This commits changes to various parts of libcrypto required by the recent
authorGeoff Thorpe <geoff@openssl.org>
Tue, 25 Sep 2001 20:23:40 +0000 (20:23 +0000)
committerGeoff Thorpe <geoff@openssl.org>
Tue, 25 Sep 2001 20:23:40 +0000 (20:23 +0000)
ENGINE surgery. DH, DSA, RAND, and RSA now use *both* "method" and ENGINE
pointers to manage their hooking with ENGINE. Previously their use of
"method" pointers was replaced by use of ENGINE references. See
crypto/engine/README for details.

Also, remove the ENGINE iterations from evp_test - even when the
cipher/digest code is committed in, this functionality would require a
different set of API calls.

17 files changed:
crypto/dh/dh.h
crypto/dh/dh_key.c
crypto/dh/dh_lib.c
crypto/dh/dhtest.c
crypto/dsa/dsa.h
crypto/dsa/dsa_lib.c
crypto/dsa/dsa_ossl.c
crypto/dsa/dsa_sign.c
crypto/dsa/dsa_vrf.c
crypto/dsa/dsatest.c
crypto/evp/evp_test.c
crypto/rand/rand.h
crypto/rand/rand_lib.c
crypto/rsa/rsa.h
crypto/rsa/rsa_eay.c
crypto/rsa/rsa_lib.c
crypto/rsa/rsa_test.c

index fe2da7a..65d61e2 100644 (file)
@@ -68,6 +68,7 @@
 #endif
 #include <openssl/bn.h>
 #include <openssl/crypto.h>
+#include <openssl/types.h>
        
 #define DH_FLAG_CACHE_MONT_P   0x01
 
@@ -115,11 +116,8 @@ struct dh_st
 
        int references;
        CRYPTO_EX_DATA ex_data;
-#if 0
-       DH_METHOD *meth;
-#else
-       struct engine_st *engine;
-#endif
+       const DH_METHOD *meth;
+       ENGINE *engine;
        };
 
 #define DH_GENERATOR_2         2
@@ -154,15 +152,10 @@ struct dh_st
 
 const DH_METHOD *DH_OpenSSL(void);
 
-void DH_set_default_openssl_method(const DH_METHOD *meth);
-const DH_METHOD *DH_get_default_openssl_method(void);
-#if 0
-const DH_METHOD *DH_set_method(DH *dh, const DH_METHOD *meth);
-DH *DH_new_method(const DH_METHOD *meth);
-#else
-int DH_set_method(DH *dh, struct engine_st *engine);
-DH *DH_new_method(struct engine_st *engine);
-#endif
+void DH_set_default_method(const DH_METHOD *meth);
+const DH_METHOD *DH_get_default_method(void);
+int DH_set_method(DH *dh, const DH_METHOD *meth);
+DH *DH_new_method(ENGINE *engine);
 
 DH *   DH_new(void);
 void   DH_free(DH *dh);
index 6707277..1a0efca 100644 (file)
@@ -74,12 +74,12 @@ static int dh_finish(DH *dh);
 
 int DH_generate_key(DH *dh)
        {
-       return ENGINE_get_DH(dh->engine)->generate_key(dh);
+       return dh->meth->generate_key(dh);
        }
 
 int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
        {
-       return ENGINE_get_DH(dh->engine)->compute_key(key, pub_key, dh);
+       return dh->meth->compute_key(key, pub_key, dh);
        }
 
 static DH_METHOD dh_ossl = {
@@ -140,8 +140,8 @@ static int generate_key(DH *dh)
                l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
                if (!BN_rand(priv_key, l, 0, 0)) goto err;
                }
-       if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, pub_key, dh->g,
-               priv_key,dh->p,ctx,mont)) goto err;
+       if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, priv_key,dh->p,ctx,mont))
+               goto err;
                
        dh->pub_key=pub_key;
        dh->priv_key=priv_key;
@@ -181,8 +181,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
                }
 
        mont=(BN_MONT_CTX *)dh->method_mont_p;
-       if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, tmp, pub_key,
-                               dh->priv_key,dh->p,ctx,mont))
+       if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont))
                {
                DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB);
                goto err;
index 7804bb4..73f1c24 100644 (file)
@@ -66,97 +66,67 @@ const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
 
 static const DH_METHOD *default_DH_method = NULL;
 
-void DH_set_default_openssl_method(const DH_METHOD *meth)
-{
-       ENGINE *e;
-       /* We'll need to notify the "openssl" ENGINE of this
-        * change too. We won't bother locking things down at
-        * our end as there was never any locking in these
-        * functions! */
-       if(default_DH_method != meth)
-               {
-               default_DH_method = meth;
-               e = ENGINE_by_id("openssl");
-               if(e)
-                       {
-                       ENGINE_set_DH(e, meth);
-                       ENGINE_free(e);
-                       }
-               }
-}
+void DH_set_default_method(const DH_METHOD *meth)
+       {
+       default_DH_method = meth;
+       }
 
