summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/engine
diff options
context:
space:
mode:
authorcvs2svn <admin@example.com>2023-04-23 13:43:47 +0000
committercvs2svn <admin@example.com>2023-04-23 13:43:47 +0000
commite2496982472bdf233be95c5ea72d1c4dc6c91db3 (patch)
tree316488e5daf86864d8466bce0e5b000d85768378 /src/lib/libcrypto/engine
parent097d0cf840b9007212bcd2516ed5e18939e6da3d (diff)
downloadopenbsd-tb_20230422.tar.gz
openbsd-tb_20230422.tar.bz2
openbsd-tb_20230422.zip
This commit was manufactured by cvs2git to create tag 'tb_20230422'.tb_20230422
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/engine/README211
-rw-r--r--src/lib/libcrypto/engine/eng_aesni.c562
-rw-r--r--src/lib/libcrypto/engine/eng_all.c88
-rw-r--r--src/lib/libcrypto/engine/eng_cnf.c252
-rw-r--r--src/lib/libcrypto/engine/eng_ctrl.c379
-rw-r--r--src/lib/libcrypto/engine/eng_dyn.c64
-rw-r--r--src/lib/libcrypto/engine/eng_err.c129
-rw-r--r--src/lib/libcrypto/engine/eng_fat.c200
-rw-r--r--src/lib/libcrypto/engine/eng_init.c147
-rw-r--r--src/lib/libcrypto/engine/eng_int.h203
-rw-r--r--src/lib/libcrypto/engine/eng_lib.c365
-rw-r--r--src/lib/libcrypto/engine/eng_list.c387
-rw-r--r--src/lib/libcrypto/engine/eng_openssl.c407
-rw-r--r--src/lib/libcrypto/engine/eng_padlock.c1129
-rw-r--r--src/lib/libcrypto/engine/eng_padlock.ec1
-rw-r--r--src/lib/libcrypto/engine/eng_pkey.c184
-rw-r--r--src/lib/libcrypto/engine/eng_table.c354
-rw-r--r--src/lib/libcrypto/engine/engine.h807
-rw-r--r--src/lib/libcrypto/engine/tb_asnmth.c255
-rw-r--r--src/lib/libcrypto/engine/tb_cipher.c152
-rw-r--r--src/lib/libcrypto/engine/tb_dh.c127
-rw-r--r--src/lib/libcrypto/engine/tb_digest.c152
-rw-r--r--src/lib/libcrypto/engine/tb_dsa.c127
-rw-r--r--src/lib/libcrypto/engine/tb_ecdh.c141
-rw-r--r--src/lib/libcrypto/engine/tb_ecdsa.c127
-rw-r--r--src/lib/libcrypto/engine/tb_eckey.c124
-rw-r--r--src/lib/libcrypto/engine/tb_pkmeth.c175
-rw-r--r--src/lib/libcrypto/engine/tb_rand.c127
-rw-r--r--src/lib/libcrypto/engine/tb_rsa.c127
-rw-r--r--src/lib/libcrypto/engine/tb_store.c109
30 files changed, 0 insertions, 7612 deletions
diff --git a/src/lib/libcrypto/engine/README b/src/lib/libcrypto/engine/README
deleted file mode 100644
index bc4a9041ff..0000000000
--- a/src/lib/libcrypto/engine/README
+++ /dev/null
@@ -1,211 +0,0 @@
1Notes: 2001-09-24
2-----------------
3
4This "description" (if one chooses to call it that) needed some major updating
5so here goes. This update addresses a change being made at the same time to
6OpenSSL, and it pretty much completely restructures the underlying mechanics of
7the "ENGINE" code. So it serves a double purpose of being a "ENGINE internals
8for masochists" document *and* a rather extensive commit log message. (I'd get
9lynched for sticking all this in CHANGES or the commit mails :-).
10
11ENGINE_TABLE underlies this restructuring, as described in the internal header
12"eng_int.h", implemented in eng_table.c, and used in each of the "class" files;
13tb_rsa.c, tb_dsa.c, etc.
14
15However, "EVP_CIPHER" underlies the motivation and design of ENGINE_TABLE so
16I'll mention a bit about that first. EVP_CIPHER (and most of this applies
17equally to EVP_MD for digests) is both a "method" and a algorithm/mode
18identifier that, in the current API, "lingers". These cipher description +
19implementation structures can be defined or obtained directly by applications,
20or can be loaded "en masse" into EVP storage so that they can be catalogued and
21searched in various ways, ie. two ways of encrypting with the "des_cbc"
22algorithm/mode pair are;
23
24(i) directly;
25 const EVP_CIPHER *cipher = EVP_des_cbc();
26 EVP_EncryptInit(&ctx, cipher, key, iv);
27 [ ... use EVP_EncryptUpdate() and EVP_EncryptFinal() ...]
28
29(ii) indirectly;
30 OpenSSL_add_all_ciphers();
31 cipher = EVP_get_cipherbyname("des_cbc");
32 EVP_EncryptInit(&ctx, cipher, key, iv);
33 [ ... etc ... ]
34
35The latter is more generally used because it also allows ciphers/digests to be
36looked up based on other identifiers which can be useful for automatic cipher
37selection, eg. in SSL/TLS, or by user-controllable configuration.
38
39The important point about this is that EVP_CIPHER definitions and structures are
40passed around with impunity and there is no safe way, without requiring massive
41rewrites of many applications, to assume that EVP_CIPHERs can be reference
42counted. One an EVP_CIPHER is exposed to the caller, neither it nor anything it
43comes from can "safely" be destroyed. Unless of course the way of getting to
44such ciphers is via entirely distinct API calls that didn't exist before.
45However existing API usage cannot be made to understand when an EVP_CIPHER
46pointer, that has been passed to the caller, is no longer being used.
47
48The other problem with the existing API w.r.t. to hooking EVP_CIPHER support
49into ENGINE is storage - the OBJ_NAME-based storage used by EVP to register
50ciphers simultaneously registers cipher *types* and cipher *implementations* -
51they are effectively the same thing, an "EVP_CIPHER" pointer. The problem with
52hooking in ENGINEs is that multiple ENGINEs may implement the same ciphers. The
53solution is necessarily that ENGINE-provided ciphers simply are not registered,
54stored, or exposed to the caller in the same manner as existing ciphers. This is
55especially necessary considering the fact ENGINE uses reference counts to allow
56for cleanup, modularity, and DSO support - yet EVP_CIPHERs, as exposed to
57callers in the current API, support no such controls.
58
59Another sticking point for integrating cipher support into ENGINE is linkage.
60Already there is a problem with the way ENGINE supports RSA, DSA, etc whereby
61they are available *because* they're part of a giant ENGINE called "openssl".
62Ie. all implementations *have* to come from an ENGINE, but we get round that by
63having a giant ENGINE with all the software support encapsulated. This creates
64linker hassles if nothing else - linking a 1-line application that calls 2 basic
65RSA functions (eg. "RSA_free(RSA_new());") will result in large quantities of
66ENGINE code being linked in *and* because of that DSA, DH, and RAND also. If we
67continue with this approach for EVP_CIPHER support (even if it *was* possible)
68we would lose our ability to link selectively by selectively loading certain
69implementations of certain functionality. Touching any part of any kind of
70crypto would result in massive static linkage of everything else. So the
71solution is to change the way ENGINE feeds existing "classes", ie. how the
72hooking to ENGINE works from RSA, DSA, DH, RAND, as well as adding new hooking
73for EVP_CIPHER, and EVP_MD.
74
75The way this is now being done is by mostly reverting back to how things used to
76work prior to ENGINE :-). Ie. RSA now has a "RSA_METHOD" pointer again - this
77was previously replaced by an "ENGINE" pointer and all RSA code that required
78the RSA_METHOD would call ENGINE_get_RSA() each time on its ENGINE handle to
79temporarily get and use the ENGINE's RSA implementation. Apart from being more
80efficient, switching back to each RSA having an RSA_METHOD pointer also allows
81us to conceivably operate with *no* ENGINE. As we'll see, this removes any need
82for a fallback ENGINE that encapsulates default implementations - we can simply
83have our RSA structure pointing its RSA_METHOD pointer to the software
84implementation and have its ENGINE pointer set to NULL.
85
86A look at the EVP_CIPHER hooking is most explanatory, the RSA, DSA (etc) cases
87turn out to be degenerate forms of the same thing. The EVP storage of ciphers,
88and the existing EVP API functions that return "software" implementations and
89descriptions remain untouched. However, the storage takes more meaning in terms
90of "cipher description" and less meaning in terms of "implementation". When an
91EVP_CIPHER_CTX is actually initialised with an EVP_CIPHER method and is about to
92begin en/decryption, the hooking to ENGINE comes into play. What happens is that
93cipher-specific ENGINE code is asked for an ENGINE pointer (a functional
94reference) for any ENGINE that is registered to perform the algo/mode that the
95provided EVP_CIPHER structure represents. Under normal circumstances, that
96ENGINE code will return NULL because no ENGINEs will have had any cipher
97implementations *registered*. As such, a NULL ENGINE pointer is stored in the
98EVP_CIPHER_CTX context, and the EVP_CIPHER structure is left hooked into the
99context and so is used as the implementation. Pretty much how things work now
100except we'd have a redundant ENGINE pointer set to NULL and doing nothing.
101
102Conversely, if an ENGINE *has* been registered to perform the algorithm/mode
103combination represented by the provided EVP_CIPHER, then a functional reference
104to that ENGINE will be returned to the EVP_CIPHER_CTX during initialisation.
105That functional reference will be stored in the context (and released on
106cleanup) - and having that reference provides a *safe* way to use an EVP_CIPHER
107definition that is private to the ENGINE. Ie. the EVP_CIPHER provided by the
108application will actually be replaced by an EVP_CIPHER from the registered
109ENGINE - it will support the same algorithm/mode as the original but will be a
110completely different implementation. Because this EVP_CIPHER isn't stored in the
111EVP storage, nor is it returned to applications from traditional API functions,
112there is no associated problem with it not having reference counts. And of
113course, when one of these "private" cipher implementations is hooked into
114EVP_CIPHER_CTX, it is done whilst the EVP_CIPHER_CTX holds a functional
115reference to the ENGINE that owns it, thus the use of the ENGINE's EVP_CIPHER is
116safe.
117
118The "cipher-specific ENGINE code" I mentioned is implemented in tb_cipher.c but
119in essence it is simply an instantiation of "ENGINE_TABLE" code for use by
120EVP_CIPHER code. tb_digest.c is virtually identical but, of course, it is for
121use by EVP_MD code. Ditto for tb_rsa.c, tb_dsa.c, etc. These instantiations of
122ENGINE_TABLE essentially provide linker-separation of the classes so that even
123if ENGINEs implement *all* possible algorithms, an application using only
124EVP_CIPHER code will link at most code relating to EVP_CIPHER, tb_cipher.c, core
125ENGINE code that is independent of class, and of course the ENGINE
126implementation that the application loaded. It will *not* however link any
127class-specific ENGINE code for digests, RSA, etc nor will it bleed over into
128other APIs, such as the RSA/DSA/etc library code.
129
130ENGINE_TABLE is a little more complicated than may seem necessary but this is
131mostly to avoid a lot of "init()"-thrashing on ENGINEs (that may have to load
132DSOs, and other expensive setup that shouldn't be thrashed unnecessarily) *and*
133to duplicate "default" behaviour. Basically an ENGINE_TABLE instantiation, for
134example tb_cipher.c, implements a hash-table keyed by integer "nid" values.
135These nids provide the uniquenness of an algorithm/mode - and each nid will hash
136to a potentially NULL "ENGINE_PILE". An ENGINE_PILE is essentially a list of
137pointers to ENGINEs that implement that particular 'nid'. Each "pile" uses some
138caching tricks such that requests on that 'nid' will be cached and all future
139requests will return immediately (well, at least with minimal operation) unless
140a change is made to the pile, eg. perhaps an ENGINE was unloaded. The reason is
141that an application could have support for 10 ENGINEs statically linked
142in, and the machine in question may not have any of the hardware those 10
143ENGINEs support. If each of those ENGINEs has a "des_cbc" implementation, we
144want to avoid every EVP_CIPHER_CTX setup from trying (and failing) to initialise
145each of those 10 ENGINEs. Instead, the first such request will try to do that
146and will either return (and cache) a NULL ENGINE pointer or will return a
147functional reference to the first that successfully initialised. In the latter
148case it will also cache an extra functional reference to the ENGINE as a
149"default" for that 'nid'. The caching is acknowledged by a 'uptodate' variable
150that is unset only if un/registration takes place on that pile. Ie. if
151implementations of "des_cbc" are added or removed. This behaviour can be
152tweaked; the ENGINE_TABLE_FLAG_NOINIT value can be passed to
153ENGINE_set_table_flags(), in which case the only ENGINEs that tb_cipher.c will
154try to initialise from the "pile" will be those that are already initialised
155(ie. it's simply an increment of the functional reference count, and no real
156"initialisation" will take place).
157
158RSA, DSA, DH, and RAND all have their own ENGINE_TABLE code as well, and the
159difference is that they all use an implicit 'nid' of 1. Whereas EVP_CIPHERs are
160actually qualitatively different depending on 'nid' (the "des_cbc" EVP_CIPHER is
161not an interoperable implementation of "aes_256_cbc"), RSA_METHODs are
162necessarily interoperable and don't have different flavours, only different
163implementations. In other words, the ENGINE_TABLE for RSA will either be empty,
164or will have a single ENGING_PILE hashed to by the 'nid' 1 and that pile
165represents ENGINEs that implement the single "type" of RSA there is.
166
167Cleanup - the registration and unregistration may pose questions about how
168cleanup works with the ENGINE_PILE doing all this caching nonsense (ie. when the
169application or EVP_CIPHER code releases its last reference to an ENGINE, the
170ENGINE_PILE code may still have references and thus those ENGINEs will stay
171hooked in forever). The way this is handled is via "unregistration". With these
172new ENGINE changes, an abstract ENGINE can be loaded and initialised, but that
173is an algorithm-agnostic process. Even if initialised, it will not have
174registered any of its implementations (to do so would link all class "table"
175code despite the fact the application may use only ciphers, for example). This
176is deliberately a distinct step. Moreover, registration and unregistration has
177nothing to do with whether an ENGINE is *functional* or not (ie. you can even
178register an ENGINE and its implementations without it being operational, you may
179not even have the drivers to make it operate). What actually happens with
180respect to cleanup is managed inside eng_lib.c with the "engine_cleanup_***"
181functions. These functions are internal-only and each part of ENGINE code that
182could require cleanup will, upon performing its first allocation, register a
183callback with the "engine_cleanup" code. The other part of this that makes it
184tick is that the ENGINE_TABLE instantiations (tb_***.c) use NULL as their
185initialised state. So if RSA code asks for an ENGINE and no ENGINE has
186registered an implementation, the code will simply return NULL and the tb_rsa.c
187state will be unchanged. Thus, no cleanup is required unless registration takes
188place. ENGINE_cleanup() will simply iterate across a list of registered cleanup
189callbacks calling each in turn, and will then internally delete its own storage
190(a STACK). When a cleanup callback is next registered (eg. if the cleanup() is
191part of a graceful restart and the application wants to cleanup all state then
192start again), the internal STACK storage will be freshly allocated. This is much
193the same as the situation in the ENGINE_TABLE instantiations ... NULL is the
194initialised state, so only modification operations (not queries) will cause that
195code to have to register a cleanup.
196
197What else? The bignum callbacks and associated ENGINE functions have been
198removed for two obvious reasons; (i) there was no way to generalise them to the
199mechanism now used by RSA/DSA/..., because there's no such thing as a BIGNUM
200method, and (ii) because of (i), there was no meaningful way for library or
201application code to automatically hook and use ENGINE supplied bignum functions
202anyway. Also, ENGINE_cpy() has been removed (although an internal-only version
203exists) - the idea of providing an ENGINE_cpy() function probably wasn't a good
204one and now certainly doesn't make sense in any generalised way. Some of the
205RSA, DSA, DH, and RAND functions that were fiddled during the original ENGINE
206changes have now, as a consequence, been reverted back. This is because the
207hooking of ENGINE is now automatic (and passive, it can interally use a NULL
208ENGINE pointer to simply ignore ENGINE from then on).
209
210Hell, that should be enough for now ... comments welcome: geoff@openssl.org
211
diff --git a/src/lib/libcrypto/engine/eng_aesni.c b/src/lib/libcrypto/engine/eng_aesni.c
deleted file mode 100644
index cce4203bc4..0000000000
--- a/src/lib/libcrypto/engine/eng_aesni.c
+++ /dev/null
@@ -1,562 +0,0 @@
1/* $OpenBSD: eng_aesni.c,v 1.12 2022/12/26 07:18:51 jmc Exp $ */
2/*
3 * Support for Intel AES-NI instruction set
4 * Author: Huang Ying <ying.huang@intel.com>
5 *
6 * Intel AES-NI is a new set of Single Instruction Multiple Data
7 * (SIMD) instructions that are going to be introduced in the next
8 * generation of Intel processor, as of 2009. These instructions
9 * enable fast and secure data encryption and decryption, using the
10 * Advanced Encryption Standard (AES), defined by FIPS Publication
11 * number 197. The architecture introduces six instructions that
12 * offer full hardware support for AES. Four of them support high
13 * performance data encryption and decryption, and the other two
14 * instructions support the AES key expansion procedure.
15 *
16 * The white paper can be downloaded from:
17 * http://softwarecommunity.intel.com/isn/downloads/intelavx/AES-Instructions-Set_WP.pdf
18 *
19 * This file is based on engines/e_padlock.c
20 */
21
22/* ====================================================================
23 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
24 *
25 * Redistribution and use in source and binary forms, with or without
26 * modification, are permitted provided that the following conditions
27 * are met:
28 *
29 * 1. Redistributions of source code must retain the above copyright
30 * notice, this list of conditions and the following disclaimer.
31 *
32 * 2. Redistributions in binary form must reproduce the above copyright
33 * notice, this list of conditions and the following disclaimer in
34 * the documentation and/or other materials provided with the
35 * distribution.
36 *
37 * 3. All advertising materials mentioning features or use of this
38 * software must display the following acknowledgment:
39 * "This product includes software developed by the OpenSSL Project
40 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
41 *
42 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
43 * endorse or promote products derived from this software without
44 * prior written permission. For written permission, please contact
45 * licensing@OpenSSL.org.
46 *
47 * 5. Products derived from this software may not be called "OpenSSL"
48 * nor may "OpenSSL" appear in their names without prior written
49 * permission of the OpenSSL Project.
50 *
51 * 6. Redistributions of any form whatsoever must retain the following
52 * acknowledgment:
53 * "This product includes software developed by the OpenSSL Project
54 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
55 *
56 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
57 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
58 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
59 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
60 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
61 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
62 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
63 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
64 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
65 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
66 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
67 * OF THE POSSIBILITY OF SUCH DAMAGE.
68 * ====================================================================
69 *
70 * This product includes cryptographic software written by Eric Young
71 * (eay@cryptsoft.com). This product includes software written by Tim
72 * Hudson (tjh@cryptsoft.com).
73 *
74 */
75
76#include <stdio.h>
77
78#include <openssl/opensslconf.h>
79
80#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AES_NI) && !defined(OPENSSL_NO_AES)
81
82#include <openssl/aes.h>
83#include <openssl/dso.h>
84#include <openssl/engine.h>
85#include <openssl/err.h>
86#include <openssl/evp.h>
87
88/* AES-NI is available *ONLY* on some x86 CPUs. Not only that it
89 doesn't exist elsewhere, but it even can't be compiled on other
90 platforms! */
91#undef COMPILE_HW_AESNI
92#if (defined(__x86_64) || defined(__x86_64__) || \
93 defined(_M_AMD64) || defined(_M_X64) || \
94 defined(OPENSSL_IA32_SSE2)) && !defined(OPENSSL_NO_ASM) && !defined(__i386__)
95#define COMPILE_HW_AESNI
96#include "x86_arch.h"
97#endif
98static ENGINE *ENGINE_aesni(void);
99
100void ENGINE_load_aesni(void)
101{
102/* On non-x86 CPUs it just returns. */
103#ifdef COMPILE_HW_AESNI
104 ENGINE *toadd = ENGINE_aesni();
105 if (toadd == NULL)
106 return;
107 ENGINE_add(toadd);
108 ENGINE_register_complete(toadd);
109 ENGINE_free(toadd);
110 ERR_clear_error();
111#endif
112}
113
114#ifdef COMPILE_HW_AESNI
115int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
116 AES_KEY *key);
117int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
118 AES_KEY *key);
119
120void aesni_encrypt(const unsigned char *in, unsigned char *out,
121 const AES_KEY *key);
122void aesni_decrypt(const unsigned char *in, unsigned char *out,
123 const AES_KEY *key);
124
125void aesni_ecb_encrypt(const unsigned char *in, unsigned char *out,
126 size_t length, const AES_KEY *key, int enc);
127void aesni_cbc_encrypt(const unsigned char *in, unsigned char *out,
128 size_t length, const AES_KEY *key, unsigned char *ivec, int enc);
129
130/* Function for ENGINE detection and control */
131static int aesni_init(ENGINE *e);
132
133/* Cipher Stuff */
134static int aesni_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
135 const int **nids, int nid);
136
137#define AESNI_MIN_ALIGN 16
138#define AESNI_ALIGN(x) \
139 ((void *)(((unsigned long)(x)+AESNI_MIN_ALIGN-1)&~(AESNI_MIN_ALIGN-1)))
140
141/* Engine names */
142static const char aesni_id[] = "aesni",
143 aesni_name[] = "Intel AES-NI engine",
144 no_aesni_name[] = "Intel AES-NI engine (no-aesni)";
145
146
147/* The input and output encrypted as though 128bit cfb mode is being
148 * used. The extra state information to record how much of the
149 * 128bit block we have used is contained in *num;
150 */
151static void
152aesni_cfb128_encrypt(const unsigned char *in, unsigned char *out,
153 unsigned int len, const void *key, unsigned char ivec[16], int *num,
154 int enc)
155{
156 unsigned int n;
157 size_t l = 0;
158
159 n = *num;
160
161 if (enc) {
162#if !defined(OPENSSL_SMALL_FOOTPRINT)
163 if (16%sizeof(size_t) == 0) do { /* always true actually */
164 while (n && len) {
165 *(out++) = ivec[n] ^= *(in++);
166 --len;
167 n = (n + 1) % 16;
168 }
169 while (len >= 16) {
170 aesni_encrypt(ivec, ivec, key);
171 for (n = 0; n < 16; n += sizeof(size_t)) {
172 *(size_t*)(out + n) =
173 *(size_t*)(ivec + n) ^= *(size_t*)(in + n);
174 }
175 len -= 16;
176 out += 16;
177 in += 16;
178 }
179 n = 0;
180 if (len) {
181 aesni_encrypt(ivec, ivec, key);
182 while (len--) {
183 out[n] = ivec[n] ^= in[n];
184 ++n;
185 }
186 }
187 *num = n;
188 return;
189 } while (0);
190 /* the rest would be commonly eliminated by x86* compiler */
191#endif
192 while (l < len) {
193 if (n == 0) {
194 aesni_encrypt(ivec, ivec, key);
195 }
196 out[l] = ivec[n] ^= in[l];
197 ++l;
198 n = (n + 1) % 16;
199 }
200 *num = n;
201 } else {
202#if !defined(OPENSSL_SMALL_FOOTPRINT)
203 if (16%sizeof(size_t) == 0) do { /* always true actually */
204 while (n && len) {
205 unsigned char c;
206 *(out++) = ivec[n] ^ (c = *(in++));
207 ivec[n] = c;
208 --len;
209 n = (n + 1) % 16;
210 }
211 while (len >= 16) {
212 aesni_encrypt(ivec, ivec, key);
213 for (n = 0; n < 16; n += sizeof(size_t)) {
214 size_t t = *(size_t*)(in + n);
215 *(size_t*)(out + n) = *(size_t*)(ivec + n) ^ t;
216 *(size_t*)(ivec + n) = t;
217 }
218 len -= 16;
219 out += 16;
220 in += 16;
221 }
222 n = 0;
223 if (len) {
224 aesni_encrypt(ivec, ivec, key);
225 while (len--) {
226 unsigned char c;
227 out[n] = ivec[n] ^ (c = in[n]);
228 ivec[n] = c;
229 ++n;
230 }
231 }
232 *num = n;
233 return;
234 } while (0);
235 /* the rest would be commonly eliminated by x86* compiler */
236#endif
237 while (l < len) {
238 unsigned char c;
239 if (n == 0) {
240 aesni_encrypt(ivec, ivec, key);
241 }
242 out[l] = ivec[n] ^ (c = in[l]);
243 ivec[n] = c;
244 ++l;
245 n = (n + 1) % 16;
246 }
247 *num = n;
248 }
249}
250
251/* The input and output encrypted as though 128bit ofb mode is being
252 * used. The extra state information to record how much of the
253 * 128bit block we have used is contained in *num;
254 */
255static void
256aesni_ofb128_encrypt(const unsigned char *in, unsigned char *out,
257 unsigned int len, const void *key, unsigned char ivec[16], int *num)
258{
259 unsigned int n;
260 size_t l = 0;
261
262 n = *num;
263
264#if !defined(OPENSSL_SMALL_FOOTPRINT)
265 if (16%sizeof(size_t) == 0) do { /* always true actually */
266 while (n && len) {
267 *(out++) = *(in++) ^ ivec[n];
268 --len;
269 n = (n + 1) % 16;
270 }
271 while (len >= 16) {
272 aesni_encrypt(ivec, ivec, key);
273 for (n = 0; n < 16; n += sizeof(size_t))
274 *(size_t*)(out + n) =
275 *(size_t*)(in + n) ^ *(size_t*)(ivec + n);
276 len -= 16;
277 out += 16;
278 in += 16;
279 }
280 n = 0;
281 if (len) {
282 aesni_encrypt(ivec, ivec, key);
283 while (len--) {
284 out[n] = in[n] ^ ivec[n];
285 ++n;
286 }
287 }
288 *num = n;
289 return;
290 } while (0);
291 /* the rest would be commonly eliminated by x86* compiler */
292#endif
293 while (l < len) {
294 if (n == 0) {
295 aesni_encrypt(ivec, ivec, key);
296 }
297 out[l] = in[l] ^ ivec[n];
298 ++l;
299 n = (n + 1) % 16;
300 }
301
302 *num = n;
303}
304/* ===== Engine "management" functions ===== */
305
306/* Prepare the ENGINE structure for registration */
307static int
308aesni_bind_helper(ENGINE *e)
309{
310 int engage;
311
312 engage = (OPENSSL_cpu_caps() & CPUCAP_MASK_AESNI) != 0;
313
314 /* Register everything or return with an error */
315 if (!ENGINE_set_id(e, aesni_id) ||
316 !ENGINE_set_name(e, engage ? aesni_name : no_aesni_name) ||
317 !ENGINE_set_init_function(e, aesni_init) ||
318 (engage && !ENGINE_set_ciphers (e, aesni_ciphers)))
319 return 0;
320
321 /* Everything looks good */
322 return 1;
323}
324
325/* Constructor */
326static ENGINE *
327ENGINE_aesni(void)
328{
329 ENGINE *eng = ENGINE_new();
330
331 if (!eng) {
332 return NULL;
333 }
334
335 if (!aesni_bind_helper(eng)) {
336 ENGINE_free(eng);
337 return NULL;
338 }
339
340 return eng;
341}
342
343/* Check availability of the engine */
344static int
345aesni_init(ENGINE *e)
346{
347 return 1;
348}
349
350#if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb)
351#define NID_aes_128_cfb NID_aes_128_cfb128
352#endif
353
354#if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb)
355#define NID_aes_128_ofb NID_aes_128_ofb128
356#endif
357
358#if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb)
359#define NID_aes_192_cfb NID_aes_192_cfb128
360#endif
361
362#if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb)
363#define NID_aes_192_ofb NID_aes_192_ofb128
364#endif
365
366#if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb)
367#define NID_aes_256_cfb NID_aes_256_cfb128
368#endif
369
370#if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb)
371#define NID_aes_256_ofb NID_aes_256_ofb128
372#endif
373
374/* List of supported ciphers. */
375static int aesni_cipher_nids[] = {
376 NID_aes_128_ecb,
377 NID_aes_128_cbc,
378 NID_aes_128_cfb,
379 NID_aes_128_ofb,
380
381 NID_aes_192_ecb,
382 NID_aes_192_cbc,
383 NID_aes_192_cfb,
384 NID_aes_192_ofb,
385
386 NID_aes_256_ecb,
387 NID_aes_256_cbc,
388 NID_aes_256_cfb,
389 NID_aes_256_ofb,
390};
391static int aesni_cipher_nids_num =
392 (sizeof(aesni_cipher_nids) / sizeof(aesni_cipher_nids[0]));
393
394typedef struct {
395 AES_KEY ks;
396 unsigned int _pad1[3];
397} AESNI_KEY;
398
399static int
400aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *user_key,
401 const unsigned char *iv, int enc)
402{
403 int ret;
404 AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
405
406 if ((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CFB_MODE ||
407 (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_OFB_MODE ||
408 enc)
409 ret = aesni_set_encrypt_key(user_key, ctx->key_len * 8, key);
410 else
411 ret = aesni_set_decrypt_key(user_key, ctx->key_len * 8, key);
412
413 if (ret < 0) {
414 EVPerror(EVP_R_AES_KEY_SETUP_FAILED);
415 return 0;
416 }
417
418 return 1;
419}
420
421static int
422aesni_cipher_ecb(EVP_CIPHER_CTX *ctx, unsigned char *out,
423 const unsigned char *in, size_t inl)
424{
425 AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
426
427 aesni_ecb_encrypt(in, out, inl, key, ctx->encrypt);
428 return 1;
429}
430
431static int
432aesni_cipher_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out,
433 const unsigned char *in, size_t inl)
434{
435 AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
436
437 aesni_cbc_encrypt(in, out, inl, key, ctx->iv, ctx->encrypt);
438 return 1;
439}
440
441static int
442aesni_cipher_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out,
443 const unsigned char *in, size_t inl)
444{
445 AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
446
447 aesni_cfb128_encrypt(in, out, inl, key, ctx->iv, &ctx->num,
448 ctx->encrypt);
449 return 1;
450}
451
452static int
453aesni_cipher_ofb(EVP_CIPHER_CTX *ctx, unsigned char *out,
454 const unsigned char *in, size_t inl)
455{
456 AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
457
458 aesni_ofb128_encrypt(in, out, inl, key, ctx->iv, &ctx->num);
459 return 1;
460}
461
462#define AES_BLOCK_SIZE 16
463
464#define EVP_CIPHER_block_size_ECB AES_BLOCK_SIZE
465#define EVP_CIPHER_block_size_CBC AES_BLOCK_SIZE
466#define EVP_CIPHER_block_size_OFB 1
467#define EVP_CIPHER_block_size_CFB 1
468
469/* Declaring so many ciphers by hand would be a pain.
