summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/engine
diff options
context:
space:
mode:
authorcvs2svn <admin@example.com>2016-07-23 19:31:36 +0000
committercvs2svn <admin@example.com>2016-07-23 19:31:36 +0000
commit86c49b31af735796dfde37aa29473a30d36367db (patch)
treee9a354a92a348338fe2b361e2eda703cae23cfab /src/lib/libcrypto/engine
parent19d5fe348e8926bac4521c5807aa64c45b8f7a41 (diff)
downloadopenbsd-OPENBSD_6_0_BASE.tar.gz
openbsd-OPENBSD_6_0_BASE.tar.bz2
openbsd-OPENBSD_6_0_BASE.zip
This commit was manufactured by cvs2git to create tag 'OPENBSD_6_0_BASE'.OPENBSD_6_0_BASE
Diffstat (limited to 'src/lib/libcrypto/engine')
-rw-r--r--src/lib/libcrypto/engine/README211
-rw-r--r--src/lib/libcrypto/engine/eng_aesni.c568
-rw-r--r--src/lib/libcrypto/engine/eng_all.c78
-rw-r--r--src/lib/libcrypto/engine/eng_cnf.c257
-rw-r--r--src/lib/libcrypto/engine/eng_ctrl.c393
-rw-r--r--src/lib/libcrypto/engine/eng_dyn.c64
-rw-r--r--src/lib/libcrypto/engine/eng_err.c173
-rw-r--r--src/lib/libcrypto/engine/eng_fat.c192
-rw-r--r--src/lib/libcrypto/engine/eng_init.c150
-rw-r--r--src/lib/libcrypto/engine/eng_int.h206
-rw-r--r--src/lib/libcrypto/engine/eng_lib.c367
-rw-r--r--src/lib/libcrypto/engine/eng_list.c396
-rw-r--r--src/lib/libcrypto/engine/eng_openssl.c406
-rw-r--r--src/lib/libcrypto/engine/eng_padlock.c1128
-rw-r--r--src/lib/libcrypto/engine/eng_padlock.ec1
-rw-r--r--src/lib/libcrypto/engine/eng_pkey.c195
-rw-r--r--src/lib/libcrypto/engine/eng_table.c355
-rw-r--r--src/lib/libcrypto/engine/engine.h807
-rw-r--r--src/lib/libcrypto/engine/tb_asnmth.c256
-rw-r--r--src/lib/libcrypto/engine/tb_cipher.c153
-rw-r--r--src/lib/libcrypto/engine/tb_dh.c127
-rw-r--r--src/lib/libcrypto/engine/tb_digest.c153
-rw-r--r--src/lib/libcrypto/engine/tb_dsa.c127
-rw-r--r--src/lib/libcrypto/engine/tb_ecdh.c141
-rw-r--r--src/lib/libcrypto/engine/tb_ecdsa.c127
-rw-r--r--src/lib/libcrypto/engine/tb_pkmeth.c176
-rw-r--r--src/lib/libcrypto/engine/tb_rand.c127
-rw-r--r--src/lib/libcrypto/engine/tb_rsa.c127
-rw-r--r--src/lib/libcrypto/engine/tb_store.c109
29 files changed, 0 insertions, 7570 deletions
diff --git a/src/lib/libcrypto/engine/README b/src/lib/libcrypto/engine/README
deleted file mode 100644
index 6b69b70f57..0000000000
--- a/src/lib/libcrypto/engine/README
+++ /dev/null
@@ -1,211 +0,0 @@
1Notes: 2001-09-24
2-----------------
3
4This "description" (if one chooses to call it that) needed some major updating
5so here goes. This update addresses a change being made at the same time to
6OpenSSL, and it pretty much completely restructures the underlying mechanics of
7the "ENGINE" code. So it serves a double purpose of being a "ENGINE internals
8for masochists" document *and* a rather extensive commit log message. (I'd get
9lynched for sticking all this in CHANGES or the commit mails :-).
10
11ENGINE_TABLE underlies this restructuring, as described in the internal header
12"eng_int.h", implemented in eng_table.c, and used in each of the "class" files;
13tb_rsa.c, tb_dsa.c, etc.
14
15However, "EVP_CIPHER" underlies the motivation and design of ENGINE_TABLE so
16I'll mention a bit about that first. EVP_CIPHER (and most of this applies
17equally to EVP_MD for digests) is both a "method" and a algorithm/mode
18identifier that, in the current API, "lingers". These cipher description +
19implementation structures can be defined or obtained directly by applications,
20or can be loaded "en masse" into EVP storage so that they can be catalogued and
21searched in various ways, ie. two ways of encrypting with the "des_cbc"
22algorithm/mode pair are;
23
24(i) directly;
25 const EVP_CIPHER *cipher = EVP_des_cbc();
26 EVP_EncryptInit(&ctx, cipher, key, iv);
27 [ ... use EVP_EncryptUpdate() and EVP_EncryptFinal() ...]
28
29(ii) indirectly;
30 OpenSSL_add_all_ciphers();
31 cipher = EVP_get_cipherbyname("des_cbc");
32 EVP_EncryptInit(&ctx, cipher, key, iv);
33 [ ... etc ... ]
34
35The latter is more generally used because it also allows ciphers/digests to be
36looked up based on other identifiers which can be useful for automatic cipher
37selection, eg. in SSL/TLS, or by user-controllable configuration.
38
39The important point about this is that EVP_CIPHER definitions and structures are
40passed around with impunity and there is no safe way, without requiring massive
41rewrites of many applications, to assume that EVP_CIPHERs can be reference
42counted. One an EVP_CIPHER is exposed to the caller, neither it nor anything it
43comes from can "safely" be destroyed. Unless of course the way of getting to
44such ciphers is via entirely distinct API calls that didn't exist before.
45However existing API usage cannot be made to understand when an EVP_CIPHER
46pointer, that has been passed to the caller, is no longer being used.
47
48The other problem with the existing API w.r.t. to hooking EVP_CIPHER support
49into ENGINE is storage - the OBJ_NAME-based storage used by EVP to register
50ciphers simultaneously registers cipher *types* and cipher *implementations* -
51they are effectively the same thing, an "EVP_CIPHER" pointer. The problem with
52hooking in ENGINEs is that multiple ENGINEs may implement the same ciphers. The
53solution is necessarily that ENGINE-provided ciphers simply are not registered,
54stored, or exposed to the caller in the same manner as existing ciphers. This is
55especially necessary considering the fact ENGINE uses reference counts to allow
56for cleanup, modularity, and DSO support - yet EVP_CIPHERs, as exposed to
57callers in the current API, support no such controls.
58
59Another sticking point for integrating cipher support into ENGINE is linkage.
60Already there is a problem with the way ENGINE supports RSA, DSA, etc whereby
61they are available *because* they're part of a giant ENGINE called "openssl".
62Ie. all implementations *have* to come from an ENGINE, but we get round that by
63having a giant ENGINE with all the software support encapsulated. This creates
64linker hassles if nothing else - linking a 1-line application that calls 2 basic
65RSA functions (eg. "RSA_free(RSA_new());") will result in large quantities of
66ENGINE code being linked in *and* because of that DSA, DH, and RAND also. If we
67continue with this approach for EVP_CIPHER support (even if it *was* possible)
68we would lose our ability to link selectively by selectively loading certain
69implementations of certain functionality. Touching any part of any kind of
70crypto would result in massive static linkage of everything else. So the
71solution is to change the way ENGINE feeds existing "classes", ie. how the
72hooking to ENGINE works from RSA, DSA, DH, RAND, as well as adding new hooking
73for EVP_CIPHER, and EVP_MD.
74
75The way this is now being done is by mostly reverting back to how things used to
76work prior to ENGINE :-). Ie. RSA now has a "RSA_METHOD" pointer again - this
77was previously replaced by an "ENGINE" pointer and all RSA code that required
78the RSA_METHOD would call ENGINE_get_RSA() each time on its ENGINE handle to
79temporarily get and use the ENGINE's RSA implementation. Apart from being more
80efficient, switching back to each RSA having an RSA_METHOD pointer also allows
81us to conceivably operate with *no* ENGINE. As we'll see, this removes any need
82for a fallback ENGINE that encapsulates default implementations - we can simply
83have our RSA structure pointing its RSA_METHOD pointer to the software
84implementation and have its ENGINE pointer set to NULL.
85
86A look at the EVP_CIPHER hooking is most explanatory, the RSA, DSA (etc) cases
87turn out to be degenerate forms of the same thing. The EVP storage of ciphers,
88and the existing EVP API functions that return "software" implementations and
89descriptions remain untouched. However, the storage takes more meaning in terms
90of "cipher description" and less meaning in terms of "implementation". When an
91EVP_CIPHER_CTX is actually initialised with an EVP_CIPHER method and is about to
92begin en/decryption, the hooking to ENGINE comes into play. What happens is that
93cipher-specific ENGINE code is asked for an ENGINE pointer (a functional
94reference) for any ENGINE that is registered to perform the algo/mode that the
95provided EVP_CIPHER structure represents. Under normal circumstances, that
96ENGINE code will return NULL because no ENGINEs will have had any cipher
97implementations *registered*. As such, a NULL ENGINE pointer is stored in the
98EVP_CIPHER_CTX context, and the EVP_CIPHER structure is left hooked into the
99context and so is used as the implementation. Pretty much how things work now
100except we'd have a redundant ENGINE pointer set to NULL and doing nothing.
101
102Conversely, if an ENGINE *has* been registered to perform the algorithm/mode
103combination represented by the provided EVP_CIPHER, then a functional reference
104to that ENGINE will be returned to the EVP_CIPHER_CTX during initialisation.
105That functional reference will be stored in the context (and released on
106cleanup) - and having that reference provides a *safe* way to use an EVP_CIPHER
107definition that is private to the ENGINE. Ie. the EVP_CIPHER provided by the
108application will actually be replaced by an EVP_CIPHER from the registered
109ENGINE - it will support the same algorithm/mode as the original but will be a
110completely different implementation. Because this EVP_CIPHER isn't stored in the
111EVP storage, nor is it returned to applications from traditional API functions,
112there is no associated problem with it not having reference counts. And of
113course, when one of these "private" cipher implementations is hooked into
114EVP_CIPHER_CTX, it is done whilst the EVP_CIPHER_CTX holds a functional
115reference to the ENGINE that owns it, thus the use of the ENGINE's EVP_CIPHER is
116safe.
117
118The "cipher-specific ENGINE code" I mentioned is implemented in tb_cipher.c but
119in essence it is simply an instantiation of "ENGINE_TABLE" code for use by
120EVP_CIPHER code. tb_digest.c is virtually identical but, of course, it is for
121use by EVP_MD code. Ditto for tb_rsa.c, tb_dsa.c, etc. These instantiations of
122ENGINE_TABLE essentially provide linker-separation of the classes so that even
123if ENGINEs implement *all* possible algorithms, an application using only
124EVP_CIPHER code will link at most code relating to EVP_CIPHER, tb_cipher.c, core
125ENGINE code that is independant of class, and of course the ENGINE
126implementation that the application loaded. It will *not* however link any
127class-specific ENGINE code for digests, RSA, etc nor will it bleed over into
128other APIs, such as the RSA/DSA/etc library code.
129
130ENGINE_TABLE is a little more complicated than may seem necessary but this is
131mostly to avoid a lot of "init()"-thrashing on ENGINEs (that may have to load
132DSOs, and other expensive setup that shouldn't be thrashed unnecessarily) *and*
133to duplicate "default" behaviour. Basically an ENGINE_TABLE instantiation, for
134example tb_cipher.c, implements a hash-table keyed by integer "nid" values.
135These nids provide the uniquenness of an algorithm/mode - and each nid will hash
136to a potentially NULL "ENGINE_PILE". An ENGINE_PILE is essentially a list of
137pointers to ENGINEs that implement that particular 'nid'. Each "pile" uses some
138caching tricks such that requests on that 'nid' will be cached and all future
139requests will return immediately (well, at least with minimal operation) unless
140a change is made to the pile, eg. perhaps an ENGINE was unloaded. The reason is
141that an application could have support for 10 ENGINEs statically linked
142in, and the machine in question may not have any of the hardware those 10
143ENGINEs support. If each of those ENGINEs has a "des_cbc" implementation, we
144want to avoid every EVP_CIPHER_CTX setup from trying (and failing) to initialise
145each of those 10 ENGINEs. Instead, the first such request will try to do that
146and will either return (and cache) a NULL ENGINE pointer or will return a
147functional reference to the first that successfully initialised. In the latter
148case it will also cache an extra functional reference to the ENGINE as a
149"default" for that 'nid'. The caching is acknowledged by a 'uptodate' variable
150that is unset only if un/registration takes place on that pile. Ie. if
151implementations of "des_cbc" are added or removed. This behaviour can be
152tweaked; the ENGINE_TABLE_FLAG_NOINIT value can be passed to
153ENGINE_set_table_flags(), in which case the only ENGINEs that tb_cipher.c will
154try to initialise from the "pile" will be those that are already initialised
155(ie. it's simply an increment of the functional reference count, and no real
156"initialisation" will take place).
157
158RSA, DSA, DH, and RAND all have their own ENGINE_TABLE code as well, and the
159difference is that they all use an implicit 'nid' of 1. Whereas EVP_CIPHERs are
160actually qualitatively different depending on 'nid' (the "des_cbc" EVP_CIPHER is
161not an interoperable implementation of "aes_256_cbc"), RSA_METHODs are
162necessarily interoperable and don't have different flavours, only different
163implementations. In other words, the ENGINE_TABLE for RSA will either be empty,
164or will have a single ENGING_PILE hashed to by the 'nid' 1 and that pile
165represents ENGINEs that implement the single "type" of RSA there is.
166
167Cleanup - the registration and unregistration may pose questions about how
168cleanup works with the ENGINE_PILE doing all this caching nonsense (ie. when the
169application or EVP_CIPHER code releases its last reference to an ENGINE, the
170ENGINE_PILE code may still have references and thus those ENGINEs will stay
171hooked in forever). The way this is handled is via "unregistration". With these
172new ENGINE changes, an abstract ENGINE can be loaded and initialised, but that
173is an algorithm-agnostic process. Even if initialised, it will not have
174registered any of its implementations (to do so would link all class "table"
175code despite the fact the application may use only ciphers, for example). This
176is deliberately a distinct step. Moreover, registration and unregistration has
177nothing to do with whether an ENGINE is *functional* or not (ie. you can even
178register an ENGINE and its implementations without it being operational, you may
179not even have the drivers to make it operate). What actually happens with
180respect to cleanup is managed inside eng_lib.c with the "engine_cleanup_***"
181functions. These functions are internal-only and each part of ENGINE code that
182could require cleanup will, upon performing its first allocation, register a
183callback with the "engine_cleanup" code. The other part of this that makes it
184tick is that the ENGINE_TABLE instantiations (tb_***.c) use NULL as their
185initialised state. So if RSA code asks for an ENGINE and no ENGINE has
186registered an implementation, the code will simply return NULL and the tb_rsa.c
187state will be unchanged. Thus, no cleanup is required unless registration takes
188place. ENGINE_cleanup() will simply iterate across a list of registered cleanup
189callbacks calling each in turn, and will then internally delete its own storage
190(a STACK). When a cleanup callback is next registered (eg. if the cleanup() is
191part of a gracefull restart and the application wants to cleanup all state then
192start again), the internal STACK storage will be freshly allocated. This is much
193the same as the situation in the ENGINE_TABLE instantiations ... NULL is the
194initialised state, so only modification operations (not queries) will cause that
195code to have to register a cleanup.
196
197What else? The bignum callbacks and associated ENGINE functions have been
198removed for two obvious reasons; (i) there was no way to generalise them to the
199mechanism now used by RSA/DSA/..., because there's no such thing as a BIGNUM
200method, and (ii) because of (i), there was no meaningful way for library or
201application code to automatically hook and use ENGINE supplied bignum functions
202anyway. Also, ENGINE_cpy() has been removed (although an internal-only version
203exists) - the idea of providing an ENGINE_cpy() function probably wasn't a good
204one and now certainly doesn't make sense in any generalised way. Some of the
205RSA, DSA, DH, and RAND functions that were fiddled during the original ENGINE
206changes have now, as a consequence, been reverted back. This is because the
207hooking of ENGINE is now automatic (and passive, it can interally use a NULL
208ENGINE pointer to simply ignore ENGINE from then on).
209
210Hell, that should be enough for now ... comments welcome: geoff@openssl.org
211
diff --git a/src/lib/libcrypto/engine/eng_aesni.c b/src/lib/libcrypto/engine/eng_aesni.c
deleted file mode 100644
index 5f9a36236a..0000000000
--- a/src/lib/libcrypto/engine/eng_aesni.c
+++ /dev/null
@@ -1,568 +0,0 @@
1/* $OpenBSD: eng_aesni.c,v 1.8 2015/02/10 09:46:30 miod Exp $ */
2/*
3 * Support for Intel AES-NI intruction set
4 * Author: Huang Ying <ying.huang@intel.com>
5 *
6 * Intel AES-NI is a new set of Single Instruction Multiple Data
7 * (SIMD) instructions that are going to be introduced in the next
8 * generation of Intel processor, as of 2009. These instructions
9 * enable fast and secure data encryption and decryption, using the
10 * Advanced Encryption Standard (AES), defined by FIPS Publication
11 * number 197. The architecture introduces six instructions that
12 * offer full hardware support for AES. Four of them support high
13 * performance data encryption and decryption, and the other two
14 * instructions support the AES key expansion procedure.
15 *
16 * The white paper can be downloaded from:
17 * http://softwarecommunity.intel.com/isn/downloads/intelavx/AES-Instructions-Set_WP.pdf
18 *
19 * This file is based on engines/e_padlock.c
20 */
21
22/* ====================================================================
23 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
24 *
25 * Redistribution and use in source and binary forms, with or without
26 * modification, are permitted provided that the following conditions
27 * are met:
28 *
29 * 1. Redistributions of source code must retain the above copyright
30 * notice, this list of conditions and the following disclaimer.
31 *
32 * 2. Redistributions in binary form must reproduce the above copyright
33 * notice, this list of conditions and the following disclaimer in
34 * the documentation and/or other materials provided with the
35 * distribution.
36 *
37 * 3. All advertising materials mentioning features or use of this
38 * software must display the following acknowledgment:
39 * "This product includes software developed by the OpenSSL Project
40 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
41 *
42 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
43 * endorse or promote products derived from this software without
44 * prior written permission. For written permission, please contact
45 * licensing@OpenSSL.org.
46 *
47 * 5. Products derived from this software may not be called "OpenSSL"
48 * nor may "OpenSSL" appear in their names without prior written
49 * permission of the OpenSSL Project.
50 *
51 * 6. Redistributions of any form whatsoever must retain the following
52 * acknowledgment:
53 * "This product includes software developed by the OpenSSL Project
54 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
55 *
56 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
57 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
58 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
59 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
60 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
61 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
62 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
63 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
64 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
65 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
66 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
67 * OF THE POSSIBILITY OF SUCH DAMAGE.
68 * ====================================================================
69 *
70 * This product includes cryptographic software written by Eric Young
71 * (eay@cryptsoft.com). This product includes software written by Tim
72 * Hudson (tjh@cryptsoft.com).
73 *
74 */
75
76#include <stdio.h>
77
78#include <openssl/opensslconf.h>
79
80#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AES_NI) && !defined(OPENSSL_NO_AES)
81
82#include <openssl/aes.h>
83#include <openssl/dso.h>
84#include <openssl/engine.h>
85#include <openssl/err.h>
86#include <openssl/evp.h>
87
88/* AES-NI is available *ONLY* on some x86 CPUs. Not only that it
89 doesn't exist elsewhere, but it even can't be compiled on other
90 platforms! */
91#undef COMPILE_HW_AESNI
92#if (defined(__x86_64) || defined(__x86_64__) || \
93 defined(_M_AMD64) || defined(_M_X64) || \
94 defined(OPENSSL_IA32_SSE2)) && !defined(OPENSSL_NO_ASM) && !defined(__i386__)
95#define COMPILE_HW_AESNI
96#endif
97static ENGINE *ENGINE_aesni (void);
98
99void ENGINE_load_aesni (void)
100{
101/* On non-x86 CPUs it just returns. */
102#ifdef COMPILE_HW_AESNI
103 ENGINE *toadd = ENGINE_aesni();
104 if (!toadd)
105 return;
106 ENGINE_add (toadd);
107 ENGINE_register_complete (toadd);
108 ENGINE_free (toadd);
109 ERR_clear_error ();
110#endif
111}
112
113#ifdef COMPILE_HW_AESNI
114int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
115 AES_KEY *key);
116int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
117 AES_KEY *key);
118
119void aesni_encrypt(const unsigned char *in, unsigned char *out,
120 const AES_KEY *key);
121void aesni_decrypt(const unsigned char *in, unsigned char *out,
122 const AES_KEY *key);
123
124void aesni_ecb_encrypt(const unsigned char *in, unsigned char *out,
125 size_t length, const AES_KEY *key, int enc);
126void aesni_cbc_encrypt(const unsigned char *in, unsigned char *out,
127 size_t length, const AES_KEY *key, unsigned char *ivec, int enc);
128
129/* Function for ENGINE detection and control */
130static int aesni_init(ENGINE *e);
131
132/* Cipher Stuff */
133static int aesni_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
134 const int **nids, int nid);
135
136#define AESNI_MIN_ALIGN 16
137#define AESNI_ALIGN(x) \
138 ((void *)(((unsigned long)(x)+AESNI_MIN_ALIGN-1)&~(AESNI_MIN_ALIGN-1)))
139
140/* Engine names */
141static const char aesni_id[] = "aesni",
142 aesni_name[] = "Intel AES-NI engine",
143 no_aesni_name[] = "Intel AES-NI engine (no-aesni)";
144
145
146/* The input and output encrypted as though 128bit cfb mode is being
147 * used. The extra state information to record how much of the
148 * 128bit block we have used is contained in *num;
149 */
150static void
151aesni_cfb128_encrypt(const unsigned char *in, unsigned char *out,
152 unsigned int len, const void *key, unsigned char ivec[16], int *num,
153 int enc)
154{
155 unsigned int n;
156 size_t l = 0;
157
158 n = *num;
159
160 if (enc) {
161#if !defined(OPENSSL_SMALL_FOOTPRINT)
162 if (16%sizeof(size_t) == 0) do { /* always true actually */
163 while (n && len) {
164 *(out++) = ivec[n] ^= *(in++);
165 --len;
166 n = (n + 1) % 16;
167 }
168 while (len >= 16) {
169 aesni_encrypt(ivec, ivec, key);
170 for (n = 0; n < 16; n += sizeof(size_t)) {
171 *(size_t*)(out + n) =
172 *(size_t*)(ivec + n) ^= *(size_t*)(in + n);
173 }
174 len -= 16;
175 out += 16;
176 in += 16;
177 }
178 n = 0;
179 if (len) {
180 aesni_encrypt(ivec, ivec, key);
181 while (len--) {
182 out[n] = ivec[n] ^= in[n];
183 ++n;
184 }
185 }
186 *num = n;
187 return;
188 } while (0);
189 /* the rest would be commonly eliminated by x86* compiler */
190#endif
191 while (l < len) {
192 if (n == 0) {
193 aesni_encrypt(ivec, ivec, key);
194 }
195 out[l] = ivec[n] ^= in[l];
196 ++l;
197 n = (n + 1) % 16;
198 }
199 *num = n;
200 } else {
201#if !defined(OPENSSL_SMALL_FOOTPRINT)
202 if (16%sizeof(size_t) == 0) do { /* always true actually */
203 while (n && len) {
204 unsigned char c;
205 *(out++) = ivec[n] ^ (c = *(in++));
206 ivec[n] = c;
207 --len;
208 n = (n + 1) % 16;
209 }
210 while (len >= 16) {
211 aesni_encrypt(ivec, ivec, key);
212 for (n = 0; n < 16; n += sizeof(size_t)) {
213 size_t t = *(size_t*)(in + n);
214 *(size_t*)(out + n) = *(size_t*)(ivec + n) ^ t;
215 *(size_t*)(ivec + n) = t;
216 }
217 len -= 16;
218 out += 16;
219 in += 16;
220 }
221 n = 0;
222 if (len) {
223 aesni_encrypt(ivec, ivec, key);
224 while (len--) {
225 unsigned char c;
226 out[n] = ivec[n] ^ (c = in[n]);
227 ivec[n] = c;
228 ++n;
229 }
230 }
231 *num = n;
232 return;
233 } while (0);
234 /* the rest would be commonly eliminated by x86* compiler */
235#endif
236 while (l < len) {
237 unsigned char c;
238 if (n == 0) {
239 aesni_encrypt(ivec, ivec, key);
240 }
241 out[l] = ivec[n] ^ (c = in[l]);
242 ivec[n] = c;
243 ++l;
244 n = (n + 1) % 16;
245 }
246 *num = n;
247 }
248}
249
250/* The input and output encrypted as though 128bit ofb mode is being
251 * used. The extra state information to record how much of the
252 * 128bit block we have used is contained in *num;
253 */
254static void
255aesni_ofb128_encrypt(const unsigned char *in, unsigned char *out,
256 unsigned int len, const void *key, unsigned char ivec[16], int *num)
257{
258 unsigned int n;
259 size_t l = 0;
260
261 n = *num;
262
263#if !defined(OPENSSL_SMALL_FOOTPRINT)
264 if (16%sizeof(size_t) == 0) do { /* always true actually */
265 while (n && len) {
266 *(out++) = *(in++) ^ ivec[n];
267 --len;
268 n = (n + 1) % 16;
269 }
270 while (len >= 16) {
271 aesni_encrypt(ivec, ivec, key);
272 for (n = 0; n < 16; n += sizeof(size_t))
273 *(size_t*)(out + n) =
274 *(size_t*)(in + n) ^ *(size_t*)(ivec + n);
275 len -= 16;
276 out += 16;
277 in += 16;
278 }
279 n = 0;
280 if (len) {
281 aesni_encrypt(ivec, ivec, key);
282 while (len--) {
283 out[n] = in[n] ^ ivec[n];
284 ++n;
285 }
286 }
287 *num = n;
288 return;
289 } while (0);
290 /* the rest would be commonly eliminated by x86* compiler */
291#endif
292 while (l < len) {
293 if (n == 0) {
294 aesni_encrypt(ivec, ivec, key);
295 }
296 out[l] = in[l] ^ ivec[n];
297 ++l;
298 n = (n + 1) % 16;
299 }
300
301 *num = n;
302}
303/* ===== Engine "management" functions ===== */
304
305typedef unsigned long long IA32CAP;
306
307/* Prepare the ENGINE structure for registration */
308static int
309aesni_bind_helper(ENGINE *e)
310{
311 int engage;
312
313 if (sizeof(OPENSSL_ia32cap_P) > 4) {
314 engage = ((IA32CAP)OPENSSL_ia32cap_P >> 57) & 1;
315 } else {
316 IA32CAP OPENSSL_ia32_cpuid(void);
317 engage = (OPENSSL_ia32_cpuid() >> 57) & 1;
318 }
319
320 /* Register everything or return with an error */
321 if (!ENGINE_set_id(e, aesni_id) ||
322 !ENGINE_set_name(e, engage ? aesni_name : no_aesni_name) ||
323 !ENGINE_set_init_function(e, aesni_init) ||
324 (engage && !ENGINE_set_ciphers (e, aesni_ciphers)))
325 return 0;
326
327 /* Everything looks good */
328 return 1;
329}
330
331/* Constructor */
332static ENGINE *
333ENGINE_aesni(void)
334{
335 ENGINE *eng = ENGINE_new();
336
337 if (!eng) {
338 return NULL;
339 }
340
341 if (!aesni_bind_helper(eng)) {
342 ENGINE_free(eng);
343 return NULL;
344 }
345
346 return eng;
347}
348
349/* Check availability of the engine */
350static int
351aesni_init(ENGINE *e)
352{
353 return 1;
354}
355
356#if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb)
357#define NID_aes_128_cfb NID_aes_128_cfb128
358#endif
359
360#if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb)
361#define NID_aes_128_ofb NID_aes_128_ofb128
362#endif
363
364#if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb)
365#define NID_aes_192_cfb NID_aes_192_cfb128
366#endif
367
368#if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb)
369#define NID_aes_192_ofb NID_aes_192_ofb128
370#endif
371
372#if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb)
373#define NID_aes_256_cfb NID_aes_256_cfb128
374#endif
375
376#if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb)
377#define NID_aes_256_ofb NID_aes_256_ofb128
378#endif
379
380/* List of supported ciphers. */
381static int aesni_cipher_nids[] = {
382 NID_aes_128_ecb,
383 NID_aes_128_cbc,
384 NID_aes_128_cfb,
385 NID_aes_128_ofb,
386
387 NID_aes_192_ecb,
388 NID_aes_192_cbc,
389 NID_aes_192_cfb,
390 NID_aes_192_ofb,
391
392 NID_aes_256_ecb,
393 NID_aes_256_cbc,
394 NID_aes_256_cfb,
395 NID_aes_256_ofb,
396};
397static int aesni_cipher_nids_num =
398 (sizeof(aesni_cipher_nids) / sizeof(aesni_cipher_nids[0]));
399
400typedef struct {
401 AES_KEY ks;
402 unsigned int _pad1[3];
403} AESNI_KEY;
404
405static int
406aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *user_key,
407 const unsigned char *iv, int enc)
408{
409 int ret;
410 AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
411
412 if ((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CFB_MODE ||
413 (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_OFB_MODE ||
414 enc)
415 ret = aesni_set_encrypt_key(user_key, ctx->key_len * 8, key);
416 else
417 ret = aesni_set_decrypt_key(user_key, ctx->key_len * 8, key);
418
419 if (ret < 0) {
420 EVPerr(EVP_F_AESNI_INIT_KEY, EVP_R_AES_KEY_SETUP_FAILED);
421 return 0;
422 }
423
424 return 1;
425}
426
427static int
428aesni_cipher_ecb(EVP_CIPHER_CTX *ctx, unsigned char *out,
429 const unsigned char *in, size_t inl)
430{
431 AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
432
433 aesni_ecb_encrypt(in, out, inl, key, ctx->encrypt);
434 return 1;
435}
436
437static int
438aesni_cipher_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out,
439 const unsigned char *in, size_t inl)
440{
441 AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
442
443 aesni_cbc_encrypt(in, out, inl, key, ctx->iv, ctx->encrypt);
444 return 1;
445}
446
447static int
448aesni_cipher_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out,
449 const unsigned char *in, size_t inl)
450{
451 AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
452
453 aesni_cfb128_encrypt(in, out, inl, key, ctx->iv, &ctx->num,
454 ctx->encrypt);
455 return 1;
456}
457
458static int
459aesni_cipher_ofb(EVP_CIPHER_CTX *ctx, unsigned char *out,
460 const unsigned char *in, size_t inl)
461{
462 AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
463
464 aesni_ofb128_encrypt(in, out, inl, key, ctx->iv, &ctx->num);
465 return 1;
466}
467
468#define AES_BLOCK_SIZE 16
469
470#define EVP_CIPHER_block_size_ECB AES_BLOCK_SIZE
471#define EVP_CIPHER_block_size_CBC AES_BLOCK_SIZE
472#define EVP_CIPHER_block_size_OFB 1
473#define EVP_CIPHER_block_size_CFB 1
474
475/* Declaring so many ciphers by hand would be a pain.