-const DH_METHOD *DH_get_default_openssl_method(void)
-{
-       if(!default_DH_method) default_DH_method = DH_OpenSSL();
+const DH_METHOD *DH_get_default_method(void)
+       {
+       if(!default_DH_method)
+               default_DH_method = DH_OpenSSL();
        return default_DH_method;
-}
+       }
 
-#if 0
-DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth)
-{
-        DH_METHOD *mtmp;
+int DH_set_method(DH *dh, const DH_METHOD *meth)
+       {
+       /* NB: The caller is specifically setting a method, so it's not up to us
+        * to deal with which ENGINE it comes from. */
+        const DH_METHOD *mtmp;
         mtmp = dh->meth;
         if (mtmp->finish) mtmp->finish(dh);
+       if (dh->engine)
+               {
+               ENGINE_finish(dh->engine);
+               dh->engine = NULL;
+               }
         dh->meth = meth;
         if (meth->init) meth->init(dh);
-        return mtmp;
-}
-#else
-int DH_set_method(DH *dh, ENGINE *engine)
-{
-       ENGINE *mtmp;
-       const DH_METHOD *meth;
-       mtmp = dh->engine;
-       meth = ENGINE_get_DH(mtmp);
-       if (!ENGINE_init(engine))
-               return 0;
-       if (meth->finish) meth->finish(dh);
-       dh->engine= engine;
-       meth = ENGINE_get_DH(engine);
-       if (meth->init) meth->init(dh);
-       /* SHOULD ERROR CHECK THIS!!! */
-       ENGINE_finish(mtmp);
-       return 1;
+        return 1;
 }
-#endif
 
 DH *DH_new(void)
-{
+       {
        return DH_new_method(NULL);
-}
+       }
 
-#if 0
-DH *DH_new_method(DH_METHOD *meth)
-#else
 DH *DH_new_method(ENGINE *engine)
-#endif
        {
-       const DH_METHOD *meth;
        DH *ret;
-       ret=(DH *)OPENSSL_malloc(sizeof(DH));
 
+       ret=(DH *)OPENSSL_malloc(sizeof(DH));
        if (ret == NULL)
                {
                DHerr(DH_F_DH_NEW,ERR_R_MALLOC_FAILURE);
                return(NULL);
                }
 
-       if (engine)
+       ret->meth = DH_get_default_method();
+       ret->engine = engine;
+       if(!ret->engine)
+               ret->engine = ENGINE_get_default_DH();
+       if(ret->engine)
                {
-               if(ENGINE_init(engine))
-                       ret->engine = engine;
-               else 
-                       ret->engine = NULL;
-               }
-       else
-               ret->engine=ENGINE_get_default_DH();
-       if(ret->engine == NULL)
-               {
-               DHerr(DH_F_DH_NEW,ERR_LIB_ENGINE);
-               OPENSSL_free(ret);
-               return NULL;
+               ret->meth = ENGINE_get_DH(ret->engine);
+               if(!ret->meth)
+                       {
+                       DHerr(DH_F_DH_NEW,ERR_R_ENGINE_LIB);
+                       ENGINE_finish(ret->engine);
+                       OPENSSL_free(ret);
+                       return NULL;
+                       }
                }
-       meth = ENGINE_get_DH(ret->engine);
+
        ret->pad=0;
        ret->version=0;
        ret->p=NULL;
@@ -171,9 +141,9 @@ DH *DH_new_method(ENGINE *engine)
        ret->counter = NULL;
        ret->method_mont_p=NULL;
        ret->references = 1;
-       ret->flags=meth->flags;
+       ret->flags=ret->meth->flags;
        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
-       if ((meth->init != NULL) && !meth->init(ret))
+       if ((ret->meth->init != NULL) && !ret->meth->init(ret))
                {
                CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
                OPENSSL_free(ret);
@@ -184,7 +154,6 @@ DH *DH_new_method(ENGINE *engine)
 
 void DH_free(DH *r)
        {
-       const DH_METHOD *meth;
        int i;
        if(r == NULL) return;
        i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH);
@@ -200,9 +169,10 @@ void DH_free(DH *r)
        }
 #endif
 
-       meth = ENGINE_get_DH(r->engine);
-       if(meth->finish) meth->finish(r);
-       ENGINE_finish(r->engine);
+       if (r->meth->finish)
+               r->meth->finish(r);
+       if (r->engine)
+               ENGINE_finish(r->engine);
 
        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data);
 
index e90f255..0176436 100644 (file)
@@ -66,6 +66,7 @@
 #include <openssl/bio.h>
 #include <openssl/bn.h>
 #include <openssl/rand.h>
+#include <openssl/err.h>
 
 #ifdef OPENSSL_NO_DH
 int main(int argc, char *argv[])
@@ -99,6 +100,10 @@ int main(int argc, char *argv[])
        int i,alen,blen,aout,bout,ret=1;
        BIO *out;
 
