Return-Path: X-Original-To: apmail-apr-commits-archive@www.apache.org Delivered-To: apmail-apr-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id D9E146FCE for ; Sun, 22 May 2011 21:12:51 +0000 (UTC) Received: (qmail 21266 invoked by uid 500); 22 May 2011 21:12:51 -0000 Delivered-To: apmail-apr-commits-archive@apr.apache.org Received: (qmail 21228 invoked by uid 500); 22 May 2011 21:12:51 -0000 Mailing-List: contact commits-help@apr.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: dev@apr.apache.org List-Id: Delivered-To: mailing list commits@apr.apache.org Received: (qmail 21221 invoked by uid 99); 22 May 2011 21:12:51 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 22 May 2011 21:12:51 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 22 May 2011 21:12:48 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id E265323888DD; Sun, 22 May 2011 21:12:26 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1126230 [1/2] - in /apr/apr-util/branches/1.4.x: crypto/apr_crypto.c crypto/apr_crypto_nss.c crypto/apr_crypto_openssl.c include/apr_crypto.h include/private/apr_crypto_internal.h test/testcrypto.c Date: Sun, 22 May 2011 21:12:25 -0000 To: commits@apr.apache.org From: minfrin@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20110522211227.E265323888DD@eris.apache.org> Author: minfrin Date: Sun May 22 21:12:25 2011 New Revision: 1126230 URL: http://svn.apache.org/viewvc?rev=1126230&view=rev Log: apr_crypto: Backport the overhauled apr v2.0 API to the apr-util v1.4 branch. Modified: apr/apr-util/branches/1.4.x/crypto/apr_crypto.c apr/apr-util/branches/1.4.x/crypto/apr_crypto_nss.c apr/apr-util/branches/1.4.x/crypto/apr_crypto_openssl.c apr/apr-util/branches/1.4.x/include/apr_crypto.h apr/apr-util/branches/1.4.x/include/private/apr_crypto_internal.h apr/apr-util/branches/1.4.x/test/testcrypto.c Modified: apr/apr-util/branches/1.4.x/crypto/apr_crypto.c URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.4.x/crypto/apr_crypto.c?rev=1126230&r1=1126229&r2=1126230&view=diff ============================================================================== --- apr/apr-util/branches/1.4.x/crypto/apr_crypto.c (original) +++ apr/apr-util/branches/1.4.x/crypto/apr_crypto.c Sun May 22 21:12:25 2011 @@ -19,7 +19,6 @@ #include "apu_config.h" #include "apu.h" - #include "apr_pools.h" #include "apr_dso.h" #include "apr_strings.h" @@ -40,6 +39,29 @@ static apr_hash_t *drivers = NULL; #define CLEANUP_CAST (apr_status_t (*)(void*)) +#define APR_TYPEDEF_STRUCT(type, incompletion) \ +struct type { \ + incompletion \ + void *unk[]; \ +}; + +APR_TYPEDEF_STRUCT(apr_crypto_t, \ + apr_pool_t *pool; \ + apr_crypto_driver_t *provider; \ +) + +APR_TYPEDEF_STRUCT(apr_crypto_key_t, \ + apr_pool_t *pool; \ + apr_crypto_driver_t *provider; \ + const apr_crypto_t *f; +) + +APR_TYPEDEF_STRUCT(apr_crypto_block_t, \ + apr_pool_t *pool; \ + apr_crypto_driver_t *provider; \ + const apr_crypto_t *f; +) + #if !APU_DSO_BUILD #define DRIVER_LOAD(name,driver,pool,params) \ { \ @@ -101,9 +123,9 @@ APU_DECLARE(apr_status_t) apr_crypto_ini return ret; } -APU_DECLARE(apr_status_t) apr_crypto_get_driver(apr_pool_t *pool, const char *name, - const apr_crypto_driver_t **driver, const apr_array_header_t *params, - const apu_err_t **result) { +APU_DECLARE(apr_status_t) apr_crypto_get_driver(const apr_crypto_driver_t **driver, + const char *name, const apr_array_header_t *params, const apu_err_t **result, + apr_pool_t *pool) { #if APU_DSO_BUILD char modname[32]; char symname[34]; @@ -121,7 +143,7 @@ APU_DECLARE(apr_status_t) apr_crypto_get #endif *driver = apr_hash_get(drivers, name, APR_HASH_KEY_STRING); if (*driver) { -#if APU_DSO_BUILD +#if APU_DSO_BUILD apu_dso_mutex_unlock(); #endif return APR_SUCCESS; @@ -181,8 +203,8 @@ APU_DECLARE(apr_status_t) apr_crypto_get /** * @brief Return the name of the driver. * - * @param pool - pool to register any shutdown cleanups, etc - * @return APR_SUCCESS for success. + * @param driver - The driver in use. + * @return The name of the driver. */ APU_DECLARE(const char *)apr_crypto_driver_name (const apr_crypto_driver_t *driver) { @@ -192,25 +214,30 @@ APU_DECLARE(const char *)apr_crypto_driv /** * @brief Get the result of the last operation on a context. If the result * is NULL, the operation was successful. - * @param f - context pointer * @param result - the result structure + * @param f - context pointer * @return APR_SUCCESS for success */ -APR_DECLARE(apr_status_t) apr_crypto_error(const apr_crypto_driver_t *driver, - const apr_crypto_t *f, const apu_err_t **result) { - return driver->error(f, result); +APU_DECLARE(apr_status_t) apr_crypto_error(const apu_err_t **result, + const apr_crypto_t *f) { + return f->provider->error(result, f); } /** - * @brief Create a general encryption context + * @brief Create a context for supporting encryption. Keys, certificates, + * algorithms and other parameters will be set per context. More than + * one context can be created at one time. A cleanup will be automatically + * registered with the given pool to guarantee a graceful shutdown. + * @param f - context pointer will be written here * @param driver - driver to use - * @param pool - process pool * @param params - array of key parameters - * @param f - context pointer will be written here + * @param pool - process pool + * @return APR_ENOENGINE when the engine specified does not exist. APR_EINITENGINE + * if the engine cannot be initialised. */ -APU_DECLARE(apr_status_t) apr_crypto_make(const apr_crypto_driver_t *driver, - apr_pool_t *pool, const apr_array_header_t *params, apr_crypto_t **f) { - return driver->make(pool, params, f); +APU_DECLARE(apr_status_t) apr_crypto_make(apr_crypto_t **f, const apr_crypto_driver_t *driver, + const apr_array_header_t *params, apr_pool_t *pool) { + return driver->make(f, driver, params, pool); } /** @@ -222,9 +249,9 @@ APU_DECLARE(apr_status_t) apr_crypto_mak * operations. * @note If *key is NULL, a apr_crypto_key_t will be created from a pool. If * *key is not NULL, *key must point at a previously created structure. - * @param driver - driver to use - * @param p The pool to use. - * @param f The context to use. + * @param key The key returned, see note. + * @param ivSize The size of the initialisation vector will be returned, based + * on whether an IV is relevant for this type of crypto. * @param pass The passphrase to use. * @param passLen The passphrase length in bytes * @param salt The salt to use. @@ -232,49 +259,47 @@ APU_DECLARE(apr_status_t) apr_crypto_mak * @param type 3DES_192, AES_128, AES_192, AES_256. * @param mode Electronic Code Book / Cipher Block Chaining. * @param doPad Pad if necessary. - * @param key The key returned, see note. - * @param ivSize The size of the initialisation vector will be returned, based - * on whether an IV is relevant for this type of crypto. + * @param iterations Number of iterations to use in algorithm + * @param f The context to use. + * @param p The pool to use. * @return Returns APR_ENOKEY if the pass phrase is missing or empty, or if a backend * error occurred while generating the key. APR_ENOCIPHER if the type or mode * is not supported by the particular backend. APR_EKEYTYPE if the key type is * not known. APR_EPADDING if padding was requested but is not supported. * APR_ENOTIMPL if not implemented. */ -APU_DECLARE(apr_status_t) apr_crypto_passphrase(const apr_crypto_driver_t *driver, - apr_pool_t *p, const apr_crypto_t *f, const char *pass, - apr_size_t passLen, const unsigned char * salt, apr_size_t saltLen, +APU_DECLARE(apr_status_t) apr_crypto_passphrase(apr_crypto_key_t **key, + apr_size_t *ivSize, const char *pass, apr_size_t passLen, + const unsigned char * salt, apr_size_t saltLen, const apr_crypto_block_key_type_e type, const apr_crypto_block_key_mode_e mode, const int doPad, - const int iterations, apr_crypto_key_t **key, apr_size_t *ivSize) { - return driver->passphrase(p, f, pass, passLen, salt, saltLen, type, mode, - doPad, iterations, key, ivSize); + const int iterations, const apr_crypto_t *f, apr_pool_t *p) +{ + return f->provider->passphrase(key, ivSize, pass, passLen, salt, saltLen, + type, mode, doPad, iterations, f, p); } /** * @brief Initialise a context for encrypting arbitrary data using the given key. * @note If *ctx is NULL, a apr_crypto_block_t will be created from a pool. If * *ctx is not NULL, *ctx must point at a previously created structure. - * @param driver - driver to use - * @param p The pool to use. - * @param f The block context to use. - * @param key The key structure to use. + * @param ctx The block context returned, see note. * @param iv Optional initialisation vector. If the buffer pointed to is NULL, * an IV will be created at random, in space allocated from the pool. * If the buffer pointed to is not NULL, the IV in the buffer will be * used. - * @param ctx The block context returned, see note. + * @param key The key structure to use. * @param blockSize The block size of the cipher. + * @param p The pool to use. * @return Returns APR_ENOIV if an initialisation vector is required but not specified. * Returns APR_EINIT if