470 Instead introduce a bit of preprocessor magic :-) */
471#define DECLARE_AES_EVP(ksize,lmode,umode) \
472static const EVP_CIPHER aesni_##ksize##_##lmode = { \
473 NID_aes_##ksize##_##lmode, \
474 EVP_CIPHER_block_size_##umode, \
475 ksize / 8, \
476 AES_BLOCK_SIZE, \
477 0 | EVP_CIPH_##umode##_MODE, \
478 aesni_init_key, \
479 aesni_cipher_##lmode, \
480 NULL, \
481 sizeof(AESNI_KEY), \
482 EVP_CIPHER_set_asn1_iv, \
483 EVP_CIPHER_get_asn1_iv, \
484 NULL, \
485 NULL \
486}
487
488DECLARE_AES_EVP(128, ecb, ECB);
489DECLARE_AES_EVP(128, cbc, CBC);
490DECLARE_AES_EVP(128, cfb, CFB);
491DECLARE_AES_EVP(128, ofb, OFB);
492
493DECLARE_AES_EVP(192, ecb, ECB);
494DECLARE_AES_EVP(192, cbc, CBC);
495DECLARE_AES_EVP(192, cfb, CFB);
496DECLARE_AES_EVP(192, ofb, OFB);
497
498DECLARE_AES_EVP(256, ecb, ECB);
499DECLARE_AES_EVP(256, cbc, CBC);
500DECLARE_AES_EVP(256, cfb, CFB);
501DECLARE_AES_EVP(256, ofb, OFB);
502
503static int
504aesni_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid)
505{
506 /* No specific cipher => return a list of supported nids ... */
507 if (!cipher) {
508 *nids = aesni_cipher_nids;
509 return aesni_cipher_nids_num;
510 }
511
512 /* ... or the requested "cipher" otherwise */
513 switch (nid) {
514 case NID_aes_128_ecb:
515 *cipher = &aesni_128_ecb;
516 break;
517 case NID_aes_128_cbc:
518 *cipher = &aesni_128_cbc;
519 break;
520 case NID_aes_128_cfb:
521 *cipher = &aesni_128_cfb;
522 break;
523 case NID_aes_128_ofb:
524 *cipher = &aesni_128_ofb;
525 break;
526
527 case NID_aes_192_ecb:
528 *cipher = &aesni_192_ecb;
529 break;
530 case NID_aes_192_cbc:
531 *cipher = &aesni_192_cbc;
532 break;
533 case NID_aes_192_cfb:
534 *cipher = &aesni_192_cfb;
535 break;
536 case NID_aes_192_ofb:
537 *cipher = &aesni_192_ofb;
538 break;
539
540 case NID_aes_256_ecb:
541 *cipher = &aesni_256_ecb;
542 break;
543 case NID_aes_256_cbc:
544 *cipher = &aesni_256_cbc;
545 break;
546 case NID_aes_256_cfb:
547 *cipher = &aesni_256_cfb;
548 break;
549 case NID_aes_256_ofb:
550 *cipher = &aesni_256_ofb;
551 break;
552
553 default:
554 /* Sorry, we don't support this NID */
555 *cipher = NULL;
556 return 0;
557 }
558 return 1;
559}
560
561#endif /* COMPILE_HW_AESNI */
562#endif /* !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AESNI) && !defined(OPENSSL_NO_AES) */
diff --git a/src/lib/libcrypto/engine/eng_all.c b/src/lib/libcrypto/engine/eng_all.c
deleted file mode 100644
index 403ca6865d..0000000000
--- a/src/lib/libcrypto/engine/eng_all.c
+++ /dev/null
@@ -1,88 +0,0 @@
1/* $OpenBSD: eng_all.c,v 1.30 2018/03/17 16:20:01 beck Exp $ */
2/* Written by Richard Levitte <richard@levitte.org> for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <pthread.h>
60
61#include <openssl/opensslconf.h>
62
63#include "cryptlib.h"
64#include "eng_int.h"
65
66void
67ENGINE_load_builtin_engines_internal(void)
68{
69#ifndef OPENSSL_NO_STATIC_ENGINE
70#ifndef OPENSSL_NO_HW
71#ifndef OPENSSL_NO_HW_PADLOCK
72 ENGINE_load_padlock();
73#endif
74#endif
75#endif
76 ENGINE_register_all_complete();
77}
78
79void
80ENGINE_load_builtin_engines(void)
81{
82 static pthread_once_t once = PTHREAD_ONCE_INIT;
83
84 /* Prayer and clean living lets you ignore errors, OpenSSL style */
85 (void) OPENSSL_init_crypto(0, NULL);
86
87 (void) pthread_once(&once, ENGINE_load_builtin_engines_internal);
88}
diff --git a/src/lib/libcrypto/engine/eng_cnf.c b/src/lib/libcrypto/engine/eng_cnf.c
deleted file mode 100644
index 24358af8cd..0000000000
--- a/src/lib/libcrypto/engine/eng_cnf.c
+++ /dev/null
@@ -1,252 +0,0 @@
1/* $OpenBSD: eng_cnf.c,v 1.15 2018/04/14 07:18:37 tb Exp $ */
2/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
3 * project 2001.
4 */
5/* ====================================================================
6 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <string.h>
60
61#include <openssl/err.h>
62
63#include "eng_int.h"
64#include <openssl/conf.h>
65
66/* #define ENGINE_CONF_DEBUG */
67
68/* ENGINE config module */
69
70static char *
71skip_dot(char *name)
72{
73 char *p;
74
75 p = strchr(name, '.');
76 if (p)
77 return p + 1;
78 return name;
79}
80
81static STACK_OF(ENGINE) *initialized_engines = NULL;
82
83static int
84int_engine_init(ENGINE *e)
85{
86 if (!ENGINE_init(e))
87 return 0;
88 if (!initialized_engines)
89 initialized_engines = sk_ENGINE_new_null();
90 if (!initialized_engines || !sk_ENGINE_push(initialized_engines, e)) {
91 ENGINE_finish(e);
92 return 0;
93 }
94 return 1;
95}
96
97
98static int
99int_engine_configure(char *name, char *value, const CONF *cnf)
100{
101 int i;
102 int ret = 0;
103 long do_init = -1;
104 STACK_OF(CONF_VALUE) *ecmds;
105 CONF_VALUE *ecmd = NULL;
106 char *ctrlname, *ctrlvalue;
107 ENGINE *e = NULL;
108 int soft = 0;
109
110 name = skip_dot(name);
111#ifdef ENGINE_CONF_DEBUG
112 fprintf(stderr, "Configuring engine %s\n", name);
113#endif
114 /* Value is a section containing ENGINE commands */
115 ecmds = NCONF_get_section(cnf, value);
116
117 if (!ecmds) {
118 ENGINEerror(ENGINE_R_ENGINE_SECTION_ERROR);
119 return 0;
120 }
121
122 for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) {
123 ecmd = sk_CONF_VALUE_value(ecmds, i);
124 ctrlname = skip_dot(ecmd->name);
125 ctrlvalue = ecmd->value;
126#ifdef ENGINE_CONF_DEBUG
127 fprintf(stderr, "ENGINE conf: doing ctrl(%s,%s)\n",
128 ctrlname, ctrlvalue);
129#endif
130
131 /* First handle some special pseudo ctrls */
132
133 /* Override engine name to use */
134 if (!strcmp(ctrlname, "engine_id"))
135 name = ctrlvalue;
136 else if (!strcmp(ctrlname, "soft_load"))
137 soft = 1;
138 /* Load a dynamic ENGINE */
139 else if (!strcmp(ctrlname, "dynamic_path")) {
140 e = ENGINE_by_id("dynamic");
141 if (!e)
142 goto err;
143 if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", ctrlvalue, 0))
144 goto err;
145 if (!ENGINE_ctrl_cmd_string(e, "LIST_ADD", "2", 0))
146 goto err;
147 if (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
148 goto err;
149 }
150 /* ... add other pseudos here ... */
151 else {
152 /* At this point we need an ENGINE structural reference
153 * if we don't already have one.
154 */
155 if (!e) {
156 e = ENGINE_by_id(name);
157 if (!e && soft) {
158 ERR_clear_error();
159 return 1;
160 }
161 if (!e)
162 goto err;
163 }
164 /* Allow "EMPTY" to mean no value: this allows a valid
165 * "value" to be passed to ctrls of type NO_INPUT
166 */
167 if (!strcmp(ctrlvalue, "EMPTY"))
168 ctrlvalue = NULL;
169 if (!strcmp(ctrlname, "init")) {
170 if (!NCONF_get_number_e(cnf, value, "init",
171 &do_init))
172 goto err;
173 if (do_init == 1) {
174 if (!int_engine_init(e))
175 goto err;
176 } else if (do_init != 0) {
177 ENGINEerror(ENGINE_R_INVALID_INIT_VALUE);
178 goto err;
179 }
180 }
181 else if (!strcmp(ctrlname, "default_algorithms")) {
182 if (!ENGINE_set_default_string(e, ctrlvalue))
183 goto err;
184 } else if (!ENGINE_ctrl_cmd_string(e,
185 ctrlname, ctrlvalue, 0))
186 goto err;
187 }
188 }
189 if (e && (do_init == -1) && !int_engine_init(e)) {
190 ecmd = NULL;
191 goto err;
192 }
193 ret = 1;
194
195err:
196 if (ret != 1) {
197 ENGINEerror(ENGINE_R_ENGINE_CONFIGURATION_ERROR);
198 if (ecmd)
199 ERR_asprintf_error_data(
200 "section=%s, name=%s, value=%s",
201 ecmd->section, ecmd->name, ecmd->value);
202 }
203 ENGINE_free(e);
204 return ret;
205}
206
207
208static int
209int_engine_module_init(CONF_IMODULE *md, const CONF *cnf)
210{
211 STACK_OF(CONF_VALUE) *elist;
212 CONF_VALUE *cval;
213 int i;
214
215#ifdef ENGINE_CONF_DEBUG
216 fprintf(stderr, "Called engine module: name %s, value %s\n",
217 CONF_imodule_get_name(md), CONF_imodule_get_value(md));
218#endif
219 /* Value is a section containing ENGINEs to configure */
220 elist = NCONF_get_section(cnf, CONF_imodule_get_value(md));
221
222 if (!elist) {
223 ENGINEerror(ENGINE_R_ENGINES_SECTION_ERROR);
224 return 0;
225 }
226
227 for (i = 0; i < sk_CONF_VALUE_num(elist); i++) {
228 cval = sk_CONF_VALUE_value(elist, i);
229 if (!int_engine_configure(cval->name, cval->value, cnf))
230 return 0;
231 }
232
233 return 1;
234}
235
236static void
237int_engine_module_finish(CONF_IMODULE *md)
238{
239 ENGINE *e;
240
241 while ((e = sk_ENGINE_pop(initialized_engines)))
242 ENGINE_finish(e);
243 sk_ENGINE_free(initialized_engines);
244 initialized_engines = NULL;
245}
246
247void
248ENGINE_add_conf_module(void)
249{
250 CONF_module_add("engines", int_engine_module_init,
251 int_engine_module_finish);
252}
diff --git a/src/lib/libcrypto/engine/eng_ctrl.c b/src/lib/libcrypto/engine/eng_ctrl.c
deleted file mode 100644
index 1a3c25fbae..0000000000
--- a/src/lib/libcrypto/engine/eng_ctrl.c
+++ /dev/null
@@ -1,379 +0,0 @@
1/* $OpenBSD: eng_ctrl.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */
2/* ====================================================================
3 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include <string.h>
57
58#include <openssl/err.h>
59
60#include "eng_int.h"
61
62/* When querying a ENGINE-specific control command's 'description', this string
63 * is used if the ENGINE_CMD_DEFN has cmd_desc set to NULL. */
64static const char *int_no_description = "";
65
66/* These internal functions handle 'CMD'-related control commands when the
67 * ENGINE in question has asked us to take care of it (ie. the ENGINE did not
68 * set the ENGINE_FLAGS_MANUAL_CMD_CTRL flag. */
69
70static int
71int_ctrl_cmd_is_null(const ENGINE_CMD_DEFN *defn)
72{
73 if ((defn->cmd_num == 0) || (defn->cmd_name == NULL))
74 return 1;
75 return 0;
76}
77
78static int
79int_ctrl_cmd_by_name(const ENGINE_CMD_DEFN *defn, const char *s)
80{
81 int idx = 0;
82 while (!int_ctrl_cmd_is_null(defn) &&
83 (strcmp(defn->cmd_name, s) != 0)) {
84 idx++;
85 defn++;
86 }
87 if (int_ctrl_cmd_is_null(defn))
88 /* The given name wasn't found */
89 return -1;
90 return idx;
91}
92
93static int
94int_ctrl_cmd_by_num(const ENGINE_CMD_DEFN *defn, unsigned int num)
95{
96 int idx = 0;
97 /* NB: It is stipulated that 'cmd_defn' lists are ordered by cmd_num. So
98 * our searches don't need to take any longer than necessary. */
99 while (!int_ctrl_cmd_is_null(defn) && (defn->cmd_num < num)) {
100 idx++;
101 defn++;
102 }
103 if (defn->cmd_num == num)
104 return idx;
105 /* The given cmd_num wasn't found */
106 return -1;
107}
108
109static int
110int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
111{
112 int idx;
113 int ret;
114 char *s = (char *)p;
115
116 /* Take care of the easy one first (eg. it requires no searches) */
117 if (cmd == ENGINE_CTRL_GET_FIRST_CMD_TYPE) {
118 if ((e->cmd_defns == NULL) ||
119 int_ctrl_cmd_is_null(e->cmd_defns))
120 return 0;
121 return e->cmd_defns->cmd_num;
122 }
123 /* One or two commands require that "p" be a valid string buffer */
124 if ((cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) ||
125 (cmd == ENGINE_CTRL_GET_NAME_FROM_CMD) ||
126 (cmd == ENGINE_CTRL_GET_DESC_FROM_CMD)) {
127 if (s == NULL) {
128 ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
129 return -1;
130 }
131 }
132 /* Now handle cmd_name -> cmd_num conversion */
133 if (cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) {
134 if ((e->cmd_defns == NULL) ||
135 ((idx = int_ctrl_cmd_by_name(e->cmd_defns, s)) < 0)) {
136 ENGINEerror(ENGINE_R_INVALID_CMD_NAME);
137 return -1;
138 }
139 return e->cmd_defns[idx].cmd_num;
140 }
141 /* For the rest of the commands, the 'long' argument must specify a
142 * valie command number - so we need to conduct a search. */
143 if ((e->cmd_defns == NULL) ||
144 ((idx = int_ctrl_cmd_by_num(e->cmd_defns, (unsigned int)i)) < 0)) {
145 ENGINEerror(ENGINE_R_INVALID_CMD_NUMBER);
146 return -1;
147 }
148 /* Now the logic splits depending on command type */
149 switch (cmd) {
150 case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
151 idx++;
152 if (int_ctrl_cmd_is_null(e->cmd_defns + idx))
153 /* end-of-list */
154 return 0;
155 else
156 return e->cmd_defns[idx].cmd_num;
157 case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
158 return strlen(e->cmd_defns[idx].cmd_name);
159 case ENGINE_CTRL_GET_NAME_FROM_CMD:
160 ret = snprintf(s, strlen(e->cmd_defns[idx].cmd_name) + 1,
161 "%s", e->cmd_defns[idx].cmd_name);
162 if (ret >= (strlen(e->cmd_defns[idx].cmd_name) + 1))
163 ret = -1;
164 return ret;
165 case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
166 if (e->cmd_defns[idx].cmd_desc)
167 return strlen(e->cmd_defns[idx].cmd_desc);
168 return strlen(int_no_description);
169 case ENGINE_CTRL_GET_DESC_FROM_CMD:
170 if (e->cmd_defns[idx].cmd_desc) {
171 ret = snprintf(s,
172 strlen(e->cmd_defns[idx].cmd_desc) + 1,
173 "%s", e->cmd_defns[idx].cmd_desc);
174 if (ret >= strlen(e->cmd_defns[idx].cmd_desc) + 1)
175 ret = -1;
176 return ret;
177 }
178 ret = snprintf(s, strlen(int_no_description) + 1, "%s",
179 int_no_description);
180 if (ret >= strlen(int_no_description) + 1)
181 ret = -1;
182 return ret;
183 case ENGINE_CTRL_GET_CMD_FLAGS:
184 return e->cmd_defns[idx].cmd_flags;
185 }
186
187 /* Shouldn't really be here ... */
188 ENGINEerror(ENGINE_R_INTERNAL_LIST_ERROR);
189 return -1;
190}
191
192int
193ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
194{
195 int ctrl_exists, ref_exists;
196
197 if (e == NULL) {
198 ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
199 return 0;
200 }
201 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
202 ref_exists = ((e->struct_ref > 0) ? 1 : 0);
203 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
204 ctrl_exists = ((e->ctrl == NULL) ? 0 : 1);
205 if (!ref_exists) {
206 ENGINEerror(ENGINE_R_NO_REFERENCE);
207 return 0;
208 }
209 /* Intercept any "root-level" commands before trying to hand them on to
210 * ctrl() handlers. */
211 switch (cmd) {
212 case ENGINE_CTRL_HAS_CTRL_FUNCTION:
213 return ctrl_exists;
214 case ENGINE_CTRL_GET_FIRST_CMD_TYPE:
215 case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
216 case ENGINE_CTRL_GET_CMD_FROM_NAME:
217 case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
218 case ENGINE_CTRL_GET_NAME_FROM_CMD:
219 case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
220 case ENGINE_CTRL_GET_DESC_FROM_CMD:
221 case ENGINE_CTRL_GET_CMD_FLAGS:
222 if (ctrl_exists && !(e->flags & ENGINE_FLAGS_MANUAL_CMD_CTRL))
223 return int_ctrl_helper(e, cmd, i, p, f);
224 if (!ctrl_exists) {
225 ENGINEerror(ENGINE_R_NO_CONTROL_FUNCTION);
226 /* For these cmd-related functions, failure is indicated
227 * by a -1 return value (because 0 is used as a valid
228 * return in some places). */
229 return -1;
230 }
231 default:
232 break;
233 }
234 /* Anything else requires a ctrl() handler to exist. */
235 if (!ctrl_exists) {
236 ENGINEerror(ENGINE_R_NO_CONTROL_FUNCTION);
237 return 0;
238 }
239 return e->ctrl(e, cmd, i, p, f);
240}
241
242int
243ENGINE_cmd_is_executable(ENGINE *e, int cmd)
244{
245 int flags;
246
247 if ((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, cmd,
248 NULL, NULL)) < 0) {
249 ENGINEerror(ENGINE_R_INVALID_CMD_NUMBER);
250 return 0;
251 }
252 if (!(flags & ENGINE_CMD_FLAG_NO_INPUT) &&
253 !(flags & ENGINE_CMD_FLAG_NUMERIC) &&
254 !(flags & ENGINE_CMD_FLAG_STRING))
255 return 0;
256 return 1;
257}
258
259int
260ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, long i, void *p,
261 void (*f)(void), int cmd_optional)
262{
263 int num;
264
265 if ((e == NULL) || (cmd_name == NULL)) {
266 ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
267 return 0;
268 }
269 if ((e->ctrl == NULL) ||
270 ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FROM_NAME,
271 0, (void *)cmd_name, NULL)) <= 0)) {
272 /* If the command didn't *have* to be supported, we fake
273 * success. This allows certain settings to be specified for
274 * multiple ENGINEs and only require a change of ENGINE id
275 * (without having to selectively apply settings). Eg. changing
276 * from a hardware device back to the regular software ENGINE
277 * without editing the config file, etc. */
278 if (cmd_optional) {
279 ERR_clear_error();
280 return 1;
281 }
282 ENGINEerror(ENGINE_R_INVALID_CMD_NAME);
283 return 0;
284 }
285
286 /* Force the result of the control command to 0 or 1, for the reasons
287 * mentioned before. */
288 if (ENGINE_ctrl(e, num, i, p, f) > 0)
289 return 1;
290
291 return 0;
292}
293
294int
295ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
296 int cmd_optional)
297{
298 int num, flags;
299 long l;
300 char *ptr;
301
302 if ((e == NULL) || (cmd_name == NULL)) {
303 ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
304 return 0;
305 }
306 if ((e->ctrl == NULL) ||
307 ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FROM_NAME, 0,
308 (void *)cmd_name, NULL)) <= 0)) {
309 /* If the command didn't *have* to be supported, we fake
310 * success. This allows certain settings to be specified for
311 * multiple ENGINEs and only require a change of ENGINE id
312 * (without having to selectively apply settings). Eg. changing
313 * from a hardware device back to the regular software ENGINE
314 * without editing the config file, etc. */
315 if (cmd_optional) {
316 ERR_clear_error();
317 return 1;
318 }
319 ENGINEerror(ENGINE_R_INVALID_CMD_NAME);
320 return 0;
321 }
322 if (!ENGINE_cmd_is_executable(e, num)) {
323 ENGINEerror(ENGINE_R_CMD_NOT_EXECUTABLE);
324 return 0;
325 }
326 if ((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num,
327 NULL, NULL)) < 0) {
328 /* Shouldn't happen, given that ENGINE_cmd_is_executable()
329 * returned success. */
330 ENGINEerror(ENGINE_R_INTERNAL_LIST_ERROR);
331 return 0;
332 }
333 /* If the command takes no input, there must be no input. And vice
334 * versa. */
335 if (flags & ENGINE_CMD_FLAG_NO_INPUT) {
336 if (arg != NULL) {
337 ENGINEerror(ENGINE_R_COMMAND_TAKES_NO_INPUT);
338 return 0;
339 }
340 /* We deliberately force the result of ENGINE_ctrl() to 0 or 1
341 * rather than returning it as "return data". This is to ensure
342 * usage of these commands is consistent across applications and
343 * that certain applications don't understand it one way, and
344 * others another. */
345 if (ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
346 return 1;
347 return 0;
348 }
349 /* So, we require input */
350 if (arg == NULL) {
351 ENGINEerror(ENGINE_R_COMMAND_TAKES_INPUT);
352 return 0;
353 }
354 /* If it takes string input, that's easy */
355 if (flags & ENGINE_CMD_FLAG_STRING) {
356 /* Same explanation as above */
357 if (ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
358 return 1;
359 return 0;
360 }
361 /* If it doesn't take numeric either, then it is unsupported for use in
362 * a config-setting situation, which is what this function is for. This
363 * should never happen though, because ENGINE_cmd_is_executable() was
364 * used. */
365 if (!(flags & ENGINE_CMD_FLAG_NUMERIC)) {
366 ENGINEerror(ENGINE_R_INTERNAL_LIST_ERROR);
367 return 0;
368 }
369 l = strtol(arg, &ptr, 10);
370 if ((arg == ptr) || (*ptr != '\0')) {
371 ENGINEerror(ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER);
372 return 0;
373 }
374 /* Force the result of the control command to 0 or 1, for the reasons
375 * mentioned before. */
376 if (ENGINE_ctrl(e, num, l, NULL, NULL) > 0)
377 return 1;
378 return 0;
379}
diff --git a/src/lib/libcrypto/engine/eng_dyn.c b/src/lib/libcrypto/engine/eng_dyn.c
deleted file mode 100644
index 400ce72681..0000000000
--- a/src/lib/libcrypto/engine/eng_dyn.c
+++ /dev/null
@@ -1,64 +0,0 @@
1/* $OpenBSD: eng_dyn.c,v 1.14 2015/06/19 06:05:11 bcook Exp $ */
2/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
3 * project 2001.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <openssl/engine.h>
60
61void
62ENGINE_load_dynamic(void)
63{
64}
diff --git a/src/lib/libcrypto/engine/eng_err.c b/src/lib/libcrypto/engine/eng_err.c
deleted file mode 100644
index 5f86a41540..0000000000
--- a/src/lib/libcrypto/engine/eng_err.c
+++ /dev/null
@@ -1,129 +0,0 @@
1/* $OpenBSD: eng_err.c,v 1.12 2022/07/12 14:42:49 kn Exp $ */
2/* ====================================================================
3 * Copyright (c) 1999-2010 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include <stdio.h>
57
58#include <openssl/opensslconf.h>
59
60#include <openssl/err.h>
61#include <openssl/engine.h>
62
63#ifndef OPENSSL_NO_ERR
64
65#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ENGINE,func,0)
66#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ENGINE,0,reason)
67
68static ERR_STRING_DATA ENGINE_str_functs[] = {
69 {ERR_FUNC(0xfff), "CRYPTO_internal"},
70 {0, NULL}
71};
72
73static ERR_STRING_DATA ENGINE_str_reasons[] = {
74 {ERR_REASON(ENGINE_R_ALREADY_LOADED) , "already loaded"},
75 {ERR_REASON(ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER), "argument is not a number"},
76 {ERR_REASON(ENGINE_R_CMD_NOT_EXECUTABLE) , "cmd not executable"},
77 {ERR_REASON(ENGINE_R_COMMAND_TAKES_INPUT), "command takes input"},
78 {ERR_REASON(ENGINE_R_COMMAND_TAKES_NO_INPUT), "command takes no input"},
79 {ERR_REASON(ENGINE_R_CONFLICTING_ENGINE_ID), "conflicting engine id"},
80 {ERR_REASON(ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED), "ctrl command not implemented"},
81 {ERR_REASON(ENGINE_R_DH_NOT_IMPLEMENTED) , "dh not implemented"},
82 {ERR_REASON(ENGINE_R_DSA_NOT_IMPLEMENTED), "dsa not implemented"},
83 {ERR_REASON(ENGINE_R_DSO_FAILURE) , "DSO failure"},
84 {ERR_REASON(ENGINE_R_DSO_NOT_FOUND) , "dso not found"},
85 {ERR_REASON(ENGINE_R_ENGINES_SECTION_ERROR), "engines section error"},
86 {ERR_REASON(ENGINE_R_ENGINE_CONFIGURATION_ERROR), "engine configuration error"},
87 {ERR_REASON(ENGINE_R_ENGINE_IS_NOT_IN_LIST), "engine is not in the list"},
88 {ERR_REASON(ENGINE_R_ENGINE_SECTION_ERROR), "engine section error"},
89 {ERR_REASON(ENGINE_R_FAILED_LOADING_PRIVATE_KEY), "failed loading private key"},
90 {ERR_REASON(ENGINE_R_FAILED_LOADING_PUBLIC_KEY), "failed loading public key"},
91 {ERR_REASON(ENGINE_R_FINISH_FAILED) , "finish failed"},
92 {ERR_REASON(ENGINE_R_GET_HANDLE_FAILED) , "could not obtain hardware handle"},
93 {ERR_REASON(ENGINE_R_ID_OR_NAME_MISSING) , "'id' or 'name' missing"},
94 {ERR_REASON(ENGINE_R_INIT_FAILED) , "init failed"},
95 {ERR_REASON(ENGINE_R_INTERNAL_LIST_ERROR), "internal list error"},
96 {ERR_REASON(ENGINE_R_INVALID_ARGUMENT) , "invalid argument"},
97 {ERR_REASON(ENGINE_R_INVALID_CMD_NAME) , "invalid cmd name"},
98 {ERR_REASON(ENGINE_R_INVALID_CMD_NUMBER) , "invalid cmd number"},
99 {ERR_REASON(ENGINE_R_INVALID_INIT_VALUE) , "invalid init value"},
100 {ERR_REASON(ENGINE_R_INVALID_STRING) , "invalid string"},
101 {ERR_REASON(ENGINE_R_NOT_INITIALISED) , "not initialised"},
102 {ERR_REASON(ENGINE_R_NOT_LOADED) , "not loaded"},
103 {ERR_REASON(ENGINE_R_NO_CONTROL_FUNCTION), "no control function"},
104 {ERR_REASON(ENGINE_R_NO_INDEX) , "no index"},
105 {ERR_REASON(ENGINE_R_NO_LOAD_FUNCTION) , "no load function"},
106 {ERR_REASON(ENGINE_R_NO_REFERENCE) , "no reference"},
107 {ERR_REASON(ENGINE_R_NO_SUCH_ENGINE) , "no such engine"},
108 {ERR_REASON(ENGINE_R_NO_UNLOAD_FUNCTION) , "no unload function"},
109 {ERR_REASON(ENGINE_R_PROVIDE_PARAMETERS) , "provide parameters"},
110 {ERR_REASON(ENGINE_R_RSA_NOT_IMPLEMENTED), "rsa not implemented"},
111 {ERR_REASON(ENGINE_R_UNIMPLEMENTED_CIPHER), "unimplemented cipher"},
112 {ERR_REASON(ENGINE_R_UNIMPLEMENTED_DIGEST), "unimplemented digest"},
113 {ERR_REASON(ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD), "unimplemented public key method"},
114 {ERR_REASON(ENGINE_R_VERSION_INCOMPATIBILITY), "version incompatibility"},
115 {0, NULL}
116};
117
118#endif
119
120void
121ERR_load_ENGINE_strings(void)
122{
123#ifndef OPENSSL_NO_ERR
124 if (ERR_func_error_string(ENGINE_str_functs[0].error) == NULL) {
125 ERR_load_strings(0, ENGINE_str_functs);
126 ERR_load_strings(0, ENGINE_str_reasons);
127 }
128#endif
129}
diff --git a/src/lib/libcrypto/engine/eng_fat.c b/src/lib/libcrypto/engine/eng_fat.c
deleted file mode 100644
index baf1a54883..0000000000
--- a/src/lib/libcrypto/engine/eng_fat.c
+++ /dev/null
@@ -1,200 +0,0 @@
1/* $OpenBSD: eng_fat.c,v 1.17 2019/01/19 01:07:00 tb Exp $ */
2/* ====================================================================
3 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55/* ====================================================================
56 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
57 * ECDH support in OpenSSL originally developed by
58 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
59 */
60
61#include <string.h>
62
63#include <openssl/opensslconf.h>
64
65#include <openssl/err.h>
66#include "eng_int.h"
67#include <openssl/conf.h>
68
69int
70ENGINE_set_default(ENGINE *e, unsigned int flags)
71{
