[pkg-opensc-commit] [pkcs11-helper] 43/53: Allow several engines to co-exist, so application may select its favorite.
Eric Dorland
eric at moszumanska.debian.org
Fri Jan 6 23:39:54 UTC 2017
This is an automated email from the git hooks/post-receive script.
eric pushed a commit to tag pkcs11-helper-1.03
in repository pkcs11-helper.
commit 1de70d3f15cb1a93fbbe10639a6a52d6d313f3d3
Author: alonbl <alonbl at 485eb718-1723-0410-b8a9-88cf21a28c35>
Date: Mon May 14 17:31:14 2007 +0000
Allow several engines to co-exist, so application may select its
favorite.
---
ChangeLog | 3 +
INSTALL | 19 ++---
configure.ac | 104 ++++++++++++++++------------
include/pkcs11-helper-1.0/pkcs11h-core.h | 20 +++---
include/pkcs11-helper-1.0/pkcs11h-engines.h | 17 +++++
lib/pkcs11h-core.c | 12 ++--
lib/pkcs11h-crypto.c | 69 +++++++++++++++---
7 files changed, 165 insertions(+), 79 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 2a2e74f..7acff5a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -20,6 +20,9 @@ $Id$
* Fixup compilation error when using GnuTLS only environment, thank to
Simon Josefsson.
+* Allow several engines to co-exist, so application may select its
+ favorite.
+
2007-10-05 - Version 1.02
* Switch to free implementation of PKCS#11 headers.
diff --git a/INSTALL b/INSTALL
index cc3dbdb..593e10d 100644
--- a/INSTALL
+++ b/INSTALL
@@ -31,9 +31,14 @@ Cross-MinGW32
w32root=/tmp/w32root
Without openssl engine:
- ./configure --prefix=/ --host=mingw32 --disable-openssl
+ ./configure \
+ --prefix=/ --host=mingw32 \
+ --disable-openssl \
+ --disable-crypto-engine-openssl \
+ --disable-crypto-engine-gnutls
With openssl engine:
./configure --prefix=/ --host=mingw32 \
+ --disable-crypto-engine-gnutls \
PKG_CONFIG=true \
OPENSSL_CFLAGS="-I${w32root}/include" \
OPENSSL_LIBS="-L${w32root}/lib -lcrypto"
@@ -52,17 +57,7 @@ Native-Cygwin
Same as Cross-MinGW32
Build:
- w32root=/tmp/w32root
-
- Without openssl engine:
- ./configure --prefix=/ --with-cygwin-native --disable-openssl
- With openssl engine:
- ./configure --prefix=/ --with-cygwin-native \
- PKG_CONFIG=true \
- OPENSSL_CFLAGS="-I${w32root}/include" \
- OPENSSL_LIBS="-L${w32root}/lib -lcrypto"
- make
- make install DESTDIR=${w32root}
+ Same as Cross-MinGW32, replace --host=mingw32 with --with-cygwin-native.
Visual Studio
Dependencies:
diff --git a/configure.ac b/configure.ac
index a3ed819..4d13c6b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -150,28 +150,28 @@ AC_ARG_ENABLE([pedantic],
[enable_pedantic="no"]
)
-AC_ARG_WITH([apidocdir],
- [ --with-apidocdir Put API documents at this directory, default HTMLDIR\api],
- [apidocdir="${with_apidocdir}"],
- [apidocdir="\$(htmldir)/api"]
+AC_ARG_ENABLE([crypto-engine-openssl],
+ [ --disable-crypto-engine-openssl Disable OpenSSL crypto engine],
+ ,
+ [enable_crypto_engine_openssl="yes"]
)
-AC_ARG_WITH([crypto-engine-openssl],
- [ --without-crypto-engine-openssl Disable OpenSSL crypto engine],
+AC_ARG_ENABLE([crypto-engine-gnutls],
+ [ --disable-crypto-engine-gnutls Disable GnuTLS crypto engine],
