From b6d1e52d454bb321153c70cf763945d4b0d4f78e Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Tue, 25 Sep 2001 20:00:51 +0000 Subject: [PATCH] This change replaces the ENGINE's underlying mechanics with the new ENGINE_TABLE-based stuff - as described in crypto/engine/README. Associated miscellaneous changes; - the previous cipher/digest hooks that hardwired directly to EVP's OBJ_NAME-based storage have been backed out. New cipher/digest support has been constructed and will be committed shortly. - each implementation defines its own ENGINE_load_ function now. - the "openssl" ENGINE isn't needed or loaded any more. - core (not algorithm or class specific) ENGINE code has been split into multiple files to increase readability and decrease linker bloat. - ENGINE_cpy() has been removed as it wasn't really a good idea in the first place and now, because of registration issues, can't be meaningfully defined any more. - BN_MOD_EXP[_CRT] support is removed as per the README. - a bug in enginetest.c has been fixed. NB: This commit almost certainly breaks compilation until subsequent changes are committed. --- crypto/engine/Makefile.ssl | 132 +++- crypto/engine/eng_all.c | 91 +-- crypto/engine/eng_ctrl.c | 387 ++++++++++++ crypto/engine/eng_dyn.c | 18 +- crypto/engine/eng_err.c | 3 +- crypto/engine/{eng_evp.c => eng_fat.c} | 94 ++- crypto/engine/eng_init.c | 157 +++++ crypto/engine/eng_int.h | 90 ++- crypto/engine/eng_lib.c | 823 ++++--------------------- crypto/engine/eng_list.c | 473 +++----------- crypto/engine/eng_openssl.c | 81 +-- crypto/engine/eng_pkey.c | 157 +++++ crypto/engine/eng_table.c | 361 +++++++++++ crypto/engine/engine.h | 107 ++-- crypto/engine/enginetest.c | 7 +- crypto/engine/hw_atalla.c | 15 +- crypto/engine/hw_cswift.c | 16 +- crypto/engine/hw_ncipher.c | 15 +- crypto/engine/hw_nuron.c | 15 +- crypto/engine/hw_ubsec.c | 16 +- crypto/engine/tb_dh.c | 120 ++++ crypto/engine/tb_dsa.c | 120 ++++ crypto/engine/tb_rand.c | 120 ++++ crypto/engine/tb_rsa.c | 120 ++++ 24 files changed, 2090 insertions(+), 1448 deletions(-) create mode 100644 crypto/engine/eng_ctrl.c rename crypto/engine/{eng_evp.c => eng_fat.c} (66%) create mode 100644 crypto/engine/eng_init.c create mode 100644 crypto/engine/eng_pkey.c create mode 100644 crypto/engine/eng_table.c create mode 100644 crypto/engine/tb_dh.c create mode 100644 crypto/engine/tb_dsa.c create mode 100644 crypto/engine/tb_rand.c create mode 100644 crypto/engine/tb_rsa.c diff --git a/crypto/engine/Makefile.ssl b/crypto/engine/Makefile.ssl index fe9ed206c2..95311d6e60 100644 --- a/crypto/engine/Makefile.ssl +++ b/crypto/engine/Makefile.ssl @@ -23,12 +23,16 @@ TEST= enginetest.c APPS= LIB=$(TOP)/libcrypto.a -LIBSRC= eng_err.c eng_lib.c eng_list.c eng_all.c eng_openssl.c \ - eng_dyn.c eng_evp.c \ +LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \ + eng_table.c eng_pkey.c eng_fat.c eng_all.c \ + tb_rsa.c tb_dsa.c tb_dh.c tb_rand.c \ + eng_openssl.c eng_dyn.c \ hw_atalla.c hw_cswift.c hw_ncipher.c hw_nuron.c hw_ubsec.c \ hw_openbsd_dev_crypto.c -LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_all.o eng_openssl.o \ - eng_dyn.o eng_evp.o \ +LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \ + eng_table.o eng_pkey.o eng_fat.o eng_all.o \ + tb_rsa.o tb_dsa.o tb_dh.o tb_rand.o \ + eng_openssl.o eng_dyn.o \ hw_atalla.o hw_cswift.o hw_ncipher.o hw_nuron.o hw_ubsec.o \ hw_openbsd_dev_crypto.o @@ -95,6 +99,18 @@ eng_all.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h eng_all.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h eng_all.o: ../../include/openssl/symhacks.h ../../include/openssl/types.h eng_all.o: ../../include/openssl/ui.h eng_all.c eng_int.h +eng_ctrl.o: ../../e_os.h ../../include/openssl/asn1.h +eng_ctrl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +eng_ctrl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +eng_ctrl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +eng_ctrl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +eng_ctrl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +eng_ctrl.o: ../../include/openssl/opensslconf.h +eng_ctrl.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h +eng_ctrl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +eng_ctrl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +eng_ctrl.o: ../../include/openssl/types.h ../../include/openssl/ui.h +eng_ctrl.o: ../cryptlib.h eng_ctrl.c eng_int.h eng_dyn.o: ../../e_os.h ../../include/openssl/asn1.h eng_dyn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h eng_dyn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -117,18 +133,29 @@ eng_err.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h eng_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h eng_err.o: ../../include/openssl/symhacks.h ../../include/openssl/types.h eng_err.o: ../../include/openssl/ui.h eng_err.c -eng_evp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -eng_evp.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -eng_evp.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -eng_evp.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -eng_evp.o: ../../include/openssl/err.h ../../include/openssl/evp.h -eng_evp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -eng_evp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -eng_evp.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h -eng_evp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -eng_evp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -eng_evp.o: ../../include/openssl/types.h ../../include/openssl/ui.h eng_evp.c -eng_evp.o: eng_int.h +eng_fat.o: ../../e_os.h ../../include/openssl/asn1.h +eng_fat.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +eng_fat.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +eng_fat.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +eng_fat.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +eng_fat.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +eng_fat.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +eng_fat.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +eng_fat.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +eng_fat.o: ../../include/openssl/symhacks.h ../../include/openssl/types.h +eng_fat.o: ../../include/openssl/ui.h ../cryptlib.h eng_fat.c eng_int.h +eng_init.o: ../../e_os.h ../../include/openssl/asn1.h +eng_init.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +eng_init.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +eng_init.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +eng_init.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +eng_init.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +eng_init.o: ../../include/openssl/opensslconf.h +eng_init.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h +eng_init.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +eng_init.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +eng_init.o: ../../include/openssl/types.h ../../include/openssl/ui.h +eng_init.o: ../cryptlib.h eng_init.c eng_int.h eng_lib.o: ../../e_os.h ../../include/openssl/asn1.h eng_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h eng_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -165,6 +192,31 @@ eng_openssl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h eng_openssl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h eng_openssl.o: ../../include/openssl/types.h ../../include/openssl/ui.h eng_openssl.o: ../cryptlib.h eng_openssl.c +eng_pkey.o: ../../e_os.h ../../include/openssl/asn1.h +eng_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +eng_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +eng_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +eng_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +eng_pkey.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +eng_pkey.o: ../../include/openssl/opensslconf.h +eng_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h +eng_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +eng_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +eng_pkey.o: ../../include/openssl/types.h ../../include/openssl/ui.h +eng_pkey.o: ../cryptlib.h eng_int.h eng_pkey.c +eng_table.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +eng_table.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +eng_table.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +eng_table.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +eng_table.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eng_table.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_table.o: ../../include/openssl/objects.h +eng_table.o: ../../include/openssl/opensslconf.h +eng_table.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h +eng_table.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +eng_table.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +eng_table.o: ../../include/openssl/types.h ../../include/openssl/ui.h eng_int.h +eng_table.o: eng_table.c hw_atalla.o: ../../e_os.h ../../include/openssl/asn1.h hw_atalla.o: ../../include/openssl/bio.h ../../include/openssl/bn.h hw_atalla.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -231,3 +283,51 @@ hw_ubsec.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h hw_ubsec.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h hw_ubsec.o: ../../include/openssl/types.h ../../include/openssl/ui.h hw_ubsec.o: ../cryptlib.h hw_ubsec.c vendor_defns/hw_ubsec.h +tb_dh.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +tb_dh.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +tb_dh.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +tb_dh.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +tb_dh.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_dh.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_dh.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_dh.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h +tb_dh.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +tb_dh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +tb_dh.o: ../../include/openssl/types.h ../../include/openssl/ui.h eng_int.h +tb_dh.o: tb_dh.c +tb_dsa.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +tb_dsa.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +tb_dsa.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +tb_dsa.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +tb_dsa.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_dsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_dsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_dsa.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h +tb_dsa.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +tb_dsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +tb_dsa.o: ../../include/openssl/types.h ../../include/openssl/ui.h eng_int.h +tb_dsa.o: tb_dsa.c +tb_rand.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +tb_rand.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +tb_rand.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +tb_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +tb_rand.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_rand.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h +tb_rand.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +tb_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +tb_rand.o: ../../include/openssl/types.h ../../include/openssl/ui.h eng_int.h +tb_rand.o: tb_rand.c +tb_rsa.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +tb_rsa.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +tb_rsa.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +tb_rsa.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +tb_rsa.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_rsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_rsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_rsa.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h +tb_rsa.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +tb_rsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +tb_rsa.o: ../../include/openssl/types.h ../../include/openssl/ui.h eng_int.h +tb_rsa.o: tb_rsa.c diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c index 470256212c..7ebe25ca6c 100644 --- a/crypto/engine/eng_all.c +++ b/crypto/engine/eng_all.c @@ -60,83 +60,34 @@ #include #include "eng_int.h" -static int engine_add(ENGINE *e) - { - int toret = 1; - if (!ENGINE_by_id(ENGINE_get_id(e))) - { - (void)ERR_get_error(); - toret = ENGINE_add(e); - } - ENGINE_free(e); - return toret; - } - -void ENGINE_load_cswift(void) - { -#ifndef OPENSSL_NO_HW -#ifndef OPENSSL_NO_HW_CSWIFT - engine_add(ENGINE_cswift()); -#endif /* !OPENSSL_NO_HW_CSWIFT */ -#endif /* !OPENSSL_NO_HW */ - } - -void ENGINE_load_chil(void) - { -#ifndef OPENSSL_NO_HW -#ifndef OPENSSL_NO_HW_CSWIFT - engine_add(ENGINE_ncipher()); -#endif /* !OPENSSL_NO_HW_CSWIFT */ -#endif /* !OPENSSL_NO_HW */ - } - -void ENGINE_load_atalla(void) - { -#ifndef OPENSSL_NO_HW -#ifndef OPENSSL_NO_HW_CSWIFT - engine_add(ENGINE_atalla()); -#endif /* !OPENSSL_NO_HW_CSWIFT */ -#endif /* !OPENSSL_NO_HW */ - } - -void ENGINE_load_nuron(void) +void ENGINE_load_builtin_engines(void) { + /* There's no longer any need for an "openssl" ENGINE unless, one day, + * it is the *only* way for standard builtin implementations to be be + * accessed (ie. it would be possible to statically link binaries with + * *no* builtin implementations). */ +#if 0 + ENGINE_load_openssl(); +#endif + ENGINE_load_dynamic(); #ifndef OPENSSL_NO_HW #ifndef OPENSSL_NO_HW_CSWIFT - engine_add(ENGINE_nuron()); -#endif /* !OPENSSL_NO_HW_CSWIFT */ -#endif /* !OPENSSL_NO_HW */ - } - -void ENGINE_load_ubsec(void) - { -#ifndef OPENSSL_NO_HW -#ifndef OPENSSL_NO_HW_UBSEC - engine_add(ENGINE_ubsec()); -#endif /* !OPENSSL_NO_HW_UBSEC */ -#endif /* !OPENSSL_NO_HW */ - } - -void ENGINE_load_openbsd_dev_crypto(void) - { -#ifndef OPENSSL_NO_HW -# ifdef OPENSSL_OPENBSD_DEV_CRYPTO - engine_add(ENGINE_openbsd_dev_crypto()); -# endif -#endif /* !OPENSSL_NO_HW */ - } - -void ENGINE_load_builtin_engines(void) - { - static int done=0; - - if (done) return; - done=1; - ENGINE_load_cswift(); +#endif +#ifndef OPENSSL_NO_HW_NCIPHER ENGINE_load_chil(); +#endif +#ifndef OPENSSL_NO_HW_ATALLA ENGINE_load_atalla(); +#endif +#ifndef OPENSSL_NO_HW_NURON