This change replaces the ENGINE's underlying mechanics with the new
authorGeoff Thorpe <geoff@openssl.org>
Tue, 25 Sep 2001 20:00:51 +0000 (20:00 +0000)
committerGeoff Thorpe <geoff@openssl.org>
Tue, 25 Sep 2001 20:00:51 +0000 (20:00 +0000)
ENGINE_TABLE-based stuff - as described in crypto/engine/README.

Associated miscellaneous changes;
 - the previous cipher/digest hooks that hardwired directly to EVP's
   OBJ_NAME-based storage have been backed out. New cipher/digest support
   has been constructed and will be committed shortly.
 - each implementation defines its own ENGINE_load_<name> function now.
 - the "openssl" ENGINE isn't needed or loaded any more.
 - core (not algorithm or class specific) ENGINE code has been split into
   multiple files to increase readability and decrease linker bloat.
 - ENGINE_cpy() has been removed as it wasn't really a good idea in the
   first place and now, because of registration issues, can't be
   meaningfully defined any more.
 - BN_MOD_EXP[_CRT] support is removed as per the README.
 - a bug in enginetest.c has been fixed.

NB: This commit almost certainly breaks compilation until subsequent
changes are committed.

25 files changed:
crypto/engine/Makefile.ssl
crypto/engine/eng_all.c
crypto/engine/eng_ctrl.c [new file with mode: 0644]
crypto/engine/eng_dyn.c
crypto/engine/eng_err.c
crypto/engine/eng_evp.c [deleted file]
crypto/engine/eng_fat.c [new file with mode: 0644]
crypto/engine/eng_init.c [new file with mode: 0644]
crypto/engine/eng_int.h
crypto/engine/eng_lib.c
crypto/engine/eng_list.c
crypto/engine/eng_openssl.c
crypto/engine/eng_pkey.c [new file with mode: 0644]
crypto/engine/eng_table.c [new file with mode: 0644]
crypto/engine/engine.h
crypto/engine/enginetest.c
crypto/engine/hw_atalla.c
crypto/engine/hw_cswift.c
crypto/engine/hw_ncipher.c
crypto/engine/hw_nuron.c
crypto/engine/hw_ubsec.c
crypto/engine/tb_dh.c [new file with mode: 0644]
crypto/engine/tb_dsa.c [new file with mode: 0644]
crypto/engine/tb_rand.c [new file with mode: 0644]
crypto/engine/tb_rsa.c [new file with mode: 0644]

index fe9ed206c2037beb8ce252c894ba911a952d5bef..95311d6e6016aea7dddb31eb13905c2fa3f6aa36 100644 (file)
@@ -23,12 +23,16 @@ TEST= enginetest.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC= eng_err.c eng_lib.c eng_list.c eng_all.c eng_openssl.c \
-       eng_dyn.c eng_evp.c \
+LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \
+       eng_table.c eng_pkey.c eng_fat.c eng_all.c \
+       tb_rsa.c tb_dsa.c tb_dh.c tb_rand.c \
+       eng_openssl.c eng_dyn.c \
        hw_atalla.c hw_cswift.c hw_ncipher.c hw_nuron.c hw_ubsec.c \
        hw_openbsd_dev_crypto.c
-LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_all.o eng_openssl.o \
-       eng_dyn.o eng_evp.o \
+LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \
+       eng_table.o eng_pkey.o eng_fat.o eng_all.o \
+       tb_rsa.o tb_dsa.o tb_dh.o tb_rand.o \
+       eng_openssl.o eng_dyn.o \
        hw_atalla.o hw_cswift.o hw_ncipher.o hw_nuron.o hw_ubsec.o \
        hw_openbsd_dev_crypto.o
 
@@ -95,6 +99,18 @@ eng_all.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
 eng_all.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 eng_all.o: ../../include/openssl/symhacks.h ../../include/openssl/types.h
 eng_all.o: ../../include/openssl/ui.h eng_all.c eng_int.h
+eng_ctrl.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_ctrl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_ctrl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_ctrl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_ctrl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_ctrl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_ctrl.o: ../../include/openssl/opensslconf.h
+eng_ctrl.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+eng_ctrl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+eng_ctrl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_ctrl.o: ../../include/openssl/types.h ../../include/openssl/ui.h
+eng_ctrl.o: ../cryptlib.h eng_ctrl.c eng_int.h
 eng_dyn.o: ../../e_os.h ../../include/openssl/asn1.h
 eng_dyn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 eng_dyn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -117,18 +133,29 @@ eng_err.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
 eng_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 eng_err.o: ../../include/openssl/symhacks.h ../../include/openssl/types.h
 eng_err.o: ../../include/openssl/ui.h eng_err.c
-eng_evp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-eng_evp.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-eng_evp.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-eng_evp.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
-eng_evp.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-eng_evp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-eng_evp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-eng_evp.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
-eng_evp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-eng_evp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-eng_evp.o: ../../include/openssl/types.h ../../include/openssl/ui.h eng_evp.c
-eng_evp.o: eng_int.h
+eng_fat.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_fat.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_fat.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_fat.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_fat.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_fat.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_fat.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+eng_fat.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_fat.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_fat.o: ../../include/openssl/symhacks.h ../../include/openssl/types.h
+eng_fat.o: ../../include/openssl/ui.h ../cryptlib.h eng_fat.c eng_int.h
+eng_init.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_init.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_init.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_init.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_init.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_init.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_init.o: ../../include/openssl/opensslconf.h
+eng_init.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+eng_init.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+eng_init.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_init.o: ../../include/openssl/types.h ../../include/openssl/ui.h
+eng_init.o: ../cryptlib.h eng_init.c eng_int.h
 eng_lib.o: ../../e_os.h ../../include/openssl/asn1.h
 eng_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 eng_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -165,6 +192,31 @@ eng_openssl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 eng_openssl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 eng_openssl.o: ../../include/openssl/types.h ../../include/openssl/ui.h
 eng_openssl.o: ../cryptlib.h eng_openssl.c
+eng_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_pkey.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_pkey.o: ../../include/openssl/opensslconf.h
+eng_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+eng_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+eng_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_pkey.o: ../../include/openssl/types.h ../../include/openssl/ui.h
+eng_pkey.o: ../cryptlib.h eng_int.h eng_pkey.c
+eng_table.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+eng_table.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+eng_table.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_table.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_table.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+eng_table.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+eng_table.o: ../../include/openssl/objects.h
+eng_table.o: ../../include/openssl/opensslconf.h
+eng_table.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+eng_table.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+eng_table.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_table.o: ../../include/openssl/types.h ../../include/openssl/ui.h eng_int.h
+eng_table.o: eng_table.c
 hw_atalla.o: ../../e_os.h ../../include/openssl/asn1.h
 hw_atalla.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 hw_atalla.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -231,3 +283,51 @@ hw_ubsec.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 hw_ubsec.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 hw_ubsec.o: ../../include/openssl/types.h ../../include/openssl/ui.h
 hw_ubsec.o: ../cryptlib.h hw_ubsec.c vendor_defns/hw_ubsec.h
+tb_dh.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+tb_dh.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+tb_dh.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+tb_dh.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+tb_dh.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+tb_dh.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tb_dh.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_dh.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+tb_dh.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+tb_dh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_dh.o: ../../include/openssl/types.h ../../include/openssl/ui.h eng_int.h
+tb_dh.o: tb_dh.c
+tb_dsa.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+tb_dsa.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+tb_dsa.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+tb_dsa.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+tb_dsa.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+tb_dsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tb_dsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_dsa.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+tb_dsa.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+tb_dsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_dsa.o: ../../include/openssl/types.h ../../include/openssl/ui.h eng_int.h
+tb_dsa.o: tb_dsa.c
+tb_rand.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+tb_rand.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+tb_rand.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+tb_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+tb_rand.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+tb_rand.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tb_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+tb_rand.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+tb_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_rand.o: ../../include/openssl/types.h ../../include/openssl/ui.h eng_int.h
+tb_rand.o: tb_rand.c
+tb_rsa.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+tb_rsa.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+tb_rsa.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+tb_rsa.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+tb_rsa.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+tb_rsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tb_rsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_rsa.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+tb_rsa.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+tb_rsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_rsa.o: ../../include/openssl/types.h ../../include/openssl/ui.h eng_int.h
+tb_rsa.o: tb_rsa.c
index 470256212cd655b8205a0123d47dc1d12422c5a6..7ebe25ca6c2cd6661c33eae03bf0c4d2bf1b2e4e 100644 (file)
 #include <openssl/engine.h>
 #include "eng_int.h"
 
-static int engine_add(ENGINE *e)
-       {
-       int toret = 1;
-       if (!ENGINE_by_id(ENGINE_get_id(e)))
-               {
-               (void)ERR_get_error();
-               toret = ENGINE_add(e);
-               }
-       ENGINE_free(e);
-       return toret;
-       }
-
-void ENGINE_load_cswift(void)
-       {
-#ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_CSWIFT
-       engine_add(ENGINE_cswift());
-#endif /* !OPENSSL_NO_HW_CSWIFT */
-#endif /* !OPENSSL_NO_HW */
-       }
-
-void ENGINE_load_chil(void)
-       {
-#ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_CSWIFT
-       engine_add(ENGINE_ncipher());
-#endif /* !OPENSSL_NO_HW_CSWIFT */
-#endif /* !OPENSSL_NO_HW */
-       }
-
-void ENGINE_load_atalla(void)
-       {
-#ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_CSWIFT
-       engine_add(ENGINE_atalla());
-#endif /* !OPENSSL_NO_HW_CSWIFT */
-#endif /* !OPENSSL_NO_HW */
-       }
-
-void ENGINE_load_nuron(void)
+void ENGINE_load_builtin_engines(void)
        {
+       /* There's no longer any need for an "openssl" ENGINE unless, one day,
+        * it is the *only* way for standard builtin implementations to be be
+        * accessed (ie. it would be possible to statically link binaries with
+        * *no* builtin implementations). */
+#if 0
+       ENGINE_load_openssl();
+#endif
+       ENGINE_load_dynamic();
 #ifndef OPENSSL_NO_HW
 #ifndef OPENSSL_NO_HW_CSWIFT
-       engine_add(ENGINE_nuron());
-#endif /* !OPENSSL_NO_HW_CSWIFT */
-#endif /* !OPENSSL_NO_HW */
-       }
-
-void ENGINE_load_ubsec(void)
-       {
-#ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_UBSEC
-       engine_add(ENGINE_ubsec());
-#endif /* !OPENSSL_NO_HW_UBSEC */
-#endif /* !OPENSSL_NO_HW */
-       }
-
-void ENGINE_load_openbsd_dev_crypto(void)
-       {
-#ifndef OPENSSL_NO_HW
-# ifdef OPENSSL_OPENBSD_DEV_CRYPTO
-       engine_add(ENGINE_openbsd_dev_crypto());
-# endif
-#endif /* !OPENSSL_NO_HW */
-       }
-
-void ENGINE_load_builtin_engines(void)
-       {
-       static int done=0;
-
-       if (done) return;
-       done=1;
-
        ENGINE_load_cswift();
+#endif
+#ifndef OPENSSL_NO_HW_NCIPHER
        ENGINE_load_chil();
+#endif
+#ifndef OPENSSL_NO_HW_ATALLA
        ENGINE_load_atalla();
+#endif
+#ifndef OPENSSL_NO_HW_NURON
        ENGINE_load_nuron();
+#endif
+#ifndef OPENSSL_NO_HW_UBSEC
        ENGINE_load_ubsec();
+#endif
+#ifdef OPENSSL_OPENBSD_DEV_CRYPTO
        ENGINE_load_openbsd_dev_crypto();
+#endif
+#endif
        }
diff --git a/crypto/engine/eng_ctrl.c b/crypto/engine/eng_ctrl.c
new file mode 100644 (file)
index 0000000..ad38583
--- /dev/null
@@ -0,0 +1,387 @@
+/* crypto/engine/eng_ctrl.c */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include "eng_int.h"
+#include <openssl/engine.h>
+
+/* When querying a ENGINE-specific control command's 'description', this string
+ * is used if the ENGINE_CMD_DEFN has cmd_desc set to NULL. */
+static const char *int_no_description = "";
+
+/* These internal functions handle 'CMD'-related control commands when the
+ * ENGINE in question has asked us to take care of it (ie. the ENGINE did not
+ * set the ENGINE_FLAGS_MANUAL_CMD_CTRL flag. */
+
+static int int_ctrl_cmd_is_null(const ENGINE_CMD_DEFN *defn)
+       {
+       if((defn->cmd_num == 0) || (defn->cmd_name == NULL))
+               return 1;
+       return 0;
+       }
+
+static int int_ctrl_cmd_by_name(const ENGINE_CMD_DEFN *defn, const char *s)
+       {
+       int idx = 0;
+       while(!int_ctrl_cmd_is_null(defn) && (strcmp(defn->cmd_name, s) != 0))
+               {
+               idx++;
+               defn++;
+               }
+       if(int_ctrl_cmd_is_null(defn))
+               /* The given name wasn't found */
+               return -1;
+       return idx;
+       }
+
+static int int_ctrl_cmd_by_num(const ENGINE_CMD_DEFN *defn, unsigned int num)
+       {
+       int idx = 0;
+       /* NB: It is stipulated that 'cmd_defn' lists are ordered by cmd_num. So
+        * our searches don't need to take any longer than necessary. */
+       while(!int_ctrl_cmd_is_null(defn) && (defn->cmd_num < num))
+               {
+               idx++;
+               defn++;
+               }
+       if(defn->cmd_num == num)
+               return idx;
+       /* The given cmd_num wasn't found */
+       return -1;
+       }
+
+static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, void (*f)())
+       {
+       int idx;
+       char *s = (char *)p;
+       /* Take care of the easy one first (eg. it requires no searches) */
+       if(cmd == ENGINE_CTRL_GET_FIRST_CMD_TYPE)
+               {
+               if((e->cmd_defns == NULL) || int_ctrl_cmd_is_null(e->cmd_defns))
+                       return 0;
+               return e->cmd_defns->cmd_num;
+               }
+       /* One or two commands require that "p" be a valid string buffer */
+       if((cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) ||
+                       (cmd == ENGINE_CTRL_GET_NAME_FROM_CMD) ||
+                       (cmd == ENGINE_CTRL_GET_DESC_FROM_CMD))
+               {
+               if(s == NULL)
+                       {
+                       ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
+                               ERR_R_PASSED_NULL_PARAMETER);
+                       return -1;
+                       }
+               }
+       /* Now handle cmd_name -> cmd_num conversion */
+       if(cmd == ENGINE_CTRL_GET_CMD_FROM_NAME)
+               {
+               if((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_name(
+                                               e->cmd_defns, s)) < 0))
+                       {
+                       ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
+                               ENGINE_R_INVALID_CMD_NAME);
+                       return -1;
+                       }
+               return e->cmd_defns[idx].cmd_num;
+               }
+       /* For the rest of the commands, the 'long' argument must specify a
+        * valie command number - so we need to conduct a search. */
+       if((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_num(e->cmd_defns,
+                                       (unsigned int)i)) < 0))
+               {
+               ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
+                       ENGINE_R_INVALID_CMD_NUMBER);
+               return -1;
+               }
+       /* Now the logic splits depending on command type */
+       switch(cmd)
+               {
+       case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
+               idx++;
+               if(int_ctrl_cmd_is_null(e->cmd_defns + idx))
+                       /* end-of-list */
+                       return 0;
+               else
+                       return e->cmd_defns[idx].cmd_num;
+       case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
+               return strlen(e->cmd_defns[idx].cmd_name);
+       case ENGINE_CTRL_GET_NAME_FROM_CMD:
+               return sprintf(s, "%s", e->cmd_defns[idx].cmd_name);
+       case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
+               if(e->cmd_defns[idx].cmd_desc)
+                       return strlen(e->cmd_defns[idx].cmd_desc);
+               return strlen(int_no_description);
+       case ENGINE_CTRL_GET_DESC_FROM_CMD:
+               if(e->cmd_defns[idx].cmd_desc)
+                       return sprintf(s, "%s", e->cmd_defns[idx].cmd_desc);
+               return sprintf(s, "%s", int_no_description);
+       case ENGINE_CTRL_GET_CMD_FLAGS:
+               return e->cmd_defns[idx].cmd_flags;
+               }
+       /* Shouldn't really be here ... */
+       ENGINEerr(ENGINE_F_INT_CTRL_HELPER,ENGINE_R_INTERNAL_LIST_ERROR);
+       return -1;
+       }
+
+int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+       {
+       int ctrl_exists, ref_exists;
+       if(e == NULL)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+               return 0;
+               }
+       CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+       ref_exists = ((e->struct_ref > 0) ? 1 : 0);
+       CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+       ctrl_exists = ((e->ctrl == NULL) ? 0 : 1);
+       if(!ref_exists)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_REFERENCE);
+               return 0;
+               }
+       /* Intercept any "root-level" commands before trying to hand them on to
+        * ctrl() handlers. */
+       switch(cmd)
+               {
+       case ENGINE_CTRL_HAS_CTRL_FUNCTION:
+               return ctrl_exists;
+       case ENGINE_CTRL_GET_FIRST_CMD_TYPE:
+       case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
+       case ENGINE_CTRL_GET_CMD_FROM_NAME:
+       case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
+       case ENGINE_CTRL_GET_NAME_FROM_CMD:
+       case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
+       case ENGINE_CTRL_GET_DESC_FROM_CMD:
+       case ENGINE_CTRL_GET_CMD_FLAGS:
+               if(ctrl_exists && !(e->flags & ENGINE_FLAGS_MANUAL_CMD_CTRL))
+                       return int_ctrl_helper(e,cmd,i,p,f);
+               if(!ctrl_exists)
+                       {
+                       ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION);
+                       /* For these cmd-related functions, failure is indicated
+                        * by a -1 return value (because 0 is used as a valid
+                        * return in some places). */
+                       return -1;
+                       }
+       default:
+               break;
+               }
+       /* Anything else requires a ctrl() handler to exist. */
+       if(!ctrl_exists)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION);
+               return 0;
+               }
+       return e->ctrl(e, cmd, i, p, f);
+       }
+
+int ENGINE_cmd_is_executable(ENGINE *e, int cmd)
+       {
+       int flags;
+       if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, cmd, NULL, NULL)) < 0)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE,
+                       ENGINE_R_INVALID_CMD_NUMBER);
+               return 0;
+               }
+       if(!(flags & ENGINE_CMD_FLAG_NO_INPUT) &&
+                       !(flags & ENGINE_CMD_FLAG_NUMERIC) &&
+                       !(flags & ENGINE_CMD_FLAG_STRING))
+               return 0;
+       return 1;
+       }
+
+int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
+        long i, void *p, void (*f)(), int cmd_optional)
+        {
+       int num;
+
+       if((e == NULL) || (cmd_name == NULL))
+               {
+               ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                       ERR_R_PASSED_NULL_PARAMETER);
+               return 0;
+               }
+       if((e->ctrl == NULL) || ((num = ENGINE_ctrl(e,
+                                       ENGINE_CTRL_GET_CMD_FROM_NAME,
+                                       0, (void *)cmd_name, NULL)) <= 0))
+               {
+               /* If the command didn't *have* to be supported, we fake
+                * success. This allows certain settings to be specified for
+                * multiple ENGINEs and only require a change of ENGINE id
+                * (without having to selectively apply settings). Eg. changing
+                * from a hardware device back to the regular software ENGINE
+                * without editing the config file, etc. */
+               if(cmd_optional)
+                       {
+                       ERR_clear_error();
+                       return 1;
+                       }
+               ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD,
+                       ENGINE_R_INVALID_CMD_NAME);
+               return 0;
+               }
+       /* Force the result of the control command to 0 or 1, for the reasons
+        * mentioned before. */
+        if (ENGINE_ctrl(e, num, i, p, f))
+                return 1;
+        return 0;
+        }
+
+int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
+                               int cmd_optional)
+       {
+       int num, flags;
+       long l;
+       char *ptr;
+       if((e == NULL) || (cmd_name == NULL))
+               {
+               ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                       ERR_R_PASSED_NULL_PARAMETER);
+               return 0;
+               }
+       if((e->ctrl == NULL) || ((num = ENGINE_ctrl(e,
+                                       ENGINE_CTRL_GET_CMD_FROM_NAME,
+                                       0, (void *)cmd_name, NULL)) <= 0))
+               {
+               /* If the command didn't *have* to be supported, we fake
+                * success. This allows certain settings to be specified for
+                * multiple ENGINEs and only require a change of ENGINE id
+                * (without having to selectively apply settings). Eg. changing
+                * from a hardware device back to the regular software ENGINE
+                * without editing the config file, etc. */
+               if(cmd_optional)
+                       {
+                       ERR_clear_error();
+                       return 1;
+                       }
+               ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                       ENGINE_R_INVALID_CMD_NAME);
+               return 0;
+               }
+       if(!ENGINE_cmd_is_executable(e, num))
+               {
+               ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                       ENGINE_R_CMD_NOT_EXECUTABLE);
+               return 0;
+               }
+       if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, NULL, NULL)) < 0)
+               {
+               /* Shouldn't happen, given that ENGINE_cmd_is_executable()
+                * returned success. */
+               ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                       ENGINE_R_INTERNAL_LIST_ERROR);
+               return 0;
+               }
+       /* If the command takes no input, there must be no input. And vice
+        * versa. */
+       if(flags & ENGINE_CMD_FLAG_NO_INPUT)
+               {
+               if(arg != NULL)
+                       {
+                       ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                               ENGINE_R_COMMAND_TAKES_NO_INPUT);
+                       return 0;
+                       }
+               /* We deliberately force the result of ENGINE_ctrl() to 0 or 1
+                * rather than returning it as "return data". This is to ensure
+                * usage of these commands is consistent across applications and
+                * that certain applications don't understand it one way, and
+                * others another. */
+               if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL))
+                       return 1;
+               return 0;
+               }
+       /* So, we require input */
+       if(arg == NULL)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                       ENGINE_R_COMMAND_TAKES_INPUT);
+               return 0;
+               }
+       /* If it takes string input, that's easy */
+       if(flags & ENGINE_CMD_FLAG_STRING)
+               {
+               /* Same explanation as above */
+               if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL))
+                       return 1;
+               return 0;
+               }
+       /* If it doesn't take numeric either, then it is unsupported for use in
+        * a config-setting situation, which is what this function is for. This
+        * should never happen though, because ENGINE_cmd_is_executable() was
+        * used. */
+       if(!(flags & ENGINE_CMD_FLAG_NUMERIC))
+               {
+               ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                       ENGINE_R_INTERNAL_LIST_ERROR);
+               return 0;
+               }
+       l = strtol(arg, &ptr, 10);
+       if((arg == ptr) || (*ptr != '\0'))
+               {
+               ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                       ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER);
+               return 0;
+               }
+       /* Force the result of the control command to 0 or 1, for the reasons
+        * mentioned before. */
+       if(ENGINE_ctrl(e, num, l, NULL, NULL))
+               return 1;
+       return 0;
+       }
index 561d58e5e417a648ec35182a34383ecc1026e922..8fd70786783fcb754433f229d2babb3a1f109b54 100644 (file)
@@ -236,9 +236,7 @@ static dynamic_data_ctx *dynamic_get_data_ctx(ENGINE *e)
        return ctx;
        }
 