+       CRYPTO_malloc_debug_init();
+       CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+       CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
 #ifdef OPENSSL_SYS_WIN32
        CRYPTO_malloc_init();
 #endif
@@ -175,6 +180,9 @@ err:
        if(b != NULL) DH_free(b);
        if(a != NULL) DH_free(a);
        BIO_free(out);
+       CRYPTO_cleanup_all_ex_data();
+       ERR_remove_state(0);
+       CRYPTO_mem_leaks_fp(stderr);
        exit(ret);
        return(ret);
        }
index e12cee0..9692a0b 100644 (file)
@@ -74,6 +74,7 @@
 #endif
 #include <openssl/bn.h>
 #include <openssl/crypto.h>
+#include <openssl/types.h>
 #ifndef OPENSSL_NO_DH
 # include <openssl/dh.h>
 #endif
@@ -133,11 +134,9 @@ struct dsa_st
        char *method_mont_p;
        int references;
        CRYPTO_EX_DATA ex_data;
-#if 0
-       DSA_METHOD *meth;
-#else
-       struct engine_st *engine;
-#endif
+       const DSA_METHOD *meth;
+       /* functional reference if 'meth' is ENGINE-provided */
+       ENGINE *engine;
        };
 
 #define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \
@@ -163,20 +162,12 @@ int       DSA_do_verify(const unsigned char *dgst,int dgst_len,
 
 const DSA_METHOD *DSA_OpenSSL(void);
 
-void        DSA_set_default_openssl_method(const DSA_METHOD *);
-const DSA_METHOD *DSA_get_default_openssl_method(void);
-#if 0
-const DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *);
-#else
-int DSA_set_method(DSA *dsa, struct engine_st *engine);
-#endif
+void   DSA_set_default_method(const DSA_METHOD *);
+const DSA_METHOD *DSA_get_default_method(void);
+int    DSA_set_method(DSA *dsa, const DSA_METHOD *);
 
 DSA *  DSA_new(void);
-#if 0
-DSA *  DSA_new_method(DSA_METHOD *meth);
-#else
-DSA *  DSA_new_method(struct engine_st *engine);
-#endif
+DSA *  DSA_new_method(ENGINE *engine);
 void   DSA_free (DSA *r);
 /* "up" the DSA object's reference count */
 int    DSA_up_ref(DSA *r);
index 365145a..900e009 100644 (file)
@@ -69,73 +69,42 @@ const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT;
 
 static const DSA_METHOD *default_DSA_method = NULL;
 
-void DSA_set_default_openssl_method(const DSA_METHOD *meth)
-{
-       ENGINE *e;
-       /* We'll need to notify the "openssl" ENGINE of this
-        * change too. We won't bother locking things down at
-        * our end as there was never any locking in these
-        * functions! */
-       if(default_DSA_method != meth)
-               {
-               default_DSA_method = meth;
-               e = ENGINE_by_id("openssl");
-               if(e)
-                       {
-                       ENGINE_set_DSA(e, meth);
-                       ENGINE_free(e);
-                       }
-               }
-}
+void DSA_set_default_method(const DSA_METHOD *meth)
+       {
+       default_DSA_method = meth;
+       }
 
-const DSA_METHOD *DSA_get_default_openssl_method(void)
-{
-       if(!default_DSA_method) default_DSA_method = DSA_OpenSSL();
+const DSA_METHOD *DSA_get_default_method(void)
+       {
+       if(!default_DSA_method)
+               default_DSA_method = DSA_OpenSSL();
        return default_DSA_method;
-}
+       }
 
 DSA *DSA_new(void)
-{
+       {
        return DSA_new_method(NULL);
-}
+       }
 
-#if 0
-DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth)
-{
-        DSA_METHOD *mtmp;
+int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
+       {
+       /* NB: The caller is specifically setting a method, so it's not up to us
+        * to deal with which ENGINE it comes from. */
+        const DSA_METHOD *mtmp;
         mtmp = dsa->meth;
         if (mtmp->finish) mtmp->finish(dsa);
+       if (dsa->engine)
+               {
+               ENGINE_finish(dsa->engine);
+               dsa->engine = NULL;
+               }
         dsa->meth = meth;
         if (meth->init) meth->init(dsa);
-        return mtmp;
-}
-#else
-int DSA_set_method(DSA *dsa, ENGINE *engine)
-       {
-       ENGINE *mtmp;
-       const DSA_METHOD *meth;
-       mtmp = dsa->engine;
-       meth = ENGINE_get_DSA(mtmp);
-       if (!ENGINE_init(engine))
-               return 0;
-       if (meth->finish) meth->finish(dsa);
-       dsa->engine = engine;
-       meth = ENGINE_get_DSA(engine);
-       if (meth->init) meth->init(dsa);
-       /* SHOULD ERROR CHECK THIS!!! */
-       ENGINE_finish(mtmp);
-       return 1;
+        return 1;
        }
-#endif
 