the backend failed to initialise the context. Returns * APR_ENOTIMPL if not implemented. */ APU_DECLARE(apr_status_t) apr_crypto_block_encrypt_init( - const apr_crypto_driver_t *driver, apr_pool_t *p, - const apr_crypto_t *f, const apr_crypto_key_t *key, - const unsigned char **iv, apr_crypto_block_t **ctx, - apr_size_t *blockSize) { - return driver->block_encrypt_init(p, f, key, iv, ctx, blockSize); + apr_crypto_block_t **ctx, const unsigned char **iv, + const apr_crypto_key_t *key, apr_size_t *blockSize, apr_pool_t *p) +{ + return key->provider->block_encrypt_init(ctx, iv, key, blockSize, p); } /** @@ -286,21 +311,20 @@ APU_DECLARE(apr_status_t) apr_crypto_blo * to NULL, a buffer sufficiently large will be created from * the pool provided. If *out points to a not-NULL value, this * value will be used as a buffer instead. - * @param driver - driver to use - * @param ctx The block context to use. * @param out Address of a buffer to which data will be written, * see note. * @param outlen Length of the output will be written here. * @param in Address of the buffer to read. * @param inlen Length of the buffer to read. + * @param ctx The block context to use. * @return APR_ECRYPT if an error occurred. Returns APR_ENOTIMPL if * not implemented. */ -APU_DECLARE(apr_status_t) apr_crypto_block_encrypt( - const apr_crypto_driver_t *driver, apr_crypto_block_t *ctx, - unsigned char **out, apr_size_t *outlen, const unsigned char *in, - apr_size_t inlen) { - return driver->block_encrypt(ctx, out, outlen, in, inlen); +APU_DECLARE(apr_status_t) apr_crypto_block_encrypt(unsigned char **out, + apr_size_t *outlen, const unsigned char *in, apr_size_t inlen, + apr_crypto_block_t *ctx) +{ + return ctx->provider->block_encrypt(out, outlen, in, inlen, ctx); } /** @@ -311,44 +335,40 @@ APU_DECLARE(apr_status_t) apr_crypto_blo * number of bytes returned as actually written by the * apr_crypto_block_encrypt() call. After this call, the context * is cleaned and can be reused by apr_crypto_block_encrypt_init(). - * @param driver - driver to use - * @param ctx The block context to use. * @param out Address of a buffer to which data will be written. This * buffer must already exist, and is usually the same * buffer used by apr_evp_crypt(). See note. * @param outlen Length of the output will be written here. + * @param ctx The block context to use. * @return APR_ECRYPT if an error occurred. * @return APR_EPADDING if padding was enabled and the block was incorrectly * formatted. * @return APR_ENOTIMPL if not implemented. */ -APU_DECLARE(apr_status_t) apr_crypto_block_encrypt_finish( - const apr_crypto_driver_t *driver, apr_crypto_block_t *ctx, - unsigned char *out, apr_size_t *outlen) { - return driver->block_encrypt_finish(ctx, out, outlen); +APU_DECLARE(apr_status_t) apr_crypto_block_encrypt_finish(unsigned char *out, + apr_size_t *outlen, apr_crypto_block_t *ctx) +{ + return ctx->provider->block_encrypt_finish(out, outlen, ctx); } /** * @brief Initialise a context for decrypting arbitrary data using the given key. * @note If *ctx is NULL, a apr_crypto_block_t will be created from a pool. If * *ctx is not NULL, *ctx must point at a previously created structure. - * @param driver - driver to use - * @param p The pool to use. - * @param f The block context to use. - * @param key The key structure to use. - * @param iv Optional initialisation vector. * @param ctx The block context returned, see note. * @param blockSize The block size of the cipher. + * @param iv Optional initialisation vector. + * @param key The key structure to use. + * @param p The pool to use. * @return Returns APR_ENOIV if an initialisation vector is required but not specified. * Returns APR_EINIT if the backend failed to initialise the context. Returns * APR_ENOTIMPL if not implemented. */ APU_DECLARE(apr_status_t) apr_crypto_block_decrypt_init( - const apr_crypto_driver_t *driver, apr_pool_t *p, - const apr_crypto_t *f, const apr_crypto_key_t *key, - const unsigned char *iv, apr_crypto_block_t **ctx, - apr_size_t *blockSize) { - return driver->block_decrypt_init(p, f, key, iv, ctx, blockSize); + apr_crypto_block_t **ctx, apr_size_t *blockSize, + const unsigned char *iv, const apr_crypto_key_t *key, apr_pool_t *p) +{ + return key->provider->block_decrypt_init(ctx, blockSize, iv, key, p); } /** @@ -360,21 +380,20 @@ APU_DECLARE(apr_status_t) apr_crypto_blo * to NULL, a buffer sufficiently large will be created from * the pool provided. If *out points to a not-NULL value, this * value will be used as a buffer instead. - * @param driver - driver to use - * @param ctx The block context to use. * @param out Address of a buffer to which data will be written, * see note. * @param outlen Length of the output will be written here. * @param in Address of the buffer to read. * @param inlen Length of the buffer to read. + * @param ctx The block context to use. * @return APR_ECRYPT if an error occurred. Returns APR_ENOTIMPL if * not implemented. */ -APU_DECLARE(apr_status_t) apr_crypto_block_decrypt( - const apr_crypto_driver_t *driver, apr_crypto_block_t *ctx, - unsigned char **out, apr_size_t *outlen, const unsigned char *in, - apr_size_t inlen) { - return driver->block_decrypt(ctx, out, outlen, in, inlen); +APU_DECLARE(apr_status_t) apr_crypto_block_decrypt(unsigned char **out, + apr_size_t *outlen, const unsigned char *in, apr_size_t inlen, + apr_crypto_block_t *ctx) +{ + return ctx->provider->block_decrypt(out, outlen, in, inlen, ctx); } /** @@ -385,57 +404,53 @@ APU_DECLARE(apr_status_t) apr_crypto_blo * number of bytes returned as actually written by the * apr_crypto_block_decrypt() call. After this call, the context * is cleaned and can be reused by apr_crypto_block_decrypt_init(). - * @param driver - driver to use - * @param ctx The block context to use. * @param out Address of a buffer to which data will be written. This * buffer must already exist, and is usually the same * buffer used by apr_evp_crypt(). See note. * @param outlen Length of the output will be written here. + * @param ctx The block context to use. * @return APR_ECRYPT if an error occurred. * @return APR_EPADDING if padding was enabled and the block was incorrectly * formatted. * @return APR_ENOTIMPL if not implemented. */ -APU_DECLARE(apr_status_t) apr_crypto_block_decrypt_finish( - const apr_crypto_driver_t *driver, apr_crypto_block_t *ctx, - unsigned char *out, apr_size_t *outlen) { - return driver->block_decrypt_finish(ctx, out, outlen); +APU_DECLARE(apr_status_t) apr_crypto_block_decrypt_finish(unsigned char *out, + apr_size_t *outlen, apr_crypto_block_t *ctx) +{ + return ctx->provider->block_decrypt_finish(out, outlen, ctx); } /** * @brief Clean encryption / decryption context. * @note After cleanup, a context is free to be reused if necessary. - * @param driver - driver to use * @param ctx The block context to use. * @return Returns APR_ENOTIMPL if not supported. */ -APU_DECLARE(apr_status_t) apr_crypto_block_cleanup( - const apr_crypto_driver_t *driver, apr_crypto_block_t *ctx) { - return driver->block_cleanup(ctx); +APU_DECLARE(apr_status_t) apr_crypto_block_cleanup(apr_crypto_block_t *ctx) +{ + return ctx->provider->block_cleanup(ctx); } /** * @brief Clean encryption / decryption context. * @note After cleanup, a context is free to be reused if necessary. - * @param driver - driver to use * @param f The context to use. * @return Returns APR_ENOTIMPL if not supported. */ -APU_DECLARE(apr_status_t) apr_crypto_cleanup(const apr_crypto_driver_t *driver, - apr_crypto_t *f) { - return driver->cleanup(f); +APU_DECLARE(apr_status_t) apr_crypto_cleanup(apr_crypto_t *f) +{ + return f->provider->cleanup(f); } /** * @brief Shutdown the crypto library. * @note After shutdown, it is expected that the init function can be called again. * @param driver - driver to use - * @param p The pool to use. * @return Returns APR_ENOTIMPL if not supported. */ -APU_DECLARE(apr_status_t) apr_crypto_shutdown(const apr_crypto_driver_t *driver, - apr_pool_t *p) { - return driver->shutdown(p); +APU_DECLARE(apr_status_t) apr_crypto_shutdown(const apr_crypto_driver_t *driver) +{ + return driver->shutdown(); } #endif /* APU_HAVE_CRYPTO */ Modified: apr/apr-util/branches/1.4.x/crypto/apr_crypto_nss.c URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.4.x/crypto/apr_crypto_nss.c?rev=1126230&r1=1126229&r2=1126230&view=diff ============================================================================== --- apr/apr-util/branches/1.4.x/crypto/apr_crypto_nss.c (original) +++ apr/apr-util/branches/1.4.x/crypto/apr_crypto_nss.c Sun May 22 21:12:25 2011 @@ -15,8 +15,6 @@ */ #include "apu.h" - -#include "apu_config.h" #include "apu_errno.h" #include @@ -48,6 +46,7 @@ struct apr_crypto_t { apr_pool_t *pool; + const apr_crypto_driver_t *provider; apu_err_t *result; apr_array_header_t *keys; apr_crypto_config_t *config; @@ -57,6 +56,9 @@ struct apr_crypto_config_t { }; struct apr_crypto_key_t { + apr_pool_t *pool; + const apr_crypto_driver_t *provider; + const apr_crypto_t *f; CK_MECHANISM_TYPE cipherMech; SECOidTag cipherOid; PK11SymKey *symKey; @@ -64,8 +66,9 @@ struct apr_crypto_key_t { }; struct apr_crypto_block_t { - const apr_crypto_t *f; apr_pool_t *pool; + const apr_crypto_driver_t *provider; + const apr_crypto_t *f; PK11Context *ctx; apr_crypto_key_t *key; int blockSize; @@ -74,9 +77,9 @@ struct apr_crypto_block_t { /** * Fetch the most recent error from this driver. */ -static apr_status_t crypto_error(const apr_crypto_t *f, const apu_err_t **result) { - *result = f->result; - return APR_SUCCESS; +static apr_status_t crypto_error(const apu_err_t **result, const apr_crypto_t *f) { + *result = f->result; + return APR_SUCCESS; } /** @@ -84,7 +87,7 @@ static apr_status_t crypto_error(const a * * It is safe to shut down twice. */ -static apr_status_t crypto_shutdown(apr_pool_t *pool) +static apr_status_t crypto_shutdown() { if (NSS_IsInitialized()) { SECStatus s = NSS_Shutdown(); @@ -98,7 +101,7 @@ static apr_status_t crypto_shutdown(apr_ static apr_status_t crypto_shutdown_helper(void *data) { apr_pool_t *pool = (apr_pool_t *) data; - return crypto_shutdown(pool); + return crypto_shutdown(); } /** @@ -166,7 +169,7 @@ static apr_status_t crypto_init(apr_pool /** * @brief Clean encryption / decryption context. * @note After cleanup, a context is free to be reused if necessary. - * @param block The block context to use. + * @param f The context to use. * @return Returns APR_ENOTIMPL if not supported. */ static apr_status_t crypto_block_cleanup(apr_crypto_block_t *block) @@ -218,15 +221,15 @@ static apr_status_t crypto_cleanup_helpe * algorithms and other parameters will be set per context. More than * one context can be created at one time. A cleanup will be automatically * registered with the given pool to guarantee a graceful shutdown. - * @param pool - process pool + * @param f - context pointer will be written here + * @param provider - provider to use * @param params - array of key parameters - * @param ff - context pointer will be written here + * @param pool - process pool * @return APR_ENOENGINE when the engine specified does not exist. APR_EINITENGINE * if the engine cannot be initialised. */ -static apr_status_t crypto_make(apr_pool_t *pool, - const apr_array_header_t *params, - apr_crypto_t **ff) +static apr_status_t crypto_make(apr_crypto_t **ff, const apr_crypto_driver_t *provider, + const apr_array_header_t *params, apr_pool_t *pool) { apr_crypto_config_t *config = NULL; /* struct apr_crypto_param_t *ents = params ? (struct apr_crypto_param_t *)params->elts : NULL; */ @@ -239,6 +242,7 @@ static apr_status_t crypto_make(apr_pool } *ff = f; f->pool = pool; + f->provider = provider; config = f->config = apr_pcalloc(pool, sizeof(apr_crypto_config_t)); if (!config) { return APR_ENOMEM; @@ -280,8 +284,9 @@ static apr_status_t crypto_make(apr_pool * operations. * @note If *key is NULL, a apr_crypto_key_t will be created from a pool. If * *key is not NULL, *key must point at a previously created structure. - * @param p The pool to use. - * @param f The context to use. + * @param key The key returned, see note. + * @param ivSize The size of the initialisation vector will be returned, based + * on whether an IV is relevant for this type of crypto. * @param pass The passphrase to use. * @param passLen The passphrase length in bytes * @param salt The salt to use. @@ -290,27 +295,19 @@ static apr_status_t crypto_make(apr_pool * @param mode Electronic Code Book / Cipher Block Chaining. * @param doPad Pad if necessary. * @param iterations Iteration count - * @param key The key returned, see note. - * @param ivSize The size of the initialisation vector will be returned, based - * on whether an IV is relevant for this type of crypto. + * @param f The context to use. + * @param p The pool to use. * @return Returns APR_ENOKEY if the pass phrase is missing or empty, or if a backend * error occurred while generating the key. APR_ENOCIPHER if the type or mode * is not supported by the particular backend. APR_EKEYTYPE if the key type is * not known. APR_EPADDING if padding was requested but is not supported. * APR_ENOTIMPL if not implemented. */ -static apr_status_t crypto_passphrase(apr_pool_t *p, - const apr_crypto_t *f, - const char *pass, - apr_size_t passLen, - const unsigned char * salt, - apr_size_t saltLen, - const apr_crypto_block_key_type_e type, - const apr_crypto_block_key_mode_e mode, - const int doPad, - const int iterations, - apr_crypto_key_t **k, - apr_size_t *ivSize) +static apr_status_t crypto_passphrase(apr_crypto_key_t **k, apr_size_t *ivSize, + const char *pass, apr_size_t passLen, const unsigned char * salt, + apr_size_t saltLen, const apr_crypto_block_key_type_e type, + const apr_crypto_block_key_mode_e mode, const int doPad, + const int iterations, const apr_crypto_t *f, apr_pool_t *p) { apr_status_t rv = APR_SUCCESS; PK11SlotInfo * slot; @@ -327,36 +324,39 @@ static apr_status_t crypto_passphrase(ap return APR_ENOMEM; } + key->f = f; + key->provider = f->provider; + /* decide on what cipher mechanism we will be using */ switch (type) { - case (KEY_3DES_192) : - if (MODE_CBC == mode) { + case (APR_KEY_3DES_192) : + if (APR_MODE_CBC == mode) { key->cipherOid = SEC_OID_DES_EDE3_CBC; } - else if (MODE_ECB == mode) { + else if (APR_MODE_ECB == mode) { return APR_ENOCIPHER; /* No OID for CKM_DES3_ECB; */ } break; - case (KEY_AES_128) : - if (MODE_CBC == mode) { + case (APR_KEY_AES_128) : + if (APR_MODE_CBC == mode) { key->cipherOid = SEC_OID_AES_128_CBC; } else { key->cipherOid = SEC_OID_AES_128_ECB; } break; - case (KEY_AES_192) : - if (MODE_CBC == mode) { + case (APR_KEY_AES_192) : + if (APR_MODE_CBC == mode) { key->cipherOid = SEC_OID_AES_192_CBC; } else { key->cipherOid = SEC_OID_AES_192_ECB; } break; - case (KEY_AES_256) : - if (MODE_CBC == mode) { + case (APR_KEY_AES_256) : + if (APR_MODE_CBC == mode) { key->cipherOid = SEC_OID_AES_256_CBC; } else { @@ -422,25 +422,21 @@ static apr_status_t crypto_passphrase(ap * @brief Initialise a context for encrypting arbitrary data using the given key. * @note If *ctx is NULL, a apr_crypto_block_t will be created from a pool. If * *ctx is not NULL, *ctx must point at a previously created structure. - * @param p The pool to use. - * @param f The block context to use. - * @param key The key structure. + * @param ctx The block context returned, see note. * @param iv Optional initialisation vector. If the buffer pointed to is NULL, * an IV will be created at random, in space allocated from the pool. * If the buffer pointed to is not NULL, the IV in the buffer will be * used. - * @param ctx The block context returned, see note. + * @param key The key structure. * @param blockSize The block size of the cipher. + * @param p The pool to use. * @return Returns APR_ENOIV if an initialisation vector is required but not specified. * Returns APR_EINIT if the backend failed to initialise the context. Returns * APR_ENOTIMPL if not implemented. */ -static apr_status_t crypto_block_encrypt_init(apr_pool_t *p, - const apr_crypto_t *f, - const apr_crypto_key_t *key, - const unsigned char **iv, - apr_crypto_block_t **ctx, - apr_size_t *blockSize) +static apr_status_t crypto_block_encrypt_init(apr_crypto_block_t **ctx, + const unsigned char **iv, const apr_crypto_key_t *key, + apr_size_t *blockSize, apr_pool_t *p) { PRErrorCode perr; SECItem * secParam; @@ -453,8 +449,9 @@ static apr_status_t crypto_block_encrypt if (!block) { return APR_ENOMEM; } - block->f = f; + block->f = key->f; block->pool = p; + block->provider = key->provider; apr_pool_cleanup_register(p, block, crypto_block_cleanup_helper, @@ -513,20 +510,18 @@ static apr_status_t crypto_block_encrypt * to NULL, a buffer sufficiently large will be created from * the pool provided. If *out points to a not-NULL value, this * value will be used as a buffer instead. - * @param block The block context to use. * @param out Address of a buffer to which data will be written, * see note. * @param outlen Length of the output will be written here. * @param in Address of the buffer to read. * @param inlen Length of the buffer to read. + * @param ctx The block context to use. * @return APR_ECRYPT if an error occurred. Returns APR_ENOTIMPL if * not implemented. */ -static apr_status_t crypto_block_encrypt(apr_crypto_block_t *block, - unsigned char **out, - apr_size_t *outlen, - const unsigned char *in, - apr_size_t inlen) +static apr_status_t crypto_block_encrypt(unsigned char **out, + apr_size_t *outlen, const unsigned char *in, apr_size_t inlen, + apr_crypto_block_t *ctx) { unsigned char *buffer; @@ -566,19 +561,18 @@ static apr_status_t crypto_block_encrypt * number of bytes returned as actually written by the * apr_crypto_block_encrypt() call. After this call, the context * is cleaned and can be reused by apr_crypto_block_encrypt_init(). - * @param block The block context to use. * @param out Address of a buffer to which data will be written. This * buffer must already exist, and is usually the same * buffer used by apr_evp_crypt(). See note. * @param outlen Length of the output will be written here. + * @param ctx The block context to use. * @return APR_ECRYPT if an error occurred. * @return APR_EPADDING if padding was enabled and the block