You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apr.apache.org by mi...@apache.org on 2011/05/25 23:38:44 UTC
svn commit: r1127693 [1/2] - in /apr/apr-util/branches/1.5.x:
build/crypto.m4 crypto/apr_crypto.c crypto/apr_crypto_nss.c
crypto/apr_crypto_openssl.c include/apr_crypto.h
include/private/apr_crypto_internal.h test/testcrypto.c
Author: minfrin
Date: Wed May 25 21:38:43 2011
New Revision: 1127693
URL: http://svn.apache.org/viewvc?rev=1127693&view=rev
Log:
apr_crypto: backport the v2.0 API to apr-util v1.5.
Modified:
apr/apr-util/branches/1.5.x/build/crypto.m4
apr/apr-util/branches/1.5.x/crypto/apr_crypto.c
apr/apr-util/branches/1.5.x/crypto/apr_crypto_nss.c
apr/apr-util/branches/1.5.x/crypto/apr_crypto_openssl.c
apr/apr-util/branches/1.5.x/include/apr_crypto.h
apr/apr-util/branches/1.5.x/include/private/apr_crypto_internal.h
apr/apr-util/branches/1.5.x/test/testcrypto.c
Modified: apr/apr-util/branches/1.5.x/build/crypto.m4
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.5.x/build/crypto.m4?rev=1127693&r1=1127692&r2=1127693&view=diff
==============================================================================
--- apr/apr-util/branches/1.5.x/build/crypto.m4 (original)
+++ apr/apr-util/branches/1.5.x/build/crypto.m4 Wed May 25 21:38:43 2011
@@ -163,7 +163,7 @@ AC_DEFUN([APU_CHECK_CRYPTO_NSS], [
apu_have_nss=0
elif test "x$withval" != "x"; then
- nss_CPPFLAGS="-I$withval/include -I$withval/../public"
+ nss_CPPFLAGS="-I$withval/include/nss -I$withval/include/nss3 -I$withval/include/nspr -I$withval/include/nspr4 -I$withval/include -I$withval/../public"
nss_LDFLAGS="-L$withval/lib "
APR_ADDTO(CPPFLAGS, [$nss_CPPFLAGS])
Modified: apr/apr-util/branches/1.5.x/crypto/apr_crypto.c
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.5.x/crypto/apr_crypto.c?rev=1127693&r1=1127692&r2=1127693&view=diff
==============================================================================
--- apr/apr-util/branches/1.5.x/crypto/apr_crypto.c (original)
+++ apr/apr-util/branches/1.5.x/crypto/apr_crypto.c Wed May 25 21:38:43 2011
@@ -19,7 +19,6 @@
#include "apu_config.h"
#include "apu.h"
-
#include "apr_pools.h"
#include "apr_dso.h"
#include "apr_strings.h"
@@ -40,6 +39,29 @@ static apr_hash_t *drivers = NULL;
#define CLEANUP_CAST (apr_status_t (*)(void*))
+#define APR_TYPEDEF_STRUCT(type, incompletion) \
+struct type { \
+ incompletion \
+ void *unk[]; \
+};
+
+APR_TYPEDEF_STRUCT(apr_crypto_t, \
+ apr_pool_t *pool; \
+ apr_crypto_driver_t *provider; \
+)
+
+APR_TYPEDEF_STRUCT(apr_crypto_key_t, \
+ apr_pool_t *pool; \
+ apr_crypto_driver_t *provider; \
+ const apr_crypto_t *f;
+)
+
+APR_TYPEDEF_STRUCT(apr_crypto_block_t, \
+ apr_pool_t *pool; \
+ apr_crypto_driver_t *provider; \
+ const apr_crypto_t *f;
+)
+
#if !APU_DSO_BUILD
#define DRIVER_LOAD(name,driver,pool,params) \
{ \
@@ -101,9 +123,9 @@ APU_DECLARE(apr_status_t) apr_crypto_ini
return ret;
}
-APU_DECLARE(apr_status_t) apr_crypto_get_driver(apr_pool_t *pool, const char *name,
- const apr_crypto_driver_t **driver, const apr_array_header_t *params,
- const apu_err_t **result) {
+APU_DECLARE(apr_status_t) apr_crypto_get_driver(const apr_crypto_driver_t **driver,
+ const char *name, const apr_array_header_t *params, const apu_err_t **result,
+ apr_pool_t *pool) {
#if APU_DSO_BUILD
char modname[32];
char symname[34];
@@ -121,7 +143,7 @@ APU_DECLARE(apr_status_t) apr_crypto_get
#endif
*driver = apr_hash_get(drivers, name, APR_HASH_KEY_STRING);
if (*driver) {
-#if APU_DSO_BUILD
+#if APU_DSO_BUILD
apu_dso_mutex_unlock();
#endif
return APR_SUCCESS;
@@ -181,8 +203,8 @@ APU_DECLARE(apr_status_t) apr_crypto_get
/**
* @brief Return the name of the driver.
*
- * @param pool - pool to register any shutdown cleanups, etc
- * @return APR_SUCCESS for success.
+ * @param driver - The driver in use.
+ * @return The name of the driver.
*/
APU_DECLARE(const char *)apr_crypto_driver_name (const apr_crypto_driver_t *driver)
{
@@ -192,25 +214,30 @@ APU_DECLARE(const char *)apr_crypto_driv
/**
* @brief Get the result of the last operation on a context. If the result
* is NULL, the operation was successful.
- * @param f - context pointer
* @param result - the result structure
+ * @param f - context pointer
* @return APR_SUCCESS for success
*/
-APR_DECLARE(apr_status_t) apr_crypto_error(const apr_crypto_driver_t *driver,
- const apr_crypto_t *f, const apu_err_t **result) {
- return driver->error(f, result);
+APU_DECLARE(apr_status_t) apr_crypto_error(const apu_err_t **result,
+ const apr_crypto_t *f) {
+ return f->provider->error(result, f);
}
/**
- * @brief Create a general encryption context
+ * @brief Create a context for supporting encryption. Keys, certificates,
+ * algorithms and other parameters will be set per context. More than
+ * one context can be created at one time. A cleanup will be automatically
+ * registered with the given pool to guarantee a graceful shutdown.
+ * @param f - context pointer will be written here
* @param driver - driver to use
- * @param pool - process pool
* @param params - array of key parameters
- * @param f - context pointer will be written here
+ * @param pool - process pool
+ * @return APR_ENOENGINE when the engine specified does not exist. APR_EINITENGINE
+ * if the engine cannot be initialised.
*/
-APU_DECLARE(apr_status_t) apr_crypto_make(const apr_crypto_driver_t *driver,
- apr_pool_t *pool, const apr_array_header_t *params, apr_crypto_t **f) {
- return driver->make(pool, params, f);
+APU_DECLARE(apr_status_t) apr_crypto_make(apr_crypto_t **f, const apr_crypto_driver_t *driver,
+ const apr_array_header_t *params, apr_pool_t *pool) {
+ return driver->make(f, driver, params, pool);
}
/**
@@ -222,9 +249,9 @@ APU_DECLARE(apr_status_t) apr_crypto_mak
* operations.
* @note If *key is NULL, a apr_crypto_key_t will be created from a pool. If
* *key is not NULL, *key must point at a previously created structure.
- * @param driver - driver to use
- * @param p The pool to use.
- * @param f The context to use.
+ * @param key The key returned, see note.
+ * @param ivSize The size of the initialisation vector will be returned, based
+ * on whether an IV is relevant for this type of crypto.
* @param pass The passphrase to use.
* @param passLen The passphrase length in bytes
* @param salt The salt to use.
@@ -232,49 +259,47 @@ APU_DECLARE(apr_status_t) apr_crypto_mak
* @param type 3DES_192, AES_128, AES_192, AES_256.
* @param mode Electronic Code Book / Cipher Block Chaining.
* @param doPad Pad if necessary.
- * @param key The key returned, see note.
- * @param ivSize The size of the initialisation vector will be returned, based
- * on whether an IV is relevant for this type of crypto.
+ * @param iterations Number of iterations to use in algorithm
+ * @param f The context to use.
+ * @param p The pool to use.
* @return Returns APR_ENOKEY if the pass phrase is missing or empty, or if a backend
* error occurred while generating the key. APR_ENOCIPHER if the type or mode
* is not supported by the particular backend. APR_EKEYTYPE if the key type is
* not known. APR_EPADDING if padding was requested but is not supported.
* APR_ENOTIMPL if not implemented.
*/
-APU_DECLARE(apr_status_t) apr_crypto_passphrase(const apr_crypto_driver_t *driver,
- apr_pool_t *p, const apr_crypto_t *f, const char *pass,
- apr_size_t passLen, const unsigned char * salt, apr_size_t saltLen,
+APU_DECLARE(apr_status_t) apr_crypto_passphrase(apr_crypto_key_t **key,
+ apr_size_t *ivSize, const char *pass, apr_size_t passLen,
+ const unsigned char * salt, apr_size_t saltLen,
const apr_crypto_block_key_type_e type,
const apr_crypto_block_key_mode_e mode, const int doPad,
- const int iterations, apr_crypto_key_t **key, apr_size_t *ivSize) {
- return driver->passphrase(p, f, pass, passLen, salt, saltLen, type, mode,
- doPad, iterations, key, ivSize);
+ const int iterations, const apr_crypto_t *f, apr_pool_t *p)
+{
+ return f->provider->passphrase(key, ivSize, pass, passLen, salt, saltLen,
+ type, mode, doPad, iterations, f, p);
}
/**
* @brief Initialise a context for encrypting arbitrary data using the given key.
* @note If *ctx is NULL, a apr_crypto_block_t will be created from a pool. If
* *ctx is not NULL, *ctx must point at a previously created structure.
- * @param driver - driver to use
- * @param p The pool to use.
- * @param f The block context to use.
- * @param key The key structure to use.
+ * @param ctx The block context returned, see note.
* @param iv Optional initialisation vector. If the buffer pointed to is NULL,
* an IV will be created at random, in space allocated from the pool.
* If the buffer pointed to is not NULL, the IV in the buffer will be
* used.
- * @param ctx The block context returned, see note.
+ * @param key The key structure to use.
