This commits changes to various parts of libcrypto required by the recent

ENGINE surgery. DH, DSA, RAND, and RSA now use *both* "method" and ENGINE
pointers to manage their hooking with ENGINE. Previously their use of
"method" pointers was replaced by use of ENGINE references. See
crypto/engine/README for details.

Also, remove the ENGINE iterations from evp_test - even when the
cipher/digest code is committed in, this functionality would require a
different set of API calls.

crypto/dh/dh.h

@@ -68,6 +68,7 @@
 #endif
 #include <openssl/bn.h>
 #include <openssl/crypto.h>
+#include <openssl/types.h>
 	
 #define DH_FLAG_CACHE_MONT_P	0x01
 
@@ -115,11 +116,8 @@ struct dh_st
 
 	int references;
 	CRYPTO_EX_DATA ex_data;
-#if 0
+	const DH_METHOD *meth;
-	DH_METHOD *meth;
+	ENGINE *engine;
-#else
-	struct engine_st *engine;
-#endif
 	};
 
 #define DH_GENERATOR_2		2
@@ -154,15 +152,10 @@ struct dh_st
 
 const DH_METHOD *DH_OpenSSL(void);
 
-void DH_set_default_openssl_method(const DH_METHOD *meth);
+void DH_set_default_method(const DH_METHOD *meth);
-const DH_METHOD *DH_get_default_openssl_method(void);
+const DH_METHOD *DH_get_default_method(void);
-#if 0
+int DH_set_method(DH *dh, const DH_METHOD *meth);
-const DH_METHOD *DH_set_method(DH *dh, const DH_METHOD *meth);
+DH *DH_new_method(ENGINE *engine);
-DH *DH_new_method(const DH_METHOD *meth);
-#else
-int DH_set_method(DH *dh, struct engine_st *engine);
-DH *DH_new_method(struct engine_st *engine);
-#endif
 
 DH *	DH_new(void);
 void	DH_free(DH *dh);

crypto/dh/dh_key.c

@@ -74,12 +74,12 @@ static int dh_finish(DH *dh);
 
 int DH_generate_key(DH *dh)
 	{
-	return ENGINE_get_DH(dh->engine)->generate_key(dh);
+	return dh->meth->generate_key(dh);
 	}
 
 int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
 	{
-	return ENGINE_get_DH(dh->engine)->compute_key(key, pub_key, dh);
+	return dh->meth->compute_key(key, pub_key, dh);
 	}
 
 static DH_METHOD dh_ossl = {
@@ -140,8 +140,8 @@ static int generate_key(DH *dh)
 		l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
 		if (!BN_rand(priv_key, l, 0, 0)) goto err;
 		}
-	if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, pub_key, dh->g,
+	if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, priv_key,dh->p,ctx,mont))
-		priv_key,dh->p,ctx,mont)) goto err;
+		goto err;
 		
 	dh->pub_key=pub_key;
 	dh->priv_key=priv_key;
@@ -181,8 +181,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
 		}
 
 	mont=(BN_MONT_CTX *)dh->method_mont_p;
-	if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, tmp, pub_key,
+	if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont))
-				dh->priv_key,dh->p,ctx,mont))
 		{
 		DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB);
 		goto err;

crypto/dh/dh_lib.c

@@ -66,97 +66,67 @@ const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
 
 static const DH_METHOD *default_DH_method = NULL;
 
-void DH_set_default_openssl_method(const DH_METHOD *meth)
+void DH_set_default_method(const DH_METHOD *meth)
-{
+	{
-	ENGINE *e;
+	default_DH_method = meth;
-	/* We'll need to notify the "openssl" ENGINE of this
+	}
-	 * change too. We won't bother locking things down at
-	 * our end as there was never any locking in these
-	 * functions! */
-	if(default_DH_method != meth)
-		{
-		default_DH_method = meth;
-		e = ENGINE_by_id("openssl");
-		if(e)
-			{
-			ENGINE_set_DH(e, meth);
-			ENGINE_free(e);
-			}
-		}
-}
 
-const DH_METHOD *DH_get_default_openssl_method(void)
+const DH_METHOD *DH_get_default_method(void)
-{
+	{
-	if(!default_DH_method) default_DH_method = DH_OpenSSL();
+	if(!default_DH_method)
+		default_DH_method = DH_OpenSSL();
 	return default_DH_method;
-}
+	}
 
-#if 0
+int DH_set_method(DH *dh, const DH_METHOD *meth)
-DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth)
+	{
-{
+	/* NB: The caller is specifically setting a method, so it's not up to us
-        DH_METHOD *mtmp;
+	 * to deal with which ENGINE it comes from. */
+        const DH_METHOD *mtmp;
         mtmp = dh->meth;
         if (mtmp->finish) mtmp->finish(dh);
+	if (dh->engine)
+		{
+		ENGINE_finish(dh->engine);
+		dh->engine = NULL;
+		}
         dh->meth = meth;
         if (meth->init) meth->init(dh);
-        return mtmp;
+        return 1;
 }
-#else
-int DH_set_method(DH *dh, ENGINE *engine)
-{
-	ENGINE *mtmp;
-	const DH_METHOD *meth;
-	mtmp = dh->engine;
-	meth = ENGINE_get_DH(mtmp);
-	if (!ENGINE_init(engine))
-		return 0;
-	if (meth->finish) meth->finish(dh);
-	dh->engine= engine;
-	meth = ENGINE_get_DH(engine);
-	if (meth->init) meth->init(dh);
-	/* SHOULD ERROR CHECK THIS!!! */
-	ENGINE_finish(mtmp);
-	return 1;
-}
-#endif
 
