import OpenSSL-1.0.0a

14 files changed, 580 insertions, 57 deletions

diff --git a/src/lib/libcrypto/engine/eng_all.c b/src/lib/libcrypto/engine/eng_all.c
index d29cd57dc2..22c120454f 100644
--- a/src/lib/libcrypto/engine/eng_all.c
+++ b/src/lib/libcrypto/engine/eng_all.c
@@ -61,15 +61,15 @@
 
 void ENGINE_load_builtin_engines(void)
         {
+#if 0
         /* There's no longer any need for an "openssl" ENGINE unless, one day,
          * it is the *only* way for standard builtin implementations to be be
          * accessed (ie. it would be possible to statically link binaries with
          * *no* builtin implementations). */
-#if 0
         ENGINE_load_openssl();
 #endif
-#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
-        ENGINE_load_padlock();
+#if !defined(OPENSSL_NO_HW) && (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV))
+        ENGINE_load_cryptodev();
 #endif
         ENGINE_load_dynamic();
 #ifndef OPENSSL_NO_STATIC_ENGINE
@@ -98,14 +98,15 @@ void ENGINE_load_builtin_engines(void)
 #ifndef OPENSSL_NO_HW_UBSEC
         ENGINE_load_ubsec();
 #endif
+#ifndef OPENSSL_NO_HW_PADLOCK
+        ENGINE_load_padlock();
 #endif
-#if !defined(OPENSSL_NO_GMP) && !defined(OPENSSL_NO_HW_GMP)
-        ENGINE_load_gmp();
 #endif
+#ifndef OPENSSL_NO_GOST
+        ENGINE_load_gost();
 #endif
-#ifndef OPENSSL_NO_HW
-#if defined(__OpenBSD__) || defined(__FreeBSD__)
-        ENGINE_load_cryptodev();
+#ifndef OPENSSL_NO_GMP
+        ENGINE_load_gmp();
 #endif
 #if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
         ENGINE_load_capi();
@@ -113,7 +114,7 @@ void ENGINE_load_builtin_engines(void)
 #endif
         }
 
-#if defined(__OpenBSD__) || defined(__FreeBSD__)
+#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
 void ENGINE_setup_bsd_cryptodev(void) {
         static int bsd_cryptodev_default_loaded = 0;
         if (!bsd_cryptodev_default_loaded) {
diff --git a/src/lib/libcrypto/engine/eng_cnf.c b/src/lib/libcrypto/engine/eng_cnf.c
index 08066cea59..95c4070015 100644
--- a/src/lib/libcrypto/engine/eng_cnf.c
+++ b/src/lib/libcrypto/engine/eng_cnf.c
@@ -95,7 +95,7 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf)
         int ret = 0;
         long do_init = -1;
         STACK_OF(CONF_VALUE) *ecmds;
-        CONF_VALUE *ecmd;
+        CONF_VALUE *ecmd = NULL;
         char *ctrlname, *ctrlvalue;
         ENGINE *e = NULL;
         int soft = 0;
@@ -157,7 +157,7 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf)
                                         return 1;
                                         }
                                 if (!e)
-                                        return 0;
+                                        goto err;
                                 }
                         /* Allow "EMPTY" to mean no value: this allows a valid
                          * "value" to be passed to ctrls of type NO_INPUT
@@ -186,16 +186,27 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf)
                                 }
                         else if (!ENGINE_ctrl_cmd_string(e,
                                         ctrlname, ctrlvalue, 0))
-                                return 0;
+                                goto err;
                         }
 
 
 
                 }
         if (e && (do_init == -1) && !int_engine_init(e))
+                {
+                ecmd = NULL;
                 goto err;
+                }
         ret = 1;
         err:
+        if (ret != 1)
+                {
+                ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_ENGINE_CONFIGURATION_ERROR);
+                if (ecmd)
+                        ERR_add_error_data(6, "section=", ecmd->section, 
+                                                ", name=", ecmd->name,
+                                                ", value=", ecmd->value);
+                }
         if (e)
                 ENGINE_free(e);
         return ret;
diff --git a/src/lib/libcrypto/engine/eng_ctrl.c b/src/lib/libcrypto/engine/eng_ctrl.c
index 95b6b455aa..5ce25d92ec 100644
--- a/src/lib/libcrypto/engine/eng_ctrl.c
+++ b/src/lib/libcrypto/engine/eng_ctrl.c
@@ -280,7 +280,7 @@ int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
                 }
         /* Force the result of the control command to 0 or 1, for the reasons
          * mentioned before. */
-        if (ENGINE_ctrl(e, num, i, p, f))
+        if (ENGINE_ctrl(e, num, i, p, f) > 0)
                 return 1;
         return 0;
         }
@@ -345,7 +345,7 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
                  * usage of these commands is consistent across applications and
                  * that certain applications don't understand it one way, and
                  * others another. */
-                if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL))
+                if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
                         return 1;
                 return 0;
                 }
@@ -360,7 +360,7 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
         if(flags & ENGINE_CMD_FLAG_STRING)
                 {
                 /* Same explanation as above */
-                if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL))
+                if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
                         return 1;
                 return 0;
                 }
@@ -383,7 +383,7 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
                 }
         /* Force the result of the control command to 0 or 1, for the reasons
          * mentioned before. */
-        if(ENGINE_ctrl(e, num, l, NULL, NULL))
+        if(ENGINE_ctrl(e, num, l, NULL, NULL) > 0)
                 return 1;
         return 0;
         }
diff --git a/src/lib/libcrypto/engine/eng_dyn.c b/src/lib/libcrypto/engine/eng_dyn.c
index acb30c34d8..807da7a5eb 100644
--- a/src/lib/libcrypto/engine/eng_dyn.c
+++ b/src/lib/libcrypto/engine/eng_dyn.c
@@ -146,14 +146,14 @@ struct st_dynamic_data_ctx
          * 'dirs' for loading. Default is to use 'dirs' as a fallback. */
         int dir_load;
         /* A stack of directories from which ENGINEs could be loaded */
-        STACK *dirs;
+        STACK_OF(OPENSSL_STRING) *dirs;
         };
 