72 if ((flags & ENGINE_METHOD_CIPHERS) && !ENGINE_set_default_ciphers(e))
73 return 0;
74 if ((flags & ENGINE_METHOD_DIGESTS) && !ENGINE_set_default_digests(e))
75 return 0;
76#ifndef OPENSSL_NO_RSA
77 if ((flags & ENGINE_METHOD_RSA) && !ENGINE_set_default_RSA(e))
78 return 0;
79#endif
80#ifndef OPENSSL_NO_DSA
81 if ((flags & ENGINE_METHOD_DSA) && !ENGINE_set_default_DSA(e))
82 return 0;
83#endif
84#ifndef OPENSSL_NO_DH
85 if ((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e))
86 return 0;
87#endif
88#ifndef OPENSSL_NO_ECDH
89 if ((flags & ENGINE_METHOD_ECDH) && !ENGINE_set_default_ECDH(e))
90 return 0;
91#endif
92#ifndef OPENSSL_NO_ECDSA
93 if ((flags & ENGINE_METHOD_ECDSA) && !ENGINE_set_default_ECDSA(e))
94 return 0;
95#endif
96#ifndef OPENSSL_NO_EC
97 if ((flags & ENGINE_METHOD_EC) && !ENGINE_set_default_EC(e))
98 return 0;
99#endif
100 if ((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e))
101 return 0;
102 if ((flags & ENGINE_METHOD_PKEY_METHS) &&
103 !ENGINE_set_default_pkey_meths(e))
104 return 0;
105 if ((flags & ENGINE_METHOD_PKEY_ASN1_METHS) &&
106 !ENGINE_set_default_pkey_asn1_meths(e))
107 return 0;
108 return 1;
109}
110
111/* Set default algorithms using a string */
112
113static int
114int_def_cb(const char *alg, int len, void *arg)
115{
116 unsigned int *pflags = arg;
117
118 if (!strncmp(alg, "ALL", len))
119 *pflags |= ENGINE_METHOD_ALL;
120 else if (!strncmp(alg, "RSA", len))
121 *pflags |= ENGINE_METHOD_RSA;
122 else if (!strncmp(alg, "DSA", len))
123 *pflags |= ENGINE_METHOD_DSA;
124 else if (!strncmp(alg, "ECDH", len))
125 *pflags |= ENGINE_METHOD_ECDH;
126 else if (!strncmp(alg, "ECDSA", len))
127 *pflags |= ENGINE_METHOD_ECDSA;
128 else if (!strncmp(alg, "DH", len))
129 *pflags |= ENGINE_METHOD_DH;
130 else if (strncmp(alg, "EC", len) == 0)
131 *pflags |= ENGINE_METHOD_EC;
132 else if (!strncmp(alg, "RAND", len))
133 *pflags |= ENGINE_METHOD_RAND;
134 else if (!strncmp(alg, "CIPHERS", len))
135 *pflags |= ENGINE_METHOD_CIPHERS;
136 else if (!strncmp(alg, "DIGESTS", len))
137 *pflags |= ENGINE_METHOD_DIGESTS;
138 else if (!strncmp(alg, "PKEY", len))
139 *pflags |= ENGINE_METHOD_PKEY_METHS |
140 ENGINE_METHOD_PKEY_ASN1_METHS;
141 else if (!strncmp(alg, "PKEY_CRYPTO", len))
142 *pflags |= ENGINE_METHOD_PKEY_METHS;
143 else if (!strncmp(alg, "PKEY_ASN1", len))
144 *pflags |= ENGINE_METHOD_PKEY_ASN1_METHS;
145 else
146 return 0;
147 return 1;
148}
149
150int
151ENGINE_set_default_string(ENGINE *e, const char *def_list)
152{
153 unsigned int flags = 0;
154
155 if (!CONF_parse_list(def_list, ',', 1, int_def_cb, &flags)) {
156 ENGINEerror(ENGINE_R_INVALID_STRING);
157 ERR_asprintf_error_data("str=%s",def_list);
158 return 0;
159 }
160 return ENGINE_set_default(e, flags);
161}
162
163int
164ENGINE_register_complete(ENGINE *e)
165{
166 ENGINE_register_ciphers(e);
167 ENGINE_register_digests(e);
168#ifndef OPENSSL_NO_RSA
169 ENGINE_register_RSA(e);
170#endif
171#ifndef OPENSSL_NO_DSA
172 ENGINE_register_DSA(e);
173#endif
174#ifndef OPENSSL_NO_DH
175 ENGINE_register_DH(e);
176#endif
177#ifndef OPENSSL_NO_ECDH
178 ENGINE_register_ECDH(e);
179#endif
180#ifndef OPENSSL_NO_ECDSA
181 ENGINE_register_ECDSA(e);
182#endif
183#ifndef OPENSSL_NO_EC
184 ENGINE_register_EC(e);
185#endif
186 ENGINE_register_RAND(e);
187 ENGINE_register_pkey_meths(e);
188 return 1;
189}
190
191int
192ENGINE_register_all_complete(void)
193{
194 ENGINE *e;
195
196 for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
197 if (!(e->flags & ENGINE_FLAGS_NO_REGISTER_ALL))
198 ENGINE_register_complete(e);
199 return 1;
200}
diff --git a/src/lib/libcrypto/engine/eng_init.c b/src/lib/libcrypto/engine/eng_init.c
deleted file mode 100644
index 793adba8be..0000000000
--- a/src/lib/libcrypto/engine/eng_init.c
+++ /dev/null
@@ -1,147 +0,0 @@
1/* $OpenBSD: eng_init.c,v 1.9 2018/04/14 07:09:21 tb Exp $ */
2/* ====================================================================
3 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include <openssl/err.h>
57
58#include "eng_int.h"
59
60/* Initialise a engine type for use (or up its functional reference count
61 * if it's already in use). This version is only used internally. */
62int
63engine_unlocked_init(ENGINE *e)
64{
65 int to_return = 1;
66
67 if ((e->funct_ref == 0) && e->init)
68 /* This is the first functional reference and the engine
69 * requires initialisation so we do it now. */
70 to_return = e->init(e);
71 if (to_return) {
72 /* OK, we return a functional reference which is also a
73 * structural reference. */
74 e->struct_ref++;
75 e->funct_ref++;
76 engine_ref_debug(e, 0, 1)
77 engine_ref_debug(e, 1, 1)
78 }
79 return to_return;
80}
81
82/* Free a functional reference to a engine type. This version is only used
83 * internally. */
84int
85engine_unlocked_finish(ENGINE *e, int unlock_for_handlers)
86{
87 int to_return = 1;
88
89 /* Reduce the functional reference count here so if it's the terminating
90 * case, we can release the lock safely and call the finish() handler
91 * without risk of a race. We get a race if we leave the count until
92 * after and something else is calling "finish" at the same time -
93 * there's a chance that both threads will together take the count from
94 * 2 to 0 without either calling finish(). */
95 e->funct_ref--;
96 engine_ref_debug(e, 1, -1);
97 if ((e->funct_ref == 0) && e->finish) {
98 if (unlock_for_handlers)
99 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
100 to_return = e->finish(e);
101 if (unlock_for_handlers)
102 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
103 if (!to_return)
104 return 0;
105 }
106
107 /* Release the structural reference too */
108 if (!engine_free_util(e, 0)) {
109 ENGINEerror(ENGINE_R_FINISH_FAILED);
110 return 0;
111 }
112 return to_return;
113}
114
115/* The API (locked) version of "init" */
116int
117ENGINE_init(ENGINE *e)
118{
119 int ret;
120
121 if (e == NULL) {
122 ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
123 return 0;
124 }
125 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
126 ret = engine_unlocked_init(e);
127 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
128 return ret;
129}
130
131/* The API (locked) version of "finish" */
132int
133ENGINE_finish(ENGINE *e)
134{
135 int to_return = 1;
136
137 if (e == NULL)
138 return 1;
139 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
140 to_return = engine_unlocked_finish(e, 1);
141 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
142 if (!to_return) {
143 ENGINEerror(ENGINE_R_FINISH_FAILED);
144 return 0;
145 }
146 return to_return;
147}
diff --git a/src/lib/libcrypto/engine/eng_int.h b/src/lib/libcrypto/engine/eng_int.h
deleted file mode 100644
index 298c0e327f..0000000000
--- a/src/lib/libcrypto/engine/eng_int.h
+++ /dev/null
@@ -1,203 +0,0 @@
1/* $OpenBSD: eng_int.h,v 1.10 2019/01/19 01:07:00 tb Exp $ */
2/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58/* ====================================================================
59 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
60 * ECDH support in OpenSSL originally developed by
61 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
62 */
63
64#ifndef HEADER_ENGINE_INT_H
65#define HEADER_ENGINE_INT_H
66
67/* Take public definitions from engine.h */
68#include <openssl/engine.h>
69
70__BEGIN_HIDDEN_DECLS
71
72/* If we compile with this symbol defined, then both reference counts in the
73 * ENGINE structure will be monitored with a line of output on stderr for each
74 * change. This prints the engine's pointer address (truncated to unsigned int),
75 * "struct" or "funct" to indicate the reference type, the before and after
76 * reference count, and the file:line-number pair. The "engine_ref_debug"
77 * statements must come *after* the change. */
78#ifdef ENGINE_REF_COUNT_DEBUG
79
80#define engine_ref_debug(e, isfunct, diff) \
81 fprintf(stderr, "engine: %08x %s from %d to %d (%s:%d)\n", \
82 (unsigned int)(e), (isfunct ? "funct" : "struct"), \
83 ((isfunct) ? ((e)->funct_ref - (diff)) : ((e)->struct_ref - (diff))), \
84 ((isfunct) ? (e)->funct_ref : (e)->struct_ref), \
85 (__FILE__), (__LINE__));
86
87#else
88
89#define engine_ref_debug(e, isfunct, diff)
90
91#endif
92
93/* Any code that will need cleanup operations should use these functions to
94 * register callbacks. ENGINE_cleanup() will call all registered callbacks in
95 * order. NB: both the "add" functions assume CRYPTO_LOCK_ENGINE to already be
96 * held (in "write" mode). */
97typedef void (ENGINE_CLEANUP_CB)(void);
98typedef struct st_engine_cleanup_item {
99 ENGINE_CLEANUP_CB *cb;
100} ENGINE_CLEANUP_ITEM;
101DECLARE_STACK_OF(ENGINE_CLEANUP_ITEM)
102void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb);
103void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb);
104
105/* We need stacks of ENGINEs for use in eng_table.c */
106DECLARE_STACK_OF(ENGINE)
107
108/* If this symbol is defined then engine_table_select(), the function that is
109 * used by RSA, DSA (etc) code to select registered ENGINEs, cache defaults and
110 * functional references (etc), will display debugging summaries to stderr. */
111/* #define ENGINE_TABLE_DEBUG */
112
113/* This represents an implementation table. Dependent code should instantiate it
114 * as a (ENGINE_TABLE *) pointer value set initially to NULL. */
115typedef struct st_engine_table ENGINE_TABLE;
116int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
117 ENGINE *e, const int *nids, int num_nids, int setdefault);
118void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e);
119void engine_table_cleanup(ENGINE_TABLE **table);
120#ifndef ENGINE_TABLE_DEBUG
121ENGINE *engine_table_select(ENGINE_TABLE **table, int nid);
122#else
123ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f,
124 int l);
125#define engine_table_select(t,n) engine_table_select_tmp(t,n,__FILE__,__LINE__)
126#endif
127typedef void (engine_table_doall_cb)(int nid, STACK_OF(ENGINE) *sk,
128 ENGINE *def, void *arg);
129void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb,
130 void *arg);
131
132/* Internal versions of API functions that have control over locking. These are
133 * used between C files when functionality needs to be shared but the caller may
134 * already be controlling of the CRYPTO_LOCK_ENGINE lock. */
135int engine_unlocked_init(ENGINE *e);
136int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers);
137int engine_free_util(ENGINE *e, int locked);
138
139/* This function will reset all "set"able values in an ENGINE to NULL. This
140 * won't touch reference counts or ex_data, but is equivalent to calling all the
141 * ENGINE_set_***() functions with a NULL value. */
142void engine_set_all_null(ENGINE *e);
143
144/* NB: Bitwise OR-able values for the "flags" variable in ENGINE are now exposed
145 * in engine.h. */
146
147/* Free up dynamically allocated public key methods associated with ENGINE */
148
149void engine_pkey_meths_free(ENGINE *e);
150void engine_pkey_asn1_meths_free(ENGINE *e);
151
152/* This is a structure for storing implementations of various crypto
153 * algorithms and functions. */
154struct engine_st {
155 const char *id;
156 const char *name;
157 const RSA_METHOD *rsa_meth;
158 const DSA_METHOD *dsa_meth;
159 const DH_METHOD *dh_meth;
160 const ECDH_METHOD *ecdh_meth;
161 const ECDSA_METHOD *ecdsa_meth;
162 const EC_KEY_METHOD *ec_meth;
163 const RAND_METHOD *rand_meth;
164 const STORE_METHOD *store_meth;
165 /* Cipher handling is via this callback */
166 ENGINE_CIPHERS_PTR ciphers;
167 /* Digest handling is via this callback */
168 ENGINE_DIGESTS_PTR digests;
169 /* Public key handling via this callback */
170 ENGINE_PKEY_METHS_PTR pkey_meths;
171 /* ASN1 public key handling via this callback */
172 ENGINE_PKEY_ASN1_METHS_PTR pkey_asn1_meths;
173
174 ENGINE_GEN_INT_FUNC_PTR destroy;
175
176 ENGINE_GEN_INT_FUNC_PTR init;
177 ENGINE_GEN_INT_FUNC_PTR finish;
178 ENGINE_CTRL_FUNC_PTR ctrl;
179 ENGINE_LOAD_KEY_PTR load_privkey;
180 ENGINE_LOAD_KEY_PTR load_pubkey;
181
182 ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
183
184 const ENGINE_CMD_DEFN *cmd_defns;
185 int flags;
186 /* reference count on the structure itself */
187 int struct_ref;
188 /* reference count on usability of the engine type. NB: This
189 * controls the loading and initialisation of any functionlity
190 * required by this engine, whereas the previous count is
191 * simply to cope with (de)allocation of this structure. Hence,
192 * running_ref <= struct_ref at all times. */
193 int funct_ref;
194 /* A place to store per-ENGINE data */
195 CRYPTO_EX_DATA ex_data;
196 /* Used to maintain the linked-list of engines. */
197 struct engine_st *prev;
198 struct engine_st *next;
199};
200
201__END_HIDDEN_DECLS
202
203#endif /* HEADER_ENGINE_INT_H */
diff --git a/src/lib/libcrypto/engine/eng_lib.c b/src/lib/libcrypto/engine/eng_lib.c
deleted file mode 100644
index 1aedcb18c6..0000000000
--- a/src/lib/libcrypto/engine/eng_lib.c
+++ /dev/null
@@ -1,365 +0,0 @@
1/* $OpenBSD: eng_lib.c,v 1.14 2018/04/14 07:18:37 tb Exp $ */
2/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <string.h>
60
61#include <openssl/err.h>
62#include <openssl/rand.h>
63
64#include "eng_int.h"
65
66/* The "new"/"free" stuff first */
67
68ENGINE *
69ENGINE_new(void)
70{
71 ENGINE *ret;
72
73 if (!OPENSSL_init_crypto(0, NULL))
74 return NULL;
75
76 ret = malloc(sizeof(ENGINE));
77 if (ret == NULL) {
78 ENGINEerror(ERR_R_MALLOC_FAILURE);
79 return NULL;
80 }
81 memset(ret, 0, sizeof(ENGINE));
82 ret->struct_ref = 1;
83 engine_ref_debug(ret, 0, 1)
84 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data);
85 return ret;
86}
87
88/* Placed here (close proximity to ENGINE_new) so that modifications to the
89 * elements of the ENGINE structure are more likely to be caught and changed
90 * here. */
91void
92engine_set_all_null(ENGINE *e)
93{
94 e->id = NULL;
95 e->name = NULL;
96 e->rsa_meth = NULL;
97 e->dsa_meth = NULL;
98 e->dh_meth = NULL;
99 e->rand_meth = NULL;
100 e->store_meth = NULL;
101 e->ciphers = NULL;
102 e->digests = NULL;
103 e->destroy = NULL;
104 e->init = NULL;
105 e->finish = NULL;
106 e->ctrl = NULL;
107 e->load_privkey = NULL;
108 e->load_pubkey = NULL;
109 e->cmd_defns = NULL;
110 e->flags = 0;
111}
112
113int
114engine_free_util(ENGINE *e, int locked)
115{
116 int i;
117
118 if (e == NULL)
119 return 1;
120 if (locked)
121 i = CRYPTO_add(&e->struct_ref, -1, CRYPTO_LOCK_ENGINE);
122 else
123 i = --e->struct_ref;
124 engine_ref_debug(e, 0, -1)
125 if (i > 0)
126 return 1;
127
128 /* Free up any dynamically allocated public key methods */
129 engine_pkey_meths_free(e);
130 engine_pkey_asn1_meths_free(e);
131 /* Give the ENGINE a chance to do any structural cleanup corresponding
132 * to allocation it did in its constructor (eg. unload error strings) */
133 if (e->destroy)
134 e->destroy(e);
135 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data);
136 free(e);
137 return 1;
138}
139
140int
141ENGINE_free(ENGINE *e)
142{
143 return engine_free_util(e, 1);
144}
145
146/* Cleanup stuff */
147
148/* ENGINE_cleanup() is coded such that anything that does work that will need
149 * cleanup can register a "cleanup" callback here. That way we don't get linker
150 * bloat by referring to all *possible* cleanups, but any linker bloat into code
151 * "X" will cause X's cleanup function to end up here. */
152static STACK_OF(ENGINE_CLEANUP_ITEM) *cleanup_stack = NULL;
153static int
154int_cleanup_check(int create)
155{
156 if (cleanup_stack)
157 return 1;
158 if (!create)
159 return 0;
160 cleanup_stack = sk_ENGINE_CLEANUP_ITEM_new_null();
161 return (cleanup_stack ? 1 : 0);
162}
163
164static ENGINE_CLEANUP_ITEM *
165int_cleanup_item(ENGINE_CLEANUP_CB *cb)
166{
167 ENGINE_CLEANUP_ITEM *item = malloc(sizeof(ENGINE_CLEANUP_ITEM));
168
169 if (!item)
170 return NULL;
171 item->cb = cb;
172 return item;
173}
174
175void
176engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb)
177{
178 ENGINE_CLEANUP_ITEM *item;
179
180 if (!int_cleanup_check(1))
181 return;
182 item = int_cleanup_item(cb);
183 if (item)
184 sk_ENGINE_CLEANUP_ITEM_insert(cleanup_stack, item, 0);
185}
186
187void
188engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb)
189{
190 ENGINE_CLEANUP_ITEM *item;
191
192 if (!int_cleanup_check(1))
193 return;
194 item = int_cleanup_item(cb);
195 if (item)
196 sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item);
197}
198/* The API function that performs all cleanup */
199static void
200engine_cleanup_cb_free(ENGINE_CLEANUP_ITEM *item)
201{
202 (*(item->cb))();
203 free(item);
204}
205
206void
207ENGINE_cleanup(void)
208{
209 if (int_cleanup_check(0)) {
210 sk_ENGINE_CLEANUP_ITEM_pop_free(cleanup_stack,
211 engine_cleanup_cb_free);
212 cleanup_stack = NULL;
213 }
214 /* FIXME: This should be handled (somehow) through RAND, eg. by it
215 * registering a cleanup callback. */
216 RAND_set_rand_method(NULL);
217}
218
219/* Now the "ex_data" support */
220
221int
222ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
223 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
224{
225 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, argl, argp,
226 new_func, dup_func, free_func);
227}
228
229int
230ENGINE_set_ex_data(ENGINE *e, int idx, void *arg)
231{
232 return (CRYPTO_set_ex_data(&e->ex_data, idx, arg));
233}
234
235void *
236ENGINE_get_ex_data(const ENGINE *e, int idx)
237{
238 return (CRYPTO_get_ex_data(&e->ex_data, idx));
239}
240
241/* Functions to get/set an ENGINE's elements - mainly to avoid exposing the
242 * ENGINE structure itself. */
243
244int
245ENGINE_set_id(ENGINE *e, const char *id)
246{
247 if (id == NULL) {
248 ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
249 return 0;
250 }
251 e->id = id;
252 return 1;
253}
254
255int
256ENGINE_set_name(ENGINE *e, const char *name)
257{
258 if (name == NULL) {
259 ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
260 return 0;
261 }
262 e->name = name;
263 return 1;
264}
265
266int
267ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f)
268{
269 e->destroy = destroy_f;
270 return 1;
271}
272
273int
274ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f)
275{
276 e->init = init_f;
277 return 1;
278}
279
280int
281ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f)
282{
283 e->finish = finish_f;
284 return 1;
285}
286
287int
288ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f)
289{
290 e->ctrl = ctrl_f;
291 return 1;
292}
293
294int
295ENGINE_set_flags(ENGINE *e, int flags)
296{
297 e->flags = flags;
298 return 1;
299}
300
301int
302ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns)
303{
304 e->cmd_defns = defns;
305 return 1;
306}
307
308const char *
309ENGINE_get_id(const ENGINE *e)
310{
311 return e->id;
312}
313
314const char *
315ENGINE_get_name(const ENGINE *e)
316{
317 return e->name;
318}
319
320ENGINE_GEN_INT_FUNC_PTR
321ENGINE_get_destroy_function(const ENGINE *e)
322{
323 return e->destroy;
324}
325
326ENGINE_GEN_INT_FUNC_PTR
327ENGINE_get_init_function(const ENGINE *e)
328{
329 return e->init;
330}
331
332ENGINE_GEN_INT_FUNC_PTR
333ENGINE_get_finish_function(const ENGINE *e)
334{
335 return e->finish;
336}
337
338ENGINE_CTRL_FUNC_PTR
339ENGINE_get_ctrl_function(const ENGINE *e)
340{
341 return e->ctrl;
342}
343
344int
345ENGINE_get_flags(const ENGINE *e)
346{
347 return e->flags;
348}
349
350const ENGINE_CMD_DEFN *
351ENGINE_get_cmd_defns(const ENGINE *e)
352{
353 return e->cmd_defns;
354}
355
356/* eng_lib.o is pretty much linked into anything that touches ENGINE already, so
357 * put the "static_state" hack here. */
358
359static int internal_static_hack = 0;
360
361void *
362ENGINE_get_static_state(void)
363{
364 return &internal_static_hack;
365}
diff --git a/src/lib/libcrypto/engine/eng_list.c b/src/lib/libcrypto/engine/eng_list.c
deleted file mode 100644
index 451c8616ef..0000000000
--- a/src/lib/libcrypto/engine/eng_list.c
+++ /dev/null
@@ -1,387 +0,0 @@
1/* $OpenBSD: eng_list.c,v 1.25 2022/12/26 07:18:51 jmc Exp $ */
2/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58/* ====================================================================
59 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
60 * ECDH support in OpenSSL originally developed by
61 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
62 */
63
64#include <string.h>
65#include <unistd.h>
66
67#include <openssl/opensslconf.h>
68
69#include <openssl/err.h>
70
71#include "cryptlib.h"
72#include "eng_int.h"
73
74/* The linked-list of pointers to engine types. engine_list_head
75 * incorporates an implicit structural reference but engine_list_tail
76 * does not - the latter is a computational niceity and only points
77 * to something that is already pointed to by its predecessor in the
78 * list (or engine_list_head itself). In the same way, the use of the
79 * "prev" pointer in each ENGINE is to save excessive list iteration,
80 * it doesn't correspond to an extra structural reference. Hence,
81 * engine_list_head, and each non-null "next" pointer account for
82 * the list itself assuming exactly 1 structural reference on each
83 * list member. */
84static ENGINE *engine_list_head = NULL;
85static ENGINE *engine_list_tail = NULL;
86
87/* This cleanup function is only needed internally. If it should be called, we
88 * register it with the "ENGINE_cleanup()" stack to be called during cleanup. */
89
90static void
91engine_list_cleanup(void)
92{
93 ENGINE *iterator = engine_list_head;
94
95 while (iterator != NULL && ENGINE_remove(iterator))
96 iterator = engine_list_head;
97}
98
99/* These static functions starting with a lower case "engine_" always
100 * take place when CRYPTO_LOCK_ENGINE has been locked up. */
101static int
102engine_list_add(ENGINE *e)
103{
104 int conflict = 0;
105 ENGINE *iterator = NULL;
106
107 if (e == NULL) {
108 ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
109 return 0;
110 }
111 iterator = engine_list_head;
112 while (iterator && !conflict) {
113 conflict = (strcmp(iterator->id, e->id) == 0);
114 iterator = iterator->next;
115 }
116 if (conflict) {
117 ENGINEerror(ENGINE_R_CONFLICTING_ENGINE_ID);
118 return 0;
119 }
120 if (engine_list_head == NULL) {
121 /* We are adding to an empty list. */
122 if (engine_list_tail) {
123 ENGINEerror(ENGINE_R_INTERNAL_LIST_ERROR);
124 return 0;
125 }
126 engine_list_head = e;
127 e->prev = NULL;
128 /* The first time the list allocates, we should register the
129 * cleanup. */
130 engine_cleanup_add_last(engine_list_cleanup);
131 } else {
132 /* We are adding to the tail of an existing list. */
133 if ((engine_list_tail == NULL) ||
134 (engine_list_tail->next != NULL)) {
135 ENGINEerror(ENGINE_R_INTERNAL_LIST_ERROR);
136 return 0;
137 }
138 engine_list_tail->next = e;
139 e->prev = engine_list_tail;
140 }
141 /* Having the engine in the list assumes a structural
142 * reference. */
143 e->struct_ref++;
144 engine_ref_debug(e, 0, 1)
145 /* However it came to be, e is the last item in the list. */
146 engine_list_tail = e;
147 e->next = NULL;
148 return 1;
149}
150
151static int
152engine_list_remove(ENGINE *e)
153{
154 ENGINE *iterator;
155
156 if (e == NULL) {
157 ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
158 return 0;
159 }
160 /* We need to check that e is in our linked list! */
161 iterator = engine_list_head;
162 while (iterator && (iterator != e))
163 iterator = iterator->next;
164 if (iterator == NULL) {
165 ENGINEerror(ENGINE_R_ENGINE_IS_NOT_IN_LIST);
166 return 0;
167 }
168 /* un-link e from the chain. */
169 if (e->next)
170 e->next->prev = e->prev;
171 if (e->prev)
172 e->prev->next = e->next;
173 /* Correct our head/tail if necessary. */
174 if (engine_list_head == e)
175 engine_list_head = e->next;
176 if (engine_list_tail == e)
177 engine_list_tail = e->prev;
178 engine_free_util(e, 0);
179 return 1;
180}
181
182/* Get the first/last "ENGINE" type available. */
183ENGINE *
184ENGINE_get_first(void)
185{
186 ENGINE *ret;
187
188 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
189 ret = engine_list_head;
190 if (ret) {
191 ret->struct_ref++;
192 engine_ref_debug(ret, 0, 1)
193 }
194 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
195 return ret;
196}
197
198ENGINE *
199ENGINE_get_last(void)
200{
201 ENGINE *ret;
202
203 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
204 ret = engine_list_tail;
205 if (ret) {
206 ret->struct_ref++;
207 engine_ref_debug(ret, 0, 1)
208 }
209 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
210 return ret;
211}
212
213/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