-/* As this is only ever called once, there's no need for locking
- * (indeed - the lock will already be held by our caller!!!) */
-ENGINE *ENGINE_dynamic(void)
+static ENGINE *engine_dynamic(void)
        {
        ENGINE *ret = ENGINE_new();
        if(!ret)
@@ -257,6 +255,20 @@ ENGINE *ENGINE_dynamic(void)
        return ret;
        }
 
+void ENGINE_load_dynamic(void)
+       {
+       ENGINE *toadd = engine_dynamic();
+       if(!toadd) return;
+       ENGINE_add(toadd);
+       /* If the "add" worked, it gets a structural reference. So either way,
+        * we release our just-created reference. */
+       ENGINE_free(toadd);
+       /* If the "add" didn't work, it was probably a conflict because it was
+        * already added (eg. someone calling ENGINE_load_blah then calling
+        * ENGINE_load_builtin_engines() perhaps). */
+       ERR_clear_error();
+       }
+
 static int dynamic_init(ENGINE *e)
        {
        /* We always return failure - the "dyanamic" engine itself can't be used
index 5c602c079427adb49d6fa17af0edebd16519c91d..48b774344fca9b2f5f493b578b62e32dc0831d11 100644 (file)
@@ -1,6 +1,6 @@
 /* crypto/engine/eng_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -90,6 +90,7 @@ static ERR_STRING_DATA ENGINE_str_functs[]=
 {ERR_PACK(0,ENGINE_F_ENGINE_SET_DEFAULT_TYPE,0),       "ENGINE_SET_DEFAULT_TYPE"},
 {ERR_PACK(0,ENGINE_F_ENGINE_SET_ID,0), "ENGINE_set_id"},
 {ERR_PACK(0,ENGINE_F_ENGINE_SET_NAME,0),       "ENGINE_set_name"},
+{ERR_PACK(0,ENGINE_F_ENGINE_TABLE_REGISTER,0), "ENGINE_TABLE_REGISTER"},
 {ERR_PACK(0,ENGINE_F_ENGINE_UNLOAD_KEY,0),     "ENGINE_UNLOAD_KEY"},
 {ERR_PACK(0,ENGINE_F_INT_CTRL_HELPER,0),       "INT_CTRL_HELPER"},
 {ERR_PACK(0,ENGINE_F_LOG_MESSAGE,0),   "LOG_MESSAGE"},
diff --git a/crypto/engine/eng_evp.c b/crypto/engine/eng_evp.c
deleted file mode 100644 (file)
index d48ddcd..0000000
+++ /dev/null
@@ -1,112 +0,0 @@
-/* Written by Ben Laurie <ben@algroup.co.uk> August 2001 */
-/* ====================================================================
- * Copyright (c) 2000-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/engine.h>
-#include <openssl/evp.h>
-#include "eng_int.h"
-#include <string.h>
-
-int ENGINE_add_cipher(ENGINE *e,const EVP_CIPHER *c)
-    {
-    ENGINE_EVP_CIPHER *p;
-
-    p=OPENSSL_malloc(sizeof *p);
-    p->cipher=c;
-
-    if(!e->ciphers)
-       e->ciphers=sk_ENGINE_EVP_CIPHER_new_null();
-    sk_ENGINE_EVP_CIPHER_push(e->ciphers,p);
-
-    return 1;
-    }
-
-void ENGINE_free_engine_cipher(ENGINE_EVP_CIPHER *p)
-    { OPENSSL_free(p); }
-
-int ENGINE_cipher_num(const ENGINE *e)
-    { return sk_ENGINE_EVP_CIPHER_num(e->ciphers); }
-
-const EVP_CIPHER *ENGINE_get_cipher(const ENGINE *e, int n)
-    { return sk_ENGINE_EVP_CIPHER_value(e->ciphers, n)->cipher; }
-
-void ENGINE_load_ciphers()
-    {
-    ENGINE *e;
-
-    for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
-       ENGINE_load_engine_ciphers(e);
-    }
-       
-void ENGINE_load_engine_ciphers(ENGINE *e)
-    {
-    int n;
-
-    for(n=0 ; n < sk_ENGINE_EVP_CIPHER_num(e->ciphers) ; ++n)
-       EVP_add_cipher(sk_ENGINE_EVP_CIPHER_value(e->ciphers,n)->cipher);
-    }
-
-const EVP_CIPHER *ENGINE_get_cipher_by_name(ENGINE *e,const char *name)
-    {
-    int n;
-
-    for(n=0 ; n < ENGINE_cipher_num(e) ; ++n)
-       {
-       const EVP_CIPHER *c=ENGINE_get_cipher(e,n);
-
-       if(!strcmp(EVP_CIPHER_name(c),name))
-           return c;
-       }
-    return NULL;
-    }
diff --git a/crypto/engine/eng_fat.c b/crypto/engine/eng_fat.c
new file mode 100644 (file)
index 0000000..e99b52e
--- /dev/null
@@ -0,0 +1,102 @@
+/* crypto/engine/eng_fat.c */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include "eng_int.h"
+#include <openssl/engine.h>
+
+int ENGINE_set_default(ENGINE *e, unsigned int flags)
+       {
+#ifndef OPENSSL_NO_RSA
+       if((flags & ENGINE_METHOD_RSA) & !ENGINE_set_default_RSA(e))
+               return 0;
+#endif
+#ifndef OPENSSL_NO_DSA
+       if((flags & ENGINE_METHOD_DSA) & !ENGINE_set_default_DSA(e))
+               return 0;
+#endif
+#ifndef OPENSSL_NO_DH
+       if((flags & ENGINE_METHOD_DH) & !ENGINE_set_default_DH(e))
+               return 0;
+#endif
+       if((flags & ENGINE_METHOD_RAND) & !ENGINE_set_default_RAND(e))
+               return 0;
+       return 1;
+       }
+
+int ENGINE_register_complete(ENGINE *e)
+       {
+#ifndef OPENSSL_NO_RSA
+       ENGINE_register_RSA(e);
+#endif
+#ifndef OPENSSL_NO_DSA
+       ENGINE_register_DSA(e);
+#endif
+#ifndef OPENSSL_NO_DH
+       ENGINE_register_DH(e);
+#endif
+       ENGINE_register_RAND(e);
+       return 1;
+       }
+
+int ENGINE_register_all_complete(void)
+       {
+       ENGINE *e;
+
+       for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
+               ENGINE_register_complete(e);
+       return 1;
+       }
diff --git a/crypto/engine/eng_init.c b/crypto/engine/eng_init.c
new file mode 100644 (file)
index 0000000..98caa21
--- /dev/null
@@ -0,0 +1,157 @@
+/* crypto/engine/eng_init.c */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include "eng_int.h"
+#include <openssl/engine.h>
+
+/* Initialise a engine type for use (or up its functional reference count
+ * if it's already in use). This version is only used internally. */
+int engine_unlocked_init(ENGINE *e)
+       {
+       int to_return = 1;
+
+       if((e->funct_ref == 0) && e->init)
+               /* This is the first functional reference and the engine
+                * requires initialisation so we do it now. */
+               to_return = e->init(e);
+       if(to_return)
+               {
+               /* OK, we return a functional reference which is also a
+                * structural reference. */
+               e->struct_ref++;
+               e->funct_ref++;
+               engine_ref_debug(e, 0, 1)
+               engine_ref_debug(e, 1, 1)
+               }
+       return to_return;
+       }
+
+/* Free a functional reference to a engine type. This version is only used
+ * internally. */
+int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers)
+       {
+       int to_return = 1;
+
+       /* Reduce the functional reference count here so if it's the terminating
+        * case, we can release the lock safely and call the finish() handler
+        * without risk of a race. We get a race if we leave the count until
+        * after and something else is calling "finish" at the same time -
+        * there's a chance that both threads will together take the count from
+        * 2 to 0 without either calling finish(). */
+       e->funct_ref--;
+       engine_ref_debug(e, 1, -1)
+       if((e->funct_ref == 0) && e->finish)
+               {
+               if(unlock_for_handlers)
+                       CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+               to_return = e->finish(e);
+               if(unlock_for_handlers)
+                       CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+               if(!to_return)
+                       return 0;
+               }
+#ifdef REF_CHECK
+       if(e->funct_ref < 0)
+               {
+               fprintf(stderr,"ENGINE_finish, bad functional reference count\n");
+               abort();
+               }
+#endif
+       /* Release the structural reference too */
+       if(!engine_free_util(e, 0))
+               {
+               ENGINEerr(ENGINE_F_ENGINE_FINISH,ENGINE_R_FINISH_FAILED);
+               return 0;
+               }
+       return to_return;
+       }
+
+/* The API (locked) version of "init" */
+int ENGINE_init(ENGINE *e)
+       {
+       int ret;
+       if(e == NULL)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_INIT,ERR_R_PASSED_NULL_PARAMETER);
+               return 0;
+               }
+       CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+       ret = engine_unlocked_init(e);
+       CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+       return ret;
+       }
+
+/* The API (locked) version of "finish" */
+int ENGINE_finish(ENGINE *e)
+       {
+       int to_return = 1;
+
+       if(e == NULL)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_FINISH,ERR_R_PASSED_NULL_PARAMETER);
+               return 0;
+               }
+       CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+       to_return = engine_unlocked_finish(e, 1);
+       CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+       if(!to_return)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_FINISH,ENGINE_R_FINISH_FAILED);
+               return 0;
+               }
+       return to_return;
+       }
index 7c7532564e1007720ee25fed466f50de549e753d..e07da813b68d7385040c2038e65bf71e815a4bf7 100644 (file)
@@ -87,14 +87,43 @@ extern "C" {
 
