summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/engine
diff options
context:
space:
mode:
authormarkus <>2002-09-05 12:51:52 +0000
committermarkus <>2002-09-05 12:51:52 +0000
commit5514995a9d5ed91db089875adb509c7781357c0e (patch)
tree2484410a46ba6c05ef94c253da36fbceef990b64 /src/lib/libcrypto/engine
parentfd9566423b542798f5c8b06e68101a9ea5bb9885 (diff)
downloadopenbsd-5514995a9d5ed91db089875adb509c7781357c0e.tar.gz
openbsd-5514995a9d5ed91db089875adb509c7781357c0e.tar.bz2
openbsd-5514995a9d5ed91db089875adb509c7781357c0e.zip
import openssl-0.9.7-beta1
Diffstat (limited to 'src/lib/libcrypto/engine')
-rw-r--r--src/lib/libcrypto/engine/enginetest.c45
-rw-r--r--src/lib/libcrypto/engine/hw_4758_cca.c28
-rw-r--r--src/lib/libcrypto/engine/hw_atalla.c283
-rw-r--r--src/lib/libcrypto/engine/hw_cswift.c322
-rw-r--r--src/lib/libcrypto/engine/hw_ncipher.c662
-rw-r--r--src/lib/libcrypto/engine/vendor_defns/atalla.h13
-rw-r--r--src/lib/libcrypto/engine/vendor_defns/cswift.h45
7 files changed, 981 insertions, 417 deletions
diff --git a/src/lib/libcrypto/engine/enginetest.c b/src/lib/libcrypto/engine/enginetest.c
index a5a3c47fcb..87fa8c57b7 100644
--- a/src/lib/libcrypto/engine/enginetest.c
+++ b/src/lib/libcrypto/engine/enginetest.c
@@ -3,7 +3,7 @@
3 * project 2000. 3 * project 2000.
4 */ 4 */
5/* ==================================================================== 5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 6 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions 9 * modification, are permitted provided that the following conditions
@@ -56,8 +56,11 @@
56 * 56 *
57 */ 57 */
58 58
59#include <openssl/e_os2.h>
59#include <stdio.h> 60#include <stdio.h>
60#include <string.h> 61#include <string.h>
62#include <openssl/buffer.h>
63#include <openssl/crypto.h>
61#include <openssl/engine.h> 64#include <openssl/engine.h>
62#include <openssl/err.h> 65#include <openssl/err.h>
63 66
@@ -76,6 +79,9 @@ static void display_engine_list()
76 h = ENGINE_get_next(h); 79 h = ENGINE_get_next(h);
77 } 80 }
78 printf("end of list\n"); 81 printf("end of list\n");
82 /* ENGINE_get_first() increases the struct_ref counter, so we
83 must call ENGINE_free() to decrease it again */
84 ENGINE_free(h);
79 } 85 }
80 86
81int main(int argc, char *argv[]) 87int main(int argc, char *argv[])
@@ -91,6 +97,18 @@ int main(int argc, char *argv[])
91 ENGINE *new_h3 = NULL; 97 ENGINE *new_h3 = NULL;
92 ENGINE *new_h4 = NULL; 98 ENGINE *new_h4 = NULL;
93 99
100 /* enable memory leak checking unless explicitly disabled */
101 if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
102 {
103 CRYPTO_malloc_debug_init();
104 CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
105 }
106 else
107 {
108 /* OPENSSL_DEBUG_MEMORY=off */
109 CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
110 }
111 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
94 ERR_load_crypto_strings(); 112 ERR_load_crypto_strings();
95 113
96 memset(block, 0, 512 * sizeof(ENGINE *)); 114 memset(block, 0, 512 * sizeof(ENGINE *));
@@ -124,6 +142,8 @@ int main(int argc, char *argv[])
124 printf("Remove failed!\n"); 142 printf("Remove failed!\n");
125 goto end; 143 goto end;
126 } 144 }
145 if (ptr)
146 ENGINE_free(ptr);
127 display_engine_list(); 147 display_engine_list();
128 if(!ENGINE_add(new_h3) || !ENGINE_add(new_h2)) 148 if(!ENGINE_add(new_h3) || !ENGINE_add(new_h2))
129 { 149 {
@@ -158,12 +178,7 @@ int main(int argc, char *argv[])
158 } 178 }
159 else 179 else
160 printf("Remove that should fail did.\n"); 180 printf("Remove that should fail did.\n");
161 if(!ENGINE_remove(new_h1)) 181 ERR_clear_error();
162 {
163 printf("Remove failed!\n");
164 goto end;
165 }
166 display_engine_list();
167 if(!ENGINE_remove(new_h3)) 182 if(!ENGINE_remove(new_h3))
168 { 183 {
169 printf("Remove failed!\n"); 184 printf("Remove failed!\n");
@@ -183,6 +198,8 @@ int main(int argc, char *argv[])
183 if(!ENGINE_remove(ptr)) 198 if(!ENGINE_remove(ptr))
184 printf("Remove failed!i - probably no hardware " 199 printf("Remove failed!i - probably no hardware "
185 "support present.\n"); 200 "support present.\n");
201 if (ptr)
202 ENGINE_free(ptr);
186 display_engine_list(); 203 display_engine_list();
187 if(!ENGINE_add(new_h1) || !ENGINE_remove(new_h1)) 204 if(!ENGINE_add(new_h1) || !ENGINE_remove(new_h1))
188 { 205 {
@@ -195,9 +212,9 @@ int main(int argc, char *argv[])
195 for(loop = 0; loop < 512; loop++) 212 for(loop = 0; loop < 512; loop++)
196 { 213 {
197 sprintf(buf, "id%i", loop); 214 sprintf(buf, "id%i", loop);
198 id = strdup(buf); 215 id = BUF_strdup(buf);
199 sprintf(buf, "Fake engine type %i", loop); 216 sprintf(buf, "Fake engine type %i", loop);
200 name = strdup(buf); 217 name = BUF_strdup(buf);
201 if(((block[loop] = ENGINE_new()) == NULL) || 218 if(((block[loop] = ENGINE_new()) == NULL) ||
202 !ENGINE_set_id(block[loop], id) || 219 !ENGINE_set_id(block[loop], id) ||
203 !ENGINE_set_name(block[loop], name)) 220 !ENGINE_set_name(block[loop], name))
@@ -228,12 +245,13 @@ cleanup_loop:
228 printf("\nRemove failed!\n"); 245 printf("\nRemove failed!\n");
229 goto end; 246 goto end;
230 } 247 }
248 ENGINE_free(ptr);
231 printf("."); fflush(stdout); 249 printf("."); fflush(stdout);
232 } 250 }
233 for(loop = 0; loop < 512; loop++) 251 for(loop = 0; loop < 512; loop++)
234 { 252 {
235 free((char *)(ENGINE_get_id(block[loop]))); 253 OPENSSL_free((void *)ENGINE_get_id(block[loop]));
236 free((char *)(ENGINE_get_name(block[loop]))); 254 OPENSSL_free((void *)ENGINE_get_name(block[loop]));
237 } 255 }
238 printf("\nTests completed happily\n"); 256 printf("\nTests completed happily\n");
239 to_return = 0; 257 to_return = 0;
@@ -247,5 +265,10 @@ end:
247 for(loop = 0; loop < 512; loop++) 265 for(loop = 0; loop < 512; loop++)
248 if(block[loop]) 266 if(block[loop])
249 ENGINE_free(block[loop]); 267 ENGINE_free(block[loop]);
268 ENGINE_cleanup();
269 CRYPTO_cleanup_all_ex_data();
270 ERR_free_strings();
271 ERR_remove_state(0);
272 CRYPTO_mem_leaks_fp(stderr);
250 return to_return; 273 return to_return;
251 } 274 }
diff --git a/src/lib/libcrypto/engine/hw_4758_cca.c b/src/lib/libcrypto/engine/hw_4758_cca.c
index 959d8f1a61..77d3d2ffdf 100644
--- a/src/lib/libcrypto/engine/hw_4758_cca.c
+++ b/src/lib/libcrypto/engine/hw_4758_cca.c
@@ -287,13 +287,13 @@ err:
287 DSO_free(dso); 287 DSO_free(dso);
288 dso = NULL; 288 dso = NULL;
289 289
290 keyRecordRead = (F_KEYRECORDREAD)NULL; 290 keyRecordRead = (F_KEYRECORDREAD)0;
291 randomNumberGenerate = (F_RANDOMNUMBERGENERATE)NULL; 291 randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0;
292 digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)NULL; 292 digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)0;
293 digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)NULL; 293 digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0;
294 publicKeyExtract = (F_PUBLICKEYEXTRACT)NULL; 294 publicKeyExtract = (F_PUBLICKEYEXTRACT)0;
295 pkaEncrypt = (F_PKAENCRYPT)NULL; 295 pkaEncrypt = (F_PKAENCRYPT)0;
296 pkaDecrypt = (F_PKADECRYPT)NULL; 296 pkaDecrypt = (F_PKADECRYPT)0;
297 return 0; 297 return 0;
298 } 298 }
299 299
@@ -312,13 +312,13 @@ static int ibm_4758_cca_finish(ENGINE *e)
312 return 0; 312 return 0;
313 } 313 }
314 dso = NULL; 314 dso = NULL;
315 keyRecordRead = (F_KEYRECORDREAD)NULL; 315 keyRecordRead = (F_KEYRECORDREAD)0;
316 randomNumberGenerate = (F_RANDOMNUMBERGENERATE)NULL; 316 randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0;
317 digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)NULL; 317 digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)0;
318 digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)NULL; 318 digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0;
319 publicKeyExtract = (F_PUBLICKEYEXTRACT)NULL; 319 publicKeyExtract = (F_PUBLICKEYEXTRACT)0;
320 pkaEncrypt = (F_PKAENCRYPT)NULL; 320 pkaEncrypt = (F_PKAENCRYPT)0;
321 pkaDecrypt = (F_PKADECRYPT)NULL; 321 pkaDecrypt = (F_PKADECRYPT)0;
322 return 1; 322 return 1;
323 } 323 }
324 324
diff --git a/src/lib/libcrypto/engine/hw_atalla.c b/src/lib/libcrypto/engine/hw_atalla.c
index 3bb992a193..696cfcf156 100644
--- a/src/lib/libcrypto/engine/hw_atalla.c
+++ b/src/lib/libcrypto/engine/hw_atalla.c
@@ -3,7 +3,7 @@
3 * project 2000. 3 * project 2000.
4 */ 4 */
5/* ==================================================================== 5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 6 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions 9 * modification, are permitted provided that the following conditions
@@ -60,11 +60,10 @@
60#include <openssl/crypto.h> 60#include <openssl/crypto.h>
61#include "cryptlib.h" 61#include "cryptlib.h"
62#include <openssl/dso.h> 62#include <openssl/dso.h>
63#include "engine_int.h"
64#include <openssl/engine.h> 63#include <openssl/engine.h>
65 64
66#ifndef NO_HW 65#ifndef OPENSSL_NO_HW
67#ifndef NO_HW_ATALLA 66#ifndef OPENSSL_NO_HW_ATALLA
68 67
69#ifdef FLAT_INC 68#ifdef FLAT_INC
70#include "atalla.h" 69#include "atalla.h"
@@ -72,19 +71,27 @@
72#include "vendor_defns/atalla.h" 71#include "vendor_defns/atalla.h"
73#endif 72#endif
74 73
75static int atalla_init(void); 74#define ATALLA_LIB_NAME "atalla engine"
76static int atalla_finish(void); 75#include "hw_atalla_err.c"
76
77static int atalla_destroy(ENGINE *e);
78static int atalla_init(ENGINE *e);
79static int atalla_finish(ENGINE *e);
80static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
77 81
78/* BIGNUM stuff */ 82/* BIGNUM stuff */
79static int atalla_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, 83static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
80 const BIGNUM *m, BN_CTX *ctx); 84 const BIGNUM *m, BN_CTX *ctx);
81 85
86#ifndef OPENSSL_NO_RSA
82/* RSA stuff */ 87/* RSA stuff */
83static int atalla_rsa_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa); 88static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
89#endif
84/* This function is aliased to mod_exp (with the mont stuff dropped). */ 90/* This function is aliased to mod_exp (with the mont stuff dropped). */
85static int atalla_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p, 91static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
86 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); 92 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
87 93
94#ifndef OPENSSL_NO_DSA
88/* DSA stuff */ 95/* DSA stuff */
89static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, 96static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
90 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m, 97 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
@@ -92,13 +99,27 @@ static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
92static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a, 99static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
93 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, 100 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
94 BN_MONT_CTX *m_ctx); 101 BN_MONT_CTX *m_ctx);
102#endif
95 103
104#ifndef OPENSSL_NO_DH
96/* DH stuff */ 105/* DH stuff */
97/* This function is alised to mod_exp (with the DH and mont dropped). */ 106/* This function is alised to mod_exp (with the DH and mont dropped). */
98static int atalla_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p, 107static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r,
108 const BIGNUM *a, const BIGNUM *p,
99 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); 109 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
110#endif
100 111
112/* The definitions for control commands specific to this engine */
113#define ATALLA_CMD_SO_PATH ENGINE_CMD_BASE
114static const ENGINE_CMD_DEFN atalla_cmd_defns[] = {
115 {ATALLA_CMD_SO_PATH,
116 "SO_PATH",
117 "Specifies the path to the 'atasi' shared library",
118 ENGINE_CMD_FLAG_STRING},
119 {0, NULL, NULL, 0}
120 };
101 121
122#ifndef OPENSSL_NO_RSA
102/* Our internal RSA_METHOD that we provide pointers to */ 123/* Our internal RSA_METHOD that we provide pointers to */
103static RSA_METHOD atalla_rsa = 124static RSA_METHOD atalla_rsa =
104 { 125 {
@@ -116,7 +137,9 @@ static RSA_METHOD atalla_rsa =
116 NULL, 137 NULL,
117 NULL 138 NULL
118 }; 139 };
140#endif
119 141
142#ifndef OPENSSL_NO_DSA
120/* Our internal DSA_METHOD that we provide pointers to */ 143/* Our internal DSA_METHOD that we provide pointers to */
121static DSA_METHOD atalla_dsa = 144static DSA_METHOD atalla_dsa =
122 { 145 {
@@ -131,7 +154,9 @@ static DSA_METHOD atalla_dsa =
131 0, /* flags */ 154 0, /* flags */
132 NULL /* app_data */ 155 NULL /* app_data */
133 }; 156 };
157#endif
134 158
159#ifndef OPENSSL_NO_DH
135/* Our internal DH_METHOD that we provide pointers to */ 160/* Our internal DH_METHOD that we provide pointers to */
136static DH_METHOD atalla_dh = 161static DH_METHOD atalla_dh =
137 { 162 {
@@ -144,36 +169,44 @@ static DH_METHOD atalla_dh =
144 0, 169 0,
145 NULL 170 NULL
146 }; 171 };
172#endif
147 173
148/* Our ENGINE structure. */ 174/* Constants used when creating the ENGINE */
149static ENGINE engine_atalla = 175static const char *engine_atalla_id = "atalla";
150 { 176static const char *engine_atalla_name = "Atalla hardware engine support";
151 "atalla", 177
152 "Atalla hardware engine support", 178/* This internal function is used by ENGINE_atalla() and possibly by the
153 &atalla_rsa, 179 * "dynamic" ENGINE support too */
154 &atalla_dsa, 180static int bind_helper(ENGINE *e)
155 &atalla_dh,
156 NULL,
157 atalla_mod_exp,
158 NULL,
159 atalla_init,
160 atalla_finish,
161 NULL, /* no ctrl() */
162 NULL, /* no load_privkey() */
163 NULL, /* no load_pubkey() */
164 0, /* no flags */
165 0, 0, /* no references */
166 NULL, NULL /* unlinked */
167 };
168
169/* As this is only ever called once, there's no need for locking
170 * (indeed - the lock will already be held by our caller!!!) */
171ENGINE *ENGINE_atalla()
172 { 181 {
173 RSA_METHOD *meth1; 182#ifndef OPENSSL_NO_RSA
174 DSA_METHOD *meth2; 183 const RSA_METHOD *meth1;
175 DH_METHOD *meth3; 184#endif
185#ifndef OPENSSL_NO_DSA
186 const DSA_METHOD *meth2;
187#endif
188#ifndef OPENSSL_NO_DH
189 const DH_METHOD *meth3;
190#endif
191 if(!ENGINE_set_id(e, engine_atalla_id) ||
192 !ENGINE_set_name(e, engine_atalla_name) ||
193#ifndef OPENSSL_NO_RSA
194 !ENGINE_set_RSA(e, &atalla_rsa) ||
195#endif
196#ifndef OPENSSL_NO_DSA
197 !ENGINE_set_DSA(e, &atalla_dsa) ||
198#endif
199#ifndef OPENSSL_NO_DH
200 !ENGINE_set_DH(e, &atalla_dh) ||
201#endif
202 !ENGINE_set_destroy_function(e, atalla_destroy) ||
203 !ENGINE_set_init_function(e, atalla_init) ||
204 !ENGINE_set_finish_function(e, atalla_finish) ||
205 !ENGINE_set_ctrl_function(e, atalla_ctrl) ||
206 !ENGINE_set_cmd_defns(e, atalla_cmd_defns))
207 return 0;
176 208
209#ifndef OPENSSL_NO_RSA
177 /* We know that the "PKCS1_SSLeay()" functions hook properly 210 /* We know that the "PKCS1_SSLeay()" functions hook properly
