2000-10-26 21:07:28 +00:00
|
|
|
/* crypto/engine/engine_int.h */
|
|
|
|
|
/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
|
|
|
|
|
* project 2000.
|
|
|
|
|
*/
|
|
|
|
|
/* ====================================================================
|
|
|
|
|
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
|
* are met:
|
|
|
|
|
*
|
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
|
*
|
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer in
|
|
|
|
|
* the documentation and/or other materials provided with the
|
|
|
|
|
* distribution.
|
|
|
|
|
*
|
|
|
|
|
* 3. All advertising materials mentioning features or use of this
|
|
|
|
|
* software must display the following acknowledgment:
|
|
|
|
|
* "This product includes software developed by the OpenSSL Project
|
|
|
|
|
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
|
|
|
|
|
*
|
|
|
|
|
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
|
|
|
|
* endorse or promote products derived from this software without
|
|
|
|
|
* prior written permission. For written permission, please contact
|
|
|
|
|
* licensing@OpenSSL.org.
|
|
|
|
|
*
|
|
|
|
|
* 5. Products derived from this software may not be called "OpenSSL"
|
|
|
|
|
* nor may "OpenSSL" appear in their names without prior written
|
|
|
|
|
* permission of the OpenSSL Project.
|
|
|
|
|
*
|
|
|
|
|
* 6. Redistributions of any form whatsoever must retain the following
|
|
|
|
|
* acknowledgment:
|
|
|
|
|
* "This product includes software developed by the OpenSSL Project
|
|
|
|
|
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
|
|
|
|
|
*
|
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
|
|
|
|
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
|
|
|
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
|
|
|
|
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
|
|
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
|
|
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
|
|
|
|
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
|
|
|
|
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
|
|
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
|
|
|
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
|
* ====================================================================
|
|
|
|
|
*
|
|
|
|
|
* This product includes cryptographic software written by Eric Young
|
|
|
|
|
* (eay@cryptsoft.com). This product includes software written by Tim
|
|
|
|
|
* Hudson (tjh@cryptsoft.com).
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#ifndef HEADER_ENGINE_INT_H
|
|
|
|
|
#define HEADER_ENGINE_INT_H
|
|
|
|
|
|
2000-11-02 20:33:04 +00:00
|
|
|
/* Take public definitions from engine.h */
|
|
|
|
|
#include <openssl/engine.h>
|
|
|
|
|
|
2000-10-26 21:07:28 +00:00
|
|
|
#ifdef __cplusplus
|
|
|
|
|
extern "C" {
|
|
|
|
|
#endif
|
|
|
|
|
|
2001-04-26 23:04:30 +00:00
|
|
|
#define ENGINE_REF_COUNT_DEBUG
|
|
|
|
|
|
|
|
|
|
/* If we compile with this symbol defined, then both reference counts in the
|
|
|
|
|
* ENGINE structure will be monitored with a line of output on stderr for each
|
|
|
|
|
* change. This prints the engine's pointer address (truncated to unsigned int),
|
|
|
|
|
* "struct" or "funct" to indicate the reference type, the before and after
|
|
|
|
|
* reference count, and the file:line-number pair. The "engine_ref_debug"
|
|
|
|
|
* statements must come *after* the change. */
|
|
|
|
|
#ifdef ENGINE_REF_COUNT_DEBUG
|
|
|
|
|
|
|
|
|
|
#define engine_ref_debug(e, isfunct, diff) \
|
|
|
|
|
fprintf(stderr, "blargle: %08x %s from %d to %d (%s:%d)\n", \
|
|
|
|
|
(unsigned int)(e), (isfunct ? "funct" : "struct"), \
|
|
|
|
|
((isfunct) ? ((e)->funct_ref - (diff)) : ((e)->struct_ref - (diff))), \
|
|
|
|
|
((isfunct) ? (e)->funct_ref : (e)->struct_ref), \
|
|
|
|
|
(__FILE__), (__LINE__));
|
|
|
|
|
|
|
|
|