214ENGINE *
215ENGINE_get_next(ENGINE *e)
216{
217 ENGINE *ret = NULL;
218
219 if (e == NULL) {
220 ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
221 return 0;
222 }
223 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
224 ret = e->next;
225 if (ret) {
226 /* Return a valid structural reference to the next ENGINE */
227 ret->struct_ref++;
228 engine_ref_debug(ret, 0, 1)
229 }
230 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
231 /* Release the structural reference to the previous ENGINE */
232 ENGINE_free(e);
233 return ret;
234}
235
236ENGINE *
237ENGINE_get_prev(ENGINE *e)
238{
239 ENGINE *ret = NULL;
240
241 if (e == NULL) {
242 ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
243 return 0;
244 }
245 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
246 ret = e->prev;
247 if (ret) {
248 /* Return a valid structural reference to the next ENGINE */
249 ret->struct_ref++;
250 engine_ref_debug(ret, 0, 1)
251 }
252 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
253 /* Release the structural reference to the previous ENGINE */
254 ENGINE_free(e);
255 return ret;
256}
257
258/* Add another "ENGINE" type into the list. */
259int
260ENGINE_add(ENGINE *e)
261{
262 int to_return = 1;
263
264 if (e == NULL) {
265 ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
266 return 0;
267 }
268 if ((e->id == NULL) || (e->name == NULL)) {
269 ENGINEerror(ENGINE_R_ID_OR_NAME_MISSING);
270 }
271 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
272 if (!engine_list_add(e)) {
273 ENGINEerror(ENGINE_R_INTERNAL_LIST_ERROR);
274 to_return = 0;
275 }
276 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
277 return to_return;
278}
279
280/* Remove an existing "ENGINE" type from the array. */
281int
282ENGINE_remove(ENGINE *e)
283{
284 int to_return = 1;
285
286 if (e == NULL) {
287 ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
288 return 0;
289 }
290 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
291 if (!engine_list_remove(e)) {
292 ENGINEerror(ENGINE_R_INTERNAL_LIST_ERROR);
293 to_return = 0;
294 }
295 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
296 return to_return;
297}
298
299static void
300engine_cpy(ENGINE *dest, const ENGINE *src)
301{
302 dest->id = src->id;
303 dest->name = src->name;
304#ifndef OPENSSL_NO_RSA
305 dest->rsa_meth = src->rsa_meth;
306#endif
307#ifndef OPENSSL_NO_DSA
308 dest->dsa_meth = src->dsa_meth;
309#endif
310#ifndef OPENSSL_NO_DH
311 dest->dh_meth = src->dh_meth;
312#endif
313#ifndef OPENSSL_NO_ECDH
314 dest->ecdh_meth = src->ecdh_meth;
315#endif
316#ifndef OPENSSL_NO_ECDSA
317 dest->ecdsa_meth = src->ecdsa_meth;
318#endif
319#ifndef OPENSSL_NO_EC
320 dest->ec_meth = src->ec_meth;
321#endif
322 dest->rand_meth = src->rand_meth;
323 dest->store_meth = src->store_meth;
324 dest->ciphers = src->ciphers;
325 dest->digests = src->digests;
326 dest->pkey_meths = src->pkey_meths;
327 dest->destroy = src->destroy;
328 dest->init = src->init;
329 dest->finish = src->finish;
330 dest->ctrl = src->ctrl;
331 dest->load_privkey = src->load_privkey;
332 dest->load_pubkey = src->load_pubkey;
333 dest->cmd_defns = src->cmd_defns;
334 dest->flags = src->flags;
335}
336
337ENGINE *
338ENGINE_by_id(const char *id)
339{
340 ENGINE *iterator;
341
342 if (id == NULL) {
343 ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
344 return NULL;
345 }
346 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
347 iterator = engine_list_head;
348 while (iterator && (strcmp(id, iterator->id) != 0))
349 iterator = iterator->next;
350 if (iterator) {
351 /* We need to return a structural reference. If this is an
352 * ENGINE type that returns copies, make a duplicate - otherwise
353 * increment the existing ENGINE's reference count. */
354 if (iterator->flags & ENGINE_FLAGS_BY_ID_COPY) {
355 ENGINE *cp = ENGINE_new();
356 if (!cp)
357 iterator = NULL;
358 else {
359 engine_cpy(cp, iterator);
360 iterator = cp;
361 }
362 } else {
363 iterator->struct_ref++;
364 engine_ref_debug(iterator, 0, 1)
365 }
366 }
367 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
368
369 if (iterator == NULL) {
370 ENGINEerror(ENGINE_R_NO_SUCH_ENGINE);
371 ERR_asprintf_error_data("id=%s", id);
372 }
373 return iterator;
374}
375
376int
377ENGINE_up_ref(ENGINE *e)
378{
379 int refs;
380
381 if (e == NULL) {
382 ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
383 return 0;
384 }
385 refs = CRYPTO_add(&e->struct_ref, 1, CRYPTO_LOCK_ENGINE);
386 return refs > 1 ? 1 : 0;
387}
diff --git a/src/lib/libcrypto/engine/eng_openssl.c b/src/lib/libcrypto/engine/eng_openssl.c
deleted file mode 100644
index c632279faa..0000000000
--- a/src/lib/libcrypto/engine/eng_openssl.c
+++ /dev/null
@@ -1,407 +0,0 @@
1/* $OpenBSD: eng_openssl.c,v 1.16 2022/11/26 16:08:52 tb Exp $ */
2/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58/* ====================================================================
59 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
60 * ECDH support in OpenSSL originally developed by
61 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
62 */
63
64#include <stdio.h>
65#include <string.h>
66
67#include <openssl/opensslconf.h>
68
69#include <openssl/crypto.h>
70#include <openssl/dso.h>
71#include <openssl/engine.h>
72#include <openssl/err.h>
73#include <openssl/evp.h>
74#include <openssl/pem.h>
75#include <openssl/rand.h>
76
77#ifndef OPENSSL_NO_DH
78#include <openssl/dh.h>
79#endif
80#ifndef OPENSSL_NO_DSA
81#include <openssl/dsa.h>
82#endif
83#ifndef OPENSSL_NO_RSA
84#include <openssl/rsa.h>
85#endif
86
87#include "evp_local.h"
88
89/* This testing gunk is implemented (and explained) lower down. It also assumes
90 * the application explicitly calls "ENGINE_load_openssl()" because this is no
91 * longer automatic in ENGINE_load_builtin_engines(). */
92#define TEST_ENG_OPENSSL_RC4
93#define TEST_ENG_OPENSSL_PKEY
94/* #define TEST_ENG_OPENSSL_RC4_OTHERS */
95#define TEST_ENG_OPENSSL_RC4_P_INIT
96/* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */
97#define TEST_ENG_OPENSSL_SHA
98/* #define TEST_ENG_OPENSSL_SHA_OTHERS */
99/* #define TEST_ENG_OPENSSL_SHA_P_INIT */
100/* #define TEST_ENG_OPENSSL_SHA_P_UPDATE */
101/* #define TEST_ENG_OPENSSL_SHA_P_FINAL */
102
103/* Now check what of those algorithms are actually enabled */
104#ifdef OPENSSL_NO_RC4
105#undef TEST_ENG_OPENSSL_RC4
106#undef TEST_ENG_OPENSSL_RC4_OTHERS
107#undef TEST_ENG_OPENSSL_RC4_P_INIT
108#undef TEST_ENG_OPENSSL_RC4_P_CIPHER
109#endif
110#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA1)
111#undef TEST_ENG_OPENSSL_SHA
112#undef TEST_ENG_OPENSSL_SHA_OTHERS
113#undef TEST_ENG_OPENSSL_SHA_P_INIT
114#undef TEST_ENG_OPENSSL_SHA_P_UPDATE
115#undef TEST_ENG_OPENSSL_SHA_P_FINAL
116#endif
117
118#ifdef TEST_ENG_OPENSSL_RC4
119static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
120 const int **nids, int nid);
121#endif
122#ifdef TEST_ENG_OPENSSL_SHA
123static int openssl_digests(ENGINE *e, const EVP_MD **digest,
124 const int **nids, int nid);
125#endif
126
127#ifdef TEST_ENG_OPENSSL_PKEY
128static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
129 UI_METHOD *ui_method, void *callback_data);
130#endif
131
132/* The constants used when creating the ENGINE */
133static const char *engine_openssl_id = "openssl";
134static const char *engine_openssl_name = "Software engine support";
135
136/* This internal function is used by ENGINE_openssl() and possibly by the
137 * "dynamic" ENGINE support too */
138static int
139bind_helper(ENGINE *e)
140{
141 if (!ENGINE_set_id(e, engine_openssl_id) ||
142 !ENGINE_set_name(e, engine_openssl_name)
143#ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS
144#ifndef OPENSSL_NO_RSA
145 || !ENGINE_set_RSA(e, RSA_get_default_method())
146#endif
147#ifndef OPENSSL_NO_DSA
148 || !ENGINE_set_DSA(e, DSA_get_default_method())
149#endif
150#ifndef OPENSSL_NO_ECDH
151 || !ENGINE_set_ECDH(e, ECDH_OpenSSL())
152#endif
153#ifndef OPENSSL_NO_ECDSA
154 || !ENGINE_set_ECDSA(e, ECDSA_OpenSSL())
155#endif
156#ifndef OPENSSL_NO_DH
157 || !ENGINE_set_DH(e, DH_get_default_method())
158#endif
159 || !ENGINE_set_RAND(e, RAND_SSLeay())
160#ifdef TEST_ENG_OPENSSL_RC4
161 || !ENGINE_set_ciphers(e, openssl_ciphers)
162#endif
163#ifdef TEST_ENG_OPENSSL_SHA
164 || !ENGINE_set_digests(e, openssl_digests)
165#endif
166#endif
167#ifdef TEST_ENG_OPENSSL_PKEY
168 || !ENGINE_set_load_privkey_function(e, openssl_load_privkey)
169#endif
170 )
171 return 0;
172 /* If we add errors to this ENGINE, ensure the error handling is setup here */
173 /* openssl_load_error_strings(); */
174 return 1;
175}
176
177static ENGINE *
178engine_openssl(void)
179{
180 ENGINE *ret = ENGINE_new();
181
182 if (ret == NULL)
183 return NULL;
184 if (!bind_helper(ret)) {
185 ENGINE_free(ret);
186 return NULL;
187 }
188 return ret;
189}
190
191void
192ENGINE_load_openssl(void)
193{
194 ENGINE *toadd = engine_openssl();
195
196 if (toadd == NULL)
197 return;
198 (void) ENGINE_add(toadd);
199 /* If the "add" worked, it gets a structural reference. So either way,
200 * we release our just-created reference. */
201 ENGINE_free(toadd);
202 ERR_clear_error();
203}
204
205/* This stuff is needed if this ENGINE is being compiled into a self-contained
206 * shared-library. */
207#ifdef ENGINE_DYNAMIC_SUPPORT
208static int
209bind_fn(ENGINE *e, const char *id)
210{
211 if (id && (strcmp(id, engine_openssl_id) != 0))
212 return 0;
213 if (!bind_helper(e))
214 return 0;
215 return 1;
216}
217IMPLEMENT_DYNAMIC_CHECK_FN()
218IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
219#endif /* ENGINE_DYNAMIC_SUPPORT */
220
221#ifdef TEST_ENG_OPENSSL_RC4
222/* This section of code compiles an "alternative implementation" of two modes of
223 * RC4 into this ENGINE. The result is that EVP_CIPHER operation for "rc4"
224 * should under normal circumstances go via this support rather than the default
225 * EVP support. There are other symbols to tweak the testing;
226 * TEST_ENC_OPENSSL_RC4_OTHERS - print a one line message to stderr each time
227 * we're asked for a cipher we don't support (should not happen).
228 * TEST_ENG_OPENSSL_RC4_P_INIT - print a one line message to stderr each time
229 * the "init_key" handler is called.
230 * TEST_ENG_OPENSSL_RC4_P_CIPHER - ditto for the "cipher" handler.
231 */
232#include <openssl/rc4.h>
233#define TEST_RC4_KEY_SIZE 16
234static int test_cipher_nids[] = {NID_rc4, NID_rc4_40};
235static int test_cipher_nids_number = 2;
236
237typedef struct {
238 unsigned char key[TEST_RC4_KEY_SIZE];
239 RC4_KEY ks;
240} TEST_RC4_KEY;
241
242#define test(ctx) ((TEST_RC4_KEY *)(ctx)->cipher_data)
243static int
244test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
245 const unsigned char *iv, int enc)
246{
247#ifdef TEST_ENG_OPENSSL_RC4_P_INIT
248 fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_init_key() called\n");
249#endif
250 memcpy(&test(ctx)->key[0], key, EVP_CIPHER_CTX_key_length(ctx));
251 RC4_set_key(&test(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx),
252 test(ctx)->key);
253 return 1;
254}
255
256static int
257test_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
258 const unsigned char *in, size_t inl)
259{
260#ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER
261 fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n");
262#endif
263 RC4(&test(ctx)->ks, inl, in, out);
264 return 1;
265}
266
267static const EVP_CIPHER test_r4_cipher = {
268 NID_rc4,
269 1, TEST_RC4_KEY_SIZE, 0,
270 EVP_CIPH_VARIABLE_LENGTH,
271 test_rc4_init_key,
272 test_rc4_cipher,
273 NULL,
274 sizeof(TEST_RC4_KEY),
275 NULL,
276 NULL,
277 NULL,
278 NULL
279};
280
281static const EVP_CIPHER test_r4_40_cipher = {
282 NID_rc4_40,
283 1,5 /* 40 bit */,0,
284 EVP_CIPH_VARIABLE_LENGTH,
285 test_rc4_init_key,
286 test_rc4_cipher,
287 NULL,
288 sizeof(TEST_RC4_KEY),
289 NULL,
290 NULL,
291 NULL,
292 NULL
293};
294
295static int
296openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid)
297{
298 if (!cipher) {
299 /* We are returning a list of supported nids */
300 *nids = test_cipher_nids;
301 return test_cipher_nids_number;
302 }
303 /* We are being asked for a specific cipher */
304 if (nid == NID_rc4)
305 *cipher = &test_r4_cipher;
306 else if (nid == NID_rc4_40)
307 *cipher = &test_r4_40_cipher;
308 else {
309#ifdef TEST_ENG_OPENSSL_RC4_OTHERS
310 fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) returning NULL for "
311 "nid %d\n", nid);
312#endif
313 *cipher = NULL;
314 return 0;
315 }
316 return 1;
317}
318#endif
319
320#ifdef TEST_ENG_OPENSSL_SHA
321/* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */
322#include <openssl/sha.h>
323static int test_digest_nids[] = {NID_sha1};
324static int test_digest_nids_number = 1;
325
326static int
327test_sha1_init(EVP_MD_CTX *ctx)
328{
329#ifdef TEST_ENG_OPENSSL_SHA_P_INIT
330 fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n");
331#endif
332 return SHA1_Init(ctx->md_data);
333}
334
335static int
336test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count)
337{
338#ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE
339 fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n");
340#endif
341 return SHA1_Update(ctx->md_data, data, count);
342}
343
344static int
345test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
346{
347#ifdef TEST_ENG_OPENSSL_SHA_P_FINAL
348 fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n");
349#endif
350 return SHA1_Final(md, ctx->md_data);
351}
352
353static const EVP_MD test_sha_md = {
354 .type = NID_sha1,
355 .pkey_type = NID_sha1WithRSAEncryption,
356 .md_size = SHA_DIGEST_LENGTH,
357 .flags = 0,
358 .init = test_sha1_init,
359 .update = test_sha1_update,
360 .final = test_sha1_final,
361 .copy = NULL,
362 .cleanup = NULL,
363 .block_size = SHA_CBLOCK,
364 .ctx_size = sizeof(EVP_MD *) + sizeof(SHA_CTX),
365};
366
367static int
368openssl_digests(ENGINE *e, const EVP_MD **digest, const int **nids, int nid)
369{
370 if (!digest) {
371 /* We are returning a list of supported nids */
372 *nids = test_digest_nids;
373 return test_digest_nids_number;
374 }
375 /* We are being asked for a specific digest */
376 if (nid == NID_sha1)
377 *digest = &test_sha_md;
378 else {
379#ifdef TEST_ENG_OPENSSL_SHA_OTHERS
380 fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for "
381 "nid %d\n", nid);
382#endif
383 *digest = NULL;
384 return 0;
385 }
386 return 1;
387}
388#endif
389
390#ifdef TEST_ENG_OPENSSL_PKEY
391static EVP_PKEY *
392openssl_load_privkey(ENGINE *eng, const char *key_id, UI_METHOD *ui_method,
393 void *callback_data)
394{
395 BIO *in;
396 EVP_PKEY *key;
397
398 fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n",
399 key_id);
400 in = BIO_new_file(key_id, "r");
401 if (!in)
402 return NULL;
403 key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL);
404 BIO_free(in);
405 return key;
406}
407#endif
diff --git a/src/lib/libcrypto/engine/eng_padlock.c b/src/lib/libcrypto/engine/eng_padlock.c
deleted file mode 100644
index 50b5fb780d..0000000000
--- a/src/lib/libcrypto/engine/eng_padlock.c
+++ /dev/null
@@ -1,1129 +0,0 @@
1/* $OpenBSD: eng_padlock.c,v 1.17 2022/12/26 07:18:51 jmc Exp $ */
2/*
3 * Support for VIA PadLock Advanced Cryptography Engine (ACE)
4 * Written by Michal Ludvig <michal@logix.cz>
5 * http://www.logix.cz/michal
6 *
7 * Big thanks to Andy Polyakov for a help with optimization,
8 * assembler fixes, port to MS Windows and a lot of other
9 * valuable work on this engine!
10 */
11
12/* ====================================================================
13 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
14 *
15 * Redistribution and use in source and binary forms, with or without
16 * modification, are permitted provided that the following conditions
17 * are met:
18 *
19 * 1. Redistributions of source code must retain the above copyright
20 * notice, this list of conditions and the following disclaimer.
21 *
22 * 2. Redistributions in binary form must reproduce the above copyright
23 * notice, this list of conditions and the following disclaimer in
24 * the documentation and/or other materials provided with the
25 * distribution.
26 *
27 * 3. All advertising materials mentioning features or use of this
28 * software must display the following acknowledgment:
29 * "This product includes software developed by the OpenSSL Project
30 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
31 *
32 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
33 * endorse or promote products derived from this software without
34 * prior written permission. For written permission, please contact
35 * licensing@OpenSSL.org.
36 *
37 * 5. Products derived from this software may not be called "OpenSSL"
38 * nor may "OpenSSL" appear in their names without prior written
39 * permission of the OpenSSL Project.
40 *
41 * 6. Redistributions of any form whatsoever must retain the following
42 * acknowledgment:
43 * "This product includes software developed by the OpenSSL Project
44 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
45 *
46 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
47 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
48 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
49 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
50 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
51 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
52 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
53 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
54 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
55 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
56 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
57 * OF THE POSSIBILITY OF SUCH DAMAGE.
58 * ====================================================================
59 *
60 * This product includes cryptographic software written by Eric Young
61 * (eay@cryptsoft.com). This product includes software written by Tim
62 * Hudson (tjh@cryptsoft.com).
63 *
64 */
65
66#include <stdio.h>
67#include <string.h>
68
69#include <openssl/opensslconf.h>
70
71#include <openssl/crypto.h>
72#include <openssl/dso.h>
73#include <openssl/engine.h>
74#include <openssl/evp.h>
75#ifndef OPENSSL_NO_AES
76#include <openssl/aes.h>
77#endif
78#include <openssl/err.h>
79
80#ifndef OPENSSL_NO_HW
81#ifndef OPENSSL_NO_HW_PADLOCK
82
83/* Attempt to have a single source for both 0.9.7 and 0.9.8 :-) */
84#if (OPENSSL_VERSION_NUMBER >= 0x00908000L)
85# ifndef OPENSSL_NO_DYNAMIC_ENGINE
86# define DYNAMIC_ENGINE
87# endif
88#elif (OPENSSL_VERSION_NUMBER >= 0x00907000L)
89# ifdef ENGINE_DYNAMIC_SUPPORT
90# define DYNAMIC_ENGINE
91# endif
92#else
93# error "Only OpenSSL >= 0.9.7 is supported"
94#endif
95
96/* VIA PadLock AES is available *ONLY* on some x86 CPUs.
97 Not only that it doesn't exist elsewhere, but it
98 even can't be compiled on other platforms!
99
100 In addition, because of the heavy use of inline assembler,
101 compiler choice is limited to GCC and Microsoft C. */
102#undef COMPILE_HW_PADLOCK
103#if !defined(OPENSSL_NO_INLINE_ASM)
104# if (defined(__GNUC__) && (defined(__i386__) || defined(__i386)))
105# define COMPILE_HW_PADLOCK
106# endif
107#endif
108
109#ifdef OPENSSL_NO_DYNAMIC_ENGINE
110#ifdef COMPILE_HW_PADLOCK
111static ENGINE *ENGINE_padlock(void);
112#endif
113
114void
115ENGINE_load_padlock(void)
116{
117/* On non-x86 CPUs it just returns. */
118#ifdef COMPILE_HW_PADLOCK
119 ENGINE *toadd = ENGINE_padlock();
120
121 if (toadd == NULL)
122 return;
123 ENGINE_add(toadd);
124 ENGINE_free(toadd);
125 ERR_clear_error();
126#endif
127}
128
129#endif
130
131#ifdef COMPILE_HW_PADLOCK
132/* We do these includes here to avoid header problems on platforms that
133 do not have the VIA padlock anyway... */
134#include <stdlib.h>
135#if defined(__GNUC__)
136# ifndef alloca
137# define alloca(s) __builtin_alloca(s)
138# endif
139#endif
140
141/* Function for ENGINE detection and control */
142static int padlock_available(void);
143static int padlock_init(ENGINE *e);
144
145/* RNG Stuff */
146static RAND_METHOD padlock_rand;
147
148/* Cipher Stuff */
149#ifndef OPENSSL_NO_AES
150static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
151#endif
152
153/* Engine names */
154static const char *padlock_id = "padlock";
155static char padlock_name[100];
156
157/* Available features */
158static int padlock_use_ace = 0; /* Advanced Cryptography Engine */
159static int padlock_use_rng = 0; /* Random Number Generator */
160#ifndef OPENSSL_NO_AES
161static int padlock_aes_align_required = 1;
162#endif
163
164/* ===== Engine "management" functions ===== */
165
166/* Prepare the ENGINE structure for registration */
167static int
168padlock_bind_helper(ENGINE *e)
169{
170 /* Check available features */
171 padlock_available();
172
173 /*
174 * RNG is currently disabled for reasons discussed in commentary just
175 * before padlock_rand_bytes function.
176 */
177 padlock_use_rng = 0;
178
179 /* Generate a nice engine name with available features */
180 (void) snprintf(padlock_name, sizeof(padlock_name),
181 "VIA PadLock (%s, %s)",
182 padlock_use_rng ? "RNG" : "no-RNG",
183 padlock_use_ace ? "ACE" : "no-ACE");
184
185 /* Register everything or return with an error */
186 if (!ENGINE_set_id(e, padlock_id) ||
187 !ENGINE_set_name(e, padlock_name) ||
188 !ENGINE_set_init_function(e, padlock_init) ||
189#ifndef OPENSSL_NO_AES
190 (padlock_use_ace && !ENGINE_set_ciphers (e, padlock_ciphers)) ||
191#endif
192 (padlock_use_rng && !ENGINE_set_RAND (e, &padlock_rand))) {
193 return 0;
194 }
195
196 /* Everything looks good */
197 return 1;
198}
199
200#ifdef OPENSSL_NO_DYNAMIC_ENGINE
201
202/* Constructor */
203static ENGINE *
204ENGINE_padlock(void)
205{
206 ENGINE *eng = ENGINE_new();
207
208 if (eng == NULL)
209 return NULL;
210
211 if (!padlock_bind_helper(eng)) {
212 ENGINE_free(eng);
213 return NULL;
214 }
215
216 return eng;
217}
218
219#endif
220
221/* Check availability of the engine */
222static int
223padlock_init(ENGINE *e)
224{
225 return (padlock_use_rng || padlock_use_ace);
226}
227
228/* This stuff is needed if this ENGINE is being compiled into a self-contained
229 * shared-library.
230 */
231#ifdef DYNAMIC_ENGINE
232static int
233padlock_bind_fn(ENGINE *e, const char *id)
234{
235 if (id && (strcmp(id, padlock_id) != 0)) {
236 return 0;
237 }
238
239 if (!padlock_bind_helper(e)) {
240 return 0;
241 }
242
243 return 1;
244}
245
246IMPLEMENT_DYNAMIC_CHECK_FN()
247IMPLEMENT_DYNAMIC_BIND_FN (padlock_bind_fn)
248#endif /* DYNAMIC_ENGINE */
249
250/* ===== Here comes the "real" engine ===== */
251
252#ifndef OPENSSL_NO_AES
253/* Some AES-related constants */
254#define AES_BLOCK_SIZE 16
255#define AES_KEY_SIZE_128 16
256#define AES_KEY_SIZE_192 24
257#define AES_KEY_SIZE_256 32
258
259/* Here we store the status information relevant to the
260 current context. */
261/* BIG FAT WARNING:
262 * Inline assembler in PADLOCK_XCRYPT_ASM()
263 * depends on the order of items in this structure.
264 * Don't blindly modify, reorder, etc!
265 */
266struct padlock_cipher_data {
267 unsigned char iv[AES_BLOCK_SIZE]; /* Initialization vector */
268 union {
269 unsigned int pad[4];
270 struct {
271 int rounds : 4;
272 int dgst : 1; /* n/a in C3 */
273 int align : 1; /* n/a in C3 */
274 int ciphr : 1; /* n/a in C3 */
275 unsigned int keygen : 1;
276 int interm : 1;
277 unsigned int encdec : 1;
278 int ksize : 2;
279 } b;
280 } cword; /* Control word */
281 AES_KEY ks; /* Encryption key */
282};
283
284/*
285 * Essentially this variable belongs in thread local storage.
286 * Having this variable global on the other hand can only cause
287 * few bogus key reloads [if any at all on single-CPU system],
288 * so we accept the penalty...
289 */
290static volatile struct padlock_cipher_data *padlock_saved_context;
291#endif
292
293/*
294 * =======================================================
295 * Inline assembler section(s).
296 * =======================================================
297 * Order of arguments is chosen to facilitate Windows port
298 * using __fastcall calling convention. If you wish to add
299 * more routines, keep in mind that first __fastcall
300 * argument is passed in %ecx and second - in %edx.
301 * =======================================================
302 */
303#if defined(__GNUC__) && __GNUC__>=2
304/*
305 * As for excessive "push %ebx"/"pop %ebx" found all over.
306 * When generating position-independent code GCC won't let
307 * us use "b" in assembler templates nor even respect "ebx"
308 * in "clobber description." Therefore the trouble...
