aboutsummaryrefslogtreecommitdiff
path: root/openssl/crypto/engine
diff options
context:
space:
mode:
Diffstat (limited to 'openssl/crypto/engine')
-rw-r--r--openssl/crypto/engine/Makefile18
-rw-r--r--openssl/crypto/engine/eng_all.c131
-rw-r--r--openssl/crypto/engine/eng_cnf.c331
-rw-r--r--openssl/crypto/engine/eng_cryptodev.c2272
-rw-r--r--openssl/crypto/engine/eng_ctrl.c620
-rw-r--r--openssl/crypto/engine/eng_dyn.c920
-rw-r--r--openssl/crypto/engine/eng_err.c206
-rw-r--r--openssl/crypto/engine/eng_fat.c175
-rw-r--r--openssl/crypto/engine/eng_init.c171
-rw-r--r--openssl/crypto/engine/eng_int.h220
-rw-r--r--openssl/crypto/engine/eng_lib.c427
-rw-r--r--openssl/crypto/engine/eng_list.c618
-rw-r--r--openssl/crypto/engine/eng_openssl.c494
-rw-r--r--openssl/crypto/engine/eng_pkey.c226
-rw-r--r--openssl/crypto/engine/eng_rdrand.c142
-rw-r--r--openssl/crypto/engine/eng_rsax.c863
-rw-r--r--openssl/crypto/engine/eng_table.c473
-rw-r--r--openssl/crypto/engine/engine.h1162
-rw-r--r--openssl/crypto/engine/enginetest.c406
-rw-r--r--openssl/crypto/engine/tb_asnmth.c302
-rw-r--r--openssl/crypto/engine/tb_cipher.c124
-rw-r--r--openssl/crypto/engine/tb_dh.c84
-rw-r--r--openssl/crypto/engine/tb_digest.c124
-rw-r--r--openssl/crypto/engine/tb_dsa.c84
-rw-r--r--openssl/crypto/engine/tb_ecdh.c84
-rw-r--r--openssl/crypto/engine/tb_ecdsa.c84
-rw-r--r--openssl/crypto/engine/tb_pkmeth.c161
-rw-r--r--openssl/crypto/engine/tb_rand.c84
-rw-r--r--openssl/crypto/engine/tb_rsa.c84
-rw-r--r--openssl/crypto/engine/tb_store.c84
30 files changed, 5726 insertions, 5448 deletions
diff --git a/openssl/crypto/engine/Makefile b/openssl/crypto/engine/Makefile
index d29bdd09a..2ee6c7236 100644
--- a/openssl/crypto/engine/Makefile
+++ b/openssl/crypto/engine/Makefile
@@ -22,13 +22,13 @@ LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \
tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \
tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c \
eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c \
- eng_rsax.c eng_rdrand.c
+ eng_rdrand.c
LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \
eng_table.o eng_pkey.o eng_fat.o eng_all.o \
tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \
tb_cipher.o tb_digest.o tb_pkmeth.o tb_asnmth.o \
eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o \
- eng_rsax.o eng_rdrand.o
+ eng_rdrand.o
SRC= $(LIBSRC)
@@ -265,20 +265,6 @@ eng_rdrand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
eng_rdrand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
eng_rdrand.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
eng_rdrand.o: eng_rdrand.c
-eng_rsax.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-eng_rsax.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-eng_rsax.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-eng_rsax.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-eng_rsax.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-eng_rsax.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-eng_rsax.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-eng_rsax.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-eng_rsax.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-eng_rsax.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-eng_rsax.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-eng_rsax.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-eng_rsax.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-eng_rsax.o: eng_rsax.c
eng_table.o: ../../e_os.h ../../include/openssl/asn1.h
eng_table.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
eng_table.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
diff --git a/openssl/crypto/engine/eng_all.c b/openssl/crypto/engine/eng_all.c
index 6093376df..195a3a955 100644
--- a/openssl/crypto/engine/eng_all.c
+++ b/openssl/crypto/engine/eng_all.c
@@ -1,6 +1,7 @@
/* crypto/engine/eng_all.c -*- mode: C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte <richard@levitte.org> for the OpenSSL
- * project 2000.
+/*
+ * Written by Richard Levitte <richard@levitte.org> for the OpenSSL project
+ * 2000.
*/
/* ====================================================================
* Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
@@ -10,7 +11,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -60,76 +61,76 @@
#include "eng_int.h"
void ENGINE_load_builtin_engines(void)
- {
- /* Some ENGINEs need this */
- OPENSSL_cpuid_setup();
+{
+ /* Some ENGINEs need this */
+ OPENSSL_cpuid_setup();
#if 0
- /* There's no longer any need for an "openssl" ENGINE unless, one day,
- * it is the *only* way for standard builtin implementations to be be
- * accessed (ie. it would be possible to statically link binaries with
- * *no* builtin implementations). */
- ENGINE_load_openssl();
+ /*
+ * There's no longer any need for an "openssl" ENGINE unless, one day, it
+ * is the *only* way for standard builtin implementations to be be
+ * accessed (ie. it would be possible to statically link binaries with
+ * *no* builtin implementations).
+ */
+ ENGINE_load_openssl();
#endif
#if !defined(OPENSSL_NO_HW) && (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV))
- ENGINE_load_cryptodev();
-#endif
-#ifndef OPENSSL_NO_RSAX
- ENGINE_load_rsax();
+ ENGINE_load_cryptodev();
#endif
#ifndef OPENSSL_NO_RDRAND
- ENGINE_load_rdrand();
+ ENGINE_load_rdrand();
#endif
- ENGINE_load_dynamic();
+ ENGINE_load_dynamic();
#ifndef OPENSSL_NO_STATIC_ENGINE
-#ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_4758_CCA
- ENGINE_load_4758cca();
-#endif
-#ifndef OPENSSL_NO_HW_AEP
- ENGINE_load_aep();
-#endif
-#ifndef OPENSSL_NO_HW_ATALLA
- ENGINE_load_atalla();
-#endif
-#ifndef OPENSSL_NO_HW_CSWIFT
- ENGINE_load_cswift();
-#endif
-#ifndef OPENSSL_NO_HW_NCIPHER
- ENGINE_load_chil();
-#endif
-#ifndef OPENSSL_NO_HW_NURON
- ENGINE_load_nuron();
-#endif
-#ifndef OPENSSL_NO_HW_SUREWARE
- ENGINE_load_sureware();
-#endif
-#ifndef OPENSSL_NO_HW_UBSEC
- ENGINE_load_ubsec();
-#endif
-#ifndef OPENSSL_NO_HW_PADLOCK
- ENGINE_load_padlock();
-#endif
-#endif
-#ifndef OPENSSL_NO_GOST
- ENGINE_load_gost();
-#endif
-#ifndef OPENSSL_NO_GMP
- ENGINE_load_gmp();
-#endif
-#if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
- ENGINE_load_capi();
-#endif
-#endif
- ENGINE_register_all_complete();
- }
+# ifndef OPENSSL_NO_HW
+# ifndef OPENSSL_NO_HW_4758_CCA
+ ENGINE_load_4758cca();
+# endif
+# ifndef OPENSSL_NO_HW_AEP
+ ENGINE_load_aep();
+# endif
+# ifndef OPENSSL_NO_HW_ATALLA
+ ENGINE_load_atalla();
+# endif
+# ifndef OPENSSL_NO_HW_CSWIFT
+ ENGINE_load_cswift();
+# endif
+# ifndef OPENSSL_NO_HW_NCIPHER
+ ENGINE_load_chil();
+# endif
+# ifndef OPENSSL_NO_HW_NURON
+ ENGINE_load_nuron();
+# endif
+# ifndef OPENSSL_NO_HW_SUREWARE
+ ENGINE_load_sureware();
+# endif
+# ifndef OPENSSL_NO_HW_UBSEC
+ ENGINE_load_ubsec();
+# endif
+# ifndef OPENSSL_NO_HW_PADLOCK
+ ENGINE_load_padlock();
+# endif
+# endif
+# ifndef OPENSSL_NO_GOST
+ ENGINE_load_gost();
+# endif
+# ifndef OPENSSL_NO_GMP
+ ENGINE_load_gmp();
+# endif
+# if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
+ ENGINE_load_capi();
+# endif
+#endif
+ ENGINE_register_all_complete();
+}
#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
-void ENGINE_setup_bsd_cryptodev(void) {
- static int bsd_cryptodev_default_loaded = 0;
- if (!bsd_cryptodev_default_loaded) {
- ENGINE_load_cryptodev();
- ENGINE_register_all_complete();
- }
- bsd_cryptodev_default_loaded=1;
+void ENGINE_setup_bsd_cryptodev(void)
+{
+ static int bsd_cryptodev_default_loaded = 0;
+ if (!bsd_cryptodev_default_loaded) {
+ ENGINE_load_cryptodev();
+ ENGINE_register_all_complete();
+ }
+ bsd_cryptodev_default_loaded = 1;
}
#endif
diff --git a/openssl/crypto/engine/eng_cnf.c b/openssl/crypto/engine/eng_cnf.c
index 95c407001..f09bec4e9 100644
--- a/openssl/crypto/engine/eng_cnf.c
+++ b/openssl/crypto/engine/eng_cnf.c
@@ -1,6 +1,7 @@
/* eng_cnf.c */
-/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
- * project 2001.
+/*
+ * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project
+ * 2001.
*/
/* ====================================================================
* Copyright (c) 2001 The OpenSSL Project. All rights reserved.
@@ -10,7 +11,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -64,196 +65,178 @@
/* ENGINE config module */
static char *skip_dot(char *name)
- {
- char *p;
- p = strchr(name, '.');
- if (p)
- return p + 1;
- return name;
- }
+{
+ char *p;
+ p = strchr(name, '.');
+ if (p)
+ return p + 1;
+ return name;
+}
static STACK_OF(ENGINE) *initialized_engines = NULL;
static int int_engine_init(ENGINE *e)
- {
- if (!ENGINE_init(e))
- return 0;
- if (!initialized_engines)
- initialized_engines = sk_ENGINE_new_null();
- if (!initialized_engines || !sk_ENGINE_push(initialized_engines, e))
- {
- ENGINE_finish(e);
- return 0;
- }
- return 1;
- }
-
+{
+ if (!ENGINE_init(e))
+ return 0;
+ if (!initialized_engines)
+ initialized_engines = sk_ENGINE_new_null();
+ if (!initialized_engines || !sk_ENGINE_push(initialized_engines, e)) {
+ ENGINE_finish(e);
+ return 0;
+ }
+ return 1;
+}
static int int_engine_configure(char *name, char *value, const CONF *cnf)
- {
- int i;
- int ret = 0;
- long do_init = -1;
- STACK_OF(CONF_VALUE) *ecmds;
- CONF_VALUE *ecmd = NULL;
- char *ctrlname, *ctrlvalue;
- ENGINE *e = NULL;
- int soft = 0;
-
- name = skip_dot(name);
+{
+ int i;
+ int ret = 0;
+ long do_init = -1;
+ STACK_OF(CONF_VALUE) *ecmds;
+ CONF_VALUE *ecmd = NULL;
+ char *ctrlname, *ctrlvalue;
+ ENGINE *e = NULL;
+ int soft = 0;
+
+ name = skip_dot(name);
#ifdef ENGINE_CONF_DEBUG
- fprintf(stderr, "Configuring engine %s\n", name);
+ fprintf(stderr, "Configuring engine %s\n", name);
#endif
- /* Value is a section containing ENGINE commands */
- ecmds = NCONF_get_section(cnf, value);
-
- if (!ecmds)
- {
- ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_ENGINE_SECTION_ERROR);
- return 0;
- }
-
- for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++)
- {
- ecmd = sk_CONF_VALUE_value(ecmds, i);
- ctrlname = skip_dot(ecmd->name);
- ctrlvalue = ecmd->value;
+ /* Value is a section containing ENGINE commands */
+ ecmds = NCONF_get_section(cnf, value);
+
+ if (!ecmds) {
+ ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE,
+ ENGINE_R_ENGINE_SECTION_ERROR);
+ return 0;
+ }
+
+ for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) {
+ ecmd = sk_CONF_VALUE_value(ecmds, i);
+ ctrlname = skip_dot(ecmd->name);
+ ctrlvalue = ecmd->value;
#ifdef ENGINE_CONF_DEBUG
- fprintf(stderr, "ENGINE conf: doing ctrl(%s,%s)\n", ctrlname, ctrlvalue);
+ fprintf(stderr, "ENGINE conf: doing ctrl(%s,%s)\n", ctrlname,
+ ctrlvalue);
#endif
- /* First handle some special pseudo ctrls */
-
- /* Override engine name to use */
- if (!strcmp(ctrlname, "engine_id"))
- name = ctrlvalue;
- else if (!strcmp(ctrlname, "soft_load"))
- soft = 1;
- /* Load a dynamic ENGINE */
- else if (!strcmp(ctrlname, "dynamic_path"))
- {
- e = ENGINE_by_id("dynamic");
- if (!e)
- goto err;
- if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", ctrlvalue, 0))
- goto err;
- if (!ENGINE_ctrl_cmd_string(e, "LIST_ADD", "2", 0))
- goto err;
- if (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
- goto err;
- }
- /* ... add other pseudos here ... */
- else
- {
- /* At this point we need an ENGINE structural reference
- * if we don't already have one.
- */
- if (!e)
- {
- e = ENGINE_by_id(name);
- if (!e && soft)
- {
- ERR_clear_error();
- return 1;
- }
- if (!e)
- goto err;
- }
- /* Allow "EMPTY" to mean no value: this allows a valid
- * "value" to be passed to ctrls of type NO_INPUT
- */
- if (!strcmp(ctrlvalue, "EMPTY"))
- ctrlvalue = NULL;
- if (!strcmp(ctrlname, "init"))
- {
- if (!NCONF_get_number_e(cnf, value, "init", &do_init))
- goto err;
- if (do_init == 1)
- {
- if (!int_engine_init(e))
- goto err;
- }
- else if (do_init != 0)
- {
- ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_INVALID_INIT_VALUE);
- goto err;
- }
- }
- else if (!strcmp(ctrlname, "default_algorithms"))
- {
- if (!ENGINE_set_default_string(e, ctrlvalue))
- goto err;
- }
- else if (!ENGINE_ctrl_cmd_string(e,
- ctrlname, ctrlvalue, 0))
- goto err;
- }
-
-
-
- }
- if (e && (do_init == -1) && !int_engine_init(e))
- {
- ecmd = NULL;
- goto err;
- }
- ret = 1;
- err:
- if (ret != 1)
- {
- ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_ENGINE_CONFIGURATION_ERROR);
- if (ecmd)
- ERR_add_error_data(6, "section=", ecmd->section,
- ", name=", ecmd->name,
- ", value=", ecmd->value);
- }
- if (e)
- ENGINE_free(e);
- return ret;
- }
-
+ /* First handle some special pseudo ctrls */
+
+ /* Override engine name to use */
+ if (!strcmp(ctrlname, "engine_id"))
+ name = ctrlvalue;
+ else if (!strcmp(ctrlname, "soft_load"))
+ soft = 1;
+ /* Load a dynamic ENGINE */
+ else if (!strcmp(ctrlname, "dynamic_path")) {
+ e = ENGINE_by_id("dynamic");
+ if (!e)
+ goto err;
+ if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", ctrlvalue, 0))
+ goto err;
+ if (!ENGINE_ctrl_cmd_string(e, "LIST_ADD", "2", 0))
+ goto err;
+ if (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
+ goto err;
+ }
+ /* ... add other pseudos here ... */
+ else {
+ /*
+ * At this point we need an ENGINE structural reference if we
+ * don't already have one.
+ */
+ if (!e) {
+ e = ENGINE_by_id(name);
+ if (!e && soft) {
+ ERR_clear_error();
+ return 1;
+ }
+ if (!e)
+ goto err;
+ }
+ /*
+ * Allow "EMPTY" to mean no value: this allows a valid "value" to
+ * be passed to ctrls of type NO_INPUT
+ */
+ if (!strcmp(ctrlvalue, "EMPTY"))
+ ctrlvalue = NULL;
+ if (!strcmp(ctrlname, "init")) {
+ if (!NCONF_get_number_e(cnf, value, "init", &do_init))
+ goto err;
+ if (do_init == 1) {
+ if (!int_engine_init(e))
+ goto err;
+ } else if (do_init != 0) {
+ ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE,
+ ENGINE_R_INVALID_INIT_VALUE);
+ goto err;
+ }
+ } else if (!strcmp(ctrlname, "default_algorithms")) {
+ if (!ENGINE_set_default_string(e, ctrlvalue))
+ goto err;
+ } else if (!ENGINE_ctrl_cmd_string(e, ctrlname, ctrlvalue, 0))
+ goto err;
+ }
+
+ }
+ if (e && (do_init == -1) && !int_engine_init(e)) {
+ ecmd = NULL;
+ goto err;
+ }
+ ret = 1;
+ err:
+ if (ret != 1) {
+ ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE,
+ ENGINE_R_ENGINE_CONFIGURATION_ERROR);
+ if (ecmd)
+ ERR_add_error_data(6, "section=", ecmd->section,
+ ", name=", ecmd->name,
+ ", value=", ecmd->value);
+ }
+ if (e)
+ ENGINE_free(e);
+ return ret;
+}
static int int_engine_module_init(CONF_IMODULE *md, const CONF *cnf)
- {
- STACK_OF(CONF_VALUE) *elist;
- CONF_VALUE *cval;
- int i;
+{
+ STACK_OF(CONF_VALUE) *elist;
+ CONF_VALUE *cval;
+ int i;
#ifdef ENGINE_CONF_DEBUG
- fprintf(stderr, "Called engine module: name %s, value %s\n",
- CONF_imodule_get_name(md), CONF_imodule_get_value(md));
+ fprintf(stderr, "Called engine module: name %s, value %s\n",
+ CONF_imodule_get_name(md), CONF_imodule_get_value(md));
#endif
- /* Value is a section containing ENGINEs to configure */
- elist = NCONF_get_section(cnf, CONF_imodule_get_value(md));
+ /* Value is a section containing ENGINEs to configure */
+ elist = NCONF_get_section(cnf, CONF_imodule_get_value(md));
- if (!elist)
- {
- ENGINEerr(ENGINE_F_INT_ENGINE_MODULE_INIT, ENGINE_R_ENGINES_SECTION_ERROR);
- return 0;
- }
+ if (!elist) {
+ ENGINEerr(ENGINE_F_INT_ENGINE_MODULE_INIT,
+ ENGINE_R_ENGINES_SECTION_ERROR);
+ return 0;
+ }
- for (i = 0; i < sk_CONF_VALUE_num(elist); i++)
- {
- cval = sk_CONF_VALUE_value(elist, i);
- if (!int_engine_configure(cval->name, cval->value, cnf))
- return 0;
- }
+ for (i = 0; i < sk_CONF_VALUE_num(elist); i++) {
+ cval = sk_CONF_VALUE_value(elist, i);
+ if (!int_engine_configure(cval->name, cval->value, cnf))
+ return 0;
+ }
- return 1;
- }
+ return 1;
+}
static void int_engine_module_finish(CONF_IMODULE *md)
- {
- ENGINE *e;
- while ((e = sk_ENGINE_pop(initialized_engines)))
- ENGINE_finish(e);
- sk_ENGINE_free(initialized_engines);
- initialized_engines = NULL;
- }
-
+{
+ ENGINE *e;
+ while ((e = sk_ENGINE_pop(initialized_engines)))
+ ENGINE_finish(e);
+ sk_ENGINE_free(initialized_engines);
+ initialized_engines = NULL;
+}
void ENGINE_add_conf_module(void)
- {
- CONF_module_add("engines",
- int_engine_module_init,
- int_engine_module_finish);
- }
+{
+ CONF_module_add("engines",
+ int_engine_module_init, int_engine_module_finish);
+}
diff --git a/openssl/crypto/engine/eng_cryptodev.c b/openssl/crypto/engine/eng_cryptodev.c
index 5a715aca4..926d95c0d 100644
--- a/openssl/crypto/engine/eng_cryptodev.c
+++ b/openssl/crypto/engine/eng_cryptodev.c
@@ -32,8 +32,8 @@
#include <openssl/bn.h>
#if (defined(__unix__) || defined(unix)) && !defined(USG) && \
- (defined(OpenBSD) || defined(__FreeBSD__))
-#include <sys/param.h>
+ (defined(OpenBSD) || defined(__FreeBSD__))
+# include <sys/param.h>
# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041)
# define HAVE_CRYPTODEV
# endif
@@ -44,42 +44,39 @@
#ifndef HAVE_CRYPTODEV
-void
-ENGINE_load_cryptodev(void)
+void ENGINE_load_cryptodev(void)
{
- /* This is a NOP on platforms without /dev/crypto */
- return;
+ /* This is a NOP on platforms without /dev/crypto */
+ return;
}
-#else
-
-#include <sys/types.h>
-#include <crypto/cryptodev.h>
-#include <crypto/dh/dh.h>
-#include <crypto/dsa/dsa.h>
-#include <crypto/err/err.h>
-#include <crypto/rsa/rsa.h>
-#include <sys/ioctl.h>
-#include <errno.h>
-#include <stdio.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <stdarg.h>
-#include <syslog.h>
-#include <errno.h>
-#include <string.h>
-
-struct dev_crypto_state {
- struct session_op d_sess;
- int d_fd;
+#else
-#ifdef USE_CRYPTODEV_DIGESTS
- char dummy_mac_key[HASH_MAX_LEN];
+# include <sys/types.h>
+# include <crypto/cryptodev.h>
+# include <openssl/dh.h>
+# include <openssl/dsa.h>
+# include <openssl/err.h>
+# include <openssl/rsa.h>
+# include <sys/ioctl.h>
+# include <errno.h>
+# include <stdio.h>
+# include <unistd.h>
+# include <fcntl.h>
+# include <stdarg.h>
+# include <syslog.h>
+# include <errno.h>
+# include <string.h>
- unsigned char digest_res[HASH_MAX_LEN];
- char *mac_data;
- int mac_len;
-#endif
+struct dev_crypto_state {
+ struct session_op d_sess;
+ int d_fd;
+# ifdef USE_CRYPTODEV_DIGESTS
+ char dummy_mac_key[HASH_MAX_LEN];
+ unsigned char digest_res[HASH_MAX_LEN];
+ char *mac_data;
+ int mac_len;
+# endif
};
static u_int32_t cryptodev_asymfeat = 0;
@@ -88,147 +85,196 @@ static int get_asym_dev_crypto(void);
static int open_dev_crypto(void);
static int get_dev_crypto(void);
static int get_cryptodev_ciphers(const int **cnids);
-#ifdef USE_CRYPTODEV_DIGESTS
+# ifdef USE_CRYPTODEV_DIGESTS
static int get_cryptodev_digests(const int **cnids);
-#endif
+# endif
static int cryptodev_usable_ciphers(const int **nids);
static int cryptodev_usable_digests(const int **nids);
static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, size_t inl);
+ const unsigned char *in, size_t inl);
static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc);
+ const unsigned char *iv, int enc);
static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx);
static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
- const int **nids, int nid);
+ const int **nids, int nid);
static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
- const int **nids, int nid);
+ const int **nids, int nid);
static int bn2crparam(const BIGNUM *a, struct crparam *crp);
static int crparam2bn(struct crparam *crp, BIGNUM *a);
static void zapparams(struct crypt_kop *kop);
static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r,
- int slen, BIGNUM *s);
+ int slen, BIGNUM *s);
static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I,
- RSA *rsa, BN_CTX *ctx);
-static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+ BN_CTX *ctx);
+static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+ BN_CTX *ctx);
static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+ const BIGNUM *p, const BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *m_ctx);
static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
- BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
- BN_CTX *ctx, BN_MONT_CTX *mont);
-static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst,
- int dlen, DSA *dsa);
+ BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2,
+ BIGNUM *p, BN_CTX *ctx,
+ BN_MONT_CTX *mont);
+static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
+ DSA *dsa);
static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, DSA *dsa);
+ DSA_SIG *sig, DSA *dsa);
static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx);
-static int cryptodev_dh_compute_key(unsigned char *key,
- const BIGNUM *pub_key, DH *dh);
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
+ DH *dh);
static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
- void (*f)(void));
+ void (*f) (void));
void ENGINE_load_cryptodev(void);
static const ENGINE_CMD_DEFN cryptodev_defns[] = {
- { 0, NULL, NULL, 0 }
+ {0, NULL, NULL, 0}
};
static struct {
- int id;
- int nid;
- int ivmax;
- int keylen;
+ int id;
+ int nid;
+ int ivmax;
+ int keylen;
} ciphers[] = {
- { CRYPTO_ARC4, NID_rc4, 0, 16, },
- { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, },
- { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, },
- { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, },
- { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, },
- { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, },
- { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, },
- { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, },
- { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, },
- { 0, NID_undef, 0, 0, },
+ {
+ CRYPTO_ARC4, NID_rc4, 0, 16,
+ },
+ {
+ CRYPTO_DES_CBC, NID_des_cbc, 8, 8,
+ },
+ {
+ CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24,
+ },
+ {
+ CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16,
+ },
+ {
+ CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24,
+ },
+ {
+ CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32,
+ },
+# ifdef CRYPTO_AES_CTR
+ {
+ CRYPTO_AES_CTR, NID_aes_128_ctr, 14, 16,
+ },
+ {
+ CRYPTO_AES_CTR, NID_aes_192_ctr, 14, 24,
+ },
+ {
+ CRYPTO_AES_CTR, NID_aes_256_ctr, 14, 32,
+ },
+# endif
+ {
+ CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16,
+ },
+ {
+ CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16,
+ },
+ {
+ CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0,
+ },
+ {
+ 0, NID_undef, 0, 0,
+ },
};
-#ifdef USE_CRYPTODEV_DIGESTS
+# ifdef USE_CRYPTODEV_DIGESTS
static struct {
- int id;
- int nid;
- int keylen;
+ int id;
+ int nid;
+ int keylen;
} digests[] = {
- { CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16},
- { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20},
- { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16/*?*/},
- { CRYPTO_MD5_KPDK, NID_undef, 0},
- { CRYPTO_SHA1_KPDK, NID_undef, 0},
- { CRYPTO_MD5, NID_md5, 16},
- { CRYPTO_SHA1, NID_sha1, 20},
- { 0, NID_undef, 0},
+ {
+ CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16
+ },
+ {
+ CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20
+ },
+ {
+ CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16
+ /* ? */
+ },
+ {
+ CRYPTO_MD5_KPDK, NID_undef, 0
+ },
+ {
+ CRYPTO_SHA1_KPDK, NID_undef, 0
+ },
+ {
+ CRYPTO_MD5, NID_md5, 16
+ },
+ {
+ CRYPTO_SHA1, NID_sha1, 20
+ },
+ {
+ 0, NID_undef, 0
+ },
};
-#endif
+# endif
/*
* Return a fd if /dev/crypto seems usable, 0 otherwise.
*/
-static int
-open_dev_crypto(void)
+static int open_dev_crypto(void)
{
- static int fd = -1;
-
- if (fd == -1) {
- if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
- return (-1);
- /* close on exec */
- if (fcntl(fd, F_SETFD, 1) == -1) {
- close(fd);
- fd = -1;
- return (-1);
- }
- }
- return (fd);
+ static int fd = -1;
+
+ if (fd == -1) {
+ if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
+ return (-1);
+ /* close on exec */
+ if (fcntl(fd, F_SETFD, 1) == -1) {
+ close(fd);
+ fd = -1;
+ return (-1);
+ }
+ }
+ return (fd);
}
-static int
-get_dev_crypto(void)
+static int get_dev_crypto(void)
{
- int fd, retfd;
-
- if ((fd = open_dev_crypto()) == -1)
- return (-1);
-#ifndef CRIOGET_NOT_NEEDED
- if (ioctl(fd, CRIOGET, &retfd) == -1)
- return (-1);
-
- /* close on exec */
- if (fcntl(retfd, F_SETFD, 1) == -1) {
- close(retfd);
- return (-1);
- }
-#else
- retfd = fd;
-#endif
- return (retfd);
+ int fd, retfd;
+
+ if ((fd = open_dev_crypto()) == -1)
+ return (-1);
+# ifndef CRIOGET_NOT_NEEDED
+ if (ioctl(fd, CRIOGET, &retfd) == -1)
+ return (-1);
+
+ /* close on exec */
+ if (fcntl(retfd, F_SETFD, 1) == -1) {
+ close(retfd);
+ return (-1);
+ }
+# else
+ retfd = fd;
+# endif
+ return (retfd);
}
static void put_dev_crypto(int fd)
{
-#ifndef CRIOGET_NOT_NEEDED
- close(fd);
-#endif
+# ifndef CRIOGET_NOT_NEEDED
+ close(fd);
+# endif
}
/* Caching version for asym operations */
-static int
-get_asym_dev_crypto(void)
+static int get_asym_dev_crypto(void)
{
- static int fd = -1;
+ static int fd = -1;
- if (fd == -1)
- fd = get_dev_crypto();
- return fd;
+ if (fd == -1)
+ fd = get_dev_crypto();
+ return fd;
}
/*
@@ -237,78 +283,76 @@ get_asym_dev_crypto(void)
* returning them here is harmless, as long as we return NULL
* when asked for a handler in the cryptodev_engine_ciphers routine
*/
-static int
-get_cryptodev_ciphers(const int **cnids)
+static int get_cryptodev_ciphers(const int **cnids)
{
- static int nids[CRYPTO_ALGORITHM_MAX];
- struct session_op sess;
- int fd, i, count = 0;
-
- if ((fd = get_dev_crypto()) < 0) {
- *cnids = NULL;
- return (0);
- }
- memset(&sess, 0, sizeof(sess));
- sess.key = (caddr_t)"123456789abcdefghijklmno";
-
- for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
- if (ciphers[i].nid == NID_undef)
- continue;
- sess.cipher = ciphers[i].id;
- sess.keylen = ciphers[i].keylen;
- sess.mac = 0;
- if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
- ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
- nids[count++] = ciphers[i].nid;
- }
- put_dev_crypto(fd);
-
- if (count > 0)
- *cnids = nids;
- else
- *cnids = NULL;
- return (count);
+ static int nids[CRYPTO_ALGORITHM_MAX];
+ struct session_op sess;
+ int fd, i, count = 0;
+
+ if ((fd = get_dev_crypto()) < 0) {
+ *cnids = NULL;
+ return (0);
+ }
+ memset(&sess, 0, sizeof(sess));
+ sess.key = (caddr_t) "123456789abcdefghijklmno";
+
+ for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
+ if (ciphers[i].nid == NID_undef)
+ continue;
+ sess.cipher = ciphers[i].id;
+ sess.keylen = ciphers[i].keylen;
+ sess.mac = 0;
+ if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
+ ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
+ nids[count++] = ciphers[i].nid;
+ }
+ put_dev_crypto(fd);
+
+ if (count > 0)
+ *cnids = nids;
+ else
+ *cnids = NULL;
+ return (count);
}
-#ifdef USE_CRYPTODEV_DIGESTS
+# ifdef USE_CRYPTODEV_DIGESTS
/*
* Find out what digests /dev/crypto will let us have a session for.
* XXX note, that some of these openssl doesn't deal with yet!
* returning them here is harmless, as long as we return NULL
* when asked for a handler in the cryptodev_engine_digests routine
*/
-static int
-get_cryptodev_digests(const int **cnids)
+static int get_cryptodev_digests(const int **cnids)
{
- static int nids[CRYPTO_ALGORITHM_MAX];
- struct session_op sess;
- int fd, i, count = 0;
-
- if ((fd = get_dev_crypto()) < 0) {
- *cnids = NULL;
- return (0);
- }
- memset(&sess, 0, sizeof(sess));
- sess.mackey = (caddr_t)"123456789abcdefghijklmno";
- for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
- if (digests[i].nid == NID_undef)
- continue;
- sess.mac = digests[i].id;
- sess.mackeylen = digests[i].keylen;
- sess.cipher = 0;
- if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
- ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
- nids[count++] = digests[i].nid;
- }
- put_dev_crypto(fd);
-
- if (count > 0)
- *cnids = nids;
- else
- *cnids = NULL;
- return (count);
+ static int nids[CRYPTO_ALGORITHM_MAX];
+ struct session_op sess;
+ int fd, i, count = 0;
+
+ if ((fd = get_dev_crypto()) < 0) {
+ *cnids = NULL;
+ return (0);
+ }
+ memset(&sess, 0, sizeof(sess));
+ sess.mackey = (caddr_t) "123456789abcdefghijklmno";
+ for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
+ if (digests[i].nid == NID_undef)
+ continue;
+ sess.mac = digests[i].id;
+ sess.mackeylen = digests[i].keylen;
+ sess.cipher = 0;
+ if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
+ ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
+ nids[count++] = digests[i].nid;
+ }
+ put_dev_crypto(fd);
+
+ if (count > 0)
+ *cnids = nids;
+ else
+ *cnids = NULL;
+ return (count);
}
-#endif /* 0 */
+# endif /* 0 */
/*
* Find the useable ciphers|digests from dev/crypto - this is the first
@@ -331,161 +375,158 @@ get_cryptodev_digests(const int **cnids)
* want most of the decisions made about what we actually want
* to use from /dev/crypto.
*/
-static int
-cryptodev_usable_ciphers(const int **nids)
+static int cryptodev_usable_ciphers(const int **nids)
{
- return (get_cryptodev_ciphers(nids));
+ return (get_cryptodev_ciphers(nids));
}
-static int
-cryptodev_usable_digests(const int **nids)
+static int cryptodev_usable_digests(const int **nids)
{
-#ifdef USE_CRYPTODEV_DIGESTS
- return (get_cryptodev_digests(nids));
-#else
- /*
- * XXXX just disable all digests for now, because it sucks.
- * we need a better way to decide this - i.e. I may not
- * want digests on slow cards like hifn on fast machines,
- * but might want them on slow or loaded machines, etc.
- * will also want them when using crypto cards that don't
- * suck moose gonads - would be nice to be able to decide something
- * as reasonable default without having hackery that's card dependent.
- * of course, the default should probably be just do everything,
- * with perhaps a sysctl to turn algoritms off (or have them off
- * by default) on cards that generally suck like the hifn.
- */
- *nids = NULL;
- return (0);
-#endif
+# ifdef USE_CRYPTODEV_DIGESTS
+ return (get_cryptodev_digests(nids));
+# else
+ /*
+ * XXXX just disable all digests for now, because it sucks.
+ * we need a better way to decide this - i.e. I may not
+ * want digests on slow cards like hifn on fast machines,
+ * but might want them on slow or loaded machines, etc.
+ * will also want them when using crypto cards that don't
+ * suck moose gonads - would be nice to be able to decide something
+ * as reasonable default without having hackery that's card dependent.
+ * of course, the default should probably be just do everything,
+ * with perhaps a sysctl to turn algoritms off (or have them off
+ * by default) on cards that generally suck like the hifn.
+ */
+ *nids = NULL;
+ return (0);
+# endif
}
static int
cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, size_t inl)
+ const unsigned char *in, size_t inl)
{
- struct crypt_op cryp;
- struct dev_crypto_state *state = ctx->cipher_data;
- struct session_op *sess = &state->d_sess;
- const void *iiv;
- unsigned char save_iv[EVP_MAX_IV_LENGTH];
-
- if (state->d_fd < 0)
- return (0);
- if (!inl)
- return (1);
- if ((inl % ctx->cipher->block_size) != 0)
- return (0);
-
- memset(&cryp, 0, sizeof(cryp));
-
- cryp.ses = sess->ses;
- cryp.flags = 0;
- cryp.len = inl;
- cryp.src = (caddr_t) in;
- cryp.dst = (caddr_t) out;
- cryp.mac = 0;
-
- cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
-
- if (ctx->cipher->iv_len) {
- cryp.iv = (caddr_t) ctx->iv;
- if (!ctx->encrypt) {
- iiv = in + inl - ctx->cipher->iv_len;
- memcpy(save_iv, iiv, ctx->cipher->iv_len);
- }
- } else
- cryp.iv = NULL;
-
- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) {
- /* XXX need better errror handling
- * this can fail for a number of different reasons.
- */
- return (0);
- }
-
- if (ctx->cipher->iv_len) {
- if (ctx->encrypt)
- iiv = out + inl - ctx->cipher->iv_len;
- else
- iiv = save_iv;
- memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
- }
- return (1);
+ struct crypt_op cryp;
+ struct dev_crypto_state *state = ctx->cipher_data;
+ struct session_op *sess = &state->d_sess;
+ const void *iiv;
+ unsigned char save_iv[EVP_MAX_IV_LENGTH];
+
+ if (state->d_fd < 0)
+ return (0);
+ if (!inl)
+ return (1);
+ if ((inl % ctx->cipher->block_size) != 0)
+ return (0);
+
+ memset(&cryp, 0, sizeof(cryp));
+
+ cryp.ses = sess->ses;
+ cryp.flags = 0;
+ cryp.len = inl;
+ cryp.src = (caddr_t) in;
+ cryp.dst = (caddr_t) out;
+ cryp.mac = 0;
+
+ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
+
+ if (ctx->cipher->iv_len) {
+ cryp.iv = (caddr_t) ctx->iv;
+ if (!ctx->encrypt) {
+ iiv = in + inl - ctx->cipher->iv_len;
+ memcpy(save_iv, iiv, ctx->cipher->iv_len);
+ }
+ } else
+ cryp.iv = NULL;
+
+ if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) {
+ /*
+ * XXX need better errror handling this can fail for a number of
+ * different reasons.
+ */
+ return (0);
+ }
+
+ if (ctx->cipher->iv_len) {
+ if (ctx->encrypt)
+ iiv = out + inl - ctx->cipher->iv_len;
+ else
+ iiv = save_iv;
+ memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
+ }
+ return (1);
}
static int
cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
+ const unsigned char *iv, int enc)
{
- struct dev_crypto_state *state = ctx->cipher_data;
- struct session_op *sess = &state->d_sess;
- int cipher = -1, i;
-
- for (i = 0; ciphers[i].id; i++)
- if (ctx->cipher->nid == ciphers[i].nid &&
- ctx->cipher->iv_len <= ciphers[i].ivmax &&
- ctx->key_len == ciphers[i].keylen) {
- cipher = ciphers[i].id;
- break;
- }
-
- if (!ciphers[i].id) {
- state->d_fd = -1;
- return (0);
- }
-
- memset(sess, 0, sizeof(struct session_op));
-
- if ((state->d_fd = get_dev_crypto()) < 0)
- return (0);
-
- sess->key = (caddr_t)key;
- sess->keylen = ctx->key_len;
- sess->cipher = cipher;
-
- if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
- put_dev_crypto(state->d_fd);
- state->d_fd = -1;
- return (0);
- }
- return (1);
+ struct dev_crypto_state *state = ctx->cipher_data;
+ struct session_op *sess = &state->d_sess;
+ int cipher = -1, i;
+
+ for (i = 0; ciphers[i].id; i++)
+ if (ctx->cipher->nid == ciphers[i].nid &&
+ ctx->cipher->iv_len <= ciphers[i].ivmax &&
+ ctx->key_len == ciphers[i].keylen) {
+ cipher = ciphers[i].id;
+ break;
+ }
+
+ if (!ciphers[i].id) {
+ state->d_fd = -1;
+ return (0);
+ }
+
+ memset(sess, 0, sizeof(struct session_op));
+
+ if ((state->d_fd = get_dev_crypto()) < 0)
+ return (0);
+
+ sess->key = (caddr_t) key;
+ sess->keylen = ctx->key_len;
+ sess->cipher = cipher;
+
+ if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
+ put_dev_crypto(state->d_fd);
+ state->d_fd = -1;
+ return (0);
+ }
+ return (1);
}
/*
* free anything we allocated earlier when initting a
* session, and close the session.
*/
-static int
-cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
+static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
{
- int ret = 0;
- struct dev_crypto_state *state = ctx->cipher_data;
- struct session_op *sess = &state->d_sess;
-
- if (state->d_fd < 0)
- return (0);
-
- /* XXX if this ioctl fails, someting's wrong. the invoker
- * may have called us with a bogus ctx, or we could
- * have a device that for whatever reason just doesn't
- * want to play ball - it's not clear what's right
- * here - should this be an error? should it just
- * increase a counter, hmm. For right now, we return
- * 0 - I don't believe that to be "right". we could
- * call the gorpy openssl lib error handlers that
- * print messages to users of the library. hmm..
- */
-
- if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) {
- ret = 0;
- } else {
- ret = 1;
- }
- put_dev_crypto(state->d_fd);
- state->d_fd = -1;
-
- return (ret);
+ int ret = 0;
+ struct dev_crypto_state *state = ctx->cipher_data;
+ struct session_op *sess = &state->d_sess;
+
+ if (state->d_fd < 0)
+ return (0);
+
+ /*
+ * XXX if this ioctl fails, someting's wrong. the invoker may have called
+ * us with a bogus ctx, or we could have a device that for whatever
+ * reason just doesn't want to play ball - it's not clear what's right
+ * here - should this be an error? should it just increase a counter,
+ * hmm. For right now, we return 0 - I don't believe that to be "right".
+ * we could call the gorpy openssl lib error handlers that print messages
+ * to users of the library. hmm..
