26 files changed, 6629 insertions, 169 deletions

diff --git a/src/lib/libcrypto/engine/Makefile.ssl b/src/lib/libcrypto/engine/Makefile.ssl
new file mode 100644
index 0000000000..8bc8985e02
--- /dev/null
+++ b/src/lib/libcrypto/engine/Makefile.ssl
@@ -0,0 +1,556 @@
+#
+# OpenSSL/crypto/engine/Makefile
+#
+
+DIR=    engine
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST= enginetest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \
+        eng_table.c eng_pkey.c eng_fat.c eng_all.c \
+        tb_rsa.c tb_dsa.c tb_dh.c tb_rand.c tb_cipher.c tb_digest.c \
+        eng_openssl.c eng_dyn.c eng_cnf.c \
+        hw_atalla.c hw_cswift.c hw_ncipher.c hw_nuron.c hw_ubsec.c \
+        hw_cryptodev.c hw_aep.c hw_sureware.c hw_4758_cca.c
+LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \
+        eng_table.o eng_pkey.o eng_fat.o eng_all.o \
+        tb_rsa.o tb_dsa.o tb_dh.o tb_rand.o tb_cipher.o tb_digest.o \
+        eng_openssl.o eng_dyn.o eng_cnf.o \
+        hw_atalla.o hw_cswift.o hw_ncipher.o hw_nuron.o hw_ubsec.o \
+        hw_cryptodev.o hw_aep.o hw_sureware.o hw_4758_cca.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= engine.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB)
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+errors:
+        $(PERL) $(TOP)/util/mkerr.pl -conf hw.ec \
+                -nostatic -staticloader -write hw_*.c
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+eng_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+eng_all.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+eng_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_all.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_all.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+eng_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+eng_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+eng_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_all.o: ../../include/openssl/ui.h eng_all.c eng_int.h
+eng_cnf.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_cnf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_cnf.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+eng_cnf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+eng_cnf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+eng_cnf.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_cnf.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+eng_cnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_cnf.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_cnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_cnf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_cnf.o: ../cryptlib.h eng_cnf.c
+eng_ctrl.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_ctrl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_ctrl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_ctrl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_ctrl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_ctrl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_ctrl.o: ../../include/openssl/opensslconf.h
+eng_ctrl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_ctrl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_ctrl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_ctrl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_ctrl.o: ../cryptlib.h eng_ctrl.c eng_int.h
+eng_dyn.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_dyn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_dyn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_dyn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_dyn.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+eng_dyn.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_dyn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+eng_dyn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_dyn.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_dyn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_dyn.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_dyn.o: ../cryptlib.h eng_dyn.c eng_int.h
+eng_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+eng_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+eng_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_err.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+eng_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+eng_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+eng_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_err.o: ../../include/openssl/ui.h eng_err.c
+eng_fat.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_fat.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_fat.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+eng_fat.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+eng_fat.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+eng_fat.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_fat.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+eng_fat.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_fat.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_fat.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_fat.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_fat.o: ../cryptlib.h eng_fat.c eng_int.h
+eng_init.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_init.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_init.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_init.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_init.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_init.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_init.o: ../../include/openssl/opensslconf.h
+eng_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_init.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_init.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_init.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_init.o: ../cryptlib.h eng_init.c eng_int.h
+eng_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+eng_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+eng_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+eng_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_lib.o: ../../include/openssl/ui.h ../cryptlib.h eng_int.h eng_lib.c
+eng_list.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_list.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_list.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_list.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_list.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_list.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_list.o: ../../include/openssl/opensslconf.h
+eng_list.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_list.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_list.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_list.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_list.o: ../cryptlib.h eng_int.h eng_list.c
+eng_openssl.o: ../../e_os.h ../../include/openssl/aes.h
+eng_openssl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+eng_openssl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+eng_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+eng_openssl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+eng_openssl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+eng_openssl.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+eng_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_openssl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+eng_openssl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+eng_openssl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+eng_openssl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+eng_openssl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+eng_openssl.o: ../../include/openssl/opensslconf.h
+eng_openssl.o: ../../include/openssl/opensslv.h
+eng_openssl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+eng_openssl.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+eng_openssl.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+eng_openssl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+eng_openssl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+eng_openssl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+eng_openssl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_openssl.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+eng_openssl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+eng_openssl.o: ../cryptlib.h eng_openssl.c
+eng_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_pkey.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_pkey.o: ../../include/openssl/opensslconf.h
+eng_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_pkey.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_pkey.o: ../cryptlib.h eng_int.h eng_pkey.c
+eng_table.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+eng_table.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+eng_table.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+eng_table.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+eng_table.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+eng_table.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+eng_table.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_table.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+eng_table.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+eng_table.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+eng_table.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+eng_table.o: ../../include/openssl/objects.h
+eng_table.o: ../../include/openssl/opensslconf.h
+eng_table.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_table.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+eng_table.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+eng_table.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+eng_table.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+eng_table.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_table.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+eng_table.o: eng_int.h eng_table.c
+hw_4758_cca.o: ../../e_os.h ../../include/openssl/aes.h
+hw_4758_cca.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hw_4758_cca.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+hw_4758_cca.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+hw_4758_cca.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+hw_4758_cca.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+hw_4758_cca.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+hw_4758_cca.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+hw_4758_cca.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+hw_4758_cca.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+hw_4758_cca.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+hw_4758_cca.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hw_4758_cca.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hw_4758_cca.o: ../../include/openssl/opensslconf.h
+hw_4758_cca.o: ../../include/openssl/opensslv.h
+hw_4758_cca.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+hw_4758_cca.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+hw_4758_cca.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+hw_4758_cca.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+hw_4758_cca.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+hw_4758_cca.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+hw_4758_cca.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+hw_4758_cca.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+hw_4758_cca.o: ../cryptlib.h hw_4758_cca.c hw_4758_cca_err.c hw_4758_cca_err.h
+hw_4758_cca.o: vendor_defns/hw_4758_cca.h
+hw_aep.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hw_aep.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+hw_aep.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+hw_aep.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+hw_aep.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+hw_aep.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+hw_aep.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+hw_aep.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+hw_aep.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+hw_aep.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+hw_aep.o: ../../include/openssl/ui.h hw_aep.c hw_aep_err.c hw_aep_err.h
+hw_aep.o: vendor_defns/aep.h
+hw_atalla.o: ../../e_os.h ../../include/openssl/asn1.h
+hw_atalla.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+hw_atalla.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+hw_atalla.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hw_atalla.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+hw_atalla.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+hw_atalla.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+hw_atalla.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hw_atalla.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+hw_atalla.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+hw_atalla.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+hw_atalla.o: ../cryptlib.h hw_atalla.c hw_atalla_err.c hw_atalla_err.h
+hw_atalla.o: vendor_defns/atalla.h
+hw_cswift.o: ../../e_os.h ../../include/openssl/asn1.h
+hw_cswift.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+hw_cswift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+hw_cswift.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hw_cswift.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+hw_cswift.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+hw_cswift.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+hw_cswift.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hw_cswift.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+hw_cswift.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+hw_cswift.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+hw_cswift.o: ../cryptlib.h hw_cswift.c hw_cswift_err.c hw_cswift_err.h
+hw_cswift.o: vendor_defns/cswift.h
+hw_ncipher.o: ../../e_os.h ../../include/openssl/aes.h
+hw_ncipher.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hw_ncipher.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+hw_ncipher.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+hw_ncipher.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+hw_ncipher.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+hw_ncipher.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+hw_ncipher.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+hw_ncipher.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+hw_ncipher.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+hw_ncipher.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+hw_ncipher.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hw_ncipher.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hw_ncipher.o: ../../include/openssl/opensslconf.h
+hw_ncipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hw_ncipher.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+hw_ncipher.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+hw_ncipher.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+hw_ncipher.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+hw_ncipher.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+hw_ncipher.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+hw_ncipher.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+hw_ncipher.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+hw_ncipher.o: ../../include/openssl/x509_vfy.h ../cryptlib.h hw_ncipher.c
+hw_ncipher.o: hw_ncipher_err.c hw_ncipher_err.h vendor_defns/hwcryptohook.h
+hw_nuron.o: ../../e_os.h ../../include/openssl/asn1.h
+hw_nuron.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+hw_nuron.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+hw_nuron.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hw_nuron.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+hw_nuron.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+hw_nuron.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+hw_nuron.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hw_nuron.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+hw_nuron.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+hw_nuron.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+hw_nuron.o: ../cryptlib.h hw_nuron.c hw_nuron_err.c hw_nuron_err.h
+hw_cryptodev.o: ../../include/openssl/aes.h
+hw_cryptodev.o: ../../include/openssl/asn1.h
+hw_cryptodev.o: ../../include/openssl/bio.h
+hw_cryptodev.o: ../../include/openssl/blowfish.h
+hw_cryptodev.o: ../../include/openssl/bn.h
+hw_cryptodev.o: ../../include/openssl/cast.h
+hw_cryptodev.o: ../../include/openssl/conf.h
+hw_cryptodev.o: ../../include/openssl/crypto.h
+hw_cryptodev.o: ../../include/openssl/des.h
+hw_cryptodev.o: ../../include/openssl/des_old.h
+hw_cryptodev.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hw_cryptodev.o: ../../include/openssl/e_os2.h
+hw_cryptodev.o: ../../include/openssl/engine.h
+hw_cryptodev.o: ../../include/openssl/err.h
+hw_cryptodev.o: ../../include/openssl/evp.h
+hw_cryptodev.o: ../../include/openssl/idea.h
+hw_cryptodev.o: ../../include/openssl/lhash.h
+hw_cryptodev.o: ../../include/openssl/md2.h
+hw_cryptodev.o: ../../include/openssl/md4.h
+hw_cryptodev.o: ../../include/openssl/md5.h
+hw_cryptodev.o: ../../include/openssl/mdc2.h
+hw_cryptodev.o: ../../include/openssl/obj_mac.h
+hw_cryptodev.o: ../../include/openssl/objects.h
+hw_cryptodev.o: ../../include/openssl/opensslconf.h
+hw_cryptodev.o: ../../include/openssl/opensslv.h
+hw_cryptodev.o: ../../include/openssl/ossl_typ.h
+hw_cryptodev.o: ../../include/openssl/rand.h
+hw_cryptodev.o: ../../include/openssl/rc2.h
+hw_cryptodev.o: ../../include/openssl/rc4.h
+hw_cryptodev.o: ../../include/openssl/rc5.h
+hw_cryptodev.o: ../../include/openssl/ripemd.h
+hw_cryptodev.o: ../../include/openssl/rsa.h
+hw_cryptodev.o: ../../include/openssl/safestack.h
+hw_cryptodev.o: ../../include/openssl/sha.h
+hw_cryptodev.o: ../../include/openssl/stack.h
+hw_cryptodev.o: ../../include/openssl/symhacks.h
+hw_cryptodev.o: ../../include/openssl/ui.h
+hw_cryptodev.o: ../../include/openssl/ui_compat.h ../evp/evp_locl.h
+hw_cryptodev.o: eng_int.h hw_cryptodev.c
+hw_sureware.o: ../../e_os.h ../../include/openssl/aes.h
+hw_sureware.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hw_sureware.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+hw_sureware.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+hw_sureware.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+hw_sureware.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+hw_sureware.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+hw_sureware.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+hw_sureware.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+hw_sureware.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+hw_sureware.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+hw_sureware.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hw_sureware.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hw_sureware.o: ../../include/openssl/opensslconf.h
+hw_sureware.o: ../../include/openssl/opensslv.h
+hw_sureware.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+hw_sureware.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+hw_sureware.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+hw_sureware.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+hw_sureware.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+hw_sureware.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+hw_sureware.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+hw_sureware.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+hw_sureware.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+hw_sureware.o: ../cryptlib.h eng_int.h engine.h hw_sureware.c hw_sureware_err.c
+hw_sureware.o: hw_sureware_err.h vendor_defns/sureware.h
+hw_ubsec.o: ../../e_os.h ../../include/openssl/asn1.h
+hw_ubsec.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+hw_ubsec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+hw_ubsec.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hw_ubsec.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+hw_ubsec.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+hw_ubsec.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+hw_ubsec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hw_ubsec.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+hw_ubsec.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+hw_ubsec.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+hw_ubsec.o: ../cryptlib.h hw_ubsec.c hw_ubsec_err.c hw_ubsec_err.h
+hw_ubsec.o: vendor_defns/hw_ubsec.h
+tb_cipher.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_cipher.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_cipher.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_cipher.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_cipher.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_cipher.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_cipher.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_cipher.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+tb_cipher.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+tb_cipher.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+tb_cipher.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+tb_cipher.o: ../../include/openssl/objects.h
+tb_cipher.o: ../../include/openssl/opensslconf.h
+tb_cipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_cipher.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_cipher.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_cipher.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_cipher.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_cipher.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_cipher.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+tb_cipher.o: eng_int.h tb_cipher.c
+tb_dh.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_dh.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_dh.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_dh.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_dh.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_dh.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_dh.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_dh.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+tb_dh.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+tb_dh.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+tb_dh.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+tb_dh.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_dh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_dh.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_dh.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_dh.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_dh.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_dh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_dh.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h eng_int.h
+tb_dh.o: tb_dh.c
+tb_digest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_digest.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_digest.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_digest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_digest.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_digest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_digest.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_digest.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+tb_digest.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+tb_digest.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+tb_digest.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+tb_digest.o: ../../include/openssl/objects.h
+tb_digest.o: ../../include/openssl/opensslconf.h
+tb_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_digest.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_digest.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_digest.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_digest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_digest.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+tb_digest.o: eng_int.h tb_digest.c
+tb_dsa.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_dsa.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_dsa.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_dsa.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_dsa.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_dsa.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_dsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_dsa.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+tb_dsa.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+tb_dsa.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+tb_dsa.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+tb_dsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_dsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_dsa.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_dsa.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_dsa.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_dsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_dsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_dsa.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+tb_dsa.o: eng_int.h tb_dsa.c
+tb_rand.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_rand.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_rand.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_rand.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_rand.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_rand.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_rand.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_rand.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+tb_rand.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+tb_rand.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+tb_rand.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+tb_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_rand.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_rand.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_rand.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_rand.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+tb_rand.o: eng_int.h tb_rand.c
+tb_rsa.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_rsa.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_rsa.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_rsa.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_rsa.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_rsa.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_rsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_rsa.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+tb_rsa.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+tb_rsa.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+tb_rsa.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+tb_rsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_rsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_rsa.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_rsa.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_rsa.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_rsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_rsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_rsa.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+tb_rsa.o: eng_int.h tb_rsa.c
diff --git a/src/lib/libcrypto/engine/README b/src/lib/libcrypto/engine/README
new file mode 100644
index 0000000000..6b69b70f57
--- /dev/null
+++ b/src/lib/libcrypto/engine/README
@@ -0,0 +1,211 @@
+Notes: 2001-09-24
+-----------------
+
+This "description" (if one chooses to call it that) needed some major updating
+so here goes. This update addresses a change being made at the same time to
+OpenSSL, and it pretty much completely restructures the underlying mechanics of
+the "ENGINE" code. So it serves a double purpose of being a "ENGINE internals
+for masochists" document *and* a rather extensive commit log message. (I'd get
+lynched for sticking all this in CHANGES or the commit mails :-).
+
+ENGINE_TABLE underlies this restructuring, as described in the internal header
+"eng_int.h", implemented in eng_table.c, and used in each of the "class" files;
+tb_rsa.c, tb_dsa.c, etc.
+
+However, "EVP_CIPHER" underlies the motivation and design of ENGINE_TABLE so
+I'll mention a bit about that first. EVP_CIPHER (and most of this applies
+equally to EVP_MD for digests) is both a "method" and a algorithm/mode
+identifier that, in the current API, "lingers". These cipher description +
+implementation structures can be defined or obtained directly by applications,
+or can be loaded "en masse" into EVP storage so that they can be catalogued and
+searched in various ways, ie. two ways of encrypting with the "des_cbc"
+algorithm/mode pair are;
+
+(i) directly;
+     const EVP_CIPHER *cipher = EVP_des_cbc();
+     EVP_EncryptInit(&ctx, cipher, key, iv);
+     [ ... use EVP_EncryptUpdate() and EVP_EncryptFinal() ...]
+
+(ii) indirectly; 
+     OpenSSL_add_all_ciphers();
+     cipher = EVP_get_cipherbyname("des_cbc");
+     EVP_EncryptInit(&ctx, cipher, key, iv);
+     [ ... etc ... ]
+
+The latter is more generally used because it also allows ciphers/digests to be
+looked up based on other identifiers which can be useful for automatic cipher
+selection, eg. in SSL/TLS, or by user-controllable configuration.
+
+The important point about this is that EVP_CIPHER definitions and structures are
+passed around with impunity and there is no safe way, without requiring massive
+rewrites of many applications, to assume that EVP_CIPHERs can be reference
+counted. One an EVP_CIPHER is exposed to the caller, neither it nor anything it
+comes from can "safely" be destroyed. Unless of course the way of getting to
+such ciphers is via entirely distinct API calls that didn't exist before.
+However existing API usage cannot be made to understand when an EVP_CIPHER
+pointer, that has been passed to the caller, is no longer being used.
+
+The other problem with the existing API w.r.t. to hooking EVP_CIPHER support
+into ENGINE is storage - the OBJ_NAME-based storage used by EVP to register
+ciphers simultaneously registers cipher *types* and cipher *implementations* -
+they are effectively the same thing, an "EVP_CIPHER" pointer. The problem with
+hooking in ENGINEs is that multiple ENGINEs may implement the same ciphers. The
+solution is necessarily that ENGINE-provided ciphers simply are not registered,
+stored, or exposed to the caller in the same manner as existing ciphers. This is
+especially necessary considering the fact ENGINE uses reference counts to allow
+for cleanup, modularity, and DSO support - yet EVP_CIPHERs, as exposed to
+callers in the current API, support no such controls.
+
+Another sticking point for integrating cipher support into ENGINE is linkage.
+Already there is a problem with the way ENGINE supports RSA, DSA, etc whereby
+they are available *because* they're part of a giant ENGINE called "openssl".
+Ie. all implementations *have* to come from an ENGINE, but we get round that by
+having a giant ENGINE with all the software support encapsulated. This creates
+linker hassles if nothing else - linking a 1-line application that calls 2 basic
+RSA functions (eg. "RSA_free(RSA_new());") will result in large quantities of
+ENGINE code being linked in *and* because of that DSA, DH, and RAND also. If we
+continue with this approach for EVP_CIPHER support (even if it *was* possible)
+we would lose our ability to link selectively by selectively loading certain
+implementations of certain functionality. Touching any part of any kind of
+crypto would result in massive static linkage of everything else. So the
+solution is to change the way ENGINE feeds existing "classes", ie. how the
+hooking to ENGINE works from RSA, DSA, DH, RAND, as well as adding new hooking
+for EVP_CIPHER, and EVP_MD.
+
+The way this is now being done is by mostly reverting back to how things used to
+work prior to ENGINE :-). Ie. RSA now has a "RSA_METHOD" pointer again - this
+was previously replaced by an "ENGINE" pointer and all RSA code that required
+the RSA_METHOD would call ENGINE_get_RSA() each time on its ENGINE handle to
+temporarily get and use the ENGINE's RSA implementation. Apart from being more
+efficient, switching back to each RSA having an RSA_METHOD pointer also allows
+us to conceivably operate with *no* ENGINE. As we'll see, this removes any need
+for a fallback ENGINE that encapsulates default implementations - we can simply
+have our RSA structure pointing its RSA_METHOD pointer to the software
+implementation and have its ENGINE pointer set to NULL.
+
+A look at the EVP_CIPHER hooking is most explanatory, the RSA, DSA (etc) cases
+turn out to be degenerate forms of the same thing. The EVP storage of ciphers,
+and the existing EVP API functions that return "software" implementations and
+descriptions remain untouched. However, the storage takes more meaning in terms
+of "cipher description" and less meaning in terms of "implementation". When an
+EVP_CIPHER_CTX is actually initialised with an EVP_CIPHER method and is about to
+begin en/decryption, the hooking to ENGINE comes into play. What happens is that
+cipher-specific ENGINE code is asked for an ENGINE pointer (a functional
+reference) for any ENGINE that is registered to perform the algo/mode that the
+provided EVP_CIPHER structure represents. Under normal circumstances, that
+ENGINE code will return NULL because no ENGINEs will have had any cipher
+implementations *registered*. As such, a NULL ENGINE pointer is stored in the
+EVP_CIPHER_CTX context, and the EVP_CIPHER structure is left hooked into the
+context and so is used as the implementation. Pretty much how things work now
+except we'd have a redundant ENGINE pointer set to NULL and doing nothing.
+
+Conversely, if an ENGINE *has* been registered to perform the algorithm/mode
+combination represented by the provided EVP_CIPHER, then a functional reference
+to that ENGINE will be returned to the EVP_CIPHER_CTX during initialisation.
+That functional reference will be stored in the context (and released on
+cleanup) - and having that reference provides a *safe* way to use an EVP_CIPHER
+definition that is private to the ENGINE. Ie. the EVP_CIPHER provided by the
+application will actually be replaced by an EVP_CIPHER from the registered
+ENGINE - it will support the same algorithm/mode as the original but will be a
+completely different implementation. Because this EVP_CIPHER isn't stored in the
+EVP storage, nor is it returned to applications from traditional API functions,
+there is no associated problem with it not having reference counts. And of
+course, when one of these "private" cipher implementations is hooked into
+EVP_CIPHER_CTX, it is done whilst the EVP_CIPHER_CTX holds a functional
+reference to the ENGINE that owns it, thus the use of the ENGINE's EVP_CIPHER is
+safe.
+
+The "cipher-specific ENGINE code" I mentioned is implemented in tb_cipher.c but
+in essence it is simply an instantiation of "ENGINE_TABLE" code for use by
+EVP_CIPHER code. tb_digest.c is virtually identical but, of course, it is for
+use by EVP_MD code. Ditto for tb_rsa.c, tb_dsa.c, etc. These instantiations of
+ENGINE_TABLE essentially provide linker-separation of the classes so that even
+if ENGINEs implement *all* possible algorithms, an application using only
+EVP_CIPHER code will link at most code relating to EVP_CIPHER, tb_cipher.c, core
+ENGINE code that is independant of class, and of course the ENGINE
+implementation that the application loaded. It will *not* however link any
+class-specific ENGINE code for digests, RSA, etc nor will it bleed over into
