From: Milan Broz Date: Wed, 10 Sep 2025 09:42:27 +0000 (+0200) Subject: Remove crypto/engine dir. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6e4f67ba8335842c03292c2e6666a062896df8a5;p=thirdparty%2Fopenssl.git Remove crypto/engine dir. Signed-off-by: Milan Broz Reviewed-by: Neil Horman Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/28548) --- diff --git a/crypto/build.info b/crypto/build.info index 8fed477fef6..a6801047c8b 100644 --- a/crypto/build.info +++ b/crypto/build.info @@ -4,7 +4,7 @@ SUBDIRS=objects buffer bio stack lhash hashtable rand evp asn1 pem x509 conf \ txt_db pkcs7 pkcs12 ui kdf store property \ md2 md4 md5 sha mdc2 ml_kem hmac ripemd whrlpool poly1305 \ siphash sm3 des aes rc2 rc4 rc5 idea aria bf cast camellia \ - seed sm4 chacha modes bn ec rsa dsa dh sm2 dso engine \ + seed sm4 chacha modes bn ec rsa dsa dh sm2 dso \ err comp http ocsp cms ts srp cmac ct async ess crmf cmp encode_decode \ ffc hpke thread lms ml_dsa slh_dsa diff --git a/crypto/engine/README.md b/crypto/engine/README.md deleted file mode 100644 index b45115ca248..00000000000 --- a/crypto/engine/README.md +++ /dev/null @@ -1,210 +0,0 @@ -Notes on engines of 2001-09-24 -============================== - -This "description" (if one chooses to call it that) needed some major updating -so here goes. This update addresses a change being made at the same time to -OpenSSL, and it pretty much completely restructures the underlying mechanics of -the "ENGINE" code. So it serves a double purpose of being a "ENGINE internals -for masochists" document *and* a rather extensive commit log message. (I'd get -lynched for sticking all this in CHANGES.md or the commit mails :-). - -ENGINE_TABLE underlies this restructuring, as described in the internal header -"eng_local.h", implemented in eng_table.c, and used in each of the "class" files; -tb_rsa.c, tb_dsa.c, etc. - -However, "EVP_CIPHER" underlies the motivation and design of ENGINE_TABLE so -I'll mention a bit about that first. EVP_CIPHER (and most of this applies -equally to EVP_MD for digests) is both a "method" and a algorithm/mode -identifier that, in the current API, "lingers". These cipher description + -implementation structures can be defined or obtained directly by applications, -or can be loaded "en masse" into EVP storage so that they can be catalogued and -searched in various ways, ie. two ways of encrypting with the "des_cbc" -algorithm/mode pair are; - - (i) directly; - const EVP_CIPHER *cipher = EVP_des_cbc(); - EVP_EncryptInit(&ctx, cipher, key, iv); - [ ... use EVP_EncryptUpdate() and EVP_EncryptFinal() ...] - - (ii) indirectly; - OpenSSL_add_all_ciphers(); - cipher = EVP_get_cipherbyname("des_cbc"); - EVP_EncryptInit(&ctx, cipher, key, iv); - [ ... etc ... ] - -The latter is more generally used because it also allows ciphers/digests to be -looked up based on other identifiers which can be useful for automatic cipher -selection, eg. in SSL/TLS, or by user-controllable configuration. - -The important point about this is that EVP_CIPHER definitions and structures are -passed around with impunity and there is no safe way, without requiring massive -rewrites of many applications, to assume that EVP_CIPHERs can be reference -counted. One an EVP_CIPHER is exposed to the caller, neither it nor anything it -comes from can "safely" be destroyed. Unless of course the way of getting to -such ciphers is via entirely distinct API calls that didn't exist before. -However existing API usage cannot be made to understand when an EVP_CIPHER -pointer, that has been passed to the caller, is no longer being used. - -The other problem with the existing API w.r.t. to hooking EVP_CIPHER support -into ENGINE is storage - the OBJ_NAME-based storage used by EVP to register -ciphers simultaneously registers cipher *types* and cipher *implementations* - -they are effectively the same thing, an "EVP_CIPHER" pointer. The problem with -hooking in ENGINEs is that multiple ENGINEs may implement the same ciphers. The -solution is necessarily that ENGINE-provided ciphers simply are not registered, -stored, or exposed to the caller in the same manner as existing ciphers. This is -especially necessary considering the fact ENGINE uses reference counts to allow -for cleanup, modularity, and DSO support - yet EVP_CIPHERs, as exposed to -callers in the current API, support no such controls. - -Another sticking point for integrating cipher support into ENGINE is linkage. -Already there is a problem with the way ENGINE supports RSA, DSA, etc whereby -they are available *because* they're part of a giant ENGINE called "openssl". -Ie. all implementations *have* to come from an ENGINE, but we get round that by -having a giant ENGINE with all the software support encapsulated. This creates -linker hassles if nothing else - linking a 1-line application that calls 2 basic -RSA functions (eg. "RSA_free(RSA_new());") will result in large quantities of -ENGINE code being linked in *and* because of that DSA, DH, and RAND also. If we -continue with this approach for EVP_CIPHER support (even if it *was* possible) -we would lose our ability to link selectively by selectively loading certain -implementations of certain functionality. Touching any part of any kind of -crypto would result in massive static linkage of everything else. So the -solution is to change the way ENGINE feeds existing "classes", ie. how the -hooking to ENGINE works from RSA, DSA, DH, RAND, as well as adding new hooking -for EVP_CIPHER, and EVP_MD. - -The way this is now being done is by mostly reverting back to how things used to -work prior to ENGINE :-). Ie. RSA now has a "RSA_METHOD" pointer again - this -was previously replaced by an "ENGINE" pointer and all RSA code that required -the RSA_METHOD would call ENGINE_get_RSA() each time on its ENGINE handle to -temporarily get and use the ENGINE's RSA implementation. Apart from being more -efficient, switching back to each RSA having an RSA_METHOD pointer also allows -us to conceivably operate with *no* ENGINE. As we'll see, this removes any need -for a fallback ENGINE that encapsulates default implementations - we can simply -have our RSA structure pointing its RSA_METHOD pointer to the software -implementation and have its ENGINE pointer set to NULL. - -A look at the EVP_CIPHER hooking is most explanatory, the RSA, DSA (etc) cases -turn out to be degenerate forms of the same thing. The EVP storage of ciphers, -and the existing EVP API functions that return "software" implementations and -descriptions remain untouched. However, the storage takes more meaning in terms -of "cipher description" and less meaning in terms of "implementation". When an -EVP_CIPHER_CTX is actually initialised with an EVP_CIPHER method and is about to -begin en/decryption, the hooking to ENGINE comes into play. What happens is that -cipher-specific ENGINE code is asked for an ENGINE pointer (a functional -reference) for any ENGINE that is registered to perform the algo/mode that the -provided EVP_CIPHER structure represents. Under normal circumstances, that -ENGINE code will return NULL because no ENGINEs will have had any cipher -implementations *registered*. As such, a NULL ENGINE pointer is stored in the -EVP_CIPHER_CTX context, and the EVP_CIPHER structure is left hooked into the -context and so is used as the implementation. Pretty much how things work now -except we'd have a redundant ENGINE pointer set to NULL and doing nothing. - -Conversely, if an ENGINE *has* been registered to perform the algorithm/mode -combination represented by the provided EVP_CIPHER, then a functional reference -to that ENGINE will be returned to the EVP_CIPHER_CTX during initialisation. -That functional reference will be stored in the context (and released on -cleanup) - and having that reference provides a *safe* way to use an EVP_CIPHER -definition that is private to the ENGINE. Ie. the EVP_CIPHER provided by the -application will actually be replaced by an EVP_CIPHER from the registered -ENGINE - it will support the same algorithm/mode as the original but will be a -completely different implementation. Because this EVP_CIPHER isn't stored in the -EVP storage, nor is it returned to applications from traditional API functions, -there is no associated problem with it not having reference counts. And of -course, when one of these "private" cipher implementations is hooked into -EVP_CIPHER_CTX, it is done whilst the EVP_CIPHER_CTX holds a functional -reference to the ENGINE that owns it, thus the use of the ENGINE's EVP_CIPHER is -safe. - -The "cipher-specific ENGINE code" I mentioned is implemented in tb_cipher.c but -in essence it is simply an instantiation of "ENGINE_TABLE" code for use by -EVP_CIPHER code. tb_digest.c is virtually identical but, of course, it is for -use by EVP_MD code. Ditto for tb_rsa.c, tb_dsa.c, etc. These instantiations of -ENGINE_TABLE essentially provide linker-separation of the classes so that even -if ENGINEs implement *all* possible algorithms, an application using only -EVP_CIPHER code will link at most code relating to EVP_CIPHER, tb_cipher.c, core -ENGINE code that is independent of class, and of course the ENGINE -implementation that the application loaded. It will *not* however link any -class-specific ENGINE code for digests, RSA, etc nor will it bleed over into -other APIs, such as the RSA/DSA/etc library code. - -ENGINE_TABLE is a little more complicated than may seem necessary but this is -mostly to avoid a lot of "init()"-thrashing on ENGINEs (that may have to load -DSOs, and other expensive setup that shouldn't be thrashed unnecessarily) *and* -to duplicate "default" behaviour. Basically an ENGINE_TABLE instantiation, for -example tb_cipher.c, implements a hash-table keyed by integer "nid" values. -These nids provide the uniquenness of an algorithm/mode - and each nid will hash -to a potentially NULL "ENGINE_PILE". An ENGINE_PILE is essentially a list of -pointers to ENGINEs that implement that particular 'nid'. Each "pile" uses some -caching tricks such that requests on that 'nid' will be cached and all future -requests will return immediately (well, at least with minimal operation) unless -a change is made to the pile, eg. perhaps an ENGINE was unloaded. The reason is -that an application could have support for 10 ENGINEs statically linked -in, and the machine in question may not have any of the hardware those 10 -ENGINEs support. If each of those ENGINEs has a "des_cbc" implementation, we -want to avoid every EVP_CIPHER_CTX setup from trying (and failing) to initialise -each of those 10 ENGINEs. Instead, the first such request will try to do that -and will either return (and cache) a NULL ENGINE pointer or will return a -functional reference to the first that successfully initialised. In the latter -case it will also cache an extra functional reference to the ENGINE as a -"default" for that 'nid'. The caching is acknowledged by a 'uptodate' variable -that is unset only if un/registration takes place on that pile. Ie. if -implementations of "des_cbc" are added or removed. This behaviour can be -tweaked; the ENGINE_TABLE_FLAG_NOINIT value can be passed to -ENGINE_set_table_flags(), in which case the only ENGINEs that tb_cipher.c will -try to initialise from the "pile" will be those that are already initialised -(ie. it's simply an increment of the functional reference count, and no real -"initialisation" will take place). - -RSA, DSA, DH, and RAND all have their own ENGINE_TABLE code as well, and the -difference is that they all use an implicit 'nid' of 1. Whereas EVP_CIPHERs are -actually qualitatively different depending on 'nid' (the "des_cbc" EVP_CIPHER is -not an interoperable implementation of "aes_256_cbc"), RSA_METHODs are -necessarily interoperable and don't have different flavours, only different -implementations. In other words, the ENGINE_TABLE for RSA will either be empty, -or will have a single ENGINE_PILE hashed to by the 'nid' 1 and that pile -represents ENGINEs that implement the single "type" of RSA there is. - -Cleanup - the registration and unregistration may pose questions about how -cleanup works with the ENGINE_PILE doing all this caching nonsense (ie. when the -application or EVP_CIPHER code releases its last reference to an ENGINE, the -ENGINE_PILE code may still have references and thus those ENGINEs will stay -hooked in forever). The way this is handled is via "unregistration". With these -new ENGINE changes, an abstract ENGINE can be loaded and initialised, but that -is an algorithm-agnostic process. Even if initialised, it will not have -registered any of its implementations (to do so would link all class "table" -code despite the fact the application may use only ciphers, for example). This -is deliberately a distinct step. Moreover, registration and unregistration has -nothing to do with whether an ENGINE is *functional* or not (ie. you can even -register an ENGINE and its implementations without it being operational, you may -not even have the drivers to make it operate). What actually happens with -respect to cleanup is managed inside eng_lib.c with the `engine_cleanup_***` -functions. These functions are internal-only and each part of ENGINE code that -could require cleanup will, upon performing its first allocation, register a -callback with the "engine_cleanup" code. The other part of this that makes it -tick is that the ENGINE_TABLE instantiations (tb_***.c) use NULL as their -initialised state. So if RSA code asks for an ENGINE and no ENGINE has -registered an implementation, the code will simply return NULL and the tb_rsa.c -state will be unchanged. Thus, no cleanup is required unless registration takes -place. ENGINE_cleanup() will simply iterate across a list of registered cleanup -callbacks calling each in turn, and will then internally delete its own storage -(a STACK). When a cleanup callback is next registered (eg. if the cleanup() is -part of a graceful restart and the application wants to cleanup all state then -start again), the internal STACK storage will be freshly allocated. This is much -the same as the situation in the ENGINE_TABLE instantiations ... NULL is the -initialised state, so only modification operations (not queries) will cause that -code to have to register a cleanup. - -What else? The bignum callbacks and associated ENGINE functions have been -removed for two obvious reasons; (i) there was no way to generalise them to the -mechanism now used by RSA/DSA/..., because there's no such thing as a BIGNUM -method, and (ii) because of (i), there was no meaningful way for library or -application code to automatically hook and use ENGINE supplied bignum functions -anyway. Also, ENGINE_cpy() has been removed (although an internal-only version -exists) - the idea of providing an ENGINE_cpy() function probably wasn't a good -one and now certainly doesn't make sense in any generalised way. Some of the -RSA, DSA, DH, and RAND functions that were fiddled during the original ENGINE -changes have now, as a consequence, been reverted back. This is because the -hooking of ENGINE is now automatic (and passive, it can internally use a NULL -ENGINE pointer to simply ignore ENGINE from then on). - -Hell, that should be enough for now ... comments welcome. diff --git a/crypto/engine/build.info b/crypto/engine/build.info deleted file mode 100644 index 47fe948966e..00000000000 --- a/crypto/engine/build.info +++ /dev/null @@ -1,8 +0,0 @@ -LIBS=../../libcrypto -SOURCE[../../libcrypto]=\ - eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \ - eng_table.c eng_pkey.c eng_fat.c eng_all.c \ - tb_rsa.c tb_dsa.c tb_dh.c tb_rand.c \ - tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c tb_eckey.c \ - eng_openssl.c eng_cnf.c eng_dyn.c \ - eng_rdrand.c diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c deleted file mode 100644 index 2f83b2ec182..00000000000 --- a/crypto/engine/eng_all.c +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/cryptlib.h" -#include "eng_local.h" - -void ENGINE_load_builtin_engines(void) -{ - OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL); -} - -#ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# if (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__)) -void ENGINE_setup_bsd_cryptodev(void) -{ -} -# endif -#endif diff --git a/crypto/engine/eng_cnf.c b/crypto/engine/eng_cnf.c deleted file mode 100644 index 14744bb7f55..00000000000 --- a/crypto/engine/eng_cnf.c +++ /dev/null @@ -1,185 +0,0 @@ -/* - * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include "eng_local.h" -#include -#include - -/* ENGINE config module */ - -static const char *skip_dot(const char *name) -{ - const char *p = strchr(name, '.'); - - if (p != NULL) - return p + 1; - return name; -} - -static STACK_OF(ENGINE) *initialized_engines = NULL; - -static int int_engine_init(ENGINE *e) -{ - if (!ENGINE_init(e)) - return 0; - if (!initialized_engines) - initialized_engines = sk_ENGINE_new_null(); - if (!initialized_engines || !sk_ENGINE_push(initialized_engines, e)) { - ENGINE_finish(e); - return 0; - } - return 1; -} - -static int int_engine_configure(const char *name, const char *value, const