309 */
310
311/* Helper function - check if a CPUID instruction
312 is available on this CPU */
313static int
314padlock_insn_cpuid_available(void)
315{
316 int result = -1;
317
318 /* We're checking if the bit #21 of EFLAGS
319 can be toggled. If yes = CPUID is available. */
320 asm volatile (
321 "pushf\n"
322 "popl %%eax\n"
323 "xorl $0x200000, %%eax\n"
324 "movl %%eax, %%ecx\n"
325 "andl $0x200000, %%ecx\n"
326 "pushl %%eax\n"
327 "popf\n"
328 "pushf\n"
329 "popl %%eax\n"
330 "andl $0x200000, %%eax\n"
331 "xorl %%eax, %%ecx\n"
332 "movl %%ecx, %0\n"
333 : "=r" (result) : : "eax", "ecx");
334
335 return (result == 0);
336}
337
338/* Load supported features of the CPU to see if
339 the PadLock is available. */
340static int
341padlock_available(void)
342{
343 char vendor_string[16];
344 unsigned int eax, edx;
345
346 /* First check if the CPUID instruction is available at all... */
347 if (! padlock_insn_cpuid_available())
348 return 0;
349
350 /* Are we running on the Centaur (VIA) CPU? */
351 eax = 0x00000000;
352 vendor_string[12] = 0;
353 asm volatile (
354 "pushl %%ebx\n"
355 "cpuid\n"
356 "movl %%ebx,(%%edi)\n"
357 "movl %%edx,4(%%edi)\n"
358 "movl %%ecx,8(%%edi)\n"
359 "popl %%ebx"
360 : "+a"(eax) : "D"(vendor_string) : "ecx", "edx");
361 if (strcmp(vendor_string, "CentaurHauls") != 0)
362 return 0;
363
364 /* Check for Centaur Extended Feature Flags presence */
365 eax = 0xC0000000;
366 asm volatile ("pushl %%ebx; cpuid; popl %%ebx"
367 : "+a"(eax) : : "ecx", "edx");
368 if (eax < 0xC0000001)
369 return 0;
370
371 /* Read the Centaur Extended Feature Flags */
372 eax = 0xC0000001;
373 asm volatile ("pushl %%ebx; cpuid; popl %%ebx"
374 : "+a"(eax), "=d"(edx) : : "ecx");
375
376 /* Fill up some flags */
377 padlock_use_ace = ((edx & (0x3 << 6)) == (0x3 << 6));
378 padlock_use_rng = ((edx & (0x3 << 2)) == (0x3 << 2));
379
380 return padlock_use_ace + padlock_use_rng;
381}
382
383#ifndef OPENSSL_NO_AES
384/* Our own htonl()/ntohl() */
385static inline void
386padlock_bswapl(AES_KEY *ks)
387{
388 size_t i = sizeof(ks->rd_key)/sizeof(ks->rd_key[0]);
389 unsigned int *key = ks->rd_key;
390
391 while (i--) {
392 asm volatile ("bswapl %0" : "+r"(*key));
393 key++;
394 }
395}
396#endif
397
398/* Force key reload from memory to the CPU microcode.
399 Loading EFLAGS from the stack clears EFLAGS[30]
400 which does the trick. */
401static inline void
402padlock_reload_key(void)
403{
404 asm volatile ("pushfl; popfl");
405}
406
407#ifndef OPENSSL_NO_AES
408/*
409 * This is heuristic key context tracing. At first one
410 * believes that one should use atomic swap instructions,
411 * but it's not actually necessary. Point is that if
412 * padlock_saved_context was changed by another thread
413 * after we've read it and before we compare it with cdata,
414 * our key *shall* be reloaded upon thread context switch
415 * and we are therefore set in either case...
416 */
417static inline void
418padlock_verify_context(struct padlock_cipher_data *cdata)
419{
420 asm volatile (
421 "pushfl\n"
422 " btl $30,(%%esp)\n"
423 " jnc 1f\n"
424 " cmpl %2,%1\n"
425 " je 1f\n"
426 " popfl\n"
427 " subl $4,%%esp\n"
428 "1: addl $4,%%esp\n"
429 " movl %2,%0"
430 :"+m"(padlock_saved_context)
431 : "r"(padlock_saved_context), "r"(cdata) : "cc");
432}
433
434/* Template for padlock_xcrypt_* modes */
435/* BIG FAT WARNING:
436 * The offsets used with 'leal' instructions
437 * describe items of the 'padlock_cipher_data'
438 * structure.
439 */
440#define PADLOCK_XCRYPT_ASM(name,rep_xcrypt) \
441static inline void *name(size_t cnt, \
442 struct padlock_cipher_data *cdata, \
443 void *out, const void *inp) \
444{ void *iv; \
445 asm volatile ( "pushl %%ebx\n" \
446 " leal 16(%0),%%edx\n" \
447 " leal 32(%0),%%ebx\n" \
448 rep_xcrypt "\n" \
449 " popl %%ebx" \
450 : "=a"(iv), "=c"(cnt), "=D"(out), "=S"(inp) \
451 : "0"(cdata), "1"(cnt), "2"(out), "3"(inp) \
452 : "edx", "cc", "memory"); \
453 return iv; \
454}
455
456/* Generate all functions with appropriate opcodes */
457PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, ".byte 0xf3,0x0f,0xa7,0xc8") /* rep xcryptecb */
458PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc, ".byte 0xf3,0x0f,0xa7,0xd0") /* rep xcryptcbc */
459PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0") /* rep xcryptcfb */
460PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8") /* rep xcryptofb */
461#endif
462
463/* The RNG call itself */
464static inline unsigned int
465padlock_xstore(void *addr, unsigned int edx_in)
466{
467 unsigned int eax_out;
468
469 asm volatile (".byte 0x0f,0xa7,0xc0" /* xstore */
470 : "=a"(eax_out),"=m"(*(unsigned *)addr)
471 : "D"(addr), "d" (edx_in)
472 );
473
474 return eax_out;
475}
476
477/* Why not inline 'rep movsd'? I failed to find information on what
478 * value in Direction Flag one can expect and consequently have to
479 * apply "better-safe-than-sorry" approach and assume "undefined."
480 * I could explicitly clear it and restore the original value upon
481 * return from padlock_aes_cipher, but it's presumably too much
482 * trouble for too little gain...
483 *
484 * In case you wonder 'rep xcrypt*' instructions above are *not*
485 * affected by the Direction Flag and pointers advance toward
486 * larger addresses unconditionally.
487 */
488static inline unsigned char *
489padlock_memcpy(void *dst, const void *src, size_t n)
490{
491 long *d = dst;
492 const long *s = src;
493
494 n /= sizeof(*d);
495 do { *d++ = *s++;
496 } while (--n);
497
498 return dst;
499}
500#endif
501
502/* ===== AES encryption/decryption ===== */
503#ifndef OPENSSL_NO_AES
504
505#if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb)
506#define NID_aes_128_cfb NID_aes_128_cfb128
507#endif
508
509#if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb)
510#define NID_aes_128_ofb NID_aes_128_ofb128
511#endif
512
513#if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb)
514#define NID_aes_192_cfb NID_aes_192_cfb128
515#endif
516
517#if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb)
518#define NID_aes_192_ofb NID_aes_192_ofb128
519#endif
520
521#if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb)
522#define NID_aes_256_cfb NID_aes_256_cfb128
523#endif
524
525#if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb)
526#define NID_aes_256_ofb NID_aes_256_ofb128
527#endif
528
529/* List of supported ciphers. */
530static int padlock_cipher_nids[] = {
531 NID_aes_128_ecb,
532 NID_aes_128_cbc,
533 NID_aes_128_cfb,
534 NID_aes_128_ofb,
535
536 NID_aes_192_ecb,
537 NID_aes_192_cbc,
538 NID_aes_192_cfb,
539 NID_aes_192_ofb,
540
541 NID_aes_256_ecb,
542 NID_aes_256_cbc,
543 NID_aes_256_cfb,
544 NID_aes_256_ofb,
545};
546static int padlock_cipher_nids_num = (sizeof(padlock_cipher_nids)/
547sizeof(padlock_cipher_nids[0]));
548
549/* Function prototypes ... */
550static int padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
551 const unsigned char *iv, int enc);
552static int padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
553 const unsigned char *in, size_t nbytes);
554
555#define NEAREST_ALIGNED(ptr) ( (unsigned char *)(ptr) + \
556 ( (0x10 - ((size_t)(ptr) & 0x0F)) & 0x0F ) )
557#define ALIGNED_CIPHER_DATA(ctx) ((struct padlock_cipher_data *)\
558 NEAREST_ALIGNED(ctx->cipher_data))
559
560#define EVP_CIPHER_block_size_ECB AES_BLOCK_SIZE
561#define EVP_CIPHER_block_size_CBC AES_BLOCK_SIZE
562#define EVP_CIPHER_block_size_OFB 1
563#define EVP_CIPHER_block_size_CFB 1
564
565/* Declaring so many ciphers by hand would be a pain.
566 Instead introduce a bit of preprocessor magic :-) */
567#define DECLARE_AES_EVP(ksize,lmode,umode) \
568static const EVP_CIPHER padlock_aes_##ksize##_##lmode = { \
569 NID_aes_##ksize##_##lmode, \
570 EVP_CIPHER_block_size_##umode, \
571 AES_KEY_SIZE_##ksize, \
572 AES_BLOCK_SIZE, \
573 0 | EVP_CIPH_##umode##_MODE, \
574 padlock_aes_init_key, \
575 padlock_aes_cipher, \
576 NULL, \
577 sizeof(struct padlock_cipher_data) + 16, \
578 EVP_CIPHER_set_asn1_iv, \
579 EVP_CIPHER_get_asn1_iv, \
580 NULL, \
581 NULL \
582}
583
584DECLARE_AES_EVP(128, ecb, ECB);
585DECLARE_AES_EVP(128, cbc, CBC);
586DECLARE_AES_EVP(128, cfb, CFB);
587DECLARE_AES_EVP(128, ofb, OFB);
588
589DECLARE_AES_EVP(192, ecb, ECB);
590DECLARE_AES_EVP(192, cbc, CBC);
591DECLARE_AES_EVP(192, cfb, CFB);
592DECLARE_AES_EVP(192, ofb, OFB);
593
594DECLARE_AES_EVP(256, ecb, ECB);
595DECLARE_AES_EVP(256, cbc, CBC);
596DECLARE_AES_EVP(256, cfb, CFB);
597DECLARE_AES_EVP(256, ofb, OFB);
598
599static int
600padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid)
601{
602 /* No specific cipher => return a list of supported nids ... */
603 if (!cipher) {
604 *nids = padlock_cipher_nids;
605 return padlock_cipher_nids_num;
606 }
607
608 /* ... or the requested "cipher" otherwise */
609 switch (nid) {
610 case NID_aes_128_ecb:
611 *cipher = &padlock_aes_128_ecb;
612 break;
613 case NID_aes_128_cbc:
614 *cipher = &padlock_aes_128_cbc;
615 break;
616 case NID_aes_128_cfb:
617 *cipher = &padlock_aes_128_cfb;
618 break;
619 case NID_aes_128_ofb:
620 *cipher = &padlock_aes_128_ofb;
621 break;
622 case NID_aes_192_ecb:
623 *cipher = &padlock_aes_192_ecb;
624 break;
625 case NID_aes_192_cbc:
626 *cipher = &padlock_aes_192_cbc;
627 break;
628 case NID_aes_192_cfb:
629 *cipher = &padlock_aes_192_cfb;
630 break;
631 case NID_aes_192_ofb:
632 *cipher = &padlock_aes_192_ofb;
633 break;
634 case NID_aes_256_ecb:
635 *cipher = &padlock_aes_256_ecb;
636 break;
637 case NID_aes_256_cbc:
638 *cipher = &padlock_aes_256_cbc;
639 break;
640 case NID_aes_256_cfb:
641 *cipher = &padlock_aes_256_cfb;
642 break;
643 case NID_aes_256_ofb:
644 *cipher = &padlock_aes_256_ofb;
645 break;
646 default:
647 /* Sorry, we don't support this NID */
648 *cipher = NULL;
649 return 0;
650 }
651
652 return 1;
653}
654
655/* Prepare the encryption key for PadLock usage */
656static int
657padlock_aes_init_key (EVP_CIPHER_CTX *ctx, const unsigned char *key,
658 const unsigned char *iv, int enc)
659{
660 struct padlock_cipher_data *cdata;
661 int key_len = EVP_CIPHER_CTX_key_length(ctx) * 8;
662
663 if (key == NULL)
664 return 0; /* ERROR */
665
666 cdata = ALIGNED_CIPHER_DATA(ctx);
667 memset(cdata, 0, sizeof(struct padlock_cipher_data));
668
669 /* Prepare Control word. */
670 if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE)
671 cdata->cword.b.encdec = 0;
672 else
673 cdata->cword.b.encdec = (ctx->encrypt == 0);
674 cdata->cword.b.rounds = 10 + (key_len - 128) / 32;
675 cdata->cword.b.ksize = (key_len - 128) / 64;
676
677 switch (key_len) {
678 case 128:
679 /* PadLock can generate an extended key for
680 AES128 in hardware */
681 memcpy(cdata->ks.rd_key, key, AES_KEY_SIZE_128);
682 cdata->cword.b.keygen = 0;
683 break;
684
685 case 192:
686 case 256:
687 /* Generate an extended AES key in software.
688 Needed for AES192/AES256 */
689 /* Well, the above applies to Stepping 8 CPUs
690 and is listed as hardware errata. They most
691 likely will fix it at some point and then
692 a check for stepping would be due here. */
693 if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE ||
694 EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE ||
695 enc)
696 AES_set_encrypt_key(key, key_len, &cdata->ks);
697 else
698 AES_set_decrypt_key(key, key_len, &cdata->ks);
699#ifndef AES_ASM
700 /* OpenSSL C functions use byte-swapped extended key. */
701 padlock_bswapl(&cdata->ks);
702#endif
703 cdata->cword.b.keygen = 1;
704 break;
705
706 default:
707 /* ERROR */
708 return 0;
709 }
710
711 /*
712 * This is done to cover for cases when user reuses the
713 * context for new key. The catch is that if we don't do
714 * this, padlock_eas_cipher might proceed with old key...
715 */
716 padlock_reload_key ();
717
718 return 1;
719}
720
721/*
722 * Simplified version of padlock_aes_cipher() used when
723 * 1) both input and output buffers are at aligned addresses.
724 * or when
725 * 2) running on a newer CPU that doesn't require aligned buffers.
726 */
727static int
728padlock_aes_cipher_omnivorous(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
729 const unsigned char *in_arg, size_t nbytes)
730{
731 struct padlock_cipher_data *cdata;
732 void *iv;
733
734 cdata = ALIGNED_CIPHER_DATA(ctx);
735 padlock_verify_context(cdata);
736
737 switch (EVP_CIPHER_CTX_mode(ctx)) {
738 case EVP_CIPH_ECB_MODE:
739 padlock_xcrypt_ecb(nbytes / AES_BLOCK_SIZE, cdata,
740 out_arg, in_arg);
741 break;
742
743 case EVP_CIPH_CBC_MODE:
744 memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
745 iv = padlock_xcrypt_cbc(nbytes / AES_BLOCK_SIZE, cdata,
746 out_arg, in_arg);
747 memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
748 break;
749
750 case EVP_CIPH_CFB_MODE:
751 memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
752 iv = padlock_xcrypt_cfb(nbytes / AES_BLOCK_SIZE, cdata,
753 out_arg, in_arg);
754 memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
755 break;
756
757 case EVP_CIPH_OFB_MODE:
758 memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
759 padlock_xcrypt_ofb(nbytes / AES_BLOCK_SIZE, cdata,
760 out_arg, in_arg);
761 memcpy(ctx->iv, cdata->iv, AES_BLOCK_SIZE);
762 break;
763
764 default:
765 return 0;
766 }
767
768 memset(cdata->iv, 0, AES_BLOCK_SIZE);
769
770 return 1;
771}
772
773#ifndef PADLOCK_CHUNK
774# define PADLOCK_CHUNK 512 /* Must be a power of 2 larger than 16 */
775#endif
776#if PADLOCK_CHUNK<16 || PADLOCK_CHUNK&(PADLOCK_CHUNK-1)
777# error "insane PADLOCK_CHUNK..."
778#endif
779
780/* Re-align the arguments to 16-Bytes boundaries and run the
781 encryption function itself. This function is not AES-specific. */
782static int
783padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
784 const unsigned char *in_arg, size_t nbytes)
785{
786 struct padlock_cipher_data *cdata;
787 const void *inp;
788 unsigned char *out;
789 void *iv;
790 int inp_misaligned, out_misaligned, realign_in_loop;
791 size_t chunk, allocated = 0;
792
793 /* ctx->num is maintained in byte-oriented modes,
794 such as CFB and OFB... */
795 if ((chunk = ctx->num)) {
796 /* borrow chunk variable */
797 unsigned char *ivp = ctx->iv;
798
799 switch (EVP_CIPHER_CTX_mode(ctx)) {
800 case EVP_CIPH_CFB_MODE:
801 if (chunk >= AES_BLOCK_SIZE)
802 return 0; /* bogus value */
803
804 if (ctx->encrypt)
805 while (chunk < AES_BLOCK_SIZE && nbytes != 0) {
806 ivp[chunk] = *(out_arg++) = *(in_arg++) ^ ivp[chunk];
807 chunk++, nbytes--;
808 }
809 else
810 while (chunk < AES_BLOCK_SIZE && nbytes != 0) {
811 unsigned char c = *(in_arg++);
812 *(out_arg++) = c ^ ivp[chunk];
813 ivp[chunk++] = c, nbytes--;
814 }
815
816 ctx->num = chunk % AES_BLOCK_SIZE;
817 break;
818 case EVP_CIPH_OFB_MODE:
819 if (chunk >= AES_BLOCK_SIZE)
820 return 0; /* bogus value */
821
822 while (chunk < AES_BLOCK_SIZE && nbytes != 0) {
823 *(out_arg++) = *(in_arg++) ^ ivp[chunk];
824 chunk++, nbytes--;
825 }
826
827 ctx->num = chunk % AES_BLOCK_SIZE;
828 break;
829 }
830 }
831
832 if (nbytes == 0)
833 return 1;
834#if 0
835 if (nbytes % AES_BLOCK_SIZE)
836 return 0; /* are we expected to do tail processing? */
837#else
838 /* nbytes is always multiple of AES_BLOCK_SIZE in ECB and CBC
839 modes and arbitrary value in byte-oriented modes, such as
840 CFB and OFB... */
841#endif
842
843 /* VIA promises CPUs that won't require alignment in the future.
844 For now padlock_aes_align_required is initialized to 1 and
845 the condition is never met... */
846 /* C7 core is capable to manage unaligned input in non-ECB[!]
847 mode, but performance penalties appear to be approximately
848 same as for software alignment below or ~3x. They promise to
849 improve it in the future, but for now we can just as well
850 pretend that it can only handle aligned input... */
851 if (!padlock_aes_align_required && (nbytes % AES_BLOCK_SIZE) == 0)
852 return padlock_aes_cipher_omnivorous(ctx, out_arg, in_arg,
853 nbytes);
854
855 inp_misaligned = (((size_t)in_arg) & 0x0F);
856 out_misaligned = (((size_t)out_arg) & 0x0F);
857
858 /* Note that even if output is aligned and input not,
859 * I still prefer to loop instead of copy the whole
860 * input and then encrypt in one stroke. This is done
861 * in order to improve L1 cache utilization... */
862 realign_in_loop = out_misaligned|inp_misaligned;
863
864 if (!realign_in_loop && (nbytes % AES_BLOCK_SIZE) == 0)
865 return padlock_aes_cipher_omnivorous(ctx, out_arg, in_arg,
866 nbytes);
867
868 /* this takes one "if" out of the loops */
869 chunk = nbytes;
870 chunk %= PADLOCK_CHUNK;
871 if (chunk == 0)
872 chunk = PADLOCK_CHUNK;
873
874 if (out_misaligned) {
875 /* optimize for small input */
876 allocated = (chunk < nbytes ? PADLOCK_CHUNK : nbytes);
877 out = alloca(0x10 + allocated);
878 out = NEAREST_ALIGNED(out);
879 } else
880 out = out_arg;
881
882 cdata = ALIGNED_CIPHER_DATA(ctx);
883 padlock_verify_context(cdata);
884
885 switch (EVP_CIPHER_CTX_mode(ctx)) {
886 case EVP_CIPH_ECB_MODE:
887 do {
888 if (inp_misaligned)
889 inp = padlock_memcpy(out, in_arg, chunk);
890 else
891 inp = in_arg;
892 in_arg += chunk;
893
894 padlock_xcrypt_ecb(chunk / AES_BLOCK_SIZE, cdata,
895 out, inp);
896
897 if (out_misaligned)
898 out_arg = padlock_memcpy(out_arg, out, chunk) +
899 chunk;
900 else
901 out = out_arg += chunk;
902
903 nbytes -= chunk;
904 chunk = PADLOCK_CHUNK;
905 } while (nbytes);
906 break;
907
908 case EVP_CIPH_CBC_MODE:
909 memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
910 goto cbc_shortcut;
911 do {
912 if (iv != cdata->iv)
913 memcpy(cdata->iv, iv, AES_BLOCK_SIZE);
914 chunk = PADLOCK_CHUNK;
915 cbc_shortcut: /* optimize for small input */
916 if (inp_misaligned)
917 inp = padlock_memcpy(out, in_arg, chunk);
918 else
919 inp = in_arg;
920 in_arg += chunk;
921
922 iv = padlock_xcrypt_cbc(chunk / AES_BLOCK_SIZE, cdata,
923 out, inp);
924
925 if (out_misaligned)
926 out_arg = padlock_memcpy(out_arg, out, chunk) +
927 chunk;
928 else
929 out = out_arg += chunk;
930 } while (nbytes -= chunk);
931 memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
932 break;
933
934 case EVP_CIPH_CFB_MODE:
935 memcpy (iv = cdata->iv, ctx->iv, AES_BLOCK_SIZE);
936 chunk &= ~(AES_BLOCK_SIZE - 1);
937 if (chunk)
938 goto cfb_shortcut;
939 else
940 goto cfb_skiploop;
941 do {
942 if (iv != cdata->iv)
943 memcpy(cdata->iv, iv, AES_BLOCK_SIZE);
944 chunk = PADLOCK_CHUNK;
945 cfb_shortcut: /* optimize for small input */
946 if (inp_misaligned)
947 inp = padlock_memcpy(out, in_arg, chunk);
948 else
949 inp = in_arg;
950 in_arg += chunk;
951
952 iv = padlock_xcrypt_cfb(chunk / AES_BLOCK_SIZE, cdata,
953 out, inp);
954
955 if (out_misaligned)
956 out_arg = padlock_memcpy(out_arg, out, chunk) +
957 chunk;
958 else
959 out = out_arg += chunk;
960
961 nbytes -= chunk;
962 } while (nbytes >= AES_BLOCK_SIZE);
963
964cfb_skiploop:
965 if (nbytes) {
966 unsigned char *ivp = cdata->iv;
967
968 if (iv != ivp) {
969 memcpy(ivp, iv, AES_BLOCK_SIZE);
970 iv = ivp;
971 }
972 ctx->num = nbytes;
973 if (cdata->cword.b.encdec) {
974 cdata->cword.b.encdec = 0;
975 padlock_reload_key();
976 padlock_xcrypt_ecb(1, cdata, ivp, ivp);
977 cdata->cword.b.encdec = 1;
978 padlock_reload_key();
979 while (nbytes) {
980 unsigned char c = *(in_arg++);
981 *(out_arg++) = c ^ *ivp;
982 *(ivp++) = c, nbytes--;
983 }
984 } else {
985 padlock_reload_key();
986 padlock_xcrypt_ecb(1, cdata, ivp, ivp);
987 padlock_reload_key();
988 while (nbytes) {
989 *ivp = *(out_arg++) = *(in_arg++) ^ *ivp;
990 ivp++, nbytes--;
991 }
992 }
993 }
994
995 memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
996 break;
997
998 case EVP_CIPH_OFB_MODE:
999 memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
1000 chunk &= ~(AES_BLOCK_SIZE - 1);
1001 if (chunk) do {
1002 if (inp_misaligned)
1003 inp = padlock_memcpy(out, in_arg, chunk);
1004 else
1005 inp = in_arg;
1006 in_arg += chunk;
1007
1008 padlock_xcrypt_ofb(chunk / AES_BLOCK_SIZE, cdata,
1009 out, inp);
1010
1011 if (out_misaligned)
1012 out_arg = padlock_memcpy(out_arg, out, chunk) +
1013 chunk;
1014 else
1015 out = out_arg += chunk;
1016
1017 nbytes -= chunk;
1018 chunk = PADLOCK_CHUNK;
1019 } while (nbytes >= AES_BLOCK_SIZE);
1020
1021 if (nbytes) {
1022 unsigned char *ivp = cdata->iv;
1023
1024 ctx->num = nbytes;
1025 padlock_reload_key(); /* empirically found */
1026 padlock_xcrypt_ecb(1, cdata, ivp, ivp);
1027 padlock_reload_key(); /* empirically found */
1028 while (nbytes) {
1029 *(out_arg++) = *(in_arg++) ^ *ivp;
1030 ivp++, nbytes--;
1031 }
1032 }
1033
1034 memcpy(ctx->iv, cdata->iv, AES_BLOCK_SIZE);
1035 break;
1036
1037 default:
1038 return 0;
1039 }
1040
1041 /* Clean the realign buffer if it was used */
1042 if (out_misaligned) {
1043 volatile unsigned long *p = (void *)out;
1044 size_t n = allocated/sizeof(*p);
1045 while (n--)
1046 *p++ = 0;
1047 }
1048
1049 memset(cdata->iv, 0, AES_BLOCK_SIZE);
1050
1051 return 1;
1052}
1053
1054#endif /* OPENSSL_NO_AES */
1055
1056/* ===== Random Number Generator ===== */
1057/*
1058 * This code is not engaged. The reason is that it does not comply
1059 * with recommendations for VIA RNG usage for secure applications
1060 * (posted at http://www.via.com.tw/en/viac3/c3.jsp) nor does it
1061 * provide meaningful error control...