476 Instead introduce a bit of preprocessor magic :-) */
477#define DECLARE_AES_EVP(ksize,lmode,umode) \
478static const EVP_CIPHER aesni_##ksize##_##lmode = { \
479 NID_aes_##ksize##_##lmode, \
480 EVP_CIPHER_block_size_##umode, \
481 ksize / 8, \
482 AES_BLOCK_SIZE, \
483 0 | EVP_CIPH_##umode##_MODE, \
484 aesni_init_key, \
485 aesni_cipher_##lmode, \
486 NULL, \
487 sizeof(AESNI_KEY), \
488 EVP_CIPHER_set_asn1_iv, \
489 EVP_CIPHER_get_asn1_iv, \
490 NULL, \
491 NULL \
492}
493
494DECLARE_AES_EVP(128, ecb, ECB);
495DECLARE_AES_EVP(128, cbc, CBC);
496DECLARE_AES_EVP(128, cfb, CFB);
497DECLARE_AES_EVP(128, ofb, OFB);
498
499DECLARE_AES_EVP(192, ecb, ECB);
500DECLARE_AES_EVP(192, cbc, CBC);
501DECLARE_AES_EVP(192, cfb, CFB);
502DECLARE_AES_EVP(192, ofb, OFB);
503
504DECLARE_AES_EVP(256, ecb, ECB);
505DECLARE_AES_EVP(256, cbc, CBC);
506DECLARE_AES_EVP(256, cfb, CFB);
507DECLARE_AES_EVP(256, ofb, OFB);
508
509static int
510aesni_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid)
511{
512 /* No specific cipher => return a list of supported nids ... */
513 if (!cipher) {
514 *nids = aesni_cipher_nids;
515 return aesni_cipher_nids_num;
516 }
517
518 /* ... or the requested "cipher" otherwise */
519 switch (nid) {
520 case NID_aes_128_ecb:
521 *cipher = &aesni_128_ecb;
522 break;
523 case NID_aes_128_cbc:
524 *cipher = &aesni_128_cbc;
525 break;
526 case NID_aes_128_cfb:
527 *cipher = &aesni_128_cfb;
528 break;
529 case NID_aes_128_ofb:
530 *cipher = &aesni_128_ofb;
531 break;
532
533 case NID_aes_192_ecb:
534 *cipher = &aesni_192_ecb;
535 break;
536 case NID_aes_192_cbc:
537 *cipher = &aesni_192_cbc;
538 break;
539 case NID_aes_192_cfb:
540 *cipher = &aesni_192_cfb;
541 break;
542 case NID_aes_192_ofb:
543 *cipher = &aesni_192_ofb;
544 break;
545
546 case NID_aes_256_ecb:
547 *cipher = &aesni_256_ecb;
548 break;
549 case NID_aes_256_cbc:
550 *cipher = &aesni_256_cbc;
551 break;
552 case NID_aes_256_cfb:
553 *cipher = &aesni_256_cfb;
554 break;
555 case NID_aes_256_ofb:
556 *cipher = &aesni_256_ofb;
557 break;
558
559 default:
560 /* Sorry, we don't support this NID */
561 *cipher = NULL;
562 return 0;
563 }
564 return 1;
565}
566
567#endif /* COMPILE_HW_AESNI */
568#endif /* !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AESNI) && !defined(OPENSSL_NO_AES) */
diff --git a/src/lib/libcrypto/engine/eng_all.c b/src/lib/libcrypto/engine/eng_all.c
deleted file mode 100644
index 7640cf7fcd..0000000000
--- a/src/lib/libcrypto/engine/eng_all.c
+++ /dev/null
@@ -1,78 +0,0 @@
1/* $OpenBSD: eng_all.c,v 1.29 2015/07/19 22:34:27 doug Exp $ */
2/* Written by Richard Levitte <richard@levitte.org> for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <openssl/opensslconf.h>
60
61#include "cryptlib.h"
62#include "eng_int.h"
63
64void
65ENGINE_load_builtin_engines(void)
66{
67 /* Some ENGINEs need this */
68 OPENSSL_cpuid_setup();
69
70#ifndef OPENSSL_NO_STATIC_ENGINE
71#ifndef OPENSSL_NO_HW
72#ifndef OPENSSL_NO_HW_PADLOCK
73 ENGINE_load_padlock();
74#endif
75#endif
76#endif
77 ENGINE_register_all_complete();
78}
diff --git a/src/lib/libcrypto/engine/eng_cnf.c b/src/lib/libcrypto/engine/eng_cnf.c
deleted file mode 100644
index acdebda6a6..0000000000
--- a/src/lib/libcrypto/engine/eng_cnf.c
+++ /dev/null
@@ -1,257 +0,0 @@
1/* $OpenBSD: eng_cnf.c,v 1.13 2015/02/11 03:19:37 doug Exp $ */
2/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
3 * project 2001.
4 */
5/* ====================================================================
6 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <string.h>
60
61#include <openssl/err.h>
62
63#include "eng_int.h"
64#include <openssl/conf.h>
65
66/* #define ENGINE_CONF_DEBUG */
67
68/* ENGINE config module */
69
70static char *
71skip_dot(char *name)
72{
73 char *p;
74
75 p = strchr(name, '.');
76 if (p)
77 return p + 1;
78 return name;
79}
80
81static STACK_OF(ENGINE) *initialized_engines = NULL;
82
83static int
84int_engine_init(ENGINE *e)
85{
86 if (!ENGINE_init(e))
87 return 0;
88 if (!initialized_engines)
89 initialized_engines = sk_ENGINE_new_null();
90 if (!initialized_engines || !sk_ENGINE_push(initialized_engines, e)) {
91 ENGINE_finish(e);
92 return 0;
93 }
94 return 1;
95}
96
97
98static int
99int_engine_configure(char *name, char *value, const CONF *cnf)
100{
101 int i;
102 int ret = 0;
103 long do_init = -1;
104 STACK_OF(CONF_VALUE) *ecmds;
105 CONF_VALUE *ecmd = NULL;
106 char *ctrlname, *ctrlvalue;
107 ENGINE *e = NULL;
108 int soft = 0;
109
110 name = skip_dot(name);
111#ifdef ENGINE_CONF_DEBUG
112 fprintf(stderr, "Configuring engine %s\n", name);
113#endif
114 /* Value is a section containing ENGINE commands */
115 ecmds = NCONF_get_section(cnf, value);
116
117 if (!ecmds) {
118 ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE,
119 ENGINE_R_ENGINE_SECTION_ERROR);
120 return 0;
121 }
122
123 for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) {
124 ecmd = sk_CONF_VALUE_value(ecmds, i);
125 ctrlname = skip_dot(ecmd->name);
126 ctrlvalue = ecmd->value;
127#ifdef ENGINE_CONF_DEBUG
128 fprintf(stderr, "ENGINE conf: doing ctrl(%s,%s)\n",
129 ctrlname, ctrlvalue);
130#endif
131
132 /* First handle some special pseudo ctrls */
133
134 /* Override engine name to use */
135 if (!strcmp(ctrlname, "engine_id"))
136 name = ctrlvalue;
137 else if (!strcmp(ctrlname, "soft_load"))
138 soft = 1;
139 /* Load a dynamic ENGINE */
140 else if (!strcmp(ctrlname, "dynamic_path")) {
141 e = ENGINE_by_id("dynamic");
142 if (!e)
143 goto err;
144 if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", ctrlvalue, 0))
145 goto err;
146 if (!ENGINE_ctrl_cmd_string(e, "LIST_ADD", "2", 0))
147 goto err;
148 if (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
149 goto err;
150 }
151 /* ... add other pseudos here ... */
152 else {
153 /* At this point we need an ENGINE structural reference
154 * if we don't already have one.
155 */
156 if (!e) {
157 e = ENGINE_by_id(name);
158 if (!e && soft) {
159 ERR_clear_error();
160 return 1;
161 }
162 if (!e)
163 goto err;
164 }
165 /* Allow "EMPTY" to mean no value: this allows a valid
166 * "value" to be passed to ctrls of type NO_INPUT
167 */
168 if (!strcmp(ctrlvalue, "EMPTY"))
169 ctrlvalue = NULL;
170 if (!strcmp(ctrlname, "init")) {
171 if (!NCONF_get_number_e(cnf, value, "init",
172 &do_init))
173 goto err;
174 if (do_init == 1) {
175 if (!int_engine_init(e))
176 goto err;
177 } else if (do_init != 0) {
178 ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE,
179 ENGINE_R_INVALID_INIT_VALUE);
180 goto err;
181 }
182 }
183 else if (!strcmp(ctrlname, "default_algorithms")) {
184 if (!ENGINE_set_default_string(e, ctrlvalue))
185 goto err;
186 } else if (!ENGINE_ctrl_cmd_string(e,
187 ctrlname, ctrlvalue, 0))
188 goto err;
189 }
190 }
191 if (e && (do_init == -1) && !int_engine_init(e)) {
192 ecmd = NULL;
193 goto err;
194 }
195 ret = 1;
196
197err:
198 if (ret != 1) {
199 ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE,
200 ENGINE_R_ENGINE_CONFIGURATION_ERROR);
201 if (ecmd)
202 ERR_asprintf_error_data(
203 "section=%s, name=%s, value=%s",
204 ecmd->section, ecmd->name, ecmd->value);
205 }
206 if (e)
207 ENGINE_free(e);
208 return ret;
209}
210
211
212static int
213int_engine_module_init(CONF_IMODULE *md, const CONF *cnf)
214{
215 STACK_OF(CONF_VALUE) *elist;
216 CONF_VALUE *cval;
217 int i;
218
219#ifdef ENGINE_CONF_DEBUG
220 fprintf(stderr, "Called engine module: name %s, value %s\n",
221 CONF_imodule_get_name(md), CONF_imodule_get_value(md));
222#endif
223 /* Value is a section containing ENGINEs to configure */
224 elist = NCONF_get_section(cnf, CONF_imodule_get_value(md));
225
226 if (!elist) {
227 ENGINEerr(ENGINE_F_INT_ENGINE_MODULE_INIT,
228 ENGINE_R_ENGINES_SECTION_ERROR);
229 return 0;
230 }
231
232 for (i = 0; i < sk_CONF_VALUE_num(elist); i++) {
233 cval = sk_CONF_VALUE_value(elist, i);
234 if (!int_engine_configure(cval->name, cval->value, cnf))
235 return 0;
236 }
237
238 return 1;
239}
240
241static void
242int_engine_module_finish(CONF_IMODULE *md)
243{
244 ENGINE *e;
245
246 while ((e = sk_ENGINE_pop(initialized_engines)))
247 ENGINE_finish(e);
248 sk_ENGINE_free(initialized_engines);
249 initialized_engines = NULL;
250}
251
252void
253ENGINE_add_conf_module(void)
254{
255 CONF_module_add("engines", int_engine_module_init,
256 int_engine_module_finish);
257}
diff --git a/src/lib/libcrypto/engine/eng_ctrl.c b/src/lib/libcrypto/engine/eng_ctrl.c
deleted file mode 100644
index bf832dc626..0000000000
--- a/src/lib/libcrypto/engine/eng_ctrl.c
+++ /dev/null
@@ -1,393 +0,0 @@
1/* $OpenBSD: eng_ctrl.c,v 1.10 2015/02/11 03:19:37 doug Exp $ */
2/* ====================================================================
3 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include <string.h>
57
58#include <openssl/err.h>
59
60#include "eng_int.h"
61
62/* When querying a ENGINE-specific control command's 'description', this string
63 * is used if the ENGINE_CMD_DEFN has cmd_desc set to NULL. */
64static const char *int_no_description = "";
65
66/* These internal functions handle 'CMD'-related control commands when the
67 * ENGINE in question has asked us to take care of it (ie. the ENGINE did not
68 * set the ENGINE_FLAGS_MANUAL_CMD_CTRL flag. */
69
70static int
71int_ctrl_cmd_is_null(const ENGINE_CMD_DEFN *defn)
72{
73 if ((defn->cmd_num == 0) || (defn->cmd_name == NULL))
74 return 1;
75 return 0;
76}
77
78static int
79int_ctrl_cmd_by_name(const ENGINE_CMD_DEFN *defn, const char *s)
80{
81 int idx = 0;
82 while (!int_ctrl_cmd_is_null(defn) &&
83 (strcmp(defn->cmd_name, s) != 0)) {
84 idx++;
85 defn++;
86 }
87 if (int_ctrl_cmd_is_null(defn))
88 /* The given name wasn't found */
89 return -1;
90 return idx;
91}
92
93static int
94int_ctrl_cmd_by_num(const ENGINE_CMD_DEFN *defn, unsigned int num)
95{
96 int idx = 0;
97 /* NB: It is stipulated that 'cmd_defn' lists are ordered by cmd_num. So
98 * our searches don't need to take any longer than necessary. */
99 while (!int_ctrl_cmd_is_null(defn) && (defn->cmd_num < num)) {
100 idx++;
101 defn++;
102 }
103 if (defn->cmd_num == num)
104 return idx;
105 /* The given cmd_num wasn't found */
106 return -1;
107}
108
109static int
110int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
111{
112 int idx;
113 int ret;
114 char *s = (char *)p;
115
116 /* Take care of the easy one first (eg. it requires no searches) */
117 if (cmd == ENGINE_CTRL_GET_FIRST_CMD_TYPE) {
118 if ((e->cmd_defns == NULL) ||
119 int_ctrl_cmd_is_null(e->cmd_defns))
120 return 0;
121 return e->cmd_defns->cmd_num;
122 }
123 /* One or two commands require that "p" be a valid string buffer */
124 if ((cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) ||
125 (cmd == ENGINE_CTRL_GET_NAME_FROM_CMD) ||
126 (cmd == ENGINE_CTRL_GET_DESC_FROM_CMD)) {
127 if (s == NULL) {
128 ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
129 ERR_R_PASSED_NULL_PARAMETER);
130 return -1;
131 }
132 }
133 /* Now handle cmd_name -> cmd_num conversion */
134 if (cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) {
135 if ((e->cmd_defns == NULL) ||
136 ((idx = int_ctrl_cmd_by_name(e->cmd_defns, s)) < 0)) {
137 ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
138 ENGINE_R_INVALID_CMD_NAME);
139 return -1;
140 }
141 return e->cmd_defns[idx].cmd_num;
142 }
143 /* For the rest of the commands, the 'long' argument must specify a
144 * valie command number - so we need to conduct a search. */
145 if ((e->cmd_defns == NULL) ||
146 ((idx = int_ctrl_cmd_by_num(e->cmd_defns, (unsigned int)i)) < 0)) {
147 ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
148 ENGINE_R_INVALID_CMD_NUMBER);
149 return -1;
150 }
151 /* Now the logic splits depending on command type */
152 switch (cmd) {
153 case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
154 idx++;
155 if (int_ctrl_cmd_is_null(e->cmd_defns + idx))
156 /* end-of-list */
157 return 0;
158 else
159 return e->cmd_defns[idx].cmd_num;
160 case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
161 return strlen(e->cmd_defns[idx].cmd_name);
162 case ENGINE_CTRL_GET_NAME_FROM_CMD:
163 ret = snprintf(s, strlen(e->cmd_defns[idx].cmd_name) + 1,
164 "%s", e->cmd_defns[idx].cmd_name);
165 if (ret >= (strlen(e->cmd_defns[idx].cmd_name) + 1))
166 ret = -1;
167 return ret;
168 case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
169 if (e->cmd_defns[idx].cmd_desc)
170 return strlen(e->cmd_defns[idx].cmd_desc);
171 return strlen(int_no_description);
172 case ENGINE_CTRL_GET_DESC_FROM_CMD:
173 if (e->cmd_defns[idx].cmd_desc) {
174 ret = snprintf(s,
175 strlen(e->cmd_defns[idx].cmd_desc) + 1,
176 "%s", e->cmd_defns[idx].cmd_desc);
177 if (ret >= strlen(e->cmd_defns[idx].cmd_desc) + 1)
178 ret = -1;
179 return ret;
180 }
181 ret = snprintf(s, strlen(int_no_description) + 1, "%s",
182 int_no_description);
183 if (ret >= strlen(int_no_description) + 1)
184 ret = -1;
185 return ret;
186 case ENGINE_CTRL_GET_CMD_FLAGS:
187 return e->cmd_defns[idx].cmd_flags;
188 }
189
190 /* Shouldn't really be here ... */
191 ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ENGINE_R_INTERNAL_LIST_ERROR);
192 return -1;
193}
194
195int
196ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
197{
198 int ctrl_exists, ref_exists;
199
200 if (e == NULL) {
201 ENGINEerr(ENGINE_F_ENGINE_CTRL, ERR_R_PASSED_NULL_PARAMETER);
202 return 0;
203 }
204 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
205 ref_exists = ((e->struct_ref > 0) ? 1 : 0);
206 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
207 ctrl_exists = ((e->ctrl == NULL) ? 0 : 1);
208 if (!ref_exists) {
209 ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_REFERENCE);
210 return 0;
211 }
212 /* Intercept any "root-level" commands before trying to hand them on to
213 * ctrl() handlers. */
214 switch (cmd) {
215 case ENGINE_CTRL_HAS_CTRL_FUNCTION:
216 return ctrl_exists;
217 case ENGINE_CTRL_GET_FIRST_CMD_TYPE:
218 case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
219 case ENGINE_CTRL_GET_CMD_FROM_NAME:
220 case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
221 case ENGINE_CTRL_GET_NAME_FROM_CMD:
222 case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
223 case ENGINE_CTRL_GET_DESC_FROM_CMD:
224 case ENGINE_CTRL_GET_CMD_FLAGS:
225 if (ctrl_exists && !(e->flags & ENGINE_FLAGS_MANUAL_CMD_CTRL))
226 return int_ctrl_helper(e, cmd, i, p, f);
227 if (!ctrl_exists) {
228 ENGINEerr(ENGINE_F_ENGINE_CTRL,
229 ENGINE_R_NO_CONTROL_FUNCTION);
230 /* For these cmd-related functions, failure is indicated
231 * by a -1 return value (because 0 is used as a valid
232 * return in some places). */
233 return -1;
234 }
235 default:
236 break;
237 }
238 /* Anything else requires a ctrl() handler to exist. */
239 if (!ctrl_exists) {
240 ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_CONTROL_FUNCTION);
241 return 0;
242 }
243 return e->ctrl(e, cmd, i, p, f);
244}
245
246int
247ENGINE_cmd_is_executable(ENGINE *e, int cmd)
248{
249 int flags;
250
251 if ((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, cmd,
252 NULL, NULL)) < 0) {
253 ENGINEerr(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE,
254 ENGINE_R_INVALID_CMD_NUMBER);
255 return 0;
256 }
257 if (!(flags & ENGINE_CMD_FLAG_NO_INPUT) &&
258 !(flags & ENGINE_CMD_FLAG_NUMERIC) &&
259 !(flags & ENGINE_CMD_FLAG_STRING))
260 return 0;
261 return 1;
262}
263
264int
265ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, long i, void *p,
266 void (*f)(void), int cmd_optional)
267{
268 int num;
269
270 if ((e == NULL) || (cmd_name == NULL)) {
271 ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD,
272 ERR_R_PASSED_NULL_PARAMETER);
273 return 0;
274 }
275 if ((e->ctrl == NULL) ||
276 ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FROM_NAME,
277 0, (void *)cmd_name, NULL)) <= 0)) {
278 /* If the command didn't *have* to be supported, we fake
279 * success. This allows certain settings to be specified for
280 * multiple ENGINEs and only require a change of ENGINE id
281 * (without having to selectively apply settings). Eg. changing
282 * from a hardware device back to the regular software ENGINE
283 * without editing the config file, etc. */
284 if (cmd_optional) {
285 ERR_clear_error();
286 return 1;
287 }
288 ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD, ENGINE_R_INVALID_CMD_NAME);
289 return 0;
290 }
291
292 /* Force the result of the control command to 0 or 1, for the reasons
293 * mentioned before. */
294 if (ENGINE_ctrl(e, num, i, p, f) > 0)
295 return 1;
296
297 return 0;
298}
299
300int
301ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
302 int cmd_optional)
303{
304 int num, flags;
305 long l;
306 char *ptr;
307
308 if ((e == NULL) || (cmd_name == NULL)) {
309 ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
310 ERR_R_PASSED_NULL_PARAMETER);
311 return 0;
312 }
313 if ((e->ctrl == NULL) ||
314 ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FROM_NAME, 0,
315 (void *)cmd_name, NULL)) <= 0)) {
316 /* If the command didn't *have* to be supported, we fake
317 * success. This allows certain settings to be specified for
318 * multiple ENGINEs and only require a change of ENGINE id
319 * (without having to selectively apply settings). Eg. changing
320 * from a hardware device back to the regular software ENGINE
321 * without editing the config file, etc. */
322 if (cmd_optional) {
323 ERR_clear_error();
324 return 1;
325 }
326 ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
327 ENGINE_R_INVALID_CMD_NAME);
328 return 0;
329 }
330 if (!ENGINE_cmd_is_executable(e, num)) {
331 ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
332 ENGINE_R_CMD_NOT_EXECUTABLE);
333 return 0;
334 }
335 if ((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num,
336 NULL, NULL)) < 0) {
337 /* Shouldn't happen, given that ENGINE_cmd_is_executable()
338 * returned success. */
339 ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
340 ENGINE_R_INTERNAL_LIST_ERROR);
341 return 0;
342 }
343 /* If the command takes no input, there must be no input. And vice
344 * versa. */
345 if (flags & ENGINE_CMD_FLAG_NO_INPUT) {
346 if (arg != NULL) {
347 ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
348 ENGINE_R_COMMAND_TAKES_NO_INPUT);
349 return 0;
350 }
351 /* We deliberately force the result of ENGINE_ctrl() to 0 or 1
352 * rather than returning it as "return data". This is to ensure
353 * usage of these commands is consistent across applications and
354 * that certain applications don't understand it one way, and
355 * others another. */
356 if (ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
357 return 1;
358 return 0;
359 }
360 /* So, we require input */
361 if (arg == NULL) {
362 ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
363 ENGINE_R_COMMAND_TAKES_INPUT);
364 return 0;
365 }
366 /* If it takes string input, that's easy */
367 if (flags & ENGINE_CMD_FLAG_STRING) {
368 /* Same explanation as above */
369 if (ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
370 return 1;
371 return 0;
372 }
373 /* If it doesn't take numeric either, then it is unsupported for use in
374 * a config-setting situation, which is what this function is for. This
375 * should never happen though, because ENGINE_cmd_is_executable() was
376 * used. */
377 if (!(flags & ENGINE_CMD_FLAG_NUMERIC)) {
378 ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
379 ENGINE_R_INTERNAL_LIST_ERROR);
380 return 0;
381 }
382 l = strtol(arg, &ptr, 10);
383 if ((arg == ptr) || (*ptr != '\0')) {
384 ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
385 ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER);
386 return 0;
387 }
388 /* Force the result of the control command to 0 or 1, for the reasons
389 * mentioned before. */
390 if (ENGINE_ctrl(e, num, l, NULL, NULL) > 0)
391 return 1;
392 return 0;
393}
diff --git a/src/lib/libcrypto/engine/eng_dyn.c b/src/lib/libcrypto/engine/eng_dyn.c
deleted file mode 100644
index 400ce72681..0000000000
--- a/src/lib/libcrypto/engine/eng_dyn.c
+++ /dev/null
@@ -1,64 +0,0 @@
1/* $OpenBSD: eng_dyn.c,v 1.14 2015/06/19 06:05:11 bcook Exp $ */
2/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
3 * project 2001.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <openssl/engine.h>
60
61void
62ENGINE_load_dynamic(void)
63{
64}
diff --git a/src/lib/libcrypto/engine/eng_err.c b/src/lib/libcrypto/engine/eng_err.c
deleted file mode 100644
index d65efde991..0000000000
--- a/src/lib/libcrypto/engine/eng_err.c
+++ /dev/null
@@ -1,173 +0,0 @@
1/* $OpenBSD: eng_err.c,v 1.10 2014/07/10 22:45:57 jsing Exp $ */
2/* ====================================================================
3 * Copyright (c) 1999-2010 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62
63#include <openssl/opensslconf.h>
64
65#include <openssl/err.h>
66#include <openssl/engine.h>
67
68/* BEGIN ERROR CODES */
69#ifndef OPENSSL_NO_ERR
70
71#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ENGINE,func,0)
72#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ENGINE,0,reason)
73
74static ERR_STRING_DATA ENGINE_str_functs[] = {
75 {ERR_FUNC(ENGINE_F_DYNAMIC_CTRL), "DYNAMIC_CTRL"},
76 {ERR_FUNC(ENGINE_F_DYNAMIC_GET_DATA_CTX), "DYNAMIC_GET_DATA_CTX"},
77 {ERR_FUNC(ENGINE_F_DYNAMIC_LOAD), "DYNAMIC_LOAD"},
78 {ERR_FUNC(ENGINE_F_DYNAMIC_SET_DATA_CTX), "DYNAMIC_SET_DATA_CTX"},
79 {ERR_FUNC(ENGINE_F_ENGINE_ADD), "ENGINE_add"},
80 {ERR_FUNC(ENGINE_F_ENGINE_BY_ID), "ENGINE_by_id"},
81 {ERR_FUNC(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE), "ENGINE_cmd_is_executable"},
82 {ERR_FUNC(ENGINE_F_ENGINE_CTRL), "ENGINE_ctrl"},
83 {ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD), "ENGINE_ctrl_cmd"},
84 {ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD_STRING), "ENGINE_ctrl_cmd_string"},
85 {ERR_FUNC(ENGINE_F_ENGINE_FINISH), "ENGINE_finish"},
86 {ERR_FUNC(ENGINE_F_ENGINE_FREE_UTIL), "ENGINE_FREE_UTIL"},
87 {ERR_FUNC(ENGINE_F_ENGINE_GET_CIPHER), "ENGINE_get_cipher"},
88 {ERR_FUNC(ENGINE_F_ENGINE_GET_DEFAULT_TYPE), "ENGINE_GET_DEFAULT_TYPE"},
89 {ERR_FUNC(ENGINE_F_ENGINE_GET_DIGEST), "ENGINE_get_digest"},
90 {ERR_FUNC(ENGINE_F_ENGINE_GET_NEXT), "ENGINE_get_next"},
91 {ERR_FUNC(ENGINE_F_ENGINE_GET_PKEY_ASN1_METH), "ENGINE_get_pkey_asn1_meth"},
92 {ERR_FUNC(ENGINE_F_ENGINE_GET_PKEY_METH), "ENGINE_get_pkey_meth"},
93 {ERR_FUNC(ENGINE_F_ENGINE_GET_PREV), "ENGINE_get_prev"},
94 {ERR_FUNC(ENGINE_F_ENGINE_INIT), "ENGINE_init"},
95 {ERR_FUNC(ENGINE_F_ENGINE_LIST_ADD), "ENGINE_LIST_ADD"},
96 {ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE), "ENGINE_LIST_REMOVE"},
97 {ERR_FUNC(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY), "ENGINE_load_private_key"},
98 {ERR_FUNC(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY), "ENGINE_load_public_key"},
99 {ERR_FUNC(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT), "ENGINE_load_ssl_client_cert"},
100 {ERR_FUNC(ENGINE_F_ENGINE_NEW), "ENGINE_new"},
101 {ERR_FUNC(ENGINE_F_ENGINE_REMOVE), "ENGINE_remove"},
102 {ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING), "ENGINE_set_default_string"},
103 {ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_TYPE), "ENGINE_SET_DEFAULT_TYPE"},
104 {ERR_FUNC(ENGINE_F_ENGINE_SET_ID), "ENGINE_set_id"},
105 {ERR_FUNC(ENGINE_F_ENGINE_SET_NAME), "ENGINE_set_name"},
106 {ERR_FUNC(ENGINE_F_ENGINE_TABLE_REGISTER), "ENGINE_TABLE_REGISTER"},
107 {ERR_FUNC(ENGINE_F_ENGINE_UNLOAD_KEY), "ENGINE_UNLOAD_KEY"},
108 {ERR_FUNC(ENGINE_F_ENGINE_UNLOCKED_FINISH), "ENGINE_UNLOCKED_FINISH"},
109 {ERR_FUNC(ENGINE_F_ENGINE_UP_REF), "ENGINE_up_ref"},
110 {ERR_FUNC(ENGINE_F_INT_CTRL_HELPER), "INT_CTRL_HELPER"},
111 {ERR_FUNC(ENGINE_F_INT_ENGINE_CONFIGURE), "INT_ENGINE_CONFIGURE"},
112 {ERR_FUNC(ENGINE_F_INT_ENGINE_MODULE_INIT), "INT_ENGINE_MODULE_INIT"},
113 {ERR_FUNC(ENGINE_F_LOG_MESSAGE), "LOG_MESSAGE"},
114 {0, NULL}
115};
116
117static ERR_STRING_DATA ENGINE_str_reasons[] = {
118 {ERR_REASON(ENGINE_R_ALREADY_LOADED) , "already loaded"},
119 {ERR_REASON(ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER), "argument is not a number"},
120 {ERR_REASON(ENGINE_R_CMD_NOT_EXECUTABLE) , "cmd not executable"},
121 {ERR_REASON(ENGINE_R_COMMAND_TAKES_INPUT), "command takes input"},
122 {ERR_REASON(ENGINE_R_COMMAND_TAKES_NO_INPUT), "command takes no input"},
123 {ERR_REASON(ENGINE_R_CONFLICTING_ENGINE_ID), "conflicting engine id"},
124 {ERR_REASON(ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED), "ctrl command not implemented"},
125 {ERR_REASON(ENGINE_R_DH_NOT_IMPLEMENTED) , "dh not implemented"},
126 {ERR_REASON(ENGINE_R_DSA_NOT_IMPLEMENTED), "dsa not implemented"},