,
- [with_crypto_engine_openssl="yes"]
+ [enable_crypto_engine_gnutls="yes"]
)
-AC_ARG_WITH([crypto-engine-gnutls],
- [ --without-crypto-engine-gnutls Disable GNUTLS crypto engine (OpenSSL will be used if both enabled)],
+AC_ARG_ENABLE([crypto-engine-win32],
+ [ --disable-crypto-engine-win32 Disable win32 native crypto engine on win32 systems],
,
- [with_crypto_engine_gnutls="yes"]
+ [enable_crypto_engine_win32="yes"]
)
-AC_ARG_WITH([crypto-engine-win32],
- [ --without-crypto-engine-win32 Disable win32 native crypto engine on win32 systems],
- ,
- [with_crypto_engine_win32="yes"]
+AC_ARG_WITH([apidocdir],
+ [ --with-apidocdir Put API documents at this directory, default HTMLDIR\api],
+ [apidocdir="${with_apidocdir}"],
+ [apidocdir="\$(htmldir)/api"]
)
AC_ARG_WITH([mem-check],
@@ -228,36 +228,56 @@ fi
PKG_CHECK_MODULES([GNUTLS], [gnutls >= 1.4], [have_gnutls="yes"], [have_gnutls="no"])
-AC_MSG_CHECKING([cryptographic library to use])
-
-if test "${with_crypto_engine_openssl}" = "yes" -a "${have_openssl}" != "yes"; then
- with_crypto_engine_openssl="no"
+AC_MSG_CHECKING([OpenSSL interface])
+if test "${enable_openssl}" = "yes"; then
+ if test "${have_openssl}" != "yes"; then
+ AC_MSG_ERROR([OpenSSL enabled but cannot be found])
+ fi
+ AC_MSG_RESULT([yes])
+ CFLAGS="${CFLAGS} ${OPENSSL_CFLAGS}"
+ LIBS="${LIBS} ${OPENSSL_LIBS}"
+else
+ AC_MSG_RESULT([no])
fi
-if test "${with_crypto_engine_gnutls}" = "yes" -a "${have_gnutls}" != "yes"; then
- with_crypto_engine_gnutls="no"
+AC_MSG_CHECKING([Win32 crypto engine])
+if test "${WIN32}" = "yes" -a "${enable_crypto_engine_win32}" = "yes"; then
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([ENABLE_PKCS11H_ENGINE_WIN32], [1], [Use win32 crypto engine])
+else
+ AC_MSG_RESULT([no])
fi
-if test "${WIN32}" = "yes" -a "${with_crypto_engine_win32}" = "yes"; then
- AC_MSG_RESULT([Using win32])
- AC_DEFINE([ENABLE_PKCS11H_ENGINE_WIN32], [1], [Use win32 crypto engine])
+AC_MSG_CHECKING([OpenSSL crypto engine])
+if test "${enable_crypto_engine_openssl}" = "yes"; then
+ if test "${have_openssl}" = "yes"; then
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([ENABLE_PKCS11H_ENGINE_OPENSSL], [1], [Use OpenSSL crypto engine])
- if test "${enable_openssl}" = "yes"; then
- CFLAGS="${CFLAGS} ${OPENSSL_CFLAGS}"
- LIBS="${LIBS} ${OPENSSL_LIBS}"
+ # don't add this twice
+ if test "${enable_openssl}" != "yes"; then
+ CFLAGS="${CFLAGS} ${OPENSSL_CFLAGS}"
+ LIBS="${LIBS} ${OPENSSL_LIBS}"
+ fi
+ else
+ AC_MSG_RESULT([no])
fi
-elif test "${with_crypto_engine_openssl}" = "yes"; then
- AC_MSG_RESULT([Using OpenSSL])
- AC_DEFINE([ENABLE_PKCS11H_ENGINE_OPENSSL], [1], [Use OpenSSL crypto engine])
- CFLAGS="${CFLAGS} ${OPENSSL_CFLAGS}"
- LIBS="${LIBS} ${OPENSSL_LIBS}"
-elif test "${with_crypto_engine_gnutls}" = "yes"; then
- AC_MSG_RESULT([Using GNUTLS])
- AC_DEFINE([ENABLE_PKCS11H_ENGINE_GNUTLS], [1], [Use GNUTLS crypto engine])
- CFLAGS="${CFLAGS} ${GNUTLS_CFLAGS}"
- LIBS="${LIBS} ${GNUTLS_LIBS}"
else
- AC_MSG_RESULT([No engine selected.])