CONF *cnf) -{ - int i; - int ret = 0; - long do_init = -1; - STACK_OF(CONF_VALUE) *ecmds; - CONF_VALUE *ecmd = NULL; - const char *ctrlname, *ctrlvalue; - ENGINE *e = NULL; - int soft = 0; - - name = skip_dot(name); - OSSL_TRACE1(CONF, "Configuring engine %s\n", name); - /* Value is a section containing ENGINE commands */ - ecmds = NCONF_get_section(cnf, value); - - if (!ecmds) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_ENGINE_SECTION_ERROR); - return 0; - } - - for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) { - ecmd = sk_CONF_VALUE_value(ecmds, i); - ctrlname = skip_dot(ecmd->name); - ctrlvalue = ecmd->value; - OSSL_TRACE2(CONF, "ENGINE: doing ctrl(%s,%s)\n", - ctrlname, ctrlvalue); - - /* First handle some special pseudo ctrls */ - - /* Override engine name to use */ - if (strcmp(ctrlname, "engine_id") == 0) - name = ctrlvalue; - else if (strcmp(ctrlname, "soft_load") == 0) - soft = 1; - /* Load a dynamic ENGINE */ - else if (strcmp(ctrlname, "dynamic_path") == 0) { - e = ENGINE_by_id("dynamic"); - if (!e) - goto err; - if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", ctrlvalue, 0)) - goto err; - if (!ENGINE_ctrl_cmd_string(e, "LIST_ADD", "2", 0)) - goto err; - if (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)) - goto err; - } - /* ... add other pseudos here ... */ - else { - /* - * At this point we need an ENGINE structural reference if we - * don't already have one. - */ - if (!e) { - e = ENGINE_by_id(name); - if (!e && soft) { - ERR_clear_error(); - return 1; - } - if (!e) - goto err; - } - /* - * Allow "EMPTY" to mean no value: this allows a valid "value" to - * be passed to ctrls of type NO_INPUT - */ - if (strcmp(ctrlvalue, "EMPTY") == 0) - ctrlvalue = NULL; - if (strcmp(ctrlname, "init") == 0) { - if (!NCONF_get_number_e(cnf, value, "init", &do_init)) - goto err; - if (do_init == 1) { - if (!int_engine_init(e)) - goto err; - } else if (do_init != 0) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INVALID_INIT_VALUE); - goto err; - } - } else if (strcmp(ctrlname, "default_algorithms") == 0) { - if (!ENGINE_set_default_string(e, ctrlvalue)) - goto err; - } else if (!ENGINE_ctrl_cmd_string(e, ctrlname, ctrlvalue, 0)) - goto err; - } - - } - if (e && (do_init == -1) && !int_engine_init(e)) { - ecmd = NULL; - goto err; - } - ret = 1; - err: - if (ret != 1) { - if (ecmd == NULL) - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_ENGINE_CONFIGURATION_ERROR); - else - ERR_raise_data(ERR_LIB_ENGINE, ENGINE_R_ENGINE_CONFIGURATION_ERROR, - "section=%s, name=%s, value=%s", - ecmd->section, ecmd->name, ecmd->value); - } - ENGINE_free(e); - return ret; -} - -static int int_engine_module_init(CONF_IMODULE *md, const CONF *cnf) -{ - STACK_OF(CONF_VALUE) *elist; - CONF_VALUE *cval; - int i; - OSSL_TRACE2(CONF, "Called engine module: name %s, value %s\n", - CONF_imodule_get_name(md), CONF_imodule_get_value(md)); - /* Value is a section containing ENGINEs to configure */ - elist = NCONF_get_section(cnf, CONF_imodule_get_value(md)); - - if (!elist) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_ENGINES_SECTION_ERROR); - return 0; - } - - for (i = 0; i < sk_CONF_VALUE_num(elist); i++) { - cval = sk_CONF_VALUE_value(elist, i); - if (!int_engine_configure(cval->name, cval->value, cnf)) - return 0; - } - - return 1; -} - -static void int_engine_module_finish(CONF_IMODULE *md) -{ - ENGINE *e; - - while ((e = sk_ENGINE_pop(initialized_engines))) - ENGINE_finish(e); - sk_ENGINE_free(initialized_engines); - initialized_engines = NULL; -} - -void ENGINE_add_conf_module(void) -{ - CONF_module_add("engines", - int_engine_module_init, int_engine_module_finish); -} diff --git a/crypto/engine/eng_ctrl.c b/crypto/engine/eng_ctrl.c deleted file mode 100644 index 247575c99d2..00000000000 --- a/crypto/engine/eng_ctrl.c +++ /dev/null @@ -1,322 +0,0 @@ -/* - * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include "eng_local.h" - -/* - * When querying a ENGINE-specific control command's 'description', this - * string is used if the ENGINE_CMD_DEFN has cmd_desc set to NULL. - */ -static const char *int_no_description = ""; - -/* - * These internal functions handle 'CMD'-related control commands when the - * ENGINE in question has asked us to take care of it (ie. the ENGINE did not - * set the ENGINE_FLAGS_MANUAL_CMD_CTRL flag. - */ - -static int int_ctrl_cmd_is_null(const ENGINE_CMD_DEFN *defn) -{ - if ((defn->cmd_num == 0) || (defn->cmd_name == NULL)) - return 1; - return 0; -} - -static int int_ctrl_cmd_by_name(const ENGINE_CMD_DEFN *defn, const char *s) -{ - int idx = 0; - while (!int_ctrl_cmd_is_null(defn) && (strcmp(defn->cmd_name, s) != 0)) { - idx++; - defn++; - } - if (int_ctrl_cmd_is_null(defn)) - /* The given name wasn't found */ - return -1; - return idx; -} - -static int int_ctrl_cmd_by_num(const ENGINE_CMD_DEFN *defn, unsigned int num) -{ - int idx = 0; - /* - * NB: It is stipulated that 'cmd_defn' lists are ordered by cmd_num. So - * our searches don't need to take any longer than necessary. - */ - while (!int_ctrl_cmd_is_null(defn) && (defn->cmd_num < num)) { - idx++; - defn++; - } - if (defn->cmd_num == num) - return idx; - /* The given cmd_num wasn't found */ - return -1; -} - -static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, - void (*f) (void)) -{ - int idx; - char *s = (char *)p; - const ENGINE_CMD_DEFN *cdp; - - /* Take care of the easy one first (eg. it requires no searches) */ - if (cmd == ENGINE_CTRL_GET_FIRST_CMD_TYPE) { - if ((e->cmd_defns == NULL) || int_ctrl_cmd_is_null(e->cmd_defns)) - return 0; - return e->cmd_defns->cmd_num; - } - /* One or two commands require that "p" be a valid string buffer */ - if ((cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) || - (cmd == ENGINE_CTRL_GET_NAME_FROM_CMD) || - (cmd == ENGINE_CTRL_GET_DESC_FROM_CMD)) { - if (s == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER); - return -1; - } - } - /* Now handle cmd_name -> cmd_num conversion */ - if (cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) { - if ((e->cmd_defns == NULL) - || ((idx = int_ctrl_cmd_by_name(e->cmd_defns, s)) < 0)) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INVALID_CMD_NAME); - return -1; - } - return e->cmd_defns[idx].cmd_num; - } - /* - * For the rest of the commands, the 'long' argument must specify a valid - * command number - so we need to conduct a search. - */ - if ((e->cmd_defns == NULL) - || ((idx = int_ctrl_cmd_by_num(e->cmd_defns, (unsigned int)i)) < 0)) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INVALID_CMD_NUMBER); - return -1; - } - /* Now the logic splits depending on command type */ - cdp = &e->cmd_defns[idx]; - switch (cmd) { - case ENGINE_CTRL_GET_NEXT_CMD_TYPE: - cdp++; - return int_ctrl_cmd_is_null(cdp) ? 0 : cdp->cmd_num; - case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD: - return (int)strlen(cdp->cmd_name); - case ENGINE_CTRL_GET_NAME_FROM_CMD: - return (int)strlen(strcpy(s, cdp->cmd_name)); - case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD: - return (int)strlen(cdp->cmd_desc == NULL ? int_no_description - : cdp->cmd_desc); - case ENGINE_CTRL_GET_DESC_FROM_CMD: - return (int)strlen(strcpy(s, cdp->cmd_desc == NULL ? int_no_description - : cdp->cmd_desc)); - case ENGINE_CTRL_GET_CMD_FLAGS: - return cdp->cmd_flags; - } - /* Shouldn't really be here ... */ - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INTERNAL_LIST_ERROR); - return -1; -} - -int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) -{ - int ctrl_exists; - - if (e == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - ctrl_exists = ((e->ctrl == NULL) ? 0 : 1); - - /* - * Intercept any "root-level" commands before trying to hand them on to - * ctrl() handlers. - */ - switch (cmd) { - case ENGINE_CTRL_HAS_CTRL_FUNCTION: - return ctrl_exists; - case ENGINE_CTRL_GET_FIRST_CMD_TYPE: - case ENGINE_CTRL_GET_NEXT_CMD_TYPE: - case ENGINE_CTRL_GET_CMD_FROM_NAME: - case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD: - case ENGINE_CTRL_GET_NAME_FROM_CMD: - case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD: - case ENGINE_CTRL_GET_DESC_FROM_CMD: - case ENGINE_CTRL_GET_CMD_FLAGS: - if (ctrl_exists && !(e->flags & ENGINE_FLAGS_MANUAL_CMD_CTRL)) - return int_ctrl_helper(e, cmd, i, p, f); - if (!ctrl_exists) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_NO_CONTROL_FUNCTION); - /* - * For these cmd-related functions, failure is indicated by a -1 - * return value (because 0 is used as a valid return in some - * places). - */ - return -1; - } - default: - break; - } - /* Anything else requires a ctrl() handler to exist. */ - if (!ctrl_exists) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_NO_CONTROL_FUNCTION); - return 0; - } - return e->ctrl(e, cmd, i, p, f); -} - -int ENGINE_cmd_is_executable(ENGINE *e, int cmd) -{ - int flags; - if ((flags = - ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, cmd, NULL, NULL)) < 0) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INVALID_CMD_NUMBER); - return 0; - } - if (!(flags & ENGINE_CMD_FLAG_NO_INPUT) && - !(flags & ENGINE_CMD_FLAG_NUMERIC) && - !(flags & ENGINE_CMD_FLAG_STRING)) - return 0; - return 1; -} - -int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, - long i, void *p, void (*f) (void), int cmd_optional) -{ - int num; - - if (e == NULL || cmd_name == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (e->ctrl == NULL - || (num = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FROM_NAME, - 0, (void *)cmd_name, NULL)) <= 0) { - /* - * If the command didn't *have* to be supported, we fake success. - * This allows certain settings to be specified for multiple ENGINEs - * and only require a change of ENGINE id (without having to - * selectively apply settings). Eg. changing from a hardware device - * back to the regular software ENGINE without editing the config - * file, etc. - */ - if (cmd_optional) { - ERR_clear_error(); - return 1; - } - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INVALID_CMD_NAME); - return 0; - } - /* - * Force the result of the control command to 0 or 1, for the reasons - * mentioned before. - */ - if (ENGINE_ctrl(e, num, i, p, f) > 0) - return 1; - return 0; -} - -int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, - int cmd_optional) -{ - int num, flags; - long l; - char *ptr; - - if (e == NULL || cmd_name == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (e->ctrl == NULL - || (num = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FROM_NAME, - 0, (void *)cmd_name, NULL)) <= 0) { - /* - * If the command didn't *have* to be supported, we fake success. - * This allows certain settings to be specified for multiple ENGINEs - * and only require a change of ENGINE id (without having to - * selectively apply settings). Eg. changing from a hardware device - * back to the regular software ENGINE without editing the config - * file, etc. - */ - if (cmd_optional) { - ERR_clear_error(); - return 1; - } - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INVALID_CMD_NAME); - return 0; - } - if (!ENGINE_cmd_is_executable(e, num)) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_CMD_NOT_EXECUTABLE); - return 0; - } - - flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, NULL, NULL); - if (flags < 0) { - /* - * Shouldn't happen, given that ENGINE_cmd_is_executable() returned - * success. - */ - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INTERNAL_LIST_ERROR); - return 0; - } - /* - * If the command takes no input, there must be no input. And vice versa. - */ - if (flags & ENGINE_CMD_FLAG_NO_INPUT) { - if (arg != NULL) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_COMMAND_TAKES_NO_INPUT); - return 0; - } - /* - * We deliberately force the result of ENGINE_ctrl() to 0 or 1 rather - * than returning it as "return data". This is to ensure usage of - * these commands is consistent across applications and that certain - * applications don't understand it one way, and others another. - */ - if (ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0) - return 1; - return 0; - } - /* So, we require input */ - if (arg == NULL) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_COMMAND_TAKES_INPUT); - return 0; - } - /* If it takes string input, that's easy */ - if (flags & ENGINE_CMD_FLAG_STRING) { - /* Same explanation as above */ - if (ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0) - return 1; - return 0; - } - /* - * If it doesn't take numeric either, then it is unsupported for use in a - * config-setting situation, which is what this function is for. This - * should never happen though, because ENGINE_cmd_is_executable() was - * used. - */ - if (!(flags & ENGINE_CMD_FLAG_NUMERIC)) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INTERNAL_LIST_ERROR); - return 0; - } - l = strtol(arg, &ptr, 10); - if ((arg == ptr) || (*ptr != '\0')) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER); - return 0; - } - /* - * Force the result of the control command to 0 or 1, for the reasons - * mentioned before. - */ - if (ENGINE_ctrl(e, num, l, NULL, NULL) > 0) - return 1; - return 0; -} diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c deleted file mode 100644 index cc3a2b0aa31..00000000000 --- a/crypto/engine/eng_dyn.c +++ /dev/null @@ -1,534 +0,0 @@ -/* - * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include "eng_local.h" -#include "internal/dso.h" -#include - -/* - * Shared libraries implementing ENGINEs for use by the "dynamic" ENGINE - * loader should implement the hook-up functions with the following - * prototypes. - */ - -/* Our ENGINE handlers */ -static int dynamic_init(ENGINE *e); -static int dynamic_finish(ENGINE *e); -static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, - void (*f) (void)); -/* Predeclare our context type */ -typedef struct st_dynamic_data_ctx dynamic_data_ctx; -/* The implementation for the important control command */ -static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx); - -#define DYNAMIC_CMD_SO_PATH ENGINE_CMD_BASE -#define DYNAMIC_CMD_NO_VCHECK (ENGINE_CMD_BASE + 1) -#define DYNAMIC_CMD_ID (ENGINE_CMD_BASE + 2) -#define DYNAMIC_CMD_LIST_ADD (ENGINE_CMD_BASE + 3) -#define DYNAMIC_CMD_DIR_LOAD (ENGINE_CMD_BASE + 4) -#define DYNAMIC_CMD_DIR_ADD (ENGINE_CMD_BASE + 5) -#define DYNAMIC_CMD_LOAD (ENGINE_CMD_BASE + 6) - -/* The constants used when creating the ENGINE */ -static const char *engine_dynamic_id = "dynamic"; -static const char *engine_dynamic_name = "Dynamic engine loading support"; -static const ENGINE_CMD_DEFN dynamic_cmd_defns[] = { - {DYNAMIC_CMD_SO_PATH, - "SO_PATH", - "Specifies the path to the new ENGINE shared library", - ENGINE_CMD_FLAG_STRING}, - {DYNAMIC_CMD_NO_VCHECK, - "NO_VCHECK", - "Specifies to continue even if version checking fails (boolean)", - ENGINE_CMD_FLAG_NUMERIC}, - {DYNAMIC_CMD_ID, - "ID", - "Specifies an ENGINE id name for loading", - ENGINE_CMD_FLAG_STRING}, - {DYNAMIC_CMD_LIST_ADD, - "LIST_ADD", - "Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)", - ENGINE_CMD_FLAG_NUMERIC}, - {DYNAMIC_CMD_DIR_LOAD, - "DIR_LOAD", - "Specifies whether to load from 'DIR_ADD' directories (0=no,1=yes,2=mandatory)", - ENGINE_CMD_FLAG_NUMERIC}, - {DYNAMIC_CMD_DIR_ADD, - "DIR_ADD", - "Adds a directory from which ENGINEs can be loaded", - ENGINE_CMD_FLAG_STRING}, - {DYNAMIC_CMD_LOAD, - "LOAD", - "Load up the ENGINE specified by other settings", - ENGINE_CMD_FLAG_NO_INPUT}, - {0, NULL, NULL, 0} -}; - -/* - * Loading code stores state inside the ENGINE structure via the "ex_data" - * element. We load all our state into a single structure and use that as a - * single context in the "ex_data" stack. - */ -struct st_dynamic_data_ctx { - /* The DSO object we load that supplies the ENGINE code */ - DSO *dynamic_dso; - /* - * The function pointer to the version checking shared library function - */ - dynamic_v_check_fn v_check; - /* - * The function pointer to the engine-binding shared library function - */ - dynamic_bind_engine bind_engine; - /* The default name/path for loading the shared library */ - char *DYNAMIC_LIBNAME; - /* Whether to continue loading on a version check failure */ - int no_vcheck; - /* If non-NULL, stipulates the 'id' of the ENGINE to be loaded */ - char *engine_id; - /* - * If non-zero, a successfully loaded ENGINE should be added to the - * internal ENGINE list. If 2, the add must succeed or the entire load - * should fail. - */ - int list_add_value; - /* The symbol name for the version checking function */ - const char *DYNAMIC_F1; - /* The symbol name for the "initialise ENGINE structure" function */ - const char *DYNAMIC_F2; - /* - * Whether to never use 'dirs', use 'dirs' as a fallback, or only use - * 'dirs' for loading. Default is to use 'dirs' as a fallback. - */ - int dir_load; - /* A stack of directories from which ENGINEs could be loaded */ - STACK_OF(OPENSSL_STRING) *dirs; -}; - -/* - * This is the "ex_data" index we obtain and reserve for use with our context - * structure. - */ -static int dynamic_ex_data_idx = -1; - -static void int_free_str(char *s) -{ - OPENSSL_free(s); -} - -/* - * Because our ex_data element may or may not get allocated depending on - * whether a "first-use" occurs before the ENGINE is