39 files changed, 13768 insertions, 83 deletions

diff --git a/src/lib/libcrypto/engine/Makefile b/src/lib/libcrypto/engine/Makefile
new file mode 100644
index 0000000000..38f83f1654
--- /dev/null
+++ b/src/lib/libcrypto/engine/Makefile
@@ -0,0 +1,536 @@
+#
+# OpenSSL/crypto/engine/Makefile
+#
+
+DIR=    engine
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST= enginetest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \
+        eng_table.c eng_pkey.c eng_fat.c eng_all.c \
+        tb_rsa.c tb_dsa.c tb_dh.c tb_rand.c tb_cipher.c tb_digest.c \
+        eng_openssl.c eng_dyn.c eng_cnf.c \
+        hw_atalla.c hw_cswift.c hw_ncipher.c hw_nuron.c hw_ubsec.c \
+        hw_cryptodev.c hw_aep.c hw_sureware.c hw_4758_cca.c
+LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \
+        eng_table.o eng_pkey.o eng_fat.o eng_all.o \
+        tb_rsa.o tb_dsa.o tb_dh.o tb_rand.o tb_cipher.o tb_digest.o \
+        eng_openssl.o eng_dyn.o eng_cnf.o \
+        hw_atalla.o hw_cswift.o hw_ncipher.o hw_nuron.o hw_ubsec.o \
+        hw_cryptodev.o hw_aep.o hw_sureware.o hw_4758_cca.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= engine.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+errors:
+        $(PERL) $(TOP)/util/mkerr.pl -conf hw.ec \
+                -nostatic -staticloader -write hw_*.c
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+eng_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+eng_all.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+eng_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_all.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_all.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+eng_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+eng_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+eng_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_all.o: ../../include/openssl/ui.h eng_all.c eng_int.h
+eng_cnf.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_cnf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_cnf.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+eng_cnf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+eng_cnf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+eng_cnf.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_cnf.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+eng_cnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_cnf.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_cnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_cnf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_cnf.o: ../cryptlib.h eng_cnf.c
+eng_ctrl.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_ctrl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_ctrl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_ctrl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_ctrl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_ctrl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_ctrl.o: ../../include/openssl/opensslconf.h
+eng_ctrl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_ctrl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_ctrl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_ctrl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_ctrl.o: ../cryptlib.h eng_ctrl.c eng_int.h
+eng_dyn.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_dyn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_dyn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_dyn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_dyn.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+eng_dyn.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_dyn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+eng_dyn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_dyn.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_dyn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_dyn.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_dyn.o: ../cryptlib.h eng_dyn.c eng_int.h
+eng_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+eng_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+eng_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_err.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+eng_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+eng_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+eng_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_err.o: ../../include/openssl/ui.h eng_err.c
+eng_fat.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_fat.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_fat.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+eng_fat.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+eng_fat.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+eng_fat.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_fat.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+eng_fat.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_fat.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_fat.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_fat.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_fat.o: ../cryptlib.h eng_fat.c eng_int.h
+eng_init.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_init.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_init.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_init.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_init.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_init.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_init.o: ../../include/openssl/opensslconf.h
+eng_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_init.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_init.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_init.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_init.o: ../cryptlib.h eng_init.c eng_int.h
+eng_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+eng_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+eng_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+eng_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_lib.o: ../../include/openssl/ui.h ../cryptlib.h eng_int.h eng_lib.c
+eng_list.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_list.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_list.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_list.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_list.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_list.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_list.o: ../../include/openssl/opensslconf.h
+eng_list.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_list.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_list.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_list.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_list.o: ../cryptlib.h eng_int.h eng_list.c
+eng_openssl.o: ../../e_os.h ../../include/openssl/aes.h
+eng_openssl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+eng_openssl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+eng_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+eng_openssl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+eng_openssl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+eng_openssl.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+eng_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_openssl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+eng_openssl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+eng_openssl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+eng_openssl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+eng_openssl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+eng_openssl.o: ../../include/openssl/opensslconf.h
+eng_openssl.o: ../../include/openssl/opensslv.h
+eng_openssl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+eng_openssl.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+eng_openssl.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+eng_openssl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+eng_openssl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+eng_openssl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+eng_openssl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_openssl.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+eng_openssl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+eng_openssl.o: ../cryptlib.h eng_openssl.c
+eng_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_pkey.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_pkey.o: ../../include/openssl/opensslconf.h
+eng_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_pkey.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_pkey.o: ../cryptlib.h eng_int.h eng_pkey.c
+eng_table.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+eng_table.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+eng_table.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+eng_table.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+eng_table.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+eng_table.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+eng_table.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_table.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+eng_table.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+eng_table.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+eng_table.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+eng_table.o: ../../include/openssl/objects.h
+eng_table.o: ../../include/openssl/opensslconf.h
+eng_table.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_table.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+eng_table.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+eng_table.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+eng_table.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+eng_table.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_table.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+eng_table.o: eng_int.h eng_table.c
+hw_4758_cca.o: ../../e_os.h ../../include/openssl/aes.h
+hw_4758_cca.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hw_4758_cca.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+hw_4758_cca.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+hw_4758_cca.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+hw_4758_cca.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+hw_4758_cca.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+hw_4758_cca.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+hw_4758_cca.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+hw_4758_cca.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+hw_4758_cca.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+hw_4758_cca.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hw_4758_cca.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hw_4758_cca.o: ../../include/openssl/opensslconf.h
+hw_4758_cca.o: ../../include/openssl/opensslv.h
+hw_4758_cca.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+hw_4758_cca.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+hw_4758_cca.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+hw_4758_cca.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+hw_4758_cca.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+hw_4758_cca.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+hw_4758_cca.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+hw_4758_cca.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+hw_4758_cca.o: ../cryptlib.h hw_4758_cca.c hw_4758_cca_err.c hw_4758_cca_err.h
+hw_4758_cca.o: vendor_defns/hw_4758_cca.h
+hw_aep.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hw_aep.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+hw_aep.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+hw_aep.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+hw_aep.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+hw_aep.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+hw_aep.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+hw_aep.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+hw_aep.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+hw_aep.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+hw_aep.o: ../../include/openssl/ui.h hw_aep.c hw_aep_err.c hw_aep_err.h
+hw_aep.o: vendor_defns/aep.h
+hw_atalla.o: ../../e_os.h ../../include/openssl/asn1.h
+hw_atalla.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+hw_atalla.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+hw_atalla.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hw_atalla.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+hw_atalla.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+hw_atalla.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+hw_atalla.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hw_atalla.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+hw_atalla.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+hw_atalla.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+hw_atalla.o: ../cryptlib.h hw_atalla.c hw_atalla_err.c hw_atalla_err.h
+hw_atalla.o: vendor_defns/atalla.h
+hw_cryptodev.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+hw_cryptodev.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+hw_cryptodev.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+hw_cryptodev.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+hw_cryptodev.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+hw_cryptodev.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+hw_cryptodev.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+hw_cryptodev.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+hw_cryptodev.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+hw_cryptodev.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+hw_cryptodev.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+hw_cryptodev.o: ../../include/openssl/objects.h
+hw_cryptodev.o: ../../include/openssl/opensslconf.h
+hw_cryptodev.o: ../../include/openssl/opensslv.h
+hw_cryptodev.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+hw_cryptodev.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+hw_cryptodev.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+hw_cryptodev.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+hw_cryptodev.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+hw_cryptodev.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+hw_cryptodev.o: ../../include/openssl/ui_compat.h hw_cryptodev.c
+hw_cswift.o: ../../e_os.h ../../include/openssl/asn1.h
+hw_cswift.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+hw_cswift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+hw_cswift.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hw_cswift.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+hw_cswift.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+hw_cswift.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+hw_cswift.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hw_cswift.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+hw_cswift.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+hw_cswift.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+hw_cswift.o: ../cryptlib.h hw_cswift.c hw_cswift_err.c hw_cswift_err.h
+hw_cswift.o: vendor_defns/cswift.h
+hw_ncipher.o: ../../e_os.h ../../include/openssl/aes.h
+hw_ncipher.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hw_ncipher.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+hw_ncipher.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+hw_ncipher.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+hw_ncipher.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+hw_ncipher.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+hw_ncipher.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+hw_ncipher.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+hw_ncipher.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+hw_ncipher.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+hw_ncipher.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hw_ncipher.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hw_ncipher.o: ../../include/openssl/opensslconf.h
+hw_ncipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hw_ncipher.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+hw_ncipher.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+hw_ncipher.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+hw_ncipher.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+hw_ncipher.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+hw_ncipher.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+hw_ncipher.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+hw_ncipher.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+hw_ncipher.o: ../../include/openssl/x509_vfy.h ../cryptlib.h hw_ncipher.c
+hw_ncipher.o: hw_ncipher_err.c hw_ncipher_err.h vendor_defns/hwcryptohook.h
+hw_nuron.o: ../../e_os.h ../../include/openssl/asn1.h
+hw_nuron.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+hw_nuron.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+hw_nuron.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hw_nuron.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+hw_nuron.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+hw_nuron.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+hw_nuron.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hw_nuron.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+hw_nuron.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+hw_nuron.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+hw_nuron.o: ../cryptlib.h hw_nuron.c hw_nuron_err.c hw_nuron_err.h
+hw_sureware.o: ../../e_os.h ../../include/openssl/aes.h
+hw_sureware.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hw_sureware.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+hw_sureware.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+hw_sureware.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+hw_sureware.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+hw_sureware.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+hw_sureware.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+hw_sureware.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+hw_sureware.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+hw_sureware.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+hw_sureware.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hw_sureware.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hw_sureware.o: ../../include/openssl/opensslconf.h
+hw_sureware.o: ../../include/openssl/opensslv.h
+hw_sureware.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+hw_sureware.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+hw_sureware.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+hw_sureware.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+hw_sureware.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+hw_sureware.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+hw_sureware.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+hw_sureware.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+hw_sureware.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+hw_sureware.o: ../cryptlib.h eng_int.h engine.h hw_sureware.c hw_sureware_err.c
+hw_sureware.o: hw_sureware_err.h vendor_defns/sureware.h
+hw_ubsec.o: ../../e_os.h ../../include/openssl/asn1.h
+hw_ubsec.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+hw_ubsec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+hw_ubsec.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hw_ubsec.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+hw_ubsec.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+hw_ubsec.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+hw_ubsec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hw_ubsec.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+hw_ubsec.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+hw_ubsec.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+hw_ubsec.o: ../cryptlib.h hw_ubsec.c hw_ubsec_err.c hw_ubsec_err.h
+hw_ubsec.o: vendor_defns/hw_ubsec.h
+tb_cipher.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_cipher.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_cipher.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_cipher.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_cipher.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_cipher.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_cipher.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_cipher.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+tb_cipher.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+tb_cipher.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+tb_cipher.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+tb_cipher.o: ../../include/openssl/objects.h
+tb_cipher.o: ../../include/openssl/opensslconf.h
+tb_cipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_cipher.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_cipher.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_cipher.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_cipher.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_cipher.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_cipher.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+tb_cipher.o: eng_int.h tb_cipher.c
+tb_dh.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_dh.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_dh.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_dh.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_dh.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_dh.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_dh.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_dh.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+tb_dh.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+tb_dh.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+tb_dh.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+tb_dh.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_dh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_dh.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_dh.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_dh.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_dh.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_dh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_dh.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h eng_int.h
+tb_dh.o: tb_dh.c
+tb_digest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_digest.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_digest.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_digest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_digest.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_digest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_digest.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_digest.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+tb_digest.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+tb_digest.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+tb_digest.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+tb_digest.o: ../../include/openssl/objects.h
+tb_digest.o: ../../include/openssl/opensslconf.h
+tb_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_digest.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_digest.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_digest.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_digest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_digest.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+tb_digest.o: eng_int.h tb_digest.c
+tb_dsa.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_dsa.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_dsa.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_dsa.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_dsa.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_dsa.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_dsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_dsa.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+tb_dsa.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+tb_dsa.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+tb_dsa.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+tb_dsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_dsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_dsa.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_dsa.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_dsa.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_dsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_dsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_dsa.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+tb_dsa.o: eng_int.h tb_dsa.c
+tb_rand.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_rand.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_rand.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_rand.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_rand.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_rand.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_rand.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_rand.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+tb_rand.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+tb_rand.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+tb_rand.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+tb_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_rand.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_rand.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_rand.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_rand.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+tb_rand.o: eng_int.h tb_rand.c
+tb_rsa.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_rsa.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_rsa.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_rsa.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_rsa.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_rsa.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_rsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_rsa.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+tb_rsa.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+tb_rsa.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+tb_rsa.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+tb_rsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_rsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_rsa.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_rsa.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_rsa.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_rsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_rsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_rsa.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+tb_rsa.o: eng_int.h tb_rsa.c
diff --git a/src/lib/libcrypto/engine/Makefile.ssl b/src/lib/libcrypto/engine/Makefile.ssl
new file mode 100644
index 0000000000..30a4446ff9
--- /dev/null
+++ b/src/lib/libcrypto/engine/Makefile.ssl
@@ -0,0 +1,538 @@
+#
+# OpenSSL/crypto/engine/Makefile
+#
+
+DIR=    engine
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST= enginetest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \
+        eng_table.c eng_pkey.c eng_fat.c eng_all.c \
+        tb_rsa.c tb_dsa.c tb_dh.c tb_rand.c tb_cipher.c tb_digest.c \
+        eng_openssl.c eng_dyn.c eng_cnf.c \
+        hw_atalla.c hw_cswift.c hw_ncipher.c hw_nuron.c hw_ubsec.c \
+        hw_cryptodev.c hw_aep.c hw_sureware.c hw_4758_cca.c
+LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \
+        eng_table.o eng_pkey.o eng_fat.o eng_all.o \
+        tb_rsa.o tb_dsa.o tb_dh.o tb_rand.o tb_cipher.o tb_digest.o \
+        eng_openssl.o eng_dyn.o eng_cnf.o \
+        hw_atalla.o hw_cswift.o hw_ncipher.o hw_nuron.o hw_ubsec.o \
+        hw_cryptodev.o hw_aep.o hw_sureware.o hw_4758_cca.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= engine.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+errors:
+        $(PERL) $(TOP)/util/mkerr.pl -conf hw.ec \
+                -nostatic -staticloader -write hw_*.c
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+eng_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+eng_all.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+eng_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_all.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_all.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+eng_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+eng_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+eng_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_all.o: ../../include/openssl/ui.h eng_all.c eng_int.h
+eng_cnf.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_cnf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_cnf.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+eng_cnf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+eng_cnf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+eng_cnf.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_cnf.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+eng_cnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_cnf.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_cnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_cnf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_cnf.o: ../cryptlib.h eng_cnf.c
+eng_ctrl.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_ctrl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_ctrl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_ctrl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_ctrl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_ctrl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_ctrl.o: ../../include/openssl/opensslconf.h
+eng_ctrl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_ctrl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_ctrl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_ctrl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_ctrl.o: ../cryptlib.h eng_ctrl.c eng_int.h
+eng_dyn.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_dyn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_dyn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_dyn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_dyn.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+eng_dyn.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_dyn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+eng_dyn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_dyn.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_dyn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_dyn.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_dyn.o: ../cryptlib.h eng_dyn.c eng_int.h
+eng_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+eng_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+eng_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_err.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+eng_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+eng_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+eng_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_err.o: ../../include/openssl/ui.h eng_err.c
+eng_fat.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_fat.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_fat.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+eng_fat.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+eng_fat.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+eng_fat.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_fat.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+eng_fat.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_fat.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_fat.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_fat.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_fat.o: ../cryptlib.h eng_fat.c eng_int.h
+eng_init.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_init.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_init.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_init.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_init.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_init.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_init.o: ../../include/openssl/opensslconf.h
+eng_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_init.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_init.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_init.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_init.o: ../cryptlib.h eng_init.c eng_int.h
+eng_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+eng_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+eng_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+eng_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_lib.o: ../../include/openssl/ui.h ../cryptlib.h eng_int.h eng_lib.c
+eng_list.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_list.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_list.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_list.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_list.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_list.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_list.o: ../../include/openssl/opensslconf.h
+eng_list.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_list.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_list.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_list.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_list.o: ../cryptlib.h eng_int.h eng_list.c
+eng_openssl.o: ../../e_os.h ../../include/openssl/aes.h
+eng_openssl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+eng_openssl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+eng_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+eng_openssl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+eng_openssl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+eng_openssl.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+eng_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_openssl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+eng_openssl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+eng_openssl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+eng_openssl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+eng_openssl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+eng_openssl.o: ../../include/openssl/opensslconf.h
+eng_openssl.o: ../../include/openssl/opensslv.h
+eng_openssl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+eng_openssl.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+eng_openssl.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+eng_openssl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+eng_openssl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+eng_openssl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+eng_openssl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_openssl.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+eng_openssl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+eng_openssl.o: ../cryptlib.h eng_openssl.c
+eng_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_pkey.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_pkey.o: ../../include/openssl/opensslconf.h
+eng_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_pkey.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_pkey.o: ../cryptlib.h eng_int.h eng_pkey.c
+eng_table.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+eng_table.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+eng_table.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+eng_table.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+eng_table.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+eng_table.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+eng_table.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_table.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+eng_table.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+eng_table.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+eng_table.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+eng_table.o: ../../include/openssl/objects.h
+eng_table.o: ../../include/openssl/opensslconf.h
+eng_table.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_table.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+eng_table.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+eng_table.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+eng_table.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+eng_table.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_table.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+eng_table.o: eng_int.h eng_table.c
+hw_4758_cca.o: ../../e_os.h ../../include/openssl/aes.h
+hw_4758_cca.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hw_4758_cca.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+hw_4758_cca.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+hw_4758_cca.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+hw_4758_cca.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+hw_4758_cca.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+hw_4758_cca.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+hw_4758_cca.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+hw_4758_cca.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+hw_4758_cca.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+hw_4758_cca.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hw_4758_cca.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hw_4758_cca.o: ../../include/openssl/opensslconf.h
+hw_4758_cca.o: ../../include/openssl/opensslv.h
+hw_4758_cca.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+hw_4758_cca.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+hw_4758_cca.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+hw_4758_cca.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+hw_4758_cca.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+hw_4758_cca.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+hw_4758_cca.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+hw_4758_cca.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+hw_4758_cca.o: ../cryptlib.h hw_4758_cca.c hw_4758_cca_err.c hw_4758_cca_err.h
+hw_4758_cca.o: vendor_defns/hw_4758_cca.h
+hw_aep.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hw_aep.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+hw_aep.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+hw_aep.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+hw_aep.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+hw_aep.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+hw_aep.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+hw_aep.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+hw_aep.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+hw_aep.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+hw_aep.o: ../../include/openssl/ui.h hw_aep.c hw_aep_err.c hw_aep_err.h
+hw_aep.o: vendor_defns/aep.h
+hw_atalla.o: ../../e_os.h ../../include/openssl/asn1.h
+hw_atalla.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+hw_atalla.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+hw_atalla.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hw_atalla.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+hw_atalla.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+hw_atalla.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+hw_atalla.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hw_atalla.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+hw_atalla.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+hw_atalla.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+hw_atalla.o: ../cryptlib.h hw_atalla.c hw_atalla_err.c hw_atalla_err.h
+hw_atalla.o: vendor_defns/atalla.h
+hw_cryptodev.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+hw_cryptodev.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+hw_cryptodev.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+hw_cryptodev.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+hw_cryptodev.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+hw_cryptodev.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+hw_cryptodev.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+hw_cryptodev.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+hw_cryptodev.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+hw_cryptodev.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+hw_cryptodev.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+hw_cryptodev.o: ../../include/openssl/objects.h
+hw_cryptodev.o: ../../include/openssl/opensslconf.h
+hw_cryptodev.o: ../../include/openssl/opensslv.h
+hw_cryptodev.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+hw_cryptodev.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+hw_cryptodev.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+hw_cryptodev.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+hw_cryptodev.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+hw_cryptodev.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+hw_cryptodev.o: ../../include/openssl/ui_compat.h hw_cryptodev.c
+hw_cswift.o: ../../e_os.h ../../include/openssl/asn1.h
+hw_cswift.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+hw_cswift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+hw_cswift.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hw_cswift.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+hw_cswift.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+hw_cswift.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+hw_cswift.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hw_cswift.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+hw_cswift.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+hw_cswift.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+hw_cswift.o: ../cryptlib.h hw_cswift.c hw_cswift_err.c hw_cswift_err.h
+hw_cswift.o: vendor_defns/cswift.h
+hw_ncipher.o: ../../e_os.h ../../include/openssl/aes.h
+hw_ncipher.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hw_ncipher.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+hw_ncipher.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+hw_ncipher.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+hw_ncipher.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+hw_ncipher.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+hw_ncipher.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+hw_ncipher.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+hw_ncipher.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+hw_ncipher.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+hw_ncipher.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hw_ncipher.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hw_ncipher.o: ../../include/openssl/opensslconf.h
+hw_ncipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hw_ncipher.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+hw_ncipher.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+hw_ncipher.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+hw_ncipher.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+hw_ncipher.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+hw_ncipher.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+hw_ncipher.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+hw_ncipher.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+hw_ncipher.o: ../../include/openssl/x509_vfy.h ../cryptlib.h hw_ncipher.c
+hw_ncipher.o: hw_ncipher_err.c hw_ncipher_err.h vendor_defns/hwcryptohook.h
+hw_nuron.o: ../../e_os.h ../../include/openssl/asn1.h
+hw_nuron.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+hw_nuron.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+hw_nuron.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hw_nuron.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+hw_nuron.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+hw_nuron.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+hw_nuron.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hw_nuron.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+hw_nuron.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+hw_nuron.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+hw_nuron.o: ../cryptlib.h hw_nuron.c hw_nuron_err.c hw_nuron_err.h
+hw_sureware.o: ../../e_os.h ../../include/openssl/aes.h
+hw_sureware.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hw_sureware.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+hw_sureware.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+hw_sureware.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+hw_sureware.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+hw_sureware.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+hw_sureware.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+hw_sureware.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+hw_sureware.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+hw_sureware.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+hw_sureware.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hw_sureware.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hw_sureware.o: ../../include/openssl/opensslconf.h
+hw_sureware.o: ../../include/openssl/opensslv.h
+hw_sureware.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+hw_sureware.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+hw_sureware.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+hw_sureware.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+hw_sureware.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+hw_sureware.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+hw_sureware.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+hw_sureware.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+hw_sureware.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+hw_sureware.o: ../cryptlib.h eng_int.h engine.h hw_sureware.c hw_sureware_err.c
+hw_sureware.o: hw_sureware_err.h vendor_defns/sureware.h
+hw_ubsec.o: ../../e_os.h ../../include/openssl/asn1.h
+hw_ubsec.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+hw_ubsec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+hw_ubsec.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hw_ubsec.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+hw_ubsec.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+hw_ubsec.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+hw_ubsec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hw_ubsec.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+hw_ubsec.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+hw_ubsec.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+hw_ubsec.o: ../cryptlib.h hw_ubsec.c hw_ubsec_err.c hw_ubsec_err.h
+hw_ubsec.o: vendor_defns/hw_ubsec.h
+tb_cipher.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_cipher.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_cipher.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_cipher.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_cipher.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_cipher.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_cipher.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_cipher.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+tb_cipher.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+tb_cipher.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+tb_cipher.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+tb_cipher.o: ../../include/openssl/objects.h
+tb_cipher.o: ../../include/openssl/opensslconf.h
+tb_cipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_cipher.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_cipher.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_cipher.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_cipher.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_cipher.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_cipher.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+tb_cipher.o: eng_int.h tb_cipher.c
+tb_dh.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_dh.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_dh.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_dh.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_dh.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_dh.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_dh.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_dh.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+tb_dh.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+tb_dh.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+tb_dh.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+tb_dh.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_dh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_dh.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_dh.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_dh.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_dh.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_dh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_dh.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h eng_int.h
+tb_dh.o: tb_dh.c
+tb_digest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_digest.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_digest.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_digest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_digest.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_digest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_digest.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_digest.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+tb_digest.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+tb_digest.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+tb_digest.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+tb_digest.o: ../../include/openssl/objects.h
+tb_digest.o: ../../include/openssl/opensslconf.h
+tb_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_digest.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_digest.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_digest.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_digest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_digest.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+tb_digest.o: eng_int.h tb_digest.c
+tb_dsa.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_dsa.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_dsa.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_dsa.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_dsa.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_dsa.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_dsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_dsa.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+tb_dsa.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+tb_dsa.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+tb_dsa.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+tb_dsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_dsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_dsa.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_dsa.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_dsa.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_dsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_dsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_dsa.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+tb_dsa.o: eng_int.h tb_dsa.c
+tb_rand.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_rand.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_rand.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_rand.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_rand.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_rand.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_rand.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_rand.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+tb_rand.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+tb_rand.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+tb_rand.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+tb_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_rand.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_rand.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_rand.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_rand.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+tb_rand.o: eng_int.h tb_rand.c
+tb_rsa.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_rsa.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_rsa.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_rsa.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_rsa.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_rsa.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_rsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_rsa.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+tb_rsa.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+tb_rsa.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+tb_rsa.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+tb_rsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_rsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_rsa.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_rsa.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_rsa.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_rsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_rsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_rsa.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+tb_rsa.o: eng_int.h tb_rsa.c
diff --git a/src/lib/libcrypto/engine/eng_cnf.c b/src/lib/libcrypto/engine/eng_cnf.c
index 4225760af1..cdf670901a 100644
--- a/src/lib/libcrypto/engine/eng_cnf.c
+++ b/src/lib/libcrypto/engine/eng_cnf.c
@@ -158,7 +158,7 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf)
                          */
                         if (!strcmp(ctrlvalue, "EMPTY"))
                                 ctrlvalue = NULL;
-                        if (!strcmp(ctrlname, "init"))
+                        else if (!strcmp(ctrlname, "init"))
                                 {
                                 if (!NCONF_get_number_e(cnf, value, "init", &do_init))
                                         goto err;
diff --git a/src/lib/libcrypto/engine/eng_err.c b/src/lib/libcrypto/engine/eng_err.c
index fdc0e7be0f..814d95ee32 100644
--- a/src/lib/libcrypto/engine/eng_err.c
+++ b/src/lib/libcrypto/engine/eng_err.c
@@ -1,6 +1,6 @@
 /* crypto/engine/eng_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -64,91 +64,87 @@
 
 /* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ENGINE,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ENGINE,0,reason)
-
 static ERR_STRING_DATA ENGINE_str_functs[]=
         {
-{ERR_FUNC(ENGINE_F_DYNAMIC_CTRL),       "DYNAMIC_CTRL"},
-{ERR_FUNC(ENGINE_F_DYNAMIC_GET_DATA_CTX),       "DYNAMIC_GET_DATA_CTX"},
-{ERR_FUNC(ENGINE_F_DYNAMIC_LOAD),       "DYNAMIC_LOAD"},
-{ERR_FUNC(ENGINE_F_ENGINE_ADD), "ENGINE_add"},
-{ERR_FUNC(ENGINE_F_ENGINE_BY_ID),       "ENGINE_by_id"},
-{ERR_FUNC(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE),   "ENGINE_cmd_is_executable"},
-{ERR_FUNC(ENGINE_F_ENGINE_CTRL),        "ENGINE_ctrl"},
-{ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD),    "ENGINE_ctrl_cmd"},
-{ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD_STRING),     "ENGINE_ctrl_cmd_string"},
-{ERR_FUNC(ENGINE_F_ENGINE_FINISH),      "ENGINE_finish"},
-{ERR_FUNC(ENGINE_F_ENGINE_FREE),        "ENGINE_free"},
-{ERR_FUNC(ENGINE_F_ENGINE_GET_CIPHER),  "ENGINE_get_cipher"},
-{ERR_FUNC(ENGINE_F_ENGINE_GET_DEFAULT_TYPE),    "ENGINE_GET_DEFAULT_TYPE"},
-{ERR_FUNC(ENGINE_F_ENGINE_GET_DIGEST),  "ENGINE_get_digest"},
-{ERR_FUNC(ENGINE_F_ENGINE_GET_NEXT),    "ENGINE_get_next"},
-{ERR_FUNC(ENGINE_F_ENGINE_GET_PREV),    "ENGINE_get_prev"},
-{ERR_FUNC(ENGINE_F_ENGINE_INIT),        "ENGINE_init"},
-{ERR_FUNC(ENGINE_F_ENGINE_LIST_ADD),    "ENGINE_LIST_ADD"},
-{ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE), "ENGINE_LIST_REMOVE"},
-{ERR_FUNC(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY),    "ENGINE_load_private_key"},
-{ERR_FUNC(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY),     "ENGINE_load_public_key"},
-{ERR_FUNC(ENGINE_F_ENGINE_MODULE_INIT), "ENGINE_MODULE_INIT"},
-{ERR_FUNC(ENGINE_F_ENGINE_NEW), "ENGINE_new"},
-{ERR_FUNC(ENGINE_F_ENGINE_REMOVE),      "ENGINE_remove"},
-{ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING),  "ENGINE_set_default_string"},
-{ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_TYPE),    "ENGINE_SET_DEFAULT_TYPE"},
-{ERR_FUNC(ENGINE_F_ENGINE_SET_ID),      "ENGINE_set_id"},
-{ERR_FUNC(ENGINE_F_ENGINE_SET_NAME),    "ENGINE_set_name"},
-{ERR_FUNC(ENGINE_F_ENGINE_TABLE_REGISTER),      "ENGINE_TABLE_REGISTER"},
-{ERR_FUNC(ENGINE_F_ENGINE_UNLOAD_KEY),  "ENGINE_UNLOAD_KEY"},
-{ERR_FUNC(ENGINE_F_ENGINE_UP_REF),      "ENGINE_up_ref"},
-{ERR_FUNC(ENGINE_F_INT_CTRL_HELPER),    "INT_CTRL_HELPER"},
-{ERR_FUNC(ENGINE_F_INT_ENGINE_CONFIGURE),       "INT_ENGINE_CONFIGURE"},
-{ERR_FUNC(ENGINE_F_LOG_MESSAGE),        "LOG_MESSAGE"},
-{ERR_FUNC(ENGINE_F_SET_DATA_CTX),       "SET_DATA_CTX"},
+{ERR_PACK(0,ENGINE_F_DYNAMIC_CTRL,0),   "DYNAMIC_CTRL"},
+{ERR_PACK(0,ENGINE_F_DYNAMIC_GET_DATA_CTX,0),   "DYNAMIC_GET_DATA_CTX"},
+{ERR_PACK(0,ENGINE_F_DYNAMIC_LOAD,0),   "DYNAMIC_LOAD"},
+{ERR_PACK(0,ENGINE_F_ENGINE_ADD,0),     "ENGINE_add"},
+{ERR_PACK(0,ENGINE_F_ENGINE_BY_ID,0),   "ENGINE_by_id"},
+{ERR_PACK(0,ENGINE_F_ENGINE_CMD_IS_EXECUTABLE,0),       "ENGINE_cmd_is_executable"},
+{ERR_PACK(0,ENGINE_F_ENGINE_CTRL,0),    "ENGINE_ctrl"},
+{ERR_PACK(0,ENGINE_F_ENGINE_CTRL_CMD,0),        "ENGINE_ctrl_cmd"},
+{ERR_PACK(0,ENGINE_F_ENGINE_CTRL_CMD_STRING,0), "ENGINE_ctrl_cmd_string"},
+{ERR_PACK(0,ENGINE_F_ENGINE_FINISH,0),  "ENGINE_finish"},
+{ERR_PACK(0,ENGINE_F_ENGINE_FREE,0),    "ENGINE_free"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_CIPHER,0),      "ENGINE_get_cipher"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_DEFAULT_TYPE,0),        "ENGINE_GET_DEFAULT_TYPE"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_DIGEST,0),      "ENGINE_get_digest"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_NEXT,0),        "ENGINE_get_next"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_PREV,0),        "ENGINE_get_prev"},
+{ERR_PACK(0,ENGINE_F_ENGINE_INIT,0),    "ENGINE_init"},
+{ERR_PACK(0,ENGINE_F_ENGINE_LIST_ADD,0),        "ENGINE_LIST_ADD"},
+{ERR_PACK(0,ENGINE_F_ENGINE_LIST_REMOVE,0),     "ENGINE_LIST_REMOVE"},
+{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,0),        "ENGINE_load_private_key"},
+{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,0), "ENGINE_load_public_key"},
+{ERR_PACK(0,ENGINE_F_ENGINE_MODULE_INIT,0),     "ENGINE_MODULE_INIT"},
+{ERR_PACK(0,ENGINE_F_ENGINE_NEW,0),     "ENGINE_new"},
+{ERR_PACK(0,ENGINE_F_ENGINE_REMOVE,0),  "ENGINE_remove"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_DEFAULT_STRING,0),      "ENGINE_set_default_string"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_DEFAULT_TYPE,0),        "ENGINE_SET_DEFAULT_TYPE"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_ID,0),  "ENGINE_set_id"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_NAME,0),        "ENGINE_set_name"},
+{ERR_PACK(0,ENGINE_F_ENGINE_TABLE_REGISTER,0),  "ENGINE_TABLE_REGISTER"},
+{ERR_PACK(0,ENGINE_F_ENGINE_UNLOAD_KEY,0),      "ENGINE_UNLOAD_KEY"},
+{ERR_PACK(0,ENGINE_F_ENGINE_UP_REF,0),  "ENGINE_up_ref"},
+{ERR_PACK(0,ENGINE_F_INT_CTRL_HELPER,0),        "INT_CTRL_HELPER"},
+{ERR_PACK(0,ENGINE_F_INT_ENGINE_CONFIGURE,0),   "INT_ENGINE_CONFIGURE"},
+{ERR_PACK(0,ENGINE_F_LOG_MESSAGE,0),    "LOG_MESSAGE"},
+{ERR_PACK(0,ENGINE_F_SET_DATA_CTX,0),   "SET_DATA_CTX"},
 {0,NULL}
         };
 
 static ERR_STRING_DATA ENGINE_str_reasons[]=
         {
-{ERR_REASON(ENGINE_R_ALREADY_LOADED)     ,"already loaded"},
-{ERR_REASON(ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER),"argument is not a number"},
-{ERR_REASON(ENGINE_R_CMD_NOT_EXECUTABLE) ,"cmd not executable"},
-{ERR_REASON(ENGINE_R_COMMAND_TAKES_INPUT),"command takes input"},
-{ERR_REASON(ENGINE_R_COMMAND_TAKES_NO_INPUT),"command takes no input"},
-{ERR_REASON(ENGINE_R_CONFLICTING_ENGINE_ID),"conflicting engine id"},
-{ERR_REASON(ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"},
-{ERR_REASON(ENGINE_R_DH_NOT_IMPLEMENTED) ,"dh not implemented"},
-{ERR_REASON(ENGINE_R_DSA_NOT_IMPLEMENTED),"dsa not implemented"},
-{ERR_REASON(ENGINE_R_DSO_FAILURE)        ,"DSO failure"},
-{ERR_REASON(ENGINE_R_DSO_NOT_FOUND)      ,"dso not found"},
-{ERR_REASON(ENGINE_R_ENGINES_SECTION_ERROR),"engines section error"},
-{ERR_REASON(ENGINE_R_ENGINE_IS_NOT_IN_LIST),"engine is not in the list"},
-{ERR_REASON(ENGINE_R_ENGINE_SECTION_ERROR),"engine section error"},
-{ERR_REASON(ENGINE_R_FAILED_LOADING_PRIVATE_KEY),"failed loading private key"},
-{ERR_REASON(ENGINE_R_FAILED_LOADING_PUBLIC_KEY),"failed loading public key"},
-{ERR_REASON(ENGINE_R_FINISH_FAILED)      ,"finish failed"},
-{ERR_REASON(ENGINE_R_GET_HANDLE_FAILED)  ,"could not obtain hardware handle"},
-{ERR_REASON(ENGINE_R_ID_OR_NAME_MISSING) ,"'id' or 'name' missing"},
-{ERR_REASON(ENGINE_R_INIT_FAILED)        ,"init failed"},
-{ERR_REASON(ENGINE_R_INTERNAL_LIST_ERROR),"internal list error"},
-{ERR_REASON(ENGINE_R_INVALID_ARGUMENT)   ,"invalid argument"},
-{ERR_REASON(ENGINE_R_INVALID_CMD_NAME)   ,"invalid cmd name"},
-{ERR_REASON(ENGINE_R_INVALID_CMD_NUMBER) ,"invalid cmd number"},
-{ERR_REASON(ENGINE_R_INVALID_INIT_VALUE) ,"invalid init value"},
-{ERR_REASON(ENGINE_R_INVALID_STRING)     ,"invalid string"},
-{ERR_REASON(ENGINE_R_NOT_INITIALISED)    ,"not initialised"},
-{ERR_REASON(ENGINE_R_NOT_LOADED)         ,"not loaded"},
-{ERR_REASON(ENGINE_R_NO_CONTROL_FUNCTION),"no control function"},
-{ERR_REASON(ENGINE_R_NO_INDEX)           ,"no index"},
-{ERR_REASON(ENGINE_R_NO_LOAD_FUNCTION)   ,"no load function"},
-{ERR_REASON(ENGINE_R_NO_REFERENCE)       ,"no reference"},
-{ERR_REASON(ENGINE_R_NO_SUCH_ENGINE)     ,"no such engine"},
-{ERR_REASON(ENGINE_R_NO_UNLOAD_FUNCTION) ,"no unload function"},
-{ERR_REASON(ENGINE_R_PROVIDE_PARAMETERS) ,"provide parameters"},
-{ERR_REASON(ENGINE_R_RSA_NOT_IMPLEMENTED),"rsa not implemented"},
-{ERR_REASON(ENGINE_R_UNIMPLEMENTED_CIPHER),"unimplemented cipher"},
-{ERR_REASON(ENGINE_R_UNIMPLEMENTED_DIGEST),"unimplemented digest"},
-{ERR_REASON(ENGINE_R_VERSION_INCOMPATIBILITY),"version incompatibility"},
+{ENGINE_R_ALREADY_LOADED                 ,"already loaded"},
+{ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER       ,"argument is not a number"},
+{ENGINE_R_CMD_NOT_EXECUTABLE             ,"cmd not executable"},
+{ENGINE_R_COMMAND_TAKES_INPUT            ,"command takes input"},
+{ENGINE_R_COMMAND_TAKES_NO_INPUT         ,"command takes no input"},
+{ENGINE_R_CONFLICTING_ENGINE_ID          ,"conflicting engine id"},
+{ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED   ,"ctrl command not implemented"},
+{ENGINE_R_DH_NOT_IMPLEMENTED             ,"dh not implemented"},
+{ENGINE_R_DSA_NOT_IMPLEMENTED            ,"dsa not implemented"},
+{ENGINE_R_DSO_FAILURE                    ,"DSO failure"},
+{ENGINE_R_DSO_NOT_FOUND                  ,"dso not found"},
+{ENGINE_R_ENGINES_SECTION_ERROR          ,"engines section error"},
+{ENGINE_R_ENGINE_IS_NOT_IN_LIST          ,"engine is not in the list"},
+{ENGINE_R_ENGINE_SECTION_ERROR           ,"engine section error"},
+{ENGINE_R_FAILED_LOADING_PRIVATE_KEY     ,"failed loading private key"},
+{ENGINE_R_FAILED_LOADING_PUBLIC_KEY      ,"failed loading public key"},
+{ENGINE_R_FINISH_FAILED                  ,"finish failed"},
+{ENGINE_R_GET_HANDLE_FAILED              ,"could not obtain hardware handle"},
+{ENGINE_R_ID_OR_NAME_MISSING             ,"'id' or 'name' missing"},
+{ENGINE_R_INIT_FAILED                    ,"init failed"},
+{ENGINE_R_INTERNAL_LIST_ERROR            ,"internal list error"},
+{ENGINE_R_INVALID_ARGUMENT               ,"invalid argument"},
+{ENGINE_R_INVALID_CMD_NAME               ,"invalid cmd name"},
+{ENGINE_R_INVALID_CMD_NUMBER             ,"invalid cmd number"},
+{ENGINE_R_INVALID_INIT_VALUE             ,"invalid init value"},
+{ENGINE_R_INVALID_STRING                 ,"invalid string"},
+{ENGINE_R_NOT_INITIALISED                ,"not initialised"},
+{ENGINE_R_NOT_LOADED                     ,"not loaded"},
+{ENGINE_R_NO_CONTROL_FUNCTION            ,"no control function"},
+{ENGINE_R_NO_INDEX                       ,"no index"},
+{ENGINE_R_NO_LOAD_FUNCTION               ,"no load function"},
+{ENGINE_R_NO_REFERENCE                   ,"no reference"},
+{ENGINE_R_NO_SUCH_ENGINE                 ,"no such engine"},
+{ENGINE_R_NO_UNLOAD_FUNCTION             ,"no unload function"},
+{ENGINE_R_PROVIDE_PARAMETERS             ,"provide parameters"},
+{ENGINE_R_RSA_NOT_IMPLEMENTED            ,"rsa not implemented"},
+{ENGINE_R_UNIMPLEMENTED_CIPHER           ,"unimplemented cipher"},
+{ENGINE_R_UNIMPLEMENTED_DIGEST           ,"unimplemented digest"},
+{ENGINE_R_VERSION_INCOMPATIBILITY        ,"version incompatibility"},
 {0,NULL}
         };
 
@@ -162,8 +158,8 @@ void ERR_load_ENGINE_strings(void)
                 {
                 init=0;
 #ifndef OPENSSL_NO_ERR
-                ERR_load_strings(0,ENGINE_str_functs);
-                ERR_load_strings(0,ENGINE_str_reasons);
+                ERR_load_strings(ERR_LIB_ENGINE,ENGINE_str_functs);
+                ERR_load_strings(ERR_LIB_ENGINE,ENGINE_str_reasons);
 #endif
 
                 }
diff --git a/src/lib/libcrypto/engine/enginetest.c b/src/lib/libcrypto/engine/enginetest.c
new file mode 100644
index 0000000000..c2d0297392
--- /dev/null
+++ b/src/lib/libcrypto/engine/enginetest.c
@@ -0,0 +1,283 @@
+/* crypto/engine/enginetest.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#ifdef OPENSSL_NO_ENGINE
+int main(int argc, char *argv[])
+{
+    printf("No ENGINE support\n");
+    return(0);
+}
+#else
+#include <openssl/e_os2.h>
+#include <openssl/buffer.h>
+#include <openssl/crypto.h>
+#include <openssl/engine.h>
+#include <openssl/err.h>
+
+static void display_engine_list()
+        {
+        ENGINE *h;
+        int loop;
+
+        h = ENGINE_get_first();
+        loop = 0;
+        printf("listing available engine types\n");
+        while(h)
+                {
+                printf("engine %i, id = \"%s\", name = \"%s\"\n",
+                        loop++, ENGINE_get_id(h), ENGINE_get_name(h));
+                h = ENGINE_get_next(h);
+                }
+        printf("end of list\n");
+        /* ENGINE_get_first() increases the struct_ref counter, so we 
+           must call ENGINE_free() to decrease it again */
+        ENGINE_free(h);
+        }
+
+int main(int argc, char *argv[])
+        {
+        ENGINE *block[512];
+        char buf[256];
+        const char *id, *name;
+        ENGINE *ptr;
+        int loop;
+        int to_return = 1;
+        ENGINE *new_h1 = NULL;
+        ENGINE *new_h2 = NULL;
+        ENGINE *new_h3 = NULL;
+        ENGINE *new_h4 = NULL;
+
+        /* enable memory leak checking unless explicitly disabled */
+        if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
+                {
+                CRYPTO_malloc_debug_init();
+                CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+                }
+        else
+                {
+                /* OPENSSL_DEBUG_MEMORY=off */
+                CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
+                }
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+        ERR_load_crypto_strings();
+
+        memset(block, 0, 512 * sizeof(ENGINE *));
+        if(((new_h1 = ENGINE_new()) == NULL) ||
+                        !ENGINE_set_id(new_h1, "test_id0") ||
+                        !ENGINE_set_name(new_h1, "First test item") ||
+                        ((new_h2 = ENGINE_new()) == NULL) ||
+                        !ENGINE_set_id(new_h2, "test_id1") ||
+                        !ENGINE_set_name(new_h2, "Second test item") ||
+                        ((new_h3 = ENGINE_new()) == NULL) ||
+                        !ENGINE_set_id(new_h3, "test_id2") ||
+                        !ENGINE_set_name(new_h3, "Third test item") ||
+                        ((new_h4 = ENGINE_new()) == NULL) ||
+                        !ENGINE_set_id(new_h4, "test_id3") ||
+                        !ENGINE_set_name(new_h4, "Fourth test item"))
+                {
+                printf("Couldn't set up test ENGINE structures\n");
+                goto end;
+                }
+        printf("\nenginetest beginning\n\n");
+        display_engine_list();
+        if(!ENGINE_add(new_h1))
+                {
+                printf("Add failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        ptr = ENGINE_get_first();
+        if(!ENGINE_remove(ptr))
+                {
+                printf("Remove failed!\n");
+                goto end;
+                }
+        if (ptr)
+                ENGINE_free(ptr);
+        display_engine_list();
+        if(!ENGINE_add(new_h3) || !ENGINE_add(new_h2))
+                {
+                printf("Add failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        if(!ENGINE_remove(new_h2))
+                {
+                printf("Remove failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        if(!ENGINE_add(new_h4))
+                {
+                printf("Add failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        if(ENGINE_add(new_h3))
+                {
+                printf("Add *should* have failed but didn't!\n");
+                goto end;
+                }
+        else
+                printf("Add that should fail did.\n");
+        ERR_clear_error();
+        if(ENGINE_remove(new_h2))
+                {
+                printf("Remove *should* have failed but didn't!\n");
+                goto end;
+                }
+        else
+                printf("Remove that should fail did.\n");
+        ERR_clear_error();
+        if(!ENGINE_remove(new_h3))
+                {
+                printf("Remove failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        if(!ENGINE_remove(new_h4))
+                {
+                printf("Remove failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        /* Depending on whether there's any hardware support compiled
+         * in, this remove may be destined to fail. */
+        ptr = ENGINE_get_first();
+        if(ptr)
+                if(!ENGINE_remove(ptr))
+                        printf("Remove failed!i - probably no hardware "
+                                "support present.\n");
+        if (ptr)
+                ENGINE_free(ptr);
+        display_engine_list();
+        if(!ENGINE_add(new_h1) || !ENGINE_remove(new_h1))
+                {
+                printf("Couldn't add and remove to an empty list!\n");
+                goto end;
+                }
+        else
+                printf("Successfully added and removed to an empty list!\n");
+        printf("About to beef up the engine-type list\n");
+        for(loop = 0; loop < 512; loop++)
+                {
+                sprintf(buf, "id%i", loop);
+                id = BUF_strdup(buf);
+                sprintf(buf, "Fake engine type %i", loop);
+                name = BUF_strdup(buf);
+                if(((block[loop] = ENGINE_new()) == NULL) ||
+                                !ENGINE_set_id(block[loop], id) ||
+                                !ENGINE_set_name(block[loop], name))
+                        {
+                        printf("Couldn't create block of ENGINE structures.\n"
+                                "I'll probably also core-dump now, damn.\n");
+                        goto end;
+                        }
+                }
+        for(loop = 0; loop < 512; loop++)
+                {
+                if(!ENGINE_add(block[loop]))
+                        {
+                        printf("\nAdding stopped at %i, (%s,%s)\n",
+                                loop, ENGINE_get_id(block[loop]),
+                                ENGINE_get_name(block[loop]));
+                        goto cleanup_loop;
+                        }
+                else
+                        printf("."); fflush(stdout);
+                }
+cleanup_loop:
+        printf("\nAbout to empty the engine-type list\n");
