diff options
Diffstat (limited to 'crypto/engine')
-rw-r--r-- | crypto/engine/Makefile.ssl | 23 | ||||
-rw-r--r-- | crypto/engine/eng_dyn.c | 1 | ||||
-rw-r--r-- | crypto/engine/eng_err.c | 3 | ||||
-rw-r--r-- | crypto/engine/eng_lib.c | 10 | ||||
-rw-r--r-- | crypto/engine/eng_list.c | 33 | ||||
-rw-r--r-- | crypto/engine/eng_openssl.c | 3 | ||||
-rw-r--r-- | crypto/engine/engine.h | 28 | ||||
-rw-r--r-- | crypto/engine/tb_ecdh.c | 13 |
8 files changed, 84 insertions, 30 deletions
diff --git a/crypto/engine/Makefile.ssl b/crypto/engine/Makefile.ssl index 65cab35c4c..a124654b0d 100644 --- a/crypto/engine/Makefile.ssl +++ b/crypto/engine/Makefile.ssl @@ -110,6 +110,29 @@ eng_cnf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h eng_cnf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h eng_cnf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h eng_cnf.o: ../../include/openssl/ui.h ../cryptlib.h eng_cnf.c +eng_cryptodev.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h +eng_cryptodev.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h +eng_cryptodev.o: ../../include/openssl/bn.h ../../include/openssl/cast.h +eng_cryptodev.o: ../../include/openssl/crypto.h ../../include/openssl/des.h +eng_cryptodev.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h +eng_cryptodev.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +eng_cryptodev.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +eng_cryptodev.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +eng_cryptodev.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eng_cryptodev.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +eng_cryptodev.o: ../../include/openssl/md2.h ../../include/openssl/md4.h +eng_cryptodev.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +eng_cryptodev.o: ../../include/openssl/obj_mac.h +eng_cryptodev.o: ../../include/openssl/objects.h +eng_cryptodev.o: ../../include/openssl/opensslconf.h +eng_cryptodev.o: ../../include/openssl/opensslv.h +eng_cryptodev.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +eng_cryptodev.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h +eng_cryptodev.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h +eng_cryptodev.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +eng_cryptodev.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_cryptodev.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +eng_cryptodev.o: ../../include/openssl/ui_compat.h eng_cryptodev.c eng_ctrl.o: ../../e_os.h ../../include/openssl/asn1.h eng_ctrl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h eng_ctrl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c index 5803c0123a..61ae230570 100644 --- a/crypto/engine/eng_dyn.c +++ b/crypto/engine/eng_dyn.c @@ -500,6 +500,7 @@ static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx) * engine.h, much of this would be simplified if each area of code * provided its own "summary" structure of all related callbacks. It * would also increase opaqueness. */ + fns.static_state = ENGINE_get_static_state(); fns.err_fns = ERR_get_implementation(); fns.ex_data_fns = CRYPTO_get_ex_data_implementation(); CRYPTO_get_mem_functions(&fns.mem_fns.malloc_cb, diff --git a/crypto/engine/eng_err.c b/crypto/engine/eng_err.c index f6c5630395..814d95ee32 100644 --- a/crypto/engine/eng_err.c +++ b/crypto/engine/eng_err.c @@ -1,6 +1,6 @@ /* crypto/engine/eng_err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -96,6 +96,7 @@ static ERR_STRING_DATA ENGINE_str_functs[]= {ERR_PACK(0,ENGINE_F_ENGINE_SET_NAME,0), "ENGINE_set_name"}, {ERR_PACK(0,ENGINE_F_ENGINE_TABLE_REGISTER,0), "ENGINE_TABLE_REGISTER"}, {ERR_PACK(0,ENGINE_F_ENGINE_UNLOAD_KEY,0), "ENGINE_UNLOAD_KEY"}, +{ERR_PACK(0,ENGINE_F_ENGINE_UP_REF,0), "ENGINE_up_ref"}, {ERR_PACK(0,ENGINE_F_INT_CTRL_HELPER,0), "INT_CTRL_HELPER"}, {ERR_PACK(0,ENGINE_F_INT_ENGINE_CONFIGURE,0), "INT_ENGINE_CONFIGURE"}, {ERR_PACK(0,ENGINE_F_LOG_MESSAGE,0), "LOG_MESSAGE"}, diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c index a66d0f08af..999061a8ed 100644 --- a/crypto/engine/eng_lib.c +++ b/crypto/engine/eng_lib.c @@ -319,3 +319,13 @@ const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e) { return e->cmd_defns; } + +/* eng_lib.o is pretty much linked into anything that touches ENGINE already, so + * put the "static_state" hack here. */ + +static int internal_static_hack = 0; + +void *ENGINE_get_static_state(void) + { + return &internal_static_hack; + } diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c index b41e6ba0f7..55b646da24 100644 --- a/crypto/engine/eng_list.c +++ b/crypto/engine/eng_list.c @@ -196,14 +196,14 @@ ENGINE *ENGINE_get_first(void) { ENGINE *ret; - CRYPTO_r_lock(CRYPTO_LOCK_ENGINE); + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); ret = engine_list_head; if(ret) { ret->struct_ref++; engine_ref_debug(ret, 0, 1) } - CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE); + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); return ret; } @@ -211,14 +211,14 @@ ENGINE *ENGINE_get_last(void) { ENGINE *ret; - CRYPTO_r_lock(CRYPTO_LOCK_ENGINE); - ret = engine_list_tail; + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + ret = engine_list_tail; if(ret) { ret->struct_ref++; engine_ref_debug(ret, 0, 1) } - CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE); + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); return ret; } @@ -232,7 +232,7 @@ ENGINE *ENGINE_get_next(ENGINE *e) ERR_R_PASSED_NULL_PARAMETER); return 0; } - CRYPTO_r_lock(CRYPTO_LOCK_ENGINE); + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); ret = e->next; if(ret) { @@ -240,7 +240,7 @@ ENGINE *ENGINE_get_next(ENGINE *e) ret->struct_ref++; engine_ref_debug(ret, 0, 1) } - CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE); + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); /* Release the structural reference to the previous ENGINE */ ENGINE_free(e); return ret; @@ -255,7 +255,7 @@ ENGINE *ENGINE_get_prev(ENGINE *e) ERR_R_PASSED_NULL_PARAMETER); return 0; } - CRYPTO_r_lock(CRYPTO_LOCK_ENGINE); + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); ret = e->prev; if(ret) { @@ -263,7 +263,7 @@ ENGINE *ENGINE_get_prev(ENGINE *e) ret->struct_ref++; engine_ref_debug(ret, 0, 1) } - CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE); + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); /* Release the structural reference to the previous ENGINE */ ENGINE_free(e); return ret; @@ -358,7 +358,7 @@ ENGINE *ENGINE_by_id(const char *id) ERR_R_PASSED_NULL_PARAMETER); return NULL; } - CRYPTO_r_lock(CRYPTO_LOCK_ENGINE); + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); iterator = engine_list_head; while(iterator && (strcmp(id, iterator->id) != 0)) iterator = iterator->next; @@ -384,7 +384,7 @@ ENGINE *ENGINE_by_id(const char *id) engine_ref_debug(iterator, 0, 1) } } - CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE); + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); #if 0 if(iterator == NULL) { @@ -416,3 +416,14 @@ notfound: /* EEK! Experimental code ends */ #endif } + +int ENGINE_up_ref(ENGINE *e) + { + if (e == NULL) + { + ENGINEerr(ENGINE_F_ENGINE_UP_REF,ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + CRYPTO_add(&e->struct_ref,1,CRYPTO_LOCK_ENGINE); + return 1; + } diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c index 45fa61834b..e28951cbc4 100644 --- a/crypto/engine/eng_openssl.c +++ b/crypto/engine/eng_openssl.c @@ -68,6 +68,7 @@ #include <openssl/engine.h> #include <openssl/dso.h> #include <openssl/pem.h> +#include <openssl/evp.h> /* This testing gunk is implemented (and explained) lower down. It also assumes * the application explicitly calls "ENGINE_load_openssl()" because this is no @@ -191,7 +192,6 @@ IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) * the "init_key" handler is called. * TEST_ENG_OPENSSL_RC4_P_CIPHER - ditto for the "cipher" handler. */ -#include <openssl/evp.h> #include <openssl/rc4.h> #define TEST_RC4_KEY_SIZE 16 static int test_cipher_nids[] = {NID_rc4,NID_rc4_40}; @@ -276,7 +276,6 @@ static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher, #ifdef TEST_ENG_OPENSSL_SHA /* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */ -#include <openssl/evp.h> #include <openssl/sha.h> static int test_digest_nids[] = {NID_sha1}; static int test_digest_nids_number = 1; diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h index 7bc5b4f490..3b951eb3e2 100644 --- a/crypto/engine/engine.h +++ b/crypto/engine/engine.h @@ -318,6 +318,7 @@ ENGINE *ENGINE_by_id(const char *id); /* Add all the built-in engines. */ void ENGINE_load_openssl(void); void ENGINE_load_dynamic(void); +#ifndef OPENSSL_NO_STATIC_ENGINE void ENGINE_load_cswift(void); void ENGINE_load_chil(void); void ENGINE_load_atalla(void); @@ -326,6 +327,7 @@ void ENGINE_load_ubsec(void); void ENGINE_load_aep(void); void ENGINE_load_sureware(void); void ENGINE_load_4758cca(void); +#endif void ENGINE_load_cryptodev(void); void ENGINE_load_builtin_engines(void); @@ -433,6 +435,7 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, * compatibility! */ ENGINE *ENGINE_new(void); int ENGINE_free(ENGINE *e); +int ENGINE_up_ref(ENGINE *e); int ENGINE_set_id(ENGINE *e, const char *id); int ENGINE_set_name(ENGINE *e, const char *name); int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); @@ -566,17 +569,20 @@ void ENGINE_add_conf_module(void); /**************************/ /* Binary/behaviour compatibility levels */ -#define OSSL_DYNAMIC_VERSION (unsigned long)0x00010100 +#define OSSL_DYNAMIC_VERSION (unsigned long)0x00010200 /* Binary versions older than this are too old for us (whether we're a loader or * a loadee) */ -#define OSSL_DYNAMIC_OLDEST (unsigned long)0x00010100 +#define OSSL_DYNAMIC_OLDEST (unsigned long)0x00010200 /* When compiling an ENGINE entirely as an external shared library, loadable by * the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure * type provides the calling application's (or library's) error functionality * and memory management function pointers to the loaded library. These should * be used/set in the loaded library code so that the loading application's - * 'state' will be used/changed in all operations. */ + * 'state' will be used/changed in all operations. The 'static_state' pointer + * allows the loaded library to know if it shares the same static data as the + * calling application (or library), and thus whether these callbacks need to be + * set or not. */ typedef void *(*dyn_MEM_malloc_cb)(size_t); typedef void *(*dyn_MEM_realloc_cb)(void *, size_t); typedef void (*dyn_MEM_free_cb)(void *); @@ -604,6 +610,7 @@ typedef struct st_dynamic_LOCK_fns { } dynamic_LOCK_fns; /* The top-level structure */ typedef struct st_dynamic_fns { + void *static_state; const ERR_FNS *err_fns; const CRYPTO_EX_DATA_IMPL *ex_data_fns; dynamic_MEM_fns mem_fns; @@ -644,6 +651,7 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id, const dynamic_fns *fns); #define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ + if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \ if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \ fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \ return 0; \ @@ -655,9 +663,22 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id, if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \ return 0; \ if(!ERR_set_implementation(fns->err_fns)) return 0; \ + skip_cbs: \ if(!fn(e,id)) return 0; \ return 1; } +/* If the loading application (or library) and the loaded ENGINE library share + * the same static data (eg. they're both dynamically linked to the same + * libcrypto.so) we need a way to avoid trying to set system callbacks - this + * would fail, and for the same reason that it's unnecessary to try. If the + * loaded ENGINE has (or gets from through the loader) its own copy of the + * libcrypto static data, we will need to set the callbacks. The easiest way to + * detect this is to have a function that returns a pointer to some static data + * and let the loading application and loaded ENGINE compare their respective + * values. */ +void *ENGINE_get_static_state(void); + + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. @@ -697,6 +718,7 @@ void ERR_load_ENGINE_strings(void); #define ENGINE_F_ENGINE_SET_NAME 130 #define ENGINE_F_ENGINE_TABLE_REGISTER 184 #define ENGINE_F_ENGINE_UNLOAD_KEY 152 +#define ENGINE_F_ENGINE_UP_REF 190 #define ENGINE_F_INT_CTRL_HELPER 172 #define ENGINE_F_INT_ENGINE_CONFIGURE 188 #define ENGINE_F_LOG_MESSAGE 141 diff --git a/crypto/engine/tb_ecdh.c b/crypto/engine/tb_ecdh.c index 64357157a0..ea82b61a18 100644 --- a/crypto/engine/tb_ecdh.c +++ b/crypto/engine/tb_ecdh.c @@ -9,19 +9,6 @@ * The ECC Code is licensed pursuant to the OpenSSL open source * license provided below. * - * In addition, Sun covenants to all licensees who provide a reciprocal - * covenant with respect to their own patents if any, not to sue under - * current and future patent claims necessarily infringed by the making, - * using, practicing, selling, offering for sale and/or otherwise - * disposing of the ECC Code as delivered hereunder (or portions thereof), - * provided that such covenant shall not apply: - * 1) for code that a licensee deletes from the ECC Code; - * 2) separates from the ECC Code; or - * 3) for infringements caused by: - * i) the modification of the ECC Code or - * ii) the combination of the ECC Code with other software or - * devices where such combination causes the infringement. - * * The ECDH engine software is originally written by Nils Gura and * Douglas Stebila of Sun Microsystems Laboratories. * |