From 829fd51d4f8dde4a7f3bf54754f3c1d1a502f5e2 Mon Sep 17 00:00:00 2001 From: djm <> Date: Fri, 1 Oct 2010 22:54:21 +0000 Subject: import OpenSSL-1.0.0a --- src/lib/libcrypto/engine/eng_all.c | 19 +-- src/lib/libcrypto/engine/eng_cnf.c | 17 ++- src/lib/libcrypto/engine/eng_ctrl.c | 8 +- src/lib/libcrypto/engine/eng_dyn.c | 14 +- src/lib/libcrypto/engine/eng_err.c | 6 +- src/lib/libcrypto/engine/eng_fat.c | 14 ++ src/lib/libcrypto/engine/eng_int.h | 12 +- src/lib/libcrypto/engine/eng_lib.c | 3 + src/lib/libcrypto/engine/eng_list.c | 2 + src/lib/libcrypto/engine/eng_openssl.c | 2 +- src/lib/libcrypto/engine/eng_table.c | 72 +++++++--- src/lib/libcrypto/engine/engine.h | 55 ++++++-- src/lib/libcrypto/engine/tb_asnmth.c | 246 +++++++++++++++++++++++++++++++++ src/lib/libcrypto/engine/tb_pkmeth.c | 167 ++++++++++++++++++++++ 14 files changed, 580 insertions(+), 57 deletions(-) create mode 100644 src/lib/libcrypto/engine/tb_asnmth.c create mode 100644 src/lib/libcrypto/engine/tb_pkmeth.c (limited to 'src/lib/libcrypto/engine') diff --git a/src/lib/libcrypto/engine/eng_all.c b/src/lib/libcrypto/engine/eng_all.c index d29cd57dc2..22c120454f 100644 --- a/src/lib/libcrypto/engine/eng_all.c +++ b/src/lib/libcrypto/engine/eng_all.c @@ -61,15 +61,15 @@ void ENGINE_load_builtin_engines(void) { +#if 0 /* There's no longer any need for an "openssl" ENGINE unless, one day, * it is the *only* way for standard builtin implementations to be be * accessed (ie. it would be possible to statically link binaries with * *no* builtin implementations). */ -#if 0 ENGINE_load_openssl(); #endif -#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK) - ENGINE_load_padlock(); +#if !defined(OPENSSL_NO_HW) && (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)) + ENGINE_load_cryptodev(); #endif ENGINE_load_dynamic(); #ifndef OPENSSL_NO_STATIC_ENGINE @@ -98,14 +98,15 @@ void ENGINE_load_builtin_engines(void) #ifndef OPENSSL_NO_HW_UBSEC ENGINE_load_ubsec(); #endif +#ifndef OPENSSL_NO_HW_PADLOCK + ENGINE_load_padlock(); #endif -#if !defined(OPENSSL_NO_GMP) && !defined(OPENSSL_NO_HW_GMP) - ENGINE_load_gmp(); #endif +#ifndef OPENSSL_NO_GOST + ENGINE_load_gost(); #endif -#ifndef OPENSSL_NO_HW -#if defined(__OpenBSD__) || defined(__FreeBSD__) - ENGINE_load_cryptodev(); +#ifndef OPENSSL_NO_GMP + ENGINE_load_gmp(); #endif #if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG) ENGINE_load_capi(); @@ -113,7 +114,7 @@ void ENGINE_load_builtin_engines(void) #endif } -#if defined(__OpenBSD__) || defined(__FreeBSD__) +#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) void ENGINE_setup_bsd_cryptodev(void) { static int bsd_cryptodev_default_loaded = 0; if (!bsd_cryptodev_default_loaded) { diff --git a/src/lib/libcrypto/engine/eng_cnf.c b/src/lib/libcrypto/engine/eng_cnf.c index 08066cea59..95c4070015 100644 --- a/src/lib/libcrypto/engine/eng_cnf.c +++ b/src/lib/libcrypto/engine/eng_cnf.c @@ -95,7 +95,7 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf) int ret = 0; long do_init = -1; STACK_OF(CONF_VALUE) *ecmds; - CONF_VALUE *ecmd; + CONF_VALUE *ecmd = NULL; char *ctrlname, *ctrlvalue; ENGINE *e = NULL; int soft = 0; @@ -157,7 +157,7 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf) return 1; } if (!e) - return 0; + goto err; } /* Allow "EMPTY" to mean no value: this allows a valid * "value" to be passed to ctrls of type NO_INPUT @@ -186,16 +186,27 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf) } else if (!ENGINE_ctrl_cmd_string(e, ctrlname, ctrlvalue, 0)) - return 0; + goto err; } } if (e && (do_init == -1) && !int_engine_init(e)) + { + ecmd = NULL; goto err; + } ret = 1; err: + if (ret != 1) + { + ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_ENGINE_CONFIGURATION_ERROR); + if (ecmd) + ERR_add_error_data(6, "section=", ecmd->section, + ", name=", ecmd->name, + ", value=", ecmd->value); + } if (e) ENGINE_free(e); return ret; diff --git a/src/lib/libcrypto/engine/eng_ctrl.c b/src/lib/libcrypto/engine/eng_ctrl.c index 95b6b455aa..5ce25d92ec 100644 --- a/src/lib/libcrypto/engine/eng_ctrl.c +++ b/src/lib/libcrypto/engine/eng_ctrl.c @@ -280,7 +280,7 @@ int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, } /* Force the result of the control command to 0 or 1, for the reasons * mentioned before. */ - if (ENGINE_ctrl(e, num, i, p, f)) + if (ENGINE_ctrl(e, num, i, p, f) > 0) return 1; return 0; } @@ -345,7 +345,7 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, * usage of these commands is consistent across applications and * that certain applications don't understand it one way, and * others another. */ - if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL)) + if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0) return 1; return 0; } @@ -360,7 +360,7 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, if(flags & ENGINE_CMD_FLAG_STRING) { /* Same explanation as above */ - if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL)) + if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0) return 1; return 0; } @@ -383,7 +383,7 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, } /* Force the result of the control command to 0 or 1, for the reasons * mentioned before. */ - if(ENGINE_ctrl(e, num, l, NULL, NULL)) + if(ENGINE_ctrl(e, num, l, NULL, NULL) > 0) return 1; return 0; } diff --git a/src/lib/libcrypto/engine/eng_dyn.c b/src/lib/libcrypto/engine/eng_dyn.c index acb30c34d8..807da7a5eb 100644 --- a/src/lib/libcrypto/engine/eng_dyn.c +++ b/src/lib/libcrypto/engine/eng_dyn.c @@ -146,14 +146,14 @@ struct st_dynamic_data_ctx * 'dirs' for loading. Default is to use 'dirs' as a fallback. */ int dir_load; /* A stack of directories from which ENGINEs could be loaded */ - STACK *dirs; + STACK_OF(OPENSSL_STRING) *dirs; }; /* This is the "ex_data" index we obtain and reserve for use with our context * structure. */ static int dynamic_ex_data_idx = -1; -static void int_free_str(void *s) { OPENSSL_free(s); } +static void int_free_str(char *s) { OPENSSL_free(s); } /* Because our ex_data element may or may not get allocated depending on whether * a "first-use" occurs before the ENGINE is freed, we have a memory leak * problem to solve. We can't declare a "new" handler for the ex_data as we @@ -174,7 +174,7 @@ static void dynamic_data_ctx_free_func(void *parent, void *ptr, if(ctx->engine_id) OPENSSL_free((void*)ctx->engine_id); if(ctx->dirs) - sk_pop_free(ctx->dirs, int_free_str); + sk_OPENSSL_STRING_pop_free(ctx->dirs, int_free_str); OPENSSL_free(ctx); } } @@ -203,7 +203,7 @@ static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx) c->DYNAMIC_F1 = "v_check"; c->DYNAMIC_F2 = "bind_engine"; c->dir_load = 1; - c->dirs = sk_new_null(); + c->dirs = sk_OPENSSL_STRING_new_null(); if(!c->dirs) { ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX,ERR_R_MALLOC_FAILURE); @@ -393,7 +393,7 @@ static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) ERR_R_MALLOC_FAILURE); return 0; } - sk_insert(ctx->dirs, tmp_str, -1); + sk_OPENSSL_STRING_insert(ctx->dirs, tmp_str, -1); } return 1; default: @@ -411,11 +411,11 @@ static int int_load(dynamic_data_ctx *ctx) ctx->DYNAMIC_LIBNAME, NULL, 0)) != NULL) return 1; /* If we're not allowed to use 'dirs' or we have none, fail */ - if(!ctx->dir_load || ((num = sk_num(ctx->dirs)) < 1)) + if(!ctx->dir_load || (num = sk_OPENSSL_STRING_num(ctx->dirs)) < 1) return 0; for(loop = 0; loop < num; loop++) { - const char *s = sk_value(ctx->dirs, loop); + const char *s = sk_OPENSSL_STRING_value(ctx->dirs, loop); char *merge = DSO_merge(ctx->dynamic_dso, ctx->DYNAMIC_LIBNAME, s); if(!merge) return 0; diff --git a/src/lib/libcrypto/engine/eng_err.c b/src/lib/libcrypto/engine/eng_err.c index 574ffbb5c0..81c70acfa8 100644 --- a/src/lib/libcrypto/engine/eng_err.c +++ b/src/lib/libcrypto/engine/eng_err.c @@ -1,6 +1,6 @@ /* crypto/engine/eng_err.c */ /* ==================================================================== - * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2010 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -86,6 +86,8 @@ static ERR_STRING_DATA ENGINE_str_functs[]= {ERR_FUNC(ENGINE_F_ENGINE_GET_DEFAULT_TYPE), "ENGINE_GET_DEFAULT_TYPE"}, {ERR_FUNC(ENGINE_F_ENGINE_GET_DIGEST), "ENGINE_get_digest"}, {ERR_FUNC(ENGINE_F_ENGINE_GET_NEXT), "ENGINE_get_next"}, +{ERR_FUNC(ENGINE_F_ENGINE_GET_PKEY_ASN1_METH), "ENGINE_get_pkey_asn1_meth"}, +{ERR_FUNC(ENGINE_F_ENGINE_GET_PKEY_METH), "ENGINE_get_pkey_meth"}, {ERR_FUNC(ENGINE_F_ENGINE_GET_PREV), "ENGINE_get_prev"}, {ERR_FUNC(ENGINE_F_ENGINE_INIT), "ENGINE_init"}, {ERR_FUNC(ENGINE_F_ENGINE_LIST_ADD), "ENGINE_LIST_ADD"}, @@ -124,6 +126,7 @@ static ERR_STRING_DATA