txt_db pkcs7 pkcs12 ui kdf store property \
md2 md4 md5 sha mdc2 ml_kem hmac ripemd whrlpool poly1305 \
siphash sm3 des aes rc2 rc4 rc5 idea aria bf cast camellia \
- seed sm4 chacha modes bn ec rsa dsa dh sm2 dso engine \
+ seed sm4 chacha modes bn ec rsa dsa dh sm2 dso \
err comp http ocsp cms ts srp cmac ct async ess crmf cmp encode_decode \
ffc hpke thread lms ml_dsa slh_dsa
+++ /dev/null
-Notes on engines of 2001-09-24
-==============================
-
-This "description" (if one chooses to call it that) needed some major updating
-so here goes. This update addresses a change being made at the same time to
-OpenSSL, and it pretty much completely restructures the underlying mechanics of
-the "ENGINE" code. So it serves a double purpose of being a "ENGINE internals
-for masochists" document *and* a rather extensive commit log message. (I'd get
-lynched for sticking all this in CHANGES.md or the commit mails :-).
-
-ENGINE_TABLE underlies this restructuring, as described in the internal header
-"eng_local.h", implemented in eng_table.c, and used in each of the "class" files;
-tb_rsa.c, tb_dsa.c, etc.
-
-However, "EVP_CIPHER" underlies the motivation and design of ENGINE_TABLE so
-I'll mention a bit about that first. EVP_CIPHER (and most of this applies
-equally to EVP_MD for digests) is both a "method" and a algorithm/mode
-identifier that, in the current API, "lingers". These cipher description +
-implementation structures can be defined or obtained directly by applications,
-or can be loaded "en masse" into EVP storage so that they can be catalogued and
-searched in various ways, ie. two ways of encrypting with the "des_cbc"
-algorithm/mode pair are;
-
- (i) directly;
- const EVP_CIPHER *cipher = EVP_des_cbc();
- EVP_EncryptInit(&ctx, cipher, key, iv);
- [ ... use EVP_EncryptUpdate() and EVP_EncryptFinal() ...]
-
- (ii) indirectly;
- OpenSSL_add_all_ciphers();
- cipher = EVP_get_cipherbyname("des_cbc");
- EVP_EncryptInit(&ctx, cipher, key, iv);
- [ ... etc ... ]
-
-The latter is more generally used because it also allows ciphers/digests to be
-looked up based on other identifiers which can be useful for automatic cipher
-selection, eg. in SSL/TLS, or by user-controllable configuration.
-
-The important point about this is that EVP_CIPHER definitions and structures are
-passed around with impunity and there is no safe way, without requiring massive
-rewrites of many applications, to assume that EVP_CIPHERs can be reference
-counted. One an EVP_CIPHER is exposed to the caller, neither it nor anything it
-comes from can "safely" be destroyed. Unless of course the way of getting to
-such ciphers is via entirely distinct API calls that didn't exist before.
-However existing API usage cannot be made to understand when an EVP_CIPHER
-pointer, that has been passed to the caller, is no longer being used.
-
-The other problem with the existing API w.r.t. to hooking EVP_CIPHER support
-into ENGINE is storage - the OBJ_NAME-based storage used by EVP to register
-ciphers simultaneously registers cipher *types* and cipher *implementations* -
-they are effectively the same thing, an "EVP_CIPHER" pointer. The problem with
-hooking in ENGINEs is that multiple ENGINEs may implement the same ciphers. The
-solution is necessarily that ENGINE-provided ciphers simply are not registered,
-stored, or exposed to the caller in the same manner as existing ciphers. This is
-especially necessary considering the fact ENGINE uses reference counts to allow
-for cleanup, modularity, and DSO support - yet EVP_CIPHERs, as exposed to
-callers in the current API, support no such controls.
-
-Another sticking point for integrating cipher support into ENGINE is linkage.
-Already there is a problem with the way ENGINE supports RSA, DSA, etc whereby
-they are available *because* they're part of a giant ENGINE called "openssl".
-Ie. all implementations *have* to come from an ENGINE, but we get round that by
-having a giant ENGINE with all the software support encapsulated. This creates
-linker hassles if nothing else - linking a 1-line application that calls 2 basic
-RSA functions (eg. "RSA_free(RSA_new());") will result in large quantities of
-ENGINE code being linked in *and* because of that DSA, DH, and RAND also. If we
-continue with this approach for EVP_CIPHER support (even if it *was* possible)
-we would lose our ability to link selectively by selectively loading certain
-implementations of certain functionality. Touching any part of any kind of
-crypto would result in massive static linkage of everything else. So the
-solution is to change the way ENGINE feeds existing "classes", ie. how the
-hooking to ENGINE works from RSA, DSA, DH, RAND, as well as adding new hooking
-for EVP_CIPHER, and EVP_MD.
-
-The way this is now being done is by mostly reverting back to how things used to
-work prior to ENGINE :-). Ie. RSA now has a "RSA_METHOD" pointer again - this
-was previously replaced by an "ENGINE" pointer and all RSA code that required
-the RSA_METHOD would call ENGINE_get_RSA() each time on its ENGINE handle to
-temporarily get and use the ENGINE's RSA implementation. Apart from being more
-efficient, switching back to each RSA having an RSA_METHOD pointer also allows
-us to conceivably operate with *no* ENGINE. As we'll see, this removes any need
-for a fallback ENGINE that encapsulates default implementations - we can simply
-have our RSA structure pointing its RSA_METHOD pointer to the software
-implementation and have its ENGINE pointer set to NULL.
-
-A look at the EVP_CIPHER hooking is most explanatory, the RSA, DSA (etc) cases
-turn out to be degenerate forms of the same thing. The EVP storage of ciphers,
-and the existing EVP API functions that return "software" implementations and
-descriptions remain untouched. However, the storage takes more meaning in terms
-of "cipher description" and less meaning in terms of "implementation". When an
-EVP_CIPHER_CTX is actually initialised with an EVP_CIPHER method and is about to
-begin en/decryption, the hooking to ENGINE comes into play. What happens is that
-cipher-specific ENGINE code is asked for an ENGINE pointer (a functional
-reference) for any ENGINE that is registered to perform the algo/mode that the
-provided EVP_CIPHER structure represents. Under normal circumstances, that
-ENGINE code will return NULL because no ENGINEs will have had any cipher
-implementations *registered*. As such, a NULL ENGINE pointer is stored in the
-EVP_CIPHER_CTX context, and the EVP_CIPHER structure is left hooked into the
-context and so is used as the implementation. Pretty much how things work now
-except we'd have a redundant ENGINE pointer set to NULL and doing nothing.
-
-Conversely, if an ENGINE *has* been registered to perform the algorithm/mode
-combination represented by the provided EVP_CIPHER, then a functional reference
-to that ENGINE will be returned to the EVP_CIPHER_CTX during initialisation.
-That functional reference will be stored in the context (and released on
-cleanup) - and having that reference provides a *safe* way to use an EVP_CIPHER
-definition that is private to the ENGINE. Ie. the EVP_CIPHER provided by the
-application will actually be replaced by an EVP_CIPHER from the registered
-ENGINE - it will support the same algorithm/mode as the original but will be a
-completely different implementation. Because this EVP_CIPHER isn't stored in the
-EVP storage, nor is it returned to applications from traditional API functions,
-there is no associated problem with it not having reference counts. And of
-course, when one of these "private" cipher implementations is hooked into
-EVP_CIPHER_CTX, it is done whilst the EVP_CIPHER_CTX holds a functional
-reference to the ENGINE that owns it, thus the use of the ENGINE's EVP_CIPHER is
-safe.
-
-The "cipher-specific ENGINE code" I mentioned is implemented in tb_cipher.c but
-in essence it is simply an instantiation of "ENGINE_TABLE" code for use by
-EVP_CIPHER code. tb_digest.c is virtually identical but, of course, it is for
-use by EVP_MD code. Ditto for tb_rsa.c, tb_dsa.c, etc. These instantiations of
-ENGINE_TABLE essentially provide linker-separation of the classes so that even
-if ENGINEs implement *all* possible algorithms, an application using only
-EVP_CIPHER code will link at most code relating to EVP_CIPHER, tb_cipher.c, core
-ENGINE code that is independent of class, and of course the ENGINE
-implementation that the application loaded. It will *not* however link any
-class-specific ENGINE code for digests, RSA, etc nor will it bleed over into
-other APIs, such as the RSA/DSA/etc library code.
-
-ENGINE_TABLE is a little more complicated than may seem necessary but this is
-mostly to avoid a lot of "init()"-thrashing on ENGINEs (that may have to load
-DSOs, and other expensive setup that shouldn't be thrashed unnecessarily) *and*
-to duplicate "default" behaviour. Basically an ENGINE_TABLE instantiation, for
-example tb_cipher.c, implements a hash-table keyed by integer "nid" values.
-These nids provide the uniquenness of an algorithm/mode - and each nid will hash
-to a potentially NULL "ENGINE_PILE". An ENGINE_PILE is essentially a list of
-pointers to ENGINEs that implement that particular 'nid'. Each "pile" uses some
-caching tricks such that requests on that 'nid' will be cached and all future
-requests will return immediately (well, at least with minimal operation) unless
-a change is made to the pile, eg. perhaps an ENGINE was unloaded. The reason is
-that an application could have support for 10 ENGINEs statically linked
-in, and the machine in question may not have any of the hardware those 10
-ENGINEs support. If each of those ENGINEs has a "des_cbc" implementation, we
-want to avoid every EVP_CIPHER_CTX setup from trying (and failing) to initialise
-each of those 10 ENGINEs. Instead, the first such request will try to do that
-and will either return (and cache) a NULL ENGINE pointer or will return a
-functional reference to the first that successfully initialised. In the latter
-case it will also cache an extra functional reference to the ENGINE as a
-"default" for that 'nid'. The caching is acknowledged by a 'uptodate' variable
-that is unset only if un/registration takes place on that pile. Ie. if
-implementations of "des_cbc" are added or removed. This behaviour can be
-tweaked; the ENGINE_TABLE_FLAG_NOINIT value can be passed to
-ENGINE_set_table_flags(), in which case the only ENGINEs that tb_cipher.c will
-try to initialise from the "pile" will be those that are already initialised
-(ie. it's simply an increment of the functional reference count, and no real
-"initialisation" will take place).
-
-RSA, DSA, DH, and RAND all have their own ENGINE_TABLE code as well, and the
-difference is that they all use an implicit 'nid' of 1. Whereas EVP_CIPHERs are
-actually qualitatively different depending on 'nid' (the "des_cbc" EVP_CIPHER is
-not an interoperable implementation of "aes_256_cbc"), RSA_METHODs are
-necessarily interoperable and don't have different flavours, only different
-implementations. In other words, the ENGINE_TABLE for RSA will either be empty,
-or will have a single ENGINE_PILE hashed to by the 'nid' 1 and that pile
-represents ENGINEs that implement the single "type" of RSA there is.
-
-Cleanup - the registration and unregistration may pose questions about how
-cleanup works with the ENGINE_PILE doing all this caching nonsense (ie. when the
-application or EVP_CIPHER code releases its last reference to an ENGINE, the
-ENGINE_PILE code may still have references and thus those ENGINEs will stay
-hooked in forever). The way this is handled is via "unregistration". With these
-new ENGINE changes, an abstract ENGINE can be loaded and initialised, but that
-is an algorithm-agnostic process. Even if initialised, it will not have
-registered any of its implementations (to do so would link all class "table"
-code despite the fact the application may use only ciphers, for example). This
-is deliberately a distinct step. Moreover, registration and unregistration has
-nothing to do with whether an ENGINE is *functional* or not (ie. you can even
-register an ENGINE and its implementations without it being operational, you may
-not even have the drivers to make it operate). What actually happens with
-respect to cleanup is managed inside eng_lib.c with the `engine_cleanup_***`
-functions. These functions are internal-only and each part of ENGINE code that
-could require cleanup will, upon performing its first allocation, register a
-callback with the "engine_cleanup" code. The other part of this that makes it
-tick is that the ENGINE_TABLE instantiations (tb_***.c) use NULL as their
-initialised state. So if RSA code asks for an ENGINE and no ENGINE has
-registered an implementation, the code will simply return NULL and the tb_rsa.c
-state will be unchanged. Thus, no cleanup is required unless registration takes
-place. ENGINE_cleanup() will simply iterate across a list of registered cleanup
-callbacks calling each in turn, and will then internally delete its own storage
-(a STACK). When a cleanup callback is next registered (eg. if the cleanup() is
-part of a graceful restart and the application wants to cleanup all state then
-start again), the internal STACK storage will be freshly allocated. This is much
-the same as the situation in the ENGINE_TABLE instantiations ... NULL is the
-initialised state, so only modification operations (not queries) will cause that
-code to have to register a cleanup.
-
-What else? The bignum callbacks and associated ENGINE functions have been
-removed for two obvious reasons; (i) there was no way to generalise them to the
-mechanism now used by RSA/DSA/..., because there's no such thing as a BIGNUM
-method, and (ii) because of (i), there was no meaningful way for library or
-application code to automatically hook and use ENGINE supplied bignum functions
-anyway. Also, ENGINE_cpy() has been removed (although an internal-only version
-exists) - the idea of providing an ENGINE_cpy() function probably wasn't a good
-one and now certainly doesn't make sense in any generalised way. Some of the
-RSA, DSA, DH, and RAND functions that were fiddled during the original ENGINE
-changes have now, as a consequence, been reverted back. This is because the
-hooking of ENGINE is now automatic (and passive, it can internally use a NULL
-ENGINE pointer to simply ignore ENGINE from then on).
-
-Hell, that should be enough for now ... comments welcome.
+++ /dev/null
-LIBS=../../libcrypto
-SOURCE[../../libcrypto]=\
- eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \
- eng_table.c eng_pkey.c eng_fat.c eng_all.c \
- tb_rsa.c tb_dsa.c tb_dh.c tb_rand.c \
- tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c tb_eckey.c \
- eng_openssl.c eng_cnf.c eng_dyn.c \
- eng_rdrand.c
+++ /dev/null
-/*
- * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include "internal/cryptlib.h"
-#include "eng_local.h"
-
-void ENGINE_load_builtin_engines(void)
-{
- OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL);
-}
-
-#ifndef OPENSSL_NO_DEPRECATED_1_1_0
-# if (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__))
-void ENGINE_setup_bsd_cryptodev(void)
-{
-}
-# endif
-#endif
+++ /dev/null
-/*
- * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/* We need to use some engine deprecated APIs */
-#define OPENSSL_SUPPRESS_DEPRECATED
-
-#include "eng_local.h"
-#include <openssl/conf.h>
-#include <openssl/trace.h>
-
-/* ENGINE config module */
-
-static const char *skip_dot(const char *name)
-{
- const char *p = strchr(name, '.');
-
- if (p != NULL)
- return p + 1;
- return name;
-}
-
-static STACK_OF(ENGINE) *initialized_engines = NULL;
-
-static int int_engine_init(ENGINE *e)
-{
- if (!ENGINE_init(e))
- return 0;
- if (!initialized_engines)
- initialized_engines = sk_ENGINE_new_null();
- if (!initialized_engines || !sk_ENGINE_push(initialized_engines, e)) {
- ENGINE_finish(e);
- return 0;
- }
- return 1;
-}
-
-static int int_engine_configure(const char *name, const char *value, const CONF *cnf)
-{
- int i;
- int ret = 0;
- long do_init = -1;
- STACK_OF(CONF_VALUE) *ecmds;
- CONF_VALUE *ecmd = NULL;
- const char *ctrlname, *ctrlvalue;
- ENGINE *e = NULL;
- int soft = 0;
-
- name = skip_dot(name);
- OSSL_TRACE1(CONF, "Configuring engine %s\n", name);
- /* Value is a section containing ENGINE commands */
- ecmds = NCONF_get_section(cnf, value);
-
- if (!ecmds) {
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_ENGINE_SECTION_ERROR);
- return 0;
- }
-
- for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) {
- ecmd = sk_CONF_VALUE_value(ecmds, i);
- ctrlname = skip_dot(ecmd->name);
- ctrlvalue = ecmd->value;
- OSSL_TRACE2(CONF, "ENGINE: doing ctrl(%s,%s)\n",
- ctrlname, ctrlvalue);
-
- /* First handle some special pseudo ctrls */
-
- /* Override engine name to use */
- if (strcmp(ctrlname, "engine_id") == 0)
- name = ctrlvalue;
- else if (strcmp(ctrlname, "soft_load") == 0)
- soft = 1;
- /* Load a dynamic ENGINE */
- else if (strcmp(ctrlname, "dynamic_path") == 0) {
- e = ENGINE_by_id("dynamic");
- if (!e)
- goto err;
- if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", ctrlvalue, 0))
- goto err;
- if (!ENGINE_ctrl_cmd_string(e, "LIST_ADD", "2", 0))
- goto err;
- if (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
- goto err;
- }
- /* ... add other pseudos here ... */
- else {
- /*
- * At this point we need an ENGINE structural reference if we
- * don't already have one.
- */
- if (!e) {
- e = ENGINE_by_id(name);
- if (!e && soft) {
- ERR_clear_error();
- return 1;
- }
- if (!e)
- goto err;
- }
- /*
- * Allow "EMPTY" to mean no value: this allows a valid "value" to
- * be passed to ctrls of type NO_INPUT
- */
- if (strcmp(ctrlvalue, "EMPTY") == 0)
- ctrlvalue = NULL;
- if (strcmp(ctrlname, "init") == 0) {
- if (!NCONF_get_number_e(cnf, value, "init", &do_init))
- goto err;
- if (do_init == 1) {
- if (!int_engine_init(e))
- goto err;
- } else if (do_init != 0) {
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INVALID_INIT_VALUE);
- goto err;
- }
- } else if (strcmp(ctrlname, "default_algorithms") == 0) {
- if (!ENGINE_set_default_string(e, ctrlvalue))
- goto err;
- } else if (!ENGINE_ctrl_cmd_string(e, ctrlname, ctrlvalue, 0))
- goto err;
- }
-
- }
- if (e && (do_init == -1) && !int_engine_init(e)) {
- ecmd = NULL;
- goto err;
- }
- ret = 1;
- err:
- if (ret != 1) {
- if (ecmd == NULL)
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_ENGINE_CONFIGURATION_ERROR);
- else
- ERR_raise_data(ERR_LIB_ENGINE, ENGINE_R_ENGINE_CONFIGURATION_ERROR,
- "section=%s, name=%s, value=%s",
- ecmd->section, ecmd->name, ecmd->value);
- }
- ENGINE_free(e);
- return ret;
-}
-
-static int int_engine_module_init(CONF_IMODULE *md, const CONF *cnf)
-{
- STACK_OF(CONF_VALUE) *elist;
- CONF_VALUE *cval;
- int i;
- OSSL_TRACE2(CONF, "Called engine module: name %s, value %s\n",
- CONF_imodule_get_name(md), CONF_imodule_get_value(md));
- /* Value is a section containing ENGINEs to configure */
- elist = NCONF_get_section(cnf, CONF_imodule_get_value(md));
-
- if (!elist) {
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_ENGINES_SECTION_ERROR);
- return 0;
- }
-
- for (i = 0; i < sk_CONF_VALUE_num(elist); i++) {
- cval = sk_CONF_VALUE_value(elist, i);
- if (!int_engine_configure(cval->name, cval->value, cnf))
- return 0;
- }
-
- return 1;
-}
-
-static void int_engine_module_finish(CONF_IMODULE *md)
-{
- ENGINE *e;
-
- while ((e = sk_ENGINE_pop(initialized_engines)))
- ENGINE_finish(e);
- sk_ENGINE_free(initialized_engines);
- initialized_engines = NULL;
-}
-
-void ENGINE_add_conf_module(void)
-{
- CONF_module_add("engines",
- int_engine_module_init, int_engine_module_finish);
-}
+++ /dev/null
-/*
- * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/* We need to use some engine deprecated APIs */
-#define OPENSSL_SUPPRESS_DEPRECATED
-
-#include "eng_local.h"
-
-/*
- * When querying a ENGINE-specific control command's 'description', this
- * string is used if the ENGINE_CMD_DEFN has cmd_desc set to NULL.