+        while((ptr = ENGINE_get_first()) != NULL)
+                {
+                if(!ENGINE_remove(ptr))
+                        {
+                        printf("\nRemove failed!\n");
+                        goto end;
+                        }
+                ENGINE_free(ptr);
+                printf("."); fflush(stdout);
+                }
+        for(loop = 0; loop < 512; loop++)
+                {
+                OPENSSL_free((void *)ENGINE_get_id(block[loop]));
+                OPENSSL_free((void *)ENGINE_get_name(block[loop]));
+                }
+        printf("\nTests completed happily\n");
+        to_return = 0;
+end:
+        if(to_return)
+                ERR_print_errors_fp(stderr);
+        if(new_h1) ENGINE_free(new_h1);
+        if(new_h2) ENGINE_free(new_h2);
+        if(new_h3) ENGINE_free(new_h3);
+        if(new_h4) ENGINE_free(new_h4);
+        for(loop = 0; loop < 512; loop++)
+                if(block[loop])
+                        ENGINE_free(block[loop]);
+        ENGINE_cleanup();
+        CRYPTO_cleanup_all_ex_data();
+        ERR_free_strings();
+        ERR_remove_state(0);
+        CRYPTO_mem_leaks_fp(stderr);
+        return to_return;
+        }
+#endif
diff --git a/src/lib/libcrypto/engine/hw.ec b/src/lib/libcrypto/engine/hw.ec
new file mode 100644
index 0000000000..5481a43918
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw.ec
@@ -0,0 +1,8 @@
+L AEPHK         hw_aep_err.h                    hw_aep_err.c
+L ATALLA        hw_atalla_err.h                 hw_atalla_err.c
+L CSWIFT        hw_cswift_err.h                 hw_cswift_err.c
+L HWCRHK        hw_ncipher_err.h                hw_ncipher_err.c
+L NURON         hw_nuron_err.h                  hw_nuron_err.c
+L SUREWARE      hw_sureware_err.h               hw_sureware_err.c
+L UBSEC         hw_ubsec_err.h                  hw_ubsec_err.c
+L CCA4758       hw_4758_cca_err.h               hw_4758_cca_err.c
diff --git a/src/lib/libcrypto/engine/hw_4758_cca.c b/src/lib/libcrypto/engine/hw_4758_cca.c
new file mode 100644
index 0000000000..4f5ae8a46d
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_4758_cca.c
@@ -0,0 +1,969 @@
+/* Author: Maurice Gittens <maurice@gittens.nl>                       */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+/* #include <openssl/pem.h> */
+#include "cryptlib.h"
+#include <openssl/dso.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/engine.h>
+
+#ifndef OPENSSL_NO_HW
+#ifndef OPENSSL_NO_HW_4758_CCA
+
+#ifdef FLAT_INC
+#include "hw_4758_cca.h"
+#else
+#include "vendor_defns/hw_4758_cca.h"
+#endif
+
+#include "hw_4758_cca_err.c"
+
+static int ibm_4758_cca_destroy(ENGINE *e);
+static int ibm_4758_cca_init(ENGINE *e);
+static int ibm_4758_cca_finish(ENGINE *e);
+static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+
+/* rsa functions */
+/*---------------*/
+#ifndef OPENSSL_NO_RSA
+static int cca_rsa_pub_enc(int flen, const unsigned char *from,
+                unsigned char *to, RSA *rsa,int padding);
+static int cca_rsa_priv_dec(int flen, const unsigned char *from,
+                unsigned char *to, RSA *rsa,int padding);
+static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
+                unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
+static int cca_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
+                unsigned char *sigbuf, unsigned int siglen, const RSA *rsa);
+
+/* utility functions */
+/*-----------------------*/
+static EVP_PKEY *ibm_4758_load_privkey(ENGINE*, const char*,
+                UI_METHOD *ui_method, void *callback_data);
+static EVP_PKEY *ibm_4758_load_pubkey(ENGINE*, const char*,
+                UI_METHOD *ui_method, void *callback_data);
+
+static int getModulusAndExponent(const unsigned char *token, long *exponentLength,
+                unsigned char *exponent, long *modulusLength,
+                long *modulusFieldLength, unsigned char *modulus);
+#endif
+
+/* RAND number functions */
+/*-----------------------*/
+static int cca_get_random_bytes(unsigned char*, int );
+static int cca_random_status(void);
+
+static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
+                int idx,long argl, void *argp);
+
+/* Function pointers for CCA verbs */
+/*---------------------------------*/
+#ifndef OPENSSL_NO_RSA
+static F_KEYRECORDREAD keyRecordRead;
+static F_DIGITALSIGNATUREGENERATE digitalSignatureGenerate;
+static F_DIGITALSIGNATUREVERIFY digitalSignatureVerify;
+static F_PUBLICKEYEXTRACT publicKeyExtract;
+static F_PKAENCRYPT pkaEncrypt;
+static F_PKADECRYPT pkaDecrypt;
+#endif
+static F_RANDOMNUMBERGENERATE randomNumberGenerate;
+
+/* static variables */
+/*------------------*/
+static const char *CCA4758_LIB_NAME = NULL;
+static const char *get_CCA4758_LIB_NAME(void)
+        {
+        if(CCA4758_LIB_NAME)
+                return CCA4758_LIB_NAME;
+        return CCA_LIB_NAME;
+        }
+static void free_CCA4758_LIB_NAME(void)
+        {
+        if(CCA4758_LIB_NAME)
+                OPENSSL_free((void*)CCA4758_LIB_NAME);
+        CCA4758_LIB_NAME = NULL;
+        }
+static long set_CCA4758_LIB_NAME(const char *name)
+        {
+        free_CCA4758_LIB_NAME();
+        return (((CCA4758_LIB_NAME = BUF_strdup(name)) != NULL) ? 1 : 0);
+        }
+#ifndef OPENSSL_NO_RSA
+static const char* n_keyRecordRead = CSNDKRR;
+static const char* n_digitalSignatureGenerate = CSNDDSG;
+static const char* n_digitalSignatureVerify = CSNDDSV;
+static const char* n_publicKeyExtract = CSNDPKX;
+static const char* n_pkaEncrypt = CSNDPKE;
+static const char* n_pkaDecrypt = CSNDPKD;
+#endif
+static const char* n_randomNumberGenerate = CSNBRNG;
+
+static int hndidx = -1;
+static DSO *dso = NULL;
+
+/* openssl engine initialization structures */
+/*------------------------------------------*/
+
+#define CCA4758_CMD_SO_PATH             ENGINE_CMD_BASE
+static const ENGINE_CMD_DEFN    cca4758_cmd_defns[] = {
+        {CCA4758_CMD_SO_PATH,
+                "SO_PATH",
+                "Specifies the path to the '4758cca' shared library",
+                ENGINE_CMD_FLAG_STRING},
+        {0, NULL, NULL, 0}
+        };
+
+#ifndef OPENSSL_NO_RSA
+static RSA_METHOD ibm_4758_cca_rsa =
+        {
+        "IBM 4758 CCA RSA method",
+        cca_rsa_pub_enc,
+        NULL,
+        NULL,
+        cca_rsa_priv_dec,
+        NULL, /*rsa_mod_exp,*/
+        NULL, /*mod_exp_mont,*/
+        NULL, /* init */
+        NULL, /* finish */
+        RSA_FLAG_SIGN_VER,        /* flags */
+        NULL, /* app_data */
+        cca_rsa_sign, /* rsa_sign */
+        cca_rsa_verify  /* rsa_verify */
+        };
+#endif
+
+static RAND_METHOD ibm_4758_cca_rand =
+        {
+        /* "IBM 4758 RAND method", */
+        NULL, /* seed */
+        cca_get_random_bytes, /* get random bytes from the card */
+        NULL, /* cleanup */
+        NULL, /* add */
+        cca_get_random_bytes, /* pseudo rand */
+        cca_random_status, /* status */
+        };
+
+static const char *engine_4758_cca_id = "4758cca";
+static const char *engine_4758_cca_name = "IBM 4758 CCA hardware engine support";
+
+/* engine implementation */
+/*-----------------------*/
+static int bind_helper(ENGINE *e)
+        {
+        if(!ENGINE_set_id(e, engine_4758_cca_id) ||
+                        !ENGINE_set_name(e, engine_4758_cca_name) ||
+#ifndef OPENSSL_NO_RSA
+                        !ENGINE_set_RSA(e, &ibm_4758_cca_rsa) ||
+#endif
+                        !ENGINE_set_RAND(e, &ibm_4758_cca_rand) ||
+                        !ENGINE_set_destroy_function(e, ibm_4758_cca_destroy) ||
+                        !ENGINE_set_init_function(e, ibm_4758_cca_init) ||
+                        !ENGINE_set_finish_function(e, ibm_4758_cca_finish) ||
+                        !ENGINE_set_ctrl_function(e, ibm_4758_cca_ctrl) ||
+                        !ENGINE_set_load_privkey_function(e, ibm_4758_load_privkey) ||
+                        !ENGINE_set_load_pubkey_function(e, ibm_4758_load_pubkey) ||
+                        !ENGINE_set_cmd_defns(e, cca4758_cmd_defns))
+                return 0;
+        /* Ensure the error handling is set up */
+        ERR_load_CCA4758_strings();
+        return 1;
+        }
+
+#ifndef ENGINE_DYNAMIC_SUPPORT
+static ENGINE *engine_4758_cca(void)
+        {
+        ENGINE *ret = ENGINE_new();
+        if(!ret)
+                return NULL;
+        if(!bind_helper(ret))
+                {
+                ENGINE_free(ret);
+                return NULL;
+                }
+        return ret;
+        }
+
+void ENGINE_load_4758cca(void)
+        {
+        ENGINE *e_4758 = engine_4758_cca();
+        if (!e_4758) return;
+        ENGINE_add(e_4758);
+        ENGINE_free(e_4758);
+        ERR_clear_error();   
+        }
+#endif
+
+static int ibm_4758_cca_destroy(ENGINE *e)
+        {
+        ERR_unload_CCA4758_strings();
+        free_CCA4758_LIB_NAME();
+        return 1;
+        }
+
+static int ibm_4758_cca_init(ENGINE *e)
+        {
+        if(dso)
+                {
+                CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_ALREADY_LOADED);
+                goto err;
+                }
+
+        dso = DSO_load(NULL, get_CCA4758_LIB_NAME(), NULL, 0);
+        if(!dso)
+                {
+                CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE);
+                goto err;
+                }
+
+#ifndef OPENSSL_NO_RSA
+        if(!(keyRecordRead = (F_KEYRECORDREAD)
+                                DSO_bind_func(dso, n_keyRecordRead)) ||
+                        !(randomNumberGenerate = (F_RANDOMNUMBERGENERATE)
+                                DSO_bind_func(dso, n_randomNumberGenerate)) ||
+                        !(digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)
+                                DSO_bind_func(dso, n_digitalSignatureGenerate)) ||
+                        !(digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)
+                                DSO_bind_func(dso, n_digitalSignatureVerify)) ||
+                        !(publicKeyExtract = (F_PUBLICKEYEXTRACT)
+                                DSO_bind_func(dso, n_publicKeyExtract)) ||
+                        !(pkaEncrypt = (F_PKAENCRYPT)
+                                DSO_bind_func(dso, n_pkaEncrypt)) ||
+                        !(pkaDecrypt = (F_PKADECRYPT)
+                                DSO_bind_func(dso, n_pkaDecrypt)))
+                {
+                CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE);
+                goto err;
+                }
+#else
+        if(!(randomNumberGenerate = (F_RANDOMNUMBERGENERATE)
+                                DSO_bind_func(dso, n_randomNumberGenerate)))
+                {
+                CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE);
+                goto err;
+                }
+#endif
+
+        hndidx = RSA_get_ex_new_index(0, "IBM 4758 CCA RSA key handle",
+                NULL, NULL, cca_ex_free);
+
+        return 1;
+err:
+        if(dso)
+                DSO_free(dso);
+        dso = NULL;
+
+        keyRecordRead = (F_KEYRECORDREAD)0;
+        randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0;
+        digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)0;
+        digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0;
+        publicKeyExtract = (F_PUBLICKEYEXTRACT)0;
+        pkaEncrypt = (F_PKAENCRYPT)0;
+        pkaDecrypt = (F_PKADECRYPT)0;
+        return 0;
+        }
+
+static int ibm_4758_cca_finish(ENGINE *e)
+        {
+        free_CCA4758_LIB_NAME();
+        if(!dso)
+                {
+                CCA4758err(CCA4758_F_IBM_4758_CCA_FINISH,
+                                CCA4758_R_NOT_LOADED);
+                return 0;
+                }
+        if(!DSO_free(dso))
+                {
+                CCA4758err(CCA4758_F_IBM_4758_CCA_FINISH,
+                                CCA4758_R_UNIT_FAILURE);
+                return 0;
+                }
+        dso = NULL;
+        keyRecordRead = (F_KEYRECORDREAD)0;
+        randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0;
+        digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)0;
+        digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0;
+        publicKeyExtract = (F_PUBLICKEYEXTRACT)0;
+        pkaEncrypt = (F_PKAENCRYPT)0;
+        pkaDecrypt = (F_PKADECRYPT)0;
+        return 1;
+        }
+
+static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+        {
+        int initialised = ((dso == NULL) ? 0 : 1);
+        switch(cmd)
+                {
+        case CCA4758_CMD_SO_PATH:
+                if(p == NULL)
+                        {
+                        CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,
+                                        ERR_R_PASSED_NULL_PARAMETER);
+                        return 0;
+                        }
+                if(initialised)
+                        {
+                        CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,
+                                        CCA4758_R_ALREADY_LOADED);
+                        return 0;
+                        }
+                return set_CCA4758_LIB_NAME((const char *)p);
+        default:
+                break;
+                }
+        CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,
+                        CCA4758_R_COMMAND_NOT_IMPLEMENTED);
+        return 0;
+        }
+
+#ifndef OPENSSL_NO_RSA
+
+#define MAX_CCA_PKA_TOKEN_SIZE 2500
+
+static EVP_PKEY *ibm_4758_load_privkey(ENGINE* e, const char* key_id,
+                        UI_METHOD *ui_method, void *callback_data)
+        {
+        RSA *rtmp = NULL;
+        EVP_PKEY *res = NULL;
+        unsigned char* keyToken = NULL;
+        unsigned char pubKeyToken[MAX_CCA_PKA_TOKEN_SIZE];
+        long pubKeyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
+        long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
+        long returnCode;
+        long reasonCode;
+        long exitDataLength = 0;
+        long ruleArrayLength = 0;
+        unsigned char exitData[8];
+        unsigned char ruleArray[8];
+        unsigned char keyLabel[64];
+        long keyLabelLength = strlen(key_id);
+        unsigned char modulus[256];
+        long modulusFieldLength = sizeof(modulus);
+        long modulusLength = 0;
+        unsigned char exponent[256];
+        long exponentLength = sizeof(exponent);
+
+        if (keyLabelLength > sizeof(keyLabel))
+                {
+                CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
+                CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+                return NULL;
+                }
+
+        memset(keyLabel,' ', sizeof(keyLabel));
+        memcpy(keyLabel, key_id, keyLabelLength);
+
+        keyToken = OPENSSL_malloc(MAX_CCA_PKA_TOKEN_SIZE + sizeof(long));
+        if (!keyToken)
+                {
+                CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
+                                ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        keyRecordRead(&returnCode, &reasonCode, &exitDataLength,
+                exitData, &ruleArrayLength, ruleArray, keyLabel,
+                &keyTokenLength, keyToken+sizeof(long));
+
+        if (returnCode)
+                {
+                CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
+                        CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
+                goto err;
+                }
+
+        publicKeyExtract(&returnCode, &reasonCode, &exitDataLength,
+                exitData, &ruleArrayLength, ruleArray, &keyTokenLength,
+                keyToken+sizeof(long), &pubKeyTokenLength, pubKeyToken);
+
+        if (returnCode)
+                {
+                CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
+                        CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
+                goto err;
+                }
+
+        if (!getModulusAndExponent(pubKeyToken, &exponentLength,
+                        exponent, &modulusLength, &modulusFieldLength,
+                        modulus))
+                {
+                CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
+                        CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
+                goto err;
+                }
+
+        (*(long*)keyToken) = keyTokenLength;
+        rtmp = RSA_new_method(e);
+        RSA_set_ex_data(rtmp, hndidx, (char *)keyToken);
+
+        rtmp->e = BN_bin2bn(exponent, exponentLength, NULL);
+        rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL);
+        rtmp->flags |= RSA_FLAG_EXT_PKEY;
+
+        res = EVP_PKEY_new();
+        EVP_PKEY_assign_RSA(res, rtmp);
+
+        return res;
+err:
+        if (keyToken)
+                OPENSSL_free(keyToken);
+        if (res)
+                EVP_PKEY_free(res);
+        if (rtmp)
+                RSA_free(rtmp);
+        return NULL;
+        }
+
+static EVP_PKEY *ibm_4758_load_pubkey(ENGINE* e, const char* key_id,
+                        UI_METHOD *ui_method, void *callback_data)
+        {
+        RSA *rtmp = NULL;
+        EVP_PKEY *res = NULL;
+        unsigned char* keyToken = NULL;
+        long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
+        long returnCode;
+        long reasonCode;
+        long exitDataLength = 0;
+        long ruleArrayLength = 0;
+        unsigned char exitData[8];
+        unsigned char ruleArray[8];
+        unsigned char keyLabel[64];
+        long keyLabelLength = strlen(key_id);
+        unsigned char modulus[512];
+        long modulusFieldLength = sizeof(modulus);
+        long modulusLength = 0;
+        unsigned char exponent[512];
+        long exponentLength = sizeof(exponent);
+
+        if (keyLabelLength > sizeof(keyLabel))
+                {
+                CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
+                        CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+                return NULL;
+                }
+
+        memset(keyLabel,' ', sizeof(keyLabel));
+        memcpy(keyLabel, key_id, keyLabelLength);
+
+        keyToken = OPENSSL_malloc(MAX_CCA_PKA_TOKEN_SIZE + sizeof(long));
+        if (!keyToken)
+                {
+                CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PUBKEY,
+                                ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        keyRecordRead(&returnCode, &reasonCode, &exitDataLength, exitData,
+                &ruleArrayLength, ruleArray, keyLabel, &keyTokenLength,
+                keyToken+sizeof(long));
+
+        if (returnCode)
+                {
+                CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
+                                ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        if (!getModulusAndExponent(keyToken+sizeof(long), &exponentLength,
+                        exponent, &modulusLength, &modulusFieldLength, modulus))
+                {
+                CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
+                        CCA4758_R_FAILED_LOADING_PUBLIC_KEY);
+                goto err;
+                }
+
+        (*(long*)keyToken) = keyTokenLength;
+        rtmp = RSA_new_method(e);
+        RSA_set_ex_data(rtmp, hndidx, (char *)keyToken);
+        rtmp->e = BN_bin2bn(exponent, exponentLength, NULL);
+        rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL);
+        rtmp->flags |= RSA_FLAG_EXT_PKEY;
+        res = EVP_PKEY_new();
+        EVP_PKEY_assign_RSA(res, rtmp);
+
+        return res;
+err:
+        if (keyToken)
+                OPENSSL_free(keyToken);
+        if (res)
+                EVP_PKEY_free(res);
+        if (rtmp)
+                RSA_free(rtmp);
+        return NULL;
+        }
+
+static int cca_rsa_pub_enc(int flen, const unsigned char *from,
+                        unsigned char *to, RSA *rsa,int padding)
+        {
+        long returnCode;
+        long reasonCode;
+        long lflen = flen;
+        long exitDataLength = 0;
+        unsigned char exitData[8];
+        long ruleArrayLength = 1;
+        unsigned char ruleArray[8] = "PKCS-1.2";
+        long dataStructureLength = 0;
+        unsigned char dataStructure[8];
+        long outputLength = RSA_size(rsa);
+        long keyTokenLength;
+        unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);
+
+        keyTokenLength = *(long*)keyToken;
+        keyToken+=sizeof(long);
+
+        pkaEncrypt(&returnCode, &reasonCode, &exitDataLength, exitData,
+                &ruleArrayLength, ruleArray, &lflen, (unsigned char*)from,
+                &dataStructureLength, dataStructure, &keyTokenLength,
+                keyToken, &outputLength, to);
+
+        if (returnCode || reasonCode)
+                return -(returnCode << 16 | reasonCode);
+        return outputLength;
+        }
+
+static int cca_rsa_priv_dec(int flen, const unsigned char *from,
+                        unsigned char *to, RSA *rsa,int padding)
+        {
+        long returnCode;
+        long reasonCode;
+        long lflen = flen;
+        long exitDataLength = 0;
+        unsigned char exitData[8];
+        long ruleArrayLength = 1;
+        unsigned char ruleArray[8] = "PKCS-1.2";
+        long dataStructureLength = 0;
+        unsigned char dataStructure[8];
+        long outputLength = RSA_size(rsa);
+        long keyTokenLength;
+        unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);
+
+        keyTokenLength = *(long*)keyToken;
+        keyToken+=sizeof(long);
+
+        pkaDecrypt(&returnCode, &reasonCode, &exitDataLength, exitData,
+                &ruleArrayLength, ruleArray, &lflen, (unsigned char*)from,
+                &dataStructureLength, dataStructure, &keyTokenLength,
+                keyToken, &outputLength, to);
+
+        return (returnCode | reasonCode) ? 0 : 1;
+        }
+
+#define SSL_SIG_LEN 36
+
+static int cca_rsa_verify(int type, const unsigned char *m, unsigned int m_len,
+                unsigned char *sigbuf, unsigned int siglen, const RSA *rsa)
+        {
+        long returnCode;
+        long reasonCode;
+        long lsiglen = siglen;
+        long exitDataLength = 0;
+        unsigned char exitData[8];
+        long ruleArrayLength = 1;
+        unsigned char ruleArray[8] = "PKCS-1.1";
+        long keyTokenLength;
+        unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);
+        long length = SSL_SIG_LEN;
+        long keyLength ;
+        unsigned char *hashBuffer = NULL;
+        X509_SIG sig;
+        ASN1_TYPE parameter;
+        X509_ALGOR algorithm;
+        ASN1_OCTET_STRING digest;
+
+        keyTokenLength = *(long*)keyToken;
+        keyToken+=sizeof(long);
+
+        if (type == NID_md5 || type == NID_sha1)
+                {
+                sig.algor = &algorithm;
+                algorithm.algorithm = OBJ_nid2obj(type);
+
+                if (!algorithm.algorithm)
+                        {
+                        CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
+                                CCA4758_R_UNKNOWN_ALGORITHM_TYPE);
+                        return 0;
+                        }
+
+                if (!algorithm.algorithm->length)
+                        {
+                        CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
+                                CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD);
+                        return 0;
+                        }
+
+                parameter.type = V_ASN1_NULL;
+                parameter.value.ptr = NULL;
+                algorithm.parameter = &parameter;
+
+                sig.digest = &digest;
+                sig.digest->data = (unsigned char*)m;
+                sig.digest->length = m_len;
+
+                length = i2d_X509_SIG(&sig, NULL);
+                }
+
+        keyLength = RSA_size(rsa);
+
+        if (length - RSA_PKCS1_PADDING > keyLength)
+                {
+                CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
+                        CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+                return 0;
+                }
+
+        switch (type)
+                {
+                case NID_md5_sha1 :
+                        if (m_len != SSL_SIG_LEN)
+                                {
+                                CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
+                                CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+                                return 0;
+                                }
+
+                        hashBuffer = (unsigned char *)m;
+                        length = m_len;
+                        break;
+                case NID_md5 :
+                        {
+                        unsigned char *ptr;
+                        ptr = hashBuffer = OPENSSL_malloc(
+                                        (unsigned int)keyLength+1);
+                        if (!hashBuffer)
+                                {
+                                CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
+                                                ERR_R_MALLOC_FAILURE);
+                                return 0;
+                                }
+
+                        i2d_X509_SIG(&sig, &ptr);
+                        }
+                        break;
+                case NID_sha1 :
+                        {
+                        unsigned char *ptr;
+                        ptr = hashBuffer = OPENSSL_malloc(
+                                        (unsigned int)keyLength+1);
+                        if (!hashBuffer)
+                                {
+                                CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
+                                                ERR_R_MALLOC_FAILURE);
+                                return 0;
+                                }
+                        i2d_X509_SIG(&sig, &ptr);
+                        }
+                        break;
+                default:
+                        return 0;
+                }
+
+        digitalSignatureVerify(&returnCode, &reasonCode, &exitDataLength,
+                exitData, &ruleArrayLength, ruleArray, &keyTokenLength,
+                keyToken, &length, hashBuffer, &lsiglen, sigbuf);
+
+        if (type == NID_sha1 || type == NID_md5)
+                {
+                OPENSSL_cleanse(hashBuffer, keyLength+1);
+                OPENSSL_free(hashBuffer);
+                }
+
+        return ((returnCode || reasonCode) ? 0 : 1);
+        }
+
+#define SSL_SIG_LEN 36
+
+static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
+                unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
+        {
+        long returnCode;
+        long reasonCode;
+        long exitDataLength = 0;
+        unsigned char exitData[8];
+        long ruleArrayLength = 1;
+        unsigned char ruleArray[8] = "PKCS-1.1";
+        long outputLength=256;
+        long outputBitLength;
+        long keyTokenLength;
+        unsigned char *hashBuffer = NULL;
+        unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);
+        long length = SSL_SIG_LEN;
+        long keyLength ;
+        X509_SIG sig;
+        ASN1_TYPE parameter;
+        X509_ALGOR algorithm;
+        ASN1_OCTET_STRING digest;
+
+        keyTokenLength = *(long*)keyToken;
+        keyToken+=sizeof(long);
+
+        if (type == NID_md5 || type == NID_sha1)
+                {
+                sig.algor = &algorithm;
+                algorithm.algorithm = OBJ_nid2obj(type);
+
+                if (!algorithm.algorithm)
+                        {
+                        CCA4758err(CCA4758_F_IBM_4758_CCA_SIGN,
+                                CCA4758_R_UNKNOWN_ALGORITHM_TYPE);
+                        return 0;
+                        }
+
+                if (!algorithm.algorithm->length)
+                        {
+                        CCA4758err(CCA4758_F_IBM_4758_CCA_SIGN,
+                                CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD);
+                        return 0;
+                        }
+
+                parameter.type = V_ASN1_NULL;
+                parameter.value.ptr = NULL;
+                algorithm.parameter = &parameter;
+
+                sig.digest = &digest;
+                sig.digest->data = (unsigned char*)m;
+                sig.digest->length = m_len;
+
+                length = i2d_X509_SIG(&sig, NULL);
+                }
+
+        keyLength = RSA_size(rsa);
+
+        if (length - RSA_PKCS1_PADDING > keyLength)
+                {
+                CCA4758err(CCA4758_F_IBM_4758_CCA_SIGN,
+                        CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+                return 0;
+                }
+
+        switch (type)
+                {
+                case NID_md5_sha1 :
+                        if (m_len != SSL_SIG_LEN)
+                                {
+                                CCA4758err(CCA4758_F_IBM_4758_CCA_SIGN,
+                                CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+                                return 0;
+                                }
+                        hashBuffer = (unsigned char*)m;
+                        length = m_len;
+                        break;
+                case NID_md5 :
+                        {
+                        unsigned char *ptr;
+                        ptr = hashBuffer = OPENSSL_malloc(
+                                        (unsigned int)keyLength+1);
+                        if (!hashBuffer)
+                                {
+                                CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
+                                                ERR_R_MALLOC_FAILURE);
+                                return 0;
+                                }
+                        i2d_X509_SIG(&sig, &ptr);
+                        }
+                        break;
+                case NID_sha1 :
+                        {
+                        unsigned char *ptr;
+                        ptr = hashBuffer = OPENSSL_malloc(
+                                        (unsigned int)keyLength+1);
+                        if (!hashBuffer)
+                                {
+                                CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
+                                                ERR_R_MALLOC_FAILURE);
+                                return 0;
+                                }
+                        i2d_X509_SIG(&sig, &ptr);
+                        }
+                        break;
+                default:
+                        return 0;
+                }
+
+        digitalSignatureGenerate(&returnCode, &reasonCode, &exitDataLength,
+                exitData, &ruleArrayLength, ruleArray, &keyTokenLength,
+                keyToken, &length, hashBuffer, &outputLength, &outputBitLength,
+                sigret);
+
+        if (type == NID_sha1 || type == NID_md5)
+                {
+                OPENSSL_cleanse(hashBuffer, keyLength+1);
+                OPENSSL_free(hashBuffer);
+                }
+
+        *siglen = outputLength;
+
+        return ((returnCode || reasonCode) ? 0 : 1);
+        }
+
+static int getModulusAndExponent(const unsigned char*token, long *exponentLength,
+                unsigned char *exponent, long *modulusLength, long *modulusFieldLength,
+                unsigned char *modulus)
+        {
+        unsigned long len;
+
+        if (*token++ != (char)0x1E) /* internal PKA token? */
+                return 0;
+
+        if (*token++) /* token version must be zero */
+                return 0;
+
+        len = *token++;
+        len = len << 8;
+        len |= (unsigned char)*token++;
+
+        token += 4; /* skip reserved bytes */
+
+        if (*token++ == (char)0x04)
+                {
+                if (*token++) /* token version must be zero */
+                        return 0;
+
+                len = *token++;
+                len = len << 8;
+                len |= (unsigned char)*token++;
+
+                token+=2; /* skip reserved section */
+
+                len = *token++;
+                len = len << 8;
+                len |= (unsigned char)*token++;
+
+                *exponentLength = len;
+
+                len = *token++;
+                len = len << 8;
+                len |= (unsigned char)*token++;
+
+                *modulusLength = len;
+
+                len = *token++;
+                len = len << 8;
+                len |= (unsigned char)*token++;
+
+                *modulusFieldLength = len;
+
+                memcpy(exponent, token, *exponentLength);
+                token+= *exponentLength;
+
+                memcpy(modulus, token, *modulusFieldLength);
+                return 1;
+                }
+        return 0;
+        }
+
+#endif /* OPENSSL_NO_RSA */
+
+static int cca_random_status(void)
+        {
+        return 1;
+        }
+
+static int cca_get_random_bytes(unsigned char* buf, int num)
+        {
+        long ret_code;
+        long reason_code;
+        long exit_data_length;
+        unsigned char exit_data[4];
+        unsigned char form[] = "RANDOM  ";
+        unsigned char rand_buf[8];
+
+        while(num >= sizeof(rand_buf))
+                {
+                randomNumberGenerate(&ret_code, &reason_code, &exit_data_length,
+                        exit_data, form, rand_buf);
+                if (ret_code)
+                        return 0;
+                num -= sizeof(rand_buf);
+                memcpy(buf, rand_buf, sizeof(rand_buf));
+                buf += sizeof(rand_buf);
+                }
+
+        if (num)
+                {
+                randomNumberGenerate(&ret_code, &reason_code, NULL, NULL,
+                        form, rand_buf);
+                if (ret_code)
+                        return 0;
+                memcpy(buf, rand_buf, num);
+                }
+
+        return 1;
+        }
+
+static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int idx,
+                long argl, void *argp)
+        {
+        if (item)
+                OPENSSL_free(item);
+        }
+
+/* Goo to handle building as a dynamic engine */
+#ifdef ENGINE_DYNAMIC_SUPPORT 
+static int bind_fn(ENGINE *e, const char *id)
+        {
+        if(id && (strcmp(id, engine_4758_cca_id) != 0))
+                return 0;
+        if(!bind_helper(e))
+                return 0;
+        return 1;
+        }       
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#endif /* ENGINE_DYNAMIC_SUPPORT */
+
+#endif /* !OPENSSL_NO_HW_4758_CCA */
+#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libcrypto/engine/hw_4758_cca_err.c b/src/lib/libcrypto/engine/hw_4758_cca_err.c
new file mode 100644
index 0000000000..7ea5c63707
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_4758_cca_err.c
@@ -0,0 +1,149 @@
+/* hw_4758_cca_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "hw_4758_cca_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA CCA4758_str_functs[]=
+        {
+{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_CTRL,0),     "IBM_4758_CCA_CTRL"},
+{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_FINISH,0),   "IBM_4758_CCA_FINISH"},
+{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_INIT,0),     "IBM_4758_CCA_INIT"},
+{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,0),     "IBM_4758_CCA_LOAD_PRIVKEY"},
+{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_LOAD_PUBKEY,0),      "IBM_4758_CCA_LOAD_PUBKEY"},
+{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_SIGN,0),     "IBM_4758_CCA_SIGN"},
+{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_VERIFY,0),   "IBM_4758_CCA_VERIFY"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA CCA4758_str_reasons[]=
+        {
+{CCA4758_R_ALREADY_LOADED                ,"already loaded"},
+{CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD       ,"asn1 oid unknown for md"},
+{CCA4758_R_COMMAND_NOT_IMPLEMENTED       ,"command not implemented"},
+{CCA4758_R_DSO_FAILURE                   ,"dso failure"},
+{CCA4758_R_FAILED_LOADING_PRIVATE_KEY    ,"failed loading private key"},
+{CCA4758_R_FAILED_LOADING_PUBLIC_KEY     ,"failed loading public key"},
+{CCA4758_R_NOT_LOADED                    ,"not loaded"},
+{CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL   ,"size too large or too small"},
+{CCA4758_R_UNIT_FAILURE                  ,"unit failure"},
+{CCA4758_R_UNKNOWN_ALGORITHM_TYPE        ,"unknown algorithm type"},
+{0,NULL}
+        };
+
+#endif
+
+#ifdef CCA4758_LIB_NAME
+static ERR_STRING_DATA CCA4758_lib_name[]=
+        {
+{0      ,CCA4758_LIB_NAME},
+{0,NULL}
+        };
+#endif
+
+
+static int CCA4758_lib_error_code=0;
+static int CCA4758_error_init=1;
+
+static void ERR_load_CCA4758_strings(void)
+        {
+        if (CCA4758_lib_error_code == 0)
+                CCA4758_lib_error_code=ERR_get_next_error_library();
+
+        if (CCA4758_error_init)
+                {
+                CCA4758_error_init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(CCA4758_lib_error_code,CCA4758_str_functs);
+                ERR_load_strings(CCA4758_lib_error_code,CCA4758_str_reasons);
+#endif
+
+#ifdef CCA4758_LIB_NAME
+                CCA4758_lib_name->error = ERR_PACK(CCA4758_lib_error_code,0,0);
+                ERR_load_strings(0,CCA4758_lib_name);
+#endif
+                }
+        }
+
+static void ERR_unload_CCA4758_strings(void)
+        {
+        if (CCA4758_error_init == 0)
+                {
+#ifndef OPENSSL_NO_ERR
+                ERR_unload_strings(CCA4758_lib_error_code,CCA4758_str_functs);
+                ERR_unload_strings(CCA4758_lib_error_code,CCA4758_str_reasons);
+#endif
+
+#ifdef CCA4758_LIB_NAME
+                ERR_unload_strings(0,CCA4758_lib_name);
+#endif
+                CCA4758_error_init=1;
+                }
+        }
+
+static void ERR_CCA4758_error(int function, int reason, char *file, int line)
+        {
+        if (CCA4758_lib_error_code == 0)
+                CCA4758_lib_error_code=ERR_get_next_error_library();
+        ERR_PUT_error(CCA4758_lib_error_code,function,reason,file,line);
+        }
diff --git a/src/lib/libcrypto/engine/hw_4758_cca_err.h b/src/lib/libcrypto/engine/hw_4758_cca_err.h
new file mode 100644
index 0000000000..2fc563ab11
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_4758_cca_err.h
@@ -0,0 +1,93 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_CCA4758_ERR_H
+#define HEADER_CCA4758_ERR_H
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_CCA4758_strings(void);
+static void ERR_unload_CCA4758_strings(void);
+static void ERR_CCA4758_error(int function, int reason, char *file, int line);
+#define CCA4758err(f,r) ERR_CCA4758_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the CCA4758 functions. */
+
+/* Function codes. */
+#define CCA4758_F_IBM_4758_CCA_CTRL                      100
+#define CCA4758_F_IBM_4758_CCA_FINISH                    101
+#define CCA4758_F_IBM_4758_CCA_INIT                      102
+#define CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY              103
+#define CCA4758_F_IBM_4758_CCA_LOAD_PUBKEY               104
+#define CCA4758_F_IBM_4758_CCA_SIGN                      105
+#define CCA4758_F_IBM_4758_CCA_VERIFY                    106
+
+/* Reason codes. */
+#define CCA4758_R_ALREADY_LOADED                         100
+#define CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD                101
+#define CCA4758_R_COMMAND_NOT_IMPLEMENTED                102
+#define CCA4758_R_DSO_FAILURE                            103
+#define CCA4758_R_FAILED_LOADING_PRIVATE_KEY             104
+#define CCA4758_R_FAILED_LOADING_PUBLIC_KEY              105
+#define CCA4758_R_NOT_LOADED                             106
+#define CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL            107
+#define CCA4758_R_UNIT_FAILURE                           108
+#define CCA4758_R_UNKNOWN_ALGORITHM_TYPE                 109
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/engine/hw_aep.c b/src/lib/libcrypto/engine/hw_aep.c
new file mode 100644
index 0000000000..8b8380a582
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_aep.c
@@ -0,0 +1,1119 @@
+/* crypto/engine/hw_aep.c */
+/*
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/bn.h>
+#include <string.h>
+
+#include <openssl/e_os2.h>
+#if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__)
+#include <sys/types.h>
+#include <unistd.h>
+#else
+#include <process.h>
+typedef int pid_t;
+#endif
+
+#include <openssl/crypto.h>
+#include <openssl/dso.h>
+#include <openssl/engine.h>
+#include <openssl/buffer.h>
+
+#ifndef OPENSSL_NO_HW
+#ifndef OPENSSL_NO_HW_AEP
+#ifdef FLAT_INC
+#include "aep.h"
+#else
+#include "vendor_defns/aep.h"
+#endif
+
+#define AEP_LIB_NAME "aep engine"
+#define FAIL_TO_SW 0x10101010
+
+#include "hw_aep_err.c"
+
+static int aep_init(ENGINE *e);
+static int aep_finish(ENGINE *e);
+static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+static int aep_destroy(ENGINE *e);
+
+static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR hConnection);
+static AEP_RV aep_return_connection(AEP_CONNECTION_HNDL hConnection);
+static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection);
+static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use);
+
+/* BIGNUM stuff */
+static int aep_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+        const BIGNUM *m, BN_CTX *ctx);
+
+static AEP_RV aep_mod_exp_crt(BIGNUM *r,const  BIGNUM *a, const BIGNUM *p,
+        const BIGNUM *q, const BIGNUM *dmp1,const BIGNUM *dmq1,
+        const BIGNUM *iqmp, BN_CTX *ctx);
+
+/* RSA stuff */
+#ifndef OPENSSL_NO_RSA
+static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
+#endif
+
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int aep_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+        const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+
+/* DSA stuff */
+#ifndef OPENSSL_NO_DSA
+static int aep_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+        BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+        BN_CTX *ctx, BN_MONT_CTX *in_mont);
+
+static int aep_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+        const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+        BN_MONT_CTX *m_ctx);
+#endif
+
+/* DH stuff */
+/* This function is aliased to mod_exp (with the DH and mont dropped). */
+#ifndef OPENSSL_NO_DH
+static int aep_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+        const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+#endif
+
+/* rand stuff   */
+#ifdef AEPRAND
+static int aep_rand(unsigned char *buf, int num);
+static int aep_rand_status(void);
+#endif
+
+/* Bignum conversion stuff */
+static AEP_RV GetBigNumSize(AEP_VOID_PTR ArbBigNum, AEP_U32* BigNumSize);
+static AEP_RV MakeAEPBigNum(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize,
+        unsigned char* AEP_BigNum);
+static AEP_RV ConvertAEPBigNum(void* ArbBigNum, AEP_U32 BigNumSize,
+        unsigned char* AEP_BigNum);
+
+/* The definitions for control commands specific to this engine */
+#define AEP_CMD_SO_PATH         ENGINE_CMD_BASE
+static const ENGINE_CMD_DEFN aep_cmd_defns[] =
+        {
+        { AEP_CMD_SO_PATH,
+          "SO_PATH",
+          "Specifies the path to the 'aep' shared library",
+          ENGINE_CMD_FLAG_STRING
+        },
+        {0, NULL, NULL, 0}
+        };
+
+#ifndef OPENSSL_NO_RSA
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD aep_rsa =
+        {
+        "Aep RSA method",
+        NULL,                /*rsa_pub_encrypt*/
+        NULL,                /*rsa_pub_decrypt*/
+        NULL,                /*rsa_priv_encrypt*/
+        NULL,                /*rsa_priv_encrypt*/
+        aep_rsa_mod_exp,     /*rsa_mod_exp*/
+        aep_mod_exp_mont,    /*bn_mod_exp*/
+        NULL,                /*init*/
+        NULL,                /*finish*/
+        0,                   /*flags*/
+        NULL,                /*app_data*/
+        NULL,                /*rsa_sign*/
+        NULL                 /*rsa_verify*/
+        };
+#endif
+
+#ifndef OPENSSL_NO_DSA
+/* Our internal DSA_METHOD that we provide pointers to */
+static DSA_METHOD aep_dsa =
+        {
+        "Aep DSA method",
+        NULL,                /* dsa_do_sign */
+        NULL,                /* dsa_sign_setup */
+        NULL,                /* dsa_do_verify */
+        aep_dsa_mod_exp,     /* dsa_mod_exp */
+        aep_mod_exp_dsa,     /* bn_mod_exp */
+        NULL,                /* init */
+        NULL,                /* finish */
+        0,                   /* flags */
+        NULL                 /* app_data */
+        };
+#endif
+
+#ifndef OPENSSL_NO_DH
+/* Our internal DH_METHOD that we provide pointers to */
+static DH_METHOD aep_dh =
+        {
+        "Aep DH method",
+        NULL,
+        NULL,
+        aep_mod_exp_dh,
+        NULL,
+        NULL,
+        0,
+        NULL
+        };
+#endif
+
+#ifdef AEPRAND
+/* our internal RAND_method that we provide pointers to  */
+static RAND_METHOD aep_random =
+        {
+        /*"AEP RAND method", */
+        NULL,
+        aep_rand,
+        NULL,
+        NULL,
+        aep_rand,
+        aep_rand_status,
+        };
+#endif
+
+/*Define an array of structures to hold connections*/
+static AEP_CONNECTION_ENTRY aep_app_conn_table[MAX_PROCESS_CONNECTIONS];
+
+/*Used to determine if this is a new process*/
+static pid_t    recorded_pid = 0;
+
+#ifdef AEPRAND
+static AEP_U8   rand_block[RAND_BLK_SIZE];
+static AEP_U32  rand_block_bytes = 0;
+#endif
+
+/* Constants used when creating the ENGINE */
+static const char *engine_aep_id = "aep";
+static const char *engine_aep_name = "Aep hardware engine support";
+
+static int max_key_len = 2176;
+
+
+/* This internal function is used by ENGINE_aep() and possibly by the
+ * "dynamic" ENGINE support too */
+static int bind_aep(ENGINE *e)
+        {
+#ifndef OPENSSL_NO_RSA
+        const RSA_METHOD  *meth1;
+#endif
+#ifndef OPENSSL_NO_DSA
+        const DSA_METHOD  *meth2;
+#endif
+#ifndef OPENSSL_NO_DH
+        const DH_METHOD   *meth3;
+#endif
+
+        if(!ENGINE_set_id(e, engine_aep_id) ||
+                !ENGINE_set_name(e, engine_aep_name) ||
+#ifndef OPENSSL_NO_RSA
+                !ENGINE_set_RSA(e, &aep_rsa) ||
+#endif
+#ifndef OPENSSL_NO_DSA
+                !ENGINE_set_DSA(e, &aep_dsa) ||
+#endif
+#ifndef OPENSSL_NO_DH
+                !ENGINE_set_DH(e, &aep_dh) ||
+#endif
+#ifdef AEPRAND
+                !ENGINE_set_RAND(e, &aep_random) ||
+#endif
+                !ENGINE_set_init_function(e, aep_init) ||
+                !ENGINE_set_destroy_function(e, aep_destroy) ||
+                !ENGINE_set_finish_function(e, aep_finish) ||
+                !ENGINE_set_ctrl_function(e, aep_ctrl) ||
+                !ENGINE_set_cmd_defns(e, aep_cmd_defns))
+                return 0;
+
+#ifndef OPENSSL_NO_RSA
+        /* We know that the "PKCS1_SSLeay()" functions hook properly
+         * to the aep-specific mod_exp and mod_exp_crt so we use
+         * those functions. NB: We don't use ENGINE_openssl() or
+         * anything "more generic" because something like the RSAref
+         * code may not hook properly, and if you own one of these
+         * cards then you have the right to do RSA operations on it
+         * anyway! */
+        meth1 = RSA_PKCS1_SSLeay();
+        aep_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+        aep_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+        aep_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+        aep_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+#endif
+
+
+#ifndef OPENSSL_NO_DSA
+        /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
+         * bits. */
+        meth2 = DSA_OpenSSL();
+        aep_dsa.dsa_do_sign    = meth2->dsa_do_sign;
+        aep_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
+        aep_dsa.dsa_do_verify  = meth2->dsa_do_verify;
+
+        aep_dsa = *DSA_get_default_method(); 
+        aep_dsa.dsa_mod_exp = aep_dsa_mod_exp; 
+        aep_dsa.bn_mod_exp = aep_mod_exp_dsa;
+#endif
+
+#ifndef OPENSSL_NO_DH
+        /* Much the same for Diffie-Hellman */
+        meth3 = DH_OpenSSL();
+        aep_dh.generate_key = meth3->generate_key;
+        aep_dh.compute_key  = meth3->compute_key;
+        aep_dh.bn_mod_exp   = meth3->bn_mod_exp;
+#endif
+
+        /* Ensure the aep error handling is set up */
+        ERR_load_AEPHK_strings();
+
+        return 1;
+}
+
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_helper(ENGINE *e, const char *id)
+        {
+        if(id && (strcmp(id, engine_aep_id) != 0))
+                return 0;
+        if(!bind_aep(e))
+                return 0;
+        return 1;
+        }       
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
+#else
+static ENGINE *engine_aep(void)
+        {
+        ENGINE *ret = ENGINE_new();
+        if(!ret)
+                return NULL;
+        if(!bind_aep(ret))
+                {
+                ENGINE_free(ret);
+                return NULL;
+                }
+        return ret;
+        }
+
+void ENGINE_load_aep(void)
+        {
+        /* Copied from eng_[openssl|dyn].c */
+        ENGINE *toadd = engine_aep();
+        if(!toadd) return;
+        ENGINE_add(toadd);
+        ENGINE_free(toadd);
+        ERR_clear_error();
+        }
+#endif
+
+/* This is a process-global DSO handle used for loading and unloading
+ * the Aep library. NB: This is only set (or unset) during an
+ * init() or finish() call (reference counts permitting) and they're
+ * operating with global locks, so this should be thread-safe
+ * implicitly. */
+static DSO *aep_dso = NULL;
+
+/* These are the static string constants for the DSO file name and the function
+ * symbol names to bind to. 
+*/
+static const char *AEP_LIBNAME = NULL;
+static const char *get_AEP_LIBNAME(void)
+        {
+        if(AEP_LIBNAME)
+                return AEP_LIBNAME;
+        return "aep";
+        }
+static void free_AEP_LIBNAME(void)
+        {
+        if(AEP_LIBNAME)
+                OPENSSL_free((void*)AEP_LIBNAME);
+        AEP_LIBNAME = NULL;
+        }
+static long set_AEP_LIBNAME(const char *name)
+        {
+        free_AEP_LIBNAME();
+        return ((AEP_LIBNAME = BUF_strdup(name)) != NULL ? 1 : 0);
+        }
+
+static const char *AEP_F1    = "AEP_ModExp";
+static const char *AEP_F2    = "AEP_ModExpCrt";
+#ifdef AEPRAND
+static const char *AEP_F3    = "AEP_GenRandom";
+#endif
+static const char *AEP_F4    = "AEP_Finalize";
+static const char *AEP_F5    = "AEP_Initialize";
+static const char *AEP_F6    = "AEP_OpenConnection";
+static const char *AEP_F7    = "AEP_SetBNCallBacks";
+static const char *AEP_F8    = "AEP_CloseConnection";
+
+/* These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded. */
+static t_AEP_OpenConnection    *p_AEP_OpenConnection  = NULL;
+static t_AEP_CloseConnection   *p_AEP_CloseConnection = NULL;
+static t_AEP_ModExp            *p_AEP_ModExp          = NULL;
+static t_AEP_ModExpCrt         *p_AEP_ModExpCrt       = NULL;
+#ifdef AEPRAND
+static t_AEP_GenRandom         *p_AEP_GenRandom       = NULL;
+#endif
+static t_AEP_Initialize        *p_AEP_Initialize      = NULL;
+static t_AEP_Finalize          *p_AEP_Finalize        = NULL;
+static t_AEP_SetBNCallBacks    *p_AEP_SetBNCallBacks  = NULL;
+
+/* (de)initialisation functions. */
+static int aep_init(ENGINE *e)
+        {
+        t_AEP_ModExp          *p1;
+        t_AEP_ModExpCrt       *p2;
+#ifdef AEPRAND
+        t_AEP_GenRandom       *p3;
+#endif
+        t_AEP_Finalize        *p4;
+        t_AEP_Initialize      *p5;
+        t_AEP_OpenConnection  *p6;
+        t_AEP_SetBNCallBacks  *p7;
+        t_AEP_CloseConnection *p8;
+
+        int to_return = 0;
+ 
+        if(aep_dso != NULL)
+                {
+                AEPHKerr(AEPHK_F_AEP_INIT,AEPHK_R_ALREADY_LOADED);
+                goto err;
+                }
+        /* Attempt to load libaep.so. */
+
+        aep_dso = DSO_load(NULL, get_AEP_LIBNAME(), NULL, 0);
+  
+        if(aep_dso == NULL)
+                {
+                AEPHKerr(AEPHK_F_AEP_INIT,AEPHK_R_NOT_LOADED);
+                goto err;
+                }
+
+        if(     !(p1 = (t_AEP_ModExp *)     DSO_bind_func( aep_dso,AEP_F1))  ||
+                !(p2 = (t_AEP_ModExpCrt*)   DSO_bind_func( aep_dso,AEP_F2))  ||
+#ifdef AEPRAND
+                !(p3 = (t_AEP_GenRandom*)   DSO_bind_func( aep_dso,AEP_F3))  ||
+#endif
+                !(p4 = (t_AEP_Finalize*)    DSO_bind_func( aep_dso,AEP_F4))  ||
+                !(p5 = (t_AEP_Initialize*)  DSO_bind_func( aep_dso,AEP_F5))  ||
+                !(p6 = (t_AEP_OpenConnection*) DSO_bind_func( aep_dso,AEP_F6))  ||
+                !(p7 = (t_AEP_SetBNCallBacks*) DSO_bind_func( aep_dso,AEP_F7))  ||
+                !(p8 = (t_AEP_CloseConnection*) DSO_bind_func( aep_dso,AEP_F8)))
+                {
+                AEPHKerr(AEPHK_F_AEP_INIT,AEPHK_R_NOT_LOADED);
+                goto err;
+                }
+
+        /* Copy the pointers */
+  
+        p_AEP_ModExp           = p1;
+        p_AEP_ModExpCrt        = p2;
+#ifdef AEPRAND
+        p_AEP_GenRandom        = p3;
+#endif
+        p_AEP_Finalize         = p4;
+        p_AEP_Initialize       = p5;
+        p_AEP_OpenConnection   = p6;
+        p_AEP_SetBNCallBacks   = p7;
+        p_AEP_CloseConnection  = p8;
+ 
+        to_return = 1;
+ 
+        return to_return;
+
+ err: 
+
+        if(aep_dso)
+                DSO_free(aep_dso);
+                
+        p_AEP_OpenConnection    = NULL;
+        p_AEP_ModExp            = NULL;
+        p_AEP_ModExpCrt         = NULL;
+#ifdef AEPRAND
+        p_AEP_GenRandom         = NULL;
+#endif
+        p_AEP_Initialize        = NULL;
+        p_AEP_Finalize          = NULL;
+        p_AEP_SetBNCallBacks    = NULL;
+        p_AEP_CloseConnection   = NULL;
+
+        return to_return;
+        }
+
+/* Destructor (complements the "ENGINE_aep()" constructor) */
+static int aep_destroy(ENGINE *e)
+        {
+        free_AEP_LIBNAME();
+        ERR_unload_AEPHK_strings();
+        return 1;
+        }
+
+static int aep_finish(ENGINE *e)
+        {
+        int to_return = 0, in_use;
+        AEP_RV rv;
+
+        if(aep_dso == NULL)
+                {
+                AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_NOT_LOADED);
+                goto err;
+                }
+
+        rv = aep_close_all_connections(0, &in_use);
+        if (rv != AEP_R_OK)
+                {
+                AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_CLOSE_HANDLES_FAILED);
+                goto err;
+                }
+        if (in_use)
+                {
+                AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_CONNECTIONS_IN_USE);
+                goto err;
+                }
+
+        rv = p_AEP_Finalize();
+        if (rv != AEP_R_OK)
+                {
+                AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_FINALIZE_FAILED);
+                goto err;
+                }
+
+        if(!DSO_free(aep_dso))
+                {
+                AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_UNIT_FAILURE);
+                goto err;
+                }
+
+        aep_dso = NULL;
+        p_AEP_CloseConnection   = NULL;
+        p_AEP_OpenConnection    = NULL;
+        p_AEP_ModExp            = NULL;
+        p_AEP_ModExpCrt         = NULL;
+#ifdef AEPRAND
+        p_AEP_GenRandom         = NULL;
+#endif
+        p_AEP_Initialize        = NULL;
+        p_AEP_Finalize          = NULL;
+        p_AEP_SetBNCallBacks    = NULL;
+
+        to_return = 1;
+ err:
+        return to_return;
+        }
+
+static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+        {
+        int initialised = ((aep_dso == NULL) ? 0 : 1);
+        switch(cmd)
+                {
+        case AEP_CMD_SO_PATH:
+                if(p == NULL)
+                        {
+                        AEPHKerr(AEPHK_F_AEP_CTRL,
+                                ERR_R_PASSED_NULL_PARAMETER);
+                        return 0;
+                        }
+                if(initialised)
+                        {
+                        AEPHKerr(AEPHK_F_AEP_CTRL,
+                                AEPHK_R_ALREADY_LOADED);
+                        return 0;
+                        }
+                return set_AEP_LIBNAME((const char*)p);
+        default:
+                break;
+                }
+        AEPHKerr(AEPHK_F_AEP_CTRL,AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+        return 0;
+        }
+
+static int aep_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+        const BIGNUM *m, BN_CTX *ctx)
+        {
+        int to_return = 0;
+        int     r_len = 0;
+        AEP_CONNECTION_HNDL hConnection;
+        AEP_RV rv;
+        
+        r_len = BN_num_bits(m);
+
+        /* Perform in software if modulus is too large for hardware. */
+
+        if (r_len > max_key_len){
+                AEPHKerr(AEPHK_F_AEP_MOD_EXP, AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+                return BN_mod_exp(r, a, p, m, ctx);
+        } 
+
+        /*Grab a connection from the pool*/
+        rv = aep_get_connection(&hConnection);
+        if (rv != AEP_R_OK)
+                {     
+                AEPHKerr(AEPHK_F_AEP_MOD_EXP,AEPHK_R_GET_HANDLE_FAILED);
+                return BN_mod_exp(r, a, p, m, ctx);
+                }
+
+        /*To the card with the mod exp*/
+        rv = p_AEP_ModExp(hConnection,(void*)a, (void*)p,(void*)m, (void*)r,NULL);
+
+        if (rv !=  AEP_R_OK)
+                {
+                AEPHKerr(AEPHK_F_AEP_MOD_EXP,AEPHK_R_MOD_EXP_FAILED);
+                rv = aep_close_connection(hConnection);
+                return BN_mod_exp(r, a, p, m, ctx);
+                }
+
+        /*Return the connection to the pool*/
+        rv = aep_return_connection(hConnection);
+        if (rv != AEP_R_OK)
+                {
+                AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_RETURN_CONNECTION_FAILED); 
+                goto err;
+                }
+
+        to_return = 1;
+ err:
+        return to_return;
+        }
+        
+static AEP_RV aep_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+        const BIGNUM *q, const BIGNUM *dmp1,
+        const BIGNUM *dmq1,const BIGNUM *iqmp, BN_CTX *ctx)
+        {
+        AEP_RV rv = AEP_R_OK;
+        AEP_CONNECTION_HNDL hConnection;
+
+        /*Grab a connection from the pool*/
+        rv = aep_get_connection(&hConnection);
+        if (rv != AEP_R_OK)
+                {
+                AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT,AEPHK_R_GET_HANDLE_FAILED);
+                return FAIL_TO_SW;
+                }
+
+        /*To the card with the mod exp*/
+        rv = p_AEP_ModExpCrt(hConnection,(void*)a, (void*)p, (void*)q, (void*)dmp1,(void*)dmq1,
+                (void*)iqmp,(void*)r,NULL);
+        if (rv != AEP_R_OK)
+                {
+                AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT,AEPHK_R_MOD_EXP_CRT_FAILED);
+                rv = aep_close_connection(hConnection);
+                return FAIL_TO_SW;
+                }
+
+        /*Return the connection to the pool*/
+        rv = aep_return_connection(hConnection);
+        if (rv != AEP_R_OK)
+                {
+                AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_RETURN_CONNECTION_FAILED); 
+                goto err;
+                }
+ 
+ err:
+        return rv;
+        }
+        
+
+#ifdef AEPRAND
+static int aep_rand(unsigned char *buf,int len )
+        {
+        AEP_RV rv = AEP_R_OK;
+        AEP_CONNECTION_HNDL hConnection;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+
+        /*Can the request be serviced with what's already in the buffer?*/
+        if (len <= rand_block_bytes)
+                {
+                memcpy(buf, &rand_block[RAND_BLK_SIZE - rand_block_bytes], len);
+                rand_block_bytes -= len;
+                CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+                }
+        else
+                /*If not the get another block of random bytes*/
+                {
+                CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+
+                rv = aep_get_connection(&hConnection);
+                if (rv !=  AEP_R_OK)
+                        { 
+                        AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_GET_HANDLE_FAILED);             
+                        goto err_nounlock;
+                        }
+
+                if (len > RAND_BLK_SIZE)
+                        {
+                        rv = p_AEP_GenRandom(hConnection, len, 2, buf, NULL);
+                        if (rv !=  AEP_R_OK)
+                                {  
+                                AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_GET_RANDOM_FAILED); 
+                                goto err_nounlock;
+                                }
+                        }
+                else
+                        {
+                        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+
+                        rv = p_AEP_GenRandom(hConnection, RAND_BLK_SIZE, 2, &rand_block[0], NULL);
+                        if (rv !=  AEP_R_OK)
+                                {       
+                                AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_GET_RANDOM_FAILED); 
+              
+                                goto err;
+                                }
+
+                        rand_block_bytes = RAND_BLK_SIZE;
+
+                        memcpy(buf, &rand_block[RAND_BLK_SIZE - rand_block_bytes], len);
+                        rand_block_bytes -= len;
+
+                        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+                        }
+
+                rv = aep_return_connection(hConnection);
+                if (rv != AEP_R_OK)
+                        {
+                        AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_RETURN_CONNECTION_FAILED); 
+          
+                        goto err_nounlock;
+                        }
+                }
+  
+        return 1;
+ err:
+        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+ err_nounlock:
+        return 0;
+        }
+        
+static int aep_rand_status(void)
+{
+        return 1;
+}
+#endif
+
+#ifndef OPENSSL_NO_RSA
+static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+        {
+        BN_CTX *ctx = NULL;
+        int to_return = 0;
+        AEP_RV rv = AEP_R_OK;
+
+        if ((ctx = BN_CTX_new()) == NULL)
+                goto err;
+
+        if (!aep_dso)
+                {
+                AEPHKerr(AEPHK_F_AEP_RSA_MOD_EXP,AEPHK_R_NOT_LOADED);
+                goto err;
+                }
+
+        /*See if we have all the necessary bits for a crt*/
+        if (rsa->q && rsa->dmp1 && rsa->dmq1 && rsa->iqmp)
+                {
+                rv =  aep_mod_exp_crt(r0,I,rsa->p,rsa->q, rsa->dmp1,rsa->dmq1,rsa->iqmp,ctx);
+
+                if (rv == FAIL_TO_SW){
+                        const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+                        to_return = (*meth->rsa_mod_exp)(r0, I, rsa);
+                        goto err;
+                }
+                else if (rv != AEP_R_OK)
+                        goto err;
+                }
+        else
+                {
+                if (!rsa->d || !rsa->n)
+                        {
+                        AEPHKerr(AEPHK_F_AEP_RSA_MOD_EXP,AEPHK_R_MISSING_KEY_COMPONENTS);
+                        goto err;
+                        }
+ 
+                rv = aep_mod_exp(r0,I,rsa->d,rsa->n,ctx);
+                if  (rv != AEP_R_OK)
+                        goto err;
+        
+                }
+
+        to_return = 1;
+
+ err:
+        if(ctx)
+                BN_CTX_free(ctx);
+        return to_return;
+}
+#endif
+
+#ifndef OPENSSL_NO_DSA
+static int aep_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+        BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+        BN_CTX *ctx, BN_MONT_CTX *in_mont)
+        {
+        BIGNUM t;
+        int to_return = 0;
+        BN_init(&t);
+
+        /* let rr = a1 ^ p1 mod m */
+        if (!aep_mod_exp(rr,a1,p1,m,ctx)) goto end;
+        /* let t = a2 ^ p2 mod m */
+        if (!aep_mod_exp(&t,a2,p2,m,ctx)) goto end;
+        /* let rr = rr * t mod m */
+        if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
+        to_return = 1;
+ end: 
+        BN_free(&t);
+        return to_return;
+        }
+
+static int aep_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+        const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+        BN_MONT_CTX *m_ctx)
+        {  
+        return aep_mod_exp(r, a, p, m, ctx); 
+        }
+#endif
+
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int aep_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+        const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+        {
+        return aep_mod_exp(r, a, p, m, ctx);
+        }
+
+#ifndef OPENSSL_NO_DH
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int aep_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+        const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+        BN_MONT_CTX *m_ctx)
+        {
+        return aep_mod_exp(r, a, p, m, ctx);
+        }
+#endif
+
+static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR phConnection)
+        {
+        int count;
+        AEP_RV rv = AEP_R_OK;
+
+        /*Get the current process id*/
+        pid_t curr_pid;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+
+        curr_pid = getpid();
+
+        /*Check if this is the first time this is being called from the current
+          process*/
+        if (recorded_pid != curr_pid)
+                {
+                /*Remember our pid so we can check if we're in a new process*/
+                recorded_pid = curr_pid;
+
+                /*Call Finalize to make sure we have not inherited some data
+                  from a parent process*/
+                p_AEP_Finalize();
+     
+                /*Initialise the AEP API*/
+                rv = p_AEP_Initialize(NULL);
+
+                if (rv != AEP_R_OK)
+                        {
+                        AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_INIT_FAILURE);
+                        recorded_pid = 0;
+                        goto end;
+                        }
+
+                /*Set the AEP big num call back functions*/
+                rv = p_AEP_SetBNCallBacks(&GetBigNumSize, &MakeAEPBigNum,
+                        &ConvertAEPBigNum);
+
+                if (rv != AEP_R_OK)
+                        {
+                        AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_SETBNCALLBACK_FAILURE);
+                        recorded_pid = 0;
+                        goto end;
+                        }
+
+#ifdef AEPRAND
+                /*Reset the rand byte count*/
+                rand_block_bytes = 0;
+#endif
+
+                /*Init the structures*/
+                for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
+                        {
+                        aep_app_conn_table[count].conn_state = NotConnected;
+                        aep_app_conn_table[count].conn_hndl  = 0;
+                        }
+
+                /*Open a connection*/
+                rv = p_AEP_OpenConnection(phConnection);
+
+                if (rv != AEP_R_OK)
+                        {
+                        AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_UNIT_FAILURE);
+                        recorded_pid = 0;
+                        goto end;
+                        }
+
+                aep_app_conn_table[0].conn_state = InUse;
+                aep_app_conn_table[0].conn_hndl = *phConnection;
+                goto end;
+                }
+        /*Check the existing connections to see if we can find a free one*/
+        for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
+                {
+                if (aep_app_conn_table[count].conn_state == Connected)
+                        {
+                        aep_app_conn_table[count].conn_state = InUse;
+                        *phConnection = aep_app_conn_table[count].conn_hndl;
+                        goto end;
+                        }
+                }
+        /*If no connections available, we're going to have to try
+          to open a new one*/
+        for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
+                {
+                if (aep_app_conn_table[count].conn_state == NotConnected)
+                        {
+                        /*Open a connection*/
+                        rv = p_AEP_OpenConnection(phConnection);
+
+                        if (rv != AEP_R_OK)
+                                {             
+                                AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_UNIT_FAILURE);
+                                goto end;
+                                }
+
+                        aep_app_conn_table[count].conn_state = InUse;
+                        aep_app_conn_table[count].conn_hndl = *phConnection;
+                        goto end;
+                        }
+                }
+        rv = AEP_R_GENERAL_ERROR;
+ end:
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        return rv;
+        }
+
+
+static AEP_RV aep_return_connection(AEP_CONNECTION_HNDL hConnection)
+        {
+        int count;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+
+        /*Find the connection item that matches this connection handle*/
+        for(count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
+                {
+                if (aep_app_conn_table[count].conn_hndl == hConnection)
+                        {
+                        aep_app_conn_table[count].conn_state = Connected;
+                        break;
+                        }
+                }
+
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+
+        return AEP_R_OK;
+        }
+
+static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection)
+        {
+        int count;
+        AEP_RV rv = AEP_R_OK;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+
+        /*Find the connection item that matches this connection handle*/
+        for(count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
+                {
+                if (aep_app_conn_table[count].conn_hndl == hConnection)
+                        {
+                        rv = p_AEP_CloseConnection(aep_app_conn_table[count].conn_hndl);
+                        if (rv != AEP_R_OK)
+                                goto end;
+                        aep_app_conn_table[count].conn_state = NotConnected;
+                        aep_app_conn_table[count].conn_hndl  = 0;
+                        break;
+                        }
+                }
+
+ end:
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        return rv;
+        }
+
+static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use)
+        {
+        int count;
+        AEP_RV rv = AEP_R_OK;
+
+        *in_use = 0;
+        if (use_engine_lock) CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
+                {
+                switch (aep_app_conn_table[count].conn_state)
+                        {
+                case Connected:
+                        rv = p_AEP_CloseConnection(aep_app_conn_table[count].conn_hndl);
+                        if (rv != AEP_R_OK)
+                                goto end;
+                        aep_app_conn_table[count].conn_state = NotConnected;
+                        aep_app_conn_table[count].conn_hndl  = 0;
+                        break;
+                case InUse:
+                        (*in_use)++;
+                        break;
+                case NotConnected:
+                        break;
+                        }
+                }
+ end:
+        if (use_engine_lock) CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        return rv;
+        }
+
+/*BigNum call back functions, used to convert OpenSSL bignums into AEP bignums.
