Time for release.

The tag will be OpenSSL-engine-0_9_6g.
Recent changes.
2002-08-09 11:49:15 +00:00 · 2002-08-09 09:23:29 +00:00 · 2002-08-09 08:16:11 +00:00 · 2002-08-08 22:46:22 +00:00 · 2002-08-08 21:44:13 +00:00 · 2002-08-08 20:11:31 +00:00
218 changed files with 14126 additions and 1736 deletions
--- a/77
+++ b/77
@@ -2,7 +2,82 @@
 OpenSSL CHANGES
 _______________
- Changes between 0.9.6c and 0.9.6d  [XX xxx XXXX]
+ Changes between 0.9.6f and 0.9.6g  [9 Aug 2002]
  *) [In 0.9.6g-engine release:]
     Fix crypto/engine/vendor_defns/cswift.h for WIN32 (use '_stdcall').
     [Lynn Gazis <lgazis@rainbow.com>]
 Changes between 0.9.6e and 0.9.6f  [8 Aug 2002]
  *) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
     and get fix the header length calculation.
     [Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>,
 	Alon Kantor <alonk@checkpoint.com> (and others),
 	Steve Henson]
  *) Use proper error handling instead of 'assertions' in buffer
     overflow checks added in 0.9.6e.  This prevents DoS (the
     assertions could call abort()).
     [Arne Ansper <arne@ats.cyber.ee>, Bodo Moeller]
 Changes between 0.9.6d and 0.9.6e  [30 Jul 2002]
  *) Fix cipher selection routines: ciphers without encryption had no flags
     for the cipher strength set and where therefore not handled correctly
     by the selection routines (PR #130).
     [Lutz Jaenicke]
  *) Fix EVP_dsa_sha macro.
     [Nils Larsch]
  *) New option
          SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
     for disabling the SSL 3.0/TLS 1.0 CBC vulnerability countermeasure
     that was added in OpenSSL 0.9.6d.
     As the countermeasure turned out to be incompatible with some
     broken SSL implementations, the new option is part of SSL_OP_ALL.
     SSL_OP_ALL is usually employed when compatibility with weird SSL
     implementations is desired (e.g. '-bugs' option to 's_client' and
     's_server'), so the new option is automatically set in many
     applications.
     [Bodo Moeller]
  *) Changes in security patch:
     Changes marked "(CHATS)" were sponsored by the Defense Advanced
     Research Projects Agency (DARPA) and Air Force Research Laboratory,
     Air Force Materiel Command, USAF, under agreement number
     F30602-01-2-0537.
  *) Add various sanity checks to asn1_get_length() to reject
     the ASN1 length bytes if they exceed sizeof(long), will appear
     negative or the content length exceeds the length of the
     supplied buffer.
     [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
  *) Assertions for various potential buffer overflows, not known to
     happen in practice.
     [Ben Laurie (CHATS)]
  *) Various temporary buffers to hold ASCII versions of integers were
     too small for 64 bit platforms. (CAN-2002-0655)
     [Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)>
  *) Remote buffer overflow in SSL3 protocol - an attacker could
     supply an oversized session ID to a client. (CAN-2002-0656)
     [Ben Laurie (CHATS)]
  *) Remote buffer overflow in SSL2 protocol - an attacker could
     supply an oversized client master key. (CAN-2002-0656)
     [Ben Laurie (CHATS)]
 Changes between 0.9.6c and 0.9.6d  [9 May 2002]
  *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not
     encoded as NULL) with id-dsa-with-sha1.
     [Nils Larsch <nla@trustcenter.de>; problem pointed out by Bodo Moeller]
  *) Check various X509_...() return values in apps/req.c.
     [Nils Larsch <nla@trustcenter.de>]
--- a/57
+++ b/57
@@ -10,7 +10,7 @@ use strict;
 # see INSTALL for instructions.
-my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [rsaref] [no-threads] [no-asm] [no-dso] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--test-sanity] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [rsaref] [no-threads] [no-asm] [no-dso] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--test-sanity] os/compiler[:flags]\n";
 # Options:
 #
@@ -23,6 +23,12 @@ my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-
 #               default).  This needn't be set in advance, you can
 #               just as well use "make INSTALL_PREFIX=/whatever install".
 #
 # no-hw-xxx     do not compile support for specific crypto hardware.
 #               Generic OpenSSL-style methods relating to this support
 #               are always compiled but return NULL if the hardware
 #               support isn't compiled.
 # no-hw         do not compile support for any crypto hardware.
 #
 # --test-sanity Make a number of sanity checks on the data in this file.
 #               This is a debugging tool for OpenSSL developers.
 #
@@ -31,6 +37,10 @@ my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-
 #               multithreaded applications (default is "threads" if we
 #               know how to do it)
 # [no-]shared	[don't] try to create shared libraries when supported.
 #               IT IS NOT RECOMMENDED TO USE "shared"!  Since this is a
 #               development branch, the positions of the ENGINE symbols
 #               in the transfer vector are constantly moving, so binary
 #               backward compatibility can't be guaranteed in any way.
 # no-asm        do not use assembler
 # no-dso        do not compile in any native shared-library methods. This
 #               will ensure that all methods just return NULL.
@@ -144,6 +154,7 @@ my %table=(
 "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "solaris64-sparcv9-gcc31","gcc:-mcpu=ultrasparc -m64 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8
 # but keep the assembler modules.
 "solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -169,10 +180,10 @@ my %table=(
 "linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
 # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
 # assisted with debugging of following two configs.
-"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o::::",
+"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # it's a real mess with -mcpu=ultrasparc option under Linux, but
 # -Wa,-Av8plus should do the trick no matter what.
-"linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # !!!Folowing can't be even tested yet!!!
 #    We have to wait till 64-bit glibc for SPARC is operational!!!
 #"linux64-sparcv9","sparc64-linux-gcc:-m64 -mcpu=v9 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::asm/md5-sparcv9.o:",
@@ -228,6 +239,7 @@ my %table=(
 "hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "hpux64-parisc-gcc","gcc:-DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # More attempts at unified 10.X and 11.X targets for HP C compiler.
 #
@@ -335,15 +347,15 @@ my %table=(
 # The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
 # bn86-elf.o file file since it is hand tweaked assembler.
 "linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
 "linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
 "linux-mipsel",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
 "linux-mips",   "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
 "linux-ppc",	"gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-m68k",   "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
-"linux-s390",	"gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
+"linux-s390",	"gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR),\$(SHLIB_MINOR)",
-"linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::SIXTY_FOUR_BIT_LONG:::::::::::linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-ia64",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -435,7 +447,7 @@ my %table=(
 "sco5-cc-pentium",  "cc:-Kpentium::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
 "sco5-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown):-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
 "sco5-cc-shared","cc:-belf:::-lsocket -lresolv -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr3-shared:-Kpic",
-"sco5-gcc-shared","gcc:-O3 -DFILIO_H -fomit-frame-pointer:::-lsocket -lresolv -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-fPIC",
+"sco5-gcc-shared","gcc:-O3 -fomit-frame-pointer:::-lsocket -lresolv -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:svr3-shared:-fPIC", # the SCO assembler doesn't seem to like our assembler files ...
 # Sinix/ReliantUNIX RM400
 # NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g  */
@@ -470,6 +482,9 @@ my %table=(
 # and its library files in util/pl/*)
 "Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
 # UWIN 
 "UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
 # Cygwin
 "Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
 "Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32:cygwin-shared:::.dll",
@@ -488,7 +503,7 @@ my %table=(
 ##### MacOS X (a.k.a. Rhapsody or Darwin) setup
 "rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
-"darwin-ppc-cc","cc:-O3 -D_DARWIN -DB_ENDIAN::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin-ppc-cc","cc:-O3 -D_DARWIN -DB_ENDIAN -fno-common::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 ##### Sony NEWS-OS 4.x
 "newsos4-gcc","gcc:-O -DB_ENDIAN -DNEWS4::(unknown):-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::",
@@ -606,6 +621,18 @@ PROCESS_ARGS:
 			$flags .= "-DNO_ASM ";
 			$openssl_other_defines .= "#define NO_ASM\n";
 			}
 		elsif (/^no-hw-(.+)$/)
 			{
 			my $hw=$1;
 			$hw =~ tr/[a-z]/[A-Z]/;
 			$flags .= "-DNO_HW_$hw ";
 			$openssl_other_defines .= "#define NO_HW_$hw\n";
 			}
 		elsif (/^no-hw$/)
 			{
 			$flags .= "-DNO_HW ";
 			$openssl_other_defines .= "#define NO_HW\n";
 			}
 		elsif (/^no-dso$/)
 			{ $no_dso=1; }
 		elsif (/^no-threads$/)
@@ -899,6 +926,10 @@ if ($rmd160_obj =~ /\.o$/)
 	$cflags.=" -DRMD160_ASM";
 	}
 # "Stringify" the C flags string.  This permits it to be made part of a string
 # and works as well on command lines.
 $cflags =~ s/([\\\"])/\\\1/g;
 my $version = "unknown";
 my $major = "unknown";
 my $minor = "unknown";
@@ -981,13 +1012,21 @@ while (<IN>)
 	if ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*$/)
 		{
 		my $sotmp = $1;
-		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/
+		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/;
 		}
 	elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.dylib$/)
 		{
 		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.dylib/;
 		}
 	elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
 		{
 		my $sotmp = $1;
 		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
 		}
 	elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
 		{
 		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.\$(SHLIB_MAJOR).dylib .dylib/;
 		}
 	s/^SHARED_LDFLAGS=.*/SHARED_LDFLAGS=$shared_ldflag/;
 	print OUT $_."\n";
 	}
--- a/57
+++ b/57
@@ -38,6 +38,8 @@ OpenSSL  -  Frequently Asked Questions
 * Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
 * Why does the OpenSSL compilation fail with "ar: command not found"?
 * Why does the OpenSSL compilation fail on Win32 with VC++?
 * What is special about OpenSSL on Redhat?
 * Why does the OpenSSL test suite fail on MacOS X?
 [PROG] Questions about programming with OpenSSL
@@ -59,7 +61,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.6c was released on December 21st, 2001.
+OpenSSL 0.9.6g was released on 9 August 2002.
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
@@ -215,8 +217,11 @@ For Solaris 2.6, Tim Nibbe <tnibbe@sprint.net> and others have suggested
 installing the SUNski package from Sun patch 105710-01 (Sparc) which
 adds a /dev/random device and make sure it gets used, usually through
 $RANDFILE.  There are probably similar patches for the other Solaris
-versions.  However, be warned that /dev/random is usually a blocking
+versions.  An official statement from Sun with respect to /dev/random
-device, which may have some effects on OpenSSL.
+support can be found at
  http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski
 However, be warned that /dev/random is usually a blocking device, which
 may have some effects on OpenSSL.
 * Why do I get an "unable to write 'random state'" error message?
@@ -451,6 +456,52 @@ under 'Program Files').  This needs to be done prior to running NMAKE,
 and the changes are only valid for the current DOS session.
 * What is special about OpenSSL on Redhat?
 Red Hat Linux (release 7.0 and later) include a preinstalled limited
 version of OpenSSL. For patent reasons, support for IDEA, RC5 and MDC2
 is disabled in this version. The same may apply to other Linux distributions.
 Users may therefore wish to install more or all of the features left out.
 To do this you MUST ensure that you do not overwrite the openssl that is in
 /usr/bin on your Red Hat machine. Several packages depend on this file,
 including sendmail and ssh. /usr/local/bin is a good alternative choice. The
 libraries that come with Red Hat 7.0 onwards have different names and so are
 not affected. (eg For Red Hat 7.2 they are /lib/libssl.so.0.9.6b and
 /lib/libcrypto.so.0.9.6b with symlinks /lib/libssl.so.2 and
 /lib/libcrypto.so.2 respectively).
 Please note that we have been advised by Red Hat attempting to recompile the
 openssl rpm with all the cryptography enabled will not work. All other
 packages depend on the original Red Hat supplied openssl package. It is also
 worth noting that due to the way Red Hat supplies its packages, updates to
 openssl on each distribution never change the package version, only the
 build number. For example, on Red Hat 7.1, the latest openssl package has
 version number 0.9.6 and build number 9 even though it contains all the
 relevant updates in packages up to and including 0.9.6b.
 A possible way around this is to persuade Red Hat to produce a non-US
 version of Red Hat Linux.
 FYI: Patent numbers and expiry dates of US patents:
 MDC-2: 4,908,861 13/03/2007
 IDEA:  5,214,703 25/05/2010
 RC5:   5,724,428 03/03/2015
 * Why does the OpenSSL test suite fail on MacOS X?
 If the failure happens when running 'make test' and the RC4 test fails,
 it's very probable that you have OpenSSL 0.9.6b delivered with the
 operating system (you can find out by running '/usr/bin/openssl version')
 and that you were trying to build OpenSSL 0.9.6d.  The problem is that
 the loader ('ld') in MacOS X has a misfeature that's quite difficult to
 go around and has linked the programs "openssl" and the test programs
 with /usr/lib/libcrypto.dylib and /usr/lib/libssl.dylib instead of the
 libraries you just built.
 Look in the file PROBLEMS for a more detailed explanation and for possible
 solutions.
 [PROG] ========================================================================
 * Is OpenSSL thread-safe?
--- a/15
+++ b/15
@@ -57,7 +57,10 @@
  shared        In addition to the usual static libraries, create shared
                libraries on platforms where it's supported.  See "Note on
-                shared libraries" below.
+                shared libraries" below.  THIS IS NOT RECOMMENDED!  Since
                this is a development branch, the positions of the ENGINE
                symbols in the transfer vector are constantly moving, so
                binary backward compatibility can't be guaranteed in any way.
  no-asm        Do not use assembler code.
@@ -128,8 +131,11 @@
     the failure that aren't problems in OpenSSL itself (like missing
     standard headers).  If it is a problem with OpenSSL itself, please
     report the problem to <openssl-bugs@openssl.org> (note that your
-     message will be forwarded to a public mailing list).  Include the
+     message will be recorded in the request tracker publicly readable
-     output of "make report" in your message.
+     via http://www.openssl.org/rt2.html and will be forwarded to a public
     mailing list). Include the output of "make report" in your message.
     Please check out the request tracker. Maybe the bug was already
     reported or has already been fixed.
     [If you encounter assembler error messages, try the "no-asm"
     configuration option as an immediate fix.]
@@ -147,7 +153,8 @@
     try removing any compiler optimization flags from the CFLAGS line
     in Makefile.ssl and run "make clean; make". Please send a bug
     report to <openssl-bugs@openssl.org>, including the output of
-     "make report".
+     "make report" in order to be added to the request tracker at
     http://www.openssl.org/rt2.html.
  4. If everything tests ok, install OpenSSL with
--- a/INSTALL.W32
+++ b/INSTALL.W32
@@ -94,6 +94,18 @@
 You can also build a static version of the library using the Makefile
 ms\nt.mak
 Borland C++ builder 5
 ---------------------
 * Configure for building with Borland Builder:
   > perl Configure BC-32
 * Create the appropriate makefile
   > ms\do_nasm
 * Build
   > make -f ms\bcb.mak
 Borland C++ builder 3 and 4
 ---------------------------
--- a/Makefile.org
+++ b/Makefile.org
@@ -162,7 +162,7 @@ SHLIBDIRS= crypto ssl
 SDIRS=  \
 	md2 md4 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
-	bn rsa dsa dh dso \
+	bn rsa dsa dh dso engine \
 	buffer bio stack lhash rand err objects \
 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
@@ -247,7 +247,8 @@ link-shared:
 		for i in $(SHLIBDIRS); do \
 			prev=lib$$i$(SHLIB_EXT); \
 			for j in $${tmp:-x}; do \
-				( set -x; ln -f -s $$prev lib$$i$$j ); \
+				( set -x; \
 				rm -f lib$$i$$j; ln -s $$prev lib$$i$$j ); \
 				prev=lib$$i$$j; \
 			done; \
 		done; \
@@ -420,6 +421,7 @@ do_hpux-shared:
 		-b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		-Fl lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
 	chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} ; \
 	libs="$$libs -L. -l$$i"; \
 	done
@@ -430,6 +432,7 @@ do_hpux64-shared:
 		-b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		+forceload lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
 	chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} ; \
 	libs="$$libs -L. -l$$i"; \
 	done
@@ -545,7 +548,7 @@ test:   tests
 tests: rehash
 	@(cd test && echo "testing..." && \
-	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' EXE_EXT='${EXE_EXT}' tests );
+	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' OPENSSL_DEBUG_MEMORY=on tests );
 	@apps/openssl version -a
 report:
@@ -556,7 +559,7 @@ depend:
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making dependencies $$i..." && \
-		$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' depend ) || exit 1; \
+		$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' PERL='${PERL}' depend ) || exit 1; \
 	fi; \
 	done;
@@ -601,20 +604,26 @@ TABLE: Configure
 update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE
 # Build distribution tar-file. As the list of files returned by "find" is
 # pretty long, on several platforms a "too many arguments" error or similar
 # would occur. Therefore the list of files is temporarily stored into a file
 # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
 # tar does not support the --files-from option.
 tar:
-	@$(TAR) $(TARFLAGS) -cvf - \
+	find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
-		`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort` |\
+	$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
 	tardy --user_number=0  --user_name=openssl \
 	      --group_number=0 --group_name=openssl \
 	      --prefix=openssl-$(VERSION) - |\
 	gzip --best >../$(TARFILE).gz; \
 	rm -f ../$(TARFILE).list; \
 	ls -l ../$(TARFILE).gz
 dist:   
 	$(PERL) Configure dist
 	@$(MAKE) dist_pem_h
 	@$(MAKE) SDIRS='${SDIRS}' clean
-	@$(MAKE) tar
+	@$(MAKE) TAR='${TAR}' TARFLAGS='${TARFLAGS}' tar
 dist_pem_h:
 	(cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
@@ -646,7 +655,7 @@ install: all install_docs
 			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
 			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
 			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
-		fi \
+		fi; \
 	done
 	@if [ -n "$(SHARED_LIBS)" ]; then \
 		tmp="$(SHARED_LIBS)"; \
@@ -656,7 +665,7 @@ install: all install_docs
 			(       echo installing $$i; \
 				if [ "$(PLATFORM)" != "Cygwin" ]; then \
 					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
-					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
 				else \
 					c=`echo $$i | sed 's/^lib/cyg/'`; \
 					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
@@ -664,11 +673,12 @@ install: all install_docs
 					cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
 					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
 				fi ); \
-			fi \
+			fi; \
 		done; \
 		(	here="`pwd`"; \
 			cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
-			make -f $$here/Makefile link-shared ); \
+			set $(MAKE); \
 			$$1 -f $$here/Makefile link-shared ); \
 	fi
 install_docs:
@@ -677,22 +687,25 @@ install_docs:
 		$(INSTALL_PREFIX)$(MANDIR)/man3 \
 		$(INSTALL_PREFIX)$(MANDIR)/man5 \
 		$(INSTALL_PREFIX)$(MANDIR)/man7
-	@for i in doc/apps/*.pod; do \
+	@pod2man=`cd util; ./pod2mantest ignore`; \
 	for i in doc/apps/*.pod; do \
 		fn=`basename $$i .pod`; \
 		if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
 		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
-		(cd `dirname $$i`; \
+		(cd `$(PERL) util/dirname.pl $$i`; \
-		$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
+		sh -c "$(PERL) $$pod2man \
-			 --release=$(VERSION) `basename $$i`) \
+			--section=$$sec --center=OpenSSL \
 			--release=$(VERSION) `basename $$i`") \
 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
-	done
+	done; \
-	@for i in doc/crypto/*.pod doc/ssl/*.pod; do \
+	for i in doc/crypto/*.pod doc/ssl/*.pod; do \
 		fn=`basename $$i .pod`; \
 		if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
 		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
-		(cd `dirname $$i`; \
+		(cd `$(PERL) util/dirname.pl $$i`; \
-		$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
+		sh -c "$(PERL) $$pod2man \
-			--release=$(VERSION) `basename $$i`) \
+			--section=$$sec --center=OpenSSL \
 			--release=$(VERSION) `basename $$i`") \
 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
 	done
--- a/21
+++ b/21
@@ -5,12 +5,25 @@
  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.
-  Changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d:
+  Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g:
      o Important building fixes on Unix.
  Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f:
      o Various important bugfixes.
  Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e:
      o Important security related bugfixes.
      o Various SSL/TLS library bugfixes.
  Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d:
      o Various SSL/TLS library bugfixes.
      o Fix DH parameter generation for 'non-standard' generators.
-  Changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c:
+  Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c:
      o Various SSL/TLS library bugfixes.
      o BIGNUM library fixes.
@@ -23,7 +36,7 @@
        Broadcom and Cryptographic Appliance's keyserver
        [in 0.9.6c-engine release].
-  Changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b:
+  Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b:
      o Security fix: PRNG improvements.
      o Security fix: RSA OAEP check.
@@ -56,7 +69,7 @@
      o Bug fixes for Win32, HP/UX and Irix.
      o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and
        memory checking routines.
-      o Bug fixes for RSA operations in threaded enviroments.
+      o Bug fixes for RSA operations in threaded environments.
      o Bug fixes in misc. openssl applications.
      o Remove a few potential memory leaks.
      o Add tighter checks of BIGNUM routines.
--- a/42
+++ b/42
@@ -0,0 +1,42 @@
 * System libcrypto.dylib and libssl.dylib are used by system ld on MacOS X.
 [NOTE: This is currently undergoing tests, and may be removed soon]
 This is really a misfeature in ld, which seems to look for .dylib libraries
 along the whole library path before it bothers looking for .a libraries.  This
 means that -L switches won't matter unless OpenSSL is built with shared
 library support.
 The workaround may be to change the following lines in apps/Makefile.ssl and
 test/Makefile.ssl:
  LIBCRYPTO=-L.. -lcrypto
  LIBSSL=-L.. -lssl
 to:
  LIBCRYPTO=../libcrypto.a
  LIBSSL=../libssl.a
 It's possible that something similar is needed for shared library support
 as well.  That hasn't been well tested yet.
 Another solution that many seem to recommend is to move the libraries
 /usr/lib/libcrypto.0.9.dylib, /usr/lib/libssl.0.9.dylib to a different
 directory, build and install OpenSSL and anything that depends on your
 build, then move libcrypto.0.9.dylib and libssl.0.9.dylib back to their
 original places.  Note that the version numbers on those two libraries
 may differ on your machine.
 As long as Apple doesn't fix the problem with ld, this problem building
 OpenSSL will remain as is.
 * Parallell make leads to errors
 While running tests, running a parallell make is a bad idea.  Many test
 scripts use the same name for output and input files, which means different
 will interfere with each other and lead to test failure.
 The solution is simple for now: don't run parallell make when testing.
--- a/19
+++ b/19
@@ -1,5 +1,5 @@
- OpenSSL 0.9.6d-beta1 17 Apr 2002
+ OpenSSL 0.9.6g [engine] 9 August 2002
 Copyright (c) 1998-2002 The OpenSSL Project
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
@@ -122,6 +122,13 @@
 lists the functions; you will probably have to look at the code to work out
 how to use them. Look at the example programs.
 PROBLEMS
 --------
 For some platforms, there are some known problems that may affect the user
 or application author.  We try to collect those in doc/PROBLEMS, with current
 thoughts on how they should be solved in a future of OpenSSL.
 SUPPORT 
 -------
@@ -146,11 +153,13 @@
    - Problem Description (steps that will reproduce the problem, if known)
    - Stack Traceback (if the application dumps core)
- Report the bug to the OpenSSL project at:
+ Report the bug to the OpenSSL project via the Request Tracker
 (http://www.openssl.org/rt2.html) by mail to:
    openssl-bugs@openssl.org
- Note that mail to openssl-bugs@openssl.org is forwarded to a public
+ Note that mail to openssl-bugs@openssl.org is recorded in the publicly
 readable request tracker database and is forwarded to a public
 mailing list. Confidential mail may be sent to openssl-security@openssl.org
 (PGP key available from the key servers).
@@ -164,7 +173,9 @@
 textual explanation of what your patch does.
 Note: For legal reasons, contributions from the US can be accepted only
- if a copy of the patch is sent to crypt@bxa.doc.gov
+ if a TSA notification and a copy of the patch is sent to crypt@bis.doc.gov;
 see http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic]
 and http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e)).
 The preferred format for changes is "diff -u" output. You might
 generate it like this:
--- a/7
+++ b/7
@@ -1,11 +1,14 @@
  OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2002/04/17 12:28:37 $
+  ______________                           $Date: 2002/08/09 11:49:13 $
  DEVELOPMENT STATE
    o  OpenSSL 0.9.7:  Under development...
-    o  OpenSSL 0.9.6d: Feature freeze, beta1 April 17th, 2002
+    o  OpenSSL 0.9.6g: Released on August     9th, 2002
    o  OpenSSL 0.9.6f: Released on August     8th, 2002
    o  OpenSSL 0.9.6e: Released on July      30th, 2002
    o  OpenSSL 0.9.6d: Released on May        9th, 2002
    o  OpenSSL 0.9.6c: Released on December  21st, 2001
    o  OpenSSL 0.9.6b: Released on July       9th, 2001
    o  OpenSSL 0.9.6a: Released on April      5th, 2001
--- a/131
+++ b/131
@@ -621,6 +621,29 @@ $shared_ldflag =
 $shared_extension = 
 $ranlib       = 
 *** UWIN
 $cc           = cc
 $cflags       = -DTERMIOS -DL_ENDIAN -O -Wall
 $unistd       = 
 $thread_cflag = 
 $lflags       = 
 $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
 $bn_obj       = 
 $des_obj      = 
 $bf_obj       = 
 $md5_obj      = 
 $sha1_obj     = 
 $cast_obj     = 
 $rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = win32
 $shared_target= 
 $shared_cflag = 
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
 *** VC-MSDOS
 $cc           = cl
 $cflags       = 
@@ -1083,7 +1106,7 @@ $ranlib       =
 *** darwin-ppc-cc
 $cc           = cc
-$cflags       = -O3 -D_DARWIN -DB_ENDIAN
+$cflags       = -O3 -D_DARWIN -DB_ENDIAN -fno-common
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $lflags       = 
@@ -1100,8 +1123,8 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= darwin-shared
 $shared_cflag = -fPIC
-$shared_ldflag = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib
+$shared_ldflag = 
-$shared_extension = 
+$shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib
 $ranlib       = 
 *** debug
@@ -1261,8 +1284,8 @@ $rc5_obj      = asm/r586-elf.o
 $dso_scheme   = dlfcn
 $shared_target= linux-shared
 $shared_cflag = -fPIC
-$shared_ldflag = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$shared_ldflag = 
-$shared_extension = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 *** debug-linux-elf-noefence
@@ -1909,6 +1932,29 @@ $shared_ldflag =
 $shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 *** hpux64-parisc-gcc
 $cc           = gcc
 $cflags       = -DB_ENDIAN -DMD32_XARRAY
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $lflags       = -ldl
 $bn_ops       = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
 $bn_obj       = 
 $des_obj      = 
 $bf_obj       = 
 $md5_obj      = 
 $sha1_obj     = 
 $cast_obj     = 
 $rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
 $shared_target= hpux64-shared
 $shared_cflag = -fpic
 $shared_ldflag = 
 $shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 *** hpux64-parisc2-cc
 $cc           = cc
 $cflags       = +DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY
@@ -2371,10 +2417,10 @@ $ranlib       =
 *** linux-s390
 $cc           = gcc
-$cflags       = -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
+$cflags       = -DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
-$lflags       = 
+$lflags       = -ldl
 $bn_ops       = BN_LLONG
 $bn_obj       = 
 $des_obj      = 
@@ -2385,11 +2431,11 @@ $cast_obj     =
 $rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
-$dso_scheme   = 
+$dso_scheme   = dlfcn
-$shared_target= 
+$shared_target= linux-shared
-$shared_cflag = 
+$shared_cflag = -fPIC
 $shared_ldflag = 
-$shared_extension = 
+$shared_extension = .so.$(SHLIB_MAJOR),$(SHLIB_MINOR)
 $ranlib       = 
 *** linux-s390x
@@ -2397,7 +2443,7 @@ $cc           = gcc
 $cflags       = -DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
-$lflags       = 
+$lflags       = -ldl
 $bn_ops       = SIXTY_FOUR_BIT_LONG
 $bn_obj       = 
 $des_obj      = 
@@ -2408,7 +2454,7 @@ $cast_obj     =
 $rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
-$dso_scheme   = 
+$dso_scheme   = dlfcn
 $shared_target= linux-shared
 $shared_cflag = -fPIC
 $shared_ldflag = 
@@ -2443,7 +2489,7 @@ $cc           = gcc
 $cflags       = -mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W
 $unistd       = 
 $thread_cflag = -D_REENTRANT
-$lflags       = 
+$lflags       = -ldl
 $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
 $bn_obj       = asm/sparcv8.o
 $des_obj      = 
@@ -2454,11 +2500,11 @@ $cast_obj     =
 $rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
-$dso_scheme   = 
+$dso_scheme   = dlfcn
-$shared_target= 
+$shared_target= linux-shared
-$shared_cflag = 
+$shared_cflag = -fPIC
 $shared_ldflag = 
-$shared_extension = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 *** linux-sparcv9
@@ -2466,7 +2512,7 @@ $cc           = gcc
 $cflags       = -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W
 $unistd       = 
 $thread_cflag = -D_REENTRANT
-$lflags       = 
+$lflags       = -ldl
 $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
 $bn_obj       = asm/sparcv8plus.o
 $des_obj      = 
@@ -2480,8 +2526,8 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= linux-shared
 $shared_cflag = -fPIC
-$shared_ldflag = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$shared_ldflag = 
-$shared_extension = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 *** ncr-scde
@@ -2785,20 +2831,20 @@ $ranlib       =
 *** sco5-gcc-shared
 $cc           = gcc
-$cflags       = -O3 -DFILIO_H -fomit-frame-pointer
+$cflags       = -O3 -fomit-frame-pointer
 $unistd       = 
 $thread_cflag = 
 $lflags       = -lsocket -lresolv -lnsl
 $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$bn_obj       = 
-$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$des_obj      = 
-$bf_obj       = asm/bx86-elf.o
+$bf_obj       = 
-$md5_obj      = asm/mx86-elf.o
+$md5_obj      = 
-$sha1_obj     = asm/sx86-elf.o
+$sha1_obj     = 
-$cast_obj     = asm/cx86-elf.o
+$cast_obj     = 
-$rc4_obj      = asm/rx86-elf.o
+$rc4_obj      = 
-$rmd160_obj   = asm/rm86-elf.o
+$rmd160_obj   = 
-$rc5_obj      = asm/r586-elf.o
+$rc5_obj      = 
 $dso_scheme   = dlfcn
 $shared_target= svr3-shared
 $shared_cflag = -fPIC
@@ -3059,6 +3105,29 @@ $shared_ldflag = -xarch=v9
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = /usr/ccs/bin/ar rs
 *** solaris64-sparcv9-gcc31
 $cc           = gcc
 $cflags       = -mcpu=ultrasparc -m64 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DULTRASPARC
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $lflags       = -lsocket -lnsl -ldl
 $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR
 $bn_obj       = 
 $des_obj      = 
 $bf_obj       = 
 $md5_obj      = asm/md5-sparcv9.o
 $sha1_obj     = 
 $cast_obj     = 
 $rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
 $shared_target= solaris-shared
 $shared_cflag = -fPIC
 $shared_ldflag = -m64
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 *** sunos-gcc
 $cc           = gcc
 $cflags       = -O3 -mv8 -Dssize_t=int
--- a/apps/Makefile.ssl
+++ b/apps/Makefile.ssl
@@ -13,7 +13,7 @@ OPENSSLDIR=	/usr/local/ssl
 MAKE=		make -f Makefile.ssl
 MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=	Makefile.ssl
-PERL=/usr/local/bin/perl
+PERL=		perl
 RM=		rm -f
 PEX_LIBS=
@@ -128,10 +128,10 @@ clean:
 	rm -f req
 $(DLIBSSL):
-	(cd ../ssl; $(MAKE))
+	(cd ../ssl; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}')
 $(DLIBCRYPTO):
-	(cd ../crypto; $(MAKE))
+	(cd ../crypto; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}')
 $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
 	$(RM) $(PROGRAM)
@@ -209,14 +209,15 @@ ca.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 ca.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h
 ca.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-ca.o: ../include/openssl/err.h ../include/openssl/evp.h
+ca.o: ../include/openssl/engine.h ../include/openssl/err.h
-ca.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+ca.o: ../include/openssl/evp.h ../include/openssl/idea.h
-ca.o: ../include/openssl/md2.h ../include/openssl/md4.h
+ca.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-ca.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ca.o: ../include/openssl/md4.h ../include/openssl/md5.h
-ca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ca.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ca.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ca.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-ca.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+ca.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 ca.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 ca.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 ca.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 ca.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -292,14 +293,15 @@ dgst.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 dgst.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 dgst.o: ../include/openssl/des.h ../include/openssl/dh.h
 dgst.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-dgst.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+dgst.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-dgst.o: ../include/openssl/evp.h ../include/openssl/idea.h
+dgst.o: ../include/openssl/err.h ../include/openssl/evp.h
-dgst.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+dgst.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-dgst.o: ../include/openssl/md4.h ../include/openssl/md5.h
+dgst.o: ../include/openssl/md2.h ../include/openssl/md4.h
-dgst.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+dgst.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-dgst.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dgst.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-dgst.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+dgst.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dgst.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 dgst.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 dgst.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 dgst.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 dgst.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -312,14 +314,15 @@ dh.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 dh.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h
 dh.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-dh.o: ../include/openssl/err.h ../include/openssl/evp.h
+dh.o: ../include/openssl/engine.h ../include/openssl/err.h
-dh.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+dh.o: ../include/openssl/evp.h ../include/openssl/idea.h
-dh.o: ../include/openssl/md2.h ../include/openssl/md4.h
+dh.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-dh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+dh.o: ../include/openssl/md4.h ../include/openssl/md5.h
-dh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+dh.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-dh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-dh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+dh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-dh.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 dh.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 dh.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 dh.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 dh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -331,14 +334,15 @@ dsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 dsa.o: ../include/openssl/des.h ../include/openssl/dh.h
 dsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-dsa.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+dsa.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-dsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
+dsa.o: ../include/openssl/err.h ../include/openssl/evp.h
-dsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+dsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-dsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
+dsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
-dsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+dsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-dsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-dsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+dsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 dsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 dsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 dsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 dsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -371,20 +375,21 @@ enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 enc.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 enc.o: ../include/openssl/des.h ../include/openssl/dh.h
 enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-enc.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+enc.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-enc.o: ../include/openssl/evp.h ../include/openssl/idea.h
+enc.o: ../include/openssl/err.h ../include/openssl/evp.h
-enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+enc.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-enc.o: ../include/openssl/md4.h ../include/openssl/md5.h
+enc.o: ../include/openssl/md2.h ../include/openssl/md4.h
-enc.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-enc.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+enc.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+enc.o: ../include/openssl/sha.h ../include/openssl/stack.h
-enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+enc.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
 enc.o: ../include/openssl/x509_vfy.h apps.h
 errstr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 errstr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 errstr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -414,34 +419,36 @@ gendh.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 gendh.o: ../include/openssl/des.h ../include/openssl/dh.h
 gendh.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-gendh.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+gendh.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-gendh.o: ../include/openssl/evp.h ../include/openssl/idea.h
+gendh.o: ../include/openssl/err.h ../include/openssl/evp.h
-gendh.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+gendh.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-gendh.o: ../include/openssl/md4.h ../include/openssl/md5.h
+gendh.o: ../include/openssl/md2.h ../include/openssl/md4.h
-gendh.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+gendh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-gendh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+gendh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-gendh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+gendh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+gendh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-gendh.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+gendh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-gendh.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+gendh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-gendh.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+gendh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+gendh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-gendh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+gendh.o: ../include/openssl/sha.h ../include/openssl/stack.h
-gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+gendh.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
 gendh.o: ../include/openssl/x509_vfy.h apps.h
 gendsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 gendsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 gendsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 gendsa.o: ../include/openssl/des.h ../include/openssl/dh.h
 gendsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-gendsa.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+gendsa.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-gendsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
+gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h
-gendsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+gendsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-gendsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
+gendsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
-gendsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+gendsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-gendsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+gendsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-gendsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+gendsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+gendsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 gendsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 gendsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 gendsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 gendsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -454,14 +461,15 @@ genrsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 genrsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 genrsa.o: ../include/openssl/des.h ../include/openssl/dh.h
 genrsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-genrsa.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+genrsa.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-genrsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
+genrsa.o: ../include/openssl/err.h ../include/openssl/evp.h
-genrsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+genrsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-genrsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
+genrsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
-genrsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+genrsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-genrsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+genrsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-genrsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+genrsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+genrsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 genrsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 genrsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 genrsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 genrsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -536,15 +544,16 @@ pkcs12.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 pkcs12.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 pkcs12.o: ../include/openssl/des.h ../include/openssl/dh.h
 pkcs12.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-pkcs12.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+pkcs12.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-pkcs12.o: ../include/openssl/evp.h ../include/openssl/idea.h
+pkcs12.o: ../include/openssl/err.h ../include/openssl/evp.h
-pkcs12.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+pkcs12.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-pkcs12.o: ../include/openssl/md4.h ../include/openssl/md5.h
+pkcs12.o: ../include/openssl/md2.h ../include/openssl/md4.h
-pkcs12.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+pkcs12.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-pkcs12.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+pkcs12.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+pkcs12.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+pkcs12.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+pkcs12.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
 pkcs12.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 pkcs12.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 pkcs12.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 pkcs12.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -556,14 +565,15 @@ pkcs7.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 pkcs7.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 pkcs7.o: ../include/openssl/des.h ../include/openssl/dh.h
 pkcs7.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-pkcs7.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+pkcs7.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-pkcs7.o: ../include/openssl/evp.h ../include/openssl/idea.h
+pkcs7.o: ../include/openssl/err.h ../include/openssl/evp.h
-pkcs7.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+pkcs7.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-pkcs7.o: ../include/openssl/md4.h ../include/openssl/md5.h
+pkcs7.o: ../include/openssl/md2.h ../include/openssl/md4.h
-pkcs7.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+pkcs7.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-pkcs7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+pkcs7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+pkcs7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+pkcs7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 pkcs7.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 pkcs7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 pkcs7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 pkcs7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -576,15 +586,16 @@ pkcs8.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 pkcs8.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 pkcs8.o: ../include/openssl/des.h ../include/openssl/dh.h
 pkcs8.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-pkcs8.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+pkcs8.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-pkcs8.o: ../include/openssl/evp.h ../include/openssl/idea.h
+pkcs8.o: ../include/openssl/err.h ../include/openssl/evp.h
-pkcs8.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+pkcs8.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-pkcs8.o: ../include/openssl/md4.h ../include/openssl/md5.h
+pkcs8.o: ../include/openssl/md2.h ../include/openssl/md4.h
-pkcs8.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+pkcs8.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-pkcs8.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+pkcs8.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+pkcs8.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+pkcs8.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+pkcs8.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
 pkcs8.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 pkcs8.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 pkcs8.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 pkcs8.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -596,33 +607,35 @@ rand.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 rand.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 rand.o: ../include/openssl/des.h ../include/openssl/dh.h
 rand.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-rand.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+rand.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-rand.o: ../include/openssl/evp.h ../include/openssl/idea.h
+rand.o: ../include/openssl/err.h ../include/openssl/evp.h
-rand.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+rand.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-rand.o: ../include/openssl/md4.h ../include/openssl/md5.h
+rand.o: ../include/openssl/md2.h ../include/openssl/md4.h
-rand.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+rand.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-rand.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
+rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-rand.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-rand.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+rand.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-rand.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+rand.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+rand.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
-rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+rand.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
 rand.o: ../include/openssl/x509_vfy.h apps.h
 req.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 req.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 req.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 req.o: ../include/openssl/des.h ../include/openssl/dh.h
 req.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-req.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+req.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-req.o: ../include/openssl/evp.h ../include/openssl/idea.h
+req.o: ../include/openssl/err.h ../include/openssl/evp.h
-req.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+req.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-req.o: ../include/openssl/md4.h ../include/openssl/md5.h
+req.o: ../include/openssl/md2.h ../include/openssl/md4.h
-req.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+req.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-req.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+req.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-req.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+req.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 req.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 req.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 req.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -635,14 +648,15 @@ rsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 rsa.o: ../include/openssl/des.h ../include/openssl/dh.h
 rsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-rsa.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+rsa.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-rsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