 /* This is the "ex_data" index we obtain and reserve for use with our context
  * structure. */
 static int dynamic_ex_data_idx = -1;
 
-static void int_free_str(void *s) { OPENSSL_free(s); }
+static void int_free_str(char *s) { OPENSSL_free(s); }
 /* Because our ex_data element may or may not get allocated depending on whether
  * a "first-use" occurs before the ENGINE is freed, we have a memory leak
  * problem to solve. We can't declare a "new" handler for the ex_data as we
@@ -174,7 +174,7 @@ static void dynamic_data_ctx_free_func(void *parent, void *ptr,
                 if(ctx->engine_id)
                         OPENSSL_free((void*)ctx->engine_id);
                 if(ctx->dirs)
-                        sk_pop_free(ctx->dirs, int_free_str);
+                        sk_OPENSSL_STRING_pop_free(ctx->dirs, int_free_str);
                 OPENSSL_free(ctx);
                 }
         }
@@ -203,7 +203,7 @@ static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx)
         c->DYNAMIC_F1 = "v_check";
         c->DYNAMIC_F2 = "bind_engine";
         c->dir_load = 1;
-        c->dirs = sk_new_null();
+        c->dirs = sk_OPENSSL_STRING_new_null();
         if(!c->dirs)
                 {
                 ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX,ERR_R_MALLOC_FAILURE);
@@ -393,7 +393,7 @@ static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
                                 ERR_R_MALLOC_FAILURE);
                         return 0;
                         }
-                sk_insert(ctx->dirs, tmp_str, -1);
+                sk_OPENSSL_STRING_insert(ctx->dirs, tmp_str, -1);
                 }
                 return 1;
         default:
@@ -411,11 +411,11 @@ static int int_load(dynamic_data_ctx *ctx)
                                 ctx->DYNAMIC_LIBNAME, NULL, 0)) != NULL)
                 return 1;
         /* If we're not allowed to use 'dirs' or we have none, fail */
-        if(!ctx->dir_load || ((num = sk_num(ctx->dirs)) < 1))
+        if(!ctx->dir_load || (num = sk_OPENSSL_STRING_num(ctx->dirs)) < 1)
                 return 0;
         for(loop = 0; loop < num; loop++)
                 {
-                const char *s = sk_value(ctx->dirs, loop);
+                const char *s = sk_OPENSSL_STRING_value(ctx->dirs, loop);
                 char *merge = DSO_merge(ctx->dynamic_dso, ctx->DYNAMIC_LIBNAME, s);
                 if(!merge)
                         return 0;
diff --git a/src/lib/libcrypto/engine/eng_err.c b/src/lib/libcrypto/engine/eng_err.c
index 574ffbb5c0..81c70acfa8 100644
--- a/src/lib/libcrypto/engine/eng_err.c
+++ b/src/lib/libcrypto/engine/eng_err.c
@@ -1,6 +1,6 @@
 /* crypto/engine/eng_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2010 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -86,6 +86,8 @@ static ERR_STRING_DATA ENGINE_str_functs[]=
 {ERR_FUNC(ENGINE_F_ENGINE_GET_DEFAULT_TYPE),    "ENGINE_GET_DEFAULT_TYPE"},
 {ERR_FUNC(ENGINE_F_ENGINE_GET_DIGEST),  "ENGINE_get_digest"},
 {ERR_FUNC(ENGINE_F_ENGINE_GET_NEXT),    "ENGINE_get_next"},
+{ERR_FUNC(ENGINE_F_ENGINE_GET_PKEY_ASN1_METH),  "ENGINE_get_pkey_asn1_meth"},
+{ERR_FUNC(ENGINE_F_ENGINE_GET_PKEY_METH),       "ENGINE_get_pkey_meth"},
 {ERR_FUNC(ENGINE_F_ENGINE_GET_PREV),    "ENGINE_get_prev"},
 {ERR_FUNC(ENGINE_F_ENGINE_INIT),        "ENGINE_init"},
 {ERR_FUNC(ENGINE_F_ENGINE_LIST_ADD),    "ENGINE_LIST_ADD"},
@@ -124,6 +126,7 @@ static ERR_STRING_DATA ENGINE_str_reasons[]=
 {ERR_REASON(ENGINE_R_DSO_FAILURE)        ,"DSO failure"},
 {ERR_REASON(ENGINE_R_DSO_NOT_FOUND)      ,"dso not found"},
 {ERR_REASON(ENGINE_R_ENGINES_SECTION_ERROR),"engines section error"},
+{ERR_REASON(ENGINE_R_ENGINE_CONFIGURATION_ERROR),"engine configuration error"},
 {ERR_REASON(ENGINE_R_ENGINE_IS_NOT_IN_LIST),"engine is not in the list"},
 {ERR_REASON(ENGINE_R_ENGINE_SECTION_ERROR),"engine section error"},
 {ERR_REASON(ENGINE_R_FAILED_LOADING_PRIVATE_KEY),"failed loading private key"},
@@ -150,6 +153,7 @@ static ERR_STRING_DATA ENGINE_str_reasons[]=
 {ERR_REASON(ENGINE_R_RSA_NOT_IMPLEMENTED),"rsa not implemented"},
 {ERR_REASON(ENGINE_R_UNIMPLEMENTED_CIPHER),"unimplemented cipher"},
 {ERR_REASON(ENGINE_R_UNIMPLEMENTED_DIGEST),"unimplemented digest"},
+{ERR_REASON(ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD),"unimplemented public key method"},
 {ERR_REASON(ENGINE_R_VERSION_INCOMPATIBILITY),"version incompatibility"},
 {0,NULL}
         };
diff --git a/src/lib/libcrypto/engine/eng_fat.c b/src/lib/libcrypto/engine/eng_fat.c
index 27c1662f62..db66e62350 100644
--- a/src/lib/libcrypto/engine/eng_fat.c
+++ b/src/lib/libcrypto/engine/eng_fat.c
@@ -89,6 +89,12 @@ int ENGINE_set_default(ENGINE *e, unsigned int flags)
 #endif
         if((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e))
                 return 0;
+        if((flags & ENGINE_METHOD_PKEY_METHS)
+                                && !ENGINE_set_default_pkey_meths(e))
+                return 0;
+        if((flags & ENGINE_METHOD_PKEY_ASN1_METHS)
+                                && !ENGINE_set_default_pkey_asn1_meths(e))
+                return 0;
         return 1;
         }
 
