8 files changed, 84 insertions, 30 deletions

diff --git a/crypto/engine/Makefile.ssl b/crypto/engine/Makefile.ssl
index 65cab35c4c..a124654b0d 100644
--- a/crypto/engine/Makefile.ssl
+++ b/crypto/engine/Makefile.ssl
@@ -110,6 +110,29 @@ eng_cnf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
 eng_cnf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 eng_cnf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 eng_cnf.o: ../../include/openssl/ui.h ../cryptlib.h eng_cnf.c
+eng_cryptodev.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+eng_cryptodev.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+eng_cryptodev.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+eng_cryptodev.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+eng_cryptodev.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+eng_cryptodev.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+eng_cryptodev.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+eng_cryptodev.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+eng_cryptodev.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+eng_cryptodev.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+eng_cryptodev.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+eng_cryptodev.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+eng_cryptodev.o: ../../include/openssl/obj_mac.h
+eng_cryptodev.o: ../../include/openssl/objects.h
+eng_cryptodev.o: ../../include/openssl/opensslconf.h
+eng_cryptodev.o: ../../include/openssl/opensslv.h
+eng_cryptodev.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+eng_cryptodev.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+eng_cryptodev.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+eng_cryptodev.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+eng_cryptodev.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+eng_cryptodev.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_cryptodev.o: ../../include/openssl/ui_compat.h eng_cryptodev.c
 eng_ctrl.o: ../../e_os.h ../../include/openssl/asn1.h
 eng_ctrl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 eng_ctrl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c
index 5803c0123a..61ae230570 100644
--- a/crypto/engine/eng_dyn.c
+++ b/crypto/engine/eng_dyn.c
@@ -500,6 +500,7 @@ static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)
 	 * engine.h, much of this would be simplified if each area of code
 	 * provided its own "summary" structure of all related callbacks. It
 	 * would also increase opaqueness. */
+	fns.static_state = ENGINE_get_static_state();
 	fns.err_fns = ERR_get_implementation();
 	fns.ex_data_fns = CRYPTO_get_ex_data_implementation();
 	CRYPTO_get_mem_functions(&fns.mem_fns.malloc_cb,
diff --git a/crypto/engine/eng_err.c b/crypto/engine/eng_err.c
index f6c5630395..814d95ee32 100644
--- a/crypto/engine/eng_err.c
+++ b/crypto/engine/eng_err.c
@@ -1,6 +1,6 @@
 /* crypto/engine/eng_err.c */
 /* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -96,6 +96,7 @@ static ERR_STRING_DATA ENGINE_str_functs[]=
 {ERR_PACK(0,ENGINE_F_ENGINE_SET_NAME,0),	"ENGINE_set_name"},
 {ERR_PACK(0,ENGINE_F_ENGINE_TABLE_REGISTER,0),	"ENGINE_TABLE_REGISTER"},
 {ERR_PACK(0,ENGINE_F_ENGINE_UNLOAD_KEY,0),	"ENGINE_UNLOAD_KEY"},
+{ERR_PACK(0,ENGINE_F_ENGINE_UP_REF,0),	"ENGINE_up_ref"},
 {ERR_PACK(0,ENGINE_F_INT_CTRL_HELPER,0),	"INT_CTRL_HELPER"},
 {ERR_PACK(0,ENGINE_F_INT_ENGINE_CONFIGURE,0),	"INT_ENGINE_CONFIGURE"},
 {ERR_PACK(0,ENGINE_F_LOG_MESSAGE,0),	"LOG_MESSAGE"},
diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c
index a66d0f08af..999061a8ed 100644
--- a/crypto/engine/eng_lib.c
+++ b/crypto/engine/eng_lib.c
@@ -319,3 +319,13 @@ const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e)
 	{
 	return e->cmd_defns;
 	}
+
+/* eng_lib.o is pretty much linked into anything that touches ENGINE already, so
+ * put the "static_state" hack here. */
+
+static int internal_static_hack = 0;
+
+void *ENGINE_get_static_state(void)
+	{
+	return &internal_static_hack;
+	}
diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c
index b41e6ba0f7..55b646da24 100644
--- a/crypto/engine/eng_list.c
+++ b/crypto/engine/eng_list.c
@@ -196,14 +196,14 @@ ENGINE *ENGINE_get_first(void)
 	{
 	ENGINE *ret;
 
-	CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
 	ret = engine_list_head;
 	if(ret)
 		{
 		ret->struct_ref++;
 		engine_ref_debug(ret, 0, 1)
 		}
-	CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
 	return ret;
 	}
 
@@ -211,14 +211,14 @@ ENGINE *ENGINE_get_last(void)
 	{
 	ENGINE *ret;
 