178 * to the atalla-specific mod_exp and mod_exp_crt so we use 211 * to the atalla-specific mod_exp and mod_exp_crt so we use
179 * those functions. NB: We don't use ENGINE_openssl() or 212 * those functions. NB: We don't use ENGINE_openssl() or
@@ -186,19 +219,50 @@ ENGINE *ENGINE_atalla()
186 atalla_rsa.rsa_pub_dec = meth1->rsa_pub_dec; 219 atalla_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
187 atalla_rsa.rsa_priv_enc = meth1->rsa_priv_enc; 220 atalla_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
188 atalla_rsa.rsa_priv_dec = meth1->rsa_priv_dec; 221 atalla_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
222#endif
189 223
224#ifndef OPENSSL_NO_DSA
190 /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish 225 /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
191 * bits. */ 226 * bits. */
192 meth2 = DSA_OpenSSL(); 227 meth2 = DSA_OpenSSL();
193 atalla_dsa.dsa_do_sign = meth2->dsa_do_sign; 228 atalla_dsa.dsa_do_sign = meth2->dsa_do_sign;
194 atalla_dsa.dsa_sign_setup = meth2->dsa_sign_setup; 229 atalla_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
195 atalla_dsa.dsa_do_verify = meth2->dsa_do_verify; 230 atalla_dsa.dsa_do_verify = meth2->dsa_do_verify;
231#endif
196 232
233#ifndef OPENSSL_NO_DH
197 /* Much the same for Diffie-Hellman */ 234 /* Much the same for Diffie-Hellman */
198 meth3 = DH_OpenSSL(); 235 meth3 = DH_OpenSSL();
199 atalla_dh.generate_key = meth3->generate_key; 236 atalla_dh.generate_key = meth3->generate_key;
200 atalla_dh.compute_key = meth3->compute_key; 237 atalla_dh.compute_key = meth3->compute_key;
201 return &engine_atalla; 238#endif
239
240 /* Ensure the atalla error handling is set up */
241 ERR_load_ATALLA_strings();
242 return 1;
243 }
244
245static ENGINE *engine_atalla(void)
246 {
247 ENGINE *ret = ENGINE_new();
248 if(!ret)
249 return NULL;
250 if(!bind_helper(ret))
251 {
252 ENGINE_free(ret);
253 return NULL;
254 }
255 return ret;
256 }
257
258void ENGINE_load_atalla(void)
259 {
260 /* Copied from eng_[openssl|dyn].c */
261 ENGINE *toadd = engine_atalla();
262 if(!toadd) return;
263 ENGINE_add(toadd);
264 ENGINE_free(toadd);
265 ERR_clear_error();
202 } 266 }
203 267
204/* This is a process-global DSO handle used for loading and unloading 268/* This is a process-global DSO handle used for loading and unloading
@@ -214,8 +278,32 @@ static tfnASI_GetHardwareConfig *p_Atalla_GetHardwareConfig = NULL;
214static tfnASI_RSAPrivateKeyOpFn *p_Atalla_RSAPrivateKeyOpFn = NULL; 278static tfnASI_RSAPrivateKeyOpFn *p_Atalla_RSAPrivateKeyOpFn = NULL;
215static tfnASI_GetPerformanceStatistics *p_Atalla_GetPerformanceStatistics = NULL; 279static tfnASI_GetPerformanceStatistics *p_Atalla_GetPerformanceStatistics = NULL;
216 280
281/* These are the static string constants for the DSO file name and the function
282 * symbol names to bind to. Regrettably, the DSO name on *nix appears to be
283 * "atasi.so" rather than something more consistent like "libatasi.so". At the
284 * time of writing, I'm not sure what the file name on win32 is but clearly
285 * native name translation is not possible (eg libatasi.so on *nix, and
286 * atasi.dll on win32). For the purposes of testing, I have created a symbollic
287 * link called "libatasi.so" so that we can use native name-translation - a
288 * better solution will be needed. */
289static const char def_ATALLA_LIBNAME[] = "atasi";
290static const char *ATALLA_LIBNAME = def_ATALLA_LIBNAME;
291static const char *ATALLA_F1 = "ASI_GetHardwareConfig";
292static const char *ATALLA_F2 = "ASI_RSAPrivateKeyOpFn";
293static const char *ATALLA_F3 = "ASI_GetPerformanceStatistics";
294
295/* Destructor (complements the "ENGINE_atalla()" constructor) */
296static int atalla_destroy(ENGINE *e)
297 {
298 /* Unload the atalla error strings so any error state including our
299 * functs or reasons won't lead to a segfault (they simply get displayed
300 * without corresponding string data because none will be found). */
301 ERR_unload_ATALLA_strings();
302 return 1;
303 }
304
217/* (de)initialisation functions. */ 305/* (de)initialisation functions. */
218static int atalla_init() 306static int atalla_init(ENGINE *e)
219 { 307 {
220 tfnASI_GetHardwareConfig *p1; 308 tfnASI_GetHardwareConfig *p1;
221 tfnASI_RSAPrivateKeyOpFn *p2; 309 tfnASI_RSAPrivateKeyOpFn *p2;
@@ -226,7 +314,7 @@ static int atalla_init()
226 314
227 if(atalla_dso != NULL) 315 if(atalla_dso != NULL)
228 { 316 {
229 ENGINEerr(ENGINE_F_ATALLA_INIT,ENGINE_R_ALREADY_LOADED); 317 ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_ALREADY_LOADED);
230 goto err; 318 goto err;
231 } 319 }
232 /* Attempt to load libatasi.so/atasi.dll/whatever. Needs to be 320 /* Attempt to load libatasi.so/atasi.dll/whatever. Needs to be
@@ -236,11 +324,10 @@ static int atalla_init()
236 * drivers really use - for now a symbollic link needs to be 324 * drivers really use - for now a symbollic link needs to be
237 * created on the host system from libatasi.so to atasi.so on 325 * created on the host system from libatasi.so to atasi.so on
238 * unix variants. */ 326 * unix variants. */
239 atalla_dso = DSO_load(NULL, ATALLA_LIBNAME, NULL, 327 atalla_dso = DSO_load(NULL, ATALLA_LIBNAME, NULL, 0);
240 DSO_FLAG_NAME_TRANSLATION);
241 if(atalla_dso == NULL) 328 if(atalla_dso == NULL)
242 { 329 {
243 ENGINEerr(ENGINE_F_ATALLA_INIT,ENGINE_R_DSO_FAILURE); 330 ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_NOT_LOADED);
244 goto err; 331 goto err;
245 } 332 }
246 if(!(p1 = (tfnASI_GetHardwareConfig *)DSO_bind_func( 333 if(!(p1 = (tfnASI_GetHardwareConfig *)DSO_bind_func(
@@ -250,7 +337,7 @@ static int atalla_init()
250 !(p3 = (tfnASI_GetPerformanceStatistics *)DSO_bind_func( 337 !(p3 = (tfnASI_GetPerformanceStatistics *)DSO_bind_func(
251 atalla_dso, ATALLA_F3))) 338 atalla_dso, ATALLA_F3)))
252 { 339 {
253 ENGINEerr(ENGINE_F_ATALLA_INIT,ENGINE_R_DSO_FAILURE); 340 ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_NOT_LOADED);
254 goto err; 341 goto err;
255 } 342 }
256 /* Copy the pointers */ 343 /* Copy the pointers */
@@ -261,7 +348,7 @@ static int atalla_init()
261 * running. */ 348 * running. */
262 if(p1(0L, config_buf) != 0) 349 if(p1(0L, config_buf) != 0)
263 { 350 {
264 ENGINEerr(ENGINE_F_ATALLA_INIT,ENGINE_R_UNIT_FAILURE); 351 ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_UNIT_FAILURE);
265 goto err; 352 goto err;
266 } 353 }
267 /* Everything's fine. */ 354 /* Everything's fine. */
@@ -275,16 +362,16 @@ err:
275 return 0; 362 return 0;
276 } 363 }
277 364
278static int atalla_finish() 365static int atalla_finish(ENGINE *e)
279 { 366 {
280 if(atalla_dso == NULL) 367 if(atalla_dso == NULL)
281 { 368 {
282 ENGINEerr(ENGINE_F_ATALLA_FINISH,ENGINE_R_NOT_LOADED); 369 ATALLAerr(ATALLA_F_ATALLA_FINISH,ATALLA_R_NOT_LOADED);
283 return 0; 370 return 0;
284 } 371 }
285 if(!DSO_free(atalla_dso)) 372 if(!DSO_free(atalla_dso))
286 { 373 {
287 ENGINEerr(ENGINE_F_ATALLA_FINISH,ENGINE_R_DSO_FAILURE); 374 ATALLAerr(ATALLA_F_ATALLA_FINISH,ATALLA_R_UNIT_FAILURE);
288 return 0; 375 return 0;
289 } 376 }
290 atalla_dso = NULL; 377 atalla_dso = NULL;
@@ -294,7 +381,32 @@ static int atalla_finish()
294 return 1; 381 return 1;
295 } 382 }
296 383
297static int atalla_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, 384static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
385 {
386 int initialised = ((atalla_dso == NULL) ? 0 : 1);
387 switch(cmd)
388 {
389 case ATALLA_CMD_SO_PATH:
390 if(p == NULL)
391 {
392 ATALLAerr(ATALLA_F_ATALLA_CTRL,ERR_R_PASSED_NULL_PARAMETER);
393 return 0;
394 }
395 if(initialised)
396 {
397 ATALLAerr(ATALLA_F_ATALLA_CTRL,ATALLA_R_ALREADY_LOADED);
398 return 0;
399 }
400 ATALLA_LIBNAME = (const char *)p;
401 return 1;
402 default:
403 break;
404 }
405 ATALLAerr(ATALLA_F_ATALLA_CTRL,ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED);
406 return 0;
407 }
408
409static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
298 const BIGNUM *m, BN_CTX *ctx) 410 const BIGNUM *m, BN_CTX *ctx)
299 { 411 {
300 /* I need somewhere to store temporary serialised values for 412 /* I need somewhere to store temporary serialised values for
@@ -313,26 +425,27 @@ static int atalla_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
313 to_return = 0; /* expect failure */ 425 to_return = 0; /* expect failure */
314 426
315 if(!atalla_dso) 427 if(!atalla_dso)
316 { 428 {
317 ENGINEerr(ENGINE_F_ATALLA_MOD_EXP,ENGINE_R_NOT_LOADED); 429 ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_NOT_LOADED);
318 goto err; 430 goto err;
319 } 431 }
320 /* Prepare the params */ 432 /* Prepare the params */
433 BN_CTX_start(ctx);
321 modulus = BN_CTX_get(ctx); 434 modulus = BN_CTX_get(ctx);
322 exponent = BN_CTX_get(ctx); 435 exponent = BN_CTX_get(ctx);
323 argument = BN_CTX_get(ctx); 436 argument = BN_CTX_get(ctx);
324 result = BN_CTX_get(ctx); 437 result = BN_CTX_get(ctx);
325 if(!modulus || !exponent || !argument || !result) 438 if (!result)
326 { 439 {
327 ENGINEerr(ENGINE_F_ATALLA_MOD_EXP,ENGINE_R_BN_CTX_FULL); 440 ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_BN_CTX_FULL);
328 goto err; 441 goto err;
329 } 442 }
330 if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, m->top) || 443 if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, m->top) ||
331 !bn_wexpand(argument, m->top) || !bn_wexpand(result, m->top)) 444 !bn_wexpand(argument, m->top) || !bn_wexpand(result, m->top))
332 { 445 {
333 ENGINEerr(ENGINE_F_ATALLA_MOD_EXP,ENGINE_R_BN_EXPAND_FAIL); 446 ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_BN_EXPAND_FAIL);
334 goto err; 447 goto err;
335 } 448 }
336 /* Prepare the key-data */ 449 /* Prepare the key-data */
337 memset(&keydata, 0,sizeof keydata); 450 memset(&keydata, 0,sizeof keydata);
338 numbytes = BN_num_bytes(m); 451 numbytes = BN_num_bytes(m);
@@ -352,36 +465,34 @@ static int atalla_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
352 if(p_Atalla_RSAPrivateKeyOpFn(&keydata, (unsigned char *)result->d, 465 if(p_Atalla_RSAPrivateKeyOpFn(&keydata, (unsigned char *)result->d,
353 (unsigned char *)argument->d, 466 (unsigned char *)argument->d,
354 keydata.modulus.len) != 0) 467 keydata.modulus.len) != 0)
355 { 468 {
356 ENGINEerr(ENGINE_F_ATALLA_MOD_EXP,ENGINE_R_REQUEST_FAILED); 469 ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_REQUEST_FAILED);
357 goto err; 470 goto err;
358 } 471 }
359 /* Convert the response */ 472 /* Convert the response */
360 BN_bin2bn((unsigned char *)result->d, numbytes, r); 473 BN_bin2bn((unsigned char *)result->d, numbytes, r);
361 to_return = 1; 474 to_return = 1;
362err: 475err:
363 if(modulus) ctx->tos--; 476 BN_CTX_end(ctx);
364 if(exponent) ctx->tos--;
365 if(argument) ctx->tos--;
366 if(result) ctx->tos--;
367 return to_return; 477 return to_return;
368 } 478 }
369 479
370static int atalla_rsa_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa) 480#ifndef OPENSSL_NO_RSA
481static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
371 { 482 {
372 BN_CTX *ctx = NULL; 483 BN_CTX *ctx = NULL;
373 int to_return = 0; 484 int to_return = 0;
374 485
375 if(!atalla_dso) 486 if(!atalla_dso)
376 { 487 {
377 ENGINEerr(ENGINE_F_ATALLA_RSA_MOD_EXP,ENGINE_R_NOT_LOADED); 488 ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP,ATALLA_R_NOT_LOADED);
378 goto err; 489 goto err;
379 } 490 }
380 if((ctx = BN_CTX_new()) == NULL) 491 if((ctx = BN_CTX_new()) == NULL)
381 goto err; 492 goto err;
382 if(!rsa->d || !rsa->n) 493 if(!rsa->d || !rsa->n)
383 { 494 {
384 ENGINEerr(ENGINE_F_ATALLA_RSA_MOD_EXP,ENGINE_R_MISSING_KEY_COMPONENTS); 495 ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP,ATALLA_R_MISSING_KEY_COMPONENTS);
385 goto err; 496 goto err;
386 } 497 }
387 to_return = atalla_mod_exp(r0, I, rsa->d, rsa->n, ctx); 498 to_return = atalla_mod_exp(r0, I, rsa->d, rsa->n, ctx);
@@ -390,7 +501,9 @@ err:
390 BN_CTX_free(ctx); 501 BN_CTX_free(ctx);
391 return to_return; 502 return to_return;
392 } 503 }
504#endif
393 505
506#ifndef OPENSSL_NO_DSA
394/* This code was liberated and adapted from the commented-out code in 507/* This code was liberated and adapted from the commented-out code in
395 * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration 508 * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration
396 * (it doesn't have a CRT form for RSA), this function means that an 509 * (it doesn't have a CRT form for RSA), this function means that an
@@ -418,27 +531,45 @@ end:
418 return to_return; 531 return to_return;
419 } 532 }
420 533
421
422static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a, 534static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
423 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, 535 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
424 BN_MONT_CTX *m_ctx) 536 BN_MONT_CTX *m_ctx)
425 { 537 {
426 return atalla_mod_exp(r, a, p, m, ctx); 538 return atalla_mod_exp(r, a, p, m, ctx);
427 } 539 }
540#endif
428 541
429/* This function is aliased to mod_exp (with the mont stuff dropped). */ 542/* This function is aliased to mod_exp (with the mont stuff dropped). */
430static int atalla_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p, 543static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
431 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) 544 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
432 { 545 {
433 return atalla_mod_exp(r, a, p, m, ctx); 546 return atalla_mod_exp(r, a, p, m, ctx);
434 } 547 }
435 548
549#ifndef OPENSSL_NO_DH
436/* This function is aliased to mod_exp (with the dh and mont dropped). */ 550/* This function is aliased to mod_exp (with the dh and mont dropped). */
437static int atalla_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p, 551static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r,
552 const BIGNUM *a, const BIGNUM *p,
438 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) 553 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
439 { 554 {
440 return atalla_mod_exp(r, a, p, m, ctx); 555 return atalla_mod_exp(r, a, p, m, ctx);
441 } 556 }
557#endif
558
559/* This stuff is needed if this ENGINE is being compiled into a self-contained
560 * shared-library. */
561#ifdef ENGINE_DYNAMIC_SUPPORT
562static int bind_fn(ENGINE *e, const char *id)
563 {
564 if(id && (strcmp(id, engine_atalla_id) != 0))
565 return 0;
566 if(!bind_helper(e))
567 return 0;
568 return 1;
569 }
570IMPLEMENT_DYNAMIC_CHECK_FN()
571IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
572#endif /* ENGINE_DYNAMIC_SUPPORT */
442 573
443#endif /* !NO_HW_ATALLA */ 574#endif /* !OPENSSL_NO_HW_ATALLA */
444#endif /* !NO_HW */ 575#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libcrypto/engine/hw_cswift.c b/src/lib/libcrypto/engine/hw_cswift.c
index 77608b8983..d8b380550f 100644
--- a/src/lib/libcrypto/engine/hw_cswift.c
+++ b/src/lib/libcrypto/engine/hw_cswift.c
@@ -3,7 +3,7 @@
3 * project 2000. 3 * project 2000.
