Remove the CAPI engine: It is a backend for the Windows CryptoAPI and

could be maintained in an external package.

"it should probably go" beck@

8 files changed, 4 insertions, 2179 deletions

diff --git a/lib/libssl/src/crypto/engine/eng_all.c b/lib/libssl/src/crypto/engine/eng_all.c
index f3c4cd9a1c9..cf7d81d9ade 100644
--- a/lib/libssl/src/crypto/engine/eng_all.c
+++ b/lib/libssl/src/crypto/engine/eng_all.c
@@ -92,9 +92,6 @@ void ENGINE_load_builtin_engines(void)
 #ifndef OPENSSL_NO_GMP
 	ENGINE_load_gmp();
 #endif
-#if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
-	ENGINE_load_capi();
-#endif
 #endif
 	ENGINE_register_all_complete();
 	}
diff --git a/lib/libssl/src/crypto/engine/engine.h b/lib/libssl/src/crypto/engine/engine.h
index 51a18f3ee26..9f05b6d8f4a 100644
--- a/lib/libssl/src/crypto/engine/engine.h
+++ b/lib/libssl/src/crypto/engine/engine.h
@@ -317,7 +317,6 @@ void ENGINE_load_openssl(void);
 void ENGINE_load_dynamic(void);
 #ifndef OPENSSL_NO_STATIC_ENGINE
 void ENGINE_load_padlock(void);
-void ENGINE_load_capi(void);
 #ifndef OPENSSL_NO_GMP
 void ENGINE_load_gmp(void);
 #endif
diff --git a/lib/libssl/src/engines/Makefile b/lib/libssl/src/engines/Makefile
index 9e81c6c7e28..05e35869fc4 100644
--- a/lib/libssl/src/engines/Makefile
+++ b/lib/libssl/src/engines/Makefile
@@ -26,20 +26,17 @@ TEST=
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBNAMES= gmp padlock capi
+LIBNAMES= gmp padlock
 
 LIBSRC=	e_gmp.c \
-	e_padlock.c \
-	e_capi.c
+	e_padlock.c
 LIBOBJ= e_gmp.o \
-	e_padlock.o \
-	e_capi.o
+	e_padlock.o
 
 SRC= $(LIBSRC)
 
 EXHEADER= 
-HEADER=	e_gmp_err.c e_gmp_err.h \
-	e_capi_err.c e_capi_err.h
+HEADER=	e_gmp_err.c e_gmp_err.h
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
 
@@ -140,18 +137,6 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-e_capi.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-e_capi.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-e_capi.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-e_capi.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-e_capi.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-e_capi.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-e_capi.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-e_capi.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-e_capi.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
-e_capi.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-e_capi.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-e_capi.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_capi.c
 e_gmp.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 e_gmp.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 e_gmp.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
diff --git a/lib/libssl/src/engines/capierr.bat b/lib/libssl/src/engines/capierr.bat
deleted file mode 100644
index 274ffac2fe6..00000000000
--- a/lib/libssl/src/engines/capierr.bat
+++ /dev/null
@@ -1 +0,0 @@
-perl ../util/mkerr.pl -conf e_capi.ec -nostatic -staticloader -write e_capi.c
diff --git a/lib/libssl/src/engines/e_capi.c b/lib/libssl/src/engines/e_capi.c
deleted file mode 100644
index c1085b56cda..00000000000
--- a/lib/libssl/src/engines/e_capi.c
+++ /dev/null
@@ -1,1842 +0,0 @@
-/* engines/e_capi.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/buffer.h>
-#include <openssl/bn.h>
-
-#ifdef OPENSSL_SYS_WIN32
-#ifndef OPENSSL_NO_CAPIENG
-
-#include <openssl/rsa.h>
-
-#include <windows.h>
-
-#ifndef _WIN32_WINNT
-#define _WIN32_WINNT 0x0400
-#endif
-
-#include <wincrypt.h>
-
-/*
- * This module uses several "new" interfaces, among which is
- * CertGetCertificateContextProperty. CERT_KEY_PROV_INFO_PROP_ID is
- * one of possible values you can pass to function in question. By
- * checking if it's defined we can see if wincrypt.h and accompanying
- * crypt32.lib are in shape. The native MingW32 headers up to and
- * including __W32API_VERSION 3.14 lack of struct DSSPUBKEY and the
- * defines CERT_STORE_PROV_SYSTEM_A and CERT_STORE_READONLY_FLAG,
- * so we check for these too and avoid compiling.
- * Yes, it's rather "weak" test and if compilation fails,
- * then re-configure with -DOPENSSL_NO_CAPIENG.
- */
-#if defined(CERT_KEY_PROV_INFO_PROP_ID) && \
-    defined(CERT_STORE_PROV_SYSTEM_A) && \
-    defined(CERT_STORE_READONLY_FLAG)
-# define __COMPILE_CAPIENG
-#endif /* CERT_KEY_PROV_INFO_PROP_ID */
-#endif /* OPENSSL_NO_CAPIENG */
-#endif /* OPENSSL_SYS_WIN32 */
-
-#ifdef __COMPILE_CAPIENG
-
-#undef X509_EXTENSIONS
-#undef X509_CERT_PAIR
-
-/* Definitions which may be missing from earlier version of headers */
-#ifndef CERT_STORE_OPEN_EXISTING_FLAG
-#define CERT_STORE_OPEN_EXISTING_FLAG                   0x00004000
-#endif
-
-#ifndef CERT_STORE_CREATE_NEW_FLAG
-#define CERT_STORE_CREATE_NEW_FLAG                      0x00002000
-#endif
-
-#ifndef CERT_SYSTEM_STORE_CURRENT_USER
-#define CERT_SYSTEM_STORE_CURRENT_USER			0x00010000
-#endif 
-
-#include <openssl/engine.h>
-#include <openssl/pem.h>
-#include <openssl/x509v3.h>
-
-#include "e_capi_err.h"
-#include "e_capi_err.c"
-
-
-static const char *engine_capi_id = "capi";
-static const char *engine_capi_name = "CryptoAPI ENGINE";
-
-typedef struct CAPI_CTX_st CAPI_CTX;
-typedef struct CAPI_KEY_st CAPI_KEY;
-
-static void capi_addlasterror(void);
-static void capi_adderror(DWORD err);
-
-static void CAPI_trace(CAPI_CTX *ctx, char *format, ...);
-
-static int capi_list_providers(CAPI_CTX *ctx, BIO *out);
-static int capi_list_containers(CAPI_CTX *ctx, BIO *out);
-int capi_list_certs(CAPI_CTX *ctx, BIO *out, char *storename);
-void capi_free_key(CAPI_KEY *key);
-
-static PCCERT_CONTEXT capi_find_cert(CAPI_CTX *ctx, const char *id, HCERTSTORE hstore);
-
-CAPI_KEY *capi_find_key(CAPI_CTX *ctx, const char *id);
-
-static EVP_PKEY *capi_load_privkey(ENGINE *eng, const char *key_id,
-	UI_METHOD *ui_method, void *callback_data);
-static int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len,
-             unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
-static int capi_rsa_priv_enc(int flen, const unsigned char *from,
-                unsigned char *to, RSA *rsa, int padding);
-static int capi_rsa_priv_dec(int flen, const unsigned char *from,
-                unsigned char *to, RSA *rsa, int padding);
-static int capi_rsa_free(RSA *rsa);
-
-static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen,
-							DSA *dsa);
-static int capi_dsa_free(DSA *dsa);
-
-static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl,
-	STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey,
-	STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data);
-
-static int cert_select_simple(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs);
-#ifdef OPENSSL_CAPIENG_DIALOG
-static int cert_select_dialog(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs);
-#endif
-
-typedef PCCERT_CONTEXT (WINAPI *CERTDLG)(HCERTSTORE, HWND, LPCWSTR,
-						LPCWSTR, DWORD, DWORD,
-						void *);
-typedef HWND (WINAPI *GETCONSWIN)(void);
-
-/* This structure contains CAPI ENGINE specific data:
- * it contains various global options and affects how
- * other functions behave.