+rsa.o: ../include/openssl/err.h ../include/openssl/evp.h
-rsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+rsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-rsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
+rsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
-rsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+rsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-rsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+rsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 rsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 rsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 rsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -655,14 +669,15 @@ rsautl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 rsautl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 rsautl.o: ../include/openssl/des.h ../include/openssl/dh.h
 rsautl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-rsautl.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+rsautl.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-rsautl.o: ../include/openssl/evp.h ../include/openssl/idea.h
+rsautl.o: ../include/openssl/err.h ../include/openssl/evp.h
-rsautl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+rsautl.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-rsautl.o: ../include/openssl/md4.h ../include/openssl/md5.h
+rsautl.o: ../include/openssl/md2.h ../include/openssl/md4.h
-rsautl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+rsautl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-rsautl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+rsautl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-rsautl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+rsautl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-rsautl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+rsautl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 rsautl.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 rsautl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 rsautl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 rsautl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -699,23 +714,23 @@ s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_client.o: ../include/openssl/crypto.h ../include/openssl/des.h
 s_client.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 s_client.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-s_client.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_client.o: ../include/openssl/engine.h ../include/openssl/err.h
-s_client.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+s_client.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s_client.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s_client.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s_client.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s_client.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s_client.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s_client.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_client.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_client.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s_client.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s_client.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s_client.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s_client.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-s_client.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s_client.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s_client.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s_client.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-s_client.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s_client.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s_client.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s_client.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s_client.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s_client.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+s_client.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s_client.o: s_apps.h
+s_client.o: ../include/openssl/x509_vfy.h apps.h s_apps.h
 s_server.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 s_server.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 s_server.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -723,23 +738,23 @@ s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_server.o: ../include/openssl/crypto.h ../include/openssl/des.h
 s_server.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 s_server.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-s_server.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_server.o: ../include/openssl/engine.h ../include/openssl/err.h
-s_server.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+s_server.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s_server.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s_server.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s_server.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s_server.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s_server.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s_server.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_server.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_server.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s_server.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s_server.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s_server.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s_server.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-s_server.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s_server.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s_server.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s_server.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-s_server.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s_server.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s_server.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s_server.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+s_server.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s_server.o: s_apps.h
+s_server.o: ../include/openssl/x509_vfy.h apps.h s_apps.h
 s_socket.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 s_socket.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 s_socket.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -815,14 +830,15 @@ smime.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 smime.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 smime.o: ../include/openssl/des.h ../include/openssl/dh.h
 smime.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-smime.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+smime.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-smime.o: ../include/openssl/evp.h ../include/openssl/idea.h
+smime.o: ../include/openssl/err.h ../include/openssl/evp.h
-smime.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+smime.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-smime.o: ../include/openssl/md4.h ../include/openssl/md5.h
+smime.o: ../include/openssl/md2.h ../include/openssl/md4.h
-smime.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+smime.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-smime.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+smime.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-smime.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+smime.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-smime.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+smime.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 smime.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 smime.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 smime.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 smime.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -835,34 +851,36 @@ speed.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 speed.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 speed.o: ../include/openssl/des.h ../include/openssl/dh.h
 speed.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-speed.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+speed.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-speed.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+speed.o: ../include/openssl/err.h ../include/openssl/evp.h
-speed.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h
-speed.o: ../include/openssl/md2.h ../include/openssl/md4.h
+speed.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-speed.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+speed.o: ../include/openssl/md4.h ../include/openssl/md5.h
-speed.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+speed.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+speed.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+speed.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
-speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+speed.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-speed.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+speed.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+speed.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
+speed.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-speed.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+speed.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-speed.o: ../include/openssl/x509_vfy.h ./testdsa.h ./testrsa.h apps.h
+speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ./testdsa.h
 speed.o: ./testrsa.h apps.h
 spkac.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 spkac.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 spkac.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 spkac.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 spkac.o: ../include/openssl/des.h ../include/openssl/dh.h
 spkac.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-spkac.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+spkac.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-spkac.o: ../include/openssl/evp.h ../include/openssl/idea.h
+spkac.o: ../include/openssl/err.h ../include/openssl/evp.h
-spkac.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+spkac.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-spkac.o: ../include/openssl/md4.h ../include/openssl/md5.h
+spkac.o: ../include/openssl/md2.h ../include/openssl/md4.h
-spkac.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+spkac.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-spkac.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+spkac.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-spkac.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+spkac.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+spkac.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 spkac.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 spkac.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 spkac.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 spkac.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -875,14 +893,15 @@ verify.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 verify.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 verify.o: ../include/openssl/des.h ../include/openssl/dh.h
 verify.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-verify.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+verify.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-verify.o: ../include/openssl/evp.h ../include/openssl/idea.h
+verify.o: ../include/openssl/err.h ../include/openssl/evp.h
-verify.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+verify.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-verify.o: ../include/openssl/md4.h ../include/openssl/md5.h
+verify.o: ../include/openssl/md2.h ../include/openssl/md4.h
-verify.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+verify.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-verify.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+verify.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-verify.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+verify.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+verify.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 verify.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 verify.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 verify.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 verify.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -913,14 +932,15 @@ x509.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 x509.o: ../include/openssl/des.h ../include/openssl/dh.h
 x509.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-x509.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+x509.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-x509.o: ../include/openssl/evp.h ../include/openssl/idea.h
+x509.o: ../include/openssl/err.h ../include/openssl/evp.h
-x509.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+x509.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-x509.o: ../include/openssl/md4.h ../include/openssl/md5.h
+x509.o: ../include/openssl/md2.h ../include/openssl/md4.h
-x509.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+x509.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-x509.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+x509.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-x509.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+x509.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+x509.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 x509.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 x509.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 x509.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 x509.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -170,6 +170,8 @@ int str2fmt(char *s)
 		|| (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0)
 		|| (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0))
 		return(FORMAT_PKCS12);
 	else if ((*s == 'E') || (*s == 'e'))
 		return(FORMAT_ENGINE);
 	else
 		return(FORMAT_UNDEF);
 	}
@@ -228,10 +230,17 @@ void program_name(char *in, char *out, int size)
 	q=strrchr(p,'.');
 	if (q == NULL)
-		q = in+size;
+		q = p + strlen(p);
-	strncpy(out,p,q-p);
+	strncpy(out,p,size-1);
 	if (q-p >= size)
 		{
 		out[size-1]='\0';
 		}
 	else
 		{
 		out[q-p]='\0';
 		}
 	}
 #else
 void program_name(char *in, char *out, int size)
 	{
@@ -755,7 +764,7 @@ int set_name_ex(unsigned long *flags, const char *arg)
 void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
 {
-	char buf[256];
+	char *buf;
 	char mline = 0;
 	int indent = 0;
 	if(title) BIO_puts(out, title);
@@ -764,9 +773,10 @@ void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
 		indent = 4;
 	}
 	if(lflags == XN_FLAG_COMPAT) {
-		X509_NAME_oneline(nm,buf,256);
+		buf = X509_NAME_oneline(nm, 0, 0);
-		BIO_puts(out,buf);
+		BIO_puts(out, buf);
 		BIO_puts(out, "\n");
 		OPENSSL_free(buf);
 	} else {
 		if(mline) BIO_puts(out, "\n");
 		X509_NAME_print_ex(out, nm, indent, lflags);
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -162,6 +162,8 @@ STACK_OF(X509) *load_certs(BIO *err, char *file, int format);
 #define FORMAT_NETSCAPE 4
 #define FORMAT_PKCS12   5
 #define FORMAT_SMIME    6
 /* Since this is currently inofficial, let's give it a high number */
 #define FORMAT_ENGINE   127
 #define NETSCAPE_CERT_HDR	"certificate"
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -181,7 +181,7 @@ bad:
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
 		BIO_printf(bio_err," -in arg       input file\n");
-		BIO_printf(bio_err," -out arg      output file\n");
+		BIO_printf(bio_err," -out arg      output file (output format is always DER\n");
 		BIO_printf(bio_err," -noout arg    don't produce any output\n");
 		BIO_printf(bio_err," -offset arg   offset into file\n");
 		BIO_printf(bio_err," -length arg   length of section in file\n");
@@ -192,7 +192,6 @@ bad:
 		BIO_printf(bio_err," -strparse offset\n");
 		BIO_printf(bio_err,"               a series of these can be used to 'dig' into multiple\n");
 		BIO_printf(bio_err,"               ASN1 blob wrappings\n");
 		BIO_printf(bio_err," -out filename output DER encoding to file\n");
 		goto end;
 		}
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -74,6 +74,7 @@
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #ifndef W_OK
 #  ifdef VMS
@@ -167,6 +168,7 @@ static char *ca_usage[]={
 " -revoke file    - Revoke a certificate (given in file)\n",
 " -extensions ..  - Extension section (override value in config file)\n",
 " -crlexts ..     - CRL extension section (override value in config file)\n",
 " -engine e       - use engine e, possibly a hardware device.\n",
 NULL
 };
@@ -216,6 +218,7 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	char *key=NULL,*passargin=NULL;
 	int total=0;
 	int total_done=0;
@@ -268,6 +271,7 @@ int MAIN(int argc, char **argv)
 #define BSIZE 256
 	MS_STATIC char buf[3][BSIZE];
 	char *randfile=NULL;
 	char *engine = NULL;
 #ifdef EFENCE
 EF_PROTECT_FREE=1;
@@ -419,6 +423,11 @@ EF_ALIGNMENT=0;
 			if (--argc < 1) goto bad;
 			crl_ext= *(++argv);
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else
 			{
 bad:
@@ -439,6 +448,24 @@ bad:
 	ERR_load_crypto_strings();
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto err;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto err;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	/*****************************************************************/
 	if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
 	if (configfile == NULL) configfile = getenv("SSLEAY_CONF");
@@ -1108,7 +1135,7 @@ bad:
 			}
 		if ((crldays == 0) && (crlhours == 0))
 			{
-			BIO_printf(bio_err,"cannot lookup how long until the next CRL is issuer\n");
+			BIO_printf(bio_err,"cannot lookup how long until the next CRL is issued\n");
 			goto err;
 			}
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -66,6 +66,7 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #undef BUFSIZE
 #define BUFSIZE	1024*8
@@ -80,6 +81,7 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	unsigned char *buf=NULL;
 	int i,err=0;
 	const EVP_MD *md=NULL,*m;
@@ -97,6 +99,7 @@ int MAIN(int argc, char **argv)
 	EVP_PKEY *sigkey = NULL;
 	unsigned char *sigbuf = NULL;
 	int siglen = 0;
 	char *engine=NULL;
 	apps_startup();
@@ -154,6 +157,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) break;
 			sigfile=*(++argv);
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) break;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-hex") == 0)
 			out_bin = 0;
 		else if (strcmp(*argv,"-binary") == 0)
@@ -190,6 +198,7 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err,"-prverify file  verify a signature using private key in file\n");
 		BIO_printf(bio_err,"-signature file signature to verify\n");
 		BIO_printf(bio_err,"-binary         output in binary form\n");
 		BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n",
 			LN_md5,LN_md5);
@@ -209,6 +218,24 @@ int MAIN(int argc, char **argv)
 		goto end;
 		}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	in=BIO_new(BIO_s_file());
 	bmd=BIO_new(BIO_f_md());
 	if (debug)
--- a/apps/dh.c
+++ b/apps/dh.c
@@ -69,6 +69,7 @@
 #include <openssl/dh.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #undef PROG
 #define PROG	dh_main
@@ -87,11 +88,12 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	DH *dh=NULL;
 	int i,badops=0,text=0;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,check=0,noout=0,C=0,ret=1;
-	char *infile,*outfile,*prog;
+	char *infile,*outfile,*prog,*engine;
 	apps_startup();
@@ -99,6 +101,7 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 	engine=NULL;
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
@@ -129,6 +132,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-check") == 0)
 			check=1;
 		else if (strcmp(*argv,"-text") == 0)
@@ -160,11 +168,30 @@ bad:
 		BIO_printf(bio_err," -text         print a text form of the DH parameters\n");
 		BIO_printf(bio_err," -C            Output C code\n");
 		BIO_printf(bio_err," -noout        no output\n");
 		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
 		goto end;
 		}
 	ERR_load_crypto_strings();
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
 	if ((in == NULL) || (out == NULL))
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -121,6 +121,7 @@
 #include <openssl/dh.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #ifndef NO_DSA
 #include <openssl/dsa.h>
@@ -148,6 +149,7 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	DH *dh=NULL;
 	int i,badops=0,text=0;
 #ifndef NO_DSA
@@ -156,7 +158,7 @@ int MAIN(int argc, char **argv)
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,check=0,noout=0,C=0,ret=1;
 	char *infile,*outfile,*prog;
-	char *inrand=NULL;
+	char *inrand=NULL,*engine=NULL;
 	int num = 0, g = 0;
 	apps_startup();
@@ -195,6 +197,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-check") == 0)
 			check=1;
 		else if (strcmp(*argv,"-text") == 0)
@@ -240,6 +247,7 @@ bad:
 		BIO_printf(bio_err," -2            generate parameters using  2 as the generator value\n");
 		BIO_printf(bio_err," -5            generate parameters using  5 as the generator value\n");
 		BIO_printf(bio_err," numbits       number of bits in to generate (default 512)\n");
 		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"               - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"               the random number generator\n");
@@ -249,6 +257,24 @@ bad:
 	ERR_load_crypto_strings();
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if (g && !num)
 		num = DEFBITS;
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -68,6 +68,7 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #undef PROG
 #define PROG	dsa_main
@@ -87,6 +88,7 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	int ret=1;
 	DSA *dsa=NULL;
 	int i,badops=0;
@@ -94,7 +96,7 @@ int MAIN(int argc, char **argv)
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,text=0,noout=0;
 	int pubin = 0, pubout = 0;
-	char *infile,*outfile,*prog;
+	char *infile,*outfile,*prog,*engine;
 	char *passargin = NULL, *passargout = NULL;
 	char *passin = NULL, *passout = NULL;
 	int modulus=0;
@@ -105,6 +107,7 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 	engine=NULL;
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
@@ -145,6 +148,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
 		else if (strcmp(*argv,"-text") == 0)
@@ -176,6 +184,7 @@ bad:
 		BIO_printf(bio_err," -passin arg     input file pass phrase source\n");
 		BIO_printf(bio_err," -out arg        output file\n");
 		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
 		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -des            encrypt PEM output with cbc des\n");
 		BIO_printf(bio_err," -des3           encrypt PEM output with ede cbc des using 168 bit key\n");
 #ifndef NO_IDEA
@@ -189,6 +198,24 @@ bad:
 	ERR_load_crypto_strings();
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
 		BIO_printf(bio_err, "Error getting passwords\n");
 		goto end;
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -176,7 +176,7 @@ bad:
 		BIO_printf(bio_err," -outform arg  output format - DER or PEM\n");
 		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
-		BIO_printf(bio_err," -text         print the key in text\n");
+		BIO_printf(bio_err," -text         print as text\n");
 		BIO_printf(bio_err," -C            Output C code\n");
 		BIO_printf(bio_err," -noout        no output\n");
 		BIO_printf(bio_err," -rand         files to use for random number input\n");
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -70,6 +70,7 @@
 #include <openssl/md5.h>
 #endif
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 int set_hex(char *in,unsigned char *out,int size);
 #undef SIZE
@@ -84,6 +85,7 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	static const char magic[]="Salted__";
 	char mbuf[8];	/* should be 1 smaller than magic */
 	char *strbuf=NULL;
@@ -101,6 +103,7 @@ int MAIN(int argc, char **argv)
 	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
 #define PROG_NAME_SIZE  39
 	char pname[PROG_NAME_SIZE+1];
 	char *engine = NULL;
 	apps_startup();
@@ -141,6 +144,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passarg= *(++argv);
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if	(strcmp(*argv,"-d") == 0)
 			enc=0;
 		else if	(strcmp(*argv,"-p") == 0)
@@ -241,6 +249,7 @@ bad:
 			BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
 			BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
 			BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
 			BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");
 			BIO_printf(bio_err,"Cipher Types\n");
 			BIO_printf(bio_err,"des     : 56 bit key DES encryption\n");
@@ -314,6 +323,24 @@ bad:
 		argv++;
 		}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if (bufsize != NULL)
 		{
 		unsigned long n;
--- a/apps/gendh.c
+++ b/apps/gendh.c
@@ -70,6 +70,7 @@
 #include <openssl/dh.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #define DEFBITS	512
 #undef PROG
@@ -81,11 +82,13 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	DH *dh=NULL;
 	int ret=1,num=DEFBITS;
 	int g=2;
 	char *outfile=NULL;
 	char *inrand=NULL;
 	char *engine=NULL;
 	BIO *out=NULL;
 	apps_startup();
@@ -110,6 +113,11 @@ int MAIN(int argc, char **argv)
 			g=3; */
 		else if (strcmp(*argv,"-5") == 0)
 			g=5;
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -125,15 +133,34 @@ int MAIN(int argc, char **argv)
 bad:
 		BIO_printf(bio_err,"usage: gendh [args] [numbits]\n");
 		BIO_printf(bio_err," -out file - output the key to 'file\n");
-		BIO_printf(bio_err," -2    use 2 as the generator value\n");
+		BIO_printf(bio_err," -2        - use 2 as the generator value\n");
-	/*	BIO_printf(bio_err," -3    use 3 as the generator value\n"); */
+	/*	BIO_printf(bio_err," -3        - use 3 as the generator value\n"); */
-		BIO_printf(bio_err," -5    use 5 as the generator value\n");
+		BIO_printf(bio_err," -5        - use 5 as the generator value\n");
 		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"             the random number generator\n");
 		goto end;
 		}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	out=BIO_new(BIO_s_file());
 	if (out == NULL)
 		{
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -68,6 +68,7 @@
 #include <openssl/dsa.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #define DEFBITS	512
 #undef PROG
@@ -77,6 +78,7 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	DSA *dsa=NULL;
 	int ret=1;
 	char *outfile=NULL;
@@ -84,6 +86,7 @@ int MAIN(int argc, char **argv)
 	char *passargout = NULL, *passout = NULL;
 	BIO *out=NULL,*in=NULL;
 	EVP_CIPHER *enc=NULL;
 	char *engine=NULL;
 	apps_startup();
@@ -106,6 +109,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -145,6 +153,7 @@ bad:
 #ifndef NO_IDEA
 		BIO_printf(bio_err," -idea     - encrypt the generated key with IDEA in cbc mode\n");
 #endif
 		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"             the random number generator\n");
@@ -153,6 +162,24 @@ bad:
 		goto end;
 		}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
 		BIO_printf(bio_err, "Error getting password\n");
 		goto end;
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -69,6 +69,7 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #define DEFBITS	512
 #undef PROG
@@ -80,6 +81,7 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	int ret=1;
 	RSA *rsa=NULL;
 	int i,num=DEFBITS;
@@ -88,6 +90,7 @@ int MAIN(int argc, char **argv)
 	unsigned long f4=RSA_F4;
 	char *outfile=NULL;
 	char *passargout = NULL, *passout = NULL;
 	char *engine=NULL;
 	char *inrand=NULL;
 	BIO *out=NULL;
@@ -116,6 +119,11 @@ int MAIN(int argc, char **argv)
 			f4=3;
 		else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
 			f4=RSA_F4;
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -154,6 +162,7 @@ bad:
 		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
 		BIO_printf(bio_err," -f4             use F4 (0x10001) for the E value\n");
 		BIO_printf(bio_err," -3              use 3 for the E value\n");
 		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"                 load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"                 the random number generator\n");
@@ -167,6 +176,24 @@ bad:
 		goto err;
 	}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto err;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto err;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
@@ -186,7 +213,8 @@ bad:
 			}
 		}
-	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
+	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
 		&& !RAND_status())
 		{
 		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
 		}
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -66,6 +66,7 @@
 #include <openssl/err.h>
 #include <openssl/pem.h>
 #include <openssl/pkcs12.h>
 #include <openssl/engine.h>
 #define PROG pkcs12_main
@@ -92,6 +93,7 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 {
    ENGINE *e = NULL;
    char *infile=NULL, *outfile=NULL, *keyname = NULL;	
    char *certfile=NULL;
    BIO *in=NULL, *out = NULL, *inkey = NULL, *certsin = NULL;
@@ -118,6 +120,7 @@ int MAIN(int argc, char **argv)
    char *passin = NULL, *passout = NULL;
    char *inrand = NULL;
    char *CApath = NULL, *CAfile = NULL;
    char *engine=NULL;
    apps_startup();
@@ -236,6 +239,11 @@ int MAIN(int argc, char **argv)
 			args++;	
 			CAfile = *args;
 		    } else badarg = 1;
 		} else if (!strcmp(*args,"-engine")) {
 		    if (args[1]) {
 			args++;	
 			engine = *args;
 		    } else badarg = 1;
 		} else badarg = 1;
 	} else badarg = 1;
@@ -279,12 +287,27 @@ int MAIN(int argc, char **argv)
 	BIO_printf (bio_err, "-password p   set import/export password source\n");
 	BIO_printf (bio_err, "-passin p     input file pass phrase source\n");
 	BIO_printf (bio_err, "-passout p    output file pass phrase source\n");
 	BIO_printf (bio_err, "-engine e     use engine e, possibly a hardware device.\n");
 	BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 	BIO_printf(bio_err,  "              load the file (or the files in the directory) into\n");
 	BIO_printf(bio_err,  "              the random number generator\n");
    	goto end;
    }
    if (engine != NULL) {
 	if((e = ENGINE_by_id(engine)) == NULL) {
 	    BIO_printf(bio_err,"invalid engine \"%s\"\n", engine);
 	    goto end;
 	}
 	if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
 	    BIO_printf(bio_err,"can't use that engine\n");
 	    goto end;
 	}
 	BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 	/* Free our "structural" reference. */
 	ENGINE_free(e);
    }
    if(passarg) {
 	if(export_cert) passargout = passarg;
 	else passargin = passarg;
@@ -749,7 +772,10 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
 		print_attribs (out, bag->attrib, "Bag Attributes");
 		if (!(p8 = M_PKCS12_decrypt_skey (bag, pass, passlen)))
 				return 0;
-		if (!(pkey = EVP_PKCS82PKEY (p8))) return 0;
+		if (!(pkey = EVP_PKCS82PKEY (p8))) {
 			PKCS8_PRIV_KEY_INFO_free(p8);
 			return 0;
 		}
 		print_attribs (out, p8->attributes, "Key Attributes");
 		PKCS8_PRIV_KEY_INFO_free(p8);
 		PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass);
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@@ -67,6 +67,7 @@
 #include <openssl/x509.h>
 #include <openssl/pkcs7.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #undef PROG
 #define PROG	pkcs7_main
@@ -82,13 +83,15 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	PKCS7 *p7=NULL;
 	int i,badops=0;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat;
 	char *infile,*outfile,*prog;
 	int print_certs=0,text=0,noout=0;
-	int ret=0;
+	int ret=1;
 	char *engine=NULL;
 	apps_startup();
@@ -132,6 +135,11 @@ int MAIN(int argc, char **argv)
 			text=1;
 		else if (strcmp(*argv,"-print_certs") == 0)
 			print_certs=1;
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -154,11 +162,30 @@ bad:
 		BIO_printf(bio_err," -print_certs  print any certs or crl in the input\n");
 		BIO_printf(bio_err," -text         print full details of certificates\n");
 		BIO_printf(bio_err," -noout        don't output encoded data\n");
 		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
 		EXIT(1);
 		}
 	ERR_load_crypto_strings();
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
 	if ((in == NULL) || (out == NULL))
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -62,6 +62,7 @@
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/pkcs12.h>
 #include <openssl/engine.h>
 #include "apps.h"
 #define PROG pkcs8_main
@@ -70,6 +71,7 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 {
 	ENGINE *e = NULL;
 	char **args, *infile = NULL, *outfile = NULL;
 	char *passargin = NULL, *passargout = NULL;
 	BIO *in = NULL, *out = NULL;
@@ -85,9 +87,13 @@ int MAIN(int argc, char **argv)
 	EVP_PKEY *pkey;
 	char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
 	int badarg = 0;
 	char *engine=NULL;
 	if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_algorithms();
 	args = argv + 1;
@@ -138,6 +144,11 @@ int MAIN(int argc, char **argv)
 			if (!args[1]) goto bad;
 			passargout= *(++args);
 			}
 		else if (strcmp(*args,"-engine") == 0)
 			{
 			if (!args[1]) goto bad;
 			engine= *(++args);
 			}
 		else if (!strcmp (*args, "-in")) {
 			if (args[1]) {
 				args++;
@@ -170,9 +181,28 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err, "-nocrypt        use or expect unencrypted private key\n");
 		BIO_printf(bio_err, "-v2 alg         use PKCS#5 v2.0 and cipher \"alg\"\n");
 		BIO_printf(bio_err, "-v1 obj         use PKCS#5 v1.5 and cipher \"alg\"\n");
 		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 		return (1);
 	}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			return (1);
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			return (1);
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
 		BIO_printf(bio_err, "Error getting passwords\n");
 		return (1);
--- a/apps/rand.c
+++ b/apps/rand.c
@@ -9,6 +9,7 @@
 #include <openssl/bio.h>
 #include <openssl/err.h>
 #include <openssl/rand.h>
 #include <openssl/engine.h>
 #undef PROG
 #define PROG rand_main
@@ -23,6 +24,7 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	int i, r, ret = 1;
 	int badopt;
 	char *outfile = NULL;
@@ -30,6 +32,7 @@ int MAIN(int argc, char **argv)
 	int base64 = 0;
 	BIO *out = NULL;
 	int num = -1;
 	char *engine=NULL;
 	apps_startup();
@@ -48,6 +51,13 @@ int MAIN(int argc, char **argv)
 			else
 				badopt = 1;
 			}
 		if (strcmp(argv[i], "-engine") == 0)
 			{
 			if ((argv[i+1] != NULL) && (engine == NULL))
 				engine = argv[++i];
 			else
 				badopt = 1;
 			}
 		else if (strcmp(argv[i], "-rand") == 0)
 			{
 			if ((argv[i+1] != NULL) && (inrand == NULL))
@@ -85,11 +95,30 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err, "Usage: rand [options] num\n");
 		BIO_printf(bio_err, "where options are\n");
 		BIO_printf(bio_err, "-out file             - write to file\n");
 		BIO_printf(bio_err," -engine e             - use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err, "-base64               - encode output\n");
 		goto err;
 		}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto err;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto err;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	app_RAND_load_file(NULL, bio_err, (inrand != NULL));
 	if (inrand != NULL)
 		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
--- a/apps/req.c
+++ b/apps/req.c
@@ -73,6 +73,7 @@
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #define SECTION		"req"
@@ -140,6 +141,7 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 #ifndef NO_DSA
 	DSA *dsa_params=NULL;
 #endif
@@ -152,6 +154,7 @@ int MAIN(int argc, char **argv)
 	int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
 	int nodes=0,kludge=0,newhdr=0;
 	char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
 	char *engine=NULL;
 	char *extensions = NULL;
 	char *req_exts = NULL;
 	EVP_CIPHER *cipher=NULL;
@@ -195,6 +198,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-key") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -375,6 +383,7 @@ bad:
 		BIO_printf(bio_err," -verify        verify signature on REQ\n");
 		BIO_printf(bio_err," -modulus       RSA modulus\n");
 		BIO_printf(bio_err," -nodes         don't encrypt the output key\n");
 		BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -key file	use the private key contained in file\n");
 		BIO_printf(bio_err," -keyform arg   key file format\n");
 		BIO_printf(bio_err," -keyout arg    file to send the key to\n");
@@ -521,7 +530,36 @@ bad:
 	if ((in == NULL) || (out == NULL))
 		goto end;
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if (keyfile != NULL)
 		{
 		if (keyform == FORMAT_ENGINE)
 			{
 			if (!e)
 				{
 				BIO_printf(bio_err,"no engine specified\n");
 				goto end;
 				}
 			pkey = ENGINE_load_private_key(e, keyfile, NULL);
 			}
 		else
 			{
 			if (BIO_read_filename(in,keyfile) <= 0)
 				{
@@ -533,13 +571,15 @@ bad:
 				pkey=d2i_PrivateKey_bio(in,NULL);
 			else if (keyform == FORMAT_PEM)
 				{
-			pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,passin);
+				pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,
 					passin);
 				}
 			else
 				{
 				BIO_printf(bio_err,"bad input format specified for X509 request\n");
 				goto end;
 				}
 			}
 		if (pkey == NULL)
 			{
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -68,6 +68,7 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #undef PROG
 #define PROG	rsa_main
@@ -90,6 +91,7 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *eng = NULL;
 	int ret=1;
 	RSA *rsa=NULL;
 	int i,badops=0, sgckey=0;
@@ -100,6 +102,7 @@ int MAIN(int argc, char **argv)
 	char *infile,*outfile,*prog;
 	char *passargin = NULL, *passargout = NULL;
 	char *passin = NULL, *passout = NULL;
 	char *engine=NULL;
 	int modulus=0;
 	apps_startup();
@@ -148,6 +151,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-sgckey") == 0)
 			sgckey=1;
 		else if (strcmp(*argv,"-pubin") == 0)
@@ -195,11 +203,30 @@ bad:
 		BIO_printf(bio_err," -check          verify key consistency\n");
 		BIO_printf(bio_err," -pubin          expect a public key in input file\n");
 		BIO_printf(bio_err," -pubout         output a public key\n");
 		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 		goto end;
 		}
 	ERR_load_crypto_strings();
 	if (engine != NULL)
 		{
 		if((eng = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(eng, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(eng);
 		}
 	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
 		BIO_printf(bio_err, "Error getting passwords\n");
 		goto end;
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@@ -62,6 +62,7 @@
 #include <string.h>
 #include <openssl/err.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #define RSA_SIGN 	1
 #define RSA_VERIFY 	2
@@ -82,6 +83,7 @@ int MAIN(int argc, char **);
 int MAIN(int argc, char **argv)
 {
 	ENGINE *e = NULL;
 	BIO *in = NULL, *out = NULL;
 	char *infile = NULL, *outfile = NULL;
 	char *keyfile = NULL;
@@ -95,6 +97,7 @@ int MAIN(int argc, char **argv)
 	unsigned char *rsa_in = NULL, *rsa_out = NULL, pad;
 	int rsa_inlen, rsa_outlen = 0;
 	int keysize;
 	char *engine=NULL;
 	int ret = 1;
@@ -117,6 +120,9 @@ int MAIN(int argc, char **argv)
 		} else if(!strcmp(*argv, "-inkey")) {
 			if (--argc < 1) badarg = 1;
 			keyfile = *(++argv);
 		} else if(!strcmp(*argv, "-engine")) {
 			if (--argc < 1) badarg = 1;
 			engine = *(++argv);
 		} else if(!strcmp(*argv, "-pubin")) {
 			key_type = KEY_PUBKEY;
 		} else if(!strcmp(*argv, "-certin")) {
@@ -151,6 +157,24 @@ int MAIN(int argc, char **argv)
 		goto end;
 	}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 /* FIXME: seed PRNG only if needed */
 	app_RAND_load_file(NULL, bio_err, 0);
@@ -280,6 +304,7 @@ static void usage()
 	BIO_printf(bio_err, "-inkey file     input key\n");
 	BIO_printf(bio_err, "-pubin          input is an RSA public\n");
 	BIO_printf(bio_err, "-certin         input is a certificate carrying an RSA public key\n");
 	BIO_printf(bio_err, "-engine e       use engine e, possibly a hardware device.\n");
 	BIO_printf(bio_err, "-ssl            use SSL v2 padding\n");
 	BIO_printf(bio_err, "-raw            use no padding\n");
 	BIO_printf(bio_err, "-pkcs           use PKCS#1 v1.5 padding (default)\n");
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -80,6 +80,7 @@ typedef unsigned int u_int;
 #include <openssl/err.h>
 #include <openssl/pem.h>
 #include <openssl/rand.h>
 #include <openssl/engine.h>
 #include "s_apps.h"
 #ifdef WINDOWS
@@ -154,7 +155,7 @@ static void sc_usage(void)
 	BIO_printf(bio_err," -cipher       - preferred cipher to use, use the 'openssl ciphers'\n");
 	BIO_printf(bio_err,"                 command to see what is available\n");
 	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
-
+	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
 	}
 int MAIN(int, char **);
@@ -182,6 +183,8 @@ int MAIN(int argc, char **argv)
 	SSL_METHOD *meth=NULL;
 	BIO *sbio;
 	char *inrand=NULL;
 	char *engine_id=NULL;
 	ENGINE *e=NULL;
 #ifdef WINDOWS
 	struct timeval tv;
 #endif
@@ -324,6 +327,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			inrand= *(++argv);
 			}
 		else if	(strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine_id = *(++argv);
 			}
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -364,6 +372,30 @@ bad:
 	OpenSSL_add_ssl_algorithms();
 	SSL_load_error_strings();
 	if (engine_id != NULL)
 		{
 		if((e = ENGINE_by_id(engine_id)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		if (c_debug)
 			{
 			ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
 				0, bio_err, 0);
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine_id);
 		ENGINE_free(e);
 		}
 	ctx=SSL_CTX_new(meth);
 	if (ctx == NULL)
 		{
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -84,6 +84,7 @@ typedef unsigned int u_int;
 #include <openssl/x509.h>
 #include <openssl/ssl.h>
 #include <openssl/rand.h>
 #include <openssl/engine.h>
 #include "s_apps.h"
 #ifdef WINDOWS
@@ -177,6 +178,7 @@ static int s_debug=0;
 static int s_quiet=0;
 static int hack=0;
 static char *engine_id=NULL;
 #ifdef MONOLITH
 static void s_server_init(void)
@@ -199,6 +201,7 @@ static void s_server_init(void)
 	s_debug=0;
 	s_quiet=0;
 	hack=0;
 	engine_id=NULL;
 	}
 #endif
@@ -244,6 +247,7 @@ static void sv_usage(void)
 	BIO_printf(bio_err," -www          - Respond to a 'GET /' with a status page\n");
 	BIO_printf(bio_err," -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
 	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
 	}
 static int local_argc=0;
@@ -414,6 +418,8 @@ int MAIN(int argc, char *argv[])
 	int state=0;
 	SSL_METHOD *meth=NULL;
 	char *inrand=NULL;
 	char *engine=NULL;
 	ENGINE *e=NULL;
 #ifndef NO_DH
 	DH *dh=NULL;
 #endif
@@ -573,6 +579,11 @@ int MAIN(int argc, char *argv[])
 			if (--argc < 1) goto bad;
 			inrand= *(++argv);
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine = *(++argv);
 			}
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -624,6 +635,29 @@ bad:
 	SSL_load_error_strings();
 	OpenSSL_add_ssl_algorithms();
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		if (s_debug)
 			{
 			ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
 				0, bio_err, 0);
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		ENGINE_free(e);
 		}
 	ctx=SSL_CTX_new(meth);
 	if (ctx == NULL)
 		{
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -64,6 +64,7 @@
 #include <openssl/crypto.h>
 #include <openssl/pem.h>
 #include <openssl/err.h>
 #include <openssl/engine.h>
 #undef PROG
 #define PROG smime_main
@@ -81,6 +82,7 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 {
 	ENGINE *e = NULL;
 	int operation = 0;
 	int ret = 0;
 	char **args;
@@ -103,8 +105,9 @@ int MAIN(int argc, char **argv)
 	char *inrand = NULL;
 	int need_rand = 0;
 	int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
-	args = argv + 1;
+	char *engine=NULL;
 	args = argv + 1;
 	ret = 1;
 	while (!badarg && *args && *args[0] == '-') {
@@ -153,6 +156,11 @@ int MAIN(int argc, char **argv)
 				inrand = *args;
 			} else badarg = 1;
 			need_rand = 1;
 		} else if (!strcmp(*args,"-engine")) {
 			if (args[1]) {
 				args++;
 				engine = *args;
 			} else badarg = 1;
 		} else if (!strcmp(*args,"-passin")) {
 			if (args[1]) {
 				args++;
@@ -290,6 +298,7 @@ int MAIN(int argc, char **argv)
 		BIO_printf (bio_err, "-text          include or delete text MIME headers\n");
 		BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");
 		BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
 		BIO_printf (bio_err, "-engine e      use engine e, possibly a hardware device.\n");
 		BIO_printf (bio_err, "-passin arg    input file pass phrase source\n");
 		BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,  "               load the file (or the files in the directory) into\n");
@@ -298,6 +307,24 @@ int MAIN(int argc, char **argv)
 		goto end;
 	}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
 		BIO_printf(bio_err, "Error getting password\n");
 		goto end;
@@ -414,7 +441,10 @@ int MAIN(int argc, char **argv)
 		p7 = PKCS7_encrypt(encerts, in, cipher, flags);
 	} else if(operation == SMIME_SIGN) {
 		p7 = PKCS7_sign(signer, key, other, in, flags);
-		BIO_reset(in);
+		if (BIO_reset(in) != 0 && (flags & PKCS7_DETACHED)) {
 		  BIO_printf(bio_err, "Can't rewind input file\n");
 		  goto end;
 		}
 	} else {
 		if(informat == FORMAT_SMIME) 
 			p7 = SMIME_read_PKCS7(in, &indata);
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -81,6 +81,7 @@
 #include <openssl/crypto.h>
 #include <openssl/rand.h>
 #include <openssl/err.h>
 #include <openssl/engine.h>
 #if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(_DARWIN)
 # define USE_TOD
@@ -327,6 +328,7 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e;
 	unsigned char *buf=NULL,*buf2=NULL;
 	int mret=1;
 #define ALGOR_NUM	15
@@ -489,6 +491,37 @@ int MAIN(int argc, char **argv)
 		{
 		if	((argc > 0) && (strcmp(*argv,"-elapsed") == 0))
 			usertime = 0;
 		else
 		if	((argc > 0) && (strcmp(*argv,"-engine") == 0))
 			{
 			argc--;
 			argv++;
 			if(argc == 0)
 				{
 				BIO_printf(bio_err,"no engine given\n");
 				goto end;
 				}
 			if((e = ENGINE_by_id(*argv)) == NULL)
 				{
 				BIO_printf(bio_err,"invalid engine \"%s\"\n",
 					*argv);
 				goto end;
 				}
 			if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 				{
 				BIO_printf(bio_err,"can't use that engine\n");
 				goto end;
 				}
 			BIO_printf(bio_err,"engine \"%s\" set.\n", *argv);
 			/* Free our "structural" reference. */
 			ENGINE_free(e);
 			/* It will be increased again further down.  We just
 			   don't want speed to confuse an engine with an
 			   algorithm, especially when none is given (which
 			   means all of them should be run) */
 			j--;
 			}
 		else
 #ifndef NO_MD2
 		if	(strcmp(*argv,"md2") == 0) doit[D_MD2]=1;
 		else
@@ -536,7 +569,7 @@ int MAIN(int argc, char **argv)
 #ifdef RSAref
 			if (strcmp(*argv,"rsaref") == 0) 
 			{
-			RSA_set_default_method(RSA_PKCS1_RSAref());
+			RSA_set_default_openssl_method(RSA_PKCS1_RSAref());
 			j--;
 			}
 		else
@@ -544,7 +577,7 @@ int MAIN(int argc, char **argv)
 #ifndef RSA_NULL
 			if (strcmp(*argv,"openssl") == 0) 
 			{
-			RSA_set_default_method(RSA_PKCS1_SSLeay());
+			RSA_set_default_openssl_method(RSA_PKCS1_SSLeay());
 			j--;
 			}
 		else
@@ -689,11 +722,12 @@ int MAIN(int argc, char **argv)
 			BIO_printf(bio_err,"\n");
 #endif
 #ifdef TIMES
 			BIO_printf(bio_err,"\n");
 			BIO_printf(bio_err,"Available options:\n");
 #ifdef TIMES
 			BIO_printf(bio_err,"-elapsed        measure time in real time instead of CPU user time.\n");
 #endif
 			BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
 			goto end;
 			}
 		argc--;
@@ -1400,6 +1434,7 @@ int MAIN(int argc, char **argv)
 #endif
 	mret=0;
 end:
 	ERR_print_errors(bio_err);
 	if (buf != NULL) OPENSSL_free(buf);
 	if (buf2 != NULL) OPENSSL_free(buf2);
 #ifndef NO_RSA
--- a/apps/spkac.c
+++ b/apps/spkac.c
@@ -69,6 +69,7 @@
 #include <openssl/lhash.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #undef PROG
 #define PROG	spkac_main
@@ -81,6 +82,7 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	int i,badops=0, ret = 1;
 	BIO *in = NULL,*out = NULL, *key = NULL;
 	int verify=0,noout=0,pubkey=0;
@@ -91,6 +93,7 @@ int MAIN(int argc, char **argv)
 	LHASH *conf = NULL;
 	NETSCAPE_SPKI *spki = NULL;
 	EVP_PKEY *pkey = NULL;
 	char *engine=NULL;
 	apps_startup();
@@ -136,6 +139,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			spksect= *(++argv);
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
 		else if (strcmp(*argv,"-pubkey") == 0)
@@ -161,6 +169,7 @@ bad:
 		BIO_printf(bio_err," -noout         don't print SPKAC\n");
 		BIO_printf(bio_err," -pubkey        output public key\n");
 		BIO_printf(bio_err," -verify        verify SPKAC signature\n");
 		BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device.\n");
 		goto end;
 		}
@@ -170,6 +179,24 @@ bad:
 		goto end;
 	}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if(keyfile) {
 		if(strcmp(keyfile, "-")) key = BIO_new_file(keyfile, "r");
 		else key = BIO_new_fp(stdin, BIO_NOCLOSE);
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -65,6 +65,7 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #undef PROG
 #define PROG	verify_main
@@ -78,6 +79,7 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	int i,ret=1;
 	int purpose = -1;
 	char *CApath=NULL,*CAfile=NULL;
@@ -85,6 +87,7 @@ int MAIN(int argc, char **argv)
 	STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
 	X509_STORE *cert_ctx=NULL;
 	X509_LOOKUP *lookup=NULL;
 	char *engine=NULL;
 	cert_ctx=X509_STORE_new();
 	if (cert_ctx == NULL) goto end;
@@ -137,6 +140,11 @@ int MAIN(int argc, char **argv)
 				if (argc-- < 1) goto end;
 				trustfile= *(++argv);
 				}
 			else if (strcmp(*argv,"-engine") == 0)
 				{
 				if (--argc < 1) goto end;
 				engine= *(++argv);
 				}
 			else if (strcmp(*argv,"-help") == 0)
 				goto end;
 			else if (strcmp(*argv,"-issuer_checks") == 0)
@@ -154,6 +162,24 @@ int MAIN(int argc, char **argv)
 			break;
 		}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
 	if (lookup == NULL) abort();
 	if (CAfile) {
@@ -201,7 +227,7 @@ int MAIN(int argc, char **argv)
 	ret=0;
 end:
 	if (ret == 1) {
-		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] cert1 cert2 ...\n");
+		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-engine e] cert1 cert2 ...\n");
 		BIO_printf(bio_err,"recognized usages:\n");
 		for(i = 0; i < X509_PURPOSE_get_count(); i++) {
 			X509_PURPOSE *ptmp;
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -73,6 +73,7 @@
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #undef PROG
 #define PROG x509_main
@@ -129,6 +130,7 @@ static char *x509_usage[]={
 " -extensions     - section from config file with X509V3 extensions to add\n",
 " -clrext         - delete extensions before signing and input certificate\n",
 " -nameopt arg    - various certificate name options\n",
 " -engine e       - use engine e, possibly a hardware device.\n",
 NULL
 };
@@ -145,6 +147,7 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	int ret=1;
 	X509_REQ *req=NULL;
 	X509 *x=NULL,*xca=NULL;
@@ -175,6 +178,7 @@ int MAIN(int argc, char **argv)
 	int need_rand = 0;
 	int checkend=0,checkoffset=0;
 	unsigned long nmflag = 0;
 	char *engine=NULL;
 	reqfile=0;
@@ -233,7 +237,7 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-CAkeyform") == 0)
 			{
 			if (--argc < 1) goto bad;
-			CAformat=str2fmt(*(++argv));
+			CAkeyformat=str2fmt(*(++argv));
 			}
 		else if (strcmp(*argv,"-days") == 0)
 			{
@@ -337,6 +341,11 @@ int MAIN(int argc, char **argv)
 			alias= *(++argv);
 			trustout = 1;
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-C") == 0)
 			C= ++num;
 		else if (strcmp(*argv,"-email") == 0)
@@ -420,6 +429,24 @@ bad:
 		goto end;
 		}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if (need_rand)
 		app_RAND_load_file(NULL, bio_err, 0);
--- a/64
+++ b/64
@@ -381,17 +381,33 @@ done
 # figure out if gcc is available and if so we use it otherwise
 # we fallback to whatever cc does on the system
-GCCVER=`(gcc --version) 2>/dev/null`
+GCCVER=`(gcc -dumpversion) 2>/dev/null`
 if [ "$GCCVER" != "" ]; then
  CC=gcc
-  # then strip off whatever prefix Cygnus prepends the number with...