+other APIs, such as the RSA/DSA/etc library code.
+
+ENGINE_TABLE is a little more complicated than may seem necessary but this is
+mostly to avoid a lot of "init()"-thrashing on ENGINEs (that may have to load
+DSOs, and other expensive setup that shouldn't be thrashed unnecessarily) *and*
+to duplicate "default" behaviour. Basically an ENGINE_TABLE instantiation, for
+example tb_cipher.c, implements a hash-table keyed by integer "nid" values.
+These nids provide the uniquenness of an algorithm/mode - and each nid will hash
+to a potentially NULL "ENGINE_PILE". An ENGINE_PILE is essentially a list of
+pointers to ENGINEs that implement that particular 'nid'. Each "pile" uses some
+caching tricks such that requests on that 'nid' will be cached and all future
+requests will return immediately (well, at least with minimal operation) unless
+a change is made to the pile, eg. perhaps an ENGINE was unloaded. The reason is
+that an application could have support for 10 ENGINEs statically linked
+in, and the machine in question may not have any of the hardware those 10
+ENGINEs support. If each of those ENGINEs has a "des_cbc" implementation, we
+want to avoid every EVP_CIPHER_CTX setup from trying (and failing) to initialise
+each of those 10 ENGINEs. Instead, the first such request will try to do that
+and will either return (and cache) a NULL ENGINE pointer or will return a
+functional reference to the first that successfully initialised. In the latter
+case it will also cache an extra functional reference to the ENGINE as a
+"default" for that 'nid'. The caching is acknowledged by a 'uptodate' variable
+that is unset only if un/registration takes place on that pile. Ie. if
+implementations of "des_cbc" are added or removed. This behaviour can be
+tweaked; the ENGINE_TABLE_FLAG_NOINIT value can be passed to
+ENGINE_set_table_flags(), in which case the only ENGINEs that tb_cipher.c will
+try to initialise from the "pile" will be those that are already initialised
+(ie. it's simply an increment of the functional reference count, and no real
+"initialisation" will take place).
+
+RSA, DSA, DH, and RAND all have their own ENGINE_TABLE code as well, and the
+difference is that they all use an implicit 'nid' of 1. Whereas EVP_CIPHERs are
+actually qualitatively different depending on 'nid' (the "des_cbc" EVP_CIPHER is
+not an interoperable implementation of "aes_256_cbc"), RSA_METHODs are
+necessarily interoperable and don't have different flavours, only different
+implementations. In other words, the ENGINE_TABLE for RSA will either be empty,
+or will have a single ENGING_PILE hashed to by the 'nid' 1 and that pile
+represents ENGINEs that implement the single "type" of RSA there is.
+
+Cleanup - the registration and unregistration may pose questions about how
+cleanup works with the ENGINE_PILE doing all this caching nonsense (ie. when the
+application or EVP_CIPHER code releases its last reference to an ENGINE, the
+ENGINE_PILE code may still have references and thus those ENGINEs will stay
+hooked in forever). The way this is handled is via "unregistration". With these
+new ENGINE changes, an abstract ENGINE can be loaded and initialised, but that
+is an algorithm-agnostic process. Even if initialised, it will not have
+registered any of its implementations (to do so would link all class "table"
+code despite the fact the application may use only ciphers, for example). This
+is deliberately a distinct step. Moreover, registration and unregistration has
+nothing to do with whether an ENGINE is *functional* or not (ie. you can even
+register an ENGINE and its implementations without it being operational, you may
+not even have the drivers to make it operate). What actually happens with
+respect to cleanup is managed inside eng_lib.c with the "engine_cleanup_***"
+functions. These functions are internal-only and each part of ENGINE code that
+could require cleanup will, upon performing its first allocation, register a
+callback with the "engine_cleanup" code. The other part of this that makes it
+tick is that the ENGINE_TABLE instantiations (tb_***.c) use NULL as their
+initialised state. So if RSA code asks for an ENGINE and no ENGINE has
+registered an implementation, the code will simply return NULL and the tb_rsa.c
+state will be unchanged. Thus, no cleanup is required unless registration takes
+place. ENGINE_cleanup() will simply iterate across a list of registered cleanup
+callbacks calling each in turn, and will then internally delete its own storage
+(a STACK). When a cleanup callback is next registered (eg. if the cleanup() is
+part of a gracefull restart and the application wants to cleanup all state then
+start again), the internal STACK storage will be freshly allocated. This is much
+the same as the situation in the ENGINE_TABLE instantiations ... NULL is the
+initialised state, so only modification operations (not queries) will cause that
+code to have to register a cleanup.
+
+What else? The bignum callbacks and associated ENGINE functions have been
+removed for two obvious reasons; (i) there was no way to generalise them to the
+mechanism now used by RSA/DSA/..., because there's no such thing as a BIGNUM
+method, and (ii) because of (i), there was no meaningful way for library or
+application code to automatically hook and use ENGINE supplied bignum functions
+anyway. Also, ENGINE_cpy() has been removed (although an internal-only version
+exists) - the idea of providing an ENGINE_cpy() function probably wasn't a good
+one and now certainly doesn't make sense in any generalised way. Some of the
+RSA, DSA, DH, and RAND functions that were fiddled during the original ENGINE
+changes have now, as a consequence, been reverted back. This is because the
+hooking of ENGINE is now automatic (and passive, it can interally use a NULL
+ENGINE pointer to simply ignore ENGINE from then on).
+
+Hell, that should be enough for now ... comments welcome: geoff@openssl.org
+
diff --git a/src/lib/libcrypto/engine/eng_all.c b/src/lib/libcrypto/engine/eng_all.c
new file mode 100644
index 0000000000..bc50465422
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_all.c
@@ -0,0 +1,119 @@
+/* crypto/engine/eng_all.c -*- mode: C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte <richard@levitte.org> for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/err.h>
+#include <openssl/engine.h>
+#include "eng_int.h"
+
+#ifdef __OpenBSD__
+static int openbsd_default_loaded = 0;
+#endif
+
+void ENGINE_load_builtin_engines(void)
+        {
+        /* There's no longer any need for an "openssl" ENGINE unless, one day,
+         * it is the *only* way for standard builtin implementations to be be
+         * accessed (ie. it would be possible to statically link binaries with
+         * *no* builtin implementations). */
+#if 0
+        ENGINE_load_openssl();
+#endif
+        ENGINE_load_dynamic();
+#ifndef OPENSSL_NO_HW
+#ifndef OPENSSL_NO_HW_CSWIFT
+        ENGINE_load_cswift();
+#endif
+#ifndef OPENSSL_NO_HW_NCIPHER
+        ENGINE_load_chil();
+#endif
+#ifndef OPENSSL_NO_HW_ATALLA
+        ENGINE_load_atalla();
+#endif
+#ifndef OPENSSL_NO_HW_NURON
+        ENGINE_load_nuron();
+#endif
+#ifndef OPENSSL_NO_HW_UBSEC
+        ENGINE_load_ubsec();
+#endif
+#ifndef OPENSSL_NO_HW_AEP
+        ENGINE_load_aep();
+#endif
+#ifndef OPENSSL_NO_HW_SUREWARE
+        ENGINE_load_sureware();
+#endif
+#ifndef OPENSSL_NO_HW_4758_CCA
+        ENGINE_load_4758cca();
+#endif
+#ifdef OPENSSL_OPENBSD_DEV_CRYPTO
+        ENGINE_load_openbsd_dev_crypto();
+#endif
+#ifdef __OpenBSD__
+        ENGINE_load_cryptodev();
+#endif
+#endif
+        }
+
+#ifdef __OpenBSD__
+void ENGINE_setup_openbsd(void) {
+        if (!openbsd_default_loaded) {
+                ENGINE_load_cryptodev();
+                ENGINE_register_all_complete();
+        }
+        openbsd_default_loaded=1;
+}
+#endif
diff --git a/src/lib/libcrypto/engine/eng_cnf.c b/src/lib/libcrypto/engine/eng_cnf.c
new file mode 100644
index 0000000000..cdf670901a
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_cnf.c
@@ -0,0 +1,242 @@
+/* eng_cnf.c */
+/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/engine.h>
+
+/* #define ENGINE_CONF_DEBUG */
+
+/* ENGINE config module */
+
+static char *skip_dot(char *name)
+        {
+        char *p;
+        p = strchr(name, '.');
+        if (p)
+                return p + 1;
+        return name;
+        }
+
+static STACK_OF(ENGINE) *initialized_engines = NULL;
+
+static int int_engine_init(ENGINE *e)
+        {
+        if (!ENGINE_init(e))
+                return 0;
+        if (!initialized_engines)
+                initialized_engines = sk_ENGINE_new_null();
+        if (!initialized_engines || !sk_ENGINE_push(initialized_engines, e))
+                {
+                ENGINE_finish(e);
+                return 0;
+                }
+        return 1;
+        }
+        
+
+static int int_engine_configure(char *name, char *value, const CONF *cnf)
+        {
+        int i;
+        int ret = 0;
+        long do_init = -1;
+        STACK_OF(CONF_VALUE) *ecmds;
+        CONF_VALUE *ecmd;
+        char *ctrlname, *ctrlvalue;
+        ENGINE *e = NULL;
+        name = skip_dot(name);
+#ifdef ENGINE_CONF_DEBUG
+        fprintf(stderr, "Configuring engine %s\n", name);
+#endif
+        /* Value is a section containing ENGINE commands */
+        ecmds = NCONF_get_section(cnf, value);
+
+        if (!ecmds)
+                {
+                ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_ENGINE_SECTION_ERROR);
+                return 0;
+                }
+
+        for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++)
+                {
+                ecmd = sk_CONF_VALUE_value(ecmds, i);
+                ctrlname = skip_dot(ecmd->name);
+                ctrlvalue = ecmd->value;
+#ifdef ENGINE_CONF_DEBUG
+        fprintf(stderr, "ENGINE conf: doing ctrl(%s,%s)\n", ctrlname, ctrlvalue);
+#endif
+
+                /* First handle some special pseudo ctrls */
+
+                /* Override engine name to use */
+                if (!strcmp(ctrlname, "engine_id"))
+                        name = ctrlvalue;
+                /* Load a dynamic ENGINE */
+                else if (!strcmp(ctrlname, "dynamic_path"))
+                        {
+                        e = ENGINE_by_id("dynamic");
+                        if (!e)
+                                goto err;
+                        if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", ctrlvalue, 0))
+                                goto err;
+                        if (!ENGINE_ctrl_cmd_string(e, "LIST_ADD", "2", 0))
+                                goto err;
+                        if (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
+                                goto err;
+                        }
+                /* ... add other pseudos here ... */
+                else
+                        {
+                        /* At this point we need an ENGINE structural reference
+                         * if we don't already have one.
+                         */
+                        if (!e)
+                                {
+                                e = ENGINE_by_id(name);
+                                if (!e)
+                                        return 0;
+                                }
+                        /* Allow "EMPTY" to mean no value: this allows a valid
+                         * "value" to be passed to ctrls of type NO_INPUT
+                         */
+                        if (!strcmp(ctrlvalue, "EMPTY"))
+                                ctrlvalue = NULL;
+                        else if (!strcmp(ctrlname, "init"))
+                                {
+                                if (!NCONF_get_number_e(cnf, value, "init", &do_init))
+                                        goto err;
+                                if (do_init == 1)
+                                        {
+                                        if (!int_engine_init(e))
+                                                goto err;
+                                        }
+                                else if (do_init != 0)
+                                        {
+                                        ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_INVALID_INIT_VALUE);
+                                        goto err;
+                                        }
+                                }
+                        else if (!strcmp(ctrlname, "default_algorithms"))
+                                {
+                                if (!ENGINE_set_default_string(e, ctrlvalue))
+                                        goto err;
+                                }
+                        else if (!ENGINE_ctrl_cmd_string(e,
+                                        ctrlname, ctrlvalue, 0))
+                                return 0;
+                        }
+
+
+
+                }
+        if (e && (do_init == -1) && !int_engine_init(e))
+                goto err;
+        ret = 1;
+        err:
+        if (e)
+                ENGINE_free(e);
+        return ret;
+        }
+
+
+static int int_engine_module_init(CONF_IMODULE *md, const CONF *cnf)
+        {
+        STACK_OF(CONF_VALUE) *elist;
+        CONF_VALUE *cval;
+        int i;
+#ifdef ENGINE_CONF_DEBUG
+        fprintf(stderr, "Called engine module: name %s, value %s\n",
+                        CONF_imodule_get_name(md), CONF_imodule_get_value(md));
+#endif
+        /* Value is a section containing ENGINEs to configure */
+        elist = NCONF_get_section(cnf, CONF_imodule_get_value(md));
+
+        if (!elist)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_MODULE_INIT, ENGINE_R_ENGINES_SECTION_ERROR);
+                return 0;
+                }
+
+        for (i = 0; i < sk_CONF_VALUE_num(elist); i++)
+                {
+                cval = sk_CONF_VALUE_value(elist, i);
+                if (!int_engine_configure(cval->name, cval->value, cnf))
+                        return 0;
+                }
+
+        return 1;
+        }
+
+static void int_engine_module_finish(CONF_IMODULE *md)
+        {
+        ENGINE *e;
+        while ((e = sk_ENGINE_pop(initialized_engines)))
+                ENGINE_finish(e);
+        sk_ENGINE_free(initialized_engines);
+        initialized_engines = NULL;
+        }
+        
+
+void ENGINE_add_conf_module(void)
+        {
+        CONF_module_add("engines",
+                        int_engine_module_init,
+                        int_engine_module_finish);
+        }
diff --git a/src/lib/libcrypto/engine/eng_ctrl.c b/src/lib/libcrypto/engine/eng_ctrl.c
new file mode 100644
index 0000000000..ad3858395b
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_ctrl.c
@@ -0,0 +1,387 @@
+/* crypto/engine/eng_ctrl.c */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include "eng_int.h"
+#include <openssl/engine.h>
+
+/* When querying a ENGINE-specific control command's 'description', this string
+ * is used if the ENGINE_CMD_DEFN has cmd_desc set to NULL. */
+static const char *int_no_description = "";
+
+/* These internal functions handle 'CMD'-related control commands when the
+ * ENGINE in question has asked us to take care of it (ie. the ENGINE did not
+ * set the ENGINE_FLAGS_MANUAL_CMD_CTRL flag. */
+
+static int int_ctrl_cmd_is_null(const ENGINE_CMD_DEFN *defn)
+        {
+        if((defn->cmd_num == 0) || (defn->cmd_name == NULL))
+                return 1;
+        return 0;
+        }
+
+static int int_ctrl_cmd_by_name(const ENGINE_CMD_DEFN *defn, const char *s)
+        {
+        int idx = 0;
+        while(!int_ctrl_cmd_is_null(defn) && (strcmp(defn->cmd_name, s) != 0))
+                {
+                idx++;
+                defn++;
+                }
+        if(int_ctrl_cmd_is_null(defn))
+                /* The given name wasn't found */
+                return -1;
+        return idx;
+        }
+
+static int int_ctrl_cmd_by_num(const ENGINE_CMD_DEFN *defn, unsigned int num)
+        {
+        int idx = 0;
+        /* NB: It is stipulated that 'cmd_defn' lists are ordered by cmd_num. So
+         * our searches don't need to take any longer than necessary. */
+        while(!int_ctrl_cmd_is_null(defn) && (defn->cmd_num < num))
+                {
+                idx++;
+                defn++;
+                }
+        if(defn->cmd_num == num)
+                return idx;
+        /* The given cmd_num wasn't found */
+        return -1;
+        }
+
+static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, void (*f)())
+        {
+        int idx;
+        char *s = (char *)p;
+        /* Take care of the easy one first (eg. it requires no searches) */
+        if(cmd == ENGINE_CTRL_GET_FIRST_CMD_TYPE)
+                {
+                if((e->cmd_defns == NULL) || int_ctrl_cmd_is_null(e->cmd_defns))
+                        return 0;
+                return e->cmd_defns->cmd_num;
+                }
+        /* One or two commands require that "p" be a valid string buffer */
+        if((cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) ||
+                        (cmd == ENGINE_CTRL_GET_NAME_FROM_CMD) ||
+                        (cmd == ENGINE_CTRL_GET_DESC_FROM_CMD))
+                {
+                if(s == NULL)
+                        {
+                        ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
+                                ERR_R_PASSED_NULL_PARAMETER);
+                        return -1;
+                        }
+                }
+        /* Now handle cmd_name -> cmd_num conversion */
+        if(cmd == ENGINE_CTRL_GET_CMD_FROM_NAME)
+                {
+                if((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_name(
+                                                e->cmd_defns, s)) < 0))
+                        {
+                        ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
+                                ENGINE_R_INVALID_CMD_NAME);
+                        return -1;
+                        }
+                return e->cmd_defns[idx].cmd_num;
+                }
+        /* For the rest of the commands, the 'long' argument must specify a
+         * valie command number - so we need to conduct a search. */
+        if((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_num(e->cmd_defns,
+                                        (unsigned int)i)) < 0))
+                {
+                ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
+                        ENGINE_R_INVALID_CMD_NUMBER);
+                return -1;
+                }
+        /* Now the logic splits depending on command type */
+        switch(cmd)
+                {
+        case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
+                idx++;
+                if(int_ctrl_cmd_is_null(e->cmd_defns + idx))
+                        /* end-of-list */
+                        return 0;
+                else
+                        return e->cmd_defns[idx].cmd_num;
+        case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
+                return strlen(e->cmd_defns[idx].cmd_name);
+        case ENGINE_CTRL_GET_NAME_FROM_CMD:
+                return sprintf(s, "%s", e->cmd_defns[idx].cmd_name);
+        case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
+                if(e->cmd_defns[idx].cmd_desc)
+                        return strlen(e->cmd_defns[idx].cmd_desc);
+                return strlen(int_no_description);
+        case ENGINE_CTRL_GET_DESC_FROM_CMD:
+                if(e->cmd_defns[idx].cmd_desc)
+                        return sprintf(s, "%s", e->cmd_defns[idx].cmd_desc);
+                return sprintf(s, "%s", int_no_description);
+        case ENGINE_CTRL_GET_CMD_FLAGS:
+                return e->cmd_defns[idx].cmd_flags;
+                }
+        /* Shouldn't really be here ... */
+        ENGINEerr(ENGINE_F_INT_CTRL_HELPER,ENGINE_R_INTERNAL_LIST_ERROR);
+        return -1;
+        }
+
+int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+        {
+        int ctrl_exists, ref_exists;
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        ref_exists = ((e->struct_ref > 0) ? 1 : 0);
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        ctrl_exists = ((e->ctrl == NULL) ? 0 : 1);
+        if(!ref_exists)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_REFERENCE);
+                return 0;
+                }
+        /* Intercept any "root-level" commands before trying to hand them on to
+         * ctrl() handlers. */
+        switch(cmd)
+                {
+        case ENGINE_CTRL_HAS_CTRL_FUNCTION:
+                return ctrl_exists;
+        case ENGINE_CTRL_GET_FIRST_CMD_TYPE:
+        case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
+        case ENGINE_CTRL_GET_CMD_FROM_NAME:
+        case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
+        case ENGINE_CTRL_GET_NAME_FROM_CMD:
+        case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
+        case ENGINE_CTRL_GET_DESC_FROM_CMD:
+        case ENGINE_CTRL_GET_CMD_FLAGS:
+                if(ctrl_exists && !(e->flags & ENGINE_FLAGS_MANUAL_CMD_CTRL))
+                        return int_ctrl_helper(e,cmd,i,p,f);
+                if(!ctrl_exists)
+                        {
+                        ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION);
+                        /* For these cmd-related functions, failure is indicated
+                         * by a -1 return value (because 0 is used as a valid
+                         * return in some places). */
+                        return -1;
+                        }
+        default:
+                break;
+                }
+        /* Anything else requires a ctrl() handler to exist. */
+        if(!ctrl_exists)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION);
+                return 0;
+                }
+        return e->ctrl(e, cmd, i, p, f);
+        }
+
+int ENGINE_cmd_is_executable(ENGINE *e, int cmd)
+        {
+        int flags;
+        if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, cmd, NULL, NULL)) < 0)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE,
+                        ENGINE_R_INVALID_CMD_NUMBER);
+                return 0;
+                }
+        if(!(flags & ENGINE_CMD_FLAG_NO_INPUT) &&
+                        !(flags & ENGINE_CMD_FLAG_NUMERIC) &&
+                        !(flags & ENGINE_CMD_FLAG_STRING))
+                return 0;
+        return 1;
+        }
+
+int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
+        long i, void *p, void (*f)(), int cmd_optional)
+        {
+        int num;
+
+        if((e == NULL) || (cmd_name == NULL))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        if((e->ctrl == NULL) || ((num = ENGINE_ctrl(e,
+                                        ENGINE_CTRL_GET_CMD_FROM_NAME,
+                                        0, (void *)cmd_name, NULL)) <= 0))
+                {
+                /* If the command didn't *have* to be supported, we fake
+                 * success. This allows certain settings to be specified for
+                 * multiple ENGINEs and only require a change of ENGINE id
+                 * (without having to selectively apply settings). Eg. changing
+                 * from a hardware device back to the regular software ENGINE
+                 * without editing the config file, etc. */
+                if(cmd_optional)
+                        {
+                        ERR_clear_error();
+                        return 1;
+                        }
+                ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD,
+                        ENGINE_R_INVALID_CMD_NAME);
+                return 0;
+                }
+        /* Force the result of the control command to 0 or 1, for the reasons
+         * mentioned before. */
+        if (ENGINE_ctrl(e, num, i, p, f))
+                return 1;
+        return 0;
+        }
+
+int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
+                                int cmd_optional)
+        {
+        int num, flags;
+        long l;
+        char *ptr;
+        if((e == NULL) || (cmd_name == NULL))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        if((e->ctrl == NULL) || ((num = ENGINE_ctrl(e,
+                                        ENGINE_CTRL_GET_CMD_FROM_NAME,
+                                        0, (void *)cmd_name, NULL)) <= 0))
+                {
+                /* If the command didn't *have* to be supported, we fake
+                 * success. This allows certain settings to be specified for
+                 * multiple ENGINEs and only require a change of ENGINE id
+                 * (without having to selectively apply settings). Eg. changing
+                 * from a hardware device back to the regular software ENGINE
+                 * without editing the config file, etc. */
+                if(cmd_optional)
+                        {
+                        ERR_clear_error();
+                        return 1;
+                        }
+                ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                        ENGINE_R_INVALID_CMD_NAME);
+                return 0;
+                }
+        if(!ENGINE_cmd_is_executable(e, num))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                        ENGINE_R_CMD_NOT_EXECUTABLE);
+                return 0;
+                }
+        if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, NULL, NULL)) < 0)
+                {
+                /* Shouldn't happen, given that ENGINE_cmd_is_executable()
+                 * returned success. */
+                ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                        ENGINE_R_INTERNAL_LIST_ERROR);
+                return 0;
+                }
+        /* If the command takes no input, there must be no input. And vice
+         * versa. */
+        if(flags & ENGINE_CMD_FLAG_NO_INPUT)
+                {
+                if(arg != NULL)
+                        {
+                        ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                                ENGINE_R_COMMAND_TAKES_NO_INPUT);
+                        return 0;
+                        }
+                /* We deliberately force the result of ENGINE_ctrl() to 0 or 1
+                 * rather than returning it as "return data". This is to ensure
+                 * usage of these commands is consistent across applications and
+                 * that certain applications don't understand it one way, and
+                 * others another. */
+                if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL))
+                        return 1;
+                return 0;
+                }
+        /* So, we require input */
+        if(arg == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                        ENGINE_R_COMMAND_TAKES_INPUT);
+                return 0;
+                }
+        /* If it takes string input, that's easy */
+        if(flags & ENGINE_CMD_FLAG_STRING)
+                {
+                /* Same explanation as above */
+                if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL))
+                        return 1;
+                return 0;
+                }
+        /* If it doesn't take numeric either, then it is unsupported for use in
+         * a config-setting situation, which is what this function is for. This
+         * should never happen though, because ENGINE_cmd_is_executable() was
+         * used. */
+        if(!(flags & ENGINE_CMD_FLAG_NUMERIC))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                        ENGINE_R_INTERNAL_LIST_ERROR);
+                return 0;
+                }
+        l = strtol(arg, &ptr, 10);
+        if((arg == ptr) || (*ptr != '\0'))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                        ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER);
+                return 0;
+                }
+        /* Force the result of the control command to 0 or 1, for the reasons
+         * mentioned before. */
+        if(ENGINE_ctrl(e, num, l, NULL, NULL))
+                return 1;
+        return 0;
+        }
diff --git a/src/lib/libcrypto/engine/eng_dyn.c b/src/lib/libcrypto/engine/eng_dyn.c
new file mode 100644
index 0000000000..4139a16e76
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_dyn.c
@@ -0,0 +1,460 @@
+/* crypto/engine/eng_dyn.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include "eng_int.h"
+#include <openssl/engine.h>
+#include <openssl/dso.h>
+
+/* Shared libraries implementing ENGINEs for use by the "dynamic" ENGINE loader
+ * should implement the hook-up functions with the following prototypes. */
+
+/* Our ENGINE handlers */
+static int dynamic_init(ENGINE *e);
+static int dynamic_finish(ENGINE *e);
+static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+/* Predeclare our context type */
+typedef struct st_dynamic_data_ctx dynamic_data_ctx;
+/* The implementation for the important control command */
+static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx);
+
+#define DYNAMIC_CMD_SO_PATH             ENGINE_CMD_BASE
+#define DYNAMIC_CMD_NO_VCHECK           (ENGINE_CMD_BASE + 1)
+#define DYNAMIC_CMD_ID                  (ENGINE_CMD_BASE + 2)
+#define DYNAMIC_CMD_LIST_ADD            (ENGINE_CMD_BASE + 3)
+#define DYNAMIC_CMD_LOAD                (ENGINE_CMD_BASE + 4)
+
+/* The constants used when creating the ENGINE */
+static const char *engine_dynamic_id = "dynamic";
+static const char *engine_dynamic_name = "Dynamic engine loading support";
+static const ENGINE_CMD_DEFN dynamic_cmd_defns[] = {
+        {DYNAMIC_CMD_SO_PATH,
+                "SO_PATH",
+                "Specifies the path to the new ENGINE shared library",
+                ENGINE_CMD_FLAG_STRING},
+        {DYNAMIC_CMD_NO_VCHECK,
+                "NO_VCHECK",
+                "Specifies to continue even if version checking fails (boolean)",
+                ENGINE_CMD_FLAG_NUMERIC},
+        {DYNAMIC_CMD_ID,
+                "ID",
+                "Specifies an ENGINE id name for loading",
+                ENGINE_CMD_FLAG_STRING},
+        {DYNAMIC_CMD_LIST_ADD,
+                "LIST_ADD",
+                "Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)",
+                ENGINE_CMD_FLAG_NUMERIC},
+        {DYNAMIC_CMD_LOAD,
+                "LOAD",
+                "Load up the ENGINE specified by other settings",
+                ENGINE_CMD_FLAG_NO_INPUT},
+        {0, NULL, NULL, 0}
+        };
+static const ENGINE_CMD_DEFN dynamic_cmd_defns_empty[] = {
+        {0, NULL, NULL, 0}
+        };
+
+/* Loading code stores state inside the ENGINE structure via the "ex_data"
+ * element. We load all our state into a single structure and use that as a
+ * single context in the "ex_data" stack. */
+struct st_dynamic_data_ctx
+        {
+        /* The DSO object we load that supplies the ENGINE code */
+        DSO *dynamic_dso;
+        /* The function pointer to the version checking shared library function */
+        dynamic_v_check_fn v_check;
+        /* The function pointer to the engine-binding shared library function */
+        dynamic_bind_engine bind_engine;
+        /* The default name/path for loading the shared library */
+        const char *DYNAMIC_LIBNAME;
+        /* Whether to continue loading on a version check failure */
+        int no_vcheck;
+        /* If non-NULL, stipulates the 'id' of the ENGINE to be loaded */
+        const char *engine_id;
+        /* If non-zero, a successfully loaded ENGINE should be added to the internal
+         * ENGINE list. If 2, the add must succeed or the entire load should fail. */
+        int list_add_value;
+        /* The symbol name for the version checking function */
+        const char *DYNAMIC_F1;
+        /* The symbol name for the "initialise ENGINE structure" function */
+        const char *DYNAMIC_F2;
+        };
+
+/* This is the "ex_data" index we obtain and reserve for use with our context
+ * structure. */
+static int dynamic_ex_data_idx = -1;
+
+/* Because our ex_data element may or may not get allocated depending on whether
+ * a "first-use" occurs before the ENGINE is freed, we have a memory leak
+ * problem to solve. We can't declare a "new" handler for the ex_data as we
+ * don't want a dynamic_data_ctx in *all* ENGINE structures of all types (this
+ * is a bug in the design of CRYPTO_EX_DATA). As such, we just declare a "free"
+ * handler and that will get called if an ENGINE is being destroyed and there
+ * was an ex_data element corresponding to our context type. */
+static void dynamic_data_ctx_free_func(void *parent, void *ptr,
+                        CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
+        {
+        if(ptr)
+                {
+                dynamic_data_ctx *ctx = (dynamic_data_ctx *)ptr;
+                if(ctx->dynamic_dso)
+                        DSO_free(ctx->dynamic_dso);
+                if(ctx->DYNAMIC_LIBNAME)
+                        OPENSSL_free((void*)ctx->DYNAMIC_LIBNAME);
+                if(ctx->engine_id)
+                        OPENSSL_free((void*)ctx->engine_id);
+                OPENSSL_free(ctx);
+                }
+        }
+
+/* Construct the per-ENGINE context. We create it blindly and then use a lock to
+ * check for a race - if so, all but one of the threads "racing" will have
+ * wasted their time. The alternative involves creating everything inside the
+ * lock which is far worse. */
+static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx)
+        {
+        dynamic_data_ctx *c;
+        c = OPENSSL_malloc(sizeof(dynamic_data_ctx));
+        if(!c)
+                {
+                ENGINEerr(ENGINE_F_SET_DATA_CTX,ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        memset(c, 0, sizeof(dynamic_data_ctx));
+        c->dynamic_dso = NULL;
+        c->v_check = NULL;
+        c->bind_engine = NULL;
+        c->DYNAMIC_LIBNAME = NULL;
+        c->no_vcheck = 0;
+        c->engine_id = NULL;
+        c->list_add_value = 0;
+        c->DYNAMIC_F1 = "v_check";
+        c->DYNAMIC_F2 = "bind_engine";
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        if((*ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e,
+                                dynamic_ex_data_idx)) == NULL)
+                {
+                /* Good, we're the first */
+                ENGINE_set_ex_data(e, dynamic_ex_data_idx, c);
+                *ctx = c;
+                c = NULL;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        /* If we lost the race to set the context, c is non-NULL and *ctx is the
+         * context of the thread that won. */
+        if(c)
+                OPENSSL_free(c);
+        return 1;
+        }
+
+/* This function retrieves the context structure from an ENGINE's "ex_data", or
+ * if it doesn't exist yet, sets it up. */
+static dynamic_data_ctx *dynamic_get_data_ctx(ENGINE *e)
+        {
+        dynamic_data_ctx *ctx;
+        if(dynamic_ex_data_idx < 0)
+                {
+                /* Create and register the ENGINE ex_data, and associate our
+                 * "free" function with it to ensure any allocated contexts get
+                 * freed when an ENGINE goes underground. */
+                int new_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL,
+                                        dynamic_data_ctx_free_func);
+                if(new_idx == -1)
+                        {