+ */
+
+ if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) {
+ ret = 0;
+ } else {
+ ret = 1;
+ }
+ put_dev_crypto(state->d_fd);
+ state->d_fd = -1;
+
+ return (ret);
}
/*
@@ -495,111 +536,151 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
/* RC4 */
const EVP_CIPHER cryptodev_rc4 = {
- NID_rc4,
- 1, 16, 0,
- EVP_CIPH_VARIABLE_LENGTH,
- cryptodev_init_key,
- cryptodev_cipher,
- cryptodev_cleanup,
- sizeof(struct dev_crypto_state),
- NULL,
- NULL,
- NULL
+ NID_rc4,
+ 1, 16, 0,
+ EVP_CIPH_VARIABLE_LENGTH,
+ cryptodev_init_key,
+ cryptodev_cipher,
+ cryptodev_cleanup,
+ sizeof(struct dev_crypto_state),
+ NULL,
+ NULL,
+ NULL
};
/* DES CBC EVP */
const EVP_CIPHER cryptodev_des_cbc = {
- NID_des_cbc,
- 8, 8, 8,
- EVP_CIPH_CBC_MODE,
- cryptodev_init_key,
- cryptodev_cipher,
- cryptodev_cleanup,
- sizeof(struct dev_crypto_state),
- EVP_CIPHER_set_asn1_iv,
- EVP_CIPHER_get_asn1_iv,
- NULL
+ NID_des_cbc,
+ 8, 8, 8,
+ EVP_CIPH_CBC_MODE,
+ cryptodev_init_key,
+ cryptodev_cipher,
+ cryptodev_cleanup,
+ sizeof(struct dev_crypto_state),
+ EVP_CIPHER_set_asn1_iv,
+ EVP_CIPHER_get_asn1_iv,
+ NULL
};
/* 3DES CBC EVP */
const EVP_CIPHER cryptodev_3des_cbc = {
- NID_des_ede3_cbc,
- 8, 24, 8,
- EVP_CIPH_CBC_MODE,
- cryptodev_init_key,
- cryptodev_cipher,
- cryptodev_cleanup,
- sizeof(struct dev_crypto_state),
- EVP_CIPHER_set_asn1_iv,
- EVP_CIPHER_get_asn1_iv,
- NULL
+ NID_des_ede3_cbc,
+ 8, 24, 8,
+ EVP_CIPH_CBC_MODE,
+ cryptodev_init_key,
+ cryptodev_cipher,
+ cryptodev_cleanup,
+ sizeof(struct dev_crypto_state),
+ EVP_CIPHER_set_asn1_iv,
+ EVP_CIPHER_get_asn1_iv,
+ NULL
};
const EVP_CIPHER cryptodev_bf_cbc = {
- NID_bf_cbc,
- 8, 16, 8,
- EVP_CIPH_CBC_MODE,
- cryptodev_init_key,
- cryptodev_cipher,
- cryptodev_cleanup,
- sizeof(struct dev_crypto_state),
- EVP_CIPHER_set_asn1_iv,
- EVP_CIPHER_get_asn1_iv,
- NULL
+ NID_bf_cbc,
+ 8, 16, 8,
+ EVP_CIPH_CBC_MODE,
+ cryptodev_init_key,
+ cryptodev_cipher,
+ cryptodev_cleanup,
+ sizeof(struct dev_crypto_state),
+ EVP_CIPHER_set_asn1_iv,
+ EVP_CIPHER_get_asn1_iv,
+ NULL
};
const EVP_CIPHER cryptodev_cast_cbc = {
- NID_cast5_cbc,
- 8, 16, 8,
- EVP_CIPH_CBC_MODE,
- cryptodev_init_key,
- cryptodev_cipher,
- cryptodev_cleanup,
- sizeof(struct dev_crypto_state),
- EVP_CIPHER_set_asn1_iv,
- EVP_CIPHER_get_asn1_iv,
- NULL
+ NID_cast5_cbc,
+ 8, 16, 8,
+ EVP_CIPH_CBC_MODE,
+ cryptodev_init_key,
+ cryptodev_cipher,
+ cryptodev_cleanup,
+ sizeof(struct dev_crypto_state),
+ EVP_CIPHER_set_asn1_iv,
+ EVP_CIPHER_get_asn1_iv,
+ NULL
};
const EVP_CIPHER cryptodev_aes_cbc = {
- NID_aes_128_cbc,
- 16, 16, 16,
- EVP_CIPH_CBC_MODE,
- cryptodev_init_key,
- cryptodev_cipher,
- cryptodev_cleanup,
- sizeof(struct dev_crypto_state),
- EVP_CIPHER_set_asn1_iv,
- EVP_CIPHER_get_asn1_iv,
- NULL
+ NID_aes_128_cbc,
+ 16, 16, 16,
+ EVP_CIPH_CBC_MODE,
+ cryptodev_init_key,
+ cryptodev_cipher,
+ cryptodev_cleanup,
+ sizeof(struct dev_crypto_state),
+ EVP_CIPHER_set_asn1_iv,
+ EVP_CIPHER_get_asn1_iv,
+ NULL
};
const EVP_CIPHER cryptodev_aes_192_cbc = {
- NID_aes_192_cbc,
- 16, 24, 16,
- EVP_CIPH_CBC_MODE,
- cryptodev_init_key,
- cryptodev_cipher,
- cryptodev_cleanup,
- sizeof(struct dev_crypto_state),
- EVP_CIPHER_set_asn1_iv,
- EVP_CIPHER_get_asn1_iv,
- NULL
+ NID_aes_192_cbc,
+ 16, 24, 16,
+ EVP_CIPH_CBC_MODE,
+ cryptodev_init_key,
+ cryptodev_cipher,
+ cryptodev_cleanup,
+ sizeof(struct dev_crypto_state),
+ EVP_CIPHER_set_asn1_iv,
+ EVP_CIPHER_get_asn1_iv,
+ NULL
};
const EVP_CIPHER cryptodev_aes_256_cbc = {
- NID_aes_256_cbc,
- 16, 32, 16,
- EVP_CIPH_CBC_MODE,
- cryptodev_init_key,
- cryptodev_cipher,
- cryptodev_cleanup,
- sizeof(struct dev_crypto_state),
- EVP_CIPHER_set_asn1_iv,
- EVP_CIPHER_get_asn1_iv,
- NULL
+ NID_aes_256_cbc,
+ 16, 32, 16,
+ EVP_CIPH_CBC_MODE,
+ cryptodev_init_key,
+ cryptodev_cipher,
+ cryptodev_cleanup,
+ sizeof(struct dev_crypto_state),
+ EVP_CIPHER_set_asn1_iv,
+ EVP_CIPHER_get_asn1_iv,
+ NULL
+};
+
+# ifdef CRYPTO_AES_CTR
+const EVP_CIPHER cryptodev_aes_ctr = {
+ NID_aes_128_ctr,
+ 16, 16, 14,
+ EVP_CIPH_CTR_MODE,
+ cryptodev_init_key,
+ cryptodev_cipher,
+ cryptodev_cleanup,
+ sizeof(struct dev_crypto_state),
+ EVP_CIPHER_set_asn1_iv,
+ EVP_CIPHER_get_asn1_iv,
+ NULL
};
+const EVP_CIPHER cryptodev_aes_ctr_192 = {
+ NID_aes_192_ctr,
+ 16, 24, 14,
+ EVP_CIPH_CTR_MODE,
+ cryptodev_init_key,
+ cryptodev_cipher,
+ cryptodev_cleanup,
+ sizeof(struct dev_crypto_state),
+ EVP_CIPHER_set_asn1_iv,
+ EVP_CIPHER_get_asn1_iv,
+ NULL
+};
+
+const EVP_CIPHER cryptodev_aes_ctr_256 = {
+ NID_aes_256_ctr,
+ 16, 32, 14,
+ EVP_CIPH_CTR_MODE,
+ cryptodev_init_key,
+ cryptodev_cipher,
+ cryptodev_cleanup,
+ sizeof(struct dev_crypto_state),
+ EVP_CIPHER_set_asn1_iv,
+ EVP_CIPHER_get_asn1_iv,
+ NULL
+};
+# endif
/*
* Registered by the ENGINE when used to find out how to deal with
* a particular NID in the ENGINE. this says what we'll do at the
@@ -607,314 +688,316 @@ const EVP_CIPHER cryptodev_aes_256_cbc = {
*/
static int
cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
- const int **nids, int nid)
+ const int **nids, int nid)
{
- if (!cipher)
- return (cryptodev_usable_ciphers(nids));
-
- switch (nid) {
- case NID_rc4:
- *cipher = &cryptodev_rc4;
- break;
- case NID_des_ede3_cbc:
- *cipher = &cryptodev_3des_cbc;
- break;
- case NID_des_cbc:
- *cipher = &cryptodev_des_cbc;
- break;
- case NID_bf_cbc:
- *cipher = &cryptodev_bf_cbc;
- break;
- case NID_cast5_cbc:
- *cipher = &cryptodev_cast_cbc;
- break;
- case NID_aes_128_cbc:
- *cipher = &cryptodev_aes_cbc;
- break;
- case NID_aes_192_cbc:
- *cipher = &cryptodev_aes_192_cbc;
- break;
- case NID_aes_256_cbc:
- *cipher = &cryptodev_aes_256_cbc;
- break;
- default:
- *cipher = NULL;
- break;
- }
- return (*cipher != NULL);
+ if (!cipher)
+ return (cryptodev_usable_ciphers(nids));
+
+ switch (nid) {
+ case NID_rc4:
+ *cipher = &cryptodev_rc4;
+ break;
+ case NID_des_ede3_cbc:
+ *cipher = &cryptodev_3des_cbc;
+ break;
+ case NID_des_cbc:
+ *cipher = &cryptodev_des_cbc;
+ break;
+ case NID_bf_cbc:
+ *cipher = &cryptodev_bf_cbc;
+ break;
+ case NID_cast5_cbc:
+ *cipher = &cryptodev_cast_cbc;
+ break;
+ case NID_aes_128_cbc:
+ *cipher = &cryptodev_aes_cbc;
+ break;
+ case NID_aes_192_cbc:
+ *cipher = &cryptodev_aes_192_cbc;
+ break;
+ case NID_aes_256_cbc:
+ *cipher = &cryptodev_aes_256_cbc;
+ break;
+# ifdef CRYPTO_AES_CTR
+ case NID_aes_128_ctr:
+ *cipher = &cryptodev_aes_ctr;
+ break;
+ case NID_aes_192_ctr:
+ *cipher = &cryptodev_aes_ctr_192;
+ break;
+ case NID_aes_256_ctr:
+ *cipher = &cryptodev_aes_ctr_256;
+ break;
+# endif
+ default:
+ *cipher = NULL;
+ break;
+ }
+ return (*cipher != NULL);
}
-
-#ifdef USE_CRYPTODEV_DIGESTS
+# ifdef USE_CRYPTODEV_DIGESTS
/* convert digest type to cryptodev */
-static int
-digest_nid_to_cryptodev(int nid)
+static int digest_nid_to_cryptodev(int nid)
{
- int i;
+ int i;
- for (i = 0; digests[i].id; i++)
- if (digests[i].nid == nid)
- return (digests[i].id);
- return (0);
+ for (i = 0; digests[i].id; i++)
+ if (digests[i].nid == nid)
+ return (digests[i].id);
+ return (0);
}
-
-static int
-digest_key_length(int nid)
+static int digest_key_length(int nid)
{
- int i;
+ int i;
- for (i = 0; digests[i].id; i++)
- if (digests[i].nid == nid)
- return digests[i].keylen;
- return (0);
+ for (i = 0; digests[i].id; i++)
+ if (digests[i].nid == nid)
+ return digests[i].keylen;
+ return (0);
}
-
static int cryptodev_digest_init(EVP_MD_CTX *ctx)
{
- struct dev_crypto_state *state = ctx->md_data;
- struct session_op *sess = &state->d_sess;
- int digest;
-
- if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef){
- printf("cryptodev_digest_init: Can't get digest \n");
- return (0);
- }
-
- memset(state, 0, sizeof(struct dev_crypto_state));
-
- if ((state->d_fd = get_dev_crypto()) < 0) {
- printf("cryptodev_digest_init: Can't get Dev \n");
- return (0);
- }
-
- sess->mackey = state->dummy_mac_key;
- sess->mackeylen = digest_key_length(ctx->digest->type);
- sess->mac = digest;
-
- if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
- put_dev_crypto(state->d_fd);
- state->d_fd = -1;
- printf("cryptodev_digest_init: Open session failed\n");
- return (0);
- }
-
- return (1);
+ struct dev_crypto_state *state = ctx->md_data;
+ struct session_op *sess = &state->d_sess;
+ int digest;
+
+ if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef) {
+ printf("cryptodev_digest_init: Can't get digest \n");
+ return (0);
+ }
+
+ memset(state, 0, sizeof(struct dev_crypto_state));
+
+ if ((state->d_fd = get_dev_crypto()) < 0) {
+ printf("cryptodev_digest_init: Can't get Dev \n");
+ return (0);
+ }
+
+ sess->mackey = state->dummy_mac_key;
+ sess->mackeylen = digest_key_length(ctx->digest->type);
+ sess->mac = digest;
+
+ if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
+ put_dev_crypto(state->d_fd);
+ state->d_fd = -1;
+ printf("cryptodev_digest_init: Open session failed\n");
+ return (0);
+ }
+
+ return (1);
}
static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
- size_t count)
+ size_t count)
{
- struct crypt_op cryp;
- struct dev_crypto_state *state = ctx->md_data;
- struct session_op *sess = &state->d_sess;
-
- if (!data || state->d_fd < 0) {
- printf("cryptodev_digest_update: illegal inputs \n");
- return (0);
- }
-
- if (!count) {
- return (0);
- }
-
- if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
- /* if application doesn't support one buffer */
- state->mac_data = OPENSSL_realloc(state->mac_data, state->mac_len + count);
-
- if (!state->mac_data) {
- printf("cryptodev_digest_update: realloc failed\n");
- return (0);
- }
-
- memcpy(state->mac_data + state->mac_len, data, count);
- state->mac_len += count;
-
- return (1);
- }
-
- memset(&cryp, 0, sizeof(cryp));
-
- cryp.ses = sess->ses;
- cryp.flags = 0;
- cryp.len = count;
- cryp.src = (caddr_t) data;
- cryp.dst = NULL;
- cryp.mac = (caddr_t) state->digest_res;
- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
- printf("cryptodev_digest_update: digest failed\n");
- return (0);
- }
- return (1);
+ struct crypt_op cryp;
+ struct dev_crypto_state *state = ctx->md_data;
+ struct session_op *sess = &state->d_sess;
+
+ if (!data || state->d_fd < 0) {
+ printf("cryptodev_digest_update: illegal inputs \n");
+ return (0);
+ }
+
+ if (!count) {
+ return (0);
+ }
+
+ if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
+ /* if application doesn't support one buffer */
+ state->mac_data =
+ OPENSSL_realloc(state->mac_data, state->mac_len + count);
+
+ if (!state->mac_data) {
+ printf("cryptodev_digest_update: realloc failed\n");
+ return (0);
+ }
+
+ memcpy(state->mac_data + state->mac_len, data, count);
+ state->mac_len += count;
+
+ return (1);
+ }
+
+ memset(&cryp, 0, sizeof(cryp));
+
+ cryp.ses = sess->ses;
+ cryp.flags = 0;
+ cryp.len = count;
+ cryp.src = (caddr_t) data;
+ cryp.dst = NULL;
+ cryp.mac = (caddr_t) state->digest_res;
+ if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
+ printf("cryptodev_digest_update: digest failed\n");
+ return (0);
+ }
+ return (1);
}
-
static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
{
- struct crypt_op cryp;
- struct dev_crypto_state *state = ctx->md_data;
- struct session_op *sess = &state->d_sess;
-
- int ret = 1;
-
- if (!md || state->d_fd < 0) {
- printf("cryptodev_digest_final: illegal input\n");
- return(0);
- }
-
- if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) {
- /* if application doesn't support one buffer */
- memset(&cryp, 0, sizeof(cryp));
- cryp.ses = sess->ses;
- cryp.flags = 0;
- cryp.len = state->mac_len;
- cryp.src = state->mac_data;
- cryp.dst = NULL;
- cryp.mac = (caddr_t)md;
- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
- printf("cryptodev_digest_final: digest failed\n");
- return (0);
- }
-
- return 1;
- }
-
- memcpy(md, state->digest_res, ctx->digest->md_size);
-
- return (ret);
+ struct crypt_op cryp;
+ struct dev_crypto_state *state = ctx->md_data;
+ struct session_op *sess = &state->d_sess;
+
+ int ret = 1;
+
+ if (!md || state->d_fd < 0) {
+ printf("cryptodev_digest_final: illegal input\n");
+ return (0);
+ }
+
+ if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
+ /* if application doesn't support one buffer */
+ memset(&cryp, 0, sizeof(cryp));
+ cryp.ses = sess->ses;
+ cryp.flags = 0;
+ cryp.len = state->mac_len;
+ cryp.src = state->mac_data;
+ cryp.dst = NULL;
+ cryp.mac = (caddr_t) md;
+ if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
+ printf("cryptodev_digest_final: digest failed\n");
+ return (0);
+ }
+
+ return 1;
+ }
+
+ memcpy(md, state->digest_res, ctx->digest->md_size);
+
+ return (ret);
}
-
static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
{
- int ret = 1;
- struct dev_crypto_state *state = ctx->md_data;
- struct session_op *sess = &state->d_sess;
-
- if (state == NULL)
- return 0;
-
- if (state->d_fd < 0) {
- printf("cryptodev_digest_cleanup: illegal input\n");
- return (0);
- }
-
- if (state->mac_data) {
- OPENSSL_free(state->mac_data);
- state->mac_data = NULL;
- state->mac_len = 0;
- }
-
- if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
- printf("cryptodev_digest_cleanup: failed to close session\n");
- ret = 0;
- } else {
- ret = 1;
- }
- put_dev_crypto(state->d_fd);
- state->d_fd = -1;
-
- return (ret);
+ int ret = 1;
+ struct dev_crypto_state *state = ctx->md_data;
+ struct session_op *sess = &state->d_sess;
+
+ if (state == NULL)
+ return 0;
+
+ if (state->d_fd < 0) {
+ printf("cryptodev_digest_cleanup: illegal input\n");
+ return (0);
+ }
+
+ if (state->mac_data) {
+ OPENSSL_free(state->mac_data);
+ state->mac_data = NULL;
+ state->mac_len = 0;
+ }
+
+ if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
+ printf("cryptodev_digest_cleanup: failed to close session\n");
+ ret = 0;
+ } else {
+ ret = 1;
+ }
+ put_dev_crypto(state->d_fd);
+ state->d_fd = -1;
+
+ return (ret);
}
-static int cryptodev_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
+static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
{
- struct dev_crypto_state *fstate = from->md_data;
- struct dev_crypto_state *dstate = to->md_data;
- struct session_op *sess;
- int digest;
+ struct dev_crypto_state *fstate = from->md_data;
+ struct dev_crypto_state *dstate = to->md_data;
+ struct session_op *sess;
+ int digest;
- if (dstate == NULL || fstate == NULL)
- return 1;
+ if (dstate == NULL || fstate == NULL)
+ return 1;
- memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
+ memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
- sess = &dstate->d_sess;
+ sess = &dstate->d_sess;
- digest = digest_nid_to_cryptodev(to->digest->type);
+ digest = digest_nid_to_cryptodev(to->digest->type);
- sess->mackey = dstate->dummy_mac_key;
- sess->mackeylen = digest_key_length(to->digest->type);
- sess->mac = digest;
+ sess->mackey = dstate->dummy_mac_key;
+ sess->mackeylen = digest_key_length(to->digest->type);
+ sess->mac = digest;
- dstate->d_fd = get_dev_crypto();
+ dstate->d_fd = get_dev_crypto();
- if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) {
- put_dev_crypto(dstate->d_fd);
- dstate->d_fd = -1;
- printf("cryptodev_digest_init: Open session failed\n");
- return (0);
- }
+ if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) {
+ put_dev_crypto(dstate->d_fd);
+ dstate->d_fd = -1;
+ printf("cryptodev_digest_init: Open session failed\n");
+ return (0);
+ }
- if (fstate->mac_len != 0) {
- if (fstate->mac_data != NULL)
- {
- dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
- memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
- dstate->mac_len = fstate->mac_len;
- }
- }
+ if (fstate->mac_len != 0) {
+ if (fstate->mac_data != NULL) {
+ dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
+ memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
+ dstate->mac_len = fstate->mac_len;
+ }
+ }
- return 1;
+ return 1;
}
-
const EVP_MD cryptodev_sha1 = {
- NID_sha1,
- NID_undef,
- SHA_DIGEST_LENGTH,
- EVP_MD_FLAG_ONESHOT,
- cryptodev_digest_init,
- cryptodev_digest_update,
- cryptodev_digest_final,
- cryptodev_digest_copy,
- cryptodev_digest_cleanup,
- EVP_PKEY_NULL_method,
- SHA_CBLOCK,
- sizeof(struct dev_crypto_state),
+ NID_sha1,
+ NID_undef,
+ SHA_DIGEST_LENGTH,
+ EVP_MD_FLAG_ONESHOT,
+ cryptodev_digest_init,
+ cryptodev_digest_update,
+ cryptodev_digest_final,
+ cryptodev_digest_copy,
+ cryptodev_digest_cleanup,
+ EVP_PKEY_NULL_method,
+ SHA_CBLOCK,
+ sizeof(struct dev_crypto_state),
};
const EVP_MD cryptodev_md5 = {
- NID_md5,
- NID_undef,
- 16 /* MD5_DIGEST_LENGTH */,
- EVP_MD_FLAG_ONESHOT,
- cryptodev_digest_init,
- cryptodev_digest_update,
- cryptodev_digest_final,
- cryptodev_digest_copy,
- cryptodev_digest_cleanup,
- EVP_PKEY_NULL_method,
- 64 /* MD5_CBLOCK */,
- sizeof(struct dev_crypto_state),
+ NID_md5,
+ NID_undef,
+ 16 /* MD5_DIGEST_LENGTH */ ,
+ EVP_MD_FLAG_ONESHOT,
+ cryptodev_digest_init,
+ cryptodev_digest_update,
+ cryptodev_digest_final,
+ cryptodev_digest_copy,
+ cryptodev_digest_cleanup,
+ EVP_PKEY_NULL_method,
+ 64 /* MD5_CBLOCK */ ,
+ sizeof(struct dev_crypto_state),
};
-#endif /* USE_CRYPTODEV_DIGESTS */
-
+# endif /* USE_CRYPTODEV_DIGESTS */
static int
cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
- const int **nids, int nid)
+ const int **nids, int nid)
{
- if (!digest)
- return (cryptodev_usable_digests(nids));
-
- switch (nid) {
-#ifdef USE_CRYPTODEV_DIGESTS
- case NID_md5:
- *digest = &cryptodev_md5;
- break;
- case NID_sha1:
- *digest = &cryptodev_sha1;
- break;
- default:
-#endif /* USE_CRYPTODEV_DIGESTS */
- *digest = NULL;
- break;
- }
- return (*digest != NULL);
+ if (!digest)
+ return (cryptodev_usable_digests(nids));
+
+ switch (nid) {
+# ifdef USE_CRYPTODEV_DIGESTS
+ case NID_md5:
+ *digest = &cryptodev_md5;
+ break;
+ case NID_sha1:
+ *digest = &cryptodev_sha1;
+ break;
+ default:
+# endif /* USE_CRYPTODEV_DIGESTS */
+ *digest = NULL;
+ break;
+ }
+ return (*digest != NULL);
}
/*
@@ -922,419 +1005,423 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
* Upon completion of use, the caller is responsible for freeing
* crp->crp_p.
*/
-static int
-bn2crparam(const BIGNUM *a, struct crparam *crp)
+static int bn2crparam(const BIGNUM *a, struct crparam *crp)
{
- int i, j, k;
- ssize_t bytes, bits;
- u_char *b;
-
- crp->crp_p = NULL;
- crp->crp_nbits = 0;
-
- bits = BN_num_bits(a);
- bytes = (bits + 7) / 8;
-
- b = malloc(bytes);
- if (b == NULL)
- return (1);
- memset(b, 0, bytes);
-
- crp->crp_p = (caddr_t) b;
- crp->crp_nbits = bits;
-
- for (i = 0, j = 0; i < a->top; i++) {
- for (k = 0; k < BN_BITS2 / 8; k++) {
- if ((j + k) >= bytes)
- return (0);
- b[j + k] = a->d[i] >> (k * 8);
- }
- j += BN_BITS2 / 8;
- }
- return (0);
+ int i, j, k;
+ ssize_t bytes, bits;
+ u_char *b;
+
+ crp->crp_p = NULL;
+ crp->crp_nbits = 0;
+
+ bits = BN_num_bits(a);
+ bytes = (bits + 7) / 8;
+
+ b = malloc(bytes);
+ if (b == NULL)
+ return (1);
+ memset(b, 0, bytes);
+
+ crp->crp_p = (caddr_t) b;
+ crp->crp_nbits = bits;
+
+ for (i = 0, j = 0; i < a->top; i++) {
+ for (k = 0; k < BN_BITS2 / 8; k++) {
+ if ((j + k) >= bytes)
+ return (0);
+ b[j + k] = a->d[i] >> (k * 8);
+ }
+ j += BN_BITS2 / 8;
+ }
+ return (0);
}
/* Convert a /dev/crypto parameter to a BIGNUM */
-static int
-crparam2bn(struct crparam *crp, BIGNUM *a)
+static int crparam2bn(struct crparam *crp, BIGNUM *a)
{
- u_int8_t *pd;
- int i, bytes;
+ u_int8_t *pd;
+ int i, bytes;
- bytes = (crp->crp_nbits + 7) / 8;
+ bytes = (crp->crp_nbits + 7) / 8;
- if (bytes == 0)
- return (-1);
+ if (bytes == 0)
+ return (-1);
- if ((pd = (u_int8_t *) malloc(bytes)) == NULL)
- return (-1);
+ if ((pd = (u_int8_t *) malloc(bytes)) == NULL)
+ return (-1);
- for (i = 0; i < bytes; i++)
- pd[i] = crp->crp_p[bytes - i - 1];
+ for (i = 0; i < bytes; i++)
+ pd[i] = crp->crp_p[bytes - i - 1];
- BN_bin2bn(pd, bytes, a);
- free(pd);
+ BN_bin2bn(pd, bytes, a);
+ free(pd);
- return (0);
+ return (0);
}
-static void
-zapparams(struct crypt_kop *kop)
+static void zapparams(struct crypt_kop *kop)
{
- int i;
-
- for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) {
- if (kop->crk_param[i].crp_p)
- free(kop->crk_param[i].crp_p);
- kop->crk_param[i].crp_p = NULL;
- kop->crk_param[i].crp_nbits = 0;
- }
+ int i;
+
+ for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) {
+ if (kop->crk_param[i].crp_p)
+ free(kop->crk_param[i].crp_p);
+ kop->crk_param[i].crp_p = NULL;
+ kop->crk_param[i].crp_nbits = 0;
+ }
}
static int
-cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
+cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
+ BIGNUM *s)
{
- int fd, ret = -1;
-
- if ((fd = get_asym_dev_crypto()) < 0)
- return (ret);
-
- if (r) {
- kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
- kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
- kop->crk_oparams++;
- }
- if (s) {
- kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char));
- kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8;
- kop->crk_oparams++;
- }
-
- if (ioctl(fd, CIOCKEY, kop) == 0) {
- if (r)
- crparam2bn(&kop->crk_param[kop->crk_iparams], r);
- if (s)
- crparam2bn(&kop->crk_param[kop->crk_iparams+1], s);
- ret = 0;
- }
-
- return (ret);
+ int fd, ret = -1;
+
+ if ((fd = get_asym_dev_crypto()) < 0)
+ return (ret);
+
+ if (r) {
+ kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
+ kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
+ kop->crk_oparams++;
+ }
+ if (s) {
+ kop->crk_param[kop->crk_iparams + 1].crp_p =
+ calloc(slen, sizeof(char));
+ kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8;
+ kop->crk_oparams++;
+ }
+
+ if (ioctl(fd, CIOCKEY, kop) == 0) {
+ if (r)
+ crparam2bn(&kop->crk_param[kop->crk_iparams], r);
+ if (s)
+ crparam2bn(&kop->crk_param[kop->crk_iparams + 1], s);
+ ret = 0;
+ }
+
+ return (ret);
}
static int
cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
{
- struct crypt_kop kop;
- int ret = 1;
-
- /* Currently, we know we can do mod exp iff we can do any
- * asymmetric operations at all.
- */
- if (cryptodev_asymfeat == 0) {
- ret = BN_mod_exp(r, a, p, m, ctx);
- return (ret);
- }
-
- memset(&kop, 0, sizeof kop);
- kop.crk_op = CRK_MOD_EXP;
-
- /* inputs: a^p % m */
- if (bn2crparam(a, &kop.crk_param[0]))
- goto err;
- if (bn2crparam(p, &kop.crk_param[1]))
- goto err;
- if (bn2crparam(m, &kop.crk_param[2]))
- goto err;
- kop.crk_iparams = 3;
-
- if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) {
- const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
- printf("OCF asym process failed, Running in software\n");
- ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
-
- } else if (ECANCELED == kop.crk_status) {
- const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
- printf("OCF hardware operation cancelled. Running in Software\n");
- ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
- }
- /* else cryptodev operation worked ok ==> ret = 1*/
-
-err:
- zapparams(&kop);
- return (ret);
+ struct crypt_kop kop;
+ int ret = 1;
+
+ /*
+ * Currently, we know we can do mod exp iff we can do any asymmetric
+ * operations at all.
+ */
+ if (cryptodev_asymfeat == 0) {
+ ret = BN_mod_exp(r, a, p, m, ctx);
+ return (ret);
+ }
+
+ memset(&kop, 0, sizeof kop);
+ kop.crk_op = CRK_MOD_EXP;
+
+ /* inputs: a^p % m */
+ if (bn2crparam(a, &kop.crk_param[0]))
+ goto err;
+ if (bn2crparam(p, &kop.crk_param[1]))
+ goto err;
+ if (bn2crparam(m, &kop.crk_param[2]))
+ goto err;
+ kop.crk_iparams = 3;
+
+ if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) {
+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+ printf("OCF asym process failed, Running in software\n");
+ ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
+
+ } else if (ECANCELED == kop.crk_status) {
+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+ printf("OCF hardware operation cancelled. Running in Software\n");
+ ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
+ }
+ /* else cryptodev operation worked ok ==> ret = 1 */
+
+ err:
+ zapparams(&kop);
+ return (ret);
}
static int
-cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+ BN_CTX *ctx)
{
- int r;
- ctx = BN_CTX_new();
- r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
- BN_CTX_free(ctx);
- return (r);
+ int r;
+ ctx = BN_CTX_new();
+ r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
+ BN_CTX_free(ctx);
+ return (r);
}
static int
cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
{
- struct crypt_kop kop;
- int ret = 1;
-
- if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
- /* XXX 0 means failure?? */
- return (0);
- }
-
- memset(&kop, 0, sizeof kop);
- kop.crk_op = CRK_MOD_EXP_CRT;
- /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
- if (bn2crparam(rsa->p, &kop.crk_param[0]))
- goto err;
- if (bn2crparam(rsa->q, &kop.crk_param[1]))
- goto err;
- if (bn2crparam(I, &kop.crk_param[2]))
- goto err;
- if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
- goto err;
- if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
- goto err;
- if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
- goto err;
- kop.crk_iparams = 6;
-
- if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
- const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
- printf("OCF asym process failed, running in Software\n");
- ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
-
- } else if (ECANCELED == kop.crk_status) {
- const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
- printf("OCF hardware operation cancelled. Running in Software\n");
- ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
- }
- /* else cryptodev operation worked ok ==> ret = 1*/
-
-err:
- zapparams(&kop);
- return (ret);
+ struct crypt_kop kop;
+ int ret = 1;
+
+ if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
+ /* XXX 0 means failure?? */
+ return (0);
+ }
+
+ memset(&kop, 0, sizeof kop);
+ kop.crk_op = CRK_MOD_EXP_CRT;
+ /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
+ if (bn2crparam(rsa->p, &kop.crk_param[0]))
+ goto err;
+ if (bn2crparam(rsa->q, &kop.crk_param[1]))
+ goto err;
+ if (bn2crparam(I, &kop.crk_param[2]))
+ goto err;
+ if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
+ goto err;
+ if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
+ goto err;
+ if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
+ goto err;
+ kop.crk_iparams = 6;
+
+ if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+ printf("OCF asym process failed, running in Software\n");
+ ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx);
+
+ } else if (ECANCELED == kop.crk_status) {
+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+ printf("OCF hardware operation cancelled. Running in Software\n");
+ ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx);
+ }
+ /* else cryptodev operation worked ok ==> ret = 1 */
+
+ err:
+ zapparams(&kop);
+ return (ret);
}
static RSA_METHOD cryptodev_rsa = {
- "cryptodev RSA method",
- NULL, /* rsa_pub_enc */
- NULL, /* rsa_pub_dec */
- NULL, /* rsa_priv_enc */
- NULL, /* rsa_priv_dec */
- NULL,
- NULL,
- NULL, /* init */
- NULL, /* finish */
- 0, /* flags */
- NULL, /* app_data */
- NULL, /* rsa_sign */
- NULL /* rsa_verify */
+ "cryptodev RSA method",
+ NULL, /* rsa_pub_enc */
+ NULL, /* rsa_pub_dec */
+ NULL, /* rsa_priv_enc */
+ NULL, /* rsa_priv_dec */
+ NULL,
+ NULL,
+ NULL, /* init */
+ NULL, /* finish */
+ 0, /* flags */
+ NULL, /* app_data */
+ NULL, /* rsa_sign */
+ NULL /* rsa_verify */
};
static int
cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
{
- return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
+ return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
}
static int
cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
- BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
- BN_CTX *ctx, BN_MONT_CTX *mont)
+ BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
+ BN_CTX *ctx, BN_MONT_CTX *mont)
{
- BIGNUM t2;
- int ret = 0;
+ BIGNUM t2;
+ int ret = 0;
- BN_init(&t2);
+ BN_init(&t2);
- /* v = ( g^u1 * y^u2 mod p ) mod q */
- /* let t1 = g ^ u1 mod p */
- ret = 0;
+ /* v = ( g^u1 * y^u2 mod p ) mod q */
+ /* let t1 = g ^ u1 mod p */
+ ret = 0;
- if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont))
- goto err;
+ if (!dsa->meth->bn_mod_exp(dsa, t1, dsa->g, u1, dsa->p, ctx, mont))
+ goto err;
- /* let t2 = y ^ u2 mod p */
- if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont))
- goto err;
- /* let u1 = t1 * t2 mod p */
- if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx))
- goto err;
+ /* let t2 = y ^ u2 mod p */
+ if (!dsa->meth->bn_mod_exp(dsa, &t2, dsa->pub_key, u2, dsa->p, ctx, mont))
+ goto err;
+ /* let u1 = t1 * t2 mod p */
+ if (!BN_mod_mul(u1, t1, &t2, dsa->p, ctx))
+ goto err;
- BN_copy(t1,u1);
+ BN_copy(t1, u1);
- ret = 1;
-err:
- BN_free(&t2);
- return(ret);
+ ret = 1;
+ err:
+ BN_free(&t2);
+ return (ret);
}
-static DSA_SIG *
-cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
+ DSA *dsa)
{
- struct crypt_kop kop;
- BIGNUM *r = NULL, *s = NULL;
- DSA_SIG *dsaret = NULL;
-
- if ((r = BN_new()) == NULL)
- goto err;
- if ((s = BN_new()) == NULL) {
- BN_free(r);
- goto err;
- }
-
- memset(&kop, 0, sizeof kop);
- kop.crk_op = CRK_DSA_SIGN;
-
- /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
- kop.crk_param[0].crp_p = (caddr_t)dgst;
- kop.crk_param[0].crp_nbits = dlen * 8;
- if (bn2crparam(dsa->p, &kop.crk_param[1]))
- goto err;
- if (bn2crparam(dsa->q, &kop.crk_param[2]))
- goto err;
- if (bn2crparam(dsa->g, &kop.crk_param[3]))
- goto err;
- if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
- goto err;
- kop.crk_iparams = 5;
-
- if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
- BN_num_bytes(dsa->q), s) == 0) {
- dsaret = DSA_SIG_new();
- dsaret->r = r;
- dsaret->s = s;
- } else {
- const DSA_METHOD *meth = DSA_OpenSSL();
- BN_free(r);
- BN_free(s);
- dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa);
- }
-err:
- kop.crk_param[0].crp_p = NULL;
- zapparams(&kop);
- return (dsaret);
+ struct crypt_kop kop;
+ BIGNUM *r = NULL, *s = NULL;
+ DSA_SIG *dsaret = NULL;
+
+ if ((r = BN_new()) == NULL)
+ goto err;
+ if ((s = BN_new()) == NULL) {
+ BN_free(r);
+ goto err;
+ }
+
+ memset(&kop, 0, sizeof kop);
+ kop.crk_op = CRK_DSA_SIGN;
+
+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
+ kop.crk_param[0].crp_p = (caddr_t) dgst;
+ kop.crk_param[0].crp_nbits = dlen * 8;
+ if (bn2crparam(dsa->p, &kop.crk_param[1]))
+ goto err;
+ if (bn2crparam(dsa->q, &kop.crk_param[2]))
+ goto err;
+ if (bn2crparam(dsa->g, &kop.crk_param[3]))
+ goto err;
+ if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
+ goto err;
+ kop.crk_iparams = 5;
+
+ if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
+ BN_num_bytes(dsa->q), s) == 0) {
+ dsaret = DSA_SIG_new();
+ dsaret->r = r;
+ dsaret->s = s;
+ } else {
+ const DSA_METHOD *meth = DSA_OpenSSL();
+ BN_free(r);
+ BN_free(s);
+ dsaret = (meth->dsa_do_sign) (dgst, dlen, dsa);
+ }
+ err:
+ kop.crk_param[0].crp_p = NULL;
+ zapparams(&kop);
+ return (dsaret);
}
static int
cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
- DSA_SIG *sig, DSA *dsa)
+ DSA_SIG *sig, DSA *dsa)
{
- struct crypt_kop kop;
- int dsaret = 1;
-
- memset(&kop, 0, sizeof kop);
- kop.crk_op = CRK_DSA_VERIFY;
-
- /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
- kop.crk_param[0].crp_p = (caddr_t)dgst;
- kop.crk_param[0].crp_nbits = dlen * 8;
- if (bn2crparam(dsa->p, &kop.crk_param[1]))
- goto err;
- if (bn2crparam(dsa->q, &kop.crk_param[2]))
- goto err;
- if (bn2crparam(dsa->g, &kop.crk_param[3]))
- goto err;
- if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
- goto err;
- if (bn2crparam(sig->r, &kop.crk_param[5]))
- goto err;
- if (bn2crparam(sig->s, &kop.crk_param[6]))
- goto err;
- kop.crk_iparams = 7;
-
- if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
-/*OCF success value is 0, if not zero, change dsaret to fail*/
- if(0 != kop.crk_status) dsaret = 0;
- } else {
- const DSA_METHOD *meth = DSA_OpenSSL();
-
- dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa);
- }
-err:
- kop.crk_param[0].crp_p = NULL;
- zapparams(&kop);
- return (dsaret);
+ struct crypt_kop kop;
+ int dsaret = 1;
+
+ memset(&kop, 0, sizeof kop);
+ kop.crk_op = CRK_DSA_VERIFY;
+
+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
+ kop.crk_param[0].crp_p = (caddr_t) dgst;
+ kop.crk_param[0].crp_nbits = dlen * 8;
+ if (bn2crparam(dsa->p, &kop.crk_param[1]))
+ goto err;
+ if (bn2crparam(dsa->q, &kop.crk_param[2]))
+ goto err;
+ if (bn2crparam(dsa->g, &kop.crk_param[3]))
+ goto err;
+ if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
+ goto err;
+ if (bn2crparam(sig->r, &kop.crk_param[5]))
+ goto err;
+ if (bn2crparam(sig->s, &kop.crk_param[6]))
+ goto err;
+ kop.crk_iparams = 7;
+
+ if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
+ /*
+ * OCF success value is 0, if not zero, change dsaret to fail
+ */
+ if (0 != kop.crk_status)
+ dsaret = 0;
+ } else {
+ const DSA_METHOD *meth = DSA_OpenSSL();
+
+ dsaret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa);
+ }
+ err:
+ kop.crk_param[0].crp_p = NULL;
+ zapparams(&kop);
+ return (dsaret);
}
static DSA_METHOD cryptodev_dsa = {
- "cryptodev DSA method",
- NULL,
- NULL, /* dsa_sign_setup */
- NULL,
- NULL, /* dsa_mod_exp */
- NULL,
- NULL, /* init */
- NULL, /* finish */
- 0, /* flags */
- NULL /* app_data */
+ "cryptodev DSA method",
+ NULL,
+ NULL, /* dsa_sign_setup */
+ NULL,
+ NULL, /* dsa_mod_exp */
+ NULL,
+ NULL, /* init */
+ NULL, /* finish */
+ 0, /* flags */
+ NULL /* app_data */
};
static int
cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx)
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx)
{
- return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
+ return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
}
static int
cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
{
- struct crypt_kop kop;
- int dhret = 1;
- int fd, keylen;
-
- if ((fd = get_asym_dev_crypto()) < 0) {
- const DH_METHOD *meth = DH_OpenSSL();
-
- return ((meth->compute_key)(key, pub_key, dh));
- }
-
- keylen = BN_num_bits(dh->p);
-
- memset(&kop, 0, sizeof kop);
- kop.crk_op = CRK_DH_COMPUTE_KEY;
-
- /* inputs: dh->priv_key pub_key dh->p key */
- if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
- goto err;
- if (bn2crparam(pub_key, &kop.crk_param[1]))
- goto err;
- if (bn2crparam(dh->p, &kop.crk_param[2]))
- goto err;
- kop.crk_iparams = 3;
-
- kop.crk_param[3].crp_p = (caddr_t) key;
- kop.crk_param[3].crp_nbits = keylen * 8;
- kop.crk_oparams = 1;
-
- if (ioctl(fd, CIOCKEY, &kop) == -1) {
- const DH_METHOD *meth = DH_OpenSSL();
-
- dhret = (meth->compute_key)(key, pub_key, dh);
- }
-err:
- kop.crk_param[3].crp_p = NULL;
- zapparams(&kop);
- return (dhret);
+ struct crypt_kop kop;
+ int dhret = 1;
+ int fd, keylen;
+
+ if ((fd = get_asym_dev_crypto()) < 0) {
+ const DH_METHOD *meth = DH_OpenSSL();
+
+ return ((meth->compute_key) (key, pub_key, dh));
+ }
+
+ keylen = BN_num_bits(dh->p);
+
+ memset(&kop, 0, sizeof kop);
+ kop.crk_op = CRK_DH_COMPUTE_KEY;
+
+ /* inputs: dh->priv_key pub_key dh->p key */
+ if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
+ goto err;
+ if (bn2crparam(pub_key, &kop.crk_param[1]))
+ goto err;
+ if (bn2crparam(dh->p, &kop.crk_param[2]))
+ goto err;
+ kop.crk_iparams = 3;
+
+ kop.crk_param[3].crp_p = (caddr_t) key;
+ kop.crk_param[3].crp_nbits = keylen * 8;
+ kop.crk_oparams = 1;
+
+ if (ioctl(fd, CIOCKEY, &kop) == -1) {
+ const DH_METHOD *meth = DH_OpenSSL();
+
+ dhret = (meth->compute_key) (key, pub_key, dh);
+ }
+ err:
+ kop.crk_param[3].crp_p = NULL;
+ zapparams(&kop);
+ return (dhret);
}
static DH_METHOD cryptodev_dh = {
- "cryptodev DH method",
- NULL, /* cryptodev_dh_generate_key */
- NULL,
- NULL,
- NULL,
- NULL,
- 0, /* flags */
- NULL /* app_data */
+ "cryptodev DH method",
+ NULL, /* cryptodev_dh_generate_key */
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ 0, /* flags */
+ NULL /* app_data */
};
/*
@@ -1342,109 +1429,104 @@ static DH_METHOD cryptodev_dh = {
* but I expect we'll want some options soon.
*/
static int
-cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
+cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
{
-#ifdef HAVE_SYSLOG_R
- struct syslog_data sd = SYSLOG_DATA_INIT;
-#endif
+# ifdef HAVE_SYSLOG_R
+ struct syslog_data sd = SYSLOG_DATA_INIT;
+# endif
- switch (cmd) {
- default:
-#ifdef HAVE_SYSLOG_R
- syslog_r(LOG_ERR, &sd,
- "cryptodev_ctrl: unknown command %d", cmd);
-#else
- syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd);
-#endif
- break;
- }
- return (1);
+ switch (cmd) {
+ default:
+# ifdef HAVE_SYSLOG_R
+ syslog_r(LOG_ERR, &sd, "cryptodev_ctrl: unknown command %d", cmd);
+# else
+ syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd);
+# endif
+ break;
+ }
+ return (1);
}
-void
-ENGINE_load_cryptodev(void)
+void ENGINE_load_cryptodev(void)
{
- ENGINE *engine = ENGINE_new();
- int fd;
-
- if (engine == NULL)
- return;
- if ((fd = get_dev_crypto()) < 0) {
- ENGINE_free(engine);
- return;
- }
-
- /*
- * find out what asymmetric crypto algorithms we support
- */
- if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
- put_dev_crypto(fd);
- ENGINE_free(engine);
- return;
- }
- put_dev_crypto(fd);
-
- if (!ENGINE_set_id(engine, "cryptodev") ||
- !ENGINE_set_name(engine, "BSD cryptodev engine") ||
- !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
- !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
- !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
- !ENGINE_set_cmd_defns(engine, cryptodev_defns)) {
- ENGINE_free(engine);
- return;
- }
-
- if (ENGINE_set_RSA(engine, &cryptodev_rsa)) {
- const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay();
-
- cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp;
- cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp;
- cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc;
- cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec;
- cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc;
- cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
- if (cryptodev_asymfeat & CRF_MOD_EXP) {
- cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
- if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
- cryptodev_rsa.rsa_mod_exp =
- cryptodev_rsa_mod_exp;
- else
- cryptodev_rsa.rsa_mod_exp =
- cryptodev_rsa_nocrt_mod_exp;
- }
- }
-
- if (ENGINE_set_DSA(engine, &cryptodev_dsa)) {
- const DSA_METHOD *meth = DSA_OpenSSL();
-
- memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
- if (cryptodev_asymfeat & CRF_DSA_SIGN)
- cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
- if (cryptodev_asymfeat & CRF_MOD_EXP) {
- cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
- cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
- }
- if (cryptodev_asymfeat & CRF_DSA_VERIFY)
- cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
- }
-
- if (ENGINE_set_DH(engine, &cryptodev_dh)){
- const DH_METHOD *dh_meth = DH_OpenSSL();
-
- cryptodev_dh.generate_key = dh_meth->generate_key;
- cryptodev_dh.compute_key = dh_meth->compute_key;
- cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
- if (cryptodev_asymfeat & CRF_MOD_EXP) {
- cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
- if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
- cryptodev_dh.compute_key =
- cryptodev_dh_compute_key;
- }
- }
-
- ENGINE_add(engine);
- ENGINE_free(engine);
- ERR_clear_error();
+ ENGINE *engine = ENGINE_new();
+ int fd;
+
+ if (engine == NULL)
+ return;
+ if ((fd = get_dev_crypto()) < 0) {
+ ENGINE_free(engine);
+ return;
+ }
+
+ /*
+ * find out what asymmetric crypto algorithms we support
+ */
+ if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
+ put_dev_crypto(fd);
+ ENGINE_free(engine);
+ return;
+ }
+ put_dev_crypto(fd);
+
+ if (!ENGINE_set_id(engine, "cryptodev") ||
+ !ENGINE_set_name(engine, "BSD cryptodev engine") ||
+ !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
+ !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
+ !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
+ !ENGINE_set_cmd_defns(engine, cryptodev_defns)) {
+ ENGINE_free(engine);
+ return;
+ }
+
+ if (ENGINE_set_RSA(engine, &cryptodev_rsa)) {
+ const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay();
+
+ cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp;
+ cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp;
+ cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc;
+ cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec;
+ cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc;
+ cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
+ if (cryptodev_asymfeat & CRF_MOD_EXP) {
+ cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
+ if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
+ cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_mod_exp;
+ else
+ cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_nocrt_mod_exp;
+ }
+ }
+
+ if (ENGINE_set_DSA(engine, &cryptodev_dsa)) {
+ const DSA_METHOD *meth = DSA_OpenSSL();
+
+ memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
+ if (cryptodev_asymfeat & CRF_DSA_SIGN)
+ cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
+ if (cryptodev_asymfeat & CRF_MOD_EXP) {
+ cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
+ cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
+ }
+ if (cryptodev_asymfeat & CRF_DSA_VERIFY)
+ cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
+ }
+
+ if (ENGINE_set_DH(engine, &cryptodev_dh)) {
+ const DH_METHOD *dh_meth = DH_OpenSSL();
+
+ cryptodev_dh.generate_key = dh_meth->generate_key;
+ cryptodev_dh.compute_key = dh_meth->compute_key;
+ cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
+ if (cryptodev_asymfeat & CRF_MOD_EXP) {
+ cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
+ if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
+ cryptodev_dh.compute_key = cryptodev_dh_compute_key;
+ }
+ }
+
+ ENGINE_add(engine);
+ ENGINE_free(engine);
+ ERR_clear_error();
}
-#endif /* HAVE_CRYPTODEV */
+#endif /* HAVE_CRYPTODEV */
diff --git a/openssl/crypto/engine/eng_ctrl.c b/openssl/crypto/engine/eng_ctrl.c
index 5ce25d92e..e6c0dfb01 100644
--- a/openssl/crypto/engine/eng_ctrl.c
+++ b/openssl/crypto/engine/eng_ctrl.c
@@ -7,7 +7,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -55,335 +55,331 @@
#include "eng_int.h"
-/* When querying a ENGINE-specific control command's 'description', this string
- * is used if the ENGINE_CMD_DEFN has cmd_desc set to NULL. */
+/*
+ * When querying a ENGINE-specific control command's 'description', this
+ * string is used if the ENGINE_CMD_DEFN has cmd_desc set to NULL.
+ */
static const char *int_no_description = "";
-/* These internal functions handle 'CMD'-related control commands when the
+/*
+ * These internal functions handle 'CMD'-related control commands when the
* ENGINE in question has asked us to take care of it (ie. the ENGINE did not
- * set the ENGINE_FLAGS_MANUAL_CMD_CTRL flag. */
+ * set the ENGINE_FLAGS_MANUAL_CMD_CTRL flag.
+ */
static int int_ctrl_cmd_is_null(const ENGINE_CMD_DEFN *defn)
- {
- if((defn->cmd_num == 0) || (defn->cmd_name == NULL))
- return 1;
- return 0;
- }
+{
+ if ((defn->cmd_num == 0) || (defn->cmd_name == NULL))
+ return 1;
+ return 0;
+}
static int int_ctrl_cmd_by_name(const ENGINE_CMD_DEFN *defn, const char *s)
- {
- int idx = 0;
- while(!int_ctrl_cmd_is_null(defn) && (strcmp(defn->cmd_name, s) != 0))
- {
- idx++;
- defn++;
- }
- if(int_ctrl_cmd_is_null(defn))
- /* The given name wasn't found */
- return -1;
- return idx;
- }
+{
+ int idx = 0;
+ while (!int_ctrl_cmd_is_null(defn) && (strcmp(defn->cmd_name, s) != 0)) {
+ idx++;
+ defn++;
+ }
+ if (int_ctrl_cmd_is_null(defn))
+ /* The given name wasn't found */
+ return -1;
+ return idx;
+}
static int int_ctrl_cmd_by_num(const ENGINE_CMD_DEFN *defn, unsigned int num)
- {
- int idx = 0;
- /* NB: It is stipulated that 'cmd_defn' lists are ordered by cmd_num. So
- * our searches don't need to take any longer than necessary. */
- while(!int_ctrl_cmd_is_null(defn) && (defn->cmd_num < num))
- {
- idx++;
- defn++;
- }
- if(defn->cmd_num == num)
- return idx;
- /* The given cmd_num wasn't found */
- return -1;
- }
+{
+ int idx = 0;
+ /*
+ * NB: It is stipulated that 'cmd_defn' lists are ordered by cmd_num. So
+ * our searches don't need to take any longer than necessary.
+ */
+ while (!int_ctrl_cmd_is_null(defn) && (defn->cmd_num < num)) {
+ idx++;
+ defn++;
+ }
+ if (defn->cmd_num == num)
+ return idx;
+ /* The given cmd_num wasn't found */
+ return -1;
+}
static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p,
- void (*f)(void))
- {
- int idx;
- char *s = (char *)p;
- /* Take care of the easy one first (eg. it requires no searches) */
- if(cmd == ENGINE_CTRL_GET_FIRST_CMD_TYPE)
- {
- if((e->cmd_defns == NULL) || int_ctrl_cmd_is_null(e->cmd_defns))
- return 0;
- return e->cmd_defns->cmd_num;
- }
- /* One or two commands require that "p" be a valid string buffer */
- if((cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) ||
- (cmd == ENGINE_CTRL_GET_NAME_FROM_CMD) ||
- (cmd == ENGINE_CTRL_GET_DESC_FROM_CMD))
- {
- if(s == NULL)
- {
- ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
- ERR_R_PASSED_NULL_PARAMETER);
- return -1;
- }
- }
- /* Now handle cmd_name -> cmd_num conversion */
- if(cmd == ENGINE_CTRL_GET_CMD_FROM_NAME)
- {
- if((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_name(
- e->cmd_defns, s)) < 0))
- {
- ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
- ENGINE_R_INVALID_CMD_NAME);
- return -1;
- }
- return e->cmd_defns[idx].cmd_num;
- }
- /* For the rest of the commands, the 'long' argument must specify a
- * valie command number - so we need to conduct a search. */
- if((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_num(e->cmd_defns,
- (unsigned int)i)) < 0))
- {
- ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
- ENGINE_R_INVALID_CMD_NUMBER);
- return -1;
- }
- /* Now the logic splits depending on command type */
- switch(cmd)
- {
- case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
- idx++;
- if(int_ctrl_cmd_is_null(e->cmd_defns + idx))
- /* end-of-list */
- return 0;
- else
- return e->cmd_defns[idx].cmd_num;
- case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
- return strlen(e->cmd_defns[idx].cmd_name);
- case ENGINE_CTRL_GET_NAME_FROM_CMD:
- return BIO_snprintf(s,strlen(e->cmd_defns[idx].cmd_name) + 1,
- "%s", e->cmd_defns[idx].cmd_name);
- case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
- if(e->cmd_defns[idx].cmd_desc)
- return strlen(e->cmd_defns[idx].cmd_desc);
- return strlen(int_no_description);
- case ENGINE_CTRL_GET_DESC_FROM_CMD:
- if(e->cmd_defns[idx].cmd_desc)
- return BIO_snprintf(s,
- strlen(e->cmd_defns[idx].cmd_desc) + 1,
- "%s", e->cmd_defns[idx].cmd_desc);
- return BIO_snprintf(s, strlen(int_no_description) + 1,"%s",
- int_no_description);
- case ENGINE_CTRL_GET_CMD_FLAGS:
- return e->cmd_defns[idx].cmd_flags;
- }
- /* Shouldn't really be here ... */
- ENGINEerr(ENGINE_F_INT_CTRL_HELPER,ENGINE_R_INTERNAL_LIST_ERROR);
- return -1;
- }
+ void (*f) (void))
+{
+ int idx;
+ char *s = (char *)p;
+ /* Take care of the easy one first (eg. it requires no searches) */
+ if (cmd == ENGINE_CTRL_GET_FIRST_CMD_TYPE) {
+ if ((e->cmd_defns == NULL) || int_ctrl_cmd_is_null(e->cmd_defns))
+ return 0;
+ return e->cmd_defns->cmd_num;
+ }
+ /* One or two commands require that "p" be a valid string buffer */
+ if ((cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) ||
+ (cmd == ENGINE_CTRL_GET_NAME_FROM_CMD) ||
+ (cmd == ENGINE_CTRL_GET_DESC_FROM_CMD)) {
+ if (s == NULL) {
+ ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ERR_R_PASSED_NULL_PARAMETER);
+ return -1;
+ }
+ }
+ /* Now handle cmd_name -> cmd_num conversion */
+ if (cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) {
+ if ((e->cmd_defns == NULL)
+ || ((idx = int_ctrl_cmd_by_name(e->cmd_defns, s)) < 0)) {
+ ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ENGINE_R_INVALID_CMD_NAME);
+ return -1;
+ }
+ return e->cmd_defns[idx].cmd_num;
+ }
+ /*
+ * For the rest of the commands, the 'long' argument must specify a valie
+ * command number - so we need to conduct a search.
+ */
+ if ((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_num(e->cmd_defns,
+ (unsigned int)
+ i)) < 0)) {
+ ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ENGINE_R_INVALID_CMD_NUMBER);
+ return -1;
+ }
+ /* Now the logic splits depending on command type */
+ switch (cmd) {
+ case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
+ idx++;
+ if (int_ctrl_cmd_is_null(e->cmd_defns + idx))
+ /* end-of-list */
+ return 0;
+ else
+ return e->cmd_defns[idx].cmd_num;
+ case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
+ return strlen(e->cmd_defns[idx].cmd_name);
+ case ENGINE_CTRL_GET_NAME_FROM_CMD:
+ return BIO_snprintf(s, strlen(e->cmd_defns[idx].cmd_name) + 1,
+ "%s", e->cmd_defns[idx].cmd_name);
+ case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
+ if (e->cmd_defns[idx].cmd_desc)
+ return strlen(e->cmd_defns[idx].cmd_desc);
+ return strlen(int_no_description);
+ case ENGINE_CTRL_GET_DESC_FROM_CMD:
+ if (e->cmd_defns[idx].cmd_desc)
+ return BIO_snprintf(s,
+ strlen(e->cmd_defns[idx].cmd_desc) + 1,
+ "%s", e->cmd_defns[idx].cmd_desc);
+ return BIO_snprintf(s, strlen(int_no_description) + 1, "%s",
+ int_no_description);
+ case ENGINE_CTRL_GET_CMD_FLAGS:
+ return e->cmd_defns[idx].cmd_flags;
+ }
+ /* Shouldn't really be here ... */
+ ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ENGINE_R_INTERNAL_LIST_ERROR);
+ return -1;
+}
-int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
- {
- int ctrl_exists, ref_exists;
- if(e == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_CTRL,ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- ref_exists = ((e->struct_ref > 0) ? 1 : 0);
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- ctrl_exists = ((e->ctrl == NULL) ? 0 : 1);
- if(!ref_exists)
- {
- ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_REFERENCE);
- return 0;
- }
- /* Intercept any "root-level" commands before trying to hand them on to
- * ctrl() handlers. */
- switch(cmd)
- {
- case ENGINE_CTRL_HAS_CTRL_FUNCTION:
- return ctrl_exists;
- case ENGINE_CTRL_GET_FIRST_CMD_TYPE:
- case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
- case ENGINE_CTRL_GET_CMD_FROM_NAME:
- case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
- case ENGINE_CTRL_GET_NAME_FROM_CMD:
- case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
- case ENGINE_CTRL_GET_DESC_FROM_CMD:
- case ENGINE_CTRL_GET_CMD_FLAGS:
- if(ctrl_exists && !(e->flags & ENGINE_FLAGS_MANUAL_CMD_CTRL))
- return int_ctrl_helper(e,cmd,i,p,f);
- if(!ctrl_exists)
- {
- ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION);
- /* For these cmd-related functions, failure is indicated
- * by a -1 return value (because 0 is used as a valid
- * return in some places). */
- return -1;
- }
- default:
- break;
- }
- /* Anything else requires a ctrl() handler to exist. */
- if(!ctrl_exists)
- {
- ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION);
- return 0;
- }
- return e->ctrl(e, cmd, i, p, f);
- }
+int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+{
+ int ctrl_exists, ref_exists;
+ if (e == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ ref_exists = ((e->struct_ref > 0) ? 1 : 0);
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ ctrl_exists = ((e->ctrl == NULL) ? 0 : 1);
+ if (!ref_exists) {
+ ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_REFERENCE);
+ return 0;
+ }
+ /*
+ * Intercept any "root-level" commands before trying to hand them on to
+ * ctrl() handlers.
+ */
+ switch (cmd) {
+ case ENGINE_CTRL_HAS_CTRL_FUNCTION:
+ return ctrl_exists;
+ case ENGINE_CTRL_GET_FIRST_CMD_TYPE:
+ case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
+ case ENGINE_CTRL_GET_CMD_FROM_NAME:
+ case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
+ case ENGINE_CTRL_GET_NAME_FROM_CMD:
+ case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
+ case ENGINE_CTRL_GET_DESC_FROM_CMD:
+ case ENGINE_CTRL_GET_CMD_FLAGS:
+ if (ctrl_exists && !(e->flags & ENGINE_FLAGS_MANUAL_CMD_CTRL))
+ return int_ctrl_helper(e, cmd, i, p, f);
+ if (!ctrl_exists) {
+ ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_CONTROL_FUNCTION);
+ /*
+ * For these cmd-related functions, failure is indicated by a -1
+ * return value (because 0 is used as a valid return in some
+ * places).
+ */
+ return -1;
+ }
+ default:
+ break;
+ }
+ /* Anything else requires a ctrl() handler to exist. */
+ if (!ctrl_exists) {
+ ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_CONTROL_FUNCTION);
+ return 0;
+ }
+ return e->ctrl(e, cmd, i, p, f);
+}
int ENGINE_cmd_is_executable(ENGINE *e, int cmd)
- {
- int flags;
- if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, cmd, NULL, NULL)) < 0)
- {
- ENGINEerr(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE,
- ENGINE_R_INVALID_CMD_NUMBER);
- return 0;
- }
- if(!(flags & ENGINE_CMD_FLAG_NO_INPUT) &&
- !(flags & ENGINE_CMD_FLAG_NUMERIC) &&
- !(flags & ENGINE_CMD_FLAG_STRING))
- return 0;
- return 1;
- }
+{
+ int flags;
+ if ((flags =
+ ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, cmd, NULL, NULL)) < 0) {
+ ENGINEerr(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE,
+ ENGINE_R_INVALID_CMD_NUMBER);
+ return 0;
+ }
+ if (!(flags & ENGINE_CMD_FLAG_NO_INPUT) &&
+ !(flags & ENGINE_CMD_FLAG_NUMERIC) &&
+ !(flags & ENGINE_CMD_FLAG_STRING))
+ return 0;
+ return 1;
+}
int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
- long i, void *p, void (*f)(void), int cmd_optional)
- {
- int num;
+ long i, void *p, void (*f) (void), int cmd_optional)
+{
+ int num;
- if((e == NULL) || (cmd_name == NULL))
- {
- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if((e->ctrl == NULL) || ((num = ENGINE_ctrl(e,
- ENGINE_CTRL_GET_CMD_FROM_NAME,
- 0, (void *)cmd_name, NULL)) <= 0))
- {
- /* If the command didn't *have* to be supported, we fake
- * success. This allows certain settings to be specified for
- * multiple ENGINEs and only require a change of ENGINE id
- * (without having to selectively apply settings). Eg. changing
- * from a hardware device back to the regular software ENGINE
- * without editing the config file, etc. */
- if(cmd_optional)
- {
- ERR_clear_error();
- return 1;
- }
- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD,
- ENGINE_R_INVALID_CMD_NAME);
- return 0;
- }
- /* Force the result of the control command to 0 or 1, for the reasons
- * mentioned before. */
- if (ENGINE_ctrl(e, num, i, p, f) > 0)
- return 1;
+ if ((e == NULL) || (cmd_name == NULL)) {
+ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD, ERR_R_PASSED_NULL_PARAMETER);
return 0;
+ }
+ if ((e->ctrl == NULL) || ((num = ENGINE_ctrl(e,
+ ENGINE_CTRL_GET_CMD_FROM_NAME,
+ 0, (void *)cmd_name,
+ NULL)) <= 0)) {
+ /*
+ * If the command didn't *have* to be supported, we fake success.