* @param blockSize The block size of the cipher.
+ * @param p The pool to use.
* @return Returns APR_ENOIV if an initialisation vector is required but not specified.
* Returns APR_EINIT if the backend failed to initialise the context. Returns
* APR_ENOTIMPL if not implemented.
*/
APU_DECLARE(apr_status_t) apr_crypto_block_encrypt_init(
- const apr_crypto_driver_t *driver, apr_pool_t *p,
- const apr_crypto_t *f, const apr_crypto_key_t *key,
- const unsigned char **iv, apr_crypto_block_t **ctx,
- apr_size_t *blockSize) {
- return driver->block_encrypt_init(p, f, key, iv, ctx, blockSize);
+ apr_crypto_block_t **ctx, const unsigned char **iv,
+ const apr_crypto_key_t *key, apr_size_t *blockSize, apr_pool_t *p)
+{
+ return key->provider->block_encrypt_init(ctx, iv, key, blockSize, p);
}
/**
@@ -286,21 +311,20 @@ APU_DECLARE(apr_status_t) apr_crypto_blo
* to NULL, a buffer sufficiently large will be created from
* the pool provided. If *out points to a not-NULL value, this
* value will be used as a buffer instead.
- * @param driver - driver to use
- * @param ctx The block context to use.
* @param out Address of a buffer to which data will be written,
* see note.
* @param outlen Length of the output will be written here.
* @param in Address of the buffer to read.
* @param inlen Length of the buffer to read.
+ * @param ctx The block context to use.
* @return APR_ECRYPT if an error occurred. Returns APR_ENOTIMPL if
* not implemented.
*/
-APU_DECLARE(apr_status_t) apr_crypto_block_encrypt(
- const apr_crypto_driver_t *driver, apr_crypto_block_t *ctx,
- unsigned char **out, apr_size_t *outlen, const unsigned char *in,
- apr_size_t inlen) {
- return driver->block_encrypt(ctx, out, outlen, in, inlen);
+APU_DECLARE(apr_status_t) apr_crypto_block_encrypt(unsigned char **out,
+ apr_size_t *outlen, const unsigned char *in, apr_size_t inlen,
+ apr_crypto_block_t *ctx)
+{
+ return ctx->provider->block_encrypt(out, outlen, in, inlen, ctx);
}
/**
@@ -311,44 +335,40 @@ APU_DECLARE(apr_status_t) apr_crypto_blo
* number of bytes returned as actually written by the
* apr_crypto_block_encrypt() call. After this call, the context
* is cleaned and can be reused by apr_crypto_block_encrypt_init().
- * @param driver - driver to use
- * @param ctx The block context to use.
* @param out Address of a buffer to which data will be written. This
* buffer must already exist, and is usually the same
* buffer used by apr_evp_crypt(). See note.
* @param outlen Length of the output will be written here.
+ * @param ctx The block context to use.
* @return APR_ECRYPT if an error occurred.
* @return APR_EPADDING if padding was enabled and the block was incorrectly
* formatted.
* @return APR_ENOTIMPL if not implemented.
*/
-APU_DECLARE(apr_status_t) apr_crypto_block_encrypt_finish(
- const apr_crypto_driver_t *driver, apr_crypto_block_t *ctx,
- unsigned char *out, apr_size_t *outlen) {
- return driver->block_encrypt_finish(ctx, out, outlen);
+APU_DECLARE(apr_status_t) apr_crypto_block_encrypt_finish(unsigned char *out,
+ apr_size_t *outlen, apr_crypto_block_t *ctx)
+{
+ return ctx->provider->block_encrypt_finish(out, outlen, ctx);
}
/**
* @brief Initialise a context for decrypting arbitrary data using the given key.
* @note If *ctx is NULL, a apr_crypto_block_t will be created from a pool. If
* *ctx is not NULL, *ctx must point at a previously created structure.
- * @param driver - driver to use
- * @param p The pool to use.
- * @param f The block context to use.
- * @param key The key structure to use.
- * @param iv Optional initialisation vector.
* @param ctx The block context returned, see note.
* @param blockSize The block size of the cipher.
+ * @param iv Optional initialisation vector.
+ * @param key The key structure to use.
+ * @param p The pool to use.
* @return Returns APR_ENOIV if an initialisation vector is required but not specified.
* Returns APR_EINIT if the backend failed to initialise the context. Returns
* APR_ENOTIMPL if not implemented.
*/
APU_DECLARE(apr_status_t) apr_crypto_block_decrypt_init(
- const apr_crypto_driver_t *driver, apr_pool_t *p,
- const apr_crypto_t *f, const apr_crypto_key_t *key,
- const unsigned char *iv, apr_crypto_block_t **ctx,
- apr_size_t *blockSize) {
- return driver->block_decrypt_init(p, f, key, iv, ctx, blockSize);
+ apr_crypto_block_t **ctx, apr_size_t *blockSize,
+ const unsigned char *iv, const apr_crypto_key_t *key, apr_pool_t *p)
+{
+ return key->provider->block_decrypt_init(ctx, blockSize, iv, key, p);
}
/**
@@ -360,21 +380,20 @@ APU_DECLARE(apr_status_t) apr_crypto_blo
* to NULL, a buffer sufficiently large will be created from
* the pool provided. If *out points to a not-NULL value, this
* value will be used as a buffer instead.
- * @param driver - driver to use
- * @param ctx The block context to use.
* @param out Address of a buffer to which data will be written,
* see note.
* @param outlen Length of the output will be written here.
* @param in Address of the buffer to read.
* @param inlen Length of the buffer to read.
+ * @param ctx The block context to use.
* @return APR_ECRYPT if an error occurred. Returns APR_ENOTIMPL if
* not implemented.
*/
-APU_DECLARE(apr_status_t) apr_crypto_block_decrypt(
- const apr_crypto_driver_t *driver, apr_crypto_block_t *ctx,
- unsigned char **out, apr_size_t *outlen, const unsigned char *in,
- apr_size_t inlen) {
- return driver->block_decrypt(ctx, out, outlen, in, inlen);
+APU_DECLARE(apr_status_t) apr_crypto_block_decrypt(unsigned char **out,
+ apr_size_t *outlen, const unsigned char *in, apr_size_t inlen,
+ apr_crypto_block_t *ctx)
+{
+ return ctx->provider->block_decrypt(out, outlen, in, inlen, ctx);
}
/**
@@ -385,57 +404,53 @@ APU_DECLARE(apr_status_t) apr_crypto_blo
* number of bytes returned as actually written by the
* apr_crypto_block_decrypt() call. After this call, the context
* is cleaned and can be reused by apr_crypto_block_decrypt_init().
- * @param driver - driver to use
- * @param ctx The block context to use.
* @param out Address of a buffer to which data will be written. This
* buffer must already exist, and is usually the same
* buffer used by apr_evp_crypt(). See note.
* @param outlen Length of the output will be written here.
+ * @param ctx The block context to use.
* @return APR_ECRYPT if an error occurred.
* @return APR_EPADDING if padding was enabled and the block was incorrectly
* formatted.
* @return APR_ENOTIMPL if not implemented.
*/
-APU_DECLARE(apr_status_t) apr_crypto_block_decrypt_finish(
- const apr_crypto_driver_t *driver, apr_crypto_block_t *ctx,
- unsigned char *out, apr_size_t *outlen) {
- return driver->block_decrypt_finish(ctx, out, outlen);
+APU_DECLARE(apr_status_t) apr_crypto_block_decrypt_finish(unsigned char *out,
+ apr_size_t *outlen, apr_crypto_block_t *ctx)
+{
+ return ctx->provider->block_decrypt_finish(out, outlen, ctx);
}
/**
* @brief Clean encryption / decryption context.
* @note After cleanup, a context is free to be reused if necessary.
- * @param driver - driver to use
* @param ctx The block context to use.
* @return Returns APR_ENOTIMPL if not supported.
*/
-APU_DECLARE(apr_status_t) apr_crypto_block_cleanup(
- const apr_crypto_driver_t *driver, apr_crypto_block_t *ctx) {
- return driver->block_cleanup(ctx);
+APU_DECLARE(apr_status_t) apr_crypto_block_cleanup(apr_crypto_block_t *ctx)
+{
+ return ctx->provider->block_cleanup(ctx);
}
/**
* @brief Clean encryption / decryption context.
* @note After cleanup, a context is free to be reused if necessary.
- * @param driver - driver to use
* @param f The context to use.
* @return Returns APR_ENOTIMPL if not supported.
*/
-APU_DECLARE(apr_status_t) apr_crypto_cleanup(const apr_crypto_driver_t *driver,
- apr_crypto_t *f) {
- return driver->cleanup(f);
+APU_DECLARE(apr_status_t) apr_crypto_cleanup(apr_crypto_t *f)
+{
+ return f->provider->cleanup(f);
}
/**
* @brief Shutdown the crypto library.
* @note After shutdown, it is expected that the init function can be called again.
* @param driver - driver to use
- * @param p The pool to use.
* @return Returns APR_ENOTIMPL if not supported.
*/
-APU_DECLARE(apr_status_t) apr_crypto_shutdown(const apr_crypto_driver_t *driver,
- apr_pool_t *p) {
- return driver->shutdown(p);
+APU_DECLARE(apr_status_t) apr_crypto_shutdown(const apr_crypto_driver_t *driver)
+{
+ return driver->shutdown();
}
#endif /* APU_HAVE_CRYPTO */
Modified: apr/apr-util/branches/1.5.x/crypto/apr_crypto_nss.c
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.5.x/crypto/apr_crypto_nss.c?rev=1127693&r1=1127692&r2=1127693&view=diff
==============================================================================
--- apr/apr-util/branches/1.5.x/crypto/apr_crypto_nss.c (original)
+++ apr/apr-util/branches/1.5.x/crypto/apr_crypto_nss.c Wed May 25 21:38:43 2011
@@ -15,8 +15,6 @@
*/
#include "apu.h"
-
-#include "apu_config.h"
#include "apu_errno.h"
#include <ctype.h>
@@ -48,6 +46,7 @@
struct apr_crypto_t {
apr_pool_t *pool;
+ const apr_crypto_driver_t *provider;
apu_err_t *result;
apr_array_header_t *keys;
apr_crypto_config_t *config;
@@ -57,6 +56,9 @@ struct apr_crypto_config_t {
};
struct apr_crypto_key_t {
+ apr_pool_t *pool;
+ const apr_crypto_driver_t *provider;
+ const apr_crypto_t *f;
CK_MECHANISM_TYPE cipherMech;
SECOidTag cipherOid;
PK11SymKey *symKey;
@@ -64,8 +66,9 @@ struct apr_crypto_key_t {
};
struct apr_crypto_block_t {
- const apr_crypto_t *f;
apr_pool_t *pool;
+ const apr_crypto_driver_t *provider;
+ const apr_crypto_t *f;
PK11Context *ctx;
apr_crypto_key_t *key;
int blockSize;
@@ -74,9 +77,9 @@ struct apr_crypto_block_t {
/**
* Fetch the most recent error from this driver.
