X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fengine%2Fengine.h;h=07d3810d9412b69ad51d42ad821a23bcfc8b01e8;hp=3cb52254ff3d0ced3a88a544b7f85c44edcdfbef;hb=2b67158673cc0bcedd201b94728269fd5e861fe4;hpb=b41f836e5f2ee1bc9ae3bb034473739c921d62bc diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h index 3cb52254ff..07d3810d94 100644 --- a/crypto/engine/engine.h +++ b/crypto/engine/engine.h @@ -3,7 +3,7 @@ * project 2000. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -59,6 +59,7 @@ #ifndef HEADER_ENGINE_H #define HEADER_ENGINE_H +#include #include #ifndef OPENSSL_NO_RSA #include @@ -70,8 +71,9 @@ #include #endif #include -#include +#include #include +#include #ifdef __cplusplus extern "C" { @@ -135,6 +137,10 @@ typedef void DH_METHOD; /* Indicates that the control command takes *no* input. Ie. the control command * is unparameterised. */ #define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004 +/* Indicates that the control command is internal. This control command won't + * be shown in any output, and is only usable through the ENGINE_ctrl_cmd() + * function. */ +#define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008 /* NB: These 3 control commands are deprecated and should not be used. ENGINEs * relying on these commands should compile conditional support for @@ -153,6 +159,11 @@ typedef void DH_METHOD; #define ENGINE_CTRL_SET_PASSWORD_CALLBACK 2 #define ENGINE_CTRL_HUP 3 /* Close and reinitialise any handles/connections etc. */ +#define ENGINE_CTRL_SET_USER_INTERFACE 4 /* Alternative to callback */ +#define ENGINE_CTRL_SET_CALLBACK_DATA 5 /* User-specific data, used + when calling the password + callback and the user + interface */ /* These control commands allow an application to deal with an arbitrary engine * in a dynamic way. Warn: Negative return values indicate errors FOR THESE @@ -248,13 +259,6 @@ typedef int (*BN_MOD_EXP_CRT)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx); -/* The list of "engine" types is a static array of (const ENGINE*) - * pointers (not dynamic because static is fine for now and we otherwise - * have to hook an appropriate load/unload function in to initialise and - * cleanup). */ -struct engine_st; -typedef struct engine_st ENGINE; - /* Generic function pointer */ typedef int (*ENGINE_GEN_FUNC_PTR)(); /* Generic function pointer taking no arguments */ @@ -262,7 +266,8 @@ typedef int (*ENGINE_GEN_INT_FUNC_PTR)(ENGINE *); /* Specific control function pointer */ typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, void (*f)()); /* Generic load_key function pointer */ -typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *, const char *); +typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *, + UI_METHOD *ui_method, void *callback_data); /* STRUCTURE functions ... all of these functions deal with pointers to ENGINE * structures where the pointers have a "structural reference". This means that @@ -293,8 +298,12 @@ void ENGINE_load_chil(void); void ENGINE_load_atalla(void); void ENGINE_load_nuron(void); void ENGINE_load_ubsec(void); +void ENGINE_load_openbsd_dev_crypto(void); void ENGINE_load_builtin_engines(void); +/* Load all the currently known ciphers from all engines */ +void ENGINE_load_ciphers(void); + /* Send parametrised control commands to the engine. The possibilities to send * down an integer, a pointer to data or a function pointer are provided. Any of * the parameters may or may not be NULL, depending on the command number. In @@ -310,6 +319,13 @@ int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl(). */ int ENGINE_cmd_is_executable(ENGINE *e, int cmd); +/* This function works like ENGINE_ctrl() with the exception