apr-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From minf...@apache.org
Subject svn commit: r1127693 [1/2] - in /apr/apr-util/branches/1.5.x: build/crypto.m4 crypto/apr_crypto.c crypto/apr_crypto_nss.c crypto/apr_crypto_openssl.c include/apr_crypto.h include/private/apr_crypto_internal.h test/testcrypto.c
Date Wed, 25 May 2011 21:38:44 GMT
Author: minfrin
Date: Wed May 25 21:38:43 2011
New Revision: 1127693

URL: http://svn.apache.org/viewvc?rev=1127693&view=rev
Log:
apr_crypto: backport the v2.0 API to apr-util v1.5.

Modified:
    apr/apr-util/branches/1.5.x/build/crypto.m4
    apr/apr-util/branches/1.5.x/crypto/apr_crypto.c
    apr/apr-util/branches/1.5.x/crypto/apr_crypto_nss.c
    apr/apr-util/branches/1.5.x/crypto/apr_crypto_openssl.c
    apr/apr-util/branches/1.5.x/include/apr_crypto.h
    apr/apr-util/branches/1.5.x/include/private/apr_crypto_internal.h
    apr/apr-util/branches/1.5.x/test/testcrypto.c

Modified: apr/apr-util/branches/1.5.x/build/crypto.m4
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.5.x/build/crypto.m4?rev=1127693&r1=1127692&r2=1127693&view=diff
==============================================================================
--- apr/apr-util/branches/1.5.x/build/crypto.m4 (original)
+++ apr/apr-util/branches/1.5.x/build/crypto.m4 Wed May 25 21:38:43 2011
@@ -163,7 +163,7 @@ AC_DEFUN([APU_CHECK_CRYPTO_NSS], [
       apu_have_nss=0
     elif test "x$withval" != "x"; then
 
-      nss_CPPFLAGS="-I$withval/include -I$withval/../public"
+      nss_CPPFLAGS="-I$withval/include/nss -I$withval/include/nss3 -I$withval/include/nspr -I$withval/include/nspr4 -I$withval/include -I$withval/../public"
       nss_LDFLAGS="-L$withval/lib "
 
       APR_ADDTO(CPPFLAGS, [$nss_CPPFLAGS])

Modified: apr/apr-util/branches/1.5.x/crypto/apr_crypto.c
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.5.x/crypto/apr_crypto.c?rev=1127693&r1=1127692&r2=1127693&view=diff
==============================================================================
--- apr/apr-util/branches/1.5.x/crypto/apr_crypto.c (original)
+++ apr/apr-util/branches/1.5.x/crypto/apr_crypto.c Wed May 25 21:38:43 2011
@@ -19,7 +19,6 @@
 
 #include "apu_config.h"
 #include "apu.h"
-
 #include "apr_pools.h"
 #include "apr_dso.h"
 #include "apr_strings.h"
@@ -40,6 +39,29 @@ static apr_hash_t *drivers = NULL;
 
 #define CLEANUP_CAST (apr_status_t (*)(void*))
 
+#define APR_TYPEDEF_STRUCT(type, incompletion) \
+struct type { \
+   incompletion \
+   void *unk[]; \
+};
+
+APR_TYPEDEF_STRUCT(apr_crypto_t, \
+   apr_pool_t *pool; \
+   apr_crypto_driver_t *provider; \
+)
+
+APR_TYPEDEF_STRUCT(apr_crypto_key_t, \
+   apr_pool_t *pool; \
+   apr_crypto_driver_t *provider; \
+   const apr_crypto_t *f;
+)
+
+APR_TYPEDEF_STRUCT(apr_crypto_block_t, \
+   apr_pool_t *pool; \
+   apr_crypto_driver_t *provider; \
+   const apr_crypto_t *f;
+)
+
 #if !APU_DSO_BUILD
 #define DRIVER_LOAD(name,driver,pool,params) \
     {   \
@@ -101,9 +123,9 @@ APU_DECLARE(apr_status_t) apr_crypto_ini
     return ret;
 }
 
-APU_DECLARE(apr_status_t) apr_crypto_get_driver(apr_pool_t *pool, const char *name,
-        const apr_crypto_driver_t **driver, const apr_array_header_t *params,
-        const apu_err_t **result) {
+APU_DECLARE(apr_status_t) apr_crypto_get_driver(const apr_crypto_driver_t **driver,
+        const char *name, const apr_array_header_t *params, const apu_err_t **result,
+        apr_pool_t *pool) {
 #if APU_DSO_BUILD
     char modname[32];
     char symname[34];
@@ -121,7 +143,7 @@ APU_DECLARE(apr_status_t) apr_crypto_get
 #endif
     *driver = apr_hash_get(drivers, name, APR_HASH_KEY_STRING);
     if (*driver) {
-#if APU_DSO_BUILD
+#if APU_DSO_BUILD 
         apu_dso_mutex_unlock();
 #endif
         return APR_SUCCESS;
@@ -181,8 +203,8 @@ APU_DECLARE(apr_status_t) apr_crypto_get
 /**
  * @brief Return the name of the driver.
  *
- * @param pool - pool to register any shutdown cleanups, etc
- * @return APR_SUCCESS for success.
+ * @param driver - The driver in use.
+ * @return The name of the driver.
  */
 APU_DECLARE(const char *)apr_crypto_driver_name (const apr_crypto_driver_t *driver)
 {
@@ -192,25 +214,30 @@ APU_DECLARE(const char *)apr_crypto_driv
 /**
  * @brief Get the result of the last operation on a context. If the result
  *        is NULL, the operation was successful.
- * @param f - context pointer
  * @param result - the result structure
+ * @param f - context pointer
  * @return APR_SUCCESS for success
  */
-APR_DECLARE(apr_status_t) apr_crypto_error(const apr_crypto_driver_t *driver,
-        const apr_crypto_t *f, const apu_err_t **result) {
-    return driver->error(f, result);
+APU_DECLARE(apr_status_t) apr_crypto_error(const apu_err_t **result,
+        const apr_crypto_t *f) {
+    return f->provider->error(result, f);
 }
 
 /**
- * @brief Create a general encryption context
+ * @brief Create a context for supporting encryption. Keys, certificates,
+ *        algorithms and other parameters will be set per context. More than
+ *        one context can be created at one time. A cleanup will be automatically
+ *        registered with the given pool to guarantee a graceful shutdown.
+ * @param f - context pointer will be written here
  * @param driver - driver to use
- * @param pool - process pool
  * @param params - array of key parameters
- * @param f - context pointer will be written here
+ * @param pool - process pool
+ * @return APR_ENOENGINE when the engine specified does not exist. APR_EINITENGINE
+ * if the engine cannot be initialised.
  */
-APU_DECLARE(apr_status_t) apr_crypto_make(const apr_crypto_driver_t *driver,
-        apr_pool_t *pool, const apr_array_header_t *params, apr_crypto_t **f) {
-    return driver->make(pool, params, f);
+APU_DECLARE(apr_status_t) apr_crypto_make(apr_crypto_t **f, const apr_crypto_driver_t *driver,
+        const apr_array_header_t *params, apr_pool_t *pool) {
+    return driver->make(f, driver, params, pool);
 }
 
 /**
@@ -222,9 +249,9 @@ APU_DECLARE(apr_status_t) apr_crypto_mak
  *        operations.
  * @note If *key is NULL, a apr_crypto_key_t will be created from a pool. If
  *       *key is not NULL, *key must point at a previously created structure.
- * @param driver - driver to use
- * @param p The pool to use.
- * @param f The context to use.
+ * @param key The key returned, see note.
+ * @param ivSize The size of the initialisation vector will be returned, based
+ *               on whether an IV is relevant for this type of crypto.
  * @param pass The passphrase to use.
  * @param passLen The passphrase length in bytes
  * @param salt The salt to use.
@@ -232,49 +259,47 @@ APU_DECLARE(apr_status_t) apr_crypto_mak
  * @param type 3DES_192, AES_128, AES_192, AES_256.
  * @param mode Electronic Code Book / Cipher Block Chaining.
  * @param doPad Pad if necessary.
- * @param key The key returned, see note.
- * @param ivSize The size of the initialisation vector will be returned, based
- *               on whether an IV is relevant for this type of crypto.
+ * @param iterations Number of iterations to use in algorithm
+ * @param f The context to use.
+ * @param p The pool to use.
  * @return Returns APR_ENOKEY if the pass phrase is missing or empty, or if a backend
  *         error occurred while generating the key. APR_ENOCIPHER if the type or mode
  *         is not supported by the particular backend. APR_EKEYTYPE if the key type is
  *         not known. APR_EPADDING if padding was requested but is not supported.
  *         APR_ENOTIMPL if not implemented.
  */
-APU_DECLARE(apr_status_t) apr_crypto_passphrase(const apr_crypto_driver_t *driver,
-        apr_pool_t *p, const apr_crypto_t *f, const char *pass,
-        apr_size_t passLen, const unsigned char * salt, apr_size_t saltLen,
+APU_DECLARE(apr_status_t) apr_crypto_passphrase(apr_crypto_key_t **key,
+        apr_size_t *ivSize, const char *pass, apr_size_t passLen,
+        const unsigned char * salt, apr_size_t saltLen,
         const apr_crypto_block_key_type_e type,
         const apr_crypto_block_key_mode_e mode, const int doPad,
-        const int iterations, apr_crypto_key_t **key, apr_size_t *ivSize) {
-    return driver->passphrase(p, f, pass, passLen, salt, saltLen, type, mode,
-            doPad, iterations, key, ivSize);
+        const int iterations, const apr_crypto_t *f, apr_pool_t *p)
+{
+    return f->provider->passphrase(key, ivSize, pass, passLen, salt, saltLen,
+            type, mode, doPad, iterations, f, p);
 }
 
 /**
  * @brief Initialise a context for encrypting arbitrary data using the given key.
  * @note If *ctx is NULL, a apr_crypto_block_t will be created from a pool. If
  *       *ctx is not NULL, *ctx must point at a previously created structure.
- * @param driver - driver to use
- * @param p The pool to use.
- * @param f The block context to use.
- * @param key The key structure to use.
+ * @param ctx The block context returned, see note.
  * @param iv Optional initialisation vector. If the buffer pointed to is NULL,
  *           an IV will be created at random, in space allocated from the pool.
  *           If the buffer pointed to is not NULL, the IV in the buffer will be
  *           used.
- * @param ctx The block context returned, see note.
+ * @param key The key structure to use.
  * @param blockSize The block size of the cipher.
+ * @param p The pool to use.
  * @return Returns APR_ENOIV if an initialisation vector is required but not specified.
  *         Returns APR_EINIT if the backend failed to initialise the context. Returns
  *         APR_ENOTIMPL if not implemented.
  */
 APU_DECLARE(apr_status_t) apr_crypto_block_encrypt_init(
-        const apr_crypto_driver_t *driver, apr_pool_t *p,
-        const apr_crypto_t *f, const apr_crypto_key_t *key,
-        const unsigned char **iv, apr_crypto_block_t **ctx,
-        apr_size_t *blockSize) {
-    return driver->block_encrypt_init(p, f, key, iv, ctx, blockSize);
+        apr_crypto_block_t **ctx, const unsigned char **iv,
+        const apr_crypto_key_t *key, apr_size_t *blockSize, apr_pool_t *p)
+{
+    return key->provider->block_encrypt_init(ctx, iv, key, blockSize, p);
 }
 