*/
-static apr_status_t crypto_error(const apr_crypto_t *f, const apu_err_t **result) {
- *result = f->result;
- return APR_SUCCESS;
+static apr_status_t crypto_error(const apu_err_t **result, const apr_crypto_t *f) {
+ *result = f->result;
+ return APR_SUCCESS;
}
/**
@@ -84,7 +87,7 @@ static apr_status_t crypto_error(const a
*
* It is safe to shut down twice.
*/
-static apr_status_t crypto_shutdown(apr_pool_t *pool)
+static apr_status_t crypto_shutdown()
{
if (NSS_IsInitialized()) {
SECStatus s = NSS_Shutdown();
@@ -98,7 +101,7 @@ static apr_status_t crypto_shutdown(apr_
static apr_status_t crypto_shutdown_helper(void *data)
{
apr_pool_t *pool = (apr_pool_t *) data;
- return crypto_shutdown(pool);
+ return crypto_shutdown();
}
/**
@@ -166,7 +169,7 @@ static apr_status_t crypto_init(apr_pool
/**
* @brief Clean encryption / decryption context.
* @note After cleanup, a context is free to be reused if necessary.
- * @param block The block context to use.
+ * @param f The context to use.
* @return Returns APR_ENOTIMPL if not supported.
*/
static apr_status_t crypto_block_cleanup(apr_crypto_block_t *block)
@@ -218,15 +221,15 @@ static apr_status_t crypto_cleanup_helpe
* algorithms and other parameters will be set per context. More than
* one context can be created at one time. A cleanup will be automatically
* registered with the given pool to guarantee a graceful shutdown.
- * @param pool - process pool
+ * @param f - context pointer will be written here
+ * @param provider - provider to use
* @param params - array of key parameters
- * @param ff - context pointer will be written here
+ * @param pool - process pool
* @return APR_ENOENGINE when the engine specified does not exist. APR_EINITENGINE
* if the engine cannot be initialised.
*/
-static apr_status_t crypto_make(apr_pool_t *pool,
- const apr_array_header_t *params,
- apr_crypto_t **ff)
+static apr_status_t crypto_make(apr_crypto_t **ff, const apr_crypto_driver_t *provider,
+ const apr_array_header_t *params, apr_pool_t *pool)
{
apr_crypto_config_t *config = NULL;
/* struct apr_crypto_param_t *ents = params ? (struct apr_crypto_param_t *)params->elts : NULL; */
@@ -239,6 +242,7 @@ static apr_status_t crypto_make(apr_pool
}
*ff = f;
f->pool = pool;
+ f->provider = provider;
config = f->config = apr_pcalloc(pool, sizeof(apr_crypto_config_t));
if (!config) {
return APR_ENOMEM;
@@ -280,8 +284,9 @@ static apr_status_t crypto_make(apr_pool
* operations.
* @note If *key is NULL, a apr_crypto_key_t will be created from a pool. If
* *key is not NULL, *key must point at a previously created structure.
- * @param p The pool to use.
- * @param f The context to use.
+ * @param key The key returned, see note.
+ * @param ivSize The size of the initialisation vector will be returned, based
+ * on whether an IV is relevant for this type of crypto.
* @param pass The passphrase to use.
* @param passLen The passphrase length in bytes
* @param salt The salt to use.
@@ -290,27 +295,19 @@ static apr_status_t crypto_make(apr_pool
* @param mode Electronic Code Book / Cipher Block Chaining.
* @param doPad Pad if necessary.
* @param iterations Iteration count
- * @param key The key returned, see note.
- * @param ivSize The size of the initialisation vector will be returned, based
- * on whether an IV is relevant for this type of crypto.
+ * @param f The context to use.
+ * @param p The pool to use.
* @return Returns APR_ENOKEY if the pass phrase is missing or empty, or if a backend
* error occurred while generating the key. APR_ENOCIPHER if the type or mode
* is not supported by the particular backend. APR_EKEYTYPE if the key type is
* not known. APR_EPADDING if padding was requested but is not supported.
* APR_ENOTIMPL if not implemented.
*/
-static apr_status_t crypto_passphrase(apr_pool_t *p,
- const apr_crypto_t *f,
- const char *pass,
- apr_size_t passLen,
- const unsigned char * salt,
- apr_size_t saltLen,
- const apr_crypto_block_key_type_e type,
- const apr_crypto_block_key_mode_e mode,
- const int doPad,
- const int iterations,
- apr_crypto_key_t **k,
- apr_size_t *ivSize)
+static apr_status_t crypto_passphrase(apr_crypto_key_t **k, apr_size_t *ivSize,
+ const char *pass, apr_size_t passLen, const unsigned char * salt,
+ apr_size_t saltLen, const apr_crypto_block_key_type_e type,
+ const apr_crypto_block_key_mode_e mode, const int doPad,
+ const int iterations, const apr_crypto_t *f, apr_pool_t *p)
{
apr_status_t rv = APR_SUCCESS;
PK11SlotInfo * slot;
@@ -327,36 +324,39 @@ static apr_status_t crypto_passphrase(ap
return APR_ENOMEM;
}
+ key->f = f;
+ key->provider = f->provider;
+
/* decide on what cipher mechanism we will be using */
switch (type) {
- case (KEY_3DES_192) :
- if (MODE_CBC == mode) {
+ case (APR_KEY_3DES_192) :
+ if (APR_MODE_CBC == mode) {
key->cipherOid = SEC_OID_DES_EDE3_CBC;
}
- else if (MODE_ECB == mode) {
+ else if (APR_MODE_ECB == mode) {
return APR_ENOCIPHER;
/* No OID for CKM_DES3_ECB; */
}
break;
- case (KEY_AES_128) :
- if (MODE_CBC == mode) {
+ case (APR_KEY_AES_128) :
+ if (APR_MODE_CBC == mode) {
key->cipherOid = SEC_OID_AES_128_CBC;
}
else {
key->cipherOid = SEC_OID_AES_128_ECB;
}
break;
- case (KEY_AES_192) :
- if (MODE_CBC == mode) {
+ case (APR_KEY_AES_192) :
+ if (APR_MODE_CBC == mode) {
key->cipherOid = SEC_OID_AES_192_CBC;
}
else {
key->cipherOid = SEC_OID_AES_192_ECB;
}
break;
- case (KEY_AES_256) :
- if (MODE_CBC == mode) {
+ case (APR_KEY_AES_256) :
+ if (APR_MODE_CBC == mode) {
key->cipherOid = SEC_OID_AES_256_CBC;
}
else {
@@ -422,25 +422,21 @@ static apr_status_t crypto_passphrase(ap
* @brief Initialise a context for encrypting arbitrary data using the given key.
* @note If *ctx is NULL, a apr_crypto_block_t will be created from a pool. If
* *ctx is not NULL, *ctx must point at a previously created structure.
- * @param p The pool to use.
- * @param f The block context to use.
- * @param key The key structure.
+ * @param ctx The block context returned, see note.
* @param iv Optional initialisation vector. If the buffer pointed to is NULL,
* an IV will be created at random, in space allocated from the pool.
* If the buffer pointed to is not NULL, the IV in the buffer will be
* used.
- * @param ctx The block context returned, see note.
+ * @param key The key structure.
* @param blockSize The block size of the cipher.
+ * @param p The pool to use.
* @return Returns APR_ENOIV if an initialisation vector is required but not specified.
* Returns APR_EINIT if the backend failed to initialise the context. Returns
* APR_ENOTIMPL if not implemented.
*/
-static apr_status_t crypto_block_encrypt_init(apr_pool_t *p,
- const apr_crypto_t *f,
- const apr_crypto_key_t *key,
- const unsigned char **iv,
- apr_crypto_block_t **ctx,
- apr_size_t *blockSize)
+static apr_status_t crypto_block_encrypt_init(apr_crypto_block_t **ctx,
+ const unsigned char **iv, const apr_crypto_key_t *key,
+ apr_size_t *blockSize, apr_pool_t *p)
{
PRErrorCode perr;
SECItem * secParam;
@@ -453,8 +449,9 @@ static apr_status_t crypto_block_encrypt
if (!block) {
return APR_ENOMEM;
}
- block->f = f;
+ block->f = key->f;
block->pool = p;
+ block->provider = key->provider;
apr_pool_cleanup_register(p, block,
crypto_block_cleanup_helper,
@@ -491,8 +488,8 @@ static apr_status_t crypto_block_encrypt
/* did an error occur? */
perr = PORT_GetError();
if (perr || !block->ctx) {
- f->result->rc = perr;
- f->result->msg = PR_ErrorToName(perr);
+ key->f->result->rc = perr;
+ key->f->result->msg = PR_ErrorToName(perr);
return APR_EINIT;
}
@@ -513,20 +510,18 @@ static apr_status_t crypto_block_encrypt
* to NULL, a buffer sufficiently large will be created from
* the pool provided. If *out points to a not-NULL value, this
* value will be used as a buffer instead.
- * @param block The block context to use.
* @param out Address of a buffer to which data will be written,
* see note.
* @param outlen Length of the output will be written here.
* @param in Address of the buffer to read.
* @param inlen Length of the buffer to read.
+ * @param ctx The block context to use.
* @return APR_ECRYPT if an error occurred. Returns APR_ENOTIMPL if
* not implemented.