 #endif
 
-typedef struct engine_evp_cipher_st
-       {
-       const EVP_CIPHER *cipher;
-       } ENGINE_EVP_CIPHER;
-
-DECLARE_STACK_OF(ENGINE_EVP_CIPHER)
+/* Any code that will need cleanup operations should use these functions to
+ * register callbacks. ENGINE_cleanup() will call all registered callbacks in
+ * order. NB: both the "add" functions assume CRYPTO_LOCK_ENGINE to already be
+ * held (in "write" mode). */
+typedef void (ENGINE_CLEANUP_CB)(void);
+DECLARE_STACK_OF(ENGINE_CLEANUP_CB)
+void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb);
+void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb);
+
+/* We need stacks of ENGINEs for use in eng_table.c */
+DECLARE_STACK_OF(ENGINE)
+
+/* If this symbol is defined then engine_table_select(), the function that is
+ * used by RSA, DSA (etc) code to select registered ENGINEs, cache defaults and
+ * functional references (etc), will display debugging summaries to stderr. */
+/* #define ENGINE_TABLE_DEBUG */
+
+/* This represents an implementation table. Dependent code should instantiate it
+ * as a (ENGINE_TABLE *) pointer value set initially to NULL. */
+typedef struct st_engine_table ENGINE_TABLE;
+int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
+               ENGINE *e, const int *nids, int num_nids, int setdefault);
+void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e);
+void engine_table_cleanup(ENGINE_TABLE **table);
+#ifndef ENGINE_TABLE_DEBUG
+ENGINE *engine_table_select(ENGINE_TABLE **table, int nid);
+#else
+ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, int l);
+#define engine_table_select(t,n) engine_table_select_tmp(t,n,__FILE__,__LINE__)
+#endif
 
-void ENGINE_free_engine_cipher(ENGINE_EVP_CIPHER *p);
+/* Internal versions of API functions that have control over locking. These are
+ * used between C files when functionality needs to be shared but the caller may
+ * already be controlling of the CRYPTO_LOCK_ENGINE lock. */
+int engine_unlocked_init(ENGINE *e);
+int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers);
+int engine_free_util(ENGINE *e, int locked);
 
 /* NB: Bitwise OR-able values for the "flags" variable in ENGINE are now exposed
  * in engine.h. */
@@ -110,17 +139,14 @@ struct engine_st
        const DH_METHOD *dh_meth;
        const RAND_METHOD *rand_meth;
 
-       BN_MOD_EXP bn_mod_exp;
-       BN_MOD_EXP_CRT bn_mod_exp_crt;
        ENGINE_GEN_INT_FUNC_PTR destroy;
+
        ENGINE_GEN_INT_FUNC_PTR init;
        ENGINE_GEN_INT_FUNC_PTR finish;
        ENGINE_CTRL_FUNC_PTR ctrl;
        ENGINE_LOAD_KEY_PTR load_privkey;
        ENGINE_LOAD_KEY_PTR load_pubkey;
 
-       STACK_OF(ENGINE_EVP_CIPHER) *ciphers;
-
        const ENGINE_CMD_DEFN *cmd_defns;
        int flags;
        /* reference count on the structure itself */
@@ -138,48 +164,6 @@ struct engine_st
        struct engine_st *next;
        };
 
-/* BUILT-IN ENGINES. (these functions are only ever called once and
- * do not return references - they are purely for bootstrapping). */
-
-/* Returns a structure of software only methods (the default). */
-ENGINE *ENGINE_openssl(void);
-
-/* Returns the "dynamic" ENGINE for loading entire ENGINE implementations from
- * shared libraries. */
-ENGINE *ENGINE_dynamic(void);
-
-#ifndef OPENSSL_NO_HW
-
-#ifndef OPENSSL_NO_HW_CSWIFT
-/* Returns a structure of cswift methods ... NB: This can exist and be
- * "used" even on non-cswift systems because the "init" will fail if the
- * card/library are not found. */
-ENGINE *ENGINE_cswift(void);
-#endif /* !OPENSSL_NO_HW_CSWIFT */
-
-#ifndef OPENSSL_NO_HW_NCIPHER
-ENGINE *ENGINE_ncipher(void);
-#endif /* !OPENSSL_NO_HW_NCIPHER */
-
-#ifndef OPENSSL_NO_HW_ATALLA
-/* Returns a structure of atalla methods. */
-ENGINE *ENGINE_atalla(void);
-#endif /* !OPENSSL_NO_HW_ATALLA */
-
-#ifndef OPENSSL_NO_HW_NURON
-ENGINE *ENGINE_nuron(void);
-#endif /* !OPENSSL_NO_HW_NURON */
-
-#ifndef OPENSSL_NO_HW_UBSEC
-ENGINE *ENGINE_ubsec(void);
-#endif /* !OPENSSL_NO_HW_UBSEC */
-
-#ifdef OPENSSL_OPENBSD_DEV_CRYPTO
-ENGINE *ENGINE_openbsd_dev_crypto(void);
-#endif
-
-#endif /* !OPENSSL_NO_HW */
-
 #ifdef  __cplusplus
 }
 #endif
index c215313cbbccd61a0f04d51dd82f38214ce52c19..6dabdfdb35c01691f3ed76b243975ba1ca760d00 100644 (file)
 #include <openssl/crypto.h>
 #include "cryptlib.h"
 #include "eng_int.h"
+#include <openssl/rand.h> /* FIXME: This shouldn't be needed */
 #include <openssl/engine.h>
 
-/* These pointers each have their own "functional reference" when they
- * are non-NULL. Similarly, when they are retrieved by a call to
- * ENGINE_get_default_[RSA|DSA|...] the returned pointer is also a
- * reference and the caller is responsible for freeing that when they
- * are finished with it (with a call to ENGINE_finish() *NOT* just
- * ENGINE_free()!!!!!!). */
-#ifndef OPENSSL_NO_RSA
-static ENGINE *engine_def_rsa = NULL;
-#endif
-#ifndef OPENSSL_NO_DSA
-static ENGINE *engine_def_dsa = NULL;
-#endif
-#ifndef OPENSSL_NO_DH
-static ENGINE *engine_def_dh = NULL;
-#endif
-static ENGINE *engine_def_rand = NULL;
-static ENGINE *engine_def_bn_mod_exp = NULL;
-static ENGINE *engine_def_bn_mod_exp_crt = NULL;
-/* A static "once-only" flag used to control if/when the above were
- * initialised to suitable start-up defaults. */
-static int engine_def_flag = 0;
-
-/* When querying a ENGINE-specific control command's 'description', this string
- * is used if the ENGINE_CMD_DEFN has cmd_desc set to NULL. */
-static const char *int_no_description = "";
+/* The "new"/"free" stuff first */
 
-/* This is used in certain static utility functions to save code
- * repetition for per-algorithm functions. */
-typedef enum {
-       ENGINE_TYPE_RSA,
-       ENGINE_TYPE_DSA,
-       ENGINE_TYPE_DH,
-       ENGINE_TYPE_RAND,
-       ENGINE_TYPE_BN_MOD_EXP,
-       ENGINE_TYPE_BN_MOD_EXP_CRT
-       } ENGINE_TYPE;
-
-static void engine_def_check_util(ENGINE **def, ENGINE *val)
+ENGINE *ENGINE_new(void)
        {
-       *def = val;
-       val->struct_ref++;
-       val->funct_ref++;
-       engine_ref_debug(val, 0, 1)
-       engine_ref_debug(val, 1, 1)
-       }
+       ENGINE *ret;
 
-/* In a slight break with convention - this static function must be
- * called *outside* any locking of CRYPTO_LOCK_ENGINE. */
-static void engine_def_check(void)
-       {
-       ENGINE *e;
-       if(engine_def_flag)
-               return;
-       e = ENGINE_get_first();
-       if(e == NULL)
-               /* The list is empty ... not much we can do! */
-               return;
-       /* We have a structural reference, see if getting a functional
-        * reference is possible. This is done to cope with init errors
-        * in the engine - the following locked code does a bunch of
-        * manual "ENGINE_init"s which do *not* allow such an init
-        * error so this is worth doing. */
-       if(ENGINE_init(e))
+       ret = (ENGINE *)OPENSSL_malloc(sizeof(ENGINE));
+       if(ret == NULL)
                {
-               CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-               /* Doing another check here prevents an obvious race
-                * condition because the whole function itself cannot
-                * be locked. */
-               if(engine_def_flag)
-                       goto skip_set_defaults;
-               /* OK, we got a functional reference, so we get one each
-                * for the defaults too. */
-#ifndef OPENSSL_NO_RSA
-               engine_def_check_util(&engine_def_rsa, e);
-#endif
-#ifndef OPENSSL_NO_DSA
-               engine_def_check_util(&engine_def_dsa, e);
-#endif
-#ifndef OPENSSL_NO_DH
-               engine_def_check_util(&engine_def_dh, e);
-#endif
-               engine_def_check_util(&engine_def_rand, e);
-               engine_def_check_util(&engine_def_bn_mod_exp, e);
-               engine_def_check_util(&engine_def_bn_mod_exp_crt, e);
-               engine_def_flag = 1;
-skip_set_defaults:
-               CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-               /* The "if" needs to be balanced out. */
-               ENGINE_finish(e);
+               ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE);
+               return NULL;
                }
-       /* We need to balance out the fact we obtained a structural
-        * reference to begin with from ENGINE_get_first(). */
-       ENGINE_free(e);
-       }
-
-/* Initialise a engine type for use (or up its functional reference count
- * if it's already in use). */
-int ENGINE_init(ENGINE *e)
-       {
-       int to_return = 1;
-
-       if(e == NULL)
-               {
-               ENGINEerr(ENGINE_F_ENGINE_INIT,ERR_R_PASSED_NULL_PARAMETER);
-               return 0;
-               }
-       CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-       if((e->funct_ref == 0) && e->init)
-               /* This is the first functional reference and the engine
-                * requires initialisation so we do it now. */
-               to_return = e->init(e);
-       if(to_return)
-               {
-               /* OK, we return a functional reference which is also a
-                * structural reference. */
-               e->struct_ref++;
-               e->funct_ref++;
-               engine_ref_debug(e, 0, 1)
-               engine_ref_debug(e, 1, 1)
-               }
-       CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-       return to_return;
+       memset(ret, 0, sizeof(ENGINE));
+       ret->struct_ref = 1;
+       engine_ref_debug(ret, 0, 1)
+       CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data);
+       return ret;
        }
 
-/* Free a functional reference to a engine type */
-int ENGINE_finish(ENGINE *e)
+int engine_free_util(ENGINE *e, int locked)
        {
-       int to_return = 1;
+       int i;
 
        if(e == NULL)
                {
-               ENGINEerr(ENGINE_F_ENGINE_FINISH,ERR_R_PASSED_NULL_PARAMETER);
+               ENGINEerr(ENGINE_F_ENGINE_FREE,
+                       ERR_R_PASSED_NULL_PARAMETER);
                return 0;
                }
-       CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-       /* Reduce the functional reference count here so if it's the terminating
-        * case, we can release the lock safely and call the finish() handler
-        * without risk of a race. We get a race if we leave the count until
-        * after and something else is calling "finish" at the same time -
-        * there's a chance that both threads will together take the count from
-        * 2 to 0 without either calling finish(). */
-       e->funct_ref--;
-       engine_ref_debug(e, 1, -1)
-       if((e->funct_ref == 0) && e->finish)
-               {
-               CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-               if(!(to_return = e->finish(e)))
-                       {
-                       ENGINEerr(ENGINE_F_ENGINE_FINISH,ENGINE_R_FINISH_FAILED);
-                       return 0;
-                       }
-               }
+       if(locked)
+               i = CRYPTO_add(&e->struct_ref,-1,CRYPTO_LOCK_ENGINE);
        else
-               CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+               i = --e->struct_ref;
+       engine_ref_debug(e, 0, -1)
+       if (i > 0) return 1;
 #ifdef REF_CHECK
-       if(e->funct_ref < 0)
+       if (i < 0)
                {
-               fprintf(stderr,"ENGINE_finish, bad functional reference count\n");
+               fprintf(stderr,"ENGINE_free, bad structural reference count\n");
                abort();
                }
 #endif
-       /* Release the structural reference too */
-       if(!ENGINE_free(e))
-               {
-               ENGINEerr(ENGINE_F_ENGINE_FINISH,ENGINE_R_FINISH_FAILED);
-               return 0;
-               }
-       return to_return;
+       /* Give the ENGINE a chance to do any structural cleanup corresponding
+        * to allocation it did in its constructor (eg. unload error strings) */
+       if(e->destroy)
+               e->destroy(e);
+       CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data);
+       OPENSSL_free(e);
+       return 1;
        }
 
-EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
-       UI_METHOD *ui_method, void *callback_data)
+int ENGINE_free(ENGINE *e)
        {
-       EVP_PKEY *pkey;
-
-       if(e == NULL)
-               {
-               ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
-                       ERR_R_PASSED_NULL_PARAMETER);
-               return 0;
-               }
-       CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-       if(e->funct_ref == 0)
-               {
-               CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-               ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
-                       ENGINE_R_NOT_INITIALISED);
-               return 0;
-               }
-       CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-       if (!e->load_privkey)
-               {
-               ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
-                       ENGINE_R_NO_LOAD_FUNCTION);
-               return 0;
-               }
-       pkey = e->load_privkey(e, key_id, ui_method, callback_data);
-       if (!pkey)
-               {
-               ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
-                       ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
-               return 0;
-               }
-       return pkey;
+       return engine_free_util(e, 1);
        }
 
-EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
-       UI_METHOD *ui_method, void *callback_data)
-       {
-       EVP_PKEY *pkey;
+/* Cleanup stuff */
 