freed, we have a memory - * leak problem to solve. We can't declare a "new" handler for the ex_data as - * we don't want a dynamic_data_ctx in *all* ENGINE structures of all types - * (this is a bug in the design of CRYPTO_EX_DATA). As such, we just declare - * a "free" handler and that will get called if an ENGINE is being destroyed - * and there was an ex_data element corresponding to our context type. - */ -static void dynamic_data_ctx_free_func(void *parent, void *ptr, - CRYPTO_EX_DATA *ad, int idx, long argl, - void *argp) -{ - if (ptr) { - dynamic_data_ctx *ctx = (dynamic_data_ctx *)ptr; - DSO_free(ctx->dynamic_dso); - OPENSSL_free(ctx->DYNAMIC_LIBNAME); - OPENSSL_free(ctx->engine_id); - sk_OPENSSL_STRING_pop_free(ctx->dirs, int_free_str); - OPENSSL_free(ctx); - } -} - -/* - * Construct the per-ENGINE context. We create it blindly and then use a lock - * to check for a race - if so, all but one of the threads "racing" will have - * wasted their time. The alternative involves creating everything inside the - * lock which is far worse. - */ -static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx) -{ - dynamic_data_ctx *c = OPENSSL_zalloc(sizeof(*c)); - int ret = 0; - - if (c == NULL) - return 0; - c->dirs = sk_OPENSSL_STRING_new_null(); - if (c->dirs == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_CRYPTO_LIB); - goto end; - } - c->DYNAMIC_F1 = "v_check"; - c->DYNAMIC_F2 = "bind_engine"; - c->dir_load = 1; - if (!CRYPTO_THREAD_write_lock(global_engine_lock)) - goto end; - if ((*ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, - dynamic_ex_data_idx)) - == NULL) { - /* Good, we're the first */ - ret = ENGINE_set_ex_data(e, dynamic_ex_data_idx, c); - if (ret) { - *ctx = c; - c = NULL; - } - } - CRYPTO_THREAD_unlock(global_engine_lock); - ret = 1; - /* - * If we lost the race to set the context, c is non-NULL and *ctx is the - * context of the thread that won. - */ -end: - if (c != NULL) - sk_OPENSSL_STRING_free(c->dirs); - OPENSSL_free(c); - return ret; -} - -/* - * This function retrieves the context structure from an ENGINE's "ex_data", - * or if it doesn't exist yet, sets it up. - */ -static dynamic_data_ctx *dynamic_get_data_ctx(ENGINE *e) -{ - dynamic_data_ctx *ctx; - if (dynamic_ex_data_idx < 0) { - /* - * Create and register the ENGINE ex_data, and associate our "free" - * function with it to ensure any allocated contexts get freed when - * an ENGINE goes underground. - */ - int new_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, - dynamic_data_ctx_free_func); - if (new_idx == -1) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_NO_INDEX); - return NULL; - } - if (!CRYPTO_THREAD_write_lock(global_engine_lock)) - return NULL; - /* Avoid a race by checking again inside this lock */ - if (dynamic_ex_data_idx < 0) { - /* Good, someone didn't beat us to it */ - dynamic_ex_data_idx = new_idx; - new_idx = -1; - } - CRYPTO_THREAD_unlock(global_engine_lock); - /* - * In theory we could "give back" the index here if (new_idx>-1), but - * it's not possible and wouldn't gain us much if it were. - */ - } - ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, dynamic_ex_data_idx); - /* Check if the context needs to be created */ - if ((ctx == NULL) && !dynamic_set_data_ctx(e, &ctx)) - /* "set_data" will set errors if necessary */ - return NULL; - return ctx; -} - -static ENGINE *engine_dynamic(void) -{ - ENGINE *ret = ENGINE_new(); - if (ret == NULL) - return NULL; - if (!ENGINE_set_id(ret, engine_dynamic_id) || - !ENGINE_set_name(ret, engine_dynamic_name) || - !ENGINE_set_init_function(ret, dynamic_init) || - !ENGINE_set_finish_function(ret, dynamic_finish) || - !ENGINE_set_ctrl_function(ret, dynamic_ctrl) || - !ENGINE_set_flags(ret, ENGINE_FLAGS_BY_ID_COPY) || - !ENGINE_set_cmd_defns(ret, dynamic_cmd_defns)) { - ENGINE_free(ret); - return NULL; - } - return ret; -} - -void engine_load_dynamic_int(void) -{ - ENGINE *toadd = engine_dynamic(); - if (!toadd) - return; - - ERR_set_mark(); - ENGINE_add(toadd); - /* - * If the "add" worked, it gets a structural reference. So either way, we - * release our just-created reference. - */ - ENGINE_free(toadd); - /* - * If the "add" didn't work, it was probably a conflict because it was - * already added (eg. someone calling ENGINE_load_blah then calling - * ENGINE_load_builtin_engines() perhaps). - */ - ERR_pop_to_mark(); -} - -static int dynamic_init(ENGINE *e) -{ - /* - * We always return failure - the "dynamic" engine itself can't be used - * for anything. - */ - return 0; -} - -static int dynamic_finish(ENGINE *e) -{ - /* - * This should never be called on account of "dynamic_init" always - * failing. - */ - return 0; -} - -static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) -{ - dynamic_data_ctx *ctx = dynamic_get_data_ctx(e); - int initialised; - - if (!ctx) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_NOT_LOADED); - return 0; - } - initialised = ((ctx->dynamic_dso == NULL) ? 0 : 1); - /* All our control commands require the ENGINE to be uninitialised */ - if (initialised) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_ALREADY_LOADED); - return 0; - } - switch (cmd) { - case DYNAMIC_CMD_SO_PATH: - /* a NULL 'p' or a string of zero-length is the same thing */ - if (p && (strlen((const char *)p) < 1)) - p = NULL; - OPENSSL_free(ctx->DYNAMIC_LIBNAME); - if (p) - ctx->DYNAMIC_LIBNAME = OPENSSL_strdup(p); - else - ctx->DYNAMIC_LIBNAME = NULL; - return (ctx->DYNAMIC_LIBNAME ? 1 : 0); - case DYNAMIC_CMD_NO_VCHECK: - ctx->no_vcheck = ((i == 0) ? 0 : 1); - return 1; - case DYNAMIC_CMD_ID: - /* a NULL 'p' or a string of zero-length is the same thing */ - if (p && (strlen((const char *)p) < 1)) - p = NULL; - OPENSSL_free(ctx->engine_id); - if (p) - ctx->engine_id = OPENSSL_strdup(p); - else - ctx->engine_id = NULL; - return (ctx->engine_id ? 1 : 0); - case DYNAMIC_CMD_LIST_ADD: - if ((i < 0) || (i > 2)) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INVALID_ARGUMENT); - return 0; - } - ctx->list_add_value = (int)i; - return 1; - case DYNAMIC_CMD_LOAD: - return dynamic_load(e, ctx); - case DYNAMIC_CMD_DIR_LOAD: - if ((i < 0) || (i > 2)) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INVALID_ARGUMENT); - return 0; - } - ctx->dir_load = (int)i; - return 1; - case DYNAMIC_CMD_DIR_ADD: - /* a NULL 'p' or a string of zero-length is the same thing */ - if (p == NULL || (strlen((const char *)p) < 1)) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INVALID_ARGUMENT); - return 0; - } - { - char *tmp_str = OPENSSL_strdup(p); - if (tmp_str == NULL) - return 0; - if (!sk_OPENSSL_STRING_push(ctx->dirs, tmp_str)) { - OPENSSL_free(tmp_str); - ERR_raise(ERR_LIB_ENGINE, ERR_R_CRYPTO_LIB); - return 0; - } - } - return 1; - default: - break; - } - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED); - return 0; -} - -static int int_load(dynamic_data_ctx *ctx) -{ - int num, loop; - /* Unless told not to, try a direct load */ - if ((ctx->dir_load != 2) && (DSO_load(ctx->dynamic_dso, - ctx->DYNAMIC_LIBNAME, NULL, - 0)) != NULL) - return 1; - /* If we're not allowed to use 'dirs' or we have none, fail */ - if (!ctx->dir_load || (num = sk_OPENSSL_STRING_num(ctx->dirs)) < 1) - return 0; - for (loop = 0; loop < num; loop++) { - const char *s = sk_OPENSSL_STRING_value(ctx->dirs, loop); - char *merge = DSO_merge(ctx->dynamic_dso, ctx->DYNAMIC_LIBNAME, s); - if (!merge) - return 0; - if (DSO_load(ctx->dynamic_dso, merge, NULL, 0)) { - /* Found what we're looking for */ - OPENSSL_free(merge); - return 1; - } - OPENSSL_free(merge); - } - return 0; -} - -/* - * Unfortunately the version checker does not distinguish between - * engines built for openssl 1.1.x and openssl 3.x, but loading - * an engine that is built for openssl 1.1.x will cause a fatal - * error. Detect such engines, since EVP_PKEY_base_id is exported - * as a function in openssl 1.1.x, while it is named EVP_PKEY_get_base_id - * in openssl 3.x. Therefore we take the presence of that symbol - * as an indication that the engine will be incompatible. - */ -static int using_libcrypto_11(dynamic_data_ctx *ctx) -{ - int ret; - - ERR_set_mark(); - ret = DSO_bind_func(ctx->dynamic_dso, "EVP_PKEY_base_id") != NULL; - ERR_pop_to_mark(); - - return ret; -} - -static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx) -{ - ENGINE cpy; - dynamic_fns fns; - - if (ctx->dynamic_dso == NULL) - ctx->dynamic_dso = DSO_new(); - if (ctx->dynamic_dso == NULL) - return 0; - if (!ctx->DYNAMIC_LIBNAME) { - if (!ctx->engine_id) - return 0; - DSO_ctrl(ctx->dynamic_dso, DSO_CTRL_SET_FLAGS, - DSO_FLAG_NAME_TRANSLATION_EXT_ONLY, NULL); - ctx->DYNAMIC_LIBNAME = - DSO_convert_filename(ctx->dynamic_dso, ctx->engine_id); - } - if (!int_load(ctx)) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_DSO_NOT_FOUND); - DSO_free(ctx->dynamic_dso); - ctx->dynamic_dso = NULL; - return 0; - } - /* We have to find a bind function otherwise it'll always end badly */ - if (! - (ctx->bind_engine = - (dynamic_bind_engine) DSO_bind_func(ctx->dynamic_dso, - ctx->DYNAMIC_F2))) { - ctx->bind_engine = NULL; - DSO_free(ctx->dynamic_dso); - ctx->dynamic_dso = NULL; - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_DSO_FAILURE); - return 0; - } - /* Do we perform version checking? */ - if (!ctx->no_vcheck) { - unsigned long vcheck_res = 0; - /* - * Now we try to find a version checking function and decide how to - * cope with failure if/when it fails. - */ - ctx->v_check = - (dynamic_v_check_fn) DSO_bind_func(ctx->dynamic_dso, - ctx->DYNAMIC_F1); - if (ctx->v_check) - vcheck_res = ctx->v_check(OSSL_DYNAMIC_VERSION); - /* - * We fail if the version checker veto'd the load *or* if it is - * deferring to us (by returning its version) and we think it is too - * old. Also fail if this is engine for openssl 1.1.x. - */ - if (vcheck_res < OSSL_DYNAMIC_OLDEST || using_libcrypto_11(ctx)) { - /* Fail */ - ctx->bind_engine = NULL; - ctx->v_check = NULL; - DSO_free(ctx->dynamic_dso); - ctx->dynamic_dso = NULL; - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_VERSION_INCOMPATIBILITY); - return 0; - } - } - /* - * First binary copy the ENGINE structure so that we can roll back if the - * hand-over fails - */ - memcpy(&cpy, e, sizeof(ENGINE)); - /* - * Provide the ERR, "ex_data", memory, and locking callbacks so the - * loaded library uses our state rather than its own. FIXME: As noted in - * engine.h, much of this would be simplified if each area of code - * provided its own "summary" structure of all related callbacks. It - * would also increase opaqueness. - */ - fns.static_state = ENGINE_get_static_state(); - CRYPTO_get_mem_functions(&fns.mem_fns.malloc_fn, &fns.mem_fns.realloc_fn, - &fns.mem_fns.free_fn); - /* - * Now that we've loaded the dynamic engine, make sure no "dynamic" - * ENGINE elements will show through. - */ - engine_set_all_null(e); - - /* Try to bind the ENGINE onto our own ENGINE structure */ - if (!engine_add_dynamic_id(e, (ENGINE_DYNAMIC_ID)ctx->bind_engine, 1) - || !ctx->bind_engine(e, ctx->engine_id, &fns)) { - engine_remove_dynamic_id(e, 1); - ctx->bind_engine = NULL; - ctx->v_check = NULL; - DSO_free(ctx->dynamic_dso); - ctx->dynamic_dso = NULL; - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INIT_FAILED); - /* Copy the original ENGINE structure back */ - memcpy(e, &cpy, sizeof(ENGINE)); - return 0; - } - /* Do we try to add this ENGINE to the internal list too? */ - if (ctx->list_add_value > 0) { - if (!ENGINE_add(e)) { - /* Do we tolerate this or fail? */ - if (ctx->list_add_value > 1) { - /* - * Fail - NB: By this time, it's too late to rollback, and - * trying to do so allows the bind_engine() code to have - * created leaks. We just have to fail where we are, after - * the ENGINE has changed. - */ - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_CONFLICTING_ENGINE_ID); - return 0; - } - /* Tolerate */ - ERR_clear_error(); - } - } - return 1; -} diff --git a/crypto/engine/eng_err.c b/crypto/engine/eng_err.c deleted file mode 100644 index 17c1b7d008e..00000000000 --- a/crypto/engine/eng_err.c +++ /dev/null @@ -1,94 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/engineerr.h" - -#ifndef OPENSSL_NO_ENGINE - -# ifndef OPENSSL_NO_ERR - -static const ERR_STRING_DATA ENGINE_str_reasons[] = { - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ALREADY_LOADED), "already loaded"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER), - "argument is not a number"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_CMD_NOT_EXECUTABLE), - "cmd not executable"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_COMMAND_TAKES_INPUT), - "command takes input"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_COMMAND_TAKES_NO_INPUT), - "command takes no input"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_CONFLICTING_ENGINE_ID), - "conflicting engine id"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED), - "ctrl command not implemented"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_DSO_FAILURE), "DSO failure"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_DSO_NOT_FOUND), "dso not found"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ENGINES_SECTION_ERROR), - "engines section error"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ENGINE_CONFIGURATION_ERROR), - "engine configuration error"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ENGINE_IS_NOT_IN_LIST), - "engine is not in the list"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ENGINE_SECTION_ERROR), - "engine section error"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_FAILED_LOADING_PRIVATE_KEY), - "failed loading private key"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_FAILED_LOADING_PUBLIC_KEY), - "failed loading public key"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_FINISH_FAILED), "finish failed"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ID_OR_NAME_MISSING), - "'id' or 'name' missing"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INIT_FAILED), "init failed"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INTERNAL_LIST_ERROR), - "internal list error"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_ARGUMENT), - "invalid argument"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_CMD_NAME), - "invalid cmd name"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_CMD_NUMBER), - "invalid cmd number"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_INIT_VALUE), - "invalid init value"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_STRING), "invalid string"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NOT_INITIALISED), "not initialised"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NOT_LOADED), "not loaded"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_CONTROL_FUNCTION), - "no control function"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_INDEX), "no index"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_LOAD_FUNCTION), - "no load function"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_REFERENCE), "no reference"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_SUCH_ENGINE), "no such engine"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_UNIMPLEMENTED_CIPHER), - "unimplemented cipher"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_UNIMPLEMENTED_DIGEST), - "unimplemented digest"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD), - "unimplemented public key method"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_VERSION_INCOMPATIBILITY), - "version incompatibility"}, - {0, NULL} -}; - -# endif - -int ossl_err_load_ENGINE_strings(void) -{ -# ifndef OPENSSL_NO_ERR - if (ERR_reason_error_string(ENGINE_str_reasons[0].error) == NULL) - ERR_load_strings_const(ENGINE_str_reasons); -# endif - return 1; -} -#else -NON_EMPTY_TRANSLATION_UNIT -#endif diff --git a/crypto/engine/eng_fat.c b/crypto/engine/eng_fat.c deleted file mode 100644 index 0cf27715c5c..00000000000 --- a/crypto/engine/eng_fat.c +++ /dev/null @@ -1,121 +0,0 @@ -/* - * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include "eng_local.h" -#include - -int ENGINE_set_default(ENGINE *e, unsigned int flags) -{ - if ((flags & ENGINE_METHOD_CIPHERS) && !ENGINE_set_default_ciphers(e)) - return 0; - if ((flags & ENGINE_METHOD_DIGESTS) && !ENGINE_set_default_digests(e)) - return 0; - if ((flags & ENGINE_METHOD_RSA) && !ENGINE_set_default_RSA(e)) - return 0; -#ifndef OPENSSL_NO_DSA - if ((flags & ENGINE_METHOD_DSA) && !ENGINE_set_default_DSA(e)) - return 0; -#endif -#ifndef OPENSSL_NO_DH - if ((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e)) - return 0; -#endif -#ifndef OPENSSL_NO_EC - if ((flags & ENGINE_METHOD_EC) && !ENGINE_set_default_EC(e)) - return 0; -#endif - if ((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e)) - return 0; - if ((flags & ENGINE_METHOD_PKEY_METHS) - && !ENGINE_set_default_pkey_meths(e)) - return 0; - if ((flags & ENGINE_METHOD_PKEY_ASN1_METHS) - && !ENGINE_set_default_pkey_asn1_meths(e)) - return 0; - return 1; -} - -/* Set default algorithms using a string */ - -static int int_def_cb(const char *alg, int len, void *arg) -{ - unsigned int *pflags = arg; - if (alg == NULL) - return 0; - if (strncmp(alg, "ALL", len) == 0) - *pflags |= ENGINE_METHOD_ALL; - else if (strncmp(alg, "RSA", len) == 0) - *pflags |= ENGINE_METHOD_RSA; - else if (strncmp(alg, "DSA", len) == 0) - *pflags |= ENGINE_METHOD_DSA; - else if (strncmp(alg, "DH", len) == 0) - *pflags |= ENGINE_METHOD_DH; - else if (strncmp(alg, "EC", len) == 0) - *pflags |= ENGINE_METHOD_EC; - else if (strncmp(alg, "RAND", len) == 0) - *pflags |= ENGINE_METHOD_RAND; - else if (strncmp(alg, "CIPHERS", len) == 0) - *pflags |= ENGINE_METHOD_CIPHERS; - else if (strncmp(alg, "DIGESTS", len) == 0) - *pflags |= ENGINE_METHOD_DIGESTS; - else if (strncmp(alg, "PKEY", len) == 0) - *pflags |= ENGINE_METHOD_PKEY_METHS | ENGINE_METHOD_PKEY_ASN1_METHS; - else if (strncmp(alg, "PKEY_CRYPTO", len) == 0) - *pflags |= ENGINE_METHOD_PKEY_METHS; - else if (strncmp(alg, "PKEY_ASN1", len) == 0) - *pflags |= ENGINE_METHOD_PKEY_ASN1_METHS; - else - return 0; - return 1; -} - -int ENGINE_set_default_string(ENGINE *e, const char *def_list) -{ - unsigned int flags = 0; - if (!CONF_parse_list(def_list, ',', 1, int_def_cb, &flags)) { - ERR_raise_data(ERR_LIB_ENGINE, ENGINE_R_INVALID_STRING, - "str=%s", def_list); - return 0; - } - return ENGINE_set_default(e, flags); -} - -int ENGINE_register_complete(ENGINE *e) -{ - ENGINE_register_ciphers(e); - ENGINE_register_digests(e); - ENGINE_register_RSA(e); -#ifndef OPENSSL_NO_DSA - ENGINE_register_DSA(e); -#endif -#ifndef OPENSSL_NO_DH - ENGINE_register_DH(e); -#endif -#ifndef OPENSSL_NO_EC - ENGINE_register_EC(e); -#endif - ENGINE_register_RAND(e); - ENGINE_register_pkey_meths(e); - ENGINE_register_pkey_asn1_meths(e); - return 1; -} - -int ENGINE_register_all_complete(void) -{ - ENGINE *e; - - for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) - if (!