+  # then strip off whatever prefix egcs prepends the number with...
-  GCCVER=`echo $GCCVER | sed 's/^[a-z]*\-//'`
+  # Hopefully, this will work for any future prefixes as well.
  GCCVER=`echo $GCCVER | sed 's/^[a-zA-Z]*\-//'`
  # Since gcc 3.1 gcc --version behaviour has changed.  gcc -dumpversion
  # does give us what we want though, so we use that.  We just just the
  # major and minor version numbers.
  # peak single digit before and after first dot, e.g. 2.95.1 gives 29
  GCCVER=`echo $GCCVER | sed 's/\([0-9]\)\.\([0-9]\).*/\1\2/'`
 else
  CC=cc
 fi
-
+GCCVER=${GCCVER:-0}
 if [ "$SYSTEM" = "HP-UX" ];then
  # By default gcc is a ILP32 compiler (with long long == 64).
  GCC_BITS="32"
  if [ $GCCVER -ge 30 ]; then
    # PA64 support only came in with gcc 3.0.x.
    # We look for the preprocessor symbol __LP64__ indicating
    # 64bit bit long and pointer.  sizeof(int) == 32 on HPUX64.
    if gcc -v -E -x c /dev/null 2>&1 | grep __LP64__ > /dev/null; then
      GCC_BITS="64"
    fi
  fi
 fi
 if [ "$SYSTEM" = "SunOS" ]; then
  # check for WorkShop C, expected output is "cc: blah-blah C x.x"
  CCVER=`(cc -V 2>&1) 2>/dev/null | \
@@ -497,6 +513,10 @@ EOF
 	${CC} -o dummy dummy.c && OUT=`./dummy ${MACHINE}`
 	rm dummy dummy.c
 	;;
  ppc64-*-linux2)
 	#Use the standard target for PPC architecture until we create a
 	#special one for the 64bit architecture.
 	OUT="linux-ppc" ;;
  ppc-*-linux2) OUT="linux-ppc" ;;
  m68k-*-linux*) OUT="linux-m68k" ;;
  ia64-*-linux?) OUT="linux-ia64" ;;
@@ -589,7 +609,17 @@ EOF
  BS2000-siemens-sysv4) OUT="BS2000-OSD" ;;
  RM*-siemens-sysv4) OUT="ReliantUNIX" ;;
  *-siemens-sysv4) OUT="SINIX" ;;
-  *-hpux1*)	OUT="hpux-parisc-$CC"
+  *-hpux1*)
 	if [ $CC = "gcc" ];
 	then
 	  if [ $GCC_BITS = "64" ]; then
 	    OUT="hpux64-parisc-gcc"
 	  else
 	    OUT="hpux-parisc-gcc"
 	  fi
 	else
 	  OUT="hpux-parisc-$CC"
 	fi
 	options="$options -D_REENTRANT" ;;
  *-hpux)	OUT="hpux-parisc-$CC" ;;
  # these are all covered by the catchall below
@@ -603,11 +633,27 @@ EOF
  *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
 esac
 # NB: This atalla support has been superceded by the ENGINE support
 # That contains its own header and definitions anyway. Support can
 # be enabled or disabled on any supported platform without external
 # headers, eg. by adding the "hw-atalla" switch to ./config or
 # perl Configure
 #
 # See whether we can compile Atalla support
-if [ -f /usr/include/atasi.h ]
+#if [ -f /usr/include/atasi.h ]
-then
+#then
-  options="$options -DATALLA"
+#  options="$options -DATALLA"
-fi
+#fi
 #get some basic shared lib support (behnke@trustcenter.de)
 case "$OUT" in
   solaris-*-gcc)
 	if  [ "$SHARED" = "true" ] 
 	 then
 	  options="$options -DPIC -fPIC"
        fi
     ;;
 esac
 # gcc < 2.8 does not support -mcpu=ultrasparc
 if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ]
--- a/crypto/Makefile.ssl
+++ b/crypto/Makefile.ssl
@@ -27,7 +27,7 @@ LIBS=
 SDIRS=	md2 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
-	bn rsa dsa dh dso \
+	bn rsa dsa dh dso engine \
 	buffer bio stack lhash rand err objects \
 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
@@ -51,11 +51,11 @@ all: buildinf.h lib subdirs
 buildinf.h: ../Makefile.ssl
 	( echo "#ifndef MK1MF_BUILD"; \
-	echo "  /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */"; \
+	echo '  /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */'; \
-	echo "  #define CFLAGS \"$(CC) $(CFLAG)\""; \
+	echo '  #define CFLAGS "$(CC) $(CFLAG)"'; \
-	echo "  #define PLATFORM \"$(PLATFORM)\""; \
+	echo '  #define PLATFORM "$(PLATFORM)"'; \
-	echo "  #define DATE \"`date`\""; \
+	echo "  #define DATE \"`LC_ALL=C LC_TIME=C date`\""; \
-	echo "#endif" ) >buildinf.h
+	echo '#endif' ) >buildinf.h
 testapps:
 	if echo ${SDIRS} | fgrep ' des '; \
@@ -134,7 +134,7 @@ depend:
 	@for i in $(SDIRS) ;\
 	do \
 	(cd $$i; echo "making depend in crypto/$$i..."; \
-	$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' DEPFLAG='${DEPFLAG}' depend ); \
+	$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' DEPFLAG='${DEPFLAG}' PERL='${PERL}' depend ); \
 	done;
 clean:
--- a/crypto/asn1/a_bitstr.c
+++ b/crypto/asn1/a_bitstr.c
@@ -89,8 +89,6 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
 	if (a == NULL) return(0);
 	len=a->length;
 	ret=1+len;
 	if (pp == NULL) return(ret);
 	if (len > 0)
 		{
@@ -118,6 +116,10 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
 		}
 	else
 		bits=0;
 	ret=1+len;
 	if (pp == NULL) return(ret);
 	p= *pp;
 	*(p++)=(unsigned char)bits;
--- a/crypto/asn1/a_enum.c
+++ b/crypto/asn1/a_enum.c
@@ -205,7 +205,18 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
 	else ret->type=V_ASN1_ENUMERATED;
 	j=BN_num_bits(bn);
 	len=((j == 0)?0:((j/8)+1));
-	ret->data=(unsigned char *)OPENSSL_malloc(len+4);
+	if (ret->length < len+4)
 		{
 		unsigned char *new_data=
 			OPENSSL_realloc(ret->data, len+4);
 		if (!new_data)
 			{
 			ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
 			goto err;
 			}
 		ret->data=new_data;
 		}
 	ret->length=BN_bn2bin(bn,ret->data);
 	return(ret);
 err:
--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c
@@ -451,7 +451,16 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
 	else ret->type=V_ASN1_INTEGER;
 	j=BN_num_bits(bn);
 	len=((j == 0)?0:((j/8)+1));
-	ret->data=(unsigned char *)OPENSSL_malloc(len+4);
+	if (ret->length < len+4)
 		{
 		unsigned char *new_data= OPENSSL_realloc(ret->data, len+4);
 		if (!new_data)
 			{
 			ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
 			goto err;
 			}
 		ret->data=new_data;
 		}
 	ret->length=BN_bn2bin(bn,ret->data);
 	return(ret);
 err:
--- a/crypto/asn1/a_set.c
+++ b/crypto/asn1/a_set.c
@@ -116,7 +116,7 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, int (*func)(), int ex_tag,
 		}
        pStart  = p; /* Catch the beg of Setblobs*/
-        rgSetBlob = (MYBLOB *)OPENSSL_malloc( sk_num(a) * sizeof(MYBLOB)); /* In this array
+        if (!(rgSetBlob = (MYBLOB *)OPENSSL_malloc( sk_num(a) * sizeof(MYBLOB)))) return 0; /* In this array
 we will store the SET blobs */
        for (i=0; i<sk_num(a); i++)
@@ -133,7 +133,7 @@ SetBlob
 /* Now we have to sort the blobs. I am using a simple algo.
    *Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/
        qsort( rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp);
-        pTempMem = OPENSSL_malloc(totSize);
+        if (!(pTempMem = OPENSSL_malloc(totSize))) return 0;
 /* Copy to temp mem */
        p = pTempMem;
--- a/crypto/asn1/a_sign.c
+++ b/crypto/asn1/a_sign.c
@@ -55,6 +55,59 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
 #include <stdio.h>
 #include <time.h>
@@ -87,7 +140,14 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
 		else
 			a=algor2;
 		if (a == NULL) continue;
-		if (	(a->parameter == NULL) || 
+                if (type->pkey_type == NID_dsaWithSHA1)
 			{
 			/* special case: RFC 2459 tells us to omit 'parameters'
 			 * with id-dsa-with-sha1 */
 			ASN1_TYPE_free(a->parameter);
 			a->parameter = NULL;
 			}
 		else if ((a->parameter == NULL) || 
 			(a->parameter->type != V_ASN1_NULL))
 			{
 			ASN1_TYPE_free(a->parameter);
--- a/crypto/asn1/a_utctm.c
+++ b/crypto/asn1/a_utctm.c
@@ -270,6 +270,9 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
 int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
 	{
 	struct tm *tm;
 #if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_DARWIN)
 	struct tm data;
 #endif
 	int offset;
 	int year;
@@ -287,7 +290,8 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
 	t -= offset*60; /* FIXME: may overflow in extreme cases */
 #if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_DARWIN)
-	{ struct tm data; gmtime_r(&t, &data); tm = &data; }
+	gmtime_r(&t, &data);
 	tm = &data;
 #else
 	tm = gmtime(&t);
 #endif
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -57,6 +57,7 @@
 */
 #include <stdio.h>
 #include <limits.h>
 #include "cryptlib.h"
 #include <openssl/asn1.h>
 #include <openssl/asn1_mac.h>
@@ -124,15 +125,13 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass,
 		(int)(omax+ *pp));
 #endif
-#if 0
+	if (*plength > (omax - (p - *pp)))
 	if ((p+ *plength) > (omax+ *pp))
 		{
 		ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
 		/* Set this so that even if things are not long enough
 		 * the values are set correctly */
 		ret|=0x80;
 		}
 #endif
 	*pp=p;
 	return(ret|inf);
 err:
@@ -143,7 +142,7 @@ err:
 static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
 	{
 	unsigned char *p= *pp;
-	long ret=0;
+	unsigned long ret=0;
 	int i;
 	if (max-- < 1) return(0);
@@ -159,6 +158,8 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
 		i= *p&0x7f;
 		if (*(p++) & 0x80)
 			{
 			if (i > sizeof(long))
 				return 0;
 			if (max-- == 0) return(0);
 			while (i-- > 0)
 				{
@@ -170,8 +171,10 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
 		else
 			ret=i;
 		}
 	if (ret > LONG_MAX)
 		return 0;
 	*pp=p;
-	*rl=ret;
+	*rl=(long)ret;
 	return(1);
 	}
@@ -407,7 +410,7 @@ int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b)
 void asn1_add_error(unsigned char *address, int offset)
 	{
-	char buf1[16],buf2[16];
+	char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
 	sprintf(buf1,"%lu",(unsigned long)address);
 	sprintf(buf2,"%d",offset);
--- a/crypto/asn1/d2i_dhp.c
+++ b/crypto/asn1/d2i_dhp.c
@@ -87,6 +87,7 @@ DH *d2i_DHparams(DH **a, unsigned char **pp, long length)
 		}
 	M_ASN1_BIT_STRING_free(bs);
 	bs = NULL;
 	M_ASN1_D2I_Finish_2(a);
--- a/crypto/asn1/d2i_dsap.c
+++ b/crypto/asn1/d2i_dsap.c
@@ -84,6 +84,7 @@ DSA *d2i_DSAparams(DSA **a, unsigned char **pp, long length)
 	if ((ret->g=BN_bin2bn(bs->data,bs->length,ret->g)) == NULL) goto err_bn;
 	M_ASN1_BIT_STRING_free(bs);
 	bs = NULL;
 	M_ASN1_D2I_Finish_2(a);
--- a/crypto/asn1/d2i_r_pr.c
+++ b/crypto/asn1/d2i_r_pr.c
@@ -108,6 +108,7 @@ RSA *d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length)
 		goto err_bn;
 	M_ASN1_INTEGER_free(bs);
 	bs = NULL;
 	M_ASN1_D2I_Finish_2(a);
 err_bn:
--- a/crypto/asn1/t_pkey.c
+++ b/crypto/asn1/t_pkey.c
@@ -96,10 +96,34 @@ int RSA_print(BIO *bp, RSA *x, int off)
 	char str[128];
 	const char *s;
 	unsigned char *m=NULL;
-	int i,ret=0;
+	int ret=0;
 	size_t buf_len=0, i;
-	i=RSA_size(x);
+	if (x->n)
-	m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
+		buf_len = (size_t)BN_num_bytes(x->n);
 	if (x->e)
 		if (buf_len < (i = (size_t)BN_num_bytes(x->e)))
 			buf_len = i;
 	if (x->d)
 		if (buf_len < (i = (size_t)BN_num_bytes(x->d)))
 			buf_len = i;
 	if (x->p)
 		if (buf_len < (i = (size_t)BN_num_bytes(x->p)))
 			buf_len = i;
 	if (x->q)
 		if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
 			buf_len = i;
 	if (x->dmp1)
 		if (buf_len < (i = (size_t)BN_num_bytes(x->dmp1)))
 			buf_len = i;
 	if (x->dmq1)
 		if (buf_len < (i = (size_t)BN_num_bytes(x->dmq1)))
 			buf_len = i;
 	if (x->iqmp)
 		if (buf_len < (i = (size_t)BN_num_bytes(x->iqmp)))
 			buf_len = i;
 	m=(unsigned char *)OPENSSL_malloc(buf_len+10);
 	if (m == NULL)
 		{
 		RSAerr(RSA_F_RSA_PRINT,ERR_R_MALLOC_FAILURE);
@@ -161,22 +185,25 @@ int DSA_print(BIO *bp, DSA *x, int off)
 	{
 	char str[128];
 	unsigned char *m=NULL;
-	int i,ret=0;
+	int ret=0;
-	BIGNUM *bn=NULL;
+	size_t buf_len=0,i;
-	if (x->p != NULL)
+	if (x->p)
-		bn=x->p;
+		buf_len = (size_t)BN_num_bytes(x->p);
-	else if (x->priv_key != NULL)
+	if (x->q)
-		bn=x->priv_key;
+		if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
-	else if (x->pub_key != NULL)
+			buf_len = i;
-		bn=x->pub_key;
+	if (x->g)
 		if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
 			buf_len = i;
 	if (x->priv_key)
 		if (buf_len < (i = (size_t)BN_num_bytes(x->priv_key)))
 			buf_len = i;
 	if (x->pub_key)
 		if (buf_len < (i = (size_t)BN_num_bytes(x->pub_key)))
 			buf_len = i;
-	/* larger than needed but what the hell :-) */
+	m=(unsigned char *)OPENSSL_malloc(buf_len+10);
 	if (bn != NULL)
 		i=BN_num_bytes(bn)*2;
 	else
 		i=256;
 	m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
 	if (m == NULL)
 		{
 		DSAerr(DSA_F_DSA_PRINT,ERR_R_MALLOC_FAILURE);
@@ -281,10 +308,15 @@ int DHparams_print_fp(FILE *fp, DH *x)
 int DHparams_print(BIO *bp, DH *x)
 	{
 	unsigned char *m=NULL;
-	int reason=ERR_R_BUF_LIB,i,ret=0;
+	int reason=ERR_R_BUF_LIB,ret=0;
 	size_t buf_len=0, i;
-	i=BN_num_bytes(x->p);
+	if (x->p)
-	m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
+		buf_len = (size_t)BN_num_bytes(x->p);
 	if (x->g)
 		if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
 			buf_len = i;
 	m=(unsigned char *)OPENSSL_malloc(buf_len+10);
 	if (m == NULL)
 		{
 		reason=ERR_R_MALLOC_FAILURE;
@@ -334,10 +366,18 @@ int DSAparams_print_fp(FILE *fp, DSA *x)
 int DSAparams_print(BIO *bp, DSA *x)
 	{
 	unsigned char *m=NULL;
-	int reason=ERR_R_BUF_LIB,i,ret=0;
+	int reason=ERR_R_BUF_LIB,ret=0;
 	size_t buf_len=0, i;
-	i=BN_num_bytes(x->p);
+	if (x->p)
-	m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
+		buf_len = (size_t)BN_num_bytes(x->p);
 	if (x->q)
 		if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
 			buf_len = i;
 	if (x->g)
 		if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
 			buf_len = i;
 	m=(unsigned char *)OPENSSL_malloc(buf_len+10);
 	if (m == NULL)
 		{
 		reason=ERR_R_MALLOC_FAILURE;
--- a/crypto/asn1/x_pubkey.c
+++ b/crypto/asn1/x_pubkey.c
@@ -156,7 +156,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
 		dsa->write_params=0;
 		ASN1_TYPE_free(a->parameter);
 		i=i2d_DSAparams(dsa,NULL);
-		p=(unsigned char *)OPENSSL_malloc(i);
+		if ((p=(unsigned char *)OPENSSL_malloc(i)) == NULL) goto err;
 		pp=p;
 		i2d_DSAparams(dsa,&pp);
 		a->parameter=ASN1_TYPE_new();
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@@ -56,6 +56,13 @@
 * [including the GNU Public Licence.]
 */
 /* disable assert() unless BIO_DEBUG has been defined */
 #ifndef BIO_DEBUG
 # ifndef NDEBUG
 #  define NDEBUG
 # endif
 #endif
 /* 
 * Stolen from tjh's ssl/ssl_trc.c stuff.
 */
@@ -102,7 +109,7 @@
 * o ...                                       (for OpenSSL)
 */
-#if HAVE_LONG_DOUBLE
+#ifdef HAVE_LONG_DOUBLE
 #define LDOUBLE long double
 #else
 #define LDOUBLE double
@@ -716,12 +723,13 @@ doapr_outch(
    if (buffer) {
 	while (*currlen >= *maxlen) {
 	    if (*buffer == NULL) {
 		assert(*sbuffer != NULL);
 		if (*maxlen == 0)
 		    *maxlen = 1024;
 		*buffer = OPENSSL_malloc(*maxlen);
-		if (*currlen > 0)
+		if (*currlen > 0) {
 		    assert(*sbuffer != NULL);
 		    memcpy(*buffer, *sbuffer, *currlen);
 		}
 		*sbuffer = NULL;
 	    } else {
 		*maxlen += 1024;
@@ -761,7 +769,9 @@ int BIO_vprintf (BIO *bio, const char *format, va_list args)
 	{
 	int ret;
 	size_t retlen;
-	MS_STATIC char hugebuf[1024*10];
+	char hugebuf[1024*2];	/* Was previously 10k, which is unreasonable
 				   in small-stack environments, like threads
 				   or DOS programs. */
 	char *hugebufp = hugebuf;
 	size_t hugebufsize = sizeof(hugebuf);
 	char *dynbuf = NULL;
--- a/crypto/bio/bf_nbio.c
+++ b/crypto/bio/bf_nbio.c
@@ -104,7 +104,7 @@ static int nbiof_new(BIO *bi)
 	{
 	NBIO_TEST *nt;
-	nt=(NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST));
+	if (!(nt=(NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST)))) return(0);
 	nt->lrn= -1;
 	nt->lwn= -1;
 	bi->ptr=(char *)nt;
--- a/crypto/bio/bss_bio.c
+++ b/crypto/bio/bss_bio.c
@@ -7,9 +7,18 @@
 * for which no specific BIO method is available.
 * See ssl/ssltest.c for some hints on how this can be used. */
 /* BIO_DEBUG implies BIO_PAIR_DEBUG */
 #ifdef BIO_DEBUG
 # ifndef BIO_PAIR_DEBUG
 #  define BIO_PAIR_DEBUG
 # endif
 #endif
 /* disable assert() unless BIO_PAIR_DEBUG has been defined */
 #ifndef BIO_PAIR_DEBUG
-# undef NDEBUG /* avoid conflicting definitions */
+# ifndef NDEBUG
 #  define NDEBUG
 # endif
 #endif
 #include <assert.h>
--- a/crypto/bn/bn.h
+++ b/crypto/bn/bn.h
@@ -155,7 +155,7 @@ extern "C" {
 #define BN_BYTES	4
 #define BN_BITS2	32
 #define BN_BITS4	16
-#ifdef WIN32
+#ifdef _MSC_VER
 /* VC++ doesn't like the LL suffix */
 #define BN_MASK		(0xffffffffffffffffL)
 #else
--- a/crypto/bn/bn_div.c
+++ b/crypto/bn/bn_div.c
@@ -190,10 +190,10 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
 	/* First we normalise the numbers */
 	norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
-	BN_lshift(sdiv,divisor,norm_shift);
+	if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err;
 	sdiv->neg=0;
 	norm_shift+=BN_BITS2;
-	BN_lshift(snum,num,norm_shift);
+	if (!(BN_lshift(snum,num,norm_shift))) goto err;
 	snum->neg=0;
 	div_n=sdiv->top;
 	num_n=snum->top;
@@ -315,7 +315,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
 		tmp->top=j;
 		j=wnum.top;
-		BN_sub(&wnum,&wnum,tmp);
+		if (!BN_sub(&wnum,&wnum,tmp)) goto err;
 		snum->top=snum->top+wnum.top-j;
@@ -323,7 +323,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
 			{
 			q--;
 			j=wnum.top;
-			BN_add(&wnum,&wnum,sdiv);
+			if (!BN_add(&wnum,&wnum,sdiv)) goto err;
 			snum->top+=wnum.top-j;
 			}
 		*(resp--)=q;
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
@@ -113,13 +113,6 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
 #ifdef ATALLA
 # include <alloca.h>
 # include <atasi.h>
 # include <assert.h>
 # include <dlfcn.h>
 #endif
 #define TABLE_SIZE	32
@@ -183,174 +176,6 @@ err:
 	}
 #ifdef ATALLA
 /*
 * This routine will dynamically check for the existance of an Atalla AXL-200
 * SSL accelerator module.  If one is found, the variable
 * asi_accelerator_present is set to 1 and the function pointers
 * ptr_ASI_xxxxxx above will be initialized to corresponding ASI API calls.
 */
 typedef int tfnASI_GetPerformanceStatistics(int reset_flag,
 					    unsigned int *ret_buf);
 typedef int tfnASI_GetHardwareConfig(long card_num, unsigned int *ret_buf);
 typedef int tfnASI_RSAPrivateKeyOpFn(RSAPrivateKey * rsaKey,
 				     unsigned char *output,
 				     unsigned char *input,
 				     unsigned int modulus_len);
 static tfnASI_GetHardwareConfig *ptr_ASI_GetHardwareConfig;
 static tfnASI_RSAPrivateKeyOpFn *ptr_ASI_RSAPrivateKeyOpFn;
 static tfnASI_GetPerformanceStatistics *ptr_ASI_GetPerformanceStatistics;
 static int asi_accelerator_present;
 static int tried_atalla;
 void atalla_initialize_accelerator_handle(void)
 	{
 	void *dl_handle;
 	int status;
 	unsigned int config_buf[1024]; 
 	static int tested;
 	if(tested)
 		return;
 	tested=1;
 	bzero((void *)config_buf, 1024);
 	/*
 	 * Check to see if the library is present on the system
 	 */
 	dl_handle = dlopen("atasi.so", RTLD_NOW);
 	if (dl_handle == (void *) NULL)
 		{
 /*		printf("atasi.so library is not present on the system\n");
 		printf("No HW acceleration available\n");*/
 		return;
 	        }
 	/*
 	 * The library is present.  Now we'll check to insure that the
 	 * LDM is up and running. First we'll get the address of the
 	 * function in the atasi library that we need to see if the
 	 * LDM is operating.
 	 */
 	ptr_ASI_GetHardwareConfig =
 	  (tfnASI_GetHardwareConfig *)dlsym(dl_handle,"ASI_GetHardwareConfig");
 	if (ptr_ASI_GetHardwareConfig)
 		{
 		/*
 		 * We found the call, now we'll get our config
 		 * status.  If we get a non 0 result, the LDM is not
 		 * running and we cannot use the Atalla ASI *
 		 * library.
 		 */
 		status = (*ptr_ASI_GetHardwareConfig)(0L, config_buf);
 		if (status != 0)
 			{
 			printf("atasi.so library is present but not initialized\n");
 			printf("No HW acceleration available\n");
 			return;
 			}    
 	        }
 	else
 		{
 /*		printf("We found the library, but not the function. Very Strange!\n");*/
 		return ;
 	      	}
 	/* 
 	 * It looks like we have acceleration capabilities.  Load up the
 	 * pointers to our ASI API calls.
 	 */
 	ptr_ASI_RSAPrivateKeyOpFn=
 	  (tfnASI_RSAPrivateKeyOpFn *)dlsym(dl_handle, "ASI_RSAPrivateKeyOpFn");
 	if (ptr_ASI_RSAPrivateKeyOpFn == NULL)
 		{
 /*		printf("We found the library, but no RSA function. Very Strange!\n");*/
 		return;
 	        }
 	ptr_ASI_GetPerformanceStatistics =
 	  (tfnASI_GetPerformanceStatistics *)dlsym(dl_handle, "ASI_GetPerformanceStatistics");
 	if (ptr_ASI_GetPerformanceStatistics == NULL)
 		{
 /*		printf("We found the library, but no stat function. Very Strange!\n");*/
 		return;
 	      }
 	/*
 	 * Indicate that acceleration is available
 	 */
 	asi_accelerator_present = 1;
 /*	printf("This system has acceleration!\n");*/
 	return;
 	}
 /* make sure this only gets called once when bn_mod_exp calls bn_mod_exp_mont */
 int BN_mod_exp_atalla(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m)
 	{
 	unsigned char *abin;
 	unsigned char *pbin;
 	unsigned char *mbin;
 	unsigned char *rbin;
 	int an,pn,mn,ret;
 	RSAPrivateKey keydata;
 	atalla_initialize_accelerator_handle();
 	if(!asi_accelerator_present)
 		return 0;
 /* We should be able to run without size testing */
 # define ASIZE	128
 	an=BN_num_bytes(a);
 	pn=BN_num_bytes(p);
 	mn=BN_num_bytes(m);
 	if(an <= ASIZE && pn <= ASIZE && mn <= ASIZE)
 	    {
 	    int size=mn;
 	    assert(an <= mn);
 	    abin=alloca(size);
 	    memset(abin,'\0',mn);
 	    BN_bn2bin(a,abin+size-an);
 	    pbin=alloca(pn);
 	    BN_bn2bin(p,pbin);
 	    mbin=alloca(size);
 	    memset(mbin,'\0',mn);
 	    BN_bn2bin(m,mbin+size-mn);
 	    rbin=alloca(size);
 	    memset(&keydata,'\0',sizeof keydata);
 	    keydata.privateExponent.data=pbin;
 	    keydata.privateExponent.len=pn;
 	    keydata.modulus.data=mbin;
 	    keydata.modulus.len=size;
 	    ret=(*ptr_ASI_RSAPrivateKeyOpFn)(&keydata,rbin,abin,keydata.modulus.len);
 /*fprintf(stderr,"!%s\n",BN_bn2hex(a));*/
 	    if(!ret)
 	        {
 		BN_bin2bn(rbin,keydata.modulus.len,r);
 /*fprintf(stderr,"?%s\n",BN_bn2hex(r));*/
 		return 1;
 	        }
 	    }
 	return 0;
        }
 #endif /* def ATALLA */
 int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
 	       BN_CTX *ctx)
 	{
@@ -360,13 +185,6 @@ int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
 	bn_check_top(p);
 	bn_check_top(m);
 #ifdef ATALLA
 	if(BN_mod_exp_atalla(r,a,p,m))
 	    return 1;
 /* If it fails, try the other methods (but don't try atalla again) */
 	tried_atalla=1;
 #endif
 #ifdef MONT_MUL_MOD
 	/* I have finally been able to take out this pre-condition of
 	 * the top bit being set.  It was caused by an error in BN_div
@@ -392,10 +210,6 @@ int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
 		{ ret=BN_mod_exp_simple(r,a,p,m,ctx); }
 #endif
 #ifdef ATALLA
 	tried_atalla=0;
 #endif
 	return(ret);
 	}
@@ -525,12 +339,6 @@ int BN_mod_exp_mont(BIGNUM *rr, BIGNUM *a, const BIGNUM *p,
 	bn_check_top(p);
 	bn_check_top(m);
 #ifdef ATALLA
 	if(!tried_atalla && BN_mod_exp_atalla(rr,a,p,m))
 	    return 1;
 /* If it fails, try the other methods */
 #endif
 	if (!(m->d[0] & 1))
 		{
 		BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
@@ -693,19 +501,6 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
 	t = BN_CTX_get(ctx);
 	if (d == NULL || r == NULL || t == NULL) goto err;
 #ifdef ATALLA
 	if (!tried_atalla)
 		{
 		BN_set_word(t, a);
 		if (BN_mod_exp_atalla(rr, t, p, m))
 			{
 			BN_CTX_end(ctx);
 			return 1;
 			}
 		}
 /* If it fails, try the other methods */
 #endif
 	if (in_mont != NULL)
 		mont=in_mont;
 	else
--- a/crypto/bn/bn_gcd.c
+++ b/crypto/bn/bn_gcd.c
@@ -168,8 +168,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
 		R=in;
 	if (R == NULL) goto err;
-	BN_zero(X);
+	if (!BN_zero(X)) goto err;
-	BN_one(Y);
+	if (!BN_one(Y)) goto err;
 	if (BN_copy(A,a) == NULL) goto err;
 	if (BN_copy(B,n) == NULL) goto err;
 	sign=1;
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -224,7 +224,7 @@ int BN_from_montgomery(BIGNUM *ret, BIGNUM *a, BN_MONT_CTX *mont,
 	if (!BN_mul(t1,t2,&mont->N,ctx)) goto err;
 	if (!BN_add(t2,a,t1)) goto err;
-	BN_rshift(ret,t2,mont->ri);
+	if (!BN_rshift(ret,t2,mont->ri)) goto err;
 #endif /* MONT_WORD */
 	if (BN_ucmp(ret, &(mont->N)) >= 0)
@@ -284,8 +284,8 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
 		BN_ULONG buf[2];
 		mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
-		BN_zero(R);
+		if (!(BN_zero(R))) goto err;
-		BN_set_bit(R,BN_BITS2);			/* R */
+		if (!(BN_set_bit(R,BN_BITS2))) goto err;	/* R */
 		buf[0]=mod->d[0]; /* tmod = N mod word size */
 		buf[1]=0;
@@ -296,36 +296,44 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
 							/* Ri = R^-1 mod N*/
 		if ((BN_mod_inverse(&Ri,R,&tmod,ctx)) == NULL)
 			goto err;
-		BN_lshift(&Ri,&Ri,BN_BITS2);		/* R*Ri */
+		/* R*Ri */
 		if (!(BN_lshift(&Ri,&Ri,BN_BITS2))) goto err;
 		if (!BN_is_zero(&Ri))
-			BN_sub_word(&Ri,1);
+			{
 		   	if (!BN_sub_word(&Ri,1)) goto err;
 			}
 		else /* if N mod word size == 1 */
-			BN_set_word(&Ri,BN_MASK2);  /* Ri-- (mod word size) */
+		   	/* Ri-- (mod word size) */
-		BN_div(&Ri,NULL,&Ri,&tmod,ctx);	/* Ni = (R*Ri-1)/N,
+			{
-		                                 * keep only least significant word: */
+			if (!BN_set_word(&Ri,BN_MASK2)) goto err;
 			}
 		/* Ni = (R*Ri-1)/N, keep only least significant word: */
                if (!(BN_div(&Ri,NULL,&Ri,&tmod,ctx))) goto err;
 		mont->n0=Ri.d[0];
 		BN_free(&Ri);
 		}
 #else /* !MONT_WORD */
 		{ /* bignum version */
 		mont->ri=BN_num_bits(mod);
-		BN_zero(R);
+		if (!(BN_zero(R))) goto err;
-		BN_set_bit(R,mont->ri);			/* R = 2^ri */
+		/* R = 2^ri */
 		if (!(BN_set_bit(R,mont->ri))) goto err;
 							/* Ri = R^-1 mod N*/
 		if ((BN_mod_inverse(&Ri,R,mod,ctx)) == NULL)
 			goto err;
-		BN_lshift(&Ri,&Ri,mont->ri);		/* R*Ri */
+		/* R*Ri */
-		BN_sub_word(&Ri,1);
+		if (!(BN_lshift(&Ri,&Ri,mont->ri))) goto err;
 		if (!(BN_sub_word(&Ri,1))) goto err;
 							/* Ni = (R*Ri-1) / N */
-		BN_div(&(mont->Ni),NULL,&Ri,mod,ctx);
+		if (!(BN_div(&(mont->Ni),NULL,&Ri,mod,ctx))) goto err;
 		BN_free(&Ri);
 		}
 #endif
 	/* setup RR for conversions */
-	BN_zero(&(mont->RR));
+	if (!(BN_zero(&(mont->RR)))) goto err;
-	BN_set_bit(&(mont->RR),mont->ri*2);
+	if (!(BN_set_bit(&(mont->RR),mont->ri*2))) goto err;
-	BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx);
+	if (!(BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx))) goto err;
 	return(1);
 err:
@@ -336,9 +344,9 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
 	{
 	if (to == from) return(to);
-	BN_copy(&(to->RR),&(from->RR));
+	if (!(BN_copy(&(to->RR),&(from->RR)))) return NULL;
-	BN_copy(&(to->N),&(from->N));
+	if (!(BN_copy(&(to->N),&(from->N)))) return NULL;
-	BN_copy(&(to->Ni),&(from->Ni));
+	if (!(BN_copy(&(to->Ni),&(from->Ni)))) return NULL;
 	to->ri=from->ri;
 	to->n0=from->n0;
 	return(to);
--- a/crypto/bn/bn_mul.c
+++ b/crypto/bn/bn_mul.c
@@ -634,7 +634,7 @@ int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
 	if ((al == 0) || (bl == 0))
 		{
-		BN_zero(r);
+		if (!BN_zero(r)) goto err;
 		return(1);
 		}
 	top=al+bl;
@@ -677,14 +677,14 @@ int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
 		{
 		if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA))
 			{
-			bn_wexpand(b,al);
+			if (bn_wexpand(b,al) == NULL) goto err;
 			b->d[bl]=0;
 			bl++;
 			i--;
 			}
 		else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA))
 			{
-			bn_wexpand(a,bl);
+			if (bn_wexpand(a,bl) == NULL) goto err;
 			a->d[al]=0;
 			al++;
 			i++;
@@ -699,16 +699,16 @@ int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
 			t = BN_CTX_get(ctx);
 			if (al == j) /* exact multiple */
 				{
-				bn_wexpand(t,k*2);
+				if (bn_wexpand(t,k*2) == NULL) goto err;
-				bn_wexpand(rr,k*2);
+				if (bn_wexpand(rr,k*2) == NULL) goto err;
 				bn_mul_recursive(rr->d,a->d,b->d,al,t->d);
 				}
 			else
 				{
-				bn_wexpand(a,k);
+				if (bn_wexpand(a,k) == NULL ) goto err;
-				bn_wexpand(b,k);
+				if (bn_wexpand(b,k) == NULL ) goto err;
-				bn_wexpand(t,k*4);
+				if (bn_wexpand(t,k*4) == NULL ) goto err;
-				bn_wexpand(rr,k*4);
+				if (bn_wexpand(rr,k*4) == NULL ) goto err;
 				for (i=a->top; i<k; i++)
 					a->d[i]=0;
 				for (i=b->top; i<k; i++)
--- a/crypto/conf/Makefile.ssl
+++ b/crypto/conf/Makefile.ssl
@@ -5,7 +5,7 @@
 DIR=	conf
 TOP=	../..
 CC=	cc
-INCLUDES= -I.. -I../.. -I../../include
+INCLUDES= -I.. -I../../include
 CFLAG=-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
@@ -80,18 +80,20 @@ clean:
 # DO NOT DELETE THIS LINE -- make depend depends on it.
-conf_api.o: ../../e_os.h ../../include/openssl/bio.h
+conf_api.o: ../../include/openssl/bio.h ../../include/openssl/conf.h
-conf_api.o: ../../include/openssl/conf.h ../../include/openssl/conf_api.h
+conf_api.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h
-conf_api.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+conf_api.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 conf_api.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 conf_api.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 conf_api.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 conf_def.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 conf_def.o: ../../include/openssl/conf.h ../../include/openssl/conf_api.h
-conf_def.o: ../../include/openssl/crypto.h ../../include/openssl/err.h
+conf_def.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
-conf_def.o: ../../include/openssl/lhash.h ../../include/openssl/opensslv.h
+conf_def.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-conf_def.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+conf_def.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-conf_def.o: ../../include/openssl/symhacks.h conf_def.h
+conf_def.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 conf_def.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 conf_def.o: ../cryptlib.h conf_def.h
 conf_err.o: ../../include/openssl/bio.h ../../include/openssl/conf.h
 conf_err.o: ../../include/openssl/crypto.h ../../include/openssl/err.h
 conf_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslv.h
--- a/crypto/conf/conf_api.c
+++ b/crypto/conf/conf_api.c
@@ -67,7 +67,7 @@
 #include <string.h>
 #include <openssl/conf.h>
 #include <openssl/conf_api.h>
-#include "e_os.h"
+#include "openssl/e_os.h"
 static void value_free_hash(CONF_VALUE *a, LHASH *conf);
 static void value_free_stack(CONF_VALUE *a,LHASH *conf);
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@@ -67,6 +67,7 @@
 #include "conf_def.h"
 #include <openssl/buffer.h>
 #include <openssl/err.h>
 #include "cryptlib.h"
 static char *eat_ws(CONF *conf, char *p);
 static char *eat_alpha_numeric(CONF *conf, char *p);
@@ -180,12 +181,12 @@ static int def_destroy_data(CONF *conf)
 static int def_load(CONF *conf, BIO *in, long *line)
 	{
 #define BUFSIZE	512
 	char btmp[16];
 	int bufnum=0,i,ii;
 	BUF_MEM *buff=NULL;
 	char *s,*p,*end;
 	int again,n;
 	long eline=0;
 	char btmp[DECIMAL_SIZE(eline)+1];
 	CONF_VALUE *v=NULL,*tv;
 	CONF_VALUE *sv=NULL;
 	char *section=NULL,*buf;
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -101,7 +101,8 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] =
 	"debug_malloc2",
 	"dso",
 	"dynlock",
-#if CRYPTO_NUM_LOCKS != 29
+	"engine",
 #if CRYPTO_NUM_LOCKS != 30
 # error "Inconsistency between crypto.h and cryptlib.c"
 #endif
 	};
@@ -399,16 +400,15 @@ void CRYPTO_lock(int mode, int type, const char *file, int line)
 #endif
 	if (type < 0)
 		{
 		int i = -type - 1;
 		struct CRYPTO_dynlock_value *pointer
-			= CRYPTO_get_dynlock_value(i);
+			= CRYPTO_get_dynlock_value(type);
 		if (pointer && dynlock_lock_callback)
 			{
 			dynlock_lock_callback(mode, pointer, file, line);
 			}
-		CRYPTO_destroy_dynlockid(i);
+		CRYPTO_destroy_dynlockid(type);
 		}
 	else
 		if (locking_callback != NULL)
@@ -491,3 +491,11 @@ BOOL WINAPI DLLEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason,
 #endif
 #endif
 void OpenSSLDie(const char *file,int line,const char *assertion)
    {
    fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",
 	    file,line,assertion);
    abort();
    }
--- a/crypto/cryptlib.h
+++ b/crypto/cryptlib.h
@@ -89,6 +89,10 @@ extern "C" {
 #define X509_CERT_DIR_EVP        "SSL_CERT_DIR"
 #define X509_CERT_FILE_EVP       "SSL_CERT_FILE"
 /* size of string represenations */
 #define DECIMAL_SIZE(type)     ((sizeof(type)*8+2)/3+1)
 #define HEX_SIZE(type)         ((sizeof(type)*2)
 #ifdef  __cplusplus
 }
 #endif
--- a/crypto/crypto-lib.com
+++ b/crypto/crypto-lib.com
@@ -88,7 +88,7 @@ $! Define The Different Encryption Types.
 $!
