Skip to content

T
Third Party Openssl

OpenHarmony / Third Party Openssl
1 年多 前同步成功

通知 9
Star 18
Fork 1
T
Third Party Openssl
提交 5270e702 编写于 作者: R Richard Levitte
浏览文件
操作

Merge the engine branch into the main trunk. All conflicts resolved. 

At the same time, add VMS support for Rijndael.
上级 1df586be
展开全部 隐藏空白更改
内联 并排
Showing with 7901 addition and 692 deletion
CHANGES
浏览文件 @ 5270e702
......@@ -4,6 +4,16 @@
Changes between 0.9.6 and 0.9.7 [xx XXX 2000]
*) Add VMS support for the Rijndael code
[Richard Levitte]
*) Added untested support for Nuron crypto accelerator.
[Ben Laurie]
*) Add support for external cryptographic devices. This code was
previously distributed separately as the "engine" branch.
[Geoff Thorpe, Richard Levitte]
*) Rework the filename-translation in the DSO code. It is now possible to
have far greater control over how a "name" is turned into a filename
depending on the operating environment and any oddities about the
......
Configure
浏览文件 @ 5270e702
......@@ -10,7 +10,7 @@ use strict;
# see INSTALL for instructions.
my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [rsaref] [no-threads] [no-asm] [no-dso] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] os/compiler[:flags]\n";
my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [rsaref] [no-threads] [no-asm] [no-dso] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] os/compiler[:flags]\n";
# Options:
#
......@@ -23,6 +23,11 @@ my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-
# default). This needn't be set in advance, you can
# just as well use "make INSTALL_PREFIX=/whatever install".
#
# no-hw-xxx do not compile support for specific crypto hardware.
# Generic OpenSSL-style methods relating to this support
# are always compiled but return NULL if the hardware
# support isn't compiled.
# no-hw do not compile support for any crypto hardware.
# rsaref use RSAref
# [no-]threads [don't] try to create a library that is suitable for
# multithreaded applications (default is "threads" if we
......@@ -490,6 +495,18 @@ PROCESS_ARGS:
$flags .= "-DNO_ASM ";
$openssl_other_defines .= "#define NO_ASM\n";
}
elsif (/^no-hw-(.+)$/)
{
my $hw=$1;
$hw =~ tr/[a-z]/[A-Z]/;
$flags .= "-DNO_HW_$hw ";
$openssl_other_defines .= "#define NO_HW_$hw\n";
}
elsif (/^no-hw$/)
{
$flags .= "-DNO_HW ";
$openssl_other_defines .= "#define NO_HW\n";
}
elsif (/^no-dso$/)
{ $no_dso=1; }
elsif (/^no-threads$/)
......
Makefile.org
浏览文件 @ 5270e702
......@@ -161,7 +161,7 @@ SHLIBDIRS= crypto ssl
SDIRS= \
md2 md4 md5 sha mdc2 hmac ripemd \
des rc2 rc4 rc5 idea bf cast \
bn rsa dsa dh dso rijndael \
bn rsa dsa dh dso engine rijndael \
buffer bio stack lhash rand err objects \
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
......
STATUS
浏览文件 @ 5270e702
OpenSSL STATUS Last modified at
______________ $Date: 2000/10/23 14:36:18 $
______________ $Date: 2000/10/26 21:07:27 $
DEVELOPMENT STATE
......
TABLE
浏览文件 @ 5270e702
......@@ -130,7 +130,7 @@ $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
$cc = gcc
$cflags = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall
$unistd =
$thread_cflag = (unknown)
$thread_cflag = -pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE
$lflags =
$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
$bn_obj = asm/bn86-elf.o asm/co86-elf.o
......
apps/Makefile.ssl
浏览文件 @ 5270e702
此差异已折叠。
apps/apps.c
浏览文件 @ 5270e702
......@@ -178,6 +178,8 @@ int str2fmt(char *s)
|| (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0)
|| (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0))
return(FORMAT_PKCS12);
else if ((*s == 'E') || (*s == 'e'))
return(FORMAT_ENGINE);
else
return(FORMAT_UNDEF);
}
......
apps/apps.h
浏览文件 @ 5270e702
......@@ -163,6 +163,7 @@ STACK_OF(X509) *load_certs(BIO *err, char *file, int format);
#define FORMAT_NETSCAPE 4
#define FORMAT_PKCS12 5
#define FORMAT_SMIME 6
#define FORMAT_ENGINE 7
#define NETSCAPE_CERT_HDR "certificate"
......
apps/ca.c
浏览文件 @ 5270e702
......@@ -74,6 +74,7 @@
#include <openssl/x509v3.h>
#include <openssl/objects.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#ifndef W_OK
# ifdef VMS
......@@ -167,6 +168,7 @@ static char *ca_usage[]={
" -revoke file - Revoke a certificate (given in file)\n",
" -extensions .. - Extension section (override value in config file)\n",
" -crlexts .. - CRL extension section (override value in config file)\n",
" -engine e - use engine e, possibly a hardware device.\n",
NULL
};
......@@ -216,6 +218,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
char *key=NULL,*passargin=NULL;
int total=0;
int total_done=0;
......@@ -268,6 +271,7 @@ int MAIN(int argc, char **argv)
#define BSIZE 256
MS_STATIC char buf[3][BSIZE];
char *randfile=NULL;
char *engine = NULL;
#ifdef EFENCE
EF_PROTECT_FREE=1;
......@@ -419,6 +423,11 @@ EF_ALIGNMENT=0;
if (--argc < 1) goto bad;
crl_ext= *(++argv);
}
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else
{
bad:
......@@ -439,6 +448,24 @@ bad:
ERR_load_crypto_strings();
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto err;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto err;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
/*****************************************************************/
if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
if (configfile == NULL) configfile = getenv("SSLEAY_CONF");
......
apps/dgst.c
浏览文件 @ 5270e702
......@@ -66,6 +66,7 @@
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#undef BUFSIZE
#define BUFSIZE 1024*8
......@@ -80,6 +81,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
unsigned char *buf=NULL;
int i,err=0;
const EVP_MD *md=NULL,*m;
......@@ -97,6 +99,7 @@ int MAIN(int argc, char **argv)
EVP_PKEY *sigkey = NULL;
unsigned char *sigbuf = NULL;
int siglen = 0;
char *engine=NULL;
apps_startup();
......@@ -154,6 +157,11 @@ int MAIN(int argc, char **argv)
if (--argc < 1) break;
sigfile=*(++argv);
}
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) break;
engine= *(++argv);
}
else if (strcmp(*argv,"-hex") == 0)
out_bin = 0;
else if (strcmp(*argv,"-binary") == 0)
......@@ -190,6 +198,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err,"-prverify file verify a signature using private key in file\n");
BIO_printf(bio_err,"-signature file signature to verify\n");
BIO_printf(bio_err,"-binary output in binary form\n");
BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n");
BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n",
LN_md5,LN_md5);
......@@ -209,6 +218,24 @@ int MAIN(int argc, char **argv)
goto end;
}
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
in=BIO_new(BIO_s_file());
bmd=BIO_new(BIO_f_md());
if (debug)
......
apps/dh.c
浏览文件 @ 5270e702
......@@ -69,6 +69,7 @@
#include <openssl/dh.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#undef PROG
#define PROG dh_main
......@@ -87,11 +88,12 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
DH *dh=NULL;
int i,badops=0,text=0;
BIO *in=NULL,*out=NULL;
int informat,outformat,check=0,noout=0,C=0,ret=1;
char *infile,*outfile,*prog;
char *infile,*outfile,*prog,*engine;
apps_startup();
......@@ -99,6 +101,7 @@ int MAIN(int argc, char **argv)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
engine=NULL;
infile=NULL;
outfile=NULL;
informat=FORMAT_PEM;
......@@ -129,6 +132,11 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
outfile= *(++argv);
}
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else if (strcmp(*argv,"-check") == 0)
check=1;
else if (strcmp(*argv,"-text") == 0)
......@@ -160,11 +168,30 @@ bad:
BIO_printf(bio_err," -text print a text form of the DH parameters\n");
BIO_printf(bio_err," -C Output C code\n");
BIO_printf(bio_err," -noout no output\n");
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
goto end;
}
ERR_load_crypto_strings();
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL))
......
apps/dhparam.c
浏览文件 @ 5270e702
......@@ -121,6 +121,7 @@
#include <openssl/dh.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#ifndef NO_DSA
#include <openssl/dsa.h>
......@@ -148,6 +149,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
DH *dh=NULL;
int i,badops=0,text=0;
#ifndef NO_DSA
......@@ -156,7 +158,7 @@ int MAIN(int argc, char **argv)
BIO *in=NULL,*out=NULL;
int informat,outformat,check=0,noout=0,C=0,ret=1;
char *infile,*outfile,*prog;
char *inrand=NULL;
char *inrand=NULL,*engine=NULL;
int num = 0, g = 0;
apps_startup();
......@@ -195,6 +197,11 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
outfile= *(++argv);
}
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else if (strcmp(*argv,"-check") == 0)
check=1;
else if (strcmp(*argv,"-text") == 0)
......@@ -240,6 +247,7 @@ bad:
BIO_printf(bio_err," -2 generate parameters using 2 as the generator value\n");
BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n");
BIO_printf(bio_err," numbits number of bits in to generate (default 512)\n");
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
......@@ -249,6 +257,24 @@ bad:
ERR_load_crypto_strings();
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
if (g && !num)
num = DEFBITS;
......
apps/dsa.c
浏览文件 @ 5270e702
......@@ -68,6 +68,7 @@
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#undef PROG
#define PROG dsa_main
......@@ -87,6 +88,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
int ret=1;
DSA *dsa=NULL;
int i,badops=0;
......@@ -94,7 +96,7 @@ int MAIN(int argc, char **argv)
BIO *in=NULL,*out=NULL;
int informat,outformat,text=0,noout=0;
int pubin = 0, pubout = 0;
char *infile,*outfile,*prog;
char *infile,*outfile,*prog,*engine;
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
int modulus=0;
......@@ -105,6 +107,7 @@ int MAIN(int argc, char **argv)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
engine=NULL;
infile=NULL;
outfile=NULL;
informat=FORMAT_PEM;
......@@ -145,6 +148,11 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
passargout= *(++argv);
}
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else if (strcmp(*argv,"-noout") == 0)
noout=1;
else if (strcmp(*argv,"-text") == 0)
......@@ -176,6 +184,7 @@ bad:
BIO_printf(bio_err," -passin arg input file pass phrase source\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -passout arg output file pass phrase source\n");
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
#ifndef NO_IDEA
......@@ -189,6 +198,24 @@ bad:
ERR_load_crypto_strings();
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
......
apps/dsaparam.c
浏览文件 @ 5270e702
......@@ -69,6 +69,7 @@
#include <openssl/dsa.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#undef PROG
#define PROG dsaparam_main
......@@ -90,6 +91,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
DSA *dsa=NULL;
int i,badops=0,text=0;
BIO *in=NULL,*out=NULL;
......@@ -97,6 +99,7 @@ int MAIN(int argc, char **argv)
char *infile,*outfile,*prog,*inrand=NULL;
int numbits= -1,num,genkey=0;
int need_rand=0;
char *engine=NULL;
apps_startup();
......@@ -134,6 +137,11 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
outfile= *(++argv);
}
else if(strcmp(*argv, "-engine") == 0)
{
if (--argc < 1) goto bad;
engine = *(++argv);
}
else if (strcmp(*argv,"-text") == 0)
text=1;
else if (strcmp(*argv,"-C") == 0)
......@@ -180,6 +188,7 @@ bad:
BIO_printf(bio_err," -C Output C code\n");
BIO_printf(bio_err," -noout no output\n");
BIO_printf(bio_err," -rand files to use for random number input\n");
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
BIO_printf(bio_err," number number of bits to use for generating private key\n");
goto end;
}
......@@ -223,6 +232,24 @@ bad:
}
}
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
if (need_rand)
{
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
......
apps/enc.c
浏览文件 @ 5270e702
......@@ -70,6 +70,7 @@
#include <openssl/md5.h>
#endif
#include <openssl/pem.h>
#include <openssl/engine.h>
int set_hex(char *in,unsigned char *out,int size);
#undef SIZE
......@@ -84,6 +85,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
static const char magic[]="Salted__";
char mbuf[8]; /* should be 1 smaller than magic */
char *strbuf=NULL;
......@@ -101,6 +103,7 @@ int MAIN(int argc, char **argv)
BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
#define PROG_NAME_SIZE 16
char pname[PROG_NAME_SIZE];
char *engine = NULL;
apps_startup();
......@@ -141,6 +144,11 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
passarg= *(++argv);
}
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else if (strcmp(*argv,"-d") == 0)
enc=0;
else if (strcmp(*argv,"-p") == 0)
......@@ -241,6 +249,7 @@ bad:
BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");
BIO_printf(bio_err,"Cipher Types\n");
BIO_printf(bio_err,"des : 56 bit key DES encryption\n");
......@@ -319,6 +328,24 @@ bad:
argv++;
}
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
if (bufsize != NULL)
{
unsigned long n;
......
apps/gendh.c
浏览文件 @ 5270e702
......@@ -70,6 +70,7 @@
#include <openssl/dh.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#define DEFBITS 512
#undef PROG
......@@ -81,11 +82,13 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
DH *dh=NULL;
int ret=1,num=DEFBITS;
int g=2;
char *outfile=NULL;
char *inrand=NULL;
char *engine=NULL;
BIO *out=NULL;
apps_startup();
......@@ -110,6 +113,11 @@ int MAIN(int argc, char **argv)
g=3; */
else if (strcmp(*argv,"-5") == 0)
g=5;
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
......@@ -125,15 +133,34 @@ int MAIN(int argc, char **argv)
bad:
BIO_printf(bio_err,"usage: gendh [args] [numbits]\n");
BIO_printf(bio_err," -out file - output the key to 'file\n");
BIO_printf(bio_err," -2 use 2 as the generator value\n");
/* BIO_printf(bio_err," -3 use 3 as the generator value\n"); */
BIO_printf(bio_err," -5 use 5 as the generator value\n");
BIO_printf(bio_err," -2 - use 2 as the generator value\n");
/* BIO_printf(bio_err," -3 - use 3 as the generator value\n"); */
BIO_printf(bio_err," -5 - use 5 as the generator value\n");
BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
goto end;
}
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
out=BIO_new(BIO_s_file());
if (out == NULL)
{
......
apps/gendsa.c
浏览文件 @ 5270e702
......@@ -68,6 +68,7 @@
#include <openssl/dsa.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#define DEFBITS 512
#undef PROG
......@@ -77,6 +78,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
DSA *dsa=NULL;
int ret=1;
char *outfile=NULL;
......@@ -84,6 +86,7 @@ int MAIN(int argc, char **argv)
char *passargout = NULL, *passout = NULL;
BIO *out=NULL,*in=NULL;
EVP_CIPHER *enc=NULL;
char *engine=NULL;
apps_startup();
......@@ -106,6 +109,11 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
passargout= *(++argv);
}
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
......@@ -145,6 +153,7 @@ bad:
#ifndef NO_IDEA
BIO_printf(bio_err," -idea - encrypt the generated key with IDEA in cbc mode\n");
#endif
BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
......@@ -153,6 +162,24 @@ bad:
goto end;
}
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
......
apps/genrsa.c
浏览文件 @ 5270e702
......@@ -69,6 +69,7 @@
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#define DEFBITS 512
#undef PROG
......@@ -80,6 +81,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
int ret=1;
RSA *rsa=NULL;
int i,num=DEFBITS;
......@@ -88,6 +90,7 @@ int MAIN(int argc, char **argv)
unsigned long f4=RSA_F4;
char *outfile=NULL;
char *passargout = NULL, *passout = NULL;
char *engine=NULL;
char *inrand=NULL;
BIO *out=NULL;
......@@ -116,6 +119,11 @@ int MAIN(int argc, char **argv)
f4=3;
else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
f4=RSA_F4;
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
......@@ -154,6 +162,7 @@ bad:
BIO_printf(bio_err," -passout arg output file pass phrase source\n");
BIO_printf(bio_err," -f4 use F4 (0x10001) for the E value\n");
BIO_printf(bio_err," -3 use 3 for the E value\n");
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
......@@ -167,6 +176,24 @@ bad:
goto err;
}
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto err;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto err;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
......@@ -186,7 +213,8 @@ bad:
}
}
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
&& !RAND_status())
{
BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
}
......