@@ -115,6 +121,13 @@ static int int_def_cb(const char *alg, int len, void *arg)
                 *pflags |= ENGINE_METHOD_CIPHERS;
         else if (!strncmp(alg, "DIGESTS", len))
                 *pflags |= ENGINE_METHOD_DIGESTS;
+        else if (!strncmp(alg, "PKEY", len))
+                *pflags |=
+                        ENGINE_METHOD_PKEY_METHS|ENGINE_METHOD_PKEY_ASN1_METHS;
+        else if (!strncmp(alg, "PKEY_CRYPTO", len))
+                *pflags |= ENGINE_METHOD_PKEY_METHS;
+        else if (!strncmp(alg, "PKEY_ASN1", len))
+                *pflags |= ENGINE_METHOD_PKEY_ASN1_METHS;
         else
                 return 0;
         return 1;
@@ -154,6 +167,7 @@ int ENGINE_register_complete(ENGINE *e)
         ENGINE_register_ECDSA(e);
 #endif
         ENGINE_register_RAND(e);
+        ENGINE_register_pkey_meths(e);
         return 1;
         }
 
diff --git a/src/lib/libcrypto/engine/eng_int.h b/src/lib/libcrypto/engine/eng_int.h
index a66f107a44..451ef8feb8 100644
--- a/src/lib/libcrypto/engine/eng_int.h
+++ b/src/lib/libcrypto/engine/eng_int.h
@@ -127,6 +127,8 @@ ENGINE *engine_table_select(ENGINE_TABLE **table, int nid);
 ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, int l);
 #define engine_table_select(t,n) engine_table_select_tmp(t,n,__FILE__,__LINE__)
 #endif
+typedef void (engine_table_doall_cb)(int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg);
+void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb, void *arg);
 
 /* Internal versions of API functions that have control over locking. These are
  * used between C files when functionality needs to be shared but the caller may
@@ -143,6 +145,11 @@ void engine_set_all_null(ENGINE *e);
 /* NB: Bitwise OR-able values for the "flags" variable in ENGINE are now exposed
  * in engine.h. */
 
+/* Free up dynamically allocated public key methods associated with ENGINE */
+
+void engine_pkey_meths_free(ENGINE *e);
+void engine_pkey_asn1_meths_free(ENGINE *e);
+
 /* This is a structure for storing implementations of various crypto
  * algorithms and functions. */
 struct engine_st
@@ -160,7 +167,10 @@ struct engine_st
         ENGINE_CIPHERS_PTR ciphers;
         /* Digest handling is via this callback */
         ENGINE_DIGESTS_PTR digests;
-
+        /* Public key handling via this callback */
+        ENGINE_PKEY_METHS_PTR pkey_meths;
+        /* ASN1 public key handling via this callback */
+        ENGINE_PKEY_ASN1_METHS_PTR pkey_asn1_meths;
 
         ENGINE_GEN_INT_FUNC_PTR destroy;
 