 $ ENCRYPT_TYPES = "Basic,MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ -
 		  "DES,RC2,RC4,RC5,IDEA,BF,CAST,"+ -
-		  "BN,RSA,DSA,DH,DSO,"+ -
+		  "BN,RSA,DSA,DH,DSO,ENGINE,"+ -
 		  "BUFFER,BIO,STACK,LHASH,RAND,ERR,OBJECTS,"+ -
 		  "EVP,EVP_2,ASN1,ASN1_2,PEM,X509,X509V3,"+ -
 		  "CONF,TXT_DB,PKCS7,PKCS12,COMP"
@@ -206,6 +206,9 @@ $ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,dsa_err,dsa_ossl"
 $ LIB_DH = "dh_gen,dh_key,dh_lib,dh_check,dh_err"
 $ LIB_DSO = "dso_dl,dso_dlfcn,dso_err,dso_lib,dso_null,"+ -
 	"dso_openssl,dso_win32,dso_vms"
 $ LIB_ENGINE = "engine_err,engine_lib,engine_list,engine_openssl,"+ -
 	"hw_atalla,hw_cswift,hw_ncipher,hw_aep,hw_sureware,"+ -
 	"hw_ubsec,hw_keyclient"
 $ LIB_BUFFER = "buffer,buf_err"
 $ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ -
 	"bss_mem,bss_null,bss_fd,"+ -
@@ -623,6 +626,7 @@ $   WRITE SYS$OUTPUT "	",APPLICATION,".exe"
 $!
 $! Link The Program, Check To See If We Need To Link With RSAREF Or Not.
 $!
 $   ON ERROR THEN GOTO NEXT_APPLICATION
 $   IF (RSAREF.EQS."TRUE")
 $   THEN
 $!
@@ -1194,7 +1198,9 @@ $     CC = "CC"
 $     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
 	 THEN CC = "CC/DECC"
 $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
-           "/NOLIST/PREFIX=ALL/INCLUDE=SYS$DISK:[]" + CCEXTRAFLAGS
+           "/NOLIST/PREFIX=ALL" + -
 	   "/INCLUDE=(SYS$DISK:[],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
 	   CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
@@ -1226,7 +1232,8 @@ $	WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
 $	EXIT
 $     ENDIF
 $     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
-$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST/INCLUDE=SYS$DISK:[]" + -
+$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
 	   "/INCLUDE=(SYS$DISK:[],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
 	   CCEXTRAFLAGS
 $     CCDEFS = """VAXC""," + CCDEFS
 $!
@@ -1258,7 +1265,8 @@ $!
 $!    Use GNU C...
 $!
 $     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-	   "/INCLUDE=SYS$DISK:[]" + CCEXTRAFLAGS
+	   "/INCLUDE=(SYS$DISK:[],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
 	   CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -123,7 +123,8 @@ extern "C" {
 #define	CRYPTO_LOCK_MALLOC2		26
 #define	CRYPTO_LOCK_DSO			27
 #define	CRYPTO_LOCK_DYNLOCK		28
-#define	CRYPTO_NUM_LOCKS		29
+#define	CRYPTO_LOCK_ENGINE		29
 #define	CRYPTO_NUM_LOCKS		30
 #define CRYPTO_LOCK		1
 #define CRYPTO_UNLOCK		2
--- a/crypto/des/des.h
+++ b/crypto/des/des.h
@@ -189,7 +189,7 @@ int des_enc_write(int fd,const void *buf,int len,des_key_schedule sched,
 		  des_cblock *iv);
 char *des_fcrypt(const char *buf,const char *salt, char *ret);
 char *des_crypt(const char *buf,const char *salt);
-#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT)
+#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(_UWIN)
 char *crypt(const char *buf,const char *salt);
 #endif
 void des_ofb_encrypt(const unsigned char *in,unsigned char *out,int numbits,
--- a/crypto/dh/Makefile.ssl
+++ b/crypto/dh/Makefile.ssl
@@ -101,19 +101,39 @@ dh_gen.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 dh_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 dh_gen.o: ../cryptlib.h
-dh_key.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_key.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-dh_key.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
+dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-dh_key.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dh_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-dh_key.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dh_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 dh_key.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 dh_key.o: ../../include/openssl/engine.h ../../include/openssl/err.h
 dh_key.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 dh_key.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 dh_key.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 dh_key.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 dh_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 dh_key.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
-dh_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dh_key.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 dh_key.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 dh_key.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 dh_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 dh_key.o: ../../include/openssl/symhacks.h ../cryptlib.h
-dh_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-dh_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-dh_lib.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
+dh_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-dh_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dh_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+dh_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-dh_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dh_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-dh_lib.o: ../cryptlib.h
+dh_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 dh_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 dh_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 dh_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
 dh_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 dh_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 dh_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 dh_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 dh_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h
--- a/crypto/dh/dh.h
+++ b/crypto/dh/dh.h
@@ -115,7 +115,11 @@ struct dh_st
 	int references;
 	CRYPTO_EX_DATA ex_data;
 #if 0
 	DH_METHOD *meth;
 #else
 	struct engine_st *engine;
 #endif
 	};
 #define DH_GENERATOR_2		2
@@ -150,10 +154,15 @@ struct dh_st
 DH_METHOD *DH_OpenSSL(void);
-void DH_set_default_method(DH_METHOD *meth);
+void DH_set_default_openssl_method(DH_METHOD *meth);
-DH_METHOD *DH_get_default_method(void);
+DH_METHOD *DH_get_default_openssl_method(void);
 #if 0
 DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth);
 DH *DH_new_method(DH_METHOD *meth);
 #else
 int DH_set_method(DH *dh, struct engine_st *engine);
 DH *DH_new_method(struct engine_st *engine);
 #endif
 DH *	DH_new(void);
 void	DH_free(DH *dh);
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -61,6 +61,7 @@
 #include <openssl/bn.h>
 #include <openssl/rand.h>
 #include <openssl/dh.h>
 #include <openssl/engine.h>
 static int generate_key(DH *dh);
 static int compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
@@ -72,12 +73,12 @@ static int dh_finish(DH *dh);
 int DH_generate_key(DH *dh)
 	{
-	return dh->meth->generate_key(dh);
+	return ENGINE_get_DH(dh->engine)->generate_key(dh);
 	}
 int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh)
 	{
-	return dh->meth->compute_key(key, pub_key, dh);
+	return ENGINE_get_DH(dh->engine)->compute_key(key, pub_key, dh);
 	}
 static DH_METHOD dh_ossl = {
@@ -137,7 +138,9 @@ static int generate_key(DH *dh)
 		l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
 		if (!BN_rand(priv_key, l, 0, 0)) goto err;
 		}
-	if (!dh->meth->bn_mod_exp(dh, pub_key,dh->g,priv_key,dh->p,&ctx,mont)) goto err;
+	if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, pub_key, dh->g,
 				priv_key,dh->p,&ctx,mont))
 		goto err;
 	dh->pub_key=pub_key;
 	dh->priv_key=priv_key;
@@ -176,7 +179,8 @@ static int compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh)
 		}
 	mont=(BN_MONT_CTX *)dh->method_mont_p;
-	if (!dh->meth->bn_mod_exp(dh, tmp,pub_key,dh->priv_key,dh->p,&ctx,mont))
+	if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, tmp, pub_key,
 				dh->priv_key,dh->p,&ctx,mont))
 		{
 		DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB);
 		goto err;
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -60,6 +60,7 @@
 #include "cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/dh.h>
 #include <openssl/engine.h>
 const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
@@ -67,17 +68,32 @@ static DH_METHOD *default_DH_method = NULL;
 static int dh_meth_num = 0;
 static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dh_meth = NULL;
-void DH_set_default_method(DH_METHOD *meth)
+void DH_set_default_openssl_method(DH_METHOD *meth)
 {
 	ENGINE *e;
 	/* We'll need to notify the "openssl" ENGINE of this
 	 * change too. We won't bother locking things down at
 	 * our end as there was never any locking in these
 	 * functions! */
 	if(default_DH_method != meth)
 		{
 		default_DH_method = meth;
 		e = ENGINE_by_id("openssl");
 		if(e)
 			{
 			ENGINE_set_DH(e, meth);
 			ENGINE_free(e);
 			}
 		}
 }
-DH_METHOD *DH_get_default_method(void)
+DH_METHOD *DH_get_default_openssl_method(void)
 {
 	if(!default_DH_method) default_DH_method = DH_OpenSSL();
 	return default_DH_method;
 }
 #if 0
 DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth)
 {
        DH_METHOD *mtmp;
@@ -87,14 +103,37 @@ DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth)
        if (meth->init) meth->init(dh);
        return mtmp;
 }
 #else
 int DH_set_method(DH *dh, ENGINE *engine)
 {
 	ENGINE *mtmp;
 	DH_METHOD *meth;
 	mtmp = dh->engine;
 	meth = ENGINE_get_DH(mtmp);
 	if (!ENGINE_init(engine))
 		return 0;
 	if (meth->finish) meth->finish(dh);
 	dh->engine= engine;
 	meth = ENGINE_get_DH(engine);
 	if (meth->init) meth->init(dh);
 	/* SHOULD ERROR CHECK THIS!!! */
 	ENGINE_finish(mtmp);
 	return 1;
 }
 #endif
 DH *DH_new(void)
 {
 	return DH_new_method(NULL);
 }
 #if 0
 DH *DH_new_method(DH_METHOD *meth)
 #else
 DH *DH_new_method(ENGINE *engine)
 #endif
 	{
 	DH_METHOD *meth;
 	DH *ret;
 	ret=(DH *)OPENSSL_malloc(sizeof(DH));
@@ -103,8 +142,17 @@ DH *DH_new_method(DH_METHOD *meth)
 		DHerr(DH_F_DH_NEW,ERR_R_MALLOC_FAILURE);
 		return(NULL);
 		}
-	if(meth) ret->meth = meth;
+	if(engine)
-	else ret->meth = DH_get_default_method();
+		ret->engine = engine;
 	else
 		{
 		if((ret->engine=ENGINE_get_default_DH()) == NULL)
 			{
 			OPENSSL_free(ret);
 			return NULL;
 			}
 		}
 	meth = ENGINE_get_DH(ret->engine);
 	ret->pad=0;
 	ret->version=0;
 	ret->p=NULL;
@@ -119,9 +167,9 @@ DH *DH_new_method(DH_METHOD *meth)
 	ret->counter = NULL;
 	ret->method_mont_p=NULL;
 	ret->references = 1;
-	ret->flags=ret->meth->flags;
+	ret->flags=meth->flags;
 	CRYPTO_new_ex_data(dh_meth,ret,&ret->ex_data);
-	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
+	if ((meth->init != NULL) && !meth->init(ret))
 		{
 		CRYPTO_free_ex_data(dh_meth,ret,&ret->ex_data);
 		OPENSSL_free(ret);
@@ -132,6 +180,7 @@ DH *DH_new_method(DH_METHOD *meth)
 void DH_free(DH *r)
 	{
 	DH_METHOD *meth;
 	int i;
 	if(r == NULL) return;
 	i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH);
@@ -147,7 +196,9 @@ void DH_free(DH *r)
 	}
 #endif
-	if(r->meth->finish) r->meth->finish(r);
+	meth = ENGINE_get_DH(r->engine);
 	if(meth->finish) meth->finish(r);
 	ENGINE_finish(r->engine);
 	CRYPTO_free_ex_data(dh_meth, r, &r->ex_data);
--- a/crypto/dsa/Makefile.ssl
+++ b/crypto/dsa/Makefile.ssl
@@ -116,39 +116,75 @@ dsa_key.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
 dsa_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 dsa_key.o: ../../include/openssl/symhacks.h ../cryptlib.h
 dsa_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-dsa_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dsa_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-dsa_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-dsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dsa_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-dsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+dsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-dsa_lib.o: ../cryptlib.h
+dsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 dsa_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 dsa_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 dsa_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 dsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
 dsa_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 dsa_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 dsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 dsa_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 dsa_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h
 dsa_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-dsa_ossl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dsa_ossl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-dsa_ossl.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-dsa_ossl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+dsa_ossl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_ossl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-dsa_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dsa_ossl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 dsa_ossl.o: ../../include/openssl/engine.h ../../include/openssl/err.h
 dsa_ossl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 dsa_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 dsa_ossl.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 dsa_ossl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 dsa_ossl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
-dsa_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_ossl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 dsa_ossl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 dsa_ossl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 dsa_ossl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 dsa_ossl.o: ../../include/openssl/symhacks.h ../cryptlib.h
 dsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-dsa_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dsa_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-dsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+dsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dsa_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 dsa_sign.o: ../../include/openssl/engine.h ../../include/openssl/err.h
 dsa_sign.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 dsa_sign.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 dsa_sign.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 dsa_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
-dsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_sign.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 dsa_sign.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 dsa_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 dsa_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 dsa_sign.o: ../../include/openssl/symhacks.h ../cryptlib.h
 dsa_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-dsa_vrf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_vrf.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-dsa_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-dsa_vrf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_vrf.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-dsa_vrf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dsa_vrf.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
 dsa_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
 dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 dsa_vrf.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 dsa_vrf.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 dsa_vrf.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 dsa_vrf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-dsa_vrf.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+dsa_vrf.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
 dsa_vrf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 dsa_vrf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 dsa_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 dsa_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 dsa_vrf.o: ../cryptlib.h
--- a/crypto/dsa/dsa.h
+++ b/crypto/dsa/dsa.h
@@ -133,7 +133,11 @@ struct dsa_st
 	char *method_mont_p;
 	int references;
 	CRYPTO_EX_DATA ex_data;
 #if 0
 	DSA_METHOD *meth;
 #else
 	struct engine_st *engine;
 #endif
 	};
 #define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \
@@ -159,12 +163,20 @@ int	DSA_do_verify(const unsigned char *dgst,int dgst_len,
 DSA_METHOD *DSA_OpenSSL(void);
-void        DSA_set_default_method(DSA_METHOD *);
+void        DSA_set_default_openssl_method(DSA_METHOD *);
-DSA_METHOD *DSA_get_default_method(void);
+DSA_METHOD *DSA_get_default_openssl_method(void);
 #if 0
 DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *);
 #else
 int DSA_set_method(DSA *dsa, struct engine_st *engine);
 #endif
 DSA *	DSA_new(void);
 #if 0
 DSA *	DSA_new_method(DSA_METHOD *meth);
 #else
 DSA *	DSA_new_method(struct engine_st *engine);
 #endif
 int	DSA_size(DSA *);
 	/* next 4 return -1 on error */
 int	DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp);
--- a/crypto/dsa/dsa_asn1.c
+++ b/crypto/dsa/dsa_asn1.c
@@ -84,6 +84,7 @@ DSA_SIG *d2i_DSA_SIG(DSA_SIG **a, unsigned char **pp, long length)
 	if ((ret->s=BN_bin2bn(bs->data,bs->length,ret->s)) == NULL)
 		goto err_bn;
 	M_ASN1_BIT_STRING_free(bs);
 	bs = NULL;
 	M_ASN1_D2I_Finish_2(a);
 err_bn:
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -63,6 +63,7 @@
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
 #include <openssl/asn1.h>
 #include <openssl/engine.h>
 const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT;
@@ -70,12 +71,26 @@ static DSA_METHOD *default_DSA_method = NULL;
 static int dsa_meth_num = 0;
 static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dsa_meth = NULL;
-void DSA_set_default_method(DSA_METHOD *meth)
+void DSA_set_default_openssl_method(DSA_METHOD *meth)
 {
 	ENGINE *e;
 	/* We'll need to notify the "openssl" ENGINE of this
 	 * change too. We won't bother locking things down at
 	 * our end as there was never any locking in these
 	 * functions! */
 	if(default_DSA_method != meth)
 		{
 		default_DSA_method = meth;
 		e = ENGINE_by_id("openssl");
 		if(e)
 			{
 			ENGINE_set_DSA(e, meth);
 			ENGINE_free(e);
 			}
 		}
 }
-DSA_METHOD *DSA_get_default_method(void)
+DSA_METHOD *DSA_get_default_openssl_method(void)
 {
 	if(!default_DSA_method) default_DSA_method = DSA_OpenSSL();
 	return default_DSA_method;
@@ -86,6 +101,7 @@ DSA *DSA_new(void)
 	return DSA_new_method(NULL);
 }
 #if 0
 DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth)
 {
        DSA_METHOD *mtmp;
@@ -95,10 +111,33 @@ DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth)
        if (meth->init) meth->init(dsa);
        return mtmp;
 }
-
+#else
-
+int DSA_set_method(DSA *dsa, ENGINE *engine)
 DSA *DSA_new_method(DSA_METHOD *meth)
 	{
 	ENGINE *mtmp;
 	DSA_METHOD *meth;
 	mtmp = dsa->engine;
 	meth = ENGINE_get_DSA(mtmp);
 	if (!ENGINE_init(engine))
 		return 0;
 	if (meth->finish) meth->finish(dsa);
 	dsa->engine = engine;
 	meth = ENGINE_get_DSA(engine);
 	if (meth->init) meth->init(dsa);
 	/* SHOULD ERROR CHECK THIS!!! */
 	ENGINE_finish(mtmp);
 	return 1;
 	}
 #endif
 #if 0
 DSA *DSA_new_method(DSA_METHOD *meth)
 #else
 DSA *DSA_new_method(ENGINE *engine)
 #endif
 	{
 	DSA_METHOD *meth;
 	DSA *ret;
 	ret=(DSA *)OPENSSL_malloc(sizeof(DSA));
@@ -107,8 +146,17 @@ DSA *DSA_new_method(DSA_METHOD *meth)
 		DSAerr(DSA_F_DSA_NEW,ERR_R_MALLOC_FAILURE);
 		return(NULL);
 		}
-	if(meth) ret->meth = meth;
+	if(engine)
-	else ret->meth = DSA_get_default_method();
+		ret->engine = engine;
 	else
 		{
 		if((ret->engine=ENGINE_get_default_DSA()) == NULL)
 			{
 			OPENSSL_free(ret);
 			return NULL;
 			}
 		}
 	meth = ENGINE_get_DSA(ret->engine);
 	ret->pad=0;
 	ret->version=0;
 	ret->write_params=1;
@@ -124,9 +172,9 @@ DSA *DSA_new_method(DSA_METHOD *meth)
 	ret->method_mont_p=NULL;
 	ret->references=1;
-	ret->flags=ret->meth->flags;
+	ret->flags=meth->flags;
 	CRYPTO_new_ex_data(dsa_meth,ret,&ret->ex_data);
-	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
+	if ((meth->init != NULL) && !meth->init(ret))
 		{
 		CRYPTO_free_ex_data(dsa_meth,ret,&ret->ex_data);
 		OPENSSL_free(ret);
@@ -138,6 +186,7 @@ DSA *DSA_new_method(DSA_METHOD *meth)
 void DSA_free(DSA *r)
 	{
 	DSA_METHOD *meth;
 	int i;
 	if (r == NULL) return;
@@ -155,7 +204,9 @@ void DSA_free(DSA *r)
 		}
 #endif
-	if(r->meth->finish) r->meth->finish(r);
+	meth = ENGINE_get_DSA(r->engine);
 	if(meth->finish) meth->finish(r);
 	ENGINE_finish(r->engine);
 	CRYPTO_free_ex_data(dsa_meth, r, &r->ex_data);
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -64,6 +64,7 @@
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
 #include <openssl/engine.h>
 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
@@ -201,7 +202,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 		}
 	/* Compute r = (g^k mod p) mod q */
-	if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
+	if (!ENGINE_get_DSA(dsa->engine)->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
 		(BN_MONT_CTX *)dsa->method_mont_p)) goto err;
 	if (!BN_mod(r,r,dsa->q,ctx)) goto err;
@@ -290,7 +291,7 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
 	if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err;
 #else
 	{
-	if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
+	if (!ENGINE_get_DSA(dsa->engine)->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
 						dsa->p,ctx,mont)) goto err;
 	/* BN_copy(&u1,&t1); */
 	/* let u1 = u1 mod q */
--- a/crypto/dsa/dsa_sign.c
+++ b/crypto/dsa/dsa_sign.c
@@ -64,10 +64,11 @@
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
 #include <openssl/engine.h>
 DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 	{
-	return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
+	return ENGINE_get_DSA(dsa->engine)->dsa_do_sign(dgst, dlen, dsa);
 	}
 int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
@@ -87,6 +88,6 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
 int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 	{
-	return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
+	return ENGINE_get_DSA(dsa->engine)->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
 	}
--- a/crypto/dsa/dsa_vrf.c
+++ b/crypto/dsa/dsa_vrf.c
@@ -65,11 +65,12 @@
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1_mac.h>
 #include <openssl/engine.h>
 int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
 		  DSA *dsa)
 	{
-	return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
+	return ENGINE_get_DSA(dsa->engine)->dsa_do_verify(dgst, dgst_len, sig, dsa);
 	}
 /* data has already been hashed (probably with SHA or SHA-1). */
--- a/crypto/dso/dso_dlfcn.c
+++ b/crypto/dso/dso_dlfcn.c
@@ -112,7 +112,7 @@ DSO_METHOD *DSO_METHOD_dlfcn(void)
 * as we don't have autoconf yet, I'm implementing a hack that could
 * be hacked further relatively easily to deal with cases as we find
 * them. Initially this is to cope with OpenBSD. */
-#ifdef __OpenBSD__
+#if defined(__OpenBSD__) || defined(__NetBSD__)
 #	ifdef DL_LAZY
 #		define DLOPEN_FLAG DL_LAZY
 #	else
--- a/crypto/ebcdic.c
+++ b/crypto/ebcdic.c
@@ -211,7 +211,7 @@ ascii2ebcdic(void *dest, const void *srce, size_t count)
 }
 #else /*CHARSET_EBCDIC*/
-#if defined(PEDANTIC) || defined(VMS) || defined(__VMS)
+#if defined(PEDANTIC) || defined(VMS) || defined(__VMS) || defined(_DARWIN)
 static void *dummy=&dummy;
 #endif
 #endif
--- a/crypto/engine/.cvsignore
+++ b/crypto/engine/.cvsignore
@@ -0,0 +1,2 @@
 lib
 Makefile.save
--- a/crypto/engine/Makefile.ssl
+++ b/crypto/engine/Makefile.ssl
@@ -0,0 +1,304 @@
 #
 # OpenSSL/crypto/engine/Makefile
 #
 DIR=	engine
 TOP=	../..
 CC=	cc
 INCLUDES= -I.. -I../../include
 CFLAG=-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
 MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 CFLAGS= $(INCLUDES) $(CFLAG)
 GENERAL=Makefile
 TEST= enginetest.c
 APPS=
 LIB=$(TOP)/libcrypto.a
 LIBSRC= engine_err.c engine_lib.c engine_list.c engine_openssl.c \
 	hw_atalla.c hw_cswift.c hw_ncipher.c hw_aep.c hw_sureware.c \
 	hw_ubsec.c hw_keyclient.c
 LIBOBJ= engine_err.o engine_lib.o engine_list.o engine_openssl.o \
 	hw_atalla.o hw_cswift.o hw_ncipher.o hw_aep.o hw_sureware.o \
 	hw_ubsec.o hw_keyclient.o
 SRC= $(LIBSRC)
 EXHEADER= engine.h
 HEADER=	$(EXHEADER)
 ALL=    $(GENERAL) $(SRC) $(HEADER)
 top:
 	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
 all:	lib
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
 	$(RANLIB) $(LIB)
 	@touch lib
 files:
 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 links:
 	@$(TOP)/util/point.sh Makefile.ssl Makefile
 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 tags:
 	ctags $(SRC)
 tests:
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 depend:
 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 clean:
 	rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 engine_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 engine_err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 engine_err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
 engine_err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 engine_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 engine_err.o: ../../include/openssl/engine.h ../../include/openssl/err.h
 engine_err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 engine_err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 engine_err.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 engine_err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 engine_err.o: ../../include/openssl/objects.h
 engine_err.o: ../../include/openssl/opensslconf.h
 engine_err.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
 engine_err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 engine_err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 engine_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 engine_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 engine_err.o: ../../include/openssl/symhacks.h
 engine_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 engine_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 engine_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 engine_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 engine_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 engine_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 engine_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
 engine_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 engine_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 engine_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 engine_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 engine_lib.o: ../../include/openssl/objects.h
 engine_lib.o: ../../include/openssl/opensslconf.h
 engine_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
 engine_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 engine_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 engine_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 engine_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 engine_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
 engine_list.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 engine_list.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 engine_list.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 engine_list.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 engine_list.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 engine_list.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 engine_list.o: ../../include/openssl/engine.h ../../include/openssl/err.h
 engine_list.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 engine_list.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 engine_list.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 engine_list.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 engine_list.o: ../../include/openssl/objects.h
 engine_list.o: ../../include/openssl/opensslconf.h
 engine_list.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
 engine_list.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 engine_list.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 engine_list.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 engine_list.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 engine_list.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
 engine_openssl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 engine_openssl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 engine_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 engine_openssl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 engine_openssl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 engine_openssl.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h
 engine_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
 engine_openssl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 engine_openssl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 engine_openssl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 engine_openssl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 engine_openssl.o: ../../include/openssl/obj_mac.h
 engine_openssl.o: ../../include/openssl/objects.h
 engine_openssl.o: ../../include/openssl/opensslconf.h
 engine_openssl.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
 engine_openssl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 engine_openssl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 engine_openssl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 engine_openssl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 engine_openssl.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
 hw_aep.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 hw_aep.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 hw_aep.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 hw_aep.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 hw_aep.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 hw_aep.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h
 hw_aep.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 hw_aep.o: ../../include/openssl/engine.h ../../include/openssl/err.h
 hw_aep.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 hw_aep.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 hw_aep.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 hw_aep.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 hw_aep.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 hw_aep.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
 hw_aep.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 hw_aep.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 hw_aep.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 hw_aep.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 hw_aep.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
 hw_aep.o: vendor_defns/aep.h
 hw_atalla.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 hw_atalla.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 hw_atalla.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 hw_atalla.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 hw_atalla.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 hw_atalla.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h
 hw_atalla.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
 hw_atalla.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 hw_atalla.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 hw_atalla.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 hw_atalla.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 hw_atalla.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 hw_atalla.o: ../../include/openssl/opensslconf.h
 hw_atalla.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
 hw_atalla.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 hw_atalla.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 hw_atalla.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 hw_atalla.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 hw_atalla.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
 hw_atalla.o: vendor_defns/atalla.h
 hw_cswift.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 hw_cswift.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 hw_cswift.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 hw_cswift.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 hw_cswift.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 hw_cswift.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h
 hw_cswift.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
 hw_cswift.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 hw_cswift.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 hw_cswift.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 hw_cswift.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 hw_cswift.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 hw_cswift.o: ../../include/openssl/opensslconf.h
 hw_cswift.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
 hw_cswift.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 hw_cswift.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 hw_cswift.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 hw_cswift.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 hw_cswift.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
 hw_cswift.o: vendor_defns/cswift.h
 hw_keyclient.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 hw_keyclient.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 hw_keyclient.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 hw_keyclient.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 hw_keyclient.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 hw_keyclient.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h
 hw_keyclient.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
 hw_keyclient.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 hw_keyclient.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 hw_keyclient.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 hw_keyclient.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 hw_keyclient.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 hw_keyclient.o: ../../include/openssl/opensslconf.h
 hw_keyclient.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
 hw_keyclient.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 hw_keyclient.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 hw_keyclient.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 hw_keyclient.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 hw_keyclient.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
 hw_keyclient.o: vendor_defns/keyclient.h
 hw_ncipher.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 hw_ncipher.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 hw_ncipher.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 hw_ncipher.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 hw_ncipher.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 hw_ncipher.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h
 hw_ncipher.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
 hw_ncipher.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 hw_ncipher.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 hw_ncipher.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 hw_ncipher.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 hw_ncipher.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 hw_ncipher.o: ../../include/openssl/opensslconf.h
 hw_ncipher.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
 hw_ncipher.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
 hw_ncipher.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
 hw_ncipher.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 hw_ncipher.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 hw_ncipher.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 hw_ncipher.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 hw_ncipher.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 hw_ncipher.o: ../cryptlib.h engine_int.h vendor_defns/hwcryptohook.h
 hw_sureware.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 hw_sureware.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 hw_sureware.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 hw_sureware.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 hw_sureware.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 hw_sureware.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h
 hw_sureware.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
 hw_sureware.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 hw_sureware.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 hw_sureware.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 hw_sureware.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 hw_sureware.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 hw_sureware.o: ../../include/openssl/opensslconf.h
 hw_sureware.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
 hw_sureware.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
 hw_sureware.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
 hw_sureware.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 hw_sureware.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 hw_sureware.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 hw_sureware.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 hw_sureware.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 hw_sureware.o: ../cryptlib.h engine.h engine_int.h vendor_defns/sureware.h
 hw_ubsec.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 hw_ubsec.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 hw_ubsec.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 hw_ubsec.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 hw_ubsec.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 hw_ubsec.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h
 hw_ubsec.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
 hw_ubsec.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 hw_ubsec.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 hw_ubsec.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 hw_ubsec.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 hw_ubsec.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 hw_ubsec.o: ../../include/openssl/opensslconf.h
 hw_ubsec.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
 hw_ubsec.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 hw_ubsec.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 hw_ubsec.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 hw_ubsec.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 hw_ubsec.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
 hw_ubsec.o: vendor_defns/hw_ubsec.h
--- a/crypto/engine/README
+++ b/crypto/engine/README
@@ -0,0 +1,278 @@
 NOTES, THOUGHTS, and EVERYTHING
 -------------------------------
 (1) Concurrency and locking ... I made a change to the ENGINE_free code
    because I spotted a potential hold-up in proceedings (doing too
    much inside a lock including calling a callback), there may be
    other bits like this. What do the speed/optimisation freaks think
    of this aspect of the code and design? There's lots of locking for
    manipulation functions and I need that to keep things nice and
    solid, but this manipulation is mostly (de)initialisation, I would
    think that most run-time locking is purely in the ENGINE_init and
    ENGINE_finish calls that might be made when getting handles for
    RSA (and friends') structures. These would be mostly reference
    count operations as the functional references should always be 1
    or greater at run-time to prevent init/deinit thrashing.
 (2) nCipher support, via the HWCryptoHook API, is now in the code.
    Apparently this hasn't been tested too much yet, but it looks
    good. :-) Atalla support has been added too, but shares a lot in
    common with Ben's original hooks in bn_exp.c (although it has been
    ENGINE-ified, and error handling wrapped around it) and it's also
    had some low-volume testing, so it should be usable.
 (3) Of more concern, we need to work out (a) how to put together usable
    RAND_METHODs for units that just have one "get n or less random
    bytes" function, (b) we also need to determine how to hook the code
    in crypto/rand/ to use the ENGINE defaults in a way similar to what
    has been done in crypto/rsa/, crypto/dsa/, etc.
 (4) ENGINE should really grow to encompass more than 3 public key
    algorithms and randomness gathering. The structure/data level of
    the engine code is hidden from code outside the crypto/engine/
    directory so change shouldn't be too viral. More important though
    is how things should evolve ... this needs thought and discussion.
 -----------------------------------==*==-----------------------------------
 More notes 2000-08-01
 ---------------------
 Geoff Thorpe, who designed the engine part, wrote a pretty good description
 of the thoughts he had when he built it, good enough to include verbatim here
 (with his permission)					-- Richard Levitte
 Date: Tue, 1 Aug 2000 16:54:08 +0100 (BST)
 From: Geoff Thorpe
 Subject: Re: The thoughts to merge BRANCH_engine into the main trunk are
 emerging
 Hi there,
 I'm going to try and do some justice to this, but I'm a little short on
 time and the there is an endless amount that could be discussed on this
 subject. sigh ... please bear with me :-)
 > The changes in BRANCH_engine dig deep into the core of OpenSSL, for example
 > into the RSA and RAND routines, adding a level of indirection which is needed
 > to keep the abstraction, as far as I understand.  It would be a good thing if
 > those who do play with those things took a look at the changes that have been
 > done in the branch and say out loud how much (or hopefully little) we've made
 > fools of ourselves.
 The point here is that the code that has emerged in the BRANCH_engine
 branch was based on some initial requirements of mine that I went in and
 addressed, and Richard has picked up the ball and run with it too. It
 would be really useful to get some review of the approach we've taken, but
 first I think I need to describe as best I can the reasons behind what has
 been done so far, in particular what issues we have tried to address when
 doing this, and what issues we have intentionally (or necessarily) tried
 to avoid.
 methods, engines, and evps
 --------------------------
 There has been some dicussion, particularly with Steve, about where this
 ENGINE stuff might fit into the conceptual picture as/when we start to
 abstract algorithms a little bit to make the library more extensible. In
 particular, it would desirable to have algorithms (symmetric, hash, pkc,
 etc) abstracted in some way that allows them to be just objects sitting in
 a list (or database) ... it'll just happen that the "DSA" object doesn't
 support encryption whereas the "RSA" object does. This requires a lot of
 consideration to begin to know how to tackle it; in particular how
 encapsulated should these things be? If the objects also understand their
 own ASN1 encodings and what-not, then it would for example be possible to
 add support for elliptic-curve DSA in as a new algorithm and automatically
 have ECC-DSA certificates supported in SSL applications. Possible, but not
 easy. :-)
 Whatever, it seems that the way to go (if I've grok'd Steve's comments on
 this in the past) is to amalgamate these things in EVP as is already done
 (I think) for ciphers or hashes (Steve, please correct/elaborate). I
 certainly think something should be done in this direction because right
 now we have different source directories, types, functions, and methods
 for each algorithm - even when conceptually they are very much different
 feathers of the same bird. (This is certainly all true for the public-key
 stuff, and may be partially true for the other parts.)
 ENGINE was *not* conceived as a way of solving this, far from it. Nor was
 it conceived as a way of replacing the various "***_METHOD"s. It was
 conceived as an abstraction of a sort of "virtual crypto device". If we
 lived in a world where "EVP_ALGO"s (or something like them) encapsulated
 particular algorithms like RSA,DSA,MD5,RC4,etc, and "***_METHOD"s
 encapsulated interfaces to algorithms (eg. some algo's might support a
 PKC_METHOD, a HASH_METHOD, or a CIPHER_METHOD, who knows?), then I would
 think that ENGINE would encapsulate an implementation of arbitrarily many
 of those algorithms - perhaps as alternatives to existing algorithms
 and/or perhaps as new previously unimplemented algorithms. An ENGINE could
 be used to contain an alternative software implementation, a wrapper for a
 hardware acceleration and/or key-management unit, a comms-wrapper for
 distributing cryptographic operations to remote machines, or any other
 "devices" your imagination can dream up.
 However, what has been done in the ENGINE branch so far is nothing more
 than starting to get our toes wet. I had a couple of self-imposed
 requirements when putting the initial abstraction together, and I may have
 already posed these in one form or another on the list, but briefly;
   (i) only bother with public key algorithms for now, and maybe RAND too
       (motivated by the need to get hardware support going and the fact
       this was a comparitively easy subset to address to begin with).
  (ii) don't change (if at all possible) the existing crypto code, ie. the
       implementations, the way the ***_METHODs work, etc.
 (iii) ensure that if no function from the ENGINE code is ever called then
       things work the way they always did, and there is no memory
       allocation (otherwise the failure to cleanup would be a problem -
       this is part of the reason no STACKs were used, the other part of
       the reason being I found them inappropriate).
  (iv) ensure that all the built-in crypto was encapsulated by one of
       these "ENGINE"s and that this engine was automatically selected as
       the default.
   (v) provide the minimum hooking possible in the existing crypto code
       so that global functions (eg. RSA_public_encrypt) do not need any
       extra parameter, yet will use whatever the current default ENGINE
       for that RSA key is, and that the default can be set "per-key"
       and globally (new keys will assume the global default, and keys
       without their own default will be operated on using the global
       default). NB: Try and make (v) conflict as little as possible with
       (ii). :-)
  (vi) wrap the ENGINE code up in duct tape so you can't even see the
       corners. Ie. expose no structures at all, just black-box pointers.
   (v) maintain internally a list of ENGINEs on which a calling
       application can iterate, interrogate, etc. Allow a calling
       application to hook in new ENGINEs, remove ENGINEs from the list,
       and enforce uniqueness within the global list of each ENGINE's
       "unique id".
  (vi) keep reference counts for everything - eg. this includes storing a
       reference inside each RSA structure to the ENGINE that it uses.
       This is freed when the RSA structure is destroyed, or has its
       ENGINE explicitly changed. The net effect needs to be that at any
       time, it is deterministic to know whether an ENGINE is in use or
       can be safely removed (or unloaded in the case of the other type
       of reference) without invalidating function pointers that may or
       may not be used indavertently in the future. This was actually
       one of the biggest problems to overcome in the existing OpenSSL
       code - implementations had always been assumed to be ever-present,
       so there was no trivial way to get round this.
 (vii) distinguish between structural references and functional
       references.
 A *little* detail
 -----------------
 While my mind is on it; I'll illustrate the bit in item (vii). This idea
 turned out to be very handy - the ENGINEs themselves need to be operated
 on and manipulated simply as objects without necessarily trying to
 "enable" them for use. Eg. most host machines will not have the necessary
 hardware or software to support all the engines one might compile into
 OpenSSL, yet it needs to be possible to iterate across the ENGINEs,
 querying their names, properties, etc - all happening in a thread-safe
 manner that uses reference counts (if you imagine two threads iterating
 through a list and one thread removing the ENGINE the other is currently
 looking at - you can see the gotcha waiting to happen). For all of this,
 *structural references* are used and operate much like the other reference
 counts in OpenSSL.
 The other kind of reference count is for *functional* references - these
 indicate a reference on which the caller can actually assume the
 particular ENGINE to be initialised and usable to perform the operations
 it implements. Any increment or decrement of the functional reference
 count automatically invokes a corresponding change in the structural
 reference count, as it is fairly obvious that a functional reference is a
 restricted case of a structural reference. So struct_ref >= funct_ref at
 all times. NB: functional references are usually obtained by a call to
 ENGINE_init(), but can also be created implicitly by calls that require a
 new functional reference to be created, eg. ENGINE_set_default(). Either
 way the only time the underlying ENGINE's "init" function is really called
 is when the (functional) reference count increases to 1, similarly the
 underlying "finish" handler is only called as the count goes down to 0.
 The effect of this, for example, is that if you set the default ENGINE for
 RSA operations to be "cswift", then its functional reference count will
 already be at least 1 so the CryptoSwift shared-library and the card will
 stay loaded and initialised until such time as all RSA keys using the
 cswift ENGINE are changed or destroyed and the default ENGINE for RSA
 operations has been changed. This prevents repeated thrashing of init and
 finish handling if the count keeps getting down as far as zero.
 Otherwise, the way the ENGINE code has been put together I think pretty
 much reflects the above points. The reason for the ENGINE structure having
 individual RSA_METHOD, DSA_METHOD, etc pointers is simply that it was the
 easiest way to go about things for now, to hook it all into the raw
 RSA,DSA,etc code, and I was trying to the keep the structure invisible
 anyway so that the way this is internally managed could be easily changed
 later on when we start to work out what's to be done about these other
 abstractions.
 Down the line, if some EVP-based technique emerges for adequately
 encapsulating algorithms and all their various bits and pieces, then I can
 imagine that "ENGINE" would turn into a reference-counting database of
 these EVP things, of which the default "openssl" ENGINE would be the
 library's own object database of pre-built software implemented algorithms
 (and such). It would also be cool to see the idea of "METHOD"s detached
 from the algorithms themselves ... so RSA, DSA, ElGamal, etc can all
 expose essentially the same METHOD (aka interface), which would include
 any querying/flagging stuff to identify what the algorithm can/can't do,
 its name, and other stuff like max/min block sizes, key sizes, etc. This
 would result in ENGINE similarly detaching its internal database of
 algorithm implementations from the function definitions that return
 interfaces to them. I think ...
 As for DSOs etc. Well the DSO code is pretty handy (but could be made much
 more so) for loading vendor's driver-libraries and talking to them in some
 generic way, but right now there's still big problems associated with
 actually putting OpenSSL code (ie. new ENGINEs, or anything else for that
 matter) in dynamically loadable libraries. These problems won't go away in
 a hurry so I don't think we should expect to have any kind of
 shared-library extensions any time soon - but solving the problems is a
 good thing to aim for, and would as a side-effect probably help make
 OpenSSL more usable as a shared-library itself (looking at the things
 needed to do this will show you why).
 One of the problems is that if you look at any of the ENGINE
 implementations, eg. hw_cswift.c or hw_ncipher.c, you'll see how it needs
 a variety of functionality and definitions from various areas of OpenSSL,
 including crypto/bn/, crypto/err/, crypto/ itself (locking for example),
 crypto/dso/, crypto/engine/, crypto/rsa, etc etc etc. So if similar code
 were to be suctioned off into shared libraries, the shared libraries would
 either have to duplicate all the definitions and code and avoid loader
 conflicts, or OpenSSL would have to somehow expose all that functionality
 to the shared-library. If this isn't a big enough problem, the issue of
 binary compatibility will be - anyone writing Apache modules can tell you
 that (Ralf? Ben? :-). However, I don't think OpenSSL would need to be
 quite so forgiving as Apache should be, so OpenSSL could simply tell its
 version to the DSO and leave the DSO with the problem of deciding whether
 to proceed or bail out for fear of binary incompatibilities.
 Certainly one thing that would go a long way to addressing this is to
 embark on a bit of an opaqueness mission. I've set the ENGINE code up with
 this in mind - it's so draconian that even to declare your own ENGINE, you
 have to get the engine code to create the underlying ENGINE structure, and
 then feed in the new ENGINE's function/method pointers through various
 "set" functions. The more of the code that takes on such a black-box
 approach, the more of the code that will be (a) easy to expose to shared
 libraries that need it, and (b) easy to expose to applications wanting to
 use OpenSSL itself as a shared-library. From my own explorations in
 OpenSSL, the biggest leviathan I've seen that is a problem in this respect
 is the BIGNUM code. Trying to "expose" the bignum code through any kind of
 organised "METHODs", let alone do all the necessary bignum operations
 solely through functions rather than direct access to the structures and
 macros, will be a massive pain in the "r"s.