of taking a + * command name instead of a command number, and can handle optional commands. + * See the comment on ENGINE_ctrl_cmd_string() for an explanation on how to + * use the cmd_name and cmd_optional. */ +int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, + long i, void *p, void (*f)(), int cmd_optional); + /* This function passes a command-name and argument to an ENGINE. The cmd_name * is converted to a command number and the control command is called using * 'arg' as an argument (unless the ENGINE doesn't support such a command, in @@ -348,6 +364,7 @@ int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); int ENGINE_set_BN_mod_exp(ENGINE *e, BN_MOD_EXP bn_mod_exp); int ENGINE_set_BN_mod_exp_crt(ENGINE *e, BN_MOD_EXP_CRT bn_mod_exp_crt); +int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f); @@ -355,6 +372,7 @@ int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f); int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f); int ENGINE_set_flags(ENGINE *e, int flags); int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); +int ENGINE_add_cipher(ENGINE *e,const EVP_CIPHER *c); /* Copies across all ENGINE methods and pointers. NB: This does *not* change * reference counts however. */ int ENGINE_cpy(ENGINE *dest, const ENGINE *src); @@ -381,8 +399,11 @@ const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e); const DH_METHOD *ENGINE_get_DH(const ENGINE *e); const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); +int ENGINE_cipher_num(const ENGINE *e); +const EVP_CIPHER *ENGINE_get_cipher(const ENGINE *e, int n); BN_MOD_EXP ENGINE_get_BN_mod_exp(const ENGINE *e); BN_MOD_EXP_CRT ENGINE_get_BN_mod_exp_crt(const ENGINE *e); +ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e); ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e); ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e); @@ -417,9 +438,9 @@ int ENGINE_finish(ENGINE *e); * location, handled by the engine. The storage may be on a card or * whatever. */ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, - const char *passphrase); + UI_METHOD *ui_method, void *callback_data); EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, - const char *passphrase); + UI_METHOD *ui_method, void *callback_data); /* This returns a pointer for the current ENGINE structure that * is (by default) performing any RSA operations. The value returned @@ -455,8 +476,109 @@ int ENGINE_set_default(ENGINE *e, unsigned int flags); * no need to call both (although no harm is done). */ int ENGINE_clear_defaults(void); -/* Obligatory error function. */ -void ERR_load_ENGINE_strings(void); +/* Instruct an engine to load any EVP ciphers it knows of */ +/* XXX make this work via defaults? */ +void ENGINE_load_engine_ciphers(ENGINE *e); +/* Get a particular cipher from a particular engine - NULL if the engine + * doesn't have it */ +const EVP_CIPHER *ENGINE_get_cipher_by_name(ENGINE *e,const char *name); + +/**************************/ +/* DYNAMIC ENGINE SUPPORT */ +/**************************/ + +/* Binary/behaviour compatibility levels */ +#define OSSL_DYNAMIC_VERSION (unsigned long)0x00010100 +/* Binary versions older than this are too old for us (whether we're a loader or + * a loadee) */ +#define OSSL_DYNAMIC_OLDEST (unsigned long)0x00010100 + +/* When compiling an ENGINE entirely as an external shared library, loadable by + * the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure + * type provides the calling application's (or library's) error functionality + * and memory management function pointers to the loaded library. These should + * be used/set in the loaded library code so that the loading application's + * 