if (i < 0 || str == NULL)
return 0;
- if (EVP_MD_get0_provider(md) == NULL) {
-#if !defined(OPENSSL_NO_ENGINE)
- ENGINE *tmpeng = ENGINE_get_digest_engine(EVP_MD_get_type(md));
-
- if (tmpeng != NULL)
- ENGINE_finish(tmpeng);
- else
-#endif
- fetched_md = EVP_MD_fetch(libctx, EVP_MD_get0_name(md), propq);
- }
+ if (EVP_MD_get0_provider(md) == NULL)
+ fetched_md = EVP_MD_fetch(libctx, EVP_MD_get0_name(md), propq);
if (fetched_md == NULL)
goto err;
type = t->pkey_base_id;
}
if (pe) {
-#ifndef OPENSSL_NO_ENGINE
- ENGINE *e;
- /* type will contain the final unaliased type */
- e = ENGINE_get_pkey_asn1_meth_engine(type);
- if (e) {
- *pe = e;
- return ENGINE_get_pkey_asn1_meth(e, type);
- }
-#endif
*pe = NULL;
}
return t;
if (len == -1)
len = (int)strlen(str);
if (pe) {
-#ifndef OPENSSL_NO_ENGINE
- ENGINE *e;
- ameth = ENGINE_pkey_asn1_find_str(&e, str, len);
- if (ameth) {
- /*
- * Convert structural into functional reference
- */
- if (!ENGINE_init(e))
- ameth = NULL;
- ENGINE_free(e);
- *pe = e;
- return ameth;
- }
-#endif
*pe = NULL;
}
for (i = EVP_PKEY_asn1_get_count(); i-- > 0; ) {
}
} else {
ret = *a;
-#ifndef OPENSSL_NO_ENGINE
- ENGINE_finish(ret->engine);
- ret->engine = NULL;
-#endif
}
if (!EVP_PKEY_set_type(ret, keytype)) {
/* Add builtin modules here */
ASN1_add_oid_module();
ASN1_add_stable_module();
-#ifndef OPENSSL_NO_ENGINE
- ENGINE_add_conf_module();
-#endif
EVP_add_alg_module();
ossl_config_add_ssl_module();
ossl_provider_add_conf_module();
DEFINE_RUN_ONCE_STATIC(do_load_builtin_modules)
{
OPENSSL_load_builtin_modules();
-#ifndef OPENSSL_NO_ENGINE
- /* Need to load ENGINEs */
- ENGINE_load_builtin_engines();
-#endif
return 1;
}
mtmp = dh->meth;
if (mtmp->finish)
mtmp->finish(dh);
-#ifndef OPENSSL_NO_ENGINE
- ENGINE_finish(dh->engine);
- dh->engine = NULL;
-#endif
dh->meth = meth;
if (meth->init)
meth->init(dh);
ret->libctx = libctx;
ret->meth = DH_get_default_method();
-#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
- ret->flags = ret->meth->flags; /* early default init */
- if (engine) {
- if (!ENGINE_init(engine)) {
- ERR_raise(ERR_LIB_DH, ERR_R_ENGINE_LIB);
- goto err;
- }
- ret->engine = engine;
- } else
- ret->engine = ENGINE_get_default_DH();
- if (ret->engine) {
- ret->meth = ENGINE_get_DH(ret->engine);
- if (ret->meth == NULL) {
- ERR_raise(ERR_LIB_DH, ERR_R_ENGINE_LIB);
- goto err;
- }
- }
-#endif
-
ret->flags = ret->meth->flags;
#ifndef FIPS_MODULE
if (r->meth != NULL && r->meth->finish != NULL)
r->meth->finish(r);
#if !defined(FIPS_MODULE)
-# if !defined(OPENSSL_NO_ENGINE)
- ENGINE_finish(r->engine);
-# endif
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data);
#endif
mtmp = dsa->meth;
if (mtmp->finish)
mtmp->finish(dsa);
-#ifndef OPENSSL_NO_ENGINE
- ENGINE_finish(dsa->engine);
- dsa->engine = NULL;
-#endif
dsa->meth = meth;
if (meth->init)
meth->init(dsa);
ret->libctx = libctx;
ret->meth = DSA_get_default_method();
-#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
- ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; /* early default init */
- if (engine) {
- if (!ENGINE_init(engine)) {
- ERR_raise(ERR_LIB_DSA, ERR_R_ENGINE_LIB);
- goto err;
- }
- ret->engine = engine;
- } else
- ret->engine = ENGINE_get_default_DSA();
- if (ret->engine) {
- ret->meth = ENGINE_get_DSA(ret->engine);
- if (ret->meth == NULL) {
- ERR_raise(ERR_LIB_DSA, ERR_R_ENGINE_LIB);
- goto err;
- }
- }
-#endif
ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
if (r->meth != NULL && r->meth->finish != NULL)
r->meth->finish(r);
-#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
- ENGINE_finish(r->engine);
-#endif
#ifndef FIPS_MODULE
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
if (r->meth != NULL && r->meth->finish != NULL)
r->meth->finish(r);
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
- ENGINE_finish(r->engine);
-#endif
-
if (r->group && r->group->meth->keyfinish)
r->group->meth->keyfinish(r);
dest->meth->finish(dest);
if (dest->group && dest->group->meth->keyfinish)
dest->group->meth->keyfinish(dest);
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
- if (ENGINE_finish(dest->engine) == 0)
- return 0;
- dest->engine = NULL;
-#endif
}
dest->libctx = src->libctx;
/* copy the parameters */
#endif
