From cb78486d97328121add07df466b7578076650a90 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Tue, 25 Sep 2001 20:23:40 +0000 Subject: [PATCH] This commits changes to various parts of libcrypto required by the recent ENGINE surgery. DH, DSA, RAND, and RSA now use *both* "method" and ENGINE pointers to manage their hooking with ENGINE. Previously their use of "method" pointers was replaced by use of ENGINE references. See crypto/engine/README for details. Also, remove the ENGINE iterations from evp_test - even when the cipher/digest code is committed in, this functionality would require a different set of API calls. --- crypto/dh/dh.h | 21 +++---- crypto/dh/dh_key.c | 11 ++-- crypto/dh/dh_lib.c | 116 ++++++++++++++---------------------- crypto/dh/dhtest.c | 8 +++ crypto/dsa/dsa.h | 25 +++----- crypto/dsa/dsa_lib.c | 117 +++++++++++++----------------------- crypto/dsa/dsa_ossl.c | 4 +- crypto/dsa/dsa_sign.c | 4 +- crypto/dsa/dsa_vrf.c | 2 +- crypto/dsa/dsatest.c | 8 ++- crypto/evp/evp_test.c | 13 +--- crypto/rand/rand.h | 8 +-- crypto/rand/rand_lib.c | 69 ++++++++++++++------- crypto/rsa/rsa.h | 25 +++----- crypto/rsa/rsa_eay.c | 30 ++++------ crypto/rsa/rsa_lib.c | 132 ++++++++++++++--------------------------- crypto/rsa/rsa_test.c | 9 +-- 17 files changed, 245 insertions(+), 357 deletions(-) diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index fe2da7abe3..65d61e2bb7 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -68,6 +68,7 @@ #endif #include #include +#include #define DH_FLAG_CACHE_MONT_P 0x01 @@ -115,11 +116,8 @@ struct dh_st int references; CRYPTO_EX_DATA ex_data; -#if 0 - DH_METHOD *meth; -#else - struct engine_st *engine; -#endif + const DH_METHOD *meth; + ENGINE *engine; }; #define DH_GENERATOR_2 2 @@ -154,15 +152,10 @@ struct dh_st const DH_METHOD *DH_OpenSSL(void); -void DH_set_default_openssl_method(const DH_METHOD *meth); -const DH_METHOD *DH_get_default_openssl_method(void); -#if 0 -const DH_METHOD *DH_set_method(DH *dh, const DH_METHOD *meth); -DH *DH_new_method(const DH_METHOD *meth); -#else -int DH_set_method(DH *dh, struct engine_st *engine); -DH *DH_new_method(struct engine_st *engine); -#endif +void DH_set_default_method(const DH_METHOD *meth); +const DH_METHOD *DH_get_default_method(void); +int DH_set_method(DH *dh, const DH_METHOD *meth); +DH *DH_new_method(ENGINE *engine); DH * DH_new(void); void DH_free(DH *dh); diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 670727798e..1a0efca2c4 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -74,12 +74,12 @@ static int dh_finish(DH *dh); int DH_generate_key(DH *dh) { - return ENGINE_get_DH(dh->engine)->generate_key(dh); + return dh->meth->generate_key(dh); } int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) { - return ENGINE_get_DH(dh->engine)->compute_key(key, pub_key, dh); + return dh->meth->compute_key(key, pub_key, dh); } static DH_METHOD dh_ossl = { @@ -140,8 +140,8 @@ static int generate_key(DH *dh) l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */ if (!BN_rand(priv_key, l, 0, 0)) goto err; } - if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, pub_key, dh->g, - priv_key,dh->p,ctx,mont)) goto err; + if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, priv_key,dh->p,ctx,mont)) + goto err; dh->pub_key=pub_key; dh->priv_key=priv_key; @@ -181,8 +181,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) } mont=(BN_MONT_CTX *)dh->method_mont_p; - if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, tmp, pub_key, - dh->priv_key,dh->p,ctx,mont)) + if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont)) { DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB); goto err; diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index 7804bb4fd0..73f1c249f3 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -66,97 +66,67 @@ const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT; static const DH_METHOD *default_DH_method = NULL; -void DH_set_default_openssl_method(const