Change the engine library so the application writer has to explicitely

load the "external" built-in engines (those that require DSO). This makes linking with libdl or other dso libraries non-mandatory. Change 'openssl engine' accordingly. Change the engine header files so some declarations (that differed at that!) aren't duplicated, and make sure engine_int.h includes engine.h. That way, there should be no way of missing the needed info.
2000-11-02 20:33:04 +00:00 · 2000-11-02 20:33:04 +00:00 · 11c0f1201c
commit 11c0f1201c
parent 69e7805f54
7 changed files with 157 additions and 53 deletions
--- a/18
+++ b/18
@ -4,6 +4,24 @@

 Changes between 0.9.6 and 0.9.7  [xx XXX 2000]

+  *) Add the following functions:
+
+	ENGINE_load_cswift()
+	ENGINE_load_chil()
+	ENGINE_load_atalla()
+	ENGINE_load_nuron()
+	ENGINE_load_builtin_engines()
+
+     That way, an application can itself choose if external engines that
+     are built-in in OpenSSL shall ever be used or not.  The benefit is
+     that applications won't have to be linked with libdl or other dso
+     libraries unless it's really needed.
+
+     Changed 'openssl engine' to load all engines on demand.
+     Changed the engine header files to avoid the duplication of some
+     declarations (they differed!).
+     [Richard Levitte]
+
  *) 'openssl engine' can now list capabilities.
     [Richard Levitte]

--- a/apps/engine.c
+++ b/apps/engine.c
@ -77,6 +77,7 @@ static char *engine_usage[]={
 " -c          - for each engine, also list the capabilities\n",
 #endif
 " -t          - for each engine, check that they are really available\n",
+" -l          - load all built-in engines\n",
 NULL
 };

@ -152,6 +153,8 @@ int MAIN(int argc, char **argv)
 			list_cap=1;
 		else if (strcmp(*argv,"-t") == 0)
 			test_avail=1;
+		else if (strcmp(*argv,"-l") == 0)
+			ENGINE_load_builtin_engines();
 		else if ((strncmp(*argv,"-h",2) == 0) ||
 			 (strcmp(*argv,"-?") == 0))
 			{
--- a/crypto/engine/Makefile.ssl
+++ b/crypto/engine/Makefile.ssl
@ -22,9 +22,9 @@ TEST= enginetest.c
 APPS=

 LIB=$(TOP)/libcrypto.a
-LIBSRC= engine_err.c engine_lib.c engine_list.c engine_openssl.c \
+LIBSRC= engine_err.c engine_lib.c engine_list.c engine_all.c engine_openssl.c \
 	hw_atalla.c hw_cswift.c hw_ncipher.c hw_nuron.c
-LIBOBJ= engine_err.o engine_lib.o engine_list.o engine_openssl.o \
+LIBOBJ= engine_err.o engine_lib.o engine_list.o engine_all.o engine_openssl.o \
 	hw_atalla.o hw_cswift.o hw_ncipher.o hw_nuron.o

 SRC= $(LIBSRC)
--- a/crypto/engine/engine.h
+++ b/crypto/engine/engine.h
@ -102,7 +102,6 @@ extern "C" {
 /* As we're missing a BIGNUM_METHOD, we need a couple of locally
 * defined function types that engines can implement. */

-#ifndef HEADER_ENGINE_INT_H
 /* mod_exp operation, calculates; r = a ^ p mod m
 * NB: ctx can be NULL, but if supplied, the implementation may use
 * it if it wishes. */
@ -116,9 +115,9 @@ typedef int (*BN_MOD_EXP_CRT)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
 		const BIGNUM *iqmp, BN_CTX *ctx);

 /* Generic function pointer */
-typedef void (*ENGINE_GEN_FUNC_PTR)();
+typedef int (*ENGINE_GEN_FUNC_PTR)();
 /* Generic function pointer taking no arguments */
-typedef void (*ENGINE_GEN_INT_FUNC_PTR)(void);
+typedef int (*ENGINE_GEN_INT_FUNC_PTR)(void);
 /* Specific control function pointer */
 typedef int (*ENGINE_CTRL_FUNC_PTR)(int cmd, long i, void *p, void (*f)());

@ -126,8 +125,8 @@ typedef int (*ENGINE_CTRL_FUNC_PTR)(int cmd, long i, void *p, void (*f)());
 * pointers (not dynamic because static is fine for now and we otherwise
 * have to hook an appropriate load/unload function in to initialise and
 * cleanup). */
+struct engine_st;
 typedef struct engine_st ENGINE;
-#endif

 /* STRUCTURE functions ... all of these functions deal with pointers to
 * ENGINE structures where the pointers have a "structural reference".
@ -151,6 +150,13 @@ int ENGINE_add(ENGINE *e);
 int ENGINE_remove(ENGINE *e);
 /* Retrieve an engine from the list by its unique "id" value. */
 ENGINE *ENGINE_by_id(const char *id);
+/* Add all the built-in engines.  By default, only the OpenSSL software
+   engine is loaded */
+void ENGINE_load_cswift(void);
+void ENGINE_load_chil(void);
+void ENGINE_load_atalla(void);
+void ENGINE_load_nuron(void);
+void ENGINE_load_builtin_engines(void);

 /* These functions are useful for manufacturing new ENGINE
 * structures. They don't address reference counting at all -
@ -297,10 +303,10 @@ void ERR_load_ENGINE_strings(void);
 /* Error codes for the ENGINE functions. */