(e->flags & ENGINE_FLAGS_NO_REGISTER_ALL)) - ENGINE_register_complete(e); - return 1; -} diff --git a/crypto/engine/eng_init.c b/crypto/engine/eng_init.c deleted file mode 100644 index 0f0b3d7ee09..00000000000 --- a/crypto/engine/eng_init.c +++ /dev/null @@ -1,118 +0,0 @@ -/* - * Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include "internal/e_os.h" -#include "eng_local.h" - -/* - * Initialise an engine type for use (or up its functional reference count if - * it's already in use). This version is only used internally. - */ -int engine_unlocked_init(ENGINE *e) -{ - int to_return = 1; - - if ((e->funct_ref == 0) && e->init) - /* - * This is the first functional reference and the engine requires - * initialisation so we do it now. - */ - to_return = e->init(e); - if (to_return) { - int ref; - - /* - * OK, we return a functional reference which is also a structural - * reference. - */ - if (!CRYPTO_UP_REF(&e->struct_ref, &ref)) { - e->finish(e); - return 0; - } - e->funct_ref++; - } - return to_return; -} - -/* - * Free a functional reference to an engine type. This version is only used - * internally. - */ -int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers) -{ - int to_return = 1; - - /* - * Reduce the functional reference count here so if it's the terminating - * case, we can release the lock safely and call the finish() handler - * without risk of a race. We get a race if we leave the count until - * after and something else is calling "finish" at the same time - - * there's a chance that both threads will together take the count from 2 - * to 0 without either calling finish(). - */ - e->funct_ref--; - if ((e->funct_ref == 0) && e->finish) { - if (unlock_for_handlers) - CRYPTO_THREAD_unlock(global_engine_lock); - to_return = e->finish(e); - if (unlock_for_handlers) - if (!CRYPTO_THREAD_write_lock(global_engine_lock)) - return 0; - if (!to_return) - return 0; - } - REF_ASSERT_ISNT(e->funct_ref < 0); - /* Release the structural reference too */ - if (!engine_free_util(e, 0)) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_FINISH_FAILED); - return 0; - } - return to_return; -} - -/* The API (locked) version of "init" */ -int ENGINE_init(ENGINE *e) -{ - int ret; - if (e == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) { - /* Maybe this should be raised in do_engine_lock_init() */ - ERR_raise(ERR_LIB_ENGINE, ERR_R_CRYPTO_LIB); - return 0; - } - if (!CRYPTO_THREAD_write_lock(global_engine_lock)) - return 0; - ret = engine_unlocked_init(e); - CRYPTO_THREAD_unlock(global_engine_lock); - return ret; -} - -/* The API (locked) version of "finish" */ -int ENGINE_finish(ENGINE *e) -{ - int to_return = 1; - - if (e == NULL) - return 1; - if (!CRYPTO_THREAD_write_lock(global_engine_lock)) - return 0; - to_return = engine_unlocked_finish(e, 1); - CRYPTO_THREAD_unlock(global_engine_lock); - if (!to_return) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_FINISH_FAILED); - return 0; - } - return to_return; -} diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c deleted file mode 100644 index 08da03d5fe3..00000000000 --- a/crypto/engine/eng_lib.c +++ /dev/null @@ -1,307 +0,0 @@ -/* - * Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/e_os.h" -#include "eng_local.h" -#include -#include "internal/refcount.h" - -CRYPTO_RWLOCK *global_engine_lock; - -CRYPTO_ONCE engine_lock_init = CRYPTO_ONCE_STATIC_INIT; - -/* The "new"/"free" stuff first */ - -DEFINE_RUN_ONCE(do_engine_lock_init) -{ - global_engine_lock = CRYPTO_THREAD_lock_new(); - return global_engine_lock != NULL; -} - -ENGINE *ENGINE_new(void) -{ - ENGINE *ret; - - if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) { - /* Maybe this should be raised in do_engine_lock_init() */ - ERR_raise(ERR_LIB_ENGINE, ERR_R_CRYPTO_LIB); - return 0; - } - if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) - return NULL; - if (!CRYPTO_NEW_REF(&ret->struct_ref, 1)) { - OPENSSL_free(ret); - return NULL; - } - if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data)) { - CRYPTO_FREE_REF(&ret->struct_ref); - OPENSSL_free(ret); - return NULL; - } - return ret; -} - -/* - * Placed here (close proximity to ENGINE_new) so that modifications to the - * elements of the ENGINE structure are more likely to be caught and changed - * here. - */ -void engine_set_all_null(ENGINE *e) -{ - e->id = NULL; - e->name = NULL; - e->rsa_meth = NULL; - e->dsa_meth = NULL; - e->dh_meth = NULL; - e->rand_meth = NULL; - e->ciphers = NULL; - e->digests = NULL; - e->destroy = NULL; - e->init = NULL; - e->finish = NULL; - e->ctrl = NULL; - e->load_privkey = NULL; - e->load_pubkey = NULL; - e->cmd_defns = NULL; - e->flags = 0; - e->dynamic_id = NULL; -} - -int engine_free_util(ENGINE *e, int not_locked) -{ - int i; - - if (e == NULL) - return 1; - CRYPTO_DOWN_REF(&e->struct_ref, &i); - if (i > 0) - return 1; - REF_ASSERT_ISNT(i < 0); - /* Free up any dynamically allocated public key methods */ - engine_pkey_meths_free(e); - engine_pkey_asn1_meths_free(e); - /* - * Give the ENGINE a chance to do any structural cleanup corresponding to - * allocation it did in its constructor (eg. unload error strings) - */ - if (e->destroy) - e->destroy(e); - engine_remove_dynamic_id(e, not_locked); - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data); - CRYPTO_FREE_REF(&e->struct_ref); - OPENSSL_free(e); - return 1; -} - -int ENGINE_free(ENGINE *e) -{ - return engine_free_util(e, 1); -} - -/* Cleanup stuff */ - -/* - * engine_cleanup_int() is coded such that anything that does work that will - * need cleanup can register a "cleanup" callback here. That way we don't get - * linker bloat by referring to all *possible* cleanups, but any linker bloat - * into code "X" will cause X's cleanup function to end up here. - */ -static STACK_OF(ENGINE_CLEANUP_ITEM) *cleanup_stack = NULL; -static int int_cleanup_check(int create) -{ - if (cleanup_stack) - return 1; - if (!create) - return 0; - cleanup_stack = sk_ENGINE_CLEANUP_ITEM_new_null(); - return (cleanup_stack ? 1 : 0); -} - -static ENGINE_CLEANUP_ITEM *int_cleanup_item(ENGINE_CLEANUP_CB *cb) -{ - ENGINE_CLEANUP_ITEM *item; - - if ((item = OPENSSL_malloc(sizeof(*item))) == NULL) - return NULL; - item->cb = cb; - return item; -} - -int engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb) -{ - ENGINE_CLEANUP_ITEM *item; - - if (!int_cleanup_check(1)) - return 0; - item = int_cleanup_item(cb); - if (item != NULL) { - if (sk_ENGINE_CLEANUP_ITEM_insert(cleanup_stack, item, 0)) - return 1; - OPENSSL_free(item); - } - return 0; -} - -int engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb) -{ - ENGINE_CLEANUP_ITEM *item; - - if (!int_cleanup_check(1)) - return 0; - item = int_cleanup_item(cb); - if (item != NULL) { - if (sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item) > 0) - return 1; - OPENSSL_free(item); - } - return 0; -} - -/* The API function that performs all cleanup */ -static void engine_cleanup_cb_free(ENGINE_CLEANUP_ITEM *item) -{ - (*(item->cb)) (); - OPENSSL_free(item); -} - -void engine_cleanup_int(void) -{ - if (int_cleanup_check(0)) { - sk_ENGINE_CLEANUP_ITEM_pop_free(cleanup_stack, - engine_cleanup_cb_free); - cleanup_stack = NULL; - } - CRYPTO_THREAD_lock_free(global_engine_lock); - global_engine_lock = NULL; -} - -/* Now the "ex_data" support */ - -int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg) -{ - return CRYPTO_set_ex_data(&e->ex_data, idx, arg); -} - -void *ENGINE_get_ex_data(const ENGINE *e, int idx) -{ - return CRYPTO_get_ex_data(&e->ex_data, idx); -} - -/* - * Functions to get/set an ENGINE's elements - mainly to avoid exposing the - * ENGINE structure itself. - */ - -int ENGINE_set_id(ENGINE *e, const char *id) -{ - if (id == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - e->id = id; - return 1; -} - -int ENGINE_set_name(ENGINE *e, const char *name) -{ - if (name == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - e->name = name; - return 1; -} - -int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f) -{ - e->destroy = destroy_f; - return 1; -} - -int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f) -{ - e->init = init_f; - return 1; -} - -int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f) -{ - e->finish = finish_f; - return 1; -} - -int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f) -{ - e->ctrl = ctrl_f; - return 1; -} - -int ENGINE_set_flags(ENGINE *e, int flags) -{ - e->flags = flags; - return 1; -} - -int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns) -{ - e->cmd_defns = defns; - return 1; -} - -const char *ENGINE_get_id(const ENGINE *e) -{ - return e->id; -} - -const char *ENGINE_get_name(const ENGINE *e) -{ - return e->name; -} - -ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e) -{ - return e->destroy; -} - -ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e) -{ - return e->init; -} - -ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e) -{ - return e->finish; -} - -ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e) -{ - return e->ctrl; -} - -int ENGINE_get_flags(const ENGINE *e) -{ - return e->flags; -} - -const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e) -{ - return e->cmd_defns; -} - -/* - * eng_lib.o is pretty much linked into anything that touches ENGINE already, - * so put the "static_state" hack here. - */ - -static int internal_static_hack = 0; - -void *ENGINE_get_static_state(void) -{ - return &internal_static_hack; -} diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c deleted file mode 100644 index 5184ab27bd1..00000000000 --- a/crypto/engine/eng_list.c +++ /dev/null @@ -1,482 +0,0 @@ -/* - * Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include "eng_local.h" - -/* - * The linked-list of pointers to engine types. engine_list_head incorporates - * an implicit structural reference but engine_list_tail does not - the - * latter is a computational optimization and only points to something that - * is already pointed to by its predecessor in the list (or engine_list_head - * itself). In the same way, the use of the "prev" pointer in each ENGINE is - * to save excessive list iteration, it doesn't correspond to an extra - * structural reference. Hence, engine_list_head, and each non-null "next" - * pointer account for the list itself assuming exactly 1 structural - * reference on each list member. - */ -static ENGINE *engine_list_head = NULL; -static ENGINE *engine_list_tail = NULL; - -/* - * The linked list of currently loaded dynamic engines. - */ -static ENGINE *engine_dyn_list_head = NULL; -static ENGINE *engine_dyn_list_tail = NULL; - -/* - * This cleanup function is only needed internally. If it should be called, - * we register it with the "engine_cleanup_int()" stack to be called during - * cleanup. - */ - -static void engine_list_cleanup(void) -{ - ENGINE *iterator = engine_list_head; - - while (iterator != NULL) { - ENGINE_remove(iterator); - iterator = engine_list_head; - } - return; -} - -/* - * These static functions starting with a lower case "engine_" always take - * place when global_engine_lock has been locked up. - */ -static int engine_list_add(ENGINE *e) -{ - int conflict = 0; - ENGINE *iterator = NULL; - int ref; - - if (e == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - iterator = engine_list_head; - while (iterator && !conflict) { - conflict = (strcmp(iterator->id, e->id) == 0); - iterator = iterator->next; - } - if (conflict) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_CONFLICTING_ENGINE_ID); - return 0; - } - - /* - * Having the engine in the list assumes a structural reference. - */ - if (!CRYPTO_UP_REF(&e->struct_ref, &ref)) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INTERNAL_LIST_ERROR); - return 0; - } - if (engine_list_head == NULL) { - /* We are adding to an empty list. */ - if (engine_list_tail != NULL) { - CRYPTO_DOWN_REF(&e->struct_ref, &ref); - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INTERNAL_LIST_ERROR); - return 0; - } - /* - * The first time the list allocates, we should register the cleanup. - */ - if (!engine_cleanup_add_last(engine_list_cleanup)) { - CRYPTO_DOWN_REF(&e->struct_ref, &ref); - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INTERNAL_LIST_ERROR); - return 0; - } - engine_list_head = e; - e->prev = NULL; - } else { - /* We are adding to the tail of an existing list. */ - if ((engine_list_tail == NULL) || (engine_list_tail->next != NULL)) { - CRYPTO_DOWN_REF(&e->struct_ref, &ref); - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INTERNAL_LIST_ERROR); - return 0; - } - engine_list_tail->next = e; - e->prev = engine_list_tail; - } - - /* However it came to be, e is the last item in the list. */ - engine_list_tail = e; - e->next = NULL; - return 1; -} - -static int engine_list_remove(ENGINE *e) -{ - ENGINE *iterator; - - if (e == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - /* We need to check that e is in our linked list! */ - iterator = engine_list_head; - while (iterator && (iterator != e)) - iterator = iterator->next; - if (iterator == NULL) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_ENGINE_IS_NOT_IN_LIST); - return 0; - } - /* un-link e from the chain. */ - if (e->next) - e->next->prev = e->prev; - if (e->prev) - e->prev->next = e->next; - /* Correct our head/tail if necessary. */ - if (engine_list_head == e) - engine_list_head = e->next; - if (engine_list_tail == e) - engine_list_tail = e->prev; - engine_free_util(e, 0); - return 1; -} - -/* Add engine to dynamic engine list. */ -int engine_add_dynamic_id(ENGINE *e, ENGINE_DYNAMIC_ID dynamic_id, - int not_locked) -{ - int result = 0; - ENGINE *iterator = NULL; - - if (e == NULL) - return 0; - - if (e->dynamic_id == NULL && dynamic_id == NULL) - return 0; - - if (not_locked && !CRYPTO_THREAD_write_lock(global_engine_lock)) - return 0; - - if (dynamic_id != NULL) { - iterator = engine_dyn_list_head; - while (iterator != NULL) { - if (iterator->dynamic_id == dynamic_id) - goto err; - iterator = iterator->next; - } - if (e->dynamic_id != NULL) - goto err; - e->dynamic_id = dynamic_id; - } - - if (engine_dyn_list_head == NULL) { - /* We are adding to an empty list. */ - if (engine_dyn_list_tail != NULL) - goto err; - engine_dyn_list_head = e; - e->prev_dyn = NULL; - } else { - /* We are adding to the tail of an existing list. */ - if (engine_dyn_list_tail == NULL - || engine_dyn_list_tail->next_dyn != NULL) - goto err; - engine_dyn_list_tail->next_dyn = e; - e->prev_dyn = engine_dyn_list_tail; - } - - engine_dyn_list_tail = e; - e->next_dyn = NULL; - result = 1; - - err: - if (not_locked) - CRYPTO_THREAD_unlock(global_engine_lock); - return result; -} - -/* Remove engine from dynamic engine list. */ -void engine_remove_dynamic_id(ENGINE *e, int not_locked) -{ - if (e == NULL || e->dynamic_id == NULL) - return; - - if (not_locked && !CRYPTO_THREAD_write_lock(global_engine_lock)) - return; - - e->dynamic_id = NULL; - - /* un-link e from the chain. */ - if (e->next_dyn != NULL) - e->next_dyn->prev_dyn = e->prev_dyn; - if (e->prev_dyn != NULL) - e->prev_dyn->next_dyn = e->next_dyn; - /* Correct our head/tail if necessary. */ - if (engine_dyn_list_head == e) - engine_dyn_list_head = e->next_dyn; - if (engine_dyn_list_tail == e) - engine_dyn_list_tail = e->prev_dyn; - - if (not_locked) - CRYPTO_THREAD_unlock(global_engine_lock); -} - -/* Get the first/last "ENGINE" type available. */ -ENGINE *ENGINE_get_first(void) -{ - ENGINE *ret; - - if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) { - /* Maybe