*/
-static apr_status_t crypto_block_encrypt(apr_crypto_block_t *block,
- unsigned char **out,
- apr_size_t *outlen,
- const unsigned char *in,
- apr_size_t inlen)
+static apr_status_t crypto_block_encrypt(unsigned char **out,
+ apr_size_t *outlen, const unsigned char *in, apr_size_t inlen,
+ apr_crypto_block_t *block)
{
unsigned char *buffer;
@@ -566,19 +561,18 @@ static apr_status_t crypto_block_encrypt
* number of bytes returned as actually written by the
* apr_crypto_block_encrypt() call. After this call, the context
* is cleaned and can be reused by apr_crypto_block_encrypt_init().
- * @param block The block context to use.
* @param out Address of a buffer to which data will be written. This
* buffer must already exist, and is usually the same
* buffer used by apr_evp_crypt(). See note.
* @param outlen Length of the output will be written here.
+ * @param ctx The block context to use.
* @return APR_ECRYPT if an error occurred.
* @return APR_EPADDING if padding was enabled and the block was incorrectly
* formatted.
* @return APR_ENOTIMPL if not implemented.
*/
-static apr_status_t crypto_block_encrypt_finish(apr_crypto_block_t *block,
- unsigned char *out,
- apr_size_t *outlen)
+static apr_status_t crypto_block_encrypt_finish(unsigned char *out,
+ apr_size_t *outlen, apr_crypto_block_t *block)
{
apr_status_t rv = APR_SUCCESS;
@@ -605,25 +599,20 @@ static apr_status_t crypto_block_encrypt
* @brief Initialise a context for decrypting arbitrary data using the given key.
* @note If *ctx is NULL, a apr_crypto_block_t will be created from a pool. If
* *ctx is not NULL, *ctx must point at a previously created structure.
- * @param p The pool to use.
- * @param f The block context to use.
- * @param key The key structure.
- * @param iv Optional initialisation vector. If the buffer pointed to is NULL,
- * an IV will be created at random, in space allocated from the pool.
- * If the buffer pointed to is not NULL, the IV in the buffer will be
- * used.
* @param ctx The block context returned, see note.
* @param blockSize The block size of the cipher.
+ * @param iv Optional initialisation vector. If the buffer pointed to is NULL,
+ * an IV will be created at random, in space allocated from the pool.
+ * If the buffer is not NULL, the IV in the buffer will be used.
+ * @param key The key structure.
+ * @param p The pool to use.
* @return Returns APR_ENOIV if an initialisation vector is required but not specified.
* Returns APR_EINIT if the backend failed to initialise the context. Returns
* APR_ENOTIMPL if not implemented.
*/
-static apr_status_t crypto_block_decrypt_init(apr_pool_t *p,
- const apr_crypto_t *f,
- const apr_crypto_key_t *key,
- const unsigned char *iv,
- apr_crypto_block_t **ctx,
- apr_size_t *blockSize)
+static apr_status_t crypto_block_decrypt_init(apr_crypto_block_t **ctx,
+ apr_size_t *blockSize, const unsigned char *iv,
+ const apr_crypto_key_t *key, apr_pool_t *p)
{
PRErrorCode perr;
SECItem * secParam;
@@ -634,8 +623,9 @@ static apr_status_t crypto_block_decrypt
if (!block) {
return APR_ENOMEM;
}
- block->f = f;
+ block->f = key->f;
block->pool = p;
+ block->provider = key->provider;
apr_pool_cleanup_register(p, block,
crypto_block_cleanup_helper,
@@ -659,8 +649,8 @@ static apr_status_t crypto_block_decrypt
/* did an error occur? */
perr = PORT_GetError();
if (perr || !block->ctx) {
- f->result->rc = perr;
- f->result->msg = PR_ErrorToName(perr);
+ key->f->result->rc = perr;
+ key->f->result->msg = PR_ErrorToName(perr);
return APR_EINIT;
}
@@ -677,24 +667,22 @@ static apr_status_t crypto_block_decrypt
* @note The number of bytes written will be written to outlen. If
* out is NULL, outlen will contain the maximum size of the
* buffer needed to hold the data, including any data
- * generated by apr_crypto_block_final below. If *out points
+ * generated by apr_crypto_block_decrypt_finish below. If *out points
* to NULL, a buffer sufficiently large will be created from
* the pool provided. If *out points to a not-NULL value, this
* value will be used as a buffer instead.
- * @param block The block context to use.
* @param out Address of a buffer to which data will be written,
* see note.
* @param outlen Length of the output will be written here.
* @param in Address of the buffer to read.
* @param inlen Length of the buffer to read.
+ * @param ctx The block context to use.
* @return APR_ECRYPT if an error occurred. Returns APR_ENOTIMPL if
* not implemented.
*/
-static apr_status_t crypto_block_decrypt(apr_crypto_block_t *block,
- unsigned char **out,
- apr_size_t *outlen,
- const unsigned char *in,
- apr_size_t inlen)
+static apr_status_t crypto_block_decrypt(unsigned char **out,
+ apr_size_t *outlen, const unsigned char *in, apr_size_t inlen,
+ apr_crypto_block_t *block)
{
unsigned char *buffer;
@@ -727,26 +715,25 @@ static apr_status_t crypto_block_decrypt
}
/**
- * @brief Encrypt final data block, write it to out.
+ * @brief Decrypt final data block, write it to out.
* @note If necessary the final block will be written out after being
* padded. Typically the final block will be written to the
- * same buffer used by apr_evp_crypt, offset by the number of
- * bytes returned as actually written by the apr_evp_crypt()
- * call. After this call, the context is cleaned and can be
- * reused by apr_env_encrypt_init() or apr_env_decrypt_init().
- * @param block The block context to use.
+ * same buffer used by apr_crypto_block_decrypt, offset by the
+ * number of bytes returned as actually written by the
+ * apr_crypto_block_decrypt() call. After this call, the context
+ * is cleaned and can be reused by apr_crypto_block_decrypt_init().
* @param out Address of a buffer to which data will be written. This
* buffer must already exist, and is usually the same
* buffer used by apr_evp_crypt(). See note.
* @param outlen Length of the output will be written here.
+ * @param ctx The block context to use.
* @return APR_ECRYPT if an error occurred.
* @return APR_EPADDING if padding was enabled and the block was incorrectly
* formatted.
* @return APR_ENOTIMPL if not implemented.
*/
-static apr_status_t crypto_block_decrypt_finish(apr_crypto_block_t *block,
- unsigned char *out,
- apr_size_t *outlen)
+static apr_status_t crypto_block_decrypt_finish(unsigned char *out,
+ apr_size_t *outlen, apr_crypto_block_t *block)
{
apr_status_t rv = APR_SUCCESS;
Modified: apr/apr-util/branches/1.5.x/crypto/apr_crypto_openssl.c
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.5.x/crypto/apr_crypto_openssl.c?rev=1127693&r1=1127692&r2=1127693&view=diff
==============================================================================
--- apr/apr-util/branches/1.5.x/crypto/apr_crypto_openssl.c (original)
+++ apr/apr-util/branches/1.5.x/crypto/apr_crypto_openssl.c Wed May 25 21:38:43 2011
@@ -15,8 +15,6 @@
*/
#include "apu.h"
-
-#include "apu_config.h"
#include "apu_errno.h"
#include <ctype.h>
@@ -38,6 +36,7 @@
struct apr_crypto_t {
apr_pool_t *pool;
+ const apr_crypto_driver_t *provider;
apu_err_t *result;
apr_array_header_t *keys;
apr_crypto_config_t *config;
@@ -48,6 +47,9 @@ struct apr_crypto_config_t {
};
struct apr_crypto_key_t {
+ apr_pool_t *pool;
+ const apr_crypto_driver_t *provider;
+ const apr_crypto_t *f;
const EVP_CIPHER * cipher;
unsigned char *key;
int keyLen;
@@ -56,8 +58,9 @@ struct apr_crypto_key_t {
};
struct apr_crypto_block_t {
- const apr_crypto_t *f;
apr_pool_t *pool;
+ const apr_crypto_driver_t *provider;
+ const apr_crypto_t *f;
EVP_CIPHER_CTX cipherCtx;
int initialised;
int ivSize;
@@ -68,15 +71,15 @@ struct apr_crypto_block_t {
/**
* Fetch the most recent error from this driver.
*/
-static apr_status_t crypto_error(const apr_crypto_t *f, const apu_err_t **result) {
- *result = f->result;
- return APR_SUCCESS;
+static apr_status_t crypto_error(const apu_err_t **result, const apr_crypto_t *f) {
+ *result = f->result;
+ return APR_SUCCESS;
}
/**
* Shutdown the crypto library and release resources.
*/
-static apr_status_t crypto_shutdown(apr_pool_t *pool) {
+static apr_status_t crypto_shutdown() {
ERR_free_strings();
EVP_cleanup();
ENGINE_cleanup();
@@ -85,7 +88,7 @@ static apr_status_t crypto_shutdown(apr_
static apr_status_t crypto_shutdown_helper(void *data) {
apr_pool_t *pool = (apr_pool_t *) data;
- return crypto_shutdown(pool);
+ return crypto_shutdown();
}
/**
@@ -155,14 +158,16 @@ static apr_status_t crypto_cleanup_helpe
* algorithms and other parameters will be set per context. More than
* one context can be created at one time. A cleanup will be automatically
* registered with the given pool to guarantee a graceful shutdown.
- * @param pool - process pool
+ * @param f - context pointer will be written here
+ * @param provider - provider to use
* @param params - array of key parameters
- * @param ff - context pointer will be written here
+ * @param pool - process pool
* @return APR_ENOENGINE when the engine specified does not exist. APR_EINITENGINE
* if the engine cannot be initialised.
*/
-static apr_status_t crypto_make(apr_pool_t *pool,
- const apr_array_header_t *params, apr_crypto_t **ff) {
+static apr_status_t crypto_make(apr_crypto_t **ff, const apr_crypto_driver_t *provider,
+ const apr_array_header_t *params, apr_pool_t *pool)
+{
apr_crypto_config_t *config = NULL;
struct apr_crypto_param_t *ents =
params ? (struct apr_crypto_param_t *) params->elts : NULL;
@@ -173,6 +178,7 @@ static apr_status_t crypto_make(apr_pool
}
*ff = f;
f->pool = pool;
+ f->provider = provider;
config = f->config = apr_pcalloc(pool, sizeof(apr_crypto_config_t));
if (!config) {
return APR_ENOMEM;
@@ -215,8 +221,9 @@ static apr_status_t crypto_make(apr_pool
* operations.
