertime = 0;
-		else
-		if	((argc > 0) && (strcmp(*argv,"-engine") == 0))
-			{
-			argc--;
-			argv++;
-			if(argc == 0)
-				{
-				BIO_printf(bio_err,"no engine given\n");
-				goto end;
-				}
-			if((e = ENGINE_by_id(*argv)) == NULL)
-				{
-				BIO_printf(bio_err,"invalid engine \"%s\"\n",
-					*argv);
-				goto end;
-				}
-			if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-				{
-				BIO_printf(bio_err,"can't use that engine\n");
-				goto end;
-				}
-			BIO_printf(bio_err,"engine \"%s\" set.\n", *argv);
-			/* Free our "structural" reference. */
-			ENGINE_free(e);
-			/* It will be increased again further down.  We just
-			   don't want speed to confuse an engine with an
-			   algorithm, especially when none is given (which
-			   means all of them should be run) */
-			j--;
-			}
-		else
 #ifndef NO_MD2
 		if	(strcmp(*argv,"md2") == 0) doit[D_MD2]=1;
 		else
@@ -550,7 +517,7 @@ int MAIN(int argc, char **argv)
 #ifdef RSAref
 			if (strcmp(*argv,"rsaref") == 0) 
 			{
-			RSA_set_default_openssl_method(RSA_PKCS1_RSAref());
+			RSA_set_default_method(RSA_PKCS1_RSAref());
 			j--;
 			}
 		else
@@ -558,7 +525,7 @@ int MAIN(int argc, char **argv)
 #ifndef RSA_NULL
 			if (strcmp(*argv,"openssl") == 0) 
 			{
-			RSA_set_default_openssl_method(RSA_PKCS1_SSLeay());
+			RSA_set_default_method(RSA_PKCS1_SSLeay());
 			j--;
 			}
 		else
@@ -703,12 +670,11 @@ int MAIN(int argc, char **argv)
 			BIO_printf(bio_err,"\n");
 #endif
 
+#ifdef TIMES
 			BIO_printf(bio_err,"\n");
 			BIO_printf(bio_err,"Available options:\n");
-#ifdef TIMES
 			BIO_printf(bio_err,"-elapsed        measure time in real time instead of CPU user time.\n");
 #endif
-			BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
 			goto end;
 			}
 		argc--;
@@ -1413,7 +1379,6 @@ int MAIN(int argc, char **argv)
 #endif
 	mret=0;
 end:
-	ERR_print_errors(bio_err);
 	if (buf != NULL) OPENSSL_free(buf);
 	if (buf2 != NULL) OPENSSL_free(buf2);
 #ifndef NO_RSA

apps/spkac.c

@@ -69,7 +69,6 @@
 #include <openssl/lhash.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
-#include <openssl/engine.h>
 
 #undef PROG
 #define PROG	spkac_main
@@ -82,7 +81,6 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-	ENGINE *e = NULL;
 	int i,badops=0, ret = 1;
 	BIO *in = NULL,*out = NULL, *key = NULL;
 	int verify=0,noout=0,pubkey=0;
@@ -93,7 +91,6 @@ int MAIN(int argc, char **argv)
 	LHASH *conf = NULL;
 	NETSCAPE_SPKI *spki = NULL;
 	EVP_PKEY *pkey = NULL;
-	char *engine=NULL;
 
 	apps_startup();
 
@@ -139,11 +136,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			spksect= *(++argv);
 			}
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
 		else if (strcmp(*argv,"-pubkey") == 0)
@@ -169,7 +161,6 @@ bad:
 		BIO_printf(bio_err," -noout         don't print SPKAC\n");
 		BIO_printf(bio_err," -pubkey        output public key\n");
 		BIO_printf(bio_err," -verify        verify SPKAC signature\n");
-		BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device.\n");
 		goto end;
 		}
 
@@ -179,24 +170,6 @@ bad:
 		goto end;
 	}
 
-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto end;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
 	if(keyfile) {
 		if(strcmp(keyfile, "-")) key = BIO_new_file(keyfile, "r");
 		else key = BIO_new_fp(stdin, BIO_NOCLOSE);

apps/verify.c

@@ -65,7 +65,6 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 #include <openssl/pem.h>
-#include <openssl/engine.h>
 
 #undef PROG
 #define PROG	verify_main
@@ -79,7 +78,6 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-	ENGINE *e = NULL;
 	int i,ret=1;
 	int purpose = -1;
 	char *CApath=NULL,*CAfile=NULL;
@@ -87,7 +85,6 @@ int MAIN(int argc, char **argv)
 	STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
 	X509_STORE *cert_ctx=NULL;
 	X509_LOOKUP *lookup=NULL;
-	char *engine=NULL;
 
 	cert_ctx=X509_STORE_new();
 	if (cert_ctx == NULL) goto end;
@@ -140,11 +137,6 @@ int MAIN(int argc, char **argv)
 				if (argc-- < 1) goto end;
 				trustfile= *(++argv);
 				}
-			else if (strcmp(*argv,"-engine") == 0)
-				{
-				if (--argc < 1) goto end;
-				engine= *(++argv);
-				}
 			else if (strcmp(*argv,"-help") == 0)
 				goto end;
 			else if (strcmp(*argv,"-issuer_checks") == 0)
@@ -162,24 +154,6 @@ int MAIN(int argc, char **argv)
 			break;
 		}
 
-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto end;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
 	lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
 	if (lookup == NULL) abort();
 	if (CAfile) {
@@ -227,7 +201,7 @@ int MAIN(int argc, char **argv)
 	ret=0;
 end:
 	if (ret == 1) {
-		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-engine e] cert1 cert2 ...\n");
+		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] cert1 cert2 ...\n");
 		BIO_printf(bio_err,"recognized usages:\n");
 		for(i = 0; i < X509_PURPOSE_get_count(); i++) {
 			X509_PURPOSE *ptmp;

apps/x509.c

@@ -73,7 +73,6 @@
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
-#include <openssl/engine.h>
 
 #undef PROG
 #define PROG x509_main
@@ -130,7 +129,6 @@ static char *x509_usage[]={
 " -extensions     - section from config file with X509V3 extensions to add\n",
 " -clrext         - delete extensions before signing and input certificate\n",
 " -nameopt arg    - various certificate name options\n",
-" -engine e       - use engine e, possibly a hardware device.\n",
 NULL
 };
 
@@ -147,7 +145,6 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-	ENGINE *e = NULL;
 	int ret=1;
 	X509_REQ *req=NULL;
 	X509 *x=NULL,*xca=NULL;
@@ -178,7 +175,6 @@ int MAIN(int argc, char **argv)
 	int need_rand = 0;
 	int checkend=0,checkoffset=0;
 	unsigned long nmflag = 0;
-	char *engine=NULL;
 
 	reqfile=0;
 
@@ -341,11 +337,6 @@ int MAIN(int argc, char **argv)
 			alias= *(++argv);
 			trustout = 1;
 			}
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
 		else if (strcmp(*argv,"-C") == 0)
 			C= ++num;
 		else if (strcmp(*argv,"-email") == 0)
@@ -429,24 +420,6 @@ bad:
 		goto end;
 		}
 
-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto end;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
 	if (need_rand)
 		app_RAND_load_file(NULL, bio_err, 0);
 

config

@@ -168,7 +168,7 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
         ;;
 
     NetBSD:*:*:*386*)
-        echo "`/usr/sbin/sysctl -n hw.model | sed 's,.*\(.\)86-class.*,i\186,'`-whatever-netbsd"; exit 0
+        echo "`(/usr/sbin/sysctl -n hw.model || /sbin/sysctl -n hw.model) | sed 's,.*\(.\)86-class.*,i\186,'`-whatever-netbsd"; exit 0
 	;;
 
     NetBSD:*)
@@ -393,10 +393,16 @@ case "$GUESSOS" in
 	;;
   mips4-sgi-irix64)
 	echo "WARNING! If you wish to build 64-bit library, then you have to"
-	echo "         invoke './Configre irix64-mips4-$CC' *manually*."
-	echo "         Type Ctrl-C if you don't want to continue."
+	echo "         invoke './Configure irix64-mips4-$CC' *manually*."
+	echo "         Type return if you want to continue, Ctrl-C to abort."
 	read waste < /dev/tty
-	options="$options -mips4"
+        CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
+        CPU=${CPU:-0}
+        if [ $CPU -ge 5000 ]; then
+                options="$options -mips4"
+        else
+                options="$options -mips3"
+        fi
 	OUT="irix-mips3-$CC"
 	;;
   alpha-*-linux2)
@@ -423,11 +429,11 @@ case "$GUESSOS" in
 	#till 64-bit glibc for SPARC is operational:-(
 	#echo "WARNING! If you wish to build 64-bit library, then you have to"
 	#echo "         invoke './Configure linux64-sparcv9' *manually*."
-	#echo "         Type Ctrl-C if you don't want to continue."
+	#echo "         Type return if you want to continue, Ctrl-C to abort."
 	#read waste < /dev/tty
 	OUT="linux-sparcv9" ;;
   sparc-*-linux2)
-	KARCH=`awk '/type/{print$3}' /proc/cpuinfo`
+	KARCH=`awk '/^type/{print$3}' /proc/cpuinfo`
 	case ${KARCH:-sun4} in
 	sun4u*)	OUT="linux-sparcv9" ;;
 	sun4m)	OUT="linux-sparcv8" ;;
@@ -435,6 +441,7 @@ case "$GUESSOS" in
 	*)	OUT="linux-sparcv7" ;;
 	esac ;;
   arm*-*-linux2) OUT="linux-elf-arm" ;;
+  s390-*-linux2) OUT="linux-s390" ;;
   *-*-linux2) OUT="linux-elf" ;;
   *-*-linux1) OUT="linux-aout" ;;
   sun4u*-*-solaris2)
@@ -442,7 +449,7 @@ case "$GUESSOS" in
 	if [ "$ISA64" != "" -a "$CC" = "cc" -a $CCVER -ge 50 ]; then
 		echo "WARNING! If you wish to build 64-bit library, then you have to"
 		echo "         invoke './Configure solaris64-sparcv9-cc' *manually*."
-		echo "         Type Ctrl-C if you don't want to continue."
+		echo "         Type return if you want to continue, Ctrl-C to abort."
 		read waste < /dev/tty
 	fi
 	OUT="solaris-sparcv9-$CC" ;;
@@ -482,27 +489,11 @@ case "$GUESSOS" in
   *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
 esac
 
-# NB: This atalla support has been superceded by the ENGINE support
-# That contains its own header and definitions anyway. Support can
-# be enabled or disabled on any supported platform without external
-# headers, eg. by adding the "hw-atalla" switch to ./config or
-# perl Configure
-#
 # See whether we can compile Atalla support
-#if [ -f /usr/include/atasi.h ]
-#then
-#  options="$options -DATALLA"
-#fi
-
-#get some basic shared lib support (behnke@trustcenter.de)
-case "$OUT" in
-   solaris-*-gcc)
-	if  [ "$SHARED" = "true" ] 
-	 then
-	  options="$options -DPIC -fPIC"
-        fi
-     ;;
-esac
+if [ -f /usr/include/atasi.h ]
+then
+  options="$options -DATALLA"
+fi
 
 # gcc < 2.8 does not support -mcpu=ultrasparc
 if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ]
@@ -573,7 +564,7 @@ OUT="$PREFIX$OUT"
 
 $PERL ./Configure LIST | grep "$OUT" > /dev/null
 if [ $? = "0" ]; then
-  #echo Configuring for $OUT
+  echo Configuring for $OUT
 
   if [ "$TEST" = "true" ]; then
     echo $PERL ./Configure $OUT $options

crypto/Makefile.ssl

@@ -27,15 +27,15 @@ LIBS=
 
 SDIRS=	md2 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
-	bn rsa dsa dh dso engine \
+	bn rsa dsa dh dso \
 	buffer bio stack lhash rand err objects \
 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
 
 GENERAL=Makefile README crypto-lib.com install.com
 
 LIB= $(TOP)/libcrypto.a
-LIBSRC=	cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c
-LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o
+LIBSRC=	cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c
+LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o
 
 SRC= $(LIBSRC)
 
@@ -90,7 +90,8 @@ links:
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 libs:
@@ -197,3 +198,6 @@ tmdiff.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
 tmdiff.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
 tmdiff.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 tmdiff.o: ../include/openssl/tmdiff.h cryptlib.h
+uid.o: ../include/openssl/crypto.h ../include/openssl/opensslv.h
+uid.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+uid.o: ../include/openssl/symhacks.h

crypto/asn1/Makefile.ssl

@@ -75,7 +75,8 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 files:

crypto/asn1/a_strnid.c

@@ -133,7 +133,7 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in,
 	if(tbl) {
 		mask = tbl->mask;
 		if(!(tbl->flags & STABLE_NO_MASK)) mask &= global_mask;
-		ret = ASN1_mbstring_ncopy(out, in, inlen, inform, tbl->mask,
+		ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask,
 					tbl->minsize, tbl->maxsize);
 	} else ret = ASN1_mbstring_copy(out, in, inlen, inform, DIRSTRING_TYPE & global_mask);
 	if(ret <= 0) return NULL;

crypto/asn1/asn1_mac.h

@@ -196,6 +196,9 @@ err:\
 	if ((a != NULL) && (sk_##type##_num(a) != 0)) \
 		M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
 
+#define M_ASN1_I2D_put_SEQUENCE_opt_ex_type(type,a,f) \
+	if (a) M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
+
 #define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \
 	if ((c.slen != 0) && \
 		(M_ASN1_next == \
@@ -389,6 +392,9 @@ err:\
 		if ((a != NULL) && (sk_##type##_num(a) != 0)) \
 			M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
 
+#define M_ASN1_I2D_len_SEQUENCE_opt_ex_type(type,a,f) \
+		if (a) M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
+
 #define M_ASN1_I2D_len_IMP_SET(a,f,x) \
 		ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET);
 
@@ -452,6 +458,15 @@ err:\
 			ret+=ASN1_object_size(1,v,mtag); \
 			}
 
+#define M_ASN1_I2D_len_EXP_SEQUENCE_opt_ex_type(type,a,f,mtag,tag,v) \
+		if (a)\
+			{ \
+			v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \
+						 V_ASN1_UNIVERSAL, \
+						 IS_SEQUENCE); \
+			ret+=ASN1_object_size(1,v,mtag); \
+			}
+
 /* Put Macros */
 #define M_ASN1_I2D_put(a,f)	f(a,&p)
 
@@ -536,6 +551,14 @@ err:\
 					       IS_SEQUENCE); \
 			}
 
+#define M_ASN1_I2D_put_EXP_SEQUENCE_opt_ex_type(type,a,f,mtag,tag,v) \
+		if (a) \
+			{ \
+			ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
+			i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \
+					       IS_SEQUENCE); \
+			}
+
 #define M_ASN1_I2D_seq_total() \
 		r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \
 		if (pp == NULL) return(r); \

crypto/asn1/x_crl.c

@@ -71,14 +71,14 @@ int i2d_X509_REVOKED(X509_REVOKED *a, unsigned char **pp)
 
 	M_ASN1_I2D_len(a->serialNumber,i2d_ASN1_INTEGER);
 	M_ASN1_I2D_len(a->revocationDate,i2d_ASN1_TIME);
-	M_ASN1_I2D_len_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+	M_ASN1_I2D_len_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
 					 i2d_X509_EXTENSION);
 
 	M_ASN1_I2D_seq_total();
 
 	M_ASN1_I2D_put(a->serialNumber,i2d_ASN1_INTEGER);
 	M_ASN1_I2D_put(a->revocationDate,i2d_ASN1_TIME);
-	M_ASN1_I2D_put_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+	M_ASN1_I2D_put_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
 					 i2d_X509_EXTENSION);
 
 	M_ASN1_I2D_finish();
@@ -121,7 +121,7 @@ int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **pp)
 		{ M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_TIME); }
 	M_ASN1_I2D_len_SEQUENCE_opt_type(X509_REVOKED,a->revoked,
 					 i2d_X509_REVOKED);
-	M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+	M_ASN1_I2D_len_EXP_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
 					     i2d_X509_EXTENSION,0,
 					     V_ASN1_SEQUENCE,v1);
 
@@ -138,7 +138,7 @@ int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **pp)
 		{ M_ASN1_I2D_put(a->nextUpdate,i2d_ASN1_TIME); }
 	M_ASN1_I2D_put_SEQUENCE_opt_type(X509_REVOKED,a->revoked,
 					 i2d_X509_REVOKED);
-	M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+	M_ASN1_I2D_put_EXP_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
 					     i2d_X509_EXTENSION,0,
 					     V_ASN1_SEQUENCE,v1);
 
@@ -260,7 +260,7 @@ X509_CRL_INFO *X509_CRL_INFO_new(void)
 	M_ASN1_New(ret->lastUpdate,M_ASN1_UTCTIME_new);
 	ret->nextUpdate=NULL;
 	M_ASN1_New(ret->revoked,sk_X509_REVOKED_new_null);
-	M_ASN1_New(ret->extensions,sk_X509_EXTENSION_new_null);
+	ret->extensions = NULL;
 	sk_X509_REVOKED_set_cmp_func(ret->revoked,X509_REVOKED_cmp);
 	return(ret);
 	M_ASN1_New_Error(ASN1_F_X509_CRL_INFO_NEW);

crypto/asn1/x_name.c

@@ -141,8 +141,9 @@ static int i2d_X509_NAME_entries(X509_NAME *a)
 			}
 		size+=i2d_X509_NAME_ENTRY(ne,NULL);
 		}
-
-	ret+=ASN1_object_size(1,size,V_ASN1_SET);
+	/* If empty no extra SET OF needed */
+	if (ret)
+		ret+=ASN1_object_size(1,size,V_ASN1_SET);
 	if (fe != NULL)
 		fe->size=size;
 

crypto/bf/Makefile.ssl

@@ -44,7 +44,8 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 # elf

crypto/bio/Makefile.ssl

@@ -49,7 +49,8 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 files:

crypto/bio/b_sock.c

@@ -113,8 +113,8 @@ int BIO_get_host_ip(const char *str, unsigned char *ip)
 
 	/* At this point, we have something that is most probably correct
 	   in some way, so let's init the socket. */
-	if (!BIO_sock_init())
-		return(0); /* don't generate another error code here */
+	if (BIO_sock_init() != 1)
+		return 0; /* don't generate another error code here */
 
 	/* If the string actually contained an IP address, we need not do
 	   anything more */
@@ -519,15 +519,15 @@ int BIO_get_accept_socket(char *host, int bind_mode)
 	{
 	int ret=0;
 	struct sockaddr_in server,client;
-	int s= -1,cs;
+	int s=INVALID_SOCKET,cs;
 	unsigned char ip[4];
 	unsigned short port;
-	char *str,*e;
+	char *str=NULL,*e;
 	const char *h,*p;
 	unsigned long l;
 	int err_num;
 
-	if (!BIO_sock_init()) return(INVALID_SOCKET);
+	if (BIO_sock_init() != 1) return(INVALID_SOCKET);
 
 	if ((str=BUF_strdup(host)) == NULL) return(INVALID_SOCKET);
 
@@ -553,7 +553,7 @@ int BIO_get_accept_socket(char *host, int bind_mode)
 		h="*";
 		}
 
-	if (!BIO_get_port(p,&port)) return(INVALID_SOCKET);
+	if (!BIO_get_port(p,&port)) goto err;
 
 	memset((char *)&server,0,sizeof(server));
 	server.sin_family=AF_INET;
@@ -563,7 +563,7 @@ int BIO_get_accept_socket(char *host, int bind_mode)
 		server.sin_addr.s_addr=INADDR_ANY;
 	else
 		{
-		if (!BIO_get_host_ip(h,&(ip[0]))) return(INVALID_SOCKET);
+                if (!BIO_get_host_ip(h,&(ip[0]))) goto err;
 		l=(unsigned long)
 			((unsigned long)ip[0]<<24L)|
 			((unsigned long)ip[1]<<16L)|

crypto/bn/Makefile.ssl

@@ -68,7 +68,8 @@ bnbug: bnbug.c ../../libcrypto.a top
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 # elf

crypto/bn/asm/pa-risc2.s

@@ -1611,7 +1611,7 @@ bn_mul_comba4
 	.IMPORT	$global$,DATA
 	.SPACE	$TEXT$
 	.SUBSPA	$CODE$
-	.SUBSPA	$LIT$,QUAD=0,ALIGN=8,ACCESS=0x2c,SORT=16
+	.SUBSPA	$LIT$,ACCESS=0x2c
 C$7
 	.ALIGN	8
 	.STRINGZ	"Division would overflow (%d)\n"

crypto/bn/asm/pa-risc2W.s

@@ -1598,7 +1598,7 @@ bn_mul_comba4
 	.IMPORT	$global$,DATA
 	.SPACE	$TEXT$
 	.SUBSPA	$CODE$
-	.SUBSPA	$LIT$,QUAD=0,ALIGN=8,ACCESS=0x2c,SORT=16
+	.SUBSPA	$LIT$,ACCESS=0x2c
 C$4
 	.ALIGN	8
 	.STRINGZ	"Division would overflow (%d)\n"

crypto/bn/bn.h

@@ -239,7 +239,7 @@ typedef struct bignum_st
 	} BIGNUM;
 
 /* Used for temp variables */
-#define BN_CTX_NUM	12
+#define BN_CTX_NUM	16
 #define BN_CTX_NUM_POS	12
 typedef struct bignum_ctx
 	{
@@ -328,6 +328,7 @@ BIGNUM *BN_CTX_get(BN_CTX *ctx);
 void	BN_CTX_end(BN_CTX *ctx);
 int     BN_rand(BIGNUM *rnd, int bits, int top,int bottom);
 int     BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom);
+int	BN_rand_range(BIGNUM *rnd, BIGNUM *range);
 int	BN_num_bits(const BIGNUM *a);
 int	BN_num_bits_word(BN_ULONG);
 BIGNUM *BN_new(void);
@@ -467,6 +468,8 @@ BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num);
 # define bn_dump(a,b)
 #endif
 
+int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom);
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
@@ -493,16 +496,19 @@ BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num);
 #define BN_F_BN_MPI2BN					 112
 #define BN_F_BN_NEW					 113
 #define BN_F_BN_RAND					 114
+#define BN_F_BN_RAND_RANGE				 122
 #define BN_F_BN_USUB					 115
 
 /* Reason codes. */
 #define BN_R_ARG2_LT_ARG3				 100
 #define BN_R_BAD_RECIPROCAL				 101
+#define BN_R_BIGNUM_TOO_LONG				 114
 #define BN_R_CALLED_WITH_EVEN_MODULUS			 102
 #define BN_R_DIV_BY_ZERO				 103
 #define BN_R_ENCODING_ERROR				 104
 #define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA		 105
 #define BN_R_INVALID_LENGTH				 106
+#define BN_R_INVALID_RANGE				 115
 #define BN_R_NOT_INITIALIZED				 107
 #define BN_R_NO_INVERSE					 108
 #define BN_R_TOO_MANY_TEMPORARY_VARIABLES		 109

crypto/bn/bn_div.c

@@ -180,13 +180,13 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
 
 	BN_CTX_start(ctx);
 	tmp=BN_CTX_get(ctx);
-	tmp->neg=0;
 	snum=BN_CTX_get(ctx);
 	sdiv=BN_CTX_get(ctx);
 	if (dv == NULL)
 		res=BN_CTX_get(ctx);
 	else	res=dv;
-	if (res == NULL) goto err;
+	if (sdiv==NULL || res == NULL) goto err;
+	tmp->neg=0;
 
 	/* First we normalise the numbers */
 	norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
@@ -237,7 +237,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
 	for (i=0; i<loop-1; i++)
 		{
 		BN_ULONG q,l0;
-#ifdef BN_DIV3W
+#if defined(BN_DIV3W) && !defined(NO_ASM)
 		q=bn_div_3_words(wnump,d1,d0);
 #else
 		BN_ULONG n0,n1,rem=0;

crypto/bn/bn_err.c

@@ -84,6 +84,7 @@ static ERR_STRING_DATA BN_str_functs[]=
 {ERR_PACK(0,BN_F_BN_MPI2BN,0),	"BN_mpi2bn"},
 {ERR_PACK(0,BN_F_BN_NEW,0),	"BN_new"},
 {ERR_PACK(0,BN_F_BN_RAND,0),	"BN_rand"},
+{ERR_PACK(0,BN_F_BN_RAND_RANGE,0),	"BN_rand_range"},
 {ERR_PACK(0,BN_F_BN_USUB,0),	"BN_usub"},
 {0,NULL}
 	};
@@ -92,11 +93,13 @@ static ERR_STRING_DATA BN_str_reasons[]=
 	{
 {BN_R_ARG2_LT_ARG3                       ,"arg2 lt arg3"},
 {BN_R_BAD_RECIPROCAL                     ,"bad reciprocal"},
+{BN_R_BIGNUM_TOO_LONG                    ,"bignum too long"},
 {BN_R_CALLED_WITH_EVEN_MODULUS           ,"called with even modulus"},
 {BN_R_DIV_BY_ZERO                        ,"div by zero"},
 {BN_R_ENCODING_ERROR                     ,"encoding error"},
 {BN_R_EXPAND_ON_STATIC_BIGNUM_DATA       ,"expand on static bignum data"},
 {BN_R_INVALID_LENGTH                     ,"invalid length"},
+{BN_R_INVALID_RANGE                      ,"invalid range"},
 {BN_R_NOT_INITIALIZED                    ,"not initialized"},
 {BN_R_NO_INVERSE                         ,"no inverse"},
 {BN_R_TOO_MANY_TEMPORARY_VARIABLES       ,"too many temporary variables"},

crypto/bn/bn_exp.c

@@ -113,6 +113,13 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
+#ifdef ATALLA
+# include <alloca.h>
+# include <atasi.h>
+# include <assert.h>
+# include <dlfcn.h>
+#endif
+
 