-
-#if 0
-DSA *DSA_new_method(DSA_METHOD *meth)
-#else
 DSA *DSA_new_method(ENGINE *engine)
-#endif
        {
-       const DSA_METHOD *meth;
        DSA *ret;
 
        ret=(DSA *)OPENSSL_malloc(sizeof(DSA));
@@ -144,25 +113,23 @@ DSA *DSA_new_method(ENGINE *engine)
                DSAerr(DSA_F_DSA_NEW,ERR_R_MALLOC_FAILURE);
                return(NULL);
                }
-
-       if (engine)
-               {
-               if(ENGINE_init(engine))
-                       ret->engine = engine;
-               else 
-                       ret->engine = NULL;
-               }
-       else
-               ret->engine=ENGINE_get_default_DSA();
-
-       if(ret->engine == NULL)
+       ret->meth = DSA_get_default_method();
+       ret->engine = engine;
+       if(!ret->engine)
+               ret->engine = ENGINE_get_default_DSA();
+       if(ret->engine)
                {
-               DSAerr(DSA_F_DSA_NEW,ERR_LIB_ENGINE);
-               OPENSSL_free(ret);
-               return NULL;
+               ret->meth = ENGINE_get_DSA(ret->engine);
+               if(!ret->meth)
+                       {
+                       DSAerr(DSA_F_DSA_NEW,
+                               ERR_R_ENGINE_LIB);
+                       ENGINE_finish(ret->engine);
+                       OPENSSL_free(ret);
+                       return NULL;
+                       }
                }
 
-       meth = ENGINE_get_DSA(ret->engine);
        ret->pad=0;
        ret->version=0;
        ret->write_params=1;
@@ -178,9 +145,9 @@ DSA *DSA_new_method(ENGINE *engine)
        ret->method_mont_p=NULL;
 
        ret->references=1;
-       ret->flags=meth->flags;
+       ret->flags=ret->meth->flags;
        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
-       if ((meth->init != NULL) && !meth->init(ret))
+       if ((ret->meth->init != NULL) && !ret->meth->init(ret))
                {
                CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
                OPENSSL_free(ret);
@@ -192,7 +159,6 @@ DSA *DSA_new_method(ENGINE *engine)
 
 void DSA_free(DSA *r)
        {
-       const DSA_METHOD *meth;
        int i;
 
        if (r == NULL) return;
@@ -210,9 +176,10 @@ void DSA_free(DSA *r)
                }
 #endif
 
-       meth = ENGINE_get_DSA(r->engine);
-       if(meth->finish) meth->finish(r);
-       ENGINE_finish(r->engine);
+       if(r->meth->finish)
+               r->meth->finish(r);
+       if(r->engine)
+               ENGINE_finish(r->engine);
 
        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
 
index 7a5adc6..37dd5fc 100644 (file)
@@ -202,7 +202,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
                }
 
        /* Compute r = (g^k mod p) mod q */
-       if (!ENGINE_get_DSA(dsa->engine)->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
+       if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
                (BN_MONT_CTX *)dsa->method_mont_p)) goto err;
        if (!BN_mod(r,r,dsa->q,ctx)) goto err;
 
@@ -296,7 +296,7 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
        if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err;
 #else
        {
-       if (!ENGINE_get_DSA(dsa->engine)->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
+       if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
                                                dsa->p,ctx,mont)) goto err;
        /* BN_copy(&u1,&t1); */
        /* let u1 = u1 mod q */
index dfe27ba..e9469ca 100644 (file)
@@ -68,7 +68,7 @@
 
 DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
        {
-       return ENGINE_get_DSA(dsa->engine)->dsa_do_sign(dgst, dlen, dsa);
+       return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
        }
 
 int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
@@ -88,6 +88,6 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
 
 int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
        {
-       return ENGINE_get_DSA(dsa->engine)->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
+       return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
        }
 
index 28b6712..066c6b5 100644 (file)
@@ -70,7 +70,7 @@
 int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
                  DSA *dsa)
        {
-       return ENGINE_get_DSA(dsa->engine)->dsa_do_verify(dgst, dgst_len, sig, dsa);
+       return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
        }
 
 /* data has already been hashed (probably with SHA or SHA-1). */
index 5f24b59..12da64f 100644 (file)
@@ -65,6 +65,7 @@
 #include <openssl/rand.h>
 #include <openssl/bio.h>
 #include <openssl/err.h>
+#include <openssl/engine.h>
 #ifdef OPENSSL_SYS_WINDOWS
 #include "../bio/bss_file.c"
 #endif
@@ -136,9 +137,6 @@ int main(int argc, char **argv)
        unsigned char sig[256];
        unsigned int siglen;
 
-       ERR_load_crypto_strings();
-       RAND_seed(rnd_seed, sizeof rnd_seed);
-
        if (bio_err == NULL)
                bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 
@@ -146,6 +144,9 @@ int main(int argc, char **argv)
        CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
 
+       ERR_load_crypto_strings();
+       RAND_seed(rnd_seed, sizeof rnd_seed);
+
        BIO_printf(bio_err,"test generation of DSA parameters\n");
 
        dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb,bio_err);
@@ -204,6 +205,7 @@ end:
        if (dsa != NULL) DSA_free(dsa);
        CRYPTO_cleanup_all_ex_data();
        ERR_remove_state(0);
+       ERR_free_strings();
        CRYPTO_mem_leaks(bio_err);
        if (bio_err != NULL)
                {
index fa3c922..b569678 100644 (file)
@@ -217,7 +217,6 @@ static int test_cipher(const char *cipher,const unsigned char *key,int kn,
                       const unsigned char *ciphertext,int cn)
     {
     const EVP_CIPHER *c;
-    ENGINE *e;
 
     c=EVP_get_cipherbyname(cipher);
     if(!c)
@@ -225,16 +224,6 @@ static int test_cipher(const char *cipher,const unsigned char *key,int kn,
 
     test1(c,key,kn,iv,in,plaintext,pn,ciphertext,cn);
 