* @note If *key is NULL, a apr_crypto_key_t will be created from a pool. If
* *key is not NULL, *key must point at a previously created structure.
- * @param p The pool to use.
- * @param f The context to use.
+ * @param key The key returned, see note.
+ * @param ivSize The size of the initialisation vector will be returned, based
+ * on whether an IV is relevant for this type of crypto.
* @param pass The passphrase to use.
* @param passLen The passphrase length in bytes
* @param salt The salt to use.
@@ -225,20 +232,20 @@ static apr_status_t crypto_make(apr_pool
* @param mode Electronic Code Book / Cipher Block Chaining.
* @param doPad Pad if necessary.
* @param iterations Iteration count
- * @param key The key returned, see note.
- * @param ivSize The size of the initialisation vector will be returned, based
- * on whether an IV is relevant for this type of crypto.
+ * @param f The context to use.
+ * @param p The pool to use.
* @return Returns APR_ENOKEY if the pass phrase is missing or empty, or if a backend
* error occurred while generating the key. APR_ENOCIPHER if the type or mode
* is not supported by the particular backend. APR_EKEYTYPE if the key type is
* not known. APR_EPADDING if padding was requested but is not supported.
* APR_ENOTIMPL if not implemented.
*/
-static apr_status_t crypto_passphrase(apr_pool_t *p, const apr_crypto_t *f,
+static apr_status_t crypto_passphrase(apr_crypto_key_t **k, apr_size_t *ivSize,
const char *pass, apr_size_t passLen, const unsigned char * salt,
apr_size_t saltLen, const apr_crypto_block_key_type_e type,
const apr_crypto_block_key_mode_e mode, const int doPad,
- const int iterations, apr_crypto_key_t **k, apr_size_t *ivSize) {
+ const int iterations, const apr_crypto_t *f, apr_pool_t *p)
+{
apr_crypto_key_t *key = *k;
if (!key) {
@@ -248,40 +255,43 @@ static apr_status_t crypto_passphrase(ap
return APR_ENOMEM;
}
+ key->f = f;
+ key->provider = f->provider;
+
/* determine the cipher to be used */
switch (type) {
- case (KEY_3DES_192):
+ case (APR_KEY_3DES_192):
/* A 3DES key */
- if (mode == MODE_CBC) {
+ if (mode == APR_MODE_CBC) {
key->cipher = EVP_des_ede3_cbc();
} else {
key->cipher = EVP_des_ede3_ecb();
}
break;
- case (KEY_AES_128):
+ case (APR_KEY_AES_128):
- if (mode == MODE_CBC) {
+ if (mode == APR_MODE_CBC) {
key->cipher = EVP_aes_128_cbc();
} else {
key->cipher = EVP_aes_128_ecb();
}
break;
- case (KEY_AES_192):
+ case (APR_KEY_AES_192):
- if (mode == MODE_CBC) {
+ if (mode == APR_MODE_CBC) {
key->cipher = EVP_aes_192_cbc();
} else {
key->cipher = EVP_aes_192_ecb();
}
break;
- case (KEY_AES_256):
+ case (APR_KEY_AES_256):
- if (mode == MODE_CBC) {
+ if (mode == APR_MODE_CBC) {
key->cipher = EVP_aes_256_cbc();
} else {
key->cipher = EVP_aes_256_ecb();
@@ -315,7 +325,7 @@ static apr_status_t crypto_passphrase(ap
/* note: openssl incorrectly returns non zero IV size values for ECB
* algorithms, so work around this by ignoring the IV size.
*/
- if (MODE_ECB != mode) {
+ if (APR_MODE_ECB != mode) {
key->ivSize = EVP_CIPHER_iv_length(key->cipher);
}
if (ivSize) {
@@ -329,22 +339,24 @@ static apr_status_t crypto_passphrase(ap
* @brief Initialise a context for encrypting arbitrary data using the given key.
* @note If *ctx is NULL, a apr_crypto_block_t will be created from a pool. If
* *ctx is not NULL, *ctx must point at a previously created structure.
- * @param p The pool to use.
- * @param f The block context to use.
- * @param key The key
- * @param iv Optional initialisation vector.
* @param ctx The block context returned, see note.
+ * @param iv Optional initialisation vector. If the buffer pointed to is NULL,
+ * an IV will be created at random, in space allocated from the pool.
+ * If the buffer pointed to is not NULL, the IV in the buffer will be
+ * used.
+ * @param key The key structure.
* @param blockSize The block size of the cipher.
+ * @param p The pool to use.
* @return Returns APR_ENOIV if an initialisation vector is required but not specified.
* Returns APR_EINIT if the backend failed to initialise the context. Returns
* APR_ENOTIMPL if not implemented.
*/
-static apr_status_t crypto_block_encrypt_init(apr_pool_t *p,
- const apr_crypto_t *f, const apr_crypto_key_t *key,
- const unsigned char **iv, apr_crypto_block_t **ctx,
- apr_size_t *blockSize) {
+static apr_status_t crypto_block_encrypt_init(apr_crypto_block_t **ctx,
+ const unsigned char **iv, const apr_crypto_key_t *key,
+ apr_size_t *blockSize, apr_pool_t *p)
+{
unsigned char *usedIv;
- apr_crypto_config_t *config = f->config;
+ apr_crypto_config_t *config = key->f->config;
apr_crypto_block_t *block = *ctx;
if (!block) {
*ctx = block = apr_pcalloc(p, sizeof(apr_crypto_block_t));
@@ -352,8 +364,9 @@ static apr_status_t crypto_block_encrypt
if (!block) {
return APR_ENOMEM;
}
- block->f = f;
+ block->f = key->f;
block->pool = p;
+ block->provider = key->provider;
apr_pool_cleanup_register(p, block, crypto_block_cleanup_helper,
apr_pool_cleanup_null);
@@ -415,18 +428,19 @@ static apr_status_t crypto_block_encrypt
* to NULL, a buffer sufficiently large will be created from
* the pool provided. If *out points to a not-NULL value, this
* value will be used as a buffer instead.
- * @param ctx The block context to use.
* @param out Address of a buffer to which data will be written,
* see note.
* @param outlen Length of the output will be written here.
* @param in Address of the buffer to read.
* @param inlen Length of the buffer to read.
+ * @param ctx The block context to use.
* @return APR_ECRYPT if an error occurred. Returns APR_ENOTIMPL if
* not implemented.
*/
-static apr_status_t crypto_block_encrypt(apr_crypto_block_t *ctx,
- unsigned char **out, apr_size_t *outlen, const unsigned char *in,
- apr_size_t inlen) {
+static apr_status_t crypto_block_encrypt(unsigned char **out,
+ apr_size_t *outlen, const unsigned char *in, apr_size_t inlen,
+ apr_crypto_block_t *ctx)
+{
int outl = *outlen;
unsigned char *buffer;
@@ -467,18 +481,19 @@ static apr_status_t crypto_block_encrypt
* number of bytes returned as actually written by the
* apr_crypto_block_encrypt() call. After this call, the context
* is cleaned and can be reused by apr_crypto_block_encrypt_init().
- * @param ctx The block context to use.
* @param out Address of a buffer to which data will be written. This
* buffer must already exist, and is usually the same
* buffer used by apr_evp_crypt(). See note.
* @param outlen Length of the output will be written here.
+ * @param ctx The block context to use.
* @return APR_ECRYPT if an error occurred.
* @return APR_EPADDING if padding was enabled and the block was incorrectly
* formatted.
* @return APR_ENOTIMPL if not implemented.
*/
-static apr_status_t crypto_block_encrypt_finish(apr_crypto_block_t *ctx,
- unsigned char *out, apr_size_t *outlen) {
+static apr_status_t crypto_block_encrypt_finish(unsigned char *out,
+ apr_size_t *outlen, apr_crypto_block_t *ctx)
+{
int len = *outlen;
if (EVP_EncryptFinal_ex(&ctx->cipherCtx, out, &len) == 0) {
@@ -494,23 +509,22 @@ static apr_status_t crypto_block_encrypt
* @brief Initialise a context for decrypting arbitrary data using the given key.
* @note If *ctx is NULL, a apr_crypto_block_t will be created from a pool. If
* *ctx is not NULL, *ctx must point at a previously created structure.
- * @param p The pool to use.
- * @param f The block context to use.
- * @param key The key structure.
+ * @param ctx The block context returned, see note.
+ * @param blockSize The block size of the cipher.
* @param iv Optional initialisation vector. If the buffer pointed to is NULL,
* an IV will be created at random, in space allocated from the pool.
* If the buffer is not NULL, the IV in the buffer will be used.
- * @param ctx The block context returned, see note.
- * @param blockSize The block size of the cipher.
+ * @param key The key structure.
+ * @param p The pool to use.
* @return Returns APR_ENOIV if an initialisation vector is required but not specified.
* Returns APR_EINIT if the backend failed to initialise the context. Returns
* APR_ENOTIMPL if not implemented.
*/
-static apr_status_t crypto_block_decrypt_init(apr_pool_t *p,
- const apr_crypto_t *f, const apr_crypto_key_t *key,
- const unsigned char *iv, apr_crypto_block_t **ctx,
- apr_size_t *blockSize) {
- apr_crypto_config_t *config = f->config;
+static apr_status_t crypto_block_decrypt_init(apr_crypto_block_t **ctx,
+ apr_size_t *blockSize, const unsigned char *iv,
+ const apr_crypto_key_t *key, apr_pool_t *p)
+{
+ apr_crypto_config_t *config = key->f->config;
apr_crypto_block_t *block = *ctx;
if (!block) {
*ctx = block = apr_pcalloc(p, sizeof(apr_crypto_block_t));
@@ -518,8 +532,9 @@ static apr_status_t crypto_block_decrypt
if (!block) {
return APR_ENOMEM;
}
- block->f = f;
+ block->f = key->f;
block->pool = p;
+ block->provider = key->provider;
apr_pool_cleanup_register(p, block, crypto_block_cleanup_helper,
apr_pool_cleanup_null);
@@ -563,23 +578,23 @@ static apr_status_t crypto_block_decrypt
* @note The number of bytes written will be written to outlen. If
* out is NULL, outlen will contain the maximum size of the
* buffer needed to hold the data, including any data
- * generated by apr_crypto_block_final below. If *out points
+ * generated by apr_crypto_block_decrypt_finish below. If *out points
* to NULL, a buffer sufficiently large will be created from
* the pool provided. If *out points to a not-NULL value, this
* value will be used as a buffer instead.