 /**
@@ -286,21 +311,20 @@ APU_DECLARE(apr_status_t) apr_crypto_blo
  *       to NULL, a buffer sufficiently large will be created from
  *       the pool provided. If *out points to a not-NULL value, this
  *       value will be used as a buffer instead.
- * @param driver - driver to use
- * @param ctx The block context to use.
  * @param out Address of a buffer to which data will be written,
  *        see note.
  * @param outlen Length of the output will be written here.
  * @param in Address of the buffer to read.
  * @param inlen Length of the buffer to read.
+ * @param ctx The block context to use.
  * @return APR_ECRYPT if an error occurred. Returns APR_ENOTIMPL if
  *         not implemented.
  */
-APU_DECLARE(apr_status_t) apr_crypto_block_encrypt(
-        const apr_crypto_driver_t *driver, apr_crypto_block_t *ctx,
-        unsigned char **out, apr_size_t *outlen, const unsigned char *in,
-        apr_size_t inlen) {
-    return driver->block_encrypt(ctx, out, outlen, in, inlen);
+APU_DECLARE(apr_status_t) apr_crypto_block_encrypt(unsigned char **out,
+        apr_size_t *outlen, const unsigned char *in, apr_size_t inlen,
+        apr_crypto_block_t *ctx)
+{
+    return ctx->provider->block_encrypt(out, outlen, in, inlen, ctx);
 }
 
 /**
@@ -311,44 +335,40 @@ APU_DECLARE(apr_status_t) apr_crypto_blo
  *       number of bytes returned as actually written by the
  *       apr_crypto_block_encrypt() call. After this call, the context
  *       is cleaned and can be reused by apr_crypto_block_encrypt_init().
- * @param driver - driver to use
- * @param ctx The block context to use.
  * @param out Address of a buffer to which data will be written. This
  *            buffer must already exist, and is usually the same
  *            buffer used by apr_evp_crypt(). See note.
  * @param outlen Length of the output will be written here.
+ * @param ctx The block context to use.
  * @return APR_ECRYPT if an error occurred.
  * @return APR_EPADDING if padding was enabled and the block was incorrectly
  *         formatted.
  * @return APR_ENOTIMPL if not implemented.
  */
-APU_DECLARE(apr_status_t) apr_crypto_block_encrypt_finish(
-        const apr_crypto_driver_t *driver, apr_crypto_block_t *ctx,
-        unsigned char *out, apr_size_t *outlen) {
-    return driver->block_encrypt_finish(ctx, out, outlen);
+APU_DECLARE(apr_status_t) apr_crypto_block_encrypt_finish(unsigned char *out,
+        apr_size_t *outlen, apr_crypto_block_t *ctx)
+{
+    return ctx->provider->block_encrypt_finish(out, outlen, ctx);
 }
 
 /**
  * @brief Initialise a context for decrypting arbitrary data using the given key.
  * @note If *ctx is NULL, a apr_crypto_block_t will be created from a pool. If
  *       *ctx is not NULL, *ctx must point at a previously created structure.
- * @param driver - driver to use
- * @param p The pool to use.
- * @param f The block context to use.
- * @param key The key structure to use.
- * @param iv Optional initialisation vector.
  * @param ctx The block context returned, see note.
  * @param blockSize The block size of the cipher.
+ * @param iv Optional initialisation vector.
+ * @param key The key structure to use.
+ * @param p The pool to use.
  * @return Returns APR_ENOIV if an initialisation vector is required but not specified.
  *         Returns APR_EINIT if the backend failed to initialise the context. Returns
  *         APR_ENOTIMPL if not implemented.
  */
 APU_DECLARE(apr_status_t) apr_crypto_block_decrypt_init(
-        const apr_crypto_driver_t *driver, apr_pool_t *p,
-        const apr_crypto_t *f, const apr_crypto_key_t *key,
-        const unsigned char *iv, apr_crypto_block_t **ctx,
-        apr_size_t *blockSize) {
-    return driver->block_decrypt_init(p, f, key, iv, ctx, blockSize);
+        apr_crypto_block_t **ctx, apr_size_t *blockSize,
+        const unsigned char *iv, const apr_crypto_key_t *key, apr_pool_t *p)
+{
+    return key->provider->block_decrypt_init(ctx, blockSize, iv, key, p);
 }
 
 /**
@@ -360,21 +380,20 @@ APU_DECLARE(apr_status_t) apr_crypto_blo
  *       to NULL, a buffer sufficiently large will be created from
  *       the pool provided. If *out points to a not-NULL value, this
  *       value will be used as a buffer instead.
- * @param driver - driver to use
- * @param ctx The block context to use.
  * @param out Address of a buffer to which data will be written,
  *        see note.
  * @param outlen Length of the output will be written here.
  * @param in Address of the buffer to read.
  * @param inlen Length of the buffer to read.
+ * @param ctx The block context to use.
  * @return APR_ECRYPT if an error occurred. Returns APR_ENOTIMPL if
  *         not implemented.
  */
-APU_DECLARE(apr_status_t) apr_crypto_block_decrypt(
-        const apr_crypto_driver_t *driver, apr_crypto_block_t *ctx,
-        unsigned char **out, apr_size_t *outlen, const unsigned char *in,
-        apr_size_t inlen) {
-    return driver->block_decrypt(ctx, out, outlen, in, inlen);
+APU_DECLARE(apr_status_t) apr_crypto_block_decrypt(unsigned char **out,
+        apr_size_t *outlen, const unsigned char *in, apr_size_t inlen,
+        apr_crypto_block_t *ctx)
+{
+    return ctx->provider->block_decrypt(out, outlen, in, inlen, ctx);
 }
 
 /**
@@ -385,57 +404,53 @@ APU_DECLARE(apr_status_t) apr_crypto_blo
  *       number of bytes returned as actually written by the
  *       apr_crypto_block_decrypt() call. After this call, the context
  *       is cleaned and can be reused by apr_crypto_block_decrypt_init().
- * @param driver - driver to use
- * @param ctx The block context to use.
  * @param out Address of a buffer to which data will be written. This
  *            buffer must already exist, and is usually the same
  *            buffer used by apr_evp_crypt(). See note.
  * @param outlen Length of the output will be written here.
+ * @param ctx The block context to use.
  * @return APR_ECRYPT if an error occurred.
  * @return APR_EPADDING if padding was enabled and the block was incorrectly
  *         formatted.
  * @return APR_ENOTIMPL if not implemented.
  */
-APU_DECLARE(apr_status_t) apr_crypto_block_decrypt_finish(
-        const apr_crypto_driver_t *driver, apr_crypto_block_t *ctx,
-        unsigned char *out, apr_size_t *outlen) {
-    return driver->block_decrypt_finish(ctx, out, outlen);
+APU_DECLARE(apr_status_t) apr_crypto_block_decrypt_finish(unsigned char *out,
+        apr_size_t *outlen, apr_crypto_block_t *ctx)
+{
+    return ctx->provider->block_decrypt_finish(out, outlen, ctx);
 }
 
 /**
  * @brief Clean encryption / decryption context.
  * @note After cleanup, a context is free to be reused if necessary.
- * @param driver - driver to use
  * @param ctx The block context to use.
  * @return Returns APR_ENOTIMPL if not supported.
  */
-APU_DECLARE(apr_status_t) apr_crypto_block_cleanup(
-        const apr_crypto_driver_t *driver, apr_crypto_block_t *ctx) {
-    return driver->block_cleanup(ctx);
+APU_DECLARE(apr_status_t) apr_crypto_block_cleanup(apr_crypto_block_t *ctx)
+{
+    return ctx->provider->block_cleanup(ctx);
 }
 
 /**
  * @brief Clean encryption / decryption context.
  * @note After cleanup, a context is free to be reused if necessary.
- * @param driver - driver to use
  * @param f The context to use.
  * @return Returns APR_ENOTIMPL if not supported.
  */
-APU_DECLARE(apr_status_t) apr_crypto_cleanup(const apr_crypto_driver_t *driver,
-        apr_crypto_t *f) {
-    return driver->cleanup(f);
+APU_DECLARE(apr_status_t) apr_crypto_cleanup(apr_crypto_t *f)
+{
+    return f->provider->cleanup(f);
 }
 
 /**
  * @brief Shutdown the crypto library.
  * @note After shutdown, it is expected that the init function can be called again.
  * @param driver - driver to use
- * @param p The pool to use.
  * @return Returns APR_ENOTIMPL if not supported.
  */
-APU_DECLARE(apr_status_t) apr_crypto_shutdown(const apr_crypto_driver_t *driver,
-        apr_pool_t *p) {
-    return driver->shutdown(p);
+APU_DECLARE(apr_status_t) apr_crypto_shutdown(const apr_crypto_driver_t *driver)
+{
+    return driver->shutdown();
 }
 
 #endif /* APU_HAVE_CRYPTO */

Modified: apr/apr-util/branches/1.5.x/crypto/apr_crypto_nss.c
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.5.x/crypto/apr_crypto_nss.c?rev=1127693&r1=1127692&r2=1127693&view=diff
==============================================================================
--- apr/apr-util/branches/1.5.x/crypto/apr_crypto_nss.c (original)
+++ apr/apr-util/branches/1.5.x/crypto/apr_crypto_nss.c Wed May 25 21:38:43 2011
@@ -15,8 +15,6 @@
  */
 
 #include "apu.h"
-
-#include "apu_config.h"
 #include "apu_errno.h"
 