-       if(e == NULL)
-               {
-               ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
-                       ERR_R_PASSED_NULL_PARAMETER);
-               return 0;
-               }
-       CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-       if(e->funct_ref == 0)
-               {
-               CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-               ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
-                       ENGINE_R_NOT_INITIALISED);
-               return 0;
-               }
-       CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-       if (!e->load_pubkey)
-               {
-               ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
-                       ENGINE_R_NO_LOAD_FUNCTION);
-               return 0;
-               }
-       pkey = e->load_pubkey(e, key_id, ui_method, callback_data);
-       if (!pkey)
-               {
-               ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
-                       ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
-               return 0;
-               }
-       return pkey;
-       }
-
-/* These internal functions handle 'CMD'-related control commands when the
- * ENGINE in question has asked us to take care of it (ie. the ENGINE did not
- * set the ENGINE_FLAGS_MANUAL_CMD_CTRL flag. */
-
-static int int_ctrl_cmd_is_null(const ENGINE_CMD_DEFN *defn)
+/* ENGINE_cleanup() is coded such that anything that does work that will need
+ * cleanup can register a "cleanup" callback here. That way we don't get linker
+ * bloat by referring to all *possible* cleanups, but any linker bloat into code
+ * "X" will cause X's cleanup function to end up here. */
+static STACK_OF(ENGINE_CLEANUP_CB) *cleanup_stack = NULL;
+static int int_cleanup_check(int create)
        {
-       if((defn->cmd_num == 0) || (defn->cmd_name == NULL))
-               return 1;
-       return 0;
+       if(cleanup_stack) return 1;
+       if(!create) return 0;
+       cleanup_stack = sk_ENGINE_CLEANUP_CB_new_null();
+       return (cleanup_stack ? 1 : 0);
        }
-
-static int int_ctrl_cmd_by_name(const ENGINE_CMD_DEFN *defn, const char *s)
+void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb)
        {
-       int idx = 0;
-       while(!int_ctrl_cmd_is_null(defn) && (strcmp(defn->cmd_name, s) != 0))
-               {
-               idx++;
-               defn++;
-               }
-       if(int_ctrl_cmd_is_null(defn))
-               /* The given name wasn't found */
-               return -1;
-       return idx;
+       if(!int_cleanup_check(1)) return;
+       sk_ENGINE_CLEANUP_CB_insert(cleanup_stack, cb, 0);
        }
-
-static int int_ctrl_cmd_by_num(const ENGINE_CMD_DEFN *defn, unsigned int num)
+void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb)
        {
-       int idx = 0;
-       /* NB: It is stipulated that 'cmd_defn' lists are ordered by cmd_num. So
-        * our searches don't need to take any longer than necessary. */
-       while(!int_ctrl_cmd_is_null(defn) && (defn->cmd_num < num))
-               {
-               idx++;
-               defn++;
-               }
-       if(defn->cmd_num == num)
-               return idx;
-       /* The given cmd_num wasn't found */
-       return -1;
+       if(!int_cleanup_check(1)) return;
+       sk_ENGINE_CLEANUP_CB_push(cleanup_stack, cb);
        }
-
-static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, void (*f)())
+/* The API function that performs all cleanup */
+void ENGINE_cleanup(void)
        {
-       int idx;
-       char *s = (char *)p;
-       /* Take care of the easy one first (eg. it requires no searches) */
-       if(cmd == ENGINE_CTRL_GET_FIRST_CMD_TYPE)
-               {
-               if((e->cmd_defns == NULL) || int_ctrl_cmd_is_null(e->cmd_defns))
-                       return 0;
-               return e->cmd_defns->cmd_num;
-               }
-       /* One or two commands require that "p" be a valid string buffer */
-       if((cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) ||
-                       (cmd == ENGINE_CTRL_GET_NAME_FROM_CMD) ||
-                       (cmd == ENGINE_CTRL_GET_DESC_FROM_CMD))
+       if(int_cleanup_check(0))
                {
-               if(s == NULL)
+               int loop = 0, num = sk_ENGINE_CLEANUP_CB_num(cleanup_stack);
+               while(loop < num)
                        {
-                       ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
-                               ERR_R_PASSED_NULL_PARAMETER);
-                       return -1;
+                       ENGINE_CLEANUP_CB *cb = sk_ENGINE_CLEANUP_CB_value(
+                                       cleanup_stack, loop++);
+                       (*cb)();
                        }
+               sk_ENGINE_CLEANUP_CB_free(cleanup_stack);
+               cleanup_stack = NULL;
                }
-       /* Now handle cmd_name -> cmd_num conversion */
-       if(cmd == ENGINE_CTRL_GET_CMD_FROM_NAME)
-               {
-               if((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_name(
-                                               e->cmd_defns, s)) < 0))
-                       {
-                       ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
-                               ENGINE_R_INVALID_CMD_NAME);
-                       return -1;
-                       }
-               return e->cmd_defns[idx].cmd_num;
-               }
-       /* For the rest of the commands, the 'long' argument must specify a
-        * valie command number - so we need to conduct a search. */
-       if((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_num(e->cmd_defns,
-                                       (unsigned int)i)) < 0))
-               {
-               ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
-                       ENGINE_R_INVALID_CMD_NUMBER);
-               return -1;
-               }
-       /* Now the logic splits depending on command type */
-       switch(cmd)
-               {
-       case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
-               idx++;
-               if(int_ctrl_cmd_is_null(e->cmd_defns + idx))
-                       /* end-of-list */
-                       return 0;
-               else
-                       return e->cmd_defns[idx].cmd_num;
-       case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
-               return strlen(e->cmd_defns[idx].cmd_name);
-       case ENGINE_CTRL_GET_NAME_FROM_CMD:
-               return sprintf(s, "%s", e->cmd_defns[idx].cmd_name);
-       case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
-               if(e->cmd_defns[idx].cmd_desc)
-                       return strlen(e->cmd_defns[idx].cmd_desc);
-               return strlen(int_no_description);
-       case ENGINE_CTRL_GET_DESC_FROM_CMD:
-               if(e->cmd_defns[idx].cmd_desc)
-                       return sprintf(s, "%s", e->cmd_defns[idx].cmd_desc);
-               return sprintf(s, "%s", int_no_description);
-       case ENGINE_CTRL_GET_CMD_FLAGS:
-               return e->cmd_defns[idx].cmd_flags;
-               }
-       /* Shouldn't really be here ... */
-       ENGINEerr(ENGINE_F_INT_CTRL_HELPER,ENGINE_R_INTERNAL_LIST_ERROR);
-       return -1;
+       /* FIXME: This should be handled (somehow) through RAND, eg. by it
+        * registering a cleanup callback. */
+       RAND_set_rand_method(NULL);
        }
 
-int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+/* Now the "ex_data" support */
+
+int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+               CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
        {
-       int ctrl_exists, ref_exists;
-       if(e == NULL)
-               {
-               ENGINEerr(ENGINE_F_ENGINE_CTRL,ERR_R_PASSED_NULL_PARAMETER);
-               return 0;
-               }
-       CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-       ref_exists = ((e->struct_ref > 0) ? 1 : 0);
-       CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-       ctrl_exists = ((e->ctrl == NULL) ? 0 : 1);
-       if(!ref_exists)
-               {
-               ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_REFERENCE);
-               return 0;
-               }
-       /* Intercept any "root-level" commands before trying to hand them on to
-        * ctrl() handlers. */
-       switch(cmd)
-               {
-       case ENGINE_CTRL_HAS_CTRL_FUNCTION:
-               return ctrl_exists;
-       case ENGINE_CTRL_GET_FIRST_CMD_TYPE:
-       case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
-       case ENGINE_CTRL_GET_CMD_FROM_NAME:
-       case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
-       case ENGINE_CTRL_GET_NAME_FROM_CMD:
-       case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
-       case ENGINE_CTRL_GET_DESC_FROM_CMD:
-       case ENGINE_CTRL_GET_CMD_FLAGS:
-               if(ctrl_exists && !(e->flags & ENGINE_FLAGS_MANUAL_CMD_CTRL))
-                       return int_ctrl_helper(e,cmd,i,p,f);
-               if(!ctrl_exists)
-                       {
-                       ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION);
-                       /* For these cmd-related functions, failure is indicated
-                        * by a -1 return value (because 0 is used as a valid
-                        * return in some places). */
-                       return -1;
-                       }
-       default:
-               break;
-               }
-       /* Anything else requires a ctrl() handler to exist. */
-       if(!ctrl_exists)
-               {
-               ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION);
-               return 0;
-               }
-       return e->ctrl(e, cmd, i, p, f);
+       return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, argl, argp,
+                       new_func, dup_func, free_func);
        }
 
-int ENGINE_cmd_is_executable(ENGINE *e, int cmd)
+int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg)
        {
-       int flags;
-       if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, cmd, NULL, NULL)) < 0)
-               {
-               ENGINEerr(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE,
-                       ENGINE_R_INVALID_CMD_NUMBER);
-               return 0;
-               }
-       if(!(flags & ENGINE_CMD_FLAG_NO_INPUT) &&
-                       !(flags & ENGINE_CMD_FLAG_NUMERIC) &&
-                       !(flags & ENGINE_CMD_FLAG_STRING))
-               return 0;
-       return 1;
+       return(CRYPTO_set_ex_data(&e->ex_data, idx, arg));
        }
 
-int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
-        long i, void *p, void (*f)(), int cmd_optional)
-        {
-       int num;
+void *ENGINE_get_ex_data(const ENGINE *e, int idx)
+       {
+       return(CRYPTO_get_ex_data(&e->ex_data, idx));
+       }
 
-       if((e == NULL) || (cmd_name == NULL))
-               {
-               ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-                       ERR_R_PASSED_NULL_PARAMETER);
-               return 0;
-               }
-       if((e->ctrl == NULL) || ((num = ENGINE_ctrl(e,
-                                       ENGINE_CTRL_GET_CMD_FROM_NAME,
-                                       0, (void *)cmd_name, NULL)) <= 0))
-               {
-               /* If the command didn't *have* to be supported, we fake
-                * success. This allows certain settings to be specified for
-                * multiple ENGINEs and only require a change of ENGINE id
-                * (without having to selectively apply settings). Eg. changing
-                * from a hardware device back to the regular software ENGINE
-                * without editing the config file, etc. */
-               if(cmd_optional)
-                       {
-                       ERR_clear_error();
-                       return 1;
-                       }
-               ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD,
-                       ENGINE_R_INVALID_CMD_NAME);
-               return 0;
-               }
-       /* Force the result of the control command to 0 or 1, for the reasons
-        * mentioned before. */
-        if (ENGINE_ctrl(e, num, i, p, f))
-                return 1;
-        return 0;
-        }
+/* Functions to get/set an ENGINE's elements - mainly to avoid exposing the
+ * ENGINE structure itself. */
 
-int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
-                               int cmd_optional)
+int ENGINE_set_id(ENGINE *e, const char *id)
        {
-       int num, flags;
-       long l;
-       char *ptr;
-       if((e == NULL) || (cmd_name == NULL))
+       if(id == NULL)
                {
-               ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+               ENGINEerr(ENGINE_F_ENGINE_SET_ID,
                        ERR_R_PASSED_NULL_PARAMETER);
                return 0;
                }
-       if((e->ctrl == NULL) || ((num = ENGINE_ctrl(e,
-                                       ENGINE_CTRL_GET_CMD_FROM_NAME,
-                                       0, (void *)cmd_name, NULL)) <= 0))
-               {
-               /* If the command didn't *have* to be supported, we fake
-                * success. This allows certain settings to be specified for
-                * multiple ENGINEs and only require a change of ENGINE id
-                * (without having to selectively apply settings). Eg. changing
-                * from a hardware device back to the regular software ENGINE
-                * without editing the config file, etc. */
-               if(cmd_optional)
-                       {
-                       ERR_clear_error();
-                       return 1;
-                       }
-               ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-                       ENGINE_R_INVALID_CMD_NAME);
-               return 0;
-               }
-       if(!ENGINE_cmd_is_executable(e, num))
-               {
-               ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-                       ENGINE_R_CMD_NOT_EXECUTABLE);
-               return 0;
-               }
-       if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, NULL, NULL)) < 0)
-               {
-               /* Shouldn't happen, given that ENGINE_cmd_is_executable()
-                * returned success. */
-               ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-                       ENGINE_R_INTERNAL_LIST_ERROR);
-               return 0;
-               }
-       /* If the command takes no input, there must be no input. And vice
-        * versa. */
-       if(flags & ENGINE_CMD_FLAG_NO_INPUT)
-               {
-               if(arg != NULL)
-                       {
-                       ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-                               ENGINE_R_COMMAND_TAKES_NO_INPUT);
-                       return 0;
-                       }
-               /* We deliberately force the result of ENGINE_ctrl() to 0 or 1
-                * rather than returning it as "return data". This is to ensure
-                * usage of these commands is consistent across applications and
-                * that certain applications don't understand it one way, and
-                * others another. */
-               if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL))
-                       return 1;
-               return 0;
-               }
-       /* So, we require input */
-       if(arg == NULL)
-               {
-               ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-                       ENGINE_R_COMMAND_TAKES_INPUT);
-               return 0;
-               }
-       /* If it takes string input, that's easy */
-       if(flags & ENGINE_CMD_FLAG_STRING)
-               {
-               /* Same explanation as above */
-               if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL))
-                       return 1;
-               return 0;
-               }
-       /* If it doesn't take numeric either, then it is unsupported for use in
-        * a config-setting situation, which is what this function is for. This
-        * should never happen though, because ENGINE_cmd_is_executable() was
-        * used. */
-       if(!(flags & ENGINE_CMD_FLAG_NUMERIC))
-               {
-               ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-                       ENGINE_R_INTERNAL_LIST_ERROR);
-               return 0;
-               }
-       l = strtol(arg, &ptr, 10);
-       if((arg == ptr) || (*ptr != '\0'))
-               {
-               ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-                       ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER);
-               return 0;
-               }
-       /* Force the result of the control command to 0 or 1, for the reasons
-        * mentioned before. */
-       if(ENGINE_ctrl(e, num, l, NULL, NULL))
-               return 1;
-       return 0;
+       e->id = id;
+       return 1;
        }
 
-static ENGINE *engine_get_default_type(ENGINE_TYPE t)
+int ENGINE_set_name(ENGINE *e, const char *name)
        {
-       ENGINE *ret = NULL;
-
-       /* engine_def_check is lean and mean and won't replace any
-        * prior default engines ... so we must ensure that it is always
-        * the first function to get to touch the default values. */
-       engine_def_check();
-       CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-       switch(t)
-               {
-#ifndef OPENSSL_NO_RSA
-       case ENGINE_TYPE_RSA:
-               ret = engine_def_rsa; break;
-#endif
-#ifndef OPENSSL_NO_DSA
-       case ENGINE_TYPE_DSA:
-               ret = engine_def_dsa; break;
-#endif
-#ifndef OPENSSL_NO_DH
-       case ENGINE_TYPE_DH:
-               ret = engine_def_dh; break;
-#endif
-       case ENGINE_TYPE_RAND:
-               ret = engine_def_rand; break;
-       case ENGINE_TYPE_BN_MOD_EXP:
-               ret = engine_def_bn_mod_exp; break;
-       case ENGINE_TYPE_BN_MOD_EXP_CRT:
-               ret = engine_def_bn_mod_exp_crt; break;
-       default:
-               break;
-               }
-       /* Unforunately we can't do this work outside the lock with a
-        * call to ENGINE_init() because that would leave a race
-        * condition open. */
-       if(ret)
+       if(name == NULL)
                {
-               ret->struct_ref++;
-               ret->funct_ref++;
-               engine_ref_debug(ret, 0, 1)
-               engine_ref_debug(ret, 1, 1)
+               ENGINEerr(ENGINE_F_ENGINE_SET_NAME,
+                       ERR_R_PASSED_NULL_PARAMETER);
+               return 0;
                }
-       CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-       return ret;
-       }
-
-#ifndef OPENSSL_NO_RSA
-ENGINE *ENGINE_get_default_RSA(void)
-       {
-       return engine_get_default_type(ENGINE_TYPE_RSA);
+       e->name = name;
+       return 1;
        }
-#endif
 
-#ifndef OPENSSL_NO_DSA
-ENGINE *ENGINE_get_default_DSA(void)
+int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f)
        {
-       return engine_get_default_type(ENGINE_TYPE_DSA);
+       e->destroy = destroy_f;
+       return 1;
        }
-#endif
 
-#ifndef OPENSSL_NO_DH
-ENGINE *ENGINE_get_default_DH(void)
+int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f)
        {
-       return engine_get_default_type(ENGINE_TYPE_DH);
+       e->init = init_f;
+       return 1;
        }
-#endif
 
-ENGINE *ENGINE_get_default_RAND(void)
+int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f)
        {
-       return engine_get_default_type(ENGINE_TYPE_RAND);
+       e->finish = finish_f;
+       return 1;
        }
 
-ENGINE *ENGINE_get_default_BN_mod_exp(void)
+int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f)
        {
-       return engine_get_default_type(ENGINE_TYPE_BN_MOD_EXP);
+       e->ctrl = ctrl_f;
+       return 1;
        }
 
-ENGINE *ENGINE_get_default_BN_mod_exp_crt(void)
+int ENGINE_set_flags(ENGINE *e, int flags)
        {
-       return engine_get_default_type(ENGINE_TYPE_BN_MOD_EXP_CRT);
+       e->flags = flags;
+       return 1;
        }
 
-static int engine_set_default_type(ENGINE_TYPE t, ENGINE *e)
+int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns)
        {
-       ENGINE *old = NULL;
-
-       /* engine_def_check is lean and mean and won't replace any
-        * prior default engines ... so we must ensure that it is always
-        * the first function to get to touch the default values. */
-       engine_def_check();
-       /* Attempt to get a functional reference (we need one anyway, but
-        * also, 'e' may be just a structural reference being passed in so
-        * this call may actually be the first). */
-       if(e && !ENGINE_init(e))
-               {
-               ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_TYPE,
-                       ENGINE_R_INIT_FAILED);
-               return 0;
-               }
-       CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-       switch(t)
-               {
-#ifndef OPENSSL_NO_RSA
-       case ENGINE_TYPE_RSA:
-               old = engine_def_rsa;
-               engine_def_rsa = e; break;
-#endif
-#ifndef OPENSSL_NO_DSA
-       case ENGINE_TYPE_DSA:
-               old = engine_def_dsa;
-               engine_def_dsa = e; break;
-#endif
-#ifndef OPENSSL_NO_DH
-       case ENGINE_TYPE_DH:
-               old = engine_def_dh;
-               engine_def_dh = e; break;
-#endif
-       case ENGINE_TYPE_RAND:
-               old = engine_def_rand;
-               engine_def_rand = e; break;
-       case ENGINE_TYPE_BN_MOD_EXP:
-               old = engine_def_bn_mod_exp;
-               engine_def_bn_mod_exp = e; break;
-       case ENGINE_TYPE_BN_MOD_EXP_CRT:
-               old = engine_def_bn_mod_exp_crt;
-               engine_def_bn_mod_exp_crt = e; break;
-       default:
-               break;
-               }
-       CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-       /* If we've replaced a previous value, then we need to remove the
-        * functional reference we had. */
-       if(old && !ENGINE_finish(old))
-               {
-               ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_TYPE,
-                       ENGINE_R_FINISH_FAILED);
-               return 0;
-               }
+       e->cmd_defns = defns;
        return 1;
        }
 