+ * This allows certain settings to be specified for multiple ENGINEs
+ * and only require a change of ENGINE id (without having to
+ * selectively apply settings). Eg. changing from a hardware device
+ * back to the regular software ENGINE without editing the config
+ * file, etc.
+ */
+ if (cmd_optional) {
+ ERR_clear_error();
+ return 1;
}
+ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD, ENGINE_R_INVALID_CMD_NAME);
+ return 0;
+ }
+ /*
+ * Force the result of the control command to 0 or 1, for the reasons
+ * mentioned before.
+ */
+ if (ENGINE_ctrl(e, num, i, p, f) > 0)
+ return 1;
+ return 0;
+}
int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
- int cmd_optional)
- {
- int num, flags;
- long l;
- char *ptr;
- if((e == NULL) || (cmd_name == NULL))
- {
- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if((e->ctrl == NULL) || ((num = ENGINE_ctrl(e,
- ENGINE_CTRL_GET_CMD_FROM_NAME,
- 0, (void *)cmd_name, NULL)) <= 0))
- {
- /* If the command didn't *have* to be supported, we fake
- * success. This allows certain settings to be specified for
- * multiple ENGINEs and only require a change of ENGINE id
- * (without having to selectively apply settings). Eg. changing
- * from a hardware device back to the regular software ENGINE
- * without editing the config file, etc. */
- if(cmd_optional)
- {
- ERR_clear_error();
- return 1;
- }
- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
- ENGINE_R_INVALID_CMD_NAME);
- return 0;
- }
- if(!ENGINE_cmd_is_executable(e, num))
- {
- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
- ENGINE_R_CMD_NOT_EXECUTABLE);
- return 0;
- }
- if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, NULL, NULL)) < 0)
- {
- /* Shouldn't happen, given that ENGINE_cmd_is_executable()
- * returned success. */
- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
- ENGINE_R_INTERNAL_LIST_ERROR);
- return 0;
- }
- /* If the command takes no input, there must be no input. And vice
- * versa. */
- if(flags & ENGINE_CMD_FLAG_NO_INPUT)
- {
- if(arg != NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
- ENGINE_R_COMMAND_TAKES_NO_INPUT);
- return 0;
- }
- /* We deliberately force the result of ENGINE_ctrl() to 0 or 1
- * rather than returning it as "return data". This is to ensure
- * usage of these commands is consistent across applications and
- * that certain applications don't understand it one way, and
- * others another. */
- if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
- return 1;
- return 0;
- }
- /* So, we require input */
- if(arg == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
- ENGINE_R_COMMAND_TAKES_INPUT);
- return 0;
- }
- /* If it takes string input, that's easy */
- if(flags & ENGINE_CMD_FLAG_STRING)
- {
- /* Same explanation as above */
- if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
- return 1;
- return 0;
- }
- /* If it doesn't take numeric either, then it is unsupported for use in
- * a config-setting situation, which is what this function is for. This
- * should never happen though, because ENGINE_cmd_is_executable() was
- * used. */
- if(!(flags & ENGINE_CMD_FLAG_NUMERIC))
- {
- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
- ENGINE_R_INTERNAL_LIST_ERROR);
- return 0;
- }
- l = strtol(arg, &ptr, 10);
- if((arg == ptr) || (*ptr != '\0'))
- {
- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
- ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER);
- return 0;
- }
- /* Force the result of the control command to 0 or 1, for the reasons
- * mentioned before. */
- if(ENGINE_ctrl(e, num, l, NULL, NULL) > 0)
- return 1;
- return 0;
- }
+ int cmd_optional)
+{
+ int num, flags;
+ long l;
+ char *ptr;
+ if ((e == NULL) || (cmd_name == NULL)) {
+ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ if ((e->ctrl == NULL) || ((num = ENGINE_ctrl(e,
+ ENGINE_CTRL_GET_CMD_FROM_NAME,
+ 0, (void *)cmd_name,
+ NULL)) <= 0)) {
+ /*
+ * If the command didn't *have* to be supported, we fake success.
+ * This allows certain settings to be specified for multiple ENGINEs
+ * and only require a change of ENGINE id (without having to
+ * selectively apply settings). Eg. changing from a hardware device
+ * back to the regular software ENGINE without editing the config
+ * file, etc.
+ */
+ if (cmd_optional) {
+ ERR_clear_error();
+ return 1;
+ }
+ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, ENGINE_R_INVALID_CMD_NAME);
+ return 0;
+ }
+ if (!ENGINE_cmd_is_executable(e, num)) {
+ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+ ENGINE_R_CMD_NOT_EXECUTABLE);
+ return 0;
+ }
+ if ((flags =
+ ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, NULL, NULL)) < 0) {
+ /*
+ * Shouldn't happen, given that ENGINE_cmd_is_executable() returned
+ * success.
+ */
+ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+ ENGINE_R_INTERNAL_LIST_ERROR);
+ return 0;
+ }
+ /*
+ * If the command takes no input, there must be no input. And vice versa.
+ */
+ if (flags & ENGINE_CMD_FLAG_NO_INPUT) {
+ if (arg != NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+ ENGINE_R_COMMAND_TAKES_NO_INPUT);
+ return 0;
+ }
+ /*
+ * We deliberately force the result of ENGINE_ctrl() to 0 or 1 rather
+ * than returning it as "return data". This is to ensure usage of
+ * these commands is consistent across applications and that certain
+ * applications don't understand it one way, and others another.
+ */
+ if (ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
+ return 1;
+ return 0;
+ }
+ /* So, we require input */
+ if (arg == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+ ENGINE_R_COMMAND_TAKES_INPUT);
+ return 0;
+ }
+ /* If it takes string input, that's easy */
+ if (flags & ENGINE_CMD_FLAG_STRING) {
+ /* Same explanation as above */
+ if (ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
+ return 1;
+ return 0;
+ }
+ /*
+ * If it doesn't take numeric either, then it is unsupported for use in a
+ * config-setting situation, which is what this function is for. This
+ * should never happen though, because ENGINE_cmd_is_executable() was
+ * used.
+ */
+ if (!(flags & ENGINE_CMD_FLAG_NUMERIC)) {
+ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+ ENGINE_R_INTERNAL_LIST_ERROR);
+ return 0;
+ }
+ l = strtol(arg, &ptr, 10);
+ if ((arg == ptr) || (*ptr != '\0')) {
+ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+ ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER);
+ return 0;
+ }
+ /*
+ * Force the result of the control command to 0 or 1, for the reasons
+ * mentioned before.
+ */
+ if (ENGINE_ctrl(e, num, l, NULL, NULL) > 0)
+ return 1;
+ return 0;
+}
diff --git a/openssl/crypto/engine/eng_dyn.c b/openssl/crypto/engine/eng_dyn.c
index 807da7a5e..3169b09ad 100644
--- a/openssl/crypto/engine/eng_dyn.c
+++ b/openssl/crypto/engine/eng_dyn.c
@@ -1,6 +1,7 @@
/* crypto/engine/eng_dyn.c */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2001.
+/*
+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
+ * 2001.
*/
/* ====================================================================
* Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
@@ -10,7 +11,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -56,493 +57,512 @@
*
*/
-
#include "eng_int.h"
#include <openssl/dso.h>
-/* Shared libraries implementing ENGINEs for use by the "dynamic" ENGINE loader
- * should implement the hook-up functions with the following prototypes. */
+/*
+ * Shared libraries implementing ENGINEs for use by the "dynamic" ENGINE
+ * loader should implement the hook-up functions with the following
+ * prototypes.
+ */
/* Our ENGINE handlers */
static int dynamic_init(ENGINE *e);
static int dynamic_finish(ENGINE *e);
-static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
+static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p,
+ void (*f) (void));
/* Predeclare our context type */
typedef struct st_dynamic_data_ctx dynamic_data_ctx;
/* The implementation for the important control command */
static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx);
-#define DYNAMIC_CMD_SO_PATH ENGINE_CMD_BASE
-#define DYNAMIC_CMD_NO_VCHECK (ENGINE_CMD_BASE + 1)
-#define DYNAMIC_CMD_ID (ENGINE_CMD_BASE + 2)
-#define DYNAMIC_CMD_LIST_ADD (ENGINE_CMD_BASE + 3)
-#define DYNAMIC_CMD_DIR_LOAD (ENGINE_CMD_BASE + 4)
-#define DYNAMIC_CMD_DIR_ADD (ENGINE_CMD_BASE + 5)
-#define DYNAMIC_CMD_LOAD (ENGINE_CMD_BASE + 6)
+#define DYNAMIC_CMD_SO_PATH ENGINE_CMD_BASE
+#define DYNAMIC_CMD_NO_VCHECK (ENGINE_CMD_BASE + 1)
+#define DYNAMIC_CMD_ID (ENGINE_CMD_BASE + 2)
+#define DYNAMIC_CMD_LIST_ADD (ENGINE_CMD_BASE + 3)
+#define DYNAMIC_CMD_DIR_LOAD (ENGINE_CMD_BASE + 4)
+#define DYNAMIC_CMD_DIR_ADD (ENGINE_CMD_BASE + 5)
+#define DYNAMIC_CMD_LOAD (ENGINE_CMD_BASE + 6)
/* The constants used when creating the ENGINE */
static const char *engine_dynamic_id = "dynamic";
static const char *engine_dynamic_name = "Dynamic engine loading support";
static const ENGINE_CMD_DEFN dynamic_cmd_defns[] = {
- {DYNAMIC_CMD_SO_PATH,
- "SO_PATH",
- "Specifies the path to the new ENGINE shared library",
- ENGINE_CMD_FLAG_STRING},
- {DYNAMIC_CMD_NO_VCHECK,
- "NO_VCHECK",
- "Specifies to continue even if version checking fails (boolean)",
- ENGINE_CMD_FLAG_NUMERIC},
- {DYNAMIC_CMD_ID,
- "ID",
- "Specifies an ENGINE id name for loading",
- ENGINE_CMD_FLAG_STRING},
- {DYNAMIC_CMD_LIST_ADD,
- "LIST_ADD",
- "Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)",
- ENGINE_CMD_FLAG_NUMERIC},
- {DYNAMIC_CMD_DIR_LOAD,
- "DIR_LOAD",
- "Specifies whether to load from 'DIR_ADD' directories (0=no,1=yes,2=mandatory)",
- ENGINE_CMD_FLAG_NUMERIC},
- {DYNAMIC_CMD_DIR_ADD,
- "DIR_ADD",
- "Adds a directory from which ENGINEs can be loaded",
- ENGINE_CMD_FLAG_STRING},
- {DYNAMIC_CMD_LOAD,
- "LOAD",
- "Load up the ENGINE specified by other settings",
- ENGINE_CMD_FLAG_NO_INPUT},
- {0, NULL, NULL, 0}
- };
-static const ENGINE_CMD_DEFN dynamic_cmd_defns_empty[] = {
- {0, NULL, NULL, 0}
- };
+ {DYNAMIC_CMD_SO_PATH,
+ "SO_PATH",
+ "Specifies the path to the new ENGINE shared library",
+ ENGINE_CMD_FLAG_STRING},
+ {DYNAMIC_CMD_NO_VCHECK,
+ "NO_VCHECK",
+ "Specifies to continue even if version checking fails (boolean)",
+ ENGINE_CMD_FLAG_NUMERIC},
+ {DYNAMIC_CMD_ID,
+ "ID",
+ "Specifies an ENGINE id name for loading",
+ ENGINE_CMD_FLAG_STRING},
+ {DYNAMIC_CMD_LIST_ADD,
+ "LIST_ADD",
+ "Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)",
+ ENGINE_CMD_FLAG_NUMERIC},
+ {DYNAMIC_CMD_DIR_LOAD,
+ "DIR_LOAD",
+ "Specifies whether to load from 'DIR_ADD' directories (0=no,1=yes,2=mandatory)",
+ ENGINE_CMD_FLAG_NUMERIC},
+ {DYNAMIC_CMD_DIR_ADD,
+ "DIR_ADD",
+ "Adds a directory from which ENGINEs can be loaded",
+ ENGINE_CMD_FLAG_STRING},
+ {DYNAMIC_CMD_LOAD,
+ "LOAD",
+ "Load up the ENGINE specified by other settings",
+ ENGINE_CMD_FLAG_NO_INPUT},
+ {0, NULL, NULL, 0}
+};
-/* Loading code stores state inside the ENGINE structure via the "ex_data"
+/*
+ * Loading code stores state inside the ENGINE structure via the "ex_data"
* element. We load all our state into a single structure and use that as a
- * single context in the "ex_data" stack. */
-struct st_dynamic_data_ctx
- {
- /* The DSO object we load that supplies the ENGINE code */
- DSO *dynamic_dso;
- /* The function pointer to the version checking shared library function */
- dynamic_v_check_fn v_check;
- /* The function pointer to the engine-binding shared library function */
- dynamic_bind_engine bind_engine;
- /* The default name/path for loading the shared library */
- const char *DYNAMIC_LIBNAME;
- /* Whether to continue loading on a version check failure */
- int no_vcheck;
- /* If non-NULL, stipulates the 'id' of the ENGINE to be loaded */
- const char *engine_id;
- /* If non-zero, a successfully loaded ENGINE should be added to the internal
- * ENGINE list. If 2, the add must succeed or the entire load should fail. */
- int list_add_value;
- /* The symbol name for the version checking function */
- const char *DYNAMIC_F1;
- /* The symbol name for the "initialise ENGINE structure" function */
- const char *DYNAMIC_F2;
- /* Whether to never use 'dirs', use 'dirs' as a fallback, or only use
- * 'dirs' for loading. Default is to use 'dirs' as a fallback. */
- int dir_load;
- /* A stack of directories from which ENGINEs could be loaded */
- STACK_OF(OPENSSL_STRING) *dirs;
- };
+ * single context in the "ex_data" stack.
+ */
+struct st_dynamic_data_ctx {
+ /* The DSO object we load that supplies the ENGINE code */
+ DSO *dynamic_dso;
+ /*
+ * The function pointer to the version checking shared library function
+ */
+ dynamic_v_check_fn v_check;
+ /*
+ * The function pointer to the engine-binding shared library function
+ */
+ dynamic_bind_engine bind_engine;
+ /* The default name/path for loading the shared library */
+ const char *DYNAMIC_LIBNAME;
+ /* Whether to continue loading on a version check failure */
+ int no_vcheck;
+ /* If non-NULL, stipulates the 'id' of the ENGINE to be loaded */
+ const char *engine_id;
+ /*
+ * If non-zero, a successfully loaded ENGINE should be added to the
+ * internal ENGINE list. If 2, the add must succeed or the entire load
+ * should fail.
+ */
+ int list_add_value;
+ /* The symbol name for the version checking function */
+ const char *DYNAMIC_F1;
+ /* The symbol name for the "initialise ENGINE structure" function */
+ const char *DYNAMIC_F2;
+ /*
+ * Whether to never use 'dirs', use 'dirs' as a fallback, or only use
+ * 'dirs' for loading. Default is to use 'dirs' as a fallback.
+ */
+ int dir_load;
+ /* A stack of directories from which ENGINEs could be loaded */
+ STACK_OF(OPENSSL_STRING) *dirs;
+};
-/* This is the "ex_data" index we obtain and reserve for use with our context
- * structure. */
+/*
+ * This is the "ex_data" index we obtain and reserve for use with our context
+ * structure.
+ */
static int dynamic_ex_data_idx = -1;
-static void int_free_str(char *s) { OPENSSL_free(s); }
-/* Because our ex_data element may or may not get allocated depending on whether
- * a "first-use" occurs before the ENGINE is freed, we have a memory leak
- * problem to solve. We can't declare a "new" handler for the ex_data as we
- * don't want a dynamic_data_ctx in *all* ENGINE structures of all types (this
- * is a bug in the design of CRYPTO_EX_DATA). As such, we just declare a "free"
- * handler and that will get called if an ENGINE is being destroyed and there
- * was an ex_data element corresponding to our context type. */
+static void int_free_str(char *s)
+{
+ OPENSSL_free(s);
+}
+
+/*
+ * Because our ex_data element may or may not get allocated depending on
+ * whether a "first-use" occurs before the ENGINE is freed, we have a memory
+ * leak problem to solve. We can't declare a "new" handler for the ex_data as
+ * we don't want a dynamic_data_ctx in *all* ENGINE structures of all types
+ * (this is a bug in the design of CRYPTO_EX_DATA). As such, we just declare
+ * a "free" handler and that will get called if an ENGINE is being destroyed
+ * and there was an ex_data element corresponding to our context type.
+ */
static void dynamic_data_ctx_free_func(void *parent, void *ptr,
- CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
- {
- if(ptr)
- {
- dynamic_data_ctx *ctx = (dynamic_data_ctx *)ptr;
- if(ctx->dynamic_dso)
- DSO_free(ctx->dynamic_dso);
- if(ctx->DYNAMIC_LIBNAME)
- OPENSSL_free((void*)ctx->DYNAMIC_LIBNAME);
- if(ctx->engine_id)
- OPENSSL_free((void*)ctx->engine_id);
- if(ctx->dirs)
- sk_OPENSSL_STRING_pop_free(ctx->dirs, int_free_str);
- OPENSSL_free(ctx);
- }
- }
+ CRYPTO_EX_DATA *ad, int idx, long argl,
+ void *argp)
+{
+ if (ptr) {
+ dynamic_data_ctx *ctx = (dynamic_data_ctx *)ptr;
+ if (ctx->dynamic_dso)
+ DSO_free(ctx->dynamic_dso);
+ if (ctx->DYNAMIC_LIBNAME)
+ OPENSSL_free((void *)ctx->DYNAMIC_LIBNAME);
+ if (ctx->engine_id)
+ OPENSSL_free((void *)ctx->engine_id);
+ if (ctx->dirs)
+ sk_OPENSSL_STRING_pop_free(ctx->dirs, int_free_str);
+ OPENSSL_free(ctx);
+ }
+}
-/* Construct the per-ENGINE context. We create it blindly and then use a lock to
- * check for a race - if so, all but one of the threads "racing" will have
+/*
+ * Construct the per-ENGINE context. We create it blindly and then use a lock
+ * to check for a race - if so, all but one of the threads "racing" will have
* wasted their time. The alternative involves creating everything inside the
- * lock which is far worse. */
+ * lock which is far worse.
+ */
static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx)
- {
- dynamic_data_ctx *c;
- c = OPENSSL_malloc(sizeof(dynamic_data_ctx));
- if(!c)
- {
- ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- memset(c, 0, sizeof(dynamic_data_ctx));
- c->dynamic_dso = NULL;
- c->v_check = NULL;
- c->bind_engine = NULL;
- c->DYNAMIC_LIBNAME = NULL;
- c->no_vcheck = 0;
- c->engine_id = NULL;
- c->list_add_value = 0;
- c->DYNAMIC_F1 = "v_check";
- c->DYNAMIC_F2 = "bind_engine";
- c->dir_load = 1;
- c->dirs = sk_OPENSSL_STRING_new_null();
- if(!c->dirs)
- {
- ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX,ERR_R_MALLOC_FAILURE);
- OPENSSL_free(c);
- return 0;
- }
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- if((*ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e,
- dynamic_ex_data_idx)) == NULL)
- {
- /* Good, we're the first */
- ENGINE_set_ex_data(e, dynamic_ex_data_idx, c);
- *ctx = c;
- c = NULL;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- /* If we lost the race to set the context, c is non-NULL and *ctx is the
- * context of the thread that won. */
- if(c)
- OPENSSL_free(c);
- return 1;
- }
+{
+ dynamic_data_ctx *c;
+ c = OPENSSL_malloc(sizeof(dynamic_data_ctx));
+ if (!c) {
+ ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ memset(c, 0, sizeof(dynamic_data_ctx));
+ c->dynamic_dso = NULL;
+ c->v_check = NULL;
+ c->bind_engine = NULL;
+ c->DYNAMIC_LIBNAME = NULL;
+ c->no_vcheck = 0;
+ c->engine_id = NULL;
+ c->list_add_value = 0;
+ c->DYNAMIC_F1 = "v_check";
+ c->DYNAMIC_F2 = "bind_engine";
+ c->dir_load = 1;
+ c->dirs = sk_OPENSSL_STRING_new_null();
+ if (!c->dirs) {
+ ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX, ERR_R_MALLOC_FAILURE);
+ OPENSSL_free(c);
+ return 0;
+ }
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ if ((*ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e,
+ dynamic_ex_data_idx))
+ == NULL) {
+ /* Good, we're the first */
+ ENGINE_set_ex_data(e, dynamic_ex_data_idx, c);
+ *ctx = c;
+ c = NULL;
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ /*
+ * If we lost the race to set the context, c is non-NULL and *ctx is the
+ * context of the thread that won.
+ */
+ if (c)
+ OPENSSL_free(c);
+ return 1;
+}
-/* This function retrieves the context structure from an ENGINE's "ex_data", or
- * if it doesn't exist yet, sets it up. */
+/*
+ * This function retrieves the context structure from an ENGINE's "ex_data",
+ * or if it doesn't exist yet, sets it up.
+ */
static dynamic_data_ctx *dynamic_get_data_ctx(ENGINE *e)
- {
- dynamic_data_ctx *ctx;
- if(dynamic_ex_data_idx < 0)
- {
- /* Create and register the ENGINE ex_data, and associate our
- * "free" function with it to ensure any allocated contexts get
- * freed when an ENGINE goes underground. */
- int new_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL,
- dynamic_data_ctx_free_func);
- if(new_idx == -1)
- {
- ENGINEerr(ENGINE_F_DYNAMIC_GET_DATA_CTX,ENGINE_R_NO_INDEX);
- return NULL;
- }
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- /* Avoid a race by checking again inside this lock */
- if(dynamic_ex_data_idx < 0)
- {
- /* Good, someone didn't beat us to it */
- dynamic_ex_data_idx = new_idx;
- new_idx = -1;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- /* In theory we could "give back" the index here if
- * (new_idx>-1), but it's not possible and wouldn't gain us much
- * if it were. */
- }
- ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, dynamic_ex_data_idx);
- /* Check if the context needs to be created */
- if((ctx == NULL) && !dynamic_set_data_ctx(e, &ctx))
- /* "set_data" will set errors if necessary */
- return NULL;
- return ctx;
- }
+{
+ dynamic_data_ctx *ctx;
+ if (dynamic_ex_data_idx < 0) {
+ /*
+ * Create and register the ENGINE ex_data, and associate our "free"
+ * function with it to ensure any allocated contexts get freed when
+ * an ENGINE goes underground.
+ */
+ int new_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL,
+ dynamic_data_ctx_free_func);
+ if (new_idx == -1) {
+ ENGINEerr(ENGINE_F_DYNAMIC_GET_DATA_CTX, ENGINE_R_NO_INDEX);
+ return NULL;
+ }
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ /* Avoid a race by checking again inside this lock */
+ if (dynamic_ex_data_idx < 0) {
+ /* Good, someone didn't beat us to it */
+ dynamic_ex_data_idx = new_idx;
+ new_idx = -1;
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ /*
+ * In theory we could "give back" the index here if (new_idx>-1), but
+ * it's not possible and wouldn't gain us much if it were.
+ */
+ }
+ ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, dynamic_ex_data_idx);
+ /* Check if the context needs to be created */
+ if ((ctx == NULL) && !dynamic_set_data_ctx(e, &ctx))
+ /* "set_data" will set errors if necessary */
+ return NULL;
+ return ctx;
+}
static ENGINE *engine_dynamic(void)
- {
- ENGINE *ret = ENGINE_new();
- if(!ret)
- return NULL;
- if(!ENGINE_set_id(ret, engine_dynamic_id) ||
- !ENGINE_set_name(ret, engine_dynamic_name) ||
- !ENGINE_set_init_function(ret, dynamic_init) ||
- !ENGINE_set_finish_function(ret, dynamic_finish) ||
- !ENGINE_set_ctrl_function(ret, dynamic_ctrl) ||
- !ENGINE_set_flags(ret, ENGINE_FLAGS_BY_ID_COPY) ||
- !ENGINE_set_cmd_defns(ret, dynamic_cmd_defns))
- {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
- }
+{
+ ENGINE *ret = ENGINE_new();
+ if (!ret)
+ return NULL;
+ if (!ENGINE_set_id(ret, engine_dynamic_id) ||
+ !ENGINE_set_name(ret, engine_dynamic_name) ||
+ !ENGINE_set_init_function(ret, dynamic_init) ||
+ !ENGINE_set_finish_function(ret, dynamic_finish) ||
+ !ENGINE_set_ctrl_function(ret, dynamic_ctrl) ||
+ !ENGINE_set_flags(ret, ENGINE_FLAGS_BY_ID_COPY) ||
+ !ENGINE_set_cmd_defns(ret, dynamic_cmd_defns)) {
+ ENGINE_free(ret);
+ return NULL;
+ }
+ return ret;
+}
void ENGINE_load_dynamic(void)
- {
- ENGINE *toadd = engine_dynamic();
- if(!toadd) return;
- ENGINE_add(toadd);
- /* If the "add" worked, it gets a structural reference. So either way,
- * we release our just-created reference. */
- ENGINE_free(toadd);
- /* If the "add" didn't work, it was probably a conflict because it was
- * already added (eg. someone calling ENGINE_load_blah then calling
- * ENGINE_load_builtin_engines() perhaps). */
- ERR_clear_error();
- }
+{
+ ENGINE *toadd = engine_dynamic();
+ if (!toadd)
+ return;
+ ENGINE_add(toadd);
+ /*
+ * If the "add" worked, it gets a structural reference. So either way, we
+ * release our just-created reference.
+ */
+ ENGINE_free(toadd);
+ /*
+ * If the "add" didn't work, it was probably a conflict because it was
+ * already added (eg. someone calling ENGINE_load_blah then calling
+ * ENGINE_load_builtin_engines() perhaps).
+ */
+ ERR_clear_error();
+}
static int dynamic_init(ENGINE *e)
- {
- /* We always return failure - the "dyanamic" engine itself can't be used
- * for anything. */
- return 0;
- }
+{
+ /*
+ * We always return failure - the "dyanamic" engine itself can't be used
+ * for anything.
+ */
+ return 0;
+}
static int dynamic_finish(ENGINE *e)
- {
- /* This should never be called on account of "dynamic_init" always
- * failing. */
- return 0;
- }
+{
+ /*
+ * This should never be called on account of "dynamic_init" always
+ * failing.
+ */
+ return 0;
+}
+
+static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+{
+ dynamic_data_ctx *ctx = dynamic_get_data_ctx(e);
+ int initialised;
-static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
- {
- dynamic_data_ctx *ctx = dynamic_get_data_ctx(e);
- int initialised;
-
- if(!ctx)
- {
- ENGINEerr(ENGINE_F_DYNAMIC_CTRL,ENGINE_R_NOT_LOADED);
- return 0;
- }
- initialised = ((ctx->dynamic_dso == NULL) ? 0 : 1);
- /* All our control commands require the ENGINE to be uninitialised */
- if(initialised)
- {
- ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
- ENGINE_R_ALREADY_LOADED);
- return 0;
- }
- switch(cmd)
- {
- case DYNAMIC_CMD_SO_PATH:
- /* a NULL 'p' or a string of zero-length is the same thing */
- if(p && (strlen((const char *)p) < 1))
- p = NULL;
- if(ctx->DYNAMIC_LIBNAME)
- OPENSSL_free((void*)ctx->DYNAMIC_LIBNAME);
- if(p)
- ctx->DYNAMIC_LIBNAME = BUF_strdup(p);
- else
- ctx->DYNAMIC_LIBNAME = NULL;
- return (ctx->DYNAMIC_LIBNAME ? 1 : 0);
- case DYNAMIC_CMD_NO_VCHECK:
- ctx->no_vcheck = ((i == 0) ? 0 : 1);
- return 1;
- case DYNAMIC_CMD_ID:
- /* a NULL 'p' or a string of zero-length is the same thing */
- if(p && (strlen((const char *)p) < 1))
- p = NULL;
- if(ctx->engine_id)
- OPENSSL_free((void*)ctx->engine_id);
- if(p)
- ctx->engine_id = BUF_strdup(p);
- else
- ctx->engine_id = NULL;
- return (ctx->engine_id ? 1 : 0);
- case DYNAMIC_CMD_LIST_ADD:
- if((i < 0) || (i > 2))
- {
- ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
- ENGINE_R_INVALID_ARGUMENT);
- return 0;
- }
- ctx->list_add_value = (int)i;
- return 1;
- case DYNAMIC_CMD_LOAD:
- return dynamic_load(e, ctx);
- case DYNAMIC_CMD_DIR_LOAD:
- if((i < 0) || (i > 2))
- {
- ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
- ENGINE_R_INVALID_ARGUMENT);
- return 0;
- }
- ctx->dir_load = (int)i;
- return 1;
- case DYNAMIC_CMD_DIR_ADD:
- /* a NULL 'p' or a string of zero-length is the same thing */
- if(!p || (strlen((const char *)p) < 1))
- {
- ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
- ENGINE_R_INVALID_ARGUMENT);
- return 0;
- }
- {
- char *tmp_str = BUF_strdup(p);
- if(!tmp_str)
- {
- ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
- ERR_R_MALLOC_FAILURE);
- return 0;
- }
- sk_OPENSSL_STRING_insert(ctx->dirs, tmp_str, -1);
- }
- return 1;
- default:
- break;
- }
- ENGINEerr(ENGINE_F_DYNAMIC_CTRL,ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
- return 0;
- }
+ if (!ctx) {
+ ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_NOT_LOADED);
+ return 0;
+ }
+ initialised = ((ctx->dynamic_dso == NULL) ? 0 : 1);
+ /* All our control commands require the ENGINE to be uninitialised */
+ if (initialised) {
+ ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_ALREADY_LOADED);
+ return 0;
+ }
+ switch (cmd) {
+ case DYNAMIC_CMD_SO_PATH:
+ /* a NULL 'p' or a string of zero-length is the same thing */
+ if (p && (strlen((const char *)p) < 1))
+ p = NULL;
+ if (ctx->DYNAMIC_LIBNAME)
+ OPENSSL_free((void *)ctx->DYNAMIC_LIBNAME);
+ if (p)
+ ctx->DYNAMIC_LIBNAME = BUF_strdup(p);
+ else
+ ctx->DYNAMIC_LIBNAME = NULL;
+ return (ctx->DYNAMIC_LIBNAME ? 1 : 0);
+ case DYNAMIC_CMD_NO_VCHECK:
+ ctx->no_vcheck = ((i == 0) ? 0 : 1);
+ return 1;
+ case DYNAMIC_CMD_ID:
+ /* a NULL 'p' or a string of zero-length is the same thing */
+ if (p && (strlen((const char *)p) < 1))
+ p = NULL;
+ if (ctx->engine_id)
+ OPENSSL_free((void *)ctx->engine_id);
+ if (p)
+ ctx->engine_id = BUF_strdup(p);
+ else
+ ctx->engine_id = NULL;
+ return (ctx->engine_id ? 1 : 0);
+ case DYNAMIC_CMD_LIST_ADD:
+ if ((i < 0) || (i > 2)) {
+ ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_INVALID_ARGUMENT);
+ return 0;
+ }
+ ctx->list_add_value = (int)i;
+ return 1;
+ case DYNAMIC_CMD_LOAD:
+ return dynamic_load(e, ctx);
+ case DYNAMIC_CMD_DIR_LOAD:
+ if ((i < 0) || (i > 2)) {
+ ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_INVALID_ARGUMENT);
+ return 0;
+ }
+ ctx->dir_load = (int)i;
+ return 1;
+ case DYNAMIC_CMD_DIR_ADD:
+ /* a NULL 'p' or a string of zero-length is the same thing */
+ if (!p || (strlen((const char *)p) < 1)) {
+ ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_INVALID_ARGUMENT);
+ return 0;
+ }
+ {
+ char *tmp_str = BUF_strdup(p);
+ if (!tmp_str) {
+ ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ sk_OPENSSL_STRING_insert(ctx->dirs, tmp_str, -1);
+ }
+ return 1;
+ default:
+ break;
+ }
+ ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+ return 0;
+}
static int int_load(dynamic_data_ctx *ctx)
- {
- int num, loop;
- /* Unless told not to, try a direct load */
- if((ctx->dir_load != 2) && (DSO_load(ctx->dynamic_dso,
- ctx->DYNAMIC_LIBNAME, NULL, 0)) != NULL)
- return 1;
- /* If we're not allowed to use 'dirs' or we have none, fail */
- if(!ctx->dir_load || (num = sk_OPENSSL_STRING_num(ctx->dirs)) < 1)
- return 0;
- for(loop = 0; loop < num; loop++)
- {
- const char *s = sk_OPENSSL_STRING_value(ctx->dirs, loop);
- char *merge = DSO_merge(ctx->dynamic_dso, ctx->DYNAMIC_LIBNAME, s);
- if(!merge)
- return 0;
- if(DSO_load(ctx->dynamic_dso, merge, NULL, 0))
- {
- /* Found what we're looking for */
- OPENSSL_free(merge);
- return 1;
- }
- OPENSSL_free(merge);
- }
- return 0;
- }
+{
+ int num, loop;
+ /* Unless told not to, try a direct load */
+ if ((ctx->dir_load != 2) && (DSO_load(ctx->dynamic_dso,
+ ctx->DYNAMIC_LIBNAME, NULL,
+ 0)) != NULL)
+ return 1;
+ /* If we're not allowed to use 'dirs' or we have none, fail */
+ if (!ctx->dir_load || (num = sk_OPENSSL_STRING_num(ctx->dirs)) < 1)
+ return 0;
+ for (loop = 0; loop < num; loop++) {
+ const char *s = sk_OPENSSL_STRING_value(ctx->dirs, loop);
+ char *merge = DSO_merge(ctx->dynamic_dso, ctx->DYNAMIC_LIBNAME, s);
+ if (!merge)
+ return 0;
+ if (DSO_load(ctx->dynamic_dso, merge, NULL, 0)) {
+ /* Found what we're looking for */
+ OPENSSL_free(merge);
+ return 1;
+ }
+ OPENSSL_free(merge);
+ }
+ return 0;
+}
static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)
- {
- ENGINE cpy;
- dynamic_fns fns;
+{
+ ENGINE cpy;
+ dynamic_fns fns;
- if(!ctx->dynamic_dso)
- ctx->dynamic_dso = DSO_new();
- if(!ctx->DYNAMIC_LIBNAME)
- {
- if(!ctx->engine_id)
- return 0;
- ctx->DYNAMIC_LIBNAME =
- DSO_convert_filename(ctx->dynamic_dso, ctx->engine_id);
- }
- if(!int_load(ctx))
- {
- ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
- ENGINE_R_DSO_NOT_FOUND);
- DSO_free(ctx->dynamic_dso);
- ctx->dynamic_dso = NULL;
- return 0;
- }
- /* We have to find a bind function otherwise it'll always end badly */
- if(!(ctx->bind_engine = (dynamic_bind_engine)DSO_bind_func(
- ctx->dynamic_dso, ctx->DYNAMIC_F2)))
- {
- ctx->bind_engine = NULL;
- DSO_free(ctx->dynamic_dso);
- ctx->dynamic_dso = NULL;
- ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
- ENGINE_R_DSO_FAILURE);
- return 0;
- }
- /* Do we perform version checking? */
- if(!ctx->no_vcheck)
- {
- unsigned long vcheck_res = 0;
- /* Now we try to find a version checking function and decide how
- * to cope with failure if/when it fails. */
- ctx->v_check = (dynamic_v_check_fn)DSO_bind_func(
- ctx->dynamic_dso, ctx->DYNAMIC_F1);
- if(ctx->v_check)
- vcheck_res = ctx->v_check(OSSL_DYNAMIC_VERSION);
- /* We fail if the version checker veto'd the load *or* if it is
- * deferring to us (by returning its version) and we think it is
- * too old. */
- if(vcheck_res < OSSL_DYNAMIC_OLDEST)
- {
- /* Fail */
- ctx->bind_engine = NULL;
- ctx->v_check = NULL;
- DSO_free(ctx->dynamic_dso);
- ctx->dynamic_dso = NULL;
- ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
- ENGINE_R_VERSION_INCOMPATIBILITY);
- return 0;
- }
- }
- /* First binary copy the ENGINE structure so that we can roll back if
- * the hand-over fails */
- memcpy(&cpy, e, sizeof(ENGINE));
- /* Provide the ERR, "ex_data", memory, and locking callbacks so the
- * loaded library uses our state rather than its own. FIXME: As noted in
- * engine.h, much of this would be simplified if each area of code
- * provided its own "summary" structure of all related callbacks. It
- * would also increase opaqueness. */
- fns.static_state = ENGINE_get_static_state();
- fns.err_fns = ERR_get_implementation();
- fns.ex_data_fns = CRYPTO_get_ex_data_implementation();
- CRYPTO_get_mem_functions(&fns.mem_fns.malloc_cb,
- &fns.mem_fns.realloc_cb,
- &fns.mem_fns.free_cb);
- fns.lock_fns.lock_locking_cb = CRYPTO_get_locking_callback();
- fns.lock_fns.lock_add_lock_cb = CRYPTO_get_add_lock_callback();
- fns.lock_fns.dynlock_create_cb = CRYPTO_get_dynlock_create_callback();
- fns.lock_fns.dynlock_lock_cb = CRYPTO_get_dynlock_lock_callback();
- fns.lock_fns.dynlock_destroy_cb = CRYPTO_get_dynlock_destroy_callback();
- /* Now that we've loaded the dynamic engine, make sure no "dynamic"
- * ENGINE elements will show through. */
- engine_set_all_null(e);
+ if (!ctx->dynamic_dso)
+ ctx->dynamic_dso = DSO_new();
+ if (!ctx->DYNAMIC_LIBNAME) {
+ if (!ctx->engine_id)
+ return 0;
+ ctx->DYNAMIC_LIBNAME =
+ DSO_convert_filename(ctx->dynamic_dso, ctx->engine_id);
+ }
+ if (!int_load(ctx)) {
+ ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ENGINE_R_DSO_NOT_FOUND);
+ DSO_free(ctx->dynamic_dso);
+ ctx->dynamic_dso = NULL;
+ return 0;
+ }
+ /* We have to find a bind function otherwise it'll always end badly */
+ if (!
+ (ctx->bind_engine =
+ (dynamic_bind_engine) DSO_bind_func(ctx->dynamic_dso,
+ ctx->DYNAMIC_F2))) {
+ ctx->bind_engine = NULL;
+ DSO_free(ctx->dynamic_dso);
+ ctx->dynamic_dso = NULL;
+ ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ENGINE_R_DSO_FAILURE);
+ return 0;
+ }
+ /* Do we perform version checking? */
+ if (!ctx->no_vcheck) {
+ unsigned long vcheck_res = 0;
+ /*
+ * Now we try to find a version checking function and decide how to
+ * cope with failure if/when it fails.
+ */
+ ctx->v_check =
+ (dynamic_v_check_fn) DSO_bind_func(ctx->dynamic_dso,
+ ctx->DYNAMIC_F1);
+ if (ctx->v_check)
+ vcheck_res = ctx->v_check(OSSL_DYNAMIC_VERSION);
+ /*
+ * We fail if the version checker veto'd the load *or* if it is
+ * deferring to us (by returning its version) and we think it is too
+ * old.
+ */
+ if (vcheck_res < OSSL_DYNAMIC_OLDEST) {
+ /* Fail */
+ ctx->bind_engine = NULL;
+ ctx->v_check = NULL;
+ DSO_free(ctx->dynamic_dso);
+ ctx->dynamic_dso = NULL;
+ ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
+ ENGINE_R_VERSION_INCOMPATIBILITY);
+ return 0;
+ }
+ }
+ /*
+ * First binary copy the ENGINE structure so that we can roll back if the
+ * hand-over fails
+ */
+ memcpy(&cpy, e, sizeof(ENGINE));
+ /*
+ * Provide the ERR, "ex_data", memory, and locking callbacks so the
+ * loaded library uses our state rather than its own. FIXME: As noted in
+ * engine.h, much of this would be simplified if each area of code
+ * provided its own "summary" structure of all related callbacks. It
+ * would also increase opaqueness.
+ */
+ fns.static_state = ENGINE_get_static_state();
+ fns.err_fns = ERR_get_implementation();
+ fns.ex_data_fns = CRYPTO_get_ex_data_implementation();
+ CRYPTO_get_mem_functions(&fns.mem_fns.malloc_cb,
+ &fns.mem_fns.realloc_cb, &fns.mem_fns.free_cb);
+ fns.lock_fns.lock_locking_cb = CRYPTO_get_locking_callback();
+ fns.lock_fns.lock_add_lock_cb = CRYPTO_get_add_lock_callback();
+ fns.lock_fns.dynlock_create_cb = CRYPTO_get_dynlock_create_callback();
+ fns.lock_fns.dynlock_lock_cb = CRYPTO_get_dynlock_lock_callback();
+ fns.lock_fns.dynlock_destroy_cb = CRYPTO_get_dynlock_destroy_callback();
+ /*
+ * Now that we've loaded the dynamic engine, make sure no "dynamic"
+ * ENGINE elements will show through.
+ */
+ engine_set_all_null(e);
- /* Try to bind the ENGINE onto our own ENGINE structure */
- if(!ctx->bind_engine(e, ctx->engine_id, &fns))
- {
- ctx->bind_engine = NULL;
- ctx->v_check = NULL;
- DSO_free(ctx->dynamic_dso);
- ctx->dynamic_dso = NULL;
- ENGINEerr(ENGINE_F_DYNAMIC_LOAD,ENGINE_R_INIT_FAILED);
- /* Copy the original ENGINE structure back */
- memcpy(e, &cpy, sizeof(ENGINE));
- return 0;
- }
- /* Do we try to add this ENGINE to the internal list too? */
- if(ctx->list_add_value > 0)
- {
- if(!ENGINE_add(e))
- {
- /* Do we tolerate this or fail? */
- if(ctx->list_add_value > 1)
- {
- /* Fail - NB: By this time, it's too late to
- * rollback, and trying to do so allows the
- * bind_engine() code to have created leaks. We
- * just have to fail where we are, after the
- * ENGINE has changed. */
- ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
- ENGINE_R_CONFLICTING_ENGINE_ID);
- return 0;
- }
- /* Tolerate */
- ERR_clear_error();
- }
- }
- return 1;
- }
+ /* Try to bind the ENGINE onto our own ENGINE structure */
+ if (!ctx->bind_engine(e, ctx->engine_id, &fns)) {
+ ctx->bind_engine = NULL;
+ ctx->v_check = NULL;
+ DSO_free(ctx->dynamic_dso);
+ ctx->dynamic_dso = NULL;
+ ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ENGINE_R_INIT_FAILED);
+ /* Copy the original ENGINE structure back */
+ memcpy(e, &cpy, sizeof(ENGINE));
+ return 0;
+ }
+ /* Do we try to add this ENGINE to the internal list too? */
+ if (ctx->list_add_value > 0) {
+ if (!ENGINE_add(e)) {
+ /* Do we tolerate this or fail? */
+ if (ctx->list_add_value > 1) {
+ /*
+ * Fail - NB: By this time, it's too late to rollback, and
+ * trying to do so allows the bind_engine() code to have
+ * created leaks. We just have to fail where we are, after
+ * the ENGINE has changed.