 #include <ctype.h>
@@ -48,6 +46,7 @@
 
 struct apr_crypto_t {
     apr_pool_t *pool;
+    const apr_crypto_driver_t *provider;
     apu_err_t *result;
     apr_array_header_t *keys;
     apr_crypto_config_t *config;
@@ -57,6 +56,9 @@ struct apr_crypto_config_t {
 };
 
 struct apr_crypto_key_t {
+    apr_pool_t *pool;
+    const apr_crypto_driver_t *provider;
+    const apr_crypto_t *f;
     CK_MECHANISM_TYPE cipherMech;
     SECOidTag cipherOid;
     PK11SymKey *symKey;
@@ -64,8 +66,9 @@ struct apr_crypto_key_t {
 };
 
 struct apr_crypto_block_t {
-    const apr_crypto_t *f;
     apr_pool_t *pool;
+    const apr_crypto_driver_t *provider;
+    const apr_crypto_t *f;
     PK11Context *ctx;
     apr_crypto_key_t *key;
     int blockSize;
@@ -74,9 +77,9 @@ struct apr_crypto_block_t {
 /**
  * Fetch the most recent error from this driver.
  */
-static apr_status_t crypto_error(const apr_crypto_t *f, const apu_err_t **result) {
-	*result = f->result;
-	return APR_SUCCESS;
+static apr_status_t crypto_error(const apu_err_t **result, const apr_crypto_t *f) {
+    *result = f->result;
+    return APR_SUCCESS;
 }
 
 /**
@@ -84,7 +87,7 @@ static apr_status_t crypto_error(const a
  *
  * It is safe to shut down twice.
  */
-static apr_status_t crypto_shutdown(apr_pool_t *pool)
+static apr_status_t crypto_shutdown()
 {
     if (NSS_IsInitialized()) {
         SECStatus s = NSS_Shutdown();
@@ -98,7 +101,7 @@ static apr_status_t crypto_shutdown(apr_
 static apr_status_t crypto_shutdown_helper(void *data)
 {
     apr_pool_t *pool = (apr_pool_t *) data;
-    return crypto_shutdown(pool);
+    return crypto_shutdown();
 }
 
 /**
@@ -166,7 +169,7 @@ static apr_status_t crypto_init(apr_pool
 /**
  * @brief Clean encryption / decryption context.
  * @note After cleanup, a context is free to be reused if necessary.
- * @param block The block context to use.
+ * @param f The context to use.
  * @return Returns APR_ENOTIMPL if not supported.
  */
 static apr_status_t crypto_block_cleanup(apr_crypto_block_t *block)
@@ -218,15 +221,15 @@ static apr_status_t crypto_cleanup_helpe
  *        algorithms and other parameters will be set per context. More than
  *        one context can be created at one time. A cleanup will be automatically
  *        registered with the given pool to guarantee a graceful shutdown.
- * @param pool - process pool
+ * @param f - context pointer will be written here
+ * @param provider - provider to use
  * @param params - array of key parameters
- * @param ff - context pointer will be written here
+ * @param pool - process pool
  * @return APR_ENOENGINE when the engine specified does not exist. APR_EINITENGINE
  * if the engine cannot be initialised.
  */
-static apr_status_t crypto_make(apr_pool_t *pool,
-                                const apr_array_header_t *params,
-                                apr_crypto_t **ff)
+static apr_status_t crypto_make(apr_crypto_t **ff, const apr_crypto_driver_t *provider,
+        const apr_array_header_t *params, apr_pool_t *pool)
 {
     apr_crypto_config_t *config = NULL;
     /* struct apr_crypto_param_t *ents = params ? (struct apr_crypto_param_t *)params->elts : NULL; */
@@ -239,6 +242,7 @@ static apr_status_t crypto_make(apr_pool
     }
     *ff = f;
     f->pool = pool;
+    f->provider = provider;
     config = f->config = apr_pcalloc(pool, sizeof(apr_crypto_config_t));
     if (!config) {
         return APR_ENOMEM;
@@ -280,8 +284,9 @@ static apr_status_t crypto_make(apr_pool
  *        operations.
  * @note If *key is NULL, a apr_crypto_key_t will be created from a pool. If
  *       *key is not NULL, *key must point at a previously created structure.
- * @param p The pool to use.
- * @param f The context to use.
+ * @param key The key returned, see note.
+ * @param ivSize The size of the initialisation vector will be returned, based
+ *               on whether an IV is relevant for this type of crypto.
  * @param pass The passphrase to use.
  * @param passLen The passphrase length in bytes
  * @param salt The salt to use.
@@ -290,27 +295,19 @@ static apr_status_t crypto_make(apr_pool
  * @param mode Electronic Code Book / Cipher Block Chaining.
  * @param doPad Pad if necessary.
  * @param iterations Iteration count
- * @param key The key returned, see note.
- * @param ivSize The size of the initialisation vector will be returned, based
- *               on whether an IV is relevant for this type of crypto.
+ * @param f The context to use.
+ * @param p The pool to use.
  * @return Returns APR_ENOKEY if the pass phrase is missing or empty, or if a backend
  *         error occurred while generating the key. APR_ENOCIPHER if the type or mode
  *         is not supported by the particular backend. APR_EKEYTYPE if the key type is
  *         not known. APR_EPADDING if padding was requested but is not supported.
  *         APR_ENOTIMPL if not implemented.
  */
-static apr_status_t crypto_passphrase(apr_pool_t *p,
-                                      const apr_crypto_t *f,
-                                      const char *pass,
-                                      apr_size_t passLen,
-                                      const unsigned char * salt,
-                                      apr_size_t saltLen,
-                                      const apr_crypto_block_key_type_e type,
-                                      const apr_crypto_block_key_mode_e mode,
-                                      const int doPad,
-                                      const int iterations,
-                                      apr_crypto_key_t **k,
-                                      apr_size_t *ivSize)
+static apr_status_t crypto_passphrase(apr_crypto_key_t **k, apr_size_t *ivSize,
+        const char *pass, apr_size_t passLen, const unsigned char * salt,
+        apr_size_t saltLen, const apr_crypto_block_key_type_e type,
+        const apr_crypto_block_key_mode_e mode, const int doPad,
+        const int iterations, const apr_crypto_t *f, apr_pool_t *p)
 {
     apr_status_t rv = APR_SUCCESS;
     PK11SlotInfo * slot;
@@ -327,36 +324,39 @@ static apr_status_t crypto_passphrase(ap
         return APR_ENOMEM;
     }
 
+    key->f = f;
+    key->provider = f->provider;
+
     /* decide on what cipher mechanism we will be using */
     switch (type) {
 
-    case (KEY_3DES_192) :
-        if (MODE_CBC == mode) {
+    case (APR_KEY_3DES_192) :
+        if (APR_MODE_CBC == mode) {
             key->cipherOid = SEC_OID_DES_EDE3_CBC;
         }
-        else if (MODE_ECB == mode) {
+        else if (APR_MODE_ECB == mode) {
             return APR_ENOCIPHER;
             /* No OID for CKM_DES3_ECB; */
         }
         break;
-    case (KEY_AES_128) :
-        if (MODE_CBC == mode) {
+    case (APR_KEY_AES_128) :
+        if (APR_MODE_CBC == mode) {
             key->cipherOid = SEC_OID_AES_128_CBC;
         }
         else {
             key->cipherOid = SEC_OID_AES_128_ECB;
         }
         break;
-    case (KEY_AES_192) :
-        if (MODE_CBC == mode) {
+    case (APR_KEY_AES_192) :
+        if (APR_MODE_CBC == mode) {
             key->cipherOid = SEC_OID_AES_192_CBC;
         }
         else {
             key->cipherOid = SEC_OID_AES_192_ECB;
         }
         break;
-    case (KEY_AES_256) :
-        if (MODE_CBC == mode) {
+    case (APR_KEY_AES_256) :
+        if (APR_MODE_CBC == mode) {
             key->cipherOid = SEC_OID_AES_256_CBC;
         }
         else {
@@ -422,25 +422,21 @@ static apr_status_t crypto_passphrase(ap
  * @brief Initialise a context for encrypting arbitrary data using the given key.
  * @note If *ctx is NULL, a apr_crypto_block_t will be created from a pool. If
  *       *ctx is not NULL, *ctx must point at a previously created structure.
- * @param p The pool to use.
- * @param f The block context to use.
- * @param key The key structure.
+ * @param ctx The block context returned, see note.
  * @param iv Optional initialisation vector. If the buffer pointed to is NULL,
  *           an IV will be created at random, in space allocated from the pool.
  *           If the buffer pointed to is not NULL, the IV in the buffer will be
  *           used.
- * @param ctx The block context returned, see note.
+ * @param key The key structure.
  * @param blockSize The block size of the cipher.
+ * @param p The pool to use.
  * @return Returns APR_ENOIV if an initialisation vector is required but not specified.
  *         Returns APR_EINIT if the backend failed to initialise the context. Returns
  *         APR_ENOTIMPL if not implemented.
  */
-static apr_status_t crypto_block_encrypt_init(apr_pool_t *p,
-                                              const apr_crypto_t *f,
-                                              const apr_crypto_key_t *key,
-                                              const unsigned char **iv,
-                                              apr_crypto_block_t **ctx,
-                                              apr_size_t *blockSize)
+static apr_status_t crypto_block_encrypt_init(apr_crypto_block_t **ctx,
+        const unsigned char **iv, const apr_crypto_key_t *key,
+        apr_size_t *blockSize, apr_pool_t *p)
 {
     PRErrorCode perr;
     SECItem * secParam;
@@ -453,8 +449,9 @@ static apr_status_t crypto_block_encrypt
     if (!block) {
         return APR_ENOMEM;
     }
-    block->f = f;
+    block->f = key->f;
     block->pool = p;
+    block->provider = key->provider;
 
     apr_pool_cleanup_register(p, block,
                               crypto_block_cleanup_helper,
@@ -491,8 +488,8 @@ static apr_status_t crypto_block_encrypt
     /* did an error occur? */
     perr = PORT_GetError();
     if (perr || !block->ctx) {
-        f->result->rc = perr;
-        f->result->msg = PR_ErrorToName(perr);
+        key->f->result->rc = perr;
+        key->f->result->msg = PR_ErrorToName(perr);
         return APR_EINIT;
     }
 