was incorrectly * formatted. * @return APR_ENOTIMPL if not implemented. */ -static apr_status_t crypto_block_encrypt_finish(apr_crypto_block_t *block, - unsigned char *out, - apr_size_t *outlen) +static apr_status_t crypto_block_encrypt_finish(unsigned char *out, + apr_size_t *outlen, apr_crypto_block_t *ctx) { apr_status_t rv = APR_SUCCESS; @@ -605,25 +599,20 @@ static apr_status_t crypto_block_encrypt * @brief Initialise a context for decrypting arbitrary data using the given key. * @note If *ctx is NULL, a apr_crypto_block_t will be created from a pool. If * *ctx is not NULL, *ctx must point at a previously created structure. - * @param p The pool to use. - * @param f The block context to use. - * @param key The key structure. - * @param iv Optional initialisation vector. If the buffer pointed to is NULL, - * an IV will be created at random, in space allocated from the pool. - * If the buffer pointed to is not NULL, the IV in the buffer will be - * used. * @param ctx The block context returned, see note. * @param blockSize The block size of the cipher. + * @param iv Optional initialisation vector. If the buffer pointed to is NULL, + * an IV will be created at random, in space allocated from the pool. + * If the buffer is not NULL, the IV in the buffer will be used. + * @param key The key structure. + * @param p The pool to use. * @return Returns APR_ENOIV if an initialisation vector is required but not specified. * Returns APR_EINIT if the backend failed to initialise the context. Returns * APR_ENOTIMPL if not implemented. */ -static apr_status_t crypto_block_decrypt_init(apr_pool_t *p, - const apr_crypto_t *f, - const apr_crypto_key_t *key, - const unsigned char *iv, - apr_crypto_block_t **ctx, - apr_size_t *blockSize) +static apr_status_t crypto_block_decrypt_init(apr_crypto_block_t **ctx, + apr_size_t *blockSize, const unsigned char *iv, + const apr_crypto_key_t *key, apr_pool_t *p) { PRErrorCode perr; SECItem * secParam; @@ -634,8 +623,9 @@ static apr_status_t crypto_block_decrypt if (!block) { return APR_ENOMEM; } - block->f = f; + block->f = key->f; block->pool = p; + block->provider = key->provider; apr_pool_cleanup_register(p, block, crypto_block_cleanup_helper, @@ -677,24 +667,22 @@ static apr_status_t crypto_block_decrypt * @note The number of bytes written will be written to outlen. If * out is NULL, outlen will contain the maximum size of the * buffer needed to hold the data, including any data - * generated by apr_crypto_block_final below. If *out points + * generated by apr_crypto_block_decrypt_finish below. If *out points * to NULL, a buffer sufficiently large will be created from * the pool provided. If *out points to a not-NULL value, this * value will be used as a buffer instead. - * @param block The block context to use. * @param out Address of a buffer to which data will be written, * see note. * @param outlen Length of the output will be written here. * @param in Address of the buffer to read. * @param inlen Length of the buffer to read. + * @param ctx The block context to use. * @return APR_ECRYPT if an error occurred. Returns APR_ENOTIMPL if * not implemented. */ -static apr_status_t crypto_block_decrypt(apr_crypto_block_t *block, - unsigned char **out, - apr_size_t *outlen, - const unsigned char *in, - apr_size_t inlen) +static apr_status_t crypto_block_decrypt(unsigned char **out, + apr_size_t *outlen, const unsigned char *in, apr_size_t inlen, + apr_crypto_block_t *block) { unsigned char *buffer; @@ -727,26 +715,25 @@ static apr_status_t crypto_block_decrypt } /** - * @brief Encrypt final data block, write it to out. + * @brief Decrypt final data block, write it to out. * @note If necessary the final block will be written out after being * padded. Typically the final block will be written to the - * same buffer used by apr_evp_crypt, offset by the number of - * bytes returned as actually written by the apr_evp_crypt() - * call. After this call, the context is cleaned and can be - * reused by apr_env_encrypt_init() or apr_env_decrypt_init(). - * @param block The block context to use. + * same buffer used by apr_crypto_block_decrypt, offset by the + * number of bytes returned as actually written by the + * apr_crypto_block_decrypt() call. After this call, the context + * is cleaned and can be reused by apr_crypto_block_decrypt_init(). * @param out Address of a buffer to which data will be written. This * buffer must already exist, and is usually the same * buffer used by apr_evp_crypt(). See note. * @param outlen Length of the output will be written here. + * @param ctx The block context to use. * @return APR_ECRYPT if an error occurred. * @return APR_EPADDING if padding was enabled and the block was incorrectly * formatted. * @return APR_ENOTIMPL if not implemented. */ -static apr_status_t crypto_block_decrypt_finish(apr_crypto_block_t *block, - unsigned char *out, - apr_size_t *outlen) +static apr_status_t crypto_block_decrypt_finish(unsigned char *out, + apr_size_t *outlen, apr_crypto_block_t *block) { apr_status_t rv = APR_SUCCESS; Modified: apr/apr-util/branches/1.4.x/crypto/apr_crypto_openssl.c URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.4.x/crypto/apr_crypto_openssl.c?rev=1126230&r1=1126229&r2=1126230&view=diff ============================================================================== --- apr/apr-util/branches/1.4.x/crypto/apr_crypto_openssl.c (original) +++ apr/apr-util/branches/1.4.x/crypto/apr_crypto_openssl.c Sun May 22 21:12:25 2011 @@ -15,8 +15,6 @@ */ #include "apu.h" - -#include "apu_config.h" #include "apu_errno.h" #include @@ -38,6 +36,7 @@ struct apr_crypto_t { apr_pool_t *pool; + const apr_crypto_driver_t *provider; apu_err_t *result; apr_array_header_t *keys; apr_crypto_config_t *config; @@ -48,6 +47,9 @@ struct apr_crypto_config_t { }; struct apr_crypto_key_t { + apr_pool_t *pool; + const apr_crypto_driver_t *provider; + const apr_crypto_t *f; const EVP_CIPHER * cipher; unsigned char *key; int keyLen; @@ -56,8 +58,9 @@ struct apr_crypto_key_t { }; struct apr_crypto_block_t { - const apr_crypto_t *f; apr_pool_t *pool; + const apr_crypto_driver_t *provider; + const apr_crypto_t *f; EVP_CIPHER_CTX cipherCtx; int initialised; int ivSize; @@ -68,15 +71,15 @@ struct apr_crypto_block_t { /** * Fetch the most recent error from this driver. */ -static apr_status_t crypto_error(const apr_crypto_t *f, const apu_err_t **result) { - *result = f->result; - return APR_SUCCESS; +static apr_status_t crypto_error(const apu_err_t **result, const apr_crypto_t *f) { + *result = f->result; + return APR_SUCCESS; } /** * Shutdown the crypto library and release resources. */ -static apr_status_t crypto_shutdown(apr_pool_t *pool) { +static apr_status_t crypto_shutdown() { ERR_free_strings(); EVP_cleanup(); ENGINE_cleanup(); @@ -85,7 +88,7 @@ static apr_status_t crypto_shutdown(apr_ static apr_status_t crypto_shutdown_helper(void *data) { apr_pool_t *pool = (apr_pool_t *) data; - return crypto_shutdown(pool); + return crypto_shutdown(); } /** @@ -155,14 +158,16 @@ static apr_status_t crypto_cleanup_helpe * algorithms and other parameters will be set per context. More than * one context can be created at one time. A cleanup will be automatically * registered with the given pool to guarantee a graceful shutdown. - * @param pool - process pool + * @param f - context pointer will be written here + * @param provider - provider to use * @param params - array of key parameters - * @param ff - context pointer will be written here + * @param pool - process pool * @return APR_ENOENGINE when the engine specified does not exist. APR_EINITENGINE * if the engine cannot be initialised. */ -static apr_status_t crypto_make(apr_pool_t *pool, - const apr_array_header_t *params, apr_crypto_t **ff) { +static apr_status_t crypto_make(apr_crypto_t **ff, const apr_crypto_driver_t *provider, + const apr_array_header_t *params, apr_pool_t *pool) +{ apr_crypto_config_t *config = NULL; struct apr_crypto_param_t *ents = params ? (struct apr_crypto_param_t *) params->elts : NULL; @@ -173,6 +178,7 @@ static apr_status_t crypto_make(apr_pool } *ff = f; f->pool = pool; + f->provider = provider; config = f->config = apr_pcalloc(pool, sizeof(apr_crypto_config_t)); if (!config) { return APR_ENOMEM; @@ -215,8 +221,9 @@ static apr_status_t crypto_make(apr_pool * operations. * @note If *key is NULL, a apr_crypto_key_t will be created from a pool. If * *key is not NULL, *key must point at a previously created structure. - * @param p The pool to use. - * @param f The context to use. + * @param key The key returned, see note. + * @param ivSize The size of the initialisation vector will be returned, based + * on whether an IV is relevant for this type of crypto. * @param pass The passphrase to use. * @param passLen The passphrase length in bytes * @param salt The salt to use. @@ -225,20 +232,20 @@ static apr_status_t crypto_make(apr_pool * @param mode Electronic Code Book / Cipher Block Chaining. * @param doPad Pad if necessary. * @param iterations Iteration count - * @param key The key returned, see note. - * @param ivSize The size of the initialisation