ENGINE_load_nuron(); +#endif +#ifndef OPENSSL_NO_HW_UBSEC ENGINE_load_ubsec(); +#endif +#ifdef OPENSSL_OPENBSD_DEV_CRYPTO ENGINE_load_openbsd_dev_crypto(); +#endif +#endif } diff --git a/crypto/engine/eng_ctrl.c b/crypto/engine/eng_ctrl.c new file mode 100644 index 0000000000..ad3858395b --- /dev/null +++ b/crypto/engine/eng_ctrl.c @@ -0,0 +1,387 @@ +/* crypto/engine/eng_ctrl.c */ +/* ==================================================================== + * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include "cryptlib.h" +#include "eng_int.h" +#include + +/* When querying a ENGINE-specific control command's 'description', this string + * is used if the ENGINE_CMD_DEFN has cmd_desc set to NULL. */ +static const char *int_no_description = ""; + +/* These internal functions handle 'CMD'-related control commands when the + * ENGINE in question has asked us to take care of it (ie. the ENGINE did not + * set the ENGINE_FLAGS_MANUAL_CMD_CTRL flag. */ + +static int int_ctrl_cmd_is_null(const ENGINE_CMD_DEFN *defn) + { + if((defn->cmd_num == 0) || (defn->cmd_name == NULL)) + return 1; + return 0; + } + +static int int_ctrl_cmd_by_name(const ENGINE_CMD_DEFN *defn, const char *s) + { + int idx = 0; + while(!int_ctrl_cmd_is_null(defn) && (strcmp(defn->cmd_name, s) != 0)) + { + idx++; + defn++; + } + if(int_ctrl_cmd_is_null(defn)) + /* The given name wasn't found */ + return -1; + return idx; + } + +static int int_ctrl_cmd_by_num(const ENGINE_CMD_DEFN *defn, unsigned int num) + { + int idx = 0; + /* NB: It is stipulated that 'cmd_defn' lists are ordered by cmd_num. So + * our searches don't need to take any longer than necessary. */ + while(!int_ctrl_cmd_is_null(defn) && (defn->cmd_num < num)) + { + idx++; + defn++; + } + if(defn->cmd_num == num) + return idx; + /* The given cmd_num wasn't found */ + return -1; + } + +static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, void (*f)()) + { + int idx; + char *s = (char *)p; + /* Take care of the easy one first (eg. it requires no searches) */ + if(cmd == ENGINE_CTRL_GET_FIRST_CMD_TYPE) + { + if((e->cmd_defns == NULL) || int_ctrl_cmd_is_null(e->cmd_defns)) + return 0; + return e->cmd_defns->cmd_num; + } + /* One or two commands require that "p" be a valid string buffer */ + if((cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) || + (cmd == ENGINE_CTRL_GET_NAME_FROM_CMD) || + (cmd == ENGINE_CTRL_GET_DESC_FROM_CMD)) + { + if(s == NULL) + { + ENGINEerr(ENGINE_F_INT_CTRL_HELPER, + ERR_R_PASSED_NULL_PARAMETER); + return -1; + } + } + /* Now handle cmd_name -> cmd_num conversion */ + if(cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) + { + if((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_name( + e->cmd_defns, s)) < 0)) + { + ENGINEerr(ENGINE_F_INT_CTRL_HELPER, + ENGINE_R_INVALID_CMD_NAME); + return -1; + } + return e->cmd_defns[idx].cmd_num; + } + /* For the rest of the commands, the 'long' argument must specify a + * valie command number - so we need to conduct a search. */ + if((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_num(e->cmd_defns, + (unsigned int)i)) < 0)) + { + ENGINEerr(ENGINE_F_INT_CTRL_HELPER, + ENGINE_R_INVALID_CMD_NUMBER); + return -1; + } + /* Now the logic splits depending on command type */ + switch(cmd) + { + case ENGINE_CTRL_GET_NEXT_CMD_TYPE: + idx++; + if(int_ctrl_cmd_is_null(e->cmd_defns + idx)) + /* end-of-list */ + return 0; + else + return e->cmd_defns[idx].cmd_num; + case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD: + return strlen(e->cmd_defns[idx].cmd_name); + case ENGINE_CTRL_GET_NAME_FROM_CMD: + return sprintf(s, "%s", e->cmd_defns[idx].cmd_name); + case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD: + if(e->cmd_defns[idx].cmd_desc) + return strlen(e->cmd_defns[idx].cmd_desc); + return strlen(int_no_description); + case ENGINE_CTRL_GET_DESC_FROM_CMD: + if(e->cmd_defns[idx].cmd_desc) + return sprintf(s, "%s", e->cmd_defns[idx].cmd_desc); + return sprintf(s, "%s", int_no_description); + case ENGINE_CTRL_GET_CMD_FLAGS: + return e->cmd_defns[idx].cmd_flags; + } + /* Shouldn't really be here ... */ + ENGINEerr(ENGINE_F_INT_CTRL_HELPER,ENGINE_R_INTERNAL_LIST_ERROR); + return -1; + } + +int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) + { + int ctrl_exists, ref_exists; + if(e == NULL) + { + ENGINEerr(ENGINE_F_ENGINE_CTRL,ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + ref_exists = ((e->struct_ref > 0) ? 1 : 0); + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + ctrl_exists = ((e->ctrl == NULL) ? 0 : 1); + if(!ref_exists) + { + ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_REFERENCE); + return 0; + } + /* Intercept any "root-level" commands before trying to hand them on to + * ctrl() handlers. */ + switch(cmd) + { + case ENGINE_CTRL_HAS_CTRL_FUNCTION: + return ctrl_exists; + case ENGINE_CTRL_GET_FIRST_CMD_TYPE: + case ENGINE_CTRL_GET_NEXT_CMD_TYPE: + case ENGINE_CTRL_GET_CMD_FROM_NAME: + case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD: + case ENGINE_CTRL_GET_NAME_FROM_CMD: + case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD: + case ENGINE_CTRL_GET_DESC_FROM_CMD: + case ENGINE_CTRL_GET_CMD_FLAGS: + if(ctrl_exists && !(e->flags & ENGINE_FLAGS_MANUAL_CMD_CTRL)) + return int_ctrl_helper(e,cmd,i,p,f); + if(!ctrl_exists) + { + ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION); + /* For these cmd-related functions, failure is indicated + * by a -1 return value (because 0 is used as a valid + * return in some places). */ + return -1; + } + default: + break; + } + /* Anything else requires a ctrl() handler to exist. */ + if(!ctrl_exists) + { + ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION); + return 0; + } + return e->ctrl(e, cmd, i, p, f); + } + +int ENGINE_cmd_is_executable(ENGINE *e, int cmd) + { + int flags; + if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, cmd, NULL, NULL)) < 0) + { + ENGINEerr(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE, + ENGINE_R_INVALID_CMD_NUMBER); + return 0; + } + if(!(flags & ENGINE_CMD_FLAG_NO_INPUT) && + !(flags & ENGINE_CMD_FLAG_NUMERIC) && + !(flags & ENGINE_CMD_FLAG_STRING)) + return 0; + return 1; + } + +int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, + long i, void *p, void (*f)(), int cmd_optional) + { + int num; + + if((e == NULL) || (cmd_name == NULL)) + { + ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if((e->ctrl == NULL) || ((num = ENGINE_ctrl(e, + ENGINE_CTRL_GET_CMD_FROM_NAME, + 0, (void *)cmd_name, NULL)) <= 0)) + { + /* If the command didn't *have* to be supported, we fake + * success. This allows certain settings to be specified for + * multiple ENGINEs and only require a change of ENGINE id + * (without having to selectively apply settings). Eg. changing + * from a hardware device back to the regular software ENGINE + * without editing the config file, etc. */ + if(cmd_optional) + { + ERR_clear_error(); + return 1; + } + ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD, + ENGINE_R_INVALID_CMD_NAME); + return 0; + } + /* Force the result of the control command to 0 or 1, for the reasons + * mentioned before. */ + if (ENGINE_ctrl(e, num, i, p, f)) + return 1; + return 0; + } + +int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, + int cmd_optional) + { + int num, flags; + long l; + char *ptr; + if((e == NULL) || (cmd_name == NULL)) + { + ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if((e->ctrl == NULL) || ((num = ENGINE_ctrl(e, + ENGINE_CTRL_GET_CMD_FROM_NAME, + 0, (void *)cmd_name, NULL)) <= 0)) + { + /* If the command didn't *have* to be supported, we fake + * success. This allows certain settings to be specified for + * multiple ENGINEs and only require a change of ENGINE id + * (without having to selectively apply settings). Eg. changing + * from a hardware device back to the regular software ENGINE + * without editing the config file, etc. */ + if(cmd_optional) + { + ERR_clear_error(); + return 1; + } + ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, + ENGINE_R_INVALID_CMD_NAME); + return 0; + } + if(!ENGINE_cmd_is_executable(e, num)) + { + ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, + ENGINE_R_CMD_NOT_EXECUTABLE); + return 0; + } + if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, NULL, NULL)) < 0) + { + /* Shouldn't happen, given that ENGINE_cmd_is_executable() + * returned success. */ + ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, + ENGINE_R_INTERNAL_LIST_ERROR); + return 0; + } + /* If the command takes no input, there must be no input. And vice + * versa. */ + if(flags & ENGINE_CMD_FLAG_NO_INPUT) + { + if(arg != NULL) + { + ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, + ENGINE_R_COMMAND_TAKES_NO_INPUT); + return 0; + } + /* We deliberately force the result of ENGINE_ctrl() to 0 or 1 + * rather than returning it as "return data". This is to ensure + * usage of these commands is consistent across applications and + * that certain applications don't understand it one way, and + * others another. */ + if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL)) + return 1; + return 0; + } + /* So, we require input */ + if(arg == NULL) + { + ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, + ENGINE_R_COMMAND_TAKES_INPUT); + return 0; + } + /* If it takes string input, that's easy */ + if(flags & ENGINE_CMD_FLAG_STRING) + { + /* Same explanation as above */ + if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL)) + return 1; + return 0; + } + /* If it doesn't take numeric either, then it is unsupported for use in + * a config-setting situation, which is what this function is for. This + * should never happen though, because ENGINE_cmd_is_executable() was + * used. */ + if(!(flags & ENGINE_CMD_FLAG_NUMERIC)) + { + ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, + ENGINE_R_INTERNAL_LIST_ERROR); + return 0; + } + l = strtol(arg, &ptr, 10); + if((arg == ptr) || (*ptr != '\0')) + { + ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, + ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER); + return 0; + } + /* Force the result of the control command to 0 or 1, for the reasons + * mentioned before. */ + if(ENGINE_ctrl(e, num, l, NULL, NULL)) + return 1; + return 0; + } diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c index 561d58e5e4..8fd7078678 100644 --- a/crypto/engine/eng_dyn.c +++ b/crypto/engine/eng_dyn.c @@ -236,9 +236,7 @@ static dynamic_data_ctx *dynamic_get_data_ctx(ENGINE *e) return ctx; } -/* As this is only ever called once, there's no need for locking - * (indeed - the lock will already be held by our caller!!!) */ -ENGINE *ENGINE_dynamic(void) +static ENGINE *engine_dynamic(void) { ENGINE *ret = ENGINE_new(); if(!ret) @@ -257,6 +255,20 @@ ENGINE *ENGINE_dynamic(void) return ret; } +void ENGINE_load_dynamic(void) + { + ENGINE *toadd = engine_dynamic(); + if(!toadd) return; + ENGINE_add(toadd); + /* If the "add" worked, it gets a structural reference. So either way, + * we release our just-created reference. */ + ENGINE_free(toadd); + /* If the "add" didn't work, it was probably a conflict because it was + * already added (eg. someone calling ENGINE_load_blah then calling + * ENGINE_load_builtin_engines() perhaps). */ + ERR_clear_error(); + } + static int dynamic_init(ENGINE *e) { /* We always return failure - the "dyanamic" engine itself can't be used diff --git a/crypto/engine/eng_err.c b/crypto/engine/eng_err.c index 5c602c0794..48b774344f 100644 --- a/crypto/engine/eng_err.c +++ b/crypto/engine/eng_err.c @@ -1,6 +1,6 @@ /* crypto/engine/eng_err.c */ /* ==================================================================== - * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -90,6 +90,7 @@ static ERR_STRING_DATA ENGINE_str_functs[]= {ERR_PACK(0,ENGINE_F_ENGINE_SET_DEFAULT_TYPE,0), "ENGINE_SET_DEFAULT_TYPE"}, {ERR_PACK(0,ENGINE_F_ENGINE_SET_ID,0), "ENGINE_set_id"}, {ERR_PACK(0,ENGINE_F_ENGINE_SET_NAME,0), "ENGINE_set_name"}, +{ERR_PACK(0,ENGINE_F_ENGINE_TABLE_REGISTER,0), "ENGINE_TABLE_REGISTER"}, {ERR_PACK(0,ENGINE_F_ENGINE_UNLOAD_KEY,0), "ENGINE_UNLOAD_KEY"}, {ERR_PACK(0,ENGINE_F_INT_CTRL_HELPER,0), "INT_CTRL_HELPER"}, {ERR_PACK(0,ENGINE_F_LOG_MESSAGE,0), "LOG_MESSAGE"}, diff --git a/crypto/engine/eng_evp.c b/crypto/engine/eng_fat.c similarity index 66% rename from crypto/engine/eng_evp.c rename to crypto/engine/eng_fat.c index d48ddcd861..e99b52e034 100644 --- a/crypto/engine/eng_evp.c +++ b/crypto/engine/eng_fat.c @@ -1,6 +1,6 @@ -/* Written by Ben Laurie August 2001 */ +/* crypto/engine/eng_fat.c */ /* ==================================================================== - * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -53,60 +53,50 @@ * */ -#include -#include +#include +#include "cryptlib.h" #include "eng_int.h" -#include - -int ENGINE_add_cipher(ENGINE *e,const EVP_CIPHER *c) - { - ENGINE_EVP_CIPHER *p; - - p=OPENSSL_malloc(sizeof *p); - p->cipher=c; - - if(!e->ciphers) - e->ciphers=sk_ENGINE_EVP_CIPHER_new_null(); - sk_ENGINE_EVP_CIPHER_push(e->ciphers,p); - - return 1; - } - -void ENGINE_free_engine_cipher(ENGINE_EVP_CIPHER *p) - { OPENSSL_free(p); } - -int ENGINE_cipher_num(const ENGINE *e) - { return sk_ENGINE_EVP_CIPHER_num(e->ciphers); } - -const EVP_CIPHER *ENGINE_get_cipher(const ENGINE *e, int n) - { return sk_ENGINE_EVP_CIPHER_value(e->ciphers, n)->cipher; } - -void ENGINE_load_ciphers() - { - ENGINE *e; - - for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) - ENGINE_load_engine_ciphers(e); - } - -void ENGINE_load_engine_ciphers(ENGINE *e) - { - int n; +#include - for(n=0 ; n < sk_ENGINE_EVP_CIPHER_num(e->ciphers) ; ++n) - EVP_add_cipher(sk_ENGINE_EVP_CIPHER_value(e->ciphers,n)->cipher); - } +int ENGINE_set_default(ENGINE *e, unsigned int flags) + { +#ifndef OPENSSL_NO_RSA + if((flags & ENGINE_METHOD_RSA) & !ENGINE_set_default_RSA(e)) + return 0; +#endif +#ifndef OPENSSL_NO_DSA + if((flags & ENGINE_METHOD_DSA) & !ENGINE_set_default_DSA(e)) + return 0; +#endif +#ifndef OPENSSL_NO_DH + if((flags & ENGINE_METHOD_DH) & !ENGINE_set_default_DH(e)) + return 0; +#endif + if((flags & ENGINE_METHOD_RAND) & !ENGINE_set_default_RAND(e)) + return 0; + return 1; + } -const EVP_CIPHER *ENGINE_get_cipher_by_name(ENGINE *e,const