@@ -513,20 +510,18 @@ static apr_status_t crypto_block_encrypt
  *       to NULL, a buffer sufficiently large will be created from
  *       the pool provided. If *out points to a not-NULL value, this
  *       value will be used as a buffer instead.
- * @param block The block context to use.
  * @param out Address of a buffer to which data will be written,
  *        see note.
  * @param outlen Length of the output will be written here.
  * @param in Address of the buffer to read.
  * @param inlen Length of the buffer to read.
+ * @param ctx The block context to use.
  * @return APR_ECRYPT if an error occurred. Returns APR_ENOTIMPL if
  *         not implemented.
  */
-static apr_status_t crypto_block_encrypt(apr_crypto_block_t *block,
-                                         unsigned char **out,
-                                         apr_size_t *outlen,
-                                         const unsigned char *in,
-                                         apr_size_t inlen)
+static apr_status_t crypto_block_encrypt(unsigned char **out,
+        apr_size_t *outlen, const unsigned char *in, apr_size_t inlen,
+        apr_crypto_block_t *block)
 {
 
     unsigned char *buffer;
@@ -566,19 +561,18 @@ static apr_status_t crypto_block_encrypt
  *       number of bytes returned as actually written by the
  *       apr_crypto_block_encrypt() call. After this call, the context
  *       is cleaned and can be reused by apr_crypto_block_encrypt_init().
- * @param block The block context to use.
  * @param out Address of a buffer to which data will be written. This
  *            buffer must already exist, and is usually the same
  *            buffer used by apr_evp_crypt(). See note.
  * @param outlen Length of the output will be written here.
+ * @param ctx The block context to use.
  * @return APR_ECRYPT if an error occurred.
  * @return APR_EPADDING if padding was enabled and the block was incorrectly
  *         formatted.
  * @return APR_ENOTIMPL if not implemented.
  */
-static apr_status_t crypto_block_encrypt_finish(apr_crypto_block_t *block,
-                                                unsigned char *out,
-                                                apr_size_t *outlen)
+static apr_status_t crypto_block_encrypt_finish(unsigned char *out,
+        apr_size_t *outlen, apr_crypto_block_t *block)
 {
 
     apr_status_t rv = APR_SUCCESS;
@@ -605,25 +599,20 @@ static apr_status_t crypto_block_encrypt
  * @brief Initialise a context for decrypting arbitrary data using the given key.
  * @note If *ctx is NULL, a apr_crypto_block_t will be created from a pool. If
  *       *ctx is not NULL, *ctx must point at a previously created structure.
- * @param p The pool to use.
- * @param f The block context to use.
- * @param key The key structure.
- * @param iv Optional initialisation vector. If the buffer pointed to is NULL,
- *           an IV will be created at random, in space allocated from the pool.
- *           If the buffer pointed to is not NULL, the IV in the buffer will be
- *           used.
  * @param ctx The block context returned, see note.
  * @param blockSize The block size of the cipher.
+ * @param iv Optional initialisation vector. If the buffer pointed to is NULL,
+ *           an IV will be created at random, in space allocated from the pool.
+ *           If the buffer is not NULL, the IV in the buffer will be used.
+ * @param key The key structure.
+ * @param p The pool to use.
  * @return Returns APR_ENOIV if an initialisation vector is required but not specified.
  *         Returns APR_EINIT if the backend failed to initialise the context. Returns
  *         APR_ENOTIMPL if not implemented.
  */
-static apr_status_t crypto_block_decrypt_init(apr_pool_t *p,
-                                              const apr_crypto_t *f,
-                                              const apr_crypto_key_t *key,
-                                              const unsigned char *iv,
-                                              apr_crypto_block_t **ctx,
-                                              apr_size_t *blockSize)
+static apr_status_t crypto_block_decrypt_init(apr_crypto_block_t **ctx,
+        apr_size_t *blockSize, const unsigned char *iv,
+        const apr_crypto_key_t *key, apr_pool_t *p)
 {
     PRErrorCode perr;
     SECItem * secParam;
@@ -634,8 +623,9 @@ static apr_status_t crypto_block_decrypt
     if (!block) {
         return APR_ENOMEM;
     }
-    block->f = f;
+    block->f = key->f;
     block->pool = p;
+    block->provider = key->provider;
 
     apr_pool_cleanup_register(p, block,
                               crypto_block_cleanup_helper,
@@ -659,8 +649,8 @@ static apr_status_t crypto_block_decrypt
     /* did an error occur? */
     perr = PORT_GetError();
     if (perr || !block->ctx) {
-        f->result->rc = perr;
-        f->result->msg = PR_ErrorToName(perr);
+        key->f->result->rc = perr;
+        key->f->result->msg = PR_ErrorToName(perr);
         return APR_EINIT;
     }
 
@@ -677,24 +667,22 @@ static apr_status_t crypto_block_decrypt
  * @note The number of bytes written will be written to outlen. If
  *       out is NULL, outlen will contain the maximum size of the
  *       buffer needed to hold the data, including any data
- *       generated by apr_crypto_block_final below. If *out points
+ *       generated by apr_crypto_block_decrypt_finish below. If *out points
  *       to NULL, a buffer sufficiently large will be created from
  *       the pool provided. If *out points to a not-NULL value, this
  *       value will be used as a buffer instead.
- * @param block The block context to use.
  * @param out Address of a buffer to which data will be written,
  *        see note.
  * @param outlen Length of the output will be written here.
  * @param in Address of the buffer to read.
  * @param inlen Length of the buffer to read.
+ * @param ctx The block context to use.
  * @return APR_ECRYPT if an error occurred. Returns APR_ENOTIMPL if
  *         not implemented.
  */
-static apr_status_t crypto_block_decrypt(apr_crypto_block_t *block,
-                                         unsigned char **out,
-                                         apr_size_t *outlen,
-                                         const unsigned char *in,
-                                         apr_size_t inlen)
+static apr_status_t crypto_block_decrypt(unsigned char **out,
+        apr_size_t *outlen, const unsigned char *in, apr_size_t inlen,
+        apr_crypto_block_t *block)
 {
 
     unsigned char *buffer;
@@ -727,26 +715,25 @@ static apr_status_t crypto_block_decrypt
 }
 
 /**
- * @brief Encrypt final data block, write it to out.
+ * @brief Decrypt final data block, write it to out.
  * @note If necessary the final block will be written out after being
  *       padded. Typically the final block will be written to the
- *       same buffer used by apr_evp_crypt, offset by the number of
- *       bytes returned as actually written by the apr_evp_crypt()
- *       call. After this call, the context is cleaned and can be
- *       reused by apr_env_encrypt_init() or apr_env_decrypt_init().
- * @param block The block context to use.
+ *       same buffer used by apr_crypto_block_decrypt, offset by the
+ *       number of bytes returned as actually written by the
+ *       apr_crypto_block_decrypt() call. After this call, the context
+ *       is cleaned and can be reused by apr_crypto_block_decrypt_init().
  * @param out Address of a buffer to which data will be written. This
  *            buffer must already exist, and is usually the same
  *            buffer used by apr_evp_crypt(). See note.
  * @param outlen Length of the output will be written here.
+ * @param ctx The block context to use.
  * @return APR_ECRYPT if an error occurred.
  * @return APR_EPADDING if padding was enabled and the block was incorrectly
  *         formatted.
  * @return APR_ENOTIMPL if not implemented.
  */
-static apr_status_t crypto_block_decrypt_finish(apr_crypto_block_t *block,
-                                                unsigned char *out,
-                                                apr_size_t *outlen)
+static apr_status_t crypto_block_decrypt_finish(unsigned char *out,
+        apr_size_t *outlen, apr_crypto_block_t *block)
 {
 
     apr_status_t rv = APR_SUCCESS;

Modified: apr/apr-util/branches/1.5.x/crypto/apr_crypto_openssl.c
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.5.x/crypto/apr_crypto_openssl.c?rev=1127693&r1=1127692&r2=1127693&view=diff
==============================================================================
--- apr/apr-util/branches/1.5.x/crypto/apr_crypto_openssl.c (original)
+++ apr/apr-util/branches/1.5.x/crypto/apr_crypto_openssl.c Wed May 25 21:38:43 2011
@@ -15,8 +15,6 @@
  */
 
 #include "apu.h"
-
-#include "apu_config.h"
 #include "apu_errno.h"
 
 #include <ctype.h>
@@ -38,6 +36,7 @@
 
 struct apr_crypto_t {
     apr_pool_t *pool;
+    const apr_crypto_driver_t *provider;
     apu_err_t *result;
     apr_array_header_t *keys;
     apr_crypto_config_t *config;
@@ -48,6 +47,9 @@ struct apr_crypto_config_t {
 };
 
 struct apr_crypto_key_t {
+    apr_pool_t *pool;
+    const apr_crypto_driver_t *provider;
+    const apr_crypto_t *f;
     const EVP_CIPHER * cipher;
     unsigned char *key;
     int keyLen;
@@ -56,8 +58,9 @@ struct apr_crypto_key_t {
 };
 
 struct apr_crypto_block_t {
-    const apr_crypto_t *f;
     apr_pool_t *pool;
+    const apr_crypto_driver_t *provider;
+    const apr_crypto_t *f;
     EVP_CIPHER_CTX cipherCtx;
     int initialised;
     int ivSize;
@@ -68,15 +71,15 @@ struct apr_crypto_block_t {
 /**
  * Fetch the most recent error from this driver.
  */
-static apr_status_t crypto_error(const apr_crypto_t *f, const apu_err_t **result) {
-	*result = f->result;
-	return APR_SUCCESS;
+static apr_status_t crypto_error(const apu_err_t **result, const apr_crypto_t *f) {
+    *result = f->result;
+    return APR_SUCCESS;
 }
 
 /**
  * Shutdown the crypto library and release resources.
  */
-static apr_status_t crypto_shutdown(apr_pool_t *pool) {
+static apr_status_t crypto_shutdown() {
     ERR_free_strings();
     EVP_cleanup();
     ENGINE_cleanup();
@@ -85,7 +88,7 @@ static apr_status_t crypto_shutdown(apr_
 
 static apr_status_t crypto_shutdown_helper(void *data) {
     apr_pool_t *pool = (apr_pool_t *) data;
-    return crypto_shutdown(pool);
+    return crypto_shutdown();
 }
 