 DH *DH_new(void)
-{
-	return DH_new_method(NULL);
-}
-
-#if 0
-DH *DH_new_method(DH_METHOD *meth)
-#else
-DH *DH_new_method(ENGINE *engine)
-#endif
 	{
-	const DH_METHOD *meth;
+	return DH_new_method(NULL);
-	DH *ret;
+	}
-	ret=(DH *)OPENSSL_malloc(sizeof(DH));
 
+DH *DH_new_method(ENGINE *engine)
+	{
+	DH *ret;
+
+	ret=(DH *)OPENSSL_malloc(sizeof(DH));
 	if (ret == NULL)
 		{
 		DHerr(DH_F_DH_NEW,ERR_R_MALLOC_FAILURE);
 		return(NULL);
 		}
 
-	if (engine)
+	ret->meth = DH_get_default_method();
+	ret->engine = engine;
+	if(!ret->engine)
+		ret->engine = ENGINE_get_default_DH();
+	if(ret->engine)
 		{
-		if(ENGINE_init(engine))
+		ret->meth = ENGINE_get_DH(ret->engine);
-			ret->engine = engine;
+		if(!ret->meth)
-		else 
+			{
-			ret->engine = NULL;
+			DHerr(DH_F_DH_NEW,ERR_R_ENGINE_LIB);
+			ENGINE_finish(ret->engine);
+			OPENSSL_free(ret);
+			return NULL;
+			}
 		}
-	else
+
-		ret->engine=ENGINE_get_default_DH();
-	if(ret->engine == NULL)
-		{
-		DHerr(DH_F_DH_NEW,ERR_LIB_ENGINE);
-		OPENSSL_free(ret);
-		return NULL;
-		}
-	meth = ENGINE_get_DH(ret->engine);
 	ret->pad=0;
 	ret->version=0;
 	ret->p=NULL;
@@ -171,9 +141,9 @@ DH *DH_new_method(ENGINE *engine)
 	ret->counter = NULL;
 	ret->method_mont_p=NULL;
 	ret->references = 1;
-	ret->flags=meth->flags;
+	ret->flags=ret->meth->flags;
 	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
-	if ((meth->init != NULL) && !meth->init(ret))
+	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
 		{
 		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
 		OPENSSL_free(ret);
@@ -184,7 +154,6 @@ DH *DH_new_method(ENGINE *engine)
 
 void DH_free(DH *r)
 	{
-	const DH_METHOD *meth;
 	int i;
 	if(r == NULL) return;
 	i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH);
@@ -200,9 +169,10 @@ void DH_free(DH *r)
 	}
 #endif
 
-	meth = ENGINE_get_DH(r->engine);
+	if (r->meth->finish)
-	if(meth->finish) meth->finish(r);
+		r->meth->finish(r);
-	ENGINE_finish(r->engine);
+	if (r->engine)
+		ENGINE_finish(r->engine);
 
 	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data);
 

crypto/dh/dhtest.c

@@ -66,6 +66,7 @@
 #include <openssl/bio.h>
 #include <openssl/bn.h>
 #include <openssl/rand.h>
+#include <openssl/err.h>
 
 #ifdef OPENSSL_NO_DH
 int main(int argc, char *argv[])
@@ -99,6 +100,10 @@ int main(int argc, char *argv[])
 	int i,alen,blen,aout,bout,ret=1;
 	BIO *out;
 
+	CRYPTO_malloc_debug_init();
+	CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
 #ifdef OPENSSL_SYS_WIN32
 	CRYPTO_malloc_init();
 #endif
@@ -175,6 +180,9 @@ err:
 	if(b != NULL) DH_free(b);
 	if(a != NULL) DH_free(a);
 	BIO_free(out);
+	CRYPTO_cleanup_all_ex_data();
+	ERR_remove_state(0);
+	CRYPTO_mem_leaks_fp(stderr);
 	exit(ret);
 	return(ret);
 	}

crypto/dsa/dsa.h

@@ -74,6 +74,7 @@
 #endif
 #include <openssl/bn.h>
 #include <openssl/crypto.h>
+#include <openssl/types.h>
 #ifndef OPENSSL_NO_DH
 # include <openssl/dh.h>
 #endif
@@ -133,11 +134,9 @@ struct dsa_st
 	char *method_mont_p;
 	int references;
 	CRYPTO_EX_DATA ex_data;
-#if 0
+	const DSA_METHOD *meth;
-	DSA_METHOD *meth;
+	/* functional reference if 'meth' is ENGINE-provided */
-#else
+	ENGINE *engine;
-	struct engine_st *engine;
-#endif
 	};
 
