From: Ulf Möller Date: Fri, 7 Sep 2001 04:14:48 +0000 (+0000) Subject: make engine file names unique in 8.3 X-Git-Tag: OpenSSL_0_9_6c~113^2~41 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=14cfde9c83ecfb36711930171ce129293463a83f;p=oweals%2Fopenssl.git make engine file names unique in 8.3 --- diff --git a/crypto/engine/Makefile.ssl b/crypto/engine/Makefile.ssl index 3633f9de48..fe9ed206c2 100644 --- a/crypto/engine/Makefile.ssl +++ b/crypto/engine/Makefile.ssl @@ -23,12 +23,12 @@ TEST= enginetest.c APPS= LIB=$(TOP)/libcrypto.a -LIBSRC= engine_err.c engine_lib.c engine_list.c engine_all.c engine_openssl.c \ - engine_dyn.c engine_evp.c \ +LIBSRC= eng_err.c eng_lib.c eng_list.c eng_all.c eng_openssl.c \ + eng_dyn.c eng_evp.c \ hw_atalla.c hw_cswift.c hw_ncipher.c hw_nuron.c hw_ubsec.c \ hw_openbsd_dev_crypto.c -LIBOBJ= engine_err.o engine_lib.o engine_list.o engine_all.o engine_openssl.o \ - engine_dyn.o engine_evp.o \ +LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_all.o eng_openssl.o \ + eng_dyn.o eng_evp.o \ hw_atalla.o hw_cswift.o hw_ncipher.o hw_nuron.o hw_ubsec.o \ hw_openbsd_dev_crypto.o @@ -85,91 +85,86 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -engine_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -engine_all.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -engine_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -engine_all.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -engine_all.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -engine_all.o: ../../include/openssl/opensslconf.h -engine_all.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h -engine_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -engine_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -engine_all.o: ../../include/openssl/types.h ../../include/openssl/ui.h -engine_all.o: engine_all.c engine_int.h -engine_dyn.o: ../../e_os.h ../../include/openssl/asn1.h -engine_dyn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -engine_dyn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -engine_dyn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -engine_dyn.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h -engine_dyn.o: ../../include/openssl/engine.h ../../include/openssl/err.h -engine_dyn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -engine_dyn.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h -engine_dyn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -engine_dyn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -engine_dyn.o: ../../include/openssl/types.h ../../include/openssl/ui.h -engine_dyn.o: ../cryptlib.h engine_dyn.c engine_int.h -engine_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -engine_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -engine_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -engine_err.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -engine_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -engine_err.o: ../../include/openssl/opensslconf.h -engine_err.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h -engine_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -engine_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -engine_err.o: ../../include/openssl/types.h ../../include/openssl/ui.h -engine_err.o: engine_err.c -engine_evp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -engine_evp.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -engine_evp.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -engine_evp.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -engine_evp.o: ../../include/openssl/err.h ../../include/openssl/evp.h -engine_evp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -engine_evp.o: ../../include/openssl/objects.h -engine_evp.o: ../../include/openssl/opensslconf.h -engine_evp.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h -engine_evp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -engine_evp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -engine_evp.o: ../../include/openssl/types.h ../../include/openssl/ui.h -engine_evp.o: engine_evp.c engine_int.h -engine_lib.o: ../../e_os.h ../../include/openssl/asn1.h -engine_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -engine_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -engine_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -engine_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -engine_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -engine_lib.o: ../../include/openssl/opensslconf.h -engine_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h -engine_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -engine_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -engine_lib.o: ../../include/openssl/types.h ../../include/openssl/ui.h -engine_lib.o: ../cryptlib.h engine_int.h engine_lib.c -engine_list.o: ../../e_os.h ../../include/openssl/asn1.h -engine_list.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -engine_list.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -engine_list.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -engine_list.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -engine_list.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -engine_list.o: ../../include/openssl/opensslconf.h -engine_list.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h -engine_list.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -engine_list.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -engine_list.o: ../../include/openssl/types.h ../../include/openssl/ui.h -engine_list.o: ../cryptlib.h engine_int.h engine_list.c -engine_openssl.o: ../../e_os.h ../../include/openssl/asn1.h -engine_openssl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -engine_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -engine_openssl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -engine_openssl.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h -engine_openssl.o: ../../include/openssl/engine.h ../../include/openssl/err.h -engine_openssl.o: ../../include/openssl/lhash.h -engine_openssl.o: ../../include/openssl/opensslconf.h -engine_openssl.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h -engine_openssl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -engine_openssl.o: ../../include/openssl/stack.h -engine_openssl.o: ../../include/openssl/symhacks.h -engine_openssl.o: ../../include/openssl/types.h ../../include/openssl/ui.h -engine_openssl.o: ../cryptlib.h engine_openssl.c +eng_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +eng_all.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +eng_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +eng_all.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +eng_all.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +eng_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +eng_all.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +eng_all.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +eng_all.o: ../../include/openssl/symhacks.h ../../include/openssl/types.h +eng_all.o: ../../include/openssl/ui.h eng_all.c eng_int.h +eng_dyn.o: ../../e_os.h ../../include/openssl/asn1.h +eng_dyn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +eng_dyn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +eng_dyn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +eng_dyn.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h +eng_dyn.o: ../../include/openssl/engine.h ../../include/openssl/err.h +eng_dyn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +eng_dyn.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h +eng_dyn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +eng_dyn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +eng_dyn.o: ../../include/openssl/types.h ../../include/openssl/ui.h +eng_dyn.o: ../cryptlib.h eng_dyn.c eng_int.h +eng_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +eng_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +eng_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +eng_err.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +eng_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +eng_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +eng_err.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +eng_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +eng_err.o: ../../include/openssl/symhacks.h ../../include/openssl/types.h +eng_err.o: ../../include/openssl/ui.h eng_err.c +eng_evp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +eng_evp.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +eng_evp.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +eng_evp.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +eng_evp.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eng_evp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_evp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +eng_evp.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h +eng_evp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +eng_evp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +eng_evp.o: ../../include/openssl/types.h ../../include/openssl/ui.h eng_evp.c +eng_evp.o: eng_int.h +eng_lib.o: ../../e_os.h ../../include/openssl/asn1.h +eng_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +eng_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +eng_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +eng_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +eng_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +eng_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +eng_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +eng_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +eng_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/types.h +eng_lib.o: ../../include/openssl/ui.h ../cryptlib.h eng_int.h eng_lib.c +eng_list.o: ../../e_os.h ../../include/openssl/asn1.h +eng_list.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +eng_list.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +eng_list.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +eng_list.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +eng_list.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +eng_list.o: ../../include/openssl/opensslconf.h +eng_list.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h +eng_list.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +eng_list.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +eng_list.o: ../../include/openssl/types.h ../../include/openssl/ui.h +eng_list.o: ../cryptlib.h eng_int.h eng_list.c +eng_openssl.o: ../../e_os.h ../../include/openssl/asn1.h +eng_openssl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +eng_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +eng_openssl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +eng_openssl.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h +eng_openssl.o: ../../include/openssl/engine.h ../../include/openssl/err.h +eng_openssl.o: ../../include/openssl/lhash.h +eng_openssl.o: ../../include/openssl/opensslconf.h +eng_openssl.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h +eng_openssl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +eng_openssl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +eng_openssl.o: ../../include/openssl/types.h ../../include/openssl/ui.h +eng_openssl.o: ../cryptlib.h eng_openssl.c hw_atalla.o: ../../e_os.h ../../include/openssl/asn1.h hw_atalla.o: ../../include/openssl/bio.h ../../include/openssl/bn.h hw_atalla.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c new file mode 100644 index 0000000000..48ea6b2c34 --- /dev/null +++ b/crypto/engine/eng_all.c @@ -0,0 +1,142 @@ +/* crypto/engine/engine_all.c -*- mode: C; c-file-style: "eay" -*- */ +/* Written by Richard Levitte for the OpenSSL + * project 2000. + */ +/* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include "eng_int.h" + +static int engine_add(ENGINE *e) + { + int toret = 1; + if (!ENGINE_by_id(ENGINE_get_id(e))) + { + (void)ERR_get_error(); + toret = ENGINE_add(e); + } + ENGINE_free(e); + return toret; + } + +void ENGINE_load_cswift(void) + { +#ifndef OPENSSL_NO_HW +#ifndef OPENSSL_NO_HW_CSWIFT + engine_add(ENGINE_cswift()); +#endif /* !OPENSSL_NO_HW_CSWIFT */ +#endif /* !OPENSSL_NO_HW */ + } + +void ENGINE_load_chil(void) + { +#ifndef OPENSSL_NO_HW +#ifndef OPENSSL_NO_HW_CSWIFT + engine_add(ENGINE_ncipher()); +#endif /* !OPENSSL_NO_HW_CSWIFT */ +#endif /* !OPENSSL_NO_HW */ + } + +void ENGINE_load_atalla(void) + { +#ifndef OPENSSL_NO_HW +#ifndef OPENSSL_NO_HW_CSWIFT + engine_add(ENGINE_atalla()); +#endif /* !OPENSSL_NO_HW_CSWIFT */ +#endif /* !OPENSSL_NO_HW */ + } + +void ENGINE_load_nuron(void) + { +#ifndef OPENSSL_NO_HW +#ifndef OPENSSL_NO_HW_CSWIFT + engine_add(ENGINE_nuron()); +#endif /* !OPENSSL_NO_HW_CSWIFT */ +#endif /* !OPENSSL_NO_HW */ + } + +void ENGINE_load_ubsec(void) + { +#ifndef OPENSSL_NO_HW +#ifndef OPENSSL_NO_HW_UBSEC + engine_add(ENGINE_ubsec()); +#endif /* !OPENSSL_NO_HW_UBSEC */ +#endif /* !OPENSSL_NO_HW */ + } + +void ENGINE_load_openbsd_dev_crypto(void) + { +#ifndef OPENSSL_NO_HW +# ifdef OPENSSL_OPENBSD_DEV_CRYPTO + engine_add(ENGINE_openbsd_dev_crypto()); +# endif +#endif /* !OPENSSL_NO_HW */ + } + +void ENGINE_load_builtin_engines(void) + { + static int done=0; + + if (done) return; + done=1; + + ENGINE_load_cswift(); + ENGINE_load_chil(); + ENGINE_load_atalla(); + ENGINE_load_nuron(); + ENGINE_load_ubsec(); + ENGINE_load_openbsd_dev_crypto(); + } diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c new file mode 100644 index 0000000000..57f7696726 --- /dev/null +++ b/crypto/engine/eng_dyn.c @@ -0,0 +1,427 @@ +/* crypto/engine/engine_dyn.c */ +/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL + * project 2000. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + + +#include +#include +#include "cryptlib.h" +#include "eng_int.h" +#include +#include + +/* Shared libraries implementing ENGINEs for use by the "dynamic" ENGINE loader + * should implement the hook-up functions with the following prototypes. */ + +/* Our ENGINE handlers */ +static int dynamic_init(ENGINE *e); +static int dynamic_finish(ENGINE *e); +static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +/* Predeclare our context type */ +typedef struct st_dynamic_data_ctx dynamic_data_ctx; +/* The implementation for the important control command */ +static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx); + +#define DYNAMIC_CMD_SO_PATH ENGINE_CMD_BASE +#define DYNAMIC_CMD_NO_VCHECK (ENGINE_CMD_BASE + 1) +#define DYNAMIC_CMD_ENGINE_ID (ENGINE_CMD_BASE + 2) +#define DYNAMIC_CMD_LIST_ADD (ENGINE_CMD_BASE + 3) +#define DYNAMIC_CMD_LOAD (ENGINE_CMD_BASE + 4) + +/* The constants used when creating the ENGINE */ +static const char *engine_dynamic_id = "dynamic"; +static const char *engine_dynamic_name = "Dynamic engine loading support"; +static const ENGINE_CMD_DEFN dynamic_cmd_defns[] = { + {DYNAMIC_CMD_SO_PATH, + "SO_PATH", + "Specifies the path to the new ENGINE shared library", + ENGINE_CMD_FLAG_STRING}, + {DYNAMIC_CMD_NO_VCHECK, + "NO_VCHECK", + "Specifies to continue even if version checking fails (boolean)", + ENGINE_CMD_FLAG_NUMERIC}, + {DYNAMIC_CMD_ENGINE_ID, + "ENGINE_ID", + "Specifies an ENGINE id name for loading", + ENGINE_CMD_FLAG_STRING}, + {DYNAMIC_CMD_LIST_ADD, + "LIST_ADD", + "Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)", + ENGINE_CMD_FLAG_NUMERIC}, + {DYNAMIC_CMD_LOAD, + "LOAD", + "Load up the ENGINE specified by other settings", + ENGINE_CMD_FLAG_NO_INPUT}, + {0, NULL, NULL, 0} + }; + +/* Loading code stores state inside the ENGINE structure via the "ex_data" + * element. We load all our state into a single structure and use that as a + * single context in the "ex_data" stack. */ +struct st_dynamic_data_ctx + { + /* The DSO object we load that supplies the ENGINE code */ + DSO *dynamic_dso; + /* The function pointer to the version checking shared library function */ + dynamic_v_check_fn v_check; + /* The function pointer to the engine-binding shared library function */ + dynamic_bind_engine bind_engine; + /* The default name/path for loading the shared library */ + const char *DYNAMIC_LIBNAME; + /* Whether to continue loading on a version check failure */ + int no_vcheck; + /* If non-NULL, stipulates the 'id' of the ENGINE to be loaded */ + const char *engine_id; + /* If non-zero, a successfully loaded ENGINE should be added to the internal + * ENGINE list. If 2, the add must succeed or the entire load should fail. */ + int list_add_value; + /* The symbol name for the version checking function */ + const char *DYNAMIC_F1; + /* The symbol name for the "initialise ENGINE structure" function */ + const char *DYNAMIC_F2; + }; + +/* This is the "ex_data" index we obtain and reserve for use with our context + * structure. */ +static int dynamic_ex_data_idx = -1; + +/* Because our ex_data element may or may not get allocated depending on whether + * a "first-use" occurs before the ENGINE is freed, we have a memory leak + * problem to solve. We can't declare a "new" handler for the ex_data as we + * don't want a dynamic_data_ctx in *all* ENGINE structures of all types (this + * is a bug in the design of CRYPTO_EX_DATA). As such, we just declare a "free" + * handler and that will get called if an ENGINE is being destroyed and there + * was an ex_data element corresponding to our context type. */ +static void dynamic_data_ctx_free_func(void *parent, void *ptr, + CRYPTO_EX_DATA *ad, int idx, long argl, void *argp) + { + if(ptr) + { + dynamic_data_ctx *ctx = (dynamic_data_ctx *)ptr; + if(ctx->dynamic_dso) + DSO_free(ctx->dynamic_dso); + OPENSSL_free(ctx); + } + } + +/* Construct the per-ENGINE context. We create it blindly and then use a lock to + * check for a race - if so, all but one of the threads "racing" will have + * wasted their time. The alternative involves creating everything inside the + * lock which is far worse. */ +static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx) + { + dynamic_data_ctx *c; + c = OPENSSL_malloc(sizeof(dynamic_data_ctx)); + if(!ctx) + { + ENGINEerr(ENGINE_F_SET_DATA_CTX,ERR_R_MALLOC_FAILURE); + return 0; + } + memset(c, 0, sizeof(dynamic_data_ctx)); + c->dynamic_dso = NULL; + c->v_check = NULL; + c->bind_engine = NULL; + c->DYNAMIC_LIBNAME = NULL; + c->no_vcheck = 0; + c->engine_id = NULL; + c->list_add_value = 0; + c->DYNAMIC_F1 = "v_check"; + c->DYNAMIC_F2 = "bind_engine"; + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + if((*ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, + dynamic_ex_data_idx)) == NULL) + { + /* Good, we're the first */ + ENGINE_set_ex_data(e, dynamic_ex_data_idx, c); + *ctx = c; + c = NULL; + } + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + /* If we lost the race to set the context, c is non-NULL and *ctx is the + * context of the thread that won. */ + if(c) + OPENSSL_free(c); + return 1; + } + +/* This function retrieves the context structure from an ENGINE's "ex_data", or + * if it doesn't exist yet, sets it up. */ +static dynamic_data_ctx *dynamic_get_data_ctx(ENGINE *e) + { + dynamic_data_ctx *ctx; + if(dynamic_ex_data_idx < 0) + { + /* Create and register the ENGINE ex_data, and associate our + * "free" function with it to ensure any allocated contexts get + * freed when an ENGINE goes underground. */ + int new_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, + dynamic_data_ctx_free_func); + if(new_idx == -1) + { + ENGINEerr(ENGINE_F_DYNAMIC_GET_DATA_CTX,ENGINE_R_NO_INDEX); + return NULL; + } + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + /* Avoid a race by checking again inside this lock */ + if(dynamic_ex_data_idx < 0) + { + /* Good, someone didn't beat us to it */ + dynamic_ex_data_idx = new_idx; + new_idx = -1; + } + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + /* In theory we could "give back" the index here if + * (new_idx>-1), but it's not possible and wouldn't gain us much + * if it were. */ + } + ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, dynamic_ex_data_idx); + /* Check if the context needs to be created */ + if((ctx == NULL) && !dynamic_set_data_ctx(e, &ctx)) + /* "set_data" will set errors if necessary */ + return NULL; + return ctx; + } + +/* As this is only ever called once, there's no need for locking + * (indeed - the lock will already be held by our caller!!!) */ +ENGINE *ENGINE_dynamic(void) + { + ENGINE *ret = ENGINE_new(); + if(!ret) + return NULL; + if(!ENGINE_set_id(ret, engine_dynamic_id) || + !ENGINE_set_name(ret, engine_dynamic_name) || + !ENGINE_set_init_function(ret, dynamic_init) || + !ENGINE_set_finish_function(ret, dynamic_finish) || + !ENGINE_set_ctrl_function(ret, dynamic_ctrl) || + !ENGINE_set_flags(ret, ENGINE_FLAGS_BY_ID_COPY) || + !ENGINE_set_cmd_defns(ret, dynamic_cmd_defns)) + { + ENGINE_free(ret); + return NULL; + } + return ret; + } + +static int dynamic_init(ENGINE *e) + { + /* We always return failure - the "dyanamic" engine itself can't be used + * for anything. */ + return 0; + } + +static int dynamic_finish(ENGINE *e) + { + /* This should never be called on account of "dynamic_init" always + * failing. */ + return 0; + } + +static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) + { + dynamic_data_ctx *ctx = dynamic_get_data_ctx(e); + int initialised; + + if(!ctx) + { + ENGINEerr(ENGINE_F_DYNAMIC_CTRL,ENGINE_R_NOT_LOADED); + return 0; + } + initialised = ((ctx->dynamic_dso == NULL) ? 0 : 1); + /* All our control commands require the ENGINE to be uninitialised */ + if(initialised) + { + ENGINEerr(ENGINE_F_DYNAMIC_CTRL, + ENGINE_R_ALREADY_LOADED); + return 0; + } + switch(cmd) + { + case DYNAMIC_CMD_SO_PATH: + /* a NULL 'p' or a string of zero-length is the same thing */ + if(p && (strlen((const char *)p) < 1)) + p = NULL; + ctx->DYNAMIC_LIBNAME = (const char *)p; + return 1; + case DYNAMIC_CMD_NO_VCHECK: + ctx->no_vcheck = ((i == 0) ? 0 : 1); + return 1; + case DYNAMIC_CMD_ENGINE_ID: + /* a NULL 'p' or a string of zero-length is the same thing */ + if(p && (strlen((const char *)p) < 1)) + p = NULL; + ctx->engine_id = (const char *)p; + return 1; + case DYNAMIC_CMD_LIST_ADD: + if((i < 0) || (i > 2)) + { + ENGINEerr(ENGINE_F_DYNAMIC_CTRL, + ENGINE_R_INVALID_ARGUMENT); + return 0; + } + ctx->list_add_value = (int)i; + return 1; + case DYNAMIC_CMD_LOAD: + return dynamic_load(e, ctx); + default: + break; + } + ENGINEerr(ENGINE_F_DYNAMIC_CTRL,ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED); + return 0; + } + +static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx) + { + ENGINE cpy; + dynamic_fns fns; + + if(!ctx->DYNAMIC_LIBNAME || ((ctx->dynamic_dso = DSO_load(NULL, + ctx->DYNAMIC_LIBNAME, NULL, 0)) == NULL)) + { + ENGINEerr(ENGINE_F_DYNAMIC_LOAD, + ENGINE_R_DSO_NOT_FOUND); + return 0; + } + /* We have to find a bind function otherwise it'll always end badly */ + if(!(ctx->bind_engine = (dynamic_bind_engine)DSO_bind_func( + ctx->dynamic_dso, ctx->DYNAMIC_F2))) + { + ctx->bind_engine = NULL; + DSO_free(ctx->dynamic_dso); + ctx->dynamic_dso = NULL; + ENGINEerr(ENGINE_F_DYNAMIC_LOAD, + ENGINE_R_DSO_FAILURE); + return 0; + } + /* Do we perform version checking? */ + if(!ctx->no_vcheck) + { + unsigned long vcheck_res = 0; + /* Now we try to find a version checking function and decide how + * to cope with failure if/when it fails. */ + ctx->v_check = (dynamic_v_check_fn)DSO_bind_func( + ctx->dynamic_dso, ctx->DYNAMIC_F1); + if(ctx->v_check) + vcheck_res = ctx->v_check(OSSL_DYNAMIC_VERSION); + /* We fail if the version checker veto'd the load *or* if it is + * deferring to us (by returning its version) and we think it is + * too old. */ + if(vcheck_res < OSSL_DYNAMIC_OLDEST) + { + /* Fail */ + ctx->bind_engine = NULL; + ctx->v_check = NULL; + DSO_free(ctx->dynamic_dso); + ctx->dynamic_dso = NULL; + ENGINEerr(ENGINE_F_DYNAMIC_LOAD, + ENGINE_R_VERSION_INCOMPATIBILITY); + return 0; + } + } + /* First binary copy the ENGINE structure so that we can roll back if + * the hand-over fails */ + memcpy(&cpy, e, sizeof(ENGINE)); + /* Provide the ERR, "ex_data", memory, and locking callbacks so the + * loaded library uses our state rather than its own. FIXME: As noted in + * engine.h, much of this would be simplified if each area of code + * provided its own "summary" structure of all related callbacks. It + * would also increase opaqueness. */ + fns.err_fns = ERR_get_implementation(); + fns.ex_data_fns = CRYPTO_get_ex_data_implementation(); + CRYPTO_get_mem_functions(&fns.mem_fns.malloc_cb, + &fns.mem_fns.realloc_cb, + &fns.mem_fns.free_cb); + fns.lock_fns.lock_locking_cb = CRYPTO_get_locking_callback(); + fns.lock_fns.lock_add_lock_cb = CRYPTO_get_add_lock_callback(); + fns.lock_fns.dynlock_create_cb = CRYPTO_get_dynlock_create_callback(); + fns.lock_fns.dynlock_lock_cb = CRYPTO_get_dynlock_lock_callback(); + fns.lock_fns.dynlock_destroy_cb = CRYPTO_get_dynlock_destroy_callback(); + /* Try to bind the ENGINE onto our own ENGINE structure */ + if(!ctx->bind_engine(e, ctx->engine_id, &fns)) + { + ctx->bind_engine = NULL; + ctx->v_check = NULL; + DSO_free(ctx->dynamic_dso); + ctx->dynamic_dso = NULL; + ENGINEerr(ENGINE_F_DYNAMIC_LOAD,ENGINE_R_INIT_FAILED); + /* Copy the original ENGINE structure back */ + memcpy(e, &cpy, sizeof(ENGINE)); + return 0; + } + /* Do we try to add this ENGINE to the internal list too? */ + if(ctx->list_add_value > 0) + { + if(!ENGINE_add(e)) + { + /* Do we tolerate this or fail? */ + if(ctx->list_add_value > 1) + { + /* Fail - NB: By this time, it's too late to + * rollback, and trying to do so allows the + * bind_engine() code to have created leaks. We + * just have to fail where we are, after the + * ENGINE has changed. */ + ENGINEerr(ENGINE_F_DYNAMIC_LOAD, + ENGINE_R_CONFLICTING_ENGINE_ID); + return 0; + } + /* Tolerate */ + ERR_clear_error(); + } + } + return 1; + } diff --git a/crypto/engine/eng_err.c b/crypto/engine/eng_err.c new file mode 100644 index 0000000000..e76a4e3d4d --- /dev/null +++ b/crypto/engine/eng_err.c @@ -0,0 +1,166 @@ +/* crypto/engine/engine_err.c */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ + +#include +#include +#include + +/* BEGIN ERROR CODES */ +#ifndef OPENSSL_NO_ERR +static ERR_STRING_DATA ENGINE_str_functs[]= + { +{ERR_PACK(0,ENGINE_F_DYNAMIC_CTRL,0), "DYNAMIC_CTRL"}, +{ERR_PACK(0,ENGINE_F_DYNAMIC_GET_DATA_CTX,0), "DYNAMIC_GET_DATA_CTX"}, +{ERR_PACK(0,ENGINE_F_DYNAMIC_LOAD,0), "DYNAMIC_LOAD"}, +{ERR_PACK(0,ENGINE_F_ENGINE_ADD,0), "ENGINE_add"}, +{ERR_PACK(0,ENGINE_F_ENGINE_BY_ID,0), "ENGINE_by_id"}, +{ERR_PACK(0,ENGINE_F_ENGINE_CMD_IS_EXECUTABLE,0), "ENGINE_cmd_is_executable"}, +{ERR_PACK(0,ENGINE_F_ENGINE_CTRL,0), "ENGINE_ctrl"}, +{ERR_PACK(0,ENGINE_F_ENGINE_CTRL_CMD,0), "ENGINE_ctrl_cmd"}, +{ERR_PACK(0,ENGINE_F_ENGINE_CTRL_CMD_STRING,0), "ENGINE_ctrl_cmd_string"}, +{ERR_PACK(0,ENGINE_F_ENGINE_FINISH,0), "ENGINE_finish"}, +{ERR_PACK(0,ENGINE_F_ENGINE_FREE,0), "ENGINE_free"}, +{ERR_PACK(0,ENGINE_F_ENGINE_GET_DEFAULT_TYPE,0), "ENGINE_GET_DEFAULT_TYPE"}, +{ERR_PACK(0,ENGINE_F_ENGINE_GET_NEXT,0), "ENGINE_get_next"}, +{ERR_PACK(0,ENGINE_F_ENGINE_GET_PREV,0), "ENGINE_get_prev"}, +{ERR_PACK(0,ENGINE_F_ENGINE_INIT,0), "ENGINE_init"}, +{ERR_PACK(0,ENGINE_F_ENGINE_LIST_ADD,0), "ENGINE_LIST_ADD"}, +{ERR_PACK(0,ENGINE_F_ENGINE_LIST_REMOVE,0), "ENGINE_LIST_REMOVE"}, +{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,0), "ENGINE_load_private_key"}, +{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,0), "ENGINE_load_public_key"}, +{ERR_PACK(0,ENGINE_F_ENGINE_NEW,0), "ENGINE_new"}, +{ERR_PACK(0,ENGINE_F_ENGINE_REMOVE,0), "ENGINE_remove"}, +{ERR_PACK(0,ENGINE_F_ENGINE_SET_DEFAULT_TYPE,0), "ENGINE_SET_DEFAULT_TYPE"}, +{ERR_PACK(0,ENGINE_F_ENGINE_SET_ID,0), "ENGINE_set_id"}, +{ERR_PACK(0,ENGINE_F_ENGINE_SET_NAME,0), "ENGINE_set_name"}, +{ERR_PACK(0,ENGINE_F_ENGINE_UNLOAD_KEY,0), "ENGINE_UNLOAD_KEY"}, +{ERR_PACK(0,ENGINE_F_INT_CTRL_HELPER,0), "INT_CTRL_HELPER"}, +{ERR_PACK(0,ENGINE_F_LOG_MESSAGE,0), "LOG_MESSAGE"}, +{ERR_PACK(0,ENGINE_F_SET_DATA_CTX,0), "SET_DATA_CTX"}, +{0,NULL} + }; + +static ERR_STRING_DATA ENGINE_str_reasons[]= + { +{ENGINE_R_ALREADY_LOADED ,"already loaded"}, +{ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER ,"argument is not a number"}, +{ENGINE_R_BIO_WAS_FREED ,"bio was freed"}, +{ENGINE_R_BN_CTX_FULL ,"BN_CTX full"}, +{ENGINE_R_BN_EXPAND_FAIL ,"bn_expand fail"}, +{ENGINE_R_CHIL_ERROR ,"chil error"}, +{ENGINE_R_CMD_NOT_EXECUTABLE ,"cmd not executable"}, +{ENGINE_R_COMMAND_TAKES_INPUT ,"command takes input"}, +{ENGINE_R_COMMAND_TAKES_NO_INPUT ,"command takes no input"}, +{ENGINE_R_CONFLICTING_ENGINE_ID ,"conflicting engine id"}, +{ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"}, +{ENGINE_R_DH_NOT_IMPLEMENTED ,"dh not implemented"}, +{ENGINE_R_DSA_NOT_IMPLEMENTED ,"dsa not implemented"}, +{ENGINE_R_DSO_FAILURE ,"DSO failure"}, +{ENGINE_R_DSO_FUNCTION_NOT_FOUND ,"dso function not found"}, +{ENGINE_R_DSO_NOT_FOUND ,"dso not found"}, +{ENGINE_R_ENGINE_IS_NOT_IN_LIST ,"engine is not in the list"}, +{ENGINE_R_FAILED_LOADING_PRIVATE_KEY ,"failed loading private key"}, +{ENGINE_R_FAILED_LOADING_PUBLIC_KEY ,"failed loading public key"}, +{ENGINE_R_FINISH_FAILED ,"finish failed"}, +{ENGINE_R_GET_HANDLE_FAILED ,"could not obtain hardware handle"}, +{ENGINE_R_ID_OR_NAME_MISSING ,"'id' or 'name' missing"}, +{ENGINE_R_INIT_FAILED ,"init failed"}, +{ENGINE_R_INTERNAL_LIST_ERROR ,"internal list error"}, +{ENGINE_R_INVALID_ARGUMENT ,"invalid argument"}, +{ENGINE_R_INVALID_CMD_NAME ,"invalid cmd name"}, +{ENGINE_R_INVALID_CMD_NUMBER ,"invalid cmd number"}, +{ENGINE_R_MISSING_KEY_COMPONENTS ,"missing key components"}, +{ENGINE_R_NOT_INITIALISED ,"not initialised"}, +{ENGINE_R_NOT_LOADED ,"not loaded"}, +{ENGINE_R_NO_CALLBACK ,"no callback"}, +{ENGINE_R_NO_CONTROL_FUNCTION ,"no control function"}, +{ENGINE_R_NO_INDEX ,"no index"}, +{ENGINE_R_NO_KEY ,"no key"}, +{ENGINE_R_NO_LOAD_FUNCTION ,"no load function"}, +{ENGINE_R_NO_REFERENCE ,"no reference"}, +{ENGINE_R_NO_SUCH_ENGINE ,"no such engine"}, +{ENGINE_R_NO_UNLOAD_FUNCTION ,"no unload function"}, +{ENGINE_R_PRIVATE_KEY_ALGORITHMS_DISABLED,"private key algorithms disabled"}, +{ENGINE_R_PROVIDE_PARAMETERS ,"provide parameters"}, +{ENGINE_R_REQUEST_FAILED ,"request failed"}, +{ENGINE_R_REQUEST_FALLBACK ,"request fallback"}, +{ENGINE_R_RSA_NOT_IMPLEMENTED ,"rsa not implemented"}, +{ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL ,"size too large or too small"}, +{ENGINE_R_UNIT_FAILURE ,"unit failure"}, +{ENGINE_R_VERSION_INCOMPATIBILITY ,"version incompatibility"}, +{0,NULL} + }; + +#endif + +void ERR_load_ENGINE_strings(void) + { + static int init=1; + + if (init) + { + init=0; +#ifndef OPENSSL_NO_ERR + ERR_load_strings(ERR_LIB_ENGINE,ENGINE_str_functs); + ERR_load_strings(ERR_LIB_ENGINE,ENGINE_str_reasons); +#endif + + } + } diff --git a/crypto/engine/eng_evp.c b/crypto/engine/eng_evp.c new file mode 100644 index 0000000000..4e15c3a343 --- /dev/null +++ b/crypto/engine/eng_evp.c @@ -0,0 +1,112 @@ +/* Written by Ben Laurie August 2001 */ +/* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include "eng_int.h" +#include + +int ENGINE_add_cipher(ENGINE *e,const EVP_CIPHER *c) + { + ENGINE_EVP_CIPHER *p; + + p=OPENSSL_malloc(sizeof *p); + p->cipher=c; + + if(!e->ciphers) + e->ciphers=sk_ENGINE_EVP_CIPHER_new_null(); + sk_ENGINE_EVP_CIPHER_push(e->ciphers,p); + + return 1; + } + +void ENGINE_free_engine_cipher(ENGINE_EVP_CIPHER *p) + { OPENSSL_free(p); } + +int ENGINE_cipher_num(const ENGINE *e) + { return sk_ENGINE_EVP_CIPHER_num(e->ciphers); } + +const EVP_CIPHER *ENGINE_get_cipher(const ENGINE *e, int n) + { return sk_ENGINE_EVP_CIPHER_value(e->ciphers, n)->cipher; } + +void ENGINE_load_ciphers() + { + ENGINE *e; + + for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) + ENGINE_load_engine_ciphers(e); + } + +void ENGINE_load_engine_ciphers(ENGINE *e) + { + int n; + + for(n=0 ; n < sk_ENGINE_EVP_CIPHER_num(e->ciphers) ; ++n) + EVP_add_cipher(sk_ENGINE_EVP_CIPHER_value(e->ciphers,n)->cipher); + } + +const EVP_CIPHER *ENGINE_get_cipher_by_name(ENGINE *e,const char *name) + { + int n; + + for(n=0 ; n < ENGINE_cipher_num(e) ; ++n) + { + const EVP_CIPHER *c=ENGINE_get_cipher(e,n); + + if(!strcmp(EVP_CIPHER_name(c),name)) + return c; + } + return NULL; + } diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h new file mode 100644 index 0000000000..2e87339db3 --- /dev/null +++ b/crypto/engine/eng_int.h @@ -0,0 +1,187 @@ +/* crypto/engine/engine_int.h */ +/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL + * project 2000. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_ENGINE_INT_H +#define HEADER_ENGINE_INT_H + +/* Take public definitions from engine.h */ +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* If we compile with this symbol defined, then both reference counts in the + * ENGINE structure will be monitored with a line of output on stderr for each + * change. This prints the engine's pointer address (truncated to unsigned int), + * "struct" or "funct" to indicate the reference type, the before and after + * reference count, and the file:line-number pair. The "engine_ref_debug" + * statements must come *after* the change. */ +#ifdef ENGINE_REF_COUNT_DEBUG + +#define engine_ref_debug(e, isfunct, diff) \ + fprintf(stderr, "engine: %08x %s from %d to %d (%s:%d)\n", \ + (unsigned int)(e), (isfunct ? "funct" : "struct"), \ + ((isfunct) ? ((e)->funct_ref - (diff)) : ((e)->struct_ref - (diff))), \ + ((isfunct) ? (e)->funct_ref : (e)->struct_ref), \ + (__FILE__), (__LINE__)); + +#else + +#define engine_ref_debug(e, isfunct, diff) + +#endif + +typedef struct engine_evp_cipher_st + { + const EVP_CIPHER *cipher; + } ENGINE_EVP_CIPHER; + +DECLARE_STACK_OF(ENGINE_EVP_CIPHER) + +void ENGINE_free_engine_cipher(ENGINE_EVP_CIPHER *p); + +/* NB: Bitwise OR-able values for the "flags" variable in ENGINE are now exposed + * in engine.h. */ + +/* This is a structure for storing implementations of various crypto + * algorithms and functions. */ +struct engine_st + { + const char *id; + const char *name; + const RSA_METHOD *rsa_meth; + const DSA_METHOD *dsa_meth; + const DH_METHOD *dh_meth; + const RAND_METHOD *rand_meth; + + BN_MOD_EXP bn_mod_exp; + BN_MOD_EXP_CRT bn_mod_exp_crt; + ENGINE_GEN_INT_FUNC_PTR destroy; + ENGINE_GEN_INT_FUNC_PTR init; + ENGINE_GEN_INT_FUNC_PTR finish; + ENGINE_CTRL_FUNC_PTR ctrl; + ENGINE_LOAD_KEY_PTR load_privkey; + ENGINE_LOAD_KEY_PTR load_pubkey; + + STACK_OF(ENGINE_EVP_CIPHER) *ciphers; + + const ENGINE_CMD_DEFN *cmd_defns; + int flags; + /* reference count on the structure itself */ + int struct_ref; + /* reference count on usability of the engine type. NB: This + * controls the loading and initialisation of any functionlity + * required by this engine, whereas the previous count is + * simply to cope with (de)allocation of this structure. Hence, + * running_ref <= struct_ref at all times. */ + int funct_ref; + /* A place to store per-key data */ + CRYPTO_EX_DATA ex_data; + /* Used to maintain the linked-list of engines. */ + struct engine_st *prev; + struct engine_st *next; + }; + +/* BUILT-IN ENGINES. (these functions are only ever called once and + * do not return references - they are purely for bootstrapping). */ + +/* Returns a structure of software only methods (the default). */ +ENGINE *ENGINE_openssl(void); + +/* Returns the "dynamic" ENGINE for loading entire ENGINE implementations from + * shared libraries. */ +ENGINE *ENGINE_dynamic(void); + +#ifndef OPENSSL_NO_HW + +#ifndef OPENSSL_NO_HW_CSWIFT +/* Returns a structure of cswift methods ... NB: This can exist and be + * "used" even on non-cswift systems because the "init" will fail if the + * card/library are not found. */ +ENGINE *ENGINE_cswift(void); +#endif /* !OPENSSL_NO_HW_CSWIFT */ + +#ifndef OPENSSL_NO_HW_NCIPHER +ENGINE *ENGINE_ncipher(void); +#endif /* !OPENSSL_NO_HW_NCIPHER */ + +#ifndef OPENSSL_NO_HW_ATALLA +/* Returns a structure of atalla methods. */ +ENGINE *ENGINE_atalla(void); +#endif /* !OPENSSL_NO_HW_ATALLA */ + +#ifndef OPENSSL_NO_HW_NURON +ENGINE *ENGINE_nuron(void); +#endif /* !OPENSSL_NO_HW_NURON */ + +#ifndef OPENSSL_NO_HW_UBSEC +ENGINE *ENGINE_ubsec(void); +#endif /* !OPENSSL_NO_HW_UBSEC */ + +#ifdef OPENSSL_OPENBSD_DEV_CRYPTO +ENGINE *ENGINE_openbsd_dev_crypto(void); +#endif + +#endif /* !OPENSSL_NO_HW */ + +#ifdef __cplusplus +} +#endif + +#endif /* HEADER_ENGINE_INT_H */ diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c new file mode 100644 index 0000000000..94ce057307 --- /dev/null +++ b/crypto/engine/eng_lib.c @@ -0,0 +1,864 @@ +/* crypto/engine/engine_lib.c */ +/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL + * project 2000. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include "cryptlib.h" +#include "eng_int.h" +#include + +/* These pointers each have their own "functional reference" when they + * are non-NULL. Similarly, when they are retrieved by a call to + * ENGINE_get_default_[RSA|DSA|...] the returned pointer is also a + * reference and the caller is responsible for freeing that when they + * are finished with it (with a call to ENGINE_finish() *NOT* just + * ENGINE_free()!!!!!!). */ +#ifndef OPENSSL_NO_RSA +static ENGINE *engine_def_rsa = NULL; +#endif +#ifndef OPENSSL_NO_DSA +static ENGINE *engine_def_dsa = NULL; +#endif +#ifndef OPENSSL_NO_DH +static ENGINE *engine_def_dh = NULL; +#endif +static ENGINE *engine_def_rand = NULL; +static ENGINE *engine_def_bn_mod_exp = NULL; +static ENGINE *engine_def_bn_mod_exp_crt = NULL; +/* A static "once-only" flag used to control if/when the above were + * initialised to suitable start-up defaults. */ +static int engine_def_flag = 0; + +/* When querying a ENGINE-specific control command's 'description', this string + * is used if the ENGINE_CMD_DEFN has cmd_desc set to NULL. */ +static const char *int_no_description = ""; + +/* This is used in certain static utility functions to save code + * repetition for per-algorithm functions. */ +typedef enum { + ENGINE_TYPE_RSA, + ENGINE_TYPE_DSA, + ENGINE_TYPE_DH, + ENGINE_TYPE_RAND, + ENGINE_TYPE_BN_MOD_EXP, + ENGINE_TYPE_BN_MOD_EXP_CRT + } ENGINE_TYPE; + +static void engine_def_check_util(ENGINE **def, ENGINE *val) + { + *def = val; + val->struct_ref++; + val->funct_ref++; + engine_ref_debug(val, 0, 1) + engine_ref_debug(val, 1, 1) + } + +/* In a slight break with convention - this static function must be + * called *outside* any locking of CRYPTO_LOCK_ENGINE. */ +static void engine_def_check(void) + { + ENGINE *e; + if(engine_def_flag) + return; + e = ENGINE_get_first(); + if(e == NULL) + /* The list is empty ... not much we can do! */ + return; + /* We have a structural reference, see if getting a functional + * reference is possible. This is done to cope with init errors + * in the engine - the following locked code does a bunch of + * manual "ENGINE_init"s which do *not* allow such an init + * error so this is worth doing. */ + if(ENGINE_init(e)) + { + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + /* Doing another check here prevents an obvious race + * condition because the whole function itself cannot + * be locked. */ + if(engine_def_flag) + goto skip_set_defaults; + /* OK, we got a functional reference, so we get one each + * for the defaults too. */ +#ifndef OPENSSL_NO_RSA + engine_def_check_util(&engine_def_rsa, e); +#endif +#ifndef OPENSSL_NO_DSA + engine_def_check_util(&engine_def_dsa, e); +#endif +#ifndef OPENSSL_NO_DH + engine_def_check_util(&engine_def_dh, e); +#endif + engine_def_check_util(&engine_def_rand, e); + engine_def_check_util(&engine_def_bn_mod_exp, e); + engine_def_check_util(&engine_def_bn_mod_exp_crt, e); + engine_def_flag = 1; +skip_set_defaults: + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + /* The "if" needs to be balanced out. */ + ENGINE_finish(e); + } + /* We need to balance out the fact we obtained a structural + * reference to begin with from ENGINE_get_first(). */ + ENGINE_free(e); + } + +/* Initialise a engine type for use (or up its functional reference count + * if it's already in use). */ +int ENGINE_init(ENGINE *e) + { + int to_return = 1; + + if(e == NULL) + { + ENGINEerr(ENGINE_F_ENGINE_INIT,ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + if((e->funct_ref == 0) && e->init) + /* This is the first functional reference and the engine + * requires initialisation so we do it now. */ + to_return = e->init(e); + if(to_return) + { + /* OK, we return a functional reference which is also a + * structural reference. */ + e->struct_ref++; + e->funct_ref++; + engine_ref_debug(e, 0, 1) + engine_ref_debug(e, 1, 1) + } + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + return to_return; + } + +/* Free a functional reference to a engine type */ +int ENGINE_finish(ENGINE *e) + { + int to_return = 1; + + if(e == NULL) + { + ENGINEerr(ENGINE_F_ENGINE_FINISH,ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + /* Reduce the functional reference count here so if it's the terminating + * case, we can release the lock safely and call the finish() handler + * without risk of a race. We get a race if we leave the count until + * after and something else is calling "finish" at the same time - + * there's a chance that both threads will together take the count from + * 2 to 0 without either calling finish(). */ + e->funct_ref--; + engine_ref_debug(e, 1, -1) + if((e->funct_ref == 0) && e->finish) + { + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + if(!(to_return = e->finish(e))) + { + ENGINEerr(ENGINE_F_ENGINE_FINISH,ENGINE_R_FINISH_FAILED); + return 0; + } + } + else + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +#ifdef REF_CHECK + if(e->funct_ref < 0) + { + fprintf(stderr,"ENGINE_finish, bad functional reference count\n"); + abort(); + } +#endif + /* Release the structural reference too */ + if(!ENGINE_free(e)) + { + ENGINEerr(ENGINE_F_ENGINE_FINISH,ENGINE_R_FINISH_FAILED); + return 0; + } + return to_return; + } + +EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, + UI_METHOD *ui_method, void *callback_data) + { + EVP_PKEY *pkey; + + if(e == NULL) + { + ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + if(e->funct_ref == 0) + { + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, + ENGINE_R_NOT_INITIALISED); + return 0; + } + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + if (!e->load_privkey) + { + ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, + ENGINE_R_NO_LOAD_FUNCTION); + return 0; + } + pkey = e->load_privkey(e, key_id, ui_method, callback_data); + if (!pkey) + { + ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, + ENGINE_R_FAILED_LOADING_PRIVATE_KEY); + return 0; + } + return pkey; + } + +EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, + UI_METHOD *ui_method, void *callback_data) + { + EVP_PKEY *pkey; + + if(e == NULL) + { + ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + if(e->funct_ref == 0) + { + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, + ENGINE_R_NOT_INITIALISED); + return 0; + } + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + if (!e->load_pubkey) + { + ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, + ENGINE_R_NO_LOAD_FUNCTION); + return 0; + } + pkey = e->load_pubkey(e, key_id, ui_method, callback_data); + if (!pkey) + { + ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, + ENGINE_R_FAILED_LOADING_PUBLIC_KEY); + return 0; + } + return pkey; + } + +/* These internal functions handle 'CMD'-related control commands when the + * ENGINE in question has asked us to take care of it (ie. the ENGINE did not + * set the ENGINE_FLAGS_MANUAL_CMD_CTRL flag. */ + +static int int_ctrl_cmd_is_null(const ENGINE_CMD_DEFN *defn) + { + if((defn->cmd_num == 0) || (defn->cmd_name == NULL)) + return 1; + return 0; + } + +static int int_ctrl_cmd_by_name(const ENGINE_CMD_DEFN *defn, const char *s) + { + int idx = 0; + while(!int_ctrl_cmd_is_null(defn) && (strcmp(defn->cmd_name, s) != 0)) + { + idx++; + defn++; + } + if(int_ctrl_cmd_is_null(defn)) + /* The given name wasn't found */ + return -1; + return idx; + } + +static int int_ctrl_cmd_by_num(const ENGINE_CMD_DEFN *defn, unsigned int num) + { + int idx = 0; + /* NB: It is stipulated that 'cmd_defn' lists are ordered by cmd_num. So + * our searches don't need to take any longer than necessary. */ + while(!int_ctrl_cmd_is_null(defn) && (defn->cmd_num < num)) + { + idx++; + defn++; + } + if(defn->cmd_num == num) + return idx; + /* The given cmd_num wasn't found */ + return -1; + } + +static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, void (*f)()) + { + int idx; + char *s = (char *)p; + /* Take care of the easy one first (eg. it requires no searches) */ + if(cmd == ENGINE_CTRL_GET_FIRST_CMD_TYPE) + { + if((e->cmd_defns == NULL) || int_ctrl_cmd_is_null(e->cmd_defns)) + return 0; + return e->cmd_defns->cmd_num; + } + /* One or two commands require that "p" be a valid string buffer */ + if((cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) || + (cmd == ENGINE_CTRL_GET_NAME_FROM_CMD) || + (cmd == ENGINE_CTRL_GET_DESC_FROM_CMD)) + { + if(s == NULL) + { + ENGINEerr(ENGINE_F_INT_CTRL_HELPER, + ERR_R_PASSED_NULL_PARAMETER); + return -1; + } + } + /* Now handle cmd_name -> cmd_num conversion */ + if(cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) + { + if((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_name( + e->cmd_defns, s)) < 0)) + { + ENGINEerr(ENGINE_F_INT_CTRL_HELPER, + ENGINE_R_INVALID_CMD_NAME); + return -1; + } + return e->cmd_defns[idx].cmd_num; + } + /* For the rest of the commands, the 'long' argument must specify a + * valie command number - so we need to conduct a search. */ + if((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_num(e->cmd_defns, + (unsigned int)i)) < 0)) + { + ENGINEerr(ENGINE_F_INT_CTRL_HELPER, + ENGINE_R_INVALID_CMD_NUMBER); + return -1; + } + /* Now the logic splits depending on command type */ + switch(cmd) + { + case ENGINE_CTRL_GET_NEXT_CMD_TYPE: + idx++; + if(int_ctrl_cmd_is_null(e->cmd_defns + idx)) + /* end-of-list */ + return 0; + else + return e->cmd_defns[idx].cmd_num; + case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD: + return strlen(e->cmd_defns[idx].cmd_name); + case ENGINE_CTRL_GET_NAME_FROM_CMD: + return sprintf(s, "%s", e->cmd_defns[idx].cmd_name); + case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD: + if(e->cmd_defns[idx].cmd_desc) + return strlen(e->cmd_defns[idx].cmd_desc); + return strlen(int_no_description); + case ENGINE_CTRL_GET_DESC_FROM_CMD: + if(e->cmd_defns[idx].cmd_desc) + return sprintf(s, "%s", e->cmd_defns[idx].cmd_desc); + return sprintf(s, "%s", int_no_description); + case ENGINE_CTRL_GET_CMD_FLAGS: + return e->cmd_defns[idx].cmd_flags; + } + /* Shouldn't really be here ... */ + ENGINEerr(ENGINE_F_INT_CTRL_HELPER,ENGINE_R_INTERNAL_LIST_ERROR); + return -1; + } + +int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) + { + int ctrl_exists, ref_exists; + if(e == NULL) + { + ENGINEerr(ENGINE_F_ENGINE_CTRL,ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + ref_exists = ((e->struct_ref > 0) ? 1 : 0); + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + ctrl_exists = ((e->ctrl == NULL) ? 0 : 1); + if(!ref_exists) + { + ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_REFERENCE); + return 0; + } + /* Intercept any "root-level" commands before trying to hand them on to + * ctrl() handlers. */ + switch(cmd) + { + case ENGINE_CTRL_HAS_CTRL_FUNCTION: + return ctrl_exists; + case ENGINE_CTRL_GET_FIRST_CMD_TYPE: + case ENGINE_CTRL_GET_NEXT_CMD_TYPE: + case ENGINE_CTRL_GET_CMD_FROM_NAME: + case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD: + case ENGINE_CTRL_GET_NAME_FROM_CMD: + case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD: + case ENGINE_CTRL_GET_DESC_FROM_CMD: + case ENGINE_CTRL_GET_CMD_FLAGS: + if(ctrl_exists && !