- */
-static const char *int_no_description = "";
-
-/*
- * These internal functions handle 'CMD'-related control commands when the
- * ENGINE in question has asked us to take care of it (ie. the ENGINE did not
- * set the ENGINE_FLAGS_MANUAL_CMD_CTRL flag.
- */
-
-static int int_ctrl_cmd_is_null(const ENGINE_CMD_DEFN *defn)
-{
- if ((defn->cmd_num == 0) || (defn->cmd_name == NULL))
- return 1;
- return 0;
-}
-
-static int int_ctrl_cmd_by_name(const ENGINE_CMD_DEFN *defn, const char *s)
-{
- int idx = 0;
- while (!int_ctrl_cmd_is_null(defn) && (strcmp(defn->cmd_name, s) != 0)) {
- idx++;
- defn++;
- }
- if (int_ctrl_cmd_is_null(defn))
- /* The given name wasn't found */
- return -1;
- return idx;
-}
-
-static int int_ctrl_cmd_by_num(const ENGINE_CMD_DEFN *defn, unsigned int num)
-{
- int idx = 0;
- /*
- * NB: It is stipulated that 'cmd_defn' lists are ordered by cmd_num. So
- * our searches don't need to take any longer than necessary.
- */
- while (!int_ctrl_cmd_is_null(defn) && (defn->cmd_num < num)) {
- idx++;
- defn++;
- }
- if (defn->cmd_num == num)
- return idx;
- /* The given cmd_num wasn't found */
- return -1;
-}
-
-static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p,
- void (*f) (void))
-{
- int idx;
- char *s = (char *)p;
- const ENGINE_CMD_DEFN *cdp;
-
- /* Take care of the easy one first (eg. it requires no searches) */
- if (cmd == ENGINE_CTRL_GET_FIRST_CMD_TYPE) {
- if ((e->cmd_defns == NULL) || int_ctrl_cmd_is_null(e->cmd_defns))
- return 0;
- return e->cmd_defns->cmd_num;
- }
- /* One or two commands require that "p" be a valid string buffer */
- if ((cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) ||
- (cmd == ENGINE_CTRL_GET_NAME_FROM_CMD) ||
- (cmd == ENGINE_CTRL_GET_DESC_FROM_CMD)) {
- if (s == NULL) {
- ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER);
- return -1;
- }
- }
- /* Now handle cmd_name -> cmd_num conversion */
- if (cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) {
- if ((e->cmd_defns == NULL)
- || ((idx = int_ctrl_cmd_by_name(e->cmd_defns, s)) < 0)) {
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INVALID_CMD_NAME);
- return -1;
- }
- return e->cmd_defns[idx].cmd_num;
- }
- /*
- * For the rest of the commands, the 'long' argument must specify a valid
- * command number - so we need to conduct a search.
- */
- if ((e->cmd_defns == NULL)
- || ((idx = int_ctrl_cmd_by_num(e->cmd_defns, (unsigned int)i)) < 0)) {
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INVALID_CMD_NUMBER);
- return -1;
- }
- /* Now the logic splits depending on command type */
- cdp = &e->cmd_defns[idx];
- switch (cmd) {
- case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
- cdp++;
- return int_ctrl_cmd_is_null(cdp) ? 0 : cdp->cmd_num;
- case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
- return (int)strlen(cdp->cmd_name);
- case ENGINE_CTRL_GET_NAME_FROM_CMD:
- return (int)strlen(strcpy(s, cdp->cmd_name));
- case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
- return (int)strlen(cdp->cmd_desc == NULL ? int_no_description
- : cdp->cmd_desc);
- case ENGINE_CTRL_GET_DESC_FROM_CMD:
- return (int)strlen(strcpy(s, cdp->cmd_desc == NULL ? int_no_description
- : cdp->cmd_desc));
- case ENGINE_CTRL_GET_CMD_FLAGS:
- return cdp->cmd_flags;
- }
- /* Shouldn't really be here ... */
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INTERNAL_LIST_ERROR);
- return -1;
-}
-
-int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
-{
- int ctrl_exists;
-
- if (e == NULL) {
- ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
-
- ctrl_exists = ((e->ctrl == NULL) ? 0 : 1);
-
- /*
- * Intercept any "root-level" commands before trying to hand them on to
- * ctrl() handlers.
- */
- switch (cmd) {
- case ENGINE_CTRL_HAS_CTRL_FUNCTION:
- return ctrl_exists;
- case ENGINE_CTRL_GET_FIRST_CMD_TYPE:
- case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
- case ENGINE_CTRL_GET_CMD_FROM_NAME:
- case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
- case ENGINE_CTRL_GET_NAME_FROM_CMD:
- case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
- case ENGINE_CTRL_GET_DESC_FROM_CMD:
- case ENGINE_CTRL_GET_CMD_FLAGS:
- if (ctrl_exists && !(e->flags & ENGINE_FLAGS_MANUAL_CMD_CTRL))
- return int_ctrl_helper(e, cmd, i, p, f);
- if (!ctrl_exists) {
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_NO_CONTROL_FUNCTION);
- /*
- * For these cmd-related functions, failure is indicated by a -1
- * return value (because 0 is used as a valid return in some
- * places).
- */
- return -1;
- }
- default:
- break;
- }
- /* Anything else requires a ctrl() handler to exist. */
- if (!ctrl_exists) {
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_NO_CONTROL_FUNCTION);
- return 0;
- }
- return e->ctrl(e, cmd, i, p, f);
-}
-
-int ENGINE_cmd_is_executable(ENGINE *e, int cmd)
-{
- int flags;
- if ((flags =
- ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, cmd, NULL, NULL)) < 0) {
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INVALID_CMD_NUMBER);
- return 0;
- }
- if (!(flags & ENGINE_CMD_FLAG_NO_INPUT) &&
- !(flags & ENGINE_CMD_FLAG_NUMERIC) &&
- !(flags & ENGINE_CMD_FLAG_STRING))
- return 0;
- return 1;
-}
-
-int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
- long i, void *p, void (*f) (void), int cmd_optional)
-{
- int num;
-
- if (e == NULL || cmd_name == NULL) {
- ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if (e->ctrl == NULL
- || (num = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FROM_NAME,
- 0, (void *)cmd_name, NULL)) <= 0) {
- /*
- * If the command didn't *have* to be supported, we fake success.
- * This allows certain settings to be specified for multiple ENGINEs
- * and only require a change of ENGINE id (without having to
- * selectively apply settings). Eg. changing from a hardware device
- * back to the regular software ENGINE without editing the config
- * file, etc.
- */
- if (cmd_optional) {
- ERR_clear_error();
- return 1;
- }
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INVALID_CMD_NAME);
- return 0;
- }
- /*
- * Force the result of the control command to 0 or 1, for the reasons
- * mentioned before.
- */
- if (ENGINE_ctrl(e, num, i, p, f) > 0)
- return 1;
- return 0;
-}
-
-int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
- int cmd_optional)
-{
- int num, flags;
- long l;
- char *ptr;
-
- if (e == NULL || cmd_name == NULL) {
- ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if (e->ctrl == NULL
- || (num = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FROM_NAME,
- 0, (void *)cmd_name, NULL)) <= 0) {
- /*
- * If the command didn't *have* to be supported, we fake success.
- * This allows certain settings to be specified for multiple ENGINEs
- * and only require a change of ENGINE id (without having to
- * selectively apply settings). Eg. changing from a hardware device
- * back to the regular software ENGINE without editing the config
- * file, etc.
- */
- if (cmd_optional) {
- ERR_clear_error();
- return 1;
- }
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INVALID_CMD_NAME);
- return 0;
- }
- if (!ENGINE_cmd_is_executable(e, num)) {
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_CMD_NOT_EXECUTABLE);
- return 0;
- }
-
- flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, NULL, NULL);
- if (flags < 0) {
- /*
- * Shouldn't happen, given that ENGINE_cmd_is_executable() returned
- * success.
- */
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INTERNAL_LIST_ERROR);
- return 0;
- }
- /*
- * If the command takes no input, there must be no input. And vice versa.
- */
- if (flags & ENGINE_CMD_FLAG_NO_INPUT) {
- if (arg != NULL) {
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_COMMAND_TAKES_NO_INPUT);
- return 0;
- }
- /*
- * We deliberately force the result of ENGINE_ctrl() to 0 or 1 rather
- * than returning it as "return data". This is to ensure usage of
- * these commands is consistent across applications and that certain
- * applications don't understand it one way, and others another.
- */
- if (ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
- return 1;
- return 0;
- }
- /* So, we require input */
- if (arg == NULL) {
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_COMMAND_TAKES_INPUT);
- return 0;
- }
- /* If it takes string input, that's easy */
- if (flags & ENGINE_CMD_FLAG_STRING) {
- /* Same explanation as above */
- if (ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
- return 1;
- return 0;
- }
- /*
- * If it doesn't take numeric either, then it is unsupported for use in a
- * config-setting situation, which is what this function is for. This
- * should never happen though, because ENGINE_cmd_is_executable() was
- * used.
- */
- if (!(flags & ENGINE_CMD_FLAG_NUMERIC)) {
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INTERNAL_LIST_ERROR);
- return 0;
- }
- l = strtol(arg, &ptr, 10);
- if ((arg == ptr) || (*ptr != '\0')) {
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER);
- return 0;
- }
- /*
- * Force the result of the control command to 0 or 1, for the reasons
- * mentioned before.
- */
- if (ENGINE_ctrl(e, num, l, NULL, NULL) > 0)
- return 1;
- return 0;
-}
+++ /dev/null
-/*
- * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/* We need to use some engine deprecated APIs */
-#define OPENSSL_SUPPRESS_DEPRECATED
-
-#include "eng_local.h"
-#include "internal/dso.h"
-#include <openssl/crypto.h>
-
-/*
- * Shared libraries implementing ENGINEs for use by the "dynamic" ENGINE
- * loader should implement the hook-up functions with the following
- * prototypes.
- */
-
-/* Our ENGINE handlers */
-static int dynamic_init(ENGINE *e);
-static int dynamic_finish(ENGINE *e);
-static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p,
- void (*f) (void));
-/* Predeclare our context type */
-typedef struct st_dynamic_data_ctx dynamic_data_ctx;
-/* The implementation for the important control command */
-static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx);
-
-#define DYNAMIC_CMD_SO_PATH ENGINE_CMD_BASE
-#define DYNAMIC_CMD_NO_VCHECK (ENGINE_CMD_BASE + 1)
-#define DYNAMIC_CMD_ID (ENGINE_CMD_BASE + 2)
-#define DYNAMIC_CMD_LIST_ADD (ENGINE_CMD_BASE + 3)
-#define DYNAMIC_CMD_DIR_LOAD (ENGINE_CMD_BASE + 4)
-#define DYNAMIC_CMD_DIR_ADD (ENGINE_CMD_BASE + 5)
-#define DYNAMIC_CMD_LOAD (ENGINE_CMD_BASE + 6)
-
-/* The constants used when creating the ENGINE */
-static const char *engine_dynamic_id = "dynamic";
-static const char *engine_dynamic_name = "Dynamic engine loading support";
-static const ENGINE_CMD_DEFN dynamic_cmd_defns[] = {
- {DYNAMIC_CMD_SO_PATH,
- "SO_PATH",
- "Specifies the path to the new ENGINE shared library",
- ENGINE_CMD_FLAG_STRING},
- {DYNAMIC_CMD_NO_VCHECK,
- "NO_VCHECK",
- "Specifies to continue even if version checking fails (boolean)",
- ENGINE_CMD_FLAG_NUMERIC},
- {DYNAMIC_CMD_ID,
- "ID",
- "Specifies an ENGINE id name for loading",
- ENGINE_CMD_FLAG_STRING},
- {DYNAMIC_CMD_LIST_ADD,
- "LIST_ADD",
- "Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)",
- ENGINE_CMD_FLAG_NUMERIC},
- {DYNAMIC_CMD_DIR_LOAD,
- "DIR_LOAD",
- "Specifies whether to load from 'DIR_ADD' directories (0=no,1=yes,2=mandatory)",
- ENGINE_CMD_FLAG_NUMERIC},
- {DYNAMIC_CMD_DIR_ADD,
- "DIR_ADD",
- "Adds a directory from which ENGINEs can be loaded",
- ENGINE_CMD_FLAG_STRING},
- {DYNAMIC_CMD_LOAD,
- "LOAD",
- "Load up the ENGINE specified by other settings",
- ENGINE_CMD_FLAG_NO_INPUT},
- {0, NULL, NULL, 0}
-};
-
-/*
- * Loading code stores state inside the ENGINE structure via the "ex_data"
- * element. We load all our state into a single structure and use that as a
- * single context in the "ex_data" stack.
- */
-struct st_dynamic_data_ctx {
- /* The DSO object we load that supplies the ENGINE code */
- DSO *dynamic_dso;
- /*
- * The function pointer to the version checking shared library function
- */
- dynamic_v_check_fn v_check;
- /*
- * The function pointer to the engine-binding shared library function
- */
- dynamic_bind_engine bind_engine;
- /* The default name/path for loading the shared library */
- char *DYNAMIC_LIBNAME;
- /* Whether to continue loading on a version check failure */
- int no_vcheck;
- /* If non-NULL, stipulates the 'id' of the ENGINE to be loaded */
- char *engine_id;
- /*
- * If non-zero, a successfully loaded ENGINE should be added to the
- * internal ENGINE list. If 2, the add must succeed or the entire load
- * should fail.
- */
- int list_add_value;
- /* The symbol name for the version checking function */
- const char *DYNAMIC_F1;
- /* The symbol name for the "initialise ENGINE structure" function */
- const char *DYNAMIC_F2;
- /*
- * Whether to never use 'dirs', use 'dirs' as a fallback, or only use
- * 'dirs' for loading. Default is to use 'dirs' as a fallback.
- */
- int dir_load;
- /* A stack of directories from which ENGINEs could be loaded */
- STACK_OF(OPENSSL_STRING) *dirs;
-};
-
-/*
- * This is the "ex_data" index we obtain and reserve for use with our context
- * structure.
- */
-static int dynamic_ex_data_idx = -1;
-
-static void int_free_str(char *s)
-{
- OPENSSL_free(s);
-}
-
-/*
- * Because our ex_data element may or may not get allocated depending on
- * whether a "first-use" occurs before the ENGINE is freed, we have a memory
- * leak problem to solve. We can't declare a "new" handler for the ex_data as
- * we don't want a dynamic_data_ctx in *all* ENGINE structures of all types
- * (this is a bug in the design of CRYPTO_EX_DATA). As such, we just declare
- * a "free" handler and that will get called if an ENGINE is being destroyed
- * and there was an ex_data element corresponding to our context type.
- */
-static void dynamic_data_ctx_free_func(void *parent, void *ptr,
- CRYPTO_EX_DATA *ad, int idx, long argl,
- void *argp)
-{
- if (ptr) {
- dynamic_data_ctx *ctx = (dynamic_data_ctx *)ptr;
- DSO_free(ctx->dynamic_dso);
- OPENSSL_free(ctx->DYNAMIC_LIBNAME);
- OPENSSL_free(ctx->engine_id);
- sk_OPENSSL_STRING_pop_free(ctx->dirs, int_free_str);
- OPENSSL_free(ctx);
- }
-}
-
-/*
- * Construct the per-ENGINE context. We create it blindly and then use a lock
- * to check for a race - if so, all but one of the threads "racing" will have
- * wasted their time. The alternative involves creating everything inside the
- * lock which is far worse.
- */
-static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx)
-{
- dynamic_data_ctx *c = OPENSSL_zalloc(sizeof(*c));
- int ret = 0;
-
- if (c == NULL)
- return 0;
- c->dirs = sk_OPENSSL_STRING_new_null();
- if (c->dirs == NULL) {
- ERR_raise(ERR_LIB_ENGINE, ERR_R_CRYPTO_LIB);
- goto end;
- }
- c->DYNAMIC_F1 = "v_check";
- c->DYNAMIC_F2 = "bind_engine";
- c->dir_load = 1;
- if (!CRYPTO_THREAD_write_lock(global_engine_lock))
- goto end;
- if ((*ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e,
- dynamic_ex_data_idx))
- == NULL) {
- /* Good, we're the first */
- ret = ENGINE_set_ex_data(e, dynamic_ex_data_idx, c);
- if (ret) {
- *ctx = c;
- c = NULL;
- }
- }
- CRYPTO_THREAD_unlock(global_engine_lock);
- ret = 1;
- /*
- * If we lost the race to set the context, c is non-NULL and *ctx is the
- * context of the thread that won.
- */
-end:
- if (c != NULL)
- sk_OPENSSL_STRING_free(c->dirs);
- OPENSSL_free(c);
- return ret;
-}
-
-/*
- * This function retrieves the context structure from an ENGINE's "ex_data",
- * or if it doesn't exist yet, sets it up.
- */
-static dynamic_data_ctx *dynamic_get_data_ctx(ENGINE *e)
-{
- dynamic_data_ctx *ctx;
- if (dynamic_ex_data_idx < 0) {
- /*
- * Create and register the ENGINE ex_data, and associate our "free"
- * function with it to ensure any allocated contexts get freed when
- * an ENGINE goes underground.
- */
- int new_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL,
- dynamic_data_ctx_free_func);
- if (new_idx == -1) {
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_NO_INDEX);
- return NULL;
- }
- if (!CRYPTO_THREAD_write_lock(global_engine_lock))
- return NULL;
- /* Avoid a race by checking again inside this lock */
- if (dynamic_ex_data_idx < 0) {
- /* Good, someone didn't beat us to it */
- dynamic_ex_data_idx = new_idx;
- new_idx = -1;
- }
- CRYPTO_THREAD_unlock(global_engine_lock);
- /*
- * In theory we could "give back" the index here if (new_idx>-1), but
- * it's not possible and wouldn't gain us much if it were.