127 {ERR_REASON(ENGINE_R_DSO_FAILURE) , "DSO failure"},
128 {ERR_REASON(ENGINE_R_DSO_NOT_FOUND) , "dso not found"},
129 {ERR_REASON(ENGINE_R_ENGINES_SECTION_ERROR), "engines section error"},
130 {ERR_REASON(ENGINE_R_ENGINE_CONFIGURATION_ERROR), "engine configuration error"},
131 {ERR_REASON(ENGINE_R_ENGINE_IS_NOT_IN_LIST), "engine is not in the list"},
132 {ERR_REASON(ENGINE_R_ENGINE_SECTION_ERROR), "engine section error"},
133 {ERR_REASON(ENGINE_R_FAILED_LOADING_PRIVATE_KEY), "failed loading private key"},
134 {ERR_REASON(ENGINE_R_FAILED_LOADING_PUBLIC_KEY), "failed loading public key"},
135 {ERR_REASON(ENGINE_R_FINISH_FAILED) , "finish failed"},
136 {ERR_REASON(ENGINE_R_GET_HANDLE_FAILED) , "could not obtain hardware handle"},
137 {ERR_REASON(ENGINE_R_ID_OR_NAME_MISSING) , "'id' or 'name' missing"},
138 {ERR_REASON(ENGINE_R_INIT_FAILED) , "init failed"},
139 {ERR_REASON(ENGINE_R_INTERNAL_LIST_ERROR), "internal list error"},
140 {ERR_REASON(ENGINE_R_INVALID_ARGUMENT) , "invalid argument"},
141 {ERR_REASON(ENGINE_R_INVALID_CMD_NAME) , "invalid cmd name"},
142 {ERR_REASON(ENGINE_R_INVALID_CMD_NUMBER) , "invalid cmd number"},
143 {ERR_REASON(ENGINE_R_INVALID_INIT_VALUE) , "invalid init value"},
144 {ERR_REASON(ENGINE_R_INVALID_STRING) , "invalid string"},
145 {ERR_REASON(ENGINE_R_NOT_INITIALISED) , "not initialised"},
146 {ERR_REASON(ENGINE_R_NOT_LOADED) , "not loaded"},
147 {ERR_REASON(ENGINE_R_NO_CONTROL_FUNCTION), "no control function"},
148 {ERR_REASON(ENGINE_R_NO_INDEX) , "no index"},
149 {ERR_REASON(ENGINE_R_NO_LOAD_FUNCTION) , "no load function"},
150 {ERR_REASON(ENGINE_R_NO_REFERENCE) , "no reference"},
151 {ERR_REASON(ENGINE_R_NO_SUCH_ENGINE) , "no such engine"},
152 {ERR_REASON(ENGINE_R_NO_UNLOAD_FUNCTION) , "no unload function"},
153 {ERR_REASON(ENGINE_R_PROVIDE_PARAMETERS) , "provide parameters"},
154 {ERR_REASON(ENGINE_R_RSA_NOT_IMPLEMENTED), "rsa not implemented"},
155 {ERR_REASON(ENGINE_R_UNIMPLEMENTED_CIPHER), "unimplemented cipher"},
156 {ERR_REASON(ENGINE_R_UNIMPLEMENTED_DIGEST), "unimplemented digest"},
157 {ERR_REASON(ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD), "unimplemented public key method"},
158 {ERR_REASON(ENGINE_R_VERSION_INCOMPATIBILITY), "version incompatibility"},
159 {0, NULL}
160};
161
162#endif
163
164void
165ERR_load_ENGINE_strings(void)
166{
167#ifndef OPENSSL_NO_ERR
168 if (ERR_func_error_string(ENGINE_str_functs[0].error) == NULL) {
169 ERR_load_strings(0, ENGINE_str_functs);
170 ERR_load_strings(0, ENGINE_str_reasons);
171 }
172#endif
173}
diff --git a/src/lib/libcrypto/engine/eng_fat.c b/src/lib/libcrypto/engine/eng_fat.c
deleted file mode 100644
index b54757d8ad..0000000000
--- a/src/lib/libcrypto/engine/eng_fat.c
+++ /dev/null
@@ -1,192 +0,0 @@
1/* $OpenBSD: eng_fat.c,v 1.15 2015/02/11 03:19:37 doug Exp $ */
2/* ====================================================================
3 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55/* ====================================================================
56 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
57 * ECDH support in OpenSSL originally developed by
58 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
59 */
60
61#include <string.h>
62
63#include <openssl/opensslconf.h>
64
65#include <openssl/err.h>
66#include "eng_int.h"
67#include <openssl/conf.h>
68
69int
70ENGINE_set_default(ENGINE *e, unsigned int flags)
71{
72 if ((flags & ENGINE_METHOD_CIPHERS) && !ENGINE_set_default_ciphers(e))
73 return 0;
74 if ((flags & ENGINE_METHOD_DIGESTS) && !ENGINE_set_default_digests(e))
75 return 0;
76#ifndef OPENSSL_NO_RSA
77 if ((flags & ENGINE_METHOD_RSA) && !ENGINE_set_default_RSA(e))
78 return 0;
79#endif
80#ifndef OPENSSL_NO_DSA
81 if ((flags & ENGINE_METHOD_DSA) && !ENGINE_set_default_DSA(e))
82 return 0;
83#endif
84#ifndef OPENSSL_NO_DH
85 if ((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e))
86 return 0;
87#endif
88#ifndef OPENSSL_NO_ECDH
89 if ((flags & ENGINE_METHOD_ECDH) && !ENGINE_set_default_ECDH(e))
90 return 0;
91#endif
92#ifndef OPENSSL_NO_ECDSA
93 if ((flags & ENGINE_METHOD_ECDSA) && !ENGINE_set_default_ECDSA(e))
94 return 0;
95#endif
96 if ((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e))
97 return 0;
98 if ((flags & ENGINE_METHOD_PKEY_METHS) &&
99 !ENGINE_set_default_pkey_meths(e))
100 return 0;
101 if ((flags & ENGINE_METHOD_PKEY_ASN1_METHS) &&
102 !ENGINE_set_default_pkey_asn1_meths(e))
103 return 0;
104 return 1;
105}
106
107/* Set default algorithms using a string */
108
109static int
110int_def_cb(const char *alg, int len, void *arg)
111{
112 unsigned int *pflags = arg;
113
114 if (!strncmp(alg, "ALL", len))
115 *pflags |= ENGINE_METHOD_ALL;
116 else if (!strncmp(alg, "RSA", len))
117 *pflags |= ENGINE_METHOD_RSA;
118 else if (!strncmp(alg, "DSA", len))
119 *pflags |= ENGINE_METHOD_DSA;
120 else if (!strncmp(alg, "ECDH", len))
121 *pflags |= ENGINE_METHOD_ECDH;
122 else if (!strncmp(alg, "ECDSA", len))
123 *pflags |= ENGINE_METHOD_ECDSA;
124 else if (!strncmp(alg, "DH", len))
125 *pflags |= ENGINE_METHOD_DH;
126 else if (!strncmp(alg, "RAND", len))
127 *pflags |= ENGINE_METHOD_RAND;
128 else if (!strncmp(alg, "CIPHERS", len))
129 *pflags |= ENGINE_METHOD_CIPHERS;
130 else if (!strncmp(alg, "DIGESTS", len))
131 *pflags |= ENGINE_METHOD_DIGESTS;
132 else if (!strncmp(alg, "PKEY", len))
133 *pflags |= ENGINE_METHOD_PKEY_METHS |
134 ENGINE_METHOD_PKEY_ASN1_METHS;
135 else if (!strncmp(alg, "PKEY_CRYPTO", len))
136 *pflags |= ENGINE_METHOD_PKEY_METHS;
137 else if (!strncmp(alg, "PKEY_ASN1", len))
138 *pflags |= ENGINE_METHOD_PKEY_ASN1_METHS;
139 else
140 return 0;
141 return 1;
142}
143
144int
145ENGINE_set_default_string(ENGINE *e, const char *def_list)
146{
147 unsigned int flags = 0;
148
149 if (!CONF_parse_list(def_list, ',', 1, int_def_cb, &flags)) {
150 ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_STRING,
151 ENGINE_R_INVALID_STRING);
152 ERR_asprintf_error_data("str=%s",def_list);
153 return 0;
154 }
155 return ENGINE_set_default(e, flags);
156}
157
158int
159ENGINE_register_complete(ENGINE *e)
160{
161 ENGINE_register_ciphers(e);
162 ENGINE_register_digests(e);
163#ifndef OPENSSL_NO_RSA
164 ENGINE_register_RSA(e);
165#endif
166#ifndef OPENSSL_NO_DSA
167 ENGINE_register_DSA(e);
168#endif
169#ifndef OPENSSL_NO_DH
170 ENGINE_register_DH(e);
171#endif
172#ifndef OPENSSL_NO_ECDH
173 ENGINE_register_ECDH(e);
174#endif
175#ifndef OPENSSL_NO_ECDSA
176 ENGINE_register_ECDSA(e);
177#endif
178 ENGINE_register_RAND(e);
179 ENGINE_register_pkey_meths(e);
180 return 1;
181}
182
183int
184ENGINE_register_all_complete(void)
185{
186 ENGINE *e;
187
188 for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
189 if (!(e->flags & ENGINE_FLAGS_NO_REGISTER_ALL))
190 ENGINE_register_complete(e);
191 return 1;
192}
diff --git a/src/lib/libcrypto/engine/eng_init.c b/src/lib/libcrypto/engine/eng_init.c
deleted file mode 100644
index b50e22594c..0000000000
--- a/src/lib/libcrypto/engine/eng_init.c
+++ /dev/null
@@ -1,150 +0,0 @@
1/* $OpenBSD: eng_init.c,v 1.7 2015/02/11 03:19:37 doug Exp $ */
2/* ====================================================================
3 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include <openssl/err.h>
57
58#include "eng_int.h"
59
60/* Initialise a engine type for use (or up its functional reference count
61 * if it's already in use). This version is only used internally. */
62int
63engine_unlocked_init(ENGINE *e)
64{
65 int to_return = 1;
66
67 if ((e->funct_ref == 0) && e->init)
68 /* This is the first functional reference and the engine
69 * requires initialisation so we do it now. */
70 to_return = e->init(e);
71 if (to_return) {
72 /* OK, we return a functional reference which is also a
73 * structural reference. */
74 e->struct_ref++;
75 e->funct_ref++;
76 engine_ref_debug(e, 0, 1)
77 engine_ref_debug(e, 1, 1)
78 }
79 return to_return;
80}
81
82/* Free a functional reference to a engine type. This version is only used
83 * internally. */
84int
85engine_unlocked_finish(ENGINE *e, int unlock_for_handlers)
86{
87 int to_return = 1;
88
89 /* Reduce the functional reference count here so if it's the terminating
90 * case, we can release the lock safely and call the finish() handler
91 * without risk of a race. We get a race if we leave the count until
92 * after and something else is calling "finish" at the same time -
93 * there's a chance that both threads will together take the count from
94 * 2 to 0 without either calling finish(). */
95 e->funct_ref--;
96 engine_ref_debug(e, 1, -1);
97 if ((e->funct_ref == 0) && e->finish) {
98 if (unlock_for_handlers)
99 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
100 to_return = e->finish(e);
101 if (unlock_for_handlers)
102 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
103 if (!to_return)
104 return 0;
105 }
106
107 /* Release the structural reference too */
108 if (!engine_free_util(e, 0)) {
109 ENGINEerr(ENGINE_F_ENGINE_UNLOCKED_FINISH,
110 ENGINE_R_FINISH_FAILED);
111 return 0;
112 }
113 return to_return;
114}
115
116/* The API (locked) version of "init" */
117int
118ENGINE_init(ENGINE *e)
119{
120 int ret;
121
122 if (e == NULL) {
123 ENGINEerr(ENGINE_F_ENGINE_INIT, ERR_R_PASSED_NULL_PARAMETER);
124 return 0;
125 }
126 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
127 ret = engine_unlocked_init(e);
128 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
129 return ret;
130}
131
132/* The API (locked) version of "finish" */
133int
134ENGINE_finish(ENGINE *e)
135{
136 int to_return = 1;
137
138 if (e == NULL) {
139 ENGINEerr(ENGINE_F_ENGINE_FINISH, ERR_R_PASSED_NULL_PARAMETER);
140 return 0;
141 }
142 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
143 to_return = engine_unlocked_finish(e, 1);
144 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
145 if (!to_return) {
146 ENGINEerr(ENGINE_F_ENGINE_FINISH, ENGINE_R_FINISH_FAILED);
147 return 0;
148 }
149 return to_return;
150}
diff --git a/src/lib/libcrypto/engine/eng_int.h b/src/lib/libcrypto/engine/eng_int.h
deleted file mode 100644
index f240411981..0000000000
--- a/src/lib/libcrypto/engine/eng_int.h
+++ /dev/null
@@ -1,206 +0,0 @@
1/* $OpenBSD: eng_int.h,v 1.8 2014/07/11 08:44:48 jsing Exp $ */
2/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58/* ====================================================================
59 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
60 * ECDH support in OpenSSL originally developed by
61 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
62 */
63
64#ifndef HEADER_ENGINE_INT_H
65#define HEADER_ENGINE_INT_H
66
67/* Take public definitions from engine.h */
68#include <openssl/engine.h>
69
70#ifdef __cplusplus
71extern "C" {
72#endif
73
74/* If we compile with this symbol defined, then both reference counts in the
75 * ENGINE structure will be monitored with a line of output on stderr for each
76 * change. This prints the engine's pointer address (truncated to unsigned int),
77 * "struct" or "funct" to indicate the reference type, the before and after
78 * reference count, and the file:line-number pair. The "engine_ref_debug"
79 * statements must come *after* the change. */
80#ifdef ENGINE_REF_COUNT_DEBUG
81
82#define engine_ref_debug(e, isfunct, diff) \
83 fprintf(stderr, "engine: %08x %s from %d to %d (%s:%d)\n", \
84 (unsigned int)(e), (isfunct ? "funct" : "struct"), \
85 ((isfunct) ? ((e)->funct_ref - (diff)) : ((e)->struct_ref - (diff))), \
86 ((isfunct) ? (e)->funct_ref : (e)->struct_ref), \
87 (__FILE__), (__LINE__));
88
89#else
90
91#define engine_ref_debug(e, isfunct, diff)
92
93#endif
94
95/* Any code that will need cleanup operations should use these functions to
96 * register callbacks. ENGINE_cleanup() will call all registered callbacks in
97 * order. NB: both the "add" functions assume CRYPTO_LOCK_ENGINE to already be
98 * held (in "write" mode). */
99typedef void (ENGINE_CLEANUP_CB)(void);
100typedef struct st_engine_cleanup_item {
101 ENGINE_CLEANUP_CB *cb;
102} ENGINE_CLEANUP_ITEM;
103DECLARE_STACK_OF(ENGINE_CLEANUP_ITEM)
104void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb);
105void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb);
106
107/* We need stacks of ENGINEs for use in eng_table.c */
108DECLARE_STACK_OF(ENGINE)
109
110/* If this symbol is defined then engine_table_select(), the function that is
111 * used by RSA, DSA (etc) code to select registered ENGINEs, cache defaults and
112 * functional references (etc), will display debugging summaries to stderr. */
113/* #define ENGINE_TABLE_DEBUG */
114
115/* This represents an implementation table. Dependent code should instantiate it
116 * as a (ENGINE_TABLE *) pointer value set initially to NULL. */
117typedef struct st_engine_table ENGINE_TABLE;
118int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
119 ENGINE *e, const int *nids, int num_nids, int setdefault);
120void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e);
121void engine_table_cleanup(ENGINE_TABLE **table);
122#ifndef ENGINE_TABLE_DEBUG
123ENGINE *engine_table_select(ENGINE_TABLE **table, int nid);
124#else
125ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f,
126 int l);
127#define engine_table_select(t,n) engine_table_select_tmp(t,n,__FILE__,__LINE__)
128#endif
129typedef void (engine_table_doall_cb)(int nid, STACK_OF(ENGINE) *sk,
130 ENGINE *def, void *arg);
131void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb,
132 void *arg);
133
134/* Internal versions of API functions that have control over locking. These are
135 * used between C files when functionality needs to be shared but the caller may
136 * already be controlling of the CRYPTO_LOCK_ENGINE lock. */
137int engine_unlocked_init(ENGINE *e);
138int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers);
139int engine_free_util(ENGINE *e, int locked);
140
141/* This function will reset all "set"able values in an ENGINE to NULL. This
142 * won't touch reference counts or ex_data, but is equivalent to calling all the
143 * ENGINE_set_***() functions with a NULL value. */
144void engine_set_all_null(ENGINE *e);
145
146/* NB: Bitwise OR-able values for the "flags" variable in ENGINE are now exposed
147 * in engine.h. */
148
149/* Free up dynamically allocated public key methods associated with ENGINE */
150
151void engine_pkey_meths_free(ENGINE *e);
152void engine_pkey_asn1_meths_free(ENGINE *e);
153
154/* This is a structure for storing implementations of various crypto
155 * algorithms and functions. */
156struct engine_st {
157 const char *id;
158 const char *name;
159 const RSA_METHOD *rsa_meth;
160 const DSA_METHOD *dsa_meth;
161 const DH_METHOD *dh_meth;
162 const ECDH_METHOD *ecdh_meth;
163 const ECDSA_METHOD *ecdsa_meth;
164 const RAND_METHOD *rand_meth;
165 const STORE_METHOD *store_meth;
166 /* Cipher handling is via this callback */
167 ENGINE_CIPHERS_PTR ciphers;
168 /* Digest handling is via this callback */
169 ENGINE_DIGESTS_PTR digests;
170 /* Public key handling via this callback */
171 ENGINE_PKEY_METHS_PTR pkey_meths;
172 /* ASN1 public key handling via this callback */
173 ENGINE_PKEY_ASN1_METHS_PTR pkey_asn1_meths;
174
175 ENGINE_GEN_INT_FUNC_PTR destroy;
176
177 ENGINE_GEN_INT_FUNC_PTR init;
178 ENGINE_GEN_INT_FUNC_PTR finish;
179 ENGINE_CTRL_FUNC_PTR ctrl;
180 ENGINE_LOAD_KEY_PTR load_privkey;
181 ENGINE_LOAD_KEY_PTR load_pubkey;
182
183 ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
184
185 const ENGINE_CMD_DEFN *cmd_defns;
186 int flags;
187 /* reference count on the structure itself */
188 int struct_ref;
189 /* reference count on usability of the engine type. NB: This
190 * controls the loading and initialisation of any functionlity
191 * required by this engine, whereas the previous count is
192 * simply to cope with (de)allocation of this structure. Hence,
193 * running_ref <= struct_ref at all times. */
194 int funct_ref;
195 /* A place to store per-ENGINE data */
196 CRYPTO_EX_DATA ex_data;
197 /* Used to maintain the linked-list of engines. */
198 struct engine_st *prev;
199 struct engine_st *next;
200};
201
202#ifdef __cplusplus
203}
204#endif
205
206#endif /* HEADER_ENGINE_INT_H */
diff --git a/src/lib/libcrypto/engine/eng_lib.c b/src/lib/libcrypto/engine/eng_lib.c
deleted file mode 100644
index f5f54fc657..0000000000
--- a/src/lib/libcrypto/engine/eng_lib.c
+++ /dev/null
@@ -1,367 +0,0 @@
1/* $OpenBSD: eng_lib.c,v 1.11 2015/02/11 03:19:37 doug Exp $ */
2/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <string.h>
60
61#include <openssl/err.h>
62#include <openssl/rand.h>
63
64#include "eng_int.h"
65
66/* The "new"/"free" stuff first */
67
68ENGINE *
69ENGINE_new(void)
70{
71 ENGINE *ret;
72
73 ret = malloc(sizeof(ENGINE));
74 if (ret == NULL) {
75 ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE);
76 return NULL;
77 }
78 memset(ret, 0, sizeof(ENGINE));
79 ret->struct_ref = 1;
80 engine_ref_debug(ret, 0, 1)
81 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data);
82 return ret;
83}
84
85/* Placed here (close proximity to ENGINE_new) so that modifications to the
86 * elements of the ENGINE structure are more likely to be caught and changed
87 * here. */
88void
89engine_set_all_null(ENGINE *e)
90{
91 e->id = NULL;
92 e->name = NULL;
93 e->rsa_meth = NULL;
94 e->dsa_meth = NULL;
95 e->dh_meth = NULL;
96 e->rand_meth = NULL;
97 e->store_meth = NULL;
98 e->ciphers = NULL;
99 e->digests = NULL;
100 e->destroy = NULL;
101 e->init = NULL;
102 e->finish = NULL;
103 e->ctrl = NULL;
104 e->load_privkey = NULL;
105 e->load_pubkey = NULL;
106 e->cmd_defns = NULL;
107 e->flags = 0;
108}
109
110int
111engine_free_util(ENGINE *e, int locked)
112{
113 int i;
114
115 if (e == NULL) {
116 ENGINEerr(ENGINE_F_ENGINE_FREE_UTIL,
117 ERR_R_PASSED_NULL_PARAMETER);
118 return 0;
119 }
120 if (locked)
121 i = CRYPTO_add(&e->struct_ref, -1, CRYPTO_LOCK_ENGINE);
122 else
123 i = --e->struct_ref;
124 engine_ref_debug(e, 0, -1)
125 if (i > 0)
126 return 1;
127
128 /* Free up any dynamically allocated public key methods */
129 engine_pkey_meths_free(e);
130 engine_pkey_asn1_meths_free(e);
131 /* Give the ENGINE a chance to do any structural cleanup corresponding
132 * to allocation it did in its constructor (eg. unload error strings) */
133 if (e->destroy)
134 e->destroy(e);
135 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data);
136 free(e);
137 return 1;
138}
139
140int
141ENGINE_free(ENGINE *e)
142{
143 return engine_free_util(e, 1);
144}
145
146/* Cleanup stuff */
147
148/* ENGINE_cleanup() is coded such that anything that does work that will need
149 * cleanup can register a "cleanup" callback here. That way we don't get linker
150 * bloat by referring to all *possible* cleanups, but any linker bloat into code
151 * "X" will cause X's cleanup function to end up here. */
152static STACK_OF(ENGINE_CLEANUP_ITEM) *cleanup_stack = NULL;
153static int
154int_cleanup_check(int create)
155{
156 if (cleanup_stack)
157 return 1;
158 if (!create)
159 return 0;
160 cleanup_stack = sk_ENGINE_CLEANUP_ITEM_new_null();
161 return (cleanup_stack ? 1 : 0);
162}
163
164static ENGINE_CLEANUP_ITEM *
165int_cleanup_item(ENGINE_CLEANUP_CB *cb)
166{
167 ENGINE_CLEANUP_ITEM *item = malloc(sizeof(ENGINE_CLEANUP_ITEM));
168
169 if (!item)
170 return NULL;
171 item->cb = cb;
172 return item;
173}
174
175void
176engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb)
177{
178 ENGINE_CLEANUP_ITEM *item;
179
180 if (!int_cleanup_check(1))
181 return;
182 item = int_cleanup_item(cb);
183 if (item)
184 sk_ENGINE_CLEANUP_ITEM_insert(cleanup_stack, item, 0);
185}
186
187void
188engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb)
189{
190 ENGINE_CLEANUP_ITEM *item;
191
192 if (!int_cleanup_check(1))
193 return;
194 item = int_cleanup_item(cb);
195 if (item)
196 sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item);
197}
198/* The API function that performs all cleanup */
199static void
200engine_cleanup_cb_free(ENGINE_CLEANUP_ITEM *item)
201{
202 (*(item->cb))();
203 free(item);
204}
205
206void
207ENGINE_cleanup(void)
208{
209 if (int_cleanup_check(0)) {
210 sk_ENGINE_CLEANUP_ITEM_pop_free(cleanup_stack,
211 engine_cleanup_cb_free);
212 cleanup_stack = NULL;
213 }
214 /* FIXME: This should be handled (somehow) through RAND, eg. by it
215 * registering a cleanup callback. */
216 RAND_set_rand_method(NULL);
217}
218
219/* Now the "ex_data" support */
220
221int
222ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
223 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
224{
225 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, argl, argp,
226 new_func, dup_func, free_func);
227}
228
229int
230ENGINE_set_ex_data(ENGINE *e, int idx, void *arg)
231{
232 return (CRYPTO_set_ex_data(&e->ex_data, idx, arg));
233}
234
235void *
236ENGINE_get_ex_data(const ENGINE *e, int idx)
237{
238 return (CRYPTO_get_ex_data(&e->ex_data, idx));
239}
240
241/* Functions to get/set an ENGINE's elements - mainly to avoid exposing the
242 * ENGINE structure itself. */
243
244int
245ENGINE_set_id(ENGINE *e, const char *id)
246{
247 if (id == NULL) {
248 ENGINEerr(ENGINE_F_ENGINE_SET_ID,
249 ERR_R_PASSED_NULL_PARAMETER);
250 return 0;
251 }
252 e->id = id;
253 return 1;
254}
255
256int
257ENGINE_set_name(ENGINE *e, const char *name)
258{
259 if (name == NULL) {
260 ENGINEerr(ENGINE_F_ENGINE_SET_NAME,
261 ERR_R_PASSED_NULL_PARAMETER);
262 return 0;
263 }
264 e->name = name;
265 return 1;
266}
267
268int
269ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f)
270{
271 e->destroy = destroy_f;
272 return 1;
273}
274
275int
276ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f)
277{
278 e->init = init_f;
279 return 1;
280}
281
282int
283ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f)
284{
285 e->finish = finish_f;
286 return 1;
287}
288
289int
290ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f)
291{
292 e->ctrl = ctrl_f;
293 return 1;
294}
295
296int
297ENGINE_set_flags(ENGINE *e, int flags)
298{
299 e->flags = flags;
300 return 1;
301}
302
303int
304ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns)
305{
306 e->cmd_defns = defns;
307 return 1;
308}
309
310const char *
311ENGINE_get_id(const ENGINE *e)
312{
313 return e->id;
314}
315
316const char *
317ENGINE_get_name(const ENGINE *e)
318{
319 return e->name;
320}
321
322ENGINE_GEN_INT_FUNC_PTR
323ENGINE_get_destroy_function(const ENGINE *e)
324{
325 return e->destroy;
326}
327
328ENGINE_GEN_INT_FUNC_PTR
329ENGINE_get_init_function(const ENGINE *e)
330{
331 return e->init;
332}
333
334ENGINE_GEN_INT_FUNC_PTR
335ENGINE_get_finish_function(const ENGINE *e)
336{
337 return e->finish;
338}
339
340ENGINE_CTRL_FUNC_PTR
341ENGINE_get_ctrl_function(const ENGINE *e)
342{
343 return e->ctrl;
344}
345
346int
347ENGINE_get_flags(const ENGINE *e)
348{
349 return e->flags;
350}
351
352const ENGINE_CMD_DEFN *
353ENGINE_get_cmd_defns(const ENGINE *e)
354{
355 return e->cmd_defns;
356}
357
358/* eng_lib.o is pretty much linked into anything that touches ENGINE already, so
359 * put the "static_state" hack here. */
360
361static int internal_static_hack = 0;
362
363void *
364ENGINE_get_static_state(void)
365{
366 return &internal_static_hack;
367}
diff --git a/src/lib/libcrypto/engine/eng_list.c b/src/lib/libcrypto/engine/eng_list.c
deleted file mode 100644
index fc1d16b183..0000000000
--- a/src/lib/libcrypto/engine/eng_list.c
+++ /dev/null
@@ -1,396 +0,0 @@
1/* $OpenBSD: eng_list.c,v 1.21 2015/07/19 00:56:48 bcook Exp $ */
2/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58/* ====================================================================
59 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
60 * ECDH support in OpenSSL originally developed by
61 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
62 */
63
64#include <string.h>
65#include <unistd.h>
66
67#include <openssl/opensslconf.h>
68
69#include <openssl/err.h>
70
71#include "cryptlib.h"
72#include "eng_int.h"
73
74/* The linked-list of pointers to engine types. engine_list_head
75 * incorporates an implicit structural reference but engine_list_tail
76 * does not - the latter is a computational niceity and only points
77 * to something that is already pointed to by its predecessor in the
78 * list (or engine_list_head itself). In the same way, the use of the
79 * "prev" pointer in each ENGINE is to save excessive list iteration,
80 * it doesn't correspond to an extra structural reference. Hence,
81 * engine_list_head, and each non-null "next" pointer account for
82 * the list itself assuming exactly 1 structural reference on each