diff --git a/src/lib/libcrypto/engine/eng_lib.c b/src/lib/libcrypto/engine/eng_lib.c
index 5815b867f4..18a6664645 100644
--- a/src/lib/libcrypto/engine/eng_lib.c
+++ b/src/lib/libcrypto/engine/eng_lib.c
@@ -125,6 +125,9 @@ int engine_free_util(ENGINE *e, int locked)
                 abort();
                 }
 #endif
+        /* Free up any dynamically allocated public key methods */
+        engine_pkey_meths_free(e);
+        engine_pkey_asn1_meths_free(e);
         /* Give the ENGINE a chance to do any structural cleanup corresponding
          * to allocation it did in its constructor (eg. unload error strings) */
         if(e->destroy)
diff --git a/src/lib/libcrypto/engine/eng_list.c b/src/lib/libcrypto/engine/eng_list.c
index bd511944ba..27846edb1e 100644
--- a/src/lib/libcrypto/engine/eng_list.c
+++ b/src/lib/libcrypto/engine/eng_list.c
@@ -336,6 +336,7 @@ static void engine_cpy(ENGINE *dest, const ENGINE *src)
         dest->store_meth = src->store_meth;
         dest->ciphers = src->ciphers;
         dest->digests = src->digests;
+        dest->pkey_meths = src->pkey_meths;
         dest->destroy = src->destroy;
         dest->init = src->init;
         dest->finish = src->finish;
@@ -412,6 +413,7 @@ ENGINE *ENGINE_by_id(const char *id)
                 return iterator;
                 }
 notfound:
+        ENGINE_free(iterator);
         ENGINEerr(ENGINE_F_ENGINE_BY_ID,ENGINE_R_NO_SUCH_ENGINE);
         ERR_add_error_data(2, "id=", id);
         return NULL;
diff --git a/src/lib/libcrypto/engine/eng_openssl.c b/src/lib/libcrypto/engine/eng_openssl.c
index 7c139ae2ef..9abb95cc22 100644
--- a/src/lib/libcrypto/engine/eng_openssl.c
+++ b/src/lib/libcrypto/engine/eng_openssl.c
@@ -238,7 +238,7 @@ static int test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
         return 1;
         }
 static int test_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                      const unsigned char *in, unsigned int inl)
+                      const unsigned char *in, size_t inl)
         {
 #ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER
         fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n");
diff --git a/src/lib/libcrypto/engine/eng_table.c b/src/lib/libcrypto/engine/eng_table.c
index 8879a267d1..4fde948185 100644
--- a/src/lib/libcrypto/engine/eng_table.c
+++ b/src/lib/libcrypto/engine/eng_table.c
@@ -70,12 +70,22 @@ typedef struct st_engine_pile
         int uptodate;
         } ENGINE_PILE;
 
+DECLARE_LHASH_OF(ENGINE_PILE);
+
 /* The type exposed in eng_int.h */
 struct st_engine_table
         {
-        LHASH piles;
+        LHASH_OF(ENGINE_PILE) piles;
         }; /* ENGINE_TABLE */
 
+
+typedef struct st_engine_pile_doall
+        {
+        engine_table_doall_cb *cb;
+        void *arg;
+        } ENGINE_PILE_DOALL;
+        
+
 /* Global flags (ENGINE_TABLE_FLAG_***). */
 static unsigned int table_flags = 0;
 
@@ -84,6 +94,7 @@ unsigned int ENGINE_get_table_flags(void)
         {
         return table_flags;
         }
+
 void ENGINE_set_table_flags(unsigned int flags)
         {
         table_flags = flags;
@@ -94,19 +105,21 @@ static unsigned long engine_pile_hash(const ENGINE_PILE *c)
         {
         return c->nid;
         }
+
 static int engine_pile_cmp(const ENGINE_PILE *a, const ENGINE_PILE *b)
         {
         return a->nid - b->nid;
         }
-static IMPLEMENT_LHASH_HASH_FN(engine_pile_hash, const ENGINE_PILE *)
-static IMPLEMENT_LHASH_COMP_FN(engine_pile_cmp, const ENGINE_PILE *)
+static IMPLEMENT_LHASH_HASH_FN(engine_pile, ENGINE_PILE)
+static IMPLEMENT_LHASH_COMP_FN(engine_pile, ENGINE_PILE)
+
 static int int_table_check(ENGINE_TABLE **t, int create)
         {
-        LHASH *lh;
+        LHASH_OF(ENGINE_PILE) *lh;
+
         if(*t) return 1;
         if(!create) return 0;
-        if((lh = lh_new(LHASH_HASH_FN(engine_pile_hash),
-                        LHASH_COMP_FN(engine_pile_cmp))) == NULL)
+        if((lh = lh_ENGINE_PILE_new()) == NULL)
                 return 0;
         *t = (ENGINE_TABLE *)lh;
         return 1;
@@ -130,7 +143,7 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
         while(num_nids--)
                 {
                 tmplate.nid = *nids;
-                fnd = lh_retrieve(&(*table)->piles, &tmplate);
+                fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate);
                 if(!fnd)
                         {
                         fnd = OPENSSL_malloc(sizeof(ENGINE_PILE));
@@ -144,7 +157,7 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
                                 goto end;
                                 }
                         fnd->funct = NULL;
-                        lh_insert(&(*table)->piles, fnd);
+                        (void)lh_ENGINE_PILE_insert(&(*table)->piles, fnd);
                         }
                 /* A registration shouldn't add duplciate entries */
                 (void)sk_ENGINE_delete_ptr(fnd->sk, e);
@@ -173,7 +186,7 @@ end:
         CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
         return ret;
         }
-static void int_unregister_cb(ENGINE_PILE *pile, ENGINE *e)
+static void int_unregister_cb_doall_arg(ENGINE_PILE *pile, ENGINE *e)
         {
         int n;
         /* Iterate the 'c->sk' stack removing any occurance of 'e' */
@@ -188,31 +201,35 @@ static void int_unregister_cb(ENGINE_PILE *pile, ENGINE *e)
                 pile->funct = NULL;
                 }
         }
-static IMPLEMENT_LHASH_DOALL_ARG_FN(int_unregister_cb,ENGINE_PILE *,ENGINE *)
+static IMPLEMENT_LHASH_DOALL_ARG_FN(int_unregister_cb, ENGINE_PILE, ENGINE)
+
 void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e)
         {
         CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
         if(int_table_check(table, 0))
-                lh_doall_arg(&(*table)->piles,
-                        LHASH_DOALL_ARG_FN(int_unregister_cb), e);
+                lh_ENGINE_PILE_doall_arg(&(*table)->piles,
+                                         LHASH_DOALL_ARG_FN(int_unregister_cb),
+                                         ENGINE, e);
         CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
         }
 