 #define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \
@@ -163,20 +162,12 @@ int	DSA_do_verify(const unsigned char *dgst,int dgst_len,
 
 const DSA_METHOD *DSA_OpenSSL(void);
 
-void        DSA_set_default_openssl_method(const DSA_METHOD *);
+void	DSA_set_default_method(const DSA_METHOD *);
-const DSA_METHOD *DSA_get_default_openssl_method(void);
+const DSA_METHOD *DSA_get_default_method(void);
-#if 0
+int	DSA_set_method(DSA *dsa, const DSA_METHOD *);
-const DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *);
-#else
-int DSA_set_method(DSA *dsa, struct engine_st *engine);
-#endif
 
 DSA *	DSA_new(void);
-#if 0
+DSA *	DSA_new_method(ENGINE *engine);
-DSA *	DSA_new_method(DSA_METHOD *meth);
-#else
-DSA *	DSA_new_method(struct engine_st *engine);
-#endif
 void	DSA_free (DSA *r);
 /* "up" the DSA object's reference count */
 int	DSA_up_ref(DSA *r);

crypto/dsa/dsa_lib.c

@@ -69,73 +69,42 @@ const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT;
 
 static const DSA_METHOD *default_DSA_method = NULL;
 
-void DSA_set_default_openssl_method(const DSA_METHOD *meth)
+void DSA_set_default_method(const DSA_METHOD *meth)
-{
+	{
-	ENGINE *e;
+	default_DSA_method = meth;
-	/* We'll need to notify the "openssl" ENGINE of this
+	}
-	 * change too. We won't bother locking things down at
-	 * our end as there was never any locking in these
-	 * functions! */
-	if(default_DSA_method != meth)
-		{
-		default_DSA_method = meth;
-		e = ENGINE_by_id("openssl");
-		if(e)
-			{
-			ENGINE_set_DSA(e, meth);
-			ENGINE_free(e);
-			}
-		}
-}
 
-const DSA_METHOD *DSA_get_default_openssl_method(void)
+const DSA_METHOD *DSA_get_default_method(void)
-{
+	{
-	if(!default_DSA_method) default_DSA_method = DSA_OpenSSL();
+	if(!default_DSA_method)
+		default_DSA_method = DSA_OpenSSL();
 	return default_DSA_method;
-}
+	}
 
 DSA *DSA_new(void)
-{
+	{
 	return DSA_new_method(NULL);
-}
+	}
 
-#if 0
+int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
-DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth)
+	{
-{
+	/* NB: The caller is specifically setting a method, so it's not up to us
-        DSA_METHOD *mtmp;
+	 * to deal with which ENGINE it comes from. */
+        const DSA_METHOD *mtmp;
         mtmp = dsa->meth;
         if (mtmp->finish) mtmp->finish(dsa);
+	if (dsa->engine)
+		{
+		ENGINE_finish(dsa->engine);
+		dsa->engine = NULL;
+		}
         dsa->meth = meth;
         if (meth->init) meth->init(dsa);
-        return mtmp;
+        return 1;
-}
-#else
-int DSA_set_method(DSA *dsa, ENGINE *engine)
-	{
-	ENGINE *mtmp;
-	const DSA_METHOD *meth;
-	mtmp = dsa->engine;
-	meth = ENGINE_get_DSA(mtmp);
-	if (!ENGINE_init(engine))
-		return 0;
-	if (meth->finish) meth->finish(dsa);
-	dsa->engine = engine;
-	meth = ENGINE_get_DSA(engine);
-	if (meth->init) meth->init(dsa);
-	/* SHOULD ERROR CHECK THIS!!! */
-	ENGINE_finish(mtmp);
-	return 1;
 	}
-#endif
 
-
-#if 0
-DSA *DSA_new_method(DSA_METHOD *meth)
-#else
 DSA *DSA_new_method(ENGINE *engine)
-#endif
 	{
-	const DSA_METHOD *meth;
 	DSA *ret;
 
 	ret=(DSA *)OPENSSL_malloc(sizeof(DSA));
@@ -144,25 +113,23 @@ DSA *DSA_new_method(ENGINE *engine)
 		DSAerr(DSA_F_DSA_NEW,ERR_R_MALLOC_FAILURE);
 		return(NULL);
 		}
-
+	ret->meth = DSA_get_default_method();
-	if (engine)
+	ret->engine = engine;
+	if(!ret->engine)
+		ret->engine = ENGINE_get_default_DSA();
+	if(ret->engine)
 		{
-		if(ENGINE_init(engine))
+		ret->meth = ENGINE_get_DSA(ret->engine);
-			ret->engine = engine;
+		if(!ret->meth)
-		else 
+			{
-			ret->engine = NULL;
+			DSAerr(DSA_F_DSA_NEW,
-		}
+				ERR_R_ENGINE_LIB);
-	else
+			ENGINE_finish(ret->engine);
-		ret->engine=ENGINE_get_default_DSA();
+			OPENSSL_free(ret);
-
+			return NULL;
-	if(ret->engine == NULL)
+			}
-		{
-		DSAerr(DSA_F_DSA_NEW,ERR_LIB_ENGINE);
-		OPENSSL_free(ret);
-		return NULL;
 		}
 