1062 */
1063/* Wrapper that provides an interface between the API and
1064 the raw PadLock RNG */
1065static int
1066padlock_rand_bytes(unsigned char *output, int count)
1067{
1068 unsigned int eax, buf;
1069
1070 while (count >= 8) {
1071 eax = padlock_xstore(output, 0);
1072 if (!(eax & (1 << 6)))
1073 return 0; /* RNG disabled */
1074 /* this ---vv--- covers DC bias, Raw Bits and String Filter */
1075 if (eax & (0x1F << 10))
1076 return 0;
1077 if ((eax & 0x1F) == 0)
1078 continue; /* no data, retry... */
1079 if ((eax & 0x1F) != 8)
1080 return 0; /* fatal failure... */
1081 output += 8;
1082 count -= 8;
1083 }
1084 while (count > 0) {
1085 eax = padlock_xstore(&buf, 3);
1086 if (!(eax & (1 << 6)))
1087 return 0; /* RNG disabled */
1088 /* this ---vv--- covers DC bias, Raw Bits and String Filter */
1089 if (eax & (0x1F << 10))
1090 return 0;
1091 if ((eax & 0x1F) == 0)
1092 continue; /* no data, retry... */
1093 if ((eax & 0x1F) != 1)
1094 return 0; /* fatal failure... */
1095 *output++ = (unsigned char)buf;
1096 count--;
1097 }
1098 *(volatile unsigned int *)&buf = 0;
1099
1100 return 1;
1101}
1102
1103/* Dummy but necessary function */
1104static int
1105padlock_rand_status(void)
1106{
1107 return 1;
1108}
1109
1110/* Prepare structure for registration */
1111static RAND_METHOD padlock_rand = {
1112 .bytes = padlock_rand_bytes,
1113 .pseudorand = padlock_rand_bytes,
1114 .status = padlock_rand_status
1115};
1116
1117#else /* !COMPILE_HW_PADLOCK */
1118#ifndef OPENSSL_NO_DYNAMIC_ENGINE
1119extern int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns);
1120extern int
1121bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) {
1122 return 0;
1123}
1124IMPLEMENT_DYNAMIC_CHECK_FN()
1125#endif
1126#endif /* COMPILE_HW_PADLOCK */
1127
1128#endif /* !OPENSSL_NO_HW_PADLOCK */
1129#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libcrypto/engine/eng_padlock.ec b/src/lib/libcrypto/engine/eng_padlock.ec
deleted file mode 100644
index a0e7cbd60d..0000000000
--- a/src/lib/libcrypto/engine/eng_padlock.ec
+++ /dev/null
@@ -1 +0,0 @@
1L PADLOCK eng_padlock_err.h eng_padlock_err.c
diff --git a/src/lib/libcrypto/engine/eng_pkey.c b/src/lib/libcrypto/engine/eng_pkey.c
deleted file mode 100644
index a0320e973f..0000000000
--- a/src/lib/libcrypto/engine/eng_pkey.c
+++ /dev/null
@@ -1,184 +0,0 @@
1/* $OpenBSD: eng_pkey.c,v 1.7 2017/01/29 17:49:23 beck Exp $ */
2/* ====================================================================
3 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include <openssl/err.h>
57
58#include "eng_int.h"
59
60/* Basic get/set stuff */
61
62int
63ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f)
64{
65 e->load_privkey = loadpriv_f;
66 return 1;
67}
68
69int
70ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f)
71{
72 e->load_pubkey = loadpub_f;
73 return 1;
74}
75
76int
77ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
78 ENGINE_SSL_CLIENT_CERT_PTR loadssl_f)
79{
80 e->load_ssl_client_cert = loadssl_f;
81 return 1;
82}
83
84ENGINE_LOAD_KEY_PTR
85ENGINE_get_load_privkey_function(const ENGINE *e)
86{
87 return e->load_privkey;
88}
89
90ENGINE_LOAD_KEY_PTR
91ENGINE_get_load_pubkey_function(const ENGINE *e)
92{
93 return e->load_pubkey;
94}
95
96ENGINE_SSL_CLIENT_CERT_PTR
97ENGINE_get_ssl_client_cert_function(const ENGINE *e)
98{
99 return e->load_ssl_client_cert;
100}
101
102/* API functions to load public/private keys */
103
104EVP_PKEY *
105ENGINE_load_private_key(ENGINE *e, const char *key_id, UI_METHOD *ui_method,
106 void *callback_data)
107{
108 EVP_PKEY *pkey;
109
110 if (e == NULL) {
111 ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
112 return 0;
113 }
114 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
115 if (e->funct_ref == 0) {
116 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
117 ENGINEerror(ENGINE_R_NOT_INITIALISED);
118 return 0;
119 }
120 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
121 if (!e->load_privkey) {
122 ENGINEerror(ENGINE_R_NO_LOAD_FUNCTION);
123 return 0;
124 }
125 pkey = e->load_privkey(e, key_id, ui_method, callback_data);
126 if (!pkey) {
127 ENGINEerror(ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
128 return 0;
129 }
130 return pkey;
131}
132
133EVP_PKEY *
134ENGINE_load_public_key(ENGINE *e, const char *key_id, UI_METHOD *ui_method,
135 void *callback_data)
136{
137 EVP_PKEY *pkey;
138
139 if (e == NULL) {
140 ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
141 return 0;
142 }
143 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
144 if (e->funct_ref == 0) {
145 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
146 ENGINEerror(ENGINE_R_NOT_INITIALISED);
147 return 0;
148 }
149 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
150 if (!e->load_pubkey) {
151 ENGINEerror(ENGINE_R_NO_LOAD_FUNCTION);
152 return 0;
153 }
154 pkey = e->load_pubkey(e, key_id, ui_method, callback_data);
155 if (!pkey) {
156 ENGINEerror(ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
157 return 0;
158 }
159 return pkey;
160}
161
162int
163ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, STACK_OF(X509_NAME) *ca_dn,
164 X509 **pcert, EVP_PKEY **ppkey, STACK_OF(X509) **pother,
165 UI_METHOD *ui_method, void *callback_data)
166{
167 if (e == NULL) {
168 ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
169 return 0;
170 }
171 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
172 if (e->funct_ref == 0) {
173 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
174 ENGINEerror(ENGINE_R_NOT_INITIALISED);
175 return 0;
176 }
177 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
178 if (!e->load_ssl_client_cert) {
179 ENGINEerror(ENGINE_R_NO_LOAD_FUNCTION);
180 return 0;
181 }
182 return e->load_ssl_client_cert(e, s, ca_dn, pcert, ppkey, pother,
183 ui_method, callback_data);
184}
diff --git a/src/lib/libcrypto/engine/eng_table.c b/src/lib/libcrypto/engine/eng_table.c
deleted file mode 100644
index 0e7ea3b698..0000000000
--- a/src/lib/libcrypto/engine/eng_table.c
+++ /dev/null
@@ -1,354 +0,0 @@
1/* $OpenBSD: eng_table.c,v 1.10 2022/12/26 07:18:52 jmc Exp $ */
2/* ====================================================================
3 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include <openssl/err.h>
57#include <openssl/evp.h>
58#include <openssl/lhash.h>
59
60#include "eng_int.h"
61
62/* The type of the items in the table */
63typedef struct st_engine_pile {
64 /* The 'nid' of this algorithm/mode */
65 int nid;
66 /* ENGINEs that implement this algorithm/mode. */
67 STACK_OF(ENGINE) *sk;
68 /* The default ENGINE to perform this algorithm/mode. */
69 ENGINE *funct;
70 /* Zero if 'sk' is newer than the cached 'funct', non-zero otherwise */
71 int uptodate;
72} ENGINE_PILE;
73
74DECLARE_LHASH_OF(ENGINE_PILE);
75
76/* The type exposed in eng_int.h */
77struct st_engine_table {
78 LHASH_OF(ENGINE_PILE) piles;
79}; /* ENGINE_TABLE */
80
81typedef struct st_engine_pile_doall {
82 engine_table_doall_cb *cb;
83 void *arg;
84} ENGINE_PILE_DOALL;
85
86/* Global flags (ENGINE_TABLE_FLAG_***). */
87static unsigned int table_flags = 0;
88
89/* API function manipulating 'table_flags' */
90unsigned int
91ENGINE_get_table_flags(void)
92{
93 return table_flags;
94}
95
96void
97ENGINE_set_table_flags(unsigned int flags)
98{
99 table_flags = flags;
100}
101
102/* Internal functions for the "piles" hash table */
103static unsigned long
104engine_pile_hash(const ENGINE_PILE *c)
105{
106 return c->nid;
107}
108
109static int
110engine_pile_cmp(const ENGINE_PILE *a, const ENGINE_PILE *b)
111{
112 return a->nid - b->nid;
113}
114static IMPLEMENT_LHASH_HASH_FN(engine_pile, ENGINE_PILE)
115static IMPLEMENT_LHASH_COMP_FN(engine_pile, ENGINE_PILE)
116
117static int
118int_table_check(ENGINE_TABLE **t, int create)
119{
120 LHASH_OF(ENGINE_PILE) *lh;
121
122 if (*t)
123 return 1;
124 if (!create)
125 return 0;
126 if ((lh = lh_ENGINE_PILE_new()) == NULL)
127 return 0;
128 *t = (ENGINE_TABLE *)lh;
129 return 1;
130}
131
132/* Privately exposed (via eng_int.h) functions for adding and/or removing
133 * ENGINEs from the implementation table */
134int
135engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
136 ENGINE *e, const int *nids, int num_nids, int setdefault)
137{
138 int ret = 0, added = 0;
139 ENGINE_PILE tmplate, *fnd;
140
141 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
142 if (!(*table))
143 added = 1;
144 if (!int_table_check(table, 1))
145 goto end;
146 if (added)
147 /* The cleanup callback needs to be added */
148 engine_cleanup_add_first(cleanup);
149 while (num_nids--) {
150 tmplate.nid = *nids;
151 fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate);
152 if (!fnd) {
153 fnd = malloc(sizeof(ENGINE_PILE));
154 if (!fnd)
155 goto end;
156 fnd->uptodate = 1;
157 fnd->nid = *nids;
158 fnd->sk = sk_ENGINE_new_null();
159 if (!fnd->sk) {
160 free(fnd);
161 goto end;
162 }
163 fnd->funct = NULL;
164 (void)lh_ENGINE_PILE_insert(&(*table)->piles, fnd);
165 }
166 /* A registration shouldn't add duplicate entries */
167 (void)sk_ENGINE_delete_ptr(fnd->sk, e);
168 /* if 'setdefault', this ENGINE goes to the head of the list */
169 if (!sk_ENGINE_push(fnd->sk, e))
170 goto end;
171 /* "touch" this ENGINE_PILE */
172 fnd->uptodate = 0;
173 if (setdefault) {
174 if (!engine_unlocked_init(e)) {
175 ENGINEerror(ENGINE_R_INIT_FAILED);
176 goto end;
177 }
178 if (fnd->funct)
179 engine_unlocked_finish(fnd->funct, 0);
180 fnd->funct = e;
181 fnd->uptodate = 1;
182 }
183 nids++;
184 }
185 ret = 1;
186end:
187 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
188 return ret;
189}
190
191static void
192int_unregister_cb_doall_arg(ENGINE_PILE *pile, ENGINE *e)
193{
194 int n;
195
196 /* Iterate the 'c->sk' stack removing any occurrence of 'e' */
197 while ((n = sk_ENGINE_find(pile->sk, e)) >= 0) {
198 (void)sk_ENGINE_delete(pile->sk, n);
199 pile->uptodate = 0;
200 }
201 if (pile->funct == e) {
202 engine_unlocked_finish(e, 0);
203 pile->funct = NULL;
204 }
205}
206static IMPLEMENT_LHASH_DOALL_ARG_FN(int_unregister_cb, ENGINE_PILE, ENGINE)
207
208void
209engine_table_unregister(ENGINE_TABLE **table, ENGINE *e)
210{
211 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
212 if (int_table_check(table, 0))
213 lh_ENGINE_PILE_doall_arg(&(*table)->piles,
214 LHASH_DOALL_ARG_FN(int_unregister_cb), ENGINE, e);
215 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
216}
217
218static void
219int_cleanup_cb_doall(ENGINE_PILE *p)
220{
221 sk_ENGINE_free(p->sk);
222 if (p->funct)
223 engine_unlocked_finish(p->funct, 0);
224 free(p);
225}
226static IMPLEMENT_LHASH_DOALL_FN(int_cleanup_cb, ENGINE_PILE)
227
228void
229engine_table_cleanup(ENGINE_TABLE **table)
230{
231 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
232 if (*table) {
233 lh_ENGINE_PILE_doall(&(*table)->piles,
234 LHASH_DOALL_FN(int_cleanup_cb));
235 lh_ENGINE_PILE_free(&(*table)->piles);
236 *table = NULL;
237 }
238 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
239}
240
241/* return a functional reference for a given 'nid' */
242#ifndef ENGINE_TABLE_DEBUG
243ENGINE *
244engine_table_select(ENGINE_TABLE **table, int nid)
245#else
246ENGINE *
247engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, int l)
248#endif
249{
250 ENGINE *ret = NULL;
251 ENGINE_PILE tmplate, *fnd = NULL;
252 int initres, loop = 0;
253
254 if (!(*table)) {
255#ifdef ENGINE_TABLE_DEBUG
256 fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, nothing "
257 "registered!\n", f, l, nid);
258#endif
259 return NULL;
260 }
261 ERR_set_mark();
262 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
263 /* Check again inside the lock otherwise we could race against cleanup
264 * operations. But don't worry about a fprintf(stderr). */
265 if (!int_table_check(table, 0))
266 goto end;
267 tmplate.nid = nid;
268 fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate);
269 if (!fnd)
270 goto end;
271 if (fnd->funct && engine_unlocked_init(fnd->funct)) {
272#ifdef ENGINE_TABLE_DEBUG
273 fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using "
274 "ENGINE '%s' cached\n", f, l, nid, fnd->funct->id);
275#endif
276 ret = fnd->funct;
277 goto end;
278 }
279 if (fnd->uptodate) {
280 ret = fnd->funct;
281 goto end;
282 }
283trynext:
284 ret = sk_ENGINE_value(fnd->sk, loop++);
285 if (!ret) {
286#ifdef ENGINE_TABLE_DEBUG
287 fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, no "
288 "registered implementations would initialise\n", f, l, nid);
289#endif
290 goto end;
291 }
292 /* Try to initialise the ENGINE? */
293 if ((ret->funct_ref > 0) || !(table_flags & ENGINE_TABLE_FLAG_NOINIT))
294 initres = engine_unlocked_init(ret);
295 else
296 initres = 0;
297 if (initres) {
298 /* Update 'funct' */
299 if ((fnd->funct != ret) && engine_unlocked_init(ret)) {
300 /* If there was a previous default we release it. */
301 if (fnd->funct)
302 engine_unlocked_finish(fnd->funct, 0);
303 fnd->funct = ret;
304#ifdef ENGINE_TABLE_DEBUG
305 fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, "
306 "setting default to '%s'\n", f, l, nid, ret->id);
307#endif
308 }
309#ifdef ENGINE_TABLE_DEBUG
310 fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using "
311 "newly initialised '%s'\n", f, l, nid, ret->id);
312#endif
313 goto end;
314 }
315 goto trynext;
316end:
317 /* If it failed, it is unlikely to succeed again until some future
318 * registrations have taken place. In all cases, we cache. */
319 if (fnd)
320 fnd->uptodate = 1;
321#ifdef ENGINE_TABLE_DEBUG
322 if (ret)
323 fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "
324 "ENGINE '%s'\n", f, l, nid, ret->id);
325 else
326 fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "
327 "'no matching ENGINE'\n", f, l, nid);
328#endif
329 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
330 /* Whatever happened, any failed init()s are not failures in this
331 * context, so clear our error state. */
332 ERR_pop_to_mark();
333 return ret;
334}
335
336/* Table enumeration */
337
338static void
339int_cb_doall_arg(ENGINE_PILE *pile, ENGINE_PILE_DOALL *dall)
340{
341 dall->cb(pile->nid, pile->sk, pile->funct, dall->arg);
342}
343static IMPLEMENT_LHASH_DOALL_ARG_FN(int_cb, ENGINE_PILE, ENGINE_PILE_DOALL)
344
345void
346engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb, void *arg)
347{
348 ENGINE_PILE_DOALL dall;
349
350 dall.cb = cb;
351 dall.arg = arg;
352 lh_ENGINE_PILE_doall_arg(&table->piles, LHASH_DOALL_ARG_FN(int_cb),
353 ENGINE_PILE_DOALL, &dall);
354}
diff --git a/src/lib/libcrypto/engine/engine.h b/src/lib/libcrypto/engine/engine.h
deleted file mode 100644
index 0c620ba7f8..0000000000
--- a/src/lib/libcrypto/engine/engine.h
+++ /dev/null
@@ -1,807 +0,0 @@
1/* $OpenBSD: engine.h,v 1.38 2023/04/18 09:10:44 tb Exp $ */
2/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58/* ====================================================================
59 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
60 * ECDH support in OpenSSL originally developed by
61 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
62 */
63
64#ifndef HEADER_ENGINE_H
65#define HEADER_ENGINE_H
66
67#include <openssl/opensslconf.h>
68
69#ifdef OPENSSL_NO_ENGINE
70#error ENGINE is disabled.
71#endif
72
73#include <openssl/bn.h>
74#ifndef OPENSSL_NO_DH
75#include <openssl/dh.h>
76#endif
77#ifndef OPENSSL_NO_DSA
78#include <openssl/dsa.h>
79#endif
80#ifndef OPENSSL_NO_EC
81#include <openssl/ec.h>
82#endif
83#ifndef OPENSSL_NO_ECDH
84#include <openssl/ecdh.h>
85#endif
86#ifndef OPENSSL_NO_ECDSA
87#include <openssl/ecdsa.h>
88#endif
89#include <openssl/err.h>
90#ifndef OPENSSL_NO_RSA
91#include <openssl/rsa.h>
92#endif
93#include <openssl/ui.h>
94#include <openssl/x509.h>
95
96#include <openssl/ossl_typ.h>
97
98#ifdef __cplusplus
99extern "C" {
100#endif
101
102/* These flags are used to control combinations of algorithm (methods)
103 * by bitwise "OR"ing. */
104#define ENGINE_METHOD_RSA (unsigned int)0x0001
105#define ENGINE_METHOD_DSA (unsigned int)0x0002
106#define ENGINE_METHOD_DH (unsigned int)0x0004
107#define ENGINE_METHOD_RAND (unsigned int)0x0008
108#define ENGINE_METHOD_ECDH (unsigned int)0x0010
109#define ENGINE_METHOD_ECDSA (unsigned int)0x0020
110#define ENGINE_METHOD_CIPHERS (unsigned int)0x0040
111#define ENGINE_METHOD_DIGESTS (unsigned int)0x0080
112#define ENGINE_METHOD_STORE (unsigned int)0x0100
113#define ENGINE_METHOD_PKEY_METHS (unsigned int)0x0200
114#define ENGINE_METHOD_PKEY_ASN1_METHS (unsigned int)0x0400
115#define ENGINE_METHOD_EC (unsigned int)0x0800
116/* Obvious all-or-nothing cases. */
117#define ENGINE_METHOD_ALL (unsigned int)0xFFFF
118#define ENGINE_METHOD_NONE (unsigned int)0x0000
119
120/* This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used
121 * internally to control registration of ENGINE implementations, and can be set
122 * by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to
123 * initialise registered ENGINEs if they are not already initialised. */
124#define ENGINE_TABLE_FLAG_NOINIT (unsigned int)0x0001
125
126/* ENGINE flags that can be set by ENGINE_set_flags(). */
127/* #define ENGINE_FLAGS_MALLOCED 0x0001 */ /* Not used */
128
129/* This flag is for ENGINEs that wish to handle the various 'CMD'-related
130 * control commands on their own. Without this flag, ENGINE_ctrl() handles these
131 * control commands on behalf of the ENGINE using their "cmd_defns" data. */
132#define ENGINE_FLAGS_MANUAL_CMD_CTRL (int)0x0002
133
134/* This flag is for ENGINEs who return new duplicate structures when found via
135 * "ENGINE_by_id()". When an ENGINE must store state (eg. if ENGINE_ctrl()
136 * commands are called in sequence as part of some stateful process like
137 * key-generation setup and execution), it can set this flag - then each attempt
138 * to obtain the ENGINE will result in it being copied into a new structure.
139 * Normally, ENGINEs don't declare this flag so ENGINE_by_id() just increments
140 * the existing ENGINE's structural reference count. */
141#define ENGINE_FLAGS_BY_ID_COPY (int)0x0004
142
143/* This flag if for an ENGINE that does not want its methods registered as
144 * part of ENGINE_register_all_complete() for example if the methods are
145 * not usable as default methods.
146 */
147
148#define ENGINE_FLAGS_NO_REGISTER_ALL (int)0x0008
149
150/* ENGINEs can support their own command types, and these flags are used in
151 * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input each
152 * command expects. Currently only numeric and string input is supported. If a
153 * control command supports none of the _NUMERIC, _STRING, or _NO_INPUT options,
154 * then it is regarded as an "internal" control command - and not for use in
155 * config setting situations. As such, they're not available to the
156 * ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl() access. Changes to
157 * this list of 'command types' should be reflected carefully in
158 * ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string(). */
159
160/* accepts a 'long' input value (3rd parameter to ENGINE_ctrl) */
161#define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001
162/* accepts string input (cast from 'void*' to 'const char *', 4th parameter to
163 * ENGINE_ctrl) */
164#define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002
165/* Indicates that the control command takes *no* input. Ie. the control command
166 * is unparameterised. */
167#define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004
168/* Indicates that the control command is internal. This control command won't
169 * be shown in any output, and is only usable through the ENGINE_ctrl_cmd()
170 * function. */
171#define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008
172
173/* NB: These 3 control commands are deprecated and should not be used. ENGINEs
174 * relying on these commands should compile conditional support for
175 * compatibility (eg. if these symbols are defined) but should also migrate the
176 * same functionality to their own ENGINE-specific control functions that can be
177 * "discovered" by calling applications. The fact these control commands
178 * wouldn't be "executable" (ie. usable by text-based config) doesn't change the
179 * fact that application code can find and use them without requiring per-ENGINE
180 * hacking. */
181
182/* These flags are used to tell the ctrl function what should be done.
183 * All command numbers are shared between all engines, even if some don't
184 * make sense to some engines. In such a case, they do nothing but return
185 * the error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. */
186#define ENGINE_CTRL_SET_LOGSTREAM 1
187#define ENGINE_CTRL_SET_PASSWORD_CALLBACK 2
188#define ENGINE_CTRL_HUP 3 /* Close and reinitialise any
189 handles/connections etc. */
190#define ENGINE_CTRL_SET_USER_INTERFACE 4 /* Alternative to callback */
191#define ENGINE_CTRL_SET_CALLBACK_DATA 5 /* User-specific data, used
192 when calling the password
193 callback and the user
194 interface */
195#define ENGINE_CTRL_LOAD_CONFIGURATION 6 /* Load a configuration, given
196 a string that represents a
197 file name or so */
198#define ENGINE_CTRL_LOAD_SECTION 7 /* Load data from a given
199 section in the already loaded
200 configuration */
201
202/* These control commands allow an application to deal with an arbitrary engine
203 * in a dynamic way. Warn: Negative return values indicate errors FOR THESE
204 * COMMANDS because zero is used to indicate 'end-of-list'. Other commands,
205 * including ENGINE-specific command types, return zero for an error.
206 *
207 * An ENGINE can choose to implement these ctrl functions, and can internally
208 * manage things however it chooses - it does so by setting the
209 * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise the
210 * ENGINE_ctrl() code handles this on the ENGINE's behalf using the cmd_defns
211 * data (set using ENGINE_set_cmd_defns()). This means an ENGINE's ctrl()
212 * handler need only implement its own commands - the above "meta" commands will
213 * be taken care of. */
214
215/* Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not", then
216 * all the remaining control commands will return failure, so it is worth
217 * checking this first if the caller is trying to "discover" the engine's
218 * capabilities and doesn't want errors generated unnecessarily. */
219#define ENGINE_CTRL_HAS_CTRL_FUNCTION 10
220/* Returns a positive command number for the first command supported by the
221 * engine. Returns zero if no ctrl commands are supported. */
222#define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11
223/* The 'long' argument specifies a command implemented by the engine, and the
224 * return value is the next command supported, or zero if there are no more. */
225#define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12
226/* The 'void*' argument is a command name (cast from 'const char *'), and the
227 * return value is the command that corresponds to it. */
228#define ENGINE_CTRL_GET_CMD_FROM_NAME 13
229/* The next two allow a command to be converted into its corresponding string
230 * form. In each case, the 'long' argument supplies the command. In the NAME_LEN
231 * case, the return value is the length of the command name (not counting a
232 * trailing EOL). In the NAME case, the 'void*' argument must be a string buffer
233 * large enough, and it will be populated with the name of the command (WITH a
234 * trailing EOL). */
235#define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14
236#define ENGINE_CTRL_GET_NAME_FROM_CMD 15
237/* The next two are similar but give a "short description" of a command. */
238#define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16
239#define ENGINE_CTRL_GET_DESC_FROM_CMD 17
240/* With this command, the return value is the OR'd combination of
241 * ENGINE_CMD_FLAG_*** values that indicate what kind of input a given
242 * engine-specific ctrl command expects. */
243#define ENGINE_CTRL_GET_CMD_FLAGS 18
244
245/* ENGINE implementations should start the numbering of their own control
246 * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). */
247#define ENGINE_CMD_BASE 200
248
249/* If an ENGINE supports its own specific control commands and wishes the
250 * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on its
251 * behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN entries
252 * to ENGINE_set_cmd_defns(). It should also implement a ctrl() handler that
253 * supports the stated commands (ie. the "cmd_num" entries as described by the
254 * array). NB: The array must be ordered in increasing order of cmd_num.
255 * "null-terminated" means that the last ENGINE_CMD_DEFN element has cmd_num set
256 * to zero and/or cmd_name set to NULL. */
257typedef struct ENGINE_CMD_DEFN_st {
258 unsigned int cmd_num; /* The command number */
259 const char *cmd_name; /* The command name itself */
260 const char *cmd_desc; /* A short description of the command */
261 unsigned int cmd_flags; /* The input the command expects */
262} ENGINE_CMD_DEFN;
263
264/* Generic function pointer */
265typedef int (*ENGINE_GEN_FUNC_PTR)(void);
266/* Generic function pointer taking no arguments */
267typedef int (*ENGINE_GEN_INT_FUNC_PTR)(ENGINE *);
268/* Specific control function pointer */
269typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *,
270 void (*f)(void));
271/* Generic load_key function pointer */
272typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *,
273 UI_METHOD *ui_method, void *callback_data);
274typedef int (*ENGINE_SSL_CLIENT_CERT_PTR)(ENGINE *, SSL *ssl,
275 STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey,
276 STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data);
277
278/* These callback types are for an ENGINE's handler for cipher and digest logic.
279 * These handlers have these prototypes;
280 * int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
281 * int foo(ENGINE *e, const EVP_MD **digest, const int **nids, int nid);
282 * Looking at how to implement these handlers in the case of cipher support, if
283 * the framework wants the EVP_CIPHER for 'nid', it will call;
284 * foo(e, &p_evp_cipher, NULL, nid); (return zero for failure)
285 * If the framework wants a list of supported 'nid's, it will call;
286 * foo(e, NULL, &p_nids, 0); (returns number of 'nids' or -1 for error)
287 */
288/* Returns to a pointer to the array of supported cipher 'nid's. If the second
289 * parameter is non-NULL it is set to the size of the returned array. */
290typedef int (*ENGINE_CIPHERS_PTR)(ENGINE *, const EVP_CIPHER **,
291 const int **, int);
292typedef int (*ENGINE_DIGESTS_PTR)(ENGINE *, const EVP_MD **, const int **, int);
293typedef int (*ENGINE_PKEY_METHS_PTR)(ENGINE *, EVP_PKEY_METHOD **,
294 const int **, int);
295typedef int (*ENGINE_PKEY_ASN1_METHS_PTR)(ENGINE *, EVP_PKEY_ASN1_METHOD **,
296 const int **, int);
297
298/* STRUCTURE functions ... all of these functions deal with pointers to ENGINE
299 * structures where the pointers have a "structural reference". This means that
300 * their reference is to allowed access to the structure but it does not imply
301 * that the structure is functional. To simply increment or decrement the
302 * structural reference count, use ENGINE_by_id and ENGINE_free. NB: This is not
303 * required when iterating using ENGINE_get_next as it will automatically
304 * decrement the structural reference count of the "current" ENGINE and
305 * increment the structural reference count of the ENGINE it returns (unless it
306 * is NULL). */
307
308/* Get the first/last "ENGINE" type available. */
309ENGINE *ENGINE_get_first(void);
310ENGINE *ENGINE_get_last(void);
311/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
312ENGINE *ENGINE_get_next(ENGINE *e);
313ENGINE *ENGINE_get_prev(ENGINE *e);
314/* Add another "ENGINE" type into the array. */
315int ENGINE_add(ENGINE *e);
316/* Remove an existing "ENGINE" type from the array. */
317int ENGINE_remove(ENGINE *e);
318/* Retrieve an engine from the list by its unique "id" value. */
319ENGINE *ENGINE_by_id(const char *id);
320/* Add all the built-in engines. */
321void ENGINE_load_openssl(void);
322void ENGINE_load_dynamic(void);
323#ifndef OPENSSL_NO_STATIC_ENGINE
324void ENGINE_load_padlock(void);
325#endif
326void ENGINE_load_builtin_engines(void);
327
328/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
329 * "registry" handling. */
330unsigned int ENGINE_get_table_flags(void);
331void ENGINE_set_table_flags(unsigned int flags);
332
333/* Manage registration of ENGINEs per "table". For each type, there are 3
334 * functions;
335 * ENGINE_register_***(e) - registers the implementation from 'e' (if it has one)
336 * ENGINE_unregister_***(e) - unregister the implementation from 'e'
337 * ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list
338 * Cleanup is automatically registered from each table when required, so
339 * ENGINE_cleanup() will reverse any "register" operations. */
340
341int ENGINE_register_RSA(ENGINE *e);
342void ENGINE_unregister_RSA(ENGINE *e);
343void ENGINE_register_all_RSA(void);
344
345int ENGINE_register_DSA(ENGINE *e);
346void ENGINE_unregister_DSA(ENGINE *e);
347void ENGINE_register_all_DSA(void);
348
349int ENGINE_register_ECDH(ENGINE *e);
350void ENGINE_unregister_ECDH(ENGINE *e);
351void ENGINE_register_all_ECDH(void);
352
353int ENGINE_register_ECDSA(ENGINE *e);
354void ENGINE_unregister_ECDSA(ENGINE *e);
355void ENGINE_register_all_ECDSA(void);
356
357int ENGINE_register_EC(ENGINE *e);
358void ENGINE_unregister_EC(ENGINE *e);
359void ENGINE_register_all_EC(void);
360
361int ENGINE_register_DH(ENGINE *e);
362void ENGINE_unregister_DH(ENGINE *e);
363void ENGINE_register_all_DH(void);
364
365int ENGINE_register_RAND(ENGINE *e);
366void ENGINE_unregister_RAND(ENGINE *e);
367void ENGINE_register_all_RAND(void);
368
369int ENGINE_register_STORE(ENGINE *e);
370void ENGINE_unregister_STORE(ENGINE *e);
371void ENGINE_register_all_STORE(void);
372
373int ENGINE_register_ciphers(ENGINE *e);
374void ENGINE_unregister_ciphers(ENGINE *e);
375void ENGINE_register_all_ciphers(void);
376
377int ENGINE_register_digests(ENGINE *e);
378void ENGINE_unregister_digests(ENGINE *e);
379void ENGINE_register_all_digests(void);
380
381int ENGINE_register_pkey_meths(ENGINE *e);
382void ENGINE_unregister_pkey_meths(ENGINE *e);
383void ENGINE_register_all_pkey_meths(void);
384
385int ENGINE_register_pkey_asn1_meths(ENGINE *e);
386void ENGINE_unregister_pkey_asn1_meths(ENGINE *e);
387void ENGINE_register_all_pkey_asn1_meths(void);
388
389/* These functions register all support from the above categories. Note, use of
390 * these functions can result in static linkage of code your application may not
391 * need. If you only need a subset of functionality, consider using more
392 * selective initialisation. */
393int ENGINE_register_complete(ENGINE *e);
394int ENGINE_register_all_complete(void);
395
396/* Send parametrised control commands to the engine. The possibilities to send
397 * down an integer, a pointer to data or a function pointer are provided. Any of
398 * the parameters may or may not be NULL, depending on the command number. In
399 * actuality, this function only requires a structural (rather than functional)
400 * reference to an engine, but many control commands may require the engine be
401 * functional. The caller should be aware of trying commands that require an
402 * operational ENGINE, and only use functional references in such situations. */
403int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
404
405/* This function tests if an ENGINE-specific command is usable as a "setting".