+                        ENGINEerr(ENGINE_F_DYNAMIC_GET_DATA_CTX,ENGINE_R_NO_INDEX);
+                        return NULL;
+                        }
+                CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+                /* Avoid a race by checking again inside this lock */
+                if(dynamic_ex_data_idx < 0)
+                        {
+                        /* Good, someone didn't beat us to it */
+                        dynamic_ex_data_idx = new_idx;
+                        new_idx = -1;
+                        }
+                CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+                /* In theory we could "give back" the index here if
+                 * (new_idx>-1), but it's not possible and wouldn't gain us much
+                 * if it were. */
+                }
+        ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, dynamic_ex_data_idx);
+        /* Check if the context needs to be created */
+        if((ctx == NULL) && !dynamic_set_data_ctx(e, &ctx))
+                /* "set_data" will set errors if necessary */
+                return NULL;
+        return ctx;
+        }
+
+static ENGINE *engine_dynamic(void)
+        {
+        ENGINE *ret = ENGINE_new();
+        if(!ret)
+                return NULL;
+        if(!ENGINE_set_id(ret, engine_dynamic_id) ||
+                        !ENGINE_set_name(ret, engine_dynamic_name) ||
+                        !ENGINE_set_init_function(ret, dynamic_init) ||
+                        !ENGINE_set_finish_function(ret, dynamic_finish) ||
+                        !ENGINE_set_ctrl_function(ret, dynamic_ctrl) ||
+                        !ENGINE_set_flags(ret, ENGINE_FLAGS_BY_ID_COPY) ||
+                        !ENGINE_set_cmd_defns(ret, dynamic_cmd_defns))
+                {
+                ENGINE_free(ret);
+                return NULL;
+                }
+        return ret;
+        }
+
+void ENGINE_load_dynamic(void)
+        {
+        ENGINE *toadd = engine_dynamic();
+        if(!toadd) return;
+        ENGINE_add(toadd);
+        /* If the "add" worked, it gets a structural reference. So either way,
+         * we release our just-created reference. */
+        ENGINE_free(toadd);
+        /* If the "add" didn't work, it was probably a conflict because it was
+         * already added (eg. someone calling ENGINE_load_blah then calling
+         * ENGINE_load_builtin_engines() perhaps). */
+        ERR_clear_error();
+        }
+
+static int dynamic_init(ENGINE *e)
+        {
+        /* We always return failure - the "dyanamic" engine itself can't be used
+         * for anything. */
+        return 0;
+        }
+
+static int dynamic_finish(ENGINE *e)
+        {
+        /* This should never be called on account of "dynamic_init" always
+         * failing. */
+        return 0;
+        }
+
+static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+        {
+        dynamic_data_ctx *ctx = dynamic_get_data_ctx(e);
+        int initialised;
+        
+        if(!ctx)
+                {
+                ENGINEerr(ENGINE_F_DYNAMIC_CTRL,ENGINE_R_NOT_LOADED);
+                return 0;
+                }
+        initialised = ((ctx->dynamic_dso == NULL) ? 0 : 1);
+        /* All our control commands require the ENGINE to be uninitialised */
+        if(initialised)
+                {
+                ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
+                        ENGINE_R_ALREADY_LOADED);
+                return 0;
+                }
+        switch(cmd)
+                {
+        case DYNAMIC_CMD_SO_PATH:
+                /* a NULL 'p' or a string of zero-length is the same thing */
+                if(p && (strlen((const char *)p) < 1))
+                        p = NULL;
+                if(ctx->DYNAMIC_LIBNAME)
+                        OPENSSL_free((void*)ctx->DYNAMIC_LIBNAME);
+                if(p)
+                        ctx->DYNAMIC_LIBNAME = BUF_strdup(p);
+                else
+                        ctx->DYNAMIC_LIBNAME = NULL;
+                return (ctx->DYNAMIC_LIBNAME ? 1 : 0);
+        case DYNAMIC_CMD_NO_VCHECK:
+                ctx->no_vcheck = ((i == 0) ? 0 : 1);
+                return 1;
+        case DYNAMIC_CMD_ID:
+                /* a NULL 'p' or a string of zero-length is the same thing */
+                if(p && (strlen((const char *)p) < 1))
+                        p = NULL;
+                if(ctx->engine_id)
+                        OPENSSL_free((void*)ctx->engine_id);
+                if(p)
+                        ctx->engine_id = BUF_strdup(p);
+                else
+                        ctx->engine_id = NULL;
+                return (ctx->engine_id ? 1 : 0);
+        case DYNAMIC_CMD_LIST_ADD:
+                if((i < 0) || (i > 2))
+                        {
+                        ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
+                                ENGINE_R_INVALID_ARGUMENT);
+                        return 0;
+                        }
+                ctx->list_add_value = (int)i;
+                return 1;
+        case DYNAMIC_CMD_LOAD:
+                return dynamic_load(e, ctx);
+        default:
+                break;
+                }
+        ENGINEerr(ENGINE_F_DYNAMIC_CTRL,ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+        return 0;
+        }
+
+static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)
+        {
+        ENGINE cpy;
+        dynamic_fns fns;
+
+        if(!ctx->DYNAMIC_LIBNAME || ((ctx->dynamic_dso = DSO_load(NULL,
+                                ctx->DYNAMIC_LIBNAME, NULL, 0)) == NULL))
+                {
+                ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
+                        ENGINE_R_DSO_NOT_FOUND);
+                return 0;
+                }
+        /* We have to find a bind function otherwise it'll always end badly */
+        if(!(ctx->bind_engine = (dynamic_bind_engine)DSO_bind_func(
+                                        ctx->dynamic_dso, ctx->DYNAMIC_F2)))
+                {
+                ctx->bind_engine = NULL;
+                DSO_free(ctx->dynamic_dso);
+                ctx->dynamic_dso = NULL;
+                ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
+                        ENGINE_R_DSO_FAILURE);
+                return 0;
+                }
+        /* Do we perform version checking? */
+        if(!ctx->no_vcheck)
+                {
+                unsigned long vcheck_res = 0;
+                /* Now we try to find a version checking function and decide how
+                 * to cope with failure if/when it fails. */
+                ctx->v_check = (dynamic_v_check_fn)DSO_bind_func(
+                                ctx->dynamic_dso, ctx->DYNAMIC_F1);
+                if(ctx->v_check)
+                        vcheck_res = ctx->v_check(OSSL_DYNAMIC_VERSION);
+                /* We fail if the version checker veto'd the load *or* if it is
+                 * deferring to us (by returning its version) and we think it is
+                 * too old. */
+                if(vcheck_res < OSSL_DYNAMIC_OLDEST)
+                        {
+                        /* Fail */
+                        ctx->bind_engine = NULL;
+                        ctx->v_check = NULL;
+                        DSO_free(ctx->dynamic_dso);
+                        ctx->dynamic_dso = NULL;
+                        ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
+                                ENGINE_R_VERSION_INCOMPATIBILITY);
+                        return 0;
+                        }
+                }
+        /* First binary copy the ENGINE structure so that we can roll back if
+         * the hand-over fails */
+        memcpy(&cpy, e, sizeof(ENGINE));
+        /* Provide the ERR, "ex_data", memory, and locking callbacks so the
+         * loaded library uses our state rather than its own. FIXME: As noted in
+         * engine.h, much of this would be simplified if each area of code
+         * provided its own "summary" structure of all related callbacks. It
+         * would also increase opaqueness. */
+        fns.err_fns = ERR_get_implementation();
+        fns.ex_data_fns = CRYPTO_get_ex_data_implementation();
+        CRYPTO_get_mem_functions(&fns.mem_fns.malloc_cb,
+                                &fns.mem_fns.realloc_cb,
+                                &fns.mem_fns.free_cb);
+        fns.lock_fns.lock_locking_cb = CRYPTO_get_locking_callback();
+        fns.lock_fns.lock_add_lock_cb = CRYPTO_get_add_lock_callback();
+        fns.lock_fns.dynlock_create_cb = CRYPTO_get_dynlock_create_callback();
+        fns.lock_fns.dynlock_lock_cb = CRYPTO_get_dynlock_lock_callback();
+        fns.lock_fns.dynlock_destroy_cb = CRYPTO_get_dynlock_destroy_callback();
+        /* Now that we've loaded the dynamic engine, make sure no "dynamic"
+         * ENGINE elements will show through. */
+        engine_set_all_null(e);
+
+        /* Try to bind the ENGINE onto our own ENGINE structure */
+        if(!ctx->bind_engine(e, ctx->engine_id, &fns))
+                {
+                ctx->bind_engine = NULL;
+                ctx->v_check = NULL;
+                DSO_free(ctx->dynamic_dso);
+                ctx->dynamic_dso = NULL;
+                ENGINEerr(ENGINE_F_DYNAMIC_LOAD,ENGINE_R_INIT_FAILED);
+                /* Copy the original ENGINE structure back */
+                memcpy(e, &cpy, sizeof(ENGINE));
+                return 0;
+                }
+        /* Do we try to add this ENGINE to the internal list too? */
+        if(ctx->list_add_value > 0)
+                {
+                if(!ENGINE_add(e))
+                        {
+                        /* Do we tolerate this or fail? */
+                        if(ctx->list_add_value > 1)
+                                {
+                                /* Fail - NB: By this time, it's too late to
+                                 * rollback, and trying to do so allows the
+                                 * bind_engine() code to have created leaks. We
+                                 * just have to fail where we are, after the
+                                 * ENGINE has changed. */
+                                ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
+                                        ENGINE_R_CONFLICTING_ENGINE_ID);
+                                return 0;
+                                }
+                        /* Tolerate */
+                        ERR_clear_error();
+                        }
+                }
+        return 1;
+        }
diff --git a/src/lib/libcrypto/engine/eng_err.c b/src/lib/libcrypto/engine/eng_err.c
new file mode 100644
index 0000000000..f6c5630395
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_err.c
@@ -0,0 +1,165 @@
+/* crypto/engine/eng_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/engine.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA ENGINE_str_functs[]=
+        {
+{ERR_PACK(0,ENGINE_F_DYNAMIC_CTRL,0),   "DYNAMIC_CTRL"},
+{ERR_PACK(0,ENGINE_F_DYNAMIC_GET_DATA_CTX,0),   "DYNAMIC_GET_DATA_CTX"},
+{ERR_PACK(0,ENGINE_F_DYNAMIC_LOAD,0),   "DYNAMIC_LOAD"},
+{ERR_PACK(0,ENGINE_F_ENGINE_ADD,0),     "ENGINE_add"},
+{ERR_PACK(0,ENGINE_F_ENGINE_BY_ID,0),   "ENGINE_by_id"},
+{ERR_PACK(0,ENGINE_F_ENGINE_CMD_IS_EXECUTABLE,0),       "ENGINE_cmd_is_executable"},
+{ERR_PACK(0,ENGINE_F_ENGINE_CTRL,0),    "ENGINE_ctrl"},
+{ERR_PACK(0,ENGINE_F_ENGINE_CTRL_CMD,0),        "ENGINE_ctrl_cmd"},
+{ERR_PACK(0,ENGINE_F_ENGINE_CTRL_CMD_STRING,0), "ENGINE_ctrl_cmd_string"},
+{ERR_PACK(0,ENGINE_F_ENGINE_FINISH,0),  "ENGINE_finish"},
+{ERR_PACK(0,ENGINE_F_ENGINE_FREE,0),    "ENGINE_free"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_CIPHER,0),      "ENGINE_get_cipher"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_DEFAULT_TYPE,0),        "ENGINE_GET_DEFAULT_TYPE"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_DIGEST,0),      "ENGINE_get_digest"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_NEXT,0),        "ENGINE_get_next"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_PREV,0),        "ENGINE_get_prev"},
+{ERR_PACK(0,ENGINE_F_ENGINE_INIT,0),    "ENGINE_init"},
+{ERR_PACK(0,ENGINE_F_ENGINE_LIST_ADD,0),        "ENGINE_LIST_ADD"},
+{ERR_PACK(0,ENGINE_F_ENGINE_LIST_REMOVE,0),     "ENGINE_LIST_REMOVE"},
+{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,0),        "ENGINE_load_private_key"},
+{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,0), "ENGINE_load_public_key"},
+{ERR_PACK(0,ENGINE_F_ENGINE_MODULE_INIT,0),     "ENGINE_MODULE_INIT"},
+{ERR_PACK(0,ENGINE_F_ENGINE_NEW,0),     "ENGINE_new"},
+{ERR_PACK(0,ENGINE_F_ENGINE_REMOVE,0),  "ENGINE_remove"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_DEFAULT_STRING,0),      "ENGINE_set_default_string"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_DEFAULT_TYPE,0),        "ENGINE_SET_DEFAULT_TYPE"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_ID,0),  "ENGINE_set_id"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_NAME,0),        "ENGINE_set_name"},
+{ERR_PACK(0,ENGINE_F_ENGINE_TABLE_REGISTER,0),  "ENGINE_TABLE_REGISTER"},
+{ERR_PACK(0,ENGINE_F_ENGINE_UNLOAD_KEY,0),      "ENGINE_UNLOAD_KEY"},
+{ERR_PACK(0,ENGINE_F_INT_CTRL_HELPER,0),        "INT_CTRL_HELPER"},
+{ERR_PACK(0,ENGINE_F_INT_ENGINE_CONFIGURE,0),   "INT_ENGINE_CONFIGURE"},
+{ERR_PACK(0,ENGINE_F_LOG_MESSAGE,0),    "LOG_MESSAGE"},
+{ERR_PACK(0,ENGINE_F_SET_DATA_CTX,0),   "SET_DATA_CTX"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA ENGINE_str_reasons[]=
+        {
+{ENGINE_R_ALREADY_LOADED                 ,"already loaded"},
+{ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER       ,"argument is not a number"},
+{ENGINE_R_CMD_NOT_EXECUTABLE             ,"cmd not executable"},
+{ENGINE_R_COMMAND_TAKES_INPUT            ,"command takes input"},
+{ENGINE_R_COMMAND_TAKES_NO_INPUT         ,"command takes no input"},
+{ENGINE_R_CONFLICTING_ENGINE_ID          ,"conflicting engine id"},
+{ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED   ,"ctrl command not implemented"},
+{ENGINE_R_DH_NOT_IMPLEMENTED             ,"dh not implemented"},
+{ENGINE_R_DSA_NOT_IMPLEMENTED            ,"dsa not implemented"},
+{ENGINE_R_DSO_FAILURE                    ,"DSO failure"},
+{ENGINE_R_DSO_NOT_FOUND                  ,"dso not found"},
+{ENGINE_R_ENGINES_SECTION_ERROR          ,"engines section error"},
+{ENGINE_R_ENGINE_IS_NOT_IN_LIST          ,"engine is not in the list"},
+{ENGINE_R_ENGINE_SECTION_ERROR           ,"engine section error"},
+{ENGINE_R_FAILED_LOADING_PRIVATE_KEY     ,"failed loading private key"},
+{ENGINE_R_FAILED_LOADING_PUBLIC_KEY      ,"failed loading public key"},
+{ENGINE_R_FINISH_FAILED                  ,"finish failed"},
+{ENGINE_R_GET_HANDLE_FAILED              ,"could not obtain hardware handle"},
+{ENGINE_R_ID_OR_NAME_MISSING             ,"'id' or 'name' missing"},
+{ENGINE_R_INIT_FAILED                    ,"init failed"},
+{ENGINE_R_INTERNAL_LIST_ERROR            ,"internal list error"},
+{ENGINE_R_INVALID_ARGUMENT               ,"invalid argument"},
+{ENGINE_R_INVALID_CMD_NAME               ,"invalid cmd name"},
+{ENGINE_R_INVALID_CMD_NUMBER             ,"invalid cmd number"},
+{ENGINE_R_INVALID_INIT_VALUE             ,"invalid init value"},
+{ENGINE_R_INVALID_STRING                 ,"invalid string"},
+{ENGINE_R_NOT_INITIALISED                ,"not initialised"},
+{ENGINE_R_NOT_LOADED                     ,"not loaded"},
+{ENGINE_R_NO_CONTROL_FUNCTION            ,"no control function"},
+{ENGINE_R_NO_INDEX                       ,"no index"},
+{ENGINE_R_NO_LOAD_FUNCTION               ,"no load function"},
+{ENGINE_R_NO_REFERENCE                   ,"no reference"},
+{ENGINE_R_NO_SUCH_ENGINE                 ,"no such engine"},
+{ENGINE_R_NO_UNLOAD_FUNCTION             ,"no unload function"},
+{ENGINE_R_PROVIDE_PARAMETERS             ,"provide parameters"},
+{ENGINE_R_RSA_NOT_IMPLEMENTED            ,"rsa not implemented"},
+{ENGINE_R_UNIMPLEMENTED_CIPHER           ,"unimplemented cipher"},
+{ENGINE_R_UNIMPLEMENTED_DIGEST           ,"unimplemented digest"},
+{ENGINE_R_VERSION_INCOMPATIBILITY        ,"version incompatibility"},
+{0,NULL}
+        };
+
+#endif
+
+void ERR_load_ENGINE_strings(void)
+        {
+        static int init=1;
+
+        if (init)
+                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(ERR_LIB_ENGINE,ENGINE_str_functs);
+                ERR_load_strings(ERR_LIB_ENGINE,ENGINE_str_reasons);
+#endif
+
+                }
+        }
diff --git a/src/lib/libcrypto/engine/eng_fat.c b/src/lib/libcrypto/engine/eng_fat.c
new file mode 100644
index 0000000000..f7edb5ad32
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_fat.c
@@ -0,0 +1,147 @@
+/* crypto/engine/eng_fat.c */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include "eng_int.h"
+#include <openssl/engine.h>
+#include <openssl/conf.h>
+
+int ENGINE_set_default(ENGINE *e, unsigned int flags)
+        {
+        if((flags & ENGINE_METHOD_CIPHERS) && !ENGINE_set_default_ciphers(e))
+                return 0;
+        if((flags & ENGINE_METHOD_DIGESTS) && !ENGINE_set_default_digests(e))
+                return 0;
+#ifndef OPENSSL_NO_RSA
+        if((flags & ENGINE_METHOD_RSA) & !ENGINE_set_default_RSA(e))
+                return 0;
+#endif
+#ifndef OPENSSL_NO_DSA
+        if((flags & ENGINE_METHOD_DSA) & !ENGINE_set_default_DSA(e))
+                return 0;
+#endif
+#ifndef OPENSSL_NO_DH
+        if((flags & ENGINE_METHOD_DH) & !ENGINE_set_default_DH(e))
+                return 0;
+#endif
+        if((flags & ENGINE_METHOD_RAND) & !ENGINE_set_default_RAND(e))
+                return 0;
+        return 1;
+        }
+
+/* Set default algorithms using a string */
+
+static int int_def_cb(const char *alg, int len, void *arg)
+        {
+        unsigned int *pflags = arg;
+        if (!strncmp(alg, "ALL", len))
+                *pflags |= ENGINE_METHOD_ALL;
+        else if (!strncmp(alg, "RSA", len))
+                *pflags |= ENGINE_METHOD_RSA;
+        else if (!strncmp(alg, "DSA", len))
+                *pflags |= ENGINE_METHOD_DSA;
+        else if (!strncmp(alg, "DH", len))
+                *pflags |= ENGINE_METHOD_DH;
+        else if (!strncmp(alg, "RAND", len))
+                *pflags |= ENGINE_METHOD_RAND;
+        else if (!strncmp(alg, "CIPHERS", len))
+                *pflags |= ENGINE_METHOD_CIPHERS;
+        else if (!strncmp(alg, "DIGESTS", len))
+                *pflags |= ENGINE_METHOD_DIGESTS;
+        else
+                return 0;
+        return 1;
+        }
+
+
+int ENGINE_set_default_string(ENGINE *e, const char *list)
+        {
+        unsigned int flags = 0;
+        if (!CONF_parse_list(list, ',', 1, int_def_cb, &flags))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_STRING,
+                                        ENGINE_R_INVALID_STRING);
+                ERR_add_error_data(2, "str=",list);
+                return 0;
+                }
+        return ENGINE_set_default(e, flags);
+        }
+
+int ENGINE_register_complete(ENGINE *e)
+        {
+        ENGINE_register_ciphers(e);
+        ENGINE_register_digests(e);
+#ifndef OPENSSL_NO_RSA
+        ENGINE_register_RSA(e);
+#endif
+#ifndef OPENSSL_NO_DSA
+        ENGINE_register_DSA(e);
+#endif
+#ifndef OPENSSL_NO_DH
+        ENGINE_register_DH(e);
+#endif
+        ENGINE_register_RAND(e);
+        return 1;
+        }
+
+int ENGINE_register_all_complete(void)
+        {
+        ENGINE *e;
+
+        for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
+                ENGINE_register_complete(e);
+        return 1;
+        }
diff --git a/src/lib/libcrypto/engine/eng_init.c b/src/lib/libcrypto/engine/eng_init.c
new file mode 100644
index 0000000000..170c1791b3
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_init.c
@@ -0,0 +1,157 @@
+/* crypto/engine/eng_init.c */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include "eng_int.h"
+#include <openssl/engine.h>
+
+/* Initialise a engine type for use (or up its functional reference count
+ * if it's already in use). This version is only used internally. */
+int engine_unlocked_init(ENGINE *e)
+        {
+        int to_return = 1;
+
+        if((e->funct_ref == 0) && e->init)
+                /* This is the first functional reference and the engine
+                 * requires initialisation so we do it now. */
+                to_return = e->init(e);
+        if(to_return)
+                {
+                /* OK, we return a functional reference which is also a
+                 * structural reference. */
+                e->struct_ref++;
+                e->funct_ref++;
+                engine_ref_debug(e, 0, 1)
+                engine_ref_debug(e, 1, 1)
+                }
+        return to_return;
+        }
+
+/* Free a functional reference to a engine type. This version is only used
+ * internally. */
+int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers)
+        {
+        int to_return = 1;
+
+        /* Reduce the functional reference count here so if it's the terminating
+         * case, we can release the lock safely and call the finish() handler
+         * without risk of a race. We get a race if we leave the count until
+         * after and something else is calling "finish" at the same time -
+         * there's a chance that both threads will together take the count from
+         * 2 to 0 without either calling finish(). */
+        e->funct_ref--;
+        engine_ref_debug(e, 1, -1);
+        if((e->funct_ref == 0) && e->finish)
+                {
+                if(unlock_for_handlers)
+                        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+                to_return = e->finish(e);
+                if(unlock_for_handlers)
+                        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+                if(!to_return)
+                        return 0;
+                }
+#ifdef REF_CHECK
+        if(e->funct_ref < 0)
+                {
+                fprintf(stderr,"ENGINE_finish, bad functional reference count\n");
+                abort();
+                }
+#endif
+        /* Release the structural reference too */
+        if(!engine_free_util(e, 0))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_FINISH,ENGINE_R_FINISH_FAILED);
+                return 0;
+                }
+        return to_return;
+        }
+
+/* The API (locked) version of "init" */
+int ENGINE_init(ENGINE *e)
+        {
+        int ret;
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_INIT,ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        ret = engine_unlocked_init(e);
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        return ret;
+        }
+
+/* The API (locked) version of "finish" */
+int ENGINE_finish(ENGINE *e)
+        {
+        int to_return = 1;
+
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_FINISH,ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        to_return = engine_unlocked_finish(e, 1);
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        if(!to_return)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_FINISH,ENGINE_R_FINISH_FAILED);
+                return 0;
+                }
+        return to_return;
+        }
diff --git a/src/lib/libcrypto/engine/eng_int.h b/src/lib/libcrypto/engine/eng_int.h
new file mode 100644
index 0000000000..38335f99cd
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_int.h
@@ -0,0 +1,185 @@
+/* crypto/engine/eng_int.h */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_ENGINE_INT_H
+#define HEADER_ENGINE_INT_H
+
+/* Take public definitions from engine.h */
+#include <openssl/engine.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* If we compile with this symbol defined, then both reference counts in the
+ * ENGINE structure will be monitored with a line of output on stderr for each
+ * change. This prints the engine's pointer address (truncated to unsigned int),
+ * "struct" or "funct" to indicate the reference type, the before and after
+ * reference count, and the file:line-number pair. The "engine_ref_debug"
+ * statements must come *after* the change. */
+#ifdef ENGINE_REF_COUNT_DEBUG
+
+#define engine_ref_debug(e, isfunct, diff) \
+        fprintf(stderr, "engine: %08x %s from %d to %d (%s:%d)\n", \
+                (unsigned int)(e), (isfunct ? "funct" : "struct"), \
+                ((isfunct) ? ((e)->funct_ref - (diff)) : ((e)->struct_ref - (diff))), \
+                ((isfunct) ? (e)->funct_ref : (e)->struct_ref), \
+                (__FILE__), (__LINE__));
+
+#else
+
+#define engine_ref_debug(e, isfunct, diff)
+
+#endif
+
+/* Any code that will need cleanup operations should use these functions to
+ * register callbacks. ENGINE_cleanup() will call all registered callbacks in
+ * order. NB: both the "add" functions assume CRYPTO_LOCK_ENGINE to already be
+ * held (in "write" mode). */
+typedef void (ENGINE_CLEANUP_CB)(void);
+typedef struct st_engine_cleanup_item
+        {
+        ENGINE_CLEANUP_CB *cb;
+        } ENGINE_CLEANUP_ITEM;
+DECLARE_STACK_OF(ENGINE_CLEANUP_ITEM)
+void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb);
+void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb);
+
+/* We need stacks of ENGINEs for use in eng_table.c */
+DECLARE_STACK_OF(ENGINE)
+
+/* If this symbol is defined then engine_table_select(), the function that is
+ * used by RSA, DSA (etc) code to select registered ENGINEs, cache defaults and
+ * functional references (etc), will display debugging summaries to stderr. */
+/* #define ENGINE_TABLE_DEBUG */
+
+/* This represents an implementation table. Dependent code should instantiate it
+ * as a (ENGINE_TABLE *) pointer value set initially to NULL. */
+typedef struct st_engine_table ENGINE_TABLE;
+int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
+                ENGINE *e, const int *nids, int num_nids, int setdefault);
+void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e);
+void engine_table_cleanup(ENGINE_TABLE **table);
+#ifndef ENGINE_TABLE_DEBUG
+ENGINE *engine_table_select(ENGINE_TABLE **table, int nid);
+#else
+ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, int l);
+#define engine_table_select(t,n) engine_table_select_tmp(t,n,__FILE__,__LINE__)
+#endif
+
+/* Internal versions of API functions that have control over locking. These are
+ * used between C files when functionality needs to be shared but the caller may
+ * already be controlling of the CRYPTO_LOCK_ENGINE lock. */
+int engine_unlocked_init(ENGINE *e);
+int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers);
+int engine_free_util(ENGINE *e, int locked);
+
+/* This function will reset all "set"able values in an ENGINE to NULL. This
+ * won't touch reference counts or ex_data, but is equivalent to calling all the
+ * ENGINE_set_***() functions with a NULL value. */
+void engine_set_all_null(ENGINE *e);
+
+/* NB: Bitwise OR-able values for the "flags" variable in ENGINE are now exposed
+ * in engine.h. */
+
+/* This is a structure for storing implementations of various crypto
+ * algorithms and functions. */
+struct engine_st
+        {
+        const char *id;
+        const char *name;
+        const RSA_METHOD *rsa_meth;
+        const DSA_METHOD *dsa_meth;
+        const DH_METHOD *dh_meth;
+        const RAND_METHOD *rand_meth;
+        /* Cipher handling is via this callback */
+        ENGINE_CIPHERS_PTR ciphers;
+        /* Digest handling is via this callback */
+        ENGINE_DIGESTS_PTR digests;
+
+
+        ENGINE_GEN_INT_FUNC_PTR destroy;
+
+        ENGINE_GEN_INT_FUNC_PTR init;
+        ENGINE_GEN_INT_FUNC_PTR finish;
+        ENGINE_CTRL_FUNC_PTR ctrl;
+        ENGINE_LOAD_KEY_PTR load_privkey;
+        ENGINE_LOAD_KEY_PTR load_pubkey;
+
+        const ENGINE_CMD_DEFN *cmd_defns;
+        int flags;
+        /* reference count on the structure itself */
+        int struct_ref;
+        /* reference count on usability of the engine type. NB: This
+         * controls the loading and initialisation of any functionlity
+         * required by this engine, whereas the previous count is
+         * simply to cope with (de)allocation of this structure. Hence,
+         * running_ref <= struct_ref at all times. */
+        int funct_ref;
+        /* A place to store per-ENGINE data */
+        CRYPTO_EX_DATA ex_data;
+        /* Used to maintain the linked-list of engines. */
+        struct engine_st *prev;
+        struct engine_st *next;
+        };
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif /* HEADER_ENGINE_INT_H */
diff --git a/src/lib/libcrypto/engine/eng_lib.c b/src/lib/libcrypto/engine/eng_lib.c
new file mode 100644
index 0000000000..a66d0f08af
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_lib.c
@@ -0,0 +1,321 @@
+/* crypto/engine/eng_lib.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include "eng_int.h"
+#include <openssl/rand.h> /* FIXME: This shouldn't be needed */
+#include <openssl/engine.h>
+
+/* The "new"/"free" stuff first */
+
+ENGINE *ENGINE_new(void)
+        {
+        ENGINE *ret;
+
+        ret = (ENGINE *)OPENSSL_malloc(sizeof(ENGINE));
+        if(ret == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE);
+                return NULL;
+                }
+        memset(ret, 0, sizeof(ENGINE));
+        ret->struct_ref = 1;
+        engine_ref_debug(ret, 0, 1)
+        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data);
+        return ret;
+        }
+
+/* Placed here (close proximity to ENGINE_new) so that modifications to the
+ * elements of the ENGINE structure are more likely to be caught and changed
+ * here. */
+void engine_set_all_null(ENGINE *e)
+        {
+        e->id = NULL;
+        e->name = NULL;
+        e->rsa_meth = NULL;
+        e->dsa_meth = NULL;
+        e->dh_meth = NULL;
+        e->rand_meth = NULL;
+        e->ciphers = NULL;
+        e->digests = NULL;
+        e->destroy = NULL;
+        e->init = NULL;
+        e->finish = NULL;
+        e->ctrl = NULL;
+        e->load_privkey = NULL;
+        e->load_pubkey = NULL;
+        e->cmd_defns = NULL;
+        e->flags = 0;
+        }
+
+int engine_free_util(ENGINE *e, int locked)
+        {
+        int i;
+
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_FREE,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        if(locked)
+                i = CRYPTO_add(&e->struct_ref,-1,CRYPTO_LOCK_ENGINE);
+        else
+                i = --e->struct_ref;
+        engine_ref_debug(e, 0, -1)
+        if (i > 0) return 1;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"ENGINE_free, bad structural reference count\n");
+                abort();
+                }
+#endif
+        /* Give the ENGINE a chance to do any structural cleanup corresponding
+         * to allocation it did in its constructor (eg. unload error strings) */
+        if(e->destroy)
+                e->destroy(e);
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data);
+        OPENSSL_free(e);
+        return 1;
+        }
+
+int ENGINE_free(ENGINE *e)
+        {
+        return engine_free_util(e, 1);
+        }
+
+/* Cleanup stuff */
+
+/* ENGINE_cleanup() is coded such that anything that does work that will need
+ * cleanup can register a "cleanup" callback here. That way we don't get linker
+ * bloat by referring to all *possible* cleanups, but any linker bloat into code
+ * "X" will cause X's cleanup function to end up here. */
+static STACK_OF(ENGINE_CLEANUP_ITEM) *cleanup_stack = NULL;
+static int int_cleanup_check(int create)
+        {
+        if(cleanup_stack) return 1;
+        if(!create) return 0;
+        cleanup_stack = sk_ENGINE_CLEANUP_ITEM_new_null();
+        return (cleanup_stack ? 1 : 0);
+        }
+static ENGINE_CLEANUP_ITEM *int_cleanup_item(ENGINE_CLEANUP_CB *cb)
+        {
+        ENGINE_CLEANUP_ITEM *item = OPENSSL_malloc(sizeof(
+                                        ENGINE_CLEANUP_ITEM));
+        if(!item) return NULL;
+        item->cb = cb;
+        return item;
+        }
+void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb)
+        {
+        ENGINE_CLEANUP_ITEM *item;
+        if(!int_cleanup_check(1)) return;
+        item = int_cleanup_item(cb);
+        if(item)
+                sk_ENGINE_CLEANUP_ITEM_insert(cleanup_stack, item, 0);
+        }
+void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb)
+        {
+        ENGINE_CLEANUP_ITEM *item;
+        if(!int_cleanup_check(1)) return;
+        item = int_cleanup_item(cb);
+        if(item)
+                sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item);
+        }
+/* The API function that performs all cleanup */
+static void engine_cleanup_cb_free(ENGINE_CLEANUP_ITEM *item)
+        {
+        (*(item->cb))();
+        OPENSSL_free(item);
+        }
+void ENGINE_cleanup(void)
+        {
+        if(int_cleanup_check(0))
+                {
+                sk_ENGINE_CLEANUP_ITEM_pop_free(cleanup_stack,
+                        engine_cleanup_cb_free);
+                cleanup_stack = NULL;
+                }
+        /* FIXME: This should be handled (somehow) through RAND, eg. by it
+         * registering a cleanup callback. */
+        RAND_set_rand_method(NULL);
+        }
+
+/* Now the "ex_data" support */
+
+int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+                CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+        {
+        return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, argl, argp,
+                        new_func, dup_func, free_func);
+        }
+
+int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg)
+        {
+        return(CRYPTO_set_ex_data(&e->ex_data, idx, arg));
+        }
+
+void *ENGINE_get_ex_data(const ENGINE *e, int idx)
+        {
+        return(CRYPTO_get_ex_data(&e->ex_data, idx));
+        }
+
+/* Functions to get/set an ENGINE's elements - mainly to avoid exposing the
+ * ENGINE structure itself. */
+
+int ENGINE_set_id(ENGINE *e, const char *id)
+        {
+        if(id == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_SET_ID,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        e->id = id;
+        return 1;
+        }
+
+int ENGINE_set_name(ENGINE *e, const char *name)
+        {
+        if(name == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_SET_NAME,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        e->name = name;
+        return 1;
+        }
+
+int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f)
+        {
+        e->destroy = destroy_f;
+        return 1;
+        }
+
+int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f)
+        {
+        e->init = init_f;
+        return 1;
+        }
+
+int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f)
+        {
+        e->finish = finish_f;
+        return 1;
+        }
+
+int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f)
+        {
+        e->ctrl = ctrl_f;
+        return 1;
+        }
+
+int ENGINE_set_flags(ENGINE *e, int flags)
+        {
+        e->flags = flags;
+        return 1;
+        }
+
+int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns)
+        {
+        e->cmd_defns = defns;
+        return 1;
+        }
+
+const char *ENGINE_get_id(const ENGINE *e)
+        {
+        return e->id;
+        }
+
+const char *ENGINE_get_name(const ENGINE *e)
+        {
+        return e->name;
+        }
+
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e)
+        {
+        return e->destroy;
+        }
+
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e)
+        {
+        return e->init;
+        }
+
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e)
+        {