83 * list member. */
84static ENGINE *engine_list_head = NULL;
85static ENGINE *engine_list_tail = NULL;
86
87/* This cleanup function is only needed internally. If it should be called, we
88 * register it with the "ENGINE_cleanup()" stack to be called during cleanup. */
89
90static void
91engine_list_cleanup(void)
92{
93 ENGINE *iterator = engine_list_head;
94
95 while (iterator != NULL && ENGINE_remove(iterator))
96 iterator = engine_list_head;
97}
98
99/* These static functions starting with a lower case "engine_" always
100 * take place when CRYPTO_LOCK_ENGINE has been locked up. */
101static int
102engine_list_add(ENGINE *e)
103{
104 int conflict = 0;
105 ENGINE *iterator = NULL;
106
107 if (e == NULL) {
108 ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
109 ERR_R_PASSED_NULL_PARAMETER);
110 return 0;
111 }
112 iterator = engine_list_head;
113 while (iterator && !conflict) {
114 conflict = (strcmp(iterator->id, e->id) == 0);
115 iterator = iterator->next;
116 }
117 if (conflict) {
118 ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
119 ENGINE_R_CONFLICTING_ENGINE_ID);
120 return 0;
121 }
122 if (engine_list_head == NULL) {
123 /* We are adding to an empty list. */
124 if (engine_list_tail) {
125 ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
126 ENGINE_R_INTERNAL_LIST_ERROR);
127 return 0;
128 }
129 engine_list_head = e;
130 e->prev = NULL;
131 /* The first time the list allocates, we should register the
132 * cleanup. */
133 engine_cleanup_add_last(engine_list_cleanup);
134 } else {
135 /* We are adding to the tail of an existing list. */
136 if ((engine_list_tail == NULL) ||
137 (engine_list_tail->next != NULL)) {
138 ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
139 ENGINE_R_INTERNAL_LIST_ERROR);
140 return 0;
141 }
142 engine_list_tail->next = e;
143 e->prev = engine_list_tail;
144 }
145 /* Having the engine in the list assumes a structural
146 * reference. */
147 e->struct_ref++;
148 engine_ref_debug(e, 0, 1)
149 /* However it came to be, e is the last item in the list. */
150 engine_list_tail = e;
151 e->next = NULL;
152 return 1;
153}
154
155static int
156engine_list_remove(ENGINE *e)
157{
158 ENGINE *iterator;
159
160 if (e == NULL) {
161 ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
162 ERR_R_PASSED_NULL_PARAMETER);
163 return 0;
164 }
165 /* We need to check that e is in our linked list! */
166 iterator = engine_list_head;
167 while (iterator && (iterator != e))
168 iterator = iterator->next;
169 if (iterator == NULL) {
170 ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
171 ENGINE_R_ENGINE_IS_NOT_IN_LIST);
172 return 0;
173 }
174 /* un-link e from the chain. */
175 if (e->next)
176 e->next->prev = e->prev;
177 if (e->prev)
178 e->prev->next = e->next;
179 /* Correct our head/tail if necessary. */
180 if (engine_list_head == e)
181 engine_list_head = e->next;
182 if (engine_list_tail == e)
183 engine_list_tail = e->prev;
184 engine_free_util(e, 0);
185 return 1;
186}
187
188/* Get the first/last "ENGINE" type available. */
189ENGINE *
190ENGINE_get_first(void)
191{
192 ENGINE *ret;
193
194 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
195 ret = engine_list_head;
196 if (ret) {
197 ret->struct_ref++;
198 engine_ref_debug(ret, 0, 1)
199 }
200 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
201 return ret;
202}
203
204ENGINE *
205ENGINE_get_last(void)
206{
207 ENGINE *ret;
208
209 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
210 ret = engine_list_tail;
211 if (ret) {
212 ret->struct_ref++;
213 engine_ref_debug(ret, 0, 1)
214 }
215 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
216 return ret;
217}
218
219/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
220ENGINE *
221ENGINE_get_next(ENGINE *e)
222{
223 ENGINE *ret = NULL;
224
225 if (e == NULL) {
226 ENGINEerr(ENGINE_F_ENGINE_GET_NEXT,
227 ERR_R_PASSED_NULL_PARAMETER);
228 return 0;
229 }
230 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
231 ret = e->next;
232 if (ret) {
233 /* Return a valid structural refernce to the next ENGINE */
234 ret->struct_ref++;
235 engine_ref_debug(ret, 0, 1)
236 }
237 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
238 /* Release the structural reference to the previous ENGINE */
239 ENGINE_free(e);
240 return ret;
241}
242
243ENGINE *
244ENGINE_get_prev(ENGINE *e)
245{
246 ENGINE *ret = NULL;
247
248 if (e == NULL) {
249 ENGINEerr(ENGINE_F_ENGINE_GET_PREV,
250 ERR_R_PASSED_NULL_PARAMETER);
251 return 0;
252 }
253 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
254 ret = e->prev;
255 if (ret) {
256 /* Return a valid structural reference to the next ENGINE */
257 ret->struct_ref++;
258 engine_ref_debug(ret, 0, 1)
259 }
260 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
261 /* Release the structural reference to the previous ENGINE */
262 ENGINE_free(e);
263 return ret;
264}
265
266/* Add another "ENGINE" type into the list. */
267int
268ENGINE_add(ENGINE *e)
269{
270 int to_return = 1;
271
272 if (e == NULL) {
273 ENGINEerr(ENGINE_F_ENGINE_ADD,
274 ERR_R_PASSED_NULL_PARAMETER);
275 return 0;
276 }
277 if ((e->id == NULL) || (e->name == NULL)) {
278 ENGINEerr(ENGINE_F_ENGINE_ADD,
279 ENGINE_R_ID_OR_NAME_MISSING);
280 }
281 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
282 if (!engine_list_add(e)) {
283 ENGINEerr(ENGINE_F_ENGINE_ADD,
284 ENGINE_R_INTERNAL_LIST_ERROR);
285 to_return = 0;
286 }
287 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
288 return to_return;
289}
290
291/* Remove an existing "ENGINE" type from the array. */
292int
293ENGINE_remove(ENGINE *e)
294{
295 int to_return = 1;
296
297 if (e == NULL) {
298 ENGINEerr(ENGINE_F_ENGINE_REMOVE,
299 ERR_R_PASSED_NULL_PARAMETER);
300 return 0;
301 }
302 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
303 if (!engine_list_remove(e)) {
304 ENGINEerr(ENGINE_F_ENGINE_REMOVE,
305 ENGINE_R_INTERNAL_LIST_ERROR);
306 to_return = 0;
307 }
308 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
309 return to_return;
310}
311
312static void
313engine_cpy(ENGINE *dest, const ENGINE *src)
314{
315 dest->id = src->id;
316 dest->name = src->name;
317#ifndef OPENSSL_NO_RSA
318 dest->rsa_meth = src->rsa_meth;
319#endif
320#ifndef OPENSSL_NO_DSA
321 dest->dsa_meth = src->dsa_meth;
322#endif
323#ifndef OPENSSL_NO_DH
324 dest->dh_meth = src->dh_meth;
325#endif
326#ifndef OPENSSL_NO_ECDH
327 dest->ecdh_meth = src->ecdh_meth;
328#endif
329#ifndef OPENSSL_NO_ECDSA
330 dest->ecdsa_meth = src->ecdsa_meth;
331#endif
332 dest->rand_meth = src->rand_meth;
333 dest->store_meth = src->store_meth;
334 dest->ciphers = src->ciphers;
335 dest->digests = src->digests;
336 dest->pkey_meths = src->pkey_meths;
337 dest->destroy = src->destroy;
338 dest->init = src->init;
339 dest->finish = src->finish;
340 dest->ctrl = src->ctrl;
341 dest->load_privkey = src->load_privkey;
342 dest->load_pubkey = src->load_pubkey;
343 dest->cmd_defns = src->cmd_defns;
344 dest->flags = src->flags;
345}
346
347ENGINE *
348ENGINE_by_id(const char *id)
349{
350 ENGINE *iterator;
351
352 if (id == NULL) {
353 ENGINEerr(ENGINE_F_ENGINE_BY_ID,
354 ERR_R_PASSED_NULL_PARAMETER);
355 return NULL;
356 }
357 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
358 iterator = engine_list_head;
359 while (iterator && (strcmp(id, iterator->id) != 0))
360 iterator = iterator->next;
361 if (iterator) {
362 /* We need to return a structural reference. If this is an
363 * ENGINE type that returns copies, make a duplicate - otherwise
364 * increment the existing ENGINE's reference count. */
365 if (iterator->flags & ENGINE_FLAGS_BY_ID_COPY) {
366 ENGINE *cp = ENGINE_new();
367 if (!cp)
368 iterator = NULL;
369 else {
370 engine_cpy(cp, iterator);
371 iterator = cp;
372 }
373 } else {
374 iterator->struct_ref++;
375 engine_ref_debug(iterator, 0, 1)
376 }
377 }
378 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
379
380 if (iterator == NULL) {
381 ENGINEerr(ENGINE_F_ENGINE_BY_ID, ENGINE_R_NO_SUCH_ENGINE);
382 ERR_asprintf_error_data("id=%s", id);
383 }
384 return iterator;
385}
386
387int
388ENGINE_up_ref(ENGINE *e)
389{
390 if (e == NULL) {
391 ENGINEerr(ENGINE_F_ENGINE_UP_REF, ERR_R_PASSED_NULL_PARAMETER);
392 return 0;
393 }
394 CRYPTO_add(&e->struct_ref, 1, CRYPTO_LOCK_ENGINE);
395 return 1;
396}
diff --git a/src/lib/libcrypto/engine/eng_openssl.c b/src/lib/libcrypto/engine/eng_openssl.c
deleted file mode 100644
index 6154aebdee..0000000000
--- a/src/lib/libcrypto/engine/eng_openssl.c
+++ /dev/null
@@ -1,406 +0,0 @@
1/* $OpenBSD: eng_openssl.c,v 1.12 2015/12/07 03:30:09 bcook Exp $ */
2/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58/* ====================================================================
59 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
60 * ECDH support in OpenSSL originally developed by
61 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
62 */
63
64#include <stdio.h>
65#include <string.h>
66
67#include <openssl/opensslconf.h>
68
69#include <openssl/crypto.h>
70#include <openssl/dso.h>
71#include <openssl/engine.h>
72#include <openssl/err.h>
73#include <openssl/evp.h>
74#include <openssl/pem.h>
75#include <openssl/rand.h>
76
77#ifndef OPENSSL_NO_DH
78#include <openssl/dh.h>
79#endif
80#ifndef OPENSSL_NO_DSA
81#include <openssl/dsa.h>
82#endif
83#ifndef OPENSSL_NO_RSA
84#include <openssl/rsa.h>
85#endif
86
87/* This testing gunk is implemented (and explained) lower down. It also assumes
88 * the application explicitly calls "ENGINE_load_openssl()" because this is no
89 * longer automatic in ENGINE_load_builtin_engines(). */
90#define TEST_ENG_OPENSSL_RC4
91#define TEST_ENG_OPENSSL_PKEY
92/* #define TEST_ENG_OPENSSL_RC4_OTHERS */
93#define TEST_ENG_OPENSSL_RC4_P_INIT
94/* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */
95#define TEST_ENG_OPENSSL_SHA
96/* #define TEST_ENG_OPENSSL_SHA_OTHERS */
97/* #define TEST_ENG_OPENSSL_SHA_P_INIT */
98/* #define TEST_ENG_OPENSSL_SHA_P_UPDATE */
99/* #define TEST_ENG_OPENSSL_SHA_P_FINAL */
100
101/* Now check what of those algorithms are actually enabled */
102#ifdef OPENSSL_NO_RC4
103#undef TEST_ENG_OPENSSL_RC4
104#undef TEST_ENG_OPENSSL_RC4_OTHERS
105#undef TEST_ENG_OPENSSL_RC4_P_INIT
106#undef TEST_ENG_OPENSSL_RC4_P_CIPHER
107#endif
108#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA1)
109#undef TEST_ENG_OPENSSL_SHA
110#undef TEST_ENG_OPENSSL_SHA_OTHERS
111#undef TEST_ENG_OPENSSL_SHA_P_INIT
112#undef TEST_ENG_OPENSSL_SHA_P_UPDATE
113#undef TEST_ENG_OPENSSL_SHA_P_FINAL
114#endif
115
116#ifdef TEST_ENG_OPENSSL_RC4
117static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
118 const int **nids, int nid);
119#endif
120#ifdef TEST_ENG_OPENSSL_SHA
121static int openssl_digests(ENGINE *e, const EVP_MD **digest,
122 const int **nids, int nid);
123#endif
124
125#ifdef TEST_ENG_OPENSSL_PKEY
126static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
127 UI_METHOD *ui_method, void *callback_data);
128#endif
129
130/* The constants used when creating the ENGINE */
131static const char *engine_openssl_id = "openssl";
132static const char *engine_openssl_name = "Software engine support";
133
134/* This internal function is used by ENGINE_openssl() and possibly by the
135 * "dynamic" ENGINE support too */
136static int
137bind_helper(ENGINE *e)
138{
139 if (!ENGINE_set_id(e, engine_openssl_id) ||
140 !ENGINE_set_name(e, engine_openssl_name)
141#ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS
142#ifndef OPENSSL_NO_RSA
143 || !ENGINE_set_RSA(e, RSA_get_default_method())
144#endif
145#ifndef OPENSSL_NO_DSA
146 || !ENGINE_set_DSA(e, DSA_get_default_method())
147#endif
148#ifndef OPENSSL_NO_ECDH
149 || !ENGINE_set_ECDH(e, ECDH_OpenSSL())
150#endif
151#ifndef OPENSSL_NO_ECDSA
152 || !ENGINE_set_ECDSA(e, ECDSA_OpenSSL())
153#endif
154#ifndef OPENSSL_NO_DH
155 || !ENGINE_set_DH(e, DH_get_default_method())
156#endif
157 || !ENGINE_set_RAND(e, RAND_SSLeay())
158#ifdef TEST_ENG_OPENSSL_RC4
159 || !ENGINE_set_ciphers(e, openssl_ciphers)
160#endif
161#ifdef TEST_ENG_OPENSSL_SHA
162 || !ENGINE_set_digests(e, openssl_digests)
163#endif
164#endif
165#ifdef TEST_ENG_OPENSSL_PKEY
166 || !ENGINE_set_load_privkey_function(e, openssl_load_privkey)
167#endif
168 )
169 return 0;
170 /* If we add errors to this ENGINE, ensure the error handling is setup here */
171 /* openssl_load_error_strings(); */
172 return 1;
173}
174
175static ENGINE *
176engine_openssl(void)
177{
178 ENGINE *ret = ENGINE_new();
179
180 if (!ret)
181 return NULL;
182 if (!bind_helper(ret)) {
183 ENGINE_free(ret);
184 return NULL;
185 }
186 return ret;
187}
188
189void
190ENGINE_load_openssl(void)
191{
192 ENGINE *toadd = engine_openssl();
193
194 if (!toadd)
195 return;
196 (void) ENGINE_add(toadd);
197 /* If the "add" worked, it gets a structural reference. So either way,
198 * we release our just-created reference. */
199 ENGINE_free(toadd);
200 ERR_clear_error();
201}
202
203/* This stuff is needed if this ENGINE is being compiled into a self-contained
204 * shared-library. */
205#ifdef ENGINE_DYNAMIC_SUPPORT
206static int
207bind_fn(ENGINE *e, const char *id)
208{
209 if (id && (strcmp(id, engine_openssl_id) != 0))
210 return 0;
211 if (!bind_helper(e))
212 return 0;
213 return 1;
214}
215IMPLEMENT_DYNAMIC_CHECK_FN()
216IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
217#endif /* ENGINE_DYNAMIC_SUPPORT */
218
219#ifdef TEST_ENG_OPENSSL_RC4
220/* This section of code compiles an "alternative implementation" of two modes of
221 * RC4 into this ENGINE. The result is that EVP_CIPHER operation for "rc4"
222 * should under normal circumstances go via this support rather than the default
223 * EVP support. There are other symbols to tweak the testing;
224 * TEST_ENC_OPENSSL_RC4_OTHERS - print a one line message to stderr each time
225 * we're asked for a cipher we don't support (should not happen).
226 * TEST_ENG_OPENSSL_RC4_P_INIT - print a one line message to stderr each time
227 * the "init_key" handler is called.
228 * TEST_ENG_OPENSSL_RC4_P_CIPHER - ditto for the "cipher" handler.
229 */
230#include <openssl/rc4.h>
231#define TEST_RC4_KEY_SIZE 16
232static int test_cipher_nids[] = {NID_rc4, NID_rc4_40};
233static int test_cipher_nids_number = 2;
234
235typedef struct {
236 unsigned char key[TEST_RC4_KEY_SIZE];
237 RC4_KEY ks;
238} TEST_RC4_KEY;
239
240#define test(ctx) ((TEST_RC4_KEY *)(ctx)->cipher_data)
241static int
242test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
243 const unsigned char *iv, int enc)
244{
245#ifdef TEST_ENG_OPENSSL_RC4_P_INIT
246 fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_init_key() called\n");
247#endif
248 memcpy(&test(ctx)->key[0], key, EVP_CIPHER_CTX_key_length(ctx));
249 RC4_set_key(&test(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx),
250 test(ctx)->key);
251 return 1;
252}
253
254static int
255test_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
256 const unsigned char *in, size_t inl)
257{
258#ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER
259 fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n");
260#endif
261 RC4(&test(ctx)->ks, inl, in, out);
262 return 1;
263}
264
265static const EVP_CIPHER test_r4_cipher = {
266 NID_rc4,
267 1, TEST_RC4_KEY_SIZE, 0,
268 EVP_CIPH_VARIABLE_LENGTH,
269 test_rc4_init_key,
270 test_rc4_cipher,
271 NULL,
272 sizeof(TEST_RC4_KEY),
273 NULL,
274 NULL,
275 NULL,
276 NULL
277};
278
279static const EVP_CIPHER test_r4_40_cipher = {
280 NID_rc4_40,
281 1,5 /* 40 bit */,0,
282 EVP_CIPH_VARIABLE_LENGTH,
283 test_rc4_init_key,
284 test_rc4_cipher,
285 NULL,
286 sizeof(TEST_RC4_KEY),
287 NULL,
288 NULL,
289 NULL,
290 NULL
291};
292
293static int
294openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid)
295{
296 if (!cipher) {
297 /* We are returning a list of supported nids */
298 *nids = test_cipher_nids;
299 return test_cipher_nids_number;
300 }
301 /* We are being asked for a specific cipher */
302 if (nid == NID_rc4)
303 *cipher = &test_r4_cipher;
304 else if (nid == NID_rc4_40)
305 *cipher = &test_r4_40_cipher;
306 else {
307#ifdef TEST_ENG_OPENSSL_RC4_OTHERS
308 fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) returning NULL for "
309 "nid %d\n", nid);
310#endif
311 *cipher = NULL;
312 return 0;
313 }
314 return 1;
315}
316#endif
317
318#ifdef TEST_ENG_OPENSSL_SHA
319/* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */
320#include <openssl/sha.h>
321static int test_digest_nids[] = {NID_sha1};
322static int test_digest_nids_number = 1;
323
324static int
325test_sha1_init(EVP_MD_CTX *ctx)
326{
327#ifdef TEST_ENG_OPENSSL_SHA_P_INIT
328 fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n");
329#endif
330 return SHA1_Init(ctx->md_data);
331}
332
333static int
334test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count)
335{
336#ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE
337 fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n");
338#endif
339 return SHA1_Update(ctx->md_data, data, count);
340}
341
342static int
343test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
344{
345#ifdef TEST_ENG_OPENSSL_SHA_P_FINAL
346 fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n");
347#endif
348 return SHA1_Final(md, ctx->md_data);
349}
350
351static const EVP_MD test_sha_md = {
352 NID_sha1,
353 NID_sha1WithRSAEncryption,
354 SHA_DIGEST_LENGTH,
355 0,
356 test_sha1_init,
357 test_sha1_update,
358 test_sha1_final,
359 NULL,
360 NULL,
361 EVP_PKEY_RSA_method,
362 SHA_CBLOCK,
363 sizeof(EVP_MD *) + sizeof(SHA_CTX),
364};
365
366static int
367openssl_digests(ENGINE *e, const EVP_MD **digest, const int **nids, int nid)
368{
369 if (!digest) {
370 /* We are returning a list of supported nids */
371 *nids = test_digest_nids;
372 return test_digest_nids_number;
373 }
374 /* We are being asked for a specific digest */
375 if (nid == NID_sha1)
376 *digest = &test_sha_md;
377 else {
378#ifdef TEST_ENG_OPENSSL_SHA_OTHERS
379 fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for "
380 "nid %d\n", nid);
381#endif
382 *digest = NULL;
383 return 0;
384 }
385 return 1;
386}
387#endif
388
389#ifdef TEST_ENG_OPENSSL_PKEY
390static EVP_PKEY *
391openssl_load_privkey(ENGINE *eng, const char *key_id, UI_METHOD *ui_method,
392 void *callback_data)
393{
394 BIO *in;
395 EVP_PKEY *key;
396
397 fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n",
398 key_id);
399 in = BIO_new_file(key_id, "r");
400 if (!in)
401 return NULL;
402 key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL);
403 BIO_free(in);
404 return key;
405}
406#endif
diff --git a/src/lib/libcrypto/engine/eng_padlock.c b/src/lib/libcrypto/engine/eng_padlock.c
deleted file mode 100644
index 1c86a343df..0000000000
--- a/src/lib/libcrypto/engine/eng_padlock.c
+++ /dev/null
@@ -1,1128 +0,0 @@
1/* $OpenBSD: eng_padlock.c,v 1.14 2015/02/07 13:19:15 doug Exp $ */
2/*
3 * Support for VIA PadLock Advanced Cryptography Engine (ACE)
4 * Written by Michal Ludvig <michal@logix.cz>
5 * http://www.logix.cz/michal
6 *
7 * Big thanks to Andy Polyakov for a help with optimization,
8 * assembler fixes, port to MS Windows and a lot of other
9 * valuable work on this engine!
10 */
11
12/* ====================================================================
13 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
14 *
15 * Redistribution and use in source and binary forms, with or without
16 * modification, are permitted provided that the following conditions
17 * are met:
18 *
19 * 1. Redistributions of source code must retain the above copyright
20 * notice, this list of conditions and the following disclaimer.
21 *
22 * 2. Redistributions in binary form must reproduce the above copyright
23 * notice, this list of conditions and the following disclaimer in
24 * the documentation and/or other materials provided with the
25 * distribution.
26 *
27 * 3. All advertising materials mentioning features or use of this
28 * software must display the following acknowledgment:
29 * "This product includes software developed by the OpenSSL Project
30 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
31 *
32 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
33 * endorse or promote products derived from this software without
34 * prior written permission. For written permission, please contact
35 * licensing@OpenSSL.org.
36 *
37 * 5. Products derived from this software may not be called "OpenSSL"
38 * nor may "OpenSSL" appear in their names without prior written
39 * permission of the OpenSSL Project.
40 *
41 * 6. Redistributions of any form whatsoever must retain the following
42 * acknowledgment:
43 * "This product includes software developed by the OpenSSL Project
44 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
45 *
46 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
47 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
48 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
49 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
50 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
51 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
52 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
53 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
54 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
55 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
56 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
57 * OF THE POSSIBILITY OF SUCH DAMAGE.
58 * ====================================================================
59 *
60 * This product includes cryptographic software written by Eric Young
61 * (eay@cryptsoft.com). This product includes software written by Tim
62 * Hudson (tjh@cryptsoft.com).
63 *
64 */
65
66#include <stdio.h>
67#include <string.h>
68
69#include <openssl/opensslconf.h>
70
71#include <openssl/crypto.h>
72#include <openssl/dso.h>
73#include <openssl/engine.h>
74#include <openssl/evp.h>
75#ifndef OPENSSL_NO_AES
76#include <openssl/aes.h>
77#endif
78#include <openssl/err.h>
79
80#ifndef OPENSSL_NO_HW
81#ifndef OPENSSL_NO_HW_PADLOCK
82
83/* Attempt to have a single source for both 0.9.7 and 0.9.8 :-) */
84#if (OPENSSL_VERSION_NUMBER >= 0x00908000L)
85# ifndef OPENSSL_NO_DYNAMIC_ENGINE
86# define DYNAMIC_ENGINE
87# endif
88#elif (OPENSSL_VERSION_NUMBER >= 0x00907000L)
89# ifdef ENGINE_DYNAMIC_SUPPORT
90# define DYNAMIC_ENGINE
91# endif
92#else
93# error "Only OpenSSL >= 0.9.7 is supported"
94#endif
95
96/* VIA PadLock AES is available *ONLY* on some x86 CPUs.
97 Not only that it doesn't exist elsewhere, but it
98 even can't be compiled on other platforms!
99
100 In addition, because of the heavy use of inline assembler,
101 compiler choice is limited to GCC and Microsoft C. */
102#undef COMPILE_HW_PADLOCK
103#if !defined(I386_ONLY) && !defined(OPENSSL_NO_INLINE_ASM)
104# if (defined(__GNUC__) && (defined(__i386__) || defined(__i386)))
105# define COMPILE_HW_PADLOCK
106# endif
107#endif
108
109#ifdef OPENSSL_NO_DYNAMIC_ENGINE
110#ifdef COMPILE_HW_PADLOCK
111static ENGINE *ENGINE_padlock (void);
112#endif
113
114void ENGINE_load_padlock (void)
115{
116/* On non-x86 CPUs it just returns. */
117#ifdef COMPILE_HW_PADLOCK
118 ENGINE *toadd = ENGINE_padlock ();
119 if (!toadd)
120 return;
121 ENGINE_add (toadd);
122 ENGINE_free (toadd);
123 ERR_clear_error ();
124#endif
125}
126
127#endif
128
129#ifdef COMPILE_HW_PADLOCK
130/* We do these includes here to avoid header problems on platforms that
131 do not have the VIA padlock anyway... */
132#include <stdlib.h>
133#if defined(__GNUC__)
134# ifndef alloca
135# define alloca(s) __builtin_alloca(s)
136# endif
137#endif
138
139/* Function for ENGINE detection and control */
140static int padlock_available(void);
141static int padlock_init(ENGINE *e);
142
143/* RNG Stuff */
144static RAND_METHOD padlock_rand;
145
146/* Cipher Stuff */
147#ifndef OPENSSL_NO_AES
148static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
149#endif
150
151/* Engine names */
152static const char *padlock_id = "padlock";
153static char padlock_name[100];
154
155/* Available features */
156static int padlock_use_ace = 0; /* Advanced Cryptography Engine */
157static int padlock_use_rng = 0; /* Random Number Generator */
158#ifndef OPENSSL_NO_AES
159static int padlock_aes_align_required = 1;
160#endif
161
162/* ===== Engine "management" functions ===== */
163
164/* Prepare the ENGINE structure for registration */
165static int
166padlock_bind_helper(ENGINE *e)
167{
168 /* Check available features */
169 padlock_available();
170
171 /*
172 * RNG is currently disabled for reasons discussed in commentary just
173 * before padlock_rand_bytes function.