(e->flags & ENGINE_FLAGS_MANUAL_CMD_CTRL)) + return int_ctrl_helper(e,cmd,i,p,f); + if(!ctrl_exists) + { + ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION); + /* For these cmd-related functions, failure is indicated + * by a -1 return value (because 0 is used as a valid + * return in some places). */ + return -1; + } + default: + break; + } + /* Anything else requires a ctrl() handler to exist. */ + if(!ctrl_exists) + { + ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION); + return 0; + } + return e->ctrl(e, cmd, i, p, f); + } + +int ENGINE_cmd_is_executable(ENGINE *e, int cmd) + { + int flags; + if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, cmd, NULL, NULL)) < 0) + { + ENGINEerr(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE, + ENGINE_R_INVALID_CMD_NUMBER); + return 0; + } + if(!(flags & ENGINE_CMD_FLAG_NO_INPUT) && + !(flags & ENGINE_CMD_FLAG_NUMERIC) && + !(flags & ENGINE_CMD_FLAG_STRING)) + return 0; + return 1; + } + +int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, + long i, void *p, void (*f)(), int cmd_optional) + { + int num; + + if((e == NULL) || (cmd_name == NULL)) + { + ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if((e->ctrl == NULL) || ((num = ENGINE_ctrl(e, + ENGINE_CTRL_GET_CMD_FROM_NAME, + 0, (void *)cmd_name, NULL)) <= 0)) + { + /* If the command didn't *have* to be supported, we fake + * success. This allows certain settings to be specified for + * multiple ENGINEs and only require a change of ENGINE id + * (without having to selectively apply settings). Eg. changing + * from a hardware device back to the regular software ENGINE + * without editing the config file, etc. */ + if(cmd_optional) + { + ERR_clear_error(); + return 1; + } + ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD, + ENGINE_R_INVALID_CMD_NAME); + return 0; + } + /* Force the result of the control command to 0 or 1, for the reasons + * mentioned before. */ + if (ENGINE_ctrl(e, num, i, p, f)) + return 1; + return 0; + } + +int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, + int cmd_optional) + { + int num, flags; + long l; + char *ptr; + if((e == NULL) || (cmd_name == NULL)) + { + ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if((e->ctrl == NULL) || ((num = ENGINE_ctrl(e, + ENGINE_CTRL_GET_CMD_FROM_NAME, + 0, (void *)cmd_name, NULL)) <= 0)) + { + /* If the command didn't *have* to be supported, we fake + * success. This allows certain settings to be specified for + * multiple ENGINEs and only require a change of ENGINE id + * (without having to selectively apply settings). Eg. changing + * from a hardware device back to the regular software ENGINE + * without editing the config file, etc. */ + if(cmd_optional) + { + ERR_clear_error(); + return 1; + } + ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, + ENGINE_R_INVALID_CMD_NAME); + return 0; + } + if(!ENGINE_cmd_is_executable(e, num)) + { + ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, + ENGINE_R_CMD_NOT_EXECUTABLE); + return 0; + } + if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, NULL, NULL)) < 0) + { + /* Shouldn't happen, given that ENGINE_cmd_is_executable() + * returned success. */ + ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, + ENGINE_R_INTERNAL_LIST_ERROR); + return 0; + } + /* If the command takes no input, there must be no input. And vice + * versa. */ + if(flags & ENGINE_CMD_FLAG_NO_INPUT) + { + if(arg != NULL) + { + ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, + ENGINE_R_COMMAND_TAKES_NO_INPUT); + return 0; + } + /* We deliberately force the result of ENGINE_ctrl() to 0 or 1 + * rather than returning it as "return data". This is to ensure + * usage of these commands is consistent across applications and + * that certain applications don't understand it one way, and + * others another. */ + if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL)) + return 1; + return 0; + } + /* So, we require input */ + if(arg == NULL) + { + ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, + ENGINE_R_COMMAND_TAKES_INPUT); + return 0; + } + /* If it takes string input, that's easy */ + if(flags & ENGINE_CMD_FLAG_STRING) + { + /* Same explanation as above */ + if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL)) + return 1; + return 0; + } + /* If it doesn't take numeric either, then it is unsupported for use in + * a config-setting situation, which is what this function is for. This + * should never happen though, because ENGINE_cmd_is_executable() was + * used. */ + if(!(flags & ENGINE_CMD_FLAG_NUMERIC)) + { + ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, + ENGINE_R_INTERNAL_LIST_ERROR); + return 0; + } + l = strtol(arg, &ptr, 10); + if((arg == ptr) || (*ptr != '\0')) + { + ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, + ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER); + return 0; + } + /* Force the result of the control command to 0 or 1, for the reasons + * mentioned before. */ + if(ENGINE_ctrl(e, num, l, NULL, NULL)) + return 1; + return 0; + } + +static ENGINE *engine_get_default_type(ENGINE_TYPE t) + { + ENGINE *ret = NULL; + + /* engine_def_check is lean and mean and won't replace any + * prior default engines ... so we must ensure that it is always + * the first function to get to touch the default values. */ + engine_def_check(); + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + switch(t) + { +#ifndef OPENSSL_NO_RSA + case ENGINE_TYPE_RSA: + ret = engine_def_rsa; break; +#endif +#ifndef OPENSSL_NO_DSA + case ENGINE_TYPE_DSA: + ret = engine_def_dsa; break; +#endif +#ifndef OPENSSL_NO_DH + case ENGINE_TYPE_DH: + ret = engine_def_dh; break; +#endif + case ENGINE_TYPE_RAND: + ret = engine_def_rand; break; + case ENGINE_TYPE_BN_MOD_EXP: + ret = engine_def_bn_mod_exp; break; + case ENGINE_TYPE_BN_MOD_EXP_CRT: + ret = engine_def_bn_mod_exp_crt; break; + default: + break; + } + /* Unforunately we can't do this work outside the lock with a + * call to ENGINE_init() because that would leave a race + * condition open. */ + if(ret) + { + ret->struct_ref++; + ret->funct_ref++; + engine_ref_debug(ret, 0, 1) + engine_ref_debug(ret, 1, 1) + } + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + return ret; + } + +#ifndef OPENSSL_NO_RSA +ENGINE *ENGINE_get_default_RSA(void) + { + return engine_get_default_type(ENGINE_TYPE_RSA); + } +#endif + +#ifndef OPENSSL_NO_DSA +ENGINE *ENGINE_get_default_DSA(void) + { + return engine_get_default_type(ENGINE_TYPE_DSA); + } +#endif + +#ifndef OPENSSL_NO_DH +ENGINE *ENGINE_get_default_DH(void) + { + return engine_get_default_type(ENGINE_TYPE_DH); + } +#endif + +ENGINE *ENGINE_get_default_RAND(void) + { + return engine_get_default_type(ENGINE_TYPE_RAND); + } + +ENGINE *ENGINE_get_default_BN_mod_exp(void) + { + return engine_get_default_type(ENGINE_TYPE_BN_MOD_EXP); + } + +ENGINE *ENGINE_get_default_BN_mod_exp_crt(void) + { + return engine_get_default_type(ENGINE_TYPE_BN_MOD_EXP_CRT); + } + +static int engine_set_default_type(ENGINE_TYPE t, ENGINE *e) + { + ENGINE *old = NULL; + + /* engine_def_check is lean and mean and won't replace any + * prior default engines ... so we must ensure that it is always + * the first function to get to touch the default values. */ + engine_def_check(); + /* Attempt to get a functional reference (we need one anyway, but + * also, 'e' may be just a structural reference being passed in so + * this call may actually be the first). */ + if(e && !ENGINE_init(e)) + { + ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_TYPE, + ENGINE_R_INIT_FAILED); + return 0; + } + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + switch(t) + { +#ifndef OPENSSL_NO_RSA + case ENGINE_TYPE_RSA: + old = engine_def_rsa; + engine_def_rsa = e; break; +#endif +#ifndef OPENSSL_NO_DSA + case ENGINE_TYPE_DSA: + old = engine_def_dsa; + engine_def_dsa = e; break; +#endif +#ifndef OPENSSL_NO_DH + case ENGINE_TYPE_DH: + old = engine_def_dh; + engine_def_dh = e; break; +#endif + case ENGINE_TYPE_RAND: + old = engine_def_rand; + engine_def_rand = e; break; + case ENGINE_TYPE_BN_MOD_EXP: + old = engine_def_bn_mod_exp; + engine_def_bn_mod_exp = e; break; + case ENGINE_TYPE_BN_MOD_EXP_CRT: + old = engine_def_bn_mod_exp_crt; + engine_def_bn_mod_exp_crt = e; break; + default: + break; + } + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + /* If we've replaced a previous value, then we need to remove the + * functional reference we had. */ + if(old && !ENGINE_finish(old)) + { + ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_TYPE, + ENGINE_R_FINISH_FAILED); + return 0; + } + return 1; + } + +#ifndef OPENSSL_NO_RSA +int ENGINE_set_default_RSA(ENGINE *e) + { + return engine_set_default_type(ENGINE_TYPE_RSA, e); + } +#endif + +#ifndef OPENSSL_NO_DSA +int ENGINE_set_default_DSA(ENGINE *e) + { + return engine_set_default_type(ENGINE_TYPE_DSA, e); + } +#endif + +#ifndef OPENSSL_NO_DH +int ENGINE_set_default_DH(ENGINE *e) + { + return engine_set_default_type(ENGINE_TYPE_DH, e); + } +#endif + +int ENGINE_set_default_RAND(ENGINE *e) + { + return engine_set_default_type(ENGINE_TYPE_RAND, e); + } + +int ENGINE_set_default_BN_mod_exp(ENGINE *e) + { + return engine_set_default_type(ENGINE_TYPE_BN_MOD_EXP, e); + } + +int ENGINE_set_default_BN_mod_exp_crt(ENGINE *e) + { + return engine_set_default_type(ENGINE_TYPE_BN_MOD_EXP_CRT, e); + } + +int ENGINE_set_default(ENGINE *e, unsigned int flags) + { +#ifndef OPENSSL_NO_RSA + if((flags & ENGINE_METHOD_RSA) && e->rsa_meth && + !ENGINE_set_default_RSA(e)) + return 0; +#endif +#ifndef OPENSSL_NO_DSA + if((flags & ENGINE_METHOD_DSA) && e->dsa_meth && + !ENGINE_set_default_DSA(e)) + return 0; +#endif +#ifndef OPENSSL_NO_DH + if((flags & ENGINE_METHOD_DH) && e->dh_meth && + !ENGINE_set_default_DH(e)) + return 0; +#endif + if((flags & ENGINE_METHOD_RAND) && e->rand_meth && + !ENGINE_set_default_RAND(e)) + return 0; + if((flags & ENGINE_METHOD_BN_MOD_EXP) && e->bn_mod_exp && + !ENGINE_set_default_BN_mod_exp(e)) + return 0; + if((flags & ENGINE_METHOD_BN_MOD_EXP_CRT) && e->bn_mod_exp_crt && + !ENGINE_set_default_BN_mod_exp_crt(e)) + return 0; + return 1; + } + +int ENGINE_clear_defaults(void) + { + /* If the defaults haven't even been set yet, don't bother. Any kind of + * "cleanup" has a kind of implicit race-condition if another thread is + * trying to keep going, so we don't address that with locking. The + * first ENGINE_set_default_*** call will actually *create* a standard + * set of default ENGINEs (including init() and functional reference + * counts aplenty) before the rest of this function undoes them all. So + * save some hassle ... */ + if(!engine_def_flag) + return 1; + if((0 == 1) || +#ifndef OPENSSL_NO_RSA + !ENGINE_set_default_RSA(NULL) || +#endif +#ifndef OPENSSL_NO_DSA + !ENGINE_set_default_DSA(NULL) || +#endif +#ifndef OPENSSL_NO_DH + !ENGINE_set_default_DH(NULL) || +#endif + !ENGINE_set_default_RAND(NULL) || + !ENGINE_set_default_BN_mod_exp(NULL) || + !ENGINE_set_default_BN_mod_exp_crt(NULL) || + !RAND_set_rand_method(NULL)) + return 0; + return 1; + } + diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c new file mode 100644 index 0000000000..ce45b14df3 --- /dev/null +++ b/crypto/engine/eng_list.c @@ -0,0 +1,699 @@ +/* crypto/engine/engine_list.c */ +/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL + * project 2000. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include "cryptlib.h" +#include "eng_int.h" +#include + +/* The linked-list of pointers to engine types. engine_list_head + * incorporates an implicit structural reference but engine_list_tail + * does not - the latter is a computational niceity and only points + * to something that is already pointed to by its predecessor in the + * list (or engine_list_head itself). In the same way, the use of the + * "prev" pointer in each ENGINE is to save excessive list iteration, + * it doesn't correspond to an extra structural reference. Hence, + * engine_list_head, and each non-null "next" pointer account for + * the list itself assuming exactly 1 structural reference on each + * list member. */ +static ENGINE *engine_list_head = NULL; +static ENGINE *engine_list_tail = NULL; +/* A boolean switch, used to ensure we only initialise once. This + * is needed because the engine list may genuinely become empty during + * use (so we can't use engine_list_head as an indicator for example. */ +static int engine_list_flag = 0; +static int ENGINE_free_util(ENGINE *e, int locked); + +/* These static functions starting with a lower case "engine_" always + * take place when CRYPTO_LOCK_ENGINE has been locked up. */ +static int engine_list_add(ENGINE *e) + { + int conflict = 0; + ENGINE *iterator = NULL; + + if(e == NULL) + { + ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + iterator = engine_list_head; + while(iterator && !conflict) + { + conflict = (strcmp(iterator->id, e->id) == 0); + iterator = iterator->next; + } + if(conflict) + { + ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, + ENGINE_R_CONFLICTING_ENGINE_ID); + return 0; + } + if(engine_list_head == NULL) + { + /* We are adding to an empty list. */ + if(engine_list_tail) + { + ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, + ENGINE_R_INTERNAL_LIST_ERROR); + return 0; + } + engine_list_head = e; + e->prev = NULL; + } + else + { + /* We are adding to the tail of an existing list. */ + if((engine_list_tail == NULL) || + (engine_list_tail->next != NULL)) + { + ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, + ENGINE_R_INTERNAL_LIST_ERROR); + return 0; + } + engine_list_tail->next = e; + e->prev = engine_list_tail; + } + /* Having the engine in the list assumes a structural + * reference. */ + e->struct_ref++; + engine_ref_debug(e, 0, 1) + /* However it came to be, e is the last item in the list. */ + engine_list_tail = e; + e->next = NULL; + return 1; + } + +static int engine_list_remove(ENGINE *e) + { + ENGINE *iterator; + + if(e == NULL) + { + ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + /* We need to check that e is in our linked list! */ + iterator = engine_list_head; + while(iterator && (iterator != e)) + iterator = iterator->next; + if(iterator == NULL) + { + ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE, + ENGINE_R_ENGINE_IS_NOT_IN_LIST); + return 0; + } + /* un-link e from the chain. */ + if(e->next) + e->next->prev = e->prev; + if(e->prev) + e->prev->next = e->next; + /* Correct our head/tail if necessary. */ + if(engine_list_head == e) + engine_list_head = e->next; + if(engine_list_tail == e) + engine_list_tail = e->prev; + ENGINE_free_util(e, 0); + return 1; + } + +/* This check always takes place with CRYPTO_LOCK_ENGINE locked up + * so we're synchronised, but we can't call anything that tries to + * lock it again! :-) NB: For convenience (and code-clarity) we + * don't output errors for failures of the engine_list_add function + * as it will generate errors itself. */ +static int engine_internal_check(void) + { + int toret = 1; + ENGINE *def_engine1, *def_engine2; + if(engine_list_flag) + return 1; + /* This is our first time up, we need to populate the list + * with our statically compiled-in engines. */ + def_engine1 = ENGINE_openssl(); + def_engine2 = ENGINE_dynamic(); + if(!engine_list_add(def_engine1) || + !engine_list_add(def_engine2)) + toret = 0; + else + engine_list_flag = 1; + ENGINE_free_util(def_engine1, 0); + ENGINE_free_util(def_engine2, 0); + return 1; + } + +/* Get the first/last "ENGINE" type available. */ +ENGINE *ENGINE_get_first(void) + { + ENGINE *ret = NULL; + + CRYPTO_r_lock(CRYPTO_LOCK_ENGINE); + if(engine_internal_check()) + { + ret = engine_list_head; + if(ret) + { + ret->struct_ref++; + engine_ref_debug(ret, 0, 1) + } + } + CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE); + return ret; + } +ENGINE *ENGINE_get_last(void) + { + ENGINE *ret = NULL; + + CRYPTO_r_lock(CRYPTO_LOCK_ENGINE); + if(engine_internal_check()) + { + ret = engine_list_tail; + if(ret) + { + ret->struct_ref++; + engine_ref_debug(ret, 0, 1) + } + } + CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE); + return ret; + } + +/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */ +ENGINE *ENGINE_get_next(ENGINE *e) + { + ENGINE *ret = NULL; + if(e == NULL) + { + ENGINEerr(ENGINE_F_ENGINE_GET_NEXT, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + CRYPTO_r_lock(CRYPTO_LOCK_ENGINE); + ret = e->next; + if(ret) + { + /* Return a valid structural refernce to the next ENGINE */ + ret->struct_ref++; + engine_ref_debug(ret, 0, 1) + } + CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE); + /* Release the structural reference to the previous ENGINE */ + ENGINE_free(e); + return ret; + } +ENGINE *ENGINE_get_prev(ENGINE *e) + { + ENGINE *ret = NULL; + if(e == NULL) + { + ENGINEerr(ENGINE_F_ENGINE_GET_PREV, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + CRYPTO_r_lock(CRYPTO_LOCK_ENGINE); + ret = e->prev; + if(ret) + { + /* Return a valid structural reference to the next ENGINE */ + ret->struct_ref++; + engine_ref_debug(ret, 0, 1) + } + CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE); + /* Release the structural reference to the previous ENGINE */ + ENGINE_free(e); + return ret; + } + +/* Add another "ENGINE" type into the list. */ +int ENGINE_add(ENGINE *e) + { + int to_return = 1; + if(e == NULL) + { + ENGINEerr(ENGINE_F_ENGINE_ADD, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if((e->id == NULL) || (e->name == NULL)) + { + ENGINEerr(ENGINE_F_ENGINE_ADD, + ENGINE_R_ID_OR_NAME_MISSING); + } + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + if(!engine_internal_check() || !engine_list_add(e)) + { + ENGINEerr(ENGINE_F_ENGINE_ADD, + ENGINE_R_INTERNAL_LIST_ERROR); + to_return = 0; + } + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + return to_return; + } + +/* Remove an existing "ENGINE" type from the array. */ +int ENGINE_remove(ENGINE *e) + { + int to_return = 1; + if(e == NULL) + { + ENGINEerr(ENGINE_F_ENGINE_REMOVE, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + if(!engine_internal_check() || !engine_list_remove(e)) + { + ENGINEerr(ENGINE_F_ENGINE_REMOVE, + ENGINE_R_INTERNAL_LIST_ERROR); + to_return = 0; + } + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + return to_return; + } + +ENGINE *ENGINE_by_id(const char *id) + { + ENGINE *iterator = NULL, *cp = NULL; + if(id == NULL) + { + ENGINEerr(ENGINE_F_ENGINE_BY_ID, + ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + CRYPTO_r_lock(CRYPTO_LOCK_ENGINE); + if(!engine_internal_check()) + ENGINEerr(ENGINE_F_ENGINE_BY_ID, + ENGINE_R_INTERNAL_LIST_ERROR); + else + { + iterator = engine_list_head; + while(iterator && (strcmp(id, iterator->id) != 0)) + iterator = iterator->next; + if(iterator) + { + /* We need to return a structural reference. If this is + * a "dynamic" ENGINE type, make a duplicate - otherwise + * increment the existing ENGINE's reference count. */ + if(iterator->flags & ENGINE_FLAGS_BY_ID_COPY) + { + cp = ENGINE_new(); + if(!cp) + iterator = NULL; + else + { + ENGINE_cpy(cp, iterator); + iterator = cp; + } + } + else + { + iterator->struct_ref++; + engine_ref_debug(iterator, 0, 1) + } + } + } + CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE); + if(iterator == NULL) + ENGINEerr(ENGINE_F_ENGINE_BY_ID, + ENGINE_R_NO_SUCH_ENGINE); + return iterator; + } + +ENGINE *ENGINE_new(void) + { + ENGINE *ret; + + ret = (ENGINE *)OPENSSL_malloc(sizeof(ENGINE)); + if(ret == NULL) + { + ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE); + return NULL; + } + memset(ret, 0, sizeof(ENGINE)); + ret->struct_ref = 1; + engine_ref_debug(ret, 0, 1) + CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data); + return ret; + } + +static int ENGINE_free_util(ENGINE *e, int locked) + { + int i; + + if(e == NULL) + { + ENGINEerr(ENGINE_F_ENGINE_FREE, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if(locked) + i = CRYPTO_add(&e->struct_ref,-1,CRYPTO_LOCK_ENGINE); + else + i = --e->struct_ref; + engine_ref_debug(e, 0, -1) + if (i > 0) return 1; +#ifdef REF_CHECK + if (i < 0) + { + fprintf(stderr,"ENGINE_free, bad structural reference count\n"); + abort(); + } +#endif + /* Give the ENGINE a chance to do any structural cleanup corresponding + * to allocation it did in its constructor (eg. unload error strings) */ + if(e->destroy) + e->destroy(e); + sk_ENGINE_EVP_CIPHER_pop_free(e->ciphers,ENGINE_free_engine_cipher); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data); + OPENSSL_free(e); + return 1; + } + +int ENGINE_free(ENGINE *e) + { + return ENGINE_free_util(e, 1); + } + +int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) + { + return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, argl, argp, + new_func, dup_func, free_func); + } + +int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg) + { + return(CRYPTO_set_ex_data(&e->ex_data, idx, arg)); + } + +void *ENGINE_get_ex_data(const ENGINE *e, int idx) + { + return(CRYPTO_get_ex_data(&e->ex_data, idx)); + } + +void ENGINE_cleanup(void) + { + ENGINE *iterator = engine_list_head; + + while(iterator != NULL) + { + ENGINE_remove(iterator); + iterator = engine_list_head; + } + engine_list_flag = 0; + /* Also unset any "default" ENGINEs that may have been set up (a default + * constitutes a functional reference on an ENGINE and there's one for + * each algorithm). */ + ENGINE_clear_defaults(); + return; + } + +int ENGINE_set_id(ENGINE *e, const char *id) + { + if(id == NULL) + { + ENGINEerr(ENGINE_F_ENGINE_SET_ID, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + e->id = id; + return 1; + } + +int ENGINE_set_name(ENGINE *e, const char *name) + { + if(name == NULL) + { + ENGINEerr(ENGINE_F_ENGINE_SET_NAME, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + e->name = name; + return 1; + } + +int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth) + { +#ifndef OPENSSL_NO_RSA + e->rsa_meth = rsa_meth; + return 1; +#else + return 0; +#endif + } + +int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth) + { +#ifndef OPENSSL_NO_DSA + e->dsa_meth = dsa_meth; + return 1; +#else + return 0; +#endif + } + +int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth) + { +#ifndef OPENSSL_NO_DH + e->dh_meth = dh_meth; + return 1; +#else + return 0; +#endif + } + +int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth) + { + e->rand_meth = rand_meth; + return 1; + } + +int ENGINE_set_BN_mod_exp(ENGINE *e, BN_MOD_EXP bn_mod_exp) + { + e->bn_mod_exp = bn_mod_exp; + return 1; + } + +int ENGINE_set_BN_mod_exp_crt(ENGINE *e, BN_MOD_EXP_CRT bn_mod_exp_crt) + { + e->bn_mod_exp_crt = bn_mod_exp_crt; + return 1; + } + +int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f) + { + e->destroy = destroy_f; + return 1; + } + +int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f) + { + e->init = init_f; + return 1; + } + +int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f) + { + e->finish = finish_f; + return 1; + } + +int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f) + { + e->ctrl = ctrl_f; + return 1; + } + +int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f) + { + e->load_privkey = loadpriv_f; + return 1; + } + +int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f) + { + e->load_pubkey = loadpub_f; + return 1; + } + +int ENGINE_set_flags(ENGINE *e, int flags) + { + e->flags = flags; + return 1; + } + +int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns) + { + e->cmd_defns = defns; + return 1; + } + +int ENGINE_cpy(ENGINE *dest, const ENGINE *src) + { + if(ENGINE_set_id(dest, ENGINE_get_id(src)) && + ENGINE_set_name(dest, ENGINE_get_name(src)) && +#ifndef OPENSSL_NO_RSA + ENGINE_set_RSA(dest, ENGINE_get_RSA(src)) && +#endif +#ifndef OPENSSL_NO_RSA + ENGINE_set_DSA(dest, ENGINE_get_DSA(src)) && +#endif +#ifndef OPENSSL_NO_RSA + ENGINE_set_DH(dest, ENGINE_get_DH(src)) && +#endif + ENGINE_set_RAND(dest, ENGINE_get_RAND(src)) && + ENGINE_set_BN_mod_exp(dest, + ENGINE_get_BN_mod_exp(src)) && + ENGINE_set_BN_mod_exp_crt(dest, + ENGINE_get_BN_mod_exp_crt(src)) && + ENGINE_set_init_function(dest, + ENGINE_get_init_function(src)) && + ENGINE_set_finish_function(dest, + ENGINE_get_finish_function(src)) && + ENGINE_set_ctrl_function(dest, + ENGINE_get_ctrl_function(src)) && + ENGINE_set_load_privkey_function(dest, + ENGINE_get_load_privkey_function(src)) && + ENGINE_set_load_pubkey_function(dest, + ENGINE_get_load_pubkey_function(src)) && + ENGINE_set_flags(dest, ENGINE_get_flags(src)) && + ENGINE_set_cmd_defns(dest, ENGINE_get_cmd_defns(src))) + return 1; + return 0; + } + +const char *ENGINE_get_id(const ENGINE *e) + { + return e->id; + } + +const char *ENGINE_get_name(const ENGINE *e) + { + return e->name; + } + +const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e) + { + return e->rsa_meth; + } + +const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e) + { + return e->dsa_meth; + } + +const DH_METHOD *ENGINE_get_DH(const ENGINE *e) + { + return e->dh_meth; + } + +const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e) + { + return e->rand_meth; + } + +BN_MOD_EXP ENGINE_get_BN_mod_exp(const ENGINE *e) + { + return e->bn_mod_exp; + } + +BN_MOD_EXP_CRT ENGINE_get_BN_mod_exp_crt(const ENGINE *e) + { + return e->bn_mod_exp_crt; + } + +ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e) + { + return e->destroy; + } + +ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e) + { + return e->init; + } + +ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e) + { + return e->finish; + } + +ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e) + { + return e->ctrl; + } + +ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e) + { + return e->load_privkey; + } + +ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e) + { + return e->load_pubkey; + } + +int ENGINE_get_flags(const ENGINE *e) + { + return e->flags; + } + +const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e) + { + return e->cmd_defns; + } diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c new file mode 100644 index 0000000000..c353df97d6 --- /dev/null +++ b/crypto/engine/eng_openssl.c @@ -0,0 +1,165 @@ +/* crypto/engine/engine_openssl.c */ +/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL + * project 2000. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + + +#include +#include +#include "cryptlib.h" +#include +#include + +/* This is the only function we need to implement as OpenSSL + * doesn't have a native CRT mod_exp. Perhaps this should be + * BN_mod_exp_crt and moved into crypto/bn/ ?? ... dunno. */ +static int openssl_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1, + const BIGNUM *iqmp, BN_CTX *ctx); + +/* The constants used when creating the ENGINE */ +static const char *engine_openssl_id = "openssl"; +static const char *engine_openssl_name = "Software default engine support"; + +/* As this is only ever called once, there's no need for locking + * (indeed - the lock will already be held by our caller!!!) */ +ENGINE *ENGINE_openssl(void) + { + ENGINE *ret = ENGINE_new(); + if(!ret) + return NULL; + if(!ENGINE_set_id(ret, engine_openssl_id) || + !ENGINE_set_name(ret, engine_openssl_name) || +#ifndef OPENSSL_NO_RSA + !ENGINE_set_RSA(ret, RSA_get_default_openssl_method()) || +#endif +#ifndef OPENSSL_NO_DSA + !ENGINE_set_DSA(ret, DSA_get_default_openssl_method()) || +#endif +#ifndef OPENSSL_NO_DH + !ENGINE_set_DH(ret, DH_get_default_openssl_method()) || +#endif + !ENGINE_set_RAND(ret, RAND_SSLeay()) || + !ENGINE_set_BN_mod_exp(ret, BN_mod_exp) || + !ENGINE_set_BN_mod_exp_crt(ret, openssl_mod_exp_crt)) + { + ENGINE_free(ret); + return NULL; + } + return ret; + } + +/* Chinese Remainder Theorem, taken and adapted from rsa_eay.c */ +static int openssl_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *q, const BIGNUM *dmp1, + const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx) + { + BIGNUM r1,m1; + int ret=0; + BN_CTX *bn_ctx; + BIGNUM *temp_bn = NULL; + + if (ctx) + bn_ctx = ctx; + else + if ((bn_ctx=BN_CTX_new()) == NULL) goto err; + BN_init(&m1); + BN_init(&r1); + /* BN_mul() cannot accept const BIGNUMs so I use the BN_CTX + * to duplicate what I need. */ + BN_CTX_start(bn_ctx); + if ((temp_bn = BN_CTX_get(bn_ctx)) == NULL) goto err; + if (!BN_copy(temp_bn, iqmp)) goto err; + + if (!BN_mod(&r1, a, q, bn_ctx)) goto err; + if (!BN_mod_exp(&m1, &r1, dmq1, q, bn_ctx)) + goto err; + + if (!BN_mod(&r1, a, p, bn_ctx)) goto err; + if (!BN_mod_exp(r, &r1, dmp1, p, bn_ctx)) + goto err; + + if (!BN_sub(r, r, &m1)) goto err; + /* This will help stop the size of r0 increasing, which does + * affect the multiply if it optimised for a power of 2 size */ + if (r->neg) + if (!BN_add(r, r, p)) goto err; + + if (!BN_mul(&r1, r, temp_bn, bn_ctx)) goto err; + if (!BN_mod(r, &r1, p, bn_ctx)) goto err; + /* If p < q it is occasionally possible for the correction of + * adding 'p' if r is negative above to leave the result still + * negative. This can break the private key operations: the following + * second correction should *always* correct this rare occurrence. + * This will *never* happen with OpenSSL generated keys because + * they ensure p > q [steve] + */ + if (r->neg) + if (!BN_add(r, r, p)) goto err; + /* Again, BN_mul() will need non-const values. */ + if (!BN_copy(temp_bn, q)) goto err; + if (!BN_mul(&r1, r, temp_bn, bn_ctx)) goto err; + if (!BN_add(r, &r1, &m1)) goto err; + + ret=1; +err: + BN_clear_free(&m1); + BN_clear_free(&r1); + BN_CTX_end(ctx); + if (!ctx) + BN_CTX_free(bn_ctx); + return(ret); + } diff --git a/crypto/engine/engine_all.c b/crypto/engine/engine_all.c deleted file mode 100644 index 0e8480155c..0000000000 --- a/crypto/engine/engine_all.c +++ /dev/null @@ -1,142 +0,0 @@ -/* crypto/engine/engine_all.c -*- mode: C; c-file-style: "eay" -*- */ -/* Written by Richard Levitte for the OpenSSL - * project 2000. - */ -/* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include -#include "engine_int.h" - -static int engine_add(ENGINE *e) - { - int toret = 1; - if (!ENGINE_by_id(ENGINE_get_id(e))) - { - (void)ERR_get_error(); - toret = ENGINE_add(e); - } - ENGINE_free(e); - return toret; - } - -void ENGINE_load_cswift(void) - { -#ifndef OPENSSL_NO_HW -#ifndef OPENSSL_NO_HW_CSWIFT - engine_add(ENGINE_cswift()); -#endif /* !OPENSSL_NO_HW_CSWIFT */ -#endif /* !OPENSSL_NO_HW */ - } - -void ENGINE_load_chil(void) - { -#ifndef OPENSSL_NO_HW -#ifndef OPENSSL_NO_HW_CSWIFT - engine_add(ENGINE_ncipher()); -#endif /* !OPENSSL_NO_HW_CSWIFT */ -#endif /* !OPENSSL_NO_HW */ - } - -void ENGINE_load_atalla(void) - { -#ifndef OPENSSL_NO_HW -#ifndef OPENSSL_NO_HW_CSWIFT - engine_add(ENGINE_atalla()); -#endif /* !OPENSSL_NO_HW_CSWIFT */ -#endif /* !OPENSSL_NO_HW */ - } - -void ENGINE_load_nuron(void) - { -#ifndef OPENSSL_NO_HW -#ifndef OPENSSL_NO_HW_CSWIFT - engine_add(ENGINE_nuron()); -#endif /* !OPENSSL_NO_HW_CSWIFT */ -#endif /* !OPENSSL_NO_HW */ - } - -void ENGINE_load_ubsec(void) - { -#ifndef OPENSSL_NO_HW -#ifndef OPENSSL_NO_HW_UBSEC - engine_add(ENGINE_ubsec()); -#endif /* !OPENSSL_NO_HW_UBSEC */ -#endif /* !OPENSSL_NO_HW */ - } - -void ENGINE_load_openbsd_dev_crypto(void) - { -#ifndef OPENSSL_NO_HW -# ifdef OPENSSL_OPENBSD_DEV_CRYPTO - engine_add(ENGINE_openbsd_dev_crypto()); -# endif -#endif /* !OPENSSL_NO_HW */ - } - -void ENGINE_load_builtin_engines(void) - { - static int done=0; - - if (done) return; - done=1; - - ENGINE_load_cswift(); - ENGINE_load_chil(); - ENGINE_load_atalla(); - ENGINE_load_nuron(); - ENGINE_load_ubsec(); - ENGINE_load_openbsd_dev_crypto(); - } diff --git a/crypto/engine/engine_dyn.c b/crypto/engine/engine_dyn.c deleted file mode 100644 index 1e5eded1ee..0000000000 --- a/crypto/engine/engine_dyn.c +++ /dev/null @@ -1,427 +0,0 @@ -/* crypto/engine/engine_dyn.c */ -/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL - * project 2000. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - - -#include -#include -#include "cryptlib.h" -#include "engine_int.h" -#include -#include - -/* Shared libraries implementing ENGINEs for use by the "dynamic" ENGINE loader - * should implement the hook-up functions with the following prototypes. */ - -/* Our ENGINE handlers */ -static int dynamic_init(ENGINE *e); -static int dynamic_finish(ENGINE *e); -static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); -/* Predeclare our context type */ -typedef struct st_dynamic_data_ctx dynamic_data_ctx; -/* The implementation for the important control command */ -static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx); - -#define DYNAMIC_CMD_SO_PATH ENGINE_CMD_BASE -#define DYNAMIC_CMD_NO_VCHECK (ENGINE_CMD_BASE + 1) -#define DYNAMIC_CMD_ENGINE_ID (ENGINE_CMD_BASE + 2) -#define DYNAMIC_CMD_LIST_ADD (ENGINE_CMD_BASE + 3) -#define DYNAMIC_CMD_LOAD (ENGINE_CMD_BASE + 4) - -/* The constants used when creating the ENGINE */ -static const char *engine_dynamic_id = "dynamic"; -static const char *engine_dynamic_name = "Dynamic engine loading support"; -static const ENGINE_CMD_DEFN dynamic_cmd_defns[] = { - {DYNAMIC_CMD_SO_PATH, - "SO_PATH", - "Specifies the path to the new ENGINE shared library", - ENGINE_CMD_FLAG_STRING}, - {DYNAMIC_CMD_NO_VCHECK, - "NO_VCHECK", - "Specifies to continue even if version checking fails (boolean)", - ENGINE_CMD_FLAG_NUMERIC}, - {DYNAMIC_CMD_ENGINE_ID, - "ENGINE_ID", - "Specifies an ENGINE id name for loading", - ENGINE_CMD_FLAG_STRING}, - {DYNAMIC_CMD_LIST_ADD, - "LIST_ADD", - "Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)", - ENGINE_CMD_FLAG_NUMERIC}, - {DYNAMIC_CMD_LOAD, - "LOAD", - "Load up the ENGINE specified by other settings", - ENGINE_CMD_FLAG_NO_INPUT}, - {0, NULL, NULL, 0} - }; - -/* Loading code stores state inside the ENGINE structure via the "ex_data" - * element. We load all our state into a single structure and use that as a - * single context in the "ex_data" stack. */ -struct st_dynamic_data_ctx - { - /* The DSO object we load that supplies the ENGINE code */ - DSO *dynamic_dso; - /* The function pointer to the version checking shared library function */ - dynamic_v_check_fn v_check; - /* The function pointer to the engine-binding shared library function */ - dynamic_bind_engine bind_engine; - /* The default name/path for loading the shared library */ - const char *DYNAMIC_LIBNAME; - /* Whether to continue loading on a version check failure */ - int no_vcheck; - /* If non-NULL, stipulates the 'id' of the ENGINE to be loaded */ - const char *engine_id; - /* If non-zero, a successfully loaded ENGINE should be added to the internal - * ENGINE list. If 2, the add must succeed or the entire load should fail. */ - int list_add_value; - /* The symbol name for the version checking function */ - const char *DYNAMIC_F1; - /* The symbol name for the "initialise ENGINE structure" function */ - const char *DYNAMIC_F2; - }; - -/* This is the "ex_data" index we obtain and reserve for use with our context - * structure. */ -static int dynamic_ex_data_idx = -1; - -/* Because our ex_data element may or may not get allocated depending on whether - * a "first-use" occurs before the ENGINE is freed, we have a memory leak - * problem to solve. We can't declare a "new" handler for the ex_data as we - * don't want a dynamic_data_ctx in *all* ENGINE structures of all types (this - * is a bug in the design of CRYPTO_EX_DATA). As such, we just declare a "free" - * handler and that will get called if an ENGINE is being destroyed and there - * was an ex_data element corresponding to our context type. */ -static void dynamic_data_ctx_free_func(void *parent, void *ptr, - CRYPTO_EX_DATA *ad, int idx, long argl, void *argp) - { - if(ptr) - { - dynamic_data_ctx *ctx = (dynamic_data_ctx *)ptr; - if(ctx->dynamic_dso) - DSO_free(ctx->dynamic_dso); - OPENSSL_free(ctx); - } - } - -/* Construct the per-ENGINE context. We create it blindly and then use a lock to - * check for a race - if so, all but one of the threads "racing" will have - * wasted their time. The alternative involves creating everything inside the - * lock which is far worse. */ -static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx) - { - dynamic_data_ctx *c; - c = OPENSSL_malloc(sizeof(dynamic_data_ctx)); - if(!ctx) - { - ENGINEerr(ENGINE_F_SET_DATA_CTX,ERR_R_MALLOC_FAILURE); - return 0; - } - memset(c, 0, sizeof(dynamic_data_ctx)); - c->dynamic_dso = NULL; - c->v_check = NULL; - c->bind_engine = NULL; - c->DYNAMIC_LIBNAME = NULL; - c->no_vcheck = 0; - c->engine_id = NULL; - c->list_add_value = 0; - c->DYNAMIC_F1 = "v_check"; - c->DYNAMIC_F2 = "bind_engine"; - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - if((*ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, - dynamic_ex_data_idx)) == NULL) - { - /* Good, we're the first */ - ENGINE_set_ex_data(e, dynamic_ex_data_idx, c); - *ctx = c; - c = NULL; - } - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - /* If we lost the race to set the context, c is non-NULL and *ctx is the - * context of the thread that won. */ - if(c) - OPENSSL_free(c); - return 1; - } - -/* This function retrieves the context structure from an ENGINE's "ex_data", or - * if it doesn't exist yet, sets it up. */ -static dynamic_data_ctx *dynamic_get_data_ctx(ENGINE *e) - { - dynamic_data_ctx *ctx; - if(dynamic_ex_data_idx < 0) - { - /* Create and register the ENGINE ex_data, and associate our - * "free" function with it to ensure any allocated contexts get - * freed when an ENGINE goes underground. */ - int new_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, - dynamic_data_ctx_free_func); - if(new_idx == -1) - { - ENGINEerr(ENGINE_F_DYNAMIC_GET_DATA_CTX,ENGINE_R_NO_INDEX); - return NULL; - } - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - /* Avoid a race by checking again inside this lock */ - if(dynamic_ex_data_idx < 0) - { - /* Good, someone didn't beat us to it */ - dynamic_ex_data_idx = new_idx; - new_idx = -1; - } - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - /* In theory we could "give back" the index here if - * (new_idx>-1), but it's not possible and wouldn't gain us much - * if it were. */ - } - ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, dynamic_ex_data_idx); - /* Check if the context needs to be created */ - if((ctx == NULL) && !dynamic_set_data_ctx(e, &ctx)) - /* "set_data" will set errors if necessary */ - return NULL; - return ctx; - } - -/* As this is only ever called once, there's no need for locking - * (indeed - the lock will already be held by our caller!!!) */ -ENGINE *ENGINE_dynamic(void) - { - ENGINE *ret = ENGINE_new(); - if(!ret) - return NULL; - if(!ENGINE_set_id(ret, engine_dynamic_id) || - !ENGINE_set_name(ret, engine_dynamic_name) || - !ENGINE_set_init_function(ret, dynamic_init) || - !ENGINE_set_finish_function(ret, dynamic_finish) || - !ENGINE_set_ctrl_function(ret, dynamic_ctrl) || - !ENGINE_set_flags(ret, ENGINE_FLAGS_BY_ID_COPY) || - !ENGINE_set_cmd_defns(ret, dynamic_cmd_defns)) - { - ENGINE_free(ret); - return NULL; - } - return ret; - } - -static int dynamic_init(ENGINE *e) - { - /* We always return failure - the "dyanamic" engine itself can't be used - * for anything. */ - return 0; - } - -static int dynamic_finish(ENGINE *e) - { - /* This should never be called on account of "dynamic_init" always - * failing. */ - return 0; - } - -static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) - { - dynamic_data_ctx *ctx = dynamic_get_data_ctx(e); - int initialised; - - if(!ctx) - { - ENGINEerr(ENGINE_F_DYNAMIC_CTRL,ENGINE_R_NOT_LOADED); - return 0; - } - initialised = ((ctx->dynamic_dso == NULL) ? 0 : 1); - /* All our control commands require the ENGINE to be uninitialised */ - if(initialised) - { - ENGINEerr(ENGINE_F_DYNAMIC_CTRL, - ENGINE_R_ALREADY_LOADED); - return 0; - } - switch(cmd) - { - case DYNAMIC_CMD_SO_PATH: - /* a NULL 'p' or a string of zero-length is the same thing */ - if(p && (strlen((const char *)p) < 1)) - p = NULL; - ctx->DYNAMIC_LIBNAME = (const char *)p; - return 1; - case DYNAMIC_CMD_NO_VCHECK: - ctx->no_vcheck = ((i == 0) ? 0 : 1); - return 1; - case DYNAMIC_CMD_ENGINE_ID: - /* a NULL 'p' or a string of zero-length is the same thing */ - if(p && (strlen((const char *)p) < 1)) - p = NULL; - ctx->engine_id = (const char *)p; - return 1; - case DYNAMIC_CMD_LIST_ADD: - if((i < 0) || (i > 2)) - { - ENGINEerr(ENGINE_F_DYNAMIC_CTRL, - ENGINE_R_INVALID_ARGUMENT); - return 0; - } - ctx->list_add_value = (int)i; - return 1; - case DYNAMIC_CMD_LOAD: - return dynamic_load(e, ctx); - default: - break; - } - ENGINEerr(ENGINE_F_DYNAMIC_CTRL,ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED); - return 0; - } - -static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx) - { - ENGINE cpy; - dynamic_fns fns; - - if(!ctx->DYNAMIC_LIBNAME || ((ctx->dynamic_dso = DSO_load(NULL, - ctx->DYNAMIC_LIBNAME, NULL, 0)) == NULL)) - { - ENGINEerr(ENGINE_F_DYNAMIC_LOAD, - ENGINE_R_DSO_NOT_FOUND); - return 0; - } - /* We have to find a bind function otherwise it'll always end badly */ - if(!(ctx->bind_engine = (dynamic_bind_engine)DSO_bind_func( - ctx->dynamic_dso, ctx->DYNAMIC_F2))) - { - ctx->bind_engine = NULL; - DSO_free(ctx->dynamic_dso); - ctx->dynamic_dso = NULL; - ENGINEerr(ENGINE_F_DYNAMIC_LOAD, - ENGINE_R_DSO_FAILURE); - return 0; - } - /* Do we perform version checking? */ - if(!ctx->no_vcheck) - { - unsigned long vcheck_res = 0; - /* Now we try to find a version checking function and decide how - * to cope with failure if/when it fails. */ - ctx->v_check = (dynamic_v_check_fn)DSO_bind_func( - ctx->dynamic_dso, ctx->DYNAMIC_F1); - if(ctx->v_check) - vcheck_res = ctx->v_check(OSSL_DYNAMIC_VERSION); - /* We fail if the version checker veto'd the load *or* if it is - * deferring to us (by returning its version) and we think it is - * too old. */ - if(vcheck_res < OSSL_DYNAMIC_OLDEST) - { - /* Fail */ - ctx->bind_engine = NULL; - ctx->v_check = NULL; - DSO_free(ctx->dynamic_dso); - ctx->dynamic_dso = NULL; - ENGINEerr(ENGINE_F_DYNAMIC_LOAD, - ENGINE_R_VERSION_INCOMPATIBILITY); - return 0; - } - } - /* First binary copy the ENGINE structure so that we can roll back if - * the hand-over fails */ - memcpy(&cpy, e, sizeof(ENGINE)); - /* Provide the ERR, "ex_data", memory, and locking callbacks so the - * loaded library uses our state rather than its own. FIXME: As noted in - * engine.h, much of this would be simplified if each area of code - * provided its own "summary" structure of all related callbacks. It - * would also increase opaqueness. */ - fns.err_fns = ERR_get_implementation(); - fns.ex_data_fns = CRYPTO_get_ex_data_implementation(); - CRYPTO_get_mem_functions(&fns.mem_fns.malloc_cb, - &fns.mem_fns.realloc_cb, - &fns.mem_fns.free_cb); - fns.lock_fns.lock_locking_cb = CRYPTO_get_locking_callback(); - fns.lock_fns.lock_add_lock_cb = CRYPTO_get_add_lock_callback(); - fns.lock_fns.dynlock_create_cb = CRYPTO_get_dynlock_create_callback(); - fns.lock_fns.dynlock_lock_cb = CRYPTO_get_dynlock_lock_callback(); - fns.lock_fns.dynlock_destroy_cb = CRYPTO_get_dynlock_destroy_callback(); - /* Try to bind the ENGINE onto our own ENGINE structure */ - if(!ctx->bind_engine(e, ctx->engine_id, &fns)) - { - ctx->bind_engine = NULL; - ctx->v_check = NULL; - DSO_free(ctx->dynamic_dso); - ctx->dynamic_dso = NULL; - ENGINEerr(ENGINE_F_DYNAMIC_LOAD,ENGINE_R_INIT_FAILED); - /* Copy the original ENGINE structure back */ - memcpy(e, &cpy, sizeof(ENGINE)); - return 0; - } - /* Do we try to add this ENGINE to the internal list too? */ - if(ctx->list_add_value > 0) - { - if(!ENGINE_add(e)) - { - /* Do we tolerate this or fail? */ - if(ctx->list_add_value > 1) - { - /* Fail - NB: By this time, it's too late to - * rollback, and trying to do so allows the - * bind_engine() code to have created leaks. We - * just have to fail where we are, after the - * ENGINE has changed. */ - ENGINEerr(ENGINE_F_DYNAMIC_LOAD, - ENGINE_R_CONFLICTING_ENGINE_ID); - return 0; - } - /* Tolerate */ - ERR_clear_error(); - } - } - return 1; - } diff --git a/crypto/engine/engine_err.c b/crypto/engine/engine_err.c deleted file mode 100644 index e76a4e3d4d..0000000000 --- a/crypto/engine/engine_err.c +++ /dev/null @@ -1,166 +0,0 @@ -/* crypto/engine/engine_err.c */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#include -#include -#include - -/* BEGIN ERROR CODES */ -#ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA ENGINE_str_functs[]= - { -{ERR_PACK(0,ENGINE_F_DYNAMIC_CTRL,0), "DYNAMIC_CTRL"}, -{ERR_PACK(0,ENGINE_F_DYNAMIC_GET_DATA_CTX,0), "DYNAMIC_GET_DATA_CTX"}, -{ERR_PACK(0,ENGINE_F_DYNAMIC_LOAD,0), "DYNAMIC_LOAD"}, -{ERR_PACK(0,ENGINE_F_ENGINE_ADD,0), "ENGINE_add"}, -{ERR_PACK(0,ENGINE_F_ENGINE_BY_ID,0), "ENGINE_by_id"}, -{ERR_PACK(0,ENGINE_F_ENGINE_CMD_IS_EXECUTABLE,0), "ENGINE_cmd_is_executable"}, -{ERR_PACK(0,ENGINE_F_ENGINE_CTRL,0), "ENGINE_ctrl"}, -{ERR_PACK(0,ENGINE_F_ENGINE_CTRL_CMD,0), "ENGINE_ctrl_cmd"}, -{ERR_PACK(0,ENGINE_F_ENGINE_CTRL_CMD_STRING,0), "ENGINE_ctrl_cmd_string"}, -{ERR_PACK(0,ENGINE_F_ENGINE_FINISH,0), "ENGINE_finish"}, -{ERR_PACK(0,ENGINE_F_ENGINE_FREE,0), "ENGINE_free"}, -{ERR_PACK(0,ENGINE_F_ENGINE_GET_DEFAULT_TYPE,0), "ENGINE_GET_DEFAULT_TYPE"}, -{ERR_PACK(0,ENGINE_F_ENGINE_GET_NEXT,0), "ENGINE_get_next"}, -{ERR_PACK(0,ENGINE_F_ENGINE_GET_PREV,0), "ENGINE_get_prev"}, -{ERR_PACK(0,ENGINE_F_ENGINE_INIT,0), "ENGINE_init"}, -{ERR_PACK(0,ENGINE_F_ENGINE_LIST_ADD,0), "ENGINE_LIST_ADD"}, -{ERR_PACK(0,ENGINE_F_ENGINE_LIST_REMOVE,0), "ENGINE_LIST_REMOVE"}, -{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,0), "ENGINE_load_private_key"}, -{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,0), "ENGINE_load_public_key"}, -{ERR_PACK(0,ENGINE_F_ENGINE_NEW,0), "ENGINE_new"}, -{ERR_PACK(0,ENGINE_F_ENGINE_REMOVE,0), "ENGINE_remove"}, -{ERR_PACK(0,ENGINE_F_ENGINE_SET_DEFAULT_TYPE,0), "ENGINE_SET_DEFAULT_TYPE"}, -{ERR_PACK(0,ENGINE_F_ENGINE_SET_ID,0), "ENGINE_set_id"}, -{ERR_PACK(0,ENGINE_F_ENGINE_SET_NAME,0), "ENGINE_set_name"}, -{ERR_PACK(0,ENGINE_F_ENGINE_UNLOAD_KEY,0), "ENGINE_UNLOAD_KEY"}, -{ERR_PACK(0,ENGINE_F_INT_CTRL_HELPER,0), "INT_CTRL_HELPER"}, -{ERR_PACK(0,ENGINE_F_LOG_MESSAGE,0), "LOG_MESSAGE"}, -{ERR_PACK(0,ENGINE_F_SET_DATA_CTX,0), "SET_DATA_CTX"}, -{0,NULL} - }; - -static ERR_STRING_DATA ENGINE_str_reasons[]= - { -{ENGINE_R_ALREADY_LOADED ,"already loaded"}, -{ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER ,"argument is not a number"}, -{ENGINE_R_BIO_WAS_FREED ,"bio was freed"}, -{ENGINE_R_BN_CTX_FULL ,"BN_CTX full"}, -{ENGINE_R_BN_EXPAND_FAIL ,"bn_expand fail"}, -{ENGINE_R_CHIL_ERROR ,"chil error"}, -{ENGINE_R_CMD_NOT_EXECUTABLE ,"cmd not executable"}, -{ENGINE_R_COMMAND_TAKES_INPUT ,"command takes input"}, -{ENGINE_R_COMMAND_TAKES_NO_INPUT ,"command takes no input"}, -{ENGINE_R_CONFLICTING_ENGINE_ID ,"conflicting engine id"}, -{ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"}, -{ENGINE_R_DH_NOT_IMPLEMENTED ,"dh not implemented"}, -{ENGINE_R_DSA_NOT_IMPLEMENTED ,"dsa not implemented"}, -{ENGINE_R_DSO_FAILURE ,"DSO failure"}, -{ENGINE_R_DSO_FUNCTION_NOT_FOUND ,"dso function not found"}, -{ENGINE_R_DSO_NOT_FOUND ,"dso not found"}, -{ENGINE_R_ENGINE_IS_NOT_IN_LIST ,"engine is not in the list"}, -{ENGINE_R_FAILED_LOADING_PRIVATE_KEY ,"failed loading private key"}, -{ENGINE_R_FAILED_LOADING_PUBLIC_KEY ,"failed loading public key"}, -{ENGINE_R_FINISH_FAILED ,"finish failed"}, -{ENGINE_R_GET_HANDLE_FAILED ,"could not obtain hardware handle"}, -{ENGINE_R_ID_OR_NAME_MISSING ,"'id' or 'name' missing"}, -{ENGINE_R_INIT_FAILED ,"init failed"}, -{ENGINE_R_INTERNAL_LIST_ERROR ,"internal list error"}, -{ENGINE_R_INVALID_ARGUMENT ,"invalid argument"}, -{ENGINE_R_INVALID_CMD_NAME ,"invalid cmd name"}, -{ENGINE_R_INVALID_CMD_NUMBER ,"invalid cmd number"}, -{ENGINE_R_MISSING_KEY_COMPONENTS ,"missing key components"}, -{ENGINE_R_NOT_INITIALISED ,"not initialised"}, -{ENGINE_R_NOT_LOADED ,"not loaded"}, -{ENGINE_R_NO_CALLBACK ,"no callback"}, -{ENGINE_R_NO_CONTROL_FUNCTION ,"no control function"}, -{ENGINE_R_NO_INDEX ,"no index"}, -{ENGINE_R_NO_KEY ,"no key"}, -{ENGINE_R_NO_LOAD_FUNCTION ,"no load function"}, -{ENGINE_R_NO_REFERENCE ,"no reference"}, -{ENGINE_R_NO_SUCH_ENGINE ,"no such engine"}, -{ENGINE_R_NO_UNLOAD_FUNCTION ,"no unload function"}, -{ENGINE_R_PRIVATE_KEY_ALGORITHMS_DISABLED,"private key algorithms