406 * Eg. in an application's config file that gets processed through
407 * ENGINE_ctrl_cmd_string(). If this returns zero, it is not available to
408 * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl(). */
409int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
410
411/* This function works like ENGINE_ctrl() with the exception of taking a
412 * command name instead of a command number, and can handle optional commands.
413 * See the comment on ENGINE_ctrl_cmd_string() for an explanation on how to
414 * use the cmd_name and cmd_optional. */
415int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
416 long i, void *p, void (*f)(void), int cmd_optional);
417
418/* This function passes a command-name and argument to an ENGINE. The cmd_name
419 * is converted to a command number and the control command is called using
420 * 'arg' as an argument (unless the ENGINE doesn't support such a command, in
421 * which case no control command is called). The command is checked for input
422 * flags, and if necessary the argument will be converted to a numeric value. If
423 * cmd_optional is non-zero, then if the ENGINE doesn't support the given
424 * cmd_name the return value will be success anyway. This function is intended
425 * for applications to use so that users (or config files) can supply
426 * engine-specific config data to the ENGINE at run-time to control behaviour of
427 * specific engines. As such, it shouldn't be used for calling ENGINE_ctrl()
428 * functions that return data, deal with binary data, or that are otherwise
429 * supposed to be used directly through ENGINE_ctrl() in application code. Any
430 * "return" data from an ENGINE_ctrl() operation in this function will be lost -
431 * the return value is interpreted as failure if the return value is zero,
432 * success otherwise, and this function returns a boolean value as a result. In
433 * other words, vendors of 'ENGINE'-enabled devices should write ENGINE
434 * implementations with parameterisations that work in this scheme, so that
435 * compliant ENGINE-based applications can work consistently with the same
436 * configuration for the same ENGINE-enabled devices, across applications. */
437int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
438 int cmd_optional);
439
440/* These functions are useful for manufacturing new ENGINE structures. They
441 * don't address reference counting at all - one uses them to populate an ENGINE
442 * structure with personalised implementations of things prior to using it
443 * directly or adding it to the builtin ENGINE list in OpenSSL. These are also
444 * here so that the ENGINE structure doesn't have to be exposed and break binary
445 * compatibility! */
446ENGINE *ENGINE_new(void);
447int ENGINE_free(ENGINE *e);
448int ENGINE_up_ref(ENGINE *e);
449int ENGINE_set_id(ENGINE *e, const char *id);
450int ENGINE_set_name(ENGINE *e, const char *name);
451int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
452int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
453int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth);
454int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth);
455int ENGINE_set_EC(ENGINE *e, const EC_KEY_METHOD *ec_meth);
456int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
457int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
458int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth);
459int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);
460int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
461int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
462int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
463int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);
464int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
465int ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
466 ENGINE_SSL_CLIENT_CERT_PTR loadssl_f);
467int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
468int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
469int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f);
470int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f);
471int ENGINE_set_flags(ENGINE *e, int flags);
472int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
473/* These functions allow control over any per-structure ENGINE data. */
474int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
475 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
476int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg);
477void *ENGINE_get_ex_data(const ENGINE *e, int idx);
478
479/* This function cleans up anything that needs it. Eg. the ENGINE_add() function
480 * automatically ensures the list cleanup function is registered to be called
481 * from ENGINE_cleanup(). Similarly, all ENGINE_register_*** functions ensure
482 * ENGINE_cleanup() will clean up after them. */
483void ENGINE_cleanup(void);
484
485/* These return values from within the ENGINE structure. These can be useful
486 * with functional references as well as structural references - it depends
487 * which you obtained. Using the result for functional purposes if you only
488 * obtained a structural reference may be problematic! */
489const char *ENGINE_get_id(const ENGINE *e);
490const char *ENGINE_get_name(const ENGINE *e);
491const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
492const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
493const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e);
494const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e);
495const EC_KEY_METHOD *ENGINE_get_EC(const ENGINE *e);
496const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
497const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
498const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e);
499ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);
500ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);
501ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
502ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
503ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
504ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
505ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e);
506ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
507ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
508ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e);
509ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e);
510const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
511const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
512const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid);
513const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid);
514const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e,
515 const char *str, int len);
516const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe,
517 const char *str, int len);
518const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
519int ENGINE_get_flags(const ENGINE *e);
520
521/* FUNCTIONAL functions. These functions deal with ENGINE structures
522 * that have (or will) be initialised for use. Broadly speaking, the
523 * structural functions are useful for iterating the list of available
524 * engine types, creating new engine types, and other "list" operations.
525 * These functions actually deal with ENGINEs that are to be used. As
526 * such these functions can fail (if applicable) when particular
527 * engines are unavailable - eg. if a hardware accelerator is not
528 * attached or not functioning correctly. Each ENGINE has 2 reference
529 * counts; structural and functional. Every time a functional reference
530 * is obtained or released, a corresponding structural reference is
531 * automatically obtained or released too. */
532
533/* Initialise a engine type for use (or up its reference count if it's
534 * already in use). This will fail if the engine is not currently
535 * operational and cannot initialise. */
536int ENGINE_init(ENGINE *e);
537/* Free a functional reference to a engine type. This does not require
538 * a corresponding call to ENGINE_free as it also releases a structural
539 * reference. */
540int ENGINE_finish(ENGINE *e);
541
542/* The following functions handle keys that are stored in some secondary
543 * location, handled by the engine. The storage may be on a card or
544 * whatever. */
545EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
546 UI_METHOD *ui_method, void *callback_data);
547EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
548 UI_METHOD *ui_method, void *callback_data);
549int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
550 STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey,
551 STACK_OF(X509) **pother,
552 UI_METHOD *ui_method, void *callback_data);
553
554/* This returns a pointer for the current ENGINE structure that
555 * is (by default) performing any RSA operations. The value returned
556 * is an incremented reference, so it should be free'd (ENGINE_finish)
557 * before it is discarded. */
558ENGINE *ENGINE_get_default_RSA(void);
559/* Same for the other "methods" */
560ENGINE *ENGINE_get_default_DSA(void);
561ENGINE *ENGINE_get_default_ECDH(void);
562ENGINE *ENGINE_get_default_ECDSA(void);
563ENGINE *ENGINE_get_default_EC(void);
564ENGINE *ENGINE_get_default_DH(void);
565ENGINE *ENGINE_get_default_RAND(void);
566/* These functions can be used to get a functional reference to perform
567 * ciphering or digesting corresponding to "nid". */
568ENGINE *ENGINE_get_cipher_engine(int nid);
569ENGINE *ENGINE_get_digest_engine(int nid);
570ENGINE *ENGINE_get_pkey_meth_engine(int nid);
571ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid);
572
573/* This sets a new default ENGINE structure for performing RSA
574 * operations. If the result is non-zero (success) then the ENGINE
575 * structure will have had its reference count up'd so the caller
576 * should still free their own reference 'e'. */
577int ENGINE_set_default_RSA(ENGINE *e);
578int ENGINE_set_default_string(ENGINE *e, const char *def_list);
579/* Same for the other "methods" */
580int ENGINE_set_default_DSA(ENGINE *e);
581int ENGINE_set_default_ECDH(ENGINE *e);
582int ENGINE_set_default_ECDSA(ENGINE *e);
583int ENGINE_set_default_EC(ENGINE *e);
584int ENGINE_set_default_DH(ENGINE *e);
585int ENGINE_set_default_RAND(ENGINE *e);
586int ENGINE_set_default_ciphers(ENGINE *e);
587int ENGINE_set_default_digests(ENGINE *e);
588int ENGINE_set_default_pkey_meths(ENGINE *e);
589int ENGINE_set_default_pkey_asn1_meths(ENGINE *e);
590
591/* The combination "set" - the flags are bitwise "OR"d from the
592 * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()"
593 * function, this function can result in unnecessary static linkage. If your
594 * application requires only specific functionality, consider using more
595 * selective functions. */
596int ENGINE_set_default(ENGINE *e, unsigned int flags);
597
598void ENGINE_add_conf_module(void);
599
600/* Deprecated functions ... */
601/* int ENGINE_clear_defaults(void); */
602
603/**************************/
604/* DYNAMIC ENGINE SUPPORT */
605/**************************/
606
607/* Binary/behaviour compatibility levels */
608#define OSSL_DYNAMIC_VERSION (unsigned long)0x00020000
609/* Binary versions older than this are too old for us (whether we're a loader or
610 * a loadee) */
611#define OSSL_DYNAMIC_OLDEST (unsigned long)0x00020000
612
613/* When compiling an ENGINE entirely as an external shared library, loadable by
614 * the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure
615 * type provides the calling application's (or library's) error functionality
616 * and memory management function pointers to the loaded library. These should
617 * be used/set in the loaded library code so that the loading application's
618 * 'state' will be used/changed in all operations. The 'static_state' pointer
619 * allows the loaded library to know if it shares the same static data as the
620 * calling application (or library), and thus whether these callbacks need to be
621 * set or not. */
622typedef void *(*dyn_MEM_malloc_cb)(size_t);
623typedef void *(*dyn_MEM_realloc_cb)(void *, size_t);
624typedef void (*dyn_MEM_free_cb)(void *);
625typedef struct st_dynamic_MEM_fns {
626 dyn_MEM_malloc_cb malloc_cb;
627 dyn_MEM_realloc_cb realloc_cb;
628 dyn_MEM_free_cb free_cb;
629} dynamic_MEM_fns;
630/* FIXME: Perhaps the memory and locking code (crypto.h) should declare and use
631 * these types so we (and any other dependent code) can simplify a bit?? */
632typedef void (*dyn_lock_locking_cb)(int, int, const char *, int);
633typedef int (*dyn_lock_add_lock_cb)(int*, int, int, const char *, int);
634typedef struct CRYPTO_dynlock_value *(*dyn_dynlock_create_cb)(
635 const char *, int);
636typedef void (*dyn_dynlock_lock_cb)(int, struct CRYPTO_dynlock_value *,
637 const char *, int);
638typedef void (*dyn_dynlock_destroy_cb)(struct CRYPTO_dynlock_value *,
639 const char *, int);
640typedef struct st_dynamic_LOCK_fns {
641 dyn_lock_locking_cb lock_locking_cb;
642 dyn_lock_add_lock_cb lock_add_lock_cb;
643 dyn_dynlock_create_cb dynlock_create_cb;
644 dyn_dynlock_lock_cb dynlock_lock_cb;
645 dyn_dynlock_destroy_cb dynlock_destroy_cb;
646} dynamic_LOCK_fns;
647/* The top-level structure */
648typedef struct st_dynamic_fns {
649 void *static_state;
650 const ERR_FNS *err_fns;
651 const CRYPTO_EX_DATA_IMPL *ex_data_fns;
652 dynamic_MEM_fns mem_fns;
653 dynamic_LOCK_fns lock_fns;
654} dynamic_fns;
655
656/* The version checking function should be of this prototype. NB: The
657 * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading code.
658 * If this function returns zero, it indicates a (potential) version
659 * incompatibility and the loaded library doesn't believe it can proceed.
660 * Otherwise, the returned value is the (latest) version supported by the
661 * loading library. The loader may still decide that the loaded code's version
662 * is unsatisfactory and could veto the load. The function is expected to
663 * be implemented with the symbol name "v_check", and a default implementation
664 * can be fully instantiated with IMPLEMENT_DYNAMIC_CHECK_FN(). */
665typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version);
666#define IMPLEMENT_DYNAMIC_CHECK_FN() \
667 extern unsigned long v_check(unsigned long v); \
668 extern unsigned long v_check(unsigned long v) { \
669 if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \
670 return 0; }
671
672/* This function is passed the ENGINE structure to initialise with its own
673 * function and command settings. It should not adjust the structural or
674 * functional reference counts. If this function returns zero, (a) the load will
675 * be aborted, (b) the previous ENGINE state will be memcpy'd back onto the
676 * structure, and (c) the shared library will be unloaded. So implementations
677 * should do their own internal cleanup in failure circumstances otherwise they
678 * could leak. The 'id' parameter, if non-NULL, represents the ENGINE id that
679 * the loader is looking for. If this is NULL, the shared library can choose to
680 * return failure or to initialise a 'default' ENGINE. If non-NULL, the shared
681 * library must initialise only an ENGINE matching the passed 'id'. The function
682 * is expected to be implemented with the symbol name "bind_engine". A standard
683 * implementation can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where
684 * the parameter 'fn' is a callback function that populates the ENGINE structure
685 * and returns an int value (zero for failure). 'fn' should have prototype;
686 * [static] int fn(ENGINE *e, const char *id); */
687typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
688 const dynamic_fns *fns);
689#define IMPLEMENT_DYNAMIC_BIND_FN(fn) \
690 extern \
691 int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \
692 extern \
693 int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \
694 if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \
695 if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \
696 fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \
697 return 0; \
698 if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \
699 return 0; \
700 if(!ERR_set_implementation(fns->err_fns)) return 0; \
701 skip_cbs: \
702 if(!fn(e,id)) return 0; \
703 return 1; }
704
705/* If the loading application (or library) and the loaded ENGINE library share
706 * the same static data (eg. they're both dynamically linked to the same
707 * libcrypto.so) we need a way to avoid trying to set system callbacks - this
708 * would fail, and for the same reason that it's unnecessary to try. If the
709 * loaded ENGINE has (or gets from through the loader) its own copy of the
710 * libcrypto static data, we will need to set the callbacks. The easiest way to
711 * detect this is to have a function that returns a pointer to some static data
712 * and let the loading application and loaded ENGINE compare their respective
713 * values. */
714 void *ENGINE_get_static_state(void);
715
716void ERR_load_ENGINE_strings(void);
717
718/* Error codes for the ENGINE functions. */
719
720/* Function codes. */
721#define ENGINE_F_DYNAMIC_CTRL 180
722#define ENGINE_F_DYNAMIC_GET_DATA_CTX 181
723#define ENGINE_F_DYNAMIC_LOAD 182
724#define ENGINE_F_DYNAMIC_SET_DATA_CTX 183
725#define ENGINE_F_ENGINE_ADD 105
726#define ENGINE_F_ENGINE_BY_ID 106
727#define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE 170
728#define ENGINE_F_ENGINE_CTRL 142
729#define ENGINE_F_ENGINE_CTRL_CMD 178
730#define ENGINE_F_ENGINE_CTRL_CMD_STRING 171
731#define ENGINE_F_ENGINE_FINISH 107
732#define ENGINE_F_ENGINE_FREE_UTIL 108
733#define ENGINE_F_ENGINE_GET_CIPHER 185
734#define ENGINE_F_ENGINE_GET_DEFAULT_TYPE 177
735#define ENGINE_F_ENGINE_GET_DIGEST 186
736#define ENGINE_F_ENGINE_GET_NEXT 115
737#define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH 193
738#define ENGINE_F_ENGINE_GET_PKEY_METH 192
739#define ENGINE_F_ENGINE_GET_PREV 116
740#define ENGINE_F_ENGINE_INIT 119
741#define ENGINE_F_ENGINE_LIST_ADD 120
742#define ENGINE_F_ENGINE_LIST_REMOVE 121
743#define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150
744#define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151
745#define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 194
746#define ENGINE_F_ENGINE_NEW 122
747#define ENGINE_F_ENGINE_REMOVE 123
748#define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189
749#define ENGINE_F_ENGINE_SET_DEFAULT_TYPE 126
750#define ENGINE_F_ENGINE_SET_ID 129
751#define ENGINE_F_ENGINE_SET_NAME 130
752#define ENGINE_F_ENGINE_TABLE_REGISTER 184
753#define ENGINE_F_ENGINE_UNLOAD_KEY 152
754#define ENGINE_F_ENGINE_UNLOCKED_FINISH 191
755#define ENGINE_F_ENGINE_UP_REF 190
756#define ENGINE_F_INT_CTRL_HELPER 172
757#define ENGINE_F_INT_ENGINE_CONFIGURE 188
758#define ENGINE_F_INT_ENGINE_MODULE_INIT 187
759#define ENGINE_F_LOG_MESSAGE 141
760
761/* Reason codes. */
762#define ENGINE_R_ALREADY_LOADED 100
763#define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER 133
764#define ENGINE_R_CMD_NOT_EXECUTABLE 134
765#define ENGINE_R_COMMAND_TAKES_INPUT 135
766#define ENGINE_R_COMMAND_TAKES_NO_INPUT 136
767#define ENGINE_R_CONFLICTING_ENGINE_ID 103
768#define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119
769#define ENGINE_R_DH_NOT_IMPLEMENTED 139
770#define ENGINE_R_DSA_NOT_IMPLEMENTED 140
771#define ENGINE_R_DSO_FAILURE 104
772#define ENGINE_R_DSO_NOT_FOUND 132
773#define ENGINE_R_ENGINES_SECTION_ERROR 148
774#define ENGINE_R_ENGINE_CONFIGURATION_ERROR 102
775#define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105
776#define ENGINE_R_ENGINE_SECTION_ERROR 149
777#define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128
778#define ENGINE_R_FAILED_LOADING_PUBLIC_KEY 129
779#define ENGINE_R_FINISH_FAILED 106
780#define ENGINE_R_GET_HANDLE_FAILED 107
781#define ENGINE_R_ID_OR_NAME_MISSING 108
782#define ENGINE_R_INIT_FAILED 109
783#define ENGINE_R_INTERNAL_LIST_ERROR 110
784#define ENGINE_R_INVALID_ARGUMENT 143
785#define ENGINE_R_INVALID_CMD_NAME 137
786#define ENGINE_R_INVALID_CMD_NUMBER 138
787#define ENGINE_R_INVALID_INIT_VALUE 151
788#define ENGINE_R_INVALID_STRING 150
789#define ENGINE_R_NOT_INITIALISED 117
790#define ENGINE_R_NOT_LOADED 112
791#define ENGINE_R_NO_CONTROL_FUNCTION 120
792#define ENGINE_R_NO_INDEX 144
793#define ENGINE_R_NO_LOAD_FUNCTION 125
794#define ENGINE_R_NO_REFERENCE 130
795#define ENGINE_R_NO_SUCH_ENGINE 116
796#define ENGINE_R_NO_UNLOAD_FUNCTION 126
797#define ENGINE_R_PROVIDE_PARAMETERS 113
798#define ENGINE_R_RSA_NOT_IMPLEMENTED 141
799#define ENGINE_R_UNIMPLEMENTED_CIPHER 146
800#define ENGINE_R_UNIMPLEMENTED_DIGEST 147
801#define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD 101
802#define ENGINE_R_VERSION_INCOMPATIBILITY 145
803
804#ifdef __cplusplus
805}
806#endif
807#endif
diff --git a/src/lib/libcrypto/engine/tb_asnmth.c b/src/lib/libcrypto/engine/tb_asnmth.c
deleted file mode 100644
index 913230f696..0000000000
--- a/src/lib/libcrypto/engine/tb_asnmth.c
+++ /dev/null
@@ -1,255 +0,0 @@
1/* $OpenBSD: tb_asnmth.c,v 1.7 2022/11/26 16:08:52 tb Exp $ */
2/* ====================================================================
3 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include <string.h>
57
58#include <openssl/err.h>
59
60#include "eng_int.h"
61#include "asn1_local.h"
62#include <openssl/evp.h>
63
64/* If this symbol is defined then ENGINE_get_pkey_asn1_meth_engine(), the
65 * function that is used by EVP to hook in pkey_asn1_meth code and cache
66 * defaults (etc), will display brief debugging summaries to stderr with the
67 * 'nid'. */
68/* #define ENGINE_PKEY_ASN1_METH_DEBUG */
69
70static ENGINE_TABLE *pkey_asn1_meth_table = NULL;
71
72void
73ENGINE_unregister_pkey_asn1_meths(ENGINE *e)
74{
75 engine_table_unregister(&pkey_asn1_meth_table, e);
76}
77
78static void
79engine_unregister_all_pkey_asn1_meths(void)
80{
81 engine_table_cleanup(&pkey_asn1_meth_table);
82}
83
84int
85ENGINE_register_pkey_asn1_meths(ENGINE *e)
86{
87 if (e->pkey_asn1_meths) {
88 const int *nids;
89 int num_nids = e->pkey_asn1_meths(e, NULL, &nids, 0);
90 if (num_nids > 0)
91 return engine_table_register(&pkey_asn1_meth_table,
92 engine_unregister_all_pkey_asn1_meths, e, nids,
93 num_nids, 0);
94 }
95 return 1;
96}
97
98void
99ENGINE_register_all_pkey_asn1_meths(void)
100{
101 ENGINE *e;
102
103 for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
104 ENGINE_register_pkey_asn1_meths(e);
105}
106
107int
108ENGINE_set_default_pkey_asn1_meths(ENGINE *e)
109{
110 if (e->pkey_asn1_meths) {
111 const int *nids;
112 int num_nids = e->pkey_asn1_meths(e, NULL, &nids, 0);
113 if (num_nids > 0)
114 return engine_table_register(&pkey_asn1_meth_table,
115 engine_unregister_all_pkey_asn1_meths, e, nids,
116 num_nids, 1);
117 }
118 return 1;
119}
120
121/* Exposed API function to get a functional reference from the implementation
122 * table (ie. try to get a functional reference from the tabled structural
123 * references) for a given pkey_asn1_meth 'nid' */
124ENGINE *
125ENGINE_get_pkey_asn1_meth_engine(int nid)
126{
127 return engine_table_select(&pkey_asn1_meth_table, nid);
128}
129
130/* Obtains a pkey_asn1_meth implementation from an ENGINE functional reference */
131const EVP_PKEY_ASN1_METHOD *
132ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid)
133{
134 EVP_PKEY_ASN1_METHOD *ret;
135 ENGINE_PKEY_ASN1_METHS_PTR fn = ENGINE_get_pkey_asn1_meths(e);
136
137 if (!fn || !fn(e, &ret, NULL, nid)) {
138 ENGINEerror(ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD);
139 return NULL;
140 }
141 return ret;
142}
143
144/* Gets the pkey_asn1_meth callback from an ENGINE structure */
145ENGINE_PKEY_ASN1_METHS_PTR
146ENGINE_get_pkey_asn1_meths(const ENGINE *e)
147{
148 return e->pkey_asn1_meths;
149}
150
151/* Sets the pkey_asn1_meth callback in an ENGINE structure */
152int
153ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f)
154{
155 e->pkey_asn1_meths = f;
156 return 1;
157}
158
159/* Internal function to free up EVP_PKEY_ASN1_METHOD structures before an
160 * ENGINE is destroyed
161 */
162
163void
164engine_pkey_asn1_meths_free(ENGINE *e)
165{
166 int i;
167 EVP_PKEY_ASN1_METHOD *pkm;
168
169 if (e->pkey_asn1_meths) {
170 const int *pknids;
171 int npknids;
172 npknids = e->pkey_asn1_meths(e, NULL, &pknids, 0);
173 for (i = 0; i < npknids; i++) {
174 if (e->pkey_asn1_meths(e, &pkm, NULL, pknids[i])) {
175 EVP_PKEY_asn1_free(pkm);
176 }
177 }
178 }
179}
180
181/* Find a method based on a string. This does a linear search through
182 * all implemented algorithms. This is OK in practice because only
183 * a small number of algorithms are likely to be implemented in an engine
184 * and it is not used for speed critical operations.