-	meth = ENGINE_get_DSA(ret->engine);
 	ret->pad=0;
 	ret->version=0;
 	ret->write_params=1;
@@ -178,9 +145,9 @@ DSA *DSA_new_method(ENGINE *engine)
 	ret->method_mont_p=NULL;
 
 	ret->references=1;
-	ret->flags=meth->flags;
+	ret->flags=ret->meth->flags;
 	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
-	if ((meth->init != NULL) && !meth->init(ret))
+	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
 		{
 		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
 		OPENSSL_free(ret);
@@ -192,7 +159,6 @@ DSA *DSA_new_method(ENGINE *engine)
 
 void DSA_free(DSA *r)
 	{
-	const DSA_METHOD *meth;
 	int i;
 
 	if (r == NULL) return;
@@ -210,9 +176,10 @@ void DSA_free(DSA *r)
 		}
 #endif
 
-	meth = ENGINE_get_DSA(r->engine);
+	if(r->meth->finish)
-	if(meth->finish) meth->finish(r);
+		r->meth->finish(r);
-	ENGINE_finish(r->engine);
+	if(r->engine)
+		ENGINE_finish(r->engine);
 
 	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
 

crypto/dsa/dsa_ossl.c

@@ -202,7 +202,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 		}
 
 	/* Compute r = (g^k mod p) mod q */
-	if (!ENGINE_get_DSA(dsa->engine)->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
+	if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
 		(BN_MONT_CTX *)dsa->method_mont_p)) goto err;
 	if (!BN_mod(r,r,dsa->q,ctx)) goto err;
 
@@ -296,7 +296,7 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
 	if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err;
 #else
 	{
-	if (!ENGINE_get_DSA(dsa->engine)->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
+	if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
 						dsa->p,ctx,mont)) goto err;
 	/* BN_copy(&u1,&t1); */
 	/* let u1 = u1 mod q */

crypto/dsa/dsa_sign.c

@@ -68,7 +68,7 @@
 
 DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 	{
-	return ENGINE_get_DSA(dsa->engine)->dsa_do_sign(dgst, dlen, dsa);
+	return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
 	}
 
 int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
@@ -88,6 +88,6 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
 
 int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 	{
-	return ENGINE_get_DSA(dsa->engine)->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
+	return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
 	}
 

crypto/dsa/dsa_vrf.c

@@ -70,7 +70,7 @@
 int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
 		  DSA *dsa)
 	{
-	return ENGINE_get_DSA(dsa->engine)->dsa_do_verify(dgst, dgst_len, sig, dsa);
+	return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
 	}
 
 /* data has already been hashed (probably with SHA or SHA-1). */

crypto/dsa/dsatest.c

@@ -65,6 +65,7 @@
 #include <openssl/rand.h>
 #include <openssl/bio.h>
 #include <openssl/err.h>
+#include <openssl/engine.h>
 #ifdef OPENSSL_SYS_WINDOWS
 #include "../bio/bss_file.c"
 #endif
@@ -136,9 +137,6 @@ int main(int argc, char **argv)
 	unsigned char sig[256];
 	unsigned int siglen;
 
-	ERR_load_crypto_strings();
-	RAND_seed(rnd_seed, sizeof rnd_seed);
-
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 
@@ -146,6 +144,9 @@ int main(int argc, char **argv)
 	CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
 	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
 
+	ERR_load_crypto_strings();
+	RAND_seed(rnd_seed, sizeof rnd_seed);
+
 	BIO_printf(bio_err,"test generation of DSA parameters\n");
 
 	dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb,bio_err);
@@ -204,6 +205,7 @@ end:
 	if (dsa != NULL) DSA_free(dsa);
 	CRYPTO_cleanup_all_ex_data();
 	ERR_remove_state(0);
+	ERR_free_strings();
 	CRYPTO_mem_leaks(bio_err);
 	if (bio_err != NULL)
 		{

crypto/evp/evp_test.c

@@ -217,7 +217,6 @@ static int test_cipher(const char *cipher,const unsigned char *key,int kn,
 		       const unsigned char *ciphertext,int cn)
     {
     const EVP_CIPHER *c;
-    ENGINE *e;
 
     c=EVP_get_cipherbyname(cipher);
     if(!c)
@@ -225,16 +224,6 @@ static int test_cipher(const char *cipher,const unsigned char *key,int kn,
 
     test1(c,key,kn,iv,in,plaintext,pn,ciphertext,cn);
 
-    for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
-	{
-	c=ENGINE_get_cipher_by_name(e,cipher);
-	if(!c)
-	    continue;
-	printf("Testing engine %s\n",ENGINE_get_name(e));
-
-	test1(c,key,kn,iv,in,plaintext,pn,ciphertext,cn);
-	}
-
     return 1;
     }
 