 #define TABLE_SIZE	32
 
@@ -176,6 +183,174 @@ err:
 	}
 
 
+#ifdef ATALLA
+
+/*
+ * This routine will dynamically check for the existance of an Atalla AXL-200
+ * SSL accelerator module.  If one is found, the variable
+ * asi_accelerator_present is set to 1 and the function pointers
+ * ptr_ASI_xxxxxx above will be initialized to corresponding ASI API calls.
+ */
+typedef int tfnASI_GetPerformanceStatistics(int reset_flag,
+					    unsigned int *ret_buf);
+typedef int tfnASI_GetHardwareConfig(long card_num, unsigned int *ret_buf);
+typedef int tfnASI_RSAPrivateKeyOpFn(RSAPrivateKey * rsaKey,
+				     unsigned char *output,
+				     unsigned char *input,
+				     unsigned int modulus_len);
+
+static tfnASI_GetHardwareConfig *ptr_ASI_GetHardwareConfig;
+static tfnASI_RSAPrivateKeyOpFn *ptr_ASI_RSAPrivateKeyOpFn;
+static tfnASI_GetPerformanceStatistics *ptr_ASI_GetPerformanceStatistics;
+static int asi_accelerator_present;
+static int tried_atalla;
+
+void atalla_initialize_accelerator_handle(void)
+	{
+	void *dl_handle;
+	int status;
+	unsigned int config_buf[1024]; 
+	static int tested;
+
+	if(tested)
+		return;
+
+	tested=1;
+
+	bzero((void *)config_buf, 1024);
+
+	/*
+	 * Check to see if the library is present on the system
+	 */
+	dl_handle = dlopen("atasi.so", RTLD_NOW);
+	if (dl_handle == (void *) NULL)
+		{
+/*		printf("atasi.so library is not present on the system\n");
+		printf("No HW acceleration available\n");*/
+		return;
+	        }
+
+	/*
+	 * The library is present.  Now we'll check to insure that the
+	 * LDM is up and running. First we'll get the address of the
+	 * function in the atasi library that we need to see if the
+	 * LDM is operating.
+	 */
+
+	ptr_ASI_GetHardwareConfig =
+	  (tfnASI_GetHardwareConfig *)dlsym(dl_handle,"ASI_GetHardwareConfig");
+
+	if (ptr_ASI_GetHardwareConfig)
+		{
+		/*
+		 * We found the call, now we'll get our config
+		 * status.  If we get a non 0 result, the LDM is not
+		 * running and we cannot use the Atalla ASI *
+		 * library.
+		 */
+		status = (*ptr_ASI_GetHardwareConfig)(0L, config_buf);
+		if (status != 0)
+			{
+			printf("atasi.so library is present but not initialized\n");
+			printf("No HW acceleration available\n");
+			return;
+			}    
+	        }
+	else
+		{
+/*		printf("We found the library, but not the function. Very Strange!\n");*/
+		return ;
+	      	}
+
+	/* 
+	 * It looks like we have acceleration capabilities.  Load up the
+	 * pointers to our ASI API calls.
+	 */
+	ptr_ASI_RSAPrivateKeyOpFn=
+	  (tfnASI_RSAPrivateKeyOpFn *)dlsym(dl_handle, "ASI_RSAPrivateKeyOpFn");
+	if (ptr_ASI_RSAPrivateKeyOpFn == NULL)
+		{
+/*		printf("We found the library, but no RSA function. Very Strange!\n");*/
+		return;
+	        }
+
+	ptr_ASI_GetPerformanceStatistics =
+	  (tfnASI_GetPerformanceStatistics *)dlsym(dl_handle, "ASI_GetPerformanceStatistics");
+	if (ptr_ASI_GetPerformanceStatistics == NULL)
+		{
+/*		printf("We found the library, but no stat function. Very Strange!\n");*/
+		return;
+	      }
+
+	/*
+	 * Indicate that acceleration is available
+	 */
+	asi_accelerator_present = 1;
+
+/*	printf("This system has acceleration!\n");*/
+
+	return;
+	}
+
+/* make sure this only gets called once when bn_mod_exp calls bn_mod_exp_mont */
+int BN_mod_exp_atalla(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m)
+	{
+	unsigned char *abin;
+	unsigned char *pbin;
+	unsigned char *mbin;
+	unsigned char *rbin;
+	int an,pn,mn,ret;
+	RSAPrivateKey keydata;
+
+	atalla_initialize_accelerator_handle();
+	if(!asi_accelerator_present)
+		return 0;
+
+
+/* We should be able to run without size testing */
+# define ASIZE	128
+	an=BN_num_bytes(a);
+	pn=BN_num_bytes(p);
+	mn=BN_num_bytes(m);
+
+	if(an <= ASIZE && pn <= ASIZE && mn <= ASIZE)
+	    {
+	    int size=mn;
+
+	    assert(an <= mn);
+	    abin=alloca(size);
+	    memset(abin,'\0',mn);
+	    BN_bn2bin(a,abin+size-an);
+
+	    pbin=alloca(pn);
+	    BN_bn2bin(p,pbin);
+
+	    mbin=alloca(size);
+	    memset(mbin,'\0',mn);
+	    BN_bn2bin(m,mbin+size-mn);
+
+	    rbin=alloca(size);
+
+	    memset(&keydata,'\0',sizeof keydata);
+	    keydata.privateExponent.data=pbin;
+	    keydata.privateExponent.len=pn;
+	    keydata.modulus.data=mbin;
+	    keydata.modulus.len=size;
+
+	    ret=(*ptr_ASI_RSAPrivateKeyOpFn)(&keydata,rbin,abin,keydata.modulus.len);
+/*fprintf(stderr,"!%s\n",BN_bn2hex(a));*/
+	    if(!ret)
+	        {
+		BN_bin2bn(rbin,keydata.modulus.len,r);
+/*fprintf(stderr,"?%s\n",BN_bn2hex(r));*/
+		return 1;
+	        }
+	    }
+	return 0;
+        }
+#endif /* def ATALLA */
+
+
 int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
 	       BN_CTX *ctx)
 	{
@@ -185,6 +360,13 @@ int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
 	bn_check_top(p);
 	bn_check_top(m);
 
+#ifdef ATALLA
+	if(BN_mod_exp_atalla(r,a,p,m))
+	    return 1;
+/* If it fails, try the other methods (but don't try atalla again) */
+	tried_atalla=1;
+#endif
+
 #ifdef MONT_MUL_MOD
 	/* I have finally been able to take out this pre-condition of
 	 * the top bit being set.  It was caused by an error in BN_div
@@ -210,6 +392,10 @@ int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
 		{ ret=BN_mod_exp_simple(r,a,p,m,ctx); }
 #endif
 
+#ifdef ATALLA
+	tried_atalla=0;
+#endif
+
 	return(ret);
 	}
 
@@ -339,6 +525,12 @@ int BN_mod_exp_mont(BIGNUM *rr, BIGNUM *a, const BIGNUM *p,
 	bn_check_top(p);
 	bn_check_top(m);
 
+#ifdef ATALLA
+	if(!tried_atalla && BN_mod_exp_atalla(rr,a,p,m))
+	    return 1;
+/* If it fails, try the other methods */
+#endif
+
 	if (!(m->d[0] & 1))
 		{
 		BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
@@ -501,6 +693,19 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
 	t = BN_CTX_get(ctx);
 	if (d == NULL || r == NULL || t == NULL) goto err;
 
+#ifdef ATALLA
+	if (!tried_atalla)
+		{
+		BN_set_word(t, a);
+		if (BN_mod_exp_atalla(rr, t, p, m))
+			{
+			BN_CTX_end(ctx);
+			return 1;
+			}
+		}
+/* If it fails, try the other methods */
+#endif
+
 	if (in_mont != NULL)
 		mont=in_mont;
 	else

crypto/bn/bn_lib.c

@@ -62,6 +62,7 @@
 #endif
 
 #include <assert.h>
+#include <limits.h>
 #include <stdio.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
@@ -319,6 +320,12 @@ BIGNUM *bn_expand2(BIGNUM *b, int words)
 
 	if (words > b->dmax)
 		{
+		if (words > (INT_MAX/(4*BN_BITS2)))
+			{
+			BNerr(BN_F_BN_EXPAND2,BN_R_BIGNUM_TOO_LONG);
+			return NULL;
+			}
+			
 		bn_check_top(b);	
 		if (BN_get_flags(b,BN_FLG_STATIC_DATA))
 			{

crypto/bn/bn_rand.c

@@ -76,7 +76,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
 
 	bytes=(bits+7)/8;
 	bit=(bits-1)%8;
-	mask=0xff<<bit;
+	mask=0xff<<(bit+1);
 
 	buf=(unsigned char *)OPENSSL_malloc(bytes);
 	if (buf == NULL)
@@ -100,25 +100,48 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
 			goto err;
 		}
 
-	if (top)
+#if 1
+	if (pseudorand == 2)
 		{
-		if (bit == 0)
+		/* generate patterns that are more likely to trigger BN
+		   library bugs */
+		int i;
+		unsigned char c;
+
+		for (i = 0; i < bytes; i++)
 			{
-			buf[0]=1;
-			buf[1]|=0x80;
+			RAND_pseudo_bytes(&c, 1);
+			if (c >= 128 && i > 0)
+				buf[i] = buf[i-1];
+			else if (c < 42)
+				buf[i] = 0;
+			else if (c < 84)
+				buf[i] = 255;
+			}
+		}
+#endif
+
+	if (top != -1)
+		{
+		if (top)
+			{
+			if (bit == 0)
+				{
+				buf[0]=1;
+				buf[1]|=0x80;
+				}
+			else
+				{
+				buf[0]|=(3<<(bit-1));
+				}
 			}
 		else
 			{
-			buf[0]|=(3<<(bit-1));
-			buf[0]&= ~(mask<<1);
+			buf[0]|=(1<<bit);
 			}
 		}
-	else
-		{
-		buf[0]|=(1<<bit);
-		buf[0]&= ~(mask<<1);
-		}
-	if (bottom) /* set bottom bits to whatever odd is */
+	buf[0] &= ~mask;
+	if (bottom) /* set bottom bit if requested */
 		buf[bytes-1]|=1;
 	if (!BN_bin2bn(buf,bytes,rnd)) goto err;
 	ret=1;
@@ -140,3 +163,61 @@ int     BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
 	{
 	return bnrand(1, rnd, bits, top, bottom);
 	}
+
+#if 1
+int     BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
+	{
+	return bnrand(2, rnd, bits, top, bottom);
+	}
+#endif
+
+/* random number r:  0 <= r < range */
+int	BN_rand_range(BIGNUM *r, BIGNUM *range)
+	{
+	int n;
+
+	if (range->neg || BN_is_zero(range))
+		{
+		BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE);
+		return 0;
+		}
+
+	n = BN_num_bits(range); /* n > 0 */
+
+	if (n == 1)
+		{
+		if (!BN_zero(r)) return 0;
+		}
+	else if (BN_is_bit_set(range, n - 2))
+		{
+		do
+			{
+			/* range = 11..._2, so each iteration succeeds with probability >= .75 */
+			if (!BN_rand(r, n, -1, 0)) return 0;
+			}
+		while (BN_cmp(r, range) >= 0);
+		}
+	else
+		{
+		/* range = 10..._2,
+		 * so  3*range (= 11..._2)  is exactly one bit longer than  range */
+		do
+			{
+			if (!BN_rand(r, n + 1, -1, 0)) return 0;
+			/* If  r < 3*range,  use  r := r MOD range
+			 * (which is either  r, r - range,  or  r - 2*range).
+			 * Otherwise, iterate once more.
+			 * Since  3*range = 11..._2, each iteration succeeds with
+			 * probability >= .75. */
+			if (BN_cmp(r ,range) >= 0)
+				{
+				if (!BN_sub(r, r, range)) return 0;
+				if (BN_cmp(r, range) >= 0)
+					if (!BN_sub(r, r, range)) return 0;
+				}
+			}
+		while (BN_cmp(r, range) >= 0);
+		}
+
+	return 1;
+	}

crypto/bn/bn_shift.c

@@ -172,6 +172,11 @@ int BN_rshift(BIGNUM *r, BIGNUM *a, int n)
 		r->neg=a->neg;
 		if (bn_wexpand(r,a->top-nw+1) == NULL) return(0);
 		}
+	else
+		{
+		if (n == 0)
+			return 1; /* or the copying loop will go berserk */
+		}
 
 	f= &(a->d[nw]);
 	t=r->d;

crypto/bn/bntest.c

@@ -107,11 +107,9 @@ static const char rnd_seed[] = "string to make the random number generator think
 static void message(BIO *out, char *m)
 	{
 	fprintf(stderr, "test %s\n", m);
-#if defined(linux) || defined(__FreeBSD__) /* can we use GNU bc features? */
 	BIO_puts(out, "print \"test ");
 	BIO_puts(out, m);
 	BIO_puts(out, "\\n\"\n");
-#endif
 	}
 
 int main(int argc, char *argv[])
@@ -122,9 +120,7 @@ int main(int argc, char *argv[])
 
 	results = 0;
 
-	RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we don't
-	                                       * even check its return value
-	                                       * (which we should) */
+	RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */
 
 	argc--;
 	argv++;
@@ -253,10 +249,10 @@ int test_add(BIO *bp)
 	BN_init(&b);
 	BN_init(&c);
 
-	BN_rand(&a,512,0,0);
+	BN_bntest_rand(&a,512,0,0);
 	for (i=0; i<num0; i++)
 		{
-		BN_rand(&b,450+i,0,0);
+		BN_bntest_rand(&b,450+i,0,0);
 		a.neg=rand_neg();
 		b.neg=rand_neg();
 		if (bp == NULL)
@@ -305,14 +301,14 @@ int test_sub(BIO *bp)
 		{
 		if (i < num1)
 			{
-			BN_rand(&a,512,0,0);
+			BN_bntest_rand(&a,512,0,0);
 			BN_copy(&b,&a);
 			if (BN_set_bit(&a,i)==0) return(0);
 			BN_add_word(&b,i);
 			}
 		else
 			{
-			BN_rand(&b,400+i-num1,0,0);
+			BN_bntest_rand(&b,400+i-num1,0,0);
 			a.neg=rand_neg();
 			b.neg=rand_neg();
 			}
@@ -362,13 +358,13 @@ int test_div(BIO *bp, BN_CTX *ctx)
 		{
 		if (i < num1)
 			{
-			BN_rand(&a,400,0,0);
+			BN_bntest_rand(&a,400,0,0);
 			BN_copy(&b,&a);
 			BN_lshift(&a,&a,i);
 			BN_add_word(&a,i);
 			}
 		else
-			BN_rand(&b,50+3*(i-num1),0,0);
+			BN_bntest_rand(&b,50+3*(i-num1),0,0);
 		a.neg=rand_neg();
 		b.neg=rand_neg();
 		if (bp == NULL)
@@ -432,13 +428,13 @@ int test_div_recp(BIO *bp, BN_CTX *ctx)
 		{
 		if (i < num1)
 			{
-			BN_rand(&a,400,0,0);
+			BN_bntest_rand(&a,400,0,0);
 			BN_copy(&b,&a);
 			BN_lshift(&a,&a,i);
 			BN_add_word(&a,i);
 			}
 		else
-			BN_rand(&b,50+3*(i-num1),0,0);
+			BN_bntest_rand(&b,50+3*(i-num1),0,0);
 		a.neg=rand_neg();
 		b.neg=rand_neg();
 		BN_RECP_CTX_set(&recp,&b,ctx);
@@ -509,11 +505,11 @@ int test_mul(BIO *bp)
 		{
 		if (i <= num1)
 			{
-			BN_rand(&a,100,0,0);
-			BN_rand(&b,100,0,0);
+			BN_bntest_rand(&a,100,0,0);
+			BN_bntest_rand(&b,100,0,0);
 			}
 		else
-			BN_rand(&b,i-num1,0,0);
+			BN_bntest_rand(&b,i-num1,0,0);
 		a.neg=rand_neg();
 		b.neg=rand_neg();
 		if (bp == NULL)
@@ -562,7 +558,7 @@ int test_sqr(BIO *bp, BN_CTX *ctx)
 
 	for (i=0; i<num0; i++)
 		{
-		BN_rand(&a,40+i*10,0,0);
+		BN_bntest_rand(&a,40+i*10,0,0);
 		a.neg=rand_neg();
 		if (bp == NULL)
 			for (j=0; j<100; j++)
@@ -613,15 +609,15 @@ int test_mont(BIO *bp, BN_CTX *ctx)
 
 	mont=BN_MONT_CTX_new();
 
-	BN_rand(&a,100,0,0); /**/
-	BN_rand(&b,100,0,0); /**/
+	BN_bntest_rand(&a,100,0,0); /**/
+	BN_bntest_rand(&b,100,0,0); /**/
 	for (i=0; i<num2; i++)
 		{
 		int bits = (200*(i+1))/num2;
 
 		if (bits == 0)
 			continue;
-		BN_rand(&n,bits,0,1);
+		BN_bntest_rand(&n,bits,0,1);
 		BN_MONT_CTX_set(mont,&n,ctx);
 
 		BN_to_montgomery(&A,&a,mont,ctx);
@@ -683,10 +679,10 @@ int test_mod(BIO *bp, BN_CTX *ctx)
 	d=BN_new();
 	e=BN_new();
 
-	BN_rand(a,1024,0,0); /**/
+	BN_bntest_rand(a,1024,0,0); /**/
 	for (i=0; i<num0; i++)
 		{
-		BN_rand(b,450+i*10,0,0); /**/
+		BN_bntest_rand(b,450+i*10,0,0); /**/
 		a->neg=rand_neg();
 		b->neg=rand_neg();
 		if (bp == NULL)
@@ -732,11 +728,11 @@ int test_mod_mul(BIO *bp, BN_CTX *ctx)
 	d=BN_new();
 	e=BN_new();
 
-	BN_rand(c,1024,0,0); /**/
+	BN_bntest_rand(c,1024,0,0); /**/
 	for (i=0; i<num0; i++)
 		{
-		BN_rand(a,475+i*10,0,0); /**/
-		BN_rand(b,425+i*11,0,0); /**/
+		BN_bntest_rand(a,475+i*10,0,0); /**/
+		BN_bntest_rand(b,425+i*11,0,0); /**/
 		a->neg=rand_neg();
 		b->neg=rand_neg();
 	/*	if (bp == NULL)
@@ -794,11 +790,11 @@ int test_mod_exp(BIO *bp, BN_CTX *ctx)
 	d=BN_new();
 	e=BN_new();
 
-	BN_rand(c,30,0,1); /* must be odd for montgomery */
+	BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
 	for (i=0; i<num2; i++)
 		{
-		BN_rand(a,20+i*5,0,0); /**/
-		BN_rand(b,2+i,0,0); /**/
+		BN_bntest_rand(a,20+i*5,0,0); /**/
+		BN_bntest_rand(b,2+i,0,0); /**/
 
 		if (!BN_mod_exp(d,a,b,c,ctx))
 			return(00);
@@ -848,8 +844,8 @@ int test_exp(BIO *bp, BN_CTX *ctx)
 
 	for (i=0; i<num2; i++)
 		{
-		BN_rand(a,20+i*5,0,0); /**/
-		BN_rand(b,2+i,0,0); /**/
+		BN_bntest_rand(a,20+i*5,0,0); /**/
+		BN_bntest_rand(b,2+i,0,0); /**/
 
 		if (!BN_exp(d,a,b,ctx))
 			return(00);
@@ -899,7 +895,7 @@ int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_)
 	else
 	    {
 	    a=BN_new();
-	    BN_rand(a,200,0,0); /**/
+	    BN_bntest_rand(a,200,0,0); /**/
 	    a->neg=rand_neg();
 	    }
 	for (i=0; i<num0; i++)
@@ -951,7 +947,7 @@ int test_lshift1(BIO *bp)
 	b=BN_new();
 	c=BN_new();
 
-	BN_rand(a,200,0,0); /**/
+	BN_bntest_rand(a,200,0,0); /**/
 	a->neg=rand_neg();
 	for (i=0; i<num0; i++)
 		{
@@ -995,7 +991,7 @@ int test_rshift(BIO *bp,BN_CTX *ctx)
 	e=BN_new();
 	BN_one(c);
 
-	BN_rand(a,200,0,0); /**/
+	BN_bntest_rand(a,200,0,0); /**/
 	a->neg=rand_neg();
 	for (i=0; i<num0; i++)
 		{
@@ -1038,7 +1034,7 @@ int test_rshift1(BIO *bp)
 	b=BN_new();
 	c=BN_new();
 
-	BN_rand(a,200,0,0); /**/
+	BN_bntest_rand(a,200,0,0); /**/
 	a->neg=rand_neg();
 	for (i=0; i<num0; i++)
 		{

crypto/buffer/Makefile.ssl

@@ -39,7 +39,8 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 files:

crypto/cast/Makefile.ssl

@@ -47,7 +47,8 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 # elf

crypto/comp/Makefile.ssl

@@ -42,7 +42,8 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 files:

crypto/conf/Makefile.ssl

@@ -40,7 +40,8 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 files:

crypto/conf/conf.h

@@ -167,6 +167,8 @@ int NCONF_dump_bio(CONF *conf, BIO *out);
 #define CONF_R_MISSING_EQUAL_SIGN			 101
 #define CONF_R_NO_CLOSE_BRACE				 102
 #define CONF_R_NO_CONF					 105
+#define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE		 106
+#define CONF_R_NO_SECTION				 107
 #define CONF_R_UNABLE_TO_CREATE_NEW_SECTION		 103
 #define CONF_R_VARIABLE_HAS_NO_VALUE			 104
 

crypto/conf/conf_err.c

@@ -87,6 +87,8 @@ static ERR_STRING_DATA CONF_str_reasons[]=
 {CONF_R_MISSING_EQUAL_SIGN               ,"missing equal sign"},
 {CONF_R_NO_CLOSE_BRACE                   ,"no close brace"},
 {CONF_R_NO_CONF                          ,"no conf"},
+{CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE  ,"no conf or environment variable"},
+{CONF_R_NO_SECTION                       ,"no section"},
 {CONF_R_UNABLE_TO_CREATE_NEW_SECTION     ,"unable to create new section"},
 {CONF_R_VARIABLE_HAS_NO_VALUE            ,"variable has no value"},
 {0,NULL}

crypto/conf/conf_lib.c

@@ -131,38 +131,59 @@ LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline)
 
 STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,char *section)
 	{
-	CONF ctmp;
+	if (conf == NULL)
+		{
+		return NULL;
+		}
+	else
+		{
+		CONF ctmp;
 
-	if (default_CONF_method == NULL)
-		default_CONF_method = NCONF_default();
+		if (default_CONF_method == NULL)
+			default_CONF_method = NCONF_default();
 
-	default_CONF_method->init(&ctmp);
-	ctmp.data = conf;
-	return NCONF_get_section(&ctmp, section);
+		default_CONF_method->init(&ctmp);
+		ctmp.data = conf;
+		return NCONF_get_section(&ctmp, section);
+		}
 	}
 
 char *CONF_get_string(LHASH *conf,char *group,char *name)
 	{
-	CONF ctmp;
+	if (conf == NULL)
+		{
+		return NCONF_get_string(NULL, group, name);
+		}
+	else
+		{
+		CONF ctmp;
 
-	if (default_CONF_method == NULL)
-		default_CONF_method = NCONF_default();
+		if (default_CONF_method == NULL)
+			default_CONF_method = NCONF_default();
 
-	default_CONF_method->init(&ctmp);
-	ctmp.data = conf;
-	return NCONF_get_string(&ctmp, group, name);
+		default_CONF_method->init(&ctmp);
+		ctmp.data = conf;
+		return NCONF_get_string(&ctmp, group, name);
+		}
 	}
 
 long CONF_get_number(LHASH *conf,char *group,char *name)
 	{
-	CONF ctmp;
+	if (conf == NULL)
+		{
+		return NCONF_get_number(NULL, group, name);
+		}
+	else
+		{
+		CONF ctmp;
 
-	if (default_CONF_method == NULL)
-		default_CONF_method = NCONF_default();
+		if (default_CONF_method == NULL)
+			default_CONF_method = NCONF_default();
 
-	default_CONF_method->init(&ctmp);
-	ctmp.data = conf;
-	return NCONF_get_number(&ctmp, group, name);
+		default_CONF_method->init(&ctmp);
+		ctmp.data = conf;
+		return NCONF_get_number(&ctmp, group, name);
+		}
 	}
 
 void CONF_free(LHASH *conf)
@@ -299,27 +320,46 @@ STACK_OF(CONF_VALUE) *NCONF_get_section(CONF *conf,char *section)
 		return NULL;
 		}
 