if (src->meth != dest->meth) {
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
- if (src->engine != NULL && ENGINE_init(src->engine) == 0)
- return NULL;
- dest->engine = src->engine;
-#endif
dest->meth = src->meth;
}
if (finish != NULL)
finish(key);
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
- ENGINE_finish(key->engine);
- key->engine = NULL;
-#endif
-
key->meth = meth;
if (meth->init != NULL)
return meth->init(key);
}
ret->meth = EC_KEY_get_default_method();
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
- if (engine != NULL) {
- if (!ENGINE_init(engine)) {
- ERR_raise(ERR_LIB_EC, ERR_R_ENGINE_LIB);
- goto err;
- }
- ret->engine = engine;
- } else
- ret->engine = ENGINE_get_default_EC();
- if (ret->engine != NULL) {
- ret->meth = ENGINE_get_EC(ret->engine);
- if (ret->meth == NULL) {
- ERR_raise(ERR_LIB_EC, ERR_R_ENGINE_LIB);
- goto err;
- }
- }
-#endif
-
ret->version = 1;
ret->conv_form = POINT_CONVERSION_UNCOMPRESSED;
if (force)
ctx->digest = NULL;
-#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
- ENGINE_finish(ctx->engine);
- ctx->engine = NULL;
-#endif
-
/* Non legacy code, this has to be later than the ctx->digest cleaning */
if (!keep_fetched) {
EVP_MD_free(ctx->fetched_digest);
}
static int evp_md_init_internal(EVP_MD_CTX *ctx, const EVP_MD *type,
- const OSSL_PARAM params[], ENGINE *impl)
+ const OSSL_PARAM params[])
{
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
- ENGINE *tmpimpl = NULL;
-#endif
-
#if !defined(FIPS_MODULE)
if (ctx->pctx != NULL
&& EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx)
* operation. So in that case we redirect to EVP_DigestSignInit()
*/
if (ctx->pctx->operation == EVP_PKEY_OP_SIGNCTX)
- return EVP_DigestSignInit(ctx, NULL, type, impl, NULL);
+ return EVP_DigestSignInit(ctx, NULL, type, NULL, NULL);
if (ctx->pctx->operation == EVP_PKEY_OP_VERIFYCTX)
- return EVP_DigestVerifyInit(ctx, NULL, type, impl, NULL);
+ return EVP_DigestVerifyInit(ctx, NULL, type, NULL, NULL);
ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
return 0;
}
type = ctx->digest;
}
- /* Code below to be removed when legacy support is dropped. */
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
- /*
- * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
- * this context may already have an ENGINE! Try to avoid releasing the
- * previous handle, re-querying for an ENGINE, and having a
- * reinitialisation, when it may all be unnecessary.
- */
- if (ossl_unlikely(ctx->engine != NULL)
- && ctx->digest != NULL
- && type->type == ctx->digest->type)
- goto skip_to_init;
-
/*
- * Ensure an ENGINE left lying around from last time is cleared (the
- * previous check attempted to avoid this if the same ENGINE and
- * EVP_MD could be used).
- */
- ENGINE_finish(ctx->engine);
- ctx->engine = NULL;
-
- if (impl == NULL)
- tmpimpl = ENGINE_get_digest_engine(type->type);
-#endif
-
- /*
- * If there are engines involved or EVP_MD_CTX_FLAG_NO_INIT is set then we
+ * If there is EVP_MD_CTX_FLAG_NO_INIT set then we
* should use legacy handling for now.
*/
- if (impl != NULL
-#if !defined(OPENSSL_NO_ENGINE)
- || ctx->engine != NULL
-# if !defined(FIPS_MODULE)
- || tmpimpl != NULL
-# endif
-#endif
- || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0
+ if ((ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0
|| (type != NULL && type->origin == EVP_ORIG_METH)
|| (type == NULL && ctx->digest != NULL
&& ctx->digest->origin == EVP_ORIG_METH)) {
/* Code below to be removed when legacy support is dropped. */
legacy:
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
- if (type) {
- if (impl != NULL) {
- if (!ENGINE_init(impl)) {
- ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
- return 0;
- }
- } else {
- /* Ask if an ENGINE is reserved for this job */
- impl = tmpimpl;
- }
- if (impl != NULL) {
- /* There's an ENGINE for this job ... (apparently) */
- const EVP_MD *d = ENGINE_get_digest(impl, type->type);
-
- if (d == NULL) {
- ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
- ENGINE_finish(impl);
- return 0;
- }
- /* We'll use the ENGINE's private digest definition */
- type = d;
- /*
- * Store the ENGINE functional reference so we know 'type' came
- * from an ENGINE and we need to release it when done.