vector will be returned, based - * on whether an IV is relevant for this type of crypto. + * @param f The context to use. + * @param p The pool to use. * @return Returns APR_ENOKEY if the pass phrase is missing or empty, or if a backend * error occurred while generating the key. APR_ENOCIPHER if the type or mode * is not supported by the particular backend. APR_EKEYTYPE if the key type is * not known. APR_EPADDING if padding was requested but is not supported. * APR_ENOTIMPL if not implemented. */ -static apr_status_t crypto_passphrase(apr_pool_t *p, const apr_crypto_t *f, +static apr_status_t crypto_passphrase(apr_crypto_key_t **k, apr_size_t *ivSize, const char *pass, apr_size_t passLen, const unsigned char * salt, apr_size_t saltLen, const apr_crypto_block_key_type_e type, const apr_crypto_block_key_mode_e mode, const int doPad, - const int iterations, apr_crypto_key_t **k, apr_size_t *ivSize) { + const int iterations, const apr_crypto_t *f, apr_pool_t *p) +{ apr_crypto_key_t *key = *k; if (!key) { @@ -248,40 +255,43 @@ static apr_status_t crypto_passphrase(ap return APR_ENOMEM; } + key->f = f; + key->provider = f->provider; + /* determine the cipher to be used */ switch (type) { - case (KEY_3DES_192): + case (APR_KEY_3DES_192): /* A 3DES key */ - if (mode == MODE_CBC) { + if (mode == APR_MODE_CBC) { key->cipher = EVP_des_ede3_cbc(); } else { key->cipher = EVP_des_ede3_ecb(); } break; - case (KEY_AES_128): + case (APR_KEY_AES_128): - if (mode == MODE_CBC) { + if (mode == APR_MODE_CBC) { key->cipher = EVP_aes_128_cbc(); } else { key->cipher = EVP_aes_128_ecb(); } break; - case (KEY_AES_192): + case (APR_KEY_AES_192): - if (mode == MODE_CBC) { + if (mode == APR_MODE_CBC) { key->cipher = EVP_aes_192_cbc(); } else { key->cipher = EVP_aes_192_ecb(); } break; - case (KEY_AES_256): + case (APR_KEY_AES_256): - if (mode == MODE_CBC) { + if (mode == APR_MODE_CBC) { key->cipher = EVP_aes_256_cbc(); } else { key->cipher = EVP_aes_256_ecb(); @@ -315,7 +325,7 @@ static apr_status_t crypto_passphrase(ap /* note: openssl incorrectly returns non zero IV size values for ECB * algorithms, so work around this by ignoring the IV size. */ - if (MODE_ECB != mode) { + if (APR_MODE_ECB != mode) { key->ivSize = EVP_CIPHER_iv_length(key->cipher); } if (ivSize) { @@ -329,22 +339,24 @@ static apr_status_t crypto_passphrase(ap * @brief Initialise a context for encrypting arbitrary data using the given key. * @note If *ctx is NULL, a apr_crypto_block_t will be created from a pool. If * *ctx is not NULL, *ctx must point at a previously created structure. - * @param p The pool to use. - * @param f The block context to use. - * @param key The key - * @param iv Optional initialisation vector. * @param ctx The block context returned, see note. + * @param iv Optional initialisation vector. If the buffer pointed to is NULL, + * an IV will be created at random, in space allocated from the pool. + * If the buffer pointed to is not NULL, the IV in the buffer will be + * used. + * @param key The key structure. * @param blockSize The block size of the cipher. + * @param p The pool to use. * @return Returns APR_ENOIV if an initialisation vector is required but not specified. * Returns APR_EINIT if the backend failed to initialise the context. Returns * APR_ENOTIMPL if not implemented. */ -static apr_status_t crypto_block_encrypt_init(apr_pool_t *p, - const apr_crypto_t *f, const apr_crypto_key_t *key, - const unsigned char **iv, apr_crypto_block_t **ctx, - apr_size_t *blockSize) { +static apr_status_t crypto_block_encrypt_init(apr_crypto_block_t **ctx, + const unsigned char **iv, const apr_crypto_key_t *key, + apr_size_t *blockSize, apr_pool_t *p) +{ unsigned char *usedIv; - apr_crypto_config_t *config = f->config; + apr_crypto_config_t *config = key->f->config; apr_crypto_block_t *block = *ctx; if (!block) { *ctx = block = apr_pcalloc(p, sizeof(apr_crypto_block_t)); @@ -352,8 +364,9 @@ static apr_status_t crypto_block_encrypt if (!block) { return APR_ENOMEM; } - block->f = f; + block->f = key->f; block->pool = p; + block->provider = key->provider; apr_pool_cleanup_register(p, block, crypto_block_cleanup_helper, apr_pool_cleanup_null); @@ -415,18 +428,19 @@ static apr_status_t crypto_block_encrypt * to NULL, a buffer sufficiently large will be created from * the pool provided. If *out points to a not-NULL value, this * value will be used as a buffer instead. - * @param ctx The block context to use. * @param out Address of a buffer to which data will be written, * see note. * @param outlen Length of the output will be written here. * @param in Address of the buffer to read. * @param inlen Length of the buffer to read. + * @param ctx The block context to use. * @return APR_ECRYPT if an error occurred. Returns APR_ENOTIMPL if * not implemented. */ -static apr_status_t crypto_block_encrypt(apr_crypto_block_t *ctx, - unsigned char **out, apr_size_t *outlen, const unsigned char *in, - apr_size_t inlen) { +static apr_status_t crypto_block_encrypt(unsigned char **out, + apr_size_t *outlen, const unsigned char *in, apr_size_t inlen, + apr_crypto_block_t *ctx) +{ int outl = *outlen; unsigned char *buffer; @@ -467,18 +481,19 @@ static apr_status_t crypto_block_encrypt * number of bytes returned as actually written by the * apr_crypto_block_encrypt() call. After this call, the context * is cleaned and can be reused by apr_crypto_block_encrypt_init(). - * @param ctx The block context to use. * @param out Address of a buffer to which data will be written. This * buffer must already exist, and is usually the same * buffer used by apr_evp_crypt(). See note. * @param outlen Length of the output will be written here. + * @param ctx The block context to use. * @return APR_ECRYPT if an error occurred. * @return APR_EPADDING if padding was enabled and the block was incorrectly * formatted. * @return APR_ENOTIMPL if not implemented. */ -static apr_status_t crypto_block_encrypt_finish(apr_crypto_block_t *ctx, - unsigned char *out, apr_size_t *outlen) { +static apr_status_t crypto_block_encrypt_finish(unsigned char *out, + apr_size_t *outlen, apr_crypto_block_t *ctx) +{ int len = *outlen; if (EVP_EncryptFinal_ex(&ctx->cipherCtx, out, &len) == 0) { @@ -494,23 +509,22 @@ static apr_status_t crypto_block_encrypt * @brief Initialise a context for decrypting arbitrary data using the given key. * @note If *ctx is NULL, a apr_crypto_block_t will be created from a pool. If * *ctx is not NULL, *ctx must point at a previously created structure. - * @param p The pool to use. - * @param f The block context to use. - * @param key The key structure. + * @param ctx The block context returned, see note. + * @param blockSize The block size of the cipher. * @param iv Optional initialisation vector. If the buffer pointed to is NULL, * an IV will be created at random, in space allocated from the pool. * If the buffer is not NULL, the IV in the buffer will be used. - * @param ctx The block context returned, see note. - * @param blockSize The block size of the cipher. + * @param key The key structure. + * @param p The pool to use. * @return Returns APR_ENOIV if an initialisation vector is required but not specified. * Returns APR_EINIT if the backend failed to initialise the context. Returns * APR_ENOTIMPL if not implemented. */ -static apr_status_t crypto_block_decrypt_init(apr_pool_t *p, - const apr_crypto_t *f, const apr_crypto_key_t *key, - const unsigned char *iv, apr_crypto_block_t **ctx, - apr_size_t *blockSize) { - apr_crypto_config_t *config = f->config; +static apr_status_t crypto_block_decrypt_init(apr_crypto_block_t **ctx, + apr_size_t *blockSize, const unsigned char *iv, + const apr_crypto_key_t *key, apr_pool_t *p) +{ + apr_crypto_config_t *config = key->f->config; apr_crypto_block_t *block = *ctx; if (!block) { *ctx = block = apr_pcalloc(p, sizeof(apr_crypto_block_t)); @@ -518,8 +532,9 @@ static apr_status_t crypto_block_decrypt if (!block) { return APR_ENOMEM; } - block->f = f; + block->f = key->f; block->pool = p; + block->provider = key->provider; apr_pool_cleanup_register(p, block, crypto_block_cleanup_helper, apr_pool_cleanup_null); @@ -563,23 +578,23 @@ static apr_status_t crypto_block_decrypt * @note The number of bytes written will be written to outlen. If * out is NULL, outlen will contain the maximum size of the * buffer needed to hold the data, including any data - * generated by apr_crypto_block_final below. If *out points + * generated by apr_crypto_block_decrypt_finish below. If *out points * to NULL, a buffer sufficiently large will be created from * the pool provided. If *out points to a not-NULL value, this * value will be used as a buffer instead. - * @param ctx The block context to use. * @param out Address of a buffer to which data will be written, * see note. * @param outlen Length of the output will be written here. * @param in Address of the buffer to read. * @param inlen Length of the buffer to read. + * @param ctx The block context to use. * @return APR_ECRYPT if an error occurred. Returns APR_ENOTIMPL if * not implemented. */ -static apr_status_t crypto_block_decrypt(apr_crypto_block_t *ctx, - unsigned