 Anyway, I'm done for now - hope it was readable. Thoughts?
 Cheers,
 Geoff
 -----------------------------------==*==-----------------------------------
--- a/crypto/engine/engine.h
+++ b/crypto/engine/engine.h
@@ -0,0 +1,458 @@
 /* openssl/engine.h */
 /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
 * project 2000.
 */
 /* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
 #ifndef HEADER_ENGINE_H
 #define HEADER_ENGINE_H
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>
 #include <openssl/dh.h>
 #include <openssl/rand.h>
 #include <openssl/evp.h>
 #include <openssl/symhacks.h>
 #ifdef  __cplusplus
 extern "C" {
 #endif
 /* These flags are used to control combinations of algorithm (methods)
 * by bitwise "OR"ing. */
 #define ENGINE_METHOD_RSA		(unsigned int)0x0001
 #define ENGINE_METHOD_DSA		(unsigned int)0x0002
 #define ENGINE_METHOD_DH		(unsigned int)0x0004
 #define ENGINE_METHOD_RAND		(unsigned int)0x0008
 #define ENGINE_METHOD_BN_MOD_EXP	(unsigned int)0x0010
 #define ENGINE_METHOD_BN_MOD_EXP_CRT	(unsigned int)0x0020
 /* Obvious all-or-nothing cases. */
 #define ENGINE_METHOD_ALL		(unsigned int)0xFFFF
 #define ENGINE_METHOD_NONE		(unsigned int)0x0000
 /* These flags are used to tell the ctrl function what should be done.
 * All command numbers are shared between all engines, even if some don't
 * make sense to some engines.  In such a case, they do nothing but return
 * the error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. */
 #define ENGINE_CTRL_SET_LOGSTREAM		1
 #define ENGINE_CTRL_SET_PASSWORD_CALLBACK	2
 /* Flags specific to the nCipher "chil" engine */
 #define ENGINE_CTRL_CHIL_SET_FORKCHECK		100
 	/* Depending on the value of the (long)i argument, this sets or
 	 * unsets the SimpleForkCheck flag in the CHIL API to enable or
 	 * disable checking and workarounds for applications that fork().
 	 */
 #define ENGINE_CTRL_CHIL_NO_LOCKING		101
 	/* This prevents the initialisation function from providing mutex
 	 * callbacks to the nCipher library. */
 /* As we're missing a BIGNUM_METHOD, we need a couple of locally
 * defined function types that engines can implement. */
 #ifndef HEADER_ENGINE_INT_H
 /* mod_exp operation, calculates; r = a ^ p mod m
 * NB: ctx can be NULL, but if supplied, the implementation may use
 * it if it wishes. */
 typedef int (*BN_MOD_EXP)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
 		const BIGNUM *m, BN_CTX *ctx);
 /* private key operation for RSA, provided seperately in case other
 * RSA implementations wish to use it. */
 typedef int (*BN_MOD_EXP_CRT)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
 		const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
 		const BIGNUM *iqmp, BN_CTX *ctx);
 /* Generic function pointer */
 typedef void (*ENGINE_GEN_FUNC_PTR)();
 /* Generic function pointer taking no arguments */
 typedef void (*ENGINE_GEN_INT_FUNC_PTR)(void);
 /* Specific control function pointer */
 typedef int (*ENGINE_CTRL_FUNC_PTR)(int cmd, long i, void *p, void (*f)());
 /* The list of "engine" types is a static array of (const ENGINE*)
 * pointers (not dynamic because static is fine for now and we otherwise
 * have to hook an appropriate load/unload function in to initialise and
 * cleanup). */
 typedef struct engine_st ENGINE;
 #endif
 /* STRUCTURE functions ... all of these functions deal with pointers to
 * ENGINE structures where the pointers have a "structural reference".
 * This means that their reference is to allow access to the structure
 * but it does not imply that the structure is functional. To simply
 * increment or decrement the structural reference count, use ENGINE_new
 * and ENGINE_free. NB: This is not required when iterating using
 * ENGINE_get_next as it will automatically decrement the structural
 * reference count of the "current" ENGINE and increment the structural
 * reference count of the ENGINE it returns (unless it is NULL). */
 /* Get the first/last "ENGINE" type available. */
 ENGINE *ENGINE_get_first(void);
 ENGINE *ENGINE_get_last(void);
 /* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
 ENGINE *ENGINE_get_next(ENGINE *e);
 ENGINE *ENGINE_get_prev(ENGINE *e);
 /* Add another "ENGINE" type into the array. */
 int ENGINE_add(ENGINE *e);
 /* Remove an existing "ENGINE" type from the array. */
 int ENGINE_remove(ENGINE *e);
 /* Retrieve an engine from the list by its unique "id" value. */
 ENGINE *ENGINE_by_id(const char *id);
 /* These functions are useful for manufacturing new ENGINE
 * structures. They don't address reference counting at all -
 * one uses them to populate an ENGINE structure with personalised
 * implementations of things prior to using it directly or adding
 * it to the builtin ENGINE list in OpenSSL. These are also here
 * so that the ENGINE structure doesn't have to be exposed and
 * break binary compatibility!
 *
 * NB: I'm changing ENGINE_new to force the ENGINE structure to
 * be allocated from within OpenSSL. See the comment for
 * ENGINE_get_struct_size().
 */
 #if 0
 ENGINE *ENGINE_new(ENGINE *e);
 #else
 ENGINE *ENGINE_new(void);
 #endif
 int ENGINE_free(ENGINE *e);
 int ENGINE_set_id(ENGINE *e, const char *id);
 int ENGINE_set_name(ENGINE *e, const char *name);
 int ENGINE_set_RSA(ENGINE *e, RSA_METHOD *rsa_meth);
 int ENGINE_set_DSA(ENGINE *e, DSA_METHOD *dsa_meth);
 int ENGINE_set_DH(ENGINE *e, DH_METHOD *dh_meth);
 int ENGINE_set_RAND(ENGINE *e, RAND_METHOD *rand_meth);
 int ENGINE_set_BN_mod_exp(ENGINE *e, BN_MOD_EXP bn_mod_exp);
 int ENGINE_set_BN_mod_exp_crt(ENGINE *e, BN_MOD_EXP_CRT bn_mod_exp_crt);
 int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
 int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
 int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
 /* These return values from within the ENGINE structure. These can
 * be useful with functional references as well as structural
 * references - it depends which you obtained. Using the result
 * for functional purposes if you only obtained a structural
 * reference may be problematic! */
 const char *ENGINE_get_id(ENGINE *e);
 const char *ENGINE_get_name(ENGINE *e);
 RSA_METHOD *ENGINE_get_RSA(ENGINE *e);
 DSA_METHOD *ENGINE_get_DSA(ENGINE *e);
 DH_METHOD *ENGINE_get_DH(ENGINE *e);
 RAND_METHOD *ENGINE_get_RAND(ENGINE *e);
 BN_MOD_EXP ENGINE_get_BN_mod_exp(ENGINE *e);
 BN_MOD_EXP_CRT ENGINE_get_BN_mod_exp_crt(ENGINE *e);
 ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(ENGINE *e);
 ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(ENGINE *e);
 ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(ENGINE *e);
 /* ENGINE_new is normally passed a NULL in the first parameter because
 * the calling code doesn't have access to the definition of the ENGINE
 * structure (for good reason). However, if the caller wishes to use
 * its own memory allocation or use a static array, the following call
 * should be used to check the amount of memory the ENGINE structure
 * will occupy. This will make the code more future-proof.
 *
 * NB: I'm "#if 0"-ing this out because it's better to force the use of
 * internally allocated memory. See similar change in ENGINE_new().
 */
 #if 0
 int ENGINE_get_struct_size(void);
 #endif
 /* FUNCTIONAL functions. These functions deal with ENGINE structures
 * that have (or will) be initialised for use. Broadly speaking, the
 * structural functions are useful for iterating the list of available
 * engine types, creating new engine types, and other "list" operations.
 * These functions actually deal with ENGINEs that are to be used. As
 * such these functions can fail (if applicable) when particular
 * engines are unavailable - eg. if a hardware accelerator is not
 * attached or not functioning correctly. Each ENGINE has 2 reference
 * counts; structural and functional. Every time a functional reference
 * is obtained or released, a corresponding structural reference is
 * automatically obtained or released too. */
 /* Initialise a engine type for use (or up its reference count if it's
 * already in use). This will fail if the engine is not currently
 * operational and cannot initialise. */
 int ENGINE_init(ENGINE *e);
 /* Free a functional reference to a engine type. This does not require
 * a corresponding call to ENGINE_free as it also releases a structural
 * reference. */
 int ENGINE_finish(ENGINE *e);
 /* Send control parametrised commands to the engine.  The possibilities
 * to send down an integer, a pointer to data or a function pointer are
 * provided.  Any of the parameters may or may not be NULL, depending
 * on the command number */
 /* WARNING: This is currently experimental and may change radically! */
 int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
 /* The following functions handle keys that are stored in some secondary
 * location, handled by the engine.  The storage may be on a card or
 * whatever. */
 EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
 	const char *passphrase);
 EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
 	const char *passphrase);
 /* This returns a pointer for the current ENGINE structure that
 * is (by default) performing any RSA operations. The value returned
 * is an incremented reference, so it should be free'd (ENGINE_finish)
 * before it is discarded. */
 ENGINE *ENGINE_get_default_RSA(void);
 /* Same for the other "methods" */
 ENGINE *ENGINE_get_default_DSA(void);
 ENGINE *ENGINE_get_default_DH(void);
 ENGINE *ENGINE_get_default_RAND(void);
 ENGINE *ENGINE_get_default_BN_mod_exp(void);
 ENGINE *ENGINE_get_default_BN_mod_exp_crt(void);
 /* This sets a new default ENGINE structure for performing RSA
 * operations. If the result is non-zero (success) then the ENGINE
 * structure will have had its reference count up'd so the caller
 * should still free their own reference 'e'. */
 int ENGINE_set_default_RSA(ENGINE *e);
 /* Same for the other "methods" */
 int ENGINE_set_default_DSA(ENGINE *e);
 int ENGINE_set_default_DH(ENGINE *e);
 int ENGINE_set_default_RAND(ENGINE *e);
 int ENGINE_set_default_BN_mod_exp(ENGINE *e);
 int ENGINE_set_default_BN_mod_exp_crt(ENGINE *e);
 /* The combination "set" - the flags are bitwise "OR"d from the
 * ENGINE_METHOD_*** defines above. */
 int ENGINE_set_default(ENGINE *e, unsigned int flags);
 /*
 * Error codes for all engine functions. NB: We use "generic"
 * function names instead of per-implementation ones because this
 * levels the playing field for externally implemented bootstrapped
 * support code. As the filename and line number is included, it's
 * more important to indicate the type of function, so that
 * bootstrapped code (that can't easily add its own errors in) can
 * use the same error codes too.
 */
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
 void ERR_load_ENGINE_strings(void);
 /* Error codes for the ENGINE functions. */
 /* Function codes. */
 #define ENGINE_F_AEP_FINISH				 156
 #define ENGINE_F_AEP_INIT				 157
 #define ENGINE_F_AEP_MOD_EXP				 158
 #define ENGINE_F_AEP_MOD_EXP_CRT			 160
 #define ENGINE_F_AEP_RAND				 161
 #define ENGINE_F_AEP_RSA_MOD_EXP			 159
 #define ENGINE_F_ATALLA_FINISH				 135
 #define ENGINE_F_ATALLA_INIT				 136
 #define ENGINE_F_ATALLA_MOD_EXP				 137
 #define ENGINE_F_ATALLA_RSA_MOD_EXP			 138
 #define ENGINE_F_CSWIFT_DSA_SIGN			 133
 #define ENGINE_F_CSWIFT_DSA_VERIFY			 134
 #define ENGINE_F_CSWIFT_FINISH				 100
 #define ENGINE_F_CSWIFT_INIT				 101
 #define ENGINE_F_CSWIFT_MOD_EXP				 102
 #define ENGINE_F_CSWIFT_MOD_EXP_CRT			 103
 #define ENGINE_F_CSWIFT_RSA_MOD_EXP			 104
 #define ENGINE_F_ENGINE_ADD				 105
 #define ENGINE_F_ENGINE_BY_ID				 106
 #define ENGINE_F_ENGINE_CTRL				 142
 #define ENGINE_F_ENGINE_FINISH				 107
 #define ENGINE_F_ENGINE_FREE				 108
 #define ENGINE_F_ENGINE_GET_BN_MOD_EXP			 109
 #define ENGINE_F_ENGINE_GET_BN_MOD_EXP_CRT		 110
 #define ENGINE_F_ENGINE_GET_CTRL_FUNCTION		 144
 #define ENGINE_F_ENGINE_GET_DH				 111
 #define ENGINE_F_ENGINE_GET_DSA				 112
 #define ENGINE_F_ENGINE_GET_FINISH_FUNCTION		 145
 #define ENGINE_F_ENGINE_GET_ID				 113
 #define ENGINE_F_ENGINE_GET_INIT_FUNCTION		 146
 #define ENGINE_F_ENGINE_GET_NAME			 114
 #define ENGINE_F_ENGINE_GET_NEXT			 115
 #define ENGINE_F_ENGINE_GET_PREV			 116
 #define ENGINE_F_ENGINE_GET_RAND			 117
 #define ENGINE_F_ENGINE_GET_RSA				 118
 #define ENGINE_F_ENGINE_INIT				 119
 #define ENGINE_F_ENGINE_LIST_ADD			 120
 #define ENGINE_F_ENGINE_LIST_REMOVE			 121
 #define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY		 150
 #define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY			 151
 #define ENGINE_F_ENGINE_NEW				 122
 #define ENGINE_F_ENGINE_REMOVE				 123
 #define ENGINE_F_ENGINE_SET_BN_MOD_EXP			 124
 #define ENGINE_F_ENGINE_SET_BN_MOD_EXP_CRT		 125
 #define ENGINE_F_ENGINE_SET_CTRL_FUNCTION		 147
 #define ENGINE_F_ENGINE_SET_DEFAULT_TYPE		 126
 #define ENGINE_F_ENGINE_SET_DH				 127
 #define ENGINE_F_ENGINE_SET_DSA				 128
 #define ENGINE_F_ENGINE_SET_FINISH_FUNCTION		 148
 #define ENGINE_F_ENGINE_SET_ID				 129
 #define ENGINE_F_ENGINE_SET_INIT_FUNCTION		 149
 #define ENGINE_F_ENGINE_SET_NAME			 130
 #define ENGINE_F_ENGINE_SET_RAND			 131
 #define ENGINE_F_ENGINE_SET_RSA				 132
 #define ENGINE_F_ENGINE_UNLOAD_KEY			 152
 #define ENGINE_F_HWCRHK_CTRL				 143
 #define ENGINE_F_HWCRHK_FINISH				 135
 #define ENGINE_F_HWCRHK_GET_PASS			 155
 #define ENGINE_F_HWCRHK_INIT				 136
 #define ENGINE_F_HWCRHK_LOAD_PRIVKEY			 153
 #define ENGINE_F_HWCRHK_LOAD_PUBKEY			 154
 #define ENGINE_F_HWCRHK_MOD_EXP				 137
 #define ENGINE_F_HWCRHK_MOD_EXP_CRT			 138
 #define ENGINE_F_HWCRHK_RAND_BYTES			 139
 #define ENGINE_F_HWCRHK_RSA_MOD_EXP			 140
 #define ENGINE_F_KC_INT_DSA_PRIV			 213
 #define ENGINE_F_KC_INT_DSA_VERIFY			 214
 #define ENGINE_F_KC_INT_RSA_PRIV			 215
 #define ENGINE_F_KC_INT_RSA_PUB				 216
 #define ENGINE_F_KEYCLIENT_CHECK_GLOBAL			 217
 #define ENGINE_F_KEYCLIENT_DSA_FINISH			 218
 #define ENGINE_F_KEYCLIENT_DSA_INIT			 219
 #define ENGINE_F_KEYCLIENT_DSA_SIGN			 220
 #define ENGINE_F_KEYCLIENT_DSA_VERIFY			 221
 #define ENGINE_F_KEYCLIENT_FINISH			 222
 #define ENGINE_F_KEYCLIENT_GET_DSA_CTX			 223
 #define ENGINE_F_KEYCLIENT_GET_RSA_CTX			 224
 #define ENGINE_F_KEYCLIENT_INIT				 225
 #define ENGINE_F_KEYCLIENT_PADDING			 226
 #define ENGINE_F_KEYCLIENT_RSA_FINISH			 227
 #define ENGINE_F_KEYCLIENT_RSA_INIT			 228
 #define ENGINE_F_KEYCLIENT_RSA_PRIV_DEC			 229
 #define ENGINE_F_KEYCLIENT_RSA_PRIV_ENC			 230
 #define ENGINE_F_KEYCLIENT_RSA_PUB_DEC			 231
 #define ENGINE_F_KEYCLIENT_RSA_PUB_ENC			 232
 #define ENGINE_F_KEYCLIENT_SET_DSA_CTX			 233
 #define ENGINE_F_KEYCLIENT_SET_RSA_CTX			 234
 #define ENGINE_F_LOG_MESSAGE				 141
 #define ENGINE_F_SUREWAREHK_CTRL			 209
 #define ENGINE_F_SUREWAREHK_DH_GEN_KEY			 210
 #define ENGINE_F_SUREWAREHK_DSA_DO_SIGN			 211
 #define ENGINE_F_SUREWAREHK_EX_FREE			 206
 #define ENGINE_F_SUREWAREHK_FINISH			 201
 #define ENGINE_F_SUREWAREHK_INIT			 200
 #define ENGINE_F_SUREWAREHK_LOAD_PRIVATE_KEY		 204
 #define ENGINE_F_SUREWAREHK_LOAD_PUBLIC_KEY		 205
 #define ENGINE_F_SUREWAREHK_MOD_EXP			 212
 #define ENGINE_F_SUREWAREHK_RAND_BYTES			 202
 #define ENGINE_F_SUREWAREHK_RAND_SEED			 203
 #define ENGINE_F_SUREWAREHK_RSA_PRIV_DEC		 207
 #define ENGINE_F_SUREWAREHK_RSA_PRIV_ENC		 208
 #define ENGINE_F_UBSEC_CTRL				 176
 #define ENGINE_F_UBSEC_DH_COMPUTE_KEY			 171
 #define ENGINE_F_UBSEC_DSA_SIGN				 163
 #define ENGINE_F_UBSEC_DSA_VERIFY			 164
 #define ENGINE_F_UBSEC_FINISH				 165
 #define ENGINE_F_UBSEC_INIT				 166
 #define ENGINE_F_UBSEC_MOD_EXP				 167
 #define ENGINE_F_UBSEC_RNG_BYTES			 172
 #define ENGINE_F_UBSEC_RSA_MOD_EXP			 168
 #define ENGINE_F_UBSEC_RSA_MOD_EXP_CRT			 169
 /* Reason codes. */
 #define ENGINE_R_AEP_INIT_FAILURE			 132
 #define ENGINE_R_ALREADY_LOADED				 100
 #define ENGINE_R_BIO_WAS_FREED				 121
 #define ENGINE_R_BN_CTX_FULL				 101
 #define ENGINE_R_BN_EXPAND_FAIL				 102
 #define ENGINE_R_CHIL_ERROR				 123
 #define ENGINE_R_CLOSE_HANDLES_FAILED			 140
 #define ENGINE_R_CONFLICTING_ENGINE_ID			 103
 #define ENGINE_R_CONNECTIONS_IN_USE			 141
 #define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED		 119
 #define ENGINE_R_DSO_FAILURE				 104
 #define ENGINE_R_ENGINE_IS_NOT_IN_LIST			 105
 #define ENGINE_R_FAILED_LOADING_PRIVATE_KEY		 128
 #define ENGINE_R_FAILED_LOADING_PUBLIC_KEY		 129
 #define ENGINE_R_FINALIZE_FAILED			 142
 #define ENGINE_R_FINISH_FAILED				 106
 #define ENGINE_R_GET_HANDLE_FAILED			 107
 #define ENGINE_R_GET_RANDOM_FAILED			 133
 #define ENGINE_R_ID_OR_NAME_MISSING			 108
 #define ENGINE_R_INIT_FAILED				 109
 #define ENGINE_R_INTERNAL_LIST_ERROR			 110
 #define ENGINE_R_INVALID_PADDING			 137
 #define ENGINE_R_KEY_TOO_LARGE				 138
 #define ENGINE_R_MISSING_KEY_COMPONENTS			 111
 #define ENGINE_R_MOD_EXP_CRT_FAILED			 134
 #define ENGINE_R_MOD_EXP_FAILED				 131
 #define ENGINE_R_NOT_INITIALISED			 117
 #define ENGINE_R_NOT_LOADED				 112
 #define ENGINE_R_NO_CALLBACK				 127
 #define ENGINE_R_NO_CONTROL_FUNCTION			 120
 #define ENGINE_R_NO_INDEX				 139
 #define ENGINE_R_NO_KEY					 124
 #define ENGINE_R_NO_LOAD_FUNCTION			 125
 #define ENGINE_R_NO_REFERENCE				 130
 #define ENGINE_R_NO_SUCH_ENGINE				 116
 #define ENGINE_R_NO_UNLOAD_FUNCTION			 126
 #define ENGINE_R_PROVIDE_PARAMETERS			 113
 #define ENGINE_R_REQUEST_FAILED				 114
 #define ENGINE_R_REQUEST_FALLBACK			 118
 #define ENGINE_R_RETURN_CONNECTION_FAILED		 135
 #define ENGINE_R_SETBNCALLBACK_FAILURE			 136
 #define ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL		 122
 #define ENGINE_R_UNIT_FAILURE				 115
 #ifdef  __cplusplus
 }
 #endif
 #endif
--- a/crypto/engine/engine_err.c
+++ b/crypto/engine/engine_err.c
@@ -0,0 +1,246 @@
 /* crypto/engine/engine_err.c */
 /* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
 /* NOTE: this file was auto generated by the mkerr.pl script: any changes
 * made to it will be overwritten when the script next updates this file,
 * only reason strings will be preserved.
 */
 #include <stdio.h>
 #include <openssl/err.h>
 #include <openssl/engine.h>
 /* BEGIN ERROR CODES */
 #ifndef NO_ERR
 static ERR_STRING_DATA ENGINE_str_functs[]=
 	{
 {ERR_PACK(0,ENGINE_F_AEP_FINISH,0),	"AEP_FINISH"},
 {ERR_PACK(0,ENGINE_F_AEP_INIT,0),	"AEP_INIT"},
 {ERR_PACK(0,ENGINE_F_AEP_MOD_EXP,0),	"AEP_MOD_EXP"},
 {ERR_PACK(0,ENGINE_F_AEP_MOD_EXP_CRT,0),	"AEP_MOD_EXP_CRT"},
 {ERR_PACK(0,ENGINE_F_AEP_RAND,0),	"AEP_RAND"},
 {ERR_PACK(0,ENGINE_F_AEP_RSA_MOD_EXP,0),	"AEP_RSA_MOD_EXP"},
 {ERR_PACK(0,ENGINE_F_ATALLA_FINISH,0),	"ATALLA_FINISH"},
 {ERR_PACK(0,ENGINE_F_ATALLA_INIT,0),	"ATALLA_INIT"},
 {ERR_PACK(0,ENGINE_F_ATALLA_MOD_EXP,0),	"ATALLA_MOD_EXP"},
 {ERR_PACK(0,ENGINE_F_ATALLA_RSA_MOD_EXP,0),	"ATALLA_RSA_MOD_EXP"},
 {ERR_PACK(0,ENGINE_F_CSWIFT_DSA_SIGN,0),	"CSWIFT_DSA_SIGN"},
 {ERR_PACK(0,ENGINE_F_CSWIFT_DSA_VERIFY,0),	"CSWIFT_DSA_VERIFY"},
 {ERR_PACK(0,ENGINE_F_CSWIFT_FINISH,0),	"CSWIFT_FINISH"},
 {ERR_PACK(0,ENGINE_F_CSWIFT_INIT,0),	"CSWIFT_INIT"},
 {ERR_PACK(0,ENGINE_F_CSWIFT_MOD_EXP,0),	"CSWIFT_MOD_EXP"},
 {ERR_PACK(0,ENGINE_F_CSWIFT_MOD_EXP_CRT,0),	"CSWIFT_MOD_EXP_CRT"},
 {ERR_PACK(0,ENGINE_F_CSWIFT_RSA_MOD_EXP,0),	"CSWIFT_RSA_MOD_EXP"},
 {ERR_PACK(0,ENGINE_F_ENGINE_ADD,0),	"ENGINE_add"},
 {ERR_PACK(0,ENGINE_F_ENGINE_BY_ID,0),	"ENGINE_by_id"},
 {ERR_PACK(0,ENGINE_F_ENGINE_CTRL,0),	"ENGINE_ctrl"},
 {ERR_PACK(0,ENGINE_F_ENGINE_FINISH,0),	"ENGINE_finish"},
 {ERR_PACK(0,ENGINE_F_ENGINE_FREE,0),	"ENGINE_free"},
 {ERR_PACK(0,ENGINE_F_ENGINE_GET_BN_MOD_EXP,0),	"ENGINE_get_BN_mod_exp"},
 {ERR_PACK(0,ENGINE_F_ENGINE_GET_BN_MOD_EXP_CRT,0),	"ENGINE_get_BN_mod_exp_crt"},
 {ERR_PACK(0,ENGINE_F_ENGINE_GET_CTRL_FUNCTION,0),	"ENGINE_get_ctrl_function"},
 {ERR_PACK(0,ENGINE_F_ENGINE_GET_DH,0),	"ENGINE_get_DH"},
 {ERR_PACK(0,ENGINE_F_ENGINE_GET_DSA,0),	"ENGINE_get_DSA"},
 {ERR_PACK(0,ENGINE_F_ENGINE_GET_FINISH_FUNCTION,0),	"ENGINE_get_finish_function"},
 {ERR_PACK(0,ENGINE_F_ENGINE_GET_ID,0),	"ENGINE_get_id"},
 {ERR_PACK(0,ENGINE_F_ENGINE_GET_INIT_FUNCTION,0),	"ENGINE_get_init_function"},
 {ERR_PACK(0,ENGINE_F_ENGINE_GET_NAME,0),	"ENGINE_get_name"},
 {ERR_PACK(0,ENGINE_F_ENGINE_GET_NEXT,0),	"ENGINE_get_next"},
 {ERR_PACK(0,ENGINE_F_ENGINE_GET_PREV,0),	"ENGINE_get_prev"},
 {ERR_PACK(0,ENGINE_F_ENGINE_GET_RAND,0),	"ENGINE_get_RAND"},
 {ERR_PACK(0,ENGINE_F_ENGINE_GET_RSA,0),	"ENGINE_get_RSA"},
 {ERR_PACK(0,ENGINE_F_ENGINE_INIT,0),	"ENGINE_init"},
 {ERR_PACK(0,ENGINE_F_ENGINE_LIST_ADD,0),	"ENGINE_LIST_ADD"},
 {ERR_PACK(0,ENGINE_F_ENGINE_LIST_REMOVE,0),	"ENGINE_LIST_REMOVE"},
 {ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,0),	"ENGINE_load_private_key"},
 {ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,0),	"ENGINE_load_public_key"},
 {ERR_PACK(0,ENGINE_F_ENGINE_NEW,0),	"ENGINE_new"},
 {ERR_PACK(0,ENGINE_F_ENGINE_REMOVE,0),	"ENGINE_remove"},
 {ERR_PACK(0,ENGINE_F_ENGINE_SET_BN_MOD_EXP,0),	"ENGINE_set_BN_mod_exp"},
 {ERR_PACK(0,ENGINE_F_ENGINE_SET_BN_MOD_EXP_CRT,0),	"ENGINE_set_BN_mod_exp_crt"},
 {ERR_PACK(0,ENGINE_F_ENGINE_SET_CTRL_FUNCTION,0),	"ENGINE_set_ctrl_function"},
 {ERR_PACK(0,ENGINE_F_ENGINE_SET_DEFAULT_TYPE,0),	"ENGINE_SET_DEFAULT_TYPE"},
 {ERR_PACK(0,ENGINE_F_ENGINE_SET_DH,0),	"ENGINE_set_DH"},
 {ERR_PACK(0,ENGINE_F_ENGINE_SET_DSA,0),	"ENGINE_set_DSA"},
 {ERR_PACK(0,ENGINE_F_ENGINE_SET_FINISH_FUNCTION,0),	"ENGINE_set_finish_function"},
 {ERR_PACK(0,ENGINE_F_ENGINE_SET_ID,0),	"ENGINE_set_id"},
 {ERR_PACK(0,ENGINE_F_ENGINE_SET_INIT_FUNCTION,0),	"ENGINE_set_init_function"},
 {ERR_PACK(0,ENGINE_F_ENGINE_SET_NAME,0),	"ENGINE_set_name"},
 {ERR_PACK(0,ENGINE_F_ENGINE_SET_RAND,0),	"ENGINE_set_RAND"},
 {ERR_PACK(0,ENGINE_F_ENGINE_SET_RSA,0),	"ENGINE_set_RSA"},
 {ERR_PACK(0,ENGINE_F_ENGINE_UNLOAD_KEY,0),	"ENGINE_UNLOAD_KEY"},
 {ERR_PACK(0,ENGINE_F_HWCRHK_CTRL,0),	"HWCRHK_CTRL"},
 {ERR_PACK(0,ENGINE_F_HWCRHK_FINISH,0),	"HWCRHK_FINISH"},
 {ERR_PACK(0,ENGINE_F_HWCRHK_GET_PASS,0),	"HWCRHK_GET_PASS"},
 {ERR_PACK(0,ENGINE_F_HWCRHK_INIT,0),	"HWCRHK_INIT"},
 {ERR_PACK(0,ENGINE_F_HWCRHK_LOAD_PRIVKEY,0),	"HWCRHK_LOAD_PRIVKEY"},
 {ERR_PACK(0,ENGINE_F_HWCRHK_LOAD_PUBKEY,0),	"HWCRHK_LOAD_PUBKEY"},
 {ERR_PACK(0,ENGINE_F_HWCRHK_MOD_EXP,0),	"HWCRHK_MOD_EXP"},
 {ERR_PACK(0,ENGINE_F_HWCRHK_MOD_EXP_CRT,0),	"HWCRHK_MOD_EXP_CRT"},
 {ERR_PACK(0,ENGINE_F_HWCRHK_RAND_BYTES,0),	"HWCRHK_RAND_BYTES"},
 {ERR_PACK(0,ENGINE_F_HWCRHK_RSA_MOD_EXP,0),	"HWCRHK_RSA_MOD_EXP"},
 {ERR_PACK(0,ENGINE_F_KC_INT_DSA_PRIV,0),	"KC_INT_DSA_PRIV"},
 {ERR_PACK(0,ENGINE_F_KC_INT_DSA_VERIFY,0),	"KC_INT_DSA_VERIFY"},
 {ERR_PACK(0,ENGINE_F_KC_INT_RSA_PRIV,0),	"KC_INT_RSA_PRIV"},
 {ERR_PACK(0,ENGINE_F_KC_INT_RSA_PUB,0),	"KC_INT_RSA_PUB"},
 {ERR_PACK(0,ENGINE_F_KEYCLIENT_CHECK_GLOBAL,0),	"KEYCLIENT_CHECK_GLOBAL"},
 {ERR_PACK(0,ENGINE_F_KEYCLIENT_DSA_FINISH,0),	"KEYCLIENT_DSA_FINISH"},
 {ERR_PACK(0,ENGINE_F_KEYCLIENT_DSA_INIT,0),	"KEYCLIENT_DSA_INIT"},
 {ERR_PACK(0,ENGINE_F_KEYCLIENT_DSA_SIGN,0),	"KEYCLIENT_DSA_SIGN"},
 {ERR_PACK(0,ENGINE_F_KEYCLIENT_DSA_VERIFY,0),	"KEYCLIENT_DSA_VERIFY"},
 {ERR_PACK(0,ENGINE_F_KEYCLIENT_FINISH,0),	"KEYCLIENT_FINISH"},
 {ERR_PACK(0,ENGINE_F_KEYCLIENT_GET_DSA_CTX,0),	"KEYCLIENT_GET_DSA_CTX"},
 {ERR_PACK(0,ENGINE_F_KEYCLIENT_GET_RSA_CTX,0),	"KEYCLIENT_GET_RSA_CTX"},
 {ERR_PACK(0,ENGINE_F_KEYCLIENT_INIT,0),	"KEYCLIENT_INIT"},
 {ERR_PACK(0,ENGINE_F_KEYCLIENT_PADDING,0),	"KEYCLIENT_PADDING"},
 {ERR_PACK(0,ENGINE_F_KEYCLIENT_RSA_FINISH,0),	"KEYCLIENT_RSA_FINISH"},
 {ERR_PACK(0,ENGINE_F_KEYCLIENT_RSA_INIT,0),	"KEYCLIENT_RSA_INIT"},
 {ERR_PACK(0,ENGINE_F_KEYCLIENT_RSA_PRIV_DEC,0),	"KEYCLIENT_RSA_PRIV_DEC"},
 {ERR_PACK(0,ENGINE_F_KEYCLIENT_RSA_PRIV_ENC,0),	"KEYCLIENT_RSA_PRIV_ENC"},
 {ERR_PACK(0,ENGINE_F_KEYCLIENT_RSA_PUB_DEC,0),	"KEYCLIENT_RSA_PUB_DEC"},
 {ERR_PACK(0,ENGINE_F_KEYCLIENT_RSA_PUB_ENC,0),	"KEYCLIENT_RSA_PUB_ENC"},
 {ERR_PACK(0,ENGINE_F_KEYCLIENT_SET_DSA_CTX,0),	"KEYCLIENT_SET_DSA_CTX"},
 {ERR_PACK(0,ENGINE_F_KEYCLIENT_SET_RSA_CTX,0),	"KEYCLIENT_SET_RSA_CTX"},
 {ERR_PACK(0,ENGINE_F_LOG_MESSAGE,0),	"LOG_MESSAGE"},
 {ERR_PACK(0,ENGINE_F_SUREWAREHK_CTRL,0),	"SUREWAREHK_CTRL"},
 {ERR_PACK(0,ENGINE_F_SUREWAREHK_DH_GEN_KEY,0),	"SUREWAREHK_DH_GEN_KEY"},
 {ERR_PACK(0,ENGINE_F_SUREWAREHK_DSA_DO_SIGN,0),	"SUREWAREHK_DSA_DO_SIGN"},
 {ERR_PACK(0,ENGINE_F_SUREWAREHK_EX_FREE,0),	"SUREWAREHK_EX_FREE"},
 {ERR_PACK(0,ENGINE_F_SUREWAREHK_FINISH,0),	"SUREWAREHK_FINISH"},
 {ERR_PACK(0,ENGINE_F_SUREWAREHK_INIT,0),	"SUREWAREHK_INIT"},
 {ERR_PACK(0,ENGINE_F_SUREWAREHK_LOAD_PRIVATE_KEY,0),	"SUREWAREHK_LOAD_PRIVATE_KEY"},
 {ERR_PACK(0,ENGINE_F_SUREWAREHK_LOAD_PUBLIC_KEY,0),	"SUREWAREHK_LOAD_PUBLIC_KEY"},
 {ERR_PACK(0,ENGINE_F_SUREWAREHK_MOD_EXP,0),	"SUREWAREHK_MOD_EXP"},
 {ERR_PACK(0,ENGINE_F_SUREWAREHK_RAND_BYTES,0),	"SUREWAREHK_RAND_BYTES"},
 {ERR_PACK(0,ENGINE_F_SUREWAREHK_RAND_SEED,0),	"SUREWAREHK_RAND_SEED"},
 {ERR_PACK(0,ENGINE_F_SUREWAREHK_RSA_PRIV_DEC,0),	"SUREWAREHK_RSA_PRIV_DEC"},
 {ERR_PACK(0,ENGINE_F_SUREWAREHK_RSA_PRIV_ENC,0),	"SUREWAREHK_RSA_PRIV_ENC"},
 {ERR_PACK(0,ENGINE_F_UBSEC_CTRL,0),	"UBSEC_CTRL"},
 {ERR_PACK(0,ENGINE_F_UBSEC_DH_COMPUTE_KEY,0),	"UBSEC_DH_COMPUTE_KEY"},
 {ERR_PACK(0,ENGINE_F_UBSEC_DSA_SIGN,0),	"UBSEC_DSA_SIGN"},
 {ERR_PACK(0,ENGINE_F_UBSEC_DSA_VERIFY,0),	"UBSEC_DSA_VERIFY"},
 {ERR_PACK(0,ENGINE_F_UBSEC_FINISH,0),	"UBSEC_FINISH"},
 {ERR_PACK(0,ENGINE_F_UBSEC_INIT,0),	"UBSEC_INIT"},
 {ERR_PACK(0,ENGINE_F_UBSEC_MOD_EXP,0),	"UBSEC_MOD_EXP"},
 {ERR_PACK(0,ENGINE_F_UBSEC_RNG_BYTES,0),	"UBSEC_RNG_BYTES"},
 {ERR_PACK(0,ENGINE_F_UBSEC_RSA_MOD_EXP,0),	"UBSEC_RSA_MOD_EXP"},
 {ERR_PACK(0,ENGINE_F_UBSEC_RSA_MOD_EXP_CRT,0),	"UBSEC_RSA_MOD_EXP_CRT"},
 {0,NULL}
 	};
 static ERR_STRING_DATA ENGINE_str_reasons[]=
 	{
 {ENGINE_R_AEP_INIT_FAILURE               ,"aep init failure"},
 {ENGINE_R_ALREADY_LOADED                 ,"already loaded"},
 {ENGINE_R_BIO_WAS_FREED                  ,"bio was freed"},
 {ENGINE_R_BN_CTX_FULL                    ,"BN_CTX full"},
 {ENGINE_R_BN_EXPAND_FAIL                 ,"bn_expand fail"},
 {ENGINE_R_CHIL_ERROR                     ,"chil error"},
 {ENGINE_R_CLOSE_HANDLES_FAILED           ,"close handles failed"},
 {ENGINE_R_CONFLICTING_ENGINE_ID          ,"conflicting engine id"},
 {ENGINE_R_CONNECTIONS_IN_USE             ,"connections in use"},
 {ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED   ,"ctrl command not implemented"},
 {ENGINE_R_DSO_FAILURE                    ,"DSO failure"},
 {ENGINE_R_ENGINE_IS_NOT_IN_LIST          ,"engine is not in the list"},
 {ENGINE_R_FAILED_LOADING_PRIVATE_KEY     ,"failed loading private key"},
 {ENGINE_R_FAILED_LOADING_PUBLIC_KEY      ,"failed loading public key"},
 {ENGINE_R_FINALIZE_FAILED                ,"finalize failed"},
 {ENGINE_R_FINISH_FAILED                  ,"finish failed"},
 {ENGINE_R_GET_HANDLE_FAILED              ,"could not obtain hardware handle"},
 {ENGINE_R_GET_RANDOM_FAILED              ,"get random failed"},
 {ENGINE_R_ID_OR_NAME_MISSING             ,"'id' or 'name' missing"},
 {ENGINE_R_INIT_FAILED                    ,"init failed"},
 {ENGINE_R_INTERNAL_LIST_ERROR            ,"internal list error"},
 {ENGINE_R_INVALID_PADDING                ,"invalid padding"},
 {ENGINE_R_KEY_TOO_LARGE                  ,"key too large"},
 {ENGINE_R_MISSING_KEY_COMPONENTS         ,"missing key components"},
 {ENGINE_R_MOD_EXP_CRT_FAILED             ,"mod exp crt failed"},
 {ENGINE_R_MOD_EXP_FAILED                 ,"mod exp failed"},
 {ENGINE_R_NOT_INITIALISED                ,"not initialised"},
 {ENGINE_R_NOT_LOADED                     ,"not loaded"},
 {ENGINE_R_NO_CALLBACK                    ,"no callback"},
 {ENGINE_R_NO_CONTROL_FUNCTION            ,"no control function"},
 {ENGINE_R_NO_INDEX                       ,"no index"},
 {ENGINE_R_NO_KEY                         ,"no key"},
 {ENGINE_R_NO_LOAD_FUNCTION               ,"no load function"},
 {ENGINE_R_NO_REFERENCE                   ,"no reference"},
 {ENGINE_R_NO_SUCH_ENGINE                 ,"no such engine"},
 {ENGINE_R_NO_UNLOAD_FUNCTION             ,"no unload function"},
 {ENGINE_R_PROVIDE_PARAMETERS             ,"provide parameters"},
 {ENGINE_R_REQUEST_FAILED                 ,"request failed"},
 {ENGINE_R_REQUEST_FALLBACK               ,"request fallback"},
 {ENGINE_R_RETURN_CONNECTION_FAILED       ,"return connection failed"},
 {ENGINE_R_SETBNCALLBACK_FAILURE          ,"setbncallback failure"},
 {ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL    ,"size too large or too small"},
 {ENGINE_R_UNIT_FAILURE                   ,"unit failure"},
 {0,NULL}
 	};
 #endif
 void ERR_load_ENGINE_strings(void)
 	{
 	static int init=1;
 	if (init)
 		{
 		init=0;
 #ifndef NO_ERR
 		ERR_load_strings(ERR_LIB_ENGINE,ENGINE_str_functs);
 		ERR_load_strings(ERR_LIB_ENGINE,ENGINE_str_reasons);
 #endif
 		}
 	}
--- a/crypto/engine/engine_int.h
+++ b/crypto/engine/engine_int.h
@@ -0,0 +1,179 @@
 /* crypto/engine/engine_int.h */
 /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
 * project 2000.
