This commits changes to various parts of libcrypto required by the recent

ENGINE surgery. DH, DSA, RAND, and RSA now use *both* "method" and ENGINE
pointers to manage their hooking with ENGINE. Previously their use of
"method" pointers was replaced by use of ENGINE references. See
crypto/engine/README for details.

Also, remove the ENGINE iterations from evp_test - even when the
cipher/digest code is committed in, this functionality would require a
different set of API calls.

4 files changed, 63 insertions, 93 deletions

diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
index fe2da7abe3..65d61e2bb7 100644
--- a/crypto/dh/dh.h
+++ b/crypto/dh/dh.h
@@ -68,6 +68,7 @@
 #endif
 #include <openssl/bn.h>
 #include <openssl/crypto.h>
+#include <openssl/types.h>
 	
 #define DH_FLAG_CACHE_MONT_P	0x01
 
@@ -115,11 +116,8 @@ struct dh_st
 
 	int references;
 	CRYPTO_EX_DATA ex_data;
-#if 0
-	DH_METHOD *meth;
-#else
-	struct engine_st *engine;
-#endif
+	const DH_METHOD *meth;
+	ENGINE *engine;
 	};
 
 #define DH_GENERATOR_2		2
@@ -154,15 +152,10 @@ struct dh_st
 
 const DH_METHOD *DH_OpenSSL(void);
 
-void DH_set_default_openssl_method(const DH_METHOD *meth);
-const DH_METHOD *DH_get_default_openssl_method(void);
-#if 0
-const DH_METHOD *DH_set_method(DH *dh, const DH_METHOD *meth);
-DH *DH_new_method(const DH_METHOD *meth);
-#else
-int DH_set_method(DH *dh, struct engine_st *engine);
-DH *DH_new_method(struct engine_st *engine);
-#endif
+void DH_set_default_method(const DH_METHOD *meth);
+const DH_METHOD *DH_get_default_method(void);
+int DH_set_method(DH *dh, const DH_METHOD *meth);
+DH *DH_new_method(ENGINE *engine);
 
 DH *	DH_new(void);
 void	DH_free(DH *dh);
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index 670727798e..1a0efca2c4 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -74,12 +74,12 @@ static int dh_finish(DH *dh);
 
 int DH_generate_key(DH *dh)
 	{
-	return ENGINE_get_DH(dh->engine)->generate_key(dh);
+	return dh->meth->generate_key(dh);
 	}
 
 int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
 	{
-	return ENGINE_get_DH(dh->engine)->compute_key(key, pub_key, dh);
+	return dh->meth->compute_key(key, pub_key, dh);
 	}
 
 static DH_METHOD dh_ossl = {
@@ -140,8 +140,8 @@ static int generate_key(DH *dh)
 		l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
 		if (!BN_rand(priv_key, l, 0, 0)) goto err;
 		}
-	if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, pub_key, dh->g,
-		priv_key,dh->p,ctx,mont)) goto err;
+	if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, priv_key,dh->p,ctx,mont))
+		goto err;
 		
 	dh->pub_key=pub_key;
 	dh->priv_key=priv_key;
@@ -181,8 +181,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
 		}
 
 	mont=(BN_MONT_CTX *)dh->method_mont_p;
-	if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, tmp, pub_key,
-				dh->priv_key,dh->p,ctx,mont))
+	if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont))
 		{
 		DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB);
 		goto err;
diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c
index 7804bb4fd0..73f1c249f3 100644
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -66,97 +66,67 @@ const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
 
 static const DH_METHOD *default_DH_method = NULL;
 
-void DH_set_default_openssl_method(const DH_METHOD *meth)
-{
-	ENGINE *e;
-	/* We'll need to notify the "openssl" ENGINE of this
-	 * change too. We won't bother locking things down at
-	 * our end as there was never any locking in these
-	 * functions! */
-	if(default_DH_method != meth)
-		{
-		default_DH_method = meth;
-		e = ENGINE_by_id("openssl");
-		if(e)
-			{
-			ENGINE_set_DH(e, meth);
-			ENGINE_free(e);
-			}
-		}
-}
+void DH_set_default_method(const DH_METHOD *meth)
+	{
+	default_DH_method = meth;
+	}
 
-const DH_METHOD *DH_get_default_openssl_method(void)
-{
-	if(!default_DH_method) default_DH_method = DH_OpenSSL();
+const DH_METHOD *DH_get_default_method(void)
+	{
+	if(!default_DH_method)
+		default_DH_method = DH_OpenSSL();
 	return default_DH_method;
-}
+	}
 