DH_METHOD *meth) -{ - ENGINE *e; - /* We'll need to notify the "openssl" ENGINE of this - * change too. We won't bother locking things down at - * our end as there was never any locking in these - * functions! */ - if(default_DH_method != meth) - { - default_DH_method = meth; - e = ENGINE_by_id("openssl"); - if(e) - { - ENGINE_set_DH(e, meth); - ENGINE_free(e); - } - } -} +void DH_set_default_method(const DH_METHOD *meth) + { + default_DH_method = meth; + } -const DH_METHOD *DH_get_default_openssl_method(void) -{ - if(!default_DH_method) default_DH_method = DH_OpenSSL(); +const DH_METHOD *DH_get_default_method(void) + { + if(!default_DH_method) + default_DH_method = DH_OpenSSL(); return default_DH_method; -} + } -#if 0 -DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth) -{ - DH_METHOD *mtmp; +int DH_set_method(DH *dh, const DH_METHOD *meth) + { + /* NB: The caller is specifically setting a method, so it's not up to us + * to deal with which ENGINE it comes from. */ + const DH_METHOD *mtmp; mtmp = dh->meth; if (mtmp->finish) mtmp->finish(dh); + if (dh->engine) + { + ENGINE_finish(dh->engine); + dh->engine = NULL; + } dh->meth = meth; if (meth->init) meth->init(dh); - return mtmp; -} -#else -int DH_set_method(DH *dh, ENGINE *engine) -{ - ENGINE *mtmp; - const DH_METHOD *meth; - mtmp = dh->engine; - meth = ENGINE_get_DH(mtmp); - if (!ENGINE_init(engine)) - return 0; - if (meth->finish) meth->finish(dh); - dh->engine= engine; - meth = ENGINE_get_DH(engine); - if (meth->init) meth->init(dh); - /* SHOULD ERROR CHECK THIS!!! */ - ENGINE_finish(mtmp); - return 1; + return 1; } -#endif DH *DH_new(void) -{ + { return DH_new_method(NULL); -} + } -#if 0 -DH *DH_new_method(DH_METHOD *meth) -#else DH *DH_new_method(ENGINE *engine) -#endif { - const DH_METHOD *meth; DH *ret; - ret=(DH *)OPENSSL_malloc(sizeof(DH)); + ret=(DH *)OPENSSL_malloc(sizeof(DH)); if (ret == NULL) { DHerr(DH_F_DH_NEW,ERR_R_MALLOC_FAILURE); return(NULL); } - if (engine) + ret->meth = DH_get_default_method(); + ret->engine = engine; + if(!ret->engine) + ret->engine = ENGINE_get_default_DH(); + if(ret->engine) { - if(ENGINE_init(engine)) - ret->engine = engine; - else - ret->engine = NULL; - } - else - ret->engine=ENGINE_get_default_DH(); - if(ret->engine == NULL) - { - DHerr(DH_F_DH_NEW,ERR_LIB_ENGINE); - OPENSSL_free(ret); - return NULL; + ret->meth = ENGINE_get_DH(ret->engine); + if(!ret->meth) + { + DHerr(DH_F_DH_NEW,ERR_R_ENGINE_LIB); + ENGINE_finish(ret->engine); + OPENSSL_free(ret); + return NULL; + } } - meth = ENGINE_get_DH(ret->engine); + ret->pad=0; ret->version=0; ret->p=NULL; @@ -171,9 +141,9 @@ DH *DH_new_method(ENGINE *engine) ret->counter = NULL; ret->method_mont_p=NULL; ret->references = 1; - ret->flags=meth->flags; + ret->flags=ret->meth->flags; CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); - if ((meth->init != NULL) && !meth->init(ret)) + if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); OPENSSL_free(ret); @@ -184,7 +154,6 @@ DH *DH_new_method(ENGINE *engine) void DH_free(DH *r) { - const DH_METHOD *meth; int i; if(r == NULL) return; i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH); @@ -200,9 +169,10 @@ void DH_free(DH *r) } #endif - meth = ENGINE_get_DH(r->engine); - if(meth->finish) meth->finish(r); - ENGINE_finish(r->engine); + if (r->meth->finish) + r->meth->finish(r); + if (r->engine) + ENGINE_finish(r->engine); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data); diff --git a/crypto/dh/dhtest.c b/crypto/dh/dhtest.c index e90f255f6c..0176436a55 100644 --- a/crypto/dh/dhtest.c +++ b/crypto/dh/dhtest.c @@ -66,6 +66,7 @@ #include #include #include +#include #ifdef OPENSSL_NO_DH int main(int argc, char *argv[]) @@ -99,6 +100,10 @@ int main(int argc, char *argv[]) int i,alen,blen,aout,bout,ret=1; BIO *out; + CRYPTO_malloc_debug_init(); + CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + #ifdef OPENSSL_SYS_WIN32 CRYPTO_malloc_init(); #endif @@ -175,6 +180,9 @@ err: if(b != NULL) DH_free(b); if(a != NULL) DH_free(a); BIO_free(out); + CRYPTO_cleanup_all_ex_data(); + ERR_remove_state(0); + CRYPTO_mem_leaks_fp(stderr); exit(ret); return(ret); } diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h index e12cee0b75..9692a0b6ff 100644 --- a/crypto/dsa/dsa.h +++ b/crypto/dsa/dsa.h @@ -74,6 +74,7 @@ #endif #include #include +#include #ifndef OPENSSL_NO_DH # include #endif @@ -133,11 +134,9 @@ struct dsa_st char *method_mont_p; int references; CRYPTO_EX_DATA ex_data; -#if 0 - DSA_METHOD *meth; -#else - struct engine_st *engine; -#endif + const DSA_METHOD *meth; + /* functional reference if 'meth' is ENGINE-provided */ + ENGINE *engine; }; #define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \ @@ -163,20 +162,12 @@ int DSA_do_verify(const unsigned char *dgst,int dgst_len, const DSA_METHOD *DSA_OpenSSL(void); -void DSA_set_default_openssl_method(const DSA_METHOD *); -const DSA_METHOD *DSA_get_default_openssl_method(void); -#if 0 -const DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *); -#else -int DSA_set_method(DSA *dsa, struct engine_st *engine); -#endif +void DSA_set_default_method(const DSA_METHOD *); +const DSA_METHOD *DSA_get_default_method(void); +int DSA_set_method(DSA *dsa, const DSA_METHOD *); DSA * DSA_new(void); -#if 0 -DSA * DSA_new_method(DSA_METHOD *meth); -#else -DSA * DSA_new_method(struct engine_st *engine); -#endif +DSA * DSA_new_method(ENGINE *engine); void DSA_free (DSA *r); /* "up" the DSA object's reference count */ int DSA_up_ref(DSA *r); diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index 365145a96b..900e0098fa 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -69,73 +69,42 @@ const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT; static const DSA_METHOD *default_DSA_method = NULL; -void DSA_set_default_openssl_method(const DSA_METHOD *meth) -{ - ENGINE *e; - /* We'll need to notify the "openssl" ENGINE of this - * change too. We won't bother locking things down at - * our end as there was never any locking in these - * functions! */ - if(default_DSA_method != meth) - { - default_DSA_method = meth; - e = ENGINE_by_id("openssl"); - if(e) - { - ENGINE_set_DSA(e, meth); - ENGINE_free(e); - } - } -} +void DSA_set_default_method(const DSA_METHOD *meth) + { + default_DSA_method = meth; + } -const DSA_METHOD *DSA_get_default_openssl_method(void) -{ - if(!default_DSA_method) default_DSA_method = DSA_OpenSSL(); +const DSA_METHOD *DSA_get_default_method(void) + { + if(!default_DSA_method) + default_DSA_method = DSA_OpenSSL(); return default_DSA_method; -} + } DSA *DSA_new(void) -{ + { return DSA_new_method(NULL); -} + } -#if 0 -DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth) -{ - DSA_METHOD *mtmp; +int DSA_set_method(DSA *dsa, const DSA_METHOD *meth) + { + /* NB: The caller is specifically setting a method, so it's not up to us + * to deal with which ENGINE it comes from. */ + const DSA_METHOD *mtmp; mtmp = dsa->meth; if (mtmp->finish) mtmp->finish(dsa); + if (dsa->engine) + { + ENGINE_finish(dsa->engine); + dsa->engine = NULL; + } dsa->meth = meth; if (meth->init) meth->init(dsa); - return mtmp; -} -#else -int DSA_set_method(DSA *dsa, ENGINE *engine) - { - ENGINE *mtmp; - const DSA_METHOD *meth; - mtmp = dsa->engine; - meth = ENGINE_get_DSA(mtmp); - if (!ENGINE_init(engine)) - return 0; - if (meth->finish) meth->finish(dsa); - dsa->engine = engine; - meth = ENGINE_get_DSA(engine); - if (meth->init) meth->init(dsa); - /* SHOULD ERROR CHECK THIS!!! */ - ENGINE_finish(mtmp); - return 1; + return 1; } -#endif - -#if 0 -DSA *DSA_new_method(DSA_METHOD *meth) -#else DSA *DSA_new_method(ENGINE *engine) -#endif { - const DSA_METHOD *meth; DSA *ret; ret=(DSA *)OPENSSL_malloc(sizeof(DSA)); @@ -144,25 +113,23 @@ DSA *DSA_new_method(ENGINE *engine) DSAerr(DSA_F_DSA_NEW,ERR_R_MALLOC_FAILURE); return(NULL); } - - if (engine) - { - if(ENGINE_init(engine)) - ret->engine = engine; - else - ret->engine = NULL; - } - else - ret->engine=ENGINE_get_default_DSA(); - - if(ret->engine == NULL) + ret->meth = DSA_get_default_method(); + ret->engine = engine; + if(!ret->engine) + ret->engine = ENGINE_get_default_DSA(); + if(ret->engine) { - DSAerr(DSA_F_DSA_NEW,ERR_LIB_ENGINE); - OPENSSL_free(ret); - return NULL; + ret->meth = ENGINE_get_DSA(ret->engine); + if(!ret->meth) + { + DSAerr(DSA_F_DSA_NEW, + ERR_R_ENGINE_LIB); + ENGINE_finish(ret->engine); + OPENSSL_free(ret); + return NULL; + } } - meth = ENGINE_get_DSA(ret->engine); ret->pad=0; ret->version=0; ret->write_params=1; @@ -178,9 +145,9 @@ DSA *DSA_new_method(ENGINE *engine) ret->method_mont_p=NULL; ret->references=1; - ret->flags=meth->flags; + ret->flags=ret->meth->flags; CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); - if ((meth->init != NULL) && !meth->init(ret)) + if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); OPENSSL_free(ret); @@ -192,7 +159,6 @@ DSA *DSA_new_method(ENGINE *engine) void DSA_free(DSA *r) { - const DSA_METHOD *meth; int i; if (r == NULL) return; @@ -210,9 +176,10 @@ void DSA_free(DSA *r) } #endif - meth = ENGINE_get_DSA(r->engine); - if(meth->finish) meth->finish(r); - ENGINE_finish(r->engine); + if(r->meth->finish) + r->meth->finish(r); + if(r->engine) + ENGINE_finish(r->engine); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data); diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 7a5adc6403..37dd5fc994 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -202,7 +202,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) } /* Compute r = (g^k mod p) mod q */ - if (!ENGINE_get_DSA(dsa->engine)->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx, + if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx, (BN_MONT_CTX *)dsa->method_mont_p)) goto err; if (!BN_mod(r,r,dsa->q,ctx)) goto err; @@ -296,7 +296,7 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err; #else { - if (!ENGINE_get_DSA(dsa->engine)->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2, + if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2, dsa->p,ctx,mont)) goto err; /* BN_copy(&u1,&t1); */ /* let u1 = u1 mod q */ diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c index dfe27bae47..e9469ca62f 100644 --- a/crypto/dsa/dsa_sign.c +++ b/crypto/dsa/dsa_sign.c @@ -68,7 +68,7 @@ DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) { - return ENGINE_get_DSA(dsa->engine)->dsa_do_sign(dgst, dlen, dsa); + return dsa->meth->dsa_do_sign(dgst, dlen, dsa); } int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, @@ -88,6 +88,6 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) { - return ENGINE_get_DSA(dsa->engine)->dsa_sign_setup(dsa, ctx_in, kinvp, rp); + return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); } diff --git a/crypto/dsa/dsa_vrf.c b/crypto/dsa/dsa_vrf.c index 28b6712341..066c6b5b28 100644 --- a/crypto/dsa/dsa_vrf.c +++ b/crypto/dsa/dsa_vrf.c @@ -70,7 +70,7 @@ int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) { - return ENGINE_get_DSA(dsa->engine)->dsa_do_verify(dgst, dgst_len, sig, dsa); + return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa); } /* data has already been hashed (probably with SHA or SHA-1). */ diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c index 5f24b59554..12da64f9f4 100644 --- a/crypto/dsa/dsatest.c +++ b/crypto/dsa/dsatest.c @@ -65,6 +65,7 @@ #include #include #include +#include #ifdef OPENSSL_SYS_WINDOWS #include "../bio/bss_file.c" #endif @@ -136,9 +137,6 @@ int main(int argc, char **argv) unsigned char sig[256]; unsigned int siglen; - ERR_load_crypto_strings(); - RAND_seed(rnd_seed, sizeof rnd_seed); - if (bio_err == NULL) bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); @@ -146,6 +144,9 @@ int main(int argc, char **argv) CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + ERR_load_crypto_strings(); + RAND_seed(rnd_seed, sizeof rnd_seed); + BIO_printf(bio_err,"test generation of DSA parameters\n"); dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb,bio_err); @@ -204,6 +205,7 @@ end: if (dsa != NULL) DSA_free(dsa); CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); + ERR_free_strings(); CRYPTO_mem_leaks(bio_err); if (bio_err != NULL) { diff --git a/crypto/evp/evp_test.c b/crypto/evp/evp_test.c index fa3c9221bb..b569678fdd 100644 --- a/crypto/evp/evp_test.c +++ b/crypto/evp/evp_test.c @@ -217,7 +217,6 @@ static int test_cipher(const char *cipher,const unsigned char *key,int kn, const unsigned char *ciphertext,int cn) { const EVP_CIPHER *c; - ENGINE *e; c=EVP_get_cipherbyname(cipher); if(!c) @@ -225,16 +224,6 @@ static int test_cipher(const char *cipher,const unsigned char *key,int kn, test1(c,key,kn,iv,in,plaintext,pn,ciphertext,cn); - for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) - { - c=ENGINE_get_cipher_by_name(e,cipher); - if(!c) - continue; - printf("Testing engine %s\n",ENGINE_get_name(e)); - - test1(c,key,kn,iv,in,plaintext,pn,ciphertext,cn); - } - return 1; } @@ -315,8 +304,10 @@ int main(int argc,char **argv) exit(2); } + /* Load up the software EVP_CIPHER and EVP_MD definitions */ OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); + /* Load all compiled-in ENGINEs */ ENGINE_load_builtin_engines(); for( ; ; ) diff --git a/crypto/rand/rand.h b/crypto/rand/rand.h index 0bfccac18f..30e39c3545 100644 --- a/crypto/rand/rand.h +++ b/crypto/rand/rand.h @@ -60,6 +60,7 @@ #define HEADER_RAND_H #include +#include #ifdef __cplusplus extern "C" { @@ -79,10 +80,9 @@ typedef struct rand_meth_st extern int rand_predictable; #endif -struct engine_st; - -int RAND_set_rand_method(struct engine_st *meth); -const RAND_METHOD *RAND_get_rand_method(void ); +int RAND_set_rand_method(const RAND_METHOD *meth); +const RAND_METHOD *RAND_get_rand_method(void); +int RAND_set_rand_engine(ENGINE *engine); RAND_METHOD *RAND_SSLeay(void); void RAND_cleanup(void ); int RAND_bytes(unsigned char *buf,int num); diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index adbae32ce3..5cf5dc1188 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -62,37 +62,61 @@ #include #include -static ENGINE *rand_engine=NULL; +/* non-NULL if default_RAND_meth is ENGINE-provided */ +static ENGINE *funct_ref =NULL; +static const RAND_METHOD *default_RAND_meth = NULL; -#if 0 -void RAND_set_rand_method(RAND_METHOD *meth) +int RAND_set_rand_method(const RAND_METHOD *meth) { - rand_meth=meth; - } -#else -int RAND_set_rand_method(ENGINE *engine) - { - ENGINE *mtmp; - mtmp = rand_engine; - if (engine && !ENGINE_init(engine)) - return 0; - rand_engine = engine; - /* SHOULD ERROR CHECK THIS!!! */ - if(mtmp) - ENGINE_finish(mtmp); + if(funct_ref) + { + ENGINE_finish(funct_ref); + funct_ref = NULL; + } + default_RAND_meth = meth; return 1; } -#endif const RAND_METHOD *RAND_get_rand_method(void) { - if (rand_engine == NULL - && (rand_engine = ENGINE_get_default_RAND()) == NULL) + if (!default_RAND_meth) + { + ENGINE *e = ENGINE_get_default_RAND(); + if(e) + { + default_RAND_meth = ENGINE_get_RAND(e); + if(!default_RAND_meth) + { + ENGINE_finish(e); + e = NULL; + } + } + if(e) + funct_ref = e; + else + default_RAND_meth = RAND_SSLeay(); + } + return default_RAND_meth; + } + +int RAND_set_rand_engine(ENGINE *engine) + { + const RAND_METHOD *tmp_meth = NULL; + if(engine) { - RANDerr(RAND_F_RAND_GET_RAND_METHOD,ERR_LIB_ENGINE); - return NULL; + if(!ENGINE_init(engine)) + return 0; + tmp_meth = ENGINE_get_RAND(engine); + if(!tmp_meth) + { + ENGINE_finish(engine); + return 0; + } } - return ENGINE_get_RAND(rand_engine); + /* This function releases any prior ENGINE so call it first */ + RAND_set_rand_method(tmp_meth); + funct_ref = engine; + return 1; } void RAND_cleanup(void) @@ -100,6 +124,7 @@ void RAND_cleanup(void) const RAND_METHOD *meth = RAND_get_rand_method(); if (meth && meth->cleanup) meth->cleanup(); + RAND_set_rand_method(NULL); } void RAND_seed(const void *buf, int num) diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h index 