char **out, apr_size_t *outlen, const unsigned char *in, - apr_size_t inlen) { - +static apr_status_t crypto_block_decrypt(unsigned char **out, + apr_size_t *outlen, const unsigned char *in, apr_size_t inlen, + apr_crypto_block_t *ctx) +{ int outl = *outlen; unsigned char *buffer; @@ -616,22 +631,23 @@ static apr_status_t crypto_block_decrypt * @brief Decrypt final data block, write it to out. * @note If necessary the final block will be written out after being * padded. Typically the final block will be written to the - * same buffer used by apr_evp_crypt, offset by the number of - * bytes returned as actually written by the apr_evp_crypt() - * call. After this call, the context is cleaned and can be - * reused by apr_env_encrypt_init() or apr_env_decrypt_init(). - * @param ctx The block context to use. + * same buffer used by apr_crypto_block_decrypt, offset by the + * number of bytes returned as actually written by the + * apr_crypto_block_decrypt() call. After this call, the context + * is cleaned and can be reused by apr_crypto_block_decrypt_init(). * @param out Address of a buffer to which data will be written. This * buffer must already exist, and is usually the same * buffer used by apr_evp_crypt(). See note. * @param outlen Length of the output will be written here. + * @param ctx The block context to use. * @return APR_ECRYPT if an error occurred. * @return APR_EPADDING if padding was enabled and the block was incorrectly * formatted. * @return APR_ENOTIMPL if not implemented. */ -static apr_status_t crypto_block_decrypt_finish(apr_crypto_block_t *ctx, - unsigned char *out, apr_size_t *outlen) { +static apr_status_t crypto_block_decrypt_finish(unsigned char *out, + apr_size_t *outlen, apr_crypto_block_t *ctx) +{ int len = *outlen; @@ -652,6 +668,6 @@ APU_MODULE_DECLARE_DATA const apr_crypto crypto_block_encrypt_init, crypto_block_encrypt, crypto_block_encrypt_finish, crypto_block_decrypt_init, crypto_block_decrypt, crypto_block_decrypt_finish, - crypto_block_cleanup, crypto_cleanup, crypto_shutdown, crypto_error}; + crypto_block_cleanup, crypto_cleanup, crypto_shutdown, crypto_error }; #endif Modified: apr/apr-util/branches/1.4.x/include/apr_crypto.h URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.4.x/include/apr_crypto.h?rev=1126230&r1=1126229&r2=1126230&view=diff ============================================================================== --- apr/apr-util/branches/1.4.x/include/apr_crypto.h (original) +++ apr/apr-util/branches/1.4.x/include/apr_crypto.h Sun May 22 21:12:25 2011 @@ -142,17 +142,18 @@ extern "C" { */ typedef enum { - KEY_NONE, KEY_3DES_192, /** 192 bit (3-Key) 3DES */ - KEY_AES_128, /** 128 bit AES */ - KEY_AES_192, /** 192 bit AES */ - KEY_AES_256 + APR_KEY_NONE, + APR_KEY_3DES_192, /** 192 bit (3-Key) 3DES */ + APR_KEY_AES_128, /** 128 bit AES */ + APR_KEY_AES_192, /** 192 bit AES */ + APR_KEY_AES_256 /** 256 bit AES */ } apr_crypto_block_key_type_e; typedef enum { - MODE_NONE, /** An error condition */ - MODE_ECB, /** Electronic Code Book */ - MODE_CBC + APR_MODE_NONE, /** An error condition */ + APR_MODE_ECB, /** Electronic Code Book */ + APR_MODE_CBC /** Cipher Block Chaining */ } apr_crypto_block_key_mode_e; @@ -184,6 +185,7 @@ typedef struct apr_crypto_block_t apr_cr * @brief Perform once-only initialisation. Call once only. * * @param pool - pool to register any shutdown cleanups, etc + * @param params - array of initialisation parameters * @return APR_NOTIMPL in case of no crypto support. */ APU_DECLARE(apr_status_t) apr_crypto_init(apr_pool_t *pool, @@ -192,17 +194,19 @@ APU_DECLARE(apr_status_t) apr_crypto_ini /** * @brief Get the driver struct for a name * - * @param pool - (process) pool to register cleanup - * @param name - driver name * @param driver - pointer to driver struct. + * @param name - driver name + * @param params - array of initialisation parameters + * @param result - result and error message on failure + * @param pool - (process) pool to register cleanup * @return APR_SUCCESS for success * @return APR_ENOTIMPL for no driver (when DSO not enabled) * @return APR_EDSOOPEN if DSO driver file can't be opened * @return APR_ESYMNOTFOUND if the driver file doesn't contain a driver */ -APU_DECLARE(apr_status_t) apr_crypto_get_driver(apr_pool_t *pool, const char *name, - const apr_crypto_driver_t **driver, const apr_array_header_t *params, - const apu_err_t **result); +APU_DECLARE(apr_status_t) apr_crypto_get_driver(const apr_crypto_driver_t **driver, + const char *name, const apr_array_header_t *params, const apu_err_t **result, + apr_pool_t *pool); /** * @brief Return the name of the driver. @@ -210,32 +214,32 @@ APU_DECLARE(apr_status_t) apr_crypto_get * @param driver - The driver in use. * @return The name of the driver. */ -APU_DECLARE(const char *)apr_crypto_driver_name (const apr_crypto_driver_t *driver); +APU_DECLARE(const char *) apr_crypto_driver_name(const apr_crypto_driver_t *driver); /** * @brief Get the result of the last operation on a context. If the result * is NULL, the operation was successful. - * @param f - context pointer * @param result - the result structure + * @param f - context pointer * @return APR_SUCCESS for success */ -APR_DECLARE(apr_status_t) apr_crypto_error(const apr_crypto_driver_t *driver, - const apr_crypto_t *f, const apu_err_t **result); +APU_DECLARE(apr_status_t) apr_crypto_error(const apu_err_t **result, + const apr_crypto_t *f); /** * @brief Create a context for supporting encryption. Keys, certificates, * algorithms and other parameters will be set per context. More than * one context can be created at one time. A cleanup will be automatically * registered with the given pool to guarantee a graceful shutdown. + * @param f - context pointer will be written here * @param driver - driver to use - * @param pool - process pool * @param params - array of key parameters - * @param f - context pointer will be written here + * @param pool - process pool * @return APR_ENOENGINE when the engine specified does not exist. APR_EINITENGINE * if the engine cannot be initialised. */ -APU_DECLARE(apr_status_t) apr_crypto_make(const apr_crypto_driver_t *driver, - apr_pool_t *pool, const apr_array_header_t *params, apr_crypto_t **f); +APU_DECLARE(apr_status_t) apr_crypto_make(apr_crypto_t **f, const apr_crypto_driver_t *driver, + const apr_array_header_t *params, apr_pool_t *pool); /** * @brief Create a key from the given passphrase. By default, the PBKDF2 @@ -246,9 +250,9 @@ APU_DECLARE(apr_status_t) apr_crypto_mak * operations. * @note If *key is NULL, a apr_crypto_key_t will be created from a pool. If * *key is not NULL, *key must point at a previously created structure. - * @param driver - driver to use - * @param p The pool to use. - * @param f The context to use. + * @param key The key returned, see note. + * @param ivSize The size of the initialisation vector will be returned, based + * on whether an IV is relevant for this type of crypto. * @param pass The passphrase to use. * @param passLen The passphrase length in bytes * @param salt The salt to use. @@ -256,45 +260,41 @@ APU_DECLARE(apr_status_t) apr_crypto_mak * @param type 3DES_192, AES_128, AES_192, AES_256. * @param mode Electronic Code Book / Cipher Block Chaining. * @param doPad Pad if necessary. - * @param key The key returned, see note. - * @param ivSize The size of the initialisation vector will be returned, based - * on whether an IV is relevant for this type of crypto. + * @param iterations Number of iterations to use in algorithm + * @param f The context to use. + * @param p The pool to use. * @return Returns APR_ENOKEY if the pass phrase is missing or empty, or if a backend * error occurred while generating the key. APR_ENOCIPHER if the type or mode * is not supported by the particular backend. APR_EKEYTYPE if the key type is * not known. APR_EPADDING if padding was requested but is not supported. * APR_ENOTIMPL if not implemented. */ -APU_DECLARE(apr_status_t) apr_crypto_passphrase(const apr_crypto_driver_t *driver, - apr_pool_t *p, const apr_crypto_t *f, const char *pass, - apr_size_t passLen, const unsigned char * salt, apr_size_t saltLen, +APU_DECLARE(apr_status_t) apr_crypto_passphrase(apr_crypto_key_t **key, + apr_size_t *ivSize, const char *pass, apr_size_t passLen, + const unsigned char * salt, apr_size_t saltLen, const apr_crypto_block_key_type_e type, const apr_crypto_block_key_mode_e mode, const int doPad, - const int iterations, apr_crypto_key_t **key, apr_size_t *ivSize); + const int iterations, const apr_crypto_t *f, apr_pool_t *p); /** * @brief Initialise a context for encrypting arbitrary data using the given key. * @note If *ctx is NULL, a apr_crypto_block_t will be created from a pool. If * *ctx is not NULL, *ctx must point at a previously created structure. - * @param driver - driver to use - * @param p The pool to use. - * @param f The block context to use. - * @param key The key structure to use. + * @param ctx The block context returned, see note. * @param iv Optional initialisation vector. If the buffer pointed to is NULL, * an IV will be created at random, in space