4 */ 4 */
5/* ==================================================================== 5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 6 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions 9 * modification, are permitted provided that the following conditions
@@ -60,11 +60,10 @@
60#include <openssl/crypto.h> 60#include <openssl/crypto.h>
61#include "cryptlib.h" 61#include "cryptlib.h"
62#include <openssl/dso.h> 62#include <openssl/dso.h>
63#include "engine_int.h"
64#include <openssl/engine.h> 63#include <openssl/engine.h>
65 64
66#ifndef NO_HW 65#ifndef OPENSSL_NO_HW
67#ifndef NO_HW_CSWIFT 66#ifndef OPENSSL_NO_HW_CSWIFT
68 67
69/* Attribution notice: Rainbow have generously allowed me to reproduce 68/* Attribution notice: Rainbow have generously allowed me to reproduce
70 * the necessary definitions here from their API. This means the support 69 * the necessary definitions here from their API. This means the support
@@ -84,33 +83,55 @@
84#include "vendor_defns/cswift.h" 83#include "vendor_defns/cswift.h"
85#endif 84#endif
86 85
87static int cswift_init(void); 86#define CSWIFT_LIB_NAME "cswift engine"
88static int cswift_finish(void); 87#include "hw_cswift_err.c"
88
89static int cswift_destroy(ENGINE *e);
90static int cswift_init(ENGINE *e);
91static int cswift_finish(ENGINE *e);
92static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
89 93
90/* BIGNUM stuff */ 94/* BIGNUM stuff */
91static int cswift_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, 95static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
92 const BIGNUM *m, BN_CTX *ctx); 96 const BIGNUM *m, BN_CTX *ctx);
93static int cswift_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p, 97static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
94 const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1, 98 const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
95 const BIGNUM *iqmp, BN_CTX *ctx); 99 const BIGNUM *iqmp, BN_CTX *ctx);
96 100
101#ifndef OPENSSL_NO_RSA
97/* RSA stuff */ 102/* RSA stuff */
98static int cswift_rsa_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa); 103static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
104#endif
99/* This function is aliased to mod_exp (with the mont stuff dropped). */ 105/* This function is aliased to mod_exp (with the mont stuff dropped). */
100static int cswift_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p, 106static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
101 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); 107 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
102 108
109#ifndef OPENSSL_NO_DSA
103/* DSA stuff */ 110/* DSA stuff */
104static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa); 111static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa);
105static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len, 112static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
106 DSA_SIG *sig, DSA *dsa); 113 DSA_SIG *sig, DSA *dsa);
114#endif
107 115
116#ifndef OPENSSL_NO_DH
108/* DH stuff */ 117/* DH stuff */
109/* This function is alised to mod_exp (with the DH and mont dropped). */ 118/* This function is alised to mod_exp (with the DH and mont dropped). */
110static int cswift_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p, 119static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r,
120 const BIGNUM *a, const BIGNUM *p,
111 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); 121 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
122#endif
112 123
124/* The definitions for control commands specific to this engine */
125#define CSWIFT_CMD_SO_PATH ENGINE_CMD_BASE
126static const ENGINE_CMD_DEFN cswift_cmd_defns[] = {
127 {CSWIFT_CMD_SO_PATH,
128 "SO_PATH",
129 "Specifies the path to the 'cswift' shared library",
130 ENGINE_CMD_FLAG_STRING},
131 {0, NULL, NULL, 0}
132 };
113 133
134#ifndef OPENSSL_NO_RSA
114/* Our internal RSA_METHOD that we provide pointers to */ 135/* Our internal RSA_METHOD that we provide pointers to */
115static RSA_METHOD cswift_rsa = 136static RSA_METHOD cswift_rsa =
116 { 137 {
@@ -128,7 +149,9 @@ static RSA_METHOD cswift_rsa =
128 NULL, 149 NULL,
129 NULL 150 NULL
130 }; 151 };
152#endif
131 153
154#ifndef OPENSSL_NO_DSA
132/* Our internal DSA_METHOD that we provide pointers to */ 155/* Our internal DSA_METHOD that we provide pointers to */
133static DSA_METHOD cswift_dsa = 156static DSA_METHOD cswift_dsa =
134 { 157 {
@@ -143,7 +166,9 @@ static DSA_METHOD cswift_dsa =
143 0, /* flags */ 166 0, /* flags */
144 NULL /* app_data */ 167 NULL /* app_data */
145 }; 168 };
169#endif
146 170
171#ifndef OPENSSL_NO_DH
147/* Our internal DH_METHOD that we provide pointers to */ 172/* Our internal DH_METHOD that we provide pointers to */
148static DH_METHOD cswift_dh = 173static DH_METHOD cswift_dh =
149 { 174 {
@@ -156,35 +181,41 @@ static DH_METHOD cswift_dh =
156 0, 181 0,
157 NULL 182 NULL
158 }; 183 };
184#endif
159 185
160/* Our ENGINE structure. */ 186/* Constants used when creating the ENGINE */
161static ENGINE engine_cswift = 187static const char *engine_cswift_id = "cswift";
162 { 188static const char *engine_cswift_name = "CryptoSwift hardware engine support";
163 "cswift", 189
164 "CryptoSwift hardware engine support", 190/* This internal function is used by ENGINE_cswift() and possibly by the
165 &cswift_rsa, 191 * "dynamic" ENGINE support too */
166 &cswift_dsa, 192static int bind_helper(ENGINE *e)
167 &cswift_dh,
168 NULL,
169 cswift_mod_exp,
170 cswift_mod_exp_crt,
171 cswift_init,
172 cswift_finish,
173 NULL, /* no ctrl() */
174 NULL, /* no load_privkey() */
175 NULL, /* no load_pubkey() */
176 0, /* no flags */
177 0, 0, /* no references */
178 NULL, NULL /* unlinked */
179 };
180
181/* As this is only ever called once, there's no need for locking
182 * (indeed - the lock will already be held by our caller!!!) */
183ENGINE *ENGINE_cswift()
184 { 193 {
185 RSA_METHOD *meth1; 194#ifndef OPENSSL_NO_RSA
186 DH_METHOD *meth2; 195 const RSA_METHOD *meth1;
196#endif
197#ifndef OPENSSL_NO_DH
198 const DH_METHOD *meth2;
199#endif
200 if(!ENGINE_set_id(e, engine_cswift_id) ||
201 !ENGINE_set_name(e, engine_cswift_name) ||
202#ifndef OPENSSL_NO_RSA
203 !ENGINE_set_RSA(e, &cswift_rsa) ||
204#endif
205#ifndef OPENSSL_NO_DSA
206 !ENGINE_set_DSA(e, &cswift_dsa) ||
207#endif
208#ifndef OPENSSL_NO_DH
209 !ENGINE_set_DH(e, &cswift_dh) ||
210#endif
211 !ENGINE_set_destroy_function(e, cswift_destroy) ||
212 !ENGINE_set_init_function(e, cswift_init) ||
213 !ENGINE_set_finish_function(e, cswift_finish) ||
214 !ENGINE_set_ctrl_function(e, cswift_ctrl) ||
215 !ENGINE_set_cmd_defns(e, cswift_cmd_defns))
216 return 0;
187 217
218#ifndef OPENSSL_NO_RSA
188 /* We know that the "PKCS1_SSLeay()" functions hook properly 219 /* We know that the "PKCS1_SSLeay()" functions hook properly
189 * to the cswift-specific mod_exp and mod_exp_crt so we use 220 * to the cswift-specific mod_exp and mod_exp_crt so we use
190 * those functions. NB: We don't use ENGINE_openssl() or 221 * those functions. NB: We don't use ENGINE_openssl() or
@@ -197,12 +228,41 @@ ENGINE *ENGINE_cswift()
197 cswift_rsa.rsa_pub_dec = meth1->rsa_pub_dec; 228 cswift_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
198 cswift_rsa.rsa_priv_enc = meth1->rsa_priv_enc; 229 cswift_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
199 cswift_rsa.rsa_priv_dec = meth1->rsa_priv_dec; 230 cswift_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
231#endif
200 232
233#ifndef OPENSSL_NO_DH
201 /* Much the same for Diffie-Hellman */ 234 /* Much the same for Diffie-Hellman */
202 meth2 = DH_OpenSSL(); 235 meth2 = DH_OpenSSL();
203 cswift_dh.generate_key = meth2->generate_key; 236 cswift_dh.generate_key = meth2->generate_key;
204 cswift_dh.compute_key = meth2->compute_key; 237 cswift_dh.compute_key = meth2->compute_key;
205 return &engine_cswift; 238#endif
239
240 /* Ensure the cswift error handling is set up */
241 ERR_load_CSWIFT_strings();
242 return 1;
243 }
244
245static ENGINE *engine_cswift(void)
246 {
247 ENGINE *ret = ENGINE_new();
248 if(!ret)
249 return NULL;
250 if(!bind_helper(ret))
251 {
252 ENGINE_free(ret);
253 return NULL;
254 }
255 return ret;
256 }
257
258void ENGINE_load_cswift(void)
259 {
260 /* Copied from eng_[openssl|dyn].c */
261 ENGINE *toadd = engine_cswift();
262 if(!toadd) return;
263 ENGINE_add(toadd);
264 ENGINE_free(toadd);
265 ERR_clear_error();
206 } 266 }
207 267
208/* This is a process-global DSO handle used for loading and unloading 268/* This is a process-global DSO handle used for loading and unloading
@@ -220,7 +280,8 @@ t_swSimpleRequest *p_CSwift_SimpleRequest = NULL;
220t_swReleaseAccContext *p_CSwift_ReleaseAccContext = NULL; 280t_swReleaseAccContext *p_CSwift_ReleaseAccContext = NULL;
221 281
222/* Used in the DSO operations. */ 282/* Used in the DSO operations. */
223static const char *CSWIFT_LIBNAME = "swift"; 283static const char def_CSWIFT_LIBNAME[] = "swift";
284static const char *CSWIFT_LIBNAME = def_CSWIFT_LIBNAME;
224static const char *CSWIFT_F1 = "swAcquireAccContext"; 285static const char *CSWIFT_F1 = "swAcquireAccContext";
225static const char *CSWIFT_F2 = "swAttachKeyParam"; 286static const char *CSWIFT_F2 = "swAttachKeyParam";
226static const char *CSWIFT_F3 = "swSimpleRequest"; 287static const char *CSWIFT_F3 = "swSimpleRequest";
@@ -249,8 +310,15 @@ static void release_context(SW_CONTEXT_HANDLE hac)
249 p_CSwift_ReleaseAccContext(hac); 310 p_CSwift_ReleaseAccContext(hac);
250 } 311 }
251 312
313/* Destructor (complements the "ENGINE_cswift()" constructor) */
314static int cswift_destroy(ENGINE *e)
315 {
316 ERR_unload_CSWIFT_strings();
317 return 1;
318 }
319
252/* (de)initialisation functions. */ 320/* (de)initialisation functions. */
253static int cswift_init() 321static int cswift_init(ENGINE *e)
254 { 322 {
255 SW_CONTEXT_HANDLE hac; 323 SW_CONTEXT_HANDLE hac;
256 t_swAcquireAccContext *p1; 324 t_swAcquireAccContext *p1;
@@ -260,15 +328,14 @@ static int cswift_init()
260 328
261 if(cswift_dso != NULL) 329 if(cswift_dso != NULL)
262 { 330 {
263 ENGINEerr(ENGINE_F_CSWIFT_INIT,ENGINE_R_ALREADY_LOADED); 331 CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_ALREADY_LOADED);
264 goto err; 332 goto err;
265 } 333 }
266 /* Attempt to load libswift.so/swift.dll/whatever. */ 334 /* Attempt to load libswift.so/swift.dll/whatever. */
267 cswift_dso = DSO_load(NULL, CSWIFT_LIBNAME, NULL, 335 cswift_dso = DSO_load(NULL, CSWIFT_LIBNAME, NULL, 0);
268 DSO_FLAG_NAME_TRANSLATION);
269 if(cswift_dso == NULL) 336 if(cswift_dso == NULL)
270 { 337 {
271 ENGINEerr(ENGINE_F_CSWIFT_INIT,ENGINE_R_DSO_FAILURE); 338 CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_NOT_LOADED);
272 goto err; 339 goto err;
273 } 340 }
274 if(!(p1 = (t_swAcquireAccContext *) 341 if(!(p1 = (t_swAcquireAccContext *)
@@ -280,7 +347,7 @@ static int cswift_init()
280 !(p4 = (t_swReleaseAccContext *) 347 !(p4 = (t_swReleaseAccContext *)
281 DSO_bind_func(cswift_dso, CSWIFT_F4))) 348 DSO_bind_func(cswift_dso, CSWIFT_F4)))
282 { 349 {
283 ENGINEerr(ENGINE_F_CSWIFT_INIT,ENGINE_R_DSO_FAILURE); 350 CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_NOT_LOADED);
284 goto err; 351 goto err;
285 } 352 }
286 /* Copy the pointers */ 353 /* Copy the pointers */
@@ -292,7 +359,7 @@ static int cswift_init()
292 * accelerator! */ 359 * accelerator! */
293 if(!get_context(&hac)) 360 if(!get_context(&hac))
294 { 361 {
295 ENGINEerr(ENGINE_F_CSWIFT_INIT,ENGINE_R_UNIT_FAILURE); 362 CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_UNIT_FAILURE);
296 goto err; 363 goto err;
297 } 364 }
298 release_context(hac); 365 release_context(hac);
@@ -308,16 +375,16 @@ err:
308 return 0; 375 return 0;
309 } 376 }
310 377
311static int cswift_finish() 378static int cswift_finish(ENGINE *e)
312 { 379 {
313 if(cswift_dso == NULL) 380 if(cswift_dso == NULL)
314 { 381 {
315 ENGINEerr(ENGINE_F_CSWIFT_FINISH,ENGINE_R_NOT_LOADED); 382 CSWIFTerr(CSWIFT_F_CSWIFT_FINISH,CSWIFT_R_NOT_LOADED);
316 return 0; 383 return 0;
317 } 384 }
318 if(!DSO_free(cswift_dso)) 385 if(!DSO_free(cswift_dso))
319 { 386 {
320 ENGINEerr(ENGINE_F_CSWIFT_FINISH,ENGINE_R_DSO_FAILURE); 387 CSWIFTerr(CSWIFT_F_CSWIFT_FINISH,CSWIFT_R_UNIT_FAILURE);
321 return 0; 388 return 0;
322 } 389 }
323 cswift_dso = NULL; 390 cswift_dso = NULL;
@@ -328,8 +395,33 @@ static int cswift_finish()
328 return 1; 395 return 1;
329 } 396 }
330 397
398static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
399 {
400 int initialised = ((cswift_dso == NULL) ? 0 : 1);
401 switch(cmd)
402 {
403 case CSWIFT_CMD_SO_PATH:
404 if(p == NULL)
405 {
406 CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,ERR_R_PASSED_NULL_PARAMETER);
407 return 0;
408 }
409 if(initialised)
410 {
411 CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,CSWIFT_R_ALREADY_LOADED);
412 return 0;
413 }
414 CSWIFT_LIBNAME = (const char *)p;
415 return 1;
416 default:
417 break;
418 }
419 CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED);
420 return 0;
421 }
422
331/* Un petit mod_exp */ 423/* Un petit mod_exp */
332static int cswift_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, 424static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
333 const BIGNUM *m, BN_CTX *ctx) 425 const BIGNUM *m, BN_CTX *ctx)
334 { 426 {
335 /* I need somewhere to store temporary serialised values for 427 /* I need somewhere to store temporary serialised values for
@@ -353,24 +445,25 @@ static int cswift_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
353 445
354 if(!get_context(&hac)) 446 if(!get_context(&hac))
355 { 447 {
356 ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_GET_HANDLE_FAILED); 448 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_UNIT_FAILURE);
357 goto err; 449 goto err;
358 } 450 }
359 acquired = 1; 451 acquired = 1;
360 /* Prepare the params */ 452 /* Prepare the params */
453 BN_CTX_start(ctx);
361 modulus = BN_CTX_get(ctx); 454 modulus = BN_CTX_get(ctx);
362 exponent = BN_CTX_get(ctx); 455 exponent = BN_CTX_get(ctx);
363 argument = BN_CTX_get(ctx); 456 argument = BN_CTX_get(ctx);
364 result = BN_CTX_get(ctx); 457 result = BN_CTX_get(ctx);
365 if(!modulus || !exponent || !argument || !result) 458 if(!result)
366 { 459 {
367 ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_BN_CTX_FULL); 460 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BN_CTX_FULL);
368 goto err; 461 goto err;
369 } 462 }
370 if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, p->top) || 463 if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, p->top) ||
371 !bn_wexpand(argument, a->top) || !bn_wexpand(result, m->top)) 464 !bn_wexpand(argument, a->top) || !bn_wexpand(result, m->top))
372 { 465 {
373 ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_BN_EXPAND_FAIL); 466 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BN_EXPAND_FAIL);
374 goto err; 467 goto err;
375 } 468 }
376 sw_param.type = SW_ALG_EXP; 469 sw_param.type = SW_ALG_EXP;
@@ -387,13 +480,12 @@ static int cswift_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
387 case SW_OK: 480 case SW_OK:
388 break; 481 break;
389 case SW_ERR_INPUT_SIZE: 482 case SW_ERR_INPUT_SIZE:
390 ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP, 483 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BAD_KEY_SIZE);
391 ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
392 goto err; 484 goto err;
393 default: 485 default:
394 { 486 {
395 char tmpbuf[20]; 487 char tmpbuf[20];
396 ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_REQUEST_FAILED); 488 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);