-#ifndef OPENSSL_NO_RSA
-int ENGINE_set_default_RSA(ENGINE *e)
+const char *ENGINE_get_id(const ENGINE *e)
        {
-       return engine_set_default_type(ENGINE_TYPE_RSA, e);
+       return e->id;
        }
-#endif
 
-#ifndef OPENSSL_NO_DSA
-int ENGINE_set_default_DSA(ENGINE *e)
+const char *ENGINE_get_name(const ENGINE *e)
        {
-       return engine_set_default_type(ENGINE_TYPE_DSA, e);
+       return e->name;
        }
-#endif
 
-#ifndef OPENSSL_NO_DH
-int ENGINE_set_default_DH(ENGINE *e)
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e)
        {
-       return engine_set_default_type(ENGINE_TYPE_DH, e);
+       return e->destroy;
        }
-#endif
 
-int ENGINE_set_default_RAND(ENGINE *e)
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e)
        {
-       return engine_set_default_type(ENGINE_TYPE_RAND, e);
+       return e->init;
        }
 
-int ENGINE_set_default_BN_mod_exp(ENGINE *e)
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e)
        {
-       return engine_set_default_type(ENGINE_TYPE_BN_MOD_EXP, e);
+       return e->finish;
        }
 
-int ENGINE_set_default_BN_mod_exp_crt(ENGINE *e)
+ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e)
        {
-       return engine_set_default_type(ENGINE_TYPE_BN_MOD_EXP_CRT, e);
+       return e->ctrl;
        }
 
-int ENGINE_set_default(ENGINE *e, unsigned int flags)
+int ENGINE_get_flags(const ENGINE *e)
        {
-#ifndef OPENSSL_NO_RSA
-       if((flags & ENGINE_METHOD_RSA) && e->rsa_meth &&
-                       !ENGINE_set_default_RSA(e))
-               return 0;
-#endif
-#ifndef OPENSSL_NO_DSA
-       if((flags & ENGINE_METHOD_DSA) && e->dsa_meth &&
-                       !ENGINE_set_default_DSA(e))
-               return 0;
-#endif
-#ifndef OPENSSL_NO_DH
-       if((flags & ENGINE_METHOD_DH) && e->dh_meth &&
-                       !ENGINE_set_default_DH(e))
-               return 0;
-#endif
-       if((flags & ENGINE_METHOD_RAND) && e->rand_meth &&
-                       !ENGINE_set_default_RAND(e))
-               return 0;
-       if((flags & ENGINE_METHOD_BN_MOD_EXP) && e->bn_mod_exp &&
-                       !ENGINE_set_default_BN_mod_exp(e))
-               return 0;
-       if((flags & ENGINE_METHOD_BN_MOD_EXP_CRT) && e->bn_mod_exp_crt &&
-                       !ENGINE_set_default_BN_mod_exp_crt(e))
-               return 0;
-       return 1;
+       return e->flags;
        }
 
-int ENGINE_clear_defaults(void)
+const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e)
        {
-       /* If the defaults haven't even been set yet, don't bother. Any kind of
-        * "cleanup" has a kind of implicit race-condition if another thread is
-        * trying to keep going, so we don't address that with locking. The
-        * first ENGINE_set_default_*** call will actually *create* a standard
-        * set of default ENGINEs (including init() and functional reference
-        * counts aplenty) before the rest of this function undoes them all. So
-        * save some hassle ... */
-       if(!engine_def_flag)
-               return 1;
-       if((0 == 1) ||
-#ifndef OPENSSL_NO_RSA
-                       !ENGINE_set_default_RSA(NULL) ||
-#endif
-#ifndef OPENSSL_NO_DSA
-                       !ENGINE_set_default_DSA(NULL) ||
-#endif
-#ifndef OPENSSL_NO_DH
-                       !ENGINE_set_default_DH(NULL) ||
-#endif
-                       !ENGINE_set_default_RAND(NULL) ||
-                       !ENGINE_set_default_BN_mod_exp(NULL) ||
-                       !ENGINE_set_default_BN_mod_exp_crt(NULL) ||
-                       !RAND_set_rand_method(NULL))
-               return 0;
-       return 1;
+       return e->cmd_defns;
        }
-
index 4b558ec3066a3a9c0abf3bdb79b77630d356d711..b730f130b0ca859049d141d927ca2cba36ce1dd4 100644 (file)
  * list member. */
 static ENGINE *engine_list_head = NULL;
 static ENGINE *engine_list_tail = NULL;
-/* A boolean switch, used to ensure we only initialise once. This
- * is needed because the engine list may genuinely become empty during
- * use (so we can't use engine_list_head as an indicator for example. */
-static int engine_list_flag = 0;
-static int ENGINE_free_util(ENGINE *e, int locked);
+
+/* This cleanup function is only needed internally. If it should be called, we
+ * register it with the "ENGINE_cleanup()" stack to be called during cleanup. */
+
+static void engine_list_cleanup(void)
+       {
+       ENGINE *iterator = engine_list_head;
+
+       while(iterator != NULL)
+               {
+               ENGINE_remove(iterator);
+               iterator = engine_list_head;
+               }
+       return;
+       }
 
 /* These static functions starting with a lower case "engine_" always
  * take place when CRYPTO_LOCK_ENGINE has been locked up. */
@@ -115,6 +125,9 @@ static int engine_list_add(ENGINE *e)
                        }
                engine_list_head = e;
                e->prev = NULL;
+               /* The first time the list allocates, we should register the
+                * cleanup. */
+               engine_cleanup_add_last(engine_list_cleanup);
                }
        else
                {
@@ -169,66 +182,36 @@ static int engine_list_remove(ENGINE *e)
                engine_list_head = e->next;
        if(engine_list_tail == e)
                engine_list_tail = e->prev;
-       ENGINE_free_util(e, 0);
-       return 1;
-       }
-
-/* This check always takes place with CRYPTO_LOCK_ENGINE locked up
- * so we're synchronised, but we can't call anything that tries to
- * lock it again! :-) NB: For convenience (and code-clarity) we
- * don't output errors for failures of the engine_list_add function
- * as it will generate errors itself. */
-static int engine_internal_check(void)
-       {
-       int toret = 1;
-       ENGINE *def_engine1, *def_engine2;
-       if(engine_list_flag)
-               return 1;
-       /* This is our first time up, we need to populate the list
-        * with our statically compiled-in engines. */
-       def_engine1 = ENGINE_openssl();
-       def_engine2 = ENGINE_dynamic();
-       if(!engine_list_add(def_engine1) ||
-                       !engine_list_add(def_engine2))
-               toret = 0;
-       else
-               engine_list_flag = 1;
-       ENGINE_free_util(def_engine1, 0);
-       ENGINE_free_util(def_engine2, 0);
+       engine_free_util(e, 0);
        return 1;
        }
 
 /* Get the first/last "ENGINE" type available. */
 ENGINE *ENGINE_get_first(void)
        {
-       ENGINE *ret = NULL;
+       ENGINE *ret;
 
        CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
-       if(engine_internal_check())
+       ret = engine_list_head;
+       if(ret)
                {
-               ret = engine_list_head;
-               if(ret)
-                       {
-                       ret->struct_ref++;
-                       engine_ref_debug(ret, 0, 1)
-                       }
+               ret->struct_ref++;
+               engine_ref_debug(ret, 0, 1)
                }
        CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
        return ret;
        }
+
 ENGINE *ENGINE_get_last(void)
        {
-       ENGINE *ret = NULL;
+       ENGINE *ret;
 
        CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
-       if(engine_internal_check())
-               {
                ret = engine_list_tail;
-               if(ret)
-                       {
-                       ret->struct_ref++;
-                       engine_ref_debug(ret, 0, 1)
-                       }
+       if(ret)
+               {
+               ret->struct_ref++;
+               engine_ref_debug(ret, 0, 1)
                }
        CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
        return ret;
@@ -257,6 +240,7 @@ ENGINE *ENGINE_get_next(ENGINE *e)
        ENGINE_free(e);
        return ret;
        }
+
 ENGINE *ENGINE_get_prev(ENGINE *e)
        {
        ENGINE *ret = NULL;
@@ -296,7 +280,7 @@ int ENGINE_add(ENGINE *e)
                        ENGINE_R_ID_OR_NAME_MISSING);
                }
        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-       if(!engine_internal_check() || !engine_list_add(e))
+       if(!engine_list_add(e))
                {
                ENGINEerr(ENGINE_F_ENGINE_ADD,
                        ENGINE_R_INTERNAL_LIST_ERROR);
@@ -317,7 +301,7 @@ int ENGINE_remove(ENGINE *e)
                return 0;
                }
        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-       if(!engine_internal_check() || !engine_list_remove(e))
+       if(!engine_list_remove(e))
                {
                ENGINEerr(ENGINE_F_ENGINE_REMOVE,
                        ENGINE_R_INTERNAL_LIST_ERROR);
@@ -327,9 +311,33 @@ int ENGINE_remove(ENGINE *e)
        return to_return;
        }
 
+static void engine_cpy(ENGINE *dest, const ENGINE *src)
+       {
+       dest->id = src->id;
+       dest->name = src->name;
+#ifndef OPENSSL_NO_RSA
+       dest->rsa_meth = src->rsa_meth;
+#endif
+#ifndef OPENSSL_NO_DSA
+       dest->dsa_meth = src->dsa_meth;
+#endif
+#ifndef OPENSSL_NO_DH
+       dest->dh_meth = src->dh_meth;
+#endif
+       dest->rand_meth = src->rand_meth;
+       dest->destroy = src->destroy;
+       dest->init = src->init;
+       dest->finish = src->finish;
+       dest->ctrl = src->ctrl;
+       dest->load_privkey = src->load_privkey;
+       dest->load_pubkey = src->load_pubkey;
+       dest->cmd_defns = src->cmd_defns;
+       dest->flags = src->flags;
+       }
+
 ENGINE *ENGINE_by_id(const char *id)
        {
-       ENGINE *iterator = NULL, *cp = NULL;
+       ENGINE *iterator;
        if(id == NULL)
                {
                ENGINEerr(ENGINE_F_ENGINE_BY_ID,
@@ -337,36 +345,30 @@ ENGINE *ENGINE_by_id(const char *id)
                return NULL;
                }
        CRYPTO_r_lock(CRYPTO_LOCK_ENGINE);
-       if(!engine_internal_check())
-               ENGINEerr(ENGINE_F_ENGINE_BY_ID,
-                       ENGINE_R_INTERNAL_LIST_ERROR);
-       else
+       iterator = engine_list_head;
+       while(iterator && (strcmp(id, iterator->id) != 0))
+               iterator = iterator->next;
+       if(iterator)
                {
-               iterator = engine_list_head;
-               while(iterator && (strcmp(id, iterator->id) != 0))
-                       iterator = iterator->next;
-               if(iterator)
+               /* We need to return a structural reference. If this is an
+                * ENGINE type that returns copies, make a duplicate - otherwise
+                * increment the existing ENGINE's reference count. */
+               if(iterator->flags & ENGINE_FLAGS_BY_ID_COPY)
                        {
-                       /* We need to return a structural reference. If this is
-                        * a "dynamic" ENGINE type, make a duplicate - otherwise
-                        * increment the existing ENGINE's reference count. */
-                       if(iterator->flags & ENGINE_FLAGS_BY_ID_COPY)
-                               {
-                               cp = ENGINE_new();
-                               if(!cp)
-                                       iterator = NULL;
-                               else
-                                       {
-                                       ENGINE_cpy(cp, iterator);
-                                       iterator = cp;
-                                       }
-                               }
+                       ENGINE *cp = ENGINE_new();
+                       if(!cp)
+                               iterator = NULL;
                        else
                                {
-                               iterator->struct_ref++;
-                               engine_ref_debug(iterator, 0, 1)
+                               engine_cpy(cp, iterator);
+                               iterator = cp;
                                }
                        }
+               else
+                       {
+                       iterator->struct_ref++;
+                       engine_ref_debug(iterator, 0, 1)
+                       }
                }
        CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE);
        if(iterator == NULL)
@@ -374,326 +376,3 @@ ENGINE *ENGINE_by_id(const char *id)
                        ENGINE_R_NO_SUCH_ENGINE);
        return iterator;
        }
-
-ENGINE *ENGINE_new(void)
-       {
-       ENGINE *ret;
-
-       ret = (ENGINE *)OPENSSL_malloc(sizeof(ENGINE));
-       if(ret == NULL)
-               {
-               ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE);
-               return NULL;
-               }
-       memset(ret, 0, sizeof(ENGINE));
-       ret->struct_ref = 1;
-       engine_ref_debug(ret, 0, 1)
-       CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data);
-       return ret;
-       }
-
-static int ENGINE_free_util(ENGINE *e, int locked)
-       {
-       int i;
-
-       if(e == NULL)
-               {
-               ENGINEerr(ENGINE_F_ENGINE_FREE,
-                       ERR_R_PASSED_NULL_PARAMETER);
-               return 0;
-               }
-       if(locked)
-               i = CRYPTO_add(&e->struct_ref,-1,CRYPTO_LOCK_ENGINE);
-       else
-               i = --e->struct_ref;
-       engine_ref_debug(e, 0, -1)
-       if (i > 0) return 1;
-#ifdef REF_CHECK
-       if (i < 0)
-               {
-               fprintf(stderr,"ENGINE_free, bad structural reference count\n");
-               abort();
-               }
-#endif
-       /* Give the ENGINE a chance to do any structural cleanup corresponding
-        * to allocation it did in its constructor (eg. unload error strings) */
-       if(e->destroy)
-               e->destroy(e);
-       sk_ENGINE_EVP_CIPHER_pop_free(e->ciphers,ENGINE_free_engine_cipher);
-       CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data);
-       OPENSSL_free(e);
-       return 1;
-       }
-
-int ENGINE_free(ENGINE *e)
-       {
-       return ENGINE_free_util(e, 1);
-       }
-
-int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-               CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-       {
-       return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, argl, argp,
-                       new_func, dup_func, free_func);
-       }
-
-int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg)
-       {
-       return(CRYPTO_set_ex_data(&e->ex_data, idx, arg));
-       }
-
-void *ENGINE_get_ex_data(const ENGINE *e, int idx)
-       {
-       return(CRYPTO_get_ex_data(&e->ex_data, idx));
-       }
-
-void ENGINE_cleanup(void)
-       {
-       ENGINE *iterator = engine_list_head;
-
-       while(iterator != NULL)
-               {
-               ENGINE_remove(iterator);
-               iterator = engine_list_head;
-               }
-       engine_list_flag = 0;
-       /* Also unset any "default" ENGINEs that may have been set up (a default
-        * constitutes a functional reference on an ENGINE and there's one for
-        * each algorithm). */
-       ENGINE_clear_defaults();
-       return;
-       }
-
-int ENGINE_set_id(ENGINE *e, const char *id)
-       {
-       if(id == NULL)
-               {
-               ENGINEerr(ENGINE_F_ENGINE_SET_ID,
-                       ERR_R_PASSED_NULL_PARAMETER);
-               return 0;
-               }
-       e->id = id;
-       return 1;
-       }
-
-int ENGINE_set_name(ENGINE *e, const char *name)
-       {
-       if(name == NULL)
-               {
-               ENGINEerr(ENGINE_F_ENGINE_SET_NAME,
-                       ERR_R_PASSED_NULL_PARAMETER);
-               return 0;
-               }
-       e->name = name;
-       return 1;
-       }
-
-int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth)
-       {
-#ifndef OPENSSL_NO_RSA
-       e->rsa_meth = rsa_meth;
-       return 1;
-#else
-       return 0;
-#endif
-       }
-
-int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth)
-       {
-#ifndef OPENSSL_NO_DSA
-       e->dsa_meth = dsa_meth;
-       return 1;
-#else
-       return 0;
-#endif
-       }
-
-int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth)
-       {
-#ifndef OPENSSL_NO_DH
-       e->dh_meth = dh_meth;
-       return 1;
-#else
-       return 0;
-#endif
-       }
-
-int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth)
-       {
-       e->rand_meth = rand_meth;
-       return 1;
-       }
-
-int ENGINE_set_BN_mod_exp(ENGINE *e, BN_MOD_EXP bn_mod_exp)
-       {
-       e->bn_mod_exp = bn_mod_exp;
-       return 1;
-       }
-
-int ENGINE_set_BN_mod_exp_crt(ENGINE *e, BN_MOD_EXP_CRT bn_mod_exp_crt)
-       {
-       e->bn_mod_exp_crt = bn_mod_exp_crt;
-       return 1;
-       }
-
-int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f)
-       {
-       e->destroy = destroy_f;
-       return 1;
-       }
-
-int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f)
-       {
-       e->init = init_f;
-       return 1;
-       }
-
-int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f)
-       {
-       e->finish = finish_f;
-       return 1;
-       }
-
-int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f)
-       {
-       e->ctrl = ctrl_f;
-       return 1;
-       }
-
-int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f)
-       {
-       e->load_privkey = loadpriv_f;
-       return 1;
-       }
-
-int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f)
-       {
-       e->load_pubkey = loadpub_f;
-       return 1;
-       }
-
-int ENGINE_set_flags(ENGINE *e, int flags)
-       {
-       e->flags = flags;
-       return 1;
-       }
-
-int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns)
-       {
-       e->cmd_defns = defns;
-       return 1;
-       }
-
-int ENGINE_cpy(ENGINE *dest, const ENGINE *src)
-       {
-       if(ENGINE_set_id(dest, ENGINE_get_id(src)) &&
-                       ENGINE_set_name(dest, ENGINE_get_name(src)) &&
-#ifndef OPENSSL_NO_RSA
-                       ENGINE_set_RSA(dest, ENGINE_get_RSA(src)) &&
-#endif
-#ifndef OPENSSL_NO_DSA
-                       ENGINE_set_DSA(dest, ENGINE_get_DSA(src)) &&
-#endif
-#ifndef OPENSSL_NO_DH
-                       ENGINE_set_DH(dest, ENGINE_get_DH(src)) &&
-#endif
-                       ENGINE_set_RAND(dest, ENGINE_get_RAND(src)) &&
-                       ENGINE_set_BN_mod_exp(dest,
-                                       ENGINE_get_BN_mod_exp(src)) &&
-                       ENGINE_set_BN_mod_exp_crt(dest,
-                                       ENGINE_get_BN_mod_exp_crt(src)) &&
-                       ENGINE_set_init_function(dest,
-                                       ENGINE_get_init_function(src)) &&
-                       ENGINE_set_finish_function(dest,
-                                       ENGINE_get_finish_function(src)) &&
-                       ENGINE_set_ctrl_function(dest,
-                                       ENGINE_get_ctrl_function(src)) &&
-                       ENGINE_set_load_privkey_function(dest,
-                                       ENGINE_get_load_privkey_function(src)) &&
-                       ENGINE_set_load_pubkey_function(dest,
-                                       ENGINE_get_load_pubkey_function(src)) &&
-                       ENGINE_set_flags(dest, ENGINE_get_flags(src)) &&
-                       ENGINE_set_cmd_defns(dest, ENGINE_get_cmd_defns(src)))
-               return 1;
-       return 0;
-       }
-
-const char *ENGINE_get_id(const ENGINE *e)
-       {
-       return e->id;
-       }
-
-const char *ENGINE_get_name(const ENGINE *e)
-       {
-       return e->name;
-       }
-
-const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e)
-       {
-       return e->rsa_meth;
-       }
-
-const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e)
-       {
-       return e->dsa_meth;
-       }
-
-const DH_METHOD *ENGINE_get_DH(const ENGINE *e)
-       {
-       return e->dh_meth;
-       }
-
-const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e)
-       {
-       return e->rand_meth;
-       }
-
-BN_MOD_EXP ENGINE_get_BN_mod_exp(const ENGINE *e)
-       {
-       return e->bn_mod_exp;
-       }
-
-BN_MOD_EXP_CRT ENGINE_get_BN_mod_exp_crt(const ENGINE *e)
-       {
-       return e->bn_mod_exp_crt;
-       }
-
-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e)
-       {
-       return e->destroy;
-       }
-
-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e)
-       {
-       return e->init;
-       }
-
-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e)
-       {
-       return e->finish;
-       }
-
-ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e)
-       {
-       return e->ctrl;
-       }
-
-ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e)
-       {
-       return e->load_privkey;
-       }
-
-ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e)
-       {
-       return e->load_pubkey;
-       }
-
-int ENGINE_get_flags(const ENGINE *e)
-       {
-       return e->flags;
-       }
-
-const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e)
-       {
-       return e->cmd_defns;
-       }
index 7bf7b9d2b9126d96f6a45dc1369f305565771930..6def06582dfe47dd00a7f3718d1863d193817584 100644 (file)
 #include <openssl/engine.h>
 #include <openssl/dso.h>
 