char *name) - { - int n; +int ENGINE_register_complete(ENGINE *e) + { +#ifndef OPENSSL_NO_RSA + ENGINE_register_RSA(e); +#endif +#ifndef OPENSSL_NO_DSA + ENGINE_register_DSA(e); +#endif +#ifndef OPENSSL_NO_DH + ENGINE_register_DH(e); +#endif + ENGINE_register_RAND(e); + return 1; + } - for(n=0 ; n < ENGINE_cipher_num(e) ; ++n) +int ENGINE_register_all_complete(void) { - const EVP_CIPHER *c=ENGINE_get_cipher(e,n); + ENGINE *e; - if(!strcmp(EVP_CIPHER_name(c),name)) - return c; + for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) + ENGINE_register_complete(e); + return 1; } - return NULL; - } diff --git a/crypto/engine/eng_init.c b/crypto/engine/eng_init.c new file mode 100644 index 0000000000..98caa21e32 --- /dev/null +++ b/crypto/engine/eng_init.c @@ -0,0 +1,157 @@ +/* crypto/engine/eng_init.c */ +/* ==================================================================== + * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include "cryptlib.h" +#include "eng_int.h" +#include + +/* Initialise a engine type for use (or up its functional reference count + * if it's already in use). This version is only used internally. */ +int engine_unlocked_init(ENGINE *e) + { + int to_return = 1; + + if((e->funct_ref == 0) && e->init) + /* This is the first functional reference and the engine + * requires initialisation so we do it now. */ + to_return = e->init(e); + if(to_return) + { + /* OK, we return a functional reference which is also a + * structural reference. */ + e->struct_ref++; + e->funct_ref++; + engine_ref_debug(e, 0, 1) + engine_ref_debug(e, 1, 1) + } + return to_return; + } + +/* Free a functional reference to a engine type. This version is only used + * internally. */ +int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers) + { + int to_return = 1; + + /* Reduce the functional reference count here so if it's the terminating + * case, we can release the lock safely and call the finish() handler + * without risk of a race. We get a race if we leave the count until + * after and something else is calling "finish" at the same time - + * there's a chance that both threads will together take the count from + * 2 to 0 without either calling finish(). */ + e->funct_ref--; + engine_ref_debug(e, 1, -1) + if((e->funct_ref == 0) && e->finish) + { + if(unlock_for_handlers) + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + to_return = e->finish(e); + if(unlock_for_handlers) + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + if(!to_return) + return 0; + } +#ifdef REF_CHECK + if(e->funct_ref < 0) + { + fprintf(stderr,"ENGINE_finish, bad functional reference count\n"); + abort(); + } +#endif + /* Release the structural reference too */ + if(!engine_free_util(e, 0)) + { + ENGINEerr(ENGINE_F_ENGINE_FINISH,ENGINE_R_FINISH_FAILED); + return 0; + } + return to_return; + } + +/* The API (locked) version of "init" */ +int ENGINE_init(ENGINE *e) + { + int ret; + if(e == NULL) + { + ENGINEerr(ENGINE_F_ENGINE_INIT,ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + ret = engine_unlocked_init(e); + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + return ret; + } + +/* The API (locked) version of "finish" */ +int ENGINE_finish(ENGINE *e) + { + int to_return = 1; + + if(e == NULL) + { + ENGINEerr(ENGINE_F_ENGINE_FINISH,ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + to_return = engine_unlocked_finish(e, 1); + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + if(!to_return) + { + ENGINEerr(ENGINE_F_ENGINE_FINISH,ENGINE_R_FINISH_FAILED); + return 0; + } + return to_return; + } diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h index 7c7532564e..e07da813b6 100644 --- a/crypto/engine/eng_int.h +++ b/crypto/engine/eng_int.h @@ -87,14 +87,43 @@ extern "C" { #endif -typedef struct engine_evp_cipher_st - { - const EVP_CIPHER *cipher; - } ENGINE_EVP_CIPHER; - -DECLARE_STACK_OF(ENGINE_EVP_CIPHER) +/* Any code that will need cleanup operations should use these functions to + * register callbacks. ENGINE_cleanup() will call all registered callbacks in + * order. NB: both the "add" functions assume CRYPTO_LOCK_ENGINE to already be + * held (in "write" mode). */ +typedef void (ENGINE_CLEANUP_CB)(void); +DECLARE_STACK_OF(ENGINE_CLEANUP_CB) +void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb); +void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb); + +/* We need stacks of ENGINEs for use in eng_table.c */ +DECLARE_STACK_OF(ENGINE) + +/* If this symbol is defined then engine_table_select(), the function that is + * used by RSA, DSA (etc) code to select registered ENGINEs, cache defaults and + * functional references (etc), will display debugging summaries to stderr. */ +/* #define ENGINE_TABLE_DEBUG */ + +/* This represents an implementation table. Dependent code should instantiate it + * as a (ENGINE_TABLE *) pointer value set initially to NULL. */ +typedef struct st_engine_table ENGINE_TABLE; +int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, + ENGINE *e, const int *nids, int num_nids, int setdefault); +void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e); +void engine_table_cleanup(ENGINE_TABLE **table); +#ifndef ENGINE_TABLE_DEBUG +ENGINE *engine_table_select(ENGINE_TABLE **table, int nid); +#else +ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, int l); +#define engine_table_select(t,n) engine_table_select_tmp(t,n,__FILE__,__LINE__) +#endif -void ENGINE_free_engine_cipher(ENGINE_EVP_CIPHER *p); +/* Internal versions of API functions that have control over locking. These are + * used between C files when functionality needs to be shared but the caller may + * already be controlling of the CRYPTO_LOCK_ENGINE lock. */ +int engine_unlocked_init(ENGINE *e); +int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers); +int engine_free_util(ENGINE *e, int locked); /* NB: Bitwise OR-able values for the "flags" variable in ENGINE are now exposed * in engine.h. */ @@ -110,17 +139,14 @@ struct engine_st const DH_METHOD *dh_meth; const RAND_METHOD *rand_meth; - BN_MOD_EXP bn_mod_exp; - BN_MOD_EXP_CRT bn_mod_exp_crt; ENGINE_GEN_INT_FUNC_PTR destroy; + ENGINE_GEN_INT_FUNC_PTR init; ENGINE_GEN_INT_FUNC_PTR finish; ENGINE_CTRL_FUNC_PTR ctrl; ENGINE_LOAD_KEY_PTR load_privkey; ENGINE_LOAD_KEY_PTR load_pubkey; - STACK_OF(ENGINE_EVP_CIPHER) *ciphers; - const ENGINE_CMD_DEFN *cmd_defns; int flags; /* reference count on the structure itself */ @@ -138,48 +164,6 @@ struct engine_st struct engine_st *next; }; -/* BUILT-IN ENGINES. (these functions are only ever called once and - * do not return references - they are purely for bootstrapping). */ - -/* Returns a structure of software only methods (the default). */ -ENGINE *ENGINE_openssl(void); - -/* Returns the "dynamic" ENGINE for loading entire ENGINE implementations from - * shared libraries. */ -ENGINE *ENGINE_dynamic(void); - -#ifndef OPENSSL_NO_HW - -#ifndef OPENSSL_NO_HW_CSWIFT -/* Returns a structure of cswift methods ... NB: This can exist and be - * "used" even on non-cswift systems because the "init" will fail if the - * card/library are not found. */ -ENGINE *ENGINE_cswift(void); -#endif /* !OPENSSL_NO_HW_CSWIFT */ - -#ifndef OPENSSL_NO_HW_NCIPHER -ENGINE *ENGINE_ncipher(void); -#endif /* !OPENSSL_NO_HW_NCIPHER */ - -#ifndef OPENSSL_NO_HW_ATALLA -/* Returns a structure of atalla methods. */ -ENGINE *ENGINE_atalla(void); -#endif /* !OPENSSL_NO_HW_ATALLA */ - -#ifndef OPENSSL_NO_HW_NURON -ENGINE *ENGINE_nuron(void); -#endif /* !OPENSSL_NO_HW_NURON */ - -#ifndef OPENSSL_NO_HW_UBSEC -ENGINE *ENGINE_ubsec(void); -#endif /* !OPENSSL_NO_HW_UBSEC */ - -#ifdef OPENSSL_OPENBSD_DEV_CRYPTO -ENGINE *ENGINE_openbsd_dev_crypto(void); -#endif - -#endif /* !OPENSSL_NO_HW */ - #ifdef __cplusplus } #endif diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c index c215313cbb..6dabdfdb35 100644 --- a/crypto/engine/eng_lib.c +++ b/crypto/engine/eng_lib.c @@ -59,806 +59,227 @@ #include #include "cryptlib.h" #include "eng_int.h" +#include /* FIXME: This shouldn't be needed */ #include -/* These pointers each have their own "functional reference" when they - * are non-NULL. Similarly, when they are retrieved by a call to - * ENGINE_get_default_[RSA|DSA|...] the returned pointer is also a - * reference and the caller is responsible for freeing that when they - * are finished with it (with a call to ENGINE_finish() *NOT* just - * ENGINE_free()!!!!!!). */ -#ifndef OPENSSL_NO_RSA -static ENGINE *engine_def_rsa = NULL; -#endif -#ifndef OPENSSL_NO_DSA -static ENGINE *engine_def_dsa = NULL; -#endif -#ifndef OPENSSL_NO_DH -static ENGINE *engine_def_dh = NULL; -#endif -static ENGINE *engine_def_rand = NULL; -static ENGINE *engine_def_bn_mod_exp = NULL; -static ENGINE *engine_def_bn_mod_exp_crt = NULL; -/* A static "once-only" flag used to control if/when the above were - * initialised to suitable start-up defaults. */ -static int engine_def_flag = 0; - -/* When querying a ENGINE-specific control command's 'description', this string - * is used if the ENGINE_CMD_DEFN has cmd_desc set to NULL. */ -static const char *int_no_description = ""; +/* The "new"/"free" stuff first */ -/* This is used in certain static utility functions to save code - * repetition for per-algorithm functions. */ -typedef enum { - ENGINE_TYPE_RSA, - ENGINE_TYPE_DSA, - ENGINE_TYPE_DH, - ENGINE_TYPE_RAND, - ENGINE_TYPE_BN_MOD_EXP, - ENGINE_TYPE_BN_MOD_EXP_CRT - } ENGINE_TYPE; - -static void engine_def_check_util(ENGINE **def, ENGINE *val) +ENGINE *ENGINE_new(void) { - *def = val; - val->struct_ref++; - val->funct_ref++; - engine_ref_debug(val, 0, 1) - engine_ref_debug(val, 1, 1) - } + ENGINE *ret; -/* In a slight break with convention - this static function must be - * called *outside* any locking of CRYPTO_LOCK_ENGINE. */ -static void engine_def_check(void) - { - ENGINE *e; - if(engine_def_flag) - return; - e = ENGINE_get_first(); - if(e == NULL) - /* The list is empty ... not much we can do! */ - return; - /* We have a structural reference, see if getting a functional - * reference is possible. This is done to cope with init errors - * in the engine - the following locked code does a bunch of - * manual "ENGINE_init"s which do *not* allow such an init - * error so this is worth doing. */ - if(ENGINE_init(e)) + ret = (ENGINE *)OPENSSL_malloc(sizeof(ENGINE)); + if(ret == NULL) { - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - /* Doing another check here prevents an obvious race - * condition because the whole function itself cannot - * be locked. */ - if(engine_def_flag) - goto skip_set_defaults; - /* OK, we got a functional reference, so we get one each - * for the defaults too. */ -#ifndef OPENSSL_NO_RSA - engine_def_check_util(&engine_def_rsa, e); -#endif -#ifndef OPENSSL_NO_DSA - engine_def_check_util(&engine_def_dsa, e); -#endif -#ifndef OPENSSL_NO_DH - engine_def_check_util(&engine_def_dh, e); -#endif - engine_def_check_util(&engine_def_rand, e); - engine_def_check_util(&engine_def_bn_mod_exp, e); - engine_def_check_util(&engine_def_bn_mod_exp_crt, e); - engine_def_flag = 1; -skip_set_defaults: - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - /* The "if" needs to be balanced out. */ - ENGINE_finish(e); + ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE); + return NULL; } - /* We need to balance out the fact we obtained a structural - * reference to begin with from ENGINE_get_first(). */ - ENGINE_free(e); - } - -/* Initialise a engine type for use (or up its functional reference count - * if it's already in use). */ -int ENGINE_init(ENGINE *e) - { - int to_return = 1; - - if(e == NULL) - { - ENGINEerr(ENGINE_F_ENGINE_INIT,ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - if((e->funct_ref == 0) && e->init) - /* This is the first functional reference and the engine - * requires initialisation so we do it now. */ - to_return = e->init(e); - if(to_return) - { - /* OK, we return a functional reference which is also a - * structural reference. */ - e->struct_ref++; - e->funct_ref++; - engine_ref_debug(e, 0, 1) - engine_ref_debug(e, 1, 1) - } - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - return to_return; + memset(ret, 0, sizeof(ENGINE)); + ret->struct_ref = 1; + engine_ref_debug(ret, 0, 1) + CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data); + return ret; } -/* Free a functional reference to a engine type */ -int ENGINE_finish(ENGINE *e) +int engine_free_util(ENGINE *e, int locked) { - int to_return = 1; + int i; if(e == NULL) { - ENGINEerr(ENGINE_F_ENGINE_FINISH,ERR_R_PASSED_NULL_PARAMETER); + ENGINEerr(ENGINE_F_ENGINE_FREE, + ERR_R_PASSED_NULL_PARAMETER); return 0; } - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - /* Reduce the functional reference count here so if it's the terminating - * case, we can release the lock safely and call the finish() handler - * without risk of a race. We get a race if we leave the count until - * after and something else is calling "finish" at the same time - - * there's a chance that both threads will together take the count from - * 2 to 0 without either calling finish(). */ - e->funct_ref--; - engine_ref_debug(e, 1, -1) - if((e->funct_ref == 0) && e->finish) - { - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - if(!