+  Note only 32bit Openssl build support*/
+
+static AEP_RV GetBigNumSize(AEP_VOID_PTR ArbBigNum, AEP_U32* BigNumSize)
+        {
+        BIGNUM* bn;
+
+        /*Cast the ArbBigNum pointer to our BIGNUM struct*/
+        bn = (BIGNUM*) ArbBigNum;
+
+#ifdef SIXTY_FOUR_BIT_LONG
+        *BigNumSize = bn->top << 3;
+#else
+        /*Size of the bignum in bytes is equal to the bn->top (no of 32 bit
+          words) multiplies by 4*/
+        *BigNumSize = bn->top << 2;
+#endif
+
+        return AEP_R_OK;
+        }
+
+static AEP_RV MakeAEPBigNum(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize,
+        unsigned char* AEP_BigNum)
+        {
+        BIGNUM* bn;
+
+#ifndef SIXTY_FOUR_BIT_LONG
+        unsigned char* buf;
+        int i;
+#endif
+
+        /*Cast the ArbBigNum pointer to our BIGNUM struct*/
+        bn = (BIGNUM*) ArbBigNum;
+
+#ifdef SIXTY_FOUR_BIT_LONG
+        memcpy(AEP_BigNum, bn->d, BigNumSize);
+#else
+        /*Must copy data into a (monotone) least significant byte first format
+          performing endian conversion if necessary*/
+        for(i=0;i<bn->top;i++)
+                {
+                buf = (unsigned char*)&bn->d[i];
+
+                *((AEP_U32*)AEP_BigNum) = (AEP_U32)
+                        ((unsigned) buf[1] << 8 | buf[0]) |
+                        ((unsigned) buf[3] << 8 | buf[2])  << 16;
+
+                AEP_BigNum += 4;
+                }
+#endif
+
+        return AEP_R_OK;
+        }
+
+/*Turn an AEP Big Num back to a user big num*/
+static AEP_RV ConvertAEPBigNum(void* ArbBigNum, AEP_U32 BigNumSize,
+        unsigned char* AEP_BigNum)
+        {
+        BIGNUM* bn;
+#ifndef SIXTY_FOUR_BIT_LONG
+        int i;
+#endif
+
+        bn = (BIGNUM*)ArbBigNum;
+
+        /*Expand the result bn so that it can hold our big num.
+          Size is in bits*/
+        bn_expand(bn, (int)(BigNumSize << 3));
+
+#ifdef SIXTY_FOUR_BIT_LONG
+        bn->top = BigNumSize >> 3;
+        
+        if((BigNumSize & 7) != 0)
+                bn->top++;
+
+        memset(bn->d, 0, bn->top << 3); 
+
+        memcpy(bn->d, AEP_BigNum, BigNumSize);
+#else
+        bn->top = BigNumSize >> 2;
+ 
+        for(i=0;i<bn->top;i++)
+                {
+                bn->d[i] = (AEP_U32)
+                        ((unsigned) AEP_BigNum[3] << 8 | AEP_BigNum[2]) << 16 |
+                        ((unsigned) AEP_BigNum[1] << 8 | AEP_BigNum[0]);
+                AEP_BigNum += 4;
+                }
+#endif
+
+        return AEP_R_OK;
+}       
+        
+#endif /* !OPENSSL_NO_HW_AEP */
+#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libcrypto/engine/hw_aep_err.c b/src/lib/libcrypto/engine/hw_aep_err.c
new file mode 100644
index 0000000000..092f532946
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_aep_err.c
@@ -0,0 +1,157 @@
+/* hw_aep_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "hw_aep_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA AEPHK_str_functs[]=
+        {
+{ERR_PACK(0,AEPHK_F_AEP_CTRL,0),        "AEP_CTRL"},
+{ERR_PACK(0,AEPHK_F_AEP_FINISH,0),      "AEP_FINISH"},
+{ERR_PACK(0,AEPHK_F_AEP_GET_CONNECTION,0),      "AEP_GET_CONNECTION"},
+{ERR_PACK(0,AEPHK_F_AEP_INIT,0),        "AEP_INIT"},
+{ERR_PACK(0,AEPHK_F_AEP_MOD_EXP,0),     "AEP_MOD_EXP"},
+{ERR_PACK(0,AEPHK_F_AEP_MOD_EXP_CRT,0), "AEP_MOD_EXP_CRT"},
+{ERR_PACK(0,AEPHK_F_AEP_RAND,0),        "AEP_RAND"},
+{ERR_PACK(0,AEPHK_F_AEP_RSA_MOD_EXP,0), "AEP_RSA_MOD_EXP"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA AEPHK_str_reasons[]=
+        {
+{AEPHK_R_ALREADY_LOADED                  ,"already loaded"},
+{AEPHK_R_CLOSE_HANDLES_FAILED            ,"close handles failed"},
+{AEPHK_R_CONNECTIONS_IN_USE              ,"connections in use"},
+{AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED    ,"ctrl command not implemented"},
+{AEPHK_R_FINALIZE_FAILED                 ,"finalize failed"},
+{AEPHK_R_GET_HANDLE_FAILED               ,"get handle failed"},
+{AEPHK_R_GET_RANDOM_FAILED               ,"get random failed"},
+{AEPHK_R_INIT_FAILURE                    ,"init failure"},
+{AEPHK_R_MISSING_KEY_COMPONENTS          ,"missing key components"},
+{AEPHK_R_MOD_EXP_CRT_FAILED              ,"mod exp crt failed"},
+{AEPHK_R_MOD_EXP_FAILED                  ,"mod exp failed"},
+{AEPHK_R_NOT_LOADED                      ,"not loaded"},
+{AEPHK_R_OK                              ,"ok"},
+{AEPHK_R_RETURN_CONNECTION_FAILED        ,"return connection failed"},
+{AEPHK_R_SETBNCALLBACK_FAILURE           ,"setbncallback failure"},
+{AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL     ,"size too large or too small"},
+{AEPHK_R_UNIT_FAILURE                    ,"unit failure"},
+{0,NULL}
+        };
+
+#endif
+
+#ifdef AEPHK_LIB_NAME
+static ERR_STRING_DATA AEPHK_lib_name[]=
+        {
+{0      ,AEPHK_LIB_NAME},
+{0,NULL}
+        };
+#endif
+
+
+static int AEPHK_lib_error_code=0;
+static int AEPHK_error_init=1;
+
+static void ERR_load_AEPHK_strings(void)
+        {
+        if (AEPHK_lib_error_code == 0)
+                AEPHK_lib_error_code=ERR_get_next_error_library();
+
+        if (AEPHK_error_init)
+                {
+                AEPHK_error_init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(AEPHK_lib_error_code,AEPHK_str_functs);
+                ERR_load_strings(AEPHK_lib_error_code,AEPHK_str_reasons);
+#endif
+
+#ifdef AEPHK_LIB_NAME
+                AEPHK_lib_name->error = ERR_PACK(AEPHK_lib_error_code,0,0);
+                ERR_load_strings(0,AEPHK_lib_name);
+#endif
+                }
+        }
+
+static void ERR_unload_AEPHK_strings(void)
+        {
+        if (AEPHK_error_init == 0)
+                {
+#ifndef OPENSSL_NO_ERR
+                ERR_unload_strings(AEPHK_lib_error_code,AEPHK_str_functs);
+                ERR_unload_strings(AEPHK_lib_error_code,AEPHK_str_reasons);
+#endif
+
+#ifdef AEPHK_LIB_NAME
+                ERR_unload_strings(0,AEPHK_lib_name);
+#endif
+                AEPHK_error_init=1;
+                }
+        }
+
+static void ERR_AEPHK_error(int function, int reason, char *file, int line)
+        {
+        if (AEPHK_lib_error_code == 0)
+                AEPHK_lib_error_code=ERR_get_next_error_library();
+        ERR_PUT_error(AEPHK_lib_error_code,function,reason,file,line);
+        }
diff --git a/src/lib/libcrypto/engine/hw_aep_err.h b/src/lib/libcrypto/engine/hw_aep_err.h
new file mode 100644
index 0000000000..8fe4cf921f
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_aep_err.h
@@ -0,0 +1,101 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_AEPHK_ERR_H
+#define HEADER_AEPHK_ERR_H
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_AEPHK_strings(void);
+static void ERR_unload_AEPHK_strings(void);
+static void ERR_AEPHK_error(int function, int reason, char *file, int line);
+#define AEPHKerr(f,r) ERR_AEPHK_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the AEPHK functions. */
+
+/* Function codes. */
+#define AEPHK_F_AEP_CTRL                                 100
+#define AEPHK_F_AEP_FINISH                               101
+#define AEPHK_F_AEP_GET_CONNECTION                       102
+#define AEPHK_F_AEP_INIT                                 103
+#define AEPHK_F_AEP_MOD_EXP                              104
+#define AEPHK_F_AEP_MOD_EXP_CRT                          105
+#define AEPHK_F_AEP_RAND                                 106
+#define AEPHK_F_AEP_RSA_MOD_EXP                          107
+
+/* Reason codes. */
+#define AEPHK_R_ALREADY_LOADED                           100
+#define AEPHK_R_CLOSE_HANDLES_FAILED                     101
+#define AEPHK_R_CONNECTIONS_IN_USE                       102
+#define AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED             103
+#define AEPHK_R_FINALIZE_FAILED                          104
+#define AEPHK_R_GET_HANDLE_FAILED                        105
+#define AEPHK_R_GET_RANDOM_FAILED                        106
+#define AEPHK_R_INIT_FAILURE                             107
+#define AEPHK_R_MISSING_KEY_COMPONENTS                   108
+#define AEPHK_R_MOD_EXP_CRT_FAILED                       109
+#define AEPHK_R_MOD_EXP_FAILED                           110
+#define AEPHK_R_NOT_LOADED                               111
+#define AEPHK_R_OK                                       112
+#define AEPHK_R_RETURN_CONNECTION_FAILED                 113
+#define AEPHK_R_SETBNCALLBACK_FAILURE                    114
+#define AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL              116
+#define AEPHK_R_UNIT_FAILURE                             115
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/engine/hw_atalla.c b/src/lib/libcrypto/engine/hw_atalla.c
new file mode 100644
index 0000000000..e9eff9fad1
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_atalla.c
@@ -0,0 +1,594 @@
+/* crypto/engine/hw_atalla.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+#include <openssl/engine.h>
+
+#ifndef OPENSSL_NO_HW
+#ifndef OPENSSL_NO_HW_ATALLA
+
+#ifdef FLAT_INC
+#include "atalla.h"
+#else
+#include "vendor_defns/atalla.h"
+#endif
+
+#define ATALLA_LIB_NAME "atalla engine"
+#include "hw_atalla_err.c"
+
+static int atalla_destroy(ENGINE *e);
+static int atalla_init(ENGINE *e);
+static int atalla_finish(ENGINE *e);
+static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+
+/* BIGNUM stuff */
+static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx);
+
+#ifndef OPENSSL_NO_RSA
+/* RSA stuff */
+static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
+#endif
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+
+#ifndef OPENSSL_NO_DSA
+/* DSA stuff */
+static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+                BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+                BN_CTX *ctx, BN_MONT_CTX *in_mont);
+static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+                const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+                BN_MONT_CTX *m_ctx);
+#endif
+
+#ifndef OPENSSL_NO_DH
+/* DH stuff */
+/* This function is alised to mod_exp (with the DH and mont dropped). */
+static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r,
+                const BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+#endif
+
+/* The definitions for control commands specific to this engine */
+#define ATALLA_CMD_SO_PATH              ENGINE_CMD_BASE
+static const ENGINE_CMD_DEFN atalla_cmd_defns[] = {
+        {ATALLA_CMD_SO_PATH,
+                "SO_PATH",
+                "Specifies the path to the 'atasi' shared library",
+                ENGINE_CMD_FLAG_STRING},
+        {0, NULL, NULL, 0}
+        };
+
+#ifndef OPENSSL_NO_RSA
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD atalla_rsa =
+        {
+        "Atalla RSA method",
+        NULL,
+        NULL,
+        NULL,
+        NULL,
+        atalla_rsa_mod_exp,
+        atalla_mod_exp_mont,
+        NULL,
+        NULL,
+        0,
+        NULL,
+        NULL,
+        NULL
+        };
+#endif
+
+#ifndef OPENSSL_NO_DSA
+/* Our internal DSA_METHOD that we provide pointers to */
+static DSA_METHOD atalla_dsa =
+        {
+        "Atalla DSA method",
+        NULL, /* dsa_do_sign */
+        NULL, /* dsa_sign_setup */
+        NULL, /* dsa_do_verify */
+        atalla_dsa_mod_exp, /* dsa_mod_exp */
+        atalla_mod_exp_dsa, /* bn_mod_exp */
+        NULL, /* init */
+        NULL, /* finish */
+        0, /* flags */
+        NULL /* app_data */
+        };
+#endif
+
+#ifndef OPENSSL_NO_DH
+/* Our internal DH_METHOD that we provide pointers to */
+static DH_METHOD atalla_dh =
+        {
+        "Atalla DH method",
+        NULL,
+        NULL,
+        atalla_mod_exp_dh,
+        NULL,
+        NULL,
+        0,
+        NULL
+        };
+#endif
+
+/* Constants used when creating the ENGINE */
+static const char *engine_atalla_id = "atalla";
+static const char *engine_atalla_name = "Atalla hardware engine support";
+
+/* This internal function is used by ENGINE_atalla() and possibly by the
+ * "dynamic" ENGINE support too */
+static int bind_helper(ENGINE *e)
+        {
+#ifndef OPENSSL_NO_RSA
+        const RSA_METHOD *meth1;
+#endif
+#ifndef OPENSSL_NO_DSA
+        const DSA_METHOD *meth2;
+#endif
+#ifndef OPENSSL_NO_DH
+        const DH_METHOD *meth3;
+#endif
+        if(!ENGINE_set_id(e, engine_atalla_id) ||
+                        !ENGINE_set_name(e, engine_atalla_name) ||
+#ifndef OPENSSL_NO_RSA
+                        !ENGINE_set_RSA(e, &atalla_rsa) ||
+#endif
+#ifndef OPENSSL_NO_DSA
+                        !ENGINE_set_DSA(e, &atalla_dsa) ||
+#endif
+#ifndef OPENSSL_NO_DH
+                        !ENGINE_set_DH(e, &atalla_dh) ||
+#endif
+                        !ENGINE_set_destroy_function(e, atalla_destroy) ||
+                        !ENGINE_set_init_function(e, atalla_init) ||
+                        !ENGINE_set_finish_function(e, atalla_finish) ||
+                        !ENGINE_set_ctrl_function(e, atalla_ctrl) ||
+                        !ENGINE_set_cmd_defns(e, atalla_cmd_defns))
+                return 0;
+
+#ifndef OPENSSL_NO_RSA
+        /* We know that the "PKCS1_SSLeay()" functions hook properly
+         * to the atalla-specific mod_exp and mod_exp_crt so we use
+         * those functions. NB: We don't use ENGINE_openssl() or
+         * anything "more generic" because something like the RSAref
+         * code may not hook properly, and if you own one of these
+         * cards then you have the right to do RSA operations on it
+         * anyway! */ 
+        meth1 = RSA_PKCS1_SSLeay();
+        atalla_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+        atalla_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+        atalla_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+        atalla_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+#endif
+
+#ifndef OPENSSL_NO_DSA
+        /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
+         * bits. */
+        meth2 = DSA_OpenSSL();
+        atalla_dsa.dsa_do_sign = meth2->dsa_do_sign;
+        atalla_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
+        atalla_dsa.dsa_do_verify = meth2->dsa_do_verify;
+#endif
+
+#ifndef OPENSSL_NO_DH
+        /* Much the same for Diffie-Hellman */
+        meth3 = DH_OpenSSL();
+        atalla_dh.generate_key = meth3->generate_key;
+        atalla_dh.compute_key = meth3->compute_key;
+#endif
+
+        /* Ensure the atalla error handling is set up */
+        ERR_load_ATALLA_strings();
+        return 1;
+        }
+
+#ifndef ENGINE_DYNAMIC_SUPPORT
+static ENGINE *engine_atalla(void)
+        {
+        ENGINE *ret = ENGINE_new();
+        if(!ret)
+                return NULL;
+        if(!bind_helper(ret))
+                {
+                ENGINE_free(ret);
+                return NULL;
+                }
+        return ret;
+        }
+
+void ENGINE_load_atalla(void)
+        {
+        /* Copied from eng_[openssl|dyn].c */
+        ENGINE *toadd = engine_atalla();
+        if(!toadd) return;
+        ENGINE_add(toadd);
+        ENGINE_free(toadd);
+        ERR_clear_error();
+        }
+#endif
+
+/* This is a process-global DSO handle used for loading and unloading
+ * the Atalla library. NB: This is only set (or unset) during an
+ * init() or finish() call (reference counts permitting) and they're
+ * operating with global locks, so this should be thread-safe
+ * implicitly. */
+static DSO *atalla_dso = NULL;
+
+/* These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded. */
+static tfnASI_GetHardwareConfig *p_Atalla_GetHardwareConfig = NULL;
+static tfnASI_RSAPrivateKeyOpFn *p_Atalla_RSAPrivateKeyOpFn = NULL;
+static tfnASI_GetPerformanceStatistics *p_Atalla_GetPerformanceStatistics = NULL;
+
+/* These are the static string constants for the DSO file name and the function
+ * symbol names to bind to. Regrettably, the DSO name on *nix appears to be
+ * "atasi.so" rather than something more consistent like "libatasi.so". At the
+ * time of writing, I'm not sure what the file name on win32 is but clearly
+ * native name translation is not possible (eg libatasi.so on *nix, and
+ * atasi.dll on win32). For the purposes of testing, I have created a symbollic
+ * link called "libatasi.so" so that we can use native name-translation - a
+ * better solution will be needed. */
+static const char *ATALLA_LIBNAME = NULL;
+static const char *get_ATALLA_LIBNAME(void)
+        {
+                if(ATALLA_LIBNAME)
+                        return ATALLA_LIBNAME;
+                return "atasi";
+        }
+static void free_ATALLA_LIBNAME(void)
+        {
+                if(ATALLA_LIBNAME)
+                        OPENSSL_free((void*)ATALLA_LIBNAME);
+                ATALLA_LIBNAME = NULL;
+        }
+static long set_ATALLA_LIBNAME(const char *name)
+        {
+        free_ATALLA_LIBNAME();
+        return (((ATALLA_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
+        }
+static const char *ATALLA_F1 = "ASI_GetHardwareConfig";
+static const char *ATALLA_F2 = "ASI_RSAPrivateKeyOpFn";
+static const char *ATALLA_F3 = "ASI_GetPerformanceStatistics";
+
+/* Destructor (complements the "ENGINE_atalla()" constructor) */
+static int atalla_destroy(ENGINE *e)
+        {
+        free_ATALLA_LIBNAME();
+        /* Unload the atalla error strings so any error state including our
+         * functs or reasons won't lead to a segfault (they simply get displayed
+         * without corresponding string data because none will be found). */
+        ERR_unload_ATALLA_strings();
+        return 1;
+        }
+
+/* (de)initialisation functions. */
+static int atalla_init(ENGINE *e)
+        {
+        tfnASI_GetHardwareConfig *p1;
+        tfnASI_RSAPrivateKeyOpFn *p2;
+        tfnASI_GetPerformanceStatistics *p3;
+        /* Not sure of the origin of this magic value, but Ben's code had it
+         * and it seemed to have been working for a few people. :-) */
+        unsigned int config_buf[1024];
+
+        if(atalla_dso != NULL)
+                {
+                ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_ALREADY_LOADED);
+                goto err;
+                }
+        /* Attempt to load libatasi.so/atasi.dll/whatever. Needs to be
+         * changed unfortunately because the Atalla drivers don't have
+         * standard library names that can be platform-translated well. */
+        /* TODO: Work out how to actually map to the names the Atalla
+         * drivers really use - for now a symbollic link needs to be
+         * created on the host system from libatasi.so to atasi.so on
+         * unix variants. */
+        atalla_dso = DSO_load(NULL, get_ATALLA_LIBNAME(), NULL, 0);
+        if(atalla_dso == NULL)
+                {
+                ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_NOT_LOADED);
+                goto err;
+                }
+        if(!(p1 = (tfnASI_GetHardwareConfig *)DSO_bind_func(
+                                atalla_dso, ATALLA_F1)) ||
+                        !(p2 = (tfnASI_RSAPrivateKeyOpFn *)DSO_bind_func(
+                                atalla_dso, ATALLA_F2)) ||
+                        !(p3 = (tfnASI_GetPerformanceStatistics *)DSO_bind_func(
+                                atalla_dso, ATALLA_F3)))
+                {
+                ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_NOT_LOADED);
+                goto err;
+                }
+        /* Copy the pointers */
+        p_Atalla_GetHardwareConfig = p1;
+        p_Atalla_RSAPrivateKeyOpFn = p2;
+        p_Atalla_GetPerformanceStatistics = p3;
+        /* Perform a basic test to see if there's actually any unit
+         * running. */
+        if(p1(0L, config_buf) != 0)
+                {
+                ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_UNIT_FAILURE);
+                goto err;
+                }
+        /* Everything's fine. */
+        return 1;
+err:
+        if(atalla_dso)
+                DSO_free(atalla_dso);
+        p_Atalla_GetHardwareConfig = NULL;
+        p_Atalla_RSAPrivateKeyOpFn = NULL;
+        p_Atalla_GetPerformanceStatistics = NULL;
+        return 0;
+        }
+
+static int atalla_finish(ENGINE *e)
+        {
+        free_ATALLA_LIBNAME();
+        if(atalla_dso == NULL)
+                {
+                ATALLAerr(ATALLA_F_ATALLA_FINISH,ATALLA_R_NOT_LOADED);
+                return 0;
+                }
+        if(!DSO_free(atalla_dso))
+                {
+                ATALLAerr(ATALLA_F_ATALLA_FINISH,ATALLA_R_UNIT_FAILURE);
+                return 0;
+                }
+        atalla_dso = NULL;
+        p_Atalla_GetHardwareConfig = NULL;
+        p_Atalla_RSAPrivateKeyOpFn = NULL;
+        p_Atalla_GetPerformanceStatistics = NULL;
+        return 1;
+        }
+
+static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+        {
+        int initialised = ((atalla_dso == NULL) ? 0 : 1);
+        switch(cmd)
+                {
+        case ATALLA_CMD_SO_PATH:
+                if(p == NULL)
+                        {
+                        ATALLAerr(ATALLA_F_ATALLA_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+                        return 0;
+                        }
+                if(initialised)
+                        {
+                        ATALLAerr(ATALLA_F_ATALLA_CTRL,ATALLA_R_ALREADY_LOADED);
+                        return 0;
+                        }
+                return set_ATALLA_LIBNAME((const char *)p);
+        default:
+                break;
+                }
+        ATALLAerr(ATALLA_F_ATALLA_CTRL,ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+        return 0;
+        }
+
+static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                        const BIGNUM *m, BN_CTX *ctx)
+        {
+        /* I need somewhere to store temporary serialised values for
+         * use with the Atalla API calls. A neat cheat - I'll use
+         * BIGNUMs from the BN_CTX but access their arrays directly as
+         * byte arrays <grin>. This way I don't have to clean anything
+         * up. */
+        BIGNUM *modulus;
+        BIGNUM *exponent;
+        BIGNUM *argument;
+        BIGNUM *result;
+        RSAPrivateKey keydata;
+        int to_return, numbytes;
+
+        modulus = exponent = argument = result = NULL;
+        to_return = 0; /* expect failure */
+
+        if(!atalla_dso)
+                {
+                ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_NOT_LOADED);
+                goto err;
+                }
+        /* Prepare the params */
+        BN_CTX_start(ctx);
+        modulus = BN_CTX_get(ctx);
+        exponent = BN_CTX_get(ctx);
+        argument = BN_CTX_get(ctx);
+        result = BN_CTX_get(ctx);
+        if (!result)
+                {
+                ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_BN_CTX_FULL);
+                goto err;
+                }
+        if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, m->top) ||
+           !bn_wexpand(argument, m->top) || !bn_wexpand(result, m->top))
+                {
+                ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_BN_EXPAND_FAIL);
+                goto err;
+                }
+        /* Prepare the key-data */
+        memset(&keydata, 0,sizeof keydata);
+        numbytes = BN_num_bytes(m);
+        memset(exponent->d, 0, numbytes);
+        memset(modulus->d, 0, numbytes);
+        BN_bn2bin(p, (unsigned char *)exponent->d + numbytes - BN_num_bytes(p));
+        BN_bn2bin(m, (unsigned char *)modulus->d + numbytes - BN_num_bytes(m));
+        keydata.privateExponent.data = (unsigned char *)exponent->d;
+        keydata.privateExponent.len = numbytes;
+        keydata.modulus.data = (unsigned char *)modulus->d;
+        keydata.modulus.len = numbytes;
+        /* Prepare the argument */
+        memset(argument->d, 0, numbytes);
+        memset(result->d, 0, numbytes);
+        BN_bn2bin(a, (unsigned char *)argument->d + numbytes - BN_num_bytes(a));
+        /* Perform the operation */
+        if(p_Atalla_RSAPrivateKeyOpFn(&keydata, (unsigned char *)result->d,
+                        (unsigned char *)argument->d,
+                        keydata.modulus.len) != 0)
+                {
+                ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_REQUEST_FAILED);
+                goto err;
+                }
+        /* Convert the response */
+        BN_bin2bn((unsigned char *)result->d, numbytes, r);
+        to_return = 1;
+err:
+        BN_CTX_end(ctx);
+        return to_return;
+        }
+
+#ifndef OPENSSL_NO_RSA
+static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+        {
+        BN_CTX *ctx = NULL;
+        int to_return = 0;
+
+        if(!atalla_dso)
+                {
+                ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP,ATALLA_R_NOT_LOADED);
+                goto err;
+                }
+        if((ctx = BN_CTX_new()) == NULL)
+                goto err;
+        if(!rsa->d || !rsa->n)
+                {
+                ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP,ATALLA_R_MISSING_KEY_COMPONENTS);
+                goto err;
+                }
+        to_return = atalla_mod_exp(r0, I, rsa->d, rsa->n, ctx);
+err:
+        if(ctx)
+                BN_CTX_free(ctx);
+        return to_return;
+        }
+#endif
+
+#ifndef OPENSSL_NO_DSA
+/* This code was liberated and adapted from the commented-out code in
+ * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration
+ * (it doesn't have a CRT form for RSA), this function means that an
+ * Atalla system running with a DSA server certificate can handshake
+ * around 5 or 6 times faster/more than an equivalent system running with
+ * RSA. Just check out the "signs" statistics from the RSA and DSA parts
+ * of "openssl speed -engine atalla dsa1024 rsa1024". */
+static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+                BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+                BN_CTX *ctx, BN_MONT_CTX *in_mont)
+        {
+        BIGNUM t;
+        int to_return = 0;
+ 
+        BN_init(&t);
+        /* let rr = a1 ^ p1 mod m */
+        if (!atalla_mod_exp(rr,a1,p1,m,ctx)) goto end;
+        /* let t = a2 ^ p2 mod m */
+        if (!atalla_mod_exp(&t,a2,p2,m,ctx)) goto end;
+        /* let rr = rr * t mod m */
+        if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
+        to_return = 1;
+end:
+        BN_free(&t);
+        return to_return;
+        }
+
+static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+                const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+                BN_MONT_CTX *m_ctx)
+        {
+        return atalla_mod_exp(r, a, p, m, ctx);
+        }
+#endif
+
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+        {
+        return atalla_mod_exp(r, a, p, m, ctx);
+        }
+
+#ifndef OPENSSL_NO_DH
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r,
+                const BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+        {
+        return atalla_mod_exp(r, a, p, m, ctx);
+        }
+#endif
+
+/* This stuff is needed if this ENGINE is being compiled into a self-contained
+ * shared-library. */
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_fn(ENGINE *e, const char *id)
+        {
+        if(id && (strcmp(id, engine_atalla_id) != 0))
+                return 0;
+        if(!bind_helper(e))
+                return 0;
+        return 1;
+        }
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#endif /* ENGINE_DYNAMIC_SUPPORT */
+
+#endif /* !OPENSSL_NO_HW_ATALLA */
+#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libcrypto/engine/hw_atalla_err.c b/src/lib/libcrypto/engine/hw_atalla_err.c
new file mode 100644
index 0000000000..1df9c4570c
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_atalla_err.c
@@ -0,0 +1,145 @@
+/* hw_atalla_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "hw_atalla_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA ATALLA_str_functs[]=
+        {
+{ERR_PACK(0,ATALLA_F_ATALLA_CTRL,0),    "ATALLA_CTRL"},
+{ERR_PACK(0,ATALLA_F_ATALLA_FINISH,0),  "ATALLA_FINISH"},
+{ERR_PACK(0,ATALLA_F_ATALLA_INIT,0),    "ATALLA_INIT"},
+{ERR_PACK(0,ATALLA_F_ATALLA_MOD_EXP,0), "ATALLA_MOD_EXP"},
+{ERR_PACK(0,ATALLA_F_ATALLA_RSA_MOD_EXP,0),     "ATALLA_RSA_MOD_EXP"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA ATALLA_str_reasons[]=
+        {
+{ATALLA_R_ALREADY_LOADED                 ,"already loaded"},
+{ATALLA_R_BN_CTX_FULL                    ,"bn ctx full"},
+{ATALLA_R_BN_EXPAND_FAIL                 ,"bn expand fail"},
+{ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED   ,"ctrl command not implemented"},
+{ATALLA_R_MISSING_KEY_COMPONENTS         ,"missing key components"},
+{ATALLA_R_NOT_LOADED                     ,"not loaded"},
+{ATALLA_R_REQUEST_FAILED                 ,"request failed"},
+{ATALLA_R_UNIT_FAILURE                   ,"unit failure"},
+{0,NULL}
+        };
+
+#endif
+
+#ifdef ATALLA_LIB_NAME
+static ERR_STRING_DATA ATALLA_lib_name[]=
+        {
+{0      ,ATALLA_LIB_NAME},
+{0,NULL}
+        };
+#endif
+
+
+static int ATALLA_lib_error_code=0;
+static int ATALLA_error_init=1;
+
+static void ERR_load_ATALLA_strings(void)
+        {
+        if (ATALLA_lib_error_code == 0)
+                ATALLA_lib_error_code=ERR_get_next_error_library();
+
+        if (ATALLA_error_init)
+                {
+                ATALLA_error_init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(ATALLA_lib_error_code,ATALLA_str_functs);
+                ERR_load_strings(ATALLA_lib_error_code,ATALLA_str_reasons);
+#endif
+
+#ifdef ATALLA_LIB_NAME
+                ATALLA_lib_name->error = ERR_PACK(ATALLA_lib_error_code,0,0);
+                ERR_load_strings(0,ATALLA_lib_name);
+#endif
+                }
+        }
+
+static void ERR_unload_ATALLA_strings(void)
+        {
+        if (ATALLA_error_init == 0)
+                {
+#ifndef OPENSSL_NO_ERR
+                ERR_unload_strings(ATALLA_lib_error_code,ATALLA_str_functs);
+                ERR_unload_strings(ATALLA_lib_error_code,ATALLA_str_reasons);
+#endif
+
+#ifdef ATALLA_LIB_NAME
+                ERR_unload_strings(0,ATALLA_lib_name);
+#endif
+                ATALLA_error_init=1;
+                }
+        }
+
+static void ERR_ATALLA_error(int function, int reason, char *file, int line)
+        {
+        if (ATALLA_lib_error_code == 0)
+                ATALLA_lib_error_code=ERR_get_next_error_library();
+        ERR_PUT_error(ATALLA_lib_error_code,function,reason,file,line);
+        }
diff --git a/src/lib/libcrypto/engine/hw_atalla_err.h b/src/lib/libcrypto/engine/hw_atalla_err.h
new file mode 100644
index 0000000000..cdac052d8c
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_atalla_err.h
@@ -0,0 +1,89 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_ATALLA_ERR_H
+#define HEADER_ATALLA_ERR_H
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_ATALLA_strings(void);
+static void ERR_unload_ATALLA_strings(void);
+static void ERR_ATALLA_error(int function, int reason, char *file, int line);
+#define ATALLAerr(f,r) ERR_ATALLA_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the ATALLA functions. */
+
+/* Function codes. */
+#define ATALLA_F_ATALLA_CTRL                             100
+#define ATALLA_F_ATALLA_FINISH                           101
+#define ATALLA_F_ATALLA_INIT                             102
+#define ATALLA_F_ATALLA_MOD_EXP                          103
+#define ATALLA_F_ATALLA_RSA_MOD_EXP                      104
+
+/* Reason codes. */
+#define ATALLA_R_ALREADY_LOADED                          100
+#define ATALLA_R_BN_CTX_FULL                             101
+#define ATALLA_R_BN_EXPAND_FAIL                          102
+#define ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED            103
+#define ATALLA_R_MISSING_KEY_COMPONENTS                  104
+#define ATALLA_R_NOT_LOADED                              105
+#define ATALLA_R_REQUEST_FAILED                          106
+#define ATALLA_R_UNIT_FAILURE                            107
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/engine/hw_cryptodev.c b/src/lib/libcrypto/engine/hw_cryptodev.c
new file mode 100644
index 0000000000..d3b186c132
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_cryptodev.c
@@ -0,0 +1,1354 @@
+/*
+ * Copyright (c) 2002-2004 Theo de Raadt
+ * Copyright (c) 2002 Bob Beck <beck@openbsd.org>
+ * Copyright (c) 2002 Markus Friedl
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <openssl/objects.h>
+#include <openssl/engine.h>
+#include <openssl/evp.h>
+
+#if (defined(__unix__) || defined(unix)) && !defined(USG)
+#include <sys/param.h>
+# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041)
+# define HAVE_CRYPTODEV
+# endif
+# if (OpenBSD >= 200110)
+# define HAVE_SYSLOG_R
+# endif
+#endif
+
+#ifndef HAVE_CRYPTODEV
+
+void
+ENGINE_load_cryptodev(void)
+{
+        /* This is a NOP on platforms without /dev/crypto */
+        return;
+}
+
+#else
+
+#include <sys/types.h>
+#include <crypto/cryptodev.h>
+#include <sys/ioctl.h>
+
+#include <errno.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <stdarg.h>
+#include <syslog.h>
+#include <errno.h>
+#include <string.h>
+
+#ifdef __i386__
+#include <sys/sysctl.h>
+#include <machine/cpu.h>
+#include <machine/specialreg.h>
+
+#include <ssl/aes.h>
+
+static int check_viac3aes(void);
+#endif
+
+struct dev_crypto_state {
+        struct session_op d_sess;
+        int d_fd;
+};
+
+struct dev_crypto_cipher {
+        int     c_id;
+        int     c_nid;
+        int     c_ivmax;
+        int     c_keylen;
+};
+
+static u_int32_t cryptodev_asymfeat = 0;
+
+static int get_asym_dev_crypto(void);
+static int open_dev_crypto(void);
+static int get_dev_crypto(void);
+static struct dev_crypto_cipher *cipher_nid_to_cryptodev(int nid);
+static int get_cryptodev_ciphers(const int **cnids);
+/*static int get_cryptodev_digests(const int **cnids);*/
+static int cryptodev_usable_ciphers(const int **nids);
+static int cryptodev_usable_digests(const int **nids);
+static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+    const unsigned char *in, unsigned int inl);
+static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+    const unsigned char *iv, int enc);
+static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx);
+static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+    const int **nids, int nid);
+static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
+    const int **nids, int nid);
+static int bn2crparam(const BIGNUM *a, struct crparam *crp);
+static int crparam2bn(struct crparam *crp, BIGNUM *a);
+static void zapparams(struct crypt_kop *kop);
+static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r,
+    int slen, BIGNUM *s);
+
+static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
+    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I,
+    RSA *rsa);
+static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
+static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
+    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
+    BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
+    BN_CTX *ctx, BN_MONT_CTX *mont);
+static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst,
+    int dlen, DSA *dsa);
+static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
+    DSA_SIG *sig, DSA *dsa);
+static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+    BN_MONT_CTX *m_ctx);
+static int cryptodev_dh_compute_key(unsigned char *key,
+    const BIGNUM *pub_key, DH *dh);
+static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
+    void (*f)());
+void ENGINE_load_cryptodev(void);
+
+static const ENGINE_CMD_DEFN cryptodev_defns[] = {
+        { 0, NULL, NULL, 0 }
+};
+
+static struct dev_crypto_cipher ciphers[] = {
+        { CRYPTO_DES_CBC,               NID_des_cbc,            8,       8, },
+        { CRYPTO_3DES_CBC,              NID_des_ede3_cbc,       8,      24, },
+        { CRYPTO_AES_CBC,               NID_aes_128_cbc,        16,     16, },
+        { CRYPTO_AES_CBC,               NID_aes_192_cbc,        16,     24, },
+        { CRYPTO_AES_CBC,               NID_aes_256_cbc,        16,     32, },
+        { CRYPTO_BLF_CBC,               NID_bf_cbc,             8,      16, },
+        { CRYPTO_CAST_CBC,              NID_cast5_cbc,          8,      16, },
+        { CRYPTO_SKIPJACK_CBC,          NID_undef,              0,       0, },
+        { 0,                            NID_undef,              0,       0, },
+};
+
+#if 0 /* UNUSED */
+static struct {
+        int     id;
+        int     nid;
+} digests[] = {
+        { CRYPTO_SHA1_HMAC,             NID_hmacWithSHA1,       },
+        { CRYPTO_RIPEMD160_HMAC,        NID_ripemd160,          },
+        { CRYPTO_MD5_KPDK,              NID_undef,              },
+        { CRYPTO_SHA1_KPDK,             NID_undef,              },
+        { CRYPTO_MD5,                   NID_md5,                },
+        { CRYPTO_SHA1,                  NID_undef,              },
+        { 0,                            NID_undef,              },
+};
+#endif
+
+/*
+ * Return a fd if /dev/crypto seems usable, -1 otherwise.
+ */
+static int
+open_dev_crypto(void)
+{
+        static int fd = -1;
+
+        if (fd == -1) {
+                if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
+                        return (-1);
+                /* close on exec */
+                if (fcntl(fd, F_SETFD, 1) == -1) {
+                        close(fd);
+                        fd = -1;
+                        return (-1);
+                }
+        }
+        return (fd);
+}
+
+static int
+get_dev_crypto(void)
+{
+        int fd, retfd;
+
+        if ((fd = open_dev_crypto()) == -1)
+                return (-1);
+        if (ioctl(fd, CRIOGET, &retfd) == -1) {
+                close(fd);
+                return (-1);
+        }
+
+        /* close on exec */
+        if (fcntl(retfd, F_SETFD, 1) == -1) {
+                close(retfd);
+                return (-1);
+        }
+        return (retfd);
+}
+
+/* Caching version for asym operations */
+static int
+get_asym_dev_crypto(void)
+{
+        static int fd = -1;
+
+        if (fd == -1)
+                fd = get_dev_crypto();
+        return fd;
+}
+
+/* convert libcrypto nids to cryptodev */
+static struct dev_crypto_cipher *
+cipher_nid_to_cryptodev(int nid)
+{
+        int i;
+
+        for (i = 0; ciphers[i].c_id; i++)
+                if (ciphers[i].c_nid == nid)
+                        return (&ciphers[i]);
+        return (NULL);
+}
+
+/*
+ * Find out what ciphers /dev/crypto will let us have a session for.
+ * XXX note, that some of these openssl doesn't deal with yet!
+ * returning them here is harmless, as long as we return NULL
+ * when asked for a handler in the cryptodev_engine_ciphers routine
+ */
+static int
+get_cryptodev_ciphers(const int **cnids)
+{
+        static int nids[CRYPTO_ALGORITHM_MAX];
+        struct session_op sess;
+        int fd, i, count = 0;
+
+        if ((fd = get_dev_crypto()) < 0) {
+                *cnids = NULL;
+                return (0);
+        }
+        memset(&sess, 0, sizeof(sess));
+        sess.key = (caddr_t)"123456781234567812345678";
+
+        for (i = 0; ciphers[i].c_id && count < CRYPTO_ALGORITHM_MAX; i++) {
+                if (ciphers[i].c_nid == NID_undef)
+                        continue;
+                sess.cipher = ciphers[i].c_id;
+                sess.keylen = ciphers[i].c_keylen;
+                sess.mac = 0;
+                if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
+                    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
+                        nids[count++] = ciphers[i].c_nid;
+        }
+        close(fd);
+
+#if defined(__i386__)
+        /*
+         * On i386, always check for the VIA C3 AES instructions;
+         * even if /dev/crypto is disabled.
+         */
+        if (check_viac3aes() >= 1) {
+                int have_NID_aes_128_cbc = 0;
+                int have_NID_aes_192_cbc = 0;
+                int have_NID_aes_256_cbc = 0;
+
+                for (i = 0; i < count; i++) {
+                        if (nids[i] == NID_aes_128_cbc)
+                                have_NID_aes_128_cbc = 1;
+                        if (nids[i] == NID_aes_192_cbc)
+                                have_NID_aes_192_cbc = 1;
+                        if (nids[i] == NID_aes_256_cbc)
+                                have_NID_aes_256_cbc = 1;
+                }
+                if (!have_NID_aes_128_cbc)
+                        nids[count++] = NID_aes_128_cbc;
+                if (!have_NID_aes_192_cbc)
+                        nids[count++] = NID_aes_192_cbc;
+                if (!have_NID_aes_256_cbc)
+                        nids[count++] = NID_aes_256_cbc;
+        }
+#endif
+
+        if (count > 0)
+                *cnids = nids;
+        else
+                *cnids = NULL;
+        return (count);
+}
+
+/*
+ * Find out what digests /dev/crypto will let us have a session for.
+ * XXX note, that some of these openssl doesn't deal with yet!
+ * returning them here is harmless, as long as we return NULL
+ * when asked for a handler in the cryptodev_engine_digests routine
+ */
+#if 0 /* UNUSED */
+static int
+get_cryptodev_digests(const int **cnids)
+{
+        static int nids[CRYPTO_ALGORITHM_MAX];
+        struct session_op sess;
+        int fd, i, count = 0;
+
+        if ((fd = get_dev_crypto()) < 0) {
+                *cnids = NULL;
+                return (0);
+        }
+        memset(&sess, 0, sizeof(sess));
+        for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
+                if (digests[i].nid == NID_undef)
+                        continue;
+                sess.mac = digests[i].id;
+                sess.cipher = 0;
+                if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
+                    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
+                        nids[count++] = digests[i].nid;
+        }
+        close(fd);
+
+        if (count > 0)
+                *cnids = nids;
+        else
+                *cnids = NULL;
+        return (count);
+}
+#endif
+
+/*
+ * Find the useable ciphers|digests from dev/crypto - this is the first
+ * thing called by the engine init crud which determines what it
+ * can use for ciphers from this engine. We want to return
+ * only what we can do, anythine else is handled by software.
+ *
+ * If we can't initialize the device to do anything useful for
+ * any reason, we want to return a NULL array, and 0 length,
+ * which forces everything to be done is software. By putting
+ * the initalization of the device in here, we ensure we can
+ * use this engine as the default, and if for whatever reason
+ * /dev/crypto won't do what we want it will just be done in
+ * software
+ *
+ * This can (should) be greatly expanded to perhaps take into
+ * account speed of the device, and what we want to do.
+ * (although the disabling of particular alg's could be controlled
+ * by the device driver with sysctl's.) - this is where we
+ * want most of the decisions made about what we actually want
+ * to use from /dev/crypto.
+ */
+static int
+cryptodev_usable_ciphers(const int **nids)
+{
+        return (get_cryptodev_ciphers(nids));
+}
+
+static int
+cryptodev_usable_digests(const int **nids)
+{
+        /*
+         * XXXX just disable all digests for now, because it sucks.
+         * we need a better way to decide this - i.e. I may not
+         * want digests on slow cards like hifn on fast machines,
+         * but might want them on slow or loaded machines, etc.
+         * will also want them when using crypto cards that don't
+         * suck moose gonads - would be nice to be able to decide something
+         * as reasonable default without having hackery that's card dependent.
+         * of course, the default should probably be just do everything,
+         * with perhaps a sysctl to turn algoritms off (or have them off
+         * by default) on cards that generally suck like the hifn.
+         */
+        *nids = NULL;
+        return (0);
+}
+
+static int
+cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+    const unsigned char *in, unsigned int inl)
+{
+        struct crypt_op cryp;
+        struct dev_crypto_state *state = ctx->cipher_data;
+        struct session_op *sess = &state->d_sess;
+        void *iiv;
+        unsigned char save_iv[EVP_MAX_IV_LENGTH];
+
+        if (state->d_fd < 0)
+                return (0);
+        if (!inl)
+                return (1);
+        if ((inl % ctx->cipher->block_size) != 0)
+                return (0);
+
+        memset(&cryp, 0, sizeof(cryp));
+
+        cryp.ses = sess->ses;
+        cryp.flags = 0;
+        cryp.len = inl;
+        cryp.src = (caddr_t) in;
+        cryp.dst = (caddr_t) out;
+        cryp.mac = 0;
+
+        cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
+
+        if (ctx->cipher->iv_len) {
+                cryp.iv = (caddr_t) ctx->iv;
+                if (!ctx->encrypt) {
+                        iiv = (void *) in + inl - ctx->cipher->iv_len;
+                        memcpy(save_iv, iiv, ctx->cipher->iv_len);
+                }
+        } else
+                cryp.iv = NULL;
+
+        if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) {
+                /* XXX need better errror handling
+                 * this can fail for a number of different reasons.
+                 */
+                return (0);
+        }
+
+        if (ctx->cipher->iv_len) {
+                if (ctx->encrypt)
+                        iiv = (void *) out + inl - ctx->cipher->iv_len;
+                else
+                        iiv = save_iv;
+                memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
+        }
+        return (1);
+}
+
+static int
+cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+    const unsigned char *iv, int enc)
+{
+        struct dev_crypto_state *state = ctx->cipher_data;
+        struct session_op *sess = &state->d_sess;
+        struct dev_crypto_cipher *cipher;
+
+        if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NULL)
+                return (0);
+
+        if (ctx->cipher->iv_len > cipher->c_ivmax)
+                return (0);
+
+        if (ctx->key_len != cipher->c_keylen)
+                return (0);
+
+        memset(sess, 0, sizeof(struct session_op));
+
+        if ((state->d_fd = get_dev_crypto()) < 0)
+                return (0);
+
+        sess->key = (unsigned char *)key;
+        sess->keylen = ctx->key_len;
+        sess->cipher = cipher->c_id;
+
+        if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
+                close(state->d_fd);
+                state->d_fd = -1;
+                return (0);
+        }
+        return (1);
+}
+
+/*
+ * free anything we allocated earlier when initting a
+ * session, and close the session.
+ */
+static int
+cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
+{
+        int ret = 0;
+        struct dev_crypto_state *state = ctx->cipher_data;
+        struct session_op *sess = &state->d_sess;
+
+        if (state->d_fd < 0)
+                return (0);
+
+        /* XXX if this ioctl fails, someting's wrong. the invoker
+         * may have called us with a bogus ctx, or we could
+         * have a device that for whatever reason just doesn't
+         * want to play ball - it's not clear what's right
+         * here - should this be an error? should it just
+         * increase a counter, hmm. For right now, we return
+         * 0 - I don't believe that to be "right". we could
+         * call the gorpy openssl lib error handlers that
+         * print messages to users of the library. hmm..
+         */
+
+        if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) {
+                ret = 0;
+        } else {
+                ret = 1;
+        }
+        close(state->d_fd);
+        state->d_fd = -1;
+
+        return (ret);
+}
+
+/*
+ * libcrypto EVP stuff - this is how we get wired to EVP so the engine
+ * gets called when libcrypto requests a cipher NID.
+ */
+
+/* DES CBC EVP */
+const EVP_CIPHER cryptodev_des_cbc = {
+        NID_des_cbc,
+        8, 8, 8,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
+
+/* 3DES CBC EVP */
+const EVP_CIPHER cryptodev_3des_cbc = {
+        NID_des_ede3_cbc,
+        8, 24, 8,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
+
+const EVP_CIPHER cryptodev_bf_cbc = {
+        NID_bf_cbc,
+        8, 16, 8,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
+
+const EVP_CIPHER cryptodev_cast_cbc = {
+        NID_cast5_cbc,
+        8, 16, 8,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
+
+EVP_CIPHER cryptodev_aes_128_cbc = {
+        NID_aes_128_cbc,
+        16, 16, 16,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
+
+EVP_CIPHER cryptodev_aes_192_cbc = {
+        NID_aes_192_cbc,
+        16, 24, 16,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
+
+EVP_CIPHER cryptodev_aes_256_cbc = {
+        NID_aes_256_cbc,
+        16, 32, 16,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
+
+#if defined(__i386__)
+
+static inline void
+viac3_xcrypt_cbc(int *cw, const void *src, void *dst, void *key, int rep,
+    void *iv)
+{
+#ifdef notdef
+        printf("cw %x[%x %x %x %x] src %x dst %x key %x rep %x iv %x\n",
+            cw, cw[0], cw[1], cw[2], cw[3],
+            src, dst, key, rep, iv);
+#endif
+        /*
+         * Clear bit 30 of EFLAGS.
+         */
+        __asm __volatile("pushfl; popfl");
+
+        /*
+         * Cannot simply place key into "b" register, since the compiler
+         * -pic mode uses that register; so instead we must dance a little.