apps/pkcs12.c
浏览文件 @ 5270e702
......@@ -66,6 +66,7 @@
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/pkcs12.h>
#include <openssl/engine.h>
#define PROG pkcs12_main
......@@ -92,6 +93,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
char *infile=NULL, *outfile=NULL, *keyname = NULL;
char *certfile=NULL;
BIO *in=NULL, *out = NULL, *inkey = NULL, *certsin = NULL;
......@@ -118,6 +120,7 @@ int MAIN(int argc, char **argv)
char *passin = NULL, *passout = NULL;
char *inrand = NULL;
char *CApath = NULL, *CAfile = NULL;
char *engine=NULL;
apps_startup();
......@@ -236,6 +239,11 @@ int MAIN(int argc, char **argv)
args++;
CAfile = *args;
} else badarg = 1;
} else if (!strcmp(*args,"-engine")) {
if (args[1]) {
args++;
engine = *args;
} else badarg = 1;
} else badarg = 1;
} else badarg = 1;
......@@ -279,12 +287,27 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-password p set import/export password source\n");
BIO_printf (bio_err, "-passin p input file pass phrase source\n");
BIO_printf (bio_err, "-passout p output file pass phrase source\n");
BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n");
BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n");
goto end;
}
if (engine != NULL) {
if((e = ENGINE_by_id(engine)) == NULL) {
BIO_printf(bio_err,"invalid engine \"%s\"\n", engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
if(passarg) {
if(export_cert) passargout = passarg;
else passargin = passarg;
......
apps/pkcs7.c
浏览文件 @ 5270e702
......@@ -67,6 +67,7 @@
#include <openssl/x509.h>
#include <openssl/pkcs7.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#undef PROG
#define PROG pkcs7_main
......@@ -82,6 +83,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
PKCS7 *p7=NULL;
int i,badops=0;
BIO *in=NULL,*out=NULL;
......@@ -89,6 +91,7 @@ int MAIN(int argc, char **argv)
char *infile,*outfile,*prog;
int print_certs=0,text=0,noout=0;
int ret=0;
char *engine=NULL;
apps_startup();
......@@ -132,6 +135,11 @@ int MAIN(int argc, char **argv)
text=1;
else if (strcmp(*argv,"-print_certs") == 0)
print_certs=1;
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
......@@ -154,11 +162,30 @@ bad:
BIO_printf(bio_err," -print_certs print any certs or crl in the input\n");
BIO_printf(bio_err," -text print full details of certificates\n");
BIO_printf(bio_err," -noout don't output encoded data\n");
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
EXIT(1);
}
ERR_load_crypto_strings();
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL))
......
apps/pkcs8.c
浏览文件 @ 5270e702
......@@ -62,6 +62,7 @@
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/pkcs12.h>
#include <openssl/engine.h>
#include "apps.h"
#define PROG pkcs8_main
......@@ -70,6 +71,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
char **args, *infile = NULL, *outfile = NULL;
char *passargin = NULL, *passargout = NULL;
BIO *in = NULL, *out = NULL;
......@@ -85,9 +87,13 @@ int MAIN(int argc, char **argv)
EVP_PKEY *pkey;
char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
int badarg = 0;
char *engine=NULL;
if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
informat=FORMAT_PEM;
outformat=FORMAT_PEM;
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
args = argv + 1;
......@@ -138,6 +144,11 @@ int MAIN(int argc, char **argv)
if (!args[1]) goto bad;
passargout= *(++args);
}
else if (strcmp(*args,"-engine") == 0)
{
if (!args[1]) goto bad;
engine= *(++args);
}
else if (!strcmp (*args, "-in")) {
if (args[1]) {
args++;
......@@ -170,9 +181,28 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "-nocrypt use or expect unencrypted private key\n");
BIO_printf(bio_err, "-v2 alg use PKCS#5 v2.0 and cipher \"alg\"\n");
BIO_printf(bio_err, "-v1 obj use PKCS#5 v1.5 and cipher \"alg\"\n");
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
return (1);
}
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
return (1);
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
return (1);
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
return (1);
......
apps/rand.c
浏览文件 @ 5270e702
......@@ -9,6 +9,7 @@
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/engine.h>
#undef PROG
#define PROG rand_main
......@@ -23,6 +24,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
int i, r, ret = 1;
int badopt;
char *outfile = NULL;
......@@ -30,6 +32,7 @@ int MAIN(int argc, char **argv)
int base64 = 0;
BIO *out = NULL;
int num = -1;
char *engine=NULL;
apps_startup();
......@@ -48,6 +51,13 @@ int MAIN(int argc, char **argv)
else
badopt = 1;
}
if (strcmp(argv[i], "-engine") == 0)
{
if ((argv[i+1] != NULL) && (engine == NULL))
engine = argv[++i];
else
badopt = 1;
}
else if (strcmp(argv[i], "-rand") == 0)
{
if ((argv[i+1] != NULL) && (inrand == NULL))
......@@ -84,12 +94,31 @@ int MAIN(int argc, char **argv)
{
BIO_printf(bio_err, "Usage: rand [options] num\n");
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, "-out file - write to file\n");
BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, "-base64 - encode output\n");
BIO_printf(bio_err, "-out file - write to file\n");
BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, "-base64 - encode output\n");
goto err;
}
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto err;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto err;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
......
apps/req.c
浏览文件 @ 5270e702
......@@ -73,6 +73,7 @@
#include <openssl/x509v3.h>
#include <openssl/objects.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#define SECTION "req"
......@@ -140,6 +141,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
#ifndef NO_DSA
DSA *dsa_params=NULL;
#endif
......@@ -153,6 +155,7 @@ int MAIN(int argc, char **argv)
int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
int nodes=0,kludge=0,newhdr=0,subject=0;
char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
char *engine=NULL;
char *extensions = NULL;
char *req_exts = NULL;
EVP_CIPHER *cipher=NULL;
......@@ -196,6 +199,11 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
outformat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else if (strcmp(*argv,"-key") == 0)
{
if (--argc < 1) goto bad;
......@@ -383,6 +391,7 @@ bad:
BIO_printf(bio_err," -verify verify signature on REQ\n");
BIO_printf(bio_err," -modulus RSA modulus\n");
BIO_printf(bio_err," -nodes don't encrypt the output key\n");
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
BIO_printf(bio_err," -key file use the private key contained in file\n");
BIO_printf(bio_err," -keyform arg key file format\n");
BIO_printf(bio_err," -keyout arg file to send the key to\n");
......@@ -530,24 +539,55 @@ bad:
if ((in == NULL) || (out == NULL))
goto end;
if (keyfile != NULL)
if (engine != NULL)
{
if (BIO_read_filename(in,keyfile) <= 0)
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
perror(keyfile);
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
if (keyform == FORMAT_ASN1)
pkey=d2i_PrivateKey_bio(in,NULL);
else if (keyform == FORMAT_PEM)
if (keyfile != NULL)
{
if (keyform == FORMAT_ENGINE)
{
pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,passin);
if (!e)
{
BIO_printf(bio_err,"no engine specified\n");
goto end;
}
pkey = ENGINE_load_private_key(e, keyfile, NULL);
}
else
{
BIO_printf(bio_err,"bad input format specified for X509 request\n");
goto end;
if (BIO_read_filename(in,keyfile) <= 0)
{
perror(keyfile);
goto end;
}
if (keyform == FORMAT_ASN1)
pkey=d2i_PrivateKey_bio(in,NULL);
else if (keyform == FORMAT_PEM)
{
pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,
passin);
}
else
{
BIO_printf(bio_err,"bad input format specified for X509 request\n");
goto end;
}
}
if (pkey == NULL)
......
apps/rsa.c
浏览文件 @ 5270e702
......@@ -68,6 +68,7 @@
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#undef PROG
#define PROG rsa_main
......@@ -90,6 +91,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
int ret=1;
RSA *rsa=NULL;
int i,badops=0, sgckey=0;
......@@ -100,6 +102,7 @@ int MAIN(int argc, char **argv)
char *infile,*outfile,*prog;
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
char *engine=NULL;
int modulus=0;
apps_startup();
......@@ -148,6 +151,11 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
passargout= *(++argv);
}
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else if (strcmp(*argv,"-sgckey") == 0)
sgckey=1;
else if (strcmp(*argv,"-pubin") == 0)
......@@ -195,11 +203,30 @@ bad:
BIO_printf(bio_err," -check verify key consistency\n");
BIO_printf(bio_err," -pubin expect a public key in input file\n");
BIO_printf(bio_err," -pubout output a public key\n");
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
goto end;
}
ERR_load_crypto_strings();
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
......@@ -319,14 +346,14 @@ bad:
BIO_printf(out,"RSA key ok\n");
else if (r == 0)
{
long e;
long err;
while ((e = ERR_peek_error()) != 0 &&
ERR_GET_LIB(e) == ERR_LIB_RSA &&
ERR_GET_FUNC(e) == RSA_F_RSA_CHECK_KEY &&
ERR_GET_REASON(e) != ERR_R_MALLOC_FAILURE)
while ((err = ERR_peek_error()) != 0 &&
ERR_GET_LIB(err) == ERR_LIB_RSA &&
ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY &&
ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE)
{
BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(e));
BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(err));
ERR_get_error(); /* remove e from error stack */
}
}
......
apps/s_client.c
浏览文件 @ 5270e702
......@@ -79,6 +79,7 @@ typedef unsigned int u_int;
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#include "s_apps.h"
#ifdef WINDOWS
......@@ -152,6 +153,7 @@ static void sc_usage(void)
BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n");
BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'openssl ciphers'\n");
BIO_printf(bio_err," command to see what is available\n");
BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
}
......@@ -179,6 +181,8 @@ int MAIN(int argc, char **argv)
int prexit = 0;
SSL_METHOD *meth=NULL;
BIO *sbio;
char *engine_id=NULL;
ENGINE *e=NULL;
#ifdef WINDOWS
struct timeval tv;
#endif
......@@ -316,6 +320,11 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv,"-nbio") == 0)
{ c_nbio=1; }
#endif
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine_id = *(++argv);
}
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
......@@ -349,6 +358,30 @@ bad:
OpenSSL_add_ssl_algorithms();
SSL_load_error_strings();
if (engine_id != NULL)
{
if((e = ENGINE_by_id(engine_id)) == NULL)
{
BIO_printf(bio_err,"invalid engine\n");
ERR_print_errors(bio_err);
goto end;
}
if (c_debug)
{
ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
0, bio_err, 0);
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
ERR_print_errors(bio_err);
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine_id);
ENGINE_free(e);
}
ctx=SSL_CTX_new(meth);
if (ctx == NULL)
{
......
apps/s_server.c
浏览文件 @ 5270e702
......@@ -83,6 +83,7 @@ typedef unsigned int u_int;
#include <openssl/pem.h>
#include <openssl/x509.h>
#include <openssl/ssl.h>
#include <openssl/engine.h>
#include "s_apps.h"
#ifdef WINDOWS
......@@ -176,6 +177,7 @@ static int s_debug=0;
static int s_quiet=0;
static int hack=0;
static char *engine_id=NULL;
#ifdef MONOLITH
static void s_server_init(void)
......@@ -198,6 +200,7 @@ static void s_server_init(void)
s_debug=0;
s_quiet=0;
hack=0;
engine_id=NULL;
}
#endif
......@@ -242,6 +245,7 @@ static void sv_usage(void)
BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n");
BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n");
BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
}
static int local_argc=0;
......@@ -411,6 +415,7 @@ int MAIN(int argc, char *argv[])
int no_tmp_rsa=0,no_dhe=0,nocert=0;
int state=0;
SSL_METHOD *meth=NULL;
ENGINE *e=NULL;
#ifndef NO_DH
DH *dh=NULL;
#endif
......@@ -565,6 +570,11 @@ int MAIN(int argc, char *argv[])
else if (strcmp(*argv,"-tls1") == 0)
{ meth=TLSv1_server_method(); }
#endif
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine_id= *(++argv);
}
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
......@@ -609,6 +619,29 @@ bad:
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
if (engine_id != NULL)
{
if((e = ENGINE_by_id(engine_id)) == NULL)
{
BIO_printf(bio_err,"invalid engine\n");
ERR_print_errors(bio_err);
goto end;
}
if (s_debug)
{
ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
0, bio_err, 0);
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
ERR_print_errors(bio_err);
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine_id);
ENGINE_free(e);
}
ctx=SSL_CTX_new(meth);
if (ctx == NULL)
{
......
apps/smime.c
浏览文件 @ 5270e702
......@@ -64,6 +64,7 @@
#include <openssl/crypto.h>
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/engine.h>
#undef PROG
#define PROG smime_main
......@@ -81,6 +82,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
int operation = 0;
int ret = 0;
char **args;
......@@ -103,8 +105,9 @@ int MAIN(int argc, char **argv)
char *inrand = NULL;
int need_rand = 0;
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
args = argv + 1;
char *engine=NULL;
args = argv + 1;
ret = 1;
while (!badarg && *args && *args[0] == '-') {
......@@ -153,6 +156,11 @@ int MAIN(int argc, char **argv)
inrand = *args;
} else badarg = 1;
need_rand = 1;
} else if (!strcmp(*args,"-engine")) {
if (args[1]) {
args++;
engine = *args;
} else badarg = 1;
} else if (!strcmp(*args,"-passin")) {
if (args[1]) {
args++;
......@@ -290,6 +298,7 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-text include or delete text MIME headers\n");
BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n");
BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n");
......@@ -297,6 +306,24 @@ int MAIN(int argc, char **argv)
goto end;
}
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
......
apps/speed.c
浏览文件 @ 5270e702
......@@ -81,6 +81,7 @@
#include <openssl/crypto.h>
#include <openssl/rand.h>
#include <openssl/err.h>
#include <openssl/engine.h>
#if defined(__FreeBSD__)
# define USE_TOD
......@@ -310,6 +311,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e;
unsigned char *buf=NULL,*buf2=NULL;
int mret=1;
#define ALGOR_NUM 15
......@@ -470,6 +472,37 @@ int MAIN(int argc, char **argv)
{
if ((argc > 0) && (strcmp(*argv,"-elapsed") == 0))
usertime = 0;
else
if ((argc > 0) && (strcmp(*argv,"-engine") == 0))
{
argc--;
argv++;
if(argc == 0)
{
BIO_printf(bio_err,"no engine given\n");
goto end;
}
if((e = ENGINE_by_id(*argv)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
*argv);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", *argv);
/* Free our "structural" reference. */
ENGINE_free(e);
/* It will be increased again further down. We just
don't want speed to confuse an engine with an
algorithm, especially when none is given (which
means all of them should be run) */
j--;
}
else
#ifndef NO_MD2
if (strcmp(*argv,"md2") == 0) doit[D_MD2]=1;
else
......@@ -517,7 +550,7 @@ int MAIN(int argc, char **argv)
#ifdef RSAref
if (strcmp(*argv,"rsaref") == 0)
{
RSA_set_default_method(RSA_PKCS1_RSAref());
RSA_set_default_openssl_method(RSA_PKCS1_RSAref());
j--;
}
else
......@@ -525,7 +558,7 @@ int MAIN(int argc, char **argv)
#ifndef RSA_NULL
if (strcmp(*argv,"openssl") == 0)
{
RSA_set_default_method(RSA_PKCS1_SSLeay());
RSA_set_default_openssl_method(RSA_PKCS1_SSLeay());
j--;
}
else
......@@ -670,11 +703,12 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err,"\n");
#endif
#ifdef TIMES
BIO_printf(bio_err,"\n");
BIO_printf(bio_err,"Available options:\n");
#ifdef TIMES
BIO_printf(bio_err,"-elapsed measure time in real time instead of CPU user time.\n");
#endif
BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n");
goto end;
}
argc--;
......@@ -1379,6 +1413,7 @@ int MAIN(int argc, char **argv)
#endif
mret=0;
end:
ERR_print_errors(bio_err);
if (buf != NULL) OPENSSL_free(buf);
if (buf2 != NULL) OPENSSL_free(buf2);
#ifndef NO_RSA
......
apps/spkac.c
浏览文件 @ 5270e702
......@@ -69,6 +69,7 @@
#include <openssl/lhash.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#undef PROG
#define PROG spkac_main
......@@ -81,6 +82,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
int i,badops=0, ret = 1;
BIO *in = NULL,*out = NULL, *key = NULL;
int verify=0,noout=0,pubkey=0;
......@@ -91,6 +93,7 @@ int MAIN(int argc, char **argv)
LHASH *conf = NULL;
NETSCAPE_SPKI *spki = NULL;
EVP_PKEY *pkey = NULL;
char *engine=NULL;
apps_startup();
......@@ -136,6 +139,11 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
spksect= *(++argv);
}
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else if (strcmp(*argv,"-noout") == 0)
noout=1;
else if (strcmp(*argv,"-pubkey") == 0)
......@@ -161,6 +169,7 @@ bad:
BIO_printf(bio_err," -noout don't print SPKAC\n");
BIO_printf(bio_err," -pubkey output public key\n");
BIO_printf(bio_err," -verify verify SPKAC signature\n");
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
goto end;
}
......@@ -170,6 +179,24 @@ bad:
goto end;
}
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
if(keyfile) {
if(strcmp(keyfile, "-")) key = BIO_new_file(keyfile, "r");
else key = BIO_new_fp(stdin, BIO_NOCLOSE);
......