+	if (section == NULL)
+		{
+		CONFerr(CONF_F_NCONF_GET_SECTION,CONF_R_NO_SECTION);
+		return NULL;
+		}
+
 	return _CONF_get_section_values(conf, section);
 	}
 
 char *NCONF_get_string(CONF *conf,char *group,char *name)
 	{
+	char *s = _CONF_get_string(conf, group, name);
+
+        /* Since we may get a value from an environment variable even
+           if conf is NULL, let's check the value first */
+        if (s) return s;
+
 	if (conf == NULL)
 		{
-		CONFerr(CONF_F_NCONF_GET_STRING,CONF_R_NO_CONF);
+		CONFerr(CONF_F_NCONF_GET_STRING,
+                        CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE);
 		return NULL;
 		}
-
-	return _CONF_get_string(conf, group, name);
+	return NULL;
 	}
 
 long NCONF_get_number(CONF *conf,char *group,char *name)
 	{
+#if 0 /* As with _CONF_get_string(), we rely on the possibility of finding
+         an environment variable with a suitable name.  Unfortunately, there's
+         no way with the current API to see if we found one or not...
+         The meaning of this is that if a number is not found anywhere, it
+         will always default to 0. */
 	if (conf == NULL)
 		{
-		CONFerr(CONF_F_NCONF_GET_NUMBER,CONF_R_NO_CONF);
+		CONFerr(CONF_F_NCONF_GET_NUMBER,
+                        CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE);
 		return 0;
 		}
+#endif
 	
 	return _CONF_get_number(conf, group, name);
 	}

crypto/cryptlib.c

@@ -100,8 +100,7 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] =
 	"debug_malloc2",
 	"dso",
 	"dynlock",
-	"engine",
-#if CRYPTO_NUM_LOCKS != 29
+#if CRYPTO_NUM_LOCKS != 28
 # error "Inconsistency between crypto.h and cryptlib.c"
 #endif
 	};

crypto/crypto-lib.com

@@ -88,7 +88,7 @@ $! Define The Different Encryption Types.
 $!
 $ ENCRYPT_TYPES = "Basic,MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ -
 		  "DES,RC2,RC4,RC5,IDEA,BF,CAST,"+ -
-		  "BN,RSA,DSA,DH,DSO,ENGINE,"+ -
+		  "BN,RSA,DSA,DH,DSO,"+ -
 		  "BUFFER,BIO,STACK,LHASH,RAND,ERR,OBJECTS,"+ -
 		  "EVP,EVP_2,ASN1,ASN1_2,PEM,X509,X509V3,"+ -
 		  "CONF,TXT_DB,PKCS7,PKCS12,COMP"
@@ -206,8 +206,6 @@ $ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,dsa_err,dsa_ossl"
 $ LIB_DH = "dh_gen,dh_key,dh_lib,dh_check,dh_err"
 $ LIB_DSO = "dso_dl,dso_dlfcn,dso_err,dso_lib,dso_null,"+ -
 	"dso_openssl,dso_win32,dso_vms"
-$ LIB_ENGINE = "engine_err,engine_lib,engine_list,engine_openssl,"+ -
-	"hw_atalla,hw_cswift,hw_ncipher"
 $ LIB_BUFFER = "buffer,buf_err"
 $ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ -
 	"bss_mem,bss_null,bss_fd,"+ -
@@ -1196,9 +1194,7 @@ $     CC = "CC"
 $     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
 	 THEN CC = "CC/DECC"
 $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
-           "/NOLIST/PREFIX=ALL" + -
-	   "/INCLUDE=(SYS$DISK:[],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
-	   CCEXTRAFLAGS
+           "/NOLIST/PREFIX=ALL/INCLUDE=SYS$DISK:[]" + CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
@@ -1230,8 +1226,7 @@ $	WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
 $	EXIT
 $     ENDIF
 $     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
-$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-	   "/INCLUDE=(SYS$DISK:[],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
+$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST/INCLUDE=SYS$DISK:[]" + -
 	   CCEXTRAFLAGS
 $     CCDEFS = """VAXC""," + CCDEFS
 $!
@@ -1263,8 +1258,7 @@ $!
 $!    Use GNU C...
 $!
 $     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-	   "/INCLUDE=(SYS$DISK:[],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
-	   CCEXTRAFLAGS
+	   "/INCLUDE=SYS$DISK:[]" + CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!

crypto/crypto.h

@@ -122,8 +122,7 @@ extern "C" {
 #define	CRYPTO_LOCK_MALLOC2		25
 #define	CRYPTO_LOCK_DSO			26
 #define	CRYPTO_LOCK_DYNLOCK		27
-#define	CRYPTO_LOCK_ENGINE		28
-#define	CRYPTO_NUM_LOCKS		29
+#define	CRYPTO_NUM_LOCKS		28
 
 #define CRYPTO_LOCK		1
 #define CRYPTO_UNLOCK		2
@@ -278,6 +277,8 @@ int CRYPTO_is_mem_check_on(void);
 const char *SSLeay_version(int type);
 unsigned long SSLeay(void);
 
+int OPENSSL_issetugid(void);
+
 int CRYPTO_get_ex_new_index(int idx, STACK_OF(CRYPTO_EX_DATA_FUNCS) **skp, long argl, void *argp,
 	     CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
 int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val);

crypto/des/Makefile.ssl

@@ -57,7 +57,8 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 des: des.o cbc3_enc.o lib

crypto/dh/Makefile.ssl

@@ -39,7 +39,8 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 files:
@@ -100,39 +101,19 @@ dh_gen.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 dh_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 dh_gen.o: ../cryptlib.h
-dh_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-dh_key.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-dh_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-dh_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-dh_key.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-dh_key.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-dh_key.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-dh_key.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-dh_key.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-dh_key.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-dh_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+dh_key.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_key.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
+dh_key.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dh_key.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 dh_key.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
-dh_key.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-dh_key.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-dh_key.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-dh_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dh_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 dh_key.o: ../../include/openssl/symhacks.h ../cryptlib.h
-dh_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-dh_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-dh_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-dh_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-dh_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-dh_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-dh_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-dh_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-dh_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-dh_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
-dh_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-dh_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-dh_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-dh_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-dh_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h
+dh_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_lib.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
+dh_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+dh_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dh_lib.o: ../cryptlib.h

crypto/dh/dh.h

@@ -115,11 +115,7 @@ struct dh_st
 
 	int references;
 	CRYPTO_EX_DATA ex_data;
-#if 0
 	DH_METHOD *meth;
-#else
-	struct engine_st *engine;
-#endif
 	};
 
 #define DH_GENERATOR_2		2
@@ -154,15 +150,10 @@ struct dh_st
 
 DH_METHOD *DH_OpenSSL(void);
 
-void DH_set_default_openssl_method(DH_METHOD *meth);
-DH_METHOD *DH_get_default_openssl_method(void);
-#if 0
+void DH_set_default_method(DH_METHOD *meth);
+DH_METHOD *DH_get_default_method(void);
 DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth);
 DH *DH_new_method(DH_METHOD *meth);
-#else
-int DH_set_method(DH *dh, struct engine_st *engine);
-DH *DH_new_method(struct engine_st *engine);
-#endif
 
 DH *	DH_new(void);
 void	DH_free(DH *dh);

crypto/dh/dh_key.c

@@ -61,7 +61,6 @@
 #include <openssl/bn.h>
 #include <openssl/rand.h>
 #include <openssl/dh.h>
-#include <openssl/engine.h>
 
 static int generate_key(DH *dh);
 static int compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
@@ -73,12 +72,12 @@ static int dh_finish(DH *dh);
 
 int DH_generate_key(DH *dh)
 	{
-	return ENGINE_get_DH(dh->engine)->generate_key(dh);
+	return dh->meth->generate_key(dh);
 	}
 
 int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh)
 	{
-	return ENGINE_get_DH(dh->engine)->compute_key(key, pub_key, dh);
+	return dh->meth->compute_key(key, pub_key, dh);
 	}
 
 static DH_METHOD dh_ossl = {
@@ -100,7 +99,6 @@ DH_METHOD *DH_OpenSSL(void)
 static int generate_key(DH *dh)
 	{
 	int ok=0;
-	unsigned int i;
 	BN_CTX ctx;
 	BN_MONT_CTX *mont;
 	BIGNUM *pub_key=NULL,*priv_key=NULL;
@@ -109,15 +107,11 @@ static int generate_key(DH *dh)
 
 	if (dh->priv_key == NULL)
 		{
-		i=dh->length;
-		if (i == 0)
-			{
-			/* Make the number p-1 bits long */
-			i=BN_num_bits(dh->p)-1;
-			}
 		priv_key=BN_new();
 		if (priv_key == NULL) goto err;
-		if (!BN_rand(priv_key,i,0,0)) goto err;
+		do
+			if (!BN_rand_range(priv_key, dh->p)) goto err;
+		while (BN_is_zero(priv_key));
 		}
 	else
 		priv_key=dh->priv_key;
@@ -138,9 +132,8 @@ static int generate_key(DH *dh)
 		}
 	mont=(BN_MONT_CTX *)dh->method_mont_p;
 
-	if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, pub_key, dh->g,
-				priv_key,dh->p,&ctx,mont))
-		goto err;
+	if (!dh->meth->bn_mod_exp(dh, pub_key,dh->g,priv_key,dh->p,&ctx,mont))
+								goto err;
 		
 	dh->pub_key=pub_key;
 	dh->priv_key=priv_key;
@@ -179,8 +172,7 @@ static int compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh)
 		}
 
 	mont=(BN_MONT_CTX *)dh->method_mont_p;
-	if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, tmp, pub_key,
-				dh->priv_key,dh->p,&ctx,mont))
+	if (!dh->meth->bn_mod_exp(dh, tmp,pub_key,dh->priv_key,dh->p,&ctx,mont))
 		{
 		DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB);
 		goto err;

crypto/dh/dh_lib.c

@@ -60,7 +60,6 @@
 #include "cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/dh.h>
-#include <openssl/engine.h>
 
 const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
 
@@ -68,32 +67,17 @@ static DH_METHOD *default_DH_method;
 static int dh_meth_num = 0;
 static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dh_meth = NULL;
 
-void DH_set_default_openssl_method(DH_METHOD *meth)
+void DH_set_default_method(DH_METHOD *meth)
 {
-	ENGINE *e;
-	/* We'll need to notify the "openssl" ENGINE of this
-	 * change too. We won't bother locking things down at
-	 * our end as there was never any locking in these
-	 * functions! */
-	if(default_DH_method != meth)
-		{
-		default_DH_method = meth;
-		e = ENGINE_by_id("openssl");
-		if(e)
-			{
-			ENGINE_set_DH(e, meth);
-			ENGINE_free(e);
-			}
-		}
+	default_DH_method = meth;
 }
 
-DH_METHOD *DH_get_default_openssl_method(void)
+DH_METHOD *DH_get_default_method(void)
 {
 	if(!default_DH_method) default_DH_method = DH_OpenSSL();
 	return default_DH_method;
 }
 
-#if 0
 DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth)
 {
         DH_METHOD *mtmp;
@@ -103,37 +87,14 @@ DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth)
         if (meth->init) meth->init(dh);
         return mtmp;
 }
-#else
-int DH_set_method(DH *dh, ENGINE *engine)
-{
-	ENGINE *mtmp;
-	DH_METHOD *meth;
-	mtmp = dh->engine;
-	meth = ENGINE_get_DH(mtmp);
-	if (!ENGINE_init(engine))
-		return 0;
-	if (meth->finish) meth->finish(dh);
-	dh->engine= engine;
-	meth = ENGINE_get_DH(engine);
-	if (meth->init) meth->init(dh);
-	/* SHOULD ERROR CHECK THIS!!! */
-	ENGINE_finish(mtmp);
-	return 1;
-}
-#endif
 
 DH *DH_new(void)
 {
 	return DH_new_method(NULL);
 }
 
-#if 0
 DH *DH_new_method(DH_METHOD *meth)
-#else
-DH *DH_new_method(ENGINE *engine)
-#endif
 	{
-	DH_METHOD *meth;
 	DH *ret;
 	ret=(DH *)OPENSSL_malloc(sizeof(DH));
 
@@ -142,17 +103,8 @@ DH *DH_new_method(ENGINE *engine)
 		DHerr(DH_F_DH_NEW,ERR_R_MALLOC_FAILURE);
 		return(NULL);
 		}
-	if(engine)
-		ret->engine = engine;
-	else
-		{
-		if((ret->engine=ENGINE_get_default_DH()) == NULL)
-			{
-			OPENSSL_free(ret);
-			return NULL;
-			}
-		}
-	meth = ENGINE_get_DH(ret->engine);
+	if(meth) ret->meth = meth;
+	else ret->meth = DH_get_default_method();
 	ret->pad=0;
 	ret->version=0;
 	ret->p=NULL;
@@ -167,20 +119,19 @@ DH *DH_new_method(ENGINE *engine)
 	ret->counter = NULL;
 	ret->method_mont_p=NULL;
 	ret->references = 1;
-	ret->flags=meth->flags;
-	if ((meth->init != NULL) && !meth->init(ret))
+	ret->flags=ret->meth->flags;
+	CRYPTO_new_ex_data(dh_meth,ret,&ret->ex_data);
+	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
 		{
+		CRYPTO_free_ex_data(dh_meth,ret,&ret->ex_data);
 		OPENSSL_free(ret);
 		ret=NULL;
 		}
-	else
-		CRYPTO_new_ex_data(dh_meth,ret,&ret->ex_data);
 	return(ret);
 	}
 
 void DH_free(DH *r)
 	{
-	DH_METHOD *meth;
 	int i;
 	if(r == NULL) return;
 	i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH);
@@ -196,11 +147,9 @@ void DH_free(DH *r)
 	}
 #endif
 
-	CRYPTO_free_ex_data(dh_meth, r, &r->ex_data);
+	if(r->meth->finish) r->meth->finish(r);
 
-	meth = ENGINE_get_DH(r->engine);
-	if(meth->finish) meth->finish(r);
-	ENGINE_finish(r->engine);
+	CRYPTO_free_ex_data(dh_meth, r, &r->ex_data);
 
 	if (r->p != NULL) BN_clear_free(r->p);
 	if (r->g != NULL) BN_clear_free(r->g);

crypto/dsa/Makefile.ssl

@@ -41,7 +41,8 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 files:
@@ -115,75 +116,39 @@ dsa_key.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
 dsa_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 dsa_key.o: ../../include/openssl/symhacks.h ../cryptlib.h
 dsa_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-dsa_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-dsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-dsa_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-dsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-dsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-dsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-dsa_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-dsa_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-dsa_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-dsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
-dsa_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-dsa_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-dsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-dsa_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-dsa_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h
+dsa_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dsa_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_lib.o: ../cryptlib.h
 dsa_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-dsa_ossl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-dsa_ossl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-dsa_ossl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-dsa_ossl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-dsa_ossl.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-dsa_ossl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-dsa_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-dsa_ossl.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-dsa_ossl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-dsa_ossl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+dsa_ossl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dsa_ossl.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dsa_ossl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
-dsa_ossl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-dsa_ossl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-dsa_ossl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-dsa_ossl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 dsa_ossl.o: ../../include/openssl/symhacks.h ../cryptlib.h
 dsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-dsa_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-dsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-dsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-dsa_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-dsa_sign.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-dsa_sign.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-dsa_sign.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-dsa_sign.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-dsa_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+dsa_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
-dsa_sign.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-dsa_sign.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-dsa_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-dsa_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 dsa_sign.o: ../../include/openssl/symhacks.h ../cryptlib.h
 dsa_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-dsa_vrf.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-dsa_vrf.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-dsa_vrf.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-dsa_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
-dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-dsa_vrf.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-dsa_vrf.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-dsa_vrf.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-dsa_vrf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+dsa_vrf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_vrf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_vrf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-dsa_vrf.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
-dsa_vrf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-dsa_vrf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-dsa_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+dsa_vrf.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
 dsa_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 dsa_vrf.o: ../cryptlib.h

crypto/dsa/dsa.h

@@ -133,11 +133,7 @@ struct dsa_st
 	char *method_mont_p;
 	int references;
 	CRYPTO_EX_DATA ex_data;
-#if 0
 	DSA_METHOD *meth;
-#else
-	struct engine_st *engine;
-#endif
 	};
 
 #define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \
@@ -163,20 +159,12 @@ int	DSA_do_verify(const unsigned char *dgst,int dgst_len,
 
 DSA_METHOD *DSA_OpenSSL(void);
 
-void        DSA_set_default_openssl_method(DSA_METHOD *);
-DSA_METHOD *DSA_get_default_openssl_method(void);
-#if 0
+void        DSA_set_default_method(DSA_METHOD *);
+DSA_METHOD *DSA_get_default_method(void);
 DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *);
-#else
-int DSA_set_method(DSA *dsa, struct engine_st *engine);
-#endif
 
 DSA *	DSA_new(void);
-#if 0
 DSA *	DSA_new_method(DSA_METHOD *meth);
-#else
-DSA *	DSA_new_method(struct engine_st *engine);
-#endif
 int	DSA_size(DSA *);
 	/* next 4 return -1 on error */
 int	DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp);

crypto/dsa/dsa_key.c

@@ -68,7 +68,6 @@
 int DSA_generate_key(DSA *dsa)
 	{
 	int ok=0;
-	unsigned int i;
 	BN_CTX *ctx=NULL;
 	BIGNUM *pub_key=NULL,*priv_key=NULL;
 
@@ -81,15 +80,9 @@ int DSA_generate_key(DSA *dsa)
 	else
 		priv_key=dsa->priv_key;
 
-	i=BN_num_bits(dsa->q);
-	for (;;)
-		{
-		if (!BN_rand(priv_key,i,0,0))
-			goto err;
-		if (BN_cmp(priv_key,dsa->q) >= 0)
-			BN_sub(priv_key,priv_key,dsa->q);
-		if (!BN_is_zero(priv_key)) break;
-		}
+	do
+		if (!BN_rand_range(priv_key,dsa->q)) goto err;
+	while (BN_is_zero(priv_key));
 
 	if (dsa->pub_key == NULL)
 		{

crypto/dsa/dsa_lib.c

@@ -63,7 +63,6 @@
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
 #include <openssl/asn1.h>
-#include <openssl/engine.h>
 
 const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT;
 
@@ -71,26 +70,12 @@ static DSA_METHOD *default_DSA_method;
 static int dsa_meth_num = 0;
 static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dsa_meth = NULL;
 
-void DSA_set_default_openssl_method(DSA_METHOD *meth)
+void DSA_set_default_method(DSA_METHOD *meth)
 {
-	ENGINE *e;
-	/* We'll need to notify the "openssl" ENGINE of this
-	 * change too. We won't bother locking things down at
-	 * our end as there was never any locking in these
-	 * functions! */
-	if(default_DSA_method != meth)
-		{
-		default_DSA_method = meth;
-		e = ENGINE_by_id("openssl");
-		if(e)
-			{
-			ENGINE_set_DSA(e, meth);
-			ENGINE_free(e);
-			}
-		}
+	default_DSA_method = meth;
 }
 
-DSA_METHOD *DSA_get_default_openssl_method(void)
+DSA_METHOD *DSA_get_default_method(void)
 {
 	if(!default_DSA_method) default_DSA_method = DSA_OpenSSL();
 	return default_DSA_method;
@@ -101,7 +86,6 @@ DSA *DSA_new(void)
 	return DSA_new_method(NULL);
 }
 
-#if 0
 DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth)
 {
         DSA_METHOD *mtmp;
@@ -111,33 +95,10 @@ DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth)
         if (meth->init) meth->init(dsa);
         return mtmp;
 }
-#else
-int DSA_set_method(DSA *dsa, ENGINE *engine)
-	{
-	ENGINE *mtmp;
-	DSA_METHOD *meth;
-	mtmp = dsa->engine;
-	meth = ENGINE_get_DSA(mtmp);
-	if (!ENGINE_init(engine))
-		return 0;
-	if (meth->finish) meth->finish(dsa);
-	dsa->engine = engine;
-	meth = ENGINE_get_DSA(engine);
-	if (meth->init) meth->init(dsa);
-	/* SHOULD ERROR CHECK THIS!!! */
-	ENGINE_finish(mtmp);
-	return 1;
-	}
-#endif
 
 
-#if 0
 DSA *DSA_new_method(DSA_METHOD *meth)
-#else
-DSA *DSA_new_method(ENGINE *engine)
-#endif
 	{
-	DSA_METHOD *meth;
 	DSA *ret;
 
 	ret=(DSA *)OPENSSL_malloc(sizeof(DSA));
@@ -146,17 +107,8 @@ DSA *DSA_new_method(ENGINE *engine)
 		DSAerr(DSA_F_DSA_NEW,ERR_R_MALLOC_FAILURE);
 		return(NULL);
 		}
-	if(engine)
-		ret->engine = engine;
-	else
-		{
-		if((ret->engine=ENGINE_get_default_DSA()) == NULL)
-			{
-			OPENSSL_free(ret);
-			return NULL;
-			}
-		}
-	meth = ENGINE_get_DSA(ret->engine);
+	if(meth) ret->meth = meth;
+	else ret->meth = DSA_get_default_method();
 	ret->pad=0;
 	ret->version=0;
 	ret->write_params=1;
@@ -172,21 +124,20 @@ DSA *DSA_new_method(ENGINE *engine)
 	ret->method_mont_p=NULL;
 
 	ret->references=1;
-	ret->flags=meth->flags;
-	if ((meth->init != NULL) && !meth->init(ret))
+	ret->flags=ret->meth->flags;
+	CRYPTO_new_ex_data(dsa_meth,ret,&ret->ex_data);
+	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
 		{
+		CRYPTO_free_ex_data(dsa_meth,ret,&ret->ex_data);
 		OPENSSL_free(ret);
 		ret=NULL;
 		}
-	else
-		CRYPTO_new_ex_data(dsa_meth,ret,&ret->ex_data);
 	
 	return(ret);
 	}
 
 void DSA_free(DSA *r)
 	{
-	DSA_METHOD *meth;
 	int i;
 
 	if (r == NULL) return;
@@ -204,11 +155,9 @@ void DSA_free(DSA *r)
 		}
 #endif
 
-	CRYPTO_free_ex_data(dsa_meth, r, &r->ex_data);
+	if(r->meth->finish) r->meth->finish(r);
 
-	meth = ENGINE_get_DSA(r->engine);
-	if(meth->finish) meth->finish(r);
-	ENGINE_finish(r->engine);
+	CRYPTO_free_ex_data(dsa_meth, r, &r->ex_data);
 
 	if (r->p != NULL) BN_clear_free(r->p);
 	if (r->q != NULL) BN_clear_free(r->q);

crypto/dsa/dsa_ossl.c

@@ -64,7 +64,6 @@
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
-#include <openssl/engine.h>
 
 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
@@ -180,13 +179,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 	kinv=NULL;
 
 	/* Get random k */
-	for (;;)
-		{
-		if (!BN_rand(&k, BN_num_bits(dsa->q), 0, 0)) goto err;
-		if (BN_cmp(&k,dsa->q) >= 0)
-			BN_sub(&k,&k,dsa->q);
-		if (!BN_is_zero(&k)) break;
-		}
+	do
+		if (!BN_rand_range(&k, dsa->q)) goto err;
+	while (BN_is_zero(&k));
 
 	if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
 		{
@@ -196,7 +191,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 		}
 
 	/* Compute r = (g^k mod p) mod q */
-	if (!ENGINE_get_DSA(dsa->engine)->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
+	if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
 		(BN_MONT_CTX *)dsa->method_mont_p)) goto err;
 	if (!BN_mod(r,r,dsa->q,ctx)) goto err;
 
@@ -274,7 +269,7 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
 	if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err;
 #else
 	{
-	if (!ENGINE_get_DSA(dsa->engine)->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
+	if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
 						dsa->p,ctx,mont)) goto err;
 	/* BN_copy(&u1,&t1); */
 	/* let u1 = u1 mod q */

crypto/dsa/dsa_sign.c

@@ -64,11 +64,10 @@
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
-#include <openssl/engine.h>
 
 DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 	{
-	return ENGINE_get_DSA(dsa->engine)->dsa_do_sign(dgst, dlen, dsa);
+	return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
 	}
 
 int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
@@ -88,6 +87,6 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
 
 int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 	{
-	return ENGINE_get_DSA(dsa->engine)->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
+	return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
 	}
 

crypto/dsa/dsa_vrf.c

@@ -65,12 +65,11 @@
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1_mac.h>
-#include <openssl/engine.h>
 
 int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
 		  DSA *dsa)
 	{
-	return ENGINE_get_DSA(dsa->engine)->dsa_do_verify(dgst, dgst_len, sig, dsa);
+	return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
 	}
 