disabled"}, -{ENGINE_R_PROVIDE_PARAMETERS ,"provide parameters"}, -{ENGINE_R_REQUEST_FAILED ,"request failed"}, -{ENGINE_R_REQUEST_FALLBACK ,"request fallback"}, -{ENGINE_R_RSA_NOT_IMPLEMENTED ,"rsa not implemented"}, -{ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL ,"size too large or too small"}, -{ENGINE_R_UNIT_FAILURE ,"unit failure"}, -{ENGINE_R_VERSION_INCOMPATIBILITY ,"version incompatibility"}, -{0,NULL} - }; - -#endif - -void ERR_load_ENGINE_strings(void) - { - static int init=1; - - if (init) - { - init=0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_ENGINE,ENGINE_str_functs); - ERR_load_strings(ERR_LIB_ENGINE,ENGINE_str_reasons); -#endif - - } - } diff --git a/crypto/engine/engine_evp.c b/crypto/engine/engine_evp.c deleted file mode 100644 index b2fbdc68c2..0000000000 --- a/crypto/engine/engine_evp.c +++ /dev/null @@ -1,112 +0,0 @@ -/* Written by Ben Laurie August 2001 */ -/* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include -#include "engine_int.h" -#include - -int ENGINE_add_cipher(ENGINE *e,const EVP_CIPHER *c) - { - ENGINE_EVP_CIPHER *p; - - p=OPENSSL_malloc(sizeof *p); - p->cipher=c; - - if(!e->ciphers) - e->ciphers=sk_ENGINE_EVP_CIPHER_new_null(); - sk_ENGINE_EVP_CIPHER_push(e->ciphers,p); - - return 1; - } - -void ENGINE_free_engine_cipher(ENGINE_EVP_CIPHER *p) - { OPENSSL_free(p); } - -int ENGINE_cipher_num(const ENGINE *e) - { return sk_ENGINE_EVP_CIPHER_num(e->ciphers); } - -const EVP_CIPHER *ENGINE_get_cipher(const ENGINE *e, int n) - { return sk_ENGINE_EVP_CIPHER_value(e->ciphers, n)->cipher; } - -void ENGINE_load_ciphers() - { - ENGINE *e; - - for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) - ENGINE_load_engine_ciphers(e); - } - -void ENGINE_load_engine_ciphers(ENGINE *e) - { - int n; - - for(n=0 ; n < sk_ENGINE_EVP_CIPHER_num(e->ciphers) ; ++n) - EVP_add_cipher(sk_ENGINE_EVP_CIPHER_value(e->ciphers,n)->cipher); - } - -const EVP_CIPHER *ENGINE_get_cipher_by_name(ENGINE *e,const char *name) - { - int n; - - for(n=0 ; n < ENGINE_cipher_num(e) ; ++n) - { - const EVP_CIPHER *c=ENGINE_get_cipher(e,n); - - if(!strcmp(EVP_CIPHER_name(c),name)) - return c; - } - return NULL; - } diff --git a/crypto/engine/engine_int.h b/crypto/engine/engine_int.h deleted file mode 100644 index 2e87339db3..0000000000 --- a/crypto/engine/engine_int.h +++ /dev/null @@ -1,187 +0,0 @@ -/* crypto/engine/engine_int.h */ -/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL - * project 2000. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef HEADER_ENGINE_INT_H -#define HEADER_ENGINE_INT_H - -/* Take public definitions from engine.h */ -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* If we compile with this symbol defined, then both reference counts in the - * ENGINE structure will be monitored with a line of output on stderr for each - * change. This prints the engine's pointer address (truncated to unsigned int), - * "struct" or "funct" to indicate the reference type, the before and after - * reference count, and the file:line-number pair. The "engine_ref_debug" - * statements must come *after* the change. */ -#ifdef ENGINE_REF_COUNT_DEBUG - -#define engine_ref_debug(e, isfunct, diff) \ - fprintf(stderr, "engine: %08x %s from %d to %d (%s:%d)\n", \ - (unsigned int)(e), (isfunct ? "funct" : "struct"), \ - ((isfunct) ? ((e)->funct_ref - (diff)) : ((e)->struct_ref - (diff))), \ - ((isfunct) ? (e)->funct_ref : (e)->struct_ref), \ - (__FILE__), (__LINE__)); - -#else - -#define engine_ref_debug(e, isfunct, diff) - -#endif - -typedef struct engine_evp_cipher_st - { - const EVP_CIPHER *cipher; - } ENGINE_EVP_CIPHER; - -DECLARE_STACK_OF(ENGINE_EVP_CIPHER) - -void ENGINE_free_engine_cipher(ENGINE_EVP_CIPHER *p); - -/* NB: Bitwise OR-able values for the "flags" variable in ENGINE are now exposed - * in engine.h. */ - -/* This is a structure for storing implementations of various crypto - * algorithms and functions. */ -struct engine_st - { - const char *id; - const char *name; - const RSA_METHOD *rsa_meth; - const DSA_METHOD *dsa_meth; - const DH_METHOD *dh_meth; - const RAND_METHOD *rand_meth; - - BN_MOD_EXP bn_mod_exp; - BN_MOD_EXP_CRT bn_mod_exp_crt; - ENGINE_GEN_INT_FUNC_PTR destroy; - ENGINE_GEN_INT_FUNC_PTR init; - ENGINE_GEN_INT_FUNC_PTR finish; - ENGINE_CTRL_FUNC_PTR ctrl; - ENGINE_LOAD_KEY_PTR load_privkey; - ENGINE_LOAD_KEY_PTR load_pubkey; - - STACK_OF(ENGINE_EVP_CIPHER) *ciphers; - - const ENGINE_CMD_DEFN *cmd_defns; - int flags; - /* reference count on the structure itself */ - int struct_ref; - /* reference count on usability of the engine type. NB: This - * controls the loading and initialisation of any functionlity - * required by this engine, whereas the previous count is - * simply to cope with (de)allocation of this structure. Hence, - * running_ref <= struct_ref at all times. */ - int funct_ref; - /* A place to store per-key data */ - CRYPTO_EX_DATA ex_data; - /* Used to maintain the linked-list of engines. */ - struct engine_st *prev; - struct engine_st *next; - }; - -/* BUILT-IN ENGINES. (these functions are only ever called once and - * do not return references - they are purely for bootstrapping). */ - -/* Returns a structure of software only methods (the default). */ -ENGINE *ENGINE_openssl(void); - -/* Returns the "dynamic" ENGINE for loading entire ENGINE implementations from - * shared libraries. */ -ENGINE *ENGINE_dynamic(void); - -#ifndef OPENSSL_NO_HW - -#ifndef OPENSSL_NO_HW_CSWIFT -/* Returns a structure of cswift methods ... NB: This can exist and be - * "used" even on non-cswift systems because the "init" will fail if the - * card/library are not found. */ -ENGINE *ENGINE_cswift(void); -#endif /* !OPENSSL_NO_HW_CSWIFT */ - -#ifndef OPENSSL_NO_HW_NCIPHER -ENGINE *ENGINE_ncipher(void); -#endif /* !OPENSSL_NO_HW_NCIPHER */ - -#ifndef OPENSSL_NO_HW_ATALLA -/* Returns a structure of atalla methods. */ -ENGINE *ENGINE_atalla(void); -#endif /* !OPENSSL_NO_HW_ATALLA */ - -#ifndef OPENSSL_NO_HW_NURON -ENGINE *ENGINE_nuron(void); -#endif /* !OPENSSL_NO_HW_NURON */ - -#ifndef OPENSSL_NO_HW_UBSEC -ENGINE *ENGINE_ubsec(void); -#endif /* !OPENSSL_NO_HW_UBSEC */ - -#ifdef OPENSSL_OPENBSD_DEV_CRYPTO -ENGINE *ENGINE_openbsd_dev_crypto(void); -#endif - -#endif /* !OPENSSL_NO_HW */ - -#ifdef __cplusplus -} -#endif - -#endif /* HEADER_ENGINE_INT_H */ diff --git a/crypto/engine/engine_list.c b/crypto/engine/engine_list.c deleted file mode 100644 index 428ccd8cad..0000000000 --- a/crypto/engine/engine_list.c +++ /dev/null @@ -1,699 +0,0 @@ -/* crypto/engine/engine_list.c */ -/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL - * project 2000. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include "cryptlib.h" -#include "engine_int.h" -#include - -/* The linked-list of pointers to engine types. engine_list_head - * incorporates an implicit structural reference but engine_list_tail - * does not - the latter is a computational niceity and only points - * to something that is already pointed to by its predecessor in the - * list (or engine_list_head itself). In the same way, the use of the - * "prev" pointer in each ENGINE is to save excessive list iteration, - * it doesn't correspond to an extra structural reference. Hence, - * engine_list_head, and each non-null "next" pointer account for - * the list itself assuming exactly 1 structural reference on each - * list member. */ -static ENGINE *engine_list_head = NULL; -static ENGINE *engine_list_tail = NULL; -/* A boolean switch, used to ensure we only initialise once. This - * is needed because the engine list may genuinely become empty during - * use (so we can't use engine_list_head as an indicator for example. */ -static int engine_list_flag = 0; -static int ENGINE_free_util(ENGINE *e, int locked); - -/* These static functions starting with a lower case "engine_" always - * take place when CRYPTO_LOCK_ENGINE has been locked up. */ -static int engine_list_add(ENGINE *e) - { - int conflict = 0; - ENGINE *iterator = NULL; - - if(e == NULL) - { - ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, - ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - iterator = engine_list_head; - while(iterator && !conflict) - { - conflict = (strcmp(iterator->id, e->id) == 0); - iterator = iterator->next; - } - if(conflict) - { - ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, - ENGINE_R_CONFLICTING_ENGINE_ID); - return 0; - } - if(engine_list_head == NULL) - { - /* We are adding to an empty list. */ - if(engine_list_tail) - { - ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, - ENGINE_R_INTERNAL_LIST_ERROR); - return 0; - } - engine_list_head = e; - e->prev = NULL; - } - else - { - /* We are adding to the tail of an existing list. */ - if((engine_list_tail == NULL) || - (engine_list_tail->next != NULL)) - { - ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, - ENGINE_R_INTERNAL_LIST_ERROR); - return 0; - } - engine_list_tail->next = e; - e->prev = engine_list_tail; - } - /* Having the engine in the list assumes a structural - * reference. */ - e->struct_ref++; - engine_ref_debug(e, 0, 1) - /* However it came to be, e is the last item in the list. */ - engine_list_tail = e; - e->next = NULL; - return 1; - } - -static int engine_list_remove(ENGINE *e) - { - ENGINE *iterator; - - if(e == NULL) - { - ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE, - ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - /* We need to check that e is in our linked list! */ - iterator = engine_list_head; - while(iterator && (iterator != e)) - iterator = iterator->next; - if(iterator == NULL) - { - ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE, - ENGINE_R_ENGINE_IS_NOT_IN_LIST); - return 0; - } - /* un-link e from the chain. */ - if(e->next) - e->next->prev = e->prev; - if(e->prev) - e->prev->next = e->next; - /* Correct our head/tail if necessary. */ - if(engine_list_head == e) - engine_list_head = e->next; - if(engine_list_tail == e) - engine_list_tail = e->prev; - ENGINE_free_util(e, 0); - return 1; - } - -/* This check always takes place with CRYPTO_LOCK_ENGINE locked up - * so we're synchronised, but we can't call anything that tries to - * lock it again! :-) NB: For convenience (and code-clarity) we - * don't output errors for failures of the engine_list_add function - * as it will generate errors itself. */ -static int engine_internal_check(void) - { - int toret = 1; - ENGINE *def_engine1, *def_engine2; - if(engine_list_flag) - return 1; - /* This is our first time up, we need to populate the list - * with our statically compiled-in engines. */ - def_engine1 = ENGINE_openssl(); - def_engine2 = ENGINE_dynamic(); - if(!engine_list_add(def_engine1) || - !engine_list_add(def_engine2)) - toret = 0; - else - engine_list_flag = 1; - ENGINE_free_util(def_engine1, 0); - ENGINE_free_util(def_engine2, 0); - return 1; - } - -/* Get the first/last "ENGINE" type available. */ -ENGINE *ENGINE_get_first(void) - { - ENGINE *ret = NULL; - - CRYPTO_r_lock(CRYPTO_LOCK_ENGINE); - if(engine_internal_check()) - { - ret = engine_list_head; - if(ret) - { - ret->struct_ref++; - engine_ref_debug(ret, 0, 1) - } - } - CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE); - return ret; - } -ENGINE *ENGINE_get_last(void) - { - ENGINE *ret = NULL; - - CRYPTO_r_lock(CRYPTO_LOCK_ENGINE); - if(engine_internal_check()) - { - ret = engine_list_tail; - if(ret) - { - ret->struct_ref++; - engine_ref_debug(ret, 0, 1) - } - } - CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE); - return ret; - } - -/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */ -ENGINE *ENGINE_get_next(ENGINE *e) - { - ENGINE *ret = NULL; - if(e == NULL) - { - ENGINEerr(ENGINE_F_ENGINE_GET_NEXT, - ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - CRYPTO_r_lock(CRYPTO_LOCK_ENGINE); - ret = e->next; - if(ret) - { - /* Return a valid structural refernce to the next ENGINE */ - ret->struct_ref++; - engine_ref_debug(ret, 0, 1) - } - CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE); - /* Release the structural reference to the previous ENGINE */ - ENGINE_free(e); - return ret; - } -ENGINE *ENGINE_get_prev(ENGINE *e) - { - ENGINE *ret = NULL; - if(e == NULL) - { - ENGINEerr(ENGINE_F_ENGINE_GET_PREV, - ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - CRYPTO_r_lock(CRYPTO_LOCK_ENGINE); - ret = e->prev; - if(ret) - { - /* Return a valid structural reference to the next ENGINE */ - ret->struct_ref++; - engine_ref_debug(ret, 0, 1) - } - CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE); - /* Release the structural reference to the previous ENGINE */ - ENGINE_free(e); - return ret; - } - -/* Add another "ENGINE" type into the list. */ -int ENGINE_add(ENGINE *e) - { - int to_return = 1; - if(e == NULL) - { - ENGINEerr(ENGINE_F_ENGINE_ADD, - ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if((e->id == NULL) || (e->name == NULL)) - { - ENGINEerr(ENGINE_F_ENGINE_ADD, - ENGINE_R_ID_OR_NAME_MISSING); - } - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - if(!engine_internal_check() || !engine_list_add(e)) - { - ENGINEerr(ENGINE_F_ENGINE_ADD, - ENGINE_R_INTERNAL_LIST_ERROR); - to_return = 0; - } - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - return to_return; - } - -/* Remove an existing "ENGINE" type from the array. */ -int ENGINE_remove(ENGINE *e) - { - int to_return = 1; - if(e == NULL) - { - ENGINEerr(ENGINE_F_ENGINE_REMOVE, - ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - if(!engine_internal_check() || !engine_list_remove(e)) - { - ENGINEerr(ENGINE_F_ENGINE_REMOVE, - ENGINE_R_INTERNAL_LIST_ERROR); - to_return = 0; - } - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - return to_return; - } - -ENGINE *ENGINE_by_id(const char *id) - { - ENGINE *iterator = NULL, *cp = NULL; - if(id == NULL) - { - ENGINEerr(ENGINE_F_ENGINE_BY_ID, - ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - CRYPTO_r_lock(CRYPTO_LOCK_ENGINE); - if(!engine_internal_check()) - ENGINEerr(ENGINE_F_ENGINE_BY_ID, - ENGINE_R_INTERNAL_LIST_ERROR); - else - { - iterator = engine_list_head; - while(iterator && (strcmp(id, iterator->id) != 0)) - iterator = iterator->next; - if(iterator) - { - /* We need to return a structural reference. If this is - * a "dynamic" ENGINE type, make a duplicate - otherwise - * increment the existing ENGINE's reference count. */ - if(iterator->flags & ENGINE_FLAGS_BY_ID_COPY) - { - cp = ENGINE_new(); - if(!cp) - iterator = NULL; - else - { - ENGINE_cpy(cp, iterator); - iterator = cp; - } - } - else - { - iterator->struct_ref++; - engine_ref_debug(iterator, 0, 1) - } - } - } - CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE); - if(iterator == NULL) - ENGINEerr(ENGINE_F_ENGINE_BY_ID, - ENGINE_R_NO_SUCH_ENGINE); - return iterator; - } - -ENGINE *ENGINE_new(void) - { - ENGINE *ret; - - ret = (ENGINE *)OPENSSL_malloc(sizeof(ENGINE)); - if(ret == NULL) - { - ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE); - return NULL; - } - memset(ret, 0, sizeof(ENGINE)); - ret->struct_ref = 1; - engine_ref_debug(ret, 0, 1) - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data); - return ret; - } - -static int ENGINE_free_util(ENGINE *e, int locked) - { - int i; - - if(e == NULL) - { - ENGINEerr(ENGINE_F_ENGINE_FREE, - ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if(locked) - i = CRYPTO_add(&e->struct_ref,-1,CRYPTO_LOCK_ENGINE); - else - i = --e->struct_ref; - engine_ref_debug(e, 0, -1) - if (i > 0) return 1; -#ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"ENGINE_free, bad structural reference count\n"); - abort(); - } -#endif - /* Give the ENGINE a chance to do any structural cleanup corresponding - * to allocation it did in its constructor (eg. unload error strings) */ - if(e->destroy) - e->destroy(e); - sk_ENGINE_EVP_CIPHER_pop_free(e->ciphers,ENGINE_free_engine_cipher); - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data); - OPENSSL_free(e); - return 1; - } - -int ENGINE_free(ENGINE *e) - { - return ENGINE_free_util(e, 