174 */
175 padlock_use_rng = 0;
176
177 /* Generate a nice engine name with available features */
178 (void) snprintf(padlock_name, sizeof(padlock_name),
179 "VIA PadLock (%s, %s)",
180 padlock_use_rng ? "RNG" : "no-RNG",
181 padlock_use_ace ? "ACE" : "no-ACE");
182
183 /* Register everything or return with an error */
184 if (!ENGINE_set_id(e, padlock_id) ||
185 !ENGINE_set_name(e, padlock_name) ||
186 !ENGINE_set_init_function(e, padlock_init) ||
187#ifndef OPENSSL_NO_AES
188 (padlock_use_ace && !ENGINE_set_ciphers (e, padlock_ciphers)) ||
189#endif
190 (padlock_use_rng && !ENGINE_set_RAND (e, &padlock_rand))) {
191 return 0;
192 }
193
194 /* Everything looks good */
195 return 1;
196}
197
198#ifdef OPENSSL_NO_DYNAMIC_ENGINE
199
200/* Constructor */
201static ENGINE *
202ENGINE_padlock(void)
203{
204 ENGINE *eng = ENGINE_new();
205
206 if (!eng) {
207 return NULL;
208 }
209
210 if (!padlock_bind_helper(eng)) {
211 ENGINE_free(eng);
212 return NULL;
213 }
214
215 return eng;
216}
217
218#endif
219
220/* Check availability of the engine */
221static int
222padlock_init(ENGINE *e)
223{
224 return (padlock_use_rng || padlock_use_ace);
225}
226
227/* This stuff is needed if this ENGINE is being compiled into a self-contained
228 * shared-library.
229 */
230#ifdef DYNAMIC_ENGINE
231static int
232padlock_bind_fn(ENGINE *e, const char *id)
233{
234 if (id && (strcmp(id, padlock_id) != 0)) {
235 return 0;
236 }
237
238 if (!padlock_bind_helper(e)) {
239 return 0;
240 }
241
242 return 1;
243}
244
245IMPLEMENT_DYNAMIC_CHECK_FN()
246IMPLEMENT_DYNAMIC_BIND_FN (padlock_bind_fn)
247#endif /* DYNAMIC_ENGINE */
248
249/* ===== Here comes the "real" engine ===== */
250
251#ifndef OPENSSL_NO_AES
252/* Some AES-related constants */
253#define AES_BLOCK_SIZE 16
254#define AES_KEY_SIZE_128 16
255#define AES_KEY_SIZE_192 24
256#define AES_KEY_SIZE_256 32
257
258/* Here we store the status information relevant to the
259 current context. */
260/* BIG FAT WARNING:
261 * Inline assembler in PADLOCK_XCRYPT_ASM()
262 * depends on the order of items in this structure.
263 * Don't blindly modify, reorder, etc!
264 */
265struct padlock_cipher_data {
266 unsigned char iv[AES_BLOCK_SIZE]; /* Initialization vector */
267 union {
268 unsigned int pad[4];
269 struct {
270 int rounds : 4;
271 int dgst : 1; /* n/a in C3 */
272 int align : 1; /* n/a in C3 */
273 int ciphr : 1; /* n/a in C3 */
274 unsigned int keygen : 1;
275 int interm : 1;
276 unsigned int encdec : 1;
277 int ksize : 2;
278 } b;
279 } cword; /* Control word */
280 AES_KEY ks; /* Encryption key */
281};
282
283/*
284 * Essentially this variable belongs in thread local storage.
285 * Having this variable global on the other hand can only cause
286 * few bogus key reloads [if any at all on single-CPU system],
287 * so we accept the penatly...
288 */
289static volatile struct padlock_cipher_data *padlock_saved_context;
290#endif
291
292/*
293 * =======================================================
294 * Inline assembler section(s).
295 * =======================================================
296 * Order of arguments is chosen to facilitate Windows port
297 * using __fastcall calling convention. If you wish to add
298 * more routines, keep in mind that first __fastcall
299 * argument is passed in %ecx and second - in %edx.
300 * =======================================================
301 */
302#if defined(__GNUC__) && __GNUC__>=2
303/*
304 * As for excessive "push %ebx"/"pop %ebx" found all over.
305 * When generating position-independent code GCC won't let
306 * us use "b" in assembler templates nor even respect "ebx"
307 * in "clobber description." Therefore the trouble...
308 */
309
310/* Helper function - check if a CPUID instruction
311 is available on this CPU */
312static int
313padlock_insn_cpuid_available(void)
314{
315 int result = -1;
316
317 /* We're checking if the bit #21 of EFLAGS
318 can be toggled. If yes = CPUID is available. */
319 asm volatile (
320 "pushf\n"
321 "popl %%eax\n"
322 "xorl $0x200000, %%eax\n"
323 "movl %%eax, %%ecx\n"
324 "andl $0x200000, %%ecx\n"
325 "pushl %%eax\n"
326 "popf\n"
327 "pushf\n"
328 "popl %%eax\n"
329 "andl $0x200000, %%eax\n"
330 "xorl %%eax, %%ecx\n"
331 "movl %%ecx, %0\n"
332 : "=r" (result) : : "eax", "ecx");
333
334 return (result == 0);
335}
336
337/* Load supported features of the CPU to see if
338 the PadLock is available. */
339static int
340padlock_available(void)
341{
342 char vendor_string[16];
343 unsigned int eax, edx;
344
345 /* First check if the CPUID instruction is available at all... */
346 if (! padlock_insn_cpuid_available())
347 return 0;
348
349 /* Are we running on the Centaur (VIA) CPU? */
350 eax = 0x00000000;
351 vendor_string[12] = 0;
352 asm volatile (
353 "pushl %%ebx\n"
354 "cpuid\n"
355 "movl %%ebx,(%%edi)\n"
356 "movl %%edx,4(%%edi)\n"
357 "movl %%ecx,8(%%edi)\n"
358 "popl %%ebx"
359 : "+a"(eax) : "D"(vendor_string) : "ecx", "edx");
360 if (strcmp(vendor_string, "CentaurHauls") != 0)
361 return 0;
362
363 /* Check for Centaur Extended Feature Flags presence */
364 eax = 0xC0000000;
365 asm volatile ("pushl %%ebx; cpuid; popl %%ebx"
366 : "+a"(eax) : : "ecx", "edx");
367 if (eax < 0xC0000001)
368 return 0;
369
370 /* Read the Centaur Extended Feature Flags */
371 eax = 0xC0000001;
372 asm volatile ("pushl %%ebx; cpuid; popl %%ebx"
373 : "+a"(eax), "=d"(edx) : : "ecx");
374
375 /* Fill up some flags */
376 padlock_use_ace = ((edx & (0x3 << 6)) == (0x3 << 6));
377 padlock_use_rng = ((edx & (0x3 << 2)) == (0x3 << 2));
378
379 return padlock_use_ace + padlock_use_rng;
380}
381
382#ifndef OPENSSL_NO_AES
383/* Our own htonl()/ntohl() */
384static inline void
385padlock_bswapl(AES_KEY *ks)
386{
387 size_t i = sizeof(ks->rd_key)/sizeof(ks->rd_key[0]);
388 unsigned int *key = ks->rd_key;
389
390 while (i--) {
391 asm volatile ("bswapl %0" : "+r"(*key));
392 key++;
393 }
394}
395#endif
396
397/* Force key reload from memory to the CPU microcode.
398 Loading EFLAGS from the stack clears EFLAGS[30]
399 which does the trick. */
400static inline void
401padlock_reload_key(void)
402{
403 asm volatile ("pushfl; popfl");
404}
405
406#ifndef OPENSSL_NO_AES
407/*
408 * This is heuristic key context tracing. At first one
409 * believes that one should use atomic swap instructions,
410 * but it's not actually necessary. Point is that if
411 * padlock_saved_context was changed by another thread
412 * after we've read it and before we compare it with cdata,
413 * our key *shall* be reloaded upon thread context switch
414 * and we are therefore set in either case...
415 */
416static inline void
417padlock_verify_context(struct padlock_cipher_data *cdata)
418{
419 asm volatile (
420 "pushfl\n"
421 " btl $30,(%%esp)\n"
422 " jnc 1f\n"
423 " cmpl %2,%1\n"
424 " je 1f\n"
425 " popfl\n"
426 " subl $4,%%esp\n"
427 "1: addl $4,%%esp\n"
428 " movl %2,%0"
429 :"+m"(padlock_saved_context)
430 : "r"(padlock_saved_context), "r"(cdata) : "cc");
431}
432
433/* Template for padlock_xcrypt_* modes */
434/* BIG FAT WARNING:
435 * The offsets used with 'leal' instructions
436 * describe items of the 'padlock_cipher_data'
437 * structure.
438 */
439#define PADLOCK_XCRYPT_ASM(name,rep_xcrypt) \
440static inline void *name(size_t cnt, \
441 struct padlock_cipher_data *cdata, \
442 void *out, const void *inp) \
443{ void *iv; \
444 asm volatile ( "pushl %%ebx\n" \
445 " leal 16(%0),%%edx\n" \
446 " leal 32(%0),%%ebx\n" \
447 rep_xcrypt "\n" \
448 " popl %%ebx" \
449 : "=a"(iv), "=c"(cnt), "=D"(out), "=S"(inp) \
450 : "0"(cdata), "1"(cnt), "2"(out), "3"(inp) \
451 : "edx", "cc", "memory"); \
452 return iv; \
453}
454
455/* Generate all functions with appropriate opcodes */
456PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, ".byte 0xf3,0x0f,0xa7,0xc8") /* rep xcryptecb */
457PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc, ".byte 0xf3,0x0f,0xa7,0xd0") /* rep xcryptcbc */
458PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0") /* rep xcryptcfb */
459PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8") /* rep xcryptofb */
460#endif
461
462/* The RNG call itself */
463static inline unsigned int
464padlock_xstore(void *addr, unsigned int edx_in)
465{
466 unsigned int eax_out;
467
468 asm volatile (".byte 0x0f,0xa7,0xc0" /* xstore */
469 : "=a"(eax_out),"=m"(*(unsigned *)addr)
470 : "D"(addr), "d" (edx_in)
471 );
472
473 return eax_out;
474}
475
476/* Why not inline 'rep movsd'? I failed to find information on what
477 * value in Direction Flag one can expect and consequently have to
478 * apply "better-safe-than-sorry" approach and assume "undefined."
479 * I could explicitly clear it and restore the original value upon
480 * return from padlock_aes_cipher, but it's presumably too much
481 * trouble for too little gain...
482 *
483 * In case you wonder 'rep xcrypt*' instructions above are *not*
484 * affected by the Direction Flag and pointers advance toward
485 * larger addresses unconditionally.
486 */
487static inline unsigned char *
488padlock_memcpy(void *dst, const void *src, size_t n)
489{
490 long *d = dst;
491 const long *s = src;
492
493 n /= sizeof(*d);
494 do { *d++ = *s++;
495 } while (--n);
496
497 return dst;
498}
499#endif
500
501/* ===== AES encryption/decryption ===== */
502#ifndef OPENSSL_NO_AES
503
504#if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb)
505#define NID_aes_128_cfb NID_aes_128_cfb128
506#endif
507
508#if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb)
509#define NID_aes_128_ofb NID_aes_128_ofb128
510#endif
511
512#if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb)
513#define NID_aes_192_cfb NID_aes_192_cfb128
514#endif
515
516#if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb)
517#define NID_aes_192_ofb NID_aes_192_ofb128
518#endif
519
520#if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb)
521#define NID_aes_256_cfb NID_aes_256_cfb128
522#endif
523
524#if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb)
525#define NID_aes_256_ofb NID_aes_256_ofb128
526#endif
527
528/* List of supported ciphers. */
529static int padlock_cipher_nids[] = {
530 NID_aes_128_ecb,
531 NID_aes_128_cbc,
532 NID_aes_128_cfb,
533 NID_aes_128_ofb,
534
535 NID_aes_192_ecb,
536 NID_aes_192_cbc,
537 NID_aes_192_cfb,
538 NID_aes_192_ofb,
539
540 NID_aes_256_ecb,
541 NID_aes_256_cbc,
542 NID_aes_256_cfb,
543 NID_aes_256_ofb,
544};
545static int padlock_cipher_nids_num = (sizeof(padlock_cipher_nids)/
546sizeof(padlock_cipher_nids[0]));
547
548/* Function prototypes ... */
549static int padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
550 const unsigned char *iv, int enc);
551static int padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
552 const unsigned char *in, size_t nbytes);
553
554#define NEAREST_ALIGNED(ptr) ( (unsigned char *)(ptr) + \
555 ( (0x10 - ((size_t)(ptr) & 0x0F)) & 0x0F ) )
556#define ALIGNED_CIPHER_DATA(ctx) ((struct padlock_cipher_data *)\
557 NEAREST_ALIGNED(ctx->cipher_data))
558
559#define EVP_CIPHER_block_size_ECB AES_BLOCK_SIZE
560#define EVP_CIPHER_block_size_CBC AES_BLOCK_SIZE
561#define EVP_CIPHER_block_size_OFB 1
562#define EVP_CIPHER_block_size_CFB 1
563
564/* Declaring so many ciphers by hand would be a pain.
565 Instead introduce a bit of preprocessor magic :-) */
566#define DECLARE_AES_EVP(ksize,lmode,umode) \
567static const EVP_CIPHER padlock_aes_##ksize##_##lmode = { \
568 NID_aes_##ksize##_##lmode, \
569 EVP_CIPHER_block_size_##umode, \
570 AES_KEY_SIZE_##ksize, \
571 AES_BLOCK_SIZE, \
572 0 | EVP_CIPH_##umode##_MODE, \
573 padlock_aes_init_key, \
574 padlock_aes_cipher, \
575 NULL, \
576 sizeof(struct padlock_cipher_data) + 16, \
577 EVP_CIPHER_set_asn1_iv, \
578 EVP_CIPHER_get_asn1_iv, \
579 NULL, \
580 NULL \
581}
582
583DECLARE_AES_EVP(128, ecb, ECB);
584DECLARE_AES_EVP(128, cbc, CBC);
585DECLARE_AES_EVP(128, cfb, CFB);
586DECLARE_AES_EVP(128, ofb, OFB);
587
588DECLARE_AES_EVP(192, ecb, ECB);
589DECLARE_AES_EVP(192, cbc, CBC);
590DECLARE_AES_EVP(192, cfb, CFB);
591DECLARE_AES_EVP(192, ofb, OFB);
592
593DECLARE_AES_EVP(256, ecb, ECB);
594DECLARE_AES_EVP(256, cbc, CBC);
595DECLARE_AES_EVP(256, cfb, CFB);
596DECLARE_AES_EVP(256, ofb, OFB);
597
598static int
599padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid)
600{
601 /* No specific cipher => return a list of supported nids ... */
602 if (!cipher) {
603 *nids = padlock_cipher_nids;
604 return padlock_cipher_nids_num;
605 }
606
607 /* ... or the requested "cipher" otherwise */
608 switch (nid) {
609 case NID_aes_128_ecb:
610 *cipher = &padlock_aes_128_ecb;
611 break;
612 case NID_aes_128_cbc:
613 *cipher = &padlock_aes_128_cbc;
614 break;
615 case NID_aes_128_cfb:
616 *cipher = &padlock_aes_128_cfb;
617 break;
618 case NID_aes_128_ofb:
619 *cipher = &padlock_aes_128_ofb;
620 break;
621 case NID_aes_192_ecb:
622 *cipher = &padlock_aes_192_ecb;
623 break;
624 case NID_aes_192_cbc:
625 *cipher = &padlock_aes_192_cbc;
626 break;
627 case NID_aes_192_cfb:
628 *cipher = &padlock_aes_192_cfb;
629 break;
630 case NID_aes_192_ofb:
631 *cipher = &padlock_aes_192_ofb;
632 break;
633 case NID_aes_256_ecb:
634 *cipher = &padlock_aes_256_ecb;
635 break;
636 case NID_aes_256_cbc:
637 *cipher = &padlock_aes_256_cbc;
638 break;
639 case NID_aes_256_cfb:
640 *cipher = &padlock_aes_256_cfb;
641 break;
642 case NID_aes_256_ofb:
643 *cipher = &padlock_aes_256_ofb;
644 break;
645 default:
646 /* Sorry, we don't support this NID */
647 *cipher = NULL;
648 return 0;
649 }
650
651 return 1;
652}
653
654/* Prepare the encryption key for PadLock usage */
655static int
656padlock_aes_init_key (EVP_CIPHER_CTX *ctx, const unsigned char *key,
657 const unsigned char *iv, int enc)
658{
659 struct padlock_cipher_data *cdata;
660 int key_len = EVP_CIPHER_CTX_key_length(ctx) * 8;
661
662 if (key == NULL)
663 return 0; /* ERROR */
664
665 cdata = ALIGNED_CIPHER_DATA(ctx);
666 memset(cdata, 0, sizeof(struct padlock_cipher_data));
667
668 /* Prepare Control word. */
669 if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE)
670 cdata->cword.b.encdec = 0;
671 else
672 cdata->cword.b.encdec = (ctx->encrypt == 0);
673 cdata->cword.b.rounds = 10 + (key_len - 128) / 32;
674 cdata->cword.b.ksize = (key_len - 128) / 64;
675
676 switch (key_len) {
677 case 128:
678 /* PadLock can generate an extended key for
679 AES128 in hardware */
680 memcpy(cdata->ks.rd_key, key, AES_KEY_SIZE_128);
681 cdata->cword.b.keygen = 0;
682 break;
683
684 case 192:
685 case 256:
686 /* Generate an extended AES key in software.
687 Needed for AES192/AES256 */
688 /* Well, the above applies to Stepping 8 CPUs
689 and is listed as hardware errata. They most
690 likely will fix it at some point and then
691 a check for stepping would be due here. */
692 if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE ||
693 EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE ||
694 enc)
695 AES_set_encrypt_key(key, key_len, &cdata->ks);
696 else
697 AES_set_decrypt_key(key, key_len, &cdata->ks);
698#ifndef AES_ASM
699 /* OpenSSL C functions use byte-swapped extended key. */
700 padlock_bswapl(&cdata->ks);
701#endif
702 cdata->cword.b.keygen = 1;
703 break;
704
705 default:
706 /* ERROR */
707 return 0;
708 }
709
710 /*
711 * This is done to cover for cases when user reuses the
712 * context for new key. The catch is that if we don't do
713 * this, padlock_eas_cipher might proceed with old key...
714 */
715 padlock_reload_key ();
716
717 return 1;
718}
719
720/*
721 * Simplified version of padlock_aes_cipher() used when
722 * 1) both input and output buffers are at aligned addresses.
723 * or when
724 * 2) running on a newer CPU that doesn't require aligned buffers.
725 */
726static int
727padlock_aes_cipher_omnivorous(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
728 const unsigned char *in_arg, size_t nbytes)
729{
730 struct padlock_cipher_data *cdata;
731 void *iv;
732
733 cdata = ALIGNED_CIPHER_DATA(ctx);
734 padlock_verify_context(cdata);
735
736 switch (EVP_CIPHER_CTX_mode(ctx)) {
737 case EVP_CIPH_ECB_MODE:
738 padlock_xcrypt_ecb(nbytes / AES_BLOCK_SIZE, cdata,
739 out_arg, in_arg);
740 break;
741
742 case EVP_CIPH_CBC_MODE:
743 memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
744 iv = padlock_xcrypt_cbc(nbytes / AES_BLOCK_SIZE, cdata,
745 out_arg, in_arg);
746 memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
747 break;
748
749 case EVP_CIPH_CFB_MODE:
750 memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
751 iv = padlock_xcrypt_cfb(nbytes / AES_BLOCK_SIZE, cdata,
752 out_arg, in_arg);
753 memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
754 break;
755
756 case EVP_CIPH_OFB_MODE:
757 memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
758 padlock_xcrypt_ofb(nbytes / AES_BLOCK_SIZE, cdata,
759 out_arg, in_arg);
760 memcpy(ctx->iv, cdata->iv, AES_BLOCK_SIZE);
761 break;
762
763 default:
764 return 0;
765 }
766
767 memset(cdata->iv, 0, AES_BLOCK_SIZE);
768
769 return 1;
770}
771
772#ifndef PADLOCK_CHUNK
773# define PADLOCK_CHUNK 512 /* Must be a power of 2 larger than 16 */
774#endif
775#if PADLOCK_CHUNK<16 || PADLOCK_CHUNK&(PADLOCK_CHUNK-1)
776# error "insane PADLOCK_CHUNK..."
777#endif
778
779/* Re-align the arguments to 16-Bytes boundaries and run the
780 encryption function itself. This function is not AES-specific. */
781static int
782padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
783 const unsigned char *in_arg, size_t nbytes)
784{
785 struct padlock_cipher_data *cdata;
786 const void *inp;
787 unsigned char *out;
788 void *iv;
789 int inp_misaligned, out_misaligned, realign_in_loop;
790 size_t chunk, allocated = 0;
791
792 /* ctx->num is maintained in byte-oriented modes,
793 such as CFB and OFB... */
794 if ((chunk = ctx->num)) {
795 /* borrow chunk variable */
796 unsigned char *ivp = ctx->iv;
797
798 switch (EVP_CIPHER_CTX_mode(ctx)) {
799 case EVP_CIPH_CFB_MODE:
800 if (chunk >= AES_BLOCK_SIZE)
801 return 0; /* bogus value */
802
803 if (ctx->encrypt)
804 while (chunk < AES_BLOCK_SIZE && nbytes != 0) {
805 ivp[chunk] = *(out_arg++) = *(in_arg++) ^ ivp[chunk];
806 chunk++, nbytes--;
807 }
808 else
809 while (chunk < AES_BLOCK_SIZE && nbytes != 0) {
810 unsigned char c = *(in_arg++);
811 *(out_arg++) = c ^ ivp[chunk];
812 ivp[chunk++] = c, nbytes--;
813 }
814
815 ctx->num = chunk % AES_BLOCK_SIZE;
816 break;
817 case EVP_CIPH_OFB_MODE:
818 if (chunk >= AES_BLOCK_SIZE)
819 return 0; /* bogus value */
820
821 while (chunk < AES_BLOCK_SIZE && nbytes != 0) {
822 *(out_arg++) = *(in_arg++) ^ ivp[chunk];
823 chunk++, nbytes--;
824 }
825
826 ctx->num = chunk % AES_BLOCK_SIZE;
827 break;
828 }
829 }
830
831 if (nbytes == 0)
832 return 1;
833#if 0
834 if (nbytes % AES_BLOCK_SIZE)
835 return 0; /* are we expected to do tail processing? */
836#else
837 /* nbytes is always multiple of AES_BLOCK_SIZE in ECB and CBC
838 modes and arbitrary value in byte-oriented modes, such as
839 CFB and OFB... */
840#endif
841
842 /* VIA promises CPUs that won't require alignment in the future.
843 For now padlock_aes_align_required is initialized to 1 and
844 the condition is never met... */
845 /* C7 core is capable to manage unaligned input in non-ECB[!]
846 mode, but performance penalties appear to be approximately
847 same as for software alignment below or ~3x. They promise to
848 improve it in the future, but for now we can just as well
849 pretend that it can only handle aligned input... */
850 if (!padlock_aes_align_required && (nbytes % AES_BLOCK_SIZE) == 0)
851 return padlock_aes_cipher_omnivorous(ctx, out_arg, in_arg,
852 nbytes);
853
854 inp_misaligned = (((size_t)in_arg) & 0x0F);
855 out_misaligned = (((size_t)out_arg) & 0x0F);
856
857 /* Note that even if output is aligned and input not,
858 * I still prefer to loop instead of copy the whole
859 * input and then encrypt in one stroke. This is done
860 * in order to improve L1 cache utilization... */
861 realign_in_loop = out_misaligned|inp_misaligned;
862
863 if (!realign_in_loop && (nbytes % AES_BLOCK_SIZE) == 0)
864 return padlock_aes_cipher_omnivorous(ctx, out_arg, in_arg,
865 nbytes);
866
867 /* this takes one "if" out of the loops */
868 chunk = nbytes;
869 chunk %= PADLOCK_CHUNK;
870 if (chunk == 0)
871 chunk = PADLOCK_CHUNK;
872
873 if (out_misaligned) {
874 /* optmize for small input */
875 allocated = (chunk < nbytes ? PADLOCK_CHUNK : nbytes);
876 out = alloca(0x10 + allocated);
877 out = NEAREST_ALIGNED(out);
878 } else
879 out = out_arg;
880
881 cdata = ALIGNED_CIPHER_DATA(ctx);
882 padlock_verify_context(cdata);
883
884 switch (EVP_CIPHER_CTX_mode(ctx)) {
885 case EVP_CIPH_ECB_MODE:
886 do {
887 if (inp_misaligned)
888 inp = padlock_memcpy(out, in_arg, chunk);
889 else
890 inp = in_arg;
891 in_arg += chunk;
892
893 padlock_xcrypt_ecb(chunk / AES_BLOCK_SIZE, cdata,
894 out, inp);
895
896 if (out_misaligned)
897 out_arg = padlock_memcpy(out_arg, out, chunk) +
898 chunk;
899 else
900 out = out_arg += chunk;
901
902 nbytes -= chunk;
903 chunk = PADLOCK_CHUNK;
904 } while (nbytes);
905 break;
906
907 case EVP_CIPH_CBC_MODE:
908 memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
909 goto cbc_shortcut;
910 do {
911 if (iv != cdata->iv)
912 memcpy(cdata->iv, iv, AES_BLOCK_SIZE);
913 chunk = PADLOCK_CHUNK;
914 cbc_shortcut: /* optimize for small input */
915 if (inp_misaligned)
916 inp = padlock_memcpy(out, in_arg, chunk);
917 else
918 inp = in_arg;
919 in_arg += chunk;
920
921 iv = padlock_xcrypt_cbc(chunk / AES_BLOCK_SIZE, cdata,
922 out, inp);
923
924 if (out_misaligned)
925 out_arg = padlock_memcpy(out_arg, out, chunk) +
926 chunk;
927 else
928 out = out_arg += chunk;
929 } while (nbytes -= chunk);
930 memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
931 break;
932
933 case EVP_CIPH_CFB_MODE:
934 memcpy (iv = cdata->iv, ctx->iv, AES_BLOCK_SIZE);
935 chunk &= ~(AES_BLOCK_SIZE - 1);
936 if (chunk)
937 goto cfb_shortcut;
938 else
939 goto cfb_skiploop;
940 do {
941 if (iv != cdata->iv)
942 memcpy(cdata->iv, iv, AES_BLOCK_SIZE);
943 chunk = PADLOCK_CHUNK;
944 cfb_shortcut: /* optimize for small input */
945 if (inp_misaligned)
946 inp = padlock_memcpy(out, in_arg, chunk);
947 else
948 inp = in_arg;
949 in_arg += chunk;
950
951 iv = padlock_xcrypt_cfb(chunk / AES_BLOCK_SIZE, cdata,
952 out, inp);
953
954 if (out_misaligned)
955 out_arg = padlock_memcpy(out_arg, out, chunk) +
956 chunk;
957 else
958 out = out_arg += chunk;
959
960 nbytes -= chunk;
961 } while (nbytes >= AES_BLOCK_SIZE);
962
963cfb_skiploop:
964 if (nbytes) {
965 unsigned char *ivp = cdata->iv;
966
967 if (iv != ivp) {
968 memcpy(ivp, iv, AES_BLOCK_SIZE);
969 iv = ivp;
970 }
971 ctx->num = nbytes;
972 if (cdata->cword.b.encdec) {
973 cdata->cword.b.encdec = 0;
974 padlock_reload_key();
975 padlock_xcrypt_ecb(1, cdata, ivp, ivp);
976 cdata->cword.b.encdec = 1;
977 padlock_reload_key();
978 while (nbytes) {
979 unsigned char c = *(in_arg++);
980 *(out_arg++) = c ^ *ivp;
981 *(ivp++) = c, nbytes--;
982 }
983 } else {
984 padlock_reload_key();
985 padlock_xcrypt_ecb(1, cdata, ivp, ivp);
986 padlock_reload_key();
987 while (nbytes) {
988 *ivp = *(out_arg++) = *(in_arg++) ^ *ivp;
989 ivp++, nbytes--;
990 }
991 }
992 }
993
994 memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
995 break;
996
997 case EVP_CIPH_OFB_MODE:
998 memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
999 chunk &= ~(AES_BLOCK_SIZE - 1);
1000 if (chunk) do {
1001 if (inp_misaligned)
1002 inp = padlock_memcpy(out, in_arg, chunk);
1003 else
1004 inp = in_arg;
1005 in_arg += chunk;
1006
1007 padlock_xcrypt_ofb(chunk / AES_BLOCK_SIZE, cdata,
1008 out, inp);
1009
1010 if (out_misaligned)
1011 out_arg = padlock_memcpy(out_arg, out, chunk) +
1012 chunk;
1013 else
1014 out = out_arg += chunk;
1015
1016 nbytes -= chunk;
1017 chunk = PADLOCK_CHUNK;
1018 } while (nbytes >= AES_BLOCK_SIZE);
1019
1020 if (nbytes) {
1021 unsigned char *ivp = cdata->iv;
1022
1023 ctx->num = nbytes;
1024 padlock_reload_key(); /* empirically found */
1025 padlock_xcrypt_ecb(1, cdata, ivp, ivp);
1026 padlock_reload_key(); /* empirically found */
1027 while (nbytes) {
1028 *(out_arg++) = *(in_arg++) ^ *ivp;
1029 ivp++, nbytes--;
1030 }
1031 }
1032
1033 memcpy(ctx->iv, cdata->iv, AES_BLOCK_SIZE);
1034 break;
1035
1036 default:
1037 return 0;
1038 }
1039
1040 /* Clean the realign buffer if it was used */
1041 if (out_misaligned) {
1042 volatile unsigned long *p = (void *)out;
1043 size_t n = allocated/sizeof(*p);
1044 while (n--)
1045 *p++ = 0;
1046 }
1047
1048 memset(cdata->iv, 0, AES_BLOCK_SIZE);
1049
1050 return 1;
1051}
1052
1053#endif /* OPENSSL_NO_AES */
1054
1055/* ===== Random Number Generator ===== */
1056/*
1057 * This code is not engaged. The reason is that it does not comply
1058 * with recommendations for VIA RNG usage for secure applications
1059 * (posted at http://www.via.com.tw/en/viac3/c3.jsp) nor does it
1060 * provide meaningful error control...