+ */
+ ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
+ ENGINE_R_CONFLICTING_ENGINE_ID);
+ return 0;
+ }
+ /* Tolerate */
+ ERR_clear_error();
+ }
+ }
+ return 1;
+}
diff --git a/openssl/crypto/engine/eng_err.c b/openssl/crypto/engine/eng_err.c
index 81c70acfa..bcc234852 100644
--- a/openssl/crypto/engine/eng_err.c
+++ b/openssl/crypto/engine/eng_err.c
@@ -7,7 +7,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
*
*/
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
@@ -65,109 +66,116 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ENGINE,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ENGINE,0,reason)
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ENGINE,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ENGINE,0,reason)
-static ERR_STRING_DATA ENGINE_str_functs[]=
- {
-{ERR_FUNC(ENGINE_F_DYNAMIC_CTRL), "DYNAMIC_CTRL"},
-{ERR_FUNC(ENGINE_F_DYNAMIC_GET_DATA_CTX), "DYNAMIC_GET_DATA_CTX"},
-{ERR_FUNC(ENGINE_F_DYNAMIC_LOAD), "DYNAMIC_LOAD"},
-{ERR_FUNC(ENGINE_F_DYNAMIC_SET_DATA_CTX), "DYNAMIC_SET_DATA_CTX"},
-{ERR_FUNC(ENGINE_F_ENGINE_ADD), "ENGINE_add"},
-{ERR_FUNC(ENGINE_F_ENGINE_BY_ID), "ENGINE_by_id"},
-{ERR_FUNC(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE), "ENGINE_cmd_is_executable"},
-{ERR_FUNC(ENGINE_F_ENGINE_CTRL), "ENGINE_ctrl"},
-{ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD), "ENGINE_ctrl_cmd"},
-{ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD_STRING), "ENGINE_ctrl_cmd_string"},
-{ERR_FUNC(ENGINE_F_ENGINE_FINISH), "ENGINE_finish"},
-{ERR_FUNC(ENGINE_F_ENGINE_FREE_UTIL), "ENGINE_FREE_UTIL"},
-{ERR_FUNC(ENGINE_F_ENGINE_GET_CIPHER), "ENGINE_get_cipher"},
-{ERR_FUNC(ENGINE_F_ENGINE_GET_DEFAULT_TYPE), "ENGINE_GET_DEFAULT_TYPE"},
-{ERR_FUNC(ENGINE_F_ENGINE_GET_DIGEST), "ENGINE_get_digest"},
-{ERR_FUNC(ENGINE_F_ENGINE_GET_NEXT), "ENGINE_get_next"},
-{ERR_FUNC(ENGINE_F_ENGINE_GET_PKEY_ASN1_METH), "ENGINE_get_pkey_asn1_meth"},
-{ERR_FUNC(ENGINE_F_ENGINE_GET_PKEY_METH), "ENGINE_get_pkey_meth"},
-{ERR_FUNC(ENGINE_F_ENGINE_GET_PREV), "ENGINE_get_prev"},
-{ERR_FUNC(ENGINE_F_ENGINE_INIT), "ENGINE_init"},
-{ERR_FUNC(ENGINE_F_ENGINE_LIST_ADD), "ENGINE_LIST_ADD"},
-{ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE), "ENGINE_LIST_REMOVE"},
-{ERR_FUNC(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY), "ENGINE_load_private_key"},
-{ERR_FUNC(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY), "ENGINE_load_public_key"},
-{ERR_FUNC(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT), "ENGINE_load_ssl_client_cert"},
-{ERR_FUNC(ENGINE_F_ENGINE_NEW), "ENGINE_new"},
-{ERR_FUNC(ENGINE_F_ENGINE_REMOVE), "ENGINE_remove"},
-{ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING), "ENGINE_set_default_string"},
-{ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_TYPE), "ENGINE_SET_DEFAULT_TYPE"},
-{ERR_FUNC(ENGINE_F_ENGINE_SET_ID), "ENGINE_set_id"},
-{ERR_FUNC(ENGINE_F_ENGINE_SET_NAME), "ENGINE_set_name"},
-{ERR_FUNC(ENGINE_F_ENGINE_TABLE_REGISTER), "ENGINE_TABLE_REGISTER"},
-{ERR_FUNC(ENGINE_F_ENGINE_UNLOAD_KEY), "ENGINE_UNLOAD_KEY"},
-{ERR_FUNC(ENGINE_F_ENGINE_UNLOCKED_FINISH), "ENGINE_UNLOCKED_FINISH"},
-{ERR_FUNC(ENGINE_F_ENGINE_UP_REF), "ENGINE_up_ref"},
-{ERR_FUNC(ENGINE_F_INT_CTRL_HELPER), "INT_CTRL_HELPER"},
-{ERR_FUNC(ENGINE_F_INT_ENGINE_CONFIGURE), "INT_ENGINE_CONFIGURE"},
-{ERR_FUNC(ENGINE_F_INT_ENGINE_MODULE_INIT), "INT_ENGINE_MODULE_INIT"},
-{ERR_FUNC(ENGINE_F_LOG_MESSAGE), "LOG_MESSAGE"},
-{0,NULL}
- };
+static ERR_STRING_DATA ENGINE_str_functs[] = {
+ {ERR_FUNC(ENGINE_F_DYNAMIC_CTRL), "DYNAMIC_CTRL"},
+ {ERR_FUNC(ENGINE_F_DYNAMIC_GET_DATA_CTX), "DYNAMIC_GET_DATA_CTX"},
+ {ERR_FUNC(ENGINE_F_DYNAMIC_LOAD), "DYNAMIC_LOAD"},
+ {ERR_FUNC(ENGINE_F_DYNAMIC_SET_DATA_CTX), "DYNAMIC_SET_DATA_CTX"},
+ {ERR_FUNC(ENGINE_F_ENGINE_ADD), "ENGINE_add"},
+ {ERR_FUNC(ENGINE_F_ENGINE_BY_ID), "ENGINE_by_id"},
+ {ERR_FUNC(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE), "ENGINE_cmd_is_executable"},
+ {ERR_FUNC(ENGINE_F_ENGINE_CTRL), "ENGINE_ctrl"},
+ {ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD), "ENGINE_ctrl_cmd"},
+ {ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD_STRING), "ENGINE_ctrl_cmd_string"},
+ {ERR_FUNC(ENGINE_F_ENGINE_FINISH), "ENGINE_finish"},
+ {ERR_FUNC(ENGINE_F_ENGINE_FREE_UTIL), "ENGINE_FREE_UTIL"},
+ {ERR_FUNC(ENGINE_F_ENGINE_GET_CIPHER), "ENGINE_get_cipher"},
+ {ERR_FUNC(ENGINE_F_ENGINE_GET_DEFAULT_TYPE), "ENGINE_GET_DEFAULT_TYPE"},
+ {ERR_FUNC(ENGINE_F_ENGINE_GET_DIGEST), "ENGINE_get_digest"},
+ {ERR_FUNC(ENGINE_F_ENGINE_GET_NEXT), "ENGINE_get_next"},
+ {ERR_FUNC(ENGINE_F_ENGINE_GET_PKEY_ASN1_METH),
+ "ENGINE_get_pkey_asn1_meth"},
+ {ERR_FUNC(ENGINE_F_ENGINE_GET_PKEY_METH), "ENGINE_get_pkey_meth"},
+ {ERR_FUNC(ENGINE_F_ENGINE_GET_PREV), "ENGINE_get_prev"},
+ {ERR_FUNC(ENGINE_F_ENGINE_INIT), "ENGINE_init"},
+ {ERR_FUNC(ENGINE_F_ENGINE_LIST_ADD), "ENGINE_LIST_ADD"},
+ {ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE), "ENGINE_LIST_REMOVE"},
+ {ERR_FUNC(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY), "ENGINE_load_private_key"},
+ {ERR_FUNC(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY), "ENGINE_load_public_key"},
+ {ERR_FUNC(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT),
+ "ENGINE_load_ssl_client_cert"},
+ {ERR_FUNC(ENGINE_F_ENGINE_NEW), "ENGINE_new"},
+ {ERR_FUNC(ENGINE_F_ENGINE_REMOVE), "ENGINE_remove"},
+ {ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING),
+ "ENGINE_set_default_string"},
+ {ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_TYPE), "ENGINE_SET_DEFAULT_TYPE"},
+ {ERR_FUNC(ENGINE_F_ENGINE_SET_ID), "ENGINE_set_id"},
+ {ERR_FUNC(ENGINE_F_ENGINE_SET_NAME), "ENGINE_set_name"},
+ {ERR_FUNC(ENGINE_F_ENGINE_TABLE_REGISTER), "ENGINE_TABLE_REGISTER"},
+ {ERR_FUNC(ENGINE_F_ENGINE_UNLOAD_KEY), "ENGINE_UNLOAD_KEY"},
+ {ERR_FUNC(ENGINE_F_ENGINE_UNLOCKED_FINISH), "ENGINE_UNLOCKED_FINISH"},
+ {ERR_FUNC(ENGINE_F_ENGINE_UP_REF), "ENGINE_up_ref"},
+ {ERR_FUNC(ENGINE_F_INT_CTRL_HELPER), "INT_CTRL_HELPER"},
+ {ERR_FUNC(ENGINE_F_INT_ENGINE_CONFIGURE), "INT_ENGINE_CONFIGURE"},
+ {ERR_FUNC(ENGINE_F_INT_ENGINE_MODULE_INIT), "INT_ENGINE_MODULE_INIT"},
+ {ERR_FUNC(ENGINE_F_LOG_MESSAGE), "LOG_MESSAGE"},
+ {0, NULL}
+};
-static ERR_STRING_DATA ENGINE_str_reasons[]=
- {
-{ERR_REASON(ENGINE_R_ALREADY_LOADED) ,"already loaded"},
-{ERR_REASON(ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER),"argument is not a number"},
-{ERR_REASON(ENGINE_R_CMD_NOT_EXECUTABLE) ,"cmd not executable"},
-{ERR_REASON(ENGINE_R_COMMAND_TAKES_INPUT),"command takes input"},
-{ERR_REASON(ENGINE_R_COMMAND_TAKES_NO_INPUT),"command takes no input"},
-{ERR_REASON(ENGINE_R_CONFLICTING_ENGINE_ID),"conflicting engine id"},
-{ERR_REASON(ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"},
-{ERR_REASON(ENGINE_R_DH_NOT_IMPLEMENTED) ,"dh not implemented"},
-{ERR_REASON(ENGINE_R_DSA_NOT_IMPLEMENTED),"dsa not implemented"},
-{ERR_REASON(ENGINE_R_DSO_FAILURE) ,"DSO failure"},
-{ERR_REASON(ENGINE_R_DSO_NOT_FOUND) ,"dso not found"},
-{ERR_REASON(ENGINE_R_ENGINES_SECTION_ERROR),"engines section error"},
-{ERR_REASON(ENGINE_R_ENGINE_CONFIGURATION_ERROR),"engine configuration error"},
-{ERR_REASON(ENGINE_R_ENGINE_IS_NOT_IN_LIST),"engine is not in the list"},
-{ERR_REASON(ENGINE_R_ENGINE_SECTION_ERROR),"engine section error"},
-{ERR_REASON(ENGINE_R_FAILED_LOADING_PRIVATE_KEY),"failed loading private key"},
-{ERR_REASON(ENGINE_R_FAILED_LOADING_PUBLIC_KEY),"failed loading public key"},
-{ERR_REASON(ENGINE_R_FINISH_FAILED) ,"finish failed"},
-{ERR_REASON(ENGINE_R_GET_HANDLE_FAILED) ,"could not obtain hardware handle"},
-{ERR_REASON(ENGINE_R_ID_OR_NAME_MISSING) ,"'id' or 'name' missing"},
-{ERR_REASON(ENGINE_R_INIT_FAILED) ,"init failed"},
-{ERR_REASON(ENGINE_R_INTERNAL_LIST_ERROR),"internal list error"},
-{ERR_REASON(ENGINE_R_INVALID_ARGUMENT) ,"invalid argument"},
-{ERR_REASON(ENGINE_R_INVALID_CMD_NAME) ,"invalid cmd name"},
-{ERR_REASON(ENGINE_R_INVALID_CMD_NUMBER) ,"invalid cmd number"},
-{ERR_REASON(ENGINE_R_INVALID_INIT_VALUE) ,"invalid init value"},
-{ERR_REASON(ENGINE_R_INVALID_STRING) ,"invalid string"},
-{ERR_REASON(ENGINE_R_NOT_INITIALISED) ,"not initialised"},
-{ERR_REASON(ENGINE_R_NOT_LOADED) ,"not loaded"},
-{ERR_REASON(ENGINE_R_NO_CONTROL_FUNCTION),"no control function"},
-{ERR_REASON(ENGINE_R_NO_INDEX) ,"no index"},
-{ERR_REASON(ENGINE_R_NO_LOAD_FUNCTION) ,"no load function"},
-{ERR_REASON(ENGINE_R_NO_REFERENCE) ,"no reference"},
-{ERR_REASON(ENGINE_R_NO_SUCH_ENGINE) ,"no such engine"},
-{ERR_REASON(ENGINE_R_NO_UNLOAD_FUNCTION) ,"no unload function"},
-{ERR_REASON(ENGINE_R_PROVIDE_PARAMETERS) ,"provide parameters"},
-{ERR_REASON(ENGINE_R_RSA_NOT_IMPLEMENTED),"rsa not implemented"},
-{ERR_REASON(ENGINE_R_UNIMPLEMENTED_CIPHER),"unimplemented cipher"},
-{ERR_REASON(ENGINE_R_UNIMPLEMENTED_DIGEST),"unimplemented digest"},
-{ERR_REASON(ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD),"unimplemented public key method"},
-{ERR_REASON(ENGINE_R_VERSION_INCOMPATIBILITY),"version incompatibility"},
-{0,NULL}
- };
+static ERR_STRING_DATA ENGINE_str_reasons[] = {
+ {ERR_REASON(ENGINE_R_ALREADY_LOADED), "already loaded"},
+ {ERR_REASON(ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER),
+ "argument is not a number"},
+ {ERR_REASON(ENGINE_R_CMD_NOT_EXECUTABLE), "cmd not executable"},
+ {ERR_REASON(ENGINE_R_COMMAND_TAKES_INPUT), "command takes input"},
+ {ERR_REASON(ENGINE_R_COMMAND_TAKES_NO_INPUT), "command takes no input"},
+ {ERR_REASON(ENGINE_R_CONFLICTING_ENGINE_ID), "conflicting engine id"},
+ {ERR_REASON(ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED),
+ "ctrl command not implemented"},
+ {ERR_REASON(ENGINE_R_DH_NOT_IMPLEMENTED), "dh not implemented"},
+ {ERR_REASON(ENGINE_R_DSA_NOT_IMPLEMENTED), "dsa not implemented"},
+ {ERR_REASON(ENGINE_R_DSO_FAILURE), "DSO failure"},
+ {ERR_REASON(ENGINE_R_DSO_NOT_FOUND), "dso not found"},
+ {ERR_REASON(ENGINE_R_ENGINES_SECTION_ERROR), "engines section error"},
+ {ERR_REASON(ENGINE_R_ENGINE_CONFIGURATION_ERROR),
+ "engine configuration error"},
+ {ERR_REASON(ENGINE_R_ENGINE_IS_NOT_IN_LIST), "engine is not in the list"},
+ {ERR_REASON(ENGINE_R_ENGINE_SECTION_ERROR), "engine section error"},
+ {ERR_REASON(ENGINE_R_FAILED_LOADING_PRIVATE_KEY),
+ "failed loading private key"},
+ {ERR_REASON(ENGINE_R_FAILED_LOADING_PUBLIC_KEY),
+ "failed loading public key"},
+ {ERR_REASON(ENGINE_R_FINISH_FAILED), "finish failed"},
+ {ERR_REASON(ENGINE_R_GET_HANDLE_FAILED),
+ "could not obtain hardware handle"},
+ {ERR_REASON(ENGINE_R_ID_OR_NAME_MISSING), "'id' or 'name' missing"},
+ {ERR_REASON(ENGINE_R_INIT_FAILED), "init failed"},
+ {ERR_REASON(ENGINE_R_INTERNAL_LIST_ERROR), "internal list error"},
+ {ERR_REASON(ENGINE_R_INVALID_ARGUMENT), "invalid argument"},
+ {ERR_REASON(ENGINE_R_INVALID_CMD_NAME), "invalid cmd name"},
+ {ERR_REASON(ENGINE_R_INVALID_CMD_NUMBER), "invalid cmd number"},
+ {ERR_REASON(ENGINE_R_INVALID_INIT_VALUE), "invalid init value"},
+ {ERR_REASON(ENGINE_R_INVALID_STRING), "invalid string"},
+ {ERR_REASON(ENGINE_R_NOT_INITIALISED), "not initialised"},
+ {ERR_REASON(ENGINE_R_NOT_LOADED), "not loaded"},
+ {ERR_REASON(ENGINE_R_NO_CONTROL_FUNCTION), "no control function"},
+ {ERR_REASON(ENGINE_R_NO_INDEX), "no index"},
+ {ERR_REASON(ENGINE_R_NO_LOAD_FUNCTION), "no load function"},
+ {ERR_REASON(ENGINE_R_NO_REFERENCE), "no reference"},
+ {ERR_REASON(ENGINE_R_NO_SUCH_ENGINE), "no such engine"},
+ {ERR_REASON(ENGINE_R_NO_UNLOAD_FUNCTION), "no unload function"},
+ {ERR_REASON(ENGINE_R_PROVIDE_PARAMETERS), "provide parameters"},
+ {ERR_REASON(ENGINE_R_RSA_NOT_IMPLEMENTED), "rsa not implemented"},
+ {ERR_REASON(ENGINE_R_UNIMPLEMENTED_CIPHER), "unimplemented cipher"},
+ {ERR_REASON(ENGINE_R_UNIMPLEMENTED_DIGEST), "unimplemented digest"},
+ {ERR_REASON(ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD),
+ "unimplemented public key method"},
+ {ERR_REASON(ENGINE_R_VERSION_INCOMPATIBILITY), "version incompatibility"},
+ {0, NULL}
+};
#endif
void ERR_load_ENGINE_strings(void)
- {
+{
#ifndef OPENSSL_NO_ERR
- if (ERR_func_error_string(ENGINE_str_functs[0].error) == NULL)
- {
- ERR_load_strings(0,ENGINE_str_functs);
- ERR_load_strings(0,ENGINE_str_reasons);
- }
+ if (ERR_func_error_string(ENGINE_str_functs[0].error) == NULL) {
+ ERR_load_strings(0, ENGINE_str_functs);
+ ERR_load_strings(0, ENGINE_str_reasons);
+ }
#endif
- }
+}
diff --git a/openssl/crypto/engine/eng_fat.c b/openssl/crypto/engine/eng_fat.c
index 789b8d57e..bcb4c446b 100644
--- a/openssl/crypto/engine/eng_fat.c
+++ b/openssl/crypto/engine/eng_fat.c
@@ -7,7 +7,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -54,7 +54,7 @@
*/
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by
+ * ECDH support in OpenSSL originally developed by
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
*/
@@ -62,121 +62,118 @@
#include <openssl/conf.h>
int ENGINE_set_default(ENGINE *e, unsigned int flags)
- {
- if((flags & ENGINE_METHOD_CIPHERS) && !ENGINE_set_default_ciphers(e))
- return 0;
- if((flags & ENGINE_METHOD_DIGESTS) && !ENGINE_set_default_digests(e))
- return 0;
+{
+ if ((flags & ENGINE_METHOD_CIPHERS) && !ENGINE_set_default_ciphers(e))
+ return 0;
+ if ((flags & ENGINE_METHOD_DIGESTS) && !ENGINE_set_default_digests(e))
+ return 0;
#ifndef OPENSSL_NO_RSA
- if((flags & ENGINE_METHOD_RSA) && !ENGINE_set_default_RSA(e))
- return 0;
+ if ((flags & ENGINE_METHOD_RSA) && !ENGINE_set_default_RSA(e))
+ return 0;
#endif
#ifndef OPENSSL_NO_DSA
- if((flags & ENGINE_METHOD_DSA) && !ENGINE_set_default_DSA(e))
- return 0;
+ if ((flags & ENGINE_METHOD_DSA) && !ENGINE_set_default_DSA(e))
+ return 0;
#endif
#ifndef OPENSSL_NO_DH
- if((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e))
- return 0;
+ if ((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e))
+ return 0;
#endif
#ifndef OPENSSL_NO_ECDH
- if((flags & ENGINE_METHOD_ECDH) && !ENGINE_set_default_ECDH(e))
- return 0;
+ if ((flags & ENGINE_METHOD_ECDH) && !ENGINE_set_default_ECDH(e))
+ return 0;
#endif
#ifndef OPENSSL_NO_ECDSA
- if((flags & ENGINE_METHOD_ECDSA) && !ENGINE_set_default_ECDSA(e))
- return 0;
+ if ((flags & ENGINE_METHOD_ECDSA) && !ENGINE_set_default_ECDSA(e))
+ return 0;
#endif
- if((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e))
- return 0;
- if((flags & ENGINE_METHOD_PKEY_METHS)
- && !ENGINE_set_default_pkey_meths(e))
- return 0;
- if((flags & ENGINE_METHOD_PKEY_ASN1_METHS)
- && !ENGINE_set_default_pkey_asn1_meths(e))
- return 0;
- return 1;
- }
+ if ((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e))
+ return 0;
+ if ((flags & ENGINE_METHOD_PKEY_METHS)
+ && !ENGINE_set_default_pkey_meths(e))
+ return 0;
+ if ((flags & ENGINE_METHOD_PKEY_ASN1_METHS)
+ && !ENGINE_set_default_pkey_asn1_meths(e))
+ return 0;
+ return 1;
+}
/* Set default algorithms using a string */
static int int_def_cb(const char *alg, int len, void *arg)
- {
- unsigned int *pflags = arg;
- if (!strncmp(alg, "ALL", len))
- *pflags |= ENGINE_METHOD_ALL;
- else if (!strncmp(alg, "RSA", len))
- *pflags |= ENGINE_METHOD_RSA;
- else if (!strncmp(alg, "DSA", len))
- *pflags |= ENGINE_METHOD_DSA;
- else if (!strncmp(alg, "ECDH", len))
- *pflags |= ENGINE_METHOD_ECDH;
- else if (!strncmp(alg, "ECDSA", len))
- *pflags |= ENGINE_METHOD_ECDSA;
- else if (!strncmp(alg, "DH", len))
- *pflags |= ENGINE_METHOD_DH;
- else if (!strncmp(alg, "RAND", len))
- *pflags |= ENGINE_METHOD_RAND;
- else if (!strncmp(alg, "CIPHERS", len))
- *pflags |= ENGINE_METHOD_CIPHERS;
- else if (!strncmp(alg, "DIGESTS", len))
- *pflags |= ENGINE_METHOD_DIGESTS;
- else if (!strncmp(alg, "PKEY", len))
- *pflags |=
- ENGINE_METHOD_PKEY_METHS|ENGINE_METHOD_PKEY_ASN1_METHS;
- else if (!strncmp(alg, "PKEY_CRYPTO", len))
- *pflags |= ENGINE_METHOD_PKEY_METHS;
- else if (!strncmp(alg, "PKEY_ASN1", len))
- *pflags |= ENGINE_METHOD_PKEY_ASN1_METHS;
- else
- return 0;
- return 1;
- }
-
+{
+ unsigned int *pflags = arg;
+ if (!strncmp(alg, "ALL", len))
+ *pflags |= ENGINE_METHOD_ALL;
+ else if (!strncmp(alg, "RSA", len))
+ *pflags |= ENGINE_METHOD_RSA;
+ else if (!strncmp(alg, "DSA", len))
+ *pflags |= ENGINE_METHOD_DSA;
+ else if (!strncmp(alg, "ECDH", len))
+ *pflags |= ENGINE_METHOD_ECDH;
+ else if (!strncmp(alg, "ECDSA", len))
+ *pflags |= ENGINE_METHOD_ECDSA;
+ else if (!strncmp(alg, "DH", len))
+ *pflags |= ENGINE_METHOD_DH;
+ else if (!strncmp(alg, "RAND", len))
+ *pflags |= ENGINE_METHOD_RAND;
+ else if (!strncmp(alg, "CIPHERS", len))
+ *pflags |= ENGINE_METHOD_CIPHERS;
+ else if (!strncmp(alg, "DIGESTS", len))
+ *pflags |= ENGINE_METHOD_DIGESTS;
+ else if (!strncmp(alg, "PKEY", len))
+ *pflags |= ENGINE_METHOD_PKEY_METHS | ENGINE_METHOD_PKEY_ASN1_METHS;
+ else if (!strncmp(alg, "PKEY_CRYPTO", len))
+ *pflags |= ENGINE_METHOD_PKEY_METHS;
+ else if (!strncmp(alg, "PKEY_ASN1", len))
+ *pflags |= ENGINE_METHOD_PKEY_ASN1_METHS;
+ else
+ return 0;
+ return 1;
+}
int ENGINE_set_default_string(ENGINE *e, const char *def_list)
- {
- unsigned int flags = 0;
- if (!CONF_parse_list(def_list, ',', 1, int_def_cb, &flags))
- {
- ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_STRING,
- ENGINE_R_INVALID_STRING);
- ERR_add_error_data(2, "str=",def_list);
- return 0;
- }
- return ENGINE_set_default(e, flags);
- }
+{
+ unsigned int flags = 0;
+ if (!CONF_parse_list(def_list, ',', 1, int_def_cb, &flags)) {
+ ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_STRING,
+ ENGINE_R_INVALID_STRING);
+ ERR_add_error_data(2, "str=", def_list);
+ return 0;
+ }
+ return ENGINE_set_default(e, flags);
+}
int ENGINE_register_complete(ENGINE *e)
- {
- ENGINE_register_ciphers(e);
- ENGINE_register_digests(e);
+{
+ ENGINE_register_ciphers(e);
+ ENGINE_register_digests(e);
#ifndef OPENSSL_NO_RSA
- ENGINE_register_RSA(e);
+ ENGINE_register_RSA(e);
#endif
#ifndef OPENSSL_NO_DSA
- ENGINE_register_DSA(e);
+ ENGINE_register_DSA(e);
#endif
#ifndef OPENSSL_NO_DH
- ENGINE_register_DH(e);
+ ENGINE_register_DH(e);
#endif
#ifndef OPENSSL_NO_ECDH
- ENGINE_register_ECDH(e);
+ ENGINE_register_ECDH(e);
#endif
#ifndef OPENSSL_NO_ECDSA
- ENGINE_register_ECDSA(e);
+ ENGINE_register_ECDSA(e);
#endif
- ENGINE_register_RAND(e);
- ENGINE_register_pkey_meths(e);
- return 1;
- }
+ ENGINE_register_RAND(e);
+ ENGINE_register_pkey_meths(e);
+ return 1;
+}
int ENGINE_register_all_complete(void)
- {
- ENGINE *e;
+{
+ ENGINE *e;
- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
- if (!(e->flags & ENGINE_FLAGS_NO_REGISTER_ALL))
- ENGINE_register_complete(e);
- return 1;
- }
+ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+ if (!(e->flags & ENGINE_FLAGS_NO_REGISTER_ALL))
+ ENGINE_register_complete(e);
+ return 1;
+}
diff --git a/openssl/crypto/engine/eng_init.c b/openssl/crypto/engine/eng_init.c
index 7633cf5f1..4ea7fe633 100644
--- a/openssl/crypto/engine/eng_init.c
+++ b/openssl/crypto/engine/eng_init.c
@@ -7,7 +7,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -55,100 +55,103 @@
#include "eng_int.h"
-/* Initialise a engine type for use (or up its functional reference count
- * if it's already in use). This version is only used internally. */
+/*
+ * Initialise a engine type for use (or up its functional reference count if
+ * it's already in use). This version is only used internally.
+ */
int engine_unlocked_init(ENGINE *e)
- {
- int to_return = 1;
+{
+ int to_return = 1;
- if((e->funct_ref == 0) && e->init)
- /* This is the first functional reference and the engine
- * requires initialisation so we do it now. */
- to_return = e->init(e);
- if(to_return)
- {
- /* OK, we return a functional reference which is also a
- * structural reference. */
- e->struct_ref++;
- e->funct_ref++;
- engine_ref_debug(e, 0, 1)
- engine_ref_debug(e, 1, 1)
- }
- return to_return;
- }
+ if ((e->funct_ref == 0) && e->init)
+ /*
+ * This is the first functional reference and the engine requires
+ * initialisation so we do it now.
+ */
+ to_return = e->init(e);
+ if (to_return) {
+ /*
+ * OK, we return a functional reference which is also a structural
+ * reference.
+ */
+ e->struct_ref++;
+ e->funct_ref++;
+ engine_ref_debug(e, 0, 1)
+ engine_ref_debug(e, 1, 1)
+ }
+ return to_return;
+}
-/* Free a functional reference to a engine type. This version is only used
- * internally. */
+/*
+ * Free a functional reference to a engine type. This version is only used
+ * internally.
+ */
int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers)
- {
- int to_return = 1;
+{
+ int to_return = 1;
- /* Reduce the functional reference count here so if it's the terminating
- * case, we can release the lock safely and call the finish() handler
- * without risk of a race. We get a race if we leave the count until
- * after and something else is calling "finish" at the same time -
- * there's a chance that both threads will together take the count from
- * 2 to 0 without either calling finish(). */
- e->funct_ref--;
- engine_ref_debug(e, 1, -1);
- if((e->funct_ref == 0) && e->finish)
- {
- if(unlock_for_handlers)
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- to_return = e->finish(e);
- if(unlock_for_handlers)
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- if(!to_return)
- return 0;
- }
+ /*
+ * Reduce the functional reference count here so if it's the terminating
+ * case, we can release the lock safely and call the finish() handler
+ * without risk of a race. We get a race if we leave the count until
+ * after and something else is calling "finish" at the same time -
+ * there's a chance that both threads will together take the count from 2
+ * to 0 without either calling finish().
+ */
+ e->funct_ref--;
+ engine_ref_debug(e, 1, -1);
+ if ((e->funct_ref == 0) && e->finish) {
+ if (unlock_for_handlers)
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ to_return = e->finish(e);
+ if (unlock_for_handlers)
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ if (!to_return)
+ return 0;
+ }
#ifdef REF_CHECK
- if(e->funct_ref < 0)
- {
- fprintf(stderr,"ENGINE_finish, bad functional reference count\n");
- abort();
- }
+ if (e->funct_ref < 0) {
+ fprintf(stderr, "ENGINE_finish, bad functional reference count\n");
+ abort();
+ }
#endif
- /* Release the structural reference too */
- if(!engine_free_util(e, 0))
- {
- ENGINEerr(ENGINE_F_ENGINE_UNLOCKED_FINISH,ENGINE_R_FINISH_FAILED);
- return 0;
- }
- return to_return;
- }
+ /* Release the structural reference too */
+ if (!engine_free_util(e, 0)) {
+ ENGINEerr(ENGINE_F_ENGINE_UNLOCKED_FINISH, ENGINE_R_FINISH_FAILED);
+ return 0;
+ }
+ return to_return;
+}
/* The API (locked) version of "init" */
int ENGINE_init(ENGINE *e)
- {
- int ret;
- if(e == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_INIT,ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- ret = engine_unlocked_init(e);
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- return ret;
- }
+{
+ int ret;
+ if (e == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_INIT, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ ret = engine_unlocked_init(e);
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ return ret;
+}
/* The API (locked) version of "finish" */
int ENGINE_finish(ENGINE *e)
- {
- int to_return = 1;
+{
+ int to_return = 1;
- if(e == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_FINISH,ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- to_return = engine_unlocked_finish(e, 1);
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- if(!to_return)
- {
- ENGINEerr(ENGINE_F_ENGINE_FINISH,ENGINE_R_FINISH_FAILED);
- return 0;
- }
- return to_return;
- }
+ if (e == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_FINISH, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ to_return = engine_unlocked_finish(e, 1);
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ if (!to_return) {
+ ENGINEerr(ENGINE_F_ENGINE_FINISH, ENGINE_R_FINISH_FAILED);
+ return 0;
+ }
+ return to_return;
+}
diff --git a/openssl/crypto/engine/eng_int.h b/openssl/crypto/engine/eng_int.h
index 451ef8feb..46f163b1f 100644
--- a/openssl/crypto/engine/eng_int.h
+++ b/openssl/crypto/engine/eng_int.h
@@ -1,6 +1,7 @@
/* crypto/engine/eng_int.h */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
+/*
+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
+ * 2000.
*/
/* ====================================================================
* Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
@@ -10,7 +11,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -57,51 +58,54 @@
*/
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by
+ * ECDH support in OpenSSL originally developed by
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
*/
#ifndef HEADER_ENGINE_INT_H
-#define HEADER_ENGINE_INT_H
+# define HEADER_ENGINE_INT_H
-#include "cryptlib.h"
+# include "cryptlib.h"
/* Take public definitions from engine.h */
-#include <openssl/engine.h>
+# include <openssl/engine.h>
#ifdef __cplusplus
extern "C" {
#endif
-/* If we compile with this symbol defined, then both reference counts in the
- * ENGINE structure will be monitored with a line of output on stderr for each
- * change. This prints the engine's pointer address (truncated to unsigned int),
- * "struct" or "funct" to indicate the reference type, the before and after
- * reference count, and the file:line-number pair. The "engine_ref_debug"
- * statements must come *after* the change. */
-#ifdef ENGINE_REF_COUNT_DEBUG
+/*
+ * If we compile with this symbol defined, then both reference counts in the
+ * ENGINE structure will be monitored with a line of output on stderr for
+ * each change. This prints the engine's pointer address (truncated to
+ * unsigned int), "struct" or "funct" to indicate the reference type, the
+ * before and after reference count, and the file:line-number pair. The
+ * "engine_ref_debug" statements must come *after* the change.
+ */
+# ifdef ENGINE_REF_COUNT_DEBUG
-#define engine_ref_debug(e, isfunct, diff) \
- fprintf(stderr, "engine: %08x %s from %d to %d (%s:%d)\n", \
- (unsigned int)(e), (isfunct ? "funct" : "struct"), \
- ((isfunct) ? ((e)->funct_ref - (diff)) : ((e)->struct_ref - (diff))), \
- ((isfunct) ? (e)->funct_ref : (e)->struct_ref), \
- (__FILE__), (__LINE__));
+# define engine_ref_debug(e, isfunct, diff) \
+ fprintf(stderr, "engine: %08x %s from %d to %d (%s:%d)\n", \
+ (unsigned int)(e), (isfunct ? "funct" : "struct"), \
+ ((isfunct) ? ((e)->funct_ref - (diff)) : ((e)->struct_ref - (diff))), \
+ ((isfunct) ? (e)->funct_ref : (e)->struct_ref), \
+ (__FILE__), (__LINE__));
-#else
+# else
-#define engine_ref_debug(e, isfunct, diff)
+# define engine_ref_debug(e, isfunct, diff)
-#endif
+# endif
-/* Any code that will need cleanup operations should use these functions to
+/*
+ * Any code that will need cleanup operations should use these functions to
* register callbacks. ENGINE_cleanup() will call all registered callbacks in
* order. NB: both the "add" functions assume CRYPTO_LOCK_ENGINE to already be
- * held (in "write" mode). */
-typedef void (ENGINE_CLEANUP_CB)(void);
-typedef struct st_engine_cleanup_item
- {
- ENGINE_CLEANUP_CB *cb;
- } ENGINE_CLEANUP_ITEM;
+ * held (in "write" mode).
+ */
+typedef void (ENGINE_CLEANUP_CB) (void);
+typedef struct st_engine_cleanup_item {
+ ENGINE_CLEANUP_CB *cb;
+} ENGINE_CLEANUP_ITEM;
DECLARE_STACK_OF(ENGINE_CLEANUP_ITEM)
void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb);
void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb);
@@ -109,98 +113,112 @@ void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb);
/* We need stacks of ENGINEs for use in eng_table.c */
DECLARE_STACK_OF(ENGINE)
-/* If this symbol is defined then engine_table_select(), the function that is
- * used by RSA, DSA (etc) code to select registered ENGINEs, cache defaults and
- * functional references (etc), will display debugging summaries to stderr. */
+/*
+ * If this symbol is defined then engine_table_select(), the function that is
+ * used by RSA, DSA (etc) code to select registered ENGINEs, cache defaults
+ * and functional references (etc), will display debugging summaries to
+ * stderr.
+ */
/* #define ENGINE_TABLE_DEBUG */
-/* This represents an implementation table. Dependent code should instantiate it
- * as a (ENGINE_TABLE *) pointer value set initially to NULL. */
+/*
+ * This represents an implementation table. Dependent code should instantiate
+ * it as a (ENGINE_TABLE *) pointer value set initially to NULL.
+ */
typedef struct st_engine_table ENGINE_TABLE;
int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
- ENGINE *e, const int *nids, int num_nids, int setdefault);
+ ENGINE *e, const int *nids, int num_nids,
+ int setdefault);
void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e);
void engine_table_cleanup(ENGINE_TABLE **table);
-#ifndef ENGINE_TABLE_DEBUG
+# ifndef ENGINE_TABLE_DEBUG
ENGINE *engine_table_select(ENGINE_TABLE **table, int nid);
-#else
-ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, int l);
-#define engine_table_select(t,n) engine_table_select_tmp(t,n,__FILE__,__LINE__)
-#endif
-typedef void (engine_table_doall_cb)(int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg);
-void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb, void *arg);
-
-/* Internal versions of API functions that have control over locking. These are
- * used between C files when functionality needs to be shared but the caller may
- * already be controlling of the CRYPTO_LOCK_ENGINE lock. */
+# else
+ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f,
+ int l);
+# define engine_table_select(t,n) engine_table_select_tmp(t,n,__FILE__,__LINE__)
+# endif
+typedef void (engine_table_doall_cb) (int nid, STACK_OF(ENGINE) *sk,
+ ENGINE *def, void *arg);
+void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb,
+ void *arg);
+
+/*
+ * Internal versions of API functions that have control over locking. These
+ * are used between C files when functionality needs to be shared but the
+ * caller may already be controlling of the CRYPTO_LOCK_ENGINE lock.
+ */
int engine_unlocked_init(ENGINE *e);
int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers);
int engine_free_util(ENGINE *e, int locked);
-/* This function will reset all "set"able values in an ENGINE to NULL. This
- * won't touch reference counts or ex_data, but is equivalent to calling all the
- * ENGINE_set_***() functions with a NULL value. */
+/*
+ * This function will reset all "set"able values in an ENGINE to NULL. This
+ * won't touch reference counts or ex_data, but is equivalent to calling all
+ * the ENGINE_set_***() functions with a NULL value.
+ */
void engine_set_all_null(ENGINE *e);
-/* NB: Bitwise OR-able values for the "flags" variable in ENGINE are now exposed
- * in engine.h. */
+/*
+ * NB: Bitwise OR-able values for the "flags" variable in ENGINE are now
+ * exposed in engine.h.
+ */
/* Free up dynamically allocated public key methods associated with ENGINE */
void engine_pkey_meths_free(ENGINE *e);
void engine_pkey_asn1_meths_free(ENGINE *e);
-/* This is a structure for storing implementations of various crypto
- * algorithms and functions. */
-struct engine_st
- {
- const char *id;
- const char *name;
- const RSA_METHOD *rsa_meth;
- const DSA_METHOD *dsa_meth;
- const DH_METHOD *dh_meth;
- const ECDH_METHOD *ecdh_meth;
- const ECDSA_METHOD *ecdsa_meth;
- const RAND_METHOD *rand_meth;
- const STORE_METHOD *store_meth;
- /* Cipher handling is via this callback */
- ENGINE_CIPHERS_PTR ciphers;
- /* Digest handling is via this callback */
- ENGINE_DIGESTS_PTR digests;
- /* Public key handling via this callback */
- ENGINE_PKEY_METHS_PTR pkey_meths;
- /* ASN1 public key handling via this callback */
- ENGINE_PKEY_ASN1_METHS_PTR pkey_asn1_meths;
-
- ENGINE_GEN_INT_FUNC_PTR destroy;
-
- ENGINE_GEN_INT_FUNC_PTR init;
- ENGINE_GEN_INT_FUNC_PTR finish;
- ENGINE_CTRL_FUNC_PTR ctrl;
- ENGINE_LOAD_KEY_PTR load_privkey;
- ENGINE_LOAD_KEY_PTR load_pubkey;
-
- ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
-
- const ENGINE_CMD_DEFN *cmd_defns;
- int flags;
- /* reference count on the structure itself */
- int struct_ref;
- /* reference count on usability of the engine type. NB: This
- * controls the loading and initialisation of any functionlity
- * required by this engine, whereas the previous count is
- * simply to cope with (de)allocation of this structure. Hence,
- * running_ref <= struct_ref at all times. */
- int funct_ref;
- /* A place to store per-ENGINE data */
- CRYPTO_EX_DATA ex_data;
- /* Used to maintain the linked-list of engines. */
- struct engine_st *prev;
- struct engine_st *next;
- };
+/*
+ * This is a structure for storing implementations of various crypto
+ * algorithms and functions.
+ */
+struct engine_st {
+ const char *id;
+ const char *name;
+ const RSA_METHOD *rsa_meth;
+ const DSA_METHOD *dsa_meth;
+ const DH_METHOD *dh_meth;
+ const ECDH_METHOD *ecdh_meth;
+ const ECDSA_METHOD *ecdsa_meth;
+ const RAND_METHOD *rand_meth;
+ const STORE_METHOD *store_meth;
+ /* Cipher handling is via this callback */
+ ENGINE_CIPHERS_PTR ciphers;
+ /* Digest handling is via this callback */
+ ENGINE_DIGESTS_PTR digests;
+ /* Public key handling via this callback */
+ ENGINE_PKEY_METHS_PTR pkey_meths;
+ /* ASN1 public key handling via this callback */
+ ENGINE_PKEY_ASN1_METHS_PTR pkey_asn1_meths;
+ ENGINE_GEN_INT_FUNC_PTR destroy;
+ ENGINE_GEN_INT_FUNC_PTR init;
+ ENGINE_GEN_INT_FUNC_PTR finish;
+ ENGINE_CTRL_FUNC_PTR ctrl;
+ ENGINE_LOAD_KEY_PTR load_privkey;
+ ENGINE_LOAD_KEY_PTR load_pubkey;
+ ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
+ const ENGINE_CMD_DEFN *cmd_defns;
+ int flags;
+ /* reference count on the structure itself */
+ int struct_ref;
+ /*
+ * reference count on usability of the engine type. NB: This controls the
+ * loading and initialisation of any functionlity required by this
+ * engine, whereas the previous count is simply to cope with
+ * (de)allocation of this structure. Hence, running_ref <= struct_ref at
+ * all times.
+ */
+ int funct_ref;
+ /* A place to store per-ENGINE data */
+ CRYPTO_EX_DATA ex_data;
+ /* Used to maintain the linked-list of engines. */
+ struct engine_st *prev;
+ struct engine_st *next;
+};
#ifdef __cplusplus
}
#endif
-#endif /* HEADER_ENGINE_INT_H */
+#endif /* HEADER_ENGINE_INT_H */
diff --git a/openssl/crypto/engine/eng_lib.c b/openssl/crypto/engine/eng_lib.c
index 18a666464..dc2abd28e 100644
--- a/openssl/crypto/engine/eng_lib.c
+++ b/openssl/crypto/engine/eng_lib.c
@@ -1,6 +1,7 @@
/* crypto/engine/eng_lib.c */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
+/*
+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
+ * 2000.
*/
/* ====================================================================
* Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
@@ -10,7 +11,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -62,271 +63,285 @@
/* The "new"/"free" stuff first */
ENGINE *ENGINE_new(void)
- {
- ENGINE *ret;
-
- ret = (ENGINE *)OPENSSL_malloc(sizeof(ENGINE));
- if(ret == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- memset(ret, 0, sizeof(ENGINE));
- ret->struct_ref = 1;
- engine_ref_debug(ret, 0, 1)
- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data);
- return ret;
- }
-
-/* Placed here (close proximity to ENGINE_new) so that modifications to the
+{
+ ENGINE *ret;
+
+ ret = (ENGINE *)OPENSSL_malloc(sizeof(ENGINE));
+ if (ret == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ memset(ret, 0, sizeof(ENGINE));
+ ret->struct_ref = 1;
+ engine_ref_debug(ret, 0, 1)
+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data);
+ return ret;
+}
+
+/*
+ * Placed here (close proximity to ENGINE_new) so that modifications to the
* elements of the ENGINE structure are more likely to be caught and changed
- * here. */
+ * here.
+ */
void engine_set_all_null(ENGINE *e)
- {
- e->id = NULL;
- e->name = NULL;
- e->rsa_meth = NULL;
- e->dsa_meth = NULL;
- e->dh_meth = NULL;
- e->rand_meth = NULL;
- e->store_meth = NULL;
- e->ciphers = NULL;
- e->digests = NULL;
- e->destroy = NULL;
- e->init = NULL;
- e->finish = NULL;
- e->ctrl = NULL;
- e->load_privkey = NULL;
- e->load_pubkey = NULL;
- e->cmd_defns = NULL;
- e->flags = 0;
- }
+{
+ e->id = NULL;
+ e->name = NULL;
+ e->rsa_meth = NULL;
+ e->dsa_meth = NULL;
+ e->dh_meth = NULL;
+ e->rand_meth = NULL;
+ e->store_meth = NULL;
+ e->ciphers = NULL;
+ e->digests = NULL;
+ e->destroy = NULL;
+ e->init = NULL;
+ e->finish = NULL;
+ e->ctrl = NULL;
+ e->load_privkey = NULL;
+ e->load_pubkey = NULL;
+ e->cmd_defns = NULL;
+ e->flags = 0;
+}
int engine_free_util(ENGINE *e, int locked)
- {
- int i;
-
- if(e == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_FREE_UTIL,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if(locked)
- i = CRYPTO_add(&e->struct_ref,-1,CRYPTO_LOCK_ENGINE);
- else
- i = --e->struct_ref;
- engine_ref_debug(e, 0, -1)
- if (i > 0) return 1;
+{
+ int i;
+
+ if (e == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_FREE_UTIL, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ if (locked)
+ i = CRYPTO_add(&e->struct_ref, -1, CRYPTO_LOCK_ENGINE);
+ else
+ i = --e->struct_ref;
+ engine_ref_debug(e, 0, -1)
+ if (i > 0)
+ return 1;
#ifdef REF_CHECK
- if (i < 0)
- {
- fprintf(stderr,"ENGINE_free, bad structural reference count\n");
- abort();
- }
+ if (i < 0) {
+ fprintf(stderr, "ENGINE_free, bad structural reference count\n");
+ abort();
+ }
#endif
- /* Free up any dynamically allocated public key methods */
- engine_pkey_meths_free(e);
- engine_pkey_asn1_meths_free(e);
- /* Give the ENGINE a chance to do any structural cleanup corresponding
- * to allocation it did in its constructor (eg. unload error strings) */
- if(e->destroy)
- e->destroy(e);
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data);
- OPENSSL_free(e);
- return 1;
- }
+ /* Free up any dynamically allocated public key methods */
+ engine_pkey_meths_free(e);
+ engine_pkey_asn1_meths_free(e);
+ /*
+ * Give the ENGINE a chance to do any structural cleanup corresponding to
+ * allocation it did in its constructor (eg. unload error strings)
+ */
+ if (e->destroy)
+ e->destroy(e);
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data);
+ OPENSSL_free(e);
+ return 1;
+}
int ENGINE_free(ENGINE *e)
- {
- return engine_free_util(e, 1);
- }
+{
+ return engine_free_util(e, 1);
+}
/* Cleanup stuff */
-/* ENGINE_cleanup() is coded such that anything that does work that will need
- * cleanup can register a "cleanup" callback here. That way we don't get linker
- * bloat by referring to all *possible* cleanups, but any linker bloat into code
- * "X" will cause X's cleanup function to end up here. */
+/*
+ * ENGINE_cleanup() is coded such that anything that does work that will need
+ * cleanup can register a "cleanup" callback here. That way we don't get
+ * linker bloat by referring to all *possible* cleanups, but any linker bloat
+ * into code "X" will cause X's cleanup function to end up here.
+ */
static STACK_OF(ENGINE_CLEANUP_ITEM) *cleanup_stack = NULL;
static int int_cleanup_check(int create)
- {
- if(cleanup_stack) return 1;
- if(!create) return 0;
- cleanup_stack = sk_ENGINE_CLEANUP_ITEM_new_null();
- return (cleanup_stack ? 1 : 0);
- }
+{
+ if (cleanup_stack)
+ return 1;
+ if (!create)
+ return 0;
+ cleanup_stack = sk_ENGINE_CLEANUP_ITEM_new_null();
+ return (cleanup_stack ? 1 : 0);
+}
+
static ENGINE_CLEANUP_ITEM *int_cleanup_item(ENGINE_CLEANUP_CB *cb)
- {
- ENGINE_CLEANUP_ITEM *item = OPENSSL_malloc(sizeof(
- ENGINE_CLEANUP_ITEM));
- if(!item) return NULL;
- item->cb = cb;
- return item;
- }
+{
+ ENGINE_CLEANUP_ITEM *item = OPENSSL_malloc(sizeof(ENGINE_CLEANUP_ITEM));
+ if (!item)
+ return NULL;
+ item->cb = cb;
+ return item;
+}
+
void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb)
- {
- ENGINE_CLEANUP_ITEM *item;
- if(!int_cleanup_check(1)) return;
- item = int_cleanup_item(cb);
- if(item)
- sk_ENGINE_CLEANUP_ITEM_insert(cleanup_stack, item, 0);
- }
+{
+ ENGINE_CLEANUP_ITEM *item;
+ if (!int_cleanup_check(1))
+ return;
+ item = int_cleanup_item(cb);
+ if (item)
+ sk_ENGINE_CLEANUP_ITEM_insert(cleanup_stack, item, 0);
+}
+
void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb)
- {
- ENGINE_CLEANUP_ITEM *item;
- if(!int_cleanup_check(1)) return;
- item = int_cleanup_item(cb);
- if(item)
- sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item);
- }
+{
+ ENGINE_CLEANUP_ITEM *item;
+ if (!int_cleanup_check(1))
+ return;
+ item = int_cleanup_item(cb);
+ if (item)
+ sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item);
+}
+
/* The API function that performs all cleanup */
static void engine_cleanup_cb_free(ENGINE_CLEANUP_ITEM *item)
- {
- (*(item->cb))();
- OPENSSL_free(item);
- }
+{
+ (*(item->cb)) ();
+ OPENSSL_free(item);
+}
+
void ENGINE_cleanup(void)
- {
- if(int_cleanup_check(0))
- {
- sk_ENGINE_CLEANUP_ITEM_pop_free(cleanup_stack,
- engine_cleanup_cb_free);
- cleanup_stack = NULL;
- }
- /* FIXME: This should be handled (somehow) through RAND, eg. by it
- * registering a cleanup callback. */
- RAND_set_rand_method(NULL);
- }
+{
+ if (int_cleanup_check(0)) {
+ sk_ENGINE_CLEANUP_ITEM_pop_free(cleanup_stack,
+ engine_cleanup_cb_free);
+ cleanup_stack = NULL;
+ }
+ /*
+ * FIXME: This should be handled (somehow) through RAND, eg. by it
+ * registering a cleanup callback.
+ */
+ RAND_set_rand_method(NULL);
+}
/* Now the "ex_data" support */
int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
- {
- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, argl, argp,
- new_func, dup_func, free_func);
- }
+ CRYPTO_EX_dup *dup_func,
+ CRYPTO_EX_free *free_func)
+{
+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, argl, argp,
+ new_func, dup_func, free_func);
+}
int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg)
- {
- return(CRYPTO_set_ex_data(&e->ex_data, idx, arg));
- }
+{
+ return (CRYPTO_set_ex_data(&e->ex_data, idx, arg));
+}
void *ENGINE_get_ex_data(const ENGINE *e, int idx)
- {
- return(CRYPTO_get_ex_data(&e->ex_data, idx));
- }
+{
+ return (CRYPTO_get_ex_data(&e->ex_data, idx));
+}
-/* Functions to get/set an ENGINE's elements - mainly to avoid exposing the
- * ENGINE structure itself. */
+/*
+ * Functions to get/set an ENGINE's elements - mainly to avoid exposing the
+ * ENGINE structure itself.
+ */
int ENGINE_set_id(ENGINE *e, const char *id)
- {
- if(id == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_SET_ID,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- e->id = id;
- return 1;
- }
+{
+ if (id == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_SET_ID, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ e->id = id;
+ return 1;
+}
int ENGINE_set_name(ENGINE *e, const char *name)
- {
- if(name == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_SET_NAME,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- e->name = name;
- return 1;
- }
+{
+ if (name == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_SET_NAME, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ e->name = name;
+ return 1;
+}
int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f)
- {
- e->destroy = destroy_f;
- return 1;
- }
+{
+ e->destroy = destroy_f;
+ return 1;
+}
int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f)
- {
- e->init = init_f;
- return 1;
- }
+{
+ e->init = init_f;
+ return 1;
+}
int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f)
- {
- e->finish = finish_f;
- return 1;
- }
+{
+ e->finish = finish_f;
+ return 1;
+}
int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f)
- {
- e->ctrl = ctrl_f;
- return 1;
- }
+{
+ e->ctrl = ctrl_f;
+ return 1;
+}
int ENGINE_set_flags(ENGINE *e, int flags)
- {
- e->flags = flags;
- return 1;
- }
+{
+ e->flags = flags;
+ return 1;
+}
int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns)
- {
- e->cmd_defns = defns;
- return 1;
- }
+{
+ e->cmd_defns = defns;
+ return 1;
+}
const char *ENGINE_get_id(const ENGINE *e)
- {
- return e->id;
- }
+{
+ return e->id;
+}
const char *ENGINE_get_name(const ENGINE *e)
- {
- return e->name;
- }
+{
+ return e->name;
+}
ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e)
- {
- return e->destroy;
- }
+{
+ return e->destroy;
+}
ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e)
- {
- return e->init;
- }
+{
+ return e->init;
+}
ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e)
- {
- return e->finish;
- }
+{
+ return e->finish;
+}
ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e)
- {
- return e->ctrl;
- }
+{
+ return e->ctrl;
+}
int ENGINE_get_flags(const ENGINE *e)
- {
- return e->flags;
- }
+{
+ return e->flags;
+}
const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e)
- {
- return e->cmd_defns;
- }
+{
+ return e->cmd_defns;
+}
-/* eng_lib.o is pretty much linked into anything that touches ENGINE already, so
- * put the "static_state" hack here. */
+/*
+ * eng_lib.o is pretty much linked into anything that touches ENGINE already,
+ * so put the "static_state" hack here.
+ */
static int internal_static_hack = 0;
void *ENGINE_get_static_state(void)
- {
- return &internal_static_hack;
- }
+{
+ return &internal_static_hack;
+}
diff --git a/openssl/crypto/engine/eng_list.c b/openssl/crypto/engine/eng_list.c
index 95c858960..3384e3182 100644
--- a/openssl/crypto/engine/eng_list.c
+++ b/openssl/crypto/engine/eng_list.c
@@ -1,6 +1,7 @@
/* crypto/engine/eng_list.c */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
+/*
+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
+ * 2000.
*/
/* ====================================================================
* Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
@@ -10,7 +11,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -57,378 +58,347 @@
*/
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by
+ * ECDH support in OpenSSL originally developed by
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
*/
#include "eng_int.h"
-/* The linked-list of pointers to engine types. engine_list_head
- * incorporates an implicit structural reference but engine_list_tail
- * does not - the latter is a computational niceity and only points
- * to something that is already pointed to by its predecessor in the
- * list (or engine_list_head itself). In the same way, the use of the
- * "prev" pointer in each ENGINE is to save excessive list iteration,
- * it doesn't correspond to an extra structural reference. Hence,
- * engine_list_head, and each non-null "next" pointer account for
- * the list itself assuming exactly 1 structural reference on each
- * list member. */
+/*
+ * The linked-list of pointers to engine types. engine_list_head incorporates
+ * an implicit structural reference but engine_list_tail does not - the
+ * latter is a computational niceity and only points to something that is
+ * already pointed to by its predecessor in the list (or engine_list_head
+ * itself). In the same way, the use of the "prev" pointer in each ENGINE is
+ * to save excessive list iteration, it doesn't correspond to an extra
+ * structural reference. Hence, engine_list_head, and each non-null "next"
+ * pointer account for the list itself assuming exactly 1 structural
+ * reference on each list member.
+ */
static ENGINE *engine_list_head = NULL;
static ENGINE *engine_list_tail = NULL;
-/* This cleanup function is only needed internally. If it should be called, we
- * register it with the "ENGINE_cleanup()" stack to be called during cleanup. */
+/*
+ * This cleanup function is only needed internally. If it should be called,
+ * we register it with the "ENGINE_cleanup()" stack to be called during
+ * cleanup.
+ */
static void engine_list_cleanup(void)
- {
- ENGINE *iterator = engine_list_head;
+{
+ ENGINE *iterator = engine_list_head;
- while(iterator != NULL)
- {
- ENGINE_remove(iterator);
- iterator = engine_list_head;
- }
- return;
- }
+ while (iterator != NULL) {
+ ENGINE_remove(iterator);
+ iterator = engine_list_head;
+ }
+ return;
+}
-/* These static functions starting with a lower case "engine_" always
- * take place when CRYPTO_LOCK_ENGINE has been locked up. */
+/*
+ * These static functions starting with a lower case "engine_" always take
+ * place when CRYPTO_LOCK_ENGINE has been locked up.
+ */
static int engine_list_add(ENGINE *e)
- {
- int conflict = 0;
- ENGINE *iterator = NULL;
+{
+ int conflict = 0;
+ ENGINE *iterator = NULL;
- if(e == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- iterator = engine_list_head;
- while(iterator && !conflict)
- {
- conflict = (strcmp(iterator->id, e->id) == 0);
- iterator = iterator->next;
- }
- if(conflict)
- {
- ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
- ENGINE_R_CONFLICTING_ENGINE_ID);
- return 0;
- }
- if(engine_list_head == NULL)
- {
- /* We are adding to an empty list. */
- if(engine_list_tail)
- {
- ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
- ENGINE_R_INTERNAL_LIST_ERROR);
- return 0;
- }
- engine_list_head = e;
- e->prev = NULL;
- /* The first time the list allocates, we should register the
- * cleanup. */
- engine_cleanup_add_last(engine_list_cleanup);
- }
- else
- {
- /* We are adding to the tail of an existing list. */
- if((engine_list_tail == NULL) ||
- (engine_list_tail->next != NULL))
- {
- ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
- ENGINE_R_INTERNAL_LIST_ERROR);
- return 0;
- }
- engine_list_tail->next = e;
- e->prev = engine_list_tail;
- }
- /* Having the engine in the list assumes a structural
- * reference. */
- e->struct_ref++;
- engine_ref_debug(e, 0, 1)
- /* However it came to be, e is the last item in the list. */
- engine_list_tail = e;
- e->next = NULL;
- return 1;
- }
+ if (e == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ iterator = engine_list_head;
+ while (iterator && !conflict) {
+ conflict = (strcmp(iterator->id, e->id) == 0);
+ iterator = iterator->next;
+ }
+ if (conflict) {
+ ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, ENGINE_R_CONFLICTING_ENGINE_ID);
+ return 0;
+ }
+ if (engine_list_head == NULL) {
+ /* We are adding to an empty list. */
+ if (engine_list_tail) {
+ ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, ENGINE_R_INTERNAL_LIST_ERROR);
+ return 0;
+ }
+ engine_list_head = e;
+ e->prev = NULL;
+ /*
+ * The first time the list allocates, we should register the cleanup.
+ */
+ engine_cleanup_add_last(engine_list_cleanup);
+ } else {
+ /* We are adding to the tail of an existing list. */
+ if ((engine_list_tail == NULL) || (engine_list_tail->next != NULL)) {
+ ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, ENGINE_R_INTERNAL_LIST_ERROR);
+ return 0;
+ }
+ engine_list_tail->next = e;
+ e->prev = engine_list_tail;
+ }
+ /*
+ * Having the engine in the list assumes a structural reference.
