keystore-engine/eng_keystore.cpp - platform/system/security - Git at Google

 /*
  * Copyright (C) 2012 The Android Open Source Project
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
  *
  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
  */

 #include <keystore.h>

 #include <utils/UniquePtr.h>

 #include <sys/socket.h>
 #include <stdarg.h>
 #include <string.h>
 #include <unistd.h>

 #include <openssl/objects.h>
 #include <openssl/engine.h>
 #include <openssl/evp.h>

 //#define LOG_NDEBUG 0
 #define LOG_TAG "OpenSSL-keystore"
 #include <cutils/log.h>

 #include <keystore_client.h>


 #define DYNAMIC_ENGINE
 #define KEYSTORE_ENGINE_ID   "keystore"
 #define KEYSTORE_ENGINE_NAME "Android keystore engine"

 /**
  * Many OpenSSL APIs take ownership of an argument on success but don't free the argument
  * on failure. This means we need to tell our scoped pointers when we've transferred ownership,
  * without triggering a warning by not using the result of release().
  */
 #define OWNERSHIP_TRANSFERRED(obj) \
     typeof (obj.release()) _dummy __attribute__((unused)) = obj.release()

 struct ENGINE_Delete {
     void operator()(ENGINE* p) const {
         ENGINE_free(p);
     }
 };
 typedef UniquePtr<ENGINE, ENGINE_Delete> Unique_ENGINE;

 struct EVP_PKEY_Delete {
     void operator()(EVP_PKEY* p) const {
         EVP_PKEY_free(p);
     }
 };
 typedef UniquePtr<EVP_PKEY, EVP_PKEY_Delete> Unique_EVP_PKEY;

 struct RSA_Delete {
     void operator()(RSA* p) const {
         RSA_free(p);
     }
 };
 typedef UniquePtr<RSA, RSA_Delete> Unique_RSA;


 /*
  * RSA ex_data index for keystore's key handle.
  */
 static int rsa_key_handle;

 /*
  * Only initialize the rsa_key_handle once.
  */
 static pthread_once_t rsa_key_handle_control = PTHREAD_ONCE_INIT;


 /**
  * Makes sure the ex_data for the keyhandle is initially set to NULL.
  */
 int keyhandle_new(void*, void*, CRYPTO_EX_DATA* ad, int idx, long, void*) {
     return CRYPTO_set_ex_data(ad, idx, NULL);
 }

 /**
  * Frees a previously allocated keyhandle stored in ex_data.
  */
 void keyhandle_free(void *, void *ptr, CRYPTO_EX_DATA*, int, long, void*) {
     char* keyhandle = reinterpret_cast<char*>(ptr);
     if (keyhandle != NULL) {
         free(keyhandle);
     }
 }

 /**
  * Duplicates a keyhandle stored in ex_data in case we copy a key.
  */
 int keyhandle_dup(CRYPTO_EX_DATA* to, CRYPTO_EX_DATA*, void *ptrRef, int idx, long, void *) {
     // This appears to be a bug in OpenSSL.
     void** ptr = reinterpret_cast<void**>(ptrRef);
     char* keyhandle = reinterpret_cast<char*>(*ptr);
     if (keyhandle != NULL) {
         char* keyhandle_copy = strdup(keyhandle);
         *ptr = keyhandle_copy;

         // Call this in case OpenSSL is fixed in the future.
         (void) CRYPTO_set_ex_data(to, idx, keyhandle_copy);
     }
     return 1;
 }

 int keystore_rsa_priv_enc(int flen, const unsigned char* from, unsigned char* to, RSA* rsa,
         int padding) {
     ALOGV("keystore_rsa_sign(%d, %p, %p, %p, %d)", flen, from, to, rsa, padding);

     int num = RSA_size(rsa);
     UniquePtr<uint8_t> padded(new uint8_t[num]);
     if (padded.get() == NULL) {
         ALOGE("could not allocate padded signature");
         return 0;
     }

     switch (padding) {
     case RSA_PKCS1_PADDING:
         if (!RSA_padding_add_PKCS1_type_1(padded.get(), num, from, flen)) {
             return 0;
         }
         break;
     case RSA_X931_PADDING:
         if (!RSA_padding_add_X931(padded.get(), num, from, flen)) {
             return 0;
         }
         break;
     case RSA_NO_PADDING:
         if (!RSA_padding_add_none(padded.get(), num, from, flen)) {
             return 0;
         }
         break;
     default:
         ALOGE("Unknown padding type: %d", padding);
         return 0;
     }

     uint8_t* key_id = reinterpret_cast<uint8_t*>(RSA_get_ex_data(rsa, rsa_key_handle));
     if (key_id == NULL) {
         ALOGE("key had no key_id!");
         return 0;
     }