397 sprintf(tmpbuf, "%ld", sw_status); 489 sprintf(tmpbuf, "%ld", sw_status);
398 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); 490 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
399 } 491 }
@@ -410,7 +502,7 @@ static int cswift_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
410 &res, 1)) != SW_OK) 502 &res, 1)) != SW_OK)
411 { 503 {
412 char tmpbuf[20]; 504 char tmpbuf[20];
413 ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP,ENGINE_R_REQUEST_FAILED); 505 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);
414 sprintf(tmpbuf, "%ld", sw_status); 506 sprintf(tmpbuf, "%ld", sw_status);
415 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); 507 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
416 goto err; 508 goto err;
@@ -421,15 +513,12 @@ static int cswift_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
421err: 513err:
422 if(acquired) 514 if(acquired)
423 release_context(hac); 515 release_context(hac);
424 if(modulus) ctx->tos--; 516 BN_CTX_end(ctx);
425 if(exponent) ctx->tos--;
426 if(argument) ctx->tos--;
427 if(result) ctx->tos--;
428 return to_return; 517 return to_return;
429 } 518 }
430 519
431/* Un petit mod_exp chinois */ 520/* Un petit mod_exp chinois */
432static int cswift_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p, 521static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
433 const BIGNUM *q, const BIGNUM *dmp1, 522 const BIGNUM *q, const BIGNUM *dmp1,
434 const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx) 523 const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx)
435 { 524 {
@@ -449,11 +538,12 @@ static int cswift_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
449 538
450 if(!get_context(&hac)) 539 if(!get_context(&hac))
451 { 540 {
452 ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_GET_HANDLE_FAILED); 541 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_UNIT_FAILURE);
453 goto err; 542 goto err;
454 } 543 }
455 acquired = 1; 544 acquired = 1;
456 /* Prepare the params */ 545 /* Prepare the params */
546 BN_CTX_start(ctx);
457 rsa_p = BN_CTX_get(ctx); 547 rsa_p = BN_CTX_get(ctx);
458 rsa_q = BN_CTX_get(ctx); 548 rsa_q = BN_CTX_get(ctx);
459 rsa_dmp1 = BN_CTX_get(ctx); 549 rsa_dmp1 = BN_CTX_get(ctx);
@@ -461,10 +551,9 @@ static int cswift_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
461 rsa_iqmp = BN_CTX_get(ctx); 551 rsa_iqmp = BN_CTX_get(ctx);
462 argument = BN_CTX_get(ctx); 552 argument = BN_CTX_get(ctx);
463 result = BN_CTX_get(ctx); 553 result = BN_CTX_get(ctx);
464 if(!rsa_p || !rsa_q || !rsa_dmp1 || !rsa_dmq1 || !rsa_iqmp || 554 if(!result)
465 !argument || !result)
466 { 555 {
467 ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_BN_CTX_FULL); 556 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_CTX_FULL);
468 goto err; 557 goto err;
469 } 558 }
470 if(!bn_wexpand(rsa_p, p->top) || !bn_wexpand(rsa_q, q->top) || 559 if(!bn_wexpand(rsa_p, p->top) || !bn_wexpand(rsa_q, q->top) ||
@@ -474,7 +563,7 @@ static int cswift_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
474 !bn_wexpand(argument, a->top) || 563 !bn_wexpand(argument, a->top) ||
475 !bn_wexpand(result, p->top + q->top)) 564 !bn_wexpand(result, p->top + q->top))
476 { 565 {
477 ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_BN_EXPAND_FAIL); 566 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
478 goto err; 567 goto err;
479 } 568 }
480 sw_param.type = SW_ALG_CRT; 569 sw_param.type = SW_ALG_CRT;
@@ -498,13 +587,12 @@ static int cswift_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
498 case SW_OK: 587 case SW_OK:
499 break; 588 break;
500 case SW_ERR_INPUT_SIZE: 589 case SW_ERR_INPUT_SIZE:
501 ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT, 590 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BAD_KEY_SIZE);
502 ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
503 goto err; 591 goto err;
504 default: 592 default:
505 { 593 {
506 char tmpbuf[20]; 594 char tmpbuf[20];
507 ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_REQUEST_FAILED); 595 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);
508 sprintf(tmpbuf, "%ld", sw_status); 596 sprintf(tmpbuf, "%ld", sw_status);
509 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); 597 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
510 } 598 }
@@ -521,7 +609,7 @@ static int cswift_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
521 &res, 1)) != SW_OK) 609 &res, 1)) != SW_OK)
522 { 610 {
523 char tmpbuf[20]; 611 char tmpbuf[20];
524 ENGINEerr(ENGINE_F_CSWIFT_MOD_EXP_CRT,ENGINE_R_REQUEST_FAILED); 612 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);
525 sprintf(tmpbuf, "%ld", sw_status); 613 sprintf(tmpbuf, "%ld", sw_status);
526 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); 614 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
527 goto err; 615 goto err;
@@ -532,17 +620,12 @@ static int cswift_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
532err: 620err:
533 if(acquired) 621 if(acquired)
534 release_context(hac); 622 release_context(hac);
535 if(rsa_p) ctx->tos--; 623 BN_CTX_end(ctx);
536 if(rsa_q) ctx->tos--;
537 if(rsa_dmp1) ctx->tos--;
538 if(rsa_dmq1) ctx->tos--;
539 if(rsa_iqmp) ctx->tos--;
540 if(argument) ctx->tos--;
541 if(result) ctx->tos--;
542 return to_return; 624 return to_return;
543 } 625 }
544 626
545static int cswift_rsa_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa) 627#ifndef OPENSSL_NO_RSA
628static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
546 { 629 {
547 BN_CTX *ctx; 630 BN_CTX *ctx;
548 int to_return = 0; 631 int to_return = 0;
@@ -551,7 +634,7 @@ static int cswift_rsa_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
551 goto err; 634 goto err;
552 if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) 635 if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
553 { 636 {
554 ENGINEerr(ENGINE_F_CSWIFT_RSA_MOD_EXP,ENGINE_R_MISSING_KEY_COMPONENTS); 637 CSWIFTerr(CSWIFT_F_CSWIFT_RSA_MOD_EXP,CSWIFT_R_MISSING_KEY_COMPONENTS);
555 goto err; 638 goto err;
556 } 639 }
557 to_return = cswift_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1, 640 to_return = cswift_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
@@ -561,14 +644,16 @@ err:
561 BN_CTX_free(ctx); 644 BN_CTX_free(ctx);
562 return to_return; 645 return to_return;
563 } 646 }
647#endif
564 648
565/* This function is aliased to mod_exp (with the mont stuff dropped). */ 649/* This function is aliased to mod_exp (with the mont stuff dropped). */
566static int cswift_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p, 650static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
567 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) 651 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
568 { 652 {
569 return cswift_mod_exp(r, a, p, m, ctx); 653 return cswift_mod_exp(r, a, p, m, ctx);
570 } 654 }
571 655
656#ifndef OPENSSL_NO_DSA
572static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa) 657static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
573 { 658 {
574 SW_CONTEXT_HANDLE hac; 659 SW_CONTEXT_HANDLE hac;
@@ -589,19 +674,20 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
589 goto err; 674 goto err;
590 if(!get_context(&hac)) 675 if(!get_context(&hac))
591 { 676 {
592 ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_GET_HANDLE_FAILED); 677 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_UNIT_FAILURE);
593 goto err; 678 goto err;
594 } 679 }
595 acquired = 1; 680 acquired = 1;
596 /* Prepare the params */ 681 /* Prepare the params */
682 BN_CTX_start(ctx);
597 dsa_p = BN_CTX_get(ctx); 683 dsa_p = BN_CTX_get(ctx);
598 dsa_q = BN_CTX_get(ctx); 684 dsa_q = BN_CTX_get(ctx);
599 dsa_g = BN_CTX_get(ctx); 685 dsa_g = BN_CTX_get(ctx);
600 dsa_key = BN_CTX_get(ctx); 686 dsa_key = BN_CTX_get(ctx);
601 result = BN_CTX_get(ctx); 687 result = BN_CTX_get(ctx);
602 if(!dsa_p || !dsa_q || !dsa_g || !dsa_key || !result) 688 if(!result)
603 { 689 {
604 ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_BN_CTX_FULL); 690 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BN_CTX_FULL);
605 goto err; 691 goto err;
606 } 692 }
607 if(!bn_wexpand(dsa_p, dsa->p->top) || 693 if(!bn_wexpand(dsa_p, dsa->p->top) ||
@@ -610,7 +696,7 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
610 !bn_wexpand(dsa_key, dsa->priv_key->top) || 696 !bn_wexpand(dsa_key, dsa->priv_key->top) ||
611 !bn_wexpand(result, dsa->p->top)) 697 !bn_wexpand(result, dsa->p->top))
612 { 698 {
613 ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_BN_EXPAND_FAIL); 699 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BN_EXPAND_FAIL);
614 goto err; 700 goto err;
615 } 701 }
616 sw_param.type = SW_ALG_DSA; 702 sw_param.type = SW_ALG_DSA;
@@ -633,13 +719,12 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
633 case SW_OK: 719 case SW_OK:
634 break; 720 break;
635 case SW_ERR_INPUT_SIZE: 721 case SW_ERR_INPUT_SIZE:
636 ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN, 722 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BAD_KEY_SIZE);
637 ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
638 goto err; 723 goto err;
639 default: 724 default:
640 { 725 {
641 char tmpbuf[20]; 726 char tmpbuf[20];
642 ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_REQUEST_FAILED); 727 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);
643 sprintf(tmpbuf, "%ld", sw_status); 728 sprintf(tmpbuf, "%ld", sw_status);
644 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); 729 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
645 } 730 }
@@ -657,7 +742,7 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
657 if(sw_status != SW_OK) 742 if(sw_status != SW_OK)
658 { 743 {
659 char tmpbuf[20]; 744 char tmpbuf[20];
660 ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_REQUEST_FAILED); 745 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);
661 sprintf(tmpbuf, "%ld", sw_status); 746 sprintf(tmpbuf, "%ld", sw_status);
662 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); 747 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
663 goto err; 748 goto err;
@@ -672,13 +757,11 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
672err: 757err:
673 if(acquired) 758 if(acquired)
674 release_context(hac); 759 release_context(hac);
675 if(dsa_p) ctx->tos--;
676 if(dsa_q) ctx->tos--;
677 if(dsa_g) ctx->tos--;
678 if(dsa_key) ctx->tos--;
679 if(result) ctx->tos--;
680 if(ctx) 760 if(ctx)
761 {
762 BN_CTX_end(ctx);
681 BN_CTX_free(ctx); 763 BN_CTX_free(ctx);
764 }
682 return to_return; 765 return to_return;
683 } 766 }
684 767
@@ -703,19 +786,20 @@ static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
703 goto err; 786 goto err;
704 if(!get_context(&hac)) 787 if(!get_context(&hac))
705 { 788 {
706 ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_GET_HANDLE_FAILED); 789 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_UNIT_FAILURE);
707 goto err; 790 goto err;
708 } 791 }
709 acquired = 1; 792 acquired = 1;
710 /* Prepare the params */ 793 /* Prepare the params */
794 BN_CTX_start(ctx);
711 dsa_p = BN_CTX_get(ctx); 795 dsa_p = BN_CTX_get(ctx);
712 dsa_q = BN_CTX_get(ctx); 796 dsa_q = BN_CTX_get(ctx);
713 dsa_g = BN_CTX_get(ctx); 797 dsa_g = BN_CTX_get(ctx);
714 dsa_key = BN_CTX_get(ctx); 798 dsa_key = BN_CTX_get(ctx);
715 argument = BN_CTX_get(ctx); 799 argument = BN_CTX_get(ctx);
716 if(!dsa_p || !dsa_q || !dsa_g || !dsa_key || !argument) 800 if(!argument)
717 { 801 {
718 ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_BN_CTX_FULL); 802 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BN_CTX_FULL);
719 goto err; 803 goto err;
720 } 804 }
721 if(!bn_wexpand(dsa_p, dsa->p->top) || 805 if(!bn_wexpand(dsa_p, dsa->p->top) ||
@@ -724,7 +808,7 @@ static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
724 !bn_wexpand(dsa_key, dsa->pub_key->top) || 808 !bn_wexpand(dsa_key, dsa->pub_key->top) ||
725 !bn_wexpand(argument, 40)) 809 !bn_wexpand(argument, 40))
726 { 810 {
727 ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_BN_EXPAND_FAIL); 811 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BN_EXPAND_FAIL);
728 goto err; 812 goto err;
729 } 813 }
730 sw_param.type = SW_ALG_DSA; 814 sw_param.type = SW_ALG_DSA;
@@ -747,13 +831,12 @@ static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
747 case SW_OK: 831 case SW_OK:
748 break; 832 break;
749 case SW_ERR_INPUT_SIZE: 833 case SW_ERR_INPUT_SIZE:
750 ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY, 834 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BAD_KEY_SIZE);
751 ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
752 goto err; 835 goto err;
753 default: 836 default:
754 { 837 {
755 char tmpbuf[20]; 838 char tmpbuf[20];
756 ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_REQUEST_FAILED); 839 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);
757 sprintf(tmpbuf, "%ld", sw_status); 840 sprintf(tmpbuf, "%ld", sw_status);
758 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); 841 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
759 } 842 }
@@ -775,7 +858,7 @@ static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
775 if(sw_status != SW_OK) 858 if(sw_status != SW_OK)
776 { 859 {
777 char tmpbuf[20]; 860 char tmpbuf[20];
778 ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_REQUEST_FAILED); 861 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);
779 sprintf(tmpbuf, "%ld", sw_status); 862 sprintf(tmpbuf, "%ld", sw_status);
780 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); 863 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
781 goto err; 864 goto err;
@@ -786,22 +869,39 @@ static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
786err: 869err:
787 if(acquired) 870 if(acquired)
788 release_context(hac); 871 release_context(hac);
789 if(dsa_p) ctx->tos--;
790 if(dsa_q) ctx->tos--;
791 if(dsa_g) ctx->tos--;
792 if(dsa_key) ctx->tos--;
793 if(argument) ctx->tos--;
794 if(ctx) 872 if(ctx)
873 {
874 BN_CTX_end(ctx);
795 BN_CTX_free(ctx); 875 BN_CTX_free(ctx);
876 }
796 return to_return; 877 return to_return;
797 } 878 }
879#endif
798 880
881#ifndef OPENSSL_NO_DH
799/* This function is aliased to mod_exp (with the dh and mont dropped). */ 882/* This function is aliased to mod_exp (with the dh and mont dropped). */
800static int cswift_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p, 883static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r,
884 const BIGNUM *a, const BIGNUM *p,
801 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) 885 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
802 { 886 {
803 return cswift_mod_exp(r, a, p, m, ctx); 887 return cswift_mod_exp(r, a, p, m, ctx);
804 } 888 }
889#endif
890
891/* This stuff is needed if this ENGINE is being compiled into a self-contained
892 * shared-library. */
893#ifdef ENGINE_DYNAMIC_SUPPORT
894static int bind_fn(ENGINE *e, const char *id)
895 {
896 if(id && (strcmp(id, engine_cswift_id) != 0))
897 return 0;
898 if(!bind_helper(e))
899 return 0;
900 return 1;
901 }
902IMPLEMENT_DYNAMIC_CHECK_FN()
903IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
904#endif /* ENGINE_DYNAMIC_SUPPORT */
805 905
806#endif /* !NO_HW_CSWIFT */ 906#endif /* !OPENSSL_NO_HW_CSWIFT */
807#endif /* !NO_HW */ 907#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libcrypto/engine/hw_ncipher.c b/src/lib/libcrypto/engine/hw_ncipher.c
index 41f5900676..4762a54e3d 100644
--- a/src/lib/libcrypto/engine/hw_ncipher.c
+++ b/src/lib/libcrypto/engine/hw_ncipher.c
@@ -4,7 +4,7 @@
4 * for the OpenSSL project 2000. 4 * for the OpenSSL project 2000.