(to_return = e->finish(e))) - { - ENGINEerr(ENGINE_F_ENGINE_FINISH,ENGINE_R_FINISH_FAILED); - return 0; - } - } + if(locked) + i = CRYPTO_add(&e->struct_ref,-1,CRYPTO_LOCK_ENGINE); else - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + i = --e->struct_ref; + engine_ref_debug(e, 0, -1) + if (i > 0) return 1; #ifdef REF_CHECK - if(e->funct_ref < 0) + if (i < 0) { - fprintf(stderr,"ENGINE_finish, bad functional reference count\n"); + fprintf(stderr,"ENGINE_free, bad structural reference count\n"); abort(); } #endif - /* Release the structural reference too */ - if(!ENGINE_free(e)) - { - ENGINEerr(ENGINE_F_ENGINE_FINISH,ENGINE_R_FINISH_FAILED); - return 0; - } - return to_return; + /* Give the ENGINE a chance to do any structural cleanup corresponding + * to allocation it did in its constructor (eg. unload error strings) */ + if(e->destroy) + e->destroy(e); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data); + OPENSSL_free(e); + return 1; } -EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, - UI_METHOD *ui_method, void *callback_data) +int ENGINE_free(ENGINE *e) { - EVP_PKEY *pkey; - - if(e == NULL) - { - ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, - ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - if(e->funct_ref == 0) - { - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, - ENGINE_R_NOT_INITIALISED); - return 0; - } - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - if (!e->load_privkey) - { - ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, - ENGINE_R_NO_LOAD_FUNCTION); - return 0; - } - pkey = e->load_privkey(e, key_id, ui_method, callback_data); - if (!pkey) - { - ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, - ENGINE_R_FAILED_LOADING_PRIVATE_KEY); - return 0; - } - return pkey; + return engine_free_util(e, 1); } -EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, - UI_METHOD *ui_method, void *callback_data) - { - EVP_PKEY *pkey; +/* Cleanup stuff */ - if(e == NULL) - { - ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, - ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - if(e->funct_ref == 0) - { - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, - ENGINE_R_NOT_INITIALISED); - return 0; - } - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - if (!e->load_pubkey) - { - ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, - ENGINE_R_NO_LOAD_FUNCTION); - return 0; - } - pkey = e->load_pubkey(e, key_id, ui_method, callback_data); - if (!pkey) - { - ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, - ENGINE_R_FAILED_LOADING_PUBLIC_KEY); - return 0; - } - return pkey; - } - -/* These internal functions handle 'CMD'-related control commands when the - * ENGINE in question has asked us to take care of it (ie. the ENGINE did not - * set the ENGINE_FLAGS_MANUAL_CMD_CTRL flag. */ - -static int int_ctrl_cmd_is_null(const ENGINE_CMD_DEFN *defn) +/* ENGINE_cleanup() is coded such that anything that does work that will need + * cleanup can register a "cleanup" callback here. That way we don't get linker + * bloat by referring to all *possible* cleanups, but any linker bloat into code + * "X" will cause X's cleanup function to end up here. */ +static STACK_OF(ENGINE_CLEANUP_CB) *cleanup_stack = NULL; +static int int_cleanup_check(int create) { - if((defn->cmd_num == 0) || (defn->cmd_name == NULL)) - return 1; - return 0; + if(cleanup_stack) return 1; + if(!create) return 0; + cleanup_stack = sk_ENGINE_CLEANUP_CB_new_null(); + return (cleanup_stack ? 1 : 0); } - -static int int_ctrl_cmd_by_name(const ENGINE_CMD_DEFN *defn, const char *s) +void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb) { - int idx = 0; - while(!int_ctrl_cmd_is_null(defn) && (strcmp(defn->cmd_name, s) != 0)) - { - idx++; - defn++; - } - if(int_ctrl_cmd_is_null(defn)) - /* The given name wasn't found */ - return -1; - return idx; + if(!int_cleanup_check(1)) return; + sk_ENGINE_CLEANUP_CB_insert(cleanup_stack, cb, 0); } - -static int int_ctrl_cmd_by_num(const ENGINE_CMD_DEFN *defn, unsigned int num) +void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb) { - int idx = 0; - /* NB: It is stipulated that 'cmd_defn' lists are ordered by cmd_num. So - * our searches don't need to take any longer than necessary. */ - while(!int_ctrl_cmd_is_null(defn) && (defn->cmd_num < num)) - { - idx++; - defn++; - } - if(defn->cmd_num == num) - return idx; - /* The given cmd_num wasn't found */ - return -1; + if(!int_cleanup_check(1)) return; + sk_ENGINE_CLEANUP_CB_push(cleanup_stack, cb); } - -static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, void (*f)()) +/* The API function that performs all cleanup */ +void ENGINE_cleanup(void) { - int idx; - char *s = (char *)p; - /* Take care of the easy one first (eg. it requires no searches) */ - if(cmd == ENGINE_CTRL_GET_FIRST_CMD_TYPE) - { - if((e->cmd_defns == NULL) || int_ctrl_cmd_is_null(e->cmd_defns)) - return 0; - return e->cmd_defns->cmd_num; - } - /* One or two commands require that "p" be a valid string buffer */ - if((cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) || - (cmd == ENGINE_CTRL_GET_NAME_FROM_CMD) || - (cmd == ENGINE_CTRL_GET_DESC_FROM_CMD)) + if(int_cleanup_check(0)) { - if(s == NULL) + int loop = 0, num = sk_ENGINE_CLEANUP_CB_num(cleanup_stack); + while(loop < num) { - ENGINEerr(ENGINE_F_INT_CTRL_HELPER, - ERR_R_PASSED_NULL_PARAMETER); - return -1; + ENGINE_CLEANUP_CB *cb = sk_ENGINE_CLEANUP_CB_value( + cleanup_stack, loop++); + (*cb)(); } + sk_ENGINE_CLEANUP_CB_free(cleanup_stack); + cleanup_stack = NULL; } - /* Now handle cmd_name -> cmd_num conversion */ - if(cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) - { - if((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_name( - e->cmd_defns, s)) < 0)) - { - ENGINEerr(ENGINE_F_INT_CTRL_HELPER, - ENGINE_R_INVALID_CMD_NAME); - return -1; - } - return e->cmd_defns[idx].cmd_num; - } - /* For the rest of the commands, the 'long' argument must specify a - * valie command number - so we need to conduct a search. */ - if((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_num(e->cmd_defns, - (unsigned int)i)) < 0)) - { - ENGINEerr(ENGINE_F_INT_CTRL_HELPER, - ENGINE_R_INVALID_CMD_NUMBER); - return -1; - } - /* Now the logic splits depending on command type */ - switch(cmd) - { - case ENGINE_CTRL_GET_NEXT_CMD_TYPE: - idx++; - if(int_ctrl_cmd_is_null(e->cmd_defns + idx)) - /* end-of-list */ - return 0; - else - return e->cmd_defns[idx].cmd_num; - case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD: - return strlen(e->cmd_defns[idx].cmd_name); - case ENGINE_CTRL_GET_NAME_FROM_CMD: - return sprintf(s, "%s", e->cmd_defns[idx].cmd_name); - case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD: - if(e->cmd_defns[idx].cmd_desc) - return strlen(e->cmd_defns[idx].cmd_desc); - return strlen(int_no_description); - case ENGINE_CTRL_GET_DESC_FROM_CMD: - if(e->cmd_defns[idx].cmd_desc) - return sprintf(s, "%s", e->cmd_defns[idx].cmd_desc); - return sprintf(s, "%s", int_no_description); - case ENGINE_CTRL_GET_CMD_FLAGS: - return e->cmd_defns[idx].cmd_flags; - } - /* Shouldn't really be here ... */ - ENGINEerr(ENGINE_F_INT_CTRL_HELPER,ENGINE_R_INTERNAL_LIST_ERROR); - return -1; + /* FIXME: This should be handled (somehow) through RAND, eg. by it + * registering a cleanup callback. */ + RAND_set_rand_method(NULL); } -int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) +/* Now the "ex_data" support */ + +int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { - int ctrl_exists, ref_exists; - if(e == NULL) - { - ENGINEerr(ENGINE_F_ENGINE_CTRL,ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - ref_exists = ((e->struct_ref > 0) ? 1 : 0); - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - ctrl_exists = ((e->ctrl == NULL) ? 0 : 1); - if(!ref_exists) - { - ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_REFERENCE); - return 0; - } - /* Intercept any "root-level" commands before trying to hand them on to - * ctrl() handlers. */ - switch(cmd) - { - case ENGINE_CTRL_HAS_CTRL_FUNCTION: - return ctrl_exists; - case ENGINE_CTRL_GET_FIRST_CMD_TYPE: - case ENGINE_CTRL_GET_NEXT_CMD_TYPE: - case ENGINE_CTRL_GET_CMD_FROM_NAME: - case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD: - case ENGINE_CTRL_GET_NAME_FROM_CMD: - case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD: - case ENGINE_CTRL_GET_DESC_FROM_CMD: - case ENGINE_CTRL_GET_CMD_FLAGS: - if(ctrl_exists && !(e->flags & ENGINE_FLAGS_MANUAL_CMD_CTRL)) - return int_ctrl_helper(e,cmd,i,p,f); - if(!ctrl_exists) - { - ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION); - /* For these cmd-related functions, failure is indicated - * by a -1 return value (because 0 is used as a valid - * return in some places). */ - return -1; - } - default: - break; - } - /* Anything else requires a ctrl() handler to exist. */ - if(!ctrl_exists) - { - ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION); - return 0; - } - return e->ctrl(e, cmd, i, p, f); + return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, argl, argp, + new_func, dup_func, free_func); } -int ENGINE_cmd_is_executable(ENGINE *e, int cmd) +int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg) { - int flags; - if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, cmd, NULL, NULL)) < 0) - { - ENGINEerr(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE, - ENGINE_R_INVALID_CMD_NUMBER); - return 0; - } - if(!(flags & ENGINE_CMD_FLAG_NO_INPUT) && - !(flags & ENGINE_CMD_FLAG_NUMERIC) && - !(flags & ENGINE_CMD_FLAG_STRING)) - return 0; - return 1; + return(CRYPTO_set_ex_data(&e->ex_data, idx, arg)); } -int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, - long i, void *p, void (*f)(), int cmd_optional) - { - int num; +void *ENGINE_get_ex_data(const ENGINE *e, int idx) + { + return(CRYPTO_get_ex_data(&e->ex_data, idx)); + } - if((e == NULL) || (cmd_name == NULL)) - { - ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, - ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if((e->ctrl == NULL) || ((num = ENGINE_ctrl(e, - ENGINE_CTRL_GET_CMD_FROM_NAME, - 0, (void *)cmd_name, NULL)) <= 0)) - { - /* If the command didn't *have* to be supported, we fake - * success. This allows certain settings to be specified for - * multiple ENGINEs and only require a change of ENGINE id - * (without having to selectively apply settings). Eg. changing - * from a hardware device back to the regular software ENGINE - * without editing the config file, etc. */ - if(cmd_optional) - { - ERR_clear_error(); - return 1; - } - ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD, - ENGINE_R_INVALID_CMD_NAME); - return 0; - } - /* Force the result of the control command to 0 or 1, for the reasons - * mentioned before. */ - if (ENGINE_ctrl(e, num, i, p, f)) - return 1; - return 0; - } +/* Functions to get/set an ENGINE's elements - mainly to avoid exposing the + * ENGINE structure itself. */ -int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, - int cmd_optional) +int ENGINE_set_id(ENGINE *e, const char *id) { - int num, flags; - long l; - char *ptr; - if((e == NULL) || (cmd_name == NULL)) + if(id == NULL) { - ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, + ENGINEerr(ENGINE_F_ENGINE_SET_ID, ERR_R_PASSED_NULL_PARAMETER); return 0; } - if((e->ctrl == NULL) || ((num = ENGINE_ctrl(e, - ENGINE_CTRL_GET_CMD_FROM_NAME, - 0, (void *)cmd_name, NULL)) <= 0)) - { - /* If the command didn't *have* to be supported, we fake - * success. This allows certain settings to be specified for - * multiple ENGINEs and only require a change of ENGINE id - * (without having to selectively apply settings). Eg. changing - * from a hardware device back to the regular software ENGINE - * without editing the config file, etc. */ - if(cmd_optional) - { - ERR_clear_error(); - return 1; - } - ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, - ENGINE_R_INVALID_CMD_NAME); - return 0; - } - if(!ENGINE_cmd_is_executable(e, num)) - { - ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, - ENGINE_R_CMD_NOT_EXECUTABLE); - return 0; - } - if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, NULL, NULL)) < 0) - { - /* Shouldn't happen, given that ENGINE_cmd_is_executable() - * returned success. */ - ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, - ENGINE_R_INTERNAL_LIST_ERROR); - return 0; - } - /* If the command takes no input, there must be no input. And vice - * versa. */ - if(flags & ENGINE_CMD_FLAG_NO_INPUT) - { - if(arg != NULL) - { - ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, - ENGINE_R_COMMAND_TAKES_NO_INPUT); - return 0; - } - /* We deliberately force the result of ENGINE_ctrl() to 0 or 1 - * rather than returning it as "return data". This is to ensure - * usage of these commands is consistent across applications and - * that certain applications don't understand it one way, and - * others another. */ - if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL)) - return 1; - return 0; - } - /* So, we require input */ - if(arg == NULL) - { - ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, - ENGINE_R_COMMAND_TAKES_INPUT); - return 0; - } - /* If it takes string input, that's easy */ - if(flags & ENGINE_CMD_FLAG_STRING) - { - /* Same explanation as above */ - if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL)) - return 1; - return 0; - } - /* If it doesn't take numeric either, then it is unsupported for use in - * a config-setting situation, which is what this function is for. This - * should never happen though, because ENGINE_cmd_is_executable() was - * used. */ - if(!