- */
-
-#define CAPI_DBG_TRACE	2
-#define CAPI_DBG_ERROR	1
-
-struct CAPI_CTX_st {
-	int debug_level;
-	char *debug_file;
-	/* Parameters to use for container lookup */
-	DWORD keytype;
-	LPSTR cspname;
-	DWORD csptype;
-	/* Certificate store name to use */
-	LPSTR storename;
-	LPSTR ssl_client_store;
-	/* System store flags */
-	DWORD store_flags;
-
-/* Lookup string meanings in load_private_key */
-/* Substring of subject: uses "storename" */
-#define CAPI_LU_SUBSTR		1
-/* Friendly name: uses storename */
-#define CAPI_LU_FNAME		2
-/* Container name: uses cspname, keytype */
-#define CAPI_LU_CONTNAME	3
-	int lookup_method;
-/* Info to dump with dumpcerts option */
-/* Issuer and serial name strings */
-#define CAPI_DMP_SUMMARY	0x1
-/* Friendly name */
-#define CAPI_DMP_FNAME		0x2
-/* Full X509_print dump */
-#define CAPI_DMP_FULL		0x4
-/* Dump PEM format certificate */
-#define CAPI_DMP_PEM		0x8
-/* Dump pseudo key (if possible) */
-#define CAPI_DMP_PSKEY		0x10
-/* Dump key info (if possible) */
-#define CAPI_DMP_PKEYINFO	0x20
-
-	DWORD dump_flags;
-	int (*client_cert_select)(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs);
-
-	CERTDLG certselectdlg;
-	GETCONSWIN getconswindow;
-};
-
-
-static CAPI_CTX *capi_ctx_new();
-static void capi_ctx_free(CAPI_CTX *ctx);
-static int capi_ctx_set_provname(CAPI_CTX *ctx, LPSTR pname, DWORD type, int check);
-static int capi_ctx_set_provname_idx(CAPI_CTX *ctx, int idx);
-
-#define CAPI_CMD_LIST_CERTS		ENGINE_CMD_BASE
-#define CAPI_CMD_LOOKUP_CERT		(ENGINE_CMD_BASE + 1)
-#define CAPI_CMD_DEBUG_LEVEL		(ENGINE_CMD_BASE + 2)
-#define CAPI_CMD_DEBUG_FILE		(ENGINE_CMD_BASE + 3)
-#define CAPI_CMD_KEYTYPE		(ENGINE_CMD_BASE + 4)
-#define CAPI_CMD_LIST_CSPS		(ENGINE_CMD_BASE + 5)
-#define CAPI_CMD_SET_CSP_IDX		(ENGINE_CMD_BASE + 6)
-#define CAPI_CMD_SET_CSP_NAME		(ENGINE_CMD_BASE + 7)
-#define CAPI_CMD_SET_CSP_TYPE		(ENGINE_CMD_BASE + 8)
-#define CAPI_CMD_LIST_CONTAINERS	(ENGINE_CMD_BASE + 9)
-#define CAPI_CMD_LIST_OPTIONS		(ENGINE_CMD_BASE + 10)
-#define CAPI_CMD_LOOKUP_METHOD		(ENGINE_CMD_BASE + 11)
-#define CAPI_CMD_STORE_NAME		(ENGINE_CMD_BASE + 12)
-#define CAPI_CMD_STORE_FLAGS		(ENGINE_CMD_BASE + 13)
-
-static const ENGINE_CMD_DEFN capi_cmd_defns[] = {
-	{CAPI_CMD_LIST_CERTS,
-		"list_certs",
-		"List all certificates in store",
-		ENGINE_CMD_FLAG_NO_INPUT},
-	{CAPI_CMD_LOOKUP_CERT,
-		"lookup_cert",
-		"Lookup and output certificates",
-		ENGINE_CMD_FLAG_STRING},
-	{CAPI_CMD_DEBUG_LEVEL,
-		"debug_level",
-		"debug level (1=errors, 2=trace)",
-		ENGINE_CMD_FLAG_NUMERIC},
-	{CAPI_CMD_DEBUG_FILE,
-		"debug_file",
-		"debugging filename)",
-		ENGINE_CMD_FLAG_STRING},
-	{CAPI_CMD_KEYTYPE,
-		"key_type",
-		"Key type: 1=AT_KEYEXCHANGE (default), 2=AT_SIGNATURE",
-		ENGINE_CMD_FLAG_NUMERIC},
-	{CAPI_CMD_LIST_CSPS,
-		"list_csps",
-		"List all CSPs",
-		ENGINE_CMD_FLAG_NO_INPUT},
-	{CAPI_CMD_SET_CSP_IDX,
-		"csp_idx",
-		"Set CSP by index",
-		ENGINE_CMD_FLAG_NUMERIC},
-	{CAPI_CMD_SET_CSP_NAME,
-		"csp_name",
-		"Set CSP name, (default CSP used if not specified)",
-		ENGINE_CMD_FLAG_STRING},
-	{CAPI_CMD_SET_CSP_TYPE,
-		"csp_type",
-		"Set CSP type, (default RSA_PROV_FULL)",
-		ENGINE_CMD_FLAG_NUMERIC},
-	{CAPI_CMD_LIST_CONTAINERS,
-		"list_containers",
-		"list container names",
-		ENGINE_CMD_FLAG_NO_INPUT},
-	{CAPI_CMD_LIST_OPTIONS,
-		"list_options",
-		"Set list options (1=summary,2=friendly name, 4=full printout, 8=PEM output, 16=XXX, "
-		"32=private key info)",
-		ENGINE_CMD_FLAG_NUMERIC},
-	{CAPI_CMD_LOOKUP_METHOD,
-		"lookup_method",
-		"Set key lookup method (1=substring, 2=friendlyname, 3=container name)",
-		ENGINE_CMD_FLAG_NUMERIC},
-	{CAPI_CMD_STORE_NAME,
-		"store_name",
-		"certificate store name, default \"MY\"",
-		ENGINE_CMD_FLAG_STRING},
-	{CAPI_CMD_STORE_FLAGS,
-		"store_flags",
-		"Certificate store flags: 1 = system store",
-		ENGINE_CMD_FLAG_NUMERIC},
-
-	{0, NULL, NULL, 0}
-	};
-
-static int capi_idx = -1;
-static int rsa_capi_idx = -1;
-static int dsa_capi_idx = -1;
-static int cert_capi_idx = -1;
-
-static int capi_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
-	{
-	int ret = 1;
-	CAPI_CTX *ctx;
-	BIO *out;
-	if (capi_idx == -1)
-		{
-		CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_ENGINE_NOT_INITIALIZED);
-		return 0;
-		}
-	ctx = ENGINE_get_ex_data(e, capi_idx);
-	out = BIO_new_fp(stdout, BIO_NOCLOSE);
-	switch (cmd)
-		{
-		case CAPI_CMD_LIST_CSPS:
-		ret = capi_list_providers(ctx, out);
-		break;
-
-		case CAPI_CMD_LIST_CERTS:
-		ret = capi_list_certs(ctx, out, NULL);
-		break;
-
-		case CAPI_CMD_LOOKUP_CERT:
-		ret = capi_list_certs(ctx, out, p);
-		break;
-
-		case CAPI_CMD_LIST_CONTAINERS:
-		ret = capi_list_containers(ctx, out);
-		break;
-
-		case CAPI_CMD_STORE_NAME:
-		if (ctx->storename)
-			OPENSSL_free(ctx->storename);
-		ctx->storename = BUF_strdup(p);
-		CAPI_trace(ctx, "Setting store name to %s\n", p);
-		break;
-
-		case CAPI_CMD_STORE_FLAGS:
-		if (i & 1)
-			{
-			ctx->store_flags |= CERT_SYSTEM_STORE_LOCAL_MACHINE;
-			ctx->store_flags &= ~CERT_SYSTEM_STORE_CURRENT_USER;
-			}
-		else
-			{
-			ctx->store_flags |= CERT_SYSTEM_STORE_CURRENT_USER;
-			ctx->store_flags &= ~CERT_SYSTEM_STORE_LOCAL_MACHINE;
-			}
-		CAPI_trace(ctx, "Setting flags to %d\n", i);
-		break;
-
-		case CAPI_CMD_DEBUG_LEVEL:
-		ctx->debug_level = (int)i;
-		CAPI_trace(ctx, "Setting debug level to %d\n", ctx->debug_level);
-		break;
-
-		case CAPI_CMD_DEBUG_FILE:
-		ctx->debug_file = BUF_strdup(p);
-		CAPI_trace(ctx, "Setting debug file to %s\n", ctx->debug_file);
-		break;
-
-		case CAPI_CMD_KEYTYPE:
-		ctx->keytype = i;
-		CAPI_trace(ctx, "Setting key type to %d\n", ctx->keytype);
-		break;
-
-		case CAPI_CMD_SET_CSP_IDX:
-		ret = capi_ctx_set_provname_idx(ctx, i);
-		break;
-
-		case CAPI_CMD_LIST_OPTIONS:
-		ctx->dump_flags = i;
-		break;
-
-		case CAPI_CMD_LOOKUP_METHOD:
-		if (i < 1 || i > 3)
-			{
-			CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_INVALID_LOOKUP_METHOD);
-			return 0;
-			}
-		ctx->lookup_method = i;
-		break;
-
-		case CAPI_CMD_SET_CSP_NAME:
-		ret = capi_ctx_set_provname(ctx, p, ctx->csptype, 1);
-		break;
-
-		case CAPI_CMD_SET_CSP_TYPE:
-		ctx->csptype = i;
-		break;
-
-		default:
-		CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_UNKNOWN_COMMAND);
-		ret = 0;
-	}
-
-	BIO_free(out);
-	return ret;
-
-	}
-
-static RSA_METHOD capi_rsa_method =
-	{
-	"CryptoAPI RSA method",
-	0,				/* pub_enc */
-	0,				/* pub_dec */
-	capi_rsa_priv_enc,		/* priv_enc */
-	capi_rsa_priv_dec,		/* priv_dec */
-	0,				/* rsa_mod_exp */
-	0,				/* bn_mod_exp */
-	0,				/* init	*/
-	capi_rsa_free,			/* finish */
-	RSA_FLAG_SIGN_VER, 		/* flags */
-	NULL,				/* app_data */
-	capi_rsa_sign,			/* rsa_sign */
-	0				/* rsa_verify */
-	};
-
-static DSA_METHOD capi_dsa_method =
-	{
-	"CryptoAPI DSA method",
-	capi_dsa_do_sign,		/* dsa_do_sign */
-	0,				/* dsa_sign_setup */
-	0,				/* dsa_do_verify */
-	0,				/* dsa_mod_exp */
-	0,				/* bn_mod_exp */
-	0,				/* init	*/
-	capi_dsa_free,			/* finish */
-	0, 				/* flags */
-	NULL,				/* app_data */
-	0,				/* dsa_paramgen */
-	0				/* dsa_keygen */
-	};
-
-static int capi_init(ENGINE *e)
-	{
-	CAPI_CTX *ctx;
-	const RSA_METHOD *ossl_rsa_meth;
-	const DSA_METHOD *ossl_dsa_meth;
-
-	if (capi_idx < 0)
-		{
-		capi_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, 0);
-		if (capi_idx < 0)
-			goto memerr;
-
-		cert_capi_idx = X509_get_ex_new_index(0, NULL, NULL, NULL, 0);
-
-		/* Setup RSA_METHOD */
-		rsa_capi_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
-		ossl_rsa_meth = RSA_PKCS1_SSLeay();
-		capi_rsa_method.rsa_pub_enc = ossl_rsa_meth->rsa_pub_enc;
-		capi_rsa_method.rsa_pub_dec = ossl_rsa_meth->rsa_pub_dec;
-		capi_rsa_method.rsa_mod_exp = ossl_rsa_meth->rsa_mod_exp;
-		capi_rsa_method.bn_mod_exp = ossl_rsa_meth->bn_mod_exp;
-
-		/* Setup DSA Method */
-		dsa_capi_idx = DSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
-		ossl_dsa_meth = DSA_OpenSSL();
-		capi_dsa_method.dsa_do_verify = ossl_dsa_meth->dsa_do_verify;
-		capi_dsa_method.dsa_mod_exp = ossl_dsa_meth->dsa_mod_exp;
-		capi_dsa_method.bn_mod_exp = ossl_dsa_meth->bn_mod_exp;
-		}
-
-	ctx = capi_ctx_new();
-	if (!ctx)
-		goto memerr;
-
-	ENGINE_set_ex_data(e, capi_idx, ctx);
-
-#ifdef OPENSSL_CAPIENG_DIALOG
-	{
-	HMODULE cryptui = LoadLibrary(TEXT("CRYPTUI.DLL"));
-	HMODULE kernel = GetModuleHandle(TEXT("KERNEL32.DLL"));
-	if (cryptui)
-		ctx->certselectdlg = (CERTDLG)GetProcAddress(cryptui, "CryptUIDlgSelectCertificateFromStore");
-	if (kernel)
-		ctx->getconswindow = (GETCONSWIN)GetProcAddress(kernel, "GetConsoleWindow");
-	if (cryptui && !OPENSSL_isservice())
-		ctx->client_cert_select = cert_select_dialog;
-	}
-#endif
-		
-
-	return 1;
-
-	memerr:
-	CAPIerr(CAPI_F_CAPI_INIT, ERR_R_MALLOC_FAILURE);
-	return 0;
-
-	return 1;
-	}
-
-static int capi_destroy(ENGINE *e)
-	{
-	ERR_unload_CAPI_strings();
-	return 1;
-	}
-
-static int capi_finish(ENGINE *e)
-	{
-	CAPI_CTX *ctx;
-	ctx = ENGINE_get_ex_data(e, capi_idx);
-	capi_ctx_free(ctx);
-	ENGINE_set_ex_data(e, capi_idx, NULL);
-	return 1;
-	}
-
-
-/* CryptoAPI key application data. This contains
- * a handle to the private key container (for sign operations)
- * and a handle to the key (for decrypt operations).