- */
- ctx->engine = impl;
- } else
- ctx->engine = NULL;
- }
-#endif
if (ctx->digest != type) {
cleanup_old_md_data(ctx, 1);
return 0;
}
}
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
- skip_to_init:
-#endif
#ifndef FIPS_MODULE
if (ctx->pctx != NULL
&& (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx)
int EVP_DigestInit_ex2(EVP_MD_CTX *ctx, const EVP_MD *type,
const OSSL_PARAM params[])
{
- return evp_md_init_internal(ctx, type, params, NULL);
+ return evp_md_init_internal(ctx, type, params);
}
int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
{
EVP_MD_CTX_reset(ctx);
- return evp_md_init_internal(ctx, type, NULL, NULL);
+ return evp_md_init_internal(ctx, type, NULL);
}
int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
{
- return evp_md_init_internal(ctx, type, NULL, impl);
+ /* make the compiler happy */
+ (void)impl;
+ return evp_md_init_internal(ctx, type, NULL);
}
int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
/* Code below to be removed when legacy support is dropped. */
legacy:
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
- /* Make sure it's safe to copy a digest context using an ENGINE */
- if (in->engine && !ENGINE_init(in->engine)) {
- ERR_raise(ERR_LIB_EVP, ERR_R_ENGINE_LIB);
- return 0;
- }
-#endif
if (out->digest == in->digest) {
tmp_buf = out->md_data;
OPENSSL_cleanse(ctx->cipher_data, ctx->cipher->ctx_size);
}
OPENSSL_free(ctx->cipher_data);
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
- ENGINE_finish(ctx->engine);
-#endif
memset(ctx, 0, sizeof(*ctx));
ctx->iv_len = -1;
return 1;
static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx,
const EVP_CIPHER *cipher,
- ENGINE *impl, const unsigned char *key,
+ const unsigned char *key,
const unsigned char *iv, int enc,
uint8_t is_pipeline,
const OSSL_PARAM params[])
{
int n;
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
- ENGINE *tmpimpl = NULL;
-#endif
/*
* enc == 1 means we are encrypting.
if (is_pipeline)
goto nonlegacy;
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
- /*
- * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
- * this context may already have an ENGINE! Try to avoid releasing the
- * previous handle, re-querying for an ENGINE, and having a
- * reinitialisation, when it may all be unnecessary.
- */
- if (ctx->engine && ctx->cipher
- && (cipher == NULL || cipher->nid == ctx->cipher->nid))
- goto skip_to_init;
-
- if (cipher != NULL && impl == NULL) {
- /* Ask if an ENGINE is reserved for this job */
- tmpimpl = ENGINE_get_cipher_engine(cipher->nid);
- }
-#endif
-
/*
* If there are engines involved then we should use legacy handling for now.
*/
- if (ctx->engine != NULL
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
- || tmpimpl != NULL
-#endif
- || impl != NULL
- || (cipher != NULL && cipher->origin == EVP_ORIG_METH)
+ if ((cipher != NULL && cipher->origin == EVP_ORIG_METH)
|| (cipher == NULL && ctx->cipher != NULL
&& ctx->cipher->origin == EVP_ORIG_METH)) {
if (ctx->cipher == ctx->fetched_cipher)
ctx->encrypt = enc;
ctx->flags = flags;
}
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
- if (impl != NULL) {
- if (!ENGINE_init(impl)) {
- ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
- return 0;
- }
- } else {
- impl = tmpimpl;
- }
- if (impl != NULL) {
- /* There's an ENGINE for this job ... (apparently) */
- const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid);
-
- if (c == NULL) {
- /*
- * One positive side-effect of US's export control history,
- * is that we should at least be able to avoid using US
- * misspellings of "initialisation"?
- */
- ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
- return 0;
- }
- /* We'll use the ENGINE's private cipher definition */
- cipher = c;
- /*
- * Store the ENGINE functional reference so we know 'cipher' came
- * from an ENGINE and we need to release it when done.