- * @param ctx The block context to use.
* @param out Address of a buffer to which data will be written,
* see note.
* @param outlen Length of the output will be written here.
* @param in Address of the buffer to read.
* @param inlen Length of the buffer to read.
+ * @param ctx The block context to use.
* @return APR_ECRYPT if an error occurred. Returns APR_ENOTIMPL if
* not implemented.
*/
-static apr_status_t crypto_block_decrypt(apr_crypto_block_t *ctx,
- unsigned char **out, apr_size_t *outlen, const unsigned char *in,
- apr_size_t inlen) {
-
+static apr_status_t crypto_block_decrypt(unsigned char **out,
+ apr_size_t *outlen, const unsigned char *in, apr_size_t inlen,
+ apr_crypto_block_t *ctx)
+{
int outl = *outlen;
unsigned char *buffer;
@@ -616,22 +631,23 @@ static apr_status_t crypto_block_decrypt
* @brief Decrypt final data block, write it to out.
* @note If necessary the final block will be written out after being
* padded. Typically the final block will be written to the
- * same buffer used by apr_evp_crypt, offset by the number of
- * bytes returned as actually written by the apr_evp_crypt()
- * call. After this call, the context is cleaned and can be
- * reused by apr_env_encrypt_init() or apr_env_decrypt_init().
- * @param ctx The block context to use.
+ * same buffer used by apr_crypto_block_decrypt, offset by the
+ * number of bytes returned as actually written by the
+ * apr_crypto_block_decrypt() call. After this call, the context
+ * is cleaned and can be reused by apr_crypto_block_decrypt_init().
* @param out Address of a buffer to which data will be written. This
* buffer must already exist, and is usually the same
* buffer used by apr_evp_crypt(). See note.
* @param outlen Length of the output will be written here.
+ * @param ctx The block context to use.
* @return APR_ECRYPT if an error occurred.
* @return APR_EPADDING if padding was enabled and the block was incorrectly
* formatted.
* @return APR_ENOTIMPL if not implemented.
*/
-static apr_status_t crypto_block_decrypt_finish(apr_crypto_block_t *ctx,
- unsigned char *out, apr_size_t *outlen) {
+static apr_status_t crypto_block_decrypt_finish(unsigned char *out,
+ apr_size_t *outlen, apr_crypto_block_t *ctx)
+{
int len = *outlen;
@@ -652,6 +668,6 @@ APU_MODULE_DECLARE_DATA const apr_crypto
crypto_block_encrypt_init, crypto_block_encrypt,
crypto_block_encrypt_finish, crypto_block_decrypt_init,
crypto_block_decrypt, crypto_block_decrypt_finish,
- crypto_block_cleanup, crypto_cleanup, crypto_shutdown, crypto_error};
+ crypto_block_cleanup, crypto_cleanup, crypto_shutdown, crypto_error };
#endif
Modified: apr/apr-util/branches/1.5.x/include/apr_crypto.h
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.5.x/include/apr_crypto.h?rev=1127693&r1=1127692&r2=1127693&view=diff
==============================================================================
--- apr/apr-util/branches/1.5.x/include/apr_crypto.h (original)
+++ apr/apr-util/branches/1.5.x/include/apr_crypto.h Wed May 25 21:38:43 2011
@@ -142,17 +142,18 @@ extern "C" {
*/
typedef enum {
- KEY_NONE, KEY_3DES_192, /** 192 bit (3-Key) 3DES */
- KEY_AES_128, /** 128 bit AES */
- KEY_AES_192, /** 192 bit AES */
- KEY_AES_256
+ APR_KEY_NONE,
+ APR_KEY_3DES_192, /** 192 bit (3-Key) 3DES */
+ APR_KEY_AES_128, /** 128 bit AES */
+ APR_KEY_AES_192, /** 192 bit AES */
+ APR_KEY_AES_256
/** 256 bit AES */
} apr_crypto_block_key_type_e;
typedef enum {
- MODE_NONE, /** An error condition */
- MODE_ECB, /** Electronic Code Book */
- MODE_CBC
+ APR_MODE_NONE, /** An error condition */
+ APR_MODE_ECB, /** Electronic Code Book */
+ APR_MODE_CBC
/** Cipher Block Chaining */
} apr_crypto_block_key_mode_e;
@@ -184,6 +185,7 @@ typedef struct apr_crypto_block_t apr_cr
* @brief Perform once-only initialisation. Call once only.
*
* @param pool - pool to register any shutdown cleanups, etc
+ * @param params - array of initialisation parameters
* @return APR_NOTIMPL in case of no crypto support.
*/
APU_DECLARE(apr_status_t) apr_crypto_init(apr_pool_t *pool,
@@ -192,17 +194,19 @@ APU_DECLARE(apr_status_t) apr_crypto_ini
/**
* @brief Get the driver struct for a name
*
- * @param pool - (process) pool to register cleanup
- * @param name - driver name
* @param driver - pointer to driver struct.
+ * @param name - driver name
+ * @param params - array of initialisation parameters
+ * @param result - result and error message on failure
+ * @param pool - (process) pool to register cleanup
* @return APR_SUCCESS for success
* @return APR_ENOTIMPL for no driver (when DSO not enabled)
* @return APR_EDSOOPEN if DSO driver file can't be opened
* @return APR_ESYMNOTFOUND if the driver file doesn't contain a driver
*/
-APU_DECLARE(apr_status_t) apr_crypto_get_driver(apr_pool_t *pool, const char *name,
- const apr_crypto_driver_t **driver, const apr_array_header_t *params,
- const apu_err_t **result);
+APU_DECLARE(apr_status_t) apr_crypto_get_driver(const apr_crypto_driver_t **driver,
+ const char *name, const apr_array_header_t *params, const apu_err_t **result,
+ apr_pool_t *pool);
/**
* @brief Return the name of the driver.
@@ -210,32 +214,32 @@ APU_DECLARE(apr_status_t) apr_crypto_get
* @param driver - The driver in use.
* @return The name of the driver.
*/
-APU_DECLARE(const char *)apr_crypto_driver_name (const apr_crypto_driver_t *driver);
+APU_DECLARE(const char *) apr_crypto_driver_name(const apr_crypto_driver_t *driver);
/**
* @brief Get the result of the last operation on a context. If the result
* is NULL, the operation was successful.
- * @param f - context pointer
* @param result - the result structure
+ * @param f - context pointer
* @return APR_SUCCESS for success
*/
-APR_DECLARE(apr_status_t) apr_crypto_error(const apr_crypto_driver_t *driver,
- const apr_crypto_t *f, const apu_err_t **result);
+APU_DECLARE(apr_status_t) apr_crypto_error(const apu_err_t **result,
+ const apr_crypto_t *f);
/**
* @brief Create a context for supporting encryption. Keys, certificates,
* algorithms and other parameters will be set per context. More than
* one context can be created at one time. A cleanup will be automatically
* registered with the given pool to guarantee a graceful shutdown.
+ * @param f - context pointer will be written here
* @param driver - driver to use
- * @param pool - process pool
* @param params - array of key parameters
- * @param f - context pointer will be written here
+ * @param pool - process pool
* @return APR_ENOENGINE when the engine specified does not exist. APR_EINITENGINE
* if the engine cannot be initialised.
*/
-APU_DECLARE(apr_status_t) apr_crypto_make(const apr_crypto_driver_t *driver,
- apr_pool_t *pool, const apr_array_header_t *params, apr_crypto_t **f);
+APU_DECLARE(apr_status_t) apr_crypto_make(apr_crypto_t **f, const apr_crypto_driver_t *driver,
+ const apr_array_header_t *params, apr_pool_t *pool);
/**
* @brief Create a key from the given passphrase. By default, the PBKDF2
@@ -246,9 +250,9 @@ APU_DECLARE(apr_status_t) apr_crypto_mak
* operations.
* @note If *key is NULL, a apr_crypto_key_t will be created from a pool. If
* *key is not NULL, *key must point at a previously created structure.
- * @param driver - driver to use
- * @param p The pool to use.
- * @param f The context to use.
+ * @param key The key returned, see note.
+ * @param ivSize The size of the initialisation vector will be returned, based
+ * on whether an IV is relevant for this type of crypto.
* @param pass The passphrase to use.
* @param passLen The passphrase length in bytes
* @param salt The salt to use.
@@ -256,45 +260,41 @@ APU_DECLARE(apr_status_t) apr_crypto_mak
* @param type 3DES_192, AES_128, AES_192, AES_256.
* @param mode Electronic Code Book / Cipher Block Chaining.
* @param doPad Pad if necessary.
- * @param key The key returned, see note.
- * @param ivSize The size of the initialisation vector will be returned, based
- * on whether an IV is relevant for this type of crypto.
+ * @param iterations Number of iterations to use in algorithm
+ * @param f The context to use.
+ * @param p The pool to use.
* @return Returns APR_ENOKEY if the pass phrase is missing or empty, or if a backend
* error occurred while generating the key. APR_ENOCIPHER if the type or mode
* is not supported by the particular backend. APR_EKEYTYPE if the key type is
* not known. APR_EPADDING if padding was requested but is not supported.
* APR_ENOTIMPL if not implemented.