     Keystore_Reply reply;
     if (keystore_cmd(CommandCodes[SIGN], &reply, 2, strlen(reinterpret_cast<const char*>(key_id)),
             key_id, static_cast<size_t>(num), reinterpret_cast<const uint8_t*>(padded.get()))
             != NO_ERROR) {
         ALOGE("There was an error during rsa_mod_exp");
         return 0;
     }

     const size_t replyLen = reply.length();
     if (replyLen <= 0) {
         ALOGW("No valid signature returned");
         return 0;
     }

     memcpy(to, reply.get(), replyLen);

     ALOGV("rsa=%p keystore_rsa_sign => returning %p len %llu", rsa, to,
             (unsigned long long) replyLen);
     return static_cast<int>(replyLen);
 }

 static RSA_METHOD keystore_rsa_meth = {
         KEYSTORE_ENGINE_NAME,
         NULL, /* rsa_pub_enc */
         NULL, /* rsa_pub_dec (verification) */
         keystore_rsa_priv_enc, /* rsa_priv_enc (signing) */
         NULL, /* rsa_priv_dec */
         NULL, /* rsa_mod_exp */
         NULL, /* bn_mod_exp */
         NULL, /* init */
         NULL, /* finish */
         RSA_FLAG_EXT_PKEY | RSA_FLAG_NO_BLINDING, /* flags */
         NULL, /* app_data */
         NULL, /* rsa_sign */
         NULL, /* rsa_verify */
         NULL, /* rsa_keygen */
 };

 static int register_rsa_methods() {
     const RSA_METHOD* rsa_meth = RSA_PKCS1_SSLeay();

     keystore_rsa_meth.rsa_pub_enc = rsa_meth->rsa_pub_enc;
     keystore_rsa_meth.rsa_pub_dec = rsa_meth->rsa_pub_dec;
     keystore_rsa_meth.rsa_priv_dec = rsa_meth->rsa_priv_dec;
     keystore_rsa_meth.rsa_mod_exp = rsa_meth->rsa_mod_exp;
     keystore_rsa_meth.bn_mod_exp = rsa_meth->bn_mod_exp;

     return 1;
 }

 static EVP_PKEY* keystore_loadkey(ENGINE* e, const char* key_id, UI_METHOD* ui_method,
         void* callback_data) {
 #if LOG_NDEBUG
     (void)ui_method;
     (void)callback_data;
 #else
     ALOGV("keystore_loadkey(%p, \"%s\", %p, %p)", e, key_id, ui_method, callback_data);
 #endif

     Keystore_Reply reply;
     if (keystore_cmd(CommandCodes[GET_PUBKEY], &reply, 1, strlen(key_id), key_id) != NO_ERROR) {
         ALOGV("Cannot get public key for %s", key_id);
         return NULL;
     }

     const unsigned char* tmp = reinterpret_cast<const unsigned char*>(reply.get());
     Unique_EVP_PKEY pkey(d2i_PUBKEY(NULL, &tmp, reply.length()));
     if (pkey.get() == NULL) {
         ALOGW("Cannot convert pubkey");
         return NULL;
     }

     switch (EVP_PKEY_type(pkey->type)) {
     case EVP_PKEY_RSA: {
         Unique_RSA rsa(EVP_PKEY_get1_RSA(pkey.get()));
         if (!RSA_set_ex_data(rsa.get(), rsa_key_handle, reinterpret_cast<void*>(strdup(key_id)))) {
             ALOGW("Could not set ex_data for loaded RSA key");
             return NULL;
         }

         RSA_set_method(rsa.get(), &keystore_rsa_meth);
         RSA_blinding_off(rsa.get());

         /*
          * This should probably be an OpenSSL API, but EVP_PKEY_free calls
          * ENGINE_finish(), so we need to call ENGINE_init() here.
          */
         ENGINE_init(e);
         rsa->engine = e;
         rsa->flags |= RSA_FLAG_EXT_PKEY;

         break;
     }
     default:
         ALOGE("Unsupported key type %d", EVP_PKEY_type(pkey->type));
         return NULL;
     }

     return pkey.release();
 }

 static const ENGINE_CMD_DEFN keystore_cmd_defns[] = {
     {0, NULL, NULL, 0}
 };