-    for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
-       {
-       c=ENGINE_get_cipher_by_name(e,cipher);
-       if(!c)
-           continue;
-       printf("Testing engine %s\n",ENGINE_get_name(e));
-
-       test1(c,key,kn,iv,in,plaintext,pn,ciphertext,cn);
-       }
-
     return 1;
     }
 
@@ -315,8 +304,10 @@ int main(int argc,char **argv)
        exit(2);
        }
 
+    /* Load up the software EVP_CIPHER and EVP_MD definitions */
     OpenSSL_add_all_ciphers();
     OpenSSL_add_all_digests();
+    /* Load all compiled-in ENGINEs */
     ENGINE_load_builtin_engines();
 
     for( ; ; )
index 0bfccac..30e39c3 100644 (file)
@@ -60,6 +60,7 @@
 #define HEADER_RAND_H
 
 #include <stdlib.h>
+#include <openssl/types.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -79,10 +80,9 @@ typedef struct rand_meth_st
 extern int rand_predictable;
 #endif
 
-struct engine_st;
-
-int RAND_set_rand_method(struct engine_st *meth);
-const RAND_METHOD *RAND_get_rand_method(void );
+int RAND_set_rand_method(const RAND_METHOD *meth);
+const RAND_METHOD *RAND_get_rand_method(void);
+int RAND_set_rand_engine(ENGINE *engine);
 RAND_METHOD *RAND_SSLeay(void);
 void RAND_cleanup(void );
 int  RAND_bytes(unsigned char *buf,int num);
index adbae32..5cf5dc1 100644 (file)
 #include <openssl/rand.h>
 #include <openssl/engine.h>
 
-static ENGINE *rand_engine=NULL;
+/* non-NULL if default_RAND_meth is ENGINE-provided */
+static ENGINE *funct_ref =NULL;
+static const RAND_METHOD *default_RAND_meth = NULL;
 
-#if 0
-void RAND_set_rand_method(RAND_METHOD *meth)
+int RAND_set_rand_method(const RAND_METHOD *meth)
        {
-       rand_meth=meth;
-       }
-#else
-int RAND_set_rand_method(ENGINE *engine)
-       {
-       ENGINE *mtmp;
-       mtmp = rand_engine;
-       if (engine && !ENGINE_init(engine))
-               return 0;
-       rand_engine = engine;
-       /* SHOULD ERROR CHECK THIS!!! */
-       if(mtmp)
-               ENGINE_finish(mtmp);
+       if(funct_ref)
+               {
+               ENGINE_finish(funct_ref);
+               funct_ref = NULL;
+               }
+       default_RAND_meth = meth;
        return 1;
        }
-#endif
 
 const RAND_METHOD *RAND_get_rand_method(void)
        {
-       if (rand_engine == NULL
-               && (rand_engine = ENGINE_get_default_RAND()) == NULL)
+       if (!default_RAND_meth)
+               {
+               ENGINE *e = ENGINE_get_default_RAND();
+               if(e)
+                       {
+                       default_RAND_meth = ENGINE_get_RAND(e);
+                       if(!default_RAND_meth)
+                               {
+                               ENGINE_finish(e);
+                               e = NULL;
+                               }
+                       }
+               if(e)
+                       funct_ref = e;
+               else
+                       default_RAND_meth = RAND_SSLeay();
+               }
+       return default_RAND_meth;
+       }
+
+int RAND_set_rand_engine(ENGINE *engine)
+       {
+       const RAND_METHOD *tmp_meth = NULL;
+       if(engine)
                {
-               RANDerr(RAND_F_RAND_GET_RAND_METHOD,ERR_LIB_ENGINE);
-               return NULL;
+               if(!ENGINE_init(engine))
+                       return 0;
+               tmp_meth = ENGINE_get_RAND(engine);
+               if(!tmp_meth)
+                       {
+                       ENGINE_finish(engine);
+                       return 0;
+                       }
                }
-       return ENGINE_get_RAND(rand_engine);
+       /* This function releases any prior ENGINE so call it first */
+       RAND_set_rand_method(tmp_meth);
+       funct_ref = engine;
+       return 1;
        }
 
 void RAND_cleanup(void)
@@ -100,6 +124,7 @@ void RAND_cleanup(void)
        const RAND_METHOD *meth = RAND_get_rand_method();
        if (meth && meth->cleanup)
                meth->cleanup();
+       RAND_set_rand_method(NULL);
        }
 
 void RAND_seed(const void *buf, int num)
index 993b539..459dba0 100644 (file)
@@ -66,6 +66,7 @@
 #endif
 #include <openssl/bn.h>
 #include <openssl/crypto.h>
+#include <openssl/types.h>
 