@@ -315,8 +304,10 @@ int main(int argc,char **argv)
 	exit(2);
 	}
 
+    /* Load up the software EVP_CIPHER and EVP_MD definitions */
     OpenSSL_add_all_ciphers();
     OpenSSL_add_all_digests();
+    /* Load all compiled-in ENGINEs */
     ENGINE_load_builtin_engines();
 
     for( ; ; )

crypto/rand/rand.h

@@ -60,6 +60,7 @@
 #define HEADER_RAND_H
 
 #include <stdlib.h>
+#include <openssl/types.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -79,10 +80,9 @@ typedef struct rand_meth_st
 extern int rand_predictable;
 #endif
 
-struct engine_st;
+int RAND_set_rand_method(const RAND_METHOD *meth);
-
+const RAND_METHOD *RAND_get_rand_method(void);
-int RAND_set_rand_method(struct engine_st *meth);
+int RAND_set_rand_engine(ENGINE *engine);
-const RAND_METHOD *RAND_get_rand_method(void );
 RAND_METHOD *RAND_SSLeay(void);
 void RAND_cleanup(void );
 int  RAND_bytes(unsigned char *buf,int num);

crypto/rand/rand_lib.c

@@ -62,37 +62,61 @@
 #include <openssl/rand.h>
 #include <openssl/engine.h>
 
-static ENGINE *rand_engine=NULL;
+/* non-NULL if default_RAND_meth is ENGINE-provided */
+static ENGINE *funct_ref =NULL;
+static const RAND_METHOD *default_RAND_meth = NULL;
 
-#if 0
+int RAND_set_rand_method(const RAND_METHOD *meth)
-void RAND_set_rand_method(RAND_METHOD *meth)
 	{
-	rand_meth=meth;
+	if(funct_ref)
-	}
+		{
-#else
+		ENGINE_finish(funct_ref);
-int RAND_set_rand_method(ENGINE *engine)
+		funct_ref = NULL;
-	{
+		}
-	ENGINE *mtmp;
+	default_RAND_meth = meth;
-	mtmp = rand_engine;
-	if (engine && !ENGINE_init(engine))
-		return 0;
-	rand_engine = engine;
-	/* SHOULD ERROR CHECK THIS!!! */
-	if(mtmp)
-		ENGINE_finish(mtmp);
 	return 1;
 	}
-#endif
 
 const RAND_METHOD *RAND_get_rand_method(void)
 	{
-	if (rand_engine == NULL
+	if (!default_RAND_meth)
-		&& (rand_engine = ENGINE_get_default_RAND()) == NULL)
 		{
-		RANDerr(RAND_F_RAND_GET_RAND_METHOD,ERR_LIB_ENGINE);
+		ENGINE *e = ENGINE_get_default_RAND();
-		return NULL;
+		if(e)
+			{
+			default_RAND_meth = ENGINE_get_RAND(e);
+			if(!default_RAND_meth)
+				{
+				ENGINE_finish(e);
+				e = NULL;
+				}
+			}
+		if(e)
+			funct_ref = e;
+		else
+			default_RAND_meth = RAND_SSLeay();
 		}
-	return ENGINE_get_RAND(rand_engine);
+	return default_RAND_meth;
+	}
+
+int RAND_set_rand_engine(ENGINE *engine)
+	{
+	const RAND_METHOD *tmp_meth = NULL;
+	if(engine)
+		{
+		if(!ENGINE_init(engine))
+			return 0;
+		tmp_meth = ENGINE_get_RAND(engine);
+		if(!tmp_meth)
+			{
+			ENGINE_finish(engine);
+			return 0;
+			}
+		}
+	/* This function releases any prior ENGINE so call it first */
+	RAND_set_rand_method(tmp_meth);
+	funct_ref = engine;
+	return 1;
 	}
 
 void RAND_cleanup(void)
@@ -100,6 +124,7 @@ void RAND_cleanup(void)
 	const RAND_METHOD *meth = RAND_get_rand_method();
 	if (meth && meth->cleanup)
 		meth->cleanup();
+	RAND_set_rand_method(NULL);
 	}
 
 void RAND_seed(const void *buf, int num)

crypto/rsa/rsa.h

@@ -66,6 +66,7 @@
 #endif
 #include <openssl/bn.h>
 #include <openssl/crypto.h>
+#include <openssl/types.h>
 
 #ifdef OPENSSL_NO_RSA
 #error RSA is disabled.
@@ -122,11 +123,9 @@ struct rsa_st
 	 * this is passed instead of aEVP_PKEY, it is set to 0 */
 	int pad;
 	long version;
-#if 0
+	const RSA_METHOD *meth;
-	RSA_METHOD *meth;
+	/* functional reference if 'meth' is ENGINE-provided */
-#else
+	ENGINE *engine;
-	struct engine_st *engine;
-#endif
 	BIGNUM *n;
 	BIGNUM *e;
 	BIGNUM *d;
@@ -180,11 +179,7 @@ struct rsa_st
 #define RSA_get_app_data(s)             RSA_get_ex_data(s,0)
 