+         */
+        __asm __volatile("pushl %%ebx; movl %0, %%ebx; rep xcrypt-cbc; popl %%ebx" :
+            : "mr" (key), "a" (iv), "c" (rep), "d" (cw), "S" (src), "D" (dst)
+            : "memory", "cc");
+}
+
+#define ISUNALIGNED(x)  ((long)(x)) & 15
+#define DOALIGN(v)      ((void *)(((long)(v) + 15) & ~15))
+
+static int
+xcrypt_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+    const unsigned char *in, unsigned int inl)
+{
+        unsigned char *save_iv_store[EVP_MAX_IV_LENGTH + 15];
+        unsigned char *save_iv = DOALIGN(save_iv_store);
+        unsigned char *ivs_store[EVP_MAX_IV_LENGTH + 15];
+        unsigned char *ivs = DOALIGN(ivs_store);
+        void *iiv, *iv = NULL, *ivp = NULL;
+        const void *usein = in;
+        void *useout = out, *spare;
+        int cws[4 + 3], *cw = DOALIGN(cws);
+
+        if (!inl)
+                return (1);
+        if ((inl % ctx->cipher->block_size) != 0)
+                return (0);
+
+        if (ISUNALIGNED(in) || ISUNALIGNED(out)) {
+                spare = malloc(inl);
+                if (spare == NULL)
+                        return (0);
+
+                if (ISUNALIGNED(in)) {
+                        bcopy(in, spare, inl);
+                        usein = spare;
+                }
+                if (ISUNALIGNED(out))
+                        useout = spare;
+        }
+
+        cw[0] = C3_CRYPT_CWLO_ALG_AES | C3_CRYPT_CWLO_KEYGEN_SW |
+            C3_CRYPT_CWLO_NORMAL;
+        cw[0] |= ctx->encrypt ? C3_CRYPT_CWLO_ENCRYPT : C3_CRYPT_CWLO_DECRYPT;
+        cw[1] = cw[2] = cw[3] = 0;
+
+        switch (ctx->key_len * 8) {
+        case 128:
+                cw[0] |= C3_CRYPT_CWLO_KEY128;
+                break;
+        case 192:
+                cw[0] |= C3_CRYPT_CWLO_KEY192;
+                break;
+        case 256:
+                cw[0] |= C3_CRYPT_CWLO_KEY256;
+                break;
+        }
+
+        if (ctx->cipher->iv_len) {
+                iv = (caddr_t) ctx->iv;
+                if (!ctx->encrypt) {
+                        iiv = (void *) in + inl - ctx->cipher->iv_len;
+                        memcpy(save_iv, iiv, ctx->cipher->iv_len);
+                }
+        }
+
+        ivp = iv;
+        if (ISUNALIGNED(iv)) {
+                bcopy(iv, ivs, ctx->cipher->iv_len);
+                ivp = ivs;
+        }
+
+        viac3_xcrypt_cbc(cw, usein, useout, ctx->cipher_data,  inl / 16, ivp);
+
+        if (ISUNALIGNED(out)) {
+                bcopy(spare, out, inl);
+                free(spare);
+        }
+
+        if (ivp == ivs)
+                bcopy(ivp, iv, ctx->cipher->iv_len);
+
+        if (ctx->cipher->iv_len) {
+                if (ctx->encrypt)
+                        iiv = (void *) out + inl - ctx->cipher->iv_len;
+                else
+                        iiv = save_iv;
+                memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
+        }
+        return (1);
+}
+
+static int
+xcrypt_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+    const unsigned char *iv, int enc)
+{
+        AES_KEY *k = ctx->cipher_data;
+#ifndef AES_ASM
+        int i;
+#endif
+
+        bzero(k, sizeof *k);
+        if (enc)
+                AES_set_encrypt_key(key, ctx->key_len * 8, k);
+        else
+                AES_set_decrypt_key(key, ctx->key_len * 8, k);
+
+#ifndef AES_ASM
+        /*
+         * XXX Damn OpenSSL byte swaps the expanded key!!
+         *
+         * XXX But only if we're using the C implementation of AES
+         */
+        for (i = 0; i < 4 * (AES_MAXNR + 1); i++)
+                k->rd_key[i] = htonl(k->rd_key[i]);
+#endif
+
+        return (1);
+}
+
+static int
+xcrypt_cleanup(EVP_CIPHER_CTX *ctx)
+{
+        bzero(ctx->cipher_data, ctx->cipher->ctx_size);
+        return (1);
+}
+
+static int
+check_viac3aes(void)
+{
+        int mib[2] = { CTL_MACHDEP, CPU_XCRYPT }, value;
+        size_t size = sizeof(value);
+
+        if (sysctl(mib, sizeof(mib)/sizeof(mib[0]), &value, &size,
+            NULL, 0) < 0)
+                return (0);
+        if (value == 0)
+                return (0);
+
+        if (value & C3_HAS_AES) {
+                cryptodev_aes_128_cbc.init = xcrypt_init_key;
+                cryptodev_aes_128_cbc.do_cipher = xcrypt_cipher;
+                cryptodev_aes_128_cbc.cleanup = xcrypt_cleanup;
+                cryptodev_aes_128_cbc.ctx_size = sizeof(AES_KEY);
+
+                cryptodev_aes_192_cbc.init = xcrypt_init_key;
+                cryptodev_aes_192_cbc.do_cipher = xcrypt_cipher;
+                cryptodev_aes_192_cbc.cleanup = xcrypt_cleanup;
+                cryptodev_aes_192_cbc.ctx_size = sizeof(AES_KEY);
+
+                cryptodev_aes_256_cbc.init = xcrypt_init_key;
+                cryptodev_aes_256_cbc.do_cipher = xcrypt_cipher;
+                cryptodev_aes_256_cbc.cleanup = xcrypt_cleanup;
+                cryptodev_aes_256_cbc.ctx_size = sizeof(AES_KEY);
+        }
+        return (value);
+}
+#endif /* __i386__ */
+
+/*
+ * Registered by the ENGINE when used to find out how to deal with
+ * a particular NID in the ENGINE. this says what we'll do at the
+ * top level - note, that list is restricted by what we answer with
+ */
+static int
+cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+    const int **nids, int nid)
+{
+        if (!cipher)
+                return (cryptodev_usable_ciphers(nids));
+
+        switch (nid) {
+        case NID_des_ede3_cbc:
+                *cipher = &cryptodev_3des_cbc;
+                break;
+        case NID_des_cbc:
+                *cipher = &cryptodev_des_cbc;
+                break;
+        case NID_bf_cbc:
+                *cipher = &cryptodev_bf_cbc;
+                break;
+        case NID_cast5_cbc:
+                *cipher = &cryptodev_cast_cbc;
+                break;
+        case NID_aes_128_cbc:
+                *cipher = &cryptodev_aes_128_cbc;
+                break;
+        case NID_aes_192_cbc:
+                *cipher = &cryptodev_aes_192_cbc;
+                break;
+        case NID_aes_256_cbc:
+                *cipher = &cryptodev_aes_256_cbc;
+                break;
+        default:
+                *cipher = NULL;
+                break;
+        }
+        return (*cipher != NULL);
+}
+
+static int
+cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
+    const int **nids, int nid)
+{
+        if (!digest)
+                return (cryptodev_usable_digests(nids));
+
+        switch (nid) {
+        case NID_md5:
+                *digest = NULL; /* need to make a clean md5 critter */
+                break;
+        default:
+                *digest = NULL;
+                break;
+        }
+        return (*digest != NULL);
+}
+
+/*
+ * Convert a BIGNUM to the representation that /dev/crypto needs.
+ * Upon completion of use, the caller is responsible for freeing
+ * crp->crp_p.
+ */
+static int
+bn2crparam(const BIGNUM *a, struct crparam *crp)
+{
+        int i, j, k;
+        ssize_t bytes, bits;
+        u_char *b;
+
+        crp->crp_p = NULL;
+        crp->crp_nbits = 0;
+
+        bits = BN_num_bits(a);
+        bytes = (bits + 7) / 8;
+
+        b = malloc(bytes);
+        if (b == NULL)
+                return (1);
+
+        crp->crp_p = b;
+        crp->crp_nbits = bits;
+
+        for (i = 0, j = 0; i < a->top; i++) {
+                for (k = 0; k < BN_BITS2 / 8; k++) {
+                        if ((j + k) >= bytes)
+                                return (0);
+                        b[j + k] = a->d[i] >> (k * 8);
+                }
+                j += BN_BITS2 / 8;
+        }
+        return (0);
+}
+
+/* Convert a /dev/crypto parameter to a BIGNUM */
+static int
+crparam2bn(struct crparam *crp, BIGNUM *a)
+{
+        u_int8_t *pd;
+        int i, bytes;
+
+        bytes = (crp->crp_nbits + 7) / 8;
+
+        if (bytes == 0)
+                return (-1);
+
+        if ((pd = (u_int8_t *) malloc(bytes)) == NULL)
+                return (-1);
+
+        for (i = 0; i < bytes; i++)
+                pd[i] = crp->crp_p[bytes - i - 1];
+
+        BN_bin2bn(pd, bytes, a);
+        free(pd);
+
+        return (0);
+}
+
+static void
+zapparams(struct crypt_kop *kop)
+{
+        int i;
+
+        for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) {
+                if (kop->crk_param[i].crp_p)
+                        free(kop->crk_param[i].crp_p);
+                kop->crk_param[i].crp_p = NULL;
+                kop->crk_param[i].crp_nbits = 0;
+        }
+}
+
+static int
+cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
+{
+        int fd, ret = -1;
+
+        if ((fd = get_asym_dev_crypto()) < 0)
+                return (ret);
+
+        if (r) {
+                kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
+                kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
+                kop->crk_oparams++;
+        }
+        if (s) {
+                kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char));
+                kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8;
+                kop->crk_oparams++;
+        }
+
+        if (ioctl(fd, CIOCKEY, kop) == 0) {
+                if (r)
+                        crparam2bn(&kop->crk_param[kop->crk_iparams], r);
+                if (s)
+                        crparam2bn(&kop->crk_param[kop->crk_iparams+1], s);
+                ret = 0;
+        }
+
+        return (ret);
+}
+
+static int
+cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
+        struct crypt_kop kop;
+        int ret = 1;
+
+        /* Currently, we know we can do mod exp iff we can do any
+         * asymmetric operations at all.
+         */
+        if (cryptodev_asymfeat == 0) {
+                ret = BN_mod_exp(r, a, p, m, ctx);
+                return (ret);
+        }
+
+        memset(&kop, 0, sizeof kop);
+        kop.crk_op = CRK_MOD_EXP;
+
+        /* inputs: a^p % m */
+        if (bn2crparam(a, &kop.crk_param[0]))
+                goto err;
+        if (bn2crparam(p, &kop.crk_param[1]))
+                goto err;
+        if (bn2crparam(m, &kop.crk_param[2]))
+                goto err;
+        kop.crk_iparams = 3;
+
+        if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL) == -1) {
+                const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+                ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
+        }
+err:
+        zapparams(&kop);
+        return (ret);
+}
+
+static int
+cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+{
+        int r;
+        BN_CTX *ctx;
+
+        ctx = BN_CTX_new();
+        r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
+        BN_CTX_free(ctx);
+        return (r);
+}
+
+static int
+cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+{
+        struct crypt_kop kop;
+        int ret = 1;
+
+        if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
+                /* XXX 0 means failure?? */
+                return (0);
+        }
+
+        memset(&kop, 0, sizeof kop);
+        kop.crk_op = CRK_MOD_EXP_CRT;
+        /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
+        if (bn2crparam(rsa->p, &kop.crk_param[0]))
+                goto err;
+        if (bn2crparam(rsa->q, &kop.crk_param[1]))
+                goto err;
+        if (bn2crparam(I, &kop.crk_param[2]))
+                goto err;
+        if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
+                goto err;
+        if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
+                goto err;
+        if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
+                goto err;
+        kop.crk_iparams = 6;
+
+        if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL) == -1) {
+                const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+                ret = (*meth->rsa_mod_exp)(r0, I, rsa);
+        }
+err:
+        zapparams(&kop);
+        return (ret);
+}
+
+static RSA_METHOD cryptodev_rsa = {
+        "cryptodev RSA method",
+        NULL,                           /* rsa_pub_enc */
+        NULL,                           /* rsa_pub_dec */
+        NULL,                           /* rsa_priv_enc */
+        NULL,                           /* rsa_priv_dec */
+        NULL,
+        NULL,
+        NULL,                           /* init */
+        NULL,                           /* finish */
+        0,                              /* flags */
+        NULL,                           /* app_data */
+        NULL,                           /* rsa_sign */
+        NULL                            /* rsa_verify */
+};
+
+static int
+cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+        return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
+}
+
+static int
+cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
+    BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
+    BN_CTX *ctx, BN_MONT_CTX *mont)
+{
+        BIGNUM t2;
+        int ret = 0;
+
+        BN_init(&t2);
+
+        /* v = ( g^u1 * y^u2 mod p ) mod q */
+        /* let t1 = g ^ u1 mod p */
+        ret = 0;
+
+        if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont))
+                goto err;
+
+        /* let t2 = y ^ u2 mod p */
+        if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont))
+                goto err;
+        /* let u1 = t1 * t2 mod p */
+        if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx))
+                goto err;
+
+        BN_copy(t1,u1);
+
+        ret = 1;
+err:
+        BN_free(&t2);
+        return(ret);
+}
+
+static DSA_SIG *
+cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+{
+        struct crypt_kop kop;
+        BIGNUM *r = NULL, *s = NULL;
+        DSA_SIG *dsaret = NULL;
+
+        if ((r = BN_new()) == NULL)
+                goto err;
+        if ((s = BN_new()) == NULL) {
+                BN_free(r);
+                goto err;
+        }
+
+        memset(&kop, 0, sizeof kop);
+        kop.crk_op = CRK_DSA_SIGN;
+
+        /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
+        kop.crk_param[0].crp_p = (caddr_t)dgst;
+        kop.crk_param[0].crp_nbits = dlen * 8;
+        if (bn2crparam(dsa->p, &kop.crk_param[1]))
+                goto err;
+        if (bn2crparam(dsa->q, &kop.crk_param[2]))
+                goto err;
+        if (bn2crparam(dsa->g, &kop.crk_param[3]))
+                goto err;
+        if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
+                goto err;
+        kop.crk_iparams = 5;
+
+        if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
+            BN_num_bytes(dsa->q), s) == 0) {
+                dsaret = DSA_SIG_new();
+                dsaret->r = r;
+                dsaret->s = s;
+        } else {
+                const DSA_METHOD *meth = DSA_OpenSSL();
+                BN_free(r);
+                BN_free(s);
+                dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa);
+        }
+err:
+        kop.crk_param[0].crp_p = NULL;
+        zapparams(&kop);
+        return (dsaret);
+}
+
+static int
+cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
+    DSA_SIG *sig, DSA *dsa)
+{
+        struct crypt_kop kop;
+        int dsaret = 1;
+
+        memset(&kop, 0, sizeof kop);
+        kop.crk_op = CRK_DSA_VERIFY;
+
+        /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
+        kop.crk_param[0].crp_p = (caddr_t)dgst;
+        kop.crk_param[0].crp_nbits = dlen * 8;
+        if (bn2crparam(dsa->p, &kop.crk_param[1]))
+                goto err;
+        if (bn2crparam(dsa->q, &kop.crk_param[2]))
+                goto err;
+        if (bn2crparam(dsa->g, &kop.crk_param[3]))
+                goto err;
+        if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
+                goto err;
+        if (bn2crparam(sig->r, &kop.crk_param[5]))
+                goto err;
+        if (bn2crparam(sig->s, &kop.crk_param[6]))
+                goto err;
+        kop.crk_iparams = 7;
+
+        if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
+                dsaret = kop.crk_status;
+        } else {
+                const DSA_METHOD *meth = DSA_OpenSSL();
+
+                dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa);
+        }
+err:
+        kop.crk_param[0].crp_p = NULL;
+        zapparams(&kop);
+        return (dsaret);
+}
+
+static DSA_METHOD cryptodev_dsa = {
+        "cryptodev DSA method",
+        NULL,
+        NULL,                           /* dsa_sign_setup */
+        NULL,
+        NULL,                           /* dsa_mod_exp */
+        NULL,
+        NULL,                           /* init */
+        NULL,                           /* finish */
+        0,      /* flags */
+        NULL    /* app_data */
+};
+
+static int
+cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+    BN_MONT_CTX *m_ctx)
+{
+        return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
+}
+
+static int
+cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+{
+        struct crypt_kop kop;
+        int dhret = 1;
+        int fd, keylen;
+
+        if ((fd = get_asym_dev_crypto()) < 0) {
+                const DH_METHOD *meth = DH_OpenSSL();
+
+                return ((meth->compute_key)(key, pub_key, dh));
+        }
+
+        keylen = BN_num_bits(dh->p);
+
+        memset(&kop, 0, sizeof kop);
+        kop.crk_op = CRK_DH_COMPUTE_KEY;
+
+        /* inputs: dh->priv_key pub_key dh->p key */
+        if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
+                goto err;
+        if (bn2crparam(pub_key, &kop.crk_param[1]))
+                goto err;
+        if (bn2crparam(dh->p, &kop.crk_param[2]))
+                goto err;
+        kop.crk_iparams = 3;
+
+        kop.crk_param[3].crp_p = key;
+        kop.crk_param[3].crp_nbits = keylen * 8;
+        kop.crk_oparams = 1;
+
+        if (ioctl(fd, CIOCKEY, &kop) == -1) {
+                const DH_METHOD *meth = DH_OpenSSL();
+
+                dhret = (meth->compute_key)(key, pub_key, dh);
+        }
+err:
+        kop.crk_param[3].crp_p = NULL;
+        zapparams(&kop);
+        return (dhret);
+}
+
+static DH_METHOD cryptodev_dh = {
+        "cryptodev DH method",
+        NULL,                           /* cryptodev_dh_generate_key */
+        NULL,
+        NULL,
+        NULL,
+        NULL,
+        0,      /* flags */
+        NULL    /* app_data */
+};
+
+/*
+ * ctrl right now is just a wrapper that doesn't do much
+ * but I expect we'll want some options soon.
+ */
+static int
+cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+{
+#ifdef HAVE_SYSLOG_R
+        struct syslog_data sd = SYSLOG_DATA_INIT;
+#endif
+
+        switch (cmd) {
+        default:
+#ifdef HAVE_SYSLOG_R
+                syslog_r(LOG_ERR, &sd,
+                    "cryptodev_ctrl: unknown command %d", cmd);
+#else
+                syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd);
+#endif
+                break;
+        }
+        return (1);
+}
+
+void
+ENGINE_load_cryptodev(void)
+{
+        ENGINE *engine = ENGINE_new();
+        int fd;
+
+        if (engine == NULL)
+                return;
+        if ((fd = get_dev_crypto()) < 0) {
+                ENGINE_free(engine);
+                return;
+        }
+
+        /*
+         * find out what asymmetric crypto algorithms we support
+         */
+        if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
+                close(fd);
+                ENGINE_free(engine);
+                return;
+        }
+        close(fd);
+
+        if (!ENGINE_set_id(engine, "cryptodev") ||
+            !ENGINE_set_name(engine, "BSD cryptodev engine") ||
+            !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
+            !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
+            !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
+            !ENGINE_set_cmd_defns(engine, cryptodev_defns)) {
+                ENGINE_free(engine);
+                return;
+        }
+
+        if (ENGINE_set_RSA(engine, &cryptodev_rsa)) {
+                const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay();
+
+                cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp;
+                cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp;
+                cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc;
+                cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec;
+                cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc;
+                cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
+                if (cryptodev_asymfeat & CRF_MOD_EXP) {
+                        cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
+                        if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
+                                cryptodev_rsa.rsa_mod_exp =
+                                    cryptodev_rsa_mod_exp;
+                        else
+                                cryptodev_rsa.rsa_mod_exp =
+                                    cryptodev_rsa_nocrt_mod_exp;
+                }
+        }
+
+        if (ENGINE_set_DSA(engine, &cryptodev_dsa)) {
+                const DSA_METHOD *meth = DSA_OpenSSL();
+
+                memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
+                if (cryptodev_asymfeat & CRF_DSA_SIGN)
+                        cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
+                if (cryptodev_asymfeat & CRF_MOD_EXP) {
+                        cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
+                        cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
+                }
+                if (cryptodev_asymfeat & CRF_DSA_VERIFY)
+                        cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
+        }
+
+        if (ENGINE_set_DH(engine, &cryptodev_dh)){
+                const DH_METHOD *dh_meth = DH_OpenSSL();
+
+                cryptodev_dh.generate_key = dh_meth->generate_key;
+                cryptodev_dh.compute_key = dh_meth->compute_key;
+                cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
+                if (cryptodev_asymfeat & CRF_MOD_EXP) {
+                        cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
+                        if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
+                                cryptodev_dh.compute_key =
+                                    cryptodev_dh_compute_key;
+                }
+        }
+
+        ENGINE_add(engine);
+        ENGINE_free(engine);
+        ERR_clear_error();
+}
+
+#endif /* HAVE_CRYPTODEV */
diff --git a/src/lib/libcrypto/engine/hw_cswift.c b/src/lib/libcrypto/engine/hw_cswift.c
new file mode 100644
index 0000000000..f128ee5a68
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_cswift.c
@@ -0,0 +1,997 @@
+/* crypto/engine/hw_cswift.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+#include <openssl/engine.h>
+
+#ifndef OPENSSL_NO_HW
+#ifndef OPENSSL_NO_HW_CSWIFT
+
+/* Attribution notice: Rainbow have generously allowed me to reproduce
+ * the necessary definitions here from their API. This means the support
+ * can build independently of whether application builders have the
+ * API or hardware. This will allow developers to easily produce software
+ * that has latent hardware support for any users that have accelerators
+ * installed, without the developers themselves needing anything extra.
+ *
+ * I have only clipped the parts from the CryptoSwift header files that
+ * are (or seem) relevant to the CryptoSwift support code. This is
+ * simply to keep the file sizes reasonable.
+ * [Geoff]
+ */
+#ifdef FLAT_INC
+#include "cswift.h"
+#else
+#include "vendor_defns/cswift.h"
+#endif
+
+#define CSWIFT_LIB_NAME "cswift engine"
+#include "hw_cswift_err.c"
+
+static int cswift_destroy(ENGINE *e);
+static int cswift_init(ENGINE *e);
+static int cswift_finish(ENGINE *e);
+static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+
+/* BIGNUM stuff */
+static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx);
+static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
+                const BIGNUM *iqmp, BN_CTX *ctx);
+
+#ifndef OPENSSL_NO_RSA
+/* RSA stuff */
+static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
+#endif
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+
+#ifndef OPENSSL_NO_DSA
+/* DSA stuff */
+static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
+                                DSA_SIG *sig, DSA *dsa);
+#endif
+
+#ifndef OPENSSL_NO_DH
+/* DH stuff */
+/* This function is alised to mod_exp (with the DH and mont dropped). */
+static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r,
+                const BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+#endif
+
+/* RAND stuff */
+static int cswift_rand_bytes(unsigned char *buf, int num);
+static int cswift_rand_status(void);
+
+/* The definitions for control commands specific to this engine */
+#define CSWIFT_CMD_SO_PATH              ENGINE_CMD_BASE
+static const ENGINE_CMD_DEFN cswift_cmd_defns[] = {
+        {CSWIFT_CMD_SO_PATH,
+                "SO_PATH",
+                "Specifies the path to the 'cswift' shared library",
+                ENGINE_CMD_FLAG_STRING},
+        {0, NULL, NULL, 0}
+        };
+
+#ifndef OPENSSL_NO_RSA
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD cswift_rsa =
+        {
+        "CryptoSwift RSA method",
+        NULL,
+        NULL,
+        NULL,
+        NULL,
+        cswift_rsa_mod_exp,
+        cswift_mod_exp_mont,
+        NULL,
+        NULL,
+        0,
+        NULL,
+        NULL,
+        NULL
+        };
+#endif
+
+#ifndef OPENSSL_NO_DSA
+/* Our internal DSA_METHOD that we provide pointers to */
+static DSA_METHOD cswift_dsa =
+        {
+        "CryptoSwift DSA method",
+        cswift_dsa_sign,
+        NULL, /* dsa_sign_setup */
+        cswift_dsa_verify,
+        NULL, /* dsa_mod_exp */
+        NULL, /* bn_mod_exp */
+        NULL, /* init */
+        NULL, /* finish */
+        0, /* flags */
+        NULL /* app_data */
+        };
+#endif
+
+#ifndef OPENSSL_NO_DH
+/* Our internal DH_METHOD that we provide pointers to */
+static DH_METHOD cswift_dh =
+        {
+        "CryptoSwift DH method",
+        NULL,
+        NULL,
+        cswift_mod_exp_dh,
+        NULL,
+        NULL,
+        0,
+        NULL
+        };
+#endif
+
+static RAND_METHOD cswift_random =
+    {
+    /* "CryptoSwift RAND method", */
+    NULL,
+    cswift_rand_bytes,
+    NULL,
+    NULL,
+    cswift_rand_bytes,
+    cswift_rand_status,
+    };
+
+
+/* Constants used when creating the ENGINE */
+static const char *engine_cswift_id = "cswift";
+static const char *engine_cswift_name = "CryptoSwift hardware engine support";
+
+/* This internal function is used by ENGINE_cswift() and possibly by the
+ * "dynamic" ENGINE support too */
+static int bind_helper(ENGINE *e)
+        {
+#ifndef OPENSSL_NO_RSA
+        const RSA_METHOD *meth1;
+#endif
+#ifndef OPENSSL_NO_DH
+        const DH_METHOD *meth2;
+#endif
+        if(!ENGINE_set_id(e, engine_cswift_id) ||
+                        !ENGINE_set_name(e, engine_cswift_name) ||
+#ifndef OPENSSL_NO_RSA
+                        !ENGINE_set_RSA(e, &cswift_rsa) ||
+#endif
+#ifndef OPENSSL_NO_DSA
+                        !ENGINE_set_DSA(e, &cswift_dsa) ||
+#endif
+#ifndef OPENSSL_NO_DH
+                        !ENGINE_set_DH(e, &cswift_dh) ||
+#endif
+                        !ENGINE_set_RAND(e, &cswift_random) ||
+                        !ENGINE_set_destroy_function(e, cswift_destroy) ||
+                        !ENGINE_set_init_function(e, cswift_init) ||
+                        !ENGINE_set_finish_function(e, cswift_finish) ||
+                        !ENGINE_set_ctrl_function(e, cswift_ctrl) ||
+                        !ENGINE_set_cmd_defns(e, cswift_cmd_defns))
+                return 0;
+
+#ifndef OPENSSL_NO_RSA
+        /* We know that the "PKCS1_SSLeay()" functions hook properly
+         * to the cswift-specific mod_exp and mod_exp_crt so we use
+         * those functions. NB: We don't use ENGINE_openssl() or
+         * anything "more generic" because something like the RSAref
+         * code may not hook properly, and if you own one of these
+         * cards then you have the right to do RSA operations on it
+         * anyway! */ 
+        meth1 = RSA_PKCS1_SSLeay();
+        cswift_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+        cswift_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+        cswift_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+        cswift_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+#endif
+
+#ifndef OPENSSL_NO_DH
+        /* Much the same for Diffie-Hellman */
+        meth2 = DH_OpenSSL();
+        cswift_dh.generate_key = meth2->generate_key;
+        cswift_dh.compute_key = meth2->compute_key;
+#endif
+
+        /* Ensure the cswift error handling is set up */
+        ERR_load_CSWIFT_strings();
+        return 1;
+        }
+
+#ifndef ENGINE_DYNAMIC_SUPPORT
+static ENGINE *engine_cswift(void)
+        {
+        ENGINE *ret = ENGINE_new();
+        if(!ret)
+                return NULL;
+        if(!bind_helper(ret))
+                {
+                ENGINE_free(ret);
+                return NULL;
+                }
+        return ret;
+        }
+
+void ENGINE_load_cswift(void)
+        {
+        /* Copied from eng_[openssl|dyn].c */
+        ENGINE *toadd = engine_cswift();
+        if(!toadd) return;
+        ENGINE_add(toadd);
+        ENGINE_free(toadd);
+        ERR_clear_error();
+        }
+#endif
+
+/* This is a process-global DSO handle used for loading and unloading
+ * the CryptoSwift library. NB: This is only set (or unset) during an
+ * init() or finish() call (reference counts permitting) and they're
+ * operating with global locks, so this should be thread-safe
+ * implicitly. */
+static DSO *cswift_dso = NULL;
+
+/* These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded. */
+t_swAcquireAccContext *p_CSwift_AcquireAccContext = NULL;
+t_swAttachKeyParam *p_CSwift_AttachKeyParam = NULL;
+t_swSimpleRequest *p_CSwift_SimpleRequest = NULL;
+t_swReleaseAccContext *p_CSwift_ReleaseAccContext = NULL;
+
+/* Used in the DSO operations. */
+static const char *CSWIFT_LIBNAME = NULL;
+static const char *get_CSWIFT_LIBNAME(void)
+        {
+        if(CSWIFT_LIBNAME)
+                return CSWIFT_LIBNAME;
+        return "swift";
+        }
+static void free_CSWIFT_LIBNAME(void)
+        {
+        if(CSWIFT_LIBNAME)
+                OPENSSL_free((void*)CSWIFT_LIBNAME);
+        CSWIFT_LIBNAME = NULL;
+        }
+static long set_CSWIFT_LIBNAME(const char *name)
+        {
+        free_CSWIFT_LIBNAME();
+        return (((CSWIFT_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
+        }
+static const char *CSWIFT_F1 = "swAcquireAccContext";
+static const char *CSWIFT_F2 = "swAttachKeyParam";
+static const char *CSWIFT_F3 = "swSimpleRequest";
+static const char *CSWIFT_F4 = "swReleaseAccContext";
+
+
+/* CryptoSwift library functions and mechanics - these are used by the
+ * higher-level functions further down. NB: As and where there's no
+ * error checking, take a look lower down where these functions are
+ * called, the checking and error handling is probably down there. */
+
+/* utility function to obtain a context */
+static int get_context(SW_CONTEXT_HANDLE *hac)
+        {
+        SW_STATUS status;
+ 
+        status = p_CSwift_AcquireAccContext(hac);
+        if(status != SW_OK)
+                return 0;
+        return 1;
+        }
+ 
+/* similarly to release one. */
+static void release_context(SW_CONTEXT_HANDLE hac)
+        {
+        p_CSwift_ReleaseAccContext(hac);
+        }
+
+/* Destructor (complements the "ENGINE_cswift()" constructor) */
+static int cswift_destroy(ENGINE *e)
+        {
+        free_CSWIFT_LIBNAME();
+        ERR_unload_CSWIFT_strings();
+        return 1;
+        }
+
+/* (de)initialisation functions. */
+static int cswift_init(ENGINE *e)
+        {
+        SW_CONTEXT_HANDLE hac;
+        t_swAcquireAccContext *p1;
+        t_swAttachKeyParam *p2;
+        t_swSimpleRequest *p3;
+        t_swReleaseAccContext *p4;
+
+        if(cswift_dso != NULL)
+                {
+                CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_ALREADY_LOADED);
+                goto err;
+                }
+        /* Attempt to load libswift.so/swift.dll/whatever. */
+        cswift_dso = DSO_load(NULL, get_CSWIFT_LIBNAME(), NULL, 0);
+        if(cswift_dso == NULL)
+                {
+                CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_NOT_LOADED);
+                goto err;
+                }
+        if(!(p1 = (t_swAcquireAccContext *)
+                                DSO_bind_func(cswift_dso, CSWIFT_F1)) ||
+                        !(p2 = (t_swAttachKeyParam *)
+                                DSO_bind_func(cswift_dso, CSWIFT_F2)) ||
+                        !(p3 = (t_swSimpleRequest *)
+                                DSO_bind_func(cswift_dso, CSWIFT_F3)) ||
+                        !(p4 = (t_swReleaseAccContext *)
+                                DSO_bind_func(cswift_dso, CSWIFT_F4)))
+                {
+                CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_NOT_LOADED);
+                goto err;
+                }
+        /* Copy the pointers */
+        p_CSwift_AcquireAccContext = p1;
+        p_CSwift_AttachKeyParam = p2;
+        p_CSwift_SimpleRequest = p3;
+        p_CSwift_ReleaseAccContext = p4;
+        /* Try and get a context - if not, we may have a DSO but no
+         * accelerator! */
+        if(!get_context(&hac))
+                {
+                CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_UNIT_FAILURE);
+                goto err;
+                }
+        release_context(hac);
+        /* Everything's fine. */
+        return 1;
+err:
+        if(cswift_dso)
+                DSO_free(cswift_dso);
+        p_CSwift_AcquireAccContext = NULL;
+        p_CSwift_AttachKeyParam = NULL;
+        p_CSwift_SimpleRequest = NULL;
+        p_CSwift_ReleaseAccContext = NULL;
+        return 0;
+        }
+
+static int cswift_finish(ENGINE *e)
+        {
+        free_CSWIFT_LIBNAME();
+        if(cswift_dso == NULL)
+                {
+                CSWIFTerr(CSWIFT_F_CSWIFT_FINISH,CSWIFT_R_NOT_LOADED);
+                return 0;
+                }
+        if(!DSO_free(cswift_dso))
+                {
+                CSWIFTerr(CSWIFT_F_CSWIFT_FINISH,CSWIFT_R_UNIT_FAILURE);
+                return 0;
+                }
+        cswift_dso = NULL;
+        p_CSwift_AcquireAccContext = NULL;
+        p_CSwift_AttachKeyParam = NULL;
+        p_CSwift_SimpleRequest = NULL;
+        p_CSwift_ReleaseAccContext = NULL;
+        return 1;
+        }
+
+static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+        {
+        int initialised = ((cswift_dso == NULL) ? 0 : 1);
+        switch(cmd)
+                {
+        case CSWIFT_CMD_SO_PATH:
+                if(p == NULL)
+                        {
+                        CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+                        return 0;
+                        }
+                if(initialised)
+                        {
+                        CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,CSWIFT_R_ALREADY_LOADED);
+                        return 0;
+                        }
+                return set_CSWIFT_LIBNAME((const char *)p);
+        default:
+                break;
+                }
+        CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+        return 0;
+        }
+
+/* Un petit mod_exp */
+static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                        const BIGNUM *m, BN_CTX *ctx)
+        {
+        /* I need somewhere to store temporary serialised values for
+         * use with the CryptoSwift API calls. A neat cheat - I'll use
+         * BIGNUMs from the BN_CTX but access their arrays directly as
+         * byte arrays <grin>. This way I don't have to clean anything
+         * up. */
+        BIGNUM *modulus;
+        BIGNUM *exponent;
+        BIGNUM *argument;
+        BIGNUM *result;
+        SW_STATUS sw_status;
+        SW_LARGENUMBER arg, res;
+        SW_PARAM sw_param;
+        SW_CONTEXT_HANDLE hac;
+        int to_return, acquired;
+ 
+        modulus = exponent = argument = result = NULL;
+        to_return = 0; /* expect failure */
+        acquired = 0;
+ 
+        if(!get_context(&hac))
+                {
+                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_UNIT_FAILURE);
+                goto err;
+                }
+        acquired = 1;
+        /* Prepare the params */
+        BN_CTX_start(ctx);
+        modulus = BN_CTX_get(ctx);
+        exponent = BN_CTX_get(ctx);
+        argument = BN_CTX_get(ctx);
+        result = BN_CTX_get(ctx);
+        if(!result)
+                {
+                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BN_CTX_FULL);
+                goto err;
+                }
+        if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, p->top) ||
+                !bn_wexpand(argument, a->top) || !bn_wexpand(result, m->top))
+                {
+                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BN_EXPAND_FAIL);
+                goto err;
+                }
+        sw_param.type = SW_ALG_EXP;
+        sw_param.up.exp.modulus.nbytes = BN_bn2bin(m,
+                (unsigned char *)modulus->d);
+        sw_param.up.exp.modulus.value = (unsigned char *)modulus->d;
+        sw_param.up.exp.exponent.nbytes = BN_bn2bin(p,
+                (unsigned char *)exponent->d);
+        sw_param.up.exp.exponent.value = (unsigned char *)exponent->d;
+        /* Attach the key params */
+        sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
+        switch(sw_status)
+                {
+        case SW_OK:
+                break;
+        case SW_ERR_INPUT_SIZE:
+                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BAD_KEY_SIZE);
+                goto err;
+        default:
+                {
+                char tmpbuf[DECIMAL_SIZE(sw_status)+1];
+                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);
+                sprintf(tmpbuf, "%ld", sw_status);
+                ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+                }
+                goto err;
+                }
+        /* Prepare the argument and response */
+        arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);
+        arg.value = (unsigned char *)argument->d;
+        res.nbytes = BN_num_bytes(m);
+        memset(result->d, 0, res.nbytes);
+        res.value = (unsigned char *)result->d;
+        /* Perform the operation */
+        if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP, &arg, 1,
+                &res, 1)) != SW_OK)
+                {
+                char tmpbuf[DECIMAL_SIZE(sw_status)+1];
+                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);
+                sprintf(tmpbuf, "%ld", sw_status);
+                ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+                goto err;
+                }
+        /* Convert the response */
+        BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
+        to_return = 1;
+err:
+        if(acquired)
+                release_context(hac);
+        BN_CTX_end(ctx);
+        return to_return;
+        }
+
+/* Un petit mod_exp chinois */
+static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                        const BIGNUM *q, const BIGNUM *dmp1,
+                        const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx)
+        {
+        SW_STATUS sw_status;
+        SW_LARGENUMBER arg, res;
+        SW_PARAM sw_param;
+        SW_CONTEXT_HANDLE hac;
+        BIGNUM *rsa_p = NULL;
+        BIGNUM *rsa_q = NULL;
+        BIGNUM *rsa_dmp1 = NULL;
+        BIGNUM *rsa_dmq1 = NULL;
+        BIGNUM *rsa_iqmp = NULL;
+        BIGNUM *argument = NULL;
+        BIGNUM *result = NULL;
+        int to_return = 0; /* expect failure */
+        int acquired = 0;
+ 
+        if(!get_context(&hac))
+                {
+                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_UNIT_FAILURE);
+                goto err;
+                }
+        acquired = 1;
+        /* Prepare the params */
+        BN_CTX_start(ctx);
+        rsa_p = BN_CTX_get(ctx);
+        rsa_q = BN_CTX_get(ctx);
+        rsa_dmp1 = BN_CTX_get(ctx);
+        rsa_dmq1 = BN_CTX_get(ctx);
+        rsa_iqmp = BN_CTX_get(ctx);
+        argument = BN_CTX_get(ctx);
+        result = BN_CTX_get(ctx);
+        if(!result)
+                {
+                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_CTX_FULL);
+                goto err;
+                }
+        if(!bn_wexpand(rsa_p, p->top) || !bn_wexpand(rsa_q, q->top) ||
+                        !bn_wexpand(rsa_dmp1, dmp1->top) ||
+                        !bn_wexpand(rsa_dmq1, dmq1->top) ||
+                        !bn_wexpand(rsa_iqmp, iqmp->top) ||
+                        !bn_wexpand(argument, a->top) ||
+                        !bn_wexpand(result, p->top + q->top))
+                {
+                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+                goto err;
+                }
+        sw_param.type = SW_ALG_CRT;
+        sw_param.up.crt.p.nbytes = BN_bn2bin(p, (unsigned char *)rsa_p->d);
+        sw_param.up.crt.p.value = (unsigned char *)rsa_p->d;
+        sw_param.up.crt.q.nbytes = BN_bn2bin(q, (unsigned char *)rsa_q->d);
+        sw_param.up.crt.q.value = (unsigned char *)rsa_q->d;
+        sw_param.up.crt.dmp1.nbytes = BN_bn2bin(dmp1,
+                (unsigned char *)rsa_dmp1->d);
+        sw_param.up.crt.dmp1.value = (unsigned char *)rsa_dmp1->d;
+        sw_param.up.crt.dmq1.nbytes = BN_bn2bin(dmq1,
+                (unsigned char *)rsa_dmq1->d);
+        sw_param.up.crt.dmq1.value = (unsigned char *)rsa_dmq1->d;
+        sw_param.up.crt.iqmp.nbytes = BN_bn2bin(iqmp,
+                (unsigned char *)rsa_iqmp->d);
+        sw_param.up.crt.iqmp.value = (unsigned char *)rsa_iqmp->d;
+        /* Attach the key params */
+        sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
+        switch(sw_status)
+                {
+        case SW_OK:
+                break;
+        case SW_ERR_INPUT_SIZE:
+                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BAD_KEY_SIZE);
+                goto err;
+        default:
+                {
+                char tmpbuf[DECIMAL_SIZE(sw_status)+1];
+                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);
+                sprintf(tmpbuf, "%ld", sw_status);
+                ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+                }
+                goto err;
+                }
+        /* Prepare the argument and response */
+        arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);
+        arg.value = (unsigned char *)argument->d;
+        res.nbytes = 2 * BN_num_bytes(p);
+        memset(result->d, 0, res.nbytes);
+        res.value = (unsigned char *)result->d;
+        /* Perform the operation */
+        if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP_CRT, &arg, 1,
+                &res, 1)) != SW_OK)
+                {
+                char tmpbuf[DECIMAL_SIZE(sw_status)+1];
+                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);
+                sprintf(tmpbuf, "%ld", sw_status);
+                ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+                goto err;
+                }
+        /* Convert the response */
+        BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
+        to_return = 1;
+err:
+        if(acquired)
+                release_context(hac);
+        BN_CTX_end(ctx);
+        return to_return;
+        }
+ 
+#ifndef OPENSSL_NO_RSA
+static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+        {
+        BN_CTX *ctx;
+        int to_return = 0;
+
+        if((ctx = BN_CTX_new()) == NULL)
+                goto err;
+        if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
+                {
+                CSWIFTerr(CSWIFT_F_CSWIFT_RSA_MOD_EXP,CSWIFT_R_MISSING_KEY_COMPONENTS);
+                goto err;
+                }
+        to_return = cswift_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
+                rsa->dmq1, rsa->iqmp, ctx);
+err:
+        if(ctx)
+                BN_CTX_free(ctx);
+        return to_return;
+        }
+#endif
+
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+        {
+        return cswift_mod_exp(r, a, p, m, ctx);
+        }
+
+#ifndef OPENSSL_NO_DSA
+static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+        {
+        SW_CONTEXT_HANDLE hac;
+        SW_PARAM sw_param;
+        SW_STATUS sw_status;
+        SW_LARGENUMBER arg, res;
+        unsigned char *ptr;
+        BN_CTX *ctx;
+        BIGNUM *dsa_p = NULL;
+        BIGNUM *dsa_q = NULL;
+        BIGNUM *dsa_g = NULL;
+        BIGNUM *dsa_key = NULL;
+        BIGNUM *result = NULL;
+        DSA_SIG *to_return = NULL;
+        int acquired = 0;
+
+        if((ctx = BN_CTX_new()) == NULL)
+                goto err;
+        if(!get_context(&hac))
+                {
+                CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_UNIT_FAILURE);
+                goto err;
+                }
+        acquired = 1;
+        /* Prepare the params */
+        BN_CTX_start(ctx);
+        dsa_p = BN_CTX_get(ctx);
+        dsa_q = BN_CTX_get(ctx);
+        dsa_g = BN_CTX_get(ctx);
+        dsa_key = BN_CTX_get(ctx);
+        result = BN_CTX_get(ctx);
+        if(!result)
+                {
+                CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BN_CTX_FULL);
+                goto err;
+                }
+        if(!bn_wexpand(dsa_p, dsa->p->top) ||
+                        !bn_wexpand(dsa_q, dsa->q->top) ||
+                        !bn_wexpand(dsa_g, dsa->g->top) ||
+                        !bn_wexpand(dsa_key, dsa->priv_key->top) ||
+                        !bn_wexpand(result, dsa->p->top))
+                {
+                CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BN_EXPAND_FAIL);
+                goto err;
+                }
+        sw_param.type = SW_ALG_DSA;
+        sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p,
+                                (unsigned char *)dsa_p->d);
+        sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;
+        sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q,
+                                (unsigned char *)dsa_q->d);
+        sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;
+        sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g,
+                                (unsigned char *)dsa_g->d);
+        sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;
+        sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->priv_key,
+                                (unsigned char *)dsa_key->d);
+        sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;
+        /* Attach the key params */
+        sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
+        switch(sw_status)
+                {
+        case SW_OK:
+                break;
+        case SW_ERR_INPUT_SIZE:
+                CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BAD_KEY_SIZE);
+                goto err;
+        default:
+                {
+                char tmpbuf[DECIMAL_SIZE(sw_status)+1];
+                CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);
+                sprintf(tmpbuf, "%ld", sw_status);
+                ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+                }
+                goto err;
+                }
+        /* Prepare the argument and response */
+        arg.nbytes = dlen;
+        arg.value = (unsigned char *)dgst;
+        res.nbytes = BN_num_bytes(dsa->p);
+        memset(result->d, 0, res.nbytes);
+        res.value = (unsigned char *)result->d;
+        /* Perform the operation */
+        sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_SIGN, &arg, 1,
+                &res, 1);
+        if(sw_status != SW_OK)
+                {
+                char tmpbuf[DECIMAL_SIZE(sw_status)+1];
+                CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);
+                sprintf(tmpbuf, "%ld", sw_status);
+                ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+                goto err;
+                }
+        /* Convert the response */
+        ptr = (unsigned char *)result->d;
+        if((to_return = DSA_SIG_new()) == NULL)
+                goto err;
+        to_return->r = BN_bin2bn((unsigned char *)result->d, 20, NULL);
+        to_return->s = BN_bin2bn((unsigned char *)result->d + 20, 20, NULL);
+
+err:
+        if(acquired)
+                release_context(hac);
+        if(ctx)
+                {
+                BN_CTX_end(ctx);
+                BN_CTX_free(ctx);
+                }
+        return to_return;
+        }
+
+static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
+                                DSA_SIG *sig, DSA *dsa)
+        {
+        SW_CONTEXT_HANDLE hac;
+        SW_PARAM sw_param;
+        SW_STATUS sw_status;
+        SW_LARGENUMBER arg[2], res;
+        unsigned long sig_result;
+        BN_CTX *ctx;
+        BIGNUM *dsa_p = NULL;
+        BIGNUM *dsa_q = NULL;
+        BIGNUM *dsa_g = NULL;
+        BIGNUM *dsa_key = NULL;
+        BIGNUM *argument = NULL;
+        int to_return = -1;
+        int acquired = 0;
+
+        if((ctx = BN_CTX_new()) == NULL)
+                goto err;
+        if(!get_context(&hac))
+                {
+                CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_UNIT_FAILURE);
+                goto err;
+                }
+        acquired = 1;
+        /* Prepare the params */
+        BN_CTX_start(ctx);
+        dsa_p = BN_CTX_get(ctx);
+        dsa_q = BN_CTX_get(ctx);
+        dsa_g = BN_CTX_get(ctx);
+        dsa_key = BN_CTX_get(ctx);
+        argument = BN_CTX_get(ctx);
+        if(!argument)
+                {
+                CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BN_CTX_FULL);
+                goto err;
+                }
+        if(!bn_wexpand(dsa_p, dsa->p->top) ||
+                        !bn_wexpand(dsa_q, dsa->q->top) ||
+                        !bn_wexpand(dsa_g, dsa->g->top) ||
+                        !bn_wexpand(dsa_key, dsa->pub_key->top) ||
+                        !bn_wexpand(argument, 40))
+                {
+                CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BN_EXPAND_FAIL);
+                goto err;
+                }
+        sw_param.type = SW_ALG_DSA;
+        sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p,
+                                (unsigned char *)dsa_p->d);
+        sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;
+        sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q,
+                                (unsigned char *)dsa_q->d);
+        sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;
+        sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g,
+                                (unsigned char *)dsa_g->d);
+        sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;
+        sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->pub_key,
+                                (unsigned char *)dsa_key->d);
+        sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;
+        /* Attach the key params */
+        sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
+        switch(sw_status)
+                {
+        case SW_OK:
+                break;
+        case SW_ERR_INPUT_SIZE:
+                CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BAD_KEY_SIZE);
+                goto err;
+        default:
+                {
+                char tmpbuf[DECIMAL_SIZE(sw_status)+1];
+                CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);
+                sprintf(tmpbuf, "%ld", sw_status);
+                ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+                }
+                goto err;
+                }
+        /* Prepare the argument and response */
+        arg[0].nbytes = dgst_len;
+        arg[0].value = (unsigned char *)dgst;
+        arg[1].nbytes = 40;
+        arg[1].value = (unsigned char *)argument->d;
+        memset(arg[1].value, 0, 40);
+        BN_bn2bin(sig->r, arg[1].value + 20 - BN_num_bytes(sig->r));
+        BN_bn2bin(sig->s, arg[1].value + 40 - BN_num_bytes(sig->s));
+        res.nbytes = 4; /* unsigned long */
+        res.value = (unsigned char *)(&sig_result);
+        /* Perform the operation */
+        sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_VERIFY, arg, 2,
+                &res, 1);
+        if(sw_status != SW_OK)
+                {
+                char tmpbuf[DECIMAL_SIZE(sw_status)+1];
+                CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);
+                sprintf(tmpbuf, "%ld", sw_status);
+                ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+                goto err;
+                }
+        /* Convert the response */
+        to_return = ((sig_result == 0) ? 0 : 1);
+
+err:
+        if(acquired)
+                release_context(hac);
+        if(ctx)
+                {
+                BN_CTX_end(ctx);
+                BN_CTX_free(ctx);
+                }
+        return to_return;
+        }
+#endif
+
+#ifndef OPENSSL_NO_DH
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r,
+                const BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+        {
+        return cswift_mod_exp(r, a, p, m, ctx);
+        }
+#endif
+
+/* Random bytes are good */
+static int cswift_rand_bytes(unsigned char *buf, int num)
+{
+        SW_CONTEXT_HANDLE hac;
+        SW_STATUS swrc;
+        SW_LARGENUMBER largenum;
+        size_t nbytes = 0;
+        int acquired = 0;
+        int to_return = 0; /* assume failure */
+
+        if (!get_context(&hac))
+        {
+                CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_UNIT_FAILURE);
+                goto err;
+        }
+        acquired = 1;
+
+        while (nbytes < (size_t)num)
+        {
+                /* tell CryptoSwift how many bytes we want and where we want it.
+                 * Note: - CryptoSwift cannot do more than 4096 bytes at a time.
+                 *       - CryptoSwift can only do multiple of 32-bits. */
+                largenum.value = (SW_BYTE *) buf + nbytes;
+                if (4096 > num - nbytes)
+                        largenum.nbytes = num - nbytes;
+                else
+                        largenum.nbytes = 4096;
+
+                swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
+                if (swrc != SW_OK)
+                {
+                        char tmpbuf[20];
+                        CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_REQUEST_FAILED);
+                        sprintf(tmpbuf, "%ld", swrc);
+                        ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
+                        goto err;
+                }
+
+                nbytes += largenum.nbytes;
+        }
+        to_return = 1;  /* success */
+
+err:
+        if (acquired)
+                release_context(hac);
+        return to_return;
+}
+
+static int cswift_rand_status(void)
+{
+        return 1;
+}
+
+
+/* This stuff is needed if this ENGINE is being compiled into a self-contained
+ * shared-library. */
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_fn(ENGINE *e, const char *id)
+        {
+        if(id && (strcmp(id, engine_cswift_id) != 0))
+                return 0;
+        if(!bind_helper(e))
+                return 0;
+        return 1;
+        }       
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#endif /* ENGINE_DYNAMIC_SUPPORT */
+
+#endif /* !OPENSSL_NO_HW_CSWIFT */
+#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libcrypto/engine/hw_cswift_err.c b/src/lib/libcrypto/engine/hw_cswift_err.c
new file mode 100644
index 0000000000..684f53bf27
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_cswift_err.c
@@ -0,0 +1,149 @@
+/* hw_cswift_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "hw_cswift_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA CSWIFT_str_functs[]=
+        {
+{ERR_PACK(0,CSWIFT_F_CSWIFT_CTRL,0),    "CSWIFT_CTRL"},
+{ERR_PACK(0,CSWIFT_F_CSWIFT_DSA_SIGN,0),        "CSWIFT_DSA_SIGN"},
+{ERR_PACK(0,CSWIFT_F_CSWIFT_DSA_VERIFY,0),      "CSWIFT_DSA_VERIFY"},
+{ERR_PACK(0,CSWIFT_F_CSWIFT_FINISH,0),  "CSWIFT_FINISH"},
+{ERR_PACK(0,CSWIFT_F_CSWIFT_INIT,0),    "CSWIFT_INIT"},
+{ERR_PACK(0,CSWIFT_F_CSWIFT_MOD_EXP,0), "CSWIFT_MOD_EXP"},
+{ERR_PACK(0,CSWIFT_F_CSWIFT_MOD_EXP_CRT,0),     "CSWIFT_MOD_EXP_CRT"},
+{ERR_PACK(0,CSWIFT_F_CSWIFT_RSA_MOD_EXP,0),     "CSWIFT_RSA_MOD_EXP"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA CSWIFT_str_reasons[]=
+        {
+{CSWIFT_R_ALREADY_LOADED                 ,"already loaded"},
+{CSWIFT_R_BAD_KEY_SIZE                   ,"bad key size"},
+{CSWIFT_R_BN_CTX_FULL                    ,"bn ctx full"},
+{CSWIFT_R_BN_EXPAND_FAIL                 ,"bn expand fail"},
+{CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED   ,"ctrl command not implemented"},
+{CSWIFT_R_MISSING_KEY_COMPONENTS         ,"missing key components"},
+{CSWIFT_R_NOT_LOADED                     ,"not loaded"},
+{CSWIFT_R_REQUEST_FAILED                 ,"request failed"},
+{CSWIFT_R_UNIT_FAILURE                   ,"unit failure"},
+{0,NULL}
+        };
+
+#endif
+
+#ifdef CSWIFT_LIB_NAME
+static ERR_STRING_DATA CSWIFT_lib_name[]=
+        {
+{0      ,CSWIFT_LIB_NAME},
+{0,NULL}
+        };
+#endif
+
+
+static int CSWIFT_lib_error_code=0;
+static int CSWIFT_error_init=1;
+
+static void ERR_load_CSWIFT_strings(void)
+        {
+        if (CSWIFT_lib_error_code == 0)
+                CSWIFT_lib_error_code=ERR_get_next_error_library();
+
+        if (CSWIFT_error_init)
+                {
+                CSWIFT_error_init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(CSWIFT_lib_error_code,CSWIFT_str_functs);
+                ERR_load_strings(CSWIFT_lib_error_code,CSWIFT_str_reasons);
+#endif
+
+#ifdef CSWIFT_LIB_NAME
+                CSWIFT_lib_name->error = ERR_PACK(CSWIFT_lib_error_code,0,0);
+                ERR_load_strings(0,CSWIFT_lib_name);
+#endif
+                }
+        }
+
+static void ERR_unload_CSWIFT_strings(void)
+        {
+        if (CSWIFT_error_init == 0)
+                {
+#ifndef OPENSSL_NO_ERR
+                ERR_unload_strings(CSWIFT_lib_error_code,CSWIFT_str_functs);
+                ERR_unload_strings(CSWIFT_lib_error_code,CSWIFT_str_reasons);
+#endif
+
+#ifdef CSWIFT_LIB_NAME
+                ERR_unload_strings(0,CSWIFT_lib_name);
+#endif
+                CSWIFT_error_init=1;
+                }
+        }
+
+static void ERR_CSWIFT_error(int function, int reason, char *file, int line)
+        {
+        if (CSWIFT_lib_error_code == 0)
+                CSWIFT_lib_error_code=ERR_get_next_error_library();
+        ERR_PUT_error(CSWIFT_lib_error_code,function,reason,file,line);
+        }
diff --git a/src/lib/libcrypto/engine/hw_cswift_err.h b/src/lib/libcrypto/engine/hw_cswift_err.h
new file mode 100644
index 0000000000..7120c3216f
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_cswift_err.h
@@ -0,0 +1,93 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_CSWIFT_ERR_H
+#define HEADER_CSWIFT_ERR_H
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_CSWIFT_strings(void);
+static void ERR_unload_CSWIFT_strings(void);
+static void ERR_CSWIFT_error(int function, int reason, char *file, int line);
+#define CSWIFTerr(f,r) ERR_CSWIFT_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the CSWIFT functions. */
+
+/* Function codes. */
+#define CSWIFT_F_CSWIFT_CTRL                             100
+#define CSWIFT_F_CSWIFT_DSA_SIGN                         101
+#define CSWIFT_F_CSWIFT_DSA_VERIFY                       102
+#define CSWIFT_F_CSWIFT_FINISH                           103
+#define CSWIFT_F_CSWIFT_INIT                             104
+#define CSWIFT_F_CSWIFT_MOD_EXP                          105
+#define CSWIFT_F_CSWIFT_MOD_EXP_CRT                      106
+#define CSWIFT_F_CSWIFT_RSA_MOD_EXP                      107
+
+/* Reason codes. */
+#define CSWIFT_R_ALREADY_LOADED                          100
+#define CSWIFT_R_BAD_KEY_SIZE                            101
+#define CSWIFT_R_BN_CTX_FULL                             102
+#define CSWIFT_R_BN_EXPAND_FAIL                          103
+#define CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED            104
+#define CSWIFT_R_MISSING_KEY_COMPONENTS                  105
+#define CSWIFT_R_NOT_LOADED                              106
+#define CSWIFT_R_REQUEST_FAILED                          107
+#define CSWIFT_R_UNIT_FAILURE                            108
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/engine/hw_ncipher.c b/src/lib/libcrypto/engine/hw_ncipher.c
new file mode 100644
index 0000000000..0d1c6b8df0
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_ncipher.c
@@ -0,0 +1,1388 @@
+/* crypto/engine/hw_ncipher.c -*- mode: C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org), Geoff Thorpe
+ * (geoff@geoffthorpe.net) and Dr Stephen N Henson (shenson@bigfoot.com)
+ * for the OpenSSL project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "cryptlib.h"
+#include <openssl/crypto.h>
+#include <openssl/pem.h>
+#include <openssl/dso.h>
+#include <openssl/engine.h>
+#include <openssl/ui.h>
+
+#ifndef OPENSSL_NO_HW
+#ifndef OPENSSL_NO_HW_NCIPHER
+
+/* Attribution notice: nCipher have said several times that it's OK for
+ * us to implement a general interface to their boxes, and recently declared
+ * their HWCryptoHook to be public, and therefore available for us to use.
