engine.h revision 296465
1/* openssl/engine.h */ 2/* 3 * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project 4 * 2000. 5 */ 6/* ==================================================================== 7 * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in 18 * the documentation and/or other materials provided with the 19 * distribution. 20 * 21 * 3. All advertising materials mentioning features or use of this 22 * software must display the following acknowledgment: 23 * "This product includes software developed by the OpenSSL Project 24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 25 * 26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 27 * endorse or promote products derived from this software without 28 * prior written permission. For written permission, please contact 29 * licensing@OpenSSL.org. 30 * 31 * 5. Products derived from this software may not be called "OpenSSL" 32 * nor may "OpenSSL" appear in their names without prior written 33 * permission of the OpenSSL Project. 34 * 35 * 6. Redistributions of any form whatsoever must retain the following 36 * acknowledgment: 37 * "This product includes software developed by the OpenSSL Project 38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 51 * OF THE POSSIBILITY OF SUCH DAMAGE. 52 * ==================================================================== 53 * 54 * This product includes cryptographic software written by Eric Young 55 * (eay@cryptsoft.com). This product includes software written by Tim 56 * Hudson (tjh@cryptsoft.com). 57 * 58 */ 59/* ==================================================================== 60 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 61 * ECDH support in OpenSSL originally developed by 62 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 63 */ 64 65#ifndef HEADER_ENGINE_H 66# define HEADER_ENGINE_H 67 68# include <openssl/opensslconf.h> 69 70# ifdef OPENSSL_NO_ENGINE 71# error ENGINE is disabled. 72# endif 73 74# ifndef OPENSSL_NO_DEPRECATED 75# include <openssl/bn.h> 76# ifndef OPENSSL_NO_RSA 77# include <openssl/rsa.h> 78# endif 79# ifndef OPENSSL_NO_DSA 80# include <openssl/dsa.h> 81# endif 82# ifndef OPENSSL_NO_DH 83# include <openssl/dh.h> 84# endif 85# ifndef OPENSSL_NO_ECDH 86# include <openssl/ecdh.h> 87# endif 88# ifndef OPENSSL_NO_ECDSA 89# include <openssl/ecdsa.h> 90# endif 91# include <openssl/rand.h> 92# include <openssl/store.h> 93# include <openssl/ui.h> 94# include <openssl/err.h> 95# endif 96 97# include <openssl/x509.h> 98 99# include <openssl/ossl_typ.h> 100# include <openssl/symhacks.h> 101 102#ifdef __cplusplus 103extern "C" { 104#endif 105 106/* 107 * These flags are used to control combinations of algorithm (methods) by 108 * bitwise "OR"ing. 109 */ 110# define ENGINE_METHOD_RSA (unsigned int)0x0001 111# define ENGINE_METHOD_DSA (unsigned int)0x0002 112# define ENGINE_METHOD_DH (unsigned int)0x0004 113# define ENGINE_METHOD_RAND (unsigned int)0x0008 114# define ENGINE_METHOD_ECDH (unsigned int)0x0010 115# define ENGINE_METHOD_ECDSA (unsigned int)0x0020 116# define ENGINE_METHOD_CIPHERS (unsigned int)0x0040 117# define ENGINE_METHOD_DIGESTS (unsigned int)0x0080 118# define ENGINE_METHOD_STORE (unsigned int)0x0100 119/* Obvious all-or-nothing cases. */ 120# define ENGINE_METHOD_ALL (unsigned int)0xFFFF 121# define ENGINE_METHOD_NONE (unsigned int)0x0000 122 123/* 124 * This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used 125 * internally to control registration of ENGINE implementations, and can be 126 * set by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to 127 * initialise registered ENGINEs if they are not already initialised. 128 */ 129# define ENGINE_TABLE_FLAG_NOINIT (unsigned int)0x0001 130 131/* ENGINE flags that can be set by ENGINE_set_flags(). */ 132/* Not used */ 133/* #define ENGINE_FLAGS_MALLOCED 0x0001 */ 134 135/* 136 * This flag is for ENGINEs that wish to handle the various 'CMD'-related 137 * control commands on their own. Without this flag, ENGINE_ctrl() handles 138 * these control commands on behalf of the ENGINE using their "cmd_defns" 139 * data. 140 */ 141# define ENGINE_FLAGS_MANUAL_CMD_CTRL (int)0x0002 142 143/* 144 * This flag is for ENGINEs who return new duplicate structures when found 145 * via "ENGINE_by_id()". When an ENGINE must store state (eg. if 146 * ENGINE_ctrl() commands are called in sequence as part of some stateful 147 * process like key-generation setup and execution), it can set this flag - 148 * then each attempt to obtain the ENGINE will result in it being copied into 149 * a new structure. Normally, ENGINEs don't declare this flag so 150 * ENGINE_by_id() just increments the existing ENGINE's structural reference 151 * count. 