 /* Function codes. */
-#define ENGINE_F_ATALLA_FINISH				 135
-#define ENGINE_F_ATALLA_INIT				 136
-#define ENGINE_F_ATALLA_MOD_EXP				 137
-#define ENGINE_F_ATALLA_RSA_MOD_EXP			 138
+#define ENGINE_F_ATALLA_FINISH				 159
+#define ENGINE_F_ATALLA_INIT				 160
+#define ENGINE_F_ATALLA_MOD_EXP				 161
+#define ENGINE_F_ATALLA_RSA_MOD_EXP			 162
 #define ENGINE_F_CSWIFT_DSA_SIGN			 133
 #define ENGINE_F_CSWIFT_DSA_VERIFY			 134
 #define ENGINE_F_CSWIFT_FINISH				 100
--- a/crypto/engine/engine_all.c
+++ b/crypto/engine/engine_all.c
@ -0,0 +1,115 @@
+/* crypto/engine/engine_all.c -*- mode: C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte <richard@levitte.org> for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/engine.h>
+#include "engine_int.h"
+static int engine_add(ENGINE *e)
+	{
+	if (!ENGINE_by_id(ENGINE_get_id(e)))
+		return ENGINE_add(e);
+	return 1;
+	}
+
+void ENGINE_load_cswift(void)
+	{
+#ifndef NO_HW
+#ifndef NO_HW_CSWIFT
+	engine_add(ENGINE_cswift());
+#endif /* !NO_HW_CSWIFT */
+#endif /* !NO_HW */
+	}
+
+void ENGINE_load_chil(void)
+	{
+#ifndef NO_HW
+#ifndef NO_HW_CSWIFT
+	engine_add(ENGINE_ncipher());
+#endif /* !NO_HW_CSWIFT */
+#endif /* !NO_HW */
+	}
+
+void ENGINE_load_atalla(void)
+	{
+#ifndef NO_HW
+#ifndef NO_HW_CSWIFT
+	engine_add(ENGINE_atalla());
+#endif /* !NO_HW_CSWIFT */
+#endif /* !NO_HW */
+	}
+
+void ENGINE_load_nuron(void)
+	{
+#ifndef NO_HW
+#ifndef NO_HW_CSWIFT
+	engine_add(ENGINE_nuron());
+#endif /* !NO_HW_CSWIFT */
+#endif /* !NO_HW */
+	}
+
+void ENGINE_load_builtin_engines(void)
+	{
+	static int done=0;
+
+	if (done) return;
+	done=1;
+
+	ENGINE_load_cswift();
+	ENGINE_load_chil();
+	ENGINE_load_atalla();
+	ENGINE_load_nuron();
+	}
--- a/crypto/engine/engine_int.h
+++ b/crypto/engine/engine_int.h
@ -66,6 +66,9 @@
 #include <openssl/bn.h>
 #include <openssl/evp.h>

+/* Take public definitions from engine.h */
+#include <openssl/engine.h>
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
@ -73,32 +76,9 @@ extern "C" {
 /* Bitwise OR-able values for the "flags" variable in ENGINE. */
 #define ENGINE_FLAGS_MALLOCED	0x0001

-#ifndef HEADER_ENGINE_H
-/* Regrettably, we need to reproduce the "BN" function types here
- * because there is no such "BIGNUM_METHOD" as there is with RSA,
- * DSA, etc. We do this so that we don't have a case where engine.h
- * and engine_int.h conflict with each other. */
-typedef int (*BN_MOD_EXP)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-		const BIGNUM *m, BN_CTX *ctx);
- 
-/* private key operation for RSA, provided seperately in case other
- * RSA implementations wish to use it. */
-typedef int (*BN_MOD_EXP_CRT)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-		const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
-		const BIGNUM *iqmp, BN_CTX *ctx);
-
-/* Generic function pointer */
-typedef int (*ENGINE_GEN_FUNC_PTR)();
-/* Generic function pointer taking no arguments */
-typedef int (*ENGINE_GEN_INT_FUNC_PTR)(void);
-/* Specific control function pointer */
-typedef int (*ENGINE_CTRL_FUNC_PTR)(int cmd, long i, void *p, void (*f)());
-
-#endif
-
 /* This is a structure for storing implementations of various crypto
 * algorithms and functions. */
-typedef struct engine_st
+struct engine_st
 	{
 	const char *id;
 	const char *name;
@ -125,7 +105,7 @@ typedef struct engine_st
 	/* Used to maintain the linked-list of engines. */
 	struct engine_st *prev;
 	struct engine_st *next;
-	} ENGINE;
+	};

 /* BUILT-IN ENGINES. (these functions are only ever called once and
 * do not return references - they are purely for bootstrapping). */
--- a/crypto/engine/engine_list.c
+++ b/crypto/engine/engine_list.c
@ -185,24 +185,6 @@ static int engine_internal_check(void)
 	 * with our statically compiled-in engines. */
 	if(!engine_list_add(ENGINE_openssl()))
 		return 0;
-#ifndef NO_HW
-#ifndef NO_HW_CSWIFT
-	if(!engine_list_add(ENGINE_cswift()))
-		return 0;
-#endif /* !NO_HW_CSWIFT */
-#ifndef NO_HW_NCIPHER
-	if(!engine_list_add(ENGINE_ncipher()))
-		return 0;
-#endif /* !NO_HW_NCIPHER */
-#ifndef NO_HW_ATALLA
-	if(!engine_list_add(ENGINE_atalla()))
-		return 0;
-#endif /* !NO_HW_ATALLA */
-#ifndef NO_HW_NURON
-	if(!engine_list_add(ENGINE_nuron()))
-		return 0;
-#endif /* !NO_HW_NURON */
-#endif /* !NO_HW */
 	engine_list_flag = 1;
 	return 1;
 	}