1061 */
1062/* Wrapper that provides an interface between the API and
1063 the raw PadLock RNG */
1064static int
1065padlock_rand_bytes(unsigned char *output, int count)
1066{
1067 unsigned int eax, buf;
1068
1069 while (count >= 8) {
1070 eax = padlock_xstore(output, 0);
1071 if (!(eax & (1 << 6)))
1072 return 0; /* RNG disabled */
1073 /* this ---vv--- covers DC bias, Raw Bits and String Filter */
1074 if (eax & (0x1F << 10))
1075 return 0;
1076 if ((eax & 0x1F) == 0)
1077 continue; /* no data, retry... */
1078 if ((eax & 0x1F) != 8)
1079 return 0; /* fatal failure... */
1080 output += 8;
1081 count -= 8;
1082 }
1083 while (count > 0) {
1084 eax = padlock_xstore(&buf, 3);
1085 if (!(eax & (1 << 6)))
1086 return 0; /* RNG disabled */
1087 /* this ---vv--- covers DC bias, Raw Bits and String Filter */
1088 if (eax & (0x1F << 10))
1089 return 0;
1090 if ((eax & 0x1F) == 0)
1091 continue; /* no data, retry... */
1092 if ((eax & 0x1F) != 1)
1093 return 0; /* fatal failure... */
1094 *output++ = (unsigned char)buf;
1095 count--;
1096 }
1097 *(volatile unsigned int *)&buf = 0;
1098
1099 return 1;
1100}
1101
1102/* Dummy but necessary function */
1103static int
1104padlock_rand_status(void)
1105{
1106 return 1;
1107}
1108
1109/* Prepare structure for registration */
1110static RAND_METHOD padlock_rand = {
1111 .bytes = padlock_rand_bytes,
1112 .pseudorand = padlock_rand_bytes,
1113 .status = padlock_rand_status
1114};
1115
1116#else /* !COMPILE_HW_PADLOCK */
1117#ifndef OPENSSL_NO_DYNAMIC_ENGINE
1118extern int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns);
1119extern int
1120bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) {
1121 return 0;
1122}
1123IMPLEMENT_DYNAMIC_CHECK_FN()
1124#endif
1125#endif /* COMPILE_HW_PADLOCK */
1126
1127#endif /* !OPENSSL_NO_HW_PADLOCK */
1128#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libcrypto/engine/eng_padlock.ec b/src/lib/libcrypto/engine/eng_padlock.ec
deleted file mode 100644
index a0e7cbd60d..0000000000
--- a/src/lib/libcrypto/engine/eng_padlock.ec
+++ /dev/null
@@ -1 +0,0 @@
1L PADLOCK eng_padlock_err.h eng_padlock_err.c
diff --git a/src/lib/libcrypto/engine/eng_pkey.c b/src/lib/libcrypto/engine/eng_pkey.c
deleted file mode 100644
index 74b1ce03b7..0000000000
--- a/src/lib/libcrypto/engine/eng_pkey.c
+++ /dev/null
@@ -1,195 +0,0 @@
1/* $OpenBSD: eng_pkey.c,v 1.6 2015/02/11 03:19:37 doug Exp $ */
2/* ====================================================================
3 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include <openssl/err.h>
57
58#include "eng_int.h"
59
60/* Basic get/set stuff */
61
62int
63ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f)
64{
65 e->load_privkey = loadpriv_f;
66 return 1;
67}
68
69int
70ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f)
71{
72 e->load_pubkey = loadpub_f;
73 return 1;
74}
75
76int
77ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
78 ENGINE_SSL_CLIENT_CERT_PTR loadssl_f)
79{
80 e->load_ssl_client_cert = loadssl_f;
81 return 1;
82}
83
84ENGINE_LOAD_KEY_PTR
85ENGINE_get_load_privkey_function(const ENGINE *e)
86{
87 return e->load_privkey;
88}
89
90ENGINE_LOAD_KEY_PTR
91ENGINE_get_load_pubkey_function(const ENGINE *e)
92{
93 return e->load_pubkey;
94}
95
96ENGINE_SSL_CLIENT_CERT_PTR
97ENGINE_get_ssl_client_cert_function(const ENGINE *e)
98{
99 return e->load_ssl_client_cert;
100}
101
102/* API functions to load public/private keys */
103
104EVP_PKEY *
105ENGINE_load_private_key(ENGINE *e, const char *key_id, UI_METHOD *ui_method,
106 void *callback_data)
107{
108 EVP_PKEY *pkey;
109
110 if (e == NULL) {
111 ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
112 ERR_R_PASSED_NULL_PARAMETER);
113 return 0;
114 }
115 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
116 if (e->funct_ref == 0) {
117 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
118 ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
119 ENGINE_R_NOT_INITIALISED);
120 return 0;
121 }
122 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
123 if (!e->load_privkey) {
124 ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
125 ENGINE_R_NO_LOAD_FUNCTION);
126 return 0;
127 }
128 pkey = e->load_privkey(e, key_id, ui_method, callback_data);
129 if (!pkey) {
130 ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
131 ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
132 return 0;
133 }
134 return pkey;
135}
136
137EVP_PKEY *
138ENGINE_load_public_key(ENGINE *e, const char *key_id, UI_METHOD *ui_method,
139 void *callback_data)
140{
141 EVP_PKEY *pkey;
142
143 if (e == NULL) {
144 ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
145 ERR_R_PASSED_NULL_PARAMETER);
146 return 0;
147 }
148 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
149 if (e->funct_ref == 0) {
150 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
151 ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
152 ENGINE_R_NOT_INITIALISED);
153 return 0;
154 }
155 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
156 if (!e->load_pubkey) {
157 ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
158 ENGINE_R_NO_LOAD_FUNCTION);
159 return 0;
160 }
161 pkey = e->load_pubkey(e, key_id, ui_method, callback_data);
162 if (!pkey) {
163 ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
164 ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
165 return 0;
166 }
167 return pkey;
168}
169
170int
171ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, STACK_OF(X509_NAME) *ca_dn,
172 X509 **pcert, EVP_PKEY **ppkey, STACK_OF(X509) **pother,
173 UI_METHOD *ui_method, void *callback_data)
174{
175 if (e == NULL) {
176 ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
177 ERR_R_PASSED_NULL_PARAMETER);
178 return 0;
179 }
180 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
181 if (e->funct_ref == 0) {
182 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
183 ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
184 ENGINE_R_NOT_INITIALISED);
185 return 0;
186 }
187 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
188 if (!e->load_ssl_client_cert) {
189 ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
190 ENGINE_R_NO_LOAD_FUNCTION);
191 return 0;
192 }
193 return e->load_ssl_client_cert(e, s, ca_dn, pcert, ppkey, pother,
194 ui_method, callback_data);
195}
diff --git a/src/lib/libcrypto/engine/eng_table.c b/src/lib/libcrypto/engine/eng_table.c
deleted file mode 100644
index 342c76fa1b..0000000000
--- a/src/lib/libcrypto/engine/eng_table.c
+++ /dev/null
@@ -1,355 +0,0 @@
1/* $OpenBSD: eng_table.c,v 1.8 2015/02/11 03:19:37 doug Exp $ */
2/* ====================================================================
3 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include <openssl/err.h>
57#include <openssl/evp.h>
58#include <openssl/lhash.h>
59
60#include "eng_int.h"
61
62/* The type of the items in the table */
63typedef struct st_engine_pile {
64 /* The 'nid' of this algorithm/mode */
65 int nid;
66 /* ENGINEs that implement this algorithm/mode. */
67 STACK_OF(ENGINE) *sk;
68 /* The default ENGINE to perform this algorithm/mode. */
69 ENGINE *funct;
70 /* Zero if 'sk' is newer than the cached 'funct', non-zero otherwise */
71 int uptodate;
72} ENGINE_PILE;
73
74DECLARE_LHASH_OF(ENGINE_PILE);
75
76/* The type exposed in eng_int.h */
77struct st_engine_table {
78 LHASH_OF(ENGINE_PILE) piles;
79}; /* ENGINE_TABLE */
80
81typedef struct st_engine_pile_doall {
82 engine_table_doall_cb *cb;
83 void *arg;
84} ENGINE_PILE_DOALL;
85
86/* Global flags (ENGINE_TABLE_FLAG_***). */
87static unsigned int table_flags = 0;
88
89/* API function manipulating 'table_flags' */
90unsigned int
91ENGINE_get_table_flags(void)
92{
93 return table_flags;
94}
95
96void
97ENGINE_set_table_flags(unsigned int flags)
98{
99 table_flags = flags;
100}
101
102/* Internal functions for the "piles" hash table */
103static unsigned long
104engine_pile_hash(const ENGINE_PILE *c)
105{
106 return c->nid;
107}
108
109static int
110engine_pile_cmp(const ENGINE_PILE *a, const ENGINE_PILE *b)
111{
112 return a->nid - b->nid;
113}
114static IMPLEMENT_LHASH_HASH_FN(engine_pile, ENGINE_PILE)
115static IMPLEMENT_LHASH_COMP_FN(engine_pile, ENGINE_PILE)
116
117static int
118int_table_check(ENGINE_TABLE **t, int create)
119{
120 LHASH_OF(ENGINE_PILE) *lh;
121
122 if (*t)
123 return 1;
124 if (!create)
125 return 0;
126 if ((lh = lh_ENGINE_PILE_new()) == NULL)
127 return 0;
128 *t = (ENGINE_TABLE *)lh;
129 return 1;
130}
131
132/* Privately exposed (via eng_int.h) functions for adding and/or removing
133 * ENGINEs from the implementation table */
134int
135engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
136 ENGINE *e, const int *nids, int num_nids, int setdefault)
137{
138 int ret = 0, added = 0;
139 ENGINE_PILE tmplate, *fnd;
140
141 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
142 if (!(*table))
143 added = 1;
144 if (!int_table_check(table, 1))
145 goto end;
146 if (added)
147 /* The cleanup callback needs to be added */
148 engine_cleanup_add_first(cleanup);
149 while (num_nids--) {
150 tmplate.nid = *nids;
151 fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate);
152 if (!fnd) {
153 fnd = malloc(sizeof(ENGINE_PILE));
154 if (!fnd)
155 goto end;
156 fnd->uptodate = 1;
157 fnd->nid = *nids;
158 fnd->sk = sk_ENGINE_new_null();
159 if (!fnd->sk) {
160 free(fnd);
161 goto end;
162 }
163 fnd->funct = NULL;
164 (void)lh_ENGINE_PILE_insert(&(*table)->piles, fnd);
165 }
166 /* A registration shouldn't add duplciate entries */
167 (void)sk_ENGINE_delete_ptr(fnd->sk, e);
168 /* if 'setdefault', this ENGINE goes to the head of the list */
169 if (!sk_ENGINE_push(fnd->sk, e))
170 goto end;
171 /* "touch" this ENGINE_PILE */
172 fnd->uptodate = 0;
173 if (setdefault) {
174 if (!engine_unlocked_init(e)) {
175 ENGINEerr(ENGINE_F_ENGINE_TABLE_REGISTER,
176 ENGINE_R_INIT_FAILED);
177 goto end;
178 }
179 if (fnd->funct)
180 engine_unlocked_finish(fnd->funct, 0);
181 fnd->funct = e;
182 fnd->uptodate = 1;
183 }
184 nids++;
185 }
186 ret = 1;
187end:
188 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
189 return ret;
190}
191
192static void
193int_unregister_cb_doall_arg(ENGINE_PILE *pile, ENGINE *e)
194{
195 int n;
196
197 /* Iterate the 'c->sk' stack removing any occurance of 'e' */
198 while ((n = sk_ENGINE_find(pile->sk, e)) >= 0) {
199 (void)sk_ENGINE_delete(pile->sk, n);
200 pile->uptodate = 0;
201 }
202 if (pile->funct == e) {
203 engine_unlocked_finish(e, 0);
204 pile->funct = NULL;
205 }
206}
207static IMPLEMENT_LHASH_DOALL_ARG_FN(int_unregister_cb, ENGINE_PILE, ENGINE)
208
209void
210engine_table_unregister(ENGINE_TABLE **table, ENGINE *e)
211{
212 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
213 if (int_table_check(table, 0))
214 lh_ENGINE_PILE_doall_arg(&(*table)->piles,
215 LHASH_DOALL_ARG_FN(int_unregister_cb), ENGINE, e);
216 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
217}
218
219static void
220int_cleanup_cb_doall(ENGINE_PILE *p)
221{
222 sk_ENGINE_free(p->sk);
223 if (p->funct)
224 engine_unlocked_finish(p->funct, 0);
225 free(p);
226}
227static IMPLEMENT_LHASH_DOALL_FN(int_cleanup_cb, ENGINE_PILE)
228
229void
230engine_table_cleanup(ENGINE_TABLE **table)
231{
232 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
233 if (*table) {
234 lh_ENGINE_PILE_doall(&(*table)->piles,
235 LHASH_DOALL_FN(int_cleanup_cb));
236 lh_ENGINE_PILE_free(&(*table)->piles);
237 *table = NULL;
238 }
239 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
240}
241
242/* return a functional reference for a given 'nid' */
243#ifndef ENGINE_TABLE_DEBUG
244ENGINE *
245engine_table_select(ENGINE_TABLE **table, int nid)
246#else
247ENGINE *
248engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, int l)
249#endif
250{
251 ENGINE *ret = NULL;
252 ENGINE_PILE tmplate, *fnd = NULL;
253 int initres, loop = 0;
254
255 if (!(*table)) {
256#ifdef ENGINE_TABLE_DEBUG
257 fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, nothing "
258 "registered!\n", f, l, nid);
259#endif
260 return NULL;
261 }
262 ERR_set_mark();
263 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
264 /* Check again inside the lock otherwise we could race against cleanup
265 * operations. But don't worry about a fprintf(stderr). */
266 if (!int_table_check(table, 0))
267 goto end;
268 tmplate.nid = nid;
269 fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate);
270 if (!fnd)
271 goto end;
272 if (fnd->funct && engine_unlocked_init(fnd->funct)) {
273#ifdef ENGINE_TABLE_DEBUG
274 fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using "
275 "ENGINE '%s' cached\n", f, l, nid, fnd->funct->id);
276#endif
277 ret = fnd->funct;
278 goto end;
279 }
280 if (fnd->uptodate) {
281 ret = fnd->funct;
282 goto end;
283 }
284trynext:
285 ret = sk_ENGINE_value(fnd->sk, loop++);
286 if (!ret) {
287#ifdef ENGINE_TABLE_DEBUG
288 fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, no "
289 "registered implementations would initialise\n", f, l, nid);
290#endif
291 goto end;
292 }
293 /* Try to initialise the ENGINE? */
294 if ((ret->funct_ref > 0) || !(table_flags & ENGINE_TABLE_FLAG_NOINIT))
295 initres = engine_unlocked_init(ret);
296 else
297 initres = 0;
298 if (initres) {
299 /* Update 'funct' */
300 if ((fnd->funct != ret) && engine_unlocked_init(ret)) {
301 /* If there was a previous default we release it. */
302 if (fnd->funct)
303 engine_unlocked_finish(fnd->funct, 0);
304 fnd->funct = ret;
305#ifdef ENGINE_TABLE_DEBUG
306 fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, "
307 "setting default to '%s'\n", f, l, nid, ret->id);
308#endif
309 }
310#ifdef ENGINE_TABLE_DEBUG
311 fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using "
312 "newly initialised '%s'\n", f, l, nid, ret->id);
313#endif
314 goto end;
315 }
316 goto trynext;
317end:
318 /* If it failed, it is unlikely to succeed again until some future
319 * registrations have taken place. In all cases, we cache. */
320 if (fnd)
321 fnd->uptodate = 1;
322#ifdef ENGINE_TABLE_DEBUG
323 if (ret)
324 fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "
325 "ENGINE '%s'\n", f, l, nid, ret->id);
326 else
327 fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "
328 "'no matching ENGINE'\n", f, l, nid);
329#endif
330 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
331 /* Whatever happened, any failed init()s are not failures in this
332 * context, so clear our error state. */
333 ERR_pop_to_mark();
334 return ret;
335}
336
337/* Table enumeration */
338
339static void
340int_cb_doall_arg(ENGINE_PILE *pile, ENGINE_PILE_DOALL *dall)
341{
342 dall->cb(pile->nid, pile->sk, pile->funct, dall->arg);
343}
344static IMPLEMENT_LHASH_DOALL_ARG_FN(int_cb, ENGINE_PILE, ENGINE_PILE_DOALL)
345
346void
347engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb, void *arg)
348{
349 ENGINE_PILE_DOALL dall;
350
351 dall.cb = cb;
352 dall.arg = arg;
353 lh_ENGINE_PILE_doall_arg(&table->piles, LHASH_DOALL_ARG_FN(int_cb),
354 ENGINE_PILE_DOALL, &dall);
355}
diff --git a/src/lib/libcrypto/engine/engine.h b/src/lib/libcrypto/engine/engine.h
deleted file mode 100644
index 30d1bde4ae..0000000000
--- a/src/lib/libcrypto/engine/engine.h
+++ /dev/null
@@ -1,807 +0,0 @@
1/* $OpenBSD: engine.h,v 1.31 2015/07/19 22:34:27 doug Exp $ */
2/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58/* ====================================================================
59 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
60 * ECDH support in OpenSSL originally developed by
61 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
62 */
63
64#ifndef HEADER_ENGINE_H
65#define HEADER_ENGINE_H
66
67#include <openssl/opensslconf.h>
68
69#ifdef OPENSSL_NO_ENGINE
70#error ENGINE is disabled.
71#endif
72
73#ifndef OPENSSL_NO_DEPRECATED
74#include <openssl/bn.h>
75#ifndef OPENSSL_NO_RSA
76#include <openssl/rsa.h>
77#endif
78#ifndef OPENSSL_NO_DSA
79#include <openssl/dsa.h>
80#endif
81#ifndef OPENSSL_NO_DH
82#include <openssl/dh.h>
83#endif
84#ifndef OPENSSL_NO_ECDH
85#include <openssl/ecdh.h>
86#endif
87#ifndef OPENSSL_NO_ECDSA
88#include <openssl/ecdsa.h>
89#endif
90#include <openssl/ui.h>
91#include <openssl/err.h>
92#endif
93
94#include <openssl/ossl_typ.h>
95
96#include <openssl/x509.h>
97
98#ifdef __cplusplus
99extern "C" {
100#endif
101
102/* These flags are used to control combinations of algorithm (methods)
103 * by bitwise "OR"ing. */
104#define ENGINE_METHOD_RSA (unsigned int)0x0001
105#define ENGINE_METHOD_DSA (unsigned int)0x0002
106#define ENGINE_METHOD_DH (unsigned int)0x0004
107#define ENGINE_METHOD_RAND (unsigned int)0x0008
108#define ENGINE_METHOD_ECDH (unsigned int)0x0010
109#define ENGINE_METHOD_ECDSA (unsigned int)0x0020
110#define ENGINE_METHOD_CIPHERS (unsigned int)0x0040
111#define ENGINE_METHOD_DIGESTS (unsigned int)0x0080
112#define ENGINE_METHOD_STORE (unsigned int)0x0100
113#define ENGINE_METHOD_PKEY_METHS (unsigned int)0x0200
114#define ENGINE_METHOD_PKEY_ASN1_METHS (unsigned int)0x0400
115/* Obvious all-or-nothing cases. */
116#define ENGINE_METHOD_ALL (unsigned int)0xFFFF
117#define ENGINE_METHOD_NONE (unsigned int)0x0000
118
119/* This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used
120 * internally to control registration of ENGINE implementations, and can be set
121 * by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to
122 * initialise registered ENGINEs if they are not already initialised. */
123#define ENGINE_TABLE_FLAG_NOINIT (unsigned int)0x0001
124
125/* ENGINE flags that can be set by ENGINE_set_flags(). */
126/* #define ENGINE_FLAGS_MALLOCED 0x0001 */ /* Not used */
127
128/* This flag is for ENGINEs that wish to handle the various 'CMD'-related
129 * control commands on their own. Without this flag, ENGINE_ctrl() handles these
130 * control commands on behalf of the ENGINE using their "cmd_defns" data. */
131#define ENGINE_FLAGS_MANUAL_CMD_CTRL (int)0x0002
132
133/* This flag is for ENGINEs who return new duplicate structures when found via
134 * "ENGINE_by_id()". When an ENGINE must store state (eg. if ENGINE_ctrl()
135 * commands are called in sequence as part of some stateful process like
136 * key-generation setup and execution), it can set this flag - then each attempt
137 * to obtain the ENGINE will result in it being copied into a new structure.
138 * Normally, ENGINEs don't declare this flag so ENGINE_by_id() just increments
139 * the existing ENGINE's structural reference count. */
140#define ENGINE_FLAGS_BY_ID_COPY (int)0x0004
141
142/* This flag if for an ENGINE that does not want its methods registered as
143 * part of ENGINE_register_all_complete() for example if the methods are
144 * not usable as default methods.
145 */
146
147#define ENGINE_FLAGS_NO_REGISTER_ALL (int)0x0008
148
149/* ENGINEs can support their own command types, and these flags are used in
150 * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input each
151 * command expects. Currently only numeric and string input is supported. If a
152 * control command supports none of the _NUMERIC, _STRING, or _NO_INPUT options,
153 * then it is regarded as an "internal" control command - and not for use in
154 * config setting situations. As such, they're not available to the
155 * ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl() access. Changes to
156 * this list of 'command types' should be reflected carefully in
157 * ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string(). */
158
159/* accepts a 'long' input value (3rd parameter to ENGINE_ctrl) */
160#define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001
161/* accepts string input (cast from 'void*' to 'const char *', 4th parameter to
162 * ENGINE_ctrl) */
163#define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002
164/* Indicates that the control command takes *no* input. Ie. the control command
165 * is unparameterised. */
166#define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004
167/* Indicates that the control command is internal. This control command won't
168 * be shown in any output, and is only usable through the ENGINE_ctrl_cmd()
169 * function. */
170#define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008
171
172/* NB: These 3 control commands are deprecated and should not be used. ENGINEs
173 * relying on these commands should compile conditional support for
174 * compatibility (eg. if these symbols are defined) but should also migrate the
175 * same functionality to their own ENGINE-specific control functions that can be
176 * "discovered" by calling applications. The fact these control commands
177 * wouldn't be "executable" (ie. usable by text-based config) doesn't change the
178 * fact that application code can find and use them without requiring per-ENGINE
179 * hacking. */
180
181/* These flags are used to tell the ctrl function what should be done.
182 * All command numbers are shared between all engines, even if some don't
183 * make sense to some engines. In such a case, they do nothing but return
184 * the error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. */
185#define ENGINE_CTRL_SET_LOGSTREAM 1
186#define ENGINE_CTRL_SET_PASSWORD_CALLBACK 2
187#define ENGINE_CTRL_HUP 3 /* Close and reinitialise any
188 handles/connections etc. */
189#define ENGINE_CTRL_SET_USER_INTERFACE 4 /* Alternative to callback */
190#define ENGINE_CTRL_SET_CALLBACK_DATA 5 /* User-specific data, used
191 when calling the password
192 callback and the user
193 interface */
194#define ENGINE_CTRL_LOAD_CONFIGURATION 6 /* Load a configuration, given
195 a string that represents a
196 file name or so */
197#define ENGINE_CTRL_LOAD_SECTION 7 /* Load data from a given
198 section in the already loaded
199 configuration */
200
201/* These control commands allow an application to deal with an arbitrary engine
202 * in a dynamic way. Warn: Negative return values indicate errors FOR THESE
203 * COMMANDS because zero is used to indicate 'end-of-list'. Other commands,
204 * including ENGINE-specific command types, return zero for an error.
205 *
206 * An ENGINE can choose to implement these ctrl functions, and can internally
207 * manage things however it chooses - it does so by setting the
208 * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise the
209 * ENGINE_ctrl() code handles this on the ENGINE's behalf using the cmd_defns
210 * data (set using ENGINE_set_cmd_defns()). This means an ENGINE's ctrl()
211 * handler need only implement its own commands - the above "meta" commands will
212 * be taken care of. */
213
214/* Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not", then
215 * all the remaining control commands will return failure, so it is worth
216 * checking this first if the caller is trying to "discover" the engine's
217 * capabilities and doesn't want errors generated unnecessarily. */
218#define ENGINE_CTRL_HAS_CTRL_FUNCTION 10
219/* Returns a positive command number for the first command supported by the
220 * engine. Returns zero if no ctrl commands are supported. */
221#define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11
222/* The 'long' argument specifies a command implemented by the engine, and the
223 * return value is the next command supported, or zero if there are no more. */
224#define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12
225/* The 'void*' argument is a command name (cast from 'const char *'), and the
226 * return value is the command that corresponds to it. */
227#define ENGINE_CTRL_GET_CMD_FROM_NAME 13
228/* The next two allow a command to be converted into its corresponding string
229 * form. In each case, the 'long' argument supplies the command. In the NAME_LEN
230 * case, the return value is the length of the command name (not counting a
231 * trailing EOL). In the NAME case, the 'void*' argument must be a string buffer
232 * large enough, and it will be populated with the name of the command (WITH a
233 * trailing EOL). */
234#define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14
235#define ENGINE_CTRL_GET_NAME_FROM_CMD 15
236/* The next two are similar but give a "short description" of a command. */
237#define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16
238#define ENGINE_CTRL_GET_DESC_FROM_CMD 17
239/* With this command, the return value is the OR'd combination of
240 * ENGINE_CMD_FLAG_*** values that indicate what kind of input a given
241 * engine-specific ctrl command expects. */
242#define ENGINE_CTRL_GET_CMD_FLAGS 18
243
244/* ENGINE implementations should start the numbering of their own control
245 * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). */
246#define ENGINE_CMD_BASE 200
247
248/* If an ENGINE supports its own specific control commands and wishes the
249 * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on its
250 * behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN entries
251 * to ENGINE_set_cmd_defns(). It should also implement a ctrl() handler that
252 * supports the stated commands (ie. the "cmd_num" entries as described by the
253 * array). NB: The array must be ordered in increasing order of cmd_num.
254 * "null-terminated" means that the last ENGINE_CMD_DEFN element has cmd_num set
255 * to zero and/or cmd_name set to NULL. */
256typedef struct ENGINE_CMD_DEFN_st {
257 unsigned int cmd_num; /* The command number */
258 const char *cmd_name; /* The command name itself */
259 const char *cmd_desc; /* A short description of the command */
260 unsigned int cmd_flags; /* The input the command expects */
261} ENGINE_CMD_DEFN;
262
263/* Generic function pointer */
264typedef int (*ENGINE_GEN_FUNC_PTR)(void);
265/* Generic function pointer taking no arguments */
266typedef int (*ENGINE_GEN_INT_FUNC_PTR)(ENGINE *);
267/* Specific control function pointer */
268typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *,
269 void (*f)(void));
270/* Generic load_key function pointer */
271typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *,
272 UI_METHOD *ui_method, void *callback_data);
273typedef int (*ENGINE_SSL_CLIENT_CERT_PTR)(ENGINE *, SSL *ssl,
274 STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey,
275 STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data);
276
277/* These callback types are for an ENGINE's handler for cipher and digest logic.