 #ifdef OPENSSL_NO_RSA
 #error RSA is disabled.
@@ -122,11 +123,9 @@ struct rsa_st
         * this is passed instead of aEVP_PKEY, it is set to 0 */
        int pad;
        long version;
-#if 0
-       RSA_METHOD *meth;
-#else
-       struct engine_st *engine;
-#endif
+       const RSA_METHOD *meth;
+       /* functional reference if 'meth' is ENGINE-provided */
+       ENGINE *engine;
        BIGNUM *n;
        BIGNUM *e;
        BIGNUM *d;
@@ -180,11 +179,7 @@ struct rsa_st
 #define RSA_get_app_data(s)             RSA_get_ex_data(s,0)
 
 RSA *  RSA_new(void);
-#if 0
-RSA *  RSA_new_method(RSA_METHOD *method);
-#else
-RSA *  RSA_new_method(struct engine_st *engine);
-#endif
+RSA *  RSA_new_method(ENGINE *engine);
 int    RSA_size(const RSA *);
 RSA *  RSA_generate_key(int bits, unsigned long e,void
                (*callback)(int,int,void *),void *cb_arg);
@@ -204,14 +199,10 @@ int       RSA_up_ref(RSA *r);
 
 int    RSA_flags(const RSA *r);
 
-void RSA_set_default_openssl_method(const RSA_METHOD *meth);
-const RSA_METHOD *RSA_get_default_openssl_method(void);
+void RSA_set_default_method(const RSA_METHOD *meth);
+const RSA_METHOD *RSA_get_default_method(void);
 const RSA_METHOD *RSA_get_method(const RSA *rsa);
-#if 0
-RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth);
-#else
-int RSA_set_method(RSA *rsa, struct engine_st *engine);
-#endif
+int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
 
 /* This function needs the memory locking malloc callbacks to be installed */
 int RSA_memory_lock(RSA *r);
index 83891df..d82dd15 100644 (file)
@@ -100,13 +100,11 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void)
 static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
             unsigned char *to, RSA *rsa, int padding)
        {
-       const RSA_METHOD *meth;
        BIGNUM f,ret;
        int i,j,k,num=0,r= -1;
        unsigned char *buf=NULL;
        BN_CTX *ctx=NULL;
 
-       meth = ENGINE_get_RSA(rsa->engine);
        BN_init(&f);
        BN_init(&ret);
        if ((ctx=BN_CTX_new()) == NULL) goto err;
@@ -172,7 +170,7 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
                        BN_MONT_CTX_free(bn_mont_ctx);
                }
                
-       if (!meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
+       if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
                rsa->_method_mod_n)) goto err;
 
        /* put in leading 0 bytes if the number is less than the
@@ -199,13 +197,11 @@ err:
 static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
             unsigned char *to, RSA *rsa, int padding)
        {
-       const RSA_METHOD *meth;
        BIGNUM f,ret;
        int i,j,k,num=0,r= -1;
        unsigned char *buf=NULL;
        BN_CTX *ctx=NULL;
 
-       meth = ENGINE_get_RSA(rsa->engine);
        BN_init(&f);
        BN_init(&ret);
 
@@ -252,10 +248,10 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
                (rsa->dmp1 != NULL) &&
                (rsa->dmq1 != NULL) &&
                (rsa->iqmp != NULL)) )
-               { if (!meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
+               { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
        else
                {
-               if (!meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err;
+               if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err;
                }
 
        if (rsa->flags & RSA_FLAG_BLINDING)
@@ -284,14 +280,12 @@ err:
 static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
             unsigned char *to, RSA *rsa, int padding)
        {
-       const RSA_METHOD *meth;
        BIGNUM f,ret;
        int j,num=0,r= -1;
        unsigned char *p;
        unsigned char *buf=NULL;
        BN_CTX *ctx=NULL;
 
-       meth = ENGINE_get_RSA(rsa->engine);
        BN_init(&f);
        BN_init(&ret);
        ctx=BN_CTX_new();
@@ -334,10 +328,10 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
                (rsa->dmp1 != NULL) &&
                (rsa->dmq1 != NULL) &&
                (rsa->iqmp != NULL)) )
-               { if (!meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
+               { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
        else
                {
-               if (!meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL))
+               if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL))
                        goto err;
                }
 
@@ -386,14 +380,12 @@ err:
 static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
             unsigned char *to, RSA *rsa, int padding)
        {
-       const RSA_METHOD *meth;
        BIGNUM f,ret;
        int i,num=0,r= -1;
        unsigned char *p;
        unsigned char *buf=NULL;
        BN_CTX *ctx=NULL;
 
-       meth = ENGINE_get_RSA(rsa->engine);
        BN_init(&f);
        BN_init(&ret);
        ctx=BN_CTX_new();
@@ -448,7 +440,7 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
                        BN_MONT_CTX_free(bn_mont_ctx);
                }
                
-       if (!meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
+       if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
                rsa->_method_mod_n)) goto err;
 
        p=buf;
@@ -483,12 +475,10 @@ err:
 
 static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
        {
-       const RSA_METHOD *meth;
        BIGNUM r1,m1,vrfy;
        int ret=0;
        BN_CTX *ctx;
 