 RSA *	RSA_new(void);
-#if 0
+RSA *	RSA_new_method(ENGINE *engine);
-RSA *	RSA_new_method(RSA_METHOD *method);
-#else
-RSA *	RSA_new_method(struct engine_st *engine);
-#endif
 int	RSA_size(const RSA *);
 RSA *	RSA_generate_key(int bits, unsigned long e,void
 		(*callback)(int,int,void *),void *cb_arg);
@@ -204,14 +199,10 @@ int	RSA_up_ref(RSA *r);
 
 int	RSA_flags(const RSA *r);
 
-void RSA_set_default_openssl_method(const RSA_METHOD *meth);
+void RSA_set_default_method(const RSA_METHOD *meth);
-const RSA_METHOD *RSA_get_default_openssl_method(void);
+const RSA_METHOD *RSA_get_default_method(void);
 const RSA_METHOD *RSA_get_method(const RSA *rsa);
-#if 0
+int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
-RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth);
-#else
-int RSA_set_method(RSA *rsa, struct engine_st *engine);
-#endif
 
 /* This function needs the memory locking malloc callbacks to be installed */
 int RSA_memory_lock(RSA *r);

crypto/rsa/rsa_eay.c

@@ -100,13 +100,11 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void)
 static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
 	     unsigned char *to, RSA *rsa, int padding)
 	{
-	const RSA_METHOD *meth;
 	BIGNUM f,ret;
 	int i,j,k,num=0,r= -1;
 	unsigned char *buf=NULL;
 	BN_CTX *ctx=NULL;
 
-	meth = ENGINE_get_RSA(rsa->engine);
 	BN_init(&f);
 	BN_init(&ret);
 	if ((ctx=BN_CTX_new()) == NULL) goto err;
@@ -172,7 +170,7 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
 			BN_MONT_CTX_free(bn_mont_ctx);
 		}
 		
-	if (!meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
+	if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
 		rsa->_method_mod_n)) goto err;
 
 	/* put in leading 0 bytes if the number is less than the
@@ -199,13 +197,11 @@ err:
 static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
 	     unsigned char *to, RSA *rsa, int padding)
 	{
-	const RSA_METHOD *meth;
 	BIGNUM f,ret;
 	int i,j,k,num=0,r= -1;
 	unsigned char *buf=NULL;
 	BN_CTX *ctx=NULL;
 
-	meth = ENGINE_get_RSA(rsa->engine);
 	BN_init(&f);
 	BN_init(&ret);
 
@@ -252,10 +248,10 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
 		(rsa->dmp1 != NULL) &&
 		(rsa->dmq1 != NULL) &&
 		(rsa->iqmp != NULL)) )
-		{ if (!meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
+		{ if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
 	else
 		{
-		if (!meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err;
+		if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err;
 		}
 
 	if (rsa->flags & RSA_FLAG_BLINDING)
@@ -284,14 +280,12 @@ err:
 static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
 	     unsigned char *to, RSA *rsa, int padding)
 	{
-	const RSA_METHOD *meth;
 	BIGNUM f,ret;
 	int j,num=0,r= -1;
 	unsigned char *p;
 	unsigned char *buf=NULL;
 	BN_CTX *ctx=NULL;
 
-	meth = ENGINE_get_RSA(rsa->engine);
 	BN_init(&f);
 	BN_init(&ret);
 	ctx=BN_CTX_new();
@@ -334,10 +328,10 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
 		(rsa->dmp1 != NULL) &&
 		(rsa->dmq1 != NULL) &&
 		(rsa->iqmp != NULL)) )
-		{ if (!meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
+		{ if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
 	else
 		{
-		if (!meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL))
+		if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL))
 			goto err;
 		}
 
@@ -386,14 +380,12 @@ err:
 static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
 	     unsigned char *to, RSA *rsa, int padding)
 	{
-	const RSA_METHOD *meth;
 	BIGNUM f,ret;
 	int i,num=0,r= -1;
 	unsigned char *p;
 	unsigned char *buf=NULL;
 	BN_CTX *ctx=NULL;
 
-	meth = ENGINE_get_RSA(rsa->engine);
 	BN_init(&f);
 	BN_init(&ret);
 	ctx=BN_CTX_new();
@@ -448,7 +440,7 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
 			BN_MONT_CTX_free(bn_mont_ctx);
 		}
 		
-	if (!meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
+	if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
 		rsa->_method_mod_n)) goto err;
 
 	p=buf;
@@ -483,12 +475,10 @@ err:
 
 static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
 	{
-	const RSA_METHOD *meth;
 	BIGNUM r1,m1,vrfy;
 	int ret=0;
 	BN_CTX *ctx;
 