'state' will be used/changed in all operations. */ +typedef void *(*dyn_MEM_malloc_cb)(size_t); +typedef void *(*dyn_MEM_realloc_cb)(void *, size_t); +typedef void (*dyn_MEM_free_cb)(void *); +typedef struct st_dynamic_MEM_fns { + dyn_MEM_malloc_cb malloc_cb; + dyn_MEM_realloc_cb realloc_cb; + dyn_MEM_free_cb free_cb; + } dynamic_MEM_fns; +/* FIXME: Perhaps the memory and locking code (crypto.h) should declare and use + * these types so we (and any other dependant code) can simplify a bit?? */ +typedef void (*dyn_lock_locking_cb)(int,int,const char *,int); +typedef int (*dyn_lock_add_lock_cb)(int*,int,int,const char *,int); +typedef struct CRYPTO_dynlock_value *(*dyn_dynlock_create_cb)( + const char *,int); +typedef void (*dyn_dynlock_lock_cb)(int,struct CRYPTO_dynlock_value *, + const char *,int); +typedef void (*dyn_dynlock_destroy_cb)(struct CRYPTO_dynlock_value *, + const char *,int); +typedef struct st_dynamic_LOCK_fns { + dyn_lock_locking_cb lock_locking_cb; + dyn_lock_add_lock_cb lock_add_lock_cb; + dyn_dynlock_create_cb dynlock_create_cb; + dyn_dynlock_lock_cb dynlock_lock_cb; + dyn_dynlock_destroy_cb dynlock_destroy_cb; + } dynamic_LOCK_fns; +/* The top-level structure */ +typedef struct st_dynamic_fns { + const ERR_FNS *err_fns; + const CRYPTO_EX_DATA_IMPL *ex_data_fns; + dynamic_MEM_fns mem_fns; + dynamic_LOCK_fns lock_fns; + } dynamic_fns; + +/* The version checking function should be of this prototype. NB: The + * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading code. + * If this function returns zero, it indicates a (potential) version + * incompatibility and the loaded library doesn't believe it can proceed. + * Otherwise, the returned value is the (latest) version supported by the + * loading library. The loader may still decide that the loaded code's version + * is unsatisfactory and could veto the load. The function is expected to + * be implemented with the symbol name "v_check", and a default implementation + * can be fully instantiated with IMPLEMENT_DYNAMIC_CHECK_FN(). */ +typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version); +#define IMPLEMENT_DYNAMIC_CHECK_FN() \ + unsigned long v_check(unsigned long v) { \ + if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \ + return 0; } + +/* This function is passed the ENGINE structure to initialise with its own + * function and command settings. It should not adjust the structural or + * functional reference counts. If this function returns zero, (a) the load will + * be aborted, (b) the previous ENGINE state will be memcpy'd back onto the + * structure, and (c) the shared library will be unloaded. So implementations + * should do their own internal cleanup in failure circumstances otherwise they + * could leak. The 'id' parameter, if non-NULL, represents the ENGINE id that + * the loader is looking for. If this is NULL, the shared library can choose to + * return failure or to initialise a 'default' ENGINE. If non-NULL, the shared + * library must initialise only an ENGINE matching the passed 'id'. The function + * is expected to be implemented with the symbol name "bind_engine". A standard + * implementation can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where + * the parameter 'fn' is a callback function that populates the ENGINE structure + * and returns an int value (zero for failure). 