152 */ 153# define ENGINE_FLAGS_BY_ID_COPY (int)0x0004 154 155/* 156 * ENGINEs can support their own command types, and these flags are used in 157 * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input 158 * each command expects. Currently only numeric and string input is 159 * supported. If a control command supports none of the _NUMERIC, _STRING, or 160 * _NO_INPUT options, then it is regarded as an "internal" control command - 161 * and not for use in config setting situations. As such, they're not 162 * available to the ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl() 163 * access. Changes to this list of 'command types' should be reflected 164 * carefully in ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string(). 165 */ 166 167/* accepts a 'long' input value (3rd parameter to ENGINE_ctrl) */ 168# define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001 169/* 170 * accepts string input (cast from 'void*' to 'const char *', 4th parameter 171 * to ENGINE_ctrl) 172 */ 173# define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002 174/* 175 * Indicates that the control command takes *no* input. Ie. the control 176 * command is unparameterised. 177 */ 178# define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004 179/* 180 * Indicates that the control command is internal. This control command won't 181 * be shown in any output, and is only usable through the ENGINE_ctrl_cmd() 182 * function. 183 */ 184# define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008 185 186/* 187 * NB: These 3 control commands are deprecated and should not be used. 188 * ENGINEs relying on these commands should compile conditional support for 189 * compatibility (eg. if these symbols are defined) but should also migrate 190 * the same functionality to their own ENGINE-specific control functions that 191 * can be "discovered" by calling applications. The fact these control 192 * commands wouldn't be "executable" (ie. usable by text-based config) 193 * doesn't change the fact that application code can find and use them 194 * without requiring per-ENGINE hacking. 195 */ 196 197/* 198 * These flags are used to tell the ctrl function what should be done. All 199 * command numbers are shared between all engines, even if some don't make 200 * sense to some engines. In such a case, they do nothing but return the 201 * error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. 202 */ 203# define ENGINE_CTRL_SET_LOGSTREAM 1 204# define ENGINE_CTRL_SET_PASSWORD_CALLBACK 2 205# define ENGINE_CTRL_HUP 3/* Close and reinitialise 206 * any handles/connections 207 * etc. */ 208# define ENGINE_CTRL_SET_USER_INTERFACE 4/* Alternative to callback */ 209# define ENGINE_CTRL_SET_CALLBACK_DATA 5/* User-specific data, used 210 * when calling the password 211 * callback and the user 212 * interface */ 213# define ENGINE_CTRL_LOAD_CONFIGURATION 6/* Load a configuration, 214 * given a string that 215 * represents a file name 216 * or so */ 217# define ENGINE_CTRL_LOAD_SECTION 7/* Load data from a given 218 * section in the already 219 * loaded configuration */ 220 221/* 222 * These control commands allow an application to deal with an arbitrary 223 * engine in a dynamic way. Warn: Negative return values indicate errors FOR 224 * THESE COMMANDS because zero is used to indicate 'end-of-list'. Other 225 * commands, including ENGINE-specific command types, return zero for an 226 * error. An ENGINE can choose to implement these ctrl functions, and can 227 * internally manage things however it chooses - it does so by setting the 228 * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise 229 * the ENGINE_ctrl() code handles this on the ENGINE's behalf using the 230 * cmd_defns data (set using ENGINE_set_cmd_defns()). This means an ENGINE's 231 * ctrl() handler need only implement its own commands - the above "meta" 232 * commands will be taken care of. 233 */ 234 235/* 236 * Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not", 237 * then all the remaining control commands will return failure, so it is 238 * worth checking this first if the caller is trying to "discover" the 239 * engine's capabilities and doesn't want errors generated unnecessarily. 240 */ 241# define ENGINE_CTRL_HAS_CTRL_FUNCTION 10 242/* 243 * Returns a positive command number for the first command supported by the 244 * engine. Returns zero if no ctrl commands are supported. 245 */ 246# define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11 247/* 248 * The 'long' argument specifies a command implemented by the engine, and the 249 * return value is the next command supported, or zero if there are no more. 250 */ 251# define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12 252/* 253 * The 'void*' argument is a command name (cast from 'const char *'), and the 254 * return value is the command that corresponds to it. 255 */ 256# define ENGINE_CTRL_GET_CMD_FROM_NAME 13 257/* 258 * The next two allow a command to be converted into its corresponding string 259 * form. In each case, the 'long' argument supplies the command. In the 260 * NAME_LEN case, the return value is the length of the command name (not 261 * counting a trailing EOL). In the NAME case, the 'void*' argument must be a 262 * string buffer large enough, and it will be populated with the name of the 263 * command (WITH a trailing EOL). 