(flags & ENGINE_CMD_FLAG_NUMERIC)) - { - ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, - ENGINE_R_INTERNAL_LIST_ERROR); - return 0; - } - l = strtol(arg, &ptr, 10); - if((arg == ptr) || (*ptr != '\0')) - { - ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, - ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER); - return 0; - } - /* Force the result of the control command to 0 or 1, for the reasons - * mentioned before. */ - if(ENGINE_ctrl(e, num, l, NULL, NULL)) - return 1; - return 0; + e->id = id; + return 1; } -static ENGINE *engine_get_default_type(ENGINE_TYPE t) +int ENGINE_set_name(ENGINE *e, const char *name) { - ENGINE *ret = NULL; - - /* engine_def_check is lean and mean and won't replace any - * prior default engines ... so we must ensure that it is always - * the first function to get to touch the default values. */ - engine_def_check(); - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - switch(t) - { -#ifndef OPENSSL_NO_RSA - case ENGINE_TYPE_RSA: - ret = engine_def_rsa; break; -#endif -#ifndef OPENSSL_NO_DSA - case ENGINE_TYPE_DSA: - ret = engine_def_dsa; break; -#endif -#ifndef OPENSSL_NO_DH - case ENGINE_TYPE_DH: - ret = engine_def_dh; break; -#endif - case ENGINE_TYPE_RAND: - ret = engine_def_rand; break; - case ENGINE_TYPE_BN_MOD_EXP: - ret = engine_def_bn_mod_exp; break; - case ENGINE_TYPE_BN_MOD_EXP_CRT: - ret = engine_def_bn_mod_exp_crt; break; - default: - break; - } - /* Unforunately we can't do this work outside the lock with a - * call to ENGINE_init() because that would leave a race - * condition open. */ - if(ret) + if(name == NULL) { - ret->struct_ref++; - ret->funct_ref++; - engine_ref_debug(ret, 0, 1) - engine_ref_debug(ret, 1, 1) + ENGINEerr(ENGINE_F_ENGINE_SET_NAME, + ERR_R_PASSED_NULL_PARAMETER); + return 0; } - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - return ret; - } - -#ifndef OPENSSL_NO_RSA -ENGINE *ENGINE_get_default_RSA(void) - { - return engine_get_default_type(ENGINE_TYPE_RSA); + e->name = name; + return 1; } -#endif -#ifndef OPENSSL_NO_DSA -ENGINE *ENGINE_get_default_DSA(void) +int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f) { - return engine_get_default_type(ENGINE_TYPE_DSA); + e->destroy = destroy_f; + return 1; } -#endif -#ifndef OPENSSL_NO_DH -ENGINE *ENGINE_get_default_DH(void) +int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f) { - return engine_get_default_type(ENGINE_TYPE_DH); + e->init = init_f; + return 1; } -#endif -ENGINE *ENGINE_get_default_RAND(void) +int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f) { - return engine_get_default_type(ENGINE_TYPE_RAND); + e->finish = finish_f; + return 1; } -ENGINE *ENGINE_get_default_BN_mod_exp(void) +int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f) { - return engine_get_default_type(ENGINE_TYPE_BN_MOD_EXP); + e->ctrl = ctrl_f; + return 1; } -ENGINE *ENGINE_get_default_BN_mod_exp_crt(void) +int ENGINE_set_flags(ENGINE *e, int flags) { - return engine_get_default_type(ENGINE_TYPE_BN_MOD_EXP_CRT); + e->flags = flags; + return 1; } -static int engine_set_default_type(ENGINE_TYPE t, ENGINE *e) +int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns) { - ENGINE *old = NULL; - - /* engine_def_check is lean and mean and won't replace any - * prior default engines ... so we must ensure that it is always - * the first function to get to touch the default values. */ - engine_def_check(); - /* Attempt to get a functional reference (we need one anyway, but - * also, 'e' may be just a structural reference being passed in so - * this call may actually be the first). */ - if(e && !ENGINE_init(e)) - { - ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_TYPE, - ENGINE_R_INIT_FAILED); - return 0; - } - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - switch(t) - { -#ifndef OPENSSL_NO_RSA - case ENGINE_TYPE_RSA: - old = engine_def_rsa; - engine_def_rsa = e; break; -#endif -#ifndef OPENSSL_NO_DSA - case ENGINE_TYPE_DSA: - old = engine_def_dsa; - engine_def_dsa = e; break; -#endif -#ifndef OPENSSL_NO_DH - case ENGINE_TYPE_DH: - old = engine_def_dh; - engine_def_dh = e; break; -#endif - case ENGINE_TYPE_RAND: - old = engine_def_rand; - engine_def_rand = e; break; - case ENGINE_TYPE_BN_MOD_EXP: - old = engine_def_bn_mod_exp; - engine_def_bn_mod_exp = e; break; - case ENGINE_TYPE_BN_MOD_EXP_CRT: - old = engine_def_bn_mod_exp_crt; - engine_def_bn_mod_exp_crt = e; break; - default: - break; - } - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - /* If we've replaced a previous value, then we need to remove the - * functional reference we had. */ - if(old && !ENGINE_finish(old)) - { - ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_TYPE, - ENGINE_R_FINISH_FAILED); - return 0; - } + e->cmd_defns = defns; return 1; } -#ifndef OPENSSL_NO_RSA -int ENGINE_set_default_RSA(ENGINE *e) +const char *ENGINE_get_id(const ENGINE *e) { - return engine_set_default_type(ENGINE_TYPE_RSA, e); + return e->id; } -#endif -#ifndef OPENSSL_NO_DSA -int ENGINE_set_default_DSA(ENGINE *e) +const char *ENGINE_get_name(const ENGINE *e) { - return engine_set_default_type(ENGINE_TYPE_DSA, e); + return e->name; } -#endif -#ifndef OPENSSL_NO_DH -int ENGINE_set_default_DH(ENGINE *e) +ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e) { - return engine_set_default_type(ENGINE_TYPE_DH, e); + return e->destroy; } -#endif -int ENGINE_set_default_RAND(ENGINE *e) +ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e) { - return engine_set_default_type(ENGINE_TYPE_RAND, e); + return e->init; } -int ENGINE_set_default_BN_mod_exp(ENGINE *e) +ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e) { - return engine_set_default_type(ENGINE_TYPE_BN_MOD_EXP, e); + return e->finish; } -int ENGINE_set_default_BN_mod_exp_crt(ENGINE *e) +ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e) { - return engine_set_default_type(ENGINE_TYPE_BN_MOD_EXP_CRT, e); + return e->ctrl; } -int ENGINE_set_default(ENGINE *e, unsigned int flags) +int ENGINE_get_flags(const ENGINE *e) { -#ifndef OPENSSL_NO_RSA - if((flags & ENGINE_METHOD_RSA) && e->rsa_meth && - !ENGINE_set_default_RSA(e)) - return 0; -#endif -#ifndef OPENSSL_NO_DSA - if((flags & ENGINE_METHOD_DSA) && e->dsa_meth && - !ENGINE_set_default_DSA(e)) - return 0; -#endif -#ifndef OPENSSL_NO_DH - if((flags & ENGINE_METHOD_DH) && e->dh_meth && - !ENGINE_set_default_DH(e)) - return 0; -#endif - if((flags & ENGINE_METHOD_RAND) && e->rand_meth && - !ENGINE_set_default_RAND(e)) - return 0; - if((flags & ENGINE_METHOD_BN_MOD_EXP) && e->bn_mod_exp && - !ENGINE_set_default_BN_mod_exp(e)) - return 0; - if((flags & ENGINE_METHOD_BN_MOD_EXP_CRT) && e->bn_mod_exp_crt && - !ENGINE_set_default_BN_mod_exp_crt(e)) - return 0; - return 1; + return e->flags; } -int ENGINE_clear_defaults(void) +const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e) { - /* If the defaults haven't even been set yet, don't bother. Any kind of - * "cleanup" has a kind of implicit race-condition if another thread is - * trying to keep going, so we don't address that with locking. The - * first ENGINE_set_default_*** call will actually *create* a standard - * set of default ENGINEs (including init() and functional reference - * counts aplenty) before the rest of this function undoes them all. So - * save some hassle ... */ - if(!engine_def_flag) - return 1; - if((0 == 1) || -#ifndef OPENSSL_NO_RSA - !ENGINE_set_default_RSA(NULL) || -#endif -#ifndef OPENSSL_NO_DSA - !ENGINE_set_default_DSA(NULL) || -#endif -#ifndef OPENSSL_NO_DH - !ENGINE_set_default_DH(NULL) || -#endif - !ENGINE_set_default_RAND(NULL) || - !ENGINE_set_default_BN_mod_exp(NULL) || - !ENGINE_set_default_BN_mod_exp_crt(NULL) || - !RAND_set_rand_method(NULL)) - return 0; - return 1; + return e->cmd_defns; } - diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c index 4b558ec306..b730f130b0 100644 --- a/crypto/engine/eng_list.c +++ b/crypto/engine/eng_list.c @@ -73,11 +73,21 @@ * list member. */ static ENGINE *engine_list_head = NULL; static ENGINE *engine_list_tail = NULL; -/* A boolean switch, used to ensure we only initialise once. This - * is needed because the engine list may genuinely become empty during - * use (so we can't use engine_list_head as an indicator for example. */ -static int engine_list_flag = 0; -static int ENGINE_free_util(ENGINE *e, int locked); + +/* This cleanup function is only needed internally. If it should be called, we + * register it with the "ENGINE_cleanup()" stack to be called during cleanup. */ + +static void engine_list_cleanup(void) + { + ENGINE *iterator = engine_list_head; + + while(iterator != NULL) + { + ENGINE_remove(iterator); + iterator = engine_list_head; + } + return; + } /* These static functions starting with a lower case "engine_" always * take place when CRYPTO_LOCK_ENGINE has been locked up. */ @@ -115,6 +125,9 @@ static int engine_list_add(ENGINE *e) } engine_list_head = e; e->prev = NULL; + /* The first time the list allocates, we should register the + * cleanup. */ + engine_cleanup_add_last(engine_list_cleanup); } else { @@ -169,66 +182,36 @@ static int engine_list_remove(ENGINE *e) engine_list_head = e->next; if(engine_list_tail == e) engine_list_tail = e->prev; - ENGINE_free_util(e, 0); - return 1; - } - -/* This check always takes place with CRYPTO_LOCK_ENGINE locked up - * so we're synchronised, but we can't call anything that tries to - * lock it again! :-) NB: For convenience (and code-clarity) we - * don't output errors for failures of the engine_list_add function - * as it will generate errors itself. */ -static int engine_internal_check(void) - { - int toret = 1; - ENGINE *def_engine1, *def_engine2; - if(engine_list_flag) - return 1; - /* This is our first time up, we need to populate the list - * with our statically compiled-in engines. */ - def_engine1 = ENGINE_openssl(); - def_engine2 = ENGINE_dynamic(); - if(!engine_list_add(def_engine1) || - !engine_list_add(def_engine2)) - toret = 0; - else - engine_list_flag = 1; - ENGINE_free_util(def_engine1, 0); - ENGINE_free_util(def_engine2, 0); + engine_free_util(e, 0); return 1; } /* Get the first/last "ENGINE" type available. */ ENGINE *ENGINE_get_first(void) { - ENGINE *ret = NULL; + ENGINE *ret; CRYPTO_r_lock(CRYPTO_LOCK_ENGINE); - if(engine_internal_check()) + ret = engine_list_head; + if(ret) { - ret = engine_list_head; - if(ret) - { - ret->struct_ref++; - engine_ref_debug(ret, 0, 1) - } + ret->struct_ref++; + engine_ref_debug(ret, 0, 1) } CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE); return ret; } + ENGINE *ENGINE_get_last(void) { - ENGINE *ret = NULL; + ENGINE *ret; CRYPTO_r_lock(CRYPTO_LOCK_ENGINE); - if(engine_internal_check()) - { ret = engine_list_tail; - if(ret) - { - ret->struct_ref++; - engine_ref_debug(ret, 0, 1) - } + if(ret) + { + ret->struct_ref++; + engine_ref_debug(ret, 0, 1) } CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE); return ret; @@ -257,6 +240,7 @@ ENGINE *ENGINE_get_next(ENGINE *e) ENGINE_free(e); return ret; } + ENGINE *ENGINE_get_prev(ENGINE *e) { ENGINE *ret = NULL; @@ -296,7 +280,7 @@ int ENGINE_add(ENGINE *e) ENGINE_R_ID_OR_NAME_MISSING); } CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - if(!engine_internal_check() || !engine_list_add(e)) + if(!engine_list_add(e)) { ENGINEerr(ENGINE_F_ENGINE_ADD, ENGINE_R_INTERNAL_LIST_ERROR); @@ -317,7 +301,7 @@ int ENGINE_remove(ENGINE *e) return 0; } CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - if(!engine_internal_check() || !engine_list_remove(e)) + if(!engine_list_remove(e)) { ENGINEerr(ENGINE_F_ENGINE_REMOVE, ENGINE_R_INTERNAL_LIST_ERROR); @@ -327,9 +311,33 @@ int ENGINE_remove(ENGINE *e) return to_return; } +static void engine_cpy(ENGINE *dest, const ENGINE *src) + { + dest->id = src->id; + dest->name = src->name; +#ifndef OPENSSL_NO_RSA + dest->rsa_meth = src->rsa_meth; +#endif +#ifndef OPENSSL_NO_DSA + dest->dsa_meth = src->dsa_meth; +#endif +#ifndef OPENSSL_NO_DH + dest->dh_meth = src->dh_meth; +#endif + dest->rand_meth = src->rand_meth; + dest->destroy = src->destroy; + dest->init = src->init; + dest->finish = src->finish; + dest->ctrl = src->ctrl; + dest->load_privkey = src->load_privkey; + dest->load_pubkey = src->load_pubkey; + dest->cmd_defns = src->cmd_defns; + dest->flags = src->flags; + } + ENGINE *ENGINE_by_id(const char *id) { - ENGINE *iterator = NULL, *cp = NULL; + ENGINE *iterator; if(id == NULL) { ENGINEerr(ENGINE_F_ENGINE_BY_ID, @@ -337,36 +345,30 @@ ENGINE *ENGINE_by_id(const char *id) return NULL; } CRYPTO_r_lock(CRYPTO_LOCK_ENGINE); - if(!engine_internal_check()) - ENGINEerr(ENGINE_F_ENGINE_BY_ID, - ENGINE_R_INTERNAL_LIST_ERROR); - else + iterator = engine_list_head; + while(iterator && (strcmp(id, iterator->id) != 0)) + iterator = iterator->next; + if(iterator) { - iterator = engine_list_head; - while(iterator && (strcmp(id, iterator->id) != 0)) - iterator = iterator->next; - if(iterator) + /* We need to return a structural reference. If this is an + * ENGINE type that returns copies, make a duplicate - otherwise + * increment the existing ENGINE's reference count. */ + if(iterator->flags & ENGINE_FLAGS_BY_ID_COPY) { - /* We need to return a structural reference. If this is - * a "dynamic" ENGINE type, make a duplicate - otherwise - * increment the existing ENGINE's reference count. */ - if(iterator->flags & ENGINE_FLAGS_BY_ID_COPY) - { - cp = ENGINE_new(); - if(!cp) - iterator = NULL; - else - { - ENGINE_cpy(cp, iterator); - iterator = cp; - } - } + ENGINE *cp = ENGINE_new(); + if(!cp) + iterator = NULL; else { - iterator->struct_ref++; - engine_ref_debug(iterator, 0, 1) + engine_cpy(cp, iterator); + iterator = cp; } } + else + { + iterator->struct_ref++; + engine_ref_debug(iterator, 0, 1) + } } CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE); if(iterator == NULL) @@ -374,326 +376,3 @@ ENGINE *ENGINE_by_id(const char *id) ENGINE_R_NO_SUCH_ENGINE); return iterator; } - -ENGINE *ENGINE_new(void) - { - ENGINE *ret; - - ret = (ENGINE *)OPENSSL_malloc(sizeof(ENGINE)); - if(ret == NULL) - { - ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE); - return NULL; - } - memset(ret, 0, sizeof(ENGINE)); - ret->struct_ref = 1; - engine_ref_debug(ret, 0, 1) - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data); - return ret; - } - -static int ENGINE_free_util(ENGINE *e, int locked) - { - int i; - - if(e == NULL) - { - ENGINEerr(ENGINE_F_ENGINE_FREE, - ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if(locked) - i = CRYPTO_add(&e->struct_ref,-1,CRYPTO_LOCK_ENGINE); - else - i = --e->struct_ref; - engine_ref_debug(e, 0, -1) - if (i > 0) return 1; -#ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"ENGINE_free, bad structural reference count\n"); - abort(); - } -#endif - /* Give the ENGINE a chance to do any structural cleanup corresponding - * to allocation it did in its constructor (eg. unload error strings) */ - if(e->destroy) - e->destroy(e); - sk_ENGINE_EVP_CIPHER_pop_free(e->ciphers,ENGINE_free_engine_cipher); - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data); - OPENSSL_free(e); - return 1; - } - -int ENGINE_free(ENGINE *e) - { - return ENGINE_free_util(e, 1); - } - -int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) - { - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, argl, argp, - new_func, dup_func, free_func); - } - -int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg) - { - return(CRYPTO_set_ex_data(&e->ex_data, idx, arg)); - } - -void *ENGINE_get_ex_data(const ENGINE *e, int idx) - { - return(CRYPTO_get_ex_data(&e->ex_data, idx)); - } - -void ENGINE_cleanup(void) - { - ENGINE *iterator = engine_list_head; - - while(iterator != NULL) - { - ENGINE_remove(iterator); - iterator = engine_list_head; - } - engine_list_flag = 0; - /* Also unset any "default" ENGINEs that may have been set up (a default - * constitutes a functional reference