'fn' should have prototype; + * [static] int fn(ENGINE *e, const char *id); */ +typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id, + const dynamic_fns *fns); +#define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ + int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ + if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \ + fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \ + return 0; \ + CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \ + CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \ + CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \ + CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \ + CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \ + if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \ + return 0; \ + if(!ERR_set_implementation(fns->err_fns)) return 0; \ + if(!fn(e,id)) return 0; \ + return 1; } /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes @@ -467,23 +589,14 @@ void ERR_load_ENGINE_strings(void); /* Error codes for the ENGINE functions. */ /* Function codes. */ -#define ENGINE_F_ATALLA_CTRL 173 -#define ENGINE_F_ATALLA_FINISH 159 -#define ENGINE_F_ATALLA_INIT 160 -#define ENGINE_F_ATALLA_MOD_EXP 161 -#define ENGINE_F_ATALLA_RSA_MOD_EXP 162 -#define ENGINE_F_CSWIFT_CTRL 174 -#define ENGINE_F_CSWIFT_DSA_SIGN 133 -#define ENGINE_F_CSWIFT_DSA_VERIFY 134 -#define ENGINE_F_CSWIFT_FINISH 100 -#define ENGINE_F_CSWIFT_INIT 101 -#define ENGINE_F_CSWIFT_MOD_EXP 102 -#define ENGINE_F_CSWIFT_MOD_EXP_CRT 103 -#define ENGINE_F_CSWIFT_RSA_MOD_EXP 104 +#define ENGINE_F_DYNAMIC_CTRL 180 +#define ENGINE_F_DYNAMIC_GET_DATA_CTX 181 +#define ENGINE_F_DYNAMIC_LOAD 182 #define ENGINE_F_ENGINE_ADD 105 #define ENGINE_F_ENGINE_BY_ID 106 #define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE 170 #define ENGINE_F_ENGINE_CTRL 142 +#define ENGINE_F_ENGINE_CTRL_CMD 178 #define ENGINE_F_ENGINE_CTRL_CMD_STRING 171 #define ENGINE_F_ENGINE_FINISH 107 #define ENGINE_F_ENGINE_FREE 108 @@ -501,30 +614,9 @@ void ERR_load_ENGINE_strings(void); #define ENGINE_F_ENGINE_SET_ID 129 #define ENGINE_F_ENGINE_SET_NAME 130 #define ENGINE_F_ENGINE_UNLOAD_KEY 152 -#define ENGINE_F_HWCRHK_CTRL 143 -#define ENGINE_F_HWCRHK_FINISH 135 -#define ENGINE_F_HWCRHK_GET_PASS 155 -#define ENGINE_F_HWCRHK_INIT 136 -#define ENGINE_F_HWCRHK_LOAD_PRIVKEY 153 -#define ENGINE_F_HWCRHK_LOAD_PUBKEY 154 -#define ENGINE_F_HWCRHK_MOD_EXP 137 -#define ENGINE_F_HWCRHK_MOD_EXP_CRT 138 -#define ENGINE_F_HWCRHK_RAND_BYTES 139 -#define ENGINE_F_HWCRHK_RSA_MOD_EXP 140 #define ENGINE_F_INT_CTRL_HELPER 172 #define ENGINE_F_LOG_MESSAGE 141 -#define ENGINE_F_NURON_CTRL 175 -#define ENGINE_F_NURON_FINISH 157 -#define ENGINE_F_NURON_INIT 156 -#define ENGINE_F_NURON_MOD_EXP 158 -#define ENGINE_F_UBSEC_CTRL 176 -#define ENGINE_F_UBSEC_DSA_SIGN 163 -#define ENGINE_F_UBSEC_DSA_VERIFY 164 -#define ENGINE_F_UBSEC_FINISH 165 -#define ENGINE_F_UBSEC_INIT 166 -#define ENGINE_F_UBSEC_MOD_EXP 167 -#define ENGINE_F_UBSEC_RSA_MOD_EXP 168 -#define ENGINE_F_UBSEC_RSA_MOD_EXP_CRT 169 +#define ENGINE_F_SET_DATA_CTX 183 /* Reason codes. */ #define ENGINE_R_ALREADY_LOADED 100 @@ -551,6 +643,7 @@ void ERR_load_ENGINE_strings(void); #define ENGINE_R_ID_OR_NAME_MISSING 108 #define ENGINE_R_INIT_FAILED 109 #define ENGINE_R_INTERNAL_LIST_ERROR 110 +#define ENGINE_R_INVALID_ARGUMENT 143 #define ENGINE_R_INVALID_CMD_NAME 137 #define ENGINE_R_INVALID_CMD_NUMBER 138 #define ENGINE_R_MISSING_KEY_COMPONENTS 111 @@ -558,6 +651,7 @@ void ERR_load_ENGINE_strings(void); #define ENGINE_R_NOT_LOADED 112 #define ENGINE_R_NO_CALLBACK 127 #define ENGINE_R_NO_CONTROL_FUNCTION 120 +#define ENGINE_R_NO_INDEX 144 #define ENGINE_R_NO_KEY 124 #define ENGINE_R_NO_LOAD_FUNCTION 125 #define ENGINE_R_NO_REFERENCE 130 @@ -570,6 +664,7 @@ void ERR_load_ENGINE_strings(void); #define ENGINE_R_RSA_NOT_IMPLEMENTED 141 #define ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL 122 #define ENGINE_R_UNIT_FAILURE 115 +#define ENGINE_R_VERSION_INCOMPATIBILITY 145 #ifdef __cplusplus }