allocated from the pool. * If the buffer pointed to is not NULL, the IV in the buffer will be * used. - * @param ctx The block context returned, see note. + * @param key The key structure to use. * @param blockSize The block size of the cipher. + * @param p The pool to use. * @return Returns APR_ENOIV if an initialisation vector is required but not specified. * Returns APR_EINIT if the backend failed to initialise the context. Returns * APR_ENOTIMPL if not implemented. */ APU_DECLARE(apr_status_t) apr_crypto_block_encrypt_init( - const apr_crypto_driver_t *driver, apr_pool_t *p, - const apr_crypto_t *f, const apr_crypto_key_t *key, - const unsigned char **iv, apr_crypto_block_t **ctx, - apr_size_t *blockSize); + apr_crypto_block_t **ctx, const unsigned char **iv, + const apr_crypto_key_t *key, apr_size_t *blockSize, apr_pool_t *p); /** * @brief Encrypt data provided by in, write it to out. @@ -305,20 +305,18 @@ APU_DECLARE(apr_status_t) apr_crypto_blo * to NULL, a buffer sufficiently large will be created from * the pool provided. If *out points to a not-NULL value, this * value will be used as a buffer instead. - * @param driver - driver to use - * @param ctx The block context to use. * @param out Address of a buffer to which data will be written, * see note. * @param outlen Length of the output will be written here. * @param in Address of the buffer to read. * @param inlen Length of the buffer to read. + * @param ctx The block context to use. * @return APR_ECRYPT if an error occurred. Returns APR_ENOTIMPL if * not implemented. */ -APU_DECLARE(apr_status_t) apr_crypto_block_encrypt( - const apr_crypto_driver_t *driver, apr_crypto_block_t *ctx, - unsigned char **out, apr_size_t *outlen, const unsigned char *in, - apr_size_t inlen); +APU_DECLARE(apr_status_t) apr_crypto_block_encrypt(unsigned char **out, + apr_size_t *outlen, const unsigned char *in, apr_size_t inlen, + apr_crypto_block_t *ctx); /** * @brief Encrypt final data block, write it to out. @@ -328,41 +326,35 @@ APU_DECLARE(apr_status_t) apr_crypto_blo * number of bytes returned as actually written by the * apr_crypto_block_encrypt() call. After this call, the context * is cleaned and can be reused by apr_crypto_block_encrypt_init(). - * @param driver - driver to use - * @param ctx The block context to use. * @param out Address of a buffer to which data will be written. This * buffer must already exist, and is usually the same * buffer used by apr_evp_crypt(). See note. * @param outlen Length of the output will be written here. + * @param ctx The block context to use. * @return APR_ECRYPT if an error occurred. * @return APR_EPADDING if padding was enabled and the block was incorrectly * formatted. * @return APR_ENOTIMPL if not implemented. */ -APU_DECLARE(apr_status_t) apr_crypto_block_encrypt_finish( - const apr_crypto_driver_t *driver, apr_crypto_block_t *ctx, - unsigned char *out, apr_size_t *outlen); +APU_DECLARE(apr_status_t) apr_crypto_block_encrypt_finish(unsigned char *out, + apr_size_t *outlen, apr_crypto_block_t *ctx); /** * @brief Initialise a context for decrypting arbitrary data using the given key. * @note If *ctx is NULL, a apr_crypto_block_t will be created from a pool. If * *ctx is not NULL, *ctx must point at a previously created structure. - * @param driver - driver to use - * @param p The pool to use. - * @param f The block context to use. - * @param key The key structure to use. - * @param iv Optional initialisation vector. * @param ctx The block context returned, see note. * @param blockSize The block size of the cipher. + * @param iv Optional initialisation vector. + * @param key The key structure to use. + * @param p The pool to use. * @return Returns APR_ENOIV if an initialisation vector is required but not specified. * Returns APR_EINIT if the backend failed to initialise the context. Returns * APR_ENOTIMPL if not implemented. */ APU_DECLARE(apr_status_t) apr_crypto_block_decrypt_init( - const apr_crypto_driver_t *driver, apr_pool_t *p, - const apr_crypto_t *f, const apr_crypto_key_t *key, - const unsigned char *iv, apr_crypto_block_t **ctx, - apr_size_t *blockSize); + apr_crypto_block_t **ctx, apr_size_t *blockSize, + const unsigned char *iv, const apr_crypto_key_t *key, apr_pool_t *p); /** * @brief Decrypt data provided by in, write it to out. @@ -373,20 +365,18 @@ APU_DECLARE(apr_status_t) apr_crypto_blo * to NULL, a buffer sufficiently large will be created from * the pool provided. If *out points to a not-NULL value, this * value will be used as a buffer instead. - * @param driver - driver to use - * @param ctx The block context to use. * @param out Address of a buffer to which data will be written, * see note. * @param outlen Length of the output will be written here. * @param in Address of the buffer to read. * @param inlen Length of the buffer to read. + * @param ctx The block context to use. * @return APR_ECRYPT if an error occurred. Returns APR_ENOTIMPL if * not implemented. */ -APU_DECLARE(apr_status_t) apr_crypto_block_decrypt( - const apr_crypto_driver_t *driver, apr_crypto_block_t *ctx, - unsigned char **out, apr_size_t *outlen, const unsigned char *in, - apr_size_t inlen); +APU_DECLARE(apr_status_t) apr_crypto_block_decrypt(unsigned char **out, + apr_size_t *outlen, const unsigned char *in, apr_size_t inlen, + apr_crypto_block_t *ctx); /** * @brief Decrypt final data block, write it to out. @@ -396,50 +386,42 @@ APU_DECLARE(apr_status_t) apr_crypto_blo * number of bytes returned as actually written by the * apr_crypto_block_decrypt() call. After this call, the context * is cleaned and can be reused by apr_crypto_block_decrypt_init(). - * @param driver - driver to use - * @param ctx The block context to use. * @param out Address of a buffer to which data will be written. This * buffer must already exist, and is usually the same * buffer used by apr_evp_crypt(). See note. * @param outlen Length of the output will be written here. + * @param ctx The block context to use. * @return APR_ECRYPT if an error occurred. * @return APR_EPADDING if padding was enabled and the block was incorrectly * formatted. * @return APR_ENOTIMPL if not implemented. */ -APU_DECLARE(apr_status_t) apr_crypto_block_decrypt_finish( - const apr_crypto_driver_t *driver, apr_crypto_block_t *ctx, - unsigned char *out, apr_size_t *outlen); +APU_DECLARE(apr_status_t) apr_crypto_block_decrypt_finish(unsigned char *out, + apr_size_t *outlen, apr_crypto_block_t *ctx); /** * @brief Clean encryption / decryption context. * @note After cleanup, a context is free to be reused if necessary. - * @param driver - driver to use * @param ctx The block context to use. * @return Returns APR_ENOTIMPL if not supported. */ -APU_DECLARE(apr_status_t) apr_crypto_block_cleanup( - const apr_crypto_driver_t *driver, apr_crypto_block_t *ctx); +APU_DECLARE(apr_status_t) apr_crypto_block_cleanup(apr_crypto_block_t *ctx); /** * @brief Clean encryption / decryption context. * @note After cleanup, a context is free to be reused if necessary. - * @param driver - driver to use * @param f The context to use. * @return Returns APR_ENOTIMPL if not supported. */ -APU_DECLARE(apr_status_t) apr_crypto_cleanup(const apr_crypto_driver_t *driver, - apr_crypto_t *f); +APU_DECLARE(apr_status_t) apr_crypto_cleanup(apr_crypto_t *f); /** * @brief Shutdown the crypto library. * @note After shutdown, it is expected that the init function can be called again. * @param driver - driver to use - * @param p The pool to use. * @return Returns APR_ENOTIMPL if not supported. */ -APU_DECLARE(apr_status_t) apr_crypto_shutdown(const apr_crypto_driver_t *driver, - apr_pool_t *p); +APU_DECLARE(apr_status_t) apr_crypto_shutdown(const apr_crypto_driver_t *driver); #endif /* APU_HAVE_CRYPTO */ Modified: apr/apr-util/branches/1.4.x/include/private/apr_crypto_internal.h URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.4.x/include/private/apr_crypto_internal.h?rev=1126230&r1=1126229&r2=1126230&view=diff ============================================================================== --- apr/apr-util/branches/1.4.x/include/private/apr_crypto_internal.h (original) +++ apr/apr-util/branches/1.4.x/include/private/apr_crypto_internal.h Sun May 22 21:12:25 2011 @@ -46,14 +46,15 @@ struct apr_crypto_driver_t { * algorithms and other parameters will be set per context. More than * one context can be created at one time. A cleanup will be automatically * registered with the given pool to guarantee a graceful shutdown. - * @param pool - process pool - * @param params - array of key parameters * @param f - context pointer will be written here + * @param provider - provider to use + * @param params - array of key parameters + * @param pool - process pool * @return APR_ENOENGINE when the engine specified does not exist. APR_EINITENGINE * if the engine cannot be initialised. */ - apr_status_t (*make)(apr_pool_t *pool, const apr_array_header_t *params, - apr_crypto_t **f); + apr_status_t (*make)(apr_crypto_t **f, const apr_crypto_driver_t *provider, + const apr_array_header_t *params, apr_pool_t *pool); /** * @brief Create a key from the given passphrase. By default, the