1 /* crypto/engine/engine_lib.c */
2 /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
5 /* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
34 * 6. Redistributions of any form whatsoever must retain the following
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
59 #include <openssl/crypto.h>
61 #include "engine_int.h"
62 #include <openssl/engine.h>
64 /* These pointers each have their own "functional reference" when they
65 * are non-NULL. Similarly, when they are retrieved by a call to
66 * ENGINE_get_default_[RSA|DSA|...] the returned pointer is also a
67 * reference and the caller is responsible for freeing that when they
68 * are finished with it (with a call to ENGINE_finish() *NOT* just
69 * ENGINE_free()!!!!!!). */
70 #ifndef OPENSSL_NO_RSA
71 static ENGINE *engine_def_rsa = NULL;
73 #ifndef OPENSSL_NO_DSA
74 static ENGINE *engine_def_dsa = NULL;
77 static ENGINE *engine_def_dh = NULL;
79 static ENGINE *engine_def_rand = NULL;
80 static ENGINE *engine_def_bn_mod_exp = NULL;
81 static ENGINE *engine_def_bn_mod_exp_crt = NULL;
82 /* A static "once-only" flag used to control if/when the above were
83 * initialised to suitable start-up defaults. */
84 static int engine_def_flag = 0;
86 /* When querying a ENGINE-specific control command's 'description', this string
87 * is used if the ENGINE_CMD_DEFN has cmd_desc set to NULL. */
88 static const char *int_no_description = "";
90 /* This is used in certain static utility functions to save code
91 * repetition for per-algorithm functions. */
97 ENGINE_TYPE_BN_MOD_EXP,
98 ENGINE_TYPE_BN_MOD_EXP_CRT
101 static void engine_def_check_util(ENGINE **def, ENGINE *val)
106 engine_ref_debug(val, 0, 1)
107 engine_ref_debug(val, 1, 1)
110 /* In a slight break with convention - this static function must be
111 * called *outside* any locking of CRYPTO_LOCK_ENGINE. */
112 static void engine_def_check(void)
117 e = ENGINE_get_first();
119 /* The list is empty ... not much we can do! */
121 /* We have a structural reference, see if getting a functional
122 * reference is possible. This is done to cope with init errors
123 * in the engine - the following locked code does a bunch of
124 * manual "ENGINE_init"s which do *not* allow such an init
125 * error so this is worth doing. */
128 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
129 /* Doing another check here prevents an obvious race
130 * condition because the whole function itself cannot
133 goto skip_set_defaults;
134 /* OK, we got a functional reference, so we get one each
135 * for the defaults too. */
136 #ifndef OPENSSL_NO_RSA
137 engine_def_check_util(&engine_def_rsa, e);
139 #ifndef OPENSSL_NO_RSA
140 engine_def_check_util(&engine_def_dsa, e);
142 #ifndef OPENSSL_NO_DH
143 engine_def_check_util(&engine_def_dh, e);
145 engine_def_check_util(&engine_def_rand, e);
146 engine_def_check_util(&engine_def_bn_mod_exp, e);
147 engine_def_check_util(&engine_def_bn_mod_exp_crt, e);
150 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
151 /* The "if" needs to be balanced out. */
154 /* We need to balance out the fact we obtained a structural
155 * reference to begin with from ENGINE_get_first(). */
159 /* Initialise a engine type for use (or up its functional reference count
160 * if it's already in use). */
161 int ENGINE_init(ENGINE *e)
167 ENGINEerr(ENGINE_F_ENGINE_INIT,ERR_R_PASSED_NULL_PARAMETER);
170 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
171 if((e->funct_ref == 0) && e->init)
172 /* This is the first functional reference and the engine
173 * requires initialisation so we do it now. */
174 to_return = e->init(e);
177 /* OK, we return a functional reference which is also a
178 * structural reference. */
181 engine_ref_debug(e, 0, 1)
182 engine_ref_debug(e, 1, 1)
184 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
188 /* Free a functional reference to a engine type */
189 int ENGINE_finish(ENGINE *e)