-static void int_cleanup_cb(ENGINE_PILE *p)
+static void int_cleanup_cb_doall(ENGINE_PILE *p)
         {
         sk_ENGINE_free(p->sk);
         if(p->funct)
                 engine_unlocked_finish(p->funct, 0);
         OPENSSL_free(p);
         }
-static IMPLEMENT_LHASH_DOALL_FN(int_cleanup_cb,ENGINE_PILE *)
+static IMPLEMENT_LHASH_DOALL_FN(int_cleanup_cb, ENGINE_PILE)
+
 void engine_table_cleanup(ENGINE_TABLE **table)
         {
         CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
         if(*table)
                 {
-                lh_doall(&(*table)->piles, LHASH_DOALL_FN(int_cleanup_cb));
-                lh_free(&(*table)->piles);
+                lh_ENGINE_PILE_doall(&(*table)->piles,
+                                     LHASH_DOALL_FN(int_cleanup_cb));
+                lh_ENGINE_PILE_free(&(*table)->piles);
                 *table = NULL;
                 }
         CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
@@ -237,12 +254,13 @@ ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, in
 #endif
                 return NULL;
                 }
+        ERR_set_mark();
         CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
         /* Check again inside the lock otherwise we could race against cleanup
          * operations. But don't worry about a fprintf(stderr). */
         if(!int_table_check(table, 0)) goto end;
         tmplate.nid = nid;
-        fnd = lh_retrieve(&(*table)->piles, &tmplate);
+        fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate);
         if(!fnd) goto end;
         if(fnd->funct && engine_unlocked_init(fnd->funct))
                 {
@@ -310,6 +328,24 @@ end:
         CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
         /* Whatever happened, any failed init()s are not failures in this
          * context, so clear our error state. */
-        ERR_clear_error();
+        ERR_pop_to_mark();
         return ret;
         }
+
+/* Table enumeration */
+
+static void int_cb_doall_arg(ENGINE_PILE *pile, ENGINE_PILE_DOALL *dall)
+        {
+        dall->cb(pile->nid, pile->sk, pile->funct, dall->arg);
+        }
+static IMPLEMENT_LHASH_DOALL_ARG_FN(int_cb, ENGINE_PILE,ENGINE_PILE_DOALL)
+
+void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb,
+                                                                void *arg)
+        {
+        ENGINE_PILE_DOALL dall;
+        dall.cb = cb;
+        dall.arg = arg;
+        lh_ENGINE_PILE_doall_arg(&table->piles, LHASH_DOALL_ARG_FN(int_cb),
+                                 ENGINE_PILE_DOALL, &dall);
+        }
diff --git a/src/lib/libcrypto/engine/engine.h b/src/lib/libcrypto/engine/engine.h
index f503595ece..7fbd95f634 100644
--- a/src/lib/libcrypto/engine/engine.h
+++ b/src/lib/libcrypto/engine/engine.h
@@ -88,16 +88,15 @@
 #include <openssl/ecdsa.h>
 #endif
 #include <openssl/rand.h>
-#include <openssl/store.h>
 #include <openssl/ui.h>
 #include <openssl/err.h>
 #endif
 
-#include <openssl/x509.h>
-
 #include <openssl/ossl_typ.h>
 #include <openssl/symhacks.h>
 
+#include <openssl/x509.h>
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -113,6 +112,8 @@ extern "C" {
 #define ENGINE_METHOD_CIPHERS           (unsigned int)0x0040
 #define ENGINE_METHOD_DIGESTS           (unsigned int)0x0080
 #define ENGINE_METHOD_STORE             (unsigned int)0x0100
+#define ENGINE_METHOD_PKEY_METHS        (unsigned int)0x0200
+#define ENGINE_METHOD_PKEY_ASN1_METHS   (unsigned int)0x0400
 /* Obvious all-or-nothing cases. */
 #define ENGINE_METHOD_ALL               (unsigned int)0xFFFF
 #define ENGINE_METHOD_NONE              (unsigned int)0x0000
@@ -297,7 +298,8 @@ typedef int (*ENGINE_SSL_CLIENT_CERT_PTR)(ENGINE *, SSL *ssl,
  * parameter is non-NULL it is set to the size of the returned array. */
 typedef int (*ENGINE_CIPHERS_PTR)(ENGINE *, const EVP_CIPHER **, const int **, int);
 typedef int (*ENGINE_DIGESTS_PTR)(ENGINE *, const EVP_MD **, const int **, int);
-
+typedef int (*ENGINE_PKEY_METHS_PTR)(ENGINE *, EVP_PKEY_METHOD **, const int **, int);
+typedef int (*ENGINE_PKEY_ASN1_METHS_PTR)(ENGINE *, EVP_PKEY_ASN1_METHOD **, const int **, int);
 /* STRUCTURE functions ... all of these functions deal with pointers to ENGINE
  * structures where the pointers have a "structural reference". This means that
  * their reference is to allowed access to the structure but it does not imply
@@ -329,19 +331,20 @@ void ENGINE_load_aep(void);
 void ENGINE_load_atalla(void);
 void ENGINE_load_chil(void);
 void ENGINE_load_cswift(void);
-#ifndef OPENSSL_NO_GMP
-void ENGINE_load_gmp(void);
-#endif
 void ENGINE_load_nuron(void);
 void ENGINE_load_sureware(void);
 void ENGINE_load_ubsec(void);
-#endif
-void ENGINE_load_cryptodev(void);
 void ENGINE_load_padlock(void);
-void ENGINE_load_builtin_engines(void);
-#ifndef OPENSSL_NO_CAPIENG
 void ENGINE_load_capi(void);
+#ifndef OPENSSL_NO_GMP
+void ENGINE_load_gmp(void);
+#endif
+#ifndef OPENSSL_NO_GOST
+void ENGINE_load_gost(void);
+#endif
 #endif
+void ENGINE_load_cryptodev(void);
+void ENGINE_load_builtin_engines(void);
 