apps/verify.c
浏览文件 @ 5270e702
......@@ -65,6 +65,7 @@
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#undef PROG
#define PROG verify_main
......@@ -78,6 +79,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
int i,ret=1;
int purpose = -1;
char *CApath=NULL,*CAfile=NULL;
......@@ -85,6 +87,7 @@ int MAIN(int argc, char **argv)
STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
X509_STORE *cert_ctx=NULL;
X509_LOOKUP *lookup=NULL;
char *engine=NULL;
cert_ctx=X509_STORE_new();
if (cert_ctx == NULL) goto end;
......@@ -137,6 +140,11 @@ int MAIN(int argc, char **argv)
if (argc-- < 1) goto end;
trustfile= *(++argv);
}
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto end;
engine= *(++argv);
}
else if (strcmp(*argv,"-help") == 0)
goto end;
else if (strcmp(*argv,"-issuer_checks") == 0)
......@@ -154,6 +162,24 @@ int MAIN(int argc, char **argv)
break;
}
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
if (lookup == NULL) abort();
if (CAfile) {
......@@ -201,7 +227,7 @@ int MAIN(int argc, char **argv)
ret=0;
end:
if (ret == 1) {
BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] cert1 cert2 ...\n");
BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-engine e] cert1 cert2 ...\n");
BIO_printf(bio_err,"recognized usages:\n");
for(i = 0; i < X509_PURPOSE_get_count(); i++) {
X509_PURPOSE *ptmp;
......
apps/x509.c
浏览文件 @ 5270e702
......@@ -73,6 +73,7 @@
#include <openssl/x509v3.h>
#include <openssl/objects.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#undef PROG
#define PROG x509_main
......@@ -129,6 +130,7 @@ static char *x509_usage[]={
" -extensions - section from config file with X509V3 extensions to add\n",
" -clrext - delete extensions before signing and input certificate\n",
" -nameopt arg - various certificate name options\n",
" -engine e - use engine e, possibly a hardware device.\n",
" -certopt arg - various certificate text options\n",
NULL
};
......@@ -146,6 +148,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
int ret=1;
X509_REQ *req=NULL;
X509 *x=NULL,*xca=NULL;
......@@ -176,6 +179,7 @@ int MAIN(int argc, char **argv)
int need_rand = 0;
int checkend=0,checkoffset=0;
unsigned long nmflag = 0, certflag = 0;
char *engine=NULL;
reqfile=0;
......@@ -343,6 +347,11 @@ int MAIN(int argc, char **argv)
alias= *(++argv);
trustout = 1;
}
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else if (strcmp(*argv,"-C") == 0)
C= ++num;
else if (strcmp(*argv,"-email") == 0)
......@@ -426,6 +435,24 @@ bad:
goto end;
}
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
if (need_rand)
app_RAND_load_file(NULL, bio_err, 0);
......
config
浏览文件 @ 5270e702
......@@ -482,11 +482,17 @@ case "$GUESSOS" in
*) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
esac
# NB: This atalla support has been superceded by the ENGINE support
# That contains its own header and definitions anyway. Support can
# be enabled or disabled on any supported platform without external
# headers, eg. by adding the "hw-atalla" switch to ./config or
# perl Configure
#
# See whether we can compile Atalla support
if [ -f /usr/include/atasi.h ]
then
options="$options -DATALLA"
fi
#if [ -f /usr/include/atasi.h ]
#then
# options="$options -DATALLA"
#fi
# gcc < 2.8 does not support -mcpu=ultrasparc
if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ]
......
crypto/Makefile.ssl
浏览文件 @ 5270e702
......@@ -27,7 +27,7 @@ LIBS=
SDIRS= md2 md5 sha mdc2 hmac ripemd \
des rc2 rc4 rc5 idea bf cast \
bn rsa dsa dh dso \
bn rsa dsa dh dso engine \
buffer bio stack lhash rand err objects \
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp rijndael
......
crypto/bn/bn_exp.c
浏览文件 @ 5270e702
......@@ -113,13 +113,6 @@
#include <stdio.h>
#include "cryptlib.h"
#include "bn_lcl.h"
#ifdef ATALLA
# include <alloca.h>
# include <atasi.h>
# include <assert.h>
# include <dlfcn.h>
#endif
#define TABLE_SIZE 32
......@@ -183,174 +176,6 @@ err:
}
#ifdef ATALLA
/*
* This routine will dynamically check for the existance of an Atalla AXL-200
* SSL accelerator module. If one is found, the variable
* asi_accelerator_present is set to 1 and the function pointers
* ptr_ASI_xxxxxx above will be initialized to corresponding ASI API calls.
*/
typedef int tfnASI_GetPerformanceStatistics(int reset_flag,
unsigned int *ret_buf);
typedef int tfnASI_GetHardwareConfig(long card_num, unsigned int *ret_buf);
typedef int tfnASI_RSAPrivateKeyOpFn(RSAPrivateKey * rsaKey,
unsigned char *output,
unsigned char *input,
unsigned int modulus_len);
static tfnASI_GetHardwareConfig *ptr_ASI_GetHardwareConfig;
static tfnASI_RSAPrivateKeyOpFn *ptr_ASI_RSAPrivateKeyOpFn;
static tfnASI_GetPerformanceStatistics *ptr_ASI_GetPerformanceStatistics;
static int asi_accelerator_present;
static int tried_atalla;
void atalla_initialize_accelerator_handle(void)
{
void *dl_handle;
int status;
unsigned int config_buf[1024];
static int tested;
if(tested)
return;
tested=1;
bzero((void *)config_buf, 1024);
/*
* Check to see if the library is present on the system
*/
dl_handle = dlopen("atasi.so", RTLD_NOW);
if (dl_handle == (void *) NULL)
{
/* printf("atasi.so library is not present on the system\n");
printf("No HW acceleration available\n");*/
return;
}
/*
* The library is present. Now we'll check to insure that the
* LDM is up and running. First we'll get the address of the
* function in the atasi library that we need to see if the
* LDM is operating.
*/
ptr_ASI_GetHardwareConfig =
(tfnASI_GetHardwareConfig *)dlsym(dl_handle,"ASI_GetHardwareConfig");
if (ptr_ASI_GetHardwareConfig)
{
/*
* We found the call, now we'll get our config
* status. If we get a non 0 result, the LDM is not
* running and we cannot use the Atalla ASI *
* library.
*/
status = (*ptr_ASI_GetHardwareConfig)(0L, config_buf);
if (status != 0)
{
printf("atasi.so library is present but not initialized\n");
printf("No HW acceleration available\n");
return;
}
}
else
{
/* printf("We found the library, but not the function. Very Strange!\n");*/
return ;
}
/*
* It looks like we have acceleration capabilities. Load up the
* pointers to our ASI API calls.
*/
ptr_ASI_RSAPrivateKeyOpFn=
(tfnASI_RSAPrivateKeyOpFn *)dlsym(dl_handle, "ASI_RSAPrivateKeyOpFn");
if (ptr_ASI_RSAPrivateKeyOpFn == NULL)
{
/* printf("We found the library, but no RSA function. Very Strange!\n");*/
return;
}
ptr_ASI_GetPerformanceStatistics =
(tfnASI_GetPerformanceStatistics *)dlsym(dl_handle, "ASI_GetPerformanceStatistics");
if (ptr_ASI_GetPerformanceStatistics == NULL)
{
/* printf("We found the library, but no stat function. Very Strange!\n");*/
return;
}
/*
* Indicate that acceleration is available
*/
asi_accelerator_present = 1;
/* printf("This system has acceleration!\n");*/
return;
}
/* make sure this only gets called once when bn_mod_exp calls bn_mod_exp_mont */
int BN_mod_exp_atalla(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m)
{
unsigned char *abin;
unsigned char *pbin;
unsigned char *mbin;
unsigned char *rbin;
int an,pn,mn,ret;
RSAPrivateKey keydata;
atalla_initialize_accelerator_handle();
if(!asi_accelerator_present)
return 0;
/* We should be able to run without size testing */
# define ASIZE 128
an=BN_num_bytes(a);
pn=BN_num_bytes(p);
mn=BN_num_bytes(m);
if(an <= ASIZE && pn <= ASIZE && mn <= ASIZE)
{
int size=mn;
assert(an <= mn);
abin=alloca(size);
memset(abin,'\0',mn);
BN_bn2bin(a,abin+size-an);
pbin=alloca(pn);
BN_bn2bin(p,pbin);
mbin=alloca(size);
memset(mbin,'\0',mn);
BN_bn2bin(m,mbin+size-mn);
rbin=alloca(size);
memset(&keydata,'\0',sizeof keydata);
keydata.privateExponent.data=pbin;
keydata.privateExponent.len=pn;
keydata.modulus.data=mbin;
keydata.modulus.len=size;
ret=(*ptr_ASI_RSAPrivateKeyOpFn)(&keydata,rbin,abin,keydata.modulus.len);
/*fprintf(stderr,"!%s\n",BN_bn2hex(a));*/
if(!ret)
{
BN_bin2bn(rbin,keydata.modulus.len,r);
/*fprintf(stderr,"?%s\n",BN_bn2hex(r));*/
return 1;
}
}
return 0;
}
#endif /* def ATALLA */
int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
BN_CTX *ctx)
{
......@@ -360,13 +185,6 @@ int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
bn_check_top(p);
bn_check_top(m);
#ifdef ATALLA
if(BN_mod_exp_atalla(r,a,p,m))
return 1;
/* If it fails, try the other methods (but don't try atalla again) */
tried_atalla=1;
#endif
#ifdef MONT_MUL_MOD
/* I have finally been able to take out this pre-condition of
* the top bit being set. It was caused by an error in BN_div
......@@ -392,10 +210,6 @@ int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
{ ret=BN_mod_exp_simple(r,a,p,m,ctx); }
#endif
#ifdef ATALLA
tried_atalla=0;
#endif
return(ret);
}
......@@ -525,12 +339,6 @@ int BN_mod_exp_mont(BIGNUM *rr, BIGNUM *a, const BIGNUM *p,
bn_check_top(p);
bn_check_top(m);
#ifdef ATALLA
if(!tried_atalla && BN_mod_exp_atalla(rr,a,p,m))
return 1;
/* If it fails, try the other methods */
#endif
if (!(m->d[0] & 1))
{
BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
......@@ -693,19 +501,6 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
t = BN_CTX_get(ctx);
if (d == NULL || r == NULL || t == NULL) goto err;
#ifdef ATALLA
if (!tried_atalla)
{
BN_set_word(t, a);
if (BN_mod_exp_atalla(rr, t, p, m))
{
BN_CTX_end(ctx);
return 1;
}
}
/* If it fails, try the other methods */
#endif
if (in_mont != NULL)
mont=in_mont;
else
......
crypto/cryptlib.c
浏览文件 @ 5270e702
......@@ -100,7 +100,8 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] =
"debug_malloc2",
"dso",
"dynlock",
#if CRYPTO_NUM_LOCKS != 28
"engine",
#if CRYPTO_NUM_LOCKS != 29
# error "Inconsistency between crypto.h and cryptlib.c"
#endif
};
......
crypto/crypto-lib.com
浏览文件 @ 5270e702
......@@ -88,7 +88,7 @@ $! Define The Different Encryption Types.
$!
$ ENCRYPT_TYPES = "Basic,MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ -
"DES,RC2,RC4,RC5,IDEA,BF,CAST,"+ -
"BN,RSA,DSA,DH,DSO,"+ -
"BN,RSA,DSA,DH,DSO,ENGINE,RIJNDAEL,"+ -
"BUFFER,BIO,STACK,LHASH,RAND,ERR,OBJECTS,"+ -
"EVP,EVP_2,ASN1,ASN1_2,PEM,X509,X509V3,"+ -
"CONF,TXT_DB,PKCS7,PKCS12,COMP"
......@@ -206,6 +206,9 @@ $ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,dsa_err,dsa_ossl"
$ LIB_DH = "dh_gen,dh_key,dh_lib,dh_check,dh_err"
$ LIB_DSO = "dso_dl,dso_dlfcn,dso_err,dso_lib,dso_null,"+ -
"dso_openssl,dso_win32,dso_vms"
$ LIB_ENGINE = "engine_err,engine_lib,engine_list,engine_openssl,"+ -
"hw_atalla,hw_cswift,hw_ncipher"
$ LIB_RIJNDAEL = "rijndael-alg-fst"
$ LIB_BUFFER = "buffer,buf_err"
$ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ -
"bss_mem,bss_null,bss_fd,"+ -
......@@ -1194,7 +1197,9 @@ $ CC = "CC"
$ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
THEN CC = "CC/DECC"
$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
"/NOLIST/PREFIX=ALL/INCLUDE=SYS$DISK:[]" + CCEXTRAFLAGS
"/NOLIST/PREFIX=ALL" + -
"/INCLUDE=(SYS$DISK:[],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
CCEXTRAFLAGS
$!
$! Define The Linker Options File Name.
$!
......@@ -1226,7 +1231,8 @@ $ WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
$ EXIT
$ ENDIF
$ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST/INCLUDE=SYS$DISK:[]" + -
$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
"/INCLUDE=(SYS$DISK:[],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
CCEXTRAFLAGS
$ CCDEFS = """VAXC""," + CCDEFS
$!
......@@ -1258,7 +1264,8 @@ $!
$! Use GNU C...
$!
$ CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
"/INCLUDE=SYS$DISK:[]" + CCEXTRAFLAGS
"/INCLUDE=(SYS$DISK:[],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
CCEXTRAFLAGS
$!
$! Define The Linker Options File Name.
$!