this should be raised in do_engine_lock_init() */ - ERR_raise(ERR_LIB_ENGINE, ERR_R_CRYPTO_LIB); - return NULL; - } - - if (!CRYPTO_THREAD_write_lock(global_engine_lock)) - return NULL; - ret = engine_list_head; - if (ret) { - int ref; - - if (!CRYPTO_UP_REF(&ret->struct_ref, &ref)) { - CRYPTO_THREAD_unlock(global_engine_lock); - ERR_raise(ERR_LIB_ENGINE, ERR_R_CRYPTO_LIB); - return NULL; - } - } - CRYPTO_THREAD_unlock(global_engine_lock); - return ret; -} - -ENGINE *ENGINE_get_last(void) -{ - ENGINE *ret; - - if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) { - /* Maybe this should be raised in do_engine_lock_init() */ - ERR_raise(ERR_LIB_ENGINE, ERR_R_CRYPTO_LIB); - return NULL; - } - - if (!CRYPTO_THREAD_write_lock(global_engine_lock)) - return NULL; - ret = engine_list_tail; - if (ret) { - int ref; - - if (!CRYPTO_UP_REF(&ret->struct_ref, &ref)) { - CRYPTO_THREAD_unlock(global_engine_lock); - ERR_raise(ERR_LIB_ENGINE, ERR_R_CRYPTO_LIB); - return NULL; - } - } - CRYPTO_THREAD_unlock(global_engine_lock); - return ret; -} - -/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */ -ENGINE *ENGINE_get_next(ENGINE *e) -{ - ENGINE *ret = NULL; - if (e == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - if (!CRYPTO_THREAD_write_lock(global_engine_lock)) - return NULL; - ret = e->next; - if (ret) { - int ref; - - /* Return a valid structural reference to the next ENGINE */ - if (!CRYPTO_UP_REF(&ret->struct_ref, &ref)) { - CRYPTO_THREAD_unlock(global_engine_lock); - ERR_raise(ERR_LIB_ENGINE, ERR_R_CRYPTO_LIB); - return NULL; - } - } - CRYPTO_THREAD_unlock(global_engine_lock); - /* Release the structural reference to the previous ENGINE */ - ENGINE_free(e); - return ret; -} - -ENGINE *ENGINE_get_prev(ENGINE *e) -{ - ENGINE *ret = NULL; - if (e == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - if (!CRYPTO_THREAD_write_lock(global_engine_lock)) - return NULL; - ret = e->prev; - if (ret) { - int ref; - - /* Return a valid structural reference to the next ENGINE */ - if (!CRYPTO_UP_REF(&ret->struct_ref, &ref)) { - CRYPTO_THREAD_unlock(global_engine_lock); - ERR_raise(ERR_LIB_ENGINE, ERR_R_CRYPTO_LIB); - return NULL; - } - } - CRYPTO_THREAD_unlock(global_engine_lock); - /* Release the structural reference to the previous ENGINE */ - ENGINE_free(e); - return ret; -} - -/* Add another "ENGINE" type into the list. */ -int ENGINE_add(ENGINE *e) -{ - int to_return = 1; - if (e == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if ((e->id == NULL) || (e->name == NULL)) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_ID_OR_NAME_MISSING); - return 0; - } - if (!CRYPTO_THREAD_write_lock(global_engine_lock)) - return 0; - if (!engine_list_add(e)) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INTERNAL_LIST_ERROR); - to_return = 0; - } - CRYPTO_THREAD_unlock(global_engine_lock); - return to_return; -} - -/* Remove an existing "ENGINE" type from the array. */ -int ENGINE_remove(ENGINE *e) -{ - int to_return = 1; - if (e == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (!CRYPTO_THREAD_write_lock(global_engine_lock)) - return 0; - if (!engine_list_remove(e)) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INTERNAL_LIST_ERROR); - to_return = 0; - } - CRYPTO_THREAD_unlock(global_engine_lock); - return to_return; -} - -static void engine_cpy(ENGINE *dest, const ENGINE *src) -{ - dest->id = src->id; - dest->name = src->name; - dest->rsa_meth = src->rsa_meth; -#ifndef OPENSSL_NO_DSA - dest->dsa_meth = src->dsa_meth; -#endif -#ifndef OPENSSL_NO_DH - dest->dh_meth = src->dh_meth; -#endif -#ifndef OPENSSL_NO_EC - dest->ec_meth = src->ec_meth; -#endif - dest->rand_meth = src->rand_meth; - dest->ciphers = src->ciphers; - dest->digests = src->digests; - dest->pkey_meths = src->pkey_meths; - dest->destroy = src->destroy; - dest->init = src->init; - dest->finish = src->finish; - dest->ctrl = src->ctrl; - dest->load_privkey = src->load_privkey; - dest->load_pubkey = src->load_pubkey; - dest->cmd_defns = src->cmd_defns; - dest->flags = src->flags; - dest->dynamic_id = src->dynamic_id; - engine_add_dynamic_id(dest, NULL, 0); -} - -ENGINE *ENGINE_by_id(const char *id) -{ - ENGINE *iterator; - const char *load_dir = NULL; - if (id == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - ENGINE_load_builtin_engines(); - - if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) { - /* Maybe this should be raised in do_engine_lock_init() */ - ERR_raise(ERR_LIB_ENGINE, ERR_R_CRYPTO_LIB); - return NULL; - } - - if (!CRYPTO_THREAD_write_lock(global_engine_lock)) - return NULL; - iterator = engine_list_head; - while (iterator && (strcmp(id, iterator->id) != 0)) - iterator = iterator->next; - if (iterator != NULL) { - /* - * We need to return a structural reference. If this is an ENGINE - * type that returns copies, make a duplicate - otherwise increment - * the existing ENGINE's reference count. - */ - if (iterator->flags & ENGINE_FLAGS_BY_ID_COPY) { - ENGINE *cp = ENGINE_new(); - if (cp == NULL) - iterator = NULL; - else { - engine_cpy(cp, iterator); - iterator = cp; - } - } else { - int ref; - - if (!CRYPTO_UP_REF(&iterator->struct_ref, &ref)) { - CRYPTO_THREAD_unlock(global_engine_lock); - ERR_raise(ERR_LIB_ENGINE, ERR_R_CRYPTO_LIB); - return NULL; - } - } - } - CRYPTO_THREAD_unlock(global_engine_lock); - if (iterator != NULL) - return iterator; - /* - * Prevent infinite recursion if we're looking for the dynamic engine. - */ - if (strcmp(id, "dynamic")) { - load_dir = ossl_safe_getenv("OPENSSL_ENGINES"); - iterator = ENGINE_by_id("dynamic"); - if (!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) || - !ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) || - !ENGINE_ctrl_cmd_string(iterator, "DIR_ADD", - load_dir, 0) || - !ENGINE_ctrl_cmd_string(iterator, "LIST_ADD", "1", 0) || - !ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0)) - goto notfound; - return iterator; - } - notfound: - ENGINE_free(iterator); - ERR_raise_data(ERR_LIB_ENGINE, ENGINE_R_NO_SUCH_ENGINE, "id=%s", id); - return NULL; - /* EEK! Experimental code ends */ -} - -int ENGINE_up_ref(ENGINE *e) -{ - int i; - if (e == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - CRYPTO_UP_REF(&e->struct_ref, &i); - return 1; -} diff --git a/crypto/engine/eng_local.h b/crypto/engine/eng_local.h deleted file mode 100644 index 8ceca4a615f..00000000000 --- a/crypto/engine/eng_local.h +++ /dev/null @@ -1,153 +0,0 @@ -/* - * Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OSSL_CRYPTO_ENGINE_ENG_LOCAL_H -# define OSSL_CRYPTO_ENGINE_ENG_LOCAL_H - -# include -# include "internal/cryptlib.h" -# include "crypto/engine.h" -# include "internal/thread_once.h" -# include "internal/refcount.h" - -extern CRYPTO_RWLOCK *global_engine_lock; - -/* - * Any code that will need cleanup operations should use these functions to - * register callbacks. engine_cleanup_int() will call all registered - * callbacks in order. NB: both the "add" functions assume the engine lock to - * already be held (in "write" mode). - */ -typedef void (ENGINE_CLEANUP_CB) (void); -typedef struct st_engine_cleanup_item { - ENGINE_CLEANUP_CB *cb; -} ENGINE_CLEANUP_ITEM; -DEFINE_STACK_OF(ENGINE_CLEANUP_ITEM) -int engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb); -int engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb); - -/* We need stacks of ENGINEs for use in eng_table.c */ -DEFINE_STACK_OF(ENGINE) - -/* - * This represents an implementation table. Dependent code should instantiate - * it as a (ENGINE_TABLE *) pointer value set initially to NULL. - */ -typedef struct st_engine_table ENGINE_TABLE; -int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, - ENGINE *e, const int *nids, int num_nids, - int setdefault); -void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e); -void engine_table_cleanup(ENGINE_TABLE **table); -ENGINE *ossl_engine_table_select(ENGINE_TABLE **table, int nid, - const char *f, int l); -typedef void (engine_table_doall_cb) (int nid, STACK_OF(ENGINE) *sk, - ENGINE *def, void *arg); -void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb, - void *arg); - -/* - * Internal versions of API functions that have control over locking. These - * are used between C files when functionality needs to be shared but the - * caller may already be controlling of the engine lock. - */ -int engine_unlocked_init(ENGINE *e); -int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers); -int engine_free_util(ENGINE *e, int not_locked); - -/* - * This function will reset all "set"able values in an ENGINE to NULL. This - * won't touch reference counts or ex_data, but is equivalent to calling all - * the ENGINE_set_***() functions with a NULL value. - */ -void engine_set_all_null(ENGINE *e); - -/* - * NB: Bitwise OR-able values for the "flags" variable in ENGINE are now - * exposed in engine.h. - */ - -/* Free up dynamically allocated public key methods associated with ENGINE */ - -void engine_pkey_meths_free(ENGINE *e); -void engine_pkey_asn1_meths_free(ENGINE *e); - -/* Once initialisation function */ -extern CRYPTO_ONCE engine_lock_init; -DECLARE_RUN_ONCE(do_engine_lock_init) - -typedef void (*ENGINE_DYNAMIC_ID)(void); -int engine_add_dynamic_id(ENGINE *e, ENGINE_DYNAMIC_ID dynamic_id, - int not_locked); -void engine_remove_dynamic_id(ENGINE *e, int not_locked); - -/* - * This is a structure for storing implementations of various crypto - * algorithms and functions. - */ -struct engine_st { - const char *id; - const char *name; - const RSA_METHOD *rsa_meth; - const DSA_METHOD *dsa_meth; - const DH_METHOD *dh_meth; - const EC_KEY_METHOD *ec_meth; - const RAND_METHOD *rand_meth; - /* Cipher handling is via this callback */ - ENGINE_CIPHERS_PTR ciphers; - /* Digest handling is via this callback */ - ENGINE_DIGESTS_PTR digests; - /* Public key handling via this callback */ - ENGINE_PKEY_METHS_PTR pkey_meths; - /* ASN1 public key handling via this callback */ - ENGINE_PKEY_ASN1_METHS_PTR pkey_asn1_meths; - ENGINE_GEN_INT_FUNC_PTR destroy; - ENGINE_GEN_INT_FUNC_PTR init; - ENGINE_GEN_INT_FUNC_PTR finish; - ENGINE_CTRL_FUNC_PTR ctrl; - ENGINE_LOAD_KEY_PTR load_privkey; - ENGINE_LOAD_KEY_PTR load_pubkey; - ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert; - const ENGINE_CMD_DEFN *cmd_defns; - int flags; - /* reference count on the structure itself */ - CRYPTO_REF_COUNT struct_ref; - /* - * reference count on usability of the engine type. NB: This controls the - * loading and initialisation of any functionality required by this - * engine, whereas the previous count is simply to cope with - * (de)allocation of this structure. Hence, running_ref <= struct_ref at - * all times. - */ - int funct_ref; - /* A place to store per-ENGINE data */ - CRYPTO_EX_DATA ex_data; - /* Used to maintain the linked-list of engines. */ - struct engine_st *prev; - struct engine_st *next; - /* Used to maintain the linked-list of dynamic engines. */ - struct engine_st *prev_dyn; - struct engine_st *next_dyn; - ENGINE_DYNAMIC_ID dynamic_id; -}; - -typedef struct st_engine_pile ENGINE_PILE; - -DEFINE_LHASH_OF_EX(ENGINE_PILE); - -static ossl_unused ossl_inline int eng_struct_ref(ENGINE *e) -{ - int res; - - CRYPTO_GET_REF(&e->struct_ref, &res); - return res; -} - -#endif /* OSSL_CRYPTO_ENGINE_ENG_LOCAL_H */ diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c deleted file mode 100644 index cc4fe96218e..00000000000 --- a/crypto/engine/eng_openssl.c +++ /dev/null @@ -1,670 +0,0 @@ -/* - * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -/* - * RC4 and SHA-1 low level APIs and EVP _meth_ APISs are deprecated for public - * use, but still ok for internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#include "internal/cryptlib.h" -#include "crypto/engine.h" -#include -#include -#include -#include -#include -#include - -#include -#include - -/* - * This testing gunk is implemented (and explained) lower down. It also - * assumes the application explicitly calls "ENGINE_load_openssl()" because - * this is no longer automatic in ENGINE_load_builtin_engines(). - */ -#define TEST_ENG_OPENSSL_RC4 -#ifndef OPENSSL_NO_STDIO -# define TEST_ENG_OPENSSL_PKEY -#endif -/* #define TEST_ENG_OPENSSL_HMAC */ -/* #define TEST_ENG_OPENSSL_HMAC_INIT */ -/* #define TEST_ENG_OPENSSL_RC4_OTHERS */ -#ifndef OPENSSL_NO_STDIO -# define TEST_ENG_OPENSSL_RC4_P_INIT -#endif -/* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */ -#define TEST_ENG_OPENSSL_SHA -/* #define TEST_ENG_OPENSSL_SHA_OTHERS */ -/* #define TEST_ENG_OPENSSL_SHA_P_INIT */ -/* #define TEST_ENG_OPENSSL_SHA_P_UPDATE */ -/* #define TEST_ENG_OPENSSL_SHA_P_FINAL */ - -/* Now check what of those algorithms are actually enabled */ -#ifdef OPENSSL_NO_RC4 -# undef TEST_ENG_OPENSSL_RC4 -# undef TEST_ENG_OPENSSL_RC4_OTHERS -# undef TEST_ENG_OPENSSL_RC4_P_INIT -# undef TEST_ENG_OPENSSL_RC4_P_CIPHER -#endif - -static int openssl_destroy(ENGINE *e); - -#ifdef TEST_ENG_OPENSSL_RC4 -static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - const int **nids, int nid); -#endif -#ifdef TEST_ENG_OPENSSL_SHA -static int openssl_digests(ENGINE *e, const EVP_MD **digest, - const int **nids, int nid); -#endif - -#ifdef TEST_ENG_OPENSSL_PKEY -static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id, - UI_METHOD *ui_method, - void *callback_data); -#endif - -#ifdef TEST_ENG_OPENSSL_HMAC -static int ossl_register_hmac_meth(void); -static int ossl_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth, - const int **nids, int nid); -#endif - -/* The constants used when creating the ENGINE */ -static const char *engine_openssl_id = "openssl"; -static const char *engine_openssl_name = "Software engine support"; - -/* - * This internal function is used by ENGINE_openssl() and possibly by the - * "dynamic" ENGINE support too - */ -static int bind_helper(ENGINE *e) -{ - if (!ENGINE_set_id(e, engine_openssl_id) - || !ENGINE_set_name(e, engine_openssl_name) - || !ENGINE_set_destroy_function(e, openssl_destroy) -#ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS - || !ENGINE_set_RSA(e, RSA_get_default_method()) -# ifndef OPENSSL_NO_DSA - || !ENGINE_set_DSA(e, DSA_get_default_method()) -# endif -# ifndef OPENSSL_NO_EC - || !ENGINE_set_EC(e, EC_KEY_OpenSSL()) -# endif -# ifndef OPENSSL_NO_DH - || !ENGINE_set_DH(e, DH_get_default_method()) -# endif - || !ENGINE_set_RAND(e, RAND_OpenSSL()) -# ifdef TEST_ENG_OPENSSL_RC4 - || !ENGINE_set_ciphers(e, openssl_ciphers) -# endif -# ifdef TEST_ENG_OPENSSL_SHA - || !ENGINE_set_digests(e, openssl_digests) -# endif -#endif -#ifdef TEST_ENG_OPENSSL_PKEY - || !ENGINE_set_load_privkey_function(e, openssl_load_privkey) -#endif -#ifdef TEST_ENG_OPENSSL_HMAC - || !ossl_register_hmac_meth() - || !ENGINE_set_pkey_meths(e, ossl_pkey_meths) -#endif - ) - return 0; - /* - * If we add errors to this ENGINE, ensure the error handling is setup - * here - */ - /* openssl_load_error_strings(); */ - return 1; -} - -static ENGINE *engine_openssl(void) -{ - ENGINE *ret = ENGINE_new(); - if (ret == NULL) - return NULL; - if (!bind_helper(ret)) { - ENGINE_free(ret); - return NULL; - } - return ret; -} - -void engine_load_openssl_int(void) -{ - ENGINE *toadd = engine_openssl(); - if (!toadd) - return; - - ERR_set_mark(); - ENGINE_add(toadd); - /* - * If the "add" worked, it gets a structural reference. So either way, we - * release our just-created reference. - */ - ENGINE_free(toadd); - /* - * If the "add" didn't work, it was probably a conflict because it was - * already added (eg. someone calling ENGINE_load_blah then calling - * ENGINE_load_builtin_engines() perhaps). - */ - ERR_pop_to_mark(); -} - -/* - * This stuff is needed if this ENGINE is being compiled into a - * self-contained shared-library. - */ -#ifdef ENGINE_DYNAMIC_SUPPORT -static int bind_fn(ENGINE *e, const char *id) -{ - if (id && (strcmp(id, engine_openssl_id) != 0)) - return 0; - if (!bind_helper(e)) - return 0; - return 1; -} - -IMPLEMENT_DYNAMIC_CHECK_FN() - IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) -#endif /* ENGINE_DYNAMIC_SUPPORT */ -#ifdef TEST_ENG_OPENSSL_RC4 -/*- - * This section of code compiles an "alternative implementation" of two modes of - * RC4 into this ENGINE. The result is that EVP_CIPHER operation for "rc4" - * should under normal circumstances go via this support rather than the default - * EVP support. There are other symbols to tweak the testing; - * TEST_ENC_OPENSSL_RC4_OTHERS - print a one line message to stderr each time - * we're asked for a cipher we don't support (should not happen). - * TEST_ENG_OPENSSL_RC4_P_INIT - print a one line message to stderr each time - * the "init_key" handler is called. - * TEST_ENG_OPENSSL_RC4_P_CIPHER - ditto for the "cipher" handler. - */ -# include -# define TEST_RC4_KEY_SIZE 16 -typedef struct { - unsigned char key[TEST_RC4_KEY_SIZE]; - RC4_KEY ks; -} TEST_RC4_KEY; -# define test(ctx) ((TEST_RC4_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx)) -static int test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - const int n = EVP_CIPHER_CTX_get_key_length(ctx); - -# ifdef TEST_ENG_OPENSSL_RC4_P_INIT - fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_init_key() called\n"); -# endif - if (n <= 0) - return