+        return e->finish;
+        }
+
+ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e)
+        {
+        return e->ctrl;
+        }
+
+int ENGINE_get_flags(const ENGINE *e)
+        {
+        return e->flags;
+        }
+
+const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e)
+        {
+        return e->cmd_defns;
+        }
diff --git a/src/lib/libcrypto/engine/eng_list.c b/src/lib/libcrypto/engine/eng_list.c
new file mode 100644
index 0000000000..0c220558e7
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_list.c
@@ -0,0 +1,383 @@
+/* crypto/engine/eng_list.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include "eng_int.h"
+#include <openssl/engine.h>
+
+/* The linked-list of pointers to engine types. engine_list_head
+ * incorporates an implicit structural reference but engine_list_tail
+ * does not - the latter is a computational niceity and only points
+ * to something that is already pointed to by its predecessor in the
+ * list (or engine_list_head itself). In the same way, the use of the
+ * "prev" pointer in each ENGINE is to save excessive list iteration,
+ * it doesn't correspond to an extra structural reference. Hence,
+ * engine_list_head, and each non-null "next" pointer account for
+ * the list itself assuming exactly 1 structural reference on each
+ * list member. */
+static ENGINE *engine_list_head = NULL;
+static ENGINE *engine_list_tail = NULL;
+
+/* This cleanup function is only needed internally. If it should be called, we
+ * register it with the "ENGINE_cleanup()" stack to be called during cleanup. */
+
+static void engine_list_cleanup(void)
+        {
+        ENGINE *iterator = engine_list_head;
+
+        while(iterator != NULL)
+                {
+                ENGINE_remove(iterator);
+                iterator = engine_list_head;
+                }
+        return;
+        }
+
+/* These static functions starting with a lower case "engine_" always
+ * take place when CRYPTO_LOCK_ENGINE has been locked up. */
+static int engine_list_add(ENGINE *e)
+        {
+        int conflict = 0;
+        ENGINE *iterator = NULL;
+
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        iterator = engine_list_head;
+        while(iterator && !conflict)
+                {
+                conflict = (strcmp(iterator->id, e->id) == 0);
+                iterator = iterator->next;
+                }
+        if(conflict)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
+                        ENGINE_R_CONFLICTING_ENGINE_ID);
+                return 0;
+                }
+        if(engine_list_head == NULL)
+                {
+                /* We are adding to an empty list. */
+                if(engine_list_tail)
+                        {
+                        ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
+                                ENGINE_R_INTERNAL_LIST_ERROR);
+                        return 0;
+                        }
+                engine_list_head = e;
+                e->prev = NULL;
+                /* The first time the list allocates, we should register the
+                 * cleanup. */
+                engine_cleanup_add_last(engine_list_cleanup);
+                }
+        else
+                {
+                /* We are adding to the tail of an existing list. */
+                if((engine_list_tail == NULL) ||
+                                (engine_list_tail->next != NULL))
+                        {
+                        ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
+                                ENGINE_R_INTERNAL_LIST_ERROR);
+                        return 0;
+                        }
+                engine_list_tail->next = e;
+                e->prev = engine_list_tail;
+                }
+        /* Having the engine in the list assumes a structural
+         * reference. */
+        e->struct_ref++;
+        engine_ref_debug(e, 0, 1)
+        /* However it came to be, e is the last item in the list. */
+        engine_list_tail = e;
+        e->next = NULL;
+        return 1;
+        }
+
+static int engine_list_remove(ENGINE *e)
+        {
+        ENGINE *iterator;
+
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        /* We need to check that e is in our linked list! */
+        iterator = engine_list_head;
+        while(iterator && (iterator != e))
+                iterator = iterator->next;
+        if(iterator == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
+                        ENGINE_R_ENGINE_IS_NOT_IN_LIST);
+                return 0;
+                }
+        /* un-link e from the chain. */
+        if(e->next)
+                e->next->prev = e->prev;
+        if(e->prev)
+                e->prev->next = e->next;
+        /* Correct our head/tail if necessary. */
+        if(engine_list_head == e)
+                engine_list_head = e->next;
+        if(engine_list_tail == e)
+                engine_list_tail = e->prev;
+        engine_free_util(e, 0);
+        return 1;
+        }
+
+/* Get the first/last "ENGINE" type available. */
+ENGINE *ENGINE_get_first(void)
+        {
+        ENGINE *ret;
+
+        CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
+        ret = engine_list_head;
+        if(ret)
+                {
+                ret->struct_ref++;
+                engine_ref_debug(ret, 0, 1)
+                }
+        CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
+        return ret;
+        }
+
+ENGINE *ENGINE_get_last(void)
+        {
+        ENGINE *ret;
+
+        CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
+                ret = engine_list_tail;
+        if(ret)
+                {
+                ret->struct_ref++;
+                engine_ref_debug(ret, 0, 1)
+                }
+        CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
+        return ret;
+        }
+
+/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
+ENGINE *ENGINE_get_next(ENGINE *e)
+        {
+        ENGINE *ret = NULL;
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_GET_NEXT,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
+        ret = e->next;
+        if(ret)
+                {
+                /* Return a valid structural refernce to the next ENGINE */
+                ret->struct_ref++;
+                engine_ref_debug(ret, 0, 1)
+                }
+        CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
+        /* Release the structural reference to the previous ENGINE */
+        ENGINE_free(e);
+        return ret;
+        }
+
+ENGINE *ENGINE_get_prev(ENGINE *e)
+        {
+        ENGINE *ret = NULL;
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_GET_PREV,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
+        ret = e->prev;
+        if(ret)
+                {
+                /* Return a valid structural reference to the next ENGINE */
+                ret->struct_ref++;
+                engine_ref_debug(ret, 0, 1)
+                }
+        CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
+        /* Release the structural reference to the previous ENGINE */
+        ENGINE_free(e);
+        return ret;
+        }
+
+/* Add another "ENGINE" type into the list. */
+int ENGINE_add(ENGINE *e)
+        {
+        int to_return = 1;
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_ADD,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        if((e->id == NULL) || (e->name == NULL))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_ADD,
+                        ENGINE_R_ID_OR_NAME_MISSING);
+                }
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        if(!engine_list_add(e))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_ADD,
+                        ENGINE_R_INTERNAL_LIST_ERROR);
+                to_return = 0;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        return to_return;
+        }
+
+/* Remove an existing "ENGINE" type from the array. */
+int ENGINE_remove(ENGINE *e)
+        {
+        int to_return = 1;
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_REMOVE,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        if(!engine_list_remove(e))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_REMOVE,
+                        ENGINE_R_INTERNAL_LIST_ERROR);
+                to_return = 0;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        return to_return;
+        }
+
+static void engine_cpy(ENGINE *dest, const ENGINE *src)
+        {
+        dest->id = src->id;
+        dest->name = src->name;
+#ifndef OPENSSL_NO_RSA
+        dest->rsa_meth = src->rsa_meth;
+#endif
+#ifndef OPENSSL_NO_DSA
+        dest->dsa_meth = src->dsa_meth;
+#endif
+#ifndef OPENSSL_NO_DH
+        dest->dh_meth = src->dh_meth;
+#endif
+        dest->rand_meth = src->rand_meth;
+        dest->ciphers = src->ciphers;
+        dest->digests = src->digests;
+        dest->destroy = src->destroy;
+        dest->init = src->init;
+        dest->finish = src->finish;
+        dest->ctrl = src->ctrl;
+        dest->load_privkey = src->load_privkey;
+        dest->load_pubkey = src->load_pubkey;
+        dest->cmd_defns = src->cmd_defns;
+        dest->flags = src->flags;
+        }
+
+ENGINE *ENGINE_by_id(const char *id)
+        {
+        ENGINE *iterator;
+        if(id == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_BY_ID,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return NULL;
+                }
+        CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
+        iterator = engine_list_head;
+        while(iterator && (strcmp(id, iterator->id) != 0))
+                iterator = iterator->next;
+        if(iterator)
+                {
+                /* We need to return a structural reference. If this is an
+                 * ENGINE type that returns copies, make a duplicate - otherwise
+                 * increment the existing ENGINE's reference count. */
+                if(iterator->flags & ENGINE_FLAGS_BY_ID_COPY)
+                        {
+                        ENGINE *cp = ENGINE_new();
+                        if(!cp)
+                                iterator = NULL;
+                        else
+                                {
+                                engine_cpy(cp, iterator);
+                                iterator = cp;
+                                }
+                        }
+                else
+                        {
+                        iterator->struct_ref++;
+                        engine_ref_debug(iterator, 0, 1)
+                        }
+                }
+        CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
+        if(iterator == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_BY_ID,
+                        ENGINE_R_NO_SUCH_ENGINE);
+                ERR_add_error_data(2, "id=", id);
+                }
+        return iterator;
+        }
diff --git a/src/lib/libcrypto/engine/eng_openssl.c b/src/lib/libcrypto/engine/eng_openssl.c
new file mode 100644
index 0000000000..e9d976f46b
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_openssl.c
@@ -0,0 +1,347 @@
+/* crypto/engine/eng_openssl.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/engine.h>
+#include <openssl/dso.h>
+#include <openssl/pem.h>
+
+/* This testing gunk is implemented (and explained) lower down. It also assumes
+ * the application explicitly calls "ENGINE_load_openssl()" because this is no
+ * longer automatic in ENGINE_load_builtin_engines(). */
+#define TEST_ENG_OPENSSL_RC4
+#define TEST_ENG_OPENSSL_PKEY
+/* #define TEST_ENG_OPENSSL_RC4_OTHERS */
+#define TEST_ENG_OPENSSL_RC4_P_INIT
+/* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */
+#define TEST_ENG_OPENSSL_SHA
+/* #define TEST_ENG_OPENSSL_SHA_OTHERS */
+/* #define TEST_ENG_OPENSSL_SHA_P_INIT */
+/* #define TEST_ENG_OPENSSL_SHA_P_UPDATE */
+/* #define TEST_ENG_OPENSSL_SHA_P_FINAL */
+
+#ifdef TEST_ENG_OPENSSL_RC4
+static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+                                const int **nids, int nid);
+#endif
+#ifdef TEST_ENG_OPENSSL_SHA
+static int openssl_digests(ENGINE *e, const EVP_MD **digest,
+                                const int **nids, int nid);
+#endif
+
+#ifdef TEST_ENG_OPENSSL_PKEY
+static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
+        UI_METHOD *ui_method, void *callback_data);
+#endif
+
+/* The constants used when creating the ENGINE */
+static const char *engine_openssl_id = "openssl";
+static const char *engine_openssl_name = "Software engine support";
+
+/* This internal function is used by ENGINE_openssl() and possibly by the
+ * "dynamic" ENGINE support too */
+static int bind_helper(ENGINE *e)
+        {
+        if(!ENGINE_set_id(e, engine_openssl_id)
+                        || !ENGINE_set_name(e, engine_openssl_name)
+#ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS
+#ifndef OPENSSL_NO_RSA
+                        || !ENGINE_set_RSA(e, RSA_get_default_method())
+#endif
+#ifndef OPENSSL_NO_DSA
+                        || !ENGINE_set_DSA(e, DSA_get_default_method())
+#endif
+#ifndef OPENSSL_NO_DH
+                        || !ENGINE_set_DH(e, DH_get_default_method())
+#endif
+                        || !ENGINE_set_RAND(e, RAND_SSLeay())
+#ifdef TEST_ENG_OPENSSL_RC4
+                        || !ENGINE_set_ciphers(e, openssl_ciphers)
+#endif
+#ifdef TEST_ENG_OPENSSL_SHA
+                        || !ENGINE_set_digests(e, openssl_digests)
+#endif
+#endif
+#ifdef TEST_ENG_OPENSSL_PKEY
+                        || !ENGINE_set_load_privkey_function(e, openssl_load_privkey)
+#endif
+                        )
+                return 0;
+        /* If we add errors to this ENGINE, ensure the error handling is setup here */
+        /* openssl_load_error_strings(); */
+        return 1;
+        }
+
+static ENGINE *engine_openssl(void)
+        {
+        ENGINE *ret = ENGINE_new();
+        if(!ret)
+                return NULL;
+        if(!bind_helper(ret))
+                {
+                ENGINE_free(ret);
+                return NULL;
+                }
+        return ret;
+        }
+
+void ENGINE_load_openssl(void)
+        {
+        ENGINE *toadd = engine_openssl();
+        if(!toadd) return;
+        ENGINE_add(toadd);
+        /* If the "add" worked, it gets a structural reference. So either way,
+         * we release our just-created reference. */
+        ENGINE_free(toadd);
+        ERR_clear_error();
+        }
+
+/* This stuff is needed if this ENGINE is being compiled into a self-contained
+ * shared-library. */
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_fn(ENGINE *e, const char *id)
+        {
+        if(id && (strcmp(id, engine_openssl_id) != 0))
+                return 0;
+        if(!bind_helper(e))
+                return 0;
+        return 1;
+        }
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#endif /* ENGINE_DYNAMIC_SUPPORT */
+
+#ifdef TEST_ENG_OPENSSL_RC4
+/* This section of code compiles an "alternative implementation" of two modes of
+ * RC4 into this ENGINE. The result is that EVP_CIPHER operation for "rc4"
+ * should under normal circumstances go via this support rather than the default
+ * EVP support. There are other symbols to tweak the testing;
+ *    TEST_ENC_OPENSSL_RC4_OTHERS - print a one line message to stderr each time
+ *        we're asked for a cipher we don't support (should not happen).
+ *    TEST_ENG_OPENSSL_RC4_P_INIT - print a one line message to stderr each time
+ *        the "init_key" handler is called.
+ *    TEST_ENG_OPENSSL_RC4_P_CIPHER - ditto for the "cipher" handler.
+ */
+#include <openssl/evp.h>
+#include <openssl/rc4.h>
+#define TEST_RC4_KEY_SIZE               16
+static int test_cipher_nids[] = {NID_rc4,NID_rc4_40};
+static int test_cipher_nids_number = 2;
+typedef struct {
+        unsigned char key[TEST_RC4_KEY_SIZE];
+        RC4_KEY ks;
+        } TEST_RC4_KEY;
+#define test(ctx) ((TEST_RC4_KEY *)(ctx)->cipher_data)
+static int test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv, int enc)
+        {
+#ifdef TEST_ENG_OPENSSL_RC4_P_INIT
+        fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_init_key() called\n");
+#endif
+        memcpy(&test(ctx)->key[0],key,EVP_CIPHER_CTX_key_length(ctx));
+        RC4_set_key(&test(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),
+                test(ctx)->key);
+        return 1;
+        }
+static int test_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                      const unsigned char *in, unsigned int inl)
+        {
+#ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER
+        fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n");
+#endif
+        RC4(&test(ctx)->ks,inl,in,out);
+        return 1;
+        }
+static const EVP_CIPHER test_r4_cipher=
+        {
+        NID_rc4,
+        1,TEST_RC4_KEY_SIZE,0,
+        EVP_CIPH_VARIABLE_LENGTH,
+        test_rc4_init_key,
+        test_rc4_cipher,
+        NULL,
+        sizeof(TEST_RC4_KEY),
+        NULL,
+        NULL,
+        NULL
+        };
+static const EVP_CIPHER test_r4_40_cipher=
+        {
+        NID_rc4_40,
+        1,5 /* 40 bit */,0,
+        EVP_CIPH_VARIABLE_LENGTH,
+        test_rc4_init_key,
+        test_rc4_cipher,
+        NULL,
+        sizeof(TEST_RC4_KEY),
+        NULL, 
+        NULL,
+        NULL
+        };
+static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+                        const int **nids, int nid)
+        {
+        if(!cipher)
+                {
+                /* We are returning a list of supported nids */
+                *nids = test_cipher_nids;
+                return test_cipher_nids_number;
+                }
+        /* We are being asked for a specific cipher */
+        if(nid == NID_rc4)
+                *cipher = &test_r4_cipher;
+        else if(nid == NID_rc4_40)
+                *cipher = &test_r4_40_cipher;
+        else
+                {
+#ifdef TEST_ENG_OPENSSL_RC4_OTHERS
+                fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) returning NULL for "
+                                "nid %d\n", nid);
+#endif
+                *cipher = NULL;
+                return 0;
+                }
+        return 1;
+        }
+#endif
+
+#ifdef TEST_ENG_OPENSSL_SHA
+/* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */
+#include <openssl/evp.h>
+#include <openssl/sha.h>
+static int test_digest_nids[] = {NID_sha1};
+static int test_digest_nids_number = 1;
+static int test_sha1_init(EVP_MD_CTX *ctx)
+        {
+#ifdef TEST_ENG_OPENSSL_SHA_P_INIT
+        fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n");
+#endif
+        return SHA1_Init(ctx->md_data);
+        }
+static int test_sha1_update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+        {
+#ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE
+        fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n");
+#endif
+        return SHA1_Update(ctx->md_data,data,count);
+        }
+static int test_sha1_final(EVP_MD_CTX *ctx,unsigned char *md)
+        {
+#ifdef TEST_ENG_OPENSSL_SHA_P_FINAL
+        fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n");
+#endif
+        return SHA1_Final(md,ctx->md_data);
+        }
+static const EVP_MD test_sha_md=
+        {
+        NID_sha1,
+        NID_sha1WithRSAEncryption,
+        SHA_DIGEST_LENGTH,
+        0,
+        test_sha1_init,
+        test_sha1_update,
+        test_sha1_final,
+        NULL,
+        NULL,
+        EVP_PKEY_RSA_method,
+        SHA_CBLOCK,
+        sizeof(EVP_MD *)+sizeof(SHA_CTX),
+        };
+static int openssl_digests(ENGINE *e, const EVP_MD **digest,
+                        const int **nids, int nid)
+        {
+        if(!digest)
+                {
+                /* We are returning a list of supported nids */
+                *nids = test_digest_nids;
+                return test_digest_nids_number;
+                }
+        /* We are being asked for a specific digest */
+        if(nid == NID_sha1)
+                *digest = &test_sha_md;
+        else
+                {
+#ifdef TEST_ENG_OPENSSL_SHA_OTHERS
+                fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for "
+                                "nid %d\n", nid);
+#endif
+                *digest = NULL;
+                return 0;
+                }
+        return 1;
+        }
+#endif
+
+#ifdef TEST_ENG_OPENSSL_PKEY
+static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
+        UI_METHOD *ui_method, void *callback_data)
+        {
+        BIO *in;
+        EVP_PKEY *key;
+        fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n", key_id);
+        in = BIO_new_file(key_id, "r");
+        if (!in)
+                return NULL;
+        key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL);
+        BIO_free(in);
+        return key;
+        }
+#endif
diff --git a/src/lib/libcrypto/engine/eng_pkey.c b/src/lib/libcrypto/engine/eng_pkey.c
new file mode 100644
index 0000000000..8c69171511
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_pkey.c
@@ -0,0 +1,157 @@
+/* crypto/engine/eng_pkey.c */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include "eng_int.h"
+#include <openssl/engine.h>
+
+/* Basic get/set stuff */
+
+int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f)
+        {
+        e->load_privkey = loadpriv_f;
+        return 1;
+        }
+
+int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f)
+        {
+        e->load_pubkey = loadpub_f;
+        return 1;
+        }
+
+ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e)
+        {
+        return e->load_privkey;
+        }
+
+ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e)
+        {
+        return e->load_pubkey;
+        }
+
+/* API functions to load public/private keys */
+
+EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
+        UI_METHOD *ui_method, void *callback_data)
+        {
+        EVP_PKEY *pkey;
+
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        if(e->funct_ref == 0)
+                {
+                CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+                ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+                        ENGINE_R_NOT_INITIALISED);
+                return 0;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        if (!e->load_privkey)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+                        ENGINE_R_NO_LOAD_FUNCTION);
+                return 0;
+                }
+        pkey = e->load_privkey(e, key_id, ui_method, callback_data);
+        if (!pkey)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+                        ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
+                return 0;
+                }
+        return pkey;
+        }
+
+EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
+        UI_METHOD *ui_method, void *callback_data)
+        {
+        EVP_PKEY *pkey;
+
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        if(e->funct_ref == 0)
+                {
+                CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+                ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+                        ENGINE_R_NOT_INITIALISED);
+                return 0;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        if (!e->load_pubkey)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+                        ENGINE_R_NO_LOAD_FUNCTION);
+                return 0;
+                }
+        pkey = e->load_pubkey(e, key_id, ui_method, callback_data);
+        if (!pkey)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+                        ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
+                return 0;
+                }
+        return pkey;
+        }
diff --git a/src/lib/libcrypto/engine/eng_table.c b/src/lib/libcrypto/engine/eng_table.c
new file mode 100644
index 0000000000..c69a84a8bf
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_table.c
@@ -0,0 +1,361 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include "eng_int.h"
+
+/* This is the type of item in the 'implementation' table. Each 'nid' hashes to
+ * a (potentially NULL) ENGINE_PILE structure which contains a stack of ENGINE*
+ * pointers. These pointers aren't references, because they're inserted and
+ * removed during ENGINE creation and ENGINE destruction. They point to ENGINEs
+ * that *exist* (ie. have a structural reference count greater than zero) rather
+ * than ENGINEs that are *functional*. Each pointer in those stacks are to
+ * ENGINEs that implements the algorithm corresponding to each 'nid'. */
+
+/* The type of the items in the table */
+typedef struct st_engine_pile
+        {
+        /* The 'nid' of the algorithm/mode this ENGINE_PILE structure represents
+         * */
+        int nid;
+        /* A stack of ENGINE pointers for ENGINEs that support this
+         * algorithm/mode. In the event that 'funct' is NULL, the first entry in
+         * this stack that initialises will be set as 'funct' and assumed as the
+         * default for operations of this type. */
+        STACK_OF(ENGINE) *sk;
+        /* The default ENGINE to perform this algorithm/mode. */
+        ENGINE *funct;
+        /* This value optimises engine_table_select(). If it is called it sets
+         * this value to 1. Any changes to this ENGINE_PILE resets it to zero.
+         * As such, no ENGINE_init() thrashing is done unless ENGINEs
+         * continually register (and/or unregister). */
+        int uptodate;
+        } ENGINE_PILE;
+
+/* The type of the hash table of ENGINE_PILE structures such that each are
+ * unique and keyed by the 'nid' value. */
+struct st_engine_table
+        {
+        LHASH piles;
+        }; /* ENGINE_TABLE */
+
+/* This value stores global options controlling behaviour of (mostly) the
+ * engine_table_select() function. It's a bitmask of flag values of the form
+ * ENGINE_TABLE_FLAG_*** (as defined in engine.h) and is controlled by the
+ * ENGINE_[get|set]_table_flags() function. */
+static unsigned int table_flags = 0;
+
+/* API function manipulating 'table_flags' */
+unsigned int ENGINE_get_table_flags(void)
+        {
+        return table_flags;
+        }
+void ENGINE_set_table_flags(unsigned int flags)
+        {
+        table_flags = flags;
+        }
+
+/* Internal functions for the "piles" hash table */
+static unsigned long engine_pile_hash(const ENGINE_PILE *c)
+        {
+        return c->nid;
+        }
+static int engine_pile_cmp(const ENGINE_PILE *a, const ENGINE_PILE *b)
+        {
+        return a->nid - b->nid;
+        }
+static IMPLEMENT_LHASH_HASH_FN(engine_pile_hash, const ENGINE_PILE *)
+static IMPLEMENT_LHASH_COMP_FN(engine_pile_cmp, const ENGINE_PILE *)
+static int int_table_check(ENGINE_TABLE **t, int create)
+        {
+        LHASH *lh;
+        if(*t)
+                return 1;
+        if(!create)
+                return 0;
+        if((lh = lh_new(LHASH_HASH_FN(engine_pile_hash),
+                        LHASH_COMP_FN(engine_pile_cmp))) == NULL)
+                return 0;
+        *t = (ENGINE_TABLE *)lh;
+        return 1;
+        }
+
+/* Privately exposed (via eng_int.h) functions for adding and/or removing
+ * ENGINEs from the implementation table */
+int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
+                ENGINE *e, const int *nids, int num_nids, int setdefault)
+        {
+        int ret = 0, added = 0;
+        ENGINE_PILE tmplate, *fnd;
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        if(!(*table))
+                added = 1;
+        if(!int_table_check(table, 1))
+                goto end;
+        if(added)
+                /* The cleanup callback needs to be added */
+                engine_cleanup_add_first(cleanup);
+        while(num_nids--)
+                {
+                tmplate.nid = *nids;
+                fnd = lh_retrieve(&(*table)->piles, &tmplate);
+                if(!fnd)
+                        {
+                        fnd = OPENSSL_malloc(sizeof(ENGINE_PILE));
+                        if(!fnd)
+                                goto end;
+                        fnd->uptodate = 1;
+                        fnd->nid = *nids;
+                        fnd->sk = sk_ENGINE_new_null();
+                        if(!fnd->sk)
+                                {
+                                OPENSSL_free(fnd);
+                                goto end;
+                                }
+                        fnd->funct= NULL;
+                        lh_insert(&(*table)->piles, fnd);
+                        }
+                /* A registration shouldn't add duplciate entries */
+                sk_ENGINE_delete_ptr(fnd->sk, e);
+                /* if 'setdefault', this ENGINE goes to the head of the list */
+                if(!sk_ENGINE_push(fnd->sk, e))
+                        goto end;
+                /* "touch" this ENGINE_PILE */
+                fnd->uptodate = 0;
+                if(setdefault)
+                        {
+                        if(!engine_unlocked_init(e))
+                                {
+                                ENGINEerr(ENGINE_F_ENGINE_TABLE_REGISTER,
+                                                ENGINE_R_INIT_FAILED);
+                                goto end;
+                                }
+                        if(fnd->funct)
+                                engine_unlocked_finish(fnd->funct, 0);
+                        fnd->funct = e;
+                        }
+                nids++;
+                }
+        ret = 1;
+end:
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        return ret;
+        }
+static void int_unregister_cb(ENGINE_PILE *pile, ENGINE *e)
+        {
+        int n;
+        /* Iterate the 'c->sk' stack removing any occurance of 'e' */
+        while((n = sk_ENGINE_find(pile->sk, e)) >= 0)
+                {
+                sk_ENGINE_delete(pile->sk, n);
+                /* "touch" this ENGINE_CIPHER */
+                pile->uptodate = 0;
+                }
+        if(pile->funct == e)
+                {
+                engine_unlocked_finish(e, 0);
+                pile->funct = NULL;
+                }
+        }
+static IMPLEMENT_LHASH_DOALL_ARG_FN(int_unregister_cb,ENGINE_PILE *,ENGINE *)
+void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e)
+        {
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        if(int_table_check(table, 0))
+                lh_doall_arg(&(*table)->piles,
+                        LHASH_DOALL_ARG_FN(int_unregister_cb), e);
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        }
+
+static void int_cleanup_cb(ENGINE_PILE *p)
+        {
+        sk_ENGINE_free(p->sk);
+        if(p->funct)
+                engine_unlocked_finish(p->funct, 0);
+        OPENSSL_free(p);
+        }
+static IMPLEMENT_LHASH_DOALL_FN(int_cleanup_cb,ENGINE_PILE *)
+void engine_table_cleanup(ENGINE_TABLE **table)
+        {
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        if(*table)
+                {
+                lh_doall(&(*table)->piles, LHASH_DOALL_FN(int_cleanup_cb));
+                lh_free(&(*table)->piles);
+                *table = NULL;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        }
+
+/* Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references) for a given cipher 'nid' */
+#ifndef ENGINE_TABLE_DEBUG
+ENGINE *engine_table_select(ENGINE_TABLE **table, int nid)
+#else
+ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, int l)
+#endif
+        {
+        ENGINE *ret = NULL;
+        ENGINE_PILE tmplate, *fnd=NULL;
+        int initres, loop = 0;
+
+        /* If 'engine_ciphers' is NULL, then it's absolutely *sure* that no
+         * ENGINEs have registered any implementations! */
+        if(!(*table))
+                {
+#ifdef ENGINE_TABLE_DEBUG
+                fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, no "
+                        "registered for anything!\n", f, l, nid);
+#endif
+                return NULL;
+                }
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        /* Check again inside the lock otherwise we could race against cleanup
+         * operations. But don't worry about a fprintf(stderr). */
+        if(!int_table_check(table, 0))
+                goto end;
+        tmplate.nid = nid;
+        fnd = lh_retrieve(&(*table)->piles, &tmplate);
+        if(!fnd)
+                goto end;
+        if(fnd->funct && engine_unlocked_init(fnd->funct))
+                {
+#ifdef ENGINE_TABLE_DEBUG
+                fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using "
+                        "ENGINE '%s' cached\n", f, l, nid, fnd->funct->id);
+#endif
+                ret = fnd->funct;
+                goto end;
+                }
+        if(fnd->uptodate)
+                {
+                ret = fnd->funct;
+                goto end;
+                }
+trynext:
+        ret = sk_ENGINE_value(fnd->sk, loop++);
+        if(!ret)
+                {
+#ifdef ENGINE_TABLE_DEBUG
+                fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, no "
+                                "registered implementations would initialise\n",
+                                f, l, nid);
+#endif
+                goto end;
+                }
+#if 0
+        /* Don't need to get a reference if we hold the lock. If the locking has
+         * to change in future, that would be different ... */
+        ret->struct_ref++; engine_ref_debug(ret, 0, 1)
+#endif
+        /* Try and initialise the ENGINE if it's already functional *or* if the
+         * ENGINE_TABLE_FLAG_NOINIT flag is not set. */
+        if((ret->funct_ref > 0) || !(table_flags & ENGINE_TABLE_FLAG_NOINIT))
+                initres = engine_unlocked_init(ret);
+        else
+                initres = 0;
+#if 0
+        /* Release the structural reference */
+        ret->struct_ref--; engine_ref_debug(ret, 0, -1);
+#endif
+        if(initres)
+                {
+                /* If we didn't have a default (functional reference) for this
+                 * 'nid' (or we had one but for whatever reason we're now
+                 * initialising a different one), use this opportunity to set
+                 * 'funct'. */
+                if((fnd->funct != ret) && engine_unlocked_init(ret))
+                        {
+                        /* If there was a previous default we release it. */
+                        if(fnd->funct)
+                                engine_unlocked_finish(fnd->funct, 0);
+                        /* We got an extra functional reference for the
+                         * per-'nid' default */
+                        fnd->funct = ret;
+#ifdef ENGINE_TABLE_DEBUG
+                        fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, "
+                                "setting default to '%s'\n", f, l, nid, ret->id);
+#endif
+                        }
+#ifdef ENGINE_TABLE_DEBUG
+                fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using "
+                                "newly initialised '%s'\n", f, l, nid, ret->id);
+#endif
+                goto end;
+                }
+        goto trynext;
+end:
+        /* Whatever happened - we should "untouch" our uptodate file seeing as
+         * we have tried our best to find a functional reference for 'nid'. If
+         * it failed, it is unlikely to succeed again until some future
+         * registrations (or unregistrations) have taken place that affect that
+         * 'nid'. */
+        if(fnd)
+                fnd->uptodate = 1;
+#ifdef ENGINE_TABLE_DEBUG
+        if(ret)
+                fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "
+                                "ENGINE '%s'\n", f, l, nid, ret->id);
+        else
+                fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "
+                                "'no matching ENGINE'\n", f, l, nid);
+#endif
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        /* Whatever happened, any failed init()s are not failures in this
+         * context, so clear our error state. */
+        ERR_clear_error();
+        return ret;
+        }
diff --git a/src/lib/libcrypto/engine/engine.h b/src/lib/libcrypto/engine/engine.h
new file mode 100644
index 0000000000..fd17ff616d
--- /dev/null
+++ b/src/lib/libcrypto/engine/engine.h
@@ -0,0 +1,717 @@
+/* openssl/engine.h */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_ENGINE_H
+#define HEADER_ENGINE_H
+
+#include <openssl/ossl_typ.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
+#include <openssl/rand.h>
+#include <openssl/ui.h>
+#include <openssl/symhacks.h>
+#include <openssl/err.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Fixups for missing algorithms */
+#ifdef OPENSSL_NO_RSA
+typedef void RSA_METHOD;
+#endif
+#ifdef OPENSSL_NO_DSA
+typedef void DSA_METHOD;
+#endif
+#ifdef OPENSSL_NO_DH
+typedef void DH_METHOD;
+#endif
+
+/* These flags are used to control combinations of algorithm (methods)
+ * by bitwise "OR"ing. */
+#define ENGINE_METHOD_RSA               (unsigned int)0x0001
+#define ENGINE_METHOD_DSA               (unsigned int)0x0002
+#define ENGINE_METHOD_DH                (unsigned int)0x0004
+#define ENGINE_METHOD_RAND              (unsigned int)0x0008
+#define ENGINE_METHOD_CIPHERS           (unsigned int)0x0040
+#define ENGINE_METHOD_DIGESTS           (unsigned int)0x0080
+/* Obvious all-or-nothing cases. */
+#define ENGINE_METHOD_ALL               (unsigned int)0xFFFF
+#define ENGINE_METHOD_NONE              (unsigned int)0x0000
+
+/* This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used
+ * internally to control registration of ENGINE implementations, and can be set
+ * by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to
+ * initialise registered ENGINEs if they are not already initialised. */
+#define ENGINE_TABLE_FLAG_NOINIT        (unsigned int)0x0001
+
+/* ENGINE flags that can be set by ENGINE_set_flags(). */
+/* #define ENGINE_FLAGS_MALLOCED        0x0001 */ /* Not used */
+
+/* This flag is for ENGINEs that wish to handle the various 'CMD'-related
+ * control commands on their own. Without this flag, ENGINE_ctrl() handles these
+ * control commands on behalf of the ENGINE using their "cmd_defns" data. */
+#define ENGINE_FLAGS_MANUAL_CMD_CTRL    (int)0x0002
+
+/* This flag is for ENGINEs who return new duplicate structures when found via
+ * "ENGINE_by_id()". When an ENGINE must store state (eg. if ENGINE_ctrl()
+ * commands are called in sequence as part of some stateful process like
+ * key-generation setup and execution), it can set this flag - then each attempt
+ * to obtain the ENGINE will result in it being copied into a new structure.
+ * Normally, ENGINEs don't declare this flag so ENGINE_by_id() just increments
+ * the existing ENGINE's structural reference count. */
+#define ENGINE_FLAGS_BY_ID_COPY         (int)0x0004
+
+/* ENGINEs can support their own command types, and these flags are used in
+ * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input each
+ * command expects. Currently only numeric and string input is supported. If a
+ * control command supports none of the _NUMERIC, _STRING, or _NO_INPUT options,
+ * then it is regarded as an "internal" control command - and not for use in
+ * config setting situations. As such, they're not available to the
+ * ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl() access. Changes to
+ * this list of 'command types' should be reflected carefully in
+ * ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string(). */
+
+/* accepts a 'long' input value (3rd parameter to ENGINE_ctrl) */
+#define ENGINE_CMD_FLAG_NUMERIC         (unsigned int)0x0001
+/* accepts string input (cast from 'void*' to 'const char *', 4th parameter to
+ * ENGINE_ctrl) */
+#define ENGINE_CMD_FLAG_STRING          (unsigned int)0x0002
+/* Indicates that the control command takes *no* input. Ie. the control command
+ * is unparameterised. */
+#define ENGINE_CMD_FLAG_NO_INPUT        (unsigned int)0x0004
+/* Indicates that the control command is internal. This control command won't
+ * be shown in any output, and is only usable through the ENGINE_ctrl_cmd()
+ * function. */
+#define ENGINE_CMD_FLAG_INTERNAL        (unsigned int)0x0008
+
+/* NB: These 3 control commands are deprecated and should not be used. ENGINEs
+ * relying on these commands should compile conditional support for
+ * compatibility (eg. if these symbols are defined) but should also migrate the
+ * same functionality to their own ENGINE-specific control functions that can be
+ * "discovered" by calling applications. The fact these control commands
+ * wouldn't be "executable" (ie. usable by text-based config) doesn't change the
+ * fact that application code can find and use them without requiring per-ENGINE
+ * hacking. */
+
+/* These flags are used to tell the ctrl function what should be done.
+ * All command numbers are shared between all engines, even if some don't
+ * make sense to some engines.  In such a case, they do nothing but return
+ * the error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. */
+#define ENGINE_CTRL_SET_LOGSTREAM               1
+#define ENGINE_CTRL_SET_PASSWORD_CALLBACK       2
+#define ENGINE_CTRL_HUP                         3 /* Close and reinitialise any
+                                                     handles/connections etc. */
+#define ENGINE_CTRL_SET_USER_INTERFACE          4 /* Alternative to callback */
+#define ENGINE_CTRL_SET_CALLBACK_DATA           5 /* User-specific data, used
+                                                     when calling the password
+                                                     callback and the user
+                                                     interface */
+
+/* These control commands allow an application to deal with an arbitrary engine
+ * in a dynamic way. Warn: Negative return values indicate errors FOR THESE
+ * COMMANDS because zero is used to indicate 'end-of-list'. Other commands,
+ * including ENGINE-specific command types, return zero for an error.
+ *
+ * An ENGINE can choose to implement these ctrl functions, and can internally
+ * manage things however it chooses - it does so by setting the
+ * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise the
+ * ENGINE_ctrl() code handles this on the ENGINE's behalf using the cmd_defns
+ * data (set using ENGINE_set_cmd_defns()). This means an ENGINE's ctrl()
+ * handler need only implement its own commands - the above "meta" commands will
+ * be taken care of. */
+
+/* Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not", then
+ * all the remaining control commands will return failure, so it is worth
+ * checking this first if the caller is trying to "discover" the engine's
+ * capabilities and doesn't want errors generated unnecessarily. */
+#define ENGINE_CTRL_HAS_CTRL_FUNCTION           10
+/* Returns a positive command number for the first command supported by the
+ * engine. Returns zero if no ctrl commands are supported. */
+#define ENGINE_CTRL_GET_FIRST_CMD_TYPE          11
+/* The 'long' argument specifies a command implemented by the engine, and the
+ * return value is the next command supported, or zero if there are no more. */
+#define ENGINE_CTRL_GET_NEXT_CMD_TYPE           12
+/* The 'void*' argument is a command name (cast from 'const char *'), and the
+ * return value is the command that corresponds to it. */
+#define ENGINE_CTRL_GET_CMD_FROM_NAME           13
+/* The next two allow a command to be converted into its corresponding string
+ * form. In each case, the 'long' argument supplies the command. In the NAME_LEN
+ * case, the return value is the length of the command name (not counting a
+ * trailing EOL). In the NAME case, the 'void*' argument must be a string buffer
+ * large enough, and it will be populated with the name of the command (WITH a
+ * trailing EOL). */
+#define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD       14
+#define ENGINE_CTRL_GET_NAME_FROM_CMD           15
+/* The next two are similar but give a "short description" of a command. */
+#define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD       16
+#define ENGINE_CTRL_GET_DESC_FROM_CMD           17
+/* With this command, the return value is the OR'd combination of
+ * ENGINE_CMD_FLAG_*** values that indicate what kind of input a given
+ * engine-specific ctrl command expects. */
+#define ENGINE_CTRL_GET_CMD_FLAGS               18
+
+/* ENGINE implementations should start the numbering of their own control
+ * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). */
+#define ENGINE_CMD_BASE         200
+
+/* NB: These 2 nCipher "chil" control commands are deprecated, and their
+ * functionality is now available through ENGINE-specific control commands
+ * (exposed through the above-mentioned 'CMD'-handling). Code using these 2
+ * commands should be migrated to the more general command handling before these
+ * are removed. */
+
+/* Flags specific to the nCipher "chil" engine */
+#define ENGINE_CTRL_CHIL_SET_FORKCHECK          100
+        /* Depending on the value of the (long)i argument, this sets or
+         * unsets the SimpleForkCheck flag in the CHIL API to enable or
+         * disable checking and workarounds for applications that fork().
+         */
+#define ENGINE_CTRL_CHIL_NO_LOCKING             101
+        /* This prevents the initialisation function from providing mutex
+         * callbacks to the nCipher library. */
+
+/* If an ENGINE supports its own specific control commands and wishes the
+ * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on its
+ * behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN entries
+ * to ENGINE_set_cmd_defns(). It should also implement a ctrl() handler that
+ * supports the stated commands (ie. the "cmd_num" entries as described by the
+ * array). NB: The array must be ordered in increasing order of cmd_num.
+ * "null-terminated" means that the last ENGINE_CMD_DEFN element has cmd_num set
+ * to zero and/or cmd_name set to NULL. */
+typedef struct ENGINE_CMD_DEFN_st
+        {
+        unsigned int cmd_num; /* The command number */
+        const char *cmd_name; /* The command name itself */
+        const char *cmd_desc; /* A short description of the command */
+        unsigned int cmd_flags; /* The input the command expects */
+        } ENGINE_CMD_DEFN;
+
+/* Generic function pointer */
+typedef int (*ENGINE_GEN_FUNC_PTR)();
+/* Generic function pointer taking no arguments */
+typedef int (*ENGINE_GEN_INT_FUNC_PTR)(ENGINE *);
+/* Specific control function pointer */
+typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, void (*f)());
+/* Generic load_key function pointer */
+typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *,
+        UI_METHOD *ui_method, void *callback_data);
+/* These callback types are for an ENGINE's handler for cipher and digest logic.
+ * These handlers have these prototypes;
+ *   int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
+ *   int foo(ENGINE *e, const EVP_MD **digest, const int **nids, int nid);
+ * Looking at how to implement these handlers in the case of cipher support, if
+ * the framework wants the EVP_CIPHER for 'nid', it will call;
+ *   foo(e, &p_evp_cipher, NULL, nid);    (return zero for failure)
+ * If the framework wants a list of supported 'nid's, it will call;
+ *   foo(e, NULL, &p_nids, 0); (returns number of 'nids' or -1 for error)
+ */
+/* Returns to a pointer to the array of supported cipher 'nid's. If the second
+ * parameter is non-NULL it is set to the size of the returned array. */
+typedef int (*ENGINE_CIPHERS_PTR)(ENGINE *, const EVP_CIPHER **, const int **, int);
+typedef int (*ENGINE_DIGESTS_PTR)(ENGINE *, const EVP_MD **, const int **, int);
+
+/* STRUCTURE functions ... all of these functions deal with pointers to ENGINE
+ * structures where the pointers have a "structural reference". This means that
+ * their reference is to allowed access to the structure but it does not imply
+ * that the structure is functional. To simply increment or decrement the
+ * structural reference count, use ENGINE_by_id and ENGINE_free. NB: This is not
+ * required when iterating using ENGINE_get_next as it will automatically
+ * decrement the structural reference count of the "current" ENGINE and
+ * increment the structural reference count of the ENGINE it returns (unless it
+ * is NULL). */
+
+/* Get the first/last "ENGINE" type available. */
+ENGINE *ENGINE_get_first(void);
+ENGINE *ENGINE_get_last(void);
+/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
+ENGINE *ENGINE_get_next(ENGINE *e);
+ENGINE *ENGINE_get_prev(ENGINE *e);
+/* Add another "ENGINE" type into the array. */
+int ENGINE_add(ENGINE *e);
+/* Remove an existing "ENGINE" type from the array. */
+int ENGINE_remove(ENGINE *e);
+/* Retrieve an engine from the list by its unique "id" value. */
+ENGINE *ENGINE_by_id(const char *id);
+/* Add all the built-in engines. */
+void ENGINE_load_openssl(void);
+void ENGINE_load_dynamic(void);
+void ENGINE_load_cswift(void);
+void ENGINE_load_chil(void);
+void ENGINE_load_atalla(void);
+void ENGINE_load_nuron(void);
+void ENGINE_load_ubsec(void);
+void ENGINE_load_aep(void);
+void ENGINE_load_sureware(void);
+void ENGINE_load_4758cca(void);
+void ENGINE_load_openbsd_dev_crypto(void);
+void ENGINE_load_builtin_engines(void);
+#ifdef __OpenBSD__
+void ENGINE_load_cryptodev(void);
+#endif  
+
+/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
+ * "registry" handling. */
+unsigned int ENGINE_get_table_flags(void);
+void ENGINE_set_table_flags(unsigned int flags);
+
+/* Manage registration of ENGINEs per "table". For each type, there are 3
+ * functions;
+ *   ENGINE_register_***(e) - registers the implementation from 'e' (if it has one)
+ *   ENGINE_unregister_***(e) - unregister the implementation from 'e'
+ *   ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list
+ * Cleanup is automatically registered from each table when required, so
+ * ENGINE_cleanup() will reverse any "register" operations. */
+
+int ENGINE_register_RSA(ENGINE *e);
+void ENGINE_unregister_RSA(ENGINE *e);
+void ENGINE_register_all_RSA(void);
+
+int ENGINE_register_DSA(ENGINE *e);
+void ENGINE_unregister_DSA(ENGINE *e);
+void ENGINE_register_all_DSA(void);
+
+int ENGINE_register_DH(ENGINE *e);
+void ENGINE_unregister_DH(ENGINE *e);
+void ENGINE_register_all_DH(void);
+
+int ENGINE_register_RAND(ENGINE *e);
+void ENGINE_unregister_RAND(ENGINE *e);
+void ENGINE_register_all_RAND(void);
+
+int ENGINE_register_ciphers(ENGINE *e);
+void ENGINE_unregister_ciphers(ENGINE *e);
+void ENGINE_register_all_ciphers(void);
+
+int ENGINE_register_digests(ENGINE *e);
+void ENGINE_unregister_digests(ENGINE *e);
+void ENGINE_register_all_digests(void);
+
+/* These functions register all support from the above categories. Note, use of
+ * these functions can result in static linkage of code your application may not
+ * need. If you only need a subset of functionality, consider using more
+ * selective initialisation. */
+int ENGINE_register_complete(ENGINE *e);
+int ENGINE_register_all_complete(void);
+
+/* Send parametrised control commands to the engine. The possibilities to send
+ * down an integer, a pointer to data or a function pointer are provided. Any of
+ * the parameters may or may not be NULL, depending on the command number. In
+ * actuality, this function only requires a structural (rather than functional)
+ * reference to an engine, but many control commands may require the engine be
+ * functional. The caller should be aware of trying commands that require an
+ * operational ENGINE, and only use functional references in such situations. */
+int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+
+/* This function tests if an ENGINE-specific command is usable as a "setting".
+ * Eg. in an application's config file that gets processed through
+ * ENGINE_ctrl_cmd_string(). If this returns zero, it is not available to
+ * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl(). */
+int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
+
+/* This function works like ENGINE_ctrl() with the exception of taking a
+ * command name instead of a command number, and can handle optional commands.
+ * See the comment on ENGINE_ctrl_cmd_string() for an explanation on how to
+ * use the cmd_name and cmd_optional. */
+int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
+        long i, void *p, void (*f)(), int cmd_optional);
+
+/* This function passes a command-name and argument to an ENGINE. The cmd_name
+ * is converted to a command number and the control command is called using
+ * 'arg' as an argument (unless the ENGINE doesn't support such a command, in
+ * which case no control command is called). The command is checked for input
+ * flags, and if necessary the argument will be converted to a numeric value. If
+ * cmd_optional is non-zero, then if the ENGINE doesn't support the given
+ * cmd_name the return value will be success anyway. This function is intended
+ * for applications to use so that users (or config files) can supply
+ * engine-specific config data to the ENGINE at run-time to control behaviour of
+ * specific engines. As such, it shouldn't be used for calling ENGINE_ctrl()
+ * functions that return data, deal with binary data, or that are otherwise
+ * supposed to be used directly through ENGINE_ctrl() in application code. Any
+ * "return" data from an ENGINE_ctrl() operation in this function will be lost -
+ * the return value is interpreted as failure if the return value is zero,
+ * success otherwise, and this function returns a boolean value as a result. In
+ * other words, vendors of 'ENGINE'-enabled devices should write ENGINE
+ * implementations with parameterisations that work in this scheme, so that
+ * compliant ENGINE-based applications can work consistently with the same
+ * configuration for the same ENGINE-enabled devices, across applications. */
+int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
+                                int cmd_optional);
+
+/* These functions are useful for manufacturing new ENGINE structures. They
+ * don't address reference counting at all - one uses them to populate an ENGINE
+ * structure with personalised implementations of things prior to using it
+ * directly or adding it to the builtin ENGINE list in OpenSSL. These are also
+ * here so that the ENGINE structure doesn't have to be exposed and break binary
+ * compatibility! */
+ENGINE *ENGINE_new(void);
+int ENGINE_free(ENGINE *e);
+int ENGINE_set_id(ENGINE *e, const char *id);
+int ENGINE_set_name(ENGINE *e, const char *name);
+int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
+int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
+int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
+int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
+int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);
+int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
+int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
+int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
+int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);
+int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
+int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
+int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
+int ENGINE_set_flags(ENGINE *e, int flags);
+int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
+/* These functions (and the "get" function lower down) allow control over any
+ * per-structure ENGINE data. */
+int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+                CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg);
+
+/* This function cleans up anything that needs it. Eg. the ENGINE_add() function
+ * automatically ensures the list cleanup function is registered to be called
+ * from ENGINE_cleanup(). Similarly, all ENGINE_register_*** functions ensure
+ * ENGINE_cleanup() will clean up after them. */
+void ENGINE_cleanup(void);
+
+/* These return values from within the ENGINE structure. These can be useful
+ * with functional references as well as structural references - it depends
+ * which you obtained. Using the result for functional purposes if you only
+ * obtained a structural reference may be problematic! */
+const char *ENGINE_get_id(const ENGINE *e);
+const char *ENGINE_get_name(const ENGINE *e);
+const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
+const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
+const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
+const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
+ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
+ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
+ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
+ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
+ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
+const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
+const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
+const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
+int ENGINE_get_flags(const ENGINE *e);
+void *ENGINE_get_ex_data(const ENGINE *e, int idx);
+
+/* FUNCTIONAL functions. These functions deal with ENGINE structures
+ * that have (or will) be initialised for use. Broadly speaking, the
+ * structural functions are useful for iterating the list of available
+ * engine types, creating new engine types, and other "list" operations.
+ * These functions actually deal with ENGINEs that are to be used. As
+ * such these functions can fail (if applicable) when particular
+ * engines are unavailable - eg. if a hardware accelerator is not
+ * attached or not functioning correctly. Each ENGINE has 2 reference
+ * counts; structural and functional. Every time a functional reference
+ * is obtained or released, a corresponding structural reference is
+ * automatically obtained or released too. */
+
+/* Initialise a engine type for use (or up its reference count if it's
+ * already in use). This will fail if the engine is not currently
+ * operational and cannot initialise. */
+int ENGINE_init(ENGINE *e);
+/* Free a functional reference to a engine type. This does not require
+ * a corresponding call to ENGINE_free as it also releases a structural
+ * reference. */
+int ENGINE_finish(ENGINE *e);
+
+/* The following functions handle keys that are stored in some secondary
+ * location, handled by the engine.  The storage may be on a card or
+ * whatever. */
+EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
+        UI_METHOD *ui_method, void *callback_data);
+EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
+        UI_METHOD *ui_method, void *callback_data);
+
+/* This returns a pointer for the current ENGINE structure that
+ * is (by default) performing any RSA operations. The value returned
+ * is an incremented reference, so it should be free'd (ENGINE_finish)
+ * before it is discarded. */
+ENGINE *ENGINE_get_default_RSA(void);
+/* Same for the other "methods" */
+ENGINE *ENGINE_get_default_DSA(void);
+ENGINE *ENGINE_get_default_DH(void);
+ENGINE *ENGINE_get_default_RAND(void);
+/* These functions can be used to get a functional reference to perform
+ * ciphering or digesting corresponding to "nid". */
+ENGINE *ENGINE_get_cipher_engine(int nid);
+ENGINE *ENGINE_get_digest_engine(int nid);
+
+/* This sets a new default ENGINE structure for performing RSA
+ * operations. If the result is non-zero (success) then the ENGINE
+ * structure will have had its reference count up'd so the caller
+ * should still free their own reference 'e'. */
+int ENGINE_set_default_RSA(ENGINE *e);
+int ENGINE_set_default_string(ENGINE *e, const char *list);
+/* Same for the other "methods" */
+int ENGINE_set_default_DSA(ENGINE *e);
+int ENGINE_set_default_DH(ENGINE *e);
+int ENGINE_set_default_RAND(ENGINE *e);
+int ENGINE_set_default_ciphers(ENGINE *e);
+int ENGINE_set_default_digests(ENGINE *e);
+
+/* The combination "set" - the flags are bitwise "OR"d from the
+ * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()"
+ * function, this function can result in unnecessary static linkage. If your
+ * application requires only specific functionality, consider using more
+ * selective functions. */
+int ENGINE_set_default(ENGINE *e, unsigned int flags);
+
+void ENGINE_add_conf_module(void);
+
+/* Deprecated functions ... */
+/* int ENGINE_clear_defaults(void); */
+
+/**************************/
+/* DYNAMIC ENGINE SUPPORT */
+/**************************/
+
+/* Binary/behaviour compatibility levels */
+#define OSSL_DYNAMIC_VERSION            (unsigned long)0x00010100
+/* Binary versions older than this are too old for us (whether we're a loader or
+ * a loadee) */
+#define OSSL_DYNAMIC_OLDEST             (unsigned long)0x00010100
+
+/* When compiling an ENGINE entirely as an external shared library, loadable by
+ * the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure
+ * type provides the calling application's (or library's) error functionality
+ * and memory management function pointers to the loaded library. These should
+ * be used/set in the loaded library code so that the loading application's
+ * 'state' will be used/changed in all operations. */
+typedef void *(*dyn_MEM_malloc_cb)(size_t);
+typedef void *(*dyn_MEM_realloc_cb)(void *, size_t);
+typedef void (*dyn_MEM_free_cb)(void *);
+typedef struct st_dynamic_MEM_fns {
+        dyn_MEM_malloc_cb                       malloc_cb;
+        dyn_MEM_realloc_cb                      realloc_cb;
+        dyn_MEM_free_cb                         free_cb;
+        } dynamic_MEM_fns;
+/* FIXME: Perhaps the memory and locking code (crypto.h) should declare and use
+ * these types so we (and any other dependant code) can simplify a bit?? */
+typedef void (*dyn_lock_locking_cb)(int,int,const char *,int);
+typedef int (*dyn_lock_add_lock_cb)(int*,int,int,const char *,int);
+typedef struct CRYPTO_dynlock_value *(*dyn_dynlock_create_cb)(
+                                                const char *,int);
+typedef void (*dyn_dynlock_lock_cb)(int,struct CRYPTO_dynlock_value *,
+                                                const char *,int);
+typedef void (*dyn_dynlock_destroy_cb)(struct CRYPTO_dynlock_value *,
+                                                const char *,int);
+typedef struct st_dynamic_LOCK_fns {
+        dyn_lock_locking_cb                     lock_locking_cb;
+        dyn_lock_add_lock_cb                    lock_add_lock_cb;
+        dyn_dynlock_create_cb                   dynlock_create_cb;
+        dyn_dynlock_lock_cb                     dynlock_lock_cb;
+        dyn_dynlock_destroy_cb                  dynlock_destroy_cb;
+        } dynamic_LOCK_fns;
+/* The top-level structure */
+typedef struct st_dynamic_fns {
+        const ERR_FNS                           *err_fns;
+        const CRYPTO_EX_DATA_IMPL               *ex_data_fns;
+        dynamic_MEM_fns                         mem_fns;
+        dynamic_LOCK_fns                        lock_fns;
+        } dynamic_fns;
+
+/* The version checking function should be of this prototype. NB: The
+ * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading code.
+ * If this function returns zero, it indicates a (potential) version
+ * incompatibility and the loaded library doesn't believe it can proceed.
+ * Otherwise, the returned value is the (latest) version supported by the
+ * loading library. The loader may still decide that the loaded code's version
+ * is unsatisfactory and could veto the load. The function is expected to
+ * be implemented with the symbol name "v_check", and a default implementation
+ * can be fully instantiated with IMPLEMENT_DYNAMIC_CHECK_FN(). */
+typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version);
+#define IMPLEMENT_DYNAMIC_CHECK_FN() \
+        unsigned long v_check(unsigned long v) { \
+                if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \
+                return 0; }
+
+/* This function is passed the ENGINE structure to initialise with its own
+ * function and command settings. It should not adjust the structural or
+ * functional reference counts. If this function returns zero, (a) the load will
+ * be aborted, (b) the previous ENGINE state will be memcpy'd back onto the
+ * structure, and (c) the shared library will be unloaded. So implementations
+ * should do their own internal cleanup in failure circumstances otherwise they
+ * could leak. The 'id' parameter, if non-NULL, represents the ENGINE id that
+ * the loader is looking for. If this is NULL, the shared library can choose to
+ * return failure or to initialise a 'default' ENGINE. If non-NULL, the shared
+ * library must initialise only an ENGINE matching the passed 'id'. The function
+ * is expected to be implemented with the symbol name "bind_engine". A standard
+ * implementation can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where
+ * the parameter 'fn' is a callback function that populates the ENGINE structure
+ * and returns an int value (zero for failure). 'fn' should have prototype;
+ *    [static] int fn(ENGINE *e, const char *id); */
+typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
+                                const dynamic_fns *fns);
+#define IMPLEMENT_DYNAMIC_BIND_FN(fn) \
+        int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \
+                if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \
+                        fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \
+                        return 0; \
+                CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \
+                CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \
+                CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \
+                CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \
+                CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \
+                if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \
+                        return 0; \
+                if(!ERR_set_implementation(fns->err_fns)) return 0; \
+                if(!fn(e,id)) return 0; \
+                return 1; }
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_ENGINE_strings(void);
+
+/* Error codes for the ENGINE functions. */
+
+/* Function codes. */
+#define ENGINE_F_DYNAMIC_CTRL                            180
+#define ENGINE_F_DYNAMIC_GET_DATA_CTX                    181
+#define ENGINE_F_DYNAMIC_LOAD                            182
+#define ENGINE_F_ENGINE_ADD                              105
+#define ENGINE_F_ENGINE_BY_ID                            106
+#define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE                170
+#define ENGINE_F_ENGINE_CTRL                             142
+#define ENGINE_F_ENGINE_CTRL_CMD                         178
+#define ENGINE_F_ENGINE_CTRL_CMD_STRING                  171
+#define ENGINE_F_ENGINE_FINISH                           107
+#define ENGINE_F_ENGINE_FREE                             108
+#define ENGINE_F_ENGINE_GET_CIPHER                       185
+#define ENGINE_F_ENGINE_GET_DEFAULT_TYPE                 177
+#define ENGINE_F_ENGINE_GET_DIGEST                       186
+#define ENGINE_F_ENGINE_GET_NEXT                         115
+#define ENGINE_F_ENGINE_GET_PREV                         116
+#define ENGINE_F_ENGINE_INIT                             119
+#define ENGINE_F_ENGINE_LIST_ADD                         120
+#define ENGINE_F_ENGINE_LIST_REMOVE                      121
+#define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY                 150
+#define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY                  151
+#define ENGINE_F_ENGINE_MODULE_INIT                      187
+#define ENGINE_F_ENGINE_NEW                              122
+#define ENGINE_F_ENGINE_REMOVE                           123
+#define ENGINE_F_ENGINE_SET_DEFAULT_STRING               189
+#define ENGINE_F_ENGINE_SET_DEFAULT_TYPE                 126
+#define ENGINE_F_ENGINE_SET_ID                           129
+#define ENGINE_F_ENGINE_SET_NAME                         130
+#define ENGINE_F_ENGINE_TABLE_REGISTER                   184
+#define ENGINE_F_ENGINE_UNLOAD_KEY                       152
+#define ENGINE_F_INT_CTRL_HELPER                         172
+#define ENGINE_F_INT_ENGINE_CONFIGURE                    188
+#define ENGINE_F_LOG_MESSAGE                             141
+#define ENGINE_F_SET_DATA_CTX                            183
+
+/* Reason codes. */
+#define ENGINE_R_ALREADY_LOADED                          100
+#define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER                133
+#define ENGINE_R_CMD_NOT_EXECUTABLE                      134
+#define ENGINE_R_COMMAND_TAKES_INPUT                     135
+#define ENGINE_R_COMMAND_TAKES_NO_INPUT                  136
+#define ENGINE_R_CONFLICTING_ENGINE_ID                   103
+#define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED            119
+#define ENGINE_R_DH_NOT_IMPLEMENTED                      139
+#define ENGINE_R_DSA_NOT_IMPLEMENTED                     140
+#define ENGINE_R_DSO_FAILURE                             104
+#define ENGINE_R_DSO_NOT_FOUND                           132
+#define ENGINE_R_ENGINES_SECTION_ERROR                   148
+#define ENGINE_R_ENGINE_IS_NOT_IN_LIST                   105
+#define ENGINE_R_ENGINE_SECTION_ERROR                    149
+#define ENGINE_R_FAILED_LOADING_PRIVATE_KEY              128
+#define ENGINE_R_FAILED_LOADING_PUBLIC_KEY               129
+#define ENGINE_R_FINISH_FAILED                           106
+#define ENGINE_R_GET_HANDLE_FAILED                       107
+#define ENGINE_R_ID_OR_NAME_MISSING                      108
+#define ENGINE_R_INIT_FAILED                             109
+#define ENGINE_R_INTERNAL_LIST_ERROR                     110
+#define ENGINE_R_INVALID_ARGUMENT                        143
+#define ENGINE_R_INVALID_CMD_NAME                        137
+#define ENGINE_R_INVALID_CMD_NUMBER                      138
+#define ENGINE_R_INVALID_INIT_VALUE                      151
+#define ENGINE_R_INVALID_STRING                          150
+#define ENGINE_R_NOT_INITIALISED                         117
+#define ENGINE_R_NOT_LOADED                              112
+#define ENGINE_R_NO_CONTROL_FUNCTION                     120
+#define ENGINE_R_NO_INDEX                                144
+#define ENGINE_R_NO_LOAD_FUNCTION                        125
+#define ENGINE_R_NO_REFERENCE                            130
+#define ENGINE_R_NO_SUCH_ENGINE                          116
+#define ENGINE_R_NO_UNLOAD_FUNCTION                      126
+#define ENGINE_R_PROVIDE_PARAMETERS                      113
+#define ENGINE_R_RSA_NOT_IMPLEMENTED                     141
+#define ENGINE_R_UNIMPLEMENTED_CIPHER                    146
+#define ENGINE_R_UNIMPLEMENTED_DIGEST                    147
+#define ENGINE_R_VERSION_INCOMPATIBILITY                 145
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/engine/hw_4758_cca.c b/src/lib/libcrypto/engine/hw_4758_cca.c
index bfb80968e2..f404b1a3b8 100644
--- a/src/lib/libcrypto/engine/hw_4758_cca.c
+++ b/src/lib/libcrypto/engine/hw_4758_cca.c
@@ -715,7 +715,7 @@ static int cca_rsa_verify(int type, const unsigned char *m, unsigned int m_len,
 