-	meth = ENGINE_get_RSA(rsa->engine);
 	if ((ctx=BN_CTX_new()) == NULL) goto err;
 	BN_init(&m1);
 	BN_init(&r1);
@@ -546,11 +536,11 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
 		}
 		
 	if (!BN_mod(&r1,I,rsa->q,ctx)) goto err;
-	if (!meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx,
+	if (!rsa->meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx,
 		rsa->_method_mod_q)) goto err;
 
 	if (!BN_mod(&r1,I,rsa->p,ctx)) goto err;
-	if (!meth->bn_mod_exp(r0,&r1,rsa->dmp1,rsa->p,ctx,
+	if (!rsa->meth->bn_mod_exp(r0,&r1,rsa->dmp1,rsa->p,ctx,
 		rsa->_method_mod_p)) goto err;
 
 	if (!BN_sub(r0,r0,&m1)) goto err;
@@ -575,7 +565,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
 
 	if (rsa->e && rsa->n)
 		{
-		if (!meth->bn_mod_exp(&vrfy,r0,rsa->e,rsa->n,ctx,NULL)) goto err;
+		if (!rsa->meth->bn_mod_exp(&vrfy,r0,rsa->e,rsa->n,ctx,NULL)) goto err;
 		/* If 'I' was greater than (or equal to) rsa->n, the operation
 		 * will be equivalent to using 'I mod n'. However, the result of
 		 * the verify will *always* be less than 'n' so we don't check
@@ -588,7 +578,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
 			/* 'I' and 'vrfy' aren't congruent mod n. Don't leak
 			 * miscalculated CRT output, just do a raw (slower)
 			 * mod_exp and return that instead. */
-			if (!meth->bn_mod_exp(r0,I,rsa->d,rsa->n,ctx,NULL)) goto err;
+			if (!rsa->meth->bn_mod_exp(r0,I,rsa->d,rsa->n,ctx,NULL)) goto err;
 		}
 	ret=1;
 err:

crypto/rsa/rsa_lib.c

@@ -73,27 +73,13 @@ RSA *RSA_new(void)
 	return(RSA_new_method(NULL));
 	}
 
-void RSA_set_default_openssl_method(const RSA_METHOD *meth)
+void RSA_set_default_method(const RSA_METHOD *meth)
 	{
-	ENGINE *e;
+	default_RSA_meth = meth;
-	/* We'll need to notify the "openssl" ENGINE of this
-	 * change too. We won't bother locking things down at
-	 * our end as there was never any locking in these
-	 * functions! */
-	if(default_RSA_meth != meth)
-		{
-		default_RSA_meth = meth;
-		e = ENGINE_by_id("openssl");
-		if(e)
-			{
-			ENGINE_set_RSA(e, meth);
-			ENGINE_free(e);
-			}
-		}
 	}
 
-const RSA_METHOD *RSA_get_default_openssl_method(void)
+const RSA_METHOD *RSA_get_default_method(void)
-{
+	{
 	if (default_RSA_meth == NULL)
 		{
 #ifdef RSA_NULL
@@ -108,49 +94,32 @@ const RSA_METHOD *RSA_get_default_openssl_method(void)
 		}
 
 	return default_RSA_meth;
-}
+	}
 
 const RSA_METHOD *RSA_get_method(const RSA *rsa)
-{
+	{
-	return ENGINE_get_RSA(rsa->engine);
+	return rsa->meth;
-}
+	}
 
-#if 0
+int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
-RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth)
+	{
-{
+	/* NB: The caller is specifically setting a method, so it's not up to us
-	RSA_METHOD *mtmp;
+	 * to deal with which ENGINE it comes from. */
+	const RSA_METHOD *mtmp;
 	mtmp = rsa->meth;
 	if (mtmp->finish) mtmp->finish(rsa);
+	if (rsa->engine)
+		{
+		ENGINE_finish(rsa->engine);
+		rsa->engine = NULL;
+		}
 	rsa->meth = meth;
 	if (meth->init) meth->init(rsa);
-	return mtmp;
-}
-#else
-int RSA_set_method(RSA *rsa, ENGINE *engine)
-{
-	ENGINE *mtmp;
-	const RSA_METHOD *meth;
-	mtmp = rsa->engine;
-	meth = ENGINE_get_RSA(mtmp);
-	if (!ENGINE_init(engine))
-		return 0;
-	if (meth->finish) meth->finish(rsa);
-	rsa->engine = engine;
-	meth = ENGINE_get_RSA(engine);
-	if (meth->init) meth->init(rsa);
-	/* SHOULD ERROR CHECK THIS!!! */
-	ENGINE_finish(mtmp);
 	return 1;
-}
+	}
-#endif
 
-#if 0
-RSA *RSA_new_method(RSA_METHOD *meth)
-#else
 RSA *RSA_new_method(ENGINE *engine)
-#endif
 	{
-	const RSA_METHOD *meth;
 	RSA *ret;
 
 	ret=(RSA *)OPENSSL_malloc(sizeof(RSA));
@@ -160,24 +129,22 @@ RSA *RSA_new_method(ENGINE *engine)
 		return(NULL);
 		}
 