 /**
@@ -155,14 +158,16 @@ static apr_status_t crypto_cleanup_helpe
  *        algorithms and other parameters will be set per context. More than
  *        one context can be created at one time. A cleanup will be automatically
  *        registered with the given pool to guarantee a graceful shutdown.
- * @param pool - process pool
+ * @param f - context pointer will be written here
+ * @param provider - provider to use
  * @param params - array of key parameters
- * @param ff - context pointer will be written here
+ * @param pool - process pool
  * @return APR_ENOENGINE when the engine specified does not exist. APR_EINITENGINE
  * if the engine cannot be initialised.
  */
-static apr_status_t crypto_make(apr_pool_t *pool,
-        const apr_array_header_t *params, apr_crypto_t **ff) {
+static apr_status_t crypto_make(apr_crypto_t **ff, const apr_crypto_driver_t *provider,
+        const apr_array_header_t *params, apr_pool_t *pool)
+{
     apr_crypto_config_t *config = NULL;
     struct apr_crypto_param_t *ents =
             params ? (struct apr_crypto_param_t *) params->elts : NULL;
@@ -173,6 +178,7 @@ static apr_status_t crypto_make(apr_pool
     }
     *ff = f;
     f->pool = pool;
+    f->provider = provider;
     config = f->config = apr_pcalloc(pool, sizeof(apr_crypto_config_t));
     if (!config) {
         return APR_ENOMEM;
@@ -215,8 +221,9 @@ static apr_status_t crypto_make(apr_pool
  *        operations.
  * @note If *key is NULL, a apr_crypto_key_t will be created from a pool. If
  *       *key is not NULL, *key must point at a previously created structure.
- * @param p The pool to use.
- * @param f The context to use.
+ * @param key The key returned, see note.
+ * @param ivSize The size of the initialisation vector will be returned, based
+ *               on whether an IV is relevant for this type of crypto.
  * @param pass The passphrase to use.
  * @param passLen The passphrase length in bytes
  * @param salt The salt to use.
@@ -225,20 +232,20 @@ static apr_status_t crypto_make(apr_pool
  * @param mode Electronic Code Book / Cipher Block Chaining.
  * @param doPad Pad if necessary.
  * @param iterations Iteration count
- * @param key The key returned, see note.
- * @param ivSize The size of the initialisation vector will be returned, based
- *               on whether an IV is relevant for this type of crypto.
+ * @param f The context to use.
+ * @param p The pool to use.
  * @return Returns APR_ENOKEY if the pass phrase is missing or empty, or if a backend
  *         error occurred while generating the key. APR_ENOCIPHER if the type or mode
  *         is not supported by the particular backend. APR_EKEYTYPE if the key type is
  *         not known. APR_EPADDING if padding was requested but is not supported.
  *         APR_ENOTIMPL if not implemented.
  */
-static apr_status_t crypto_passphrase(apr_pool_t *p, const apr_crypto_t *f,
+static apr_status_t crypto_passphrase(apr_crypto_key_t **k, apr_size_t *ivSize,
         const char *pass, apr_size_t passLen, const unsigned char * salt,
         apr_size_t saltLen, const apr_crypto_block_key_type_e type,
         const apr_crypto_block_key_mode_e mode, const int doPad,
-        const int iterations, apr_crypto_key_t **k, apr_size_t *ivSize) {
+        const int iterations, const apr_crypto_t *f, apr_pool_t *p)
+{
     apr_crypto_key_t *key = *k;
 
     if (!key) {
@@ -248,40 +255,43 @@ static apr_status_t crypto_passphrase(ap
         return APR_ENOMEM;
     }
 
+    key->f = f;
+    key->provider = f->provider;
+
     /* determine the cipher to be used */
     switch (type) {
 
-    case (KEY_3DES_192):
+    case (APR_KEY_3DES_192):
 
         /* A 3DES key */
-        if (mode == MODE_CBC) {
+        if (mode == APR_MODE_CBC) {
             key->cipher = EVP_des_ede3_cbc();
         } else {
             key->cipher = EVP_des_ede3_ecb();
         }
         break;
 
-    case (KEY_AES_128):
+    case (APR_KEY_AES_128):
 
-        if (mode == MODE_CBC) {
+        if (mode == APR_MODE_CBC) {
             key->cipher = EVP_aes_128_cbc();
         } else {
             key->cipher = EVP_aes_128_ecb();
         }
         break;
 
-    case (KEY_AES_192):
+    case (APR_KEY_AES_192):
 
-        if (mode == MODE_CBC) {
+        if (mode == APR_MODE_CBC) {
             key->cipher = EVP_aes_192_cbc();
         } else {
             key->cipher = EVP_aes_192_ecb();
         }
         break;
 
-    case (KEY_AES_256):
+    case (APR_KEY_AES_256):
 
-        if (mode == MODE_CBC) {
+        if (mode == APR_MODE_CBC) {
             key->cipher = EVP_aes_256_cbc();
         } else {
             key->cipher = EVP_aes_256_ecb();
@@ -315,7 +325,7 @@ static apr_status_t crypto_passphrase(ap
     /* note: openssl incorrectly returns non zero IV size values for ECB
      * algorithms, so work around this by ignoring the IV size.
      */
-    if (MODE_ECB != mode) {
+    if (APR_MODE_ECB != mode) {
         key->ivSize = EVP_CIPHER_iv_length(key->cipher);
     }
     if (ivSize) {
@@ -329,22 +339,24 @@ static apr_status_t crypto_passphrase(ap
  * @brief Initialise a context for encrypting arbitrary data using the given key.
  * @note If *ctx is NULL, a apr_crypto_block_t will be created from a pool. If
  *       *ctx is not NULL, *ctx must point at a previously created structure.
- * @param p The pool to use.
- * @param f The block context to use.
- * @param key The key
- * @param iv Optional initialisation vector.
  * @param ctx The block context returned, see note.
+ * @param iv Optional initialisation vector. If the buffer pointed to is NULL,
+ *           an IV will be created at random, in space allocated from the pool.
+ *           If the buffer pointed to is not NULL, the IV in the buffer will be
+ *           used.
+ * @param key The key structure.
  * @param blockSize The block size of the cipher.
+ * @param p The pool to use.
  * @return Returns APR_ENOIV if an initialisation vector is required but not specified.
  *         Returns APR_EINIT if the backend failed to initialise the context. Returns
  *         APR_ENOTIMPL if not implemented.
  */
-static apr_status_t crypto_block_encrypt_init(apr_pool_t *p,
-        const apr_crypto_t *f, const apr_crypto_key_t *key,
-        const unsigned char **iv, apr_crypto_block_t **ctx,
-        apr_size_t *blockSize) {
+static apr_status_t crypto_block_encrypt_init(apr_crypto_block_t **ctx,
+        const unsigned char **iv, const apr_crypto_key_t *key,
+        apr_size_t *blockSize, apr_pool_t *p)
+{
     unsigned char *usedIv;
-    apr_crypto_config_t *config = f->config;
+    apr_crypto_config_t *config = key->f->config;
     apr_crypto_block_t *block = *ctx;
     if (!block) {
         *ctx = block = apr_pcalloc(p, sizeof(apr_crypto_block_t));
@@ -352,8 +364,9 @@ static apr_status_t crypto_block_encrypt
     if (!block) {
         return APR_ENOMEM;
     }
-    block->f = f;
+    block->f = key->f;
     block->pool = p;
+    block->provider = key->provider;
 
     apr_pool_cleanup_register(p, block, crypto_block_cleanup_helper,
             apr_pool_cleanup_null);
@@ -415,18 +428,19 @@ static apr_status_t crypto_block_encrypt
  *       to NULL, a buffer sufficiently large will be created from
  *       the pool provided. If *out points to a not-NULL value, this
  *       value will be used as a buffer instead.
- * @param ctx The block context to use.
  * @param out Address of a buffer to which data will be written,
  *        see note.
  * @param outlen Length of the output will be written here.
  * @param in Address of the buffer to read.
  * @param inlen Length of the buffer to read.
+ * @param ctx The block context to use.
  * @return APR_ECRYPT if an error occurred. Returns APR_ENOTIMPL if
  *         not implemented.
  */
-static apr_status_t crypto_block_encrypt(apr_crypto_block_t *ctx,
-        unsigned char **out, apr_size_t *outlen, const unsigned char *in,
-        apr_size_t inlen) {
+static apr_status_t crypto_block_encrypt(unsigned char **out,
+        apr_size_t *outlen, const unsigned char *in, apr_size_t inlen,
+        apr_crypto_block_t *ctx)
+{
     int outl = *outlen;
     unsigned char *buffer;
 
@@ -467,18 +481,19 @@ static apr_status_t crypto_block_encrypt
  *       number of bytes returned as actually written by the
  *       apr_crypto_block_encrypt() call. After this call, the context
  *       is cleaned and can be reused by apr_crypto_block_encrypt_init().
- * @param ctx The block context to use.
  * @param out Address of a buffer to which data will be written. This
  *            buffer must already exist, and is usually the same
  *            buffer used by apr_evp_crypt(). See note.
  * @param outlen Length of the output will be written here.
+ * @param ctx The block context to use.
  * @return APR_ECRYPT if an error occurred.
  * @return APR_EPADDING if padding was enabled and the block was incorrectly
  *         formatted.
  * @return APR_ENOTIMPL if not implemented.
  */
-static apr_status_t crypto_block_encrypt_finish(apr_crypto_block_t *ctx,
-        unsigned char *out, apr_size_t *outlen) {
+static apr_status_t crypto_block_encrypt_finish(unsigned char *out,
+        apr_size_t *outlen, apr_crypto_block_t *ctx)
+{
     int len = *outlen;
 
     if (EVP_EncryptFinal_ex(&ctx->cipherCtx, out, &len) == 0) {
@@ -494,23 +509,22 @@ static apr_status_t crypto_block_encrypt
  * @brief Initialise a context for decrypting arbitrary data using the given key.
  * @note If *ctx is NULL, a apr_crypto_block_t will be created from a pool. If
  *       *ctx is not NULL, *ctx must point at a previously created structure.
- * @param p The pool to use.
- * @param f The block context to use.
- * @param key The key structure.
+ * @param ctx The block context returned, see note.
+ * @param blockSize The block size of the cipher.
  * @param iv Optional initialisation vector. If the buffer pointed to is NULL,
  *           an IV will be created at random, in space allocated from the pool.
  *           If the buffer is not NULL, the IV in the buffer will be used.
- * @param ctx The block context returned, see note.
- * @param blockSize The block size of the cipher.
+ * @param key The key structure.
+ * @param p The pool to use.
  * @return Returns APR_ENOIV if an initialisation vector is required but not specified.
  *         Returns APR_EINIT if the backend failed to initialise the context. Returns
  *         APR_ENOTIMPL if not implemented.
  */
-static apr_status_t crypto_block_decrypt_init(apr_pool_t *p,
-        const apr_crypto_t *f, const apr_crypto_key_t *key,
-        const unsigned char *iv, apr_crypto_block_t **ctx,
-        apr_size_t *blockSize) {
-    apr_crypto_config_t *config = f->config;
+static apr_status_t crypto_block_decrypt_init(apr_crypto_block_t **ctx,
+        apr_size_t *blockSize, const unsigned char *iv,
+        const apr_crypto_key_t *key, apr_pool_t *p)
+{
+    apr_crypto_config_t *config = key->f->config;
     apr_crypto_block_t *block = *ctx;
     if (!block) {
         *ctx = block = apr_pcalloc(p, sizeof(apr_crypto_block_t));
@@ -518,8 +532,9 @@ static apr_status_t crypto_block_decrypt
     if (!block) {
         return APR_ENOMEM;
     }
-    block->f = f;
+    block->f = key->f;
     block->pool = p;
+    block->provider = key->provider;
 