264 */ 265# define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14 266# define ENGINE_CTRL_GET_NAME_FROM_CMD 15 267/* The next two are similar but give a "short description" of a command. */ 268# define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16 269# define ENGINE_CTRL_GET_DESC_FROM_CMD 17 270/* 271 * With this command, the return value is the OR'd combination of 272 * ENGINE_CMD_FLAG_*** values that indicate what kind of input a given 273 * engine-specific ctrl command expects. 274 */ 275# define ENGINE_CTRL_GET_CMD_FLAGS 18 276 277/* 278 * ENGINE implementations should start the numbering of their own control 279 * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). 280 */ 281# define ENGINE_CMD_BASE 200 282 283/* 284 * NB: These 2 nCipher "chil" control commands are deprecated, and their 285 * functionality is now available through ENGINE-specific control commands 286 * (exposed through the above-mentioned 'CMD'-handling). Code using these 2 287 * commands should be migrated to the more general command handling before 288 * these are removed. 289 */ 290 291/* Flags specific to the nCipher "chil" engine */ 292# define ENGINE_CTRL_CHIL_SET_FORKCHECK 100 293 /* 294 * Depending on the value of the (long)i argument, this sets or 295 * unsets the SimpleForkCheck flag in the CHIL API to enable or 296 * disable checking and workarounds for applications that fork(). 297 */ 298# define ENGINE_CTRL_CHIL_NO_LOCKING 101 299 /* 300 * This prevents the initialisation function from providing mutex 301 * callbacks to the nCipher library. 302 */ 303 304/* 305 * If an ENGINE supports its own specific control commands and wishes the 306 * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on 307 * its behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN 308 * entries to ENGINE_set_cmd_defns(). It should also implement a ctrl() 309 * handler that supports the stated commands (ie. the "cmd_num" entries as 310 * described by the array). NB: The array must be ordered in increasing order 311 * of cmd_num. "null-terminated" means that the last ENGINE_CMD_DEFN element 312 * has cmd_num set to zero and/or cmd_name set to NULL. 313 */ 314typedef struct ENGINE_CMD_DEFN_st { 315 unsigned int cmd_num; /* The command number */ 316 const char *cmd_name; /* The command name itself */ 317 const char *cmd_desc; /* A short description of the command */ 318 unsigned int cmd_flags; /* The input the command expects */ 319} ENGINE_CMD_DEFN; 320 321/* Generic function pointer */ 322typedef int (*ENGINE_GEN_FUNC_PTR) (void); 323/* Generic function pointer taking no arguments */ 324typedef int (*ENGINE_GEN_INT_FUNC_PTR) (ENGINE *); 325/* Specific control function pointer */ 326typedef int (*ENGINE_CTRL_FUNC_PTR) (ENGINE *, int, long, void *, 327 void (*f) (void)); 328/* Generic load_key function pointer */ 329typedef EVP_PKEY *(*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *, 330 UI_METHOD *ui_method, 331 void *callback_data); 332typedef int (*ENGINE_SSL_CLIENT_CERT_PTR) (ENGINE *, SSL *ssl, 333 STACK_OF(X509_NAME) *ca_dn, 334 X509 **pcert, EVP_PKEY **pkey, 335 STACK_OF(X509) **pother, 336 UI_METHOD *ui_method, 337 void *callback_data); 338/*- 339 * These callback types are for an ENGINE's handler for cipher and digest logic. 340 * These handlers have these prototypes; 341 * int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); 342 * int foo(ENGINE *e, const EVP_MD **digest, const int **nids, int nid); 343 * Looking at how to implement these handlers in the case of cipher support, if 344 * the framework wants the EVP_CIPHER for 'nid', it will call; 345 * foo(e, &p_evp_cipher, NULL, nid); (return zero for failure) 346 * If the framework wants a list of supported 'nid's, it will call; 347 * foo(e, NULL, &p_nids, 0); (returns number of 'nids' or -1 for error) 348 */ 349/* 350 * Returns to a pointer to the array of supported cipher 'nid's. If the 351 * second parameter is non-NULL it is set to the size of the returned array. 352 */ 353typedef int (*ENGINE_CIPHERS_PTR) (ENGINE *, const EVP_CIPHER **, 354 const int **, int); 355typedef int (*ENGINE_DIGESTS_PTR) (ENGINE *, const EVP_MD **, const int **, 356 int); 357 358/* 359 * STRUCTURE functions ... all of these functions deal with pointers to 360 * ENGINE structures where the pointers have a "structural reference". This 361 * means that their reference is to allowed access to the structure but it 362 * does not imply that the structure is functional. To simply increment or 363 * decrement the structural reference count, use ENGINE_by_id and 364 * ENGINE_free. NB: This is not required when iterating using ENGINE_get_next 365 * as it will automatically decrement the structural reference count of the 366 * "current" ENGINE and increment the structural reference count of the 367 * ENGINE it returns (unless it is NULL). 