-	CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
-		ret = engine_list_tail;
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+	ret = engine_list_tail;
 	if(ret)
 		{
 		ret->struct_ref++;
 		engine_ref_debug(ret, 0, 1)
 		}
-	CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
 	return ret;
 	}
 
@@ -232,7 +232,7 @@ ENGINE *ENGINE_get_next(ENGINE *e)
 			ERR_R_PASSED_NULL_PARAMETER);
 		return 0;
 		}
-	CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
 	ret = e->next;
 	if(ret)
 		{
@@ -240,7 +240,7 @@ ENGINE *ENGINE_get_next(ENGINE *e)
 		ret->struct_ref++;
 		engine_ref_debug(ret, 0, 1)
 		}
-	CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
 	/* Release the structural reference to the previous ENGINE */
 	ENGINE_free(e);
 	return ret;
@@ -255,7 +255,7 @@ ENGINE *ENGINE_get_prev(ENGINE *e)
 			ERR_R_PASSED_NULL_PARAMETER);
 		return 0;
 		}
-	CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
 	ret = e->prev;
 	if(ret)
 		{
@@ -263,7 +263,7 @@ ENGINE *ENGINE_get_prev(ENGINE *e)
 		ret->struct_ref++;
 		engine_ref_debug(ret, 0, 1)
 		}
-	CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
 	/* Release the structural reference to the previous ENGINE */
 	ENGINE_free(e);
 	return ret;
@@ -358,7 +358,7 @@ ENGINE *ENGINE_by_id(const char *id)
 			ERR_R_PASSED_NULL_PARAMETER);
 		return NULL;
 		}
-	CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
 	iterator = engine_list_head;
 	while(iterator && (strcmp(id, iterator->id) != 0))
 		iterator = iterator->next;
@@ -384,7 +384,7 @@ ENGINE *ENGINE_by_id(const char *id)
 			engine_ref_debug(iterator, 0, 1)
 			}
 		}
-	CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
 #if 0
 	if(iterator == NULL)
 		{
@@ -416,3 +416,14 @@ notfound:
 	/* EEK! Experimental code ends */
 #endif
 	}
+
+int ENGINE_up_ref(ENGINE *e)
+	{
+	if (e == NULL)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_UP_REF,ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+	CRYPTO_add(&e->struct_ref,1,CRYPTO_LOCK_ENGINE);
+	return 1;
+	}
diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c
index 45fa61834b..e28951cbc4 100644
--- a/crypto/engine/eng_openssl.c
+++ b/crypto/engine/eng_openssl.c
@@ -68,6 +68,7 @@
 #include <openssl/engine.h>
 #include <openssl/dso.h>
 #include <openssl/pem.h>
+#include <openssl/evp.h>
 
 /* This testing gunk is implemented (and explained) lower down. It also assumes
  * the application explicitly calls "ENGINE_load_openssl()" because this is no
@@ -191,7 +192,6 @@ IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
  *        the "init_key" handler is called.
  *    TEST_ENG_OPENSSL_RC4_P_CIPHER - ditto for the "cipher" handler.
  */
-#include <openssl/evp.h>
 #include <openssl/rc4.h>
 #define TEST_RC4_KEY_SIZE		16
 static int test_cipher_nids[] = {NID_rc4,NID_rc4_40};
@@ -276,7 +276,6 @@ static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
 
 #ifdef TEST_ENG_OPENSSL_SHA
 /* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */
-#include <openssl/evp.h>
 #include <openssl/sha.h>
 static int test_digest_nids[] = {NID_sha1};
 static int test_digest_nids_number = 1;
diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
index 7bc5b4f490..3b951eb3e2 100644
--- a/crypto/engine/engine.h
+++ b/crypto/engine/engine.h
@@ -318,6 +318,7 @@ ENGINE *ENGINE_by_id(const char *id);
 /* Add all the built-in engines. */
 void ENGINE_load_openssl(void);
 void ENGINE_load_dynamic(void);
+#ifndef OPENSSL_NO_STATIC_ENGINE
 void ENGINE_load_cswift(void);
 void ENGINE_load_chil(void);
 void ENGINE_load_atalla(void);
@@ -326,6 +327,7 @@ void ENGINE_load_ubsec(void);
 void ENGINE_load_aep(void);
 void ENGINE_load_sureware(void);
 void ENGINE_load_4758cca(void);
+#endif
 void ENGINE_load_cryptodev(void);
 void ENGINE_load_builtin_engines(void);
 