-       meth = ENGINE_get_RSA(rsa->engine);
        if ((ctx=BN_CTX_new()) == NULL) goto err;
        BN_init(&m1);
        BN_init(&r1);
@@ -546,11 +536,11 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
                }
                
        if (!BN_mod(&r1,I,rsa->q,ctx)) goto err;
-       if (!meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx,
+       if (!rsa->meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx,
                rsa->_method_mod_q)) goto err;
 
        if (!BN_mod(&r1,I,rsa->p,ctx)) goto err;
-       if (!meth->bn_mod_exp(r0,&r1,rsa->dmp1,rsa->p,ctx,
+       if (!rsa->meth->bn_mod_exp(r0,&r1,rsa->dmp1,rsa->p,ctx,
                rsa->_method_mod_p)) goto err;
 
        if (!BN_sub(r0,r0,&m1)) goto err;
@@ -575,7 +565,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
 
        if (rsa->e && rsa->n)
                {
-               if (!meth->bn_mod_exp(&vrfy,r0,rsa->e,rsa->n,ctx,NULL)) goto err;
+               if (!rsa->meth->bn_mod_exp(&vrfy,r0,rsa->e,rsa->n,ctx,NULL)) goto err;
                /* If 'I' was greater than (or equal to) rsa->n, the operation
                 * will be equivalent to using 'I mod n'. However, the result of
                 * the verify will *always* be less than 'n' so we don't check
@@ -588,7 +578,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
                        /* 'I' and 'vrfy' aren't congruent mod n. Don't leak
                         * miscalculated CRT output, just do a raw (slower)
                         * mod_exp and return that instead. */
-                       if (!meth->bn_mod_exp(r0,I,rsa->d,rsa->n,ctx,NULL)) goto err;
+                       if (!rsa->meth->bn_mod_exp(r0,I,rsa->d,rsa->n,ctx,NULL)) goto err;
                }
        ret=1;
 err:
index ef9f924..b81fb6d 100644 (file)
@@ -73,27 +73,13 @@ RSA *RSA_new(void)
        return(RSA_new_method(NULL));
        }
 
-void RSA_set_default_openssl_method(const RSA_METHOD *meth)
+void RSA_set_default_method(const RSA_METHOD *meth)
        {
-       ENGINE *e;
-       /* We'll need to notify the "openssl" ENGINE of this
-        * change too. We won't bother locking things down at
-        * our end as there was never any locking in these
-        * functions! */
-       if(default_RSA_meth != meth)
-               {
-               default_RSA_meth = meth;
-               e = ENGINE_by_id("openssl");
-               if(e)
-                       {
-                       ENGINE_set_RSA(e, meth);
-                       ENGINE_free(e);
-                       }
-               }
+       default_RSA_meth = meth;
        }
 
-const RSA_METHOD *RSA_get_default_openssl_method(void)
-{
+const RSA_METHOD *RSA_get_default_method(void)
+       {
        if (default_RSA_meth == NULL)
                {
 #ifdef RSA_NULL
@@ -108,49 +94,32 @@ const RSA_METHOD *RSA_get_default_openssl_method(void)
                }
 
        return default_RSA_meth;
-}
+       }
 
 const RSA_METHOD *RSA_get_method(const RSA *rsa)
-{
-       return ENGINE_get_RSA(rsa->engine);
-}
-
-#if 0
-RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth)
-{
-       RSA_METHOD *mtmp;
+       {
+       return rsa->meth;
+       }
+
+int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
+       {
+       /* NB: The caller is specifically setting a method, so it's not up to us
+        * to deal with which ENGINE it comes from. */
+       const RSA_METHOD *mtmp;
        mtmp = rsa->meth;
        if (mtmp->finish) mtmp->finish(rsa);
+       if (rsa->engine)
+               {
+               ENGINE_finish(rsa->engine);
+               rsa->engine = NULL;
+               }
        rsa->meth = meth;
        if (meth->init) meth->init(rsa);
-       return mtmp;
-}
-#else
-int RSA_set_method(RSA *rsa, ENGINE *engine)
-{
-       ENGINE *mtmp;
-       const RSA_METHOD *meth;
-       mtmp = rsa->engine;
-       meth = ENGINE_get_RSA(mtmp);
-       if (!ENGINE_init(engine))
-               return 0;
-       if (meth->finish) meth->finish(rsa);
-       rsa->engine = engine;
-       meth = ENGINE_get_RSA(engine);
-       if (meth->init) meth->init(rsa);
-       /* SHOULD ERROR CHECK THIS!!! */
-       ENGINE_finish(mtmp);
        return 1;
-}
-#endif
+       }
 
-#if 0
-RSA *RSA_new_method(RSA_METHOD *meth)
-#else
 RSA *RSA_new_method(ENGINE *engine)
-#endif
        {
-       const RSA_METHOD *meth;
        RSA *ret;
 
        ret=(RSA *)OPENSSL_malloc(sizeof(RSA));
@@ -160,25 +129,23 @@ RSA *RSA_new_method(ENGINE *engine)
                return(NULL);
                }
 