- */
-
-struct CAPI_KEY_st
-	{
-	/* Associated certificate context (if any) */
-	PCCERT_CONTEXT pcert;
-	HCRYPTPROV hprov;
-	HCRYPTKEY key;
-	DWORD keyspec;
-	};
-
-static int bind_capi(ENGINE *e)
-	{
-	if (!ENGINE_set_id(e, engine_capi_id)
-		|| !ENGINE_set_name(e, engine_capi_name)
-		|| !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL)
-		|| !ENGINE_set_init_function(e, capi_init)
-		|| !ENGINE_set_finish_function(e, capi_finish)
-		|| !ENGINE_set_destroy_function(e, capi_destroy)
-		|| !ENGINE_set_RSA(e, &capi_rsa_method)
-		|| !ENGINE_set_DSA(e, &capi_dsa_method)
-		|| !ENGINE_set_load_privkey_function(e, capi_load_privkey)
-		|| !ENGINE_set_load_ssl_client_cert_function(e,
-						capi_load_ssl_client_cert)
-		|| !ENGINE_set_cmd_defns(e, capi_cmd_defns)
-		|| !ENGINE_set_ctrl_function(e, capi_ctrl))
-			return 0;
-	ERR_load_CAPI_strings();
-
-	return 1;
-
-	}
-
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-static int bind_helper(ENGINE *e, const char *id)
-	{
-	if(id && (strcmp(id, engine_capi_id) != 0))
-		return 0;
-	if(!bind_capi(e))
-		return 0;
-	return 1;
-	}       
-IMPLEMENT_DYNAMIC_CHECK_FN()
-IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
-#else
-static ENGINE *engine_capi(void)
-	{
-	ENGINE *ret = ENGINE_new();
-	if(!ret)
-		return NULL;
-	if(!bind_capi(ret))
-		{
-		ENGINE_free(ret);
-		return NULL;
-		}
-	return ret;
-	}
-
-void ENGINE_load_capi(void)
-	{
-	/* Copied from eng_[openssl|dyn].c */
-	ENGINE *toadd = engine_capi();
-	if(!toadd) return;
-	ENGINE_add(toadd);
-	ENGINE_free(toadd);
-	ERR_clear_error();
-	}
-#endif
-
-
-static int lend_tobn(BIGNUM *bn, unsigned char *bin, int binlen)
-	{
-	int i;
-	/* Reverse buffer in place: since this is a keyblob structure
-	 * that will be freed up after conversion anyway it doesn't 
-	 * matter if we change it.
-	 */
-	for(i = 0; i < binlen / 2; i++)
-		{
-		unsigned char c;
-		c = bin[i];
-		bin[i] = bin[binlen - i - 1];
-		bin[binlen - i - 1] = c;
-		}
-
-	if (!BN_bin2bn(bin, binlen, bn))
-		return 0;
-	return 1;
-	}
-
-/* Given a CAPI_KEY get an EVP_PKEY structure */
-
-static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY *key)
-	{
-	unsigned char *pubkey = NULL;
-	DWORD len;
-	BLOBHEADER *bh;
-	RSA *rkey = NULL;
-	DSA *dkey = NULL;
-	EVP_PKEY *ret = NULL;
-	if (!CryptExportKey(key->key, 0, PUBLICKEYBLOB, 0, NULL, &len))
-		{
-		CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR);
-		capi_addlasterror();
-		return NULL;
-		}
-
-	pubkey = OPENSSL_malloc(len);
-
-	if (!pubkey)
-		goto memerr;
-
-	if (!CryptExportKey(key->key, 0, PUBLICKEYBLOB, 0, pubkey, &len))
-		{
-		CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_PUBKEY_EXPORT_ERROR);
-		capi_addlasterror();
-		goto err;
-		}
-
-	bh = (BLOBHEADER *)pubkey;
-	if (bh->bType != PUBLICKEYBLOB)
-		{
-		CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_PUBLIC_KEY_BLOB);
-		goto err;
-		}
-	if (bh->aiKeyAlg == CALG_RSA_SIGN || bh->aiKeyAlg == CALG_RSA_KEYX)
-		{
-		RSAPUBKEY *rp;
-		DWORD rsa_modlen;
-		unsigned char *rsa_modulus;
-		rp = (RSAPUBKEY *)(bh + 1);
-		if (rp->magic != 0x31415352)
-			{
-			char magstr[10];
-			BIO_snprintf(magstr, 10, "%lx", rp->magic);
-			CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER);
-			ERR_add_error_data(2, "magic=0x", magstr);
-			goto err;
-			}
-		rsa_modulus = (unsigned char *)(rp + 1);
-		rkey = RSA_new_method(eng);
-		if (!rkey)
-			goto memerr;
-
-		rkey->e = BN_new();
-		rkey->n = BN_new();
-
-		if (!rkey->e || !rkey->n)
-			goto memerr;
-
-		if (!BN_set_word(rkey->e, rp->pubexp))
-			goto memerr;
-
-		rsa_modlen = rp->bitlen / 8;
-		if (!lend_tobn(rkey->n, rsa_modulus, rsa_modlen))
-			goto memerr;
-
-		RSA_set_ex_data(rkey, rsa_capi_idx, key);
-
-		if (!(ret = EVP_PKEY_new()))
-			goto memerr;
-
-		EVP_PKEY_assign_RSA(ret, rkey);
-		rkey = NULL;
-
-		}
-	else if (bh->aiKeyAlg == CALG_DSS_SIGN)
-		{
-		DSSPUBKEY *dp;
-		DWORD dsa_plen;
-		unsigned char *btmp;
-		dp = (DSSPUBKEY *)(bh + 1);
-		if (dp->magic != 0x31535344)
-			{
-			char magstr[10];
-			BIO_snprintf(magstr, 10, "%lx", dp->magic);
-			CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER);
-			ERR_add_error_data(2, "magic=0x", magstr);
-			goto err;
-			}
-		dsa_plen = dp->bitlen / 8;
-		btmp = (unsigned char *)(dp + 1);
-		dkey = DSA_new_method(eng);
-		if (!dkey)
-			goto memerr;
-		dkey->p = BN_new();
-		dkey->q = BN_new();
-		dkey->g = BN_new();
-		dkey->pub_key = BN_new();
-		if (!dkey->p || !dkey->q || !dkey->g || !dkey->pub_key)
-			goto memerr;
-		if (!lend_tobn(dkey->p, btmp, dsa_plen))
-			goto memerr;
-		btmp += dsa_plen;
-		if (!lend_tobn(dkey->q, btmp, 20))
-			goto memerr;
-		btmp += 20;
-		if (!lend_tobn(dkey->g, btmp, dsa_plen))
-			goto memerr;
-		btmp += dsa_plen;
-		if (!lend_tobn(dkey->pub_key, btmp, dsa_plen))
-			goto memerr;
-		btmp += dsa_plen;
-
-		DSA_set_ex_data(dkey, dsa_capi_idx, key);
-
-		if (!(ret = EVP_PKEY_new()))
-			goto memerr;
-
-		EVP_PKEY_assign_DSA(ret, dkey);
-		dkey = NULL;
-		}
-	else
-		{
-		char algstr[10];
-		BIO_snprintf(algstr, 10, "%lx", bh->aiKeyAlg);
-		CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM);
-		ERR_add_error_data(2, "aiKeyAlg=0x", algstr);
-		goto err;
-		}
-
-
-	err:
-	if (pubkey)
-		OPENSSL_free(pubkey);
-	if (!ret)
-		{
-		if (rkey)
-			RSA_free(rkey);
-		if (dkey)
-			DSA_free(dkey);
-		}
-
-	return ret;
-
-memerr:
-	CAPIerr(CAPI_F_CAPI_GET_PKEY, ERR_R_MALLOC_FAILURE);
-	goto err;
-
-	}
-
-static EVP_PKEY *capi_load_privkey(ENGINE *eng, const char *key_id,
-	UI_METHOD *ui_method, void *callback_data)
-	{
-	CAPI_CTX *ctx;
-	CAPI_KEY *key;
-	EVP_PKEY *ret;
-	ctx = ENGINE_get_ex_data(eng, capi_idx);
-
-	if (!ctx)
-		{
-		CAPIerr(CAPI_F_CAPI_LOAD_PRIVKEY, CAPI_R_CANT_FIND_CAPI_CONTEXT);
-		return NULL;
-		}
-
-	key = capi_find_key(ctx, key_id);
-
-	if (!key)
-		return NULL;
-
-	ret = capi_get_pkey(eng, key);
-
-	if (!ret)
-		capi_free_key(key);
-	return ret;
-
-	}
-
-/* CryptoAPI RSA operations */
-
-int capi_rsa_priv_enc(int flen, const unsigned char *from,