5 */ 5 */
6/* ==================================================================== 6/* ====================================================================
7 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 7 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
8 * 8 *
9 * Redistribution and use in source and binary forms, with or without 9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions 10 * modification, are permitted provided that the following conditions
@@ -58,15 +58,16 @@
58 */ 58 */
59 59
60#include <stdio.h> 60#include <stdio.h>
61#include <string.h>
61#include <openssl/crypto.h> 62#include <openssl/crypto.h>
62#include <openssl/pem.h> 63#include <openssl/pem.h>
63#include "cryptlib.h" 64#include "cryptlib.h"
64#include <openssl/dso.h> 65#include <openssl/dso.h>
65#include "engine_int.h"
66#include <openssl/engine.h> 66#include <openssl/engine.h>
67#include <openssl/ui.h>
67 68
68#ifndef NO_HW 69#ifndef OPENSSL_NO_HW
69#ifndef NO_HW_NCIPHER 70#ifndef OPENSSL_NO_HW_NCIPHER
70 71
71/* Attribution notice: nCipher have said several times that it's OK for 72/* Attribution notice: nCipher have said several times that it's OK for
72 * us to implement a general interface to their boxes, and recently declared 73 * us to implement a general interface to their boxes, and recently declared
@@ -82,9 +83,13 @@
82#include "vendor_defns/hwcryptohook.h" 83#include "vendor_defns/hwcryptohook.h"
83#endif 84#endif
84 85
85static int hwcrhk_init(void); 86#define HWCRHK_LIB_NAME "hwcrhk engine"
86static int hwcrhk_finish(void); 87#include "hw_ncipher_err.c"
87static int hwcrhk_ctrl(int cmd, long i, void *p, void (*f)()); 88
89static int hwcrhk_destroy(ENGINE *e);
90static int hwcrhk_init(ENGINE *e);
91static int hwcrhk_finish(ENGINE *e);
92static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
88 93
89/* Functions to handle mutexes */ 94/* Functions to handle mutexes */
90static int hwcrhk_mutex_init(HWCryptoHook_Mutex*, HWCryptoHook_CallerContext*); 95static int hwcrhk_mutex_init(HWCryptoHook_Mutex*, HWCryptoHook_CallerContext*);
@@ -93,39 +98,77 @@ static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex*);
93static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex*); 98static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex*);
94 99
95/* BIGNUM stuff */ 100/* BIGNUM stuff */
96static int hwcrhk_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, 101static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
97 const BIGNUM *m, BN_CTX *ctx); 102 const BIGNUM *m, BN_CTX *ctx);
98 103
104#ifndef OPENSSL_NO_RSA
99/* RSA stuff */ 105/* RSA stuff */
100static int hwcrhk_rsa_mod_exp(BIGNUM *r, BIGNUM *I, RSA *rsa); 106static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa);
107#endif
101/* This function is aliased to mod_exp (with the mont stuff dropped). */ 108/* This function is aliased to mod_exp (with the mont stuff dropped). */
102static int hwcrhk_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p, 109static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
103 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); 110 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
104 111
105/* DH stuff */ 112/* DH stuff */
106/* This function is alised to mod_exp (with the DH and mont dropped). */ 113/* This function is alised to mod_exp (with the DH and mont dropped). */
107static int hwcrhk_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p, 114static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r,
108 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); 115 const BIGNUM *a, const BIGNUM *p,
116 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
109 117
110/* RAND stuff */ 118/* RAND stuff */
111static int hwcrhk_rand_bytes(unsigned char *buf, int num); 119static int hwcrhk_rand_bytes(unsigned char *buf, int num);
112static int hwcrhk_rand_status(void); 120static int hwcrhk_rand_status(void);
113 121
114/* KM stuff */ 122/* KM stuff */
115static EVP_PKEY *hwcrhk_load_privkey(const char *key_id, 123static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
116 const char *passphrase); 124 UI_METHOD *ui_method, void *callback_data);
117static EVP_PKEY *hwcrhk_load_pubkey(const char *key_id, 125static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
118 const char *passphrase); 126 UI_METHOD *ui_method, void *callback_data);
119static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, 127static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
120 int index,long argl, void *argp); 128 int ind,long argl, void *argp);
121 129
122/* Interaction stuff */ 130/* Interaction stuff */
131static int hwcrhk_insert_card(const char *prompt_info,
132 const char *wrong_info,
133 HWCryptoHook_PassphraseContext *ppctx,
134 HWCryptoHook_CallerContext *cactx);
123static int hwcrhk_get_pass(const char *prompt_info, 135static int hwcrhk_get_pass(const char *prompt_info,
124 int *len_io, char *buf, 136 int *len_io, char *buf,
125 HWCryptoHook_PassphraseContext *ppctx, 137 HWCryptoHook_PassphraseContext *ppctx,
126 HWCryptoHook_CallerContext *cactx); 138 HWCryptoHook_CallerContext *cactx);
127static void hwcrhk_log_message(void *logstream, const char *message); 139static void hwcrhk_log_message(void *logstr, const char *message);
140
141/* The definitions for control commands specific to this engine */
142#define HWCRHK_CMD_SO_PATH ENGINE_CMD_BASE
143#define HWCRHK_CMD_FORK_CHECK (ENGINE_CMD_BASE + 1)
144#define HWCRHK_CMD_THREAD_LOCKING (ENGINE_CMD_BASE + 2)
145#define HWCRHK_CMD_SET_USER_INTERFACE (ENGINE_CMD_BASE + 3)
146#define HWCRHK_CMD_SET_CALLBACK_DATA (ENGINE_CMD_BASE + 4)
147static const ENGINE_CMD_DEFN hwcrhk_cmd_defns[] = {
148 {HWCRHK_CMD_SO_PATH,
149 "SO_PATH",
150 "Specifies the path to the 'hwcrhk' shared library",
151 ENGINE_CMD_FLAG_STRING},
152 {HWCRHK_CMD_FORK_CHECK,
153 "FORK_CHECK",
154 "Turns fork() checking on or off (boolean)",
155 ENGINE_CMD_FLAG_NUMERIC},
156 {HWCRHK_CMD_THREAD_LOCKING,
157 "THREAD_LOCKING",
158 "Turns thread-safe locking on or off (boolean)",
159 ENGINE_CMD_FLAG_NUMERIC},
160 {HWCRHK_CMD_SET_USER_INTERFACE,
161 "SET_USER_INTERFACE",
162 "Set the global user interface (internal)",
163 ENGINE_CMD_FLAG_INTERNAL},
164 {HWCRHK_CMD_SET_CALLBACK_DATA,
165 "SET_CALLBACK_DATA",
166 "Set the global user interface extra data (internal)",
167 ENGINE_CMD_FLAG_INTERNAL},
168 {0, NULL, NULL, 0}
169 };
128 170
171#ifndef OPENSSL_NO_RSA
129/* Our internal RSA_METHOD that we provide pointers to */ 172/* Our internal RSA_METHOD that we provide pointers to */
130static RSA_METHOD hwcrhk_rsa = 173static RSA_METHOD hwcrhk_rsa =
131 { 174 {
@@ -143,7 +186,9 @@ static RSA_METHOD hwcrhk_rsa =
143 NULL, 186 NULL,
144 NULL 187 NULL
145 }; 188 };
189#endif
146 190
191#ifndef OPENSSL_NO_DH
147/* Our internal DH_METHOD that we provide pointers to */ 192/* Our internal DH_METHOD that we provide pointers to */
148static DH_METHOD hwcrhk_dh = 193static DH_METHOD hwcrhk_dh =
149 { 194 {
@@ -156,6 +201,7 @@ static DH_METHOD hwcrhk_dh =
156 0, 201 0,
157 NULL 202 NULL
158 }; 203 };
204#endif
159 205
160static RAND_METHOD hwcrhk_rand = 206static RAND_METHOD hwcrhk_rand =
161 { 207 {
@@ -168,26 +214,9 @@ static RAND_METHOD hwcrhk_rand =
168 hwcrhk_rand_status, 214 hwcrhk_rand_status,
169 }; 215 };
170 216
171/* Our ENGINE structure. */ 217/* Constants used when creating the ENGINE */
172static ENGINE engine_hwcrhk = 218static const char *engine_hwcrhk_id = "chil";
173 { 219static const char *engine_hwcrhk_name = "nCipher hardware engine support";
174 "chil",
175 "nCipher hardware engine support",
176 &hwcrhk_rsa,
177 NULL,
178 &hwcrhk_dh,
179 &hwcrhk_rand,
180 hwcrhk_mod_exp,
181 NULL,
182 hwcrhk_init,
183 hwcrhk_finish,
184 hwcrhk_ctrl,
185 hwcrhk_load_privkey,
186 hwcrhk_load_pubkey,
187 0, /* no flags */
188 0, 0, /* no references */
189 NULL, NULL /* unlinked */
190 };
191 220
192/* Internal stuff for HWCryptoHook */ 221/* Internal stuff for HWCryptoHook */
193 222
@@ -204,7 +233,8 @@ struct HWCryptoHook_MutexValue
204 into HWCryptoHook_PassphraseContext */ 233 into HWCryptoHook_PassphraseContext */
205struct HWCryptoHook_PassphraseContextValue 234struct HWCryptoHook_PassphraseContextValue
206 { 235 {
207 void *any; 236 UI_METHOD *ui_method;
237 void *callback_data;
208 }; 238 };
209 239
210/* hwcryptohook.h has some typedefs that turn 240/* hwcryptohook.h has some typedefs that turn
@@ -212,7 +242,10 @@ struct HWCryptoHook_PassphraseContextValue
212 into HWCryptoHook_CallerContext */ 242 into HWCryptoHook_CallerContext */
213struct HWCryptoHook_CallerContextValue 243struct HWCryptoHook_CallerContextValue
214 { 244 {
215 void *any; 245 pem_password_cb *password_callback; /* Deprecated! Only present for
246 backward compatibility! */
247 UI_METHOD *ui_method;
248 void *callback_data;
216 }; 249 };
217 250
218/* The MPI structure in HWCryptoHook is pretty compatible with OpenSSL 251/* The MPI structure in HWCryptoHook is pretty compatible with OpenSSL
@@ -222,31 +255,27 @@ struct HWCryptoHook_CallerContextValue
222#define MPI2BN(bn, mp) \ 255#define MPI2BN(bn, mp) \
223 {mp.size = bn->dmax * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;} 256 {mp.size = bn->dmax * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;}
224 257
225#if 0 /* Card and password management is not yet supported */
226/* HWCryptoHook callbacks. insert_card() and get_pass() are not yet
227 defined, because we haven't quite decided on the proper form yet.
228 log_message() just adds an entry in the error stack. I don't know
229 if that's good or bad... */
230static int insert_card(const char *prompt_info,
231 const char *wrong_info,
232 HWCryptoHook_PassphraseContext *ppctx,
233 HWCryptoHook_CallerContext *cactx);
234static int get_pass(const char *prompt_info,
235 int *len_io, char *buf,
236 HWCryptoHook_PassphraseContext *ppctx,
237 HWCryptoHook_CallerContext *cactx);
238#endif
239
240static BIO *logstream = NULL; 258static BIO *logstream = NULL;
241static pem_password_cb *password_callback = NULL;
242#if 0
243static void *password_callback_userdata = NULL;
244#endif
245static int disable_mutex_callbacks = 0; 259static int disable_mutex_callbacks = 0;
246 260
261/* One might wonder why these are needed, since one can pass down at least
262 a UI_METHOD and a pointer to callback data to the key-loading functions.
263 The thing is that the ModExp and RSAImmed functions can load keys as well,
264 if the data they get is in a special, nCipher-defined format (hint: if you
265 look at the private exponent of the RSA data as a string, you'll see this
266 string: "nCipher KM tool key id", followed by some bytes, followed a key
267 identity string, followed by more bytes. This happens when you use "embed"
268 keys instead of "hwcrhk" keys). Unfortunately, those functions do not take
269 any passphrase or caller context, and our functions can't really take any
270 callback data either. Still, the "insert_card" and "get_passphrase"
271 callbacks may be called down the line, and will need to know what user
272 interface callbacks to call, and having callback data from the application
273 may be a nice thing as well, so we need to keep track of that globally. */
274static HWCryptoHook_CallerContext password_context = { NULL, NULL, NULL };
275
247/* Stuff to pass to the HWCryptoHook library */ 276/* Stuff to pass to the HWCryptoHook library */
248static HWCryptoHook_InitInfo hwcrhk_globals = { 277static HWCryptoHook_InitInfo hwcrhk_globals = {
249 0, /* Flags */ 278 HWCryptoHook_InitFlags_SimpleForkCheck, /* Flags */
250 &logstream, /* logstream */ 279 &logstream, /* logstream */
251 sizeof(BN_ULONG), /* limbsize */ 280 sizeof(BN_ULONG), /* limbsize */
252 0, /* mslimb first: false for BNs */ 281 0, /* mslimb first: false for BNs */
@@ -280,20 +309,42 @@ static HWCryptoHook_InitInfo hwcrhk_globals = {
280 0, /* hwcrhk_cv_destroy, */ 309 0, /* hwcrhk_cv_destroy, */
281 310
282 hwcrhk_get_pass, /* pass phrase */ 311 hwcrhk_get_pass, /* pass phrase */
283 0, /* insert_card, */ /* insert a card */ 312 hwcrhk_insert_card, /* insert a card */
284 hwcrhk_log_message /* Log message */ 313 hwcrhk_log_message /* Log message */
285}; 314};
286 315
287 316
288/* Now, to our own code */ 317/* Now, to our own code */
289 318
290/* As this is only ever called once, there's no need for locking 319/* This internal function is used by ENGINE_ncipher() and possibly by the
291 * (indeed - the lock will already be held by our caller!!!) */ 320 * "dynamic" ENGINE support too */
292ENGINE *ENGINE_ncipher() 321static int bind_helper(ENGINE *e)
293 { 322 {
294 RSA_METHOD *meth1; 323#ifndef OPENSSL_NO_RSA
295 DH_METHOD *meth2; 324 const RSA_METHOD *meth1;
325#endif
326#ifndef OPENSSL_NO_DH
327 const DH_METHOD *meth2;
328#endif
329 if(!ENGINE_set_id(e, engine_hwcrhk_id) ||
330 !ENGINE_set_name(e, engine_hwcrhk_name) ||
331#ifndef OPENSSL_NO_RSA
332 !ENGINE_set_RSA(e, &hwcrhk_rsa) ||
333#endif
334#ifndef OPENSSL_NO_DH
335 !ENGINE_set_DH(e, &hwcrhk_dh) ||
336#endif
337 !ENGINE_set_RAND(e, &hwcrhk_rand) ||
338 !ENGINE_set_destroy_function(e, hwcrhk_destroy) ||
339 !ENGINE_set_init_function(e, hwcrhk_init) ||
340 !ENGINE_set_finish_function(e, hwcrhk_finish) ||
341 !ENGINE_set_ctrl_function(e, hwcrhk_ctrl) ||
342 !ENGINE_set_load_privkey_function(e, hwcrhk_load_privkey) ||
343 !ENGINE_set_load_pubkey_function(e, hwcrhk_load_pubkey) ||
344 !ENGINE_set_cmd_defns(e, hwcrhk_cmd_defns))
345 return 0;
296 346
347#ifndef OPENSSL_NO_RSA
297 /* We know that the "PKCS1_SSLeay()" functions hook properly 348 /* We know that the "PKCS1_SSLeay()" functions hook properly
298 * to the cswift-specific mod_exp and mod_exp_crt so we use 349 * to the cswift-specific mod_exp and mod_exp_crt so we use
299 * those functions. NB: We don't use ENGINE_openssl() or 350 * those functions. NB: We don't use ENGINE_openssl() or
@@ -306,12 +357,41 @@ ENGINE *ENGINE_ncipher()
306 hwcrhk_rsa.rsa_pub_dec = meth1->rsa_pub_dec; 357 hwcrhk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
307 hwcrhk_rsa.rsa_priv_enc = meth1->rsa_priv_enc; 358 hwcrhk_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
308 hwcrhk_rsa.rsa_priv_dec = meth1->rsa_priv_dec; 359 hwcrhk_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
360#endif
309 361
362#ifndef OPENSSL_NO_DH
310 /* Much the same for Diffie-Hellman */ 363 /* Much the same for Diffie-Hellman */
311 meth2 = DH_OpenSSL(); 364 meth2 = DH_OpenSSL();
312 hwcrhk_dh.generate_key = meth2->generate_key; 365 hwcrhk_dh.generate_key = meth2->generate_key;