on an ENGINE and there's one for - * each algorithm). */ - ENGINE_clear_defaults(); - return; - } - -int ENGINE_set_id(ENGINE *e, const char *id) - { - if(id == NULL) - { - ENGINEerr(ENGINE_F_ENGINE_SET_ID, - ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - e->id = id; - return 1; - } - -int ENGINE_set_name(ENGINE *e, const char *name) - { - if(name == NULL) - { - ENGINEerr(ENGINE_F_ENGINE_SET_NAME, - ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - e->name = name; - return 1; - } - -int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth) - { -#ifndef OPENSSL_NO_RSA - e->rsa_meth = rsa_meth; - return 1; -#else - return 0; -#endif - } - -int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth) - { -#ifndef OPENSSL_NO_DSA - e->dsa_meth = dsa_meth; - return 1; -#else - return 0; -#endif - } - -int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth) - { -#ifndef OPENSSL_NO_DH - e->dh_meth = dh_meth; - return 1; -#else - return 0; -#endif - } - -int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth) - { - e->rand_meth = rand_meth; - return 1; - } - -int ENGINE_set_BN_mod_exp(ENGINE *e, BN_MOD_EXP bn_mod_exp) - { - e->bn_mod_exp = bn_mod_exp; - return 1; - } - -int ENGINE_set_BN_mod_exp_crt(ENGINE *e, BN_MOD_EXP_CRT bn_mod_exp_crt) - { - e->bn_mod_exp_crt = bn_mod_exp_crt; - return 1; - } - -int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f) - { - e->destroy = destroy_f; - return 1; - } - -int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f) - { - e->init = init_f; - return 1; - } - -int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f) - { - e->finish = finish_f; - return 1; - } - -int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f) - { - e->ctrl = ctrl_f; - return 1; - } - -int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f) - { - e->load_privkey = loadpriv_f; - return 1; - } - -int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f) - { - e->load_pubkey = loadpub_f; - return 1; - } - -int ENGINE_set_flags(ENGINE *e, int flags) - { - e->flags = flags; - return 1; - } - -int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns) - { - e->cmd_defns = defns; - return 1; - } - -int ENGINE_cpy(ENGINE *dest, const ENGINE *src) - { - if(ENGINE_set_id(dest, ENGINE_get_id(src)) && - ENGINE_set_name(dest, ENGINE_get_name(src)) && -#ifndef OPENSSL_NO_RSA - ENGINE_set_RSA(dest, ENGINE_get_RSA(src)) && -#endif -#ifndef OPENSSL_NO_DSA - ENGINE_set_DSA(dest, ENGINE_get_DSA(src)) && -#endif -#ifndef OPENSSL_NO_DH - ENGINE_set_DH(dest, ENGINE_get_DH(src)) && -#endif - ENGINE_set_RAND(dest, ENGINE_get_RAND(src)) && - ENGINE_set_BN_mod_exp(dest, - ENGINE_get_BN_mod_exp(src)) && - ENGINE_set_BN_mod_exp_crt(dest, - ENGINE_get_BN_mod_exp_crt(src)) && - ENGINE_set_init_function(dest, - ENGINE_get_init_function(src)) && - ENGINE_set_finish_function(dest, - ENGINE_get_finish_function(src)) && - ENGINE_set_ctrl_function(dest, - ENGINE_get_ctrl_function(src)) && - ENGINE_set_load_privkey_function(dest, - ENGINE_get_load_privkey_function(src)) && - ENGINE_set_load_pubkey_function(dest, - ENGINE_get_load_pubkey_function(src)) && - ENGINE_set_flags(dest, ENGINE_get_flags(src)) && - ENGINE_set_cmd_defns(dest, ENGINE_get_cmd_defns(src))) - return 1; - return 0; - } - -const char *ENGINE_get_id(const ENGINE *e) - { - return e->id; - } - -const char *ENGINE_get_name(const ENGINE *e) - { - return e->name; - } - -const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e) - { - return e->rsa_meth; - } - -const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e) - { - return e->dsa_meth; - } - -const DH_METHOD *ENGINE_get_DH(const ENGINE *e) - { - return e->dh_meth; - } - -const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e) - { - return e->rand_meth; - } - -BN_MOD_EXP ENGINE_get_BN_mod_exp(const ENGINE *e) - { - return e->bn_mod_exp; - } - -BN_MOD_EXP_CRT ENGINE_get_BN_mod_exp_crt(const ENGINE *e) - { - return e->bn_mod_exp_crt; - } - -ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e) - { - return e->destroy; - } - -ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e) - { - return e->init; - } - -ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e) - { - return e->finish; - } - -ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e) - { - return e->ctrl; - } - -ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e) - { - return e->load_privkey; - } - -ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e) - { - return e->load_pubkey; - } - -int ENGINE_get_flags(const ENGINE *e) - { - return e->flags; - } - -const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e) - { - return e->cmd_defns; - } diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c index 7bf7b9d2b9..6def06582d 100644 --- a/crypto/engine/eng_openssl.c +++ b/crypto/engine/eng_openssl.c @@ -63,16 +63,9 @@ #include #include -/* This is the only function we need to implement as OpenSSL - * doesn't have a native CRT mod_exp. Perhaps this should be - * BN_mod_exp_crt and moved into crypto/bn/ ?? ... dunno. */ -static int openssl_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1, - const BIGNUM *iqmp, BN_CTX *ctx); - /* The constants used when creating the ENGINE */ static const char *engine_openssl_id = "openssl"; -static const char *engine_openssl_name = "Software default engine support"; +static const char *engine_openssl_name = "Software engine support"; /* As this is only ever called once, there's no need for locking * (indeed - the lock will already be held by our caller!!!) */ @@ -84,82 +77,18 @@ ENGINE *ENGINE_openssl(void) if(!ENGINE_set_id(ret, engine_openssl_id) || !ENGINE_set_name(ret, engine_openssl_name) || #ifndef OPENSSL_NO_RSA - !ENGINE_set_RSA(ret, RSA_get_default_openssl_method()) || + !ENGINE_set_RSA(ret, RSA_get_default_method()) || #endif #ifndef OPENSSL_NO_DSA - !ENGINE_set_DSA(ret, DSA_get_default_openssl_method()) || + !ENGINE_set_DSA(ret, DSA_get_default_method()) || #endif #ifndef OPENSSL_NO_DH - !ENGINE_set_DH(ret, DH_get_default_openssl_method()) || + !ENGINE_set_DH(ret, DH_get_default_method()) || #endif - !ENGINE_set_RAND(ret, RAND_SSLeay()) || - !ENGINE_set_BN_mod_exp(ret, BN_mod_exp) || - !ENGINE_set_BN_mod_exp_crt(ret, openssl_mod_exp_crt)) + !ENGINE_set_RAND(ret, RAND_SSLeay())) { ENGINE_free(ret); return NULL; } return ret; } - -/* Chinese Remainder Theorem, taken and adapted from rsa_eay.c */ -static int openssl_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *q, const BIGNUM *dmp1, - const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx) - { - BIGNUM r1,m1; - int ret=0; - BN_CTX *bn_ctx; - BIGNUM *temp_bn = NULL; - - if (ctx) - bn_ctx = ctx; - else - if ((bn_ctx=BN_CTX_new()) == NULL) goto err; - BN_init(&m1); - BN_init(&r1); - /* BN_mul() cannot accept const BIGNUMs so I use the BN_CTX - * to duplicate what I need. */ - BN_CTX_start(bn_ctx); - if ((temp_bn = BN_CTX_get(bn_ctx)) == NULL) goto err; - if (!BN_copy(temp_bn, iqmp)) goto err; - - if (!BN_mod(&r1, a, q, bn_ctx)) goto err; - if (!BN_mod_exp(&m1, &r1, dmq1, q, bn_ctx)) - goto err; - - if (!BN_mod(&r1, a, p, bn_ctx)) goto err; - if (!BN_mod_exp(r, &r1, dmp1, p, bn_ctx)) - goto err; - - if (!BN_sub(r, r, &m1)) goto err; - /* This will help stop the size of r0 increasing, which does - * affect the multiply if it optimised for a power of 2 size */ - if (r->neg) - if (!BN_add(r, r, p)) goto err; - - if (!BN_mul(&r1, r, temp_bn, bn_ctx)) goto err; - if (!BN_mod(r, &r1, p, bn_ctx)) goto err; - /* If p < q it is occasionally possible for the correction of - * adding 'p' if r is negative above to leave the result still - * negative. This can break the private key operations: the following - * second correction should *always* correct this rare occurrence. - * This will *never* happen with OpenSSL generated keys because - * they ensure p > q [steve] - */ - if (r->neg) - if (!BN_add(r, r, p)) goto err; - /* Again, BN_mul() will need non-const values. */ - if (!BN_copy(temp_bn, q)) goto err; - if (!BN_mul(&r1, r, temp_bn, bn_ctx)) goto err; - if (!BN_add(r, &r1, &m1)) goto err; - - ret=1; -err: - BN_clear_free(&m1); - BN_clear_free(&r1); - BN_CTX_end(ctx); - if (!ctx) - BN_CTX_free(bn_ctx); - return(ret); - } diff --git a/crypto/engine/eng_pkey.c b/crypto/engine/eng_pkey.c new file mode 100644 index 0000000000..8c69171511 --- /dev/null +++ b/crypto/engine/eng_pkey.c @@ -0,0 +1,157 @@ +/* crypto/engine/eng_pkey.c */ +/* ==================================================================== + * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include "cryptlib.h" +#include "eng_int.h" +#include + +/* Basic get/set stuff */ + +int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f) + { + e->load_privkey = loadpriv_f; + return 1; + } + +int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f) + { + e->load_pubkey = loadpub_f; + return 1; + } + +ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e) + { + return e->load_privkey; + } + +ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e) + { + return e->load_pubkey; + } + +/* API functions to load public/private keys */ + +EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, + UI_METHOD *ui_method, void *callback_data) + { + EVP_PKEY *pkey; + + if(e == NULL) + { + ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + if(e->funct_ref == 0) + { + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, + ENGINE_R_NOT_INITIALISED); + return 0; + } + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + if (!e->load_privkey) + { + ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, + ENGINE_R_NO_LOAD_FUNCTION); + return 0; + } + pkey = e->load_privkey(e, key_id, ui_method, callback_data); + if (!pkey) + { + ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, + ENGINE_R_FAILED_LOADING_PRIVATE_KEY); + return 0; + } + return pkey; + } + +EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, + UI_METHOD *ui_method, void *callback_data) + { + EVP_PKEY *pkey; + + if(e == NULL) + { + ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + if(e->funct_ref == 0) + { + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, + ENGINE_R_NOT_INITIALISED); + return 0; + } + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + if (!e->load_pubkey) + { + ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, + ENGINE_R_NO_LOAD_FUNCTION); + return 0; + } + pkey = e->load_pubkey(e, key_id, ui_method, callback_data); + if (!pkey) + { + ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, + ENGINE_R_FAILED_LOADING_PUBLIC_KEY); + return 0; + } + return pkey; + } diff --git a/crypto/engine/eng_table.c b/crypto/engine/eng_table.c new file mode 100644 index 0000000000..4192144565 --- /dev/null +++ b/crypto/engine/eng_table.c @@ -0,0 +1,361 @@ +/* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include "eng_int.h" + +/* This is the type of item in the 'implementation' table. Each 'nid' hashes to + * a (potentially NULL) ENGINE_PILE structure which contains a stack of ENGINE* + * pointers. These pointers aren't references, because they're inserted and + * removed during ENGINE creation and ENGINE destruction. They point to ENGINEs + * that *exist* (ie. have a structural reference count greater than zero) rather + * than ENGINEs that are *functional*. Each pointer in those stacks are to + * ENGINEs that implements the algorithm corresponding to each 'nid'. */ + +/* The type of the items in the table */ +typedef struct st_engine_pile + { + /* The 'nid' of the algorithm/mode this ENGINE_PILE structure represents + * */ + int nid; + /* A stack of ENGINE pointers for ENGINEs that support this + * algorithm/mode. In the event that 'funct' is NULL, the first entry in + * this stack that initialises will be set as 'funct' and assumed as the + * default for operations of this type. */ + STACK_OF(ENGINE) *sk; + /* The default ENGINE to perform this algorithm/mode. */ + ENGINE *funct; + /* This value optimises engine_table_select(). If it is called it sets + * this value to 1. Any changes to this ENGINE_PILE resets it to zero. + * As such, no ENGINE_init() thrashing is done unless ENGINEs + * continually register (and/or unregister). */ + int uptodate; + } ENGINE_PILE; + +/* The type of the hash table of ENGINE_PILE structures such that each are + * unique and keyed by the 'nid' value. */ +struct st_engine_table + { + LHASH piles; + }; /* ENGINE_TABLE */ + +/* This value stores global options controlling behaviour of (mostly) the + * engine_table_select() function. It's a bitmask of flag values of the form + * ENGINE_TABLE_FLAG_*** (as defined in engine.h) and is controlled by the + * ENGINE_[get|set]_table_flags() function. */ +static unsigned int table_flags = 0; + +/* API function manipulating 'table_flags' */ +unsigned int ENGINE_get_table_flags(void) + { + return table_flags; + } +void ENGINE_set_table_flags(unsigned int flags) + { + table_flags = flags; + } + +/* Internal functions for the "piles" hash table */ +static unsigned long engine_pile_hash(const ENGINE_PILE *c) + { + return c->nid; + } +static int engine_pile_cmp(const ENGINE_PILE *a, const ENGINE_PILE *b) + { + return a->nid - b->nid; + } +static IMPLEMENT_LHASH_HASH_FN(engine_pile_hash, const ENGINE_PILE *) +static IMPLEMENT_LHASH_COMP_FN(engine_pile_cmp, const ENGINE_PILE *) +static int int_table_check(ENGINE_TABLE **t, int create) + { + LHASH *lh; + if(*t) + return 1; + if(!create) + return 0; + if((lh = lh_new(LHASH_HASH_FN(engine_pile_hash), + LHASH_COMP_FN(engine_pile_cmp))) == NULL) + return 0; + *t = (ENGINE_TABLE *)lh; + return 1; + } + +/* Privately exposed (via eng_int.h) functions for adding and/or removing + * ENGINEs from the implementation table */ +int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB cleanup, + ENGINE *e, const int *nids, int num_nids, int setdefault) + { + int ret = 0, added = 0; + ENGINE_PILE tmplate, *fnd; + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + if(!