- */
- ctx->engine = impl;
- } else {
- ctx->engine = NULL;
- }
-#endif
ctx->cipher = cipher;
if (ctx->cipher->ctx_size) {
}
}
}
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
- skip_to_init:
-#endif
if (ctx->cipher == NULL)
return 0;
const unsigned char *key, const unsigned char *iv,
int enc, const OSSL_PARAM params[])
{
- return evp_cipher_init_internal(ctx, cipher, NULL, key, iv, enc, 0, params);
+ return evp_cipher_init_internal(ctx, cipher, key, iv, enc, 0, params);
}
int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
{
if (cipher != NULL)
EVP_CIPHER_CTX_reset(ctx);
- return evp_cipher_init_internal(ctx, cipher, NULL, key, iv, enc, 0, NULL);
+ return evp_cipher_init_internal(ctx, cipher, key, iv, enc, 0, NULL);
}
int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
ENGINE *impl, const unsigned char *key,
const unsigned char *iv, int enc)
{
- return evp_cipher_init_internal(ctx, cipher, impl, key, iv, enc, 0, NULL);
+ /* to make the compilers happy */
+ (void)impl;
+ return evp_cipher_init_internal(ctx, cipher, key, iv, enc, 0, NULL);
}
int EVP_CipherPipelineEncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
ctx->numpipes = numpipes;
- if (!evp_cipher_init_internal(ctx, cipher, NULL, NULL, NULL, 1, 1,
+ if (!evp_cipher_init_internal(ctx, cipher, NULL, NULL, 1, 1,
NULL))
return 0;
ctx->numpipes = numpipes;
- if (!evp_cipher_init_internal(ctx, cipher, NULL, NULL, NULL, 0, 1,
+ if (!evp_cipher_init_internal(ctx, cipher, NULL, NULL, 0, 1,
NULL))
return 0;
/* Code below to be removed when legacy support is dropped. */
legacy:
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
- /* Make sure it's safe to copy a cipher context using an ENGINE */
- if (in->engine && !ENGINE_init(in->engine)) {
- ERR_raise(ERR_LIB_EVP, ERR_R_ENGINE_LIB);
- return 0;
- }
-#endif
-
EVP_CIPHER_CTX_reset(out);
memcpy(out, in, sizeof(*out));
ret = ameth->pkey_id;
else
ret = NID_undef;
-# ifndef OPENSSL_NO_ENGINE
- ENGINE_finish(e);
-# endif
return ret;
#else
size_t i;
const char *strtype,
const char *propq,
int nidtype,
- ENGINE *e,
const unsigned char *key,
size_t len,
int key_is_priv)
{
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
- const EVP_PKEY_ASN1_METHOD *ameth = NULL;
int result = 0;
-# ifndef OPENSSL_NO_ENGINE
- /* Check if there is an Engine for this type */
- if (e == NULL) {
- ENGINE *tmpe = NULL;
-
- if (strtype != NULL)
- ameth = EVP_PKEY_asn1_find_str(&tmpe, strtype, -1);
- else if (nidtype != EVP_PKEY_NONE)
- ameth = EVP_PKEY_asn1_find(&tmpe, nidtype);
-
- /* If tmpe is NULL then no engine is claiming to support this type */
- if (tmpe == NULL)
- ameth = NULL;
+ ctx = EVP_PKEY_CTX_new_from_name(libctx,
+ strtype != NULL ? strtype
+ : OBJ_nid2sn(nidtype),
+ propq);
+ if (ctx == NULL)
+ goto err;
+ /* May fail if no provider available */
+ ERR_set_mark();
+ if (EVP_PKEY_fromdata_init(ctx) == 1) {
+ OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
- ENGINE_finish(tmpe);
- }
-# endif
+ ERR_clear_last_mark();
+ params[0] = OSSL_PARAM_construct_octet_string(
+ key_is_priv ? OSSL_PKEY_PARAM_PRIV_KEY
+ : OSSL_PKEY_PARAM_PUB_KEY,
+ (void *)key, len);
- if (e == NULL && ameth == NULL) {
- /*
- * No engine is claiming to support this type, so lets see if we have
- * a provider.
- */
- ctx = EVP_PKEY_CTX_new_from_name(libctx,
- strtype != NULL ? strtype
- : OBJ_nid2sn(nidtype),
- propq);
- if (ctx == NULL)
+ if (EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEYPAIR, params) != 1) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_KEY_SETUP_FAILED);
goto err;
- /* May fail if no provider available */
- ERR_set_mark();
- if (EVP_PKEY_fromdata_init(ctx) == 1) {
- OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
-
- ERR_clear_last_mark();
- params[0] = OSSL_PARAM_construct_octet_string(
- key_is_priv ? OSSL_PKEY_PARAM_PRIV_KEY
- : OSSL_PKEY_PARAM_PUB_KEY,
- (void *)key, len);
-
- if (EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEYPAIR, params) != 1) {
- ERR_raise(ERR_LIB_EVP, EVP_R_KEY_SETUP_FAILED);
- goto err;
- }
+ }
- EVP_PKEY_CTX_free(ctx);
+ EVP_PKEY_CTX_free(ctx);
- return pkey;
- }
- ERR_pop_to_mark();
- /* else not supported so fallback to legacy */
+ return pkey;
}
+ ERR_pop_to_mark();
+ /* else not supported so fallback to legacy */
/* Legacy code path */
goto err;
}
- if (!pkey_set_type(pkey, e, nidtype, strtype, -1, NULL)) {
+ if (!pkey_set_type(pkey, NULL, nidtype, strtype, -1, NULL)) {