 /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
  * "registry" handling. */
@@ -392,6 +395,14 @@ int ENGINE_register_digests(ENGINE *e);
 void ENGINE_unregister_digests(ENGINE *e);
 void ENGINE_register_all_digests(void);
 
+int ENGINE_register_pkey_meths(ENGINE *e);
+void ENGINE_unregister_pkey_meths(ENGINE *e);
+void ENGINE_register_all_pkey_meths(void);
+
+int ENGINE_register_pkey_asn1_meths(ENGINE *e);
+void ENGINE_unregister_pkey_asn1_meths(ENGINE *e);
+void ENGINE_register_all_pkey_asn1_meths(void);
+
 /* These functions register all support from the above categories. Note, use of
  * these functions can result in static linkage of code your application may not
  * need. If you only need a subset of functionality, consider using more
@@ -471,6 +482,8 @@ int ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
                                 ENGINE_SSL_CLIENT_CERT_PTR loadssl_f);
 int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
 int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
+int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f);
+int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f);
 int ENGINE_set_flags(ENGINE *e, int flags);
 int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
 /* These functions allow control over any per-structure ENGINE data. */
@@ -507,8 +520,16 @@ ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
 ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e);
 ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
 ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
+ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e);
+ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e);
 const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
 const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
+const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid);
+const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid);
+const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e,
+                                        const char *str, int len);
+const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe,
+                                        const char *str, int len);
 const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
 int ENGINE_get_flags(const ENGINE *e);
 
@@ -560,6 +581,8 @@ ENGINE *ENGINE_get_default_RAND(void);
  * ciphering or digesting corresponding to "nid". */
 ENGINE *ENGINE_get_cipher_engine(int nid);
 ENGINE *ENGINE_get_digest_engine(int nid);
+ENGINE *ENGINE_get_pkey_meth_engine(int nid);
+ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid);
 
 /* This sets a new default ENGINE structure for performing RSA
  * operations. If the result is non-zero (success) then the ENGINE
@@ -575,6 +598,8 @@ int ENGINE_set_default_DH(ENGINE *e);
 int ENGINE_set_default_RAND(ENGINE *e);
 int ENGINE_set_default_ciphers(ENGINE *e);
 int ENGINE_set_default_digests(ENGINE *e);
+int ENGINE_set_default_pkey_meths(ENGINE *e);
+int ENGINE_set_default_pkey_asn1_meths(ENGINE *e);
 
 /* The combination "set" - the flags are bitwise "OR"d from the
  * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()"
@@ -703,7 +728,7 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
  * values. */
 void *ENGINE_get_static_state(void);
 
-#if defined(__OpenBSD__) || defined(__FreeBSD__)
+#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
 void ENGINE_setup_bsd_cryptodev(void);
 #endif
 
@@ -732,13 +757,15 @@ void ERR_load_ENGINE_strings(void);
 #define ENGINE_F_ENGINE_GET_DEFAULT_TYPE                 177
 #define ENGINE_F_ENGINE_GET_DIGEST                       186
 #define ENGINE_F_ENGINE_GET_NEXT                         115
+#define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH               193
+#define ENGINE_F_ENGINE_GET_PKEY_METH                    192
 #define ENGINE_F_ENGINE_GET_PREV                         116
 #define ENGINE_F_ENGINE_INIT                             119
 #define ENGINE_F_ENGINE_LIST_ADD                         120
 #define ENGINE_F_ENGINE_LIST_REMOVE                      121
 #define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY                 150
 #define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY                  151
-#define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT             192
+#define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT             194
 #define ENGINE_F_ENGINE_NEW                              122
 #define ENGINE_F_ENGINE_REMOVE                           123
 #define ENGINE_F_ENGINE_SET_DEFAULT_STRING               189
@@ -767,6 +794,7 @@ void ERR_load_ENGINE_strings(void);
 #define ENGINE_R_DSO_FAILURE                             104
 #define ENGINE_R_DSO_NOT_FOUND                           132
 #define ENGINE_R_ENGINES_SECTION_ERROR                   148
+#define ENGINE_R_ENGINE_CONFIGURATION_ERROR              102
 #define ENGINE_R_ENGINE_IS_NOT_IN_LIST                   105
 #define ENGINE_R_ENGINE_SECTION_ERROR                    149
 #define ENGINE_R_FAILED_LOADING_PRIVATE_KEY              128
@@ -793,6 +821,7 @@ void ERR_load_ENGINE_strings(void);
 #define ENGINE_R_RSA_NOT_IMPLEMENTED                     141
 #define ENGINE_R_UNIMPLEMENTED_CIPHER                    146
 #define ENGINE_R_UNIMPLEMENTED_DIGEST                    147
+#define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD         101
 #define ENGINE_R_VERSION_INCOMPATIBILITY                 145
 