|
#else
|
|
|
|
|
|
|
|
|
|
#define engine_ref_debug(e, isfunct, diff)
|
|
|
|
|
|
|
|
|
|
#endif
|
|
|
|
|
|
2001-04-18 03:03:16 +00:00
|
|
|
/* NB: Bitwise OR-able values for the "flags" variable in ENGINE are now exposed
|
|
|
|
|
* in engine.h. */
|
2000-10-26 21:07:28 +00:00
|
|
|
|
|
|
|
|
/* This is a structure for storing implementations of various crypto
|
|
|
|
|
* algorithms and functions. */
|
2000-11-02 20:33:04 +00:00
|
|
|
struct engine_st
|
2000-10-26 21:07:28 +00:00
|
|
|
{
|
|
|
|
|
const char *id;
|
|
|
|
|
const char *name;
|
2000-11-06 22:15:50 +00:00
|
|
|
const RSA_METHOD *rsa_meth;
|
2000-11-07 13:54:39 +00:00
|
|
|
const DSA_METHOD *dsa_meth;
|
2000-11-07 14:30:37 +00:00
|
|
|
const DH_METHOD *dh_meth;
|
2001-04-18 02:01:36 +00:00
|
|
|
const RAND_METHOD *rand_meth;
|
2000-10-26 21:07:28 +00:00
|
|
|
BN_MOD_EXP bn_mod_exp;
|
|
|
|
|
BN_MOD_EXP_CRT bn_mod_exp_crt;
|
2001-04-18 03:57:05 +00:00
|
|
|
ENGINE_GEN_INT_FUNC_PTR init;
|
|
|
|
|
ENGINE_GEN_INT_FUNC_PTR finish;
|
|
|
|
|
ENGINE_CTRL_FUNC_PTR ctrl;
|
|
|
|
|
ENGINE_LOAD_KEY_PTR load_privkey;
|
|
|
|
|
ENGINE_LOAD_KEY_PTR load_pubkey;
|
Some BIG tweaks to ENGINE code.
This change adds some new functionality to the ENGINE code and API to
make it possible for ENGINEs to describe and implement their own control
commands that can be interrogated and used by calling applications at
run-time. The source code includes numerous comments explaining how it all
works and some of the finer details. But basically, an ENGINE will normally
declare an array of ENGINE_CMD_DEFN entries in its ENGINE - and the various
new ENGINE_CTRL_*** command types take care of iterating through this list
of definitions, converting command numbers to names, command names to
numbers, getting descriptions, getting input flags, etc. These
administrative commands are handled directly in the base ENGINE code rather
than in each ENGINE's ctrl() handler, unless they specify the
ENGINE_FLAGS_MANUAL_CMD_CTRL flag (ie. if they're doing something clever or
dynamic with the command definitions).
There is also a new function, ENGINE_cmd_is_executable(), that will
determine if an ENGINE control command is of an "executable" type that
can be used in another new function, ENGINE_ctrl_cmd_string(). If not, the
control command is not supposed to be exposed out to user/config level
access - eg. it could involve the exchange of binary data, returning
results to calling code, etc etc. If the command is executable then
ENGINE_ctrl_cmd_string() can be called using a name/arg string pair. The
control command's input flags will be used to determine necessary
conversions before the control command is called, and commands of this
form will always return zero or one (failure or success, respectively).
This is set up so that arbitrary applications can support control commands
in a consistent way so that tweaking particular ENGINE behaviour is
specific to the ENGINE and the host environment, and independant of the
application or OpenSSL.
Some code demonstrating this stuff in action will applied shortly to the
various ENGINE implementations, as well as "openssl engine" support for
executing arbitrary control commands before and/or after initialising
various ENGINEs.
2001-04-19 00:41:55 +00:00
|
|
|
const ENGINE_CMD_DEFN *cmd_defns;
|
2000-10-26 21:07:28 +00:00
|
|
|
int flags;
|
|
|
|
|
/* reference count on the structure itself */
|
|
|
|
|
int struct_ref;
|
|
|
|
|
/* reference count on usability of the engine type. NB: This
|
|
|
|
|
* controls the loading and initialisation of any functionlity
|
|
|
|
|
* required by this engine, whereas the previous count is
|
|
|
|
|
* simply to cope with (de)allocation of this structure. Hence,
|
|
|
|
|
* running_ref <= struct_ref at all times. */
|
|
|
|
|
int funct_ref;
|
This adds 2 things to the ENGINE code.