(*table)) + added = 1; + if(!int_table_check(table, 1)) + goto end; + if(added) + /* The cleanup callback needs to be added */ + engine_cleanup_add_first(cleanup); + while(num_nids--) + { + tmplate.nid = *nids; + fnd = lh_retrieve(&(*table)->piles, &tmplate); + if(!fnd) + { + fnd = OPENSSL_malloc(sizeof(ENGINE_PILE)); + if(!fnd) + goto end; + fnd->uptodate = 1; + fnd->nid = *nids; + fnd->sk = sk_ENGINE_new_null(); + if(!fnd->sk) + { + OPENSSL_free(fnd); + goto end; + } + fnd->funct= NULL; + lh_insert(&(*table)->piles, fnd); + } + /* A registration shouldn't add duplciate entries */ + sk_ENGINE_delete_ptr(fnd->sk, e); + /* if 'setdefault', this ENGINE goes to the head of the list */ + if(!sk_ENGINE_push(fnd->sk, e)) + goto end; + /* "touch" this ENGINE_PILE */ + fnd->uptodate = 0; + if(setdefault) + { + if(!engine_unlocked_init(e)) + { + ENGINEerr(ENGINE_F_ENGINE_TABLE_REGISTER, + ENGINE_R_INIT_FAILED); + goto end; + } + if(fnd->funct) + engine_unlocked_finish(fnd->funct, 0); + fnd->funct = e; + } + nids++; + } + ret = 1; +end: + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + return ret; + } +static void int_unregister_cb(ENGINE_PILE *pile, ENGINE *e) + { + int n; + /* Iterate the 'c->sk' stack removing any occurance of 'e' */ + while((n = sk_ENGINE_find(pile->sk, e)) >= 0) + { + sk_ENGINE_delete(pile->sk, n); + /* "touch" this ENGINE_CIPHER */ + pile->uptodate = 0; + } + if(pile->funct == e) + { + engine_unlocked_finish(e, 0); + pile->funct = NULL; + } + } +static IMPLEMENT_LHASH_DOALL_ARG_FN(int_unregister_cb,ENGINE_PILE *,ENGINE *) +void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e) + { + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + if(int_table_check(table, 0)) + lh_doall_arg(&(*table)->piles, + LHASH_DOALL_ARG_FN(int_unregister_cb), e); + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + } + +static void int_cleanup_cb(ENGINE_PILE *p) + { + sk_ENGINE_free(p->sk); + if(p->funct) + engine_unlocked_finish(p->funct, 0); + OPENSSL_free(p); + } +static IMPLEMENT_LHASH_DOALL_FN(int_cleanup_cb,ENGINE_PILE *) +void engine_table_cleanup(ENGINE_TABLE **table) + { + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + if(*table) + { + lh_doall(&(*table)->piles, LHASH_DOALL_FN(int_cleanup_cb)); + lh_free(&(*table)->piles); + *table = NULL; + } + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + } + +/* Exposed API function to get a functional reference from the implementation + * table (ie. try to get a functional reference from the tabled structural + * references) for a given cipher 'nid' */ +#ifndef ENGINE_TABLE_DEBUG +ENGINE *engine_table_select(ENGINE_TABLE **table, int nid) +#else +ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, int l) +#endif + { + ENGINE *ret = NULL; + ENGINE_PILE tmplate, *fnd; + int initres, loop = 0; + + /* If 'engine_ciphers' is NULL, then it's absolutely *sure* that no + * ENGINEs have registered any implementations! */ + if(!(*table)) + { +#ifdef ENGINE_TABLE_DEBUG + fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, no " + "registered for anything!\n", f, l, nid); +#endif + return NULL; + } + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + /* Check again inside the lock otherwise we could race against cleanup + * operations. But don't worry about a fprintf(stderr). */ + if(!int_table_check(table, 0)) + goto end; + tmplate.nid = nid; + fnd = lh_retrieve(&(*table)->piles, &tmplate); + if(!fnd) + goto end; + if(fnd->funct && engine_unlocked_init(fnd->funct)) + { +#ifdef ENGINE_TABLE_DEBUG + fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using " + "ENGINE '%s' cached\n", f, l, nid, fnd->funct->id); +#endif + ret = fnd->funct; + goto end; + } + if(fnd->uptodate) + { + ret = fnd->funct; + goto end; + } +trynext: + ret = sk_ENGINE_value(fnd->sk, loop++); + if(!ret) + { +#ifdef ENGINE_TABLE_DEBUG + fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, no " + "registered implementations would initialise\n", + f, l, nid); +#endif + goto end; + } +#if 0 + /* Don't need to get a reference if we hold the lock. If the locking has + * to change in future, that would be different ... */ + ret->struct_ref++; engine_ref_debug(ret, 0, 1) +#endif + /* Try and initialise the ENGINE if it's already functional *or* if the + * ENGINE_TABLE_FLAG_NOINIT flag is not set. */ + if((ret->funct_ref > 0) || !(table_flags & ENGINE_TABLE_FLAG_NOINIT)) + initres = engine_unlocked_init(ret); + else + initres = 0; +#if 0 + /* Release the structural reference */ + ret->struct_ref--; engine_ref_debug(ret, 0, -1); +#endif + if(initres) + { + /* If we didn't have a default (functional reference) for this + * 'nid' (or we had one but for whatever reason we're now + * initialising a different one), use this opportunity to set + * 'funct'. */ + if((fnd->funct != ret) && engine_unlocked_init(ret)) + { + /* If there was a previous default we release it. */ + if(fnd->funct) + engine_unlocked_finish(fnd->funct, 0); + /* We got an extra functional reference for the + * per-'nid' default */ + fnd->funct = ret; +#ifdef ENGINE_TABLE_DEBUG + fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, " + "setting default to '%s'\n", f, l, nid, ret->id); +#endif + } +#ifdef ENGINE_TABLE_DEBUG + fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using " + "newly initialised '%s'\n", f, l, nid, ret->id); +#endif + goto end; + } + goto trynext; +end: + /* Whatever happened - we should "untouch" our uptodate file seeing as + * we have tried our best to find a functional reference for 'nid'. If + * it failed, it is unlikely to succeed again until some future + * registrations (or unregistrations) have taken place that affect that + * 'nid'. */ + if(fnd) + fnd->uptodate = 1; +#ifdef ENGINE_TABLE_DEBUG + if(ret) + fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching " + "ENGINE '%s'\n", f, l, nid, ret->id); + else + fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching " + "'no matching ENGINE'\n", f, l, nid); +#endif + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + /* Whatever happened, any failed init()s are not failures in this + * context, so clear our error state. */ + ERR_clear_error(); + return ret; + } diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h index 07d3810d94..cf59451fda 100644 --- a/crypto/engine/engine.h +++ b/crypto/engine/engine.h @@ -102,6 +102,12 @@ typedef void DH_METHOD; #define ENGINE_METHOD_ALL (unsigned int)0xFFFF #define ENGINE_METHOD_NONE (unsigned int)0x0000 +/* This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used + * internally to control registration of ENGINE implementations, and can be set + * by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to + * initialise registered ENGINEs if they are not already initialised. */ +#define ENGINE_TABLE_FLAG_NOINIT (unsigned int)0x0001 + /* ENGINE flags that can be set by ENGINE_set_flags(). */ /* #define ENGINE_FLAGS_MALLOCED 0x0001 */ /* Not used */ @@ -244,21 +250,6 @@ typedef struct ENGINE_CMD_DEFN_st unsigned int cmd_flags; /* The input the command expects */ } ENGINE_CMD_DEFN; -/* As we're missing a BIGNUM_METHOD, we need a couple of locally - * defined function types that engines can implement. */ - -/* mod_exp operation, calculates; r = a ^ p mod m - * NB: ctx can be NULL, but if supplied, the implementation may use - * it if it wishes. */ -typedef int (*BN_MOD_EXP)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx); - -/* private key operation for RSA, provided seperately in case other - * RSA implementations wish to use it. */ -typedef int (*BN_MOD_EXP_CRT)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1, - const BIGNUM *iqmp, BN_CTX *ctx); - /* Generic function pointer */ typedef int (*ENGINE_GEN_FUNC_PTR)(); /* Generic function pointer taking no arguments */ @@ -291,8 +282,9 @@ int ENGINE_add(ENGINE *e); int ENGINE_remove(ENGINE *e); /* Retrieve an engine from the list by its unique "id" value. */ ENGINE *ENGINE_by_id(const char *id); -/* Add all the built-in engines. By default, only the OpenSSL software - engine is loaded */ +/* Add all the built-in engines. */ +void ENGINE_load_openssl(void); +void ENGINE_load_dynamic(void); void ENGINE_load_cswift(void); void ENGINE_load_chil(void); void ENGINE_load_atalla(void); @@ -301,8 +293,41 @@ void ENGINE_load_ubsec(void); void ENGINE_load_openbsd_dev_crypto(void); void ENGINE_load_builtin_engines(void); -/* Load all the currently known ciphers from all engines */ -void ENGINE_load_ciphers(void); +/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation + * "registry" handling. */ +unsigned int ENGINE_get_table_flags(void); +void ENGINE_set_table_flags(unsigned int flags); + +/* Manage registration of ENGINEs per "table". For each type, there are 3 + * functions; + * ENGINE_register_***(e) - registers the implementation from 'e' (if it has one) + * ENGINE_unregister_***(e) - unregister the implementation from 'e' + * ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list + * Cleanup is automatically registered from each table when required, so + * ENGINE_cleanup() will reverse any "register" operations. */ + +int ENGINE_register_RSA(ENGINE *e); +void ENGINE_unregister_RSA(ENGINE *e); +void ENGINE_register_all_RSA(void); + +int ENGINE_register_DSA(ENGINE *e); +void ENGINE_unregister_DSA(ENGINE *e); +void ENGINE_register_all_DSA(void); + +int ENGINE_register_DH(ENGINE *e); +void ENGINE_unregister_DH(ENGINE *e); +void ENGINE_register_all_DH(void); + +int ENGINE_register_RAND(ENGINE *e); +void ENGINE_unregister_RAND(ENGINE *e); +void ENGINE_register_all_RAND(void); + +/* These functions register all support from the above categories. Note, use of + * these functions can result in static linkage of code your application may not + * need. If you only need a subset of functionality, consider using more + * selective initialisation. */ +int ENGINE_register_complete(ENGINE *e); +int ENGINE_register_all_complete(void); /* Send parametrised control commands to the engine. The possibilities to send * down an integer, a pointer to data or a function pointer are provided. Any of @@ -362,8 +387,6 @@ int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); -int ENGINE_set_BN_mod_exp(ENGINE *e, BN_MOD_EXP bn_mod_exp); -int ENGINE_set_BN_mod_exp_crt(ENGINE *e, BN_MOD_EXP_CRT bn_mod_exp_crt); int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); @@ -373,20 +396,16 @@ int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f); int ENGINE_set_flags(ENGINE *e, int flags); int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); int ENGINE_add_cipher(ENGINE *e,const EVP_CIPHER *c); -/* Copies across all ENGINE methods and pointers. NB: This does *not* change - * reference counts however. */ -int ENGINE_cpy(ENGINE *dest, const ENGINE *src); /* These functions (and the "get" function lower down) allow control over any * per-structure ENGINE data. */ int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg); -/* Cleans the internal engine list. This should only be used when the - * application is about to exit or restart operation (the next operation - * requiring the ENGINE list will re-initialise it with defaults). NB: Dynamic - * ENGINEs will only truly unload (including any allocated data or loaded - * shared-libraries) if all remaining references are released too - so keys, - * certificates, etc all need to be released for an in-use ENGINE to unload. */ + +/* This function cleans up anything that needs it. Eg. the ENGINE_add() function + * automatically ensures the list cleanup function is registered to be called + * from ENGINE_cleanup(). Similarly, all ENGINE_register_*** functions ensure + * ENGINE_cleanup() will clean up after them. */ void ENGINE_cleanup(void); /* These return values from within the ENGINE structure. These can be useful @@ -399,10 +418,6 @@ const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e); const DH_METHOD *ENGINE_get_DH(const ENGINE *e); const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); -int ENGINE_cipher_num(const ENGINE *e); -const EVP_CIPHER *ENGINE_get_cipher(const ENGINE *e, int n); -BN_MOD_EXP ENGINE_get_BN_mod_exp(const ENGINE *e); -BN_MOD_EXP_CRT ENGINE_get_BN_mod_exp_crt(const ENGINE *e); ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e); ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e); ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); @@ -451,8 +466,6 @@ ENGINE *ENGINE_get_default_RSA(void); ENGINE *ENGINE_get_default_DSA(void); ENGINE *ENGINE_get_default_DH(void); ENGINE *ENGINE_get_default_RAND(void); -ENGINE *ENGINE_get_default_BN_mod_exp(void); -ENGINE *ENGINE_get_default_BN_mod_exp_crt(void); /* This sets a new default ENGINE structure for performing RSA * operations. If the result is non-zero (success) then the ENGINE @@ -463,25 +476,16 @@ int ENGINE_set_default_RSA(ENGINE *e); int ENGINE_set_default_DSA(ENGINE *e); int ENGINE_set_default_DH(ENGINE *e); int ENGINE_set_default_RAND(ENGINE *e); -int ENGINE_set_default_BN_mod_exp(ENGINE *e); -int ENGINE_set_default_BN_mod_exp_crt(ENGINE *e); /* The combination "set" - the flags are bitwise "OR"d from the - * ENGINE_METHOD_*** defines above. */ + * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()" + * function, this function can result in unnecessary static linkage. If your + * application requires only specific functionality, consider using more + * selective functions. */ int ENGINE_set_default(ENGINE *e, unsigned int flags); -/* This function resets all the internal "default" ENGINEs (there's one for each - * of the various algorithms) to NULL, releasing any references as appropriate. - * This function is called as part of the ENGINE_cleanup() function, so there's - * no need to call both (although no harm is done). */ -int ENGINE_clear_defaults(void); - -/* Instruct an engine to load any EVP ciphers it knows of */ -/* XXX make this work via defaults? */ -void ENGINE_load_engine_ciphers(ENGINE *e); -/* Get a particular cipher from a particular engine - NULL if the engine - * doesn't have it */ -const EVP_CIPHER *ENGINE_get_cipher_by_name(ENGINE *e,const char *name); +/* Deprecated functions ... */ +/* int ENGINE_clear_defaults(void); */ /**************************/ /* DYNAMIC ENGINE SUPPORT */ @@ -613,6 +617,7 @@ void ERR_load_ENGINE_strings(void); #define ENGINE_F_ENGINE_SET_DEFAULT_TYPE 126 #define ENGINE_F_ENGINE_SET_ID 129 #define ENGINE_F_ENGINE_SET_NAME 130 +#define ENGINE_F_ENGINE_TABLE_REGISTER 184 #define ENGINE_F_ENGINE_UNLOAD_KEY 152 #define ENGINE_F_INT_CTRL_HELPER 172 #define ENGINE_F_LOG_MESSAGE 141 diff --git a/crypto/engine/enginetest.c b/crypto/engine/enginetest.c index 01c3a9f5fe..598cb31a6f 100644 --- a/crypto/engine/enginetest.c +++ b/crypto/engine/enginetest.c @@ -161,12 +161,7 @@ int main(int argc, char *argv[]) } else printf("Remove that should fail did.