 #ifdef  __cplusplus
diff --git a/src/lib/libcrypto/engine/tb_asnmth.c b/src/lib/libcrypto/engine/tb_asnmth.c
new file mode 100644
index 0000000000..75090339f7
--- /dev/null
+++ b/src/lib/libcrypto/engine/tb_asnmth.c
@@ -0,0 +1,246 @@
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "eng_int.h"
+#include "asn1_locl.h"
+#include <openssl/evp.h>
+
+/* If this symbol is defined then ENGINE_get_pkey_asn1_meth_engine(), the
+ * function that is used by EVP to hook in pkey_asn1_meth code and cache
+ * defaults (etc), will display brief debugging summaries to stderr with the
+ * 'nid'. */
+/* #define ENGINE_PKEY_ASN1_METH_DEBUG */
+
+static ENGINE_TABLE *pkey_asn1_meth_table = NULL;
+
+void ENGINE_unregister_pkey_asn1_meths(ENGINE *e)
+        {
+        engine_table_unregister(&pkey_asn1_meth_table, e);
+        }
+
+static void engine_unregister_all_pkey_asn1_meths(void)
+        {
+        engine_table_cleanup(&pkey_asn1_meth_table);
+        }
+
+int ENGINE_register_pkey_asn1_meths(ENGINE *e)
+        {
+        if(e->pkey_asn1_meths)
+                {
+                const int *nids;
+                int num_nids = e->pkey_asn1_meths(e, NULL, &nids, 0);
+                if(num_nids > 0)
+                        return engine_table_register(&pkey_asn1_meth_table,
+                                engine_unregister_all_pkey_asn1_meths, e, nids,
+                                        num_nids, 0);
+                }
+        return 1;
+        }
+
+void ENGINE_register_all_pkey_asn1_meths(void)
+        {
+        ENGINE *e;
+
+        for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
+                ENGINE_register_pkey_asn1_meths(e);
+        }
+
+int ENGINE_set_default_pkey_asn1_meths(ENGINE *e)
+        {
+        if(e->pkey_asn1_meths)
+                {
+                const int *nids;
+                int num_nids = e->pkey_asn1_meths(e, NULL, &nids, 0);
+                if(num_nids > 0)
+                        return engine_table_register(&pkey_asn1_meth_table,
+                                engine_unregister_all_pkey_asn1_meths, e, nids,
+                                        num_nids, 1);
+                }
+        return 1;
+        }
+
+/* Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references) for a given pkey_asn1_meth 'nid' */
+ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid)
+        {
+        return engine_table_select(&pkey_asn1_meth_table, nid);
+        }
+
+/* Obtains a pkey_asn1_meth implementation from an ENGINE functional reference */
+const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid)
+        {
+        EVP_PKEY_ASN1_METHOD *ret;
+        ENGINE_PKEY_ASN1_METHS_PTR fn = ENGINE_get_pkey_asn1_meths(e);
+        if(!fn || !fn(e, &ret, NULL, nid))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_GET_PKEY_ASN1_METH,
+                                ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD);
+                return NULL;
+                }
+        return ret;
+        }
+
+/* Gets the pkey_asn1_meth callback from an ENGINE structure */
+ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e)
+        {
+        return e->pkey_asn1_meths;
+        }
+
+/* Sets the pkey_asn1_meth callback in an ENGINE structure */
+int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f)
+        {
+        e->pkey_asn1_meths = f;
+        return 1;
+        }
+
+/* Internal function to free up EVP_PKEY_ASN1_METHOD structures before an
+ * ENGINE is destroyed
+ */
+
+void engine_pkey_asn1_meths_free(ENGINE *e)
+        {
+        int i;
+        EVP_PKEY_ASN1_METHOD *pkm;
+        if (e->pkey_asn1_meths)
+                {
+                const int *pknids;
+                int npknids;
+                npknids = e->pkey_asn1_meths(e, NULL, &pknids, 0);
+                for (i = 0; i < npknids; i++)
+                        {
+                        if (e->pkey_asn1_meths(e, &pkm, NULL, pknids[i]))
+                                {
+                                EVP_PKEY_asn1_free(pkm);
+                                }
+                        }
+                }
+        }
+
+/* Find a method based on a string. This does a linear search through
+ * all implemented algorithms. This is OK in practice because only
+ * a small number of algorithms are likely to be implemented in an engine
+ * and it is not used for speed critical operations.
+ */
+
+const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e,
+                                        const char *str, int len)
+        {
+        int i, nidcount;
+        const int *nids;
+        EVP_PKEY_ASN1_METHOD *ameth;
+        if (!e->pkey_asn1_meths)
+                return NULL;
+        if (len == -1)
+                len = strlen(str);
+        nidcount = e->pkey_asn1_meths(e, NULL, &nids, 0);
+        for (i = 0; i < nidcount; i++)
+                {
+                e->pkey_asn1_meths(e, &ameth, NULL, nids[i]);
+                if (((int)strlen(ameth->pem_str) == len) && 
+                                        !strncasecmp(ameth->pem_str, str, len))
+                        return ameth;
+                }
+        return NULL;
+        }
+
+typedef struct 
+        {
+        ENGINE *e;
+        const EVP_PKEY_ASN1_METHOD *ameth;
+        const char *str;
+        int len;
+        } ENGINE_FIND_STR;
+