993b539b7a..459dba08b1 100644 --- a/crypto/rsa/rsa.h +++ b/crypto/rsa/rsa.h @@ -66,6 +66,7 @@ #endif #include #include +#include #ifdef OPENSSL_NO_RSA #error RSA is disabled. @@ -122,11 +123,9 @@ struct rsa_st * this is passed instead of aEVP_PKEY, it is set to 0 */ int pad; long version; -#if 0 - RSA_METHOD *meth; -#else - struct engine_st *engine; -#endif + const RSA_METHOD *meth; + /* functional reference if 'meth' is ENGINE-provided */ + ENGINE *engine; BIGNUM *n; BIGNUM *e; BIGNUM *d; @@ -180,11 +179,7 @@ struct rsa_st #define RSA_get_app_data(s) RSA_get_ex_data(s,0) RSA * RSA_new(void); -#if 0 -RSA * RSA_new_method(RSA_METHOD *method); -#else -RSA * RSA_new_method(struct engine_st *engine); -#endif +RSA * RSA_new_method(ENGINE *engine); int RSA_size(const RSA *); RSA * RSA_generate_key(int bits, unsigned long e,void (*callback)(int,int,void *),void *cb_arg); @@ -204,14 +199,10 @@ int RSA_up_ref(RSA *r); int RSA_flags(const RSA *r); -void RSA_set_default_openssl_method(const RSA_METHOD *meth); -const RSA_METHOD *RSA_get_default_openssl_method(void); +void RSA_set_default_method(const RSA_METHOD *meth); +const RSA_METHOD *RSA_get_default_method(void); const RSA_METHOD *RSA_get_method(const RSA *rsa); -#if 0 -RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth); -#else -int RSA_set_method(RSA *rsa, struct engine_st *engine); -#endif +int RSA_set_method(RSA *rsa, const RSA_METHOD *meth); /* This function needs the memory locking malloc callbacks to be installed */ int RSA_memory_lock(RSA *r); diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index 83891df316..d82dd15493 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -100,13 +100,11 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void) static int RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { - const RSA_METHOD *meth; BIGNUM f,ret; int i,j,k,num=0,r= -1; unsigned char *buf=NULL; BN_CTX *ctx=NULL; - meth = ENGINE_get_RSA(rsa->engine); BN_init(&f); BN_init(&ret); if ((ctx=BN_CTX_new()) == NULL) goto err; @@ -172,7 +170,7 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from, BN_MONT_CTX_free(bn_mont_ctx); } - if (!meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx, + if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx, rsa->_method_mod_n)) goto err; /* put in leading 0 bytes if the number is less than the @@ -199,13 +197,11 @@ err: static int RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { - const RSA_METHOD *meth; BIGNUM f,ret; int i,j,k,num=0,r= -1; unsigned char *buf=NULL; BN_CTX *ctx=NULL; - meth = ENGINE_get_RSA(rsa->engine); BN_init(&f); BN_init(&ret); @@ -252,10 +248,10 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL)) ) - { if (!meth->rsa_mod_exp(&ret,&f,rsa)) goto err; } + { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; } else { - if (!meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err; + if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err; } if (rsa->flags & RSA_FLAG_BLINDING) @@ -284,14 +280,12 @@ err: static int RSA_eay_private_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { - const RSA_METHOD *meth; BIGNUM f,ret; int j,num=0,r= -1; unsigned char *p; unsigned char *buf=NULL; BN_CTX *ctx=NULL; - meth = ENGINE_get_RSA(rsa->engine); BN_init(&f); BN_init(&ret); ctx=BN_CTX_new(); @@ -334,10 +328,10 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL)) ) - { if (!meth->rsa_mod_exp(&ret,&f,rsa)) goto err; } + { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; } else { - if (!meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) + if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err; } @@ -386,14 +380,12 @@ err: static int RSA_eay_public_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { - const RSA_METHOD *meth; BIGNUM f,ret; int i,num=0,r= -1; unsigned char *p; unsigned char *buf=NULL; BN_CTX *ctx=NULL; - meth = ENGINE_get_RSA(rsa->engine); BN_init(&f); BN_init(&ret); ctx=BN_CTX_new(); @@ -448,7 +440,7 