278 * These handlers have these prototypes;
279 * int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
280 * int foo(ENGINE *e, const EVP_MD **digest, const int **nids, int nid);
281 * Looking at how to implement these handlers in the case of cipher support, if
282 * the framework wants the EVP_CIPHER for 'nid', it will call;
283 * foo(e, &p_evp_cipher, NULL, nid); (return zero for failure)
284 * If the framework wants a list of supported 'nid's, it will call;
285 * foo(e, NULL, &p_nids, 0); (returns number of 'nids' or -1 for error)
286 */
287/* Returns to a pointer to the array of supported cipher 'nid's. If the second
288 * parameter is non-NULL it is set to the size of the returned array. */
289typedef int (*ENGINE_CIPHERS_PTR)(ENGINE *, const EVP_CIPHER **,
290 const int **, int);
291typedef int (*ENGINE_DIGESTS_PTR)(ENGINE *, const EVP_MD **, const int **, int);
292typedef int (*ENGINE_PKEY_METHS_PTR)(ENGINE *, EVP_PKEY_METHOD **,
293 const int **, int);
294typedef int (*ENGINE_PKEY_ASN1_METHS_PTR)(ENGINE *, EVP_PKEY_ASN1_METHOD **,
295 const int **, int);
296
297/* STRUCTURE functions ... all of these functions deal with pointers to ENGINE
298 * structures where the pointers have a "structural reference". This means that
299 * their reference is to allowed access to the structure but it does not imply
300 * that the structure is functional. To simply increment or decrement the
301 * structural reference count, use ENGINE_by_id and ENGINE_free. NB: This is not
302 * required when iterating using ENGINE_get_next as it will automatically
303 * decrement the structural reference count of the "current" ENGINE and
304 * increment the structural reference count of the ENGINE it returns (unless it
305 * is NULL). */
306
307/* Get the first/last "ENGINE" type available. */
308ENGINE *ENGINE_get_first(void);
309ENGINE *ENGINE_get_last(void);
310/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
311ENGINE *ENGINE_get_next(ENGINE *e);
312ENGINE *ENGINE_get_prev(ENGINE *e);
313/* Add another "ENGINE" type into the array. */
314int ENGINE_add(ENGINE *e);
315/* Remove an existing "ENGINE" type from the array. */
316int ENGINE_remove(ENGINE *e);
317/* Retrieve an engine from the list by its unique "id" value. */
318ENGINE *ENGINE_by_id(const char *id);
319/* Add all the built-in engines. */
320void ENGINE_load_openssl(void);
321void ENGINE_load_dynamic(void);
322#ifndef OPENSSL_NO_STATIC_ENGINE
323void ENGINE_load_padlock(void);
324#endif
325void ENGINE_load_builtin_engines(void);
326
327/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
328 * "registry" handling. */
329unsigned int ENGINE_get_table_flags(void);
330void ENGINE_set_table_flags(unsigned int flags);
331
332/* Manage registration of ENGINEs per "table". For each type, there are 3
333 * functions;
334 * ENGINE_register_***(e) - registers the implementation from 'e' (if it has one)
335 * ENGINE_unregister_***(e) - unregister the implementation from 'e'
336 * ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list
337 * Cleanup is automatically registered from each table when required, so
338 * ENGINE_cleanup() will reverse any "register" operations. */
339
340int ENGINE_register_RSA(ENGINE *e);
341void ENGINE_unregister_RSA(ENGINE *e);
342void ENGINE_register_all_RSA(void);
343
344int ENGINE_register_DSA(ENGINE *e);
345void ENGINE_unregister_DSA(ENGINE *e);
346void ENGINE_register_all_DSA(void);
347
348int ENGINE_register_ECDH(ENGINE *e);
349void ENGINE_unregister_ECDH(ENGINE *e);
350void ENGINE_register_all_ECDH(void);
351
352int ENGINE_register_ECDSA(ENGINE *e);
353void ENGINE_unregister_ECDSA(ENGINE *e);
354void ENGINE_register_all_ECDSA(void);
355
356int ENGINE_register_DH(ENGINE *e);
357void ENGINE_unregister_DH(ENGINE *e);
358void ENGINE_register_all_DH(void);
359
360int ENGINE_register_RAND(ENGINE *e);
361void ENGINE_unregister_RAND(ENGINE *e);
362void ENGINE_register_all_RAND(void);
363
364int ENGINE_register_STORE(ENGINE *e);
365void ENGINE_unregister_STORE(ENGINE *e);
366void ENGINE_register_all_STORE(void);
367
368int ENGINE_register_ciphers(ENGINE *e);
369void ENGINE_unregister_ciphers(ENGINE *e);
370void ENGINE_register_all_ciphers(void);
371
372int ENGINE_register_digests(ENGINE *e);
373void ENGINE_unregister_digests(ENGINE *e);
374void ENGINE_register_all_digests(void);
375
376int ENGINE_register_pkey_meths(ENGINE *e);
377void ENGINE_unregister_pkey_meths(ENGINE *e);
378void ENGINE_register_all_pkey_meths(void);
379
380int ENGINE_register_pkey_asn1_meths(ENGINE *e);
381void ENGINE_unregister_pkey_asn1_meths(ENGINE *e);
382void ENGINE_register_all_pkey_asn1_meths(void);
383
384/* These functions register all support from the above categories. Note, use of
385 * these functions can result in static linkage of code your application may not
386 * need. If you only need a subset of functionality, consider using more
387 * selective initialisation. */
388int ENGINE_register_complete(ENGINE *e);
389int ENGINE_register_all_complete(void);
390
391/* Send parametrised control commands to the engine. The possibilities to send
392 * down an integer, a pointer to data or a function pointer are provided. Any of
393 * the parameters may or may not be NULL, depending on the command number. In
394 * actuality, this function only requires a structural (rather than functional)
395 * reference to an engine, but many control commands may require the engine be
396 * functional. The caller should be aware of trying commands that require an
397 * operational ENGINE, and only use functional references in such situations. */
398int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
399
400/* This function tests if an ENGINE-specific command is usable as a "setting".
401 * Eg. in an application's config file that gets processed through
402 * ENGINE_ctrl_cmd_string(). If this returns zero, it is not available to
403 * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl(). */
404int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
405
406/* This function works like ENGINE_ctrl() with the exception of taking a
407 * command name instead of a command number, and can handle optional commands.
408 * See the comment on ENGINE_ctrl_cmd_string() for an explanation on how to
409 * use the cmd_name and cmd_optional. */
410int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
411 long i, void *p, void (*f)(void), int cmd_optional);
412
413/* This function passes a command-name and argument to an ENGINE. The cmd_name
414 * is converted to a command number and the control command is called using
415 * 'arg' as an argument (unless the ENGINE doesn't support such a command, in
416 * which case no control command is called). The command is checked for input
417 * flags, and if necessary the argument will be converted to a numeric value. If
418 * cmd_optional is non-zero, then if the ENGINE doesn't support the given
419 * cmd_name the return value will be success anyway. This function is intended
420 * for applications to use so that users (or config files) can supply
421 * engine-specific config data to the ENGINE at run-time to control behaviour of
422 * specific engines. As such, it shouldn't be used for calling ENGINE_ctrl()
423 * functions that return data, deal with binary data, or that are otherwise
424 * supposed to be used directly through ENGINE_ctrl() in application code. Any
425 * "return" data from an ENGINE_ctrl() operation in this function will be lost -
426 * the return value is interpreted as failure if the return value is zero,
427 * success otherwise, and this function returns a boolean value as a result. In
428 * other words, vendors of 'ENGINE'-enabled devices should write ENGINE
429 * implementations with parameterisations that work in this scheme, so that
430 * compliant ENGINE-based applications can work consistently with the same
431 * configuration for the same ENGINE-enabled devices, across applications. */
432int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
433 int cmd_optional);
434
435/* These functions are useful for manufacturing new ENGINE structures. They
436 * don't address reference counting at all - one uses them to populate an ENGINE
437 * structure with personalised implementations of things prior to using it
438 * directly or adding it to the builtin ENGINE list in OpenSSL. These are also
439 * here so that the ENGINE structure doesn't have to be exposed and break binary
440 * compatibility! */
441ENGINE *ENGINE_new(void);
442int ENGINE_free(ENGINE *e);
443int ENGINE_up_ref(ENGINE *e);
444int ENGINE_set_id(ENGINE *e, const char *id);
445int ENGINE_set_name(ENGINE *e, const char *name);
446int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
447int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
448int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth);
449int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth);
450int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
451int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
452int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth);
453int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);
454int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
455int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
456int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
457int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);
458int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
459int ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
460 ENGINE_SSL_CLIENT_CERT_PTR loadssl_f);
461int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
462int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
463int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f);
464int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f);
465int ENGINE_set_flags(ENGINE *e, int flags);
466int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
467/* These functions allow control over any per-structure ENGINE data. */
468int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
469 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
470int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg);
471void *ENGINE_get_ex_data(const ENGINE *e, int idx);
472
473/* This function cleans up anything that needs it. Eg. the ENGINE_add() function
474 * automatically ensures the list cleanup function is registered to be called
475 * from ENGINE_cleanup(). Similarly, all ENGINE_register_*** functions ensure
476 * ENGINE_cleanup() will clean up after them. */
477void ENGINE_cleanup(void);
478
479/* These return values from within the ENGINE structure. These can be useful
480 * with functional references as well as structural references - it depends
481 * which you obtained. Using the result for functional purposes if you only
482 * obtained a structural reference may be problematic! */
483const char *ENGINE_get_id(const ENGINE *e);
484const char *ENGINE_get_name(const ENGINE *e);
485const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
486const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
487const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e);
488const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e);
489const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
490const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
491const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e);
492ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);
493ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);
494ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
495ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
496ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
497ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
498ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e);
499ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
500ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
501ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e);
502ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e);
503const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
504const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
505const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid);
506const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid);
507const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e,
508 const char *str, int len);
509const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe,
510 const char *str, int len);
511const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
512int ENGINE_get_flags(const ENGINE *e);
513
514/* FUNCTIONAL functions. These functions deal with ENGINE structures
515 * that have (or will) be initialised for use. Broadly speaking, the
516 * structural functions are useful for iterating the list of available
517 * engine types, creating new engine types, and other "list" operations.
518 * These functions actually deal with ENGINEs that are to be used. As
519 * such these functions can fail (if applicable) when particular
520 * engines are unavailable - eg. if a hardware accelerator is not
521 * attached or not functioning correctly. Each ENGINE has 2 reference
522 * counts; structural and functional. Every time a functional reference
523 * is obtained or released, a corresponding structural reference is
524 * automatically obtained or released too. */
525
526/* Initialise a engine type for use (or up its reference count if it's
527 * already in use). This will fail if the engine is not currently
528 * operational and cannot initialise. */
529int ENGINE_init(ENGINE *e);
530/* Free a functional reference to a engine type. This does not require
531 * a corresponding call to ENGINE_free as it also releases a structural
532 * reference. */
533int ENGINE_finish(ENGINE *e);
534
535/* The following functions handle keys that are stored in some secondary
536 * location, handled by the engine. The storage may be on a card or
537 * whatever. */
538EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
539 UI_METHOD *ui_method, void *callback_data);
540EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
541 UI_METHOD *ui_method, void *callback_data);
542int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
543 STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey,
544 STACK_OF(X509) **pother,
545 UI_METHOD *ui_method, void *callback_data);
546
547/* This returns a pointer for the current ENGINE structure that
548 * is (by default) performing any RSA operations. The value returned
549 * is an incremented reference, so it should be free'd (ENGINE_finish)
550 * before it is discarded. */
551ENGINE *ENGINE_get_default_RSA(void);
552/* Same for the other "methods" */
553ENGINE *ENGINE_get_default_DSA(void);
554ENGINE *ENGINE_get_default_ECDH(void);
555ENGINE *ENGINE_get_default_ECDSA(void);
556ENGINE *ENGINE_get_default_DH(void);
557ENGINE *ENGINE_get_default_RAND(void);
558/* These functions can be used to get a functional reference to perform
559 * ciphering or digesting corresponding to "nid". */
560ENGINE *ENGINE_get_cipher_engine(int nid);
561ENGINE *ENGINE_get_digest_engine(int nid);
562ENGINE *ENGINE_get_pkey_meth_engine(int nid);
563ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid);
564
565/* This sets a new default ENGINE structure for performing RSA
566 * operations. If the result is non-zero (success) then the ENGINE
567 * structure will have had its reference count up'd so the caller
568 * should still free their own reference 'e'. */
569int ENGINE_set_default_RSA(ENGINE *e);
570int ENGINE_set_default_string(ENGINE *e, const char *def_list);
571/* Same for the other "methods" */
572int ENGINE_set_default_DSA(ENGINE *e);
573int ENGINE_set_default_ECDH(ENGINE *e);
574int ENGINE_set_default_ECDSA(ENGINE *e);
575int ENGINE_set_default_DH(ENGINE *e);
576int ENGINE_set_default_RAND(ENGINE *e);
577int ENGINE_set_default_ciphers(ENGINE *e);
578int ENGINE_set_default_digests(ENGINE *e);
579int ENGINE_set_default_pkey_meths(ENGINE *e);
580int ENGINE_set_default_pkey_asn1_meths(ENGINE *e);
581
582/* The combination "set" - the flags are bitwise "OR"d from the
583 * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()"
584 * function, this function can result in unnecessary static linkage. If your
585 * application requires only specific functionality, consider using more
586 * selective functions. */
587int ENGINE_set_default(ENGINE *e, unsigned int flags);
588
589void ENGINE_add_conf_module(void);
590
591/* Deprecated functions ... */
592/* int ENGINE_clear_defaults(void); */
593
594/**************************/
595/* DYNAMIC ENGINE SUPPORT */
596/**************************/
597
598/* Binary/behaviour compatibility levels */
599#define OSSL_DYNAMIC_VERSION (unsigned long)0x00020000
600/* Binary versions older than this are too old for us (whether we're a loader or
601 * a loadee) */
602#define OSSL_DYNAMIC_OLDEST (unsigned long)0x00020000
603
604/* When compiling an ENGINE entirely as an external shared library, loadable by
605 * the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure
606 * type provides the calling application's (or library's) error functionality
607 * and memory management function pointers to the loaded library. These should
608 * be used/set in the loaded library code so that the loading application's
609 * 'state' will be used/changed in all operations. The 'static_state' pointer
610 * allows the loaded library to know if it shares the same static data as the
611 * calling application (or library), and thus whether these callbacks need to be
612 * set or not. */
613typedef void *(*dyn_MEM_malloc_cb)(size_t);
614typedef void *(*dyn_MEM_realloc_cb)(void *, size_t);
615typedef void (*dyn_MEM_free_cb)(void *);
616typedef struct st_dynamic_MEM_fns {
617 dyn_MEM_malloc_cb malloc_cb;
618 dyn_MEM_realloc_cb realloc_cb;
619 dyn_MEM_free_cb free_cb;
620} dynamic_MEM_fns;
621/* FIXME: Perhaps the memory and locking code (crypto.h) should declare and use
622 * these types so we (and any other dependant code) can simplify a bit?? */
623typedef void (*dyn_lock_locking_cb)(int, int, const char *, int);
624typedef int (*dyn_lock_add_lock_cb)(int*, int, int, const char *, int);
625typedef struct CRYPTO_dynlock_value *(*dyn_dynlock_create_cb)(
626 const char *, int);
627typedef void (*dyn_dynlock_lock_cb)(int, struct CRYPTO_dynlock_value *,
628 const char *, int);
629typedef void (*dyn_dynlock_destroy_cb)(struct CRYPTO_dynlock_value *,
630 const char *, int);
631typedef struct st_dynamic_LOCK_fns {
632 dyn_lock_locking_cb lock_locking_cb;
633 dyn_lock_add_lock_cb lock_add_lock_cb;
634 dyn_dynlock_create_cb dynlock_create_cb;
635 dyn_dynlock_lock_cb dynlock_lock_cb;
636 dyn_dynlock_destroy_cb dynlock_destroy_cb;
637} dynamic_LOCK_fns;
638/* The top-level structure */
639typedef struct st_dynamic_fns {
640 void *static_state;
641 const ERR_FNS *err_fns;
642 const CRYPTO_EX_DATA_IMPL *ex_data_fns;
643 dynamic_MEM_fns mem_fns;
644 dynamic_LOCK_fns lock_fns;
645} dynamic_fns;
646
647/* The version checking function should be of this prototype. NB: The
648 * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading code.
649 * If this function returns zero, it indicates a (potential) version
650 * incompatibility and the loaded library doesn't believe it can proceed.
651 * Otherwise, the returned value is the (latest) version supported by the
652 * loading library. The loader may still decide that the loaded code's version
653 * is unsatisfactory and could veto the load. The function is expected to
654 * be implemented with the symbol name "v_check", and a default implementation
655 * can be fully instantiated with IMPLEMENT_DYNAMIC_CHECK_FN(). */
656typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version);
657#define IMPLEMENT_DYNAMIC_CHECK_FN() \
658 extern unsigned long v_check(unsigned long v); \
659 extern unsigned long v_check(unsigned long v) { \
660 if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \
661 return 0; }
662
663/* This function is passed the ENGINE structure to initialise with its own
664 * function and command settings. It should not adjust the structural or
665 * functional reference counts. If this function returns zero, (a) the load will
666 * be aborted, (b) the previous ENGINE state will be memcpy'd back onto the
667 * structure, and (c) the shared library will be unloaded. So implementations
668 * should do their own internal cleanup in failure circumstances otherwise they
669 * could leak. The 'id' parameter, if non-NULL, represents the ENGINE id that
670 * the loader is looking for. If this is NULL, the shared library can choose to
671 * return failure or to initialise a 'default' ENGINE. If non-NULL, the shared
672 * library must initialise only an ENGINE matching the passed 'id'. The function
673 * is expected to be implemented with the symbol name "bind_engine". A standard
674 * implementation can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where
675 * the parameter 'fn' is a callback function that populates the ENGINE structure
676 * and returns an int value (zero for failure). 'fn' should have prototype;
677 * [static] int fn(ENGINE *e, const char *id); */
678typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
679 const dynamic_fns *fns);
680#define IMPLEMENT_DYNAMIC_BIND_FN(fn) \
681 extern \
682 int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \
683 extern \
684 int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \
685 if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \
686 if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \
687 fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \
688 return 0; \
689 CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \
690 CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \
691 CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \
692 CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \
693 CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \
694 if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \
695 return 0; \
696 if(!ERR_set_implementation(fns->err_fns)) return 0; \
697 skip_cbs: \
698 if(!fn(e,id)) return 0; \
699 return 1; }
700
701/* If the loading application (or library) and the loaded ENGINE library share
702 * the same static data (eg. they're both dynamically linked to the same
703 * libcrypto.so) we need a way to avoid trying to set system callbacks - this
704 * would fail, and for the same reason that it's unnecessary to try. If the
705 * loaded ENGINE has (or gets from through the loader) its own copy of the
706 * libcrypto static data, we will need to set the callbacks. The easiest way to
707 * detect this is to have a function that returns a pointer to some static data
708 * and let the loading application and loaded ENGINE compare their respective
709 * values. */
710 void *ENGINE_get_static_state(void);
711
712/* BEGIN ERROR CODES */
713/* The following lines are auto generated by the script mkerr.pl. Any changes
714 * made after this point may be overwritten when the script is next run.
715 */
716void ERR_load_ENGINE_strings(void);
717
718/* Error codes for the ENGINE functions. */
719
720/* Function codes. */
721#define ENGINE_F_DYNAMIC_CTRL 180
722#define ENGINE_F_DYNAMIC_GET_DATA_CTX 181
723#define ENGINE_F_DYNAMIC_LOAD 182
724#define ENGINE_F_DYNAMIC_SET_DATA_CTX 183
725#define ENGINE_F_ENGINE_ADD 105
726#define ENGINE_F_ENGINE_BY_ID 106
727#define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE 170
728#define ENGINE_F_ENGINE_CTRL 142
729#define ENGINE_F_ENGINE_CTRL_CMD 178
730#define ENGINE_F_ENGINE_CTRL_CMD_STRING 171
731#define ENGINE_F_ENGINE_FINISH 107
732#define ENGINE_F_ENGINE_FREE_UTIL 108
733#define ENGINE_F_ENGINE_GET_CIPHER 185
734#define ENGINE_F_ENGINE_GET_DEFAULT_TYPE 177
735#define ENGINE_F_ENGINE_GET_DIGEST 186
736#define ENGINE_F_ENGINE_GET_NEXT 115
737#define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH 193
738#define ENGINE_F_ENGINE_GET_PKEY_METH 192
739#define ENGINE_F_ENGINE_GET_PREV 116
740#define ENGINE_F_ENGINE_INIT 119
741#define ENGINE_F_ENGINE_LIST_ADD 120
742#define ENGINE_F_ENGINE_LIST_REMOVE 121
743#define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150
744#define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151
745#define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 194
746#define ENGINE_F_ENGINE_NEW 122
747#define ENGINE_F_ENGINE_REMOVE 123
748#define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189
749#define ENGINE_F_ENGINE_SET_DEFAULT_TYPE 126
750#define ENGINE_F_ENGINE_SET_ID 129
751#define ENGINE_F_ENGINE_SET_NAME 130
752#define ENGINE_F_ENGINE_TABLE_REGISTER 184
753#define ENGINE_F_ENGINE_UNLOAD_KEY 152
754#define ENGINE_F_ENGINE_UNLOCKED_FINISH 191
755#define ENGINE_F_ENGINE_UP_REF 190
756#define ENGINE_F_INT_CTRL_HELPER 172
757#define ENGINE_F_INT_ENGINE_CONFIGURE 188
758#define ENGINE_F_INT_ENGINE_MODULE_INIT 187
759#define ENGINE_F_LOG_MESSAGE 141
760
761/* Reason codes. */
762#define ENGINE_R_ALREADY_LOADED 100
763#define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER 133
764#define ENGINE_R_CMD_NOT_EXECUTABLE 134
765#define ENGINE_R_COMMAND_TAKES_INPUT 135
766#define ENGINE_R_COMMAND_TAKES_NO_INPUT 136
767#define ENGINE_R_CONFLICTING_ENGINE_ID 103
768#define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119
769#define ENGINE_R_DH_NOT_IMPLEMENTED 139
770#define ENGINE_R_DSA_NOT_IMPLEMENTED 140
771#define ENGINE_R_DSO_FAILURE 104
772#define ENGINE_R_DSO_NOT_FOUND 132
773#define ENGINE_R_ENGINES_SECTION_ERROR 148
774#define ENGINE_R_ENGINE_CONFIGURATION_ERROR 102
775#define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105
776#define ENGINE_R_ENGINE_SECTION_ERROR 149
777#define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128
778#define ENGINE_R_FAILED_LOADING_PUBLIC_KEY 129
779#define ENGINE_R_FINISH_FAILED 106
780#define ENGINE_R_GET_HANDLE_FAILED 107
781#define ENGINE_R_ID_OR_NAME_MISSING 108
782#define ENGINE_R_INIT_FAILED 109
783#define ENGINE_R_INTERNAL_LIST_ERROR 110
784#define ENGINE_R_INVALID_ARGUMENT 143
785#define ENGINE_R_INVALID_CMD_NAME 137
786#define ENGINE_R_INVALID_CMD_NUMBER 138
787#define ENGINE_R_INVALID_INIT_VALUE 151
788#define ENGINE_R_INVALID_STRING 150
789#define ENGINE_R_NOT_INITIALISED 117
790#define ENGINE_R_NOT_LOADED 112
791#define ENGINE_R_NO_CONTROL_FUNCTION 120
792#define ENGINE_R_NO_INDEX 144
793#define ENGINE_R_NO_LOAD_FUNCTION 125
794#define ENGINE_R_NO_REFERENCE 130
795#define ENGINE_R_NO_SUCH_ENGINE 116
796#define ENGINE_R_NO_UNLOAD_FUNCTION 126
797#define ENGINE_R_PROVIDE_PARAMETERS 113
798#define ENGINE_R_RSA_NOT_IMPLEMENTED 141
799#define ENGINE_R_UNIMPLEMENTED_CIPHER 146
800#define ENGINE_R_UNIMPLEMENTED_DIGEST 147
801#define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD 101
802#define ENGINE_R_VERSION_INCOMPATIBILITY 145
803
804#ifdef __cplusplus
805}
806#endif
807#endif
diff --git a/src/lib/libcrypto/engine/tb_asnmth.c b/src/lib/libcrypto/engine/tb_asnmth.c
deleted file mode 100644
index 3ba5541933..0000000000
--- a/src/lib/libcrypto/engine/tb_asnmth.c
+++ /dev/null
@@ -1,256 +0,0 @@
1/* $OpenBSD: tb_asnmth.c,v 1.5 2015/02/11 03:19:37 doug Exp $ */
2/* ====================================================================
3 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include <string.h>
57
58#include <openssl/err.h>
59
60#include "eng_int.h"
61#include "asn1_locl.h"
62#include <openssl/evp.h>
63
64/* If this symbol is defined then ENGINE_get_pkey_asn1_meth_engine(), the
65 * function that is used by EVP to hook in pkey_asn1_meth code and cache
66 * defaults (etc), will display brief debugging summaries to stderr with the
67 * 'nid'. */
68/* #define ENGINE_PKEY_ASN1_METH_DEBUG */
69
70static ENGINE_TABLE *pkey_asn1_meth_table = NULL;
71
72void
73ENGINE_unregister_pkey_asn1_meths(ENGINE *e)
74{
75 engine_table_unregister(&pkey_asn1_meth_table, e);
76}
77
78static void
79engine_unregister_all_pkey_asn1_meths(void)
80{
81 engine_table_cleanup(&pkey_asn1_meth_table);
82}
83
84int
85ENGINE_register_pkey_asn1_meths(ENGINE *e)
86{
87 if (e->pkey_asn1_meths) {
88 const int *nids;
89 int num_nids = e->pkey_asn1_meths(e, NULL, &nids, 0);
90 if (num_nids > 0)
91 return engine_table_register(&pkey_asn1_meth_table,
92 engine_unregister_all_pkey_asn1_meths, e, nids,
93 num_nids, 0);
94 }
95 return 1;
96}
97
98void
99ENGINE_register_all_pkey_asn1_meths(void)
100{
101 ENGINE *e;
102
103 for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
104 ENGINE_register_pkey_asn1_meths(e);
105}
106
107int
108ENGINE_set_default_pkey_asn1_meths(ENGINE *e)
109{
110 if (e->pkey_asn1_meths) {
111 const int *nids;
112 int num_nids = e->pkey_asn1_meths(e, NULL, &nids, 0);
113 if (num_nids > 0)
114 return engine_table_register(&pkey_asn1_meth_table,
115 engine_unregister_all_pkey_asn1_meths, e, nids,
116 num_nids, 1);
117 }
118 return 1;
119}
120
121/* Exposed API function to get a functional reference from the implementation
122 * table (ie. try to get a functional reference from the tabled structural
123 * references) for a given pkey_asn1_meth 'nid' */
124ENGINE *
125ENGINE_get_pkey_asn1_meth_engine(int nid)
126{
127 return engine_table_select(&pkey_asn1_meth_table, nid);
128}
129
130/* Obtains a pkey_asn1_meth implementation from an ENGINE functional reference */
131const EVP_PKEY_ASN1_METHOD *
132ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid)
133{
134 EVP_PKEY_ASN1_METHOD *ret;
135 ENGINE_PKEY_ASN1_METHS_PTR fn = ENGINE_get_pkey_asn1_meths(e);
136
137 if (!fn || !fn(e, &ret, NULL, nid)) {
138 ENGINEerr(ENGINE_F_ENGINE_GET_PKEY_ASN1_METH,
139 ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD);
140 return NULL;
141 }
142 return ret;
143}
144
145/* Gets the pkey_asn1_meth callback from an ENGINE structure */
146ENGINE_PKEY_ASN1_METHS_PTR
147ENGINE_get_pkey_asn1_meths(const ENGINE *e)
148{
149 return e->pkey_asn1_meths;
150}
151
152/* Sets the pkey_asn1_meth callback in an ENGINE structure */
153int
154ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f)
155{
156 e->pkey_asn1_meths = f;
157 return 1;
158}
159
160/* Internal function to free up EVP_PKEY_ASN1_METHOD structures before an
161 * ENGINE is destroyed
162 */
163
164void
165engine_pkey_asn1_meths_free(ENGINE *e)
166{
167 int i;
168 EVP_PKEY_ASN1_METHOD *pkm;
169
170 if (e->pkey_asn1_meths) {
171 const int *pknids;
172 int npknids;
173 npknids = e->pkey_asn1_meths(e, NULL, &pknids, 0);
174 for (i = 0; i < npknids; i++) {
175 if (e->pkey_asn1_meths(e, &pkm, NULL, pknids[i])) {
176 EVP_PKEY_asn1_free(pkm);
177 }
178 }
179 }
180}
181
182/* Find a method based on a string. This does a linear search through
183 * all implemented algorithms. This is OK in practice because only
184 * a small number of algorithms are likely to be implemented in an engine
185 * and it is not used for speed critical operations.