- */
- }
- ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, dynamic_ex_data_idx);
- /* Check if the context needs to be created */
- if ((ctx == NULL) && !dynamic_set_data_ctx(e, &ctx))
- /* "set_data" will set errors if necessary */
- return NULL;
- return ctx;
-}
-
-static ENGINE *engine_dynamic(void)
-{
- ENGINE *ret = ENGINE_new();
- if (ret == NULL)
- return NULL;
- if (!ENGINE_set_id(ret, engine_dynamic_id) ||
- !ENGINE_set_name(ret, engine_dynamic_name) ||
- !ENGINE_set_init_function(ret, dynamic_init) ||
- !ENGINE_set_finish_function(ret, dynamic_finish) ||
- !ENGINE_set_ctrl_function(ret, dynamic_ctrl) ||
- !ENGINE_set_flags(ret, ENGINE_FLAGS_BY_ID_COPY) ||
- !ENGINE_set_cmd_defns(ret, dynamic_cmd_defns)) {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
-}
-
-void engine_load_dynamic_int(void)
-{
- ENGINE *toadd = engine_dynamic();
- if (!toadd)
- return;
-
- ERR_set_mark();
- ENGINE_add(toadd);
- /*
- * If the "add" worked, it gets a structural reference. So either way, we
- * release our just-created reference.
- */
- ENGINE_free(toadd);
- /*
- * If the "add" didn't work, it was probably a conflict because it was
- * already added (eg. someone calling ENGINE_load_blah then calling
- * ENGINE_load_builtin_engines() perhaps).
- */
- ERR_pop_to_mark();
-}
-
-static int dynamic_init(ENGINE *e)
-{
- /*
- * We always return failure - the "dynamic" engine itself can't be used
- * for anything.
- */
- return 0;
-}
-
-static int dynamic_finish(ENGINE *e)
-{
- /*
- * This should never be called on account of "dynamic_init" always
- * failing.
- */
- return 0;
-}
-
-static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
-{
- dynamic_data_ctx *ctx = dynamic_get_data_ctx(e);
- int initialised;
-
- if (!ctx) {
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_NOT_LOADED);
- return 0;
- }
- initialised = ((ctx->dynamic_dso == NULL) ? 0 : 1);
- /* All our control commands require the ENGINE to be uninitialised */
- if (initialised) {
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_ALREADY_LOADED);
- return 0;
- }
- switch (cmd) {
- case DYNAMIC_CMD_SO_PATH:
- /* a NULL 'p' or a string of zero-length is the same thing */
- if (p && (strlen((const char *)p) < 1))
- p = NULL;
- OPENSSL_free(ctx->DYNAMIC_LIBNAME);
- if (p)
- ctx->DYNAMIC_LIBNAME = OPENSSL_strdup(p);
- else
- ctx->DYNAMIC_LIBNAME = NULL;
- return (ctx->DYNAMIC_LIBNAME ? 1 : 0);
- case DYNAMIC_CMD_NO_VCHECK:
- ctx->no_vcheck = ((i == 0) ? 0 : 1);
- return 1;
- case DYNAMIC_CMD_ID:
- /* a NULL 'p' or a string of zero-length is the same thing */
- if (p && (strlen((const char *)p) < 1))
- p = NULL;
- OPENSSL_free(ctx->engine_id);
- if (p)
- ctx->engine_id = OPENSSL_strdup(p);
- else
- ctx->engine_id = NULL;
- return (ctx->engine_id ? 1 : 0);
- case DYNAMIC_CMD_LIST_ADD:
- if ((i < 0) || (i > 2)) {
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INVALID_ARGUMENT);
- return 0;
- }
- ctx->list_add_value = (int)i;
- return 1;
- case DYNAMIC_CMD_LOAD:
- return dynamic_load(e, ctx);
- case DYNAMIC_CMD_DIR_LOAD:
- if ((i < 0) || (i > 2)) {
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INVALID_ARGUMENT);
- return 0;
- }
- ctx->dir_load = (int)i;
- return 1;
- case DYNAMIC_CMD_DIR_ADD:
- /* a NULL 'p' or a string of zero-length is the same thing */
- if (p == NULL || (strlen((const char *)p) < 1)) {
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INVALID_ARGUMENT);
- return 0;
- }
- {
- char *tmp_str = OPENSSL_strdup(p);
- if (tmp_str == NULL)
- return 0;
- if (!sk_OPENSSL_STRING_push(ctx->dirs, tmp_str)) {
- OPENSSL_free(tmp_str);
- ERR_raise(ERR_LIB_ENGINE, ERR_R_CRYPTO_LIB);
- return 0;
- }
- }
- return 1;
- default:
- break;
- }
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
- return 0;
-}
-
-static int int_load(dynamic_data_ctx *ctx)
-{
- int num, loop;
- /* Unless told not to, try a direct load */
- if ((ctx->dir_load != 2) && (DSO_load(ctx->dynamic_dso,
- ctx->DYNAMIC_LIBNAME, NULL,
- 0)) != NULL)
- return 1;
- /* If we're not allowed to use 'dirs' or we have none, fail */
- if (!ctx->dir_load || (num = sk_OPENSSL_STRING_num(ctx->dirs)) < 1)
- return 0;
- for (loop = 0; loop < num; loop++) {
- const char *s = sk_OPENSSL_STRING_value(ctx->dirs, loop);
- char *merge = DSO_merge(ctx->dynamic_dso, ctx->DYNAMIC_LIBNAME, s);
- if (!merge)
- return 0;
- if (DSO_load(ctx->dynamic_dso, merge, NULL, 0)) {
- /* Found what we're looking for */
- OPENSSL_free(merge);
- return 1;
- }
- OPENSSL_free(merge);
- }
- return 0;
-}
-
-/*
- * Unfortunately the version checker does not distinguish between
- * engines built for openssl 1.1.x and openssl 3.x, but loading
- * an engine that is built for openssl 1.1.x will cause a fatal
- * error. Detect such engines, since EVP_PKEY_base_id is exported
- * as a function in openssl 1.1.x, while it is named EVP_PKEY_get_base_id
- * in openssl 3.x. Therefore we take the presence of that symbol
- * as an indication that the engine will be incompatible.
- */
-static int using_libcrypto_11(dynamic_data_ctx *ctx)
-{
- int ret;
-
- ERR_set_mark();
- ret = DSO_bind_func(ctx->dynamic_dso, "EVP_PKEY_base_id") != NULL;
- ERR_pop_to_mark();
-
- return ret;
-}
-
-static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)
-{
- ENGINE cpy;
- dynamic_fns fns;
-
- if (ctx->dynamic_dso == NULL)
- ctx->dynamic_dso = DSO_new();
- if (ctx->dynamic_dso == NULL)
- return 0;
- if (!ctx->DYNAMIC_LIBNAME) {
- if (!ctx->engine_id)
- return 0;
- DSO_ctrl(ctx->dynamic_dso, DSO_CTRL_SET_FLAGS,
- DSO_FLAG_NAME_TRANSLATION_EXT_ONLY, NULL);
- ctx->DYNAMIC_LIBNAME =
- DSO_convert_filename(ctx->dynamic_dso, ctx->engine_id);
- }
- if (!int_load(ctx)) {
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_DSO_NOT_FOUND);
- DSO_free(ctx->dynamic_dso);
- ctx->dynamic_dso = NULL;
- return 0;
- }
- /* We have to find a bind function otherwise it'll always end badly */
- if (!
- (ctx->bind_engine =
- (dynamic_bind_engine) DSO_bind_func(ctx->dynamic_dso,
- ctx->DYNAMIC_F2))) {
- ctx->bind_engine = NULL;
- DSO_free(ctx->dynamic_dso);
- ctx->dynamic_dso = NULL;
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_DSO_FAILURE);
- return 0;
- }
- /* Do we perform version checking? */
- if (!ctx->no_vcheck) {
- unsigned long vcheck_res = 0;
- /*
- * Now we try to find a version checking function and decide how to
- * cope with failure if/when it fails.
- */
- ctx->v_check =
- (dynamic_v_check_fn) DSO_bind_func(ctx->dynamic_dso,
- ctx->DYNAMIC_F1);
- if (ctx->v_check)
- vcheck_res = ctx->v_check(OSSL_DYNAMIC_VERSION);
- /*
- * We fail if the version checker veto'd the load *or* if it is
- * deferring to us (by returning its version) and we think it is too
- * old. Also fail if this is engine for openssl 1.1.x.
- */
- if (vcheck_res < OSSL_DYNAMIC_OLDEST || using_libcrypto_11(ctx)) {
- /* Fail */
- ctx->bind_engine = NULL;
- ctx->v_check = NULL;
- DSO_free(ctx->dynamic_dso);
- ctx->dynamic_dso = NULL;
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_VERSION_INCOMPATIBILITY);
- return 0;
- }
- }
- /*
- * First binary copy the ENGINE structure so that we can roll back if the
- * hand-over fails
- */
- memcpy(&cpy, e, sizeof(ENGINE));
- /*
- * Provide the ERR, "ex_data", memory, and locking callbacks so the
- * loaded library uses our state rather than its own. FIXME: As noted in
- * engine.h, much of this would be simplified if each area of code
- * provided its own "summary" structure of all related callbacks. It
- * would also increase opaqueness.
- */
- fns.static_state = ENGINE_get_static_state();
- CRYPTO_get_mem_functions(&fns.mem_fns.malloc_fn, &fns.mem_fns.realloc_fn,
- &fns.mem_fns.free_fn);
- /*
- * Now that we've loaded the dynamic engine, make sure no "dynamic"
- * ENGINE elements will show through.
- */
- engine_set_all_null(e);
-
- /* Try to bind the ENGINE onto our own ENGINE structure */
- if (!engine_add_dynamic_id(e, (ENGINE_DYNAMIC_ID)ctx->bind_engine, 1)
- || !ctx->bind_engine(e, ctx->engine_id, &fns)) {
- engine_remove_dynamic_id(e, 1);
- ctx->bind_engine = NULL;
- ctx->v_check = NULL;
- DSO_free(ctx->dynamic_dso);
- ctx->dynamic_dso = NULL;
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INIT_FAILED);
- /* Copy the original ENGINE structure back */
- memcpy(e, &cpy, sizeof(ENGINE));
- return 0;
- }
- /* Do we try to add this ENGINE to the internal list too? */
- if (ctx->list_add_value > 0) {
- if (!ENGINE_add(e)) {
- /* Do we tolerate this or fail? */
- if (ctx->list_add_value > 1) {
- /*
- * Fail - NB: By this time, it's too late to rollback, and
- * trying to do so allows the bind_engine() code to have
- * created leaks. We just have to fail where we are, after
- * the ENGINE has changed.
- */
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_CONFLICTING_ENGINE_ID);
- return 0;
- }
- /* Tolerate */
- ERR_clear_error();
- }
- }
- return 1;
-}
+++ /dev/null
-/*
- * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <openssl/err.h>
-#include <openssl/engineerr.h>
-#include "crypto/engineerr.h"
-
-#ifndef OPENSSL_NO_ENGINE
-
-# ifndef OPENSSL_NO_ERR
-
-static const ERR_STRING_DATA ENGINE_str_reasons[] = {
- {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ALREADY_LOADED), "already loaded"},
- {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER),
- "argument is not a number"},
- {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_CMD_NOT_EXECUTABLE),
- "cmd not executable"},
- {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_COMMAND_TAKES_INPUT),
- "command takes input"},
- {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_COMMAND_TAKES_NO_INPUT),
- "command takes no input"},
- {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_CONFLICTING_ENGINE_ID),
- "conflicting engine id"},
- {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED),
- "ctrl command not implemented"},
- {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_DSO_FAILURE), "DSO failure"},
- {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_DSO_NOT_FOUND), "dso not found"},
- {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ENGINES_SECTION_ERROR),
- "engines section error"},
- {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ENGINE_CONFIGURATION_ERROR),
- "engine configuration error"},
- {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ENGINE_IS_NOT_IN_LIST),
- "engine is not in the list"},
- {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ENGINE_SECTION_ERROR),
- "engine section error"},
- {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_FAILED_LOADING_PRIVATE_KEY),
- "failed loading private key"},
- {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_FAILED_LOADING_PUBLIC_KEY),
- "failed loading public key"},
- {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_FINISH_FAILED), "finish failed"},
- {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ID_OR_NAME_MISSING),
- "'id' or 'name' missing"},
- {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INIT_FAILED), "init failed"},
- {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INTERNAL_LIST_ERROR),
- "internal list error"},
- {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_ARGUMENT),
- "invalid argument"},
- {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_CMD_NAME),
- "invalid cmd name"},
- {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_CMD_NUMBER),
- "invalid cmd number"},
- {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_INIT_VALUE),
- "invalid init value"},
- {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_STRING), "invalid string"},
- {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NOT_INITIALISED), "not initialised"},
- {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NOT_LOADED), "not loaded"},
- {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_CONTROL_FUNCTION),
- "no control function"},
- {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_INDEX), "no index"},
- {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_LOAD_FUNCTION),
- "no load function"},
- {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_REFERENCE), "no reference"},
- {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_SUCH_ENGINE), "no such engine"},
- {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_UNIMPLEMENTED_CIPHER),
- "unimplemented cipher"},
- {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_UNIMPLEMENTED_DIGEST),
- "unimplemented digest"},
- {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD),
- "unimplemented public key method"},
- {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_VERSION_INCOMPATIBILITY),
- "version incompatibility"},
- {0, NULL}
-};
-
-# endif
-
-int ossl_err_load_ENGINE_strings(void)
-{
-# ifndef OPENSSL_NO_ERR
- if (ERR_reason_error_string(ENGINE_str_reasons[0].error) == NULL)
- ERR_load_strings_const(ENGINE_str_reasons);
-# endif
- return 1;
-}
-#else
-NON_EMPTY_TRANSLATION_UNIT
-#endif
+++ /dev/null
-/*
- * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
- * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/* We need to use some engine deprecated APIs */
-#define OPENSSL_SUPPRESS_DEPRECATED
-
-#include "eng_local.h"
-#include <openssl/conf.h>
-
-int ENGINE_set_default(ENGINE *e, unsigned int flags)
-{
- if ((flags & ENGINE_METHOD_CIPHERS) && !ENGINE_set_default_ciphers(e))
- return 0;
- if ((flags & ENGINE_METHOD_DIGESTS) && !ENGINE_set_default_digests(e))
- return 0;
- if ((flags & ENGINE_METHOD_RSA) && !ENGINE_set_default_RSA(e))
- return 0;
-#ifndef OPENSSL_NO_DSA
- if ((flags & ENGINE_METHOD_DSA) && !ENGINE_set_default_DSA(e))
- return 0;
-#endif
-#ifndef OPENSSL_NO_DH
- if ((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e))
- return 0;
-#endif
-#ifndef OPENSSL_NO_EC
- if ((flags & ENGINE_METHOD_EC) && !ENGINE_set_default_EC(e))
- return 0;
-#endif
- if ((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e))
- return 0;
- if ((flags & ENGINE_METHOD_PKEY_METHS)
- && !ENGINE_set_default_pkey_meths(e))
- return 0;
- if ((flags & ENGINE_METHOD_PKEY_ASN1_METHS)
- && !ENGINE_set_default_pkey_asn1_meths(e))
- return 0;
- return 1;
-}
-
-/* Set default algorithms using a string */
-
-static int int_def_cb(const char *alg, int len, void *arg)
-{
- unsigned int *pflags = arg;
- if (alg == NULL)
- return 0;
- if (strncmp(alg, "ALL", len) == 0)
- *pflags |= ENGINE_METHOD_ALL;
- else if (strncmp(alg, "RSA", len) == 0)
- *pflags |= ENGINE_METHOD_RSA;
- else if (strncmp(alg, "DSA", len) == 0)
- *pflags |= ENGINE_METHOD_DSA;
- else if (strncmp(alg, "DH", len) == 0)
- *pflags |= ENGINE_METHOD_DH;
- else if (strncmp(alg, "EC", len) == 0)
- *pflags |= ENGINE_METHOD_EC;
- else if (strncmp(alg, "RAND", len) == 0)
- *pflags |= ENGINE_METHOD_RAND;
- else if (strncmp(alg, "CIPHERS", len) == 0)
- *pflags |= ENGINE_METHOD_CIPHERS;
- else if (strncmp(alg, "DIGESTS", len) == 0)
- *pflags |= ENGINE_METHOD_DIGESTS;
- else if (strncmp(alg, "PKEY", len) == 0)
- *pflags |= ENGINE_METHOD_PKEY_METHS | ENGINE_METHOD_PKEY_ASN1_METHS;
- else if (strncmp(alg, "PKEY_CRYPTO", len) == 0)
- *pflags |= ENGINE_METHOD_PKEY_METHS;
- else if (strncmp(alg, "PKEY_ASN1", len) == 0)
- *pflags |= ENGINE_METHOD_PKEY_ASN1_METHS;
- else
- return 0;
- return 1;
-}
-
-int ENGINE_set_default_string(ENGINE *e, const char *def_list)
-{
- unsigned int flags = 0;
- if (!CONF_parse_list(def_list, ',', 1, int_def_cb, &flags)) {
- ERR_raise_data(ERR_LIB_ENGINE, ENGINE_R_INVALID_STRING,
- "str=%s", def_list);
- return 0;
- }
- return ENGINE_set_default(e, flags);
-}
-
-int ENGINE_register_complete(ENGINE *e)
-{
- ENGINE_register_ciphers(e);
- ENGINE_register_digests(e);
- ENGINE_register_RSA(e);
-#ifndef OPENSSL_NO_DSA
- ENGINE_register_DSA(e);
-#endif
-#ifndef OPENSSL_NO_DH
- ENGINE_register_DH(e);
-#endif
-#ifndef OPENSSL_NO_EC
- ENGINE_register_EC(e);
-#endif
- ENGINE_register_RAND(e);
- ENGINE_register_pkey_meths(e);
- ENGINE_register_pkey_asn1_meths(e);
- return 1;
-}
-
-int ENGINE_register_all_complete(void)
-{
- ENGINE *e;
-
- for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
- if (!(e->flags & ENGINE_FLAGS_NO_REGISTER_ALL))
- ENGINE_register_complete(e);
- return 1;
-}
+++ /dev/null
-/*
- * Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/* We need to use some engine deprecated APIs */
-#define OPENSSL_SUPPRESS_DEPRECATED
-
-#include "internal/e_os.h"
-#include "eng_local.h"
-
-/*
- * Initialise an engine type for use (or up its functional reference count if
- * it's already in use). This version is only used internally.
- */
-int engine_unlocked_init(ENGINE *e)
-{
- int to_return = 1;
-
- if ((e->funct_ref == 0) && e->init)
- /*
- * This is the first functional reference and the engine requires
- * initialisation so we do it now.
- */
- to_return = e->init(e);
- if (to_return) {
- int ref;
-
- /*
- * OK, we return a functional reference which is also a structural
- * reference.
- */
- if (!CRYPTO_UP_REF(&e->struct_ref, &ref)) {
- e->finish(e);
- return 0;
- }
- e->funct_ref++;
- }
- return to_return;
-}
-
-/*
- * Free a functional reference to an engine type. This version is only used
- * internally.
- */
-int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers)
-{
- int to_return = 1;
-
- /*
- * Reduce the functional reference count here so if it's the terminating
- * case, we can release the lock safely and call the finish() handler
- * without risk of a race. We get a race if we leave the count until
- * after and something else is calling "finish" at the same time -
- * there's a chance that both threads will together take the count from 2
- * to 0 without either calling finish().