-/* This is the only function we need to implement as OpenSSL
- * doesn't have a native CRT mod_exp. Perhaps this should be
- * BN_mod_exp_crt and moved into crypto/bn/ ?? ... dunno. */
-static int openssl_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-               const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
-               const BIGNUM *iqmp, BN_CTX *ctx);
-
 /* The constants used when creating the ENGINE */
 static const char *engine_openssl_id = "openssl";
-static const char *engine_openssl_name = "Software default engine support";
+static const char *engine_openssl_name = "Software engine support";
 
 /* As this is only ever called once, there's no need for locking
  * (indeed - the lock will already be held by our caller!!!) */
@@ -84,82 +77,18 @@ ENGINE *ENGINE_openssl(void)
        if(!ENGINE_set_id(ret, engine_openssl_id) ||
                        !ENGINE_set_name(ret, engine_openssl_name) ||
 #ifndef OPENSSL_NO_RSA
-                       !ENGINE_set_RSA(ret, RSA_get_default_openssl_method()) ||
+                       !ENGINE_set_RSA(ret, RSA_get_default_method()) ||
 #endif
 #ifndef OPENSSL_NO_DSA
-                       !ENGINE_set_DSA(ret, DSA_get_default_openssl_method()) ||
+                       !ENGINE_set_DSA(ret, DSA_get_default_method()) ||
 #endif
 #ifndef OPENSSL_NO_DH
-                       !ENGINE_set_DH(ret, DH_get_default_openssl_method()) ||
+                       !ENGINE_set_DH(ret, DH_get_default_method()) ||
 #endif
-                       !ENGINE_set_RAND(ret, RAND_SSLeay()) ||
-                       !ENGINE_set_BN_mod_exp(ret, BN_mod_exp) ||
-                       !ENGINE_set_BN_mod_exp_crt(ret, openssl_mod_exp_crt))
+                       !ENGINE_set_RAND(ret, RAND_SSLeay()))
                {
                ENGINE_free(ret);
                return NULL;
                }
        return ret;
        }
-
-/* Chinese Remainder Theorem, taken and adapted from rsa_eay.c */
-static int openssl_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                       const BIGNUM *q, const BIGNUM *dmp1,
-                       const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx)
-       {
-       BIGNUM r1,m1;
-       int ret=0;
-       BN_CTX *bn_ctx;
-       BIGNUM *temp_bn = NULL;
-
-       if (ctx)
-               bn_ctx = ctx;
-       else
-               if ((bn_ctx=BN_CTX_new()) == NULL) goto err;
-       BN_init(&m1);
-       BN_init(&r1);
-       /* BN_mul() cannot accept const BIGNUMs so I use the BN_CTX
-        * to duplicate what I need. <sigh> */
-       BN_CTX_start(bn_ctx);
-       if ((temp_bn = BN_CTX_get(bn_ctx)) == NULL) goto err;
-       if (!BN_copy(temp_bn, iqmp)) goto err;
-       if (!BN_mod(&r1, a, q, bn_ctx)) goto err;
-       if (!BN_mod_exp(&m1, &r1, dmq1, q, bn_ctx))
-               goto err;
-       if (!BN_mod(&r1, a, p, bn_ctx)) goto err;
-       if (!BN_mod_exp(r, &r1, dmp1, p, bn_ctx))
-               goto err;
-
-       if (!BN_sub(r, r, &m1)) goto err;
-       /* This will help stop the size of r0 increasing, which does
-        * affect the multiply if it optimised for a power of 2 size */
-       if (r->neg)
-               if (!BN_add(r, r, p)) goto err;
-       if (!BN_mul(&r1, r, temp_bn, bn_ctx)) goto err;
-       if (!BN_mod(r, &r1, p, bn_ctx)) goto err;
-       /* If p < q it is occasionally possible for the correction of
-        * adding 'p' if r is negative above to leave the result still
-        * negative. This can break the private key operations: the following
-        * second correction should *always* correct this rare occurrence.
-        * This will *never* happen with OpenSSL generated keys because
-        * they ensure p > q [steve]
-        */
-       if (r->neg)
-               if (!BN_add(r, r, p)) goto err;
-       /* Again, BN_mul() will need non-const values. */
-       if (!BN_copy(temp_bn, q)) goto err;
-       if (!BN_mul(&r1, r, temp_bn, bn_ctx)) goto err;
-       if (!BN_add(r, &r1, &m1)) goto err;
-       ret=1;
-err:
-       BN_clear_free(&m1);
-       BN_clear_free(&r1);
-       BN_CTX_end(ctx);
-       if (!ctx)
-               BN_CTX_free(bn_ctx);
-       return(ret);
-       }
diff --git a/crypto/engine/eng_pkey.c b/crypto/engine/eng_pkey.c
new file mode 100644 (file)
index 0000000..8c69171
--- /dev/null
@@ -0,0 +1,157 @@
+/* crypto/engine/eng_pkey.c */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include "eng_int.h"
+#include <openssl/engine.h>
+
+/* Basic get/set stuff */
+
+int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f)
+       {
+       e->load_privkey = loadpriv_f;
+       return 1;
+       }
+
+int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f)
+       {
+       e->load_pubkey = loadpub_f;
+       return 1;
+       }
+
+ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e)
+       {
+       return e->load_privkey;
+       }
+
+ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e)
+       {
+       return e->load_pubkey;
+       }
+
+/* API functions to load public/private keys */
+
+EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
+       UI_METHOD *ui_method, void *callback_data)
+       {
+       EVP_PKEY *pkey;
+
+       if(e == NULL)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+                       ERR_R_PASSED_NULL_PARAMETER);
+               return 0;
+               }
+       CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+       if(e->funct_ref == 0)
+               {
+               CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+               ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+                       ENGINE_R_NOT_INITIALISED);
+               return 0;
+               }
+       CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+       if (!e->load_privkey)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+                       ENGINE_R_NO_LOAD_FUNCTION);
+               return 0;
+               }
+       pkey = e->load_privkey(e, key_id, ui_method, callback_data);
+       if (!pkey)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+                       ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
+               return 0;
+               }
+       return pkey;
+       }
+
+EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
+       UI_METHOD *ui_method, void *callback_data)
+       {
+       EVP_PKEY *pkey;
+
+       if(e == NULL)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+                       ERR_R_PASSED_NULL_PARAMETER);
+               return 0;
+               }
+       CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+       if(e->funct_ref == 0)
+               {
+               CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+               ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+                       ENGINE_R_NOT_INITIALISED);
+               return 0;
+               }
+       CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+       if (!e->load_pubkey)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+                       ENGINE_R_NO_LOAD_FUNCTION);
+               return 0;
+               }
+       pkey = e->load_pubkey(e, key_id, ui_method, callback_data);
+       if (!pkey)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+                       ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
+               return 0;
+               }
+       return pkey;
+       }
diff --git a/crypto/engine/eng_table.c b/crypto/engine/eng_table.c
new file mode 100644 (file)
index 0000000..4192144
--- /dev/null
@@ -0,0 +1,361 @@
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include "eng_int.h"
+
+/* This is the type of item in the 'implementation' table. Each 'nid' hashes to
+ * a (potentially NULL) ENGINE_PILE structure which contains a stack of ENGINE*
+ * pointers. These pointers aren't references, because they're inserted and
+ * removed during ENGINE creation and ENGINE destruction. They point to ENGINEs
+ * that *exist* (ie. have a structural reference count greater than zero) rather
+ * than ENGINEs that are *functional*. Each pointer in those stacks are to
+ * ENGINEs that implements the algorithm corresponding to each 'nid'. */
+
+/* The type of the items in the table */
+typedef struct st_engine_pile
+       {
+       /* The 'nid' of the algorithm/mode this ENGINE_PILE structure represents
+        * */
+       int nid;
+       /* A stack of ENGINE pointers for ENGINEs that support this
+        * algorithm/mode. In the event that 'funct' is NULL, the first entry in
+        * this stack that initialises will be set as 'funct' and assumed as the
+        * default for operations of this type. */
+       STACK_OF(ENGINE) *sk;
+       /* The default ENGINE to perform this algorithm/mode. */
+       ENGINE *funct;
+       /* This value optimises engine_table_select(). If it is called it sets
+        * this value to 1. Any changes to this ENGINE_PILE resets it to zero.
+        * As such, no ENGINE_init() thrashing is done unless ENGINEs
+        * continually register (and/or unregister). */
+       int uptodate;
+       } ENGINE_PILE;
+
+/* The type of the hash table of ENGINE_PILE structures such that each are
+ * unique and keyed by the 'nid' value. */
+struct st_engine_table
+       {
+       LHASH piles;
+       }; /* ENGINE_TABLE */
+
+/* This value stores global options controlling behaviour of (mostly) the
+ * engine_table_select() function. It's a bitmask of flag values of the form
+ * ENGINE_TABLE_FLAG_*** (as defined in engine.h) and is controlled by the
+ * ENGINE_[get|set]_table_flags() function. */
+static unsigned int table_flags = 0;
+
+/* API function manipulating 'table_flags' */
+unsigned int ENGINE_get_table_flags(void)
+       {
+       return table_flags;
+       }
+void ENGINE_set_table_flags(unsigned int flags)
+       {
+       table_flags = flags;
+       }
+
+/* Internal functions for the "piles" hash table */
+static unsigned long engine_pile_hash(const ENGINE_PILE *c)
+       {
+       return c->nid;
+       }
+static int engine_pile_cmp(const ENGINE_PILE *a, const ENGINE_PILE *b)
+       {
+       return a->nid - b->nid;
+       }
+static IMPLEMENT_LHASH_HASH_FN(engine_pile_hash, const ENGINE_PILE *)
+static IMPLEMENT_LHASH_COMP_FN(engine_pile_cmp, const ENGINE_PILE *)
+static int int_table_check(ENGINE_TABLE **t, int create)
+       {
+       LHASH *lh;
+       if(*t)
+               return 1;
+       if(!create)
+               return 0;
+       if((lh = lh_new(LHASH_HASH_FN(engine_pile_hash),
+                       LHASH_COMP_FN(engine_pile_cmp))) == NULL)
+               return 0;
+       *t = (ENGINE_TABLE *)lh;
+       return 1;
+       }
+
+/* Privately exposed (via eng_int.h) functions for adding and/or removing
+ * ENGINEs from the implementation table */
+int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB cleanup,
+               ENGINE *e, const int *nids, int num_nids, int setdefault)
+       {
+       int ret = 0, added = 0;
+       ENGINE_PILE tmplate, *fnd;
+       CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+       if(!(*table))
+               added = 1;
+       if(!int_table_check(table, 1))
+               goto end;
+       if(added)
+               /* The cleanup callback needs to be added */
+               engine_cleanup_add_first(cleanup);
+       while(num_nids--)
+               {
+               tmplate.nid = *nids;
+               fnd = lh_retrieve(&(*table)->piles, &tmplate);
+               if(!fnd)
+                       {
+                       fnd = OPENSSL_malloc(sizeof(ENGINE_PILE));
+                       if(!fnd)
+                               goto end;
+                       fnd->uptodate = 1;
+                       fnd->nid = *nids;
+                       fnd->sk = sk_ENGINE_new_null();
+                       if(!fnd->sk)
+                               {
+                               OPENSSL_free(fnd);
+                               goto end;
+                               }
+                       fnd->funct= NULL;
+                       lh_insert(&(*table)->piles, fnd);
+                       }
+               /* A registration shouldn't add duplciate entries */
+               sk_ENGINE_delete_ptr(fnd->sk, e);
+               /* if 'setdefault', this ENGINE goes to the head of the list */
+               if(!sk_ENGINE_push(fnd->sk, e))
+                       goto end;
+               /* "touch" this ENGINE_PILE */
+               fnd->uptodate = 0;
+               if(setdefault)
+                       {
+                       if(!engine_unlocked_init(e))
+                               {
+                               ENGINEerr(ENGINE_F_ENGINE_TABLE_REGISTER,
+                                               ENGINE_R_INIT_FAILED);
+                               goto end;
+                               }
+                       if(fnd->funct)
+                               engine_unlocked_finish(fnd->funct, 0);
+                       fnd->funct = e;
+                       }
+               nids++;
+               }
+       ret = 1;
+end:
+       CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+       return ret;
+       }
+static void int_unregister_cb(ENGINE_PILE *pile, ENGINE *e)
+       {
+       int n;
+       /* Iterate the 'c->sk' stack removing any occurance of 'e' */
+       while((n = sk_ENGINE_find(pile->sk, e)) >= 0)
+               {
+               sk_ENGINE_delete(pile->sk, n);
+               /* "touch" this ENGINE_CIPHER */
+               pile->uptodate = 0;
+               }
+       if(pile->funct == e)
+               {
+               engine_unlocked_finish(e, 0);
+               pile->funct = NULL;
+               }
+       }
+static IMPLEMENT_LHASH_DOALL_ARG_FN(int_unregister_cb,ENGINE_PILE *,ENGINE *)
+void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e)
+       {
+       CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+       if(int_table_check(table, 0))
+               lh_doall_arg(&(*table)->piles,
+                       LHASH_DOALL_ARG_FN(int_unregister_cb), e);
+       CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+       }
+
+static void int_cleanup_cb(ENGINE_PILE *p)
+       {
+       sk_ENGINE_free(p->sk);
+       if(p->funct)
+               engine_unlocked_finish(p->funct, 0);
+       OPENSSL_free(p);
+       }
+static IMPLEMENT_LHASH_DOALL_FN(int_cleanup_cb,ENGINE_PILE *)
+void engine_table_cleanup(ENGINE_TABLE **table)
+       {
+       CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+       if(*table)
+               {
+               lh_doall(&(*table)->piles, LHASH_DOALL_FN(int_cleanup_cb));
+               lh_free(&(*table)->piles);
+               *table = NULL;
+               }
+       CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+       }
+
+/* Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references) for a given cipher 'nid' */
+#ifndef ENGINE_TABLE_DEBUG
+ENGINE *engine_table_select(ENGINE_TABLE **table, int nid)
+#else
+ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, int l)
+#endif
+       {
+       ENGINE *ret = NULL;
+       ENGINE_PILE tmplate, *fnd;
+       int initres, loop = 0;
+
+       /* If 'engine_ciphers' is NULL, then it's absolutely *sure* that no
+        * ENGINEs have registered any implementations! */
+       if(!(*table))
+               {
+#ifdef ENGINE_TABLE_DEBUG
+               fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, no "
+                       "registered for anything!\n", f, l, nid);
+#endif
+               return NULL;
+               }
+       CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+       /* Check again inside the lock otherwise we could race against cleanup
+        * operations. But don't worry about a fprintf(stderr). */
+       if(!int_table_check(table, 0))
+               goto end;
+       tmplate.nid = nid;
+       fnd = lh_retrieve(&(*table)->piles, &tmplate);
+       if(!fnd)
+               goto end;
+       if(fnd->funct && engine_unlocked_init(fnd->funct))
+               {
+#ifdef ENGINE_TABLE_DEBUG
+               fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using "
+                       "ENGINE '%s' cached\n", f, l, nid, fnd->funct->id);
+#endif
+               ret = fnd->funct;
+               goto end;
+               }
+       if(fnd->uptodate)
+               {
+               ret = fnd->funct;
+               goto end;
+               }
+trynext:
+       ret = sk_ENGINE_value(fnd->sk, loop++);
+       if(!ret)
+               {
+#ifdef ENGINE_TABLE_DEBUG
+               fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, no "
+                               "registered implementations would initialise\n",
+                               f, l, nid);
+#endif
+               goto end;
+               }
+#if 0
+       /* Don't need to get a reference if we hold the lock. If the locking has
+        * to change in future, that would be different ... */
+       ret->struct_ref++; engine_ref_debug(ret, 0, 1)
+#endif
+       /* Try and initialise the ENGINE if it's already functional *or* if the
+        * ENGINE_TABLE_FLAG_NOINIT flag is not set. */
+       if((ret->funct_ref > 0) || !(table_flags & ENGINE_TABLE_FLAG_NOINIT))
+               initres = engine_unlocked_init(ret);
+       else
+               initres = 0;
+#if 0
+       /* Release the structural reference */
+       ret->struct_ref--; engine_ref_debug(ret, 0, -1);
+#endif
+       if(initres)
+               {
+               /* If we didn't have a default (functional reference) for this
+                * 'nid' (or we had one but for whatever reason we're now
+                * initialising a different one), use this opportunity to set
+                * 'funct'. */
+               if((fnd->funct != ret) && engine_unlocked_init(ret))
+                       {
+                       /* If there was a previous default we release it. */
+                       if(fnd->funct)
+                               engine_unlocked_finish(fnd->funct, 0);
+                       /* We got an extra functional reference for the
+                        * per-'nid' default */
+                       fnd->funct = ret;
+#ifdef ENGINE_TABLE_DEBUG
+                       fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, "
+                               "setting default to '%s'\n", f, l, nid, ret->id);
+#endif
+                       }
+#ifdef ENGINE_TABLE_DEBUG
+               fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using "
+                               "newly initialised '%s'\n", f, l, nid, ret->id);
+#endif
+               goto end;
+               }
+       goto trynext;
+end:
+       /* Whatever happened - we should "untouch" our uptodate file seeing as
+        * we have tried our best to find a functional reference for 'nid'. If
+        * it failed, it is unlikely to succeed again until some future
+        * registrations (or unregistrations) have taken place that affect that
+        * 'nid'. */
+       if(fnd)
+               fnd->uptodate = 1;
+#ifdef ENGINE_TABLE_DEBUG
+       if(ret)
+               fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "
+                               "ENGINE '%s'\n", f, l, nid, ret->id);
+       else
+               fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "
+                               "'no matching ENGINE'\n", f, l, nid);
+#endif
+       CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+       /* Whatever happened, any failed init()s are not failures in this
+        * context, so clear our error state. */
+       ERR_clear_error();
+       return ret;
+       }
index 07d3810d9412b69ad51d42ad821a23bcfc8b01e8..cf59451fda599e7d7bd9fa81b88e8563da61421a 100644 (file)
@@ -102,6 +102,12 @@ typedef void DH_METHOD;
 #define ENGINE_METHOD_ALL              (unsigned int)0xFFFF
 #define ENGINE_METHOD_NONE             (unsigned int)0x0000
 