 /**
  * Called to initialize RSA's ex_data for the key_id handle. This should
  * only be called when protected by a lock.
  */
 static void init_rsa_key_handle() {
     rsa_key_handle = RSA_get_ex_new_index(0, NULL, keyhandle_new, keyhandle_dup,
             keyhandle_free);
 }

 static int keystore_engine_setup(ENGINE* e) {
     ALOGV("keystore_engine_setup");

     if (!ENGINE_set_id(e, KEYSTORE_ENGINE_ID)
             || !ENGINE_set_name(e, KEYSTORE_ENGINE_NAME)
             || !ENGINE_set_load_privkey_function(e, keystore_loadkey)
             || !ENGINE_set_load_pubkey_function(e, keystore_loadkey)
             || !ENGINE_set_cmd_defns(e, keystore_cmd_defns)) {
         ALOGE("Could not set up keystore engine");
         return 0;
     }

     if (!ENGINE_set_RSA(e, &keystore_rsa_meth)
             || !register_rsa_methods()) {
         ALOGE("Could not set up keystore RSA methods");
         return 0;
     }

     /* We need a handle in the RSA keys as well for keygen if it's not already initialized. */
     pthread_once(&rsa_key_handle_control, init_rsa_key_handle);
     if (rsa_key_handle < 0) {
         ALOGE("Could not set up RSA ex_data index");
         return 0;
     }

     return 1;
 }

 ENGINE* ENGINE_keystore() {
     ALOGV("ENGINE_keystore");

     Unique_ENGINE engine(ENGINE_new());
     if (engine.get() == NULL) {
         return NULL;
     }

     if (!keystore_engine_setup(engine.get())) {
         return NULL;
     }

     return engine.release();
 }

 static int keystore_bind_fn(ENGINE *e, const char *id) {
     ALOGV("keystore_bind_fn");

     if (!id) {
         return 0;
     }

     if (strcmp(id, KEYSTORE_ENGINE_ID)) {
         return 0;
     }

     if (!keystore_engine_setup(e)) {
         return 0;
     }

     return 1;
 }

 extern "C" {
 #undef OPENSSL_EXPORT
 #define OPENSSL_EXPORT extern __attribute__ ((visibility ("default")))

 IMPLEMENT_DYNAMIC_CHECK_FN()
 IMPLEMENT_DYNAMIC_BIND_FN(keystore_bind_fn)
 };
	/*
	* Copyright (C) 2012 The Android Open Source Project
	*
	* Redistribution and use in source and binary forms, with or without
	* modification, are permitted provided that the following conditions
	* are met:
	* 1. Redistributions of source code must retain the above copyright
	* notice, this list of conditions and the following disclaimer.
	* 2. Redistributions in binary form must reproduce the above copyright
	* notice, this list of conditions and the following disclaimer in the
	* documentation and/or other materials provided with the distribution.
	*
	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
	* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
	* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
	* DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
	* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
	* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
	* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	*
	*/

	#include <keystore.h>

	#include <utils/UniquePtr.h>

	#include <sys/socket.h>
	#include <stdarg.h>
	#include <string.h>
	#include <unistd.h>

	#include <openssl/objects.h>
	#include <openssl/engine.h>
	#include <openssl/evp.h>

	//#define LOG_NDEBUG 0
	#define LOG_TAG "OpenSSL-keystore"
	#include <cutils/log.h>

	#include <keystore_client.h>


	#define DYNAMIC_ENGINE
	#define KEYSTORE_ENGINE_ID "keystore"
	#define KEYSTORE_ENGINE_NAME "Android keystore engine"

	/**
	* Many OpenSSL APIs take ownership of an argument on success but don't free the argument
	* on failure. This means we need to tell our scoped pointers when we've transferred ownership,
	* without triggering a warning by not using the result of release().
	*/
	#define OWNERSHIP_TRANSFERRED(obj) \
	typeof (obj.release()) _dummy __attribute__((unused)) = obj.release()

	struct ENGINE_Delete {
	void operator()(ENGINE* p) const {
	ENGINE_free(p);
	}
	};
	typedef UniquePtr<ENGINE, ENGINE_Delete> Unique_ENGINE;

	struct EVP_PKEY_Delete {
	void operator()(EVP_PKEY* p) const {
	EVP_PKEY_free(p);
	}
	};
	typedef UniquePtr<EVP_PKEY, EVP_PKEY_Delete> Unique_EVP_PKEY;

	struct RSA_Delete {
	void operator()(RSA* p) const {
	RSA_free(p);
	}
	};
	typedef UniquePtr<RSA, RSA_Delete> Unique_RSA;


	/*
	* RSA ex_data index for keystore's key handle.
	*/
	static int rsa_key_handle;

	/*
	* Only initialize the rsa_key_handle once.
	*/
	static pthread_once_t rsa_key_handle_control = PTHREAD_ONCE_INIT;