185 */
186
187const EVP_PKEY_ASN1_METHOD *
188ENGINE_get_pkey_asn1_meth_str(ENGINE *e, const char *str, int len)
189{
190 int i, nidcount;
191 const int *nids;
192 EVP_PKEY_ASN1_METHOD *ameth;
193
194 if (!e->pkey_asn1_meths)
195 return NULL;
196 if (len == -1)
197 len = strlen(str);
198 nidcount = e->pkey_asn1_meths(e, NULL, &nids, 0);
199 for (i = 0; i < nidcount; i++) {
200 e->pkey_asn1_meths(e, &ameth, NULL, nids[i]);
201 if (((int)strlen(ameth->pem_str) == len) &&
202 !strncasecmp(ameth->pem_str, str, len))
203 return ameth;
204 }
205 return NULL;
206}
207
208typedef struct {
209 ENGINE *e;
210 const EVP_PKEY_ASN1_METHOD *ameth;
211 const char *str;
212 int len;
213} ENGINE_FIND_STR;
214
215static void
216look_str_cb(int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg)
217{
218 ENGINE_FIND_STR *lk = arg;
219 int i;
220
221 if (lk->ameth)
222 return;
223 for (i = 0; i < sk_ENGINE_num(sk); i++) {
224 ENGINE *e = sk_ENGINE_value(sk, i);
225 EVP_PKEY_ASN1_METHOD *ameth;
226 e->pkey_asn1_meths(e, &ameth, NULL, nid);
227 if (((int)strlen(ameth->pem_str) == lk->len) &&
228 !strncasecmp(ameth->pem_str, lk->str, lk->len)) {
229 lk->e = e;
230 lk->ameth = ameth;
231 return;
232 }
233 }
234}
235
236const EVP_PKEY_ASN1_METHOD *
237ENGINE_pkey_asn1_find_str(ENGINE **pe, const char *str, int len)
238{
239 ENGINE_FIND_STR fstr;
240
241 fstr.e = NULL;
242 fstr.ameth = NULL;
243 fstr.str = str;
244 fstr.len = len;
245 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
246 engine_table_doall(pkey_asn1_meth_table, look_str_cb, &fstr);
247 /* If found obtain a structural reference to engine */
248 if (fstr.e) {
249 fstr.e->struct_ref++;
250 engine_ref_debug(fstr.e, 0, 1)
251 }
252 *pe = fstr.e;
253 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
254 return fstr.ameth;
255}
diff --git a/src/lib/libcrypto/engine/tb_cipher.c b/src/lib/libcrypto/engine/tb_cipher.c
deleted file mode 100644
index ed87ff199e..0000000000
--- a/src/lib/libcrypto/engine/tb_cipher.c
+++ /dev/null
@@ -1,152 +0,0 @@
1/* $OpenBSD: tb_cipher.c,v 1.8 2017/01/29 17:49:23 beck Exp $ */
2/* ====================================================================
3 * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include <openssl/err.h>
57
58#include "eng_int.h"
59
60/* If this symbol is defined then ENGINE_get_cipher_engine(), the function that
61 * is used by EVP to hook in cipher code and cache defaults (etc), will display
62 * brief debugging summaries to stderr with the 'nid'. */
63/* #define ENGINE_CIPHER_DEBUG */
64
65static ENGINE_TABLE *cipher_table = NULL;
66
67void
68ENGINE_unregister_ciphers(ENGINE *e)
69{
70 engine_table_unregister(&cipher_table, e);
71}
72
73static void
74engine_unregister_all_ciphers(void)
75{
76 engine_table_cleanup(&cipher_table);
77}
78
79int
80ENGINE_register_ciphers(ENGINE *e)
81{
82 if (e->ciphers) {
83 const int *nids;
84 int num_nids = e->ciphers(e, NULL, &nids, 0);
85 if (num_nids > 0)
86 return engine_table_register(&cipher_table,
87 engine_unregister_all_ciphers, e, nids,
88 num_nids, 0);
89 }
90 return 1;
91}
92
93void
94ENGINE_register_all_ciphers(void)
95{
96 ENGINE *e;
97
98 for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
99 ENGINE_register_ciphers(e);
100}
101
102int
103ENGINE_set_default_ciphers(ENGINE *e)
104{
105 if (e->ciphers) {
106 const int *nids;
107 int num_nids = e->ciphers(e, NULL, &nids, 0);
108 if (num_nids > 0)
109 return engine_table_register(&cipher_table,
110 engine_unregister_all_ciphers, e, nids,
111 num_nids, 1);
112 }
113 return 1;
114}
115
116/* Exposed API function to get a functional reference from the implementation
117 * table (ie. try to get a functional reference from the tabled structural
118 * references) for a given cipher 'nid' */
119ENGINE *
120ENGINE_get_cipher_engine(int nid)
121{
122 return engine_table_select(&cipher_table, nid);
123}
124
125/* Obtains a cipher implementation from an ENGINE functional reference */
126const EVP_CIPHER *
127ENGINE_get_cipher(ENGINE *e, int nid)
128{
129 const EVP_CIPHER *ret;
130 ENGINE_CIPHERS_PTR fn = ENGINE_get_ciphers(e);
131
132 if (!fn || !fn(e, &ret, NULL, nid)) {
133 ENGINEerror(ENGINE_R_UNIMPLEMENTED_CIPHER);
134 return NULL;
135 }
136 return ret;
137}
138
139/* Gets the cipher callback from an ENGINE structure */
140ENGINE_CIPHERS_PTR
141ENGINE_get_ciphers(const ENGINE *e)
142{
143 return e->ciphers;
144}
145
146/* Sets the cipher callback in an ENGINE structure */
147int
148ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f)
149{
150 e->ciphers = f;
151 return 1;
152}
diff --git a/src/lib/libcrypto/engine/tb_dh.c b/src/lib/libcrypto/engine/tb_dh.c
deleted file mode 100644
index 4f200424e5..0000000000
--- a/src/lib/libcrypto/engine/tb_dh.c
+++ /dev/null
@@ -1,127 +0,0 @@
1/* $OpenBSD: tb_dh.c,v 1.6 2014/06/12 15:49:29 deraadt Exp $ */
2/* ====================================================================
3 * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include "eng_int.h"
57
58/* If this symbol is defined then ENGINE_get_default_DH(), the function that is
59 * used by DH to hook in implementation code and cache defaults (etc), will
60 * display brief debugging summaries to stderr with the 'nid'. */
61/* #define ENGINE_DH_DEBUG */
62
63static ENGINE_TABLE *dh_table = NULL;
64static const int dummy_nid = 1;
65
66void
67ENGINE_unregister_DH(ENGINE *e)
68{
69 engine_table_unregister(&dh_table, e);
70}
71
72static void
73engine_unregister_all_DH(void)
74{
75 engine_table_cleanup(&dh_table);
76}
77
78int
79ENGINE_register_DH(ENGINE *e)
80{
81 if (e->dh_meth)
82 return engine_table_register(&dh_table,
83 engine_unregister_all_DH, e, &dummy_nid, 1, 0);
84 return 1;
85}
86
87void
88ENGINE_register_all_DH(void)
89{
90 ENGINE *e;
91
92 for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
93 ENGINE_register_DH(e);
94}
95
96int
97ENGINE_set_default_DH(ENGINE *e)
98{
99 if (e->dh_meth)
100 return engine_table_register(&dh_table,
101 engine_unregister_all_DH, e, &dummy_nid, 1, 1);
102 return 1;
103}
104
105/* Exposed API function to get a functional reference from the implementation
106 * table (ie. try to get a functional reference from the tabled structural
107 * references). */
108ENGINE *
109ENGINE_get_default_DH(void)
110{
111 return engine_table_select(&dh_table, dummy_nid);
112}
113
114/* Obtains an DH implementation from an ENGINE functional reference */
115const DH_METHOD *
116ENGINE_get_DH(const ENGINE *e)
117{
118 return e->dh_meth;
119}
120
121/* Sets an DH implementation in an ENGINE structure */
122int
123ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth)
124{
125 e->dh_meth = dh_meth;
126 return 1;
127}
diff --git a/src/lib/libcrypto/engine/tb_digest.c b/src/lib/libcrypto/engine/tb_digest.c
deleted file mode 100644
index f1a2e8a6b3..0000000000
--- a/src/lib/libcrypto/engine/tb_digest.c
+++ /dev/null
@@ -1,152 +0,0 @@
1/* $OpenBSD: tb_digest.c,v 1.8 2017/01/29 17:49:23 beck Exp $ */
2/* ====================================================================
3 * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include <openssl/err.h>
57
58#include "eng_int.h"
59
60/* If this symbol is defined then ENGINE_get_digest_engine(), the function that
61 * is used by EVP to hook in digest code and cache defaults (etc), will display
62 * brief debugging summaries to stderr with the 'nid'. */
63/* #define ENGINE_DIGEST_DEBUG */
64
65static ENGINE_TABLE *digest_table = NULL;
66
67void
68ENGINE_unregister_digests(ENGINE *e)
69{
70 engine_table_unregister(&digest_table, e);
71}
72
73static void
74engine_unregister_all_digests(void)
75{
76 engine_table_cleanup(&digest_table);
77}
78
79int
80ENGINE_register_digests(ENGINE *e)
81{
82 if (e->digests) {
83 const int *nids;
84 int num_nids = e->digests(e, NULL, &nids, 0);
85 if (num_nids > 0)
86 return engine_table_register(&digest_table,
87 engine_unregister_all_digests, e, nids,
88 num_nids, 0);
89 }
90 return 1;
91}
92
93void
94ENGINE_register_all_digests(void)
95{
96 ENGINE *e;
97
98 for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
99 ENGINE_register_digests(e);
100}
101
102int
103ENGINE_set_default_digests(ENGINE *e)
104{
105 if (e->digests) {
106 const int *nids;
107 int num_nids = e->digests(e, NULL, &nids, 0);
108 if (num_nids > 0)
109 return engine_table_register(&digest_table,
110 engine_unregister_all_digests, e, nids,
111 num_nids, 1);
112 }
113 return 1;
114}
115
116/* Exposed API function to get a functional reference from the implementation
117 * table (ie. try to get a functional reference from the tabled structural
118 * references) for a given digest 'nid' */
119ENGINE *
120ENGINE_get_digest_engine(int nid)
121{
122 return engine_table_select(&digest_table, nid);
123}
124
125/* Obtains a digest implementation from an ENGINE functional reference */
126const EVP_MD *
127ENGINE_get_digest(ENGINE *e, int nid)
128{
129 const EVP_MD *ret;
130 ENGINE_DIGESTS_PTR fn = ENGINE_get_digests(e);
131
132 if (!fn || !fn(e, &ret, NULL, nid)) {
133 ENGINEerror(ENGINE_R_UNIMPLEMENTED_DIGEST);
134 return NULL;
135 }
136 return ret;
137}
138
139/* Gets the digest callback from an ENGINE structure */
140ENGINE_DIGESTS_PTR
141ENGINE_get_digests(const ENGINE *e)
142{
143 return e->digests;
144}
145
146/* Sets the digest callback in an ENGINE structure */
147int
148ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f)
149{
150 e->digests = f;
151 return 1;
152}
diff --git a/src/lib/libcrypto/engine/tb_dsa.c b/src/lib/libcrypto/engine/tb_dsa.c
deleted file mode 100644
index 23e9236107..0000000000
--- a/src/lib/libcrypto/engine/tb_dsa.c
+++ /dev/null
@@ -1,127 +0,0 @@
1/* $OpenBSD: tb_dsa.c,v 1.7 2014/06/12 15:49:29 deraadt Exp $ */
2/* ====================================================================
3 * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include "eng_int.h"
57
58/* If this symbol is defined then ENGINE_get_default_DSA(), the function that is
59 * used by DSA to hook in implementation code and cache defaults (etc), will
60 * display brief debugging summaries to stderr with the 'nid'. */
61/* #define ENGINE_DSA_DEBUG */
62
63static ENGINE_TABLE *dsa_table = NULL;
64static const int dummy_nid = 1;
65
66void
67ENGINE_unregister_DSA(ENGINE *e)
68{
69 engine_table_unregister(&dsa_table, e);
70}
71
72static void
73engine_unregister_all_DSA(void)
74{
75 engine_table_cleanup(&dsa_table);
76}
77
78int
79ENGINE_register_DSA(ENGINE *e)
80{
81 if (e->dsa_meth)
82 return engine_table_register(&dsa_table,
83 engine_unregister_all_DSA, e, &dummy_nid, 1, 0);
84 return 1;
85}
86
87void
88ENGINE_register_all_DSA(void)
89{
90 ENGINE *e;
91
92 for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
93 ENGINE_register_DSA(e);
94}
95
96int
97ENGINE_set_default_DSA(ENGINE *e)
98{
99 if (e->dsa_meth)
100 return engine_table_register(&dsa_table,
101 engine_unregister_all_DSA, e, &dummy_nid, 1, 1);
102 return 1;
103}
104
105/* Exposed API function to get a functional reference from the implementation
106 * table (ie. try to get a functional reference from the tabled structural
107 * references). */
108ENGINE *
109ENGINE_get_default_DSA(void)
110{
111 return engine_table_select(&dsa_table, dummy_nid);
112}
113
114/* Obtains an DSA implementation from an ENGINE functional reference */
115const DSA_METHOD *
116ENGINE_get_DSA(const ENGINE *e)
117{
118 return e->dsa_meth;
119}
120
121/* Sets an DSA implementation in an ENGINE structure */
122int
123ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth)
124{
125 e->dsa_meth = dsa_meth;
126 return 1;
127}
diff --git a/src/lib/libcrypto/engine/tb_ecdh.c b/src/lib/libcrypto/engine/tb_ecdh.c
deleted file mode 100644
index a67877addd..0000000000
--- a/src/lib/libcrypto/engine/tb_ecdh.c
+++ /dev/null
@@ -1,141 +0,0 @@
1/* $OpenBSD: tb_ecdh.c,v 1.4 2014/06/12 15:49:29 deraadt Exp $ */
2/* ====================================================================
3 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
4 *
5 * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
6 * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
7 * to the OpenSSL project.
8 *
9 * The ECC Code is licensed pursuant to the OpenSSL open source
10 * license provided below.
11 *
12 * The ECDH engine software is originally written by Nils Gura and
13 * Douglas Stebila of Sun Microsystems Laboratories.
14 *
15 */
16/* ====================================================================
17 * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved.
18 *
19 * Redistribution and use in source and binary forms, with or without
20 * modification, are permitted provided that the following conditions
21 * are met:
22 *
23 * 1. Redistributions of source code must retain the above copyright
24 * notice, this list of conditions and the following disclaimer.
25 *
26 * 2. Redistributions in binary form must reproduce the above copyright
27 * notice, this list of conditions and the following disclaimer in
28 * the documentation and/or other materials provided with the
29 * distribution.
30 *
31 * 3. All advertising materials mentioning features or use of this
32 * software must display the following acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
35 *
36 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
37 * endorse or promote products derived from this software without
38 * prior written permission. For written permission, please contact
39 * licensing@OpenSSL.org.
40 *
41 * 5. Products derived from this software may not be called "OpenSSL"
42 * nor may "OpenSSL" appear in their names without prior written
43 * permission of the OpenSSL Project.
44 *
45 * 6. Redistributions of any form whatsoever must retain the following
46 * acknowledgment:
47 * "This product includes software developed by the OpenSSL Project
48 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
49 *
50 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
51 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
52 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
53 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
54 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
55 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
56 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
57 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
58 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
59 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
60 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
61 * OF THE POSSIBILITY OF SUCH DAMAGE.
62 * ====================================================================
63 *
64 * This product includes cryptographic software written by Eric Young
65 * (eay@cryptsoft.com). This product includes software written by Tim
66 * Hudson (tjh@cryptsoft.com).
67 *
68 */
69
70#include "eng_int.h"
71
72/* If this symbol is defined then ENGINE_get_default_ECDH(), the function that is
73 * used by ECDH to hook in implementation code and cache defaults (etc), will
74 * display brief debugging summaries to stderr with the 'nid'. */
75/* #define ENGINE_ECDH_DEBUG */
76
77static ENGINE_TABLE *ecdh_table = NULL;
78static const int dummy_nid = 1;
79
80void
81ENGINE_unregister_ECDH(ENGINE *e)
82{
83 engine_table_unregister(&ecdh_table, e);
84}
85
86static void
87engine_unregister_all_ECDH(void)
88{
89 engine_table_cleanup(&ecdh_table);
90}
91
92int
93ENGINE_register_ECDH(ENGINE *e)
94{
95 if (e->ecdh_meth)
96 return engine_table_register(&ecdh_table,
97 engine_unregister_all_ECDH, e, &dummy_nid, 1, 0);
98 return 1;
99}
100
101void
102ENGINE_register_all_ECDH(void)
103{
104 ENGINE *e;
105
106 for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
107 ENGINE_register_ECDH(e);
108}
109
110int
111ENGINE_set_default_ECDH(ENGINE *e)
112{
113 if (e->ecdh_meth)
114 return engine_table_register(&ecdh_table,
115 engine_unregister_all_ECDH, e, &dummy_nid, 1, 1);
116 return 1;
117}
118
119/* Exposed API function to get a functional reference from the implementation
120 * table (ie. try to get a functional reference from the tabled structural
121 * references). */
122ENGINE *
123ENGINE_get_default_ECDH(void)
124{
125 return engine_table_select(&ecdh_table, dummy_nid);
126}
127
128/* Obtains an ECDH implementation from an ENGINE functional reference */
129const ECDH_METHOD *
130ENGINE_get_ECDH(const ENGINE *e)
131{
132 return e->ecdh_meth;
133}
134
135/* Sets an ECDH implementation in an ENGINE structure */
136int
137ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth)
138{
139 e->ecdh_meth = ecdh_meth;
140 return 1;
141}
diff --git a/src/lib/libcrypto/engine/tb_ecdsa.c b/src/lib/libcrypto/engine/tb_ecdsa.c
deleted file mode 100644
index 226b76e185..0000000000
--- a/src/lib/libcrypto/engine/tb_ecdsa.c
+++ /dev/null
@@ -1,127 +0,0 @@
1/* $OpenBSD: tb_ecdsa.c,v 1.4 2014/06/12 15:49:29 deraadt Exp $ */
2/* ====================================================================
3 * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include "eng_int.h"
57
58/* If this symbol is defined then ENGINE_get_default_ECDSA(), the function that is
59 * used by ECDSA to hook in implementation code and cache defaults (etc), will
60 * display brief debugging summaries to stderr with the 'nid'. */
61/* #define ENGINE_ECDSA_DEBUG */
62
63static ENGINE_TABLE *ecdsa_table = NULL;
64static const int dummy_nid = 1;
65
66void
67ENGINE_unregister_ECDSA(ENGINE *e)
68{
69 engine_table_unregister(&ecdsa_table, e);
70}
71
72static void
73engine_unregister_all_ECDSA(void)
74{
75 engine_table_cleanup(&ecdsa_table);
76}
77
78int
79ENGINE_register_ECDSA(ENGINE *e)
80{
81 if (e->ecdsa_meth)
82 return engine_table_register(&ecdsa_table,
83 engine_unregister_all_ECDSA, e, &dummy_nid, 1, 0);
84 return 1;
85}
86
87void
88ENGINE_register_all_ECDSA(void)
89{
90 ENGINE *e;
91
92 for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
93 ENGINE_register_ECDSA(e);
94}
95
96int
97ENGINE_set_default_ECDSA(ENGINE *e)
98{
99 if (e->ecdsa_meth)
100 return engine_table_register(&ecdsa_table,
101 engine_unregister_all_ECDSA, e, &dummy_nid, 1, 1);
102 return 1;
103}
104
105/* Exposed API function to get a functional reference from the implementation
106 * table (ie. try to get a functional reference from the tabled structural
107 * references). */
108ENGINE *
109ENGINE_get_default_ECDSA(void)
110{
111 return engine_table_select(&ecdsa_table, dummy_nid);
112}
113
114/* Obtains an ECDSA implementation from an ENGINE functional reference */
115const ECDSA_METHOD *
116ENGINE_get_ECDSA(const ENGINE *e)
117{
118 return e->ecdsa_meth;
119}
120
121/* Sets an ECDSA implementation in an ENGINE structure */
122int
123ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth)
124{
125 e->ecdsa_meth = ecdsa_meth;
126 return 1;
127}
diff --git a/src/lib/libcrypto/engine/tb_eckey.c b/src/lib/libcrypto/engine/tb_eckey.c
deleted file mode 100644
index 464156aefa..0000000000
--- a/src/lib/libcrypto/engine/tb_eckey.c
+++ /dev/null
@@ -1,124 +0,0 @@
1/* $OpenBSD: tb_eckey.c,v 1.2 2019/01/19 01:18:56 tb Exp $ */
2/* ====================================================================
3 * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include "eng_int.h"
57
58static ENGINE_TABLE *ec_table = NULL;
59static const int dummy_nid = 1;
60
61void
62ENGINE_unregister_EC(ENGINE *e)
63{
64 engine_table_unregister(&ec_table, e);
65}
66
67static void
68engine_unregister_all_EC(void)
69{
70 engine_table_cleanup(&ec_table);
71}
72
73int
74ENGINE_register_EC(ENGINE *e)
75{
76 if (e->ec_meth)
77 return engine_table_register(&ec_table,
78 engine_unregister_all_EC, e, &dummy_nid, 1, 0);
79 return 1;
80}
81
82void
83ENGINE_register_all_EC(void)
84{
85 ENGINE *e;
86
87 for (e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e))
88 ENGINE_register_EC(e);
89}
90
91int
92ENGINE_set_default_EC(ENGINE *e)
93{
94 if (e->ec_meth != NULL)
95 return engine_table_register(&ec_table,
96 engine_unregister_all_EC, e, &dummy_nid, 1, 1);
97 return 1;
98}
99
100/*
101 * Exposed API function to get a functional reference from the implementation
102 * table (ie. try to get a functional reference from the tabled structural
103 * references).
104 */
105ENGINE *
106ENGINE_get_default_EC(void)
107{
108 return engine_table_select(&ec_table, dummy_nid);
109}
110
111/* Obtains an EC_KEY implementation from an ENGINE functional reference */
112const EC_KEY_METHOD *
113ENGINE_get_EC(const ENGINE *e)
114{
115 return e->ec_meth;
116}
117
118/* Sets an EC_KEY implementation in an ENGINE structure */
119int
120ENGINE_set_EC(ENGINE *e, const EC_KEY_METHOD *ec_meth)
121{
122 e->ec_meth = ec_meth;
123 return 1;
124}
diff --git a/src/lib/libcrypto/engine/tb_pkmeth.c b/src/lib/libcrypto/engine/tb_pkmeth.c
deleted file mode 100644
index 05566a3464..0000000000
--- a/src/lib/libcrypto/engine/tb_pkmeth.c
+++ /dev/null
@@ -1,175 +0,0 @@
1/* $OpenBSD: tb_pkmeth.c,v 1.6 2017/01/29 17:49:23 beck Exp $ */
2/* ====================================================================
3 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include <openssl/err.h>
57
58#include "eng_int.h"
59#include <openssl/evp.h>
60
61/* If this symbol is defined then ENGINE_get_pkey_meth_engine(), the function
62 * that is used by EVP to hook in pkey_meth code and cache defaults (etc), will
63 * display brief debugging summaries to stderr with the 'nid'. */
64/* #define ENGINE_PKEY_METH_DEBUG */
65
66static ENGINE_TABLE *pkey_meth_table = NULL;
67
68void
69ENGINE_unregister_pkey_meths(ENGINE *e)
70{
71 engine_table_unregister(&pkey_meth_table, e);
72}
73
74static void
75engine_unregister_all_pkey_meths(void)
76{
77 engine_table_cleanup(&pkey_meth_table);
78}
79
80int
81ENGINE_register_pkey_meths(ENGINE *e)
82{
83 if (e->pkey_meths) {
84 const int *nids;
85 int num_nids = e->pkey_meths(e, NULL, &nids, 0);
86 if (num_nids > 0)
87 return engine_table_register(&pkey_meth_table,
88 engine_unregister_all_pkey_meths, e, nids,
89 num_nids, 0);
90 }
91 return 1;
92}
93
94void
95ENGINE_register_all_pkey_meths(void)
96{
97 ENGINE *e;
98
99 for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
100 ENGINE_register_pkey_meths(e);
101}
102
103int
104ENGINE_set_default_pkey_meths(ENGINE *e)
105{
106 if (e->pkey_meths) {
107 const int *nids;
108 int num_nids = e->pkey_meths(e, NULL, &nids, 0);
109 if (num_nids > 0)
110 return engine_table_register(&pkey_meth_table,
111 engine_unregister_all_pkey_meths, e, nids,
112 num_nids, 1);
113 }
114 return 1;
115}
116
117/* Exposed API function to get a functional reference from the implementation
118 * table (ie. try to get a functional reference from the tabled structural
119 * references) for a given pkey_meth 'nid' */
120ENGINE *
121ENGINE_get_pkey_meth_engine(int nid)
122{
123 return engine_table_select(&pkey_meth_table, nid);
124}
125
126/* Obtains a pkey_meth implementation from an ENGINE functional reference */
127const EVP_PKEY_METHOD *
128ENGINE_get_pkey_meth(ENGINE *e, int nid)
129{
130 EVP_PKEY_METHOD *ret;
131 ENGINE_PKEY_METHS_PTR fn = ENGINE_get_pkey_meths(e);
132
133 if (!fn || !fn(e, &ret, NULL, nid)) {
134 ENGINEerror(ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD);
135 return NULL;
136 }
137 return ret;
138}
139
140/* Gets the pkey_meth callback from an ENGINE structure */
141ENGINE_PKEY_METHS_PTR
142ENGINE_get_pkey_meths(const ENGINE *e)
143{
144 return e->pkey_meths;
145}
146
147/* Sets the pkey_meth callback in an ENGINE structure */
148int
149ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f)
150{
151 e->pkey_meths = f;
152 return 1;
153}
154
155/* Internal function to free up EVP_PKEY_METHOD structures before an
156 * ENGINE is destroyed
157 */
158
159void
160engine_pkey_meths_free(ENGINE *e)
161{
162 int i;
163 EVP_PKEY_METHOD *pkm;
164
165 if (e->pkey_meths) {
166 const int *pknids;
167 int npknids;
168 npknids = e->pkey_meths(e, NULL, &pknids, 0);
169 for (i = 0; i < npknids; i++) {
170 if (e->pkey_meths(e, &pkm, NULL, pknids[i])) {
171 EVP_PKEY_meth_free(pkm);
172 }
173 }
174 }
175}
diff --git a/src/lib/libcrypto/engine/tb_rand.c b/src/lib/libcrypto/engine/tb_rand.c
deleted file mode 100644
index cc61da747c..0000000000
--- a/src/lib/libcrypto/engine/tb_rand.c
+++ /dev/null
@@ -1,127 +0,0 @@
1/* $OpenBSD: tb_rand.c,v 1.6 2014/06/12 15:49:29 deraadt Exp $ */
2/* ====================================================================
3 * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include "eng_int.h"
57
58/* If this symbol is defined then ENGINE_get_default_RAND(), the function that is
59 * used by RAND to hook in implementation code and cache defaults (etc), will
60 * display brief debugging summaries to stderr with the 'nid'. */
61/* #define ENGINE_RAND_DEBUG */
62
63static ENGINE_TABLE *rand_table = NULL;
64static const int dummy_nid = 1;
65
66void
67ENGINE_unregister_RAND(ENGINE *e)
68{
69 engine_table_unregister(&rand_table, e);
70}
71
72static void
73engine_unregister_all_RAND(void)
74{
75 engine_table_cleanup(&rand_table);
76}
77
78int
79ENGINE_register_RAND(ENGINE *e)
80{
81 if (e->rand_meth)
82 return engine_table_register(&rand_table,
83 engine_unregister_all_RAND, e, &dummy_nid, 1, 0);
84 return 1;
85}
86
87void
88ENGINE_register_all_RAND(void)
89{
90 ENGINE *e;
91
92 for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
93 ENGINE_register_RAND(e);
94}
95
96int
97ENGINE_set_default_RAND(ENGINE *e)
98{
99 if (e->rand_meth)
100 return engine_table_register(&rand_table,
101 engine_unregister_all_RAND, e, &dummy_nid, 1, 1);
102 return 1;
103}
104
105/* Exposed API function to get a functional reference from the implementation
106 * table (ie. try to get a functional reference from the tabled structural
107 * references). */
108ENGINE *
109ENGINE_get_default_RAND(void)
110{
111 return engine_table_select(&rand_table, dummy_nid);
112}
113
114/* Obtains an RAND implementation from an ENGINE functional reference */
115const RAND_METHOD *
116ENGINE_get_RAND(const ENGINE *e)
117{
118 return e->rand_meth;
119}
120
121/* Sets an RAND implementation in an ENGINE structure */
122int
123ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth)
124{
125 e->rand_meth = rand_meth;
126 return 1;
127}
diff --git a/src/lib/libcrypto/engine/tb_rsa.c b/src/lib/libcrypto/engine/tb_rsa.c
deleted file mode 100644
index 52ee8889a0..0000000000
--- a/src/lib/libcrypto/engine/tb_rsa.c
+++ /dev/null
@@ -1,127 +0,0 @@
1/* $OpenBSD: tb_rsa.c,v 1.6 2014/06/12 15:49:29 deraadt Exp $ */
2/* ====================================================================
3 * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include "eng_int.h"
57
58/* If this symbol is defined then ENGINE_get_default_RSA(), the function that is
59 * used by RSA to hook in implementation code and cache defaults (etc), will
60 * display brief debugging summaries to stderr with the 'nid'. */
61/* #define ENGINE_RSA_DEBUG */
62
63static ENGINE_TABLE *rsa_table = NULL;
64static const int dummy_nid = 1;
65
66void
67ENGINE_unregister_RSA(ENGINE *e)
68{
69 engine_table_unregister(&rsa_table, e);
70}
71
72static void
73engine_unregister_all_RSA(void)
74{
75 engine_table_cleanup(&rsa_table);
76}
77
78int
79ENGINE_register_RSA(ENGINE *e)
80{
81 if (e->rsa_meth)
82 return engine_table_register(&rsa_table,
83 engine_unregister_all_RSA, e, &dummy_nid, 1, 0);
84 return 1;
85}
86
87void
88ENGINE_register_all_RSA(void)
89{
90 ENGINE *e;
91
92 for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
93 ENGINE_register_RSA(e);
94}
95
96int
97ENGINE_set_default_RSA(ENGINE *e)
98{
99 if (e->rsa_meth)
100 return engine_table_register(&rsa_table,
101 engine_unregister_all_RSA, e, &dummy_nid, 1, 1);
102 return 1;
103}
104
105/* Exposed API function to get a functional reference from the implementation
106 * table (ie. try to get a functional reference from the tabled structural
107 * references). */
108ENGINE *
109ENGINE_get_default_RSA(void)
110{
111 return engine_table_select(&rsa_table, dummy_nid);
112}
113
114/* Obtains an RSA implementation from an ENGINE functional reference */
115const RSA_METHOD *
116ENGINE_get_RSA(const ENGINE *e)
117{
118 return e->rsa_meth;
119}
120
121/* Sets an RSA implementation in an ENGINE structure */
122int
123ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth)
124{
125 e->rsa_meth = rsa_meth;
126 return 1;
127}
diff --git a/src/lib/libcrypto/engine/tb_store.c b/src/lib/libcrypto/engine/tb_store.c
deleted file mode 100644
index e9ad11ab01..0000000000
--- a/src/lib/libcrypto/engine/tb_store.c
+++ /dev/null
@@ -1,109 +0,0 @@
1/* $OpenBSD: tb_store.c,v 1.5 2015/02/07 13:19:15 doug Exp $ */
2/* ====================================================================
3 * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include "eng_int.h"
57
58/* If this symbol is defined then ENGINE_get_default_STORE(), the function that is
59 * used by STORE to hook in implementation code and cache defaults (etc), will
60 * display brief debugging summaries to stderr with the 'nid'. */
61/* #define ENGINE_STORE_DEBUG */
62
63static ENGINE_TABLE *store_table = NULL;
64static const int dummy_nid = 1;
65
66void
67ENGINE_unregister_STORE(ENGINE *e)
68{
69 engine_table_unregister(&store_table, e);
70}
71
72static void
73engine_unregister_all_STORE(void)
74{
75 engine_table_cleanup(&store_table);
76}
77
78int
79ENGINE_register_STORE(ENGINE *e)
80{
81 if (e->store_meth)
82 return engine_table_register(&store_table,
83 engine_unregister_all_STORE, e, &dummy_nid, 1, 0);
84 return 1;
85}
86
87void
88ENGINE_register_all_STORE(void)
89{
90 ENGINE *e;
91
92 for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
93 ENGINE_register_STORE(e);
94}
95
96/* Obtains an STORE implementation from an ENGINE functional reference */
97const STORE_METHOD *
98ENGINE_get_STORE(const ENGINE *e)
99{
100 return e->store_meth;
101}
102
103/* Sets an STORE implementation in an ENGINE structure */
104int
105ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth)
106{
107 e->store_meth = store_meth;
108 return 1;
109}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2026-02-19 09:06:45 +0000