[pkg-opensc-commit] [pkcs11-helper] 102/253: Allow several engines to co-exist, so application may select its favorite.

Eric Dorland eric at moszumanska.debian.org
Fri Jan 6 23:39:09 UTC 2017


This is an automated email from the git hooks/post-receive script.

eric pushed a commit to branch master
in repository pkcs11-helper.

commit 2d6654da931e576125e54f7a9072ad6f845e1dc5
Author: Alon Bar-Lev <alon.barlev at gmail.com>
Date:   Mon May 14 17:31:14 2007 +0000

    Allow several engines to co-exist, so application may select its
      favorite.
---
 ChangeLog                                   |   3 +
 INSTALL                                     |  19 ++---
 configure.ac                                | 104 ++++++++++++++++------------
 include/pkcs11-helper-1.0/pkcs11h-core.h    |  20 +++---
 include/pkcs11-helper-1.0/pkcs11h-engines.h |  17 +++++
 lib/pkcs11h-core.c                          |  12 ++--
 lib/pkcs11h-crypto.c                        |  69 +++++++++++++++---
 7 files changed, 165 insertions(+), 79 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 2a2e74f..7acff5a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -20,6 +20,9 @@ $Id$
 * Fixup compilation error when using GnuTLS only environment, thank to
   Simon Josefsson.
 
+* Allow several engines to co-exist, so application may select its
+  favorite.
+
 2007-10-05 - Version 1.02
 
 * Switch to free implementation of PKCS#11 headers.
diff --git a/INSTALL b/INSTALL
index cc3dbdb..593e10d 100644
--- a/INSTALL
+++ b/INSTALL
@@ -31,9 +31,14 @@ Cross-MinGW32
 		w32root=/tmp/w32root
 
 		Without openssl engine:
-			./configure --prefix=/ --host=mingw32 --disable-openssl
+			./configure \
+				--prefix=/ --host=mingw32 \
+				--disable-openssl \
+				--disable-crypto-engine-openssl \
+				--disable-crypto-engine-gnutls
 		With openssl engine:
 			./configure --prefix=/ --host=mingw32 \
+				--disable-crypto-engine-gnutls \
 				PKG_CONFIG=true \
 				OPENSSL_CFLAGS="-I${w32root}/include" \
 				OPENSSL_LIBS="-L${w32root}/lib -lcrypto"
@@ -52,17 +57,7 @@ Native-Cygwin
 		Same as Cross-MinGW32
 
 	Build:
-		w32root=/tmp/w32root
-
-		Without openssl engine:
-			./configure --prefix=/ --with-cygwin-native --disable-openssl
-		With openssl engine:
-			./configure --prefix=/ --with-cygwin-native \
-				PKG_CONFIG=true \
-				OPENSSL_CFLAGS="-I${w32root}/include" \
-				OPENSSL_LIBS="-L${w32root}/lib -lcrypto"
-		make
-		make install DESTDIR=${w32root}
+		Same as Cross-MinGW32, replace --host=mingw32 with --with-cygwin-native.
 
 Visual Studio
 	Dependencies:
diff --git a/configure.ac b/configure.ac
index a3ed819..4d13c6b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -150,28 +150,28 @@ AC_ARG_ENABLE([pedantic],
 	[enable_pedantic="no"]
 )
 
-AC_ARG_WITH([apidocdir],
-	[  --with-apidocdir                  Put API documents at this directory, default HTMLDIR\api],
-	[apidocdir="${with_apidocdir}"],
-	[apidocdir="\$(htmldir)/api"]
+AC_ARG_ENABLE([crypto-engine-openssl],
+	[  --disable-crypto-engine-openssl   Disable OpenSSL crypto engine],
+	,
+	[enable_crypto_engine_openssl="yes"]
 )
 
-AC_ARG_WITH([crypto-engine-openssl],
-	[  --without-crypto-engine-openssl   Disable OpenSSL crypto engine],
+AC_ARG_ENABLE([crypto-engine-gnutls],
+	[  --disable-crypto-engine-gnutls    Disable GnuTLS crypto engine],
 	,
-	[with_crypto_engine_openssl="yes"]
+	[enable_crypto_engine_gnutls="yes"]
 )
 
-AC_ARG_WITH([crypto-engine-gnutls],
-	[  --without-crypto-engine-gnutls    Disable GNUTLS crypto engine (OpenSSL will be used if both enabled)],
+AC_ARG_ENABLE([crypto-engine-win32],
+	[  --disable-crypto-engine-win32     Disable win32 native crypto engine on win32 systems],
 	,
-	[with_crypto_engine_gnutls="yes"]
+	[enable_crypto_engine_win32="yes"]
 )
 