-                unsigned char *to, RSA *rsa, int padding)
-	{
-	CAPIerr(CAPI_F_CAPI_RSA_PRIV_ENC, CAPI_R_FUNCTION_NOT_SUPPORTED);
-	return -1;
-	}
-
-int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len,
-             unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
-	{
-	ALG_ID alg;
-	HCRYPTHASH hash;
-	DWORD slen;
-	unsigned int i;
-	int ret = -1;
-	CAPI_KEY *capi_key;
-	CAPI_CTX *ctx;
-
-	ctx = ENGINE_get_ex_data(rsa->engine, capi_idx);
-
-	CAPI_trace(ctx, "Called CAPI_rsa_sign()\n");
-
-	capi_key = RSA_get_ex_data(rsa, rsa_capi_idx);
-	if (!capi_key)
-		{
-		CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_GET_KEY);
-		return -1;
-		}
-/* Convert the signature type to a CryptoAPI algorithm ID */
-	switch(dtype)
-		{
-	case NID_sha1:
-		alg = CALG_SHA1;
-		break;
-
-	case NID_md5:
-		alg = CALG_MD5;
-		break;
-
-	case NID_md5_sha1:
-		alg = CALG_SSL3_SHAMD5;
-		break;
-	default:
-		{
-		char algstr[10];
-		BIO_snprintf(algstr, 10, "%lx", dtype);
-		CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_UNSUPPORTED_ALGORITHM_NID);
-		ERR_add_error_data(2, "NID=0x", algstr);
-		return -1;
-		}
-	}
-
-
-
-/* Create the hash object */
-	if(!CryptCreateHash(capi_key->hprov, alg, 0, 0, &hash))
-		{
-		CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_CREATE_HASH_OBJECT);
-		capi_addlasterror();
-		return -1;
-		}
-/* Set the hash value to the value passed */
-
-	if(!CryptSetHashParam(hash, HP_HASHVAL, (unsigned char *)m, 0))
-		{
-		CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_SET_HASH_VALUE);
-		capi_addlasterror();
-		goto err;
-		}
-
-
-/* Finally sign it */
-	slen = RSA_size(rsa);
-	if(!CryptSignHashA(hash, capi_key->keyspec, NULL, 0, sigret, &slen))
-		{
-		CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_ERROR_SIGNING_HASH);
-		capi_addlasterror();
-		goto err;
-		}
-	else
-		{
-		ret = 1;
-		/* Inplace byte reversal of signature */
-		for(i = 0; i < slen / 2; i++)
-			{
-			unsigned char c;
-			c = sigret[i];
-			sigret[i] = sigret[slen - i - 1];
-			sigret[slen - i - 1] = c;
-			}
-		*siglen = slen;
-		}
-
-	/* Now cleanup */
-
-err:
-	CryptDestroyHash(hash);
-
-	return ret;
-	}
-
-int capi_rsa_priv_dec(int flen, const unsigned char *from,
-                unsigned char *to, RSA *rsa, int padding)
-	{
-	int i;
-	unsigned char *tmpbuf;
-	CAPI_KEY *capi_key;
-	CAPI_CTX *ctx;
-	ctx = ENGINE_get_ex_data(rsa->engine, capi_idx);
-
-	CAPI_trace(ctx, "Called capi_rsa_priv_dec()\n");
-
-
-	capi_key = RSA_get_ex_data(rsa, rsa_capi_idx);
-	if (!capi_key)
-		{
-		CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_CANT_GET_KEY);
-		return -1;
-		}
-
-	if(padding != RSA_PKCS1_PADDING)
-		{
-		char errstr[10];
-		BIO_snprintf(errstr, 10, "%d", padding);
-		CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_UNSUPPORTED_PADDING);
-		ERR_add_error_data(2, "padding=", errstr);
-		return -1;
-		}
-
-	/* Create temp reverse order version of input */
-	if(!(tmpbuf = OPENSSL_malloc(flen)) ) 
-		{
-		CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, ERR_R_MALLOC_FAILURE);
-		return -1;
-		}
-	for(i = 0; i < flen; i++)
-		tmpbuf[flen - i - 1] = from[i];
-	
-	/* Finally decrypt it */
-	if(!CryptDecrypt(capi_key->key, 0, TRUE, 0, tmpbuf, &flen))
-		{
-		CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_DECRYPT_ERROR);
-		capi_addlasterror();
-		OPENSSL_free(tmpbuf);
-		return -1;
-		} 
-	else memcpy(to, tmpbuf, flen);
-
-	OPENSSL_free(tmpbuf);
-
-	return flen;
-	}
-
-static int capi_rsa_free(RSA *rsa)
-	{
-	CAPI_KEY *capi_key;
-	capi_key = RSA_get_ex_data(rsa, rsa_capi_idx);
-	capi_free_key(capi_key);
-	RSA_set_ex_data(rsa, rsa_capi_idx, 0);
-	return 1;
-	}
-
-/* CryptoAPI DSA operations */
-
-static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen,
-								DSA *dsa)
-	{
-	HCRYPTHASH hash;
-	DWORD slen;
-	DSA_SIG *ret = NULL;
-	CAPI_KEY *capi_key;
-	CAPI_CTX *ctx;
-	unsigned char csigbuf[40];
-
-	ctx = ENGINE_get_ex_data(dsa->engine, capi_idx);
-
-	CAPI_trace(ctx, "Called CAPI_dsa_do_sign()\n");
-
-	capi_key = DSA_get_ex_data(dsa, dsa_capi_idx);
-
-	if (!capi_key)
-		{
-		CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_CANT_GET_KEY);
-		return NULL;
-		}
-
-	if (dlen != 20)
-		{
-		CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_INVALID_DIGEST_LENGTH);
-		return NULL;
-		}
-
-	/* Create the hash object */
-	if(!CryptCreateHash(capi_key->hprov, CALG_SHA1, 0, 0, &hash))
-		{
-		CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_CANT_CREATE_HASH_OBJECT);
-		capi_addlasterror();
-		return NULL;
-		}
-
-	/* Set the hash value to the value passed */
-	if(!CryptSetHashParam(hash, HP_HASHVAL, (unsigned char *)digest, 0))
-		{
-		CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_CANT_SET_HASH_VALUE);
-		capi_addlasterror();
-		goto err;
-		}
-
-
-	/* Finally sign it */
-	slen = sizeof(csigbuf);
-	if(!CryptSignHashA(hash, capi_key->keyspec, NULL, 0, csigbuf, &slen))
-		{
-		CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_ERROR_SIGNING_HASH);
-		capi_addlasterror();
-		goto err;
-		}
-	else
-		{
-		ret = DSA_SIG_new();
-		if (!ret)
-			goto err;
-		ret->r = BN_new();
-		ret->s = BN_new();
-		if (!ret->r || !ret->s)
-			goto err;
-		if (!lend_tobn(ret->r, csigbuf, 20)
-			|| !lend_tobn(ret->s, csigbuf + 20, 20))
-			{
-			DSA_SIG_free(ret);
-			ret = NULL;
-			goto err;
-			}
-		}
-
-	/* Now cleanup */
-
-err:
-	OPENSSL_cleanse(csigbuf, 40);
-	CryptDestroyHash(hash);
-	return ret;
-	}
-
-static int capi_dsa_free(DSA *dsa)
-	{
-	CAPI_KEY *capi_key;
-	capi_key = DSA_get_ex_data(dsa, dsa_capi_idx);
-	capi_free_key(capi_key);
-	DSA_set_ex_data(dsa, dsa_capi_idx, 0);
-	return 1;
-	}
-
-static void capi_vtrace(CAPI_CTX *ctx, int level, char *format, va_list argptr)
-	{
-	BIO *out;
-
-	if (!ctx || (ctx->debug_level < level) || (!ctx->debug_file))
-		return;
-	out = BIO_new_file(ctx->debug_file, "a+");
-	BIO_vprintf(out, format, argptr);
-	BIO_free(out);
-	}
-
-static void CAPI_trace(CAPI_CTX *ctx, char *format, ...)