- */
- e->funct_ref--;
- if ((e->funct_ref == 0) && e->finish) {
- if (unlock_for_handlers)
- CRYPTO_THREAD_unlock(global_engine_lock);
- to_return = e->finish(e);
- if (unlock_for_handlers)
- if (!CRYPTO_THREAD_write_lock(global_engine_lock))
- return 0;
- if (!to_return)
- return 0;
- }
- REF_ASSERT_ISNT(e->funct_ref < 0);
- /* Release the structural reference too */
- if (!engine_free_util(e, 0)) {
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_FINISH_FAILED);
- return 0;
- }
- return to_return;
-}
-
-/* The API (locked) version of "init" */
-int ENGINE_init(ENGINE *e)
-{
- int ret;
- if (e == NULL) {
- ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) {
- /* Maybe this should be raised in do_engine_lock_init() */
- ERR_raise(ERR_LIB_ENGINE, ERR_R_CRYPTO_LIB);
- return 0;
- }
- if (!CRYPTO_THREAD_write_lock(global_engine_lock))
- return 0;
- ret = engine_unlocked_init(e);
- CRYPTO_THREAD_unlock(global_engine_lock);
- return ret;
-}
-
-/* The API (locked) version of "finish" */
-int ENGINE_finish(ENGINE *e)
-{
- int to_return = 1;
-
- if (e == NULL)
- return 1;
- if (!CRYPTO_THREAD_write_lock(global_engine_lock))
- return 0;
- to_return = engine_unlocked_finish(e, 1);
- CRYPTO_THREAD_unlock(global_engine_lock);
- if (!to_return) {
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_FINISH_FAILED);
- return 0;
- }
- return to_return;
-}
+++ /dev/null
-/*
- * Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include "internal/e_os.h"
-#include "eng_local.h"
-#include <openssl/rand.h>
-#include "internal/refcount.h"
-
-CRYPTO_RWLOCK *global_engine_lock;
-
-CRYPTO_ONCE engine_lock_init = CRYPTO_ONCE_STATIC_INIT;
-
-/* The "new"/"free" stuff first */
-
-DEFINE_RUN_ONCE(do_engine_lock_init)
-{
- global_engine_lock = CRYPTO_THREAD_lock_new();
- return global_engine_lock != NULL;
-}
-
-ENGINE *ENGINE_new(void)
-{
- ENGINE *ret;
-
- if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) {
- /* Maybe this should be raised in do_engine_lock_init() */
- ERR_raise(ERR_LIB_ENGINE, ERR_R_CRYPTO_LIB);
- return 0;
- }
- if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL)
- return NULL;
- if (!CRYPTO_NEW_REF(&ret->struct_ref, 1)) {
- OPENSSL_free(ret);
- return NULL;
- }
- if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data)) {
- CRYPTO_FREE_REF(&ret->struct_ref);
- OPENSSL_free(ret);
- return NULL;
- }
- return ret;
-}
-
-/*
- * Placed here (close proximity to ENGINE_new) so that modifications to the
- * elements of the ENGINE structure are more likely to be caught and changed
- * here.
- */
-void engine_set_all_null(ENGINE *e)
-{
- e->id = NULL;
- e->name = NULL;
- e->rsa_meth = NULL;
- e->dsa_meth = NULL;
- e->dh_meth = NULL;
- e->rand_meth = NULL;
- e->ciphers = NULL;
- e->digests = NULL;
- e->destroy = NULL;
- e->init = NULL;
- e->finish = NULL;
- e->ctrl = NULL;
- e->load_privkey = NULL;
- e->load_pubkey = NULL;
- e->cmd_defns = NULL;
- e->flags = 0;
- e->dynamic_id = NULL;
-}
-
-int engine_free_util(ENGINE *e, int not_locked)
-{
- int i;
-
- if (e == NULL)
- return 1;
- CRYPTO_DOWN_REF(&e->struct_ref, &i);
- if (i > 0)
- return 1;
- REF_ASSERT_ISNT(i < 0);
- /* Free up any dynamically allocated public key methods */
- engine_pkey_meths_free(e);
- engine_pkey_asn1_meths_free(e);
- /*
- * Give the ENGINE a chance to do any structural cleanup corresponding to
- * allocation it did in its constructor (eg. unload error strings)
- */
- if (e->destroy)
- e->destroy(e);
- engine_remove_dynamic_id(e, not_locked);
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data);
- CRYPTO_FREE_REF(&e->struct_ref);
- OPENSSL_free(e);
- return 1;
-}
-
-int ENGINE_free(ENGINE *e)
-{
- return engine_free_util(e, 1);
-}
-
-/* Cleanup stuff */
-
-/*
- * engine_cleanup_int() is coded such that anything that does work that will
- * need cleanup can register a "cleanup" callback here. That way we don't get
- * linker bloat by referring to all *possible* cleanups, but any linker bloat
- * into code "X" will cause X's cleanup function to end up here.
- */
-static STACK_OF(ENGINE_CLEANUP_ITEM) *cleanup_stack = NULL;
-static int int_cleanup_check(int create)
-{
- if (cleanup_stack)
- return 1;
- if (!create)
- return 0;
- cleanup_stack = sk_ENGINE_CLEANUP_ITEM_new_null();
- return (cleanup_stack ? 1 : 0);
-}
-
-static ENGINE_CLEANUP_ITEM *int_cleanup_item(ENGINE_CLEANUP_CB *cb)
-{
- ENGINE_CLEANUP_ITEM *item;
-
- if ((item = OPENSSL_malloc(sizeof(*item))) == NULL)
- return NULL;
- item->cb = cb;
- return item;
-}
-
-int engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb)
-{
- ENGINE_CLEANUP_ITEM *item;
-
- if (!int_cleanup_check(1))
- return 0;
- item = int_cleanup_item(cb);
- if (item != NULL) {
- if (sk_ENGINE_CLEANUP_ITEM_insert(cleanup_stack, item, 0))
- return 1;
- OPENSSL_free(item);
- }
- return 0;
-}
-
-int engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb)
-{
- ENGINE_CLEANUP_ITEM *item;
-
- if (!int_cleanup_check(1))
- return 0;
- item = int_cleanup_item(cb);
- if (item != NULL) {
- if (sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item) > 0)
- return 1;
- OPENSSL_free(item);
- }
- return 0;
-}
-
-/* The API function that performs all cleanup */
-static void engine_cleanup_cb_free(ENGINE_CLEANUP_ITEM *item)
-{
- (*(item->cb)) ();
- OPENSSL_free(item);
-}
-
-void engine_cleanup_int(void)
-{
- if (int_cleanup_check(0)) {
- sk_ENGINE_CLEANUP_ITEM_pop_free(cleanup_stack,
- engine_cleanup_cb_free);
- cleanup_stack = NULL;
- }
- CRYPTO_THREAD_lock_free(global_engine_lock);
- global_engine_lock = NULL;
-}
-
-/* Now the "ex_data" support */
-
-int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg)
-{
- return CRYPTO_set_ex_data(&e->ex_data, idx, arg);
-}
-
-void *ENGINE_get_ex_data(const ENGINE *e, int idx)
-{
- return CRYPTO_get_ex_data(&e->ex_data, idx);
-}
-
-/*
- * Functions to get/set an ENGINE's elements - mainly to avoid exposing the
- * ENGINE structure itself.
- */
-
-int ENGINE_set_id(ENGINE *e, const char *id)
-{
- if (id == NULL) {
- ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- e->id = id;
- return 1;
-}
-
-int ENGINE_set_name(ENGINE *e, const char *name)
-{
- if (name == NULL) {
- ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- e->name = name;
- return 1;
-}
-
-int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f)
-{
- e->destroy = destroy_f;
- return 1;
-}
-
-int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f)
-{
- e->init = init_f;
- return 1;
-}
-
-int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f)
-{
- e->finish = finish_f;
- return 1;
-}
-
-int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f)
-{
- e->ctrl = ctrl_f;
- return 1;
-}
-
-int ENGINE_set_flags(ENGINE *e, int flags)
-{
- e->flags = flags;
- return 1;
-}
-
-int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns)
-{
- e->cmd_defns = defns;
- return 1;
-}
-
-const char *ENGINE_get_id(const ENGINE *e)
-{
- return e->id;
-}
-
-const char *ENGINE_get_name(const ENGINE *e)
-{
- return e->name;
-}
-
-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e)
-{
- return e->destroy;
-}
-
-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e)
-{
- return e->init;
-}
-
-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e)
-{
- return e->finish;
-}
-
-ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e)
-{
- return e->ctrl;
-}
-
-int ENGINE_get_flags(const ENGINE *e)
-{
- return e->flags;
-}
-
-const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e)
-{
- return e->cmd_defns;
-}
-
-/*
- * eng_lib.o is pretty much linked into anything that touches ENGINE already,
- * so put the "static_state" hack here.
- */
-
-static int internal_static_hack = 0;
-
-void *ENGINE_get_static_state(void)
-{
- return &internal_static_hack;
-}
+++ /dev/null
-/*
- * Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved.
- * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/* We need to use some engine deprecated APIs */
-#define OPENSSL_SUPPRESS_DEPRECATED
-
-#include "eng_local.h"
-
-/*
- * The linked-list of pointers to engine types. engine_list_head incorporates
- * an implicit structural reference but engine_list_tail does not - the
- * latter is a computational optimization and only points to something that
- * is already pointed to by its predecessor in the list (or engine_list_head
- * itself). In the same way, the use of the "prev" pointer in each ENGINE is
- * to save excessive list iteration, it doesn't correspond to an extra
- * structural reference. Hence, engine_list_head, and each non-null "next"
- * pointer account for the list itself assuming exactly 1 structural
- * reference on each list member.
- */
-static ENGINE *engine_list_head = NULL;
-static ENGINE *engine_list_tail = NULL;
-
-/*
- * The linked list of currently loaded dynamic engines.
- */
-static ENGINE *engine_dyn_list_head = NULL;
-static ENGINE *engine_dyn_list_tail = NULL;
-
-/*
- * This cleanup function is only needed internally. If it should be called,
- * we register it with the "engine_cleanup_int()" stack to be called during
- * cleanup.
- */
-
-static void engine_list_cleanup(void)
-{
- ENGINE *iterator = engine_list_head;
-
- while (iterator != NULL) {
- ENGINE_remove(iterator);
- iterator = engine_list_head;
- }
- return;
-}
-
-/*
- * These static functions starting with a lower case "engine_" always take
- * place when global_engine_lock has been locked up.
- */
-static int engine_list_add(ENGINE *e)
-{
- int conflict = 0;
- ENGINE *iterator = NULL;
- int ref;
-
- if (e == NULL) {
- ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- iterator = engine_list_head;
- while (iterator && !conflict) {
- conflict = (strcmp(iterator->id, e->id) == 0);
- iterator = iterator->next;
- }
- if (conflict) {
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_CONFLICTING_ENGINE_ID);
- return 0;
- }
-
- /*
- * Having the engine in the list assumes a structural reference.
- */
- if (!CRYPTO_UP_REF(&e->struct_ref, &ref)) {
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INTERNAL_LIST_ERROR);
- return 0;
- }
- if (engine_list_head == NULL) {
- /* We are adding to an empty list. */
- if (engine_list_tail != NULL) {
- CRYPTO_DOWN_REF(&e->struct_ref, &ref);
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INTERNAL_LIST_ERROR);
- return 0;
- }
- /*
- * The first time the list allocates, we should register the cleanup.
- */
- if (!engine_cleanup_add_last(engine_list_cleanup)) {
- CRYPTO_DOWN_REF(&e->struct_ref, &ref);
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INTERNAL_LIST_ERROR);
- return 0;
- }
- engine_list_head = e;
- e->prev = NULL;
- } else {
- /* We are adding to the tail of an existing list. */
- if ((engine_list_tail == NULL) || (engine_list_tail->next != NULL)) {
- CRYPTO_DOWN_REF(&e->struct_ref, &ref);
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INTERNAL_LIST_ERROR);
- return 0;
- }
- engine_list_tail->next = e;
- e->prev = engine_list_tail;
- }
-
- /* However it came to be, e is the last item in the list. */
- engine_list_tail = e;
- e->next = NULL;
- return 1;
-}
-
-static int engine_list_remove(ENGINE *e)
-{
- ENGINE *iterator;
-
- if (e == NULL) {
- ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- /* We need to check that e is in our linked list! */
- iterator = engine_list_head;
- while (iterator && (iterator != e))
- iterator = iterator->next;
- if (iterator == NULL) {
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_ENGINE_IS_NOT_IN_LIST);
- return 0;
- }
- /* un-link e from the chain. */
- if (e->next)
- e->next->prev = e->prev;
- if (e->prev)
- e->prev->next = e->next;
- /* Correct our head/tail if necessary. */
- if (engine_list_head == e)
- engine_list_head = e->next;
- if (engine_list_tail == e)
- engine_list_tail = e->prev;
- engine_free_util(e, 0);
- return 1;
-}
-
-/* Add engine to dynamic engine list. */
-int engine_add_dynamic_id(ENGINE *e, ENGINE_DYNAMIC_ID dynamic_id,
- int not_locked)
-{
- int result = 0;
- ENGINE *iterator = NULL;
-
- if (e == NULL)
- return 0;
-
- if (e->dynamic_id == NULL && dynamic_id == NULL)
- return 0;
-
- if (not_locked && !CRYPTO_THREAD_write_lock(global_engine_lock))
- return 0;
-
- if (dynamic_id != NULL) {
- iterator = engine_dyn_list_head;
- while (iterator != NULL) {
- if (iterator->dynamic_id == dynamic_id)
- goto err;
- iterator = iterator->next;
- }
- if (e->dynamic_id != NULL)
- goto err;
- e->dynamic_id = dynamic_id;
- }
-
- if (engine_dyn_list_head == NULL) {
- /* We are adding to an empty list. */
- if (engine_dyn_list_tail != NULL)
- goto err;
- engine_dyn_list_head = e;
- e->prev_dyn = NULL;
- } else {
- /* We are adding to the tail of an existing list. */
- if (engine_dyn_list_tail == NULL
- || engine_dyn_list_tail->next_dyn != NULL)
- goto err;
- engine_dyn_list_tail->next_dyn = e;
- e->prev_dyn = engine_dyn_list_tail;
- }
-
- engine_dyn_list_tail = e;
- e->next_dyn = NULL;
- result = 1;
-
- err:
- if (not_locked)
- CRYPTO_THREAD_unlock(global_engine_lock);
- return result;
-}
-
-/* Remove engine from dynamic engine list. */
-void engine_remove_dynamic_id(ENGINE *e, int not_locked)
-{
- if (e == NULL || e->dynamic_id == NULL)
- return;
-
- if (not_locked && !CRYPTO_THREAD_write_lock(global_engine_lock))
- return;
-
- e->dynamic_id = NULL;
-
- /* un-link e from the chain. */
- if (e->next_dyn != NULL)
- e->next_dyn->prev_dyn = e->prev_dyn;
- if (e->prev_dyn != NULL)
- e->prev_dyn->next_dyn = e->next_dyn;
- /* Correct our head/tail if necessary. */
- if (engine_dyn_list_head == e)
- engine_dyn_list_head = e->next_dyn;
- if (engine_dyn_list_tail == e)
- engine_dyn_list_tail = e->prev_dyn;
-
- if (not_locked)
- CRYPTO_THREAD_unlock(global_engine_lock);
-}
-
-/* Get the first/last "ENGINE" type available. */
-ENGINE *ENGINE_get_first(void)
-{
- ENGINE *ret;
-
- if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) {
- /* Maybe this should be raised in do_engine_lock_init() */
- ERR_raise(ERR_LIB_ENGINE, ERR_R_CRYPTO_LIB);
- return NULL;
- }
-
- if (!CRYPTO_THREAD_write_lock(global_engine_lock))
- return NULL;
- ret = engine_list_head;
- if (ret) {
- int ref;
-
- if (!CRYPTO_UP_REF(&ret->struct_ref, &ref)) {
- CRYPTO_THREAD_unlock(global_engine_lock);
- ERR_raise(ERR_LIB_ENGINE, ERR_R_CRYPTO_LIB);
- return NULL;
- }
- }
- CRYPTO_THREAD_unlock(global_engine_lock);
- return ret;
-}
-
-ENGINE *ENGINE_get_last(void)
-{
- ENGINE *ret;
-
- if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) {
- /* Maybe this should be raised in do_engine_lock_init() */
- ERR_raise(ERR_LIB_ENGINE, ERR_R_CRYPTO_LIB);
- return NULL;
- }
-
- if (!CRYPTO_THREAD_write_lock(global_engine_lock))
- return NULL;
- ret = engine_list_tail;
- if (ret) {
- int ref;
-
- if (!CRYPTO_UP_REF(&ret->struct_ref, &ref)) {
- CRYPTO_THREAD_unlock(global_engine_lock);
- ERR_raise(ERR_LIB_ENGINE, ERR_R_CRYPTO_LIB);
- return NULL;
- }
- }
- CRYPTO_THREAD_unlock(global_engine_lock);
- return ret;
-}
-
-/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
-ENGINE *ENGINE_get_next(ENGINE *e)
-{
- ENGINE *ret = NULL;
- if (e == NULL) {
- ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER);
- return NULL;
- }
- if (!CRYPTO_THREAD_write_lock(global_engine_lock))
- return NULL;
- ret = e->next;
- if (ret) {
- int ref;
-
- /* Return a valid structural reference to the next ENGINE */
- if (!CRYPTO_UP_REF(&ret->struct_ref, &ref)) {
- CRYPTO_THREAD_unlock(global_engine_lock);
- ERR_raise(ERR_LIB_ENGINE, ERR_R_CRYPTO_LIB);
- return NULL;
- }
- }
- CRYPTO_THREAD_unlock(global_engine_lock);
- /* Release the structural reference to the previous ENGINE */
- ENGINE_free(e);
- return ret;
-}
-
-ENGINE *ENGINE_get_prev(ENGINE *e)
-{
- ENGINE *ret = NULL;
- if (e == NULL) {
- ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER);
- return NULL;
- }
- if (!CRYPTO_THREAD_write_lock(global_engine_lock))
- return NULL;
- ret = e->prev;
- if (ret) {
- int ref;
-
- /* Return a valid structural reference to the next ENGINE */
- if (!CRYPTO_UP_REF(&ret->struct_ref, &ref)) {
- CRYPTO_THREAD_unlock(global_engine_lock);
- ERR_raise(ERR_LIB_ENGINE, ERR_R_CRYPTO_LIB);
- return NULL;
- }
- }
- CRYPTO_THREAD_unlock(global_engine_lock);
- /* Release the structural reference to the previous ENGINE */
- ENGINE_free(e);
- return ret;
-}
-
-/* Add another "ENGINE" type into the list. */
-int ENGINE_add(ENGINE *e)
-{
- int to_return = 1;
- if (e == NULL) {
- ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if ((e->id == NULL) || (e->name == NULL)) {
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_ID_OR_NAME_MISSING);
- return 0;
- }
- if (!CRYPTO_THREAD_write_lock(global_engine_lock))
- return 0;
- if (!engine_list_add(e)) {
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INTERNAL_LIST_ERROR);
- to_return = 0;
- }
- CRYPTO_THREAD_unlock(global_engine_lock);
- return to_return;
-}
-
-/* Remove an existing "ENGINE" type from the array. */
-int ENGINE_remove(ENGINE *e)
-{
- int to_return = 1;
- if (e == NULL) {
- ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if (!CRYPTO_THREAD_write_lock(global_engine_lock))
- return 0;
- if (!engine_list_remove(e)) {
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INTERNAL_LIST_ERROR);
- to_return = 0;
- }
- CRYPTO_THREAD_unlock(global_engine_lock);
- return to_return;
-}
-
-static void engine_cpy(ENGINE *dest, const ENGINE *src)
-{
- dest->id = src->id;
- dest->name = src->name;
- dest->rsa_meth = src->rsa_meth;
-#ifndef OPENSSL_NO_DSA
- dest->dsa_meth = src->dsa_meth;
-#endif
-#ifndef OPENSSL_NO_DH
- dest->dh_meth = src->dh_meth;
-#endif
-#ifndef OPENSSL_NO_EC
- dest->ec_meth = src->ec_meth;
-#endif
- dest->rand_meth = src->rand_meth;
- dest->ciphers = src->ciphers;
- dest->digests = src->digests;
- dest->pkey_meths = src->pkey_meths;
- dest->destroy = src->destroy;
- dest->init = src->init;
- dest->finish = src->finish;
- dest->ctrl = src->ctrl;
- dest->load_privkey = src->load_privkey;
- dest->load_pubkey = src->load_pubkey;
- dest->cmd_defns = src->cmd_defns;
- dest->flags = src->flags;
- dest->dynamic_id = src->dynamic_id;
- engine_add_dynamic_id(dest, NULL, 0);
-}
-
-ENGINE *ENGINE_by_id(const char *id)
-{
- ENGINE *iterator;
- const char *load_dir = NULL;
- if (id == NULL) {
- ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER);
- return NULL;
- }
- ENGINE_load_builtin_engines();
-
- if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) {
- /* Maybe this should be raised in do_engine_lock_init() */
- ERR_raise(ERR_LIB_ENGINE, ERR_R_CRYPTO_LIB);
- return NULL;
- }
-
- if (!CRYPTO_THREAD_write_lock(global_engine_lock))
- return NULL;
- iterator = engine_list_head;
- while (iterator && (strcmp(id, iterator->id) != 0))
- iterator = iterator->next;
- if (iterator != NULL) {
- /*
- * We need to return a structural reference. If this is an ENGINE
- * type that returns copies, make a duplicate - otherwise increment
- * the existing ENGINE's reference count.