/* ERR_raise(ERR_LIB_EVP, ...) already called */
goto err;
}
const char *propq,
const unsigned char *priv, size_t len)
{
- return new_raw_key_int(libctx, keytype, propq, EVP_PKEY_NONE, NULL, priv,
+ return new_raw_key_int(libctx, keytype, propq, EVP_PKEY_NONE, priv,
len, 1);
}
const unsigned char *priv,
size_t len)
{
- return new_raw_key_int(NULL, NULL, NULL, type, e, priv, len, 1);
+ /* make the compiler happy */
+ (void)e;
+ return new_raw_key_int(NULL, NULL, NULL, type, priv, len, 1);
}
EVP_PKEY *EVP_PKEY_new_raw_public_key_ex(OSSL_LIB_CTX *libctx,
const char *keytype, const char *propq,
const unsigned char *pub, size_t len)
{
- return new_raw_key_int(libctx, keytype, propq, EVP_PKEY_NONE, NULL, pub,
+ return new_raw_key_int(libctx, keytype, propq, EVP_PKEY_NONE, pub,
len, 0);
}
const unsigned char *pub,
size_t len)
{
- return new_raw_key_int(NULL, NULL, NULL, type, e, pub, len, 0);
+ /* make the compiler happy */
+ (void)e;
+ return new_raw_key_int(NULL, NULL, NULL, type, pub, len, 0);
}
struct raw_key_details_st {
const char *cipher_name,
const EVP_CIPHER *cipher,
OSSL_LIB_CTX *libctx,
- const char *propq, ENGINE *e)
+ const char *propq)
{
# ifndef OPENSSL_NO_CMAC
-# ifndef OPENSSL_NO_ENGINE
- const char *engine_id = e != NULL ? ENGINE_get_id(e) : NULL;
-# endif
OSSL_PARAM params[5], *p = params;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx;
if (propq != NULL)
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_PROPERTIES,
(char *)propq, 0);
-# ifndef OPENSSL_NO_ENGINE
- if (engine_id != NULL)
- *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_ENGINE,
- (char *)engine_id, 0);
-# endif
*p = OSSL_PARAM_construct_end();
if (EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0) {
EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv,
size_t len, const EVP_CIPHER *cipher)
{
- return new_cmac_key_int(priv, len, NULL, cipher, NULL, NULL, e);
+ return new_cmac_key_int(priv, len, NULL, cipher, NULL, NULL);
}
int EVP_PKEY_set_type(EVP_PKEY *pkey, int type)
return pkey_set_type(pkey, NULL, EVP_PKEY_NONE, str, len, NULL);
}
-# ifndef OPENSSL_NO_ENGINE
-int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e)
-{
- if (e != NULL) {
- if (!ENGINE_init(e)) {
- ERR_raise(ERR_LIB_EVP, ERR_R_ENGINE_LIB);
- return 0;
- }
- if (ENGINE_get_pkey_meth(e, pkey->type) == NULL) {
- ENGINE_finish(e);
- ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_ALGORITHM);
- return 0;
- }
- }
- ENGINE_finish(pkey->pmeth_engine);
- pkey->pmeth_engine = e;
- return 1;
-}
-
-ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey)
-{
- return pkey->engine;
-}
-# endif
-
# ifndef OPENSSL_NO_DEPRECATED_3_0
static void detect_foreign_key(EVP_PKEY *pkey)
{
* If pkey is NULL just return 1 or 0 if the key management method exists.
*/
+/* TODO - remove engine parameter */
static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str,
int len, EVP_KEYMGMT *keymgmt)
{
&& type == pkey->save_type
&& pkey->ameth != NULL)
return 1;
-# ifndef OPENSSL_NO_ENGINE
- /* If we have ENGINEs release them */
- ENGINE_finish(pkey->engine);
- pkey->engine = NULL;
- ENGINE_finish(pkey->pmeth_engine);
- pkey->pmeth_engine = NULL;
-# endif
#endif
}
#ifndef FIPS_MODULE
ameth = EVP_PKEY_asn1_find_str(eptr, str, len);
else if (type != EVP_PKEY_NONE)
ameth = EVP_PKEY_asn1_find(eptr, type);
-# ifndef OPENSSL_NO_ENGINE
- if (pkey == NULL && eptr != NULL)
- ENGINE_finish(e);
-# endif
#endif
} else {
pkey->type = EVP_PKEY_KEYMGMT;
}
-# ifndef OPENSSL_NO_ENGINE
- if (eptr == NULL && e != NULL && !ENGINE_init(e)) {
- ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
- return 0;
- }
-# endif
pkey->engine = e;
#endif
}
ameth->pkey_free(x);
x->pkey.ptr = NULL;
}
-# ifndef OPENSSL_NO_ENGINE
- ENGINE_finish(tmpe);
- ENGINE_finish(x->engine);
- x->engine = NULL;
- ENGINE_finish(x->pmeth_engine);
- x->pmeth_engine = NULL;
-# endif
}
#endif /* FIPS_MODULE */
if (e == NULL && (pkey == NULL || pkey->foreign == 0))
keytype = OBJ_nid2sn(id);
-# ifndef OPENSSL_NO_ENGINE
- if (e == NULL && pkey != NULL)
- e = pkey->pmeth_engine != NULL ? pkey->pmeth_engine : pkey->engine;
- /* Try to find an ENGINE which implements this method */
- if (e != NULL) {
- if (!ENGINE_init(e)) {
- ERR_raise(ERR_LIB_EVP, ERR_R_ENGINE_LIB);
- return NULL;
- }
- } else {
- e = ENGINE_get_pkey_meth_engine(id);
- }
-
- /*
- * If an ENGINE handled this method look it up. Otherwise use internal
- * tables.