+/* This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used
+ * internally to control registration of ENGINE implementations, and can be set
+ * by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to
+ * initialise registered ENGINEs if they are not already initialised. */
+#define ENGINE_TABLE_FLAG_NOINIT       (unsigned int)0x0001
+
 /* ENGINE flags that can be set by ENGINE_set_flags(). */
 /* #define ENGINE_FLAGS_MALLOCED       0x0001 */ /* Not used */
 
@@ -244,21 +250,6 @@ typedef struct ENGINE_CMD_DEFN_st
        unsigned int cmd_flags; /* The input the command expects */
        } ENGINE_CMD_DEFN;
 
-/* As we're missing a BIGNUM_METHOD, we need a couple of locally
- * defined function types that engines can implement. */
-
-/* mod_exp operation, calculates; r = a ^ p mod m
- * NB: ctx can be NULL, but if supplied, the implementation may use
- * it if it wishes. */
-typedef int (*BN_MOD_EXP)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-               const BIGNUM *m, BN_CTX *ctx);
-
-/* private key operation for RSA, provided seperately in case other
- * RSA implementations wish to use it. */
-typedef int (*BN_MOD_EXP_CRT)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-               const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
-               const BIGNUM *iqmp, BN_CTX *ctx);
-
 /* Generic function pointer */
 typedef int (*ENGINE_GEN_FUNC_PTR)();
 /* Generic function pointer taking no arguments */
@@ -291,8 +282,9 @@ int ENGINE_add(ENGINE *e);
 int ENGINE_remove(ENGINE *e);
 /* Retrieve an engine from the list by its unique "id" value. */
 ENGINE *ENGINE_by_id(const char *id);
-/* Add all the built-in engines.  By default, only the OpenSSL software
-   engine is loaded */
+/* Add all the built-in engines. */
+void ENGINE_load_openssl(void);
+void ENGINE_load_dynamic(void);
 void ENGINE_load_cswift(void);
 void ENGINE_load_chil(void);
 void ENGINE_load_atalla(void);
@@ -301,8 +293,41 @@ void ENGINE_load_ubsec(void);
 void ENGINE_load_openbsd_dev_crypto(void);
 void ENGINE_load_builtin_engines(void);
 
-/* Load all the currently known ciphers from all engines */
-void ENGINE_load_ciphers(void);
+/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
+ * "registry" handling. */
+unsigned int ENGINE_get_table_flags(void);
+void ENGINE_set_table_flags(unsigned int flags);
+
+/* Manage registration of ENGINEs per "table". For each type, there are 3
+ * functions;
+ *   ENGINE_register_***(e) - registers the implementation from 'e' (if it has one)
+ *   ENGINE_unregister_***(e) - unregister the implementation from 'e'
+ *   ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list
+ * Cleanup is automatically registered from each table when required, so
+ * ENGINE_cleanup() will reverse any "register" operations. */
+
+int ENGINE_register_RSA(ENGINE *e);
+void ENGINE_unregister_RSA(ENGINE *e);
+void ENGINE_register_all_RSA(void);
+
+int ENGINE_register_DSA(ENGINE *e);
+void ENGINE_unregister_DSA(ENGINE *e);
+void ENGINE_register_all_DSA(void);
+
+int ENGINE_register_DH(ENGINE *e);
+void ENGINE_unregister_DH(ENGINE *e);
+void ENGINE_register_all_DH(void);
+
+int ENGINE_register_RAND(ENGINE *e);
+void ENGINE_unregister_RAND(ENGINE *e);
+void ENGINE_register_all_RAND(void);
+
+/* These functions register all support from the above categories. Note, use of
+ * these functions can result in static linkage of code your application may not
+ * need. If you only need a subset of functionality, consider using more
+ * selective initialisation. */
+int ENGINE_register_complete(ENGINE *e);
+int ENGINE_register_all_complete(void);
 
 /* Send parametrised control commands to the engine. The possibilities to send
  * down an integer, a pointer to data or a function pointer are provided. Any of
@@ -362,8 +387,6 @@ int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
 int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
 int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
 int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
-int ENGINE_set_BN_mod_exp(ENGINE *e, BN_MOD_EXP bn_mod_exp);
-int ENGINE_set_BN_mod_exp_crt(ENGINE *e, BN_MOD_EXP_CRT bn_mod_exp_crt);
 int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);
 int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
 int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
@@ -373,20 +396,16 @@ int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
 int ENGINE_set_flags(ENGINE *e, int flags);
 int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
 int ENGINE_add_cipher(ENGINE *e,const EVP_CIPHER *c);
-/* Copies across all ENGINE methods and pointers. NB: This does *not* change
- * reference counts however. */
-int ENGINE_cpy(ENGINE *dest, const ENGINE *src);
 /* These functions (and the "get" function lower down) allow control over any
  * per-structure ENGINE data. */
 int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
                CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
 int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg);
-/* Cleans the internal engine list. This should only be used when the
- * application is about to exit or restart operation (the next operation
- * requiring the ENGINE list will re-initialise it with defaults). NB: Dynamic
- * ENGINEs will only truly unload (including any allocated data or loaded
- * shared-libraries) if all remaining references are released too - so keys,
- * certificates, etc all need to be released for an in-use ENGINE to unload. */
+
+/* This function cleans up anything that needs it. Eg. the ENGINE_add() function
+ * automatically ensures the list cleanup function is registered to be called
+ * from ENGINE_cleanup(). Similarly, all ENGINE_register_*** functions ensure
+ * ENGINE_cleanup() will clean up after them. */
 void ENGINE_cleanup(void);
 
 /* These return values from within the ENGINE structure. These can be useful
@@ -399,10 +418,6 @@ const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
 const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
 const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
 const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
-int ENGINE_cipher_num(const ENGINE *e);
-const EVP_CIPHER *ENGINE_get_cipher(const ENGINE *e, int n);
-BN_MOD_EXP ENGINE_get_BN_mod_exp(const ENGINE *e);
-BN_MOD_EXP_CRT ENGINE_get_BN_mod_exp_crt(const ENGINE *e);
 ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);
 ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);
 ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
@@ -451,8 +466,6 @@ ENGINE *ENGINE_get_default_RSA(void);
 ENGINE *ENGINE_get_default_DSA(void);
 ENGINE *ENGINE_get_default_DH(void);
 ENGINE *ENGINE_get_default_RAND(void);
-ENGINE *ENGINE_get_default_BN_mod_exp(void);
-ENGINE *ENGINE_get_default_BN_mod_exp_crt(void);
 
 /* This sets a new default ENGINE structure for performing RSA
  * operations. If the result is non-zero (success) then the ENGINE
@@ -463,25 +476,16 @@ int ENGINE_set_default_RSA(ENGINE *e);
 int ENGINE_set_default_DSA(ENGINE *e);
 int ENGINE_set_default_DH(ENGINE *e);
 int ENGINE_set_default_RAND(ENGINE *e);
-int ENGINE_set_default_BN_mod_exp(ENGINE *e);
-int ENGINE_set_default_BN_mod_exp_crt(ENGINE *e);
 
 /* The combination "set" - the flags are bitwise "OR"d from the
- * ENGINE_METHOD_*** defines above. */
+ * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()"
+ * function, this function can result in unnecessary static linkage. If your
+ * application requires only specific functionality, consider using more
+ * selective functions. */
 int ENGINE_set_default(ENGINE *e, unsigned int flags);
 
-/* This function resets all the internal "default" ENGINEs (there's one for each
- * of the various algorithms) to NULL, releasing any references as appropriate.
- * This function is called as part of the ENGINE_cleanup() function, so there's
- * no need to call both (although no harm is done). */
-int ENGINE_clear_defaults(void);
-
-/* Instruct an engine to load any EVP ciphers it knows of */
-/* XXX make this work via defaults? */
-void ENGINE_load_engine_ciphers(ENGINE *e);
-/* Get a particular cipher from a particular engine - NULL if the engine
- * doesn't have it */
-const EVP_CIPHER *ENGINE_get_cipher_by_name(ENGINE *e,const char *name);
+/* Deprecated functions ... */
+/* int ENGINE_clear_defaults(void); */
 