+static void look_str_cb(int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg)
+        {
+        ENGINE_FIND_STR *lk = arg;
+        int i;
+        if (lk->ameth)
+                return;
+        for (i = 0; i < sk_ENGINE_num(sk); i++)
+                {
+                ENGINE *e = sk_ENGINE_value(sk, i);
+                EVP_PKEY_ASN1_METHOD *ameth;
+                e->pkey_asn1_meths(e, &ameth, NULL, nid);
+                if (((int)strlen(ameth->pem_str) == lk->len) && 
+                                !strncasecmp(ameth->pem_str, lk->str, lk->len))
+                        {
+                        lk->e = e;
+                        lk->ameth = ameth;
+                        return;
+                        }
+                }
+        }
+
+const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe,
+                                        const char *str, int len)
+        {
+        ENGINE_FIND_STR fstr;
+        fstr.e = NULL;
+        fstr.ameth = NULL;
+        fstr.str = str;
+        fstr.len = len;
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        engine_table_doall(pkey_asn1_meth_table, look_str_cb, &fstr);
+        /* If found obtain a structural reference to engine */
+        if (fstr.e)
+                {
+                fstr.e->struct_ref++;
+                engine_ref_debug(fstr.e, 0, 1)
+                }
+        *pe = fstr.e;
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        return fstr.ameth;
+        }
diff --git a/src/lib/libcrypto/engine/tb_pkmeth.c b/src/lib/libcrypto/engine/tb_pkmeth.c
new file mode 100644
index 0000000000..1cdb967f25
--- /dev/null
+++ b/src/lib/libcrypto/engine/tb_pkmeth.c
@@ -0,0 +1,167 @@
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "eng_int.h"
+#include <openssl/evp.h>
+
+/* If this symbol is defined then ENGINE_get_pkey_meth_engine(), the function
+ * that is used by EVP to hook in pkey_meth code and cache defaults (etc), will
+ * display brief debugging summaries to stderr with the 'nid'. */
+/* #define ENGINE_PKEY_METH_DEBUG */
+
+static ENGINE_TABLE *pkey_meth_table = NULL;
+
+void ENGINE_unregister_pkey_meths(ENGINE *e)
+        {
+        engine_table_unregister(&pkey_meth_table, e);
+        }
+
+static void engine_unregister_all_pkey_meths(void)
+        {
+        engine_table_cleanup(&pkey_meth_table);
+        }
+
+int ENGINE_register_pkey_meths(ENGINE *e)
+        {
+        if(e->pkey_meths)
+                {
+                const int *nids;
+                int num_nids = e->pkey_meths(e, NULL, &nids, 0);
+                if(num_nids > 0)
+                        return engine_table_register(&pkey_meth_table,
+                                engine_unregister_all_pkey_meths, e, nids,
+                                        num_nids, 0);
+                }
+        return 1;
+        }
+
+void ENGINE_register_all_pkey_meths()
+        {
+        ENGINE *e;
+
+        for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
+                ENGINE_register_pkey_meths(e);
+        }
+
+int ENGINE_set_default_pkey_meths(ENGINE *e)
+        {
+        if(e->pkey_meths)
+                {
+                const int *nids;
+                int num_nids = e->pkey_meths(e, NULL, &nids, 0);
+                if(num_nids > 0)
+                        return engine_table_register(&pkey_meth_table,
+                                engine_unregister_all_pkey_meths, e, nids,
+                                        num_nids, 1);
+                }
+        return 1;
+        }
+
+/* Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references) for a given pkey_meth 'nid' */
+ENGINE *ENGINE_get_pkey_meth_engine(int nid)
+        {
+        return engine_table_select(&pkey_meth_table, nid);
+        }
+
+/* Obtains a pkey_meth implementation from an ENGINE functional reference */
+const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid)
+        {
+        EVP_PKEY_METHOD *ret;
+        ENGINE_PKEY_METHS_PTR fn = ENGINE_get_pkey_meths(e);
+        if(!fn || !fn(e, &ret, NULL, nid))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_GET_PKEY_METH,
+                                ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD);
+                return NULL;
+                }
+        return ret;
+        }
+
+/* Gets the pkey_meth callback from an ENGINE structure */
+ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e)
+        {
+        return e->pkey_meths;
+        }
+
+/* Sets the pkey_meth callback in an ENGINE structure */
+int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f)
+        {
+        e->pkey_meths = f;
+        return 1;
+        }
+
+/* Internal function to free up EVP_PKEY_METHOD structures before an
+ * ENGINE is destroyed
+ */
+
+void engine_pkey_meths_free(ENGINE *e)
+        {
+        int i;
+        EVP_PKEY_METHOD *pkm;
+        if (e->pkey_meths)
+                {
+                const int *pknids;
+                int npknids;
+                npknids = e->pkey_meths(e, NULL, &pknids, 0);
+                for (i = 0; i < npknids; i++)
+                        {
+                        if (e->pkey_meths(e, &pkm, NULL, pknids[i]))
+                                {
+                                EVP_PKEY_meth_free(pkm);
+                                }
+                        }
+                }
+        }