-       if (engine)
+       ret->meth = RSA_get_default_method();
+       ret->engine = engine;
+       if(!ret->engine)
+               ret->engine = ENGINE_get_default_RSA();
+       if(ret->engine)
                {
-               if(ENGINE_init(engine))
-                       ret->engine = engine;
-               else 
-                       ret->engine = NULL;
-               }
-       else
-               ret->engine=ENGINE_get_default_RSA();
-
-       if(ret->engine == NULL)
-               {
-               RSAerr(RSA_F_RSA_NEW_METHOD,ERR_LIB_ENGINE);
-               OPENSSL_free(ret);
-               return NULL;
+               ret->meth = ENGINE_get_RSA(ret->engine);
+               if(!ret->meth)
+                       {
+                       RSAerr(RSA_F_RSA_NEW_METHOD,
+                               ERR_R_ENGINE_LIB);
+                       ENGINE_finish(ret->engine);
+                       OPENSSL_free(ret);
+                       return NULL;
+                       }
                }
 
-       meth = ENGINE_get_RSA(ret->engine);
-
        ret->pad=0;
        ret->version=0;
        ret->n=NULL;
@@ -195,9 +162,9 @@ RSA *RSA_new_method(ENGINE *engine)
        ret->_method_mod_q=NULL;
        ret->blinding=NULL;
        ret->bignum_data=NULL;
-       ret->flags=meth->flags;
+       ret->flags=ret->meth->flags;
        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
-       if ((meth->init != NULL) && !meth->init(ret))
+       if ((ret->meth->init != NULL) && !ret->meth->init(ret))
                {
                CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
                OPENSSL_free(ret);
@@ -208,7 +175,6 @@ RSA *RSA_new_method(ENGINE *engine)
 
 void RSA_free(RSA *r)
        {
-       const RSA_METHOD *meth;
        int i;
 
        if (r == NULL) return;
@@ -226,10 +192,10 @@ void RSA_free(RSA *r)
                }
 #endif
 
-       meth = ENGINE_get_RSA(r->engine);
-       if (meth->finish != NULL)
-               meth->finish(r);
-       ENGINE_finish(r->engine);
+       if (r->meth->finish)
+               r->meth->finish(r);
+       if (r->engine)
+               ENGINE_finish(r->engine);
 
        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
 
@@ -287,34 +253,30 @@ int RSA_size(const RSA *r)
 int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
             RSA *rsa, int padding)
        {
-       return(ENGINE_get_RSA(rsa->engine)->rsa_pub_enc(flen,
-               from, to, rsa, padding));
+       return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding));
        }
 
 int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
             RSA *rsa, int padding)
        {
-       return(ENGINE_get_RSA(rsa->engine)->rsa_priv_enc(flen,
-               from, to, rsa, padding));
+       return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
        }
 
 int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
             RSA *rsa, int padding)
        {
-       return(ENGINE_get_RSA(rsa->engine)->rsa_priv_dec(flen,
-               from, to, rsa, padding));
+       return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding));
        }
 
 int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
             RSA *rsa, int padding)
        {
-       return(ENGINE_get_RSA(rsa->engine)->rsa_pub_dec(flen,
-               from, to, rsa, padding));
+       return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
        }
 
 int RSA_flags(const RSA *r)
        {
-       return((r == NULL)?0:ENGINE_get_RSA(r->engine)->flags);
+       return((r == NULL)?0:r->meth->flags);
        }
 
 void RSA_blinding_off(RSA *rsa)
@@ -348,8 +310,7 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
        if (!BN_rand_range(A,rsa->n)) goto err;
        if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err;
 
-       if (!ENGINE_get_RSA(rsa->engine)->bn_mod_exp(A,A,
-               rsa->e,rsa->n,ctx,rsa->_method_mod_n))
+       if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n))
            goto err;
        rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n);
        rsa->flags|=RSA_FLAG_BLINDING;
@@ -405,4 +366,3 @@ int RSA_memory_lock(RSA *r)
        r->bignum_data=p;
        return(1);
        }
-
index 5dee24b..b8b462d 100644 (file)
@@ -16,6 +16,7 @@ int main(int argc, char *argv[])
 }
 #else
 #include <openssl/rsa.h>
+#include <openssl/engine.h>
 
 #define SetKey \
   key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \
@@ -219,12 +220,12 @@ int main(int argc, char *argv[])
     int clen = 0;
     int num;
 
-    RAND_seed(rnd_seed, sizeof rnd_seed); /* or OAEP may fail */
-
     CRYPTO_malloc_debug_init();
     CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
     CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-       
+
+    RAND_seed(rnd_seed, sizeof rnd_seed); /* or OAEP may fail */
+
     plen = sizeof(ptext_ex) - 1;
 
     for (v = 0; v < 3; v++)
@@ -310,7 +311,7 @@ int main(int argc, char *argv[])
     CRYPTO_cleanup_all_ex_data();
     ERR_remove_state(0);
 
-    CRYPTO_mem_leaks_fp(stdout);
+    CRYPTO_mem_leaks_fp(stderr);
 
     return err;
     }