-AC_ARG_WITH([crypto-engine-win32],
-	[  --without-crypto-engine-win32     Disable win32 native crypto engine on win32 systems],
-	,
-	[with_crypto_engine_win32="yes"]
+AC_ARG_WITH([apidocdir],
+	[  --with-apidocdir                  Put API documents at this directory, default HTMLDIR\api],
+	[apidocdir="${with_apidocdir}"],
+	[apidocdir="\$(htmldir)/api"]
 )
 
 AC_ARG_WITH([mem-check],
@@ -228,36 +228,56 @@ fi
 
 PKG_CHECK_MODULES([GNUTLS], [gnutls >= 1.4], [have_gnutls="yes"], [have_gnutls="no"])
 
-AC_MSG_CHECKING([cryptographic library to use])
-
-if test "${with_crypto_engine_openssl}" = "yes" -a "${have_openssl}" != "yes"; then
-	with_crypto_engine_openssl="no"
+AC_MSG_CHECKING([OpenSSL interface])
+if test "${enable_openssl}" = "yes"; then
+	if test "${have_openssl}" != "yes"; then
+		AC_MSG_ERROR([OpenSSL enabled but cannot be found])
+	fi
+	AC_MSG_RESULT([yes])
+	CFLAGS="${CFLAGS} ${OPENSSL_CFLAGS}"
+	LIBS="${LIBS} ${OPENSSL_LIBS}"
+else
+	AC_MSG_RESULT([no])
 fi
 
-if test "${with_crypto_engine_gnutls}" = "yes" -a "${have_gnutls}" != "yes"; then
-	with_crypto_engine_gnutls="no"
+AC_MSG_CHECKING([Win32 crypto engine])
+if test "${WIN32}" = "yes" -a "${enable_crypto_engine_win32}" = "yes"; then
+	AC_MSG_RESULT([yes])
+	AC_DEFINE([ENABLE_PKCS11H_ENGINE_WIN32], [1], [Use win32 crypto engine])
+else
+	AC_MSG_RESULT([no])
 fi
 
-if test "${WIN32}" = "yes" -a "${with_crypto_engine_win32}" = "yes"; then
-	AC_MSG_RESULT([Using win32])
-	AC_DEFINE([ENABLE_PKCS11H_ENGINE_WIN32], [1], [Use win32 crypto engine])
+AC_MSG_CHECKING([OpenSSL crypto engine])
+if test "${enable_crypto_engine_openssl}" = "yes"; then
+	if test "${have_openssl}" = "yes"; then
+		AC_MSG_RESULT([yes])
+		AC_DEFINE([ENABLE_PKCS11H_ENGINE_OPENSSL], [1], [Use OpenSSL crypto engine])
 
-	if test "${enable_openssl}" = "yes"; then
-		CFLAGS="${CFLAGS} ${OPENSSL_CFLAGS}"
-		LIBS="${LIBS} ${OPENSSL_LIBS}"
+		# don't add this twice
+		if test "${enable_openssl}" != "yes"; then
+			CFLAGS="${CFLAGS} ${OPENSSL_CFLAGS}"
+			LIBS="${LIBS} ${OPENSSL_LIBS}"
+		fi
+	else
+		AC_MSG_RESULT([no])
 	fi
-elif test "${with_crypto_engine_openssl}" = "yes"; then
-	AC_MSG_RESULT([Using OpenSSL])
-	AC_DEFINE([ENABLE_PKCS11H_ENGINE_OPENSSL], [1], [Use OpenSSL crypto engine])
-	CFLAGS="${CFLAGS} ${OPENSSL_CFLAGS}"
-	LIBS="${LIBS} ${OPENSSL_LIBS}"
-elif test "${with_crypto_engine_gnutls}" = "yes"; then
-	AC_MSG_RESULT([Using GNUTLS])
-	AC_DEFINE([ENABLE_PKCS11H_ENGINE_GNUTLS], [1], [Use GNUTLS crypto engine])
-	CFLAGS="${CFLAGS} ${GNUTLS_CFLAGS}"
-	LIBS="${LIBS} ${GNUTLS_LIBS}"
 else
-	AC_MSG_RESULT([No engine selected.])
+	AC_MSG_RESULT([no])
+fi
+
+AC_MSG_CHECKING([GnuTLS crypto engine])
+if test "${enable_crypto_engine_gnutls}" = "yes"; then
+	if test "${have_gnutls}" = "yes"; then
+		AC_MSG_RESULT([yes])
+		AC_DEFINE([ENABLE_PKCS11H_ENGINE_GNUTLS], [1], [Use GNUTLS crypto engine])
+		CFLAGS="${CFLAGS} ${GNUTLS_CFLAGS}"
+		LIBS="${LIBS} ${GNUTLS_LIBS}"
+	else
+		AC_MSG_RESULT([no])
+	fi
+else
+	AC_MSG_RESULT([no])
 fi
 