......
crypto/crypto.h
浏览文件 @ 5270e702
......@@ -122,7 +122,8 @@ extern "C" {
#define CRYPTO_LOCK_MALLOC2 25
#define CRYPTO_LOCK_DSO 26
#define CRYPTO_LOCK_DYNLOCK 27
#define CRYPTO_NUM_LOCKS 28
#define CRYPTO_LOCK_ENGINE 28
#define CRYPTO_NUM_LOCKS 29
#define CRYPTO_LOCK 1
#define CRYPTO_UNLOCK 2
......
crypto/dh/Makefile.ssl
浏览文件 @ 5270e702
......@@ -101,19 +101,41 @@ dh_gen.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
dh_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
dh_gen.o: ../cryptlib.h
dh_key.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
dh_key.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
dh_key.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
dh_key.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
dh_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
dh_key.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
dh_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
dh_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
dh_key.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
dh_key.o: ../../include/openssl/engine.h ../../include/openssl/err.h
dh_key.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
dh_key.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
dh_key.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
dh_key.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
dh_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
dh_key.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
dh_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
dh_key.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
dh_key.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
dh_key.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
dh_key.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
dh_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
dh_key.o: ../../include/openssl/symhacks.h ../cryptlib.h
dh_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
dh_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
dh_lib.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
dh_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
dh_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
dh_lib.o: ../cryptlib.h
dh_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
dh_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
dh_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
dh_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
dh_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
dh_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
dh_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
dh_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
dh_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
dh_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
dh_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
dh_lib.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
dh_lib.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
dh_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
dh_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
dh_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h
crypto/dh/dh.h
浏览文件 @ 5270e702
......@@ -115,7 +115,11 @@ struct dh_st
int references;
CRYPTO_EX_DATA ex_data;
#if 0
DH_METHOD *meth;
#else
struct engine_st *engine;
#endif
};
#define DH_GENERATOR_2 2
......@@ -150,10 +154,15 @@ struct dh_st
DH_METHOD *DH_OpenSSL(void);
void DH_set_default_method(DH_METHOD *meth);
DH_METHOD *DH_get_default_method(void);
void DH_set_default_openssl_method(DH_METHOD *meth);
DH_METHOD *DH_get_default_openssl_method(void);
#if 0
DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth);
DH *DH_new_method(DH_METHOD *meth);
#else
int DH_set_method(DH *dh, struct engine_st *engine);
DH *DH_new_method(struct engine_st *engine);
#endif
DH * DH_new(void);
void DH_free(DH *dh);
......
crypto/dh/dh_key.c
浏览文件 @ 5270e702
......@@ -61,6 +61,7 @@
#include <openssl/bn.h>
#include <openssl/rand.h>
#include <openssl/dh.h>
#include <openssl/engine.h>
static int generate_key(DH *dh);
static int compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
......@@ -72,12 +73,12 @@ static int dh_finish(DH *dh);
int DH_generate_key(DH *dh)
{
return dh->meth->generate_key(dh);
return ENGINE_get_DH(dh->engine)->generate_key(dh);
}
int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh)
{
return dh->meth->compute_key(key, pub_key, dh);
return ENGINE_get_DH(dh->engine)->compute_key(key, pub_key, dh);
}
static DH_METHOD dh_ossl = {
......@@ -137,8 +138,9 @@ static int generate_key(DH *dh)
}
mont=(BN_MONT_CTX *)dh->method_mont_p;
if (!dh->meth->bn_mod_exp(dh, pub_key,dh->g,priv_key,dh->p,&ctx,mont))
goto err;
if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, pub_key, dh->g,
priv_key,dh->p,&ctx,mont))
goto err;
dh->pub_key=pub_key;
dh->priv_key=priv_key;
......@@ -177,7 +179,8 @@ static int compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh)
}
mont=(BN_MONT_CTX *)dh->method_mont_p;
if (!dh->meth->bn_mod_exp(dh, tmp,pub_key,dh->priv_key,dh->p,&ctx,mont))
if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, tmp, pub_key,
dh->priv_key,dh->p,&ctx,mont))
{
DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB);
goto err;
......
crypto/dh/dh_lib.c
浏览文件 @ 5270e702
......@@ -60,6 +60,7 @@
#include "cryptlib.h"
#include <openssl/bn.h>
#include <openssl/dh.h>
#include <openssl/engine.h>
const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
......@@ -67,17 +68,32 @@ static DH_METHOD *default_DH_method;
static int dh_meth_num = 0;
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dh_meth = NULL;
void DH_set_default_method(DH_METHOD *meth)
void DH_set_default_openssl_method(DH_METHOD *meth)
{
default_DH_method = meth;
ENGINE *e;
/* We'll need to notify the "openssl" ENGINE of this
* change too. We won't bother locking things down at
* our end as there was never any locking in these
* functions! */
if(default_DH_method != meth)
{
default_DH_method = meth;
e = ENGINE_by_id("openssl");
if(e)
{
ENGINE_set_DH(e, meth);
ENGINE_free(e);
}
}
}
DH_METHOD *DH_get_default_method(void)
DH_METHOD *DH_get_default_openssl_method(void)
{
if(!default_DH_method) default_DH_method = DH_OpenSSL();
return default_DH_method;
}
#if 0
DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth)
{
DH_METHOD *mtmp;
......@@ -87,14 +103,37 @@ DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth)
if (meth->init) meth->init(dh);
return mtmp;
}
#else
int DH_set_method(DH *dh, ENGINE *engine)
{
ENGINE *mtmp;
DH_METHOD *meth;
mtmp = dh->engine;
meth = ENGINE_get_DH(mtmp);
if (!ENGINE_init(engine))
return 0;
if (meth->finish) meth->finish(dh);
dh->engine= engine;
meth = ENGINE_get_DH(engine);
if (meth->init) meth->init(dh);
/* SHOULD ERROR CHECK THIS!!! */
ENGINE_finish(mtmp);
return 1;
}
#endif
DH *DH_new(void)
{
return DH_new_method(NULL);
}
#if 0
DH *DH_new_method(DH_METHOD *meth)
#else
DH *DH_new_method(ENGINE *engine)
#endif
{
DH_METHOD *meth;
DH *ret;
ret=(DH *)OPENSSL_malloc(sizeof(DH));
......@@ -103,8 +142,17 @@ DH *DH_new_method(DH_METHOD *meth)
DHerr(DH_F_DH_NEW,ERR_R_MALLOC_FAILURE);
return(NULL);
}
if(meth) ret->meth = meth;
else ret->meth = DH_get_default_method();
if(engine)
ret->engine = engine;
else
{
if((ret->engine=ENGINE_get_default_DH()) == NULL)
{
OPENSSL_free(ret);
return NULL;
}
}
meth = ENGINE_get_DH(ret->engine);
ret->pad=0;
ret->version=0;
ret->p=NULL;
......@@ -119,8 +167,8 @@ DH *DH_new_method(DH_METHOD *meth)
ret->counter = NULL;
ret->method_mont_p=NULL;
ret->references = 1;
ret->flags=ret->meth->flags;
if ((ret->meth->init != NULL) && !ret->meth->init(ret))
ret->flags=meth->flags;
if ((meth->init != NULL) && !meth->init(ret))
{
OPENSSL_free(ret);
ret=NULL;
......@@ -132,6 +180,7 @@ DH *DH_new_method(DH_METHOD *meth)
void DH_free(DH *r)
{
DH_METHOD *meth;
int i;
if(r == NULL) return;
i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH);
......@@ -149,7 +198,9 @@ void DH_free(DH *r)
CRYPTO_free_ex_data(dh_meth, r, &r->ex_data);
if(r->meth->finish) r->meth->finish(r);
meth = ENGINE_get_DH(r->engine);
if(meth->finish) meth->finish(r);
ENGINE_finish(r->engine);
if (r->p != NULL) BN_clear_free(r->p);
if (r->g != NULL) BN_clear_free(r->g);
......
crypto/dsa/Makefile.ssl
浏览文件 @ 5270e702
......@@ -116,39 +116,81 @@ dsa_key.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
dsa_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
dsa_key.o: ../../include/openssl/symhacks.h ../cryptlib.h
dsa_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
dsa_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
dsa_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
dsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
dsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
dsa_lib.o: ../cryptlib.h
dsa_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
dsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
dsa_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
dsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
dsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
dsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
dsa_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
dsa_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
dsa_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
dsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
dsa_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
dsa_lib.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
dsa_lib.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
dsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
dsa_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
dsa_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h
dsa_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
dsa_ossl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
dsa_ossl.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
dsa_ossl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
dsa_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
dsa_ossl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
dsa_ossl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
dsa_ossl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
dsa_ossl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
dsa_ossl.o: ../../include/openssl/engine.h ../../include/openssl/err.h
dsa_ossl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
dsa_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
dsa_ossl.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
dsa_ossl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
dsa_ossl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
dsa_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
dsa_ossl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
dsa_ossl.o: ../../include/openssl/rc5.h
dsa_ossl.o: ../../include/openssl/rijndael-alg-fst.h
dsa_ossl.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
dsa_ossl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
dsa_ossl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
dsa_ossl.o: ../../include/openssl/symhacks.h ../cryptlib.h
dsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
dsa_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
dsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
dsa_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
dsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
dsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
dsa_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
dsa_sign.o: ../../include/openssl/engine.h ../../include/openssl/err.h
dsa_sign.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
dsa_sign.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
dsa_sign.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
dsa_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
dsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
dsa_sign.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
dsa_sign.o: ../../include/openssl/rc5.h
dsa_sign.o: ../../include/openssl/rijndael-alg-fst.h
dsa_sign.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
dsa_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
dsa_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
dsa_sign.o: ../../include/openssl/symhacks.h ../cryptlib.h
dsa_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
dsa_vrf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
dsa_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
dsa_vrf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
dsa_vrf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
dsa_vrf.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
dsa_vrf.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
dsa_vrf.o: ../../include/openssl/des.h ../../include/openssl/dh.h
dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
dsa_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
dsa_vrf.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
dsa_vrf.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
dsa_vrf.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
dsa_vrf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
dsa_vrf.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
dsa_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
dsa_vrf.o: ../cryptlib.h
dsa_vrf.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
dsa_vrf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
dsa_vrf.o: ../../include/openssl/rijndael-alg-fst.h
dsa_vrf.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
dsa_vrf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
dsa_vrf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
dsa_vrf.o: ../../include/openssl/symhacks.h ../cryptlib.h
crypto/dsa/dsa.h
浏览文件 @ 5270e702
......@@ -133,7 +133,11 @@ struct dsa_st
char *method_mont_p;
int references;
CRYPTO_EX_DATA ex_data;
#if 0
DSA_METHOD *meth;
#else
struct engine_st *engine;
#endif
};
#define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \
......@@ -159,12 +163,20 @@ int DSA_do_verify(const unsigned char *dgst,int dgst_len,
DSA_METHOD *DSA_OpenSSL(void);
void DSA_set_default_method(DSA_METHOD *);
DSA_METHOD *DSA_get_default_method(void);
void DSA_set_default_openssl_method(DSA_METHOD *);
DSA_METHOD *DSA_get_default_openssl_method(void);
#if 0
DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *);
#else
int DSA_set_method(DSA *dsa, struct engine_st *engine);
#endif
DSA * DSA_new(void);
#if 0
DSA * DSA_new_method(DSA_METHOD *meth);
#else
DSA * DSA_new_method(struct engine_st *engine);
#endif
int DSA_size(DSA *);
/* next 4 return -1 on error */
int DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp);
......
crypto/dsa/dsa_lib.c
浏览文件 @ 5270e702
......@@ -63,6 +63,7 @@
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/asn1.h>
#include <openssl/engine.h>
const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT;
......@@ -70,12 +71,26 @@ static DSA_METHOD *default_DSA_method;
static int dsa_meth_num = 0;
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dsa_meth = NULL;
void DSA_set_default_method(DSA_METHOD *meth)
void DSA_set_default_openssl_method(DSA_METHOD *meth)
{
default_DSA_method = meth;
ENGINE *e;
/* We'll need to notify the "openssl" ENGINE of this
* change too. We won't bother locking things down at
* our end as there was never any locking in these
* functions! */
if(default_DSA_method != meth)
{
default_DSA_method = meth;
e = ENGINE_by_id("openssl");
if(e)
{
ENGINE_set_DSA(e, meth);
ENGINE_free(e);
}
}
}
DSA_METHOD *DSA_get_default_method(void)
DSA_METHOD *DSA_get_default_openssl_method(void)
{
if(!default_DSA_method) default_DSA_method = DSA_OpenSSL();
return default_DSA_method;
......@@ -86,6 +101,7 @@ DSA *DSA_new(void)
return DSA_new_method(NULL);
}
#if 0
DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth)
{
DSA_METHOD *mtmp;
......@@ -95,10 +111,33 @@ DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth)
if (meth->init) meth->init(dsa);
return mtmp;
}
#else
int DSA_set_method(DSA *dsa, ENGINE *engine)
{
ENGINE *mtmp;
DSA_METHOD *meth;
mtmp = dsa->engine;
meth = ENGINE_get_DSA(mtmp);
if (!ENGINE_init(engine))
return 0;
if (meth->finish) meth->finish(dsa);
dsa->engine = engine;
meth = ENGINE_get_DSA(engine);
if (meth->init) meth->init(dsa);
/* SHOULD ERROR CHECK THIS!!! */
ENGINE_finish(mtmp);
return 1;
}
#endif
#if 0
DSA *DSA_new_method(DSA_METHOD *meth)
#else
DSA *DSA_new_method(ENGINE *engine)
#endif
{
DSA_METHOD *meth;
DSA *ret;
ret=(DSA *)OPENSSL_malloc(sizeof(DSA));
......@@ -107,8 +146,17 @@ DSA *DSA_new_method(DSA_METHOD *meth)
DSAerr(DSA_F_DSA_NEW,ERR_R_MALLOC_FAILURE);
return(NULL);
}
if(meth) ret->meth = meth;
else ret->meth = DSA_get_default_method();
if(engine)
ret->engine = engine;
else
{
if((ret->engine=ENGINE_get_default_DSA()) == NULL)
{
OPENSSL_free(ret);
return NULL;
}
}
meth = ENGINE_get_DSA(ret->engine);
ret->pad=0;
ret->version=0;
ret->write_params=1;
......@@ -124,8 +172,8 @@ DSA *DSA_new_method(DSA_METHOD *meth)
ret->method_mont_p=NULL;
ret->references=1;
ret->flags=ret->meth->flags;
if ((ret->meth->init != NULL) && !ret->meth->init(ret))
ret->flags=meth->flags;
if ((meth->init != NULL) && !meth->init(ret))
{
OPENSSL_free(ret);
ret=NULL;
......@@ -138,6 +186,7 @@ DSA *DSA_new_method(DSA_METHOD *meth)
void DSA_free(DSA *r)
{
DSA_METHOD *meth;
int i;
if (r == NULL) return;
......@@ -157,7 +206,9 @@ void DSA_free(DSA *r)
CRYPTO_free_ex_data(dsa_meth, r, &r->ex_data);
if(r->meth->finish) r->meth->finish(r);
meth = ENGINE_get_DSA(r->engine);
if(meth->finish) meth->finish(r);
ENGINE_finish(r->engine);
if (r->p != NULL) BN_clear_free(r->p);
if (r->q != NULL) BN_clear_free(r->q);
......
crypto/dsa/dsa_ossl.c
浏览文件 @ 5270e702
......@@ -64,6 +64,7 @@
#include <openssl/dsa.h>
#include <openssl/rand.h>
#include <openssl/asn1.h>
#include <openssl/engine.h>
static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
......@@ -195,7 +196,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
}
/* Compute r = (g^k mod p) mod q */
if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
if (!ENGINE_get_DSA(dsa->engine)->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
(BN_MONT_CTX *)dsa->method_mont_p)) goto err;
if (!BN_mod(r,r,dsa->q,ctx)) goto err;
......@@ -273,7 +274,7 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err;
#else
{
if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
if (!ENGINE_get_DSA(dsa->engine)->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
dsa->p,ctx,mont)) goto err;
/* BN_copy(&u1,&t1); */
/* let u1 = u1 mod q */
......
crypto/dsa/dsa_sign.c
浏览文件 @ 5270e702
......@@ -64,10 +64,11 @@
#include <openssl/dsa.h>
#include <openssl/rand.h>
#include <openssl/asn1.h>
#include <openssl/engine.h>
DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
{
return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
return ENGINE_get_DSA(dsa->engine)->dsa_do_sign(dgst, dlen, dsa);
}
int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
......@@ -87,6 +88,6 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
{
return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
return ENGINE_get_DSA(dsa->engine)->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
}
crypto/dsa/dsa_vrf.c
浏览文件 @ 5270e702
......@@ -65,11 +65,12 @@
#include <openssl/rand.h>
#include <openssl/asn1.h>
#include <openssl/asn1_mac.h>
#include <openssl/engine.h>
int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
DSA *dsa)
{
return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
return ENGINE_get_DSA(dsa->engine)->dsa_do_verify(dgst, dgst_len, sig, dsa);
}
/* data has already been hashed (probably with SHA or SHA-1). */
......
crypto/engine/Makefile.ssl 0 → 100644
浏览文件 @ 5270e702
#
# OpenSSL/crypto/engine/Makefile
#
DIR= engine
TOP= ../..