* "ex_data" - a CRYPTO_EX_DATA structure in the ENGINE structure itself
that allows an ENGINE to store its own information there rather than in
global variables. It follows the declarations and implementations used
in RSA code, for better or worse. However there's a problem when storing
state with ENGINEs because, unlike related structure types in OpenSSL,
there is no ENGINE-vs-ENGINE_METHOD separation. Because of what ENGINE
is, it has method pointers as its structure elements ... which leads
to;
* ENGINE_FLAGS_BY_ID_COPY - if an ENGINE should not be used just as a
reference to an "implementation" (eg. to get to a hardware device), but
should also be able to maintain state, then this flag can be set by the
ENGINE implementation. The result is that any call to ENGINE_by_id()
will not result in the existing ENGINE being returned (with its
structural reference count incremented) but instead a new copy of the
ENGINE will be returned that can maintain its own state independantly of
any other copies returned in the past or future. Eg. key-generation
might involve a series of ENGINE-specific control commands to set
algorithms, sizes, module-keys, ids, ACLs, etc. A final command could
generate the key. An ENGINE doing this would *have* to declare
ENGINE_FLAGS_BY_ID_COPY so that the state of that process can be
maintained "per-handle" and unaffected by other code having a reference
to the same ENGINE structure.
2001-04-26 19:35:44 +00:00
|
|
|
/* A place to store per-key data */
|
|
|
|
|
CRYPTO_EX_DATA ex_data;
|
2000-10-26 21:07:28 +00:00
|
|
|
/* Used to maintain the linked-list of engines. */
|
|
|
|
|
struct engine_st *prev;
|
|
|
|
|
struct engine_st *next;
|
2000-11-02 20:33:04 +00:00
|
|
|
};
|
2000-10-26 21:07:28 +00:00
|
|
|
|
|
|
|
|
/* BUILT-IN ENGINES. (these functions are only ever called once and
|
|
|
|
|
* do not return references - they are purely for bootstrapping). */
|
|
|
|
|
|
|
|
|
|
/* Returns a structure of software only methods (the default). */
|
|
|
|
|
ENGINE *ENGINE_openssl();
|
|
|
|
|
|
2001-02-19 16:06:34 +00:00
|
|
|
#ifndef OPENSSL_NO_HW
|
2000-10-26 21:07:28 +00:00
|
|
|
|
2001-02-19 16:06:34 +00:00
|
|
|
#ifndef OPENSSL_NO_HW_CSWIFT
|
2000-10-26 21:07:28 +00:00
|
|
|
/* Returns a structure of cswift methods ... NB: This can exist and be
|
|
|
|
|
* "used" even on non-cswift systems because the "init" will fail if the
|
|
|
|
|
* card/library are not found. */
|
|
|
|
|
ENGINE *ENGINE_cswift();
|
2001-02-19 16:06:34 +00:00
|
|
|
#endif /* !OPENSSL_NO_HW_CSWIFT */
|
2000-10-26 21:07:28 +00:00
|
|
|
|
2001-02-19 16:06:34 +00:00
|
|
|
#ifndef OPENSSL_NO_HW_NCIPHER
|
2000-10-26 21:07:28 +00:00
|
|
|
ENGINE *ENGINE_ncipher();
|
2001-02-19 16:06:34 +00:00
|
|
|
#endif /* !OPENSSL_NO_HW_NCIPHER */
|
2000-10-26 21:07:28 +00:00
|
|
|
|
2001-02-19 16:06:34 +00:00
|
|
|
#ifndef OPENSSL_NO_HW_ATALLA
|
2000-10-26 21:07:28 +00:00
|
|
|
/* Returns a structure of atalla methods. */
|
|
|
|
|
ENGINE *ENGINE_atalla();
|
2001-02-19 16:06:34 +00:00
|
|
|
#endif /* !OPENSSL_NO_HW_ATALLA */
|
2000-10-26 21:07:28 +00:00
|
|
|
|
2001-02-19 16:06:34 +00:00
|
|
|
#ifndef OPENSSL_NO_HW_NURON
|
2000-10-26 21:07:28 +00:00
|
|
|
ENGINE *ENGINE_nuron();
|
2001-02-19 16:06:34 +00:00
|
|
|
#endif /* !OPENSSL_NO_HW_NURON */
|
2000-10-26 21:07:28 +00:00
|
|
|
|
2001-02-19 16:06:34 +00:00
|
|
|
#ifndef OPENSSL_NO_HW_UBSEC
|
2000-12-14 21:41:55 +00:00
|
|
|
ENGINE *ENGINE_ubsec();
|
2001-02-19 16:06:34 +00:00
|
|
|
#endif /* !OPENSSL_NO_HW_UBSEC */
|
2000-12-14 21:41:55 +00:00
|
|
|
|
2001-02-19 16:06:34 +00:00
|
|
|
#endif /* !OPENSSL_NO_HW */
|
2000-10-26 21:07:28 +00:00
|
|
|
|
|
|
|
|
#ifdef __cplusplus
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#endif /* HEADER_ENGINE_INT_H */
|