+ */
+ e->struct_ref++;
+ engine_ref_debug(e, 0, 1)
+ /* However it came to be, e is the last item in the list. */
+ engine_list_tail = e;
+ e->next = NULL;
+ return 1;
+}
static int engine_list_remove(ENGINE *e)
- {
- ENGINE *iterator;
+{
+ ENGINE *iterator;
- if(e == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- /* We need to check that e is in our linked list! */
- iterator = engine_list_head;
- while(iterator && (iterator != e))
- iterator = iterator->next;
- if(iterator == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
- ENGINE_R_ENGINE_IS_NOT_IN_LIST);
- return 0;
- }
- /* un-link e from the chain. */
- if(e->next)
- e->next->prev = e->prev;
- if(e->prev)
- e->prev->next = e->next;
- /* Correct our head/tail if necessary. */
- if(engine_list_head == e)
- engine_list_head = e->next;
- if(engine_list_tail == e)
- engine_list_tail = e->prev;
- engine_free_util(e, 0);
- return 1;
- }
+ if (e == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ /* We need to check that e is in our linked list! */
+ iterator = engine_list_head;
+ while (iterator && (iterator != e))
+ iterator = iterator->next;
+ if (iterator == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
+ ENGINE_R_ENGINE_IS_NOT_IN_LIST);
+ return 0;
+ }
+ /* un-link e from the chain. */
+ if (e->next)
+ e->next->prev = e->prev;
+ if (e->prev)
+ e->prev->next = e->next;
+ /* Correct our head/tail if necessary. */
+ if (engine_list_head == e)
+ engine_list_head = e->next;
+ if (engine_list_tail == e)
+ engine_list_tail = e->prev;
+ engine_free_util(e, 0);
+ return 1;
+}
/* Get the first/last "ENGINE" type available. */
ENGINE *ENGINE_get_first(void)
- {
- ENGINE *ret;
+{
+ ENGINE *ret;
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- ret = engine_list_head;
- if(ret)
- {
- ret->struct_ref++;
- engine_ref_debug(ret, 0, 1)
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- return ret;
- }
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ ret = engine_list_head;
+ if (ret) {
+ ret->struct_ref++;
+ engine_ref_debug(ret, 0, 1)
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ return ret;
+}
ENGINE *ENGINE_get_last(void)
- {
- ENGINE *ret;
+{
+ ENGINE *ret;
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- ret = engine_list_tail;
- if(ret)
- {
- ret->struct_ref++;
- engine_ref_debug(ret, 0, 1)
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- return ret;
- }
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ ret = engine_list_tail;
+ if (ret) {
+ ret->struct_ref++;
+ engine_ref_debug(ret, 0, 1)
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ return ret;
+}
/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
ENGINE *ENGINE_get_next(ENGINE *e)
- {
- ENGINE *ret = NULL;
- if(e == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_GET_NEXT,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- ret = e->next;
- if(ret)
- {
- /* Return a valid structural refernce to the next ENGINE */
- ret->struct_ref++;
- engine_ref_debug(ret, 0, 1)
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- /* Release the structural reference to the previous ENGINE */
- ENGINE_free(e);
- return ret;
- }
+{
+ ENGINE *ret = NULL;
+ if (e == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_GET_NEXT, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ ret = e->next;
+ if (ret) {
+ /* Return a valid structural refernce to the next ENGINE */
+ ret->struct_ref++;
+ engine_ref_debug(ret, 0, 1)
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ /* Release the structural reference to the previous ENGINE */
+ ENGINE_free(e);
+ return ret;
+}
ENGINE *ENGINE_get_prev(ENGINE *e)
- {
- ENGINE *ret = NULL;
- if(e == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_GET_PREV,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- ret = e->prev;
- if(ret)
- {
- /* Return a valid structural reference to the next ENGINE */
- ret->struct_ref++;
- engine_ref_debug(ret, 0, 1)
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- /* Release the structural reference to the previous ENGINE */
- ENGINE_free(e);
- return ret;
- }
+{
+ ENGINE *ret = NULL;
+ if (e == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_GET_PREV, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ ret = e->prev;
+ if (ret) {
+ /* Return a valid structural reference to the next ENGINE */
+ ret->struct_ref++;
+ engine_ref_debug(ret, 0, 1)
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ /* Release the structural reference to the previous ENGINE */
+ ENGINE_free(e);
+ return ret;
+}
/* Add another "ENGINE" type into the list. */
int ENGINE_add(ENGINE *e)
- {
- int to_return = 1;
- if(e == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_ADD,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if((e->id == NULL) || (e->name == NULL))
- {
- ENGINEerr(ENGINE_F_ENGINE_ADD,
- ENGINE_R_ID_OR_NAME_MISSING);
- }
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- if(!engine_list_add(e))
- {
- ENGINEerr(ENGINE_F_ENGINE_ADD,
- ENGINE_R_INTERNAL_LIST_ERROR);
- to_return = 0;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- return to_return;
- }
+{
+ int to_return = 1;
+ if (e == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_ADD, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ if ((e->id == NULL) || (e->name == NULL)) {
+ ENGINEerr(ENGINE_F_ENGINE_ADD, ENGINE_R_ID_OR_NAME_MISSING);
+ }
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ if (!engine_list_add(e)) {
+ ENGINEerr(ENGINE_F_ENGINE_ADD, ENGINE_R_INTERNAL_LIST_ERROR);
+ to_return = 0;
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ return to_return;
+}
/* Remove an existing "ENGINE" type from the array. */
int ENGINE_remove(ENGINE *e)
- {
- int to_return = 1;
- if(e == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_REMOVE,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- if(!engine_list_remove(e))
- {
- ENGINEerr(ENGINE_F_ENGINE_REMOVE,
- ENGINE_R_INTERNAL_LIST_ERROR);
- to_return = 0;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- return to_return;
- }
+{
+ int to_return = 1;
+ if (e == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_REMOVE, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ if (!engine_list_remove(e)) {
+ ENGINEerr(ENGINE_F_ENGINE_REMOVE, ENGINE_R_INTERNAL_LIST_ERROR);
+ to_return = 0;
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ return to_return;
+}
static void engine_cpy(ENGINE *dest, const ENGINE *src)
- {
- dest->id = src->id;
- dest->name = src->name;
+{
+ dest->id = src->id;
+ dest->name = src->name;
#ifndef OPENSSL_NO_RSA
- dest->rsa_meth = src->rsa_meth;
+ dest->rsa_meth = src->rsa_meth;
#endif
#ifndef OPENSSL_NO_DSA
- dest->dsa_meth = src->dsa_meth;
+ dest->dsa_meth = src->dsa_meth;
#endif
#ifndef OPENSSL_NO_DH
- dest->dh_meth = src->dh_meth;
+ dest->dh_meth = src->dh_meth;
#endif
#ifndef OPENSSL_NO_ECDH
- dest->ecdh_meth = src->ecdh_meth;
+ dest->ecdh_meth = src->ecdh_meth;
#endif
#ifndef OPENSSL_NO_ECDSA
- dest->ecdsa_meth = src->ecdsa_meth;
+ dest->ecdsa_meth = src->ecdsa_meth;
#endif
- dest->rand_meth = src->rand_meth;
- dest->store_meth = src->store_meth;
- dest->ciphers = src->ciphers;
- dest->digests = src->digests;
- dest->pkey_meths = src->pkey_meths;
- dest->destroy = src->destroy;
- dest->init = src->init;
- dest->finish = src->finish;
- dest->ctrl = src->ctrl;
- dest->load_privkey = src->load_privkey;
- dest->load_pubkey = src->load_pubkey;
- dest->cmd_defns = src->cmd_defns;
- dest->flags = src->flags;
- }
+ dest->rand_meth = src->rand_meth;
+ dest->store_meth = src->store_meth;
+ dest->ciphers = src->ciphers;
+ dest->digests = src->digests;
+ dest->pkey_meths = src->pkey_meths;
+ dest->destroy = src->destroy;
+ dest->init = src->init;
+ dest->finish = src->finish;
+ dest->ctrl = src->ctrl;
+ dest->load_privkey = src->load_privkey;
+ dest->load_pubkey = src->load_pubkey;
+ dest->cmd_defns = src->cmd_defns;
+ dest->flags = src->flags;
+}
ENGINE *ENGINE_by_id(const char *id)
- {
- ENGINE *iterator;
- char *load_dir = NULL;
- if(id == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_BY_ID,
- ERR_R_PASSED_NULL_PARAMETER);
- return NULL;
- }
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- iterator = engine_list_head;
- while(iterator && (strcmp(id, iterator->id) != 0))
- iterator = iterator->next;
- if(iterator)
- {
- /* We need to return a structural reference. If this is an
- * ENGINE type that returns copies, make a duplicate - otherwise
- * increment the existing ENGINE's reference count. */
- if(iterator->flags & ENGINE_FLAGS_BY_ID_COPY)
- {
- ENGINE *cp = ENGINE_new();
- if(!cp)
- iterator = NULL;
- else
- {
- engine_cpy(cp, iterator);
- iterator = cp;
- }
- }
- else
- {
- iterator->struct_ref++;
- engine_ref_debug(iterator, 0, 1)
- }
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+{
+ ENGINE *iterator;
+ char *load_dir = NULL;
+ if (id == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_BY_ID, ERR_R_PASSED_NULL_PARAMETER);
+ return NULL;
+ }
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ iterator = engine_list_head;
+ while (iterator && (strcmp(id, iterator->id) != 0))
+ iterator = iterator->next;
+ if (iterator) {
+ /*
+ * We need to return a structural reference. If this is an ENGINE
+ * type that returns copies, make a duplicate - otherwise increment
+ * the existing ENGINE's reference count.
+ */
+ if (iterator->flags & ENGINE_FLAGS_BY_ID_COPY) {
+ ENGINE *cp = ENGINE_new();
+ if (!cp)
+ iterator = NULL;
+ else {
+ engine_cpy(cp, iterator);
+ iterator = cp;
+ }
+ } else {
+ iterator->struct_ref++;
+ engine_ref_debug(iterator, 0, 1)
+ }
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
#if 0
- if(iterator == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_BY_ID,
- ENGINE_R_NO_SUCH_ENGINE);
- ERR_add_error_data(2, "id=", id);
- }
- return iterator;
+ if (iterator == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_BY_ID, ENGINE_R_NO_SUCH_ENGINE);
+ ERR_add_error_data(2, "id=", id);
+ }
+ return iterator;
#else
- /* EEK! Experimental code starts */
- if(iterator) return iterator;
- /* Prevent infinite recusrion if we're looking for the dynamic engine. */
- if (strcmp(id, "dynamic"))
- {
-#ifdef OPENSSL_SYS_VMS
- if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]";
-#else
- if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR;
-#endif
- iterator = ENGINE_by_id("dynamic");
- if(!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
- !ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) ||
- !ENGINE_ctrl_cmd_string(iterator, "DIR_ADD",
- load_dir, 0) ||
- !ENGINE_ctrl_cmd_string(iterator, "LIST_ADD", "1", 0) ||
- !ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0))
- goto notfound;
- return iterator;
- }
-notfound:
- ENGINE_free(iterator);
- ENGINEerr(ENGINE_F_ENGINE_BY_ID,ENGINE_R_NO_SUCH_ENGINE);
- ERR_add_error_data(2, "id=", id);
- return NULL;
- /* EEK! Experimental code ends */
+ /* EEK! Experimental code starts */
+ if (iterator)
+ return iterator;
+ /*
+ * Prevent infinite recusrion if we're looking for the dynamic engine.
+ */
+ if (strcmp(id, "dynamic")) {
+# ifdef OPENSSL_SYS_VMS
+ if ((load_dir = getenv("OPENSSL_ENGINES")) == 0)
+ load_dir = "SSLROOT:[ENGINES]";
+# else
+ if ((load_dir = getenv("OPENSSL_ENGINES")) == 0)
+ load_dir = ENGINESDIR;
+# endif
+ iterator = ENGINE_by_id("dynamic");
+ if (!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
+ !ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) ||
+ !ENGINE_ctrl_cmd_string(iterator, "DIR_ADD",
+ load_dir, 0) ||
+ !ENGINE_ctrl_cmd_string(iterator, "LIST_ADD", "1", 0) ||
+ !ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0))
+ goto notfound;
+ return iterator;
+ }
+ notfound:
+ ENGINE_free(iterator);
+ ENGINEerr(ENGINE_F_ENGINE_BY_ID, ENGINE_R_NO_SUCH_ENGINE);
+ ERR_add_error_data(2, "id=", id);
+ return NULL;
+ /* EEK! Experimental code ends */
#endif
- }
+}
int ENGINE_up_ref(ENGINE *e)
- {
- if (e == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_UP_REF,ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- CRYPTO_add(&e->struct_ref,1,CRYPTO_LOCK_ENGINE);
- return 1;
- }
+{
+ if (e == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_UP_REF, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ CRYPTO_add(&e->struct_ref, 1, CRYPTO_LOCK_ENGINE);
+ return 1;
+}
diff --git a/openssl/crypto/engine/eng_openssl.c b/openssl/crypto/engine/eng_openssl.c
index 9abb95cc2..34b002950 100644
--- a/openssl/crypto/engine/eng_openssl.c
+++ b/openssl/crypto/engine/eng_openssl.c
@@ -1,6 +1,7 @@
/* crypto/engine/eng_openssl.c */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
+/*
+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
+ * 2000.
*/
/* ====================================================================
* Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
@@ -10,7 +11,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -57,11 +58,10 @@
*/
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by
+ * ECDH support in OpenSSL originally developed by
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
*/
-
#include <stdio.h>
#include <openssl/crypto.h>
#include "cryptlib.h"
@@ -71,18 +71,20 @@
#include <openssl/evp.h>
#include <openssl/rand.h>
#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
+# include <openssl/rsa.h>
#endif
#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
+# include <openssl/dsa.h>
#endif
#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
+# include <openssl/dh.h>
#endif
-/* This testing gunk is implemented (and explained) lower down. It also assumes
- * the application explicitly calls "ENGINE_load_openssl()" because this is no
- * longer automatic in ENGINE_load_builtin_engines(). */
+/*
+ * This testing gunk is implemented (and explained) lower down. It also
+ * assumes the application explicitly calls "ENGINE_load_openssl()" because
+ * this is no longer automatic in ENGINE_load_builtin_engines().
+ */
#define TEST_ENG_OPENSSL_RC4
#define TEST_ENG_OPENSSL_PKEY
/* #define TEST_ENG_OPENSSL_RC4_OTHERS */
@@ -96,118 +98,129 @@
/* Now check what of those algorithms are actually enabled */
#ifdef OPENSSL_NO_RC4
-#undef TEST_ENG_OPENSSL_RC4
-#undef TEST_ENG_OPENSSL_RC4_OTHERS
-#undef TEST_ENG_OPENSSL_RC4_P_INIT
-#undef TEST_ENG_OPENSSL_RC4_P_CIPHER
+# undef TEST_ENG_OPENSSL_RC4
+# undef TEST_ENG_OPENSSL_RC4_OTHERS
+# undef TEST_ENG_OPENSSL_RC4_P_INIT
+# undef TEST_ENG_OPENSSL_RC4_P_CIPHER
#endif
#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA0) || defined(OPENSSL_NO_SHA1)
-#undef TEST_ENG_OPENSSL_SHA
-#undef TEST_ENG_OPENSSL_SHA_OTHERS
-#undef TEST_ENG_OPENSSL_SHA_P_INIT
-#undef TEST_ENG_OPENSSL_SHA_P_UPDATE
-#undef TEST_ENG_OPENSSL_SHA_P_FINAL
+# undef TEST_ENG_OPENSSL_SHA
+# undef TEST_ENG_OPENSSL_SHA_OTHERS
+# undef TEST_ENG_OPENSSL_SHA_P_INIT
+# undef TEST_ENG_OPENSSL_SHA_P_UPDATE
+# undef TEST_ENG_OPENSSL_SHA_P_FINAL
#endif
#ifdef TEST_ENG_OPENSSL_RC4
static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
- const int **nids, int nid);
+ const int **nids, int nid);
#endif
#ifdef TEST_ENG_OPENSSL_SHA
static int openssl_digests(ENGINE *e, const EVP_MD **digest,
- const int **nids, int nid);
+ const int **nids, int nid);
#endif
#ifdef TEST_ENG_OPENSSL_PKEY
static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
- UI_METHOD *ui_method, void *callback_data);
+ UI_METHOD *ui_method,
+ void *callback_data);
#endif
/* The constants used when creating the ENGINE */
static const char *engine_openssl_id = "openssl";
static const char *engine_openssl_name = "Software engine support";
-/* This internal function is used by ENGINE_openssl() and possibly by the
- * "dynamic" ENGINE support too */
+/*
+ * This internal function is used by ENGINE_openssl() and possibly by the
+ * "dynamic" ENGINE support too
+ */
static int bind_helper(ENGINE *e)
- {
- if(!ENGINE_set_id(e, engine_openssl_id)
- || !ENGINE_set_name(e, engine_openssl_name)
+{
+ if (!ENGINE_set_id(e, engine_openssl_id)
+ || !ENGINE_set_name(e, engine_openssl_name)
#ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS
-#ifndef OPENSSL_NO_RSA
- || !ENGINE_set_RSA(e, RSA_get_default_method())
-#endif
-#ifndef OPENSSL_NO_DSA
- || !ENGINE_set_DSA(e, DSA_get_default_method())
-#endif
-#ifndef OPENSSL_NO_ECDH
- || !ENGINE_set_ECDH(e, ECDH_OpenSSL())
-#endif
-#ifndef OPENSSL_NO_ECDSA
- || !ENGINE_set_ECDSA(e, ECDSA_OpenSSL())
-#endif
-#ifndef OPENSSL_NO_DH
- || !ENGINE_set_DH(e, DH_get_default_method())
-#endif
- || !ENGINE_set_RAND(e, RAND_SSLeay())
-#ifdef TEST_ENG_OPENSSL_RC4
- || !ENGINE_set_ciphers(e, openssl_ciphers)
-#endif
-#ifdef TEST_ENG_OPENSSL_SHA
- || !ENGINE_set_digests(e, openssl_digests)
-#endif
+# ifndef OPENSSL_NO_RSA
+ || !ENGINE_set_RSA(e, RSA_get_default_method())
+# endif
+# ifndef OPENSSL_NO_DSA
+ || !ENGINE_set_DSA(e, DSA_get_default_method())
+# endif
+# ifndef OPENSSL_NO_ECDH
+ || !ENGINE_set_ECDH(e, ECDH_OpenSSL())
+# endif
+# ifndef OPENSSL_NO_ECDSA
+ || !ENGINE_set_ECDSA(e, ECDSA_OpenSSL())
+# endif
+# ifndef OPENSSL_NO_DH
+ || !ENGINE_set_DH(e, DH_get_default_method())
+# endif
+ || !ENGINE_set_RAND(e, RAND_SSLeay())
+# ifdef TEST_ENG_OPENSSL_RC4
+ || !ENGINE_set_ciphers(e, openssl_ciphers)
+# endif
+# ifdef TEST_ENG_OPENSSL_SHA
+ || !ENGINE_set_digests(e, openssl_digests)
+# endif
#endif
#ifdef TEST_ENG_OPENSSL_PKEY
- || !ENGINE_set_load_privkey_function(e, openssl_load_privkey)
+ || !ENGINE_set_load_privkey_function(e, openssl_load_privkey)
#endif
- )
- return 0;
- /* If we add errors to this ENGINE, ensure the error handling is setup here */
- /* openssl_load_error_strings(); */
- return 1;
- }
+ )
+ return 0;
+ /*
+ * If we add errors to this ENGINE, ensure the error handling is setup
+ * here
+ */
+ /* openssl_load_error_strings(); */
+ return 1;
+}
static ENGINE *engine_openssl(void)
- {
- ENGINE *ret = ENGINE_new();
- if(!ret)
- return NULL;
- if(!bind_helper(ret))
- {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
- }
+{
+ ENGINE *ret = ENGINE_new();
+ if (!ret)
+ return NULL;
+ if (!bind_helper(ret)) {
+ ENGINE_free(ret);
+ return NULL;
+ }
+ return ret;
+}
void ENGINE_load_openssl(void)
- {
- ENGINE *toadd = engine_openssl();
- if(!toadd) return;
- ENGINE_add(toadd);
- /* If the "add" worked, it gets a structural reference. So either way,
- * we release our just-created reference. */
- ENGINE_free(toadd);
- ERR_clear_error();
- }
+{
+ ENGINE *toadd = engine_openssl();
+ if (!toadd)
+ return;
+ ENGINE_add(toadd);
+ /*
+ * If the "add" worked, it gets a structural reference. So either way, we
+ * release our just-created reference.
+ */
+ ENGINE_free(toadd);
+ ERR_clear_error();
+}
-/* This stuff is needed if this ENGINE is being compiled into a self-contained
- * shared-library. */
+/*
+ * This stuff is needed if this ENGINE is being compiled into a
+ * self-contained shared-library.
+ */
#ifdef ENGINE_DYNAMIC_SUPPORT
static int bind_fn(ENGINE *e, const char *id)
- {
- if(id && (strcmp(id, engine_openssl_id) != 0))
- return 0;
- if(!bind_helper(e))
- return 0;
- return 1;
- }
-IMPLEMENT_DYNAMIC_CHECK_FN()
-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
-#endif /* ENGINE_DYNAMIC_SUPPORT */
+{
+ if (id && (strcmp(id, engine_openssl_id) != 0))
+ return 0;
+ if (!bind_helper(e))
+ return 0;
+ return 1;
+}
+IMPLEMENT_DYNAMIC_CHECK_FN()
+ IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#endif /* ENGINE_DYNAMIC_SUPPORT */
#ifdef TEST_ENG_OPENSSL_RC4
-/* This section of code compiles an "alternative implementation" of two modes of
+/*-
+ * This section of code compiles an "alternative implementation" of two modes of
* RC4 into this ENGINE. The result is that EVP_CIPHER operation for "rc4"
* should under normal circumstances go via this support rather than the default
* EVP support. There are other symbols to tweak the testing;
@@ -217,168 +230,173 @@ IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
* the "init_key" handler is called.
* TEST_ENG_OPENSSL_RC4_P_CIPHER - ditto for the "cipher" handler.
*/
-#include <openssl/rc4.h>
-#define TEST_RC4_KEY_SIZE 16
-static int test_cipher_nids[] = {NID_rc4,NID_rc4_40};
+# include <openssl/rc4.h>
+# define TEST_RC4_KEY_SIZE 16
+static int test_cipher_nids[] = { NID_rc4, NID_rc4_40 };
+
static int test_cipher_nids_number = 2;
typedef struct {
- unsigned char key[TEST_RC4_KEY_SIZE];
- RC4_KEY ks;
- } TEST_RC4_KEY;
-#define test(ctx) ((TEST_RC4_KEY *)(ctx)->cipher_data)
+ unsigned char key[TEST_RC4_KEY_SIZE];
+ RC4_KEY ks;
+} TEST_RC4_KEY;
+# define test(ctx) ((TEST_RC4_KEY *)(ctx)->cipher_data)
static int test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
- {
-#ifdef TEST_ENG_OPENSSL_RC4_P_INIT
- fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_init_key() called\n");
-#endif
- memcpy(&test(ctx)->key[0],key,EVP_CIPHER_CTX_key_length(ctx));
- RC4_set_key(&test(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),
- test(ctx)->key);
- return 1;
- }
+ const unsigned char *iv, int enc)
+{
+# ifdef TEST_ENG_OPENSSL_RC4_P_INIT
+ fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_init_key() called\n");
+# endif
+ memcpy(&test(ctx)->key[0], key, EVP_CIPHER_CTX_key_length(ctx));
+ RC4_set_key(&test(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx),
+ test(ctx)->key);
+ return 1;
+}
+
static int test_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, size_t inl)
- {
-#ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER
- fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n");
-#endif
- RC4(&test(ctx)->ks,inl,in,out);
- return 1;
- }
-static const EVP_CIPHER test_r4_cipher=
- {
- NID_rc4,
- 1,TEST_RC4_KEY_SIZE,0,
- EVP_CIPH_VARIABLE_LENGTH,
- test_rc4_init_key,
- test_rc4_cipher,
- NULL,
- sizeof(TEST_RC4_KEY),
- NULL,
- NULL,
- NULL,
- NULL
- };
-static const EVP_CIPHER test_r4_40_cipher=
- {
- NID_rc4_40,
- 1,5 /* 40 bit */,0,
- EVP_CIPH_VARIABLE_LENGTH,
- test_rc4_init_key,
- test_rc4_cipher,
- NULL,
- sizeof(TEST_RC4_KEY),
- NULL,
- NULL,
- NULL,
- NULL
- };
+ const unsigned char *in, size_t inl)
+{
+# ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER
+ fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n");
+# endif
+ RC4(&test(ctx)->ks, inl, in, out);
+ return 1;
+}
+
+static const EVP_CIPHER test_r4_cipher = {
+ NID_rc4,
+ 1, TEST_RC4_KEY_SIZE, 0,
+ EVP_CIPH_VARIABLE_LENGTH,
+ test_rc4_init_key,
+ test_rc4_cipher,
+ NULL,
+ sizeof(TEST_RC4_KEY),
+ NULL,
+ NULL,
+ NULL,
+ NULL
+};
+
+static const EVP_CIPHER test_r4_40_cipher = {
+ NID_rc4_40,
+ 1, 5 /* 40 bit */ , 0,
+ EVP_CIPH_VARIABLE_LENGTH,
+ test_rc4_init_key,
+ test_rc4_cipher,
+ NULL,
+ sizeof(TEST_RC4_KEY),
+ NULL,
+ NULL,
+ NULL,
+ NULL
+};
+
static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
- const int **nids, int nid)
- {
- if(!cipher)
- {
- /* We are returning a list of supported nids */
- *nids = test_cipher_nids;
- return test_cipher_nids_number;
- }
- /* We are being asked for a specific cipher */
- if(nid == NID_rc4)
- *cipher = &test_r4_cipher;
- else if(nid == NID_rc4_40)
- *cipher = &test_r4_40_cipher;
- else
- {
-#ifdef TEST_ENG_OPENSSL_RC4_OTHERS
- fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) returning NULL for "
- "nid %d\n", nid);
-#endif
- *cipher = NULL;
- return 0;
- }
- return 1;
- }
+ const int **nids, int nid)
+{
+ if (!cipher) {
+ /* We are returning a list of supported nids */
+ *nids = test_cipher_nids;
+ return test_cipher_nids_number;
+ }
+ /* We are being asked for a specific cipher */
+ if (nid == NID_rc4)
+ *cipher = &test_r4_cipher;
+ else if (nid == NID_rc4_40)
+ *cipher = &test_r4_40_cipher;
+ else {
+# ifdef TEST_ENG_OPENSSL_RC4_OTHERS
+ fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) returning NULL for "
+ "nid %d\n", nid);
+# endif
+ *cipher = NULL;
+ return 0;
+ }
+ return 1;
+}
#endif
#ifdef TEST_ENG_OPENSSL_SHA
/* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */
-#include <openssl/sha.h>
-static int test_digest_nids[] = {NID_sha1};
+# include <openssl/sha.h>
+static int test_digest_nids[] = { NID_sha1 };
+
static int test_digest_nids_number = 1;
static int test_sha1_init(EVP_MD_CTX *ctx)
- {
-#ifdef TEST_ENG_OPENSSL_SHA_P_INIT
- fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n");
-#endif
- return SHA1_Init(ctx->md_data);
- }
-static int test_sha1_update(EVP_MD_CTX *ctx,const void *data,size_t count)
- {
-#ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE
- fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n");
-#endif
- return SHA1_Update(ctx->md_data,data,count);
- }
-static int test_sha1_final(EVP_MD_CTX *ctx,unsigned char *md)
- {
-#ifdef TEST_ENG_OPENSSL_SHA_P_FINAL
- fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n");
-#endif
- return SHA1_Final(md,ctx->md_data);
- }
-static const EVP_MD test_sha_md=
- {
- NID_sha1,
- NID_sha1WithRSAEncryption,
- SHA_DIGEST_LENGTH,
- 0,
- test_sha1_init,
- test_sha1_update,
- test_sha1_final,
- NULL,
- NULL,
- EVP_PKEY_RSA_method,
- SHA_CBLOCK,
- sizeof(EVP_MD *)+sizeof(SHA_CTX),
- };
+{
+# ifdef TEST_ENG_OPENSSL_SHA_P_INIT
+ fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n");
+# endif
+ return SHA1_Init(ctx->md_data);
+}
+
+static int test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+# ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE
+ fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n");
+# endif
+ return SHA1_Update(ctx->md_data, data, count);
+}
+
+static int test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+# ifdef TEST_ENG_OPENSSL_SHA_P_FINAL
+ fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n");
+# endif
+ return SHA1_Final(md, ctx->md_data);
+}
+
+static const EVP_MD test_sha_md = {
+ NID_sha1,
+ NID_sha1WithRSAEncryption,
+ SHA_DIGEST_LENGTH,
+ 0,
+ test_sha1_init,
+ test_sha1_update,
+ test_sha1_final,
+ NULL,
+ NULL,
+ EVP_PKEY_RSA_method,
+ SHA_CBLOCK,
+ sizeof(EVP_MD *) + sizeof(SHA_CTX),
+};
+
static int openssl_digests(ENGINE *e, const EVP_MD **digest,
- const int **nids, int nid)
- {
- if(!digest)
- {
- /* We are returning a list of supported nids */
- *nids = test_digest_nids;
- return test_digest_nids_number;
- }
- /* We are being asked for a specific digest */
- if(nid == NID_sha1)
- *digest = &test_sha_md;
- else
- {
-#ifdef TEST_ENG_OPENSSL_SHA_OTHERS
- fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for "
- "nid %d\n", nid);
-#endif
- *digest = NULL;
- return 0;
- }
- return 1;
- }
+ const int **nids, int nid)
+{
+ if (!digest) {
+ /* We are returning a list of supported nids */
+ *nids = test_digest_nids;
+ return test_digest_nids_number;
+ }
+ /* We are being asked for a specific digest */
+ if (nid == NID_sha1)
+ *digest = &test_sha_md;
+ else {
+# ifdef TEST_ENG_OPENSSL_SHA_OTHERS
+ fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for "
+ "nid %d\n", nid);
+# endif
+ *digest = NULL;
+ return 0;
+ }
+ return 1;
+}
#endif
#ifdef TEST_ENG_OPENSSL_PKEY
static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
- UI_METHOD *ui_method, void *callback_data)
- {
- BIO *in;
- EVP_PKEY *key;
- fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n", key_id);
- in = BIO_new_file(key_id, "r");
- if (!in)
- return NULL;
- key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL);
- BIO_free(in);
- return key;
- }
+ UI_METHOD *ui_method,
+ void *callback_data)
+{
+ BIO *in;
+ EVP_PKEY *key;
+ fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n",
+ key_id);
+ in = BIO_new_file(key_id, "r");
+ if (!in)
+ return NULL;
+ key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL);
+ BIO_free(in);
+ return key;
+}
#endif
diff --git a/openssl/crypto/engine/eng_pkey.c b/openssl/crypto/engine/eng_pkey.c
index 1dfa2e366..23580d9ec 100644
--- a/openssl/crypto/engine/eng_pkey.c
+++ b/openssl/crypto/engine/eng_pkey.c
@@ -7,7 +7,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -57,140 +57,130 @@
/* Basic get/set stuff */
-int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f)
- {
- e->load_privkey = loadpriv_f;
- return 1;
- }
+int ENGINE_set_load_privkey_function(ENGINE *e,
+ ENGINE_LOAD_KEY_PTR loadpriv_f)
+{
+ e->load_privkey = loadpriv_f;
+ return 1;
+}
int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f)
- {
- e->load_pubkey = loadpub_f;
- return 1;
- }
+{
+ e->load_pubkey = loadpub_f;
+ return 1;
+}
int ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
- ENGINE_SSL_CLIENT_CERT_PTR loadssl_f)
- {
- e->load_ssl_client_cert = loadssl_f;
- return 1;
- }
+ ENGINE_SSL_CLIENT_CERT_PTR
+ loadssl_f)
+{
+ e->load_ssl_client_cert = loadssl_f;
+ return 1;
+}
ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e)
- {
- return e->load_privkey;
- }
+{
+ return e->load_privkey;
+}
ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e)
- {
- return e->load_pubkey;
- }
+{
+ return e->load_pubkey;
+}
-ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e)
- {
- return e->load_ssl_client_cert;
- }
+ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE
+ *e)
+{
+ return e->load_ssl_client_cert;
+}
/* API functions to load public/private keys */
EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
- UI_METHOD *ui_method, void *callback_data)
- {
- EVP_PKEY *pkey;
+ UI_METHOD *ui_method, void *callback_data)
+{
+ EVP_PKEY *pkey;
- if(e == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- if(e->funct_ref == 0)
- {
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
- ENGINE_R_NOT_INITIALISED);
- return 0;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- if (!e->load_privkey)
- {
- ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
- ENGINE_R_NO_LOAD_FUNCTION);
- return 0;
- }
- pkey = e->load_privkey(e, key_id, ui_method, callback_data);
- if (!pkey)
- {
- ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
- ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
- return 0;
- }
- return pkey;
- }
+ if (e == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ if (e->funct_ref == 0) {
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, ENGINE_R_NOT_INITIALISED);
+ return 0;
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ if (!e->load_privkey) {
+ ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+ ENGINE_R_NO_LOAD_FUNCTION);
+ return 0;
+ }
+ pkey = e->load_privkey(e, key_id, ui_method, callback_data);
+ if (!pkey) {
+ ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+ ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
+ return 0;
+ }
+ return pkey;
+}
EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
- UI_METHOD *ui_method, void *callback_data)
- {
- EVP_PKEY *pkey;
+ UI_METHOD *ui_method, void *callback_data)
+{
+ EVP_PKEY *pkey;
- if(e == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- if(e->funct_ref == 0)
- {
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
- ENGINE_R_NOT_INITIALISED);
- return 0;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- if (!e->load_pubkey)
- {
- ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
- ENGINE_R_NO_LOAD_FUNCTION);
- return 0;
- }
- pkey = e->load_pubkey(e, key_id, ui_method, callback_data);
- if (!pkey)
- {
- ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
- ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
- return 0;
- }
- return pkey;
- }
+ if (e == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ if (e->funct_ref == 0) {
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, ENGINE_R_NOT_INITIALISED);
+ return 0;
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ if (!e->load_pubkey) {
+ ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, ENGINE_R_NO_LOAD_FUNCTION);
+ return 0;
+ }
+ pkey = e->load_pubkey(e, key_id, ui_method, callback_data);
+ if (!pkey) {
+ ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+ ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
+ return 0;
+ }
+ return pkey;
+}
int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
- STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey,
- STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data)
- {
+ STACK_OF(X509_NAME) *ca_dn, X509 **pcert,
+ EVP_PKEY **ppkey, STACK_OF(X509) **pother,
+ UI_METHOD *ui_method, void *callback_data)
+{
- if(e == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- if(e->funct_ref == 0)
- {
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
- ENGINE_R_NOT_INITIALISED);
- return 0;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- if (!e->load_ssl_client_cert)
- {
- ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
- ENGINE_R_NO_LOAD_FUNCTION);
- return 0;
- }
- return e->load_ssl_client_cert(e, s, ca_dn, pcert, ppkey, pother,
- ui_method, callback_data);
- }
+ if (e == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ if (e->funct_ref == 0) {
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
+ ENGINE_R_NOT_INITIALISED);
+ return 0;
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ if (!e->load_ssl_client_cert) {
+ ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
+ ENGINE_R_NO_LOAD_FUNCTION);
+ return 0;
+ }
+ return e->load_ssl_client_cert(e, s, ca_dn, pcert, ppkey, pother,
+ ui_method, callback_data);
+}
diff --git a/openssl/crypto/engine/eng_rdrand.c b/openssl/crypto/engine/eng_rdrand.c
index 4e9e91d54..9316d6fe2 100644
--- a/openssl/crypto/engine/eng_rdrand.c
+++ b/openssl/crypto/engine/eng_rdrand.c
@@ -61,83 +61,89 @@
size_t OPENSSL_ia32_rdrand(void);
-static int get_random_bytes (unsigned char *buf, int num)
- {
- size_t rnd;
-
- while (num>=(int)sizeof(size_t)) {
- if ((rnd = OPENSSL_ia32_rdrand()) == 0) return 0;
-
- *((size_t *)buf) = rnd;
- buf += sizeof(size_t);
- num -= sizeof(size_t);
- }
- if (num) {
- if ((rnd = OPENSSL_ia32_rdrand()) == 0) return 0;
-
- memcpy (buf,&rnd,num);
- }
-
- return 1;
- }
-
-static int random_status (void)
-{ return 1; }
-
-static RAND_METHOD rdrand_meth =
- {
- NULL, /* seed */
- get_random_bytes,
- NULL, /* cleanup */
- NULL, /* add */
- get_random_bytes,
- random_status,
- };
+static int get_random_bytes(unsigned char *buf, int num)
+{
+ size_t rnd;
+
+ while (num >= (int)sizeof(size_t)) {
+ if ((rnd = OPENSSL_ia32_rdrand()) == 0)
+ return 0;
+
+ *((size_t *)buf) = rnd;
+ buf += sizeof(size_t);
+ num -= sizeof(size_t);
+ }
+ if (num) {
+ if ((rnd = OPENSSL_ia32_rdrand()) == 0)
+ return 0;
+
+ memcpy(buf, &rnd, num);
+ }
+
+ return 1;
+}
+
+static int random_status(void)
+{
+ return 1;
+}
+
+static RAND_METHOD rdrand_meth = {
+ NULL, /* seed */
+ get_random_bytes,
+ NULL, /* cleanup */
+ NULL, /* add */
+ get_random_bytes,
+ random_status,
+};
static int rdrand_init(ENGINE *e)
-{ return 1; }
+{
+ return 1;
+}
static const char *engine_e_rdrand_id = "rdrand";
static const char *engine_e_rdrand_name = "Intel RDRAND engine";
static int bind_helper(ENGINE *e)
- {
- if (!ENGINE_set_id(e, engine_e_rdrand_id) ||
- !ENGINE_set_name(e, engine_e_rdrand_name) ||
- !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL) ||
- !ENGINE_set_init_function(e, rdrand_init) ||
- !ENGINE_set_RAND(e, &rdrand_meth) )
- return 0;
+{
+ if (!ENGINE_set_id(e, engine_e_rdrand_id) ||
+ !ENGINE_set_name(e, engine_e_rdrand_name) ||
+ !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL) ||
+ !ENGINE_set_init_function(e, rdrand_init) ||
+ !ENGINE_set_RAND(e, &rdrand_meth))
+ return 0;
- return 1;
- }
+ return 1;
+}
static ENGINE *ENGINE_rdrand(void)
- {
- ENGINE *ret = ENGINE_new();
- if(!ret)
- return NULL;
- if(!bind_helper(ret))
- {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
- }
-
-void ENGINE_load_rdrand (void)
- {
- extern unsigned int OPENSSL_ia32cap_P[];
-
- if (OPENSSL_ia32cap_P[1] & (1<<(62-32)))
- {
- ENGINE *toadd = ENGINE_rdrand();
- if(!toadd) return;
- ENGINE_add(toadd);
- ENGINE_free(toadd);
- ERR_clear_error();
- }
- }
+{
+ ENGINE *ret = ENGINE_new();
+ if (!ret)
+ return NULL;
+ if (!bind_helper(ret)) {
+ ENGINE_free(ret);
+ return NULL;
+ }
+ return ret;
+}
+
+void ENGINE_load_rdrand(void)
+{
+ extern unsigned int OPENSSL_ia32cap_P[];
+
+ if (OPENSSL_ia32cap_P[1] & (1 << (62 - 32))) {
+ ENGINE *toadd = ENGINE_rdrand();
+ if (!toadd)
+ return;
+ ENGINE_add(toadd);
+ ENGINE_free(toadd);
+ ERR_clear_error();
+ }
+}
#else
-void ENGINE_load_rdrand (void) {}
+void ENGINE_load_rdrand(void)
+{
+}
#endif
diff --git a/openssl/crypto/engine/eng_rsax.c b/openssl/crypto/engine/eng_rsax.c
index 96e63477e..8362754c7 100644
--- a/openssl/crypto/engine/eng_rsax.c
+++ b/openssl/crypto/engine/eng_rsax.c
@@ -70,7 +70,7 @@
#include <openssl/buffer.h>
#include <openssl/engine.h>
#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
+# include <openssl/rsa.h>
#endif
#include <openssl/bn.h>
#include <openssl/err.h>
@@ -80,59 +80,60 @@
#if (defined(__x86_64) || defined(__x86_64__) || \
defined(_M_AMD64) || defined (_M_X64)) && !defined(OPENSSL_NO_ASM)
-#define COMPILE_RSAX
-static ENGINE *ENGINE_rsax (void);
+# define COMPILE_RSAX
+static ENGINE *ENGINE_rsax(void);
#endif
-void ENGINE_load_rsax (void)
- {
+void ENGINE_load_rsax(void)
+{
/* On non-x86 CPUs it just returns. */
#ifdef COMPILE_RSAX
- ENGINE *toadd = ENGINE_rsax();
- if(!toadd) return;
- ENGINE_add(toadd);
- ENGINE_free(toadd);
- ERR_clear_error();
+ ENGINE *toadd = ENGINE_rsax();
+ if (!toadd)
+ return;
+ ENGINE_add(toadd);
+ ENGINE_free(toadd);
+ ERR_clear_error();
#endif
- }
+}
#ifdef COMPILE_RSAX
-#define E_RSAX_LIB_NAME "rsax engine"
+# define E_RSAX_LIB_NAME "rsax engine"
static int e_rsax_destroy(ENGINE *e);
static int e_rsax_init(ENGINE *e);
static int e_rsax_finish(ENGINE *e);
-static int e_rsax_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
+static int e_rsax_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
-#ifndef OPENSSL_NO_RSA
+# ifndef OPENSSL_NO_RSA
/* RSA stuff */
-static int e_rsax_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
+static int e_rsax_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa,
+ BN_CTX *ctx);
static int e_rsax_rsa_finish(RSA *r);
-#endif
+# endif
static const ENGINE_CMD_DEFN e_rsax_cmd_defns[] = {
- {0, NULL, NULL, 0}
- };
+ {0, NULL, NULL, 0}
+};
-#ifndef OPENSSL_NO_RSA
+# ifndef OPENSSL_NO_RSA
/* Our internal RSA_METHOD that we provide pointers to */
-static RSA_METHOD e_rsax_rsa =
- {
- "Intel RSA-X method",
- NULL,
- NULL,
- NULL,
- NULL,
- e_rsax_rsa_mod_exp,
- NULL,
- NULL,
- e_rsax_rsa_finish,
- RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE,
- NULL,
- NULL,
- NULL
- };
-#endif
+static RSA_METHOD e_rsax_rsa = {
+ "Intel RSA-X method",
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ e_rsax_rsa_mod_exp,
+ NULL,
+ NULL,
+ e_rsax_rsa_finish,
+ RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE,
+ NULL,
+ NULL,
+ NULL
+};
+# endif
/* Constants used when creating the ENGINE */
static const char *engine_e_rsax_id = "rsax";
@@ -140,262 +141,266 @@ static const char *engine_e_rsax_name = "RSAX engine support";
/* This internal function is used by ENGINE_rsax() */
static int bind_helper(ENGINE *e)
- {
-#ifndef OPENSSL_NO_RSA
- const RSA_METHOD *meth1;
-#endif
- if(!ENGINE_set_id(e, engine_e_rsax_id) ||
- !ENGINE_set_name(e, engine_e_rsax_name) ||
-#ifndef OPENSSL_NO_RSA
- !ENGINE_set_RSA(e, &e_rsax_rsa) ||
-#endif
- !ENGINE_set_destroy_function(e, e_rsax_destroy) ||
- !ENGINE_set_init_function(e, e_rsax_init) ||
- !ENGINE_set_finish_function(e, e_rsax_finish) ||
- !ENGINE_set_ctrl_function(e, e_rsax_ctrl) ||
- !ENGINE_set_cmd_defns(e, e_rsax_cmd_defns))
- return 0;
+{
+# ifndef OPENSSL_NO_RSA
+ const RSA_METHOD *meth1;
+# endif
+ if (!ENGINE_set_id(e, engine_e_rsax_id) ||
+ !ENGINE_set_name(e, engine_e_rsax_name) ||
+# ifndef OPENSSL_NO_RSA
+ !ENGINE_set_RSA(e, &e_rsax_rsa) ||
+# endif
+ !ENGINE_set_destroy_function(e, e_rsax_destroy) ||
+ !ENGINE_set_init_function(e, e_rsax_init) ||
+ !ENGINE_set_finish_function(e, e_rsax_finish) ||
+ !ENGINE_set_ctrl_function(e, e_rsax_ctrl) ||
+ !ENGINE_set_cmd_defns(e, e_rsax_cmd_defns))
+ return 0;
-#ifndef OPENSSL_NO_RSA
- meth1 = RSA_PKCS1_SSLeay();
- e_rsax_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
- e_rsax_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
- e_rsax_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
- e_rsax_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
- e_rsax_rsa.bn_mod_exp = meth1->bn_mod_exp;
-#endif
- return 1;
- }
+# ifndef OPENSSL_NO_RSA
+ meth1 = RSA_PKCS1_SSLeay();
+ e_rsax_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+ e_rsax_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+ e_rsax_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+ e_rsax_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+ e_rsax_rsa.bn_mod_exp = meth1->bn_mod_exp;
+# endif
+ return 1;
+}
static ENGINE *ENGINE_rsax(void)
- {
- ENGINE *ret = ENGINE_new();
- if(!ret)
- return NULL;
- if(!bind_helper(ret))
- {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
- }
+{
+ ENGINE *ret = ENGINE_new();
+ if (!ret)
+ return NULL;
+ if (!bind_helper(ret)) {
+ ENGINE_free(ret);
+ return NULL;
+ }
+ return ret;
+}
-#ifndef OPENSSL_NO_RSA
+# ifndef OPENSSL_NO_RSA
/* Used to attach our own key-data to an RSA structure */
static int rsax_ex_data_idx = -1;
-#endif
+# endif
static int e_rsax_destroy(ENGINE *e)
- {
- return 1;
- }
+{
+ return 1;
+}
/* (de)initialisation functions. */
static int e_rsax_init(ENGINE *e)
- {
-#ifndef OPENSSL_NO_RSA
- if (rsax_ex_data_idx == -1)
- rsax_ex_data_idx = RSA_get_ex_new_index(0,
- NULL,
- NULL, NULL, NULL);
-#endif
- if (rsax_ex_data_idx == -1)
- return 0;
- return 1;
- }
+{
+# ifndef OPENSSL_NO_RSA
+ if (rsax_ex_data_idx == -1)
+ rsax_ex_data_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, NULL);
+# endif
+ if (rsax_ex_data_idx == -1)
+ return 0;
+ return 1;
+}
static int e_rsax_finish(ENGINE *e)
- {
- return 1;
- }
-
-static int e_rsax_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
- {
- int to_return = 1;
+{
+ return 1;
+}
- switch(cmd)
- {
- /* The command isn't understood by this engine */
- default:
- to_return = 0;
- break;
- }
+static int e_rsax_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+{
+ int to_return = 1;
- return to_return;
- }
+ switch (cmd) {
+ /* The command isn't understood by this engine */
+ default:
+ to_return = 0;
+ break;
+ }
+ return to_return;
+}
-#ifndef OPENSSL_NO_RSA
+# ifndef OPENSSL_NO_RSA
-#ifdef _WIN32
+# ifdef _WIN32
typedef unsigned __int64 UINT64;
-#else
+# else
typedef unsigned long long UINT64;
-#endif
+# endif
typedef unsigned short UINT16;
-/* Table t is interleaved in the following manner:
- * The order in memory is t[0][0], t[0][1], ..., t[0][7], t[1][0], ...
- * A particular 512-bit value is stored in t[][index] rather than the more
- * normal t[index][]; i.e. the qwords of a particular entry in t are not
- * adjacent in memory
+/*
+ * Table t is interleaved in the following manner: The order in memory is
+ * t[0][0], t[0][1], ..., t[0][7], t[1][0], ... A particular 512-bit value is
+ * stored in t[][index] rather than the more normal t[index][]; i.e. the
+ * qwords of a particular entry in t are not adjacent in memory
*/
/* Init BIGNUM b from the interleaved UINT64 array */
-static int interleaved_array_to_bn_512(BIGNUM* b, UINT64 *array);
+static int interleaved_array_to_bn_512(BIGNUM *b, UINT64 *array);
-/* Extract array elements from BIGNUM b
- * To set the whole array from b, call with n=8
+/*
+ * Extract array elements from BIGNUM b To set the whole array from b, call
+ * with n=8
*/
-static int bn_extract_to_array_512(const BIGNUM* b, unsigned int n, UINT64 *array);
+static int bn_extract_to_array_512(const BIGNUM *b, unsigned int n,
+ UINT64 *array);
struct mod_ctx_512 {
UINT64 t[8][8];
UINT64 m[8];
- UINT64 m1[8]; /* 2^278 % m */
- UINT64 m2[8]; /* 2^640 % m */
- UINT64 k1[2]; /* (- 1/m) % 2^128 */
+ UINT64 m1[8]; /* 2^278 % m */
+ UINT64 m2[8]; /* 2^640 % m */
+ UINT64 k1[2]; /* (- 1/m) % 2^128 */
};
static int mod_exp_pre_compute_data_512(UINT64 *m, struct mod_ctx_512 *data);
void mod_exp_512(UINT64 *result, /* 512 bits, 8 qwords */
- UINT64 *g, /* 512 bits, 8 qwords */
- UINT64 *exp, /* 512 bits, 8 qwords */
- struct mod_ctx_512 *data);
+ UINT64 *g, /* 512 bits, 8 qwords */
+ UINT64 *exp, /* 512 bits, 8 qwords */
+ struct mod_ctx_512 *data);
-typedef struct st_e_rsax_mod_ctx
-{
- UINT64 type;
- union {
- struct mod_ctx_512 b512;
- } ctx;
+typedef struct st_e_rsax_mod_ctx {
+ UINT64 type;
+ union {
+ struct mod_ctx_512 b512;
+ } ctx;
} E_RSAX_MOD_CTX;
-static E_RSAX_MOD_CTX *e_rsax_get_ctx(RSA *rsa, int idx, BIGNUM* m)
+static E_RSAX_MOD_CTX *e_rsax_get_ctx(RSA *rsa, int idx, BIGNUM *m)
{
- E_RSAX_MOD_CTX *hptr;
-
- if (idx < 0 || idx > 2)
- return NULL;
+ E_RSAX_MOD_CTX *hptr;
+
+ if (idx < 0 || idx > 2)
+ return NULL;
+
+ hptr = RSA_get_ex_data(rsa, rsax_ex_data_idx);
+ if (!hptr) {
+ hptr = OPENSSL_malloc(3 * sizeof(E_RSAX_MOD_CTX));
+ if (!hptr)
+ return NULL;
+ hptr[2].type = hptr[1].type = hptr[0].type = 0;
+ RSA_set_ex_data(rsa, rsax_ex_data_idx, hptr);
+ }
- hptr = RSA_get_ex_data(rsa, rsax_ex_data_idx);
- if (!hptr) {
- hptr = OPENSSL_malloc(3*sizeof(E_RSAX_MOD_CTX));
- if (!hptr) return NULL;
- hptr[2].type = hptr[1].type= hptr[0].type = 0;
- RSA_set_ex_data(rsa, rsax_ex_data_idx, hptr);
- }
+ if (hptr[idx].type == (UINT64)BN_num_bits(m))
+ return hptr + idx;
- if (hptr[idx].type == (UINT64)BN_num_bits(m))
- return hptr+idx;
+ if (BN_num_bits(m) == 512) {
+ UINT64 _m[8];
+ bn_extract_to_array_512(m, 8, _m);
+ memset(&hptr[idx].ctx.b512, 0, sizeof(struct mod_ctx_512));
+ mod_exp_pre_compute_data_512(_m, &hptr[idx].ctx.b512);
+ }
- if (BN_num_bits(m) == 512) {
- UINT64 _m[8];
- bn_extract_to_array_512(m, 8, _m);
- memset( &hptr[idx].ctx.b512, 0, sizeof(struct mod_ctx_512));
- mod_exp_pre_compute_data_512(_m, &hptr[idx].ctx.b512);
- }
-
- hptr[idx].type = BN_num_bits(m);
- return hptr+idx;
+ hptr[idx].type = BN_num_bits(m);
+ return hptr + idx;
}
static int e_rsax_rsa_finish(RSA *rsa)
- {
- E_RSAX_MOD_CTX *hptr = RSA_get_ex_data(rsa, rsax_ex_data_idx);
- if(hptr)
- {
- OPENSSL_free(hptr);
- RSA_set_ex_data(rsa, rsax_ex_data_idx, NULL);
- }
- if (rsa->_method_mod_n)
- BN_MONT_CTX_free(rsa->_method_mod_n);
- if (rsa->_method_mod_p)
- BN_MONT_CTX_free(rsa->_method_mod_p);
- if (rsa->_method_mod_q)
- BN_MONT_CTX_free(rsa->_method_mod_q);
- return 1;
- }
-
+{
+ E_RSAX_MOD_CTX *hptr = RSA_get_ex_data(rsa, rsax_ex_data_idx);
+ if (hptr) {
+ OPENSSL_free(hptr);
+ RSA_set_ex_data(rsa, rsax_ex_data_idx, NULL);
+ }
+ if (rsa->_method_mod_n)
+ BN_MONT_CTX_free(rsa->_method_mod_n);
+ if (rsa->_method_mod_p)
+ BN_MONT_CTX_free(rsa->_method_mod_p);
+ if (rsa->_method_mod_q)
+ BN_MONT_CTX_free(rsa->_method_mod_q);
+ return 1;
+}
static int e_rsax_bn_mod_exp(BIGNUM *r, const BIGNUM *g, const BIGNUM *e,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont, E_RSAX_MOD_CTX* rsax_mod_ctx )
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *in_mont,
+ E_RSAX_MOD_CTX *rsax_mod_ctx)
{
- if (rsax_mod_ctx && BN_get_flags(e, BN_FLG_CONSTTIME) != 0) {
- if (BN_num_bits(m) == 512) {
- UINT64 _r[8];
- UINT64 _g[8];
- UINT64 _e[8];
-
- /* Init the arrays from the BIGNUMs */
- bn_extract_to_array_512(g, 8, _g);
- bn_extract_to_array_512(e, 8, _e);
-
- mod_exp_512(_r, _g, _e, &rsax_mod_ctx->ctx.b512);
- /* Return the result in the BIGNUM */
- interleaved_array_to_bn_512(r, _r);
- return 1;
- }
+ if (rsax_mod_ctx && BN_get_flags(e, BN_FLG_CONSTTIME) != 0) {
+ if (BN_num_bits(m) == 512) {
+ UINT64 _r[8];
+ UINT64 _g[8];
+ UINT64 _e[8];
+
+ /* Init the arrays from the BIGNUMs */
+ bn_extract_to_array_512(g, 8, _g);
+ bn_extract_to_array_512(e, 8, _e);
+
+ mod_exp_512(_r, _g, _e, &rsax_mod_ctx->ctx.b512);
+ /* Return the result in the BIGNUM */
+ interleaved_array_to_bn_512(r, _r);
+ return 1;
}
+ }
- return BN_mod_exp_mont(r, g, e, m, ctx, in_mont);
+ return BN_mod_exp_mont(r, g, e, m, ctx, in_mont);
}
-/* Declares for the Intel CIAP 512-bit / CRT / 1024 bit RSA modular
+/*
+ * Declares for the Intel CIAP 512-bit / CRT / 1024 bit RSA modular
* exponentiation routine precalculations and a structure to hold the
- * necessary values. These files are meant to live in crypto/rsa/ in
- * the target openssl.