         if (type == NID_sha1 || type == NID_md5)
                 {
-                memset(hashBuffer, keyLength+1, 0);
+                memset(hashBuffer, 0, keyLength+1);
                 OPENSSL_free(hashBuffer);
                 }
 
@@ -838,7 +838,7 @@ static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
 
         if (type == NID_sha1 || type == NID_md5)
                 {
-                memset(hashBuffer, keyLength+1, 0);
+                memset(hashBuffer, 0, keyLength+1);
                 OPENSSL_free(hashBuffer);
                 }
 
@@ -953,7 +953,7 @@ static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int idx,
 #ifdef ENGINE_DYNAMIC_SUPPORT 
 static int bind_fn(ENGINE *e, const char *id)
         {
-        if(id && (strcmp(id, engine_4758_cca_id) != 0))
+        if(id && (strcmp(id, engine_cswift_id) != 0))
                 return 0;
         if(!bind_helper(e))
                 return 0;
diff --git a/src/lib/libcrypto/engine/hw_cryptodev.c b/src/lib/libcrypto/engine/hw_cryptodev.c
index 7c3728f395..954eb85207 100644
--- a/src/lib/libcrypto/engine/hw_cryptodev.c
+++ b/src/lib/libcrypto/engine/hw_cryptodev.c
@@ -1,6 +1,7 @@
 /*
  * Copyright (c) 2002 Bob Beck <beck@openbsd.org>
  * Copyright (c) 2002 Theo de Raadt
+ * Copyright (c) 2002 Markus Friedl
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -36,25 +37,56 @@
 #include <stdio.h>
 #include <unistd.h>
 #include <fcntl.h>
-#include <syslog.h>
 #include <stdarg.h>
+#include <syslog.h>
 #include <ssl/objects.h>
 #include <ssl/engine.h>
 #include <ssl/evp.h>
+#include <errno.h>
+#include <string.h>
 
-static int cryptodev_fd = -1;
-static int cryptodev_sessions = 0;
-static u_int32_t cryptodev_symfeat = 0;
+struct dev_crypto_state {
+        struct session_op d_sess;
+        int d_fd;
+};
 
+static u_int32_t cryptodev_asymfeat = 0;
+
+static int get_asym_dev_crypto(void);
+static int open_dev_crypto(void);
+static int get_dev_crypto(void);
+static int cryptodev_max_iv(int cipher);
+static int cryptodev_key_length_valid(int cipher, int len);
+static int cipher_nid_to_cryptodev(int nid);
+static int get_cryptodev_ciphers(const int **cnids);
+static int get_cryptodev_digests(const int **cnids);
+static int cryptodev_usable_ciphers(const int **nids);
+static int cryptodev_usable_digests(const int **nids);
+static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+    const unsigned char *in, unsigned int inl);
+static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+    const unsigned char *iv, int enc);
+static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx);
+static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+    const int **nids, int nid);
+static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
+    const int **nids, int nid);
 static int bn2crparam(const BIGNUM *a, struct crparam *crp);
 static int crparam2bn(struct crparam *crp, BIGNUM *a);
 static void zapparams(struct crypt_kop *kop);
+static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r,
+    int slen, BIGNUM *s);
 
-static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
 static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
     const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I,
+    RSA *rsa);
+static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
 static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
     const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
+    BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
+    BN_CTX *ctx, BN_MONT_CTX *mont);
 static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst,
     int dlen, DSA *dsa);
 static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
@@ -64,8 +96,15 @@ static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
     BN_MONT_CTX *m_ctx);
 static int cryptodev_dh_compute_key(unsigned char *key,
     const BIGNUM *pub_key, DH *dh);
+static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
+    void (*f)());
+void ENGINE_load_cryptodev(void);
 
 static const ENGINE_CMD_DEFN cryptodev_defns[] = {
+        {ENGINE_CMD_BASE,
+                "SO_PATH",
+                "Specifies the path to the some stupid shared library",
+                ENGINE_CMD_FLAG_STRING},
         { 0, NULL, NULL, 0 }
 };
 
@@ -77,11 +116,10 @@ static struct {
 } ciphers[] = {
         { CRYPTO_DES_CBC,               NID_des_cbc,            8,       8, },
         { CRYPTO_3DES_CBC,              NID_des_ede3_cbc,       8,      24, },
-        { CRYPTO_AES_CBC,               NID_undef,              8,      24, },
+        { CRYPTO_AES_CBC,               NID_aes_128_cbc,        16,     16, },
         { CRYPTO_BLF_CBC,               NID_bf_cbc,             8,      16, },
-        { CRYPTO_CAST_CBC,              NID_cast5_cbc,          8,       8, },
+        { CRYPTO_CAST_CBC,              NID_cast5_cbc,          8,      16, },
         { CRYPTO_SKIPJACK_CBC,          NID_undef,              0,       0, },
-        { CRYPTO_ARC4,                  NID_rc4,                8,      16, },
         { 0,                            NID_undef,              0,       0, },
 };
 
@@ -99,33 +137,53 @@ static struct {
 };
 
 /*
- * Return 1 if /dev/crypto seems usable, 0 otherwise , also
- * does most of the work of initting the device, if not already
- * done.. This should leave is with global fd initialized with CRIOGET.
+ * Return a fd if /dev/crypto seems usable, 0 otherwise.
  */
 static int
-check_dev_crypto()
+open_dev_crypto(void)
 {
-        int fd;
+        static int fd = -1;
 
-        if (cryptodev_fd == -1) {
+        if (fd == -1) {
                 if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
-                        return (0);
-                if (ioctl(fd, CRIOGET, &cryptodev_fd) == -1) {
-                        close(fd);
-                        return (0);
-                }
-                close(fd);
+                        return (-1);
                 /* close on exec */
-                if (fcntl(cryptodev_fd, F_SETFD, 1) == -1) {
-                        close(cryptodev_fd);
-                        cryptodev_fd = -1;
-                        return (0);
+                if (fcntl(fd, F_SETFD, 1) == -1) {
+                        close(fd);
+                        fd = -1;
+                        return (-1);
                 }
         }
-        ioctl(cryptodev_fd, CIOCSYMFEAT, &cryptodev_symfeat);
+        return (fd);
+}
 
-        return (1);
+static int
+get_dev_crypto(void)
+{
+        int fd, retfd;
+
+        if ((fd = open_dev_crypto()) == -1)
+                return (-1);
+        if (ioctl(fd, CRIOGET, &retfd) == -1)
+                return (-1);
+
+        /* close on exec */
+        if (fcntl(retfd, F_SETFD, 1) == -1) {
+                close(retfd);
+                return (-1);
+        }
+        return (retfd);
+}
+
+/* Caching version for asym operations */
+static int
+get_asym_dev_crypto(void)
+{
+        static int fd = -1;
+
+        if (fd == -1)
+                fd = get_dev_crypto();
+        return fd;
 }
 
 /*
@@ -183,8 +241,12 @@ get_cryptodev_ciphers(const int **cnids)
 {
         static int nids[CRYPTO_ALGORITHM_MAX];
         struct session_op sess;
-        int i, count = 0;
+        int fd, i, count = 0;
 
+        if ((fd = get_dev_crypto()) < 0) {
+                *nids = NULL;
+                return (0);
+        }
         memset(&sess, 0, sizeof(sess));
         sess.key = (caddr_t)"123456781234567812345678";
 
@@ -194,10 +256,12 @@ get_cryptodev_ciphers(const int **cnids)
                 sess.cipher = ciphers[i].id;
                 sess.keylen = ciphers[i].keylen;
                 sess.mac = 0;
-                if (ioctl(cryptodev_fd, CIOCGSESSION, &sess) != -1 &&
-                    ioctl(cryptodev_fd, CIOCFSESSION, &sess.ses) != -1)
+                if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
+                    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
                         nids[count++] = ciphers[i].nid;
         }
+        close(fd);
+
         if (count > 0)
                 *cnids = nids;
         else
@@ -216,18 +280,24 @@ get_cryptodev_digests(const int **cnids)
 {
         static int nids[CRYPTO_ALGORITHM_MAX];
         struct session_op sess;
-        int i, count = 0;
+        int fd, i, count = 0;
 