 */
 /* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
 #ifndef HEADER_ENGINE_INT_H
 #define HEADER_ENGINE_INT_H
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>
 #include <openssl/dh.h>
 #include <openssl/rand.h>
 #include <openssl/bn.h>
 #include <openssl/evp.h>
 #ifdef  __cplusplus
 extern "C" {
 #endif
 /* Bitwise OR-able values for the "flags" variable in ENGINE. */
 #define ENGINE_FLAGS_MALLOCED	0x0001
 #ifndef HEADER_ENGINE_H
 /* Regrettably, we need to reproduce the "BN" function types here
 * because there is no such "BIGNUM_METHOD" as there is with RSA,
 * DSA, etc. We do this so that we don't have a case where engine.h
 * and engine_int.h conflict with each other. */
 typedef int (*BN_MOD_EXP)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
 		const BIGNUM *m, BN_CTX *ctx);
 /* private key operation for RSA, provided seperately in case other
 * RSA implementations wish to use it. */
 typedef int (*BN_MOD_EXP_CRT)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
 		const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
 		const BIGNUM *iqmp, BN_CTX *ctx);
 /* Generic function pointer */
 typedef int (*ENGINE_GEN_FUNC_PTR)();
 /* Generic function pointer taking no arguments */
 typedef int (*ENGINE_GEN_INT_FUNC_PTR)(void);
 /* Specific control function pointer */
 typedef int (*ENGINE_CTRL_FUNC_PTR)(int cmd, long i, void *p, void (*f)());
 #endif
 /* This is a structure for storing implementations of various crypto
 * algorithms and functions. */
 typedef struct engine_st
 	{
 	const char *id;
 	const char *name;
 	RSA_METHOD *rsa_meth;
 	DSA_METHOD *dsa_meth;
 	DH_METHOD *dh_meth;
 	RAND_METHOD *rand_meth;
 	BN_MOD_EXP bn_mod_exp;
 	BN_MOD_EXP_CRT bn_mod_exp_crt;
 	int (*init)(void);
 	int (*finish)(void);
 	int (*ctrl)(int cmd, long i, void *p, void (*f)());
 	EVP_PKEY *(*load_privkey)(const char *key_id, const char *passphrase);
 	EVP_PKEY *(*load_pubkey)(const char *key_id, const char *passphrase);
 	int flags;
 	/* reference count on the structure itself */
 	int struct_ref;
 	/* reference count on usability of the engine type. NB: This
 	 * controls the loading and initialisation of any functionlity
 	 * required by this engine, whereas the previous count is
 	 * simply to cope with (de)allocation of this structure. Hence,
 	 * running_ref <= struct_ref at all times. */
 	int funct_ref;
 	/* Used to maintain the linked-list of engines. */
 	struct engine_st *prev;
 	struct engine_st *next;
 	} ENGINE;
 /* BUILT-IN ENGINES. (these functions are only ever called once and
 * do not return references - they are purely for bootstrapping). */
 /* Returns a structure of software only methods (the default). */
 ENGINE *ENGINE_openssl();
 #ifndef NO_HW
 #ifndef NO_HW_CSWIFT
 /* Returns a structure of cswift methods ... NB: This can exist and be
 * "used" even on non-cswift systems because the "init" will fail if the
 * card/library are not found. */
 ENGINE *ENGINE_cswift();
 #endif /* !NO_HW_CSWIFT */
 #ifndef NO_HW_NCIPHER
 ENGINE *ENGINE_ncipher();
 #endif /* !NO_HW_NCIPHER */
 #ifndef NO_HW_ATALLA
 /* Returns a structure of atalla methods. */
 ENGINE *ENGINE_atalla();
 #endif /* !NO_HW_ATALLA */
 #ifndef NO_HW_AEP
 /* Returns a structure of AEP methods. */
 ENGINE *ENGINE_aep();
 #endif /* !NO_HW_AEP */
 #ifndef NO_HW_SUREWARE
 /* Returns a structure of atalla methods. */
 ENGINE *ENGINE_sureware();
 #endif /* !NO_HW_SUREWARE */
 #ifndef NO_HW_UBSEC
 /* Returns a structure of ubsec methods. */
 ENGINE *ENGINE_ubsec();
 #endif /* !NO_HW_UBSEC */
 #ifndef NO_HW_KEYCLIENT
 /* Returns a structure of keyclient methods. */
 ENGINE *ENGINE_keyclient();
 #endif /* !NO_HW_KEYCLIENT */
 #endif /* !NO_HW */
 #ifdef  __cplusplus
 }
 #endif
 #endif /* HEADER_ENGINE_INT_H */
--- a/crypto/engine/engine_lib.c
+++ b/crypto/engine/engine_lib.c
@@ -0,0 +1,489 @@
 /* crypto/engine/engine_lib.c */
 /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
 * project 2000.
 */
 /* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
 #include <openssl/crypto.h>
 #include "cryptlib.h"
 #include "engine_int.h"
 #include <openssl/engine.h>
 /* These pointers each have their own "functional reference" when they
 * are non-NULL. Similarly, when they are retrieved by a call to
 * ENGINE_get_default_[RSA|DSA|...] the returned pointer is also a
 * reference and the caller is responsible for freeing that when they
 * are finished with it (with a call to ENGINE_finish() *NOT* just
 * ENGINE_free()!!!!!!). */
 static ENGINE *engine_def_rsa = NULL;
 static ENGINE *engine_def_dsa = NULL;
 static ENGINE *engine_def_dh = NULL;
 static ENGINE *engine_def_rand = NULL;
 static ENGINE *engine_def_bn_mod_exp = NULL;
 static ENGINE *engine_def_bn_mod_exp_crt = NULL;
 /* A static "once-only" flag used to control if/when the above were
 * initialised to suitable start-up defaults. */
 static int engine_def_flag = 0;
 /* This is used in certain static utility functions to save code
 * repetition for per-algorithm functions. */
 typedef enum {
 	ENGINE_TYPE_RSA,
 	ENGINE_TYPE_DSA,
 	ENGINE_TYPE_DH,
 	ENGINE_TYPE_RAND,
 	ENGINE_TYPE_BN_MOD_EXP,
 	ENGINE_TYPE_BN_MOD_EXP_CRT
 	} ENGINE_TYPE;
 static void engine_def_check_util(ENGINE **def, ENGINE *val)
 	{
 	*def = val;
 	val->struct_ref++;
 	val->funct_ref++;
 	}
 /* In a slight break with convention - this static function must be
 * called *outside* any locking of CRYPTO_LOCK_ENGINE. */
 static void engine_def_check(void)
 	{
 	ENGINE *e;
 	if(engine_def_flag)
 		return;
 	e = ENGINE_get_first();
 	if(e == NULL)
 		/* The list is empty ... not much we can do! */
 		return;
 	/* We have a structural reference, see if getting a functional
 	 * reference is possible. This is done to cope with init errors
 	 * in the engine - the following locked code does a bunch of
 	 * manual "ENGINE_init"s which do *not* allow such an init
 	 * error so this is worth doing. */
 	if(ENGINE_init(e))
 		{
 		CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
 		/* Doing another check here prevents an obvious race
 		 * condition because the whole function itself cannot
 		 * be locked. */
 		if(engine_def_flag)
 			goto skip_set_defaults;
 		/* OK, we got a functional reference, so we get one each
 		 * for the defaults too. */
 		engine_def_check_util(&engine_def_rsa, e);
 		engine_def_check_util(&engine_def_dsa, e);
 		engine_def_check_util(&engine_def_dh, e);
 		engine_def_check_util(&engine_def_rand, e);
 		engine_def_check_util(&engine_def_bn_mod_exp, e);
 		engine_def_check_util(&engine_def_bn_mod_exp_crt, e);
 		engine_def_flag = 1;
 skip_set_defaults:
 		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
 		/* The "if" needs to be balanced out. */
 		ENGINE_finish(e);
 		}
 	/* We need to balance out the fact we obtained a structural
 	 * reference to begin with from ENGINE_get_first(). */
 	ENGINE_free(e);
 	}
 /* Initialise a engine type for use (or up its functional reference count
 * if it's already in use). */
 int ENGINE_init(ENGINE *e)
 	{
 	int to_return = 1;
 	if(e == NULL)
 		{
 		ENGINEerr(ENGINE_F_ENGINE_INIT,ERR_R_PASSED_NULL_PARAMETER);
 		return 0;
 		}
 	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
 	if((e->funct_ref == 0) && e->init)
 		/* This is the first functional reference and the engine
 		 * requires initialisation so we do it now. */
 		to_return = e->init();
 	if(to_return)
 		{
 		/* OK, we return a functional reference which is also a
 		 * structural reference. */
 		e->struct_ref++;
 		e->funct_ref++;
 		}
 	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
 	return to_return;
 	}
 /* Free a functional reference to a engine type */
 int ENGINE_finish(ENGINE *e)
 	{
 	int to_return = 1;
 	if(e == NULL)
 		{
 		ENGINEerr(ENGINE_F_ENGINE_FINISH,ERR_R_PASSED_NULL_PARAMETER);
 		return 0;
 		}
 	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
 	if((e->funct_ref == 1) && e->finish)
 #if 0
 		/* This is the last functional reference and the engine
 		 * requires cleanup so we do it now. */
 		to_return = e->finish();
 	if(to_return)
 		{
 		/* Cleanup the functional reference which is also a
 		 * structural reference. */
 		e->struct_ref--;
 		e->funct_ref--;
 		}
 	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
 #else
 		/* I'm going to deliberately do a convoluted version of this
 		 * piece of code because we don't want "finish" functions
 		 * being called inside a locked block of code, if at all
 		 * possible. I'd rather have this call take an extra couple
 		 * of ticks than have throughput serialised on a externally-
 		 * provided callback function that may conceivably never come
 		 * back. :-( */
 		{
 		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
 		/* CODE ALERT: This *IS* supposed to be "=" and NOT "==" :-) */
 		if((to_return = e->finish()))
 			{
 			CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
 			/* Cleanup the functional reference which is also a
 			 * structural reference. */
 			e->struct_ref--;
 			e->funct_ref--;
 			CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
 			}
 		}
 	else
 		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
 #endif
 	return to_return;
 	}
 EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
 	const char *passphrase)
 	{
 	EVP_PKEY *pkey;
 	if(e == NULL)
 		{
 		ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
 			ERR_R_PASSED_NULL_PARAMETER);
 		return 0;
 		}
 	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
 	if(e->funct_ref == 0)
 		{
 		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
 		ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
 			ENGINE_R_NOT_INITIALISED);
 		return 0;
 		}
 	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
 	if (!e->load_privkey)
 		{
 		ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
 			ENGINE_R_NO_LOAD_FUNCTION);
 		return 0;
 		}
 	pkey = e->load_privkey(key_id, passphrase);
 	if (!pkey)
 		{
 		ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
 			ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
 		return 0;
 		}
 	return pkey;
 	}
 EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
 	const char *passphrase)
 	{
 	EVP_PKEY *pkey;
 	if(e == NULL)
 		{
 		ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
 			ERR_R_PASSED_NULL_PARAMETER);
 		return 0;
 		}
 	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
 	if(e->funct_ref == 0)
 		{
 		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
 		ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
 			ENGINE_R_NOT_INITIALISED);
 		return 0;
 		}
 	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
 	if (!e->load_pubkey)
 		{
 		ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
 			ENGINE_R_NO_LOAD_FUNCTION);
 		return 0;
 		}
 	pkey = e->load_pubkey(key_id, passphrase);
 	if (!pkey)
 		{
 		ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
 			ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
 		return 0;
 		}
 	return pkey;
 	}
 int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
 	{
 	if(e == NULL)
 		{
 		ENGINEerr(ENGINE_F_ENGINE_CTRL,ERR_R_PASSED_NULL_PARAMETER);
 		return 0;
 		}
 	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
 	if(e->struct_ref == 0)
 		{
 		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
 		ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_REFERENCE);
 		return 0;
 		}
 	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
 	if (!e->ctrl)
 		{
 		ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION);
 		return 0;
 		}
 	return e->ctrl(cmd, i, p, f);
 	}
 static ENGINE *engine_get_default_type(ENGINE_TYPE t)
 	{
 	ENGINE *ret = NULL;
 	/* engine_def_check is lean and mean and won't replace any
 	 * prior default engines ... so we must ensure that it is always
 	 * the first function to get to touch the default values. */
 	engine_def_check();
 	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
 	switch(t)
 		{
 	case ENGINE_TYPE_RSA:
 		ret = engine_def_rsa; break;
 	case ENGINE_TYPE_DSA:
 		ret = engine_def_dsa; break;
 	case ENGINE_TYPE_DH:
 		ret = engine_def_dh; break;
 	case ENGINE_TYPE_RAND:
 		ret = engine_def_rand; break;
 	case ENGINE_TYPE_BN_MOD_EXP:
 		ret = engine_def_bn_mod_exp; break;
 	case ENGINE_TYPE_BN_MOD_EXP_CRT:
 		ret = engine_def_bn_mod_exp_crt; break;
 		}
 	/* Unforunately we can't do this work outside the lock with a
 	 * call to ENGINE_init() because that would leave a race
 	 * condition open. */
 	if(ret)
 		{
 		ret->struct_ref++;
 		ret->funct_ref++;
 		}
 	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
 	return ret;
 	}
 ENGINE *ENGINE_get_default_RSA(void)
 	{
 	return engine_get_default_type(ENGINE_TYPE_RSA);
 	}
 ENGINE *ENGINE_get_default_DSA(void)
 	{
 	return engine_get_default_type(ENGINE_TYPE_DSA);
 	}
 ENGINE *ENGINE_get_default_DH(void)
 	{
 	return engine_get_default_type(ENGINE_TYPE_DH);
 	}
 ENGINE *ENGINE_get_default_RAND(void)
 	{
 	return engine_get_default_type(ENGINE_TYPE_RAND);
 	}
 ENGINE *ENGINE_get_default_BN_mod_exp(void)
 	{
 	return engine_get_default_type(ENGINE_TYPE_BN_MOD_EXP);
 	}
 ENGINE *ENGINE_get_default_BN_mod_exp_crt(void)
 	{
 	return engine_get_default_type(ENGINE_TYPE_BN_MOD_EXP_CRT);
 	}
 static int engine_set_default_type(ENGINE_TYPE t, ENGINE *e)
 	{
 	ENGINE *old = NULL;
 	if(e == NULL)
 		{
 		ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_TYPE,
 			ERR_R_PASSED_NULL_PARAMETER);
 		return 0;
 		}
 	/* engine_def_check is lean and mean and won't replace any
 	 * prior default engines ... so we must ensure that it is always
 	 * the first function to get to touch the default values. */
 	engine_def_check();
 	/* Attempt to get a functional reference (we need one anyway, but
 	 * also, 'e' may be just a structural reference being passed in so
 	 * this call may actually be the first). */
 	if(!ENGINE_init(e))
 		{
 		ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_TYPE,
 			ENGINE_R_INIT_FAILED);
 		return 0;
 		}
 	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
 	switch(t)
 		{
 	case ENGINE_TYPE_RSA:
 		old = engine_def_rsa;
 		engine_def_rsa = e; break;
 	case ENGINE_TYPE_DSA:
 		old = engine_def_dsa;
 		engine_def_dsa = e; break;
 	case ENGINE_TYPE_DH:
 		old = engine_def_dh;
 		engine_def_dh = e; break;
 	case ENGINE_TYPE_RAND:
 		old = engine_def_rand;
 		engine_def_rand = e; break;
 	case ENGINE_TYPE_BN_MOD_EXP:
 		old = engine_def_bn_mod_exp;
 		engine_def_bn_mod_exp = e; break;
 	case ENGINE_TYPE_BN_MOD_EXP_CRT:
 		old = engine_def_bn_mod_exp_crt;
 		engine_def_bn_mod_exp_crt = e; break;
 		}
 	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
 	/* If we've replaced a previous value, then we need to remove the
 	 * functional reference we had. */
 	if(old && !ENGINE_finish(old))
 		{
 		ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_TYPE,
 			ENGINE_R_FINISH_FAILED);
 		return 0;
 		}
 	return 1;
 	}
 int ENGINE_set_default_RSA(ENGINE *e)
 	{
 	return engine_set_default_type(ENGINE_TYPE_RSA, e);
 	}
 int ENGINE_set_default_DSA(ENGINE *e)
 	{
 	return engine_set_default_type(ENGINE_TYPE_DSA, e);
 	}
 int ENGINE_set_default_DH(ENGINE *e)
 	{
 	return engine_set_default_type(ENGINE_TYPE_DH, e);
 	}
 int ENGINE_set_default_RAND(ENGINE *e)
 	{
 	return engine_set_default_type(ENGINE_TYPE_RAND, e);
 	}
 int ENGINE_set_default_BN_mod_exp(ENGINE *e)
 	{
 	return engine_set_default_type(ENGINE_TYPE_BN_MOD_EXP, e);
 	}
 int ENGINE_set_default_BN_mod_exp_crt(ENGINE *e)
 	{
 	return engine_set_default_type(ENGINE_TYPE_BN_MOD_EXP_CRT, e);
 	}
 int ENGINE_set_default(ENGINE *e, unsigned int flags)
 	{
 	if((flags & ENGINE_METHOD_RSA) && e->rsa_meth &&
 			!ENGINE_set_default_RSA(e))
 		return 0;
 	if((flags & ENGINE_METHOD_DSA) && e->dsa_meth &&
 			!ENGINE_set_default_DSA(e))
 		return 0;
 	if((flags & ENGINE_METHOD_DH) && e->dh_meth &&
 			!ENGINE_set_default_DH(e))
 		return 0;
 	if((flags & ENGINE_METHOD_RAND) && e->rand_meth &&
 			!ENGINE_set_default_RAND(e))
 		return 0;
 	if((flags & ENGINE_METHOD_BN_MOD_EXP) && e->bn_mod_exp &&
 			!ENGINE_set_default_BN_mod_exp(e))
 		return 0;
 	if((flags & ENGINE_METHOD_BN_MOD_EXP_CRT) && e->bn_mod_exp_crt &&
 			!ENGINE_set_default_BN_mod_exp_crt(e))
 		return 0;
 	return 1;
 	}
--- a/crypto/engine/engine_list.c
+++ b/crypto/engine/engine_list.c
@@ -0,0 +1,691 @@
 /* crypto/engine/engine_list.c */
 /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
 * project 2000.
 */
 /* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
 #include <openssl/crypto.h>
 #include "cryptlib.h"
 #include "engine_int.h"
 #include <openssl/engine.h>
 /* The linked-list of pointers to engine types. engine_list_head
 * incorporates an implicit structural reference but engine_list_tail
 * does not - the latter is a computational niceity and only points
 * to something that is already pointed to by its predecessor in the
 * list (or engine_list_head itself). In the same way, the use of the
 * "prev" pointer in each ENGINE is to save excessive list iteration,
 * it doesn't correspond to an extra structural reference. Hence,
 * engine_list_head, and each non-null "next" pointer account for
 * the list itself assuming exactly 1 structural reference on each
 * list member. */
 static ENGINE *engine_list_head = NULL;
 static ENGINE *engine_list_tail = NULL;
 /* A boolean switch, used to ensure we only initialise once. This
 * is needed because the engine list may genuinely become empty during
 * use (so we can't use engine_list_head as an indicator for example. */
 static int engine_list_flag = 0;
 /* These static functions starting with a lower case "engine_" always
 * take place when CRYPTO_LOCK_ENGINE has been locked up. */
 static int engine_list_add(ENGINE *e)
 	{
 	int conflict = 0;
 	ENGINE *iterator = NULL;
 	if(e == NULL)
 		{
 		ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
 			ERR_R_PASSED_NULL_PARAMETER);
 		return 0;
 		}
 	iterator = engine_list_head;
 	while(iterator && !conflict)
 		{
 		conflict = (strcmp(iterator->id, e->id) == 0);
 		iterator = iterator->next;
 		}
 	if(conflict)
 		{
 		ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
 			ENGINE_R_CONFLICTING_ENGINE_ID);
 		return 0;
 		}
 	if(engine_list_head == NULL)
 		{
 		/* We are adding to an empty list. */
 		if(engine_list_tail)
 			{
 			ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
 				ENGINE_R_INTERNAL_LIST_ERROR);
 			return 0;
 			}
 		engine_list_head = e;
 		e->prev = NULL;
 		}
 	else
 		{
 		/* We are adding to the tail of an existing list. */
 		if((engine_list_tail == NULL) ||
 				(engine_list_tail->next != NULL))
 			{
 			ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
 				ENGINE_R_INTERNAL_LIST_ERROR);
 			return 0;
 			}
 		engine_list_tail->next = e;
 		e->prev = engine_list_tail;
 		}
 	/* Having the engine in the list assumes a structural
 	 * reference. */
 	e->struct_ref++;
 	/* However it came to be, e is the last item in the list. */
 	engine_list_tail = e;
 	e->next = NULL;
 	return 1;
 	}
 static int engine_list_remove(ENGINE *e)
 	{
 	ENGINE *iterator;
 	if(e == NULL)
 		{
 		ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
 			ERR_R_PASSED_NULL_PARAMETER);
 		return 0;
 		}
 	/* We need to check that e is in our linked list! */
 	iterator = engine_list_head;
 	while(iterator && (iterator != e))
 		iterator = iterator->next;
 	if(iterator == NULL)
 		{
 		ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
 			ENGINE_R_ENGINE_IS_NOT_IN_LIST);
 		return 0;
 		}
 	/* un-link e from the chain. */
 	if(e->next)
 		e->next->prev = e->prev;
 	if(e->prev)
 		e->prev->next = e->next;
 	/* Correct our head/tail if necessary. */
 	if(engine_list_head == e)
 		engine_list_head = e->next;
 	if(engine_list_tail == e)
 		engine_list_tail = e->prev;
 	/* remove our structural reference. */
 	e->struct_ref--;
 	return 1;
 	}
 /* This check always takes place with CRYPTO_LOCK_ENGINE locked up
 * so we're synchronised, but we can't call anything that tries to
 * lock it again! :-) NB: For convenience (and code-clarity) we
 * don't output errors for failures of the engine_list_add function
 * as it will generate errors itself. */
 static int engine_internal_check(void)
 	{
 	if(engine_list_flag)
 		return 1;
 	/* This is our first time up, we need to populate the list
 	 * with our statically compiled-in engines. */
 	if(!engine_list_add(ENGINE_openssl()))
 		return 0;
 #ifndef NO_HW
 #ifndef NO_HW_CSWIFT
 	if(!engine_list_add(ENGINE_cswift()))
 		return 0;
 #endif /* !NO_HW_CSWIFT */
 #ifndef NO_HW_NCIPHER
 	if(!engine_list_add(ENGINE_ncipher()))
 		return 0;
 #endif /* !NO_HW_NCIPHER */
 #ifndef NO_HW_ATALLA
 	if(!engine_list_add(ENGINE_atalla()))
 		return 0;
 #endif /* !NO_HW_ATALLA */
 #ifndef NO_HW_AEP
 	if(!engine_list_add(ENGINE_aep()))
 		return 0;
 #endif /* !NO_HW_AEP */
 #ifndef NO_HW_SUREWARE
       if(!engine_list_add(ENGINE_sureware()))
                return 0;
 #endif /* !NO_HW_SUREWARE */
 #ifndef NO_HW_UBSEC
 	if(!engine_list_add(ENGINE_ubsec()))
 		return 0;
 #endif /* !NO_HW_UBSEC */
 #ifndef NO_HW_KEYCLIENT
 	if(!engine_list_add(ENGINE_keyclient()))
 		return 0;
 #endif /* !NO_HW_KEYCLIENT */
 #endif /* !NO_HW */
 	engine_list_flag = 1;
 	return 1;
 	}
 /* Get the first/last "ENGINE" type available. */
 ENGINE *ENGINE_get_first(void)
 	{
 	ENGINE *ret = NULL;
 	CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
 	if(engine_internal_check())
 		{
 		ret = engine_list_head;
 		if(ret)
 			ret->struct_ref++;
 		}
 	CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
 	return ret;
 	}
 ENGINE *ENGINE_get_last(void)
 	{
 	ENGINE *ret = NULL;
 	CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
 	if(engine_internal_check())
 		{
 		ret = engine_list_tail;
 		if(ret)
 			ret->struct_ref++;
 		}
 	CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
 	return ret;
 	}
 /* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
 ENGINE *ENGINE_get_next(ENGINE *e)
 	{
 	ENGINE *ret = NULL;
 	if(e == NULL)
 		{
 		ENGINEerr(ENGINE_F_ENGINE_GET_NEXT,
 			ERR_R_PASSED_NULL_PARAMETER);
 		return 0;
 		}
 	CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
 	ret = e->next;
 	e->struct_ref--;
 	if(ret)
 		ret->struct_ref++;
 	CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
 	return ret;
 	}
 ENGINE *ENGINE_get_prev(ENGINE *e)
 	{
 	ENGINE *ret = NULL;
 	if(e == NULL)
 		{
 		ENGINEerr(ENGINE_F_ENGINE_GET_PREV,
 			ERR_R_PASSED_NULL_PARAMETER);
 		return 0;
 		}
 	CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
 	ret = e->prev;
 	e->struct_ref--;
 	if(ret)
 		ret->struct_ref++;
 	CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
 	return ret;
 	}
 /* Add another "ENGINE" type into the list. */
 int ENGINE_add(ENGINE *e)
 	{
 	int to_return = 1;
 	if(e == NULL)
 		{
 		ENGINEerr(ENGINE_F_ENGINE_ADD,
 			ERR_R_PASSED_NULL_PARAMETER);
 		return 0;
 		}
 	if((e->id == NULL) || (e->name == NULL))
 		{
 		ENGINEerr(ENGINE_F_ENGINE_ADD,
 			ENGINE_R_ID_OR_NAME_MISSING);
 		}
 	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
 	if(!engine_internal_check() || !engine_list_add(e))
 		{
 		ENGINEerr(ENGINE_F_ENGINE_ADD,
 			ENGINE_R_INTERNAL_LIST_ERROR);
 		to_return = 0;
 		}
 	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
 	return to_return;
 	}
 /* Remove an existing "ENGINE" type from the array. */
 int ENGINE_remove(ENGINE *e)
 	{
 	int to_return = 1;
 	if(e == NULL)
 		{
 		ENGINEerr(ENGINE_F_ENGINE_REMOVE,
 			ERR_R_PASSED_NULL_PARAMETER);
 		return 0;
 		}
 	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
 	if(!engine_internal_check() || !engine_list_remove(e))
 		{
 		ENGINEerr(ENGINE_F_ENGINE_REMOVE,
 			ENGINE_R_INTERNAL_LIST_ERROR);
 		to_return = 0;
 		}
 	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
 	return to_return;
 	}
 ENGINE *ENGINE_by_id(const char *id)
 	{
 	ENGINE *iterator = NULL;
 	if(id == NULL)
 		{
 		ENGINEerr(ENGINE_F_ENGINE_BY_ID,
 			ERR_R_PASSED_NULL_PARAMETER);
 		return NULL;
 		}
 	CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
 	if(!engine_internal_check())
 		ENGINEerr(ENGINE_F_ENGINE_BY_ID,
 			ENGINE_R_INTERNAL_LIST_ERROR);
 	else
 		{
 		iterator = engine_list_head;
 		while(iterator && (strcmp(id, iterator->id) != 0))
 			iterator = iterator->next;
 		if(iterator)
 			/* We need to return a structural reference */
 			iterator->struct_ref++;
 		}
 	CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
 	if(iterator == NULL)
 		ENGINEerr(ENGINE_F_ENGINE_BY_ID,
 			ENGINE_R_NO_SUCH_ENGINE);
 	return iterator;
 	}
 /* As per the comments in engine.h, it is generally better all round
 * if the ENGINE structure is allocated within this framework. */
 #if 0
 int ENGINE_get_struct_size(void)
 	{
 	return sizeof(ENGINE);
 	}
 ENGINE *ENGINE_new(ENGINE *e)
 	{
 	ENGINE *ret;
 	if(e == NULL)
 		{
 		ret = (ENGINE *)(OPENSSL_malloc(sizeof(ENGINE));
 		if(ret == NULL)
 			{
 			ENGINEerr(ENGINE_F_ENGINE_NEW,
 				ERR_R_MALLOC_FAILURE);
 			return NULL;
 			}
 		}
 	else
 		ret = e;
 	memset(ret, 0, sizeof(ENGINE));
 	if(e)
 		ret->flags = ENGINE_FLAGS_MALLOCED;
 	ret->struct_ref = 1;
 	return ret;
 	}
 #else
 ENGINE *ENGINE_new(void)
 	{
 	ENGINE *ret;
 	ret = (ENGINE *)OPENSSL_malloc(sizeof(ENGINE));
 	if(ret == NULL)
 		{
 		ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE);
 		return NULL;
 		}
 	memset(ret, 0, sizeof(ENGINE));
 	ret->flags = ENGINE_FLAGS_MALLOCED;
 	ret->struct_ref = 1;
 	return ret;
 	}
 #endif
 int ENGINE_free(ENGINE *e)
 	{
 	int i;
 	if(e == NULL)
 		{
 		ENGINEerr(ENGINE_F_ENGINE_FREE,
 			ERR_R_PASSED_NULL_PARAMETER);
 		return 0;
 		}
 	i = CRYPTO_add(&e->struct_ref,-1,CRYPTO_LOCK_ENGINE);
 #ifdef REF_PRINT
 	REF_PRINT("ENGINE",e);
 #endif
 	if (i > 0) return 1;
 #ifdef REF_CHECK
 	if (i < 0)
 		{
 		fprintf(stderr,"ENGINE_free, bad reference count\n");
 		abort();
 		}
 #endif
 	if(e->flags & ENGINE_FLAGS_MALLOCED)
 		OPENSSL_free(e);
 	return 1;
 	}
 int ENGINE_set_id(ENGINE *e, const char *id)
 	{
 	if((e == NULL) || (id == NULL))
 		{
 		ENGINEerr(ENGINE_F_ENGINE_SET_ID,
 			ERR_R_PASSED_NULL_PARAMETER);
 		return 0;
 		}
 	e->id = id;
 	return 1;
 	}
 int ENGINE_set_name(ENGINE *e, const char *name)
 	{
 	if((e == NULL) || (name == NULL))
 		{
 		ENGINEerr(ENGINE_F_ENGINE_SET_NAME,
 			ERR_R_PASSED_NULL_PARAMETER);
 		return 0;
 		}
 	e->name = name;
 	return 1;
 	}
 int ENGINE_set_RSA(ENGINE *e, RSA_METHOD *rsa_meth)
 	{
 	if((e == NULL) || (rsa_meth == NULL))
 		{
 		ENGINEerr(ENGINE_F_ENGINE_SET_RSA,
 			ERR_R_PASSED_NULL_PARAMETER);
 		return 0;
 		}
 	e->rsa_meth = rsa_meth;
 	return 1;
 	}
 int ENGINE_set_DSA(ENGINE *e, DSA_METHOD *dsa_meth)
 	{
 	if((e == NULL) || (dsa_meth == NULL))
 		{
 		ENGINEerr(ENGINE_F_ENGINE_SET_DSA,
 			ERR_R_PASSED_NULL_PARAMETER);
 		return 0;
 		}
 	e->dsa_meth = dsa_meth;
 	return 1;
 	}
 int ENGINE_set_DH(ENGINE *e, DH_METHOD *dh_meth)
 	{
 	if((e == NULL) || (dh_meth == NULL))
 		{
 		ENGINEerr(ENGINE_F_ENGINE_SET_DH,
 			ERR_R_PASSED_NULL_PARAMETER);
 		return 0;
 		}
 	e->dh_meth = dh_meth;
 	return 1;
 	}
 int ENGINE_set_RAND(ENGINE *e, RAND_METHOD *rand_meth)
 	{
 	if((e == NULL) || (rand_meth == NULL))
 		{
 		ENGINEerr(ENGINE_F_ENGINE_SET_RAND,
 			ERR_R_PASSED_NULL_PARAMETER);
 		return 0;
 		}
 	e->rand_meth = rand_meth;
 	return 1;
 	}
 int ENGINE_set_BN_mod_exp(ENGINE *e, BN_MOD_EXP bn_mod_exp)
 	{
 	if((e == NULL) || (bn_mod_exp == NULL))
 		{
 		ENGINEerr(ENGINE_F_ENGINE_SET_BN_MOD_EXP,
 			ERR_R_PASSED_NULL_PARAMETER);
 		return 0;
 		}
 	e->bn_mod_exp = bn_mod_exp;
 	return 1;
 	}
 int ENGINE_set_BN_mod_exp_crt(ENGINE *e, BN_MOD_EXP_CRT bn_mod_exp_crt)
 	{
 	if((e == NULL) || (bn_mod_exp_crt == NULL))
 		{
 		ENGINEerr(ENGINE_F_ENGINE_SET_BN_MOD_EXP_CRT,
 			ERR_R_PASSED_NULL_PARAMETER);
 		return 0;
 		}
 	e->bn_mod_exp_crt = bn_mod_exp_crt;
 	return 1;
 	}
 int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f)
 	{
 	if((e == NULL) || (init_f == NULL))
 		{
 		ENGINEerr(ENGINE_F_ENGINE_SET_INIT_FUNCTION,
 			ERR_R_PASSED_NULL_PARAMETER);
 		return 0;
 		}
 	e->init = init_f;
 	return 1;
 	}
 int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f)
 	{
 	if((e == NULL) || (finish_f == NULL))
 		{
 		ENGINEerr(ENGINE_F_ENGINE_SET_FINISH_FUNCTION,
 			ERR_R_PASSED_NULL_PARAMETER);
 		return 0;
 		}
 	e->finish = finish_f;
 	return 1;
 	}
 int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f)
 	{
 	if((e == NULL) || (ctrl_f == NULL))
 		{
 		ENGINEerr(ENGINE_F_ENGINE_SET_CTRL_FUNCTION,
 			ERR_R_PASSED_NULL_PARAMETER);
 		return 0;
 		}
 	e->ctrl = ctrl_f;
 	return 1;
 	}
 const char *ENGINE_get_id(ENGINE *e)
 	{
 	if(e == NULL)
 		{
 		ENGINEerr(ENGINE_F_ENGINE_GET_ID,
 			ERR_R_PASSED_NULL_PARAMETER);
 		return 0;
 		}
 	return e->id;
 	}
 const char *ENGINE_get_name(ENGINE *e)
 	{
 	if(e == NULL)
 		{
 		ENGINEerr(ENGINE_F_ENGINE_GET_NAME,
 			ERR_R_PASSED_NULL_PARAMETER);
 		return 0;
 		}
 	return e->name;
 	}
 RSA_METHOD *ENGINE_get_RSA(ENGINE *e)
 	{
 	if(e == NULL)
 		{
 		ENGINEerr(ENGINE_F_ENGINE_GET_RSA,
 			ERR_R_PASSED_NULL_PARAMETER);
 		return NULL;
 		}
 	return e->rsa_meth;
 	}
 DSA_METHOD *ENGINE_get_DSA(ENGINE *e)
 	{
 	if(e == NULL)
 		{
 		ENGINEerr(ENGINE_F_ENGINE_GET_DSA,
 			ERR_R_PASSED_NULL_PARAMETER);
 		return NULL;
 		}
 	return e->dsa_meth;
 	}
 DH_METHOD *ENGINE_get_DH(ENGINE *e)
 	{
 	if(e == NULL)
 		{
 		ENGINEerr(ENGINE_F_ENGINE_GET_DH,
 			ERR_R_PASSED_NULL_PARAMETER);
 		return NULL;
 		}
 	return e->dh_meth;
 	}
 RAND_METHOD *ENGINE_get_RAND(ENGINE *e)
 	{
 	if(e == NULL)
 		{
 		ENGINEerr(ENGINE_F_ENGINE_GET_RAND,
 			ERR_R_PASSED_NULL_PARAMETER);
 		return NULL;
 		}
 	return e->rand_meth;
 	}
 BN_MOD_EXP ENGINE_get_BN_mod_exp(ENGINE *e)
 	{
 	if(e == NULL)
 		{
 		ENGINEerr(ENGINE_F_ENGINE_GET_BN_MOD_EXP,
 			ERR_R_PASSED_NULL_PARAMETER);
 		return NULL;
 		}
 	return e->bn_mod_exp;
 	}
 BN_MOD_EXP_CRT ENGINE_get_BN_mod_exp_crt(ENGINE *e)
 	{
 	if(e == NULL)
 		{
 		ENGINEerr(ENGINE_F_ENGINE_GET_BN_MOD_EXP_CRT,
 			ERR_R_PASSED_NULL_PARAMETER);
 		return NULL;
 		}
 	return e->bn_mod_exp_crt;
 	}
 ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(ENGINE *e)
 	{
 	if(e == NULL)
 		{
 		ENGINEerr(ENGINE_F_ENGINE_GET_INIT_FUNCTION,
 			ERR_R_PASSED_NULL_PARAMETER);
 		return NULL;
 		}
 	return e->init;
 	}
 ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(ENGINE *e)
 	{
 	if(e == NULL)
 		{
 		ENGINEerr(ENGINE_F_ENGINE_GET_FINISH_FUNCTION,
 			ERR_R_PASSED_NULL_PARAMETER);
 		return NULL;
 		}
 	return e->finish;
 	}
 ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(ENGINE *e)
 	{
 	if(e == NULL)
 		{
 		ENGINEerr(ENGINE_F_ENGINE_GET_CTRL_FUNCTION,
 			ERR_R_PASSED_NULL_PARAMETER);
 		return NULL;
 		}
 	return e->ctrl;
 	}
--- a/crypto/engine/engine_openssl.c
+++ b/crypto/engine/engine_openssl.c
@@ -0,0 +1,174 @@
 /* crypto/engine/engine_openssl.c */
 /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
 * project 2000.
 */
 /* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
 #include <stdio.h>
 #include <openssl/crypto.h>
 #include "cryptlib.h"
 #include "engine_int.h"
 #include <openssl/engine.h>
 #include <openssl/dso.h>
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>
 #include <openssl/dh.h>
 #include <openssl/rand.h>
 #include <openssl/bn.h>
 /* This is the only function we need to implement as OpenSSL
 * doesn't have a native CRT mod_exp. Perhaps this should be
 * BN_mod_exp_crt and moved into crypto/bn/ ?? ... dunno. */
 static int openssl_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
 		const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
 		const BIGNUM *iqmp, BN_CTX *ctx);
 /* The ENGINE structure that can be pointed to. */
 static ENGINE engine_openssl =
        {
 	"openssl",
 	"Software default engine support",
 	NULL,
 	NULL,
 	NULL, /* these methods are "stolen" in ENGINE_openssl() */
 	NULL,
 	NULL,
 	openssl_mod_exp_crt,
 	NULL, /* no init() */
 	NULL, /* no finish() */
 	NULL, /* no ctrl() */
 	NULL, /* no load_privkey() */
 	NULL, /* no load_pubkey() */
 	0, /* no flags */
 	0, 0, /* no references. */
 	NULL, NULL /* unlinked */
        };
 /* As this is only ever called once, there's no need for locking
 * (indeed - the lock will already be held by our caller!!!) */
 ENGINE *ENGINE_openssl()
 	{
 	/* We need to populate our structure with the software pointers
 	 * that we want to steal. */
 	engine_openssl.rsa_meth = RSA_get_default_openssl_method();
 	engine_openssl.dsa_meth = DSA_get_default_openssl_method();
 	engine_openssl.dh_meth = DH_get_default_openssl_method();
 	engine_openssl.rand_meth = RAND_SSLeay();
 	engine_openssl.bn_mod_exp = BN_mod_exp;
 	return &engine_openssl;
 	}
 /* Chinese Remainder Theorem, taken and adapted from rsa_eay.c */
 static int openssl_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
 			const BIGNUM *q, const BIGNUM *dmp1,
 			const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx)
 	{
 	BIGNUM r1,m1;
 	int ret=0;
 	BN_CTX *bn_ctx;
 	BIGNUM *temp_bn = NULL;
 	if (ctx)
 		bn_ctx = ctx;
 	else
 		if ((bn_ctx=BN_CTX_new()) == NULL) goto err;
 	BN_init(&m1);
 	BN_init(&r1);
 	/* BN_mul() cannot accept const BIGNUMs so I use the BN_CTX
 	 * to duplicate what I need. <sigh> */
 	if ((temp_bn = BN_CTX_get(bn_ctx)) == NULL) goto err;
 	if (!BN_copy(temp_bn, iqmp)) goto err;
 	if (!BN_mod(&r1, a, q, bn_ctx)) goto err;
 	if (!engine_openssl.bn_mod_exp(&m1, &r1, dmq1, q, bn_ctx))
 		goto err;
 	if (!BN_mod(&r1, a, p, bn_ctx)) goto err;
 	if (!engine_openssl.bn_mod_exp(r, &r1, dmp1, p, bn_ctx))
 		goto err;
 	if (!BN_sub(r, r, &m1)) goto err;
 	/* This will help stop the size of r0 increasing, which does
 	 * affect the multiply if it optimised for a power of 2 size */
 	if (r->neg)
 		if (!BN_add(r, r, p)) goto err;
 	if (!BN_mul(&r1, r, temp_bn, bn_ctx)) goto err;
 	if (!BN_mod(r, &r1, p, bn_ctx)) goto err;
 	/* If p < q it is occasionally possible for the correction of
 	 * adding 'p' if r is negative above to leave the result still
 	 * negative. This can break the private key operations: the following
 	 * second correction should *always* correct this rare occurrence.
 	 * This will *never* happen with OpenSSL generated keys because
 	 * they ensure p > q [steve]
 	 */
 	if (r->neg)
 		if (!BN_add(r, r, p)) goto err;
 	/* Again, BN_mul() will need non-const values. */
 	if (!BN_copy(temp_bn, q)) goto err;
 	if (!BN_mul(&r1, r, temp_bn, bn_ctx)) goto err;
 	if (!BN_add(r, &r1, &m1)) goto err;
 	ret=1;
 err:
 	BN_clear_free(&m1);
 	BN_clear_free(&r1);
 	if (temp_bn)
 		bn_ctx->tos--;
 	if (!ctx)
 		BN_CTX_free(bn_ctx);
 	return(ret);
 	}
--- a/crypto/engine/enginetest.c
+++ b/crypto/engine/enginetest.c
@@ -0,0 +1,252 @@
 /* crypto/engine/enginetest.c */
 /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
 * project 2000.