 # Checks for header files.
@@ -319,10 +339,6 @@ if test "${enable_threading}" != "yes" -a "${enable_slotevent}" = "yes"; then
 	AC_MSG_ERROR([Threading must be enabled for slotevent to be enabled])
 fi
 
-if test "${enable_openssl}" = "yes" -a "${with_crypto_engine_openssl}" != "yes"; then
-	AC_MSG_ERROR([OpenSSL must be linked for OpenSSL interface to operate])
-fi
-
 if test "${enable_openssl}" = "yes" -a "${enable_certificate}" != "yes"; then
 	AC_MSG_ERROR([OpenSSL interface requires certificate interface])
 fi
@@ -356,9 +372,9 @@ if test "${enable_openssl}" = "yes"; then
 	PKCS11H_FEATURES="${PKCS11H_FEATURES} openssl"
 fi
 if test \
-	"${with_crypto_engine_openssl}" = "yes" -o \
-	"${with_crypto_engine_gnutls}" = "yes" -o \
-	"${with_crypto_engine_win32}" = "yes"; then
+	"${enable_crypto_engine_openssl}" = "yes" -o \
+	"${enable_crypto_engine_gnutls}" = "yes" -o \
+	"${enable_crypto_engine_win32}" = "yes"; then
 	PKCS11H_FEATURES="${PKCS11H_FEATURES} engine_crypto"
 fi
 
diff --git a/include/pkcs11-helper-1.0/pkcs11h-core.h b/include/pkcs11-helper-1.0/pkcs11h-core.h
index de0b8e4..efcb54a 100644
--- a/include/pkcs11-helper-1.0/pkcs11h-core.h
+++ b/include/pkcs11-helper-1.0/pkcs11h-core.h
@@ -140,23 +140,25 @@ extern "C" {
  * @{
  */
 /** Engine OpenSSL is enabled. */
-#define PKCS11H_FEATURE_MASK_ENGINE_OPENSSL	(1<< 0)
+#define PKCS11H_FEATURE_MASK_ENGINE_CRYPTO_OPENSSL	(1<< 0)
 /** Engine GNUTLS is enabled. */
-#define PKCS11H_FEATURE_MASK_ENGINE_GNUTLS	(1<< 1)
+#define PKCS11H_FEATURE_MASK_ENGINE_CRYPTO_GNUTLS	(1<< 1)
+/** Engine GNUTLS is enabled. */
+#define PKCS11H_FEATURE_MASK_ENGINE_CRYPTO_WIN32	(1<< 2)
 /** Debugging (logging) is enabled. */
-#define PKCS11H_FEATURE_MASK_DEBUG		(1<< 2)
+#define PKCS11H_FEATURE_MASK_DEBUG			(1<< 3)
 /** Threading support is enabled. */
-#define PKCS11H_FEATURE_MASK_THREADING		(1<< 3)
+#define PKCS11H_FEATURE_MASK_THREADING			(1<< 4)
 /** Token interface is enabled. */
-#define PKCS11H_FEATURE_MASK_TOKEN		(1<< 4)
+#define PKCS11H_FEATURE_MASK_TOKEN			(1<< 5)
 /** Data interface is enabled. */
-#define PKCS11H_FEATURE_MASK_DATA		(1<< 5)
+#define PKCS11H_FEATURE_MASK_DATA			(1<< 6)
 /** Certificate interface is enabled, */
-#define PKCS11H_FEATURE_MASK_CERTIFICATE	(1<< 6)
+#define PKCS11H_FEATURE_MASK_CERTIFICATE		(1<< 7)
 /** Slotevent interface is enabled. */
-#define PKCS11H_FEATURE_MASK_SLOTEVENT		(1<< 7)
+#define PKCS11H_FEATURE_MASK_SLOTEVENT			(1<< 8)
 /** OpenSSL interface is enabled. */
-#define PKCS11H_FEATURE_MASK_OPENSSL		(1<< 8)
+#define PKCS11H_FEATURE_MASK_OPENSSL			(1<< 9)
 /** @} */
 