CC= cc
INCLUDES= -I.. -I../../include
CFLAG=-g
INSTALL_PREFIX=
OPENSSLDIR= /usr/local/ssl
INSTALLTOP=/usr/local/ssl
MAKE= make -f Makefile.ssl
MAKEDEPEND= $(TOP)/util/domd $(TOP)
MAKEFILE= Makefile.ssl
AR= ar r
CFLAGS= $(INCLUDES) $(CFLAG)
GENERAL=Makefile
TEST= enginetest.c
APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC= engine_err.c engine_lib.c engine_list.c engine_openssl.c \
hw_atalla.c hw_cswift.c hw_ncipher.c hw_nuron.c
LIBOBJ= engine_err.o engine_lib.o engine_list.o engine_openssl.o \
hw_atalla.o hw_cswift.o hw_ncipher.o hw_nuron.o
SRC= $(LIBSRC)
EXHEADER= engine.h
HEADER= $(EXHEADER)
ALL= $(GENERAL) $(SRC) $(HEADER)
top:
(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
@touch lib
files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
@$(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
install:
@for i in $(EXHEADER) ; \
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
tags:
ctags $(SRC)
tests:
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
mv -f Makefile.new $(MAKEFILE)
clean:
rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
# DO NOT DELETE THIS LINE -- make depend depends on it.
engine_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
engine_err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
engine_err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
engine_err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
engine_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
engine_err.o: ../../include/openssl/engine.h ../../include/openssl/err.h
engine_err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
engine_err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
engine_err.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
engine_err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
engine_err.o: ../../include/openssl/objects.h
engine_err.o: ../../include/openssl/opensslconf.h
engine_err.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
engine_err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
engine_err.o: ../../include/openssl/rc5.h
engine_err.o: ../../include/openssl/rijndael-alg-fst.h
engine_err.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
engine_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
engine_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
engine_err.o: ../../include/openssl/symhacks.h
engine_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
engine_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
engine_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
engine_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
engine_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
engine_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
engine_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
engine_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
engine_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
engine_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
engine_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
engine_lib.o: ../../include/openssl/objects.h
engine_lib.o: ../../include/openssl/opensslconf.h
engine_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
engine_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
engine_lib.o: ../../include/openssl/rc5.h
engine_lib.o: ../../include/openssl/rijndael-alg-fst.h
engine_lib.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
engine_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
engine_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
engine_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
engine_list.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
engine_list.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
engine_list.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
engine_list.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
engine_list.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
engine_list.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
engine_list.o: ../../include/openssl/engine.h ../../include/openssl/err.h
engine_list.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
engine_list.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
engine_list.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
engine_list.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
engine_list.o: ../../include/openssl/objects.h
engine_list.o: ../../include/openssl/opensslconf.h
engine_list.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
engine_list.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
engine_list.o: ../../include/openssl/rc5.h
engine_list.o: ../../include/openssl/rijndael-alg-fst.h
engine_list.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
engine_list.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
engine_list.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
engine_list.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
engine_openssl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
engine_openssl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
engine_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
engine_openssl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
engine_openssl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
engine_openssl.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h
engine_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
engine_openssl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
engine_openssl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
engine_openssl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
engine_openssl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
engine_openssl.o: ../../include/openssl/obj_mac.h
engine_openssl.o: ../../include/openssl/objects.h
engine_openssl.o: ../../include/openssl/opensslconf.h
engine_openssl.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
engine_openssl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
engine_openssl.o: ../../include/openssl/rc5.h
engine_openssl.o: ../../include/openssl/rijndael-alg-fst.h
engine_openssl.o: ../../include/openssl/rijndael.h
engine_openssl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
engine_openssl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
engine_openssl.o: ../../include/openssl/stack.h
engine_openssl.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
hw_atalla.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
hw_atalla.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
hw_atalla.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
hw_atalla.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
hw_atalla.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
hw_atalla.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h
hw_atalla.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
hw_atalla.o: ../../include/openssl/err.h ../../include/openssl/evp.h
hw_atalla.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
hw_atalla.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
hw_atalla.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
hw_atalla.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
hw_atalla.o: ../../include/openssl/opensslconf.h
hw_atalla.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
hw_atalla.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
hw_atalla.o: ../../include/openssl/rc5.h
hw_atalla.o: ../../include/openssl/rijndael-alg-fst.h
hw_atalla.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
hw_atalla.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
hw_atalla.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
hw_atalla.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
hw_atalla.o: vendor_defns/atalla.h
hw_cswift.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
hw_cswift.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
hw_cswift.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
hw_cswift.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
hw_cswift.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
hw_cswift.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h
hw_cswift.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
hw_cswift.o: ../../include/openssl/err.h ../../include/openssl/evp.h
hw_cswift.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
hw_cswift.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
hw_cswift.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
hw_cswift.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
hw_cswift.o: ../../include/openssl/opensslconf.h
hw_cswift.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
hw_cswift.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
hw_cswift.o: ../../include/openssl/rc5.h
hw_cswift.o: ../../include/openssl/rijndael-alg-fst.h
hw_cswift.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
hw_cswift.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
hw_cswift.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
hw_cswift.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
hw_cswift.o: vendor_defns/cswift.h
hw_ncipher.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
hw_ncipher.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
hw_ncipher.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
hw_ncipher.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
hw_ncipher.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
hw_ncipher.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h
hw_ncipher.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
hw_ncipher.o: ../../include/openssl/err.h ../../include/openssl/evp.h
hw_ncipher.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
hw_ncipher.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
hw_ncipher.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
hw_ncipher.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
hw_ncipher.o: ../../include/openssl/opensslconf.h
hw_ncipher.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
hw_ncipher.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
hw_ncipher.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
hw_ncipher.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
hw_ncipher.o: ../../include/openssl/rijndael-alg-fst.h
hw_ncipher.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
hw_ncipher.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
hw_ncipher.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
hw_ncipher.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
hw_ncipher.o: ../../include/openssl/x509_vfy.h ../cryptlib.h engine_int.h
hw_ncipher.o: vendor_defns/hwcryptohook.h
hw_nuron.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
hw_nuron.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
hw_nuron.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
hw_nuron.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
hw_nuron.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
hw_nuron.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h
hw_nuron.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
hw_nuron.o: ../../include/openssl/err.h ../../include/openssl/evp.h
hw_nuron.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
hw_nuron.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
hw_nuron.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
hw_nuron.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
hw_nuron.o: ../../include/openssl/opensslconf.h
hw_nuron.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
hw_nuron.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
hw_nuron.o: ../../include/openssl/rc5.h
hw_nuron.o: ../../include/openssl/rijndael-alg-fst.h
hw_nuron.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
hw_nuron.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
hw_nuron.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
hw_nuron.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
crypto/engine/README 0 → 100644
浏览文件 @ 5270e702
NOTES, THOUGHTS, and EVERYTHING
-------------------------------
(1) Concurrency and locking ... I made a change to the ENGINE_free code
because I spotted a potential hold-up in proceedings (doing too
much inside a lock including calling a callback), there may be
other bits like this. What do the speed/optimisation freaks think
of this aspect of the code and design? There's lots of locking for
manipulation functions and I need that to keep things nice and
solid, but this manipulation is mostly (de)initialisation, I would
think that most run-time locking is purely in the ENGINE_init and
ENGINE_finish calls that might be made when getting handles for
RSA (and friends') structures. These would be mostly reference
count operations as the functional references should always be 1
or greater at run-time to prevent init/deinit thrashing.
(2) nCipher support, via the HWCryptoHook API, is now in the code.
Apparently this hasn't been tested too much yet, but it looks
good. :-) Atalla support has been added too, but shares a lot in
common with Ben's original hooks in bn_exp.c (although it has been
ENGINE-ified, and error handling wrapped around it) and it's also
had some low-volume testing, so it should be usable.
(3) Of more concern, we need to work out (a) how to put together usable
RAND_METHODs for units that just have one "get n or less random
bytes" function, (b) we also need to determine how to hook the code
in crypto/rand/ to use the ENGINE defaults in a way similar to what
has been done in crypto/rsa/, crypto/dsa/, etc.
(4) ENGINE should really grow to encompass more than 3 public key
algorithms and randomness gathering. The structure/data level of
the engine code is hidden from code outside the crypto/engine/
directory so change shouldn't be too viral. More important though
is how things should evolve ... this needs thought and discussion.
-----------------------------------==*==-----------------------------------
More notes 2000-08-01
---------------------
Geoff Thorpe, who designed the engine part, wrote a pretty good description
of the thoughts he had when he built it, good enough to include verbatim here
(with his permission) -- Richard Levitte
Date: Tue, 1 Aug 2000 16:54:08 +0100 (BST)
From: Geoff Thorpe
Subject: Re: The thoughts to merge BRANCH_engine into the main trunk are
emerging
Hi there,
I'm going to try and do some justice to this, but I'm a little short on
time and the there is an endless amount that could be discussed on this
subject. sigh ... please bear with me :-)
> The changes in BRANCH_engine dig deep into the core of OpenSSL, for example
> into the RSA and RAND routines, adding a level of indirection which is needed
> to keep the abstraction, as far as I understand. It would be a good thing if
> those who do play with those things took a look at the changes that have been
> done in the branch and say out loud how much (or hopefully little) we've made
> fools of ourselves.
The point here is that the code that has emerged in the BRANCH_engine
branch was based on some initial requirements of mine that I went in and
addressed, and Richard has picked up the ball and run with it too. It
would be really useful to get some review of the approach we've taken, but
first I think I need to describe as best I can the reasons behind what has
been done so far, in particular what issues we have tried to address when
doing this, and what issues we have intentionally (or necessarily) tried
to avoid.
methods, engines, and evps
--------------------------
There has been some dicussion, particularly with Steve, about where this
ENGINE stuff might fit into the conceptual picture as/when we start to
abstract algorithms a little bit to make the library more extensible. In
particular, it would desirable to have algorithms (symmetric, hash, pkc,
etc) abstracted in some way that allows them to be just objects sitting in
a list (or database) ... it'll just happen that the "DSA" object doesn't
support encryption whereas the "RSA" object does. This requires a lot of
consideration to begin to know how to tackle it; in particular how
encapsulated should these things be? If the objects also understand their
own ASN1 encodings and what-not, then it would for example be possible to
add support for elliptic-curve DSA in as a new algorithm and automatically
have ECC-DSA certificates supported in SSL applications. Possible, but not
easy. :-)
Whatever, it seems that the way to go (if I've grok'd Steve's comments on
this in the past) is to amalgamate these things in EVP as is already done
(I think) for ciphers or hashes (Steve, please correct/elaborate). I
certainly think something should be done in this direction because right
now we have different source directories, types, functions, and methods
for each algorithm - even when conceptually they are very much different
feathers of the same bird. (This is certainly all true for the public-key
stuff, and may be partially true for the other parts.)
ENGINE was *not* conceived as a way of solving this, far from it. Nor was
it conceived as a way of replacing the various "***_METHOD"s. It was
conceived as an abstraction of a sort of "virtual crypto device". If we
lived in a world where "EVP_ALGO"s (or something like them) encapsulated
particular algorithms like RSA,DSA,MD5,RC4,etc, and "***_METHOD"s
encapsulated interfaces to algorithms (eg. some algo's might support a
PKC_METHOD, a HASH_METHOD, or a CIPHER_METHOD, who knows?), then I would
think that ENGINE would encapsulate an implementation of arbitrarily many
of those algorithms - perhaps as alternatives to existing algorithms
and/or perhaps as new previously unimplemented algorithms. An ENGINE could
be used to contain an alternative software implementation, a wrapper for a
hardware acceleration and/or key-management unit, a comms-wrapper for
distributing cryptographic operations to remote machines, or any other
"devices" your imagination can dream up.
However, what has been done in the ENGINE branch so far is nothing more
than starting to get our toes wet. I had a couple of self-imposed
requirements when putting the initial abstraction together, and I may have
already posed these in one form or another on the list, but briefly;
(i) only bother with public key algorithms for now, and maybe RAND too
(motivated by the need to get hardware support going and the fact
this was a comparitively easy subset to address to begin with).
(ii) don't change (if at all possible) the existing crypto code, ie. the
implementations, the way the ***_METHODs work, etc.
(iii) ensure that if no function from the ENGINE code is ever called then
things work the way they always did, and there is no memory
allocation (otherwise the failure to cleanup would be a problem -
this is part of the reason no STACKs were used, the other part of
the reason being I found them inappropriate).
(iv) ensure that all the built-in crypto was encapsulated by one of
these "ENGINE"s and that this engine was automatically selected as
the default.
(v) provide the minimum hooking possible in the existing crypto code
so that global functions (eg. RSA_public_encrypt) do not need any
extra parameter, yet will use whatever the current default ENGINE
for that RSA key is, and that the default can be set "per-key"
and globally (new keys will assume the global default, and keys
without their own default will be operated on using the global
default). NB: Try and make (v) conflict as little as possible with
(ii). :-)
(vi) wrap the ENGINE code up in duct tape so you can't even see the
corners. Ie. expose no structures at all, just black-box pointers.
(v) maintain internally a list of ENGINEs on which a calling
application can iterate, interrogate, etc. Allow a calling
application to hook in new ENGINEs, remove ENGINEs from the list,
and enforce uniqueness within the global list of each ENGINE's
"unique id".
(vi) keep reference counts for everything - eg. this includes storing a
reference inside each RSA structure to the ENGINE that it uses.
This is freed when the RSA structure is destroyed, or has its
ENGINE explicitly changed. The net effect needs to be that at any
time, it is deterministic to know whether an ENGINE is in use or
can be safely removed (or unloaded in the case of the other type
of reference) without invalidating function pointers that may or
may not be used indavertently in the future. This was actually
one of the biggest problems to overcome in the existing OpenSSL
code - implementations had always been assumed to be ever-present,
so there was no trivial way to get round this.
(vii) distinguish between structural references and functional
references.
A *little* detail
-----------------
While my mind is on it; I'll illustrate the bit in item (vii). This idea
turned out to be very handy - the ENGINEs themselves need to be operated
on and manipulated simply as objects without necessarily trying to
"enable" them for use. Eg. most host machines will not have the necessary
hardware or software to support all the engines one might compile into
OpenSSL, yet it needs to be possible to iterate across the ENGINEs,
querying their names, properties, etc - all happening in a thread-safe
manner that uses reference counts (if you imagine two threads iterating
through a list and one thread removing the ENGINE the other is currently
looking at - you can see the gotcha waiting to happen). For all of this,
*structural references* are used and operate much like the other reference
counts in OpenSSL.
The other kind of reference count is for *functional* references - these
indicate a reference on which the caller can actually assume the
particular ENGINE to be initialised and usable to perform the operations
it implements. Any increment or decrement of the functional reference
count automatically invokes a corresponding change in the structural
reference count, as it is fairly obvious that a functional reference is a
restricted case of a structural reference. So struct_ref >= funct_ref at
all times. NB: functional references are usually obtained by a call to
ENGINE_init(), but can also be created implicitly by calls that require a
new functional reference to be created, eg. ENGINE_set_default(). Either
way the only time the underlying ENGINE's "init" function is really called
is when the (functional) reference count increases to 1, similarly the
underlying "finish" handler is only called as the count goes down to 0.
The effect of this, for example, is that if you set the default ENGINE for
RSA operations to be "cswift", then its functional reference count will
already be at least 1 so the CryptoSwift shared-library and the card will
stay loaded and initialised until such time as all RSA keys using the
cswift ENGINE are changed or destroyed and the default ENGINE for RSA
operations has been changed. This prevents repeated thrashing of init and
finish handling if the count keeps getting down as far as zero.
Otherwise, the way the ENGINE code has been put together I think pretty
much reflects the above points. The reason for the ENGINE structure having
individual RSA_METHOD, DSA_METHOD, etc pointers is simply that it was the
easiest way to go about things for now, to hook it all into the raw
RSA,DSA,etc code, and I was trying to the keep the structure invisible
anyway so that the way this is internally managed could be easily changed
later on when we start to work out what's to be done about these other
abstractions.
Down the line, if some EVP-based technique emerges for adequately
encapsulating algorithms and all their various bits and pieces, then I can
imagine that "ENGINE" would turn into a reference-counting database of
these EVP things, of which the default "openssl" ENGINE would be the
library's own object database of pre-built software implemented algorithms
(and such). It would also be cool to see the idea of "METHOD"s detached
from the algorithms themselves ... so RSA, DSA, ElGamal, etc can all
expose essentially the same METHOD (aka interface), which would include
any querying/flagging stuff to identify what the algorithm can/can't do,
its name, and other stuff like max/min block sizes, key sizes, etc. This
would result in ENGINE similarly detaching its internal database of
algorithm implementations from the function definitions that return
interfaces to them. I think ...
As for DSOs etc. Well the DSO code is pretty handy (but could be made much
more so) for loading vendor's driver-libraries and talking to them in some
generic way, but right now there's still big problems associated with
actually putting OpenSSL code (ie. new ENGINEs, or anything else for that
matter) in dynamically loadable libraries. These problems won't go away in
a hurry so I don't think we should expect to have any kind of
shared-library extensions any time soon - but solving the problems is a
good thing to aim for, and would as a side-effect probably help make
OpenSSL more usable as a shared-library itself (looking at the things
needed to do this will show you why).
One of the problems is that if you look at any of the ENGINE
implementations, eg. hw_cswift.c or hw_ncipher.c, you'll see how it needs
a variety of functionality and definitions from various areas of OpenSSL,
including crypto/bn/, crypto/err/, crypto/ itself (locking for example),
crypto/dso/, crypto/engine/, crypto/rsa, etc etc etc. So if similar code
were to be suctioned off into shared libraries, the shared libraries would
either have to duplicate all the definitions and code and avoid loader
conflicts, or OpenSSL would have to somehow expose all that functionality
to the shared-library. If this isn't a big enough problem, the issue of
binary compatibility will be - anyone writing Apache modules can tell you
that (Ralf? Ben? :-). However, I don't think OpenSSL would need to be
quite so forgiving as Apache should be, so OpenSSL could simply tell its
version to the DSO and leave the DSO with the problem of deciding whether
to proceed or bail out for fear of binary incompatibilities.