+ AC_MSG_RESULT([no])
+fi
+
+AC_MSG_CHECKING([GnuTLS crypto engine])
+if test "${enable_crypto_engine_gnutls}" = "yes"; then
+ if test "${have_gnutls}" = "yes"; then
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([ENABLE_PKCS11H_ENGINE_GNUTLS], [1], [Use GNUTLS crypto engine])
+ CFLAGS="${CFLAGS} ${GNUTLS_CFLAGS}"
+ LIBS="${LIBS} ${GNUTLS_LIBS}"
+ else
+ AC_MSG_RESULT([no])
+ fi
+else
+ AC_MSG_RESULT([no])
fi
# Checks for header files.
@@ -319,10 +339,6 @@ if test "${enable_threading}" != "yes" -a "${enable_slotevent}" = "yes"; then
AC_MSG_ERROR([Threading must be enabled for slotevent to be enabled])
fi
-if test "${enable_openssl}" = "yes" -a "${with_crypto_engine_openssl}" != "yes"; then
- AC_MSG_ERROR([OpenSSL must be linked for OpenSSL interface to operate])
-fi
-
if test "${enable_openssl}" = "yes" -a "${enable_certificate}" != "yes"; then
AC_MSG_ERROR([OpenSSL interface requires certificate interface])
fi
@@ -356,9 +372,9 @@ if test "${enable_openssl}" = "yes"; then
PKCS11H_FEATURES="${PKCS11H_FEATURES} openssl"
fi
if test \
- "${with_crypto_engine_openssl}" = "yes" -o \
- "${with_crypto_engine_gnutls}" = "yes" -o \
- "${with_crypto_engine_win32}" = "yes"; then
+ "${enable_crypto_engine_openssl}" = "yes" -o \
+ "${enable_crypto_engine_gnutls}" = "yes" -o \
+ "${enable_crypto_engine_win32}" = "yes"; then
PKCS11H_FEATURES="${PKCS11H_FEATURES} engine_crypto"
fi
diff --git a/include/pkcs11-helper-1.0/pkcs11h-core.h b/include/pkcs11-helper-1.0/pkcs11h-core.h
index de0b8e4..efcb54a 100644
--- a/include/pkcs11-helper-1.0/pkcs11h-core.h
+++ b/include/pkcs11-helper-1.0/pkcs11h-core.h
@@ -140,23 +140,25 @@ extern "C" {
* @{
*/
/** Engine OpenSSL is enabled. */
-#define PKCS11H_FEATURE_MASK_ENGINE_OPENSSL (1<< 0)
+#define PKCS11H_FEATURE_MASK_ENGINE_CRYPTO_OPENSSL (1<< 0)
/** Engine GNUTLS is enabled. */
-#define PKCS11H_FEATURE_MASK_ENGINE_GNUTLS (1<< 1)
+#define PKCS11H_FEATURE_MASK_ENGINE_CRYPTO_GNUTLS (1<< 1)
+/** Engine GNUTLS is enabled. */
+#define PKCS11H_FEATURE_MASK_ENGINE_CRYPTO_WIN32 (1<< 2)
/** Debugging (logging) is enabled. */
-#define PKCS11H_FEATURE_MASK_DEBUG (1<< 2)
+#define PKCS11H_FEATURE_MASK_DEBUG (1<< 3)
/** Threading support is enabled. */
-#define PKCS11H_FEATURE_MASK_THREADING (1<< 3)
+#define PKCS11H_FEATURE_MASK_THREADING (1<< 4)
/** Token interface is enabled. */
-#define PKCS11H_FEATURE_MASK_TOKEN (1<< 4)
+#define PKCS11H_FEATURE_MASK_TOKEN (1<< 5)
/** Data interface is enabled. */
-#define PKCS11H_FEATURE_MASK_DATA (1<< 5)
+#define PKCS11H_FEATURE_MASK_DATA (1<< 6)
/** Certificate interface is enabled, */
-#define PKCS11H_FEATURE_MASK_CERTIFICATE (1<< 6)
+#define PKCS11H_FEATURE_MASK_CERTIFICATE (1<< 7)
/** Slotevent interface is enabled. */
-#define PKCS11H_FEATURE_MASK_SLOTEVENT (1<< 7)
+#define PKCS11H_FEATURE_MASK_SLOTEVENT (1<< 8)
/** OpenSSL interface is enabled. */
-#define PKCS11H_FEATURE_MASK_OPENSSL (1<< 8)
+#define PKCS11H_FEATURE_MASK_OPENSSL (1<< 9)
/** @} */
/**
diff --git a/include/pkcs11-helper-1.0/pkcs11h-engines.h b/include/pkcs11-helper-1.0/pkcs11h-engines.h
index ed35f82..5960ce9 100644
--- a/include/pkcs11-helper-1.0/pkcs11h-engines.h
+++ b/include/pkcs11-helper-1.0/pkcs11h-engines.h
@@ -193,6 +193,22 @@ typedef struct pkcs11h_crypto_engine_s {
} pkcs11h_engine_crypto_t;
/**
+ * @brief pkcs11-helper built-in engines.