n; - memcpy(&test(ctx)->key[0], key, n); - RC4_set_key(&test(ctx)->ks, n, test(ctx)->key); - return 1; -} - -static int test_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ -# ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER - fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n"); -# endif - RC4(&test(ctx)->ks, inl, in, out); - return 1; -} - -static EVP_CIPHER *r4_cipher = NULL; -static const EVP_CIPHER *test_r4_cipher(void) -{ - if (r4_cipher == NULL) { - EVP_CIPHER *cipher; - - if ((cipher = EVP_CIPHER_meth_new(NID_rc4, 1, TEST_RC4_KEY_SIZE)) == NULL - || !EVP_CIPHER_meth_set_iv_length(cipher, 0) - || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_VARIABLE_LENGTH) - || !EVP_CIPHER_meth_set_init(cipher, test_rc4_init_key) - || !EVP_CIPHER_meth_set_do_cipher(cipher, test_rc4_cipher) - || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(TEST_RC4_KEY))) { - EVP_CIPHER_meth_free(cipher); - cipher = NULL; - } - r4_cipher = cipher; - } - return r4_cipher; -} -static void test_r4_cipher_destroy(void) -{ - EVP_CIPHER_meth_free(r4_cipher); - r4_cipher = NULL; -} - -static EVP_CIPHER *r4_40_cipher = NULL; -static const EVP_CIPHER *test_r4_40_cipher(void) -{ - if (r4_40_cipher == NULL) { - EVP_CIPHER *cipher; - - if ((cipher = EVP_CIPHER_meth_new(NID_rc4, 1, 5 /* 40 bits */)) == NULL - || !EVP_CIPHER_meth_set_iv_length(cipher, 0) - || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_VARIABLE_LENGTH) - || !EVP_CIPHER_meth_set_init(cipher, test_rc4_init_key) - || !EVP_CIPHER_meth_set_do_cipher(cipher, test_rc4_cipher) - || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(TEST_RC4_KEY))) { - EVP_CIPHER_meth_free(cipher); - cipher = NULL; - } - r4_40_cipher = cipher; - } - return r4_40_cipher; -} -static void test_r4_40_cipher_destroy(void) -{ - EVP_CIPHER_meth_free(r4_40_cipher); - r4_40_cipher = NULL; -} -static int test_cipher_nids(const int **nids) -{ - static int cipher_nids[4] = { 0, 0, 0, 0 }; - static int pos = 0; - static int init = 0; - - if (!init) { - const EVP_CIPHER *cipher; - if ((cipher = test_r4_cipher()) != NULL) - cipher_nids[pos++] = EVP_CIPHER_get_nid(cipher); - if ((cipher = test_r4_40_cipher()) != NULL) - cipher_nids[pos++] = EVP_CIPHER_get_nid(cipher); - cipher_nids[pos] = 0; - init = 1; - } - *nids = cipher_nids; - return pos; -} - -static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - const int **nids, int nid) -{ - if (!cipher) { - /* We are returning a list of supported nids */ - return test_cipher_nids(nids); - } - /* We are being asked for a specific cipher */ - if (nid == NID_rc4) - *cipher = test_r4_cipher(); - else if (nid == NID_rc4_40) - *cipher = test_r4_40_cipher(); - else { -# ifdef TEST_ENG_OPENSSL_RC4_OTHERS - fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) returning NULL for " - "nid %d\n", nid); -# endif - *cipher = NULL; - return 0; - } - return 1; -} -#endif - -#ifdef TEST_ENG_OPENSSL_SHA -/* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */ -# include - -static int test_sha1_init(EVP_MD_CTX *ctx) -{ -# ifdef TEST_ENG_OPENSSL_SHA_P_INIT - fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n"); -# endif - return SHA1_Init(EVP_MD_CTX_get0_md_data(ctx)); -} - -static int test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count) -{ -# ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE - fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n"); -# endif - return SHA1_Update(EVP_MD_CTX_get0_md_data(ctx), data, count); -} - -static int test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) -{ -# ifdef TEST_ENG_OPENSSL_SHA_P_FINAL - fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n"); -# endif - return SHA1_Final(md, EVP_MD_CTX_get0_md_data(ctx)); -} - -static EVP_MD *sha1_md = NULL; -static const EVP_MD *test_sha_md(void) -{ - if (sha1_md == NULL) { - EVP_MD *md; - - if ((md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption)) == NULL - || !EVP_MD_meth_set_result_size(md, SHA_DIGEST_LENGTH) - || !EVP_MD_meth_set_input_blocksize(md, SHA_CBLOCK) - || !EVP_MD_meth_set_app_datasize(md, - sizeof(EVP_MD *) + sizeof(SHA_CTX)) - || !EVP_MD_meth_set_flags(md, 0) - || !EVP_MD_meth_set_init(md, test_sha1_init) - || !EVP_MD_meth_set_update(md, test_sha1_update) - || !EVP_MD_meth_set_final(md, test_sha1_final)) { - EVP_MD_meth_free(md); - md = NULL; - } - sha1_md = md; - } - return sha1_md; -} -static void test_sha_md_destroy(void) -{ - EVP_MD_meth_free(sha1_md); - sha1_md = NULL; -} -static int test_digest_nids(const int **nids) -{ - static int digest_nids[2] = { 0, 0 }; - static int pos = 0; - static int init = 0; - - if (!init) { - const EVP_MD *md; - if ((md = test_sha_md()) != NULL) - digest_nids[pos++] = EVP_MD_get_type(md); - digest_nids[pos] = 0; - init = 1; - } - *nids = digest_nids; - return pos; -} - -static int openssl_digests(ENGINE *e, const EVP_MD **digest, - const int **nids, int nid) -{ - if (!digest) { - /* We are returning a list of supported nids */ - return test_digest_nids(nids); - } - /* We are being asked for a specific digest */ - if (nid == NID_sha1) - *digest = test_sha_md(); - else { -# ifdef TEST_ENG_OPENSSL_SHA_OTHERS - fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for " - "nid %d\n", nid); -# endif - *digest = NULL; - return 0; - } - return 1; -} -#endif - -#ifdef TEST_ENG_OPENSSL_PKEY -static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id, - UI_METHOD *ui_method, - void *callback_data) -{ - BIO *in; - EVP_PKEY *key; - fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n", - key_id); -# if defined(OPENSSL_SYS_WINDOWS) - in = BIO_new_file(key_id, "rb"); -# else - in = BIO_new_file(key_id, "r"); -# endif - if (!in) - return NULL; - key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL); - BIO_free(in); - return key; -} -#endif - -#ifdef TEST_ENG_OPENSSL_HMAC - -/* - * Experimental HMAC redirection implementation: mainly copied from - * hm_pmeth.c - */ - -/* HMAC pkey context structure */ - -typedef struct { - const EVP_MD *md; /* MD for HMAC use */ - ASN1_OCTET_STRING ktmp; /* Temp storage for key */ - HMAC_CTX *ctx; -} OSSL_HMAC_PKEY_CTX; - -static int ossl_hmac_init(EVP_PKEY_CTX *ctx) -{ - OSSL_HMAC_PKEY_CTX *hctx; - - if ((hctx = OPENSSL_zalloc(sizeof(*hctx))) == NULL) - return 0; - hctx->ktmp.type = V_ASN1_OCTET_STRING; - hctx->ctx = HMAC_CTX_new(); - if (hctx->ctx == NULL) { - OPENSSL_free(hctx); - return 0; - } - EVP_PKEY_CTX_set_data(ctx, hctx); - EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0); -# ifdef TEST_ENG_OPENSSL_HMAC_INIT - fprintf(stderr, "(TEST_ENG_OPENSSL_HMAC) ossl_hmac_init() called\n"); -# endif - return 1; -} - -static void ossl_hmac_cleanup(EVP_PKEY_CTX *ctx); - -static int ossl_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) -{ - OSSL_HMAC_PKEY_CTX *sctx, *dctx; - - /* allocate memory for dst->data and a new HMAC_CTX in dst->data->ctx */ - if (!ossl_hmac_init(dst)) - return 0; - sctx = EVP_PKEY_CTX_get_data(src); - dctx = EVP_PKEY_CTX_get_data(dst); - dctx->md = sctx->md; - if (!HMAC_CTX_copy(dctx->ctx, sctx->ctx)) - goto err; - if (sctx->ktmp.data) { - if (!ASN1_OCTET_STRING_set(&dctx->ktmp, - sctx->ktmp.data, sctx->ktmp.length)) - goto err; - } - return 1; -err: - /* release HMAC_CTX in dst->data->ctx and memory allocated for dst->data */ - ossl_hmac_cleanup(dst); - return 0; -} - -static void ossl_hmac_cleanup(EVP_PKEY_CTX *ctx) -{ - OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx); - - if (hctx) { - HMAC_CTX_free(hctx->ctx); - OPENSSL_clear_free(hctx->ktmp.data, hctx->ktmp.length); - OPENSSL_free(hctx); - EVP_PKEY_CTX_set_data(ctx, NULL); - } -} - -static int ossl_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) -{ - ASN1_OCTET_STRING *hkey = NULL; - OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx); - if (!hctx->ktmp.data) - return 0; - hkey = ASN1_OCTET_STRING_dup(&hctx->ktmp); - if (!hkey) - return 0; - EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, hkey); - - return 1; -} - -static int ossl_int_update(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(EVP_MD_CTX_get_pkey_ctx(ctx)); - if (!HMAC_Update(hctx->ctx, data, count)) - return 0; - return 1; -} - -static int ossl_hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) -{ - EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT); - EVP_MD_CTX_set_update_fn(mctx, ossl_int_update); - return 1; -} - -static int ossl_hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, - size_t *siglen, EVP_MD_CTX *mctx) -{ - unsigned int hlen; - OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx); - int l = EVP_MD_CTX_get_size(mctx); - - if (l < 0) - return 0; - *siglen = l; - if (!sig) - return 1; - - if (!HMAC_Final(hctx->ctx, sig, &hlen)) - return 0; - *siglen = (size_t)hlen; - return 1; -} - -static int ossl_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) -{ - OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx); - EVP_PKEY *pk; - ASN1_OCTET_STRING *key; - switch (type) { - - case EVP_PKEY_CTRL_SET_MAC_KEY: - if ((!p2 && p1 > 0) || (p1 < -1)) - return 0; - if (!ASN1_OCTET_STRING_set(&hctx->ktmp, p2, p1)) - return 0; - break; - - case EVP_PKEY_CTRL_MD: - hctx->md = p2; - break; - - case EVP_PKEY_CTRL_DIGESTINIT: - pk = EVP_PKEY_CTX_get0_pkey(ctx); - key = EVP_PKEY_get0(pk); - if (!HMAC_Init_ex(hctx->ctx, key->data, key->length, hctx->md, NULL)) - return 0; - break; - - default: - return -2; - - } - return 1; -} - -static int ossl_hmac_ctrl_str(EVP_PKEY_CTX *ctx, - const char *type, const char *value) -{ - if (!value) { - return 0; - } - if (strcmp(type, "key") == 0) { - void *p = (void *)value; - return ossl_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, -1, p); - } - if (strcmp(type, "hexkey") == 0) { - unsigned char *key; - int r; - long keylen; - key = OPENSSL_hexstr2buf(value, &keylen); - if (!key) - return 0; - r = ossl_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key); - OPENSSL_free(key); - return r; - } - return -2; -} - -static EVP_PKEY_METHOD *ossl_hmac_meth; - -static int ossl_register_hmac_meth(void) -{ - EVP_PKEY_METHOD *meth; - meth = EVP_PKEY_meth_new(EVP_PKEY_HMAC, 0); - if (meth == NULL) - return 0; - EVP_PKEY_meth_set_init(meth, ossl_hmac_init); - EVP_PKEY_meth_set_copy(meth, ossl_hmac_copy); - EVP_PKEY_meth_set_cleanup(meth, ossl_hmac_cleanup); - - EVP_PKEY_meth_set_keygen(meth, 0, ossl_hmac_keygen); - - EVP_PKEY_meth_set_signctx(meth, ossl_hmac_signctx_init, - ossl_hmac_signctx); - - EVP_PKEY_meth_set_ctrl(meth, ossl_hmac_ctrl, ossl_hmac_ctrl_str); - ossl_hmac_meth = meth; - return 1; -} - -static int ossl_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth, - const int **nids, int nid) -{ - static int ossl_pkey_nids[] = { - EVP_PKEY_HMAC, - 0 - }; - - if (pmeth == NULL) { - *nids = ossl_pkey_nids; - return 1; - } - - if (nid == EVP_PKEY_HMAC) { - *pmeth = ossl_hmac_meth; - return 1; - } - - *pmeth = NULL; - return 0; -} - -#endif - -int openssl_destroy(ENGINE *e) -{ - test_sha_md_destroy(); -#ifdef TEST_ENG_OPENSSL_RC4 - test_r4_cipher_destroy(); - test_r4_40_cipher_destroy(); -#endif - return 1; -} - diff --git a/crypto/engine/eng_pkey.c b/crypto/engine/eng_pkey.c deleted file mode 100644 index d18d837e625..00000000000 --- a/crypto/engine/eng_pkey.c +++ /dev/null @@ -1,138 +0,0 @@ -/* - * Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include "eng_local.h" - -/* Basic get/set stuff */ - -int ENGINE_set_load_privkey_function(ENGINE *e, - ENGINE_LOAD_KEY_PTR loadpriv_f) -{ - e->load_privkey = loadpriv_f; - return 1; -} - -int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f) -{ - e->load_pubkey = loadpub_f; - return 1; -} - -int ENGINE_set_load_ssl_client_cert_function(ENGINE *e, - ENGINE_SSL_CLIENT_CERT_PTR - loadssl_f) -{ - e->load_ssl_client_cert = loadssl_f; - return 1; -} - -ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e) -{ - return e->load_privkey; -} - -ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e) -{ - return e->load_pubkey; -} - -ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE - *e) -{ - return e->load_ssl_client_cert; -} - -/* API functions to load public/private keys */ - -EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, - UI_METHOD *ui_method, void *callback_data) -{ - EVP_PKEY *pkey; - - if (e == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - if (!CRYPTO_THREAD_write_lock(global_engine_lock)) - return NULL; - if (e->funct_ref == 0) { - CRYPTO_THREAD_unlock(global_engine_lock); - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_NOT_INITIALISED); - return NULL; - } - CRYPTO_THREAD_unlock(global_engine_lock); - if (!e->load_privkey) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_NO_LOAD_FUNCTION); - return NULL; - } - pkey = e->load_privkey(e, key_id, ui_method, callback_data); - if (pkey == NULL) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_FAILED_LOADING_PRIVATE_KEY); - return NULL; - } - return pkey; -} - -EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, - UI_METHOD *ui_method, void *callback_data) -{ - EVP_PKEY *pkey; - - if (e == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - if (!CRYPTO_THREAD_write_lock(global_engine_lock)) - return NULL; - if (e->funct_ref == 0) { - CRYPTO_THREAD_unlock(global_engine_lock); - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_NOT_INITIALISED); - return NULL; - } - CRYPTO_THREAD_unlock(global_engine_lock); - if (!e->load_pubkey) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_NO_LOAD_FUNCTION); - return NULL; - } - pkey = e->load_pubkey(e, key_id, ui_method, callback_data); - if (pkey == NULL) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_FAILED_LOADING_PUBLIC_KEY); - return NULL; - } - return pkey; -} - -int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, - STACK_OF(X509_NAME) *ca_dn, X509 **pcert, - EVP_PKEY **ppkey, STACK_OF(X509) **pother, - UI_METHOD *ui_method, void *callback_data) -{ - - if (e == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (!CRYPTO_THREAD_write_lock(global_engine_lock)) - return 0; - if (e->funct_ref == 0) { - CRYPTO_THREAD_unlock(global_engine_lock); - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_NOT_INITIALISED); - return 0; - } - CRYPTO_THREAD_unlock(global_engine_lock); - if (!e->load_ssl_client_cert) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_NO_LOAD_FUNCTION); - return 0; - } - return e->load_ssl_client_cert(e, s, ca_dn, pcert, ppkey, pother, - ui_method, callback_data); -} diff --git a/crypto/engine/eng_rdrand.c b/crypto/engine/eng_rdrand.c deleted file mode 100644 index b3ece7bd912..00000000000 --- a/crypto/engine/eng_rdrand.c +++ /dev/null @@ -1,125 +0,0 @@ -/* - * Copyright 2011-2023 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include - -#include -#include -#include "crypto/engine.h" -#include "internal/cryptlib.h" -#include -#include -#include - -#if defined(__has_feature) -# if __has_feature(memory_sanitizer) -# include -# endif -#endif - -#if (defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined (_M_X64)) && defined(OPENSSL_CPUID_OBJ) - -size_t OPENSSL_ia32_rdrand_bytes(unsigned char *buf, size_t len); - -static int get_random_bytes(unsigned char *buf, int num) -{ - if (num < 0) { - return 0; - } - -# if defined(__has_feature) -# if __has_feature(memory_sanitizer) - /* - * MemorySanitizer fails to understand asm and produces false positive - * use-of-uninitialized-value warnings. - */ - __msan_unpoison(buf, num); -# endif -# endif - - return (size_t)num == OPENSSL_ia32_rdrand_bytes(buf, (size_t)num); -} - -static int random_status(void) -{ - return 1; -} - -static RAND_METHOD rdrand_meth = { - NULL, /* seed */ - get_random_bytes, - NULL, /* cleanup */ - NULL, /* add */ - get_random_bytes, - random_status, -}; - -static int rdrand_init(ENGINE *e) -{ - return 1; -} - -static const char *engine_e_rdrand_id = "rdrand"; -static const char *engine_e_rdrand_name = "Intel RDRAND engine"; - -static int bind_helper(ENGINE *e) -{ - if (!ENGINE_set_id(e, engine_e_rdrand_id) || - !ENGINE_set_name(e, engine_e_rdrand_name) || - !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL) || - !ENGINE_set_init_function(e, rdrand_init) || - !ENGINE_set_RAND(e, &rdrand_meth)) - return 0; - - return 1; -} - -static ENGINE *ENGINE_rdrand(void) -{ - ENGINE *ret = ENGINE_new(); - if (ret == NULL) - return NULL; - if (!bind_helper(ret)) { - ENGINE_free(ret); - return NULL; - } - return ret; -} - -void engine_load_rdrand_int(void) -{ - if (OPENSSL_ia32cap_P[1] & (1 << (62 - 32))) { - ENGINE *toadd = ENGINE_rdrand(); - if (!toadd) - return; - ERR_set_mark(); - ENGINE_add(toadd); - /* - * If the "add" worked, it gets a structural reference. So either way, we - * release our just-created reference. - */ - ENGINE_free(toadd); - /* - * If the "add" didn't work, it was probably a conflict because it was - * already added (eg. someone calling ENGINE_load_blah then calling - * ENGINE_load_builtin_engines() perhaps). - */ - ERR_pop_to_mark(); - } -} -#else -void engine_load_rdrand_int(void) -{ -} -#endif diff --git a/crypto/engine/eng_table.c b/crypto/engine/eng_table.c deleted file mode 100644 index 2eb7d2ff447..00000000000 --- a/crypto/engine/eng_table.c +++ /dev/null @@ -1,290 +0,0 @@ -/* - * Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/cryptlib.h" -#include -#include -#include -#include "eng_local.h" - -/* The type of the items in the table */ -struct st_engine_pile { - /* The 'nid' of this algorithm/mode */ - int nid; - /* ENGINEs that implement this algorithm/mode. */ - STACK_OF(ENGINE) *sk; - /* The default ENGINE to perform this algorithm/mode. */ - ENGINE *funct; - /* - * Zero if 'sk' is newer than the cached 'funct', non-zero otherwise - */ - int uptodate; -}; - -/* The type exposed in eng_local.h */ -struct st_engine_table { - LHASH_OF(ENGINE_PILE) piles; -}; /* ENGINE_TABLE */ - -typedef struct st_engine_pile_doall { - engine_table_doall_cb *cb; - void *arg; -} ENGINE_PILE_DOALL; - -/* Global flags (ENGINE_TABLE_FLAG_***). */ -static unsigned int table_flags = 0; - -/* API function manipulating 'table_flags' */ -unsigned int ENGINE_get_table_flags(void) -{ - return table_flags; -} - -void ENGINE_set_table_flags(unsigned int flags) -{ - table_flags = flags; -} - -/* Internal functions for the "piles" hash table */ -static unsigned long engine_pile_hash(const ENGINE_PILE *c) -{ - return c->nid; -} - -static int engine_pile_cmp(const ENGINE_PILE *a, const ENGINE_PILE *b) -{ - return a->nid - b->nid; -} - -static int int_table_check(ENGINE_TABLE **t, int create) -{ - LHASH_OF(ENGINE_PILE) *lh; - - if (*t) - return 1; - if (!create) - return 0; - if ((lh = lh_ENGINE_PILE_new(engine_pile_hash, engine_pile_cmp)) == NULL) - return 0; - *t = (ENGINE_TABLE *)lh; - return 1; -} - -/* - * Privately exposed (via eng_local.h) functions for adding and/or removing - * ENGINEs from the implementation table - */ -int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, - ENGINE *e, const int *nids, int num_nids, - int setdefault) -{ - int ret = 0, added = 0; - ENGINE_PILE tmplate, *fnd; - - if (!CRYPTO_THREAD_write_lock(global_engine_lock)) - return 0; - if (!(*table)) - added = 1; - if (!int_table_check(table, 1)) - goto end; - /* The cleanup callback needs to be added */ - if (added && !engine_cleanup_add_first(cleanup)) { - lh_ENGINE_PILE_free(&(*table)->piles); - *table = NULL; - goto end; - } - while (num_nids--) { - tmplate.nid = *nids; - fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate); - if (!fnd) { - fnd = OPENSSL_malloc(sizeof(*fnd)); - if (fnd == NULL) - goto end; - fnd->uptodate = 1; - fnd->nid = *nids; - fnd->sk = sk_ENGINE_new_null(); - if (!fnd->sk) { - OPENSSL_free(fnd); - goto end; - } - fnd->funct = NULL; - (void)lh_ENGINE_PILE_insert(&(*table)->piles, fnd); - if (lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate) != fnd) { - sk_ENGINE_free(fnd->sk); - OPENSSL_free(fnd); - goto end; - } - } - /* A registration shouldn't add duplicate entries */ - (void)sk_ENGINE_delete_ptr(fnd->sk, e); - /* - * if 'setdefault', this ENGINE goes to the head of the list - */ - if (!sk_ENGINE_push(fnd->sk, e)) - goto end; - /* "touch" this ENGINE_PILE */ - fnd->uptodate = 0; - if (setdefault) { - if (!engine_unlocked_init(e)) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INIT_FAILED); - goto end; - } - if (fnd->funct) - engine_unlocked_finish(fnd->funct, 0); - fnd->funct = e; - fnd->uptodate = 1; - } - nids++; - } - ret = 1; - end: - CRYPTO_THREAD_unlock(global_engine_lock); - return ret; -} - -static void int_unregister_cb(ENGINE_PILE *pile, ENGINE *e) -{ - int n; - /* Iterate the 'c->sk' stack removing any occurrence of 'e' */ - while ((n = sk_ENGINE_find(pile->sk, e)) >= 0) { - (void)sk_ENGINE_delete(pile->sk, n); - pile->uptodate = 0; - } - if (pile->funct == e) { - engine_unlocked_finish(e, 0); - pile->funct = NULL; - } -} - -IMPLEMENT_LHASH_DOALL_ARG(ENGINE_PILE, ENGINE); - -void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e) -{ - if (!CRYPTO_THREAD_write_lock(global_engine_lock)) - /* Can't return a value. :( */ - return; - if (int_table_check(table, 0)) - lh_ENGINE_PILE_doall_ENGINE(&(*table)->piles, int_unregister_cb, e); - CRYPTO_THREAD_unlock(global_engine_lock); -} - -static void int_cleanup_cb_doall(ENGINE_PILE *p) -{ - if (p == NULL) - return; - sk_ENGINE_free(p->sk); - if (p->funct) - engine_unlocked_finish(p->funct, 0); - OPENSSL_free(p); -} - -void engine_table_cleanup(ENGINE_TABLE **table) -{ - if (!CRYPTO_THREAD_write_lock(global_engine_lock)) - return; - if (*table) { - lh_ENGINE_PILE_doall(&(*table)->piles, int_cleanup_cb_doall); - lh_ENGINE_PILE_free(&(*table)->piles); - *table = NULL; - } - CRYPTO_THREAD_unlock(global_engine_lock); -} - -/* return a functional reference for a given 'nid' */ -ENGINE *ossl_engine_table_select(ENGINE_TABLE **table, int nid, - const char *f, int l) -{ - ENGINE *ret = NULL; - ENGINE_PILE tmplate, *fnd = NULL; - int initres, loop = 0; - -#ifndef OPENSSL_NO_AUTOLOAD_CONFIG - /* Load the config before trying to check if engines are available */ - OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); -#endif - - if (!(*table)) - return NULL; - - if (!CRYPTO_THREAD_write_lock(global_engine_lock)) - return NULL; - - ERR_set_mark(); - /* - * Check again inside the lock otherwise we could race against cleanup - * operations. But don't worry about a debug printout - */ - if (!int_table_check(table, 0)) - goto end; - tmplate.nid = nid; - fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate); - if (!fnd) - goto end; - if (fnd->funct && engine_unlocked_init(fnd->funct)) { - ret = fnd->funct; - goto end; - } - if (fnd->uptodate) { - ret = fnd->funct; - goto end; - } - trynext: - ret = sk_ENGINE_value(fnd->sk, loop++); - if (!ret) - goto end; - /* Try to initialise the ENGINE? */ - if ((ret->funct_ref > 0) || !(table_flags & ENGINE_TABLE_FLAG_NOINIT)) - initres = engine_unlocked_init(ret); - else - initres = 0; - if (initres) { - /* Update 'funct' */ - if ((fnd->funct != ret) && engine_unlocked_init(ret)) { - /* If there was a previous default we release it. */ - if (fnd->funct) - engine_unlocked_finish(fnd->funct, 0); - fnd->funct = ret; - } - goto end; - } - goto trynext; - end: - /* - * If it failed, it is unlikely to succeed again until some future - * registrations have taken place. In all cases, we cache. - */ - if (fnd) - fnd->uptodate = 1; - CRYPTO_THREAD_unlock(global_engine_lock); - /* - * Whatever happened, any failed init()s are not failures in this - * context, so clear our error state. - */ - ERR_pop_to_mark(); - return ret; -} - -/* Table enumeration */ - -static void int_dall(const ENGINE_PILE *pile, ENGINE_PILE_DOALL *dall) -{ - dall->cb(pile->nid, pile->sk, pile->funct, dall->arg); -} - -IMPLEMENT_LHASH_DOALL_ARG_CONST(ENGINE_PILE, ENGINE_PILE_DOALL); - -void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb, - void *arg) -{ - ENGINE_PILE_DOALL dall; - dall.cb = cb; - dall.arg = arg; - if (table) - lh_ENGINE_PILE_doall_ENGINE_PILE_DOALL(&table->piles, int_dall, &dall); -} diff --git a/crypto/engine/tb_asnmth.c b/crypto/engine/tb_asnmth.c deleted file mode 100644 index 827812d2c74..00000000000 --- a/crypto/engine/tb_asnmth.c +++ /dev/null @@ -1,220 +0,0 @@ -/* - * Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include "internal/e_os.h" -#include "eng_local.h" -#include -#include "crypto/asn1.h" - -/* - * If this symbol is defined then ENGINE_get_pkey_asn1_meth_engine(), the - * function that is used by EVP to hook in pkey_asn1_meth code and cache - * defaults (etc), will display brief debugging summaries to stderr with the - * 'nid'. - */ -/* #define ENGINE_PKEY_ASN1_METH_DEBUG */ - -static ENGINE_TABLE *pkey_asn1_meth_table = NULL; - -void ENGINE_unregister_pkey_asn1_meths(ENGINE *e) -{ - engine_table_unregister(&pkey_asn1_meth_table, e); -} - -static void engine_unregister_all_pkey_asn1_meths(void) -{ - engine_table_cleanup(&pkey_asn1_meth_table); -} - -int ENGINE_register_pkey_asn1_meths(ENGINE *e) -{ - if (e->pkey_asn1_meths) { - const int *nids; - int num_nids = e->pkey_asn1_meths(e, NULL, &nids, 0); - if (num_nids > 0) - return engine_table_register(&pkey_asn1_meth_table, - engine_unregister_all_pkey_asn1_meths, - e, nids, num_nids, 0); - } - return 1; -} - -void ENGINE_register_all_pkey_asn1_meths(void) -{ - ENGINE *e; - - for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) - ENGINE_register_pkey_asn1_meths(e); -} - -int ENGINE_set_default_pkey_asn1_meths(ENGINE *e) -{ - if (e->pkey_asn1_meths) { - const int *nids; - int num_nids = e->pkey_asn1_meths(e, NULL, &nids, 0); - if (num_nids > 0) - return engine_table_register(&pkey_asn1_meth_table, - engine_unregister_all_pkey_asn1_meths, - e, nids, num_nids, 1); - } - return 1; -} - -/* - * Exposed API function to get a functional reference from the implementation - * table (ie. try to get a functional reference from the tabled structural - * references) for a given pkey_asn1_meth 'nid' - */ -ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid) -{ - return ossl_engine_table_select(&pkey_asn1_meth_table, nid, - OPENSSL_FILE, OPENSSL_LINE); -} - -/* - * Obtains a pkey_asn1_meth implementation from an ENGINE functional - * reference - */ -const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid) -{ - EVP_PKEY_ASN1_METHOD *ret; - ENGINE_PKEY_ASN1_METHS_PTR fn = ENGINE_get_pkey_asn1_meths(e); - if (!fn || !fn(e, &ret, NULL, nid)) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD); - return NULL; - } - return ret; -} - -/* Gets the pkey_asn1_meth callback from an ENGINE structure */ -ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e) -{ - return e->pkey_asn1_meths; -} - -/* Sets the pkey_asn1_meth callback in an ENGINE structure */ -int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f) -{ - e->pkey_asn1_meths = f; - return 1; -} - -/* - * Internal function to free up EVP_PKEY_ASN1_METHOD structures before an - * ENGINE is destroyed - */ - -void engine_pkey_asn1_meths_free(ENGINE *e) -{ - int i; - EVP_PKEY_ASN1_METHOD *pkm; - if (e->pkey_asn1_meths) { - const int *pknids; - int npknids; - npknids = e->pkey_asn1_meths(e, NULL, &pknids, 0); - for (i = 0; i < npknids; i++) { - if (e->pkey_asn1_meths(e, &pkm, NULL, pknids[i])) { - EVP_PKEY_asn1_free(pkm); - } - } - } -} - -/* - * Find a method based on a string. This does a linear search through all - * implemented algorithms. This is OK in practice because only a small number - * of algorithms are likely to be implemented in an engine and it is not used - * for speed critical operations. - */ - -const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e, - const char *str, - int len) -{ - int i, nidcount; - const int *nids; - EVP_PKEY_ASN1_METHOD *ameth; - if (!e->pkey_asn1_meths) - return NULL; - if (len == -1) - len = (int)strlen(str); - nidcount = e->pkey_asn1_meths(e, NULL, &nids, 0); - for (i = 0; i < nidcount; i++) { - e->pkey_asn1_meths(e, &ameth, NULL, nids[i]); - if (ameth != NULL - && ((int)strlen(ameth->pem_str) == len) - && OPENSSL_strncasecmp(ameth->pem_str, str, len) == 0) - return ameth; - } - return NULL; -} - -typedef struct { - ENGINE *e; - const EVP_PKEY_ASN1_METHOD *ameth; - const char *str; - int len; -} ENGINE_FIND_STR; - -static void look_str_cb(int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg) -{ - ENGINE_FIND_STR *lk = arg; - int i; - if (lk->ameth) - return; - for (i = 0; i < sk_ENGINE_num(sk); i++) { - ENGINE *e = sk_ENGINE_value(sk, i); - EVP_PKEY_ASN1_METHOD *ameth; - e->pkey_asn1_meths(e, &ameth, NULL, nid); - if (ameth != NULL - && ((int)strlen(ameth->pem_str) == lk->len) - && OPENSSL_strncasecmp(ameth->pem_str, lk->str, lk->len) == 0) { - lk->e = e; - lk->ameth = ameth; - return; - } - } -} - -const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe, - const char *str, - int len) -{ - ENGINE_FIND_STR fstr; - fstr.e = NULL; - fstr.ameth = NULL; - fstr.str = str; - fstr.len = len; - - if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) { - /* Maybe this should be raised in do_engine_lock_init() */ - ERR_raise(ERR_LIB_ENGINE, ERR_R_CRYPTO_LIB); - return NULL; - } - - if (!CRYPTO_THREAD_read_lock(global_engine_lock)) - return NULL; - engine_table_doall(pkey_asn1_meth_table, look_str_cb, &fstr); - /* If found obtain a structural reference to engine */ - if (fstr.e != NULL) { - int ref; - - if (!CRYPTO_UP_REF(&fstr.e->struct_ref, &ref)) { - CRYPTO_THREAD_unlock(global_engine_lock); - ERR_raise(ERR_LIB_ENGINE, ERR_R_CRYPTO_LIB); - return NULL; - } - } - *pe = fstr.e; - CRYPTO_THREAD_unlock(global_engine_lock); - return fstr.ameth; -} diff --git a/crypto/engine/tb_cipher.c b/crypto/engine/tb_cipher.c deleted file mode 100644 index 037f5687524..00000000000 --- a/crypto/engine/tb_cipher.c +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include "eng_local.h" - -static ENGINE_TABLE *cipher_table = NULL; - -void ENGINE_unregister_ciphers(ENGINE *e) -{ - engine_table_unregister(&cipher_table, e); -} - -static void engine_unregister_all_ciphers(void) -{ - engine_table_cleanup(&cipher_table); -} - -int ENGINE_register_ciphers(ENGINE *e) -{ - if (e->ciphers) { - const int *nids; - int num_nids = e->ciphers(e, NULL, &nids, 0); - if (num_nids > 0) - return engine_table_register(&cipher_table, - engine_unregister_all_ciphers, e, - nids, num_nids, 0); - } - return 1; -} - -void ENGINE_register_all_ciphers(void) -{ - ENGINE *e; - - for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) - ENGINE_register_ciphers(e); -} - -int ENGINE_set_default_ciphers(ENGINE *e) -{ - if (e->ciphers) { - const int *nids; - int num_nids = e->ciphers(e, NULL, &nids, 0); - if (num_nids > 0) - return engine_table_register(&cipher_table, - engine_unregister_all_ciphers, e, - nids, num_nids, 1); - } - return 1; -} - -/* - * Exposed API function to get a functional reference from the implementation - * table (ie. try to get a functional reference from the tabled structural - * references) for a given cipher 'nid' - */ -ENGINE *ENGINE_get_cipher_engine(int nid) -{ - return ossl_engine_table_select(&cipher_table, nid, - OPENSSL_FILE, OPENSSL_LINE); -} - -/* Obtains a cipher implementation from an ENGINE functional reference */ -const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid) -{ - const EVP_CIPHER *ret; - ENGINE_CIPHERS_PTR fn = ENGINE_get_ciphers(e); - if (!fn || !fn(e, &ret, NULL, nid)) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_UNIMPLEMENTED_CIPHER); - return NULL; - } - return ret; -} - -/* Gets the cipher callback from an ENGINE structure */ -ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e) -{ - return e->ciphers; -} - -/* Sets the cipher callback in an ENGINE structure */ -int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f) -{ - e->ciphers = f; - return 1; -} diff --git a/crypto/engine/tb_dh.c b/crypto/engine/tb_dh.c deleted file mode 100644 index e1fa45685b1..00000000000 --- a/crypto/engine/tb_dh.c +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include "eng_local.h" - -static ENGINE_TABLE *dh_table = NULL; -static const int dummy_nid = 1; - -void ENGINE_unregister_DH(ENGINE *e) -{ - engine_table_unregister(&dh_table, e); -} - -static void engine_unregister_all_DH(void) -{ - engine_table_cleanup(&dh_table); -} - -int ENGINE_register_DH(ENGINE *e) -{ - if (e->dh_meth) - return engine_table_register(&dh_table, - engine_unregister_all_DH, e, &dummy_nid, - 1, 0); - return 1; -} - -void ENGINE_register_all_DH(void) -{ - ENGINE *e; - - for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) - ENGINE_register_DH(e); -} - -int ENGINE_set_default_DH(ENGINE *e) -{ - if (e->dh_meth) - return engine_table_register(&dh_table, - engine_unregister_all_DH, e, &dummy_nid, - 1, 1); - return 1; -} - -/* - * Exposed API function to get a functional reference from the implementation - * table (ie. try to get a functional reference from the tabled structural - * references). - */ -ENGINE *ENGINE_get_default_DH(void) -{ - return ossl_engine_table_select(&dh_table, dummy_nid, - OPENSSL_FILE, OPENSSL_LINE); -} - -/* Obtains an DH implementation from an ENGINE functional reference */ -const DH_METHOD *ENGINE_get_DH(const ENGINE *e) -{ - return e->dh_meth; -} - -/* Sets an DH implementation in an ENGINE structure */ -int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth) -{ - e->dh_meth = dh_meth; - return 1; -} diff --git a/crypto/engine/tb_digest.c b/crypto/engine/tb_digest.c deleted file mode 100644 index dcc70eca458..00000000000 --- a/crypto/engine/tb_digest.c +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include "eng_local.h" - -static ENGINE_TABLE *digest_table = NULL; - -void ENGINE_unregister_digests(ENGINE *e) -{ - engine_table_unregister(&digest_table, e); -} - -static void engine_unregister_all_digests(void) -{ - engine_table_cleanup(&digest_table); -} - -int ENGINE_register_digests(ENGINE *e) -{ - if (e->digests) { - const int *nids; - int num_nids = e->digests(e, NULL, &nids, 0); - if (num_nids > 0) - return engine_table_register(&digest_table, - engine_unregister_all_digests, e, - nids, num_nids, 0); - } - return 1; -} - -void ENGINE_register_all_digests(void) -{ - ENGINE *e; - - for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) - ENGINE_register_digests(e); -} - -int ENGINE_set_default_digests(ENGINE *e) -{ - if (e->digests) { - const int *nids; - int num_nids = e->digests(e, NULL, &nids, 0); - if (num_nids > 0) - return engine_table_register(&digest_table, - engine_unregister_all_digests, e, - nids, num_nids, 1); - } - return 