\n"); - if(!ENGINE_remove(new_h1)) - { - printf("Remove failed!\n"); - goto end; - } - display_engine_list(); + ERR_clear_error(); if(!ENGINE_remove(new_h3)) { printf("Remove failed!\n"); diff --git a/crypto/engine/hw_atalla.c b/crypto/engine/hw_atalla.c index 89149e1109..030d5a908c 100644 --- a/crypto/engine/hw_atalla.c +++ b/crypto/engine/hw_atalla.c @@ -258,7 +258,6 @@ static int bind_helper(ENGINE *e) #ifndef OPENSSL_NO_DH !ENGINE_set_DH(e, &atalla_dh) || #endif - !ENGINE_set_BN_mod_exp(e, atalla_mod_exp) || !ENGINE_set_destroy_function(e, atalla_destroy) || !ENGINE_set_init_function(e, atalla_init) || !ENGINE_set_finish_function(e, atalla_finish) || @@ -302,9 +301,7 @@ static int bind_helper(ENGINE *e) return 1; } -/* As this is only ever called once, there's no need for locking - * (indeed - the lock will already be held by our caller!!!) */ -ENGINE *ENGINE_atalla(void) +static ENGINE *engine_atalla(void) { ENGINE *ret = ENGINE_new(); if(!ret) @@ -317,6 +314,16 @@ ENGINE *ENGINE_atalla(void) return ret; } +void ENGINE_load_atalla(void) + { + /* Copied from eng_[openssl|dyn].c */ + ENGINE *toadd = engine_atalla(); + if(!toadd) return; + ENGINE_add(toadd); + ENGINE_free(toadd); + ERR_clear_error(); + } + /* This is a process-global DSO handle used for loading and unloading * the Atalla library. NB: This is only set (or unset) during an * init() or finish() call (reference counts permitting) and they're diff --git a/crypto/engine/hw_cswift.c b/crypto/engine/hw_cswift.c index 4abc819ee1..d32a832be5 100644 --- a/crypto/engine/hw_cswift.c +++ b/crypto/engine/hw_cswift.c @@ -276,8 +276,6 @@ static int bind_helper(ENGINE *e) #ifndef OPENSSL_NO_DH !ENGINE_set_DH(e, &cswift_dh) || #endif - !ENGINE_set_BN_mod_exp(e, &cswift_mod_exp) || - !ENGINE_set_BN_mod_exp_crt(e, &cswift_mod_exp_crt) || !ENGINE_set_destroy_function(e, cswift_destroy) || !ENGINE_set_init_function(e, cswift_init) || !ENGINE_set_finish_function(e, cswift_finish) || @@ -312,9 +310,7 @@ static int bind_helper(ENGINE *e) return 1; } -/* As this is only ever called once, there's no need for locking - * (indeed - the lock will already be held by our caller!!!) */ -ENGINE *ENGINE_cswift(void) +static ENGINE *engine_cswift(void) { ENGINE *ret = ENGINE_new(); if(!ret) @@ -327,6 +323,16 @@ ENGINE *ENGINE_cswift(void) return ret; } +void ENGINE_load_cswift(void) + { + /* Copied from eng_[openssl|dyn].c */ + ENGINE *toadd = engine_cswift(); + if(!toadd) return; + ENGINE_add(toadd); + ENGINE_free(toadd); + ERR_clear_error(); + } + /* This is a process-global DSO handle used for loading and unloading * the CryptoSwift library. NB: This is only set (or unset) during an * init() or finish() call (reference counts permitting) and they're diff --git a/crypto/engine/hw_ncipher.c b/crypto/engine/hw_ncipher.c index 408db08b98..da52912462 100644 --- a/crypto/engine/hw_ncipher.c +++ b/crypto/engine/hw_ncipher.c @@ -417,7 +417,6 @@ static int bind_helper(ENGINE *e) !ENGINE_set_DH(e, &hwcrhk_dh) || #endif !ENGINE_set_RAND(e, &hwcrhk_rand) || - !ENGINE_set_BN_mod_exp(e, hwcrhk_mod_exp) || !ENGINE_set_destroy_function(e, hwcrhk_destroy) || !ENGINE_set_init_function(e, hwcrhk_init) || !ENGINE_set_finish_function(e, hwcrhk_finish) || @@ -454,9 +453,7 @@ static int bind_helper(ENGINE *e) return 1; } -/* As this is only ever called once, there's no need for locking - * (indeed - the lock will already be held by our caller!!!) */ -ENGINE *ENGINE_ncipher(void) +static ENGINE *engine_ncipher(void) { ENGINE *ret = ENGINE_new(); if(!ret) @@ -469,6 +466,16 @@ ENGINE *ENGINE_ncipher(void) return ret; } +void ENGINE_load_chil(void) + { + /* Copied from eng_[openssl|dyn].c */ + ENGINE *toadd = engine_ncipher(); + if(!toadd) return; + ENGINE_add(toadd); + ENGINE_free(toadd); + ERR_clear_error(); + } + /* This is a process-global DSO handle used for loading and unloading * the HWCryptoHook library. NB: This is only set (or unset) during an * init() or finish() call (reference counts permitting) and they're diff --git a/crypto/engine/hw_nuron.c b/crypto/engine/hw_nuron.c index a7925e8f72..784c1a41f2 100644 --- a/crypto/engine/hw_nuron.c +++ b/crypto/engine/hw_nuron.c @@ -368,7 +368,6 @@ static int bind_helper(ENGINE *e) #ifndef OPENSSL_NO_DH !ENGINE_set_DH(e, &nuron_dh) || #endif - !ENGINE_set_BN_mod_exp(e, nuron_mod_exp) || !ENGINE_set_destroy_function(e, nuron_destroy) || !ENGINE_set_init_function(e, nuron_init) || !ENGINE_set_finish_function(e, nuron_finish) || @@ -412,9 +411,7 @@ static int bind_helper(ENGINE *e) return 1; } -/* As this is only ever called once, there's no need for locking - * (indeed - the lock will already be held by our caller!!!) */ -ENGINE *ENGINE_nuron(void) +static ENGINE *engine_nuron(void) { ENGINE *ret = ENGINE_new(); if(!ret) @@ -427,6 +424,16 @@ ENGINE *ENGINE_nuron(void) return ret; } +void ENGINE_load_nuron(void) + { + /* Copied from eng_[openssl|dyn].c */ + ENGINE *toadd = engine_nuron(); + if(!toadd) return; + ENGINE_add(toadd); + ENGINE_free(toadd); + ERR_clear_error(); + } + /* This stuff is needed if this ENGINE is being compiled into a self-contained * shared-library. */ #ifdef ENGINE_DYNAMIC_SUPPORT diff --git a/crypto/engine/hw_ubsec.c b/crypto/engine/hw_ubsec.c index 0ed7f9b541..b2c60bcd50 100644 --- a/crypto/engine/hw_ubsec.c +++ b/crypto/engine/hw_ubsec.c @@ -272,8 +272,6 @@ static int bind_helper(ENGINE *e) #ifndef OPENSSL_NO_DH !ENGINE_set_DH(e, &ubsec_dh) || #endif - !ENGINE_set_BN_mod_exp(e, ubsec_mod_exp) || - !ENGINE_set_BN_mod_exp_crt(e, ubsec_mod_exp_crt) || !ENGINE_set_destroy_function(e, ubsec_destroy) || !ENGINE_set_init_function(e, ubsec_init) || !ENGINE_set_finish_function(e, ubsec_finish) || @@ -310,9 +308,7 @@ static int bind_helper(ENGINE *e) return 1; } -/* As this is only ever called once, there's no need for locking - * (indeed - the lock will already be held by our caller!!!) */ -ENGINE *ENGINE_ubsec(void) +static ENGINE *engine_ubsec(void) { ENGINE *ret = ENGINE_new(); if(!ret) @@ -325,6 +321,16 @@ ENGINE *ENGINE_ubsec(void) return ret; } +void ENGINE_load_ubsec(void) + { + /* Copied from eng_[openssl|dyn].c */ + ENGINE *toadd = engine_ubsec(); + if(!toadd) return; + ENGINE_add(toadd); + ENGINE_free(toadd); + ERR_clear_error(); + } + /* This is a process-global DSO handle used for loading and unloading * the UBSEC library. NB: This is only set (or unset) during an * init() or finish() call (reference counts permitting) and they're diff --git a/crypto/engine/tb_dh.c b/crypto/engine/tb_dh.c new file mode 100644 index 0000000000..977f9b9c39 --- /dev/null +++ b/crypto/engine/tb_dh.c @@ -0,0 +1,120 @@ +/* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include "eng_int.h" + +/* If this symbol is defined then ENGINE_get_default_DH(), the function that is + * used by DH to hook in implementation code and cache defaults (etc), will + * display brief debugging summaries to stderr with the 'nid'. */ +/* #define ENGINE_DH_DEBUG */ + +static ENGINE_TABLE *dh_table = NULL; +static const int dummy_nid = 1; + +void ENGINE_unregister_DH(ENGINE *e) + { + engine_table_unregister(&dh_table, e); + } + +static void engine_unregister_all_DH() + { + engine_table_cleanup(&dh_table); + } + +int ENGINE_register_DH(ENGINE *e) + { + if(e->dh_meth) + return engine_table_register(&dh_table, + &engine_unregister_all_DH, e, &dummy_nid, 1, 0); + return 1; + } + +void ENGINE_register_all_DH() + { + ENGINE *e; + + for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) + ENGINE_register_DH(e); + } + +int ENGINE_set_default_DH(ENGINE *e) + { + if(e->dh_meth) + return engine_table_register(&dh_table, + &engine_unregister_all_DH, e, &dummy_nid, 1, 1); + return 1; + } + +/* Exposed API function to get a functional reference from the implementation + * table (ie. try to get a functional reference from the tabled structural + * references). */ +ENGINE *ENGINE_get_default_DH(void) + { + return engine_table_select(&dh_table, dummy_nid); + } + +/* Obtains an DH implementation from an ENGINE functional reference */ +const DH_METHOD *ENGINE_get_DH(const ENGINE *e) + { + return e->dh_meth; + } + +/* Sets an DH implementation in an ENGINE structure */ +int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth) + { + e->dh_meth = dh_meth; + return 1; + } diff --git a/crypto/engine/tb_dsa.c b/crypto/engine/tb_dsa.c new file mode 100644 index 0000000000..1f6d035196 --- /dev/null +++ b/crypto/engine/tb_dsa.c @@ -0,0 +1,120 @@ +/* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include "eng_int.h" + +/* If this symbol is defined then ENGINE_get_default_DSA(), the function that is + * used by DSA to hook in implementation code and cache defaults (etc), will + * display brief debugging summaries to stderr with the 'nid'. */ +/* #define ENGINE_DSA_DEBUG */ + +static ENGINE_TABLE *dsa_table = NULL; +static const int dummy_nid = 1; + +void ENGINE_unregister_DSA(ENGINE *e) + { + engine_table_unregister(&dsa_table, e); + } + +static void engine_unregister_all_DSA() + { + engine_table_cleanup(&dsa_table); + } + +int ENGINE_register_DSA(ENGINE *e) + { + if(e->dsa_meth) + return engine_table_register(&dsa_table, + &engine_unregister_all_DSA, e, &dummy_nid, 1, 0); + return 1; + } + +void ENGINE_register_all_DSA() + { + ENGINE *e; + + for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) + ENGINE_register_DSA(e); + } + +int ENGINE_set_default_DSA(ENGINE *e) + { + if(e->dsa_meth) + return engine_table_register(&dsa_table, + &engine_unregister_all_DSA, e, &dummy_nid, 1, 0); + return 1; + } + +/* Exposed API function to get a functional reference from the implementation + * table (ie. try to get a functional reference from the tabled structural + * references). */ +ENGINE *ENGINE_get_default_DSA(void) + { + return engine_table_select(&dsa_table, dummy_nid); + } + +/* Obtains an DSA implementation from an ENGINE functional reference */ +const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e) + { + return e->dsa_meth; + } + +/* Sets an DSA implementation in an ENGINE structure */ +int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth) + { + e->dsa_meth = dsa_meth; + return 1; + } diff --git a/crypto/engine/tb_rand.c b/crypto/engine/tb_rand.c new file mode 100644 index 0000000000..827e104b27 --- /dev/null +++ b/crypto/engine/tb_rand.c @@ -0,0 +1,120 @@ +/* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include "eng_int.h" + +/* If this symbol is defined then ENGINE_get_default_RAND(), the function that is + * used by RAND to hook in implementation code and cache defaults (etc), will + * display brief debugging summaries to stderr with the 'nid'. */ +/* #define ENGINE_RAND_DEBUG */ + +static ENGINE_TABLE *rand_table = NULL; +static const int dummy_nid = 1; + +void ENGINE_unregister_RAND(ENGINE *e) + { + engine_table_unregister(&rand_table, e); + } + +static void engine_unregister_all_RAND() + { + engine_table_cleanup(&rand_table); + } + +int ENGINE_register_RAND(ENGINE *e) + { + if(e->rand_meth) + return engine_table_register(&rand_table, + &engine_unregister_all_RAND, e, &dummy_nid, 1, 0); + return 1; + } + +void ENGINE_register_all_RAND() + { + ENGINE *e; + + for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) + ENGINE_register_RAND(e); + } + +int ENGINE_set_default_RAND(ENGINE *e) + { + if(e->rand_meth) + return engine_table_register(&rand_table, + &engine_unregister_all_RAND, e, &dummy_nid, 1, 1); + return 1; + } + +/* Exposed API function to get a functional reference from the implementation + * table (ie. try to get a functional reference from the tabled structural + * references). */ +ENGINE *ENGINE_get_default_RAND(void) + { + return engine_table_select(&rand_table, dummy_nid); + } + +/* Obtains an RAND implementation from an ENGINE functional reference */ +const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e) + { + return e->rand_meth; + } + +/* Sets an RAND implementation in an ENGINE structure */ +int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth) + { + e->rand_meth = rand_meth; + return 1; + } diff --git a/crypto/engine/tb_rsa.c b/crypto/engine/tb_rsa.c new file mode 100644 index 0000000000..85049e8ae4 --- /dev/null +++ b/crypto/engine/tb_rsa.c @@ -0,0 +1,120 @@ +/* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include "eng_int.h" + +/* If this symbol is defined then ENGINE_get_default_RSA(), the function that is + * used by RSA to hook in implementation code and cache defaults (etc), will + * display brief debugging summaries to stderr with the 'nid'. */ +/* #define ENGINE_RSA_DEBUG */ + +static ENGINE_TABLE *rsa_table = NULL; +static const int dummy_nid = 1; + +void ENGINE_unregister_RSA(ENGINE *e) + { + engine_table_unregister(&rsa_table, e); + } + +static void engine_unregister_all_RSA() + { + engine_table_cleanup(&rsa_table); + } + +int ENGINE_register_RSA(ENGINE *e) + { + if(e->rsa_meth) + return engine_table_register(&rsa_table, + &engine_unregister_all_RSA, e, &dummy_nid, 1, 0); + return 1; + } + +void ENGINE_register_all_RSA() + { + ENGINE *e; + + for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) + ENGINE_register_RSA(e); + } + +int ENGINE_set_default_RSA(ENGINE *e) + { + if(e->rsa_meth) + return engine_table_register(&rsa_table, + &engine_unregister_all_RSA, e, &dummy_nid, 1, 1); + return 1; + } + +/* Exposed API function to get a functional reference from the implementation + * table (ie. try to get a functional reference from the tabled structural + * references). */ +ENGINE *ENGINE_get_default_RSA(void) + { + return engine_table_select(&rsa_table, dummy_nid); + } + +/* Obtains an RSA implementation from an ENGINE functional reference */ +const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e) + { + return e->rsa_meth; + } + +/* Sets an RSA implementation in an ENGINE structure */ +int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth) + { + e->rsa_meth = rsa_meth; + return 1; + } -- 2.25.1