ENGINE_str_reasons[]= {ERR_REASON(ENGINE_R_DSO_FAILURE) ,"DSO failure"}, {ERR_REASON(ENGINE_R_DSO_NOT_FOUND) ,"dso not found"}, {ERR_REASON(ENGINE_R_ENGINES_SECTION_ERROR),"engines section error"}, +{ERR_REASON(ENGINE_R_ENGINE_CONFIGURATION_ERROR),"engine configuration error"}, {ERR_REASON(ENGINE_R_ENGINE_IS_NOT_IN_LIST),"engine is not in the list"}, {ERR_REASON(ENGINE_R_ENGINE_SECTION_ERROR),"engine section error"}, {ERR_REASON(ENGINE_R_FAILED_LOADING_PRIVATE_KEY),"failed loading private key"}, @@ -150,6 +153,7 @@ static ERR_STRING_DATA ENGINE_str_reasons[]= {ERR_REASON(ENGINE_R_RSA_NOT_IMPLEMENTED),"rsa not implemented"}, {ERR_REASON(ENGINE_R_UNIMPLEMENTED_CIPHER),"unimplemented cipher"}, {ERR_REASON(ENGINE_R_UNIMPLEMENTED_DIGEST),"unimplemented digest"}, +{ERR_REASON(ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD),"unimplemented public key method"}, {ERR_REASON(ENGINE_R_VERSION_INCOMPATIBILITY),"version incompatibility"}, {0,NULL} }; diff --git a/src/lib/libcrypto/engine/eng_fat.c b/src/lib/libcrypto/engine/eng_fat.c index 27c1662f62..db66e62350 100644 --- a/src/lib/libcrypto/engine/eng_fat.c +++ b/src/lib/libcrypto/engine/eng_fat.c @@ -89,6 +89,12 @@ int ENGINE_set_default(ENGINE *e, unsigned int flags) #endif if((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e)) return 0; + if((flags & ENGINE_METHOD_PKEY_METHS) + && !ENGINE_set_default_pkey_meths(e)) + return 0; + if((flags & ENGINE_METHOD_PKEY_ASN1_METHS) + && !ENGINE_set_default_pkey_asn1_meths(e)) + return 0; return 1; } @@ -115,6 +121,13 @@ static int int_def_cb(const char *alg, int len, void *arg) *pflags |= ENGINE_METHOD_CIPHERS; else if (!strncmp(alg, "DIGESTS", len)) *pflags |= ENGINE_METHOD_DIGESTS; + else if (!strncmp(alg, "PKEY", len)) + *pflags |= + ENGINE_METHOD_PKEY_METHS|ENGINE_METHOD_PKEY_ASN1_METHS; + else if (!strncmp(alg, "PKEY_CRYPTO", len)) + *pflags |= ENGINE_METHOD_PKEY_METHS; + else if (!strncmp(alg, "PKEY_ASN1", len)) + *pflags |= ENGINE_METHOD_PKEY_ASN1_METHS; else return 0; return 1; @@ -154,6 +167,7 @@ int ENGINE_register_complete(ENGINE *e) ENGINE_register_ECDSA(e); #endif ENGINE_register_RAND(e); + ENGINE_register_pkey_meths(e); return 1; } diff --git a/src/lib/libcrypto/engine/eng_int.h b/src/lib/libcrypto/engine/eng_int.h index a66f107a44..451ef8feb8 100644 --- a/src/lib/libcrypto/engine/eng_int.h +++ b/src/lib/libcrypto/engine/eng_int.h @@ -127,6 +127,8 @@ ENGINE *engine_table_select(ENGINE_TABLE **table, int nid); ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, int l); #define engine_table_select(t,n) engine_table_select_tmp(t,n,__FILE__,__LINE__) #endif +typedef void (engine_table_doall_cb)(int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg); +void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb, void *arg); /* Internal versions of API functions that have control over locking. These are * used between C files when functionality needs to be shared but the caller may @@ -143,6 +145,11 @@ void engine_set_all_null(ENGINE *e); /* NB: Bitwise OR-able values for the "flags" variable in ENGINE are now exposed * in engine.h. */ +/* Free up dynamically allocated public key methods associated with ENGINE */ + +void engine_pkey_meths_free(ENGINE *e); +void engine_pkey_asn1_meths_free(ENGINE *e); + /* This is a structure for storing implementations of various crypto * algorithms and functions. */ struct engine_st @@ -160,7 +167,10 @@ struct engine_st ENGINE_CIPHERS_PTR ciphers; /* Digest handling is via this callback */ ENGINE_DIGESTS_PTR digests; - + /* Public key handling via this callback */ + ENGINE_PKEY_METHS_PTR pkey_meths; + /* ASN1 public key handling via this callback */ + ENGINE_PKEY_ASN1_METHS_PTR pkey_asn1_meths; ENGINE_GEN_INT_FUNC_PTR destroy; diff --git a/src/lib/libcrypto/engine/eng_lib.c b/src/lib/libcrypto/engine/eng_lib.c index 5815b867f4..18a6664645 100644 --- a/src/lib/libcrypto/engine/eng_lib.c +++ b/src/lib/libcrypto/engine/eng_lib.c @@ -125,6 +125,9 @@ int engine_free_util(ENGINE *e, int locked) abort(); } #endif + /* Free up any dynamically allocated public key methods */ + engine_pkey_meths_free(e); + engine_pkey_asn1_meths_free(e); /* Give the ENGINE a chance to do any structural cleanup corresponding * to allocation it did in its constructor (eg. unload error strings) */ if(e->destroy) diff --git a/src/lib/libcrypto/engine/eng_list.c b/src/lib/libcrypto/engine/eng_list.c index bd511944ba..27846edb1e 100644 --- a/src/lib/libcrypto/engine/eng_list.c +++ b/src/lib/libcrypto/engine/eng_list.c @@ -336,6 +336,7 @@ static void engine_cpy(ENGINE *dest, const ENGINE *src) dest->store_meth = src->store_meth; dest->ciphers = src->ciphers; dest->digests = src->digests; + dest->pkey_meths = src->pkey_meths; dest->destroy = src->destroy; dest->init = src->init; dest->finish = src->finish; @@ -412,6 +413,7 @@ ENGINE *ENGINE_by_id(const char *id) return iterator; } notfound: + ENGINE_free(iterator); ENGINEerr(ENGINE_F_ENGINE_BY_ID,ENGINE_R_NO_SUCH_ENGINE); ERR_add_error_data(2, "id=", id); return NULL; diff --git a/src/lib/libcrypto/engine/eng_openssl.c b/src/lib/libcrypto/engine/eng_openssl.c index 7c139ae2ef..9abb95cc22 100644 --- a/src/lib/libcrypto/engine/eng_openssl.c +++ b/src/lib/libcrypto/engine/eng_openssl.c @@ -238,7 +238,7 @@ static int test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, return 1; } static int test_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl) + const unsigned char *in, size_t inl) { #ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n"); diff --git a/src/lib/libcrypto/engine/eng_table.c b/src/lib/libcrypto/engine/eng_table.c index 8879a267d1..4fde948185 100644 --- a/src/lib/libcrypto/engine/eng_table.c +++ b/src/lib/libcrypto/engine/eng_table.c @@ -70,12 +70,22 @@ typedef struct st_engine_pile int uptodate; } ENGINE_PILE; +DECLARE_LHASH_OF(ENGINE_PILE); + /* The type exposed in eng_int.h */ struct st_engine_table { - LHASH piles; + LHASH_OF(ENGINE_PILE) piles; }; /* ENGINE_TABLE */ + +typedef struct st_engine_pile_doall + { + engine_table_doall_cb *cb; + void *arg; + } ENGINE_PILE_DOALL; + + /* Global flags (ENGINE_TABLE_FLAG_***). */ static unsigned int table_flags = 0; @@ -84,6 +94,7 @@ unsigned int ENGINE_get_table_flags(void) { return table_flags; } + void ENGINE_set_table_flags(unsigned int flags) { table_flags = flags; @@ -94,19 +105,21 @@ static unsigned long engine_pile_hash(const ENGINE_PILE *c) { return c->nid; } + static int engine_pile_cmp(const ENGINE_PILE *a, const ENGINE_PILE *b) { return a->nid - b->nid; } -static IMPLEMENT_LHASH_HASH_FN(engine_pile_hash, const ENGINE_PILE *) -static IMPLEMENT_LHASH_COMP_FN(engine_pile_cmp, const ENGINE_PILE *) +static IMPLEMENT_LHASH_HASH_FN(engine_pile, ENGINE_PILE) +static IMPLEMENT_LHASH_COMP_FN(engine_pile, ENGINE_PILE) + static int int_table_check(ENGINE_TABLE **t, int create) { - LHASH *lh; + LHASH_OF(ENGINE_PILE) *lh; + if(*t) return 1; if(!create) return 0; - if((lh = lh_new(LHASH_HASH_FN(engine_pile_hash), - LHASH_COMP_FN(engine_pile_cmp))) == NULL) + if((lh = lh_ENGINE_PILE_new()) == NULL) return 0; *t = (ENGINE_TABLE *)lh; return 1; @@ -130,7 +143,7 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, while(num_nids--) { tmplate.nid = *nids; - fnd = lh_retrieve(&(*table)->piles, &tmplate); + fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate); if(!fnd) { fnd = OPENSSL_malloc(sizeof(ENGINE_PILE)); @@ -144,7 +157,7 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, goto end; } fnd->funct = NULL; - lh_insert(&(*table)->piles, fnd); + (void)lh_ENGINE_PILE_insert(&(*table)->piles, fnd); } /* A registration shouldn't add duplciate entries */ (void)sk_ENGINE_delete_ptr(fnd->sk, e); @@ -173,7 +186,7 @@ end: CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); return ret; } -static void int_unregister_cb(ENGINE_PILE *pile, ENGINE *e) +static void int_unregister_cb_doall_arg(ENGINE_PILE *pile, ENGINE *e) { int n; /* Iterate the 'c->sk' stack removing any occurance of 'e' */ @@ -188,31 +201,35 @@ static void int_unregister_cb(ENGINE_PILE *pile, ENGINE *e) pile->funct = NULL; } } -static IMPLEMENT_LHASH_DOALL_ARG_FN(int_unregister_cb,ENGINE_PILE *,ENGINE *) +static IMPLEMENT_LHASH_DOALL_ARG_FN(int_unregister_cb, ENGINE_PILE, ENGINE) + void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e) { CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); if(int_table_check(table, 0)) - lh_doall_arg(&(*table)->piles, - LHASH_DOALL_ARG_FN(int_unregister_cb), e); + lh_ENGINE_PILE_doall_arg(&(*table)->piles, + LHASH_DOALL_ARG_FN(int_unregister_cb), + ENGINE, e); CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); } -static