     apr_pool_cleanup_register(p, block, crypto_block_cleanup_helper,
             apr_pool_cleanup_null);
@@ -563,23 +578,23 @@ static apr_status_t crypto_block_decrypt
  * @note The number of bytes written will be written to outlen. If
  *       out is NULL, outlen will contain the maximum size of the
  *       buffer needed to hold the data, including any data
- *       generated by apr_crypto_block_final below. If *out points
+ *       generated by apr_crypto_block_decrypt_finish below. If *out points
  *       to NULL, a buffer sufficiently large will be created from
  *       the pool provided. If *out points to a not-NULL value, this
  *       value will be used as a buffer instead.
- * @param ctx The block context to use.
  * @param out Address of a buffer to which data will be written,
  *        see note.
  * @param outlen Length of the output will be written here.
  * @param in Address of the buffer to read.
  * @param inlen Length of the buffer to read.
+ * @param ctx The block context to use.
  * @return APR_ECRYPT if an error occurred. Returns APR_ENOTIMPL if
  *         not implemented.
  */
-static apr_status_t crypto_block_decrypt(apr_crypto_block_t *ctx,
-        unsigned char **out, apr_size_t *outlen, const unsigned char *in,
-        apr_size_t inlen) {
-
+static apr_status_t crypto_block_decrypt(unsigned char **out,
+        apr_size_t *outlen, const unsigned char *in, apr_size_t inlen,
+        apr_crypto_block_t *ctx)
+{
     int outl = *outlen;
     unsigned char *buffer;
 
@@ -616,22 +631,23 @@ static apr_status_t crypto_block_decrypt
  * @brief Decrypt final data block, write it to out.
  * @note If necessary the final block will be written out after being
  *       padded. Typically the final block will be written to the
- *       same buffer used by apr_evp_crypt, offset by the number of
- *       bytes returned as actually written by the apr_evp_crypt()
- *       call. After this call, the context is cleaned and can be
- *       reused by apr_env_encrypt_init() or apr_env_decrypt_init().
- * @param ctx The block context to use.
+ *       same buffer used by apr_crypto_block_decrypt, offset by the
+ *       number of bytes returned as actually written by the
+ *       apr_crypto_block_decrypt() call. After this call, the context
+ *       is cleaned and can be reused by apr_crypto_block_decrypt_init().
  * @param out Address of a buffer to which data will be written. This
  *            buffer must already exist, and is usually the same
  *            buffer used by apr_evp_crypt(). See note.
  * @param outlen Length of the output will be written here.
+ * @param ctx The block context to use.
  * @return APR_ECRYPT if an error occurred.
  * @return APR_EPADDING if padding was enabled and the block was incorrectly
  *         formatted.
  * @return APR_ENOTIMPL if not implemented.
  */
-static apr_status_t crypto_block_decrypt_finish(apr_crypto_block_t *ctx,
-        unsigned char *out, apr_size_t *outlen) {
+static apr_status_t crypto_block_decrypt_finish(unsigned char *out,
+        apr_size_t *outlen, apr_crypto_block_t *ctx)
+{
 
     int len = *outlen;
 
@@ -652,6 +668,6 @@ APU_MODULE_DECLARE_DATA const apr_crypto
         crypto_block_encrypt_init, crypto_block_encrypt,
         crypto_block_encrypt_finish, crypto_block_decrypt_init,
         crypto_block_decrypt, crypto_block_decrypt_finish,
-        crypto_block_cleanup, crypto_cleanup, crypto_shutdown, crypto_error};
+        crypto_block_cleanup, crypto_cleanup, crypto_shutdown, crypto_error };
 
 #endif

Modified: apr/apr-util/branches/1.5.x/include/apr_crypto.h
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.5.x/include/apr_crypto.h?rev=1127693&r1=1127692&r2=1127693&view=diff
==============================================================================
--- apr/apr-util/branches/1.5.x/include/apr_crypto.h (original)
+++ apr/apr-util/branches/1.5.x/include/apr_crypto.h Wed May 25 21:38:43 2011
@@ -142,17 +142,18 @@ extern "C" {
  */
 
 typedef enum {
-    KEY_NONE, KEY_3DES_192, /** 192 bit (3-Key) 3DES */
-    KEY_AES_128, /** 128 bit AES */
-    KEY_AES_192, /** 192 bit AES */
-    KEY_AES_256
+    APR_KEY_NONE,
+    APR_KEY_3DES_192, /** 192 bit (3-Key) 3DES */
+    APR_KEY_AES_128, /** 128 bit AES */
+    APR_KEY_AES_192, /** 192 bit AES */
+    APR_KEY_AES_256
 /** 256 bit AES */
 } apr_crypto_block_key_type_e;
 
 typedef enum {
-    MODE_NONE, /** An error condition */
-    MODE_ECB, /** Electronic Code Book */
-    MODE_CBC
+    APR_MODE_NONE, /** An error condition */
+    APR_MODE_ECB, /** Electronic Code Book */
+    APR_MODE_CBC
 /** Cipher Block Chaining */
 } apr_crypto_block_key_mode_e;
 
@@ -184,6 +185,7 @@ typedef struct apr_crypto_block_t apr_cr
  * @brief Perform once-only initialisation. Call once only.
  *
  * @param pool - pool to register any shutdown cleanups, etc
+ * @param params - array of initialisation parameters
  * @return APR_NOTIMPL in case of no crypto support.
  */
 APU_DECLARE(apr_status_t) apr_crypto_init(apr_pool_t *pool,
@@ -192,17 +194,19 @@ APU_DECLARE(apr_status_t) apr_crypto_ini
 /**
  * @brief Get the driver struct for a name
  *
- * @param pool - (process) pool to register cleanup
- * @param name - driver name
  * @param driver - pointer to driver struct.
+ * @param name - driver name
+ * @param params - array of initialisation parameters
+ * @param result - result and error message on failure
+ * @param pool - (process) pool to register cleanup
  * @return APR_SUCCESS for success
  * @return APR_ENOTIMPL for no driver (when DSO not enabled)
  * @return APR_EDSOOPEN if DSO driver file can't be opened
  * @return APR_ESYMNOTFOUND if the driver file doesn't contain a driver
  */
-APU_DECLARE(apr_status_t) apr_crypto_get_driver(apr_pool_t *pool, const char *name,
-        const apr_crypto_driver_t **driver, const apr_array_header_t *params,
-        const apu_err_t **result);
+APU_DECLARE(apr_status_t) apr_crypto_get_driver(const apr_crypto_driver_t **driver,
+        const char *name, const apr_array_header_t *params, const apu_err_t **result,
+        apr_pool_t *pool);
 
 /**
  * @brief Return the name of the driver.
@@ -210,32 +214,32 @@ APU_DECLARE(apr_status_t) apr_crypto_get
  * @param driver - The driver in use.
  * @return The name of the driver.
  */
-APU_DECLARE(const char *)apr_crypto_driver_name (const apr_crypto_driver_t *driver);
+APU_DECLARE(const char *) apr_crypto_driver_name(const apr_crypto_driver_t *driver);
 
 /**
  * @brief Get the result of the last operation on a context. If the result
  *        is NULL, the operation was successful.
- * @param f - context pointer
  * @param result - the result structure
+ * @param f - context pointer
  * @return APR_SUCCESS for success
  */
-APR_DECLARE(apr_status_t) apr_crypto_error(const apr_crypto_driver_t *driver,
-        const apr_crypto_t *f, const apu_err_t **result);
+APU_DECLARE(apr_status_t) apr_crypto_error(const apu_err_t **result,
+        const apr_crypto_t *f);
 
 /**
  * @brief Create a context for supporting encryption. Keys, certificates,
  *        algorithms and other parameters will be set per context. More than
  *        one context can be created at one time. A cleanup will be automatically
  *        registered with the given pool to guarantee a graceful shutdown.
+ * @param f - context pointer will be written here
  * @param driver - driver to use
- * @param pool - process pool
  * @param params - array of key parameters
- * @param f - context pointer will be written here
+ * @param pool - process pool
  * @return APR_ENOENGINE when the engine specified does not exist. APR_EINITENGINE
  * if the engine cannot be initialised.
  */
-APU_DECLARE(apr_status_t) apr_crypto_make(const apr_crypto_driver_t *driver,
-        apr_pool_t *pool, const apr_array_header_t *params, apr_crypto_t **f);
+APU_DECLARE(apr_status_t) apr_crypto_make(apr_crypto_t **f, const apr_crypto_driver_t *driver,
+        const apr_array_header_t *params, apr_pool_t *pool);
 
 /**
  * @brief Create a key from the given passphrase. By default, the PBKDF2
@@ -246,9 +250,9 @@ APU_DECLARE(apr_status_t) apr_crypto_mak
  *        operations.
  * @note If *key is NULL, a apr_crypto_key_t will be created from a pool. If
  *       *key is not NULL, *key must point at a previously created structure.
- * @param driver - driver to use
- * @param p The pool to use.
- * @param f The context to use.
+ * @param key The key returned, see note.
+ * @param ivSize The size of the initialisation vector will be returned, based
+ *               on whether an IV is relevant for this type of crypto.
  * @param pass The passphrase to use.
  * @param passLen The passphrase length in bytes
  * @param salt The salt to use.
@@ -256,45 +260,41 @@ APU_DECLARE(apr_status_t) apr_crypto_mak
  * @param type 3DES_192, AES_128, AES_192, AES_256.
  * @param mode Electronic Code Book / Cipher Block Chaining.
  * @param doPad Pad if necessary.
- * @param key The key returned, see note.
- * @param ivSize The size of the initialisation vector will be returned, based
- *               on whether an IV is relevant for this type of crypto.
+ * @param iterations Number of iterations to use in algorithm
+ * @param f The context to use.
+ * @param p The pool to use.
  * @return Returns APR_ENOKEY if the pass phrase is missing or empty, or if a backend
  *         error occurred while generating the key. APR_ENOCIPHER if the type or mode
  *         is not supported by the particular backend. APR_EKEYTYPE if the key type is
  *         not known. APR_EPADDING if padding was requested but is not supported.
  *         APR_ENOTIMPL if not implemented.
  */
-APU_DECLARE(apr_status_t) apr_crypto_passphrase(const apr_crypto_driver_t *driver,
-        apr_pool_t *p, const apr_crypto_t *f, const char *pass,
-        apr_size_t passLen, const unsigned char * salt, apr_size_t saltLen,
+APU_DECLARE(apr_status_t) apr_crypto_passphrase(apr_crypto_key_t **key,
+        apr_size_t *ivSize, const char *pass, apr_size_t passLen,
+        const unsigned char * salt, apr_size_t saltLen,
         const apr_crypto_block_key_type_e type,
         const apr_crypto_block_key_mode_e mode, const int doPad,
-        const int iterations, apr_crypto_key_t **key, apr_size_t *ivSize);
+        const int iterations, const apr_crypto_t *f, apr_pool_t *p);
 