+ * Thanks, nCipher.
+ *
+ * The hwcryptohook.h included here is from May 2000.
+ * [Richard Levitte]
+ */
+#ifdef FLAT_INC
+#include "hwcryptohook.h"
+#else
+#include "vendor_defns/hwcryptohook.h"
+#endif
+
+#define HWCRHK_LIB_NAME "hwcrhk engine"
+#include "hw_ncipher_err.c"
+
+static int hwcrhk_destroy(ENGINE *e);
+static int hwcrhk_init(ENGINE *e);
+static int hwcrhk_finish(ENGINE *e);
+static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); 
+
+/* Functions to handle mutexes if have dynamic locks */
+static int hwcrhk_mutex_init(HWCryptoHook_Mutex*, HWCryptoHook_CallerContext*);
+static int hwcrhk_mutex_lock(HWCryptoHook_Mutex*);
+static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex*);
+static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex*);
+#if 1 /* This is a HACK which will disappear in 0.9.8 */
+/* Functions to handle mutexes if only have static locks */
+static int hwcrhk_static_mutex_init(HWCryptoHook_Mutex *m,
+                                    HWCryptoHook_CallerContext *c);
+static int hwcrhk_static_mutex_lock(HWCryptoHook_Mutex *m);
+static void hwcrhk_static_mutex_unlock(HWCryptoHook_Mutex *m);
+static void hwcrhk_static_mutex_destroy(HWCryptoHook_Mutex *m);
+#endif
+
+/* BIGNUM stuff */
+static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx);
+
+#ifndef OPENSSL_NO_RSA
+/* RSA stuff */
+static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa);
+#endif
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+
+#ifndef OPENSSL_NO_DH
+/* DH stuff */
+/* This function is alised to mod_exp (with the DH and mont dropped). */
+static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r,
+        const BIGNUM *a, const BIGNUM *p,
+        const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+#endif
+
+/* RAND stuff */
+static int hwcrhk_rand_bytes(unsigned char *buf, int num);
+static int hwcrhk_rand_status(void);
+
+/* KM stuff */
+static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
+        UI_METHOD *ui_method, void *callback_data);
+static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
+        UI_METHOD *ui_method, void *callback_data);
+static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
+        int ind,long argl, void *argp);
+
+/* Interaction stuff */
+static int hwcrhk_insert_card(const char *prompt_info,
+        const char *wrong_info,
+        HWCryptoHook_PassphraseContext *ppctx,
+        HWCryptoHook_CallerContext *cactx);
+static int hwcrhk_get_pass(const char *prompt_info,
+        int *len_io, char *buf,
+        HWCryptoHook_PassphraseContext *ppctx,
+        HWCryptoHook_CallerContext *cactx);
+static void hwcrhk_log_message(void *logstr, const char *message);
+
+/* The definitions for control commands specific to this engine */
+#define HWCRHK_CMD_SO_PATH              ENGINE_CMD_BASE
+#define HWCRHK_CMD_FORK_CHECK           (ENGINE_CMD_BASE + 1)
+#define HWCRHK_CMD_THREAD_LOCKING       (ENGINE_CMD_BASE + 2)
+#define HWCRHK_CMD_SET_USER_INTERFACE   (ENGINE_CMD_BASE + 3)
+#define HWCRHK_CMD_SET_CALLBACK_DATA    (ENGINE_CMD_BASE + 4)
+static const ENGINE_CMD_DEFN hwcrhk_cmd_defns[] = {
+        {HWCRHK_CMD_SO_PATH,
+                "SO_PATH",
+                "Specifies the path to the 'hwcrhk' shared library",
+                ENGINE_CMD_FLAG_STRING},
+        {HWCRHK_CMD_FORK_CHECK,
+                "FORK_CHECK",
+                "Turns fork() checking on or off (boolean)",
+                ENGINE_CMD_FLAG_NUMERIC},
+        {HWCRHK_CMD_THREAD_LOCKING,
+                "THREAD_LOCKING",
+                "Turns thread-safe locking on or off (boolean)",
+                ENGINE_CMD_FLAG_NUMERIC},
+        {HWCRHK_CMD_SET_USER_INTERFACE,
+                "SET_USER_INTERFACE",
+                "Set the global user interface (internal)",
+                ENGINE_CMD_FLAG_INTERNAL},
+        {HWCRHK_CMD_SET_CALLBACK_DATA,
+                "SET_CALLBACK_DATA",
+                "Set the global user interface extra data (internal)",
+                ENGINE_CMD_FLAG_INTERNAL},
+        {0, NULL, NULL, 0}
+        };
+
+#ifndef OPENSSL_NO_RSA
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD hwcrhk_rsa =
+        {
+        "nCipher RSA method",
+        NULL,
+        NULL,
+        NULL,
+        NULL,
+        hwcrhk_rsa_mod_exp,
+        hwcrhk_mod_exp_mont,
+        NULL,
+        NULL,
+        0,
+        NULL,
+        NULL,
+        NULL
+        };
+#endif
+
+#ifndef OPENSSL_NO_DH
+/* Our internal DH_METHOD that we provide pointers to */
+static DH_METHOD hwcrhk_dh =
+        {
+        "nCipher DH method",
+        NULL,
+        NULL,
+        hwcrhk_mod_exp_dh,
+        NULL,
+        NULL,
+        0,
+        NULL
+        };
+#endif
+
+static RAND_METHOD hwcrhk_rand =
+        {
+        /* "nCipher RAND method", */
+        NULL,
+        hwcrhk_rand_bytes,
+        NULL,
+        NULL,
+        hwcrhk_rand_bytes,
+        hwcrhk_rand_status,
+        };
+
+/* Constants used when creating the ENGINE */
+static const char *engine_hwcrhk_id = "chil";
+static const char *engine_hwcrhk_name = "nCipher hardware engine support";
+
+/* Internal stuff for HWCryptoHook */
+
+/* Some structures needed for proper use of thread locks */
+/* hwcryptohook.h has some typedefs that turn struct HWCryptoHook_MutexValue
+   into HWCryptoHook_Mutex */
+struct HWCryptoHook_MutexValue
+        {
+        int lockid;
+        };
+
+/* hwcryptohook.h has some typedefs that turn
+   struct HWCryptoHook_PassphraseContextValue
+   into HWCryptoHook_PassphraseContext */
+struct HWCryptoHook_PassphraseContextValue
+        {
+        UI_METHOD *ui_method;
+        void *callback_data;
+        };
+
+/* hwcryptohook.h has some typedefs that turn
+   struct HWCryptoHook_CallerContextValue
+   into HWCryptoHook_CallerContext */
+struct HWCryptoHook_CallerContextValue
+        {
+        pem_password_cb *password_callback; /* Deprecated!  Only present for
+                                               backward compatibility! */
+        UI_METHOD *ui_method;
+        void *callback_data;
+        };
+
+/* The MPI structure in HWCryptoHook is pretty compatible with OpenSSL
+   BIGNUM's, so lets define a couple of conversion macros */
+#define BN2MPI(mp, bn) \
+    {mp.size = bn->top * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;}
+#define MPI2BN(bn, mp) \
+    {mp.size = bn->dmax * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;}
+
+static BIO *logstream = NULL;
+static int disable_mutex_callbacks = 0;
+
+/* One might wonder why these are needed, since one can pass down at least
+   a UI_METHOD and a pointer to callback data to the key-loading functions.
+   The thing is that the ModExp and RSAImmed functions can load keys as well,
+   if the data they get is in a special, nCipher-defined format (hint: if you
+   look at the private exponent of the RSA data as a string, you'll see this
+   string: "nCipher KM tool key id", followed by some bytes, followed a key
+   identity string, followed by more bytes.  This happens when you use "embed"
+   keys instead of "hwcrhk" keys).  Unfortunately, those functions do not take
+   any passphrase or caller context, and our functions can't really take any
+   callback data either.  Still, the "insert_card" and "get_passphrase"
+   callbacks may be called down the line, and will need to know what user
+   interface callbacks to call, and having callback data from the application
+   may be a nice thing as well, so we need to keep track of that globally. */
+static HWCryptoHook_CallerContext password_context = { NULL, NULL, NULL };
+
+/* Stuff to pass to the HWCryptoHook library */
+static HWCryptoHook_InitInfo hwcrhk_globals = {
+        HWCryptoHook_InitFlags_SimpleForkCheck, /* Flags */
+        &logstream,             /* logstream */
+        sizeof(BN_ULONG),       /* limbsize */
+        0,                      /* mslimb first: false for BNs */
+        -1,                     /* msbyte first: use native */
+        0,                      /* Max mutexes, 0 = no small limit */
+        0,                      /* Max simultaneous, 0 = default */
+
+        /* The next few are mutex stuff: we write wrapper functions
+           around the OS mutex functions.  We initialise them to 0
+           here, and change that to actual function pointers in hwcrhk_init()
+           if dynamic locks are supported (that is, if the application
+           programmer has made sure of setting up callbacks bafore starting
+           this engine) *and* if disable_mutex_callbacks hasn't been set by
+           a call to ENGINE_ctrl(ENGINE_CTRL_CHIL_NO_LOCKING). */
+        sizeof(HWCryptoHook_Mutex),
+        0,
+        0,
+        0,
+        0,
+
+        /* The next few are condvar stuff: we write wrapper functions
+           round the OS functions.  Currently not implemented and not
+           and absolute necessity even in threaded programs, therefore
+           0'ed.  Will hopefully be implemented some day, since it
+           enhances the efficiency of HWCryptoHook.  */
+        0, /* sizeof(HWCryptoHook_CondVar), */
+        0, /* hwcrhk_cv_init, */
+        0, /* hwcrhk_cv_wait, */
+        0, /* hwcrhk_cv_signal, */
+        0, /* hwcrhk_cv_broadcast, */
+        0, /* hwcrhk_cv_destroy, */
+
+        hwcrhk_get_pass,        /* pass phrase */
+        hwcrhk_insert_card,     /* insert a card */
+        hwcrhk_log_message      /* Log message */
+};
+
+
+/* Now, to our own code */
+
+/* This internal function is used by ENGINE_ncipher() and possibly by the
+ * "dynamic" ENGINE support too */
+static int bind_helper(ENGINE *e)
+        {
+#ifndef OPENSSL_NO_RSA
+        const RSA_METHOD *meth1;
+#endif
+#ifndef OPENSSL_NO_DH
+        const DH_METHOD *meth2;
+#endif
+        if(!ENGINE_set_id(e, engine_hwcrhk_id) ||
+                        !ENGINE_set_name(e, engine_hwcrhk_name) ||
+#ifndef OPENSSL_NO_RSA
+                        !ENGINE_set_RSA(e, &hwcrhk_rsa) ||
+#endif
+#ifndef OPENSSL_NO_DH
+                        !ENGINE_set_DH(e, &hwcrhk_dh) ||
+#endif
+                        !ENGINE_set_RAND(e, &hwcrhk_rand) ||
+                        !ENGINE_set_destroy_function(e, hwcrhk_destroy) ||
+                        !ENGINE_set_init_function(e, hwcrhk_init) ||
+                        !ENGINE_set_finish_function(e, hwcrhk_finish) ||
+                        !ENGINE_set_ctrl_function(e, hwcrhk_ctrl) ||
+                        !ENGINE_set_load_privkey_function(e, hwcrhk_load_privkey) ||
+                        !ENGINE_set_load_pubkey_function(e, hwcrhk_load_pubkey) ||
+                        !ENGINE_set_cmd_defns(e, hwcrhk_cmd_defns))
+                return 0;
+
+#ifndef OPENSSL_NO_RSA
+        /* We know that the "PKCS1_SSLeay()" functions hook properly
+         * to the cswift-specific mod_exp and mod_exp_crt so we use
+         * those functions. NB: We don't use ENGINE_openssl() or
+         * anything "more generic" because something like the RSAref
+         * code may not hook properly, and if you own one of these
+         * cards then you have the right to do RSA operations on it
+         * anyway! */ 
+        meth1 = RSA_PKCS1_SSLeay();
+        hwcrhk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+        hwcrhk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+        hwcrhk_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+        hwcrhk_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+#endif
+
+#ifndef OPENSSL_NO_DH
+        /* Much the same for Diffie-Hellman */
+        meth2 = DH_OpenSSL();
+        hwcrhk_dh.generate_key = meth2->generate_key;
+        hwcrhk_dh.compute_key = meth2->compute_key;
+#endif
+
+        /* Ensure the hwcrhk error handling is set up */
+        ERR_load_HWCRHK_strings();
+        return 1;
+        }
+
+#ifndef ENGINE_DYNAMIC_SUPPORT
+static ENGINE *engine_ncipher(void)
+        {
+        ENGINE *ret = ENGINE_new();
+        if(!ret)
+                return NULL;
+        if(!bind_helper(ret))
+                {
+                ENGINE_free(ret);
+                return NULL;
+                }
+        return ret;
+        }
+
+void ENGINE_load_chil(void)
+        {
+        /* Copied from eng_[openssl|dyn].c */
+        ENGINE *toadd = engine_ncipher();
+        if(!toadd) return;
+        ENGINE_add(toadd);
+        ENGINE_free(toadd);
+        ERR_clear_error();
+        }
+#endif
+
+/* This is a process-global DSO handle used for loading and unloading
+ * the HWCryptoHook library. NB: This is only set (or unset) during an
+ * init() or finish() call (reference counts permitting) and they're
+ * operating with global locks, so this should be thread-safe
+ * implicitly. */
+static DSO *hwcrhk_dso = NULL;
+static HWCryptoHook_ContextHandle hwcrhk_context = 0;
+#ifndef OPENSSL_NO_RSA
+static int hndidx_rsa = -1;    /* Index for KM handle.  Not really used yet. */
+#endif
+
+/* These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded. */
+static HWCryptoHook_Init_t *p_hwcrhk_Init = NULL;
+static HWCryptoHook_Finish_t *p_hwcrhk_Finish = NULL;
+static HWCryptoHook_ModExp_t *p_hwcrhk_ModExp = NULL;
+#ifndef OPENSSL_NO_RSA
+static HWCryptoHook_RSA_t *p_hwcrhk_RSA = NULL;
+#endif
+static HWCryptoHook_RandomBytes_t *p_hwcrhk_RandomBytes = NULL;
+#ifndef OPENSSL_NO_RSA
+static HWCryptoHook_RSALoadKey_t *p_hwcrhk_RSALoadKey = NULL;
+static HWCryptoHook_RSAGetPublicKey_t *p_hwcrhk_RSAGetPublicKey = NULL;
+static HWCryptoHook_RSAUnloadKey_t *p_hwcrhk_RSAUnloadKey = NULL;
+#endif
+static HWCryptoHook_ModExpCRT_t *p_hwcrhk_ModExpCRT = NULL;
+
+/* Used in the DSO operations. */
+static const char *HWCRHK_LIBNAME = NULL;
+static void free_HWCRHK_LIBNAME(void)
+        {
+        if(HWCRHK_LIBNAME)
+                OPENSSL_free((void*)HWCRHK_LIBNAME);
+        HWCRHK_LIBNAME = NULL;
+        }
+static const char *get_HWCRHK_LIBNAME(void)
+        {
+        if(HWCRHK_LIBNAME)
+                return HWCRHK_LIBNAME;
+        return "nfhwcrhk";
+        }
+static long set_HWCRHK_LIBNAME(const char *name)
+        {
+        free_HWCRHK_LIBNAME();
+        return (((HWCRHK_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
+        }
+static const char *n_hwcrhk_Init = "HWCryptoHook_Init";
+static const char *n_hwcrhk_Finish = "HWCryptoHook_Finish";
+static const char *n_hwcrhk_ModExp = "HWCryptoHook_ModExp";
+#ifndef OPENSSL_NO_RSA
+static const char *n_hwcrhk_RSA = "HWCryptoHook_RSA";
+#endif
+static const char *n_hwcrhk_RandomBytes = "HWCryptoHook_RandomBytes";
+#ifndef OPENSSL_NO_RSA
+static const char *n_hwcrhk_RSALoadKey = "HWCryptoHook_RSALoadKey";
+static const char *n_hwcrhk_RSAGetPublicKey = "HWCryptoHook_RSAGetPublicKey";
+static const char *n_hwcrhk_RSAUnloadKey = "HWCryptoHook_RSAUnloadKey";
+#endif
+static const char *n_hwcrhk_ModExpCRT = "HWCryptoHook_ModExpCRT";
+
+/* HWCryptoHook library functions and mechanics - these are used by the
+ * higher-level functions further down. NB: As and where there's no
+ * error checking, take a look lower down where these functions are
+ * called, the checking and error handling is probably down there. */
+
+/* utility function to obtain a context */
+static int get_context(HWCryptoHook_ContextHandle *hac,
+        HWCryptoHook_CallerContext *cac)
+        {
+        char tempbuf[1024];
+        HWCryptoHook_ErrMsgBuf rmsg;
+
+        rmsg.buf = tempbuf;
+        rmsg.size = sizeof(tempbuf);
+
+        *hac = p_hwcrhk_Init(&hwcrhk_globals, sizeof(hwcrhk_globals), &rmsg,
+                cac);
+        if (!*hac)
+                return 0;
+        return 1;
+        }
+ 
+/* similarly to release one. */
+static void release_context(HWCryptoHook_ContextHandle hac)
+        {
+        p_hwcrhk_Finish(hac);
+        }
+
+/* Destructor (complements the "ENGINE_ncipher()" constructor) */
+static int hwcrhk_destroy(ENGINE *e)
+        {
+        free_HWCRHK_LIBNAME();
+        ERR_unload_HWCRHK_strings();
+        return 1;
+        }
+
+/* (de)initialisation functions. */
+static int hwcrhk_init(ENGINE *e)
+        {
+        HWCryptoHook_Init_t *p1;
+        HWCryptoHook_Finish_t *p2;
+        HWCryptoHook_ModExp_t *p3;
+#ifndef OPENSSL_NO_RSA
+        HWCryptoHook_RSA_t *p4;
+        HWCryptoHook_RSALoadKey_t *p5;
+        HWCryptoHook_RSAGetPublicKey_t *p6;
+        HWCryptoHook_RSAUnloadKey_t *p7;
+#endif
+        HWCryptoHook_RandomBytes_t *p8;
+        HWCryptoHook_ModExpCRT_t *p9;
+
+        if(hwcrhk_dso != NULL)
+                {
+                HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_ALREADY_LOADED);
+                goto err;
+                }
+        /* Attempt to load libnfhwcrhk.so/nfhwcrhk.dll/whatever. */
+        hwcrhk_dso = DSO_load(NULL, get_HWCRHK_LIBNAME(), NULL, 0);
+        if(hwcrhk_dso == NULL)
+                {
+                HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DSO_FAILURE);
+                goto err;
+                }
+        if(!(p1 = (HWCryptoHook_Init_t *)
+                        DSO_bind_func(hwcrhk_dso, n_hwcrhk_Init)) ||
+                !(p2 = (HWCryptoHook_Finish_t *)
+                        DSO_bind_func(hwcrhk_dso, n_hwcrhk_Finish)) ||
+                !(p3 = (HWCryptoHook_ModExp_t *)
+                        DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExp)) ||
+#ifndef OPENSSL_NO_RSA
+                !(p4 = (HWCryptoHook_RSA_t *)
+                        DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSA)) ||
+                !(p5 = (HWCryptoHook_RSALoadKey_t *)
+                        DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSALoadKey)) ||
+                !(p6 = (HWCryptoHook_RSAGetPublicKey_t *)
+                        DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAGetPublicKey)) ||
+                !(p7 = (HWCryptoHook_RSAUnloadKey_t *)
+                        DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAUnloadKey)) ||
+#endif
+                !(p8 = (HWCryptoHook_RandomBytes_t *)
+                        DSO_bind_func(hwcrhk_dso, n_hwcrhk_RandomBytes)) ||
+                !(p9 = (HWCryptoHook_ModExpCRT_t *)
+                        DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExpCRT)))
+                {
+                HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DSO_FAILURE);
+                goto err;
+                }
+        /* Copy the pointers */
+        p_hwcrhk_Init = p1;
+        p_hwcrhk_Finish = p2;
+        p_hwcrhk_ModExp = p3;
+#ifndef OPENSSL_NO_RSA
+        p_hwcrhk_RSA = p4;
+        p_hwcrhk_RSALoadKey = p5;
+        p_hwcrhk_RSAGetPublicKey = p6;
+        p_hwcrhk_RSAUnloadKey = p7;
+#endif
+        p_hwcrhk_RandomBytes = p8;
+        p_hwcrhk_ModExpCRT = p9;
+
+        /* Check if the application decided to support dynamic locks,
+           and if it does, use them. */
+        if (disable_mutex_callbacks == 0)
+                {
+                if (CRYPTO_get_dynlock_create_callback() != NULL &&
+                        CRYPTO_get_dynlock_lock_callback() != NULL &&
+                        CRYPTO_get_dynlock_destroy_callback() != NULL)
+                        {
+                        hwcrhk_globals.mutex_init = hwcrhk_mutex_init;
+                        hwcrhk_globals.mutex_acquire = hwcrhk_mutex_lock;
+                        hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock;
+                        hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy;
+                        }
+                else if (CRYPTO_get_locking_callback() != NULL)
+                        {
+                        HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DYNAMIC_LOCKING_MISSING);
+                        ERR_add_error_data(1,"You HAVE to add dynamic locking callbacks via CRYPTO_set_dynlock_{create,lock,destroy}_callback()");
+#if 1 /* This is a HACK which will disappear in 0.9.8 */
+                        hwcrhk_globals.maxmutexes    = 1; /* Only have one lock */
+                        hwcrhk_globals.mutex_init    = hwcrhk_static_mutex_init;
+                        hwcrhk_globals.mutex_acquire = hwcrhk_static_mutex_lock;
+                        hwcrhk_globals.mutex_release = hwcrhk_static_mutex_unlock;
+                        hwcrhk_globals.mutex_destroy = hwcrhk_static_mutex_destroy;
+#else
+                        goto err;
+#endif
+                        }
+                }
+
+        /* Try and get a context - if not, we may have a DSO but no
+         * accelerator! */
+        if(!get_context(&hwcrhk_context, &password_context))
+                {
+                HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_UNIT_FAILURE);
+                goto err;
+                }
+        /* Everything's fine. */
+#ifndef OPENSSL_NO_RSA
+        if (hndidx_rsa == -1)
+                hndidx_rsa = RSA_get_ex_new_index(0,
+                        "nFast HWCryptoHook RSA key handle",
+                        NULL, NULL, hwcrhk_ex_free);
+#endif
+        return 1;
+err:
+        if(hwcrhk_dso)
+                DSO_free(hwcrhk_dso);
+        hwcrhk_dso = NULL;
+        p_hwcrhk_Init = NULL;
+        p_hwcrhk_Finish = NULL;
+        p_hwcrhk_ModExp = NULL;
+#ifndef OPENSSL_NO_RSA
+        p_hwcrhk_RSA = NULL;
+        p_hwcrhk_RSALoadKey = NULL;
+        p_hwcrhk_RSAGetPublicKey = NULL;
+        p_hwcrhk_RSAUnloadKey = NULL;
+#endif
+        p_hwcrhk_ModExpCRT = NULL;
+        p_hwcrhk_RandomBytes = NULL;
+        return 0;
+        }
+
+static int hwcrhk_finish(ENGINE *e)
+        {
+        int to_return = 1;
+        free_HWCRHK_LIBNAME();
+        if(hwcrhk_dso == NULL)
+                {
+                HWCRHKerr(HWCRHK_F_HWCRHK_FINISH,HWCRHK_R_NOT_LOADED);
+                to_return = 0;
+                goto err;
+                }
+        release_context(hwcrhk_context);
+        if(!DSO_free(hwcrhk_dso))
+                {
+                HWCRHKerr(HWCRHK_F_HWCRHK_FINISH,HWCRHK_R_DSO_FAILURE);
+                to_return = 0;
+                goto err;
+                }
+ err:
+        if (logstream)
+                BIO_free(logstream);
+        hwcrhk_dso = NULL;
+        p_hwcrhk_Init = NULL;
+        p_hwcrhk_Finish = NULL;
+        p_hwcrhk_ModExp = NULL;
+#ifndef OPENSSL_NO_RSA
+        p_hwcrhk_RSA = NULL;
+        p_hwcrhk_RSALoadKey = NULL;
+        p_hwcrhk_RSAGetPublicKey = NULL;
+        p_hwcrhk_RSAUnloadKey = NULL;
+#endif
+        p_hwcrhk_ModExpCRT = NULL;
+        p_hwcrhk_RandomBytes = NULL;
+        return to_return;
+        }
+
+static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+        {
+        int to_return = 1;
+
+        switch(cmd)
+                {
+        case HWCRHK_CMD_SO_PATH:
+                if(hwcrhk_dso)
+                        {
+                        HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,HWCRHK_R_ALREADY_LOADED);
+                        return 0;
+                        }
+                if(p == NULL)
+                        {
+                        HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+                        return 0;
+                        }
+                return set_HWCRHK_LIBNAME((const char *)p);
+        case ENGINE_CTRL_SET_LOGSTREAM:
+                {
+                BIO *bio = (BIO *)p;
+
+                CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+                if (logstream)
+                        {
+                        BIO_free(logstream);
+                        logstream = NULL;
+                        }
+                if (CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO) > 1)
+                        logstream = bio;
+                else
+                        HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,HWCRHK_R_BIO_WAS_FREED);
+                }
+                CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+                break;
+        case ENGINE_CTRL_SET_PASSWORD_CALLBACK:
+                CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+                password_context.password_callback = (pem_password_cb *)f;
+                CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+                break;
+        case ENGINE_CTRL_SET_USER_INTERFACE:
+        case HWCRHK_CMD_SET_USER_INTERFACE:
+                CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+                password_context.ui_method = (UI_METHOD *)p;
+                CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+                break;
+        case ENGINE_CTRL_SET_CALLBACK_DATA:
+        case HWCRHK_CMD_SET_CALLBACK_DATA:
+                CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+                password_context.callback_data = p;
+                CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+                break;
+        /* this enables or disables the "SimpleForkCheck" flag used in the
+         * initialisation structure. */
+        case ENGINE_CTRL_CHIL_SET_FORKCHECK:
+        case HWCRHK_CMD_FORK_CHECK:
+                CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+                if(i)
+                        hwcrhk_globals.flags |=
+                                HWCryptoHook_InitFlags_SimpleForkCheck;
+                else
+                        hwcrhk_globals.flags &=
+                                ~HWCryptoHook_InitFlags_SimpleForkCheck;
+                CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+                break;
+        /* This will prevent the initialisation function from "installing"
+         * the mutex-handling callbacks, even if they are available from
+         * within the library (or were provided to the library from the
+         * calling application). This is to remove any baggage for
+         * applications not using multithreading. */
+        case ENGINE_CTRL_CHIL_NO_LOCKING:
+                CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+                disable_mutex_callbacks = 1;
+                CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+                break;
+        case HWCRHK_CMD_THREAD_LOCKING:
+                CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+                disable_mutex_callbacks = ((i == 0) ? 0 : 1);
+                CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+                break;
+
+        /* The command isn't understood by this engine */
+        default:
+                HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,
+                        HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+                to_return = 0;
+                break;
+                }
+
+        return to_return;
+        }
+
+static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
+        UI_METHOD *ui_method, void *callback_data)
+        {
+#ifndef OPENSSL_NO_RSA
+        RSA *rtmp = NULL;
+#endif
+        EVP_PKEY *res = NULL;
+#ifndef OPENSSL_NO_RSA
+        HWCryptoHook_MPI e, n;
+        HWCryptoHook_RSAKeyHandle *hptr;
+#endif
+#if !defined(OPENSSL_NO_RSA)
+        char tempbuf[1024];
+        HWCryptoHook_ErrMsgBuf rmsg;
+#endif
+        HWCryptoHook_PassphraseContext ppctx;
+
+#if !defined(OPENSSL_NO_RSA)
+        rmsg.buf = tempbuf;
+        rmsg.size = sizeof(tempbuf);
+#endif
+
+        if(!hwcrhk_context)
+                {
+                HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
+                        HWCRHK_R_NOT_INITIALISED);
+                goto err;
+                }
+#ifndef OPENSSL_NO_RSA
+        hptr = OPENSSL_malloc(sizeof(HWCryptoHook_RSAKeyHandle));
+        if (!hptr)
+                {
+                HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
+                        ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        ppctx.ui_method = ui_method;
+        ppctx.callback_data = callback_data;
+        if (p_hwcrhk_RSALoadKey(hwcrhk_context, key_id, hptr,
+                &rmsg, &ppctx))
+                {
+                HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
+                        HWCRHK_R_CHIL_ERROR);
+                ERR_add_error_data(1,rmsg.buf);
+                goto err;
+                }
+        if (!*hptr)
+                {
+                HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
+                        HWCRHK_R_NO_KEY);
+                goto err;
+                }
+#endif
+#ifndef OPENSSL_NO_RSA
+        rtmp = RSA_new_method(eng);
+        RSA_set_ex_data(rtmp, hndidx_rsa, (char *)hptr);
+        rtmp->e = BN_new();
+        rtmp->n = BN_new();
+        rtmp->flags |= RSA_FLAG_EXT_PKEY;
+        MPI2BN(rtmp->e, e);
+        MPI2BN(rtmp->n, n);
+        if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg)
+                != HWCRYPTOHOOK_ERROR_MPISIZE)
+                {
+                HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,HWCRHK_R_CHIL_ERROR);
+                ERR_add_error_data(1,rmsg.buf);
+                goto err;
+                }
+
+        bn_expand2(rtmp->e, e.size/sizeof(BN_ULONG));
+        bn_expand2(rtmp->n, n.size/sizeof(BN_ULONG));
+        MPI2BN(rtmp->e, e);
+        MPI2BN(rtmp->n, n);
+
+        if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg))
+                {
+                HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,
+                        HWCRHK_R_CHIL_ERROR);
+                ERR_add_error_data(1,rmsg.buf);
+                goto err;
+                }
+        rtmp->e->top = e.size / sizeof(BN_ULONG);
+        bn_fix_top(rtmp->e);
+        rtmp->n->top = n.size / sizeof(BN_ULONG);
+        bn_fix_top(rtmp->n);
+
+        res = EVP_PKEY_new();
+        EVP_PKEY_assign_RSA(res, rtmp);
+#endif
+
+        if (!res)
+                HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,
+                        HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED);
+
+        return res;
+ err:
+        if (res)
+                EVP_PKEY_free(res);
+#ifndef OPENSSL_NO_RSA
+        if (rtmp)
+                RSA_free(rtmp);
+#endif
+        return NULL;
+        }
+
+static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
+        UI_METHOD *ui_method, void *callback_data)
+        {
+        EVP_PKEY *res = NULL;
+
+#ifndef OPENSSL_NO_RSA
+        res = hwcrhk_load_privkey(eng, key_id,
+                ui_method, callback_data);
+#endif
+
+        if (res)
+                switch(res->type)
+                        {
+#ifndef OPENSSL_NO_RSA
+                case EVP_PKEY_RSA:
+                        {
+                        RSA *rsa = NULL;
+
+                        CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
+                        rsa = res->pkey.rsa;
+                        res->pkey.rsa = RSA_new();
+                        res->pkey.rsa->n = rsa->n;
+                        res->pkey.rsa->e = rsa->e;
+                        rsa->n = NULL;
+                        rsa->e = NULL;
+                        CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
+                        RSA_free(rsa);
+                        }
+                        break;
+#endif
+                default:
+                        HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,
+                                HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+                        goto err;
+                        }
+
+        return res;
+ err:
+        if (res)
+                EVP_PKEY_free(res);
+        return NULL;
+        }
+
+/* A little mod_exp */
+static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                        const BIGNUM *m, BN_CTX *ctx)
+        {
+        char tempbuf[1024];
+        HWCryptoHook_ErrMsgBuf rmsg;
+        /* Since HWCryptoHook_MPI is pretty compatible with BIGNUM's,
+           we use them directly, plus a little macro magic.  We only
+           thing we need to make sure of is that enough space is allocated. */
+        HWCryptoHook_MPI m_a, m_p, m_n, m_r;
+        int to_return, ret;
+ 
+        to_return = 0; /* expect failure */
+        rmsg.buf = tempbuf;
+        rmsg.size = sizeof(tempbuf);
+
+        if(!hwcrhk_context)
+                {
+                HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_NOT_INITIALISED);
+                goto err;
+                }
+        /* Prepare the params */
+        bn_expand2(r, m->top);  /* Check for error !! */
+        BN2MPI(m_a, a);
+        BN2MPI(m_p, p);
+        BN2MPI(m_n, m);
+        MPI2BN(r, m_r);
+
+        /* Perform the operation */
+        ret = p_hwcrhk_ModExp(hwcrhk_context, m_a, m_p, m_n, &m_r, &rmsg);
+
+        /* Convert the response */
+        r->top = m_r.size / sizeof(BN_ULONG);
+        bn_fix_top(r);
+
+        if (ret < 0)
+                {
+                /* FIXME: When this error is returned, HWCryptoHook is
+                   telling us that falling back to software computation
+                   might be a good thing. */
+                if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
+                        {
+                        HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_REQUEST_FALLBACK);
+                        }
+                else
+                        {
+                        HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_REQUEST_FAILED);
+                        }
+                ERR_add_error_data(1,rmsg.buf);
+                goto err;
+                }
+
+        to_return = 1;
+err:
+        return to_return;
+        }
+
+#ifndef OPENSSL_NO_RSA 
+static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa)
+        {
+        char tempbuf[1024];
+        HWCryptoHook_ErrMsgBuf rmsg;
+        HWCryptoHook_RSAKeyHandle *hptr;
+        int to_return = 0, ret;
+
+        rmsg.buf = tempbuf;
+        rmsg.size = sizeof(tempbuf);
+
+        if(!hwcrhk_context)
+                {
+                HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_NOT_INITIALISED);
+                goto err;
+                }
+
+        /* This provides support for nForce keys.  Since that's opaque data
+           all we do is provide a handle to the proper key and let HWCryptoHook
+           take care of the rest. */
+        if ((hptr = (HWCryptoHook_RSAKeyHandle *) RSA_get_ex_data(rsa, hndidx_rsa))
+                != NULL)
+                {
+                HWCryptoHook_MPI m_a, m_r;
+
+                if(!rsa->n)
+                        {
+                        HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+                                HWCRHK_R_MISSING_KEY_COMPONENTS);
+                        goto err;
+                        }
+
+                /* Prepare the params */
+                bn_expand2(r, rsa->n->top); /* Check for error !! */
+                BN2MPI(m_a, I);
+                MPI2BN(r, m_r);
+
+                /* Perform the operation */
+                ret = p_hwcrhk_RSA(m_a, *hptr, &m_r, &rmsg);
+
+                /* Convert the response */
+                r->top = m_r.size / sizeof(BN_ULONG);
+                bn_fix_top(r);
+
+                if (ret < 0)
+                        {
+                        /* FIXME: When this error is returned, HWCryptoHook is
+                           telling us that falling back to software computation
+                           might be a good thing. */
+                        if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
+                                {
+                                HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+                                        HWCRHK_R_REQUEST_FALLBACK);
+                                }
+                        else
+                                {
+                                HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+                                        HWCRHK_R_REQUEST_FAILED);
+                                }
+                        ERR_add_error_data(1,rmsg.buf);
+                        goto err;
+                        }
+                }
+        else
+                {
+                HWCryptoHook_MPI m_a, m_p, m_q, m_dmp1, m_dmq1, m_iqmp, m_r;
+
+                if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
+                        {
+                        HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+                                HWCRHK_R_MISSING_KEY_COMPONENTS);
+                        goto err;
+                        }
+
+                /* Prepare the params */
+                bn_expand2(r, rsa->n->top); /* Check for error !! */
+                BN2MPI(m_a, I);
+                BN2MPI(m_p, rsa->p);
+                BN2MPI(m_q, rsa->q);
+                BN2MPI(m_dmp1, rsa->dmp1);
+                BN2MPI(m_dmq1, rsa->dmq1);
+                BN2MPI(m_iqmp, rsa->iqmp);
+                MPI2BN(r, m_r);
+
+                /* Perform the operation */
+                ret = p_hwcrhk_ModExpCRT(hwcrhk_context, m_a, m_p, m_q,
+                        m_dmp1, m_dmq1, m_iqmp, &m_r, &rmsg);
+
+                /* Convert the response */
+                r->top = m_r.size / sizeof(BN_ULONG);
+                bn_fix_top(r);
+
+                if (ret < 0)
+                        {
+                        /* FIXME: When this error is returned, HWCryptoHook is
+                           telling us that falling back to software computation
+                           might be a good thing. */
+                        if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
+                                {
+                                HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+                                        HWCRHK_R_REQUEST_FALLBACK);
+                                }
+                        else
+                                {
+                                HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+                                        HWCRHK_R_REQUEST_FAILED);
+                                }
+                        ERR_add_error_data(1,rmsg.buf);
+                        goto err;
+                        }
+                }
+        /* If we're here, we must be here with some semblance of success :-) */
+        to_return = 1;
+err:
+        return to_return;
+        }
+#endif
+
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+        {
+        return hwcrhk_mod_exp(r, a, p, m, ctx);
+        }
+
+#ifndef OPENSSL_NO_DH
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r,
+                const BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+        {
+        return hwcrhk_mod_exp(r, a, p, m, ctx);
+        }
+#endif
+
+/* Random bytes are good */
+static int hwcrhk_rand_bytes(unsigned char *buf, int num)
+        {
+        char tempbuf[1024];
+        HWCryptoHook_ErrMsgBuf rmsg;
+        int to_return = 0; /* assume failure */
+        int ret;
+
+        rmsg.buf = tempbuf;
+        rmsg.size = sizeof(tempbuf);
+
+        if(!hwcrhk_context)
+                {
+                HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES,HWCRHK_R_NOT_INITIALISED);
+                goto err;
+                }
+
+        ret = p_hwcrhk_RandomBytes(hwcrhk_context, buf, num, &rmsg);
+        if (ret < 0)
+                {
+                /* FIXME: When this error is returned, HWCryptoHook is
+                   telling us that falling back to software computation
+                   might be a good thing. */
+                if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
+                        {
+                        HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES,
+                                HWCRHK_R_REQUEST_FALLBACK);
+                        }
+                else
+                        {
+                        HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES,
+                                HWCRHK_R_REQUEST_FAILED);
+                        }
+                ERR_add_error_data(1,rmsg.buf);
+                goto err;
+                }
+        to_return = 1;
+ err:
+        return to_return;
+        }
+
+static int hwcrhk_rand_status(void)
+        {
+        return 1;
+        }
+
+/* This cleans up an RSA KM key, called when ex_data is freed */
+
+static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
+        int ind,long argl, void *argp)
+{
+        char tempbuf[1024];
+        HWCryptoHook_ErrMsgBuf rmsg;
+#ifndef OPENSSL_NO_RSA
+        HWCryptoHook_RSAKeyHandle *hptr;
+#endif
+#if !defined(OPENSSL_NO_RSA)
+        int ret;
+#endif
+
+        rmsg.buf = tempbuf;
+        rmsg.size = sizeof(tempbuf);
+
+#ifndef OPENSSL_NO_RSA
+        hptr = (HWCryptoHook_RSAKeyHandle *) item;
+        if(hptr)
+                {
+                ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL);
+                OPENSSL_free(hptr);
+                }
+#endif
+}
+
+/* Mutex calls: since the HWCryptoHook model closely follows the POSIX model
+ * these just wrap the POSIX functions and add some logging.
+ */
+
+static int hwcrhk_mutex_init(HWCryptoHook_Mutex* mt,
+        HWCryptoHook_CallerContext *cactx)
+        {
+        mt->lockid = CRYPTO_get_new_dynlockid();
+        if (mt->lockid == 0)
+                return 1; /* failure */
+        return 0; /* success */
+        }
+
+static int hwcrhk_mutex_lock(HWCryptoHook_Mutex *mt)
+        {
+        CRYPTO_w_lock(mt->lockid);
+        return 0;
+        }
+
+static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex * mt)
+        {
+        CRYPTO_w_unlock(mt->lockid);
+        }
+
+static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex *mt)
+        {
+        CRYPTO_destroy_dynlockid(mt->lockid);
+        }
+
+/* Mutex upcalls to use if the application does not support dynamic locks */
+
+static int hwcrhk_static_mutex_init(HWCryptoHook_Mutex *m,
+        HWCryptoHook_CallerContext *c)
+        {
+        return 0;
+        }
+static int hwcrhk_static_mutex_lock(HWCryptoHook_Mutex *m)
+        {
+        CRYPTO_w_lock(CRYPTO_LOCK_HWCRHK);
+        return 0;
+        }
+static void hwcrhk_static_mutex_unlock(HWCryptoHook_Mutex *m)
+        {
+        CRYPTO_w_unlock(CRYPTO_LOCK_HWCRHK);
+        }
+static void hwcrhk_static_mutex_destroy(HWCryptoHook_Mutex *m)
+        {
+        }
+
+static int hwcrhk_get_pass(const char *prompt_info,
+        int *len_io, char *buf,
+        HWCryptoHook_PassphraseContext *ppctx,
+        HWCryptoHook_CallerContext *cactx)
+        {
+        pem_password_cb *callback = NULL;
+        void *callback_data = NULL;
+        UI_METHOD *ui_method = NULL;
+
+        if (cactx)
+                {
+                if (cactx->ui_method)
+                        ui_method = cactx->ui_method;
+                if (cactx->password_callback)
+                        callback = cactx->password_callback;
+                if (cactx->callback_data)
+                        callback_data = cactx->callback_data;
+                }
+        if (ppctx)
+                {
+                if (ppctx->ui_method)
+                        {
+                        ui_method = ppctx->ui_method;
+                        callback = NULL;
+                        }
+                if (ppctx->callback_data)
+                        callback_data = ppctx->callback_data;
+                }
+        if (callback == NULL && ui_method == NULL)
+                {
+                HWCRHKerr(HWCRHK_F_HWCRHK_GET_PASS,HWCRHK_R_NO_CALLBACK);
+                return -1;
+                }
+
+        if (ui_method)
+                {
+                UI *ui = UI_new_method(ui_method);
+                if (ui)
+                        {
+                        int ok;
+                        char *prompt = UI_construct_prompt(ui,
+                                "pass phrase", prompt_info);
+
+                        ok = UI_add_input_string(ui,prompt,
+                                UI_INPUT_FLAG_DEFAULT_PWD,
+                                buf,0,(*len_io) - 1);
+                        UI_add_user_data(ui, callback_data);
+                        UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
+
+                        if (ok >= 0)
+                                do
+                                        {
+                                        ok=UI_process(ui);
+                                        }
+                                while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
+
+                        if (ok >= 0)
+                                *len_io = strlen(buf);
+
+                        UI_free(ui);
+                        OPENSSL_free(prompt);
+                        }
+                }
+        else
+                {
+                *len_io = callback(buf, *len_io, 0, callback_data);
+                }
+        if(!*len_io)
+                return -1;
+        return 0;
+        }
+
+static int hwcrhk_insert_card(const char *prompt_info,
+                      const char *wrong_info,
+                      HWCryptoHook_PassphraseContext *ppctx,
+                      HWCryptoHook_CallerContext *cactx)
+        {
+        int ok = -1;
+        UI *ui;
+        void *callback_data = NULL;
+        UI_METHOD *ui_method = NULL;
+
+        if (cactx)
+                {
+                if (cactx->ui_method)
+                        ui_method = cactx->ui_method;
+                if (cactx->callback_data)
+                        callback_data = cactx->callback_data;
+                }
+        if (ppctx)
+                {
+                if (ppctx->ui_method)
+                        ui_method = ppctx->ui_method;
+                if (ppctx->callback_data)
+                        callback_data = ppctx->callback_data;
+                }
+        if (ui_method == NULL)
+                {
+                HWCRHKerr(HWCRHK_F_HWCRHK_INSERT_CARD,
+                        HWCRHK_R_NO_CALLBACK);
+                return -1;
+                }
+
+        ui = UI_new_method(ui_method);
+
+        if (ui)
+                {
+                char answer;
+                char buf[BUFSIZ];
+
+                if (wrong_info)
+                        BIO_snprintf(buf, sizeof(buf)-1,
+                                "Current card: \"%s\"\n", wrong_info);
+                ok = UI_dup_info_string(ui, buf);
+                if (ok >= 0 && prompt_info)
+                        {
+                        BIO_snprintf(buf, sizeof(buf)-1,
+                                "Insert card \"%s\"", prompt_info);
+                        ok = UI_dup_input_boolean(ui, buf,
+                                "\n then hit <enter> or C<enter> to cancel\n",
+                                "\r\n", "Cc", UI_INPUT_FLAG_ECHO, &answer);
+                        }
+                UI_add_user_data(ui, callback_data);
+
+                if (ok >= 0)
+                        ok = UI_process(ui);
+                UI_free(ui);
+
+                if (ok == -2 || (ok >= 0 && answer == 'C'))
+                        ok = 1;
+                else if (ok < 0)
+                        ok = -1;
+                else
+                        ok = 0;
+                }
+        return ok;
+        }
+
+static void hwcrhk_log_message(void *logstr, const char *message)
+        {
+        BIO *lstream = NULL;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_BIO);
+        if (logstr)
+                lstream=*(BIO **)logstr;
+        if (lstream)
+                {
+                BIO_printf(lstream, "%s\n", message);
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_BIO);
+        }
+
+/* This stuff is needed if this ENGINE is being compiled into a self-contained
+ * shared-library. */      
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_fn(ENGINE *e, const char *id)
+        {
+        if(id && (strcmp(id, engine_hwcrhk_id) != 0))
+                return 0;
+        if(!bind_helper(e))
+                return 0;
+        return 1;
+        }       
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#endif /* ENGINE_DYNAMIC_SUPPORT */
+
+#endif /* !OPENSSL_NO_HW_NCIPHER */
+#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libcrypto/engine/hw_ncipher_err.c b/src/lib/libcrypto/engine/hw_ncipher_err.c
new file mode 100644
index 0000000000..5bc94581b7
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_ncipher_err.c
@@ -0,0 +1,157 @@
+/* hw_ncipher_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "hw_ncipher_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA HWCRHK_str_functs[]=
+        {
+{ERR_PACK(0,HWCRHK_F_HWCRHK_CTRL,0),    "HWCRHK_CTRL"},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_FINISH,0),  "HWCRHK_FINISH"},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_GET_PASS,0),        "HWCRHK_GET_PASS"},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_INIT,0),    "HWCRHK_INIT"},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_INSERT_CARD,0),     "HWCRHK_INSERT_CARD"},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_LOAD_PRIVKEY,0),    "HWCRHK_LOAD_PRIVKEY"},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_LOAD_PUBKEY,0),     "HWCRHK_LOAD_PUBKEY"},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_MOD_EXP,0), "HWCRHK_MOD_EXP"},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_RAND_BYTES,0),      "HWCRHK_RAND_BYTES"},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_RSA_MOD_EXP,0),     "HWCRHK_RSA_MOD_EXP"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA HWCRHK_str_reasons[]=
+        {
+{HWCRHK_R_ALREADY_LOADED                 ,"already loaded"},
+{HWCRHK_R_BIO_WAS_FREED                  ,"bio was freed"},
+{HWCRHK_R_CHIL_ERROR                     ,"chil error"},
+{HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED   ,"ctrl command not implemented"},
+{HWCRHK_R_DSO_FAILURE                    ,"dso failure"},
+{HWCRHK_R_DYNAMIC_LOCKING_MISSING        ,"dynamic locking missing"},
+{HWCRHK_R_MISSING_KEY_COMPONENTS         ,"missing key components"},
+{HWCRHK_R_NOT_INITIALISED                ,"not initialised"},
+{HWCRHK_R_NOT_LOADED                     ,"not loaded"},
+{HWCRHK_R_NO_CALLBACK                    ,"no callback"},
+{HWCRHK_R_NO_KEY                         ,"no key"},
+{HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED,"private key algorithms disabled"},
+{HWCRHK_R_REQUEST_FAILED                 ,"request failed"},
+{HWCRHK_R_REQUEST_FALLBACK               ,"request fallback"},
+{HWCRHK_R_UNIT_FAILURE                   ,"unit failure"},
+{0,NULL}
+        };
+
+#endif
+
+#ifdef HWCRHK_LIB_NAME
+static ERR_STRING_DATA HWCRHK_lib_name[]=
+        {
+{0      ,HWCRHK_LIB_NAME},
+{0,NULL}
+        };
+#endif
+
+
+static int HWCRHK_lib_error_code=0;
+static int HWCRHK_error_init=1;
+
+static void ERR_load_HWCRHK_strings(void)
+        {
+        if (HWCRHK_lib_error_code == 0)
+                HWCRHK_lib_error_code=ERR_get_next_error_library();
+
+        if (HWCRHK_error_init)
+                {
+                HWCRHK_error_init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(HWCRHK_lib_error_code,HWCRHK_str_functs);
+                ERR_load_strings(HWCRHK_lib_error_code,HWCRHK_str_reasons);
+#endif
+
+#ifdef HWCRHK_LIB_NAME
+                HWCRHK_lib_name->error = ERR_PACK(HWCRHK_lib_error_code,0,0);
+                ERR_load_strings(0,HWCRHK_lib_name);
+#endif
+                }
+        }
+
+static void ERR_unload_HWCRHK_strings(void)
+        {
+        if (HWCRHK_error_init == 0)
+                {
+#ifndef OPENSSL_NO_ERR
+                ERR_unload_strings(HWCRHK_lib_error_code,HWCRHK_str_functs);
+                ERR_unload_strings(HWCRHK_lib_error_code,HWCRHK_str_reasons);
+#endif
+
+#ifdef HWCRHK_LIB_NAME
+                ERR_unload_strings(0,HWCRHK_lib_name);
+#endif
+                HWCRHK_error_init=1;
+                }
+        }
+
+static void ERR_HWCRHK_error(int function, int reason, char *file, int line)
+        {
+        if (HWCRHK_lib_error_code == 0)
+                HWCRHK_lib_error_code=ERR_get_next_error_library();
+        ERR_PUT_error(HWCRHK_lib_error_code,function,reason,file,line);
+        }
diff --git a/src/lib/libcrypto/engine/hw_ncipher_err.h b/src/lib/libcrypto/engine/hw_ncipher_err.h
new file mode 100644
index 0000000000..d232d02319
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_ncipher_err.h
@@ -0,0 +1,101 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_HWCRHK_ERR_H
+#define HEADER_HWCRHK_ERR_H
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_HWCRHK_strings(void);
+static void ERR_unload_HWCRHK_strings(void);
+static void ERR_HWCRHK_error(int function, int reason, char *file, int line);
+#define HWCRHKerr(f,r) ERR_HWCRHK_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the HWCRHK functions. */
+
+/* Function codes. */
+#define HWCRHK_F_HWCRHK_CTRL                             100
+#define HWCRHK_F_HWCRHK_FINISH                           101
+#define HWCRHK_F_HWCRHK_GET_PASS                         102
+#define HWCRHK_F_HWCRHK_INIT                             103
+#define HWCRHK_F_HWCRHK_INSERT_CARD                      104
+#define HWCRHK_F_HWCRHK_LOAD_PRIVKEY                     105
+#define HWCRHK_F_HWCRHK_LOAD_PUBKEY                      106
+#define HWCRHK_F_HWCRHK_MOD_EXP                          107
+#define HWCRHK_F_HWCRHK_RAND_BYTES                       108
+#define HWCRHK_F_HWCRHK_RSA_MOD_EXP                      109
+
+/* Reason codes. */
+#define HWCRHK_R_ALREADY_LOADED                          100
+#define HWCRHK_R_BIO_WAS_FREED                           101
+#define HWCRHK_R_CHIL_ERROR                              102
+#define HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED            103
+#define HWCRHK_R_DSO_FAILURE                             104
+#define HWCRHK_R_DYNAMIC_LOCKING_MISSING                 114
+#define HWCRHK_R_MISSING_KEY_COMPONENTS                  105
+#define HWCRHK_R_NOT_INITIALISED                         106
+#define HWCRHK_R_NOT_LOADED                              107
+#define HWCRHK_R_NO_CALLBACK                             108
+#define HWCRHK_R_NO_KEY                                  109
+#define HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED         110
+#define HWCRHK_R_REQUEST_FAILED                          111
+#define HWCRHK_R_REQUEST_FALLBACK                        112
+#define HWCRHK_R_UNIT_FAILURE                            113
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/engine/hw_nuron.c b/src/lib/libcrypto/engine/hw_nuron.c
new file mode 100644
index 0000000000..fb9188bfe5
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_nuron.c
@@ -0,0 +1,418 @@
+/* crypto/engine/hw_nuron.c */
+/* Written by Ben Laurie for the OpenSSL Project, leaning heavily on Geoff
+ * Thorpe's Atalla implementation.