void int_cleanup_cb(ENGINE_PILE *p) +static void int_cleanup_cb_doall(ENGINE_PILE *p) { sk_ENGINE_free(p->sk); if(p->funct) engine_unlocked_finish(p->funct, 0); OPENSSL_free(p); } -static IMPLEMENT_LHASH_DOALL_FN(int_cleanup_cb,ENGINE_PILE *) +static IMPLEMENT_LHASH_DOALL_FN(int_cleanup_cb, ENGINE_PILE) + void engine_table_cleanup(ENGINE_TABLE **table) { CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); if(*table) { - lh_doall(&(*table)->piles, LHASH_DOALL_FN(int_cleanup_cb)); - lh_free(&(*table)->piles); + lh_ENGINE_PILE_doall(&(*table)->piles, + LHASH_DOALL_FN(int_cleanup_cb)); + lh_ENGINE_PILE_free(&(*table)->piles); *table = NULL; } CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); @@ -237,12 +254,13 @@ ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, in #endif return NULL; } + ERR_set_mark(); CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); /* Check again inside the lock otherwise we could race against cleanup * operations. But don't worry about a fprintf(stderr). */ if(!int_table_check(table, 0)) goto end; tmplate.nid = nid; - fnd = lh_retrieve(&(*table)->piles, &tmplate); + fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate); if(!fnd) goto end; if(fnd->funct && engine_unlocked_init(fnd->funct)) { @@ -310,6 +328,24 @@ end: CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); /* Whatever happened, any failed init()s are not failures in this * context, so clear our error state. */ - ERR_clear_error(); + ERR_pop_to_mark(); return ret; } + +/* Table enumeration */ + +static void int_cb_doall_arg(ENGINE_PILE *pile, ENGINE_PILE_DOALL *dall) + { + dall->cb(pile->nid, pile->sk, pile->funct, dall->arg); + } +static IMPLEMENT_LHASH_DOALL_ARG_FN(int_cb, ENGINE_PILE,ENGINE_PILE_DOALL) + +void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb, + void *arg) + { + ENGINE_PILE_DOALL dall; + dall.cb = cb; + dall.arg = arg; + lh_ENGINE_PILE_doall_arg(&table->piles, LHASH_DOALL_ARG_FN(int_cb), + ENGINE_PILE_DOALL, &dall); + } diff --git a/src/lib/libcrypto/engine/engine.h b/src/lib/libcrypto/engine/engine.h index f503595ece..7fbd95f634 100644 --- a/src/lib/libcrypto/engine/engine.h +++ b/src/lib/libcrypto/engine/engine.h @@ -88,16 +88,15 @@ #include #endif #include -#include #include #include #endif -#include - #include #include +#include + #ifdef __cplusplus extern "C" { #endif @@ -113,6 +112,8 @@ extern "C" { #define ENGINE_METHOD_CIPHERS (unsigned int)0x0040 #define ENGINE_METHOD_DIGESTS (unsigned int)0x0080 #define ENGINE_METHOD_STORE (unsigned int)0x0100 +#define ENGINE_METHOD_PKEY_METHS (unsigned int)0x0200 +#define ENGINE_METHOD_PKEY_ASN1_METHS (unsigned int)0x0400 /* Obvious all-or-nothing cases. */ #define ENGINE_METHOD_ALL (unsigned int)0xFFFF #define ENGINE_METHOD_NONE (unsigned int)0x0000 @@ -297,7 +298,8 @@ typedef int (*ENGINE_SSL_CLIENT_CERT_PTR)(ENGINE *, SSL *ssl, * parameter is non-NULL it is set to the size of the returned array. */ typedef int (*ENGINE_CIPHERS_PTR)(ENGINE *, const EVP_CIPHER **, const int **, int); typedef int (*ENGINE_DIGESTS_PTR)(ENGINE *, const EVP_MD **, const int **, int); - +typedef int (*ENGINE_PKEY_METHS_PTR)(ENGINE *, EVP_PKEY_METHOD **, const int **, int); +typedef int (*ENGINE_PKEY_ASN1_METHS_PTR)(ENGINE *, EVP_PKEY_ASN1_METHOD **, const int **, int); /* STRUCTURE functions ... all of these functions deal with pointers to ENGINE * structures where the pointers have a "structural reference". This means that * their reference is to allowed access to the structure but it does not imply @@ -329,19 +331,20 @@ void ENGINE_load_aep(void); void ENGINE_load_atalla(void); void ENGINE_load_chil(void); void ENGINE_load_cswift(void); -#ifndef OPENSSL_NO_GMP -void ENGINE_load_gmp(void); -#endif void ENGINE_load_nuron(void); void ENGINE_load_sureware(void); void ENGINE_load_ubsec(void); -#endif -void ENGINE_load_cryptodev(void); void ENGINE_load_padlock(void); -void ENGINE_load_builtin_engines(void); -#ifndef OPENSSL_NO_CAPIENG void ENGINE_load_capi(void); +#ifndef OPENSSL_NO_GMP +void ENGINE_load_gmp(void); +#endif +#ifndef OPENSSL_NO_GOST +void ENGINE_load_gost(void); +#endif #endif +void ENGINE_load_cryptodev(void); +void ENGINE_load_builtin_engines(void); /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation * "registry" handling. */ @@ -392,6 +395,14 @@ int ENGINE_register_digests(ENGINE *e); void ENGINE_unregister_digests(ENGINE *e); void ENGINE_register_all_digests(void); +int ENGINE_register_pkey_meths(ENGINE *e); +void ENGINE_unregister_pkey_meths(ENGINE *e); +void ENGINE_register_all_pkey_meths(void); + +int ENGINE_register_pkey_asn1_meths(ENGINE *e); +void ENGINE_unregister_pkey_asn1_meths(ENGINE *e); +void ENGINE_register_all_pkey_asn1_meths(void); + /* These functions register all support from the above categories. Note, use of * these functions can result in static linkage of code your application may not * need. If you only need a subset of functionality, consider using more @@ -471,6 +482,8 @@ int ENGINE_set_load_ssl_client_cert_function(ENGINE *e, ENGINE_SSL_CLIENT_CERT_PTR loadssl_f); int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f); int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f); +int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f); +int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f); int ENGINE_set_flags(ENGINE *e, int flags); int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); /* These functions allow control over any per-structure ENGINE data. */ @@ -507,8 +520,16 @@ ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e); ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e); ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e); ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e); +ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e); +ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e); const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid); const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid); +const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid); +const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid); +const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e, + const char *str, int len); +const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe, + const char *str, int len); const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e); int ENGINE_get_flags(const ENGINE *e); @@ -560,6 +581,8 @@ ENGINE *ENGINE_get_default_RAND(void); * ciphering or digesting corresponding to "nid". */ ENGINE *ENGINE_get_cipher_engine(int nid); ENGINE *ENGINE_get_digest_engine(int nid); +ENGINE *ENGINE_get_pkey_meth_engine(int nid); +ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid); /* This sets a new default ENGINE structure for performing RSA * operations. If the result is non-zero (success) then the ENGINE @@ -575,6 +598,8 @@ int ENGINE_set_default_DH(ENGINE *e); int ENGINE_set_default_RAND(ENGINE *e); int ENGINE_set_default_ciphers(ENGINE *e); int ENGINE_set_default_digests(ENGINE *e); +int ENGINE_set_default_pkey_meths(ENGINE *e); +int ENGINE_set_default_pkey_asn1_meths(ENGINE *e); /* The combination "set" - the flags are bitwise "OR"d from the * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()" @@ -703,7 +728,7 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id, * values. */ void *ENGINE_get_static_state(void); -#if defined(__OpenBSD__) || defined(__FreeBSD__) +#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) void ENGINE_setup_bsd_cryptodev(void); #endif @@ -732,13 +757,15 @@ void ERR_load_ENGINE_strings(void); #define ENGINE_F_ENGINE_GET_DEFAULT_TYPE 177 #define ENGINE_F_ENGINE_GET_DIGEST 186 #define ENGINE_F_ENGINE_GET_NEXT 115 +#define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH 193 +#define ENGINE_F_ENGINE_GET_PKEY_METH 192 #define ENGINE_F_ENGINE_GET_PREV 116 #define ENGINE_F_ENGINE_INIT 119 #define ENGINE_F_ENGINE_LIST_ADD 120 #define ENGINE_F_ENGINE_LIST_REMOVE 121 #define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150 #define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151 -#define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 192 +#define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 194 #define ENGINE_F_ENGINE_NEW 122 #define ENGINE_F_ENGINE_REMOVE 123 #define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189 @@ -767,6 +794,7 @@ void ERR_load_ENGINE_strings(void); #define ENGINE_R_DSO_FAILURE 104 #define ENGINE_R_DSO_NOT_FOUND 132 #define ENGINE_R_ENGINES_SECTION_ERROR 148 +#define ENGINE_R_ENGINE_CONFIGURATION_ERROR 102 #define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105 #define ENGINE_R_ENGINE_SECTION_ERROR 149 #define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128 @@ -793,6 +821,7 @@ void ERR_load_ENGINE_strings(void); #define ENGINE_R_RSA_NOT_IMPLEMENTED 141 #define ENGINE_R_UNIMPLEMENTED_CIPHER 146 #define ENGINE_R_UNIMPLEMENTED_DIGEST 147 +#define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD 101 #define ENGINE_R_VERSION_INCOMPATIBILITY 145 #ifdef __cplusplus diff --git a/src/lib/libcrypto/engine/tb_asnmth.c b/src/lib/libcrypto/engine/tb_asnmth.c new file mode 100644 index 0000000000..75090339f7 --- /dev/null +++ b/src/lib/libcrypto/engine/tb_asnmth.c @@ -0,0 +1,246 @@ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "eng_int.h" +#include "asn1_locl.h" +#include + +/* If this symbol is defined then ENGINE_get_pkey_asn1_meth_engine(), the + * function that is used by EVP to hook in pkey_asn1_meth code and cache + * defaults (etc), will display brief debugging summaries to stderr with the + * 'nid'. */ +/* #define ENGINE_PKEY_ASN1_METH_DEBUG */ + +static ENGINE_TABLE *pkey_asn1_meth_table = NULL; + +void ENGINE_unregister_pkey_asn1_meths(ENGINE *e) + { + engine_table_unregister(&pkey_asn1_meth_table, e); + } + +static void engine_unregister_all_pkey_asn1_meths(void) + { + engine_table_cleanup(&pkey_asn1_meth_table); + } + +int ENGINE_register_pkey_asn1_meths(ENGINE *e) + { + if(e->pkey_asn1_meths) + { + const int *nids; + int num_nids = e->pkey_asn1_meths(e, NULL, &nids, 0); + if(num_nids > 0) + return engine_table_register(&pkey_asn1_meth_table, + engine_unregister_all_pkey_asn1_meths, e, nids, + num_nids, 0); + } + return 1; + } + +void ENGINE_register_all_pkey_asn1_meths(void) + { + ENGINE *e; + + for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) + ENGINE_register_pkey_asn1_meths(e); + } + +int ENGINE_set_default_pkey_asn1_meths(ENGINE *e) + { + if(e->pkey_asn1_meths) + { + const int *nids; + int num_nids = e->pkey_asn1_meths(e, NULL, &nids, 0); + if(num_nids > 0) + return engine_table_register(&pkey_asn1_meth_table, + engine_unregister_all_pkey_asn1_meths, e, nids, + num_nids, 1); + } + return 1; + } + +/* Exposed API function to get a functional reference from the implementation + * table (ie. try to get a functional reference from the tabled structural + * references) for a given pkey_asn1_meth 'nid' */ +ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid) + { + return engine_table_select(&pkey_asn1_meth_table, nid); + } + +/* Obtains a pkey_asn1_meth implementation from an ENGINE functional reference */ +const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid) + { + EVP_PKEY_ASN1_METHOD *ret; + ENGINE_PKEY_ASN1_METHS_PTR fn = ENGINE_get_pkey_asn1_meths(e); + if(!fn || !fn(e, &ret, NULL, nid)) + { + ENGINEerr(ENGINE_F_ENGINE_GET_PKEY_ASN1_METH, + ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD); + return NULL; + } + return ret; + } + +/* Gets the pkey_asn1_meth callback from an ENGINE structure */ +ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e) + { + return e->pkey_asn1_meths; + } + +/* Sets the pkey_asn1_meth callback in an ENGINE structure */ +int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f) + { + e->pkey_asn1_meths = f; + return 1; + } + +/* Internal function to free up EVP_PKEY_ASN1_METHOD structures before an + * ENGINE is destroyed + */ + +void engine_pkey_asn1_meths_free(ENGINE *e) + { + int i; + EVP_PKEY_ASN1_METHOD *pkm; + if (e->pkey_asn1_meths) + { + const int *pknids; + int npknids; + npknids = e->pkey_asn1_meths(e, NULL, &pknids, 0); + for (i = 0; i < npknids; i++) + { + if (e->pkey_asn1_meths(e, &pkm, NULL, pknids[i])) + { + EVP_PKEY_asn1_free(pkm); + } + } + } + } + +/* Find a method based on a string. This does a linear search through + * all implemented algorithms. This is OK in practice because only + * a small number of algorithms are likely to be implemented in an engine + * and it is not used for speed critical operations. + */ + +const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e, + const char *str, int len) + { + int i, nidcount; + const int *nids; + EVP_PKEY_ASN1_METHOD *ameth; + if (!e->pkey_asn1_meths) + return NULL; + if (len == -1) + len = strlen(str); + nidcount = e->pkey_asn1_meths(e, NULL, &nids, 0); + for (i = 0; i < nidcount; i++) + { + e->pkey_asn1_meths(e, &ameth, NULL, nids[i]); + if (((int)strlen(ameth->pem_str) == len) && + !strncasecmp(ameth->pem_str, str, len)) + return ameth; + } + return NULL; + } + +typedef struct + { + ENGINE *e; + const EVP_PKEY_ASN1_METHOD *ameth; + const char *str; + int len; + } ENGINE_FIND_STR; + +static void look_str_cb(int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg) + { + ENGINE_FIND_STR *lk = arg; + int i; + if (lk->ameth) + return; + for (i = 0; i < sk_ENGINE_num(sk); i++) + { + ENGINE *e = sk_ENGINE_value(sk, i); + EVP_PKEY_ASN1_METHOD *ameth; + e->pkey_asn1_meths(e, &ameth, NULL, nid); + if (((int)strlen(ameth->pem_str) == lk->len) && + !strncasecmp(ameth->pem_str, lk->str, lk->len)) + { + lk->e = e; + lk->ameth = ameth; + return; + } + } + } + +const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe, + const char *str, int len) + { + ENGINE_FIND_STR fstr; + fstr.e = NULL; + fstr.ameth = NULL; + fstr.str = str; + fstr.len = len; + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + engine_table_doall(pkey_asn1_meth_table, look_str_cb, &fstr); + /* If found obtain a structural reference to engine */ + if (fstr.e) + { + fstr.e->struct_ref++; + engine_ref_debug(fstr.e, 0, 1) + } + *pe = fstr.e; + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + return fstr.ameth; + } diff --git a/src/lib/libcrypto/engine/tb_pkmeth.c b/src/lib/libcrypto/engine/tb_pkmeth.c new file mode 100644 index 0000000000..1cdb967f25 --- /dev/null +++ b/src/lib/libcrypto/engine/tb_pkmeth.c @@ -0,0 +1,167 @@ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "eng_int.h" +#include + +/* If this symbol is defined then ENGINE_get_pkey_meth_engine(), the function + * that is used by EVP to hook in pkey_meth code and cache defaults (etc), will + * display brief debugging summaries to stderr with the 'nid'. */ +/* #define ENGINE_PKEY_METH_DEBUG */ + +static ENGINE_TABLE *pkey_meth_table = NULL; + +void ENGINE_unregister_pkey_meths(ENGINE *e) + { + engine_table_unregister(&pkey_meth_table, e); + } + +static void engine_unregister_all_pkey_meths(void) + { + engine_table_cleanup(&pkey_meth_table); + } + +int ENGINE_register_pkey_meths(ENGINE *e) + { + if(e->pkey_meths) + { + const int *nids; + int num_nids = e->pkey_meths(e, NULL, &nids, 0); + if(num_nids > 0) + return engine_table_register(&pkey_meth_table, + engine_unregister_all_pkey_meths, e, nids, + num_nids, 0); + } + return 1; + } + +void ENGINE_register_all_pkey_meths() + { + ENGINE *e; + + for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) + ENGINE_register_pkey_meths(e); + } + +int ENGINE_set_default_pkey_meths(ENGINE *e) + { + if(e->pkey_meths) + { + const int *nids; + int num_nids = e->pkey_meths(e, NULL, &nids, 0); + if(num_nids > 0) + return engine_table_register(&pkey_meth_table, + engine_unregister_all_pkey_meths, e, nids, + num_nids, 1); + } + return 1; + } + +/* Exposed API function to get a functional reference from the implementation + * table (ie. try to get a functional reference from the tabled structural + * references) for a given pkey_meth 'nid' */ +ENGINE *ENGINE_get_pkey_meth_engine(int nid) + { + return engine_table_select(&pkey_meth_table, nid); + } + +/* Obtains a pkey_meth implementation from an ENGINE functional reference */ +const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid) + { + EVP_PKEY_METHOD *ret; + ENGINE_PKEY_METHS_PTR fn = ENGINE_get_pkey_meths(e); + if(!fn || !fn(e, &ret, NULL, nid)) + { + ENGINEerr(ENGINE_F_ENGINE_GET_PKEY_METH, + ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD); + return NULL; + } + return ret; + } + +/* Gets the pkey_meth callback from an ENGINE structure */ +ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e) + { + return e->pkey_meths; + } + +/* Sets the pkey_meth callback in an ENGINE structure */ +int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f) + { + e->pkey_meths = f; + return 1; + } + +/* Internal function to free up EVP_PKEY_METHOD structures before an + * ENGINE is destroyed + */ + +void engine_pkey_meths_free(ENGINE *e) + { + int i; + EVP_PKEY_METHOD *pkm; + if (e->pkey_meths) + { + const int *pknids; + int npknids; + npknids = e->pkey_meths(e, NULL, &pknids, 0); + for (i = 0; i < npknids; i++) + { + if (e->pkey_meths(e, &pkm, NULL, pknids[i])) + { + EVP_PKEY_meth_free(pkm); + } + } + } + } -- cgit v1.2.3-55-g6feb