Certainly one thing that would go a long way to addressing this is to
embark on a bit of an opaqueness mission. I've set the ENGINE code up with
this in mind - it's so draconian that even to declare your own ENGINE, you
have to get the engine code to create the underlying ENGINE structure, and
then feed in the new ENGINE's function/method pointers through various
"set" functions. The more of the code that takes on such a black-box
approach, the more of the code that will be (a) easy to expose to shared
libraries that need it, and (b) easy to expose to applications wanting to
use OpenSSL itself as a shared-library. From my own explorations in
OpenSSL, the biggest leviathan I've seen that is a problem in this respect
is the BIGNUM code. Trying to "expose" the bignum code through any kind of
organised "METHODs", let alone do all the necessary bignum operations
solely through functions rather than direct access to the structures and
macros, will be a massive pain in the "r"s.
Anyway, I'm done for now - hope it was readable. Thoughts?
Cheers,
Geoff
-----------------------------------==*==-----------------------------------
crypto/engine/engine.h 0 → 100644
浏览文件 @ 5270e702
/* openssl/engine.h */
/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
* project 2000.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef HEADER_ENGINE_H
#define HEADER_ENGINE_H
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/dsa.h>
#include <openssl/dh.h>
#include <openssl/rand.h>
#include <openssl/evp.h>
#include <openssl/symhacks.h>
#ifdef __cplusplus
extern "C" {
#endif
/* These flags are used to control combinations of algorithm (methods)
* by bitwise "OR"ing. */
#define ENGINE_METHOD_RSA (unsigned int)0x0001
#define ENGINE_METHOD_DSA (unsigned int)0x0002
#define ENGINE_METHOD_DH (unsigned int)0x0004
#define ENGINE_METHOD_RAND (unsigned int)0x0008
#define ENGINE_METHOD_BN_MOD_EXP (unsigned int)0x0010
#define ENGINE_METHOD_BN_MOD_EXP_CRT (unsigned int)0x0020
/* Obvious all-or-nothing cases. */
#define ENGINE_METHOD_ALL (unsigned int)0xFFFF
#define ENGINE_METHOD_NONE (unsigned int)0x0000
/* These flags are used to tell the ctrl function what should be done.
* All command numbers are shared between all engines, even if some don't
* make sense to some engines. In such a case, they do nothing but return
* the error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. */
#define ENGINE_CTRL_SET_LOGSTREAM 1
#define ENGINE_CTRL_SET_PASSWORD_CALLBACK 2
/* Flags specific to the nCipher "chil" engine */
#define ENGINE_CTRL_CHIL_SET_FORKCHECK 100
/* Depending on the value of the (long)i argument, this sets or
* unsets the SimpleForkCheck flag in the CHIL API to enable or
* disable checking and workarounds for applications that fork().
*/
#define ENGINE_CTRL_CHIL_NO_LOCKING 101
/* This prevents the initialisation function from providing mutex
* callbacks to the nCipher library. */
/* As we're missing a BIGNUM_METHOD, we need a couple of locally
* defined function types that engines can implement. */
#ifndef HEADER_ENGINE_INT_H
/* mod_exp operation, calculates; r = a ^ p mod m
* NB: ctx can be NULL, but if supplied, the implementation may use
* it if it wishes. */
typedef int (*BN_MOD_EXP)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx);
/* private key operation for RSA, provided seperately in case other
* RSA implementations wish to use it. */
typedef int (*BN_MOD_EXP_CRT)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
const BIGNUM *iqmp, BN_CTX *ctx);
/* Generic function pointer */
typedef void (*ENGINE_GEN_FUNC_PTR)();
/* Generic function pointer taking no arguments */
typedef void (*ENGINE_GEN_INT_FUNC_PTR)(void);
/* Specific control function pointer */
typedef int (*ENGINE_CTRL_FUNC_PTR)(int cmd, long i, void *p, void (*f)());
/* The list of "engine" types is a static array of (const ENGINE*)
* pointers (not dynamic because static is fine for now and we otherwise
* have to hook an appropriate load/unload function in to initialise and
* cleanup). */
typedef struct engine_st ENGINE;
#endif
/* STRUCTURE functions ... all of these functions deal with pointers to
* ENGINE structures where the pointers have a "structural reference".
* This means that their reference is to allow access to the structure
* but it does not imply that the structure is functional. To simply
* increment or decrement the structural reference count, use ENGINE_new
* and ENGINE_free. NB: This is not required when iterating using
* ENGINE_get_next as it will automatically decrement the structural
* reference count of the "current" ENGINE and increment the structural
* reference count of the ENGINE it returns (unless it is NULL). */
/* Get the first/last "ENGINE" type available. */
ENGINE *ENGINE_get_first(void);
ENGINE *ENGINE_get_last(void);
/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
ENGINE *ENGINE_get_next(ENGINE *e);
ENGINE *ENGINE_get_prev(ENGINE *e);
/* Add another "ENGINE" type into the array. */
int ENGINE_add(ENGINE *e);
/* Remove an existing "ENGINE" type from the array. */
int ENGINE_remove(ENGINE *e);
/* Retrieve an engine from the list by its unique "id" value. */
ENGINE *ENGINE_by_id(const char *id);
/* These functions are useful for manufacturing new ENGINE
* structures. They don't address reference counting at all -
* one uses them to populate an ENGINE structure with personalised
* implementations of things prior to using it directly or adding
* it to the builtin ENGINE list in OpenSSL. These are also here
* so that the ENGINE structure doesn't have to be exposed and
* break binary compatibility!
*
* NB: I'm changing ENGINE_new to force the ENGINE structure to
* be allocated from within OpenSSL. See the comment for
* ENGINE_get_struct_size().
*/
#if 0
ENGINE *ENGINE_new(ENGINE *e);
#else
ENGINE *ENGINE_new(void);
#endif
int ENGINE_free(ENGINE *e);
int ENGINE_set_id(ENGINE *e, const char *id);
int ENGINE_set_name(ENGINE *e, const char *name);
int ENGINE_set_RSA(ENGINE *e, RSA_METHOD *rsa_meth);
int ENGINE_set_DSA(ENGINE *e, DSA_METHOD *dsa_meth);
int ENGINE_set_DH(ENGINE *e, DH_METHOD *dh_meth);
int ENGINE_set_RAND(ENGINE *e, RAND_METHOD *rand_meth);
int ENGINE_set_BN_mod_exp(ENGINE *e, BN_MOD_EXP bn_mod_exp);
int ENGINE_set_BN_mod_exp_crt(ENGINE *e, BN_MOD_EXP_CRT bn_mod_exp_crt);
int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
/* These return values from within the ENGINE structure. These can
* be useful with functional references as well as structural
* references - it depends which you obtained. Using the result
* for functional purposes if you only obtained a structural
* reference may be problematic! */
const char *ENGINE_get_id(ENGINE *e);
const char *ENGINE_get_name(ENGINE *e);
RSA_METHOD *ENGINE_get_RSA(ENGINE *e);
DSA_METHOD *ENGINE_get_DSA(ENGINE *e);
DH_METHOD *ENGINE_get_DH(ENGINE *e);
RAND_METHOD *ENGINE_get_RAND(ENGINE *e);
BN_MOD_EXP ENGINE_get_BN_mod_exp(ENGINE *e);
BN_MOD_EXP_CRT ENGINE_get_BN_mod_exp_crt(ENGINE *e);
ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(ENGINE *e);
ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(ENGINE *e);
ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(ENGINE *e);
/* ENGINE_new is normally passed a NULL in the first parameter because
* the calling code doesn't have access to the definition of the ENGINE
* structure (for good reason). However, if the caller wishes to use
* its own memory allocation or use a static array, the following call
* should be used to check the amount of memory the ENGINE structure
* will occupy. This will make the code more future-proof.
*
* NB: I'm "#if 0"-ing this out because it's better to force the use of
* internally allocated memory. See similar change in ENGINE_new().
*/
#if 0
int ENGINE_get_struct_size(void);
#endif
/* FUNCTIONAL functions. These functions deal with ENGINE structures
* that have (or will) be initialised for use. Broadly speaking, the
* structural functions are useful for iterating the list of available
* engine types, creating new engine types, and other "list" operations.
* These functions actually deal with ENGINEs that are to be used. As
* such these functions can fail (if applicable) when particular
* engines are unavailable - eg. if a hardware accelerator is not
* attached or not functioning correctly. Each ENGINE has 2 reference
* counts; structural and functional. Every time a functional reference
* is obtained or released, a corresponding structural reference is
* automatically obtained or released too. */
/* Initialise a engine type for use (or up its reference count if it's
* already in use). This will fail if the engine is not currently
* operational and cannot initialise. */
int ENGINE_init(ENGINE *e);
/* Free a functional reference to a engine type. This does not require
* a corresponding call to ENGINE_free as it also releases a structural
* reference. */
int ENGINE_finish(ENGINE *e);
/* Send control parametrised commands to the engine. The possibilities
* to send down an integer, a pointer to data or a function pointer are
* provided. Any of the parameters may or may not be NULL, depending
* on the command number */
/* WARNING: This is currently experimental and may change radically! */
int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
/* The following functions handle keys that are stored in some secondary
* location, handled by the engine. The storage may be on a card or
* whatever. */
EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
const char *passphrase);
EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
const char *passphrase);
/* This returns a pointer for the current ENGINE structure that
* is (by default) performing any RSA operations. The value returned
* is an incremented reference, so it should be free'd (ENGINE_finish)
* before it is discarded. */
ENGINE *ENGINE_get_default_RSA(void);
/* Same for the other "methods" */
ENGINE *ENGINE_get_default_DSA(void);
ENGINE *ENGINE_get_default_DH(void);
ENGINE *ENGINE_get_default_RAND(void);
ENGINE *ENGINE_get_default_BN_mod_exp(void);
ENGINE *ENGINE_get_default_BN_mod_exp_crt(void);
/* This sets a new default ENGINE structure for performing RSA
* operations. If the result is non-zero (success) then the ENGINE
* structure will have had its reference count up'd so the caller
* should still free their own reference 'e'. */
int ENGINE_set_default_RSA(ENGINE *e);
/* Same for the other "methods" */
int ENGINE_set_default_DSA(ENGINE *e);
int ENGINE_set_default_DH(ENGINE *e);
int ENGINE_set_default_RAND(ENGINE *e);
int ENGINE_set_default_BN_mod_exp(ENGINE *e);
int ENGINE_set_default_BN_mod_exp_crt(ENGINE *e);
/* The combination "set" - the flags are bitwise "OR"d from the
* ENGINE_METHOD_*** defines above. */
int ENGINE_set_default(ENGINE *e, unsigned int flags);
/* Obligatory error function. */
void ERR_load_ENGINE_strings(void);
/*
* Error codes for all engine functions. NB: We use "generic"
* function names instead of per-implementation ones because this
* levels the playing field for externally implemented bootstrapped
* support code. As the filename and line number is included, it's
* more important to indicate the type of function, so that
* bootstrapped code (that can't easily add its own errors in) can
* use the same error codes too.
*/
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
/* Error codes for the ENGINE functions. */
/* Function codes. */
#define ENGINE_F_ATALLA_FINISH 135
#define ENGINE_F_ATALLA_INIT 136
#define ENGINE_F_ATALLA_MOD_EXP 137
#define ENGINE_F_ATALLA_RSA_MOD_EXP 138
#define ENGINE_F_CSWIFT_DSA_SIGN 133
#define ENGINE_F_CSWIFT_DSA_VERIFY 134
#define ENGINE_F_CSWIFT_FINISH 100
#define ENGINE_F_CSWIFT_INIT 101
#define ENGINE_F_CSWIFT_MOD_EXP 102
#define ENGINE_F_CSWIFT_MOD_EXP_CRT 103
#define ENGINE_F_CSWIFT_RSA_MOD_EXP 104
#define ENGINE_F_ENGINE_ADD 105
#define ENGINE_F_ENGINE_BY_ID 106
#define ENGINE_F_ENGINE_CTRL 142
#define ENGINE_F_ENGINE_FINISH 107
#define ENGINE_F_ENGINE_FREE 108
#define ENGINE_F_ENGINE_GET_BN_MOD_EXP 109
#define ENGINE_F_ENGINE_GET_BN_MOD_EXP_CRT 110
#define ENGINE_F_ENGINE_GET_CTRL_FUNCTION 144
#define ENGINE_F_ENGINE_GET_DH 111
#define ENGINE_F_ENGINE_GET_DSA 112
#define ENGINE_F_ENGINE_GET_FINISH_FUNCTION 145
#define ENGINE_F_ENGINE_GET_ID 113
#define ENGINE_F_ENGINE_GET_INIT_FUNCTION 146
#define ENGINE_F_ENGINE_GET_NAME 114
#define ENGINE_F_ENGINE_GET_NEXT 115
#define ENGINE_F_ENGINE_GET_PREV 116
#define ENGINE_F_ENGINE_GET_RAND 117
#define ENGINE_F_ENGINE_GET_RSA 118
#define ENGINE_F_ENGINE_INIT 119
#define ENGINE_F_ENGINE_LIST_ADD 120
#define ENGINE_F_ENGINE_LIST_REMOVE 121
#define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150
#define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151
#define ENGINE_F_ENGINE_NEW 122
#define ENGINE_F_ENGINE_REMOVE 123
#define ENGINE_F_ENGINE_SET_BN_MOD_EXP 124
#define ENGINE_F_ENGINE_SET_BN_MOD_EXP_CRT 125
#define ENGINE_F_ENGINE_SET_CTRL_FUNCTION 147
#define ENGINE_F_ENGINE_SET_DEFAULT_TYPE 126
#define ENGINE_F_ENGINE_SET_DH 127
#define ENGINE_F_ENGINE_SET_DSA 128
#define ENGINE_F_ENGINE_SET_FINISH_FUNCTION 148
#define ENGINE_F_ENGINE_SET_ID 129
#define ENGINE_F_ENGINE_SET_INIT_FUNCTION 149
#define ENGINE_F_ENGINE_SET_NAME 130
#define ENGINE_F_ENGINE_SET_RAND 131
#define ENGINE_F_ENGINE_SET_RSA 132
#define ENGINE_F_ENGINE_UNLOAD_KEY 152
#define ENGINE_F_HWCRHK_CTRL 143
#define ENGINE_F_HWCRHK_FINISH 135
#define ENGINE_F_HWCRHK_GET_PASS 155
#define ENGINE_F_HWCRHK_INIT 136
#define ENGINE_F_HWCRHK_LOAD_PRIVKEY 153
#define ENGINE_F_HWCRHK_LOAD_PUBKEY 154
#define ENGINE_F_HWCRHK_MOD_EXP 137
#define ENGINE_F_HWCRHK_MOD_EXP_CRT 138
#define ENGINE_F_HWCRHK_RAND_BYTES 139
#define ENGINE_F_HWCRHK_RSA_MOD_EXP 140
#define ENGINE_F_LOG_MESSAGE 141
#define ENGINE_F_NURON_FINISH 157
#define ENGINE_F_NURON_INIT 156
#define ENGINE_F_NURON_MOD_EXP 158
/* Reason codes. */
#define ENGINE_R_ALREADY_LOADED 100