 /**
diff --git a/include/pkcs11-helper-1.0/pkcs11h-engines.h b/include/pkcs11-helper-1.0/pkcs11h-engines.h
index ed35f82..5960ce9 100644
--- a/include/pkcs11-helper-1.0/pkcs11h-engines.h
+++ b/include/pkcs11-helper-1.0/pkcs11h-engines.h
@@ -193,6 +193,22 @@ typedef struct pkcs11h_crypto_engine_s {
 } pkcs11h_engine_crypto_t;
 
 /**
+ * @brief pkcs11-helper built-in engines.
+ * @addtogroup PKCS11H_ENGINE_CRYPTO
+ * @see pkcs11h_engine_setCrypto().
+ * @{
+ */
+/** Auto select. */
+#define PKCS11H_ENGINE_CRYPTO_AUTO	((pkcs11h_engine_crypto_t *)0)
+/** Select OpenSSL. */
+#define PKCS11H_ENGINE_CRYPTO_OPENSSL	((pkcs11h_engine_crypto_t *)1)
+/** Select GnuTLS. */
+#define PKCS11H_ENGINE_CRYPTO_GNUTLS	((pkcs11h_engine_crypto_t *)2)
+/** Select Win32. */
+#define PKCS11H_ENGINE_CRYPTO_WIN32	((pkcs11h_engine_crypto_t *)3)
+/** @} */
+
+/**
  * @brief Set system engine to be used.
  * @param engine	Engine to use.
  * @return CK_RV.
@@ -210,6 +226,7 @@ pkcs11h_engine_setSystem (
  * @return CK_RV.
  * @note Must be called before pkcs11h_initialize.
  * @note Default is provided at configuration time.
+ * @see PKCS11H_ENGINE_CRYPTO
  */
 CK_RV
 pkcs11h_engine_setCrypto (
diff --git a/lib/pkcs11h-core.c b/lib/pkcs11h-core.c
index efbcab4..9f55852 100644
--- a/lib/pkcs11h-core.c
+++ b/lib/pkcs11h-core.c
@@ -234,10 +234,13 @@ unsigned int
 pkcs11h_getFeatures (void) {
 	unsigned int features = (
 #if defined(ENABLE_PKCS11H_ENGINE_OPENSSL)
-		PKCS11H_FEATURE_MASK_ENGINE_OPENSSL |
+		PKCS11H_FEATURE_MASK_ENGINE_CRYPTO_OPENSSL |
 #endif
 #if defined(ENABLE_PKCS11H_ENGINE_GNUTLS)
-		PKCS11H_FEATURE_MASK_ENGINE_GNUTLS |
+		PKCS11H_FEATURE_MASK_ENGINE_CRYPTO_GNUTLS |
+#endif
+#if defined(ENABLE_PKCS11H_ENGINE_WIN32)
+		PKCS11H_FEATURE_MASK_ENGINE_CRYPTO_WIN32 |
 #endif
 #if defined(ENABLE_PKCS11H_DEBUG)
 		PKCS11H_FEATURE_MASK_DEBUG |
@@ -288,8 +291,9 @@ pkcs11h_initialize (void) {
 	}
 
 	if (_g_pkcs11h_crypto_engine.initialize == NULL) {
-		rv = CKR_FUNCTION_FAILED;
-		goto cleanup;
+		if ((rv = pkcs11h_engine_setCrypto (PKCS11H_ENGINE_CRYPTO_AUTO)) != CKR_OK) {
+			goto cleanup;
+		}
 	}
 
 	if (!_g_pkcs11h_crypto_engine.initialize (_g_pkcs11h_crypto_engine.global_data)) {
diff --git a/lib/pkcs11h-crypto.c b/lib/pkcs11h-crypto.c
index 4c241fd..267d789 100644
--- a/lib/pkcs11h-crypto.c
+++ b/lib/pkcs11h-crypto.c
@@ -280,7 +280,7 @@ __pkcs11h_crypto_win32_certificate_is_issuer (
 #endif
 