195 ENGINEerr(ENGINE_F_ENGINE_FINISH,ERR_R_PASSED_NULL_PARAMETER);
198 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
199 /* Reduce the functional reference count here so if it's the terminating
200 * case, we can release the lock safely and call the finish() handler
201 * without risk of a race. We get a race if we leave the count until
202 * after and something else is calling "finish" at the same time -
203 * there's a chance that both threads will together take the count from
204 * 2 to 0 without either calling finish(). */
206 engine_ref_debug(e, 1, -1)
207 if((e->funct_ref == 0) && e->finish)
209 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
210 if(!(to_return = e->finish(e)))
212 ENGINEerr(ENGINE_F_ENGINE_FINISH,ENGINE_R_FINISH_FAILED);
217 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
221 fprintf(stderr,"ENGINE_finish, bad functional reference count\n");
225 /* Release the structural reference too */
228 ENGINEerr(ENGINE_F_ENGINE_FINISH,ENGINE_R_FINISH_FAILED);
234 EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
235 const char *passphrase)
241 ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
242 ERR_R_PASSED_NULL_PARAMETER);
245 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
246 if(e->funct_ref == 0)
248 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
249 ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
250 ENGINE_R_NOT_INITIALISED);
253 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
254 if (!e->load_privkey)
256 ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
257 ENGINE_R_NO_LOAD_FUNCTION);
260 pkey = e->load_privkey(e, key_id, passphrase);
263 ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
264 ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
270 EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
271 const char *passphrase)
277 ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
278 ERR_R_PASSED_NULL_PARAMETER);
281 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
282 if(e->funct_ref == 0)
284 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
285 ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
286 ENGINE_R_NOT_INITIALISED);
289 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
292 ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
293 ENGINE_R_NO_LOAD_FUNCTION);
296 pkey = e->load_pubkey(e, key_id, passphrase);
299 ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
300 ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
306 /* These internal functions handle 'CMD'-related control commands when the
307 * ENGINE in question has asked us to take care of it (ie. the ENGINE did not
308 * set the ENGINE_FLAGS_MANUAL_CMD_CTRL flag. */
310 static int int_ctrl_cmd_is_null(const ENGINE_CMD_DEFN *defn)
312 if((defn->cmd_num == 0) || (defn->cmd_name == NULL))
317 static int int_ctrl_cmd_by_name(const ENGINE_CMD_DEFN *defn, const char *s)
320 while(!int_ctrl_cmd_is_null(defn) && (strcmp(defn->cmd_name, s) != 0))
325 if(int_ctrl_cmd_is_null(defn))
326 /* The given name wasn't found */
331 static int int_ctrl_cmd_by_num(const ENGINE_CMD_DEFN *defn, unsigned int num)
334 /* NB: It is stipulated that 'cmd_defn' lists are ordered by cmd_num. So
335 * our searches don't need to take any longer than necessary. */
336 while(!int_ctrl_cmd_is_null(defn) && (defn->cmd_num < num))
341 if(defn->cmd_num == num)
343 /* The given cmd_num wasn't found */
347 static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, void (*f)())
351 /* Take care of the easy one first (eg. it requires no searches) */
352 if(cmd == ENGINE_CTRL_GET_FIRST_CMD_TYPE)
354 if((e->cmd_defns == NULL) || int_ctrl_cmd_is_null(e->cmd_defns))
356 return e->cmd_defns->cmd_num;
358 /* One or two commands require that "p" be a valid string buffer */
359 if((cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) ||
360 (cmd == ENGINE_CTRL_GET_NAME_FROM_CMD) ||