-	{
-	va_list args;
-	va_start(args, format);
-	capi_vtrace(ctx, CAPI_DBG_TRACE, format, args);
-	va_end(args);
-	}
-
-static void capi_addlasterror(void)
-	{
-	capi_adderror(GetLastError());
-	}
-
-static void capi_adderror(DWORD err)
-	{
-	char errstr[10];
-	BIO_snprintf(errstr, 10, "%lX", err);
-	ERR_add_error_data(2, "Error code= 0x", errstr);
-	}
-
-static char *wide_to_asc(LPWSTR wstr)
-	{
-	char *str;
-	int len_0,sz;
-
-	if (!wstr)
-		return NULL;
-	len_0 = (int)wcslen(wstr)+1;	/* WideCharToMultiByte expects int */
-        sz = WideCharToMultiByte(CP_ACP,0,wstr,len_0,NULL,0,NULL,NULL);
-	if (!sz)
-		{
-		CAPIerr(CAPI_F_WIDE_TO_ASC, CAPI_R_WIN32_ERROR);
-		return NULL;
-		}
-	str = OPENSSL_malloc(sz);
-	if (!str)
-		{
-		CAPIerr(CAPI_F_WIDE_TO_ASC, ERR_R_MALLOC_FAILURE);
-		return NULL;
-		}
-	if (!WideCharToMultiByte(CP_ACP,0,wstr,len_0,str,sz,NULL,NULL))
-		{
-		OPENSSL_free(str);
-		CAPIerr(CAPI_F_WIDE_TO_ASC, CAPI_R_WIN32_ERROR);
-		return NULL;
-		}
-	return str;
-	}
-
-static int capi_get_provname(CAPI_CTX *ctx, LPSTR *pname, DWORD *ptype, DWORD idx)
-	{
-	LPSTR name;
-	DWORD len, err;
-	CAPI_trace(ctx, "capi_get_provname, index=%d\n", idx);
-	if (!CryptEnumProvidersA(idx, NULL, 0, ptype, NULL, &len))
-		{
-		err = GetLastError();
-		if (err == ERROR_NO_MORE_ITEMS)
-			return 2;
-		CAPIerr(CAPI_F_CAPI_GET_PROVNAME, CAPI_R_CRYPTENUMPROVIDERS_ERROR);
-		capi_adderror(err);
-		return 0;
-		}
-	name = OPENSSL_malloc(len);
-	if (!CryptEnumProvidersA(idx, NULL, 0, ptype, name, &len))
-		{
-		err = GetLastError();
-		if (err == ERROR_NO_MORE_ITEMS)
-			return 2;
-		CAPIerr(CAPI_F_CAPI_GET_PROVNAME, CAPI_R_CRYPTENUMPROVIDERS_ERROR);
-		capi_adderror(err);
-		return 0;
-		}
-	*pname = name;
-	CAPI_trace(ctx, "capi_get_provname, returned name=%s, type=%d\n", name, *ptype);
-
-	return 1;
-	}
-
-static int capi_list_providers(CAPI_CTX *ctx, BIO *out)
-	{
-	DWORD idx, ptype;
-	int ret;
-	LPSTR provname = NULL;
-	CAPI_trace(ctx, "capi_list_providers\n");
-	BIO_printf(out, "Available CSPs:\n");
-	for(idx = 0; ; idx++)
-		{
-		ret = capi_get_provname(ctx, &provname, &ptype, idx);
-		if (ret == 2)
-			break;
-		if (ret == 0)
-			break;
-		BIO_printf(out, "%d. %s, type %d\n", idx, provname, ptype);
-		OPENSSL_free(provname);
-		}
-	return 1;
-	}
-
-static int capi_list_containers(CAPI_CTX *ctx, BIO *out)
-	{
-	int ret = 1;
-	HCRYPTPROV hprov;
-	DWORD err, idx, flags, buflen = 0, clen;
-	LPSTR cname;
-	CAPI_trace(ctx, "Listing containers CSP=%s, type = %d\n", ctx->cspname, ctx->csptype);
-	if (!CryptAcquireContextA(&hprov, NULL, ctx->cspname, ctx->csptype, CRYPT_VERIFYCONTEXT))
-		{
-		CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
-		capi_addlasterror();
-		return 0;
-		}
-	if (!CryptGetProvParam(hprov, PP_ENUMCONTAINERS, NULL, &buflen, CRYPT_FIRST))
-		{
-		CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_ENUMCONTAINERS_ERROR);
-		capi_addlasterror();
-		CryptReleaseContext(hprov, 0);
-		return 0;
-		}
-	CAPI_trace(ctx, "Got max container len %d\n", buflen);
-	if (buflen == 0)
-		buflen = 1024;
-	cname = OPENSSL_malloc(buflen);
-	if (!cname)
-		{
-		CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	for (idx = 0;;idx++)
-		{
-		clen = buflen;
-		cname[0] = 0;
-
-		if (idx == 0)
-			flags = CRYPT_FIRST;
-		else
-			flags = 0;
-		if(!CryptGetProvParam(hprov, PP_ENUMCONTAINERS, cname, &clen, flags))
-			{
-			err = GetLastError();
-			if (err == ERROR_NO_MORE_ITEMS)
-				goto done;
-			CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_ENUMCONTAINERS_ERROR);
-			capi_adderror(err);
-			goto err;
-			}
-		CAPI_trace(ctx, "Container name %s, len=%d, index=%d, flags=%d\n", cname, clen, idx, flags);
-		if (!cname[0] && (clen == buflen))
-			{
-			CAPI_trace(ctx, "Enumerate bug: using workaround\n");
-			goto done;
-			}
-		BIO_printf(out, "%d. %s\n", idx, cname);
-		}
-	err:
-
-	ret = 0;
-
-	done:
-	if (cname)
-		OPENSSL_free(cname);
-	CryptReleaseContext(hprov, 0);
-
-	return ret;
-	}
-
-CRYPT_KEY_PROV_INFO *capi_get_prov_info(CAPI_CTX *ctx, PCCERT_CONTEXT cert)
-	{
-	DWORD len;
-	CRYPT_KEY_PROV_INFO *pinfo;
-	
-	if(!CertGetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID, NULL, &len))
-		return NULL;
-	pinfo = OPENSSL_malloc(len);
-	if (!pinfo)
-		{
-		CAPIerr(CAPI_F_CAPI_GET_PROV_INFO, ERR_R_MALLOC_FAILURE);
-		return NULL;
-		}
-	if(!CertGetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID, pinfo, &len))
-		{
-		CAPIerr(CAPI_F_CAPI_GET_PROV_INFO, CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO);
-		capi_addlasterror();
-		OPENSSL_free(pinfo);
-		return NULL;
-		}
-	return pinfo;
-	}
-
-static void capi_dump_prov_info(CAPI_CTX *ctx, BIO *out, CRYPT_KEY_PROV_INFO *pinfo)
-	{
-	char *provname = NULL, *contname = NULL;
-	if (!pinfo)
-		{
-		BIO_printf(out, "  No Private Key\n");
-		return;
-		}
-	provname = wide_to_asc(pinfo->pwszProvName);
-	contname = wide_to_asc(pinfo->pwszContainerName);
-	if (!provname || !contname)
-		goto err;
-
-	BIO_printf(out, "  Private Key Info:\n");
-	BIO_printf(out, "    Provider Name:  %s, Provider Type %d\n", provname, pinfo->dwProvType);
-	BIO_printf(out, "    Container Name: %s, Key Type %d\n", contname, pinfo->dwKeySpec);
-	err:
-	if (provname)
-		OPENSSL_free(provname);
-	if (contname)
-		OPENSSL_free(contname);
-	}
-
-char * capi_cert_get_fname(CAPI_CTX *ctx, PCCERT_CONTEXT cert)
-	{
-	LPWSTR wfname;
-	DWORD dlen;
-
-	CAPI_trace(ctx, "capi_cert_get_fname\n");
-	if (!CertGetCertificateContextProperty(cert, CERT_FRIENDLY_NAME_PROP_ID, NULL, &dlen))
-		return NULL;
-	wfname = OPENSSL_malloc(dlen);
-	if (CertGetCertificateContextProperty(cert, CERT_FRIENDLY_NAME_PROP_ID, wfname, &dlen))
-		{
-		char *fname = wide_to_asc(wfname);
-		OPENSSL_free(wfname);
-		return fname;
-		}
-	CAPIerr(CAPI_F_CAPI_CERT_GET_FNAME, CAPI_R_ERROR_GETTING_FRIENDLY_NAME);
-	capi_addlasterror();
-
-	OPENSSL_free(wfname);
-	return NULL;
-	}
-
-
-void capi_dump_cert(CAPI_CTX *ctx, BIO *out, PCCERT_CONTEXT cert)
-	{
-	X509 *x;
-	unsigned char *p;
-	unsigned long flags = ctx->dump_flags;
-	if (flags & CAPI_DMP_FNAME)
-		{
-		char *fname;
-		fname = capi_cert_get_fname(ctx, cert);
-		if (fname)
-			{
-			BIO_printf(out, "  Friendly Name \"%s\"\n", fname);
-			OPENSSL_free(fname);
-			}
-		else
-			BIO_printf(out, "  <No Friendly Name>\n");
-		}
-
-	p = cert->pbCertEncoded;
-	x = d2i_X509(NULL, &p, cert->cbCertEncoded);
-	if (!x)
-		BIO_printf(out, "  <Can't parse certificate>\n");
-	if (flags & CAPI_DMP_SUMMARY)
-		{
-		BIO_printf(out, "  Subject: ");
-		X509_NAME_print_ex(out, X509_get_subject_name(x), 0, XN_FLAG_ONELINE);
-		BIO_printf(out, "\n  Issuer: ");
-		X509_NAME_print_ex(out, X509_get_issuer_name(x), 0, XN_FLAG_ONELINE);
-		BIO_printf(out, "\n");
-		}
-	if (flags & CAPI_DMP_FULL)
-		X509_print_ex(out, x, XN_FLAG_ONELINE,0);
-
-	if (flags & CAPI_DMP_PKEYINFO)
-		{
-		CRYPT_KEY_PROV_INFO *pinfo;
-		pinfo = capi_get_prov_info(ctx, cert);
-		capi_dump_prov_info(ctx, out, pinfo);
-		if (pinfo)
-			OPENSSL_free(pinfo);
-		}
-
-	if (flags & CAPI_DMP_PEM)
-		PEM_write_bio_X509(out, x);
-	X509_free(x);
-	}
-
-HCERTSTORE capi_open_store(CAPI_CTX *ctx, char *storename)
-	{
-	HCERTSTORE hstore;
-
-	if (!storename)
-		storename = ctx->storename;
-	if (!storename)
-		storename = "MY";
-	CAPI_trace(ctx, "Opening certificate store %s\n", storename);
-
-	hstore = CertOpenStore(CERT_STORE_PROV_SYSTEM_A, 0, 0, 
-				ctx->store_flags, storename);
-	if (!hstore)
-		{
-		CAPIerr(CAPI_F_CAPI_OPEN_STORE, CAPI_R_ERROR_OPENING_STORE);
-		capi_addlasterror();
-		}
-	return hstore;