313 hwcrhk_dh.compute_key = meth2->compute_key; 366 hwcrhk_dh.compute_key = meth2->compute_key;
314 return &engine_hwcrhk; 367#endif
368
369 /* Ensure the hwcrhk error handling is set up */
370 ERR_load_HWCRHK_strings();
371 return 1;
372 }
373
374static ENGINE *engine_ncipher(void)
375 {
376 ENGINE *ret = ENGINE_new();
377 if(!ret)
378 return NULL;
379 if(!bind_helper(ret))
380 {
381 ENGINE_free(ret);
382 return NULL;
383 }
384 return ret;
385 }
386
387void ENGINE_load_chil(void)
388 {
389 /* Copied from eng_[openssl|dyn].c */
390 ENGINE *toadd = engine_ncipher();
391 if(!toadd) return;
392 ENGINE_add(toadd);
393 ENGINE_free(toadd);
394 ERR_clear_error();
315 } 395 }
316 396
317/* This is a process-global DSO handle used for loading and unloading 397/* This is a process-global DSO handle used for loading and unloading
@@ -321,30 +401,41 @@ ENGINE *ENGINE_ncipher()
321 * implicitly. */ 401 * implicitly. */
322static DSO *hwcrhk_dso = NULL; 402static DSO *hwcrhk_dso = NULL;
323static HWCryptoHook_ContextHandle hwcrhk_context = 0; 403static HWCryptoHook_ContextHandle hwcrhk_context = 0;
324static int hndidx = -1; /* Index for KM handle. Not really used yet. */ 404#ifndef OPENSSL_NO_RSA
405static int hndidx_rsa = -1; /* Index for KM handle. Not really used yet. */
406#endif
325 407
326/* These are the function pointers that are (un)set when the library has 408/* These are the function pointers that are (un)set when the library has
327 * successfully (un)loaded. */ 409 * successfully (un)loaded. */
328static HWCryptoHook_Init_t *p_hwcrhk_Init = NULL; 410static HWCryptoHook_Init_t *p_hwcrhk_Init = NULL;
329static HWCryptoHook_Finish_t *p_hwcrhk_Finish = NULL; 411static HWCryptoHook_Finish_t *p_hwcrhk_Finish = NULL;
330static HWCryptoHook_ModExp_t *p_hwcrhk_ModExp = NULL; 412static HWCryptoHook_ModExp_t *p_hwcrhk_ModExp = NULL;
413#ifndef OPENSSL_NO_RSA
331static HWCryptoHook_RSA_t *p_hwcrhk_RSA = NULL; 414static HWCryptoHook_RSA_t *p_hwcrhk_RSA = NULL;
415#endif
332static HWCryptoHook_RandomBytes_t *p_hwcrhk_RandomBytes = NULL; 416static HWCryptoHook_RandomBytes_t *p_hwcrhk_RandomBytes = NULL;
417#ifndef OPENSSL_NO_RSA
333static HWCryptoHook_RSALoadKey_t *p_hwcrhk_RSALoadKey = NULL; 418static HWCryptoHook_RSALoadKey_t *p_hwcrhk_RSALoadKey = NULL;
334static HWCryptoHook_RSAGetPublicKey_t *p_hwcrhk_RSAGetPublicKey = NULL; 419static HWCryptoHook_RSAGetPublicKey_t *p_hwcrhk_RSAGetPublicKey = NULL;
335static HWCryptoHook_RSAUnloadKey_t *p_hwcrhk_RSAUnloadKey = NULL; 420static HWCryptoHook_RSAUnloadKey_t *p_hwcrhk_RSAUnloadKey = NULL;
421#endif
336static HWCryptoHook_ModExpCRT_t *p_hwcrhk_ModExpCRT = NULL; 422static HWCryptoHook_ModExpCRT_t *p_hwcrhk_ModExpCRT = NULL;
337 423
338/* Used in the DSO operations. */ 424/* Used in the DSO operations. */
339static const char *HWCRHK_LIBNAME = "nfhwcrhk"; 425static const char def_HWCRHK_LIBNAME[] = "nfhwcrhk";
426static const char *HWCRHK_LIBNAME = def_HWCRHK_LIBNAME;
340static const char *n_hwcrhk_Init = "HWCryptoHook_Init"; 427static const char *n_hwcrhk_Init = "HWCryptoHook_Init";
341static const char *n_hwcrhk_Finish = "HWCryptoHook_Finish"; 428static const char *n_hwcrhk_Finish = "HWCryptoHook_Finish";
342static const char *n_hwcrhk_ModExp = "HWCryptoHook_ModExp"; 429static const char *n_hwcrhk_ModExp = "HWCryptoHook_ModExp";
430#ifndef OPENSSL_NO_RSA
343static const char *n_hwcrhk_RSA = "HWCryptoHook_RSA"; 431static const char *n_hwcrhk_RSA = "HWCryptoHook_RSA";
432#endif
344static const char *n_hwcrhk_RandomBytes = "HWCryptoHook_RandomBytes"; 433static const char *n_hwcrhk_RandomBytes = "HWCryptoHook_RandomBytes";
434#ifndef OPENSSL_NO_RSA
345static const char *n_hwcrhk_RSALoadKey = "HWCryptoHook_RSALoadKey"; 435static const char *n_hwcrhk_RSALoadKey = "HWCryptoHook_RSALoadKey";
346static const char *n_hwcrhk_RSAGetPublicKey = "HWCryptoHook_RSAGetPublicKey"; 436static const char *n_hwcrhk_RSAGetPublicKey = "HWCryptoHook_RSAGetPublicKey";
347static const char *n_hwcrhk_RSAUnloadKey = "HWCryptoHook_RSAUnloadKey"; 437static const char *n_hwcrhk_RSAUnloadKey = "HWCryptoHook_RSAUnloadKey";
438#endif
348static const char *n_hwcrhk_ModExpCRT = "HWCryptoHook_ModExpCRT"; 439static const char *n_hwcrhk_ModExpCRT = "HWCryptoHook_ModExpCRT";
349 440
350/* HWCryptoHook library functions and mechanics - these are used by the 441/* HWCryptoHook library functions and mechanics - these are used by the
@@ -353,16 +444,17 @@ static const char *n_hwcrhk_ModExpCRT = "HWCryptoHook_ModExpCRT";
353 * called, the checking and error handling is probably down there. */ 444 * called, the checking and error handling is probably down there. */
354 445
355/* utility function to obtain a context */ 446/* utility function to obtain a context */
356static int get_context(HWCryptoHook_ContextHandle *hac) 447static int get_context(HWCryptoHook_ContextHandle *hac,
448 HWCryptoHook_CallerContext *cac)
357 { 449 {
358 char tempbuf[1024]; 450 char tempbuf[1024];
359 HWCryptoHook_ErrMsgBuf rmsg; 451 HWCryptoHook_ErrMsgBuf rmsg;
360 452
361 rmsg.buf = tempbuf; 453 rmsg.buf = tempbuf;
362 rmsg.size = 1024; 454 rmsg.size = sizeof(tempbuf);
363 455
364 *hac = p_hwcrhk_Init(&hwcrhk_globals, sizeof(hwcrhk_globals), &rmsg, 456 *hac = p_hwcrhk_Init(&hwcrhk_globals, sizeof(hwcrhk_globals), &rmsg,
365 NULL); 457 cac);
366 if (!*hac) 458 if (!*hac)
367 return 0; 459 return 0;
368 return 1; 460 return 1;
@@ -374,30 +466,38 @@ static void release_context(HWCryptoHook_ContextHandle hac)
374 p_hwcrhk_Finish(hac); 466 p_hwcrhk_Finish(hac);
375 } 467 }
376 468
469/* Destructor (complements the "ENGINE_ncipher()" constructor) */
470static int hwcrhk_destroy(ENGINE *e)
471 {
472 ERR_unload_HWCRHK_strings();
473 return 1;
474 }
475
377/* (de)initialisation functions. */ 476/* (de)initialisation functions. */
378static int hwcrhk_init() 477static int hwcrhk_init(ENGINE *e)
379 { 478 {
380 HWCryptoHook_Init_t *p1; 479 HWCryptoHook_Init_t *p1;
381 HWCryptoHook_Finish_t *p2; 480 HWCryptoHook_Finish_t *p2;
382 HWCryptoHook_ModExp_t *p3; 481 HWCryptoHook_ModExp_t *p3;
482#ifndef OPENSSL_NO_RSA
383 HWCryptoHook_RSA_t *p4; 483 HWCryptoHook_RSA_t *p4;
384 HWCryptoHook_RSALoadKey_t *p5; 484 HWCryptoHook_RSALoadKey_t *p5;
385 HWCryptoHook_RSAGetPublicKey_t *p6; 485 HWCryptoHook_RSAGetPublicKey_t *p6;
386 HWCryptoHook_RSAUnloadKey_t *p7; 486 HWCryptoHook_RSAUnloadKey_t *p7;
487#endif
387 HWCryptoHook_RandomBytes_t *p8; 488 HWCryptoHook_RandomBytes_t *p8;
388 HWCryptoHook_ModExpCRT_t *p9; 489 HWCryptoHook_ModExpCRT_t *p9;
389 490
390 if(hwcrhk_dso != NULL) 491 if(hwcrhk_dso != NULL)
391 { 492 {
392 ENGINEerr(ENGINE_F_HWCRHK_INIT,ENGINE_R_ALREADY_LOADED); 493 HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_ALREADY_LOADED);
393 goto err; 494 goto err;
394 } 495 }
395 /* Attempt to load libnfhwcrhk.so/nfhwcrhk.dll/whatever. */ 496 /* Attempt to load libnfhwcrhk.so/nfhwcrhk.dll/whatever. */
396 hwcrhk_dso = DSO_load(NULL, HWCRHK_LIBNAME, NULL, 497 hwcrhk_dso = DSO_load(NULL, HWCRHK_LIBNAME, NULL, 0);
397 DSO_FLAG_NAME_TRANSLATION);
398 if(hwcrhk_dso == NULL) 498 if(hwcrhk_dso == NULL)
399 { 499 {
400 ENGINEerr(ENGINE_F_HWCRHK_INIT,ENGINE_R_DSO_FAILURE); 500 HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DSO_FAILURE);
401 goto err; 501 goto err;
402 } 502 }
403 if(!(p1 = (HWCryptoHook_Init_t *) 503 if(!(p1 = (HWCryptoHook_Init_t *)
@@ -406,6 +506,7 @@ static int hwcrhk_init()
406 DSO_bind_func(hwcrhk_dso, n_hwcrhk_Finish)) || 506 DSO_bind_func(hwcrhk_dso, n_hwcrhk_Finish)) ||
407 !(p3 = (HWCryptoHook_ModExp_t *) 507 !(p3 = (HWCryptoHook_ModExp_t *)
408 DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExp)) || 508 DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExp)) ||
509#ifndef OPENSSL_NO_RSA
409 !(p4 = (HWCryptoHook_RSA_t *) 510 !(p4 = (HWCryptoHook_RSA_t *)
410 DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSA)) || 511 DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSA)) ||
411 !(p5 = (HWCryptoHook_RSALoadKey_t *) 512 !(p5 = (HWCryptoHook_RSALoadKey_t *)
@@ -414,22 +515,25 @@ static int hwcrhk_init()
414 DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAGetPublicKey)) || 515 DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAGetPublicKey)) ||
415 !(p7 = (HWCryptoHook_RSAUnloadKey_t *) 516 !(p7 = (HWCryptoHook_RSAUnloadKey_t *)
416 DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAUnloadKey)) || 517 DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAUnloadKey)) ||
518#endif
417 !(p8 = (HWCryptoHook_RandomBytes_t *) 519 !(p8 = (HWCryptoHook_RandomBytes_t *)
418 DSO_bind_func(hwcrhk_dso, n_hwcrhk_RandomBytes)) || 520 DSO_bind_func(hwcrhk_dso, n_hwcrhk_RandomBytes)) ||
419 !(p9 = (HWCryptoHook_ModExpCRT_t *) 521 !(p9 = (HWCryptoHook_ModExpCRT_t *)
420 DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExpCRT))) 522 DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExpCRT)))
421 { 523 {
422 ENGINEerr(ENGINE_F_HWCRHK_INIT,ENGINE_R_DSO_FAILURE); 524 HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DSO_FAILURE);
423 goto err; 525 goto err;
424 } 526 }
425 /* Copy the pointers */ 527 /* Copy the pointers */
426 p_hwcrhk_Init = p1; 528 p_hwcrhk_Init = p1;
427 p_hwcrhk_Finish = p2; 529 p_hwcrhk_Finish = p2;
428 p_hwcrhk_ModExp = p3; 530 p_hwcrhk_ModExp = p3;
531#ifndef OPENSSL_NO_RSA
429 p_hwcrhk_RSA = p4; 532 p_hwcrhk_RSA = p4;
430 p_hwcrhk_RSALoadKey = p5; 533 p_hwcrhk_RSALoadKey = p5;
431 p_hwcrhk_RSAGetPublicKey = p6; 534 p_hwcrhk_RSAGetPublicKey = p6;
432 p_hwcrhk_RSAUnloadKey = p7; 535 p_hwcrhk_RSAUnloadKey = p7;
536#endif
433 p_hwcrhk_RandomBytes = p8; 537 p_hwcrhk_RandomBytes = p8;
434 p_hwcrhk_ModExpCRT = p9; 538 p_hwcrhk_ModExpCRT = p9;
435 539
@@ -448,16 +552,18 @@ static int hwcrhk_init()
448 552
449 /* Try and get a context - if not, we may have a DSO but no 553 /* Try and get a context - if not, we may have a DSO but no
450 * accelerator! */ 554 * accelerator! */
451 if(!get_context(&hwcrhk_context)) 555 if(!get_context(&hwcrhk_context, &password_context))
452 { 556 {
453 ENGINEerr(ENGINE_F_HWCRHK_INIT,ENGINE_R_UNIT_FAILURE); 557 HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_UNIT_FAILURE);
454 goto err; 558 goto err;
455 } 559 }
456 /* Everything's fine. */ 560 /* Everything's fine. */
457 if (hndidx == -1) 561#ifndef OPENSSL_NO_RSA
458 hndidx = RSA_get_ex_new_index(0, 562 if (hndidx_rsa == -1)
563 hndidx_rsa = RSA_get_ex_new_index(0,
459 "nFast HWCryptoHook RSA key handle", 564 "nFast HWCryptoHook RSA key handle",
460 NULL, NULL, hwcrhk_ex_free); 565 NULL, NULL, hwcrhk_ex_free);
566#endif
461 return 1; 567 return 1;
462err: 568err:
463 if(hwcrhk_dso) 569 if(hwcrhk_dso)
@@ -466,28 +572,30 @@ err:
466 p_hwcrhk_Init = NULL; 572 p_hwcrhk_Init = NULL;
467 p_hwcrhk_Finish = NULL; 573 p_hwcrhk_Finish = NULL;
468 p_hwcrhk_ModExp = NULL; 574 p_hwcrhk_ModExp = NULL;
575#ifndef OPENSSL_NO_RSA
469 p_hwcrhk_RSA = NULL; 576 p_hwcrhk_RSA = NULL;
470 p_hwcrhk_RSALoadKey = NULL; 577 p_hwcrhk_RSALoadKey = NULL;
471 p_hwcrhk_RSAGetPublicKey = NULL; 578 p_hwcrhk_RSAGetPublicKey = NULL;
472 p_hwcrhk_RSAUnloadKey = NULL; 579 p_hwcrhk_RSAUnloadKey = NULL;
580#endif
473 p_hwcrhk_ModExpCRT = NULL; 581 p_hwcrhk_ModExpCRT = NULL;
474 p_hwcrhk_RandomBytes = NULL; 582 p_hwcrhk_RandomBytes = NULL;
475 return 0; 583 return 0;
476 } 584 }
477 585
478static int hwcrhk_finish() 586static int hwcrhk_finish(ENGINE *e)
479 { 587 {
480 int to_return = 1; 588 int to_return = 1;
481 if(hwcrhk_dso == NULL) 589 if(hwcrhk_dso == NULL)
482 { 590 {
483 ENGINEerr(ENGINE_F_HWCRHK_FINISH,ENGINE_R_NOT_LOADED); 591 HWCRHKerr(HWCRHK_F_HWCRHK_FINISH,HWCRHK_R_NOT_LOADED);
484 to_return = 0; 592 to_return = 0;
485 goto err; 593 goto err;
486 } 594 }
487 release_context(hwcrhk_context); 595 release_context(hwcrhk_context);
488 if(!DSO_free(hwcrhk_dso)) 596 if(!DSO_free(hwcrhk_dso))
489 { 597 {
490 ENGINEerr(ENGINE_F_HWCRHK_FINISH,ENGINE_R_DSO_FAILURE); 598 HWCRHKerr(HWCRHK_F_HWCRHK_FINISH,HWCRHK_R_DSO_FAILURE);
491 to_return = 0; 599 to_return = 0;
492 goto err; 600 goto err;
493 } 601 }
@@ -498,21 +606,36 @@ static int hwcrhk_finish()
498 p_hwcrhk_Init = NULL; 606 p_hwcrhk_Init = NULL;
499 p_hwcrhk_Finish = NULL; 607 p_hwcrhk_Finish = NULL;
500 p_hwcrhk_ModExp = NULL; 608 p_hwcrhk_ModExp = NULL;
609#ifndef OPENSSL_NO_RSA
501 p_hwcrhk_RSA = NULL; 610 p_hwcrhk_RSA = NULL;
502 p_hwcrhk_RSALoadKey = NULL; 611 p_hwcrhk_RSALoadKey = NULL;
503 p_hwcrhk_RSAGetPublicKey = NULL; 612 p_hwcrhk_RSAGetPublicKey = NULL;
504 p_hwcrhk_RSAUnloadKey = NULL; 613 p_hwcrhk_RSAUnloadKey = NULL;
614#endif
505 p_hwcrhk_ModExpCRT = NULL; 615 p_hwcrhk_ModExpCRT = NULL;
506 p_hwcrhk_RandomBytes = NULL; 616 p_hwcrhk_RandomBytes = NULL;
507 return to_return; 617 return to_return;
508 } 618 }
509 619
510static int hwcrhk_ctrl(int cmd, long i, void *p, void (*f)()) 620static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
511 { 621 {
512 int to_return = 1; 622 int to_return = 1;
513 623
514 switch(cmd) 624 switch(cmd)
515 { 625 {
626 case HWCRHK_CMD_SO_PATH:
627 if(hwcrhk_dso)
628 {
629 HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,HWCRHK_R_ALREADY_LOADED);
630 return 0;
631 }
632 if(p == NULL)
633 {
634 HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,ERR_R_PASSED_NULL_PARAMETER);
635 return 0;
636 }
637 HWCRHK_LIBNAME = (const char *)p;
638 return 1;
516 case ENGINE_CTRL_SET_LOGSTREAM: 639 case ENGINE_CTRL_SET_LOGSTREAM:
517 { 640 {
518 BIO *bio = (BIO *)p; 641 BIO *bio = (BIO *)p;
@@ -526,18 +649,31 @@ static int hwcrhk_ctrl(int cmd, long i, void *p, void (*f)())
526 if (CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO) > 1) 649 if (CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO) > 1)
527 logstream = bio; 650 logstream = bio;
528 else 651 else
529 ENGINEerr(ENGINE_F_HWCRHK_CTRL,ENGINE_R_BIO_WAS_FREED); 652 HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,HWCRHK_R_BIO_WAS_FREED);
530 } 653 }
531 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); 654 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
532 break; 655 break;
533 case ENGINE_CTRL_SET_PASSWORD_CALLBACK: 656 case ENGINE_CTRL_SET_PASSWORD_CALLBACK:
534 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); 657 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
535 password_callback = (pem_password_cb *)f; 658 password_context.password_callback = (pem_password_cb *)f;
659 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
660 break;
661 case ENGINE_CTRL_SET_USER_INTERFACE:
662 case HWCRHK_CMD_SET_USER_INTERFACE:
663 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
664 password_context.ui_method = (UI_METHOD *)p;
665 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
666 break;
667 case ENGINE_CTRL_SET_CALLBACK_DATA:
668 case HWCRHK_CMD_SET_CALLBACK_DATA:
669 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
670 password_context.callback_data = p;
536 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); 671 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
537 break; 672 break;
538 /* this enables or disables the "SimpleForkCheck" flag used in the 673 /* this enables or disables the "SimpleForkCheck" flag used in the
539 * initialisation structure. */ 674 * initialisation structure. */
540 case ENGINE_CTRL_CHIL_SET_FORKCHECK: 675 case ENGINE_CTRL_CHIL_SET_FORKCHECK:
676 case HWCRHK_CMD_FORK_CHECK:
541 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); 677 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
542 if(i) 678 if(i)
543 hwcrhk_globals.flags |= 679 hwcrhk_globals.flags |=
@@ -557,11 +693,16 @@ static int hwcrhk_ctrl(int cmd, long i, void *p, void (*f)())
557 disable_mutex_callbacks = 1; 693 disable_mutex_callbacks = 1;
558 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); 694 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
559 break; 695 break;
696 case HWCRHK_CMD_THREAD_LOCKING:
697 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
698 disable_mutex_callbacks = ((i == 0) ? 0 : 1);
699 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
700 break;
560 701
561 /* The command isn't understood by this engine */ 702 /* The command isn't understood by this engine */
562 default: 703 default:
563 ENGINEerr(ENGINE_F_HWCRHK_CTRL, 704 HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,
564 ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED); 705 HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
565 to_return = 0; 706 to_return = 0;
566 break; 707 break;
567 } 708 }
@@ -569,44 +710,62 @@ static int hwcrhk_ctrl(int cmd, long i, void *p, void (*f)())
569 return to_return; 710 return to_return;
570 } 711 }
571 712
572static EVP_PKEY *hwcrhk_load_privkey(const char *key_id, 713static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
573 const char *passphrase) 714 UI_METHOD *ui_method, void *callback_data)
574 { 715 {
716#ifndef OPENSSL_NO_RSA
575 RSA *rtmp = NULL; 717 RSA *rtmp = NULL;
718#endif
576 EVP_PKEY *res = NULL; 719 EVP_PKEY *res = NULL;
720#ifndef OPENSSL_NO_RSA
577 HWCryptoHook_MPI e, n; 721 HWCryptoHook_MPI e, n;
578 HWCryptoHook_RSAKeyHandle *hptr; 722 HWCryptoHook_RSAKeyHandle *hptr;
723#endif
724#if !defined(OPENSSL_NO_RSA)
725 char tempbuf[1024];
579 HWCryptoHook_ErrMsgBuf rmsg; 726 HWCryptoHook_ErrMsgBuf rmsg;
727#endif
728 HWCryptoHook_PassphraseContext ppctx;
729
730#if !defined(OPENSSL_NO_RSA)
731 rmsg.buf = tempbuf;
732 rmsg.size = sizeof(tempbuf);
733#endif
580 734
581 if(!hwcrhk_context) 735 if(!hwcrhk_context)
582 { 736 {
583 ENGINEerr(ENGINE_F_HWCRHK_LOAD_PRIVKEY, 737 HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
584 ENGINE_R_NOT_INITIALISED); 738 HWCRHK_R_NOT_INITIALISED);
585 goto err; 739 goto err;
586 } 740 }
741#ifndef OPENSSL_NO_RSA
587 hptr = OPENSSL_malloc(sizeof(HWCryptoHook_RSAKeyHandle)); 742 hptr = OPENSSL_malloc(sizeof(HWCryptoHook_RSAKeyHandle));
588 if (!hptr) 743 if (!hptr)
589 { 744 {
590 ENGINEerr(ENGINE_F_HWCRHK_LOAD_PRIVKEY, 745 HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
591 ERR_R_MALLOC_FAILURE); 746 ERR_R_MALLOC_FAILURE);
592 goto err; 747 goto err;
593 } 748 }
749 ppctx.ui_method = ui_method;
750 ppctx.callback_data = callback_data;
594 if (p_hwcrhk_RSALoadKey(hwcrhk_context, key_id, hptr, 751 if (p_hwcrhk_RSALoadKey(hwcrhk_context, key_id, hptr,
595 &rmsg, NULL)) 752 &rmsg, &ppctx))
596 { 753 {
597 ENGINEerr(ENGINE_F_HWCRHK_LOAD_PRIVKEY, 754 HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
598 ENGINE_R_CHIL_ERROR); 755 HWCRHK_R_CHIL_ERROR);
599 ERR_add_error_data(1,rmsg.buf); 756 ERR_add_error_data(1,rmsg.buf);
600 goto err; 757 goto err;
601 } 758 }
602 if (!*hptr) 759 if (!*hptr)
603 { 760 {
604 ENGINEerr(ENGINE_F_HWCRHK_LOAD_PRIVKEY, 761 HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
605 ENGINE_R_NO_KEY); 762 HWCRHK_R_NO_KEY);
606 goto err; 763 goto err;
607 } 764 }
608 rtmp = RSA_new_method(&engine_hwcrhk); 765#endif
609 RSA_set_ex_data(rtmp, hndidx, (char *)hptr); 766#ifndef OPENSSL_NO_RSA
767 rtmp = RSA_new_method(eng);
768 RSA_set_ex_data(rtmp, hndidx_rsa, (char *)hptr);
610 rtmp->e = BN_new(); 769 rtmp->e = BN_new();
611 rtmp->n = BN_new(); 770 rtmp->n = BN_new();
612 rtmp->flags |= RSA_FLAG_EXT_PKEY; 771 rtmp->flags |= RSA_FLAG_EXT_PKEY;
@@ -615,11 +774,11 @@ static EVP_PKEY *hwcrhk_load_privkey(const char *key_id,
615 if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg) 774 if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg)
616 != HWCRYPTOHOOK_ERROR_MPISIZE) 775 != HWCRYPTOHOOK_ERROR_MPISIZE)
617 { 776 {
618 ENGINEerr(ENGINE_F_HWCRHK_LOAD_PUBKEY,ENGINE_R_CHIL_ERROR); 777 HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,HWCRHK_R_CHIL_ERROR);
619 ERR_add_error_data(1,rmsg.buf); 778 ERR_add_error_data(1,rmsg.buf);
620 goto err; 779 goto err;
621 } 780 }
622 781
623 bn_expand2(rtmp->e, e.size/sizeof(BN_ULONG)); 782 bn_expand2(rtmp->e, e.size/sizeof(BN_ULONG));
624 bn_expand2(rtmp->n, n.size/sizeof(BN_ULONG)); 783 bn_expand2(rtmp->n, n.size/sizeof(BN_ULONG));
625 MPI2BN(rtmp->e, e); 784 MPI2BN(rtmp->e, e);
@@ -627,8 +786,8 @@ static EVP_PKEY *hwcrhk_load_privkey(const char *key_id,
627 786
628 if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg)) 787 if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg))
629 { 788 {
630 ENGINEerr(ENGINE_F_HWCRHK_LOAD_PUBKEY, 789 HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,
631 ENGINE_R_CHIL_ERROR); 790 HWCRHK_R_CHIL_ERROR);
632 ERR_add_error_data(1,rmsg.buf); 791 ERR_add_error_data(1,rmsg.buf);
633 goto err; 792 goto err;
634 } 793 }
@@ -639,23 +798,37 @@ static EVP_PKEY *hwcrhk_load_privkey(const char *key_id,
639 798
640 res = EVP_PKEY_new(); 799 res = EVP_PKEY_new();
641 EVP_PKEY_assign_RSA(res, rtmp); 800 EVP_PKEY_assign_RSA(res, rtmp);
801#endif
802
803 if (!res)
804 HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,
805 HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED);
642 806
643 return res; 807 return res;
644 err: 808 err:
645 if (res) 809 if (res)
646 EVP_PKEY_free(res); 810 EVP_PKEY_free(res);
811#ifndef OPENSSL_NO_RSA
647 if (rtmp) 812 if (rtmp)
648 RSA_free(rtmp); 813 RSA_free(rtmp);
814#endif
649 return NULL; 815 return NULL;
650 } 816 }
651 817
652static EVP_PKEY *hwcrhk_load_pubkey(const char *key_id, const char *passphrase) 818static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
819 UI_METHOD *ui_method, void *callback_data)
653 { 820 {
654 EVP_PKEY *res = hwcrhk_load_privkey(key_id, passphrase); 821 EVP_PKEY *res = NULL;
822
823#ifndef OPENSSL_NO_RSA
824 res = hwcrhk_load_privkey(eng, key_id,
825 ui_method, callback_data);
826#endif
655 827
656 if (res) 828 if (res)
657 switch(res->type) 829 switch(res->type)
658 { 830 {
831#ifndef OPENSSL_NO_RSA
659 case EVP_PKEY_RSA: 832 case EVP_PKEY_RSA:
660 { 833 {
661 RSA *rsa = NULL; 834 RSA *rsa = NULL;
@@ -665,12 +838,16 @@ static EVP_PKEY *hwcrhk_load_pubkey(const char *key_id, const char *passphrase)
665 res->pkey.rsa = RSA_new(); 838 res->pkey.rsa = RSA_new();
666 res->pkey.rsa->n = rsa->n; 839 res->pkey.rsa->n = rsa->n;
667 res->pkey.rsa->e = rsa->e; 840 res->pkey.rsa->e = rsa->e;
841 rsa->n = NULL;
842 rsa->e = NULL;
668 CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); 843 CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
669 RSA_free(rsa); 844 RSA_free(rsa);
670 } 845 }
846 break;
847#endif
671 default: 848 default:
672 ENGINEerr(ENGINE_F_HWCRHK_LOAD_PUBKEY, 849 HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,
673 ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED); 850 HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
674 goto err; 851 goto err;
675 } 852 }
676 853
@@ -682,7 +859,7 @@ static EVP_PKEY *hwcrhk_load_pubkey(const char *key_id, const char *passphrase)
682 } 859 }
683 860
684/* A little mod_exp */ 861/* A little mod_exp */
685static int hwcrhk_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, 862static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
686 const BIGNUM *m, BN_CTX *ctx) 863 const BIGNUM *m, BN_CTX *ctx)
687 { 864 {
688 char tempbuf[1024]; 865 char tempbuf[1024];
@@ -695,11 +872,11 @@ static int hwcrhk_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
695 872
696 to_return = 0; /* expect failure */ 873 to_return = 0; /* expect failure */
697 rmsg.buf = tempbuf; 874 rmsg.buf = tempbuf;
698 rmsg.size = 1024; 875 rmsg.size = sizeof(tempbuf);
699 876
700 if(!hwcrhk_context) 877 if(!hwcrhk_context)
701 { 878 {
702 ENGINEerr(ENGINE_F_HWCRHK_MOD_EXP,ENGINE_R_NOT_INITIALISED); 879 HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_NOT_INITIALISED);
703 goto err; 880 goto err;
704 } 881 }
705 /* Prepare the params */ 882 /* Prepare the params */
@@ -723,11 +900,11 @@ static int hwcrhk_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
723 might be a good thing. */ 900 might be a good thing. */
724 if(ret == HWCRYPTOHOOK_ERROR_FALLBACK) 901 if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
725 { 902 {
726 ENGINEerr(ENGINE_F_HWCRHK_MOD_EXP,ENGINE_R_REQUEST_FALLBACK); 903 HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_REQUEST_FALLBACK);
727 } 904 }
728 else 905 else
729 { 906 {
730 ENGINEerr(ENGINE_F_HWCRHK_MOD_EXP,ENGINE_R_REQUEST_FAILED); 907 HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_REQUEST_FAILED);
731 } 908 }
732 ERR_add_error_data(1,rmsg.buf); 909 ERR_add_error_data(1,rmsg.buf);
733 goto err; 910 goto err;
@@ -737,38 +914,39 @@ static int hwcrhk_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
737err: 914err:
738 return to_return; 915 return to_return;
739 } 916 }
740 917
741static int hwcrhk_rsa_mod_exp(BIGNUM *r, BIGNUM *I, RSA *rsa) 918#ifndef OPENSSL_NO_RSA
919static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa)
742 { 920 {
743 char tempbuf[1024]; 921 char tempbuf[1024];
744 HWCryptoHook_ErrMsgBuf rmsg; 922 HWCryptoHook_ErrMsgBuf rmsg;
745 HWCryptoHook_RSAKeyHandle *hptr; 923 HWCryptoHook_RSAKeyHandle *hptr;
746 int to_return = 0, ret; 924 int to_return = 0, ret;
747 925
926 rmsg.buf = tempbuf;
927 rmsg.size = sizeof(tempbuf);
928
748 if(!hwcrhk_context) 929 if(!hwcrhk_context)
749 { 930 {
750 ENGINEerr(ENGINE_F_HWCRHK_MOD_EXP,ENGINE_R_NOT_INITIALISED); 931 HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_NOT_INITIALISED);
751 goto err; 932 goto err;
752 } 933 }
753 934
754 /* This provides support for nForce keys. Since that's opaque data 935 /* This provides support for nForce keys. Since that's opaque data
755 all we do is provide a handle to the proper key and let HWCryptoHook 936 all we do is provide a handle to the proper key and let HWCryptoHook
756 take care of the rest. */ 937 take care of the rest. */
757 if ((hptr = (HWCryptoHook_RSAKeyHandle *) RSA_get_ex_data(rsa, hndidx)) 938 if ((hptr = (HWCryptoHook_RSAKeyHandle *) RSA_get_ex_data(rsa, hndidx_rsa))
758 != NULL) 939 != NULL)
759 { 940 {
760 HWCryptoHook_MPI m_a, m_r; 941 HWCryptoHook_MPI m_a, m_r;
761 942
762 if(!rsa->n) 943 if(!rsa->n)
763 { 944 {
764 ENGINEerr(ENGINE_F_HWCRHK_RSA_MOD_EXP, 945 HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
765 ENGINE_R_MISSING_KEY_COMPONENTS); 946 HWCRHK_R_MISSING_KEY_COMPONENTS);
766 goto err; 947 goto err;
767 } 948 }
768 949
769 rmsg.buf = tempbuf;
770 rmsg.size = 1024;
771
772 /* Prepare the params */ 950 /* Prepare the params */
773 bn_expand2(r, rsa->n->top); /* Check for error !! */ 951 bn_expand2(r, rsa->n->top); /* Check for error !! */
774 BN2MPI(m_a, I); 952 BN2MPI(m_a, I);
@@ -788,11 +966,13 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, BIGNUM *I, RSA *rsa)
788 might be a good thing. */ 966 might be a good thing. */
789 if(ret == HWCRYPTOHOOK_ERROR_FALLBACK) 967 if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
790 { 968 {
791 ENGINEerr(ENGINE_F_HWCRHK_RSA_MOD_EXP,ENGINE_R_REQUEST_FALLBACK); 969 HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
970 HWCRHK_R_REQUEST_FALLBACK);
792 } 971 }
793 else 972 else
794 { 973 {
795 ENGINEerr(ENGINE_F_HWCRHK_RSA_MOD_EXP,ENGINE_R_REQUEST_FAILED); 974 HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
975 HWCRHK_R_REQUEST_FAILED);
796 } 976 }
797 ERR_add_error_data(1,rmsg.buf); 977 ERR_add_error_data(1,rmsg.buf);
798 goto err; 978 goto err;
@@ -804,14 +984,11 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, BIGNUM *I, RSA *rsa)
804 984
805 if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) 985 if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
806 { 986 {
807 ENGINEerr(ENGINE_F_HWCRHK_RSA_MOD_EXP, 987 HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
808 ENGINE_R_MISSING_KEY_COMPONENTS); 988 HWCRHK_R_MISSING_KEY_COMPONENTS);
809 goto err; 989 goto err;
810 } 990 }
811 991
812 rmsg.buf = tempbuf;
813 rmsg.size = 1024;
814
815 /* Prepare the params */ 992 /* Prepare the params */
816 bn_expand2(r, rsa->n->top); /* Check for error !! */ 993 bn_expand2(r, rsa->n->top); /* Check for error !! */
817 BN2MPI(m_a, I); 994 BN2MPI(m_a, I);
@@ -837,11 +1014,13 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, BIGNUM *I, RSA *rsa)
837 might be a good thing. */ 1014 might be a good thing. */
838 if(ret == HWCRYPTOHOOK_ERROR_FALLBACK) 1015 if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
839 { 1016 {
840 ENGINEerr(ENGINE_F_HWCRHK_RSA_MOD_EXP,ENGINE_R_REQUEST_FALLBACK); 1017 HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
1018 HWCRHK_R_REQUEST_FALLBACK);
841 } 1019 }
842 else 1020 else
843 { 1021 {
844 ENGINEerr(ENGINE_F_HWCRHK_RSA_MOD_EXP,ENGINE_R_REQUEST_FAILED); 1022 HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
1023 HWCRHK_R_REQUEST_FAILED);
845 } 1024 }
846 ERR_add_error_data(1,rmsg.buf); 1025 ERR_add_error_data(1,rmsg.buf);
847 goto err; 1026 goto err;
@@ -852,16 +1031,18 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, BIGNUM *I, RSA *rsa)
852err: 1031err:
853 return to_return; 1032 return to_return;
854 } 1033 }
1034#endif
855 1035
856/* This function is aliased to mod_exp (with the mont stuff dropped). */ 1036/* This function is aliased to mod_exp (with the mont stuff dropped). */
857static int hwcrhk_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p, 1037static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