@@ -433,6 +435,7 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
  * compatibility! */
 ENGINE *ENGINE_new(void);
 int ENGINE_free(ENGINE *e);
+int ENGINE_up_ref(ENGINE *e);
 int ENGINE_set_id(ENGINE *e, const char *id);
 int ENGINE_set_name(ENGINE *e, const char *name);
 int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
@@ -566,17 +569,20 @@ void ENGINE_add_conf_module(void);
 /**************************/
 
 /* Binary/behaviour compatibility levels */
-#define OSSL_DYNAMIC_VERSION		(unsigned long)0x00010100
+#define OSSL_DYNAMIC_VERSION		(unsigned long)0x00010200
 /* Binary versions older than this are too old for us (whether we're a loader or
  * a loadee) */
-#define OSSL_DYNAMIC_OLDEST		(unsigned long)0x00010100
+#define OSSL_DYNAMIC_OLDEST		(unsigned long)0x00010200
 
 /* When compiling an ENGINE entirely as an external shared library, loadable by
  * the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure
  * type provides the calling application's (or library's) error functionality
  * and memory management function pointers to the loaded library. These should
  * be used/set in the loaded library code so that the loading application's
- * 'state' will be used/changed in all operations. */
+ * 'state' will be used/changed in all operations. The 'static_state' pointer
+ * allows the loaded library to know if it shares the same static data as the
+ * calling application (or library), and thus whether these callbacks need to be
+ * set or not. */
 typedef void *(*dyn_MEM_malloc_cb)(size_t);
 typedef void *(*dyn_MEM_realloc_cb)(void *, size_t);
 typedef void (*dyn_MEM_free_cb)(void *);
@@ -604,6 +610,7 @@ typedef struct st_dynamic_LOCK_fns {
 	} dynamic_LOCK_fns;
 /* The top-level structure */
 typedef struct st_dynamic_fns {
+	void 					*static_state;
 	const ERR_FNS				*err_fns;
 	const CRYPTO_EX_DATA_IMPL		*ex_data_fns;
 	dynamic_MEM_fns				mem_fns;
@@ -644,6 +651,7 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
 				const dynamic_fns *fns);
 #define IMPLEMENT_DYNAMIC_BIND_FN(fn) \
 	int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \
+		if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \
 		if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \
 			fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \
 			return 0; \
@@ -655,9 +663,22 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
 		if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \
 			return 0; \
 		if(!ERR_set_implementation(fns->err_fns)) return 0; \
+	skip_cbs: \
 		if(!fn(e,id)) return 0; \
 		return 1; }
 
+/* If the loading application (or library) and the loaded ENGINE library share
+ * the same static data (eg. they're both dynamically linked to the same
+ * libcrypto.so) we need a way to avoid trying to set system callbacks - this
+ * would fail, and for the same reason that it's unnecessary to try. If the
+ * loaded ENGINE has (or gets from through the loader) its own copy of the
+ * libcrypto static data, we will need to set the callbacks. The easiest way to
+ * detect this is to have a function that returns a pointer to some static data
+ * and let the loading application and loaded ENGINE compare their respective
+ * values. */
+void *ENGINE_get_static_state(void);
+
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
@@ -697,6 +718,7 @@ void ERR_load_ENGINE_strings(void);
 #define ENGINE_F_ENGINE_SET_NAME			 130
 #define ENGINE_F_ENGINE_TABLE_REGISTER			 184
 #define ENGINE_F_ENGINE_UNLOAD_KEY			 152
+#define ENGINE_F_ENGINE_UP_REF				 190
 #define ENGINE_F_INT_CTRL_HELPER			 172
 #define ENGINE_F_INT_ENGINE_CONFIGURE			 188
 #define ENGINE_F_LOG_MESSAGE				 141
diff --git a/crypto/engine/tb_ecdh.c b/crypto/engine/tb_ecdh.c
index 64357157a0..ea82b61a18 100644
--- a/crypto/engine/tb_ecdh.c
+++ b/crypto/engine/tb_ecdh.c
@@ -9,19 +9,6 @@
  * The ECC Code is licensed pursuant to the OpenSSL open source
  * license provided below.
  *
- * In addition, Sun covenants to all licensees who provide a reciprocal
- * covenant with respect to their own patents if any, not to sue under
- * current and future patent claims necessarily infringed by the making,
- * using, practicing, selling, offering for sale and/or otherwise
- * disposing of the ECC Code as delivered hereunder (or portions thereof),
- * provided that such covenant shall not apply:
- *  1) for code that a licensee deletes from the ECC Code;
- *  2) separates from the ECC Code; or
- *  3) for infringements caused by:
- *       i) the modification of the ECC Code or
- *      ii) the combination of the ECC Code with other software or
- *          devices where such combination causes the infringement.
- *
  * The ECDH engine software is originally written by Nils Gura and
  * Douglas Stebila of Sun Microsystems Laboratories.
  *