186 */
187
188const EVP_PKEY_ASN1_METHOD *
189ENGINE_get_pkey_asn1_meth_str(ENGINE *e, const char *str, int len)
190{
191 int i, nidcount;
192 const int *nids;
193 EVP_PKEY_ASN1_METHOD *ameth;
194
195 if (!e->pkey_asn1_meths)
196 return NULL;
197 if (len == -1)
198 len = strlen(str);
199 nidcount = e->pkey_asn1_meths(e, NULL, &nids, 0);
200 for (i = 0; i < nidcount; i++) {
201 e->pkey_asn1_meths(e, &ameth, NULL, nids[i]);
202 if (((int)strlen(ameth->pem_str) == len) &&
203 !strncasecmp(ameth->pem_str, str, len))
204 return ameth;
205 }
206 return NULL;
207}
208
209typedef struct {
210 ENGINE *e;
211 const EVP_PKEY_ASN1_METHOD *ameth;
212 const char *str;
213 int len;
214} ENGINE_FIND_STR;
215
216static void
217look_str_cb(int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg)
218{
219 ENGINE_FIND_STR *lk = arg;
220 int i;
221
222 if (lk->ameth)
223 return;
224 for (i = 0; i < sk_ENGINE_num(sk); i++) {
225 ENGINE *e = sk_ENGINE_value(sk, i);
226 EVP_PKEY_ASN1_METHOD *ameth;
227 e->pkey_asn1_meths(e, &ameth, NULL, nid);
228 if (((int)strlen(ameth->pem_str) == lk->len) &&
229 !strncasecmp(ameth->pem_str, lk->str, lk->len)) {
230 lk->e = e;
231 lk->ameth = ameth;
232 return;
233 }
234 }
235}
236
237const EVP_PKEY_ASN1_METHOD *
238ENGINE_pkey_asn1_find_str(ENGINE **pe, const char *str, int len)
239{
240 ENGINE_FIND_STR fstr;
241
242 fstr.e = NULL;
243 fstr.ameth = NULL;
244 fstr.str = str;
245 fstr.len = len;
246 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
247 engine_table_doall(pkey_asn1_meth_table, look_str_cb, &fstr);
248 /* If found obtain a structural reference to engine */
249 if (fstr.e) {
250 fstr.e->struct_ref++;
251 engine_ref_debug(fstr.e, 0, 1)
252 }
253 *pe = fstr.e;
254 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
255 return fstr.ameth;
256}
diff --git a/src/lib/libcrypto/engine/tb_cipher.c b/src/lib/libcrypto/engine/tb_cipher.c
deleted file mode 100644
index a888d7a958..0000000000
--- a/src/lib/libcrypto/engine/tb_cipher.c
+++ /dev/null
@@ -1,153 +0,0 @@
1/* $OpenBSD: tb_cipher.c,v 1.7 2015/02/11 03:19:37 doug Exp $ */
2/* ====================================================================
3 * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include <openssl/err.h>
57
58#include "eng_int.h"
59
60/* If this symbol is defined then ENGINE_get_cipher_engine(), the function that
61 * is used by EVP to hook in cipher code and cache defaults (etc), will display
62 * brief debugging summaries to stderr with the 'nid'. */
63/* #define ENGINE_CIPHER_DEBUG */
64
65static ENGINE_TABLE *cipher_table = NULL;
66
67void
68ENGINE_unregister_ciphers(ENGINE *e)
69{
70 engine_table_unregister(&cipher_table, e);
71}
72
73static void
74engine_unregister_all_ciphers(void)
75{
76 engine_table_cleanup(&cipher_table);
77}
78
79int
80ENGINE_register_ciphers(ENGINE *e)
81{
82 if (e->ciphers) {
83 const int *nids;
84 int num_nids = e->ciphers(e, NULL, &nids, 0);
85 if (num_nids > 0)
86 return engine_table_register(&cipher_table,
87 engine_unregister_all_ciphers, e, nids,
88 num_nids, 0);
89 }
90 return 1;
91}
92
93void
94ENGINE_register_all_ciphers(void)
95{
96 ENGINE *e;
97
98 for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
99 ENGINE_register_ciphers(e);
100}
101
102int
103ENGINE_set_default_ciphers(ENGINE *e)
104{
105 if (e->ciphers) {
106 const int *nids;
107 int num_nids = e->ciphers(e, NULL, &nids, 0);
108 if (num_nids > 0)
109 return engine_table_register(&cipher_table,
110 engine_unregister_all_ciphers, e, nids,
111 num_nids, 1);
112 }
113 return 1;
114}
115
116/* Exposed API function to get a functional reference from the implementation
117 * table (ie. try to get a functional reference from the tabled structural
118 * references) for a given cipher 'nid' */
119ENGINE *
120ENGINE_get_cipher_engine(int nid)
121{
122 return engine_table_select(&cipher_table, nid);
123}
124
125/* Obtains a cipher implementation from an ENGINE functional reference */
126const EVP_CIPHER *
127ENGINE_get_cipher(ENGINE *e, int nid)
128{
129 const EVP_CIPHER *ret;
130 ENGINE_CIPHERS_PTR fn = ENGINE_get_ciphers(e);
131
132 if (!fn || !fn(e, &ret, NULL, nid)) {
133 ENGINEerr(ENGINE_F_ENGINE_GET_CIPHER,
134 ENGINE_R_UNIMPLEMENTED_CIPHER);
135 return NULL;
136 }
137 return ret;
138}
139
140/* Gets the cipher callback from an ENGINE structure */
141ENGINE_CIPHERS_PTR
142ENGINE_get_ciphers(const ENGINE *e)
143{
144 return e->ciphers;
145}
146
147/* Sets the cipher callback in an ENGINE structure */
148int
149ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f)
150{
151 e->ciphers = f;
152 return 1;
153}
diff --git a/src/lib/libcrypto/engine/tb_dh.c b/src/lib/libcrypto/engine/tb_dh.c
deleted file mode 100644
index 4f200424e5..0000000000
--- a/src/lib/libcrypto/engine/tb_dh.c
+++ /dev/null
@@ -1,127 +0,0 @@
1/* $OpenBSD: tb_dh.c,v 1.6 2014/06/12 15:49:29 deraadt Exp $ */
2/* ====================================================================
3 * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include "eng_int.h"
57
58/* If this symbol is defined then ENGINE_get_default_DH(), the function that is
59 * used by DH to hook in implementation code and cache defaults (etc), will
60 * display brief debugging summaries to stderr with the 'nid'. */
61/* #define ENGINE_DH_DEBUG */
62
63static ENGINE_TABLE *dh_table = NULL;
64static const int dummy_nid = 1;
65
66void
67ENGINE_unregister_DH(ENGINE *e)
68{
69 engine_table_unregister(&dh_table, e);
70}
71
72static void
73engine_unregister_all_DH(void)
74{
75 engine_table_cleanup(&dh_table);
76}
77
78int
79ENGINE_register_DH(ENGINE *e)
80{
81 if (e->dh_meth)
82 return engine_table_register(&dh_table,
83 engine_unregister_all_DH, e, &dummy_nid, 1, 0);
84 return 1;
85}
86
87void
88ENGINE_register_all_DH(void)
89{
90 ENGINE *e;
91
92 for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
93 ENGINE_register_DH(e);
94}
95
96int
97ENGINE_set_default_DH(ENGINE *e)
98{
99 if (e->dh_meth)
100 return engine_table_register(&dh_table,
101 engine_unregister_all_DH, e, &dummy_nid, 1, 1);
102 return 1;
103}
104
105/* Exposed API function to get a functional reference from the implementation
106 * table (ie. try to get a functional reference from the tabled structural
107 * references). */
108ENGINE *
109ENGINE_get_default_DH(void)
110{
111 return engine_table_select(&dh_table, dummy_nid);
112}
113
114/* Obtains an DH implementation from an ENGINE functional reference */
115const DH_METHOD *
116ENGINE_get_DH(const ENGINE *e)
117{
118 return e->dh_meth;
119}
120
121/* Sets an DH implementation in an ENGINE structure */
122int
123ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth)
124{
125 e->dh_meth = dh_meth;
126 return 1;
127}
diff --git a/src/lib/libcrypto/engine/tb_digest.c b/src/lib/libcrypto/engine/tb_digest.c
deleted file mode 100644
index f7720d39e7..0000000000
--- a/src/lib/libcrypto/engine/tb_digest.c
+++ /dev/null
@@ -1,153 +0,0 @@
1/* $OpenBSD: tb_digest.c,v 1.7 2015/02/11 03:19:37 doug Exp $ */
2/* ====================================================================
3 * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include <openssl/err.h>
57
58#include "eng_int.h"
59
60/* If this symbol is defined then ENGINE_get_digest_engine(), the function that
61 * is used by EVP to hook in digest code and cache defaults (etc), will display
62 * brief debugging summaries to stderr with the 'nid'. */
63/* #define ENGINE_DIGEST_DEBUG */
64
65static ENGINE_TABLE *digest_table = NULL;
66
67void
68ENGINE_unregister_digests(ENGINE *e)
69{
70 engine_table_unregister(&digest_table, e);
71}
72
73static void
74engine_unregister_all_digests(void)
75{
76 engine_table_cleanup(&digest_table);
77}
78
79int
80ENGINE_register_digests(ENGINE *e)
81{
82 if (e->digests) {
83 const int *nids;
84 int num_nids = e->digests(e, NULL, &nids, 0);
85 if (num_nids > 0)
86 return engine_table_register(&digest_table,
87 engine_unregister_all_digests, e, nids,
88 num_nids, 0);
89 }
90 return 1;
91}
92
93void
94ENGINE_register_all_digests(void)
95{
96 ENGINE *e;
97
98 for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
99 ENGINE_register_digests(e);
100}
101
102int
103ENGINE_set_default_digests(ENGINE *e)
104{
105 if (e->digests) {
106 const int *nids;
107 int num_nids = e->digests(e, NULL, &nids, 0);
108 if (num_nids > 0)
109 return engine_table_register(&digest_table,
110 engine_unregister_all_digests, e, nids,
111 num_nids, 1);
112 }
113 return 1;
114}
115
116/* Exposed API function to get a functional reference from the implementation
117 * table (ie. try to get a functional reference from the tabled structural
118 * references) for a given digest 'nid' */
119ENGINE *
120ENGINE_get_digest_engine(int nid)
121{
122 return engine_table_select(&digest_table, nid);
123}
124
125/* Obtains a digest implementation from an ENGINE functional reference */
126const EVP_MD *
127ENGINE_get_digest(ENGINE *e, int nid)
128{
129 const EVP_MD *ret;
130 ENGINE_DIGESTS_PTR fn = ENGINE_get_digests(e);
131
132 if (!fn || !fn(e, &ret, NULL, nid)) {
133 ENGINEerr(ENGINE_F_ENGINE_GET_DIGEST,
134 ENGINE_R_UNIMPLEMENTED_DIGEST);
135 return NULL;
136 }
137 return ret;
138}
139
140/* Gets the digest callback from an ENGINE structure */
141ENGINE_DIGESTS_PTR
142ENGINE_get_digests(const ENGINE *e)
143{
144 return e->digests;
145}
146
147/* Sets the digest callback in an ENGINE structure */
148int
149ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f)
150{
151 e->digests = f;
152 return 1;
153}
diff --git a/src/lib/libcrypto/engine/tb_dsa.c b/src/lib/libcrypto/engine/tb_dsa.c
deleted file mode 100644
index 23e9236107..0000000000
--- a/src/lib/libcrypto/engine/tb_dsa.c
+++ /dev/null
@@ -1,127 +0,0 @@
1/* $OpenBSD: tb_dsa.c,v 1.7 2014/06/12 15:49:29 deraadt Exp $ */
2/* ====================================================================
3 * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include "eng_int.h"
57
58/* If this symbol is defined then ENGINE_get_default_DSA(), the function that is
59 * used by DSA to hook in implementation code and cache defaults (etc), will
60 * display brief debugging summaries to stderr with the 'nid'. */
61/* #define ENGINE_DSA_DEBUG */
62
63static ENGINE_TABLE *dsa_table = NULL;
64static const int dummy_nid = 1;
65
66void
67ENGINE_unregister_DSA(ENGINE *e)
68{
69 engine_table_unregister(&dsa_table, e);
70}
71
72static void
73engine_unregister_all_DSA(void)
74{
75 engine_table_cleanup(&dsa_table);
76}
77
78int
79ENGINE_register_DSA(ENGINE *e)
80{
81 if (e->dsa_meth)
82 return engine_table_register(&dsa_table,
83 engine_unregister_all_DSA, e, &dummy_nid, 1, 0);
84 return 1;
85}
86
87void
88ENGINE_register_all_DSA(void)
89{
90 ENGINE *e;
91
92 for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
93 ENGINE_register_DSA(e);
94}
95
96int
97ENGINE_set_default_DSA(ENGINE *e)
98{
99 if (e->dsa_meth)
100 return engine_table_register(&dsa_table,
101 engine_unregister_all_DSA, e, &dummy_nid, 1, 1);
102 return 1;
103}
104
105/* Exposed API function to get a functional reference from the implementation
106 * table (ie. try to get a functional reference from the tabled structural
107 * references). */
108ENGINE *
109ENGINE_get_default_DSA(void)
110{
111 return engine_table_select(&dsa_table, dummy_nid);
112}
113
114/* Obtains an DSA implementation from an ENGINE functional reference */
115const DSA_METHOD *
116ENGINE_get_DSA(const ENGINE *e)
117{
118 return e->dsa_meth;
119}
120
121/* Sets an DSA implementation in an ENGINE structure */
122int
123ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth)
124{
125 e->dsa_meth = dsa_meth;
126 return 1;
127}
diff --git a/src/lib/libcrypto/engine/tb_ecdh.c b/src/lib/libcrypto/engine/tb_ecdh.c
deleted file mode 100644
index a67877addd..0000000000
--- a/src/lib/libcrypto/engine/tb_ecdh.c
+++ /dev/null
@@ -1,141 +0,0 @@
1/* $OpenBSD: tb_ecdh.c,v 1.4 2014/06/12 15:49:29 deraadt Exp $ */
2/* ====================================================================
3 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
4 *
5 * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
6 * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
7 * to the OpenSSL project.
8 *
9 * The ECC Code is licensed pursuant to the OpenSSL open source
10 * license provided below.
11 *
12 * The ECDH engine software is originally written by Nils Gura and
13 * Douglas Stebila of Sun Microsystems Laboratories.
14 *
15 */
16/* ====================================================================
17 * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved.
18 *
19 * Redistribution and use in source and binary forms, with or without
20 * modification, are permitted provided that the following conditions
21 * are met:
22 *
23 * 1. Redistributions of source code must retain the above copyright
24 * notice, this list of conditions and the following disclaimer.
25 *
26 * 2. Redistributions in binary form must reproduce the above copyright
27 * notice, this list of conditions and the following disclaimer in
28 * the documentation and/or other materials provided with the
29 * distribution.
30 *
31 * 3. All advertising materials mentioning features or use of this
32 * software must display the following acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
35 *
36 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
37 * endorse or promote products derived from this software without
38 * prior written permission. For written permission, please contact
39 * licensing@OpenSSL.org.
40 *
41 * 5. Products derived from this software may not be called "OpenSSL"
42 * nor may "OpenSSL" appear in their names without prior written
43 * permission of the OpenSSL Project.
44 *
45 * 6. Redistributions of any form whatsoever must retain the following
46 * acknowledgment:
47 * "This product includes software developed by the OpenSSL Project
48 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
49 *
50 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
51 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
52 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
53 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
54 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
55 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
56 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
57 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
58 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
59 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
60 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
61 * OF THE POSSIBILITY OF SUCH DAMAGE.
62 * ====================================================================
63 *
64 * This product includes cryptographic software written by Eric Young
65 * (eay@cryptsoft.com). This product includes software written by Tim
66 * Hudson (tjh@cryptsoft.com).
67 *
68 */
69
70#include "eng_int.h"
71
72/* If this symbol is defined then ENGINE_get_default_ECDH(), the function that is
73 * used by ECDH to hook in implementation code and cache defaults (etc), will
74 * display brief debugging summaries to stderr with the 'nid'. */
75/* #define ENGINE_ECDH_DEBUG */
76
77static ENGINE_TABLE *ecdh_table = NULL;
78static const int dummy_nid = 1;
79
80void
81ENGINE_unregister_ECDH(ENGINE *e)
82{
83 engine_table_unregister(&ecdh_table, e);
84}
85
86static void
87engine_unregister_all_ECDH(void)
88{
89 engine_table_cleanup(&ecdh_table);
90}
91
92int
93ENGINE_register_ECDH(ENGINE *e)
94{
95 if (e->ecdh_meth)
96 return engine_table_register(&ecdh_table,
97 engine_unregister_all_ECDH, e, &dummy_nid, 1, 0);
98 return 1;
99}
100
101void
102ENGINE_register_all_ECDH(void)
103{
104 ENGINE *e;
105
106 for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
107 ENGINE_register_ECDH(e);
108}
109
110int
111ENGINE_set_default_ECDH(ENGINE *e)
112{
113 if (e->ecdh_meth)
114 return engine_table_register(&ecdh_table,
115 engine_unregister_all_ECDH, e, &dummy_nid, 1, 1);
116 return 1;
117}
118
119/* Exposed API function to get a functional reference from the implementation
120 * table (ie. try to get a functional reference from the tabled structural
121 * references). */
122ENGINE *
123ENGINE_get_default_ECDH(void)
124{
125 return engine_table_select(&ecdh_table, dummy_nid);
126}
127
128/* Obtains an ECDH implementation from an ENGINE functional reference */
129const ECDH_METHOD *
130ENGINE_get_ECDH(const ENGINE *e)
131{
132 return e->ecdh_meth;
133}
134
135/* Sets an ECDH implementation in an ENGINE structure */
136int
137ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth)
138{
139 e->ecdh_meth = ecdh_meth;
140 return 1;
141}
diff --git a/src/lib/libcrypto/engine/tb_ecdsa.c b/src/lib/libcrypto/engine/tb_ecdsa.c
deleted file mode 100644
index 226b76e185..0000000000
--- a/src/lib/libcrypto/engine/tb_ecdsa.c
+++ /dev/null
@@ -1,127 +0,0 @@
1/* $OpenBSD: tb_ecdsa.c,v 1.4 2014/06/12 15:49:29 deraadt Exp $ */
2/* ====================================================================
3 * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include "eng_int.h"
57
58/* If this symbol is defined then ENGINE_get_default_ECDSA(), the function that is
59 * used by ECDSA to hook in implementation code and cache defaults (etc), will
60 * display brief debugging summaries to stderr with the 'nid'. */
61/* #define ENGINE_ECDSA_DEBUG */
62
63static ENGINE_TABLE *ecdsa_table = NULL;
64static const int dummy_nid = 1;
65
66void
67ENGINE_unregister_ECDSA(ENGINE *e)
68{
69 engine_table_unregister(&ecdsa_table, e);
70}
71
72static void
73engine_unregister_all_ECDSA(void)
74{
75 engine_table_cleanup(&ecdsa_table);
76}
77
78int
79ENGINE_register_ECDSA(ENGINE *e)
80{
81 if (e->ecdsa_meth)
82 return engine_table_register(&ecdsa_table,
83 engine_unregister_all_ECDSA, e, &dummy_nid, 1, 0);
84 return 1;
85}
86
87void
88ENGINE_register_all_ECDSA(void)
89{
90 ENGINE *e;
91
92 for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
93 ENGINE_register_ECDSA(e);
94}
95
96int
97ENGINE_set_default_ECDSA(ENGINE *e)
98{
99 if (e->ecdsa_meth)
100 return engine_table_register(&ecdsa_table,
101 engine_unregister_all_ECDSA, e, &dummy_nid, 1, 1);
102 return 1;
103}
104
105/* Exposed API function to get a functional reference from the implementation
106 * table (ie. try to get a functional reference from the tabled structural
107 * references). */
108ENGINE *
109ENGINE_get_default_ECDSA(void)
110{
111 return engine_table_select(&ecdsa_table, dummy_nid);
112}
113
114/* Obtains an ECDSA implementation from an ENGINE functional reference */
115const ECDSA_METHOD *
116ENGINE_get_ECDSA(const ENGINE *e)
117{
118 return e->ecdsa_meth;
119}
120
121/* Sets an ECDSA implementation in an ENGINE structure */
122int
123ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth)
124{
125 e->ecdsa_meth = ecdsa_meth;
126 return 1;
127}
diff --git a/src/lib/libcrypto/engine/tb_pkmeth.c b/src/lib/libcrypto/engine/tb_pkmeth.c
deleted file mode 100644
index 3840434262..0000000000
--- a/src/lib/libcrypto/engine/tb_pkmeth.c
+++ /dev/null
@@ -1,176 +0,0 @@
1/* $OpenBSD: tb_pkmeth.c,v 1.5 2015/02/11 03:19:37 doug Exp $ */
2/* ====================================================================
3 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include <openssl/err.h>
57
58#include "eng_int.h"
59#include <openssl/evp.h>
60
61/* If this symbol is defined then ENGINE_get_pkey_meth_engine(), the function
62 * that is used by EVP to hook in pkey_meth code and cache defaults (etc), will
63 * display brief debugging summaries to stderr with the 'nid'. */
64/* #define ENGINE_PKEY_METH_DEBUG */
65
66static ENGINE_TABLE *pkey_meth_table = NULL;
67
68void
69ENGINE_unregister_pkey_meths(ENGINE *e)
70{
71 engine_table_unregister(&pkey_meth_table, e);
72}
73
74static void
75engine_unregister_all_pkey_meths(void)
76{
77 engine_table_cleanup(&pkey_meth_table);
78}
79
80int
81ENGINE_register_pkey_meths(ENGINE *e)
82{
83 if (e->pkey_meths) {
84 const int *nids;
85 int num_nids = e->pkey_meths(e, NULL, &nids, 0);
86 if (num_nids > 0)
87 return engine_table_register(&pkey_meth_table,
88 engine_unregister_all_pkey_meths, e, nids,
89 num_nids, 0);
90 }
91 return 1;
92}
93
94void
95ENGINE_register_all_pkey_meths(void)
96{
97 ENGINE *e;
98
99 for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
100 ENGINE_register_pkey_meths(e);
101}
102
103int
104ENGINE_set_default_pkey_meths(ENGINE *e)
105{
106 if (e->pkey_meths) {
107 const int *nids;
108 int num_nids = e->pkey_meths(e, NULL, &nids, 0);
109 if (num_nids > 0)
110 return engine_table_register(&pkey_meth_table,
111 engine_unregister_all_pkey_meths, e, nids,
112 num_nids, 1);
113 }
114 return 1;
115}
116
117/* Exposed API function to get a functional reference from the implementation
118 * table (ie. try to get a functional reference from the tabled structural
119 * references) for a given pkey_meth 'nid' */
120ENGINE *
121ENGINE_get_pkey_meth_engine(int nid)
122{
123 return engine_table_select(&pkey_meth_table, nid);
124}
125
126/* Obtains a pkey_meth implementation from an ENGINE functional reference */
127const EVP_PKEY_METHOD *
128ENGINE_get_pkey_meth(ENGINE *e, int nid)
129{
130 EVP_PKEY_METHOD *ret;
131 ENGINE_PKEY_METHS_PTR fn = ENGINE_get_pkey_meths(e);
132
133 if (!fn || !fn(e, &ret, NULL, nid)) {
134 ENGINEerr(ENGINE_F_ENGINE_GET_PKEY_METH,
135 ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD);
136 return NULL;
137 }
138 return ret;
139}
140
141/* Gets the pkey_meth callback from an ENGINE structure */
142ENGINE_PKEY_METHS_PTR
143ENGINE_get_pkey_meths(const ENGINE *e)
144{
145 return e->pkey_meths;
146}
147
148/* Sets the pkey_meth callback in an ENGINE structure */
149int
150ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f)
151{
152 e->pkey_meths = f;
153 return 1;
154}
155
156/* Internal function to free up EVP_PKEY_METHOD structures before an
157 * ENGINE is destroyed
158 */
159
160void
161engine_pkey_meths_free(ENGINE *e)
162{
163 int i;
164 EVP_PKEY_METHOD *pkm;
165
166 if (e->pkey_meths) {
167 const int *pknids;
168 int npknids;
169 npknids = e->pkey_meths(e, NULL, &pknids, 0);
170 for (i = 0; i < npknids; i++) {
171 if (e->pkey_meths(e, &pkm, NULL, pknids[i])) {
172 EVP_PKEY_meth_free(pkm);
173 }
174 }
175 }
176}
diff --git a/src/lib/libcrypto/engine/tb_rand.c b/src/lib/libcrypto/engine/tb_rand.c
deleted file mode 100644
index cc61da747c..0000000000
--- a/src/lib/libcrypto/engine/tb_rand.c
+++ /dev/null
@@ -1,127 +0,0 @@
1/* $OpenBSD: tb_rand.c,v 1.6 2014/06/12 15:49:29 deraadt Exp $ */
2/* ====================================================================
3 * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include "eng_int.h"
57
58/* If this symbol is defined then ENGINE_get_default_RAND(), the function that is
59 * used by RAND to hook in implementation code and cache defaults (etc), will
60 * display brief debugging summaries to stderr with the 'nid'. */
61/* #define ENGINE_RAND_DEBUG */
62
63static ENGINE_TABLE *rand_table = NULL;
64static const int dummy_nid = 1;
65
66void
67ENGINE_unregister_RAND(ENGINE *e)
68{
69 engine_table_unregister(&rand_table, e);
70}
71
72static void
73engine_unregister_all_RAND(void)
74{
75 engine_table_cleanup(&rand_table);
76}
77
78int
79ENGINE_register_RAND(ENGINE *e)
80{
81 if (e->rand_meth)
82 return engine_table_register(&rand_table,
83 engine_unregister_all_RAND, e, &dummy_nid, 1, 0);
84 return 1;
85}
86
87void
88ENGINE_register_all_RAND(void)
89{
90 ENGINE *e;
91
92 for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
93 ENGINE_register_RAND(e);
94}
95
96int
97ENGINE_set_default_RAND(ENGINE *e)
98{
99 if (e->rand_meth)
100 return engine_table_register(&rand_table,
101 engine_unregister_all_RAND, e, &dummy_nid, 1, 1);
102 return 1;
103}
104
105/* Exposed API function to get a functional reference from the implementation
106 * table (ie. try to get a functional reference from the tabled structural
107 * references). */
108ENGINE *
109ENGINE_get_default_RAND(void)
110{
111 return engine_table_select(&rand_table, dummy_nid);
112}
113
114/* Obtains an RAND implementation from an ENGINE functional reference */
115const RAND_METHOD *
116ENGINE_get_RAND(const ENGINE *e)
117{
118 return e->rand_meth;
119}
120
121/* Sets an RAND implementation in an ENGINE structure */
122int
123ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth)
124{
125 e->rand_meth = rand_meth;
126 return 1;
127}
diff --git a/src/lib/libcrypto/engine/tb_rsa.c b/src/lib/libcrypto/engine/tb_rsa.c
deleted file mode 100644
index 52ee8889a0..0000000000
--- a/src/lib/libcrypto/engine/tb_rsa.c
+++ /dev/null
@@ -1,127 +0,0 @@
1/* $OpenBSD: tb_rsa.c,v 1.6 2014/06/12 15:49:29 deraadt Exp $ */
2/* ====================================================================
3 * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include "eng_int.h"
57
58/* If this symbol is defined then ENGINE_get_default_RSA(), the function that is
59 * used by RSA to hook in implementation code and cache defaults (etc), will
60 * display brief debugging summaries to stderr with the 'nid'. */
61/* #define ENGINE_RSA_DEBUG */
62
63static ENGINE_TABLE *rsa_table = NULL;
64static const int dummy_nid = 1;
65
66void
67ENGINE_unregister_RSA(ENGINE *e)
68{
69 engine_table_unregister(&rsa_table, e);
70}
71
72static void
73engine_unregister_all_RSA(void)
74{
75 engine_table_cleanup(&rsa_table);
76}
77
78int
79ENGINE_register_RSA(ENGINE *e)
80{
81 if (e->rsa_meth)
82 return engine_table_register(&rsa_table,
83 engine_unregister_all_RSA, e, &dummy_nid, 1, 0);
84 return 1;
85}
86
87void
88ENGINE_register_all_RSA(void)
89{
90 ENGINE *e;
91
92 for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
93 ENGINE_register_RSA(e);
94}
95
96int
97ENGINE_set_default_RSA(ENGINE *e)
98{
99 if (e->rsa_meth)
100 return engine_table_register(&rsa_table,
101 engine_unregister_all_RSA, e, &dummy_nid, 1, 1);
102 return 1;
103}
104
105/* Exposed API function to get a functional reference from the implementation
106 * table (ie. try to get a functional reference from the tabled structural
107 * references). */
108ENGINE *
109ENGINE_get_default_RSA(void)
110{
111 return engine_table_select(&rsa_table, dummy_nid);
112}
113
114/* Obtains an RSA implementation from an ENGINE functional reference */
115const RSA_METHOD *
116ENGINE_get_RSA(const ENGINE *e)
117{
118 return e->rsa_meth;
119}
120
121/* Sets an RSA implementation in an ENGINE structure */
122int
123ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth)
124{
125 e->rsa_meth = rsa_meth;
126 return 1;
127}
diff --git a/src/lib/libcrypto/engine/tb_store.c b/src/lib/libcrypto/engine/tb_store.c
deleted file mode 100644
index e9ad11ab01..0000000000
--- a/src/lib/libcrypto/engine/tb_store.c
+++ /dev/null
@@ -1,109 +0,0 @@
1/* $OpenBSD: tb_store.c,v 1.5 2015/02/07 13:19:15 doug Exp $ */
2/* ====================================================================
3 * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include "eng_int.h"
57
58/* If this symbol is defined then ENGINE_get_default_STORE(), the function that is
59 * used by STORE to hook in implementation code and cache defaults (etc), will
60 * display brief debugging summaries to stderr with the 'nid'. */
61/* #define ENGINE_STORE_DEBUG */
62
63static ENGINE_TABLE *store_table = NULL;
64static const int dummy_nid = 1;
65
66void
67ENGINE_unregister_STORE(ENGINE *e)
68{
69 engine_table_unregister(&store_table, e);
70}
71
72static void
73engine_unregister_all_STORE(void)
74{
75 engine_table_cleanup(&store_table);
76}
77
78int
79ENGINE_register_STORE(ENGINE *e)
80{
81 if (e->store_meth)
82 return engine_table_register(&store_table,
83 engine_unregister_all_STORE, e, &dummy_nid, 1, 0);
84 return 1;
85}
86
87void
88ENGINE_register_all_STORE(void)
89{
90 ENGINE *e;
91
92 for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
93 ENGINE_register_STORE(e);
94}
95
96/* Obtains an STORE implementation from an ENGINE functional reference */
97const STORE_METHOD *
98ENGINE_get_STORE(const ENGINE *e)
99{
100 return e->store_meth;
101}
102
103/* Sets an STORE implementation in an ENGINE structure */
104int
105ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth)
106{
107 e->store_meth = store_meth;
108 return 1;
109}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-09 11:26:43 +0000