 */
 /* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
 #include <stdio.h>
 #include <string.h>
 #include <openssl/buffer.h>
 #include <openssl/engine.h>
 #include <openssl/err.h>
 static void display_engine_list()
 	{
 	ENGINE *h;
 	int loop;
 	h = ENGINE_get_first();
 	loop = 0;
 	printf("listing available engine types\n");
 	while(h)
 		{
 		printf("engine %i, id = \"%s\", name = \"%s\"\n",
 			loop++, ENGINE_get_id(h), ENGINE_get_name(h));
 		h = ENGINE_get_next(h);
 		}
 	printf("end of list\n");
 	}
 int main(int argc, char *argv[])
 	{
 	ENGINE *block[512];
 	char buf[256];
 	const char *id, *name;
 	ENGINE *ptr;
 	int loop;
 	int to_return = 1;
 	ENGINE *new_h1 = NULL;
 	ENGINE *new_h2 = NULL;
 	ENGINE *new_h3 = NULL;
 	ENGINE *new_h4 = NULL;
 	ERR_load_crypto_strings();
 	memset(block, 0, 512 * sizeof(ENGINE *));
 	if(((new_h1 = ENGINE_new()) == NULL) ||
 			!ENGINE_set_id(new_h1, "test_id0") ||
 			!ENGINE_set_name(new_h1, "First test item") ||
 			((new_h2 = ENGINE_new()) == NULL) ||
 			!ENGINE_set_id(new_h2, "test_id1") ||
 			!ENGINE_set_name(new_h2, "Second test item") ||
 			((new_h3 = ENGINE_new()) == NULL) ||
 			!ENGINE_set_id(new_h3, "test_id2") ||
 			!ENGINE_set_name(new_h3, "Third test item") ||
 			((new_h4 = ENGINE_new()) == NULL) ||
 			!ENGINE_set_id(new_h4, "test_id3") ||
 			!ENGINE_set_name(new_h4, "Fourth test item"))
 		{
 		printf("Couldn't set up test ENGINE structures\n");
 		goto end;
 		}
 	printf("\nenginetest beginning\n\n");
 	display_engine_list();
 	if(!ENGINE_add(new_h1))
 		{
 		printf("Add failed!\n");
 		goto end;
 		}
 	display_engine_list();
 	ptr = ENGINE_get_first();
 	if(!ENGINE_remove(ptr))
 		{
 		printf("Remove failed!\n");
 		goto end;
 		}
 	display_engine_list();
 	if(!ENGINE_add(new_h3) || !ENGINE_add(new_h2))
 		{
 		printf("Add failed!\n");
 		goto end;
 		}
 	display_engine_list();
 	if(!ENGINE_remove(new_h2))
 		{
 		printf("Remove failed!\n");
 		goto end;
 		}
 	display_engine_list();
 	if(!ENGINE_add(new_h4))
 		{
 		printf("Add failed!\n");
 		goto end;
 		}
 	display_engine_list();
 	if(ENGINE_add(new_h3))
 		{
 		printf("Add *should* have failed but didn't!\n");
 		goto end;
 		}
 	else
 		printf("Add that should fail did.\n");
 	ERR_clear_error();
 	if(ENGINE_remove(new_h2))
 		{
 		printf("Remove *should* have failed but didn't!\n");
 		goto end;
 		}
 	else
 		printf("Remove that should fail did.\n");
 	if(!ENGINE_remove(new_h1))
 		{
 		printf("Remove failed!\n");
 		goto end;
 		}
 	display_engine_list();
 	if(!ENGINE_remove(new_h3))
 		{
 		printf("Remove failed!\n");
 		goto end;
 		}
 	display_engine_list();
 	if(!ENGINE_remove(new_h4))
 		{
 		printf("Remove failed!\n");
 		goto end;
 		}
 	display_engine_list();
 	/* Depending on whether there's any hardware support compiled
 	 * in, this remove may be destined to fail. */
 	ptr = ENGINE_get_first();
 	if(ptr)
 		if(!ENGINE_remove(ptr))
 			printf("Remove failed!i - probably no hardware "
 				"support present.\n");
 	display_engine_list();
 	if(!ENGINE_add(new_h1) || !ENGINE_remove(new_h1))
 		{
 		printf("Couldn't add and remove to an empty list!\n");
 		goto end;
 		}
 	else
 		printf("Successfully added and removed to an empty list!\n");
 	printf("About to beef up the engine-type list\n");
 	for(loop = 0; loop < 512; loop++)
 		{
 		sprintf(buf, "id%i", loop);
 		id = BUF_strdup(buf);
 		sprintf(buf, "Fake engine type %i", loop);
 		name = BUF_strdup(buf);
 		if(((block[loop] = ENGINE_new()) == NULL) ||
 				!ENGINE_set_id(block[loop], id) ||
 				!ENGINE_set_name(block[loop], name))
 			{
 			printf("Couldn't create block of ENGINE structures.\n"
 				"I'll probably also core-dump now, damn.\n");
 			goto end;
 			}
 		}
 	for(loop = 0; loop < 512; loop++)
 		{
 		if(!ENGINE_add(block[loop]))
 			{
 			printf("\nAdding stopped at %i, (%s,%s)\n",
 				loop, ENGINE_get_id(block[loop]),
 				ENGINE_get_name(block[loop]));
 			goto cleanup_loop;
 			}
 		else
 			printf("."); fflush(stdout);
 		}
 cleanup_loop:
 	printf("\nAbout to empty the engine-type list\n");
 	while((ptr = ENGINE_get_first()) != NULL)
 		{
 		if(!ENGINE_remove(ptr))
 			{
 			printf("\nRemove failed!\n");
 			goto end;
 			}
 		printf("."); fflush(stdout);
 		}
 	for(loop = 0; loop < 512; loop++)
 		{
 		free((char *)(ENGINE_get_id(block[loop])));
 		free((char *)(ENGINE_get_name(block[loop])));
 		}
 	printf("\nTests completed happily\n");
 	to_return = 0;
 end:
 	if(to_return)
 		ERR_print_errors_fp(stderr);
 	if(new_h1) ENGINE_free(new_h1);
 	if(new_h2) ENGINE_free(new_h2);
 	if(new_h3) ENGINE_free(new_h3);
 	if(new_h4) ENGINE_free(new_h4);
 	for(loop = 0; loop < 512; loop++)
 		if(block[loop])
 			ENGINE_free(block[loop]);
 	return to_return;
 	}
--- a/crypto/engine/hw_aep.c
+++ b/crypto/engine/hw_aep.c
--- a/crypto/engine/hw_atalla.c
+++ b/crypto/engine/hw_atalla.c
@@ -0,0 +1,444 @@
 /* crypto/engine/hw_atalla.c */
 /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
 * project 2000.
 */
 /* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
 #include <stdio.h>
 #include <openssl/crypto.h>
 #include "cryptlib.h"
 #include <openssl/dso.h>
 #include "engine_int.h"
 #include <openssl/engine.h>
 #ifndef NO_HW
 #ifndef NO_HW_ATALLA
 #ifdef FLAT_INC
 #include "atalla.h"
 #else
 #include "vendor_defns/atalla.h"
 #endif
 static int atalla_init(void);
 static int atalla_finish(void);
 /* BIGNUM stuff */
 static int atalla_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
 		const BIGNUM *m, BN_CTX *ctx);
 /* RSA stuff */
 static int atalla_rsa_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa);
 /* This function is aliased to mod_exp (with the mont stuff dropped). */
 static int atalla_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
 		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
 /* DSA stuff */
 static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
 		BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
 		BN_CTX *ctx, BN_MONT_CTX *in_mont);
 static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
 		const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
 		BN_MONT_CTX *m_ctx);
 /* DH stuff */
 /* This function is alised to mod_exp (with the DH and mont dropped). */
 static int atalla_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
 		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
 /* Our internal RSA_METHOD that we provide pointers to */
 static RSA_METHOD atalla_rsa =
 	{
 	"Atalla RSA method",
 	NULL,
 	NULL,
 	NULL,
 	NULL,
 	atalla_rsa_mod_exp,
 	atalla_mod_exp_mont,
 	NULL,
 	NULL,
 	0,
 	NULL,
 	NULL,
 	NULL
 	};
 /* Our internal DSA_METHOD that we provide pointers to */
 static DSA_METHOD atalla_dsa =
 	{
 	"Atalla DSA method",
 	NULL, /* dsa_do_sign */
 	NULL, /* dsa_sign_setup */
 	NULL, /* dsa_do_verify */
 	atalla_dsa_mod_exp, /* dsa_mod_exp */
 	atalla_mod_exp_dsa, /* bn_mod_exp */
 	NULL, /* init */
 	NULL, /* finish */
 	0, /* flags */
 	NULL /* app_data */
 	};
 /* Our internal DH_METHOD that we provide pointers to */
 static DH_METHOD atalla_dh =
 	{
 	"Atalla DH method",
 	NULL,
 	NULL,
 	atalla_mod_exp_dh,
 	NULL,
 	NULL,
 	0,
 	NULL
 	};
 /* Our ENGINE structure. */
 static ENGINE engine_atalla =
        {
 	"atalla",
 	"Atalla hardware engine support",
 	&atalla_rsa,
 	&atalla_dsa,
 	&atalla_dh,
 	NULL,
 	atalla_mod_exp,
 	NULL,
 	atalla_init,
 	atalla_finish,
 	NULL, /* no ctrl() */
 	NULL, /* no load_privkey() */
 	NULL, /* no load_pubkey() */
 	0, /* no flags */
 	0, 0, /* no references */
 	NULL, NULL /* unlinked */
        };
 /* As this is only ever called once, there's no need for locking
 * (indeed - the lock will already be held by our caller!!!) */
 ENGINE *ENGINE_atalla()
 	{
 	RSA_METHOD *meth1;
 	DSA_METHOD *meth2;
 	DH_METHOD *meth3;
 	/* We know that the "PKCS1_SSLeay()" functions hook properly
 	 * to the atalla-specific mod_exp and mod_exp_crt so we use
 	 * those functions. NB: We don't use ENGINE_openssl() or
 	 * anything "more generic" because something like the RSAref
 	 * code may not hook properly, and if you own one of these
 	 * cards then you have the right to do RSA operations on it
 	 * anyway! */ 
 	meth1 = RSA_PKCS1_SSLeay();
 	atalla_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
 	atalla_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
 	atalla_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
 	atalla_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
 	/* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
 	 * bits. */
 	meth2 = DSA_OpenSSL();
 	atalla_dsa.dsa_do_sign = meth2->dsa_do_sign;
 	atalla_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
 	atalla_dsa.dsa_do_verify = meth2->dsa_do_verify;
 	/* Much the same for Diffie-Hellman */
 	meth3 = DH_OpenSSL();
 	atalla_dh.generate_key = meth3->generate_key;
 	atalla_dh.compute_key = meth3->compute_key;
 	return &engine_atalla;
 	}
 /* This is a process-global DSO handle used for loading and unloading
 * the Atalla library. NB: This is only set (or unset) during an
 * init() or finish() call (reference counts permitting) and they're
 * operating with global locks, so this should be thread-safe
 * implicitly. */
 static DSO *atalla_dso = NULL;
 /* These are the function pointers that are (un)set when the library has
 * successfully (un)loaded. */
 static tfnASI_GetHardwareConfig *p_Atalla_GetHardwareConfig = NULL;
 static tfnASI_RSAPrivateKeyOpFn *p_Atalla_RSAPrivateKeyOpFn = NULL;
 static tfnASI_GetPerformanceStatistics *p_Atalla_GetPerformanceStatistics = NULL;
 /* (de)initialisation functions. */
 static int atalla_init()
 	{
 	tfnASI_GetHardwareConfig *p1;
 	tfnASI_RSAPrivateKeyOpFn *p2;
 	tfnASI_GetPerformanceStatistics *p3;
 	/* Not sure of the origin of this magic value, but Ben's code had it
 	 * and it seemed to have been working for a few people. :-) */
 	unsigned int config_buf[1024];
 	if(atalla_dso != NULL)
 		{
 		ENGINEerr(ENGINE_F_ATALLA_INIT,ENGINE_R_ALREADY_LOADED);
 		goto err;
 		}
 	/* Attempt to load libatasi.so/atasi.dll/whatever. Needs to be
 	 * changed unfortunately because the Atalla drivers don't have
 	 * standard library names that can be platform-translated well. */
 	/* TODO: Work out how to actually map to the names the Atalla
 	 * drivers really use - for now a symbollic link needs to be
 	 * created on the host system from libatasi.so to atasi.so on
 	 * unix variants. */
 	atalla_dso = DSO_load(NULL, ATALLA_LIBNAME, NULL,
 		DSO_FLAG_NAME_TRANSLATION);
 	if(atalla_dso == NULL)
 		{
 		ENGINEerr(ENGINE_F_ATALLA_INIT,ENGINE_R_DSO_FAILURE);
 		goto err;
 		}
 	if(!(p1 = (tfnASI_GetHardwareConfig *)DSO_bind_func(
 				atalla_dso, ATALLA_F1)) ||
 			!(p2 = (tfnASI_RSAPrivateKeyOpFn *)DSO_bind_func(
 				atalla_dso, ATALLA_F2)) ||
 			!(p3 = (tfnASI_GetPerformanceStatistics *)DSO_bind_func(
 				atalla_dso, ATALLA_F3)))
 		{
 		ENGINEerr(ENGINE_F_ATALLA_INIT,ENGINE_R_DSO_FAILURE);
 		goto err;
 		}
 	/* Copy the pointers */
 	p_Atalla_GetHardwareConfig = p1;
 	p_Atalla_RSAPrivateKeyOpFn = p2;
 	p_Atalla_GetPerformanceStatistics = p3;
 	/* Perform a basic test to see if there's actually any unit
 	 * running. */
 	if(p1(0L, config_buf) != 0)
 		{
 		ENGINEerr(ENGINE_F_ATALLA_INIT,ENGINE_R_UNIT_FAILURE);
 		goto err;
 		}
 	/* Everything's fine. */
 	return 1;
 err:
 	if(atalla_dso)
 		DSO_free(atalla_dso);
 	p_Atalla_GetHardwareConfig = NULL;
 	p_Atalla_RSAPrivateKeyOpFn = NULL;
 	p_Atalla_GetPerformanceStatistics = NULL;
 	return 0;
 	}
 static int atalla_finish()
 	{
 	if(atalla_dso == NULL)
 		{
 		ENGINEerr(ENGINE_F_ATALLA_FINISH,ENGINE_R_NOT_LOADED);
 		return 0;
 		}
 	if(!DSO_free(atalla_dso))
 		{
 		ENGINEerr(ENGINE_F_ATALLA_FINISH,ENGINE_R_DSO_FAILURE);
 		return 0;
 		}
 	atalla_dso = NULL;
 	p_Atalla_GetHardwareConfig = NULL;
 	p_Atalla_RSAPrivateKeyOpFn = NULL;
 	p_Atalla_GetPerformanceStatistics = NULL;
 	return 1;
 	}
 static int atalla_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
 			const BIGNUM *m, BN_CTX *ctx)
 	{
 	/* I need somewhere to store temporary serialised values for
 	 * use with the Atalla API calls. A neat cheat - I'll use
 	 * BIGNUMs from the BN_CTX but access their arrays directly as
 	 * byte arrays <grin>. This way I don't have to clean anything
 	 * up. */
 	BIGNUM *modulus;
 	BIGNUM *exponent;
 	BIGNUM *argument;
 	BIGNUM *result;
 	RSAPrivateKey keydata;
 	int to_return, numbytes;
 	modulus = exponent = argument = result = NULL;
 	to_return = 0; /* expect failure */
 	if(!atalla_dso)
 	{
 		ENGINEerr(ENGINE_F_ATALLA_MOD_EXP,ENGINE_R_NOT_LOADED);
 		goto err;
 	}
 	/* Prepare the params */
 	modulus = BN_CTX_get(ctx);
 	exponent = BN_CTX_get(ctx);
 	argument = BN_CTX_get(ctx);
 	result = BN_CTX_get(ctx);
 	if(!modulus || !exponent || !argument || !result)
 	{
 		ENGINEerr(ENGINE_F_ATALLA_MOD_EXP,ENGINE_R_BN_CTX_FULL);
 		goto err;
 	}
 	if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, m->top) ||
 	   !bn_wexpand(argument, m->top) || !bn_wexpand(result, m->top))
 	{
 		ENGINEerr(ENGINE_F_ATALLA_MOD_EXP,ENGINE_R_BN_EXPAND_FAIL);
 		goto err;
 	}
 	/* Prepare the key-data */
 	memset(&keydata, 0,sizeof keydata);
 	numbytes = BN_num_bytes(m);
 	memset(exponent->d, 0, numbytes);
 	memset(modulus->d, 0, numbytes);
 	BN_bn2bin(p, (unsigned char *)exponent->d + numbytes - BN_num_bytes(p));
 	BN_bn2bin(m, (unsigned char *)modulus->d + numbytes - BN_num_bytes(m));
 	keydata.privateExponent.data = (unsigned char *)exponent->d;
 	keydata.privateExponent.len = numbytes;
 	keydata.modulus.data = (unsigned char *)modulus->d;
 	keydata.modulus.len = numbytes;
 	/* Prepare the argument */
 	memset(argument->d, 0, numbytes);
 	memset(result->d, 0, numbytes);
 	BN_bn2bin(a, (unsigned char *)argument->d + numbytes - BN_num_bytes(a));
 	/* Perform the operation */
 	if(p_Atalla_RSAPrivateKeyOpFn(&keydata, (unsigned char *)result->d,
 			(unsigned char *)argument->d,
 			keydata.modulus.len) != 0)
 	{
 		ENGINEerr(ENGINE_F_ATALLA_MOD_EXP,ENGINE_R_REQUEST_FAILED);
 		goto err;
 	}
 	/* Convert the response */
 	BN_bin2bn((unsigned char *)result->d, numbytes, r);
 	to_return = 1;
 err:
 	if(modulus) ctx->tos--;
 	if(exponent) ctx->tos--;
 	if(argument) ctx->tos--;
 	if(result) ctx->tos--;
 	return to_return;
 	}
 static int atalla_rsa_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
 	{
 	BN_CTX *ctx = NULL;
 	int to_return = 0;
 	if(!atalla_dso)
 	{
 		ENGINEerr(ENGINE_F_ATALLA_RSA_MOD_EXP,ENGINE_R_NOT_LOADED);
 		goto err;
 	}
 	if((ctx = BN_CTX_new()) == NULL)
 		goto err;
 	if(!rsa->d || !rsa->n)
 		{
 		ENGINEerr(ENGINE_F_ATALLA_RSA_MOD_EXP,ENGINE_R_MISSING_KEY_COMPONENTS);
 		goto err;
 		}
 	to_return = atalla_mod_exp(r0, I, rsa->d, rsa->n, ctx);
 err:
 	if(ctx)
 		BN_CTX_free(ctx);
 	return to_return;
 	}
 /* This code was liberated and adapted from the commented-out code in
 * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration
 * (it doesn't have a CRT form for RSA), this function means that an
 * Atalla system running with a DSA server certificate can handshake
 * around 5 or 6 times faster/more than an equivalent system running with
 * RSA. Just check out the "signs" statistics from the RSA and DSA parts
 * of "openssl speed -engine atalla dsa1024 rsa1024". */
 static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
 		BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
 		BN_CTX *ctx, BN_MONT_CTX *in_mont)
 	{
 	BIGNUM t;
 	int to_return = 0;
 	BN_init(&t);
 	/* let rr = a1 ^ p1 mod m */
 	if (!atalla_mod_exp(rr,a1,p1,m,ctx)) goto end;
 	/* let t = a2 ^ p2 mod m */
 	if (!atalla_mod_exp(&t,a2,p2,m,ctx)) goto end;
 	/* let rr = rr * t mod m */
 	if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
 	to_return = 1;
 end:
 	BN_free(&t);
 	return to_return;
 	}
 static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
 		const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
 		BN_MONT_CTX *m_ctx)
 	{
 	return atalla_mod_exp(r, a, p, m, ctx);
 	}
 /* This function is aliased to mod_exp (with the mont stuff dropped). */
 static int atalla_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
 		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
 	{
 	return atalla_mod_exp(r, a, p, m, ctx);
 	}
 /* This function is aliased to mod_exp (with the dh and mont dropped). */
 static int atalla_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
 		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
 	{
 	return atalla_mod_exp(r, a, p, m, ctx);
 	}
 #endif /* !NO_HW_ATALLA */
 #endif /* !NO_HW */
--- a/crypto/engine/hw_cswift.c
+++ b/crypto/engine/hw_cswift.c
@@ -0,0 +1,807 @@
 /* crypto/engine/hw_cswift.c */
 /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
 * project 2000.
 */
 /* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
 #include <stdio.h>
 #include <openssl/crypto.h>
 #include "cryptlib.h"
 #include <openssl/dso.h>
 #include "engine_int.h"
 #include <openssl/engine.h>
 #ifndef NO_HW
 #ifndef NO_HW_CSWIFT
 /* Attribution notice: Rainbow have generously allowed me to reproduce
 * the necessary definitions here from their API. This means the support
 * can build independently of whether application builders have the
 * API or hardware. This will allow developers to easily produce software
 * that has latent hardware support for any users that have accelerators
 * installed, without the developers themselves needing anything extra.
 *
 * I have only clipped the parts from the CryptoSwift header files that
 * are (or seem) relevant to the CryptoSwift support code. This is
 * simply to keep the file sizes reasonable.
 * [Geoff]
 */
 #ifdef FLAT_INC
 #include "cswift.h"
 #else
 #include "vendor_defns/cswift.h"
 #endif
 static int cswift_init(void);
 static int cswift_finish(void);
 /* BIGNUM stuff */
 static int cswift_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
 		const BIGNUM *m, BN_CTX *ctx);
 static int cswift_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
 		const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
 		const BIGNUM *iqmp, BN_CTX *ctx);
 /* RSA stuff */
 static int cswift_rsa_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa);
 /* This function is aliased to mod_exp (with the mont stuff dropped). */
 static int cswift_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
 		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
 /* DSA stuff */
 static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa);
 static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
 				DSA_SIG *sig, DSA *dsa);
 /* DH stuff */
 /* This function is alised to mod_exp (with the DH and mont dropped). */
 static int cswift_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
 		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
 /* Our internal RSA_METHOD that we provide pointers to */
 static RSA_METHOD cswift_rsa =
 	{
 	"CryptoSwift RSA method",
 	NULL,
 	NULL,
 	NULL,
 	NULL,
 	cswift_rsa_mod_exp,
 	cswift_mod_exp_mont,
 	NULL,
 	NULL,
 	0,
 	NULL,
 	NULL,
 	NULL
 	};
 /* Our internal DSA_METHOD that we provide pointers to */
 static DSA_METHOD cswift_dsa =
 	{
 	"CryptoSwift DSA method",
 	cswift_dsa_sign,
 	NULL, /* dsa_sign_setup */
 	cswift_dsa_verify,
 	NULL, /* dsa_mod_exp */
 	NULL, /* bn_mod_exp */
 	NULL, /* init */
 	NULL, /* finish */
 	0, /* flags */
 	NULL /* app_data */
 	};
 /* Our internal DH_METHOD that we provide pointers to */
 static DH_METHOD cswift_dh =
 	{
 	"CryptoSwift DH method",
 	NULL,
 	NULL,
 	cswift_mod_exp_dh,
 	NULL,
 	NULL,
 	0,
 	NULL
 	};
 /* Our ENGINE structure. */
 static ENGINE engine_cswift =
        {
 	"cswift",
 	"CryptoSwift hardware engine support",
 	&cswift_rsa,
 	&cswift_dsa,
 	&cswift_dh,
 	NULL,
 	cswift_mod_exp,
 	cswift_mod_exp_crt,
 	cswift_init,
 	cswift_finish,
 	NULL, /* no ctrl() */
 	NULL, /* no load_privkey() */
 	NULL, /* no load_pubkey() */
 	0, /* no flags */
 	0, 0, /* no references */
 	NULL, NULL /* unlinked */
        };
 /* As this is only ever called once, there's no need for locking
 * (indeed - the lock will already be held by our caller!!!) */
 ENGINE *ENGINE_cswift()
 	{
 	RSA_METHOD *meth1;
 	DH_METHOD *meth2;
 	/* We know that the "PKCS1_SSLeay()" functions hook properly
 	 * to the cswift-specific mod_exp and mod_exp_crt so we use
 	 * those functions. NB: We don't use ENGINE_openssl() or
 	 * anything "more generic" because something like the RSAref
 	 * code may not hook properly, and if you own one of these
 	 * cards then you have the right to do RSA operations on it
 	 * anyway! */ 
 	meth1 = RSA_PKCS1_SSLeay();
 	cswift_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
 	cswift_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
 	cswift_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
 	cswift_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
 	/* Much the same for Diffie-Hellman */
 	meth2 = DH_OpenSSL();
 	cswift_dh.generate_key = meth2->generate_key;
 	cswift_dh.compute_key = meth2->compute_key;
 	return &engine_cswift;
 	}
 /* This is a process-global DSO handle used for loading and unloading
 * the CryptoSwift library. NB: This is only set (or unset) during an
 * init() or finish() call (reference counts permitting) and they're
 * operating with global locks, so this should be thread-safe
 * implicitly. */
 static DSO *cswift_dso = NULL;
 /* These are the function pointers that are (un)set when the library has
 * successfully (un)loaded. */
 t_swAcquireAccContext *p_CSwift_AcquireAccContext = NULL;
 t_swAttachKeyParam *p_CSwift_AttachKeyParam = NULL;
 t_swSimpleRequest *p_CSwift_SimpleRequest = NULL;
 t_swReleaseAccContext *p_CSwift_ReleaseAccContext = NULL;
 /* Used in the DSO operations. */
 static const char *CSWIFT_LIBNAME = "swift";
 static const char *CSWIFT_F1 = "swAcquireAccContext";
 static const char *CSWIFT_F2 = "swAttachKeyParam";
 static const char *CSWIFT_F3 = "swSimpleRequest";
 static const char *CSWIFT_F4 = "swReleaseAccContext";
 /* CryptoSwift library functions and mechanics - these are used by the
 * higher-level functions further down. NB: As and where there's no
 * error checking, take a look lower down where these functions are
 * called, the checking and error handling is probably down there. */
 /* utility function to obtain a context */
 static int get_context(SW_CONTEXT_HANDLE *hac)
 	{
        SW_STATUS status;
        status = p_CSwift_AcquireAccContext(hac);
        if(status != SW_OK)
                return 0;
        return 1;
 	}
 /* similarly to release one. */
 static void release_context(SW_CONTEXT_HANDLE hac)
 	{
        p_CSwift_ReleaseAccContext(hac);
 	}
 /* (de)initialisation functions. */
 static int cswift_init()
 	{
        SW_CONTEXT_HANDLE hac;
        t_swAcquireAccContext *p1;
        t_swAttachKeyParam *p2;
        t_swSimpleRequest *p3;
        t_swReleaseAccContext *p4;
 	if(cswift_dso != NULL)
 		{
 		ENGINEerr(ENGINE_F_CSWIFT_INIT,ENGINE_R_ALREADY_LOADED);
 		goto err;
 		}
 	/* Attempt to load libswift.so/swift.dll/whatever. */
 	cswift_dso = DSO_load(NULL, CSWIFT_LIBNAME, NULL,
 		DSO_FLAG_NAME_TRANSLATION);
 	if(cswift_dso == NULL)
 		{
 		ENGINEerr(ENGINE_F_CSWIFT_INIT,ENGINE_R_DSO_FAILURE);
 		goto err;
 		}
 	if(!(p1 = (t_swAcquireAccContext *)
 				DSO_bind_func(cswift_dso, CSWIFT_F1)) ||
 			!(p2 = (t_swAttachKeyParam *)
 				DSO_bind_func(cswift_dso, CSWIFT_F2)) ||
 			!(p3 = (t_swSimpleRequest *)
 				DSO_bind_func(cswift_dso, CSWIFT_F3)) ||
 			!(p4 = (t_swReleaseAccContext *)
 				DSO_bind_func(cswift_dso, CSWIFT_F4)))
 		{
 		ENGINEerr(ENGINE_F_CSWIFT_INIT,ENGINE_R_DSO_FAILURE);
 		goto err;
 		}
 	/* Copy the pointers */
 	p_CSwift_AcquireAccContext = p1;
 	p_CSwift_AttachKeyParam = p2;
 	p_CSwift_SimpleRequest = p3;
 	p_CSwift_ReleaseAccContext = p4;
 	/* Try and get a context - if not, we may have a DSO but no
 	 * accelerator! */
 	if(!get_context(&hac))
 		{
 		ENGINEerr(ENGINE_F_CSWIFT_INIT,ENGINE_R_UNIT_FAILURE);
 		goto err;
 		}
 	release_context(hac);
 	/* Everything's fine. */
 	return 1;
 err:
 	if(cswift_dso)
 		DSO_free(cswift_dso);
 	p_CSwift_AcquireAccContext = NULL;
 	p_CSwift_AttachKeyParam = NULL;
 	p_CSwift_SimpleRequest = NULL;
 	p_CSwift_ReleaseAccContext = NULL;
 	return 0;
 	}
 static int cswift_finish()
 	{
 	if(cswift_dso == NULL)
 		{
 		ENGINEerr(ENGINE_F_CSWIFT_FINISH,ENGINE_R_NOT_LOADED);
 		return 0;
 		}
 	if(!DSO_free(cswift_dso))
 		{
 		ENGINEerr(ENGINE_F_CSWIFT_FINISH,ENGINE_R_DSO_FAILURE);
 		return 0;
 		}
 	cswift_dso = NULL;
 	p_CSwift_AcquireAccContext = NULL;
 	p_CSwift_AttachKeyParam = NULL;
 	p_CSwift_SimpleRequest = NULL;
 	p_CSwift_ReleaseAccContext = NULL;
 	return 1;
 	}
 /* Un petit mod_exp */
 static int cswift_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
 			const BIGNUM *m, BN_CTX *ctx)
 	{
 	/* I need somewhere to store temporary serialised values for
 	 * use with the CryptoSwift API calls. A neat cheat - I'll use
 	 * BIGNUMs from the BN_CTX but access their arrays directly as
 	 * byte arrays <grin>. This way I don't have to clean anything
 	 * up. */
 	BIGNUM *modulus;
 	BIGNUM *exponent;
 	BIGNUM *argument;
 	BIGNUM *result;
 	SW_STATUS sw_status;
 	SW_LARGENUMBER arg, res;
 	SW_PARAM sw_param;
 	SW_CONTEXT_HANDLE hac;
 	int to_return, acquired;
 	modulus = exponent = argument = result = NULL;
 	to_return = 0; /* expect failure */
 	acquired = 0;
 	if(!get_context(&hac))
 		{
 		ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_GET_HANDLE_FAILED);
 		goto err;
 		}
 	acquired = 1;
 	/* Prepare the params */
 	modulus = BN_CTX_get(ctx);
 	exponent = BN_CTX_get(ctx);
 	argument = BN_CTX_get(ctx);
 	result = BN_CTX_get(ctx);
 	if(!modulus || !exponent || !argument || !result)
 		{
 		ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_BN_CTX_FULL);
 		goto err;
 		}
 	if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, p->top) ||
 		!bn_wexpand(argument, a->top) || !bn_wexpand(result, m->top))
 		{
 		ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_BN_EXPAND_FAIL);
 		goto err;
 		}
 	sw_param.type = SW_ALG_EXP;
 	sw_param.up.exp.modulus.nbytes = BN_bn2bin(m,
 		(unsigned char *)modulus->d);
 	sw_param.up.exp.modulus.value = (unsigned char *)modulus->d;
 	sw_param.up.exp.exponent.nbytes = BN_bn2bin(p,
 		(unsigned char *)exponent->d);
 	sw_param.up.exp.exponent.value = (unsigned char *)exponent->d;
 	/* Attach the key params */
 	sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
 	switch(sw_status)
 		{
 	case SW_OK:
 		break;
 	case SW_ERR_INPUT_SIZE:
 		ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,
 			ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
 		goto err;
 	default:
 		{
 		char tmpbuf[20];
 		ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_REQUEST_FAILED);
 		sprintf(tmpbuf, "%ld", sw_status);
 		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
 		}
 		goto err;
 		}
 	/* Prepare the argument and response */
 	arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);
 	arg.value = (unsigned char *)argument->d;
 	res.nbytes = BN_num_bytes(m);
 	memset(result->d, 0, res.nbytes);
 	res.value = (unsigned char *)result->d;
 	/* Perform the operation */
 	if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP, &arg, 1,
 		&res, 1)) != SW_OK)
 		{
 		char tmpbuf[20];
 		ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_REQUEST_FAILED);
 		sprintf(tmpbuf, "%ld", sw_status);
 		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
 		goto err;
 		}
 	/* Convert the response */
 	BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
 	to_return = 1;
 err:
 	if(acquired)
 		release_context(hac);
 	if(modulus) ctx->tos--;
 	if(exponent) ctx->tos--;
 	if(argument) ctx->tos--;
 	if(result) ctx->tos--;
 	return to_return;
 	}
 /* Un petit mod_exp chinois */
 static int cswift_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
 			const BIGNUM *q, const BIGNUM *dmp1,
 			const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx)
 	{
 	SW_STATUS sw_status;
 	SW_LARGENUMBER arg, res;
 	SW_PARAM sw_param;
 	SW_CONTEXT_HANDLE hac;
 	BIGNUM *rsa_p = NULL;
 	BIGNUM *rsa_q = NULL;
 	BIGNUM *rsa_dmp1 = NULL;
 	BIGNUM *rsa_dmq1 = NULL;
 	BIGNUM *rsa_iqmp = NULL;
 	BIGNUM *argument = NULL;
 	BIGNUM *result = NULL;
 	int to_return = 0; /* expect failure */
 	int acquired = 0;
 	if(!get_context(&hac))
 		{
 		ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_GET_HANDLE_FAILED);
 		goto err;
 		}
 	acquired = 1;
 	/* Prepare the params */
 	rsa_p = BN_CTX_get(ctx);
 	rsa_q = BN_CTX_get(ctx);
 	rsa_dmp1 = BN_CTX_get(ctx);
 	rsa_dmq1 = BN_CTX_get(ctx);
 	rsa_iqmp = BN_CTX_get(ctx);
 	argument = BN_CTX_get(ctx);
 	result = BN_CTX_get(ctx);
 	if(!rsa_p || !rsa_q || !rsa_dmp1 || !rsa_dmq1 || !rsa_iqmp ||
 			!argument || !result)
 		{
 		ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_BN_CTX_FULL);
 		goto err;
 		}
 	if(!bn_wexpand(rsa_p, p->top) || !bn_wexpand(rsa_q, q->top) ||
 			!bn_wexpand(rsa_dmp1, dmp1->top) ||
 			!bn_wexpand(rsa_dmq1, dmq1->top) ||
 			!bn_wexpand(rsa_iqmp, iqmp->top) ||
 			!bn_wexpand(argument, a->top) ||
 			!bn_wexpand(result, p->top + q->top))
 		{
 		ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_BN_EXPAND_FAIL);
 		goto err;
 		}
 	sw_param.type = SW_ALG_CRT;
 	sw_param.up.crt.p.nbytes = BN_bn2bin(p, (unsigned char *)rsa_p->d);
 	sw_param.up.crt.p.value = (unsigned char *)rsa_p->d;
 	sw_param.up.crt.q.nbytes = BN_bn2bin(q, (unsigned char *)rsa_q->d);
 	sw_param.up.crt.q.value = (unsigned char *)rsa_q->d;
 	sw_param.up.crt.dmp1.nbytes = BN_bn2bin(dmp1,
 		(unsigned char *)rsa_dmp1->d);
 	sw_param.up.crt.dmp1.value = (unsigned char *)rsa_dmp1->d;
 	sw_param.up.crt.dmq1.nbytes = BN_bn2bin(dmq1,
 		(unsigned char *)rsa_dmq1->d);
 	sw_param.up.crt.dmq1.value = (unsigned char *)rsa_dmq1->d;
 	sw_param.up.crt.iqmp.nbytes = BN_bn2bin(iqmp,
 		(unsigned char *)rsa_iqmp->d);
 	sw_param.up.crt.iqmp.value = (unsigned char *)rsa_iqmp->d;
 	/* Attach the key params */
 	sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
 	switch(sw_status)
 		{
 	case SW_OK:
 		break;
 	case SW_ERR_INPUT_SIZE:
 		ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,
 			ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
 		goto err;
 	default:
 		{
 		char tmpbuf[20];
 		ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_REQUEST_FAILED);
 		sprintf(tmpbuf, "%ld", sw_status);
 		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
 		}
 		goto err;
 		}
 	/* Prepare the argument and response */
 	arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);
 	arg.value = (unsigned char *)argument->d;
 	res.nbytes = 2 * BN_num_bytes(p);
 	memset(result->d, 0, res.nbytes);
 	res.value = (unsigned char *)result->d;
 	/* Perform the operation */
 	if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP_CRT, &arg, 1,
 		&res, 1)) != SW_OK)
 		{
 		char tmpbuf[20];
 		ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_REQUEST_FAILED);
 		sprintf(tmpbuf, "%ld", sw_status);
 		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
 		goto err;
 		}
 	/* Convert the response */
 	BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
 	to_return = 1;
 err:
 	if(acquired)
 		release_context(hac);
 	if(rsa_p) ctx->tos--;
 	if(rsa_q) ctx->tos--;
 	if(rsa_dmp1) ctx->tos--;
 	if(rsa_dmq1) ctx->tos--;
 	if(rsa_iqmp) ctx->tos--;
 	if(argument) ctx->tos--;
 	if(result) ctx->tos--;
 	return to_return;
 	}
 static int cswift_rsa_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
 	{
 	BN_CTX *ctx;
 	int to_return = 0;
 	if((ctx = BN_CTX_new()) == NULL)
 		goto err;
 	if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
 		{
 		ENGINEerr(ENGINE_F_CSWIFT_RSA_MOD_EXP,ENGINE_R_MISSING_KEY_COMPONENTS);
 		goto err;
 		}
 	to_return = cswift_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
 		rsa->dmq1, rsa->iqmp, ctx);
 err:
 	if(ctx)
 		BN_CTX_free(ctx);
 	return to_return;
 	}
 /* This function is aliased to mod_exp (with the mont stuff dropped). */
 static int cswift_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
 		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
 	{
 	return cswift_mod_exp(r, a, p, m, ctx);
 	}
 static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 	{
 	SW_CONTEXT_HANDLE hac;
 	SW_PARAM sw_param;
 	SW_STATUS sw_status;
 	SW_LARGENUMBER arg, res;
 	unsigned char *ptr;
 	BN_CTX *ctx;
 	BIGNUM *dsa_p = NULL;
 	BIGNUM *dsa_q = NULL;
 	BIGNUM *dsa_g = NULL;
 	BIGNUM *dsa_key = NULL;
 	BIGNUM *result = NULL;
 	DSA_SIG *to_return = NULL;
 	int acquired = 0;
 	if((ctx = BN_CTX_new()) == NULL)
 		goto err;
 	if(!get_context(&hac))
 		{
 		ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_GET_HANDLE_FAILED);
 		goto err;
 		}
 	acquired = 1;
 	/* Prepare the params */
 	dsa_p = BN_CTX_get(ctx);
 	dsa_q = BN_CTX_get(ctx);
 	dsa_g = BN_CTX_get(ctx);
 	dsa_key = BN_CTX_get(ctx);
 	result = BN_CTX_get(ctx);
 	if(!dsa_p || !dsa_q || !dsa_g || !dsa_key || !result)
 		{
 		ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_BN_CTX_FULL);
 		goto err;
 		}
 	if(!bn_wexpand(dsa_p, dsa->p->top) ||
 			!bn_wexpand(dsa_q, dsa->q->top) ||
 			!bn_wexpand(dsa_g, dsa->g->top) ||
 			!bn_wexpand(dsa_key, dsa->priv_key->top) ||
 			!bn_wexpand(result, dsa->p->top))
 		{
 		ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_BN_EXPAND_FAIL);
 		goto err;
 		}
 	sw_param.type = SW_ALG_DSA;
 	sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p,
 				(unsigned char *)dsa_p->d);
 	sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;
 	sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q,
 				(unsigned char *)dsa_q->d);
 	sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;
 	sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g,
 				(unsigned char *)dsa_g->d);
 	sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;
 	sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->priv_key,
 				(unsigned char *)dsa_key->d);
 	sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;
 	/* Attach the key params */
 	sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
 	switch(sw_status)
 		{
 	case SW_OK:
 		break;
 	case SW_ERR_INPUT_SIZE:
 		ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,
 			ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
 		goto err;
 	default:
 		{
 		char tmpbuf[20];
 		ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_REQUEST_FAILED);
 		sprintf(tmpbuf, "%ld", sw_status);
 		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
 		}
 		goto err;
 		}
 	/* Prepare the argument and response */
 	arg.nbytes = dlen;
 	arg.value = (unsigned char *)dgst;
 	res.nbytes = BN_num_bytes(dsa->p);
 	memset(result->d, 0, res.nbytes);
 	res.value = (unsigned char *)result->d;
 	/* Perform the operation */
 	sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_SIGN, &arg, 1,
 		&res, 1);
 	if(sw_status != SW_OK)
 		{
 		char tmpbuf[20];
 		ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_REQUEST_FAILED);
 		sprintf(tmpbuf, "%ld", sw_status);
 		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
 		goto err;
 		}
 	/* Convert the response */
 	ptr = (unsigned char *)result->d;
 	if((to_return = DSA_SIG_new()) == NULL)
 		goto err;
 	to_return->r = BN_bin2bn((unsigned char *)result->d, 20, NULL);
 	to_return->s = BN_bin2bn((unsigned char *)result->d + 20, 20, NULL);
 err:
 	if(acquired)
 		release_context(hac);
 	if(dsa_p) ctx->tos--;
 	if(dsa_q) ctx->tos--;
 	if(dsa_g) ctx->tos--;
 	if(dsa_key) ctx->tos--;
 	if(result) ctx->tos--;
 	if(ctx)
 		BN_CTX_free(ctx);
 	return to_return;
 	}
 static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
 				DSA_SIG *sig, DSA *dsa)
 	{
 	SW_CONTEXT_HANDLE hac;
 	SW_PARAM sw_param;
 	SW_STATUS sw_status;
 	SW_LARGENUMBER arg[2], res;
 	unsigned long sig_result;
 	BN_CTX *ctx;
 	BIGNUM *dsa_p = NULL;
 	BIGNUM *dsa_q = NULL;
 	BIGNUM *dsa_g = NULL;
 	BIGNUM *dsa_key = NULL;
 	BIGNUM *argument = NULL;
 	int to_return = -1;
 	int acquired = 0;
 	if((ctx = BN_CTX_new()) == NULL)
 		goto err;
 	if(!get_context(&hac))
 		{
 		ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_GET_HANDLE_FAILED);
 		goto err;
 		}
 	acquired = 1;
 	/* Prepare the params */
 	dsa_p = BN_CTX_get(ctx);
 	dsa_q = BN_CTX_get(ctx);
 	dsa_g = BN_CTX_get(ctx);
 	dsa_key = BN_CTX_get(ctx);
 	argument = BN_CTX_get(ctx);
 	if(!dsa_p || !dsa_q || !dsa_g || !dsa_key || !argument)
 		{
 		ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_BN_CTX_FULL);
 		goto err;
 		}
 	if(!bn_wexpand(dsa_p, dsa->p->top) ||
 			!bn_wexpand(dsa_q, dsa->q->top) ||
 			!bn_wexpand(dsa_g, dsa->g->top) ||
 			!bn_wexpand(dsa_key, dsa->pub_key->top) ||
 			!bn_wexpand(argument, 40))
 		{
 		ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_BN_EXPAND_FAIL);
 		goto err;
 		}
 	sw_param.type = SW_ALG_DSA;
 	sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p,
 				(unsigned char *)dsa_p->d);
 	sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;
 	sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q,
 				(unsigned char *)dsa_q->d);
 	sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;
 	sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g,
 				(unsigned char *)dsa_g->d);
 	sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;
 	sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->pub_key,
 				(unsigned char *)dsa_key->d);
 	sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;
 	/* Attach the key params */
 	sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
 	switch(sw_status)
 		{
 	case SW_OK:
 		break;
 	case SW_ERR_INPUT_SIZE:
 		ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,
 			ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
 		goto err;
 	default:
 		{
 		char tmpbuf[20];
 		ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_REQUEST_FAILED);
 		sprintf(tmpbuf, "%ld", sw_status);
 		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
 		}
 		goto err;
 		}
 	/* Prepare the argument and response */
 	arg[0].nbytes = dgst_len;
 	arg[0].value = (unsigned char *)dgst;
 	arg[1].nbytes = 40;
 	arg[1].value = (unsigned char *)argument->d;
 	memset(arg[1].value, 0, 40);
 	BN_bn2bin(sig->r, arg[1].value + 20 - BN_num_bytes(sig->r));
 	BN_bn2bin(sig->s, arg[1].value + 40 - BN_num_bytes(sig->s));
 	res.nbytes = 4; /* unsigned long */
 	res.value = (unsigned char *)(&sig_result);
 	/* Perform the operation */
 	sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_VERIFY, arg, 2,
 		&res, 1);
 	if(sw_status != SW_OK)
 		{
 		char tmpbuf[20];
 		ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_REQUEST_FAILED);
 		sprintf(tmpbuf, "%ld", sw_status);
 		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
 		goto err;
 		}
 	/* Convert the response */
 	to_return = ((sig_result == 0) ? 0 : 1);
 err:
 	if(acquired)
 		release_context(hac);
 	if(dsa_p) ctx->tos--;
 	if(dsa_q) ctx->tos--;
 	if(dsa_g) ctx->tos--;
 	if(dsa_key) ctx->tos--;
 	if(argument) ctx->tos--;
 	if(ctx)
 		BN_CTX_free(ctx);
 	return to_return;
 	}
 /* This function is aliased to mod_exp (with the dh and mont dropped). */
 static int cswift_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
 		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
 	{
 	return cswift_mod_exp(r, a, p, m, ctx);
 	}
 #endif /* !NO_HW_CSWIFT */
 #endif /* !NO_HW */
--- a/crypto/engine/hw_keyclient.c
+++ b/crypto/engine/hw_keyclient.c
--- a/crypto/engine/hw_ncipher.c
+++ b/crypto/engine/hw_ncipher.c
--- a/crypto/engine/hw_sureware.c
+++ b/crypto/engine/hw_sureware.c
@@ -0,0 +1,925 @@
 /* Written by Corinne Dive-Reclus(cdive@baltimore.com)
 * 
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * Written by Corinne Dive-Reclus(cdive@baltimore.com)
 *
 * Copyright@2001 Baltimore Technologies Ltd.