PBKDF2 @@ -64,8 +65,9 @@ struct apr_crypto_driver_t { * operations. * @note If *key is NULL, a apr_crypto_key_t will be created from a pool. If * *key is not NULL, *key must point at a previously created structure. - * @param p The pool to use. - * @param f The context to use. + * @param key The key returned, see note. + * @param ivSize The size of the initialisation vector will be returned, based + * on whether an IV is relevant for this type of crypto. * @param pass The passphrase to use. * @param passLen The passphrase length in bytes * @param salt The salt to use. @@ -74,41 +76,39 @@ struct apr_crypto_driver_t { * @param mode Electronic Code Book / Cipher Block Chaining. * @param doPad Pad if necessary. * @param iterations Iteration count - * @param key The key returned, see note. - * @param ivSize The size of the initialisation vector will be returned, based - * on whether an IV is relevant for this type of crypto. + * @param f The context to use. + * @param p The pool to use. * @return Returns APR_ENOKEY if the pass phrase is missing or empty, or if a backend * error occurred while generating the key. APR_ENOCIPHER if the type or mode * is not supported by the particular backend. APR_EKEYTYPE if the key type is * not known. APR_EPADDING if padding was requested but is not supported. * APR_ENOTIMPL if not implemented. */ - apr_status_t (*passphrase)(apr_pool_t *p, const apr_crypto_t *f, + apr_status_t (*passphrase)(apr_crypto_key_t **key, apr_size_t *ivSize, const char *pass, apr_size_t passLen, const unsigned char * salt, apr_size_t saltLen, const apr_crypto_block_key_type_e type, const apr_crypto_block_key_mode_e mode, const int doPad, - const int iterations, apr_crypto_key_t **key, apr_size_t *ivSize); + const int iterations, const apr_crypto_t *f, apr_pool_t *p); /** * @brief Initialise a context for encrypting arbitrary data using the given key. * @note If *ctx is NULL, a apr_crypto_block_t will be created from a pool. If * *ctx is not NULL, *ctx must point at a previously created structure. - * @param p The pool to use. - * @param f The block context to use. - * @param key The key structure. + * @param ctx The block context returned, see note. * @param iv Optional initialisation vector. If the buffer pointed to is NULL, * an IV will be created at random, in space allocated from the pool. * If the buffer pointed to is not NULL, the IV in the buffer will be * used. - * @param ctx The block context returned, see note. + * @param key The key structure. * @param blockSize The block size of the cipher. + * @param p The pool to use. * @return Returns APR_ENOIV if an initialisation vector is required but not specified. * Returns APR_EINIT if the backend failed to initialise the context. Returns * APR_ENOTIMPL if not implemented. */ - apr_status_t (*block_encrypt_init)(apr_pool_t *p, const apr_crypto_t *f, - const apr_crypto_key_t *key, const unsigned char **iv, - apr_crypto_block_t **ctx, apr_size_t *blockSize); + apr_status_t (*block_encrypt_init)(apr_crypto_block_t **ctx, + const unsigned char **iv, const apr_crypto_key_t *key, + apr_size_t *blockSize, apr_pool_t *p); /** * @brief Encrypt data provided by in, write it to out. @@ -119,17 +119,17 @@ struct apr_crypto_driver_t { * to NULL, a buffer sufficiently large will be created from * the pool provided. If *out points to a not-NULL value, this * value will be used as a buffer instead. - * @param ctx The block context to use. * @param out Address of a buffer to which data will be written, * see note. * @param outlen Length of the output will be written here. * @param in Address of the buffer to read. * @param inlen Length of the buffer to read. + * @param ctx The block context to use. * @return APR_ECRYPT if an error occurred. Returns APR_ENOTIMPL if * not implemented. */ - apr_status_t (*block_encrypt)(apr_crypto_block_t *ctx, unsigned char **out, - apr_size_t *outlen, const unsigned char *in, apr_size_t inlen); + apr_status_t (*block_encrypt)(unsigned char **out, apr_size_t *outlen, + const unsigned char *in, apr_size_t inlen, apr_crypto_block_t *ctx); /** * @brief Encrypt final data block, write it to out. @@ -139,38 +139,37 @@ struct apr_crypto_driver_t { * number of bytes returned as actually written by the * apr_crypto_block_encrypt() call. After this call, the context * is cleaned and can be reused by apr_crypto_block_encrypt_init(). - * @param ctx The block context to use. * @param out Address of a buffer to which data will be written. This * buffer must already exist, and is usually the same * buffer used by apr_evp_crypt(). See note. * @param outlen Length of the output will be written here. + * @param ctx The block context to use. * @return APR_ECRYPT if an error occurred. * @return APR_EPADDING if padding was enabled and the block was incorrectly * formatted. * @return APR_ENOTIMPL if not implemented. */ - apr_status_t (*block_encrypt_finish)(apr_crypto_block_t *ctx, - unsigned char *out, apr_size_t *outlen); + apr_status_t (*block_encrypt_finish)(unsigned char *out, apr_size_t *outlen, + apr_crypto_block_t *ctx); /** * @brief Initialise a context for decrypting arbitrary data using the given key. * @note If *ctx is NULL, a apr_crypto_block_t will be created from a pool. If * *ctx is not NULL, *ctx must point at a previously created structure. - * @param p The pool to use. - * @param f The block context to use. - * @param key The key structure. + * @param ctx The block context returned, see note. + * @param blockSize The block size of the cipher. * @param iv Optional initialisation vector. If the buffer pointed to is NULL, * an IV will be created at random, in space allocated from the pool. * If the buffer is not NULL, the IV in the buffer will be used. - * @param ctx The block context returned, see note. - * @param blockSize The block size of the cipher. + * @param key The key structure. + * @param p The pool to use. * @return Returns APR_ENOIV if an initialisation vector is required but not specified. * Returns APR_EINIT if the backend failed to initialise the context. Returns * APR_ENOTIMPL if not implemented. */ - apr_status_t (*block_decrypt_init)(apr_pool_t *p, const apr_crypto_t *f, - const apr_crypto_key_t *key, const unsigned char *iv, - apr_crypto_block_t **ctx, apr_size_t *blockSize); + apr_status_t (*block_decrypt_init)(apr_crypto_block_t **ctx, + apr_size_t *blockSize, const unsigned char *iv, + const apr_crypto_key_t *key, apr_pool_t *p); /** * @brief Decrypt data provided by in, write it to out. @@ -181,17 +180,17 @@ struct apr_crypto_driver_t { * to NULL, a buffer sufficiently large will be created from * the pool provided. If *out points to a not-NULL value, this * value will be used as a buffer instead. - * @param ctx The block context to use. * @param out Address of a buffer to which data will be written, * see note. * @param outlen Length of the output will be written here. * @param in Address of the buffer to read. * @param inlen Length of the buffer to read. + * @param ctx The block context to use. * @return APR_ECRYPT if an error occurred. Returns APR_ENOTIMPL if * not implemented. */ - apr_status_t (*block_decrypt)(apr_crypto_block_t *ctx, unsigned char **out, - apr_size_t *outlen, const unsigned char *in, apr_size_t inlen); + apr_status_t (*block_decrypt)(unsigned char **out, apr_size_t *outlen, + const unsigned char *in, apr_size_t inlen, apr_crypto_block_t *ctx); /** * @brief Decrypt final data block, write it to out. @@ -201,18 +200,18 @@ struct apr_crypto_driver_t { * number of bytes returned as actually written by the * apr_crypto_block_decrypt() call. After this call, the context * is cleaned and can be reused by apr_crypto_block_decrypt_init(). - * @param ctx The block context to use. * @param out Address of a buffer to which data will be written. This * buffer must already exist, and is usually the same * buffer used by apr_evp_crypt(). See note. * @param outlen Length of the output will be written here. + * @param ctx The block context to use. * @return APR_ECRYPT if an error occurred. * @return APR_EPADDING if padding was enabled and the block was incorrectly * formatted. * @return APR_ENOTIMPL if not implemented. */ - apr_status_t (*block_decrypt_finish)(apr_crypto_block_t *ctx, - unsigned char *out, apr_size_t *outlen); + apr_status_t (*block_decrypt_finish)(unsigned char *out, + apr_size_t *outlen, apr_crypto_block_t *ctx); /** * @brief Clean encryption / decryption context. @@ -233,18 +232,17 @@ struct apr_crypto_driver_t { /** * @brief Clean encryption / decryption context. * @note After cleanup, a context is free to be reused if necessary. - * @param pool The pool to use. * @return Returns APR_ENOTIMPL if not supported. */ - apr_status_t (*shutdown)(apr_pool_t *p); + apr_status_t (*shutdown)(); /** * @brief: fetch the most recent error from this driver. - * @param f - context pointer * @param result - the result structure + * @param f - context pointer * @return APR_SUCCESS for success. */ - apr_status_t (*error)(const apr_crypto_t *f, const apu_err_t **result); + apr_status_t (*error)(const apu_err_t **result, const apr_crypto_t *f); };