#define ENGINE_R_BIO_WAS_FREED 121
#define ENGINE_R_BN_CTX_FULL 101
#define ENGINE_R_BN_EXPAND_FAIL 102
#define ENGINE_R_CHIL_ERROR 123
#define ENGINE_R_CONFLICTING_ENGINE_ID 103
#define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119
#define ENGINE_R_DSO_FAILURE 104
#define ENGINE_R_DSO_FUNCTION_NOT_FOUND 131
#define ENGINE_R_DSO_NOT_FOUND 132
#define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105
#define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128
#define ENGINE_R_FAILED_LOADING_PUBLIC_KEY 129
#define ENGINE_R_FINISH_FAILED 106
#define ENGINE_R_GET_HANDLE_FAILED 107
#define ENGINE_R_ID_OR_NAME_MISSING 108
#define ENGINE_R_INIT_FAILED 109
#define ENGINE_R_INTERNAL_LIST_ERROR 110
#define ENGINE_R_MISSING_KEY_COMPONENTS 111
#define ENGINE_R_NOT_INITIALISED 117
#define ENGINE_R_NOT_LOADED 112
#define ENGINE_R_NO_CALLBACK 127
#define ENGINE_R_NO_CONTROL_FUNCTION 120
#define ENGINE_R_NO_KEY 124
#define ENGINE_R_NO_LOAD_FUNCTION 125
#define ENGINE_R_NO_REFERENCE 130
#define ENGINE_R_NO_SUCH_ENGINE 116
#define ENGINE_R_NO_UNLOAD_FUNCTION 126
#define ENGINE_R_PROVIDE_PARAMETERS 113
#define ENGINE_R_REQUEST_FAILED 114
#define ENGINE_R_REQUEST_FALLBACK 118
#define ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL 122
#define ENGINE_R_UNIT_FAILURE 115
#ifdef __cplusplus
}
#endif
#endif
crypto/engine/engine_err.c 0 → 100644
浏览文件 @ 5270e702
/* crypto/engine/engine_err.c */
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/engine.h>
/* BEGIN ERROR CODES */
#ifndef NO_ERR
static ERR_STRING_DATA ENGINE_str_functs[]=
{
{ERR_PACK(0,ENGINE_F_ATALLA_FINISH,0), "ATALLA_FINISH"},
{ERR_PACK(0,ENGINE_F_ATALLA_INIT,0), "ATALLA_INIT"},
{ERR_PACK(0,ENGINE_F_ATALLA_MOD_EXP,0), "ATALLA_MOD_EXP"},
{ERR_PACK(0,ENGINE_F_ATALLA_RSA_MOD_EXP,0), "ATALLA_RSA_MOD_EXP"},
{ERR_PACK(0,ENGINE_F_CSWIFT_DSA_SIGN,0), "CSWIFT_DSA_SIGN"},
{ERR_PACK(0,ENGINE_F_CSWIFT_DSA_VERIFY,0), "CSWIFT_DSA_VERIFY"},
{ERR_PACK(0,ENGINE_F_CSWIFT_FINISH,0), "CSWIFT_FINISH"},
{ERR_PACK(0,ENGINE_F_CSWIFT_INIT,0), "CSWIFT_INIT"},
{ERR_PACK(0,ENGINE_F_CSWIFT_MOD_EXP,0), "CSWIFT_MOD_EXP"},
{ERR_PACK(0,ENGINE_F_CSWIFT_MOD_EXP_CRT,0), "CSWIFT_MOD_EXP_CRT"},
{ERR_PACK(0,ENGINE_F_CSWIFT_RSA_MOD_EXP,0), "CSWIFT_RSA_MOD_EXP"},
{ERR_PACK(0,ENGINE_F_ENGINE_ADD,0), "ENGINE_add"},
{ERR_PACK(0,ENGINE_F_ENGINE_BY_ID,0), "ENGINE_by_id"},
{ERR_PACK(0,ENGINE_F_ENGINE_CTRL,0), "ENGINE_ctrl"},
{ERR_PACK(0,ENGINE_F_ENGINE_FINISH,0), "ENGINE_finish"},
{ERR_PACK(0,ENGINE_F_ENGINE_FREE,0), "ENGINE_free"},
{ERR_PACK(0,ENGINE_F_ENGINE_GET_BN_MOD_EXP,0), "ENGINE_get_BN_mod_exp"},
{ERR_PACK(0,ENGINE_F_ENGINE_GET_BN_MOD_EXP_CRT,0), "ENGINE_get_BN_mod_exp_crt"},
{ERR_PACK(0,ENGINE_F_ENGINE_GET_CTRL_FUNCTION,0), "ENGINE_get_ctrl_function"},
{ERR_PACK(0,ENGINE_F_ENGINE_GET_DH,0), "ENGINE_get_DH"},
{ERR_PACK(0,ENGINE_F_ENGINE_GET_DSA,0), "ENGINE_get_DSA"},
{ERR_PACK(0,ENGINE_F_ENGINE_GET_FINISH_FUNCTION,0), "ENGINE_get_finish_function"},
{ERR_PACK(0,ENGINE_F_ENGINE_GET_ID,0), "ENGINE_get_id"},
{ERR_PACK(0,ENGINE_F_ENGINE_GET_INIT_FUNCTION,0), "ENGINE_get_init_function"},
{ERR_PACK(0,ENGINE_F_ENGINE_GET_NAME,0), "ENGINE_get_name"},
{ERR_PACK(0,ENGINE_F_ENGINE_GET_NEXT,0), "ENGINE_get_next"},
{ERR_PACK(0,ENGINE_F_ENGINE_GET_PREV,0), "ENGINE_get_prev"},
{ERR_PACK(0,ENGINE_F_ENGINE_GET_RAND,0), "ENGINE_get_RAND"},
{ERR_PACK(0,ENGINE_F_ENGINE_GET_RSA,0), "ENGINE_get_RSA"},
{ERR_PACK(0,ENGINE_F_ENGINE_INIT,0), "ENGINE_init"},
{ERR_PACK(0,ENGINE_F_ENGINE_LIST_ADD,0), "ENGINE_LIST_ADD"},
{ERR_PACK(0,ENGINE_F_ENGINE_LIST_REMOVE,0), "ENGINE_LIST_REMOVE"},
{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,0), "ENGINE_load_private_key"},
{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,0), "ENGINE_load_public_key"},
{ERR_PACK(0,ENGINE_F_ENGINE_NEW,0), "ENGINE_new"},
{ERR_PACK(0,ENGINE_F_ENGINE_REMOVE,0), "ENGINE_remove"},
{ERR_PACK(0,ENGINE_F_ENGINE_SET_BN_MOD_EXP,0), "ENGINE_set_BN_mod_exp"},
{ERR_PACK(0,ENGINE_F_ENGINE_SET_BN_MOD_EXP_CRT,0), "ENGINE_set_BN_mod_exp_crt"},
{ERR_PACK(0,ENGINE_F_ENGINE_SET_CTRL_FUNCTION,0), "ENGINE_set_ctrl_function"},
{ERR_PACK(0,ENGINE_F_ENGINE_SET_DEFAULT_TYPE,0), "ENGINE_SET_DEFAULT_TYPE"},
{ERR_PACK(0,ENGINE_F_ENGINE_SET_DH,0), "ENGINE_set_DH"},
{ERR_PACK(0,ENGINE_F_ENGINE_SET_DSA,0), "ENGINE_set_DSA"},
{ERR_PACK(0,ENGINE_F_ENGINE_SET_FINISH_FUNCTION,0), "ENGINE_set_finish_function"},
{ERR_PACK(0,ENGINE_F_ENGINE_SET_ID,0), "ENGINE_set_id"},
{ERR_PACK(0,ENGINE_F_ENGINE_SET_INIT_FUNCTION,0), "ENGINE_set_init_function"},
{ERR_PACK(0,ENGINE_F_ENGINE_SET_NAME,0), "ENGINE_set_name"},
{ERR_PACK(0,ENGINE_F_ENGINE_SET_RAND,0), "ENGINE_set_RAND"},
{ERR_PACK(0,ENGINE_F_ENGINE_SET_RSA,0), "ENGINE_set_RSA"},
{ERR_PACK(0,ENGINE_F_ENGINE_UNLOAD_KEY,0), "ENGINE_UNLOAD_KEY"},
{ERR_PACK(0,ENGINE_F_HWCRHK_CTRL,0), "HWCRHK_CTRL"},
{ERR_PACK(0,ENGINE_F_HWCRHK_FINISH,0), "HWCRHK_FINISH"},
{ERR_PACK(0,ENGINE_F_HWCRHK_GET_PASS,0), "HWCRHK_GET_PASS"},
{ERR_PACK(0,ENGINE_F_HWCRHK_INIT,0), "HWCRHK_INIT"},
{ERR_PACK(0,ENGINE_F_HWCRHK_LOAD_PRIVKEY,0), "HWCRHK_LOAD_PRIVKEY"},
{ERR_PACK(0,ENGINE_F_HWCRHK_LOAD_PUBKEY,0), "HWCRHK_LOAD_PUBKEY"},
{ERR_PACK(0,ENGINE_F_HWCRHK_MOD_EXP,0), "HWCRHK_MOD_EXP"},
{ERR_PACK(0,ENGINE_F_HWCRHK_MOD_EXP_CRT,0), "HWCRHK_MOD_EXP_CRT"},
{ERR_PACK(0,ENGINE_F_HWCRHK_RAND_BYTES,0), "HWCRHK_RAND_BYTES"},
{ERR_PACK(0,ENGINE_F_HWCRHK_RSA_MOD_EXP,0), "HWCRHK_RSA_MOD_EXP"},
{ERR_PACK(0,ENGINE_F_LOG_MESSAGE,0), "LOG_MESSAGE"},
{ERR_PACK(0,ENGINE_F_NURON_FINISH,0), "NURON_FINISH"},
{ERR_PACK(0,ENGINE_F_NURON_INIT,0), "NURON_INIT"},
{ERR_PACK(0,ENGINE_F_NURON_MOD_EXP,0), "NURON_MOD_EXP"},
{0,NULL}
};
static ERR_STRING_DATA ENGINE_str_reasons[]=
{
{ENGINE_R_ALREADY_LOADED ,"already loaded"},
{ENGINE_R_BIO_WAS_FREED ,"bio was freed"},
{ENGINE_R_BN_CTX_FULL ,"BN_CTX full"},
{ENGINE_R_BN_EXPAND_FAIL ,"bn_expand fail"},
{ENGINE_R_CHIL_ERROR ,"chil error"},
{ENGINE_R_CONFLICTING_ENGINE_ID ,"conflicting engine id"},
{ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"},
{ENGINE_R_DSO_FAILURE ,"DSO failure"},
{ENGINE_R_DSO_FUNCTION_NOT_FOUND ,"dso function not found"},
{ENGINE_R_DSO_NOT_FOUND ,"dso not found"},
{ENGINE_R_ENGINE_IS_NOT_IN_LIST ,"engine is not in the list"},
{ENGINE_R_FAILED_LOADING_PRIVATE_KEY ,"failed loading private key"},
{ENGINE_R_FAILED_LOADING_PUBLIC_KEY ,"failed loading public key"},
{ENGINE_R_FINISH_FAILED ,"finish failed"},
{ENGINE_R_GET_HANDLE_FAILED ,"could not obtain hardware handle"},
{ENGINE_R_ID_OR_NAME_MISSING ,"'id' or 'name' missing"},
{ENGINE_R_INIT_FAILED ,"init failed"},
{ENGINE_R_INTERNAL_LIST_ERROR ,"internal list error"},
{ENGINE_R_MISSING_KEY_COMPONENTS ,"missing key components"},
{ENGINE_R_NOT_INITIALISED ,"not initialised"},
{ENGINE_R_NOT_LOADED ,"not loaded"},
{ENGINE_R_NO_CALLBACK ,"no callback"},
{ENGINE_R_NO_CONTROL_FUNCTION ,"no control function"},
{ENGINE_R_NO_KEY ,"no key"},
{ENGINE_R_NO_LOAD_FUNCTION ,"no load function"},
{ENGINE_R_NO_REFERENCE ,"no reference"},
{ENGINE_R_NO_SUCH_ENGINE ,"no such engine"},
{ENGINE_R_NO_UNLOAD_FUNCTION ,"no unload function"},
{ENGINE_R_PROVIDE_PARAMETERS ,"provide parameters"},
{ENGINE_R_REQUEST_FAILED ,"request failed"},
{ENGINE_R_REQUEST_FALLBACK ,"request fallback"},
{ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL ,"size too large or too small"},
{ENGINE_R_UNIT_FAILURE ,"unit failure"},
{0,NULL}
};
#endif
void ERR_load_ENGINE_strings(void)
{
static int init=1;
if (init)
{
init=0;
#ifndef NO_ERR
ERR_load_strings(ERR_LIB_ENGINE,ENGINE_str_functs);
ERR_load_strings(ERR_LIB_ENGINE,ENGINE_str_reasons);
#endif
}
}
crypto/engine/engine_int.h 0 → 100644
浏览文件 @ 5270e702
/* crypto/engine/engine_int.h */
/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
* project 2000.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef HEADER_ENGINE_INT_H
#define HEADER_ENGINE_INT_H
#include <openssl/rsa.h>
#include <openssl/dsa.h>
#include <openssl/dh.h>
#include <openssl/rand.h>
#include <openssl/bn.h>
#include <openssl/evp.h>
#ifdef __cplusplus
extern "C" {
#endif
/* Bitwise OR-able values for the "flags" variable in ENGINE. */
#define ENGINE_FLAGS_MALLOCED 0x0001
#ifndef HEADER_ENGINE_H
/* Regrettably, we need to reproduce the "BN" function types here
* because there is no such "BIGNUM_METHOD" as there is with RSA,
* DSA, etc. We do this so that we don't have a case where engine.h
* and engine_int.h conflict with each other. */
typedef int (*BN_MOD_EXP)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx);
/* private key operation for RSA, provided seperately in case other
* RSA implementations wish to use it. */
typedef int (*BN_MOD_EXP_CRT)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
const BIGNUM *iqmp, BN_CTX *ctx);
/* Generic function pointer */
typedef int (*ENGINE_GEN_FUNC_PTR)();
/* Generic function pointer taking no arguments */
typedef int (*ENGINE_GEN_INT_FUNC_PTR)(void);
/* Specific control function pointer */
typedef int (*ENGINE_CTRL_FUNC_PTR)(int cmd, long i, void *p, void (*f)());
#endif
/* This is a structure for storing implementations of various crypto
* algorithms and functions. */
typedef struct engine_st
{
const char *id;
const char *name;
RSA_METHOD *rsa_meth;
DSA_METHOD *dsa_meth;
DH_METHOD *dh_meth;
RAND_METHOD *rand_meth;
BN_MOD_EXP bn_mod_exp;
BN_MOD_EXP_CRT bn_mod_exp_crt;
int (*init)(void);
int (*finish)(void);
int (*ctrl)(int cmd, long i, void *p, void (*f)());
EVP_PKEY *(*load_privkey)(const char *key_id, const char *passphrase);
EVP_PKEY *(*load_pubkey)(const char *key_id, const char *passphrase);
int flags;
/* reference count on the structure itself */
int struct_ref;
/* reference count on usability of the engine type. NB: This
* controls the loading and initialisation of any functionlity
* required by this engine, whereas the previous count is
* simply to cope with (de)allocation of this structure. Hence,
* running_ref <= struct_ref at all times. */
int funct_ref;
/* Used to maintain the linked-list of engines. */
struct engine_st *prev;
struct engine_st *next;
} ENGINE;
/* BUILT-IN ENGINES. (these functions are only ever called once and
* do not return references - they are purely for bootstrapping). */
/* Returns a structure of software only methods (the default). */
ENGINE *ENGINE_openssl();
#ifndef NO_HW
#ifndef NO_HW_CSWIFT
/* Returns a structure of cswift methods ... NB: This can exist and be
* "used" even on non-cswift systems because the "init" will fail if the
* card/library are not found. */
ENGINE *ENGINE_cswift();
#endif /* !NO_HW_CSWIFT */
#ifndef NO_HW_NCIPHER
ENGINE *ENGINE_ncipher();
#endif /* !NO_HW_NCIPHER */
#ifndef NO_HW_ATALLA
/* Returns a structure of atalla methods. */
ENGINE *ENGINE_atalla();
#endif /* !NO_HW_ATALLA */
#ifndef NO_HW_NURON
ENGINE *ENGINE_nuron();
#endif /* !NO_HW_NURON */
#endif /* !NO_HW */
#ifdef __cplusplus
}
#endif
#endif /* HEADER_ENGINE_INT_H */
crypto/engine/engine_lib.c 0 → 100644
浏览文件 @ 5270e702
/* crypto/engine/engine_lib.c */
/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
* project 2000.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <openssl/crypto.h>
#include "cryptlib.h"
#include "engine_int.h"
#include <openssl/engine.h>
/* These pointers each have their own "functional reference" when they
* are non-NULL. Similarly, when they are retrieved by a call to
* ENGINE_get_default_[RSA|DSA|...] the returned pointer is also a
* reference and the caller is responsible for freeing that when they
* are finished with it (with a call to ENGINE_finish() *NOT* just
* ENGINE_free()!!!!!!). */
static ENGINE *engine_def_rsa = NULL;
static ENGINE *engine_def_dsa = NULL;
static ENGINE *engine_def_dh = NULL;
static ENGINE *engine_def_rand = NULL;
static ENGINE *engine_def_bn_mod_exp = NULL;
static ENGINE *engine_def_bn_mod_exp_crt = NULL;
/* A static "once-only" flag used to control if/when the above were
* initialised to suitable start-up defaults. */
static int engine_def_flag = 0;
/* This is used in certain static utility functions to save code
* repetition for per-algorithm functions. */
typedef enum {
ENGINE_TYPE_RSA,
ENGINE_TYPE_DSA,
ENGINE_TYPE_DH,
ENGINE_TYPE_RAND,
ENGINE_TYPE_BN_MOD_EXP,
ENGINE_TYPE_BN_MOD_EXP_CRT
} ENGINE_TYPE;
static void engine_def_check_util(ENGINE **def, ENGINE *val)
{
*def = val;
val->struct_ref++;
val->funct_ref++;
}
/* In a slight break with convention - this static function must be
* called *outside* any locking of CRYPTO_LOCK_ENGINE. */
static void engine_def_check(void)
{
ENGINE *e;
if(engine_def_flag)
return;
e = ENGINE_get_first();
if(e == NULL)
/* The list is empty ... not much we can do! */
return;
/* We have a structural reference, see if getting a functional
* reference is possible. This is done to cope with init errors
* in the engine - the following locked code does a bunch of
* manual "ENGINE_init"s which do *not* allow such an init
* error so this is worth doing. */
if(ENGINE_init(e))
{
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
/* Doing another check here prevents an obvious race
* condition because the whole function itself cannot
* be locked. */
if(engine_def_flag)
goto skip_set_defaults;
/* OK, we got a functional reference, so we get one each
* for the defaults too. */
engine_def_check_util(&engine_def_rsa, e);
engine_def_check_util(&engine_def_dsa, e);
engine_def_check_util(&engine_def_dh, e);
engine_def_check_util(&engine_def_rand, e);
engine_def_check_util(&engine_def_bn_mod_exp, e);
engine_def_check_util(&engine_def_bn_mod_exp_crt, e);
engine_def_flag = 1;
skip_set_defaults:
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
/* The "if" needs to be balanced out. */
ENGINE_finish(e);
}
/* We need to balance out the fact we obtained a structural
* reference to begin with from ENGINE_get_first(). */
ENGINE_free(e);
}
/* Initialise a engine type for use (or up its functional reference count
* if it's already in use). */
int ENGINE_init(ENGINE *e)
{
int to_return = 1;
if(e == NULL)