361 (cmd == ENGINE_CTRL_GET_DESC_FROM_CMD))
365 ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
366 ERR_R_PASSED_NULL_PARAMETER);
370 /* Now handle cmd_name -> cmd_num conversion */
371 if(cmd == ENGINE_CTRL_GET_CMD_FROM_NAME)
373 if((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_name(
374 e->cmd_defns, s)) < 0))
376 ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
377 ENGINE_R_INVALID_CMD_NAME);
380 return e->cmd_defns[idx].cmd_num;
382 /* For the rest of the commands, the 'long' argument must specify a
383 * valie command number - so we need to conduct a search. */
384 if((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_num(e->cmd_defns,
385 (unsigned int)i)) < 0))
387 ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
388 ENGINE_R_INVALID_CMD_NUMBER);
391 /* Now the logic splits depending on command type */
394 case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
396 if(int_ctrl_cmd_is_null(e->cmd_defns + idx))
400 return e->cmd_defns[idx].cmd_num;
401 case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
402 return strlen(e->cmd_defns[idx].cmd_name);
403 case ENGINE_CTRL_GET_NAME_FROM_CMD:
404 return sprintf(s, "%s", e->cmd_defns[idx].cmd_name);
405 case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
406 if(e->cmd_defns[idx].cmd_desc)
407 return strlen(e->cmd_defns[idx].cmd_desc);
408 return strlen(int_no_description);
409 case ENGINE_CTRL_GET_DESC_FROM_CMD:
410 if(e->cmd_defns[idx].cmd_desc)
411 return sprintf(s, "%s", e->cmd_defns[idx].cmd_desc);
412 return sprintf(s, "%s", int_no_description);
413 case ENGINE_CTRL_GET_CMD_FLAGS:
414 return e->cmd_defns[idx].cmd_flags;
416 /* Shouldn't really be here ... */
417 ENGINEerr(ENGINE_F_INT_CTRL_HELPER,ENGINE_R_INTERNAL_LIST_ERROR);
421 int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
423 int ctrl_exists, ref_exists;
426 ENGINEerr(ENGINE_F_ENGINE_CTRL,ERR_R_PASSED_NULL_PARAMETER);
429 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
430 ref_exists = ((e->struct_ref > 0) ? 1 : 0);
431 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
432 ctrl_exists = ((e->ctrl == NULL) ? 0 : 1);
435 ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_REFERENCE);
438 /* Intercept any "root-level" commands before trying to hand them on to
439 * ctrl() handlers. */
442 case ENGINE_CTRL_HAS_CTRL_FUNCTION:
444 case ENGINE_CTRL_GET_FIRST_CMD_TYPE:
445 case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
446 case ENGINE_CTRL_GET_CMD_FROM_NAME:
447 case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
448 case ENGINE_CTRL_GET_NAME_FROM_CMD:
449 case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
450 case ENGINE_CTRL_GET_DESC_FROM_CMD:
451 case ENGINE_CTRL_GET_CMD_FLAGS:
452 if(ctrl_exists && !(e->flags & ENGINE_FLAGS_MANUAL_CMD_CTRL))
453 return int_ctrl_helper(e,cmd,i,p,f);
456 ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION);
457 /* For these cmd-related functions, failure is indicated
458 * by a -1 return value (because 0 is used as a valid
459 * return in some places). */
465 /* Anything else requires a ctrl() handler to exist. */
468 ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION);
471 return e->ctrl(e, cmd, i, p, f);
474 int ENGINE_cmd_is_executable(ENGINE *e, int cmd)
477 if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, cmd, NULL, NULL)) < 0)
479 ENGINEerr(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE,
480 ENGINE_R_INVALID_CMD_NUMBER);
483 if(!(flags & ENGINE_CMD_FLAG_NO_INPUT) &&
484 !(flags & ENGINE_CMD_FLAG_NUMERIC) &&
485 !(flags & ENGINE_CMD_FLAG_STRING))
490 int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
496 if((e == NULL) || (cmd_name == NULL))
498 ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
499 ERR_R_PASSED_NULL_PARAMETER);
502 if((e->ctrl == NULL) || ((num = ENGINE_ctrl(e,
503 ENGINE_CTRL_GET_CMD_FROM_NAME,
504 0, (void *)cmd_name, NULL)) <= 0))