858 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) 1038 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
859 { 1039 {
860 return hwcrhk_mod_exp(r, a, p, m, ctx); 1040 return hwcrhk_mod_exp(r, a, p, m, ctx);
861 } 1041 }
862 1042
863/* This function is aliased to mod_exp (with the dh and mont dropped). */ 1043/* This function is aliased to mod_exp (with the dh and mont dropped). */
864static int hwcrhk_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p, 1044static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r,
1045 const BIGNUM *a, const BIGNUM *p,
865 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) 1046 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
866 { 1047 {
867 return hwcrhk_mod_exp(r, a, p, m, ctx); 1048 return hwcrhk_mod_exp(r, a, p, m, ctx);
@@ -876,11 +1057,11 @@ static int hwcrhk_rand_bytes(unsigned char *buf, int num)
876 int ret; 1057 int ret;
877 1058
878 rmsg.buf = tempbuf; 1059 rmsg.buf = tempbuf;
879 rmsg.size = 1024; 1060 rmsg.size = sizeof(tempbuf);
880 1061
881 if(!hwcrhk_context) 1062 if(!hwcrhk_context)
882 { 1063 {
883 ENGINEerr(ENGINE_F_HWCRHK_RAND_BYTES,ENGINE_R_NOT_INITIALISED); 1064 HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES,HWCRHK_R_NOT_INITIALISED);
884 goto err; 1065 goto err;
885 } 1066 }
886 1067
@@ -892,11 +1073,13 @@ static int hwcrhk_rand_bytes(unsigned char *buf, int num)
892 might be a good thing. */ 1073 might be a good thing. */
893 if(ret == HWCRYPTOHOOK_ERROR_FALLBACK) 1074 if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
894 { 1075 {
895 ENGINEerr(ENGINE_F_HWCRHK_RAND_BYTES,ENGINE_R_REQUEST_FALLBACK); 1076 HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES,
1077 HWCRHK_R_REQUEST_FALLBACK);
896 } 1078 }
897 else 1079 else
898 { 1080 {
899 ENGINEerr(ENGINE_F_HWCRHK_RAND_BYTES,ENGINE_R_REQUEST_FAILED); 1081 HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES,
1082 HWCRHK_R_REQUEST_FAILED);
900 } 1083 }
901 ERR_add_error_data(1,rmsg.buf); 1084 ERR_add_error_data(1,rmsg.buf);
902 goto err; 1085 goto err;
@@ -914,20 +1097,28 @@ static int hwcrhk_rand_status(void)
914/* This cleans up an RSA KM key, called when ex_data is freed */ 1097/* This cleans up an RSA KM key, called when ex_data is freed */
915 1098
916static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, 1099static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
917 int index,long argl, void *argp) 1100 int ind,long argl, void *argp)
918{ 1101{
919 char tempbuf[1024]; 1102 char tempbuf[1024];
920 HWCryptoHook_ErrMsgBuf rmsg; 1103 HWCryptoHook_ErrMsgBuf rmsg;
1104#ifndef OPENSSL_NO_RSA
921 HWCryptoHook_RSAKeyHandle *hptr; 1105 HWCryptoHook_RSAKeyHandle *hptr;
1106#endif
1107#if !defined(OPENSSL_NO_RSA)
922 int ret; 1108 int ret;
1109#endif
923 1110
924 rmsg.buf = tempbuf; 1111 rmsg.buf = tempbuf;
925 rmsg.size = 1024; 1112 rmsg.size = sizeof(tempbuf);
926 1113
1114#ifndef OPENSSL_NO_RSA
927 hptr = (HWCryptoHook_RSAKeyHandle *) item; 1115 hptr = (HWCryptoHook_RSAKeyHandle *) item;
928 if(!hptr) return; 1116 if(hptr)
929 ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL); 1117 {
930 OPENSSL_free(hptr); 1118 ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL);
1119 OPENSSL_free(hptr);
1120 }
1121#endif
931} 1122}
932 1123
933/* Mutex calls: since the HWCryptoHook model closely follows the POSIX model 1124/* Mutex calls: since the HWCryptoHook model closely follows the POSIX model
@@ -939,17 +1130,17 @@ static int hwcrhk_mutex_init(HWCryptoHook_Mutex* mt,
939 { 1130 {
940 mt->lockid = CRYPTO_get_new_dynlockid(); 1131 mt->lockid = CRYPTO_get_new_dynlockid();
941 if (mt->lockid == 0) 1132 if (mt->lockid == 0)
942 return 0; 1133 return 1; /* failure */
943 return 1; 1134 return 0; /* success */
944 } 1135 }
945 1136
946static int hwcrhk_mutex_lock(HWCryptoHook_Mutex *mt) 1137static int hwcrhk_mutex_lock(HWCryptoHook_Mutex *mt)
947 { 1138 {
948 CRYPTO_w_lock(mt->lockid); 1139 CRYPTO_w_lock(mt->lockid);
949 return 1; 1140 return 0;
950 } 1141 }
951 1142
952void hwcrhk_mutex_unlock(HWCryptoHook_Mutex * mt) 1143static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex * mt)
953 { 1144 {
954 CRYPTO_w_unlock(mt->lockid); 1145 CRYPTO_w_unlock(mt->lockid);
955 } 1146 }
@@ -964,50 +1155,146 @@ static int hwcrhk_get_pass(const char *prompt_info,
964 HWCryptoHook_PassphraseContext *ppctx, 1155 HWCryptoHook_PassphraseContext *ppctx,
965 HWCryptoHook_CallerContext *cactx) 1156 HWCryptoHook_CallerContext *cactx)
966 { 1157 {
967 int l = 0; 1158 pem_password_cb *callback = NULL;
968 char prompt[1024]; 1159 void *callback_data = NULL;
969 1160 UI_METHOD *ui_method = NULL;
970 if (password_callback == NULL) 1161
971 { 1162 if (cactx)
972 ENGINEerr(ENGINE_F_HWCRHK_GET_PASS,ENGINE_R_NO_CALLBACK); 1163 {
973 return -1; 1164 if (cactx->ui_method)
974 } 1165 ui_method = cactx->ui_method;
975 if (prompt_info) 1166 if (cactx->password_callback)
1167 callback = cactx->password_callback;
1168 if (cactx->callback_data)
1169 callback_data = cactx->callback_data;
1170 }
1171 if (ppctx)
976 { 1172 {
977 strncpy(prompt, "Card: \"", sizeof(prompt)); 1173 if (ppctx->ui_method)
978 l += 5; 1174 {
979 strncpy(prompt + l, prompt_info, sizeof(prompt) - l); 1175 ui_method = ppctx->ui_method;
980 l += strlen(prompt_info); 1176 callback = NULL;
981 if (l + 2 < sizeof(prompt)) 1177 }
982 { 1178 if (ppctx->callback_data)
983 strncpy(prompt + l, "\"\n", sizeof(prompt) - l); 1179 callback_data = ppctx->callback_data;
984 l += 2;
985 }
986 } 1180 }
987 if (l < sizeof(prompt) - 1) 1181 if (callback == NULL && ui_method == NULL)
988 { 1182 {
989 strncpy(prompt, "Enter Passphrase <enter to cancel>:", 1183 HWCRHKerr(HWCRHK_F_HWCRHK_GET_PASS,HWCRHK_R_NO_CALLBACK);
990 sizeof(prompt) - l); 1184 return -1;
991 l += 35;
992 } 1185 }
993 prompt[l] = '\0';
994 1186
995 /* I know, passing on the prompt instead of the user data *is* 1187 if (ui_method)
996 a bad thing. However, that's all we have right now. 1188 {
997 -- Richard Levitte */ 1189 UI *ui = UI_new_method(ui_method);
998 *len_io = password_callback(buf, *len_io, 0, prompt); 1190 if (ui)
1191 {
1192 int ok;
1193 char *prompt = UI_construct_prompt(ui,
1194 "pass phrase", prompt_info);
1195
1196 ok = UI_add_input_string(ui,prompt,
1197 UI_INPUT_FLAG_DEFAULT_PWD,
1198 buf,0,(*len_io) - 1);
1199 UI_add_user_data(ui, callback_data);
1200 UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
1201
1202 if (ok >= 0)
1203 do
1204 {
1205 ok=UI_process(ui);
1206 }
1207 while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
1208
1209 if (ok >= 0)
1210 *len_io = strlen(buf);
1211
1212 UI_free(ui);
1213 OPENSSL_free(prompt);
1214 }
1215 }
1216 else
1217 {
1218 *len_io = callback(buf, *len_io, 0, callback_data);
1219 }
999 if(!*len_io) 1220 if(!*len_io)
1000 return -1; 1221 return -1;
1001 return 0; 1222 return 0;
1002 } 1223 }
1003 1224
1004static void hwcrhk_log_message(void *logstream, const char *message) 1225static int hwcrhk_insert_card(const char *prompt_info,
1226 const char *wrong_info,
1227 HWCryptoHook_PassphraseContext *ppctx,
1228 HWCryptoHook_CallerContext *cactx)
1229 {
1230 int ok = -1;
1231 UI *ui;
1232 void *callback_data = NULL;
1233 UI_METHOD *ui_method = NULL;
1234
1235 if (cactx)
1236 {
1237 if (cactx->ui_method)
1238 ui_method = cactx->ui_method;
1239 if (cactx->callback_data)
1240 callback_data = cactx->callback_data;
1241 }
1242 if (ppctx)
1243 {
1244 if (ppctx->ui_method)
1245 ui_method = ppctx->ui_method;
1246 if (ppctx->callback_data)
1247 callback_data = ppctx->callback_data;
1248 }
1249 if (ui_method == NULL)
1250 {
1251 HWCRHKerr(HWCRHK_F_HWCRHK_INSERT_CARD,
1252 HWCRHK_R_NO_CALLBACK);
1253 return -1;
1254 }
1255
1256 ui = UI_new_method(ui_method);
1257
1258 if (ui)
1259 {
1260 char answer;
1261 char buf[BUFSIZ];
1262
1263 if (wrong_info)
1264 BIO_snprintf(buf, sizeof(buf)-1,
1265 "Current card: \"%s\"\n", wrong_info);
1266 ok = UI_dup_info_string(ui, buf);
1267 if (ok >= 0 && prompt_info)
1268 {
1269 BIO_snprintf(buf, sizeof(buf)-1,
1270 "Insert card \"%s\"", prompt_info);
1271 ok = UI_dup_input_boolean(ui, buf,
1272 "\n then hit <enter> or C<enter> to cancel\n",
1273 "\r\n", "Cc", UI_INPUT_FLAG_ECHO, &answer);
1274 }
1275 UI_add_user_data(ui, callback_data);
1276
1277 if (ok >= 0)
1278 ok = UI_process(ui);
1279 UI_free(ui);
1280
1281 if (ok == -2 || (ok >= 0 && answer == 'C'))
1282 ok = 1;
1283 else if (ok < 0)
1284 ok = -1;
1285 else
1286 ok = 0;
1287 }
1288 return ok;
1289 }
1290
1291static void hwcrhk_log_message(void *logstr, const char *message)
1005 { 1292 {
1006 BIO *lstream = NULL; 1293 BIO *lstream = NULL;
1007 1294
1008 CRYPTO_w_lock(CRYPTO_LOCK_BIO); 1295 CRYPTO_w_lock(CRYPTO_LOCK_BIO);
1009 if (logstream) 1296 if (logstr)
1010 lstream=*(BIO **)logstream; 1297 lstream=*(BIO **)logstr;
1011 if (lstream) 1298 if (lstream)
1012 { 1299 {
1013 BIO_write(lstream, message, strlen(message)); 1300 BIO_write(lstream, message, strlen(message));
@@ -1015,5 +1302,20 @@ static void hwcrhk_log_message(void *logstream, const char *message)
1015 CRYPTO_w_unlock(CRYPTO_LOCK_BIO); 1302 CRYPTO_w_unlock(CRYPTO_LOCK_BIO);
1016 } 1303 }
1017 1304
1018#endif /* !NO_HW_NCIPHER */ 1305/* This stuff is needed if this ENGINE is being compiled into a self-contained
1019#endif /* !NO_HW */ 1306 * shared-library. */
1307#ifdef ENGINE_DYNAMIC_SUPPORT
1308static int bind_fn(ENGINE *e, const char *id)
1309 {
1310 if(id && (strcmp(id, engine_hwcrhk_id) != 0))
1311 return 0;
1312 if(!bind_helper(e))
1313 return 0;
1314 return 1;
1315 }
1316IMPLEMENT_DYNAMIC_CHECK_FN()
1317IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
1318#endif /* ENGINE_DYNAMIC_SUPPORT */
1319
1320#endif /* !OPENSSL_NO_HW_NCIPHER */
1321#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libcrypto/engine/vendor_defns/atalla.h b/src/lib/libcrypto/engine/vendor_defns/atalla.h
index 8111649c54..149970d441 100644
--- a/src/lib/libcrypto/engine/vendor_defns/atalla.h
+++ b/src/lib/libcrypto/engine/vendor_defns/atalla.h
@@ -46,16 +46,3 @@ typedef int tfnASI_RSAPrivateKeyOpFn(RSAPrivateKey * rsaKey,
46 unsigned char *input, 46 unsigned char *input,
47 unsigned int modulus_len); 47 unsigned int modulus_len);
48 48
49/* These are the static string constants for the DSO file name and the function
50 * symbol names to bind to. Regrettably, the DSO name on *nix appears to be
51 * "atasi.so" rather than something more consistent like "libatasi.so". At the
52 * time of writing, I'm not sure what the file name on win32 is but clearly
53 * native name translation is not possible (eg libatasi.so on *nix, and
54 * atasi.dll on win32). For the purposes of testing, I have created a symbollic
55 * link called "libatasi.so" so that we can use native name-translation - a
56 * better solution will be needed. */
57static const char *ATALLA_LIBNAME = "atasi";
58static const char *ATALLA_F1 = "ASI_GetHardwareConfig";
59static const char *ATALLA_F2 = "ASI_RSAPrivateKeyOpFn";
60static const char *ATALLA_F3 = "ASI_GetPerformanceStatistics";
61
diff --git a/src/lib/libcrypto/engine/vendor_defns/cswift.h b/src/lib/libcrypto/engine/vendor_defns/cswift.h
index 0af14a1a92..60079326bb 100644
--- a/src/lib/libcrypto/engine/vendor_defns/cswift.h
+++ b/src/lib/libcrypto/engine/vendor_defns/cswift.h
@@ -32,12 +32,12 @@ typedef __uint32_t SW_U32;
32typedef unsigned long SW_U32; /* 32 bit integer */ 32typedef unsigned long SW_U32; /* 32 bit integer */
33#endif 33#endif
34 34
35#if defined(WIN32) 35#if defined(OPENSSL_SYS_WIN32)
36 typedef struct _SW_U64 { 36 typedef struct _SW_U64 {
37 SW_U32 low32; 37 SW_U32 low32;
38 SW_U32 high32; 38 SW_U32 high32;
39 } SW_U64; /* 64 bit integer */ 39 } SW_U64; /* 64 bit integer */
40#elif defined(MAC) 40#elif defined(OPENSSL_SYS_MACINTOSH_CLASSIC)
41 typedef longlong SW_U64 41 typedef longlong SW_U64
42#else /* Unix variants */ 42#else /* Unix variants */
43 typedef struct _SW_U64 { 43 typedef struct _SW_U64 {
@@ -156,6 +156,27 @@ typedef struct _SW_LARGENUMBER {
156 /* bytes in network (big endian) order */ 156 /* bytes in network (big endian) order */
157} SW_LARGENUMBER; 157} SW_LARGENUMBER;
158 158
159#if defined(OPENSSL_SYS_WIN32)
160 #include <windows.h>
161 typedef HANDLE SW_OSHANDLE; /* handle to kernel object */
162 #define SW_OS_INVALID_HANDLE INVALID_HANDLE_VALUE
163 #define SW_CALLCONV _stdcall
164#elif defined(OPENSSL_SYS_MACINTOSH_CLASSIC)
165 /* async callback mechanisms */
166 /* swiftCallbackLevel */
167 #define SW_MAC_CALLBACK_LEVEL_NO 0
168 #define SW_MAC_CALLBACK_LEVEL_HARDWARE 1 /* from the hardware ISR */
169 #define SW_MAC_CALLBACK_LEVEL_SECONDARY 2 /* as secondary ISR */
170 typedef int SW_MAC_CALLBACK_LEVEL;
171 typedef int SW_OSHANDLE;
172 #define SW_OS_INVALID_HANDLE (-1)
173 #define SW_CALLCONV
174#else /* Unix variants */
175 typedef int SW_OSHANDLE; /* handle to driver */
176 #define SW_OS_INVALID_HANDLE (-1)
177 #define SW_CALLCONV
178#endif
179
159typedef struct _SW_CRT { 180typedef struct _SW_CRT {
160 SW_LARGENUMBER p; /* prime number p */ 181 SW_LARGENUMBER p; /* prime number p */
161 SW_LARGENUMBER q; /* prime number q */ 182 SW_LARGENUMBER q; /* prime number q */
@@ -196,16 +217,16 @@ typedef SW_U32 SW_CONTEXT_HANDLE; /* opaque context handle */
196 217
197/* Now the OpenSSL bits, these function types are the for the function 218/* Now the OpenSSL bits, these function types are the for the function
198 * pointers that will bound into the Rainbow shared libraries. */ 219 * pointers that will bound into the Rainbow shared libraries. */
199typedef SW_STATUS t_swAcquireAccContext(SW_CONTEXT_HANDLE *hac); 220typedef SW_STATUS SW_CALLCONV t_swAcquireAccContext(SW_CONTEXT_HANDLE *hac);
200typedef SW_STATUS t_swAttachKeyParam(SW_CONTEXT_HANDLE hac, 221typedef SW_STATUS SW_CALLCONV t_swAttachKeyParam(SW_CONTEXT_HANDLE hac,
201 SW_PARAM *key_params); 222 SW_PARAM *key_params);
202typedef SW_STATUS t_swSimpleRequest(SW_CONTEXT_HANDLE hac, 223typedef SW_STATUS SW_CALLCONV t_swSimpleRequest(SW_CONTEXT_HANDLE hac,
203 SW_COMMAND_CODE cmd, 224 SW_COMMAND_CODE cmd,
204 SW_LARGENUMBER pin[], 225 SW_LARGENUMBER pin[],
205 SW_U32 pin_count, 226 SW_U32 pin_count,
206 SW_LARGENUMBER pout[], 227 SW_LARGENUMBER pout[],
207 SW_U32 pout_count); 228 SW_U32 pout_count);
208typedef SW_STATUS t_swReleaseAccContext(SW_CONTEXT_HANDLE hac); 229typedef SW_STATUS SW_CALLCONV t_swReleaseAccContext(SW_CONTEXT_HANDLE hac);
209 230
210#ifdef __cplusplus 231#ifdef __cplusplus
211} 232}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-16 07:12:33 +0000