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, BN_MONT_CTX_free(bn_mont_ctx); } - if (!meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx, + if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx, rsa->_method_mod_n)) goto err; p=buf; @@ -483,12 +475,10 @@ err: static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) { - const RSA_METHOD *meth; BIGNUM r1,m1,vrfy; int ret=0; BN_CTX *ctx; - meth = ENGINE_get_RSA(rsa->engine); if ((ctx=BN_CTX_new()) == NULL) goto err; BN_init(&m1); BN_init(&r1); @@ -546,11 +536,11 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) } if (!BN_mod(&r1,I,rsa->q,ctx)) goto err; - if (!meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx, + if (!rsa->meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx, rsa->_method_mod_q)) goto err; if (!BN_mod(&r1,I,rsa->p,ctx)) goto err; - if (!meth->bn_mod_exp(r0,&r1,rsa->dmp1,rsa->p,ctx, + if (!rsa->meth->bn_mod_exp(r0,&r1,rsa->dmp1,rsa->p,ctx, rsa->_method_mod_p)) goto err; if (!BN_sub(r0,r0,&m1)) goto err; @@ -575,7 +565,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) if (rsa->e && rsa->n) { - if (!meth->bn_mod_exp(&vrfy,r0,rsa->e,rsa->n,ctx,NULL)) goto err; + if (!rsa->meth->bn_mod_exp(&vrfy,r0,rsa->e,rsa->n,ctx,NULL)) goto err; /* If 'I' was greater than (or equal to) rsa->n, the operation * will be equivalent to using 'I mod n'. However, the result of * the verify will *always* be less than 'n' so we don't check @@ -588,7 +578,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) /* 'I' and 'vrfy' aren't congruent mod n. Don't leak * miscalculated CRT output, just do a raw (slower) * mod_exp and return that instead. */ - if (!meth->bn_mod_exp(r0,I,rsa->d,rsa->n,ctx,NULL)) goto err; + if (!rsa->meth->bn_mod_exp(r0,I,rsa->d,rsa->n,ctx,NULL)) goto err; } ret=1; err: diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index ef9f924ab4..b81fb6ddb2 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -73,27 +73,13 @@ RSA *RSA_new(void) return(RSA_new_method(NULL)); } -void RSA_set_default_openssl_method(const RSA_METHOD *meth) +void RSA_set_default_method(const RSA_METHOD *meth) { - ENGINE *e; - /* We'll need to notify the "openssl" ENGINE of this - * change too. We won't bother locking things down at - * our end as there was never any locking in these - * functions! */ - if(default_RSA_meth != meth) - { - default_RSA_meth = meth; - e = ENGINE_by_id("openssl"); - if(e) - { - ENGINE_set_RSA(e, meth); - ENGINE_free(e); - } - } + default_RSA_meth = meth; } -const RSA_METHOD *RSA_get_default_openssl_method(void) -{ +const RSA_METHOD *RSA_get_default_method(void) + { if (default_RSA_meth == NULL) { #ifdef RSA_NULL @@ -108,49 +94,32 @@ const RSA_METHOD *RSA_get_default_openssl_method(void) } return default_RSA_meth; -} + } const RSA_METHOD *RSA_get_method(const RSA *rsa) -{ - return ENGINE_get_RSA(rsa->engine); -} - -#if 0 -RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth) -{ - RSA_METHOD *mtmp; + { + return rsa->meth; + } + +int RSA_set_method(RSA *rsa, const RSA_METHOD *meth) + { + /* NB: The caller is specifically setting a method, so it's not up to us + * to deal with which ENGINE it comes from. */ + const RSA_METHOD *mtmp; mtmp = rsa->meth; if (mtmp->finish) mtmp->finish(rsa); + if (rsa->engine) + { + ENGINE_finish(rsa->engine); + rsa->engine = NULL; + } rsa->meth = meth; if (meth->init) meth->init(rsa); - return mtmp; -} -#else -int RSA_set_method(RSA *rsa, ENGINE *engine) -{ - ENGINE *mtmp; - const RSA_METHOD *meth; - mtmp = rsa->engine; - meth = ENGINE_get_RSA(mtmp); - if (!ENGINE_init(engine)) - return 0; - if (meth->finish) meth->finish(rsa); - rsa->engine = engine; - meth = ENGINE_get_RSA(engine); - if (meth->init) meth->init(rsa); - /* SHOULD ERROR CHECK THIS!!! */ - ENGINE_finish(mtmp); return 1; -} -#endif + } -#if 0 -RSA *RSA_new_method(RSA_METHOD *meth) -#else RSA *RSA_new_method(ENGINE *engine) -#endif { - const RSA_METHOD *meth; RSA *ret; ret=(RSA *)OPENSSL_malloc(sizeof(RSA)); @@ -160,25 +129,23 @@ RSA *RSA_new_method(ENGINE *engine) return(NULL); } - if (engine) + ret->meth = RSA_get_default_method(); + ret->engine = engine; + if(!ret->engine) + ret->engine = ENGINE_get_default_RSA(); + if(ret->engine) { - if(ENGINE_init(engine)) - ret->engine = engine; - else - ret->engine = NULL; - } - else - ret->engine=ENGINE_get_default_RSA(); - - if(ret->engine == NULL) - { - RSAerr(RSA_F_RSA_NEW_METHOD,ERR_LIB_ENGINE); - OPENSSL_free(ret); - return NULL; + ret->meth = ENGINE_get_RSA(ret->engine); + if(!ret->meth) + { + RSAerr(RSA_F_RSA_NEW_METHOD, + ERR_R_ENGINE_LIB); + ENGINE_finish(ret->engine); + OPENSSL_free(ret); + return NULL; + } } - meth = ENGINE_get_RSA(ret->engine); - ret->pad=0; ret->version=0; ret->n=NULL; @@ -195,9 +162,9 @@ RSA *RSA_new_method(ENGINE *engine) ret->_method_mod_q=NULL; ret->blinding=NULL; ret->bignum_data=NULL; - ret->flags=meth->flags; + ret->flags=ret->meth->flags; CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); - if ((meth->init != NULL) && !meth->init(ret)) + if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); OPENSSL_free(ret); @@ -208,7 +175,6 @@ RSA *RSA_new_method(ENGINE *engine) void RSA_free(RSA *r) { - const RSA_METHOD *meth; int i; if (r == NULL) return; @@ -226,10 +192,10 @@ void RSA_free(RSA *r) } #endif - meth = ENGINE_get_RSA(r->engine); - if (meth->finish != NULL) - meth->finish(r); - ENGINE_finish(r->engine); + if (r->meth->finish) + r->meth->finish(r); + if (r->engine) + ENGINE_finish(r->engine); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data); @@ -287,34 +253,30 @@ int RSA_size(const RSA *r) int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { - return(ENGINE_get_RSA(rsa->engine)->rsa_pub_enc(flen, - from, to, rsa, padding)); + return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding)); } int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { - return(ENGINE_get_RSA(rsa->engine)->rsa_priv_enc(flen, - from, to, rsa, padding)); + return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding)); } int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { - return(ENGINE_get_RSA(rsa->engine)->rsa_priv_dec(flen, - from, to, rsa, padding)); + return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding)); } int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { - return(ENGINE_get_RSA(rsa->engine)->rsa_pub_dec(flen, - from, to, rsa, padding)); + return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); } int RSA_flags(const RSA *r) { - return((r == NULL)?0:ENGINE_get_RSA(r->engine)->flags); + return((r == NULL)?0:r->meth->flags); } void RSA_blinding_off(RSA *rsa) @@ -348,8 +310,7 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx) if (!BN_rand_range(A,rsa->n)) goto err; if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err; - if (!ENGINE_get_RSA(rsa->engine)->bn_mod_exp(A,A, - rsa->e,rsa->n,ctx,rsa->_method_mod_n)) + if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) goto err; rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n); rsa->flags|=RSA_FLAG_BLINDING; @@ -405,4 +366,3 @@ int RSA_memory_lock(RSA *r) r->bignum_data=p; return(1); } - diff --git a/crypto/rsa/rsa_test.c b/crypto/rsa/rsa_test.c index 5dee24b001..b8b462d33b 100644 --- a/crypto/rsa/rsa_test.c +++ b/crypto/rsa/rsa_test.c @@ -16,6 +16,7 @@ int main(int argc, char *argv[]) } #else #include +#include #define SetKey \ key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \ @@ -219,12 +220,12 @@ int main(int argc, char *argv[]) int clen = 0; int num; - RAND_seed(rnd_seed, sizeof rnd_seed); /* or OAEP may fail */ - CRYPTO_malloc_debug_init(); CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - + + RAND_seed(rnd_seed, sizeof rnd_seed); /* or OAEP may fail */ + plen = sizeof(ptext_ex) - 1; for (v = 0; v < 3; v++) @@ -310,7 +311,7 @@ int main(int argc, char *argv[]) CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); - CRYPTO_mem_leaks_fp(stdout); + CRYPTO_mem_leaks_fp(stderr); return err; } -- 2.34.1