*/
-APU_DECLARE(apr_status_t) apr_crypto_passphrase(const apr_crypto_driver_t *driver,
- apr_pool_t *p, const apr_crypto_t *f, const char *pass,
- apr_size_t passLen, const unsigned char * salt, apr_size_t saltLen,
+APU_DECLARE(apr_status_t) apr_crypto_passphrase(apr_crypto_key_t **key,
+ apr_size_t *ivSize, const char *pass, apr_size_t passLen,
+ const unsigned char * salt, apr_size_t saltLen,
const apr_crypto_block_key_type_e type,
const apr_crypto_block_key_mode_e mode, const int doPad,
- const int iterations, apr_crypto_key_t **key, apr_size_t *ivSize);
+ const int iterations, const apr_crypto_t *f, apr_pool_t *p);
/**
* @brief Initialise a context for encrypting arbitrary data using the given key.
* @note If *ctx is NULL, a apr_crypto_block_t will be created from a pool. If
* *ctx is not NULL, *ctx must point at a previously created structure.
- * @param driver - driver to use
- * @param p The pool to use.
- * @param f The block context to use.
- * @param key The key structure to use.
+ * @param ctx The block context returned, see note.
* @param iv Optional initialisation vector. If the buffer pointed to is NULL,
* an IV will be created at random, in space allocated from the pool.
* If the buffer pointed to is not NULL, the IV in the buffer will be
* used.
- * @param ctx The block context returned, see note.
+ * @param key The key structure to use.
* @param blockSize The block size of the cipher.
+ * @param p The pool to use.
* @return Returns APR_ENOIV if an initialisation vector is required but not specified.
* Returns APR_EINIT if the backend failed to initialise the context. Returns
* APR_ENOTIMPL if not implemented.
*/
APU_DECLARE(apr_status_t) apr_crypto_block_encrypt_init(
- const apr_crypto_driver_t *driver, apr_pool_t *p,
- const apr_crypto_t *f, const apr_crypto_key_t *key,
- const unsigned char **iv, apr_crypto_block_t **ctx,
- apr_size_t *blockSize);
+ apr_crypto_block_t **ctx, const unsigned char **iv,
+ const apr_crypto_key_t *key, apr_size_t *blockSize, apr_pool_t *p);
/**
* @brief Encrypt data provided by in, write it to out.
@@ -305,20 +305,18 @@ APU_DECLARE(apr_status_t) apr_crypto_blo
* to NULL, a buffer sufficiently large will be created from
* the pool provided. If *out points to a not-NULL value, this
* value will be used as a buffer instead.
- * @param driver - driver to use
- * @param ctx The block context to use.
* @param out Address of a buffer to which data will be written,
* see note.
* @param outlen Length of the output will be written here.
* @param in Address of the buffer to read.
* @param inlen Length of the buffer to read.
+ * @param ctx The block context to use.
* @return APR_ECRYPT if an error occurred. Returns APR_ENOTIMPL if
* not implemented.
*/
-APU_DECLARE(apr_status_t) apr_crypto_block_encrypt(
- const apr_crypto_driver_t *driver, apr_crypto_block_t *ctx,
- unsigned char **out, apr_size_t *outlen, const unsigned char *in,
- apr_size_t inlen);
+APU_DECLARE(apr_status_t) apr_crypto_block_encrypt(unsigned char **out,
+ apr_size_t *outlen, const unsigned char *in, apr_size_t inlen,
+ apr_crypto_block_t *ctx);
/**
* @brief Encrypt final data block, write it to out.
@@ -328,41 +326,35 @@ APU_DECLARE(apr_status_t) apr_crypto_blo
* number of bytes returned as actually written by the
* apr_crypto_block_encrypt() call. After this call, the context
* is cleaned and can be reused by apr_crypto_block_encrypt_init().
- * @param driver - driver to use
- * @param ctx The block context to use.
* @param out Address of a buffer to which data will be written. This
* buffer must already exist, and is usually the same
* buffer used by apr_evp_crypt(). See note.
* @param outlen Length of the output will be written here.
+ * @param ctx The block context to use.
* @return APR_ECRYPT if an error occurred.
* @return APR_EPADDING if padding was enabled and the block was incorrectly
* formatted.
* @return APR_ENOTIMPL if not implemented.
*/
-APU_DECLARE(apr_status_t) apr_crypto_block_encrypt_finish(
- const apr_crypto_driver_t *driver, apr_crypto_block_t *ctx,
- unsigned char *out, apr_size_t *outlen);
+APU_DECLARE(apr_status_t) apr_crypto_block_encrypt_finish(unsigned char *out,
+ apr_size_t *outlen, apr_crypto_block_t *ctx);
/**
* @brief Initialise a context for decrypting arbitrary data using the given key.
* @note If *ctx is NULL, a apr_crypto_block_t will be created from a pool. If
* *ctx is not NULL, *ctx must point at a previously created structure.
- * @param driver - driver to use
- * @param p The pool to use.
- * @param f The block context to use.
- * @param key The key structure to use.
- * @param iv Optional initialisation vector.
* @param ctx The block context returned, see note.
* @param blockSize The block size of the cipher.
+ * @param iv Optional initialisation vector.
+ * @param key The key structure to use.
+ * @param p The pool to use.
* @return Returns APR_ENOIV if an initialisation vector is required but not specified.
* Returns APR_EINIT if the backend failed to initialise the context. Returns
* APR_ENOTIMPL if not implemented.
*/
APU_DECLARE(apr_status_t) apr_crypto_block_decrypt_init(
- const apr_crypto_driver_t *driver, apr_pool_t *p,
- const apr_crypto_t *f, const apr_crypto_key_t *key,
- const unsigned char *iv, apr_crypto_block_t **ctx,
- apr_size_t *blockSize);
+ apr_crypto_block_t **ctx, apr_size_t *blockSize,
+ const unsigned char *iv, const apr_crypto_key_t *key, apr_pool_t *p);
/**
* @brief Decrypt data provided by in, write it to out.
@@ -373,20 +365,18 @@ APU_DECLARE(apr_status_t) apr_crypto_blo
* to NULL, a buffer sufficiently large will be created from
* the pool provided. If *out points to a not-NULL value, this
* value will be used as a buffer instead.
- * @param driver - driver to use
- * @param ctx The block context to use.
* @param out Address of a buffer to which data will be written,
* see note.
* @param outlen Length of the output will be written here.
* @param in Address of the buffer to read.
* @param inlen Length of the buffer to read.
+ * @param ctx The block context to use.
* @return APR_ECRYPT if an error occurred. Returns APR_ENOTIMPL if
* not implemented.
*/
-APU_DECLARE(apr_status_t) apr_crypto_block_decrypt(
- const apr_crypto_driver_t *driver, apr_crypto_block_t *ctx,
- unsigned char **out, apr_size_t *outlen, const unsigned char *in,
- apr_size_t inlen);
+APU_DECLARE(apr_status_t) apr_crypto_block_decrypt(unsigned char **out,
+ apr_size_t *outlen, const unsigned char *in, apr_size_t inlen,
+ apr_crypto_block_t *ctx);
/**
* @brief Decrypt final data block, write it to out.
@@ -396,50 +386,42 @@ APU_DECLARE(apr_status_t) apr_crypto_blo
* number of bytes returned as actually written by the
* apr_crypto_block_decrypt() call. After this call, the context
* is cleaned and can be reused by apr_crypto_block_decrypt_init().
- * @param driver - driver to use
- * @param ctx The block context to use.
* @param out Address of a buffer to which data will be written. This
* buffer must already exist, and is usually the same
* buffer used by apr_evp_crypt(). See note.
* @param outlen Length of the output will be written here.
+ * @param ctx The block context to use.
* @return APR_ECRYPT if an error occurred.
* @return APR_EPADDING if padding was enabled and the block was incorrectly
* formatted.
* @return APR_ENOTIMPL if not implemented.
*/
-APU_DECLARE(apr_status_t) apr_crypto_block_decrypt_finish(
- const apr_crypto_driver_t *driver, apr_crypto_block_t *ctx,
- unsigned char *out, apr_size_t *outlen);
+APU_DECLARE(apr_status_t) apr_crypto_block_decrypt_finish(unsigned char *out,
+ apr_size_t *outlen, apr_crypto_block_t *ctx);
/**
* @brief Clean encryption / decryption context.
* @note After cleanup, a context is free to be reused if necessary.
- * @param driver - driver to use
* @param ctx The block context to use.
* @return Returns APR_ENOTIMPL if not supported.
*/
-APU_DECLARE(apr_status_t) apr_crypto_block_cleanup(
- const apr_crypto_driver_t *driver, apr_crypto_block_t *ctx);
+APU_DECLARE(apr_status_t) apr_crypto_block_cleanup(apr_crypto_block_t *ctx);
/**
* @brief Clean encryption / decryption context.
* @note After cleanup, a context is free to be reused if necessary.
- * @param driver - driver to use
* @param f The context to use.
* @return Returns APR_ENOTIMPL if not supported.
*/
-APU_DECLARE(apr_status_t) apr_crypto_cleanup(const apr_crypto_driver_t *driver,
- apr_crypto_t *f);
+APU_DECLARE(apr_status_t) apr_crypto_cleanup(apr_crypto_t *f);
/**
* @brief Shutdown the crypto library.
* @note After shutdown, it is expected that the init function can be called again.
* @param driver - driver to use
- * @param p The pool to use.
* @return Returns APR_ENOTIMPL if not supported.
*/
-APU_DECLARE(apr_status_t) apr_crypto_shutdown(const apr_crypto_driver_t *driver,
- apr_pool_t *p);
+APU_DECLARE(apr_status_t) apr_crypto_shutdown(const apr_crypto_driver_t *driver);
#endif /* APU_HAVE_CRYPTO */
Modified: apr/apr-util/branches/1.5.x/include/private/apr_crypto_internal.h
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.5.x/include/private/apr_crypto_internal.h?rev=1127693&r1=1127692&r2=1127693&view=diff
==============================================================================
--- apr/apr-util/branches/1.5.x/include/private/apr_crypto_internal.h (original)
+++ apr/apr-util/branches/1.5.x/include/private/apr_crypto_internal.h Wed May 25 21:38:43 2011
@@ -46,14 +46,15 @@ struct apr_crypto_driver_t {
* algorithms and other parameters will be set per context. More than
* one context can be created at one time. A cleanup will be automatically
* registered with the given pool to guarantee a graceful shutdown.