-	}
-
-int capi_list_certs(CAPI_CTX *ctx, BIO *out, char *id)
-	{
-	char *storename;
-	int idx;
-	int ret = 1;
-	HCERTSTORE hstore;
-	PCCERT_CONTEXT cert = NULL;
-
-	storename = ctx->storename;
-	if (!storename)
-		storename = "MY";
-	CAPI_trace(ctx, "Listing certs for store %s\n", storename);
-
-	hstore = capi_open_store(ctx, storename);
-	if (!hstore)
-		return 0;
-	if (id)
-		{
-		cert = capi_find_cert(ctx, id, hstore);
-		if (!cert)
-			{
-			ret = 0;
-			goto err;
-			}
-		capi_dump_cert(ctx, out, cert);
-		CertFreeCertificateContext(cert);
-		}
-	else
-		{
-		for(idx = 0;;idx++)
-			{
-			LPWSTR fname = NULL;
-			cert = CertEnumCertificatesInStore(hstore, cert);
-			if (!cert)
-				break;
-			BIO_printf(out, "Certificate %d\n", idx);
-			capi_dump_cert(ctx, out, cert);
-			}
-		}
-	err:
-	CertCloseStore(hstore, 0);
-	return ret;
-	}
-
-static PCCERT_CONTEXT capi_find_cert(CAPI_CTX *ctx, const char *id, HCERTSTORE hstore)
-	{
-	PCCERT_CONTEXT cert = NULL;
-	char *fname = NULL;
-	int match;
-	switch(ctx->lookup_method)
-		{
-		case CAPI_LU_SUBSTR:
-			return CertFindCertificateInStore(hstore,
-					X509_ASN_ENCODING, 0,
-					CERT_FIND_SUBJECT_STR_A, id, NULL);
-		case CAPI_LU_FNAME:
-			for(;;)
-				{
-				cert = CertEnumCertificatesInStore(hstore, cert);
-				if (!cert)
-					return NULL;
-				fname = capi_cert_get_fname(ctx, cert);
-				if (fname)
-					{
-					if (strcmp(fname, id))
-						match = 0;
-					else
-						match = 1;
-					OPENSSL_free(fname);
-					if (match)
-						return cert;
-					}
-				}
-		default:
-			return NULL;
-		}
-	}
-
-static CAPI_KEY *capi_get_key(CAPI_CTX *ctx, const char *contname, char *provname, DWORD ptype, DWORD keyspec)
-	{
-	CAPI_KEY *key;
-    DWORD dwFlags = 0; 
-	key = OPENSSL_malloc(sizeof(CAPI_KEY));
-	CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n", 
-						contname, provname, ptype);
-    if(ctx->store_flags & CERT_SYSTEM_STORE_LOCAL_MACHINE)
-        dwFlags = CRYPT_MACHINE_KEYSET;
-    if (!CryptAcquireContextA(&key->hprov, contname, provname, ptype, dwFlags)) 
-		{
-		CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
-		capi_addlasterror();
-		goto err;
-		}
-	if (!CryptGetUserKey(key->hprov, keyspec, &key->key))
-		{
-		CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_GETUSERKEY_ERROR);
-		capi_addlasterror();
-		CryptReleaseContext(key->hprov, 0);
-		goto err;
-		}
-	key->keyspec = keyspec;
-	key->pcert = NULL;
-	return key;
-
-	err:
-	OPENSSL_free(key);
-	return NULL;
-	}
-
-static CAPI_KEY *capi_get_cert_key(CAPI_CTX *ctx, PCCERT_CONTEXT cert)
-	{
-	CAPI_KEY *key = NULL;
-	CRYPT_KEY_PROV_INFO *pinfo = NULL;
-	char *provname = NULL, *contname = NULL;
-	pinfo = capi_get_prov_info(ctx, cert);
-	if (!pinfo)
-		goto err;
-	provname = wide_to_asc(pinfo->pwszProvName);
-	contname = wide_to_asc(pinfo->pwszContainerName);
-	if (!provname || !contname)
-		goto err;
-	key = capi_get_key(ctx, contname, provname,
-				pinfo->dwProvType, pinfo->dwKeySpec);
-
-	err:
-	if (pinfo)
-		OPENSSL_free(pinfo);
-	if (provname)
-		OPENSSL_free(provname);
-	if (contname)
-		OPENSSL_free(contname);
-	return key;
-	}
-
-CAPI_KEY *capi_find_key(CAPI_CTX *ctx, const char *id)
-	{
-	PCCERT_CONTEXT cert;
-	HCERTSTORE hstore;
-	CAPI_KEY *key = NULL;
-	switch (ctx->lookup_method)
-		{
-		case CAPI_LU_SUBSTR:
-		case CAPI_LU_FNAME:
-		hstore = capi_open_store(ctx, NULL);
-		if (!hstore)
-			return NULL;
-		cert = capi_find_cert(ctx, id, hstore);
-		if (cert)
-			{
-			key = capi_get_cert_key(ctx, cert);
-			CertFreeCertificateContext(cert);
-			}
-		CertCloseStore(hstore, 0);
-		break;
-
-		case CAPI_LU_CONTNAME:
-		key = capi_get_key(ctx, id, ctx->cspname, ctx->csptype,
-							ctx->keytype);
-		break;
-		}
-
-	return key;
-	}
-
-void capi_free_key(CAPI_KEY *key)
-	{
-	if (!key)
-		return;
-	CryptDestroyKey(key->key);
-	CryptReleaseContext(key->hprov, 0);
-	if (key->pcert)
-		CertFreeCertificateContext(key->pcert);
-	OPENSSL_free(key);
-	}
-
-
-/* Initialize a CAPI_CTX structure */
-
-static CAPI_CTX *capi_ctx_new()
-	{
-	CAPI_CTX *ctx;
-	ctx = OPENSSL_malloc(sizeof(CAPI_CTX));
-	if (!ctx)
-		{
-		CAPIerr(CAPI_F_CAPI_CTX_NEW, ERR_R_MALLOC_FAILURE);
-		return NULL;
-		}
-	ctx->cspname = NULL;
-	ctx->csptype = PROV_RSA_FULL;
-	ctx->dump_flags = CAPI_DMP_SUMMARY|CAPI_DMP_FNAME;
-	ctx->keytype = AT_KEYEXCHANGE;
-	ctx->storename = NULL;
-	ctx->ssl_client_store = NULL;
-	ctx->store_flags = CERT_STORE_OPEN_EXISTING_FLAG |
-				CERT_STORE_READONLY_FLAG |
-				CERT_SYSTEM_STORE_CURRENT_USER;
-	ctx->lookup_method = CAPI_LU_SUBSTR;
-	ctx->debug_level = 0;
-	ctx->debug_file = NULL;
-	ctx->client_cert_select = cert_select_simple;
-	return ctx;
-	}
-
-static void capi_ctx_free(CAPI_CTX *ctx)
-	{
-	CAPI_trace(ctx, "Calling capi_ctx_free with %lx\n", ctx);
-	if (!ctx)
-		return;
-	if (ctx->cspname)
-		OPENSSL_free(ctx->cspname);
-	if (ctx->debug_file)
-		OPENSSL_free(ctx->debug_file);
-	if (ctx->storename)
-		OPENSSL_free(ctx->storename);
-	if (ctx->ssl_client_store)
-		OPENSSL_free(ctx->ssl_client_store);
-	OPENSSL_free(ctx);
-	}
-
-static int capi_ctx_set_provname(CAPI_CTX *ctx, LPSTR pname, DWORD type, int check)
-	{
-	CAPI_trace(ctx, "capi_ctx_set_provname, name=%s, type=%d\n", pname, type);
-	if (check)
-		{
-		HCRYPTPROV hprov;
-		if (!CryptAcquireContextA(&hprov, NULL, pname, type,
-						CRYPT_VERIFYCONTEXT))
-			{
-			CAPIerr(CAPI_F_CAPI_CTX_SET_PROVNAME, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
-			capi_addlasterror();
-			return 0;
-			}
-		CryptReleaseContext(hprov, 0);
-		}
-	if (ctx->cspname)
-		OPENSSL_free(ctx->cspname);
-	ctx->cspname = BUF_strdup(pname);
-	ctx->csptype = type;
-	return 1;
-	}
-
-static int capi_ctx_set_provname_idx(CAPI_CTX *ctx, int idx)
-	{
-	LPSTR pname;
-	DWORD type;
-	int res;
-	if (capi_get_provname(ctx, &pname, &type, idx) != 1)
-		return 0;
-	res = capi_ctx_set_provname(ctx, pname, type, 0);
-	OPENSSL_free(pname);
-	return res;
-	}
-
-static int cert_issuer_match(STACK_OF(X509_NAME) *ca_dn, X509 *x)
-	{
-	int i;
-	X509_NAME *nm;
-	/* Special case: empty list: match anything */
-	if (sk_X509_NAME_num(ca_dn) <= 0)
-		return 1;
-	for (i = 0; i < sk_X509_NAME_num(ca_dn); i++)
-		{
-		nm = sk_X509_NAME_value(ca_dn, i);
-		if (!X509_NAME_cmp(nm, X509_get_issuer_name(x)))
-				return 1;
-		}
-	return 0;
-	}
-
-
-
-static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl,
-	STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey,
-	STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data)
-	{
-	STACK_OF(X509) *certs = NULL;
-	X509 *x;
-	char *storename;
-	const char *p;
-	int i, client_cert_idx;
-	HCERTSTORE hstore;
-	PCCERT_CONTEXT cert = NULL, excert = NULL;
-	CAPI_CTX *ctx;
-	CAPI_KEY *key;
-	ctx = ENGINE_get_ex_data(e, capi_idx);
-
-	*pcert = NULL;
-	*pkey = NULL;
-
-	storename = ctx->ssl_client_store;
-	if (!storename)
-		storename = "MY";
-
-	hstore = capi_open_store(ctx, storename);
-	if (!hstore)
-		return 0;
-	/* Enumerate all certificates collect any matches */
-	for(i = 0;;i++)
-		{
-		cert = CertEnumCertificatesInStore(hstore, cert);
-		if (!cert)
-			break;
-		p = cert->pbCertEncoded;
-		x = d2i_X509(NULL, &p, cert->cbCertEncoded);
-		if (!x)
-			{
-			CAPI_trace(ctx, "Can't Parse Certificate %d\n", i);
-			continue;
-			}
-		if (cert_issuer_match(ca_dn, x)
-			&& X509_check_purpose(x, X509_PURPOSE_SSL_CLIENT, 0))
-			{
-			key = capi_get_cert_key(ctx, cert);
-			if (!key)
-				{
-				X509_free(x);
-				continue;
-				}
-			/* Match found: attach extra data to it so
-			 * we can retrieve the key later.