+ * necessary values. These files are meant to live in crypto/rsa/ in the
+ * target openssl.
*/
/*
* Local method: extracts a piece from a BIGNUM, to fit it into
* an array. Call with n=8 to extract an entire 512-bit BIGNUM
*/
-static int bn_extract_to_array_512(const BIGNUM* b, unsigned int n, UINT64 *array)
+static int bn_extract_to_array_512(const BIGNUM *b, unsigned int n,
+ UINT64 *array)
{
- int i;
- UINT64 tmp;
- unsigned char bn_buff[64];
- memset(bn_buff, 0, 64);
- if (BN_num_bytes(b) > 64) {
- printf ("Can't support this byte size\n");
- return 0; }
- if (BN_num_bytes(b)!=0) {
- if (!BN_bn2bin(b, bn_buff+(64-BN_num_bytes(b)))) {
- printf ("Error's in bn2bin\n");
- /* We have to error, here */
- return 0; } }
- while (n-- > 0) {
- array[n] = 0;
- for (i=7; i>=0; i--) {
- tmp = bn_buff[63-(n*8+i)];
- array[n] |= tmp << (8*i); } }
- return 1;
+ int i;
+ UINT64 tmp;
+ unsigned char bn_buff[64];
+ memset(bn_buff, 0, 64);
+ if (BN_num_bytes(b) > 64) {
+ printf("Can't support this byte size\n");
+ return 0;
+ }
+ if (BN_num_bytes(b) != 0) {
+ if (!BN_bn2bin(b, bn_buff + (64 - BN_num_bytes(b)))) {
+ printf("Error's in bn2bin\n");
+ /* We have to error, here */
+ return 0;
+ }
+ }
+ while (n-- > 0) {
+ array[n] = 0;
+ for (i = 7; i >= 0; i--) {
+ tmp = bn_buff[63 - (n * 8 + i)];
+ array[n] |= tmp << (8 * i);
+ }
+ }
+ return 1;
}
/* Init a 512-bit BIGNUM from the UINT64*_ (8 * 64) interleaved array */
-static int interleaved_array_to_bn_512(BIGNUM* b, UINT64 *array)
+static int interleaved_array_to_bn_512(BIGNUM *b, UINT64 *array)
{
- unsigned char tmp[64];
- int n=8;
- int i;
- while (n-- > 0) {
- for (i = 7; i>=0; i--) {
- tmp[63-(n*8+i)] = (unsigned char)(array[n]>>(8*i)); } }
- BN_bin2bn(tmp, 64, b);
- return 0;
+ unsigned char tmp[64];
+ int n = 8;
+ int i;
+ while (n-- > 0) {
+ for (i = 7; i >= 0; i--) {
+ tmp[63 - (n * 8 + i)] = (unsigned char)(array[n] >> (8 * i));
+ }}
+ BN_bin2bn(tmp, 64, b);
+ return 0;
}
-
/* The main 512bit precompute call */
static int mod_exp_pre_compute_data_512(UINT64 *m, struct mod_ctx_512 *data)
- {
+{
BIGNUM two_768, two_640, two_128, two_512, tmp, _m, tmp2;
/* We need a BN_CTX for the modulo functions */
- BN_CTX* ctx;
+ BN_CTX *ctx;
/* Some tmps */
UINT64 _t[8];
int i, j, ret = 0;
@@ -414,8 +419,10 @@ static int mod_exp_pre_compute_data_512(UINT64 *m, struct mod_ctx_512 *data)
BN_init(&tmp2);
/* Create our context */
- if ((ctx=BN_CTX_new()) == NULL) { goto err; }
- BN_CTX_start(ctx);
+ if ((ctx = BN_CTX_new()) == NULL) {
+ goto err;
+ }
+ BN_CTX_start(ctx);
/*
* For production, if you care, these only need to be set once,
@@ -429,19 +436,20 @@ static int mod_exp_pre_compute_data_512(UINT64 *m, struct mod_ctx_512 *data)
if (0 == (m[7] & 0x8000000000000000)) {
exit(1);
}
- if (0 == (m[0] & 0x1)) { /* Odd modulus required for Mont */
+ if (0 == (m[0] & 0x1)) { /* Odd modulus required for Mont */
exit(1);
}
/* Precompute m1 */
BN_mod(&tmp, &two_768, &_m, ctx);
if (!bn_extract_to_array_512(&tmp, 8, &data->m1[0])) {
- goto err; }
+ goto err;
+ }
/* Precompute m2 */
BN_mod(&tmp, &two_640, &_m, ctx);
if (!bn_extract_to_array_512(&tmp, 8, &data->m2[0])) {
- goto err;
+ goto err;
}
/*
@@ -449,32 +457,47 @@ static int mod_exp_pre_compute_data_512(UINT64 *m, struct mod_ctx_512 *data)
* be non-negative.
*/
BN_mod_inverse(&tmp, &_m, &two_128, ctx);
- if (!BN_is_zero(&tmp)) { BN_sub(&tmp, &two_128, &tmp); }
+ if (!BN_is_zero(&tmp)) {
+ BN_sub(&tmp, &two_128, &tmp);
+ }
if (!bn_extract_to_array_512(&tmp, 2, &data->k1[0])) {
- goto err; }
+ goto err;
+ }
/* Precompute t */
- for (i=0; i<8; i++) {
+ for (i = 0; i < 8; i++) {
BN_zero(&tmp);
- if (i & 1) { BN_add(&tmp, &two_512, &tmp); }
- if (i & 2) { BN_add(&tmp, &two_512, &tmp); }
- if (i & 4) { BN_add(&tmp, &two_640, &tmp); }
+ if (i & 1) {
+ BN_add(&tmp, &two_512, &tmp);
+ }
+ if (i & 2) {
+ BN_add(&tmp, &two_512, &tmp);
+ }
+ if (i & 4) {
+ BN_add(&tmp, &two_640, &tmp);
+ }
BN_nnmod(&tmp2, &tmp, &_m, ctx);
if (!bn_extract_to_array_512(&tmp2, 8, _t)) {
- goto err; }
- for (j=0; j<8; j++) data->t[j][i] = _t[j]; }
+ goto err;
+ }
+ for (j = 0; j < 8; j++)
+ data->t[j][i] = _t[j];
+ }
/* Precompute m */
- for (i=0; i<8; i++) {
- data->m[i] = m[i]; }
+ for (i = 0; i < 8; i++) {
+ data->m[i] = m[i];
+ }
ret = 1;
-err:
+ err:
/* Cleanup */
- if (ctx != NULL) {
- BN_CTX_end(ctx); BN_CTX_free(ctx); }
+ if (ctx != NULL) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
BN_free(&two_768);
BN_free(&two_640);
BN_free(&two_128);
@@ -486,183 +509,193 @@ err:
return ret;
}
+static int e_rsax_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+ BN_CTX *ctx)
+{
+ BIGNUM *r1, *m1, *vrfy;
+ BIGNUM local_dmp1, local_dmq1, local_c, local_r1;
+ BIGNUM *dmp1, *dmq1, *c, *pr1;
+ int ret = 0;
+
+ BN_CTX_start(ctx);
+ r1 = BN_CTX_get(ctx);
+ m1 = BN_CTX_get(ctx);
+ vrfy = BN_CTX_get(ctx);
+
+ {
+ BIGNUM local_p, local_q;
+ BIGNUM *p = NULL, *q = NULL;
+ int error = 0;
+
+ /*
+ * Make sure BN_mod_inverse in Montgomery intialization uses the
+ * BN_FLG_CONSTTIME flag (unless RSA_FLAG_NO_CONSTTIME is set)
+ */
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ BN_init(&local_p);
+ p = &local_p;
+ BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
+
+ BN_init(&local_q);
+ q = &local_q;
+ BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME);
+ } else {
+ p = rsa->p;
+ q = rsa->q;
+ }
+
+ if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) {
+ if (!BN_MONT_CTX_set_locked
+ (&rsa->_method_mod_p, CRYPTO_LOCK_RSA, p, ctx))
+ error = 1;
+ if (!BN_MONT_CTX_set_locked
+ (&rsa->_method_mod_q, CRYPTO_LOCK_RSA, q, ctx))
+ error = 1;
+ }
+
+ /* clean up */
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ BN_free(&local_p);
+ BN_free(&local_q);
+ }
+ if (error)
+ goto err;
+ }
+
+ if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+ if (!BN_MONT_CTX_set_locked
+ (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
+ goto err;
+
+ /* compute I mod q */
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ c = &local_c;
+ BN_with_flags(c, I, BN_FLG_CONSTTIME);
+ if (!BN_mod(r1, c, rsa->q, ctx))
+ goto err;
+ } else {
+ if (!BN_mod(r1, I, rsa->q, ctx))
+ goto err;
+ }
+
+ /* compute r1^dmq1 mod q */
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ dmq1 = &local_dmq1;
+ BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME);
+ } else
+ dmq1 = rsa->dmq1;
+
+ if (!e_rsax_bn_mod_exp(m1, r1, dmq1, rsa->q, ctx,
+ rsa->_method_mod_q, e_rsax_get_ctx(rsa, 0,
+ rsa->q)))
+ goto err;
+
+ /* compute I mod p */
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ c = &local_c;
+ BN_with_flags(c, I, BN_FLG_CONSTTIME);
+ if (!BN_mod(r1, c, rsa->p, ctx))
+ goto err;
+ } else {
+ if (!BN_mod(r1, I, rsa->p, ctx))
+ goto err;
+ }
+
+ /* compute r1^dmp1 mod p */
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ dmp1 = &local_dmp1;
+ BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME);
+ } else
+ dmp1 = rsa->dmp1;
+
+ if (!e_rsax_bn_mod_exp(r0, r1, dmp1, rsa->p, ctx,
+ rsa->_method_mod_p, e_rsax_get_ctx(rsa, 1,
+ rsa->p)))
+ goto err;
-static int e_rsax_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
- {
- BIGNUM *r1,*m1,*vrfy;
- BIGNUM local_dmp1,local_dmq1,local_c,local_r1;
- BIGNUM *dmp1,*dmq1,*c,*pr1;
- int ret=0;
-
- BN_CTX_start(ctx);
- r1 = BN_CTX_get(ctx);
- m1 = BN_CTX_get(ctx);
- vrfy = BN_CTX_get(ctx);
-
- {
- BIGNUM local_p, local_q;
- BIGNUM *p = NULL, *q = NULL;
- int error = 0;
-
- /* Make sure BN_mod_inverse in Montgomery
- * intialization uses the BN_FLG_CONSTTIME flag
- * (unless RSA_FLAG_NO_CONSTTIME is set)
- */
- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
- {
- BN_init(&local_p);
- p = &local_p;
- BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
-
- BN_init(&local_q);
- q = &local_q;
- BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME);
- }
- else
- {
- p = rsa->p;
- q = rsa->q;
- }
-
- if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
- {
- if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_p, CRYPTO_LOCK_RSA, p, ctx))
- error = 1;
- if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_q, CRYPTO_LOCK_RSA, q, ctx))
- error = 1;
- }
-
- /* clean up */
- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
- {
- BN_free(&local_p);
- BN_free(&local_q);
- }
- if ( error )
- goto err;
- }
-
- if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
- if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
- goto err;
-
- /* compute I mod q */
- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
- {
- c = &local_c;
- BN_with_flags(c, I, BN_FLG_CONSTTIME);
- if (!BN_mod(r1,c,rsa->q,ctx)) goto err;
- }
- else
- {
- if (!BN_mod(r1,I,rsa->q,ctx)) goto err;
- }
-
- /* compute r1^dmq1 mod q */
- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
- {
- dmq1 = &local_dmq1;
- BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME);
- }
- else
- dmq1 = rsa->dmq1;
-
- if (!e_rsax_bn_mod_exp(m1,r1,dmq1,rsa->q,ctx,
- rsa->_method_mod_q, e_rsax_get_ctx(rsa, 0, rsa->q) )) goto err;
-
- /* compute I mod p */
- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
- {
- c = &local_c;
- BN_with_flags(c, I, BN_FLG_CONSTTIME);
- if (!BN_mod(r1,c,rsa->p,ctx)) goto err;
- }
- else
- {
- if (!BN_mod(r1,I,rsa->p,ctx)) goto err;
- }
-
- /* compute r1^dmp1 mod p */
- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
- {
- dmp1 = &local_dmp1;
- BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME);
- }
- else
- dmp1 = rsa->dmp1;
-
- if (!e_rsax_bn_mod_exp(r0,r1,dmp1,rsa->p,ctx,
- rsa->_method_mod_p, e_rsax_get_ctx(rsa, 1, rsa->p) )) goto err;
-
- if (!BN_sub(r0,r0,m1)) goto err;
- /* This will help stop the size of r0 increasing, which does
- * affect the multiply if it optimised for a power of 2 size */
- if (BN_is_negative(r0))
- if (!BN_add(r0,r0,rsa->p)) goto err;
-
- if (!BN_mul(r1,r0,rsa->iqmp,ctx)) goto err;
-
- /* Turn BN_FLG_CONSTTIME flag on before division operation */
- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
- {
- pr1 = &local_r1;
- BN_with_flags(pr1, r1, BN_FLG_CONSTTIME);
- }
- else
- pr1 = r1;
- if (!BN_mod(r0,pr1,rsa->p,ctx)) goto err;
-
- /* If p < q it is occasionally possible for the correction of
- * adding 'p' if r0 is negative above to leave the result still
- * negative. This can break the private key operations: the following
- * second correction should *always* correct this rare occurrence.
- * This will *never* happen with OpenSSL generated keys because
- * they ensure p > q [steve]
+ if (!BN_sub(r0, r0, m1))
+ goto err;
+ /*
+ * This will help stop the size of r0 increasing, which does affect the
+ * multiply if it optimised for a power of 2 size
+ */
+ if (BN_is_negative(r0))
+ if (!BN_add(r0, r0, rsa->p))
+ goto err;
+
+ if (!BN_mul(r1, r0, rsa->iqmp, ctx))
+ goto err;
+
+ /* Turn BN_FLG_CONSTTIME flag on before division operation */
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ pr1 = &local_r1;
+ BN_with_flags(pr1, r1, BN_FLG_CONSTTIME);
+ } else
+ pr1 = r1;
+ if (!BN_mod(r0, pr1, rsa->p, ctx))
+ goto err;
+
+ /*
+ * If p < q it is occasionally possible for the correction of adding 'p'
+ * if r0 is negative above to leave the result still negative. This can
+ * break the private key operations: the following second correction
+ * should *always* correct this rare occurrence. This will *never* happen
+ * with OpenSSL generated keys because they ensure p > q [steve]
+ */
+ if (BN_is_negative(r0))
+ if (!BN_add(r0, r0, rsa->p))
+ goto err;
+ if (!BN_mul(r1, r0, rsa->q, ctx))
+ goto err;
+ if (!BN_add(r0, r1, m1))
+ goto err;
+
+ if (rsa->e && rsa->n) {
+ if (!e_rsax_bn_mod_exp
+ (vrfy, r0, rsa->e, rsa->n, ctx, rsa->_method_mod_n,
+ e_rsax_get_ctx(rsa, 2, rsa->n)))
+ goto err;
+
+ /*
+ * If 'I' was greater than (or equal to) rsa->n, the operation will
+ * be equivalent to using 'I mod n'. However, the result of the
+ * verify will *always* be less than 'n' so we don't check for
+ * absolute equality, just congruency.
*/
- if (BN_is_negative(r0))
- if (!BN_add(r0,r0,rsa->p)) goto err;
- if (!BN_mul(r1,r0,rsa->q,ctx)) goto err;
- if (!BN_add(r0,r1,m1)) goto err;
-
- if (rsa->e && rsa->n)
- {
- if (!e_rsax_bn_mod_exp(vrfy,r0,rsa->e,rsa->n,ctx,rsa->_method_mod_n, e_rsax_get_ctx(rsa, 2, rsa->n) ))
- goto err;
-
- /* If 'I' was greater than (or equal to) rsa->n, the operation
- * will be equivalent to using 'I mod n'. However, the result of
- * the verify will *always* be less than 'n' so we don't check
- * for absolute equality, just congruency. */
- if (!BN_sub(vrfy, vrfy, I)) goto err;
- if (!BN_mod(vrfy, vrfy, rsa->n, ctx)) goto err;
- if (BN_is_negative(vrfy))
- if (!BN_add(vrfy, vrfy, rsa->n)) goto err;
- if (!BN_is_zero(vrfy))
- {
- /* 'I' and 'vrfy' aren't congruent mod n. Don't leak
- * miscalculated CRT output, just do a raw (slower)
- * mod_exp and return that instead. */
-
- BIGNUM local_d;
- BIGNUM *d = NULL;
-
- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
- {
- d = &local_d;
- BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
- }
- else
- d = rsa->d;
- if (!e_rsax_bn_mod_exp(r0,I,d,rsa->n,ctx,
- rsa->_method_mod_n, e_rsax_get_ctx(rsa, 2, rsa->n) )) goto err;
- }
- }
- ret=1;
-
-err:
- BN_CTX_end(ctx);
-
- return ret;
- }
-#endif /* !OPENSSL_NO_RSA */
-#endif /* !COMPILE_RSAX */
+ if (!BN_sub(vrfy, vrfy, I))
+ goto err;
+ if (!BN_mod(vrfy, vrfy, rsa->n, ctx))
+ goto err;
+ if (BN_is_negative(vrfy))
+ if (!BN_add(vrfy, vrfy, rsa->n))
+ goto err;
+ if (!BN_is_zero(vrfy)) {
+ /*
+ * 'I' and 'vrfy' aren't congruent mod n. Don't leak
+ * miscalculated CRT output, just do a raw (slower) mod_exp and
+ * return that instead.
+ */
+
+ BIGNUM local_d;
+ BIGNUM *d = NULL;
+
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ d = &local_d;
+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+ } else
+ d = rsa->d;
+ if (!e_rsax_bn_mod_exp(r0, I, d, rsa->n, ctx,
+ rsa->_method_mod_n, e_rsax_get_ctx(rsa, 2,
+ rsa->n)))
+ goto err;
+ }
+ }
+ ret = 1;
+
+ err:
+ BN_CTX_end(ctx);
+
+ return ret;
+}
+# endif /* !OPENSSL_NO_RSA */
+#endif /* !COMPILE_RSAX */
diff --git a/openssl/crypto/engine/eng_table.c b/openssl/crypto/engine/eng_table.c
index 4fde94818..27d31f70c 100644
--- a/openssl/crypto/engine/eng_table.c
+++ b/openssl/crypto/engine/eng_table.c
@@ -6,7 +6,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -58,294 +58,301 @@
#include "eng_int.h"
/* The type of the items in the table */
-typedef struct st_engine_pile
- {
- /* The 'nid' of this algorithm/mode */
- int nid;
- /* ENGINEs that implement this algorithm/mode. */
- STACK_OF(ENGINE) *sk;
- /* The default ENGINE to perform this algorithm/mode. */
- ENGINE *funct;
- /* Zero if 'sk' is newer than the cached 'funct', non-zero otherwise */
- int uptodate;
- } ENGINE_PILE;
+typedef struct st_engine_pile {
+ /* The 'nid' of this algorithm/mode */
+ int nid;
+ /* ENGINEs that implement this algorithm/mode. */
+ STACK_OF(ENGINE) *sk;
+ /* The default ENGINE to perform this algorithm/mode. */
+ ENGINE *funct;
+ /*
+ * Zero if 'sk' is newer than the cached 'funct', non-zero otherwise
+ */
+ int uptodate;
+} ENGINE_PILE;
DECLARE_LHASH_OF(ENGINE_PILE);
/* The type exposed in eng_int.h */
-struct st_engine_table
- {
- LHASH_OF(ENGINE_PILE) piles;
- }; /* ENGINE_TABLE */
+struct st_engine_table {
+ LHASH_OF(ENGINE_PILE) piles;
+}; /* ENGINE_TABLE */
-
-typedef struct st_engine_pile_doall
- {
- engine_table_doall_cb *cb;
- void *arg;
- } ENGINE_PILE_DOALL;
-
+typedef struct st_engine_pile_doall {
+ engine_table_doall_cb *cb;
+ void *arg;
+} ENGINE_PILE_DOALL;
/* Global flags (ENGINE_TABLE_FLAG_***). */
static unsigned int table_flags = 0;
/* API function manipulating 'table_flags' */
unsigned int ENGINE_get_table_flags(void)
- {
- return table_flags;
- }
+{
+ return table_flags;
+}
void ENGINE_set_table_flags(unsigned int flags)
- {
- table_flags = flags;
- }
+{
+ table_flags = flags;
+}
/* Internal functions for the "piles" hash table */
static unsigned long engine_pile_hash(const ENGINE_PILE *c)
- {
- return c->nid;
- }
+{
+ return c->nid;
+}
static int engine_pile_cmp(const ENGINE_PILE *a, const ENGINE_PILE *b)
- {
- return a->nid - b->nid;
- }
+{
+ return a->nid - b->nid;
+}
+
static IMPLEMENT_LHASH_HASH_FN(engine_pile, ENGINE_PILE)
static IMPLEMENT_LHASH_COMP_FN(engine_pile, ENGINE_PILE)
static int int_table_check(ENGINE_TABLE **t, int create)
- {
- LHASH_OF(ENGINE_PILE) *lh;
+{
+ LHASH_OF(ENGINE_PILE) *lh;
- if(*t) return 1;
- if(!create) return 0;
- if((lh = lh_ENGINE_PILE_new()) == NULL)
- return 0;
- *t = (ENGINE_TABLE *)lh;
- return 1;
- }
+ if (*t)
+ return 1;
+ if (!create)
+ return 0;
+ if ((lh = lh_ENGINE_PILE_new()) == NULL)
+ return 0;
+ *t = (ENGINE_TABLE *)lh;
+ return 1;
+}
-/* Privately exposed (via eng_int.h) functions for adding and/or removing
- * ENGINEs from the implementation table */
+/*
+ * Privately exposed (via eng_int.h) functions for adding and/or removing
+ * ENGINEs from the implementation table
+ */
int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
- ENGINE *e, const int *nids, int num_nids, int setdefault)
- {
- int ret = 0, added = 0;
- ENGINE_PILE tmplate, *fnd;
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- if(!(*table))
- added = 1;
- if(!int_table_check(table, 1))
- goto end;
- if(added)
- /* The cleanup callback needs to be added */
- engine_cleanup_add_first(cleanup);
- while(num_nids--)
- {
- tmplate.nid = *nids;
- fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate);
- if(!fnd)
- {
- fnd = OPENSSL_malloc(sizeof(ENGINE_PILE));
- if(!fnd) goto end;
- fnd->uptodate = 1;
- fnd->nid = *nids;
- fnd->sk = sk_ENGINE_new_null();
- if(!fnd->sk)
- {
- OPENSSL_free(fnd);
- goto end;
- }
- fnd->funct = NULL;
- (void)lh_ENGINE_PILE_insert(&(*table)->piles, fnd);
- }
- /* A registration shouldn't add duplciate entries */
- (void)sk_ENGINE_delete_ptr(fnd->sk, e);
- /* if 'setdefault', this ENGINE goes to the head of the list */
- if(!sk_ENGINE_push(fnd->sk, e))
- goto end;
- /* "touch" this ENGINE_PILE */
- fnd->uptodate = 0;
- if(setdefault)
- {
- if(!engine_unlocked_init(e))
- {
- ENGINEerr(ENGINE_F_ENGINE_TABLE_REGISTER,
- ENGINE_R_INIT_FAILED);
- goto end;
- }
- if(fnd->funct)
- engine_unlocked_finish(fnd->funct, 0);
- fnd->funct = e;
- fnd->uptodate = 1;
- }
- nids++;
- }
- ret = 1;
-end:
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- return ret;
- }
+ ENGINE *e, const int *nids, int num_nids,
+ int setdefault)
+{
+ int ret = 0, added = 0;
+ ENGINE_PILE tmplate, *fnd;
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ if (!(*table))
+ added = 1;
+ if (!int_table_check(table, 1))
+ goto end;
+ if (added)
+ /* The cleanup callback needs to be added */
+ engine_cleanup_add_first(cleanup);
+ while (num_nids--) {
+ tmplate.nid = *nids;
+ fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate);
+ if (!fnd) {
+ fnd = OPENSSL_malloc(sizeof(ENGINE_PILE));
+ if (!fnd)
+ goto end;
+ fnd->uptodate = 1;
+ fnd->nid = *nids;
+ fnd->sk = sk_ENGINE_new_null();
+ if (!fnd->sk) {
+ OPENSSL_free(fnd);
+ goto end;
+ }
+ fnd->funct = NULL;
+ (void)lh_ENGINE_PILE_insert(&(*table)->piles, fnd);
+ }
+ /* A registration shouldn't add duplciate entries */
+ (void)sk_ENGINE_delete_ptr(fnd->sk, e);
+ /*
+ * if 'setdefault', this ENGINE goes to the head of the list
+ */
+ if (!sk_ENGINE_push(fnd->sk, e))
+ goto end;
+ /* "touch" this ENGINE_PILE */
+ fnd->uptodate = 0;
+ if (setdefault) {
+ if (!engine_unlocked_init(e)) {
+ ENGINEerr(ENGINE_F_ENGINE_TABLE_REGISTER,
+ ENGINE_R_INIT_FAILED);
+ goto end;
+ }
+ if (fnd->funct)
+ engine_unlocked_finish(fnd->funct, 0);
+ fnd->funct = e;
+ fnd->uptodate = 1;
+ }
+ nids++;
+ }
+ ret = 1;
+ end:
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ return ret;
+}
+
static void int_unregister_cb_doall_arg(ENGINE_PILE *pile, ENGINE *e)
- {
- int n;
- /* Iterate the 'c->sk' stack removing any occurance of 'e' */
- while((n = sk_ENGINE_find(pile->sk, e)) >= 0)
- {
- (void)sk_ENGINE_delete(pile->sk, n);
- pile->uptodate = 0;
- }
- if(pile->funct == e)
- {
- engine_unlocked_finish(e, 0);
- pile->funct = NULL;
- }
- }
+{
+ int n;
+ /* Iterate the 'c->sk' stack removing any occurance of 'e' */
+ while ((n = sk_ENGINE_find(pile->sk, e)) >= 0) {
+ (void)sk_ENGINE_delete(pile->sk, n);
+ pile->uptodate = 0;
+ }
+ if (pile->funct == e) {
+ engine_unlocked_finish(e, 0);
+ pile->funct = NULL;
+ }
+}
+
static IMPLEMENT_LHASH_DOALL_ARG_FN(int_unregister_cb, ENGINE_PILE, ENGINE)
void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- if(int_table_check(table, 0))
- lh_ENGINE_PILE_doall_arg(&(*table)->piles,
- LHASH_DOALL_ARG_FN(int_unregister_cb),
- ENGINE, e);
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- }
+{
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ if (int_table_check(table, 0))
+ lh_ENGINE_PILE_doall_arg(&(*table)->piles,
+ LHASH_DOALL_ARG_FN(int_unregister_cb),
+ ENGINE, e);
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+}
static void int_cleanup_cb_doall(ENGINE_PILE *p)
- {
- sk_ENGINE_free(p->sk);
- if(p->funct)
- engine_unlocked_finish(p->funct, 0);
- OPENSSL_free(p);
- }
+{
+ sk_ENGINE_free(p->sk);
+ if (p->funct)
+ engine_unlocked_finish(p->funct, 0);
+ OPENSSL_free(p);
+}
+
static IMPLEMENT_LHASH_DOALL_FN(int_cleanup_cb, ENGINE_PILE)
void engine_table_cleanup(ENGINE_TABLE **table)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- if(*table)
- {
- lh_ENGINE_PILE_doall(&(*table)->piles,
- LHASH_DOALL_FN(int_cleanup_cb));
- lh_ENGINE_PILE_free(&(*table)->piles);
- *table = NULL;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- }
+{
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ if (*table) {
+ lh_ENGINE_PILE_doall(&(*table)->piles,
+ LHASH_DOALL_FN(int_cleanup_cb));
+ lh_ENGINE_PILE_free(&(*table)->piles);
+ *table = NULL;
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+}
/* return a functional reference for a given 'nid' */
#ifndef ENGINE_TABLE_DEBUG
ENGINE *engine_table_select(ENGINE_TABLE **table, int nid)
#else
-ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, int l)
+ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f,
+ int l)
#endif
- {
- ENGINE *ret = NULL;
- ENGINE_PILE tmplate, *fnd=NULL;
- int initres, loop = 0;
+{
+ ENGINE *ret = NULL;
+ ENGINE_PILE tmplate, *fnd = NULL;
+ int initres, loop = 0;
- if(!(*table))
- {
+ if (!(*table)) {
#ifdef ENGINE_TABLE_DEBUG
- fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, nothing "
- "registered!\n", f, l, nid);
+ fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, nothing "
+ "registered!\n", f, l, nid);
#endif
- return NULL;
- }
- ERR_set_mark();
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- /* Check again inside the lock otherwise we could race against cleanup
- * operations. But don't worry about a fprintf(stderr). */
- if(!int_table_check(table, 0)) goto end;
- tmplate.nid = nid;
- fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate);
- if(!fnd) goto end;
- if(fnd->funct && engine_unlocked_init(fnd->funct))
- {
+ return NULL;
+ }
+ ERR_set_mark();
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ /*
+ * Check again inside the lock otherwise we could race against cleanup
+ * operations. But don't worry about a fprintf(stderr).
+ */
+ if (!int_table_check(table, 0))
+ goto end;
+ tmplate.nid = nid;
+ fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate);
+ if (!fnd)
+ goto end;
+ if (fnd->funct && engine_unlocked_init(fnd->funct)) {
#ifdef ENGINE_TABLE_DEBUG
- fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using "
- "ENGINE '%s' cached\n", f, l, nid, fnd->funct->id);
+ fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using "
+ "ENGINE '%s' cached\n", f, l, nid, fnd->funct->id);
#endif
- ret = fnd->funct;
- goto end;
- }
- if(fnd->uptodate)
- {
- ret = fnd->funct;
- goto end;
- }
-trynext:
- ret = sk_ENGINE_value(fnd->sk, loop++);
- if(!ret)
- {
+ ret = fnd->funct;
+ goto end;
+ }
+ if (fnd->uptodate) {
+ ret = fnd->funct;
+ goto end;
+ }
+ trynext:
+ ret = sk_ENGINE_value(fnd->sk, loop++);
+ if (!ret) {
#ifdef ENGINE_TABLE_DEBUG
- fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, no "
- "registered implementations would initialise\n",
- f, l, nid);
+ fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, no "
+ "registered implementations would initialise\n", f, l, nid);
#endif
- goto end;
- }
- /* Try to initialise the ENGINE? */
- if((ret->funct_ref > 0) || !(table_flags & ENGINE_TABLE_FLAG_NOINIT))
- initres = engine_unlocked_init(ret);
- else
- initres = 0;
- if(initres)
- {
- /* Update 'funct' */
- if((fnd->funct != ret) && engine_unlocked_init(ret))
- {
- /* If there was a previous default we release it. */
- if(fnd->funct)
- engine_unlocked_finish(fnd->funct, 0);
- fnd->funct = ret;
+ goto end;
+ }
+ /* Try to initialise the ENGINE? */
+ if ((ret->funct_ref > 0) || !(table_flags & ENGINE_TABLE_FLAG_NOINIT))
+ initres = engine_unlocked_init(ret);
+ else
+ initres = 0;
+ if (initres) {
+ /* Update 'funct' */
+ if ((fnd->funct != ret) && engine_unlocked_init(ret)) {
+ /* If there was a previous default we release it. */
+ if (fnd->funct)
+ engine_unlocked_finish(fnd->funct, 0);
+ fnd->funct = ret;
#ifdef ENGINE_TABLE_DEBUG
- fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, "
- "setting default to '%s'\n", f, l, nid, ret->id);
+ fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, "
+ "setting default to '%s'\n", f, l, nid, ret->id);
#endif
- }
+ }
#ifdef ENGINE_TABLE_DEBUG
- fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using "
- "newly initialised '%s'\n", f, l, nid, ret->id);
+ fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using "
+ "newly initialised '%s'\n", f, l, nid, ret->id);
#endif
- goto end;
- }
- goto trynext;
-end:
- /* If it failed, it is unlikely to succeed again until some future
- * registrations have taken place. In all cases, we cache. */
- if(fnd) fnd->uptodate = 1;
+ goto end;
+ }
+ goto trynext;
+ end:
+ /*
+ * If it failed, it is unlikely to succeed again until some future
+ * registrations have taken place. In all cases, we cache.
+ */
+ if (fnd)
+ fnd->uptodate = 1;
#ifdef ENGINE_TABLE_DEBUG
- if(ret)
- fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "
- "ENGINE '%s'\n", f, l, nid, ret->id);
- else
- fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "
- "'no matching ENGINE'\n", f, l, nid);
+ if (ret)
+ fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "
+ "ENGINE '%s'\n", f, l, nid, ret->id);
+ else
+ fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "
+ "'no matching ENGINE'\n", f, l, nid);
#endif
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- /* Whatever happened, any failed init()s are not failures in this
- * context, so clear our error state. */
- ERR_pop_to_mark();
- return ret;
- }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ /*
+ * Whatever happened, any failed init()s are not failures in this
+ * context, so clear our error state.
+ */
+ ERR_pop_to_mark();
+ return ret;
+}
/* Table enumeration */
static void int_cb_doall_arg(ENGINE_PILE *pile, ENGINE_PILE_DOALL *dall)
- {
- dall->cb(pile->nid, pile->sk, pile->funct, dall->arg);
- }
-static IMPLEMENT_LHASH_DOALL_ARG_FN(int_cb, ENGINE_PILE,ENGINE_PILE_DOALL)
+{
+ dall->cb(pile->nid, pile->sk, pile->funct, dall->arg);
+}
+
+static IMPLEMENT_LHASH_DOALL_ARG_FN(int_cb, ENGINE_PILE, ENGINE_PILE_DOALL)
void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb,
- void *arg)
- {
- ENGINE_PILE_DOALL dall;
- dall.cb = cb;
- dall.arg = arg;
- lh_ENGINE_PILE_doall_arg(&table->piles, LHASH_DOALL_ARG_FN(int_cb),
- ENGINE_PILE_DOALL, &dall);
- }
+ void *arg)
+{
+ ENGINE_PILE_DOALL dall;
+ dall.cb = cb;
+ dall.arg = arg;
+ if (table)
+ lh_ENGINE_PILE_doall_arg(&table->piles,
+ LHASH_DOALL_ARG_FN(int_cb),
+ ENGINE_PILE_DOALL, &dall);
+}
diff --git a/openssl/crypto/engine/engine.h b/openssl/crypto/engine/engine.h
index f8be49772..bd7b59144 100644
--- a/openssl/crypto/engine/engine.h
+++ b/openssl/crypto/engine/engine.h
@@ -1,6 +1,7 @@
/* openssl/engine.h */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
+/*
+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
+ * 2000.
*/
/* ====================================================================
* Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
@@ -10,7 +11,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -57,241 +58,294 @@
*/
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by
+ * ECDH support in OpenSSL originally developed by
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
*/
#ifndef HEADER_ENGINE_H
-#define HEADER_ENGINE_H
-
-#include <openssl/opensslconf.h>
-
-#ifdef OPENSSL_NO_ENGINE
-#error ENGINE is disabled.
-#endif
-
-#ifndef OPENSSL_NO_DEPRECATED
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#ifndef OPENSSL_NO_ECDH
-#include <openssl/ecdh.h>
-#endif
-#ifndef OPENSSL_NO_ECDSA
-#include <openssl/ecdsa.h>
-#endif
-#include <openssl/rand.h>
-#include <openssl/ui.h>
-#include <openssl/err.h>
-#endif
-
-#include <openssl/ossl_typ.h>
-#include <openssl/symhacks.h>
-
-#include <openssl/x509.h>
+# define HEADER_ENGINE_H
+
+# include <openssl/opensslconf.h>
+
+# ifdef OPENSSL_NO_ENGINE
+# error ENGINE is disabled.
+# endif
+
+# ifndef OPENSSL_NO_DEPRECATED
+# include <openssl/bn.h>
+# ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+# endif
+# ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+# endif
+# ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+# endif
+# ifndef OPENSSL_NO_ECDH
+# include <openssl/ecdh.h>
+# endif
+# ifndef OPENSSL_NO_ECDSA
+# include <openssl/ecdsa.h>
+# endif
+# include <openssl/rand.h>
+# include <openssl/ui.h>
+# include <openssl/err.h>
+# endif
+
+# include <openssl/ossl_typ.h>
+# include <openssl/symhacks.h>
+
+# include <openssl/x509.h>
#ifdef __cplusplus
extern "C" {
#endif
-/* These flags are used to control combinations of algorithm (methods)
- * by bitwise "OR"ing. */
-#define ENGINE_METHOD_RSA (unsigned int)0x0001
-#define ENGINE_METHOD_DSA (unsigned int)0x0002
-#define ENGINE_METHOD_DH (unsigned int)0x0004
-#define ENGINE_METHOD_RAND (unsigned int)0x0008
-#define ENGINE_METHOD_ECDH (unsigned int)0x0010
-#define ENGINE_METHOD_ECDSA (unsigned int)0x0020
-#define ENGINE_METHOD_CIPHERS (unsigned int)0x0040
-#define ENGINE_METHOD_DIGESTS (unsigned int)0x0080
-#define ENGINE_METHOD_STORE (unsigned int)0x0100
-#define ENGINE_METHOD_PKEY_METHS (unsigned int)0x0200
-#define ENGINE_METHOD_PKEY_ASN1_METHS (unsigned int)0x0400
+/*
+ * These flags are used to control combinations of algorithm (methods) by
+ * bitwise "OR"ing.
+ */
+# define ENGINE_METHOD_RSA (unsigned int)0x0001
+# define ENGINE_METHOD_DSA (unsigned int)0x0002
+# define ENGINE_METHOD_DH (unsigned int)0x0004
+# define ENGINE_METHOD_RAND (unsigned int)0x0008
+# define ENGINE_METHOD_ECDH (unsigned int)0x0010
+# define ENGINE_METHOD_ECDSA (unsigned int)0x0020
+# define ENGINE_METHOD_CIPHERS (unsigned int)0x0040
+# define ENGINE_METHOD_DIGESTS (unsigned int)0x0080
+# define ENGINE_METHOD_STORE (unsigned int)0x0100
+# define ENGINE_METHOD_PKEY_METHS (unsigned int)0x0200
+# define ENGINE_METHOD_PKEY_ASN1_METHS (unsigned int)0x0400
/* Obvious all-or-nothing cases. */
-#define ENGINE_METHOD_ALL (unsigned int)0xFFFF
-#define ENGINE_METHOD_NONE (unsigned int)0x0000
-
-/* This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used
- * internally to control registration of ENGINE implementations, and can be set
- * by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to
- * initialise registered ENGINEs if they are not already initialised. */
-#define ENGINE_TABLE_FLAG_NOINIT (unsigned int)0x0001
+# define ENGINE_METHOD_ALL (unsigned int)0xFFFF
+# define ENGINE_METHOD_NONE (unsigned int)0x0000
+
+/*
+ * This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used
+ * internally to control registration of ENGINE implementations, and can be
+ * set by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to
+ * initialise registered ENGINEs if they are not already initialised.
+ */
+# define ENGINE_TABLE_FLAG_NOINIT (unsigned int)0x0001
/* ENGINE flags that can be set by ENGINE_set_flags(). */
-/* #define ENGINE_FLAGS_MALLOCED 0x0001 */ /* Not used */
-
-/* This flag is for ENGINEs that wish to handle the various 'CMD'-related
- * control commands on their own. Without this flag, ENGINE_ctrl() handles these
- * control commands on behalf of the ENGINE using their "cmd_defns" data. */
-#define ENGINE_FLAGS_MANUAL_CMD_CTRL (int)0x0002
-
-/* This flag is for ENGINEs who return new duplicate structures when found via
- * "ENGINE_by_id()". When an ENGINE must store state (eg. if ENGINE_ctrl()
- * commands are called in sequence as part of some stateful process like
- * key-generation setup and execution), it can set this flag - then each attempt
- * to obtain the ENGINE will result in it being copied into a new structure.
- * Normally, ENGINEs don't declare this flag so ENGINE_by_id() just increments
- * the existing ENGINE's structural reference count. */
-#define ENGINE_FLAGS_BY_ID_COPY (int)0x0004
-
-/* This flag if for an ENGINE that does not want its methods registered as
- * part of ENGINE_register_all_complete() for example if the methods are
- * not usable as default methods.
- */
-
-#define ENGINE_FLAGS_NO_REGISTER_ALL (int)0x0008
-
-/* ENGINEs can support their own command types, and these flags are used in
- * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input each
- * command expects. Currently only numeric and string input is supported. If a
- * control command supports none of the _NUMERIC, _STRING, or _NO_INPUT options,
- * then it is regarded as an "internal" control command - and not for use in
- * config setting situations. As such, they're not available to the
- * ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl() access. Changes to
- * this list of 'command types' should be reflected carefully in
- * ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string(). */
+/* Not used */
+/* #define ENGINE_FLAGS_MALLOCED 0x0001 */
+
+/*
+ * This flag is for ENGINEs that wish to handle the various 'CMD'-related
+ * control commands on their own. Without this flag, ENGINE_ctrl() handles
+ * these control commands on behalf of the ENGINE using their "cmd_defns"
+ * data.
+ */
+# define ENGINE_FLAGS_MANUAL_CMD_CTRL (int)0x0002
+
+/*
+ * This flag is for ENGINEs who return new duplicate structures when found
+ * via "ENGINE_by_id()". When an ENGINE must store state (eg. if
+ * ENGINE_ctrl() commands are called in sequence as part of some stateful
+ * process like key-generation setup and execution), it can set this flag -
+ * then each attempt to obtain the ENGINE will result in it being copied into
+ * a new structure. Normally, ENGINEs don't declare this flag so
+ * ENGINE_by_id() just increments the existing ENGINE's structural reference
+ * count.
+ */
+# define ENGINE_FLAGS_BY_ID_COPY (int)0x0004
+
+/*
+ * This flag if for an ENGINE that does not want its methods registered as
+ * part of ENGINE_register_all_complete() for example if the methods are not
+ * usable as default methods.
+ */
+
+# define ENGINE_FLAGS_NO_REGISTER_ALL (int)0x0008
+
+/*
+ * ENGINEs can support their own command types, and these flags are used in
+ * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input
+ * each command expects. Currently only numeric and string input is
+ * supported. If a control command supports none of the _NUMERIC, _STRING, or
+ * _NO_INPUT options, then it is regarded as an "internal" control command -
+ * and not for use in config setting situations. As such, they're not
+ * available to the ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl()
+ * access. Changes to this list of 'command types' should be reflected
+ * carefully in ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string().
+ */
/* accepts a 'long' input value (3rd parameter to ENGINE_ctrl) */
-#define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001
-/* accepts string input (cast from 'void*' to 'const char *', 4th parameter to
- * ENGINE_ctrl) */
-#define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002
-/* Indicates that the control command takes *no* input. Ie. the control command
- * is unparameterised. */
-#define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004
-/* Indicates that the control command is internal. This control command won't
+# define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001
+/*
+ * accepts string input (cast from 'void*' to 'const char *', 4th parameter
+ * to ENGINE_ctrl)
+ */
+# define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002
+/*
+ * Indicates that the control command takes *no* input. Ie. the control
+ * command is unparameterised.
+ */
+# define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004
+/*
+ * Indicates that the control command is internal. This control command won't
* be shown in any output, and is only usable through the ENGINE_ctrl_cmd()
- * function. */
-#define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008
-
-/* NB: These 3 control commands are deprecated and should not be used. ENGINEs
- * relying on these commands should compile conditional support for
- * compatibility (eg. if these symbols are defined) but should also migrate the
- * same functionality to their own ENGINE-specific control functions that can be
- * "discovered" by calling applications. The fact these control commands
- * wouldn't be "executable" (ie. usable by text-based config) doesn't change the
- * fact that application code can find and use them without requiring per-ENGINE
- * hacking. */
-
-/* These flags are used to tell the ctrl function what should be done.
- * All command numbers are shared between all engines, even if some don't
- * make sense to some engines. In such a case, they do nothing but return
- * the error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. */
-#define ENGINE_CTRL_SET_LOGSTREAM 1
-#define ENGINE_CTRL_SET_PASSWORD_CALLBACK 2
-#define ENGINE_CTRL_HUP 3 /* Close and reinitialise any
- handles/connections etc. */
-#define ENGINE_CTRL_SET_USER_INTERFACE 4 /* Alternative to callback */
-#define ENGINE_CTRL_SET_CALLBACK_DATA 5 /* User-specific data, used
- when calling the password
- callback and the user
- interface */
-#define ENGINE_CTRL_LOAD_CONFIGURATION 6 /* Load a configuration, given
- a string that represents a
- file name or so */
-#define ENGINE_CTRL_LOAD_SECTION 7 /* Load data from a given
- section in the already loaded
- configuration */
-
-/* These control commands allow an application to deal with an arbitrary engine
- * in a dynamic way. Warn: Negative return values indicate errors FOR THESE
- * COMMANDS because zero is used to indicate 'end-of-list'. Other commands,
- * including ENGINE-specific command types, return zero for an error.
- *
- * An ENGINE can choose to implement these ctrl functions, and can internally
- * manage things however it chooses - it does so by setting the
- * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise the
- * ENGINE_ctrl() code handles this on the ENGINE's behalf using the cmd_defns
- * data (set using ENGINE_set_cmd_defns()). This means an ENGINE's ctrl()
- * handler need only implement its own commands - the above "meta" commands will
- * be taken care of. */
-
-/* Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not", then
- * all the remaining control commands will return failure, so it is worth
- * checking this first if the caller is trying to "discover" the engine's
- * capabilities and doesn't want errors generated unnecessarily. */
-#define ENGINE_CTRL_HAS_CTRL_FUNCTION 10
-/* Returns a positive command number for the first command supported by the
- * engine. Returns zero if no ctrl commands are supported. */
-#define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11
-/* The 'long' argument specifies a command implemented by the engine, and the
- * return value is the next command supported, or zero if there are no more. */
-#define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12
-/* The 'void*' argument is a command name (cast from 'const char *'), and the
- * return value is the command that corresponds to it. */
-#define ENGINE_CTRL_GET_CMD_FROM_NAME 13
-/* The next two allow a command to be converted into its corresponding string
- * form. In each case, the 'long' argument supplies the command. In the NAME_LEN
- * case, the return value is the length of the command name (not counting a
- * trailing EOL). In the NAME case, the 'void*' argument must be a string buffer
- * large enough, and it will be populated with the name of the command (WITH a
- * trailing EOL). */
-#define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14
-#define ENGINE_CTRL_GET_NAME_FROM_CMD 15
+ * function.
+ */
+# define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008
+
+/*
+ * NB: These 3 control commands are deprecated and should not be used.
+ * ENGINEs relying on these commands should compile conditional support for
+ * compatibility (eg. if these symbols are defined) but should also migrate
+ * the same functionality to their own ENGINE-specific control functions that
+ * can be "discovered" by calling applications. The fact these control
+ * commands wouldn't be "executable" (ie. usable by text-based config)
+ * doesn't change the fact that application code can find and use them
+ * without requiring per-ENGINE hacking.
+ */
+
+/*
+ * These flags are used to tell the ctrl function what should be done. All
+ * command numbers are shared between all engines, even if some don't make
+ * sense to some engines. In such a case, they do nothing but return the
+ * error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED.
+ */
+# define ENGINE_CTRL_SET_LOGSTREAM 1
+# define ENGINE_CTRL_SET_PASSWORD_CALLBACK 2
+# define ENGINE_CTRL_HUP 3/* Close and reinitialise
+ * any handles/connections
+ * etc. */
+# define ENGINE_CTRL_SET_USER_INTERFACE 4/* Alternative to callback */
+# define ENGINE_CTRL_SET_CALLBACK_DATA 5/* User-specific data, used
+ * when calling the password
+ * callback and the user
+ * interface */
+# define ENGINE_CTRL_LOAD_CONFIGURATION 6/* Load a configuration,
+ * given a string that
+ * represents a file name
+ * or so */
+# define ENGINE_CTRL_LOAD_SECTION 7/* Load data from a given
+ * section in the already
+ * loaded configuration */
+
+/*
+ * These control commands allow an application to deal with an arbitrary
+ * engine in a dynamic way. Warn: Negative return values indicate errors FOR
+ * THESE COMMANDS because zero is used to indicate 'end-of-list'. Other
+ * commands, including ENGINE-specific command types, return zero for an
+ * error. An ENGINE can choose to implement these ctrl functions, and can
+ * internally manage things however it chooses - it does so by setting the
+ * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise
+ * the ENGINE_ctrl() code handles this on the ENGINE's behalf using the
+ * cmd_defns data (set using ENGINE_set_cmd_defns()). This means an ENGINE's
+ * ctrl() handler need only implement its own commands - the above "meta"
+ * commands will be taken care of.
+ */
+
+/*
+ * Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not",
+ * then all the remaining control commands will return failure, so it is
+ * worth checking this first if the caller is trying to "discover" the
+ * engine's capabilities and doesn't want errors generated unnecessarily.
+ */
+# define ENGINE_CTRL_HAS_CTRL_FUNCTION 10
+/*
+ * Returns a positive command number for the first command supported by the
+ * engine. Returns zero if no ctrl commands are supported.
+ */
+# define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11
+/*
+ * The 'long' argument specifies a command implemented by the engine, and the
+ * return value is the next command supported, or zero if there are no more.
+ */
+# define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12
+/*
+ * The 'void*' argument is a command name (cast from 'const char *'), and the
+ * return value is the command that corresponds to it.
+ */
+# define ENGINE_CTRL_GET_CMD_FROM_NAME 13
+/*
+ * The next two allow a command to be converted into its corresponding string
+ * form. In each case, the 'long' argument supplies the command. In the
+ * NAME_LEN case, the return value is the length of the command name (not
+ * counting a trailing EOL). In the NAME case, the 'void*' argument must be a
+ * string buffer large enough, and it will be populated with the name of the
+ * command (WITH a trailing EOL).