- */
- if (iterator->flags & ENGINE_FLAGS_BY_ID_COPY) {
- ENGINE *cp = ENGINE_new();
- if (cp == NULL)
- iterator = NULL;
- else {
- engine_cpy(cp, iterator);
- iterator = cp;
- }
- } else {
- int ref;
-
- if (!CRYPTO_UP_REF(&iterator->struct_ref, &ref)) {
- CRYPTO_THREAD_unlock(global_engine_lock);
- ERR_raise(ERR_LIB_ENGINE, ERR_R_CRYPTO_LIB);
- return NULL;
- }
- }
- }
- CRYPTO_THREAD_unlock(global_engine_lock);
- if (iterator != NULL)
- return iterator;
- /*
- * Prevent infinite recursion if we're looking for the dynamic engine.
- */
- if (strcmp(id, "dynamic")) {
- load_dir = ossl_safe_getenv("OPENSSL_ENGINES");
- iterator = ENGINE_by_id("dynamic");
- if (!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
- !ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) ||
- !ENGINE_ctrl_cmd_string(iterator, "DIR_ADD",
- load_dir, 0) ||
- !ENGINE_ctrl_cmd_string(iterator, "LIST_ADD", "1", 0) ||
- !ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0))
- goto notfound;
- return iterator;
- }
- notfound:
- ENGINE_free(iterator);
- ERR_raise_data(ERR_LIB_ENGINE, ENGINE_R_NO_SUCH_ENGINE, "id=%s", id);
- return NULL;
- /* EEK! Experimental code ends */
-}
-
-int ENGINE_up_ref(ENGINE *e)
-{
- int i;
- if (e == NULL) {
- ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- CRYPTO_UP_REF(&e->struct_ref, &i);
- return 1;
-}
+++ /dev/null
-/*
- * Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
- * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#ifndef OSSL_CRYPTO_ENGINE_ENG_LOCAL_H
-# define OSSL_CRYPTO_ENGINE_ENG_LOCAL_H
-
-# include <openssl/trace.h>
-# include "internal/cryptlib.h"
-# include "crypto/engine.h"
-# include "internal/thread_once.h"
-# include "internal/refcount.h"
-
-extern CRYPTO_RWLOCK *global_engine_lock;
-
-/*
- * Any code that will need cleanup operations should use these functions to
- * register callbacks. engine_cleanup_int() will call all registered
- * callbacks in order. NB: both the "add" functions assume the engine lock to
- * already be held (in "write" mode).
- */
-typedef void (ENGINE_CLEANUP_CB) (void);
-typedef struct st_engine_cleanup_item {
- ENGINE_CLEANUP_CB *cb;
-} ENGINE_CLEANUP_ITEM;
-DEFINE_STACK_OF(ENGINE_CLEANUP_ITEM)
-int engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb);
-int engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb);
-
-/* We need stacks of ENGINEs for use in eng_table.c */
-DEFINE_STACK_OF(ENGINE)
-
-/*
- * This represents an implementation table. Dependent code should instantiate
- * it as a (ENGINE_TABLE *) pointer value set initially to NULL.
- */
-typedef struct st_engine_table ENGINE_TABLE;
-int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
- ENGINE *e, const int *nids, int num_nids,
- int setdefault);
-void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e);
-void engine_table_cleanup(ENGINE_TABLE **table);
-ENGINE *ossl_engine_table_select(ENGINE_TABLE **table, int nid,
- const char *f, int l);
-typedef void (engine_table_doall_cb) (int nid, STACK_OF(ENGINE) *sk,
- ENGINE *def, void *arg);
-void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb,
- void *arg);
-
-/*
- * Internal versions of API functions that have control over locking. These
- * are used between C files when functionality needs to be shared but the
- * caller may already be controlling of the engine lock.
- */
-int engine_unlocked_init(ENGINE *e);
-int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers);
-int engine_free_util(ENGINE *e, int not_locked);
-
-/*
- * This function will reset all "set"able values in an ENGINE to NULL. This
- * won't touch reference counts or ex_data, but is equivalent to calling all
- * the ENGINE_set_***() functions with a NULL value.
- */
-void engine_set_all_null(ENGINE *e);
-
-/*
- * NB: Bitwise OR-able values for the "flags" variable in ENGINE are now
- * exposed in engine.h.
- */
-
-/* Free up dynamically allocated public key methods associated with ENGINE */
-
-void engine_pkey_meths_free(ENGINE *e);
-void engine_pkey_asn1_meths_free(ENGINE *e);
-
-/* Once initialisation function */
-extern CRYPTO_ONCE engine_lock_init;
-DECLARE_RUN_ONCE(do_engine_lock_init)
-
-typedef void (*ENGINE_DYNAMIC_ID)(void);
-int engine_add_dynamic_id(ENGINE *e, ENGINE_DYNAMIC_ID dynamic_id,
- int not_locked);
-void engine_remove_dynamic_id(ENGINE *e, int not_locked);
-
-/*
- * This is a structure for storing implementations of various crypto
- * algorithms and functions.
- */
-struct engine_st {
- const char *id;
- const char *name;
- const RSA_METHOD *rsa_meth;
- const DSA_METHOD *dsa_meth;
- const DH_METHOD *dh_meth;
- const EC_KEY_METHOD *ec_meth;
- const RAND_METHOD *rand_meth;
- /* Cipher handling is via this callback */
- ENGINE_CIPHERS_PTR ciphers;
- /* Digest handling is via this callback */
- ENGINE_DIGESTS_PTR digests;
- /* Public key handling via this callback */
- ENGINE_PKEY_METHS_PTR pkey_meths;
- /* ASN1 public key handling via this callback */
- ENGINE_PKEY_ASN1_METHS_PTR pkey_asn1_meths;
- ENGINE_GEN_INT_FUNC_PTR destroy;
- ENGINE_GEN_INT_FUNC_PTR init;
- ENGINE_GEN_INT_FUNC_PTR finish;
- ENGINE_CTRL_FUNC_PTR ctrl;
- ENGINE_LOAD_KEY_PTR load_privkey;
- ENGINE_LOAD_KEY_PTR load_pubkey;
- ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
- const ENGINE_CMD_DEFN *cmd_defns;
- int flags;
- /* reference count on the structure itself */
- CRYPTO_REF_COUNT struct_ref;
- /*
- * reference count on usability of the engine type. NB: This controls the
- * loading and initialisation of any functionality required by this
- * engine, whereas the previous count is simply to cope with
- * (de)allocation of this structure. Hence, running_ref <= struct_ref at
- * all times.
- */
- int funct_ref;
- /* A place to store per-ENGINE data */
- CRYPTO_EX_DATA ex_data;
- /* Used to maintain the linked-list of engines. */
- struct engine_st *prev;
- struct engine_st *next;
- /* Used to maintain the linked-list of dynamic engines. */
- struct engine_st *prev_dyn;
- struct engine_st *next_dyn;
- ENGINE_DYNAMIC_ID dynamic_id;
-};
-
-typedef struct st_engine_pile ENGINE_PILE;
-
-DEFINE_LHASH_OF_EX(ENGINE_PILE);
-
-static ossl_unused ossl_inline int eng_struct_ref(ENGINE *e)
-{
- int res;
-
- CRYPTO_GET_REF(&e->struct_ref, &res);
- return res;
-}
-
-#endif /* OSSL_CRYPTO_ENGINE_ENG_LOCAL_H */
+++ /dev/null
-/*
- * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
- * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/* We need to use some engine deprecated APIs */
-#define OPENSSL_SUPPRESS_DEPRECATED
-
-/*
- * RC4 and SHA-1 low level APIs and EVP _meth_ APISs are deprecated for public
- * use, but still ok for internal use.
- */
-#include "internal/deprecated.h"
-
-#include <stdio.h>
-#include <openssl/crypto.h>
-#include "internal/cryptlib.h"
-#include "crypto/engine.h"
-#include <openssl/pem.h>
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#include <openssl/rsa.h>
-#include <openssl/dsa.h>
-#include <openssl/dh.h>
-
-#include <openssl/hmac.h>
-#include <openssl/x509v3.h>
-
-/*
- * This testing gunk is implemented (and explained) lower down. It also
- * assumes the application explicitly calls "ENGINE_load_openssl()" because
- * this is no longer automatic in ENGINE_load_builtin_engines().
- */
-#define TEST_ENG_OPENSSL_RC4
-#ifndef OPENSSL_NO_STDIO
-# define TEST_ENG_OPENSSL_PKEY
-#endif
-/* #define TEST_ENG_OPENSSL_HMAC */
-/* #define TEST_ENG_OPENSSL_HMAC_INIT */
-/* #define TEST_ENG_OPENSSL_RC4_OTHERS */
-#ifndef OPENSSL_NO_STDIO
-# define TEST_ENG_OPENSSL_RC4_P_INIT
-#endif
-/* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */
-#define TEST_ENG_OPENSSL_SHA
-/* #define TEST_ENG_OPENSSL_SHA_OTHERS */
-/* #define TEST_ENG_OPENSSL_SHA_P_INIT */
-/* #define TEST_ENG_OPENSSL_SHA_P_UPDATE */
-/* #define TEST_ENG_OPENSSL_SHA_P_FINAL */
-
-/* Now check what of those algorithms are actually enabled */
-#ifdef OPENSSL_NO_RC4
-# undef TEST_ENG_OPENSSL_RC4
-# undef TEST_ENG_OPENSSL_RC4_OTHERS
-# undef TEST_ENG_OPENSSL_RC4_P_INIT
-# undef TEST_ENG_OPENSSL_RC4_P_CIPHER
-#endif
-
-static int openssl_destroy(ENGINE *e);
-
-#ifdef TEST_ENG_OPENSSL_RC4
-static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
- const int **nids, int nid);
-#endif
-#ifdef TEST_ENG_OPENSSL_SHA
-static int openssl_digests(ENGINE *e, const EVP_MD **digest,
- const int **nids, int nid);
-#endif
-
-#ifdef TEST_ENG_OPENSSL_PKEY
-static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
- UI_METHOD *ui_method,
- void *callback_data);
-#endif
-
-#ifdef TEST_ENG_OPENSSL_HMAC
-static int ossl_register_hmac_meth(void);
-static int ossl_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
- const int **nids, int nid);
-#endif
-
-/* The constants used when creating the ENGINE */
-static const char *engine_openssl_id = "openssl";
-static const char *engine_openssl_name = "Software engine support";
-
-/*
- * This internal function is used by ENGINE_openssl() and possibly by the
- * "dynamic" ENGINE support too
- */
-static int bind_helper(ENGINE *e)
-{
- if (!ENGINE_set_id(e, engine_openssl_id)
- || !ENGINE_set_name(e, engine_openssl_name)
- || !ENGINE_set_destroy_function(e, openssl_destroy)
-#ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS
- || !ENGINE_set_RSA(e, RSA_get_default_method())
-# ifndef OPENSSL_NO_DSA
- || !ENGINE_set_DSA(e, DSA_get_default_method())
-# endif
-# ifndef OPENSSL_NO_EC
- || !ENGINE_set_EC(e, EC_KEY_OpenSSL())
-# endif
-# ifndef OPENSSL_NO_DH
- || !ENGINE_set_DH(e, DH_get_default_method())
-# endif
- || !ENGINE_set_RAND(e, RAND_OpenSSL())
-# ifdef TEST_ENG_OPENSSL_RC4
- || !ENGINE_set_ciphers(e, openssl_ciphers)
-# endif
-# ifdef TEST_ENG_OPENSSL_SHA
- || !ENGINE_set_digests(e, openssl_digests)
-# endif
-#endif
-#ifdef TEST_ENG_OPENSSL_PKEY
- || !ENGINE_set_load_privkey_function(e, openssl_load_privkey)
-#endif
-#ifdef TEST_ENG_OPENSSL_HMAC
- || !ossl_register_hmac_meth()
- || !ENGINE_set_pkey_meths(e, ossl_pkey_meths)
-#endif
- )
- return 0;
- /*
- * If we add errors to this ENGINE, ensure the error handling is setup
- * here
- */
- /* openssl_load_error_strings(); */
- return 1;
-}
-
-static ENGINE *engine_openssl(void)
-{
- ENGINE *ret = ENGINE_new();
- if (ret == NULL)
- return NULL;
- if (!bind_helper(ret)) {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
-}
-
-void engine_load_openssl_int(void)
-{
- ENGINE *toadd = engine_openssl();
- if (!toadd)
- return;
-
- ERR_set_mark();
- ENGINE_add(toadd);
- /*
- * If the "add" worked, it gets a structural reference. So either way, we
- * release our just-created reference.
- */
- ENGINE_free(toadd);
- /*
- * If the "add" didn't work, it was probably a conflict because it was
- * already added (eg. someone calling ENGINE_load_blah then calling
- * ENGINE_load_builtin_engines() perhaps).
- */
- ERR_pop_to_mark();
-}
-
-/*
- * This stuff is needed if this ENGINE is being compiled into a
- * self-contained shared-library.
- */
-#ifdef ENGINE_DYNAMIC_SUPPORT
-static int bind_fn(ENGINE *e, const char *id)
-{
- if (id && (strcmp(id, engine_openssl_id) != 0))
- return 0;
- if (!bind_helper(e))
- return 0;
- return 1;
-}
-
-IMPLEMENT_DYNAMIC_CHECK_FN()
- IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
-#endif /* ENGINE_DYNAMIC_SUPPORT */
-#ifdef TEST_ENG_OPENSSL_RC4
-/*-
- * This section of code compiles an "alternative implementation" of two modes of
- * RC4 into this ENGINE. The result is that EVP_CIPHER operation for "rc4"
- * should under normal circumstances go via this support rather than the default
- * EVP support. There are other symbols to tweak the testing;
- * TEST_ENC_OPENSSL_RC4_OTHERS - print a one line message to stderr each time
- * we're asked for a cipher we don't support (should not happen).
- * TEST_ENG_OPENSSL_RC4_P_INIT - print a one line message to stderr each time
- * the "init_key" handler is called.
- * TEST_ENG_OPENSSL_RC4_P_CIPHER - ditto for the "cipher" handler.