368 */ 369 370/* Get the first/last "ENGINE" type available. */ 371ENGINE *ENGINE_get_first(void); 372ENGINE *ENGINE_get_last(void); 373/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */ 374ENGINE *ENGINE_get_next(ENGINE *e); 375ENGINE *ENGINE_get_prev(ENGINE *e); 376/* Add another "ENGINE" type into the array. */ 377int ENGINE_add(ENGINE *e); 378/* Remove an existing "ENGINE" type from the array. */ 379int ENGINE_remove(ENGINE *e); 380/* Retrieve an engine from the list by its unique "id" value. */ 381ENGINE *ENGINE_by_id(const char *id); 382/* Add all the built-in engines. */ 383void ENGINE_load_openssl(void); 384void ENGINE_load_dynamic(void); 385# ifndef OPENSSL_NO_STATIC_ENGINE 386void ENGINE_load_4758cca(void); 387void ENGINE_load_aep(void); 388void ENGINE_load_atalla(void); 389void ENGINE_load_chil(void); 390void ENGINE_load_cswift(void); 391# ifndef OPENSSL_NO_GMP 392void ENGINE_load_gmp(void); 393# endif 394void ENGINE_load_nuron(void); 395void ENGINE_load_sureware(void); 396void ENGINE_load_ubsec(void); 397# ifdef OPENSSL_SYS_WIN32 398# ifndef OPENSSL_NO_CAPIENG 399void ENGINE_load_capi(void); 400# endif 401# endif 402# endif 403void ENGINE_load_cryptodev(void); 404void ENGINE_load_padlock(void); 405void ENGINE_load_builtin_engines(void); 406 407/* 408 * Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation 409 * "registry" handling. 410 */ 411unsigned int ENGINE_get_table_flags(void); 412void ENGINE_set_table_flags(unsigned int flags); 413 414/*- Manage registration of ENGINEs per "table". For each type, there are 3 415 * functions; 416 * ENGINE_register_***(e) - registers the implementation from 'e' (if it has one) 417 * ENGINE_unregister_***(e) - unregister the implementation from 'e' 418 * ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list 419 * Cleanup is automatically registered from each table when required, so 420 * ENGINE_cleanup() will reverse any "register" operations. 421 */ 422 423int ENGINE_register_RSA(ENGINE *e); 424void ENGINE_unregister_RSA(ENGINE *e); 425void ENGINE_register_all_RSA(void); 426 427int ENGINE_register_DSA(ENGINE *e); 428void ENGINE_unregister_DSA(ENGINE *e); 429void ENGINE_register_all_DSA(void); 430 431int ENGINE_register_ECDH(ENGINE *e); 432void ENGINE_unregister_ECDH(ENGINE *e); 433void ENGINE_register_all_ECDH(void); 434 435int ENGINE_register_ECDSA(ENGINE *e); 436void ENGINE_unregister_ECDSA(ENGINE *e); 437void ENGINE_register_all_ECDSA(void); 438 439int ENGINE_register_DH(ENGINE *e); 440void ENGINE_unregister_DH(ENGINE *e); 441void ENGINE_register_all_DH(void); 442 443int ENGINE_register_RAND(ENGINE *e); 444void ENGINE_unregister_RAND(ENGINE *e); 445void ENGINE_register_all_RAND(void); 446 447int ENGINE_register_STORE(ENGINE *e); 448void ENGINE_unregister_STORE(ENGINE *e); 449void ENGINE_register_all_STORE(void); 450 451int ENGINE_register_ciphers(ENGINE *e); 452void ENGINE_unregister_ciphers(ENGINE *e); 453void ENGINE_register_all_ciphers(void); 454 455int ENGINE_register_digests(ENGINE *e); 456void ENGINE_unregister_digests(ENGINE *e); 457void ENGINE_register_all_digests(void); 458 459/* 460 * These functions register all support from the above categories. Note, use 461 * of these functions can result in static linkage of code your application 462 * may not need. If you only need a subset of functionality, consider using 463 * more selective initialisation. 464 */ 465int ENGINE_register_complete(ENGINE *e); 466int ENGINE_register_all_complete(void); 467 468/* 469 * Send parametrised control commands to the engine. The possibilities to 470 * send down an integer, a pointer to data or a function pointer are 471 * provided. Any of the parameters may or may not be NULL, depending on the 472 * command number. In actuality, this function only requires a structural 473 * (rather than functional) reference to an engine, but many control commands 474 * may require the engine be functional. The caller should be aware of trying 475 * commands that require an operational ENGINE, and only use functional 476 * references in such situations. 477 */ 478int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)); 479 480/* 481 * This function tests if an ENGINE-specific command is usable as a 482 * "setting". Eg. in an application's config file that gets processed through 483 * ENGINE_ctrl_cmd_string(). If this returns zero, it is not available to 484 * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl(). 485 */ 486int ENGINE_cmd_is_executable(ENGINE *e, int cmd); 487 488/* 489 * This function works like ENGINE_ctrl() with the exception of taking a 490 * command name instead of a command number, and can handle optional 491 * commands. See the comment on ENGINE_ctrl_cmd_string() for an explanation 492 * on how to use the cmd_name and cmd_optional. 