+ */
+# define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14
+# define ENGINE_CTRL_GET_NAME_FROM_CMD 15
/* The next two are similar but give a "short description" of a command. */
-#define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16
-#define ENGINE_CTRL_GET_DESC_FROM_CMD 17
-/* With this command, the return value is the OR'd combination of
+# define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16
+# define ENGINE_CTRL_GET_DESC_FROM_CMD 17
+/*
+ * With this command, the return value is the OR'd combination of
* ENGINE_CMD_FLAG_*** values that indicate what kind of input a given
- * engine-specific ctrl command expects. */
-#define ENGINE_CTRL_GET_CMD_FLAGS 18
+ * engine-specific ctrl command expects.
+ */
+# define ENGINE_CTRL_GET_CMD_FLAGS 18
-/* ENGINE implementations should start the numbering of their own control
- * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). */
-#define ENGINE_CMD_BASE 200
+/*
+ * ENGINE implementations should start the numbering of their own control
+ * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc).
+ */
+# define ENGINE_CMD_BASE 200
-/* NB: These 2 nCipher "chil" control commands are deprecated, and their
+/*
+ * NB: These 2 nCipher "chil" control commands are deprecated, and their
* functionality is now available through ENGINE-specific control commands
* (exposed through the above-mentioned 'CMD'-handling). Code using these 2
- * commands should be migrated to the more general command handling before these
- * are removed. */
+ * commands should be migrated to the more general command handling before
+ * these are removed.
+ */
/* Flags specific to the nCipher "chil" engine */
-#define ENGINE_CTRL_CHIL_SET_FORKCHECK 100
- /* Depending on the value of the (long)i argument, this sets or
- * unsets the SimpleForkCheck flag in the CHIL API to enable or
- * disable checking and workarounds for applications that fork().
- */
-#define ENGINE_CTRL_CHIL_NO_LOCKING 101
- /* This prevents the initialisation function from providing mutex
- * callbacks to the nCipher library. */
-
-/* If an ENGINE supports its own specific control commands and wishes the
- * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on its
- * behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN entries
- * to ENGINE_set_cmd_defns(). It should also implement a ctrl() handler that
- * supports the stated commands (ie. the "cmd_num" entries as described by the
- * array). NB: The array must be ordered in increasing order of cmd_num.
- * "null-terminated" means that the last ENGINE_CMD_DEFN element has cmd_num set
- * to zero and/or cmd_name set to NULL. */
-typedef struct ENGINE_CMD_DEFN_st
- {
- unsigned int cmd_num; /* The command number */
- const char *cmd_name; /* The command name itself */
- const char *cmd_desc; /* A short description of the command */
- unsigned int cmd_flags; /* The input the command expects */
- } ENGINE_CMD_DEFN;
+# define ENGINE_CTRL_CHIL_SET_FORKCHECK 100
+ /*
+ * Depending on the value of the (long)i argument, this sets or
+ * unsets the SimpleForkCheck flag in the CHIL API to enable or
+ * disable checking and workarounds for applications that fork().
+ */
+# define ENGINE_CTRL_CHIL_NO_LOCKING 101
+ /*
+ * This prevents the initialisation function from providing mutex
+ * callbacks to the nCipher library.
+ */
+
+/*
+ * If an ENGINE supports its own specific control commands and wishes the
+ * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on
+ * its behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN
+ * entries to ENGINE_set_cmd_defns(). It should also implement a ctrl()
+ * handler that supports the stated commands (ie. the "cmd_num" entries as
+ * described by the array). NB: The array must be ordered in increasing order
+ * of cmd_num. "null-terminated" means that the last ENGINE_CMD_DEFN element
+ * has cmd_num set to zero and/or cmd_name set to NULL.
+ */
+typedef struct ENGINE_CMD_DEFN_st {
+ unsigned int cmd_num; /* The command number */
+ const char *cmd_name; /* The command name itself */
+ const char *cmd_desc; /* A short description of the command */
+ unsigned int cmd_flags; /* The input the command expects */
+} ENGINE_CMD_DEFN;
/* Generic function pointer */
-typedef int (*ENGINE_GEN_FUNC_PTR)(void);
+typedef int (*ENGINE_GEN_FUNC_PTR) (void);
/* Generic function pointer taking no arguments */
-typedef int (*ENGINE_GEN_INT_FUNC_PTR)(ENGINE *);
+typedef int (*ENGINE_GEN_INT_FUNC_PTR) (ENGINE *);
/* Specific control function pointer */
-typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, void (*f)(void));
+typedef int (*ENGINE_CTRL_FUNC_PTR) (ENGINE *, int, long, void *,
+ void (*f) (void));
/* Generic load_key function pointer */
-typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *,
- UI_METHOD *ui_method, void *callback_data);
-typedef int (*ENGINE_SSL_CLIENT_CERT_PTR)(ENGINE *, SSL *ssl,
- STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey,
- STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data);
-/* These callback types are for an ENGINE's handler for cipher and digest logic.
+typedef EVP_PKEY *(*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *,
+ UI_METHOD *ui_method,
+ void *callback_data);
+typedef int (*ENGINE_SSL_CLIENT_CERT_PTR) (ENGINE *, SSL *ssl,
+ STACK_OF(X509_NAME) *ca_dn,
+ X509 **pcert, EVP_PKEY **pkey,
+ STACK_OF(X509) **pother,
+ UI_METHOD *ui_method,
+ void *callback_data);
+/*-
+ * These callback types are for an ENGINE's handler for cipher and digest logic.
* These handlers have these prototypes;
* int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
* int foo(ENGINE *e, const EVP_MD **digest, const int **nids, int nid);
@@ -301,21 +355,29 @@ typedef int (*ENGINE_SSL_CLIENT_CERT_PTR)(ENGINE *, SSL *ssl,
* If the framework wants a list of supported 'nid's, it will call;
* foo(e, NULL, &p_nids, 0); (returns number of 'nids' or -1 for error)
*/
-/* Returns to a pointer to the array of supported cipher 'nid's. If the second
- * parameter is non-NULL it is set to the size of the returned array. */
-typedef int (*ENGINE_CIPHERS_PTR)(ENGINE *, const EVP_CIPHER **, const int **, int);
-typedef int (*ENGINE_DIGESTS_PTR)(ENGINE *, const EVP_MD **, const int **, int);
-typedef int (*ENGINE_PKEY_METHS_PTR)(ENGINE *, EVP_PKEY_METHOD **, const int **, int);
-typedef int (*ENGINE_PKEY_ASN1_METHS_PTR)(ENGINE *, EVP_PKEY_ASN1_METHOD **, const int **, int);
-/* STRUCTURE functions ... all of these functions deal with pointers to ENGINE
- * structures where the pointers have a "structural reference". This means that
- * their reference is to allowed access to the structure but it does not imply
- * that the structure is functional. To simply increment or decrement the
- * structural reference count, use ENGINE_by_id and ENGINE_free. NB: This is not
- * required when iterating using ENGINE_get_next as it will automatically
- * decrement the structural reference count of the "current" ENGINE and
- * increment the structural reference count of the ENGINE it returns (unless it
- * is NULL). */
+/*
+ * Returns to a pointer to the array of supported cipher 'nid's. If the
+ * second parameter is non-NULL it is set to the size of the returned array.
+ */
+typedef int (*ENGINE_CIPHERS_PTR) (ENGINE *, const EVP_CIPHER **,
+ const int **, int);
+typedef int (*ENGINE_DIGESTS_PTR) (ENGINE *, const EVP_MD **, const int **,
+ int);
+typedef int (*ENGINE_PKEY_METHS_PTR) (ENGINE *, EVP_PKEY_METHOD **,
+ const int **, int);
+typedef int (*ENGINE_PKEY_ASN1_METHS_PTR) (ENGINE *, EVP_PKEY_ASN1_METHOD **,
+ const int **, int);
+/*
+ * STRUCTURE functions ... all of these functions deal with pointers to
+ * ENGINE structures where the pointers have a "structural reference". This
+ * means that their reference is to allowed access to the structure but it
+ * does not imply that the structure is functional. To simply increment or
+ * decrement the structural reference count, use ENGINE_by_id and
+ * ENGINE_free. NB: This is not required when iterating using ENGINE_get_next
+ * as it will automatically decrement the structural reference count of the
+ * "current" ENGINE and increment the structural reference count of the
+ * ENGINE it returns (unless it is NULL).
+ */
/* Get the first/last "ENGINE" type available. */
ENGINE *ENGINE_get_first(void);
@@ -332,7 +394,7 @@ ENGINE *ENGINE_by_id(const char *id);
/* Add all the built-in engines. */
void ENGINE_load_openssl(void);
void ENGINE_load_dynamic(void);
-#ifndef OPENSSL_NO_STATIC_ENGINE
+# ifndef OPENSSL_NO_STATIC_ENGINE
void ENGINE_load_4758cca(void);
void ENGINE_load_aep(void);
void ENGINE_load_atalla(void);
@@ -343,30 +405,32 @@ void ENGINE_load_sureware(void);
void ENGINE_load_ubsec(void);
void ENGINE_load_padlock(void);
void ENGINE_load_capi(void);
-#ifndef OPENSSL_NO_GMP
+# ifndef OPENSSL_NO_GMP
void ENGINE_load_gmp(void);
-#endif
-#ifndef OPENSSL_NO_GOST
+# endif
+# ifndef OPENSSL_NO_GOST
void ENGINE_load_gost(void);
-#endif
-#endif
+# endif
+# endif
void ENGINE_load_cryptodev(void);
-void ENGINE_load_rsax(void);
void ENGINE_load_rdrand(void);
void ENGINE_load_builtin_engines(void);
-/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
- * "registry" handling. */
+/*
+ * Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
+ * "registry" handling.
+ */
unsigned int ENGINE_get_table_flags(void);
void ENGINE_set_table_flags(unsigned int flags);
-/* Manage registration of ENGINEs per "table". For each type, there are 3
+/*- Manage registration of ENGINEs per "table". For each type, there are 3
* functions;
* ENGINE_register_***(e) - registers the implementation from 'e' (if it has one)
* ENGINE_unregister_***(e) - unregister the implementation from 'e'
* ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list
* Cleanup is automatically registered from each table when required, so
- * ENGINE_cleanup() will reverse any "register" operations. */
+ * ENGINE_cleanup() will reverse any "register" operations.
+ */
int ENGINE_register_RSA(ENGINE *e);
void ENGINE_unregister_RSA(ENGINE *e);
@@ -412,63 +476,77 @@ int ENGINE_register_pkey_asn1_meths(ENGINE *e);
void ENGINE_unregister_pkey_asn1_meths(ENGINE *e);
void ENGINE_register_all_pkey_asn1_meths(void);
-/* These functions register all support from the above categories. Note, use of
- * these functions can result in static linkage of code your application may not
- * need. If you only need a subset of functionality, consider using more
- * selective initialisation. */
+/*
+ * These functions register all support from the above categories. Note, use
+ * of these functions can result in static linkage of code your application
+ * may not need. If you only need a subset of functionality, consider using
+ * more selective initialisation.
+ */
int ENGINE_register_complete(ENGINE *e);
int ENGINE_register_all_complete(void);
-/* Send parametrised control commands to the engine. The possibilities to send
- * down an integer, a pointer to data or a function pointer are provided. Any of
- * the parameters may or may not be NULL, depending on the command number. In
- * actuality, this function only requires a structural (rather than functional)
- * reference to an engine, but many control commands may require the engine be
- * functional. The caller should be aware of trying commands that require an
- * operational ENGINE, and only use functional references in such situations. */
-int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
-
-/* This function tests if an ENGINE-specific command is usable as a "setting".
- * Eg. in an application's config file that gets processed through
+/*
+ * Send parametrised control commands to the engine. The possibilities to
+ * send down an integer, a pointer to data or a function pointer are
+ * provided. Any of the parameters may or may not be NULL, depending on the
+ * command number. In actuality, this function only requires a structural
+ * (rather than functional) reference to an engine, but many control commands
+ * may require the engine be functional. The caller should be aware of trying
+ * commands that require an operational ENGINE, and only use functional
+ * references in such situations.
+ */
+int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
+
+/*
+ * This function tests if an ENGINE-specific command is usable as a
+ * "setting". Eg. in an application's config file that gets processed through
* ENGINE_ctrl_cmd_string(). If this returns zero, it is not available to
- * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl(). */
+ * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl().
+ */
int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
-/* This function works like ENGINE_ctrl() with the exception of taking a
- * command name instead of a command number, and can handle optional commands.
- * See the comment on ENGINE_ctrl_cmd_string() for an explanation on how to
- * use the cmd_name and cmd_optional. */
+/*
+ * This function works like ENGINE_ctrl() with the exception of taking a
+ * command name instead of a command number, and can handle optional
+ * commands. See the comment on ENGINE_ctrl_cmd_string() for an explanation
+ * on how to use the cmd_name and cmd_optional.
+ */
int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
- long i, void *p, void (*f)(void), int cmd_optional);
-
-/* This function passes a command-name and argument to an ENGINE. The cmd_name
- * is converted to a command number and the control command is called using
- * 'arg' as an argument (unless the ENGINE doesn't support such a command, in
- * which case no control command is called). The command is checked for input
- * flags, and if necessary the argument will be converted to a numeric value. If
- * cmd_optional is non-zero, then if the ENGINE doesn't support the given
- * cmd_name the return value will be success anyway. This function is intended
- * for applications to use so that users (or config files) can supply
- * engine-specific config data to the ENGINE at run-time to control behaviour of
- * specific engines. As such, it shouldn't be used for calling ENGINE_ctrl()
- * functions that return data, deal with binary data, or that are otherwise
- * supposed to be used directly through ENGINE_ctrl() in application code. Any
- * "return" data from an ENGINE_ctrl() operation in this function will be lost -
- * the return value is interpreted as failure if the return value is zero,
- * success otherwise, and this function returns a boolean value as a result. In
- * other words, vendors of 'ENGINE'-enabled devices should write ENGINE
- * implementations with parameterisations that work in this scheme, so that
- * compliant ENGINE-based applications can work consistently with the same
- * configuration for the same ENGINE-enabled devices, across applications. */
+ long i, void *p, void (*f) (void), int cmd_optional);
+
+/*
+ * This function passes a command-name and argument to an ENGINE. The
+ * cmd_name is converted to a command number and the control command is
+ * called using 'arg' as an argument (unless the ENGINE doesn't support such
+ * a command, in which case no control command is called). The command is
+ * checked for input flags, and if necessary the argument will be converted
+ * to a numeric value. If cmd_optional is non-zero, then if the ENGINE
+ * doesn't support the given cmd_name the return value will be success
+ * anyway. This function is intended for applications to use so that users
+ * (or config files) can supply engine-specific config data to the ENGINE at
+ * run-time to control behaviour of specific engines. As such, it shouldn't
+ * be used for calling ENGINE_ctrl() functions that return data, deal with
+ * binary data, or that are otherwise supposed to be used directly through
+ * ENGINE_ctrl() in application code. Any "return" data from an ENGINE_ctrl()
+ * operation in this function will be lost - the return value is interpreted
+ * as failure if the return value is zero, success otherwise, and this
+ * function returns a boolean value as a result. In other words, vendors of
+ * 'ENGINE'-enabled devices should write ENGINE implementations with
+ * parameterisations that work in this scheme, so that compliant ENGINE-based
+ * applications can work consistently with the same configuration for the
+ * same ENGINE-enabled devices, across applications.
+ */
int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
- int cmd_optional);
-
-/* These functions are useful for manufacturing new ENGINE structures. They
- * don't address reference counting at all - one uses them to populate an ENGINE
- * structure with personalised implementations of things prior to using it
- * directly or adding it to the builtin ENGINE list in OpenSSL. These are also
- * here so that the ENGINE structure doesn't have to be exposed and break binary
- * compatibility! */
+ int cmd_optional);
+
+/*
+ * These functions are useful for manufacturing new ENGINE structures. They
+ * don't address reference counting at all - one uses them to populate an
+ * ENGINE structure with personalised implementations of things prior to
+ * using it directly or adding it to the builtin ENGINE list in OpenSSL.
+ * These are also here so that the ENGINE structure doesn't have to be
+ * exposed and break binary compatibility!
+ */
ENGINE *ENGINE_new(void);
int ENGINE_free(ENGINE *e);
int ENGINE_up_ref(ENGINE *e);
@@ -485,10 +563,12 @@ int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);
int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
-int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);
+int ENGINE_set_load_privkey_function(ENGINE *e,
+ ENGINE_LOAD_KEY_PTR loadpriv_f);
int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
int ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
- ENGINE_SSL_CLIENT_CERT_PTR loadssl_f);
+ ENGINE_SSL_CLIENT_CERT_PTR
+ loadssl_f);
int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f);
@@ -497,20 +577,25 @@ int ENGINE_set_flags(ENGINE *e, int flags);
int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
/* These functions allow control over any per-structure ENGINE data. */
int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+ CRYPTO_EX_dup *dup_func,
+ CRYPTO_EX_free *free_func);
int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg);
void *ENGINE_get_ex_data(const ENGINE *e, int idx);
-/* This function cleans up anything that needs it. Eg. the ENGINE_add() function
- * automatically ensures the list cleanup function is registered to be called
- * from ENGINE_cleanup(). Similarly, all ENGINE_register_*** functions ensure
- * ENGINE_cleanup() will clean up after them. */
+/*
+ * This function cleans up anything that needs it. Eg. the ENGINE_add()
+ * function automatically ensures the list cleanup function is registered to
+ * be called from ENGINE_cleanup(). Similarly, all ENGINE_register_***
+ * functions ensure ENGINE_cleanup() will clean up after them.
+ */
void ENGINE_cleanup(void);
-/* These return values from within the ENGINE structure. These can be useful
+/*
+ * These return values from within the ENGINE structure. These can be useful
* with functional references as well as structural references - it depends
* which you obtained. Using the result for functional purposes if you only
- * obtained a structural reference may be problematic! */
+ * obtained a structural reference may be problematic!
+ */
const char *ENGINE_get_id(const ENGINE *e);
const char *ENGINE_get_name(const ENGINE *e);
const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
@@ -526,7 +611,8 @@ ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
-ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e);
+ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE
+ *e);
ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e);
@@ -536,49 +622,60 @@ const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid);
const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid);
const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e,
- const char *str, int len);
+ const char *str,
+ int len);
const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe,
- const char *str, int len);
+ const char *str,
+ int len);
const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
int ENGINE_get_flags(const ENGINE *e);
-/* FUNCTIONAL functions. These functions deal with ENGINE structures
- * that have (or will) be initialised for use. Broadly speaking, the
- * structural functions are useful for iterating the list of available
- * engine types, creating new engine types, and other "list" operations.
- * These functions actually deal with ENGINEs that are to be used. As
- * such these functions can fail (if applicable) when particular
- * engines are unavailable - eg. if a hardware accelerator is not
- * attached or not functioning correctly. Each ENGINE has 2 reference
- * counts; structural and functional. Every time a functional reference
- * is obtained or released, a corresponding structural reference is
- * automatically obtained or released too. */
-
-/* Initialise a engine type for use (or up its reference count if it's
- * already in use). This will fail if the engine is not currently
- * operational and cannot initialise. */
+/*
+ * FUNCTIONAL functions. These functions deal with ENGINE structures that
+ * have (or will) be initialised for use. Broadly speaking, the structural
+ * functions are useful for iterating the list of available engine types,
+ * creating new engine types, and other "list" operations. These functions
+ * actually deal with ENGINEs that are to be used. As such these functions
+ * can fail (if applicable) when particular engines are unavailable - eg. if
+ * a hardware accelerator is not attached or not functioning correctly. Each
+ * ENGINE has 2 reference counts; structural and functional. Every time a
+ * functional reference is obtained or released, a corresponding structural
+ * reference is automatically obtained or released too.
+ */
+
+/*
+ * Initialise a engine type for use (or up its reference count if it's
+ * already in use). This will fail if the engine is not currently operational
+ * and cannot initialise.
+ */
int ENGINE_init(ENGINE *e);
-/* Free a functional reference to a engine type. This does not require
- * a corresponding call to ENGINE_free as it also releases a structural
- * reference. */
+/*
+ * Free a functional reference to a engine type. This does not require a
+ * corresponding call to ENGINE_free as it also releases a structural
+ * reference.
+ */
int ENGINE_finish(ENGINE *e);
-/* The following functions handle keys that are stored in some secondary
+/*
+ * The following functions handle keys that are stored in some secondary
* location, handled by the engine. The storage may be on a card or
- * whatever. */
+ * whatever.
+ */
EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
- UI_METHOD *ui_method, void *callback_data);
+ UI_METHOD *ui_method, void *callback_data);
EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
- UI_METHOD *ui_method, void *callback_data);
+ UI_METHOD *ui_method, void *callback_data);
int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
- STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey,
- STACK_OF(X509) **pother,
- UI_METHOD *ui_method, void *callback_data);
-
-/* This returns a pointer for the current ENGINE structure that
- * is (by default) performing any RSA operations. The value returned
- * is an incremented reference, so it should be free'd (ENGINE_finish)
- * before it is discarded. */
+ STACK_OF(X509_NAME) *ca_dn, X509 **pcert,
+ EVP_PKEY **ppkey, STACK_OF(X509) **pother,
+ UI_METHOD *ui_method, void *callback_data);
+
+/*
+ * This returns a pointer for the current ENGINE structure that is (by
+ * default) performing any RSA operations. The value returned is an
+ * incremented reference, so it should be free'd (ENGINE_finish) before it is
+ * discarded.
+ */
ENGINE *ENGINE_get_default_RSA(void);
/* Same for the other "methods" */
ENGINE *ENGINE_get_default_DSA(void);
@@ -586,17 +683,21 @@ ENGINE *ENGINE_get_default_ECDH(void);
ENGINE *ENGINE_get_default_ECDSA(void);
ENGINE *ENGINE_get_default_DH(void);
ENGINE *ENGINE_get_default_RAND(void);
-/* These functions can be used to get a functional reference to perform
- * ciphering or digesting corresponding to "nid". */
+/*
+ * These functions can be used to get a functional reference to perform
+ * ciphering or digesting corresponding to "nid".
+ */
ENGINE *ENGINE_get_cipher_engine(int nid);
ENGINE *ENGINE_get_digest_engine(int nid);
ENGINE *ENGINE_get_pkey_meth_engine(int nid);
ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid);
-/* This sets a new default ENGINE structure for performing RSA
- * operations. If the result is non-zero (success) then the ENGINE
- * structure will have had its reference count up'd so the caller
- * should still free their own reference 'e'. */
+/*
+ * This sets a new default ENGINE structure for performing RSA operations. If
+ * the result is non-zero (success) then the ENGINE structure will have had
+ * its reference count up'd so the caller should still free their own
+ * reference 'e'.
+ */
int ENGINE_set_default_RSA(ENGINE *e);
int ENGINE_set_default_string(ENGINE *e, const char *def_list);
/* Same for the other "methods" */
@@ -610,11 +711,13 @@ int ENGINE_set_default_digests(ENGINE *e);
int ENGINE_set_default_pkey_meths(ENGINE *e);
int ENGINE_set_default_pkey_asn1_meths(ENGINE *e);
-/* The combination "set" - the flags are bitwise "OR"d from the
+/*
+ * The combination "set" - the flags are bitwise "OR"d from the
* ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()"
* function, this function can result in unnecessary static linkage. If your
* application requires only specific functionality, consider using more
- * selective functions. */
+ * selective functions.
+ */
int ENGINE_set_default(ENGINE *e, unsigned int flags);
void ENGINE_add_conf_module(void);
@@ -627,125 +730,140 @@ void ENGINE_add_conf_module(void);
/**************************/
/* Binary/behaviour compatibility levels */
-#define OSSL_DYNAMIC_VERSION (unsigned long)0x00020000
-/* Binary versions older than this are too old for us (whether we're a loader or
- * a loadee) */
-#define OSSL_DYNAMIC_OLDEST (unsigned long)0x00020000
-
-/* When compiling an ENGINE entirely as an external shared library, loadable by
- * the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure
- * type provides the calling application's (or library's) error functionality
- * and memory management function pointers to the loaded library. These should
- * be used/set in the loaded library code so that the loading application's
- * 'state' will be used/changed in all operations. The 'static_state' pointer
- * allows the loaded library to know if it shares the same static data as the
- * calling application (or library), and thus whether these callbacks need to be
- * set or not. */
-typedef void *(*dyn_MEM_malloc_cb)(size_t);
-typedef void *(*dyn_MEM_realloc_cb)(void *, size_t);
-typedef void (*dyn_MEM_free_cb)(void *);
+# define OSSL_DYNAMIC_VERSION (unsigned long)0x00020000
+/*
+ * Binary versions older than this are too old for us (whether we're a loader
+ * or a loadee)
+ */
+# define OSSL_DYNAMIC_OLDEST (unsigned long)0x00020000
+
+/*
+ * When compiling an ENGINE entirely as an external shared library, loadable
+ * by the "dynamic" ENGINE, these types are needed. The 'dynamic_fns'
+ * structure type provides the calling application's (or library's) error
+ * functionality and memory management function pointers to the loaded
+ * library. These should be used/set in the loaded library code so that the
+ * loading application's 'state' will be used/changed in all operations. The
+ * 'static_state' pointer allows the loaded library to know if it shares the
+ * same static data as the calling application (or library), and thus whether
+ * these callbacks need to be set or not.
+ */
+typedef void *(*dyn_MEM_malloc_cb) (size_t);
+typedef void *(*dyn_MEM_realloc_cb) (void *, size_t);
+typedef void (*dyn_MEM_free_cb) (void *);
typedef struct st_dynamic_MEM_fns {
- dyn_MEM_malloc_cb malloc_cb;
- dyn_MEM_realloc_cb realloc_cb;
- dyn_MEM_free_cb free_cb;
- } dynamic_MEM_fns;
-/* FIXME: Perhaps the memory and locking code (crypto.h) should declare and use
- * these types so we (and any other dependant code) can simplify a bit?? */
-typedef void (*dyn_lock_locking_cb)(int,int,const char *,int);
-typedef int (*dyn_lock_add_lock_cb)(int*,int,int,const char *,int);
-typedef struct CRYPTO_dynlock_value *(*dyn_dynlock_create_cb)(
- const char *,int);
-typedef void (*dyn_dynlock_lock_cb)(int,struct CRYPTO_dynlock_value *,
- const char *,int);
-typedef void (*dyn_dynlock_destroy_cb)(struct CRYPTO_dynlock_value *,
- const char *,int);
+ dyn_MEM_malloc_cb malloc_cb;
+ dyn_MEM_realloc_cb realloc_cb;
+ dyn_MEM_free_cb free_cb;
+} dynamic_MEM_fns;
+/*
+ * FIXME: Perhaps the memory and locking code (crypto.h) should declare and
+ * use these types so we (and any other dependant code) can simplify a bit??
+ */
+typedef void (*dyn_lock_locking_cb) (int, int, const char *, int);
+typedef int (*dyn_lock_add_lock_cb) (int *, int, int, const char *, int);
+typedef struct CRYPTO_dynlock_value *(*dyn_dynlock_create_cb) (const char *,
+ int);
+typedef void (*dyn_dynlock_lock_cb) (int, struct CRYPTO_dynlock_value *,
+ const char *, int);
+typedef void (*dyn_dynlock_destroy_cb) (struct CRYPTO_dynlock_value *,
+ const char *, int);
typedef struct st_dynamic_LOCK_fns {
- dyn_lock_locking_cb lock_locking_cb;
- dyn_lock_add_lock_cb lock_add_lock_cb;
- dyn_dynlock_create_cb dynlock_create_cb;
- dyn_dynlock_lock_cb dynlock_lock_cb;
- dyn_dynlock_destroy_cb dynlock_destroy_cb;
- } dynamic_LOCK_fns;
+ dyn_lock_locking_cb lock_locking_cb;
+ dyn_lock_add_lock_cb lock_add_lock_cb;
+ dyn_dynlock_create_cb dynlock_create_cb;
+ dyn_dynlock_lock_cb dynlock_lock_cb;
+ dyn_dynlock_destroy_cb dynlock_destroy_cb;
+} dynamic_LOCK_fns;
/* The top-level structure */
typedef struct st_dynamic_fns {
- void *static_state;
- const ERR_FNS *err_fns;
- const CRYPTO_EX_DATA_IMPL *ex_data_fns;
- dynamic_MEM_fns mem_fns;
- dynamic_LOCK_fns lock_fns;
- } dynamic_fns;
-
-/* The version checking function should be of this prototype. NB: The
- * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading code.
- * If this function returns zero, it indicates a (potential) version
+ void *static_state;
+ const ERR_FNS *err_fns;
+ const CRYPTO_EX_DATA_IMPL *ex_data_fns;
+ dynamic_MEM_fns mem_fns;
+ dynamic_LOCK_fns lock_fns;
+} dynamic_fns;
+
+/*
+ * The version checking function should be of this prototype. NB: The
+ * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading
+ * code. If this function returns zero, it indicates a (potential) version
* incompatibility and the loaded library doesn't believe it can proceed.
* Otherwise, the returned value is the (latest) version supported by the
- * loading library. The loader may still decide that the loaded code's version
- * is unsatisfactory and could veto the load. The function is expected to
- * be implemented with the symbol name "v_check", and a default implementation
- * can be fully instantiated with IMPLEMENT_DYNAMIC_CHECK_FN(). */
-typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version);
-#define IMPLEMENT_DYNAMIC_CHECK_FN() \
- OPENSSL_EXPORT unsigned long v_check(unsigned long v); \
- OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \
- if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \
- return 0; }
-
-/* This function is passed the ENGINE structure to initialise with its own
+ * loading library. The loader may still decide that the loaded code's
+ * version is unsatisfactory and could veto the load. The function is
+ * expected to be implemented with the symbol name "v_check", and a default
+ * implementation can be fully instantiated with
+ * IMPLEMENT_DYNAMIC_CHECK_FN().
+ */
+typedef unsigned long (*dynamic_v_check_fn) (unsigned long ossl_version);
+# define IMPLEMENT_DYNAMIC_CHECK_FN() \
+ OPENSSL_EXPORT unsigned long v_check(unsigned long v); \
+ OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \
+ if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \
+ return 0; }
+
+/*
+ * This function is passed the ENGINE structure to initialise with its own
* function and command settings. It should not adjust the structural or
- * functional reference counts. If this function returns zero, (a) the load will
- * be aborted, (b) the previous ENGINE state will be memcpy'd back onto the
- * structure, and (c) the shared library will be unloaded. So implementations
- * should do their own internal cleanup in failure circumstances otherwise they
- * could leak. The 'id' parameter, if non-NULL, represents the ENGINE id that
- * the loader is looking for. If this is NULL, the shared library can choose to
- * return failure or to initialise a 'default' ENGINE. If non-NULL, the shared
- * library must initialise only an ENGINE matching the passed 'id'. The function
- * is expected to be implemented with the symbol name "bind_engine". A standard
- * implementation can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where
- * the parameter 'fn' is a callback function that populates the ENGINE structure
- * and returns an int value (zero for failure). 'fn' should have prototype;
- * [static] int fn(ENGINE *e, const char *id); */
-typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
- const dynamic_fns *fns);
-#define IMPLEMENT_DYNAMIC_BIND_FN(fn) \
- OPENSSL_EXPORT \
- int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \
- OPENSSL_EXPORT \
- int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \
- if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \
- if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \
- fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \
- return 0; \
- CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \
- CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \
- CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \
- CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \
- CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \
- if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \
- return 0; \
- if(!ERR_set_implementation(fns->err_fns)) return 0; \
- skip_cbs: \
- if(!fn(e,id)) return 0; \
- return 1; }
-
-/* If the loading application (or library) and the loaded ENGINE library share
- * the same static data (eg. they're both dynamically linked to the same
- * libcrypto.so) we need a way to avoid trying to set system callbacks - this
- * would fail, and for the same reason that it's unnecessary to try. If the
- * loaded ENGINE has (or gets from through the loader) its own copy of the
- * libcrypto static data, we will need to set the callbacks. The easiest way to
- * detect this is to have a function that returns a pointer to some static data
- * and let the loading application and loaded ENGINE compare their respective
- * values. */
+ * functional reference counts. If this function returns zero, (a) the load
+ * will be aborted, (b) the previous ENGINE state will be memcpy'd back onto
+ * the structure, and (c) the shared library will be unloaded. So
+ * implementations should do their own internal cleanup in failure
+ * circumstances otherwise they could leak. The 'id' parameter, if non-NULL,
+ * represents the ENGINE id that the loader is looking for. If this is NULL,
+ * the shared library can choose to return failure or to initialise a
+ * 'default' ENGINE. If non-NULL, the shared library must initialise only an
+ * ENGINE matching the passed 'id'. The function is expected to be
+ * implemented with the symbol name "bind_engine". A standard implementation
+ * can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where the parameter
+ * 'fn' is a callback function that populates the ENGINE structure and
+ * returns an int value (zero for failure). 'fn' should have prototype;
+ * [static] int fn(ENGINE *e, const char *id);
+ */
+typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id,
+ const dynamic_fns *fns);
+# define IMPLEMENT_DYNAMIC_BIND_FN(fn) \
+ OPENSSL_EXPORT \
+ int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \
+ OPENSSL_EXPORT \
+ int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \
+ if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \
+ if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \
+ fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \
+ return 0; \
+ CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \
+ CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \
+ CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \
+ CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \
+ CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \
+ if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \
+ return 0; \
+ if(!ERR_set_implementation(fns->err_fns)) return 0; \
+ skip_cbs: \
+ if(!fn(e,id)) return 0; \
+ return 1; }
+
+/*
+ * If the loading application (or library) and the loaded ENGINE library
+ * share the same static data (eg. they're both dynamically linked to the
+ * same libcrypto.so) we need a way to avoid trying to set system callbacks -
+ * this would fail, and for the same reason that it's unnecessary to try. If
+ * the loaded ENGINE has (or gets from through the loader) its own copy of
+ * the libcrypto static data, we will need to set the callbacks. The easiest
+ * way to detect this is to have a function that returns a pointer to some
+ * static data and let the loading application and loaded ENGINE compare
+ * their respective values.
+ */
void *ENGINE_get_static_state(void);
-#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
+# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
void ENGINE_setup_bsd_cryptodev(void);
-#endif
+# endif
/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
void ERR_load_ENGINE_strings(void);
@@ -753,88 +871,88 @@ void ERR_load_ENGINE_strings(void);
/* Error codes for the ENGINE functions. */
/* Function codes. */
-#define ENGINE_F_DYNAMIC_CTRL 180
-#define ENGINE_F_DYNAMIC_GET_DATA_CTX 181
-#define ENGINE_F_DYNAMIC_LOAD 182
-#define ENGINE_F_DYNAMIC_SET_DATA_CTX 183
-#define ENGINE_F_ENGINE_ADD 105
-#define ENGINE_F_ENGINE_BY_ID 106
-#define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE 170
-#define ENGINE_F_ENGINE_CTRL 142
-#define ENGINE_F_ENGINE_CTRL_CMD 178
-#define ENGINE_F_ENGINE_CTRL_CMD_STRING 171
-#define ENGINE_F_ENGINE_FINISH 107
-#define ENGINE_F_ENGINE_FREE_UTIL 108
-#define ENGINE_F_ENGINE_GET_CIPHER 185
-#define ENGINE_F_ENGINE_GET_DEFAULT_TYPE 177
-#define ENGINE_F_ENGINE_GET_DIGEST 186
-#define ENGINE_F_ENGINE_GET_NEXT 115
-#define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH 193
-#define ENGINE_F_ENGINE_GET_PKEY_METH 192
-#define ENGINE_F_ENGINE_GET_PREV 116
-#define ENGINE_F_ENGINE_INIT 119
-#define ENGINE_F_ENGINE_LIST_ADD 120
-#define ENGINE_F_ENGINE_LIST_REMOVE 121
-#define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150
-#define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151
-#define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 194
-#define ENGINE_F_ENGINE_NEW 122
-#define ENGINE_F_ENGINE_REMOVE 123
-#define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189
-#define ENGINE_F_ENGINE_SET_DEFAULT_TYPE 126
-#define ENGINE_F_ENGINE_SET_ID 129
-#define ENGINE_F_ENGINE_SET_NAME 130
-#define ENGINE_F_ENGINE_TABLE_REGISTER 184
-#define ENGINE_F_ENGINE_UNLOAD_KEY 152
-#define ENGINE_F_ENGINE_UNLOCKED_FINISH 191
-#define ENGINE_F_ENGINE_UP_REF 190
-#define ENGINE_F_INT_CTRL_HELPER 172
-#define ENGINE_F_INT_ENGINE_CONFIGURE 188
-#define ENGINE_F_INT_ENGINE_MODULE_INIT 187
-#define ENGINE_F_LOG_MESSAGE 141
+# define ENGINE_F_DYNAMIC_CTRL 180
+# define ENGINE_F_DYNAMIC_GET_DATA_CTX 181
+# define ENGINE_F_DYNAMIC_LOAD 182
+# define ENGINE_F_DYNAMIC_SET_DATA_CTX 183
+# define ENGINE_F_ENGINE_ADD 105
+# define ENGINE_F_ENGINE_BY_ID 106
+# define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE 170
+# define ENGINE_F_ENGINE_CTRL 142
+# define ENGINE_F_ENGINE_CTRL_CMD 178
+# define ENGINE_F_ENGINE_CTRL_CMD_STRING 171
+# define ENGINE_F_ENGINE_FINISH 107
+# define ENGINE_F_ENGINE_FREE_UTIL 108
+# define ENGINE_F_ENGINE_GET_CIPHER 185
+# define ENGINE_F_ENGINE_GET_DEFAULT_TYPE 177
+# define ENGINE_F_ENGINE_GET_DIGEST 186
+# define ENGINE_F_ENGINE_GET_NEXT 115
+# define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH 193
+# define ENGINE_F_ENGINE_GET_PKEY_METH 192
+# define ENGINE_F_ENGINE_GET_PREV 116
+# define ENGINE_F_ENGINE_INIT 119
+# define ENGINE_F_ENGINE_LIST_ADD 120
+# define ENGINE_F_ENGINE_LIST_REMOVE 121
+# define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150
+# define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151
+# define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 194
+# define ENGINE_F_ENGINE_NEW 122
+# define ENGINE_F_ENGINE_REMOVE 123
+# define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189
+# define ENGINE_F_ENGINE_SET_DEFAULT_TYPE 126
+# define ENGINE_F_ENGINE_SET_ID 129
+# define ENGINE_F_ENGINE_SET_NAME 130
+# define ENGINE_F_ENGINE_TABLE_REGISTER 184
+# define ENGINE_F_ENGINE_UNLOAD_KEY 152
+# define ENGINE_F_ENGINE_UNLOCKED_FINISH 191
+# define ENGINE_F_ENGINE_UP_REF 190
+# define ENGINE_F_INT_CTRL_HELPER 172
+# define ENGINE_F_INT_ENGINE_CONFIGURE 188
+# define ENGINE_F_INT_ENGINE_MODULE_INIT 187
+# define ENGINE_F_LOG_MESSAGE 141
/* Reason codes. */
-#define ENGINE_R_ALREADY_LOADED 100
-#define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER 133
-#define ENGINE_R_CMD_NOT_EXECUTABLE 134
-#define ENGINE_R_COMMAND_TAKES_INPUT 135
-#define ENGINE_R_COMMAND_TAKES_NO_INPUT 136
-#define ENGINE_R_CONFLICTING_ENGINE_ID 103
-#define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119
-#define ENGINE_R_DH_NOT_IMPLEMENTED 139
-#define ENGINE_R_DSA_NOT_IMPLEMENTED 140
-#define ENGINE_R_DSO_FAILURE 104
-#define ENGINE_R_DSO_NOT_FOUND 132
-#define ENGINE_R_ENGINES_SECTION_ERROR 148
-#define ENGINE_R_ENGINE_CONFIGURATION_ERROR 102
-#define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105
-#define ENGINE_R_ENGINE_SECTION_ERROR 149
-#define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128
-#define ENGINE_R_FAILED_LOADING_PUBLIC_KEY 129
-#define ENGINE_R_FINISH_FAILED 106
-#define ENGINE_R_GET_HANDLE_FAILED 107
-#define ENGINE_R_ID_OR_NAME_MISSING 108
-#define ENGINE_R_INIT_FAILED 109
-#define ENGINE_R_INTERNAL_LIST_ERROR 110
-#define ENGINE_R_INVALID_ARGUMENT 143
-#define ENGINE_R_INVALID_CMD_NAME 137
-#define ENGINE_R_INVALID_CMD_NUMBER 138
-#define ENGINE_R_INVALID_INIT_VALUE 151
-#define ENGINE_R_INVALID_STRING 150
-#define ENGINE_R_NOT_INITIALISED 117
-#define ENGINE_R_NOT_LOADED 112
-#define ENGINE_R_NO_CONTROL_FUNCTION 120
-#define ENGINE_R_NO_INDEX 144
-#define ENGINE_R_NO_LOAD_FUNCTION 125
-#define ENGINE_R_NO_REFERENCE 130
-#define ENGINE_R_NO_SUCH_ENGINE 116
-#define ENGINE_R_NO_UNLOAD_FUNCTION 126
-#define ENGINE_R_PROVIDE_PARAMETERS 113
-#define ENGINE_R_RSA_NOT_IMPLEMENTED 141
-#define ENGINE_R_UNIMPLEMENTED_CIPHER 146
-#define ENGINE_R_UNIMPLEMENTED_DIGEST 147
-#define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD 101
-#define ENGINE_R_VERSION_INCOMPATIBILITY 145
+# define ENGINE_R_ALREADY_LOADED 100
+# define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER 133
+# define ENGINE_R_CMD_NOT_EXECUTABLE 134
+# define ENGINE_R_COMMAND_TAKES_INPUT 135
+# define ENGINE_R_COMMAND_TAKES_NO_INPUT 136
+# define ENGINE_R_CONFLICTING_ENGINE_ID 103
+# define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119
+# define ENGINE_R_DH_NOT_IMPLEMENTED 139
+# define ENGINE_R_DSA_NOT_IMPLEMENTED 140
+# define ENGINE_R_DSO_FAILURE 104
+# define ENGINE_R_DSO_NOT_FOUND 132
+# define ENGINE_R_ENGINES_SECTION_ERROR 148
+# define ENGINE_R_ENGINE_CONFIGURATION_ERROR 102
+# define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105
+# define ENGINE_R_ENGINE_SECTION_ERROR 149
+# define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128
+# define ENGINE_R_FAILED_LOADING_PUBLIC_KEY 129
+# define ENGINE_R_FINISH_FAILED 106
+# define ENGINE_R_GET_HANDLE_FAILED 107
+# define ENGINE_R_ID_OR_NAME_MISSING 108
+# define ENGINE_R_INIT_FAILED 109
+# define ENGINE_R_INTERNAL_LIST_ERROR 110
+# define ENGINE_R_INVALID_ARGUMENT 143
+# define ENGINE_R_INVALID_CMD_NAME 137
+# define ENGINE_R_INVALID_CMD_NUMBER 138
+# define ENGINE_R_INVALID_INIT_VALUE 151
+# define ENGINE_R_INVALID_STRING 150
+# define ENGINE_R_NOT_INITIALISED 117
+# define ENGINE_R_NOT_LOADED 112
+# define ENGINE_R_NO_CONTROL_FUNCTION 120
+# define ENGINE_R_NO_INDEX 144
+# define ENGINE_R_NO_LOAD_FUNCTION 125
+# define ENGINE_R_NO_REFERENCE 130
+# define ENGINE_R_NO_SUCH_ENGINE 116
+# define ENGINE_R_NO_UNLOAD_FUNCTION 126
+# define ENGINE_R_PROVIDE_PARAMETERS 113
+# define ENGINE_R_RSA_NOT_IMPLEMENTED 141
+# define ENGINE_R_UNIMPLEMENTED_CIPHER 146
+# define ENGINE_R_UNIMPLEMENTED_DIGEST 147
+# define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD 101
+# define ENGINE_R_VERSION_INCOMPATIBILITY 145
#ifdef __cplusplus
}
diff --git a/openssl/crypto/engine/enginetest.c b/openssl/crypto/engine/enginetest.c
index f4d70e7e0..ab7c0c00d 100644
--- a/openssl/crypto/engine/enginetest.c
+++ b/openssl/crypto/engine/enginetest.c
@@ -1,6 +1,7 @@
/* crypto/engine/enginetest.c */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
+/*
+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
+ * 2000.
*/
/* ====================================================================
* Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
@@ -10,7 +11,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -64,220 +65,205 @@
int main(int argc, char *argv[])
{
printf("No ENGINE support\n");
- return(0);
+ return (0);
}
#else
-#include <openssl/buffer.h>
-#include <openssl/crypto.h>
-#include <openssl/engine.h>
-#include <openssl/err.h>
+# include <openssl/buffer.h>
+# include <openssl/crypto.h>
+# include <openssl/engine.h>
+# include <openssl/err.h>
static void display_engine_list(void)
- {
- ENGINE *h;
- int loop;
+{
+ ENGINE *h;
+ int loop;
- h = ENGINE_get_first();
- loop = 0;
- printf("listing available engine types\n");
- while(h)
- {
- printf("engine %i, id = \"%s\", name = \"%s\"\n",
- loop++, ENGINE_get_id(h), ENGINE_get_name(h));
- h = ENGINE_get_next(h);
- }
- printf("end of list\n");
- /* ENGINE_get_first() increases the struct_ref counter, so we
- must call ENGINE_free() to decrease it again */
- ENGINE_free(h);
- }
+ h = ENGINE_get_first();
+ loop = 0;
+ printf("listing available engine types\n");
+ while (h) {
+ printf("engine %i, id = \"%s\", name = \"%s\"\n",
+ loop++, ENGINE_get_id(h), ENGINE_get_name(h));
+ h = ENGINE_get_next(h);
+ }
+ printf("end of list\n");
+ /*
+ * ENGINE_get_first() increases the struct_ref counter, so we must call
+ * ENGINE_free() to decrease it again
+ */
+ ENGINE_free(h);
+}
int main(int argc, char *argv[])
- {
- ENGINE *block[512];
- char buf[256];
- const char *id, *name;
- ENGINE *ptr;
- int loop;
- int to_return = 1;
- ENGINE *new_h1 = NULL;
- ENGINE *new_h2 = NULL;
- ENGINE *new_h3 = NULL;
- ENGINE *new_h4 = NULL;
+{
+ ENGINE *block[512];
+ char buf[256];
+ const char *id, *name;
+ ENGINE *ptr;
+ int loop;
+ int to_return = 1;
+ ENGINE *new_h1 = NULL;
+ ENGINE *new_h2 = NULL;
+ ENGINE *new_h3 = NULL;
+ ENGINE *new_h4 = NULL;
- /* enable memory leak checking unless explicitly disabled */
- if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
- {
- CRYPTO_malloc_debug_init();
- CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
- }
- else
- {
- /* OPENSSL_DEBUG_MEMORY=off */
- CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
- }
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
- ERR_load_crypto_strings();
+ /* enable memory leak checking unless explicitly disabled */
+ if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL)
+ && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))) {
+ CRYPTO_malloc_debug_init();
+ CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+ } else {
+ /* OPENSSL_DEBUG_MEMORY=off */
+ CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
+ }
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+ ERR_load_crypto_strings();
- memset(block, 0, 512 * sizeof(ENGINE *));
- if(((new_h1 = ENGINE_new()) == NULL) ||
- !ENGINE_set_id(new_h1, "test_id0") ||
- !ENGINE_set_name(new_h1, "First test item") ||
- ((new_h2 = ENGINE_new()) == NULL) ||
- !ENGINE_set_id(new_h2, "test_id1") ||
- !ENGINE_set_name(new_h2, "Second test item") ||
- ((new_h3 = ENGINE_new()) == NULL) ||
- !ENGINE_set_id(new_h3, "test_id2") ||
- !ENGINE_set_name(new_h3, "Third test item") ||
- ((new_h4 = ENGINE_new()) == NULL) ||
- !ENGINE_set_id(new_h4, "test_id3") ||
- !ENGINE_set_name(new_h4, "Fourth test item"))
- {
- printf("Couldn't set up test ENGINE structures\n");
- goto end;
- }
- printf("\nenginetest beginning\n\n");
- display_engine_list();
- if(!ENGINE_add(new_h1))
- {
- printf("Add failed!\n");
- goto end;
- }
- display_engine_list();
- ptr = ENGINE_get_first();
- if(!ENGINE_remove(ptr))
- {
- printf("Remove failed!\n");
- goto end;
- }
- if (ptr)
- ENGINE_free(ptr);
- display_engine_list();
- if(!ENGINE_add(new_h3) || !ENGINE_add(new_h2))
- {
- printf("Add failed!\n");
- goto end;
- }
- display_engine_list();
- if(!ENGINE_remove(new_h2))
- {
- printf("Remove failed!\n");
- goto end;
- }
- display_engine_list();
- if(!ENGINE_add(new_h4))
- {
- printf("Add failed!\n");
- goto end;
- }
- display_engine_list();
- if(ENGINE_add(new_h3))
- {
- printf("Add *should* have failed but didn't!\n");
- goto end;
- }
- else
- printf("Add that should fail did.\n");
- ERR_clear_error();
- if(ENGINE_remove(new_h2))
- {
- printf("Remove *should* have failed but didn't!\n");
- goto end;
- }
- else
- printf("Remove that should fail did.\n");
- ERR_clear_error();
- if(!ENGINE_remove(new_h3))
- {
- printf("Remove failed!\n");
- goto end;
- }
- display_engine_list();
- if(!ENGINE_remove(new_h4))
- {
- printf("Remove failed!\n");
- goto end;
- }
- display_engine_list();
- /* Depending on whether there's any hardware support compiled
- * in, this remove may be destined to fail. */
- ptr = ENGINE_get_first();
- if(ptr)
- if(!ENGINE_remove(ptr))
- printf("Remove failed!i - probably no hardware "
- "support present.\n");
- if (ptr)
- ENGINE_free(ptr);
- display_engine_list();
- if(!ENGINE_add(new_h1) || !ENGINE_remove(new_h1))
- {
- printf("Couldn't add and remove to an empty list!\n");
- goto end;
- }
- else
- printf("Successfully added and removed to an empty list!\n");
- printf("About to beef up the engine-type list\n");
- for(loop = 0; loop < 512; loop++)
- {
- sprintf(buf, "id%i", loop);
- id = BUF_strdup(buf);
- sprintf(buf, "Fake engine type %i", loop);
- name = BUF_strdup(buf);
- if(((block[loop] = ENGINE_new()) == NULL) ||
- !ENGINE_set_id(block[loop], id) ||
- !ENGINE_set_name(block[loop], name))
- {
- printf("Couldn't create block of ENGINE structures.\n"
- "I'll probably also core-dump now, damn.\n");
- goto end;
- }
- }
- for(loop = 0; loop < 512; loop++)
- {
- if(!ENGINE_add(block[loop]))
- {
- printf("\nAdding stopped at %i, (%s,%s)\n",
- loop, ENGINE_get_id(block[loop]),
- ENGINE_get_name(block[loop]));
- goto cleanup_loop;
- }
- else
- printf("."); fflush(stdout);
- }
-cleanup_loop:
- printf("\nAbout to empty the engine-type list\n");
- while((ptr = ENGINE_get_first()) != NULL)
- {
- if(!ENGINE_remove(ptr))
- {
- printf("\nRemove failed!\n");
- goto end;
- }
- ENGINE_free(ptr);
- printf("."); fflush(stdout);
- }
- for(loop = 0; loop < 512; loop++)
- {
- OPENSSL_free((void *)ENGINE_get_id(block[loop]));
- OPENSSL_free((void *)ENGINE_get_name(block[loop]));
- }
- printf("\nTests completed happily\n");
- to_return = 0;
-end:
- if(to_return)
- ERR_print_errors_fp(stderr);
- if(new_h1) ENGINE_free(new_h1);
- if(new_h2) ENGINE_free(new_h2);
- if(new_h3) ENGINE_free(new_h3);
- if(new_h4) ENGINE_free(new_h4);
- for(loop = 0; loop < 512; loop++)
- if(block[loop])
- ENGINE_free(block[loop]);
- ENGINE_cleanup();
- CRYPTO_cleanup_all_ex_data();
- ERR_free_strings();
- ERR_remove_thread_state(NULL);
- CRYPTO_mem_leaks_fp(stderr);
- return to_return;
- }
+ memset(block, 0, 512 * sizeof(ENGINE *));
+ if (((new_h1 = ENGINE_new()) == NULL) ||
+ !ENGINE_set_id(new_h1, "test_id0") ||
+ !ENGINE_set_name(new_h1, "First test item") ||
+ ((new_h2 = ENGINE_new()) == NULL) ||
+ !ENGINE_set_id(new_h2, "test_id1") ||
+ !ENGINE_set_name(new_h2, "Second test item") ||
+ ((new_h3 = ENGINE_new()) == NULL) ||
+ !ENGINE_set_id(new_h3, "test_id2") ||
+ !ENGINE_set_name(new_h3, "Third test item") ||
+ ((new_h4 = ENGINE_new()) == NULL) ||
+ !ENGINE_set_id(new_h4, "test_id3") ||
+ !ENGINE_set_name(new_h4, "Fourth test item")) {
+ printf("Couldn't set up test ENGINE structures\n");
+ goto end;
+ }
+ printf("\nenginetest beginning\n\n");
+ display_engine_list();
+ if (!ENGINE_add(new_h1)) {
+ printf("Add failed!\n");
+ goto end;
+ }
+ display_engine_list();
+ ptr = ENGINE_get_first();
+ if (!ENGINE_remove(ptr)) {
+ printf("Remove failed!\n");
+ goto end;
+ }
+ if (ptr)
+ ENGINE_free(ptr);
+ display_engine_list();
+ if (!ENGINE_add(new_h3) || !ENGINE_add(new_h2)) {
+ printf("Add failed!\n");
+ goto end;
+ }
+ display_engine_list();
+ if (!ENGINE_remove(new_h2)) {
+ printf("Remove failed!\n");
+ goto end;
+ }
+ display_engine_list();
+ if (!ENGINE_add(new_h4)) {
+ printf("Add failed!\n");
+ goto end;
+ }
+ display_engine_list();
+ if (ENGINE_add(new_h3)) {
+ printf("Add *should* have failed but didn't!\n");
+ goto end;
+ } else
+ printf("Add that should fail did.\n");
+ ERR_clear_error();
+ if (ENGINE_remove(new_h2)) {
+ printf("Remove *should* have failed but didn't!\n");
+ goto end;
+ } else
+ printf("Remove that should fail did.\n");
+ ERR_clear_error();
+ if (!ENGINE_remove(new_h3)) {
+ printf("Remove failed!\n");
+ goto end;
+ }
+ display_engine_list();
+ if (!ENGINE_remove(new_h4)) {
+ printf("Remove failed!\n");
+ goto end;
+ }
+ display_engine_list();
+ /*
+ * Depending on whether there's any hardware support compiled in, this
+ * remove may be destined to fail.