- */
-# include <openssl/rc4.h>
-# define TEST_RC4_KEY_SIZE 16
-typedef struct {
- unsigned char key[TEST_RC4_KEY_SIZE];
- RC4_KEY ks;
-} TEST_RC4_KEY;
-# define test(ctx) ((TEST_RC4_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx))
-static int test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
-{
- const int n = EVP_CIPHER_CTX_get_key_length(ctx);
-
-# ifdef TEST_ENG_OPENSSL_RC4_P_INIT
- fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_init_key() called\n");
-# endif
- if (n <= 0)
- return n;
- memcpy(&test(ctx)->key[0], key, n);
- RC4_set_key(&test(ctx)->ks, n, test(ctx)->key);
- return 1;
-}
-
-static int test_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, size_t inl)
-{
-# ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER
- fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n");
-# endif
- RC4(&test(ctx)->ks, inl, in, out);
- return 1;
-}
-
-static EVP_CIPHER *r4_cipher = NULL;
-static const EVP_CIPHER *test_r4_cipher(void)
-{
- if (r4_cipher == NULL) {
- EVP_CIPHER *cipher;
-
- if ((cipher = EVP_CIPHER_meth_new(NID_rc4, 1, TEST_RC4_KEY_SIZE)) == NULL
- || !EVP_CIPHER_meth_set_iv_length(cipher, 0)
- || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_VARIABLE_LENGTH)
- || !EVP_CIPHER_meth_set_init(cipher, test_rc4_init_key)
- || !EVP_CIPHER_meth_set_do_cipher(cipher, test_rc4_cipher)
- || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(TEST_RC4_KEY))) {
- EVP_CIPHER_meth_free(cipher);
- cipher = NULL;
- }
- r4_cipher = cipher;
- }
- return r4_cipher;
-}
-static void test_r4_cipher_destroy(void)
-{
- EVP_CIPHER_meth_free(r4_cipher);
- r4_cipher = NULL;
-}
-
-static EVP_CIPHER *r4_40_cipher = NULL;
-static const EVP_CIPHER *test_r4_40_cipher(void)
-{
- if (r4_40_cipher == NULL) {
- EVP_CIPHER *cipher;
-
- if ((cipher = EVP_CIPHER_meth_new(NID_rc4, 1, 5 /* 40 bits */)) == NULL
- || !EVP_CIPHER_meth_set_iv_length(cipher, 0)
- || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_VARIABLE_LENGTH)
- || !EVP_CIPHER_meth_set_init(cipher, test_rc4_init_key)
- || !EVP_CIPHER_meth_set_do_cipher(cipher, test_rc4_cipher)
- || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(TEST_RC4_KEY))) {
- EVP_CIPHER_meth_free(cipher);
- cipher = NULL;
- }
- r4_40_cipher = cipher;
- }
- return r4_40_cipher;
-}
-static void test_r4_40_cipher_destroy(void)
-{
- EVP_CIPHER_meth_free(r4_40_cipher);
- r4_40_cipher = NULL;
-}
-static int test_cipher_nids(const int **nids)
-{
- static int cipher_nids[4] = { 0, 0, 0, 0 };
- static int pos = 0;
- static int init = 0;
-
- if (!init) {
- const EVP_CIPHER *cipher;
- if ((cipher = test_r4_cipher()) != NULL)
- cipher_nids[pos++] = EVP_CIPHER_get_nid(cipher);
- if ((cipher = test_r4_40_cipher()) != NULL)
- cipher_nids[pos++] = EVP_CIPHER_get_nid(cipher);
- cipher_nids[pos] = 0;
- init = 1;
- }
- *nids = cipher_nids;
- return pos;
-}
-
-static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
- const int **nids, int nid)
-{
- if (!cipher) {
- /* We are returning a list of supported nids */
- return test_cipher_nids(nids);
- }
- /* We are being asked for a specific cipher */
- if (nid == NID_rc4)
- *cipher = test_r4_cipher();
- else if (nid == NID_rc4_40)
- *cipher = test_r4_40_cipher();
- else {
-# ifdef TEST_ENG_OPENSSL_RC4_OTHERS
- fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) returning NULL for "
- "nid %d\n", nid);
-# endif
- *cipher = NULL;
- return 0;
- }
- return 1;
-}
-#endif
-
-#ifdef TEST_ENG_OPENSSL_SHA
-/* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */
-# include <openssl/sha.h>
-
-static int test_sha1_init(EVP_MD_CTX *ctx)
-{
-# ifdef TEST_ENG_OPENSSL_SHA_P_INIT
- fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n");
-# endif
- return SHA1_Init(EVP_MD_CTX_get0_md_data(ctx));
-}
-
-static int test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count)
-{
-# ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE
- fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n");
-# endif
- return SHA1_Update(EVP_MD_CTX_get0_md_data(ctx), data, count);
-}
-
-static int test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
-{
-# ifdef TEST_ENG_OPENSSL_SHA_P_FINAL
- fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n");
-# endif
- return SHA1_Final(md, EVP_MD_CTX_get0_md_data(ctx));
-}
-
-static EVP_MD *sha1_md = NULL;
-static const EVP_MD *test_sha_md(void)
-{
- if (sha1_md == NULL) {
- EVP_MD *md;
-
- if ((md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption)) == NULL
- || !EVP_MD_meth_set_result_size(md, SHA_DIGEST_LENGTH)
- || !EVP_MD_meth_set_input_blocksize(md, SHA_CBLOCK)
- || !EVP_MD_meth_set_app_datasize(md,
- sizeof(EVP_MD *) + sizeof(SHA_CTX))
- || !EVP_MD_meth_set_flags(md, 0)
- || !EVP_MD_meth_set_init(md, test_sha1_init)
- || !EVP_MD_meth_set_update(md, test_sha1_update)
- || !EVP_MD_meth_set_final(md, test_sha1_final)) {
- EVP_MD_meth_free(md);
- md = NULL;
- }
- sha1_md = md;
- }
- return sha1_md;
-}
-static void test_sha_md_destroy(void)
-{
- EVP_MD_meth_free(sha1_md);
- sha1_md = NULL;
-}
-static int test_digest_nids(const int **nids)
-{
- static int digest_nids[2] = { 0, 0 };
- static int pos = 0;
- static int init = 0;
-
- if (!init) {
- const EVP_MD *md;
- if ((md = test_sha_md()) != NULL)
- digest_nids[pos++] = EVP_MD_get_type(md);
- digest_nids[pos] = 0;
- init = 1;
- }
- *nids = digest_nids;
- return pos;
-}
-
-static int openssl_digests(ENGINE *e, const EVP_MD **digest,
- const int **nids, int nid)
-{
- if (!digest) {
- /* We are returning a list of supported nids */
- return test_digest_nids(nids);
- }
- /* We are being asked for a specific digest */
- if (nid == NID_sha1)
- *digest = test_sha_md();
- else {
-# ifdef TEST_ENG_OPENSSL_SHA_OTHERS
- fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for "
- "nid %d\n", nid);
-# endif
- *digest = NULL;
- return 0;
- }
- return 1;
-}
-#endif
-
-#ifdef TEST_ENG_OPENSSL_PKEY
-static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
- UI_METHOD *ui_method,
- void *callback_data)
-{
- BIO *in;
- EVP_PKEY *key;
- fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n",
- key_id);
-# if defined(OPENSSL_SYS_WINDOWS)
- in = BIO_new_file(key_id, "rb");
-# else
- in = BIO_new_file(key_id, "r");
-# endif
- if (!in)
- return NULL;
- key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL);
- BIO_free(in);
- return key;
-}
-#endif
-
-#ifdef TEST_ENG_OPENSSL_HMAC
-
-/*
- * Experimental HMAC redirection implementation: mainly copied from
- * hm_pmeth.c
- */
-
-/* HMAC pkey context structure */
-
-typedef struct {
- const EVP_MD *md; /* MD for HMAC use */
- ASN1_OCTET_STRING ktmp; /* Temp storage for key */
- HMAC_CTX *ctx;
-} OSSL_HMAC_PKEY_CTX;
-
-static int ossl_hmac_init(EVP_PKEY_CTX *ctx)
-{
- OSSL_HMAC_PKEY_CTX *hctx;
-
- if ((hctx = OPENSSL_zalloc(sizeof(*hctx))) == NULL)
- return 0;
- hctx->ktmp.type = V_ASN1_OCTET_STRING;
- hctx->ctx = HMAC_CTX_new();
- if (hctx->ctx == NULL) {
- OPENSSL_free(hctx);
- return 0;
- }
- EVP_PKEY_CTX_set_data(ctx, hctx);
- EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0);
-# ifdef TEST_ENG_OPENSSL_HMAC_INIT
- fprintf(stderr, "(TEST_ENG_OPENSSL_HMAC) ossl_hmac_init() called\n");
-# endif
- return 1;
-}
-
-static void ossl_hmac_cleanup(EVP_PKEY_CTX *ctx);
-
-static int ossl_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
-{
- OSSL_HMAC_PKEY_CTX *sctx, *dctx;
-
- /* allocate memory for dst->data and a new HMAC_CTX in dst->data->ctx */
- if (!ossl_hmac_init(dst))
- return 0;
- sctx = EVP_PKEY_CTX_get_data(src);
- dctx = EVP_PKEY_CTX_get_data(dst);
- dctx->md = sctx->md;
- if (!HMAC_CTX_copy(dctx->ctx, sctx->ctx))
- goto err;
- if (sctx->ktmp.data) {
- if (!ASN1_OCTET_STRING_set(&dctx->ktmp,
- sctx->ktmp.data, sctx->ktmp.length))
- goto err;
- }
- return 1;
-err:
- /* release HMAC_CTX in dst->data->ctx and memory allocated for dst->data */
- ossl_hmac_cleanup(dst);
- return 0;
-}
-
-static void ossl_hmac_cleanup(EVP_PKEY_CTX *ctx)
-{
- OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
-
- if (hctx) {
- HMAC_CTX_free(hctx->ctx);
- OPENSSL_clear_free(hctx->ktmp.data, hctx->ktmp.length);
- OPENSSL_free(hctx);
- EVP_PKEY_CTX_set_data(ctx, NULL);
- }
-}
-
-static int ossl_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
-{
- ASN1_OCTET_STRING *hkey = NULL;
- OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
- if (!hctx->ktmp.data)
- return 0;
- hkey = ASN1_OCTET_STRING_dup(&hctx->ktmp);
- if (!hkey)
- return 0;
- EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, hkey);
-
- return 1;
-}
-
-static int ossl_int_update(EVP_MD_CTX *ctx, const void *data, size_t count)
-{
- OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(EVP_MD_CTX_get_pkey_ctx(ctx));
- if (!HMAC_Update(hctx->ctx, data, count))
- return 0;
- return 1;
-}
-
-static int ossl_hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
-{
- EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
- EVP_MD_CTX_set_update_fn(mctx, ossl_int_update);
- return 1;
-}
-
-static int ossl_hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig,
- size_t *siglen, EVP_MD_CTX *mctx)
-{
- unsigned int hlen;
- OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
- int l = EVP_MD_CTX_get_size(mctx);
-
- if (l < 0)
- return 0;
- *siglen = l;
- if (!sig)
- return 1;
-
- if (!HMAC_Final(hctx->ctx, sig, &hlen))
- return 0;
- *siglen = (size_t)hlen;
- return 1;
-}
-
-static int ossl_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
-{
- OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
- EVP_PKEY *pk;
- ASN1_OCTET_STRING *key;
- switch (type) {
-
- case EVP_PKEY_CTRL_SET_MAC_KEY:
- if ((!p2 && p1 > 0) || (p1 < -1))
- return 0;
- if (!ASN1_OCTET_STRING_set(&hctx->ktmp, p2, p1))
- return 0;
- break;
-
- case EVP_PKEY_CTRL_MD:
- hctx->md = p2;
- break;
-
- case EVP_PKEY_CTRL_DIGESTINIT:
- pk = EVP_PKEY_CTX_get0_pkey(ctx);
- key = EVP_PKEY_get0(pk);
- if (!HMAC_Init_ex(hctx->ctx, key->data, key->length, hctx->md, NULL))
- return 0;
- break;
-
- default:
- return -2;
-
- }
- return 1;
-}
-
-static int ossl_hmac_ctrl_str(EVP_PKEY_CTX *ctx,
- const char *type, const char *value)
-{
- if (!value) {
- return 0;
- }
- if (strcmp(type, "key") == 0) {
- void *p = (void *)value;
- return ossl_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, -1, p);
- }
- if (strcmp(type, "hexkey") == 0) {
- unsigned char *key;
- int r;
- long keylen;
- key = OPENSSL_hexstr2buf(value, &keylen);
- if (!key)
- return 0;
- r = ossl_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key);
- OPENSSL_free(key);
- return r;
- }
- return -2;
-}
-
-static EVP_PKEY_METHOD *ossl_hmac_meth;
-
-static int ossl_register_hmac_meth(void)
-{
- EVP_PKEY_METHOD *meth;
- meth = EVP_PKEY_meth_new(EVP_PKEY_HMAC, 0);
- if (meth == NULL)
- return 0;
- EVP_PKEY_meth_set_init(meth, ossl_hmac_init);
- EVP_PKEY_meth_set_copy(meth, ossl_hmac_copy);
- EVP_PKEY_meth_set_cleanup(meth, ossl_hmac_cleanup);
-
- EVP_PKEY_meth_set_keygen(meth, 0, ossl_hmac_keygen);
-
- EVP_PKEY_meth_set_signctx(meth, ossl_hmac_signctx_init,
- ossl_hmac_signctx);
-
- EVP_PKEY_meth_set_ctrl(meth, ossl_hmac_ctrl, ossl_hmac_ctrl_str);
- ossl_hmac_meth = meth;
- return 1;
-}
-
-static int ossl_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
- const int **nids, int nid)
-{
- static int ossl_pkey_nids[] = {
- EVP_PKEY_HMAC,
- 0
- };
-
- if (pmeth == NULL) {
- *nids = ossl_pkey_nids;
- return 1;
- }
-
- if (nid == EVP_PKEY_HMAC) {
- *pmeth = ossl_hmac_meth;
- return 1;
- }
-
- *pmeth = NULL;
- return 0;
-}
-
-#endif
-
-int openssl_destroy(ENGINE *e)
-{
- test_sha_md_destroy();
-#ifdef TEST_ENG_OPENSSL_RC4
- test_r4_cipher_destroy();
- test_r4_40_cipher_destroy();
-#endif
- return 1;
-}
-
+++ /dev/null
-/*
- * Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/* We need to use some engine deprecated APIs */
-#define OPENSSL_SUPPRESS_DEPRECATED
-
-#include "eng_local.h"
-
-/* Basic get/set stuff */
-
-int ENGINE_set_load_privkey_function(ENGINE *e,
- ENGINE_LOAD_KEY_PTR loadpriv_f)
-{
- e->load_privkey = loadpriv_f;
- return 1;
-}
-
-int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f)
-{
- e->load_pubkey = loadpub_f;
- return 1;
-}
-
-int ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
- ENGINE_SSL_CLIENT_CERT_PTR
- loadssl_f)
-{
- e->load_ssl_client_cert = loadssl_f;
- return 1;
-}
-
-ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e)
-{
- return e->load_privkey;
-}
-
-ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e)
-{
- return e->load_pubkey;
-}
-
-ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE
- *e)
-{
- return e->load_ssl_client_cert;
-}
-
-/* API functions to load public/private keys */
-
-EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
- UI_METHOD *ui_method, void *callback_data)
-{
- EVP_PKEY *pkey;
-
- if (e == NULL) {
- ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER);
- return NULL;
- }
- if (!CRYPTO_THREAD_write_lock(global_engine_lock))
- return NULL;
- if (e->funct_ref == 0) {
- CRYPTO_THREAD_unlock(global_engine_lock);
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_NOT_INITIALISED);
- return NULL;
- }
- CRYPTO_THREAD_unlock(global_engine_lock);
- if (!e->load_privkey) {
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_NO_LOAD_FUNCTION);
- return NULL;
- }
- pkey = e->load_privkey(e, key_id, ui_method, callback_data);
- if (pkey == NULL) {
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
- return NULL;
- }
- return pkey;
-}
-
-EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
- UI_METHOD *ui_method, void *callback_data)
-{
- EVP_PKEY *pkey;
-
- if (e == NULL) {
- ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER);
- return NULL;
- }
- if (!CRYPTO_THREAD_write_lock(global_engine_lock))
- return NULL;
- if (e->funct_ref == 0) {
- CRYPTO_THREAD_unlock(global_engine_lock);
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_NOT_INITIALISED);
- return NULL;
- }
- CRYPTO_THREAD_unlock(global_engine_lock);
- if (!e->load_pubkey) {
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_NO_LOAD_FUNCTION);
- return NULL;
- }
- pkey = e->load_pubkey(e, key_id, ui_method, callback_data);
- if (pkey == NULL) {
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
- return NULL;
- }
- return pkey;
-}
-
-int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
- STACK_OF(X509_NAME) *ca_dn, X509 **pcert,
- EVP_PKEY **ppkey, STACK_OF(X509) **pother,
- UI_METHOD *ui_method, void *callback_data)
-{
-
- if (e == NULL) {
- ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if (!CRYPTO_THREAD_write_lock(global_engine_lock))
- return 0;
- if (e->funct_ref == 0) {
- CRYPTO_THREAD_unlock(global_engine_lock);
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_NOT_INITIALISED);
- return 0;
- }
- CRYPTO_THREAD_unlock(global_engine_lock);
- if (!e->load_ssl_client_cert) {
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_NO_LOAD_FUNCTION);
- return 0;
- }
- return e->load_ssl_client_cert(e, s, ca_dn, pcert, ppkey, pother,
- ui_method, callback_data);
-}
+++ /dev/null
-/*
- * Copyright 2011-2023 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/* We need to use some engine deprecated APIs */
-#define OPENSSL_SUPPRESS_DEPRECATED
-
-#include <openssl/opensslconf.h>
-
-#include <stdio.h>
-#include <string.h>
-#include "crypto/engine.h"
-#include "internal/cryptlib.h"
-#include <openssl/rand.h>
-#include <openssl/err.h>
-#include <openssl/crypto.h>
-
-#if defined(__has_feature)
-# if __has_feature(memory_sanitizer)
-# include <sanitizer/msan_interface.h>
-# endif
-#endif
-
-#if (defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
- defined(__x86_64) || defined(__x86_64__) || \
- defined(_M_AMD64) || defined (_M_X64)) && defined(OPENSSL_CPUID_OBJ)
-
-size_t OPENSSL_ia32_rdrand_bytes(unsigned char *buf, size_t len);
-
-static int get_random_bytes(unsigned char *buf, int num)
-{
- if (num < 0) {
- return 0;
- }
-
-# if defined(__has_feature)
-# if __has_feature(memory_sanitizer)
- /*
- * MemorySanitizer fails to understand asm and produces false positive
- * use-of-uninitialized-value warnings.
- */
- __msan_unpoison(buf, num);
-# endif
-# endif
-
- return (size_t)num == OPENSSL_ia32_rdrand_bytes(buf, (size_t)num);
-}
-
-static int random_status(void)
-{
- return 1;
-}
-
-static RAND_METHOD rdrand_meth = {
- NULL, /* seed */
- get_random_bytes,
- NULL, /* cleanup */
- NULL, /* add */
- get_random_bytes,
- random_status,
-};
-
-static int rdrand_init(ENGINE *e)
-{
- return 1;
-}
-
-static const char *engine_e_rdrand_id = "rdrand";
-static const char *engine_e_rdrand_name = "Intel RDRAND engine";
-
-static int bind_helper(ENGINE *e)
-{
- if (!ENGINE_set_id(e, engine_e_rdrand_id) ||
- !ENGINE_set_name(e, engine_e_rdrand_name) ||
- !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL) ||
- !ENGINE_set_init_function(e, rdrand_init) ||
- !ENGINE_set_RAND(e, &rdrand_meth))
- return 0;
-
- return 1;
-}
-
-static ENGINE *ENGINE_rdrand(void)
-{
- ENGINE *ret = ENGINE_new();
- if (ret == NULL)
- return NULL;
- if (!bind_helper(ret)) {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
-}
-
-void engine_load_rdrand_int(void)
-{
- if (OPENSSL_ia32cap_P[1] & (1 << (62 - 32))) {
- ENGINE *toadd = ENGINE_rdrand();
- if (!toadd)
- return;
- ERR_set_mark();
- ENGINE_add(toadd);
- /*
- * If the "add" worked, it gets a structural reference. So either way, we
- * release our just-created reference.
- */
- ENGINE_free(toadd);
- /*
- * If the "add" didn't work, it was probably a conflict because it was
- * already added (eg. someone calling ENGINE_load_blah then calling
- * ENGINE_load_builtin_engines() perhaps).