- */
- if (e != NULL)
- pmeth = ENGINE_get_pkey_meth(e, id);
- else
-# endif /* OPENSSL_NO_ENGINE */
if (pkey != NULL && pkey->foreign)
pmeth = EVP_PKEY_meth_find(id);
else
ret = OPENSSL_zalloc(sizeof(*ret));
}
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
- if ((ret == NULL || pmeth == NULL) && e != NULL)
- ENGINE_finish(e);
-#endif
-
if (ret == NULL) {
EVP_KEYMGMT_free(keymgmt);
return NULL;
OPENSSL_free(ctx->propquery);
EVP_PKEY_free(ctx->pkey);
EVP_PKEY_free(ctx->peerkey);
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
- ENGINE_finish(ctx->engine);
-#endif
BN_free(ctx->rsa_pubexp);
OPENSSL_free(ctx);
}
{
EVP_PKEY_CTX *rctx;
-# ifndef OPENSSL_NO_ENGINE
- /* Make sure it's safe to copy a pkey context using an ENGINE */
- if (pctx->engine && !ENGINE_init(pctx->engine)) {
- ERR_raise(ERR_LIB_EVP, ERR_R_ENGINE_LIB);
- return 0;
- }
-# endif
rctx = OPENSSL_zalloc(sizeof(*rctx));
if (rctx == NULL)
return NULL;
}
rctx->pmeth = pctx->pmeth;
-# ifndef OPENSSL_NO_ENGINE
- rctx->engine = pctx->engine;
-# endif
if (pctx->peerkey != NULL && !EVP_PKEY_up_ref(pctx->peerkey))
goto err;
#include "openssl/obj_mac.h"
#include "openssl/evp.h"
#include "openssl/err.h"
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
-# include <openssl/engine.h>
-#endif
#ifdef OPENSSL_HMAC_S390X
ctx->plat.s390x.ikp = 1;
}
-static int s390x_check_engine_used(const EVP_MD *md, ENGINE *impl)
-{
-# if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
- const EVP_MD *d;
-
- if (impl != NULL) {
- if (!ENGINE_init(impl))
- return 0;
- } else {
- impl = ENGINE_get_digest_engine(EVP_MD_get_type(md));
- }
-
- if (impl == NULL)
- return 0;
-
- d = ENGINE_get_digest(impl, EVP_MD_get_type(md));
- ENGINE_finish(impl);
-
- if (d != NULL)
- return 1;
-# endif
-
- return 0;
-}
-
int s390x_HMAC_init(HMAC_CTX *ctx, const void *key, int key_len, ENGINE *impl)
{
unsigned char *key_param;
if (ctx->plat.s390x.fc == 0)
return -1; /* Not supported by kmac instruction */
- if (s390x_check_engine_used(ctx->md, impl)) {
- ctx->plat.s390x.fc = 0;
- return -1; /* An engine handles the digest, disable acceleration */
- }
-
ctx->plat.s390x.blk_size = EVP_MD_get_block_size(ctx->md);
if (ctx->plat.s390x.blk_size < 0)
return 0;
return 1;
}
-#ifndef OPENSSL_NO_ENGINE
-static CRYPTO_ONCE engine_openssl = CRYPTO_ONCE_STATIC_INIT;
-DEFINE_RUN_ONCE_STATIC(ossl_init_engine_openssl)
-{
- OSSL_TRACE(INIT, "engine_load_openssl_int()\n");
- engine_load_openssl_int();
- return 1;
-}
-# ifndef OPENSSL_NO_RDRAND
-static CRYPTO_ONCE engine_rdrand = CRYPTO_ONCE_STATIC_INIT;
-DEFINE_RUN_ONCE_STATIC(ossl_init_engine_rdrand)
-{
- OSSL_TRACE(INIT, "engine_load_rdrand_int()\n");
- engine_load_rdrand_int();
- return 1;
-}
-# endif
-static CRYPTO_ONCE engine_dynamic = CRYPTO_ONCE_STATIC_INIT;
-DEFINE_RUN_ONCE_STATIC(ossl_init_engine_dynamic)
-{
- OSSL_TRACE(INIT, "engine_load_dynamic_int()\n");
- engine_load_dynamic_int();
- return 1;
-}
-# ifndef OPENSSL_NO_STATIC_ENGINE
-# ifndef OPENSSL_NO_DEVCRYPTOENG
-static CRYPTO_ONCE engine_devcrypto = CRYPTO_ONCE_STATIC_INIT;
-DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto)
-{
- OSSL_TRACE(INIT, "engine_load_devcrypto_int()\n");
- engine_load_devcrypto_int();
- return 1;
-}
-# endif
-# if !defined(OPENSSL_NO_PADLOCKENG)
-static CRYPTO_ONCE engine_padlock = CRYPTO_ONCE_STATIC_INIT;
-DEFINE_RUN_ONCE_STATIC(ossl_init_engine_padlock)
-{
- OSSL_TRACE(INIT, "engine_load_padlock_int()\n");
- engine_load_padlock_int();
- return 1;
-}
-# endif
-# if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
-static CRYPTO_ONCE engine_capi = CRYPTO_ONCE_STATIC_INIT;
-DEFINE_RUN_ONCE_STATIC(ossl_init_engine_capi)
-{
- OSSL_TRACE(INIT, "engine_load_capi_int()\n");
- engine_load_capi_int();
- return 1;
-}
-# endif
-# if !defined(OPENSSL_NO_AFALGENG)
-static CRYPTO_ONCE engine_afalg = CRYPTO_ONCE_STATIC_INIT;
-DEFINE_RUN_ONCE_STATIC(ossl_init_engine_afalg)
-{
- OSSL_TRACE(INIT, "engine_load_afalg_int()\n");
- engine_load_afalg_int();
- return 1;
-}
-# endif
-# endif
-#endif
-
void OPENSSL_cleanup(void)
{
OPENSSL_INIT_STOP *currhandler, *lasthandler;
OSSL_TRACE(INIT, "OPENSSL_cleanup: ossl_config_modules_free()\n");
ossl_config_modules_free();
-#ifndef OPENSSL_NO_ENGINE
- OSSL_TRACE(INIT, "OPENSSL_cleanup: engine_cleanup_int()\n");
- engine_cleanup_int();
-#endif
-
#ifndef OPENSSL_NO_DEPRECATED_3_0
OSSL_TRACE(INIT, "OPENSSL_cleanup: ossl_store_cleanup_int()\n");
ossl_store_cleanup_int();
&& !RUN_ONCE(&async, ossl_init_async))
return 0;
-#ifndef OPENSSL_NO_ENGINE
- if ((opts & OPENSSL_INIT_ENGINE_OPENSSL)
- && !RUN_ONCE(&engine_openssl, ossl_init_engine_openssl))
- return 0;
-# ifndef OPENSSL_NO_RDRAND
- if ((opts & OPENSSL_INIT_ENGINE_RDRAND)
- && !RUN_ONCE(&engine_rdrand, ossl_init_engine_rdrand))
- return 0;
-# endif
- if ((opts & OPENSSL_INIT_ENGINE_DYNAMIC)
- && !RUN_ONCE(&engine_dynamic, ossl_init_engine_dynamic))
- return 0;
-# ifndef OPENSSL_NO_STATIC_ENGINE
-# ifndef OPENSSL_NO_DEVCRYPTOENG
- if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV)
- && !RUN_ONCE(&engine_devcrypto, ossl_init_engine_devcrypto))
- return 0;
-# endif
-# if !defined(OPENSSL_NO_PADLOCKENG)
- if ((opts & OPENSSL_INIT_ENGINE_PADLOCK)
- && !RUN_ONCE(&engine_padlock, ossl_init_engine_padlock))
- return 0;
-# endif
-# if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
- if ((opts & OPENSSL_INIT_ENGINE_CAPI)
- && !RUN_ONCE(&engine_capi, ossl_init_engine_capi))
- return 0;
-# endif
-# if !defined(OPENSSL_NO_AFALGENG)
- if ((opts & OPENSSL_INIT_ENGINE_AFALG)
- && !RUN_ONCE(&engine_afalg, ossl_init_engine_afalg))
- return 0;
-# endif
-# endif
- if (opts & (OPENSSL_INIT_ENGINE_ALL_BUILTIN
- | OPENSSL_INIT_ENGINE_OPENSSL
- | OPENSSL_INIT_ENGINE_AFALG)) {
- ENGINE_register_all_complete();
- }
-#endif
-
if (!CRYPTO_atomic_or(&optsdone, opts, &tmp, optsdone_lock))
return 0;
r = 1;
else
r = 0;
-#ifndef OPENSSL_NO_ENGINE
- ENGINE_finish(e);
-#endif
return r;
}
}
return dgbl->random_provider_name != NULL;
}
-# ifndef OPENSSL_NO_ENGINE
-/* non-NULL if default_RAND_meth is ENGINE-provided */
-static ENGINE *funct_ref;
-static CRYPTO_RWLOCK *rand_engine_lock;
-# endif /* !OPENSSL_NO_ENGINE */
# ifndef OPENSSL_NO_DEPRECATED_3_0
static CRYPTO_RWLOCK *rand_meth_lock;
static const RAND_METHOD *default_RAND_meth;
DEFINE_RUN_ONCE_STATIC(do_rand_init)
{
-# ifndef OPENSSL_NO_ENGINE
- rand_engine_lock = CRYPTO_THREAD_lock_new();
- if (rand_engine_lock == NULL)
- return 0;
-# endif /* !OPENSSL_NO_ENGINE */
-
# ifndef OPENSSL_NO_DEPRECATED_3_0
rand_meth_lock = CRYPTO_THREAD_lock_new();
if (rand_meth_lock == NULL)
CRYPTO_THREAD_lock_free(rand_meth_lock);
rand_meth_lock = NULL;
# endif /* !OPENSSL_NO_DEPRECATED_3_0 */
-# ifndef OPENSSL_NO_ENGINE
- CRYPTO_THREAD_lock_free(rand_engine_lock);