506 /* If the command didn't *have* to be supported, we fake
507 * success. This allows certain settings to be specified for
508 * multiple ENGINEs and only require a change of ENGINE id
509 * (without having to selectively apply settings). Eg. changing
510 * from a hardware device back to the regular software ENGINE
511 * without editing the config file, etc. */
517 ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
518 ENGINE_R_INVALID_CMD_NAME);
521 if(!ENGINE_cmd_is_executable(e, num))
523 ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
524 ENGINE_R_CMD_NOT_EXECUTABLE);
527 if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, NULL, NULL)) < 0)
529 /* Shouldn't happen, given that ENGINE_cmd_is_executable()
530 * returned success. */
531 ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
532 ENGINE_R_INTERNAL_LIST_ERROR);
535 /* If the command takes no input, there must be no input. And vice
537 if(flags & ENGINE_CMD_FLAG_NO_INPUT)
541 ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
542 ENGINE_R_COMMAND_TAKES_NO_INPUT);
545 /* We deliberately force the result of ENGINE_ctrl() to 0 or 1
546 * rather than returning it as "return data". This is to ensure
547 * usage of these commands is consistent across applications and
548 * that certain applications don't understand it one way, and
550 if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL))
554 /* So, we require input */
557 ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
558 ENGINE_R_COMMAND_TAKES_INPUT);
561 /* If it takes string input, that's easy */
562 if(flags & ENGINE_CMD_FLAG_STRING)
564 /* Same explanation as above */
565 if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL))
569 /* If it doesn't take numeric either, then it is unsupported for use in
570 * a config-setting situation, which is what this function is for. This
571 * should never happen though, because ENGINE_cmd_is_executable() was
573 if(!(flags & ENGINE_CMD_FLAG_NUMERIC))
575 ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
576 ENGINE_R_INTERNAL_LIST_ERROR);
579 l = strtol(arg, &ptr, 10);
580 if((arg == ptr) || (*ptr != '\0'))
582 ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
583 ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER);
586 /* Force the result of the control command to 0 or 1, for the reasons
587 * mentioned before. */
588 if(ENGINE_ctrl(e, num, l, NULL, NULL))
593 static ENGINE *engine_get_default_type(ENGINE_TYPE t)
597 /* engine_def_check is lean and mean and won't replace any
598 * prior default engines ... so we must ensure that it is always
599 * the first function to get to touch the default values. */
601 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
604 #ifndef OPENSSL_NO_RSA
605 case ENGINE_TYPE_RSA:
606 ret = engine_def_rsa; break;
608 #ifndef OPENSSL_NO_DSA
609 case ENGINE_TYPE_DSA:
610 ret = engine_def_dsa; break;
612 #ifndef OPENSSL_NO_DH
614 ret = engine_def_dh; break;
616 case ENGINE_TYPE_RAND:
617 ret = engine_def_rand; break;
618 case ENGINE_TYPE_BN_MOD_EXP:
619 ret = engine_def_bn_mod_exp; break;
620 case ENGINE_TYPE_BN_MOD_EXP_CRT:
621 ret = engine_def_bn_mod_exp_crt; break;
625 /* Unforunately we can't do this work outside the lock with a
626 * call to ENGINE_init() because that would leave a race
632 engine_ref_debug(ret, 0, 1)
633 engine_ref_debug(ret, 1, 1)
635 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
639 #ifndef OPENSSL_NO_RSA
640 ENGINE *ENGINE_get_default_RSA(void)
642 return engine_get_default_type(ENGINE_TYPE_RSA);
646 #ifndef OPENSSL_NO_DSA
647 ENGINE *ENGINE_get_default_DSA(void)
649 return engine_get_default_type(ENGINE_TYPE_DSA);
653 #ifndef OPENSSL_NO_DH
654 ENGINE *ENGINE_get_default_DH(void)
656 return engine_get_default_type(ENGINE_TYPE_DH);
660 ENGINE *ENGINE_get_default_RAND(void)
662 return engine_get_default_type(ENGINE_TYPE_RAND);
665 ENGINE *ENGINE_get_default_BN_mod_exp(void)