	/**
	* Makes sure the ex_data for the keyhandle is initially set to NULL.
	*/
	int keyhandle_new(void, void, CRYPTO_EX_DATA* ad, int idx, long, void*) {
	return CRYPTO_set_ex_data(ad, idx, NULL);
	}

	/**
	* Frees a previously allocated keyhandle stored in ex_data.
	*/
	void keyhandle_free(void , void ptr, CRYPTO_EX_DATA, int, long, void) {
	char* keyhandle = reinterpret_cast<char*>(ptr);
	if (keyhandle != NULL) {
	free(keyhandle);
	}
	}

	/**
	* Duplicates a keyhandle stored in ex_data in case we copy a key.
	*/
	int keyhandle_dup(CRYPTO_EX_DATA* to, CRYPTO_EX_DATA, void ptrRef, int idx, long, void *) {
	// This appears to be a bug in OpenSSL.
	void ptr = reinterpret_cast<void>(ptrRef);
	char* keyhandle = reinterpret_cast<char>(ptr);
	if (keyhandle != NULL) {
	char* keyhandle_copy = strdup(keyhandle);
	*ptr = keyhandle_copy;

	// Call this in case OpenSSL is fixed in the future.
	(void) CRYPTO_set_ex_data(to, idx, keyhandle_copy);
	}
	return 1;
	}

	int keystore_rsa_priv_enc(int flen, const unsigned char* from, unsigned char* to, RSA* rsa,
	int padding) {
	ALOGV("keystore_rsa_sign(%d, %p, %p, %p, %d)", flen, from, to, rsa, padding);

	int num = RSA_size(rsa);
	UniquePtr<uint8_t> padded(new uint8_t[num]);
	if (padded.get() == NULL) {
	ALOGE("could not allocate padded signature");
	return 0;
	}

	switch (padding) {
	case RSA_PKCS1_PADDING:
	if (!RSA_padding_add_PKCS1_type_1(padded.get(), num, from, flen)) {
	return 0;
	}
	break;
	case RSA_X931_PADDING:
	if (!RSA_padding_add_X931(padded.get(), num, from, flen)) {
	return 0;
	}
	break;
	case RSA_NO_PADDING:
	if (!RSA_padding_add_none(padded.get(), num, from, flen)) {
	return 0;
	}
	break;
	default:
	ALOGE("Unknown padding type: %d", padding);
	return 0;
	}

	uint8_t* key_id = reinterpret_cast<uint8_t*>(RSA_get_ex_data(rsa, rsa_key_handle));
	if (key_id == NULL) {
	ALOGE("key had no key_id!");
	return 0;
	}

	Keystore_Reply reply;
	if (keystore_cmd(CommandCodes[SIGN], &reply, 2, strlen(reinterpret_cast<const char*>(key_id)),
	key_id, static_cast<size_t>(num), reinterpret_cast<const uint8_t*>(padded.get()))
	!= NO_ERROR) {
	ALOGE("There was an error during rsa_mod_exp");
	return 0;
	}

	const size_t replyLen = reply.length();
	if (replyLen <= 0) {
	ALOGW("No valid signature returned");
	return 0;
	}

	memcpy(to, reply.get(), replyLen);

	ALOGV("rsa=%p keystore_rsa_sign => returning %p len %llu", rsa, to,
	(unsigned long long) replyLen);
	return static_cast<int>(replyLen);
	}

	static RSA_METHOD keystore_rsa_meth = {
	KEYSTORE_ENGINE_NAME,
	NULL, /* rsa_pub_enc */
	NULL, /* rsa_pub_dec (verification) */
	keystore_rsa_priv_enc, /* rsa_priv_enc (signing) */
	NULL, /* rsa_priv_dec */
	NULL, /* rsa_mod_exp */
	NULL, /* bn_mod_exp */
	NULL, /* init */
	NULL, /* finish */
	RSA_FLAG_EXT_PKEY \| RSA_FLAG_NO_BLINDING, /* flags */
	NULL, /* app_data */
	NULL, /* rsa_sign */
	NULL, /* rsa_verify */
	NULL, /* rsa_keygen */
	};

	static int register_rsa_methods() {
	const RSA_METHOD* rsa_meth = RSA_PKCS1_SSLeay();

	keystore_rsa_meth.rsa_pub_enc = rsa_meth->rsa_pub_enc;
	keystore_rsa_meth.rsa_pub_dec = rsa_meth->rsa_pub_dec;
	keystore_rsa_meth.rsa_priv_dec = rsa_meth->rsa_priv_dec;
	keystore_rsa_meth.rsa_mod_exp = rsa_meth->rsa_mod_exp;
	keystore_rsa_meth.bn_mod_exp = rsa_meth->bn_mod_exp;

	return 1;
	}

	static EVP_PKEY* keystore_loadkey(ENGINE* e, const char* key_id, UI_METHOD* ui_method,
	void* callback_data) {
	#if LOG_NDEBUG
	(void)ui_method;
	(void)callback_data;
	#else
	ALOGV("keystore_loadkey(%p, \"%s\", %p, %p)", e, key_id, ui_method, callback_data);
	#endif