1; -} - -/* - * Exposed API function to get a functional reference from the implementation - * table (ie. try to get a functional reference from the tabled structural - * references) for a given digest 'nid' - */ -ENGINE *ENGINE_get_digest_engine(int nid) -{ - return ossl_engine_table_select(&digest_table, nid, - OPENSSL_FILE, OPENSSL_LINE); -} - -/* Obtains a digest implementation from an ENGINE functional reference */ -const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid) -{ - const EVP_MD *ret; - ENGINE_DIGESTS_PTR fn = ENGINE_get_digests(e); - if (!fn || !fn(e, &ret, NULL, nid)) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_UNIMPLEMENTED_DIGEST); - return NULL; - } - return ret; -} - -/* Gets the digest callback from an ENGINE structure */ -ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e) -{ - return e->digests; -} - -/* Sets the digest callback in an ENGINE structure */ -int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f) -{ - e->digests = f; - return 1; -} diff --git a/crypto/engine/tb_dsa.c b/crypto/engine/tb_dsa.c deleted file mode 100644 index 6de314b7fcb..00000000000 --- a/crypto/engine/tb_dsa.c +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include "eng_local.h" - -static ENGINE_TABLE *dsa_table = NULL; -static const int dummy_nid = 1; - -void ENGINE_unregister_DSA(ENGINE *e) -{ - engine_table_unregister(&dsa_table, e); -} - -static void engine_unregister_all_DSA(void) -{ - engine_table_cleanup(&dsa_table); -} - -int ENGINE_register_DSA(ENGINE *e) -{ - if (e->dsa_meth) - return engine_table_register(&dsa_table, - engine_unregister_all_DSA, e, &dummy_nid, - 1, 0); - return 1; -} - -void ENGINE_register_all_DSA(void) -{ - ENGINE *e; - - for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) - ENGINE_register_DSA(e); -} - -int ENGINE_set_default_DSA(ENGINE *e) -{ - if (e->dsa_meth) - return engine_table_register(&dsa_table, - engine_unregister_all_DSA, e, &dummy_nid, - 1, 1); - return 1; -} - -/* - * Exposed API function to get a functional reference from the implementation - * table (ie. try to get a functional reference from the tabled structural - * references). - */ -ENGINE *ENGINE_get_default_DSA(void) -{ - return ossl_engine_table_select(&dsa_table, dummy_nid, - OPENSSL_FILE, OPENSSL_LINE); -} - -/* Obtains an DSA implementation from an ENGINE functional reference */ -const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e) -{ - return e->dsa_meth; -} - -/* Sets an DSA implementation in an ENGINE structure */ -int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth) -{ - e->dsa_meth = dsa_meth; - return 1; -} diff --git a/crypto/engine/tb_eckey.c b/crypto/engine/tb_eckey.c deleted file mode 100644 index 0394a5bc220..00000000000 --- a/crypto/engine/tb_eckey.c +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include "eng_local.h" - -static ENGINE_TABLE *dh_table = NULL; -static const int dummy_nid = 1; - -void ENGINE_unregister_EC(ENGINE *e) -{ - engine_table_unregister(&dh_table, e); -} - -static void engine_unregister_all_EC(void) -{ - engine_table_cleanup(&dh_table); -} - -int ENGINE_register_EC(ENGINE *e) -{ - if (e->ec_meth != NULL) - return engine_table_register(&dh_table, - engine_unregister_all_EC, e, &dummy_nid, - 1, 0); - return 1; -} - -void ENGINE_register_all_EC(void) -{ - ENGINE *e; - - for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) - ENGINE_register_EC(e); -} - -int ENGINE_set_default_EC(ENGINE *e) -{ - if (e->ec_meth != NULL) - return engine_table_register(&dh_table, - engine_unregister_all_EC, e, &dummy_nid, - 1, 1); - return 1; -} - -/* - * Exposed API function to get a functional reference from the implementation - * table (ie. try to get a functional reference from the tabled structural - * references). - */ -ENGINE *ENGINE_get_default_EC(void) -{ - return ossl_engine_table_select(&dh_table, dummy_nid, - OPENSSL_FILE, OPENSSL_LINE); -} - -/* Obtains an EC_KEY implementation from an ENGINE functional reference */ -const EC_KEY_METHOD *ENGINE_get_EC(const ENGINE *e) -{ - return e->ec_meth; -} - -/* Sets an EC_KEY implementation in an ENGINE structure */ -int ENGINE_set_EC(ENGINE *e, const EC_KEY_METHOD *ec_meth) -{ - e->ec_meth = ec_meth; - return 1; -} diff --git a/crypto/engine/tb_pkmeth.c b/crypto/engine/tb_pkmeth.c deleted file mode 100644 index 5c3da1136d2..00000000000 --- a/crypto/engine/tb_pkmeth.c +++ /dev/null @@ -1,117 +0,0 @@ -/* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some deprecated APIs */ -#include "internal/deprecated.h" - -#include "eng_local.h" -#include - -static ENGINE_TABLE *pkey_meth_table = NULL; - -void ENGINE_unregister_pkey_meths(ENGINE *e) -{ - engine_table_unregister(&pkey_meth_table, e); -} - -static void engine_unregister_all_pkey_meths(void) -{ - engine_table_cleanup(&pkey_meth_table); -} - -int ENGINE_register_pkey_meths(ENGINE *e) -{ - if (e->pkey_meths) { - const int *nids; - int num_nids = e->pkey_meths(e, NULL, &nids, 0); - if (num_nids > 0) - return engine_table_register(&pkey_meth_table, - engine_unregister_all_pkey_meths, e, - nids, num_nids, 0); - } - return 1; -} - -void ENGINE_register_all_pkey_meths(void) -{ - ENGINE *e; - - for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) - ENGINE_register_pkey_meths(e); -} - -int ENGINE_set_default_pkey_meths(ENGINE *e) -{ - if (e->pkey_meths) { - const int *nids; - int num_nids = e->pkey_meths(e, NULL, &nids, 0); - if (num_nids > 0) - return engine_table_register(&pkey_meth_table, - engine_unregister_all_pkey_meths, e, - nids, num_nids, 1); - } - return 1; -} - -/* - * Exposed API function to get a functional reference from the implementation - * table (ie. try to get a functional reference from the tabled structural - * references) for a given pkey_meth 'nid' - */ -ENGINE *ENGINE_get_pkey_meth_engine(int nid) -{ - return ossl_engine_table_select(&pkey_meth_table, nid, - OPENSSL_FILE, OPENSSL_LINE); -} - -/* Obtains a pkey_meth implementation from an ENGINE functional reference */ -const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid) -{ - EVP_PKEY_METHOD *ret; - ENGINE_PKEY_METHS_PTR fn = ENGINE_get_pkey_meths(e); - if (!fn || !fn(e, &ret, NULL, nid)) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD); - return NULL; - } - return ret; -} - -/* Gets the pkey_meth callback from an ENGINE structure */ -ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e) -{ - return e->pkey_meths; -} - -/* Sets the pkey_meth callback in an ENGINE structure */ -int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f) -{ - e->pkey_meths = f; - return 1; -} - -/* - * Internal function to free up EVP_PKEY_METHOD structures before an ENGINE - * is destroyed - */ - -void engine_pkey_meths_free(ENGINE *e) -{ - int i; - EVP_PKEY_METHOD *pkm; - if (e->pkey_meths) { - const int *pknids; - int npknids; - npknids = e->pkey_meths(e, NULL, &pknids, 0); - for (i = 0; i < npknids; i++) { - if (e->pkey_meths(e, &pkm, NULL, pknids[i])) { - EVP_PKEY_meth_free(pkm); - } - } - } -} diff --git a/crypto/engine/tb_rand.c b/crypto/engine/tb_rand.c deleted file mode 100644 index 991a4914eaf..00000000000 --- a/crypto/engine/tb_rand.c +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include "eng_local.h" - -static ENGINE_TABLE *rand_table = NULL; -static const int dummy_nid = 1; - -void ENGINE_unregister_RAND(ENGINE *e) -{ - engine_table_unregister(&rand_table, e); -} - -static void engine_unregister_all_RAND(void) -{ - engine_table_cleanup(&rand_table); -} - -int ENGINE_register_RAND(ENGINE *e) -{ - if (e->rand_meth) - return engine_table_register(&rand_table, - engine_unregister_all_RAND, e, - &dummy_nid, 1, 0); - return 1; -} - -void ENGINE_register_all_RAND(void) -{ - ENGINE *e; - - for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) - ENGINE_register_RAND(e); -} - -int ENGINE_set_default_RAND(ENGINE *e) -{ - if (e->rand_meth) - return engine_table_register(&rand_table, - engine_unregister_all_RAND, e, - &dummy_nid, 1, 1); - return 1; -} - -/* - * Exposed API function to get a functional reference from the implementation - * table (ie. try to get a functional reference from the tabled structural - * references). - */ -ENGINE *ENGINE_get_default_RAND(void) -{ - return ossl_engine_table_select(&rand_table, dummy_nid, - OPENSSL_FILE, OPENSSL_LINE); -} - -/* Obtains an RAND implementation from an ENGINE functional reference */ -const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e) -{ - return e->rand_meth; -} - -/* Sets an RAND implementation in an ENGINE structure */ -int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth) -{ - e->rand_meth = rand_meth; - return 1; -} diff --git a/crypto/engine/tb_rsa.c b/crypto/engine/tb_rsa.c deleted file mode 100644 index b68b8f0ca74..00000000000 --- a/crypto/engine/tb_rsa.c +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include "eng_local.h" - -static ENGINE_TABLE *rsa_table = NULL; -static const int dummy_nid = 1; - -void ENGINE_unregister_RSA(ENGINE *e) -{ - engine_table_unregister(&rsa_table, e); -} - -static void engine_unregister_all_RSA(void) -{ - engine_table_cleanup(&rsa_table); -} - -int ENGINE_register_RSA(ENGINE *e) -{ - if (e->rsa_meth) - return engine_table_register(&rsa_table, - engine_unregister_all_RSA, e, &dummy_nid, - 1, 0); - return 1; -} - -void ENGINE_register_all_RSA(void) -{ - ENGINE *e; - - for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) - ENGINE_register_RSA(e); -} - -int ENGINE_set_default_RSA(ENGINE *e) -{ - if (e->rsa_meth) - return engine_table_register(&rsa_table, - engine_unregister_all_RSA, e, &dummy_nid, - 1, 1); - return 1; -} - -/* - * Exposed API function to get a functional reference from the implementation - * table (ie. try to get a functional reference from the tabled structural - * references). - */ -ENGINE *ENGINE_get_default_RSA(void) -{ - return ossl_engine_table_select(&rsa_table, dummy_nid, - OPENSSL_FILE, OPENSSL_LINE); -} - -/* Obtains an RSA implementation from an ENGINE functional reference */ -const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e) -{ - return e->rsa_meth; -} - -/* Sets an RSA implementation in an ENGINE structure */ -int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth) -{ - e->rsa_meth = rsa_meth; - return 1; -} diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec index 22f87d4c139..a3fce495489 100644 --- a/crypto/err/openssl.ec +++ b/crypto/err/openssl.ec @@ -24,7 +24,6 @@ L X509V3 include/openssl/x509v3err.h crypto/x509/v3err.c L PKCS12 include/openssl/pkcs12err.h crypto/pkcs12/pk12err.c include/crypto/pkcs12err.h L RAND include/openssl/randerr.h crypto/rand/rand_err.c include/crypto/randerr.h L DSO NONE crypto/dso/dso_err.c include/internal/dsoerr.h -L ENGINE include/openssl/engineerr.h crypto/engine/eng_err.c include/crypto/engineerr.h L OCSP include/openssl/ocsperr.h crypto/ocsp/ocsp_err.c include/crypto/ocsperr.h L UI include/openssl/uierr.h crypto/ui/ui_err.c include/crypto/uierr.h L COMP include/openssl/comperr.h crypto/comp/comp_err.c include/crypto/comperr.h diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 6c7d4f40fa6..568b6bd5aa4 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -676,41 +676,6 @@ EC_R_UNKNOWN_ORDER:114:unknown order EC_R_UNSUPPORTED_FIELD:131:unsupported field EC_R_WRONG_CURVE_PARAMETERS:145:wrong curve parameters EC_R_WRONG_ORDER:130:wrong order -ENGINE_R_ALREADY_LOADED:100:already loaded -ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER:133:argument is not a number -ENGINE_R_CMD_NOT_EXECUTABLE:134:cmd not executable -ENGINE_R_COMMAND_TAKES_INPUT:135:command takes input -ENGINE_R_COMMAND_TAKES_NO_INPUT:136:command takes no input -ENGINE_R_CONFLICTING_ENGINE_ID:103:conflicting engine id -ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED:119:ctrl command not implemented -ENGINE_R_DSO_FAILURE:104:DSO failure -ENGINE_R_DSO_NOT_FOUND:132:dso not found -ENGINE_R_ENGINES_SECTION_ERROR:148:engines section error -ENGINE_R_ENGINE_CONFIGURATION_ERROR:102:engine configuration error -ENGINE_R_ENGINE_IS_NOT_IN_LIST:105:engine is not in the list -ENGINE_R_ENGINE_SECTION_ERROR:149:engine section error -ENGINE_R_FAILED_LOADING_PRIVATE_KEY:128:failed loading private key -ENGINE_R_FAILED_LOADING_PUBLIC_KEY:129:failed loading public key -ENGINE_R_FINISH_FAILED:106:finish failed -ENGINE_R_ID_OR_NAME_MISSING:108:'id' or 'name' missing -ENGINE_R_INIT_FAILED:109:init failed -ENGINE_R_INTERNAL_LIST_ERROR:110:internal list error -ENGINE_R_INVALID_ARGUMENT:143:invalid argument -ENGINE_R_INVALID_CMD_NAME:137:invalid cmd name -ENGINE_R_INVALID_CMD_NUMBER:138:invalid cmd number -ENGINE_R_INVALID_INIT_VALUE:151:invalid init value -ENGINE_R_INVALID_STRING:150:invalid string -ENGINE_R_NOT_INITIALISED:117:not initialised -ENGINE_R_NOT_LOADED:112:not loaded -ENGINE_R_NO_CONTROL_FUNCTION:120:no control function -ENGINE_R_NO_INDEX:144:no index -ENGINE_R_NO_LOAD_FUNCTION:125:no load function -ENGINE_R_NO_REFERENCE:130:no reference -ENGINE_R_NO_SUCH_ENGINE:116:no such engine -ENGINE_R_UNIMPLEMENTED_CIPHER:146:unimplemented cipher -ENGINE_R_UNIMPLEMENTED_DIGEST:147:unimplemented digest -ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD:101:unimplemented public key method -ENGINE_R_VERSION_INCOMPATIBILITY:145:version incompatibility ESS_R_EMPTY_ESS_CERT_ID_LIST:107:empty ess cert id list ESS_R_ESS_CERT_DIGEST_ERROR:103:ess cert digest error ESS_R_ESS_CERT_ID_NOT_FOUND:104:ess cert id not found diff --git a/include/openssl/cryptoerr_legacy.h b/include/openssl/cryptoerr_legacy.h index aabef8bcf21..585e464adb1 100644 --- a/include/openssl/cryptoerr_legacy.h +++ b/include/openssl/cryptoerr_legacy.h @@ -748,6 +748,47 @@ OSSL_DEPRECATEDIN_3_0 int ERR_load_X509V3_strings(void); # define EC_F_VALIDATE_ECX_DERIVE 0 # endif +# if !defined(OPENSSL_NO_ENGINE) || defined(OPENSSL_ENGINE_STUBS) +/* + * ENGINE reason codes. + */ +# define ENGINE_R_ALREADY_LOADED 0 +# define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER 0 +# define ENGINE_R_CMD_NOT_EXECUTABLE 0 +# define ENGINE_R_COMMAND_TAKES_INPUT 0 +# define ENGINE_R_COMMAND_TAKES_NO_INPUT 0 +# define ENGINE_R_CONFLICTING_ENGINE_ID 0 +# define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 0 +# define ENGINE_R_DSO_FAILURE 0 +# define ENGINE_R_DSO_NOT_FOUND 0 +# define ENGINE_R_ENGINES_SECTION_ERROR 0 +# define ENGINE_R_ENGINE_CONFIGURATION_ERROR 0 +# define ENGINE_R_ENGINE_IS_NOT_IN_LIST 0 +# define ENGINE_R_ENGINE_SECTION_ERROR 0 +# define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 0 +# define ENGINE_R_FAILED_LOADING_PUBLIC_KEY 0 +# define ENGINE_R_FINISH_FAILED 0 +# define ENGINE_R_ID_OR_NAME_MISSING 0 +# define ENGINE_R_INIT_FAILED 0 +# define ENGINE_R_INTERNAL_LIST_ERROR 0 +# define ENGINE_R_INVALID_ARGUMENT 0 +# define ENGINE_R_INVALID_CMD_NAME 0 +# define ENGINE_R_INVALID_CMD_NUMBER 0 +# define ENGINE_R_INVALID_INIT_VALUE 0 +# define ENGINE_R_INVALID_STRING 0 +# define ENGINE_R_NOT_INITIALISED 0 +# define ENGINE_R_NOT_LOADED 0 +# define ENGINE_R_NO_CONTROL_FUNCTION 0 +# define ENGINE_R_NO_INDEX 0 +# define ENGINE_R_NO_LOAD_FUNCTION 0 +# define ENGINE_R_NO_REFERENCE 0 +# define ENGINE_R_NO_SUCH_ENGINE 0 +# define ENGINE_R_UNIMPLEMENTED_CIPHER 0 +# define ENGINE_R_UNIMPLEMENTED_DIGEST 0 +# define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD 0 +# define ENGINE_R_VERSION_INCOMPATIBILITY 0 +# endif + /* * EVP function codes. */ diff --git a/include/openssl/engineerr.h b/include/openssl/engineerr.h index d439b6827e6..d30b1e768a1 100644 --- a/include/openssl/engineerr.h +++ b/include/openssl/engineerr.h @@ -16,48 +16,4 @@ # include # include - -# ifndef OPENSSL_NO_ENGINE - - -/* - * ENGINE reason codes. - */ -# define ENGINE_R_ALREADY_LOADED 100 -# define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER 133 -# define ENGINE_R_CMD_NOT_EXECUTABLE 134 -# define ENGINE_R_COMMAND_TAKES_INPUT 135 -# define ENGINE_R_COMMAND_TAKES_NO_INPUT 136 -# define ENGINE_R_CONFLICTING_ENGINE_ID 103 -# define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119 -# define ENGINE_R_DSO_FAILURE 104 -# define ENGINE_R_DSO_NOT_FOUND 132 -# define ENGINE_R_ENGINES_SECTION_ERROR 148 -# define ENGINE_R_ENGINE_CONFIGURATION_ERROR 102 -# define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105 -# define ENGINE_R_ENGINE_SECTION_ERROR 149 -# define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128 -# define ENGINE_R_FAILED_LOADING_PUBLIC_KEY 129 -# define ENGINE_R_FINISH_FAILED 106 -# define ENGINE_R_ID_OR_NAME_MISSING 108 -# define ENGINE_R_INIT_FAILED 109 -# define ENGINE_R_INTERNAL_LIST_ERROR 110 -# define ENGINE_R_INVALID_ARGUMENT 143 -# define ENGINE_R_INVALID_CMD_NAME 137 -# define ENGINE_R_INVALID_CMD_NUMBER 138 -# define ENGINE_R_INVALID_INIT_VALUE 151 -# define ENGINE_R_INVALID_STRING 150 -# define ENGINE_R_NOT_INITIALISED 117 -# define ENGINE_R_NOT_LOADED 112 -# define ENGINE_R_NO_CONTROL_FUNCTION 120 -# define ENGINE_R_NO_INDEX 144 -# define ENGINE_R_NO_LOAD_FUNCTION 125 -# define ENGINE_R_NO_REFERENCE 130 -# define ENGINE_R_NO_SUCH_ENGINE 116 -# define ENGINE_R_UNIMPLEMENTED_CIPHER 146 -# define ENGINE_R_UNIMPLEMENTED_DIGEST 147 -# define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD 101 -# define ENGINE_R_VERSION_INCOMPATIBILITY 145 - -# endif #endif