-			 */
-			excert = CertDuplicateCertificateContext(cert);
-			key->pcert = excert;
-			X509_set_ex_data(x, cert_capi_idx, key);
-
-			if (!certs)
-				certs = sk_X509_new_null();
-
-			sk_X509_push(certs, x);
-			}
-		else
-			X509_free(x);
-
-		}
-
-	if (cert)
-		CertFreeCertificateContext(cert);
-	if (hstore)
-		CertCloseStore(hstore, 0);
-
-	if (!certs)
-		return 0;
-
-
-	/* Select the appropriate certificate */
-
-	client_cert_idx = ctx->client_cert_select(e, ssl, certs);
-
-	/* Set the selected certificate and free the rest */
-
-	for(i = 0; i < sk_X509_num(certs); i++)
-		{
-		x = sk_X509_value(certs, i);
-		if (i == client_cert_idx)
-			*pcert = x;
-		else
-			{
-			key = X509_get_ex_data(x, cert_capi_idx);
-			capi_free_key(key);
-			X509_free(x);
-			}
-		}
-
-	sk_X509_free(certs);
-
-	if (!*pcert)
-		return 0;
-
-	/* Setup key for selected certificate */
-
-	key = X509_get_ex_data(*pcert, cert_capi_idx);
-	*pkey = capi_get_pkey(e, key);
-	X509_set_ex_data(*pcert, cert_capi_idx, NULL);
-
-	return 1;
-
-	}
-
-
-/* Simple client cert selection function: always select first */
-
-static int cert_select_simple(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs)
-	{
-	return 0;
-	}
-
-#ifdef OPENSSL_CAPIENG_DIALOG
-
-/* More complex cert selection function, using standard function
- * CryptUIDlgSelectCertificateFromStore() to produce a dialog box.
- */
-
-/* Definitions which are in cryptuiapi.h but this is not present in older
- * versions of headers.
- */
-
-#ifndef CRYPTUI_SELECT_LOCATION_COLUMN
-#define CRYPTUI_SELECT_LOCATION_COLUMN                   0x000000010
-#define CRYPTUI_SELECT_INTENDEDUSE_COLUMN                0x000000004
-#endif
-
-#define dlg_title L"OpenSSL Application SSL Client Certificate Selection"
-#define dlg_prompt L"Select a certificate to use for authentication"
-#define dlg_columns	 CRYPTUI_SELECT_LOCATION_COLUMN \
-			|CRYPTUI_SELECT_INTENDEDUSE_COLUMN
-
-static int cert_select_dialog(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs)
-	{
-	X509 *x;
-	HCERTSTORE dstore;
-	PCCERT_CONTEXT cert;
-	CAPI_CTX *ctx;
-	CAPI_KEY *key;
-	HWND hwnd;
-	int i, idx = -1;
-	if (sk_X509_num(certs) == 1)
-		return 0;
-	ctx = ENGINE_get_ex_data(e, capi_idx);
-	/* Create an in memory store of certificates */
-	dstore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
-					CERT_STORE_CREATE_NEW_FLAG, NULL);
-	if (!dstore)
-		{
-		CAPIerr(CAPI_F_CERT_SELECT_DIALOG, CAPI_R_ERROR_CREATING_STORE);
-		capi_addlasterror();
-		goto err;
-		}
-	/* Add all certificates to store */
-	for(i = 0; i < sk_X509_num(certs); i++)
-		{
-		x = sk_X509_value(certs, i);
-		key = X509_get_ex_data(x, cert_capi_idx);
-
-		if (!CertAddCertificateContextToStore(dstore, key->pcert,
-						CERT_STORE_ADD_NEW, NULL))
-			{
-			CAPIerr(CAPI_F_CERT_SELECT_DIALOG, CAPI_R_ERROR_ADDING_CERT);
-			capi_addlasterror();
-			goto err;
-			}
-
-		}
-	hwnd = GetForegroundWindow();
-	if (!hwnd)
-		hwnd = GetActiveWindow();
-	if (!hwnd && ctx->getconswindow)
-		hwnd = ctx->getconswindow();
-	/* Call dialog to select one */
-	cert = ctx->certselectdlg(dstore, hwnd, dlg_title, dlg_prompt,
-						dlg_columns, 0, NULL);
-
-	/* Find matching cert from list */
-	if (cert)
-		{
-		for(i = 0; i < sk_X509_num(certs); i++)
-			{
-			x = sk_X509_value(certs, i);
-			key = X509_get_ex_data(x, cert_capi_idx);
-			if (CertCompareCertificate(
-				X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
-					cert->pCertInfo,
-					key->pcert->pCertInfo))
-				{
-				idx = i;
-				break;
-				}
-			}
-		}
-
-	err:
-	if (dstore)
-		CertCloseStore(dstore, 0);
-	return idx;
-
-	}
-#endif
-
-#else /* !__COMPILE_CAPIENG */
-#include <openssl/engine.h>
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-OPENSSL_EXPORT
-int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns);
-OPENSSL_EXPORT
-int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { return 0; }
-IMPLEMENT_DYNAMIC_CHECK_FN()
-#else
-void ENGINE_load_capi(void){}
-#endif
-#endif
diff --git a/lib/libssl/src/engines/e_capi.ec b/lib/libssl/src/engines/e_capi.ec
deleted file mode 100644
index d2ad668a987..00000000000
--- a/lib/libssl/src/engines/e_capi.ec
+++ /dev/null
@@ -1 +0,0 @@
-L       CAPI    e_capi_err.h e_capi_err.c
diff --git a/lib/libssl/src/engines/e_capi_err.c b/lib/libssl/src/engines/e_capi_err.c
deleted file mode 100644
index a1fbd04cb8e..00000000000
--- a/lib/libssl/src/engines/e_capi_err.c
+++ /dev/null
@@ -1,184 +0,0 @@
-/* e_capi_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2009 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include "e_capi_err.h"
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(0,func,0)
-#define ERR_REASON(reason) ERR_PACK(0,0,reason)
-
-static ERR_STRING_DATA CAPI_str_functs[]=
-	{
-{ERR_FUNC(CAPI_F_CAPI_CERT_GET_FNAME),	"CAPI_CERT_GET_FNAME"},
-{ERR_FUNC(CAPI_F_CAPI_CTRL),	"CAPI_CTRL"},
-{ERR_FUNC(CAPI_F_CAPI_CTX_NEW),	"CAPI_CTX_NEW"},
-{ERR_FUNC(CAPI_F_CAPI_CTX_SET_PROVNAME),	"CAPI_CTX_SET_PROVNAME"},
-{ERR_FUNC(CAPI_F_CAPI_DSA_DO_SIGN),	"CAPI_DSA_DO_SIGN"},
-{ERR_FUNC(CAPI_F_CAPI_GET_KEY),	"CAPI_GET_KEY"},
-{ERR_FUNC(CAPI_F_CAPI_GET_PKEY),	"CAPI_GET_PKEY"},
-{ERR_FUNC(CAPI_F_CAPI_GET_PROVNAME),	"CAPI_GET_PROVNAME"},
-{ERR_FUNC(CAPI_F_CAPI_GET_PROV_INFO),	"CAPI_GET_PROV_INFO"},
-{ERR_FUNC(CAPI_F_CAPI_INIT),	"CAPI_INIT"},
-{ERR_FUNC(CAPI_F_CAPI_LIST_CONTAINERS),	"CAPI_LIST_CONTAINERS"},
-{ERR_FUNC(CAPI_F_CAPI_LOAD_PRIVKEY),	"CAPI_LOAD_PRIVKEY"},
-{ERR_FUNC(CAPI_F_CAPI_OPEN_STORE),	"CAPI_OPEN_STORE"},
-{ERR_FUNC(CAPI_F_CAPI_RSA_PRIV_DEC),	"CAPI_RSA_PRIV_DEC"},
-{ERR_FUNC(CAPI_F_CAPI_RSA_PRIV_ENC),	"CAPI_RSA_PRIV_ENC"},
-{ERR_FUNC(CAPI_F_CAPI_RSA_SIGN),	"CAPI_RSA_SIGN"},
-{ERR_FUNC(CAPI_F_CERT_SELECT_DIALOG),	"CERT_SELECT_DIALOG"},
-{ERR_FUNC(CAPI_F_CLIENT_CERT_SELECT),	"CLIENT_CERT_SELECT"},
-{ERR_FUNC(CAPI_F_WIDE_TO_ASC),	"WIDE_TO_ASC"},
-{0,NULL}
-	};
-
-static ERR_STRING_DATA CAPI_str_reasons[]=
-	{
-{ERR_REASON(CAPI_R_CANT_CREATE_HASH_OBJECT),"cant create hash object"},
-{ERR_REASON(CAPI_R_CANT_FIND_CAPI_CONTEXT),"cant find capi context"},
-{ERR_REASON(CAPI_R_CANT_GET_KEY)         ,"cant get key"},
-{ERR_REASON(CAPI_R_CANT_SET_HASH_VALUE)  ,"cant set hash value"},