493 */ 494int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, 495 long i, void *p, void (*f) (void), int cmd_optional); 496 497/* 498 * This function passes a command-name and argument to an ENGINE. The 499 * cmd_name is converted to a command number and the control command is 500 * called using 'arg' as an argument (unless the ENGINE doesn't support such 501 * a command, in which case no control command is called). The command is 502 * checked for input flags, and if necessary the argument will be converted 503 * to a numeric value. If cmd_optional is non-zero, then if the ENGINE 504 * doesn't support the given cmd_name the return value will be success 505 * anyway. This function is intended for applications to use so that users 506 * (or config files) can supply engine-specific config data to the ENGINE at 507 * run-time to control behaviour of specific engines. As such, it shouldn't 508 * be used for calling ENGINE_ctrl() functions that return data, deal with 509 * binary data, or that are otherwise supposed to be used directly through 510 * ENGINE_ctrl() in application code. Any "return" data from an ENGINE_ctrl() 511 * operation in this function will be lost - the return value is interpreted 512 * as failure if the return value is zero, success otherwise, and this 513 * function returns a boolean value as a result. In other words, vendors of 514 * 'ENGINE'-enabled devices should write ENGINE implementations with 515 * parameterisations that work in this scheme, so that compliant ENGINE-based 516 * applications can work consistently with the same configuration for the 517 * same ENGINE-enabled devices, across applications. 518 */ 519int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, 520 int cmd_optional); 521 522/* 523 * These functions are useful for manufacturing new ENGINE structures. They 524 * don't address reference counting at all - one uses them to populate an 525 * ENGINE structure with personalised implementations of things prior to 526 * using it directly or adding it to the builtin ENGINE list in OpenSSL. 527 * These are also here so that the ENGINE structure doesn't have to be 528 * exposed and break binary compatibility! 529 */ 530ENGINE *ENGINE_new(void); 531int ENGINE_free(ENGINE *e); 532int ENGINE_up_ref(ENGINE *e); 533int ENGINE_set_id(ENGINE *e, const char *id); 534int ENGINE_set_name(ENGINE *e, const char *name); 535int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); 536int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); 537int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth); 538int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth); 539int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); 540int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); 541int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth); 542int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); 543int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); 544int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); 545int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f); 546int ENGINE_set_load_privkey_function(ENGINE *e, 547 ENGINE_LOAD_KEY_PTR loadpriv_f); 548int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f); 549int ENGINE_set_load_ssl_client_cert_function(ENGINE *e, 550 ENGINE_SSL_CLIENT_CERT_PTR 551 loadssl_f); 552int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f); 553int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f); 554int ENGINE_set_flags(ENGINE *e, int flags); 555int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); 556/* These functions allow control over any per-structure ENGINE data. */ 557int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 558 CRYPTO_EX_dup *dup_func, 559 CRYPTO_EX_free *free_func); 560int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg); 561void *ENGINE_get_ex_data(const ENGINE *e, int idx); 562 563/* 564 * This function cleans up anything that needs it. Eg. the ENGINE_add() 565 * function automatically ensures the list cleanup function is registered to 566 * be called from ENGINE_cleanup(). Similarly, all ENGINE_register_*** 567 * functions ensure ENGINE_cleanup() will clean up after them. 568 */ 569void ENGINE_cleanup(void); 570 571/* 572 * These return values from within the ENGINE structure. These can be useful 573 * with functional references as well as structural references - it depends 574 * which you obtained. Using the result for functional purposes if you only 575 * obtained a structural reference may be problematic! 