 /* data has already been hashed (probably with SHA or SHA-1). */

crypto/dso/Makefile.ssl

@@ -41,7 +41,8 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 files:

crypto/dso/dso_dl.c

@@ -187,7 +187,7 @@ static void *dl_bind_var(DSO *dso, const char *symname)
 		DSOerr(DSO_F_DL_BIND_VAR,DSO_R_NULL_HANDLE);
 		return(NULL);
 		}
-	if (shl_findsym(ptr, symname, TYPE_UNDEFINED, &sym) < 0)
+	if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0)
 		{
 		DSOerr(DSO_F_DL_BIND_VAR,DSO_R_SYM_FAILURE);
 		return(NULL);
@@ -216,7 +216,7 @@ static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname)
 		DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_NULL_HANDLE);
 		return(NULL);
 		}
-	if (shl_findsym(ptr, symname, TYPE_UNDEFINED, &sym) < 0)
+	if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0)
 		{
 		DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_SYM_FAILURE);
 		return(NULL);

crypto/engine/.cvsignore

@@ -1,2 +0,0 @@
-lib
-Makefile.save

crypto/engine/Makefile.ssl

@@ -1,220 +0,0 @@
-#
-# OpenSSL/crypto/engine/Makefile
-#
-
-DIR=	engine
-TOP=	../..
-CC=	cc
-INCLUDES= -I.. -I../../include
-CFLAG=-g
-INSTALL_PREFIX=
-OPENSSLDIR=     /usr/local/ssl
-INSTALLTOP=/usr/local/ssl
-MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
-MAKEFILE=	Makefile.ssl
-AR=		ar r
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile
-TEST= enginetest.c
-APPS=
-
-LIB=$(TOP)/libcrypto.a
-LIBSRC= engine_err.c engine_lib.c engine_list.c engine_openssl.c \
-	hw_atalla.c hw_cswift.c hw_ncipher.c
-LIBOBJ= engine_err.o engine_lib.o engine_list.o engine_openssl.o \
-	hw_atalla.o hw_cswift.o hw_ncipher.o
-
-SRC= $(LIBSRC)
-
-EXHEADER= engine.h
-HEADER=	$(EXHEADER)
-
-ALL=    $(GENERAL) $(SRC) $(HEADER)
-
-top:
-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
-
-all:	lib
-
-lib:	$(LIBOBJ)
-	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
-	@touch lib
-
-files:
-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
-
-links:
-	@$(TOP)/util/point.sh Makefile.ssl Makefile
-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
-
-install:
-	@for i in $(EXHEADER) ; \
-	do  \
-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
-	done;
-
-tags:
-	ctags $(SRC)
-
-tests:
-
-lint:
-	lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
-
-dclean:
-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
-	mv -f Makefile.new $(MAKEFILE)
-
-clean:
-	rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-engine_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-engine_err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-engine_err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-engine_err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-engine_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-engine_err.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-engine_err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-engine_err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-engine_err.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-engine_err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-engine_err.o: ../../include/openssl/objects.h
-engine_err.o: ../../include/openssl/opensslconf.h
-engine_err.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
-engine_err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-engine_err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-engine_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-engine_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-engine_err.o: ../../include/openssl/symhacks.h
-engine_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-engine_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-engine_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-engine_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-engine_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-engine_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-engine_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-engine_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-engine_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-engine_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-engine_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-engine_lib.o: ../../include/openssl/objects.h
-engine_lib.o: ../../include/openssl/opensslconf.h
-engine_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
-engine_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-engine_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-engine_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-engine_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-engine_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
-engine_list.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-engine_list.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-engine_list.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-engine_list.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-engine_list.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-engine_list.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-engine_list.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-engine_list.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-engine_list.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-engine_list.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-engine_list.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-engine_list.o: ../../include/openssl/objects.h
-engine_list.o: ../../include/openssl/opensslconf.h
-engine_list.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
-engine_list.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-engine_list.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-engine_list.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-engine_list.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-engine_list.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
-engine_openssl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-engine_openssl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-engine_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-engine_openssl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-engine_openssl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-engine_openssl.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h
-engine_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
-engine_openssl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-engine_openssl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-engine_openssl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-engine_openssl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-engine_openssl.o: ../../include/openssl/obj_mac.h
-engine_openssl.o: ../../include/openssl/objects.h
-engine_openssl.o: ../../include/openssl/opensslconf.h
-engine_openssl.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
-engine_openssl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-engine_openssl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-engine_openssl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-engine_openssl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-engine_openssl.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
-hw_atalla.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-hw_atalla.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-hw_atalla.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-hw_atalla.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-hw_atalla.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-hw_atalla.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h
-hw_atalla.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
-hw_atalla.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-hw_atalla.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-hw_atalla.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-hw_atalla.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-hw_atalla.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-hw_atalla.o: ../../include/openssl/opensslconf.h
-hw_atalla.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
-hw_atalla.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-hw_atalla.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-hw_atalla.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-hw_atalla.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-hw_atalla.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
-hw_atalla.o: vendor_defns/atalla.h
-hw_cswift.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-hw_cswift.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-hw_cswift.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-hw_cswift.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-hw_cswift.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-hw_cswift.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h
-hw_cswift.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
-hw_cswift.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-hw_cswift.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-hw_cswift.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-hw_cswift.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-hw_cswift.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-hw_cswift.o: ../../include/openssl/opensslconf.h
-hw_cswift.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
-hw_cswift.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-hw_cswift.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-hw_cswift.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-hw_cswift.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-hw_cswift.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
-hw_cswift.o: vendor_defns/cswift.h
-hw_ncipher.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-hw_ncipher.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-hw_ncipher.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-hw_ncipher.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-hw_ncipher.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-hw_ncipher.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h
-hw_ncipher.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
-hw_ncipher.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-hw_ncipher.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-hw_ncipher.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-hw_ncipher.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-hw_ncipher.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-hw_ncipher.o: ../../include/openssl/opensslconf.h
-hw_ncipher.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
-hw_ncipher.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
-hw_ncipher.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
-hw_ncipher.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-hw_ncipher.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-hw_ncipher.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-hw_ncipher.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-hw_ncipher.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-hw_ncipher.o: ../cryptlib.h engine_int.h vendor_defns/hwcryptohook.h

crypto/engine/README

@@ -1,278 +0,0 @@
-NOTES, THOUGHTS, and EVERYTHING
--------------------------------
-
-(1) Concurrency and locking ... I made a change to the ENGINE_free code
-    because I spotted a potential hold-up in proceedings (doing too
-    much inside a lock including calling a callback), there may be
-    other bits like this. What do the speed/optimisation freaks think
-    of this aspect of the code and design? There's lots of locking for
-    manipulation functions and I need that to keep things nice and
-    solid, but this manipulation is mostly (de)initialisation, I would
-    think that most run-time locking is purely in the ENGINE_init and
-    ENGINE_finish calls that might be made when getting handles for
-    RSA (and friends') structures. These would be mostly reference
-    count operations as the functional references should always be 1
-    or greater at run-time to prevent init/deinit thrashing.
-
-(2) nCipher support, via the HWCryptoHook API, is now in the code.
-    Apparently this hasn't been tested too much yet, but it looks
-    good. :-) Atalla support has been added too, but shares a lot in
-    common with Ben's original hooks in bn_exp.c (although it has been
-    ENGINE-ified, and error handling wrapped around it) and it's also
-    had some low-volume testing, so it should be usable.
-
-(3) Of more concern, we need to work out (a) how to put together usable
-    RAND_METHODs for units that just have one "get n or less random
-    bytes" function, (b) we also need to determine how to hook the code
-    in crypto/rand/ to use the ENGINE defaults in a way similar to what
-    has been done in crypto/rsa/, crypto/dsa/, etc.
-
-(4) ENGINE should really grow to encompass more than 3 public key
-    algorithms and randomness gathering. The structure/data level of
-    the engine code is hidden from code outside the crypto/engine/
-    directory so change shouldn't be too viral. More important though
-    is how things should evolve ... this needs thought and discussion.
-
-
------------------------------------==*==-----------------------------------
-
-More notes 2000-08-01
----------------------
-
-Geoff Thorpe, who designed the engine part, wrote a pretty good description
-of the thoughts he had when he built it, good enough to include verbatim here
-(with his permission)					-- Richard Levitte
-
-
-Date: Tue, 1 Aug 2000 16:54:08 +0100 (BST)
-From: Geoff Thorpe
-Subject: Re: The thoughts to merge BRANCH_engine into the main trunk are
- emerging
-
-Hi there,
-
-I'm going to try and do some justice to this, but I'm a little short on
-time and the there is an endless amount that could be discussed on this
-subject. sigh ... please bear with me :-)
-
-> The changes in BRANCH_engine dig deep into the core of OpenSSL, for example
-> into the RSA and RAND routines, adding a level of indirection which is needed
-> to keep the abstraction, as far as I understand.  It would be a good thing if
-> those who do play with those things took a look at the changes that have been
-> done in the branch and say out loud how much (or hopefully little) we've made
-> fools of ourselves.
-
-The point here is that the code that has emerged in the BRANCH_engine
-branch was based on some initial requirements of mine that I went in and
-addressed, and Richard has picked up the ball and run with it too. It
-would be really useful to get some review of the approach we've taken, but
-first I think I need to describe as best I can the reasons behind what has
-been done so far, in particular what issues we have tried to address when
-doing this, and what issues we have intentionally (or necessarily) tried
-to avoid.
-
-methods, engines, and evps
---------------------------
-
-There has been some dicussion, particularly with Steve, about where this
-ENGINE stuff might fit into the conceptual picture as/when we start to
-abstract algorithms a little bit to make the library more extensible. In
-particular, it would desirable to have algorithms (symmetric, hash, pkc,
-etc) abstracted in some way that allows them to be just objects sitting in
-a list (or database) ... it'll just happen that the "DSA" object doesn't
-support encryption whereas the "RSA" object does. This requires a lot of
-consideration to begin to know how to tackle it; in particular how
-encapsulated should these things be? If the objects also understand their
-own ASN1 encodings and what-not, then it would for example be possible to
-add support for elliptic-curve DSA in as a new algorithm and automatically
-have ECC-DSA certificates supported in SSL applications. Possible, but not
-easy. :-)
-
-Whatever, it seems that the way to go (if I've grok'd Steve's comments on
-this in the past) is to amalgamate these things in EVP as is already done
-(I think) for ciphers or hashes (Steve, please correct/elaborate). I
-certainly think something should be done in this direction because right
-now we have different source directories, types, functions, and methods
-for each algorithm - even when conceptually they are very much different
-feathers of the same bird. (This is certainly all true for the public-key
-stuff, and may be partially true for the other parts.)
-
-ENGINE was *not* conceived as a way of solving this, far from it. Nor was
-it conceived as a way of replacing the various "***_METHOD"s. It was
-conceived as an abstraction of a sort of "virtual crypto device". If we
-lived in a world where "EVP_ALGO"s (or something like them) encapsulated
-particular algorithms like RSA,DSA,MD5,RC4,etc, and "***_METHOD"s
-encapsulated interfaces to algorithms (eg. some algo's might support a
-PKC_METHOD, a HASH_METHOD, or a CIPHER_METHOD, who knows?), then I would
-think that ENGINE would encapsulate an implementation of arbitrarily many
-of those algorithms - perhaps as alternatives to existing algorithms
-and/or perhaps as new previously unimplemented algorithms. An ENGINE could
-be used to contain an alternative software implementation, a wrapper for a
-hardware acceleration and/or key-management unit, a comms-wrapper for
-distributing cryptographic operations to remote machines, or any other
-"devices" your imagination can dream up.
-
-However, what has been done in the ENGINE branch so far is nothing more
-than starting to get our toes wet. I had a couple of self-imposed
-requirements when putting the initial abstraction together, and I may have
-already posed these in one form or another on the list, but briefly;
-
-   (i) only bother with public key algorithms for now, and maybe RAND too
-       (motivated by the need to get hardware support going and the fact
-       this was a comparitively easy subset to address to begin with).
-
-  (ii) don't change (if at all possible) the existing crypto code, ie. the
-       implementations, the way the ***_METHODs work, etc.
-
- (iii) ensure that if no function from the ENGINE code is ever called then
-       things work the way they always did, and there is no memory
-       allocation (otherwise the failure to cleanup would be a problem -
-       this is part of the reason no STACKs were used, the other part of
-       the reason being I found them inappropriate).
-
-  (iv) ensure that all the built-in crypto was encapsulated by one of
-       these "ENGINE"s and that this engine was automatically selected as
-       the default.
-
-   (v) provide the minimum hooking possible in the existing crypto code
-       so that global functions (eg. RSA_public_encrypt) do not need any
-       extra parameter, yet will use whatever the current default ENGINE
-       for that RSA key is, and that the default can be set "per-key"
-       and globally (new keys will assume the global default, and keys
-       without their own default will be operated on using the global
-       default). NB: Try and make (v) conflict as little as possible with
-       (ii). :-)
-
-  (vi) wrap the ENGINE code up in duct tape so you can't even see the
-       corners. Ie. expose no structures at all, just black-box pointers.
-
-   (v) maintain internally a list of ENGINEs on which a calling
-       application can iterate, interrogate, etc. Allow a calling
-       application to hook in new ENGINEs, remove ENGINEs from the list,
-       and enforce uniqueness within the global list of each ENGINE's
-       "unique id".
-
-  (vi) keep reference counts for everything - eg. this includes storing a
-       reference inside each RSA structure to the ENGINE that it uses.
-       This is freed when the RSA structure is destroyed, or has its
-       ENGINE explicitly changed. The net effect needs to be that at any
-       time, it is deterministic to know whether an ENGINE is in use or
-       can be safely removed (or unloaded in the case of the other type
-       of reference) without invalidating function pointers that may or
-       may not be used indavertently in the future. This was actually
-       one of the biggest problems to overcome in the existing OpenSSL
-       code - implementations had always been assumed to be ever-present,
-       so there was no trivial way to get round this.
-
- (vii) distinguish between structural references and functional
-       references.
-
-A *little* detail
------------------
-
-While my mind is on it; I'll illustrate the bit in item (vii). This idea
-turned out to be very handy - the ENGINEs themselves need to be operated
-on and manipulated simply as objects without necessarily trying to
-"enable" them for use. Eg. most host machines will not have the necessary
-hardware or software to support all the engines one might compile into
-OpenSSL, yet it needs to be possible to iterate across the ENGINEs,
-querying their names, properties, etc - all happening in a thread-safe
-manner that uses reference counts (if you imagine two threads iterating
-through a list and one thread removing the ENGINE the other is currently
-looking at - you can see the gotcha waiting to happen). For all of this,
-*structural references* are used and operate much like the other reference
-counts in OpenSSL.
-
-The other kind of reference count is for *functional* references - these
-indicate a reference on which the caller can actually assume the
-particular ENGINE to be initialised and usable to perform the operations
-it implements. Any increment or decrement of the functional reference
-count automatically invokes a corresponding change in the structural
-reference count, as it is fairly obvious that a functional reference is a
-restricted case of a structural reference. So struct_ref >= funct_ref at
-all times. NB: functional references are usually obtained by a call to
-ENGINE_init(), but can also be created implicitly by calls that require a
-new functional reference to be created, eg. ENGINE_set_default(). Either
-way the only time the underlying ENGINE's "init" function is really called
-is when the (functional) reference count increases to 1, similarly the
-underlying "finish" handler is only called as the count goes down to 0.
-The effect of this, for example, is that if you set the default ENGINE for
-RSA operations to be "cswift", then its functional reference count will
-already be at least 1 so the CryptoSwift shared-library and the card will
-stay loaded and initialised until such time as all RSA keys using the
-cswift ENGINE are changed or destroyed and the default ENGINE for RSA
-operations has been changed. This prevents repeated thrashing of init and
-finish handling if the count keeps getting down as far as zero.
-
-Otherwise, the way the ENGINE code has been put together I think pretty
-much reflects the above points. The reason for the ENGINE structure having
-individual RSA_METHOD, DSA_METHOD, etc pointers is simply that it was the
-easiest way to go about things for now, to hook it all into the raw
-RSA,DSA,etc code, and I was trying to the keep the structure invisible
-anyway so that the way this is internally managed could be easily changed
-later on when we start to work out what's to be done about these other
-abstractions.
-
-Down the line, if some EVP-based technique emerges for adequately
-encapsulating algorithms and all their various bits and pieces, then I can
-imagine that "ENGINE" would turn into a reference-counting database of
-these EVP things, of which the default "openssl" ENGINE would be the
-library's own object database of pre-built software implemented algorithms
-(and such). It would also be cool to see the idea of "METHOD"s detached
-from the algorithms themselves ... so RSA, DSA, ElGamal, etc can all
-expose essentially the same METHOD (aka interface), which would include
-any querying/flagging stuff to identify what the algorithm can/can't do,
-its name, and other stuff like max/min block sizes, key sizes, etc. This
-would result in ENGINE similarly detaching its internal database of
-algorithm implementations from the function definitions that return
-interfaces to them. I think ...
-
-As for DSOs etc. Well the DSO code is pretty handy (but could be made much
-more so) for loading vendor's driver-libraries and talking to them in some
-generic way, but right now there's still big problems associated with
-actually putting OpenSSL code (ie. new ENGINEs, or anything else for that
-matter) in dynamically loadable libraries. These problems won't go away in
-a hurry so I don't think we should expect to have any kind of
-shared-library extensions any time soon - but solving the problems is a
-good thing to aim for, and would as a side-effect probably help make
-OpenSSL more usable as a shared-library itself (looking at the things
-needed to do this will show you why).
-
-One of the problems is that if you look at any of the ENGINE
-implementations, eg. hw_cswift.c or hw_ncipher.c, you'll see how it needs
-a variety of functionality and definitions from various areas of OpenSSL,
-including crypto/bn/, crypto/err/, crypto/ itself (locking for example),
-crypto/dso/, crypto/engine/, crypto/rsa, etc etc etc. So if similar code
-were to be suctioned off into shared libraries, the shared libraries would
-either have to duplicate all the definitions and code and avoid loader
-conflicts, or OpenSSL would have to somehow expose all that functionality
-to the shared-library. If this isn't a big enough problem, the issue of
-binary compatibility will be - anyone writing Apache modules can tell you
-that (Ralf? Ben? :-). However, I don't think OpenSSL would need to be
-quite so forgiving as Apache should be, so OpenSSL could simply tell its
-version to the DSO and leave the DSO with the problem of deciding whether
-to proceed or bail out for fear of binary incompatibilities.
-
-Certainly one thing that would go a long way to addressing this is to
-embark on a bit of an opaqueness mission. I've set the ENGINE code up with
-this in mind - it's so draconian that even to declare your own ENGINE, you
-have to get the engine code to create the underlying ENGINE structure, and
-then feed in the new ENGINE's function/method pointers through various
-"set" functions. The more of the code that takes on such a black-box
-approach, the more of the code that will be (a) easy to expose to shared
-libraries that need it, and (b) easy to expose to applications wanting to
-use OpenSSL itself as a shared-library. From my own explorations in
-OpenSSL, the biggest leviathan I've seen that is a problem in this respect
-is the BIGNUM code. Trying to "expose" the bignum code through any kind of
-organised "METHODs", let alone do all the necessary bignum operations
-solely through functions rather than direct access to the structures and
-macros, will be a massive pain in the "r"s.
-
-Anyway, I'm done for now - hope it was readable. Thoughts?
-
-Cheers,
-Geoff
-
-
------------------------------------==*==-----------------------------------
-

crypto/engine/engine.h

@@ -1,398 +0,0 @@
-/* openssl/engine.h */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_ENGINE_H
-#define HEADER_ENGINE_H
-
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/dsa.h>
-#include <openssl/dh.h>
-#include <openssl/rand.h>
-#include <openssl/evp.h>
-#include <openssl/symhacks.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* These flags are used to control combinations of algorithm (methods)
- * by bitwise "OR"ing. */
-#define ENGINE_METHOD_RSA		(unsigned int)0x0001
-#define ENGINE_METHOD_DSA		(unsigned int)0x0002
-#define ENGINE_METHOD_DH		(unsigned int)0x0004
-#define ENGINE_METHOD_RAND		(unsigned int)0x0008
-#define ENGINE_METHOD_BN_MOD_EXP	(unsigned int)0x0010
-#define ENGINE_METHOD_BN_MOD_EXP_CRT	(unsigned int)0x0020
-/* Obvious all-or-nothing cases. */
-#define ENGINE_METHOD_ALL		(unsigned int)0xFFFF
-#define ENGINE_METHOD_NONE		(unsigned int)0x0000
-
-/* These flags are used to tell the ctrl function what should be done.
- * All command numbers are shared between all engines, even if some don't
- * make sense to some engines.  In such a case, they do nothing but return
- * the error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. */
-#define ENGINE_CTRL_SET_LOGSTREAM		1
-#define ENGINE_CTRL_SET_PASSWORD_CALLBACK	2
-/* Flags specific to the nCipher "chil" engine */
-#define ENGINE_CTRL_CHIL_SET_FORKCHECK		100
-	/* Depending on the value of the (long)i argument, this sets or
-	 * unsets the SimpleForkCheck flag in the CHIL API to enable or
-	 * disable checking and workarounds for applications that fork().
-	 */
-#define ENGINE_CTRL_CHIL_NO_LOCKING		101
-	/* This prevents the initialisation function from providing mutex
-	 * callbacks to the nCipher library. */
-
-/* As we're missing a BIGNUM_METHOD, we need a couple of locally
- * defined function types that engines can implement. */
-
-#ifndef HEADER_ENGINE_INT_H
-/* mod_exp operation, calculates; r = a ^ p mod m
- * NB: ctx can be NULL, but if supplied, the implementation may use
- * it if it wishes. */
-typedef int (*BN_MOD_EXP)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-		const BIGNUM *m, BN_CTX *ctx);
-
-/* private key operation for RSA, provided seperately in case other
- * RSA implementations wish to use it. */
-typedef int (*BN_MOD_EXP_CRT)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-		const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
-		const BIGNUM *iqmp, BN_CTX *ctx);
-
-/* Generic function pointer */
-typedef void (*ENGINE_GEN_FUNC_PTR)();
-/* Generic function pointer taking no arguments */
-typedef void (*ENGINE_GEN_INT_FUNC_PTR)(void);
-/* Specific control function pointer */
-typedef int (*ENGINE_CTRL_FUNC_PTR)(int cmd, long i, void *p, void (*f)());
-
-/* The list of "engine" types is a static array of (const ENGINE*)
- * pointers (not dynamic because static is fine for now and we otherwise
- * have to hook an appropriate load/unload function in to initialise and
- * cleanup). */
-typedef struct engine_st ENGINE;
-#endif
-
-/* STRUCTURE functions ... all of these functions deal with pointers to
- * ENGINE structures where the pointers have a "structural reference".
- * This means that their reference is to allow access to the structure
- * but it does not imply that the structure is functional. To simply
- * increment or decrement the structural reference count, use ENGINE_new
- * and ENGINE_free. NB: This is not required when iterating using
- * ENGINE_get_next as it will automatically decrement the structural
- * reference count of the "current" ENGINE and increment the structural
- * reference count of the ENGINE it returns (unless it is NULL). */
-
-/* Get the first/last "ENGINE" type available. */
-ENGINE *ENGINE_get_first(void);
-ENGINE *ENGINE_get_last(void);
-/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
-ENGINE *ENGINE_get_next(ENGINE *e);
-ENGINE *ENGINE_get_prev(ENGINE *e);
-/* Add another "ENGINE" type into the array. */
-int ENGINE_add(ENGINE *e);
-/* Remove an existing "ENGINE" type from the array. */
-int ENGINE_remove(ENGINE *e);
-/* Retrieve an engine from the list by its unique "id" value. */
-ENGINE *ENGINE_by_id(const char *id);
-
-/* These functions are useful for manufacturing new ENGINE
- * structures. They don't address reference counting at all -
- * one uses them to populate an ENGINE structure with personalised
- * implementations of things prior to using it directly or adding
- * it to the builtin ENGINE list in OpenSSL. These are also here
- * so that the ENGINE structure doesn't have to be exposed and
- * break binary compatibility!
- *
- * NB: I'm changing ENGINE_new to force the ENGINE structure to
- * be allocated from within OpenSSL. See the comment for
- * ENGINE_get_struct_size().
- */
-#if 0
-ENGINE *ENGINE_new(ENGINE *e);
-#else
-ENGINE *ENGINE_new(void);
-#endif
-int ENGINE_free(ENGINE *e);
-int ENGINE_set_id(ENGINE *e, const char *id);
-int ENGINE_set_name(ENGINE *e, const char *name);
-int ENGINE_set_RSA(ENGINE *e, RSA_METHOD *rsa_meth);
-int ENGINE_set_DSA(ENGINE *e, DSA_METHOD *dsa_meth);
-int ENGINE_set_DH(ENGINE *e, DH_METHOD *dh_meth);
-int ENGINE_set_RAND(ENGINE *e, RAND_METHOD *rand_meth);
-int ENGINE_set_BN_mod_exp(ENGINE *e, BN_MOD_EXP bn_mod_exp);
-int ENGINE_set_BN_mod_exp_crt(ENGINE *e, BN_MOD_EXP_CRT bn_mod_exp_crt);
-int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
-int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
-int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
-
-/* These return values from within the ENGINE structure. These can
- * be useful with functional references as well as structural
- * references - it depends which you obtained. Using the result
- * for functional purposes if you only obtained a structural
- * reference may be problematic! */
-const char *ENGINE_get_id(ENGINE *e);
-const char *ENGINE_get_name(ENGINE *e);
-RSA_METHOD *ENGINE_get_RSA(ENGINE *e);
-DSA_METHOD *ENGINE_get_DSA(ENGINE *e);
-DH_METHOD *ENGINE_get_DH(ENGINE *e);
-RAND_METHOD *ENGINE_get_RAND(ENGINE *e);
-BN_MOD_EXP ENGINE_get_BN_mod_exp(ENGINE *e);
-BN_MOD_EXP_CRT ENGINE_get_BN_mod_exp_crt(ENGINE *e);
-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(ENGINE *e);
-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(ENGINE *e);
-ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(ENGINE *e);
-
-/* ENGINE_new is normally passed a NULL in the first parameter because
- * the calling code doesn't have access to the definition of the ENGINE
- * structure (for good reason). However, if the caller wishes to use
- * its own memory allocation or use a static array, the following call
- * should be used to check the amount of memory the ENGINE structure
- * will occupy. This will make the code more future-proof.
- *
- * NB: I'm "#if 0"-ing this out because it's better to force the use of
- * internally allocated memory. See similar change in ENGINE_new().
- */
-#if 0
-int ENGINE_get_struct_size(void);
-#endif
-
-/* FUNCTIONAL functions. These functions deal with ENGINE structures
- * that have (or will) be initialised for use. Broadly speaking, the
- * structural functions are useful for iterating the list of available
- * engine types, creating new engine types, and other "list" operations.
- * These functions actually deal with ENGINEs that are to be used. As
- * such these functions can fail (if applicable) when particular
- * engines are unavailable - eg. if a hardware accelerator is not
- * attached or not functioning correctly. Each ENGINE has 2 reference
- * counts; structural and functional. Every time a functional reference
- * is obtained or released, a corresponding structural reference is
- * automatically obtained or released too. */
-
-/* Initialise a engine type for use (or up its reference count if it's
- * already in use). This will fail if the engine is not currently
- * operational and cannot initialise. */
-int ENGINE_init(ENGINE *e);
-/* Free a functional reference to a engine type. This does not require
- * a corresponding call to ENGINE_free as it also releases a structural
- * reference. */
-int ENGINE_finish(ENGINE *e);
-/* Send control parametrised commands to the engine.  The possibilities
- * to send down an integer, a pointer to data or a function pointer are
- * provided.  Any of the parameters may or may not be NULL, depending
- * on the command number */
-/* WARNING: This is currently experimental and may change radically! */
-int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
-
-/* The following functions handle keys that are stored in some secondary
- * location, handled by the engine.  The storage may be on a card or
- * whatever. */
-EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
-	const char *passphrase);
-EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
-	const char *passphrase);
-
-/* This returns a pointer for the current ENGINE structure that
- * is (by default) performing any RSA operations. The value returned
- * is an incremented reference, so it should be free'd (ENGINE_finish)
- * before it is discarded. */
-ENGINE *ENGINE_get_default_RSA(void);
-/* Same for the other "methods" */
-ENGINE *ENGINE_get_default_DSA(void);
-ENGINE *ENGINE_get_default_DH(void);
-ENGINE *ENGINE_get_default_RAND(void);
-ENGINE *ENGINE_get_default_BN_mod_exp(void);
-ENGINE *ENGINE_get_default_BN_mod_exp_crt(void);
-
-/* This sets a new default ENGINE structure for performing RSA
- * operations. If the result is non-zero (success) then the ENGINE
- * structure will have had its reference count up'd so the caller
- * should still free their own reference 'e'. */
-int ENGINE_set_default_RSA(ENGINE *e);
-/* Same for the other "methods" */
-int ENGINE_set_default_DSA(ENGINE *e);
-int ENGINE_set_default_DH(ENGINE *e);
-int ENGINE_set_default_RAND(ENGINE *e);
-int ENGINE_set_default_BN_mod_exp(ENGINE *e);
-int ENGINE_set_default_BN_mod_exp_crt(ENGINE *e);
-
-/* The combination "set" - the flags are bitwise "OR"d from the
- * ENGINE_METHOD_*** defines above. */
-int ENGINE_set_default(ENGINE *e, unsigned int flags);
-
-/* Obligatory error function. */
-void ERR_load_ENGINE_strings(void);
-
-/*
- * Error codes for all engine functions. NB: We use "generic"
- * function names instead of per-implementation ones because this
- * levels the playing field for externally implemented bootstrapped
- * support code. As the filename and line number is included, it's
- * more important to indicate the type of function, so that
- * bootstrapped code (that can't easily add its own errors in) can
- * use the same error codes too.
- */
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-
-/* Error codes for the ENGINE functions. */
-
-/* Function codes. */
-#define ENGINE_F_ATALLA_FINISH				 135
-#define ENGINE_F_ATALLA_INIT				 136
-#define ENGINE_F_ATALLA_MOD_EXP				 137
-#define ENGINE_F_ATALLA_RSA_MOD_EXP			 138
-#define ENGINE_F_CSWIFT_DSA_SIGN			 133
-#define ENGINE_F_CSWIFT_DSA_VERIFY			 134
-#define ENGINE_F_CSWIFT_FINISH				 100
-#define ENGINE_F_CSWIFT_INIT				 101
-#define ENGINE_F_CSWIFT_MOD_EXP				 102
-#define ENGINE_F_CSWIFT_MOD_EXP_CRT			 103
-#define ENGINE_F_CSWIFT_RSA_MOD_EXP			 104
-#define ENGINE_F_ENGINE_ADD				 105
-#define ENGINE_F_ENGINE_BY_ID				 106
-#define ENGINE_F_ENGINE_CTRL				 142
-#define ENGINE_F_ENGINE_FINISH				 107
-#define ENGINE_F_ENGINE_FREE				 108
-#define ENGINE_F_ENGINE_GET_BN_MOD_EXP			 109
-#define ENGINE_F_ENGINE_GET_BN_MOD_EXP_CRT		 110
-#define ENGINE_F_ENGINE_GET_CTRL_FUNCTION		 144
-#define ENGINE_F_ENGINE_GET_DH				 111
-#define ENGINE_F_ENGINE_GET_DSA				 112
-#define ENGINE_F_ENGINE_GET_FINISH_FUNCTION		 145
-#define ENGINE_F_ENGINE_GET_ID				 113
-#define ENGINE_F_ENGINE_GET_INIT_FUNCTION		 146
-#define ENGINE_F_ENGINE_GET_NAME			 114
-#define ENGINE_F_ENGINE_GET_NEXT			 115
-#define ENGINE_F_ENGINE_GET_PREV			 116
-#define ENGINE_F_ENGINE_GET_RAND			 117
-#define ENGINE_F_ENGINE_GET_RSA				 118
-#define ENGINE_F_ENGINE_INIT				 119
-#define ENGINE_F_ENGINE_LIST_ADD			 120
-#define ENGINE_F_ENGINE_LIST_REMOVE			 121
-#define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY		 150
-#define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY			 151
-#define ENGINE_F_ENGINE_NEW				 122
-#define ENGINE_F_ENGINE_REMOVE				 123
-#define ENGINE_F_ENGINE_SET_BN_MOD_EXP			 124
-#define ENGINE_F_ENGINE_SET_BN_MOD_EXP_CRT		 125
-#define ENGINE_F_ENGINE_SET_CTRL_FUNCTION		 147
-#define ENGINE_F_ENGINE_SET_DEFAULT_TYPE		 126
-#define ENGINE_F_ENGINE_SET_DH				 127
-#define ENGINE_F_ENGINE_SET_DSA				 128
-#define ENGINE_F_ENGINE_SET_FINISH_FUNCTION		 148
-#define ENGINE_F_ENGINE_SET_ID				 129
-#define ENGINE_F_ENGINE_SET_INIT_FUNCTION		 149
-#define ENGINE_F_ENGINE_SET_NAME			 130
-#define ENGINE_F_ENGINE_SET_RAND			 131
-#define ENGINE_F_ENGINE_SET_RSA				 132
-#define ENGINE_F_ENGINE_UNLOAD_KEY			 152
-#define ENGINE_F_HWCRHK_CTRL				 143
-#define ENGINE_F_HWCRHK_FINISH				 135
-#define ENGINE_F_HWCRHK_GET_PASS			 155
-#define ENGINE_F_HWCRHK_INIT				 136
-#define ENGINE_F_HWCRHK_LOAD_PRIVKEY			 153
-#define ENGINE_F_HWCRHK_LOAD_PUBKEY			 154
-#define ENGINE_F_HWCRHK_MOD_EXP				 137
-#define ENGINE_F_HWCRHK_MOD_EXP_CRT			 138
-#define ENGINE_F_HWCRHK_RAND_BYTES			 139
-#define ENGINE_F_HWCRHK_RSA_MOD_EXP			 140
-#define ENGINE_F_LOG_MESSAGE				 141
-
-/* Reason codes. */
-#define ENGINE_R_ALREADY_LOADED				 100
-#define ENGINE_R_BIO_WAS_FREED				 121
-#define ENGINE_R_BN_CTX_FULL				 101
-#define ENGINE_R_BN_EXPAND_FAIL				 102
-#define ENGINE_R_CHIL_ERROR				 123
-#define ENGINE_R_CONFLICTING_ENGINE_ID			 103
-#define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED		 119
-#define ENGINE_R_DSO_FAILURE				 104
-#define ENGINE_R_ENGINE_IS_NOT_IN_LIST			 105
-#define ENGINE_R_FAILED_LOADING_PRIVATE_KEY		 128
-#define ENGINE_R_FAILED_LOADING_PUBLIC_KEY		 129
-#define ENGINE_R_FINISH_FAILED				 106
-#define ENGINE_R_GET_HANDLE_FAILED			 107
-#define ENGINE_R_ID_OR_NAME_MISSING			 108
-#define ENGINE_R_INIT_FAILED				 109
-#define ENGINE_R_INTERNAL_LIST_ERROR			 110
-#define ENGINE_R_MISSING_KEY_COMPONENTS			 111
-#define ENGINE_R_NOT_INITIALISED			 117
-#define ENGINE_R_NOT_LOADED				 112
-#define ENGINE_R_NO_CALLBACK				 127
-#define ENGINE_R_NO_CONTROL_FUNCTION			 120
-#define ENGINE_R_NO_KEY					 124
-#define ENGINE_R_NO_LOAD_FUNCTION			 125
-#define ENGINE_R_NO_REFERENCE				 130
-#define ENGINE_R_NO_SUCH_ENGINE				 116
-#define ENGINE_R_NO_UNLOAD_FUNCTION			 126
-#define ENGINE_R_PROVIDE_PARAMETERS			 113
-#define ENGINE_R_REQUEST_FAILED				 114
-#define ENGINE_R_REQUEST_FALLBACK			 118
-#define ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL		 122
-#define ENGINE_R_UNIT_FAILURE				 115
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
-