 * All right Reserved.
 *																								*	
 *		THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND																			*
 *		ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE					* 
 *		IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE				*
 *		ARE DISCLAIMED.  IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE						*
 *		FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL				*
 *		DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS					*
 *		OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)					*
 *		HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT				*
 *		LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY				*
 *		OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF					*
 *		SUCH DAMAGE.																			*
 ====================================================================*/
 #include <stdio.h>
 #include <openssl/crypto.h>
 #include <openssl/pem.h>
 #include "cryptlib.h"
 #include <openssl/dso.h>
 #include "engine_int.h"
 #include "engine.h"
 #include <openssl/engine.h>
 #ifndef NO_HW
 #ifndef NO_HW_SUREWARE
 #ifdef FLAT_INC
 #include "sureware.h"
 #else
 #include "vendor_defns/sureware.h"
 #endif
 static int surewarehk_ctrl(int cmd, long i, void *p, void (*f)());
 static int surewarehk_init(void);
 static int surewarehk_finish(void);
 static int surewarehk_modexp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
 							const BIGNUM *m, BN_CTX *ctx);
 /* RSA stuff */
 static int surewarehk_rsa_priv_dec(int flen,unsigned char *from,unsigned char *to,
 			RSA *rsa,int padding);
 static int surewarehk_rsa_sign(int flen,unsigned char *from,unsigned char *to,
 			    RSA *rsa,int padding);
 /* RAND stuff */
 static int surewarehk_rand_bytes(unsigned char *buf, int num);
 static void surewarehk_rand_seed(const void *buf, int num);
 static void surewarehk_rand_add(const void *buf, int num, double entropy);
 /* KM stuff */
 static EVP_PKEY *surewarehk_load_privkey(const char *key_id,
 	const char *passphrase);
 static EVP_PKEY *surewarehk_load_pubkey(const char *key_id,
 	const char *passphrase);
 static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
 	int index,long argl, void *argp);
 #if 0
 static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
 	int index,long argl, void *argp);
 #endif
 /* This function is aliased to mod_exp (with the mont stuff dropped). */
 static int surewarehk_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
 		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
 {
 	return surewarehk_modexp(r, a, p, m, ctx);
 }
 /* Our internal RSA_METHOD that we provide pointers to */
 static RSA_METHOD surewarehk_rsa =
 	{
 	"SureWare RSA method",
 	NULL, /* pub_enc*/
 	NULL, /* pub_dec*/
 	surewarehk_rsa_sign, /* our rsa_sign is OpenSSL priv_enc*/
 	surewarehk_rsa_priv_dec, /* priv_dec*/
 	NULL, /*mod_exp*/
 	surewarehk_mod_exp_mont, /*mod_exp_mongomery*/
 	NULL, /* init*/
 	NULL, /* finish*/
 	0,	/* RSA flag*/
 	NULL, 
 	NULL, /* OpenSSL sign*/
 	NULL  /* OpenSSL verify*/
 	};
 /* Our internal DH_METHOD that we provide pointers to */
 /* This function is aliased to mod_exp (with the dh and mont dropped). */
 static int surewarehk_modexp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
 		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
 {
 	return surewarehk_modexp(r, a, p, m, ctx);
 }
 static DH_METHOD surewarehk_dh =
 	{
 	"SureWare DH method",
 	NULL,/*gen_key*/
 	NULL,/*agree,*/
 	surewarehk_modexp_dh, /*dh mod exp*/
 	NULL, /* init*/
 	NULL, /* finish*/
 	0,    /* flags*/
 	NULL 
 	};
 static RAND_METHOD surewarehk_rand =
 	{
 	/* "SureWare RAND method", */
 	surewarehk_rand_seed,
 	surewarehk_rand_bytes,
 	NULL,/*cleanup*/
 	surewarehk_rand_add,
 	surewarehk_rand_bytes,
 	NULL,/*rand_status*/
 	};
 /* DSA stuff */
 static	DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
 static int surewarehk_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
 		BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
 		BN_CTX *ctx, BN_MONT_CTX *in_mont)
 {
 	BIGNUM t;
 	int to_return = 0;
 	BN_init(&t);
 	/* let rr = a1 ^ p1 mod m */
 	if (!surewarehk_modexp(rr,a1,p1,m,ctx)) goto end;
 	/* let t = a2 ^ p2 mod m */
 	if (!surewarehk_modexp(&t,a2,p2,m,ctx)) goto end;
 	/* let rr = rr * t mod m */
 	if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
 	to_return = 1;
 end:
 	BN_free(&t);
 	return to_return;
 }
 static DSA_METHOD surewarehk_dsa =
 	{
 	 "SureWare DSA method", 
 	surewarehk_dsa_do_sign,
 	NULL,/*sign setup*/
 	NULL,/*verify,*/
 	surewarehk_dsa_mod_exp,/*mod exp*/
 	NULL,/*bn mod exp*/
 	NULL, /*init*/
 	NULL,/*finish*/
 	0,
 	NULL,
 	};
 /* Our ENGINE structure. */
 static ENGINE engine_surewarehk =
        {
 	"sureware",
 	"SureWare hardware engine support",
 	&surewarehk_rsa,
 	&surewarehk_dsa,
 	&surewarehk_dh,
 	&surewarehk_rand,
 	&surewarehk_modexp,
 	NULL,/* mod exp CRT*/
 	surewarehk_init,
 	surewarehk_finish,
 	surewarehk_ctrl, /* crtl*/
 	surewarehk_load_privkey,
 	surewarehk_load_pubkey,
 	0, /* no flags */
 	0, 0, /* no references */
 	NULL, /*unlinked */
        };
 /* Now, to our own code */
 /* As this is only ever called once, there's no need for locking
 * (indeed - the lock will already be held by our caller!!!) */
 ENGINE *ENGINE_sureware()
 {
 	RSA_METHOD *meth1;
 	DSA_METHOD *meth2;
 	DH_METHOD *meth3;
 	/* We know that the "PKCS1_SSLeay()" functions hook properly
 	 * to the cswift-specific mod_exp and mod_exp_crt so we use
 	 * those functions. NB: We don't use ENGINE_openssl() or
 	 * anything "more generic" because something like the RSAref
 	 * code may not hook properly, and if you own one of these
 	 * cards then you have the right to do RSA operations on it
 	 * anyway! */ 
 	meth1 = RSA_PKCS1_SSLeay();
 	if (meth1)
 	{
 		surewarehk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
 		surewarehk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
 	}
 	/* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
 	 * bits. */
 	meth2 = DSA_OpenSSL();
 	if (meth2)
 	{
 		surewarehk_dsa.dsa_do_verify = meth2->dsa_do_verify;
 	}
 	/* Much the same for Diffie-Hellman */
 	meth3 = DH_OpenSSL();
 	if (meth3)
 	{
 		surewarehk_dh.generate_key = meth3->generate_key;
 		surewarehk_dh.compute_key = meth3->compute_key;
 	}
 	return &engine_surewarehk;
 }
 /* This is a process-global DSO handle used for loading and unloading
 * the SureWareHook library. NB: This is only set (or unset) during an
 * init() or finish() call (reference counts permitting) and they're
 * operating with global locks, so this should be thread-safe
 * implicitly. */
 static DSO *surewarehk_dso = NULL;
 static int rsaHndidx = -1;	/* Index for KM handle.  Not really used yet. */
 static int dsaHndidx = -1;	/* Index for KM handle.  Not really used yet. */
 /* These are the function pointers that are (un)set when the library has
 * successfully (un)loaded. */
 static SureWareHook_Init_t *p_surewarehk_Init = NULL;
 static SureWareHook_Finish_t *p_surewarehk_Finish = NULL;
 static SureWareHook_Rand_Bytes_t *p_surewarehk_Rand_Bytes = NULL;
 static SureWareHook_Rand_Seed_t *p_surewarehk_Rand_Seed = NULL;
 static SureWareHook_Load_Privkey_t *p_surewarehk_Load_Privkey = NULL;
 static SureWareHook_Info_Pubkey_t *p_surewarehk_Info_Pubkey = NULL;
 static SureWareHook_Load_Rsa_Pubkey_t *p_surewarehk_Load_Rsa_Pubkey = NULL;
 static SureWareHook_Load_Dsa_Pubkey_t *p_surewarehk_Load_Dsa_Pubkey = NULL;
 static SureWareHook_Free_t *p_surewarehk_Free=NULL;
 static SureWareHook_Rsa_Priv_Dec_t *p_surewarehk_Rsa_Priv_Dec=NULL;
 static SureWareHook_Rsa_Sign_t *p_surewarehk_Rsa_Sign=NULL;
 static SureWareHook_Dsa_Sign_t *p_surewarehk_Dsa_Sign=NULL;
 static SureWareHook_Mod_Exp_t *p_surewarehk_Mod_Exp=NULL;
 /* Used in the DSO operations. */
 static const char *surewarehk_LIBNAME = "SureWareHook";
 static const char *n_surewarehk_Init = "SureWareHook_Init";
 static const char *n_surewarehk_Finish = "SureWareHook_Finish";
 static const char *n_surewarehk_Rand_Bytes="SureWareHook_Rand_Bytes";
 static const char *n_surewarehk_Rand_Seed="SureWareHook_Rand_Seed";
 static const char *n_surewarehk_Load_Privkey="SureWareHook_Load_Privkey";
 static const char *n_surewarehk_Info_Pubkey="SureWareHook_Info_Pubkey";
 static const char *n_surewarehk_Load_Rsa_Pubkey="SureWareHook_Load_Rsa_Pubkey";
 static const char *n_surewarehk_Load_Dsa_Pubkey="SureWareHook_Load_Dsa_Pubkey";
 static const char *n_surewarehk_Free="SureWareHook_Free";
 static const char *n_surewarehk_Rsa_Priv_Dec="SureWareHook_Rsa_Priv_Dec";
 static const char *n_surewarehk_Rsa_Sign="SureWareHook_Rsa_Sign";
 static const char *n_surewarehk_Dsa_Sign="SureWareHook_Dsa_Sign";
 static const char *n_surewarehk_Mod_Exp="SureWareHook_Mod_Exp";
 static BIO *logstream = NULL;
 /* SureWareHook library functions and mechanics - these are used by the
 * higher-level functions further down. NB: As and where there's no
 * error checking, take a look lower down where these functions are
 * called, the checking and error handling is probably down there. 
 */
 static int threadsafe=1;
 static int surewarehk_ctrl(int cmd, long i, void *p, void (*f)())
 {
 	int to_return = 1;
 	switch(cmd)
 	{
 		case ENGINE_CTRL_SET_LOGSTREAM:
 		{
 			BIO *bio = (BIO *)p;
 			CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
 			if (logstream)
 			{
 				BIO_free(logstream);
 				logstream = NULL;
 			}
 			if (CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO) > 1)
 				logstream = bio;
 			else
 				ENGINEerr(ENGINE_F_SUREWAREHK_CTRL,ENGINE_R_BIO_WAS_FREED);
 		}
 		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
 		break;
 	/* This will prevent the initialisation function from "installing"
 	 * the mutex-handling callbacks, even if they are available from
 	 * within the library (or were provided to the library from the
 	 * calling application). This is to remove any baggage for
 	 * applications not using multithreading. */
 	case ENGINE_CTRL_CHIL_NO_LOCKING:
 		CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
 		threadsafe = 0;
 		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
 		break;
 	/* The command isn't understood by this engine */
 	default:
 		ENGINEerr(ENGINE_F_SUREWAREHK_CTRL,
 			ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
 		to_return = 0;
 		break;
 		}
 	return to_return;
 }
 /* (de)initialisation functions. */
 static int surewarehk_init()
 {
 	char msg[64]="ENGINE_init";
 	SureWareHook_Init_t *p1=NULL;
 	SureWareHook_Finish_t *p2=NULL;
 	SureWareHook_Rand_Bytes_t *p3=NULL;
 	SureWareHook_Rand_Seed_t *p4=NULL;
 	SureWareHook_Load_Privkey_t *p5=NULL;
 	SureWareHook_Load_Rsa_Pubkey_t *p6=NULL;
 	SureWareHook_Free_t *p7=NULL;
 	SureWareHook_Rsa_Priv_Dec_t *p8=NULL;
 	SureWareHook_Rsa_Sign_t *p9=NULL;
 	SureWareHook_Dsa_Sign_t *p12=NULL;
 	SureWareHook_Info_Pubkey_t *p13=NULL;
 	SureWareHook_Load_Dsa_Pubkey_t *p14=NULL;
 	SureWareHook_Mod_Exp_t *p15=NULL;
 	if(surewarehk_dso != NULL)
 	{
 		ENGINEerr(ENGINE_F_SUREWAREHK_INIT,ENGINE_R_ALREADY_LOADED);
 		goto err;
 	}
 	/* Attempt to load libsurewarehk.so/surewarehk.dll/whatever. */
 	surewarehk_dso = DSO_load(NULL, surewarehk_LIBNAME, NULL,
 		DSO_FLAG_NAME_TRANSLATION);
 	if(surewarehk_dso == NULL)
 	{
 		ENGINEerr(ENGINE_F_SUREWAREHK_INIT,ENGINE_R_DSO_FAILURE);
 		goto err;
 	}
 	if(!(p1=(SureWareHook_Init_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Init)) ||
 	   !(p2=(SureWareHook_Finish_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Finish)) ||
 	   !(p3=(SureWareHook_Rand_Bytes_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rand_Bytes)) ||
 	   !(p4=(SureWareHook_Rand_Seed_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rand_Seed)) ||
 	   !(p5=(SureWareHook_Load_Privkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Privkey)) ||
 	   !(p6=(SureWareHook_Load_Rsa_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Rsa_Pubkey)) ||
 	   !(p7=(SureWareHook_Free_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Free)) ||
 	   !(p8=(SureWareHook_Rsa_Priv_Dec_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rsa_Priv_Dec)) ||
 	   !(p9=(SureWareHook_Rsa_Sign_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rsa_Sign)) ||
 	   !(p12=(SureWareHook_Dsa_Sign_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Dsa_Sign)) ||
 	   !(p13=(SureWareHook_Info_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Info_Pubkey)) ||
 	   !(p14=(SureWareHook_Load_Dsa_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Dsa_Pubkey)) ||
 	   !(p15=(SureWareHook_Mod_Exp_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Mod_Exp)))
 	{
 		ENGINEerr(ENGINE_F_SUREWAREHK_INIT,ENGINE_R_DSO_FAILURE);
 		goto err;
 	}
 	/* Copy the pointers */
 	p_surewarehk_Init = p1;
 	p_surewarehk_Finish = p2;
 	p_surewarehk_Rand_Bytes = p3;
 	p_surewarehk_Rand_Seed = p4;
 	p_surewarehk_Load_Privkey = p5;
 	p_surewarehk_Load_Rsa_Pubkey = p6;
 	p_surewarehk_Free = p7;
 	p_surewarehk_Rsa_Priv_Dec = p8;
 	p_surewarehk_Rsa_Sign = p9;
 	p_surewarehk_Dsa_Sign = p12;
 	p_surewarehk_Info_Pubkey = p13;
 	p_surewarehk_Load_Dsa_Pubkey = p14;
 	p_surewarehk_Mod_Exp = p15;
 	/* Contact the hardware and initialises it. */
 	if(p_surewarehk_Init(msg,threadsafe)==SUREWAREHOOK_ERROR_UNIT_FAILURE)
 	{
 		ENGINEerr(ENGINE_F_SUREWAREHK_INIT,ENGINE_R_UNIT_FAILURE);
 		goto err;
 	}
 	if(p_surewarehk_Init(msg,threadsafe)==SUREWAREHOOK_ERROR_UNIT_FAILURE)
 	{
 		ENGINEerr(ENGINE_F_SUREWAREHK_INIT,ENGINE_R_UNIT_FAILURE);
 		goto err;
 	}
 	/* try to load the default private key, if failed does not return a failure but
           wait for an explicit ENGINE_load_privakey */
 	surewarehk_load_privkey(NULL,NULL);
 	/* Everything's fine. */
 	if (rsaHndidx == -1)
 		rsaHndidx = RSA_get_ex_new_index(0,
 						"SureWareHook RSA key handle",
 						NULL, NULL, surewarehk_ex_free);
 	if (dsaHndidx == -1)
 		dsaHndidx = DSA_get_ex_new_index(0,
 						"SureWareHook DSA key handle",
 						NULL, NULL, surewarehk_ex_free);
 	return 1;
 err:
 	if(surewarehk_dso)
 		DSO_free(surewarehk_dso);
 	surewarehk_dso = NULL;
 	p_surewarehk_Init = NULL;
 	p_surewarehk_Finish = NULL;
 	p_surewarehk_Rand_Bytes = NULL;
 	p_surewarehk_Rand_Seed = NULL;
 	p_surewarehk_Load_Privkey = NULL;
 	p_surewarehk_Load_Rsa_Pubkey = NULL;
 	p_surewarehk_Free = NULL;
 	p_surewarehk_Rsa_Priv_Dec = NULL;
 	p_surewarehk_Rsa_Sign = NULL;
 	p_surewarehk_Dsa_Sign = NULL;
 	p_surewarehk_Info_Pubkey = NULL;
 	p_surewarehk_Load_Dsa_Pubkey = NULL;
 	p_surewarehk_Mod_Exp = NULL;
 	return 0;
 }
 static int surewarehk_finish()
 {
 	int to_return = 1;
 	if(surewarehk_dso == NULL)
 		{
 		ENGINEerr(ENGINE_F_SUREWAREHK_FINISH,ENGINE_R_NOT_LOADED);
 		to_return = 0;
 		goto err;
 		}
 	p_surewarehk_Finish();
 	if(!DSO_free(surewarehk_dso))
 		{
 		ENGINEerr(ENGINE_F_SUREWAREHK_FINISH,ENGINE_R_DSO_FAILURE);
 		to_return = 0;
 		goto err;
 		}
 err:
 	if (logstream)
 		BIO_free(logstream);
 	surewarehk_dso = NULL;
 	p_surewarehk_Init = NULL;
 	p_surewarehk_Finish = NULL;
 	p_surewarehk_Rand_Bytes = NULL;
 	p_surewarehk_Rand_Seed = NULL;
 	p_surewarehk_Load_Privkey = NULL;
 	p_surewarehk_Load_Rsa_Pubkey = NULL;
 	p_surewarehk_Free = NULL;
 	p_surewarehk_Rsa_Priv_Dec = NULL;
 	p_surewarehk_Rsa_Sign = NULL;
 	p_surewarehk_Dsa_Sign = NULL;
 	p_surewarehk_Info_Pubkey = NULL;
 	p_surewarehk_Load_Dsa_Pubkey = NULL;
 	p_surewarehk_Mod_Exp = NULL;
 	return to_return;
 }
 static void surewarehk_error_handling(char *const msg,int func,int ret)
 {
 	switch (ret)
 	{
 		case SUREWAREHOOK_ERROR_UNIT_FAILURE:
 			ENGINEerr(func,ENGINE_R_UNIT_FAILURE);
 			break;
 		case SUREWAREHOOK_ERROR_FALLBACK:
 			ENGINEerr(func,ENGINE_R_REQUEST_FALLBACK);
 			break;
 		case SUREWAREHOOK_ERROR_DATA_SIZE:
 			ENGINEerr(func,ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
 			break;
 		case SUREWAREHOOK_ERROR_INVALID_PAD:
 			ENGINEerr(func,RSA_R_PADDING_CHECK_FAILED);
 			break;
 		default:
 			ENGINEerr(func,ENGINE_R_REQUEST_FAILED);
 			break;
 		case 1:/*nothing*/
 			msg[0]='\0';
 	}
 	if (*msg)
 	{
 		ERR_add_error_data(1,msg);
 		if (logstream)
 		{
 			CRYPTO_w_lock(CRYPTO_LOCK_BIO);
 			BIO_write(logstream, msg, strlen(msg));
 			CRYPTO_w_unlock(CRYPTO_LOCK_BIO);
 		}
 	}
 }
 static int surewarehk_rand_bytes(unsigned char *buf, int num)
 {
 	int ret=0;
 	char msg[64]="ENGINE_rand_bytes";
 	if(!p_surewarehk_Rand_Bytes)
 	{
 		ENGINEerr(ENGINE_F_SUREWAREHK_RAND_BYTES,ENGINE_R_NOT_INITIALISED);
 	}
 	else
 	{
 		ret = p_surewarehk_Rand_Bytes(msg,buf, num);
 		surewarehk_error_handling(msg,ENGINE_F_SUREWAREHK_RAND_BYTES,ret);
 	}
 	return ret==1 ? 1 : 0;
 }
 static void surewarehk_rand_seed(const void *buf, int num)
 {
 	int ret=0;
 	char msg[64]="ENGINE_rand_seed";
 	if(!p_surewarehk_Rand_Seed)
 	{
 		ENGINEerr(ENGINE_F_SUREWAREHK_RAND_SEED,ENGINE_R_NOT_INITIALISED);
 	}
 	else
 	{
 		ret = p_surewarehk_Rand_Seed(msg,buf, num);
 		surewarehk_error_handling(msg,ENGINE_F_SUREWAREHK_RAND_SEED,ret);
 	}
 }
 static void surewarehk_rand_add(const void *buf, int num, double entropy)
 {
 	surewarehk_rand_seed(buf,num);
 }
 static EVP_PKEY* sureware_load_public(const char *key_id,char *hptr,unsigned long el,char keytype)
 {
 	EVP_PKEY *res = NULL;
 	RSA *rsatmp = NULL;
 	DSA *dsatmp=NULL;
 	char msg[64]="sureware_load_public";
 	int ret=0;
 	if(!p_surewarehk_Load_Rsa_Pubkey || !p_surewarehk_Load_Dsa_Pubkey)
 	{
 		ENGINEerr(ENGINE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ENGINE_R_NOT_INITIALISED);
 		goto err;
 	}
 	switch (keytype)
 	{
 	case 1: /*RSA*/
 		/* set private external reference */
 		rsatmp = RSA_new_method(&engine_surewarehk);
 		RSA_set_ex_data(rsatmp,rsaHndidx,hptr);
 		rsatmp->flags |= RSA_FLAG_EXT_PKEY;
 		/* set public big nums*/
 		rsatmp->e = BN_new();
 		rsatmp->n = BN_new();
 		bn_expand2(rsatmp->e, el/sizeof(BN_ULONG));
 		bn_expand2(rsatmp->n, el/sizeof(BN_ULONG));
 		if (!rsatmp->e || rsatmp->e->dmax!=(int)(el/sizeof(BN_ULONG))|| 
 			!rsatmp->n || rsatmp->n->dmax!=(int)(el/sizeof(BN_ULONG)))
 			goto err;
 		ret=p_surewarehk_Load_Rsa_Pubkey(msg,key_id,el,
 						 (unsigned long *)rsatmp->n->d,
 						 (unsigned long *)rsatmp->e->d);
 		surewarehk_error_handling(msg,ENGINE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ret);
 		if (ret!=1)
 		{
 			ENGINEerr(ENGINE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
 			goto err;
 		}
 		/* normalise pub e and pub n */
 		rsatmp->e->top=el/sizeof(BN_ULONG);
 		bn_fix_top(rsatmp->e);
 		rsatmp->n->top=el/sizeof(BN_ULONG);
 		bn_fix_top(rsatmp->n);
 		/* create an EVP object: engine + rsa key */
 		res = EVP_PKEY_new();
 		EVP_PKEY_assign_RSA(res, rsatmp);
 		break;
 	case 2:/*DSA*/
 		/* set private/public external reference */
 		dsatmp = DSA_new_method(&engine_surewarehk);
 		DSA_set_ex_data(dsatmp,dsaHndidx,hptr);
 		/*dsatmp->flags |= DSA_FLAG_EXT_PKEY;*/
 		/* set public key*/
 		dsatmp->pub_key = BN_new();
 		dsatmp->p = BN_new();
 		dsatmp->q = BN_new();
 		dsatmp->g = BN_new();
 		bn_expand2(dsatmp->pub_key, el/sizeof(BN_ULONG));
 		bn_expand2(dsatmp->p, el/sizeof(BN_ULONG));
 		bn_expand2(dsatmp->q, 20/sizeof(BN_ULONG));
 		bn_expand2(dsatmp->g, el/sizeof(BN_ULONG));
 		if (!dsatmp->pub_key || dsatmp->pub_key->dmax!=(int)(el/sizeof(BN_ULONG))|| 
 			!dsatmp->p || dsatmp->p->dmax!=(int)(el/sizeof(BN_ULONG)) ||
 			!dsatmp->q || dsatmp->q->dmax!=20/sizeof(BN_ULONG) ||
 			!dsatmp->g || dsatmp->g->dmax!=(int)(el/sizeof(BN_ULONG)))
 			goto err;
 		ret=p_surewarehk_Load_Dsa_Pubkey(msg,key_id,el,
 						 (unsigned long *)dsatmp->pub_key->d, 
 						 (unsigned long *)dsatmp->p->d,
 						 (unsigned long *)dsatmp->q->d,
 						 (unsigned long *)dsatmp->g->d);
 		surewarehk_error_handling(msg,ENGINE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ret);
 		if (ret!=1)
 		{
 			ENGINEerr(ENGINE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
 			goto err;
 		}
 		/* set parameters */
 		/* normalise pubkey and parameters in case of */
 		dsatmp->pub_key->top=el/sizeof(BN_ULONG);
 		bn_fix_top(dsatmp->pub_key);
 		dsatmp->p->top=el/sizeof(BN_ULONG);
 		bn_fix_top(dsatmp->p);
 		dsatmp->q->top=20/sizeof(BN_ULONG);
 		bn_fix_top(dsatmp->q);
 		dsatmp->g->top=el/sizeof(BN_ULONG);
 		bn_fix_top(dsatmp->g);
 		/* create an EVP object: engine + rsa key */
 		res = EVP_PKEY_new();
 		EVP_PKEY_assign_DSA(res, dsatmp);
 		break;
 	default:
 		ENGINEerr(ENGINE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
 		goto err;
 	}
 	return res;
 err:
 	if (res)
 		EVP_PKEY_free(res);
 	if (rsatmp)
 		RSA_free(rsatmp);
 	if (dsatmp)
 		DSA_free(dsatmp);
 	return NULL;
 }
 static EVP_PKEY *surewarehk_load_privkey(const char *key_id,
 										const char *passphrase)
 {
 	EVP_PKEY *res = NULL;
 	int ret=0;
 	unsigned long el=0;
 	char *hptr=NULL;
 	char keytype=0;
 	char msg[64]="ENGINE_load_privkey";
 	if(!p_surewarehk_Load_Privkey)
 	{
 		ENGINEerr(ENGINE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_NOT_INITIALISED);
 	}
 	else
 	{
 		ret=p_surewarehk_Load_Privkey(msg,key_id,&hptr,&el,&keytype);
 		if (ret!=1)
 		{
 			ENGINEerr(ENGINE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
 			ERR_add_error_data(1,msg);		
 		}
 		else
 			res=sureware_load_public(key_id,hptr,el,keytype);
 	}
 	return res;
 }
 static EVP_PKEY *surewarehk_load_pubkey(const char *key_id,
 	const char *passphrase)
 {
 	EVP_PKEY *res = NULL;
 	int ret=0;
 	unsigned long el=0;
 	char *hptr=NULL;
 	char keytype=0;
 	char msg[64]="ENGINE_load_pubkey";
 	if(!p_surewarehk_Info_Pubkey)
 	{
 		ENGINEerr(ENGINE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ENGINE_R_NOT_INITIALISED);
 	}
 	else
 	{
 		/* call once to identify if DSA or RSA */
 		ret=p_surewarehk_Info_Pubkey(msg,key_id,&el,&keytype);
 		if (ret!=1)
 		{
 			ENGINEerr(ENGINE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
 			ERR_add_error_data(1,msg);
 		}
 		else
 			res=sureware_load_public(key_id,hptr,el,keytype);
 	}
 	return res;
 }
 /* This cleans up an RSA/DSA KM key(do not destroy the key into the hardware)
 , called when ex_data is freed */
 static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
 	int index,long argl, void *argp)
 {
 	if(!p_surewarehk_Free)
 	{
 		ENGINEerr(ENGINE_F_SUREWAREHK_EX_FREE,ENGINE_R_NOT_INITIALISED);
 	}
 	else
 		p_surewarehk_Free((char *)item,0);
 }
 #if 0
 /* This cleans up an DH KM key (destroys the key into hardware), 
 called when ex_data is freed */
 static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
 	int index,long argl, void *argp)
 {
 	if(!p_surewarehk_Free)
 	{
 		ENGINEerr(ENGINE_F_SUREWAREHK_EX_FREE,ENGINE_R_NOT_INITIALISED);
 	}
 	else
 		p_surewarehk_Free((char *)item,1);
 }
 #endif
 /*
 * return number of decrypted bytes
 */
 static int surewarehk_rsa_priv_dec(int flen,unsigned char *from,unsigned char *to,
 			RSA *rsa,int padding)
 {
 	int ret=0,tlen;
 	char *buf=NULL,*hptr=NULL;
 	char msg[64]="ENGINE_rsa_priv_dec";
 	if (!p_surewarehk_Rsa_Priv_Dec)
 	{
 		ENGINEerr(ENGINE_F_SUREWAREHK_RSA_PRIV_DEC,ENGINE_R_NOT_INITIALISED);
 	}
 	/* extract ref to private key */
 	else if (!(hptr=RSA_get_ex_data(rsa, rsaHndidx)))
 	{
 		ENGINEerr(ENGINE_F_SUREWAREHK_RSA_PRIV_DEC,ENGINE_R_MISSING_KEY_COMPONENTS);
 		goto err;
 	}
 	/* analyse what padding we can do into the hardware */
 	if (padding==RSA_PKCS1_PADDING)
 	{
 		/* do it one shot */
 		ret=p_surewarehk_Rsa_Priv_Dec(msg,flen,from,&tlen,to,hptr,SUREWARE_PKCS1_PAD);
 		surewarehk_error_handling(msg,ENGINE_F_SUREWAREHK_RSA_PRIV_DEC,ret);
 		if (ret!=1)
 			goto err;
 		ret=tlen;
 	}
 	else /* do with no padding into hardware */
 	{
 		ret=p_surewarehk_Rsa_Priv_Dec(msg,flen,from,&tlen,to,hptr,SUREWARE_NO_PAD);
 		surewarehk_error_handling(msg,ENGINE_F_SUREWAREHK_RSA_PRIV_DEC,ret);
 		if (ret!=1)
 			goto err;
 		/* intermediate buffer for padding */
 		if ((buf=OPENSSL_malloc(tlen)) == NULL)
 		{
 			RSAerr(ENGINE_F_SUREWAREHK_RSA_PRIV_DEC,ERR_R_MALLOC_FAILURE);
 			goto err;
 		}
 		memcpy(buf,to,tlen);/* transfert to into buf */
 		switch (padding) /* check padding in software */
 		{
 #ifndef NO_SHA
 		case RSA_PKCS1_OAEP_PADDING:
 			ret=RSA_padding_check_PKCS1_OAEP(to,tlen,(unsigned char *)buf,tlen,tlen,NULL,0);
 			break;
 #endif
 		case RSA_SSLV23_PADDING:
 			ret=RSA_padding_check_SSLv23(to,tlen,(unsigned char *)buf,flen,tlen);
 			break;
 		case RSA_NO_PADDING:
 			ret=RSA_padding_check_none(to,tlen,(unsigned char *)buf,flen,tlen);
 			break;
 		default:
 			RSAerr(ENGINE_F_SUREWAREHK_RSA_PRIV_DEC,RSA_R_UNKNOWN_PADDING_TYPE);
 			goto err;
 		}
 		if (ret < 0)
 			RSAerr(ENGINE_F_SUREWAREHK_RSA_PRIV_DEC,RSA_R_PADDING_CHECK_FAILED);
 	}
 err:
 	if (buf)
 	{
 		memset(buf,0,tlen);
 		OPENSSL_free(buf);
 	}
 	return ret;
 }
 /*
 * Does what OpenSSL rsa_priv_enc does.
 */
 static int surewarehk_rsa_sign(int flen,unsigned char *from,unsigned char *to,
 			    RSA *rsa,int padding)
 {
 	int ret=0,tlen;
 	char *hptr=NULL;
 	char msg[64]="ENGINE_rsa_sign";
 	if (!p_surewarehk_Rsa_Sign)
 	{
 		ENGINEerr(ENGINE_F_SUREWAREHK_RSA_PRIV_ENC,ENGINE_R_NOT_INITIALISED);
 	}
 	/* extract ref to private key */
 	else if (!(hptr=RSA_get_ex_data(rsa, rsaHndidx)))
 	{
 		ENGINEerr(ENGINE_F_SUREWAREHK_RSA_PRIV_ENC,ENGINE_R_MISSING_KEY_COMPONENTS);
 	}
 	else
 	{
 		switch (padding)
 		{
 		case RSA_PKCS1_PADDING: /* do it in one shot */
 			ret=p_surewarehk_Rsa_Sign(msg,flen,from,&tlen,to,hptr,SUREWARE_PKCS1_PAD);
 			surewarehk_error_handling(msg,ENGINE_F_SUREWAREHK_RSA_PRIV_ENC,ret);
 			break;
 		case RSA_NO_PADDING:
 		default:
 			RSAerr(ENGINE_F_SUREWAREHK_RSA_PRIV_ENC,RSA_R_UNKNOWN_PADDING_TYPE);
 		}
 	}
 	return ret==1 ? tlen : ret;
 }
 /* DSA sign and verify */
 static	DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *from, int flen, DSA *dsa)
 {
 	int ret=0;
 	char *hptr=NULL;
 	DSA_SIG *psign=NULL;
 	char msg[64]="ENGINE_dsa_do_sign";
 	if (!p_surewarehk_Dsa_Sign)
 	{
 		ENGINEerr(ENGINE_F_SUREWAREHK_DSA_DO_SIGN,ENGINE_R_NOT_INITIALISED);
 	}
 	/* extract ref to private key */
 	else if (!(hptr=DSA_get_ex_data(dsa, dsaHndidx)))
 	{
 		ENGINEerr(ENGINE_F_SUREWAREHK_DSA_DO_SIGN,ENGINE_R_MISSING_KEY_COMPONENTS);
 	}
 	else
 	{
 		if((psign = DSA_SIG_new()) == NULL)
 		{
 			ENGINEerr(ENGINE_F_SUREWAREHK_DSA_DO_SIGN,ERR_R_MALLOC_FAILURE);
 			goto err;
 		}
 		psign->r=BN_new();
 		psign->s=BN_new();
 		bn_expand2(psign->r, 20/sizeof(BN_ULONG));
 		bn_expand2(psign->s, 20/sizeof(BN_ULONG));
 		if (!psign->r || psign->r->dmax!=20/sizeof(BN_ULONG) ||
 			!psign->s || psign->s->dmax!=20/sizeof(BN_ULONG))
 			goto err;
 		ret=p_surewarehk_Dsa_Sign(msg,flen,from,
 					  (unsigned long *)psign->r->d,
 					  (unsigned long *)psign->s->d,
 					  hptr);
 		surewarehk_error_handling(msg,ENGINE_F_SUREWAREHK_DSA_DO_SIGN,ret);
 	}
 	psign->r->top=20/sizeof(BN_ULONG);
 	bn_fix_top(psign->r);
 	psign->s->top=20/sizeof(BN_ULONG);
 	bn_fix_top(psign->s);
 err:	
 	if (psign)
 	{
 		DSA_SIG_free(psign);
 		psign=NULL;
 	}
 	return psign;
 }
 static int surewarehk_modexp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
 							const BIGNUM *m, BN_CTX *ctx)
 {
 	int ret=0;
 	char msg[64]="ENGINE_modexp";
 	if (!p_surewarehk_Mod_Exp)
 	{
 		ENGINEerr(ENGINE_F_SUREWAREHK_MOD_EXP,ENGINE_R_NOT_INITIALISED);
 	}
 	else
 	{
 		bn_expand2(r,m->top);
 		if (r && r->dmax==m->top)
 		{
 			/* do it*/
 			ret=p_surewarehk_Mod_Exp(msg,
 						 m->top*sizeof(BN_ULONG),
 						 (unsigned long *)m->d,
 						 p->top*sizeof(BN_ULONG),
 						 (unsigned long *)p->d,
 						 a->top*sizeof(BN_ULONG),
 						 (unsigned long *)a->d,
 						 (unsigned long *)r->d);
 			surewarehk_error_handling(msg,ENGINE_F_SUREWAREHK_MOD_EXP,ret);
 			if (ret==1)
 			{
 				/* normalise result */
 				r->top=m->top;
 				bn_fix_top(r);
 			}
 		}
 	}
 	return ret;
 }
 #endif /* !NO_HW_SureWare */
 #endif /* !NO_HW */
--- a/crypto/engine/hw_ubsec.c
+++ b/crypto/engine/hw_ubsec.c
--- a/Show More
+++ b/Show More