576 */ 577const char *ENGINE_get_id(const ENGINE *e); 578const char *ENGINE_get_name(const ENGINE *e); 579const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); 580const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e); 581const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e); 582const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e); 583const DH_METHOD *ENGINE_get_DH(const ENGINE *e); 584const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); 585const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e); 586ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e); 587ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e); 588ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); 589ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e); 590ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e); 591ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e); 592ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE 593 *e); 594ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e); 595ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e); 596const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid); 597const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid); 598const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e); 599int ENGINE_get_flags(const ENGINE *e); 600 601/* 602 * FUNCTIONAL functions. These functions deal with ENGINE structures that 603 * have (or will) be initialised for use. Broadly speaking, the structural 604 * functions are useful for iterating the list of available engine types, 605 * creating new engine types, and other "list" operations. These functions 606 * actually deal with ENGINEs that are to be used. As such these functions 607 * can fail (if applicable) when particular engines are unavailable - eg. if 608 * a hardware accelerator is not attached or not functioning correctly. Each 609 * ENGINE has 2 reference counts; structural and functional. Every time a 610 * functional reference is obtained or released, a corresponding structural 611 * reference is automatically obtained or released too. 612 */ 613 614/* 615 * Initialise a engine type for use (or up its reference count if it's 616 * already in use). This will fail if the engine is not currently operational 617 * and cannot initialise. 618 */ 619int ENGINE_init(ENGINE *e); 620/* 621 * Free a functional reference to a engine type. This does not require a 622 * corresponding call to ENGINE_free as it also releases a structural 623 * reference. 624 */ 625int ENGINE_finish(ENGINE *e); 626 627/* 628 * The following functions handle keys that are stored in some secondary 629 * location, handled by the engine. The storage may be on a card or 630 * whatever. 631 */ 632EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, 633 UI_METHOD *ui_method, void *callback_data); 634EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, 635 UI_METHOD *ui_method, void *callback_data); 636int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, 637 STACK_OF(X509_NAME) *ca_dn, X509 **pcert, 638 EVP_PKEY **ppkey, STACK_OF(X509) **pother, 639 UI_METHOD *ui_method, void *callback_data); 640 641/* 642 * This returns a pointer for the current ENGINE structure that is (by 643 * default) performing any RSA operations. The value returned is an 644 * incremented reference, so it should be free'd (ENGINE_finish) before it is 645 * discarded. 646 */ 647ENGINE *ENGINE_get_default_RSA(void); 648/* Same for the other "methods" */ 649ENGINE *ENGINE_get_default_DSA(void); 650ENGINE *ENGINE_get_default_ECDH(void); 651ENGINE *ENGINE_get_default_ECDSA(void); 652ENGINE *ENGINE_get_default_DH(void); 653ENGINE *ENGINE_get_default_RAND(void); 654/* 655 * These functions can be used to get a functional reference to perform 656 * ciphering or digesting corresponding to "nid". 657 */ 658ENGINE *ENGINE_get_cipher_engine(int nid); 659ENGINE *ENGINE_get_digest_engine(int nid); 660 661/* 662 * This sets a new default ENGINE structure for performing RSA operations. If 663 * the result is non-zero (success) then the ENGINE structure will have had 664 * its reference count up'd so the caller should still free their own 665 * reference 'e'. 666 */ 667int ENGINE_set_default_RSA(ENGINE *e); 668int ENGINE_set_default_string(ENGINE *e, const char *def_list); 669/* Same for the other "methods" */ 670int ENGINE_set_default_DSA(ENGINE *e); 671int ENGINE_set_default_ECDH(ENGINE *e); 672int ENGINE_set_default_ECDSA(ENGINE *e); 673int ENGINE_set_default_DH(ENGINE *e); 674int ENGINE_set_default_RAND(ENGINE *e); 675int ENGINE_set_default_ciphers(ENGINE *e); 676int ENGINE_set_default_digests(ENGINE *e); 677 678/* 679 * The combination "set" - the flags are bitwise "OR"d from the 680 * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()" 681 * function, this function can result in unnecessary static linkage. If your 682 * application requires only specific functionality, consider using more 683 * selective functions. 