crypto/engine/engine_err.c

@@ -1,183 +0,0 @@
-/* crypto/engine/engine_err.c */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/engine.h>
-
-/* BEGIN ERROR CODES */
-#ifndef NO_ERR
-static ERR_STRING_DATA ENGINE_str_functs[]=
-	{
-{ERR_PACK(0,ENGINE_F_ATALLA_FINISH,0),	"ATALLA_FINISH"},
-{ERR_PACK(0,ENGINE_F_ATALLA_INIT,0),	"ATALLA_INIT"},
-{ERR_PACK(0,ENGINE_F_ATALLA_MOD_EXP,0),	"ATALLA_MOD_EXP"},
-{ERR_PACK(0,ENGINE_F_ATALLA_RSA_MOD_EXP,0),	"ATALLA_RSA_MOD_EXP"},
-{ERR_PACK(0,ENGINE_F_CSWIFT_DSA_SIGN,0),	"CSWIFT_DSA_SIGN"},
-{ERR_PACK(0,ENGINE_F_CSWIFT_DSA_VERIFY,0),	"CSWIFT_DSA_VERIFY"},
-{ERR_PACK(0,ENGINE_F_CSWIFT_FINISH,0),	"CSWIFT_FINISH"},
-{ERR_PACK(0,ENGINE_F_CSWIFT_INIT,0),	"CSWIFT_INIT"},
-{ERR_PACK(0,ENGINE_F_CSWIFT_MOD_EXP,0),	"CSWIFT_MOD_EXP"},
-{ERR_PACK(0,ENGINE_F_CSWIFT_MOD_EXP_CRT,0),	"CSWIFT_MOD_EXP_CRT"},
-{ERR_PACK(0,ENGINE_F_CSWIFT_RSA_MOD_EXP,0),	"CSWIFT_RSA_MOD_EXP"},
-{ERR_PACK(0,ENGINE_F_ENGINE_ADD,0),	"ENGINE_add"},
-{ERR_PACK(0,ENGINE_F_ENGINE_BY_ID,0),	"ENGINE_by_id"},
-{ERR_PACK(0,ENGINE_F_ENGINE_CTRL,0),	"ENGINE_ctrl"},
-{ERR_PACK(0,ENGINE_F_ENGINE_FINISH,0),	"ENGINE_finish"},
-{ERR_PACK(0,ENGINE_F_ENGINE_FREE,0),	"ENGINE_free"},
-{ERR_PACK(0,ENGINE_F_ENGINE_GET_BN_MOD_EXP,0),	"ENGINE_get_BN_mod_exp"},
-{ERR_PACK(0,ENGINE_F_ENGINE_GET_BN_MOD_EXP_CRT,0),	"ENGINE_get_BN_mod_exp_crt"},
-{ERR_PACK(0,ENGINE_F_ENGINE_GET_CTRL_FUNCTION,0),	"ENGINE_get_ctrl_function"},
-{ERR_PACK(0,ENGINE_F_ENGINE_GET_DH,0),	"ENGINE_get_DH"},
-{ERR_PACK(0,ENGINE_F_ENGINE_GET_DSA,0),	"ENGINE_get_DSA"},
-{ERR_PACK(0,ENGINE_F_ENGINE_GET_FINISH_FUNCTION,0),	"ENGINE_get_finish_function"},
-{ERR_PACK(0,ENGINE_F_ENGINE_GET_ID,0),	"ENGINE_get_id"},
-{ERR_PACK(0,ENGINE_F_ENGINE_GET_INIT_FUNCTION,0),	"ENGINE_get_init_function"},
-{ERR_PACK(0,ENGINE_F_ENGINE_GET_NAME,0),	"ENGINE_get_name"},
-{ERR_PACK(0,ENGINE_F_ENGINE_GET_NEXT,0),	"ENGINE_get_next"},
-{ERR_PACK(0,ENGINE_F_ENGINE_GET_PREV,0),	"ENGINE_get_prev"},
-{ERR_PACK(0,ENGINE_F_ENGINE_GET_RAND,0),	"ENGINE_get_RAND"},
-{ERR_PACK(0,ENGINE_F_ENGINE_GET_RSA,0),	"ENGINE_get_RSA"},
-{ERR_PACK(0,ENGINE_F_ENGINE_INIT,0),	"ENGINE_init"},
-{ERR_PACK(0,ENGINE_F_ENGINE_LIST_ADD,0),	"ENGINE_LIST_ADD"},
-{ERR_PACK(0,ENGINE_F_ENGINE_LIST_REMOVE,0),	"ENGINE_LIST_REMOVE"},
-{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,0),	"ENGINE_load_private_key"},
-{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,0),	"ENGINE_load_public_key"},
-{ERR_PACK(0,ENGINE_F_ENGINE_NEW,0),	"ENGINE_new"},
-{ERR_PACK(0,ENGINE_F_ENGINE_REMOVE,0),	"ENGINE_remove"},
-{ERR_PACK(0,ENGINE_F_ENGINE_SET_BN_MOD_EXP,0),	"ENGINE_set_BN_mod_exp"},
-{ERR_PACK(0,ENGINE_F_ENGINE_SET_BN_MOD_EXP_CRT,0),	"ENGINE_set_BN_mod_exp_crt"},
-{ERR_PACK(0,ENGINE_F_ENGINE_SET_CTRL_FUNCTION,0),	"ENGINE_set_ctrl_function"},
-{ERR_PACK(0,ENGINE_F_ENGINE_SET_DEFAULT_TYPE,0),	"ENGINE_SET_DEFAULT_TYPE"},
-{ERR_PACK(0,ENGINE_F_ENGINE_SET_DH,0),	"ENGINE_set_DH"},
-{ERR_PACK(0,ENGINE_F_ENGINE_SET_DSA,0),	"ENGINE_set_DSA"},
-{ERR_PACK(0,ENGINE_F_ENGINE_SET_FINISH_FUNCTION,0),	"ENGINE_set_finish_function"},
-{ERR_PACK(0,ENGINE_F_ENGINE_SET_ID,0),	"ENGINE_set_id"},
-{ERR_PACK(0,ENGINE_F_ENGINE_SET_INIT_FUNCTION,0),	"ENGINE_set_init_function"},
-{ERR_PACK(0,ENGINE_F_ENGINE_SET_NAME,0),	"ENGINE_set_name"},
-{ERR_PACK(0,ENGINE_F_ENGINE_SET_RAND,0),	"ENGINE_set_RAND"},
-{ERR_PACK(0,ENGINE_F_ENGINE_SET_RSA,0),	"ENGINE_set_RSA"},
-{ERR_PACK(0,ENGINE_F_ENGINE_UNLOAD_KEY,0),	"ENGINE_UNLOAD_KEY"},
-{ERR_PACK(0,ENGINE_F_HWCRHK_CTRL,0),	"HWCRHK_CTRL"},
-{ERR_PACK(0,ENGINE_F_HWCRHK_FINISH,0),	"HWCRHK_FINISH"},
-{ERR_PACK(0,ENGINE_F_HWCRHK_GET_PASS,0),	"HWCRHK_GET_PASS"},
-{ERR_PACK(0,ENGINE_F_HWCRHK_INIT,0),	"HWCRHK_INIT"},
-{ERR_PACK(0,ENGINE_F_HWCRHK_LOAD_PRIVKEY,0),	"HWCRHK_LOAD_PRIVKEY"},
-{ERR_PACK(0,ENGINE_F_HWCRHK_LOAD_PUBKEY,0),	"HWCRHK_LOAD_PUBKEY"},
-{ERR_PACK(0,ENGINE_F_HWCRHK_MOD_EXP,0),	"HWCRHK_MOD_EXP"},
-{ERR_PACK(0,ENGINE_F_HWCRHK_MOD_EXP_CRT,0),	"HWCRHK_MOD_EXP_CRT"},
-{ERR_PACK(0,ENGINE_F_HWCRHK_RAND_BYTES,0),	"HWCRHK_RAND_BYTES"},
-{ERR_PACK(0,ENGINE_F_HWCRHK_RSA_MOD_EXP,0),	"HWCRHK_RSA_MOD_EXP"},
-{ERR_PACK(0,ENGINE_F_LOG_MESSAGE,0),	"LOG_MESSAGE"},
-{0,NULL}
-	};
-
-static ERR_STRING_DATA ENGINE_str_reasons[]=
-	{
-{ENGINE_R_ALREADY_LOADED                 ,"already loaded"},
-{ENGINE_R_BIO_WAS_FREED                  ,"bio was freed"},
-{ENGINE_R_BN_CTX_FULL                    ,"BN_CTX full"},
-{ENGINE_R_BN_EXPAND_FAIL                 ,"bn_expand fail"},
-{ENGINE_R_CHIL_ERROR                     ,"chil error"},
-{ENGINE_R_CONFLICTING_ENGINE_ID          ,"conflicting engine id"},
-{ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED   ,"ctrl command not implemented"},
-{ENGINE_R_DSO_FAILURE                    ,"DSO failure"},
-{ENGINE_R_ENGINE_IS_NOT_IN_LIST          ,"engine is not in the list"},
-{ENGINE_R_FAILED_LOADING_PRIVATE_KEY     ,"failed loading private key"},
-{ENGINE_R_FAILED_LOADING_PUBLIC_KEY      ,"failed loading public key"},
-{ENGINE_R_FINISH_FAILED                  ,"finish failed"},
-{ENGINE_R_GET_HANDLE_FAILED              ,"could not obtain hardware handle"},
-{ENGINE_R_ID_OR_NAME_MISSING             ,"'id' or 'name' missing"},
-{ENGINE_R_INIT_FAILED                    ,"init failed"},
-{ENGINE_R_INTERNAL_LIST_ERROR            ,"internal list error"},
-{ENGINE_R_MISSING_KEY_COMPONENTS         ,"missing key components"},
-{ENGINE_R_NOT_INITIALISED                ,"not initialised"},
-{ENGINE_R_NOT_LOADED                     ,"not loaded"},
-{ENGINE_R_NO_CALLBACK                    ,"no callback"},
-{ENGINE_R_NO_CONTROL_FUNCTION            ,"no control function"},
-{ENGINE_R_NO_KEY                         ,"no key"},
-{ENGINE_R_NO_LOAD_FUNCTION               ,"no load function"},
-{ENGINE_R_NO_REFERENCE			 ,"no reference"},
-{ENGINE_R_NO_SUCH_ENGINE                 ,"no such engine"},
-{ENGINE_R_NO_UNLOAD_FUNCTION             ,"no unload function"},
-{ENGINE_R_PROVIDE_PARAMETERS             ,"provide parameters"},
-{ENGINE_R_REQUEST_FAILED                 ,"request failed"},
-{ENGINE_R_REQUEST_FALLBACK               ,"request fallback"},
-{ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL    ,"size too large or too small"},
-{ENGINE_R_UNIT_FAILURE                   ,"unit failure"},
-{0,NULL}
-	};
-
-#endif
-
-void ERR_load_ENGINE_strings(void)
-	{
-	static int init=1;
-
-	if (init)
-		{
-		init=0;
-#ifndef NO_ERR
-		ERR_load_strings(ERR_LIB_ENGINE,ENGINE_str_functs);
-		ERR_load_strings(ERR_LIB_ENGINE,ENGINE_str_reasons);
-#endif
-
-		}
-	}

crypto/engine/engine_int.h

@@ -1,160 +0,0 @@
-/* crypto/engine/engine_int.h */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_ENGINE_INT_H
-#define HEADER_ENGINE_INT_H
-
-#include <openssl/rsa.h>
-#include <openssl/dsa.h>
-#include <openssl/dh.h>
-#include <openssl/rand.h>
-#include <openssl/bn.h>
-#include <openssl/evp.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Bitwise OR-able values for the "flags" variable in ENGINE. */
-#define ENGINE_FLAGS_MALLOCED	0x0001
-
-#ifndef HEADER_ENGINE_H
-/* Regrettably, we need to reproduce the "BN" function types here
- * because there is no such "BIGNUM_METHOD" as there is with RSA,
- * DSA, etc. We do this so that we don't have a case where engine.h
- * and engine_int.h conflict with each other. */
-typedef int (*BN_MOD_EXP)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-		const BIGNUM *m, BN_CTX *ctx);
- 
-/* private key operation for RSA, provided seperately in case other
- * RSA implementations wish to use it. */
-typedef int (*BN_MOD_EXP_CRT)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-		const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
-		const BIGNUM *iqmp, BN_CTX *ctx);
-
-/* Generic function pointer */
-typedef int (*ENGINE_GEN_FUNC_PTR)();
-/* Generic function pointer taking no arguments */
-typedef int (*ENGINE_GEN_INT_FUNC_PTR)(void);
-/* Specific control function pointer */
-typedef int (*ENGINE_CTRL_FUNC_PTR)(int cmd, long i, void *p, void (*f)());
-
-#endif
-
-/* This is a structure for storing implementations of various crypto
- * algorithms and functions. */
-typedef struct engine_st
-	{
-	const char *id;
-	const char *name;
-	RSA_METHOD *rsa_meth;
-	DSA_METHOD *dsa_meth;
-	DH_METHOD *dh_meth;
-	RAND_METHOD *rand_meth;
-	BN_MOD_EXP bn_mod_exp;
-	BN_MOD_EXP_CRT bn_mod_exp_crt;
-	int (*init)(void);
-	int (*finish)(void);
-	int (*ctrl)(int cmd, long i, void *p, void (*f)());
-	EVP_PKEY *(*load_privkey)(const char *key_id, const char *passphrase);
-	EVP_PKEY *(*load_pubkey)(const char *key_id, const char *passphrase);
-	int flags;
-	/* reference count on the structure itself */
-	int struct_ref;
-	/* reference count on usability of the engine type. NB: This
-	 * controls the loading and initialisation of any functionlity
-	 * required by this engine, whereas the previous count is
-	 * simply to cope with (de)allocation of this structure. Hence,
-	 * running_ref <= struct_ref at all times. */
-	int funct_ref;
-	/* Used to maintain the linked-list of engines. */
-	struct engine_st *prev;
-	struct engine_st *next;
-	} ENGINE;
-
-/* BUILT-IN ENGINES. (these functions are only ever called once and
- * do not return references - they are purely for bootstrapping). */
-
-/* Returns a structure of software only methods (the default). */
-ENGINE *ENGINE_openssl();
-
-#ifndef NO_HW
-
-#ifndef NO_HW_CSWIFT
-/* Returns a structure of cswift methods ... NB: This can exist and be
- * "used" even on non-cswift systems because the "init" will fail if the
- * card/library are not found. */
-ENGINE *ENGINE_cswift();
-#endif /* !NO_HW_CSWIFT */
-
-#ifndef NO_HW_NCIPHER
-ENGINE *ENGINE_ncipher();
-#endif /* !NO_HW_NCIPHER */
-
-#ifndef NO_HW_ATALLA
-/* Returns a structure of atalla methods. */
-ENGINE *ENGINE_atalla();
-#endif /* !NO_HW_ATALLA */
-
-#endif /* !NO_HW */
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif /* HEADER_ENGINE_INT_H */