1); - } - -int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) - { - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, argl, argp, - new_func, dup_func, free_func); - } - -int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg) - { - return(CRYPTO_set_ex_data(&e->ex_data, idx, arg)); - } - -void *ENGINE_get_ex_data(const ENGINE *e, int idx) - { - return(CRYPTO_get_ex_data(&e->ex_data, idx)); - } - -void ENGINE_cleanup(void) - { - ENGINE *iterator = engine_list_head; - - while(iterator != NULL) - { - ENGINE_remove(iterator); - iterator = engine_list_head; - } - engine_list_flag = 0; - /* Also unset any "default" ENGINEs that may have been set up (a default - * constitutes a functional reference on an ENGINE and there's one for - * each algorithm). */ - ENGINE_clear_defaults(); - return; - } - -int ENGINE_set_id(ENGINE *e, const char *id) - { - if(id == NULL) - { - ENGINEerr(ENGINE_F_ENGINE_SET_ID, - ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - e->id = id; - return 1; - } - -int ENGINE_set_name(ENGINE *e, const char *name) - { - if(name == NULL) - { - ENGINEerr(ENGINE_F_ENGINE_SET_NAME, - ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - e->name = name; - return 1; - } - -int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth) - { -#ifndef OPENSSL_NO_RSA - e->rsa_meth = rsa_meth; - return 1; -#else - return 0; -#endif - } - -int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth) - { -#ifndef OPENSSL_NO_DSA - e->dsa_meth = dsa_meth; - return 1; -#else - return 0; -#endif - } - -int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth) - { -#ifndef OPENSSL_NO_DH - e->dh_meth = dh_meth; - return 1; -#else - return 0; -#endif - } - -int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth) - { - e->rand_meth = rand_meth; - return 1; - } - -int ENGINE_set_BN_mod_exp(ENGINE *e, BN_MOD_EXP bn_mod_exp) - { - e->bn_mod_exp = bn_mod_exp; - return 1; - } - -int ENGINE_set_BN_mod_exp_crt(ENGINE *e, BN_MOD_EXP_CRT bn_mod_exp_crt) - { - e->bn_mod_exp_crt = bn_mod_exp_crt; - return 1; - } - -int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f) - { - e->destroy = destroy_f; - return 1; - } - -int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f) - { - e->init = init_f; - return 1; - } - -int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f) - { - e->finish = finish_f; - return 1; - } - -int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f) - { - e->ctrl = ctrl_f; - return 1; - } - -int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f) - { - e->load_privkey = loadpriv_f; - return 1; - } - -int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f) - { - e->load_pubkey = loadpub_f; - return 1; - } - -int ENGINE_set_flags(ENGINE *e, int flags) - { - e->flags = flags; - return 1; - } - -int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns) - { - e->cmd_defns = defns; - return 1; - } - -int ENGINE_cpy(ENGINE *dest, const ENGINE *src) - { - if(ENGINE_set_id(dest, ENGINE_get_id(src)) && - ENGINE_set_name(dest, ENGINE_get_name(src)) && -#ifndef OPENSSL_NO_RSA - ENGINE_set_RSA(dest, ENGINE_get_RSA(src)) && -#endif -#ifndef OPENSSL_NO_RSA - ENGINE_set_DSA(dest, ENGINE_get_DSA(src)) && -#endif -#ifndef OPENSSL_NO_RSA - ENGINE_set_DH(dest, ENGINE_get_DH(src)) && -#endif - ENGINE_set_RAND(dest, ENGINE_get_RAND(src)) && - ENGINE_set_BN_mod_exp(dest, - ENGINE_get_BN_mod_exp(src)) && - ENGINE_set_BN_mod_exp_crt(dest, - ENGINE_get_BN_mod_exp_crt(src)) && - ENGINE_set_init_function(dest, - ENGINE_get_init_function(src)) && - ENGINE_set_finish_function(dest, - ENGINE_get_finish_function(src)) && - ENGINE_set_ctrl_function(dest, - ENGINE_get_ctrl_function(src)) && - ENGINE_set_load_privkey_function(dest, - ENGINE_get_load_privkey_function(src)) && - ENGINE_set_load_pubkey_function(dest, - ENGINE_get_load_pubkey_function(src)) && - ENGINE_set_flags(dest, ENGINE_get_flags(src)) && - ENGINE_set_cmd_defns(dest, ENGINE_get_cmd_defns(src))) - return 1; - return 0; - } - -const char *ENGINE_get_id(const ENGINE *e) - { - return e->id; - } - -const char *ENGINE_get_name(const ENGINE *e) - { - return e->name; - } - -const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e) - { - return e->rsa_meth; - } - -const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e) - { - return e->dsa_meth; - } - -const DH_METHOD *ENGINE_get_DH(const ENGINE *e) - { - return e->dh_meth; - } - -const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e) - { - return e->rand_meth; - } - -BN_MOD_EXP ENGINE_get_BN_mod_exp(const ENGINE *e) - { - return e->bn_mod_exp; - } - -BN_MOD_EXP_CRT ENGINE_get_BN_mod_exp_crt(const ENGINE *e) - { - return e->bn_mod_exp_crt; - } - -ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e) - { - return e->destroy; - } - -ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e) - { - return e->init; - } - -ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e) - { - return e->finish; - } - -ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e) - { - return e->ctrl; - } - -ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e) - { - return e->load_privkey; - } - -ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e) - { - return e->load_pubkey; - } - -int ENGINE_get_flags(const ENGINE *e) - { - return e->flags; - } - -const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e) - { - return e->cmd_defns; - } diff --git a/crypto/engine/engine_openssl.c b/crypto/engine/engine_openssl.c deleted file mode 100644 index c353df97d6..0000000000 --- a/crypto/engine/engine_openssl.c +++ /dev/null @@ -1,165 +0,0 @@ -/* crypto/engine/engine_openssl.c */ -/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL - * project 2000. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - - -#include -#include -#include "cryptlib.h" -#include -#include - -/* This is the only function we need to implement as OpenSSL - * doesn't have a native CRT mod_exp. Perhaps this should be - * BN_mod_exp_crt and moved into crypto/bn/ ?? ... dunno. */ -static int openssl_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1, - const BIGNUM *iqmp, BN_CTX *ctx); - -/* The constants used when creating the ENGINE */ -static const char *engine_openssl_id = "openssl"; -static const char *engine_openssl_name = "Software default engine support"; - -/* As this is only ever called once, there's no need for locking - * (indeed - the lock will already be held by our caller!!!) */ -ENGINE *ENGINE_openssl(void) - { - ENGINE *ret = ENGINE_new(); - if(!ret) - return NULL; - if(!ENGINE_set_id(ret, engine_openssl_id) || - !ENGINE_set_name(ret, engine_openssl_name) || -#ifndef OPENSSL_NO_RSA - !ENGINE_set_RSA(ret, RSA_get_default_openssl_method()) || -#endif -#ifndef OPENSSL_NO_DSA - !ENGINE_set_DSA(ret, DSA_get_default_openssl_method()) || -#endif -#ifndef OPENSSL_NO_DH - !ENGINE_set_DH(ret, DH_get_default_openssl_method()) || -#endif - !ENGINE_set_RAND(ret, RAND_SSLeay()) || - !ENGINE_set_BN_mod_exp(ret, BN_mod_exp) || - !ENGINE_set_BN_mod_exp_crt(ret, openssl_mod_exp_crt)) - { - ENGINE_free(ret); - return NULL; - } - return ret; - } - -/* Chinese Remainder Theorem, taken and adapted from rsa_eay.c */ -static int openssl_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *q, const BIGNUM *dmp1, - const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx) - { - BIGNUM r1,m1; - int ret=0; - BN_CTX *bn_ctx; - BIGNUM *temp_bn = NULL; - - if (ctx) - bn_ctx = ctx; - else - if ((bn_ctx=BN_CTX_new()) == NULL) goto err; - BN_init(&m1); - BN_init(&r1); - /* BN_mul() cannot accept const BIGNUMs so I use the BN_CTX - * to duplicate what I need. */ - BN_CTX_start(bn_ctx); - if ((temp_bn = BN_CTX_get(bn_ctx)) == NULL) goto err; - if (!BN_copy(temp_bn, iqmp)) goto err; - - if (!BN_mod(&r1, a, q, bn_ctx)) goto err; - if (!BN_mod_exp(&m1, &r1, dmq1, q, bn_ctx)) - goto err; - - if (!BN_mod(&r1, a, p, bn_ctx)) goto err; - if (!BN_mod_exp(r, &r1, dmp1, p, bn_ctx)) - goto err; - - if (!BN_sub(r, r, &m1)) goto err; - /* This will help stop the size of r0 increasing, which does - * affect the multiply if it optimised for a power of 2 size */ - if (r->neg) - if (!BN_add(r, r, p)) goto err; - - if (!BN_mul(&r1, r, temp_bn, bn_ctx)) goto err; - if (!BN_mod(r, &r1, p, bn_ctx)) goto err; - /* If p < q it is occasionally possible for the correction of - * adding 'p' if r is negative above to leave the result still - * negative. This can break the private key operations: the following - * second correction should *always* correct this rare occurrence. - * This will *never* happen with OpenSSL generated keys because - * they ensure p > q [steve] - */ - if (r->neg) - if (!BN_add(r, r, p)) goto err; - /* Again, BN_mul() will need non-const values. */ - if (!BN_copy(temp_bn, q)) goto err; - if (!BN_mul(&r1, r, temp_bn, bn_ctx)) goto err; - if (!BN_add(r, &r1, &m1)) goto err; - - ret=1; -err: - BN_clear_free(&m1); - BN_clear_free(&r1); - BN_CTX_end(ctx); - if (!ctx) - BN_CTX_free(bn_ctx); - return(ret); - } diff --git a/crypto/engine/hw_openbsd_dev_crypto.c b/crypto/engine/hw_openbsd_dev_crypto.c index 6479a7c249..101df96fcd 100644 --- a/crypto/engine/hw_openbsd_dev_crypto.c +++ b/crypto/engine/hw_openbsd_dev_crypto.c @@ -57,7 +57,7 @@ #include #include -#include "engine_int.h" +#include "eng_int.h" static void load_ciphers(ENGINE *e) { diff --git a/crypto/rand/Makefile.ssl b/crypto/rand/Makefile.ssl index 68912da789..3cc76d2eca 100644 --- a/crypto/rand/Makefile.ssl +++ b/crypto/rand/Makefile.ssl @@ -88,9 +88,9 @@ md_rand.o: ../../include/openssl/err.h ../../include/openssl/evp.h md_rand.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h md_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h md_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h -md_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -md_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -md_rand.o: ../../include/openssl/types.h md_rand.c rand_lcl.h +md_rand.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +md_rand.o: ../../include/openssl/symhacks.h ../../include/openssl/types.h +md_rand.o: md_rand.c rand_lcl.h rand_egd.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h rand_egd.o: ../../include/openssl/rand.h rand_egd.c rand_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h @@ -111,29 +111,38 @@ rand_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h rand_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h rand_lib.o: ../../include/openssl/types.h ../../include/openssl/ui.h rand_lib.o: ../cryptlib.h rand_lib.c -rand_os2.o: ../../e_os.h ../../include/openssl/bio.h +rand_os2.o: ../../e_os.h ../../include/openssl/asn1.h +rand_os2.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rand_os2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h rand_os2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -rand_os2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +rand_os2.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +rand_os2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +rand_os2.o: ../../include/openssl/opensslconf.h rand_os2.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h -rand_os2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -rand_os2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rand_os2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +rand_os2.o: ../../include/openssl/symhacks.h ../../include/openssl/types.h rand_os2.o: ../cryptlib.h rand_lcl.h rand_os2.c -rand_unix.o: ../../e_os.h ../../include/openssl/bio.h +rand_unix.o: ../../e_os.h ../../include/openssl/asn1.h +rand_unix.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rand_unix.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h rand_unix.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -rand_unix.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +rand_unix.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +rand_unix.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +rand_unix.o: ../../include/openssl/opensslconf.h rand_unix.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h -rand_unix.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -rand_unix.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rand_unix.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +rand_unix.o: ../../include/openssl/symhacks.h ../../include/openssl/types.h rand_unix.o: ../cryptlib.h rand_lcl.h rand_unix.c -rand_win.o: ../../e_os.h ../../include/openssl/bio.h +rand_win.o: ../../e_os.h ../../include/openssl/asn1.h +rand_win.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rand_win.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h rand_win.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -rand_win.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +rand_win.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +rand_win.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +rand_win.o: ../../include/openssl/opensslconf.h rand_win.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h -rand_win.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -rand_win.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rand_win.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +rand_win.o: ../../include/openssl/symhacks.h ../../include/openssl/types.h rand_win.o: ../cryptlib.h rand_lcl.h rand_win.c randfile.o: ../../e_os.h ../../include/openssl/crypto.h randfile.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h diff --git a/test/Makefile.ssl b/test/Makefile.ssl index 003ac375bf..d71f270be7 100644 --- a/test/Makefile.ssl +++ b/test/Makefile.ssl @@ -402,15 +402,15 @@ ectest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h ectest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h ectest.o: ../include/openssl/types.h ../include/openssl/ui.h ectest.c enginetest.o: ../include/openssl/asn1.h ../include/openssl/bio.h -enginetest.o: ../include/openssl/bn.h ../include/openssl/crypto.h -enginetest.o: ../include/openssl/dh.h ../include/openssl/dsa.h -enginetest.o: ../include/openssl/e_os2.h ../include/openssl/engine.h -enginetest.o: ../include/openssl/err.h ../include/openssl/lhash.h -enginetest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -enginetest.o: ../include/openssl/rand.h ../include/openssl/rsa.h -enginetest.o: ../include/openssl/safestack.h ../include/openssl/stack.h -enginetest.o: ../include/openssl/symhacks.h ../include/openssl/types.h -enginetest.o: ../include/openssl/ui.h enginetest.c +enginetest.o: ../include/openssl/bn.h ../include/openssl/buffer.h +enginetest.o: ../include/openssl/crypto.h ../include/openssl/dh.h +enginetest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +enginetest.o: ../include/openssl/engine.h ../include/openssl/err.h +enginetest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h +enginetest.o: ../include/openssl/opensslv.h ../include/openssl/rand.h +enginetest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +enginetest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +enginetest.o: ../include/openssl/types.h ../include/openssl/ui.h enginetest.c evp_test.o: ../include/openssl/asn1.h ../include/openssl/bio.h evp_test.o: ../include/openssl/bn.h ../include/openssl/crypto.h evp_test.o: ../include/openssl/dh.h ../include/openssl/dsa.h diff --git a/util/libeay.num b/util/libeay.num index 61c70b4e8b..9665c2eac3 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -2627,7 +2627,7 @@ HMAC_CTX_init 3075 EXIST::FUNCTION:HMAC HMAC_CTX_cleanup 3076 EXIST::FUNCTION:HMAC EVP_MD_CTX_cleanup 3077 EXIST::FUNCTION: EVP_MD_CTX_destroy 3078 EXIST::FUNCTION: -des_release_key 3079 EXIST::FUNCTION:DES +des_release_key 3079 NOEXIST::FUNCTION: ENGINE_load_openbsd_dev_crypto 3080 EXIST::FUNCTION: ENGINE_add_all_evp 3081 NOEXIST::FUNCTION: ENGINE_add_evp_cipher 3082 NOEXIST::FUNCTION: @@ -2659,3 +2659,5 @@ CRYPTO_ex_data_new_class 3107 EXIST::FUNCTION: CRYPTO_get_ex_data_implementation 3108 EXIST::FUNCTION: BN_pseudo_rand_range 3109 EXIST::FUNCTION: ERR_unload_strings 3110 EXIST::FUNCTION: +ENGINE_set_destroy_function 3111 EXIST::FUNCTION: +ENGINE_get_destroy_function 3112 EXIST::FUNCTION: