This commits changes to various parts of libcrypto required by the recent
ENGINE surgery. DH, DSA, RAND, and RSA now use *both* "method" and ENGINE
pointers to manage their hooking with ENGINE. Previously their use of
"method" pointers was replaced by use of ENGINE references. See
crypto/engine/README for details.
Also, remove the ENGINE iterations from evp_test - even when the
cipher/digest code is committed in, this functionality would require a
different set of API calls.
diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
index fe2da7a..65d61e2 100644
--- a/crypto/dh/dh.h
+++ b/crypto/dh/dh.h
@@ -68,6 +68,7 @@
#endif
#include <openssl/bn.h>
#include <openssl/crypto.h>
+#include <openssl/types.h>
#define DH_FLAG_CACHE_MONT_P 0x01
@@ -115,11 +116,8 @@
int references;
CRYPTO_EX_DATA ex_data;
-#if 0
- DH_METHOD *meth;
-#else
- struct engine_st *engine;
-#endif
+ const DH_METHOD *meth;
+ ENGINE *engine;
};
#define DH_GENERATOR_2 2
@@ -154,15 +152,10 @@
const DH_METHOD *DH_OpenSSL(void);
-void DH_set_default_openssl_method(const DH_METHOD *meth);
-const DH_METHOD *DH_get_default_openssl_method(void);
-#if 0
-const DH_METHOD *DH_set_method(DH *dh, const DH_METHOD *meth);
-DH *DH_new_method(const DH_METHOD *meth);
-#else
-int DH_set_method(DH *dh, struct engine_st *engine);
-DH *DH_new_method(struct engine_st *engine);
-#endif
+void DH_set_default_method(const DH_METHOD *meth);
+const DH_METHOD *DH_get_default_method(void);
+int DH_set_method(DH *dh, const DH_METHOD *meth);
+DH *DH_new_method(ENGINE *engine);
DH * DH_new(void);
void DH_free(DH *dh);
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index 6707277..1a0efca 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -74,12 +74,12 @@
int DH_generate_key(DH *dh)
{
- return ENGINE_get_DH(dh->engine)->generate_key(dh);
+ return dh->meth->generate_key(dh);
}
int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
{
- return ENGINE_get_DH(dh->engine)->compute_key(key, pub_key, dh);
+ return dh->meth->compute_key(key, pub_key, dh);
}
static DH_METHOD dh_ossl = {
@@ -140,8 +140,8 @@
l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
if (!BN_rand(priv_key, l, 0, 0)) goto err;
}
- if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, pub_key, dh->g,
- priv_key,dh->p,ctx,mont)) goto err;
+ if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, priv_key,dh->p,ctx,mont))
+ goto err;
dh->pub_key=pub_key;
dh->priv_key=priv_key;
@@ -181,8 +181,7 @@
}
mont=(BN_MONT_CTX *)dh->method_mont_p;
- if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, tmp, pub_key,
- dh->priv_key,dh->p,ctx,mont))
+ if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont))
{
DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB);
goto err;
diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c
index 7804bb4..73f1c24 100644
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -66,97 +66,67 @@
static const DH_METHOD *default_DH_method = NULL;
-void DH_set_default_openssl_method(const DH_METHOD *meth)
-{
- ENGINE *e;
- /* We'll need to notify the "openssl" ENGINE of this
- * change too. We won't bother locking things down at
- * our end as there was never any locking in these
- * functions! */
- if(default_DH_method != meth)
- {
- default_DH_method = meth;
- e = ENGINE_by_id("openssl");
- if(e)
- {
- ENGINE_set_DH(e, meth);
- ENGINE_free(e);
- }
- }
-}
+void DH_set_default_method(const DH_METHOD *meth)
+ {
+ default_DH_method = meth;
+ }
-const DH_METHOD *DH_get_default_openssl_method(void)
-{
- if(!default_DH_method) default_DH_method = DH_OpenSSL();
+const DH_METHOD *DH_get_default_method(void)
+ {
+ if(!default_DH_method)
+ default_DH_method = DH_OpenSSL();
return default_DH_method;
-}
+ }
-#if 0
-DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth)
-{
- DH_METHOD *mtmp;
+int DH_set_method(DH *dh, const DH_METHOD *meth)
+ {
+ /* NB: The caller is specifically setting a method, so it's not up to us
+ * to deal with which ENGINE it comes from. */
+ const DH_METHOD *mtmp;
mtmp = dh->meth;
if (mtmp->finish) mtmp->finish(dh);
+ if (dh->engine)
+ {
+ ENGINE_finish(dh->engine);
+ dh->engine = NULL;
+ }
dh->meth = meth;
if (meth->init) meth->init(dh);
- return mtmp;
+ return 1;
}
-#else
-int DH_set_method(DH *dh, ENGINE *engine)
-{
- ENGINE *mtmp;
- const DH_METHOD *meth;
- mtmp = dh->engine;
- meth = ENGINE_get_DH(mtmp);
- if (!ENGINE_init(engine))
- return 0;
- if (meth->finish) meth->finish(dh);
- dh->engine= engine;
- meth = ENGINE_get_DH(engine);
- if (meth->init) meth->init(dh);
- /* SHOULD ERROR CHECK THIS!!! */
- ENGINE_finish(mtmp);
- return 1;
-}
-#endif
DH *DH_new(void)
-{
- return DH_new_method(NULL);
-}
-
-#if 0
-DH *DH_new_method(DH_METHOD *meth)
-#else
-DH *DH_new_method(ENGINE *engine)
-#endif
{
- const DH_METHOD *meth;
- DH *ret;
- ret=(DH *)OPENSSL_malloc(sizeof(DH));
+ return DH_new_method(NULL);
+ }
+DH *DH_new_method(ENGINE *engine)
+ {
+ DH *ret;
+
+ ret=(DH *)OPENSSL_malloc(sizeof(DH));
if (ret == NULL)
{
DHerr(DH_F_DH_NEW,ERR_R_MALLOC_FAILURE);
return(NULL);
}
- if (engine)
+ ret->meth = DH_get_default_method();
+ ret->engine = engine;
+ if(!ret->engine)
+ ret->engine = ENGINE_get_default_DH();
+ if(ret->engine)
{
- if(ENGINE_init(engine))
- ret->engine = engine;
- else
- ret->engine = NULL;
+ ret->meth = ENGINE_get_DH(ret->engine);
+ if(!ret->meth)
+ {
+ DHerr(DH_F_DH_NEW,ERR_R_ENGINE_LIB);
+ ENGINE_finish(ret->engine);
+ OPENSSL_free(ret);
+ return NULL;
+ }
}
- else
- ret->engine=ENGINE_get_default_DH();
- if(ret->engine == NULL)
- {
- DHerr(DH_F_DH_NEW,ERR_LIB_ENGINE);
- OPENSSL_free(ret);
- return NULL;
- }
- meth = ENGINE_get_DH(ret->engine);
+
ret->pad=0;
ret->version=0;
ret->p=NULL;
@@ -171,9 +141,9 @@
ret->counter = NULL;
ret->method_mont_p=NULL;
ret->references = 1;
- ret->flags=meth->flags;
+ ret->flags=ret->meth->flags;
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
- if ((meth->init != NULL) && !meth->init(ret))
+ if ((ret->meth->init != NULL) && !ret->meth->init(ret))
{
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
OPENSSL_free(ret);
@@ -184,7 +154,6 @@
void DH_free(DH *r)
{
- const DH_METHOD *meth;
int i;
if(r == NULL) return;
i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH);
@@ -200,9 +169,10 @@
}
#endif
- meth = ENGINE_get_DH(r->engine);
- if(meth->finish) meth->finish(r);
- ENGINE_finish(r->engine);
+ if (r->meth->finish)
+ r->meth->finish(r);
+ if (r->engine)
+ ENGINE_finish(r->engine);
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data);
diff --git a/crypto/dh/dhtest.c b/crypto/dh/dhtest.c
index e90f255..0176436 100644
--- a/crypto/dh/dhtest.c
+++ b/crypto/dh/dhtest.c
@@ -66,6 +66,7 @@
#include <openssl/bio.h>
#include <openssl/bn.h>
#include <openssl/rand.h>
+#include <openssl/err.h>
#ifdef OPENSSL_NO_DH
int main(int argc, char *argv[])
@@ -99,6 +100,10 @@
int i,alen,blen,aout,bout,ret=1;
BIO *out;
+ CRYPTO_malloc_debug_init();
+ CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
#ifdef OPENSSL_SYS_WIN32
CRYPTO_malloc_init();
#endif
@@ -175,6 +180,9 @@
if(b != NULL) DH_free(b);
if(a != NULL) DH_free(a);
BIO_free(out);
+ CRYPTO_cleanup_all_ex_data();
+ ERR_remove_state(0);
+ CRYPTO_mem_leaks_fp(stderr);
exit(ret);
return(ret);
}
diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h
index e12cee0..9692a0b 100644
--- a/crypto/dsa/dsa.h
+++ b/crypto/dsa/dsa.h
@@ -74,6 +74,7 @@
#endif
#include <openssl/bn.h>
#include <openssl/crypto.h>
+#include <openssl/types.h>
#ifndef OPENSSL_NO_DH
# include <openssl/dh.h>
#endif
@@ -133,11 +134,9 @@
char *method_mont_p;
int references;
CRYPTO_EX_DATA ex_data;
-#if 0
- DSA_METHOD *meth;
-#else
- struct engine_st *engine;
-#endif
+ const DSA_METHOD *meth;
+ /* functional reference if 'meth' is ENGINE-provided */
+ ENGINE *engine;
};
#define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \
@@ -163,20 +162,12 @@
const DSA_METHOD *DSA_OpenSSL(void);
-void DSA_set_default_openssl_method(const DSA_METHOD *);
-const DSA_METHOD *DSA_get_default_openssl_method(void);
-#if 0
-const DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *);
-#else
-int DSA_set_method(DSA *dsa, struct engine_st *engine);
-#endif
+void DSA_set_default_method(const DSA_METHOD *);
+const DSA_METHOD *DSA_get_default_method(void);
+int DSA_set_method(DSA *dsa, const DSA_METHOD *);
DSA * DSA_new(void);
-#if 0
-DSA * DSA_new_method(DSA_METHOD *meth);
-#else
-DSA * DSA_new_method(struct engine_st *engine);
-#endif
+DSA * DSA_new_method(ENGINE *engine);
void DSA_free (DSA *r);
/* "up" the DSA object's reference count */
int DSA_up_ref(DSA *r);
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index 365145a..900e009 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -69,73 +69,42 @@
static const DSA_METHOD *default_DSA_method = NULL;
-void DSA_set_default_openssl_method(const DSA_METHOD *meth)
-{
- ENGINE *e;
- /* We'll need to notify the "openssl" ENGINE of this
- * change too. We won't bother locking things down at
- * our end as there was never any locking in these
- * functions! */
- if(default_DSA_method != meth)
- {
- default_DSA_method = meth;
- e = ENGINE_by_id("openssl");
- if(e)
- {
- ENGINE_set_DSA(e, meth);
- ENGINE_free(e);
- }
- }
-}
+void DSA_set_default_method(const DSA_METHOD *meth)
+ {
+ default_DSA_method = meth;
+ }
-const DSA_METHOD *DSA_get_default_openssl_method(void)
-{
- if(!default_DSA_method) default_DSA_method = DSA_OpenSSL();
+const DSA_METHOD *DSA_get_default_method(void)
+ {
+ if(!default_DSA_method)
+ default_DSA_method = DSA_OpenSSL();
return default_DSA_method;
-}
+ }
DSA *DSA_new(void)
-{
+ {
return DSA_new_method(NULL);
-}
+ }
-#if 0
-DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth)
-{
- DSA_METHOD *mtmp;
+int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
+ {
+ /* NB: The caller is specifically setting a method, so it's not up to us
+ * to deal with which ENGINE it comes from. */
+ const DSA_METHOD *mtmp;
mtmp = dsa->meth;
if (mtmp->finish) mtmp->finish(dsa);
+ if (dsa->engine)
+ {
+ ENGINE_finish(dsa->engine);
+ dsa->engine = NULL;
+ }
dsa->meth = meth;
if (meth->init) meth->init(dsa);
- return mtmp;
-}
-#else
-int DSA_set_method(DSA *dsa, ENGINE *engine)
- {
- ENGINE *mtmp;
- const DSA_METHOD *meth;
- mtmp = dsa->engine;
- meth = ENGINE_get_DSA(mtmp);
- if (!ENGINE_init(engine))
- return 0;
- if (meth->finish) meth->finish(dsa);
- dsa->engine = engine;
- meth = ENGINE_get_DSA(engine);
- if (meth->init) meth->init(dsa);
- /* SHOULD ERROR CHECK THIS!!! */
- ENGINE_finish(mtmp);
- return 1;
+ return 1;
}
-#endif
-
-#if 0
-DSA *DSA_new_method(DSA_METHOD *meth)
-#else
DSA *DSA_new_method(ENGINE *engine)
-#endif
{
- const DSA_METHOD *meth;
DSA *ret;
ret=(DSA *)OPENSSL_malloc(sizeof(DSA));
@@ -144,25 +113,23 @@
DSAerr(DSA_F_DSA_NEW,ERR_R_MALLOC_FAILURE);
return(NULL);
}
-
- if (engine)
+ ret->meth = DSA_get_default_method();
+ ret->engine = engine;
+ if(!ret->engine)
+ ret->engine = ENGINE_get_default_DSA();
+ if(ret->engine)
{
- if(ENGINE_init(engine))
- ret->engine = engine;
- else
- ret->engine = NULL;
- }
- else
- ret->engine=ENGINE_get_default_DSA();
-
- if(ret->engine == NULL)
- {
- DSAerr(DSA_F_DSA_NEW,ERR_LIB_ENGINE);
- OPENSSL_free(ret);
- return NULL;
+ ret->meth = ENGINE_get_DSA(ret->engine);
+ if(!ret->meth)
+ {
+ DSAerr(DSA_F_DSA_NEW,
+ ERR_R_ENGINE_LIB);
+ ENGINE_finish(ret->engine);
+ OPENSSL_free(ret);
+ return NULL;
+ }
}
- meth = ENGINE_get_DSA(ret->engine);
ret->pad=0;
ret->version=0;
ret->write_params=1;
@@ -178,9 +145,9 @@
ret->method_mont_p=NULL;
ret->references=1;
- ret->flags=meth->flags;
+ ret->flags=ret->meth->flags;
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
- if ((meth->init != NULL) && !meth->init(ret))
+ if ((ret->meth->init != NULL) && !ret->meth->init(ret))
{
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
OPENSSL_free(ret);
@@ -192,7 +159,6 @@
void DSA_free(DSA *r)
{
- const DSA_METHOD *meth;
int i;
if (r == NULL) return;
@@ -210,9 +176,10 @@
}
#endif
- meth = ENGINE_get_DSA(r->engine);
- if(meth->finish) meth->finish(r);
- ENGINE_finish(r->engine);
+ if(r->meth->finish)
+ r->meth->finish(r);
+ if(r->engine)
+ ENGINE_finish(r->engine);
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index 7a5adc6..37dd5fc 100644
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -202,7 +202,7 @@
}
/* Compute r = (g^k mod p) mod q */
- if (!ENGINE_get_DSA(dsa->engine)->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
+ if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
(BN_MONT_CTX *)dsa->method_mont_p)) goto err;
if (!BN_mod(r,r,dsa->q,ctx)) goto err;
@@ -296,7 +296,7 @@
if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err;
#else
{
- if (!ENGINE_get_DSA(dsa->engine)->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
+ if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
dsa->p,ctx,mont)) goto err;
/* BN_copy(&u1,&t1); */
/* let u1 = u1 mod q */
diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c
index dfe27ba..e9469ca 100644
--- a/crypto/dsa/dsa_sign.c
+++ b/crypto/dsa/dsa_sign.c
@@ -68,7 +68,7 @@
DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
{
- return ENGINE_get_DSA(dsa->engine)->dsa_do_sign(dgst, dlen, dsa);
+ return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
}
int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
@@ -88,6 +88,6 @@
int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
{
- return ENGINE_get_DSA(dsa->engine)->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
+ return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
}
diff --git a/crypto/dsa/dsa_vrf.c b/crypto/dsa/dsa_vrf.c
index 28b6712..066c6b5 100644
--- a/crypto/dsa/dsa_vrf.c
+++ b/crypto/dsa/dsa_vrf.c
@@ -70,7 +70,7 @@
int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
DSA *dsa)
{
- return ENGINE_get_DSA(dsa->engine)->dsa_do_verify(dgst, dgst_len, sig, dsa);
+ return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
}
/* data has already been hashed (probably with SHA or SHA-1). */
diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c
index 5f24b59..12da64f 100644
--- a/crypto/dsa/dsatest.c
+++ b/crypto/dsa/dsatest.c
@@ -65,6 +65,7 @@
#include <openssl/rand.h>
#include <openssl/bio.h>
#include <openssl/err.h>
+#include <openssl/engine.h>
#ifdef OPENSSL_SYS_WINDOWS
#include "../bio/bss_file.c"
#endif
@@ -136,9 +137,6 @@
unsigned char sig[256];
unsigned int siglen;
- ERR_load_crypto_strings();
- RAND_seed(rnd_seed, sizeof rnd_seed);
-
if (bio_err == NULL)
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
@@ -146,6 +144,9 @@
CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+ ERR_load_crypto_strings();
+ RAND_seed(rnd_seed, sizeof rnd_seed);
+
BIO_printf(bio_err,"test generation of DSA parameters\n");
dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb,bio_err);
@@ -204,6 +205,7 @@
if (dsa != NULL) DSA_free(dsa);
CRYPTO_cleanup_all_ex_data();
ERR_remove_state(0);
+ ERR_free_strings();
CRYPTO_mem_leaks(bio_err);
if (bio_err != NULL)
{
diff --git a/crypto/evp/evp_test.c b/crypto/evp/evp_test.c
index fa3c922..b569678 100644
--- a/crypto/evp/evp_test.c
+++ b/crypto/evp/evp_test.c
@@ -217,7 +217,6 @@
const unsigned char *ciphertext,int cn)
{
const EVP_CIPHER *c;
- ENGINE *e;
c=EVP_get_cipherbyname(cipher);
if(!c)
@@ -225,16 +224,6 @@
test1(c,key,kn,iv,in,plaintext,pn,ciphertext,cn);
- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
- {
- c=ENGINE_get_cipher_by_name(e,cipher);
- if(!c)
- continue;
- printf("Testing engine %s\n",ENGINE_get_name(e));
-
- test1(c,key,kn,iv,in,plaintext,pn,ciphertext,cn);
- }
-
return 1;
}
@@ -315,8 +304,10 @@
exit(2);
}
+ /* Load up the software EVP_CIPHER and EVP_MD definitions */
OpenSSL_add_all_ciphers();
OpenSSL_add_all_digests();
+ /* Load all compiled-in ENGINEs */
ENGINE_load_builtin_engines();
for( ; ; )
diff --git a/crypto/rand/rand.h b/crypto/rand/rand.h
index 0bfccac..30e39c3 100644
--- a/crypto/rand/rand.h
+++ b/crypto/rand/rand.h
@@ -60,6 +60,7 @@
#define HEADER_RAND_H
#include <stdlib.h>
+#include <openssl/types.h>
#ifdef __cplusplus
extern "C" {
@@ -79,10 +80,9 @@
extern int rand_predictable;
#endif
-struct engine_st;
-
-int RAND_set_rand_method(struct engine_st *meth);
-const RAND_METHOD *RAND_get_rand_method(void );
+int RAND_set_rand_method(const RAND_METHOD *meth);
+const RAND_METHOD *RAND_get_rand_method(void);
+int RAND_set_rand_engine(ENGINE *engine);
RAND_METHOD *RAND_SSLeay(void);
void RAND_cleanup(void );
int RAND_bytes(unsigned char *buf,int num);
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index adbae32..5cf5dc1 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -62,37 +62,61 @@
#include <openssl/rand.h>
#include <openssl/engine.h>
-static ENGINE *rand_engine=NULL;
+/* non-NULL if default_RAND_meth is ENGINE-provided */
+static ENGINE *funct_ref =NULL;
+static const RAND_METHOD *default_RAND_meth = NULL;
-#if 0
-void RAND_set_rand_method(RAND_METHOD *meth)
+int RAND_set_rand_method(const RAND_METHOD *meth)
{
- rand_meth=meth;
- }
-#else
-int RAND_set_rand_method(ENGINE *engine)
- {
- ENGINE *mtmp;
- mtmp = rand_engine;
- if (engine && !ENGINE_init(engine))
- return 0;
- rand_engine = engine;
- /* SHOULD ERROR CHECK THIS!!! */
- if(mtmp)
- ENGINE_finish(mtmp);
+ if(funct_ref)
+ {
+ ENGINE_finish(funct_ref);
+ funct_ref = NULL;
+ }
+ default_RAND_meth = meth;
return 1;
}
-#endif
const RAND_METHOD *RAND_get_rand_method(void)
{
- if (rand_engine == NULL
- && (rand_engine = ENGINE_get_default_RAND()) == NULL)
+ if (!default_RAND_meth)
{
- RANDerr(RAND_F_RAND_GET_RAND_METHOD,ERR_LIB_ENGINE);
- return NULL;
+ ENGINE *e = ENGINE_get_default_RAND();
+ if(e)
+ {
+ default_RAND_meth = ENGINE_get_RAND(e);
+ if(!default_RAND_meth)
+ {
+ ENGINE_finish(e);
+ e = NULL;
+ }
+ }
+ if(e)
+ funct_ref = e;
+ else
+ default_RAND_meth = RAND_SSLeay();
}
- return ENGINE_get_RAND(rand_engine);
+ return default_RAND_meth;
+ }
+
+int RAND_set_rand_engine(ENGINE *engine)
+ {
+ const RAND_METHOD *tmp_meth = NULL;
+ if(engine)
+ {
+ if(!ENGINE_init(engine))
+ return 0;
+ tmp_meth = ENGINE_get_RAND(engine);
+ if(!tmp_meth)
+ {
+ ENGINE_finish(engine);
+ return 0;
+ }
+ }
+ /* This function releases any prior ENGINE so call it first */
+ RAND_set_rand_method(tmp_meth);
+ funct_ref = engine;
+ return 1;
}
void RAND_cleanup(void)
@@ -100,6 +124,7 @@
const RAND_METHOD *meth = RAND_get_rand_method();
if (meth && meth->cleanup)
meth->cleanup();
+ RAND_set_rand_method(NULL);
}
void RAND_seed(const void *buf, int num)
diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h
index 993b539..459dba0 100644
--- a/crypto/rsa/rsa.h
+++ b/crypto/rsa/rsa.h
@@ -66,6 +66,7 @@
#endif
#include <openssl/bn.h>
#include <openssl/crypto.h>
+#include <openssl/types.h>
#ifdef OPENSSL_NO_RSA
#error RSA is disabled.
@@ -122,11 +123,9 @@
* this is passed instead of aEVP_PKEY, it is set to 0 */
int pad;
long version;
-#if 0
- RSA_METHOD *meth;
-#else
- struct engine_st *engine;
-#endif
+ const RSA_METHOD *meth;
+ /* functional reference if 'meth' is ENGINE-provided */
+ ENGINE *engine;
BIGNUM *n;
BIGNUM *e;
BIGNUM *d;
@@ -180,11 +179,7 @@
#define RSA_get_app_data(s) RSA_get_ex_data(s,0)
RSA * RSA_new(void);
-#if 0
-RSA * RSA_new_method(RSA_METHOD *method);
-#else
-RSA * RSA_new_method(struct engine_st *engine);
-#endif
+RSA * RSA_new_method(ENGINE *engine);
int RSA_size(const RSA *);
RSA * RSA_generate_key(int bits, unsigned long e,void
(*callback)(int,int,void *),void *cb_arg);
@@ -204,14 +199,10 @@
int RSA_flags(const RSA *r);
-void RSA_set_default_openssl_method(const RSA_METHOD *meth);
-const RSA_METHOD *RSA_get_default_openssl_method(void);
+void RSA_set_default_method(const RSA_METHOD *meth);
+const RSA_METHOD *RSA_get_default_method(void);
const RSA_METHOD *RSA_get_method(const RSA *rsa);
-#if 0
-RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth);
-#else
-int RSA_set_method(RSA *rsa, struct engine_st *engine);
-#endif
+int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
/* This function needs the memory locking malloc callbacks to be installed */
int RSA_memory_lock(RSA *r);
diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c
index 83891df..d82dd15 100644
--- a/crypto/rsa/rsa_eay.c
+++ b/crypto/rsa/rsa_eay.c
@@ -100,13 +100,11 @@
static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
- const RSA_METHOD *meth;
BIGNUM f,ret;
int i,j,k,num=0,r= -1;
unsigned char *buf=NULL;
BN_CTX *ctx=NULL;
- meth = ENGINE_get_RSA(rsa->engine);
BN_init(&f);
BN_init(&ret);
if ((ctx=BN_CTX_new()) == NULL) goto err;
@@ -172,7 +170,7 @@
BN_MONT_CTX_free(bn_mont_ctx);
}
- if (!meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
+ if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
rsa->_method_mod_n)) goto err;
/* put in leading 0 bytes if the number is less than the
@@ -199,13 +197,11 @@
static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
- const RSA_METHOD *meth;
BIGNUM f,ret;
int i,j,k,num=0,r= -1;
unsigned char *buf=NULL;
BN_CTX *ctx=NULL;
- meth = ENGINE_get_RSA(rsa->engine);
BN_init(&f);
BN_init(&ret);
@@ -252,10 +248,10 @@
(rsa->dmp1 != NULL) &&
(rsa->dmq1 != NULL) &&
(rsa->iqmp != NULL)) )
- { if (!meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
+ { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
else
{
- if (!meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err;
+ if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err;
}
if (rsa->flags & RSA_FLAG_BLINDING)
@@ -284,14 +280,12 @@
static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
- const RSA_METHOD *meth;
BIGNUM f,ret;
int j,num=0,r= -1;
unsigned char *p;
unsigned char *buf=NULL;
BN_CTX *ctx=NULL;
- meth = ENGINE_get_RSA(rsa->engine);
BN_init(&f);
BN_init(&ret);
ctx=BN_CTX_new();
@@ -334,10 +328,10 @@
(rsa->dmp1 != NULL) &&
(rsa->dmq1 != NULL) &&
(rsa->iqmp != NULL)) )
- { if (!meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
+ { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
else
{
- if (!meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL))
+ if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL))
goto err;
}
@@ -386,14 +380,12 @@
static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
- const RSA_METHOD *meth;
BIGNUM f,ret;
int i,num=0,r= -1;
unsigned char *p;
unsigned char *buf=NULL;
BN_CTX *ctx=NULL;
- meth = ENGINE_get_RSA(rsa->engine);
BN_init(&f);
BN_init(&ret);
ctx=BN_CTX_new();
@@ -448,7 +440,7 @@
BN_MONT_CTX_free(bn_mont_ctx);
}
- if (!meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
+ if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
rsa->_method_mod_n)) goto err;
p=buf;
@@ -483,12 +475,10 @@
static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
{
- const RSA_METHOD *meth;
BIGNUM r1,m1,vrfy;
int ret=0;
BN_CTX *ctx;
- meth = ENGINE_get_RSA(rsa->engine);
if ((ctx=BN_CTX_new()) == NULL) goto err;
BN_init(&m1);
BN_init(&r1);
@@ -546,11 +536,11 @@
}
if (!BN_mod(&r1,I,rsa->q,ctx)) goto err;
- if (!meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx,
+ if (!rsa->meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx,
rsa->_method_mod_q)) goto err;
if (!BN_mod(&r1,I,rsa->p,ctx)) goto err;
- if (!meth->bn_mod_exp(r0,&r1,rsa->dmp1,rsa->p,ctx,
+ if (!rsa->meth->bn_mod_exp(r0,&r1,rsa->dmp1,rsa->p,ctx,
rsa->_method_mod_p)) goto err;
if (!BN_sub(r0,r0,&m1)) goto err;
@@ -575,7 +565,7 @@
if (rsa->e && rsa->n)
{
- if (!meth->bn_mod_exp(&vrfy,r0,rsa->e,rsa->n,ctx,NULL)) goto err;
+ if (!rsa->meth->bn_mod_exp(&vrfy,r0,rsa->e,rsa->n,ctx,NULL)) goto err;
/* If 'I' was greater than (or equal to) rsa->n, the operation
* will be equivalent to using 'I mod n'. However, the result of
* the verify will *always* be less than 'n' so we don't check
@@ -588,7 +578,7 @@
/* 'I' and 'vrfy' aren't congruent mod n. Don't leak
* miscalculated CRT output, just do a raw (slower)
* mod_exp and return that instead. */
- if (!meth->bn_mod_exp(r0,I,rsa->d,rsa->n,ctx,NULL)) goto err;
+ if (!rsa->meth->bn_mod_exp(r0,I,rsa->d,rsa->n,ctx,NULL)) goto err;
}
ret=1;
err:
diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index ef9f924..b81fb6d 100644
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -73,27 +73,13 @@
return(RSA_new_method(NULL));
}
-void RSA_set_default_openssl_method(const RSA_METHOD *meth)
+void RSA_set_default_method(const RSA_METHOD *meth)
{
- ENGINE *e;
- /* We'll need to notify the "openssl" ENGINE of this
- * change too. We won't bother locking things down at
- * our end as there was never any locking in these
- * functions! */
- if(default_RSA_meth != meth)
- {
- default_RSA_meth = meth;
- e = ENGINE_by_id("openssl");
- if(e)
- {
- ENGINE_set_RSA(e, meth);
- ENGINE_free(e);
- }
- }
+ default_RSA_meth = meth;
}
-const RSA_METHOD *RSA_get_default_openssl_method(void)
-{
+const RSA_METHOD *RSA_get_default_method(void)
+ {
if (default_RSA_meth == NULL)
{
#ifdef RSA_NULL
@@ -108,49 +94,32 @@
}
return default_RSA_meth;
-}
+ }
const RSA_METHOD *RSA_get_method(const RSA *rsa)
-{
- return ENGINE_get_RSA(rsa->engine);
-}
+ {
+ return rsa->meth;
+ }
-#if 0
-RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth)
-{
- RSA_METHOD *mtmp;
+int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
+ {
+ /* NB: The caller is specifically setting a method, so it's not up to us
+ * to deal with which ENGINE it comes from. */
+ const RSA_METHOD *mtmp;
mtmp = rsa->meth;
if (mtmp->finish) mtmp->finish(rsa);
+ if (rsa->engine)
+ {
+ ENGINE_finish(rsa->engine);
+ rsa->engine = NULL;
+ }
rsa->meth = meth;
if (meth->init) meth->init(rsa);
- return mtmp;
-}
-#else
-int RSA_set_method(RSA *rsa, ENGINE *engine)
-{
- ENGINE *mtmp;
- const RSA_METHOD *meth;
- mtmp = rsa->engine;
- meth = ENGINE_get_RSA(mtmp);
- if (!ENGINE_init(engine))
- return 0;
- if (meth->finish) meth->finish(rsa);
- rsa->engine = engine;
- meth = ENGINE_get_RSA(engine);
- if (meth->init) meth->init(rsa);
- /* SHOULD ERROR CHECK THIS!!! */
- ENGINE_finish(mtmp);
return 1;
-}
-#endif
+ }
-#if 0
-RSA *RSA_new_method(RSA_METHOD *meth)
-#else
RSA *RSA_new_method(ENGINE *engine)
-#endif
{
- const RSA_METHOD *meth;
RSA *ret;
ret=(RSA *)OPENSSL_malloc(sizeof(RSA));
@@ -160,24 +129,22 @@
return(NULL);
}
- if (engine)
+ ret->meth = RSA_get_default_method();
+ ret->engine = engine;
+ if(!ret->engine)
+ ret->engine = ENGINE_get_default_RSA();
+ if(ret->engine)
{
- if(ENGINE_init(engine))
- ret->engine = engine;
- else
- ret->engine = NULL;
+ ret->meth = ENGINE_get_RSA(ret->engine);
+ if(!ret->meth)
+ {
+ RSAerr(RSA_F_RSA_NEW_METHOD,
+ ERR_R_ENGINE_LIB);
+ ENGINE_finish(ret->engine);
+ OPENSSL_free(ret);
+ return NULL;
+ }
}
- else
- ret->engine=ENGINE_get_default_RSA();
-
- if(ret->engine == NULL)
- {
- RSAerr(RSA_F_RSA_NEW_METHOD,ERR_LIB_ENGINE);
- OPENSSL_free(ret);
- return NULL;
- }
-
- meth = ENGINE_get_RSA(ret->engine);
ret->pad=0;
ret->version=0;
@@ -195,9 +162,9 @@
ret->_method_mod_q=NULL;
ret->blinding=NULL;
ret->bignum_data=NULL;
- ret->flags=meth->flags;
+ ret->flags=ret->meth->flags;
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
- if ((meth->init != NULL) && !meth->init(ret))
+ if ((ret->meth->init != NULL) && !ret->meth->init(ret))
{
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
OPENSSL_free(ret);
@@ -208,7 +175,6 @@
void RSA_free(RSA *r)
{
- const RSA_METHOD *meth;
int i;
if (r == NULL) return;
@@ -226,10 +192,10 @@
}
#endif
- meth = ENGINE_get_RSA(r->engine);
- if (meth->finish != NULL)
- meth->finish(r);
- ENGINE_finish(r->engine);
+ if (r->meth->finish)
+ r->meth->finish(r);
+ if (r->engine)
+ ENGINE_finish(r->engine);
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
@@ -287,34 +253,30 @@
int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
RSA *rsa, int padding)
{
- return(ENGINE_get_RSA(rsa->engine)->rsa_pub_enc(flen,
- from, to, rsa, padding));
+ return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding));
}
int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
RSA *rsa, int padding)
{
- return(ENGINE_get_RSA(rsa->engine)->rsa_priv_enc(flen,
- from, to, rsa, padding));
+ return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
}
int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
RSA *rsa, int padding)
{
- return(ENGINE_get_RSA(rsa->engine)->rsa_priv_dec(flen,
- from, to, rsa, padding));
+ return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding));
}
int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
RSA *rsa, int padding)
{
- return(ENGINE_get_RSA(rsa->engine)->rsa_pub_dec(flen,
- from, to, rsa, padding));
+ return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
}
int RSA_flags(const RSA *r)
{
- return((r == NULL)?0:ENGINE_get_RSA(r->engine)->flags);
+ return((r == NULL)?0:r->meth->flags);
}
void RSA_blinding_off(RSA *rsa)
@@ -348,8 +310,7 @@
if (!BN_rand_range(A,rsa->n)) goto err;
if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err;
- if (!ENGINE_get_RSA(rsa->engine)->bn_mod_exp(A,A,
- rsa->e,rsa->n,ctx,rsa->_method_mod_n))
+ if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n))
goto err;
rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n);
rsa->flags|=RSA_FLAG_BLINDING;
@@ -405,4 +366,3 @@
r->bignum_data=p;
return(1);
}
-
diff --git a/crypto/rsa/rsa_test.c b/crypto/rsa/rsa_test.c
index 5dee24b..b8b462d 100644
--- a/crypto/rsa/rsa_test.c
+++ b/crypto/rsa/rsa_test.c
@@ -16,6 +16,7 @@
}
#else
#include <openssl/rsa.h>
+#include <openssl/engine.h>
#define SetKey \
key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \
@@ -219,12 +220,12 @@
int clen = 0;
int num;
- RAND_seed(rnd_seed, sizeof rnd_seed); /* or OAEP may fail */
-
CRYPTO_malloc_debug_init();
CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
+
+ RAND_seed(rnd_seed, sizeof rnd_seed); /* or OAEP may fail */
+
plen = sizeof(ptext_ex) - 1;
for (v = 0; v < 3; v++)
@@ -310,7 +311,7 @@
CRYPTO_cleanup_all_ex_data();
ERR_remove_state(0);
- CRYPTO_mem_leaks_fp(stdout);
+ CRYPTO_mem_leaks_fp(stderr);
return err;
}
