Changes between 0.9.8b and 0.9.9 [xx XXX xxxx]
*) Initial engine support for EVP_PKEY_METHOD. New functions to permit
- an engine to register a method.
+ an engine to register a method. Add ENGINE lookups for methods and
+ functional reference processing.
[Steve Henson]
*) New functions EVP_Digest{Sign,Verify)*. These are enchance versions of
* ciphering or digesting corresponding to "nid". */
ENGINE *ENGINE_get_cipher_engine(int nid);
ENGINE *ENGINE_get_digest_engine(int nid);
+ENGINE *ENGINE_get_pkey_meth_engine(int nid);
/* This sets a new default ENGINE structure for performing RSA
* operations. If the result is non-zero (success) then the ENGINE
#define EVP_PKEY_FLAG_AUTOARGLEN 2
-const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type, ENGINE *e);
+const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type);
EVP_PKEY_METHOD* EVP_PKEY_meth_new(int id, int flags);
void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth);
int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth);
#define EVP_F_EVP_PKEY_COPY_PARAMETERS 103
#define EVP_F_EVP_PKEY_CTX_CTRL 137
#define EVP_F_EVP_PKEY_CTX_CTRL_STR 150
+#define EVP_F_EVP_PKEY_CTX_DUP 156
#define EVP_F_EVP_PKEY_DECRYPT 104
#define EVP_F_EVP_PKEY_DECRYPT_INIT 138
#define EVP_F_EVP_PKEY_DECRYPT_OLD 151
#define EVP_F_EVP_RIJNDAEL 126
#define EVP_F_EVP_SIGNFINAL 107
#define EVP_F_EVP_VERIFYFINAL 108
+#define EVP_F_INT_CTX_NEW 157
#define EVP_F_PKCS5_PBE_KEYIVGEN 117
#define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118
#define EVP_F_PKCS8_SET_BROKEN 112
{ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS), "EVP_PKEY_copy_parameters"},
{ERR_FUNC(EVP_F_EVP_PKEY_CTX_CTRL), "EVP_PKEY_CTX_ctrl"},
{ERR_FUNC(EVP_F_EVP_PKEY_CTX_CTRL_STR), "EVP_PKEY_CTX_ctrl_str"},
+{ERR_FUNC(EVP_F_EVP_PKEY_CTX_DUP), "EVP_PKEY_CTX_dup"},
{ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT), "EVP_PKEY_decrypt"},
{ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT_INIT), "EVP_PKEY_decrypt_init"},
{ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT_OLD), "EVP_PKEY_decrypt_old"},
{ERR_FUNC(EVP_F_EVP_RIJNDAEL), "EVP_RIJNDAEL"},
{ERR_FUNC(EVP_F_EVP_SIGNFINAL), "EVP_SignFinal"},
{ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"},
+{ERR_FUNC(EVP_F_INT_CTX_NEW), "INT_CTX_NEW"},
{ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"},
{ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"},
{ERR_FUNC(EVP_F_PKCS8_SET_BROKEN), "PKCS8_set_broken"},
{
/* Method associated with this operation */
const EVP_PKEY_METHOD *pmeth;
+ /* Engine that implements this method or NULL if builtin */
+ ENGINE *engine;
/* Key: may be NULL */
EVP_PKEY *pkey;
/* Peer key for key agreement, may be NULL */
#include "cryptlib.h"
#include <openssl/objects.h>
#include <openssl/evp.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
#include "asn1_locl.h"
#include "evp_locl.h"
return ((*a)->pkey_id - (*b)->pkey_id);
}
-const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type, ENGINE *e)
+const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type)
{
EVP_PKEY_METHOD tmp, *t = &tmp, **ret;
tmp.pkey_id = type;
return NULL;
id = pkey->ameth->pkey_id;
}
- pmeth = EVP_PKEY_meth_find(id, e);
+ /* Try to find an ENGINE which implements this method */
+ if (e)
+ {
+ if (!ENGINE_init(e))
+ {
+ EVPerr(EVP_F_INT_CTX_NEW,ERR_R_ENGINE_LIB);
+ return NULL;
+ }
+ else
+ e = ENGINE_get_pkey_meth_engine(id);
+ }
+
+ /* If an ENGINE handled this method look it up. Othewise
+ * use internal table.S
+ */
+
+ if (e)
+ pmeth = ENGINE_get_pkey_meth(e, id);
+ else
+ pmeth = EVP_PKEY_meth_find(id);
+
if (pmeth == NULL)
return NULL;
+
ret = OPENSSL_malloc(sizeof(EVP_PKEY_CTX));
+ ret->engine = e;
ret->pmeth = pmeth;
ret->operation = EVP_PKEY_OP_UNDEFINED;
ret->pkey = pkey;
EVP_PKEY_CTX *rctx;
if (!pctx->pmeth || !pctx->pmeth->copy)
return NULL;
+#ifndef OPENSSL_NO_ENGINE
+ /* Make sure it's safe to copy a pkey context using an ENGINE */
+ if (pctx->engine && !ENGINE_init(pctx->engine))
+ {
+ EVPerr(EVP_F_EVP_PKEY_CTX_DUP,ERR_R_ENGINE_LIB);
+ return 0;
+ }
+#endif
rctx = OPENSSL_malloc(sizeof(EVP_PKEY_CTX));
if (!rctx)
return NULL;
rctx->pmeth = pctx->pmeth;
+#ifndef OPENSSL_NO_ENGINE
+ rctx->engine = pctx->engine;
+#endif
if (pctx->pkey)
{
EVP_PKEY_free(ctx->pkey);
if (ctx->peerkey)
EVP_PKEY_free(ctx->peerkey);
+#ifndef OPENSSL_NO_ENGINE
+ if(ctx->engine)
+ /* The EVP_PKEY_CTX we used belongs to an ENGINE, release the
+ * functional reference we held for this reason. */
+ ENGINE_finish(ctx->engine);
+#endif
OPENSSL_free(ctx);
}