+        if ((fd = get_dev_crypto()) < 0) {
+                *nids = NULL;
+                return (0);
+        }
         memset(&sess, 0, sizeof(sess));
         for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
                 if (digests[i].nid == NID_undef)
                         continue;
                 sess.mac = digests[i].id;
                 sess.cipher = 0;
-                if (ioctl(cryptodev_fd, CIOCGSESSION, &sess) != -1 &&
-                    ioctl(cryptodev_fd, CIOCFSESSION, &sess.ses) != -1)
+                if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
+                    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
                         nids[count++] = digests[i].nid;
         }
+        close(fd);
+
         if (count > 0)
                 *cnids = nids;
         else
@@ -256,25 +326,15 @@ get_cryptodev_digests(const int **cnids)
  * want most of the decisions made about what we actually want
  * to use from /dev/crypto.
  */
-int
+static int
 cryptodev_usable_ciphers(const int **nids)
 {
-        if (!check_dev_crypto()) {
-                *nids = NULL;
-                return (0);
-        }
-
-        /* find what the device can do. Unfortunately, we don't
-         * necessarily want all of these yet, because we aren't
-         * yet set up to do them
-         */
         return (get_cryptodev_ciphers(nids));
 }
 
-int
+static int
 cryptodev_usable_digests(const int **nids)
 {
-#if 1
         /*
          * XXXX just disable all digests for now, because it sucks.
          * we need a better way to decide this - i.e. I may not
@@ -289,29 +349,19 @@ cryptodev_usable_digests(const int **nids)
          */
         *nids = NULL;
         return (0);
-#endif
-
-        if (!check_dev_crypto()) {
-                *nids = NULL;
-                return (0);
-        }
-        return (get_cryptodev_digests(nids));
 }
 
-
-int
+static int
 cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     const unsigned char *in, unsigned int inl)
 {
         struct crypt_op cryp;
-        struct session_op *sess = ctx->cipher_data;
+        struct dev_crypto_state *state = ctx->cipher_data;
+        struct session_op *sess = &state->d_sess;
         void *iiv;
         unsigned char save_iv[EVP_MAX_IV_LENGTH];
-        struct syslog_data sd = SYSLOG_DATA_INIT;
 
-        if (cryptodev_fd == -1)
-                return (0);
-        if (sess == NULL)
+        if (state->d_fd < 0)
                 return (0);
         if (!inl)
                 return (1);
@@ -338,11 +388,10 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         } else
                 cryp.iv = NULL;
 
-        if (ioctl(cryptodev_fd, CIOCCRYPT, &cryp) == -1) {
+        if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) {
                 /* XXX need better errror handling
                  * this can fail for a number of different reasons.
                  */
-                syslog_r(LOG_ERR, &sd, "CIOCCRYPT failed (%m)");
                 return (0);
         }
 
@@ -356,20 +405,17 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         return (1);
 }
 
-int
+static int
 cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
     const unsigned char *iv, int enc)
 {
-        struct session_op *sess = ctx->cipher_data;
-        struct syslog_data sd = SYSLOG_DATA_INIT;
+        struct dev_crypto_state *state = ctx->cipher_data;
+        struct session_op *sess = &state->d_sess;
         int cipher;
 
         if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef)
                 return (0);
 
-        if (!check_dev_crypto())
-                return (0);
-
         if (ctx->cipher->iv_len > cryptodev_max_iv(cipher))
                 return (0);
 
@@ -378,15 +424,18 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 
         memset(sess, 0, sizeof(struct session_op));
 
+        if ((state->d_fd = get_dev_crypto()) < 0)
+                return (0);
+
         sess->key = (unsigned char *)key;
         sess->keylen = ctx->key_len;
         sess->cipher = cipher;
 
-        if (ioctl(cryptodev_fd, CIOCGSESSION, sess) == -1) {
-                syslog_r(LOG_ERR, &sd, "CIOCGSESSION failed (%m)");
+        if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
+                close(state->d_fd);
+                state->d_fd = -1;
                 return (0);
         }
-        cryptodev_sessions++;
         return (1);
 }
 
@@ -394,14 +443,14 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
  * free anything we allocated earlier when initting a
  * session, and close the session.
  */
-int
+static int
 cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
 {
         int ret = 0;
-        struct session_op *sess = ctx->cipher_data;
-        struct syslog_data sd = SYSLOG_DATA_INIT;
+        struct dev_crypto_state *state = ctx->cipher_data;
+        struct session_op *sess = &state->d_sess;
 
-        if (sess == NULL)
+        if (state->d_fd < 0)
                 return (0);
 
         /* XXX if this ioctl fails, someting's wrong. the invoker
@@ -415,17 +464,14 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
          * print messages to users of the library. hmm..
          */
 
-        if (ioctl(cryptodev_fd, CIOCFSESSION, &sess->ses) == -1) {
-                syslog_r(LOG_ERR, &sd, "CIOCFSESSION failed (%m)");
+        if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) {
                 ret = 0;
         } else {
-                cryptodev_sessions--;
                 ret = 1;
         }
-        if (cryptodev_sessions == 0 && cryptodev_fd != -1 ) {
-                close(cryptodev_fd); /* XXX should this be closed? */
-                cryptodev_fd = -1;
-        }
+        close(state->d_fd);
+        state->d_fd = -1;
+
         return (ret);
 }
 
@@ -434,20 +480,6 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
  * gets called when libcrypto requests a cipher NID.
  */
 
-/* ARC4 (16 byte key) */
-const EVP_CIPHER cryptodev_arc4_cipher = {
-        NID_rc4,
-        1, 16, 0,
-        EVP_CIPH_VARIABLE_LENGTH,
-        cryptodev_init_key,
-        cryptodev_cipher,
-        cryptodev_cleanup,
-        sizeof(struct session_op),
-        NULL,
-        NULL,
-        NULL
-};
-
 /* DES CBC EVP */
 const EVP_CIPHER cryptodev_des_cbc = {
         NID_des_cbc,
@@ -456,7 +488,7 @@ const EVP_CIPHER cryptodev_des_cbc = {
         cryptodev_init_key,
         cryptodev_cipher,
         cryptodev_cleanup,
-        sizeof(struct session_op),
+        sizeof(struct dev_crypto_state),
         EVP_CIPHER_set_asn1_iv,
         EVP_CIPHER_get_asn1_iv,
         NULL
@@ -470,19 +502,57 @@ const EVP_CIPHER cryptodev_3des_cbc = {
         cryptodev_init_key,
         cryptodev_cipher,
         cryptodev_cleanup,
-        sizeof(struct session_op),
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
+
+const EVP_CIPHER cryptodev_bf_cbc = {
+        NID_bf_cbc,
+        8, 16, 8,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
+
+const EVP_CIPHER cryptodev_cast_cbc = {
+        NID_cast5_cbc,
+        8, 16, 8,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
         EVP_CIPHER_set_asn1_iv,
         EVP_CIPHER_get_asn1_iv,
         NULL
 };
 
+const EVP_CIPHER cryptodev_aes_cbc = {
+        NID_aes_128_cbc,
+        16, 16, 16,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
 
 /*
  * Registered by the ENGINE when used to find out how to deal with
  * a particular NID in the ENGINE. this says what we'll do at the
  * top level - note, that list is restricted by what we answer with
  */
-int
+static int
 cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
     const int **nids, int nid)
 {
@@ -490,15 +560,21 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
                 return (cryptodev_usable_ciphers(nids));
 
         switch (nid) {
-        case NID_rc4:
-                *cipher = &cryptodev_arc4_cipher;
-                break;
         case NID_des_ede3_cbc:
                 *cipher = &cryptodev_3des_cbc;
                 break;
         case NID_des_cbc:
                 *cipher = &cryptodev_des_cbc;
                 break;
+        case NID_bf_cbc:
+                *cipher = &cryptodev_bf_cbc;
+                break;
+        case NID_cast5_cbc:
+                *cipher = &cryptodev_cast_cbc;
+                break;
+        case NID_aes_128_cbc:
+                *cipher = &cryptodev_aes_cbc;
+                break;
         default:
                 *cipher = NULL;
                 break;
@@ -506,7 +582,7 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
         return (*cipher != NULL);
 }
 
-int
+static int
 cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
     const int **nids, int nid)
 {
@@ -524,7 +600,6 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
         return (*digest != NULL);
 }
 
-
 /*
  * Convert a BIGNUM to the representation that /dev/crypto needs.
  * Upon completion of use, the caller is responsible for freeing
@@ -533,7 +608,7 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
 static int
 bn2crparam(const BIGNUM *a, struct crparam *crp)
 {
-        int i, j, n;
+        int i, j, k;
         ssize_t words, bytes, bits;
         u_char *b;
 
@@ -550,17 +625,13 @@ bn2crparam(const BIGNUM *a, struct crparam *crp)
         crp->crp_p = b;
         crp->crp_nbits = bits;
 
-        words = (bits + BN_BITS2 - 1) / BN_BITS2;
-
-        n = 0;
-        for (i = 0; i < words && n < bytes; i++) {
-                BN_ULONG word;
-
-                word = a->d[i];
-                for (j = 0 ; j < BN_BYTES && n < bytes; j++, n++) {
-                        *b++ = (word & 0xff);
-                        word >>= 8;
+        for (i = 0, j = 0; i < a->top; i++) {
+                for (k = 0; k < BN_BITS2 / 8; k++) {
+                        if ((j + k) >= bytes)
+                                return (0);
+                        b[j + k] = a->d[i] >> (k * 8);
                 }
+                j += BN_BITS2 / 8;
         }
         return (0);
 }
@@ -569,15 +640,22 @@ bn2crparam(const BIGNUM *a, struct crparam *crp)
 static int
 crparam2bn(struct crparam *crp, BIGNUM *a)
 {
+        u_int8_t *pd;
         int i, bytes;
 
-        bytes = (crp->crp_nbits + 7)/8;
+        bytes = (crp->crp_nbits + 7) / 8;
 
-        BN_zero(a);
-        for (i = bytes - 1; i >= 0; i--) {
-                BN_lshift(a, a, 8);
-                BN_add_word(a, (u_char)crp->crp_p[i]);
-        }
+        if (bytes == 0)
+                return (-1);
+
+        if ((pd = (u_int8_t *) malloc(bytes)) == NULL)
+                return (-1);
+
+        for (i = 0; i < bytes; i++)
+                pd[i] = crp->crp_p[bytes - i - 1];
+
+        BN_bin2bn(pd, bytes, a);
+        free(pd);
 
         return (0);
 }
@@ -596,25 +674,32 @@ zapparams(struct crypt_kop *kop)
 }
 
 static int
-cryptodev_sym(struct crypt_kop *kop, BIGNUM *r, BIGNUM *s)
+cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
 {
-        int ret = -1;
+        int fd, ret = -1;
+
+        if ((fd = get_asym_dev_crypto()) < 0)
+                return (ret);
 
         if (r) {
-                kop->crk_param[kop->crk_iparams].crp_p = malloc(256);
-                kop->crk_param[kop->crk_iparams].crp_nbits = 256 * 8;
+                kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
+                kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
                 kop->crk_oparams++;
         }
         if (s) {
-                kop->crk_param[kop->crk_iparams+1].crp_p = malloc(256);
-                kop->crk_param[kop->crk_iparams+1].crp_nbits = 256 * 8;
+                kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char));
+                kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8;
                 kop->crk_oparams++;
         }
 
-        if (ioctl(cryptodev_fd, CIOCKEY, &kop) == 0) {
-                crparam2bn(&kop->crk_param[3], r);
+        if (ioctl(fd, CIOCKEY, kop) == 0) {
+                if (r)
+                        crparam2bn(&kop->crk_param[kop->crk_iparams], r);
+                if (s)
+                        crparam2bn(&kop->crk_param[kop->crk_iparams+1], s);
                 ret = 0;
         }
+
         return (ret);
 }
 
@@ -623,38 +708,58 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
     const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
 {
         struct crypt_kop kop;
-        int ret = 0;
+        int ret = 1;
+
+        /* Currently, we know we can do mod exp iff we can do any
+         * asymmetric operations at all.
+         */
+        if (cryptodev_asymfeat == 0) {
+                ret = BN_mod_exp(r, a, p, m, ctx);
+                return (ret);
+        }
 
         memset(&kop, 0, sizeof kop);
         kop.crk_op = CRK_MOD_EXP;
 
-        /* inputs: a m p */
+        /* inputs: a^p % m */
         if (bn2crparam(a, &kop.crk_param[0]))
                 goto err;
-        if (bn2crparam(m, &kop.crk_param[1]))
+        if (bn2crparam(p, &kop.crk_param[1]))
                 goto err;
-        if (bn2crparam(p, &kop.crk_param[2]))
+        if (bn2crparam(m, &kop.crk_param[2]))
                 goto err;
         kop.crk_iparams = 3;
 
-        if (cryptodev_sym(&kop, r, NULL) == -1) {
-                ret = BN_mod_exp(r, a, p, m, ctx);
+        if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL) == -1) {
+                const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+                ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
         }
 err:
         zapparams(&kop);
         return (ret);
 }
 
+static int
+cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+{
+        int r;
+        BN_CTX *ctx;
+
+        ctx = BN_CTX_new();
+        r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
+        BN_CTX_free(ctx);
+        return (r);
+}
 
 static int
 cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
 {
         struct crypt_kop kop;
-        int ret = 0;
+        int ret = 1;
 
         if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
                 /* XXX 0 means failure?? */
-                goto err;
+                return (0);
         }
 
         memset(&kop, 0, sizeof kop);
@@ -674,9 +779,8 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
                 goto err;
         kop.crk_iparams = 6;
 
-        if (cryptodev_sym(&kop, r0, NULL) == -1) {
+        if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL) == -1) {
                 const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-
                 ret = (*meth->rsa_mod_exp)(r0, I, rsa);
         }
 err:
@@ -690,8 +794,8 @@ static RSA_METHOD cryptodev_rsa = {
         NULL,                           /* rsa_pub_dec */
         NULL,                           /* rsa_priv_enc */
         NULL,                           /* rsa_priv_dec */
-        cryptodev_rsa_mod_exp,          /* rsa_mod_exp */
-        cryptodev_bn_mod_exp,           /* bn_mod_exp */
+        NULL,
+        NULL,
         NULL,                           /* init */
         NULL,                           /* finish */
         0,                              /* flags */
@@ -707,6 +811,38 @@ cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
         return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
 }
 
+static int
+cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
+    BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
+    BN_CTX *ctx, BN_MONT_CTX *mont)
+{
+        BIGNUM t2;
+        int ret = 0;
+
+        BN_init(&t2);
+
+        /* v = ( g^u1 * y^u2 mod p ) mod q */
+        /* let t1 = g ^ u1 mod p */
+        ret = 0;
+
+        if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont))
+                goto err;
+
+        /* let t2 = y ^ u2 mod p */
+        if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont))
+                goto err;
+        /* let u1 = t1 * t2 mod p */
+        if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx))
+                goto err;
+
+        BN_copy(t1,u1);
+
+        ret = 1;
+err:
+        BN_free(&t2);
+        return(ret);
+}
+
 static DSA_SIG *
 cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 {
@@ -721,6 +857,7 @@ cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
                 goto err;
         }
 
+        printf("bar\n");
         memset(&kop, 0, sizeof kop);
         kop.crk_op = CRK_DSA_SIGN;
 
@@ -737,13 +874,13 @@ cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
                 goto err;
         kop.crk_iparams = 5;
 
-        if (cryptodev_sym(&kop, r, s) == 0) {
+        if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
+            BN_num_bytes(dsa->q), s) == 0) {
                 dsaret = DSA_SIG_new();
                 dsaret->r = r;
                 dsaret->s = s;
         } else {
                 const DSA_METHOD *meth = DSA_OpenSSL();
-
                 BN_free(r);
                 BN_free(s);
                 dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa);
@@ -759,7 +896,7 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
     DSA_SIG *sig, DSA *dsa)
 {
         struct crypt_kop kop;
-        int dsaret = 0;
+        int dsaret = 1;
 
         memset(&kop, 0, sizeof kop);
         kop.crk_op = CRK_DSA_VERIFY;
@@ -781,7 +918,7 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
                 goto err;
         kop.crk_iparams = 7;
 
-        if (cryptodev_sym(&kop, NULL, NULL) == 0) {
+        if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
                 dsaret = kop.crk_status;
         } else {
                 const DSA_METHOD *meth = DSA_OpenSSL();
@@ -796,11 +933,11 @@ err:
 
 static DSA_METHOD cryptodev_dsa = {
         "cryptodev DSA method",
-        cryptodev_dsa_do_sign,
+        NULL,
         NULL,                           /* dsa_sign_setup */
-        cryptodev_dsa_verify,
+        NULL,
         NULL,                           /* dsa_mod_exp */
-        cryptodev_dsa_bn_mod_exp,       /* bn_mod_exp */
+        NULL,
         NULL,                           /* init */
         NULL,                           /* finish */
         0,      /* flags */
@@ -819,8 +956,14 @@ static int
 cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
 {
         struct crypt_kop kop;
-        int dhret = 0;
-        int keylen;
+        int dhret = 1;
+        int fd, keylen;
+
+        if ((fd = get_asym_dev_crypto()) < 0) {
+                const DH_METHOD *meth = DH_OpenSSL();
+
+                return ((meth->compute_key)(key, pub_key, dh));
+        }
 
         keylen = BN_num_bits(dh->p);
 
@@ -840,7 +983,7 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
         kop.crk_param[3].crp_nbits = keylen * 8;
         kop.crk_oparams = 1;
 
-        if (ioctl(cryptodev_fd, CIOCKEY, &kop) == -1) {
+        if (ioctl(fd, CIOCKEY, &kop) == -1) {
                 const DH_METHOD *meth = DH_OpenSSL();
 
                 dhret = (meth->compute_key)(key, pub_key, dh);
@@ -854,8 +997,8 @@ err:
 static DH_METHOD cryptodev_dh = {
         "cryptodev DH method",
         NULL,                           /* cryptodev_dh_generate_key */
-        cryptodev_dh_compute_key,
-        cryptodev_mod_exp_dh,
+        NULL,
+        NULL,
         NULL,
         NULL,
         0,      /* flags */
@@ -884,11 +1027,21 @@ void
 ENGINE_load_cryptodev(void)
 {
         ENGINE *engine = ENGINE_new();
-        const RSA_METHOD *rsa_meth;
-        const DH_METHOD *dh_meth;
+        int fd;
 
         if (engine == NULL)
                 return;
+        if ((fd = get_dev_crypto()) < 0)
+                return;
+
+        /*
+         * find out what asymmetric crypto algorithms we support
+         */
+        if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
+                close(fd);
+                return;
+        }
+        close(fd);
 
         if (!ENGINE_set_id(engine, "cryptodev") ||
             !ENGINE_set_name(engine, "OpenBSD cryptodev engine") ||
@@ -900,24 +1053,52 @@ ENGINE_load_cryptodev(void)
                 return;
         }
 
-        if ((cryptodev_symfeat & CRSFEAT_RSA) &&
-            ENGINE_set_RSA(engine, &cryptodev_rsa)) {
-                rsa_meth = RSA_PKCS1_SSLeay();
+        if (ENGINE_set_RSA(engine, &cryptodev_rsa)) {
+                const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay();
+
+                cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp;
+                cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp;
                 cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc;
                 cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec;
-                cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_dec;
+                cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc;
                 cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
+                if (cryptodev_asymfeat & CRF_MOD_EXP) {
+                        cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
+                        if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
+                                cryptodev_rsa.rsa_mod_exp =
+                                    cryptodev_rsa_mod_exp;
+                        else
+                                cryptodev_rsa.rsa_mod_exp =
+                                    cryptodev_rsa_nocrt_mod_exp;
+                }
         }
 
-        if ((cryptodev_symfeat & CRSFEAT_DSA) &&
-            ENGINE_set_DSA(engine, &cryptodev_dsa)) {
+        if (ENGINE_set_DSA(engine, &cryptodev_dsa)) {
+                const DSA_METHOD *meth = DSA_OpenSSL();
+
+                memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
+                if (cryptodev_asymfeat & CRF_DSA_SIGN)
+                        cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
+                if (cryptodev_asymfeat & CRF_MOD_EXP) {
+                        cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
+                        cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
+                }
+                if (cryptodev_asymfeat & CRF_DSA_VERIFY)
+                        cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
         }
 
-        if ((cryptodev_symfeat & CRSFEAT_DH) &&
-            ENGINE_set_DH(engine, &cryptodev_dh)) {
-                dh_meth = DH_OpenSSL();
+        if (ENGINE_set_DH(engine, &cryptodev_dh)){
+                const DH_METHOD *dh_meth = DH_OpenSSL();
+
                 cryptodev_dh.generate_key = dh_meth->generate_key;
                 cryptodev_dh.compute_key = dh_meth->compute_key;
+                cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
+                if (cryptodev_asymfeat & CRF_MOD_EXP) {
+                        cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
+                        if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
+                                cryptodev_dh.compute_key =
+                                    cryptodev_dh_compute_key;
+                }
         }
 