 /**
  * @brief Initialise a context for encrypting arbitrary data using the given key.
  * @note If *ctx is NULL, a apr_crypto_block_t will be created from a pool. If
  *       *ctx is not NULL, *ctx must point at a previously created structure.
- * @param driver - driver to use
- * @param p The pool to use.
- * @param f The block context to use.
- * @param key The key structure to use.
+ * @param ctx The block context returned, see note.
  * @param iv Optional initialisation vector. If the buffer pointed to is NULL,
  *           an IV will be created at random, in space allocated from the pool.
  *           If the buffer pointed to is not NULL, the IV in the buffer will be
  *           used.
- * @param ctx The block context returned, see note.
+ * @param key The key structure to use.
  * @param blockSize The block size of the cipher.
+ * @param p The pool to use.
  * @return Returns APR_ENOIV if an initialisation vector is required but not specified.
  *         Returns APR_EINIT if the backend failed to initialise the context. Returns
  *         APR_ENOTIMPL if not implemented.
  */
 APU_DECLARE(apr_status_t) apr_crypto_block_encrypt_init(
-        const apr_crypto_driver_t *driver, apr_pool_t *p,
-        const apr_crypto_t *f, const apr_crypto_key_t *key,
-        const unsigned char **iv, apr_crypto_block_t **ctx,
-        apr_size_t *blockSize);
+        apr_crypto_block_t **ctx, const unsigned char **iv,
+        const apr_crypto_key_t *key, apr_size_t *blockSize, apr_pool_t *p);
 
 /**
  * @brief Encrypt data provided by in, write it to out.
@@ -305,20 +305,18 @@ APU_DECLARE(apr_status_t) apr_crypto_blo
  *       to NULL, a buffer sufficiently large will be created from
  *       the pool provided. If *out points to a not-NULL value, this
  *       value will be used as a buffer instead.
- * @param driver - driver to use
- * @param ctx The block context to use.
  * @param out Address of a buffer to which data will be written,
  *        see note.
  * @param outlen Length of the output will be written here.
  * @param in Address of the buffer to read.
  * @param inlen Length of the buffer to read.
+ * @param ctx The block context to use.
  * @return APR_ECRYPT if an error occurred. Returns APR_ENOTIMPL if
  *         not implemented.
  */
-APU_DECLARE(apr_status_t) apr_crypto_block_encrypt(
-        const apr_crypto_driver_t *driver, apr_crypto_block_t *ctx,
-        unsigned char **out, apr_size_t *outlen, const unsigned char *in,
-        apr_size_t inlen);
+APU_DECLARE(apr_status_t) apr_crypto_block_encrypt(unsigned char **out,
+        apr_size_t *outlen, const unsigned char *in, apr_size_t inlen,
+        apr_crypto_block_t *ctx);
 
 /**
  * @brief Encrypt final data block, write it to out.
@@ -328,41 +326,35 @@ APU_DECLARE(apr_status_t) apr_crypto_blo
  *       number of bytes returned as actually written by the
  *       apr_crypto_block_encrypt() call. After this call, the context
  *       is cleaned and can be reused by apr_crypto_block_encrypt_init().
- * @param driver - driver to use
- * @param ctx The block context to use.
  * @param out Address of a buffer to which data will be written. This
  *            buffer must already exist, and is usually the same
  *            buffer used by apr_evp_crypt(). See note.
  * @param outlen Length of the output will be written here.
+ * @param ctx The block context to use.
  * @return APR_ECRYPT if an error occurred.
  * @return APR_EPADDING if padding was enabled and the block was incorrectly
  *         formatted.
  * @return APR_ENOTIMPL if not implemented.
  */
-APU_DECLARE(apr_status_t) apr_crypto_block_encrypt_finish(
-        const apr_crypto_driver_t *driver, apr_crypto_block_t *ctx,
-        unsigned char *out, apr_size_t *outlen);
+APU_DECLARE(apr_status_t) apr_crypto_block_encrypt_finish(unsigned char *out,
+        apr_size_t *outlen, apr_crypto_block_t *ctx);
 
 /**
  * @brief Initialise a context for decrypting arbitrary data using the given key.
  * @note If *ctx is NULL, a apr_crypto_block_t will be created from a pool. If
  *       *ctx is not NULL, *ctx must point at a previously created structure.
- * @param driver - driver to use
- * @param p The pool to use.
- * @param f The block context to use.
- * @param key The key structure to use.
- * @param iv Optional initialisation vector.
  * @param ctx The block context returned, see note.
  * @param blockSize The block size of the cipher.
+ * @param iv Optional initialisation vector.
+ * @param key The key structure to use.
+ * @param p The pool to use.
  * @return Returns APR_ENOIV if an initialisation vector is required but not specified.
  *         Returns APR_EINIT if the backend failed to initialise the context. Returns
  *         APR_ENOTIMPL if not implemented.
  */
 APU_DECLARE(apr_status_t) apr_crypto_block_decrypt_init(
-        const apr_crypto_driver_t *driver, apr_pool_t *p,
-        const apr_crypto_t *f, const apr_crypto_key_t *key,
-        const unsigned char *iv, apr_crypto_block_t **ctx,
-        apr_size_t *blockSize);
+        apr_crypto_block_t **ctx, apr_size_t *blockSize,
+        const unsigned char *iv, const apr_crypto_key_t *key, apr_pool_t *p);
 
 /**
  * @brief Decrypt data provided by in, write it to out.
@@ -373,20 +365,18 @@ APU_DECLARE(apr_status_t) apr_crypto_blo
  *       to NULL, a buffer sufficiently large will be created from
  *       the pool provided. If *out points to a not-NULL value, this
  *       value will be used as a buffer instead.
- * @param driver - driver to use
- * @param ctx The block context to use.
  * @param out Address of a buffer to which data will be written,
  *        see note.
  * @param outlen Length of the output will be written here.
  * @param in Address of the buffer to read.
  * @param inlen Length of the buffer to read.
+ * @param ctx The block context to use.
  * @return APR_ECRYPT if an error occurred. Returns APR_ENOTIMPL if
  *         not implemented.
  */
-APU_DECLARE(apr_status_t) apr_crypto_block_decrypt(
-        const apr_crypto_driver_t *driver, apr_crypto_block_t *ctx,
-        unsigned char **out, apr_size_t *outlen, const unsigned char *in,
-        apr_size_t inlen);
+APU_DECLARE(apr_status_t) apr_crypto_block_decrypt(unsigned char **out,
+        apr_size_t *outlen, const unsigned char *in, apr_size_t inlen,
+        apr_crypto_block_t *ctx);
 
 /**
  * @brief Decrypt final data block, write it to out.
@@ -396,50 +386,42 @@ APU_DECLARE(apr_status_t) apr_crypto_blo
  *       number of bytes returned as actually written by the
  *       apr_crypto_block_decrypt() call. After this call, the context
  *       is cleaned and can be reused by apr_crypto_block_decrypt_init().
- * @param driver - driver to use
- * @param ctx The block context to use.
  * @param out Address of a buffer to which data will be written. This
  *            buffer must already exist, and is usually the same
  *            buffer used by apr_evp_crypt(). See note.
  * @param outlen Length of the output will be written here.
+ * @param ctx The block context to use.
  * @return APR_ECRYPT if an error occurred.
  * @return APR_EPADDING if padding was enabled and the block was incorrectly
  *         formatted.
  * @return APR_ENOTIMPL if not implemented.
  */
-APU_DECLARE(apr_status_t) apr_crypto_block_decrypt_finish(
-        const apr_crypto_driver_t *driver, apr_crypto_block_t *ctx,
-        unsigned char *out, apr_size_t *outlen);
+APU_DECLARE(apr_status_t) apr_crypto_block_decrypt_finish(unsigned char *out,
+        apr_size_t *outlen, apr_crypto_block_t *ctx);
 
 /**
  * @brief Clean encryption / decryption context.
  * @note After cleanup, a context is free to be reused if necessary.
- * @param driver - driver to use
  * @param ctx The block context to use.
  * @return Returns APR_ENOTIMPL if not supported.
  */
-APU_DECLARE(apr_status_t) apr_crypto_block_cleanup(
-        const apr_crypto_driver_t *driver, apr_crypto_block_t *ctx);
+APU_DECLARE(apr_status_t) apr_crypto_block_cleanup(apr_crypto_block_t *ctx);
 
 /**
  * @brief Clean encryption / decryption context.
  * @note After cleanup, a context is free to be reused if necessary.
- * @param driver - driver to use
  * @param f The context to use.
  * @return Returns APR_ENOTIMPL if not supported.
  */
-APU_DECLARE(apr_status_t) apr_crypto_cleanup(const apr_crypto_driver_t *driver,
-        apr_crypto_t *f);
+APU_DECLARE(apr_status_t) apr_crypto_cleanup(apr_crypto_t *f);
 
 /**
  * @brief Shutdown the crypto library.
  * @note After shutdown, it is expected that the init function can be called again.
  * @param driver - driver to use
- * @param p The pool to use.
  * @return Returns APR_ENOTIMPL if not supported.
  */
-APU_DECLARE(apr_status_t) apr_crypto_shutdown(const apr_crypto_driver_t *driver,
-        apr_pool_t *p);
+APU_DECLARE(apr_status_t) apr_crypto_shutdown(const apr_crypto_driver_t *driver);
 
 #endif /* APU_HAVE_CRYPTO */
 

Modified: apr/apr-util/branches/1.5.x/include/private/apr_crypto_internal.h
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.5.x/include/private/apr_crypto_internal.h?rev=1127693&r1=1127692&r2=1127693&view=diff
==============================================================================
--- apr/apr-util/branches/1.5.x/include/private/apr_crypto_internal.h (original)
+++ apr/apr-util/branches/1.5.x/include/private/apr_crypto_internal.h Wed May 25 21:38:43 2011
@@ -46,14 +46,15 @@ struct apr_crypto_driver_t {
      *        algorithms and other parameters will be set per context. More than
      *        one context can be created at one time. A cleanup will be automatically
      *        registered with the given pool to guarantee a graceful shutdown.
-     * @param pool - process pool
-     * @param params - array of key parameters
      * @param f - context pointer will be written here
+     * @param provider - provider to use
+     * @param params - array of key parameters
+     * @param pool - process pool
      * @return APR_ENOENGINE when the engine specified does not exist. APR_EINITENGINE
      * if the engine cannot be initialised.
      */
-    apr_status_t (*make)(apr_pool_t *pool, const apr_array_header_t *params,
-            apr_crypto_t **f);
+    apr_status_t (*make)(apr_crypto_t **f, const apr_crypto_driver_t *provider,
+            const apr_array_header_t *params, apr_pool_t *pool);
 