- */
- ERR_pop_to_mark();
- }
-}
-#else
-void engine_load_rdrand_int(void)
-{
-}
-#endif
+++ /dev/null
-/*
- * Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include "internal/cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/lhash.h>
-#include <openssl/trace.h>
-#include "eng_local.h"
-
-/* The type of the items in the table */
-struct st_engine_pile {
- /* The 'nid' of this algorithm/mode */
- int nid;
- /* ENGINEs that implement this algorithm/mode. */
- STACK_OF(ENGINE) *sk;
- /* The default ENGINE to perform this algorithm/mode. */
- ENGINE *funct;
- /*
- * Zero if 'sk' is newer than the cached 'funct', non-zero otherwise
- */
- int uptodate;
-};
-
-/* The type exposed in eng_local.h */
-struct st_engine_table {
- LHASH_OF(ENGINE_PILE) piles;
-}; /* ENGINE_TABLE */
-
-typedef struct st_engine_pile_doall {
- engine_table_doall_cb *cb;
- void *arg;
-} ENGINE_PILE_DOALL;
-
-/* Global flags (ENGINE_TABLE_FLAG_***). */
-static unsigned int table_flags = 0;
-
-/* API function manipulating 'table_flags' */
-unsigned int ENGINE_get_table_flags(void)
-{
- return table_flags;
-}
-
-void ENGINE_set_table_flags(unsigned int flags)
-{
- table_flags = flags;
-}
-
-/* Internal functions for the "piles" hash table */
-static unsigned long engine_pile_hash(const ENGINE_PILE *c)
-{
- return c->nid;
-}
-
-static int engine_pile_cmp(const ENGINE_PILE *a, const ENGINE_PILE *b)
-{
- return a->nid - b->nid;
-}
-
-static int int_table_check(ENGINE_TABLE **t, int create)
-{
- LHASH_OF(ENGINE_PILE) *lh;
-
- if (*t)
- return 1;
- if (!create)
- return 0;
- if ((lh = lh_ENGINE_PILE_new(engine_pile_hash, engine_pile_cmp)) == NULL)
- return 0;
- *t = (ENGINE_TABLE *)lh;
- return 1;
-}
-
-/*
- * Privately exposed (via eng_local.h) functions for adding and/or removing
- * ENGINEs from the implementation table
- */
-int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
- ENGINE *e, const int *nids, int num_nids,
- int setdefault)
-{
- int ret = 0, added = 0;
- ENGINE_PILE tmplate, *fnd;
-
- if (!CRYPTO_THREAD_write_lock(global_engine_lock))
- return 0;
- if (!(*table))
- added = 1;
- if (!int_table_check(table, 1))
- goto end;
- /* The cleanup callback needs to be added */
- if (added && !engine_cleanup_add_first(cleanup)) {
- lh_ENGINE_PILE_free(&(*table)->piles);
- *table = NULL;
- goto end;
- }
- while (num_nids--) {
- tmplate.nid = *nids;
- fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate);
- if (!fnd) {
- fnd = OPENSSL_malloc(sizeof(*fnd));
- if (fnd == NULL)
- goto end;
- fnd->uptodate = 1;
- fnd->nid = *nids;
- fnd->sk = sk_ENGINE_new_null();
- if (!fnd->sk) {
- OPENSSL_free(fnd);
- goto end;
- }
- fnd->funct = NULL;
- (void)lh_ENGINE_PILE_insert(&(*table)->piles, fnd);
- if (lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate) != fnd) {
- sk_ENGINE_free(fnd->sk);
- OPENSSL_free(fnd);
- goto end;
- }
- }
- /* A registration shouldn't add duplicate entries */
- (void)sk_ENGINE_delete_ptr(fnd->sk, e);
- /*
- * if 'setdefault', this ENGINE goes to the head of the list
- */
- if (!sk_ENGINE_push(fnd->sk, e))
- goto end;
- /* "touch" this ENGINE_PILE */
- fnd->uptodate = 0;
- if (setdefault) {
- if (!engine_unlocked_init(e)) {
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INIT_FAILED);
- goto end;
- }
- if (fnd->funct)
- engine_unlocked_finish(fnd->funct, 0);
- fnd->funct = e;
- fnd->uptodate = 1;
- }
- nids++;
- }
- ret = 1;
- end:
- CRYPTO_THREAD_unlock(global_engine_lock);
- return ret;
-}
-
-static void int_unregister_cb(ENGINE_PILE *pile, ENGINE *e)
-{
- int n;
- /* Iterate the 'c->sk' stack removing any occurrence of 'e' */
- while ((n = sk_ENGINE_find(pile->sk, e)) >= 0) {
- (void)sk_ENGINE_delete(pile->sk, n);
- pile->uptodate = 0;
- }
- if (pile->funct == e) {
- engine_unlocked_finish(e, 0);
- pile->funct = NULL;
- }
-}
-
-IMPLEMENT_LHASH_DOALL_ARG(ENGINE_PILE, ENGINE);
-
-void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e)
-{
- if (!CRYPTO_THREAD_write_lock(global_engine_lock))
- /* Can't return a value. :( */
- return;
- if (int_table_check(table, 0))
- lh_ENGINE_PILE_doall_ENGINE(&(*table)->piles, int_unregister_cb, e);
- CRYPTO_THREAD_unlock(global_engine_lock);
-}
-
-static void int_cleanup_cb_doall(ENGINE_PILE *p)
-{
- if (p == NULL)
- return;
- sk_ENGINE_free(p->sk);
- if (p->funct)
- engine_unlocked_finish(p->funct, 0);
- OPENSSL_free(p);
-}
-
-void engine_table_cleanup(ENGINE_TABLE **table)
-{
- if (!CRYPTO_THREAD_write_lock(global_engine_lock))
- return;
- if (*table) {
- lh_ENGINE_PILE_doall(&(*table)->piles, int_cleanup_cb_doall);
- lh_ENGINE_PILE_free(&(*table)->piles);
- *table = NULL;
- }
- CRYPTO_THREAD_unlock(global_engine_lock);
-}
-
-/* return a functional reference for a given 'nid' */
-ENGINE *ossl_engine_table_select(ENGINE_TABLE **table, int nid,
- const char *f, int l)
-{
- ENGINE *ret = NULL;
- ENGINE_PILE tmplate, *fnd = NULL;
- int initres, loop = 0;
-
-#ifndef OPENSSL_NO_AUTOLOAD_CONFIG
- /* Load the config before trying to check if engines are available */
- OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
-#endif
-
- if (!(*table))
- return NULL;
-
- if (!CRYPTO_THREAD_write_lock(global_engine_lock))
- return NULL;
-
- ERR_set_mark();
- /*
- * Check again inside the lock otherwise we could race against cleanup
- * operations. But don't worry about a debug printout
- */
- if (!int_table_check(table, 0))
- goto end;
- tmplate.nid = nid;
- fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate);
- if (!fnd)
- goto end;
- if (fnd->funct && engine_unlocked_init(fnd->funct)) {
- ret = fnd->funct;
- goto end;
- }
- if (fnd->uptodate) {
- ret = fnd->funct;
- goto end;
- }
- trynext:
- ret = sk_ENGINE_value(fnd->sk, loop++);
- if (!ret)
- goto end;
- /* Try to initialise the ENGINE? */
- if ((ret->funct_ref > 0) || !(table_flags & ENGINE_TABLE_FLAG_NOINIT))
- initres = engine_unlocked_init(ret);
- else
- initres = 0;
- if (initres) {
- /* Update 'funct' */
- if ((fnd->funct != ret) && engine_unlocked_init(ret)) {
- /* If there was a previous default we release it. */
- if (fnd->funct)
- engine_unlocked_finish(fnd->funct, 0);
- fnd->funct = ret;
- }
- goto end;
- }
- goto trynext;
- end:
- /*
- * If it failed, it is unlikely to succeed again until some future
- * registrations have taken place. In all cases, we cache.
- */
- if (fnd)
- fnd->uptodate = 1;
- CRYPTO_THREAD_unlock(global_engine_lock);
- /*
- * Whatever happened, any failed init()s are not failures in this
- * context, so clear our error state.
- */
- ERR_pop_to_mark();
- return ret;
-}
-
-/* Table enumeration */
-
-static void int_dall(const ENGINE_PILE *pile, ENGINE_PILE_DOALL *dall)
-{
- dall->cb(pile->nid, pile->sk, pile->funct, dall->arg);
-}
-
-IMPLEMENT_LHASH_DOALL_ARG_CONST(ENGINE_PILE, ENGINE_PILE_DOALL);
-
-void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb,
- void *arg)
-{
- ENGINE_PILE_DOALL dall;
- dall.cb = cb;
- dall.arg = arg;
- if (table)
- lh_ENGINE_PILE_doall_ENGINE_PILE_DOALL(&table->piles, int_dall, &dall);
-}
+++ /dev/null
-/*
- * Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/* We need to use some engine deprecated APIs */
-#define OPENSSL_SUPPRESS_DEPRECATED
-
-#include "internal/e_os.h"
-#include "eng_local.h"
-#include <openssl/evp.h>
-#include "crypto/asn1.h"
-
-/*
- * If this symbol is defined then ENGINE_get_pkey_asn1_meth_engine(), the
- * function that is used by EVP to hook in pkey_asn1_meth code and cache
- * defaults (etc), will display brief debugging summaries to stderr with the
- * 'nid'.
- */
-/* #define ENGINE_PKEY_ASN1_METH_DEBUG */
-
-static ENGINE_TABLE *pkey_asn1_meth_table = NULL;
-
-void ENGINE_unregister_pkey_asn1_meths(ENGINE *e)
-{
- engine_table_unregister(&pkey_asn1_meth_table, e);
-}
-
-static void engine_unregister_all_pkey_asn1_meths(void)
-{
- engine_table_cleanup(&pkey_asn1_meth_table);
-}
-
-int ENGINE_register_pkey_asn1_meths(ENGINE *e)
-{
- if (e->pkey_asn1_meths) {
- const int *nids;
- int num_nids = e->pkey_asn1_meths(e, NULL, &nids, 0);
- if (num_nids > 0)
- return engine_table_register(&pkey_asn1_meth_table,
- engine_unregister_all_pkey_asn1_meths,
- e, nids, num_nids, 0);
- }
- return 1;
-}
-
-void ENGINE_register_all_pkey_asn1_meths(void)
-{
- ENGINE *e;
-
- for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
- ENGINE_register_pkey_asn1_meths(e);
-}
-
-int ENGINE_set_default_pkey_asn1_meths(ENGINE *e)
-{
- if (e->pkey_asn1_meths) {
- const int *nids;
- int num_nids = e->pkey_asn1_meths(e, NULL, &nids, 0);
- if (num_nids > 0)
- return engine_table_register(&pkey_asn1_meth_table,
- engine_unregister_all_pkey_asn1_meths,
- e, nids, num_nids, 1);
- }
- return 1;
-}
-
-/*
- * Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references) for a given pkey_asn1_meth 'nid'
- */
-ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid)
-{
- return ossl_engine_table_select(&pkey_asn1_meth_table, nid,
- OPENSSL_FILE, OPENSSL_LINE);
-}
-
-/*
- * Obtains a pkey_asn1_meth implementation from an ENGINE functional
- * reference
- */
-const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid)
-{
- EVP_PKEY_ASN1_METHOD *ret;
- ENGINE_PKEY_ASN1_METHS_PTR fn = ENGINE_get_pkey_asn1_meths(e);
- if (!fn || !fn(e, &ret, NULL, nid)) {
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD);
- return NULL;
- }
- return ret;
-}
-
-/* Gets the pkey_asn1_meth callback from an ENGINE structure */
-ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e)
-{
- return e->pkey_asn1_meths;
-}
-
-/* Sets the pkey_asn1_meth callback in an ENGINE structure */
-int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f)
-{
- e->pkey_asn1_meths = f;
- return 1;
-}
-
-/*
- * Internal function to free up EVP_PKEY_ASN1_METHOD structures before an
- * ENGINE is destroyed
- */
-
-void engine_pkey_asn1_meths_free(ENGINE *e)
-{
- int i;
- EVP_PKEY_ASN1_METHOD *pkm;
- if (e->pkey_asn1_meths) {
- const int *pknids;
- int npknids;
- npknids = e->pkey_asn1_meths(e, NULL, &pknids, 0);
- for (i = 0; i < npknids; i++) {
- if (e->pkey_asn1_meths(e, &pkm, NULL, pknids[i])) {
- EVP_PKEY_asn1_free(pkm);
- }
- }
- }
-}
-
-/*
- * Find a method based on a string. This does a linear search through all
- * implemented algorithms. This is OK in practice because only a small number
- * of algorithms are likely to be implemented in an engine and it is not used
- * for speed critical operations.
- */
-
-const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e,
- const char *str,
- int len)
-{
- int i, nidcount;
- const int *nids;
- EVP_PKEY_ASN1_METHOD *ameth;
- if (!e->pkey_asn1_meths)
- return NULL;
- if (len == -1)
- len = (int)strlen(str);
- nidcount = e->pkey_asn1_meths(e, NULL, &nids, 0);
- for (i = 0; i < nidcount; i++) {
- e->pkey_asn1_meths(e, &ameth, NULL, nids[i]);
- if (ameth != NULL
- && ((int)strlen(ameth->pem_str) == len)
- && OPENSSL_strncasecmp(ameth->pem_str, str, len) == 0)
- return ameth;
- }
- return NULL;
-}
-
-typedef struct {
- ENGINE *e;
- const EVP_PKEY_ASN1_METHOD *ameth;
- const char *str;
- int len;
-} ENGINE_FIND_STR;
-
-static void look_str_cb(int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg)
-{
- ENGINE_FIND_STR *lk = arg;
- int i;
- if (lk->ameth)
- return;
- for (i = 0; i < sk_ENGINE_num(sk); i++) {
- ENGINE *e = sk_ENGINE_value(sk, i);
- EVP_PKEY_ASN1_METHOD *ameth;
- e->pkey_asn1_meths(e, &ameth, NULL, nid);
- if (ameth != NULL
- && ((int)strlen(ameth->pem_str) == lk->len)
- && OPENSSL_strncasecmp(ameth->pem_str, lk->str, lk->len) == 0) {
- lk->e = e;
- lk->ameth = ameth;
- return;
- }
- }
-}
-
-const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe,
- const char *str,
- int len)
-{
- ENGINE_FIND_STR fstr;
- fstr.e = NULL;
- fstr.ameth = NULL;
- fstr.str = str;
- fstr.len = len;
-
- if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) {
- /* Maybe this should be raised in do_engine_lock_init() */
- ERR_raise(ERR_LIB_ENGINE, ERR_R_CRYPTO_LIB);
- return NULL;
- }
-
- if (!CRYPTO_THREAD_read_lock(global_engine_lock))
- return NULL;
- engine_table_doall(pkey_asn1_meth_table, look_str_cb, &fstr);
- /* If found obtain a structural reference to engine */
- if (fstr.e != NULL) {
- int ref;
-
- if (!CRYPTO_UP_REF(&fstr.e->struct_ref, &ref)) {
- CRYPTO_THREAD_unlock(global_engine_lock);
- ERR_raise(ERR_LIB_ENGINE, ERR_R_CRYPTO_LIB);
- return NULL;
- }
- }
- *pe = fstr.e;
- CRYPTO_THREAD_unlock(global_engine_lock);
- return fstr.ameth;
-}
+++ /dev/null
-/*
- * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/* We need to use some engine deprecated APIs */
-#define OPENSSL_SUPPRESS_DEPRECATED
-
-#include "eng_local.h"
-
-static ENGINE_TABLE *cipher_table = NULL;
-
-void ENGINE_unregister_ciphers(ENGINE *e)
-{
- engine_table_unregister(&cipher_table, e);
-}
-
-static void engine_unregister_all_ciphers(void)
-{
- engine_table_cleanup(&cipher_table);
-}
-
-int ENGINE_register_ciphers(ENGINE *e)
-{
- if (e->ciphers) {
- const int *nids;
- int num_nids = e->ciphers(e, NULL, &nids, 0);
- if (num_nids > 0)
- return engine_table_register(&cipher_table,
- engine_unregister_all_ciphers, e,
- nids, num_nids, 0);
- }
- return 1;
-}
-
-void ENGINE_register_all_ciphers(void)
-{
- ENGINE *e;
-
- for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
- ENGINE_register_ciphers(e);
-}
-
-int ENGINE_set_default_ciphers(ENGINE *e)
-{
- if (e->ciphers) {
- const int *nids;
- int num_nids = e->ciphers(e, NULL, &nids, 0);
- if (num_nids > 0)
- return engine_table_register(&cipher_table,
- engine_unregister_all_ciphers, e,
- nids, num_nids, 1);
- }
- return 1;
-}
-
-/*
- * Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references) for a given cipher 'nid'
- */
-ENGINE *ENGINE_get_cipher_engine(int nid)
-{
- return ossl_engine_table_select(&cipher_table, nid,
- OPENSSL_FILE, OPENSSL_LINE);
-}
-
-/* Obtains a cipher implementation from an ENGINE functional reference */
-const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid)
-{
- const EVP_CIPHER *ret;
- ENGINE_CIPHERS_PTR fn = ENGINE_get_ciphers(e);
- if (!fn || !fn(e, &ret, NULL, nid)) {
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_UNIMPLEMENTED_CIPHER);
- return NULL;
- }
- return ret;
-}
-
-/* Gets the cipher callback from an ENGINE structure */
-ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e)
-{
- return e->ciphers;
-}
-
-/* Sets the cipher callback in an ENGINE structure */
-int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f)
-{
- e->ciphers = f;
- return 1;
-}
+++ /dev/null
-/*
- * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/* We need to use some engine deprecated APIs */
-#define OPENSSL_SUPPRESS_DEPRECATED
-
-#include "eng_local.h"
-
-static ENGINE_TABLE *dh_table = NULL;
-static const int dummy_nid = 1;
-
-void ENGINE_unregister_DH(ENGINE *e)
-{
- engine_table_unregister(&dh_table, e);
-}
-
-static void engine_unregister_all_DH(void)
-{
- engine_table_cleanup(&dh_table);
-}
-
-int ENGINE_register_DH(ENGINE *e)
-{
- if (e->dh_meth)
- return engine_table_register(&dh_table,
- engine_unregister_all_DH, e, &dummy_nid,
- 1, 0);
- return 1;
-}
-
-void ENGINE_register_all_DH(void)
-{
- ENGINE *e;
-
- for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
- ENGINE_register_DH(e);
-}
-
-int ENGINE_set_default_DH(ENGINE *e)
-{
- if (e->dh_meth)
- return engine_table_register(&dh_table,
- engine_unregister_all_DH, e, &dummy_nid,
- 1, 1);
- return 1;
-}
-
-/*
- * Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references).