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+#include <openssl/engine.h>
+
+
+#ifndef OPENSSL_NO_HW
+#ifndef OPENSSL_NO_HW_NURON
+
+#define NURON_LIB_NAME "nuron engine"
+#include "hw_nuron_err.c"
+
+static const char *NURON_LIBNAME = NULL;
+static const char *get_NURON_LIBNAME(void)
+        {
+        if(NURON_LIBNAME)
+                return NURON_LIBNAME;
+        return "nuronssl";
+        }
+static void free_NURON_LIBNAME(void)
+        {
+        if(NURON_LIBNAME)
+                OPENSSL_free((void*)NURON_LIBNAME);
+        NURON_LIBNAME = NULL;
+        }
+static long set_NURON_LIBNAME(const char *name)
+        {
+        free_NURON_LIBNAME();
+        return (((NURON_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
+        }
+static const char *NURON_F1 = "nuron_mod_exp";
+
+/* The definitions for control commands specific to this engine */
+#define NURON_CMD_SO_PATH               ENGINE_CMD_BASE
+static const ENGINE_CMD_DEFN nuron_cmd_defns[] = {
+        {NURON_CMD_SO_PATH,
+                "SO_PATH",
+                "Specifies the path to the 'nuronssl' shared library",
+                ENGINE_CMD_FLAG_STRING},
+        {0, NULL, NULL, 0}
+        };
+
+typedef int tfnModExp(BIGNUM *r,const BIGNUM *a,const BIGNUM *p,const BIGNUM *m);
+static tfnModExp *pfnModExp = NULL;
+
+static DSO *pvDSOHandle = NULL;
+
+static int nuron_destroy(ENGINE *e)
+        {
+        free_NURON_LIBNAME();
+        ERR_unload_NURON_strings();
+        return 1;
+        }
+
+static int nuron_init(ENGINE *e)
+        {
+        if(pvDSOHandle != NULL)
+                {
+                NURONerr(NURON_F_NURON_INIT,NURON_R_ALREADY_LOADED);
+                return 0;
+                }
+
+        pvDSOHandle = DSO_load(NULL, get_NURON_LIBNAME(), NULL,
+                DSO_FLAG_NAME_TRANSLATION_EXT_ONLY);
+        if(!pvDSOHandle)
+                {
+                NURONerr(NURON_F_NURON_INIT,NURON_R_DSO_NOT_FOUND);
+                return 0;
+                }
+
+        pfnModExp = (tfnModExp *)DSO_bind_func(pvDSOHandle, NURON_F1);
+        if(!pfnModExp)
+                {
+                NURONerr(NURON_F_NURON_INIT,NURON_R_DSO_FUNCTION_NOT_FOUND);
+                return 0;
+                }
+
+        return 1;
+        }
+
+static int nuron_finish(ENGINE *e)
+        {
+        free_NURON_LIBNAME();
+        if(pvDSOHandle == NULL)
+                {
+                NURONerr(NURON_F_NURON_FINISH,NURON_R_NOT_LOADED);
+                return 0;
+                }
+        if(!DSO_free(pvDSOHandle))
+                {
+                NURONerr(NURON_F_NURON_FINISH,NURON_R_DSO_FAILURE);
+                return 0;
+                }
+        pvDSOHandle=NULL;
+        pfnModExp=NULL;
+        return 1;
+        }
+
+static int nuron_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+        {
+        int initialised = ((pvDSOHandle == NULL) ? 0 : 1);
+        switch(cmd)
+                {
+        case NURON_CMD_SO_PATH:
+                if(p == NULL)
+                        {
+                        NURONerr(NURON_F_NURON_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+                        return 0;
+                        }
+                if(initialised)
+                        {
+                        NURONerr(NURON_F_NURON_CTRL,NURON_R_ALREADY_LOADED);
+                        return 0;
+                        }
+                return set_NURON_LIBNAME((const char *)p);
+        default:
+                break;
+                }
+        NURONerr(NURON_F_NURON_CTRL,NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+        return 0;
+}
+
+static int nuron_mod_exp(BIGNUM *r,const BIGNUM *a,const BIGNUM *p,
+                         const BIGNUM *m,BN_CTX *ctx)
+        {
+        if(!pvDSOHandle)
+                {
+                NURONerr(NURON_F_NURON_MOD_EXP,NURON_R_NOT_LOADED);
+                return 0;
+                }
+        return pfnModExp(r,a,p,m);
+        }
+
+#ifndef OPENSSL_NO_RSA
+static int nuron_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+        {
+        return nuron_mod_exp(r0,I,rsa->d,rsa->n,NULL);
+        }
+#endif
+
+#ifndef OPENSSL_NO_DSA
+/* This code was liberated and adapted from the commented-out code in
+ * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration
+ * (it doesn't have a CRT form for RSA), this function means that an
+ * Atalla system running with a DSA server certificate can handshake
+ * around 5 or 6 times faster/more than an equivalent system running with
+ * RSA. Just check out the "signs" statistics from the RSA and DSA parts
+ * of "openssl speed -engine atalla dsa1024 rsa1024". */
+static int nuron_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+                             BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+                             BN_CTX *ctx, BN_MONT_CTX *in_mont)
+        {
+        BIGNUM t;
+        int to_return = 0;
+ 
+        BN_init(&t);
+        /* let rr = a1 ^ p1 mod m */
+        if (!nuron_mod_exp(rr,a1,p1,m,ctx))
+                goto end;
+        /* let t = a2 ^ p2 mod m */
+        if (!nuron_mod_exp(&t,a2,p2,m,ctx))
+                goto end;
+        /* let rr = rr * t mod m */
+        if (!BN_mod_mul(rr,rr,&t,m,ctx))
+                goto end;
+        to_return = 1;
+end:
+        BN_free(&t);
+        return to_return;
+        }
+
+
+static int nuron_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+                             const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+                             BN_MONT_CTX *m_ctx)
+        {
+        return nuron_mod_exp(r, a, p, m, ctx);
+        }
+#endif
+
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int nuron_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                              const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+        {
+        return nuron_mod_exp(r, a, p, m, ctx);
+        }
+
+#ifndef OPENSSL_NO_DH
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int nuron_mod_exp_dh(const DH *dh, BIGNUM *r,
+                const BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+        {
+        return nuron_mod_exp(r, a, p, m, ctx);
+        }
+#endif
+
+#ifndef OPENSSL_NO_RSA
+static RSA_METHOD nuron_rsa =
+        {
+        "Nuron RSA method",
+        NULL,
+        NULL,
+        NULL,
+        NULL,
+        nuron_rsa_mod_exp,
+        nuron_mod_exp_mont,
+        NULL,
+        NULL,
+        0,
+        NULL,
+        NULL,
+        NULL
+        };
+#endif
+
+#ifndef OPENSSL_NO_DSA
+static DSA_METHOD nuron_dsa =
+        {
+        "Nuron DSA method",
+        NULL, /* dsa_do_sign */
+        NULL, /* dsa_sign_setup */
+        NULL, /* dsa_do_verify */
+        nuron_dsa_mod_exp, /* dsa_mod_exp */
+        nuron_mod_exp_dsa, /* bn_mod_exp */
+        NULL, /* init */
+        NULL, /* finish */
+        0, /* flags */
+        NULL /* app_data */
+        };
+#endif
+
+#ifndef OPENSSL_NO_DH
+static DH_METHOD nuron_dh =
+        {
+        "Nuron DH method",
+        NULL,
+        NULL,
+        nuron_mod_exp_dh,
+        NULL,
+        NULL,
+        0,
+        NULL
+        };
+#endif
+
+/* Constants used when creating the ENGINE */
+static const char *engine_nuron_id = "nuron";
+static const char *engine_nuron_name = "Nuron hardware engine support";
+
+/* This internal function is used by ENGINE_nuron() and possibly by the
+ * "dynamic" ENGINE support too */
+static int bind_helper(ENGINE *e)
+        {
+#ifndef OPENSSL_NO_RSA
+        const RSA_METHOD *meth1;
+#endif
+#ifndef OPENSSL_NO_DSA
+        const DSA_METHOD *meth2;
+#endif
+#ifndef OPENSSL_NO_DH
+        const DH_METHOD *meth3;
+#endif
+        if(!ENGINE_set_id(e, engine_nuron_id) ||
+                        !ENGINE_set_name(e, engine_nuron_name) ||
+#ifndef OPENSSL_NO_RSA
+                        !ENGINE_set_RSA(e, &nuron_rsa) ||
+#endif
+#ifndef OPENSSL_NO_DSA
+                        !ENGINE_set_DSA(e, &nuron_dsa) ||
+#endif
+#ifndef OPENSSL_NO_DH
+                        !ENGINE_set_DH(e, &nuron_dh) ||
+#endif
+                        !ENGINE_set_destroy_function(e, nuron_destroy) ||
+                        !ENGINE_set_init_function(e, nuron_init) ||
+                        !ENGINE_set_finish_function(e, nuron_finish) ||
+                        !ENGINE_set_ctrl_function(e, nuron_ctrl) ||
+                        !ENGINE_set_cmd_defns(e, nuron_cmd_defns))
+                return 0;
+
+#ifndef OPENSSL_NO_RSA
+        /* We know that the "PKCS1_SSLeay()" functions hook properly
+         * to the nuron-specific mod_exp and mod_exp_crt so we use
+         * those functions. NB: We don't use ENGINE_openssl() or
+         * anything "more generic" because something like the RSAref
+         * code may not hook properly, and if you own one of these
+         * cards then you have the right to do RSA operations on it
+         * anyway! */ 
+        meth1=RSA_PKCS1_SSLeay();
+        nuron_rsa.rsa_pub_enc=meth1->rsa_pub_enc;
+        nuron_rsa.rsa_pub_dec=meth1->rsa_pub_dec;
+        nuron_rsa.rsa_priv_enc=meth1->rsa_priv_enc;
+        nuron_rsa.rsa_priv_dec=meth1->rsa_priv_dec;
+#endif
+
+#ifndef OPENSSL_NO_DSA
+        /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
+         * bits. */
+        meth2=DSA_OpenSSL();
+        nuron_dsa.dsa_do_sign=meth2->dsa_do_sign;
+        nuron_dsa.dsa_sign_setup=meth2->dsa_sign_setup;
+        nuron_dsa.dsa_do_verify=meth2->dsa_do_verify;
+#endif
+
+#ifndef OPENSSL_NO_DH
+        /* Much the same for Diffie-Hellman */
+        meth3=DH_OpenSSL();
+        nuron_dh.generate_key=meth3->generate_key;
+        nuron_dh.compute_key=meth3->compute_key;
+#endif
+
+        /* Ensure the nuron error handling is set up */
+        ERR_load_NURON_strings();
+        return 1;
+        }
+
+#ifndef ENGINE_DYNAMIC_SUPPORT
+static ENGINE *engine_nuron(void)
+        {
+        ENGINE *ret = ENGINE_new();
+        if(!ret)
+                return NULL;
+        if(!bind_helper(ret))
+                {
+                ENGINE_free(ret);
+                return NULL;
+                }
+        return ret;
+        }
+
+void ENGINE_load_nuron(void)
+        {
+        /* Copied from eng_[openssl|dyn].c */
+        ENGINE *toadd = engine_nuron();
+        if(!toadd) return;
+        ENGINE_add(toadd);
+        ENGINE_free(toadd);
+        ERR_clear_error();
+        }
+#endif
+
+/* This stuff is needed if this ENGINE is being compiled into a self-contained
+ * shared-library. */      
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_fn(ENGINE *e, const char *id)
+        {
+        if(id && (strcmp(id, engine_nuron_id) != 0))
+                return 0;
+        if(!bind_helper(e))
+                return 0;
+        return 1;
+        }       
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#endif /* ENGINE_DYNAMIC_SUPPORT */
+
+#endif /* !OPENSSL_NO_HW_NURON */
+#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libcrypto/engine/hw_nuron_err.c b/src/lib/libcrypto/engine/hw_nuron_err.c
new file mode 100644
index 0000000000..df9d7bde76
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_nuron_err.c
@@ -0,0 +1,142 @@
+/* hw_nuron_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "hw_nuron_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA NURON_str_functs[]=
+        {
+{ERR_PACK(0,NURON_F_NURON_CTRL,0),      "NURON_CTRL"},
+{ERR_PACK(0,NURON_F_NURON_FINISH,0),    "NURON_FINISH"},
+{ERR_PACK(0,NURON_F_NURON_INIT,0),      "NURON_INIT"},
+{ERR_PACK(0,NURON_F_NURON_MOD_EXP,0),   "NURON_MOD_EXP"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA NURON_str_reasons[]=
+        {
+{NURON_R_ALREADY_LOADED                  ,"already loaded"},
+{NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED    ,"ctrl command not implemented"},
+{NURON_R_DSO_FAILURE                     ,"dso failure"},
+{NURON_R_DSO_FUNCTION_NOT_FOUND          ,"dso function not found"},
+{NURON_R_DSO_NOT_FOUND                   ,"dso not found"},
+{NURON_R_NOT_LOADED                      ,"not loaded"},
+{0,NULL}
+        };
+
+#endif
+
+#ifdef NURON_LIB_NAME
+static ERR_STRING_DATA NURON_lib_name[]=
+        {
+{0      ,NURON_LIB_NAME},
+{0,NULL}
+        };
+#endif
+
+
+static int NURON_lib_error_code=0;
+static int NURON_error_init=1;
+
+static void ERR_load_NURON_strings(void)
+        {
+        if (NURON_lib_error_code == 0)
+                NURON_lib_error_code=ERR_get_next_error_library();
+
+        if (NURON_error_init)
+                {
+                NURON_error_init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(NURON_lib_error_code,NURON_str_functs);
+                ERR_load_strings(NURON_lib_error_code,NURON_str_reasons);
+#endif
+
+#ifdef NURON_LIB_NAME
+                NURON_lib_name->error = ERR_PACK(NURON_lib_error_code,0,0);
+                ERR_load_strings(0,NURON_lib_name);
+#endif
+                }
+        }
+
+static void ERR_unload_NURON_strings(void)
+        {
+        if (NURON_error_init == 0)
+                {
+#ifndef OPENSSL_NO_ERR
+                ERR_unload_strings(NURON_lib_error_code,NURON_str_functs);
+                ERR_unload_strings(NURON_lib_error_code,NURON_str_reasons);
+#endif
+
+#ifdef NURON_LIB_NAME
+                ERR_unload_strings(0,NURON_lib_name);
+#endif
+                NURON_error_init=1;
+                }
+        }
+
+static void ERR_NURON_error(int function, int reason, char *file, int line)
+        {
+        if (NURON_lib_error_code == 0)
+                NURON_lib_error_code=ERR_get_next_error_library();
+        ERR_PUT_error(NURON_lib_error_code,function,reason,file,line);
+        }
diff --git a/src/lib/libcrypto/engine/hw_nuron_err.h b/src/lib/libcrypto/engine/hw_nuron_err.h
new file mode 100644
index 0000000000..a56bfdf303
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_nuron_err.h
@@ -0,0 +1,86 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_NURON_ERR_H
+#define HEADER_NURON_ERR_H
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_NURON_strings(void);
+static void ERR_unload_NURON_strings(void);
+static void ERR_NURON_error(int function, int reason, char *file, int line);
+#define NURONerr(f,r) ERR_NURON_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the NURON functions. */
+
+/* Function codes. */
+#define NURON_F_NURON_CTRL                               100
+#define NURON_F_NURON_FINISH                             101
+#define NURON_F_NURON_INIT                               102
+#define NURON_F_NURON_MOD_EXP                            103
+
+/* Reason codes. */
+#define NURON_R_ALREADY_LOADED                           100
+#define NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED             101
+#define NURON_R_DSO_FAILURE                              102
+#define NURON_R_DSO_FUNCTION_NOT_FOUND                   103
+#define NURON_R_DSO_NOT_FOUND                            104
+#define NURON_R_NOT_LOADED                               105
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/engine/hw_sureware.c b/src/lib/libcrypto/engine/hw_sureware.c
new file mode 100644
index 0000000000..fca467e690
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_sureware.c
@@ -0,0 +1,1039 @@
+/* Written by Corinne Dive-Reclus(cdive@baltimore.com)
+* 
+*
+* Redistribution and use in source and binary forms, with or without
+* modification, are permitted provided that the following conditions
+* are met:
+*
+* 1. Redistributions of source code must retain the above copyright
+*    notice, this list of conditions and the following disclaimer. 
+*
+* 2. Redistributions in binary form must reproduce the above copyright
+*    notice, this list of conditions and the following disclaimer in
+*    the documentation and/or other materials provided with the
+*    distribution.
+*
+* 3. All advertising materials mentioning features or use of this
+*    software must display the following acknowledgment:
+*    "This product includes software developed by the OpenSSL Project
+*    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+*
+* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+*    endorse or promote products derived from this software without
+*    prior written permission. For written permission, please contact
+*    licensing@OpenSSL.org.
+*
+* 5. Products derived from this software may not be called "OpenSSL"
+*    nor may "OpenSSL" appear in their names without prior written
+*    permission of the OpenSSL Project.
+*
+* 6. Redistributions of any form whatsoever must retain the following
+*    acknowledgment:
+*    "This product includes software developed by the OpenSSL Project
+*    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+*
+* Written by Corinne Dive-Reclus(cdive@baltimore.com)
+*
+* Copyright@2001 Baltimore Technologies Ltd.
+* All right Reserved.
+*                                                                                                                                                                                               *       
+*               THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND                                                                                                                                                   *
+*               ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE                                   * 
+*               IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE                              *
+*               ARE DISCLAIMED.  IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE                                             *
+*               FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL                              *
+*               DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS                                 *
+*               OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)                                   *
+*               HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT                              *
+*               LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY                               *
+*               OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF                                  *
+*               SUCH DAMAGE.                                                                                                                                                    *
+====================================================================*/
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/crypto.h>
+#include <openssl/pem.h>
+#include <openssl/dso.h>
+#include "eng_int.h"
+#include "engine.h"
+#include <openssl/engine.h>
+
+#ifndef OPENSSL_NO_HW
+#ifndef OPENSSL_NO_HW_SUREWARE
+
+#ifdef FLAT_INC
+#include "sureware.h"
+#else
+#include "vendor_defns/sureware.h"
+#endif
+
+#define SUREWARE_LIB_NAME "sureware engine"
+#include "hw_sureware_err.c"
+
+static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+static int surewarehk_destroy(ENGINE *e);
+static int surewarehk_init(ENGINE *e);
+static int surewarehk_finish(ENGINE *e);
+static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+        const BIGNUM *m, BN_CTX *ctx);
+
+/* RSA stuff */
+static int surewarehk_rsa_priv_dec(int flen,const unsigned char *from,unsigned char *to,
+                        RSA *rsa,int padding);
+static int surewarehk_rsa_sign(int flen,const unsigned char *from,unsigned char *to,
+                            RSA *rsa,int padding);
+
+/* RAND stuff */
+static int surewarehk_rand_bytes(unsigned char *buf, int num);
+static void surewarehk_rand_seed(const void *buf, int num);
+static void surewarehk_rand_add(const void *buf, int num, double entropy);
+
+/* KM stuff */
+static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id,
+        UI_METHOD *ui_method, void *callback_data);
+static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id,
+        UI_METHOD *ui_method, void *callback_data);
+static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
+        int idx,long argl, void *argp);
+#if 0
+static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
+        int idx,long argl, void *argp);
+#endif
+
+#ifndef OPENSSL_NO_RSA
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int surewarehk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+        return surewarehk_modexp(r, a, p, m, ctx);
+}
+
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD surewarehk_rsa =
+        {
+        "SureWare RSA method",
+        NULL, /* pub_enc*/
+        NULL, /* pub_dec*/
+        surewarehk_rsa_sign, /* our rsa_sign is OpenSSL priv_enc*/
+        surewarehk_rsa_priv_dec, /* priv_dec*/
+        NULL, /*mod_exp*/
+        surewarehk_mod_exp_mont, /*mod_exp_mongomery*/
+        NULL, /* init*/
+        NULL, /* finish*/
+        0,      /* RSA flag*/
+        NULL, 
+        NULL, /* OpenSSL sign*/
+        NULL  /* OpenSSL verify*/
+        };
+#endif
+
+#ifndef OPENSSL_NO_DH
+/* Our internal DH_METHOD that we provide pointers to */
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int surewarehk_modexp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+        const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+        return surewarehk_modexp(r, a, p, m, ctx);
+}
+
+static DH_METHOD surewarehk_dh =
+        {
+        "SureWare DH method",
+        NULL,/*gen_key*/
+        NULL,/*agree,*/
+        surewarehk_modexp_dh, /*dh mod exp*/
+        NULL, /* init*/
+        NULL, /* finish*/
+        0,    /* flags*/
+        NULL 
+        };
+#endif
+
+static RAND_METHOD surewarehk_rand =
+        {
+        /* "SureWare RAND method", */
+        surewarehk_rand_seed,
+        surewarehk_rand_bytes,
+        NULL,/*cleanup*/
+        surewarehk_rand_add,
+        surewarehk_rand_bytes,
+        NULL,/*rand_status*/
+        };
+
+#ifndef OPENSSL_NO_DSA
+/* DSA stuff */
+static  DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+static int surewarehk_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+                BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+                BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
+        BIGNUM t;
+        int to_return = 0;
+        BN_init(&t);
+        /* let rr = a1 ^ p1 mod m */
+        if (!surewarehk_modexp(rr,a1,p1,m,ctx)) goto end;
+        /* let t = a2 ^ p2 mod m */
+        if (!surewarehk_modexp(&t,a2,p2,m,ctx)) goto end;
+        /* let rr = rr * t mod m */
+        if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
+        to_return = 1;
+end:
+        BN_free(&t);
+        return to_return;
+}
+
+static DSA_METHOD surewarehk_dsa =
+        {
+         "SureWare DSA method", 
+        surewarehk_dsa_do_sign,
+        NULL,/*sign setup*/
+        NULL,/*verify,*/
+        surewarehk_dsa_mod_exp,/*mod exp*/
+        NULL,/*bn mod exp*/
+        NULL, /*init*/
+        NULL,/*finish*/
+        0,
+        NULL,
+        };
+#endif
+
+static const char *engine_sureware_id = "sureware";
+static const char *engine_sureware_name = "SureWare hardware engine support";
+
+/* Now, to our own code */
+
+/* As this is only ever called once, there's no need for locking
+ * (indeed - the lock will already be held by our caller!!!) */
+static int bind_sureware(ENGINE *e)
+{
+#ifndef OPENSSL_NO_RSA
+        const RSA_METHOD *meth1;
+#endif
+#ifndef OPENSSL_NO_DSA
+        const DSA_METHOD *meth2;
+#endif
+#ifndef OPENSSL_NO_DH
+        const DH_METHOD *meth3;
+#endif
+
+        if(!ENGINE_set_id(e, engine_sureware_id) ||
+           !ENGINE_set_name(e, engine_sureware_name) ||
+#ifndef OPENSSL_NO_RSA
+           !ENGINE_set_RSA(e, &surewarehk_rsa) ||
+#endif
+#ifndef OPENSSL_NO_DSA
+           !ENGINE_set_DSA(e, &surewarehk_dsa) ||
+#endif
+#ifndef OPENSSL_NO_DH
+           !ENGINE_set_DH(e, &surewarehk_dh) ||
+#endif
+           !ENGINE_set_RAND(e, &surewarehk_rand) ||
+           !ENGINE_set_destroy_function(e, surewarehk_destroy) ||
+           !ENGINE_set_init_function(e, surewarehk_init) ||
+           !ENGINE_set_finish_function(e, surewarehk_finish) ||
+           !ENGINE_set_ctrl_function(e, surewarehk_ctrl) ||
+           !ENGINE_set_load_privkey_function(e, surewarehk_load_privkey) ||
+           !ENGINE_set_load_pubkey_function(e, surewarehk_load_pubkey))
+          return 0;
+
+#ifndef OPENSSL_NO_RSA
+        /* We know that the "PKCS1_SSLeay()" functions hook properly
+         * to the cswift-specific mod_exp and mod_exp_crt so we use
+         * those functions. NB: We don't use ENGINE_openssl() or
+         * anything "more generic" because something like the RSAref
+         * code may not hook properly, and if you own one of these
+         * cards then you have the right to do RSA operations on it
+         * anyway! */ 
+        meth1 = RSA_PKCS1_SSLeay();
+        if (meth1)
+        {
+                surewarehk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+                surewarehk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+        }
+#endif
+
+#ifndef OPENSSL_NO_DSA
+        /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
+         * bits. */
+        meth2 = DSA_OpenSSL();
+        if (meth2)
+        {
+                surewarehk_dsa.dsa_do_verify = meth2->dsa_do_verify;
+        }
+#endif
+
+#ifndef OPENSSL_NO_DH
+        /* Much the same for Diffie-Hellman */
+        meth3 = DH_OpenSSL();
+        if (meth3)
+        {
+                surewarehk_dh.generate_key = meth3->generate_key;
+                surewarehk_dh.compute_key = meth3->compute_key;
+        }
+#endif
+
+        /* Ensure the sureware error handling is set up */
+        ERR_load_SUREWARE_strings();
+        return 1;
+}
+
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_helper(ENGINE *e, const char *id)
+        {
+        if(id && (strcmp(id, engine_sureware_id) != 0))
+                return 0;
+        if(!bind_sureware(e))
+                return 0;
+        return 1;
+        }       
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
+#else
+static ENGINE *engine_sureware(void)
+        {
+        ENGINE *ret = ENGINE_new();
+        if(!ret)
+                return NULL;
+        if(!bind_sureware(ret))
+                {
+                ENGINE_free(ret);
+                return NULL;
+                }
+        return ret;
+        }
+
+void ENGINE_load_sureware(void)
+        {
+        /* Copied from eng_[openssl|dyn].c */
+        ENGINE *toadd = engine_sureware();
+        if(!toadd) return;
+        ENGINE_add(toadd);
+        ENGINE_free(toadd);
+        ERR_clear_error();
+        }
+#endif
+
+/* This is a process-global DSO handle used for loading and unloading
+ * the SureWareHook library. NB: This is only set (or unset) during an
+ * init() or finish() call (reference counts permitting) and they're
+ * operating with global locks, so this should be thread-safe
+ * implicitly. */
+static DSO *surewarehk_dso = NULL;
+#ifndef OPENSSL_NO_RSA
+static int rsaHndidx = -1;      /* Index for KM handle.  Not really used yet. */
+#endif
+#ifndef OPENSSL_NO_DSA
+static int dsaHndidx = -1;      /* Index for KM handle.  Not really used yet. */
+#endif
+
+/* These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded. */
+static SureWareHook_Init_t *p_surewarehk_Init = NULL;
+static SureWareHook_Finish_t *p_surewarehk_Finish = NULL;
+static SureWareHook_Rand_Bytes_t *p_surewarehk_Rand_Bytes = NULL;
+static SureWareHook_Rand_Seed_t *p_surewarehk_Rand_Seed = NULL;
+static SureWareHook_Load_Privkey_t *p_surewarehk_Load_Privkey = NULL;
+static SureWareHook_Info_Pubkey_t *p_surewarehk_Info_Pubkey = NULL;
+static SureWareHook_Load_Rsa_Pubkey_t *p_surewarehk_Load_Rsa_Pubkey = NULL;
+static SureWareHook_Load_Dsa_Pubkey_t *p_surewarehk_Load_Dsa_Pubkey = NULL;
+static SureWareHook_Free_t *p_surewarehk_Free=NULL;
+static SureWareHook_Rsa_Priv_Dec_t *p_surewarehk_Rsa_Priv_Dec=NULL;
+static SureWareHook_Rsa_Sign_t *p_surewarehk_Rsa_Sign=NULL;
+static SureWareHook_Dsa_Sign_t *p_surewarehk_Dsa_Sign=NULL;
+static SureWareHook_Mod_Exp_t *p_surewarehk_Mod_Exp=NULL;
+
+/* Used in the DSO operations. */
+static const char *surewarehk_LIBNAME = "SureWareHook";
+static const char *n_surewarehk_Init = "SureWareHook_Init";
+static const char *n_surewarehk_Finish = "SureWareHook_Finish";
+static const char *n_surewarehk_Rand_Bytes="SureWareHook_Rand_Bytes";
+static const char *n_surewarehk_Rand_Seed="SureWareHook_Rand_Seed";
+static const char *n_surewarehk_Load_Privkey="SureWareHook_Load_Privkey";
+static const char *n_surewarehk_Info_Pubkey="SureWareHook_Info_Pubkey";
+static const char *n_surewarehk_Load_Rsa_Pubkey="SureWareHook_Load_Rsa_Pubkey";
+static const char *n_surewarehk_Load_Dsa_Pubkey="SureWareHook_Load_Dsa_Pubkey";
+static const char *n_surewarehk_Free="SureWareHook_Free";
+static const char *n_surewarehk_Rsa_Priv_Dec="SureWareHook_Rsa_Priv_Dec";
+static const char *n_surewarehk_Rsa_Sign="SureWareHook_Rsa_Sign";
+static const char *n_surewarehk_Dsa_Sign="SureWareHook_Dsa_Sign";
+static const char *n_surewarehk_Mod_Exp="SureWareHook_Mod_Exp";
+static BIO *logstream = NULL;
+
+/* SureWareHook library functions and mechanics - these are used by the
+ * higher-level functions further down. NB: As and where there's no
+ * error checking, take a look lower down where these functions are
+ * called, the checking and error handling is probably down there. 
+*/
+static int threadsafe=1;
+static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+{
+        int to_return = 1;
+
+        switch(cmd)
+        {
+                case ENGINE_CTRL_SET_LOGSTREAM:
+                {
+                        BIO *bio = (BIO *)p;
+                        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+                        if (logstream)
+                        {
+                                BIO_free(logstream);
+                                logstream = NULL;
+                        }
+                        if (CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO) > 1)
+                                logstream = bio;
+                        else
+                                SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,SUREWARE_R_BIO_WAS_FREED);
+                }
+                CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+                break;
+        /* This will prevent the initialisation function from "installing"
+         * the mutex-handling callbacks, even if they are available from
+         * within the library (or were provided to the library from the
+         * calling application). This is to remove any baggage for
+         * applications not using multithreading. */
+        case ENGINE_CTRL_CHIL_NO_LOCKING:
+                CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+                threadsafe = 0;
+                CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+                break;
+
+        /* The command isn't understood by this engine */
+        default:
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,
+                        ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+                to_return = 0;
+                break;
+                }
+
+        return to_return;
+}
+
+/* Destructor (complements the "ENGINE_surewarehk()" constructor) */
+static int surewarehk_destroy(ENGINE *e)
+{
+        ERR_unload_SUREWARE_strings();
+        return 1;
+}
+
+/* (de)initialisation functions. */
+static int surewarehk_init(ENGINE *e)
+{
+        char msg[64]="ENGINE_init";
+        SureWareHook_Init_t *p1=NULL;
+        SureWareHook_Finish_t *p2=NULL;
+        SureWareHook_Rand_Bytes_t *p3=NULL;
+        SureWareHook_Rand_Seed_t *p4=NULL;
+        SureWareHook_Load_Privkey_t *p5=NULL;
+        SureWareHook_Load_Rsa_Pubkey_t *p6=NULL;
+        SureWareHook_Free_t *p7=NULL;
+        SureWareHook_Rsa_Priv_Dec_t *p8=NULL;
+        SureWareHook_Rsa_Sign_t *p9=NULL;
+        SureWareHook_Dsa_Sign_t *p12=NULL;
+        SureWareHook_Info_Pubkey_t *p13=NULL;
+        SureWareHook_Load_Dsa_Pubkey_t *p14=NULL;
+        SureWareHook_Mod_Exp_t *p15=NULL;
+
+        if(surewarehk_dso != NULL)
+        {
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_ALREADY_LOADED);
+                goto err;
+        }
+        /* Attempt to load libsurewarehk.so/surewarehk.dll/whatever. */
+        surewarehk_dso = DSO_load(NULL, surewarehk_LIBNAME, NULL, 0);
+        if(surewarehk_dso == NULL)
+        {
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_DSO_FAILURE);
+                goto err;
+        }
+        if(!(p1=(SureWareHook_Init_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Init)) ||
+           !(p2=(SureWareHook_Finish_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Finish)) ||
+           !(p3=(SureWareHook_Rand_Bytes_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rand_Bytes)) ||
+           !(p4=(SureWareHook_Rand_Seed_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rand_Seed)) ||
+           !(p5=(SureWareHook_Load_Privkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Privkey)) ||
+           !(p6=(SureWareHook_Load_Rsa_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Rsa_Pubkey)) ||
+           !(p7=(SureWareHook_Free_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Free)) ||
+           !(p8=(SureWareHook_Rsa_Priv_Dec_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rsa_Priv_Dec)) ||
+           !(p9=(SureWareHook_Rsa_Sign_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rsa_Sign)) ||
+           !(p12=(SureWareHook_Dsa_Sign_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Dsa_Sign)) ||
+           !(p13=(SureWareHook_Info_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Info_Pubkey)) ||
+           !(p14=(SureWareHook_Load_Dsa_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Dsa_Pubkey)) ||
+           !(p15=(SureWareHook_Mod_Exp_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Mod_Exp)))
+        {
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_DSO_FAILURE);
+                goto err;
+        }
+        /* Copy the pointers */
+        p_surewarehk_Init = p1;
+        p_surewarehk_Finish = p2;
+        p_surewarehk_Rand_Bytes = p3;
+        p_surewarehk_Rand_Seed = p4;
+        p_surewarehk_Load_Privkey = p5;
+        p_surewarehk_Load_Rsa_Pubkey = p6;
+        p_surewarehk_Free = p7;
+        p_surewarehk_Rsa_Priv_Dec = p8;
+        p_surewarehk_Rsa_Sign = p9;
+        p_surewarehk_Dsa_Sign = p12;
+        p_surewarehk_Info_Pubkey = p13;
+        p_surewarehk_Load_Dsa_Pubkey = p14;
+        p_surewarehk_Mod_Exp = p15;
+        /* Contact the hardware and initialises it. */
+        if(p_surewarehk_Init(msg,threadsafe)==SUREWAREHOOK_ERROR_UNIT_FAILURE)
+        {
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,SUREWARE_R_UNIT_FAILURE);
+                goto err;
+        }
+        if(p_surewarehk_Init(msg,threadsafe)==SUREWAREHOOK_ERROR_UNIT_FAILURE)
+        {
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,SUREWARE_R_UNIT_FAILURE);
+                goto err;
+        }
+        /* try to load the default private key, if failed does not return a failure but
+           wait for an explicit ENGINE_load_privakey */
+        surewarehk_load_privkey(e,NULL,NULL,NULL);
+
+        /* Everything's fine. */
+#ifndef OPENSSL_NO_RSA
+        if (rsaHndidx == -1)
+                rsaHndidx = RSA_get_ex_new_index(0,
+                                                "SureWareHook RSA key handle",
+                                                NULL, NULL, surewarehk_ex_free);
+#endif
+#ifndef OPENSSL_NO_DSA
+        if (dsaHndidx == -1)
+                dsaHndidx = DSA_get_ex_new_index(0,
+                                                "SureWareHook DSA key handle",
+                                                NULL, NULL, surewarehk_ex_free);
+#endif
+
+        return 1;
+err:
+        if(surewarehk_dso)
+                DSO_free(surewarehk_dso);
+        surewarehk_dso = NULL;
+        p_surewarehk_Init = NULL;
+        p_surewarehk_Finish = NULL;
+        p_surewarehk_Rand_Bytes = NULL;
+        p_surewarehk_Rand_Seed = NULL;
+        p_surewarehk_Load_Privkey = NULL;
+        p_surewarehk_Load_Rsa_Pubkey = NULL;
+        p_surewarehk_Free = NULL;
+        p_surewarehk_Rsa_Priv_Dec = NULL;
+        p_surewarehk_Rsa_Sign = NULL;
+        p_surewarehk_Dsa_Sign = NULL;
+        p_surewarehk_Info_Pubkey = NULL;
+        p_surewarehk_Load_Dsa_Pubkey = NULL;
+        p_surewarehk_Mod_Exp = NULL;
+        return 0;
+}
+
+static int surewarehk_finish(ENGINE *e)
+{
+        int to_return = 1;
+        if(surewarehk_dso == NULL)
+                {
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH,ENGINE_R_NOT_LOADED);
+                to_return = 0;
+                goto err;
+                }
+        p_surewarehk_Finish();
+        if(!DSO_free(surewarehk_dso))
+                {
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH,ENGINE_R_DSO_FAILURE);
+                to_return = 0;
+                goto err;
+                }
+ err:
+        if (logstream)
+                BIO_free(logstream);
+        surewarehk_dso = NULL;
+        p_surewarehk_Init = NULL;
+        p_surewarehk_Finish = NULL;
+        p_surewarehk_Rand_Bytes = NULL;
+        p_surewarehk_Rand_Seed = NULL;
+        p_surewarehk_Load_Privkey = NULL;
+        p_surewarehk_Load_Rsa_Pubkey = NULL;
+        p_surewarehk_Free = NULL;
+        p_surewarehk_Rsa_Priv_Dec = NULL;
+        p_surewarehk_Rsa_Sign = NULL;
+        p_surewarehk_Dsa_Sign = NULL;
+        p_surewarehk_Info_Pubkey = NULL;
+        p_surewarehk_Load_Dsa_Pubkey = NULL;
+        p_surewarehk_Mod_Exp = NULL;
+        return to_return;
+}
+
+static void surewarehk_error_handling(char *const msg,int func,int ret)
+{
+        switch (ret)
+        {
+                case SUREWAREHOOK_ERROR_UNIT_FAILURE:
+                        ENGINEerr(func,SUREWARE_R_UNIT_FAILURE);
+                        break;
+                case SUREWAREHOOK_ERROR_FALLBACK:
+                        ENGINEerr(func,SUREWARE_R_REQUEST_FALLBACK);
+                        break;
+                case SUREWAREHOOK_ERROR_DATA_SIZE:
+                        ENGINEerr(func,SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+                        break;
+                case SUREWAREHOOK_ERROR_INVALID_PAD:
+                        ENGINEerr(func,RSA_R_PADDING_CHECK_FAILED);
+                        break;
+                default:
+                        ENGINEerr(func,SUREWARE_R_REQUEST_FAILED);
+                        break;
+                case 1:/*nothing*/
+                        msg[0]='\0';
+        }
+        if (*msg)
+        {
+                ERR_add_error_data(1,msg);
+                if (logstream)
+                {
+                        CRYPTO_w_lock(CRYPTO_LOCK_BIO);
+                        BIO_write(logstream, msg, strlen(msg));
+                        CRYPTO_w_unlock(CRYPTO_LOCK_BIO);
+                }
+        }
+}
+
+static int surewarehk_rand_bytes(unsigned char *buf, int num)
+{
+        int ret=0;
+        char msg[64]="ENGINE_rand_bytes";
+        if(!p_surewarehk_Rand_Bytes)
+        {
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_BYTES,ENGINE_R_NOT_INITIALISED);
+        }
+        else
+        {
+                ret = p_surewarehk_Rand_Bytes(msg,buf, num);
+                surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RAND_BYTES,ret);
+        }
+        return ret==1 ? 1 : 0;
+}
+
+static void surewarehk_rand_seed(const void *buf, int num)
+{
+        int ret=0;
+        char msg[64]="ENGINE_rand_seed";
+        if(!p_surewarehk_Rand_Seed)
+        {
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_SEED,ENGINE_R_NOT_INITIALISED);
+        }
+        else
+        {
+                ret = p_surewarehk_Rand_Seed(msg,buf, num);
+                surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RAND_SEED,ret);
+        }
+}
+
+static void surewarehk_rand_add(const void *buf, int num, double entropy)
+{
+        surewarehk_rand_seed(buf,num);
+}
+
+static EVP_PKEY* sureware_load_public(ENGINE *e,const char *key_id,char *hptr,unsigned long el,char keytype)
+{
+        EVP_PKEY *res = NULL;
+#ifndef OPENSSL_NO_RSA
+        RSA *rsatmp = NULL;
+#endif
+#ifndef OPENSSL_NO_DSA
+        DSA *dsatmp=NULL;
+#endif
+        char msg[64]="sureware_load_public";
+        int ret=0;
+        if(!p_surewarehk_Load_Rsa_Pubkey || !p_surewarehk_Load_Dsa_Pubkey)
+        {
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ENGINE_R_NOT_INITIALISED);
+                goto err;
+        }
+        switch (keytype)
+        {
+#ifndef OPENSSL_NO_RSA
+        case 1: /*RSA*/
+                /* set private external reference */
+                rsatmp = RSA_new_method(e);
+                RSA_set_ex_data(rsatmp,rsaHndidx,hptr);
+                rsatmp->flags |= RSA_FLAG_EXT_PKEY;
+
+                /* set public big nums*/
+                rsatmp->e = BN_new();
+                rsatmp->n = BN_new();
+                bn_expand2(rsatmp->e, el/sizeof(BN_ULONG));
+                bn_expand2(rsatmp->n, el/sizeof(BN_ULONG));
+                if (!rsatmp->e || rsatmp->e->dmax!=(int)(el/sizeof(BN_ULONG))|| 
+                        !rsatmp->n || rsatmp->n->dmax!=(int)(el/sizeof(BN_ULONG)))
+                        goto err;
+                ret=p_surewarehk_Load_Rsa_Pubkey(msg,key_id,el,
+                                                 (unsigned long *)rsatmp->n->d,
+                                                 (unsigned long *)rsatmp->e->d);
+                surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ret);
+                if (ret!=1)
+                {
+                        SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
+                        goto err;
+                }
+                /* normalise pub e and pub n */
+                rsatmp->e->top=el/sizeof(BN_ULONG);
+                bn_fix_top(rsatmp->e);
+                rsatmp->n->top=el/sizeof(BN_ULONG);
+                bn_fix_top(rsatmp->n);
+                /* create an EVP object: engine + rsa key */
+                res = EVP_PKEY_new();
+                EVP_PKEY_assign_RSA(res, rsatmp);
+                break;
+#endif
+
+#ifndef OPENSSL_NO_DSA
+        case 2:/*DSA*/
+                /* set private/public external reference */
+                dsatmp = DSA_new_method(e);
+                DSA_set_ex_data(dsatmp,dsaHndidx,hptr);
+                /*dsatmp->flags |= DSA_FLAG_EXT_PKEY;*/
+
+                /* set public key*/
+                dsatmp->pub_key = BN_new();
+                dsatmp->p = BN_new();
+                dsatmp->q = BN_new();
+                dsatmp->g = BN_new();
+                bn_expand2(dsatmp->pub_key, el/sizeof(BN_ULONG));
+                bn_expand2(dsatmp->p, el/sizeof(BN_ULONG));
+                bn_expand2(dsatmp->q, 20/sizeof(BN_ULONG));
+                bn_expand2(dsatmp->g, el/sizeof(BN_ULONG));
+                if (!dsatmp->pub_key || dsatmp->pub_key->dmax!=(int)(el/sizeof(BN_ULONG))|| 
+                        !dsatmp->p || dsatmp->p->dmax!=(int)(el/sizeof(BN_ULONG)) ||
+                        !dsatmp->q || dsatmp->q->dmax!=20/sizeof(BN_ULONG) ||
+                        !dsatmp->g || dsatmp->g->dmax!=(int)(el/sizeof(BN_ULONG)))
+                        goto err;
+
+                ret=p_surewarehk_Load_Dsa_Pubkey(msg,key_id,el,
+                                                 (unsigned long *)dsatmp->pub_key->d, 
+                                                 (unsigned long *)dsatmp->p->d,
+                                                 (unsigned long *)dsatmp->q->d,
+                                                 (unsigned long *)dsatmp->g->d);
+                surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ret);
+                if (ret!=1)
+                {
+                        SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
+                        goto err;
+                }
+                /* set parameters */
+                /* normalise pubkey and parameters in case of */
+                dsatmp->pub_key->top=el/sizeof(BN_ULONG);
+                bn_fix_top(dsatmp->pub_key);
+                dsatmp->p->top=el/sizeof(BN_ULONG);
+                bn_fix_top(dsatmp->p);
+                dsatmp->q->top=20/sizeof(BN_ULONG);
+                bn_fix_top(dsatmp->q);
+                dsatmp->g->top=el/sizeof(BN_ULONG);
+                bn_fix_top(dsatmp->g);
+
+                /* create an EVP object: engine + rsa key */
+                res = EVP_PKEY_new();
+                EVP_PKEY_assign_DSA(res, dsatmp);
+                break;
+#endif
+
+        default:
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
+                goto err;
+        }
+        return res;
+ err:
+        if (res)
+                EVP_PKEY_free(res);
+#ifndef OPENSSL_NO_RSA
+        if (rsatmp)
+                RSA_free(rsatmp);
+#endif
+#ifndef OPENSSL_NO_DSA
+        if (dsatmp)
+                DSA_free(dsatmp);
+#endif
+        return NULL;
+}
+
+static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id,
+                                         UI_METHOD *ui_method, void *callback_data)
+{
+        EVP_PKEY *res = NULL;
+        int ret=0;
+        unsigned long el=0;
+        char *hptr=NULL;
+        char keytype=0;
+        char msg[64]="ENGINE_load_privkey";
+
+        if(!p_surewarehk_Load_Privkey)
+        {
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_NOT_INITIALISED);
+        }
+        else
+        {
+                ret=p_surewarehk_Load_Privkey(msg,key_id,&hptr,&el,&keytype);
+                if (ret!=1)
+                {
+                        SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
+                        ERR_add_error_data(1,msg);              
+                }
+                else
+                        res=sureware_load_public(e,key_id,hptr,el,keytype);
+        }
+        return res;
+}
+
+static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id,
+                                         UI_METHOD *ui_method, void *callback_data)
+{
+        EVP_PKEY *res = NULL;
+        int ret=0;
+        unsigned long el=0;
+        char *hptr=NULL;
+        char keytype=0;
+        char msg[64]="ENGINE_load_pubkey";
+
+        if(!p_surewarehk_Info_Pubkey)
+        {
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ENGINE_R_NOT_INITIALISED);
+        }
+        else
+        {
+                /* call once to identify if DSA or RSA */
+                ret=p_surewarehk_Info_Pubkey(msg,key_id,&el,&keytype);
+                if (ret!=1)
+                {
+                        SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
+                        ERR_add_error_data(1,msg);
+                }
+                else
+                        res=sureware_load_public(e,key_id,hptr,el,keytype);
+        }
+        return res;
+}
+
+/* This cleans up an RSA/DSA KM key(do not destroy the key into the hardware)
+, called when ex_data is freed */
+static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
+        int idx,long argl, void *argp)
+{
+        if(!p_surewarehk_Free)
+        {
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_EX_FREE,ENGINE_R_NOT_INITIALISED);
+        }
+        else
+                p_surewarehk_Free((char *)item,0);
+}
+
+#if 0
+/* This cleans up an DH KM key (destroys the key into hardware), 
+called when ex_data is freed */
+static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
+        int idx,long argl, void *argp)
+{
+        if(!p_surewarehk_Free)
+        {
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_EX_FREE,ENGINE_R_NOT_INITIALISED);
+        }
+        else
+                p_surewarehk_Free((char *)item,1);
+}
+#endif
+
+/*
+* return number of decrypted bytes
+*/
+#ifndef OPENSSL_NO_RSA
+static int surewarehk_rsa_priv_dec(int flen,const unsigned char *from,unsigned char *to,
+                        RSA *rsa,int padding)
+{
+        int ret=0,tlen;
+        char *buf=NULL,*hptr=NULL;
+        char msg[64]="ENGINE_rsa_priv_dec";
+        if (!p_surewarehk_Rsa_Priv_Dec)
+        {
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ENGINE_R_NOT_INITIALISED);
+        }
+        /* extract ref to private key */
+        else if (!(hptr=RSA_get_ex_data(rsa, rsaHndidx)))
+        {
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,SUREWARE_R_MISSING_KEY_COMPONENTS);
+                goto err;
+        }
+        /* analyse what padding we can do into the hardware */
+        if (padding==RSA_PKCS1_PADDING)
+        {
+                /* do it one shot */
+                ret=p_surewarehk_Rsa_Priv_Dec(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_PKCS1_PAD);
+                surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ret);
+                if (ret!=1)
+                        goto err;
+                ret=tlen;
+        }
+        else /* do with no padding into hardware */
+        {
+                ret=p_surewarehk_Rsa_Priv_Dec(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_NO_PAD);
+                surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ret);
+                if (ret!=1)
+                        goto err;
+                /* intermediate buffer for padding */
+                if ((buf=OPENSSL_malloc(tlen)) == NULL)
+                {
+                        RSAerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                }
+                memcpy(buf,to,tlen);/* transfert to into buf */
+                switch (padding) /* check padding in software */
+                {
+#ifndef OPENSSL_NO_SHA
+                case RSA_PKCS1_OAEP_PADDING:
+                        ret=RSA_padding_check_PKCS1_OAEP(to,tlen,(unsigned char *)buf,tlen,tlen,NULL,0);
+                        break;
+#endif
+                case RSA_SSLV23_PADDING:
+                        ret=RSA_padding_check_SSLv23(to,tlen,(unsigned char *)buf,flen,tlen);
+                        break;
+                case RSA_NO_PADDING:
+                        ret=RSA_padding_check_none(to,tlen,(unsigned char *)buf,flen,tlen);
+                        break;
+                default:
+                        RSAerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,RSA_R_UNKNOWN_PADDING_TYPE);
+                        goto err;
+                }
+                if (ret < 0)
+                        RSAerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,RSA_R_PADDING_CHECK_FAILED);
+        }
+err:
+        if (buf)
+        {
+                OPENSSL_cleanse(buf,tlen);
+                OPENSSL_free(buf);
+        }
+        return ret;
+}
+
+/*
+* Does what OpenSSL rsa_priv_enc does.
+*/
+static int surewarehk_rsa_sign(int flen,const unsigned char *from,unsigned char *to,
+                            RSA *rsa,int padding)
+{
+        int ret=0,tlen;
+        char *hptr=NULL;
+        char msg[64]="ENGINE_rsa_sign";
+        if (!p_surewarehk_Rsa_Sign)
+        {
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,ENGINE_R_NOT_INITIALISED);
+        }
+        /* extract ref to private key */
+        else if (!(hptr=RSA_get_ex_data(rsa, rsaHndidx)))
+        {
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,SUREWARE_R_MISSING_KEY_COMPONENTS);
+        }
+        else
+        {
+                switch (padding)
+                {
+                case RSA_PKCS1_PADDING: /* do it in one shot */
+                        ret=p_surewarehk_Rsa_Sign(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_PKCS1_PAD);
+                        surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,ret);
+                        break;
+                case RSA_NO_PADDING:
+                default:
+                        RSAerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,RSA_R_UNKNOWN_PADDING_TYPE);
+                }
+        }
+        return ret==1 ? tlen : ret;
+}
+
+#endif
+
+#ifndef OPENSSL_NO_DSA
+/* DSA sign and verify */
+static  DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *from, int flen, DSA *dsa)
+{
+        int ret=0;
+        char *hptr=NULL;
+        DSA_SIG *psign=NULL;
+        char msg[64]="ENGINE_dsa_do_sign";
+        if (!p_surewarehk_Dsa_Sign)
+        {
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ENGINE_R_NOT_INITIALISED);
+        }
+        /* extract ref to private key */
+        else if (!(hptr=DSA_get_ex_data(dsa, dsaHndidx)))
+        {
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,SUREWARE_R_MISSING_KEY_COMPONENTS);
+        }
+        else
+        {
+                if((psign = DSA_SIG_new()) == NULL)
+                {
+                        SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                }
+                psign->r=BN_new();
+                psign->s=BN_new();
+                bn_expand2(psign->r, 20/sizeof(BN_ULONG));
+                bn_expand2(psign->s, 20/sizeof(BN_ULONG));
+                if (!psign->r || psign->r->dmax!=20/sizeof(BN_ULONG) ||
+                        !psign->s || psign->s->dmax!=20/sizeof(BN_ULONG))
+                        goto err;
+                ret=p_surewarehk_Dsa_Sign(msg,flen,from,
+                                          (unsigned long *)psign->r->d,
+                                          (unsigned long *)psign->s->d,
+                                          hptr);
+                surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ret);
+        }
+        psign->r->top=20/sizeof(BN_ULONG);
+        bn_fix_top(psign->r);
+        psign->s->top=20/sizeof(BN_ULONG);
+        bn_fix_top(psign->s);
+
+err:    
+        if (psign)
+        {
+                DSA_SIG_free(psign);
+                psign=NULL;
+        }
+        return psign;
+}
+#endif
+
+static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                             const BIGNUM *m, BN_CTX *ctx)
+{
+        int ret=0;
+        char msg[64]="ENGINE_modexp";
+        if (!p_surewarehk_Mod_Exp)
+        {
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_MOD_EXP,ENGINE_R_NOT_INITIALISED);
+        }
+        else
+        {
+                bn_expand2(r,m->top);
+                if (r && r->dmax==m->top)
+                {
+                        /* do it*/
+                        ret=p_surewarehk_Mod_Exp(msg,
+                                                 m->top*sizeof(BN_ULONG),
+                                                 (unsigned long *)m->d,
+                                                 p->top*sizeof(BN_ULONG),
+                                                 (unsigned long *)p->d,
+                                                 a->top*sizeof(BN_ULONG),
+                                                 (unsigned long *)a->d,
+                                                 (unsigned long *)r->d);
+                        surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_MOD_EXP,ret);
+                        if (ret==1)
+                        {
+                                /* normalise result */
+                                r->top=m->top;
+                                bn_fix_top(r);
+                        }
+                }
+        }
+        return ret;
+}
+#endif /* !OPENSSL_NO_HW_SureWare */
+#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libcrypto/engine/hw_sureware_err.c b/src/lib/libcrypto/engine/hw_sureware_err.c
new file mode 100644
index 0000000000..69955dadbb
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_sureware_err.c
@@ -0,0 +1,150 @@
+/* hw_sureware_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "hw_sureware_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA SUREWARE_str_functs[]=
+        {
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_CTRL,0),      "SUREWAREHK_CTRL"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,0),       "SUREWAREHK_DSA_DO_SIGN"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_EX_FREE,0),   "SUREWAREHK_EX_FREE"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_FINISH,0),    "SUREWAREHK_FINISH"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_INIT,0),      "SUREWAREHK_INIT"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,0),  "SUREWAREHK_LOAD_PRIVATE_KEY"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,0),   "SUREWAREHK_LOAD_PUBLIC_KEY"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_MOD_EXP,0),   "SUREWAREHK_MOD_EXP"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_RAND_BYTES,0),        "SUREWAREHK_RAND_BYTES"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_RAND_SEED,0), "SUREWAREHK_RAND_SEED"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,0),      "SUREWAREHK_RSA_PRIV_DEC"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,0),      "SUREWAREHK_RSA_PRIV_ENC"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA SUREWARE_str_reasons[]=
+        {
+{SUREWARE_R_BIO_WAS_FREED                ,"bio was freed"},
+{SUREWARE_R_MISSING_KEY_COMPONENTS       ,"missing key components"},
+{SUREWARE_R_REQUEST_FAILED               ,"request failed"},
+{SUREWARE_R_REQUEST_FALLBACK             ,"request fallback"},
+{SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL  ,"size too large or too small"},
+{SUREWARE_R_UNIT_FAILURE                 ,"unit failure"},
+{0,NULL}
+        };
+
+#endif
+
+#ifdef SUREWARE_LIB_NAME
+static ERR_STRING_DATA SUREWARE_lib_name[]=
+        {
+{0      ,SUREWARE_LIB_NAME},
+{0,NULL}
+        };
+#endif
+
+
+static int SUREWARE_lib_error_code=0;
+static int SUREWARE_error_init=1;
+
+static void ERR_load_SUREWARE_strings(void)
+        {
+        if (SUREWARE_lib_error_code == 0)
+                SUREWARE_lib_error_code=ERR_get_next_error_library();
+
+        if (SUREWARE_error_init)
+                {
+                SUREWARE_error_init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(SUREWARE_lib_error_code,SUREWARE_str_functs);
+                ERR_load_strings(SUREWARE_lib_error_code,SUREWARE_str_reasons);
+#endif
+
+#ifdef SUREWARE_LIB_NAME
+                SUREWARE_lib_name->error = ERR_PACK(SUREWARE_lib_error_code,0,0);
+                ERR_load_strings(0,SUREWARE_lib_name);
+#endif
+                }
+        }
+
+static void ERR_unload_SUREWARE_strings(void)
+        {
+        if (SUREWARE_error_init == 0)
+                {
+#ifndef OPENSSL_NO_ERR
+                ERR_unload_strings(SUREWARE_lib_error_code,SUREWARE_str_functs);
+                ERR_unload_strings(SUREWARE_lib_error_code,SUREWARE_str_reasons);
+#endif
+
+#ifdef SUREWARE_LIB_NAME
+                ERR_unload_strings(0,SUREWARE_lib_name);
+#endif
+                SUREWARE_error_init=1;
+                }
+        }
+
+static void ERR_SUREWARE_error(int function, int reason, char *file, int line)
+        {
+        if (SUREWARE_lib_error_code == 0)
+                SUREWARE_lib_error_code=ERR_get_next_error_library();
+        ERR_PUT_error(SUREWARE_lib_error_code,function,reason,file,line);
+        }
diff --git a/src/lib/libcrypto/engine/hw_sureware_err.h b/src/lib/libcrypto/engine/hw_sureware_err.h
new file mode 100644
index 0000000000..bc52af5e05
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_sureware_err.h
@@ -0,0 +1,94 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_SUREWARE_ERR_H
+#define HEADER_SUREWARE_ERR_H
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_SUREWARE_strings(void);
+static void ERR_unload_SUREWARE_strings(void);
+static void ERR_SUREWARE_error(int function, int reason, char *file, int line);
+#define SUREWAREerr(f,r) ERR_SUREWARE_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the SUREWARE functions. */
+
+/* Function codes. */
+#define SUREWARE_F_SUREWAREHK_CTRL                       100
+#define SUREWARE_F_SUREWAREHK_DSA_DO_SIGN                101
+#define SUREWARE_F_SUREWAREHK_EX_FREE                    102
+#define SUREWARE_F_SUREWAREHK_FINISH                     103
+#define SUREWARE_F_SUREWAREHK_INIT                       104
+#define SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY           105
+#define SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY            106
+#define SUREWARE_F_SUREWAREHK_MOD_EXP                    107
+#define SUREWARE_F_SUREWAREHK_RAND_BYTES                 108
+#define SUREWARE_F_SUREWAREHK_RAND_SEED                  109
+#define SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC               110
+#define SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC               111
+
+/* Reason codes. */
+#define SUREWARE_R_BIO_WAS_FREED                         100
+#define SUREWARE_R_MISSING_KEY_COMPONENTS                105
+#define SUREWARE_R_REQUEST_FAILED                        101
+#define SUREWARE_R_REQUEST_FALLBACK                      102
+#define SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL           103
+#define SUREWARE_R_UNIT_FAILURE                          104
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/engine/hw_ubsec.c b/src/lib/libcrypto/engine/hw_ubsec.c
new file mode 100644
index 0000000000..5234a08a07
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_ubsec.c
@@ -0,0 +1,1060 @@
+/* crypto/engine/hw_ubsec.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ *
+ * Cloned shamelessly by Joe Tardo. 