     /**
      * @brief Create a key from the given passphrase. By default, the PBKDF2
@@ -64,8 +65,9 @@ struct apr_crypto_driver_t {
      *        operations.
      * @note If *key is NULL, a apr_crypto_key_t will be created from a pool. If
      *       *key is not NULL, *key must point at a previously created structure.
-     * @param p The pool to use.
-     * @param f The context to use.
+     * @param key The key returned, see note.
+     * @param ivSize The size of the initialisation vector will be returned, based
+     *               on whether an IV is relevant for this type of crypto.
      * @param pass The passphrase to use.
      * @param passLen The passphrase length in bytes
      * @param salt The salt to use.
@@ -74,41 +76,39 @@ struct apr_crypto_driver_t {
      * @param mode Electronic Code Book / Cipher Block Chaining.
      * @param doPad Pad if necessary.
      * @param iterations Iteration count
-     * @param key The key returned, see note.
-     * @param ivSize The size of the initialisation vector will be returned, based
-     *               on whether an IV is relevant for this type of crypto.
+     * @param f The context to use.
+     * @param p The pool to use.
      * @return Returns APR_ENOKEY if the pass phrase is missing or empty, or if a backend
      *         error occurred while generating the key. APR_ENOCIPHER if the type or mode
      *         is not supported by the particular backend. APR_EKEYTYPE if the key type is
      *         not known. APR_EPADDING if padding was requested but is not supported.
      *         APR_ENOTIMPL if not implemented.
      */
-    apr_status_t (*passphrase)(apr_pool_t *p, const apr_crypto_t *f,
+    apr_status_t (*passphrase)(apr_crypto_key_t **key, apr_size_t *ivSize,
             const char *pass, apr_size_t passLen, const unsigned char * salt,
             apr_size_t saltLen, const apr_crypto_block_key_type_e type,
             const apr_crypto_block_key_mode_e mode, const int doPad,
-            const int iterations, apr_crypto_key_t **key, apr_size_t *ivSize);
+            const int iterations, const apr_crypto_t *f, apr_pool_t *p);
 
     /**
      * @brief Initialise a context for encrypting arbitrary data using the given key.
      * @note If *ctx is NULL, a apr_crypto_block_t will be created from a pool. If
      *       *ctx is not NULL, *ctx must point at a previously created structure.
-     * @param p The pool to use.
-     * @param f The block context to use.
-     * @param key The key structure.
+     * @param ctx The block context returned, see note.
      * @param iv Optional initialisation vector. If the buffer pointed to is NULL,
      *           an IV will be created at random, in space allocated from the pool.
      *           If the buffer pointed to is not NULL, the IV in the buffer will be
      *           used.
-     * @param ctx The block context returned, see note.
+     * @param key The key structure.
      * @param blockSize The block size of the cipher.
+     * @param p The pool to use.
      * @return Returns APR_ENOIV if an initialisation vector is required but not specified.
      *         Returns APR_EINIT if the backend failed to initialise the context. Returns
      *         APR_ENOTIMPL if not implemented.
      */
-    apr_status_t (*block_encrypt_init)(apr_pool_t *p, const apr_crypto_t *f,
-            const apr_crypto_key_t *key, const unsigned char **iv,
-            apr_crypto_block_t **ctx, apr_size_t *blockSize);
+    apr_status_t (*block_encrypt_init)(apr_crypto_block_t **ctx,
+            const unsigned char **iv, const apr_crypto_key_t *key,
+            apr_size_t *blockSize, apr_pool_t *p);
 
     /**
      * @brief Encrypt data provided by in, write it to out.
@@ -119,17 +119,17 @@ struct apr_crypto_driver_t {
      *       to NULL, a buffer sufficiently large will be created from
      *       the pool provided. If *out points to a not-NULL value, this
      *       value will be used as a buffer instead.
-     * @param ctx The block context to use.
      * @param out Address of a buffer to which data will be written,
      *        see note.
      * @param outlen Length of the output will be written here.
      * @param in Address of the buffer to read.
      * @param inlen Length of the buffer to read.
+     * @param ctx The block context to use.
      * @return APR_ECRYPT if an error occurred. Returns APR_ENOTIMPL if
      *         not implemented.
      */
-    apr_status_t (*block_encrypt)(apr_crypto_block_t *ctx, unsigned char **out,
-            apr_size_t *outlen, const unsigned char *in, apr_size_t inlen);
+    apr_status_t (*block_encrypt)(unsigned char **out, apr_size_t *outlen,
+            const unsigned char *in, apr_size_t inlen, apr_crypto_block_t *ctx);
 
     /**
      * @brief Encrypt final data block, write it to out.
@@ -139,38 +139,37 @@ struct apr_crypto_driver_t {
      *       number of bytes returned as actually written by the
      *       apr_crypto_block_encrypt() call. After this call, the context
      *       is cleaned and can be reused by apr_crypto_block_encrypt_init().
-     * @param ctx The block context to use.
      * @param out Address of a buffer to which data will be written. This
      *            buffer must already exist, and is usually the same
      *            buffer used by apr_evp_crypt(). See note.
      * @param outlen Length of the output will be written here.
+     * @param ctx The block context to use.
      * @return APR_ECRYPT if an error occurred.
      * @return APR_EPADDING if padding was enabled and the block was incorrectly
      *         formatted.
      * @return APR_ENOTIMPL if not implemented.
      */
-    apr_status_t (*block_encrypt_finish)(apr_crypto_block_t *ctx,
-            unsigned char *out, apr_size_t *outlen);
+    apr_status_t (*block_encrypt_finish)(unsigned char *out, apr_size_t *outlen,
+            apr_crypto_block_t *ctx);
 
     /**
      * @brief Initialise a context for decrypting arbitrary data using the given key.
      * @note If *ctx is NULL, a apr_crypto_block_t will be created from a pool. If
      *       *ctx is not NULL, *ctx must point at a previously created structure.
-     * @param p The pool to use.
-     * @param f The block context to use.
-     * @param key The key structure.
+     * @param ctx The block context returned, see note.
+     * @param blockSize The block size of the cipher.
      * @param iv Optional initialisation vector. If the buffer pointed to is NULL,
      *           an IV will be created at random, in space allocated from the pool.
      *           If the buffer is not NULL, the IV in the buffer will be used.
-     * @param ctx The block context returned, see note.
-     * @param blockSize The block size of the cipher.
+     * @param key The key structure.
+     * @param p The pool to use.
      * @return Returns APR_ENOIV if an initialisation vector is required but not specified.
      *         Returns APR_EINIT if the backend failed to initialise the context. Returns
      *         APR_ENOTIMPL if not implemented.
      */
-    apr_status_t (*block_decrypt_init)(apr_pool_t *p, const apr_crypto_t *f,
-            const apr_crypto_key_t *key, const unsigned char *iv,
-            apr_crypto_block_t **ctx, apr_size_t *blockSize);
+    apr_status_t (*block_decrypt_init)(apr_crypto_block_t **ctx,
+            apr_size_t *blockSize, const unsigned char *iv,
+            const apr_crypto_key_t *key, apr_pool_t *p);
 
     /**
      * @brief Decrypt data provided by in, write it to out.
@@ -181,17 +180,17 @@ struct apr_crypto_driver_t {
      *       to NULL, a buffer sufficiently large will be created from
      *       the pool provided. If *out points to a not-NULL value, this
      *       value will be used as a buffer instead.
-     * @param ctx The block context to use.
      * @param out Address of a buffer to which data will be written,
      *        see note.
      * @param outlen Length of the output will be written here.
      * @param in Address of the buffer to read.
      * @param inlen Length of the buffer to read.
+     * @param ctx The block context to use.
      * @return APR_ECRYPT if an error occurred. Returns APR_ENOTIMPL if
      *         not implemented.
      */
-    apr_status_t (*block_decrypt)(apr_crypto_block_t *ctx, unsigned char **out,
-            apr_size_t *outlen, const unsigned char *in, apr_size_t inlen);
+    apr_status_t (*block_decrypt)(unsigned char **out, apr_size_t *outlen,
+            const unsigned char *in, apr_size_t inlen, apr_crypto_block_t *ctx);
 
     /**
      * @brief Decrypt final data block, write it to out.
@@ -201,18 +200,18 @@ struct apr_crypto_driver_t {
      *       number of bytes returned as actually written by the
      *       apr_crypto_block_decrypt() call. After this call, the context
      *       is cleaned and can be reused by apr_crypto_block_decrypt_init().
-     * @param ctx The block context to use.
      * @param out Address of a buffer to which data will be written. This
      *            buffer must already exist, and is usually the same
      *            buffer used by apr_evp_crypt(). See note.
      * @param outlen Length of the output will be written here.
+     * @param ctx The block context to use.
      * @return APR_ECRYPT if an error occurred.
      * @return APR_EPADDING if padding was enabled and the block was incorrectly
      *         formatted.
      * @return APR_ENOTIMPL if not implemented.
      */
-    apr_status_t (*block_decrypt_finish)(apr_crypto_block_t *ctx,
-            unsigned char *out, apr_size_t *outlen);
+    apr_status_t (*block_decrypt_finish)(unsigned char *out,
+            apr_size_t *outlen, apr_crypto_block_t *ctx);
 
     /**
      * @brief Clean encryption / decryption context.
@@ -233,18 +232,17 @@ struct apr_crypto_driver_t {
     /**
      * @brief Clean encryption / decryption context.
      * @note After cleanup, a context is free to be reused if necessary.
-     * @param pool The pool to use.
      * @return Returns APR_ENOTIMPL if not supported.
      */
-    apr_status_t (*shutdown)(apr_pool_t *p);
+    apr_status_t (*shutdown)();
 
     /**
      * @brief: fetch the most recent error from this driver.
-     * @param f - context pointer
      * @param result - the result structure
+     * @param f - context pointer
      * @return APR_SUCCESS for success.
      */
-    apr_status_t (*error)(const apr_crypto_t *f, const apu_err_t **result);
+    apr_status_t (*error)(const apu_err_t **result, const apr_crypto_t *f);
 
 };
 



Mime
View raw message