667 return engine_get_default_type(ENGINE_TYPE_BN_MOD_EXP);
670 ENGINE *ENGINE_get_default_BN_mod_exp_crt(void)
672 return engine_get_default_type(ENGINE_TYPE_BN_MOD_EXP_CRT);
675 static int engine_set_default_type(ENGINE_TYPE t, ENGINE *e)
679 /* engine_def_check is lean and mean and won't replace any
680 * prior default engines ... so we must ensure that it is always
681 * the first function to get to touch the default values. */
683 /* Attempt to get a functional reference (we need one anyway, but
684 * also, 'e' may be just a structural reference being passed in so
685 * this call may actually be the first). */
686 if(e && !ENGINE_init(e))
688 ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_TYPE,
689 ENGINE_R_INIT_FAILED);
692 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
695 #ifndef OPENSSL_NO_RSA
696 case ENGINE_TYPE_RSA:
697 old = engine_def_rsa;
698 engine_def_rsa = e; break;
700 #ifndef OPENSSL_NO_DSA
701 case ENGINE_TYPE_DSA:
702 old = engine_def_dsa;
703 engine_def_dsa = e; break;
705 #ifndef OPENSSL_NO_DH
708 engine_def_dh = e; break;
710 case ENGINE_TYPE_RAND:
711 old = engine_def_rand;
712 engine_def_rand = e; break;
713 case ENGINE_TYPE_BN_MOD_EXP:
714 old = engine_def_bn_mod_exp;
715 engine_def_bn_mod_exp = e; break;
716 case ENGINE_TYPE_BN_MOD_EXP_CRT:
717 old = engine_def_bn_mod_exp_crt;
718 engine_def_bn_mod_exp_crt = e; break;
722 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
723 /* If we've replaced a previous value, then we need to remove the
724 * functional reference we had. */
725 if(old && !ENGINE_finish(old))
727 ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_TYPE,
728 ENGINE_R_FINISH_FAILED);
734 #ifndef OPENSSL_NO_RSA
735 int ENGINE_set_default_RSA(ENGINE *e)
737 return engine_set_default_type(ENGINE_TYPE_RSA, e);
741 #ifndef OPENSSL_NO_DSA
742 int ENGINE_set_default_DSA(ENGINE *e)
744 return engine_set_default_type(ENGINE_TYPE_DSA, e);
748 #ifndef OPENSSL_NO_DH
749 int ENGINE_set_default_DH(ENGINE *e)
751 return engine_set_default_type(ENGINE_TYPE_DH, e);
755 int ENGINE_set_default_RAND(ENGINE *e)
757 return engine_set_default_type(ENGINE_TYPE_RAND, e);
760 int ENGINE_set_default_BN_mod_exp(ENGINE *e)
762 return engine_set_default_type(ENGINE_TYPE_BN_MOD_EXP, e);
765 int ENGINE_set_default_BN_mod_exp_crt(ENGINE *e)
767 return engine_set_default_type(ENGINE_TYPE_BN_MOD_EXP_CRT, e);
770 int ENGINE_set_default(ENGINE *e, unsigned int flags)
772 #ifndef OPENSSL_NO_RSA
773 if((flags & ENGINE_METHOD_RSA) && e->rsa_meth &&
774 !ENGINE_set_default_RSA(e))
777 #ifndef OPENSSL_NO_DSA
778 if((flags & ENGINE_METHOD_DSA) && e->dsa_meth &&
779 !ENGINE_set_default_DSA(e))
782 #ifndef OPENSSL_NO_DH
783 if((flags & ENGINE_METHOD_DH) && e->dh_meth &&
784 !ENGINE_set_default_DH(e))
787 if((flags & ENGINE_METHOD_RAND) && e->rand_meth &&
788 !ENGINE_set_default_RAND(e))
790 if((flags & ENGINE_METHOD_BN_MOD_EXP) && e->bn_mod_exp &&
791 !ENGINE_set_default_BN_mod_exp(e))
793 if((flags & ENGINE_METHOD_BN_MOD_EXP_CRT) && e->bn_mod_exp_crt &&
794 !ENGINE_set_default_BN_mod_exp_crt(e))
799 int ENGINE_clear_defaults(void)
801 /* If the defaults haven't even been set yet, don't bother. Any kind of
802 * "cleanup" has a kind of implicit race-condition if another thread is
803 * trying to keep going, so we don't address that with locking. The
804 * first ENGINE_set_default_*** call will actually *create* a standard
805 * set of default ENGINEs (including init() and functional reference
806 * counts aplenty) before the rest of this function undoes them all. So
807 * save some hassle ... */
811 #ifndef OPENSSL_NO_RSA
812 !ENGINE_set_default_RSA(NULL) ||
814 #ifndef OPENSSL_NO_DSA
815 !ENGINE_set_default_DSA(NULL) ||
817 #ifndef OPENSSL_NO_DH
818 !ENGINE_set_default_DH(NULL) ||
820 !ENGINE_set_default_RAND(NULL) ||
821 !ENGINE_set_default_BN_mod_exp(NULL) ||
822 !ENGINE_set_default_BN_mod_exp_crt(NULL))