*/
#include <openssl/objects.h>
-#include <openssl/engine.h>
+#include <internal/engine.h>
#include <openssl/evp.h>
#include <openssl/bn.h>
+#include <openssl/crypto.h>
#if (defined(__unix__) || defined(unix)) && !defined(USG) && \
(defined(OpenBSD) || defined(__FreeBSD__))
#ifndef HAVE_CRYPTODEV
-void ENGINE_load_cryptodev(void)
+void engine_load_cryptodev_internal(void)
{
/* This is a NOP on platforms without /dev/crypto */
return;
#endif
static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
void (*f) (void));
-void ENGINE_load_cryptodev(void);
+void engine_load_cryptodev_internal(void);
static const ENGINE_CMD_DEFN cryptodev_defns[] = {
{0, NULL, NULL, 0}
* Find the useable ciphers|digests from dev/crypto - this is the first
* thing called by the engine init crud which determines what it
* can use for ciphers from this engine. We want to return
- * only what we can do, anythine else is handled by software.
+ * only what we can do, anything else is handled by software.
*
* If we can't initialize the device to do anything useful for
* any reason, we want to return a NULL array, and 0 length,
* which forces everything to be done is software. By putting
- * the initalization of the device in here, we ensure we can
+ * the initialization of the device in here, we ensure we can
* use this engine as the default, and if for whatever reason
* /dev/crypto won't do what we want it will just be done in
* software
* suck moose gonads - would be nice to be able to decide something
* as reasonable default without having hackery that's card dependent.
* of course, the default should probably be just do everything,
- * with perhaps a sysctl to turn algoritms off (or have them off
+ * with perhaps a sysctl to turn algorithms off (or have them off
* by default) on cards that generally suck like the hifn.
*/
*nids = NULL;
if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) {
/*
- * XXX need better errror handling this can fail for a number of
+ * XXX need better error handling this can fail for a number of
* different reasons.
*/
return (0);
}
/*
- * free anything we allocated earlier when initting a
+ * free anything we allocated earlier when initing a
* session, and close the session.
*/
static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
return (0);
/*
- * XXX if this ioctl fails, someting's wrong. the invoker may have called
+ * XXX if this ioctl fails, something's wrong. the invoker may have called
* us with a bogus ctx, or we could have a device that for whatever
* reason just doesn't want to play ball - it's not clear what's right
* here - should this be an error? should it just increase a counter,
return (*digest != NULL);
}
+static int cryptodev_engine_destroy(ENGINE *e)
+{
+ EVP_CIPHER_meth_free(rc4_cipher);
+ rc4_cipher = NULL;
+ EVP_CIPHER_meth_free(des_cbc_cipher);
+ des_cbc_cipher = NULL;
+ EVP_CIPHER_meth_free(des3_cbc_cipher);
+ des3_cbc_cipher = NULL;
+ EVP_CIPHER_meth_free(bf_cbc_cipher);
+ bf_cbc_cipher = NULL;
+ EVP_CIPHER_meth_free(cast_cbc_cipher);
+ cast_cbc_cipher = NULL;
+ EVP_CIPHER_meth_free(aes_cbc_cipher);
+ aes_cbc_cipher = NULL;
+ EVP_CIPHER_meth_free(aes_192_cbc_cipher);
+ aes_192_cbc_cipher = NULL;
+ EVP_CIPHER_meth_free(aes_256_cbc_cipher);
+ aes_256_cbc_cipher = NULL;
+# ifdef CRYPTO_AES_CTR
+ EVP_CIPHER_meth_free(aes_ctr_cipher);
+ aes_ctr_cipher = NULL;
+ EVP_CIPHER_meth_free(aes_192_ctr_cipher);
+ aes_192_ctr_cipher = NULL;
+ EVP_CIPHER_meth_free(aes_256_ctr_cipher);
+ aes_256_ctr_cipher = NULL;
+# endif
+# ifdef USE_CRYPTODEV_DIGESTS
+ EVP_MD_meth_free(sha1_md);
+ sha1_md = NULL;
+ EVP_MD_meth_free(md5_md);
+ md5_md = NULL;
+# endif
+ return 1;
+}
+
/*
* Convert a BIGNUM to the representation that /dev/crypto needs.
* Upon completion of use, the caller is responsible for freeing
return (1);
}
-void ENGINE_load_cryptodev(void)
+void engine_load_cryptodev_internal(void)
{
ENGINE *engine = ENGINE_new();
int fd;
if (!ENGINE_set_id(engine, "cryptodev") ||
!ENGINE_set_name(engine, "BSD cryptodev engine") ||
+ !ENGINE_set_destroy_function(engine, cryptodev_engine_destroy) ||
!ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
!ENGINE_set_digests(engine, cryptodev_engine_digests) ||
!ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||