- rand_engine_lock = NULL;
-# endif /* !OPENSSL_NO_ENGINE */
return 0;
}
RAND_set_rand_method(NULL);
# endif /* !OPENSSL_NO_DEPRECATED_3_0 */
ossl_rand_pool_cleanup();
-# ifndef OPENSSL_NO_ENGINE
- CRYPTO_THREAD_lock_free(rand_engine_lock);
- rand_engine_lock = NULL;
-# endif /* !OPENSSL_NO_ENGINE */
# ifndef OPENSSL_NO_DEPRECATED_3_0
CRYPTO_THREAD_lock_free(rand_meth_lock);
rand_meth_lock = NULL;
if (!CRYPTO_THREAD_write_lock(rand_meth_lock))
return 0;
-# ifndef OPENSSL_NO_ENGINE
- ENGINE_finish(funct_ref);
- funct_ref = e;
-# endif
default_RAND_meth = meth;
CRYPTO_THREAD_unlock(rand_meth_lock);
return 1;
if (!CRYPTO_THREAD_write_lock(rand_meth_lock))
return NULL;
- if (default_RAND_meth == NULL) {
-# ifndef OPENSSL_NO_ENGINE
- ENGINE *e;
-
- /* If we have an engine that can do RAND, use it. */
- if ((e = ENGINE_get_default_RAND()) != NULL
- && (tmp_meth = ENGINE_get_RAND(e)) != NULL) {
- funct_ref = e;
- default_RAND_meth = tmp_meth;
- } else {
- ENGINE_finish(e);
- default_RAND_meth = &ossl_rand_meth;
- }
-# else
+ if (default_RAND_meth == NULL)
default_RAND_meth = &ossl_rand_meth;
-# endif
- }
tmp_meth = default_RAND_meth;
CRYPTO_THREAD_unlock(rand_meth_lock);
return tmp_meth;
}
-
-# if !defined(OPENSSL_NO_ENGINE)
-int RAND_set_rand_engine(ENGINE *engine)
-{
- const RAND_METHOD *tmp_meth = NULL;
-
- if (!RUN_ONCE(&rand_init, do_rand_init))
- return 0;
-
- if (engine != NULL) {
- if (!ENGINE_init(engine))
- return 0;
- tmp_meth = ENGINE_get_RAND(engine);
- if (tmp_meth == NULL) {
- ENGINE_finish(engine);
- return 0;
- }
- }
- if (!CRYPTO_THREAD_write_lock(rand_engine_lock)) {
- ENGINE_finish(engine);
- return 0;
- }
-
- /* This function releases any prior ENGINE so call it first */
- rand_set_rand_method_internal(tmp_meth, engine);
- CRYPTO_THREAD_unlock(rand_engine_lock);
- return 1;
-}
-# endif
# endif /* OPENSSL_NO_DEPRECATED_3_0 */
void RAND_seed(const void *buf, int num)
mtmp = rsa->meth;
if (mtmp->finish)
mtmp->finish(rsa);
-#ifndef OPENSSL_NO_ENGINE
- ENGINE_finish(rsa->engine);
- rsa->engine = NULL;
-#endif
rsa->meth = meth;
if (meth->init)
meth->init(rsa);
ret->libctx = libctx;
ret->meth = RSA_get_default_method();
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
- ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
- if (engine) {
- if (!ENGINE_init(engine)) {
- ERR_raise(ERR_LIB_RSA, ERR_R_ENGINE_LIB);
- goto err;
- }
- ret->engine = engine;
- } else {
- ret->engine = ENGINE_get_default_RSA();
- }
- if (ret->engine) {
- ret->meth = ENGINE_get_RSA(ret->engine);
- if (ret->meth == NULL) {
- ERR_raise(ERR_LIB_RSA, ERR_R_ENGINE_LIB);
- goto err;
- }
- }
-#endif
-
ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
#ifndef FIPS_MODULE
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) {
if (r->meth != NULL && r->meth->finish != NULL)
r->meth->finish(r);
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
- ENGINE_finish(r->engine);
-#endif
#ifndef FIPS_MODULE
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
int nid;
nid = OBJ_obj2nid(key->algor->algorithm);
- if (!key->flag_force_legacy) {
-#ifndef OPENSSL_NO_ENGINE
- ENGINE *e = NULL;
-
- e = ENGINE_get_pkey_meth_engine(nid);
- if (e == NULL)
- return 0;
- ENGINE_finish(e);
-#else
+ if (!key->flag_force_legacy)
return 0;
-#endif
- }
pkey = EVP_PKEY_new();
if (pkey == NULL) {
projects / thirdparty / openssl.git / commitdiff