 /**************************/
 /* DYNAMIC ENGINE SUPPORT */
@@ -613,6 +617,7 @@ void ERR_load_ENGINE_strings(void);
 #define ENGINE_F_ENGINE_SET_DEFAULT_TYPE                126
 #define ENGINE_F_ENGINE_SET_ID                          129
 #define ENGINE_F_ENGINE_SET_NAME                        130
+#define ENGINE_F_ENGINE_TABLE_REGISTER                  184
 #define ENGINE_F_ENGINE_UNLOAD_KEY                      152
 #define ENGINE_F_INT_CTRL_HELPER                        172
 #define ENGINE_F_LOG_MESSAGE                            141
index 01c3a9f5fe5b16969c8197de9fd185ed06fccafa..598cb31a6f60683cf6ca69a2c58d810696aaf285 100644 (file)
@@ -161,12 +161,7 @@ int main(int argc, char *argv[])
                }
        else
                printf("Remove that should fail did.\n");
-       if(!ENGINE_remove(new_h1))
-               {
-               printf("Remove failed!\n");
-               goto end;
-               }
-       display_engine_list();
+       ERR_clear_error();
        if(!ENGINE_remove(new_h3))
                {
                printf("Remove failed!\n");
index 89149e1109efb31b7d40d868d7faac554fb4b9b5..030d5a908c167e612da62b115189207ea6b36b59 100644 (file)
@@ -258,7 +258,6 @@ static int bind_helper(ENGINE *e)
 #ifndef OPENSSL_NO_DH
                        !ENGINE_set_DH(e, &atalla_dh) ||
 #endif
-                       !ENGINE_set_BN_mod_exp(e, atalla_mod_exp) ||
                        !ENGINE_set_destroy_function(e, atalla_destroy) ||
                        !ENGINE_set_init_function(e, atalla_init) ||
                        !ENGINE_set_finish_function(e, atalla_finish) ||
@@ -302,9 +301,7 @@ static int bind_helper(ENGINE *e)
        return 1;
        }
 
-/* As this is only ever called once, there's no need for locking
- * (indeed - the lock will already be held by our caller!!!) */
-ENGINE *ENGINE_atalla(void)
+static ENGINE *engine_atalla(void)
        {
        ENGINE *ret = ENGINE_new();
        if(!ret)
@@ -317,6 +314,16 @@ ENGINE *ENGINE_atalla(void)
        return ret;
        }
 
+void ENGINE_load_atalla(void)
+       {
+       /* Copied from eng_[openssl|dyn].c */
+       ENGINE *toadd = engine_atalla();
+       if(!toadd) return;
+       ENGINE_add(toadd);
+       ENGINE_free(toadd);
+       ERR_clear_error();
+       }
+
 /* This is a process-global DSO handle used for loading and unloading
  * the Atalla library. NB: This is only set (or unset) during an
  * init() or finish() call (reference counts permitting) and they're
index 4abc819ee167586eb8098c9191d38d1c77811dc3..d32a832be503839b6827925d082652741e0988af 100644 (file)
@@ -276,8 +276,6 @@ static int bind_helper(ENGINE *e)
 #ifndef OPENSSL_NO_DH
                        !ENGINE_set_DH(e, &cswift_dh) ||
 #endif
-                       !ENGINE_set_BN_mod_exp(e, &cswift_mod_exp) ||
-                       !ENGINE_set_BN_mod_exp_crt(e, &cswift_mod_exp_crt) ||
                        !ENGINE_set_destroy_function(e, cswift_destroy) ||
                        !ENGINE_set_init_function(e, cswift_init) ||
                        !ENGINE_set_finish_function(e, cswift_finish) ||
@@ -312,9 +310,7 @@ static int bind_helper(ENGINE *e)
        return 1;
        }
 
-/* As this is only ever called once, there's no need for locking
- * (indeed - the lock will already be held by our caller!!!) */
-ENGINE *ENGINE_cswift(void)
+static ENGINE *engine_cswift(void)
        {
        ENGINE *ret = ENGINE_new();
        if(!ret)
@@ -327,6 +323,16 @@ ENGINE *ENGINE_cswift(void)
        return ret;
        }
 
+void ENGINE_load_cswift(void)
+       {
+       /* Copied from eng_[openssl|dyn].c */
+       ENGINE *toadd = engine_cswift();
+       if(!toadd) return;
+       ENGINE_add(toadd);
+       ENGINE_free(toadd);
+       ERR_clear_error();
+       }
+
 /* This is a process-global DSO handle used for loading and unloading
  * the CryptoSwift library. NB: This is only set (or unset) during an
  * init() or finish() call (reference counts permitting) and they're
index 408db08b9849a28c94578f4759dc68ab1db8cc9c..da52912462a28b571b949068d3c3770f089d02cf 100644 (file)
@@ -417,7 +417,6 @@ static int bind_helper(ENGINE *e)
                        !ENGINE_set_DH(e, &hwcrhk_dh) ||
 #endif
                        !ENGINE_set_RAND(e, &hwcrhk_rand) ||
-                       !ENGINE_set_BN_mod_exp(e, hwcrhk_mod_exp) ||
                        !ENGINE_set_destroy_function(e, hwcrhk_destroy) ||
                        !ENGINE_set_init_function(e, hwcrhk_init) ||
                        !ENGINE_set_finish_function(e, hwcrhk_finish) ||
@@ -454,9 +453,7 @@ static int bind_helper(ENGINE *e)
        return 1;
        }
 
-/* As this is only ever called once, there's no need for locking
- * (indeed - the lock will already be held by our caller!!!) */
-ENGINE *ENGINE_ncipher(void)
+static ENGINE *engine_ncipher(void)
        {
        ENGINE *ret = ENGINE_new();
        if(!ret)
@@ -469,6 +466,16 @@ ENGINE *ENGINE_ncipher(void)
        return ret;
        }
 
+void ENGINE_load_chil(void)
+       {
+       /* Copied from eng_[openssl|dyn].c */
+       ENGINE *toadd = engine_ncipher();
+       if(!toadd) return;
+       ENGINE_add(toadd);
+       ENGINE_free(toadd);
+       ERR_clear_error();
+       }
+
 /* This is a process-global DSO handle used for loading and unloading
  * the HWCryptoHook library. NB: This is only set (or unset) during an
  * init() or finish() call (reference counts permitting) and they're
index a7925e8f72e69e0fee1c09d7b085de17340e3b5c..784c1a41f2732302e91a06eeab4fc39468894e17 100644 (file)
@@ -368,7 +368,6 @@ static int bind_helper(ENGINE *e)
 #ifndef OPENSSL_NO_DH
                        !ENGINE_set_DH(e, &nuron_dh) ||
 #endif
-                       !ENGINE_set_BN_mod_exp(e, nuron_mod_exp) ||
                        !ENGINE_set_destroy_function(e, nuron_destroy) ||
                        !ENGINE_set_init_function(e, nuron_init) ||
                        !ENGINE_set_finish_function(e, nuron_finish) ||
@@ -412,9 +411,7 @@ static int bind_helper(ENGINE *e)
        return 1;
        }
 
-/* As this is only ever called once, there's no need for locking
- * (indeed - the lock will already be held by our caller!!!) */
-ENGINE *ENGINE_nuron(void)
+static ENGINE *engine_nuron(void)
        {
        ENGINE *ret = ENGINE_new();
        if(!ret)
@@ -427,6 +424,16 @@ ENGINE *ENGINE_nuron(void)
        return ret;
        }
 
+void ENGINE_load_nuron(void)
+       {
+       /* Copied from eng_[openssl|dyn].c */
+       ENGINE *toadd = engine_nuron();
+       if(!toadd) return;
+       ENGINE_add(toadd);
+       ENGINE_free(toadd);
+       ERR_clear_error();
+       }
+
 /* This stuff is needed if this ENGINE is being compiled into a self-contained
  * shared-library. */     
 #ifdef ENGINE_DYNAMIC_SUPPORT
index 0ed7f9b54183a97ded7fc3cb342e6a136956ef33..b2c60bcd50268bcd7625e45710755ef4ec7b45a0 100644 (file)
@@ -272,8 +272,6 @@ static int bind_helper(ENGINE *e)
 #ifndef OPENSSL_NO_DH
                        !ENGINE_set_DH(e, &ubsec_dh) ||
 #endif
-                       !ENGINE_set_BN_mod_exp(e, ubsec_mod_exp) ||
-                       !ENGINE_set_BN_mod_exp_crt(e, ubsec_mod_exp_crt) ||
                        !ENGINE_set_destroy_function(e, ubsec_destroy) ||
                        !ENGINE_set_init_function(e, ubsec_init) ||
                        !ENGINE_set_finish_function(e, ubsec_finish) ||
@@ -310,9 +308,7 @@ static int bind_helper(ENGINE *e)
        return 1;
        }
 
-/* As this is only ever called once, there's no need for locking
- * (indeed - the lock will already be held by our caller!!!) */
-ENGINE *ENGINE_ubsec(void)
+static ENGINE *engine_ubsec(void)
        {
        ENGINE *ret = ENGINE_new();
        if(!ret)
@@ -325,6 +321,16 @@ ENGINE *ENGINE_ubsec(void)
        return ret;
        }
 
+void ENGINE_load_ubsec(void)
+       {
+       /* Copied from eng_[openssl|dyn].c */
+       ENGINE *toadd = engine_ubsec();
+       if(!toadd) return;
+       ENGINE_add(toadd);
+       ENGINE_free(toadd);
+       ERR_clear_error();
+       }
+
 /* This is a process-global DSO handle used for loading and unloading
  * the UBSEC library. NB: This is only set (or unset) during an
  * init() or finish() call (reference counts permitting) and they're
diff --git a/crypto/engine/tb_dh.c b/crypto/engine/tb_dh.c
new file mode 100644 (file)
index 0000000..977f9b9
--- /dev/null
@@ -0,0 +1,120 @@
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include "eng_int.h"
+
+/* If this symbol is defined then ENGINE_get_default_DH(), the function that is
+ * used by DH to hook in implementation code and cache defaults (etc), will
+ * display brief debugging summaries to stderr with the 'nid'. */
+/* #define ENGINE_DH_DEBUG */
+
+static ENGINE_TABLE *dh_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_DH(ENGINE *e)
+       {
+       engine_table_unregister(&dh_table, e);
+       }
+
+static void engine_unregister_all_DH()
+       {
+       engine_table_cleanup(&dh_table);
+       }
+
+int ENGINE_register_DH(ENGINE *e)
+       {
+       if(e->dh_meth)
+               return engine_table_register(&dh_table,
+                               &engine_unregister_all_DH, e, &dummy_nid, 1, 0);
+       return 1;
+       }
+
+void ENGINE_register_all_DH()
+       {
+       ENGINE *e;
+
+       for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
+               ENGINE_register_DH(e);
+       }
+
+int ENGINE_set_default_DH(ENGINE *e)
+       {
+       if(e->dh_meth)
+               return engine_table_register(&dh_table,
+                               &engine_unregister_all_DH, e, &dummy_nid, 1, 1);
+       return 1;
+       }
+
+/* Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references). */
+ENGINE *ENGINE_get_default_DH(void)
+       {
+       return engine_table_select(&dh_table, dummy_nid);
+       }
+
+/* Obtains an DH implementation from an ENGINE functional reference */
+const DH_METHOD *ENGINE_get_DH(const ENGINE *e)
+       {
+       return e->dh_meth;
+       }
+
+/* Sets an DH implementation in an ENGINE structure */
+int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth)
+       {
+       e->dh_meth = dh_meth;
+       return 1;
+       }
diff --git a/crypto/engine/tb_dsa.c b/crypto/engine/tb_dsa.c
new file mode 100644 (file)
index 0000000..1f6d035
--- /dev/null
@@ -0,0 +1,120 @@
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include "eng_int.h"
+
+/* If this symbol is defined then ENGINE_get_default_DSA(), the function that is
+ * used by DSA to hook in implementation code and cache defaults (etc), will
+ * display brief debugging summaries to stderr with the 'nid'. */
+/* #define ENGINE_DSA_DEBUG */
+
+static ENGINE_TABLE *dsa_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_DSA(ENGINE *e)
+       {
+       engine_table_unregister(&dsa_table, e);
+       }
+
+static void engine_unregister_all_DSA()
+       {
+       engine_table_cleanup(&dsa_table);
+       }
+
+int ENGINE_register_DSA(ENGINE *e)
+       {
+       if(e->dsa_meth)
+               return engine_table_register(&dsa_table,
+                               &engine_unregister_all_DSA, e, &dummy_nid, 1, 0);
+       return 1;
+       }
+
+void ENGINE_register_all_DSA()
+       {
+       ENGINE *e;
+
+       for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
+               ENGINE_register_DSA(e);
+       }
+
+int ENGINE_set_default_DSA(ENGINE *e)
+       {
+       if(e->dsa_meth)
+               return engine_table_register(&dsa_table,
+                               &engine_unregister_all_DSA, e, &dummy_nid, 1, 0);
+       return 1;
+       }
+
+/* Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references). */
+ENGINE *ENGINE_get_default_DSA(void)
+       {
+       return engine_table_select(&dsa_table, dummy_nid);
+       }
+
+/* Obtains an DSA implementation from an ENGINE functional reference */
+const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e)
+       {
+       return e->dsa_meth;
+       }
+
+/* Sets an DSA implementation in an ENGINE structure */
+int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth)
+       {
+       e->dsa_meth = dsa_meth;
+       return 1;
+       }
diff --git a/crypto/engine/tb_rand.c b/crypto/engine/tb_rand.c
new file mode 100644 (file)
index 0000000..827e104
--- /dev/null
@@ -0,0 +1,120 @@
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include "eng_int.h"
+
+/* If this symbol is defined then ENGINE_get_default_RAND(), the function that is
+ * used by RAND to hook in implementation code and cache defaults (etc), will
+ * display brief debugging summaries to stderr with the 'nid'. */
+/* #define ENGINE_RAND_DEBUG */
+
+static ENGINE_TABLE *rand_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_RAND(ENGINE *e)
+       {
+       engine_table_unregister(&rand_table, e);
+       }
+
+static void engine_unregister_all_RAND()
+       {
+       engine_table_cleanup(&rand_table);
+       }
+
+int ENGINE_register_RAND(ENGINE *e)
+       {
+       if(e->rand_meth)
+               return engine_table_register(&rand_table,
+                               &engine_unregister_all_RAND, e, &dummy_nid, 1, 0);
+       return 1;
+       }
+
+void ENGINE_register_all_RAND()
+       {
+       ENGINE *e;
+
+       for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
+               ENGINE_register_RAND(e);
+       }
+
+int ENGINE_set_default_RAND(ENGINE *e)
+       {
+       if(e->rand_meth)
+               return engine_table_register(&rand_table,
+                               &engine_unregister_all_RAND, e, &dummy_nid, 1, 1);
+       return 1;
+       }
+
+/* Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references). */
+ENGINE *ENGINE_get_default_RAND(void)
+       {
+       return engine_table_select(&rand_table, dummy_nid);
+       }
+
+/* Obtains an RAND implementation from an ENGINE functional reference */
+const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e)
+       {
+       return e->rand_meth;
+       }
+
+/* Sets an RAND implementation in an ENGINE structure */
+int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth)
+       {
+       e->rand_meth = rand_meth;
+       return 1;
+       }
diff --git a/crypto/engine/tb_rsa.c b/crypto/engine/tb_rsa.c
new file mode 100644 (file)
index 0000000..85049e8
--- /dev/null
@@ -0,0 +1,120 @@
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include "eng_int.h"
+
+/* If this symbol is defined then ENGINE_get_default_RSA(), the function that is
+ * used by RSA to hook in implementation code and cache defaults (etc), will
+ * display brief debugging summaries to stderr with the 'nid'. */
+/* #define ENGINE_RSA_DEBUG */
+
+static ENGINE_TABLE *rsa_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_RSA(ENGINE *e)
+       {
+       engine_table_unregister(&rsa_table, e);
+       }
+
+static void engine_unregister_all_RSA()
+       {
+       engine_table_cleanup(&rsa_table);
+       }
+
+int ENGINE_register_RSA(ENGINE *e)
+       {
+       if(e->rsa_meth)
+               return engine_table_register(&rsa_table,
+                               &engine_unregister_all_RSA, e, &dummy_nid, 1, 0);
+       return 1;
+       }
+
+void ENGINE_register_all_RSA()
+       {
+       ENGINE *e;
+
+       for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
+               ENGINE_register_RSA(e);
+       }
+
+int ENGINE_set_default_RSA(ENGINE *e)
+       {
+       if(e->rsa_meth)
+               return engine_table_register(&rsa_table,
+                               &engine_unregister_all_RSA, e, &dummy_nid, 1, 1);
+       return 1;
+       }
+
+/* Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references). */
+ENGINE *ENGINE_get_default_RSA(void)
+       {
+       return engine_table_select(&rsa_table, dummy_nid);
+       }
+
+/* Obtains an RSA implementation from an ENGINE functional reference */
+const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e)
+       {
+       return e->rsa_meth;
+       }
+
+/* Sets an RSA implementation in an ENGINE structure */
+int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth)
+       {
+       e->rsa_meth = rsa_meth;
+       return 1;
+       }