-#if 0
-DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth)
-{
-        DH_METHOD *mtmp;
+int DH_set_method(DH *dh, const DH_METHOD *meth)
+	{
+	/* NB: The caller is specifically setting a method, so it's not up to us
+	 * to deal with which ENGINE it comes from. */
+        const DH_METHOD *mtmp;
         mtmp = dh->meth;
         if (mtmp->finish) mtmp->finish(dh);
+	if (dh->engine)
+		{
+		ENGINE_finish(dh->engine);
+		dh->engine = NULL;
+		}
         dh->meth = meth;
         if (meth->init) meth->init(dh);
-        return mtmp;
-}
-#else
-int DH_set_method(DH *dh, ENGINE *engine)
-{
-	ENGINE *mtmp;
-	const DH_METHOD *meth;
-	mtmp = dh->engine;
-	meth = ENGINE_get_DH(mtmp);
-	if (!ENGINE_init(engine))
-		return 0;
-	if (meth->finish) meth->finish(dh);
-	dh->engine= engine;
-	meth = ENGINE_get_DH(engine);
-	if (meth->init) meth->init(dh);
-	/* SHOULD ERROR CHECK THIS!!! */
-	ENGINE_finish(mtmp);
-	return 1;
+        return 1;
 }
-#endif
 
 DH *DH_new(void)
-{
+	{
 	return DH_new_method(NULL);
-}
+	}
 
-#if 0
-DH *DH_new_method(DH_METHOD *meth)
-#else
 DH *DH_new_method(ENGINE *engine)
-#endif
 	{
-	const DH_METHOD *meth;
 	DH *ret;
-	ret=(DH *)OPENSSL_malloc(sizeof(DH));
 
+	ret=(DH *)OPENSSL_malloc(sizeof(DH));
 	if (ret == NULL)
 		{
 		DHerr(DH_F_DH_NEW,ERR_R_MALLOC_FAILURE);
 		return(NULL);
 		}
 
-	if (engine)
+	ret->meth = DH_get_default_method();
+	ret->engine = engine;
+	if(!ret->engine)
+		ret->engine = ENGINE_get_default_DH();
+	if(ret->engine)
 		{
-		if(ENGINE_init(engine))
-			ret->engine = engine;
-		else 
-			ret->engine = NULL;
-		}
-	else
-		ret->engine=ENGINE_get_default_DH();
-	if(ret->engine == NULL)
-		{
-		DHerr(DH_F_DH_NEW,ERR_LIB_ENGINE);
-		OPENSSL_free(ret);
-		return NULL;
+		ret->meth = ENGINE_get_DH(ret->engine);
+		if(!ret->meth)
+			{
+			DHerr(DH_F_DH_NEW,ERR_R_ENGINE_LIB);
+			ENGINE_finish(ret->engine);
+			OPENSSL_free(ret);
+			return NULL;
+			}
 		}
-	meth = ENGINE_get_DH(ret->engine);
+
 	ret->pad=0;
 	ret->version=0;
 	ret->p=NULL;
@@ -171,9 +141,9 @@ DH *DH_new_method(ENGINE *engine)
 	ret->counter = NULL;
 	ret->method_mont_p=NULL;
 	ret->references = 1;
-	ret->flags=meth->flags;
+	ret->flags=ret->meth->flags;
 	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
-	if ((meth->init != NULL) && !meth->init(ret))
+	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
 		{
 		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
 		OPENSSL_free(ret);
@@ -184,7 +154,6 @@ DH *DH_new_method(ENGINE *engine)
 
 void DH_free(DH *r)
 	{
-	const DH_METHOD *meth;
 	int i;
 	if(r == NULL) return;
 	i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH);
@@ -200,9 +169,10 @@ void DH_free(DH *r)
 	}
 #endif
 
-	meth = ENGINE_get_DH(r->engine);
-	if(meth->finish) meth->finish(r);
-	ENGINE_finish(r->engine);
+	if (r->meth->finish)
+		r->meth->finish(r);
+	if (r->engine)
+		ENGINE_finish(r->engine);
 
 	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data);
 
diff --git a/crypto/dh/dhtest.c b/crypto/dh/dhtest.c
index e90f255f6c..0176436a55 100644
--- a/crypto/dh/dhtest.c
+++ b/crypto/dh/dhtest.c
@@ -66,6 +66,7 @@
 #include <openssl/bio.h>
 #include <openssl/bn.h>
 #include <openssl/rand.h>
+#include <openssl/err.h>
 
 #ifdef OPENSSL_NO_DH
 int main(int argc, char *argv[])
@@ -99,6 +100,10 @@ int main(int argc, char *argv[])
 	int i,alen,blen,aout,bout,ret=1;
 	BIO *out;
 
+	CRYPTO_malloc_debug_init();
+	CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
 #ifdef OPENSSL_SYS_WIN32
 	CRYPTO_malloc_init();
 #endif
@@ -175,6 +180,9 @@ err:
 	if(b != NULL) DH_free(b);
 	if(a != NULL) DH_free(a);
 	BIO_free(out);
+	CRYPTO_cleanup_all_ex_data();
+	ERR_remove_state(0);
+	CRYPTO_mem_leaks_fp(stderr);
 	exit(ret);
 	return(ret);
 	}