- * @param pool - process pool
- * @param params - array of key parameters
* @param f - context pointer will be written here
+ * @param provider - provider to use
+ * @param params - array of key parameters
+ * @param pool - process pool
* @return APR_ENOENGINE when the engine specified does not exist. APR_EINITENGINE
* if the engine cannot be initialised.
*/
- apr_status_t (*make)(apr_pool_t *pool, const apr_array_header_t *params,
- apr_crypto_t **f);
+ apr_status_t (*make)(apr_crypto_t **f, const apr_crypto_driver_t *provider,
+ const apr_array_header_t *params, apr_pool_t *pool);
/**
* @brief Create a key from the given passphrase. By default, the PBKDF2
@@ -64,8 +65,9 @@ struct apr_crypto_driver_t {
* operations.
* @note If *key is NULL, a apr_crypto_key_t will be created from a pool. If
* *key is not NULL, *key must point at a previously created structure.
- * @param p The pool to use.
- * @param f The context to use.
+ * @param key The key returned, see note.
+ * @param ivSize The size of the initialisation vector will be returned, based
+ * on whether an IV is relevant for this type of crypto.
* @param pass The passphrase to use.
* @param passLen The passphrase length in bytes
* @param salt The salt to use.
@@ -74,41 +76,39 @@ struct apr_crypto_driver_t {
* @param mode Electronic Code Book / Cipher Block Chaining.
* @param doPad Pad if necessary.
* @param iterations Iteration count
- * @param key The key returned, see note.
- * @param ivSize The size of the initialisation vector will be returned, based
- * on whether an IV is relevant for this type of crypto.
+ * @param f The context to use.
+ * @param p The pool to use.
* @return Returns APR_ENOKEY if the pass phrase is missing or empty, or if a backend
* error occurred while generating the key. APR_ENOCIPHER if the type or mode
* is not supported by the particular backend. APR_EKEYTYPE if the key type is
* not known. APR_EPADDING if padding was requested but is not supported.
* APR_ENOTIMPL if not implemented.
*/
- apr_status_t (*passphrase)(apr_pool_t *p, const apr_crypto_t *f,
+ apr_status_t (*passphrase)(apr_crypto_key_t **key, apr_size_t *ivSize,
const char *pass, apr_size_t passLen, const unsigned char * salt,
apr_size_t saltLen, const apr_crypto_block_key_type_e type,
const apr_crypto_block_key_mode_e mode, const int doPad,
- const int iterations, apr_crypto_key_t **key, apr_size_t *ivSize);
+ const int iterations, const apr_crypto_t *f, apr_pool_t *p);
/**
* @brief Initialise a context for encrypting arbitrary data using the given key.
* @note If *ctx is NULL, a apr_crypto_block_t will be created from a pool. If
* *ctx is not NULL, *ctx must point at a previously created structure.
- * @param p The pool to use.
- * @param f The block context to use.
- * @param key The key structure.
+ * @param ctx The block context returned, see note.
* @param iv Optional initialisation vector. If the buffer pointed to is NULL,
* an IV will be created at random, in space allocated from the pool.
* If the buffer pointed to is not NULL, the IV in the buffer will be
* used.
- * @param ctx The block context returned, see note.
+ * @param key The key structure.
* @param blockSize The block size of the cipher.
+ * @param p The pool to use.
* @return Returns APR_ENOIV if an initialisation vector is required but not specified.
* Returns APR_EINIT if the backend failed to initialise the context. Returns
* APR_ENOTIMPL if not implemented.
*/
- apr_status_t (*block_encrypt_init)(apr_pool_t *p, const apr_crypto_t *f,
- const apr_crypto_key_t *key, const unsigned char **iv,
- apr_crypto_block_t **ctx, apr_size_t *blockSize);
+ apr_status_t (*block_encrypt_init)(apr_crypto_block_t **ctx,
+ const unsigned char **iv, const apr_crypto_key_t *key,
+ apr_size_t *blockSize, apr_pool_t *p);
/**
* @brief Encrypt data provided by in, write it to out.
@@ -119,17 +119,17 @@ struct apr_crypto_driver_t {
* to NULL, a buffer sufficiently large will be created from
* the pool provided. If *out points to a not-NULL value, this
* value will be used as a buffer instead.
- * @param ctx The block context to use.
* @param out Address of a buffer to which data will be written,
* see note.
* @param outlen Length of the output will be written here.
* @param in Address of the buffer to read.
* @param inlen Length of the buffer to read.
+ * @param ctx The block context to use.
* @return APR_ECRYPT if an error occurred. Returns APR_ENOTIMPL if
* not implemented.
*/
- apr_status_t (*block_encrypt)(apr_crypto_block_t *ctx, unsigned char **out,
- apr_size_t *outlen, const unsigned char *in, apr_size_t inlen);
+ apr_status_t (*block_encrypt)(unsigned char **out, apr_size_t *outlen,
+ const unsigned char *in, apr_size_t inlen, apr_crypto_block_t *ctx);
/**
* @brief Encrypt final data block, write it to out.
@@ -139,38 +139,37 @@ struct apr_crypto_driver_t {
* number of bytes returned as actually written by the
* apr_crypto_block_encrypt() call. After this call, the context
* is cleaned and can be reused by apr_crypto_block_encrypt_init().
- * @param ctx The block context to use.
* @param out Address of a buffer to which data will be written. This
* buffer must already exist, and is usually the same
* buffer used by apr_evp_crypt(). See note.
* @param outlen Length of the output will be written here.
+ * @param ctx The block context to use.
* @return APR_ECRYPT if an error occurred.
* @return APR_EPADDING if padding was enabled and the block was incorrectly
* formatted.
* @return APR_ENOTIMPL if not implemented.
*/
- apr_status_t (*block_encrypt_finish)(apr_crypto_block_t *ctx,
- unsigned char *out, apr_size_t *outlen);
+ apr_status_t (*block_encrypt_finish)(unsigned char *out, apr_size_t *outlen,
+ apr_crypto_block_t *ctx);
/**
* @brief Initialise a context for decrypting arbitrary data using the given key.
* @note If *ctx is NULL, a apr_crypto_block_t will be created from a pool. If
* *ctx is not NULL, *ctx must point at a previously created structure.
- * @param p The pool to use.
- * @param f The block context to use.
- * @param key The key structure.
+ * @param ctx The block context returned, see note.
+ * @param blockSize The block size of the cipher.
* @param iv Optional initialisation vector. If the buffer pointed to is NULL,
* an IV will be created at random, in space allocated from the pool.
* If the buffer is not NULL, the IV in the buffer will be used.
- * @param ctx The block context returned, see note.
- * @param blockSize The block size of the cipher.
+ * @param key The key structure.
+ * @param p The pool to use.
* @return Returns APR_ENOIV if an initialisation vector is required but not specified.
* Returns APR_EINIT if the backend failed to initialise the context. Returns
* APR_ENOTIMPL if not implemented.
*/
- apr_status_t (*block_decrypt_init)(apr_pool_t *p, const apr_crypto_t *f,
- const apr_crypto_key_t *key, const unsigned char *iv,
- apr_crypto_block_t **ctx, apr_size_t *blockSize);
+ apr_status_t (*block_decrypt_init)(apr_crypto_block_t **ctx,
+ apr_size_t *blockSize, const unsigned char *iv,
+ const apr_crypto_key_t *key, apr_pool_t *p);
/**
* @brief Decrypt data provided by in, write it to out.
@@ -181,17 +180,17 @@ struct apr_crypto_driver_t {
* to NULL, a buffer sufficiently large will be created from
* the pool provided. If *out points to a not-NULL value, this
* value will be used as a buffer instead.
- * @param ctx The block context to use.
* @param out Address of a buffer to which data will be written,
* see note.
* @param outlen Length of the output will be written here.
* @param in Address of the buffer to read.
* @param inlen Length of the buffer to read.
+ * @param ctx The block context to use.
* @return APR_ECRYPT if an error occurred. Returns APR_ENOTIMPL if
* not implemented.
*/
- apr_status_t (*block_decrypt)(apr_crypto_block_t *ctx, unsigned char **out,
- apr_size_t *outlen, const unsigned char *in, apr_size_t inlen);
+ apr_status_t (*block_decrypt)(unsigned char **out, apr_size_t *outlen,
+ const unsigned char *in, apr_size_t inlen, apr_crypto_block_t *ctx);
/**
* @brief Decrypt final data block, write it to out.
@@ -201,18 +200,18 @@ struct apr_crypto_driver_t {
* number of bytes returned as actually written by the
* apr_crypto_block_decrypt() call. After this call, the context
* is cleaned and can be reused by apr_crypto_block_decrypt_init().
- * @param ctx The block context to use.
* @param out Address of a buffer to which data will be written. This
* buffer must already exist, and is usually the same
* buffer used by apr_evp_crypt(). See note.
* @param outlen Length of the output will be written here.
+ * @param ctx The block context to use.
* @return APR_ECRYPT if an error occurred.
* @return APR_EPADDING if padding was enabled and the block was incorrectly
* formatted.
* @return APR_ENOTIMPL if not implemented.
*/
- apr_status_t (*block_decrypt_finish)(apr_crypto_block_t *ctx,
- unsigned char *out, apr_size_t *outlen);
+ apr_status_t (*block_decrypt_finish)(unsigned char *out,
+ apr_size_t *outlen, apr_crypto_block_t *ctx);
/**
* @brief Clean encryption / decryption context.
@@ -233,18 +232,17 @@ struct apr_crypto_driver_t {
/**
* @brief Clean encryption / decryption context.
* @note After cleanup, a context is free to be reused if necessary.
- * @param pool The pool to use.
* @return Returns APR_ENOTIMPL if not supported.
*/
- apr_status_t (*shutdown)(apr_pool_t *p);
+ apr_status_t (*shutdown)();
/**
* @brief: fetch the most recent error from this driver.
- * @param f - context pointer
* @param result - the result structure
+ * @param f - context pointer
* @return APR_SUCCESS for success.
*/
- apr_status_t (*error)(const apr_crypto_t *f, const apu_err_t **result);
+ apr_status_t (*error)(const apu_err_t **result, const apr_crypto_t *f);
};