-{ERR_REASON(CAPI_R_CRYPTACQUIRECONTEXT_ERROR),"cryptacquirecontext error"},
-{ERR_REASON(CAPI_R_CRYPTENUMPROVIDERS_ERROR),"cryptenumproviders error"},
-{ERR_REASON(CAPI_R_DECRYPT_ERROR)        ,"decrypt error"},
-{ERR_REASON(CAPI_R_ENGINE_NOT_INITIALIZED),"engine not initialized"},
-{ERR_REASON(CAPI_R_ENUMCONTAINERS_ERROR) ,"enumcontainers error"},
-{ERR_REASON(CAPI_R_ERROR_ADDING_CERT)    ,"error adding cert"},
-{ERR_REASON(CAPI_R_ERROR_CREATING_STORE) ,"error creating store"},
-{ERR_REASON(CAPI_R_ERROR_GETTING_FRIENDLY_NAME),"error getting friendly name"},
-{ERR_REASON(CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO),"error getting key provider info"},
-{ERR_REASON(CAPI_R_ERROR_OPENING_STORE)  ,"error opening store"},
-{ERR_REASON(CAPI_R_ERROR_SIGNING_HASH)   ,"error signing hash"},
-{ERR_REASON(CAPI_R_FUNCTION_NOT_SUPPORTED),"function not supported"},
-{ERR_REASON(CAPI_R_GETUSERKEY_ERROR)     ,"getuserkey error"},
-{ERR_REASON(CAPI_R_INVALID_DIGEST_LENGTH),"invalid digest length"},
-{ERR_REASON(CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER),"invalid dsa public key blob magic number"},
-{ERR_REASON(CAPI_R_INVALID_LOOKUP_METHOD),"invalid lookup method"},
-{ERR_REASON(CAPI_R_INVALID_PUBLIC_KEY_BLOB),"invalid public key blob"},
-{ERR_REASON(CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER),"invalid rsa public key blob magic number"},
-{ERR_REASON(CAPI_R_PUBKEY_EXPORT_ERROR)  ,"pubkey export error"},
-{ERR_REASON(CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR),"pubkey export length error"},
-{ERR_REASON(CAPI_R_UNKNOWN_COMMAND)      ,"unknown command"},
-{ERR_REASON(CAPI_R_UNSUPPORTED_ALGORITHM_NID),"unsupported algorithm nid"},
-{ERR_REASON(CAPI_R_UNSUPPORTED_PADDING)  ,"unsupported padding"},
-{ERR_REASON(CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM),"unsupported public key algorithm"},
-{ERR_REASON(CAPI_R_WIN32_ERROR)          ,"win32 error"},
-{0,NULL}
-	};
-
-#endif
-
-#ifdef CAPI_LIB_NAME
-static ERR_STRING_DATA CAPI_lib_name[]=
-        {
-{0	,CAPI_LIB_NAME},
-{0,NULL}
-	};
-#endif
-
-
-static int CAPI_lib_error_code=0;
-static int CAPI_error_init=1;
-
-static void ERR_load_CAPI_strings(void)
-	{
-	if (CAPI_lib_error_code == 0)
-		CAPI_lib_error_code=ERR_get_next_error_library();
-
-	if (CAPI_error_init)
-		{
-		CAPI_error_init=0;
-#ifndef OPENSSL_NO_ERR
-		ERR_load_strings(CAPI_lib_error_code,CAPI_str_functs);
-		ERR_load_strings(CAPI_lib_error_code,CAPI_str_reasons);
-#endif
-
-#ifdef CAPI_LIB_NAME
-		CAPI_lib_name->error = ERR_PACK(CAPI_lib_error_code,0,0);
-		ERR_load_strings(0,CAPI_lib_name);
-#endif
-		}
-	}
-
-static void ERR_unload_CAPI_strings(void)
-	{
-	if (CAPI_error_init == 0)
-		{
-#ifndef OPENSSL_NO_ERR
-		ERR_unload_strings(CAPI_lib_error_code,CAPI_str_functs);
-		ERR_unload_strings(CAPI_lib_error_code,CAPI_str_reasons);
-#endif
-
-#ifdef CAPI_LIB_NAME
-		ERR_unload_strings(0,CAPI_lib_name);
-#endif
-		CAPI_error_init=1;
-		}
-	}
-
-static void ERR_CAPI_error(int function, int reason, char *file, int line)
-	{
-	if (CAPI_lib_error_code == 0)
-		CAPI_lib_error_code=ERR_get_next_error_library();
-	ERR_PUT_error(CAPI_lib_error_code,function,reason,file,line);
-	}
diff --git a/lib/libssl/src/engines/e_capi_err.h b/lib/libssl/src/engines/e_capi_err.h
deleted file mode 100644
index efa70010381..00000000000
--- a/lib/libssl/src/engines/e_capi_err.h
+++ /dev/null
@@ -1,128 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2001-2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_CAPI_ERR_H
-#define HEADER_CAPI_ERR_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-static void ERR_load_CAPI_strings(void);
-static void ERR_unload_CAPI_strings(void);
-static void ERR_CAPI_error(int function, int reason, char *file, int line);
-#define CAPIerr(f,r) ERR_CAPI_error((f),(r),__FILE__,__LINE__)
-
-/* Error codes for the CAPI functions. */
-
-/* Function codes. */
-#define CAPI_F_CAPI_CERT_GET_FNAME			 99
-#define CAPI_F_CAPI_CTRL				 100
-#define CAPI_F_CAPI_CTX_NEW				 101
-#define CAPI_F_CAPI_CTX_SET_PROVNAME			 102
-#define CAPI_F_CAPI_DSA_DO_SIGN				 114
-#define CAPI_F_CAPI_GET_KEY				 103
-#define CAPI_F_CAPI_GET_PKEY				 115
-#define CAPI_F_CAPI_GET_PROVNAME			 104
-#define CAPI_F_CAPI_GET_PROV_INFO			 105
-#define CAPI_F_CAPI_INIT				 106
-#define CAPI_F_CAPI_LIST_CONTAINERS			 107
-#define CAPI_F_CAPI_LOAD_PRIVKEY			 108
-#define CAPI_F_CAPI_OPEN_STORE				 109
-#define CAPI_F_CAPI_RSA_PRIV_DEC			 110
-#define CAPI_F_CAPI_RSA_PRIV_ENC			 111
-#define CAPI_F_CAPI_RSA_SIGN				 112
-#define CAPI_F_CERT_SELECT_DIALOG			 117
-#define CAPI_F_CLIENT_CERT_SELECT			 116
-#define CAPI_F_WIDE_TO_ASC				 113
-
-/* Reason codes. */
-#define CAPI_R_CANT_CREATE_HASH_OBJECT			 99
-#define CAPI_R_CANT_FIND_CAPI_CONTEXT			 100
-#define CAPI_R_CANT_GET_KEY				 101
-#define CAPI_R_CANT_SET_HASH_VALUE			 102
-#define CAPI_R_CRYPTACQUIRECONTEXT_ERROR		 103
-#define CAPI_R_CRYPTENUMPROVIDERS_ERROR			 104
-#define CAPI_R_DECRYPT_ERROR				 105
-#define CAPI_R_ENGINE_NOT_INITIALIZED			 106
-#define CAPI_R_ENUMCONTAINERS_ERROR			 107
-#define CAPI_R_ERROR_ADDING_CERT			 125
-#define CAPI_R_ERROR_CREATING_STORE			 126
-#define CAPI_R_ERROR_GETTING_FRIENDLY_NAME		 108
-#define CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO		 109
-#define CAPI_R_ERROR_OPENING_STORE			 110
-#define CAPI_R_ERROR_SIGNING_HASH			 111
-#define CAPI_R_FUNCTION_NOT_SUPPORTED			 112
-#define CAPI_R_GETUSERKEY_ERROR				 113
-#define CAPI_R_INVALID_DIGEST_LENGTH			 124
-#define CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER	 122
-#define CAPI_R_INVALID_LOOKUP_METHOD			 114
-#define CAPI_R_INVALID_PUBLIC_KEY_BLOB			 115
-#define CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER	 123
-#define CAPI_R_PUBKEY_EXPORT_ERROR			 116
-#define CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR		 117
-#define CAPI_R_UNKNOWN_COMMAND				 118
-#define CAPI_R_UNSUPPORTED_ALGORITHM_NID		 119
-#define CAPI_R_UNSUPPORTED_PADDING			 120
-#define CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM		 121
-#define CAPI_R_WIN32_ERROR				 127
-
-#ifdef  __cplusplus
-}
-#endif
-#endif