+ */
+ ptr = ENGINE_get_first();
+ if (ptr)
+ if (!ENGINE_remove(ptr))
+ printf("Remove failed!i - probably no hardware "
+ "support present.\n");
+ if (ptr)
+ ENGINE_free(ptr);
+ display_engine_list();
+ if (!ENGINE_add(new_h1) || !ENGINE_remove(new_h1)) {
+ printf("Couldn't add and remove to an empty list!\n");
+ goto end;
+ } else
+ printf("Successfully added and removed to an empty list!\n");
+ printf("About to beef up the engine-type list\n");
+ for (loop = 0; loop < 512; loop++) {
+ sprintf(buf, "id%i", loop);
+ id = BUF_strdup(buf);
+ sprintf(buf, "Fake engine type %i", loop);
+ name = BUF_strdup(buf);
+ if (((block[loop] = ENGINE_new()) == NULL) ||
+ !ENGINE_set_id(block[loop], id) ||
+ !ENGINE_set_name(block[loop], name)) {
+ printf("Couldn't create block of ENGINE structures.\n"
+ "I'll probably also core-dump now, damn.\n");
+ goto end;
+ }
+ }
+ for (loop = 0; loop < 512; loop++) {
+ if (!ENGINE_add(block[loop])) {
+ printf("\nAdding stopped at %i, (%s,%s)\n",
+ loop, ENGINE_get_id(block[loop]),
+ ENGINE_get_name(block[loop]));
+ goto cleanup_loop;
+ } else
+ printf(".");
+ fflush(stdout);
+ }
+ cleanup_loop:
+ printf("\nAbout to empty the engine-type list\n");
+ while ((ptr = ENGINE_get_first()) != NULL) {
+ if (!ENGINE_remove(ptr)) {
+ printf("\nRemove failed!\n");
+ goto end;
+ }
+ ENGINE_free(ptr);
+ printf(".");
+ fflush(stdout);
+ }
+ for (loop = 0; loop < 512; loop++) {
+ OPENSSL_free((void *)ENGINE_get_id(block[loop]));
+ OPENSSL_free((void *)ENGINE_get_name(block[loop]));
+ }
+ printf("\nTests completed happily\n");
+ to_return = 0;
+ end:
+ if (to_return)
+ ERR_print_errors_fp(stderr);
+ if (new_h1)
+ ENGINE_free(new_h1);
+ if (new_h2)
+ ENGINE_free(new_h2);
+ if (new_h3)
+ ENGINE_free(new_h3);
+ if (new_h4)
+ ENGINE_free(new_h4);
+ for (loop = 0; loop < 512; loop++)
+ if (block[loop])
+ ENGINE_free(block[loop]);
+ ENGINE_cleanup();
+ CRYPTO_cleanup_all_ex_data();
+ ERR_free_strings();
+ ERR_remove_thread_state(NULL);
+ CRYPTO_mem_leaks_fp(stderr);
+ return to_return;
+}
#endif
diff --git a/openssl/crypto/engine/tb_asnmth.c b/openssl/crypto/engine/tb_asnmth.c
index 75090339f..a1a9b88c4 100644
--- a/openssl/crypto/engine/tb_asnmth.c
+++ b/openssl/crypto/engine/tb_asnmth.c
@@ -6,7 +6,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -56,191 +56,191 @@
#include "asn1_locl.h"
#include <openssl/evp.h>
-/* If this symbol is defined then ENGINE_get_pkey_asn1_meth_engine(), the
+/*
+ * If this symbol is defined then ENGINE_get_pkey_asn1_meth_engine(), the
* function that is used by EVP to hook in pkey_asn1_meth code and cache
* defaults (etc), will display brief debugging summaries to stderr with the
- * 'nid'. */
+ * 'nid'.
+ */
/* #define ENGINE_PKEY_ASN1_METH_DEBUG */
static ENGINE_TABLE *pkey_asn1_meth_table = NULL;
void ENGINE_unregister_pkey_asn1_meths(ENGINE *e)
- {
- engine_table_unregister(&pkey_asn1_meth_table, e);
- }
+{
+ engine_table_unregister(&pkey_asn1_meth_table, e);
+}
static void engine_unregister_all_pkey_asn1_meths(void)
- {
- engine_table_cleanup(&pkey_asn1_meth_table);
- }
+{
+ engine_table_cleanup(&pkey_asn1_meth_table);
+}
int ENGINE_register_pkey_asn1_meths(ENGINE *e)
- {
- if(e->pkey_asn1_meths)
- {
- const int *nids;
- int num_nids = e->pkey_asn1_meths(e, NULL, &nids, 0);
- if(num_nids > 0)
- return engine_table_register(&pkey_asn1_meth_table,
- engine_unregister_all_pkey_asn1_meths, e, nids,
- num_nids, 0);
- }
- return 1;
- }
+{
+ if (e->pkey_asn1_meths) {
+ const int *nids;
+ int num_nids = e->pkey_asn1_meths(e, NULL, &nids, 0);
+ if (num_nids > 0)
+ return engine_table_register(&pkey_asn1_meth_table,
+ engine_unregister_all_pkey_asn1_meths,
+ e, nids, num_nids, 0);
+ }
+ return 1;
+}
void ENGINE_register_all_pkey_asn1_meths(void)
- {
- ENGINE *e;
+{
+ ENGINE *e;
- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
- ENGINE_register_pkey_asn1_meths(e);
- }
+ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+ ENGINE_register_pkey_asn1_meths(e);
+}
int ENGINE_set_default_pkey_asn1_meths(ENGINE *e)
- {
- if(e->pkey_asn1_meths)
- {
- const int *nids;
- int num_nids = e->pkey_asn1_meths(e, NULL, &nids, 0);
- if(num_nids > 0)
- return engine_table_register(&pkey_asn1_meth_table,
- engine_unregister_all_pkey_asn1_meths, e, nids,
- num_nids, 1);
- }
- return 1;
- }
-
-/* Exposed API function to get a functional reference from the implementation
+{
+ if (e->pkey_asn1_meths) {
+ const int *nids;
+ int num_nids = e->pkey_asn1_meths(e, NULL, &nids, 0);
+ if (num_nids > 0)
+ return engine_table_register(&pkey_asn1_meth_table,
+ engine_unregister_all_pkey_asn1_meths,
+ e, nids, num_nids, 1);
+ }
+ return 1;
+}
+
+/*
+ * Exposed API function to get a functional reference from the implementation
* table (ie. try to get a functional reference from the tabled structural
- * references) for a given pkey_asn1_meth 'nid' */
+ * references) for a given pkey_asn1_meth 'nid'
+ */
ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid)
- {
- return engine_table_select(&pkey_asn1_meth_table, nid);
- }
+{
+ return engine_table_select(&pkey_asn1_meth_table, nid);
+}
-/* Obtains a pkey_asn1_meth implementation from an ENGINE functional reference */
+/*
+ * Obtains a pkey_asn1_meth implementation from an ENGINE functional
+ * reference
+ */
const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid)
- {
- EVP_PKEY_ASN1_METHOD *ret;
- ENGINE_PKEY_ASN1_METHS_PTR fn = ENGINE_get_pkey_asn1_meths(e);
- if(!fn || !fn(e, &ret, NULL, nid))
- {
- ENGINEerr(ENGINE_F_ENGINE_GET_PKEY_ASN1_METH,
- ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD);
- return NULL;
- }
- return ret;
- }
+{
+ EVP_PKEY_ASN1_METHOD *ret;
+ ENGINE_PKEY_ASN1_METHS_PTR fn = ENGINE_get_pkey_asn1_meths(e);
+ if (!fn || !fn(e, &ret, NULL, nid)) {
+ ENGINEerr(ENGINE_F_ENGINE_GET_PKEY_ASN1_METH,
+ ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD);
+ return NULL;
+ }
+ return ret;
+}
/* Gets the pkey_asn1_meth callback from an ENGINE structure */
ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e)
- {
- return e->pkey_asn1_meths;
- }
+{
+ return e->pkey_asn1_meths;
+}
/* Sets the pkey_asn1_meth callback in an ENGINE structure */
int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f)
- {
- e->pkey_asn1_meths = f;
- return 1;
- }
+{
+ e->pkey_asn1_meths = f;
+ return 1;
+}
-/* Internal function to free up EVP_PKEY_ASN1_METHOD structures before an
+/*
+ * Internal function to free up EVP_PKEY_ASN1_METHOD structures before an
* ENGINE is destroyed
*/
void engine_pkey_asn1_meths_free(ENGINE *e)
- {
- int i;
- EVP_PKEY_ASN1_METHOD *pkm;
- if (e->pkey_asn1_meths)
- {
- const int *pknids;
- int npknids;
- npknids = e->pkey_asn1_meths(e, NULL, &pknids, 0);
- for (i = 0; i < npknids; i++)
- {
- if (e->pkey_asn1_meths(e, &pkm, NULL, pknids[i]))
- {
- EVP_PKEY_asn1_free(pkm);
- }
- }
- }
- }
-
-/* Find a method based on a string. This does a linear search through
- * all implemented algorithms. This is OK in practice because only
- * a small number of algorithms are likely to be implemented in an engine
- * and it is not used for speed critical operations.
+{
+ int i;
+ EVP_PKEY_ASN1_METHOD *pkm;
+ if (e->pkey_asn1_meths) {
+ const int *pknids;
+ int npknids;
+ npknids = e->pkey_asn1_meths(e, NULL, &pknids, 0);
+ for (i = 0; i < npknids; i++) {
+ if (e->pkey_asn1_meths(e, &pkm, NULL, pknids[i])) {
+ EVP_PKEY_asn1_free(pkm);
+ }
+ }
+ }
+}
+
+/*
+ * Find a method based on a string. This does a linear search through all
+ * implemented algorithms. This is OK in practice because only a small number
+ * of algorithms are likely to be implemented in an engine and it is not used
+ * for speed critical operations.
*/
const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e,
- const char *str, int len)
- {
- int i, nidcount;
- const int *nids;
- EVP_PKEY_ASN1_METHOD *ameth;
- if (!e->pkey_asn1_meths)
- return NULL;
- if (len == -1)
- len = strlen(str);
- nidcount = e->pkey_asn1_meths(e, NULL, &nids, 0);
- for (i = 0; i < nidcount; i++)
- {
- e->pkey_asn1_meths(e, &ameth, NULL, nids[i]);
- if (((int)strlen(ameth->pem_str) == len) &&
- !strncasecmp(ameth->pem_str, str, len))
- return ameth;
- }
- return NULL;
- }
-
-typedef struct
- {
- ENGINE *e;
- const EVP_PKEY_ASN1_METHOD *ameth;
- const char *str;
- int len;
- } ENGINE_FIND_STR;
+ const char *str,
+ int len)
+{
+ int i, nidcount;
+ const int *nids;
+ EVP_PKEY_ASN1_METHOD *ameth;
+ if (!e->pkey_asn1_meths)
+ return NULL;
+ if (len == -1)
+ len = strlen(str);
+ nidcount = e->pkey_asn1_meths(e, NULL, &nids, 0);
+ for (i = 0; i < nidcount; i++) {
+ e->pkey_asn1_meths(e, &ameth, NULL, nids[i]);
+ if (((int)strlen(ameth->pem_str) == len) &&
+ !strncasecmp(ameth->pem_str, str, len))
+ return ameth;
+ }
+ return NULL;
+}
+
+typedef struct {
+ ENGINE *e;
+ const EVP_PKEY_ASN1_METHOD *ameth;
+ const char *str;
+ int len;
+} ENGINE_FIND_STR;
static void look_str_cb(int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg)
- {
- ENGINE_FIND_STR *lk = arg;
- int i;
- if (lk->ameth)
- return;
- for (i = 0; i < sk_ENGINE_num(sk); i++)
- {
- ENGINE *e = sk_ENGINE_value(sk, i);
- EVP_PKEY_ASN1_METHOD *ameth;
- e->pkey_asn1_meths(e, &ameth, NULL, nid);
- if (((int)strlen(ameth->pem_str) == lk->len) &&
- !strncasecmp(ameth->pem_str, lk->str, lk->len))
- {
- lk->e = e;
- lk->ameth = ameth;
- return;
- }
- }
- }
+{
+ ENGINE_FIND_STR *lk = arg;
+ int i;
+ if (lk->ameth)
+ return;
+ for (i = 0; i < sk_ENGINE_num(sk); i++) {
+ ENGINE *e = sk_ENGINE_value(sk, i);
+ EVP_PKEY_ASN1_METHOD *ameth;
+ e->pkey_asn1_meths(e, &ameth, NULL, nid);
+ if (((int)strlen(ameth->pem_str) == lk->len) &&
+ !strncasecmp(ameth->pem_str, lk->str, lk->len)) {
+ lk->e = e;
+ lk->ameth = ameth;
+ return;
+ }
+ }
+}
const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe,
- const char *str, int len)
- {
- ENGINE_FIND_STR fstr;
- fstr.e = NULL;
- fstr.ameth = NULL;
- fstr.str = str;
- fstr.len = len;
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- engine_table_doall(pkey_asn1_meth_table, look_str_cb, &fstr);
- /* If found obtain a structural reference to engine */
- if (fstr.e)
- {
- fstr.e->struct_ref++;
- engine_ref_debug(fstr.e, 0, 1)
- }
- *pe = fstr.e;
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- return fstr.ameth;
- }
+ const char *str,
+ int len)
+{
+ ENGINE_FIND_STR fstr;
+ fstr.e = NULL;
+ fstr.ameth = NULL;
+ fstr.str = str;
+ fstr.len = len;
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ engine_table_doall(pkey_asn1_meth_table, look_str_cb, &fstr);
+ /* If found obtain a structural reference to engine */
+ if (fstr.e) {
+ fstr.e->struct_ref++;
+ engine_ref_debug(fstr.e, 0, 1)
+ }
+ *pe = fstr.e;
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ return fstr.ameth;
+}
diff --git a/openssl/crypto/engine/tb_cipher.c b/openssl/crypto/engine/tb_cipher.c
index 177fc1fb7..fcfb2efd8 100644
--- a/openssl/crypto/engine/tb_cipher.c
+++ b/openssl/crypto/engine/tb_cipher.c
@@ -6,7 +6,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -54,90 +54,90 @@
#include "eng_int.h"
-/* If this symbol is defined then ENGINE_get_cipher_engine(), the function that
- * is used by EVP to hook in cipher code and cache defaults (etc), will display
- * brief debugging summaries to stderr with the 'nid'. */
+/*
+ * If this symbol is defined then ENGINE_get_cipher_engine(), the function
+ * that is used by EVP to hook in cipher code and cache defaults (etc), will
+ * display brief debugging summaries to stderr with the 'nid'.
+ */
/* #define ENGINE_CIPHER_DEBUG */
static ENGINE_TABLE *cipher_table = NULL;
void ENGINE_unregister_ciphers(ENGINE *e)
- {
- engine_table_unregister(&cipher_table, e);
- }
+{
+ engine_table_unregister(&cipher_table, e);
+}
static void engine_unregister_all_ciphers(void)
- {
- engine_table_cleanup(&cipher_table);
- }
+{
+ engine_table_cleanup(&cipher_table);
+}
int ENGINE_register_ciphers(ENGINE *e)
- {
- if(e->ciphers)
- {
- const int *nids;
- int num_nids = e->ciphers(e, NULL, &nids, 0);
- if(num_nids > 0)
- return engine_table_register(&cipher_table,
- engine_unregister_all_ciphers, e, nids,
- num_nids, 0);
- }
- return 1;
- }
+{
+ if (e->ciphers) {
+ const int *nids;
+ int num_nids = e->ciphers(e, NULL, &nids, 0);
+ if (num_nids > 0)
+ return engine_table_register(&cipher_table,
+ engine_unregister_all_ciphers, e,
+ nids, num_nids, 0);
+ }
+ return 1;
+}
void ENGINE_register_all_ciphers()
- {
- ENGINE *e;
+{
+ ENGINE *e;
- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
- ENGINE_register_ciphers(e);
- }
+ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+ ENGINE_register_ciphers(e);
+}
int ENGINE_set_default_ciphers(ENGINE *e)
- {
- if(e->ciphers)
- {
- const int *nids;
- int num_nids = e->ciphers(e, NULL, &nids, 0);
- if(num_nids > 0)
- return engine_table_register(&cipher_table,
- engine_unregister_all_ciphers, e, nids,
- num_nids, 1);
- }
- return 1;
- }
+{
+ if (e->ciphers) {
+ const int *nids;
+ int num_nids = e->ciphers(e, NULL, &nids, 0);
+ if (num_nids > 0)
+ return engine_table_register(&cipher_table,
+ engine_unregister_all_ciphers, e,
+ nids, num_nids, 1);
+ }
+ return 1;
+}
-/* Exposed API function to get a functional reference from the implementation
+/*
+ * Exposed API function to get a functional reference from the implementation
* table (ie. try to get a functional reference from the tabled structural
- * references) for a given cipher 'nid' */
+ * references) for a given cipher 'nid'
+ */
ENGINE *ENGINE_get_cipher_engine(int nid)
- {
- return engine_table_select(&cipher_table, nid);
- }
+{
+ return engine_table_select(&cipher_table, nid);
+}
/* Obtains a cipher implementation from an ENGINE functional reference */
const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid)
- {
- const EVP_CIPHER *ret;
- ENGINE_CIPHERS_PTR fn = ENGINE_get_ciphers(e);
- if(!fn || !fn(e, &ret, NULL, nid))
- {
- ENGINEerr(ENGINE_F_ENGINE_GET_CIPHER,
- ENGINE_R_UNIMPLEMENTED_CIPHER);
- return NULL;
- }
- return ret;
- }
+{
+ const EVP_CIPHER *ret;
+ ENGINE_CIPHERS_PTR fn = ENGINE_get_ciphers(e);
+ if (!fn || !fn(e, &ret, NULL, nid)) {
+ ENGINEerr(ENGINE_F_ENGINE_GET_CIPHER, ENGINE_R_UNIMPLEMENTED_CIPHER);
+ return NULL;
+ }
+ return ret;
+}
/* Gets the cipher callback from an ENGINE structure */
ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e)
- {
- return e->ciphers;
- }
+{
+ return e->ciphers;
+}
/* Sets the cipher callback in an ENGINE structure */
int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f)
- {
- e->ciphers = f;
- return 1;
- }
+{
+ e->ciphers = f;
+ return 1;
+}
diff --git a/openssl/crypto/engine/tb_dh.c b/openssl/crypto/engine/tb_dh.c
index 6e9d42876..8114afa63 100644
--- a/openssl/crypto/engine/tb_dh.c
+++ b/openssl/crypto/engine/tb_dh.c
@@ -6,7 +6,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -54,65 +54,71 @@
#include "eng_int.h"
-/* If this symbol is defined then ENGINE_get_default_DH(), the function that is
- * used by DH to hook in implementation code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'. */
+/*
+ * If this symbol is defined then ENGINE_get_default_DH(), the function that
+ * is used by DH to hook in implementation code and cache defaults (etc),
+ * will display brief debugging summaries to stderr with the 'nid'.
+ */
/* #define ENGINE_DH_DEBUG */
static ENGINE_TABLE *dh_table = NULL;
static const int dummy_nid = 1;
void ENGINE_unregister_DH(ENGINE *e)
- {
- engine_table_unregister(&dh_table, e);
- }
+{
+ engine_table_unregister(&dh_table, e);
+}
static void engine_unregister_all_DH(void)
- {
- engine_table_cleanup(&dh_table);
- }
+{
+ engine_table_cleanup(&dh_table);
+}
int ENGINE_register_DH(ENGINE *e)
- {
- if(e->dh_meth)
- return engine_table_register(&dh_table,
- engine_unregister_all_DH, e, &dummy_nid, 1, 0);
- return 1;
- }
+{
+ if (e->dh_meth)
+ return engine_table_register(&dh_table,
+ engine_unregister_all_DH, e, &dummy_nid,
+ 1, 0);
+ return 1;
+}
void ENGINE_register_all_DH()
- {
- ENGINE *e;
+{
+ ENGINE *e;
- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
- ENGINE_register_DH(e);
- }
+ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+ ENGINE_register_DH(e);
+}
int ENGINE_set_default_DH(ENGINE *e)
- {
- if(e->dh_meth)
- return engine_table_register(&dh_table,
- engine_unregister_all_DH, e, &dummy_nid, 1, 1);
- return 1;
- }
+{
+ if (e->dh_meth)
+ return engine_table_register(&dh_table,
+ engine_unregister_all_DH, e, &dummy_nid,
+ 1, 1);
+ return 1;
+}
-/* Exposed API function to get a functional reference from the implementation
+/*
+ * Exposed API function to get a functional reference from the implementation
* table (ie. try to get a functional reference from the tabled structural
- * references). */
+ * references).
+ */
ENGINE *ENGINE_get_default_DH(void)
- {
- return engine_table_select(&dh_table, dummy_nid);
- }
+{
+ return engine_table_select(&dh_table, dummy_nid);
+}
/* Obtains an DH implementation from an ENGINE functional reference */
const DH_METHOD *ENGINE_get_DH(const ENGINE *e)
- {
- return e->dh_meth;
- }
+{
+ return e->dh_meth;
+}
/* Sets an DH implementation in an ENGINE structure */
int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth)
- {
- e->dh_meth = dh_meth;
- return 1;
- }
+{
+ e->dh_meth = dh_meth;
+ return 1;
+}
diff --git a/openssl/crypto/engine/tb_digest.c b/openssl/crypto/engine/tb_digest.c
index d3f4bb274..de1ad9c01 100644
--- a/openssl/crypto/engine/tb_digest.c
+++ b/openssl/crypto/engine/tb_digest.c
@@ -6,7 +6,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -54,90 +54,90 @@
#include "eng_int.h"
-/* If this symbol is defined then ENGINE_get_digest_engine(), the function that
- * is used by EVP to hook in digest code and cache defaults (etc), will display
- * brief debugging summaries to stderr with the 'nid'. */
+/*
+ * If this symbol is defined then ENGINE_get_digest_engine(), the function
+ * that is used by EVP to hook in digest code and cache defaults (etc), will
+ * display brief debugging summaries to stderr with the 'nid'.
+ */
/* #define ENGINE_DIGEST_DEBUG */
static ENGINE_TABLE *digest_table = NULL;
void ENGINE_unregister_digests(ENGINE *e)
- {
- engine_table_unregister(&digest_table, e);
- }
+{
+ engine_table_unregister(&digest_table, e);
+}
static void engine_unregister_all_digests(void)
- {
- engine_table_cleanup(&digest_table);
- }
+{
+ engine_table_cleanup(&digest_table);
+}
int ENGINE_register_digests(ENGINE *e)
- {
- if(e->digests)
- {
- const int *nids;
- int num_nids = e->digests(e, NULL, &nids, 0);
- if(num_nids > 0)
- return engine_table_register(&digest_table,
- engine_unregister_all_digests, e, nids,
- num_nids, 0);
- }
- return 1;
- }
+{
+ if (e->digests) {
+ const int *nids;
+ int num_nids = e->digests(e, NULL, &nids, 0);
+ if (num_nids > 0)
+ return engine_table_register(&digest_table,
+ engine_unregister_all_digests, e,
+ nids, num_nids, 0);
+ }
+ return 1;
+}
void ENGINE_register_all_digests()
- {
- ENGINE *e;
+{
+ ENGINE *e;
- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
- ENGINE_register_digests(e);
- }
+ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+ ENGINE_register_digests(e);
+}
int ENGINE_set_default_digests(ENGINE *e)
- {
- if(e->digests)
- {
- const int *nids;
- int num_nids = e->digests(e, NULL, &nids, 0);
- if(num_nids > 0)
- return engine_table_register(&digest_table,
- engine_unregister_all_digests, e, nids,
- num_nids, 1);
- }
- return 1;
- }
+{
+ if (e->digests) {
+ const int *nids;
+ int num_nids = e->digests(e, NULL, &nids, 0);
+ if (num_nids > 0)
+ return engine_table_register(&digest_table,
+ engine_unregister_all_digests, e,
+ nids, num_nids, 1);
+ }
+ return 1;
+}
-/* Exposed API function to get a functional reference from the implementation
+/*
+ * Exposed API function to get a functional reference from the implementation
* table (ie. try to get a functional reference from the tabled structural
- * references) for a given digest 'nid' */
+ * references) for a given digest 'nid'
+ */
ENGINE *ENGINE_get_digest_engine(int nid)
- {
- return engine_table_select(&digest_table, nid);
- }
+{
+ return engine_table_select(&digest_table, nid);
+}
/* Obtains a digest implementation from an ENGINE functional reference */
const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid)
- {
- const EVP_MD *ret;
- ENGINE_DIGESTS_PTR fn = ENGINE_get_digests(e);
- if(!fn || !fn(e, &ret, NULL, nid))
- {
- ENGINEerr(ENGINE_F_ENGINE_GET_DIGEST,
- ENGINE_R_UNIMPLEMENTED_DIGEST);
- return NULL;
- }
- return ret;
- }
+{
+ const EVP_MD *ret;
+ ENGINE_DIGESTS_PTR fn = ENGINE_get_digests(e);
+ if (!fn || !fn(e, &ret, NULL, nid)) {
+ ENGINEerr(ENGINE_F_ENGINE_GET_DIGEST, ENGINE_R_UNIMPLEMENTED_DIGEST);
+ return NULL;
+ }
+ return ret;
+}
/* Gets the digest callback from an ENGINE structure */
ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e)
- {
- return e->digests;
- }
+{
+ return e->digests;
+}
/* Sets the digest callback in an ENGINE structure */
int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f)
- {
- e->digests = f;
- return 1;
- }
+{
+ e->digests = f;
+ return 1;
+}
diff --git a/openssl/crypto/engine/tb_dsa.c b/openssl/crypto/engine/tb_dsa.c
index e4674f5f0..c1f57f146 100644
--- a/openssl/crypto/engine/tb_dsa.c
+++ b/openssl/crypto/engine/tb_dsa.c
@@ -6,7 +6,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -54,65 +54,71 @@
#include "eng_int.h"
-/* If this symbol is defined then ENGINE_get_default_DSA(), the function that is
- * used by DSA to hook in implementation code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'. */
+/*
+ * If this symbol is defined then ENGINE_get_default_DSA(), the function that
+ * is used by DSA to hook in implementation code and cache defaults (etc),
+ * will display brief debugging summaries to stderr with the 'nid'.
+ */
/* #define ENGINE_DSA_DEBUG */
static ENGINE_TABLE *dsa_table = NULL;
static const int dummy_nid = 1;
void ENGINE_unregister_DSA(ENGINE *e)
- {
- engine_table_unregister(&dsa_table, e);
- }
+{
+ engine_table_unregister(&dsa_table, e);
+}
static void engine_unregister_all_DSA(void)
- {
- engine_table_cleanup(&dsa_table);
- }
+{
+ engine_table_cleanup(&dsa_table);
+}
int ENGINE_register_DSA(ENGINE *e)
- {
- if(e->dsa_meth)
- return engine_table_register(&dsa_table,
- engine_unregister_all_DSA, e, &dummy_nid, 1, 0);
- return 1;
- }
+{
+ if (e->dsa_meth)
+ return engine_table_register(&dsa_table,
+ engine_unregister_all_DSA, e, &dummy_nid,
+ 1, 0);
+ return 1;
+}
void ENGINE_register_all_DSA()
- {
- ENGINE *e;
+{
+ ENGINE *e;
- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
- ENGINE_register_DSA(e);
- }
+ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+ ENGINE_register_DSA(e);
+}
int ENGINE_set_default_DSA(ENGINE *e)
- {
- if(e->dsa_meth)
- return engine_table_register(&dsa_table,
- engine_unregister_all_DSA, e, &dummy_nid, 1, 1);
- return 1;
- }
+{
+ if (e->dsa_meth)
+ return engine_table_register(&dsa_table,
+ engine_unregister_all_DSA, e, &dummy_nid,
+ 1, 1);
+ return 1;
+}
-/* Exposed API function to get a functional reference from the implementation
+/*
+ * Exposed API function to get a functional reference from the implementation
* table (ie. try to get a functional reference from the tabled structural
- * references). */
+ * references).
+ */
ENGINE *ENGINE_get_default_DSA(void)
- {
- return engine_table_select(&dsa_table, dummy_nid);
- }
+{
+ return engine_table_select(&dsa_table, dummy_nid);
+}
/* Obtains an DSA implementation from an ENGINE functional reference */
const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e)
- {
- return e->dsa_meth;
- }
+{
+ return e->dsa_meth;
+}
/* Sets an DSA implementation in an ENGINE structure */
int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth)
- {
- e->dsa_meth = dsa_meth;
- return 1;
- }
+{
+ e->dsa_meth = dsa_meth;
+ return 1;
+}
diff --git a/openssl/crypto/engine/tb_ecdh.c b/openssl/crypto/engine/tb_ecdh.c
index c8ec7812c..c51441be8 100644
--- a/openssl/crypto/engine/tb_ecdh.c
+++ b/openssl/crypto/engine/tb_ecdh.c
@@ -21,7 +21,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -69,65 +69,71 @@
#include "eng_int.h"
-/* If this symbol is defined then ENGINE_get_default_ECDH(), the function that is
- * used by ECDH to hook in implementation code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'. */
+/*
+ * If this symbol is defined then ENGINE_get_default_ECDH(), the function
+ * that is used by ECDH to hook in implementation code and cache defaults
+ * (etc), will display brief debugging summaries to stderr with the 'nid'.
+ */
/* #define ENGINE_ECDH_DEBUG */
static ENGINE_TABLE *ecdh_table = NULL;
static const int dummy_nid = 1;
void ENGINE_unregister_ECDH(ENGINE *e)
- {
- engine_table_unregister(&ecdh_table, e);
- }
+{
+ engine_table_unregister(&ecdh_table, e);
+}
static void engine_unregister_all_ECDH(void)
- {
- engine_table_cleanup(&ecdh_table);
- }
+{
+ engine_table_cleanup(&ecdh_table);
+}
int ENGINE_register_ECDH(ENGINE *e)
- {
- if(e->ecdh_meth)
- return engine_table_register(&ecdh_table,
- engine_unregister_all_ECDH, e, &dummy_nid, 1, 0);
- return 1;
- }
+{
+ if (e->ecdh_meth)
+ return engine_table_register(&ecdh_table,
+ engine_unregister_all_ECDH, e,
+ &dummy_nid, 1, 0);
+ return 1;
+}
void ENGINE_register_all_ECDH()
- {
- ENGINE *e;
+{
+ ENGINE *e;
- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
- ENGINE_register_ECDH(e);
- }
+ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+ ENGINE_register_ECDH(e);
+}
int ENGINE_set_default_ECDH(ENGINE *e)
- {
- if(e->ecdh_meth)
- return engine_table_register(&ecdh_table,
- engine_unregister_all_ECDH, e, &dummy_nid, 1, 1);
- return 1;
- }
+{
+ if (e->ecdh_meth)
+ return engine_table_register(&ecdh_table,
+ engine_unregister_all_ECDH, e,
+ &dummy_nid, 1, 1);
+ return 1;
+}
-/* Exposed API function to get a functional reference from the implementation
+/*
+ * Exposed API function to get a functional reference from the implementation
* table (ie. try to get a functional reference from the tabled structural
- * references). */
+ * references).
+ */
ENGINE *ENGINE_get_default_ECDH(void)
- {
- return engine_table_select(&ecdh_table, dummy_nid);
- }
+{
+ return engine_table_select(&ecdh_table, dummy_nid);
+}
/* Obtains an ECDH implementation from an ENGINE functional reference */
const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e)
- {
- return e->ecdh_meth;
- }
+{
+ return e->ecdh_meth;
+}
/* Sets an ECDH implementation in an ENGINE structure */
int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth)
- {
- e->ecdh_meth = ecdh_meth;
- return 1;
- }
+{
+ e->ecdh_meth = ecdh_meth;
+ return 1;
+}
diff --git a/openssl/crypto/engine/tb_ecdsa.c b/openssl/crypto/engine/tb_ecdsa.c
index 005ecb622..a8b9be60d 100644
--- a/openssl/crypto/engine/tb_ecdsa.c
+++ b/openssl/crypto/engine/tb_ecdsa.c
@@ -6,7 +6,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -54,65 +54,71 @@
#include "eng_int.h"
-/* If this symbol is defined then ENGINE_get_default_ECDSA(), the function that is
- * used by ECDSA to hook in implementation code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'. */
+/*
+ * If this symbol is defined then ENGINE_get_default_ECDSA(), the function
+ * that is used by ECDSA to hook in implementation code and cache defaults
+ * (etc), will display brief debugging summaries to stderr with the 'nid'.
+ */
/* #define ENGINE_ECDSA_DEBUG */
static ENGINE_TABLE *ecdsa_table = NULL;
static const int dummy_nid = 1;
void ENGINE_unregister_ECDSA(ENGINE *e)
- {
- engine_table_unregister(&ecdsa_table, e);
- }
+{
+ engine_table_unregister(&ecdsa_table, e);
+}
static void engine_unregister_all_ECDSA(void)
- {
- engine_table_cleanup(&ecdsa_table);
- }
+{
+ engine_table_cleanup(&ecdsa_table);
+}
int ENGINE_register_ECDSA(ENGINE *e)
- {
- if(e->ecdsa_meth)
- return engine_table_register(&ecdsa_table,
- engine_unregister_all_ECDSA, e, &dummy_nid, 1, 0);
- return 1;
- }
+{
+ if (e->ecdsa_meth)
+ return engine_table_register(&ecdsa_table,
+ engine_unregister_all_ECDSA, e,
+ &dummy_nid, 1, 0);
+ return 1;
+}
void ENGINE_register_all_ECDSA()
- {
- ENGINE *e;
+{
+ ENGINE *e;
- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
- ENGINE_register_ECDSA(e);
- }
+ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+ ENGINE_register_ECDSA(e);
+}
int ENGINE_set_default_ECDSA(ENGINE *e)
- {
- if(e->ecdsa_meth)
- return engine_table_register(&ecdsa_table,
- engine_unregister_all_ECDSA, e, &dummy_nid, 1, 1);
- return 1;
- }
+{
+ if (e->ecdsa_meth)
+ return engine_table_register(&ecdsa_table,
+ engine_unregister_all_ECDSA, e,
+ &dummy_nid, 1, 1);
+ return 1;
+}
-/* Exposed API function to get a functional reference from the implementation
+/*
+ * Exposed API function to get a functional reference from the implementation
* table (ie. try to get a functional reference from the tabled structural
- * references). */
+ * references).
+ */
ENGINE *ENGINE_get_default_ECDSA(void)
- {
- return engine_table_select(&ecdsa_table, dummy_nid);
- }
+{
+ return engine_table_select(&ecdsa_table, dummy_nid);
+}
/* Obtains an ECDSA implementation from an ENGINE functional reference */
const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e)
- {
- return e->ecdsa_meth;
- }
+{
+ return e->ecdsa_meth;
+}
/* Sets an ECDSA implementation in an ENGINE structure */
int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth)
- {
- e->ecdsa_meth = ecdsa_meth;
- return 1;
- }
+{
+ e->ecdsa_meth = ecdsa_meth;
+ return 1;
+}
diff --git a/openssl/crypto/engine/tb_pkmeth.c b/openssl/crypto/engine/tb_pkmeth.c
index 1cdb967f2..29e65be1a 100644
--- a/openssl/crypto/engine/tb_pkmeth.c
+++ b/openssl/crypto/engine/tb_pkmeth.c
@@ -6,7 +6,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -55,113 +55,112 @@
#include "eng_int.h"
#include <openssl/evp.h>
-/* If this symbol is defined then ENGINE_get_pkey_meth_engine(), the function
- * that is used by EVP to hook in pkey_meth code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'. */
+/*
+ * If this symbol is defined then ENGINE_get_pkey_meth_engine(), the function
+ * that is used by EVP to hook in pkey_meth code and cache defaults (etc),
+ * will display brief debugging summaries to stderr with the 'nid'.
+ */
/* #define ENGINE_PKEY_METH_DEBUG */
static ENGINE_TABLE *pkey_meth_table = NULL;
void ENGINE_unregister_pkey_meths(ENGINE *e)
- {
- engine_table_unregister(&pkey_meth_table, e);
- }
+{
+ engine_table_unregister(&pkey_meth_table, e);
+}
static void engine_unregister_all_pkey_meths(void)
- {
- engine_table_cleanup(&pkey_meth_table);
- }
+{
+ engine_table_cleanup(&pkey_meth_table);
+}
int ENGINE_register_pkey_meths(ENGINE *e)
- {
- if(e->pkey_meths)
- {
- const int *nids;
- int num_nids = e->pkey_meths(e, NULL, &nids, 0);
- if(num_nids > 0)
- return engine_table_register(&pkey_meth_table,
- engine_unregister_all_pkey_meths, e, nids,
- num_nids, 0);
- }
- return 1;
- }
+{
+ if (e->pkey_meths) {
+ const int *nids;
+ int num_nids = e->pkey_meths(e, NULL, &nids, 0);
+ if (num_nids > 0)
+ return engine_table_register(&pkey_meth_table,
+ engine_unregister_all_pkey_meths, e,
+ nids, num_nids, 0);
+ }
+ return 1;
+}
void ENGINE_register_all_pkey_meths()
- {
- ENGINE *e;
+{
+ ENGINE *e;
- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
- ENGINE_register_pkey_meths(e);
- }
+ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+ ENGINE_register_pkey_meths(e);
+}
int ENGINE_set_default_pkey_meths(ENGINE *e)
- {
- if(e->pkey_meths)
- {
- const int *nids;
- int num_nids = e->pkey_meths(e, NULL, &nids, 0);
- if(num_nids > 0)
- return engine_table_register(&pkey_meth_table,
- engine_unregister_all_pkey_meths, e, nids,
- num_nids, 1);
- }
- return 1;
- }
+{
+ if (e->pkey_meths) {
+ const int *nids;
+ int num_nids = e->pkey_meths(e, NULL, &nids, 0);
+ if (num_nids > 0)
+ return engine_table_register(&pkey_meth_table,
+ engine_unregister_all_pkey_meths, e,
+ nids, num_nids, 1);
+ }
+ return 1;
+}
-/* Exposed API function to get a functional reference from the implementation
+/*
+ * Exposed API function to get a functional reference from the implementation
* table (ie. try to get a functional reference from the tabled structural
- * references) for a given pkey_meth 'nid' */
+ * references) for a given pkey_meth 'nid'
+ */
ENGINE *ENGINE_get_pkey_meth_engine(int nid)
- {
- return engine_table_select(&pkey_meth_table, nid);
- }
+{
+ return engine_table_select(&pkey_meth_table, nid);
+}
/* Obtains a pkey_meth implementation from an ENGINE functional reference */
const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid)
- {
- EVP_PKEY_METHOD *ret;
- ENGINE_PKEY_METHS_PTR fn = ENGINE_get_pkey_meths(e);
- if(!fn || !fn(e, &ret, NULL, nid))
- {
- ENGINEerr(ENGINE_F_ENGINE_GET_PKEY_METH,
- ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD);
- return NULL;
- }
- return ret;
- }
+{
+ EVP_PKEY_METHOD *ret;
+ ENGINE_PKEY_METHS_PTR fn = ENGINE_get_pkey_meths(e);
+ if (!fn || !fn(e, &ret, NULL, nid)) {
+ ENGINEerr(ENGINE_F_ENGINE_GET_PKEY_METH,
+ ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD);
+ return NULL;
+ }
+ return ret;
+}
/* Gets the pkey_meth callback from an ENGINE structure */
ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e)
- {
- return e->pkey_meths;
- }
+{
+ return e->pkey_meths;
+}
/* Sets the pkey_meth callback in an ENGINE structure */
int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f)
- {
- e->pkey_meths = f;
- return 1;
- }
+{
+ e->pkey_meths = f;
+ return 1;
+}
-/* Internal function to free up EVP_PKEY_METHOD structures before an
- * ENGINE is destroyed
+/*
+ * Internal function to free up EVP_PKEY_METHOD structures before an ENGINE
+ * is destroyed
*/
void engine_pkey_meths_free(ENGINE *e)
- {
- int i;
- EVP_PKEY_METHOD *pkm;
- if (e->pkey_meths)
- {
- const int *pknids;
- int npknids;
- npknids = e->pkey_meths(e, NULL, &pknids, 0);
- for (i = 0; i < npknids; i++)
- {
- if (e->pkey_meths(e, &pkm, NULL, pknids[i]))
- {
- EVP_PKEY_meth_free(pkm);
- }
- }
- }
- }
+{
+ int i;
+ EVP_PKEY_METHOD *pkm;
+ if (e->pkey_meths) {
+ const int *pknids;
+ int npknids;
+ npknids = e->pkey_meths(e, NULL, &pknids, 0);
+ for (i = 0; i < npknids; i++) {
+ if (e->pkey_meths(e, &pkm, NULL, pknids[i])) {
+ EVP_PKEY_meth_free(pkm);
+ }
+ }
+ }
+}
diff --git a/openssl/crypto/engine/tb_rand.c b/openssl/crypto/engine/tb_rand.c
index f36f67c0f..a522264d0 100644
--- a/openssl/crypto/engine/tb_rand.c
+++ b/openssl/crypto/engine/tb_rand.c
@@ -6,7 +6,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -54,65 +54,71 @@
#include "eng_int.h"
-/* If this symbol is defined then ENGINE_get_default_RAND(), the function that is
- * used by RAND to hook in implementation code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'. */
+/*
+ * If this symbol is defined then ENGINE_get_default_RAND(), the function
+ * that is used by RAND to hook in implementation code and cache defaults
+ * (etc), will display brief debugging summaries to stderr with the 'nid'.
+ */
/* #define ENGINE_RAND_DEBUG */
static ENGINE_TABLE *rand_table = NULL;
static const int dummy_nid = 1;
void ENGINE_unregister_RAND(ENGINE *e)
- {
- engine_table_unregister(&rand_table, e);
- }
+{
+ engine_table_unregister(&rand_table, e);
+}
static void engine_unregister_all_RAND(void)
- {
- engine_table_cleanup(&rand_table);
- }
+{
+ engine_table_cleanup(&rand_table);
+}
int ENGINE_register_RAND(ENGINE *e)
- {
- if(e->rand_meth)
- return engine_table_register(&rand_table,
- engine_unregister_all_RAND, e, &dummy_nid, 1, 0);
- return 1;
- }
+{
+ if (e->rand_meth)
+ return engine_table_register(&rand_table,
+ engine_unregister_all_RAND, e,
+ &dummy_nid, 1, 0);
+ return 1;
+}
void ENGINE_register_all_RAND()
- {
- ENGINE *e;
+{
+ ENGINE *e;
- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
- ENGINE_register_RAND(e);
- }
+ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+ ENGINE_register_RAND(e);
+}
int ENGINE_set_default_RAND(ENGINE *e)
- {
- if(e->rand_meth)
- return engine_table_register(&rand_table,
- engine_unregister_all_RAND, e, &dummy_nid, 1, 1);
- return 1;
- }
+{
+ if (e->rand_meth)
+ return engine_table_register(&rand_table,
+ engine_unregister_all_RAND, e,
+ &dummy_nid, 1, 1);
+ return 1;
+}
-/* Exposed API function to get a functional reference from the implementation
+/*
+ * Exposed API function to get a functional reference from the implementation
* table (ie. try to get a functional reference from the tabled structural
- * references). */
+ * references).
+ */
ENGINE *ENGINE_get_default_RAND(void)
- {
- return engine_table_select(&rand_table, dummy_nid);
- }
+{
+ return engine_table_select(&rand_table, dummy_nid);
+}
/* Obtains an RAND implementation from an ENGINE functional reference */
const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e)
- {
- return e->rand_meth;
- }
+{
+ return e->rand_meth;
+}
/* Sets an RAND implementation in an ENGINE structure */
int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth)
- {
- e->rand_meth = rand_meth;
- return 1;
- }
+{
+ e->rand_meth = rand_meth;
+ return 1;
+}
diff --git a/openssl/crypto/engine/tb_rsa.c b/openssl/crypto/engine/tb_rsa.c
index fbc707fd2..2790a8219 100644
--- a/openssl/crypto/engine/tb_rsa.c
+++ b/openssl/crypto/engine/tb_rsa.c
@@ -6,7 +6,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -54,65 +54,71 @@
#include "eng_int.h"
-/* If this symbol is defined then ENGINE_get_default_RSA(), the function that is
- * used by RSA to hook in implementation code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'. */
+/*
+ * If this symbol is defined then ENGINE_get_default_RSA(), the function that
+ * is used by RSA to hook in implementation code and cache defaults (etc),
+ * will display brief debugging summaries to stderr with the 'nid'.
+ */
/* #define ENGINE_RSA_DEBUG */
static ENGINE_TABLE *rsa_table = NULL;
static const int dummy_nid = 1;
void ENGINE_unregister_RSA(ENGINE *e)
- {
- engine_table_unregister(&rsa_table, e);
- }
+{
+ engine_table_unregister(&rsa_table, e);
+}
static void engine_unregister_all_RSA(void)
- {
- engine_table_cleanup(&rsa_table);
- }
+{
+ engine_table_cleanup(&rsa_table);
+}
int ENGINE_register_RSA(ENGINE *e)
- {
- if(e->rsa_meth)
- return engine_table_register(&rsa_table,
- engine_unregister_all_RSA, e, &dummy_nid, 1, 0);
- return 1;
- }
+{
+ if (e->rsa_meth)
+ return engine_table_register(&rsa_table,
+ engine_unregister_all_RSA, e, &dummy_nid,
+ 1, 0);
+ return 1;
+}
void ENGINE_register_all_RSA()
- {
- ENGINE *e;
+{
+ ENGINE *e;
- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
- ENGINE_register_RSA(e);
- }
+ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+ ENGINE_register_RSA(e);
+}
int ENGINE_set_default_RSA(ENGINE *e)
- {
- if(e->rsa_meth)
- return engine_table_register(&rsa_table,
- engine_unregister_all_RSA, e, &dummy_nid, 1, 1);
- return 1;
- }
+{
+ if (e->rsa_meth)
+ return engine_table_register(&rsa_table,
+ engine_unregister_all_RSA, e, &dummy_nid,
+ 1, 1);
+ return 1;
+}
-/* Exposed API function to get a functional reference from the implementation
+/*
+ * Exposed API function to get a functional reference from the implementation
* table (ie. try to get a functional reference from the tabled structural
- * references). */
+ * references).
+ */
ENGINE *ENGINE_get_default_RSA(void)
- {
- return engine_table_select(&rsa_table, dummy_nid);
- }
+{
+ return engine_table_select(&rsa_table, dummy_nid);
+}
/* Obtains an RSA implementation from an ENGINE functional reference */
const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e)
- {
- return e->rsa_meth;
- }
+{
+ return e->rsa_meth;
+}
/* Sets an RSA implementation in an ENGINE structure */
int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth)
- {
- e->rsa_meth = rsa_meth;
- return 1;
- }
+{
+ e->rsa_meth = rsa_meth;
+ return 1;
+}
diff --git a/openssl/crypto/engine/tb_store.c b/openssl/crypto/engine/tb_store.c
index 8cc435c93..1eab49d74 100644
--- a/openssl/crypto/engine/tb_store.c
+++ b/openssl/crypto/engine/tb_store.c
@@ -6,7 +6,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -54,70 +54,76 @@
#include "eng_int.h"
-/* If this symbol is defined then ENGINE_get_default_STORE(), the function that is
- * used by STORE to hook in implementation code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'. */
+/*
+ * If this symbol is defined then ENGINE_get_default_STORE(), the function
+ * that is used by STORE to hook in implementation code and cache defaults
+ * (etc), will display brief debugging summaries to stderr with the 'nid'.
+ */
/* #define ENGINE_STORE_DEBUG */
static ENGINE_TABLE *store_table = NULL;
static const int dummy_nid = 1;
void ENGINE_unregister_STORE(ENGINE *e)
- {
- engine_table_unregister(&store_table, e);
- }
+{
+ engine_table_unregister(&store_table, e);
+}
static void engine_unregister_all_STORE(void)
- {
- engine_table_cleanup(&store_table);
- }
+{
+ engine_table_cleanup(&store_table);
+}
int ENGINE_register_STORE(ENGINE *e)
- {
- if(e->store_meth)
- return engine_table_register(&store_table,
- engine_unregister_all_STORE, e, &dummy_nid, 1, 0);
- return 1;
- }
+{
+ if (e->store_meth)
+ return engine_table_register(&store_table,
+ engine_unregister_all_STORE, e,
+ &dummy_nid, 1, 0);
+ return 1;
+}
void ENGINE_register_all_STORE()
- {
- ENGINE *e;
+{
+ ENGINE *e;
- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
- ENGINE_register_STORE(e);
- }
+ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+ ENGINE_register_STORE(e);
+}
/* The following two functions are removed because they're useless. */
#if 0
int ENGINE_set_default_STORE(ENGINE *e)
- {
- if(e->store_meth)
- return engine_table_register(&store_table,
- engine_unregister_all_STORE, e, &dummy_nid, 1, 1);
- return 1;
- }
+{
+ if (e->store_meth)
+ return engine_table_register(&store_table,
+ engine_unregister_all_STORE, e,
+ &dummy_nid, 1, 1);
+ return 1;
+}
#endif
#if 0
-/* Exposed API function to get a functional reference from the implementation
+/*
+ * Exposed API function to get a functional reference from the implementation
* table (ie. try to get a functional reference from the tabled structural
- * references). */
+ * references).
+ */
ENGINE *ENGINE_get_default_STORE(void)
- {
- return engine_table_select(&store_table, dummy_nid);
- }
+{
+ return engine_table_select(&store_table, dummy_nid);
+}
#endif
/* Obtains an STORE implementation from an ENGINE functional reference */
const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e)
- {
- return e->store_meth;
- }
+{
+ return e->store_meth;
+}
/* Sets an STORE implementation in an ENGINE structure */
int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth)
- {
- e->store_meth = store_meth;
- return 1;
- }
+{
+ e->store_meth = store_meth;
+ return 1;
+}