crypto/engine/engine_lib.c

@@ -1,488 +0,0 @@
-/* crypto/engine/engine_lib.c */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include "engine_int.h"
-#include <openssl/engine.h>
-
-/* These pointers each have their own "functional reference" when they
- * are non-NULL. Similarly, when they are retrieved by a call to
- * ENGINE_get_default_[RSA|DSA|...] the returned pointer is also a
- * reference and the caller is responsible for freeing that when they
- * are finished with it (with a call to ENGINE_finish() *NOT* just
- * ENGINE_free()!!!!!!). */
-static ENGINE *engine_def_rsa = NULL;
-static ENGINE *engine_def_dsa = NULL;
-static ENGINE *engine_def_dh = NULL;
-static ENGINE *engine_def_rand = NULL;
-static ENGINE *engine_def_bn_mod_exp = NULL;
-static ENGINE *engine_def_bn_mod_exp_crt = NULL;
-/* A static "once-only" flag used to control if/when the above were
- * initialised to suitable start-up defaults. */
-static int engine_def_flag = 0;
-
-/* This is used in certain static utility functions to save code
- * repetition for per-algorithm functions. */
-typedef enum {
-	ENGINE_TYPE_RSA,
-	ENGINE_TYPE_DSA,
-	ENGINE_TYPE_DH,
-	ENGINE_TYPE_RAND,
-	ENGINE_TYPE_BN_MOD_EXP,
-	ENGINE_TYPE_BN_MOD_EXP_CRT
-	} ENGINE_TYPE;
-
-static void engine_def_check_util(ENGINE **def, ENGINE *val)
-	{
-	*def = val;
-	val->struct_ref++;
-	val->funct_ref++;
-	}
-
-/* In a slight break with convention - this static function must be
- * called *outside* any locking of CRYPTO_LOCK_ENGINE. */
-static void engine_def_check(void)
-	{
-	ENGINE *e;
-	if(engine_def_flag)
-		return;
-	e = ENGINE_get_first();
-	if(e == NULL)
-		/* The list is empty ... not much we can do! */
-		return;
-	/* We have a structural reference, see if getting a functional
-	 * reference is possible. This is done to cope with init errors
-	 * in the engine - the following locked code does a bunch of
-	 * manual "ENGINE_init"s which do *not* allow such an init
-	 * error so this is worth doing. */
-	if(ENGINE_init(e))
-		{
-		CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-		/* Doing another check here prevents an obvious race
-		 * condition because the whole function itself cannot
-		 * be locked. */
-		if(engine_def_flag)
-			goto skip_set_defaults;
-		/* OK, we got a functional reference, so we get one each
-		 * for the defaults too. */
-		engine_def_check_util(&engine_def_rsa, e);
-		engine_def_check_util(&engine_def_dsa, e);
-		engine_def_check_util(&engine_def_dh, e);
-		engine_def_check_util(&engine_def_rand, e);
-		engine_def_check_util(&engine_def_bn_mod_exp, e);
-		engine_def_check_util(&engine_def_bn_mod_exp_crt, e);
-		engine_def_flag = 1;
-skip_set_defaults:
-		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-		/* The "if" needs to be balanced out. */
-		ENGINE_finish(e);
-		}
-	/* We need to balance out the fact we obtained a structural
-	 * reference to begin with from ENGINE_get_first(). */
-	ENGINE_free(e);
-	}
-
-/* Initialise a engine type for use (or up its functional reference count
- * if it's already in use). */
-int ENGINE_init(ENGINE *e)
-	{
-	int to_return = 1;
-
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_INIT,ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	if((e->funct_ref == 0) && e->init)
-		/* This is the first functional reference and the engine
-		 * requires initialisation so we do it now. */
-		to_return = e->init();
-	if(to_return)
-		{
-		/* OK, we return a functional reference which is also a
-		 * structural reference. */
-		e->struct_ref++;
-		e->funct_ref++;
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	return to_return;
-	}
-
-/* Free a functional reference to a engine type */
-int ENGINE_finish(ENGINE *e)
-	{
-	int to_return = 1;
-
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_FINISH,ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	if((e->funct_ref == 1) && e->finish)
-#if 0
-		/* This is the last functional reference and the engine
-		 * requires cleanup so we do it now. */
-		to_return = e->finish();
-	if(to_return)
-		{
-		/* Cleanup the functional reference which is also a
-		 * structural reference. */
-		e->struct_ref--;
-		e->funct_ref--;
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-#else
-		/* I'm going to deliberately do a convoluted version of this
-		 * piece of code because we don't want "finish" functions
-		 * being called inside a locked block of code, if at all
-		 * possible. I'd rather have this call take an extra couple
-		 * of ticks than have throughput serialised on a externally-
-		 * provided callback function that may conceivably never come
-		 * back. :-( */
-		{
-		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-		/* CODE ALERT: This *IS* supposed to be "=" and NOT "==" :-) */
-		if((to_return = e->finish()))
-			{
-			CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-			/* Cleanup the functional reference which is also a
-			 * structural reference. */
-			e->struct_ref--;
-			e->funct_ref--;
-			CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-			}
-		}
-	else
-		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-#endif
-	return to_return;
-	}
-
-EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
-	const char *passphrase)
-	{
-	EVP_PKEY *pkey;
-
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	if(e->funct_ref == 0)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
-			ENGINE_R_NOT_INITIALISED);
-		return 0;
-		}
-	if (!e->load_privkey)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
-			ENGINE_R_NO_LOAD_FUNCTION);
-		return 0;
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	pkey = e->load_privkey(key_id, passphrase);
-	if (!pkey)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
-			ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
-		return 0;
-		}
-	return pkey;
-	}
-
-EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
-	const char *passphrase)
-	{
-	EVP_PKEY *pkey;
-
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	if(e->funct_ref == 0)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
-			ENGINE_R_NOT_INITIALISED);
-		return 0;
-		}
-	if (!e->load_pubkey)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
-			ENGINE_R_NO_LOAD_FUNCTION);
-		return 0;
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	pkey = e->load_pubkey(key_id, passphrase);
-	if (!pkey)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
-			ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
-		return 0;
-		}
-	return pkey;
-	}
-
-/* Initialise a engine type for use (or up its functional reference count
- * if it's already in use). */
-int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
-	{
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_CTRL,ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	if(e->struct_ref == 0)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_REFERENCE);
-		return 0;
-		}
-	if (!e->ctrl)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION);
-		return 0;
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	return e->ctrl(cmd, i, p, f);
-	}
-
-static ENGINE *engine_get_default_type(ENGINE_TYPE t)
-	{
-	ENGINE *ret = NULL;
-
-	/* engine_def_check is lean and mean and won't replace any
-	 * prior default engines ... so we must ensure that it is always
-	 * the first function to get to touch the default values. */
-	engine_def_check();
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	switch(t)
-		{
-	case ENGINE_TYPE_RSA:
-		ret = engine_def_rsa; break;
-	case ENGINE_TYPE_DSA:
-		ret = engine_def_dsa; break;
-	case ENGINE_TYPE_DH:
-		ret = engine_def_dh; break;
-	case ENGINE_TYPE_RAND:
-		ret = engine_def_rand; break;
-	case ENGINE_TYPE_BN_MOD_EXP:
-		ret = engine_def_bn_mod_exp; break;
-	case ENGINE_TYPE_BN_MOD_EXP_CRT:
-		ret = engine_def_bn_mod_exp_crt; break;
-		}
-	/* Unforunately we can't do this work outside the lock with a
-	 * call to ENGINE_init() because that would leave a race
-	 * condition open. */
-	if(ret)
-		{
-		ret->struct_ref++;
-		ret->funct_ref++;
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	return ret;
-	}
-
-ENGINE *ENGINE_get_default_RSA(void)
-	{
-	return engine_get_default_type(ENGINE_TYPE_RSA);
-	}
-
-ENGINE *ENGINE_get_default_DSA(void)
-	{
-	return engine_get_default_type(ENGINE_TYPE_DSA);
-	}
-
-ENGINE *ENGINE_get_default_DH(void)
-	{
-	return engine_get_default_type(ENGINE_TYPE_DH);
-	}
-
-ENGINE *ENGINE_get_default_RAND(void)
-	{
-	return engine_get_default_type(ENGINE_TYPE_RAND);
-	}
-
-ENGINE *ENGINE_get_default_BN_mod_exp(void)
-	{
-	return engine_get_default_type(ENGINE_TYPE_BN_MOD_EXP);
-	}
-
-ENGINE *ENGINE_get_default_BN_mod_exp_crt(void)
-	{
-	return engine_get_default_type(ENGINE_TYPE_BN_MOD_EXP_CRT);
-	}
-
-static int engine_set_default_type(ENGINE_TYPE t, ENGINE *e)
-	{
-	ENGINE *old = NULL;
-
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_TYPE,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	/* engine_def_check is lean and mean and won't replace any
-	 * prior default engines ... so we must ensure that it is always
-	 * the first function to get to touch the default values. */
-	engine_def_check();
-	/* Attempt to get a functional reference (we need one anyway, but
-	 * also, 'e' may be just a structural reference being passed in so
-	 * this call may actually be the first). */
-	if(!ENGINE_init(e))
-		{
-		ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_TYPE,
-			ENGINE_R_INIT_FAILED);
-		return 0;
-		}
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	switch(t)
-		{
-	case ENGINE_TYPE_RSA:
-		old = engine_def_rsa;
-		engine_def_rsa = e; break;
-	case ENGINE_TYPE_DSA:
-		old = engine_def_dsa;
-		engine_def_dsa = e; break;
-	case ENGINE_TYPE_DH:
-		old = engine_def_dh;
-		engine_def_dh = e; break;
-	case ENGINE_TYPE_RAND:
-		old = engine_def_rand;
-		engine_def_rand = e; break;
-	case ENGINE_TYPE_BN_MOD_EXP:
-		old = engine_def_bn_mod_exp;
-		engine_def_bn_mod_exp = e; break;
-	case ENGINE_TYPE_BN_MOD_EXP_CRT:
-		old = engine_def_bn_mod_exp_crt;
-		engine_def_bn_mod_exp_crt = e; break;
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	/* If we've replaced a previous value, then we need to remove the
-	 * functional reference we had. */
-	if(old && !ENGINE_finish(old))
-		{
-		ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_TYPE,
-			ENGINE_R_FINISH_FAILED);
-		return 0;
-		}
-	return 1;
-	}
-
-int ENGINE_set_default_RSA(ENGINE *e)
-	{
-	return engine_set_default_type(ENGINE_TYPE_RSA, e);
-	}
-
-int ENGINE_set_default_DSA(ENGINE *e)
-	{
-	return engine_set_default_type(ENGINE_TYPE_DSA, e);
-	}
-
-int ENGINE_set_default_DH(ENGINE *e)
-	{
-	return engine_set_default_type(ENGINE_TYPE_DH, e);
-	}
-
-int ENGINE_set_default_RAND(ENGINE *e)
-	{
-	return engine_set_default_type(ENGINE_TYPE_RAND, e);
-	}
-
-int ENGINE_set_default_BN_mod_exp(ENGINE *e)
-	{
-	return engine_set_default_type(ENGINE_TYPE_BN_MOD_EXP, e);
-	}
-
-int ENGINE_set_default_BN_mod_exp_crt(ENGINE *e)
-	{
-	return engine_set_default_type(ENGINE_TYPE_BN_MOD_EXP_CRT, e);
-	}
-
-int ENGINE_set_default(ENGINE *e, unsigned int flags)
-	{
-	if((flags & ENGINE_METHOD_RSA) && e->rsa_meth &&
-			!ENGINE_set_default_RSA(e))
-		return 0;
-	if((flags & ENGINE_METHOD_DSA) && e->dsa_meth &&
-			!ENGINE_set_default_DSA(e))
-		return 0;
-	if((flags & ENGINE_METHOD_DH) && e->dh_meth &&
-			!ENGINE_set_default_DH(e))
-		return 0;
-	if((flags & ENGINE_METHOD_RAND) && e->rand_meth &&
-			!ENGINE_set_default_RAND(e))
-		return 0;
-	if((flags & ENGINE_METHOD_BN_MOD_EXP) && e->bn_mod_exp &&
-			!ENGINE_set_default_BN_mod_exp(e))
-		return 0;
-	if((flags & ENGINE_METHOD_BN_MOD_EXP_CRT) && e->bn_mod_exp_crt &&
-			!ENGINE_set_default_BN_mod_exp_crt(e))
-		return 0;
-	return 1;
-	}
-

crypto/engine/engine_list.c

@@ -1,675 +0,0 @@
-/* crypto/engine/engine_list.c */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include "engine_int.h"
-#include <openssl/engine.h>
-
-/* The linked-list of pointers to engine types. engine_list_head
- * incorporates an implicit structural reference but engine_list_tail
- * does not - the latter is a computational niceity and only points
- * to something that is already pointed to by its predecessor in the
- * list (or engine_list_head itself). In the same way, the use of the
- * "prev" pointer in each ENGINE is to save excessive list iteration,
- * it doesn't correspond to an extra structural reference. Hence,
- * engine_list_head, and each non-null "next" pointer account for
- * the list itself assuming exactly 1 structural reference on each
- * list member. */
-static ENGINE *engine_list_head = NULL;
-static ENGINE *engine_list_tail = NULL;
-/* A boolean switch, used to ensure we only initialise once. This
- * is needed because the engine list may genuinely become empty during
- * use (so we can't use engine_list_head as an indicator for example. */
-static int engine_list_flag = 0;
-
-/* These static functions starting with a lower case "engine_" always
- * take place when CRYPTO_LOCK_ENGINE has been locked up. */
-static int engine_list_add(ENGINE *e)
-	{
-	int conflict = 0;
-	ENGINE *iterator = NULL;
-
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	iterator = engine_list_head;
-	while(iterator && !conflict)
-		{
-		conflict = (strcmp(iterator->id, e->id) == 0);
-		iterator = iterator->next;
-		}
-	if(conflict)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
-			ENGINE_R_CONFLICTING_ENGINE_ID);
-		return 0;
-		}
-	if(engine_list_head == NULL)
-		{
-		/* We are adding to an empty list. */
-		if(engine_list_tail)
-			{
-			ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
-				ENGINE_R_INTERNAL_LIST_ERROR);
-			return 0;
-			}
-		engine_list_head = e;
-		e->prev = NULL;
-		}
-	else
-		{
-		/* We are adding to the tail of an existing list. */
-		if((engine_list_tail == NULL) ||
-				(engine_list_tail->next != NULL))
-			{
-			ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
-				ENGINE_R_INTERNAL_LIST_ERROR);
-			return 0;
-			}
-		engine_list_tail->next = e;
-		e->prev = engine_list_tail;
-		}
-	/* Having the engine in the list assumes a structural
-	 * reference. */
-	e->struct_ref++;
-	/* However it came to be, e is the last item in the list. */
-	engine_list_tail = e;
-	e->next = NULL;
-	return 1;
-	}
-
-static int engine_list_remove(ENGINE *e)
-	{
-	ENGINE *iterator;
-
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	/* We need to check that e is in our linked list! */
-	iterator = engine_list_head;
-	while(iterator && (iterator != e))
-		iterator = iterator->next;
-	if(iterator == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
-			ENGINE_R_ENGINE_IS_NOT_IN_LIST);
-		return 0;
-		}
-	/* un-link e from the chain. */
-	if(e->next)
-		e->next->prev = e->prev;
-	if(e->prev)
-		e->prev->next = e->next;
-	/* Correct our head/tail if necessary. */
-	if(engine_list_head == e)
-		engine_list_head = e->next;
-	if(engine_list_tail == e)
-		engine_list_tail = e->prev;
-	/* remove our structural reference. */
-	e->struct_ref--;
-	return 1;
-	}
-
-/* This check always takes place with CRYPTO_LOCK_ENGINE locked up
- * so we're synchronised, but we can't call anything that tries to
- * lock it again! :-) NB: For convenience (and code-clarity) we
- * don't output errors for failures of the engine_list_add function
- * as it will generate errors itself. */
-static int engine_internal_check(void)
-	{
-	if(engine_list_flag)
-		return 1;
-	/* This is our first time up, we need to populate the list
-	 * with our statically compiled-in engines. */
-	if(!engine_list_add(ENGINE_openssl()))
-		return 0;
-#ifndef NO_HW
-#ifndef NO_HW_CSWIFT
-	if(!engine_list_add(ENGINE_cswift()))
-		return 0;
-#endif /* !NO_HW_CSWIFT */
-#ifndef NO_HW_NCIPHER
-	if(!engine_list_add(ENGINE_ncipher()))
-		return 0;
-#endif /* !NO_HW_NCIPHER */
-#ifndef NO_HW_ATALLA
-	if(!engine_list_add(ENGINE_atalla()))
-		return 0;
-#endif /* !NO_HW_ATALLA */
-#endif /* !NO_HW */
-	engine_list_flag = 1;
-	return 1;
-	}
-
-/* Get the first/last "ENGINE" type available. */
-ENGINE *ENGINE_get_first(void)
-	{
-	ENGINE *ret = NULL;
-
-	CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
-	if(engine_internal_check())
-		{
-		ret = engine_list_head;
-		if(ret)
-			ret->struct_ref++;
-		}
-	CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
-	return ret;
-	}
-ENGINE *ENGINE_get_last(void)
-	{
-	ENGINE *ret = NULL;
-
-	CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
-	if(engine_internal_check())
-		{
-		ret = engine_list_tail;
-		if(ret)
-			ret->struct_ref++;
-		}
-	CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
-	return ret;
-	}
-
-/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
-ENGINE *ENGINE_get_next(ENGINE *e)
-	{
-	ENGINE *ret = NULL;
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_GET_NEXT,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
-	ret = e->next;
-	e->struct_ref--;
-	if(ret)
-		ret->struct_ref++;
-	CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
-	return ret;
-	}
-ENGINE *ENGINE_get_prev(ENGINE *e)
-	{
-	ENGINE *ret = NULL;
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_GET_PREV,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
-	ret = e->prev;
-	e->struct_ref--;
-	if(ret)
-		ret->struct_ref++;
-	CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
-	return ret;
-	}
-
-/* Add another "ENGINE" type into the list. */
-int ENGINE_add(ENGINE *e)
-	{
-	int to_return = 1;
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_ADD,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	if((e->id == NULL) || (e->name == NULL))
-		{
-		ENGINEerr(ENGINE_F_ENGINE_ADD,
-			ENGINE_R_ID_OR_NAME_MISSING);
-		}
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	if(!engine_internal_check() || !engine_list_add(e))
-		{
-		ENGINEerr(ENGINE_F_ENGINE_ADD,
-			ENGINE_R_INTERNAL_LIST_ERROR);
-		to_return = 0;
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	return to_return;
-	}
-
-/* Remove an existing "ENGINE" type from the array. */
-int ENGINE_remove(ENGINE *e)
-	{
-	int to_return = 1;
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_REMOVE,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	if(!engine_internal_check() || !engine_list_remove(e))
-		{
-		ENGINEerr(ENGINE_F_ENGINE_REMOVE,
-			ENGINE_R_INTERNAL_LIST_ERROR);
-		to_return = 0;
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	return to_return;
-	}
-
-ENGINE *ENGINE_by_id(const char *id)
-	{
-	ENGINE *iterator = NULL;
-	if(id == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_BY_ID,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return NULL;
-		}
-	CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
-	if(!engine_internal_check())
-		ENGINEerr(ENGINE_F_ENGINE_BY_ID,
-			ENGINE_R_INTERNAL_LIST_ERROR);
-	else
-		{
-		iterator = engine_list_head;
-		while(iterator && (strcmp(id, iterator->id) != 0))
-			iterator = iterator->next;
-		if(iterator)
-			/* We need to return a structural reference */
-			iterator->struct_ref++;
-		}
-	CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
-	if(iterator == NULL)
-		ENGINEerr(ENGINE_F_ENGINE_BY_ID,
-			ENGINE_R_NO_SUCH_ENGINE);
-	return iterator;
-	}
-
-/* As per the comments in engine.h, it is generally better all round
- * if the ENGINE structure is allocated within this framework. */
-#if 0
-int ENGINE_get_struct_size(void)
-	{
-	return sizeof(ENGINE);
-	}
-
-ENGINE *ENGINE_new(ENGINE *e)
-	{
-	ENGINE *ret;
-
-	if(e == NULL)
-		{
-		ret = (ENGINE *)(OPENSSL_malloc(sizeof(ENGINE));
-		if(ret == NULL)
-			{
-			ENGINEerr(ENGINE_F_ENGINE_NEW,
-				ERR_R_MALLOC_FAILURE);
-			return NULL;
-			}
-		}
-	else
-		ret = e;
-	memset(ret, 0, sizeof(ENGINE));
-	if(e)
-		ret->flags = ENGINE_FLAGS_MALLOCED;
-	ret->struct_ref = 1;
-	return ret;
-	}
-#else
-ENGINE *ENGINE_new(void)
-	{
-	ENGINE *ret;
-
-	ret = (ENGINE *)OPENSSL_malloc(sizeof(ENGINE));
-	if(ret == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE);
-		return NULL;
-		}
-	memset(ret, 0, sizeof(ENGINE));
-	ret->flags = ENGINE_FLAGS_MALLOCED;
-	ret->struct_ref = 1;
-	return ret;
-	}
-#endif
-
-int ENGINE_free(ENGINE *e)
-	{
-	int i;
-
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_FREE,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	i = CRYPTO_add(&e->struct_ref,-1,CRYPTO_LOCK_ENGINE);
-#ifdef REF_PRINT
-	REF_PRINT("ENGINE",e);
-#endif
-	if (i > 0) return 1;
-#ifdef REF_CHECK
-	if (i < 0)
-		{
-		fprintf(stderr,"ENGINE_free, bad reference count\n");
-		abort();
-		}
-#endif
-	if(e->flags & ENGINE_FLAGS_MALLOCED)
-		OPENSSL_free(e);
-	return 1;
-	}
-
-int ENGINE_set_id(ENGINE *e, const char *id)
-	{
-	if((e == NULL) || (id == NULL))
-		{
-		ENGINEerr(ENGINE_F_ENGINE_SET_ID,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	e->id = id;
-	return 1;
-	}
-
-int ENGINE_set_name(ENGINE *e, const char *name)
-	{
-	if((e == NULL) || (name == NULL))
-		{
-		ENGINEerr(ENGINE_F_ENGINE_SET_NAME,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	e->name = name;
-	return 1;
-	}
-
-int ENGINE_set_RSA(ENGINE *e, RSA_METHOD *rsa_meth)
-	{
-	if((e == NULL) || (rsa_meth == NULL))
-		{
-		ENGINEerr(ENGINE_F_ENGINE_SET_RSA,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	e->rsa_meth = rsa_meth;
-	return 1;
-	}
-
-int ENGINE_set_DSA(ENGINE *e, DSA_METHOD *dsa_meth)
-	{
-	if((e == NULL) || (dsa_meth == NULL))
-		{
-		ENGINEerr(ENGINE_F_ENGINE_SET_DSA,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	e->dsa_meth = dsa_meth;
-	return 1;
-	}
-
-int ENGINE_set_DH(ENGINE *e, DH_METHOD *dh_meth)
-	{
-	if((e == NULL) || (dh_meth == NULL))
-		{
-		ENGINEerr(ENGINE_F_ENGINE_SET_DH,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	e->dh_meth = dh_meth;
-	return 1;
-	}
-
-int ENGINE_set_RAND(ENGINE *e, RAND_METHOD *rand_meth)
-	{
-	if((e == NULL) || (rand_meth == NULL))
-		{
-		ENGINEerr(ENGINE_F_ENGINE_SET_RAND,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	e->rand_meth = rand_meth;
-	return 1;
-	}
-
-int ENGINE_set_BN_mod_exp(ENGINE *e, BN_MOD_EXP bn_mod_exp)
-	{
-	if((e == NULL) || (bn_mod_exp == NULL))
-		{
-		ENGINEerr(ENGINE_F_ENGINE_SET_BN_MOD_EXP,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	e->bn_mod_exp = bn_mod_exp;
-	return 1;
-	}
-
-int ENGINE_set_BN_mod_exp_crt(ENGINE *e, BN_MOD_EXP_CRT bn_mod_exp_crt)
-	{
-	if((e == NULL) || (bn_mod_exp_crt == NULL))
-		{
-		ENGINEerr(ENGINE_F_ENGINE_SET_BN_MOD_EXP_CRT,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	e->bn_mod_exp_crt = bn_mod_exp_crt;
-	return 1;
-	}
-
-int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f)
-	{
-	if((e == NULL) || (init_f == NULL))
-		{
-		ENGINEerr(ENGINE_F_ENGINE_SET_INIT_FUNCTION,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	e->init = init_f;
-	return 1;
-	}
-
-int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f)
-	{
-	if((e == NULL) || (finish_f == NULL))
-		{
-		ENGINEerr(ENGINE_F_ENGINE_SET_FINISH_FUNCTION,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	e->finish = finish_f;
-	return 1;
-	}
-
-int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f)
-	{
-	if((e == NULL) || (ctrl_f == NULL))
-		{
-		ENGINEerr(ENGINE_F_ENGINE_SET_CTRL_FUNCTION,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	e->ctrl = ctrl_f;
-	return 1;
-	}
-
-const char *ENGINE_get_id(ENGINE *e)
-	{
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_GET_ID,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	return e->id;
-	}
-
-const char *ENGINE_get_name(ENGINE *e)
-	{
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_GET_NAME,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	return e->name;
-	}
-
-RSA_METHOD *ENGINE_get_RSA(ENGINE *e)
-	{
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_GET_RSA,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return NULL;
-		}
-	return e->rsa_meth;
-	}
-
-DSA_METHOD *ENGINE_get_DSA(ENGINE *e)
-	{
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_GET_DSA,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return NULL;
-		}
-	return e->dsa_meth;
-	}
-
-DH_METHOD *ENGINE_get_DH(ENGINE *e)
-	{
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_GET_DH,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return NULL;
-		}
-	return e->dh_meth;
-	}
-
-RAND_METHOD *ENGINE_get_RAND(ENGINE *e)
-	{
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_GET_RAND,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return NULL;
-		}
-	return e->rand_meth;
-	}
-
-BN_MOD_EXP ENGINE_get_BN_mod_exp(ENGINE *e)
-	{
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_GET_BN_MOD_EXP,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return NULL;
-		}
-	return e->bn_mod_exp;
-	}
-
-BN_MOD_EXP_CRT ENGINE_get_BN_mod_exp_crt(ENGINE *e)
-	{
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_GET_BN_MOD_EXP_CRT,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return NULL;
-		}
-	return e->bn_mod_exp_crt;
-	}
-
-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(ENGINE *e)
-	{
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_GET_INIT_FUNCTION,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return NULL;
-		}
-	return e->init;
-	}
-
-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(ENGINE *e)
-	{
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_GET_FINISH_FUNCTION,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return NULL;
-		}
-	return e->finish;
-	}
-
-ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(ENGINE *e)
-	{
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_GET_CTRL_FUNCTION,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return NULL;
-		}
-	return e->ctrl;
-	}
-