- */
-ENGINE *ENGINE_get_default_DH(void)
-{
- return ossl_engine_table_select(&dh_table, dummy_nid,
- OPENSSL_FILE, OPENSSL_LINE);
-}
-
-/* Obtains an DH implementation from an ENGINE functional reference */
-const DH_METHOD *ENGINE_get_DH(const ENGINE *e)
-{
- return e->dh_meth;
-}
-
-/* Sets an DH implementation in an ENGINE structure */
-int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth)
-{
- e->dh_meth = dh_meth;
- return 1;
-}
+++ /dev/null
-/*
- * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/* We need to use some engine deprecated APIs */
-#define OPENSSL_SUPPRESS_DEPRECATED
-
-#include "eng_local.h"
-
-static ENGINE_TABLE *digest_table = NULL;
-
-void ENGINE_unregister_digests(ENGINE *e)
-{
- engine_table_unregister(&digest_table, e);
-}
-
-static void engine_unregister_all_digests(void)
-{
- engine_table_cleanup(&digest_table);
-}
-
-int ENGINE_register_digests(ENGINE *e)
-{
- if (e->digests) {
- const int *nids;
- int num_nids = e->digests(e, NULL, &nids, 0);
- if (num_nids > 0)
- return engine_table_register(&digest_table,
- engine_unregister_all_digests, e,
- nids, num_nids, 0);
- }
- return 1;
-}
-
-void ENGINE_register_all_digests(void)
-{
- ENGINE *e;
-
- for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
- ENGINE_register_digests(e);
-}
-
-int ENGINE_set_default_digests(ENGINE *e)
-{
- if (e->digests) {
- const int *nids;
- int num_nids = e->digests(e, NULL, &nids, 0);
- if (num_nids > 0)
- return engine_table_register(&digest_table,
- engine_unregister_all_digests, e,
- nids, num_nids, 1);
- }
- return 1;
-}
-
-/*
- * Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references) for a given digest 'nid'
- */
-ENGINE *ENGINE_get_digest_engine(int nid)
-{
- return ossl_engine_table_select(&digest_table, nid,
- OPENSSL_FILE, OPENSSL_LINE);
-}
-
-/* Obtains a digest implementation from an ENGINE functional reference */
-const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid)
-{
- const EVP_MD *ret;
- ENGINE_DIGESTS_PTR fn = ENGINE_get_digests(e);
- if (!fn || !fn(e, &ret, NULL, nid)) {
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_UNIMPLEMENTED_DIGEST);
- return NULL;
- }
- return ret;
-}
-
-/* Gets the digest callback from an ENGINE structure */
-ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e)
-{
- return e->digests;
-}
-
-/* Sets the digest callback in an ENGINE structure */
-int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f)
-{
- e->digests = f;
- return 1;
-}
+++ /dev/null
-/*
- * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/* We need to use some engine deprecated APIs */
-#define OPENSSL_SUPPRESS_DEPRECATED
-
-#include "eng_local.h"
-
-static ENGINE_TABLE *dsa_table = NULL;
-static const int dummy_nid = 1;
-
-void ENGINE_unregister_DSA(ENGINE *e)
-{
- engine_table_unregister(&dsa_table, e);
-}
-
-static void engine_unregister_all_DSA(void)
-{
- engine_table_cleanup(&dsa_table);
-}
-
-int ENGINE_register_DSA(ENGINE *e)
-{
- if (e->dsa_meth)
- return engine_table_register(&dsa_table,
- engine_unregister_all_DSA, e, &dummy_nid,
- 1, 0);
- return 1;
-}
-
-void ENGINE_register_all_DSA(void)
-{
- ENGINE *e;
-
- for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
- ENGINE_register_DSA(e);
-}
-
-int ENGINE_set_default_DSA(ENGINE *e)
-{
- if (e->dsa_meth)
- return engine_table_register(&dsa_table,
- engine_unregister_all_DSA, e, &dummy_nid,
- 1, 1);
- return 1;
-}
-
-/*
- * Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references).
- */
-ENGINE *ENGINE_get_default_DSA(void)
-{
- return ossl_engine_table_select(&dsa_table, dummy_nid,
- OPENSSL_FILE, OPENSSL_LINE);
-}
-
-/* Obtains an DSA implementation from an ENGINE functional reference */
-const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e)
-{
- return e->dsa_meth;
-}
-
-/* Sets an DSA implementation in an ENGINE structure */
-int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth)
-{
- e->dsa_meth = dsa_meth;
- return 1;
-}
+++ /dev/null
-/*
- * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/* We need to use some engine deprecated APIs */
-#define OPENSSL_SUPPRESS_DEPRECATED
-
-#include "eng_local.h"
-
-static ENGINE_TABLE *dh_table = NULL;
-static const int dummy_nid = 1;
-
-void ENGINE_unregister_EC(ENGINE *e)
-{
- engine_table_unregister(&dh_table, e);
-}
-
-static void engine_unregister_all_EC(void)
-{
- engine_table_cleanup(&dh_table);
-}
-
-int ENGINE_register_EC(ENGINE *e)
-{
- if (e->ec_meth != NULL)
- return engine_table_register(&dh_table,
- engine_unregister_all_EC, e, &dummy_nid,
- 1, 0);
- return 1;
-}
-
-void ENGINE_register_all_EC(void)
-{
- ENGINE *e;
-
- for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
- ENGINE_register_EC(e);
-}
-
-int ENGINE_set_default_EC(ENGINE *e)
-{
- if (e->ec_meth != NULL)
- return engine_table_register(&dh_table,
- engine_unregister_all_EC, e, &dummy_nid,
- 1, 1);
- return 1;
-}
-
-/*
- * Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references).
- */
-ENGINE *ENGINE_get_default_EC(void)
-{
- return ossl_engine_table_select(&dh_table, dummy_nid,
- OPENSSL_FILE, OPENSSL_LINE);
-}
-
-/* Obtains an EC_KEY implementation from an ENGINE functional reference */
-const EC_KEY_METHOD *ENGINE_get_EC(const ENGINE *e)
-{
- return e->ec_meth;
-}
-
-/* Sets an EC_KEY implementation in an ENGINE structure */
-int ENGINE_set_EC(ENGINE *e, const EC_KEY_METHOD *ec_meth)
-{
- e->ec_meth = ec_meth;
- return 1;
-}
+++ /dev/null
-/*
- * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/* We need to use some deprecated APIs */
-#include "internal/deprecated.h"
-
-#include "eng_local.h"
-#include <openssl/evp.h>
-
-static ENGINE_TABLE *pkey_meth_table = NULL;
-
-void ENGINE_unregister_pkey_meths(ENGINE *e)
-{
- engine_table_unregister(&pkey_meth_table, e);
-}
-
-static void engine_unregister_all_pkey_meths(void)
-{
- engine_table_cleanup(&pkey_meth_table);
-}
-
-int ENGINE_register_pkey_meths(ENGINE *e)
-{
- if (e->pkey_meths) {
- const int *nids;
- int num_nids = e->pkey_meths(e, NULL, &nids, 0);
- if (num_nids > 0)
- return engine_table_register(&pkey_meth_table,
- engine_unregister_all_pkey_meths, e,
- nids, num_nids, 0);
- }
- return 1;
-}
-
-void ENGINE_register_all_pkey_meths(void)
-{
- ENGINE *e;
-
- for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
- ENGINE_register_pkey_meths(e);
-}
-
-int ENGINE_set_default_pkey_meths(ENGINE *e)
-{
- if (e->pkey_meths) {
- const int *nids;
- int num_nids = e->pkey_meths(e, NULL, &nids, 0);
- if (num_nids > 0)
- return engine_table_register(&pkey_meth_table,
- engine_unregister_all_pkey_meths, e,
- nids, num_nids, 1);
- }
- return 1;
-}
-
-/*
- * Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references) for a given pkey_meth 'nid'
- */
-ENGINE *ENGINE_get_pkey_meth_engine(int nid)
-{
- return ossl_engine_table_select(&pkey_meth_table, nid,
- OPENSSL_FILE, OPENSSL_LINE);
-}
-
-/* Obtains a pkey_meth implementation from an ENGINE functional reference */
-const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid)
-{
- EVP_PKEY_METHOD *ret;
- ENGINE_PKEY_METHS_PTR fn = ENGINE_get_pkey_meths(e);
- if (!fn || !fn(e, &ret, NULL, nid)) {
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD);
- return NULL;
- }
- return ret;
-}
-
-/* Gets the pkey_meth callback from an ENGINE structure */
-ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e)
-{
- return e->pkey_meths;
-}
-
-/* Sets the pkey_meth callback in an ENGINE structure */
-int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f)
-{
- e->pkey_meths = f;
- return 1;
-}
-
-/*
- * Internal function to free up EVP_PKEY_METHOD structures before an ENGINE
- * is destroyed
- */
-
-void engine_pkey_meths_free(ENGINE *e)
-{
- int i;
- EVP_PKEY_METHOD *pkm;
- if (e->pkey_meths) {
- const int *pknids;
- int npknids;
- npknids = e->pkey_meths(e, NULL, &pknids, 0);
- for (i = 0; i < npknids; i++) {
- if (e->pkey_meths(e, &pkm, NULL, pknids[i])) {
- EVP_PKEY_meth_free(pkm);
- }
- }
- }
-}
+++ /dev/null
-/*
- * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/* We need to use some engine deprecated APIs */
-#define OPENSSL_SUPPRESS_DEPRECATED
-
-#include "eng_local.h"
-
-static ENGINE_TABLE *rand_table = NULL;
-static const int dummy_nid = 1;
-
-void ENGINE_unregister_RAND(ENGINE *e)
-{
- engine_table_unregister(&rand_table, e);
-}
-
-static void engine_unregister_all_RAND(void)
-{
- engine_table_cleanup(&rand_table);
-}
-
-int ENGINE_register_RAND(ENGINE *e)
-{
- if (e->rand_meth)
- return engine_table_register(&rand_table,
- engine_unregister_all_RAND, e,
- &dummy_nid, 1, 0);
- return 1;
-}
-
-void ENGINE_register_all_RAND(void)
-{
- ENGINE *e;
-
- for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
- ENGINE_register_RAND(e);
-}
-
-int ENGINE_set_default_RAND(ENGINE *e)
-{
- if (e->rand_meth)
- return engine_table_register(&rand_table,
- engine_unregister_all_RAND, e,
- &dummy_nid, 1, 1);
- return 1;
-}
-
-/*
- * Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references).
- */
-ENGINE *ENGINE_get_default_RAND(void)
-{
- return ossl_engine_table_select(&rand_table, dummy_nid,
- OPENSSL_FILE, OPENSSL_LINE);
-}
-
-/* Obtains an RAND implementation from an ENGINE functional reference */
-const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e)
-{
- return e->rand_meth;
-}
-
-/* Sets an RAND implementation in an ENGINE structure */
-int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth)
-{
- e->rand_meth = rand_meth;
- return 1;
-}
+++ /dev/null
-/*
- * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/* We need to use some engine deprecated APIs */
-#define OPENSSL_SUPPRESS_DEPRECATED
-
-#include "eng_local.h"
-
-static ENGINE_TABLE *rsa_table = NULL;
-static const int dummy_nid = 1;
-
-void ENGINE_unregister_RSA(ENGINE *e)
-{
- engine_table_unregister(&rsa_table, e);
-}
-
-static void engine_unregister_all_RSA(void)
-{
- engine_table_cleanup(&rsa_table);
-}
-
-int ENGINE_register_RSA(ENGINE *e)
-{
- if (e->rsa_meth)
- return engine_table_register(&rsa_table,
- engine_unregister_all_RSA, e, &dummy_nid,
- 1, 0);
- return 1;
-}
-
-void ENGINE_register_all_RSA(void)
-{
- ENGINE *e;
-
- for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
- ENGINE_register_RSA(e);
-}
-
-int ENGINE_set_default_RSA(ENGINE *e)
-{
- if (e->rsa_meth)
- return engine_table_register(&rsa_table,
- engine_unregister_all_RSA, e, &dummy_nid,
- 1, 1);
- return 1;
-}
-
-/*
- * Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references).
- */
-ENGINE *ENGINE_get_default_RSA(void)
-{
- return ossl_engine_table_select(&rsa_table, dummy_nid,
- OPENSSL_FILE, OPENSSL_LINE);
-}
-
-/* Obtains an RSA implementation from an ENGINE functional reference */
-const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e)
-{
- return e->rsa_meth;
-}
-
-/* Sets an RSA implementation in an ENGINE structure */
-int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth)
-{
- e->rsa_meth = rsa_meth;
- return 1;
-}
L PKCS12 include/openssl/pkcs12err.h crypto/pkcs12/pk12err.c include/crypto/pkcs12err.h
L RAND include/openssl/randerr.h crypto/rand/rand_err.c include/crypto/randerr.h
L DSO NONE crypto/dso/dso_err.c include/internal/dsoerr.h
-L ENGINE include/openssl/engineerr.h crypto/engine/eng_err.c include/crypto/engineerr.h
L OCSP include/openssl/ocsperr.h crypto/ocsp/ocsp_err.c include/crypto/ocsperr.h
L UI include/openssl/uierr.h crypto/ui/ui_err.c include/crypto/uierr.h
L COMP include/openssl/comperr.h crypto/comp/comp_err.c include/crypto/comperr.h
EC_R_UNSUPPORTED_FIELD:131:unsupported field
EC_R_WRONG_CURVE_PARAMETERS:145:wrong curve parameters
EC_R_WRONG_ORDER:130:wrong order
-ENGINE_R_ALREADY_LOADED:100:already loaded
-ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER:133:argument is not a number
-ENGINE_R_CMD_NOT_EXECUTABLE:134:cmd not executable
-ENGINE_R_COMMAND_TAKES_INPUT:135:command takes input
-ENGINE_R_COMMAND_TAKES_NO_INPUT:136:command takes no input
-ENGINE_R_CONFLICTING_ENGINE_ID:103:conflicting engine id
-ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED:119:ctrl command not implemented
-ENGINE_R_DSO_FAILURE:104:DSO failure
-ENGINE_R_DSO_NOT_FOUND:132:dso not found
-ENGINE_R_ENGINES_SECTION_ERROR:148:engines section error
-ENGINE_R_ENGINE_CONFIGURATION_ERROR:102:engine configuration error
-ENGINE_R_ENGINE_IS_NOT_IN_LIST:105:engine is not in the list
-ENGINE_R_ENGINE_SECTION_ERROR:149:engine section error
-ENGINE_R_FAILED_LOADING_PRIVATE_KEY:128:failed loading private key
-ENGINE_R_FAILED_LOADING_PUBLIC_KEY:129:failed loading public key
-ENGINE_R_FINISH_FAILED:106:finish failed
-ENGINE_R_ID_OR_NAME_MISSING:108:'id' or 'name' missing
-ENGINE_R_INIT_FAILED:109:init failed
-ENGINE_R_INTERNAL_LIST_ERROR:110:internal list error
-ENGINE_R_INVALID_ARGUMENT:143:invalid argument
-ENGINE_R_INVALID_CMD_NAME:137:invalid cmd name
-ENGINE_R_INVALID_CMD_NUMBER:138:invalid cmd number
-ENGINE_R_INVALID_INIT_VALUE:151:invalid init value
-ENGINE_R_INVALID_STRING:150:invalid string
-ENGINE_R_NOT_INITIALISED:117:not initialised
-ENGINE_R_NOT_LOADED:112:not loaded
-ENGINE_R_NO_CONTROL_FUNCTION:120:no control function
-ENGINE_R_NO_INDEX:144:no index
-ENGINE_R_NO_LOAD_FUNCTION:125:no load function
-ENGINE_R_NO_REFERENCE:130:no reference
-ENGINE_R_NO_SUCH_ENGINE:116:no such engine
-ENGINE_R_UNIMPLEMENTED_CIPHER:146:unimplemented cipher
-ENGINE_R_UNIMPLEMENTED_DIGEST:147:unimplemented digest
-ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD:101:unimplemented public key method
-ENGINE_R_VERSION_INCOMPATIBILITY:145:version incompatibility
ESS_R_EMPTY_ESS_CERT_ID_LIST:107:empty ess cert id list
ESS_R_ESS_CERT_DIGEST_ERROR:103:ess cert digest error
ESS_R_ESS_CERT_ID_NOT_FOUND:104:ess cert id not found
# define EC_F_VALIDATE_ECX_DERIVE 0
# endif
+# if !defined(OPENSSL_NO_ENGINE) || defined(OPENSSL_ENGINE_STUBS)
+/*
+ * ENGINE reason codes.
+ */
+# define ENGINE_R_ALREADY_LOADED 0
+# define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER 0
+# define ENGINE_R_CMD_NOT_EXECUTABLE 0
+# define ENGINE_R_COMMAND_TAKES_INPUT 0
+# define ENGINE_R_COMMAND_TAKES_NO_INPUT 0
+# define ENGINE_R_CONFLICTING_ENGINE_ID 0
+# define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 0
+# define ENGINE_R_DSO_FAILURE 0
+# define ENGINE_R_DSO_NOT_FOUND 0
+# define ENGINE_R_ENGINES_SECTION_ERROR 0
+# define ENGINE_R_ENGINE_CONFIGURATION_ERROR 0
+# define ENGINE_R_ENGINE_IS_NOT_IN_LIST 0
+# define ENGINE_R_ENGINE_SECTION_ERROR 0
+# define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 0
+# define ENGINE_R_FAILED_LOADING_PUBLIC_KEY 0
+# define ENGINE_R_FINISH_FAILED 0
+# define ENGINE_R_ID_OR_NAME_MISSING 0
+# define ENGINE_R_INIT_FAILED 0
+# define ENGINE_R_INTERNAL_LIST_ERROR 0
+# define ENGINE_R_INVALID_ARGUMENT 0
+# define ENGINE_R_INVALID_CMD_NAME 0
+# define ENGINE_R_INVALID_CMD_NUMBER 0
+# define ENGINE_R_INVALID_INIT_VALUE 0
+# define ENGINE_R_INVALID_STRING 0
+# define ENGINE_R_NOT_INITIALISED 0
+# define ENGINE_R_NOT_LOADED 0
+# define ENGINE_R_NO_CONTROL_FUNCTION 0
+# define ENGINE_R_NO_INDEX 0
+# define ENGINE_R_NO_LOAD_FUNCTION 0
+# define ENGINE_R_NO_REFERENCE 0
+# define ENGINE_R_NO_SUCH_ENGINE 0
+# define ENGINE_R_UNIMPLEMENTED_CIPHER 0
+# define ENGINE_R_UNIMPLEMENTED_DIGEST 0
+# define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD 0
+# define ENGINE_R_VERSION_INCOMPATIBILITY 0
+# endif
+
/*
* EVP function codes.
*/
# include <openssl/symhacks.h>
# include <openssl/cryptoerr_legacy.h>
-
-# ifndef OPENSSL_NO_ENGINE
-
-
-/*
- * ENGINE reason codes.
- */
-# define ENGINE_R_ALREADY_LOADED 100
-# define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER 133
-# define ENGINE_R_CMD_NOT_EXECUTABLE 134
-# define ENGINE_R_COMMAND_TAKES_INPUT 135
-# define ENGINE_R_COMMAND_TAKES_NO_INPUT 136
-# define ENGINE_R_CONFLICTING_ENGINE_ID 103
-# define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119
-# define ENGINE_R_DSO_FAILURE 104
-# define ENGINE_R_DSO_NOT_FOUND 132
-# define ENGINE_R_ENGINES_SECTION_ERROR 148
-# define ENGINE_R_ENGINE_CONFIGURATION_ERROR 102
-# define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105
-# define ENGINE_R_ENGINE_SECTION_ERROR 149
-# define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128
-# define ENGINE_R_FAILED_LOADING_PUBLIC_KEY 129
-# define ENGINE_R_FINISH_FAILED 106
-# define ENGINE_R_ID_OR_NAME_MISSING 108
-# define ENGINE_R_INIT_FAILED 109
-# define ENGINE_R_INTERNAL_LIST_ERROR 110
-# define ENGINE_R_INVALID_ARGUMENT 143
-# define ENGINE_R_INVALID_CMD_NAME 137
-# define ENGINE_R_INVALID_CMD_NUMBER 138
-# define ENGINE_R_INVALID_INIT_VALUE 151
-# define ENGINE_R_INVALID_STRING 150
-# define ENGINE_R_NOT_INITIALISED 117
-# define ENGINE_R_NOT_LOADED 112
-# define ENGINE_R_NO_CONTROL_FUNCTION 120
-# define ENGINE_R_NO_INDEX 144
-# define ENGINE_R_NO_LOAD_FUNCTION 125
-# define ENGINE_R_NO_REFERENCE 130
-# define ENGINE_R_NO_SUCH_ENGINE 116
-# define ENGINE_R_UNIMPLEMENTED_CIPHER 146
-# define ENGINE_R_UNIMPLEMENTED_DIGEST 147
-# define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD 101
-# define ENGINE_R_VERSION_INCOMPATIBILITY 145
-
-# endif
#endif
projects / thirdparty / openssl.git / commitdiff