+ * @addtogroup PKCS11H_ENGINE_CRYPTO
+ * @see pkcs11h_engine_setCrypto().
+ * @{
+ */
+/** Auto select. */
+#define PKCS11H_ENGINE_CRYPTO_AUTO ((pkcs11h_engine_crypto_t *)0)
+/** Select OpenSSL. */
+#define PKCS11H_ENGINE_CRYPTO_OPENSSL ((pkcs11h_engine_crypto_t *)1)
+/** Select GnuTLS. */
+#define PKCS11H_ENGINE_CRYPTO_GNUTLS ((pkcs11h_engine_crypto_t *)2)
+/** Select Win32. */
+#define PKCS11H_ENGINE_CRYPTO_WIN32 ((pkcs11h_engine_crypto_t *)3)
+/** @} */
+
+/**
* @brief Set system engine to be used.
* @param engine Engine to use.
* @return CK_RV.
@@ -210,6 +226,7 @@ pkcs11h_engine_setSystem (
* @return CK_RV.
* @note Must be called before pkcs11h_initialize.
* @note Default is provided at configuration time.
+ * @see PKCS11H_ENGINE_CRYPTO
*/
CK_RV
pkcs11h_engine_setCrypto (
diff --git a/lib/pkcs11h-core.c b/lib/pkcs11h-core.c
index efbcab4..9f55852 100644
--- a/lib/pkcs11h-core.c
+++ b/lib/pkcs11h-core.c
@@ -234,10 +234,13 @@ unsigned int
pkcs11h_getFeatures (void) {
unsigned int features = (
#if defined(ENABLE_PKCS11H_ENGINE_OPENSSL)
- PKCS11H_FEATURE_MASK_ENGINE_OPENSSL |
+ PKCS11H_FEATURE_MASK_ENGINE_CRYPTO_OPENSSL |
#endif
#if defined(ENABLE_PKCS11H_ENGINE_GNUTLS)
- PKCS11H_FEATURE_MASK_ENGINE_GNUTLS |
+ PKCS11H_FEATURE_MASK_ENGINE_CRYPTO_GNUTLS |
+#endif
+#if defined(ENABLE_PKCS11H_ENGINE_WIN32)
+ PKCS11H_FEATURE_MASK_ENGINE_CRYPTO_WIN32 |
#endif
#if defined(ENABLE_PKCS11H_DEBUG)
PKCS11H_FEATURE_MASK_DEBUG |
@@ -288,8 +291,9 @@ pkcs11h_initialize (void) {
}
if (_g_pkcs11h_crypto_engine.initialize == NULL) {
- rv = CKR_FUNCTION_FAILED;
- goto cleanup;
+ if ((rv = pkcs11h_engine_setCrypto (PKCS11H_ENGINE_CRYPTO_AUTO)) != CKR_OK) {
+ goto cleanup;
+ }
}
if (!_g_pkcs11h_crypto_engine.initialize (_g_pkcs11h_crypto_engine.global_data)) {
diff --git a/lib/pkcs11h-crypto.c b/lib/pkcs11h-crypto.c
index 4c241fd..267d789 100644
--- a/lib/pkcs11h-crypto.c
+++ b/lib/pkcs11h-crypto.c
@@ -280,7 +280,7 @@ __pkcs11h_crypto_win32_certificate_is_issuer (
#endif
#if defined(ENABLE_PKCS11H_ENGINE_OPENSSL)
-pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine = {
+static const pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine_openssl = {
NULL,
__pkcs11h_crypto_openssl_initialize,
__pkcs11h_crypto_openssl_uninitialize,
@@ -288,8 +288,9 @@ pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine = {
__pkcs11h_crypto_openssl_certificate_get_dn,
__pkcs11h_crypto_openssl_certificate_is_issuer
};
-#elif defined(ENABLE_PKCS11H_ENGINE_GNUTLS)
-pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine = {
+#endif
+#if defined(ENABLE_PKCS11H_ENGINE_GNUTLS)
+static const pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine_gnutls = {
NULL,