crypto/engine/engine_openssl.c

@@ -1,174 +0,0 @@
-/* crypto/engine/engine_openssl.c */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-#include <stdio.h>
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include "engine_int.h"
-#include <openssl/engine.h>
-#include <openssl/dso.h>
-#include <openssl/rsa.h>
-#include <openssl/dsa.h>
-#include <openssl/dh.h>
-#include <openssl/rand.h>
-#include <openssl/bn.h>
-
-/* This is the only function we need to implement as OpenSSL
- * doesn't have a native CRT mod_exp. Perhaps this should be
- * BN_mod_exp_crt and moved into crypto/bn/ ?? ... dunno. */
-static int openssl_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-		const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
-		const BIGNUM *iqmp, BN_CTX *ctx);
-
-/* The ENGINE structure that can be pointed to. */
-static ENGINE engine_openssl =
-        {
-	"openssl",
-	"Software default engine support",
-	NULL,
-	NULL,
-	NULL, /* these methods are "stolen" in ENGINE_openssl() */
-	NULL,
-	NULL,
-	openssl_mod_exp_crt,
-	NULL, /* no init() */
-	NULL, /* no finish() */
-	NULL, /* no ctrl() */
-	NULL, /* no load_privkey() */
-	NULL, /* no load_pubkey() */
-	0, /* no flags */
-	0, 0, /* no references. */
-	NULL, NULL /* unlinked */
-        };
-
-/* As this is only ever called once, there's no need for locking
- * (indeed - the lock will already be held by our caller!!!) */
-ENGINE *ENGINE_openssl()
-	{
-	/* We need to populate our structure with the software pointers
-	 * that we want to steal. */
-	engine_openssl.rsa_meth = RSA_get_default_openssl_method();
-	engine_openssl.dsa_meth = DSA_get_default_openssl_method();
-	engine_openssl.dh_meth = DH_get_default_openssl_method();
-	engine_openssl.rand_meth = RAND_SSLeay();
-	engine_openssl.bn_mod_exp = BN_mod_exp;
-	return &engine_openssl;
-	}
-
-/* Chinese Remainder Theorem, taken and adapted from rsa_eay.c */
-static int openssl_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-			const BIGNUM *q, const BIGNUM *dmp1,
-			const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx)
-	{
-	BIGNUM r1,m1;
-	int ret=0;
-	BN_CTX *bn_ctx;
-	BIGNUM *temp_bn = NULL;
-
-	if (ctx)
-		bn_ctx = ctx;
-	else
-		if ((bn_ctx=BN_CTX_new()) == NULL) goto err;
-	BN_init(&m1);
-	BN_init(&r1);
-	/* BN_mul() cannot accept const BIGNUMs so I use the BN_CTX
-	 * to duplicate what I need. <sigh> */
-	if ((temp_bn = BN_CTX_get(bn_ctx)) == NULL) goto err;
-	if (!BN_copy(temp_bn, iqmp)) goto err;
- 
-	if (!BN_mod(&r1, a, q, bn_ctx)) goto err;
-	if (!engine_openssl.bn_mod_exp(&m1, &r1, dmq1, q, bn_ctx))
-		goto err;
- 
-	if (!BN_mod(&r1, a, p, bn_ctx)) goto err;
-	if (!engine_openssl.bn_mod_exp(r, &r1, dmp1, p, bn_ctx))
-		goto err;
-
-	if (!BN_sub(r, r, &m1)) goto err;
-	/* This will help stop the size of r0 increasing, which does
-	 * affect the multiply if it optimised for a power of 2 size */
-	if (r->neg)
-		if (!BN_add(r, r, p)) goto err;
- 
-	if (!BN_mul(&r1, r, temp_bn, bn_ctx)) goto err;
-	if (!BN_mod(r, &r1, p, bn_ctx)) goto err;
-	/* If p < q it is occasionally possible for the correction of
-	 * adding 'p' if r is negative above to leave the result still
-	 * negative. This can break the private key operations: the following
-	 * second correction should *always* correct this rare occurrence.
-	 * This will *never* happen with OpenSSL generated keys because
-	 * they ensure p > q [steve]
-	 */
-	if (r->neg)
-		if (!BN_add(r, r, p)) goto err;
-	/* Again, BN_mul() will need non-const values. */
-	if (!BN_copy(temp_bn, q)) goto err;
-	if (!BN_mul(&r1, r, temp_bn, bn_ctx)) goto err;
-	if (!BN_add(r, &r1, &m1)) goto err;
- 
-	ret=1;
-err:
-	BN_clear_free(&m1);
-	BN_clear_free(&r1);
-	if (temp_bn)
-		bn_ctx->tos--;
-	if (!ctx)
-		BN_CTX_free(bn_ctx);
-	return(ret);
-	}

crypto/engine/enginetest.c

@@ -1,251 +0,0 @@
-/* crypto/engine/enginetest.c */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/engine.h>
-#include <openssl/err.h>
-
-static void display_engine_list()
-	{
-	ENGINE *h;
-	int loop;
-
-	h = ENGINE_get_first();
-	loop = 0;
-	printf("listing available engine types\n");
-	while(h)
-		{
-		printf("engine %i, id = \"%s\", name = \"%s\"\n",
-			loop++, ENGINE_get_id(h), ENGINE_get_name(h));
-		h = ENGINE_get_next(h);
-		}
-	printf("end of list\n");
-	}
-
-int main(int argc, char *argv[])
-	{
-	ENGINE *block[512];
-	char buf[256];
-	const char *id, *name;
-	ENGINE *ptr;
-	int loop;
-	int to_return = 1;
-	ENGINE *new_h1 = NULL;
-	ENGINE *new_h2 = NULL;
-	ENGINE *new_h3 = NULL;
-	ENGINE *new_h4 = NULL;
-
-	ERR_load_crypto_strings();
-
-	memset(block, 0, 512 * sizeof(ENGINE *));
-	if(((new_h1 = ENGINE_new()) == NULL) ||
-			!ENGINE_set_id(new_h1, "test_id0") ||
-			!ENGINE_set_name(new_h1, "First test item") ||
-			((new_h2 = ENGINE_new()) == NULL) ||
-			!ENGINE_set_id(new_h2, "test_id1") ||
-			!ENGINE_set_name(new_h2, "Second test item") ||
-			((new_h3 = ENGINE_new()) == NULL) ||
-			!ENGINE_set_id(new_h3, "test_id2") ||
-			!ENGINE_set_name(new_h3, "Third test item") ||
-			((new_h4 = ENGINE_new()) == NULL) ||
-			!ENGINE_set_id(new_h4, "test_id3") ||
-			!ENGINE_set_name(new_h4, "Fourth test item"))
-		{
-		printf("Couldn't set up test ENGINE structures\n");
-		goto end;
-		}
-	printf("\nenginetest beginning\n\n");
-	display_engine_list();
-	if(!ENGINE_add(new_h1))
-		{
-		printf("Add failed!\n");
-		goto end;
-		}
-	display_engine_list();
-	ptr = ENGINE_get_first();
-	if(!ENGINE_remove(ptr))
-		{
-		printf("Remove failed!\n");
-		goto end;
-		}
-	display_engine_list();
-	if(!ENGINE_add(new_h3) || !ENGINE_add(new_h2))
-		{
-		printf("Add failed!\n");
-		goto end;
-		}
-	display_engine_list();
-	if(!ENGINE_remove(new_h2))
-		{
-		printf("Remove failed!\n");
-		goto end;
-		}
-	display_engine_list();
-	if(!ENGINE_add(new_h4))
-		{
-		printf("Add failed!\n");
-		goto end;
-		}
-	display_engine_list();
-	if(ENGINE_add(new_h3))
-		{
-		printf("Add *should* have failed but didn't!\n");
-		goto end;
-		}
-	else
-		printf("Add that should fail did.\n");
-	ERR_clear_error();
-	if(ENGINE_remove(new_h2))
-		{
-		printf("Remove *should* have failed but didn't!\n");
-		goto end;
-		}
-	else
-		printf("Remove that should fail did.\n");
-	if(!ENGINE_remove(new_h1))
-		{
-		printf("Remove failed!\n");
-		goto end;
-		}
-	display_engine_list();
-	if(!ENGINE_remove(new_h3))
-		{
-		printf("Remove failed!\n");
-		goto end;
-		}
-	display_engine_list();
-	if(!ENGINE_remove(new_h4))
-		{
-		printf("Remove failed!\n");
-		goto end;
-		}
-	display_engine_list();
-	/* Depending on whether there's any hardware support compiled
-	 * in, this remove may be destined to fail. */
-	ptr = ENGINE_get_first();
-	if(ptr)
-		if(!ENGINE_remove(ptr))
-			printf("Remove failed!i - probably no hardware "
-				"support present.\n");
-	display_engine_list();
-	if(!ENGINE_add(new_h1) || !ENGINE_remove(new_h1))
-		{
-		printf("Couldn't add and remove to an empty list!\n");
-		goto end;
-		}
-	else
-		printf("Successfully added and removed to an empty list!\n");
-	printf("About to beef up the engine-type list\n");
-	for(loop = 0; loop < 512; loop++)
-		{
-		sprintf(buf, "id%i", loop);
-		id = strdup(buf);
-		sprintf(buf, "Fake engine type %i", loop);
-		name = strdup(buf);
-		if(((block[loop] = ENGINE_new()) == NULL) ||
-				!ENGINE_set_id(block[loop], id) ||
-				!ENGINE_set_name(block[loop], name))
-			{
-			printf("Couldn't create block of ENGINE structures.\n"
-				"I'll probably also core-dump now, damn.\n");
-			goto end;
-			}
-		}
-	for(loop = 0; loop < 512; loop++)
-		{
-		if(!ENGINE_add(block[loop]))
-			{
-			printf("\nAdding stopped at %i, (%s,%s)\n",
-				loop, ENGINE_get_id(block[loop]),
-				ENGINE_get_name(block[loop]));
-			goto cleanup_loop;
-			}
-		else
-			printf("."); fflush(stdout);
-		}
-cleanup_loop:
-	printf("\nAbout to empty the engine-type list\n");
-	while((ptr = ENGINE_get_first()) != NULL)
-		{
-		if(!ENGINE_remove(ptr))
-			{
-			printf("\nRemove failed!\n");
-			goto end;
-			}
-		printf("."); fflush(stdout);
-		}
-	for(loop = 0; loop < 512; loop++)
-		{
-		free((char *)(ENGINE_get_id(block[loop])));
-		free((char *)(ENGINE_get_name(block[loop])));
-		}
-	printf("\nTests completed happily\n");
-	to_return = 0;
-end:
-	if(to_return)
-		ERR_print_errors_fp(stderr);
-	if(new_h1) ENGINE_free(new_h1);
-	if(new_h2) ENGINE_free(new_h2);
-	if(new_h3) ENGINE_free(new_h3);
-	if(new_h4) ENGINE_free(new_h4);
-	for(loop = 0; loop < 512; loop++)
-		if(block[loop])
-			ENGINE_free(block[loop]);
-	return to_return;
-	}

crypto/engine/hw_atalla.c

@@ -1,444 +0,0 @@
-/* crypto/engine/hw_atalla.c */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/dso.h>
-#include "engine_int.h"
-#include <openssl/engine.h>
-
-#ifndef NO_HW
-#ifndef NO_HW_ATALLA
-
-#ifdef FLAT_INC
-#include "atalla.h"
-#else
-#include "vendor_defns/atalla.h"
-#endif
-
-static int atalla_init(void);
-static int atalla_finish(void);
-
-/* BIGNUM stuff */
-static int atalla_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-		const BIGNUM *m, BN_CTX *ctx);
-
-/* RSA stuff */
-static int atalla_rsa_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa);
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-static int atalla_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-
-/* DSA stuff */
-static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
-		BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
-		BN_CTX *ctx, BN_MONT_CTX *in_mont);
-static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
-		const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-		BN_MONT_CTX *m_ctx);
-
-/* DH stuff */
-/* This function is alised to mod_exp (with the DH and mont dropped). */
-static int atalla_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-
-
-/* Our internal RSA_METHOD that we provide pointers to */
-static RSA_METHOD atalla_rsa =
-	{
-	"Atalla RSA method",
-	NULL,
-	NULL,
-	NULL,
-	NULL,
-	atalla_rsa_mod_exp,
-	atalla_mod_exp_mont,
-	NULL,
-	NULL,
-	0,
-	NULL,
-	NULL,
-	NULL
-	};
-
-/* Our internal DSA_METHOD that we provide pointers to */
-static DSA_METHOD atalla_dsa =
-	{
-	"Atalla DSA method",
-	NULL, /* dsa_do_sign */
-	NULL, /* dsa_sign_setup */
-	NULL, /* dsa_do_verify */
-	atalla_dsa_mod_exp, /* dsa_mod_exp */
-	atalla_mod_exp_dsa, /* bn_mod_exp */
-	NULL, /* init */
-	NULL, /* finish */
-	0, /* flags */
-	NULL /* app_data */
-	};
-
-/* Our internal DH_METHOD that we provide pointers to */
-static DH_METHOD atalla_dh =
-	{
-	"Atalla DH method",
-	NULL,
-	NULL,
-	atalla_mod_exp_dh,
-	NULL,
-	NULL,
-	0,
-	NULL
-	};
-
-/* Our ENGINE structure. */
-static ENGINE engine_atalla =
-        {
-	"atalla",
-	"Atalla hardware engine support",
-	&atalla_rsa,
-	&atalla_dsa,
-	&atalla_dh,
-	NULL,
-	atalla_mod_exp,
-	NULL,
-	atalla_init,
-	atalla_finish,
-	NULL, /* no ctrl() */
-	NULL, /* no load_privkey() */
-	NULL, /* no load_pubkey() */
-	0, /* no flags */
-	0, 0, /* no references */
-	NULL, NULL /* unlinked */
-        };
-
-/* As this is only ever called once, there's no need for locking
- * (indeed - the lock will already be held by our caller!!!) */
-ENGINE *ENGINE_atalla()
-	{
-	RSA_METHOD *meth1;
-	DSA_METHOD *meth2;
-	DH_METHOD *meth3;
-
-	/* We know that the "PKCS1_SSLeay()" functions hook properly
-	 * to the atalla-specific mod_exp and mod_exp_crt so we use
-	 * those functions. NB: We don't use ENGINE_openssl() or
-	 * anything "more generic" because something like the RSAref
-	 * code may not hook properly, and if you own one of these
-	 * cards then you have the right to do RSA operations on it
-	 * anyway! */ 
-	meth1 = RSA_PKCS1_SSLeay();
-	atalla_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
-	atalla_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
-	atalla_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
-	atalla_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
-
-	/* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
-	 * bits. */
-	meth2 = DSA_OpenSSL();
-	atalla_dsa.dsa_do_sign = meth2->dsa_do_sign;
-	atalla_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
-	atalla_dsa.dsa_do_verify = meth2->dsa_do_verify;
-
-	/* Much the same for Diffie-Hellman */
-	meth3 = DH_OpenSSL();
-	atalla_dh.generate_key = meth3->generate_key;
-	atalla_dh.compute_key = meth3->compute_key;
-	return &engine_atalla;
-	}
-
-/* This is a process-global DSO handle used for loading and unloading
- * the Atalla library. NB: This is only set (or unset) during an
- * init() or finish() call (reference counts permitting) and they're
- * operating with global locks, so this should be thread-safe
- * implicitly. */
-static DSO *atalla_dso = NULL;
-
-/* These are the function pointers that are (un)set when the library has
- * successfully (un)loaded. */
-static tfnASI_GetHardwareConfig *p_Atalla_GetHardwareConfig = NULL;
-static tfnASI_RSAPrivateKeyOpFn *p_Atalla_RSAPrivateKeyOpFn = NULL;
-static tfnASI_GetPerformanceStatistics *p_Atalla_GetPerformanceStatistics = NULL;
-
-/* (de)initialisation functions. */
-static int atalla_init()
-	{
-	tfnASI_GetHardwareConfig *p1;
-	tfnASI_RSAPrivateKeyOpFn *p2;
-	tfnASI_GetPerformanceStatistics *p3;
-	/* Not sure of the origin of this magic value, but Ben's code had it
-	 * and it seemed to have been working for a few people. :-) */
-	unsigned int config_buf[1024];
-
-	if(atalla_dso != NULL)
-		{
-		ENGINEerr(ENGINE_F_ATALLA_INIT,ENGINE_R_ALREADY_LOADED);
-		goto err;
-		}
-	/* Attempt to load libatasi.so/atasi.dll/whatever. Needs to be
-	 * changed unfortunately because the Atalla drivers don't have
-	 * standard library names that can be platform-translated well. */
-	/* TODO: Work out how to actually map to the names the Atalla
-	 * drivers really use - for now a symbollic link needs to be
-	 * created on the host system from libatasi.so to atasi.so on
-	 * unix variants. */
-	atalla_dso = DSO_load(NULL, ATALLA_LIBNAME, NULL,
-		DSO_FLAG_NAME_TRANSLATION);
-	if(atalla_dso == NULL)
-		{
-		ENGINEerr(ENGINE_F_ATALLA_INIT,ENGINE_R_DSO_FAILURE);
-		goto err;
-		}
-	if(!(p1 = (tfnASI_GetHardwareConfig *)DSO_bind_func(
-				atalla_dso, ATALLA_F1)) ||
-			!(p2 = (tfnASI_RSAPrivateKeyOpFn *)DSO_bind_func(
-				atalla_dso, ATALLA_F2)) ||
-			!(p3 = (tfnASI_GetPerformanceStatistics *)DSO_bind_func(
-				atalla_dso, ATALLA_F3)))
-		{
-		ENGINEerr(ENGINE_F_ATALLA_INIT,ENGINE_R_DSO_FAILURE);
-		goto err;
-		}
-	/* Copy the pointers */
-	p_Atalla_GetHardwareConfig = p1;
-	p_Atalla_RSAPrivateKeyOpFn = p2;
-	p_Atalla_GetPerformanceStatistics = p3;
-	/* Perform a basic test to see if there's actually any unit
-	 * running. */
-	if(p1(0L, config_buf) != 0)
-		{
-		ENGINEerr(ENGINE_F_ATALLA_INIT,ENGINE_R_UNIT_FAILURE);
-		goto err;
-		}
-	/* Everything's fine. */
-	return 1;
-err:
-	if(atalla_dso)
-		DSO_free(atalla_dso);
-	p_Atalla_GetHardwareConfig = NULL;
-	p_Atalla_RSAPrivateKeyOpFn = NULL;
-	p_Atalla_GetPerformanceStatistics = NULL;
-	return 0;
-	}
-
-static int atalla_finish()
-	{
-	if(atalla_dso == NULL)
-		{
-		ENGINEerr(ENGINE_F_ATALLA_FINISH,ENGINE_R_NOT_LOADED);
-		return 0;
-		}
-	if(!DSO_free(atalla_dso))
-		{
-		ENGINEerr(ENGINE_F_ATALLA_FINISH,ENGINE_R_DSO_FAILURE);
-		return 0;
-		}
-	atalla_dso = NULL;
-	p_Atalla_GetHardwareConfig = NULL;
-	p_Atalla_RSAPrivateKeyOpFn = NULL;
-	p_Atalla_GetPerformanceStatistics = NULL;
-	return 1;
-	}
-
-static int atalla_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-			const BIGNUM *m, BN_CTX *ctx)
-	{
-	/* I need somewhere to store temporary serialised values for
-	 * use with the Atalla API calls. A neat cheat - I'll use
-	 * BIGNUMs from the BN_CTX but access their arrays directly as
-	 * byte arrays <grin>. This way I don't have to clean anything
-	 * up. */
-	BIGNUM *modulus;
-	BIGNUM *exponent;
-	BIGNUM *argument;
-	BIGNUM *result;
-	RSAPrivateKey keydata;
-	int to_return, numbytes;
-
-	modulus = exponent = argument = result = NULL;
-	to_return = 0; /* expect failure */
-
-	if(!atalla_dso)
-	{
-		ENGINEerr(ENGINE_F_ATALLA_MOD_EXP,ENGINE_R_NOT_LOADED);
-		goto err;
-	}
-	/* Prepare the params */
-	modulus = BN_CTX_get(ctx);
-	exponent = BN_CTX_get(ctx);
-	argument = BN_CTX_get(ctx);
-	result = BN_CTX_get(ctx);
-	if(!modulus || !exponent || !argument || !result)
-	{
-		ENGINEerr(ENGINE_F_ATALLA_MOD_EXP,ENGINE_R_BN_CTX_FULL);
-		goto err;
-	}
-	if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, m->top) ||
-	   !bn_wexpand(argument, m->top) || !bn_wexpand(result, m->top))
-	{
-		ENGINEerr(ENGINE_F_ATALLA_MOD_EXP,ENGINE_R_BN_EXPAND_FAIL);
-		goto err;
-	}
-	/* Prepare the key-data */
-	memset(&keydata, 0,sizeof keydata);
-	numbytes = BN_num_bytes(m);
-	memset(exponent->d, 0, numbytes);
-	memset(modulus->d, 0, numbytes);
-	BN_bn2bin(p, (unsigned char *)exponent->d + numbytes - BN_num_bytes(p));
-	BN_bn2bin(m, (unsigned char *)modulus->d + numbytes - BN_num_bytes(m));
-	keydata.privateExponent.data = (unsigned char *)exponent->d;
-	keydata.privateExponent.len = numbytes;
-	keydata.modulus.data = (unsigned char *)modulus->d;
-	keydata.modulus.len = numbytes;
-	/* Prepare the argument */
-	memset(argument->d, 0, numbytes);
-	memset(result->d, 0, numbytes);
-	BN_bn2bin(a, (unsigned char *)argument->d + numbytes - BN_num_bytes(a));
-	/* Perform the operation */
-	if(p_Atalla_RSAPrivateKeyOpFn(&keydata, (unsigned char *)result->d,
-			(unsigned char *)argument->d,
-			keydata.modulus.len) != 0)
-	{
-		ENGINEerr(ENGINE_F_ATALLA_MOD_EXP,ENGINE_R_REQUEST_FAILED);
-		goto err;
-	}
-	/* Convert the response */
-	BN_bin2bn((unsigned char *)result->d, numbytes, r);
-	to_return = 1;
-err:
-	if(modulus) ctx->tos--;
-	if(exponent) ctx->tos--;
-	if(argument) ctx->tos--;
-	if(result) ctx->tos--;
-	return to_return;
-	}
-
-static int atalla_rsa_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
-	{
-	BN_CTX *ctx = NULL;
-	int to_return = 0;
-
-	if(!atalla_dso)
-	{
-		ENGINEerr(ENGINE_F_ATALLA_RSA_MOD_EXP,ENGINE_R_NOT_LOADED);
-		goto err;
-	}
-	if((ctx = BN_CTX_new()) == NULL)
-		goto err;
-	if(!rsa->d || !rsa->n)
-		{
-		ENGINEerr(ENGINE_F_ATALLA_RSA_MOD_EXP,ENGINE_R_MISSING_KEY_COMPONENTS);
-		goto err;
-		}
-	to_return = atalla_mod_exp(r0, I, rsa->d, rsa->n, ctx);
-err:
-	if(ctx)
-		BN_CTX_free(ctx);
-	return to_return;
-	}
-
-/* This code was liberated and adapted from the commented-out code in
- * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration
- * (it doesn't have a CRT form for RSA), this function means that an
- * Atalla system running with a DSA server certificate can handshake
- * around 5 or 6 times faster/more than an equivalent system running with
- * RSA. Just check out the "signs" statistics from the RSA and DSA parts
- * of "openssl speed -engine atalla dsa1024 rsa1024". */
-static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
-		BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
-		BN_CTX *ctx, BN_MONT_CTX *in_mont)
-	{
-	BIGNUM t;
-	int to_return = 0;
- 
-	BN_init(&t);
-	/* let rr = a1 ^ p1 mod m */
-	if (!atalla_mod_exp(rr,a1,p1,m,ctx)) goto end;
-	/* let t = a2 ^ p2 mod m */
-	if (!atalla_mod_exp(&t,a2,p2,m,ctx)) goto end;
-	/* let rr = rr * t mod m */
-	if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
-	to_return = 1;
-end:
-	BN_free(&t);
-	return to_return;
-	}
-
-
-static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
-		const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-		BN_MONT_CTX *m_ctx)
-	{
-	return atalla_mod_exp(r, a, p, m, ctx);
-	}
-
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-static int atalla_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
-	{
-	return atalla_mod_exp(r, a, p, m, ctx);
-	}
-
-/* This function is aliased to mod_exp (with the dh and mont dropped). */
-static int atalla_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
-	{
-	return atalla_mod_exp(r, a, p, m, ctx);
-	}
-
-#endif /* !NO_HW_ATALLA */
-#endif /* !NO_HW */