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+#include <openssl/engine.h>
+
+#ifndef OPENSSL_NO_HW
+#ifndef OPENSSL_NO_HW_UBSEC
+
+#ifdef FLAT_INC
+#include "hw_ubsec.h"
+#else
+#include "vendor_defns/hw_ubsec.h"
+#endif
+
+#define UBSEC_LIB_NAME "ubsec engine"
+#include "hw_ubsec_err.c"
+
+#define FAIL_TO_SOFTWARE -15
+
+static int ubsec_destroy(ENGINE *e);
+static int ubsec_init(ENGINE *e);
+static int ubsec_finish(ENGINE *e);
+static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx);
+static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                        const BIGNUM *q, const BIGNUM *dp,
+                        const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx);
+#ifndef OPENSSL_NO_RSA
+static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
+#endif
+static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+#ifndef OPENSSL_NO_DSA
+#ifdef NOT_USED
+static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+                BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+                BN_CTX *ctx, BN_MONT_CTX *in_mont);
+static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+                const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+                BN_MONT_CTX *m_ctx);
+#endif
+static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len,
+                                DSA_SIG *sig, DSA *dsa);
+#endif
+#ifndef OPENSSL_NO_DH
+static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+                const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+                BN_MONT_CTX *m_ctx);
+static int ubsec_dh_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh);
+static int ubsec_dh_generate_key(DH *dh);
+#endif
+
+#ifdef NOT_USED
+static int ubsec_rand_bytes(unsigned char *buf, int num);
+static int ubsec_rand_status(void);
+#endif
+
+#define UBSEC_CMD_SO_PATH               ENGINE_CMD_BASE
+static const ENGINE_CMD_DEFN ubsec_cmd_defns[] = {
+        {UBSEC_CMD_SO_PATH,
+                "SO_PATH",
+                "Specifies the path to the 'ubsec' shared library",
+                ENGINE_CMD_FLAG_STRING},
+        {0, NULL, NULL, 0}
+        };
+
+#ifndef OPENSSL_NO_RSA
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD ubsec_rsa =
+        {
+        "UBSEC RSA method",
+        NULL,
+        NULL,
+        NULL,
+        NULL,
+        ubsec_rsa_mod_exp,
+        ubsec_mod_exp_mont,
+        NULL,
+        NULL,
+        0,
+        NULL,
+        NULL,
+        NULL
+        };
+#endif
+
+#ifndef OPENSSL_NO_DSA
+/* Our internal DSA_METHOD that we provide pointers to */
+static DSA_METHOD ubsec_dsa =
+        {
+        "UBSEC DSA method",
+        ubsec_dsa_do_sign, /* dsa_do_sign */
+        NULL, /* dsa_sign_setup */
+        ubsec_dsa_verify, /* dsa_do_verify */
+        NULL, /* ubsec_dsa_mod_exp */ /* dsa_mod_exp */
+        NULL, /* ubsec_mod_exp_dsa */ /* bn_mod_exp */
+        NULL, /* init */
+        NULL, /* finish */
+        0, /* flags */
+        NULL /* app_data */
+        };
+#endif
+
+#ifndef OPENSSL_NO_DH
+/* Our internal DH_METHOD that we provide pointers to */
+static DH_METHOD ubsec_dh =
+        {
+        "UBSEC DH method",
+        ubsec_dh_generate_key,
+        ubsec_dh_compute_key,
+        ubsec_mod_exp_dh,
+        NULL,
+        NULL,
+        0,
+        NULL
+        };
+#endif
+
+/* Constants used when creating the ENGINE */
+static const char *engine_ubsec_id = "ubsec";
+static const char *engine_ubsec_name = "UBSEC hardware engine support";
+
+/* This internal function is used by ENGINE_ubsec() and possibly by the
+ * "dynamic" ENGINE support too */
+static int bind_helper(ENGINE *e)
+        {
+#ifndef OPENSSL_NO_RSA
+        const RSA_METHOD *meth1;
+#endif
+#ifndef OPENSSL_NO_DH
+#ifndef HAVE_UBSEC_DH
+        const DH_METHOD *meth3;
+#endif /* HAVE_UBSEC_DH */
+#endif
+        if(!ENGINE_set_id(e, engine_ubsec_id) ||
+                        !ENGINE_set_name(e, engine_ubsec_name) ||
+#ifndef OPENSSL_NO_RSA
+                        !ENGINE_set_RSA(e, &ubsec_rsa) ||
+#endif
+#ifndef OPENSSL_NO_DSA
+                        !ENGINE_set_DSA(e, &ubsec_dsa) ||
+#endif
+#ifndef OPENSSL_NO_DH
+                        !ENGINE_set_DH(e, &ubsec_dh) ||
+#endif
+                        !ENGINE_set_destroy_function(e, ubsec_destroy) ||
+                        !ENGINE_set_init_function(e, ubsec_init) ||
+                        !ENGINE_set_finish_function(e, ubsec_finish) ||
+                        !ENGINE_set_ctrl_function(e, ubsec_ctrl) ||
+                        !ENGINE_set_cmd_defns(e, ubsec_cmd_defns))
+                return 0;
+
+#ifndef OPENSSL_NO_RSA
+        /* We know that the "PKCS1_SSLeay()" functions hook properly
+         * to the Broadcom-specific mod_exp and mod_exp_crt so we use
+         * those functions. NB: We don't use ENGINE_openssl() or
+         * anything "more generic" because something like the RSAref
+         * code may not hook properly, and if you own one of these
+         * cards then you have the right to do RSA operations on it
+         * anyway! */ 
+        meth1 = RSA_PKCS1_SSLeay();
+        ubsec_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+        ubsec_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+        ubsec_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+        ubsec_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+#endif
+
+#ifndef OPENSSL_NO_DH
+#ifndef HAVE_UBSEC_DH
+        /* Much the same for Diffie-Hellman */
+        meth3 = DH_OpenSSL();
+        ubsec_dh.generate_key = meth3->generate_key;
+        ubsec_dh.compute_key = meth3->compute_key;
+#endif /* HAVE_UBSEC_DH */
+#endif
+
+        /* Ensure the ubsec error handling is set up */
+        ERR_load_UBSEC_strings();
+        return 1;
+        }
+
+#ifndef ENGINE_DYNAMIC_SUPPORT
+static ENGINE *engine_ubsec(void)
+        {
+        ENGINE *ret = ENGINE_new();
+        if(!ret)
+                return NULL;
+        if(!bind_helper(ret))
+                {
+                ENGINE_free(ret);
+                return NULL;
+                }
+        return ret;
+        }
+
+void ENGINE_load_ubsec(void)
+        {
+        /* Copied from eng_[openssl|dyn].c */
+        ENGINE *toadd = engine_ubsec();
+        if(!toadd) return;
+        ENGINE_add(toadd);
+        ENGINE_free(toadd);
+        ERR_clear_error();
+        }
+#endif
+
+/* This is a process-global DSO handle used for loading and unloading
+ * the UBSEC library. NB: This is only set (or unset) during an
+ * init() or finish() call (reference counts permitting) and they're
+ * operating with global locks, so this should be thread-safe
+ * implicitly. */
+
+static DSO *ubsec_dso = NULL;
+
+/* These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded. */
+
+static t_UBSEC_ubsec_bytes_to_bits *p_UBSEC_ubsec_bytes_to_bits = NULL;
+static t_UBSEC_ubsec_bits_to_bytes *p_UBSEC_ubsec_bits_to_bytes = NULL;
+static t_UBSEC_ubsec_open *p_UBSEC_ubsec_open = NULL;
+static t_UBSEC_ubsec_close *p_UBSEC_ubsec_close = NULL;
+#ifndef OPENSSL_NO_DH
+static t_UBSEC_diffie_hellman_generate_ioctl 
+        *p_UBSEC_diffie_hellman_generate_ioctl = NULL;
+static t_UBSEC_diffie_hellman_agree_ioctl *p_UBSEC_diffie_hellman_agree_ioctl = NULL;
+#endif
+/* #ifndef OPENSSL_NO_RSA */
+static t_UBSEC_rsa_mod_exp_ioctl *p_UBSEC_rsa_mod_exp_ioctl = NULL;
+static t_UBSEC_rsa_mod_exp_crt_ioctl *p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
+/* #endif */
+#ifndef OPENSSL_NO_DSA
+static t_UBSEC_dsa_sign_ioctl *p_UBSEC_dsa_sign_ioctl = NULL;
+static t_UBSEC_dsa_verify_ioctl *p_UBSEC_dsa_verify_ioctl = NULL;
+#endif
+static t_UBSEC_math_accelerate_ioctl *p_UBSEC_math_accelerate_ioctl = NULL;
+static t_UBSEC_rng_ioctl *p_UBSEC_rng_ioctl = NULL;
+static t_UBSEC_max_key_len_ioctl *p_UBSEC_max_key_len_ioctl = NULL;
+
+static int max_key_len = 1024;  /* ??? */
+
+/* 
+ * These are the static string constants for the DSO file name and the function
+ * symbol names to bind to. 
+ */
+
+static const char *UBSEC_LIBNAME = NULL;
+static const char *get_UBSEC_LIBNAME(void)
+        {
+        if(UBSEC_LIBNAME)
+                return UBSEC_LIBNAME;
+        return "ubsec";
+        }
+static void free_UBSEC_LIBNAME(void)
+        {
+        if(UBSEC_LIBNAME)
+                OPENSSL_free((void*)UBSEC_LIBNAME);
+        UBSEC_LIBNAME = NULL;
+        }
+static long set_UBSEC_LIBNAME(const char *name)
+        {
+        free_UBSEC_LIBNAME();
+        return (((UBSEC_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
+        }
+static const char *UBSEC_F1 = "ubsec_bytes_to_bits";
+static const char *UBSEC_F2 = "ubsec_bits_to_bytes";
+static const char *UBSEC_F3 = "ubsec_open";
+static const char *UBSEC_F4 = "ubsec_close";
+#ifndef OPENSSL_NO_DH
+static const char *UBSEC_F5 = "diffie_hellman_generate_ioctl";
+static const char *UBSEC_F6 = "diffie_hellman_agree_ioctl";
+#endif
+/* #ifndef OPENSSL_NO_RSA */
+static const char *UBSEC_F7 = "rsa_mod_exp_ioctl";
+static const char *UBSEC_F8 = "rsa_mod_exp_crt_ioctl";
+/* #endif */
+#ifndef OPENSSL_NO_DSA
+static const char *UBSEC_F9 = "dsa_sign_ioctl";
+static const char *UBSEC_F10 = "dsa_verify_ioctl";
+#endif
+static const char *UBSEC_F11 = "math_accelerate_ioctl";
+static const char *UBSEC_F12 = "rng_ioctl";
+static const char *UBSEC_F13 = "ubsec_max_key_len_ioctl";
+
+/* Destructor (complements the "ENGINE_ubsec()" constructor) */
+static int ubsec_destroy(ENGINE *e)
+        {
+        free_UBSEC_LIBNAME();
+        ERR_unload_UBSEC_strings();
+        return 1;
+        }
+
+/* (de)initialisation functions. */
+static int ubsec_init(ENGINE *e)
+        {
+        t_UBSEC_ubsec_bytes_to_bits *p1;
+        t_UBSEC_ubsec_bits_to_bytes *p2;
+        t_UBSEC_ubsec_open *p3;
+        t_UBSEC_ubsec_close *p4;
+#ifndef OPENSSL_NO_DH
+        t_UBSEC_diffie_hellman_generate_ioctl *p5;
+        t_UBSEC_diffie_hellman_agree_ioctl *p6;
+#endif
+/* #ifndef OPENSSL_NO_RSA */
+        t_UBSEC_rsa_mod_exp_ioctl *p7;
+        t_UBSEC_rsa_mod_exp_crt_ioctl *p8;
+/* #endif */
+#ifndef OPENSSL_NO_DSA
+        t_UBSEC_dsa_sign_ioctl *p9;
+        t_UBSEC_dsa_verify_ioctl *p10;
+#endif
+        t_UBSEC_math_accelerate_ioctl *p11;
+        t_UBSEC_rng_ioctl *p12;
+        t_UBSEC_max_key_len_ioctl *p13;
+        int fd = 0;
+
+        if(ubsec_dso != NULL)
+                {
+                UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_ALREADY_LOADED);
+                goto err;
+                }
+        /* 
+         * Attempt to load libubsec.so/ubsec.dll/whatever. 
+         */
+        ubsec_dso = DSO_load(NULL, get_UBSEC_LIBNAME(), NULL, 0);
+        if(ubsec_dso == NULL)
+                {
+                UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_DSO_FAILURE);
+                goto err;
+                }
+
+        if (
+        !(p1 = (t_UBSEC_ubsec_bytes_to_bits *) DSO_bind_func(ubsec_dso, UBSEC_F1)) ||
+        !(p2 = (t_UBSEC_ubsec_bits_to_bytes *) DSO_bind_func(ubsec_dso, UBSEC_F2)) ||
+        !(p3 = (t_UBSEC_ubsec_open *) DSO_bind_func(ubsec_dso, UBSEC_F3)) ||
+        !(p4 = (t_UBSEC_ubsec_close *) DSO_bind_func(ubsec_dso, UBSEC_F4)) ||
+#ifndef OPENSSL_NO_DH
+        !(p5 = (t_UBSEC_diffie_hellman_generate_ioctl *) 
+                                DSO_bind_func(ubsec_dso, UBSEC_F5)) ||
+        !(p6 = (t_UBSEC_diffie_hellman_agree_ioctl *) 
+                                DSO_bind_func(ubsec_dso, UBSEC_F6)) ||
+#endif
+/* #ifndef OPENSSL_NO_RSA */
+        !(p7 = (t_UBSEC_rsa_mod_exp_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F7)) ||
+        !(p8 = (t_UBSEC_rsa_mod_exp_crt_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F8)) ||
+/* #endif */
+#ifndef OPENSSL_NO_DSA
+        !(p9 = (t_UBSEC_dsa_sign_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F9)) ||
+        !(p10 = (t_UBSEC_dsa_verify_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F10)) ||
+#endif
+        !(p11 = (t_UBSEC_math_accelerate_ioctl *) 
+                                DSO_bind_func(ubsec_dso, UBSEC_F11)) ||
+        !(p12 = (t_UBSEC_rng_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F12)) ||
+        !(p13 = (t_UBSEC_max_key_len_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F13)))
+                {
+                UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_DSO_FAILURE);
+                goto err;
+                }
+
+        /* Copy the pointers */
+        p_UBSEC_ubsec_bytes_to_bits = p1;
+        p_UBSEC_ubsec_bits_to_bytes = p2;
+        p_UBSEC_ubsec_open = p3;
+        p_UBSEC_ubsec_close = p4;
+#ifndef OPENSSL_NO_DH
+        p_UBSEC_diffie_hellman_generate_ioctl = p5;
+        p_UBSEC_diffie_hellman_agree_ioctl = p6;
+#endif
+#ifndef OPENSSL_NO_RSA
+        p_UBSEC_rsa_mod_exp_ioctl = p7;
+        p_UBSEC_rsa_mod_exp_crt_ioctl = p8;
+#endif
+#ifndef OPENSSL_NO_DSA
+        p_UBSEC_dsa_sign_ioctl = p9;
+        p_UBSEC_dsa_verify_ioctl = p10;
+#endif
+        p_UBSEC_math_accelerate_ioctl = p11;
+        p_UBSEC_rng_ioctl = p12;
+        p_UBSEC_max_key_len_ioctl = p13;
+
+        /* Perform an open to see if there's actually any unit running. */
+        if (((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) > 0) && (p_UBSEC_max_key_len_ioctl(fd, &max_key_len) == 0))
+        {
+           p_UBSEC_ubsec_close(fd);
+           return 1;
+        }
+        else
+        {
+          UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
+        }
+
+err:
+        if(ubsec_dso)
+                DSO_free(ubsec_dso);
+        p_UBSEC_ubsec_bytes_to_bits = NULL;
+        p_UBSEC_ubsec_bits_to_bytes = NULL;
+        p_UBSEC_ubsec_open = NULL;
+        p_UBSEC_ubsec_close = NULL;
+#ifndef OPENSSL_NO_DH
+        p_UBSEC_diffie_hellman_generate_ioctl = NULL;
+        p_UBSEC_diffie_hellman_agree_ioctl = NULL;
+#endif
+#ifndef OPENSSL_NO_RSA
+        p_UBSEC_rsa_mod_exp_ioctl = NULL;
+        p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
+#endif
+#ifndef OPENSSL_NO_DSA
+        p_UBSEC_dsa_sign_ioctl = NULL;
+        p_UBSEC_dsa_verify_ioctl = NULL;
+#endif
+        p_UBSEC_math_accelerate_ioctl = NULL;
+        p_UBSEC_rng_ioctl = NULL;
+        p_UBSEC_max_key_len_ioctl = NULL;
+
+        return 0;
+        }
+
+static int ubsec_finish(ENGINE *e)
+        {
+        free_UBSEC_LIBNAME();
+        if(ubsec_dso == NULL)
+                {
+                UBSECerr(UBSEC_F_UBSEC_FINISH, UBSEC_R_NOT_LOADED);
+                return 0;
+                }
+        if(!DSO_free(ubsec_dso))
+                {
+                UBSECerr(UBSEC_F_UBSEC_FINISH, UBSEC_R_DSO_FAILURE);
+                return 0;
+                }
+        ubsec_dso = NULL;
+        p_UBSEC_ubsec_bytes_to_bits = NULL;
+        p_UBSEC_ubsec_bits_to_bytes = NULL;
+        p_UBSEC_ubsec_open = NULL;
+        p_UBSEC_ubsec_close = NULL;
+#ifndef OPENSSL_NO_DH
+        p_UBSEC_diffie_hellman_generate_ioctl = NULL;
+        p_UBSEC_diffie_hellman_agree_ioctl = NULL;
+#endif
+#ifndef OPENSSL_NO_RSA
+        p_UBSEC_rsa_mod_exp_ioctl = NULL;
+        p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
+#endif
+#ifndef OPENSSL_NO_DSA
+        p_UBSEC_dsa_sign_ioctl = NULL;
+        p_UBSEC_dsa_verify_ioctl = NULL;
+#endif
+        p_UBSEC_math_accelerate_ioctl = NULL;
+        p_UBSEC_rng_ioctl = NULL;
+        p_UBSEC_max_key_len_ioctl = NULL;
+        return 1;
+        }
+
+static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+        {
+        int initialised = ((ubsec_dso == NULL) ? 0 : 1);
+        switch(cmd)
+                {
+        case UBSEC_CMD_SO_PATH:
+                if(p == NULL)
+                        {
+                        UBSECerr(UBSEC_F_UBSEC_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+                        return 0;
+                        }
+                if(initialised)
+                        {
+                        UBSECerr(UBSEC_F_UBSEC_CTRL,UBSEC_R_ALREADY_LOADED);
+                        return 0;
+                        }
+                return set_UBSEC_LIBNAME((const char *)p);
+        default:
+                break;
+                }
+        UBSECerr(UBSEC_F_UBSEC_CTRL,UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+        return 0;
+        }
+
+static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx)
+        {
+        int     y_len = 0;
+        int     fd;
+
+        if(ubsec_dso == NULL)
+        {
+                UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_NOT_LOADED);
+                return 0;
+        }
+
+        /* Check if hardware can't handle this argument. */
+        y_len = BN_num_bits(m);
+        if (y_len > max_key_len) {
+                UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+                return BN_mod_exp(r, a, p, m, ctx);
+        } 
+
+        if(!bn_wexpand(r, m->top))
+        {
+                UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_BN_EXPAND_FAIL);
+                return 0;
+        }
+
+        if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
+                fd = 0;
+                UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
+                return BN_mod_exp(r, a, p, m, ctx);
+        }
+
+        if (p_UBSEC_rsa_mod_exp_ioctl(fd, (unsigned char *)a->d, BN_num_bits(a),
+                (unsigned char *)m->d, BN_num_bits(m), (unsigned char *)p->d, 
+                BN_num_bits(p), (unsigned char *)r->d, &y_len) != 0)
+        {
+                UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_REQUEST_FAILED);
+                p_UBSEC_ubsec_close(fd);
+
+                return BN_mod_exp(r, a, p, m, ctx);
+        }
+
+        p_UBSEC_ubsec_close(fd);
+
+        r->top = (BN_num_bits(m)+BN_BITS2-1)/BN_BITS2;
+        return 1;
+        }
+
+#ifndef OPENSSL_NO_RSA
+static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+        {
+        BN_CTX *ctx;
+        int to_return = 0;
+
+        if((ctx = BN_CTX_new()) == NULL)
+                goto err;
+
+        if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
+                {
+                UBSECerr(UBSEC_F_UBSEC_RSA_MOD_EXP, UBSEC_R_MISSING_KEY_COMPONENTS);
+                goto err;
+                }
+
+        to_return = ubsec_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
+                    rsa->dmq1, rsa->iqmp, ctx);
+        if (to_return == FAIL_TO_SOFTWARE)
+        {
+          /*
+           * Do in software as hardware failed.
+           */
+           const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+           to_return = (*meth->rsa_mod_exp)(r0, I, rsa);
+        }
+err:
+        if(ctx)
+                BN_CTX_free(ctx);
+        return to_return;
+        }
+#endif
+
+static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                        const BIGNUM *q, const BIGNUM *dp,
+                        const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx)
+        {
+        int     y_len,
+                m_len,
+                fd;
+
+        m_len = BN_num_bytes(p) + BN_num_bytes(q) + 1;
+        y_len = BN_num_bits(p) + BN_num_bits(q);
+
+        /* Check if hardware can't handle this argument. */
+        if (y_len > max_key_len) {
+                UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+                return FAIL_TO_SOFTWARE;
+        } 
+
+        if (!bn_wexpand(r, p->top + q->top + 1)) {
+                UBSECerr(UBSEC_F_UBSEC_RSA_MOD_EXP_CRT, UBSEC_R_BN_EXPAND_FAIL);
+                return 0;
+        }
+
+        if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
+                fd = 0;
+                UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
+                return FAIL_TO_SOFTWARE;
+        }
+
+        if (p_UBSEC_rsa_mod_exp_crt_ioctl(fd,
+                (unsigned char *)a->d, BN_num_bits(a), 
+                (unsigned char *)qinv->d, BN_num_bits(qinv),
+                (unsigned char *)dp->d, BN_num_bits(dp),
+                (unsigned char *)p->d, BN_num_bits(p),
+                (unsigned char *)dq->d, BN_num_bits(dq),
+                (unsigned char *)q->d, BN_num_bits(q),
+                (unsigned char *)r->d,  &y_len) != 0) {
+                UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_REQUEST_FAILED);
+                p_UBSEC_ubsec_close(fd);
+                return FAIL_TO_SOFTWARE;
+        }
+
+        p_UBSEC_ubsec_close(fd);
+
+        r->top = (BN_num_bits(p) + BN_num_bits(q) + BN_BITS2 - 1)/BN_BITS2;
+        return 1;
+}
+
+#ifndef OPENSSL_NO_DSA
+#ifdef NOT_USED
+static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+                BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+                BN_CTX *ctx, BN_MONT_CTX *in_mont)
+        {
+        BIGNUM t;
+        int to_return = 0;
+ 
+        BN_init(&t);
+        /* let rr = a1 ^ p1 mod m */
+        if (!ubsec_mod_exp(rr,a1,p1,m,ctx)) goto end;
+        /* let t = a2 ^ p2 mod m */
+        if (!ubsec_mod_exp(&t,a2,p2,m,ctx)) goto end;
+        /* let rr = rr * t mod m */
+        if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
+        to_return = 1;
+end:
+        BN_free(&t);
+        return to_return;
+        }
+
+static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+                const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+                BN_MONT_CTX *m_ctx)
+        {
+        return ubsec_mod_exp(r, a, p, m, ctx);
+        }
+#endif
+#endif
+
+/*
+ * This function is aliased to mod_exp (with the mont stuff dropped).
+ */
+static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+        {
+        int ret = 0;
+
+#ifndef OPENSSL_NO_RSA
+        /* Do in software if the key is too large for the hardware. */
+        if (BN_num_bits(m) > max_key_len)
+                {
+                const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+                ret = (*meth->bn_mod_exp)(r, a, p, m, ctx, m_ctx);
+                }
+        else
+#endif
+                {
+                ret = ubsec_mod_exp(r, a, p, m, ctx);
+                }
+        
+        return ret;
+        }
+
+#ifndef OPENSSL_NO_DH
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+                const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+                BN_MONT_CTX *m_ctx)
+        {
+        return ubsec_mod_exp(r, a, p, m, ctx);
+        }
+#endif
+
+#ifndef OPENSSL_NO_DSA
+static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+        {
+        DSA_SIG *to_return = NULL;
+        int s_len = 160, r_len = 160, d_len, fd;
+        BIGNUM m, *r=NULL, *s=NULL;
+
+        BN_init(&m);
+
+        s = BN_new();
+        r = BN_new();
+        if ((s == NULL) || (r==NULL))
+                goto err;
+
+        d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dlen);
+
+        if(!bn_wexpand(r, (160+BN_BITS2-1)/BN_BITS2) ||
+           (!bn_wexpand(s, (160+BN_BITS2-1)/BN_BITS2))) {
+                UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_BN_EXPAND_FAIL);
+                goto err;
+        }
+
+        if (BN_bin2bn(dgst,dlen,&m) == NULL) {
+                UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_BN_EXPAND_FAIL);
+                goto err;
+        } 
+
+        if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
+                const DSA_METHOD *meth;
+                fd = 0;
+                UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
+                meth = DSA_OpenSSL();
+                to_return =  meth->dsa_do_sign(dgst, dlen, dsa);
+                goto err;
+        }
+
+        if (p_UBSEC_dsa_sign_ioctl(fd, 0, /* compute hash before signing */
+                (unsigned char *)dgst, d_len,
+                NULL, 0,  /* compute random value */
+                (unsigned char *)dsa->p->d, BN_num_bits(dsa->p), 
+                (unsigned char *)dsa->q->d, BN_num_bits(dsa->q),
+                (unsigned char *)dsa->g->d, BN_num_bits(dsa->g),
+                (unsigned char *)dsa->priv_key->d, BN_num_bits(dsa->priv_key),
+                (unsigned char *)r->d, &r_len,
+                (unsigned char *)s->d, &s_len ) != 0) {
+                const DSA_METHOD *meth;
+
+                UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_REQUEST_FAILED);
+                p_UBSEC_ubsec_close(fd);
+                meth = DSA_OpenSSL();
+                to_return = meth->dsa_do_sign(dgst, dlen, dsa);
+
+                goto err;
+        }
+
+        p_UBSEC_ubsec_close(fd);
+
+        r->top = (160+BN_BITS2-1)/BN_BITS2;
+        s->top = (160+BN_BITS2-1)/BN_BITS2;
+
+        to_return = DSA_SIG_new();
+        if(to_return == NULL) {
+                UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_BN_EXPAND_FAIL);
+                goto err;
+        }
+
+        to_return->r = r;
+        to_return->s = s;
+
+err:
+        if (!to_return) {
+                if (r) BN_free(r);
+                if (s) BN_free(s);
+        }                                 
+        BN_clear_free(&m);
+        return to_return;
+}
+
+static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len,
+                                DSA_SIG *sig, DSA *dsa)
+        {
+        int v_len, d_len;
+        int to_return = 0;
+        int fd;
+        BIGNUM v;
+
+        BN_init(&v);
+
+        if(!bn_wexpand(&v, dsa->p->top)) {
+                UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY ,UBSEC_R_BN_EXPAND_FAIL);
+                goto err;
+        }
+
+        v_len = BN_num_bits(dsa->p);
+
+        d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dgst_len);
+
+        if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
+                const DSA_METHOD *meth;
+                fd = 0;
+                UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
+                meth = DSA_OpenSSL();
+                to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
+                goto err;
+        }
+
+        if (p_UBSEC_dsa_verify_ioctl(fd, 0, /* compute hash before signing */
+                (unsigned char *)dgst, d_len,
+                (unsigned char *)dsa->p->d, BN_num_bits(dsa->p), 
+                (unsigned char *)dsa->q->d, BN_num_bits(dsa->q),
+                (unsigned char *)dsa->g->d, BN_num_bits(dsa->g),
+                (unsigned char *)dsa->pub_key->d, BN_num_bits(dsa->pub_key),
+                (unsigned char *)sig->r->d, BN_num_bits(sig->r),
+                (unsigned char *)sig->s->d, BN_num_bits(sig->s),
+                (unsigned char *)v.d, &v_len) != 0) {
+                const DSA_METHOD *meth;
+                UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY , UBSEC_R_REQUEST_FAILED);
+                p_UBSEC_ubsec_close(fd);
+
+                meth = DSA_OpenSSL();
+                to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
+
+                goto err;
+        }
+
+        p_UBSEC_ubsec_close(fd);
+
+        to_return = 1;
+err:
+        BN_clear_free(&v);
+        return to_return;
+        }
+#endif
+
+#ifndef OPENSSL_NO_DH
+static int ubsec_dh_compute_key (unsigned char *key,const BIGNUM *pub_key,DH *dh)
+        {
+        int      ret      = -1,
+                 k_len,
+                 fd;
+
+        k_len = BN_num_bits(dh->p);
+
+        if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0)
+                {
+                const DH_METHOD *meth;
+                ENGINEerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
+                meth = DH_OpenSSL();
+                ret = meth->compute_key(key, pub_key, dh);
+                goto err;
+                }
+
+        if (p_UBSEC_diffie_hellman_agree_ioctl(fd,
+                                               (unsigned char *)dh->priv_key->d, BN_num_bits(dh->priv_key),
+                                               (unsigned char *)pub_key->d, BN_num_bits(pub_key),
+                                               (unsigned char *)dh->p->d, BN_num_bits(dh->p),
+                                               key, &k_len) != 0)
+                {
+                /* Hardware's a no go, failover to software */
+                const DH_METHOD *meth;
+                ENGINEerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_REQUEST_FAILED);
+                p_UBSEC_ubsec_close(fd);
+
+                meth = DH_OpenSSL();
+                ret = meth->compute_key(key, pub_key, dh);
+
+                goto err;
+                }
+
+        p_UBSEC_ubsec_close(fd);
+
+        ret = p_UBSEC_ubsec_bits_to_bytes(k_len);
+err:
+        return ret;
+        }
+
+static int ubsec_dh_generate_key (DH *dh)
+        {
+        int      ret               = 0,
+                 random_bits       = 0,
+                 pub_key_len       = 0,
+                 priv_key_len      = 0,
+                 fd;
+        BIGNUM   *pub_key          = NULL;
+        BIGNUM   *priv_key         = NULL;
+
+        /* 
+         *  How many bits should Random x be? dh_key.c
+         *  sets the range from 0 to num_bits(modulus) ???
+         */
+
+        if (dh->priv_key == NULL)
+                {
+                priv_key = BN_new();
+                if (priv_key == NULL) goto err;
+                priv_key_len = BN_num_bits(dh->p);
+                bn_wexpand(priv_key, dh->p->top);
+                do
+                        if (!BN_rand_range(priv_key, dh->p)) goto err;
+                while (BN_is_zero(priv_key));
+                random_bits = BN_num_bits(priv_key);
+                }
+        else
+                {
+                priv_key = dh->priv_key;
+                }
+
+        if (dh->pub_key == NULL)
+                {
+                pub_key = BN_new();
+                pub_key_len = BN_num_bits(dh->p);
+                bn_wexpand(pub_key, dh->p->top);
+                if(pub_key == NULL) goto err;
+                }
+        else
+                {
+                pub_key = dh->pub_key;
+                }
+
+        if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0)
+                {
+                const DH_METHOD *meth;
+                ENGINEerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
+                meth = DH_OpenSSL();
+                ret = meth->generate_key(dh);
+                goto err;
+                }
+
+        if (p_UBSEC_diffie_hellman_generate_ioctl(fd,
+                                                  (unsigned char *)priv_key->d, &priv_key_len,
+                                                  (unsigned char *)pub_key->d,  &pub_key_len,
+                                                  (unsigned char *)dh->g->d, BN_num_bits(dh->g),
+                                                  (unsigned char *)dh->p->d, BN_num_bits(dh->p),
+                                                  0, 0, random_bits) != 0)
+                {
+                /* Hardware's a no go, failover to software */
+                const DH_METHOD *meth;
+
+                ENGINEerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_REQUEST_FAILED);
+                p_UBSEC_ubsec_close(fd);
+
+                meth = DH_OpenSSL();
+                ret = meth->generate_key(dh);
+
+                goto err;
+                }
+
+        p_UBSEC_ubsec_close(fd);
+
+        dh->pub_key = pub_key;
+        dh->pub_key->top = (pub_key_len + BN_BITS2-1) / BN_BITS2;
+        dh->priv_key = priv_key;
+        dh->priv_key->top = (priv_key_len + BN_BITS2-1) / BN_BITS2;
+
+        ret = 1;
+err:
+        return ret;
+        }
+#endif
+
+#ifdef NOT_USED
+static int ubsec_rand_bytes(unsigned char * buf,
+                            int num)
+        {
+        int      ret      = 0,
+                 fd;
+
+        if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0)
+                {
+                const RAND_METHOD *meth;
+                ENGINEerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
+                num = p_UBSEC_ubsec_bits_to_bytes(num);
+                meth = RAND_SSLeay();
+                meth->seed(buf, num);
+                ret = meth->bytes(buf, num);
+                goto err;
+                }
+
+        num *= 8; /* bytes to bits */
+
+        if (p_UBSEC_rng_ioctl(fd,
+                              UBSEC_RNG_DIRECT,
+                              buf,
+                              &num) != 0)
+                {
+                /* Hardware's a no go, failover to software */
+                const RAND_METHOD *meth;
+
+                ENGINEerr(UBSEC_F_UBSEC_RNG_BYTES, UBSEC_R_REQUEST_FAILED);
+                p_UBSEC_ubsec_close(fd);
+
+                num = p_UBSEC_ubsec_bits_to_bytes(num);
+                meth = RAND_SSLeay();
+                meth->seed(buf, num);
+                ret = meth->bytes(buf, num);
+
+                goto err;
+                }
+
+        p_UBSEC_ubsec_close(fd);
+
+        ret = 1;
+err:
+        return(ret);
+        }
+
+
+static int ubsec_rand_status(void)
+        {
+        return 0;
+        }
+#endif
+
+/* This stuff is needed if this ENGINE is being compiled into a self-contained
+ * shared-library. */
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_fn(ENGINE *e, const char *id)
+        {
+        if(id && (strcmp(id, engine_ubsec_id) != 0))
+                return 0;
+        if(!bind_helper(e))
+                return 0;
+        return 1;
+        }
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#endif /* ENGINE_DYNAMIC_SUPPORT */
+
+#endif /* !OPENSSL_NO_HW_UBSEC */
+#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libcrypto/engine/hw_ubsec_err.c b/src/lib/libcrypto/engine/hw_ubsec_err.c
new file mode 100644
index 0000000000..d707331fc2
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_ubsec_err.c
@@ -0,0 +1,151 @@
+/* hw_ubsec_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "hw_ubsec_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA UBSEC_str_functs[]=
+        {
+{ERR_PACK(0,UBSEC_F_UBSEC_CTRL,0),      "UBSEC_CTRL"},
+{ERR_PACK(0,UBSEC_F_UBSEC_DH_COMPUTE_KEY,0),    "UBSEC_DH_COMPUTE_KEY"},
+{ERR_PACK(0,UBSEC_F_UBSEC_DSA_SIGN,0),  "UBSEC_DSA_SIGN"},
+{ERR_PACK(0,UBSEC_F_UBSEC_DSA_VERIFY,0),        "UBSEC_DSA_VERIFY"},
+{ERR_PACK(0,UBSEC_F_UBSEC_FINISH,0),    "UBSEC_FINISH"},
+{ERR_PACK(0,UBSEC_F_UBSEC_INIT,0),      "UBSEC_INIT"},
+{ERR_PACK(0,UBSEC_F_UBSEC_MOD_EXP,0),   "UBSEC_MOD_EXP"},
+{ERR_PACK(0,UBSEC_F_UBSEC_RNG_BYTES,0), "UBSEC_RNG_BYTES"},
+{ERR_PACK(0,UBSEC_F_UBSEC_RSA_MOD_EXP,0),       "UBSEC_RSA_MOD_EXP"},
+{ERR_PACK(0,UBSEC_F_UBSEC_RSA_MOD_EXP_CRT,0),   "UBSEC_RSA_MOD_EXP_CRT"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA UBSEC_str_reasons[]=
+        {
+{UBSEC_R_ALREADY_LOADED                  ,"already loaded"},
+{UBSEC_R_BN_EXPAND_FAIL                  ,"bn expand fail"},
+{UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED    ,"ctrl command not implemented"},
+{UBSEC_R_DSO_FAILURE                     ,"dso failure"},
+{UBSEC_R_MISSING_KEY_COMPONENTS          ,"missing key components"},
+{UBSEC_R_NOT_LOADED                      ,"not loaded"},
+{UBSEC_R_REQUEST_FAILED                  ,"request failed"},
+{UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL     ,"size too large or too small"},
+{UBSEC_R_UNIT_FAILURE                    ,"unit failure"},
+{0,NULL}
+        };
+
+#endif
+
+#ifdef UBSEC_LIB_NAME
+static ERR_STRING_DATA UBSEC_lib_name[]=
+        {
+{0      ,UBSEC_LIB_NAME},
+{0,NULL}
+        };
+#endif
+
+
+static int UBSEC_lib_error_code=0;
+static int UBSEC_error_init=1;
+
+static void ERR_load_UBSEC_strings(void)
+        {
+        if (UBSEC_lib_error_code == 0)
+                UBSEC_lib_error_code=ERR_get_next_error_library();
+
+        if (UBSEC_error_init)
+                {
+                UBSEC_error_init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(UBSEC_lib_error_code,UBSEC_str_functs);
+                ERR_load_strings(UBSEC_lib_error_code,UBSEC_str_reasons);
+#endif
+
+#ifdef UBSEC_LIB_NAME
+                UBSEC_lib_name->error = ERR_PACK(UBSEC_lib_error_code,0,0);
+                ERR_load_strings(0,UBSEC_lib_name);
+#endif
+                }
+        }
+
+static void ERR_unload_UBSEC_strings(void)
+        {
+        if (UBSEC_error_init == 0)
+                {
+#ifndef OPENSSL_NO_ERR
+                ERR_unload_strings(UBSEC_lib_error_code,UBSEC_str_functs);
+                ERR_unload_strings(UBSEC_lib_error_code,UBSEC_str_reasons);
+#endif
+
+#ifdef UBSEC_LIB_NAME
+                ERR_unload_strings(0,UBSEC_lib_name);
+#endif
+                UBSEC_error_init=1;
+                }
+        }
+
+static void ERR_UBSEC_error(int function, int reason, char *file, int line)
+        {
+        if (UBSEC_lib_error_code == 0)
+                UBSEC_lib_error_code=ERR_get_next_error_library();
+        ERR_PUT_error(UBSEC_lib_error_code,function,reason,file,line);
+        }
diff --git a/src/lib/libcrypto/engine/hw_ubsec_err.h b/src/lib/libcrypto/engine/hw_ubsec_err.h
new file mode 100644
index 0000000000..023d3be771
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_ubsec_err.h
@@ -0,0 +1,95 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_UBSEC_ERR_H
+#define HEADER_UBSEC_ERR_H
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_UBSEC_strings(void);
+static void ERR_unload_UBSEC_strings(void);
+static void ERR_UBSEC_error(int function, int reason, char *file, int line);
+#define UBSECerr(f,r) ERR_UBSEC_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the UBSEC functions. */
+
+/* Function codes. */
+#define UBSEC_F_UBSEC_CTRL                               100
+#define UBSEC_F_UBSEC_DH_COMPUTE_KEY                     101
+#define UBSEC_F_UBSEC_DSA_SIGN                           102
+#define UBSEC_F_UBSEC_DSA_VERIFY                         103
+#define UBSEC_F_UBSEC_FINISH                             104
+#define UBSEC_F_UBSEC_INIT                               105
+#define UBSEC_F_UBSEC_MOD_EXP                            106
+#define UBSEC_F_UBSEC_RNG_BYTES                          107
+#define UBSEC_F_UBSEC_RSA_MOD_EXP                        108
+#define UBSEC_F_UBSEC_RSA_MOD_EXP_CRT                    109
+
+/* Reason codes. */
+#define UBSEC_R_ALREADY_LOADED                           100
+#define UBSEC_R_BN_EXPAND_FAIL                           101
+#define UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED             102
+#define UBSEC_R_DSO_FAILURE                              103
+#define UBSEC_R_MISSING_KEY_COMPONENTS                   104
+#define UBSEC_R_NOT_LOADED                               105
+#define UBSEC_R_REQUEST_FAILED                           106
+#define UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL              107
+#define UBSEC_R_UNIT_FAILURE                             108
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/engine/tb_dsa.c b/src/lib/libcrypto/engine/tb_dsa.c
index 7efe181927..80170591f2 100644
--- a/src/lib/libcrypto/engine/tb_dsa.c
+++ b/src/lib/libcrypto/engine/tb_dsa.c
@@ -94,7 +94,7 @@ int ENGINE_set_default_DSA(ENGINE *e)
         {
         if(e->dsa_meth)
                 return engine_table_register(&dsa_table,
-                                engine_unregister_all_DSA, e, &dummy_nid, 1, 1);
+                                engine_unregister_all_DSA, e, &dummy_nid, 1, 0);
         return 1;
         }
 
diff --git a/src/lib/libcrypto/engine/vendor_defns/aep.h b/src/lib/libcrypto/engine/vendor_defns/aep.h
new file mode 100644
index 0000000000..2b2792d2d6
--- /dev/null
+++ b/src/lib/libcrypto/engine/vendor_defns/aep.h
@@ -0,0 +1,178 @@
+/* This header declares the necessary definitions for using the exponentiation
+ * acceleration capabilities, and rnd number generation of the AEP card. 
+ *
+ */
+
+/*
+ *
+ * Some AEP defines
+ *
+ */
+
+/*Successful return value*/
+#define AEP_R_OK                                0x00000000
+
+/*Miscelleanous unsuccessful return value*/
+#define AEP_R_GENERAL_ERROR                     0x10000001
+
+/*Insufficient host memory*/
+#define AEP_R_HOST_MEMORY                       0x10000002
+
+#define AEP_R_FUNCTION_FAILED                   0x10000006
+
+/*Invalid arguments in function call*/
+#define AEP_R_ARGUMENTS_BAD                     0x10020000
+
+#define AEP_R_NO_TARGET_RESOURCES                               0x10030000
+
+/*Error occuring on socket operation*/
+#define AEP_R_SOCKERROR                                                 0x10000010
+
+/*Socket has been closed from the other end*/
+#define AEP_R_SOCKEOF                                                   0x10000011
+
+/*Invalid handles*/
+#define AEP_R_CONNECTION_HANDLE_INVALID         0x100000B3
+
+#define AEP_R_TRANSACTION_HANDLE_INVALID                0x10040000
+
+/*Transaction has not yet returned from accelerator*/
+#define AEP_R_TRANSACTION_NOT_READY                             0x00010000
+
+/*There is already a thread waiting on this transaction*/
+#define AEP_R_TRANSACTION_CLAIMED                               0x10050000
+
+/*The transaction timed out*/
+#define AEP_R_TIMED_OUT                                                 0x10060000
+
+#define AEP_R_FXN_NOT_IMPLEMENTED                               0x10070000
+
+#define AEP_R_TARGET_ERROR                                              0x10080000
+
+/*Error in the AEP daemon process*/
+#define AEP_R_DAEMON_ERROR                                              0x10090000
+
+/*Invalid ctx id*/
+#define AEP_R_INVALID_CTX_ID                                    0x10009000
+
+#define AEP_R_NO_KEY_MANAGER                                    0x1000a000
+
+/*Error obtaining a mutex*/
+#define AEP_R_MUTEX_BAD                         0x000001A0
+
+/*Fxn call before AEP_Initialise ot after AEP_Finialise*/
+#define AEP_R_AEPAPI_NOT_INITIALIZED                    0x10000190
+
+/*AEP_Initialise has already been called*/
+#define AEP_R_AEPAPI_ALREADY_INITIALIZED                0x10000191
+
+/*Maximum number of connections to daemon reached*/
+#define AEP_R_NO_MORE_CONNECTION_HNDLS                  0x10000200
+
+/*
+ *
+ * Some AEP Type definitions
+ *
+ */
+
+/* an unsigned 8-bit value */
+typedef unsigned char                           AEP_U8;
+
+/* an unsigned 8-bit character */
+typedef char                                    AEP_CHAR;
+
+/* a BYTE-sized Boolean flag */
+typedef AEP_U8                                  AEP_BBOOL;
+
+/*Unsigned value, at least 16 bits long*/
+typedef unsigned short                          AEP_U16;
+
+/* an unsigned value, at least 32 bits long */
+#ifdef SIXTY_FOUR_BIT_LONG
+typedef unsigned int                            AEP_U32;
+#else
+typedef unsigned long                           AEP_U32;
+#endif
+
+#ifdef SIXTY_FOUR_BIT_LONG
+typedef unsigned long                           AEP_U64;
+#else
+typedef struct { unsigned long l1, l2; }        AEP_U64;
+#endif
+
+/* at least 32 bits; each bit is a Boolean flag */
+typedef AEP_U32                 AEP_FLAGS;
+
+typedef AEP_U8          *AEP_U8_PTR;
+typedef AEP_CHAR        *AEP_CHAR_PTR;
+typedef AEP_U32                 *AEP_U32_PTR;
+typedef AEP_U64                 *AEP_U64_PTR;
+typedef void            *AEP_VOID_PTR;
+
+/* Pointer to a AEP_VOID_PTR-- i.e., pointer to pointer to void */
+typedef AEP_VOID_PTR    *AEP_VOID_PTR_PTR;
+
+/*Used to identify an AEP connection handle*/
+typedef AEP_U32                                 AEP_CONNECTION_HNDL;
+
+/*Pointer to an AEP connection handle*/
+typedef AEP_CONNECTION_HNDL     *AEP_CONNECTION_HNDL_PTR;
+
+/*Used by an application (in conjunction with the apps process id) to 
+identify an individual transaction*/
+typedef AEP_U32                                 AEP_TRANSACTION_ID;
+
+/*Pointer to an applications transaction identifier*/
+typedef AEP_TRANSACTION_ID              *AEP_TRANSACTION_ID_PTR;
+
+/*Return value type*/
+typedef AEP_U32                                 AEP_RV;
+
+#define MAX_PROCESS_CONNECTIONS 256
+
+#define RAND_BLK_SIZE 1024
+
+typedef enum{
+        NotConnected=   0,
+        Connected=              1,
+        InUse=                  2
+} AEP_CONNECTION_STATE;
+
+
+typedef struct AEP_CONNECTION_ENTRY{
+        AEP_CONNECTION_STATE    conn_state;
+        AEP_CONNECTION_HNDL     conn_hndl;
+} AEP_CONNECTION_ENTRY;
+
+
+typedef AEP_RV t_AEP_OpenConnection(AEP_CONNECTION_HNDL_PTR phConnection);
+typedef AEP_RV t_AEP_CloseConnection(AEP_CONNECTION_HNDL hConnection);
+
+typedef AEP_RV t_AEP_ModExp(AEP_CONNECTION_HNDL hConnection,
+                            AEP_VOID_PTR pA, AEP_VOID_PTR pP,
+                            AEP_VOID_PTR pN,
+                            AEP_VOID_PTR pResult,
+                            AEP_TRANSACTION_ID* pidTransID);
+
+typedef AEP_RV t_AEP_ModExpCrt(AEP_CONNECTION_HNDL hConnection,
+                               AEP_VOID_PTR pA, AEP_VOID_PTR pP,
+                               AEP_VOID_PTR pQ,
+                               AEP_VOID_PTR pDmp1, AEP_VOID_PTR pDmq1,
+                               AEP_VOID_PTR pIqmp,
+                               AEP_VOID_PTR pResult,
+                               AEP_TRANSACTION_ID* pidTransID);
+
+#ifdef AEPRAND
+typedef AEP_RV t_AEP_GenRandom(AEP_CONNECTION_HNDL hConnection,
+                               AEP_U32 Len,
+                               AEP_U32 Type,
+                               AEP_VOID_PTR pResult,
+                               AEP_TRANSACTION_ID* pidTransID);
+#endif
+
+typedef AEP_RV t_AEP_Initialize(AEP_VOID_PTR pInitArgs);
+typedef AEP_RV t_AEP_Finalize();
+typedef AEP_RV t_AEP_SetBNCallBacks(AEP_RV (*GetBigNumSizeFunc)(),
+                                    AEP_RV (*MakeAEPBigNumFunc)(),
+                                    AEP_RV (*ConverAEPBigNumFunc)());
+
diff --git a/src/lib/libcrypto/engine/vendor_defns/atalla.h b/src/lib/libcrypto/engine/vendor_defns/atalla.h
new file mode 100644
index 0000000000..149970d441
--- /dev/null
+++ b/src/lib/libcrypto/engine/vendor_defns/atalla.h
@@ -0,0 +1,48 @@
+/* This header declares the necessary definitions for using the exponentiation
+ * acceleration capabilities of Atalla cards. The only cryptographic operation
+ * is performed by "ASI_RSAPrivateKeyOpFn" and this takes a structure that
+ * defines an "RSA private key". However, it is really only performing a
+ * regular mod_exp using the supplied modulus and exponent - no CRT form is
+ * being used. Hence, it is a generic mod_exp function in disguise, and we use
+ * it as such.
+ *
+ * Thanks to the people at Atalla for letting me know these definitions are
+ * fine and that they can be reproduced here.
+ *
+ * Geoff.
+ */
+
+typedef struct ItemStr
+        {
+        unsigned char *data;
+        int len;
+        } Item;
+
+typedef struct RSAPrivateKeyStr
+        {
+        void *reserved;
+        Item version;
+        Item modulus;
+        Item publicExponent;
+        Item privateExponent;
+        Item prime[2];
+        Item exponent[2];
+        Item coefficient;
+        } RSAPrivateKey;
+
+/* Predeclare the function pointer types that we dynamically load from the DSO.
+ * These use the same names and form that Ben's original support code had (in
+ * crypto/bn/bn_exp.c) unless of course I've inadvertently changed the style
+ * somewhere along the way!
+ */
+
+typedef int tfnASI_GetPerformanceStatistics(int reset_flag,
+                                        unsigned int *ret_buf);
+
+typedef int tfnASI_GetHardwareConfig(long card_num, unsigned int *ret_buf);
+
+typedef int tfnASI_RSAPrivateKeyOpFn(RSAPrivateKey * rsaKey,
+                                        unsigned char *output,
+                                        unsigned char *input,
+                                        unsigned int modulus_len);
+
diff --git a/src/lib/libcrypto/engine/vendor_defns/cswift.h b/src/lib/libcrypto/engine/vendor_defns/cswift.h
new file mode 100644
index 0000000000..60079326bb
--- /dev/null
+++ b/src/lib/libcrypto/engine/vendor_defns/cswift.h
@@ -0,0 +1,234 @@
+/* Attribution notice: Rainbow have generously allowed me to reproduce
+ * the necessary definitions here from their API. This means the support
+ * can build independently of whether application builders have the
+ * API or hardware. This will allow developers to easily produce software
+ * that has latent hardware support for any users that have accelertors
+ * installed, without the developers themselves needing anything extra.
+ *
+ * I have only clipped the parts from the CryptoSwift header files that
+ * are (or seem) relevant to the CryptoSwift support code. This is
+ * simply to keep the file sizes reasonable.