__pkcs11h_crypto_gnutls_initialize,
__pkcs11h_crypto_gnutls_uninitialize,
@@ -297,9 +298,10 @@ pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine = {
__pkcs11h_crypto_gnutls_certificate_get_dn,
__pkcs11h_crypto_gnutls_certificate_is_issuer
};
-#elif defined(ENABLE_PKCS11H_ENGINE_WIN32)
+#endif
+#if defined(ENABLE_PKCS11H_ENGINE_WIN32)
static struct __crypto_win32_data_s s_win32_data = { NULL };
-pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine = {
+static const pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine_win32 = {
&s_win32_data,
__pkcs11h_crypto_win32_initialize,
__pkcs11h_crypto_win32_uninitialize,
@@ -307,7 +309,8 @@ pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine = {
__pkcs11h_crypto_win32_certificate_get_dn,
__pkcs11h_crypto_win32_certificate_is_issuer
};
-#else
+#endif
+
pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine = {
NULL,
NULL,
@@ -316,17 +319,63 @@ pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine = {
NULL,
NULL
};
-#endif
CK_RV
pkcs11h_engine_setCrypto (
IN const pkcs11h_engine_crypto_t * const engine
) {
- _PKCS11H_ASSERT (engine!=NULL);
+ const pkcs11h_engine_crypto_t *_engine = NULL;
+ CK_RV rv = CKR_FUNCTION_FAILED;
+
+ /*_PKCS11H_ASSERT (engine!=NULL); Not required */
+
+ if (engine == PKCS11H_ENGINE_CRYPTO_AUTO) {
+#if defined(ENABLE_PKCS11H_ENGINE_WIN32)
+ _engine = &_g_pkcs11h_crypto_engine_win32;
+#elif defined(ENABLE_PKCS11H_ENGINE_OPENSSL)
+ _engine = &_g_pkcs11h_crypto_engine_openssl;
+#elif defined(ENABLE_PKCS11H_ENGINE_GNUTLS)
+ _engine = &_g_pkcs11h_crypto_engine_gnutls;
+#else
+ rv = CKR_FUNCTION_FAILED;
+ goto cleanup;
+#endif
+ }
+ else if (engine == PKCS11H_ENGINE_CRYPTO_WIN32) {
+#if defined(ENABLE_PKCS11H_ENGINE_WIN32)
+ _engine = &_g_pkcs11h_crypto_engine_win32;
+#else
+ rv = CKR_FUNCTION_FAILED;
+ goto cleanup;
+#endif
+ }
+ else if (engine == PKCS11H_ENGINE_CRYPTO_OPENSSL) {
+#if defined(ENABLE_PKCS11H_ENGINE_OPENSSL)
+ _engine = &_g_pkcs11h_crypto_engine_openssl;
+#else
+ rv = CKR_FUNCTION_FAILED;
+ goto cleanup;
+#endif
+ }
+ else if (engine == PKCS11H_ENGINE_CRYPTO_GNUTLS) {
+#if defined(ENABLE_PKCS11H_ENGINE_GNUTLS)
+ _engine = &_g_pkcs11h_crypto_engine_gnutls;
+#else
+ rv = CKR_FUNCTION_FAILED;
+ goto cleanup;
+#endif
+ }
+ else {
+ _engine = engine;
+ }
+
+ memmove (&_g_pkcs11h_crypto_engine, _engine, sizeof (pkcs11h_engine_crypto_t));
- memmove (&_g_pkcs11h_crypto_engine, engine, sizeof (pkcs11h_engine_crypto_t));
+ rv = CKR_OK;
+
+cleanup:
- return CKR_OK;
+ return rv;
}
#if defined(ENABLE_PKCS11H_ENGINE_OPENSSL)
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/pkcs11-helper.git
More information about the pkg-opensc-commit
mailing list