         ENGINE_add(engine);
diff --git a/src/lib/libcrypto/engine/hw_openbsd_dev_crypto.c b/src/lib/libcrypto/engine/hw_openbsd_dev_crypto.c
new file mode 100644
index 0000000000..f946389b8a
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_openbsd_dev_crypto.c
@@ -0,0 +1,594 @@
+/* Written by Ben Laurie <ben@algroup.co.uk> August 2001 */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/engine.h>
+#include <openssl/evp.h>
+#include "eng_int.h"
+/* Maybe this is needed? ... */
+#ifdef FLAT_INC
+#include "evp_locl.h"
+#else
+#include "../evp/evp_locl.h"
+#endif
+#include <openssl/conf.h>
+
+#ifndef OPENSSL_OPENBSD_DEV_CRYPTO
+
+void ENGINE_load_openbsd_dev_crypto(void)
+        {
+        /* This is a NOP unless OPENSSL_OPENBSD_DEV_CRYPTO is defined */
+        return;
+        }
+
+#else /* OPENSSL_OPENBSD_DEV_CRYPTO */
+
+#include <fcntl.h>
+#include <stdio.h>
+#include <errno.h>
+#include <assert.h>
+#include <unistd.h>
+#include <sys/ioctl.h>
+
+#include <crypto/cryptodev.h>
+
+/****************************************************/
+/* Declare the normal generic ENGINE stuff here ... */
+
+static int dev_crypto_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+                                const int **nids, int nid);
+static int dev_crypto_digests(ENGINE *e, const EVP_MD **digest,
+                                const int **nids, int nid);
+
+static const char dev_crypto_id[] = "openbsd_dev_crypto";
+static const char dev_crypto_name[] = "OpenBSD /dev/crypto";
+
+static long allow_misaligned;
+
+#define DEV_CRYPTO_CMD_ALLOW_MISALIGNED         ENGINE_CMD_BASE
+static const ENGINE_CMD_DEFN dev_crypto_cmd_defns[]=
+        {
+        { DEV_CRYPTO_CMD_ALLOW_MISALIGNED,
+          "allow_misaligned",
+          "Permit misaligned data to be used",
+          ENGINE_CMD_FLAG_NUMERIC },
+        { 0, NULL, NULL, 0 }
+        };
+
+static int dev_crypto_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+        {
+        switch(cmd)
+                {
+        case DEV_CRYPTO_CMD_ALLOW_MISALIGNED:
+                allow_misaligned=i;
+                printf("allow misaligned=%ld\n",allow_misaligned);
+                break;
+                }
+
+        return 1;
+        }
+
+static ENGINE *engine_openbsd_dev_crypto(void)
+        {
+        ENGINE *engine=ENGINE_new();
+
+        if(!ENGINE_set_id(engine, dev_crypto_id) ||
+           !ENGINE_set_name(engine, dev_crypto_name) ||
+           !ENGINE_set_ciphers(engine, dev_crypto_ciphers) ||
+           !ENGINE_set_digests(engine, dev_crypto_digests) ||
+           !ENGINE_set_ctrl_function(engine, dev_crypto_ctrl) ||
+           !ENGINE_set_cmd_defns(engine, dev_crypto_cmd_defns))
+                {
+                ENGINE_free(engine);
+                return NULL;
+                }
+
+        return engine;
+        }
+
+void ENGINE_load_openbsd_dev_crypto(void)
+        {
+        /* Copied from eng_[openssl|dyn].c */
+        ENGINE *toadd = engine_openbsd_dev_crypto();
+        if(!toadd) return;
+        ENGINE_add(toadd);
+        ENGINE_free(toadd);
+        ERR_clear_error();
+        }
+
+/******************************************************************************/
+/* Clip in the stuff from crypto/evp/openbsd_hw.c here. NB: What has changed? */
+/* I've removed the exposed EVP_*** functions, they're accessed through the   */
+/* "dev_crypto_[ciphers|digests]" handlers. I've also moved the EVP_CIPHER    */
+/* and EVP_MD structures to the bottom where they are close to the handlers   */
+/* that expose them. What should be done? The global data (file-descriptors,  */
+/* etc) should be put into ENGINE's ex_data support, and per-context data     */
+/* (also file-descriptors perhaps) should be put into the contexts. Also code */
+/* formatting, fprintf statements, and OpenSSL-style error handling should be */
+/* added (dynamically, like the other ENGINEs). Also, "dynamic" support       */
+/* be added to this ENGINE once it's up and running so that it could be built */
+/* as a shared-library. What else? device initialisation should take place    */
+/* inside an ENGINE 'init()' handler (and likewise 'finish()'). ciphers and   */
+/* digests won't be used by the framework unless the ENGINE has been          */
+/* successfully initialised (that's one of the things you get for free) so    */
+/* initialisation, including returning failure if device setup fails, can be  */
+/* handled quite cleanly. This could presumably handle the opening (and then  */
+/* closing inside 'finish()') of the 'cryptodev_fd' file-descriptor).         */
+
+/* longest key supported in hardware */
+#define MAX_HW_KEY      24
+#define MAX_HW_IV       8
+
+#define MD5_DIGEST_LENGTH       16
+#define MD5_CBLOCK              64
+
+static int fd;
+static int dev_failed;
+
+typedef struct session_op session_op;
+
+#define CDATA(ctx) EVP_C_DATA(session_op,ctx)
+
+static void err(const char *str)
+    {
+    fprintf(stderr,"%s: errno %d\n",str,errno);
+    }
+
+static int dev_crypto_init(session_op *ses)
+    {
+    if(dev_failed)
+        return 0;
+    if(!fd)
+        {
+        int cryptodev_fd;
+
+        if ((cryptodev_fd=open("/dev/crypto",O_RDWR,0)) < 0)
+            {
+            err("/dev/crypto");
+            dev_failed=1;
+            return 0;
+            }
+        if (ioctl(cryptodev_fd,CRIOGET,&fd) == -1)
+            {
+            err("CRIOGET failed");
+            close(cryptodev_fd);
+            dev_failed=1;
+            return 0;
+            }
+        close(cryptodev_fd);
+        }
+    assert(ses);
+    memset(ses,'\0',sizeof *ses);
+
+    return 1;
+    }
+
+static int dev_crypto_cleanup(EVP_CIPHER_CTX *ctx)
+    {
+    fprintf(stderr,"cleanup %d\n",CDATA(ctx)->ses);
+    if(ioctl(fd,CIOCFSESSION,&CDATA(ctx)->ses) == -1)
+        err("CIOCFSESSION failed");
+
+    OPENSSL_free(CDATA(ctx)->key);
+
+    return 1;
+    }
+
+static int dev_crypto_init_key(EVP_CIPHER_CTX *ctx,int cipher,
+                               const unsigned char *key,int klen)
+    {
+    if(!dev_crypto_init(CDATA(ctx)))
+        return 0;
+
+    CDATA(ctx)->key=OPENSSL_malloc(MAX_HW_KEY);
+
+    assert(ctx->cipher->iv_len <= MAX_HW_IV);
+
+    memcpy(CDATA(ctx)->key,key,klen);
+    
+    CDATA(ctx)->cipher=cipher;
+    CDATA(ctx)->keylen=klen;
+
+    if (ioctl(fd,CIOCGSESSION,CDATA(ctx)) == -1)
+        {
+        err("CIOCGSESSION failed");
+        return 0;
+        }
+    return 1;
+    }
+
+static int dev_crypto_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
+                             const unsigned char *in,unsigned int inl)
+    {
+    struct crypt_op cryp;
+    unsigned char lb[MAX_HW_IV];
+
+    if(!inl)
+        return 1;
+
+    assert(CDATA(ctx));
+    assert(!dev_failed);
+
+    memset(&cryp,'\0',sizeof cryp);
+    cryp.ses=CDATA(ctx)->ses;
+    cryp.op=ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
+    cryp.flags=0;
+    cryp.len=inl;
+    assert((inl&(ctx->cipher->block_size-1)) == 0);
+    cryp.src=(caddr_t)in;
+    cryp.dst=(caddr_t)out;
+    cryp.mac=0;
+    if(ctx->cipher->iv_len)
+        cryp.iv=(caddr_t)ctx->iv;
+
+    if(!ctx->encrypt)
+        memcpy(lb,&in[cryp.len-ctx->cipher->iv_len],ctx->cipher->iv_len);
+
+    if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
+        {
+        if(errno == EINVAL) /* buffers are misaligned */
+            {
+            unsigned int cinl=0;
+            char *cin=NULL;
+            char *cout=NULL;
+
+            /* NB: this can only make cinl != inl with stream ciphers */
+            cinl=(inl+3)/4*4;
+
+            if(((unsigned long)in&3) || cinl != inl)
+                {
+                cin=OPENSSL_malloc(cinl);
+                memcpy(cin,in,inl);
+                cryp.src=cin;
+                }
+
+            if(((unsigned long)out&3) || cinl != inl)
+                {
+                cout=OPENSSL_malloc(cinl);
+                cryp.dst=cout;
+                }
+
+            cryp.len=cinl;
+
+            if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
+                {
+                err("CIOCCRYPT(2) failed");
+                printf("src=%p dst=%p\n",cryp.src,cryp.dst);
+                abort();
+                return 0;
+                }
+                
+            if(cout)
+                {
+                memcpy(out,cout,inl);
+                OPENSSL_free(cout);
+                }
+            if(cin)
+                OPENSSL_free(cin);
+            }
+        else 
+            {       
+            err("CIOCCRYPT failed");
+            abort();
+            return 0;
+            }
+        }
+
+    if(ctx->encrypt)
+        memcpy(ctx->iv,&out[cryp.len-ctx->cipher->iv_len],ctx->cipher->iv_len);
+    else
+        memcpy(ctx->iv,lb,ctx->cipher->iv_len);
+
+    return 1;
+    }
+
+static int dev_crypto_des_ede3_init_key(EVP_CIPHER_CTX *ctx,
+                                        const unsigned char *key,
+                                        const unsigned char *iv, int enc)
+    { return dev_crypto_init_key(ctx,CRYPTO_3DES_CBC,key,24); }
+
+static int dev_crypto_rc4_init_key(EVP_CIPHER_CTX *ctx,
+                                        const unsigned char *key,
+                                        const unsigned char *iv, int enc)
+    { return dev_crypto_init_key(ctx,CRYPTO_ARC4,key,16); }
+
+typedef struct
+    {
+    session_op sess;
+    char *data;
+    int len;
+    unsigned char md[EVP_MAX_MD_SIZE];
+    } MD_DATA;
+
+static int dev_crypto_init_digest(MD_DATA *md_data,int mac)
+    {
+    if(!dev_crypto_init(&md_data->sess))
+        return 0;
+
+    md_data->len=0;
+    md_data->data=NULL;
+
+    md_data->sess.mac=mac;
+
+    if (ioctl(fd,CIOCGSESSION,&md_data->sess) == -1)
+        {
+        err("CIOCGSESSION failed");
+        return 0;
+        }
+    fprintf(stderr,"opened %d\n",md_data->sess.ses);
+    return 1;
+    }
+
+static int dev_crypto_cleanup_digest(MD_DATA *md_data)
+    {
+    fprintf(stderr,"cleanup %d\n",md_data->sess.ses);
+    if (ioctl(fd,CIOCFSESSION,&md_data->sess.ses) == -1)
+        {
+        err("CIOCFSESSION failed");
+        return 0;
+        }
+
+    return 1;
+    }
+
+/* FIXME: if device can do chained MACs, then don't accumulate */
+/* FIXME: move accumulation to the framework */
+static int dev_crypto_md5_init(EVP_MD_CTX *ctx)
+    { return dev_crypto_init_digest(ctx->md_data,CRYPTO_MD5); }
+
+static int do_digest(int ses,unsigned char *md,const void *data,int len)
+    {
+    struct crypt_op cryp;
+    static unsigned char md5zero[16]=
+        {
+        0xd4,0x1d,0x8c,0xd9,0x8f,0x00,0xb2,0x04,
+        0xe9,0x80,0x09,0x98,0xec,0xf8,0x42,0x7e
+        };
+
+    /* some cards can't do zero length */
+    if(!len)
+        {
+        memcpy(md,md5zero,16);
+        return 1;
+        }
+
+    memset(&cryp,'\0',sizeof cryp);
+    cryp.ses=ses;
+    cryp.op=COP_ENCRYPT;/* required to do the MAC rather than check it */
+    cryp.len=len;
+    cryp.src=(caddr_t)data;
+    cryp.dst=(caddr_t)data; // FIXME!!!
+    cryp.mac=(caddr_t)md;
+
+    if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
+        {
+        if(errno == EINVAL && allow_misaligned) /* buffer is misaligned */
+            {
+            char *dcopy;
+
+            dcopy=OPENSSL_malloc(len);
+            memcpy(dcopy,data,len);
+            cryp.src=dcopy;
+            cryp.dst=cryp.src; // FIXME!!!
+
+            if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
+                {
+                err("CIOCCRYPT(MAC2) failed");
+                abort();
+                return 0;
+                }
+            OPENSSL_free(dcopy);
+            }
+        else
+            {
+            err("CIOCCRYPT(MAC) failed");
+            abort();
+            return 0;
+            }
+        }
+    //    printf("done\n");
+
+    return 1;
+    }
+
+static int dev_crypto_md5_update(EVP_MD_CTX *ctx,const void *data,
+                                 unsigned long len)
+    {
+    MD_DATA *md_data=ctx->md_data;
+
+    if(ctx->flags&EVP_MD_CTX_FLAG_ONESHOT)
+        return do_digest(md_data->sess.ses,md_data->md,data,len);
+
+    md_data->data=OPENSSL_realloc(md_data->data,md_data->len+len);
+    memcpy(md_data->data+md_data->len,data,len);
+    md_data->len+=len;
+
+    return 1;
+    }   
+
+static int dev_crypto_md5_final(EVP_MD_CTX *ctx,unsigned char *md)
+    {
+    int ret;
+    MD_DATA *md_data=ctx->md_data;
+
+    if(ctx->flags&EVP_MD_CTX_FLAG_ONESHOT)
+        {
+        memcpy(md,md_data->md,MD5_DIGEST_LENGTH);
+        ret=1;
+        }
+    else
+        {
+        ret=do_digest(md_data->sess.ses,md,md_data->data,md_data->len);
+        OPENSSL_free(md_data->data);
+        md_data->data=NULL;
+        md_data->len=0;
+        }
+
+    return ret;
+    }
+
+static int dev_crypto_md5_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
+    {
+    const MD_DATA *from_md=from->md_data;
+    MD_DATA *to_md=to->md_data;
+
+    // How do we copy sessions?
+    assert(from->digest->flags&EVP_MD_FLAG_ONESHOT);
+
+    to_md->data=OPENSSL_malloc(from_md->len);
+    memcpy(to_md->data,from_md->data,from_md->len);
+
+    return 1;
+    }
+
+static int dev_crypto_md5_cleanup(EVP_MD_CTX *ctx)
+    {
+    return dev_crypto_cleanup_digest(ctx->md_data);
+    }
+
+/**************************************************************************/
+/* Here are the moved declarations of the EVP_CIPHER and EVP_MD           */
+/* implementations. They're down here to be within easy editor-distance   */
+/* of the digests and ciphers handler functions.                          */
+
+#define dev_crypto_des_ede3_cbc_cipher dev_crypto_cipher
+
+BLOCK_CIPHER_def_cbc(dev_crypto_des_ede3, session_op, NID_des_ede3, 8, 24, 8,
+                     0, dev_crypto_des_ede3_init_key,
+                     dev_crypto_cleanup, 
+                     EVP_CIPHER_set_asn1_iv,
+                     EVP_CIPHER_get_asn1_iv,
+                     NULL)
+
+static const EVP_CIPHER r4_cipher=
+    {
+    NID_rc4,
+    1,16,0,     /* FIXME: key should be up to 256 bytes */
+    EVP_CIPH_VARIABLE_LENGTH,
+    dev_crypto_rc4_init_key,
+    dev_crypto_cipher,
+    dev_crypto_cleanup,
+    sizeof(session_op),
+    NULL,
+    NULL,
+    NULL
+    };
+
+static const EVP_MD md5_md=
+    {
+    NID_md5,
+    NID_md5WithRSAEncryption,
+    MD5_DIGEST_LENGTH,
+    EVP_MD_FLAG_ONESHOT,        // XXX: set according to device info...
+    dev_crypto_md5_init,
+    dev_crypto_md5_update,
+    dev_crypto_md5_final,
+    dev_crypto_md5_copy,
+    dev_crypto_md5_cleanup,
+    EVP_PKEY_RSA_method,
+    MD5_CBLOCK,
+    sizeof(MD_DATA),
+    };
+
+/****************************************************************/
+/* Implement the dev_crypto_[ciphers|digests] handlers here ... */
+
+static int cipher_nids[] = {NID_des_ede3_cbc, NID_rc4};
+static int cipher_nids_num = 2;
+static int digest_nids[] = {NID_md5};
+static int digest_nids_num = 1;
+
+static int dev_crypto_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+                                const int **nids, int nid)
+        {
+        if(!cipher)
+                {
+                /* We are returning a list of supported nids */
+                *nids = cipher_nids;
+                return cipher_nids_num;
+                }
+        /* We are being asked for a specific cipher */
+        if(nid == NID_rc4)
+                *cipher = &r4_cipher;
+        else if(nid == NID_des_ede3_cbc)
+                *cipher = &dev_crypto_des_ede3_cbc;
+        else
+                {
+                *cipher = NULL;
+                return 0;
+                }
+        return 1;
+        }
+
+static int dev_crypto_digests(ENGINE *e, const EVP_MD **digest,
+                                const int **nids, int nid)
+        {
+        if(!digest)
+                {
+                /* We are returning a list of supported nids */
+                *nids = digest_nids;
+                return digest_nids_num;
+                }
+        /* We are being asked for a specific digest */
+        if(nid == NID_md5)
+                *digest = &md5_md;
+        else
+                {
+                *digest = NULL;
+                return 0;
+                }
+        return 1;
+        }
+
+#endif /* OPENSSL_OPENBSD_DEV_CRYPTO */
diff --git a/src/lib/libcrypto/engine/hw_ubsec.c b/src/lib/libcrypto/engine/hw_ubsec.c
index ed8401ec16..63397f868c 100644
--- a/src/lib/libcrypto/engine/hw_ubsec.c
+++ b/src/lib/libcrypto/engine/hw_ubsec.c
@@ -93,7 +93,7 @@ static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
 static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
 #ifndef OPENSSL_NO_DSA
-#ifdef NOT_USED
+#if NOT_USED
 static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
                 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
                 BN_CTX *ctx, BN_MONT_CTX *in_mont);
@@ -113,7 +113,7 @@ static int ubsec_dh_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh)
 static int ubsec_dh_generate_key(DH *dh);
 #endif
 
-#ifdef NOT_USED
+#if NOT_USED
 static int ubsec_rand_bytes(unsigned char *buf, int num);
 static int ubsec_rand_status(void);
 #endif
@@ -663,7 +663,7 @@ static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 }
 
 #ifndef OPENSSL_NO_DSA
-#ifdef NOT_USED
+#if NOT_USED
 static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
                 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
                 BN_CTX *ctx, BN_MONT_CTX *in_mont)
@@ -987,7 +987,7 @@ err:
         }
 #endif
 
-#ifdef NOT_USED
+#if NOT_USED
 static int ubsec_rand_bytes(unsigned char * buf,
                             int num)
         {
diff --git a/src/lib/libcrypto/engine/tb_cipher.c b/src/lib/libcrypto/engine/tb_cipher.c
new file mode 100644
index 0000000000..c5a50fc910
--- /dev/null
+++ b/src/lib/libcrypto/engine/tb_cipher.c
@@ -0,0 +1,145 @@
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include "eng_int.h"
+
+/* If this symbol is defined then ENGINE_get_cipher_engine(), the function that
+ * is used by EVP to hook in cipher code and cache defaults (etc), will display
+ * brief debugging summaries to stderr with the 'nid'. */
+/* #define ENGINE_CIPHER_DEBUG */
+
+static ENGINE_TABLE *cipher_table = NULL;
+
+void ENGINE_unregister_ciphers(ENGINE *e)
+        {
+        engine_table_unregister(&cipher_table, e);
+        }
+
+static void engine_unregister_all_ciphers(void)
+        {
+        engine_table_cleanup(&cipher_table);
+        }
+
+int ENGINE_register_ciphers(ENGINE *e)
+        {
+        if(e->ciphers)
+                {
+                const int *nids;
+                int num_nids = e->ciphers(e, NULL, &nids, 0);
+                if(num_nids > 0)
+                        return engine_table_register(&cipher_table,
+                                        &engine_unregister_all_ciphers, e, nids,
+                                        num_nids, 0);
+                }
+        return 1;
+        }
+
+void ENGINE_register_all_ciphers()
+        {
+        ENGINE *e;
+
+        for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
+                ENGINE_register_ciphers(e);
+        }
+
+int ENGINE_set_default_ciphers(ENGINE *e)
+        {
+        if(e->ciphers)
+                {
+                const int *nids;
+                int num_nids = e->ciphers(e, NULL, &nids, 0);
+                if(num_nids > 0)
+                        return engine_table_register(&cipher_table,
+                                        &engine_unregister_all_ciphers, e, nids,
+                                        num_nids, 1);
+                }
+        return 1;
+        }
+
+/* Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references) for a given cipher 'nid' */
+ENGINE *ENGINE_get_cipher_engine(int nid)
+        {
+        return engine_table_select(&cipher_table, nid);
+        }
+
+/* Obtains a cipher implementation from an ENGINE functional reference */
+const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid)
+        {
+        const EVP_CIPHER *ret;
+        ENGINE_CIPHERS_PTR fn = ENGINE_get_ciphers(e);
+        if(!fn || !fn(e, &ret, NULL, nid))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_GET_CIPHER,
+                                ENGINE_R_UNIMPLEMENTED_CIPHER);
+                return NULL;
+                }
+        return ret;
+        }
+
+/* Gets the cipher callback from an ENGINE structure */
+ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e)
+        {
+        return e->ciphers;
+        }
+
+/* Sets the cipher callback in an ENGINE structure */
+int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f)
+        {
+        e->ciphers = f;
+        return 1;
+        }
diff --git a/src/lib/libcrypto/engine/tb_dh.c b/src/lib/libcrypto/engine/tb_dh.c
new file mode 100644
index 0000000000..c9347235ea
--- /dev/null
+++ b/src/lib/libcrypto/engine/tb_dh.c
@@ -0,0 +1,120 @@
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include "eng_int.h"
+
+/* If this symbol is defined then ENGINE_get_default_DH(), the function that is
+ * used by DH to hook in implementation code and cache defaults (etc), will
+ * display brief debugging summaries to stderr with the 'nid'. */
+/* #define ENGINE_DH_DEBUG */
+
+static ENGINE_TABLE *dh_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_DH(ENGINE *e)
+        {
+        engine_table_unregister(&dh_table, e);
+        }
+
+static void engine_unregister_all_DH(void)
+        {
+        engine_table_cleanup(&dh_table);
+        }
+
+int ENGINE_register_DH(ENGINE *e)
+        {
+        if(e->dh_meth)
+                return engine_table_register(&dh_table,
+                                &engine_unregister_all_DH, e, &dummy_nid, 1, 0);
+        return 1;
+        }
+
+void ENGINE_register_all_DH()
+        {
+        ENGINE *e;
+
+        for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
+                ENGINE_register_DH(e);
+        }
+
+int ENGINE_set_default_DH(ENGINE *e)
+        {
+        if(e->dh_meth)
+                return engine_table_register(&dh_table,
+                                &engine_unregister_all_DH, e, &dummy_nid, 1, 1);
+        return 1;
+        }
+
+/* Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references). */
+ENGINE *ENGINE_get_default_DH(void)
+        {
+        return engine_table_select(&dh_table, dummy_nid);
+        }
+
+/* Obtains an DH implementation from an ENGINE functional reference */
+const DH_METHOD *ENGINE_get_DH(const ENGINE *e)
+        {
+        return e->dh_meth;
+        }
+
+/* Sets an DH implementation in an ENGINE structure */
+int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth)
+        {
+        e->dh_meth = dh_meth;
+        return 1;
+        }
diff --git a/src/lib/libcrypto/engine/tb_digest.c b/src/lib/libcrypto/engine/tb_digest.c
new file mode 100644
index 0000000000..2c4dd6f796
--- /dev/null
+++ b/src/lib/libcrypto/engine/tb_digest.c
@@ -0,0 +1,145 @@
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include "eng_int.h"
+
+/* If this symbol is defined then ENGINE_get_digest_engine(), the function that
+ * is used by EVP to hook in digest code and cache defaults (etc), will display
+ * brief debugging summaries to stderr with the 'nid'. */
+/* #define ENGINE_DIGEST_DEBUG */
+
+static ENGINE_TABLE *digest_table = NULL;
+
+void ENGINE_unregister_digests(ENGINE *e)
+        {
+        engine_table_unregister(&digest_table, e);
+        }
+
+static void engine_unregister_all_digests(void)
+        {
+        engine_table_cleanup(&digest_table);
+        }
+
+int ENGINE_register_digests(ENGINE *e)
+        {
+        if(e->digests)
+                {
+                const int *nids;
+                int num_nids = e->digests(e, NULL, &nids, 0);
+                if(num_nids > 0)
+                        return engine_table_register(&digest_table,
+                                        &engine_unregister_all_digests, e, nids,
+                                        num_nids, 0);
+                }
+        return 1;
+        }
+
+void ENGINE_register_all_digests()
+        {
+        ENGINE *e;
+
+        for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
+                ENGINE_register_digests(e);
+        }
+
+int ENGINE_set_default_digests(ENGINE *e)
+        {
+        if(e->digests)
+                {
+                const int *nids;
+                int num_nids = e->digests(e, NULL, &nids, 0);
+                if(num_nids > 0)
+                        return engine_table_register(&digest_table,
+                                        &engine_unregister_all_digests, e, nids,
+                                        num_nids, 1);
+                }
+        return 1;
+        }
+
+/* Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references) for a given digest 'nid' */
+ENGINE *ENGINE_get_digest_engine(int nid)
+        {
+        return engine_table_select(&digest_table, nid);
+        }
+
+/* Obtains a digest implementation from an ENGINE functional reference */
+const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid)
+        {
+        const EVP_MD *ret;
+        ENGINE_DIGESTS_PTR fn = ENGINE_get_digests(e);
+        if(!fn || !fn(e, &ret, NULL, nid))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_GET_DIGEST,
+                                ENGINE_R_UNIMPLEMENTED_DIGEST);
+                return NULL;
+                }
+        return ret;
+        }
+
+/* Gets the digest callback from an ENGINE structure */
+ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e)
+        {
+        return e->digests;
+        }
+
+/* Sets the digest callback in an ENGINE structure */
+int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f)
+        {
+        e->digests = f;
+        return 1;
+        }
diff --git a/src/lib/libcrypto/engine/tb_dsa.c b/src/lib/libcrypto/engine/tb_dsa.c
new file mode 100644
index 0000000000..e9209476b8
--- /dev/null
+++ b/src/lib/libcrypto/engine/tb_dsa.c
@@ -0,0 +1,120 @@
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include "eng_int.h"
+
+/* If this symbol is defined then ENGINE_get_default_DSA(), the function that is
+ * used by DSA to hook in implementation code and cache defaults (etc), will
+ * display brief debugging summaries to stderr with the 'nid'. */
+/* #define ENGINE_DSA_DEBUG */
+
+static ENGINE_TABLE *dsa_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_DSA(ENGINE *e)
+        {
+        engine_table_unregister(&dsa_table, e);
+        }
+
+static void engine_unregister_all_DSA(void)
+        {
+        engine_table_cleanup(&dsa_table);
+        }
+
+int ENGINE_register_DSA(ENGINE *e)
+        {
+        if(e->dsa_meth)
+                return engine_table_register(&dsa_table,
+                                &engine_unregister_all_DSA, e, &dummy_nid, 1, 0);
+        return 1;
+        }
+
+void ENGINE_register_all_DSA()
+        {
+        ENGINE *e;
+
+        for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
+                ENGINE_register_DSA(e);
+        }
+
+int ENGINE_set_default_DSA(ENGINE *e)
+        {
+        if(e->dsa_meth)
+                return engine_table_register(&dsa_table,
+                                &engine_unregister_all_DSA, e, &dummy_nid, 1, 0);
+        return 1;
+        }
+
+/* Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references). */
+ENGINE *ENGINE_get_default_DSA(void)
+        {
+        return engine_table_select(&dsa_table, dummy_nid);
+        }
+
+/* Obtains an DSA implementation from an ENGINE functional reference */
+const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e)
+        {
+        return e->dsa_meth;
+        }
+
+/* Sets an DSA implementation in an ENGINE structure */
+int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth)
+        {
+        e->dsa_meth = dsa_meth;
+        return 1;
+        }
diff --git a/src/lib/libcrypto/engine/tb_rand.c b/src/lib/libcrypto/engine/tb_rand.c
new file mode 100644
index 0000000000..0b1d031f1e
--- /dev/null
+++ b/src/lib/libcrypto/engine/tb_rand.c
@@ -0,0 +1,120 @@
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include "eng_int.h"
+
+/* If this symbol is defined then ENGINE_get_default_RAND(), the function that is
+ * used by RAND to hook in implementation code and cache defaults (etc), will
+ * display brief debugging summaries to stderr with the 'nid'. */
+/* #define ENGINE_RAND_DEBUG */
+
+static ENGINE_TABLE *rand_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_RAND(ENGINE *e)
+        {
+        engine_table_unregister(&rand_table, e);
+        }
+
+static void engine_unregister_all_RAND(void)
+        {
+        engine_table_cleanup(&rand_table);
+        }
+
+int ENGINE_register_RAND(ENGINE *e)
+        {
+        if(e->rand_meth)
+                return engine_table_register(&rand_table,
+                                &engine_unregister_all_RAND, e, &dummy_nid, 1, 0);
+        return 1;
+        }
+
+void ENGINE_register_all_RAND()
+        {
+        ENGINE *e;
+
+        for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
+                ENGINE_register_RAND(e);
+        }
+
+int ENGINE_set_default_RAND(ENGINE *e)
+        {
+        if(e->rand_meth)
+                return engine_table_register(&rand_table,
+                                &engine_unregister_all_RAND, e, &dummy_nid, 1, 1);
+        return 1;
+        }
+
+/* Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references). */
+ENGINE *ENGINE_get_default_RAND(void)
+        {
+        return engine_table_select(&rand_table, dummy_nid);
+        }
+
+/* Obtains an RAND implementation from an ENGINE functional reference */
+const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e)
+        {
+        return e->rand_meth;
+        }
+
+/* Sets an RAND implementation in an ENGINE structure */
+int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth)
+        {
+        e->rand_meth = rand_meth;
+        return 1;
+        }
diff --git a/src/lib/libcrypto/engine/tb_rsa.c b/src/lib/libcrypto/engine/tb_rsa.c
new file mode 100644
index 0000000000..f84fea3968
--- /dev/null
+++ b/src/lib/libcrypto/engine/tb_rsa.c
@@ -0,0 +1,120 @@
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include "eng_int.h"
+
+/* If this symbol is defined then ENGINE_get_default_RSA(), the function that is
+ * used by RSA to hook in implementation code and cache defaults (etc), will
+ * display brief debugging summaries to stderr with the 'nid'. */
+/* #define ENGINE_RSA_DEBUG */
+
+static ENGINE_TABLE *rsa_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_RSA(ENGINE *e)
+        {
+        engine_table_unregister(&rsa_table, e);
+        }
+
+static void engine_unregister_all_RSA(void)
+        {
+        engine_table_cleanup(&rsa_table);
+        }
+
+int ENGINE_register_RSA(ENGINE *e)
+        {
+        if(e->rsa_meth)
+                return engine_table_register(&rsa_table,
+                                &engine_unregister_all_RSA, e, &dummy_nid, 1, 0);
+        return 1;
+        }
+
+void ENGINE_register_all_RSA()
+        {
+        ENGINE *e;
+
+        for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
+                ENGINE_register_RSA(e);
+        }
+
+int ENGINE_set_default_RSA(ENGINE *e)
+        {
+        if(e->rsa_meth)
+                return engine_table_register(&rsa_table,
+                                &engine_unregister_all_RSA, e, &dummy_nid, 1, 1);
+        return 1;
+        }
+
+/* Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references). */
+ENGINE *ENGINE_get_default_RSA(void)
+        {
+        return engine_table_select(&rsa_table, dummy_nid);
+        }
+
+/* Obtains an RSA implementation from an ENGINE functional reference */
+const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e)
+        {
+        return e->rsa_meth;
+        }
+
+/* Sets an RSA implementation in an ENGINE structure */
+int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth)
+        {
+        e->rsa_meth = rsa_meth;
+        return 1;
+        }