+ * [Geoff]
+ */
+
+
+/* NB: These type widths do *not* seem right in general, in particular
+ * they're not terribly friendly to 64-bit architectures (unsigned long)
+ * will be 64-bit on IA-64 for a start. I'm leaving these alone as they
+ * agree with Rainbow's API and this will only be called into question
+ * on platforms with Rainbow support anyway! ;-) */
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+typedef long              SW_STATUS;              /* status           */
+typedef unsigned char     SW_BYTE;                /* 8 bit byte       */
+typedef unsigned short    SW_U16;                 /* 16 bit number    */
+#if defined(_IRIX)
+#include <sgidefs.h>
+typedef __uint32_t        SW_U32;
+#else
+typedef unsigned long     SW_U32;                 /* 32 bit integer   */
+#endif
+ 
+#if defined(OPENSSL_SYS_WIN32)
+  typedef struct _SW_U64 {
+      SW_U32 low32;
+      SW_U32 high32;
+  } SW_U64;                                         /* 64 bit integer   */
+#elif defined(OPENSSL_SYS_MACINTOSH_CLASSIC)
+  typedef longlong SW_U64
+#else /* Unix variants */
+  typedef struct _SW_U64 {
+      SW_U32 low32;
+      SW_U32 high32;
+  } SW_U64;                                         /* 64 bit integer   */
+#endif
+
+/* status codes */
+#define SW_OK                 (0L)
+#define SW_ERR_BASE           (-10000L)
+#define SW_ERR_NO_CARD        (SW_ERR_BASE-1) /* The Card is not present   */
+#define SW_ERR_CARD_NOT_READY (SW_ERR_BASE-2) /* The card has not powered  */
+                                              /*    up yet                 */
+#define SW_ERR_TIME_OUT       (SW_ERR_BASE-3) /* Execution of a command    */
+                                              /*    time out               */
+#define SW_ERR_NO_EXECUTE     (SW_ERR_BASE-4) /* The Card failed to        */
+                                              /*    execute the command    */
+#define SW_ERR_INPUT_NULL_PTR (SW_ERR_BASE-5) /* a required pointer is     */
+                                              /*    NULL                   */
+#define SW_ERR_INPUT_SIZE     (SW_ERR_BASE-6) /* size is invalid, too      */
+                                              /*    small, too large.      */
+#define SW_ERR_INVALID_HANDLE (SW_ERR_BASE-7) /* Invalid SW_ACC_CONTEXT    */
+                                              /*    handle                 */
+#define SW_ERR_PENDING        (SW_ERR_BASE-8) /* A request is already out- */
+                                              /*    standing at this       */
+                                              /*    context handle         */
+#define SW_ERR_AVAILABLE      (SW_ERR_BASE-9) /* A result is available.    */
+#define SW_ERR_NO_PENDING     (SW_ERR_BASE-10)/* No request is pending.    */
+#define SW_ERR_NO_MEMORY      (SW_ERR_BASE-11)/* Not enough memory         */
+#define SW_ERR_BAD_ALGORITHM  (SW_ERR_BASE-12)/* Invalid algorithm type    */
+                                              /*    in SW_PARAM structure  */
+#define SW_ERR_MISSING_KEY    (SW_ERR_BASE-13)/* No key is associated with */
+                                              /*    context.               */
+                                              /*    swAttachKeyParam() is  */
+                                              /*    not called.            */
+#define SW_ERR_KEY_CMD_MISMATCH \
+                              (SW_ERR_BASE-14)/* Cannot perform requested  */
+                                              /*    SW_COMMAND_CODE since  */
+                                              /*    key attached via       */
+                                              /*    swAttachKeyParam()     */
+                                              /*    cannot be used for this*/
+                                              /*    SW_COMMAND_CODE.       */
+#define SW_ERR_NOT_IMPLEMENTED \
+                              (SW_ERR_BASE-15)/* Not implemented           */
+#define SW_ERR_BAD_COMMAND    (SW_ERR_BASE-16)/* Bad command code          */
+#define SW_ERR_BAD_ITEM_SIZE  (SW_ERR_BASE-17)/* too small or too large in */
+                                              /*    the "initems" or       */
+                                              /*    "outitems".            */
+#define SW_ERR_BAD_ACCNUM     (SW_ERR_BASE-18)/* Bad accelerator number    */
+#define SW_ERR_SELFTEST_FAIL  (SW_ERR_BASE-19)/* At least one of the self  */
+                                              /*    test fail, look at the */
+                                              /*    selfTestBitmap in      */
+                                              /*    SW_ACCELERATOR_INFO for*/
+                                              /*    details.               */
+#define SW_ERR_MISALIGN       (SW_ERR_BASE-20)/* Certain alogrithms require*/
+                                              /*    key materials aligned  */
+                                              /*    in certain order, e.g. */
+                                              /*    128 bit for CRT        */
+#define SW_ERR_OUTPUT_NULL_PTR \
+                              (SW_ERR_BASE-21)/* a required pointer is     */
+                                              /*    NULL                   */
+#define SW_ERR_OUTPUT_SIZE \
+                              (SW_ERR_BASE-22)/* size is invalid, too      */
+                                              /*    small, too large.      */
+#define SW_ERR_FIRMWARE_CHECKSUM \
+                              (SW_ERR_BASE-23)/* firmware checksum mismatch*/
+                                              /*    download failed.       */
+#define SW_ERR_UNKNOWN_FIRMWARE \
+                              (SW_ERR_BASE-24)/* unknown firmware error    */
+#define SW_ERR_INTERRUPT      (SW_ERR_BASE-25)/* request is abort when     */
+                                              /*    it's waiting to be     */
+                                              /*    completed.             */
+#define SW_ERR_NVWRITE_FAIL   (SW_ERR_BASE-26)/* error in writing to Non-  */
+                                              /*    volatile memory        */
+#define SW_ERR_NVWRITE_RANGE  (SW_ERR_BASE-27)/* out of range error in     */
+                                              /*    writing to NV memory   */
+#define SW_ERR_RNG_ERROR      (SW_ERR_BASE-28)/* Random Number Generation  */
+                                              /*    failure                */
+#define SW_ERR_DSS_FAILURE    (SW_ERR_BASE-29)/* DSS Sign or Verify failure*/
+#define SW_ERR_MODEXP_FAILURE (SW_ERR_BASE-30)/* Failure in various math   */
+                                              /*    calculations           */
+#define SW_ERR_ONBOARD_MEMORY (SW_ERR_BASE-31)/* Error in accessing on -   */
+                                              /*    board memory           */
+#define SW_ERR_FIRMWARE_VERSION \
+                              (SW_ERR_BASE-32)/* Wrong version in firmware */
+                                              /*    update                 */
+#define SW_ERR_ZERO_WORKING_ACCELERATOR \
+                              (SW_ERR_BASE-44)/* All accelerators are bad  */
+
+
+  /* algorithm type */
+#define SW_ALG_CRT          1
+#define SW_ALG_EXP          2
+#define SW_ALG_DSA          3
+#define SW_ALG_NVDATA       4
+
+  /* command code */
+#define SW_CMD_MODEXP_CRT   1 /* perform Modular Exponentiation using  */
+                              /*  Chinese Remainder Theorem (CRT)      */
+#define SW_CMD_MODEXP       2 /* perform Modular Exponentiation        */
+#define SW_CMD_DSS_SIGN     3 /* perform DSS sign                      */
+#define SW_CMD_DSS_VERIFY   4 /* perform DSS verify                    */
+#define SW_CMD_RAND         5 /* perform random number generation      */
+#define SW_CMD_NVREAD       6 /* perform read to nonvolatile RAM       */
+#define SW_CMD_NVWRITE      7 /* perform write to nonvolatile RAM      */
+
+typedef SW_U32            SW_ALGTYPE;             /* alogrithm type   */
+typedef SW_U32            SW_STATE;               /* state            */
+typedef SW_U32            SW_COMMAND_CODE;        /* command code     */
+typedef SW_U32            SW_COMMAND_BITMAP[4];   /* bitmap           */
+
+typedef struct _SW_LARGENUMBER {
+    SW_U32    nbytes;       /* number of bytes in the buffer "value"  */
+    SW_BYTE*  value;        /* the large integer as a string of       */
+                            /*   bytes in network (big endian) order  */
+} SW_LARGENUMBER;               
+
+#if defined(OPENSSL_SYS_WIN32)
+    #include <windows.h>
+    typedef HANDLE          SW_OSHANDLE;          /* handle to kernel object */
+    #define SW_OS_INVALID_HANDLE  INVALID_HANDLE_VALUE
+    #define SW_CALLCONV _stdcall
+#elif defined(OPENSSL_SYS_MACINTOSH_CLASSIC)
+    /* async callback mechanisms */
+    /* swiftCallbackLevel */
+    #define SW_MAC_CALLBACK_LEVEL_NO         0          
+    #define SW_MAC_CALLBACK_LEVEL_HARDWARE   1  /* from the hardware ISR */
+    #define SW_MAC_CALLBACK_LEVEL_SECONDARY  2  /* as secondary ISR */
+    typedef int             SW_MAC_CALLBACK_LEVEL;
+    typedef int             SW_OSHANDLE;
+    #define SW_OS_INVALID_HANDLE  (-1)
+    #define SW_CALLCONV
+#else /* Unix variants */
+    typedef int             SW_OSHANDLE;          /* handle to driver */
+    #define SW_OS_INVALID_HANDLE  (-1)
+    #define SW_CALLCONV
+#endif 
+
+typedef struct _SW_CRT {
+    SW_LARGENUMBER  p;      /* prime number p                         */
+    SW_LARGENUMBER  q;      /* prime number q                         */
+    SW_LARGENUMBER  dmp1;   /* exponent1                              */
+    SW_LARGENUMBER  dmq1;   /* exponent2                              */
+    SW_LARGENUMBER  iqmp;   /* CRT coefficient                        */
+} SW_CRT;
+
+typedef struct _SW_EXP {
+    SW_LARGENUMBER  modulus; /* modulus                                */
+    SW_LARGENUMBER  exponent;/* exponent                               */
+} SW_EXP;
+
+typedef struct _SW_DSA {
+    SW_LARGENUMBER  p;      /*                                        */
+    SW_LARGENUMBER  q;      /*                                        */
+    SW_LARGENUMBER  g;      /*                                        */
+    SW_LARGENUMBER  key;    /* private/public key                     */
+} SW_DSA;
+
+typedef struct _SW_NVDATA {
+    SW_U32 accnum;          /* accelerator board number               */
+    SW_U32 offset;          /* offset in byte                         */
+} SW_NVDATA;
+
+typedef struct _SW_PARAM {
+    SW_ALGTYPE    type;     /* type of the alogrithm                  */
+    union {
+        SW_CRT    crt;
+        SW_EXP    exp;
+        SW_DSA    dsa;
+        SW_NVDATA nvdata;
+    } up;
+} SW_PARAM;
+
+typedef SW_U32 SW_CONTEXT_HANDLE; /* opaque context handle */
+
+
+/* Now the OpenSSL bits, these function types are the for the function
+ * pointers that will bound into the Rainbow shared libraries. */
+typedef SW_STATUS SW_CALLCONV t_swAcquireAccContext(SW_CONTEXT_HANDLE *hac);
+typedef SW_STATUS SW_CALLCONV t_swAttachKeyParam(SW_CONTEXT_HANDLE hac,
+                                                SW_PARAM *key_params);
+typedef SW_STATUS SW_CALLCONV t_swSimpleRequest(SW_CONTEXT_HANDLE hac,
+                                                SW_COMMAND_CODE cmd,
+                                                SW_LARGENUMBER pin[],
+                                                SW_U32 pin_count,
+                                                SW_LARGENUMBER pout[],
+                                                SW_U32 pout_count);
+typedef SW_STATUS SW_CALLCONV t_swReleaseAccContext(SW_CONTEXT_HANDLE hac);
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
diff --git a/src/lib/libcrypto/engine/vendor_defns/hw_4758_cca.h b/src/lib/libcrypto/engine/vendor_defns/hw_4758_cca.h
new file mode 100644
index 0000000000..296636e81a
--- /dev/null
+++ b/src/lib/libcrypto/engine/vendor_defns/hw_4758_cca.h
@@ -0,0 +1,149 @@
+/**********************************************************************/
+/*                                                                    */
+/*  Prototypes of the CCA verbs used by the 4758 CCA openssl driver   */
+/*                                                                    */
+/*  Maurice Gittens <maurice@gittens.nl>                              */
+/*                                                                    */
+/**********************************************************************/
+
+#ifndef __HW_4758_CCA__
+#define __HW_4758_CCA__
+
+/*
+ *  Only WIN32 support for now
+ */
+#if defined(WIN32)
+
+  #define CCA_LIB_NAME "CSUNSAPI"
+
+  #define CSNDPKX   "CSNDPKX_32"
+  #define CSNDKRR   "CSNDKRR_32"
+  #define CSNDPKE   "CSNDPKE_32"
+  #define CSNDPKD   "CSNDPKD_32"
+  #define CSNDDSV   "CSNDDSV_32"
+  #define CSNDDSG   "CSNDDSG_32"
+  #define CSNBRNG   "CSNBRNG_32"
+
+  #define SECURITYAPI __stdcall
+#else
+    /* Fixme!!         
+      Find out the values of these constants for other platforms.
+    */
+  #define CCA_LIB_NAME "CSUNSAPI"
+
+  #define CSNDPKX   "CSNDPKX"
+  #define CSNDKRR   "CSNDKRR"
+  #define CSNDPKE   "CSNDPKE"
+  #define CSNDPKD   "CSNDPKD"
+  #define CSNDDSV   "CSNDDSV"
+  #define CSNDDSG   "CSNDDSG"
+  #define CSNBRNG   "CSNBRNG"
+
+  #define SECURITYAPI
+#endif
+
+/*
+ * security API prototypes
+ */
+
+/* PKA Key Record Read */
+typedef void (SECURITYAPI *F_KEYRECORDREAD)
+             (long          * return_code,
+              long          * reason_code,
+              long          * exit_data_length,
+              unsigned char * exit_data,
+              long          * rule_array_count,
+              unsigned char * rule_array,
+              unsigned char * key_label,
+              long          * key_token_length,
+              unsigned char * key_token);
+
+/* Random Number Generate */
+typedef void (SECURITYAPI *F_RANDOMNUMBERGENERATE)
+             (long          * return_code,
+              long          * reason_code,
+              long          * exit_data_length,
+              unsigned char * exit_data,
+              unsigned char * form,
+              unsigned char * random_number);
+
+/* Digital Signature Generate */
+typedef void (SECURITYAPI *F_DIGITALSIGNATUREGENERATE)
+             (long          * return_code,
+              long          * reason_code,
+              long          * exit_data_length,
+              unsigned char * exit_data,
+              long          * rule_array_count,
+              unsigned char * rule_array,
+              long          * PKA_private_key_id_length,
+              unsigned char * PKA_private_key_id,
+              long          * hash_length,
+              unsigned char * hash,
+              long          * signature_field_length,
+              long          * signature_bit_length,
+              unsigned char * signature_field);
+
+/* Digital Signature Verify */
+typedef void (SECURITYAPI *F_DIGITALSIGNATUREVERIFY)(
+              long          * return_code,
+              long          * reason_code,
+              long          * exit_data_length,
+              unsigned char * exit_data,
+              long          * rule_array_count,
+              unsigned char * rule_array,
+              long          * PKA_public_key_id_length,
+              unsigned char * PKA_public_key_id,
+              long          * hash_length,
+              unsigned char * hash,
+              long          * signature_field_length,
+              unsigned char * signature_field);
+
+/* PKA Public Key Extract */
+typedef void (SECURITYAPI *F_PUBLICKEYEXTRACT)(
+              long          * return_code,
+              long          * reason_code,
+              long          * exit_data_length,
+              unsigned char * exit_data,
+              long          * rule_array_count,
+              unsigned char * rule_array,
+              long          * source_key_identifier_length,
+              unsigned char * source_key_identifier,
+              long          * target_key_token_length,
+              unsigned char * target_key_token);
+
+/* PKA Encrypt */
+typedef void   (SECURITYAPI *F_PKAENCRYPT)
+               (long          *  return_code,
+                 long          *  reason_code,
+                 long          *  exit_data_length,
+                 unsigned char *  exit_data,
+                 long          *  rule_array_count,
+                 unsigned char *  rule_array,
+                 long          *  key_value_length,
+                 unsigned char *  key_value,
+                 long          *  data_struct_length,
+                 unsigned char *  data_struct,
+                 long          *  RSA_public_key_length,
+                 unsigned char *  RSA_public_key,
+                 long          *  RSA_encipher_length,
+                 unsigned char *  RSA_encipher );
+
+/* PKA Decrypt */
+typedef void    (SECURITYAPI *F_PKADECRYPT)
+                (long          *  return_code,
+                 long          *  reason_code,
+                 long          *  exit_data_length,
+                 unsigned char *  exit_data,
+                 long          *  rule_array_count,
+                 unsigned char *  rule_array,
+                 long          *  enciphered_key_length,
+                 unsigned char *  enciphered_key,
+                 long          *  data_struct_length,
+                 unsigned char *  data_struct,
+                 long          *  RSA_private_key_length,
+                 unsigned char *  RSA_private_key,
+                 long          *  key_value_length,
+                 unsigned char *  key_value    );
+
+
+#endif
diff --git a/src/lib/libcrypto/engine/vendor_defns/hw_ubsec.h b/src/lib/libcrypto/engine/vendor_defns/hw_ubsec.h
new file mode 100644
index 0000000000..b6619d40f2
--- /dev/null
+++ b/src/lib/libcrypto/engine/vendor_defns/hw_ubsec.h
@@ -0,0 +1,100 @@
+/******************************************************************************
+ *
+ *  Copyright 2000
+ *  Broadcom Corporation
+ *  16215 Alton Parkway
+ *  PO Box 57013
+ *  Irvine CA 92619-7013
+ *
+ *****************************************************************************/
+/* 
+ * Broadcom Corporation uBSec SDK 
+ */
+/*
+ * Character device header file.
+ */
+/*
+ * Revision History:
+ *
+ * October 2000 JTT Created.
+ */
+
+#define MAX_PUBLIC_KEY_BITS (1024)
+#define MAX_PUBLIC_KEY_BYTES (1024/8)
+#define SHA_BIT_SIZE  (160)
+#define MAX_CRYPTO_KEY_LENGTH 24
+#define MAX_MAC_KEY_LENGTH 64
+#define UBSEC_CRYPTO_DEVICE_NAME ((unsigned char *)"/dev/ubscrypt")
+#define UBSEC_KEY_DEVICE_NAME ((unsigned char *)"/dev/ubskey")
+
+/* Math command types. */
+#define UBSEC_MATH_MODADD 0x0001
+#define UBSEC_MATH_MODSUB 0x0002
+#define UBSEC_MATH_MODMUL 0x0004
+#define UBSEC_MATH_MODEXP 0x0008
+#define UBSEC_MATH_MODREM 0x0010
+#define UBSEC_MATH_MODINV 0x0020
+
+typedef long ubsec_MathCommand_t;
+typedef long ubsec_RNGCommand_t;
+
+typedef struct ubsec_crypto_context_s {
+        unsigned int    flags;
+        unsigned char   crypto[MAX_CRYPTO_KEY_LENGTH];
+        unsigned char   auth[MAX_MAC_KEY_LENGTH];
+} ubsec_crypto_context_t, *ubsec_crypto_context_p;
+
+/* 
+ * Predeclare the function pointer types that we dynamically load from the DSO.
+ */
+
+typedef int t_UBSEC_ubsec_bytes_to_bits(unsigned char *n, int bytes);
+
+typedef int t_UBSEC_ubsec_bits_to_bytes(int bits);
+
+typedef int t_UBSEC_ubsec_open(unsigned char *device);
+
+typedef int t_UBSEC_ubsec_close(int fd);
+
+typedef int t_UBSEC_diffie_hellman_generate_ioctl (int fd,
+        unsigned char *x, int *x_len, unsigned char *y, int *y_len, 
+        unsigned char *g, int g_len, unsigned char *m, int m_len,
+        unsigned char *userX, int userX_len, int random_bits);
+
+typedef int t_UBSEC_diffie_hellman_agree_ioctl (int fd,
+        unsigned char *x, int x_len, unsigned char *y, int y_len, 
+        unsigned char *m, int m_len, unsigned char *k, int *k_len);
+
+typedef int t_UBSEC_rsa_mod_exp_ioctl (int fd,
+        unsigned char *x, int x_len, unsigned char *m, int m_len,
+        unsigned char *e, int e_len, unsigned char *y, int *y_len);
+
+typedef int t_UBSEC_rsa_mod_exp_crt_ioctl (int fd,
+        unsigned char *x, int x_len, unsigned char *qinv, int qinv_len,
+        unsigned char *edq, int edq_len, unsigned char *q, int q_len,
+        unsigned char *edp, int edp_len, unsigned char *p, int p_len,
+        unsigned char *y, int *y_len);
+
+typedef int t_UBSEC_dsa_sign_ioctl (int fd,
+        int hash, unsigned char *data, int data_len, 
+        unsigned char *rndom, int random_len, 
+        unsigned char *p, int p_len, unsigned char *q, int q_len,
+        unsigned char *g, int g_len, unsigned char *key, int key_len,
+        unsigned char *r, int *r_len, unsigned char *s, int *s_len);
+
+typedef int t_UBSEC_dsa_verify_ioctl (int fd,
+        int hash, unsigned char *data, int data_len,
+        unsigned char *p, int p_len, unsigned char *q, int q_len,
+        unsigned char *g, int g_len, unsigned char *key, int key_len,
+        unsigned char *r, int r_len, unsigned char *s, int s_len,
+        unsigned char *v, int *v_len);
+
+typedef int t_UBSEC_math_accelerate_ioctl(int fd, ubsec_MathCommand_t command,
+        unsigned char *ModN, int *ModN_len, unsigned char *ExpE, int *ExpE_len, 
+        unsigned char *ParamA, int *ParamA_len, unsigned char *ParamB, int *ParamB_len,
+        unsigned char *Result, int *Result_len);
+
+typedef int t_UBSEC_rng_ioctl(int fd, ubsec_RNGCommand_t command,
+        unsigned char *Result, int *Result_len);
+
+typedef int t_UBSEC_max_key_len_ioctl(int fd, int *max_key_len);
diff --git a/src/lib/libcrypto/engine/vendor_defns/hwcryptohook.h b/src/lib/libcrypto/engine/vendor_defns/hwcryptohook.h
new file mode 100644
index 0000000000..aaa4d4575e
--- /dev/null
+++ b/src/lib/libcrypto/engine/vendor_defns/hwcryptohook.h
@@ -0,0 +1,486 @@
+/*
+ * ModExp / RSA (with/without KM) plugin API
+ *
+ * The application will load a dynamic library which
+ * exports entrypoint(s) defined in this file.
+ *
+ * This set of entrypoints provides only a multithreaded,
+ * synchronous-within-each-thread, facility.
+ *
+ *
+ * This file is Copyright 1998-2000 nCipher Corporation Limited.
+ *
+ * Redistribution and use in source and binary forms, with opr without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the copyright notice,
+ *    this list of conditions, and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above
+ *    copyright notice, this list of conditions, and the following
+ *    disclaimer, in the documentation and/or other materials provided
+ *    with the distribution
+ *
+ * IN NO EVENT SHALL NCIPHER CORPORATION LIMITED (`NCIPHER') AND/OR
+ * ANY OTHER AUTHORS OR DISTRIBUTORS OF THIS FILE BE LIABLE for any
+ * damages arising directly or indirectly from this file, its use or
+ * this licence.  Without prejudice to the generality of the
+ * foregoing: all liability shall be excluded for direct, indirect,
+ * special, incidental, consequential or other damages or any loss of
+ * profits, business, revenue goodwill or anticipated savings;
+ * liability shall be excluded even if nCipher or anyone else has been
+ * advised of the possibility of damage.  In any event, if the
+ * exclusion of liability is not effective, the liability of nCipher
+ * or any author or distributor shall be limited to the lesser of the
+ * price paid and 1,000 pounds sterling. This licence only fails to
+ * exclude or limit liability for death or personal injury arising out
+ * of negligence, and only to the extent that such an exclusion or
+ * limitation is not effective.
+ *
+ * NCIPHER AND THE AUTHORS AND DISTRIBUTORS SPECIFICALLY DISCLAIM ALL
+ * AND ANY WARRANTIES (WHETHER EXPRESS OR IMPLIED), including, but not
+ * limited to, any implied warranties of merchantability, fitness for
+ * a particular purpose, satisfactory quality, and/or non-infringement
+ * of any third party rights.
+ *
+ * US Government use: This software and documentation is Commercial
+ * Computer Software and Computer Software Documentation, as defined in
+ * sub-paragraphs (a)(1) and (a)(5) of DFAR 252.227-7014, "Rights in
+ * Noncommercial Computer Software and Noncommercial Computer Software
+ * Documentation."  Use, duplication or disclosure by the Government is
+ * subject to the terms and conditions specified here.
+ *
+ * By using or distributing this file you will be accepting these
+ * terms and conditions, including the limitation of liability and
+ * lack of warranty.  If you do not wish to accept these terms and
+ * conditions, DO NOT USE THE FILE.
+ *
+ *
+ * The actual dynamically loadable plugin, and the library files for
+ * static linking, which are also provided in some distributions, are
+ * not covered by the licence described above.  You should have
+ * received a separate licence with terms and conditions for these
+ * library files; if you received the library files without a licence,
+ * please contact nCipher.
+ *
+ *
+ * $Id: hwcryptohook.h,v 1.1.1.1 2003/05/11 21:35:16 markus Exp $
+ */
+
+#ifndef HWCRYPTOHOOK_H
+#define HWCRYPTOHOOK_H
+
+#include <sys/types.h>
+#include <stdio.h>
+
+#ifndef HWCRYPTOHOOK_DECLARE_APPTYPES
+#define HWCRYPTOHOOK_DECLARE_APPTYPES 1
+#endif
+
+#define HWCRYPTOHOOK_ERROR_FAILED   -1
+#define HWCRYPTOHOOK_ERROR_FALLBACK -2
+#define HWCRYPTOHOOK_ERROR_MPISIZE  -3
+
+#if HWCRYPTOHOOK_DECLARE_APPTYPES
+
+/* These structs are defined by the application and opaque to the
+ * crypto plugin.  The application may define these as it sees fit.
+ * Default declarations are provided here, but the application may
+ *  #define HWCRYPTOHOOK_DECLARE_APPTYPES 0
+ * to prevent these declarations, and instead provide its own
+ * declarations of these types.  (Pointers to them must still be
+ * ordinary pointers to structs or unions, or the resulting combined
+ * program will have a type inconsistency.)
+ */
+typedef struct HWCryptoHook_MutexValue HWCryptoHook_Mutex;
+typedef struct HWCryptoHook_CondVarValue HWCryptoHook_CondVar;
+typedef struct HWCryptoHook_PassphraseContextValue HWCryptoHook_PassphraseContext;
+typedef struct HWCryptoHook_CallerContextValue HWCryptoHook_CallerContext;
+
+#endif /* HWCRYPTOHOOK_DECLARE_APPTYPES */
+
+/* These next two structs are opaque to the application.  The crypto
+ * plugin will return pointers to them; the caller simply manipulates
+ * the pointers.
+ */
+typedef struct HWCryptoHook_Context *HWCryptoHook_ContextHandle;
+typedef struct HWCryptoHook_RSAKey *HWCryptoHook_RSAKeyHandle;
+
+typedef struct {
+  char *buf;
+  size_t size;
+} HWCryptoHook_ErrMsgBuf;
+/* Used for error reporting.  When a HWCryptoHook function fails it
+ * will return a sentinel value (0 for pointer-valued functions, or a
+ * negative number, usually HWCRYPTOHOOK_ERROR_FAILED, for
+ * integer-valued ones).  It will, if an ErrMsgBuf is passed, also put
+ * an error message there.
+ * 
+ * size is the size of the buffer, and will not be modified.  If you
+ * pass 0 for size you must pass 0 for buf, and nothing will be
+ * recorded (just as if you passed 0 for the struct pointer).
+ * Messages written to the buffer will always be null-terminated, even
+ * when truncated to fit within size bytes.
+ *
+ * The contents of the buffer are not defined if there is no error.
+ */
+
+typedef struct HWCryptoHook_MPIStruct {
+  unsigned char *buf;
+  size_t size;
+} HWCryptoHook_MPI;
+/* When one of these is returned, a pointer is passed to the function.
+ * At call, size is the space available.  Afterwards it is updated to
+ * be set to the actual length (which may be more than the space available,
+ * if there was not enough room and the result was truncated).
+ * buf (the pointer) is not updated.
+ *
+ * size is in bytes and may be zero at call or return, but must be a
+ * multiple of the limb size.  Zero limbs at the MS end are not
+ * permitted.
+ */
+
+#define HWCryptoHook_InitFlags_FallbackModExp    0x0002UL
+#define HWCryptoHook_InitFlags_FallbackRSAImmed  0x0004UL
+/* Enable requesting fallback to software in case of problems with the
+ * hardware support.  This indicates to the crypto provider that the
+ * application is prepared to fall back to software operation if the
+ * ModExp* or RSAImmed* functions return HWCRYPTOHOOK_ERROR_FALLBACK.
+ * Without this flag those calls will never return
+ * HWCRYPTOHOOK_ERROR_FALLBACK.  The flag will also cause the crypto
+ * provider to avoid repeatedly attempting to contact dead hardware
+ * within a short interval, if appropriate.
+ */
+
+#define HWCryptoHook_InitFlags_SimpleForkCheck   0x0010UL
+/* Without _SimpleForkCheck the library is allowed to assume that the
+ * application will not fork and call the library in the child(ren).
+ *
+ * When it is specified, this is allowed.  However, after a fork
+ * neither parent nor child may unload any loaded keys or call
+ * _Finish.  Instead, they should call exit (or die with a signal)
+ * without calling _Finish.  After all the children have died the
+ * parent may unload keys or call _Finish.
+ *
+ * This flag only has any effect on UN*X platforms.
+ */
+
+typedef struct {
+  unsigned long flags;
+  void *logstream; /* usually a FILE*.  See below. */
+
+  size_t limbsize; /* bignum format - size of radix type, must be power of 2 */
+  int mslimbfirst; /* 0 or 1 */
+  int msbytefirst; /* 0 or 1; -1 = native */
+
+  /* All the callback functions should return 0 on success, or a
+   * nonzero integer (whose value will be visible in the error message
+   * put in the buffer passed to the call).
+   *
+   * If a callback is not available pass a null function pointer.
+   *
+   * The callbacks may not call down again into the crypto plugin.
+   */
+  
+  /* For thread-safety.  Set everything to 0 if you promise only to be
+   * singlethreaded.  maxsimultaneous is the number of calls to
+   * ModExp[Crt]/RSAImmed{Priv,Pub}/RSA.  If you don't know what to
+   * put there then say 0 and the hook library will use a default.
+   *
+   * maxmutexes is a small limit on the number of simultaneous mutexes
+   * which will be requested by the library.  If there is no small
+   * limit, set it to 0.  If the crypto plugin cannot create the
+   * advertised number of mutexes the calls to its functions may fail.
+   * If a low number of mutexes is advertised the plugin will try to
+   * do the best it can.  Making larger numbers of mutexes available
+   * may improve performance and parallelism by reducing contention
+   * over critical sections.  Unavailability of any mutexes, implying
+   * single-threaded operation, should be indicated by the setting
+   * mutex_init et al to 0.
+   */
+  int maxmutexes;
+  int maxsimultaneous;
+  size_t mutexsize;
+  int (*mutex_init)(HWCryptoHook_Mutex*, HWCryptoHook_CallerContext *cactx);
+  int (*mutex_acquire)(HWCryptoHook_Mutex*);
+  void (*mutex_release)(HWCryptoHook_Mutex*);
+  void (*mutex_destroy)(HWCryptoHook_Mutex*);
+
+  /* For greater efficiency, can use condition vars internally for
+   * synchronisation.  In this case maxsimultaneous is ignored, but
+   * the other mutex stuff must be available.  In singlethreaded
+   * programs, set everything to 0.
+   */
+  size_t condvarsize;
+  int (*condvar_init)(HWCryptoHook_CondVar*, HWCryptoHook_CallerContext *cactx);
+  int (*condvar_wait)(HWCryptoHook_CondVar*, HWCryptoHook_Mutex*);
+  void (*condvar_signal)(HWCryptoHook_CondVar*);
+  void (*condvar_broadcast)(HWCryptoHook_CondVar*);
+  void (*condvar_destroy)(HWCryptoHook_CondVar*);
+  
+  /* The semantics of acquiring and releasing mutexes and broadcasting
+   * and waiting on condition variables are expected to be those from
+   * POSIX threads (pthreads).  The mutexes may be (in pthread-speak)
+   * fast mutexes, recursive mutexes, or nonrecursive ones.
+   * 
+   * The _release/_signal/_broadcast and _destroy functions must
+   * always succeed when given a valid argument; if they are given an
+   * invalid argument then the program (crypto plugin + application)
+   * has an internal error, and they should abort the program.
+   */
+
+  int (*getpassphrase)(const char *prompt_info,
+                       int *len_io, char *buf,
+                       HWCryptoHook_PassphraseContext *ppctx,
+                       HWCryptoHook_CallerContext *cactx);
+  /* Passphrases and the prompt_info, if they contain high-bit-set
+   * characters, are UTF-8.  The prompt_info may be a null pointer if
+   * no prompt information is available (it should not be an empty
+   * string).  It will not contain text like `enter passphrase';
+   * instead it might say something like `Operator Card for John
+   * Smith' or `SmartCard in nFast Module #1, Slot #1'.
+   *
+   * buf points to a buffer in which to return the passphrase; on
+   * entry *len_io is the length of the buffer.  It should be updated
+   * by the callback.  The returned passphrase should not be
+   * null-terminated by the callback.
+   */
+  
+  int (*getphystoken)(const char *prompt_info,
+                      const char *wrong_info,
+                      HWCryptoHook_PassphraseContext *ppctx,
+                      HWCryptoHook_CallerContext *cactx);
+  /* Requests that the human user physically insert a different
+   * smartcard, DataKey, etc.  The plugin should check whether the
+   * currently inserted token(s) are appropriate, and if they are it
+   * should not make this call.
+   *
+   * prompt_info is as before.  wrong_info is a description of the
+   * currently inserted token(s) so that the user is told what
+   * something is.  wrong_info, like prompt_info, may be null, but
+   * should not be an empty string.  Its contents should be
+   * syntactically similar to that of prompt_info. 
+   */
+  
+  /* Note that a single LoadKey operation might cause several calls to
+   * getpassphrase and/or requestphystoken.  If requestphystoken is
+   * not provided (ie, a null pointer is passed) then the plugin may
+   * not support loading keys for which authorisation by several cards
+   * is required.  If getpassphrase is not provided then cards with
+   * passphrases may not be supported.
+   *
+   * getpassphrase and getphystoken do not need to check that the
+   * passphrase has been entered correctly or the correct token
+   * inserted; the crypto plugin will do that.  If this is not the
+   * case then the crypto plugin is responsible for calling these
+   * routines again as appropriate until the correct token(s) and
+   * passphrase(s) are supplied as required, or until any retry limits
+   * implemented by the crypto plugin are reached.
+   *
+   * In either case, the application must allow the user to say `no'
+   * or `cancel' to indicate that they do not know the passphrase or
+   * have the appropriate token; this should cause the callback to
+   * return nonzero indicating error.
+   */
+
+  void (*logmessage)(void *logstream, const char *message);
+  /* A log message will be generated at least every time something goes
+   * wrong and an ErrMsgBuf is filled in (or would be if one was
+   * provided).  Other diagnostic information may be written there too,
+   * including more detailed reasons for errors which are reported in an
+   * ErrMsgBuf.
+   *
+   * When a log message is generated, this callback is called.  It
+   * should write a message to the relevant logging arrangements.
+   *
+   * The message string passed will be null-terminated and may be of arbitrary
+   * length.  It will not be prefixed by the time and date, nor by the
+   * name of the library that is generating it - if this is required,
+   * the logmessage callback must do it.  The message will not have a
+   * trailing newline (though it may contain internal newlines).
+   *
+   * If a null pointer is passed for logmessage a default function is
+   * used.  The default function treats logstream as a FILE* which has
+   * been converted to a void*.  If logstream is 0 it does nothing.
+   * Otherwise it prepends the date and time and library name and
+   * writes the message to logstream.  Each line will be prefixed by a
+   * descriptive string containing the date, time and identity of the
+   * crypto plugin.  Errors on the logstream are not reported
+   * anywhere, and the default function doesn't flush the stream, so
+   * the application must set the buffering how it wants it.
+   *
+   * The crypto plugin may also provide a facility to have copies of
+   * log messages sent elsewhere, and or for adjusting the verbosity
+   * of the log messages; any such facilities will be configured by
+   * external means.
+   */
+
+} HWCryptoHook_InitInfo;
+
+typedef
+HWCryptoHook_ContextHandle HWCryptoHook_Init_t(const HWCryptoHook_InitInfo *initinfo,
+                                               size_t initinfosize,
+                                               const HWCryptoHook_ErrMsgBuf *errors,
+                                               HWCryptoHook_CallerContext *cactx);
+extern HWCryptoHook_Init_t HWCryptoHook_Init;
+
+/* Caller should set initinfosize to the size of the HWCryptoHook struct,
+ * so it can be extended later.
+ *
+ * On success, a message for display or logging by the server,
+ * including the name and version number of the plugin, will be filled
+ * in into *errors; on failure *errors is used for error handling, as
+ * usual.
+ */
+
+/* All these functions return 0 on success, HWCRYPTOHOOK_ERROR_FAILED
+ * on most failures.  HWCRYPTOHOOK_ERROR_MPISIZE means at least one of
+ * the output MPI buffer(s) was too small; the sizes of all have been
+ * set to the desired size (and for those where the buffer was large
+ * enough, the value may have been copied in), and no error message
+ * has been recorded.
+ *
+ * You may pass 0 for the errors struct.  In any case, unless you set
+ * _NoStderr at init time then messages may be reported to stderr.
+ */
+
+/* The RSAImmed* functions (and key managed RSA) only work with
+ * modules which have an RSA patent licence - currently that means KM
+ * units; the ModExp* ones work with all modules, so you need a patent
+ * licence in the software in the US.  They are otherwise identical.
+ */
+
+typedef
+void HWCryptoHook_Finish_t(HWCryptoHook_ContextHandle hwctx);
+extern HWCryptoHook_Finish_t HWCryptoHook_Finish;
+/* You must not have any calls going or keys loaded when you call this. */
+
+typedef
+int HWCryptoHook_RandomBytes_t(HWCryptoHook_ContextHandle hwctx,
+                               unsigned char *buf, size_t len,
+                               const HWCryptoHook_ErrMsgBuf *errors);
+extern HWCryptoHook_RandomBytes_t HWCryptoHook_RandomBytes;
+
+typedef
+int HWCryptoHook_ModExp_t(HWCryptoHook_ContextHandle hwctx,
+                          HWCryptoHook_MPI a,
+                          HWCryptoHook_MPI p,
+                          HWCryptoHook_MPI n,
+                          HWCryptoHook_MPI *r,
+                          const HWCryptoHook_ErrMsgBuf *errors);
+extern HWCryptoHook_ModExp_t HWCryptoHook_ModExp;
+
+typedef
+int HWCryptoHook_RSAImmedPub_t(HWCryptoHook_ContextHandle hwctx,
+                               HWCryptoHook_MPI m,
+                               HWCryptoHook_MPI e,
+                               HWCryptoHook_MPI n,
+                               HWCryptoHook_MPI *r,
+                               const HWCryptoHook_ErrMsgBuf *errors);
+extern HWCryptoHook_RSAImmedPub_t HWCryptoHook_RSAImmedPub;
+
+typedef
+int HWCryptoHook_ModExpCRT_t(HWCryptoHook_ContextHandle hwctx,
+                             HWCryptoHook_MPI a,
+                             HWCryptoHook_MPI p,
+                             HWCryptoHook_MPI q,
+                             HWCryptoHook_MPI dmp1,
+                             HWCryptoHook_MPI dmq1,
+                             HWCryptoHook_MPI iqmp,
+                             HWCryptoHook_MPI *r,
+                             const HWCryptoHook_ErrMsgBuf *errors);
+extern HWCryptoHook_ModExpCRT_t HWCryptoHook_ModExpCRT;
+
+typedef
+int HWCryptoHook_RSAImmedPriv_t(HWCryptoHook_ContextHandle hwctx,
+                                HWCryptoHook_MPI m,
+                                HWCryptoHook_MPI p,
+                                HWCryptoHook_MPI q,
+                                HWCryptoHook_MPI dmp1,
+                                HWCryptoHook_MPI dmq1,
+                                HWCryptoHook_MPI iqmp,
+                                HWCryptoHook_MPI *r,
+                                const HWCryptoHook_ErrMsgBuf *errors);
+extern HWCryptoHook_RSAImmedPriv_t HWCryptoHook_RSAImmedPriv;
+
+/* The RSAImmed* and ModExp* functions may return E_FAILED or
+ * E_FALLBACK for failure.
+ *
+ * E_FAILED means the failure is permanent and definite and there
+ *    should be no attempt to fall back to software.  (Eg, for some
+ *    applications, which support only the acceleration-only
+ *    functions, the `key material' may actually be an encoded key
+ *    identifier, and doing the operation in software would give wrong
+ *    answers.)
+ *
+ * E_FALLBACK means that doing the computation in software would seem
+ *    reasonable.  If an application pays attention to this and is
+ *    able to fall back, it should also set the Fallback init flags.
+ */
+
+typedef
+int HWCryptoHook_RSALoadKey_t(HWCryptoHook_ContextHandle hwctx,
+                              const char *key_ident,
+                              HWCryptoHook_RSAKeyHandle *keyhandle_r,
+                              const HWCryptoHook_ErrMsgBuf *errors,
+                              HWCryptoHook_PassphraseContext *ppctx);
+extern HWCryptoHook_RSALoadKey_t HWCryptoHook_RSALoadKey;
+/* The key_ident is a null-terminated string configured by the
+ * user via the application's usual configuration mechanisms.
+ * It is provided to the user by the crypto provider's key management
+ * system.  The user must be able to enter at least any string of between
+ * 1 and 1023 characters inclusive, consisting of printable 7-bit
+ * ASCII characters.  The provider should avoid using
+ * any characters except alphanumerics and the punctuation
+ * characters  _ - + . / @ ~  (the user is expected to be able
+ * to enter these without quoting).  The string may be case-sensitive.
+ * The application may allow the user to enter other NULL-terminated strings,
+ * and the provider must cope (returning an error if the string is not
+ * valid).
+ *
+ * If the key does not exist, no error is recorded and 0 is returned;
+ * keyhandle_r will be set to 0 instead of to a key handle.
+ */
+
+typedef
+int HWCryptoHook_RSAGetPublicKey_t(HWCryptoHook_RSAKeyHandle k,
+                                   HWCryptoHook_MPI *n,
+                                   HWCryptoHook_MPI *e,
+                                   const HWCryptoHook_ErrMsgBuf *errors);
+extern HWCryptoHook_RSAGetPublicKey_t HWCryptoHook_RSAGetPublicKey;
+/* The crypto plugin will not store certificates.
+ *
+ * Although this function for acquiring the public key value is
+ * provided, it is not the purpose of this API to deal fully with the
+ * handling of the public key.
+ *
+ * It is expected that the crypto supplier's key generation program
+ * will provide general facilities for producing X.509
+ * self-certificates and certificate requests in PEM format.  These
+ * will be given to the user so that they can configure them in the
+ * application, send them to CAs, or whatever.
+ *
+ * In case this kind of certificate handling is not appropriate, the
+ * crypto supplier's key generation program should be able to be
+ * configured not to generate such a self-certificate or certificate
+ * request.  Then the application will need to do all of this, and
+ * will need to store and handle the public key and certificates
+ * itself.
+ */
+
+typedef
+int HWCryptoHook_RSAUnloadKey_t(HWCryptoHook_RSAKeyHandle k,
+                                const HWCryptoHook_ErrMsgBuf *errors);
+extern HWCryptoHook_RSAUnloadKey_t HWCryptoHook_RSAUnloadKey;
+/* Might fail due to locking problems, or other serious internal problems. */
+
+typedef
+int HWCryptoHook_RSA_t(HWCryptoHook_MPI m,
+                       HWCryptoHook_RSAKeyHandle k,
+                       HWCryptoHook_MPI *r,
+                       const HWCryptoHook_ErrMsgBuf *errors);
+extern HWCryptoHook_RSA_t HWCryptoHook_RSA;
+/* RSA private key operation (sign or decrypt) - raw, unpadded. */
+
+#endif /*HWCRYPTOHOOK_H*/
diff --git a/src/lib/libcrypto/engine/vendor_defns/sureware.h b/src/lib/libcrypto/engine/vendor_defns/sureware.h
new file mode 100644
index 0000000000..4bc22027f9
--- /dev/null
+++ b/src/lib/libcrypto/engine/vendor_defns/sureware.h
@@ -0,0 +1,239 @@
+/*
+* Written by Corinne Dive-Reclus(cdive@baltimore.com)
+*
+* Copyright@2001 Baltimore Technologies Ltd.
+*                                                                                                                                                                                               *       
+*               THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND                                                                                                                                                   *
+*               ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE                                   * 
+*               IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE                              *
+*               ARE DISCLAIMED.  IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE                                             *
+*               FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL                              *
+*               DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS                                 *
+*               OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)                                   *
+*               HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT                              *
+*               LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY                               *
+*               OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF                                  *
+*               SUCH DAMAGE.                                                                                                                                                    *
+*
+* 
+*/
+#ifdef WIN32
+#define SW_EXPORT       __declspec ( dllexport )
+#else
+#define SW_EXPORT
+#endif
+
+/*
+*       List of exposed SureWare errors
+*/
+#define SUREWAREHOOK_ERROR_FAILED               -1
+#define SUREWAREHOOK_ERROR_FALLBACK             -2
+#define SUREWAREHOOK_ERROR_UNIT_FAILURE -3
+#define SUREWAREHOOK_ERROR_DATA_SIZE -4
+#define SUREWAREHOOK_ERROR_INVALID_PAD -5
+/*
+* -----------------WARNING-----------------------------------
+* In all the following functions:
+* msg is a string with at least 24 bytes free.
+* A 24 bytes string will be concatenated to the existing content of msg. 
+*/
+/*
+*       SureWare Initialisation function
+*       in param threadsafe, if !=0, thread safe enabled
+*       return SureWareHOOK_ERROR_UNIT_FAILURE if failure, 1 if success
+*/
+typedef int SureWareHook_Init_t(char*const msg,int threadsafe);
+extern SW_EXPORT SureWareHook_Init_t SureWareHook_Init;
+/*
+*       SureWare Finish function
+*/
+typedef void SureWareHook_Finish_t();
+extern SW_EXPORT SureWareHook_Finish_t SureWareHook_Finish;
+/*
+*        PRE_CONDITION:
+*               DO NOT CALL ANY OF THE FOLLOWING FUNCTIONS IN CASE OF INIT FAILURE
+*/
+/*
+*       SureWare RAND Bytes function
+*       In case of failure, the content of buf is unpredictable.
+*       return 1 if success
+*                       SureWareHOOK_ERROR_FALLBACK if function not available in hardware
+*                       SureWareHOOK_ERROR_FAILED if error while processing
+*                       SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
+*                       SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
+*
+*       in/out param buf : a num bytes long buffer where random bytes will be put
+*       in param num : the number of bytes into buf
+*/
+typedef int SureWareHook_Rand_Bytes_t(char*const msg,unsigned char *buf, int num);
+extern SW_EXPORT SureWareHook_Rand_Bytes_t SureWareHook_Rand_Bytes;
+
+/*
+*       SureWare RAND Seed function
+*       Adds some seed to the Hardware Random Number Generator
+*       return 1 if success
+*                       SureWareHOOK_ERROR_FALLBACK if function not available in hardware
+*                       SureWareHOOK_ERROR_FAILED if error while processing
+*                       SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
+*                       SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
+*
+*       in param buf : the seed to add into the HRNG
+*       in param num : the number of bytes into buf
+*/
+typedef int SureWareHook_Rand_Seed_t(char*const msg,const void *buf, int num);
+extern SW_EXPORT SureWareHook_Rand_Seed_t SureWareHook_Rand_Seed;
+
+/*
+*       SureWare Load Private Key function
+*       return 1 if success
+*                       SureWareHOOK_ERROR_FAILED if error while processing
+*       No hardware is contact for this function.
+*
+*       in param key_id :the name of the private protected key file without the extension
+                                                ".sws"
+*       out param hptr : a pointer to a buffer allocated by SureWare_Hook
+*       out param num: the effective key length in bytes
+*       out param keytype: 1 if RSA 2 if DSA
+*/
+typedef int SureWareHook_Load_Privkey_t(char*const msg,const char *key_id,char **hptr,unsigned long *num,char *keytype);
+extern SW_EXPORT SureWareHook_Load_Privkey_t SureWareHook_Load_Privkey;
+
+/*
+*       SureWare Info Public Key function
+*       return 1 if success
+*                       SureWareHOOK_ERROR_FAILED if error while processing
+*       No hardware is contact for this function.
+*
+*       in param key_id :the name of the private protected key file without the extension
+                                                ".swp"
+*       out param hptr : a pointer to a buffer allocated by SureWare_Hook
+*       out param num: the effective key length in bytes
+*       out param keytype: 1 if RSA 2 if DSA
+*/
+typedef int SureWareHook_Info_Pubkey_t(char*const msg,const char *key_id,unsigned long *num,
+                                                                                char *keytype);
+extern SW_EXPORT SureWareHook_Info_Pubkey_t SureWareHook_Info_Pubkey;
+
+/*
+*       SureWare Load Public Key function
+*       return 1 if success
+*                       SureWareHOOK_ERROR_FAILED if error while processing
+*       No hardware is contact for this function.
+*
+*       in param key_id :the name of the public protected key file without the extension
+                                                ".swp"
+*       in param num : the bytes size of n and e
+*       out param n: where to write modulus in bn format
+*       out param e: where to write exponent in bn format
+*/
+typedef int SureWareHook_Load_Rsa_Pubkey_t(char*const msg,const char *key_id,unsigned long num,
+                                                                                unsigned long *n, unsigned long *e);
+extern SW_EXPORT SureWareHook_Load_Rsa_Pubkey_t SureWareHook_Load_Rsa_Pubkey;
+
+/*
+*       SureWare Load DSA Public Key function
+*       return 1 if success
+*                       SureWareHOOK_ERROR_FAILED if error while processing
+*       No hardware is contact for this function.
+*
+*       in param key_id :the name of the public protected key file without the extension
+                                                ".swp"
+*       in param num : the bytes size of n and e
+*       out param pub: where to write pub key in bn format
+*       out param p: where to write prime in bn format
+*       out param q: where to write sunprime (length 20 bytes) in bn format
+*       out param g: where to write base in bn format
+*/
+typedef int SureWareHook_Load_Dsa_Pubkey_t(char*const msg,const char *key_id,unsigned long num,
+                                                                                unsigned long *pub, unsigned long *p,unsigned long*q,
+                                                                                unsigned long *g);
+extern SW_EXPORT SureWareHook_Load_Dsa_Pubkey_t SureWareHook_Load_Dsa_Pubkey;
+
+/*
+*       SureWare Free function
+*       Destroy the key into the hardware if destroy==1
+*/
+typedef void SureWareHook_Free_t(char *p,int destroy);
+extern SW_EXPORT SureWareHook_Free_t SureWareHook_Free;
+
+#define SUREWARE_PKCS1_PAD 1
+#define SUREWARE_ISO9796_PAD 2
+#define SUREWARE_NO_PAD 0
+/*
+* SureWare RSA Private Decryption
+* return 1 if success
+*                       SureWareHOOK_ERROR_FAILED if error while processing
+*                       SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
+*                       SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
+*
+*       in param flen : byte size of from and to
+*       in param from : encrypted data buffer, should be a not-null valid pointer
+*       out param tlen: byte size of decrypted data, if error, unexpected value
+*       out param to : decrypted data buffer, should be a not-null valid pointer
+*   in param prsa: a protected key pointer, should be a not-null valid pointer
+*   int padding: padding id as follow
+*                                       SUREWARE_PKCS1_PAD
+*                                       SUREWARE_NO_PAD
+*
+*/
+typedef int SureWareHook_Rsa_Priv_Dec_t(char*const msg,int flen,unsigned char *from,
+                                                                                int *tlen,unsigned char *to,
+                                                                                char *prsa,int padding);
+extern SW_EXPORT SureWareHook_Rsa_Priv_Dec_t SureWareHook_Rsa_Priv_Dec;
+/*
+* SureWare RSA Signature
+* return 1 if success
+*                       SureWareHOOK_ERROR_FAILED if error while processing
+*                       SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
+*                       SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
+*
+*       in param flen : byte size of from and to
+*       in param from : encrypted data buffer, should be a not-null valid pointer
+*       out param tlen: byte size of decrypted data, if error, unexpected value
+*       out param to : decrypted data buffer, should be a not-null valid pointer
+*   in param prsa: a protected key pointer, should be a not-null valid pointer
+*   int padding: padding id as follow
+*                                       SUREWARE_PKCS1_PAD
+*                                       SUREWARE_ISO9796_PAD
+*
+*/
+typedef int SureWareHook_Rsa_Sign_t(char*const msg,int flen,unsigned char *from,
+                                                                                int *tlen,unsigned char *to,
+                                                                                char *prsa,int padding);
+extern SW_EXPORT SureWareHook_Rsa_Sign_t SureWareHook_Rsa_Sign;
+/*
+* SureWare DSA Signature
+* return 1 if success
+*                       SureWareHOOK_ERROR_FAILED if error while processing
+*                       SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
+*                       SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
+*
+*       in param flen : byte size of from and to
+*       in param from : encrypted data buffer, should be a not-null valid pointer
+*       out param to : decrypted data buffer, should be a 40bytes valid pointer
+*   in param pdsa: a protected key pointer, should be a not-null valid pointer
+*
+*/
+typedef int SureWareHook_Dsa_Sign_t(char*const msg,int flen,const unsigned char *from,
+                                                                                unsigned long *r,unsigned long *s,char *pdsa);
+extern SW_EXPORT SureWareHook_Dsa_Sign_t SureWareHook_Dsa_Sign;
+
+
+/*
+* SureWare Mod Exp
+* return 1 if success
+*                       SureWareHOOK_ERROR_FAILED if error while processing
+*                       SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
+*                       SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
+*
+*       mod and res are mlen bytes long.
+*       exp is elen bytes long
+*       data is dlen bytes long
+*       mlen,elen and dlen are all multiple of sizeof(unsigned long)
+*/
+typedef int SureWareHook_Mod_Exp_t(char*const msg,int mlen,const unsigned long *mod,
+                                                                        int elen,const unsigned long *exponent,
+                                                                        int dlen,unsigned long *data,
+                                                                        unsigned long *res);
+extern SW_EXPORT SureWareHook_Mod_Exp_t SureWareHook_Mod_Exp;
+