{
ENGINEerr(ENGINE_F_ENGINE_INIT,ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
if((e->funct_ref == 0) && e->init)
/* This is the first functional reference and the engine
* requires initialisation so we do it now. */
to_return = e->init();
if(to_return)
{
/* OK, we return a functional reference which is also a
* structural reference. */
e->struct_ref++;
e->funct_ref++;
}
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
return to_return;
}
/* Free a functional reference to a engine type */
int ENGINE_finish(ENGINE *e)
{
int to_return = 1;
if(e == NULL)
{
ENGINEerr(ENGINE_F_ENGINE_FINISH,ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
if((e->funct_ref == 1) && e->finish)
#if 0
/* This is the last functional reference and the engine
* requires cleanup so we do it now. */
to_return = e->finish();
if(to_return)
{
/* Cleanup the functional reference which is also a
* structural reference. */
e->struct_ref--;
e->funct_ref--;
}
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
#else
/* I'm going to deliberately do a convoluted version of this
* piece of code because we don't want "finish" functions
* being called inside a locked block of code, if at all
* possible. I'd rather have this call take an extra couple
* of ticks than have throughput serialised on a externally-
* provided callback function that may conceivably never come
* back. :-( */
{
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
/* CODE ALERT: This *IS* supposed to be "=" and NOT "==" :-) */
if((to_return = e->finish()))
{
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
/* Cleanup the functional reference which is also a
* structural reference. */
e->struct_ref--;
e->funct_ref--;
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
}
}
else
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
#endif
return to_return;
}
EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
const char *passphrase)
{
EVP_PKEY *pkey;
if(e == NULL)
{
ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
if(e->funct_ref == 0)
{
ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
ENGINE_R_NOT_INITIALISED);
return 0;
}
if (!e->load_privkey)
{
ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
ENGINE_R_NO_LOAD_FUNCTION);
return 0;
}
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
pkey = e->load_privkey(key_id, passphrase);
if (!pkey)
{
ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
return 0;
}
return pkey;
}
EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
const char *passphrase)
{
EVP_PKEY *pkey;
if(e == NULL)
{
ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
if(e->funct_ref == 0)
{
ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
ENGINE_R_NOT_INITIALISED);
return 0;
}
if (!e->load_pubkey)
{
ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
ENGINE_R_NO_LOAD_FUNCTION);
return 0;
}
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
pkey = e->load_pubkey(key_id, passphrase);
if (!pkey)
{
ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
return 0;
}
return pkey;
}
/* Initialise a engine type for use (or up its functional reference count
* if it's already in use). */
int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
{
if(e == NULL)
{
ENGINEerr(ENGINE_F_ENGINE_CTRL,ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
if(e->struct_ref == 0)
{
ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_REFERENCE);
return 0;
}
if (!e->ctrl)
{
ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION);
return 0;
}
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
return e->ctrl(cmd, i, p, f);
}
static ENGINE *engine_get_default_type(ENGINE_TYPE t)
{
ENGINE *ret = NULL;
/* engine_def_check is lean and mean and won't replace any
* prior default engines ... so we must ensure that it is always
* the first function to get to touch the default values. */
engine_def_check();
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
switch(t)
{
case ENGINE_TYPE_RSA:
ret = engine_def_rsa; break;
case ENGINE_TYPE_DSA:
ret = engine_def_dsa; break;
case ENGINE_TYPE_DH:
ret = engine_def_dh; break;
case ENGINE_TYPE_RAND:
ret = engine_def_rand; break;
case ENGINE_TYPE_BN_MOD_EXP:
ret = engine_def_bn_mod_exp; break;
case ENGINE_TYPE_BN_MOD_EXP_CRT:
ret = engine_def_bn_mod_exp_crt; break;
}
/* Unforunately we can't do this work outside the lock with a
* call to ENGINE_init() because that would leave a race
* condition open. */
if(ret)
{
ret->struct_ref++;
ret->funct_ref++;
}
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
return ret;
}
ENGINE *ENGINE_get_default_RSA(void)
{
return engine_get_default_type(ENGINE_TYPE_RSA);
}
ENGINE *ENGINE_get_default_DSA(void)
{
return engine_get_default_type(ENGINE_TYPE_DSA);
}
ENGINE *ENGINE_get_default_DH(void)
{
return engine_get_default_type(ENGINE_TYPE_DH);
}
ENGINE *ENGINE_get_default_RAND(void)
{
return engine_get_default_type(ENGINE_TYPE_RAND);
}
ENGINE *ENGINE_get_default_BN_mod_exp(void)
{
return engine_get_default_type(ENGINE_TYPE_BN_MOD_EXP);
}
ENGINE *ENGINE_get_default_BN_mod_exp_crt(void)
{
return engine_get_default_type(ENGINE_TYPE_BN_MOD_EXP_CRT);
}
static int engine_set_default_type(ENGINE_TYPE t, ENGINE *e)
{
ENGINE *old = NULL;
if(e == NULL)
{
ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_TYPE,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
/* engine_def_check is lean and mean and won't replace any
* prior default engines ... so we must ensure that it is always
* the first function to get to touch the default values. */
engine_def_check();
/* Attempt to get a functional reference (we need one anyway, but
* also, 'e' may be just a structural reference being passed in so
* this call may actually be the first). */
if(!ENGINE_init(e))
{
ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_TYPE,
ENGINE_R_INIT_FAILED);
return 0;
}
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
switch(t)
{
case ENGINE_TYPE_RSA:
old = engine_def_rsa;
engine_def_rsa = e; break;
case ENGINE_TYPE_DSA:
old = engine_def_dsa;
engine_def_dsa = e; break;
case ENGINE_TYPE_DH:
old = engine_def_dh;
engine_def_dh = e; break;
case ENGINE_TYPE_RAND:
old = engine_def_rand;
engine_def_rand = e; break;
case ENGINE_TYPE_BN_MOD_EXP:
old = engine_def_bn_mod_exp;
engine_def_bn_mod_exp = e; break;
case ENGINE_TYPE_BN_MOD_EXP_CRT:
old = engine_def_bn_mod_exp_crt;
engine_def_bn_mod_exp_crt = e; break;
}
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
/* If we've replaced a previous value, then we need to remove the
* functional reference we had. */
if(old && !ENGINE_finish(old))
{
ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_TYPE,
ENGINE_R_FINISH_FAILED);
return 0;
}
return 1;
}
int ENGINE_set_default_RSA(ENGINE *e)
{
return engine_set_default_type(ENGINE_TYPE_RSA, e);
}
int ENGINE_set_default_DSA(ENGINE *e)
{
return engine_set_default_type(ENGINE_TYPE_DSA, e);
}
int ENGINE_set_default_DH(ENGINE *e)
{
return engine_set_default_type(ENGINE_TYPE_DH, e);
}
int ENGINE_set_default_RAND(ENGINE *e)
{
return engine_set_default_type(ENGINE_TYPE_RAND, e);
}
int ENGINE_set_default_BN_mod_exp(ENGINE *e)
{
return engine_set_default_type(ENGINE_TYPE_BN_MOD_EXP, e);
}
int ENGINE_set_default_BN_mod_exp_crt(ENGINE *e)
{
return engine_set_default_type(ENGINE_TYPE_BN_MOD_EXP_CRT, e);
}
int ENGINE_set_default(ENGINE *e, unsigned int flags)
{
if((flags & ENGINE_METHOD_RSA) && e->rsa_meth &&
!ENGINE_set_default_RSA(e))
return 0;
if((flags & ENGINE_METHOD_DSA) && e->dsa_meth &&
!ENGINE_set_default_DSA(e))
return 0;
if((flags & ENGINE_METHOD_DH) && e->dh_meth &&
!ENGINE_set_default_DH(e))
return 0;
if((flags & ENGINE_METHOD_RAND) && e->rand_meth &&
!ENGINE_set_default_RAND(e))
return 0;
if((flags & ENGINE_METHOD_BN_MOD_EXP) && e->bn_mod_exp &&
!ENGINE_set_default_BN_mod_exp(e))
return 0;
if((flags & ENGINE_METHOD_BN_MOD_EXP_CRT) && e->bn_mod_exp_crt &&
!ENGINE_set_default_BN_mod_exp_crt(e))
return 0;
return 1;
}
crypto/engine/engine_list.c 0 → 100644
浏览文件 @ 5270e702
此差异已折叠。
crypto/engine/engine_openssl.c 0 → 100644
浏览文件 @ 5270e702
此差异已折叠。
crypto/engine/enginetest.c 0 → 100644
浏览文件 @ 5270e702
此差异已折叠。
crypto/engine/hw_atalla.c 0 → 100644
浏览文件 @ 5270e702
此差异已折叠。
crypto/engine/hw_cswift.c 0 → 100644
浏览文件 @ 5270e702
此差异已折叠。
crypto/engine/hw_ncipher.c 0 → 100644
浏览文件 @ 5270e702
此差异已折叠。
crypto/engine/hw_nuron.c 0 → 100644
浏览文件 @ 5270e702
此差异已折叠。
crypto/engine/vendor_defns/atalla.h 0 → 100644
浏览文件 @ 5270e702
/* This header declares the necessary definitions for using the exponentiation
* acceleration capabilities of Atalla cards. The only cryptographic operation
* is performed by "ASI_RSAPrivateKeyOpFn" and this takes a structure that
* defines an "RSA private key". However, it is really only performing a
* regular mod_exp using the supplied modulus and exponent - no CRT form is
* being used. Hence, it is a generic mod_exp function in disguise, and we use
* it as such.
*
* Thanks to the people at Atalla for letting me know these definitions are
* fine and that they can be reproduced here.
*
* Geoff.
*/
typedef struct ItemStr
{
unsigned char *data;
int len;
} Item;
typedef struct RSAPrivateKeyStr
{
void *reserved;
Item version;
Item modulus;
Item publicExponent;
Item privateExponent;
Item prime[2];
Item exponent[2];
Item coefficient;
} RSAPrivateKey;
/* Predeclare the function pointer types that we dynamically load from the DSO.
* These use the same names and form that Ben's original support code had (in
* crypto/bn/bn_exp.c) unless of course I've inadvertently changed the style
* somewhere along the way!
*/
typedef int tfnASI_GetPerformanceStatistics(int reset_flag,
unsigned int *ret_buf);
typedef int tfnASI_GetHardwareConfig(long card_num, unsigned int *ret_buf);
typedef int tfnASI_RSAPrivateKeyOpFn(RSAPrivateKey * rsaKey,
unsigned char *output,
unsigned char *input,
unsigned int modulus_len);
/* These are the static string constants for the DSO file name and the function
* symbol names to bind to. Regrettably, the DSO name on *nix appears to be
* "atasi.so" rather than something more consistent like "libatasi.so". At the
* time of writing, I'm not sure what the file name on win32 is but clearly
* native name translation is not possible (eg libatasi.so on *nix, and
* atasi.dll on win32). For the purposes of testing, I have created a symbollic
* link called "libatasi.so" so that we can use native name-translation - a
* better solution will be needed. */
static const char *ATALLA_LIBNAME = "atasi";
static const char *ATALLA_F1 = "ASI_GetHardwareConfig";
static const char *ATALLA_F2 = "ASI_RSAPrivateKeyOpFn";
static const char *ATALLA_F3 = "ASI_GetPerformanceStatistics";
crypto/engine/vendor_defns/cswift.h 0 → 100644
浏览文件 @ 5270e702
此差异已折叠。
crypto/engine/vendor_defns/hwcryptohook.h 0 → 100644
浏览文件 @ 5270e702
此差异已折叠。
crypto/err/Makefile.ssl
浏览文件 @ 5270e702
......@@ -93,16 +93,17 @@ err_all.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
err_all.o: ../../include/openssl/des.h ../../include/openssl/dh.h
err_all.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
err_all.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
err_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
err_all.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
err_all.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
err_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
err_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
err_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
err_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
err_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
err_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
err_all.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
err_all.o: ../../include/openssl/engine.h ../../include/openssl/err.h
err_all.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
err_all.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
err_all.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
err_all.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
err_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
err_all.o: ../../include/openssl/opensslv.h ../../include/openssl/pem2.h
err_all.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
err_all.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
err_all.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
err_all.o: ../../include/openssl/rijndael-alg-fst.h
err_all.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
err_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
err_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
......
crypto/err/err.c
浏览文件 @ 5270e702
此差异已折叠。
crypto/err/err.h
浏览文件 @ 5270e702
此差异已折叠。
crypto/err/err_all.c
浏览文件 @ 5270e702
此差异已折叠。
crypto/err/openssl.ec
浏览文件 @ 5270e702
此差异已折叠。
crypto/install.com
浏览文件 @ 5270e702
此差异已折叠。
crypto/rand/Makefile.ssl
浏览文件 @ 5270e702
此差异已折叠。
crypto/rand/rand.h
浏览文件 @ 5270e702
此差异已折叠。
crypto/rand/rand_lib.c
浏览文件 @ 5270e702
此差异已折叠。
crypto/rsa/Makefile.ssl
浏览文件 @ 5270e702
此差异已折叠。
crypto/rsa/rsa.h
浏览文件 @ 5270e702
此差异已折叠。
crypto/rsa/rsa_eay.c
浏览文件 @ 5270e702
此差异已折叠。
crypto/rsa/rsa_lib.c
浏览文件 @ 5270e702
此差异已折叠。
crypto/rsa/rsa_sign.c
浏览文件 @ 5270e702
此差异已折叠。
doc/apps/s_client.pod
浏览文件 @ 5270e702
此差异已折叠。
doc/apps/s_server.pod
浏览文件 @ 5270e702
此差异已折叠。
doc/apps/speed.pod
浏览文件 @ 5270e702
此差异已折叠。
doc/crypto/DH_set_method.pod
浏览文件 @ 5270e702
此差异已折叠。
doc/crypto/DSA_set_method.pod
浏览文件 @ 5270e702
此差异已折叠。
doc/crypto/RSA_set_method.pod
浏览文件 @ 5270e702
此差异已折叠。
doc/crypto/dh.pod
浏览文件 @ 5270e702
此差异已折叠。
doc/crypto/dsa.pod
浏览文件 @ 5270e702
此差异已折叠。
doc/crypto/rsa.pod
浏览文件 @ 5270e702
此差异已折叠。
makevms.com
浏览文件 @ 5270e702
此差异已折叠。
test/Makefile.ssl
浏览文件 @ 5270e702
此差异已折叠。
test/maketests.com
浏览文件 @ 5270e702
此差异已折叠。
test/tests.com
浏览文件 @ 5270e702
此差异已折叠。
util/libeay.num
浏览文件 @ 5270e702
此差异已折叠。
util/mkdef.pl
浏览文件 @ 5270e702
此差异已折叠。
util/mkfiles.pl
浏览文件 @ 5270e702
此差异已折叠。
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册