-	if (engine)
+	ret->meth = RSA_get_default_method();
+	ret->engine = engine;
+	if(!ret->engine)
+		ret->engine = ENGINE_get_default_RSA();
+	if(ret->engine)
 		{
-		if(ENGINE_init(engine))
+		ret->meth = ENGINE_get_RSA(ret->engine);
-			ret->engine = engine;
+		if(!ret->meth)
-		else 
+			{
-			ret->engine = NULL;
+			RSAerr(RSA_F_RSA_NEW_METHOD,
+				ERR_R_ENGINE_LIB);
+			ENGINE_finish(ret->engine);
+			OPENSSL_free(ret);
+			return NULL;
+			}
 		}
-	else
-		ret->engine=ENGINE_get_default_RSA();
-
-	if(ret->engine == NULL)
-		{
-		RSAerr(RSA_F_RSA_NEW_METHOD,ERR_LIB_ENGINE);
-		OPENSSL_free(ret);
-		return NULL;
-		}
-
-	meth = ENGINE_get_RSA(ret->engine);
 
 	ret->pad=0;
 	ret->version=0;
@@ -195,9 +162,9 @@ RSA *RSA_new_method(ENGINE *engine)
 	ret->_method_mod_q=NULL;
 	ret->blinding=NULL;
 	ret->bignum_data=NULL;
-	ret->flags=meth->flags;
+	ret->flags=ret->meth->flags;
 	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
-	if ((meth->init != NULL) && !meth->init(ret))
+	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
 		{
 		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
 		OPENSSL_free(ret);
@@ -208,7 +175,6 @@ RSA *RSA_new_method(ENGINE *engine)
 
 void RSA_free(RSA *r)
 	{
-	const RSA_METHOD *meth;
 	int i;
 
 	if (r == NULL) return;
@@ -226,10 +192,10 @@ void RSA_free(RSA *r)
 		}
 #endif
 
-	meth = ENGINE_get_RSA(r->engine);
+	if (r->meth->finish)
-	if (meth->finish != NULL)
+		r->meth->finish(r);
-		meth->finish(r);
+	if (r->engine)
-	ENGINE_finish(r->engine);
+		ENGINE_finish(r->engine);
 
 	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
 
@@ -287,34 +253,30 @@ int RSA_size(const RSA *r)
 int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
 	     RSA *rsa, int padding)
 	{
-	return(ENGINE_get_RSA(rsa->engine)->rsa_pub_enc(flen,
+	return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding));
-		from, to, rsa, padding));
 	}
 
 int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
 	     RSA *rsa, int padding)
 	{
-	return(ENGINE_get_RSA(rsa->engine)->rsa_priv_enc(flen,
+	return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
-		from, to, rsa, padding));
 	}
 
 int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
 	     RSA *rsa, int padding)
 	{
-	return(ENGINE_get_RSA(rsa->engine)->rsa_priv_dec(flen,
+	return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding));
-		from, to, rsa, padding));
 	}
 
 int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
 	     RSA *rsa, int padding)
 	{
-	return(ENGINE_get_RSA(rsa->engine)->rsa_pub_dec(flen,
+	return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
-		from, to, rsa, padding));
 	}
 
 int RSA_flags(const RSA *r)
 	{
-	return((r == NULL)?0:ENGINE_get_RSA(r->engine)->flags);
+	return((r == NULL)?0:r->meth->flags);
 	}
 
 void RSA_blinding_off(RSA *rsa)
@@ -348,8 +310,7 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
 	if (!BN_rand_range(A,rsa->n)) goto err;
 	if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err;
 
-	if (!ENGINE_get_RSA(rsa->engine)->bn_mod_exp(A,A,
+	if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n))
-		rsa->e,rsa->n,ctx,rsa->_method_mod_n))
 	    goto err;
 	rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n);
 	rsa->flags|=RSA_FLAG_BLINDING;
@@ -405,4 +366,3 @@ int RSA_memory_lock(RSA *r)
 	r->bignum_data=p;
 	return(1);
 	}
-

crypto/rsa/rsa_test.c

@@ -16,6 +16,7 @@ int main(int argc, char *argv[])
 }
 #else
 #include <openssl/rsa.h>
+#include <openssl/engine.h>
 
 #define SetKey \
   key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \
@@ -219,12 +220,12 @@ int main(int argc, char *argv[])
     int clen = 0;
     int num;
 
-    RAND_seed(rnd_seed, sizeof rnd_seed); /* or OAEP may fail */
-
     CRYPTO_malloc_debug_init();
     CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
     CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-	
+
+    RAND_seed(rnd_seed, sizeof rnd_seed); /* or OAEP may fail */
+
     plen = sizeof(ptext_ex) - 1;
 
     for (v = 0; v < 3; v++)
@@ -310,7 +311,7 @@ int main(int argc, char *argv[])
     CRYPTO_cleanup_all_ex_data();
     ERR_remove_state(0);
 
-    CRYPTO_mem_leaks_fp(stdout);
+    CRYPTO_mem_leaks_fp(stderr);
 
     return err;
     }