crypto/engine/hw_cswift.c

@@ -1,807 +0,0 @@
-/* crypto/engine/hw_cswift.c */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/dso.h>
-#include "engine_int.h"
-#include <openssl/engine.h>
-
-#ifndef NO_HW
-#ifndef NO_HW_CSWIFT
-
-/* Attribution notice: Rainbow have generously allowed me to reproduce
- * the necessary definitions here from their API. This means the support
- * can build independently of whether application builders have the
- * API or hardware. This will allow developers to easily produce software
- * that has latent hardware support for any users that have accelerators
- * installed, without the developers themselves needing anything extra.
- *
- * I have only clipped the parts from the CryptoSwift header files that
- * are (or seem) relevant to the CryptoSwift support code. This is
- * simply to keep the file sizes reasonable.
- * [Geoff]
- */
-#ifdef FLAT_INC
-#include "cswift.h"
-#else
-#include "vendor_defns/cswift.h"
-#endif
-
-static int cswift_init(void);
-static int cswift_finish(void);
-
-/* BIGNUM stuff */
-static int cswift_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-		const BIGNUM *m, BN_CTX *ctx);
-static int cswift_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-		const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
-		const BIGNUM *iqmp, BN_CTX *ctx);
-
-/* RSA stuff */
-static int cswift_rsa_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa);
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-static int cswift_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-
-/* DSA stuff */
-static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa);
-static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
-				DSA_SIG *sig, DSA *dsa);
-
-/* DH stuff */
-/* This function is alised to mod_exp (with the DH and mont dropped). */
-static int cswift_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-
-
-/* Our internal RSA_METHOD that we provide pointers to */
-static RSA_METHOD cswift_rsa =
-	{
-	"CryptoSwift RSA method",
-	NULL,
-	NULL,
-	NULL,
-	NULL,
-	cswift_rsa_mod_exp,
-	cswift_mod_exp_mont,
-	NULL,
-	NULL,
-	0,
-	NULL,
-	NULL,
-	NULL
-	};
-
-/* Our internal DSA_METHOD that we provide pointers to */
-static DSA_METHOD cswift_dsa =
-	{
-	"CryptoSwift DSA method",
-	cswift_dsa_sign,
-	NULL, /* dsa_sign_setup */
-	cswift_dsa_verify,
-	NULL, /* dsa_mod_exp */
-	NULL, /* bn_mod_exp */
-	NULL, /* init */
-	NULL, /* finish */
-	0, /* flags */
-	NULL /* app_data */
-	};
-
-/* Our internal DH_METHOD that we provide pointers to */
-static DH_METHOD cswift_dh =
-	{
-	"CryptoSwift DH method",
-	NULL,
-	NULL,
-	cswift_mod_exp_dh,
-	NULL,
-	NULL,
-	0,
-	NULL
-	};
-
-/* Our ENGINE structure. */
-static ENGINE engine_cswift =
-        {
-	"cswift",
-	"CryptoSwift hardware engine support",
-	&cswift_rsa,
-	&cswift_dsa,
-	&cswift_dh,
-	NULL,
-	cswift_mod_exp,
-	cswift_mod_exp_crt,
-	cswift_init,
-	cswift_finish,
-	NULL, /* no ctrl() */
-	NULL, /* no load_privkey() */
-	NULL, /* no load_pubkey() */
-	0, /* no flags */
-	0, 0, /* no references */
-	NULL, NULL /* unlinked */
-        };
-
-/* As this is only ever called once, there's no need for locking
- * (indeed - the lock will already be held by our caller!!!) */
-ENGINE *ENGINE_cswift()
-	{
-	RSA_METHOD *meth1;
-	DH_METHOD *meth2;
-
-	/* We know that the "PKCS1_SSLeay()" functions hook properly
-	 * to the cswift-specific mod_exp and mod_exp_crt so we use
-	 * those functions. NB: We don't use ENGINE_openssl() or
-	 * anything "more generic" because something like the RSAref
-	 * code may not hook properly, and if you own one of these
-	 * cards then you have the right to do RSA operations on it
-	 * anyway! */ 
-	meth1 = RSA_PKCS1_SSLeay();
-	cswift_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
-	cswift_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
-	cswift_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
-	cswift_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
-
-	/* Much the same for Diffie-Hellman */
-	meth2 = DH_OpenSSL();
-	cswift_dh.generate_key = meth2->generate_key;
-	cswift_dh.compute_key = meth2->compute_key;
-	return &engine_cswift;
-	}
-
-/* This is a process-global DSO handle used for loading and unloading
- * the CryptoSwift library. NB: This is only set (or unset) during an
- * init() or finish() call (reference counts permitting) and they're
- * operating with global locks, so this should be thread-safe
- * implicitly. */
-static DSO *cswift_dso = NULL;
-
-/* These are the function pointers that are (un)set when the library has
- * successfully (un)loaded. */
-t_swAcquireAccContext *p_CSwift_AcquireAccContext = NULL;
-t_swAttachKeyParam *p_CSwift_AttachKeyParam = NULL;
-t_swSimpleRequest *p_CSwift_SimpleRequest = NULL;
-t_swReleaseAccContext *p_CSwift_ReleaseAccContext = NULL;
-
-/* Used in the DSO operations. */
-static const char *CSWIFT_LIBNAME = "swift";
-static const char *CSWIFT_F1 = "swAcquireAccContext";
-static const char *CSWIFT_F2 = "swAttachKeyParam";
-static const char *CSWIFT_F3 = "swSimpleRequest";
-static const char *CSWIFT_F4 = "swReleaseAccContext";
-
-
-/* CryptoSwift library functions and mechanics - these are used by the
- * higher-level functions further down. NB: As and where there's no
- * error checking, take a look lower down where these functions are
- * called, the checking and error handling is probably down there. */
-
-/* utility function to obtain a context */
-static int get_context(SW_CONTEXT_HANDLE *hac)
-	{
-        SW_STATUS status;
- 
-        status = p_CSwift_AcquireAccContext(hac);
-        if(status != SW_OK)
-                return 0;
-        return 1;
-	}
- 
-/* similarly to release one. */
-static void release_context(SW_CONTEXT_HANDLE hac)
-	{
-        p_CSwift_ReleaseAccContext(hac);
-	}
-
-/* (de)initialisation functions. */
-static int cswift_init()
-	{
-        SW_CONTEXT_HANDLE hac;
-        t_swAcquireAccContext *p1;
-        t_swAttachKeyParam *p2;
-        t_swSimpleRequest *p3;
-        t_swReleaseAccContext *p4;
-
-	if(cswift_dso != NULL)
-		{
-		ENGINEerr(ENGINE_F_CSWIFT_INIT,ENGINE_R_ALREADY_LOADED);
-		goto err;
-		}
-	/* Attempt to load libswift.so/swift.dll/whatever. */
-	cswift_dso = DSO_load(NULL, CSWIFT_LIBNAME, NULL,
-		DSO_FLAG_NAME_TRANSLATION);
-	if(cswift_dso == NULL)
-		{
-		ENGINEerr(ENGINE_F_CSWIFT_INIT,ENGINE_R_DSO_FAILURE);
-		goto err;
-		}
-	if(!(p1 = (t_swAcquireAccContext *)
-				DSO_bind_func(cswift_dso, CSWIFT_F1)) ||
-			!(p2 = (t_swAttachKeyParam *)
-				DSO_bind_func(cswift_dso, CSWIFT_F2)) ||
-			!(p3 = (t_swSimpleRequest *)
-				DSO_bind_func(cswift_dso, CSWIFT_F3)) ||
-			!(p4 = (t_swReleaseAccContext *)
-				DSO_bind_func(cswift_dso, CSWIFT_F4)))
-		{
-		ENGINEerr(ENGINE_F_CSWIFT_INIT,ENGINE_R_DSO_FAILURE);
-		goto err;
-		}
-	/* Copy the pointers */
-	p_CSwift_AcquireAccContext = p1;
-	p_CSwift_AttachKeyParam = p2;
-	p_CSwift_SimpleRequest = p3;
-	p_CSwift_ReleaseAccContext = p4;
-	/* Try and get a context - if not, we may have a DSO but no
-	 * accelerator! */
-	if(!get_context(&hac))
-		{
-		ENGINEerr(ENGINE_F_CSWIFT_INIT,ENGINE_R_UNIT_FAILURE);
-		goto err;
-		}
-	release_context(hac);
-	/* Everything's fine. */
-	return 1;
-err:
-	if(cswift_dso)
-		DSO_free(cswift_dso);
-	p_CSwift_AcquireAccContext = NULL;
-	p_CSwift_AttachKeyParam = NULL;
-	p_CSwift_SimpleRequest = NULL;
-	p_CSwift_ReleaseAccContext = NULL;
-	return 0;
-	}
-
-static int cswift_finish()
-	{
-	if(cswift_dso == NULL)
-		{
-		ENGINEerr(ENGINE_F_CSWIFT_FINISH,ENGINE_R_NOT_LOADED);
-		return 0;
-		}
-	if(!DSO_free(cswift_dso))
-		{
-		ENGINEerr(ENGINE_F_CSWIFT_FINISH,ENGINE_R_DSO_FAILURE);
-		return 0;
-		}
-	cswift_dso = NULL;
-	p_CSwift_AcquireAccContext = NULL;
-	p_CSwift_AttachKeyParam = NULL;
-	p_CSwift_SimpleRequest = NULL;
-	p_CSwift_ReleaseAccContext = NULL;
-	return 1;
-	}
-
-/* Un petit mod_exp */
-static int cswift_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-			const BIGNUM *m, BN_CTX *ctx)
-	{
-	/* I need somewhere to store temporary serialised values for
-	 * use with the CryptoSwift API calls. A neat cheat - I'll use
-	 * BIGNUMs from the BN_CTX but access their arrays directly as
-	 * byte arrays <grin>. This way I don't have to clean anything
-	 * up. */
-	BIGNUM *modulus;
-	BIGNUM *exponent;
-	BIGNUM *argument;
-	BIGNUM *result;
-	SW_STATUS sw_status;
-	SW_LARGENUMBER arg, res;
-	SW_PARAM sw_param;
-	SW_CONTEXT_HANDLE hac;
-	int to_return, acquired;
- 
-	modulus = exponent = argument = result = NULL;
-	to_return = 0; /* expect failure */
-	acquired = 0;
- 
-	if(!get_context(&hac))
-		{
-		ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_GET_HANDLE_FAILED);
-		goto err;
-		}
-	acquired = 1;
-	/* Prepare the params */
-	modulus = BN_CTX_get(ctx);
-	exponent = BN_CTX_get(ctx);
-	argument = BN_CTX_get(ctx);
-	result = BN_CTX_get(ctx);
-	if(!modulus || !exponent || !argument || !result)
-		{
-		ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_BN_CTX_FULL);
-		goto err;
-		}
-	if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, p->top) ||
-		!bn_wexpand(argument, a->top) || !bn_wexpand(result, m->top))
-		{
-		ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_BN_EXPAND_FAIL);
-		goto err;
-		}
-	sw_param.type = SW_ALG_EXP;
-	sw_param.up.exp.modulus.nbytes = BN_bn2bin(m,
-		(unsigned char *)modulus->d);
-	sw_param.up.exp.modulus.value = (unsigned char *)modulus->d;
-	sw_param.up.exp.exponent.nbytes = BN_bn2bin(p,
-		(unsigned char *)exponent->d);
-	sw_param.up.exp.exponent.value = (unsigned char *)exponent->d;
-	/* Attach the key params */
-	sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
-	switch(sw_status)
-		{
-	case SW_OK:
-		break;
-	case SW_ERR_INPUT_SIZE:
-		ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,
-			ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
-		goto err;
-	default:
-		{
-		char tmpbuf[20];
-		ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_REQUEST_FAILED);
-		sprintf(tmpbuf, "%ld", sw_status);
-		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
-		}
-		goto err;
-		}
-	/* Prepare the argument and response */
-	arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);
-	arg.value = (unsigned char *)argument->d;
-	res.nbytes = BN_num_bytes(m);
-	memset(result->d, 0, res.nbytes);
-	res.value = (unsigned char *)result->d;
-	/* Perform the operation */
-	if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP, &arg, 1,
-		&res, 1)) != SW_OK)
-		{
-		char tmpbuf[20];
-		ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_REQUEST_FAILED);
-		sprintf(tmpbuf, "%ld", sw_status);
-		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
-		goto err;
-		}
-	/* Convert the response */
-	BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
-	to_return = 1;
-err:
-	if(acquired)
-		release_context(hac);
-	if(modulus) ctx->tos--;
-	if(exponent) ctx->tos--;
-	if(argument) ctx->tos--;
-	if(result) ctx->tos--;
-	return to_return;
-	}
-
-/* Un petit mod_exp chinois */
-static int cswift_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-			const BIGNUM *q, const BIGNUM *dmp1,
-			const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx)
-	{
-	SW_STATUS sw_status;
-	SW_LARGENUMBER arg, res;
-	SW_PARAM sw_param;
-	SW_CONTEXT_HANDLE hac;
-	BIGNUM *rsa_p = NULL;
-	BIGNUM *rsa_q = NULL;
-	BIGNUM *rsa_dmp1 = NULL;
-	BIGNUM *rsa_dmq1 = NULL;
-	BIGNUM *rsa_iqmp = NULL;
-	BIGNUM *argument = NULL;
-	BIGNUM *result = NULL;
-	int to_return = 0; /* expect failure */
-	int acquired = 0;
- 
-	if(!get_context(&hac))
-		{
-		ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_GET_HANDLE_FAILED);
-		goto err;
-		}
-	acquired = 1;
-	/* Prepare the params */
-	rsa_p = BN_CTX_get(ctx);
-	rsa_q = BN_CTX_get(ctx);
-	rsa_dmp1 = BN_CTX_get(ctx);
-	rsa_dmq1 = BN_CTX_get(ctx);
-	rsa_iqmp = BN_CTX_get(ctx);
-	argument = BN_CTX_get(ctx);
-	result = BN_CTX_get(ctx);
-	if(!rsa_p || !rsa_q || !rsa_dmp1 || !rsa_dmq1 || !rsa_iqmp ||
-			!argument || !result)
-		{
-		ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_BN_CTX_FULL);
-		goto err;
-		}
-	if(!bn_wexpand(rsa_p, p->top) || !bn_wexpand(rsa_q, q->top) ||
-			!bn_wexpand(rsa_dmp1, dmp1->top) ||
-			!bn_wexpand(rsa_dmq1, dmq1->top) ||
-			!bn_wexpand(rsa_iqmp, iqmp->top) ||
-			!bn_wexpand(argument, a->top) ||
-			!bn_wexpand(result, p->top + q->top))
-		{
-		ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_BN_EXPAND_FAIL);
-		goto err;
-		}
-	sw_param.type = SW_ALG_CRT;
-	sw_param.up.crt.p.nbytes = BN_bn2bin(p, (unsigned char *)rsa_p->d);
-	sw_param.up.crt.p.value = (unsigned char *)rsa_p->d;
-	sw_param.up.crt.q.nbytes = BN_bn2bin(q, (unsigned char *)rsa_q->d);
-	sw_param.up.crt.q.value = (unsigned char *)rsa_q->d;
-	sw_param.up.crt.dmp1.nbytes = BN_bn2bin(dmp1,
-		(unsigned char *)rsa_dmp1->d);
-	sw_param.up.crt.dmp1.value = (unsigned char *)rsa_dmp1->d;
-	sw_param.up.crt.dmq1.nbytes = BN_bn2bin(dmq1,
-		(unsigned char *)rsa_dmq1->d);
-	sw_param.up.crt.dmq1.value = (unsigned char *)rsa_dmq1->d;
-	sw_param.up.crt.iqmp.nbytes = BN_bn2bin(iqmp,
-		(unsigned char *)rsa_iqmp->d);
-	sw_param.up.crt.iqmp.value = (unsigned char *)rsa_iqmp->d;
-	/* Attach the key params */
-	sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
-	switch(sw_status)
-		{
-	case SW_OK:
-		break;
-	case SW_ERR_INPUT_SIZE:
-		ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,
-			ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
-		goto err;
-	default:
-		{
-		char tmpbuf[20];
-		ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_REQUEST_FAILED);
-		sprintf(tmpbuf, "%ld", sw_status);
-		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
-		}
-		goto err;
-		}
-	/* Prepare the argument and response */
-	arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);
-	arg.value = (unsigned char *)argument->d;
-	res.nbytes = 2 * BN_num_bytes(p);
-	memset(result->d, 0, res.nbytes);
-	res.value = (unsigned char *)result->d;
-	/* Perform the operation */
-	if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP_CRT, &arg, 1,
-		&res, 1)) != SW_OK)
-		{
-		char tmpbuf[20];
-		ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_REQUEST_FAILED);
-		sprintf(tmpbuf, "%ld", sw_status);
-		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
-		goto err;
-		}
-	/* Convert the response */
-	BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
-	to_return = 1;
-err:
-	if(acquired)
-		release_context(hac);
-	if(rsa_p) ctx->tos--;
-	if(rsa_q) ctx->tos--;
-	if(rsa_dmp1) ctx->tos--;
-	if(rsa_dmq1) ctx->tos--;
-	if(rsa_iqmp) ctx->tos--;
-	if(argument) ctx->tos--;
-	if(result) ctx->tos--;
-	return to_return;
-	}
- 
-static int cswift_rsa_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
-	{
-	BN_CTX *ctx;
-	int to_return = 0;
-
-	if((ctx = BN_CTX_new()) == NULL)
-		goto err;
-	if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
-		{
-		ENGINEerr(ENGINE_F_CSWIFT_RSA_MOD_EXP,ENGINE_R_MISSING_KEY_COMPONENTS);
-		goto err;
-		}
-	to_return = cswift_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
-		rsa->dmq1, rsa->iqmp, ctx);
-err:
-	if(ctx)
-		BN_CTX_free(ctx);
-	return to_return;
-	}
-
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-static int cswift_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
-	{
-	return cswift_mod_exp(r, a, p, m, ctx);
-	}
-
-static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
-	{
-	SW_CONTEXT_HANDLE hac;
-	SW_PARAM sw_param;
-	SW_STATUS sw_status;
-	SW_LARGENUMBER arg, res;
-	unsigned char *ptr;
-	BN_CTX *ctx;
-	BIGNUM *dsa_p = NULL;
-	BIGNUM *dsa_q = NULL;
-	BIGNUM *dsa_g = NULL;
-	BIGNUM *dsa_key = NULL;
-	BIGNUM *result = NULL;
-	DSA_SIG *to_return = NULL;
-	int acquired = 0;
-
-	if((ctx = BN_CTX_new()) == NULL)
-		goto err;
-	if(!get_context(&hac))
-		{
-		ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_GET_HANDLE_FAILED);
-		goto err;
-		}
-	acquired = 1;
-	/* Prepare the params */
-	dsa_p = BN_CTX_get(ctx);
-	dsa_q = BN_CTX_get(ctx);
-	dsa_g = BN_CTX_get(ctx);
-	dsa_key = BN_CTX_get(ctx);
-	result = BN_CTX_get(ctx);
-	if(!dsa_p || !dsa_q || !dsa_g || !dsa_key || !result)
-		{
-		ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_BN_CTX_FULL);
-		goto err;
-		}
-	if(!bn_wexpand(dsa_p, dsa->p->top) ||
-			!bn_wexpand(dsa_q, dsa->q->top) ||
-			!bn_wexpand(dsa_g, dsa->g->top) ||
-			!bn_wexpand(dsa_key, dsa->priv_key->top) ||
-			!bn_wexpand(result, dsa->p->top))
-		{
-		ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_BN_EXPAND_FAIL);
-		goto err;
-		}
-	sw_param.type = SW_ALG_DSA;
-	sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p,
-				(unsigned char *)dsa_p->d);
-	sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;
-	sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q,
-				(unsigned char *)dsa_q->d);
-	sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;
-	sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g,
-				(unsigned char *)dsa_g->d);
-	sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;
-	sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->priv_key,
-				(unsigned char *)dsa_key->d);
-	sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;
-	/* Attach the key params */
-	sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
-	switch(sw_status)
-		{
-	case SW_OK:
-		break;
-	case SW_ERR_INPUT_SIZE:
-		ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,
-			ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
-		goto err;
-	default:
-		{
-		char tmpbuf[20];
-		ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_REQUEST_FAILED);
-		sprintf(tmpbuf, "%ld", sw_status);
-		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
-		}
-		goto err;
-		}
-	/* Prepare the argument and response */
-	arg.nbytes = dlen;
-	arg.value = (unsigned char *)dgst;
-	res.nbytes = BN_num_bytes(dsa->p);
-	memset(result->d, 0, res.nbytes);
-	res.value = (unsigned char *)result->d;
-	/* Perform the operation */
-	sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_SIGN, &arg, 1,
-		&res, 1);
-	if(sw_status != SW_OK)
-		{
-		char tmpbuf[20];
-		ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_REQUEST_FAILED);
-		sprintf(tmpbuf, "%ld", sw_status);
-		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
-		goto err;
-		}
-	/* Convert the response */
-	ptr = (unsigned char *)result->d;
-	if((to_return = DSA_SIG_new()) == NULL)
-		goto err;
-	to_return->r = BN_bin2bn((unsigned char *)result->d, 20, NULL);
-	to_return->s = BN_bin2bn((unsigned char *)result->d + 20, 20, NULL);
-
-err:
-	if(acquired)
-		release_context(hac);
-	if(dsa_p) ctx->tos--;
-	if(dsa_q) ctx->tos--;
-	if(dsa_g) ctx->tos--;
-	if(dsa_key) ctx->tos--;
-	if(result) ctx->tos--;
-	if(ctx)
-		BN_CTX_free(ctx);
-	return to_return;
-	}
-
-static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
-				DSA_SIG *sig, DSA *dsa)
-	{
-	SW_CONTEXT_HANDLE hac;
-	SW_PARAM sw_param;
-	SW_STATUS sw_status;
-	SW_LARGENUMBER arg[2], res;
-	unsigned long sig_result;
-	BN_CTX *ctx;
-	BIGNUM *dsa_p = NULL;
-	BIGNUM *dsa_q = NULL;
-	BIGNUM *dsa_g = NULL;
-	BIGNUM *dsa_key = NULL;
-	BIGNUM *argument = NULL;
-	int to_return = -1;
-	int acquired = 0;
-
-	if((ctx = BN_CTX_new()) == NULL)
-		goto err;
-	if(!get_context(&hac))
-		{
-		ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_GET_HANDLE_FAILED);
-		goto err;
-		}
-	acquired = 1;
-	/* Prepare the params */
-	dsa_p = BN_CTX_get(ctx);
-	dsa_q = BN_CTX_get(ctx);
-	dsa_g = BN_CTX_get(ctx);
-	dsa_key = BN_CTX_get(ctx);
-	argument = BN_CTX_get(ctx);
-	if(!dsa_p || !dsa_q || !dsa_g || !dsa_key || !argument)
-		{
-		ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_BN_CTX_FULL);
-		goto err;
-		}
-	if(!bn_wexpand(dsa_p, dsa->p->top) ||
-			!bn_wexpand(dsa_q, dsa->q->top) ||
-			!bn_wexpand(dsa_g, dsa->g->top) ||
-			!bn_wexpand(dsa_key, dsa->pub_key->top) ||
-			!bn_wexpand(argument, 40))
-		{
-		ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_BN_EXPAND_FAIL);
-		goto err;
-		}
-	sw_param.type = SW_ALG_DSA;
-	sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p,
-				(unsigned char *)dsa_p->d);
-	sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;
-	sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q,
-				(unsigned char *)dsa_q->d);
-	sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;
-	sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g,
-				(unsigned char *)dsa_g->d);
-	sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;
-	sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->pub_key,
-				(unsigned char *)dsa_key->d);
-	sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;
-	/* Attach the key params */
-	sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
-	switch(sw_status)
-		{
-	case SW_OK:
-		break;
-	case SW_ERR_INPUT_SIZE:
-		ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,
-			ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
-		goto err;
-	default:
-		{
-		char tmpbuf[20];
-		ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_REQUEST_FAILED);
-		sprintf(tmpbuf, "%ld", sw_status);
-		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
-		}
-		goto err;
-		}
-	/* Prepare the argument and response */
-	arg[0].nbytes = dgst_len;
-	arg[0].value = (unsigned char *)dgst;
-	arg[1].nbytes = 40;
-	arg[1].value = (unsigned char *)argument->d;
-	memset(arg[1].value, 0, 40);
-	BN_bn2bin(sig->r, arg[1].value + 20 - BN_num_bytes(sig->r));
-	BN_bn2bin(sig->s, arg[1].value + 40 - BN_num_bytes(sig->s));
-	res.nbytes = 4; /* unsigned long */
-	res.value = (unsigned char *)(&sig_result);
-	/* Perform the operation */
-	sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_VERIFY, arg, 2,
-		&res, 1);
-	if(sw_status != SW_OK)
-		{
-		char tmpbuf[20];
-		ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_REQUEST_FAILED);
-		sprintf(tmpbuf, "%ld", sw_status);
-		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
-		goto err;
-		}
-	/* Convert the response */
-	to_return = ((sig_result == 0) ? 0 : 1);
-
-err:
-	if(acquired)
-		release_context(hac);
-	if(dsa_p) ctx->tos--;
-	if(dsa_q) ctx->tos--;
-	if(dsa_g) ctx->tos--;
-	if(dsa_key) ctx->tos--;
-	if(argument) ctx->tos--;
-	if(ctx)
-		BN_CTX_free(ctx);
-	return to_return;
-	}
-
-/* This function is aliased to mod_exp (with the dh and mont dropped). */
-static int cswift_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
-	{
-	return cswift_mod_exp(r, a, p, m, ctx);
-	}
-
-#endif /* !NO_HW_CSWIFT */
-#endif /* !NO_HW */

crypto/engine/vendor_defns/atalla.h

@@ -1,61 +0,0 @@
-/* This header declares the necessary definitions for using the exponentiation
- * acceleration capabilities of Atalla cards. The only cryptographic operation
- * is performed by "ASI_RSAPrivateKeyOpFn" and this takes a structure that
- * defines an "RSA private key". However, it is really only performing a
- * regular mod_exp using the supplied modulus and exponent - no CRT form is
- * being used. Hence, it is a generic mod_exp function in disguise, and we use
- * it as such.
- *
- * Thanks to the people at Atalla for letting me know these definitions are
- * fine and that they can be reproduced here.
- *
- * Geoff.
- */
-
-typedef struct ItemStr
-	{
-	unsigned char *data;
-	int len;
-	} Item;
-
-typedef struct RSAPrivateKeyStr
-	{
-	void *reserved;
-	Item version;
-	Item modulus;
-	Item publicExponent;
-	Item privateExponent;
-	Item prime[2];
-	Item exponent[2];
-	Item coefficient;
-	} RSAPrivateKey;
-
-/* Predeclare the function pointer types that we dynamically load from the DSO.
- * These use the same names and form that Ben's original support code had (in
- * crypto/bn/bn_exp.c) unless of course I've inadvertently changed the style
- * somewhere along the way!
- */
-
-typedef int tfnASI_GetPerformanceStatistics(int reset_flag,
-					unsigned int *ret_buf);
-
-typedef int tfnASI_GetHardwareConfig(long card_num, unsigned int *ret_buf);
-
-typedef int tfnASI_RSAPrivateKeyOpFn(RSAPrivateKey * rsaKey,
-					unsigned char *output,
-					unsigned char *input,
-					unsigned int modulus_len);
-
-/* These are the static string constants for the DSO file name and the function
- * symbol names to bind to. Regrettably, the DSO name on *nix appears to be
- * "atasi.so" rather than something more consistent like "libatasi.so". At the
- * time of writing, I'm not sure what the file name on win32 is but clearly
- * native name translation is not possible (eg libatasi.so on *nix, and
- * atasi.dll on win32). For the purposes of testing, I have created a symbollic
- * link called "libatasi.so" so that we can use native name-translation - a
- * better solution will be needed. */
-static const char *ATALLA_LIBNAME = "atasi";
-static const char *ATALLA_F1 = "ASI_GetHardwareConfig";
-static const char *ATALLA_F2 = "ASI_RSAPrivateKeyOpFn";
-static const char *ATALLA_F3 = "ASI_GetPerformanceStatistics";
-