 #if defined(ENABLE_PKCS11H_ENGINE_OPENSSL)
-pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine = {
+static const pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine_openssl = {
 	NULL,
 	__pkcs11h_crypto_openssl_initialize,
 	__pkcs11h_crypto_openssl_uninitialize,
@@ -288,8 +288,9 @@ pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine = {
 	__pkcs11h_crypto_openssl_certificate_get_dn,
 	__pkcs11h_crypto_openssl_certificate_is_issuer
 };
-#elif defined(ENABLE_PKCS11H_ENGINE_GNUTLS)
-pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine = {
+#endif
+#if defined(ENABLE_PKCS11H_ENGINE_GNUTLS)
+static const pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine_gnutls = {
 	NULL,
 	__pkcs11h_crypto_gnutls_initialize,
 	__pkcs11h_crypto_gnutls_uninitialize,
@@ -297,9 +298,10 @@ pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine = {
 	__pkcs11h_crypto_gnutls_certificate_get_dn,
 	__pkcs11h_crypto_gnutls_certificate_is_issuer
 };
-#elif defined(ENABLE_PKCS11H_ENGINE_WIN32)
+#endif
+#if defined(ENABLE_PKCS11H_ENGINE_WIN32)
 static struct __crypto_win32_data_s s_win32_data = { NULL };
-pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine = {
+static const pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine_win32 = {
 	&s_win32_data,
 	__pkcs11h_crypto_win32_initialize,
 	__pkcs11h_crypto_win32_uninitialize,
@@ -307,7 +309,8 @@ pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine = {
 	__pkcs11h_crypto_win32_certificate_get_dn,
 	__pkcs11h_crypto_win32_certificate_is_issuer
 };
-#else
+#endif
+
 pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine = {
 	NULL,
 	NULL,
@@ -316,17 +319,63 @@ pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine = {
 	NULL,
 	NULL
 };
-#endif
 
 CK_RV
 pkcs11h_engine_setCrypto (
 	IN const pkcs11h_engine_crypto_t * const engine
 ) {
-	_PKCS11H_ASSERT (engine!=NULL);
+	const pkcs11h_engine_crypto_t *_engine = NULL;
+	CK_RV rv = CKR_FUNCTION_FAILED;
+
+	/*_PKCS11H_ASSERT (engine!=NULL); Not required */
+
+	if (engine == PKCS11H_ENGINE_CRYPTO_AUTO) {
+#if defined(ENABLE_PKCS11H_ENGINE_WIN32)
+		_engine = &_g_pkcs11h_crypto_engine_win32;
+#elif defined(ENABLE_PKCS11H_ENGINE_OPENSSL)
+		_engine = &_g_pkcs11h_crypto_engine_openssl;
+#elif defined(ENABLE_PKCS11H_ENGINE_GNUTLS)
+		_engine = &_g_pkcs11h_crypto_engine_gnutls;
+#else
+		rv = CKR_FUNCTION_FAILED;
+		goto cleanup;
+#endif
+	}
+	else if (engine == PKCS11H_ENGINE_CRYPTO_WIN32) {
+#if defined(ENABLE_PKCS11H_ENGINE_WIN32)
+		_engine = &_g_pkcs11h_crypto_engine_win32;
+#else
+		rv = CKR_FUNCTION_FAILED;
+		goto cleanup;
+#endif
+	}
+	else if (engine == PKCS11H_ENGINE_CRYPTO_OPENSSL) {
+#if defined(ENABLE_PKCS11H_ENGINE_OPENSSL)
+		_engine = &_g_pkcs11h_crypto_engine_openssl;
+#else
+		rv = CKR_FUNCTION_FAILED;
+		goto cleanup;
+#endif
+	}
+	else if (engine == PKCS11H_ENGINE_CRYPTO_GNUTLS) {
+#if defined(ENABLE_PKCS11H_ENGINE_GNUTLS)
+		_engine = &_g_pkcs11h_crypto_engine_gnutls;
+#else
+		rv = CKR_FUNCTION_FAILED;
+		goto cleanup;
+#endif
+	}
+	else {
+		_engine = engine;
+	}
+
+	memmove (&_g_pkcs11h_crypto_engine, _engine, sizeof (pkcs11h_engine_crypto_t));
 
-	memmove (&_g_pkcs11h_crypto_engine, engine, sizeof (pkcs11h_engine_crypto_t));
+	rv = CKR_OK;
+
+cleanup:
 
-	return CKR_OK;
+	return rv;
 }
 
 #if defined(ENABLE_PKCS11H_ENGINE_OPENSSL)

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/pkcs11-helper.git



More information about the pkg-opensc-commit mailing list