684 */ 685int ENGINE_set_default(ENGINE *e, unsigned int flags); 686 687void ENGINE_add_conf_module(void); 688 689/* Deprecated functions ... */ 690/* int ENGINE_clear_defaults(void); */ 691 692/**************************/ 693/* DYNAMIC ENGINE SUPPORT */ 694/**************************/ 695 696/* Binary/behaviour compatibility levels */ 697# define OSSL_DYNAMIC_VERSION (unsigned long)0x00020000 698/* 699 * Binary versions older than this are too old for us (whether we're a loader 700 * or a loadee) 701 */ 702# define OSSL_DYNAMIC_OLDEST (unsigned long)0x00020000 703 704/* 705 * When compiling an ENGINE entirely as an external shared library, loadable 706 * by the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' 707 * structure type provides the calling application's (or library's) error 708 * functionality and memory management function pointers to the loaded 709 * library. These should be used/set in the loaded library code so that the 710 * loading application's 'state' will be used/changed in all operations. The 711 * 'static_state' pointer allows the loaded library to know if it shares the 712 * same static data as the calling application (or library), and thus whether 713 * these callbacks need to be set or not. 714 */ 715typedef void *(*dyn_MEM_malloc_cb) (size_t); 716typedef void *(*dyn_MEM_realloc_cb) (void *, size_t); 717typedef void (*dyn_MEM_free_cb) (void *); 718typedef struct st_dynamic_MEM_fns { 719 dyn_MEM_malloc_cb malloc_cb; 720 dyn_MEM_realloc_cb realloc_cb; 721 dyn_MEM_free_cb free_cb; 722} dynamic_MEM_fns; 723/* 724 * FIXME: Perhaps the memory and locking code (crypto.h) should declare and 725 * use these types so we (and any other dependant code) can simplify a bit?? 726 */ 727typedef void (*dyn_lock_locking_cb) (int, int, const char *, int); 728typedef int (*dyn_lock_add_lock_cb) (int *, int, int, const char *, int); 729typedef struct CRYPTO_dynlock_value *(*dyn_dynlock_create_cb) (const char *, 730 int); 731typedef void (*dyn_dynlock_lock_cb) (int, struct CRYPTO_dynlock_value *, 732 const char *, int); 733typedef void (*dyn_dynlock_destroy_cb) (struct CRYPTO_dynlock_value *, 734 const char *, int); 735typedef struct st_dynamic_LOCK_fns { 736 dyn_lock_locking_cb lock_locking_cb; 737 dyn_lock_add_lock_cb lock_add_lock_cb; 738 dyn_dynlock_create_cb dynlock_create_cb; 739 dyn_dynlock_lock_cb dynlock_lock_cb; 740 dyn_dynlock_destroy_cb dynlock_destroy_cb; 741} dynamic_LOCK_fns; 742/* The top-level structure */ 743typedef struct st_dynamic_fns { 744 void *static_state; 745 const ERR_FNS *err_fns; 746 const CRYPTO_EX_DATA_IMPL *ex_data_fns; 747 dynamic_MEM_fns mem_fns; 748 dynamic_LOCK_fns lock_fns; 749} dynamic_fns; 750 751/* 752 * The version checking function should be of this prototype. NB: The 753 * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading 754 * code. If this function returns zero, it indicates a (potential) version 755 * incompatibility and the loaded library doesn't believe it can proceed. 756 * Otherwise, the returned value is the (latest) version supported by the 757 * loading library. The loader may still decide that the loaded code's 758 * version is unsatisfactory and could veto the load. The function is 759 * expected to be implemented with the symbol name "v_check", and a default 760 * implementation can be fully instantiated with 761 * IMPLEMENT_DYNAMIC_CHECK_FN(). 762 */ 763typedef unsigned long (*dynamic_v_check_fn) (unsigned long ossl_version); 764# define IMPLEMENT_DYNAMIC_CHECK_FN() \ 765 OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \ 766 if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \ 767 return 0; } 768 769/* 770 * This function is passed the ENGINE structure to initialise with its own 771 * function and command settings. It should not adjust the structural or 772 * functional reference counts. If this function returns zero, (a) the load 773 * will be aborted, (b) the previous ENGINE state will be memcpy'd back onto 774 * the structure, and (c) the shared library will be unloaded. So 775 * implementations should do their own internal cleanup in failure 776 * circumstances otherwise they could leak. The 'id' parameter, if non-NULL, 777 * represents the ENGINE id that the loader is looking for. If this is NULL, 778 * the shared library can choose to return failure or to initialise a 779 * 'default' ENGINE. If non-NULL, the shared library must initialise only an 780 * ENGINE matching the passed 'id'. The function is expected to be 781 * implemented with the symbol name "bind_engine". A standard implementation 782 * can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where the parameter 783 * 'fn' is a callback function that populates the ENGINE structure and 784 * returns an int value (zero for failure). 'fn' should have prototype; 785 * [static] int fn(ENGINE *e, const char *id); 786 */ 787typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id, 788 const dynamic_fns *fns); 789# define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ 790 OPENSSL_EXPORT \ 791 int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ 792 if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \ 793 if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \ 794 fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \ 795 return 0; \ 796 CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \ 797 CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \ 798 CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \ 799 CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \ 800 CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \ 801 if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \ 802 return 0; \ 803 if(!ERR_set_implementation(fns->err_fns)) return 0; \ 804 skip_cbs: \ 805 if(!fn(e,id)) return 0; \ 806 return 1; } 807 808/* 809 * If the loading application (or library) and the loaded ENGINE library 810 * share the same static data (eg. they're both dynamically linked to the 811 * same libcrypto.so) we need a way to avoid trying to set system callbacks - 812 * this would fail, and for the same reason that it's unnecessary to try. If 813 * the loaded ENGINE has (or gets from through the loader) its own copy of 814 * the libcrypto static data, we will need to set the callbacks. The easiest 815 * way to detect this is to have a function that returns a pointer to some 816 * static data and let the loading application and loaded ENGINE compare 817 * their respective values. 818 */ 819void *ENGINE_get_static_state(void); 820 821# if defined(__OpenBSD__) || defined(__FreeBSD__) 822void ENGINE_setup_bsd_cryptodev(void); 823# endif 824 825/* BEGIN ERROR CODES */ 826/* 827 * The following lines are auto generated by the script mkerr.pl. Any changes 828 * made after this point may be overwritten when the script is next run. 829 */ 830void ERR_load_ENGINE_strings(void); 831 832/* Error codes for the ENGINE functions. */ 833 834/* Function codes. */ 835# define ENGINE_F_DYNAMIC_CTRL 180 836# define ENGINE_F_DYNAMIC_GET_DATA_CTX 181 837# define ENGINE_F_DYNAMIC_LOAD 182 838# define ENGINE_F_DYNAMIC_SET_DATA_CTX 183 839# define ENGINE_F_ENGINE_ADD 105 840# define ENGINE_F_ENGINE_BY_ID 106 841# define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE 170 842# define ENGINE_F_ENGINE_CTRL 142 843# define ENGINE_F_ENGINE_CTRL_CMD 178 844# define ENGINE_F_ENGINE_CTRL_CMD_STRING 171 845# define ENGINE_F_ENGINE_FINISH 107 846# define ENGINE_F_ENGINE_FREE_UTIL 108 847# define ENGINE_F_ENGINE_GET_CIPHER 185 848# define ENGINE_F_ENGINE_GET_DEFAULT_TYPE 177 849# define ENGINE_F_ENGINE_GET_DIGEST 186 850# define ENGINE_F_ENGINE_GET_NEXT 115 851# define ENGINE_F_ENGINE_GET_PREV 116 852# define ENGINE_F_ENGINE_INIT 119 853# define ENGINE_F_ENGINE_LIST_ADD 120 854# define ENGINE_F_ENGINE_LIST_REMOVE 121 855# define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150 856# define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151 857# define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 192 858# define ENGINE_F_ENGINE_NEW 122 859# define ENGINE_F_ENGINE_REMOVE 123 860# define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189 861# define ENGINE_F_ENGINE_SET_DEFAULT_TYPE 126 862# define ENGINE_F_ENGINE_SET_ID 129 863# define ENGINE_F_ENGINE_SET_NAME 130 864# define ENGINE_F_ENGINE_TABLE_REGISTER 184 865# define ENGINE_F_ENGINE_UNLOAD_KEY 152 866# define ENGINE_F_ENGINE_UNLOCKED_FINISH 191 867# define ENGINE_F_ENGINE_UP_REF 190 868# define ENGINE_F_INT_CTRL_HELPER 172 869# define ENGINE_F_INT_ENGINE_CONFIGURE 188 870# define ENGINE_F_INT_ENGINE_MODULE_INIT 187 871# define ENGINE_F_LOG_MESSAGE 141 872 873/* Reason codes. */ 874# define ENGINE_R_ALREADY_LOADED 100 875# define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER 133 876# define ENGINE_R_CMD_NOT_EXECUTABLE 134 877# define ENGINE_R_COMMAND_TAKES_INPUT 135 878# define ENGINE_R_COMMAND_TAKES_NO_INPUT 136 879# define ENGINE_R_CONFLICTING_ENGINE_ID 103 880# define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119 881# define ENGINE_R_DH_NOT_IMPLEMENTED 139 882# define ENGINE_R_DSA_NOT_IMPLEMENTED 140 883# define ENGINE_R_DSO_FAILURE 104 884# define ENGINE_R_DSO_NOT_FOUND 132 885# define ENGINE_R_ENGINES_SECTION_ERROR 148 886# define ENGINE_R_ENGINE_CONFIGURATION_ERROR 101 887# define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105 888# define ENGINE_R_ENGINE_SECTION_ERROR 149 889# define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128 890# define ENGINE_R_FAILED_LOADING_PUBLIC_KEY 129 891# define ENGINE_R_FINISH_FAILED 106 892# define ENGINE_R_GET_HANDLE_FAILED 107 893# define ENGINE_R_ID_OR_NAME_MISSING 108 894# define ENGINE_R_INIT_FAILED 109 895# define ENGINE_R_INTERNAL_LIST_ERROR 110 896# define ENGINE_R_INVALID_ARGUMENT 143 897# define ENGINE_R_INVALID_CMD_NAME 137 898# define ENGINE_R_INVALID_CMD_NUMBER 138 899# define ENGINE_R_INVALID_INIT_VALUE 151 900# define ENGINE_R_INVALID_STRING 150 901# define ENGINE_R_NOT_INITIALISED 117 902# define ENGINE_R_NOT_LOADED 112 903# define ENGINE_R_NO_CONTROL_FUNCTION 120 904# define ENGINE_R_NO_INDEX 144 905# define ENGINE_R_NO_LOAD_FUNCTION 125 906# define ENGINE_R_NO_REFERENCE 130 907# define ENGINE_R_NO_SUCH_ENGINE 116 908# define ENGINE_R_NO_UNLOAD_FUNCTION 126 909# define ENGINE_R_PROVIDE_PARAMETERS 113 910# define ENGINE_R_RSA_NOT_IMPLEMENTED 141 911# define ENGINE_R_UNIMPLEMENTED_CIPHER 146 912# define ENGINE_R_UNIMPLEMENTED_DIGEST 147 913# define ENGINE_R_VERSION_INCOMPATIBILITY 145 914 915#ifdef __cplusplus 916} 917#endif 918#endif 919