	Keystore_Reply reply;
	if (keystore_cmd(CommandCodes[GET_PUBKEY], &reply, 1, strlen(key_id), key_id) != NO_ERROR) {
	ALOGV("Cannot get public key for %s", key_id);
	return NULL;
	}

	const unsigned char* tmp = reinterpret_cast<const unsigned char*>(reply.get());
	Unique_EVP_PKEY pkey(d2i_PUBKEY(NULL, &tmp, reply.length()));
	if (pkey.get() == NULL) {
	ALOGW("Cannot convert pubkey");
	return NULL;
	}

	switch (EVP_PKEY_type(pkey->type)) {
	case EVP_PKEY_RSA: {
	Unique_RSA rsa(EVP_PKEY_get1_RSA(pkey.get()));
	if (!RSA_set_ex_data(rsa.get(), rsa_key_handle, reinterpret_cast<void*>(strdup(key_id)))) {
	ALOGW("Could not set ex_data for loaded RSA key");
	return NULL;
	}

	RSA_set_method(rsa.get(), &keystore_rsa_meth);
	RSA_blinding_off(rsa.get());

	/*
	* This should probably be an OpenSSL API, but EVP_PKEY_free calls
	* ENGINE_finish(), so we need to call ENGINE_init() here.
	*/
	ENGINE_init(e);
	rsa->engine = e;
	rsa->flags \|= RSA_FLAG_EXT_PKEY;

	break;
	}
	default:
	ALOGE("Unsupported key type %d", EVP_PKEY_type(pkey->type));
	return NULL;
	}

	return pkey.release();
	}

	static const ENGINE_CMD_DEFN keystore_cmd_defns[] = {
	{0, NULL, NULL, 0}
	};

	/**
	* Called to initialize RSA's ex_data for the key_id handle. This should
	* only be called when protected by a lock.
	*/
	static void init_rsa_key_handle() {
	rsa_key_handle = RSA_get_ex_new_index(0, NULL, keyhandle_new, keyhandle_dup,
	keyhandle_free);
	}

	static int keystore_engine_setup(ENGINE* e) {
	ALOGV("keystore_engine_setup");

	if (!ENGINE_set_id(e, KEYSTORE_ENGINE_ID)
	\|\| !ENGINE_set_name(e, KEYSTORE_ENGINE_NAME)
	\|\| !ENGINE_set_load_privkey_function(e, keystore_loadkey)
	\|\| !ENGINE_set_load_pubkey_function(e, keystore_loadkey)
	\|\| !ENGINE_set_cmd_defns(e, keystore_cmd_defns)) {
	ALOGE("Could not set up keystore engine");
	return 0;
	}

	if (!ENGINE_set_RSA(e, &keystore_rsa_meth)
	\|\| !register_rsa_methods()) {
	ALOGE("Could not set up keystore RSA methods");
	return 0;
	}

	/* We need a handle in the RSA keys as well for keygen if it's not already initialized. */
	pthread_once(&rsa_key_handle_control, init_rsa_key_handle);
	if (rsa_key_handle < 0) {
	ALOGE("Could not set up RSA ex_data index");
	return 0;
	}

	return 1;
	}

	ENGINE* ENGINE_keystore() {
	ALOGV("ENGINE_keystore");

	Unique_ENGINE engine(ENGINE_new());
	if (engine.get() == NULL) {
	return NULL;
	}

	if (!keystore_engine_setup(engine.get())) {
	return NULL;
	}

	return engine.release();
	}

	static int keystore_bind_fn(ENGINE e, const char id) {
	ALOGV("keystore_bind_fn");

	if (!id) {
	return 0;
	}

	if (strcmp(id, KEYSTORE_ENGINE_ID)) {
	return 0;
	}

	if (!keystore_engine_setup(e)) {
	return 0;
	}

	return 1;
	}

	extern "C" {
	#undef OPENSSL_EXPORT
	#define OPENSSL_EXPORT extern __attribute__ ((visibility ("default")))

	IMPLEMENT_DYNAMIC_CHECK_FN()
	IMPLEMENT_DYNAMIC_BIND_FN(keystore_bind_fn)
	};